Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Wed, 02 May 2018 16:14:33
Message-Id: 1525277660.316f136dd790037a552e77ba0ef96b8aa00e9493.mpagano@gentoo
1 commit: 316f136dd790037a552e77ba0ef96b8aa00e9493
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 2 16:14:20 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed May 2 16:14:20 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=316f136d
7
8 Linux patch 4.14.39
9
10 0000_README | 4 +
11 1038_linux-4.14.39.patch | 3551 ++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 3555 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 03b1461..648c705 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -195,6 +195,10 @@ Patch: 1037_linux-4.14.38.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.14.38
21
22 +Patch: 1038_linux-4.14.39.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.14.39
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1038_linux-4.14.39.patch b/1038_linux-4.14.39.patch
31 new file mode 100644
32 index 0000000..f7760eb
33 --- /dev/null
34 +++ b/1038_linux-4.14.39.patch
35 @@ -0,0 +1,3551 @@
36 +diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
37 +index 0f9089416b4c..88ad78c6f605 100644
38 +--- a/Documentation/virtual/kvm/api.txt
39 ++++ b/Documentation/virtual/kvm/api.txt
40 +@@ -1940,6 +1940,9 @@ ARM 32-bit VFP control registers have the following id bit patterns:
41 + ARM 64-bit FP registers have the following id bit patterns:
42 + 0x4030 0000 0012 0 <regno:12>
43 +
44 ++ARM firmware pseudo-registers have the following bit pattern:
45 ++ 0x4030 0000 0014 <regno:16>
46 ++
47 +
48 + arm64 registers are mapped using the lower 32 bits. The upper 16 of
49 + that is the register group type, or coprocessor number:
50 +@@ -1956,6 +1959,9 @@ arm64 CCSIDR registers are demultiplexed by CSSELR value:
51 + arm64 system registers have the following id bit patterns:
52 + 0x6030 0000 0013 <op0:2> <op1:3> <crn:4> <crm:4> <op2:3>
53 +
54 ++arm64 firmware pseudo-registers have the following bit pattern:
55 ++ 0x6030 0000 0014 <regno:16>
56 ++
57 +
58 + MIPS registers are mapped using the lower 32 bits. The upper 16 of that is
59 + the register group type:
60 +@@ -2490,7 +2496,8 @@ Possible features:
61 + and execute guest code when KVM_RUN is called.
62 + - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode.
63 + Depends on KVM_CAP_ARM_EL1_32BIT (arm64 only).
64 +- - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 for the CPU.
65 ++ - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 (or a future revision
66 ++ backward compatible with v0.2) for the CPU.
67 + Depends on KVM_CAP_ARM_PSCI_0_2.
68 + - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU.
69 + Depends on KVM_CAP_ARM_PMU_V3.
70 +diff --git a/Documentation/virtual/kvm/arm/psci.txt b/Documentation/virtual/kvm/arm/psci.txt
71 +new file mode 100644
72 +index 000000000000..aafdab887b04
73 +--- /dev/null
74 ++++ b/Documentation/virtual/kvm/arm/psci.txt
75 +@@ -0,0 +1,30 @@
76 ++KVM implements the PSCI (Power State Coordination Interface)
77 ++specification in order to provide services such as CPU on/off, reset
78 ++and power-off to the guest.
79 ++
80 ++The PSCI specification is regularly updated to provide new features,
81 ++and KVM implements these updates if they make sense from a virtualization
82 ++point of view.
83 ++
84 ++This means that a guest booted on two different versions of KVM can
85 ++observe two different "firmware" revisions. This could cause issues if
86 ++a given guest is tied to a particular PSCI revision (unlikely), or if
87 ++a migration causes a different PSCI version to be exposed out of the
88 ++blue to an unsuspecting guest.
89 ++
90 ++In order to remedy this situation, KVM exposes a set of "firmware
91 ++pseudo-registers" that can be manipulated using the GET/SET_ONE_REG
92 ++interface. These registers can be saved/restored by userspace, and set
93 ++to a convenient value if required.
94 ++
95 ++The following register is defined:
96 ++
97 ++* KVM_REG_ARM_PSCI_VERSION:
98 ++
99 ++ - Only valid if the vcpu has the KVM_ARM_VCPU_PSCI_0_2 feature set
100 ++ (and thus has already been initialized)
101 ++ - Returns the current PSCI version on GET_ONE_REG (defaulting to the
102 ++ highest PSCI version implemented by KVM and compatible with v0.2)
103 ++ - Allows any PSCI version implemented by KVM and compatible with
104 ++ v0.2 to be set with SET_ONE_REG
105 ++ - Affects the whole VM (even if the register view is per-vcpu)
106 +diff --git a/Makefile b/Makefile
107 +index 27a8d5c37180..248b99283f71 100644
108 +--- a/Makefile
109 ++++ b/Makefile
110 +@@ -1,7 +1,7 @@
111 + # SPDX-License-Identifier: GPL-2.0
112 + VERSION = 4
113 + PATCHLEVEL = 14
114 +-SUBLEVEL = 38
115 ++SUBLEVEL = 39
116 + EXTRAVERSION =
117 + NAME = Petit Gorille
118 +
119 +diff --git a/arch/arm/configs/socfpga_defconfig b/arch/arm/configs/socfpga_defconfig
120 +index 2620ce790db0..371fca4e1ab7 100644
121 +--- a/arch/arm/configs/socfpga_defconfig
122 ++++ b/arch/arm/configs/socfpga_defconfig
123 +@@ -57,6 +57,7 @@ CONFIG_MTD_M25P80=y
124 + CONFIG_MTD_NAND=y
125 + CONFIG_MTD_NAND_DENALI_DT=y
126 + CONFIG_MTD_SPI_NOR=y
127 ++# CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set
128 + CONFIG_SPI_CADENCE_QUADSPI=y
129 + CONFIG_OF_OVERLAY=y
130 + CONFIG_OF_CONFIGFS=y
131 +diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
132 +index 31fbb9285f62..8f973e3b7348 100644
133 +--- a/arch/arm/include/asm/kvm_host.h
134 ++++ b/arch/arm/include/asm/kvm_host.h
135 +@@ -75,6 +75,9 @@ struct kvm_arch {
136 + /* Interrupt controller */
137 + struct vgic_dist vgic;
138 + int max_vcpus;
139 ++
140 ++ /* Mandated version of PSCI */
141 ++ u32 psci_version;
142 + };
143 +
144 + #define KVM_NR_MEM_OBJS 40
145 +diff --git a/arch/arm/include/uapi/asm/kvm.h b/arch/arm/include/uapi/asm/kvm.h
146 +index 1f57bbe82b6f..df24fc8da1bc 100644
147 +--- a/arch/arm/include/uapi/asm/kvm.h
148 ++++ b/arch/arm/include/uapi/asm/kvm.h
149 +@@ -180,6 +180,12 @@ struct kvm_arch_memory_slot {
150 + #define KVM_REG_ARM_VFP_FPINST 0x1009
151 + #define KVM_REG_ARM_VFP_FPINST2 0x100A
152 +
153 ++/* KVM-as-firmware specific pseudo-registers */
154 ++#define KVM_REG_ARM_FW (0x0014 << KVM_REG_ARM_COPROC_SHIFT)
155 ++#define KVM_REG_ARM_FW_REG(r) (KVM_REG_ARM | KVM_REG_SIZE_U64 | \
156 ++ KVM_REG_ARM_FW | ((r) & 0xffff))
157 ++#define KVM_REG_ARM_PSCI_VERSION KVM_REG_ARM_FW_REG(0)
158 ++
159 + /* Device Control API: ARM VGIC */
160 + #define KVM_DEV_ARM_VGIC_GRP_ADDR 0
161 + #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1
162 +diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c
163 +index 1e0784ebbfd6..a18f33edc471 100644
164 +--- a/arch/arm/kvm/guest.c
165 ++++ b/arch/arm/kvm/guest.c
166 +@@ -22,6 +22,7 @@
167 + #include <linux/module.h>
168 + #include <linux/vmalloc.h>
169 + #include <linux/fs.h>
170 ++#include <kvm/arm_psci.h>
171 + #include <asm/cputype.h>
172 + #include <linux/uaccess.h>
173 + #include <asm/kvm.h>
174 +@@ -176,6 +177,7 @@ static unsigned long num_core_regs(void)
175 + unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu)
176 + {
177 + return num_core_regs() + kvm_arm_num_coproc_regs(vcpu)
178 ++ + kvm_arm_get_fw_num_regs(vcpu)
179 + + NUM_TIMER_REGS;
180 + }
181 +
182 +@@ -196,6 +198,11 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices)
183 + uindices++;
184 + }
185 +
186 ++ ret = kvm_arm_copy_fw_reg_indices(vcpu, uindices);
187 ++ if (ret)
188 ++ return ret;
189 ++ uindices += kvm_arm_get_fw_num_regs(vcpu);
190 ++
191 + ret = copy_timer_indices(vcpu, uindices);
192 + if (ret)
193 + return ret;
194 +@@ -214,6 +221,9 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
195 + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
196 + return get_core_reg(vcpu, reg);
197 +
198 ++ if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
199 ++ return kvm_arm_get_fw_reg(vcpu, reg);
200 ++
201 + if (is_timer_reg(reg->id))
202 + return get_timer_reg(vcpu, reg);
203 +
204 +@@ -230,6 +240,9 @@ int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
205 + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
206 + return set_core_reg(vcpu, reg);
207 +
208 ++ if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
209 ++ return kvm_arm_set_fw_reg(vcpu, reg);
210 ++
211 + if (is_timer_reg(reg->id))
212 + return set_timer_reg(vcpu, reg);
213 +
214 +diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
215 +index 8ad208cb866c..8abec9f7f430 100644
216 +--- a/arch/arm64/include/asm/kvm_host.h
217 ++++ b/arch/arm64/include/asm/kvm_host.h
218 +@@ -71,6 +71,9 @@ struct kvm_arch {
219 +
220 + /* Interrupt controller */
221 + struct vgic_dist vgic;
222 ++
223 ++ /* Mandated version of PSCI */
224 ++ u32 psci_version;
225 + };
226 +
227 + #define KVM_NR_MEM_OBJS 40
228 +diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h
229 +index 51149ec75fe4..9f74ce5899f0 100644
230 +--- a/arch/arm64/include/uapi/asm/kvm.h
231 ++++ b/arch/arm64/include/uapi/asm/kvm.h
232 +@@ -200,6 +200,12 @@ struct kvm_arch_memory_slot {
233 + #define KVM_REG_ARM_TIMER_CNT ARM64_SYS_REG(3, 3, 14, 3, 2)
234 + #define KVM_REG_ARM_TIMER_CVAL ARM64_SYS_REG(3, 3, 14, 0, 2)
235 +
236 ++/* KVM-as-firmware specific pseudo-registers */
237 ++#define KVM_REG_ARM_FW (0x0014 << KVM_REG_ARM_COPROC_SHIFT)
238 ++#define KVM_REG_ARM_FW_REG(r) (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \
239 ++ KVM_REG_ARM_FW | ((r) & 0xffff))
240 ++#define KVM_REG_ARM_PSCI_VERSION KVM_REG_ARM_FW_REG(0)
241 ++
242 + /* Device Control API: ARM VGIC */
243 + #define KVM_DEV_ARM_VGIC_GRP_ADDR 0
244 + #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1
245 +diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
246 +index 5c7f657dd207..811f04c5760e 100644
247 +--- a/arch/arm64/kvm/guest.c
248 ++++ b/arch/arm64/kvm/guest.c
249 +@@ -25,6 +25,7 @@
250 + #include <linux/module.h>
251 + #include <linux/vmalloc.h>
252 + #include <linux/fs.h>
253 ++#include <kvm/arm_psci.h>
254 + #include <asm/cputype.h>
255 + #include <linux/uaccess.h>
256 + #include <asm/kvm.h>
257 +@@ -205,7 +206,7 @@ static int get_timer_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
258 + unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu)
259 + {
260 + return num_core_regs() + kvm_arm_num_sys_reg_descs(vcpu)
261 +- + NUM_TIMER_REGS;
262 ++ + kvm_arm_get_fw_num_regs(vcpu) + NUM_TIMER_REGS;
263 + }
264 +
265 + /**
266 +@@ -225,6 +226,11 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices)
267 + uindices++;
268 + }
269 +
270 ++ ret = kvm_arm_copy_fw_reg_indices(vcpu, uindices);
271 ++ if (ret)
272 ++ return ret;
273 ++ uindices += kvm_arm_get_fw_num_regs(vcpu);
274 ++
275 + ret = copy_timer_indices(vcpu, uindices);
276 + if (ret)
277 + return ret;
278 +@@ -243,6 +249,9 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
279 + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
280 + return get_core_reg(vcpu, reg);
281 +
282 ++ if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
283 ++ return kvm_arm_get_fw_reg(vcpu, reg);
284 ++
285 + if (is_timer_reg(reg->id))
286 + return get_timer_reg(vcpu, reg);
287 +
288 +@@ -259,6 +268,9 @@ int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
289 + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE)
290 + return set_core_reg(vcpu, reg);
291 +
292 ++ if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW)
293 ++ return kvm_arm_set_fw_reg(vcpu, reg);
294 ++
295 + if (is_timer_reg(reg->id))
296 + return set_timer_reg(vcpu, reg);
297 +
298 +diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c
299 +index 8b840191df59..ca2243df9cb2 100644
300 +--- a/arch/powerpc/kernel/eeh_driver.c
301 ++++ b/arch/powerpc/kernel/eeh_driver.c
302 +@@ -207,18 +207,18 @@ static void *eeh_report_error(void *data, void *userdata)
303 +
304 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
305 + return NULL;
306 ++
307 ++ device_lock(&dev->dev);
308 + dev->error_state = pci_channel_io_frozen;
309 +
310 + driver = eeh_pcid_get(dev);
311 +- if (!driver) return NULL;
312 ++ if (!driver) goto out_no_dev;
313 +
314 + eeh_disable_irq(dev);
315 +
316 + if (!driver->err_handler ||
317 +- !driver->err_handler->error_detected) {
318 +- eeh_pcid_put(dev);
319 +- return NULL;
320 +- }
321 ++ !driver->err_handler->error_detected)
322 ++ goto out;
323 +
324 + rc = driver->err_handler->error_detected(dev, pci_channel_io_frozen);
325 +
326 +@@ -227,7 +227,10 @@ static void *eeh_report_error(void *data, void *userdata)
327 + if (*res == PCI_ERS_RESULT_NONE) *res = rc;
328 +
329 + edev->in_error = true;
330 ++out:
331 + eeh_pcid_put(dev);
332 ++out_no_dev:
333 ++ device_unlock(&dev->dev);
334 + return NULL;
335 + }
336 +
337 +@@ -250,15 +253,14 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata)
338 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
339 + return NULL;
340 +
341 ++ device_lock(&dev->dev);
342 + driver = eeh_pcid_get(dev);
343 +- if (!driver) return NULL;
344 ++ if (!driver) goto out_no_dev;
345 +
346 + if (!driver->err_handler ||
347 + !driver->err_handler->mmio_enabled ||
348 +- (edev->mode & EEH_DEV_NO_HANDLER)) {
349 +- eeh_pcid_put(dev);
350 +- return NULL;
351 +- }
352 ++ (edev->mode & EEH_DEV_NO_HANDLER))
353 ++ goto out;
354 +
355 + rc = driver->err_handler->mmio_enabled(dev);
356 +
357 +@@ -266,7 +268,10 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata)
358 + if (rc == PCI_ERS_RESULT_NEED_RESET) *res = rc;
359 + if (*res == PCI_ERS_RESULT_NONE) *res = rc;
360 +
361 ++out:
362 + eeh_pcid_put(dev);
363 ++out_no_dev:
364 ++ device_unlock(&dev->dev);
365 + return NULL;
366 + }
367 +
368 +@@ -289,20 +294,20 @@ static void *eeh_report_reset(void *data, void *userdata)
369 +
370 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
371 + return NULL;
372 ++
373 ++ device_lock(&dev->dev);
374 + dev->error_state = pci_channel_io_normal;
375 +
376 + driver = eeh_pcid_get(dev);
377 +- if (!driver) return NULL;
378 ++ if (!driver) goto out_no_dev;
379 +
380 + eeh_enable_irq(dev);
381 +
382 + if (!driver->err_handler ||
383 + !driver->err_handler->slot_reset ||
384 + (edev->mode & EEH_DEV_NO_HANDLER) ||
385 +- (!edev->in_error)) {
386 +- eeh_pcid_put(dev);
387 +- return NULL;
388 +- }
389 ++ (!edev->in_error))
390 ++ goto out;
391 +
392 + rc = driver->err_handler->slot_reset(dev);
393 + if ((*res == PCI_ERS_RESULT_NONE) ||
394 +@@ -310,7 +315,10 @@ static void *eeh_report_reset(void *data, void *userdata)
395 + if (*res == PCI_ERS_RESULT_DISCONNECT &&
396 + rc == PCI_ERS_RESULT_NEED_RESET) *res = rc;
397 +
398 ++out:
399 + eeh_pcid_put(dev);
400 ++out_no_dev:
401 ++ device_unlock(&dev->dev);
402 + return NULL;
403 + }
404 +
405 +@@ -361,10 +369,12 @@ static void *eeh_report_resume(void *data, void *userdata)
406 +
407 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
408 + return NULL;
409 ++
410 ++ device_lock(&dev->dev);
411 + dev->error_state = pci_channel_io_normal;
412 +
413 + driver = eeh_pcid_get(dev);
414 +- if (!driver) return NULL;
415 ++ if (!driver) goto out_no_dev;
416 +
417 + was_in_error = edev->in_error;
418 + edev->in_error = false;
419 +@@ -374,13 +384,15 @@ static void *eeh_report_resume(void *data, void *userdata)
420 + !driver->err_handler->resume ||
421 + (edev->mode & EEH_DEV_NO_HANDLER) || !was_in_error) {
422 + edev->mode &= ~EEH_DEV_NO_HANDLER;
423 +- eeh_pcid_put(dev);
424 +- return NULL;
425 ++ goto out;
426 + }
427 +
428 + driver->err_handler->resume(dev);
429 +
430 ++out:
431 + eeh_pcid_put(dev);
432 ++out_no_dev:
433 ++ device_unlock(&dev->dev);
434 + return NULL;
435 + }
436 +
437 +@@ -400,22 +412,25 @@ static void *eeh_report_failure(void *data, void *userdata)
438 +
439 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
440 + return NULL;
441 ++
442 ++ device_lock(&dev->dev);
443 + dev->error_state = pci_channel_io_perm_failure;
444 +
445 + driver = eeh_pcid_get(dev);
446 +- if (!driver) return NULL;
447 ++ if (!driver) goto out_no_dev;
448 +
449 + eeh_disable_irq(dev);
450 +
451 + if (!driver->err_handler ||
452 +- !driver->err_handler->error_detected) {
453 +- eeh_pcid_put(dev);
454 +- return NULL;
455 +- }
456 ++ !driver->err_handler->error_detected)
457 ++ goto out;
458 +
459 + driver->err_handler->error_detected(dev, pci_channel_io_perm_failure);
460 +
461 ++out:
462 + eeh_pcid_put(dev);
463 ++out_no_dev:
464 ++ device_unlock(&dev->dev);
465 + return NULL;
466 + }
467 +
468 +diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
469 +index 4362b86ef84c..9c2f83331e5b 100644
470 +--- a/arch/powerpc/mm/mem.c
471 ++++ b/arch/powerpc/mm/mem.c
472 +@@ -143,6 +143,7 @@ int arch_add_memory(int nid, u64 start, u64 size, bool want_memblock)
473 + start, start + size, rc);
474 + return -EFAULT;
475 + }
476 ++ flush_inval_dcache_range(start, start + size);
477 +
478 + return __add_pages(nid, start_pfn, nr_pages, want_memblock);
479 + }
480 +@@ -171,6 +172,7 @@ int arch_remove_memory(u64 start, u64 size)
481 +
482 + /* Remove htab bolted mappings for this section of memory */
483 + start = (unsigned long)__va(start);
484 ++ flush_inval_dcache_range(start, start + size);
485 + ret = remove_section_mapping(start, start + size);
486 +
487 + /* Ensure all vmalloc mappings are flushed in case they also
488 +diff --git a/arch/powerpc/platforms/powernv/npu-dma.c b/arch/powerpc/platforms/powernv/npu-dma.c
489 +index 2cb6cbea4b3b..4043109f4051 100644
490 +--- a/arch/powerpc/platforms/powernv/npu-dma.c
491 ++++ b/arch/powerpc/platforms/powernv/npu-dma.c
492 +@@ -33,6 +33,13 @@
493 +
494 + #define npu_to_phb(x) container_of(x, struct pnv_phb, npu)
495 +
496 ++/*
497 ++ * When an address shootdown range exceeds this threshold we invalidate the
498 ++ * entire TLB on the GPU for the given PID rather than each specific address in
499 ++ * the range.
500 ++ */
501 ++#define ATSD_THRESHOLD (2*1024*1024)
502 ++
503 + /*
504 + * Other types of TCE cache invalidation are not functional in the
505 + * hardware.
506 +@@ -621,11 +628,19 @@ static void pnv_npu2_mn_invalidate_range(struct mmu_notifier *mn,
507 + struct npu_context *npu_context = mn_to_npu_context(mn);
508 + unsigned long address;
509 +
510 +- for (address = start; address < end; address += PAGE_SIZE)
511 +- mmio_invalidate(npu_context, 1, address, false);
512 ++ if (end - start > ATSD_THRESHOLD) {
513 ++ /*
514 ++ * Just invalidate the entire PID if the address range is too
515 ++ * large.
516 ++ */
517 ++ mmio_invalidate(npu_context, 0, 0, true);
518 ++ } else {
519 ++ for (address = start; address < end; address += PAGE_SIZE)
520 ++ mmio_invalidate(npu_context, 1, address, false);
521 +
522 +- /* Do the flush only on the final addess == end */
523 +- mmio_invalidate(npu_context, 1, address, true);
524 ++ /* Do the flush only on the final addess == end */
525 ++ mmio_invalidate(npu_context, 1, address, true);
526 ++ }
527 + }
528 +
529 + static const struct mmu_notifier_ops nv_nmmu_notifier_ops = {
530 +diff --git a/arch/powerpc/platforms/powernv/opal-rtc.c b/arch/powerpc/platforms/powernv/opal-rtc.c
531 +index f8868864f373..aa2a5139462e 100644
532 +--- a/arch/powerpc/platforms/powernv/opal-rtc.c
533 ++++ b/arch/powerpc/platforms/powernv/opal-rtc.c
534 +@@ -48,10 +48,12 @@ unsigned long __init opal_get_boot_time(void)
535 +
536 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
537 + rc = opal_rtc_read(&__y_m_d, &__h_m_s_ms);
538 +- if (rc == OPAL_BUSY_EVENT)
539 ++ if (rc == OPAL_BUSY_EVENT) {
540 ++ mdelay(OPAL_BUSY_DELAY_MS);
541 + opal_poll_events(NULL);
542 +- else if (rc == OPAL_BUSY)
543 +- mdelay(10);
544 ++ } else if (rc == OPAL_BUSY) {
545 ++ mdelay(OPAL_BUSY_DELAY_MS);
546 ++ }
547 + }
548 + if (rc != OPAL_SUCCESS)
549 + return 0;
550 +diff --git a/arch/x86/include/uapi/asm/msgbuf.h b/arch/x86/include/uapi/asm/msgbuf.h
551 +index 809134c644a6..90ab9a795b49 100644
552 +--- a/arch/x86/include/uapi/asm/msgbuf.h
553 ++++ b/arch/x86/include/uapi/asm/msgbuf.h
554 +@@ -1 +1,32 @@
555 ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
556 ++#ifndef __ASM_X64_MSGBUF_H
557 ++#define __ASM_X64_MSGBUF_H
558 ++
559 ++#if !defined(__x86_64__) || !defined(__ILP32__)
560 + #include <asm-generic/msgbuf.h>
561 ++#else
562 ++/*
563 ++ * The msqid64_ds structure for x86 architecture with x32 ABI.
564 ++ *
565 ++ * On x86-32 and x86-64 we can just use the generic definition, but
566 ++ * x32 uses the same binary layout as x86_64, which is differnet
567 ++ * from other 32-bit architectures.
568 ++ */
569 ++
570 ++struct msqid64_ds {
571 ++ struct ipc64_perm msg_perm;
572 ++ __kernel_time_t msg_stime; /* last msgsnd time */
573 ++ __kernel_time_t msg_rtime; /* last msgrcv time */
574 ++ __kernel_time_t msg_ctime; /* last change time */
575 ++ __kernel_ulong_t msg_cbytes; /* current number of bytes on queue */
576 ++ __kernel_ulong_t msg_qnum; /* number of messages in queue */
577 ++ __kernel_ulong_t msg_qbytes; /* max number of bytes on queue */
578 ++ __kernel_pid_t msg_lspid; /* pid of last msgsnd */
579 ++ __kernel_pid_t msg_lrpid; /* last receive pid */
580 ++ __kernel_ulong_t __unused4;
581 ++ __kernel_ulong_t __unused5;
582 ++};
583 ++
584 ++#endif
585 ++
586 ++#endif /* __ASM_GENERIC_MSGBUF_H */
587 +diff --git a/arch/x86/include/uapi/asm/shmbuf.h b/arch/x86/include/uapi/asm/shmbuf.h
588 +index 83c05fc2de38..644421f3823b 100644
589 +--- a/arch/x86/include/uapi/asm/shmbuf.h
590 ++++ b/arch/x86/include/uapi/asm/shmbuf.h
591 +@@ -1 +1,43 @@
592 ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
593 ++#ifndef __ASM_X86_SHMBUF_H
594 ++#define __ASM_X86_SHMBUF_H
595 ++
596 ++#if !defined(__x86_64__) || !defined(__ILP32__)
597 + #include <asm-generic/shmbuf.h>
598 ++#else
599 ++/*
600 ++ * The shmid64_ds structure for x86 architecture with x32 ABI.
601 ++ *
602 ++ * On x86-32 and x86-64 we can just use the generic definition, but
603 ++ * x32 uses the same binary layout as x86_64, which is differnet
604 ++ * from other 32-bit architectures.
605 ++ */
606 ++
607 ++struct shmid64_ds {
608 ++ struct ipc64_perm shm_perm; /* operation perms */
609 ++ size_t shm_segsz; /* size of segment (bytes) */
610 ++ __kernel_time_t shm_atime; /* last attach time */
611 ++ __kernel_time_t shm_dtime; /* last detach time */
612 ++ __kernel_time_t shm_ctime; /* last change time */
613 ++ __kernel_pid_t shm_cpid; /* pid of creator */
614 ++ __kernel_pid_t shm_lpid; /* pid of last operator */
615 ++ __kernel_ulong_t shm_nattch; /* no. of current attaches */
616 ++ __kernel_ulong_t __unused4;
617 ++ __kernel_ulong_t __unused5;
618 ++};
619 ++
620 ++struct shminfo64 {
621 ++ __kernel_ulong_t shmmax;
622 ++ __kernel_ulong_t shmmin;
623 ++ __kernel_ulong_t shmmni;
624 ++ __kernel_ulong_t shmseg;
625 ++ __kernel_ulong_t shmall;
626 ++ __kernel_ulong_t __unused1;
627 ++ __kernel_ulong_t __unused2;
628 ++ __kernel_ulong_t __unused3;
629 ++ __kernel_ulong_t __unused4;
630 ++};
631 ++
632 ++#endif
633 ++
634 ++#endif /* __ASM_X86_SHMBUF_H */
635 +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
636 +index 021c90464cc2..c8e0cda0f272 100644
637 +--- a/arch/x86/kernel/cpu/microcode/core.c
638 ++++ b/arch/x86/kernel/cpu/microcode/core.c
639 +@@ -564,14 +564,12 @@ static int __reload_late(void *info)
640 + apply_microcode_local(&err);
641 + spin_unlock(&update_lock);
642 +
643 ++ /* siblings return UCODE_OK because their engine got updated already */
644 + if (err > UCODE_NFOUND) {
645 + pr_warn("Error reloading microcode on CPU %d\n", cpu);
646 +- return -1;
647 +- /* siblings return UCODE_OK because their engine got updated already */
648 ++ ret = -1;
649 + } else if (err == UCODE_UPDATED || err == UCODE_OK) {
650 + ret = 1;
651 +- } else {
652 +- return ret;
653 + }
654 +
655 + /*
656 +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
657 +index 32b8e5724f96..1c2cfa0644aa 100644
658 +--- a/arch/x86/kernel/cpu/microcode/intel.c
659 ++++ b/arch/x86/kernel/cpu/microcode/intel.c
660 +@@ -485,7 +485,6 @@ static void show_saved_mc(void)
661 + */
662 + static void save_mc_for_early(u8 *mc, unsigned int size)
663 + {
664 +-#ifdef CONFIG_HOTPLUG_CPU
665 + /* Synchronization during CPU hotplug. */
666 + static DEFINE_MUTEX(x86_cpu_microcode_mutex);
667 +
668 +@@ -495,7 +494,6 @@ static void save_mc_for_early(u8 *mc, unsigned int size)
669 + show_saved_mc();
670 +
671 + mutex_unlock(&x86_cpu_microcode_mutex);
672 +-#endif
673 + }
674 +
675 + static bool load_builtin_intel_microcode(struct cpio_data *cp)
676 +diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
677 +index 2651ca2112c4..6b841262b790 100644
678 +--- a/arch/x86/kernel/smpboot.c
679 ++++ b/arch/x86/kernel/smpboot.c
680 +@@ -1613,6 +1613,8 @@ static inline void mwait_play_dead(void)
681 + void *mwait_ptr;
682 + int i;
683 +
684 ++ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
685 ++ return;
686 + if (!this_cpu_has(X86_FEATURE_MWAIT))
687 + return;
688 + if (!this_cpu_has(X86_FEATURE_CLFLUSH))
689 +diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
690 +index 0f860cf0d56d..56c9cd01fd1d 100644
691 +--- a/block/bfq-iosched.c
692 ++++ b/block/bfq-iosched.c
693 +@@ -4447,8 +4447,16 @@ static void bfq_prepare_request(struct request *rq, struct bio *bio)
694 + bool new_queue = false;
695 + bool bfqq_already_existing = false, split = false;
696 +
697 +- if (!rq->elv.icq)
698 ++ /*
699 ++ * Even if we don't have an icq attached, we should still clear
700 ++ * the scheduler pointers, as they might point to previously
701 ++ * allocated bic/bfqq structs.
702 ++ */
703 ++ if (!rq->elv.icq) {
704 ++ rq->elv.priv[0] = rq->elv.priv[1] = NULL;
705 + return;
706 ++ }
707 ++
708 + bic = icq_to_bic(rq->elv.icq);
709 +
710 + spin_lock_irq(&bfqd->lock);
711 +diff --git a/crypto/drbg.c b/crypto/drbg.c
712 +index 70018397e59a..6c3221313753 100644
713 +--- a/crypto/drbg.c
714 ++++ b/crypto/drbg.c
715 +@@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
716 + if (!drbg)
717 + return;
718 + kzfree(drbg->Vbuf);
719 ++ drbg->Vbuf = NULL;
720 + drbg->V = NULL;
721 + kzfree(drbg->Cbuf);
722 ++ drbg->Cbuf = NULL;
723 + drbg->C = NULL;
724 + kzfree(drbg->scratchpadbuf);
725 + drbg->scratchpadbuf = NULL;
726 +diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
727 +index e0f74ddc22b7..8a99fbe5759f 100644
728 +--- a/drivers/amba/bus.c
729 ++++ b/drivers/amba/bus.c
730 +@@ -69,11 +69,12 @@ static ssize_t driver_override_show(struct device *_dev,
731 + struct device_attribute *attr, char *buf)
732 + {
733 + struct amba_device *dev = to_amba_device(_dev);
734 ++ ssize_t len;
735 +
736 +- if (!dev->driver_override)
737 +- return 0;
738 +-
739 +- return sprintf(buf, "%s\n", dev->driver_override);
740 ++ device_lock(_dev);
741 ++ len = sprintf(buf, "%s\n", dev->driver_override);
742 ++ device_unlock(_dev);
743 ++ return len;
744 + }
745 +
746 + static ssize_t driver_override_store(struct device *_dev,
747 +@@ -81,9 +82,10 @@ static ssize_t driver_override_store(struct device *_dev,
748 + const char *buf, size_t count)
749 + {
750 + struct amba_device *dev = to_amba_device(_dev);
751 +- char *driver_override, *old = dev->driver_override, *cp;
752 ++ char *driver_override, *old, *cp;
753 +
754 +- if (count > PATH_MAX)
755 ++ /* We need to keep extra room for a newline */
756 ++ if (count >= (PAGE_SIZE - 1))
757 + return -EINVAL;
758 +
759 + driver_override = kstrndup(buf, count, GFP_KERNEL);
760 +@@ -94,12 +96,15 @@ static ssize_t driver_override_store(struct device *_dev,
761 + if (cp)
762 + *cp = '\0';
763 +
764 ++ device_lock(_dev);
765 ++ old = dev->driver_override;
766 + if (strlen(driver_override)) {
767 + dev->driver_override = driver_override;
768 + } else {
769 + kfree(driver_override);
770 + dev->driver_override = NULL;
771 + }
772 ++ device_unlock(_dev);
773 +
774 + kfree(old);
775 +
776 +diff --git a/drivers/android/binder.c b/drivers/android/binder.c
777 +index b7efdc8badee..a86c27948fca 100644
778 +--- a/drivers/android/binder.c
779 ++++ b/drivers/android/binder.c
780 +@@ -2785,6 +2785,14 @@ static void binder_transaction(struct binder_proc *proc,
781 + else
782 + return_error = BR_DEAD_REPLY;
783 + mutex_unlock(&context->context_mgr_node_lock);
784 ++ if (target_node && target_proc == proc) {
785 ++ binder_user_error("%d:%d got transaction to context manager from process owning it\n",
786 ++ proc->pid, thread->pid);
787 ++ return_error = BR_FAILED_REPLY;
788 ++ return_error_param = -EINVAL;
789 ++ return_error_line = __LINE__;
790 ++ goto err_invalid_target_handle;
791 ++ }
792 + }
793 + if (!target_node) {
794 + /*
795 +diff --git a/drivers/char/random.c b/drivers/char/random.c
796 +index 58a2ff7df392..ddc493d976fd 100644
797 +--- a/drivers/char/random.c
798 ++++ b/drivers/char/random.c
799 +@@ -261,6 +261,7 @@
800 + #include <linux/ptrace.h>
801 + #include <linux/workqueue.h>
802 + #include <linux/irq.h>
803 ++#include <linux/ratelimit.h>
804 + #include <linux/syscalls.h>
805 + #include <linux/completion.h>
806 + #include <linux/uuid.h>
807 +@@ -438,6 +439,16 @@ static void _crng_backtrack_protect(struct crng_state *crng,
808 + static void process_random_ready_list(void);
809 + static void _get_random_bytes(void *buf, int nbytes);
810 +
811 ++static struct ratelimit_state unseeded_warning =
812 ++ RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
813 ++static struct ratelimit_state urandom_warning =
814 ++ RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
815 ++
816 ++static int ratelimit_disable __read_mostly;
817 ++
818 ++module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
819 ++MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
820 ++
821 + /**********************************************************************
822 + *
823 + * OS independent entropy store. Here are the functions which handle
824 +@@ -787,6 +798,39 @@ static void crng_initialize(struct crng_state *crng)
825 + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;
826 + }
827 +
828 ++#ifdef CONFIG_NUMA
829 ++static void do_numa_crng_init(struct work_struct *work)
830 ++{
831 ++ int i;
832 ++ struct crng_state *crng;
833 ++ struct crng_state **pool;
834 ++
835 ++ pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
836 ++ for_each_online_node(i) {
837 ++ crng = kmalloc_node(sizeof(struct crng_state),
838 ++ GFP_KERNEL | __GFP_NOFAIL, i);
839 ++ spin_lock_init(&crng->lock);
840 ++ crng_initialize(crng);
841 ++ pool[i] = crng;
842 ++ }
843 ++ mb();
844 ++ if (cmpxchg(&crng_node_pool, NULL, pool)) {
845 ++ for_each_node(i)
846 ++ kfree(pool[i]);
847 ++ kfree(pool);
848 ++ }
849 ++}
850 ++
851 ++static DECLARE_WORK(numa_crng_init_work, do_numa_crng_init);
852 ++
853 ++static void numa_crng_init(void)
854 ++{
855 ++ schedule_work(&numa_crng_init_work);
856 ++}
857 ++#else
858 ++static void numa_crng_init(void) {}
859 ++#endif
860 ++
861 + /*
862 + * crng_fast_load() can be called by code in the interrupt service
863 + * path. So we can't afford to dilly-dally.
864 +@@ -893,10 +937,23 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
865 + spin_unlock_irqrestore(&crng->lock, flags);
866 + if (crng == &primary_crng && crng_init < 2) {
867 + invalidate_batched_entropy();
868 ++ numa_crng_init();
869 + crng_init = 2;
870 + process_random_ready_list();
871 + wake_up_interruptible(&crng_init_wait);
872 + pr_notice("random: crng init done\n");
873 ++ if (unseeded_warning.missed) {
874 ++ pr_notice("random: %d get_random_xx warning(s) missed "
875 ++ "due to ratelimiting\n",
876 ++ unseeded_warning.missed);
877 ++ unseeded_warning.missed = 0;
878 ++ }
879 ++ if (urandom_warning.missed) {
880 ++ pr_notice("random: %d urandom warning(s) missed "
881 ++ "due to ratelimiting\n",
882 ++ urandom_warning.missed);
883 ++ urandom_warning.missed = 0;
884 ++ }
885 + }
886 + }
887 +
888 +@@ -1540,8 +1597,9 @@ static void _warn_unseeded_randomness(const char *func_name, void *caller,
889 + #ifndef CONFIG_WARN_ALL_UNSEEDED_RANDOM
890 + print_once = true;
891 + #endif
892 +- pr_notice("random: %s called from %pS with crng_init=%d\n",
893 +- func_name, caller, crng_init);
894 ++ if (__ratelimit(&unseeded_warning))
895 ++ pr_notice("random: %s called from %pS with crng_init=%d\n",
896 ++ func_name, caller, crng_init);
897 + }
898 +
899 + /*
900 +@@ -1731,29 +1789,14 @@ static void init_std_data(struct entropy_store *r)
901 + */
902 + static int rand_initialize(void)
903 + {
904 +-#ifdef CONFIG_NUMA
905 +- int i;
906 +- struct crng_state *crng;
907 +- struct crng_state **pool;
908 +-#endif
909 +-
910 + init_std_data(&input_pool);
911 + init_std_data(&blocking_pool);
912 + crng_initialize(&primary_crng);
913 + crng_global_init_time = jiffies;
914 +-
915 +-#ifdef CONFIG_NUMA
916 +- pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
917 +- for_each_online_node(i) {
918 +- crng = kmalloc_node(sizeof(struct crng_state),
919 +- GFP_KERNEL | __GFP_NOFAIL, i);
920 +- spin_lock_init(&crng->lock);
921 +- crng_initialize(crng);
922 +- pool[i] = crng;
923 ++ if (ratelimit_disable) {
924 ++ urandom_warning.interval = 0;
925 ++ unseeded_warning.interval = 0;
926 + }
927 +- mb();
928 +- crng_node_pool = pool;
929 +-#endif
930 + return 0;
931 + }
932 + early_initcall(rand_initialize);
933 +@@ -1821,9 +1864,10 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
934 +
935 + if (!crng_ready() && maxwarn > 0) {
936 + maxwarn--;
937 +- printk(KERN_NOTICE "random: %s: uninitialized urandom read "
938 +- "(%zd bytes read)\n",
939 +- current->comm, nbytes);
940 ++ if (__ratelimit(&urandom_warning))
941 ++ printk(KERN_NOTICE "random: %s: uninitialized "
942 ++ "urandom read (%zd bytes read)\n",
943 ++ current->comm, nbytes);
944 + spin_lock_irqsave(&primary_crng.lock, flags);
945 + crng_init_cnt = 0;
946 + spin_unlock_irqrestore(&primary_crng.lock, flags);
947 +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
948 +index d1aed2513bd9..a089474cb046 100644
949 +--- a/drivers/char/virtio_console.c
950 ++++ b/drivers/char/virtio_console.c
951 +@@ -422,7 +422,7 @@ static void reclaim_dma_bufs(void)
952 + }
953 + }
954 +
955 +-static struct port_buffer *alloc_buf(struct virtqueue *vq, size_t buf_size,
956 ++static struct port_buffer *alloc_buf(struct virtio_device *vdev, size_t buf_size,
957 + int pages)
958 + {
959 + struct port_buffer *buf;
960 +@@ -445,16 +445,16 @@ static struct port_buffer *alloc_buf(struct virtqueue *vq, size_t buf_size,
961 + return buf;
962 + }
963 +
964 +- if (is_rproc_serial(vq->vdev)) {
965 ++ if (is_rproc_serial(vdev)) {
966 + /*
967 + * Allocate DMA memory from ancestor. When a virtio
968 + * device is created by remoteproc, the DMA memory is
969 + * associated with the grandparent device:
970 + * vdev => rproc => platform-dev.
971 + */
972 +- if (!vq->vdev->dev.parent || !vq->vdev->dev.parent->parent)
973 ++ if (!vdev->dev.parent || !vdev->dev.parent->parent)
974 + goto free_buf;
975 +- buf->dev = vq->vdev->dev.parent->parent;
976 ++ buf->dev = vdev->dev.parent->parent;
977 +
978 + /* Increase device refcnt to avoid freeing it */
979 + get_device(buf->dev);
980 +@@ -838,7 +838,7 @@ static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
981 +
982 + count = min((size_t)(32 * 1024), count);
983 +
984 +- buf = alloc_buf(port->out_vq, count, 0);
985 ++ buf = alloc_buf(port->portdev->vdev, count, 0);
986 + if (!buf)
987 + return -ENOMEM;
988 +
989 +@@ -957,7 +957,7 @@ static ssize_t port_fops_splice_write(struct pipe_inode_info *pipe,
990 + if (ret < 0)
991 + goto error_out;
992 +
993 +- buf = alloc_buf(port->out_vq, 0, pipe->nrbufs);
994 ++ buf = alloc_buf(port->portdev->vdev, 0, pipe->nrbufs);
995 + if (!buf) {
996 + ret = -ENOMEM;
997 + goto error_out;
998 +@@ -1374,7 +1374,7 @@ static unsigned int fill_queue(struct virtqueue *vq, spinlock_t *lock)
999 +
1000 + nr_added_bufs = 0;
1001 + do {
1002 +- buf = alloc_buf(vq, PAGE_SIZE, 0);
1003 ++ buf = alloc_buf(vq->vdev, PAGE_SIZE, 0);
1004 + if (!buf)
1005 + break;
1006 +
1007 +@@ -1402,7 +1402,6 @@ static int add_port(struct ports_device *portdev, u32 id)
1008 + {
1009 + char debugfs_name[16];
1010 + struct port *port;
1011 +- struct port_buffer *buf;
1012 + dev_t devt;
1013 + unsigned int nr_added_bufs;
1014 + int err;
1015 +@@ -1513,8 +1512,6 @@ static int add_port(struct ports_device *portdev, u32 id)
1016 + return 0;
1017 +
1018 + free_inbufs:
1019 +- while ((buf = virtqueue_detach_unused_buf(port->in_vq)))
1020 +- free_buf(buf, true);
1021 + free_device:
1022 + device_destroy(pdrvdata.class, port->dev->devt);
1023 + free_cdev:
1024 +@@ -1539,34 +1536,14 @@ static void remove_port(struct kref *kref)
1025 +
1026 + static void remove_port_data(struct port *port)
1027 + {
1028 +- struct port_buffer *buf;
1029 +-
1030 + spin_lock_irq(&port->inbuf_lock);
1031 + /* Remove unused data this port might have received. */
1032 + discard_port_data(port);
1033 + spin_unlock_irq(&port->inbuf_lock);
1034 +
1035 +- /* Remove buffers we queued up for the Host to send us data in. */
1036 +- do {
1037 +- spin_lock_irq(&port->inbuf_lock);
1038 +- buf = virtqueue_detach_unused_buf(port->in_vq);
1039 +- spin_unlock_irq(&port->inbuf_lock);
1040 +- if (buf)
1041 +- free_buf(buf, true);
1042 +- } while (buf);
1043 +-
1044 + spin_lock_irq(&port->outvq_lock);
1045 + reclaim_consumed_buffers(port);
1046 + spin_unlock_irq(&port->outvq_lock);
1047 +-
1048 +- /* Free pending buffers from the out-queue. */
1049 +- do {
1050 +- spin_lock_irq(&port->outvq_lock);
1051 +- buf = virtqueue_detach_unused_buf(port->out_vq);
1052 +- spin_unlock_irq(&port->outvq_lock);
1053 +- if (buf)
1054 +- free_buf(buf, true);
1055 +- } while (buf);
1056 + }
1057 +
1058 + /*
1059 +@@ -1791,13 +1768,24 @@ static void control_work_handler(struct work_struct *work)
1060 + spin_unlock(&portdev->c_ivq_lock);
1061 + }
1062 +
1063 ++static void flush_bufs(struct virtqueue *vq, bool can_sleep)
1064 ++{
1065 ++ struct port_buffer *buf;
1066 ++ unsigned int len;
1067 ++
1068 ++ while ((buf = virtqueue_get_buf(vq, &len)))
1069 ++ free_buf(buf, can_sleep);
1070 ++}
1071 ++
1072 + static void out_intr(struct virtqueue *vq)
1073 + {
1074 + struct port *port;
1075 +
1076 + port = find_port_by_vq(vq->vdev->priv, vq);
1077 +- if (!port)
1078 ++ if (!port) {
1079 ++ flush_bufs(vq, false);
1080 + return;
1081 ++ }
1082 +
1083 + wake_up_interruptible(&port->waitqueue);
1084 + }
1085 +@@ -1808,8 +1796,10 @@ static void in_intr(struct virtqueue *vq)
1086 + unsigned long flags;
1087 +
1088 + port = find_port_by_vq(vq->vdev->priv, vq);
1089 +- if (!port)
1090 ++ if (!port) {
1091 ++ flush_bufs(vq, false);
1092 + return;
1093 ++ }
1094 +
1095 + spin_lock_irqsave(&port->inbuf_lock, flags);
1096 + port->inbuf = get_inbuf(port);
1097 +@@ -1984,24 +1974,54 @@ static const struct file_operations portdev_fops = {
1098 +
1099 + static void remove_vqs(struct ports_device *portdev)
1100 + {
1101 ++ struct virtqueue *vq;
1102 ++
1103 ++ virtio_device_for_each_vq(portdev->vdev, vq) {
1104 ++ struct port_buffer *buf;
1105 ++
1106 ++ flush_bufs(vq, true);
1107 ++ while ((buf = virtqueue_detach_unused_buf(vq)))
1108 ++ free_buf(buf, true);
1109 ++ }
1110 + portdev->vdev->config->del_vqs(portdev->vdev);
1111 + kfree(portdev->in_vqs);
1112 + kfree(portdev->out_vqs);
1113 + }
1114 +
1115 +-static void remove_controlq_data(struct ports_device *portdev)
1116 ++static void virtcons_remove(struct virtio_device *vdev)
1117 + {
1118 +- struct port_buffer *buf;
1119 +- unsigned int len;
1120 ++ struct ports_device *portdev;
1121 ++ struct port *port, *port2;
1122 +
1123 +- if (!use_multiport(portdev))
1124 +- return;
1125 ++ portdev = vdev->priv;
1126 +
1127 +- while ((buf = virtqueue_get_buf(portdev->c_ivq, &len)))
1128 +- free_buf(buf, true);
1129 ++ spin_lock_irq(&pdrvdata_lock);
1130 ++ list_del(&portdev->list);
1131 ++ spin_unlock_irq(&pdrvdata_lock);
1132 +
1133 +- while ((buf = virtqueue_detach_unused_buf(portdev->c_ivq)))
1134 +- free_buf(buf, true);
1135 ++ /* Disable interrupts for vqs */
1136 ++ vdev->config->reset(vdev);
1137 ++ /* Finish up work that's lined up */
1138 ++ if (use_multiport(portdev))
1139 ++ cancel_work_sync(&portdev->control_work);
1140 ++ else
1141 ++ cancel_work_sync(&portdev->config_work);
1142 ++
1143 ++ list_for_each_entry_safe(port, port2, &portdev->ports, list)
1144 ++ unplug_port(port);
1145 ++
1146 ++ unregister_chrdev(portdev->chr_major, "virtio-portsdev");
1147 ++
1148 ++ /*
1149 ++ * When yanking out a device, we immediately lose the
1150 ++ * (device-side) queues. So there's no point in keeping the
1151 ++ * guest side around till we drop our final reference. This
1152 ++ * also means that any ports which are in an open state will
1153 ++ * have to just stop using the port, as the vqs are going
1154 ++ * away.
1155 ++ */
1156 ++ remove_vqs(portdev);
1157 ++ kfree(portdev);
1158 + }
1159 +
1160 + /*
1161 +@@ -2070,6 +2090,7 @@ static int virtcons_probe(struct virtio_device *vdev)
1162 +
1163 + spin_lock_init(&portdev->ports_lock);
1164 + INIT_LIST_HEAD(&portdev->ports);
1165 ++ INIT_LIST_HEAD(&portdev->list);
1166 +
1167 + virtio_device_ready(portdev->vdev);
1168 +
1169 +@@ -2087,8 +2108,15 @@ static int virtcons_probe(struct virtio_device *vdev)
1170 + if (!nr_added_bufs) {
1171 + dev_err(&vdev->dev,
1172 + "Error allocating buffers for control queue\n");
1173 +- err = -ENOMEM;
1174 +- goto free_vqs;
1175 ++ /*
1176 ++ * The host might want to notify mgmt sw about device
1177 ++ * add failure.
1178 ++ */
1179 ++ __send_control_msg(portdev, VIRTIO_CONSOLE_BAD_ID,
1180 ++ VIRTIO_CONSOLE_DEVICE_READY, 0);
1181 ++ /* Device was functional: we need full cleanup. */
1182 ++ virtcons_remove(vdev);
1183 ++ return -ENOMEM;
1184 + }
1185 + } else {
1186 + /*
1187 +@@ -2119,11 +2147,6 @@ static int virtcons_probe(struct virtio_device *vdev)
1188 +
1189 + return 0;
1190 +
1191 +-free_vqs:
1192 +- /* The host might want to notify mgmt sw about device add failure */
1193 +- __send_control_msg(portdev, VIRTIO_CONSOLE_BAD_ID,
1194 +- VIRTIO_CONSOLE_DEVICE_READY, 0);
1195 +- remove_vqs(portdev);
1196 + free_chrdev:
1197 + unregister_chrdev(portdev->chr_major, "virtio-portsdev");
1198 + free:
1199 +@@ -2132,43 +2155,6 @@ static int virtcons_probe(struct virtio_device *vdev)
1200 + return err;
1201 + }
1202 +
1203 +-static void virtcons_remove(struct virtio_device *vdev)
1204 +-{
1205 +- struct ports_device *portdev;
1206 +- struct port *port, *port2;
1207 +-
1208 +- portdev = vdev->priv;
1209 +-
1210 +- spin_lock_irq(&pdrvdata_lock);
1211 +- list_del(&portdev->list);
1212 +- spin_unlock_irq(&pdrvdata_lock);
1213 +-
1214 +- /* Disable interrupts for vqs */
1215 +- vdev->config->reset(vdev);
1216 +- /* Finish up work that's lined up */
1217 +- if (use_multiport(portdev))
1218 +- cancel_work_sync(&portdev->control_work);
1219 +- else
1220 +- cancel_work_sync(&portdev->config_work);
1221 +-
1222 +- list_for_each_entry_safe(port, port2, &portdev->ports, list)
1223 +- unplug_port(port);
1224 +-
1225 +- unregister_chrdev(portdev->chr_major, "virtio-portsdev");
1226 +-
1227 +- /*
1228 +- * When yanking out a device, we immediately lose the
1229 +- * (device-side) queues. So there's no point in keeping the
1230 +- * guest side around till we drop our final reference. This
1231 +- * also means that any ports which are in an open state will
1232 +- * have to just stop using the port, as the vqs are going
1233 +- * away.
1234 +- */
1235 +- remove_controlq_data(portdev);
1236 +- remove_vqs(portdev);
1237 +- kfree(portdev);
1238 +-}
1239 +-
1240 + static struct virtio_device_id id_table[] = {
1241 + { VIRTIO_ID_CONSOLE, VIRTIO_DEV_ANY_ID },
1242 + { 0 },
1243 +@@ -2209,7 +2195,6 @@ static int virtcons_freeze(struct virtio_device *vdev)
1244 + */
1245 + if (use_multiport(portdev))
1246 + virtqueue_disable_cb(portdev->c_ivq);
1247 +- remove_controlq_data(portdev);
1248 +
1249 + list_for_each_entry(port, &portdev->ports, list) {
1250 + virtqueue_disable_cb(port->in_vq);
1251 +diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c
1252 +index 6b3a63545619..a28bb8f3f395 100644
1253 +--- a/drivers/cpufreq/powernv-cpufreq.c
1254 ++++ b/drivers/cpufreq/powernv-cpufreq.c
1255 +@@ -646,6 +646,16 @@ void gpstate_timer_handler(unsigned long data)
1256 +
1257 + if (!spin_trylock(&gpstates->gpstate_lock))
1258 + return;
1259 ++ /*
1260 ++ * If the timer has migrated to the different cpu then bring
1261 ++ * it back to one of the policy->cpus
1262 ++ */
1263 ++ if (!cpumask_test_cpu(raw_smp_processor_id(), policy->cpus)) {
1264 ++ gpstates->timer.expires = jiffies + msecs_to_jiffies(1);
1265 ++ add_timer_on(&gpstates->timer, cpumask_first(policy->cpus));
1266 ++ spin_unlock(&gpstates->gpstate_lock);
1267 ++ return;
1268 ++ }
1269 +
1270 + /*
1271 + * If PMCR was last updated was using fast_swtich then
1272 +@@ -685,10 +695,8 @@ void gpstate_timer_handler(unsigned long data)
1273 + if (gpstate_idx != gpstates->last_lpstate_idx)
1274 + queue_gpstate_timer(gpstates);
1275 +
1276 ++ set_pstate(&freq_data);
1277 + spin_unlock(&gpstates->gpstate_lock);
1278 +-
1279 +- /* Timer may get migrated to a different cpu on cpu hot unplug */
1280 +- smp_call_function_any(policy->cpus, set_pstate, &freq_data, 1);
1281 + }
1282 +
1283 + /*
1284 +diff --git a/drivers/fpga/altera-ps-spi.c b/drivers/fpga/altera-ps-spi.c
1285 +index 14f14efdf0d5..06d212a3d49d 100644
1286 +--- a/drivers/fpga/altera-ps-spi.c
1287 ++++ b/drivers/fpga/altera-ps-spi.c
1288 +@@ -249,7 +249,7 @@ static int altera_ps_probe(struct spi_device *spi)
1289 +
1290 + conf->data = of_id->data;
1291 + conf->spi = spi;
1292 +- conf->config = devm_gpiod_get(&spi->dev, "nconfig", GPIOD_OUT_HIGH);
1293 ++ conf->config = devm_gpiod_get(&spi->dev, "nconfig", GPIOD_OUT_LOW);
1294 + if (IS_ERR(conf->config)) {
1295 + dev_err(&spi->dev, "Failed to get config gpio: %ld\n",
1296 + PTR_ERR(conf->config));
1297 +diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
1298 +index fc260c13b1da..a7e54820a330 100644
1299 +--- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
1300 ++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
1301 +@@ -1398,10 +1398,11 @@ static const u32 sgpr_init_compute_shader[] =
1302 + static const u32 vgpr_init_regs[] =
1303 + {
1304 + mmCOMPUTE_STATIC_THREAD_MGMT_SE0, 0xffffffff,
1305 +- mmCOMPUTE_RESOURCE_LIMITS, 0,
1306 ++ mmCOMPUTE_RESOURCE_LIMITS, 0x1000000, /* CU_GROUP_COUNT=1 */
1307 + mmCOMPUTE_NUM_THREAD_X, 256*4,
1308 + mmCOMPUTE_NUM_THREAD_Y, 1,
1309 + mmCOMPUTE_NUM_THREAD_Z, 1,
1310 ++ mmCOMPUTE_PGM_RSRC1, 0x100004f, /* VGPRS=15 (64 logical VGPRs), SGPRS=1 (16 SGPRs), BULKY=1 */
1311 + mmCOMPUTE_PGM_RSRC2, 20,
1312 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
1313 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
1314 +@@ -1418,10 +1419,11 @@ static const u32 vgpr_init_regs[] =
1315 + static const u32 sgpr1_init_regs[] =
1316 + {
1317 + mmCOMPUTE_STATIC_THREAD_MGMT_SE0, 0x0f,
1318 +- mmCOMPUTE_RESOURCE_LIMITS, 0x1000000,
1319 ++ mmCOMPUTE_RESOURCE_LIMITS, 0x1000000, /* CU_GROUP_COUNT=1 */
1320 + mmCOMPUTE_NUM_THREAD_X, 256*5,
1321 + mmCOMPUTE_NUM_THREAD_Y, 1,
1322 + mmCOMPUTE_NUM_THREAD_Z, 1,
1323 ++ mmCOMPUTE_PGM_RSRC1, 0x240, /* SGPRS=9 (80 GPRS) */
1324 + mmCOMPUTE_PGM_RSRC2, 20,
1325 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
1326 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
1327 +@@ -1442,6 +1444,7 @@ static const u32 sgpr2_init_regs[] =
1328 + mmCOMPUTE_NUM_THREAD_X, 256*5,
1329 + mmCOMPUTE_NUM_THREAD_Y, 1,
1330 + mmCOMPUTE_NUM_THREAD_Z, 1,
1331 ++ mmCOMPUTE_PGM_RSRC1, 0x240, /* SGPRS=9 (80 GPRS) */
1332 + mmCOMPUTE_PGM_RSRC2, 20,
1333 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
1334 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
1335 +diff --git a/drivers/gpu/drm/i915/intel_runtime_pm.c b/drivers/gpu/drm/i915/intel_runtime_pm.c
1336 +index bcccacba1ec6..bcfc1c235966 100644
1337 +--- a/drivers/gpu/drm/i915/intel_runtime_pm.c
1338 ++++ b/drivers/gpu/drm/i915/intel_runtime_pm.c
1339 +@@ -622,19 +622,18 @@ void skl_enable_dc6(struct drm_i915_private *dev_priv)
1340 +
1341 + DRM_DEBUG_KMS("Enabling DC6\n");
1342 +
1343 +- gen9_set_dc_state(dev_priv, DC_STATE_EN_UPTO_DC6);
1344 ++ /* Wa Display #1183: skl,kbl,cfl */
1345 ++ if (IS_GEN9_BC(dev_priv))
1346 ++ I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) |
1347 ++ SKL_SELECT_ALTERNATE_DC_EXIT);
1348 +
1349 ++ gen9_set_dc_state(dev_priv, DC_STATE_EN_UPTO_DC6);
1350 + }
1351 +
1352 + void skl_disable_dc6(struct drm_i915_private *dev_priv)
1353 + {
1354 + DRM_DEBUG_KMS("Disabling DC6\n");
1355 +
1356 +- /* Wa Display #1183: skl,kbl,cfl */
1357 +- if (IS_GEN9_BC(dev_priv))
1358 +- I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) |
1359 +- SKL_SELECT_ALTERNATE_DC_EXIT);
1360 +-
1361 + gen9_set_dc_state(dev_priv, DC_STATE_DISABLE);
1362 + }
1363 +
1364 +diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c
1365 +index 9eb96fb2c147..26a2da1f712d 100644
1366 +--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
1367 ++++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
1368 +@@ -291,7 +291,7 @@ static int virtio_gpu_queue_ctrl_buffer_locked(struct virtio_gpu_device *vgdev,
1369 + ret = virtqueue_add_sgs(vq, sgs, outcnt, incnt, vbuf, GFP_ATOMIC);
1370 + if (ret == -ENOSPC) {
1371 + spin_unlock(&vgdev->ctrlq.qlock);
1372 +- wait_event(vgdev->ctrlq.ack_queue, vq->num_free);
1373 ++ wait_event(vgdev->ctrlq.ack_queue, vq->num_free >= outcnt + incnt);
1374 + spin_lock(&vgdev->ctrlq.qlock);
1375 + goto retry;
1376 + } else {
1377 +@@ -366,7 +366,7 @@ static int virtio_gpu_queue_cursor(struct virtio_gpu_device *vgdev,
1378 + ret = virtqueue_add_sgs(vq, sgs, outcnt, 0, vbuf, GFP_ATOMIC);
1379 + if (ret == -ENOSPC) {
1380 + spin_unlock(&vgdev->cursorq.qlock);
1381 +- wait_event(vgdev->cursorq.ack_queue, vq->num_free);
1382 ++ wait_event(vgdev->cursorq.ack_queue, vq->num_free >= outcnt);
1383 + spin_lock(&vgdev->cursorq.qlock);
1384 + goto retry;
1385 + } else {
1386 +diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c
1387 +index 5e1b68cbcd0a..e1b603ca0170 100644
1388 +--- a/drivers/mtd/chips/cfi_cmdset_0001.c
1389 ++++ b/drivers/mtd/chips/cfi_cmdset_0001.c
1390 +@@ -45,6 +45,7 @@
1391 + #define I82802AB 0x00ad
1392 + #define I82802AC 0x00ac
1393 + #define PF38F4476 0x881c
1394 ++#define M28F00AP30 0x8963
1395 + /* STMicroelectronics chips */
1396 + #define M50LPW080 0x002F
1397 + #define M50FLW080A 0x0080
1398 +@@ -375,6 +376,17 @@ static void cfi_fixup_major_minor(struct cfi_private *cfi,
1399 + extp->MinorVersion = '1';
1400 + }
1401 +
1402 ++static int cfi_is_micron_28F00AP30(struct cfi_private *cfi, struct flchip *chip)
1403 ++{
1404 ++ /*
1405 ++ * Micron(was Numonyx) 1Gbit bottom boot are buggy w.r.t
1406 ++ * Erase Supend for their small Erase Blocks(0x8000)
1407 ++ */
1408 ++ if (cfi->mfr == CFI_MFR_INTEL && cfi->id == M28F00AP30)
1409 ++ return 1;
1410 ++ return 0;
1411 ++}
1412 ++
1413 + static inline struct cfi_pri_intelext *
1414 + read_pri_intelext(struct map_info *map, __u16 adr)
1415 + {
1416 +@@ -831,21 +843,30 @@ static int chip_ready (struct map_info *map, struct flchip *chip, unsigned long
1417 + (mode == FL_WRITING && (cfip->SuspendCmdSupport & 1))))
1418 + goto sleep;
1419 +
1420 ++ /* Do not allow suspend iff read/write to EB address */
1421 ++ if ((adr & chip->in_progress_block_mask) ==
1422 ++ chip->in_progress_block_addr)
1423 ++ goto sleep;
1424 ++
1425 ++ /* do not suspend small EBs, buggy Micron Chips */
1426 ++ if (cfi_is_micron_28F00AP30(cfi, chip) &&
1427 ++ (chip->in_progress_block_mask == ~(0x8000-1)))
1428 ++ goto sleep;
1429 +
1430 + /* Erase suspend */
1431 +- map_write(map, CMD(0xB0), adr);
1432 ++ map_write(map, CMD(0xB0), chip->in_progress_block_addr);
1433 +
1434 + /* If the flash has finished erasing, then 'erase suspend'
1435 + * appears to make some (28F320) flash devices switch to
1436 + * 'read' mode. Make sure that we switch to 'read status'
1437 + * mode so we get the right data. --rmk
1438 + */
1439 +- map_write(map, CMD(0x70), adr);
1440 ++ map_write(map, CMD(0x70), chip->in_progress_block_addr);
1441 + chip->oldstate = FL_ERASING;
1442 + chip->state = FL_ERASE_SUSPENDING;
1443 + chip->erase_suspended = 1;
1444 + for (;;) {
1445 +- status = map_read(map, adr);
1446 ++ status = map_read(map, chip->in_progress_block_addr);
1447 + if (map_word_andequal(map, status, status_OK, status_OK))
1448 + break;
1449 +
1450 +@@ -1041,8 +1062,8 @@ static void put_chip(struct map_info *map, struct flchip *chip, unsigned long ad
1451 + sending the 0x70 (Read Status) command to an erasing
1452 + chip and expecting it to be ignored, that's what we
1453 + do. */
1454 +- map_write(map, CMD(0xd0), adr);
1455 +- map_write(map, CMD(0x70), adr);
1456 ++ map_write(map, CMD(0xd0), chip->in_progress_block_addr);
1457 ++ map_write(map, CMD(0x70), chip->in_progress_block_addr);
1458 + chip->oldstate = FL_READY;
1459 + chip->state = FL_ERASING;
1460 + break;
1461 +@@ -1933,6 +1954,8 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip,
1462 + map_write(map, CMD(0xD0), adr);
1463 + chip->state = FL_ERASING;
1464 + chip->erase_suspended = 0;
1465 ++ chip->in_progress_block_addr = adr;
1466 ++ chip->in_progress_block_mask = ~(len - 1);
1467 +
1468 + ret = INVAL_CACHE_AND_WAIT(map, chip, adr,
1469 + adr, len,
1470 +diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
1471 +index 56aa6b75213d..d524a64ed754 100644
1472 +--- a/drivers/mtd/chips/cfi_cmdset_0002.c
1473 ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
1474 +@@ -816,9 +816,10 @@ static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr
1475 + (mode == FL_WRITING && (cfip->EraseSuspend & 0x2))))
1476 + goto sleep;
1477 +
1478 +- /* We could check to see if we're trying to access the sector
1479 +- * that is currently being erased. However, no user will try
1480 +- * anything like that so we just wait for the timeout. */
1481 ++ /* Do not allow suspend iff read/write to EB address */
1482 ++ if ((adr & chip->in_progress_block_mask) ==
1483 ++ chip->in_progress_block_addr)
1484 ++ goto sleep;
1485 +
1486 + /* Erase suspend */
1487 + /* It's harmless to issue the Erase-Suspend and Erase-Resume
1488 +@@ -2267,6 +2268,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip)
1489 + chip->state = FL_ERASING;
1490 + chip->erase_suspended = 0;
1491 + chip->in_progress_block_addr = adr;
1492 ++ chip->in_progress_block_mask = ~(map->size - 1);
1493 +
1494 + INVALIDATE_CACHE_UDELAY(map, chip,
1495 + adr, map->size,
1496 +@@ -2356,6 +2358,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip,
1497 + chip->state = FL_ERASING;
1498 + chip->erase_suspended = 0;
1499 + chip->in_progress_block_addr = adr;
1500 ++ chip->in_progress_block_mask = ~(len - 1);
1501 +
1502 + INVALIDATE_CACHE_UDELAY(map, chip,
1503 + adr, len,
1504 +diff --git a/drivers/mtd/nand/tango_nand.c b/drivers/mtd/nand/tango_nand.c
1505 +index 766906f03943..ce366816a7ef 100644
1506 +--- a/drivers/mtd/nand/tango_nand.c
1507 ++++ b/drivers/mtd/nand/tango_nand.c
1508 +@@ -654,7 +654,7 @@ static int tango_nand_probe(struct platform_device *pdev)
1509 +
1510 + writel_relaxed(MODE_RAW, nfc->pbus_base + PBUS_PAD_MODE);
1511 +
1512 +- clk = clk_get(&pdev->dev, NULL);
1513 ++ clk = devm_clk_get(&pdev->dev, NULL);
1514 + if (IS_ERR(clk))
1515 + return PTR_ERR(clk);
1516 +
1517 +diff --git a/drivers/mtd/spi-nor/cadence-quadspi.c b/drivers/mtd/spi-nor/cadence-quadspi.c
1518 +index 53c7d8e0327a..8d89204b90d2 100644
1519 +--- a/drivers/mtd/spi-nor/cadence-quadspi.c
1520 ++++ b/drivers/mtd/spi-nor/cadence-quadspi.c
1521 +@@ -495,7 +495,9 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor,
1522 + void __iomem *reg_base = cqspi->iobase;
1523 + void __iomem *ahb_base = cqspi->ahb_base;
1524 + unsigned int remaining = n_rx;
1525 ++ unsigned int mod_bytes = n_rx % 4;
1526 + unsigned int bytes_to_read = 0;
1527 ++ u8 *rxbuf_end = rxbuf + n_rx;
1528 + int ret = 0;
1529 +
1530 + writel(remaining, reg_base + CQSPI_REG_INDIRECTRDBYTES);
1531 +@@ -523,11 +525,24 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor,
1532 + }
1533 +
1534 + while (bytes_to_read != 0) {
1535 ++ unsigned int word_remain = round_down(remaining, 4);
1536 ++
1537 + bytes_to_read *= cqspi->fifo_width;
1538 + bytes_to_read = bytes_to_read > remaining ?
1539 + remaining : bytes_to_read;
1540 +- ioread32_rep(ahb_base, rxbuf,
1541 +- DIV_ROUND_UP(bytes_to_read, 4));
1542 ++ bytes_to_read = round_down(bytes_to_read, 4);
1543 ++ /* Read 4 byte word chunks then single bytes */
1544 ++ if (bytes_to_read) {
1545 ++ ioread32_rep(ahb_base, rxbuf,
1546 ++ (bytes_to_read / 4));
1547 ++ } else if (!word_remain && mod_bytes) {
1548 ++ unsigned int temp = ioread32(ahb_base);
1549 ++
1550 ++ bytes_to_read = mod_bytes;
1551 ++ memcpy(rxbuf, &temp, min((unsigned int)
1552 ++ (rxbuf_end - rxbuf),
1553 ++ bytes_to_read));
1554 ++ }
1555 + rxbuf += bytes_to_read;
1556 + remaining -= bytes_to_read;
1557 + bytes_to_read = cqspi_get_rd_sram_level(cqspi);
1558 +diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
1559 +index ce30c9a588a4..6337c394bfe3 100644
1560 +--- a/drivers/of/fdt.c
1561 ++++ b/drivers/of/fdt.c
1562 +@@ -975,7 +975,7 @@ int __init early_init_dt_scan_chosen_stdout(void)
1563 + int offset;
1564 + const char *p, *q, *options = NULL;
1565 + int l;
1566 +- const struct earlycon_id *match;
1567 ++ const struct earlycon_id **p_match;
1568 + const void *fdt = initial_boot_params;
1569 +
1570 + offset = fdt_path_offset(fdt, "/chosen");
1571 +@@ -1002,7 +1002,10 @@ int __init early_init_dt_scan_chosen_stdout(void)
1572 + return 0;
1573 + }
1574 +
1575 +- for (match = __earlycon_table; match < __earlycon_table_end; match++) {
1576 ++ for (p_match = __earlycon_table; p_match < __earlycon_table_end;
1577 ++ p_match++) {
1578 ++ const struct earlycon_id *match = *p_match;
1579 ++
1580 + if (!match->compatible[0])
1581 + continue;
1582 +
1583 +diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c
1584 +index 26ed0c08f209..9bfc22b5da4b 100644
1585 +--- a/drivers/pci/host/pci-aardvark.c
1586 ++++ b/drivers/pci/host/pci-aardvark.c
1587 +@@ -32,6 +32,7 @@
1588 + #define PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT 5
1589 + #define PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE (0 << 11)
1590 + #define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT 12
1591 ++#define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ 0x2
1592 + #define PCIE_CORE_LINK_CTRL_STAT_REG 0xd0
1593 + #define PCIE_CORE_LINK_L0S_ENTRY BIT(0)
1594 + #define PCIE_CORE_LINK_TRAINING BIT(5)
1595 +@@ -103,7 +104,8 @@
1596 + #define PCIE_ISR1_MASK_REG (CONTROL_BASE_ADDR + 0x4C)
1597 + #define PCIE_ISR1_POWER_STATE_CHANGE BIT(4)
1598 + #define PCIE_ISR1_FLUSH BIT(5)
1599 +-#define PCIE_ISR1_ALL_MASK GENMASK(5, 4)
1600 ++#define PCIE_ISR1_INTX_ASSERT(val) BIT(8 + (val))
1601 ++#define PCIE_ISR1_ALL_MASK GENMASK(11, 4)
1602 + #define PCIE_MSI_ADDR_LOW_REG (CONTROL_BASE_ADDR + 0x50)
1603 + #define PCIE_MSI_ADDR_HIGH_REG (CONTROL_BASE_ADDR + 0x54)
1604 + #define PCIE_MSI_STATUS_REG (CONTROL_BASE_ADDR + 0x58)
1605 +@@ -175,8 +177,6 @@
1606 + #define PCIE_CONFIG_WR_TYPE0 0xa
1607 + #define PCIE_CONFIG_WR_TYPE1 0xb
1608 +
1609 +-/* PCI_BDF shifts 8bit, so we need extra 4bit shift */
1610 +-#define PCIE_BDF(dev) (dev << 4)
1611 + #define PCIE_CONF_BUS(bus) (((bus) & 0xff) << 20)
1612 + #define PCIE_CONF_DEV(dev) (((dev) & 0x1f) << 15)
1613 + #define PCIE_CONF_FUNC(fun) (((fun) & 0x7) << 12)
1614 +@@ -299,7 +299,8 @@ static void advk_pcie_setup_hw(struct advk_pcie *pcie)
1615 + reg = PCIE_CORE_DEV_CTRL_STATS_RELAX_ORDER_DISABLE |
1616 + (7 << PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT) |
1617 + PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE |
1618 +- PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT;
1619 ++ (PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ <<
1620 ++ PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT);
1621 + advk_writel(pcie, reg, PCIE_CORE_DEV_CTRL_STATS_REG);
1622 +
1623 + /* Program PCIe Control 2 to disable strict ordering */
1624 +@@ -440,7 +441,7 @@ static int advk_pcie_rd_conf(struct pci_bus *bus, u32 devfn,
1625 + u32 reg;
1626 + int ret;
1627 +
1628 +- if (PCI_SLOT(devfn) != 0) {
1629 ++ if ((bus->number == pcie->root_bus_nr) && PCI_SLOT(devfn) != 0) {
1630 + *val = 0xffffffff;
1631 + return PCIBIOS_DEVICE_NOT_FOUND;
1632 + }
1633 +@@ -459,7 +460,7 @@ static int advk_pcie_rd_conf(struct pci_bus *bus, u32 devfn,
1634 + advk_writel(pcie, reg, PIO_CTRL);
1635 +
1636 + /* Program the address registers */
1637 +- reg = PCIE_BDF(devfn) | PCIE_CONF_REG(where);
1638 ++ reg = PCIE_CONF_ADDR(bus->number, devfn, where);
1639 + advk_writel(pcie, reg, PIO_ADDR_LS);
1640 + advk_writel(pcie, 0, PIO_ADDR_MS);
1641 +
1642 +@@ -494,7 +495,7 @@ static int advk_pcie_wr_conf(struct pci_bus *bus, u32 devfn,
1643 + int offset;
1644 + int ret;
1645 +
1646 +- if (PCI_SLOT(devfn) != 0)
1647 ++ if ((bus->number == pcie->root_bus_nr) && PCI_SLOT(devfn) != 0)
1648 + return PCIBIOS_DEVICE_NOT_FOUND;
1649 +
1650 + if (where % size)
1651 +@@ -612,9 +613,9 @@ static void advk_pcie_irq_mask(struct irq_data *d)
1652 + irq_hw_number_t hwirq = irqd_to_hwirq(d);
1653 + u32 mask;
1654 +
1655 +- mask = advk_readl(pcie, PCIE_ISR0_MASK_REG);
1656 +- mask |= PCIE_ISR0_INTX_ASSERT(hwirq);
1657 +- advk_writel(pcie, mask, PCIE_ISR0_MASK_REG);
1658 ++ mask = advk_readl(pcie, PCIE_ISR1_MASK_REG);
1659 ++ mask |= PCIE_ISR1_INTX_ASSERT(hwirq);
1660 ++ advk_writel(pcie, mask, PCIE_ISR1_MASK_REG);
1661 + }
1662 +
1663 + static void advk_pcie_irq_unmask(struct irq_data *d)
1664 +@@ -623,9 +624,9 @@ static void advk_pcie_irq_unmask(struct irq_data *d)
1665 + irq_hw_number_t hwirq = irqd_to_hwirq(d);
1666 + u32 mask;
1667 +
1668 +- mask = advk_readl(pcie, PCIE_ISR0_MASK_REG);
1669 +- mask &= ~PCIE_ISR0_INTX_ASSERT(hwirq);
1670 +- advk_writel(pcie, mask, PCIE_ISR0_MASK_REG);
1671 ++ mask = advk_readl(pcie, PCIE_ISR1_MASK_REG);
1672 ++ mask &= ~PCIE_ISR1_INTX_ASSERT(hwirq);
1673 ++ advk_writel(pcie, mask, PCIE_ISR1_MASK_REG);
1674 + }
1675 +
1676 + static int advk_pcie_irq_map(struct irq_domain *h,
1677 +@@ -768,29 +769,35 @@ static void advk_pcie_handle_msi(struct advk_pcie *pcie)
1678 +
1679 + static void advk_pcie_handle_int(struct advk_pcie *pcie)
1680 + {
1681 +- u32 val, mask, status;
1682 ++ u32 isr0_val, isr0_mask, isr0_status;
1683 ++ u32 isr1_val, isr1_mask, isr1_status;
1684 + int i, virq;
1685 +
1686 +- val = advk_readl(pcie, PCIE_ISR0_REG);
1687 +- mask = advk_readl(pcie, PCIE_ISR0_MASK_REG);
1688 +- status = val & ((~mask) & PCIE_ISR0_ALL_MASK);
1689 ++ isr0_val = advk_readl(pcie, PCIE_ISR0_REG);
1690 ++ isr0_mask = advk_readl(pcie, PCIE_ISR0_MASK_REG);
1691 ++ isr0_status = isr0_val & ((~isr0_mask) & PCIE_ISR0_ALL_MASK);
1692 ++
1693 ++ isr1_val = advk_readl(pcie, PCIE_ISR1_REG);
1694 ++ isr1_mask = advk_readl(pcie, PCIE_ISR1_MASK_REG);
1695 ++ isr1_status = isr1_val & ((~isr1_mask) & PCIE_ISR1_ALL_MASK);
1696 +
1697 +- if (!status) {
1698 +- advk_writel(pcie, val, PCIE_ISR0_REG);
1699 ++ if (!isr0_status && !isr1_status) {
1700 ++ advk_writel(pcie, isr0_val, PCIE_ISR0_REG);
1701 ++ advk_writel(pcie, isr1_val, PCIE_ISR1_REG);
1702 + return;
1703 + }
1704 +
1705 + /* Process MSI interrupts */
1706 +- if (status & PCIE_ISR0_MSI_INT_PENDING)
1707 ++ if (isr0_status & PCIE_ISR0_MSI_INT_PENDING)
1708 + advk_pcie_handle_msi(pcie);
1709 +
1710 + /* Process legacy interrupts */
1711 + for (i = 0; i < PCI_NUM_INTX; i++) {
1712 +- if (!(status & PCIE_ISR0_INTX_ASSERT(i)))
1713 ++ if (!(isr1_status & PCIE_ISR1_INTX_ASSERT(i)))
1714 + continue;
1715 +
1716 +- advk_writel(pcie, PCIE_ISR0_INTX_ASSERT(i),
1717 +- PCIE_ISR0_REG);
1718 ++ advk_writel(pcie, PCIE_ISR1_INTX_ASSERT(i),
1719 ++ PCIE_ISR1_REG);
1720 +
1721 + virq = irq_find_mapping(pcie->irq_domain, i);
1722 + generic_handle_irq(virq);
1723 +diff --git a/drivers/rtc/rtc-opal.c b/drivers/rtc/rtc-opal.c
1724 +index 304e891e35fc..60f2250fd96b 100644
1725 +--- a/drivers/rtc/rtc-opal.c
1726 ++++ b/drivers/rtc/rtc-opal.c
1727 +@@ -57,7 +57,7 @@ static void tm_to_opal(struct rtc_time *tm, u32 *y_m_d, u64 *h_m_s_ms)
1728 +
1729 + static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
1730 + {
1731 +- long rc = OPAL_BUSY;
1732 ++ s64 rc = OPAL_BUSY;
1733 + int retries = 10;
1734 + u32 y_m_d;
1735 + u64 h_m_s_ms;
1736 +@@ -66,13 +66,17 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
1737 +
1738 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
1739 + rc = opal_rtc_read(&__y_m_d, &__h_m_s_ms);
1740 +- if (rc == OPAL_BUSY_EVENT)
1741 ++ if (rc == OPAL_BUSY_EVENT) {
1742 ++ msleep(OPAL_BUSY_DELAY_MS);
1743 + opal_poll_events(NULL);
1744 +- else if (retries-- && (rc == OPAL_HARDWARE
1745 +- || rc == OPAL_INTERNAL_ERROR))
1746 +- msleep(10);
1747 +- else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT)
1748 +- break;
1749 ++ } else if (rc == OPAL_BUSY) {
1750 ++ msleep(OPAL_BUSY_DELAY_MS);
1751 ++ } else if (rc == OPAL_HARDWARE || rc == OPAL_INTERNAL_ERROR) {
1752 ++ if (retries--) {
1753 ++ msleep(10); /* Wait 10ms before retry */
1754 ++ rc = OPAL_BUSY; /* go around again */
1755 ++ }
1756 ++ }
1757 + }
1758 +
1759 + if (rc != OPAL_SUCCESS)
1760 +@@ -87,21 +91,26 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
1761 +
1762 + static int opal_set_rtc_time(struct device *dev, struct rtc_time *tm)
1763 + {
1764 +- long rc = OPAL_BUSY;
1765 ++ s64 rc = OPAL_BUSY;
1766 + int retries = 10;
1767 + u32 y_m_d = 0;
1768 + u64 h_m_s_ms = 0;
1769 +
1770 + tm_to_opal(tm, &y_m_d, &h_m_s_ms);
1771 ++
1772 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
1773 + rc = opal_rtc_write(y_m_d, h_m_s_ms);
1774 +- if (rc == OPAL_BUSY_EVENT)
1775 ++ if (rc == OPAL_BUSY_EVENT) {
1776 ++ msleep(OPAL_BUSY_DELAY_MS);
1777 + opal_poll_events(NULL);
1778 +- else if (retries-- && (rc == OPAL_HARDWARE
1779 +- || rc == OPAL_INTERNAL_ERROR))
1780 +- msleep(10);
1781 +- else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT)
1782 +- break;
1783 ++ } else if (rc == OPAL_BUSY) {
1784 ++ msleep(OPAL_BUSY_DELAY_MS);
1785 ++ } else if (rc == OPAL_HARDWARE || rc == OPAL_INTERNAL_ERROR) {
1786 ++ if (retries--) {
1787 ++ msleep(10); /* Wait 10ms before retry */
1788 ++ rc = OPAL_BUSY; /* go around again */
1789 ++ }
1790 ++ }
1791 + }
1792 +
1793 + return rc == OPAL_SUCCESS ? 0 : -EIO;
1794 +diff --git a/drivers/s390/cio/vfio_ccw_fsm.c b/drivers/s390/cio/vfio_ccw_fsm.c
1795 +index c30420c517b1..e96b85579f21 100644
1796 +--- a/drivers/s390/cio/vfio_ccw_fsm.c
1797 ++++ b/drivers/s390/cio/vfio_ccw_fsm.c
1798 +@@ -20,12 +20,12 @@ static int fsm_io_helper(struct vfio_ccw_private *private)
1799 + int ccode;
1800 + __u8 lpm;
1801 + unsigned long flags;
1802 ++ int ret;
1803 +
1804 + sch = private->sch;
1805 +
1806 + spin_lock_irqsave(sch->lock, flags);
1807 + private->state = VFIO_CCW_STATE_BUSY;
1808 +- spin_unlock_irqrestore(sch->lock, flags);
1809 +
1810 + orb = cp_get_orb(&private->cp, (u32)(addr_t)sch, sch->lpm);
1811 +
1812 +@@ -38,10 +38,12 @@ static int fsm_io_helper(struct vfio_ccw_private *private)
1813 + * Initialize device status information
1814 + */
1815 + sch->schib.scsw.cmd.actl |= SCSW_ACTL_START_PEND;
1816 +- return 0;
1817 ++ ret = 0;
1818 ++ break;
1819 + case 1: /* Status pending */
1820 + case 2: /* Busy */
1821 +- return -EBUSY;
1822 ++ ret = -EBUSY;
1823 ++ break;
1824 + case 3: /* Device/path not operational */
1825 + {
1826 + lpm = orb->cmd.lpm;
1827 +@@ -51,13 +53,16 @@ static int fsm_io_helper(struct vfio_ccw_private *private)
1828 + sch->lpm = 0;
1829 +
1830 + if (cio_update_schib(sch))
1831 +- return -ENODEV;
1832 +-
1833 +- return sch->lpm ? -EACCES : -ENODEV;
1834 ++ ret = -ENODEV;
1835 ++ else
1836 ++ ret = sch->lpm ? -EACCES : -ENODEV;
1837 ++ break;
1838 + }
1839 + default:
1840 +- return ccode;
1841 ++ ret = ccode;
1842 + }
1843 ++ spin_unlock_irqrestore(sch->lock, flags);
1844 ++ return ret;
1845 + }
1846 +
1847 + static void fsm_notoper(struct vfio_ccw_private *private,
1848 +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
1849 +index 72db0f7d221a..2f9912de2212 100644
1850 +--- a/drivers/scsi/sd.c
1851 ++++ b/drivers/scsi/sd.c
1852 +@@ -2132,6 +2132,8 @@ sd_spinup_disk(struct scsi_disk *sdkp)
1853 + break; /* standby */
1854 + if (sshdr.asc == 4 && sshdr.ascq == 0xc)
1855 + break; /* unavailable */
1856 ++ if (sshdr.asc == 4 && sshdr.ascq == 0x1b)
1857 ++ break; /* sanitize in progress */
1858 + /*
1859 + * Issue command to spin up drive when not ready
1860 + */
1861 +diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
1862 +index 7253e8d2c6d9..f46bd1af7a10 100644
1863 +--- a/drivers/tty/n_gsm.c
1864 ++++ b/drivers/tty/n_gsm.c
1865 +@@ -133,6 +133,9 @@ struct gsm_dlci {
1866 + struct mutex mutex;
1867 +
1868 + /* Link layer */
1869 ++ int mode;
1870 ++#define DLCI_MODE_ABM 0 /* Normal Asynchronous Balanced Mode */
1871 ++#define DLCI_MODE_ADM 1 /* Asynchronous Disconnected Mode */
1872 + spinlock_t lock; /* Protects the internal state */
1873 + struct timer_list t1; /* Retransmit timer for SABM and UA */
1874 + int retries;
1875 +@@ -1376,7 +1379,13 @@ static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1876 + ctrl->data = data;
1877 + ctrl->len = clen;
1878 + gsm->pending_cmd = ctrl;
1879 +- gsm->cretries = gsm->n2;
1880 ++
1881 ++ /* If DLCI0 is in ADM mode skip retries, it won't respond */
1882 ++ if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1883 ++ gsm->cretries = 1;
1884 ++ else
1885 ++ gsm->cretries = gsm->n2;
1886 ++
1887 + mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1888 + gsm_control_transmit(gsm, ctrl);
1889 + spin_unlock_irqrestore(&gsm->control_lock, flags);
1890 +@@ -1484,6 +1493,7 @@ static void gsm_dlci_t1(unsigned long data)
1891 + if (debug & 8)
1892 + pr_info("DLCI %d opening in ADM mode.\n",
1893 + dlci->addr);
1894 ++ dlci->mode = DLCI_MODE_ADM;
1895 + gsm_dlci_open(dlci);
1896 + } else {
1897 + gsm_dlci_close(dlci);
1898 +@@ -2875,11 +2885,22 @@ static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
1899 + static int gsm_carrier_raised(struct tty_port *port)
1900 + {
1901 + struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1902 ++ struct gsm_mux *gsm = dlci->gsm;
1903 ++
1904 + /* Not yet open so no carrier info */
1905 + if (dlci->state != DLCI_OPEN)
1906 + return 0;
1907 + if (debug & 2)
1908 + return 1;
1909 ++
1910 ++ /*
1911 ++ * Basic mode with control channel in ADM mode may not respond
1912 ++ * to CMD_MSC at all and modem_rx is empty.
1913 ++ */
1914 ++ if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
1915 ++ !dlci->modem_rx)
1916 ++ return 1;
1917 ++
1918 + return dlci->modem_rx & TIOCM_CD;
1919 + }
1920 +
1921 +diff --git a/drivers/tty/serial/earlycon.c b/drivers/tty/serial/earlycon.c
1922 +index 17dba0af5ee9..ac667b47f199 100644
1923 +--- a/drivers/tty/serial/earlycon.c
1924 ++++ b/drivers/tty/serial/earlycon.c
1925 +@@ -172,7 +172,7 @@ static int __init register_earlycon(char *buf, const struct earlycon_id *match)
1926 + */
1927 + int __init setup_earlycon(char *buf)
1928 + {
1929 +- const struct earlycon_id *match;
1930 ++ const struct earlycon_id **p_match;
1931 +
1932 + if (!buf || !buf[0])
1933 + return -EINVAL;
1934 +@@ -180,7 +180,9 @@ int __init setup_earlycon(char *buf)
1935 + if (early_con.flags & CON_ENABLED)
1936 + return -EALREADY;
1937 +
1938 +- for (match = __earlycon_table; match < __earlycon_table_end; match++) {
1939 ++ for (p_match = __earlycon_table; p_match < __earlycon_table_end;
1940 ++ p_match++) {
1941 ++ const struct earlycon_id *match = *p_match;
1942 + size_t len = strlen(match->name);
1943 +
1944 + if (strncmp(buf, match->name, len))
1945 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
1946 +index 52627478ab61..562d31073f9a 100644
1947 +--- a/drivers/tty/tty_io.c
1948 ++++ b/drivers/tty/tty_io.c
1949 +@@ -2815,7 +2815,10 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
1950 +
1951 + kref_init(&tty->kref);
1952 + tty->magic = TTY_MAGIC;
1953 +- tty_ldisc_init(tty);
1954 ++ if (tty_ldisc_init(tty)) {
1955 ++ kfree(tty);
1956 ++ return NULL;
1957 ++ }
1958 + tty->session = NULL;
1959 + tty->pgrp = NULL;
1960 + mutex_init(&tty->legacy_mutex);
1961 +diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
1962 +index 7c895684c3ef..ca656ef8de64 100644
1963 +--- a/drivers/tty/tty_ldisc.c
1964 ++++ b/drivers/tty/tty_ldisc.c
1965 +@@ -175,12 +175,11 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
1966 + return ERR_CAST(ldops);
1967 + }
1968 +
1969 +- ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL);
1970 +- if (ld == NULL) {
1971 +- put_ldops(ldops);
1972 +- return ERR_PTR(-ENOMEM);
1973 +- }
1974 +-
1975 ++ /*
1976 ++ * There is no way to handle allocation failure of only 16 bytes.
1977 ++ * Let's simplify error handling and save more memory.
1978 ++ */
1979 ++ ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL | __GFP_NOFAIL);
1980 + ld->ops = ldops;
1981 + ld->tty = tty;
1982 +
1983 +@@ -526,19 +525,16 @@ static int tty_ldisc_failto(struct tty_struct *tty, int ld)
1984 + static void tty_ldisc_restore(struct tty_struct *tty, struct tty_ldisc *old)
1985 + {
1986 + /* There is an outstanding reference here so this is safe */
1987 +- old = tty_ldisc_get(tty, old->ops->num);
1988 +- WARN_ON(IS_ERR(old));
1989 +- tty->ldisc = old;
1990 +- tty_set_termios_ldisc(tty, old->ops->num);
1991 +- if (tty_ldisc_open(tty, old) < 0) {
1992 +- tty_ldisc_put(old);
1993 ++ if (tty_ldisc_failto(tty, old->ops->num) < 0) {
1994 ++ const char *name = tty_name(tty);
1995 ++
1996 ++ pr_warn("Falling back ldisc for %s.\n", name);
1997 + /* The traditional behaviour is to fall back to N_TTY, we
1998 + want to avoid falling back to N_NULL unless we have no
1999 + choice to avoid the risk of breaking anything */
2000 + if (tty_ldisc_failto(tty, N_TTY) < 0 &&
2001 + tty_ldisc_failto(tty, N_NULL) < 0)
2002 +- panic("Couldn't open N_NULL ldisc for %s.",
2003 +- tty_name(tty));
2004 ++ panic("Couldn't open N_NULL ldisc for %s.", name);
2005 + }
2006 + }
2007 +
2008 +@@ -823,12 +819,13 @@ EXPORT_SYMBOL_GPL(tty_ldisc_release);
2009 + * the tty structure is not completely set up when this call is made.
2010 + */
2011 +
2012 +-void tty_ldisc_init(struct tty_struct *tty)
2013 ++int tty_ldisc_init(struct tty_struct *tty)
2014 + {
2015 + struct tty_ldisc *ld = tty_ldisc_get(tty, N_TTY);
2016 + if (IS_ERR(ld))
2017 +- panic("n_tty: init_tty");
2018 ++ return PTR_ERR(ld);
2019 + tty->ldisc = ld;
2020 ++ return 0;
2021 + }
2022 +
2023 + /**
2024 +diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
2025 +index 75ad6718858c..d0b2e0ed9bab 100644
2026 +--- a/drivers/usb/core/hcd.c
2027 ++++ b/drivers/usb/core/hcd.c
2028 +@@ -2376,6 +2376,7 @@ void usb_hcd_resume_root_hub (struct usb_hcd *hcd)
2029 +
2030 + spin_lock_irqsave (&hcd_root_hub_lock, flags);
2031 + if (hcd->rh_registered) {
2032 ++ pm_wakeup_event(&hcd->self.root_hub->dev, 0);
2033 + set_bit(HCD_FLAG_WAKEUP_PENDING, &hcd->flags);
2034 + queue_work(pm_wq, &hcd->wakeup_work);
2035 + }
2036 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
2037 +index 8f7d94239ee3..442be7f312f6 100644
2038 +--- a/drivers/usb/core/hub.c
2039 ++++ b/drivers/usb/core/hub.c
2040 +@@ -650,12 +650,17 @@ void usb_wakeup_notification(struct usb_device *hdev,
2041 + unsigned int portnum)
2042 + {
2043 + struct usb_hub *hub;
2044 ++ struct usb_port *port_dev;
2045 +
2046 + if (!hdev)
2047 + return;
2048 +
2049 + hub = usb_hub_to_struct_hub(hdev);
2050 + if (hub) {
2051 ++ port_dev = hub->ports[portnum - 1];
2052 ++ if (port_dev && port_dev->child)
2053 ++ pm_wakeup_event(&port_dev->child->dev, 0);
2054 ++
2055 + set_bit(portnum, hub->wakeup_bits);
2056 + kick_hub_wq(hub);
2057 + }
2058 +@@ -3415,8 +3420,11 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg)
2059 +
2060 + /* Skip the initial Clear-Suspend step for a remote wakeup */
2061 + status = hub_port_status(hub, port1, &portstatus, &portchange);
2062 +- if (status == 0 && !port_is_suspended(hub, portstatus))
2063 ++ if (status == 0 && !port_is_suspended(hub, portstatus)) {
2064 ++ if (portchange & USB_PORT_STAT_C_SUSPEND)
2065 ++ pm_wakeup_event(&udev->dev, 0);
2066 + goto SuspendCleared;
2067 ++ }
2068 +
2069 + /* see 7.1.7.7; affects power usage, but not budgeting */
2070 + if (hub_is_superspeed(hub->hdev))
2071 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
2072 +index 4f1c6f8d4352..40ce175655e6 100644
2073 +--- a/drivers/usb/core/quirks.c
2074 ++++ b/drivers/usb/core/quirks.c
2075 +@@ -45,6 +45,9 @@ static const struct usb_device_id usb_quirk_list[] = {
2076 + { USB_DEVICE(0x03f0, 0x0701), .driver_info =
2077 + USB_QUIRK_STRING_FETCH_255 },
2078 +
2079 ++ /* HP v222w 16GB Mini USB Drive */
2080 ++ { USB_DEVICE(0x03f0, 0x3f40), .driver_info = USB_QUIRK_DELAY_INIT },
2081 ++
2082 + /* Creative SB Audigy 2 NX */
2083 + { USB_DEVICE(0x041e, 0x3020), .driver_info = USB_QUIRK_RESET_RESUME },
2084 +
2085 +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
2086 +index 3fb57cf8abb8..d79ab0d85924 100644
2087 +--- a/drivers/usb/host/xhci-pci.c
2088 ++++ b/drivers/usb/host/xhci-pci.c
2089 +@@ -134,7 +134,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
2090 + if (pdev->vendor == PCI_VENDOR_ID_AMD && usb_amd_find_chipset_info())
2091 + xhci->quirks |= XHCI_AMD_PLL_FIX;
2092 +
2093 +- if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x43bb)
2094 ++ if (pdev->vendor == PCI_VENDOR_ID_AMD &&
2095 ++ (pdev->device == 0x15e0 ||
2096 ++ pdev->device == 0x15e1 ||
2097 ++ pdev->device == 0x43bb))
2098 + xhci->quirks |= XHCI_SUSPEND_DELAY;
2099 +
2100 + if (pdev->vendor == PCI_VENDOR_ID_AMD)
2101 +diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
2102 +index 1cb6eaef4ae1..7d9e085f7b85 100644
2103 +--- a/drivers/usb/host/xhci-plat.c
2104 ++++ b/drivers/usb/host/xhci-plat.c
2105 +@@ -423,7 +423,6 @@ MODULE_DEVICE_TABLE(acpi, usb_xhci_acpi_match);
2106 + static struct platform_driver usb_xhci_driver = {
2107 + .probe = xhci_plat_probe,
2108 + .remove = xhci_plat_remove,
2109 +- .shutdown = usb_hcd_platform_shutdown,
2110 + .driver = {
2111 + .name = "xhci-hcd",
2112 + .pm = &xhci_plat_pm_ops,
2113 +diff --git a/drivers/usb/serial/Kconfig b/drivers/usb/serial/Kconfig
2114 +index c66b93664d54..c508e2d7104b 100644
2115 +--- a/drivers/usb/serial/Kconfig
2116 ++++ b/drivers/usb/serial/Kconfig
2117 +@@ -62,6 +62,7 @@ config USB_SERIAL_SIMPLE
2118 + - Fundamental Software dongle.
2119 + - Google USB serial devices
2120 + - HP4x calculators
2121 ++ - Libtransistor USB console
2122 + - a number of Motorola phones
2123 + - Motorola Tetra devices
2124 + - Novatel Wireless GPS receivers
2125 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
2126 +index 2836acf73a07..d0f00274d16c 100644
2127 +--- a/drivers/usb/serial/cp210x.c
2128 ++++ b/drivers/usb/serial/cp210x.c
2129 +@@ -217,6 +217,7 @@ static const struct usb_device_id id_table[] = {
2130 + { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */
2131 + { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */
2132 + { USB_DEVICE(0x3195, 0xF281) }, /* Link Instruments MSO-28 */
2133 ++ { USB_DEVICE(0x3923, 0x7A0B) }, /* National Instruments USB Serial Console */
2134 + { USB_DEVICE(0x413C, 0x9500) }, /* DW700 GPS USB interface */
2135 + { } /* Terminating Entry */
2136 + };
2137 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
2138 +index a2a5232751cb..385f2ae3be24 100644
2139 +--- a/drivers/usb/serial/ftdi_sio.c
2140 ++++ b/drivers/usb/serial/ftdi_sio.c
2141 +@@ -1902,7 +1902,8 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial)
2142 + return ftdi_jtag_probe(serial);
2143 +
2144 + if (udev->product &&
2145 +- (!strcmp(udev->product, "BeagleBone/XDS100V2") ||
2146 ++ (!strcmp(udev->product, "Arrow USB Blaster") ||
2147 ++ !strcmp(udev->product, "BeagleBone/XDS100V2") ||
2148 + !strcmp(udev->product, "SNAP Connect E10")))
2149 + return ftdi_jtag_probe(serial);
2150 +
2151 +diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c
2152 +index 6aa7ff2c1cf7..2674da40d9cd 100644
2153 +--- a/drivers/usb/serial/usb-serial-simple.c
2154 ++++ b/drivers/usb/serial/usb-serial-simple.c
2155 +@@ -66,6 +66,11 @@ DEVICE(flashloader, FLASHLOADER_IDS);
2156 + 0x01) }
2157 + DEVICE(google, GOOGLE_IDS);
2158 +
2159 ++/* Libtransistor USB console */
2160 ++#define LIBTRANSISTOR_IDS() \
2161 ++ { USB_DEVICE(0x1209, 0x8b00) }
2162 ++DEVICE(libtransistor, LIBTRANSISTOR_IDS);
2163 ++
2164 + /* ViVOpay USB Serial Driver */
2165 + #define VIVOPAY_IDS() \
2166 + { USB_DEVICE(0x1d5f, 0x1004) } /* ViVOpay 8800 */
2167 +@@ -113,6 +118,7 @@ static struct usb_serial_driver * const serial_drivers[] = {
2168 + &funsoft_device,
2169 + &flashloader_device,
2170 + &google_device,
2171 ++ &libtransistor_device,
2172 + &vivopay_device,
2173 + &moto_modem_device,
2174 + &motorola_tetra_device,
2175 +@@ -129,6 +135,7 @@ static const struct usb_device_id id_table[] = {
2176 + FUNSOFT_IDS(),
2177 + FLASHLOADER_IDS(),
2178 + GOOGLE_IDS(),
2179 ++ LIBTRANSISTOR_IDS(),
2180 + VIVOPAY_IDS(),
2181 + MOTO_IDS(),
2182 + MOTOROLA_TETRA_IDS(),
2183 +diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
2184 +index 714c5bcedf2b..dd24c5c1534d 100644
2185 +--- a/drivers/usb/typec/ucsi/ucsi.c
2186 ++++ b/drivers/usb/typec/ucsi/ucsi.c
2187 +@@ -31,7 +31,7 @@
2188 + * difficult to estimate the time it takes for the system to process the command
2189 + * before it is actually passed to the PPM.
2190 + */
2191 +-#define UCSI_TIMEOUT_MS 1000
2192 ++#define UCSI_TIMEOUT_MS 5000
2193 +
2194 + /*
2195 + * UCSI_SWAP_TIMEOUT_MS - Timeout for role swap requests
2196 +diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
2197 +index 6968c906fa29..b59a253a8479 100644
2198 +--- a/drivers/usb/usbip/stub_main.c
2199 ++++ b/drivers/usb/usbip/stub_main.c
2200 +@@ -200,7 +200,12 @@ static ssize_t rebind_store(struct device_driver *dev, const char *buf,
2201 + if (!bid)
2202 + return -ENODEV;
2203 +
2204 ++ /* device_attach() callers should hold parent lock for USB */
2205 ++ if (bid->udev->dev.parent)
2206 ++ device_lock(bid->udev->dev.parent);
2207 + ret = device_attach(&bid->udev->dev);
2208 ++ if (bid->udev->dev.parent)
2209 ++ device_unlock(bid->udev->dev.parent);
2210 + if (ret < 0) {
2211 + dev_err(&bid->udev->dev, "rebind failed\n");
2212 + return ret;
2213 +diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h
2214 +index 33737b612b1f..c81c44c13a56 100644
2215 +--- a/drivers/usb/usbip/usbip_common.h
2216 ++++ b/drivers/usb/usbip/usbip_common.h
2217 +@@ -257,7 +257,7 @@ enum usbip_side {
2218 + #define VUDC_EVENT_ERROR_USB (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
2219 + #define VUDC_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
2220 +
2221 +-#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_BYE)
2222 ++#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_RESET | USBIP_EH_BYE)
2223 + #define VDEV_EVENT_DOWN (USBIP_EH_SHUTDOWN | USBIP_EH_RESET)
2224 + #define VDEV_EVENT_ERROR_TCP (USBIP_EH_SHUTDOWN | USBIP_EH_RESET)
2225 + #define VDEV_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
2226 +diff --git a/drivers/usb/usbip/usbip_event.c b/drivers/usb/usbip/usbip_event.c
2227 +index f1635662c299..f8f7f3803a99 100644
2228 +--- a/drivers/usb/usbip/usbip_event.c
2229 ++++ b/drivers/usb/usbip/usbip_event.c
2230 +@@ -105,10 +105,6 @@ static void event_handler(struct work_struct *work)
2231 + unset_event(ud, USBIP_EH_UNUSABLE);
2232 + }
2233 +
2234 +- /* Stop the error handler. */
2235 +- if (ud->event & USBIP_EH_BYE)
2236 +- usbip_dbg_eh("removed %p\n", ud);
2237 +-
2238 + wake_up(&ud->eh_waitq);
2239 + }
2240 + }
2241 +diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
2242 +index 89858aeed647..05aa1ba351b6 100644
2243 +--- a/drivers/usb/usbip/vhci_hcd.c
2244 ++++ b/drivers/usb/usbip/vhci_hcd.c
2245 +@@ -368,6 +368,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2246 + usbip_dbg_vhci_rh(" ClearHubFeature\n");
2247 + break;
2248 + case ClearPortFeature:
2249 ++ if (rhport < 0)
2250 ++ goto error;
2251 + switch (wValue) {
2252 + case USB_PORT_FEAT_SUSPEND:
2253 + if (hcd->speed == HCD_USB3) {
2254 +@@ -525,11 +527,16 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2255 + goto error;
2256 + }
2257 +
2258 ++ if (rhport < 0)
2259 ++ goto error;
2260 ++
2261 + vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND;
2262 + break;
2263 + case USB_PORT_FEAT_POWER:
2264 + usbip_dbg_vhci_rh(
2265 + " SetPortFeature: USB_PORT_FEAT_POWER\n");
2266 ++ if (rhport < 0)
2267 ++ goto error;
2268 + if (hcd->speed == HCD_USB3)
2269 + vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER;
2270 + else
2271 +@@ -538,6 +545,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2272 + case USB_PORT_FEAT_BH_PORT_RESET:
2273 + usbip_dbg_vhci_rh(
2274 + " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n");
2275 ++ if (rhport < 0)
2276 ++ goto error;
2277 + /* Applicable only for USB3.0 hub */
2278 + if (hcd->speed != HCD_USB3) {
2279 + pr_err("USB_PORT_FEAT_BH_PORT_RESET req not "
2280 +@@ -548,6 +557,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2281 + case USB_PORT_FEAT_RESET:
2282 + usbip_dbg_vhci_rh(
2283 + " SetPortFeature: USB_PORT_FEAT_RESET\n");
2284 ++ if (rhport < 0)
2285 ++ goto error;
2286 + /* if it's already enabled, disable */
2287 + if (hcd->speed == HCD_USB3) {
2288 + vhci_hcd->port_status[rhport] = 0;
2289 +@@ -568,6 +579,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2290 + default:
2291 + usbip_dbg_vhci_rh(" SetPortFeature: default %d\n",
2292 + wValue);
2293 ++ if (rhport < 0)
2294 ++ goto error;
2295 + if (hcd->speed == HCD_USB3) {
2296 + if ((vhci_hcd->port_status[rhport] &
2297 + USB_SS_PORT_STAT_POWER) != 0) {
2298 +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
2299 +index db5be5e2e6f2..58db8109defa 100644
2300 +--- a/fs/ext4/balloc.c
2301 ++++ b/fs/ext4/balloc.c
2302 +@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
2303 + struct ext4_sb_info *sbi = EXT4_SB(sb);
2304 + ext4_grpblk_t offset;
2305 + ext4_grpblk_t next_zero_bit;
2306 ++ ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
2307 + ext4_fsblk_t blk;
2308 + ext4_fsblk_t group_first_block;
2309 +
2310 +@@ -338,20 +339,25 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
2311 + /* check whether block bitmap block number is set */
2312 + blk = ext4_block_bitmap(sb, desc);
2313 + offset = blk - group_first_block;
2314 +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
2315 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
2316 ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
2317 + /* bad block bitmap */
2318 + return blk;
2319 +
2320 + /* check whether the inode bitmap block number is set */
2321 + blk = ext4_inode_bitmap(sb, desc);
2322 + offset = blk - group_first_block;
2323 +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
2324 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
2325 ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
2326 + /* bad block bitmap */
2327 + return blk;
2328 +
2329 + /* check whether the inode table block number is set */
2330 + blk = ext4_inode_table(sb, desc);
2331 + offset = blk - group_first_block;
2332 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
2333 ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
2334 ++ return blk;
2335 + next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
2336 + EXT4_B2C(sbi, offset + EXT4_SB(sb)->s_itb_per_group),
2337 + EXT4_B2C(sbi, offset));
2338 +@@ -417,6 +423,7 @@ struct buffer_head *
2339 + ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group)
2340 + {
2341 + struct ext4_group_desc *desc;
2342 ++ struct ext4_sb_info *sbi = EXT4_SB(sb);
2343 + struct buffer_head *bh;
2344 + ext4_fsblk_t bitmap_blk;
2345 + int err;
2346 +@@ -425,6 +432,12 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group)
2347 + if (!desc)
2348 + return ERR_PTR(-EFSCORRUPTED);
2349 + bitmap_blk = ext4_block_bitmap(sb, desc);
2350 ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
2351 ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
2352 ++ ext4_error(sb, "Invalid block bitmap block %llu in "
2353 ++ "block_group %u", bitmap_blk, block_group);
2354 ++ return ERR_PTR(-EFSCORRUPTED);
2355 ++ }
2356 + bh = sb_getblk(sb, bitmap_blk);
2357 + if (unlikely(!bh)) {
2358 + ext4_error(sb, "Cannot get buffer for block bitmap - "
2359 +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
2360 +index c941251ac0c0..883e89a903d1 100644
2361 +--- a/fs/ext4/extents.c
2362 ++++ b/fs/ext4/extents.c
2363 +@@ -5346,8 +5346,9 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
2364 + stop = le32_to_cpu(extent->ee_block);
2365 +
2366 + /*
2367 +- * In case of left shift, Don't start shifting extents until we make
2368 +- * sure the hole is big enough to accommodate the shift.
2369 ++ * For left shifts, make sure the hole on the left is big enough to
2370 ++ * accommodate the shift. For right shifts, make sure the last extent
2371 ++ * won't be shifted beyond EXT_MAX_BLOCKS.
2372 + */
2373 + if (SHIFT == SHIFT_LEFT) {
2374 + path = ext4_find_extent(inode, start - 1, &path,
2375 +@@ -5367,9 +5368,14 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
2376 +
2377 + if ((start == ex_start && shift > ex_start) ||
2378 + (shift > start - ex_end)) {
2379 +- ext4_ext_drop_refs(path);
2380 +- kfree(path);
2381 +- return -EINVAL;
2382 ++ ret = -EINVAL;
2383 ++ goto out;
2384 ++ }
2385 ++ } else {
2386 ++ if (shift > EXT_MAX_BLOCKS -
2387 ++ (stop + ext4_ext_get_actual_len(extent))) {
2388 ++ ret = -EINVAL;
2389 ++ goto out;
2390 + }
2391 + }
2392 +
2393 +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
2394 +index 7ec55dd8db56..f420124ac035 100644
2395 +--- a/fs/ext4/ialloc.c
2396 ++++ b/fs/ext4/ialloc.c
2397 +@@ -122,6 +122,7 @@ static struct buffer_head *
2398 + ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
2399 + {
2400 + struct ext4_group_desc *desc;
2401 ++ struct ext4_sb_info *sbi = EXT4_SB(sb);
2402 + struct buffer_head *bh = NULL;
2403 + ext4_fsblk_t bitmap_blk;
2404 + int err;
2405 +@@ -131,6 +132,12 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
2406 + return ERR_PTR(-EFSCORRUPTED);
2407 +
2408 + bitmap_blk = ext4_inode_bitmap(sb, desc);
2409 ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
2410 ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
2411 ++ ext4_error(sb, "Invalid inode bitmap blk %llu in "
2412 ++ "block_group %u", bitmap_blk, block_group);
2413 ++ return ERR_PTR(-EFSCORRUPTED);
2414 ++ }
2415 + bh = sb_getblk(sb, bitmap_blk);
2416 + if (unlikely(!bh)) {
2417 + ext4_error(sb, "Cannot read inode bitmap - "
2418 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
2419 +index 3a605c672649..9102ae7709d3 100644
2420 +--- a/fs/ext4/super.c
2421 ++++ b/fs/ext4/super.c
2422 +@@ -5865,5 +5865,6 @@ static void __exit ext4_exit_fs(void)
2423 + MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others");
2424 + MODULE_DESCRIPTION("Fourth Extended Filesystem");
2425 + MODULE_LICENSE("GPL");
2426 ++MODULE_SOFTDEP("pre: crc32c");
2427 + module_init(ext4_init_fs)
2428 + module_exit(ext4_exit_fs)
2429 +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
2430 +index c0681814c379..07793e25c976 100644
2431 +--- a/fs/jbd2/transaction.c
2432 ++++ b/fs/jbd2/transaction.c
2433 +@@ -535,6 +535,7 @@ int jbd2_journal_start_reserved(handle_t *handle, unsigned int type,
2434 + */
2435 + ret = start_this_handle(journal, handle, GFP_NOFS);
2436 + if (ret < 0) {
2437 ++ handle->h_journal = journal;
2438 + jbd2_journal_free_reserved(handle);
2439 + return ret;
2440 + }
2441 +diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
2442 +index 353f52fdc35e..fcec26d60d8c 100644
2443 +--- a/include/asm-generic/vmlinux.lds.h
2444 ++++ b/include/asm-generic/vmlinux.lds.h
2445 +@@ -170,7 +170,7 @@
2446 + #endif
2447 +
2448 + #ifdef CONFIG_SERIAL_EARLYCON
2449 +-#define EARLYCON_TABLE() STRUCT_ALIGN(); \
2450 ++#define EARLYCON_TABLE() . = ALIGN(8); \
2451 + VMLINUX_SYMBOL(__earlycon_table) = .; \
2452 + KEEP(*(__earlycon_table)) \
2453 + VMLINUX_SYMBOL(__earlycon_table_end) = .;
2454 +diff --git a/include/kvm/arm_psci.h b/include/kvm/arm_psci.h
2455 +index e518e4e3dfb5..4b1548129fa2 100644
2456 +--- a/include/kvm/arm_psci.h
2457 ++++ b/include/kvm/arm_psci.h
2458 +@@ -37,10 +37,15 @@ static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm)
2459 + * Our PSCI implementation stays the same across versions from
2460 + * v0.2 onward, only adding the few mandatory functions (such
2461 + * as FEATURES with 1.0) that are required by newer
2462 +- * revisions. It is thus safe to return the latest.
2463 ++ * revisions. It is thus safe to return the latest, unless
2464 ++ * userspace has instructed us otherwise.
2465 + */
2466 +- if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features))
2467 ++ if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) {
2468 ++ if (vcpu->kvm->arch.psci_version)
2469 ++ return vcpu->kvm->arch.psci_version;
2470 ++
2471 + return KVM_ARM_PSCI_LATEST;
2472 ++ }
2473 +
2474 + return KVM_ARM_PSCI_0_1;
2475 + }
2476 +@@ -48,4 +53,11 @@ static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm)
2477 +
2478 + int kvm_hvc_call_handler(struct kvm_vcpu *vcpu);
2479 +
2480 ++struct kvm_one_reg;
2481 ++
2482 ++int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu);
2483 ++int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices);
2484 ++int kvm_arm_get_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg);
2485 ++int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg);
2486 ++
2487 + #endif /* __KVM_ARM_PSCI_H__ */
2488 +diff --git a/include/linux/mtd/flashchip.h b/include/linux/mtd/flashchip.h
2489 +index b63fa457febd..3529683f691e 100644
2490 +--- a/include/linux/mtd/flashchip.h
2491 ++++ b/include/linux/mtd/flashchip.h
2492 +@@ -85,6 +85,7 @@ struct flchip {
2493 + unsigned int write_suspended:1;
2494 + unsigned int erase_suspended:1;
2495 + unsigned long in_progress_block_addr;
2496 ++ unsigned long in_progress_block_mask;
2497 +
2498 + struct mutex mutex;
2499 + wait_queue_head_t wq; /* Wait on here when we're waiting for the chip
2500 +diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
2501 +index 5553e04e59c9..74fc82d22310 100644
2502 +--- a/include/linux/serial_core.h
2503 ++++ b/include/linux/serial_core.h
2504 +@@ -351,10 +351,10 @@ struct earlycon_id {
2505 + char name[16];
2506 + char compatible[128];
2507 + int (*setup)(struct earlycon_device *, const char *options);
2508 +-} __aligned(32);
2509 ++};
2510 +
2511 +-extern const struct earlycon_id __earlycon_table[];
2512 +-extern const struct earlycon_id __earlycon_table_end[];
2513 ++extern const struct earlycon_id *__earlycon_table[];
2514 ++extern const struct earlycon_id *__earlycon_table_end[];
2515 +
2516 + #if defined(CONFIG_SERIAL_EARLYCON) && !defined(MODULE)
2517 + #define EARLYCON_USED_OR_UNUSED __used
2518 +@@ -362,12 +362,19 @@ extern const struct earlycon_id __earlycon_table_end[];
2519 + #define EARLYCON_USED_OR_UNUSED __maybe_unused
2520 + #endif
2521 +
2522 +-#define OF_EARLYCON_DECLARE(_name, compat, fn) \
2523 +- static const struct earlycon_id __UNIQUE_ID(__earlycon_##_name) \
2524 +- EARLYCON_USED_OR_UNUSED __section(__earlycon_table) \
2525 ++#define _OF_EARLYCON_DECLARE(_name, compat, fn, unique_id) \
2526 ++ static const struct earlycon_id unique_id \
2527 ++ EARLYCON_USED_OR_UNUSED __initconst \
2528 + = { .name = __stringify(_name), \
2529 + .compatible = compat, \
2530 +- .setup = fn }
2531 ++ .setup = fn }; \
2532 ++ static const struct earlycon_id EARLYCON_USED_OR_UNUSED \
2533 ++ __section(__earlycon_table) \
2534 ++ * const __PASTE(__p, unique_id) = &unique_id
2535 ++
2536 ++#define OF_EARLYCON_DECLARE(_name, compat, fn) \
2537 ++ _OF_EARLYCON_DECLARE(_name, compat, fn, \
2538 ++ __UNIQUE_ID(__earlycon_##_name))
2539 +
2540 + #define EARLYCON_DECLARE(_name, fn) OF_EARLYCON_DECLARE(_name, "", fn)
2541 +
2542 +diff --git a/include/linux/tty.h b/include/linux/tty.h
2543 +index 47f8af22f216..1dd587ba6d88 100644
2544 +--- a/include/linux/tty.h
2545 ++++ b/include/linux/tty.h
2546 +@@ -701,7 +701,7 @@ extern int tty_unregister_ldisc(int disc);
2547 + extern int tty_set_ldisc(struct tty_struct *tty, int disc);
2548 + extern int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty);
2549 + extern void tty_ldisc_release(struct tty_struct *tty);
2550 +-extern void tty_ldisc_init(struct tty_struct *tty);
2551 ++extern int __must_check tty_ldisc_init(struct tty_struct *tty);
2552 + extern void tty_ldisc_deinit(struct tty_struct *tty);
2553 + extern int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
2554 + char *f, int count);
2555 +diff --git a/include/linux/virtio.h b/include/linux/virtio.h
2556 +index 988c7355bc22..fa1b5da2804e 100644
2557 +--- a/include/linux/virtio.h
2558 ++++ b/include/linux/virtio.h
2559 +@@ -157,6 +157,9 @@ int virtio_device_freeze(struct virtio_device *dev);
2560 + int virtio_device_restore(struct virtio_device *dev);
2561 + #endif
2562 +
2563 ++#define virtio_device_for_each_vq(vdev, vq) \
2564 ++ list_for_each_entry(vq, &vdev->vqs, list)
2565 ++
2566 + /**
2567 + * virtio_driver - operations for a virtio I/O driver
2568 + * @driver: underlying device driver (populate name and owner).
2569 +diff --git a/include/sound/control.h b/include/sound/control.h
2570 +index ca13a44ae9d4..6011a58d3e20 100644
2571 +--- a/include/sound/control.h
2572 ++++ b/include/sound/control.h
2573 +@@ -23,6 +23,7 @@
2574 + */
2575 +
2576 + #include <linux/wait.h>
2577 ++#include <linux/nospec.h>
2578 + #include <sound/asound.h>
2579 +
2580 + #define snd_kcontrol_chip(kcontrol) ((kcontrol)->private_data)
2581 +@@ -148,12 +149,14 @@ int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type);
2582 +
2583 + static inline unsigned int snd_ctl_get_ioffnum(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
2584 + {
2585 +- return id->numid - kctl->id.numid;
2586 ++ unsigned int ioff = id->numid - kctl->id.numid;
2587 ++ return array_index_nospec(ioff, kctl->count);
2588 + }
2589 +
2590 + static inline unsigned int snd_ctl_get_ioffidx(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
2591 + {
2592 +- return id->index - kctl->id.index;
2593 ++ unsigned int ioff = id->index - kctl->id.index;
2594 ++ return array_index_nospec(ioff, kctl->count);
2595 + }
2596 +
2597 + static inline unsigned int snd_ctl_get_ioff(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
2598 +diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
2599 +index dfa4a117fee3..bb2af74e6b62 100644
2600 +--- a/kernel/time/tick-sched.c
2601 ++++ b/kernel/time/tick-sched.c
2602 +@@ -820,12 +820,13 @@ static ktime_t tick_nohz_stop_sched_tick(struct tick_sched *ts,
2603 + goto out;
2604 + }
2605 +
2606 +- hrtimer_set_expires(&ts->sched_timer, tick);
2607 +-
2608 +- if (ts->nohz_mode == NOHZ_MODE_HIGHRES)
2609 +- hrtimer_start_expires(&ts->sched_timer, HRTIMER_MODE_ABS_PINNED);
2610 +- else
2611 ++ if (ts->nohz_mode == NOHZ_MODE_HIGHRES) {
2612 ++ hrtimer_start(&ts->sched_timer, tick, HRTIMER_MODE_ABS_PINNED);
2613 ++ } else {
2614 ++ hrtimer_set_expires(&ts->sched_timer, tick);
2615 + tick_program_event(tick, 1);
2616 ++ }
2617 ++
2618 + out:
2619 + /*
2620 + * Update the estimated sleep length until the next timer
2621 +diff --git a/lib/kobject.c b/lib/kobject.c
2622 +index 763d70a18941..34f847252c02 100644
2623 +--- a/lib/kobject.c
2624 ++++ b/lib/kobject.c
2625 +@@ -234,14 +234,12 @@ static int kobject_add_internal(struct kobject *kobj)
2626 +
2627 + /* be noisy on error issues */
2628 + if (error == -EEXIST)
2629 +- WARN(1, "%s failed for %s with "
2630 +- "-EEXIST, don't try to register things with "
2631 +- "the same name in the same directory.\n",
2632 +- __func__, kobject_name(kobj));
2633 ++ pr_err("%s failed for %s with -EEXIST, don't try to register things with the same name in the same directory.\n",
2634 ++ __func__, kobject_name(kobj));
2635 + else
2636 +- WARN(1, "%s failed for %s (error: %d parent: %s)\n",
2637 +- __func__, kobject_name(kobj), error,
2638 +- parent ? kobject_name(parent) : "'none'");
2639 ++ pr_err("%s failed for %s (error: %d parent: %s)\n",
2640 ++ __func__, kobject_name(kobj), error,
2641 ++ parent ? kobject_name(parent) : "'none'");
2642 + } else
2643 + kobj->state_in_sysfs = 1;
2644 +
2645 +diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
2646 +index ad93342c90d7..5c4e85296cf6 100644
2647 +--- a/net/ceph/messenger.c
2648 ++++ b/net/ceph/messenger.c
2649 +@@ -2530,6 +2530,11 @@ static int try_write(struct ceph_connection *con)
2650 + int ret = 1;
2651 +
2652 + dout("try_write start %p state %lu\n", con, con->state);
2653 ++ if (con->state != CON_STATE_PREOPEN &&
2654 ++ con->state != CON_STATE_CONNECTING &&
2655 ++ con->state != CON_STATE_NEGOTIATING &&
2656 ++ con->state != CON_STATE_OPEN)
2657 ++ return 0;
2658 +
2659 + more:
2660 + dout("try_write out_kvec_bytes %d\n", con->out_kvec_bytes);
2661 +@@ -2555,6 +2560,8 @@ static int try_write(struct ceph_connection *con)
2662 + }
2663 +
2664 + more_kvec:
2665 ++ BUG_ON(!con->sock);
2666 ++
2667 + /* kvec data queued? */
2668 + if (con->out_kvec_left) {
2669 + ret = write_partial_kvec(con);
2670 +diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
2671 +index 9ae1bab8c05d..f14498a7eaec 100644
2672 +--- a/net/ceph/mon_client.c
2673 ++++ b/net/ceph/mon_client.c
2674 +@@ -209,6 +209,14 @@ static void reopen_session(struct ceph_mon_client *monc)
2675 + __open_session(monc);
2676 + }
2677 +
2678 ++static void un_backoff(struct ceph_mon_client *monc)
2679 ++{
2680 ++ monc->hunt_mult /= 2; /* reduce by 50% */
2681 ++ if (monc->hunt_mult < 1)
2682 ++ monc->hunt_mult = 1;
2683 ++ dout("%s hunt_mult now %d\n", __func__, monc->hunt_mult);
2684 ++}
2685 ++
2686 + /*
2687 + * Reschedule delayed work timer.
2688 + */
2689 +@@ -963,6 +971,7 @@ static void delayed_work(struct work_struct *work)
2690 + if (!monc->hunting) {
2691 + ceph_con_keepalive(&monc->con);
2692 + __validate_auth(monc);
2693 ++ un_backoff(monc);
2694 + }
2695 +
2696 + if (is_auth &&
2697 +@@ -1123,9 +1132,8 @@ static void finish_hunting(struct ceph_mon_client *monc)
2698 + dout("%s found mon%d\n", __func__, monc->cur_mon);
2699 + monc->hunting = false;
2700 + monc->had_a_connection = true;
2701 +- monc->hunt_mult /= 2; /* reduce by 50% */
2702 +- if (monc->hunt_mult < 1)
2703 +- monc->hunt_mult = 1;
2704 ++ un_backoff(monc);
2705 ++ __schedule_delayed(monc);
2706 + }
2707 + }
2708 +
2709 +diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
2710 +index b719d0bd833e..06d7c40af570 100644
2711 +--- a/sound/core/pcm_compat.c
2712 ++++ b/sound/core/pcm_compat.c
2713 +@@ -27,10 +27,11 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
2714 + s32 __user *src)
2715 + {
2716 + snd_pcm_sframes_t delay;
2717 ++ int err;
2718 +
2719 +- delay = snd_pcm_delay(substream);
2720 +- if (delay < 0)
2721 +- return delay;
2722 ++ err = snd_pcm_delay(substream, &delay);
2723 ++ if (err)
2724 ++ return err;
2725 + if (put_user(delay, src))
2726 + return -EFAULT;
2727 + return 0;
2728 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
2729 +index eba2bedcbc81..ab3bf36786b6 100644
2730 +--- a/sound/core/pcm_native.c
2731 ++++ b/sound/core/pcm_native.c
2732 +@@ -2689,7 +2689,8 @@ static int snd_pcm_hwsync(struct snd_pcm_substream *substream)
2733 + return err;
2734 + }
2735 +
2736 +-static snd_pcm_sframes_t snd_pcm_delay(struct snd_pcm_substream *substream)
2737 ++static int snd_pcm_delay(struct snd_pcm_substream *substream,
2738 ++ snd_pcm_sframes_t *delay)
2739 + {
2740 + struct snd_pcm_runtime *runtime = substream->runtime;
2741 + int err;
2742 +@@ -2705,7 +2706,9 @@ static snd_pcm_sframes_t snd_pcm_delay(struct snd_pcm_substream *substream)
2743 + n += runtime->delay;
2744 + }
2745 + snd_pcm_stream_unlock_irq(substream);
2746 +- return err < 0 ? err : n;
2747 ++ if (!err)
2748 ++ *delay = n;
2749 ++ return err;
2750 + }
2751 +
2752 + static int snd_pcm_sync_ptr(struct snd_pcm_substream *substream,
2753 +@@ -2748,6 +2751,7 @@ static int snd_pcm_sync_ptr(struct snd_pcm_substream *substream,
2754 + sync_ptr.s.status.hw_ptr = status->hw_ptr;
2755 + sync_ptr.s.status.tstamp = status->tstamp;
2756 + sync_ptr.s.status.suspended_state = status->suspended_state;
2757 ++ sync_ptr.s.status.audio_tstamp = status->audio_tstamp;
2758 + snd_pcm_stream_unlock_irq(substream);
2759 + if (copy_to_user(_sync_ptr, &sync_ptr, sizeof(sync_ptr)))
2760 + return -EFAULT;
2761 +@@ -2913,11 +2917,13 @@ static int snd_pcm_common_ioctl(struct file *file,
2762 + return snd_pcm_hwsync(substream);
2763 + case SNDRV_PCM_IOCTL_DELAY:
2764 + {
2765 +- snd_pcm_sframes_t delay = snd_pcm_delay(substream);
2766 ++ snd_pcm_sframes_t delay;
2767 + snd_pcm_sframes_t __user *res = arg;
2768 ++ int err;
2769 +
2770 +- if (delay < 0)
2771 +- return delay;
2772 ++ err = snd_pcm_delay(substream, &delay);
2773 ++ if (err)
2774 ++ return err;
2775 + if (put_user(delay, res))
2776 + return -EFAULT;
2777 + return 0;
2778 +@@ -3005,13 +3011,7 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
2779 + case SNDRV_PCM_IOCTL_DROP:
2780 + return snd_pcm_drop(substream);
2781 + case SNDRV_PCM_IOCTL_DELAY:
2782 +- {
2783 +- result = snd_pcm_delay(substream);
2784 +- if (result < 0)
2785 +- return result;
2786 +- *frames = result;
2787 +- return 0;
2788 +- }
2789 ++ return snd_pcm_delay(substream, frames);
2790 + default:
2791 + return -EINVAL;
2792 + }
2793 +diff --git a/sound/core/seq/oss/seq_oss_event.c b/sound/core/seq/oss/seq_oss_event.c
2794 +index c3908862bc8b..86ca584c27b2 100644
2795 +--- a/sound/core/seq/oss/seq_oss_event.c
2796 ++++ b/sound/core/seq/oss/seq_oss_event.c
2797 +@@ -26,6 +26,7 @@
2798 + #include <sound/seq_oss_legacy.h>
2799 + #include "seq_oss_readq.h"
2800 + #include "seq_oss_writeq.h"
2801 ++#include <linux/nospec.h>
2802 +
2803 +
2804 + /*
2805 +@@ -287,10 +288,10 @@ note_on_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, st
2806 + {
2807 + struct seq_oss_synthinfo *info;
2808 +
2809 +- if (!snd_seq_oss_synth_is_valid(dp, dev))
2810 ++ info = snd_seq_oss_synth_info(dp, dev);
2811 ++ if (!info)
2812 + return -ENXIO;
2813 +
2814 +- info = &dp->synths[dev];
2815 + switch (info->arg.event_passing) {
2816 + case SNDRV_SEQ_OSS_PROCESS_EVENTS:
2817 + if (! info->ch || ch < 0 || ch >= info->nr_voices) {
2818 +@@ -298,6 +299,7 @@ note_on_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, st
2819 + return set_note_event(dp, dev, SNDRV_SEQ_EVENT_NOTEON, ch, note, vel, ev);
2820 + }
2821 +
2822 ++ ch = array_index_nospec(ch, info->nr_voices);
2823 + if (note == 255 && info->ch[ch].note >= 0) {
2824 + /* volume control */
2825 + int type;
2826 +@@ -347,10 +349,10 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
2827 + {
2828 + struct seq_oss_synthinfo *info;
2829 +
2830 +- if (!snd_seq_oss_synth_is_valid(dp, dev))
2831 ++ info = snd_seq_oss_synth_info(dp, dev);
2832 ++ if (!info)
2833 + return -ENXIO;
2834 +
2835 +- info = &dp->synths[dev];
2836 + switch (info->arg.event_passing) {
2837 + case SNDRV_SEQ_OSS_PROCESS_EVENTS:
2838 + if (! info->ch || ch < 0 || ch >= info->nr_voices) {
2839 +@@ -358,6 +360,7 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
2840 + return set_note_event(dp, dev, SNDRV_SEQ_EVENT_NOTEON, ch, note, vel, ev);
2841 + }
2842 +
2843 ++ ch = array_index_nospec(ch, info->nr_voices);
2844 + if (info->ch[ch].note >= 0) {
2845 + note = info->ch[ch].note;
2846 + info->ch[ch].vel = 0;
2847 +@@ -381,7 +384,7 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
2848 + static int
2849 + set_note_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int note, int vel, struct snd_seq_event *ev)
2850 + {
2851 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
2852 ++ if (!snd_seq_oss_synth_info(dp, dev))
2853 + return -ENXIO;
2854 +
2855 + ev->type = type;
2856 +@@ -399,7 +402,7 @@ set_note_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int note,
2857 + static int
2858 + set_control_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int param, int val, struct snd_seq_event *ev)
2859 + {
2860 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
2861 ++ if (!snd_seq_oss_synth_info(dp, dev))
2862 + return -ENXIO;
2863 +
2864 + ev->type = type;
2865 +diff --git a/sound/core/seq/oss/seq_oss_midi.c b/sound/core/seq/oss/seq_oss_midi.c
2866 +index b30b2139e3f0..9debd1b8fd28 100644
2867 +--- a/sound/core/seq/oss/seq_oss_midi.c
2868 ++++ b/sound/core/seq/oss/seq_oss_midi.c
2869 +@@ -29,6 +29,7 @@
2870 + #include "../seq_lock.h"
2871 + #include <linux/init.h>
2872 + #include <linux/slab.h>
2873 ++#include <linux/nospec.h>
2874 +
2875 +
2876 + /*
2877 +@@ -315,6 +316,7 @@ get_mididev(struct seq_oss_devinfo *dp, int dev)
2878 + {
2879 + if (dev < 0 || dev >= dp->max_mididev)
2880 + return NULL;
2881 ++ dev = array_index_nospec(dev, dp->max_mididev);
2882 + return get_mdev(dev);
2883 + }
2884 +
2885 +diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
2886 +index cd0e0ebbfdb1..278ebb993122 100644
2887 +--- a/sound/core/seq/oss/seq_oss_synth.c
2888 ++++ b/sound/core/seq/oss/seq_oss_synth.c
2889 +@@ -26,6 +26,7 @@
2890 + #include <linux/init.h>
2891 + #include <linux/module.h>
2892 + #include <linux/slab.h>
2893 ++#include <linux/nospec.h>
2894 +
2895 + /*
2896 + * constants
2897 +@@ -339,17 +340,13 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp)
2898 + dp->max_synthdev = 0;
2899 + }
2900 +
2901 +-/*
2902 +- * check if the specified device is MIDI mapped device
2903 +- */
2904 +-static int
2905 +-is_midi_dev(struct seq_oss_devinfo *dp, int dev)
2906 ++static struct seq_oss_synthinfo *
2907 ++get_synthinfo_nospec(struct seq_oss_devinfo *dp, int dev)
2908 + {
2909 + if (dev < 0 || dev >= dp->max_synthdev)
2910 +- return 0;
2911 +- if (dp->synths[dev].is_midi)
2912 +- return 1;
2913 +- return 0;
2914 ++ return NULL;
2915 ++ dev = array_index_nospec(dev, SNDRV_SEQ_OSS_MAX_SYNTH_DEVS);
2916 ++ return &dp->synths[dev];
2917 + }
2918 +
2919 + /*
2920 +@@ -359,14 +356,20 @@ static struct seq_oss_synth *
2921 + get_synthdev(struct seq_oss_devinfo *dp, int dev)
2922 + {
2923 + struct seq_oss_synth *rec;
2924 +- if (dev < 0 || dev >= dp->max_synthdev)
2925 +- return NULL;
2926 +- if (! dp->synths[dev].opened)
2927 ++ struct seq_oss_synthinfo *info = get_synthinfo_nospec(dp, dev);
2928 ++
2929 ++ if (!info)
2930 + return NULL;
2931 +- if (dp->synths[dev].is_midi)
2932 +- return &midi_synth_dev;
2933 +- if ((rec = get_sdev(dev)) == NULL)
2934 ++ if (!info->opened)
2935 + return NULL;
2936 ++ if (info->is_midi) {
2937 ++ rec = &midi_synth_dev;
2938 ++ snd_use_lock_use(&rec->use_lock);
2939 ++ } else {
2940 ++ rec = get_sdev(dev);
2941 ++ if (!rec)
2942 ++ return NULL;
2943 ++ }
2944 + if (! rec->opened) {
2945 + snd_use_lock_free(&rec->use_lock);
2946 + return NULL;
2947 +@@ -402,10 +405,8 @@ snd_seq_oss_synth_reset(struct seq_oss_devinfo *dp, int dev)
2948 + struct seq_oss_synth *rec;
2949 + struct seq_oss_synthinfo *info;
2950 +
2951 +- if (snd_BUG_ON(dev < 0 || dev >= dp->max_synthdev))
2952 +- return;
2953 +- info = &dp->synths[dev];
2954 +- if (! info->opened)
2955 ++ info = get_synthinfo_nospec(dp, dev);
2956 ++ if (!info || !info->opened)
2957 + return;
2958 + if (info->sysex)
2959 + info->sysex->len = 0; /* reset sysex */
2960 +@@ -454,12 +455,14 @@ snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
2961 + const char __user *buf, int p, int c)
2962 + {
2963 + struct seq_oss_synth *rec;
2964 ++ struct seq_oss_synthinfo *info;
2965 + int rc;
2966 +
2967 +- if (dev < 0 || dev >= dp->max_synthdev)
2968 ++ info = get_synthinfo_nospec(dp, dev);
2969 ++ if (!info)
2970 + return -ENXIO;
2971 +
2972 +- if (is_midi_dev(dp, dev))
2973 ++ if (info->is_midi)
2974 + return 0;
2975 + if ((rec = get_synthdev(dp, dev)) == NULL)
2976 + return -ENXIO;
2977 +@@ -467,24 +470,25 @@ snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
2978 + if (rec->oper.load_patch == NULL)
2979 + rc = -ENXIO;
2980 + else
2981 +- rc = rec->oper.load_patch(&dp->synths[dev].arg, fmt, buf, p, c);
2982 ++ rc = rec->oper.load_patch(&info->arg, fmt, buf, p, c);
2983 + snd_use_lock_free(&rec->use_lock);
2984 + return rc;
2985 + }
2986 +
2987 + /*
2988 +- * check if the device is valid synth device
2989 ++ * check if the device is valid synth device and return the synth info
2990 + */
2991 +-int
2992 +-snd_seq_oss_synth_is_valid(struct seq_oss_devinfo *dp, int dev)
2993 ++struct seq_oss_synthinfo *
2994 ++snd_seq_oss_synth_info(struct seq_oss_devinfo *dp, int dev)
2995 + {
2996 + struct seq_oss_synth *rec;
2997 ++
2998 + rec = get_synthdev(dp, dev);
2999 + if (rec) {
3000 + snd_use_lock_free(&rec->use_lock);
3001 +- return 1;
3002 ++ return get_synthinfo_nospec(dp, dev);
3003 + }
3004 +- return 0;
3005 ++ return NULL;
3006 + }
3007 +
3008 +
3009 +@@ -499,16 +503,18 @@ snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
3010 + int i, send;
3011 + unsigned char *dest;
3012 + struct seq_oss_synth_sysex *sysex;
3013 ++ struct seq_oss_synthinfo *info;
3014 +
3015 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
3016 ++ info = snd_seq_oss_synth_info(dp, dev);
3017 ++ if (!info)
3018 + return -ENXIO;
3019 +
3020 +- sysex = dp->synths[dev].sysex;
3021 ++ sysex = info->sysex;
3022 + if (sysex == NULL) {
3023 + sysex = kzalloc(sizeof(*sysex), GFP_KERNEL);
3024 + if (sysex == NULL)
3025 + return -ENOMEM;
3026 +- dp->synths[dev].sysex = sysex;
3027 ++ info->sysex = sysex;
3028 + }
3029 +
3030 + send = 0;
3031 +@@ -553,10 +559,12 @@ snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
3032 + int
3033 + snd_seq_oss_synth_addr(struct seq_oss_devinfo *dp, int dev, struct snd_seq_event *ev)
3034 + {
3035 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
3036 ++ struct seq_oss_synthinfo *info = snd_seq_oss_synth_info(dp, dev);
3037 ++
3038 ++ if (!info)
3039 + return -EINVAL;
3040 +- snd_seq_oss_fill_addr(dp, ev, dp->synths[dev].arg.addr.client,
3041 +- dp->synths[dev].arg.addr.port);
3042 ++ snd_seq_oss_fill_addr(dp, ev, info->arg.addr.client,
3043 ++ info->arg.addr.port);
3044 + return 0;
3045 + }
3046 +
3047 +@@ -568,16 +576,18 @@ int
3048 + snd_seq_oss_synth_ioctl(struct seq_oss_devinfo *dp, int dev, unsigned int cmd, unsigned long addr)
3049 + {
3050 + struct seq_oss_synth *rec;
3051 ++ struct seq_oss_synthinfo *info;
3052 + int rc;
3053 +
3054 +- if (is_midi_dev(dp, dev))
3055 ++ info = get_synthinfo_nospec(dp, dev);
3056 ++ if (!info || info->is_midi)
3057 + return -ENXIO;
3058 + if ((rec = get_synthdev(dp, dev)) == NULL)
3059 + return -ENXIO;
3060 + if (rec->oper.ioctl == NULL)
3061 + rc = -ENXIO;
3062 + else
3063 +- rc = rec->oper.ioctl(&dp->synths[dev].arg, cmd, addr);
3064 ++ rc = rec->oper.ioctl(&info->arg, cmd, addr);
3065 + snd_use_lock_free(&rec->use_lock);
3066 + return rc;
3067 + }
3068 +@@ -589,7 +599,10 @@ snd_seq_oss_synth_ioctl(struct seq_oss_devinfo *dp, int dev, unsigned int cmd, u
3069 + int
3070 + snd_seq_oss_synth_raw_event(struct seq_oss_devinfo *dp, int dev, unsigned char *data, struct snd_seq_event *ev)
3071 + {
3072 +- if (! snd_seq_oss_synth_is_valid(dp, dev) || is_midi_dev(dp, dev))
3073 ++ struct seq_oss_synthinfo *info;
3074 ++
3075 ++ info = snd_seq_oss_synth_info(dp, dev);
3076 ++ if (!info || info->is_midi)
3077 + return -ENXIO;
3078 + ev->type = SNDRV_SEQ_EVENT_OSS;
3079 + memcpy(ev->data.raw8.d, data, 8);
3080 +diff --git a/sound/core/seq/oss/seq_oss_synth.h b/sound/core/seq/oss/seq_oss_synth.h
3081 +index 74ac55f166b6..a63f9e22974d 100644
3082 +--- a/sound/core/seq/oss/seq_oss_synth.h
3083 ++++ b/sound/core/seq/oss/seq_oss_synth.h
3084 +@@ -37,7 +37,8 @@ void snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp);
3085 + void snd_seq_oss_synth_reset(struct seq_oss_devinfo *dp, int dev);
3086 + int snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
3087 + const char __user *buf, int p, int c);
3088 +-int snd_seq_oss_synth_is_valid(struct seq_oss_devinfo *dp, int dev);
3089 ++struct seq_oss_synthinfo *snd_seq_oss_synth_info(struct seq_oss_devinfo *dp,
3090 ++ int dev);
3091 + int snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
3092 + struct snd_seq_event *ev);
3093 + int snd_seq_oss_synth_addr(struct seq_oss_devinfo *dp, int dev, struct snd_seq_event *ev);
3094 +diff --git a/sound/drivers/opl3/opl3_synth.c b/sound/drivers/opl3/opl3_synth.c
3095 +index ddcc1a325a61..42920a243328 100644
3096 +--- a/sound/drivers/opl3/opl3_synth.c
3097 ++++ b/sound/drivers/opl3/opl3_synth.c
3098 +@@ -21,6 +21,7 @@
3099 +
3100 + #include <linux/slab.h>
3101 + #include <linux/export.h>
3102 ++#include <linux/nospec.h>
3103 + #include <sound/opl3.h>
3104 + #include <sound/asound_fm.h>
3105 +
3106 +@@ -448,7 +449,7 @@ static int snd_opl3_set_voice(struct snd_opl3 * opl3, struct snd_dm_fm_voice * v
3107 + {
3108 + unsigned short reg_side;
3109 + unsigned char op_offset;
3110 +- unsigned char voice_offset;
3111 ++ unsigned char voice_offset, voice_op;
3112 +
3113 + unsigned short opl3_reg;
3114 + unsigned char reg_val;
3115 +@@ -473,7 +474,9 @@ static int snd_opl3_set_voice(struct snd_opl3 * opl3, struct snd_dm_fm_voice * v
3116 + voice_offset = voice->voice - MAX_OPL2_VOICES;
3117 + }
3118 + /* Get register offset of operator */
3119 +- op_offset = snd_opl3_regmap[voice_offset][voice->op];
3120 ++ voice_offset = array_index_nospec(voice_offset, MAX_OPL2_VOICES);
3121 ++ voice_op = array_index_nospec(voice->op, 4);
3122 ++ op_offset = snd_opl3_regmap[voice_offset][voice_op];
3123 +
3124 + reg_val = 0x00;
3125 + /* Set amplitude modulation (tremolo) effect */
3126 +diff --git a/sound/firewire/dice/dice-stream.c b/sound/firewire/dice/dice-stream.c
3127 +index 8573289c381e..928a255bfc35 100644
3128 +--- a/sound/firewire/dice/dice-stream.c
3129 ++++ b/sound/firewire/dice/dice-stream.c
3130 +@@ -435,7 +435,7 @@ int snd_dice_stream_init_duplex(struct snd_dice *dice)
3131 + err = init_stream(dice, AMDTP_IN_STREAM, i);
3132 + if (err < 0) {
3133 + for (; i >= 0; i--)
3134 +- destroy_stream(dice, AMDTP_OUT_STREAM, i);
3135 ++ destroy_stream(dice, AMDTP_IN_STREAM, i);
3136 + goto end;
3137 + }
3138 + }
3139 +diff --git a/sound/firewire/dice/dice.c b/sound/firewire/dice/dice.c
3140 +index 4ddb4cdd054b..96bb01b6b751 100644
3141 +--- a/sound/firewire/dice/dice.c
3142 ++++ b/sound/firewire/dice/dice.c
3143 +@@ -14,7 +14,7 @@ MODULE_LICENSE("GPL v2");
3144 + #define OUI_WEISS 0x001c6a
3145 + #define OUI_LOUD 0x000ff2
3146 + #define OUI_FOCUSRITE 0x00130e
3147 +-#define OUI_TCELECTRONIC 0x001486
3148 ++#define OUI_TCELECTRONIC 0x000166
3149 +
3150 + #define DICE_CATEGORY_ID 0x04
3151 + #define WEISS_CATEGORY_ID 0x00
3152 +diff --git a/sound/pci/asihpi/hpimsginit.c b/sound/pci/asihpi/hpimsginit.c
3153 +index 7eb617175fde..a31a70dccecf 100644
3154 +--- a/sound/pci/asihpi/hpimsginit.c
3155 ++++ b/sound/pci/asihpi/hpimsginit.c
3156 +@@ -23,6 +23,7 @@
3157 +
3158 + #include "hpi_internal.h"
3159 + #include "hpimsginit.h"
3160 ++#include <linux/nospec.h>
3161 +
3162 + /* The actual message size for each object type */
3163 + static u16 msg_size[HPI_OBJ_MAXINDEX + 1] = HPI_MESSAGE_SIZE_BY_OBJECT;
3164 +@@ -39,10 +40,12 @@ static void hpi_init_message(struct hpi_message *phm, u16 object,
3165 + {
3166 + u16 size;
3167 +
3168 +- if ((object > 0) && (object <= HPI_OBJ_MAXINDEX))
3169 ++ if ((object > 0) && (object <= HPI_OBJ_MAXINDEX)) {
3170 ++ object = array_index_nospec(object, HPI_OBJ_MAXINDEX + 1);
3171 + size = msg_size[object];
3172 +- else
3173 ++ } else {
3174 + size = sizeof(*phm);
3175 ++ }
3176 +
3177 + memset(phm, 0, size);
3178 + phm->size = size;
3179 +@@ -66,10 +69,12 @@ void hpi_init_response(struct hpi_response *phr, u16 object, u16 function,
3180 + {
3181 + u16 size;
3182 +
3183 +- if ((object > 0) && (object <= HPI_OBJ_MAXINDEX))
3184 ++ if ((object > 0) && (object <= HPI_OBJ_MAXINDEX)) {
3185 ++ object = array_index_nospec(object, HPI_OBJ_MAXINDEX + 1);
3186 + size = res_size[object];
3187 +- else
3188 ++ } else {
3189 + size = sizeof(*phr);
3190 ++ }
3191 +
3192 + memset(phr, 0, sizeof(*phr));
3193 + phr->size = size;
3194 +diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
3195 +index 5badd08e1d69..b1a2a7ea4172 100644
3196 +--- a/sound/pci/asihpi/hpioctl.c
3197 ++++ b/sound/pci/asihpi/hpioctl.c
3198 +@@ -33,6 +33,7 @@
3199 + #include <linux/stringify.h>
3200 + #include <linux/module.h>
3201 + #include <linux/vmalloc.h>
3202 ++#include <linux/nospec.h>
3203 +
3204 + #ifdef MODULE_FIRMWARE
3205 + MODULE_FIRMWARE("asihpi/dsp5000.bin");
3206 +@@ -186,7 +187,8 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3207 + struct hpi_adapter *pa = NULL;
3208 +
3209 + if (hm->h.adapter_index < ARRAY_SIZE(adapters))
3210 +- pa = &adapters[hm->h.adapter_index];
3211 ++ pa = &adapters[array_index_nospec(hm->h.adapter_index,
3212 ++ ARRAY_SIZE(adapters))];
3213 +
3214 + if (!pa || !pa->adapter || !pa->adapter->type) {
3215 + hpi_init_response(&hr->r0, hm->h.object,
3216 +diff --git a/sound/pci/hda/hda_hwdep.c b/sound/pci/hda/hda_hwdep.c
3217 +index 57df06e76968..cc009a4a3d1d 100644
3218 +--- a/sound/pci/hda/hda_hwdep.c
3219 ++++ b/sound/pci/hda/hda_hwdep.c
3220 +@@ -21,6 +21,7 @@
3221 + #include <linux/init.h>
3222 + #include <linux/slab.h>
3223 + #include <linux/compat.h>
3224 ++#include <linux/nospec.h>
3225 + #include <sound/core.h>
3226 + #include "hda_codec.h"
3227 + #include "hda_local.h"
3228 +@@ -51,7 +52,16 @@ static int get_wcap_ioctl(struct hda_codec *codec,
3229 +
3230 + if (get_user(verb, &arg->verb))
3231 + return -EFAULT;
3232 +- res = get_wcaps(codec, verb >> 24);
3233 ++ /* open-code get_wcaps(verb>>24) with nospec */
3234 ++ verb >>= 24;
3235 ++ if (verb < codec->core.start_nid ||
3236 ++ verb >= codec->core.start_nid + codec->core.num_nodes) {
3237 ++ res = 0;
3238 ++ } else {
3239 ++ verb -= codec->core.start_nid;
3240 ++ verb = array_index_nospec(verb, codec->core.num_nodes);
3241 ++ res = codec->wcaps[verb];
3242 ++ }
3243 + if (put_user(res, &arg->res))
3244 + return -EFAULT;
3245 + return 0;
3246 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
3247 +index b4f1b6e88305..7d7eb1354eee 100644
3248 +--- a/sound/pci/hda/patch_hdmi.c
3249 ++++ b/sound/pci/hda/patch_hdmi.c
3250 +@@ -1383,6 +1383,8 @@ static void hdmi_pcm_setup_pin(struct hdmi_spec *spec,
3251 + pcm = get_pcm_rec(spec, per_pin->pcm_idx);
3252 + else
3253 + return;
3254 ++ if (!pcm->pcm)
3255 ++ return;
3256 + if (!test_bit(per_pin->pcm_idx, &spec->pcm_in_use))
3257 + return;
3258 +
3259 +@@ -2151,8 +2153,13 @@ static int generic_hdmi_build_controls(struct hda_codec *codec)
3260 + int dev, err;
3261 + int pin_idx, pcm_idx;
3262 +
3263 +-
3264 + for (pcm_idx = 0; pcm_idx < spec->pcm_used; pcm_idx++) {
3265 ++ if (!get_pcm_rec(spec, pcm_idx)->pcm) {
3266 ++ /* no PCM: mark this for skipping permanently */
3267 ++ set_bit(pcm_idx, &spec->pcm_bitmap);
3268 ++ continue;
3269 ++ }
3270 ++
3271 + err = generic_hdmi_build_jack(codec, pcm_idx);
3272 + if (err < 0)
3273 + return err;
3274 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
3275 +index 590887d9b7a1..59daf9901466 100644
3276 +--- a/sound/pci/hda/patch_realtek.c
3277 ++++ b/sound/pci/hda/patch_realtek.c
3278 +@@ -331,6 +331,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
3279 + /* fallthrough */
3280 + case 0x10ec0215:
3281 + case 0x10ec0233:
3282 ++ case 0x10ec0235:
3283 + case 0x10ec0236:
3284 + case 0x10ec0255:
3285 + case 0x10ec0256:
3286 +@@ -6435,6 +6436,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
3287 + SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
3288 + SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
3289 + SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
3290 ++ SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
3291 + SND_PCI_QUIRK(0x17aa, 0x3138, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
3292 + SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
3293 + SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
3294 +@@ -7015,8 +7017,11 @@ static int patch_alc269(struct hda_codec *codec)
3295 + case 0x10ec0298:
3296 + spec->codec_variant = ALC269_TYPE_ALC298;
3297 + break;
3298 ++ case 0x10ec0235:
3299 + case 0x10ec0255:
3300 + spec->codec_variant = ALC269_TYPE_ALC255;
3301 ++ spec->shutup = alc256_shutup;
3302 ++ spec->init_hook = alc256_init;
3303 + break;
3304 + case 0x10ec0236:
3305 + case 0x10ec0256:
3306 +diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
3307 +index f20d42714e4d..343f533906ba 100644
3308 +--- a/sound/pci/rme9652/hdspm.c
3309 ++++ b/sound/pci/rme9652/hdspm.c
3310 +@@ -137,6 +137,7 @@
3311 + #include <linux/pci.h>
3312 + #include <linux/math64.h>
3313 + #include <linux/io.h>
3314 ++#include <linux/nospec.h>
3315 +
3316 + #include <sound/core.h>
3317 + #include <sound/control.h>
3318 +@@ -5698,40 +5699,43 @@ static int snd_hdspm_channel_info(struct snd_pcm_substream *substream,
3319 + struct snd_pcm_channel_info *info)
3320 + {
3321 + struct hdspm *hdspm = snd_pcm_substream_chip(substream);
3322 ++ unsigned int channel = info->channel;
3323 +
3324 + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
3325 +- if (snd_BUG_ON(info->channel >= hdspm->max_channels_out)) {
3326 ++ if (snd_BUG_ON(channel >= hdspm->max_channels_out)) {
3327 + dev_info(hdspm->card->dev,
3328 + "snd_hdspm_channel_info: output channel out of range (%d)\n",
3329 +- info->channel);
3330 ++ channel);
3331 + return -EINVAL;
3332 + }
3333 +
3334 +- if (hdspm->channel_map_out[info->channel] < 0) {
3335 ++ channel = array_index_nospec(channel, hdspm->max_channels_out);
3336 ++ if (hdspm->channel_map_out[channel] < 0) {
3337 + dev_info(hdspm->card->dev,
3338 + "snd_hdspm_channel_info: output channel %d mapped out\n",
3339 +- info->channel);
3340 ++ channel);
3341 + return -EINVAL;
3342 + }
3343 +
3344 +- info->offset = hdspm->channel_map_out[info->channel] *
3345 ++ info->offset = hdspm->channel_map_out[channel] *
3346 + HDSPM_CHANNEL_BUFFER_BYTES;
3347 + } else {
3348 +- if (snd_BUG_ON(info->channel >= hdspm->max_channels_in)) {
3349 ++ if (snd_BUG_ON(channel >= hdspm->max_channels_in)) {
3350 + dev_info(hdspm->card->dev,
3351 + "snd_hdspm_channel_info: input channel out of range (%d)\n",
3352 +- info->channel);
3353 ++ channel);
3354 + return -EINVAL;
3355 + }
3356 +
3357 +- if (hdspm->channel_map_in[info->channel] < 0) {
3358 ++ channel = array_index_nospec(channel, hdspm->max_channels_in);
3359 ++ if (hdspm->channel_map_in[channel] < 0) {
3360 + dev_info(hdspm->card->dev,
3361 + "snd_hdspm_channel_info: input channel %d mapped out\n",
3362 +- info->channel);
3363 ++ channel);
3364 + return -EINVAL;
3365 + }
3366 +
3367 +- info->offset = hdspm->channel_map_in[info->channel] *
3368 ++ info->offset = hdspm->channel_map_in[channel] *
3369 + HDSPM_CHANNEL_BUFFER_BYTES;
3370 + }
3371 +
3372 +diff --git a/sound/pci/rme9652/rme9652.c b/sound/pci/rme9652/rme9652.c
3373 +index df648b1d9217..edd765e22377 100644
3374 +--- a/sound/pci/rme9652/rme9652.c
3375 ++++ b/sound/pci/rme9652/rme9652.c
3376 +@@ -26,6 +26,7 @@
3377 + #include <linux/pci.h>
3378 + #include <linux/module.h>
3379 + #include <linux/io.h>
3380 ++#include <linux/nospec.h>
3381 +
3382 + #include <sound/core.h>
3383 + #include <sound/control.h>
3384 +@@ -2071,9 +2072,10 @@ static int snd_rme9652_channel_info(struct snd_pcm_substream *substream,
3385 + if (snd_BUG_ON(info->channel >= RME9652_NCHANNELS))
3386 + return -EINVAL;
3387 +
3388 +- if ((chn = rme9652->channel_map[info->channel]) < 0) {
3389 ++ chn = rme9652->channel_map[array_index_nospec(info->channel,
3390 ++ RME9652_NCHANNELS)];
3391 ++ if (chn < 0)
3392 + return -EINVAL;
3393 +- }
3394 +
3395 + info->offset = chn * RME9652_CHANNEL_BUFFER_BYTES;
3396 + info->first = 0;
3397 +diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
3398 +index cef79a1a620b..81268760b7a9 100644
3399 +--- a/sound/soc/fsl/fsl_esai.c
3400 ++++ b/sound/soc/fsl/fsl_esai.c
3401 +@@ -144,6 +144,13 @@ static int fsl_esai_divisor_cal(struct snd_soc_dai *dai, bool tx, u32 ratio,
3402 +
3403 + psr = ratio <= 256 * maxfp ? ESAI_xCCR_xPSR_BYPASS : ESAI_xCCR_xPSR_DIV8;
3404 +
3405 ++ /* Do not loop-search if PM (1 ~ 256) alone can serve the ratio */
3406 ++ if (ratio <= 256) {
3407 ++ pm = ratio;
3408 ++ fp = 1;
3409 ++ goto out;
3410 ++ }
3411 ++
3412 + /* Set the max fluctuation -- 0.1% of the max devisor */
3413 + savesub = (psr ? 1 : 8) * 256 * maxfp / 1000;
3414 +
3415 +diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
3416 +index 9038b2e7df73..eaa03acd4686 100644
3417 +--- a/sound/usb/mixer_maps.c
3418 ++++ b/sound/usb/mixer_maps.c
3419 +@@ -353,8 +353,11 @@ static struct usbmix_name_map bose_companion5_map[] = {
3420 + /*
3421 + * Dell usb dock with ALC4020 codec had a firmware problem where it got
3422 + * screwed up when zero volume is passed; just skip it as a workaround
3423 ++ *
3424 ++ * Also the extension unit gives an access error, so skip it as well.
3425 + */
3426 + static const struct usbmix_name_map dell_alc4020_map[] = {
3427 ++ { 4, NULL }, /* extension unit */
3428 + { 16, NULL },
3429 + { 19, NULL },
3430 + { 0 }
3431 +diff --git a/tools/lib/str_error_r.c b/tools/lib/str_error_r.c
3432 +index d6d65537b0d9..6aad8308a0ac 100644
3433 +--- a/tools/lib/str_error_r.c
3434 ++++ b/tools/lib/str_error_r.c
3435 +@@ -22,6 +22,6 @@ char *str_error_r(int errnum, char *buf, size_t buflen)
3436 + {
3437 + int err = strerror_r(errnum, buf, buflen);
3438 + if (err)
3439 +- snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, %p, %zd)=%d", errnum, buf, buflen, err);
3440 ++ snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, [buf], %zd)=%d", errnum, buflen, err);
3441 + return buf;
3442 + }
3443 +diff --git a/tools/lib/subcmd/pager.c b/tools/lib/subcmd/pager.c
3444 +index 5ba754d17952..9997a8805a82 100644
3445 +--- a/tools/lib/subcmd/pager.c
3446 ++++ b/tools/lib/subcmd/pager.c
3447 +@@ -30,10 +30,13 @@ static void pager_preexec(void)
3448 + * have real input
3449 + */
3450 + fd_set in;
3451 ++ fd_set exception;
3452 +
3453 + FD_ZERO(&in);
3454 ++ FD_ZERO(&exception);
3455 + FD_SET(0, &in);
3456 +- select(1, &in, NULL, &in, NULL);
3457 ++ FD_SET(0, &exception);
3458 ++ select(1, &in, NULL, &exception, NULL);
3459 +
3460 + setenv("LESS", "FRSX", 0);
3461 + }
3462 +diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
3463 +index 1366462a3ab2..9bee849db682 100644
3464 +--- a/virt/kvm/arm/arm.c
3465 ++++ b/virt/kvm/arm/arm.c
3466 +@@ -61,7 +61,7 @@ static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_arm_running_vcpu);
3467 + static atomic64_t kvm_vmid_gen = ATOMIC64_INIT(1);
3468 + static u32 kvm_next_vmid;
3469 + static unsigned int kvm_vmid_bits __read_mostly;
3470 +-static DEFINE_SPINLOCK(kvm_vmid_lock);
3471 ++static DEFINE_RWLOCK(kvm_vmid_lock);
3472 +
3473 + static bool vgic_present;
3474 +
3475 +@@ -462,11 +462,16 @@ static void update_vttbr(struct kvm *kvm)
3476 + {
3477 + phys_addr_t pgd_phys;
3478 + u64 vmid;
3479 ++ bool new_gen;
3480 +
3481 +- if (!need_new_vmid_gen(kvm))
3482 ++ read_lock(&kvm_vmid_lock);
3483 ++ new_gen = need_new_vmid_gen(kvm);
3484 ++ read_unlock(&kvm_vmid_lock);
3485 ++
3486 ++ if (!new_gen)
3487 + return;
3488 +
3489 +- spin_lock(&kvm_vmid_lock);
3490 ++ write_lock(&kvm_vmid_lock);
3491 +
3492 + /*
3493 + * We need to re-check the vmid_gen here to ensure that if another vcpu
3494 +@@ -474,7 +479,7 @@ static void update_vttbr(struct kvm *kvm)
3495 + * use the same vmid.
3496 + */
3497 + if (!need_new_vmid_gen(kvm)) {
3498 +- spin_unlock(&kvm_vmid_lock);
3499 ++ write_unlock(&kvm_vmid_lock);
3500 + return;
3501 + }
3502 +
3503 +@@ -508,7 +513,7 @@ static void update_vttbr(struct kvm *kvm)
3504 + vmid = ((u64)(kvm->arch.vmid) << VTTBR_VMID_SHIFT) & VTTBR_VMID_MASK(kvm_vmid_bits);
3505 + kvm->arch.vttbr = pgd_phys | vmid;
3506 +
3507 +- spin_unlock(&kvm_vmid_lock);
3508 ++ write_unlock(&kvm_vmid_lock);
3509 + }
3510 +
3511 + static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
3512 +diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
3513 +index 6919352cbf15..c4762bef13c6 100644
3514 +--- a/virt/kvm/arm/psci.c
3515 ++++ b/virt/kvm/arm/psci.c
3516 +@@ -18,6 +18,7 @@
3517 + #include <linux/arm-smccc.h>
3518 + #include <linux/preempt.h>
3519 + #include <linux/kvm_host.h>
3520 ++#include <linux/uaccess.h>
3521 + #include <linux/wait.h>
3522 +
3523 + #include <asm/cputype.h>
3524 +@@ -427,3 +428,62 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
3525 + smccc_set_retval(vcpu, val, 0, 0, 0);
3526 + return 1;
3527 + }
3528 ++
3529 ++int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu)
3530 ++{
3531 ++ return 1; /* PSCI version */
3532 ++}
3533 ++
3534 ++int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices)
3535 ++{
3536 ++ if (put_user(KVM_REG_ARM_PSCI_VERSION, uindices))
3537 ++ return -EFAULT;
3538 ++
3539 ++ return 0;
3540 ++}
3541 ++
3542 ++int kvm_arm_get_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
3543 ++{
3544 ++ if (reg->id == KVM_REG_ARM_PSCI_VERSION) {
3545 ++ void __user *uaddr = (void __user *)(long)reg->addr;
3546 ++ u64 val;
3547 ++
3548 ++ val = kvm_psci_version(vcpu, vcpu->kvm);
3549 ++ if (copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id)))
3550 ++ return -EFAULT;
3551 ++
3552 ++ return 0;
3553 ++ }
3554 ++
3555 ++ return -EINVAL;
3556 ++}
3557 ++
3558 ++int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
3559 ++{
3560 ++ if (reg->id == KVM_REG_ARM_PSCI_VERSION) {
3561 ++ void __user *uaddr = (void __user *)(long)reg->addr;
3562 ++ bool wants_02;
3563 ++ u64 val;
3564 ++
3565 ++ if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id)))
3566 ++ return -EFAULT;
3567 ++
3568 ++ wants_02 = test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features);
3569 ++
3570 ++ switch (val) {
3571 ++ case KVM_ARM_PSCI_0_1:
3572 ++ if (wants_02)
3573 ++ return -EINVAL;
3574 ++ vcpu->kvm->arch.psci_version = val;
3575 ++ return 0;
3576 ++ case KVM_ARM_PSCI_0_2:
3577 ++ case KVM_ARM_PSCI_1_0:
3578 ++ if (!wants_02)
3579 ++ return -EINVAL;
3580 ++ vcpu->kvm->arch.psci_version = val;
3581 ++ return 0;
3582 ++ }
3583 ++ }
3584 ++
3585 ++ return -EINVAL;
3586 ++}
Report Message
Find on MARC Find on Google Groups