Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Sat, 27 Apr 2019 17:29:16
Message-Id: 1556386133.bbda7f22f22fe20352673151651159111604d20a.mpagano@gentoo
1 commit: bbda7f22f22fe20352673151651159111604d20a
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Apr 27 17:28:53 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Apr 27 17:28:53 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bbda7f22
7
8 Linux patch 4.9.171
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1170_linux-4.9.171.patch | 1955 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1959 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index ea31894..5425b73 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -723,6 +723,10 @@ Patch: 1169_linux-4.9.170.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.170
23
24 +Patch: 1170_linux-4.9.171.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.171
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1170_linux-4.9.171.patch b/1170_linux-4.9.171.patch
33 new file mode 100644
34 index 0000000..e7cd389
35 --- /dev/null
36 +++ b/1170_linux-4.9.171.patch
37 @@ -0,0 +1,1955 @@
38 +diff --git a/Makefile b/Makefile
39 +index 966069dab768..dbdef749e1c8 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 9
45 +-SUBLEVEL = 170
46 ++SUBLEVEL = 171
47 + EXTRAVERSION =
48 + NAME = Roaring Lionus
49 +
50 +@@ -655,8 +655,7 @@ KBUILD_CFLAGS += $(call cc-option,-fdata-sections,)
51 + endif
52 +
53 + ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
54 +-KBUILD_CFLAGS += $(call cc-option,-Oz,-Os)
55 +-KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
56 ++KBUILD_CFLAGS += -Os $(call cc-disable-warning,maybe-uninitialized,)
57 + else
58 + ifdef CONFIG_PROFILE_ALL_BRANCHES
59 + KBUILD_CFLAGS += -O2 $(call cc-disable-warning,maybe-uninitialized,)
60 +diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
61 +index d7116f5935fb..86a43450f014 100644
62 +--- a/arch/arm64/include/asm/futex.h
63 ++++ b/arch/arm64/include/asm/futex.h
64 +@@ -53,7 +53,7 @@
65 + static inline int
66 + arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr)
67 + {
68 +- int oldval, ret, tmp;
69 ++ int oldval = 0, ret, tmp;
70 +
71 + pagefault_disable();
72 +
73 +diff --git a/arch/x86/crypto/poly1305-avx2-x86_64.S b/arch/x86/crypto/poly1305-avx2-x86_64.S
74 +index eff2f414e22b..ec234c43b3f4 100644
75 +--- a/arch/x86/crypto/poly1305-avx2-x86_64.S
76 ++++ b/arch/x86/crypto/poly1305-avx2-x86_64.S
77 +@@ -321,6 +321,12 @@ ENTRY(poly1305_4block_avx2)
78 + vpaddq t2,t1,t1
79 + vmovq t1x,d4
80 +
81 ++ # Now do a partial reduction mod (2^130)-5, carrying h0 -> h1 -> h2 ->
82 ++ # h3 -> h4 -> h0 -> h1 to get h0,h2,h3,h4 < 2^26 and h1 < 2^26 + a small
83 ++ # amount. Careful: we must not assume the carry bits 'd0 >> 26',
84 ++ # 'd1 >> 26', 'd2 >> 26', 'd3 >> 26', and '(d4 >> 26) * 5' fit in 32-bit
85 ++ # integers. It's true in a single-block implementation, but not here.
86 ++
87 + # d1 += d0 >> 26
88 + mov d0,%rax
89 + shr $26,%rax
90 +@@ -359,16 +365,16 @@ ENTRY(poly1305_4block_avx2)
91 + # h0 += (d4 >> 26) * 5
92 + mov d4,%rax
93 + shr $26,%rax
94 +- lea (%eax,%eax,4),%eax
95 +- add %eax,%ebx
96 ++ lea (%rax,%rax,4),%rax
97 ++ add %rax,%rbx
98 + # h4 = d4 & 0x3ffffff
99 + mov d4,%rax
100 + and $0x3ffffff,%eax
101 + mov %eax,h4
102 +
103 + # h1 += h0 >> 26
104 +- mov %ebx,%eax
105 +- shr $26,%eax
106 ++ mov %rbx,%rax
107 ++ shr $26,%rax
108 + add %eax,h1
109 + # h0 = h0 & 0x3ffffff
110 + andl $0x3ffffff,%ebx
111 +diff --git a/arch/x86/crypto/poly1305-sse2-x86_64.S b/arch/x86/crypto/poly1305-sse2-x86_64.S
112 +index 338c748054ed..639d9760b089 100644
113 +--- a/arch/x86/crypto/poly1305-sse2-x86_64.S
114 ++++ b/arch/x86/crypto/poly1305-sse2-x86_64.S
115 +@@ -251,16 +251,16 @@ ENTRY(poly1305_block_sse2)
116 + # h0 += (d4 >> 26) * 5
117 + mov d4,%rax
118 + shr $26,%rax
119 +- lea (%eax,%eax,4),%eax
120 +- add %eax,%ebx
121 ++ lea (%rax,%rax,4),%rax
122 ++ add %rax,%rbx
123 + # h4 = d4 & 0x3ffffff
124 + mov d4,%rax
125 + and $0x3ffffff,%eax
126 + mov %eax,h4
127 +
128 + # h1 += h0 >> 26
129 +- mov %ebx,%eax
130 +- shr $26,%eax
131 ++ mov %rbx,%rax
132 ++ shr $26,%rax
133 + add %eax,h1
134 + # h0 = h0 & 0x3ffffff
135 + andl $0x3ffffff,%ebx
136 +@@ -518,6 +518,12 @@ ENTRY(poly1305_2block_sse2)
137 + paddq t2,t1
138 + movq t1,d4
139 +
140 ++ # Now do a partial reduction mod (2^130)-5, carrying h0 -> h1 -> h2 ->
141 ++ # h3 -> h4 -> h0 -> h1 to get h0,h2,h3,h4 < 2^26 and h1 < 2^26 + a small
142 ++ # amount. Careful: we must not assume the carry bits 'd0 >> 26',
143 ++ # 'd1 >> 26', 'd2 >> 26', 'd3 >> 26', and '(d4 >> 26) * 5' fit in 32-bit
144 ++ # integers. It's true in a single-block implementation, but not here.
145 ++
146 + # d1 += d0 >> 26
147 + mov d0,%rax
148 + shr $26,%rax
149 +@@ -556,16 +562,16 @@ ENTRY(poly1305_2block_sse2)
150 + # h0 += (d4 >> 26) * 5
151 + mov d4,%rax
152 + shr $26,%rax
153 +- lea (%eax,%eax,4),%eax
154 +- add %eax,%ebx
155 ++ lea (%rax,%rax,4),%rax
156 ++ add %rax,%rbx
157 + # h4 = d4 & 0x3ffffff
158 + mov d4,%rax
159 + and $0x3ffffff,%eax
160 + mov %eax,h4
161 +
162 + # h1 += h0 >> 26
163 +- mov %ebx,%eax
164 +- shr $26,%eax
165 ++ mov %rbx,%rax
166 ++ shr $26,%rax
167 + add %eax,h1
168 + # h0 = h0 & 0x3ffffff
169 + andl $0x3ffffff,%ebx
170 +diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c
171 +index afb222b63cae..de050d5a4506 100644
172 +--- a/arch/x86/events/amd/core.c
173 ++++ b/arch/x86/events/amd/core.c
174 +@@ -113,22 +113,39 @@ static __initconst const u64 amd_hw_cache_event_ids
175 + };
176 +
177 + /*
178 +- * AMD Performance Monitor K7 and later.
179 ++ * AMD Performance Monitor K7 and later, up to and including Family 16h:
180 + */
181 + static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] =
182 + {
183 +- [PERF_COUNT_HW_CPU_CYCLES] = 0x0076,
184 +- [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0,
185 +- [PERF_COUNT_HW_CACHE_REFERENCES] = 0x077d,
186 +- [PERF_COUNT_HW_CACHE_MISSES] = 0x077e,
187 +- [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2,
188 +- [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3,
189 +- [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00d0, /* "Decoder empty" event */
190 +- [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x00d1, /* "Dispatch stalls" event */
191 ++ [PERF_COUNT_HW_CPU_CYCLES] = 0x0076,
192 ++ [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0,
193 ++ [PERF_COUNT_HW_CACHE_REFERENCES] = 0x077d,
194 ++ [PERF_COUNT_HW_CACHE_MISSES] = 0x077e,
195 ++ [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2,
196 ++ [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3,
197 ++ [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00d0, /* "Decoder empty" event */
198 ++ [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x00d1, /* "Dispatch stalls" event */
199 ++};
200 ++
201 ++/*
202 ++ * AMD Performance Monitor Family 17h and later:
203 ++ */
204 ++static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] =
205 ++{
206 ++ [PERF_COUNT_HW_CPU_CYCLES] = 0x0076,
207 ++ [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0,
208 ++ [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60,
209 ++ [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2,
210 ++ [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3,
211 ++ [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x0287,
212 ++ [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187,
213 + };
214 +
215 + static u64 amd_pmu_event_map(int hw_event)
216 + {
217 ++ if (boot_cpu_data.x86 >= 0x17)
218 ++ return amd_f17h_perfmon_event_map[hw_event];
219 ++
220 + return amd_perfmon_event_map[hw_event];
221 + }
222 +
223 +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
224 +index 64a70b2e2285..3f3cfeca1083 100644
225 +--- a/arch/x86/kernel/kprobes/core.c
226 ++++ b/arch/x86/kernel/kprobes/core.c
227 +@@ -545,6 +545,7 @@ void arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs)
228 + unsigned long *sara = stack_addr(regs);
229 +
230 + ri->ret_addr = (kprobe_opcode_t *) *sara;
231 ++ ri->fp = sara;
232 +
233 + /* Replace the return addr with trampoline addr */
234 + *sara = (unsigned long) &kretprobe_trampoline;
235 +@@ -746,15 +747,21 @@ __visible __used void *trampoline_handler(struct pt_regs *regs)
236 + unsigned long flags, orig_ret_address = 0;
237 + unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
238 + kprobe_opcode_t *correct_ret_addr = NULL;
239 ++ void *frame_pointer;
240 ++ bool skipped = false;
241 +
242 + INIT_HLIST_HEAD(&empty_rp);
243 + kretprobe_hash_lock(current, &head, &flags);
244 + /* fixup registers */
245 + #ifdef CONFIG_X86_64
246 + regs->cs = __KERNEL_CS;
247 ++ /* On x86-64, we use pt_regs->sp for return address holder. */
248 ++ frame_pointer = &regs->sp;
249 + #else
250 + regs->cs = __KERNEL_CS | get_kernel_rpl();
251 + regs->gs = 0;
252 ++ /* On x86-32, we use pt_regs->flags for return address holder. */
253 ++ frame_pointer = &regs->flags;
254 + #endif
255 + regs->ip = trampoline_address;
256 + regs->orig_ax = ~0UL;
257 +@@ -776,8 +783,25 @@ __visible __used void *trampoline_handler(struct pt_regs *regs)
258 + if (ri->task != current)
259 + /* another task is sharing our hash bucket */
260 + continue;
261 ++ /*
262 ++ * Return probes must be pushed on this hash list correct
263 ++ * order (same as return order) so that it can be poped
264 ++ * correctly. However, if we find it is pushed it incorrect
265 ++ * order, this means we find a function which should not be
266 ++ * probed, because the wrong order entry is pushed on the
267 ++ * path of processing other kretprobe itself.
268 ++ */
269 ++ if (ri->fp != frame_pointer) {
270 ++ if (!skipped)
271 ++ pr_warn("kretprobe is stacked incorrectly. Trying to fixup.\n");
272 ++ skipped = true;
273 ++ continue;
274 ++ }
275 +
276 + orig_ret_address = (unsigned long)ri->ret_addr;
277 ++ if (skipped)
278 ++ pr_warn("%ps must be blacklisted because of incorrect kretprobe order\n",
279 ++ ri->rp->kp.addr);
280 +
281 + if (orig_ret_address != trampoline_address)
282 + /*
283 +@@ -795,6 +819,8 @@ __visible __used void *trampoline_handler(struct pt_regs *regs)
284 + if (ri->task != current)
285 + /* another task is sharing our hash bucket */
286 + continue;
287 ++ if (ri->fp != frame_pointer)
288 ++ continue;
289 +
290 + orig_ret_address = (unsigned long)ri->ret_addr;
291 + if (ri->rp && ri->rp->handler) {
292 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
293 +index 510cfc06701a..b636a1e849fd 100644
294 +--- a/arch/x86/kvm/emulate.c
295 ++++ b/arch/x86/kvm/emulate.c
296 +@@ -2579,15 +2579,13 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
297 + * CR0/CR3/CR4/EFER. It's all a bit more complicated if the vCPU
298 + * supports long mode.
299 + */
300 +- cr4 = ctxt->ops->get_cr(ctxt, 4);
301 + if (emulator_has_longmode(ctxt)) {
302 + struct desc_struct cs_desc;
303 +
304 + /* Zero CR4.PCIDE before CR0.PG. */
305 +- if (cr4 & X86_CR4_PCIDE) {
306 ++ cr4 = ctxt->ops->get_cr(ctxt, 4);
307 ++ if (cr4 & X86_CR4_PCIDE)
308 + ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PCIDE);
309 +- cr4 &= ~X86_CR4_PCIDE;
310 +- }
311 +
312 + /* A 32-bit code segment is required to clear EFER.LMA. */
313 + memset(&cs_desc, 0, sizeof(cs_desc));
314 +@@ -2601,13 +2599,16 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
315 + if (cr0 & X86_CR0_PE)
316 + ctxt->ops->set_cr(ctxt, 0, cr0 & ~(X86_CR0_PG | X86_CR0_PE));
317 +
318 +- /* Now clear CR4.PAE (which must be done before clearing EFER.LME). */
319 +- if (cr4 & X86_CR4_PAE)
320 +- ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PAE);
321 ++ if (emulator_has_longmode(ctxt)) {
322 ++ /* Clear CR4.PAE before clearing EFER.LME. */
323 ++ cr4 = ctxt->ops->get_cr(ctxt, 4);
324 ++ if (cr4 & X86_CR4_PAE)
325 ++ ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PAE);
326 +
327 +- /* And finally go back to 32-bit mode. */
328 +- efer = 0;
329 +- ctxt->ops->set_msr(ctxt, MSR_EFER, efer);
330 ++ /* And finally go back to 32-bit mode. */
331 ++ efer = 0;
332 ++ ctxt->ops->set_msr(ctxt, MSR_EFER, efer);
333 ++ }
334 +
335 + smbase = ctxt->ops->get_smbase(ctxt);
336 + if (emulator_has_longmode(ctxt))
337 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
338 +index 01eb0451b96d..9a6d258c3c16 100644
339 +--- a/arch/x86/kvm/svm.c
340 ++++ b/arch/x86/kvm/svm.c
341 +@@ -3940,14 +3940,25 @@ static int avic_incomplete_ipi_interception(struct vcpu_svm *svm)
342 + kvm_lapic_reg_write(apic, APIC_ICR, icrl);
343 + break;
344 + case AVIC_IPI_FAILURE_TARGET_NOT_RUNNING: {
345 ++ int i;
346 ++ struct kvm_vcpu *vcpu;
347 ++ struct kvm *kvm = svm->vcpu.kvm;
348 + struct kvm_lapic *apic = svm->vcpu.arch.apic;
349 +
350 + /*
351 +- * Update ICR high and low, then emulate sending IPI,
352 +- * which is handled when writing APIC_ICR.
353 ++ * At this point, we expect that the AVIC HW has already
354 ++ * set the appropriate IRR bits on the valid target
355 ++ * vcpus. So, we just need to kick the appropriate vcpu.
356 + */
357 +- kvm_lapic_reg_write(apic, APIC_ICR2, icrh);
358 +- kvm_lapic_reg_write(apic, APIC_ICR, icrl);
359 ++ kvm_for_each_vcpu(i, vcpu, kvm) {
360 ++ bool m = kvm_apic_match_dest(vcpu, apic,
361 ++ icrl & KVM_APIC_SHORT_MASK,
362 ++ GET_APIC_DEST_FIELD(icrh),
363 ++ icrl & KVM_APIC_DEST_MASK);
364 ++
365 ++ if (m && !avic_vcpu_is_running(vcpu))
366 ++ kvm_vcpu_wake_up(vcpu);
367 ++ }
368 + break;
369 + }
370 + case AVIC_IPI_FAILURE_INVALID_TARGET:
371 +diff --git a/crypto/testmgr.h b/crypto/testmgr.h
372 +index 9033088ca231..ebff33765ac3 100644
373 +--- a/crypto/testmgr.h
374 ++++ b/crypto/testmgr.h
375 +@@ -4527,7 +4527,49 @@ static struct hash_testvec poly1305_tv_template[] = {
376 + .psize = 80,
377 + .digest = "\x13\x00\x00\x00\x00\x00\x00\x00"
378 + "\x00\x00\x00\x00\x00\x00\x00\x00",
379 +- },
380 ++ }, { /* Regression test for overflow in AVX2 implementation */
381 ++ .plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
382 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
383 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
384 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
385 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
386 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
387 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
388 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
389 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
390 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
391 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
392 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
393 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
394 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
395 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
396 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
397 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
398 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
399 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
400 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
401 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
402 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
403 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
404 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
405 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
406 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
407 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
408 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
409 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
410 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
411 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
412 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
413 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
414 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
415 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
416 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
417 ++ "\xff\xff\xff\xff\xff\xff\xff\xff"
418 ++ "\xff\xff\xff\xff",
419 ++ .psize = 300,
420 ++ .digest = "\xfb\x5e\x96\xd8\x61\xd5\xc7\xc8"
421 ++ "\x78\xe5\x87\xcc\x2d\x5a\x22\xe1",
422 ++ }
423 + };
424 +
425 + /*
426 +diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c
427 +index 95ce2e9ccdc6..cc4e642d3180 100644
428 +--- a/drivers/char/tpm/tpm_i2c_atmel.c
429 ++++ b/drivers/char/tpm/tpm_i2c_atmel.c
430 +@@ -65,7 +65,15 @@ static int i2c_atmel_send(struct tpm_chip *chip, u8 *buf, size_t len)
431 + dev_dbg(&chip->dev,
432 + "%s(buf=%*ph len=%0zx) -> sts=%d\n", __func__,
433 + (int)min_t(size_t, 64, len), buf, len, status);
434 +- return status;
435 ++
436 ++ if (status < 0)
437 ++ return status;
438 ++
439 ++ /* The upper layer does not support incomplete sends. */
440 ++ if (status != len)
441 ++ return -E2BIG;
442 ++
443 ++ return 0;
444 + }
445 +
446 + static int i2c_atmel_recv(struct tpm_chip *chip, u8 *buf, size_t count)
447 +diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c
448 +index 4afca3968773..e3b8bebfdd30 100644
449 +--- a/drivers/crypto/amcc/crypto4xx_alg.c
450 ++++ b/drivers/crypto/amcc/crypto4xx_alg.c
451 +@@ -138,7 +138,8 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher,
452 + sa = (struct dynamic_sa_ctl *) ctx->sa_in;
453 + ctx->hash_final = 0;
454 +
455 +- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV,
456 ++ set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ?
457 ++ SA_SAVE_IV : SA_NOT_SAVE_IV),
458 + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
459 + SA_NO_HEADER_PROC, SA_HASH_ALG_NULL,
460 + SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO,
461 +diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c
462 +index c7524bbbaf98..7d066fa9f2ad 100644
463 +--- a/drivers/crypto/amcc/crypto4xx_core.c
464 ++++ b/drivers/crypto/amcc/crypto4xx_core.c
465 +@@ -646,6 +646,15 @@ static u32 crypto4xx_ablkcipher_done(struct crypto4xx_device *dev,
466 + addr = dma_map_page(dev->core_dev->device, sg_page(dst),
467 + dst->offset, dst->length, DMA_FROM_DEVICE);
468 + }
469 ++
470 ++ if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) {
471 ++ struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
472 ++
473 ++ crypto4xx_memcpy_from_le32((u32 *)req->iv,
474 ++ pd_uinfo->sr_va->save_iv,
475 ++ crypto_skcipher_ivsize(skcipher));
476 ++ }
477 ++
478 + crypto4xx_ret_sg_desc(dev, pd_uinfo);
479 + if (ablk_req->base.complete != NULL)
480 + ablk_req->base.complete(&ablk_req->base, 0);
481 +diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
482 +index 1d645c9ab417..cac262a912c1 100644
483 +--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
484 ++++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
485 +@@ -337,7 +337,8 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = {
486 + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "FlexBook edge11 - M-FBE11"),
487 + },
488 + .driver_data = (void *)&sipodev_desc
489 +- }
490 ++ },
491 ++ { } /* Terminate list */
492 + };
493 +
494 +
495 +diff --git a/drivers/iio/accel/kxcjk-1013.c b/drivers/iio/accel/kxcjk-1013.c
496 +index 784636800361..780f886ccbfe 100644
497 +--- a/drivers/iio/accel/kxcjk-1013.c
498 ++++ b/drivers/iio/accel/kxcjk-1013.c
499 +@@ -1340,6 +1340,8 @@ static int kxcjk1013_resume(struct device *dev)
500 +
501 + mutex_lock(&data->mutex);
502 + ret = kxcjk1013_set_mode(data, OPERATION);
503 ++ if (ret == 0)
504 ++ ret = kxcjk1013_set_range(data, data->range);
505 + mutex_unlock(&data->mutex);
506 +
507 + return ret;
508 +diff --git a/drivers/iio/adc/ad_sigma_delta.c b/drivers/iio/adc/ad_sigma_delta.c
509 +index 22c4c17cd996..a1d072ecb717 100644
510 +--- a/drivers/iio/adc/ad_sigma_delta.c
511 ++++ b/drivers/iio/adc/ad_sigma_delta.c
512 +@@ -121,6 +121,7 @@ static int ad_sd_read_reg_raw(struct ad_sigma_delta *sigma_delta,
513 + if (sigma_delta->info->has_registers) {
514 + data[0] = reg << sigma_delta->info->addr_shift;
515 + data[0] |= sigma_delta->info->read_mask;
516 ++ data[0] |= sigma_delta->comm;
517 + spi_message_add_tail(&t[0], &m);
518 + }
519 + spi_message_add_tail(&t[1], &m);
520 +diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
521 +index e3e2155b0386..dd9f2280927b 100644
522 +--- a/drivers/iio/adc/at91_adc.c
523 ++++ b/drivers/iio/adc/at91_adc.c
524 +@@ -704,23 +704,29 @@ static int at91_adc_read_raw(struct iio_dev *idev,
525 + ret = wait_event_interruptible_timeout(st->wq_data_avail,
526 + st->done,
527 + msecs_to_jiffies(1000));
528 +- if (ret == 0)
529 +- ret = -ETIMEDOUT;
530 +- if (ret < 0) {
531 +- mutex_unlock(&st->lock);
532 +- return ret;
533 +- }
534 +-
535 +- *val = st->last_value;
536 +
537 ++ /* Disable interrupts, regardless if adc conversion was
538 ++ * successful or not
539 ++ */
540 + at91_adc_writel(st, AT91_ADC_CHDR,
541 + AT91_ADC_CH(chan->channel));
542 + at91_adc_writel(st, AT91_ADC_IDR, BIT(chan->channel));
543 +
544 +- st->last_value = 0;
545 +- st->done = false;
546 ++ if (ret > 0) {
547 ++ /* a valid conversion took place */
548 ++ *val = st->last_value;
549 ++ st->last_value = 0;
550 ++ st->done = false;
551 ++ ret = IIO_VAL_INT;
552 ++ } else if (ret == 0) {
553 ++ /* conversion timeout */
554 ++ dev_err(&idev->dev, "ADC Channel %d timeout.\n",
555 ++ chan->channel);
556 ++ ret = -ETIMEDOUT;
557 ++ }
558 ++
559 + mutex_unlock(&st->lock);
560 +- return IIO_VAL_INT;
561 ++ return ret;
562 +
563 + case IIO_CHAN_INFO_SCALE:
564 + *val = st->vref_mv;
565 +diff --git a/drivers/iio/gyro/bmg160_core.c b/drivers/iio/gyro/bmg160_core.c
566 +index 821919dd245b..b5a5517e3ce1 100644
567 +--- a/drivers/iio/gyro/bmg160_core.c
568 ++++ b/drivers/iio/gyro/bmg160_core.c
569 +@@ -583,11 +583,10 @@ static int bmg160_read_raw(struct iio_dev *indio_dev,
570 + case IIO_CHAN_INFO_LOW_PASS_FILTER_3DB_FREQUENCY:
571 + return bmg160_get_filter(data, val);
572 + case IIO_CHAN_INFO_SCALE:
573 +- *val = 0;
574 + switch (chan->type) {
575 + case IIO_TEMP:
576 +- *val2 = 500000;
577 +- return IIO_VAL_INT_PLUS_MICRO;
578 ++ *val = 500;
579 ++ return IIO_VAL_INT;
580 + case IIO_ANGL_VEL:
581 + {
582 + int i;
583 +@@ -595,6 +594,7 @@ static int bmg160_read_raw(struct iio_dev *indio_dev,
584 + for (i = 0; i < ARRAY_SIZE(bmg160_scale_table); ++i) {
585 + if (bmg160_scale_table[i].dps_range ==
586 + data->dps_range) {
587 ++ *val = 0;
588 + *val2 = bmg160_scale_table[i].scale;
589 + return IIO_VAL_INT_PLUS_MICRO;
590 + }
591 +diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
592 +index 6bf58d27b6fc..df306caba296 100644
593 +--- a/drivers/mmc/host/sdhci.c
594 ++++ b/drivers/mmc/host/sdhci.c
595 +@@ -944,8 +944,7 @@ static bool sdhci_needs_reset(struct sdhci_host *host, struct mmc_request *mrq)
596 + return (!(host->flags & SDHCI_DEVICE_DEAD) &&
597 + ((mrq->cmd && mrq->cmd->error) ||
598 + (mrq->sbc && mrq->sbc->error) ||
599 +- (mrq->data && ((mrq->data->error && !mrq->data->stop) ||
600 +- (mrq->data->stop && mrq->data->stop->error))) ||
601 ++ (mrq->data && mrq->data->stop && mrq->data->stop->error) ||
602 + (host->quirks & SDHCI_QUIRK_RESET_AFTER_REQUEST)));
603 + }
604 +
605 +@@ -997,6 +996,16 @@ static void sdhci_finish_data(struct sdhci_host *host)
606 + host->data = NULL;
607 + host->data_cmd = NULL;
608 +
609 ++ /*
610 ++ * The controller needs a reset of internal state machines upon error
611 ++ * conditions.
612 ++ */
613 ++ if (data->error) {
614 ++ if (!host->cmd || host->cmd == data_cmd)
615 ++ sdhci_do_reset(host, SDHCI_RESET_CMD);
616 ++ sdhci_do_reset(host, SDHCI_RESET_DATA);
617 ++ }
618 ++
619 + if ((host->flags & (SDHCI_REQ_USE_DMA | SDHCI_USE_ADMA)) ==
620 + (SDHCI_REQ_USE_DMA | SDHCI_USE_ADMA))
621 + sdhci_adma_table_post(host, data);
622 +@@ -1021,17 +1030,6 @@ static void sdhci_finish_data(struct sdhci_host *host)
623 + if (data->stop &&
624 + (data->error ||
625 + !data->mrq->sbc)) {
626 +-
627 +- /*
628 +- * The controller needs a reset of internal state machines
629 +- * upon error conditions.
630 +- */
631 +- if (data->error) {
632 +- if (!host->cmd || host->cmd == data_cmd)
633 +- sdhci_do_reset(host, SDHCI_RESET_CMD);
634 +- sdhci_do_reset(host, SDHCI_RESET_DATA);
635 +- }
636 +-
637 + /*
638 + * 'cap_cmd_during_tfr' request must not use the command line
639 + * after mmc_command_done() has been called. It is upper layer's
640 +@@ -2457,7 +2455,7 @@ static void sdhci_timeout_data_timer(unsigned long data)
641 + * *
642 + \*****************************************************************************/
643 +
644 +-static void sdhci_cmd_irq(struct sdhci_host *host, u32 intmask)
645 ++static void sdhci_cmd_irq(struct sdhci_host *host, u32 intmask, u32 *intmask_p)
646 + {
647 + if (!host->cmd) {
648 + /*
649 +@@ -2480,20 +2478,12 @@ static void sdhci_cmd_irq(struct sdhci_host *host, u32 intmask)
650 + else
651 + host->cmd->error = -EILSEQ;
652 +
653 +- /*
654 +- * If this command initiates a data phase and a response
655 +- * CRC error is signalled, the card can start transferring
656 +- * data - the card may have received the command without
657 +- * error. We must not terminate the mmc_request early.
658 +- *
659 +- * If the card did not receive the command or returned an
660 +- * error which prevented it sending data, the data phase
661 +- * will time out.
662 +- */
663 ++ /* Treat data command CRC error the same as data CRC error */
664 + if (host->cmd->data &&
665 + (intmask & (SDHCI_INT_CRC | SDHCI_INT_TIMEOUT)) ==
666 + SDHCI_INT_CRC) {
667 + host->cmd = NULL;
668 ++ *intmask_p |= SDHCI_INT_DATA_CRC;
669 + return;
670 + }
671 +
672 +@@ -2722,7 +2712,7 @@ static irqreturn_t sdhci_irq(int irq, void *dev_id)
673 + }
674 +
675 + if (intmask & SDHCI_INT_CMD_MASK)
676 +- sdhci_cmd_irq(host, intmask & SDHCI_INT_CMD_MASK);
677 ++ sdhci_cmd_irq(host, intmask & SDHCI_INT_CMD_MASK, &intmask);
678 +
679 + if (intmask & SDHCI_INT_DATA_MASK)
680 + sdhci_data_irq(host, intmask & SDHCI_INT_DATA_MASK);
681 +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
682 +index 24a3433f3944..93169729dfc9 100644
683 +--- a/drivers/net/bonding/bond_main.c
684 ++++ b/drivers/net/bonding/bond_main.c
685 +@@ -3134,8 +3134,12 @@ static int bond_netdev_event(struct notifier_block *this,
686 + return NOTIFY_DONE;
687 +
688 + if (event_dev->flags & IFF_MASTER) {
689 ++ int ret;
690 ++
691 + netdev_dbg(event_dev, "IFF_MASTER\n");
692 +- return bond_master_netdev_event(event, event_dev);
693 ++ ret = bond_master_netdev_event(event, event_dev);
694 ++ if (ret != NOTIFY_DONE)
695 ++ return ret;
696 + }
697 +
698 + if (event_dev->flags & IFF_SLAVE) {
699 +diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
700 +index 375b6810bf46..b8874faaa813 100644
701 +--- a/drivers/net/team/team.c
702 ++++ b/drivers/net/team/team.c
703 +@@ -1251,6 +1251,23 @@ static int team_port_add(struct team *team, struct net_device *port_dev)
704 + goto err_option_port_add;
705 + }
706 +
707 ++ /* set promiscuity level to new slave */
708 ++ if (dev->flags & IFF_PROMISC) {
709 ++ err = dev_set_promiscuity(port_dev, 1);
710 ++ if (err)
711 ++ goto err_set_slave_promisc;
712 ++ }
713 ++
714 ++ /* set allmulti level to new slave */
715 ++ if (dev->flags & IFF_ALLMULTI) {
716 ++ err = dev_set_allmulti(port_dev, 1);
717 ++ if (err) {
718 ++ if (dev->flags & IFF_PROMISC)
719 ++ dev_set_promiscuity(port_dev, -1);
720 ++ goto err_set_slave_promisc;
721 ++ }
722 ++ }
723 ++
724 + netif_addr_lock_bh(dev);
725 + dev_uc_sync_multiple(port_dev, dev);
726 + dev_mc_sync_multiple(port_dev, dev);
727 +@@ -1267,6 +1284,9 @@ static int team_port_add(struct team *team, struct net_device *port_dev)
728 +
729 + return 0;
730 +
731 ++err_set_slave_promisc:
732 ++ __team_option_inst_del_port(team, port);
733 ++
734 + err_option_port_add:
735 + team_upper_dev_unlink(team, port);
736 +
737 +@@ -1312,6 +1332,12 @@ static int team_port_del(struct team *team, struct net_device *port_dev)
738 +
739 + team_port_disable(team, port);
740 + list_del_rcu(&port->list);
741 ++
742 ++ if (dev->flags & IFF_PROMISC)
743 ++ dev_set_promiscuity(port_dev, -1);
744 ++ if (dev->flags & IFF_ALLMULTI)
745 ++ dev_set_allmulti(port_dev, -1);
746 ++
747 + team_upper_dev_unlink(team, port);
748 + netdev_rx_handler_unregister(port_dev);
749 + team_port_disable_netpoll(port);
750 +diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00.h b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
751 +index f68d492129c6..822833a52dd3 100644
752 +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
753 ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
754 +@@ -669,7 +669,6 @@ enum rt2x00_state_flags {
755 + CONFIG_CHANNEL_HT40,
756 + CONFIG_POWERSAVING,
757 + CONFIG_HT_DISABLED,
758 +- CONFIG_QOS_DISABLED,
759 + CONFIG_MONITORING,
760 +
761 + /*
762 +diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
763 +index 987c7c4f43cd..55036ce5465c 100644
764 +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
765 ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
766 +@@ -666,18 +666,8 @@ void rt2x00mac_bss_info_changed(struct ieee80211_hw *hw,
767 + rt2x00dev->intf_associated--;
768 +
769 + rt2x00leds_led_assoc(rt2x00dev, !!rt2x00dev->intf_associated);
770 +-
771 +- clear_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags);
772 + }
773 +
774 +- /*
775 +- * Check for access point which do not support 802.11e . We have to
776 +- * generate data frames sequence number in S/W for such AP, because
777 +- * of H/W bug.
778 +- */
779 +- if (changes & BSS_CHANGED_QOS && !bss_conf->qos)
780 +- set_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags);
781 +-
782 + /*
783 + * When the erp information has changed, we should perform
784 + * additional configuration steps. For all other changes we are done.
785 +diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
786 +index 68b620b2462f..9a15a69b96a6 100644
787 +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
788 ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
789 +@@ -201,15 +201,18 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
790 + if (!rt2x00_has_cap_flag(rt2x00dev, REQUIRE_SW_SEQNO)) {
791 + /*
792 + * rt2800 has a H/W (or F/W) bug, device incorrectly increase
793 +- * seqno on retransmited data (non-QOS) frames. To workaround
794 +- * the problem let's generate seqno in software if QOS is
795 +- * disabled.
796 ++ * seqno on retransmitted data (non-QOS) and management frames.
797 ++ * To workaround the problem let's generate seqno in software.
798 ++ * Except for beacons which are transmitted periodically by H/W
799 ++ * hence hardware has to assign seqno for them.
800 + */
801 +- if (test_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags))
802 +- __clear_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
803 +- else
804 ++ if (ieee80211_is_beacon(hdr->frame_control)) {
805 ++ __set_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
806 + /* H/W will generate sequence number */
807 + return;
808 ++ }
809 ++
810 ++ __clear_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
811 + }
812 +
813 + /*
814 +diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
815 +index e3ffd244603e..97aeaddd600d 100644
816 +--- a/drivers/scsi/libfc/fc_rport.c
817 ++++ b/drivers/scsi/libfc/fc_rport.c
818 +@@ -1935,7 +1935,6 @@ static void fc_rport_recv_logo_req(struct fc_lport *lport, struct fc_frame *fp)
819 + FC_RPORT_DBG(rdata, "Received LOGO request while in state %s\n",
820 + fc_rport_state(rdata));
821 +
822 +- rdata->flags &= ~FC_RP_STARTED;
823 + fc_rport_enter_delete(rdata, RPORT_EV_STOP);
824 + mutex_unlock(&rdata->rp_mutex);
825 + kref_put(&rdata->kref, rdata->local_port->tt.rport_destroy);
826 +diff --git a/drivers/staging/comedi/drivers/ni_usb6501.c b/drivers/staging/comedi/drivers/ni_usb6501.c
827 +index 5036eebb9162..2f174a34d9e9 100644
828 +--- a/drivers/staging/comedi/drivers/ni_usb6501.c
829 ++++ b/drivers/staging/comedi/drivers/ni_usb6501.c
830 +@@ -472,10 +472,8 @@ static int ni6501_alloc_usb_buffers(struct comedi_device *dev)
831 +
832 + size = usb_endpoint_maxp(devpriv->ep_tx);
833 + devpriv->usb_tx_buf = kzalloc(size, GFP_KERNEL);
834 +- if (!devpriv->usb_tx_buf) {
835 +- kfree(devpriv->usb_rx_buf);
836 ++ if (!devpriv->usb_tx_buf)
837 + return -ENOMEM;
838 +- }
839 +
840 + return 0;
841 + }
842 +@@ -527,6 +525,9 @@ static int ni6501_auto_attach(struct comedi_device *dev,
843 + if (!devpriv)
844 + return -ENOMEM;
845 +
846 ++ mutex_init(&devpriv->mut);
847 ++ usb_set_intfdata(intf, devpriv);
848 ++
849 + ret = ni6501_find_endpoints(dev);
850 + if (ret)
851 + return ret;
852 +@@ -535,9 +536,6 @@ static int ni6501_auto_attach(struct comedi_device *dev,
853 + if (ret)
854 + return ret;
855 +
856 +- mutex_init(&devpriv->mut);
857 +- usb_set_intfdata(intf, devpriv);
858 +-
859 + ret = comedi_alloc_subdevices(dev, 2);
860 + if (ret)
861 + return ret;
862 +diff --git a/drivers/staging/comedi/drivers/vmk80xx.c b/drivers/staging/comedi/drivers/vmk80xx.c
863 +index a004aed0147a..1800eb3ae017 100644
864 +--- a/drivers/staging/comedi/drivers/vmk80xx.c
865 ++++ b/drivers/staging/comedi/drivers/vmk80xx.c
866 +@@ -691,10 +691,8 @@ static int vmk80xx_alloc_usb_buffers(struct comedi_device *dev)
867 +
868 + size = usb_endpoint_maxp(devpriv->ep_tx);
869 + devpriv->usb_tx_buf = kzalloc(size, GFP_KERNEL);
870 +- if (!devpriv->usb_tx_buf) {
871 +- kfree(devpriv->usb_rx_buf);
872 ++ if (!devpriv->usb_tx_buf)
873 + return -ENOMEM;
874 +- }
875 +
876 + return 0;
877 + }
878 +@@ -809,6 +807,8 @@ static int vmk80xx_auto_attach(struct comedi_device *dev,
879 +
880 + devpriv->model = board->model;
881 +
882 ++ sema_init(&devpriv->limit_sem, 8);
883 ++
884 + ret = vmk80xx_find_usb_endpoints(dev);
885 + if (ret)
886 + return ret;
887 +@@ -817,8 +817,6 @@ static int vmk80xx_auto_attach(struct comedi_device *dev,
888 + if (ret)
889 + return ret;
890 +
891 +- sema_init(&devpriv->limit_sem, 8);
892 +-
893 + usb_set_intfdata(intf, devpriv);
894 +
895 + if (devpriv->model == VMK8055_MODEL)
896 +diff --git a/drivers/staging/iio/adc/ad7192.c b/drivers/staging/iio/adc/ad7192.c
897 +index 4dc9ca3a11b4..b82a4ab77860 100644
898 +--- a/drivers/staging/iio/adc/ad7192.c
899 ++++ b/drivers/staging/iio/adc/ad7192.c
900 +@@ -109,10 +109,10 @@
901 + #define AD7192_CH_AIN3 BIT(6) /* AIN3 - AINCOM */
902 + #define AD7192_CH_AIN4 BIT(7) /* AIN4 - AINCOM */
903 +
904 +-#define AD7193_CH_AIN1P_AIN2M 0x000 /* AIN1(+) - AIN2(-) */
905 +-#define AD7193_CH_AIN3P_AIN4M 0x001 /* AIN3(+) - AIN4(-) */
906 +-#define AD7193_CH_AIN5P_AIN6M 0x002 /* AIN5(+) - AIN6(-) */
907 +-#define AD7193_CH_AIN7P_AIN8M 0x004 /* AIN7(+) - AIN8(-) */
908 ++#define AD7193_CH_AIN1P_AIN2M 0x001 /* AIN1(+) - AIN2(-) */
909 ++#define AD7193_CH_AIN3P_AIN4M 0x002 /* AIN3(+) - AIN4(-) */
910 ++#define AD7193_CH_AIN5P_AIN6M 0x004 /* AIN5(+) - AIN6(-) */
911 ++#define AD7193_CH_AIN7P_AIN8M 0x008 /* AIN7(+) - AIN8(-) */
912 + #define AD7193_CH_TEMP 0x100 /* Temp senseor */
913 + #define AD7193_CH_AIN2P_AIN2M 0x200 /* AIN2(+) - AIN2(-) */
914 + #define AD7193_CH_AIN1 0x401 /* AIN1 - AINCOM */
915 +diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
916 +index 2383caf88b67..a54dbfe664cd 100644
917 +--- a/drivers/vhost/vhost.c
918 ++++ b/drivers/vhost/vhost.c
919 +@@ -863,8 +863,12 @@ static int vhost_new_umem_range(struct vhost_umem *umem,
920 + u64 start, u64 size, u64 end,
921 + u64 userspace_addr, int perm)
922 + {
923 +- struct vhost_umem_node *tmp, *node = kmalloc(sizeof(*node), GFP_ATOMIC);
924 ++ struct vhost_umem_node *tmp, *node;
925 +
926 ++ if (!size)
927 ++ return -EFAULT;
928 ++
929 ++ node = kmalloc(sizeof(*node), GFP_ATOMIC);
930 + if (!node)
931 + return -ENOMEM;
932 +
933 +diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
934 +index 4ed4736b5bc6..5367b684c1f7 100644
935 +--- a/fs/cifs/cifsglob.h
936 ++++ b/fs/cifs/cifsglob.h
937 +@@ -1157,6 +1157,7 @@ cifsFileInfo_get_locked(struct cifsFileInfo *cifs_file)
938 + }
939 +
940 + struct cifsFileInfo *cifsFileInfo_get(struct cifsFileInfo *cifs_file);
941 ++void _cifsFileInfo_put(struct cifsFileInfo *cifs_file, bool wait_oplock_hdlr);
942 + void cifsFileInfo_put(struct cifsFileInfo *cifs_file);
943 +
944 + #define CIFS_CACHE_READ_FLG 1
945 +@@ -1651,6 +1652,7 @@ GLOBAL_EXTERN spinlock_t gidsidlock;
946 + #endif /* CONFIG_CIFS_ACL */
947 +
948 + void cifs_oplock_break(struct work_struct *work);
949 ++void cifs_queue_oplock_break(struct cifsFileInfo *cfile);
950 +
951 + extern const struct slow_work_ops cifs_oplock_break_ops;
952 + extern struct workqueue_struct *cifsiod_wq;
953 +diff --git a/fs/cifs/file.c b/fs/cifs/file.c
954 +index 7d295bf283ca..e7f1773b25d6 100644
955 +--- a/fs/cifs/file.c
956 ++++ b/fs/cifs/file.c
957 +@@ -358,12 +358,30 @@ cifsFileInfo_get(struct cifsFileInfo *cifs_file)
958 + return cifs_file;
959 + }
960 +
961 +-/*
962 +- * Release a reference on the file private data. This may involve closing
963 +- * the filehandle out on the server. Must be called without holding
964 +- * tcon->open_file_lock and cifs_file->file_info_lock.
965 ++/**
966 ++ * cifsFileInfo_put - release a reference of file priv data
967 ++ *
968 ++ * Always potentially wait for oplock handler. See _cifsFileInfo_put().
969 + */
970 + void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
971 ++{
972 ++ _cifsFileInfo_put(cifs_file, true);
973 ++}
974 ++
975 ++/**
976 ++ * _cifsFileInfo_put - release a reference of file priv data
977 ++ *
978 ++ * This may involve closing the filehandle @cifs_file out on the
979 ++ * server. Must be called without holding tcon->open_file_lock and
980 ++ * cifs_file->file_info_lock.
981 ++ *
982 ++ * If @wait_for_oplock_handler is true and we are releasing the last
983 ++ * reference, wait for any running oplock break handler of the file
984 ++ * and cancel any pending one. If calling this function from the
985 ++ * oplock break handler, you need to pass false.
986 ++ *
987 ++ */
988 ++void _cifsFileInfo_put(struct cifsFileInfo *cifs_file, bool wait_oplock_handler)
989 + {
990 + struct inode *inode = d_inode(cifs_file->dentry);
991 + struct cifs_tcon *tcon = tlink_tcon(cifs_file->tlink);
992 +@@ -411,7 +429,8 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
993 +
994 + spin_unlock(&tcon->open_file_lock);
995 +
996 +- oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
997 ++ oplock_break_cancelled = wait_oplock_handler ?
998 ++ cancel_work_sync(&cifs_file->oplock_break) : false;
999 +
1000 + if (!tcon->need_reconnect && !cifs_file->invalidHandle) {
1001 + struct TCP_Server_Info *server = tcon->ses->server;
1002 +@@ -3913,6 +3932,7 @@ void cifs_oplock_break(struct work_struct *work)
1003 + cinode);
1004 + cifs_dbg(FYI, "Oplock release rc = %d\n", rc);
1005 + }
1006 ++ _cifsFileInfo_put(cfile, false /* do not wait for ourself */);
1007 + cifs_done_oplock_break(cinode);
1008 + }
1009 +
1010 +diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
1011 +index 50559a80acf8..5e75df69062d 100644
1012 +--- a/fs/cifs/misc.c
1013 ++++ b/fs/cifs/misc.c
1014 +@@ -494,8 +494,7 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
1015 + CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
1016 + &pCifsInode->flags);
1017 +
1018 +- queue_work(cifsoplockd_wq,
1019 +- &netfile->oplock_break);
1020 ++ cifs_queue_oplock_break(netfile);
1021 + netfile->oplock_break_cancelled = false;
1022 +
1023 + spin_unlock(&tcon->open_file_lock);
1024 +@@ -592,6 +591,28 @@ void cifs_put_writer(struct cifsInodeInfo *cinode)
1025 + spin_unlock(&cinode->writers_lock);
1026 + }
1027 +
1028 ++/**
1029 ++ * cifs_queue_oplock_break - queue the oplock break handler for cfile
1030 ++ *
1031 ++ * This function is called from the demultiplex thread when it
1032 ++ * receives an oplock break for @cfile.
1033 ++ *
1034 ++ * Assumes the tcon->open_file_lock is held.
1035 ++ * Assumes cfile->file_info_lock is NOT held.
1036 ++ */
1037 ++void cifs_queue_oplock_break(struct cifsFileInfo *cfile)
1038 ++{
1039 ++ /*
1040 ++ * Bump the handle refcount now while we hold the
1041 ++ * open_file_lock to enforce the validity of it for the oplock
1042 ++ * break handler. The matching put is done at the end of the
1043 ++ * handler.
1044 ++ */
1045 ++ cifsFileInfo_get(cfile);
1046 ++
1047 ++ queue_work(cifsoplockd_wq, &cfile->oplock_break);
1048 ++}
1049 ++
1050 + void cifs_done_oplock_break(struct cifsInodeInfo *cinode)
1051 + {
1052 + clear_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
1053 +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
1054 +index 244d27bb8fba..9994d15a32fc 100644
1055 +--- a/fs/cifs/smb2misc.c
1056 ++++ b/fs/cifs/smb2misc.c
1057 +@@ -512,7 +512,7 @@ smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp,
1058 + clear_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
1059 + &cinode->flags);
1060 +
1061 +- queue_work(cifsoplockd_wq, &cfile->oplock_break);
1062 ++ cifs_queue_oplock_break(cfile);
1063 + kfree(lw);
1064 + return true;
1065 + }
1066 +@@ -656,8 +656,8 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
1067 + CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
1068 + &cinode->flags);
1069 + spin_unlock(&cfile->file_info_lock);
1070 +- queue_work(cifsoplockd_wq,
1071 +- &cfile->oplock_break);
1072 ++
1073 ++ cifs_queue_oplock_break(cfile);
1074 +
1075 + spin_unlock(&tcon->open_file_lock);
1076 + spin_unlock(&cifs_tcp_ses_lock);
1077 +diff --git a/include/linux/kprobes.h b/include/linux/kprobes.h
1078 +index e23392517db9..cb527c78de9f 100644
1079 +--- a/include/linux/kprobes.h
1080 ++++ b/include/linux/kprobes.h
1081 +@@ -197,6 +197,7 @@ struct kretprobe_instance {
1082 + struct kretprobe *rp;
1083 + kprobe_opcode_t *ret_addr;
1084 + struct task_struct *task;
1085 ++ void *fp;
1086 + char data[0];
1087 + };
1088 +
1089 +diff --git a/kernel/kprobes.c b/kernel/kprobes.c
1090 +index f580352cc6e5..e2845dd53b30 100644
1091 +--- a/kernel/kprobes.c
1092 ++++ b/kernel/kprobes.c
1093 +@@ -668,7 +668,6 @@ static void unoptimize_kprobe(struct kprobe *p, bool force)
1094 + static int reuse_unused_kprobe(struct kprobe *ap)
1095 + {
1096 + struct optimized_kprobe *op;
1097 +- int ret;
1098 +
1099 + BUG_ON(!kprobe_unused(ap));
1100 + /*
1101 +@@ -682,9 +681,8 @@ static int reuse_unused_kprobe(struct kprobe *ap)
1102 + /* Enable the probe again */
1103 + ap->flags &= ~KPROBE_FLAG_DISABLED;
1104 + /* Optimize it again (remove from op->list) */
1105 +- ret = kprobe_optready(ap);
1106 +- if (ret)
1107 +- return ret;
1108 ++ if (!kprobe_optready(ap))
1109 ++ return -EINVAL;
1110 +
1111 + optimize_kprobe(ap);
1112 + return 0;
1113 +diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
1114 +index d5b779d7e79f..26fc428476b9 100644
1115 +--- a/kernel/locking/lockdep.c
1116 ++++ b/kernel/locking/lockdep.c
1117 +@@ -3446,9 +3446,6 @@ __lock_set_class(struct lockdep_map *lock, const char *name,
1118 + unsigned int depth;
1119 + int i;
1120 +
1121 +- if (unlikely(!debug_locks))
1122 +- return 0;
1123 +-
1124 + depth = curr->lockdep_depth;
1125 + /*
1126 + * This function is about (re)setting the class of a held lock,
1127 +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
1128 +index 1c630d94f86b..4b1e0669740c 100644
1129 +--- a/kernel/sched/fair.c
1130 ++++ b/kernel/sched/fair.c
1131 +@@ -4347,12 +4347,15 @@ static enum hrtimer_restart sched_cfs_slack_timer(struct hrtimer *timer)
1132 + return HRTIMER_NORESTART;
1133 + }
1134 +
1135 ++extern const u64 max_cfs_quota_period;
1136 ++
1137 + static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer)
1138 + {
1139 + struct cfs_bandwidth *cfs_b =
1140 + container_of(timer, struct cfs_bandwidth, period_timer);
1141 + int overrun;
1142 + int idle = 0;
1143 ++ int count = 0;
1144 +
1145 + raw_spin_lock(&cfs_b->lock);
1146 + for (;;) {
1147 +@@ -4360,6 +4363,28 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer)
1148 + if (!overrun)
1149 + break;
1150 +
1151 ++ if (++count > 3) {
1152 ++ u64 new, old = ktime_to_ns(cfs_b->period);
1153 ++
1154 ++ new = (old * 147) / 128; /* ~115% */
1155 ++ new = min(new, max_cfs_quota_period);
1156 ++
1157 ++ cfs_b->period = ns_to_ktime(new);
1158 ++
1159 ++ /* since max is 1s, this is limited to 1e9^2, which fits in u64 */
1160 ++ cfs_b->quota *= new;
1161 ++ cfs_b->quota = div64_u64(cfs_b->quota, old);
1162 ++
1163 ++ pr_warn_ratelimited(
1164 ++ "cfs_period_timer[cpu%d]: period too short, scaling up (new cfs_period_us %lld, cfs_quota_us = %lld)\n",
1165 ++ smp_processor_id(),
1166 ++ div_u64(new, NSEC_PER_USEC),
1167 ++ div_u64(cfs_b->quota, NSEC_PER_USEC));
1168 ++
1169 ++ /* reset count so we don't come right back in here */
1170 ++ count = 0;
1171 ++ }
1172 ++
1173 + idle = do_sched_cfs_period_timer(cfs_b, overrun);
1174 + }
1175 + if (idle)
1176 +diff --git a/kernel/sysctl.c b/kernel/sysctl.c
1177 +index 5515d578095b..cf0aeaae567e 100644
1178 +--- a/kernel/sysctl.c
1179 ++++ b/kernel/sysctl.c
1180 +@@ -124,6 +124,7 @@ static int zero;
1181 + static int __maybe_unused one = 1;
1182 + static int __maybe_unused two = 2;
1183 + static int __maybe_unused four = 4;
1184 ++static unsigned long zero_ul;
1185 + static unsigned long one_ul = 1;
1186 + static unsigned long long_max = LONG_MAX;
1187 + static int one_hundred = 100;
1188 +@@ -1683,7 +1684,7 @@ static struct ctl_table fs_table[] = {
1189 + .maxlen = sizeof(files_stat.max_files),
1190 + .mode = 0644,
1191 + .proc_handler = proc_doulongvec_minmax,
1192 +- .extra1 = &zero,
1193 ++ .extra1 = &zero_ul,
1194 + .extra2 = &long_max,
1195 + },
1196 + {
1197 +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
1198 +index 8f4227d4cd39..0043aef0ed8d 100644
1199 +--- a/kernel/trace/ftrace.c
1200 ++++ b/kernel/trace/ftrace.c
1201 +@@ -32,6 +32,7 @@
1202 + #include <linux/list.h>
1203 + #include <linux/hash.h>
1204 + #include <linux/rcupdate.h>
1205 ++#include <linux/kprobes.h>
1206 +
1207 + #include <trace/events/sched.h>
1208 +
1209 +@@ -5246,7 +5247,7 @@ void ftrace_reset_array_ops(struct trace_array *tr)
1210 + tr->ops->func = ftrace_stub;
1211 + }
1212 +
1213 +-static inline void
1214 ++static nokprobe_inline void
1215 + __ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip,
1216 + struct ftrace_ops *ignored, struct pt_regs *regs)
1217 + {
1218 +@@ -5309,11 +5310,13 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip,
1219 + {
1220 + __ftrace_ops_list_func(ip, parent_ip, NULL, regs);
1221 + }
1222 ++NOKPROBE_SYMBOL(ftrace_ops_list_func);
1223 + #else
1224 + static void ftrace_ops_no_ops(unsigned long ip, unsigned long parent_ip)
1225 + {
1226 + __ftrace_ops_list_func(ip, parent_ip, NULL, NULL);
1227 + }
1228 ++NOKPROBE_SYMBOL(ftrace_ops_no_ops);
1229 + #endif
1230 +
1231 + /*
1232 +@@ -5343,6 +5346,7 @@ static void ftrace_ops_assist_func(unsigned long ip, unsigned long parent_ip,
1233 + preempt_enable_notrace();
1234 + trace_clear_recursion(bit);
1235 + }
1236 ++NOKPROBE_SYMBOL(ftrace_ops_assist_func);
1237 +
1238 + /**
1239 + * ftrace_ops_get_func - get the function a trampoline should call
1240 +diff --git a/mm/percpu.c b/mm/percpu.c
1241 +index 3794cfc88689..0462a2a00f05 100644
1242 +--- a/mm/percpu.c
1243 ++++ b/mm/percpu.c
1244 +@@ -2048,8 +2048,8 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size,
1245 + ai->groups[group].base_offset = areas[group] - base;
1246 + }
1247 +
1248 +- pr_info("Embedded %zu pages/cpu @%p s%zu r%zu d%zu u%zu\n",
1249 +- PFN_DOWN(size_sum), base, ai->static_size, ai->reserved_size,
1250 ++ pr_info("Embedded %zu pages/cpu s%zu r%zu d%zu u%zu\n",
1251 ++ PFN_DOWN(size_sum), ai->static_size, ai->reserved_size,
1252 + ai->dyn_size, ai->unit_size);
1253 +
1254 + rc = pcpu_setup_first_chunk(ai, base);
1255 +@@ -2162,8 +2162,8 @@ int __init pcpu_page_first_chunk(size_t reserved_size,
1256 + }
1257 +
1258 + /* we're ready, commit */
1259 +- pr_info("%d %s pages/cpu @%p s%zu r%zu d%zu\n",
1260 +- unit_pages, psize_str, vm.addr, ai->static_size,
1261 ++ pr_info("%d %s pages/cpu s%zu r%zu d%zu\n",
1262 ++ unit_pages, psize_str, ai->static_size,
1263 + ai->reserved_size, ai->dyn_size);
1264 +
1265 + rc = pcpu_setup_first_chunk(ai, vm.addr);
1266 +diff --git a/mm/vmstat.c b/mm/vmstat.c
1267 +index 5e6a4d76659d..9af8d369e112 100644
1268 +--- a/mm/vmstat.c
1269 ++++ b/mm/vmstat.c
1270 +@@ -1075,13 +1075,8 @@ const char * const vmstat_text[] = {
1271 + #endif
1272 + #endif /* CONFIG_MEMORY_BALLOON */
1273 + #ifdef CONFIG_DEBUG_TLBFLUSH
1274 +-#ifdef CONFIG_SMP
1275 + "nr_tlb_remote_flush",
1276 + "nr_tlb_remote_flush_received",
1277 +-#else
1278 +- "", /* nr_tlb_remote_flush */
1279 +- "", /* nr_tlb_remote_flush_received */
1280 +-#endif /* CONFIG_SMP */
1281 + "nr_tlb_local_flush_all",
1282 + "nr_tlb_local_flush_one",
1283 + #endif /* CONFIG_DEBUG_TLBFLUSH */
1284 +diff --git a/net/atm/lec.c b/net/atm/lec.c
1285 +index 1e84c5226c84..704892d79bf1 100644
1286 +--- a/net/atm/lec.c
1287 ++++ b/net/atm/lec.c
1288 +@@ -721,7 +721,10 @@ static int lec_vcc_attach(struct atm_vcc *vcc, void __user *arg)
1289 +
1290 + static int lec_mcast_attach(struct atm_vcc *vcc, int arg)
1291 + {
1292 +- if (arg < 0 || arg >= MAX_LEC_ITF || !dev_lec[arg])
1293 ++ if (arg < 0 || arg >= MAX_LEC_ITF)
1294 ++ return -EINVAL;
1295 ++ arg = array_index_nospec(arg, MAX_LEC_ITF);
1296 ++ if (!dev_lec[arg])
1297 + return -EINVAL;
1298 + vcc->proto_data = dev_lec[arg];
1299 + return lec_mcast_make(netdev_priv(dev_lec[arg]), vcc);
1300 +@@ -739,6 +742,7 @@ static int lecd_attach(struct atm_vcc *vcc, int arg)
1301 + i = arg;
1302 + if (arg >= MAX_LEC_ITF)
1303 + return -EINVAL;
1304 ++ i = array_index_nospec(arg, MAX_LEC_ITF);
1305 + if (!dev_lec[i]) {
1306 + int size;
1307 +
1308 +diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
1309 +index 267b46af407f..c615dff40ab4 100644
1310 +--- a/net/bridge/br_input.c
1311 ++++ b/net/bridge/br_input.c
1312 +@@ -231,13 +231,10 @@ static void __br_handle_local_finish(struct sk_buff *skb)
1313 + /* note: already called with rcu_read_lock */
1314 + static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
1315 + {
1316 +- struct net_bridge_port *p = br_port_get_rcu(skb->dev);
1317 +-
1318 + __br_handle_local_finish(skb);
1319 +
1320 +- BR_INPUT_SKB_CB(skb)->brdev = p->br->dev;
1321 +- br_pass_frame_up(skb);
1322 +- return 0;
1323 ++ /* return 1 to signal the okfn() was called so it's ok to use the skb */
1324 ++ return 1;
1325 + }
1326 +
1327 + /*
1328 +@@ -308,10 +305,18 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
1329 + goto forward;
1330 + }
1331 +
1332 +- /* Deliver packet to local host only */
1333 +- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, dev_net(skb->dev),
1334 +- NULL, skb, skb->dev, NULL, br_handle_local_finish);
1335 +- return RX_HANDLER_CONSUMED;
1336 ++ /* The else clause should be hit when nf_hook():
1337 ++ * - returns < 0 (drop/error)
1338 ++ * - returns = 0 (stolen/nf_queue)
1339 ++ * Thus return 1 from the okfn() to signal the skb is ok to pass
1340 ++ */
1341 ++ if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
1342 ++ dev_net(skb->dev), NULL, skb, skb->dev, NULL,
1343 ++ br_handle_local_finish) == 1) {
1344 ++ return RX_HANDLER_PASS;
1345 ++ } else {
1346 ++ return RX_HANDLER_CONSUMED;
1347 ++ }
1348 + }
1349 +
1350 + forward:
1351 +diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
1352 +index 2136e45f5277..964ffff90432 100644
1353 +--- a/net/bridge/br_multicast.c
1354 ++++ b/net/bridge/br_multicast.c
1355 +@@ -1983,7 +1983,8 @@ static void br_multicast_start_querier(struct net_bridge *br,
1356 +
1357 + __br_multicast_open(br, query);
1358 +
1359 +- list_for_each_entry(port, &br->port_list, list) {
1360 ++ rcu_read_lock();
1361 ++ list_for_each_entry_rcu(port, &br->port_list, list) {
1362 + if (port->state == BR_STATE_DISABLED ||
1363 + port->state == BR_STATE_BLOCKING)
1364 + continue;
1365 +@@ -1995,6 +1996,7 @@ static void br_multicast_start_querier(struct net_bridge *br,
1366 + br_multicast_enable(&port->ip6_own_query);
1367 + #endif
1368 + }
1369 ++ rcu_read_unlock();
1370 + }
1371 +
1372 + int br_multicast_toggle(struct net_bridge *br, unsigned long val)
1373 +diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
1374 +index 030d1531e897..17acc89f9dec 100644
1375 +--- a/net/ipv4/fou.c
1376 ++++ b/net/ipv4/fou.c
1377 +@@ -119,6 +119,7 @@ static int gue_udp_recv(struct sock *sk, struct sk_buff *skb)
1378 + struct guehdr *guehdr;
1379 + void *data;
1380 + u16 doffset = 0;
1381 ++ u8 proto_ctype;
1382 +
1383 + if (!fou)
1384 + return 1;
1385 +@@ -210,13 +211,14 @@ static int gue_udp_recv(struct sock *sk, struct sk_buff *skb)
1386 + if (unlikely(guehdr->control))
1387 + return gue_control_message(skb, guehdr);
1388 +
1389 ++ proto_ctype = guehdr->proto_ctype;
1390 + __skb_pull(skb, sizeof(struct udphdr) + hdrlen);
1391 + skb_reset_transport_header(skb);
1392 +
1393 + if (iptunnel_pull_offloads(skb))
1394 + goto drop;
1395 +
1396 +- return -guehdr->proto_ctype;
1397 ++ return -proto_ctype;
1398 +
1399 + drop:
1400 + kfree_skb(skb);
1401 +diff --git a/net/ipv4/route.c b/net/ipv4/route.c
1402 +index c42fb2330b45..0e2cf9634541 100644
1403 +--- a/net/ipv4/route.c
1404 ++++ b/net/ipv4/route.c
1405 +@@ -1170,9 +1170,23 @@ static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1406 +
1407 + static void ipv4_link_failure(struct sk_buff *skb)
1408 + {
1409 ++ struct ip_options opt;
1410 + struct rtable *rt;
1411 ++ int res;
1412 ++
1413 ++ /* Recompile ip options since IPCB may not be valid anymore.
1414 ++ */
1415 ++ memset(&opt, 0, sizeof(opt));
1416 ++ opt.optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);
1417 ++
1418 ++ rcu_read_lock();
1419 ++ res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL);
1420 ++ rcu_read_unlock();
1421 ++
1422 ++ if (res)
1423 ++ return;
1424 +
1425 +- icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
1426 ++ __icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0, &opt);
1427 +
1428 + rt = skb_rtable(skb);
1429 + if (rt)
1430 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1431 +index cd4f13dda49e..e238539c3497 100644
1432 +--- a/net/ipv4/tcp_input.c
1433 ++++ b/net/ipv4/tcp_input.c
1434 +@@ -389,11 +389,12 @@ static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb)
1435 + static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb)
1436 + {
1437 + struct tcp_sock *tp = tcp_sk(sk);
1438 ++ int room;
1439 ++
1440 ++ room = min_t(int, tp->window_clamp, tcp_space(sk)) - tp->rcv_ssthresh;
1441 +
1442 + /* Check #1 */
1443 +- if (tp->rcv_ssthresh < tp->window_clamp &&
1444 +- (int)tp->rcv_ssthresh < tcp_space(sk) &&
1445 +- !tcp_under_memory_pressure(sk)) {
1446 ++ if (room > 0 && !tcp_under_memory_pressure(sk)) {
1447 + int incr;
1448 +
1449 + /* Check #2. Increase window, if skb with such overhead
1450 +@@ -406,8 +407,7 @@ static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb)
1451 +
1452 + if (incr) {
1453 + incr = max_t(int, incr, 2 * skb->len);
1454 +- tp->rcv_ssthresh = min(tp->rcv_ssthresh + incr,
1455 +- tp->window_clamp);
1456 ++ tp->rcv_ssthresh += min(room, incr);
1457 + inet_csk(sk)->icsk_ack.quick |= 1;
1458 + }
1459 + }
1460 +diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
1461 +index 49c8a9c9b91f..1a169de60192 100644
1462 +--- a/net/mac80211/driver-ops.h
1463 ++++ b/net/mac80211/driver-ops.h
1464 +@@ -1163,6 +1163,9 @@ static inline void drv_wake_tx_queue(struct ieee80211_local *local,
1465 + {
1466 + struct ieee80211_sub_if_data *sdata = vif_to_sdata(txq->txq.vif);
1467 +
1468 ++ if (local->in_reconfig)
1469 ++ return;
1470 ++
1471 + if (!check_sdata_in_driver(sdata))
1472 + return;
1473 +
1474 +diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
1475 +index 29d6699d5a06..55b4c0dc2b93 100644
1476 +--- a/scripts/mod/file2alias.c
1477 ++++ b/scripts/mod/file2alias.c
1478 +@@ -47,49 +47,9 @@ typedef struct {
1479 + struct devtable {
1480 + const char *device_id; /* name of table, __mod_<name>__*_device_table. */
1481 + unsigned long id_size;
1482 +- void *function;
1483 ++ int (*do_entry)(const char *filename, void *symval, char *alias);
1484 + };
1485 +
1486 +-#define ___cat(a,b) a ## b
1487 +-#define __cat(a,b) ___cat(a,b)
1488 +-
1489 +-/* we need some special handling for this host tool running eventually on
1490 +- * Darwin. The Mach-O section handling is a bit different than ELF section
1491 +- * handling. The differnces in detail are:
1492 +- * a) we have segments which have sections
1493 +- * b) we need a API call to get the respective section symbols */
1494 +-#if defined(__MACH__)
1495 +-#include <mach-o/getsect.h>
1496 +-
1497 +-#define INIT_SECTION(name) do { \
1498 +- unsigned long name ## _len; \
1499 +- char *__cat(pstart_,name) = getsectdata("__TEXT", \
1500 +- #name, &__cat(name,_len)); \
1501 +- char *__cat(pstop_,name) = __cat(pstart_,name) + \
1502 +- __cat(name, _len); \
1503 +- __cat(__start_,name) = (void *)__cat(pstart_,name); \
1504 +- __cat(__stop_,name) = (void *)__cat(pstop_,name); \
1505 +- } while (0)
1506 +-#define SECTION(name) __attribute__((section("__TEXT, " #name)))
1507 +-
1508 +-struct devtable **__start___devtable, **__stop___devtable;
1509 +-#else
1510 +-#define INIT_SECTION(name) /* no-op for ELF */
1511 +-#define SECTION(name) __attribute__((section(#name)))
1512 +-
1513 +-/* We construct a table of pointers in an ELF section (pointers generally
1514 +- * go unpadded by gcc). ld creates boundary syms for us. */
1515 +-extern struct devtable *__start___devtable[], *__stop___devtable[];
1516 +-#endif /* __MACH__ */
1517 +-
1518 +-#if !defined(__used)
1519 +-# if __GNUC__ == 3 && __GNUC_MINOR__ < 3
1520 +-# define __used __attribute__((__unused__))
1521 +-# else
1522 +-# define __used __attribute__((__used__))
1523 +-# endif
1524 +-#endif
1525 +-
1526 + /* Define a variable f that holds the value of field f of struct devid
1527 + * based at address m.
1528 + */
1529 +@@ -102,16 +62,6 @@ extern struct devtable *__start___devtable[], *__stop___devtable[];
1530 + #define DEF_FIELD_ADDR(m, devid, f) \
1531 + typeof(((struct devid *)0)->f) *f = ((m) + OFF_##devid##_##f)
1532 +
1533 +-/* Add a table entry. We test function type matches while we're here. */
1534 +-#define ADD_TO_DEVTABLE(device_id, type, function) \
1535 +- static struct devtable __cat(devtable,__LINE__) = { \
1536 +- device_id + 0*sizeof((function)((const char *)NULL, \
1537 +- (void *)NULL, \
1538 +- (char *)NULL)), \
1539 +- SIZE_##type, (function) }; \
1540 +- static struct devtable *SECTION(__devtable) __used \
1541 +- __cat(devtable_ptr,__LINE__) = &__cat(devtable,__LINE__)
1542 +-
1543 + #define ADD(str, sep, cond, field) \
1544 + do { \
1545 + strcat(str, sep); \
1546 +@@ -431,7 +381,6 @@ static int do_hid_entry(const char *filename,
1547 +
1548 + return 1;
1549 + }
1550 +-ADD_TO_DEVTABLE("hid", hid_device_id, do_hid_entry);
1551 +
1552 + /* Looks like: ieee1394:venNmoNspNverN */
1553 + static int do_ieee1394_entry(const char *filename,
1554 +@@ -456,7 +405,6 @@ static int do_ieee1394_entry(const char *filename,
1555 + add_wildcard(alias);
1556 + return 1;
1557 + }
1558 +-ADD_TO_DEVTABLE("ieee1394", ieee1394_device_id, do_ieee1394_entry);
1559 +
1560 + /* Looks like: pci:vNdNsvNsdNbcNscNiN. */
1561 + static int do_pci_entry(const char *filename,
1562 +@@ -500,7 +448,6 @@ static int do_pci_entry(const char *filename,
1563 + add_wildcard(alias);
1564 + return 1;
1565 + }
1566 +-ADD_TO_DEVTABLE("pci", pci_device_id, do_pci_entry);
1567 +
1568 + /* looks like: "ccw:tNmNdtNdmN" */
1569 + static int do_ccw_entry(const char *filename,
1570 +@@ -524,7 +471,6 @@ static int do_ccw_entry(const char *filename,
1571 + add_wildcard(alias);
1572 + return 1;
1573 + }
1574 +-ADD_TO_DEVTABLE("ccw", ccw_device_id, do_ccw_entry);
1575 +
1576 + /* looks like: "ap:tN" */
1577 + static int do_ap_entry(const char *filename,
1578 +@@ -535,7 +481,6 @@ static int do_ap_entry(const char *filename,
1579 + sprintf(alias, "ap:t%02X*", dev_type);
1580 + return 1;
1581 + }
1582 +-ADD_TO_DEVTABLE("ap", ap_device_id, do_ap_entry);
1583 +
1584 + /* looks like: "css:tN" */
1585 + static int do_css_entry(const char *filename,
1586 +@@ -546,7 +491,6 @@ static int do_css_entry(const char *filename,
1587 + sprintf(alias, "css:t%01X", type);
1588 + return 1;
1589 + }
1590 +-ADD_TO_DEVTABLE("css", css_device_id, do_css_entry);
1591 +
1592 + /* Looks like: "serio:tyNprNidNexN" */
1593 + static int do_serio_entry(const char *filename,
1594 +@@ -566,7 +510,6 @@ static int do_serio_entry(const char *filename,
1595 + add_wildcard(alias);
1596 + return 1;
1597 + }
1598 +-ADD_TO_DEVTABLE("serio", serio_device_id, do_serio_entry);
1599 +
1600 + /* looks like: "acpi:ACPI0003" or "acpi:PNP0C0B" or "acpi:LNXVIDEO" or
1601 + * "acpi:bbsspp" (bb=base-class, ss=sub-class, pp=prog-if)
1602 +@@ -604,7 +547,6 @@ static int do_acpi_entry(const char *filename,
1603 + }
1604 + return 1;
1605 + }
1606 +-ADD_TO_DEVTABLE("acpi", acpi_device_id, do_acpi_entry);
1607 +
1608 + /* looks like: "pnp:dD" */
1609 + static void do_pnp_device_entry(void *symval, unsigned long size,
1610 +@@ -725,7 +667,6 @@ static int do_pcmcia_entry(const char *filename,
1611 + add_wildcard(alias);
1612 + return 1;
1613 + }
1614 +-ADD_TO_DEVTABLE("pcmcia", pcmcia_device_id, do_pcmcia_entry);
1615 +
1616 + static int do_vio_entry(const char *filename, void *symval,
1617 + char *alias)
1618 +@@ -745,7 +686,6 @@ static int do_vio_entry(const char *filename, void *symval,
1619 + add_wildcard(alias);
1620 + return 1;
1621 + }
1622 +-ADD_TO_DEVTABLE("vio", vio_device_id, do_vio_entry);
1623 +
1624 + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
1625 +
1626 +@@ -818,7 +758,6 @@ static int do_input_entry(const char *filename, void *symval,
1627 + do_input(alias, *swbit, 0, INPUT_DEVICE_ID_SW_MAX);
1628 + return 1;
1629 + }
1630 +-ADD_TO_DEVTABLE("input", input_device_id, do_input_entry);
1631 +
1632 + static int do_eisa_entry(const char *filename, void *symval,
1633 + char *alias)
1634 +@@ -830,7 +769,6 @@ static int do_eisa_entry(const char *filename, void *symval,
1635 + strcat(alias, "*");
1636 + return 1;
1637 + }
1638 +-ADD_TO_DEVTABLE("eisa", eisa_device_id, do_eisa_entry);
1639 +
1640 + /* Looks like: parisc:tNhvNrevNsvN */
1641 + static int do_parisc_entry(const char *filename, void *symval,
1642 +@@ -850,7 +788,6 @@ static int do_parisc_entry(const char *filename, void *symval,
1643 + add_wildcard(alias);
1644 + return 1;
1645 + }
1646 +-ADD_TO_DEVTABLE("parisc", parisc_device_id, do_parisc_entry);
1647 +
1648 + /* Looks like: sdio:cNvNdN. */
1649 + static int do_sdio_entry(const char *filename,
1650 +@@ -867,7 +804,6 @@ static int do_sdio_entry(const char *filename,
1651 + add_wildcard(alias);
1652 + return 1;
1653 + }
1654 +-ADD_TO_DEVTABLE("sdio", sdio_device_id, do_sdio_entry);
1655 +
1656 + /* Looks like: ssb:vNidNrevN. */
1657 + static int do_ssb_entry(const char *filename,
1658 +@@ -884,7 +820,6 @@ static int do_ssb_entry(const char *filename,
1659 + add_wildcard(alias);
1660 + return 1;
1661 + }
1662 +-ADD_TO_DEVTABLE("ssb", ssb_device_id, do_ssb_entry);
1663 +
1664 + /* Looks like: bcma:mNidNrevNclN. */
1665 + static int do_bcma_entry(const char *filename,
1666 +@@ -903,7 +838,6 @@ static int do_bcma_entry(const char *filename,
1667 + add_wildcard(alias);
1668 + return 1;
1669 + }
1670 +-ADD_TO_DEVTABLE("bcma", bcma_device_id, do_bcma_entry);
1671 +
1672 + /* Looks like: virtio:dNvN */
1673 + static int do_virtio_entry(const char *filename, void *symval,
1674 +@@ -919,7 +853,6 @@ static int do_virtio_entry(const char *filename, void *symval,
1675 + add_wildcard(alias);
1676 + return 1;
1677 + }
1678 +-ADD_TO_DEVTABLE("virtio", virtio_device_id, do_virtio_entry);
1679 +
1680 + /*
1681 + * Looks like: vmbus:guid
1682 +@@ -942,7 +875,6 @@ static int do_vmbus_entry(const char *filename, void *symval,
1683 +
1684 + return 1;
1685 + }
1686 +-ADD_TO_DEVTABLE("vmbus", hv_vmbus_device_id, do_vmbus_entry);
1687 +
1688 + /* Looks like: i2c:S */
1689 + static int do_i2c_entry(const char *filename, void *symval,
1690 +@@ -953,7 +885,6 @@ static int do_i2c_entry(const char *filename, void *symval,
1691 +
1692 + return 1;
1693 + }
1694 +-ADD_TO_DEVTABLE("i2c", i2c_device_id, do_i2c_entry);
1695 +
1696 + /* Looks like: spi:S */
1697 + static int do_spi_entry(const char *filename, void *symval,
1698 +@@ -964,7 +895,6 @@ static int do_spi_entry(const char *filename, void *symval,
1699 +
1700 + return 1;
1701 + }
1702 +-ADD_TO_DEVTABLE("spi", spi_device_id, do_spi_entry);
1703 +
1704 + static const struct dmifield {
1705 + const char *prefix;
1706 +@@ -1019,7 +949,6 @@ static int do_dmi_entry(const char *filename, void *symval,
1707 + strcat(alias, ":");
1708 + return 1;
1709 + }
1710 +-ADD_TO_DEVTABLE("dmi", dmi_system_id, do_dmi_entry);
1711 +
1712 + static int do_platform_entry(const char *filename,
1713 + void *symval, char *alias)
1714 +@@ -1028,7 +957,6 @@ static int do_platform_entry(const char *filename,
1715 + sprintf(alias, PLATFORM_MODULE_PREFIX "%s", *name);
1716 + return 1;
1717 + }
1718 +-ADD_TO_DEVTABLE("platform", platform_device_id, do_platform_entry);
1719 +
1720 + static int do_mdio_entry(const char *filename,
1721 + void *symval, char *alias)
1722 +@@ -1053,7 +981,6 @@ static int do_mdio_entry(const char *filename,
1723 +
1724 + return 1;
1725 + }
1726 +-ADD_TO_DEVTABLE("mdio", mdio_device_id, do_mdio_entry);
1727 +
1728 + /* Looks like: zorro:iN. */
1729 + static int do_zorro_entry(const char *filename, void *symval,
1730 +@@ -1064,7 +991,6 @@ static int do_zorro_entry(const char *filename, void *symval,
1731 + ADD(alias, "i", id != ZORRO_WILDCARD, id);
1732 + return 1;
1733 + }
1734 +-ADD_TO_DEVTABLE("zorro", zorro_device_id, do_zorro_entry);
1735 +
1736 + /* looks like: "pnp:dD" */
1737 + static int do_isapnp_entry(const char *filename,
1738 +@@ -1080,7 +1006,6 @@ static int do_isapnp_entry(const char *filename,
1739 + (function >> 12) & 0x0f, (function >> 8) & 0x0f);
1740 + return 1;
1741 + }
1742 +-ADD_TO_DEVTABLE("isapnp", isapnp_device_id, do_isapnp_entry);
1743 +
1744 + /* Looks like: "ipack:fNvNdN". */
1745 + static int do_ipack_entry(const char *filename,
1746 +@@ -1096,7 +1021,6 @@ static int do_ipack_entry(const char *filename,
1747 + add_wildcard(alias);
1748 + return 1;
1749 + }
1750 +-ADD_TO_DEVTABLE("ipack", ipack_device_id, do_ipack_entry);
1751 +
1752 + /*
1753 + * Append a match expression for a single masked hex digit.
1754 +@@ -1167,7 +1091,6 @@ static int do_amba_entry(const char *filename,
1755 +
1756 + return 1;
1757 + }
1758 +-ADD_TO_DEVTABLE("amba", amba_id, do_amba_entry);
1759 +
1760 + /*
1761 + * looks like: "mipscdmm:tN"
1762 +@@ -1183,7 +1106,6 @@ static int do_mips_cdmm_entry(const char *filename,
1763 + sprintf(alias, "mipscdmm:t%02X*", type);
1764 + return 1;
1765 + }
1766 +-ADD_TO_DEVTABLE("mipscdmm", mips_cdmm_device_id, do_mips_cdmm_entry);
1767 +
1768 + /* LOOKS like cpu:type:x86,venVVVVfamFFFFmodMMMM:feature:*,FEAT,*
1769 + * All fields are numbers. It would be nicer to use strings for vendor
1770 +@@ -1208,7 +1130,6 @@ static int do_x86cpu_entry(const char *filename, void *symval,
1771 + sprintf(alias + strlen(alias), "%04X*", feature);
1772 + return 1;
1773 + }
1774 +-ADD_TO_DEVTABLE("x86cpu", x86_cpu_id, do_x86cpu_entry);
1775 +
1776 + /* LOOKS like cpu:type:*:feature:*FEAT* */
1777 + static int do_cpu_entry(const char *filename, void *symval, char *alias)
1778 +@@ -1218,7 +1139,6 @@ static int do_cpu_entry(const char *filename, void *symval, char *alias)
1779 + sprintf(alias, "cpu:type:*:feature:*%04X*", feature);
1780 + return 1;
1781 + }
1782 +-ADD_TO_DEVTABLE("cpu", cpu_feature, do_cpu_entry);
1783 +
1784 + /* Looks like: mei:S:uuid:N:* */
1785 + static int do_mei_entry(const char *filename, void *symval,
1786 +@@ -1237,7 +1157,6 @@ static int do_mei_entry(const char *filename, void *symval,
1787 +
1788 + return 1;
1789 + }
1790 +-ADD_TO_DEVTABLE("mei", mei_cl_device_id, do_mei_entry);
1791 +
1792 + /* Looks like: rapidio:vNdNavNadN */
1793 + static int do_rio_entry(const char *filename,
1794 +@@ -1257,7 +1176,6 @@ static int do_rio_entry(const char *filename,
1795 + add_wildcard(alias);
1796 + return 1;
1797 + }
1798 +-ADD_TO_DEVTABLE("rapidio", rio_device_id, do_rio_entry);
1799 +
1800 + /* Looks like: ulpi:vNpN */
1801 + static int do_ulpi_entry(const char *filename, void *symval,
1802 +@@ -1270,7 +1188,6 @@ static int do_ulpi_entry(const char *filename, void *symval,
1803 +
1804 + return 1;
1805 + }
1806 +-ADD_TO_DEVTABLE("ulpi", ulpi_device_id, do_ulpi_entry);
1807 +
1808 + /* Looks like: hdaudio:vNrNaN */
1809 + static int do_hda_entry(const char *filename, void *symval, char *alias)
1810 +@@ -1287,7 +1204,6 @@ static int do_hda_entry(const char *filename, void *symval, char *alias)
1811 + add_wildcard(alias);
1812 + return 1;
1813 + }
1814 +-ADD_TO_DEVTABLE("hdaudio", hda_device_id, do_hda_entry);
1815 +
1816 + /* Looks like: fsl-mc:vNdN */
1817 + static int do_fsl_mc_entry(const char *filename, void *symval,
1818 +@@ -1299,7 +1215,6 @@ static int do_fsl_mc_entry(const char *filename, void *symval,
1819 + sprintf(alias, "fsl-mc:v%08Xd%s", vendor, *obj_type);
1820 + return 1;
1821 + }
1822 +-ADD_TO_DEVTABLE("fslmc", fsl_mc_device_id, do_fsl_mc_entry);
1823 +
1824 + /* Does namelen bytes of name exactly match the symbol? */
1825 + static bool sym_is(const char *name, unsigned namelen, const char *symbol)
1826 +@@ -1313,12 +1228,11 @@ static bool sym_is(const char *name, unsigned namelen, const char *symbol)
1827 + static void do_table(void *symval, unsigned long size,
1828 + unsigned long id_size,
1829 + const char *device_id,
1830 +- void *function,
1831 ++ int (*do_entry)(const char *filename, void *symval, char *alias),
1832 + struct module *mod)
1833 + {
1834 + unsigned int i;
1835 + char alias[500];
1836 +- int (*do_entry)(const char *, void *entry, char *alias) = function;
1837 +
1838 + device_id_check(mod->name, device_id, size, id_size, symval);
1839 + /* Leave last one: it's the terminator. */
1840 +@@ -1332,6 +1246,44 @@ static void do_table(void *symval, unsigned long size,
1841 + }
1842 + }
1843 +
1844 ++static const struct devtable devtable[] = {
1845 ++ {"hid", SIZE_hid_device_id, do_hid_entry},
1846 ++ {"ieee1394", SIZE_ieee1394_device_id, do_ieee1394_entry},
1847 ++ {"pci", SIZE_pci_device_id, do_pci_entry},
1848 ++ {"ccw", SIZE_ccw_device_id, do_ccw_entry},
1849 ++ {"ap", SIZE_ap_device_id, do_ap_entry},
1850 ++ {"css", SIZE_css_device_id, do_css_entry},
1851 ++ {"serio", SIZE_serio_device_id, do_serio_entry},
1852 ++ {"acpi", SIZE_acpi_device_id, do_acpi_entry},
1853 ++ {"pcmcia", SIZE_pcmcia_device_id, do_pcmcia_entry},
1854 ++ {"vio", SIZE_vio_device_id, do_vio_entry},
1855 ++ {"input", SIZE_input_device_id, do_input_entry},
1856 ++ {"eisa", SIZE_eisa_device_id, do_eisa_entry},
1857 ++ {"parisc", SIZE_parisc_device_id, do_parisc_entry},
1858 ++ {"sdio", SIZE_sdio_device_id, do_sdio_entry},
1859 ++ {"ssb", SIZE_ssb_device_id, do_ssb_entry},
1860 ++ {"bcma", SIZE_bcma_device_id, do_bcma_entry},
1861 ++ {"virtio", SIZE_virtio_device_id, do_virtio_entry},
1862 ++ {"vmbus", SIZE_hv_vmbus_device_id, do_vmbus_entry},
1863 ++ {"i2c", SIZE_i2c_device_id, do_i2c_entry},
1864 ++ {"spi", SIZE_spi_device_id, do_spi_entry},
1865 ++ {"dmi", SIZE_dmi_system_id, do_dmi_entry},
1866 ++ {"platform", SIZE_platform_device_id, do_platform_entry},
1867 ++ {"mdio", SIZE_mdio_device_id, do_mdio_entry},
1868 ++ {"zorro", SIZE_zorro_device_id, do_zorro_entry},
1869 ++ {"isapnp", SIZE_isapnp_device_id, do_isapnp_entry},
1870 ++ {"ipack", SIZE_ipack_device_id, do_ipack_entry},
1871 ++ {"amba", SIZE_amba_id, do_amba_entry},
1872 ++ {"mipscdmm", SIZE_mips_cdmm_device_id, do_mips_cdmm_entry},
1873 ++ {"x86cpu", SIZE_x86_cpu_id, do_x86cpu_entry},
1874 ++ {"cpu", SIZE_cpu_feature, do_cpu_entry},
1875 ++ {"mei", SIZE_mei_cl_device_id, do_mei_entry},
1876 ++ {"rapidio", SIZE_rio_device_id, do_rio_entry},
1877 ++ {"ulpi", SIZE_ulpi_device_id, do_ulpi_entry},
1878 ++ {"hdaudio", SIZE_hda_device_id, do_hda_entry},
1879 ++ {"fslmc", SIZE_fsl_mc_device_id, do_fsl_mc_entry},
1880 ++};
1881 ++
1882 + /* Create MODULE_ALIAS() statements.
1883 + * At this time, we cannot write the actual output C source yet,
1884 + * so we write into the mod->dev_table_buf buffer. */
1885 +@@ -1386,13 +1338,14 @@ void handle_moddevtable(struct module *mod, struct elf_info *info,
1886 + else if (sym_is(name, namelen, "pnp_card"))
1887 + do_pnp_card_entries(symval, sym->st_size, mod);
1888 + else {
1889 +- struct devtable **p;
1890 +- INIT_SECTION(__devtable);
1891 ++ int i;
1892 ++
1893 ++ for (i = 0; i < ARRAY_SIZE(devtable); i++) {
1894 ++ const struct devtable *p = &devtable[i];
1895 +
1896 +- for (p = __start___devtable; p < __stop___devtable; p++) {
1897 +- if (sym_is(name, namelen, (*p)->device_id)) {
1898 +- do_table(symval, sym->st_size, (*p)->id_size,
1899 +- (*p)->device_id, (*p)->function, mod);
1900 ++ if (sym_is(name, namelen, p->device_id)) {
1901 ++ do_table(symval, sym->st_size, p->id_size,
1902 ++ p->device_id, p->do_entry, mod);
1903 + break;
1904 + }
1905 + }
1906 +diff --git a/security/device_cgroup.c b/security/device_cgroup.c
1907 +index 03c1652c9a1f..db3bdc91c520 100644
1908 +--- a/security/device_cgroup.c
1909 ++++ b/security/device_cgroup.c
1910 +@@ -568,7 +568,7 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
1911 + devcg->behavior == DEVCG_DEFAULT_ALLOW) {
1912 + rc = dev_exception_add(devcg, ex);
1913 + if (rc)
1914 +- break;
1915 ++ return rc;
1916 + } else {
1917 + /*
1918 + * in the other possible cases:
1919 +diff --git a/sound/core/info.c b/sound/core/info.c
1920 +index 8ab72e0f5932..358a6947342d 100644
1921 +--- a/sound/core/info.c
1922 ++++ b/sound/core/info.c
1923 +@@ -724,8 +724,11 @@ snd_info_create_entry(const char *name, struct snd_info_entry *parent)
1924 + INIT_LIST_HEAD(&entry->children);
1925 + INIT_LIST_HEAD(&entry->list);
1926 + entry->parent = parent;
1927 +- if (parent)
1928 ++ if (parent) {
1929 ++ mutex_lock(&parent->access);
1930 + list_add_tail(&entry->list, &parent->children);
1931 ++ mutex_unlock(&parent->access);
1932 ++ }
1933 + return entry;
1934 + }
1935 +
1936 +@@ -809,7 +812,12 @@ void snd_info_free_entry(struct snd_info_entry * entry)
1937 + list_for_each_entry_safe(p, n, &entry->children, list)
1938 + snd_info_free_entry(p);
1939 +
1940 +- list_del(&entry->list);
1941 ++ p = entry->parent;
1942 ++ if (p) {
1943 ++ mutex_lock(&p->access);
1944 ++ list_del(&entry->list);
1945 ++ mutex_unlock(&p->access);
1946 ++ }
1947 + kfree(entry->name);
1948 + if (entry->private_free)
1949 + entry->private_free(entry);
1950 +diff --git a/sound/core/init.c b/sound/core/init.c
1951 +index 6bda8436d765..02e96c580cb7 100644
1952 +--- a/sound/core/init.c
1953 ++++ b/sound/core/init.c
1954 +@@ -408,14 +408,7 @@ int snd_card_disconnect(struct snd_card *card)
1955 + card->shutdown = 1;
1956 + spin_unlock(&card->files_lock);
1957 +
1958 +- /* phase 1: disable fops (user space) operations for ALSA API */
1959 +- mutex_lock(&snd_card_mutex);
1960 +- snd_cards[card->number] = NULL;
1961 +- clear_bit(card->number, snd_cards_lock);
1962 +- mutex_unlock(&snd_card_mutex);
1963 +-
1964 +- /* phase 2: replace file->f_op with special dummy operations */
1965 +-
1966 ++ /* replace file->f_op with special dummy operations */
1967 + spin_lock(&card->files_lock);
1968 + list_for_each_entry(mfile, &card->files_list, list) {
1969 + /* it's critical part, use endless loop */
1970 +@@ -431,7 +424,7 @@ int snd_card_disconnect(struct snd_card *card)
1971 + }
1972 + spin_unlock(&card->files_lock);
1973 +
1974 +- /* phase 3: notify all connected devices about disconnection */
1975 ++ /* notify all connected devices about disconnection */
1976 + /* at this point, they cannot respond to any calls except release() */
1977 +
1978 + #if IS_ENABLED(CONFIG_SND_MIXER_OSS)
1979 +@@ -447,6 +440,13 @@ int snd_card_disconnect(struct snd_card *card)
1980 + device_del(&card->card_dev);
1981 + card->registered = false;
1982 + }
1983 ++
1984 ++ /* disable fops (user space) operations for ALSA API */
1985 ++ mutex_lock(&snd_card_mutex);
1986 ++ snd_cards[card->number] = NULL;
1987 ++ clear_bit(card->number, snd_cards_lock);
1988 ++ mutex_unlock(&snd_card_mutex);
1989 ++
1990 + #ifdef CONFIG_PM
1991 + wake_up(&card->power_sleep);
1992 + #endif
Report Message
Find on MARC Find on Google Groups