diff --git a/config/kernel/linux-rk3328-default.config b/config/kernel/linux-rk3328-default.config index 5cee31f6fe..76ab0401c3 100644 --- a/config/kernel/linux-rk3328-default.config +++ b/config/kernel/linux-rk3328-default.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.4.138 Kernel Configuration +# Linux/arm64 4.4.143 Kernel Configuration # CONFIG_ARM64=y CONFIG_64BIT=y @@ -3657,22 +3657,6 @@ CONFIG_MALI_DT=y CONFIG_MALI_DEVFREQ=y # CONFIG_MALI_QUIET is not set # CONFIG_MALI_MIDGARD is not set -# CONFIG_MALI_GATOR_SUPPORT is not set -# CONFIG_MALI_MIDGARD_ENABLE_TRACE is not set -# CONFIG_MALI_DMA_FENCE is not set -CONFIG_MALI_EXPERT=y -# CONFIG_MALI_CORESTACK is not set -# CONFIG_MALI_PRFCNT_SET_SECONDARY is not set -# CONFIG_MALI_PLATFORM_FAKE is not set -# CONFIG_MALI_PLATFORM_DEVICETREE is not set -CONFIG_MALI_PLATFORM_THIRDPARTY=y -CONFIG_MALI_PLATFORM_THIRDPARTY_NAME="rk" -# CONFIG_MALI_DEBUG is not set -# CONFIG_MALI_NO_MALI is not set -# CONFIG_MALI_TRACE_TIMELINE is not set -# CONFIG_MALI_SYSTEM_TRACE is not set -# CONFIG_MALI_GPU_MMU_AARCH64 is not set -# CONFIG_MALI_PWRSOFT_765 is not set # CONFIG_MALI_KUTF is not set CONFIG_MALI_BIFROST_FOR_ANDROID=y # CONFIG_MALI_BIFROST_FOR_LINUX is not set @@ -5605,7 +5589,6 @@ CONFIG_HAVE_C_RECORDMCOUNT=y CONFIG_TRACE_CLOCK=y CONFIG_RING_BUFFER=y CONFIG_EVENT_TRACING=y -CONFIG_GPU_TRACEPOINTS=y CONFIG_CONTEXT_SWITCH_TRACER=y CONFIG_TRACING=y CONFIG_GENERIC_TRACER=y diff --git a/patch/kernel/rk3328-default/04-patch-4.4.138-139.patch b/patch/kernel/rk3328-default/04-patch-4.4.138-139.patch new file mode 100644 index 0000000000..a5150e7fc4 --- /dev/null +++ b/patch/kernel/rk3328-default/04-patch-4.4.138-139.patch @@ -0,0 +1,2867 @@ +diff --git a/Documentation/printk-formats.txt b/Documentation/printk-formats.txt +index b784c270105f..ed6f6abaad57 100644 +--- a/Documentation/printk-formats.txt ++++ b/Documentation/printk-formats.txt +@@ -273,11 +273,10 @@ struct clk: + + %pC pll1 + %pCn pll1 +- %pCr 1560000000 + + For printing struct clk structures. '%pC' and '%pCn' print the name + (Common Clock Framework) or address (legacy clock framework) of the +- structure; '%pCr' prints the current clock rate. ++ structure. + + Passed by reference. + +diff --git a/Makefile b/Makefile +index 1a8c0fc6b997..20a11fd36656 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 138 ++SUBLEVEL = 139 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/arm/include/asm/kgdb.h b/arch/arm/include/asm/kgdb.h +index 0a9d5dd93294..6949c7d4481c 100644 +--- a/arch/arm/include/asm/kgdb.h ++++ b/arch/arm/include/asm/kgdb.h +@@ -76,7 +76,7 @@ extern int kgdb_fault_expected; + + #define KGDB_MAX_NO_CPUS 1 + #define BUFMAX 400 +-#define NUMREGBYTES (DBG_MAX_REG_NUM << 2) ++#define NUMREGBYTES (GDB_MAX_REGS << 2) + #define NUMCRITREGBYTES (32 << 2) + + #define _R0 0 +diff --git a/arch/m68k/mm/kmap.c b/arch/m68k/mm/kmap.c +index 6e4955bc542b..fcd52cefee29 100644 +--- a/arch/m68k/mm/kmap.c ++++ b/arch/m68k/mm/kmap.c +@@ -88,7 +88,8 @@ static inline void free_io_area(void *addr) + for (p = &iolist ; (tmp = *p) ; p = &tmp->next) { + if (tmp->addr == addr) { + *p = tmp->next; +- __iounmap(tmp->addr, tmp->size); ++ /* remove gap added in get_io_area() */ ++ __iounmap(tmp->addr, tmp->size - IO_SIZE); + kfree(tmp); + return; + } +diff --git a/arch/mips/bcm47xx/setup.c b/arch/mips/bcm47xx/setup.c +index 6d38948f0f1e..4ca33175ec05 100644 +--- a/arch/mips/bcm47xx/setup.c ++++ b/arch/mips/bcm47xx/setup.c +@@ -249,6 +249,12 @@ static int __init bcm47xx_cpu_fixes(void) + */ + if (bcm47xx_bus.bcma.bus.chipinfo.id == BCMA_CHIP_ID_BCM4706) + cpu_wait = NULL; ++ ++ /* ++ * BCM47XX Erratum "R10: PCIe Transactions Periodically Fail" ++ * Enable ExternalSync for sync instruction to take effect ++ */ ++ set_c0_config7(MIPS_CONF7_ES); + break; + #endif + } +diff --git a/arch/mips/include/asm/io.h b/arch/mips/include/asm/io.h +index d10fd80dbb7e..75fa296836fc 100644 +--- a/arch/mips/include/asm/io.h ++++ b/arch/mips/include/asm/io.h +@@ -411,6 +411,8 @@ static inline type pfx##in##bwlq##p(unsigned long port) \ + __val = *__addr; \ + slow; \ + \ ++ /* prevent prefetching of coherent DMA data prematurely */ \ ++ rmb(); \ + return pfx##ioswab##bwlq(__addr, __val); \ + } + +diff --git a/arch/mips/include/asm/mipsregs.h b/arch/mips/include/asm/mipsregs.h +index e43aca183c99..15c183ce9d4f 100644 +--- a/arch/mips/include/asm/mipsregs.h ++++ b/arch/mips/include/asm/mipsregs.h +@@ -605,6 +605,8 @@ + #define MIPS_CONF7_WII (_ULCAST_(1) << 31) + + #define MIPS_CONF7_RPS (_ULCAST_(1) << 2) ++/* ExternalSync */ ++#define MIPS_CONF7_ES (_ULCAST_(1) << 8) + + #define MIPS_CONF7_IAR (_ULCAST_(1) << 10) + #define MIPS_CONF7_AR (_ULCAST_(1) << 16) +@@ -2012,6 +2014,7 @@ __BUILD_SET_C0(status) + __BUILD_SET_C0(cause) + __BUILD_SET_C0(config) + __BUILD_SET_C0(config5) ++__BUILD_SET_C0(config7) + __BUILD_SET_C0(intcontrol) + __BUILD_SET_C0(intctl) + __BUILD_SET_C0(srsmap) +diff --git a/arch/mips/kernel/mcount.S b/arch/mips/kernel/mcount.S +index 2f7c734771f4..0df911e772ae 100644 +--- a/arch/mips/kernel/mcount.S ++++ b/arch/mips/kernel/mcount.S +@@ -116,10 +116,20 @@ ftrace_stub: + NESTED(_mcount, PT_SIZE, ra) + PTR_LA t1, ftrace_stub + PTR_L t2, ftrace_trace_function /* Prepare t2 for (1) */ +- bne t1, t2, static_trace ++ beq t1, t2, fgraph_trace + nop + ++ MCOUNT_SAVE_REGS ++ ++ move a0, ra /* arg1: self return address */ ++ jalr t2 /* (1) call *ftrace_trace_function */ ++ move a1, AT /* arg2: parent's return address */ ++ ++ MCOUNT_RESTORE_REGS ++ ++fgraph_trace: + #ifdef CONFIG_FUNCTION_GRAPH_TRACER ++ PTR_LA t1, ftrace_stub + PTR_L t3, ftrace_graph_return + bne t1, t3, ftrace_graph_caller + nop +@@ -128,24 +138,11 @@ NESTED(_mcount, PT_SIZE, ra) + bne t1, t3, ftrace_graph_caller + nop + #endif +- b ftrace_stub +-#ifdef CONFIG_32BIT +- addiu sp, sp, 8 +-#else +- nop +-#endif + +-static_trace: +- MCOUNT_SAVE_REGS +- +- move a0, ra /* arg1: self return address */ +- jalr t2 /* (1) call *ftrace_trace_function */ +- move a1, AT /* arg2: parent's return address */ +- +- MCOUNT_RESTORE_REGS + #ifdef CONFIG_32BIT + addiu sp, sp, 8 + #endif ++ + .globl ftrace_stub + ftrace_stub: + RETURN_BACK +diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S +index 2837232bbffb..59be96917369 100644 +--- a/arch/powerpc/kernel/entry_64.S ++++ b/arch/powerpc/kernel/entry_64.S +@@ -574,6 +574,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_1T_SEGMENT) + * actually hit this code path. + */ + ++ isync + slbie r6 + slbie r6 /* Workaround POWER5 < DD2.1 issue */ + slbmte r7,r0 +diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c +index 26d091a1a54c..791d4c3329c3 100644 +--- a/arch/powerpc/kernel/fadump.c ++++ b/arch/powerpc/kernel/fadump.c +@@ -1025,6 +1025,9 @@ void fadump_cleanup(void) + init_fadump_mem_struct(&fdm, + be64_to_cpu(fdm_active->cpu_state_data.destination_address)); + fadump_invalidate_dump(&fdm); ++ } else if (fw_dump.dump_registered) { ++ /* Un-register Firmware-assisted dump if it was registered. */ ++ fadump_unregister_dump(&fdm); + } + } + +diff --git a/arch/powerpc/kernel/hw_breakpoint.c b/arch/powerpc/kernel/hw_breakpoint.c +index fdf48785d3e9..56e4571e3a02 100644 +--- a/arch/powerpc/kernel/hw_breakpoint.c ++++ b/arch/powerpc/kernel/hw_breakpoint.c +@@ -174,8 +174,8 @@ int arch_validate_hwbkpt_settings(struct perf_event *bp) + if (cpu_has_feature(CPU_FTR_DAWR)) { + length_max = 512 ; /* 64 doublewords */ + /* DAWR region can't cross 512 boundary */ +- if ((bp->attr.bp_addr >> 10) != +- ((bp->attr.bp_addr + bp->attr.bp_len - 1) >> 10)) ++ if ((bp->attr.bp_addr >> 9) != ++ ((bp->attr.bp_addr + bp->attr.bp_len - 1) >> 9)) + return -EINVAL; + } + if (info->len > +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index b38fd081b222..3b63655efa3c 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -1004,6 +1004,7 @@ static int ptrace_set_debugreg(struct task_struct *task, unsigned long addr, + /* Create a new breakpoint request if one doesn't exist already */ + hw_breakpoint_init(&attr); + attr.bp_addr = hw_brk.address; ++ attr.bp_len = 8; + arch_bp_generic_fields(hw_brk.type, + &attr.bp_type); + +diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h +index 814ef83c6720..e3a6f66d288c 100644 +--- a/arch/x86/include/asm/barrier.h ++++ b/arch/x86/include/asm/barrier.h +@@ -38,7 +38,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + { + unsigned long mask; + +- asm ("cmp %1,%2; sbb %0,%0;" ++ asm volatile ("cmp %1,%2; sbb %0,%0;" + :"=r" (mask) + :"r"(size),"r" (index) + :"cc"); +diff --git a/arch/xtensa/kernel/traps.c b/arch/xtensa/kernel/traps.c +index 42d441f7898b..1edce040f470 100644 +--- a/arch/xtensa/kernel/traps.c ++++ b/arch/xtensa/kernel/traps.c +@@ -309,7 +309,7 @@ do_unaligned_user (struct pt_regs *regs) + info.si_errno = 0; + info.si_code = BUS_ADRALN; + info.si_addr = (void *) regs->excvaddr; +- force_sig_info(SIGSEGV, &info, current); ++ force_sig_info(SIGBUS, &info, current); + + } + #endif +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index f9b86a1d922d..9afd06ee5b30 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -4247,9 +4247,6 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { + ATA_HORKAGE_ZERO_AFTER_TRIM | + ATA_HORKAGE_NOLPM, }, + +- /* Sandisk devices which are known to not handle LPM well */ +- { "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, }, +- + /* devices that don't properly handle queued TRIM commands */ + { "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM | + ATA_HORKAGE_ZERO_AFTER_TRIM, }, +diff --git a/drivers/ata/libata-zpodd.c b/drivers/ata/libata-zpodd.c +index f3a65a3140d3..0ad96c647541 100644 +--- a/drivers/ata/libata-zpodd.c ++++ b/drivers/ata/libata-zpodd.c +@@ -34,7 +34,7 @@ struct zpodd { + static int eject_tray(struct ata_device *dev) + { + struct ata_taskfile tf; +- const char cdb[] = { GPCMD_START_STOP_UNIT, ++ static const char cdb[ATAPI_CDB_LEN] = { GPCMD_START_STOP_UNIT, + 0, 0, 0, + 0x02, /* LoEj */ + 0, 0, 0, 0, 0, 0, 0, +@@ -55,7 +55,7 @@ static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev) + unsigned int ret; + struct rm_feature_desc *desc = (void *)(buf + 8); + struct ata_taskfile tf; +- char cdb[] = { GPCMD_GET_CONFIGURATION, ++ static const char cdb[] = { GPCMD_GET_CONFIGURATION, + 2, /* only 1 feature descriptor requested */ + 0, 3, /* 3, removable medium feature */ + 0, 0, 0,/* reserved */ +diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c +index 6eab52b92e01..c302f47f6323 100644 +--- a/drivers/atm/zatm.c ++++ b/drivers/atm/zatm.c +@@ -1149,8 +1149,8 @@ static void eprom_get_byte(struct zatm_dev *zatm_dev, unsigned char *byte, + } + + +-static unsigned char eprom_try_esi(struct atm_dev *dev, unsigned short cmd, +- int offset, int swap) ++static int eprom_try_esi(struct atm_dev *dev, unsigned short cmd, int offset, ++ int swap) + { + unsigned char buf[ZEPROM_SIZE]; + struct zatm_dev *zatm_dev; +diff --git a/drivers/base/core.c b/drivers/base/core.c +index afe045792796..049ccc070ce5 100644 +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -759,7 +759,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) + + dir = kzalloc(sizeof(*dir), GFP_KERNEL); + if (!dir) +- return NULL; ++ return ERR_PTR(-ENOMEM); + + dir->class = class; + kobject_init(&dir->kobj, &class_dir_ktype); +@@ -769,7 +769,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) + retval = kobject_add(&dir->kobj, parent_kobj, "%s", class->name); + if (retval < 0) { + kobject_put(&dir->kobj); +- return NULL; ++ return ERR_PTR(retval); + } + return &dir->kobj; + } +@@ -1076,6 +1076,10 @@ int device_add(struct device *dev) + + parent = get_device(dev->parent); + kobj = get_device_parent(dev, parent); ++ if (IS_ERR(kobj)) { ++ error = PTR_ERR(kobj); ++ goto parent_error; ++ } + if (kobj) + dev->kobj.parent = kobj; + +@@ -1174,6 +1178,7 @@ done: + kobject_del(&dev->kobj); + Error: + cleanup_glue_dir(dev, glue_dir); ++parent_error: + put_device(parent); + name_error: + kfree(dev->p); +@@ -1990,6 +1995,11 @@ int device_move(struct device *dev, struct device *new_parent, + device_pm_lock(); + new_parent = get_device(new_parent); + new_parent_kobj = get_device_parent(dev, new_parent); ++ if (IS_ERR(new_parent_kobj)) { ++ error = PTR_ERR(new_parent_kobj); ++ put_device(new_parent); ++ goto out; ++ } + + pr_debug("device: '%s': %s: moving to '%s'\n", dev_name(dev), + __func__, new_parent ? dev_name(new_parent) : ""); +diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c +index 8a3bf0a8c31d..476d39c7ba20 100644 +--- a/drivers/bluetooth/hci_qca.c ++++ b/drivers/bluetooth/hci_qca.c +@@ -939,6 +939,12 @@ static int qca_setup(struct hci_uart *hu) + } else if (ret == -ENOENT) { + /* No patch/nvm-config found, run with original fw/config */ + ret = 0; ++ } else if (ret == -EAGAIN) { ++ /* ++ * Userspace firmware loader will return -EAGAIN in case no ++ * patch/nvm-config is found, so run with original fw/config. ++ */ ++ ret = 0; + } + + /* Setup bdaddr */ +diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c +index feafdab734ae..4835b588b783 100644 +--- a/drivers/char/ipmi/ipmi_bt_sm.c ++++ b/drivers/char/ipmi/ipmi_bt_sm.c +@@ -522,11 +522,12 @@ static enum si_sm_result bt_event(struct si_sm_data *bt, long time) + if (status & BT_H_BUSY) /* clear a leftover H_BUSY */ + BT_CONTROL(BT_H_BUSY); + ++ bt->timeout = bt->BT_CAP_req2rsp; ++ + /* Read BT capabilities if it hasn't been done yet */ + if (!bt->BT_CAP_outreqs) + BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN, + SI_SM_CALL_WITHOUT_DELAY); +- bt->timeout = bt->BT_CAP_req2rsp; + BT_SI_SM_RETURN(SI_SM_IDLE); + + case BT_STATE_XACTION_START: +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index ebed319657e7..68b604ad8413 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -603,6 +603,8 @@ static ssize_t store_##file_name \ + struct cpufreq_policy new_policy; \ + \ + memcpy(&new_policy, policy, sizeof(*policy)); \ ++ new_policy.min = policy->user_policy.min; \ ++ new_policy.max = policy->user_policy.max; \ + \ + ret = sscanf(buf, "%u", &new_policy.object); \ + if (ret != 1) \ +diff --git a/drivers/cpuidle/cpuidle-powernv.c b/drivers/cpuidle/cpuidle-powernv.c +index c44a843cb405..44ebda8bbc84 100644 +--- a/drivers/cpuidle/cpuidle-powernv.c ++++ b/drivers/cpuidle/cpuidle-powernv.c +@@ -29,9 +29,31 @@ struct cpuidle_driver powernv_idle_driver = { + + static int max_idle_state; + static struct cpuidle_state *cpuidle_state_table; +-static u64 snooze_timeout; ++static u64 default_snooze_timeout; + static bool snooze_timeout_en; + ++static u64 get_snooze_timeout(struct cpuidle_device *dev, ++ struct cpuidle_driver *drv, ++ int index) ++{ ++ int i; ++ ++ if (unlikely(!snooze_timeout_en)) ++ return default_snooze_timeout; ++ ++ for (i = index + 1; i < drv->state_count; i++) { ++ struct cpuidle_state *s = &drv->states[i]; ++ struct cpuidle_state_usage *su = &dev->states_usage[i]; ++ ++ if (s->disabled || su->disable) ++ continue; ++ ++ return s->target_residency * tb_ticks_per_usec; ++ } ++ ++ return default_snooze_timeout; ++} ++ + static int snooze_loop(struct cpuidle_device *dev, + struct cpuidle_driver *drv, + int index) +@@ -41,7 +63,7 @@ static int snooze_loop(struct cpuidle_device *dev, + local_irq_enable(); + set_thread_flag(TIF_POLLING_NRFLAG); + +- snooze_exit_time = get_tb() + snooze_timeout; ++ snooze_exit_time = get_tb() + get_snooze_timeout(dev, drv, index); + ppc64_runlatch_off(); + while (!need_resched()) { + HMT_low(); +@@ -286,11 +308,9 @@ static int powernv_idle_probe(void) + cpuidle_state_table = powernv_states; + /* Device tree can indicate more idle states */ + max_idle_state = powernv_add_idle_states(); +- if (max_idle_state > 1) { ++ default_snooze_timeout = TICK_USEC * tb_ticks_per_usec; ++ if (max_idle_state > 1) + snooze_timeout_en = true; +- snooze_timeout = powernv_states[1].target_residency * +- tb_ticks_per_usec; +- } + } else + return -ENODEV; + +diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c +index 7ef9b13262a8..e44181f9eb36 100644 +--- a/drivers/iio/buffer/kfifo_buf.c ++++ b/drivers/iio/buffer/kfifo_buf.c +@@ -19,7 +19,7 @@ struct iio_kfifo { + #define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer) + + static inline int __iio_allocate_kfifo(struct iio_kfifo *buf, +- int bytes_per_datum, int length) ++ size_t bytes_per_datum, unsigned int length) + { + if ((length == 0) || (bytes_per_datum == 0)) + return -EINVAL; +@@ -71,7 +71,7 @@ static int iio_set_bytes_per_datum_kfifo(struct iio_buffer *r, size_t bpd) + return 0; + } + +-static int iio_set_length_kfifo(struct iio_buffer *r, int length) ++static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length) + { + /* Avoid an invalid state */ + if (length < 2) +diff --git a/drivers/infiniband/hw/mlx4/mad.c b/drivers/infiniband/hw/mlx4/mad.c +index d862b9b7910e..199a9cdd0d12 100644 +--- a/drivers/infiniband/hw/mlx4/mad.c ++++ b/drivers/infiniband/hw/mlx4/mad.c +@@ -1780,7 +1780,6 @@ static void mlx4_ib_sqp_comp_worker(struct work_struct *work) + "buf:%lld\n", wc.wr_id); + break; + default: +- BUG_ON(1); + break; + } + } else { +diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h +index 7df16f74bb45..c6c75b99cf2c 100644 +--- a/drivers/infiniband/hw/qib/qib.h ++++ b/drivers/infiniband/hw/qib/qib.h +@@ -1451,8 +1451,7 @@ u64 qib_sps_ints(void); + /* + * dma_addr wrappers - all 0's invalid for hw + */ +-dma_addr_t qib_map_page(struct pci_dev *, struct page *, unsigned long, +- size_t, int); ++int qib_map_page(struct pci_dev *d, struct page *p, dma_addr_t *daddr); + const char *qib_get_unit_name(int unit); + + /* +diff --git a/drivers/infiniband/hw/qib/qib_file_ops.c b/drivers/infiniband/hw/qib/qib_file_ops.c +index 24f4a782e0f4..5908fd3af00d 100644 +--- a/drivers/infiniband/hw/qib/qib_file_ops.c ++++ b/drivers/infiniband/hw/qib/qib_file_ops.c +@@ -364,6 +364,8 @@ static int qib_tid_update(struct qib_ctxtdata *rcd, struct file *fp, + goto done; + } + for (i = 0; i < cnt; i++, vaddr += PAGE_SIZE) { ++ dma_addr_t daddr; ++ + for (; ntids--; tid++) { + if (tid == tidcnt) + tid = 0; +@@ -380,12 +382,14 @@ static int qib_tid_update(struct qib_ctxtdata *rcd, struct file *fp, + ret = -ENOMEM; + break; + } ++ ret = qib_map_page(dd->pcidev, pagep[i], &daddr); ++ if (ret) ++ break; ++ + tidlist[i] = tid + tidoff; + /* we "know" system pages and TID pages are same size */ + dd->pageshadow[ctxttid + tid] = pagep[i]; +- dd->physshadow[ctxttid + tid] = +- qib_map_page(dd->pcidev, pagep[i], 0, PAGE_SIZE, +- PCI_DMA_FROMDEVICE); ++ dd->physshadow[ctxttid + tid] = daddr; + /* + * don't need atomic or it's overhead + */ +diff --git a/drivers/infiniband/hw/qib/qib_user_pages.c b/drivers/infiniband/hw/qib/qib_user_pages.c +index 74f90b2619f6..ab1588ae1c85 100644 +--- a/drivers/infiniband/hw/qib/qib_user_pages.c ++++ b/drivers/infiniband/hw/qib/qib_user_pages.c +@@ -98,23 +98,27 @@ bail: + * + * I'm sure we won't be so lucky with other iommu's, so FIXME. + */ +-dma_addr_t qib_map_page(struct pci_dev *hwdev, struct page *page, +- unsigned long offset, size_t size, int direction) ++int qib_map_page(struct pci_dev *hwdev, struct page *page, dma_addr_t *daddr) + { + dma_addr_t phys; + +- phys = pci_map_page(hwdev, page, offset, size, direction); ++ phys = pci_map_page(hwdev, page, 0, PAGE_SIZE, PCI_DMA_FROMDEVICE); ++ if (pci_dma_mapping_error(hwdev, phys)) ++ return -ENOMEM; + +- if (phys == 0) { +- pci_unmap_page(hwdev, phys, size, direction); +- phys = pci_map_page(hwdev, page, offset, size, direction); ++ if (!phys) { ++ pci_unmap_page(hwdev, phys, PAGE_SIZE, PCI_DMA_FROMDEVICE); ++ phys = pci_map_page(hwdev, page, 0, PAGE_SIZE, ++ PCI_DMA_FROMDEVICE); ++ if (pci_dma_mapping_error(hwdev, phys)) ++ return -ENOMEM; + /* + * FIXME: If we get 0 again, we should keep this page, + * map another, then free the 0 page. + */ + } +- +- return phys; ++ *daddr = phys; ++ return 0; + } + + /** +diff --git a/drivers/input/mouse/elan_i2c.h b/drivers/input/mouse/elan_i2c.h +index c0ec26118732..83dd0ce3ad2a 100644 +--- a/drivers/input/mouse/elan_i2c.h ++++ b/drivers/input/mouse/elan_i2c.h +@@ -27,6 +27,8 @@ + #define ETP_DISABLE_POWER 0x0001 + #define ETP_PRESSURE_OFFSET 25 + ++#define ETP_CALIBRATE_MAX_LEN 3 ++ + /* IAP Firmware handling */ + #define ETP_PRODUCT_ID_FORMAT_STRING "%d.0" + #define ETP_FW_NAME "elan_i2c_" ETP_PRODUCT_ID_FORMAT_STRING ".bin" +diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c +index aeb8250ab079..97f6e05cffce 100644 +--- a/drivers/input/mouse/elan_i2c_core.c ++++ b/drivers/input/mouse/elan_i2c_core.c +@@ -595,7 +595,7 @@ static ssize_t calibrate_store(struct device *dev, + int tries = 20; + int retval; + int error; +- u8 val[3]; ++ u8 val[ETP_CALIBRATE_MAX_LEN]; + + retval = mutex_lock_interruptible(&data->sysfs_mutex); + if (retval) +@@ -1250,6 +1250,7 @@ static const struct acpi_device_id elan_acpi_id[] = { + { "ELAN060C", 0 }, + { "ELAN0611", 0 }, + { "ELAN0612", 0 }, ++ { "ELAN0618", 0 }, + { "ELAN1000", 0 }, + { } + }; +diff --git a/drivers/input/mouse/elan_i2c_smbus.c b/drivers/input/mouse/elan_i2c_smbus.c +index 25dba1d7aa57..2ac85f5cbf31 100644 +--- a/drivers/input/mouse/elan_i2c_smbus.c ++++ b/drivers/input/mouse/elan_i2c_smbus.c +@@ -56,7 +56,7 @@ + static int elan_smbus_initialize(struct i2c_client *client) + { + u8 check[ETP_SMBUS_HELLOPACKET_LEN] = { 0x55, 0x55, 0x55, 0x55, 0x55 }; +- u8 values[ETP_SMBUS_HELLOPACKET_LEN] = { 0, 0, 0, 0, 0 }; ++ u8 values[I2C_SMBUS_BLOCK_MAX] = {0}; + int len, error; + + /* Get hello packet */ +@@ -117,12 +117,16 @@ static int elan_smbus_calibrate(struct i2c_client *client) + static int elan_smbus_calibrate_result(struct i2c_client *client, u8 *val) + { + int error; ++ u8 buf[I2C_SMBUS_BLOCK_MAX] = {0}; ++ ++ BUILD_BUG_ON(ETP_CALIBRATE_MAX_LEN > sizeof(buf)); + + error = i2c_smbus_read_block_data(client, +- ETP_SMBUS_CALIBRATE_QUERY, val); ++ ETP_SMBUS_CALIBRATE_QUERY, buf); + if (error < 0) + return error; + ++ memcpy(val, buf, ETP_CALIBRATE_MAX_LEN); + return 0; + } + +@@ -466,6 +470,8 @@ static int elan_smbus_get_report(struct i2c_client *client, u8 *report) + { + int len; + ++ BUILD_BUG_ON(I2C_SMBUS_BLOCK_MAX > ETP_SMBUS_REPORT_LEN); ++ + len = i2c_smbus_read_block_data(client, + ETP_SMBUS_PACKET_QUERY, + &report[ETP_SMBUS_REPORT_OFFSET]); +diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c +index 06ea28e5d7b4..174bb52c578b 100644 +--- a/drivers/input/mouse/elantech.c ++++ b/drivers/input/mouse/elantech.c +@@ -804,7 +804,7 @@ static int elantech_packet_check_v4(struct psmouse *psmouse) + else if (ic_version == 7 && etd->samples[1] == 0x2A) + sanity_check = ((packet[3] & 0x1c) == 0x10); + else +- sanity_check = ((packet[0] & 0x0c) == 0x04 && ++ sanity_check = ((packet[0] & 0x08) == 0x00 && + (packet[3] & 0x1c) == 0x10); + + if (!sanity_check) +@@ -1177,6 +1177,12 @@ static const struct dmi_system_id elantech_dmi_has_middle_button[] = { + { } + }; + ++static const char * const middle_button_pnp_ids[] = { ++ "LEN2131", /* ThinkPad P52 w/ NFC */ ++ "LEN2132", /* ThinkPad P52 */ ++ NULL ++}; ++ + /* + * Set the appropriate event bits for the input subsystem + */ +@@ -1196,7 +1202,8 @@ static int elantech_set_input_params(struct psmouse *psmouse) + __clear_bit(EV_REL, dev->evbit); + + __set_bit(BTN_LEFT, dev->keybit); +- if (dmi_check_system(elantech_dmi_has_middle_button)) ++ if (dmi_check_system(elantech_dmi_has_middle_button) || ++ psmouse_matches_pnp_id(psmouse, middle_button_pnp_ids)) + __set_bit(BTN_MIDDLE, dev->keybit); + __set_bit(BTN_RIGHT, dev->keybit); + +diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c +index a1cc797fe88f..315767e8ae4d 100644 +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -1299,6 +1299,8 @@ static void schedule_external_copy(struct thin_c *tc, dm_block_t virt_block, + + static void set_pool_mode(struct pool *pool, enum pool_mode new_mode); + ++static void requeue_bios(struct pool *pool); ++ + static void check_for_space(struct pool *pool) + { + int r; +@@ -1311,8 +1313,10 @@ static void check_for_space(struct pool *pool) + if (r) + return; + +- if (nr_free) ++ if (nr_free) { + set_pool_mode(pool, PM_WRITE); ++ requeue_bios(pool); ++ } + } + + /* +@@ -1389,7 +1393,10 @@ static int alloc_data_block(struct thin_c *tc, dm_block_t *result) + + r = dm_pool_alloc_data_block(pool->pmd, result); + if (r) { +- metadata_operation_failed(pool, "dm_pool_alloc_data_block", r); ++ if (r == -ENOSPC) ++ set_pool_mode(pool, PM_OUT_OF_DATA_SPACE); ++ else ++ metadata_operation_failed(pool, "dm_pool_alloc_data_block", r); + return r; + } + +diff --git a/drivers/md/md.c b/drivers/md/md.c +index 62c3328e2a1d..0663463df2f7 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -2690,7 +2690,8 @@ state_store(struct md_rdev *rdev, const char *buf, size_t len) + err = 0; + } + } else if (cmd_match(buf, "re-add")) { +- if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1)) { ++ if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1) && ++ rdev->saved_raid_disk >= 0) { + /* clear_bit is performed _after_ all the devices + * have their local Faulty bit cleared. If any writes + * happen in the meantime in the local node, they +@@ -8153,6 +8154,7 @@ static int remove_and_add_spares(struct mddev *mddev, + if (mddev->pers->hot_remove_disk( + mddev, rdev) == 0) { + sysfs_unlink_rdev(mddev, rdev); ++ rdev->saved_raid_disk = rdev->raid_disk; + rdev->raid_disk = -1; + removed++; + } +diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c +index e2a3833170e3..2c835e69c4df 100644 +--- a/drivers/media/dvb-core/dvb_frontend.c ++++ b/drivers/media/dvb-core/dvb_frontend.c +@@ -230,8 +230,20 @@ static void dvb_frontend_add_event(struct dvb_frontend *fe, + wake_up_interruptible (&events->wait_queue); + } + ++static int dvb_frontend_test_event(struct dvb_frontend_private *fepriv, ++ struct dvb_fe_events *events) ++{ ++ int ret; ++ ++ up(&fepriv->sem); ++ ret = events->eventw != events->eventr; ++ down(&fepriv->sem); ++ ++ return ret; ++} ++ + static int dvb_frontend_get_event(struct dvb_frontend *fe, +- struct dvb_frontend_event *event, int flags) ++ struct dvb_frontend_event *event, int flags) + { + struct dvb_frontend_private *fepriv = fe->frontend_priv; + struct dvb_fe_events *events = &fepriv->events; +@@ -249,13 +261,8 @@ static int dvb_frontend_get_event(struct dvb_frontend *fe, + if (flags & O_NONBLOCK) + return -EWOULDBLOCK; + +- up(&fepriv->sem); +- +- ret = wait_event_interruptible (events->wait_queue, +- events->eventw != events->eventr); +- +- if (down_interruptible (&fepriv->sem)) +- return -ERESTARTSYS; ++ ret = wait_event_interruptible(events->wait_queue, ++ dvb_frontend_test_event(fepriv, events)); + + if (ret < 0) + return ret; +diff --git a/drivers/media/usb/cx231xx/cx231xx-cards.c b/drivers/media/usb/cx231xx/cx231xx-cards.c +index 04ae21278440..77f54e4198d3 100644 +--- a/drivers/media/usb/cx231xx/cx231xx-cards.c ++++ b/drivers/media/usb/cx231xx/cx231xx-cards.c +@@ -864,6 +864,9 @@ struct usb_device_id cx231xx_id_table[] = { + .driver_info = CX231XX_BOARD_CNXT_RDE_250}, + {USB_DEVICE(0x0572, 0x58A0), + .driver_info = CX231XX_BOARD_CNXT_RDU_250}, ++ /* AverMedia DVD EZMaker 7 */ ++ {USB_DEVICE(0x07ca, 0xc039), ++ .driver_info = CX231XX_BOARD_CNXT_VIDEO_GRABBER}, + {USB_DEVICE(0x2040, 0xb110), + .driver_info = CX231XX_BOARD_HAUPPAUGE_USB2_FM_PAL}, + {USB_DEVICE(0x2040, 0xb111), +diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +index e0ae2f34623a..9292e35aef06 100644 +--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c ++++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +@@ -864,7 +864,7 @@ static int put_v4l2_ext_controls32(struct file *file, + get_user(kcontrols, &kp->controls)) + return -EFAULT; + +- if (!count) ++ if (!count || count > (U32_MAX/sizeof(*ucontrols))) + return 0; + if (get_user(p, &up->controls)) + return -EFAULT; +diff --git a/drivers/mfd/intel-lpss.c b/drivers/mfd/intel-lpss.c +index fe89e5e337d5..ac867489b5a9 100644 +--- a/drivers/mfd/intel-lpss.c ++++ b/drivers/mfd/intel-lpss.c +@@ -269,11 +269,11 @@ static void intel_lpss_init_dev(const struct intel_lpss *lpss) + + intel_lpss_deassert_reset(lpss); + ++ intel_lpss_set_remap_addr(lpss); ++ + if (!intel_lpss_has_idma(lpss)) + return; + +- intel_lpss_set_remap_addr(lpss); +- + /* Make sure that SPI multiblock DMA transfers are re-enabled */ + if (lpss->type == LPSS_DEV_SPI) + writel(value, lpss->priv + LPSS_PRIV_SSP_REG); +diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c +index 31448a2b39ae..c484ca8c909c 100644 +--- a/drivers/mtd/chips/cfi_cmdset_0002.c ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c +@@ -1878,7 +1878,7 @@ static int __xipram do_write_buffer(struct map_info *map, struct flchip *chip, + if (time_after(jiffies, timeo) && !chip_ready(map, adr)) + break; + +- if (chip_ready(map, adr)) { ++ if (chip_good(map, adr, datum)) { + xip_enable(map, chip, adr); + goto op_done; + } +@@ -2533,7 +2533,7 @@ static int cfi_atmel_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) + + struct ppb_lock { + struct flchip *chip; +- loff_t offset; ++ unsigned long adr; + int locked; + }; + +@@ -2551,8 +2551,9 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, + unsigned long timeo; + int ret; + ++ adr += chip->start; + mutex_lock(&chip->mutex); +- ret = get_chip(map, chip, adr + chip->start, FL_LOCKING); ++ ret = get_chip(map, chip, adr, FL_LOCKING); + if (ret) { + mutex_unlock(&chip->mutex); + return ret; +@@ -2570,8 +2571,8 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, + + if (thunk == DO_XXLOCK_ONEBLOCK_LOCK) { + chip->state = FL_LOCKING; +- map_write(map, CMD(0xA0), chip->start + adr); +- map_write(map, CMD(0x00), chip->start + adr); ++ map_write(map, CMD(0xA0), adr); ++ map_write(map, CMD(0x00), adr); + } else if (thunk == DO_XXLOCK_ONEBLOCK_UNLOCK) { + /* + * Unlocking of one specific sector is not supported, so we +@@ -2609,7 +2610,7 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, + map_write(map, CMD(0x00), chip->start); + + chip->state = FL_READY; +- put_chip(map, chip, adr + chip->start); ++ put_chip(map, chip, adr); + mutex_unlock(&chip->mutex); + + return ret; +@@ -2666,9 +2667,9 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, + * sectors shall be unlocked, so lets keep their locking + * status at "unlocked" (locked=0) for the final re-locking. + */ +- if ((adr < ofs) || (adr >= (ofs + len))) { ++ if ((offset < ofs) || (offset >= (ofs + len))) { + sect[sectors].chip = &cfi->chips[chipnum]; +- sect[sectors].offset = offset; ++ sect[sectors].adr = adr; + sect[sectors].locked = do_ppb_xxlock( + map, &cfi->chips[chipnum], adr, 0, + DO_XXLOCK_ONEBLOCK_GETLOCK); +@@ -2682,6 +2683,8 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, + i++; + + if (adr >> cfi->chipshift) { ++ if (offset >= (ofs + len)) ++ break; + adr = 0; + chipnum++; + +@@ -2712,7 +2715,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, + */ + for (i = 0; i < sectors; i++) { + if (sect[i].locked) +- do_ppb_xxlock(map, sect[i].chip, sect[i].offset, 0, ++ do_ppb_xxlock(map, sect[i].chip, sect[i].adr, 0, + DO_XXLOCK_ONEBLOCK_LOCK); + } + +diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c +index a2e6c7848b0a..c9f5ae424af7 100644 +--- a/drivers/mtd/ubi/build.c ++++ b/drivers/mtd/ubi/build.c +@@ -1132,6 +1132,9 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway) + */ + get_device(&ubi->dev); + ++#ifdef CONFIG_MTD_UBI_FASTMAP ++ cancel_work_sync(&ubi->fm_work); ++#endif + ubi_debugfs_exit_dev(ubi); + uif_close(ubi); + +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c +index 75286588b823..ca9746f41ff1 100644 +--- a/drivers/mtd/ubi/wl.c ++++ b/drivers/mtd/ubi/wl.c +@@ -1479,6 +1479,7 @@ int ubi_thread(void *u) + } + + dbg_wl("background thread \"%s\" is killed", ubi->bgt_name); ++ ubi->thread_enabled = 0; + return 0; + } + +@@ -1488,9 +1489,6 @@ int ubi_thread(void *u) + */ + static void shutdown_work(struct ubi_device *ubi) + { +-#ifdef CONFIG_MTD_UBI_FASTMAP +- flush_work(&ubi->fm_work); +-#endif + while (!list_empty(&ubi->works)) { + struct ubi_work *wrk; + +diff --git a/drivers/net/bonding/bond_options.c b/drivers/net/bonding/bond_options.c +index 55e93b6b6d21..66560a8fcfa2 100644 +--- a/drivers/net/bonding/bond_options.c ++++ b/drivers/net/bonding/bond_options.c +@@ -1115,6 +1115,7 @@ static int bond_option_primary_set(struct bonding *bond, + slave->dev->name); + rcu_assign_pointer(bond->primary_slave, slave); + strcpy(bond->params.primary, slave->dev->name); ++ bond->force_primary = true; + bond_select_active_slave(bond); + goto out; + } +diff --git a/drivers/net/ethernet/natsemi/sonic.c b/drivers/net/ethernet/natsemi/sonic.c +index 1bd419dbda6d..0798b4adb039 100644 +--- a/drivers/net/ethernet/natsemi/sonic.c ++++ b/drivers/net/ethernet/natsemi/sonic.c +@@ -71,7 +71,7 @@ static int sonic_open(struct net_device *dev) + for (i = 0; i < SONIC_NUM_RRS; i++) { + dma_addr_t laddr = dma_map_single(lp->device, skb_put(lp->rx_skb[i], SONIC_RBSIZE), + SONIC_RBSIZE, DMA_FROM_DEVICE); +- if (!laddr) { ++ if (dma_mapping_error(lp->device, laddr)) { + while(i > 0) { /* free any that were mapped successfully */ + i--; + dma_unmap_single(lp->device, lp->rx_laddr[i], SONIC_RBSIZE, DMA_FROM_DEVICE); +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index c8e98c8e29fa..36e1377fc954 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -1075,7 +1075,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) + * accordingly. Otherwise, we should check here. + */ + if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) +- delayed_ndp_size = ctx->max_ndp_size; ++ delayed_ndp_size = ALIGN(ctx->max_ndp_size, ctx->tx_ndp_modulus); + else + delayed_ndp_size = 0; + +@@ -1208,7 +1208,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) + /* If requested, put NDP at end of frame. */ + if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) { + nth16 = (struct usb_cdc_ncm_nth16 *)skb_out->data; +- cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max); ++ cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max - ctx->max_ndp_size); + nth16->wNdpIndex = cpu_to_le16(skb_out->len); + memcpy(skb_put(skb_out, ctx->max_ndp_size), ctx->delayed_ndp16, ctx->max_ndp_size); + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index d72205f06a1d..3b67140eed73 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -635,6 +635,7 @@ static const struct usb_device_id products[] = { + {QMI_FIXED_INTF(0x05c6, 0x920d, 0)}, + {QMI_FIXED_INTF(0x05c6, 0x920d, 5)}, + {QMI_FIXED_INTF(0x0846, 0x68a2, 8)}, ++ {QMI_FIXED_INTF(0x0846, 0x68d3, 8)}, /* Netgear Aircard 779S */ + {QMI_FIXED_INTF(0x12d1, 0x140c, 1)}, /* Huawei E173 */ + {QMI_FIXED_INTF(0x12d1, 0x14ac, 1)}, /* Huawei E1820 */ + {QMI_FIXED_INTF(0x1435, 0xd181, 3)}, /* Wistron NeWeb D18Q1 */ +diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c +index 254b0ee37039..a71187c783b7 100644 +--- a/drivers/nvdimm/bus.c ++++ b/drivers/nvdimm/bus.c +@@ -237,14 +237,18 @@ int nvdimm_revalidate_disk(struct gendisk *disk) + { + struct device *dev = disk->driverfs_dev; + struct nd_region *nd_region = to_nd_region(dev->parent); +- const char *pol = nd_region->ro ? "only" : "write"; ++ int disk_ro = get_disk_ro(disk); + +- if (nd_region->ro == get_disk_ro(disk)) ++ /* ++ * Upgrade to read-only if the region is read-only preserve as ++ * read-only if the disk is already read-only. ++ */ ++ if (disk_ro || nd_region->ro == disk_ro) + return 0; + +- dev_info(dev, "%s read-%s, marking %s read-%s\n", +- dev_name(&nd_region->dev), pol, disk->disk_name, pol); +- set_disk_ro(disk, nd_region->ro); ++ dev_info(dev, "%s read-only, marking %s read-only\n", ++ dev_name(&nd_region->dev), disk->disk_name); ++ set_disk_ro(disk, 1); + + return 0; + +diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c +index e16ea5717b7f..2a547ca3d443 100644 +--- a/drivers/of/unittest.c ++++ b/drivers/of/unittest.c +@@ -156,20 +156,20 @@ static void __init of_unittest_dynamic(void) + /* Add a new property - should pass*/ + prop->name = "new-property"; + prop->value = "new-property-data"; +- prop->length = strlen(prop->value); ++ prop->length = strlen(prop->value) + 1; + unittest(of_add_property(np, prop) == 0, "Adding a new property failed\n"); + + /* Try to add an existing property - should fail */ + prop++; + prop->name = "new-property"; + prop->value = "new-property-data-should-fail"; +- prop->length = strlen(prop->value); ++ prop->length = strlen(prop->value) + 1; + unittest(of_add_property(np, prop) != 0, + "Adding an existing property should have failed\n"); + + /* Try to modify an existing property - should pass */ + prop->value = "modify-property-data-should-pass"; +- prop->length = strlen(prop->value); ++ prop->length = strlen(prop->value) + 1; + unittest(of_update_property(np, prop) == 0, + "Updating an existing property should have passed\n"); + +@@ -177,7 +177,7 @@ static void __init of_unittest_dynamic(void) + prop++; + prop->name = "modify-property"; + prop->value = "modify-missing-property-data-should-pass"; +- prop->length = strlen(prop->value); ++ prop->length = strlen(prop->value) + 1; + unittest(of_update_property(np, prop) == 0, + "Updating a missing property should have passed\n"); + +diff --git a/drivers/pci/hotplug/pciehp.h b/drivers/pci/hotplug/pciehp.h +index 62d6fe6c3714..cbe58480b474 100644 +--- a/drivers/pci/hotplug/pciehp.h ++++ b/drivers/pci/hotplug/pciehp.h +@@ -134,7 +134,7 @@ struct controller *pcie_init(struct pcie_device *dev); + int pcie_init_notification(struct controller *ctrl); + int pciehp_enable_slot(struct slot *p_slot); + int pciehp_disable_slot(struct slot *p_slot); +-void pcie_enable_notification(struct controller *ctrl); ++void pcie_reenable_notification(struct controller *ctrl); + int pciehp_power_on_slot(struct slot *slot); + void pciehp_power_off_slot(struct slot *slot); + void pciehp_get_power_status(struct slot *slot, u8 *status); +diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c +index 612b21a14df5..8f6ded43760a 100644 +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -295,7 +295,7 @@ static int pciehp_resume(struct pcie_device *dev) + ctrl = get_service_data(dev); + + /* reinitialize the chipset's event detection logic */ +- pcie_enable_notification(ctrl); ++ pcie_reenable_notification(ctrl); + + slot = ctrl->slot; + +diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c +index 5c24e938042f..63c6c7fce3eb 100644 +--- a/drivers/pci/hotplug/pciehp_hpc.c ++++ b/drivers/pci/hotplug/pciehp_hpc.c +@@ -628,7 +628,7 @@ static irqreturn_t pcie_isr(int irq, void *dev_id) + return IRQ_HANDLED; + } + +-void pcie_enable_notification(struct controller *ctrl) ++static void pcie_enable_notification(struct controller *ctrl) + { + u16 cmd, mask; + +@@ -666,6 +666,17 @@ void pcie_enable_notification(struct controller *ctrl) + pci_pcie_cap(ctrl->pcie->port) + PCI_EXP_SLTCTL, cmd); + } + ++void pcie_reenable_notification(struct controller *ctrl) ++{ ++ /* ++ * Clear both Presence and Data Link Layer Changed to make sure ++ * those events still fire after we have re-enabled them. ++ */ ++ pcie_capability_write_word(ctrl->pcie->port, PCI_EXP_SLTSTA, ++ PCI_EXP_SLTSTA_PDC | PCI_EXP_SLTSTA_DLLSC); ++ pcie_enable_notification(ctrl); ++} ++ + static void pcie_disable_notification(struct controller *ctrl) + { + u16 mask; +diff --git a/drivers/s390/scsi/zfcp_dbf.c b/drivers/s390/scsi/zfcp_dbf.c +index 4534a7ce77b8..b6caad0fee24 100644 +--- a/drivers/s390/scsi/zfcp_dbf.c ++++ b/drivers/s390/scsi/zfcp_dbf.c +@@ -625,6 +625,46 @@ void zfcp_dbf_scsi(char *tag, int level, struct scsi_cmnd *sc, + spin_unlock_irqrestore(&dbf->scsi_lock, flags); + } + ++/** ++ * zfcp_dbf_scsi_eh() - Trace event for special cases of scsi_eh callbacks. ++ * @tag: Identifier for event. ++ * @adapter: Pointer to zfcp adapter as context for this event. ++ * @scsi_id: SCSI ID/target to indicate scope of task management function (TMF). ++ * @ret: Return value of calling function. ++ * ++ * This SCSI trace variant does not depend on any of: ++ * scsi_cmnd, zfcp_fsf_req, scsi_device. ++ */ ++void zfcp_dbf_scsi_eh(char *tag, struct zfcp_adapter *adapter, ++ unsigned int scsi_id, int ret) ++{ ++ struct zfcp_dbf *dbf = adapter->dbf; ++ struct zfcp_dbf_scsi *rec = &dbf->scsi_buf; ++ unsigned long flags; ++ static int const level = 1; ++ ++ if (unlikely(!debug_level_enabled(adapter->dbf->scsi, level))) ++ return; ++ ++ spin_lock_irqsave(&dbf->scsi_lock, flags); ++ memset(rec, 0, sizeof(*rec)); ++ ++ memcpy(rec->tag, tag, ZFCP_DBF_TAG_LEN); ++ rec->id = ZFCP_DBF_SCSI_CMND; ++ rec->scsi_result = ret; /* re-use field, int is 4 bytes and fits */ ++ rec->scsi_retries = ~0; ++ rec->scsi_allowed = ~0; ++ rec->fcp_rsp_info = ~0; ++ rec->scsi_id = scsi_id; ++ rec->scsi_lun = (u32)ZFCP_DBF_INVALID_LUN; ++ rec->scsi_lun_64_hi = (u32)(ZFCP_DBF_INVALID_LUN >> 32); ++ rec->host_scribble = ~0; ++ memset(rec->scsi_opcode, 0xff, ZFCP_DBF_SCSI_OPCODE); ++ ++ debug_event(dbf->scsi, level, rec, sizeof(*rec)); ++ spin_unlock_irqrestore(&dbf->scsi_lock, flags); ++} ++ + static debug_info_t *zfcp_dbf_reg(const char *name, int size, int rec_size) + { + struct debug_info *d; +diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c +index 3b23d6754598..2abcd331b05d 100644 +--- a/drivers/s390/scsi/zfcp_erp.c ++++ b/drivers/s390/scsi/zfcp_erp.c +@@ -34,11 +34,28 @@ enum zfcp_erp_steps { + ZFCP_ERP_STEP_LUN_OPENING = 0x2000, + }; + ++/** ++ * enum zfcp_erp_act_type - Type of ERP action object. ++ * @ZFCP_ERP_ACTION_REOPEN_LUN: LUN recovery. ++ * @ZFCP_ERP_ACTION_REOPEN_PORT: Port recovery. ++ * @ZFCP_ERP_ACTION_REOPEN_PORT_FORCED: Forced port recovery. ++ * @ZFCP_ERP_ACTION_REOPEN_ADAPTER: Adapter recovery. ++ * @ZFCP_ERP_ACTION_NONE: Eyecatcher pseudo flag to bitwise or-combine with ++ * either of the first four enum values. ++ * Used to indicate that an ERP action could not be ++ * set up despite a detected need for some recovery. ++ * @ZFCP_ERP_ACTION_FAILED: Eyecatcher pseudo flag to bitwise or-combine with ++ * either of the first four enum values. ++ * Used to indicate that ERP not needed because ++ * the object has ZFCP_STATUS_COMMON_ERP_FAILED. ++ */ + enum zfcp_erp_act_type { + ZFCP_ERP_ACTION_REOPEN_LUN = 1, + ZFCP_ERP_ACTION_REOPEN_PORT = 2, + ZFCP_ERP_ACTION_REOPEN_PORT_FORCED = 3, + ZFCP_ERP_ACTION_REOPEN_ADAPTER = 4, ++ ZFCP_ERP_ACTION_NONE = 0xc0, ++ ZFCP_ERP_ACTION_FAILED = 0xe0, + }; + + enum zfcp_erp_act_state { +@@ -125,6 +142,49 @@ static void zfcp_erp_action_dismiss_adapter(struct zfcp_adapter *adapter) + } + } + ++static int zfcp_erp_handle_failed(int want, struct zfcp_adapter *adapter, ++ struct zfcp_port *port, ++ struct scsi_device *sdev) ++{ ++ int need = want; ++ struct zfcp_scsi_dev *zsdev; ++ ++ switch (want) { ++ case ZFCP_ERP_ACTION_REOPEN_LUN: ++ zsdev = sdev_to_zfcp(sdev); ++ if (atomic_read(&zsdev->status) & ZFCP_STATUS_COMMON_ERP_FAILED) ++ need = 0; ++ break; ++ case ZFCP_ERP_ACTION_REOPEN_PORT_FORCED: ++ if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) ++ need = 0; ++ break; ++ case ZFCP_ERP_ACTION_REOPEN_PORT: ++ if (atomic_read(&port->status) & ++ ZFCP_STATUS_COMMON_ERP_FAILED) { ++ need = 0; ++ /* ensure propagation of failed status to new devices */ ++ zfcp_erp_set_port_status( ++ port, ZFCP_STATUS_COMMON_ERP_FAILED); ++ } ++ break; ++ case ZFCP_ERP_ACTION_REOPEN_ADAPTER: ++ if (atomic_read(&adapter->status) & ++ ZFCP_STATUS_COMMON_ERP_FAILED) { ++ need = 0; ++ /* ensure propagation of failed status to new devices */ ++ zfcp_erp_set_adapter_status( ++ adapter, ZFCP_STATUS_COMMON_ERP_FAILED); ++ } ++ break; ++ default: ++ need = 0; ++ break; ++ } ++ ++ return need; ++} ++ + static int zfcp_erp_required_act(int want, struct zfcp_adapter *adapter, + struct zfcp_port *port, + struct scsi_device *sdev) +@@ -248,16 +308,27 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, + int retval = 1, need; + struct zfcp_erp_action *act; + +- if (!adapter->erp_thread) +- return -EIO; ++ need = zfcp_erp_handle_failed(want, adapter, port, sdev); ++ if (!need) { ++ need = ZFCP_ERP_ACTION_FAILED; /* marker for trace */ ++ goto out; ++ } ++ ++ if (!adapter->erp_thread) { ++ need = ZFCP_ERP_ACTION_NONE; /* marker for trace */ ++ retval = -EIO; ++ goto out; ++ } + + need = zfcp_erp_required_act(want, adapter, port, sdev); + if (!need) + goto out; + + act = zfcp_erp_setup_act(need, act_status, adapter, port, sdev); +- if (!act) ++ if (!act) { ++ need |= ZFCP_ERP_ACTION_NONE; /* marker for trace */ + goto out; ++ } + atomic_or(ZFCP_STATUS_ADAPTER_ERP_PENDING, &adapter->status); + ++adapter->erp_total_count; + list_add_tail(&act->list, &adapter->erp_ready_head); +@@ -268,18 +339,32 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, + return retval; + } + ++void zfcp_erp_port_forced_no_port_dbf(char *id, struct zfcp_adapter *adapter, ++ u64 port_name, u32 port_id) ++{ ++ unsigned long flags; ++ static /* don't waste stack */ struct zfcp_port tmpport; ++ ++ write_lock_irqsave(&adapter->erp_lock, flags); ++ /* Stand-in zfcp port with fields just good enough for ++ * zfcp_dbf_rec_trig() and zfcp_dbf_set_common(). ++ * Under lock because tmpport is static. ++ */ ++ atomic_set(&tmpport.status, -1); /* unknown */ ++ tmpport.wwpn = port_name; ++ tmpport.d_id = port_id; ++ zfcp_dbf_rec_trig(id, adapter, &tmpport, NULL, ++ ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, ++ ZFCP_ERP_ACTION_NONE); ++ write_unlock_irqrestore(&adapter->erp_lock, flags); ++} ++ + static int _zfcp_erp_adapter_reopen(struct zfcp_adapter *adapter, + int clear_mask, char *id) + { + zfcp_erp_adapter_block(adapter, clear_mask); + zfcp_scsi_schedule_rports_block(adapter); + +- /* ensure propagation of failed status to new devices */ +- if (atomic_read(&adapter->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { +- zfcp_erp_set_adapter_status(adapter, +- ZFCP_STATUS_COMMON_ERP_FAILED); +- return -EIO; +- } + return zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, + adapter, NULL, NULL, id, 0); + } +@@ -298,12 +383,8 @@ void zfcp_erp_adapter_reopen(struct zfcp_adapter *adapter, int clear, char *id) + zfcp_scsi_schedule_rports_block(adapter); + + write_lock_irqsave(&adapter->erp_lock, flags); +- if (atomic_read(&adapter->status) & ZFCP_STATUS_COMMON_ERP_FAILED) +- zfcp_erp_set_adapter_status(adapter, +- ZFCP_STATUS_COMMON_ERP_FAILED); +- else +- zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, adapter, +- NULL, NULL, id, 0); ++ zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, adapter, ++ NULL, NULL, id, 0); + write_unlock_irqrestore(&adapter->erp_lock, flags); + } + +@@ -344,9 +425,6 @@ static void _zfcp_erp_port_forced_reopen(struct zfcp_port *port, int clear, + zfcp_erp_port_block(port, clear); + zfcp_scsi_schedule_rport_block(port); + +- if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) +- return; +- + zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, + port->adapter, port, NULL, id, 0); + } +@@ -372,12 +450,6 @@ static int _zfcp_erp_port_reopen(struct zfcp_port *port, int clear, char *id) + zfcp_erp_port_block(port, clear); + zfcp_scsi_schedule_rport_block(port); + +- if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { +- /* ensure propagation of failed status to new devices */ +- zfcp_erp_set_port_status(port, ZFCP_STATUS_COMMON_ERP_FAILED); +- return -EIO; +- } +- + return zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_PORT, + port->adapter, port, NULL, id, 0); + } +@@ -417,9 +489,6 @@ static void _zfcp_erp_lun_reopen(struct scsi_device *sdev, int clear, char *id, + + zfcp_erp_lun_block(sdev, clear); + +- if (atomic_read(&zfcp_sdev->status) & ZFCP_STATUS_COMMON_ERP_FAILED) +- return; +- + zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_LUN, adapter, + zfcp_sdev->port, sdev, id, act_status); + } +diff --git a/drivers/s390/scsi/zfcp_ext.h b/drivers/s390/scsi/zfcp_ext.h +index 7a7984a50683..b326f05c7f89 100644 +--- a/drivers/s390/scsi/zfcp_ext.h ++++ b/drivers/s390/scsi/zfcp_ext.h +@@ -52,10 +52,15 @@ extern void zfcp_dbf_san_res(char *, struct zfcp_fsf_req *); + extern void zfcp_dbf_san_in_els(char *, struct zfcp_fsf_req *); + extern void zfcp_dbf_scsi(char *, int, struct scsi_cmnd *, + struct zfcp_fsf_req *); ++extern void zfcp_dbf_scsi_eh(char *tag, struct zfcp_adapter *adapter, ++ unsigned int scsi_id, int ret); + + /* zfcp_erp.c */ + extern void zfcp_erp_set_adapter_status(struct zfcp_adapter *, u32); + extern void zfcp_erp_clear_adapter_status(struct zfcp_adapter *, u32); ++extern void zfcp_erp_port_forced_no_port_dbf(char *id, ++ struct zfcp_adapter *adapter, ++ u64 port_name, u32 port_id); + extern void zfcp_erp_adapter_reopen(struct zfcp_adapter *, int, char *); + extern void zfcp_erp_adapter_shutdown(struct zfcp_adapter *, int, char *); + extern void zfcp_erp_set_port_status(struct zfcp_port *, u32); +diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c +index bb99db2948ab..3afb200b2829 100644 +--- a/drivers/s390/scsi/zfcp_scsi.c ++++ b/drivers/s390/scsi/zfcp_scsi.c +@@ -180,6 +180,7 @@ static int zfcp_scsi_eh_abort_handler(struct scsi_cmnd *scpnt) + if (abrt_req) + break; + ++ zfcp_dbf_scsi_abort("abrt_wt", scpnt, NULL); + zfcp_erp_wait(adapter); + ret = fc_block_scsi_eh(scpnt); + if (ret) { +@@ -276,6 +277,7 @@ static int zfcp_task_mgmt_function(struct scsi_cmnd *scpnt, u8 tm_flags) + if (fsf_req) + break; + ++ zfcp_dbf_scsi_devreset("wait", scpnt, tm_flags, NULL); + zfcp_erp_wait(adapter); + ret = fc_block_scsi_eh(scpnt); + if (ret) { +@@ -322,15 +324,16 @@ static int zfcp_scsi_eh_host_reset_handler(struct scsi_cmnd *scpnt) + { + struct zfcp_scsi_dev *zfcp_sdev = sdev_to_zfcp(scpnt->device); + struct zfcp_adapter *adapter = zfcp_sdev->port->adapter; +- int ret; ++ int ret = SUCCESS, fc_ret; + + zfcp_erp_adapter_reopen(adapter, 0, "schrh_1"); + zfcp_erp_wait(adapter); +- ret = fc_block_scsi_eh(scpnt); +- if (ret) +- return ret; ++ fc_ret = fc_block_scsi_eh(scpnt); ++ if (fc_ret) ++ ret = fc_ret; + +- return SUCCESS; ++ zfcp_dbf_scsi_eh("schrh_r", adapter, ~0, ret); ++ return ret; + } + + struct scsi_transport_template *zfcp_scsi_transport_template; +@@ -600,6 +603,11 @@ static void zfcp_scsi_terminate_rport_io(struct fc_rport *rport) + if (port) { + zfcp_erp_port_forced_reopen(port, 0, "sctrpi1"); + put_device(&port->dev); ++ } else { ++ zfcp_erp_port_forced_no_port_dbf( ++ "sctrpin", adapter, ++ rport->port_name /* zfcp_scsi_rport_register */, ++ rport->port_id /* zfcp_scsi_rport_register */); + } + } + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index aa18c729d23a..a9eb3cd453be 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -3261,7 +3261,8 @@ qla2x00_iidma_fcport(scsi_qla_host_t *vha, fc_port_t *fcport) + return; + + if (fcport->fp_speed == PORT_SPEED_UNKNOWN || +- fcport->fp_speed > ha->link_data_rate) ++ fcport->fp_speed > ha->link_data_rate || ++ !ha->flags.gpsc_supported) + return; + + rval = qla2x00_set_idma_speed(vha, fcport->loop_id, fcport->fp_speed, +diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c +index dee1cb87d24f..04fd651f9e3e 100644 +--- a/drivers/spi/spi.c ++++ b/drivers/spi/spi.c +@@ -707,8 +707,14 @@ static int spi_map_buf(struct spi_master *master, struct device *dev, + for (i = 0; i < sgs; i++) { + + if (vmalloced_buf) { +- min = min_t(size_t, +- len, desc_len - offset_in_page(buf)); ++ /* ++ * Next scatterlist entry size is the minimum between ++ * the desc_len and the remaining buffer length that ++ * fits in a page. ++ */ ++ min = min_t(size_t, desc_len, ++ min_t(size_t, len, ++ PAGE_SIZE - offset_in_page(buf))); + vm_page = vmalloc_to_page(buf); + if (!vm_page) { + sg_free_table(sgt); +diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c +index 8dd822feb972..b63920481b1d 100644 +--- a/drivers/tty/serial/sh-sci.c ++++ b/drivers/tty/serial/sh-sci.c +@@ -2419,13 +2419,12 @@ static void serial_console_write(struct console *co, const char *s, + unsigned long flags; + int locked = 1; + +- local_irq_save(flags); + if (port->sysrq) + locked = 0; + else if (oops_in_progress) +- locked = spin_trylock(&port->lock); ++ locked = spin_trylock_irqsave(&port->lock, flags); + else +- spin_lock(&port->lock); ++ spin_lock_irqsave(&port->lock, flags); + + /* first save the SCSCR then disable the interrupts */ + ctrl = serial_port_in(port, SCSCR); +@@ -2442,8 +2441,7 @@ static void serial_console_write(struct console *co, const char *s, + serial_port_out(port, SCSCR, ctrl); + + if (locked) +- spin_unlock(&port->lock); +- local_irq_restore(flags); ++ spin_unlock_irqrestore(&port->lock, flags); + } + + static int serial_console_setup(struct console *co, char *options) +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 6d84f6c8fbe6..4d86da0df131 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -4442,7 +4442,9 @@ hub_port_init(struct usb_hub *hub, struct usb_device *udev, int port1, + * reset. But only on the first attempt, + * lest we get into a time out/reset loop + */ +- if (r == 0 || (r == -ETIMEDOUT && retries == 0)) ++ if (r == 0 || (r == -ETIMEDOUT && ++ retries == 0 && ++ udev->speed > USB_SPEED_FULL)) + break; + } + udev->descriptor.bMaxPacketSize0 = +diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c +index 494823f21c28..7ec66f1db418 100644 +--- a/drivers/usb/musb/musb_host.c ++++ b/drivers/usb/musb/musb_host.c +@@ -2580,8 +2580,11 @@ static int musb_bus_suspend(struct usb_hcd *hcd) + { + struct musb *musb = hcd_to_musb(hcd); + u8 devctl; ++ int ret; + +- musb_port_suspend(musb, true); ++ ret = musb_port_suspend(musb, true); ++ if (ret) ++ return ret; + + if (!is_host_active(musb)) + return 0; +diff --git a/drivers/usb/musb/musb_host.h b/drivers/usb/musb/musb_host.h +index 7bbf01bf4bb0..54d02ed032df 100644 +--- a/drivers/usb/musb/musb_host.h ++++ b/drivers/usb/musb/musb_host.h +@@ -92,7 +92,7 @@ extern void musb_host_rx(struct musb *, u8); + extern void musb_root_disconnect(struct musb *musb); + extern void musb_host_resume_root_hub(struct musb *musb); + extern void musb_host_poke_root_hub(struct musb *musb); +-extern void musb_port_suspend(struct musb *musb, bool do_suspend); ++extern int musb_port_suspend(struct musb *musb, bool do_suspend); + extern void musb_port_reset(struct musb *musb, bool do_reset); + extern void musb_host_finish_resume(struct work_struct *work); + #else +@@ -124,7 +124,10 @@ static inline void musb_root_disconnect(struct musb *musb) {} + static inline void musb_host_resume_root_hub(struct musb *musb) {} + static inline void musb_host_poll_rh_status(struct musb *musb) {} + static inline void musb_host_poke_root_hub(struct musb *musb) {} +-static inline void musb_port_suspend(struct musb *musb, bool do_suspend) {} ++static inline int musb_port_suspend(struct musb *musb, bool do_suspend) ++{ ++ return 0; ++} + static inline void musb_port_reset(struct musb *musb, bool do_reset) {} + static inline void musb_host_finish_resume(struct work_struct *work) {} + #endif +diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c +index 92d5f718659b..ac5458a69de5 100644 +--- a/drivers/usb/musb/musb_virthub.c ++++ b/drivers/usb/musb/musb_virthub.c +@@ -74,14 +74,14 @@ void musb_host_finish_resume(struct work_struct *work) + spin_unlock_irqrestore(&musb->lock, flags); + } + +-void musb_port_suspend(struct musb *musb, bool do_suspend) ++int musb_port_suspend(struct musb *musb, bool do_suspend) + { + struct usb_otg *otg = musb->xceiv->otg; + u8 power; + void __iomem *mbase = musb->mregs; + + if (!is_host_active(musb)) +- return; ++ return 0; + + /* NOTE: this doesn't necessarily put PHY into low power mode, + * turning off its clock; that's a function of PHY integration and +@@ -92,16 +92,20 @@ void musb_port_suspend(struct musb *musb, bool do_suspend) + if (do_suspend) { + int retries = 10000; + +- power &= ~MUSB_POWER_RESUME; +- power |= MUSB_POWER_SUSPENDM; +- musb_writeb(mbase, MUSB_POWER, power); ++ if (power & MUSB_POWER_RESUME) ++ return -EBUSY; + +- /* Needed for OPT A tests */ +- power = musb_readb(mbase, MUSB_POWER); +- while (power & MUSB_POWER_SUSPENDM) { ++ if (!(power & MUSB_POWER_SUSPENDM)) { ++ power |= MUSB_POWER_SUSPENDM; ++ musb_writeb(mbase, MUSB_POWER, power); ++ ++ /* Needed for OPT A tests */ + power = musb_readb(mbase, MUSB_POWER); +- if (retries-- < 1) +- break; ++ while (power & MUSB_POWER_SUSPENDM) { ++ power = musb_readb(mbase, MUSB_POWER); ++ if (retries-- < 1) ++ break; ++ } + } + + dev_dbg(musb->controller, "Root port suspended, power %02x\n", power); +@@ -138,6 +142,7 @@ void musb_port_suspend(struct musb *musb, bool do_suspend) + schedule_delayed_work(&musb->finish_resume_work, + msecs_to_jiffies(USB_RESUME_TIMEOUT)); + } ++ return 0; + } + + void musb_port_reset(struct musb *musb, bool do_reset) +diff --git a/drivers/video/backlight/as3711_bl.c b/drivers/video/backlight/as3711_bl.c +index 734a9158946b..e55304d5cf07 100644 +--- a/drivers/video/backlight/as3711_bl.c ++++ b/drivers/video/backlight/as3711_bl.c +@@ -262,10 +262,10 @@ static int as3711_bl_register(struct platform_device *pdev, + static int as3711_backlight_parse_dt(struct device *dev) + { + struct as3711_bl_pdata *pdata = dev_get_platdata(dev); +- struct device_node *bl = +- of_find_node_by_name(dev->parent->of_node, "backlight"), *fb; ++ struct device_node *bl, *fb; + int ret; + ++ bl = of_get_child_by_name(dev->parent->of_node, "backlight"); + if (!bl) { + dev_dbg(dev, "backlight node not found\n"); + return -ENODEV; +@@ -279,7 +279,7 @@ static int as3711_backlight_parse_dt(struct device *dev) + if (pdata->su1_max_uA <= 0) + ret = -EINVAL; + if (ret < 0) +- return ret; ++ goto err_put_bl; + } + + fb = of_parse_phandle(bl, "su2-dev", 0); +@@ -292,7 +292,7 @@ static int as3711_backlight_parse_dt(struct device *dev) + if (pdata->su2_max_uA <= 0) + ret = -EINVAL; + if (ret < 0) +- return ret; ++ goto err_put_bl; + + if (of_find_property(bl, "su2-feedback-voltage", NULL)) { + pdata->su2_feedback = AS3711_SU2_VOLTAGE; +@@ -314,8 +314,10 @@ static int as3711_backlight_parse_dt(struct device *dev) + pdata->su2_feedback = AS3711_SU2_CURR_AUTO; + count++; + } +- if (count != 1) +- return -EINVAL; ++ if (count != 1) { ++ ret = -EINVAL; ++ goto err_put_bl; ++ } + + count = 0; + if (of_find_property(bl, "su2-fbprot-lx-sd4", NULL)) { +@@ -334,8 +336,10 @@ static int as3711_backlight_parse_dt(struct device *dev) + pdata->su2_fbprot = AS3711_SU2_GPIO4; + count++; + } +- if (count != 1) +- return -EINVAL; ++ if (count != 1) { ++ ret = -EINVAL; ++ goto err_put_bl; ++ } + + count = 0; + if (of_find_property(bl, "su2-auto-curr1", NULL)) { +@@ -355,11 +359,20 @@ static int as3711_backlight_parse_dt(struct device *dev) + * At least one su2-auto-curr* must be specified iff + * AS3711_SU2_CURR_AUTO is used + */ +- if (!count ^ (pdata->su2_feedback != AS3711_SU2_CURR_AUTO)) +- return -EINVAL; ++ if (!count ^ (pdata->su2_feedback != AS3711_SU2_CURR_AUTO)) { ++ ret = -EINVAL; ++ goto err_put_bl; ++ } + } + ++ of_node_put(bl); ++ + return 0; ++ ++err_put_bl: ++ of_node_put(bl); ++ ++ return ret; + } + + static int as3711_backlight_probe(struct platform_device *pdev) +diff --git a/drivers/video/backlight/max8925_bl.c b/drivers/video/backlight/max8925_bl.c +index 7b738d60ecc2..f3aa6088f1d9 100644 +--- a/drivers/video/backlight/max8925_bl.c ++++ b/drivers/video/backlight/max8925_bl.c +@@ -116,7 +116,7 @@ static void max8925_backlight_dt_init(struct platform_device *pdev) + if (!pdata) + return; + +- np = of_find_node_by_name(nproot, "backlight"); ++ np = of_get_child_by_name(nproot, "backlight"); + if (!np) { + dev_err(&pdev->dev, "failed to find backlight node\n"); + return; +@@ -125,6 +125,8 @@ static void max8925_backlight_dt_init(struct platform_device *pdev) + if (!of_property_read_u32(np, "maxim,max8925-dual-string", &val)) + pdata->dual_string = val; + ++ of_node_put(np); ++ + pdev->dev.platform_data = pdata; + } + +diff --git a/drivers/video/backlight/tps65217_bl.c b/drivers/video/backlight/tps65217_bl.c +index 61d72bffd402..dc920e2aa094 100644 +--- a/drivers/video/backlight/tps65217_bl.c ++++ b/drivers/video/backlight/tps65217_bl.c +@@ -184,11 +184,11 @@ static struct tps65217_bl_pdata * + tps65217_bl_parse_dt(struct platform_device *pdev) + { + struct tps65217 *tps = dev_get_drvdata(pdev->dev.parent); +- struct device_node *node = of_node_get(tps->dev->of_node); ++ struct device_node *node; + struct tps65217_bl_pdata *pdata, *err; + u32 val; + +- node = of_find_node_by_name(node, "backlight"); ++ node = of_get_child_by_name(tps->dev->of_node, "backlight"); + if (!node) + return ERR_PTR(-ENODEV); + +diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c +index 178ae93b7ebd..381236ff34d9 100644 +--- a/drivers/video/fbdev/uvesafb.c ++++ b/drivers/video/fbdev/uvesafb.c +@@ -1059,7 +1059,8 @@ static int uvesafb_setcmap(struct fb_cmap *cmap, struct fb_info *info) + info->cmap.len || cmap->start < info->cmap.start) + return -EINVAL; + +- entries = kmalloc(sizeof(*entries) * cmap->len, GFP_KERNEL); ++ entries = kmalloc_array(cmap->len, sizeof(*entries), ++ GFP_KERNEL); + if (!entries) + return -ENOMEM; + +diff --git a/drivers/w1/masters/mxc_w1.c b/drivers/w1/masters/mxc_w1.c +index a4621757a47f..dacb5919970c 100644 +--- a/drivers/w1/masters/mxc_w1.c ++++ b/drivers/w1/masters/mxc_w1.c +@@ -113,6 +113,10 @@ static int mxc_w1_probe(struct platform_device *pdev) + if (IS_ERR(mdev->clk)) + return PTR_ERR(mdev->clk); + ++ err = clk_prepare_enable(mdev->clk); ++ if (err) ++ return err; ++ + clkrate = clk_get_rate(mdev->clk); + if (clkrate < 10000000) + dev_warn(&pdev->dev, +@@ -126,12 +130,10 @@ static int mxc_w1_probe(struct platform_device *pdev) + + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); + mdev->regs = devm_ioremap_resource(&pdev->dev, res); +- if (IS_ERR(mdev->regs)) +- return PTR_ERR(mdev->regs); +- +- err = clk_prepare_enable(mdev->clk); +- if (err) +- return err; ++ if (IS_ERR(mdev->regs)) { ++ err = PTR_ERR(mdev->regs); ++ goto out_disable_clk; ++ } + + /* Software reset 1-Wire module */ + writeb(MXC_W1_RESET_RST, mdev->regs + MXC_W1_RESET); +@@ -147,8 +149,12 @@ static int mxc_w1_probe(struct platform_device *pdev) + + err = w1_add_master_device(&mdev->bus_master); + if (err) +- clk_disable_unprepare(mdev->clk); ++ goto out_disable_clk; + ++ return 0; ++ ++out_disable_clk: ++ clk_disable_unprepare(mdev->clk); + return err; + } + +diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c +index 39886edfa222..88c1b8c01473 100644 +--- a/drivers/w1/w1.c ++++ b/drivers/w1/w1.c +@@ -741,7 +741,7 @@ int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn) + + /* slave modules need to be loaded in a context with unlocked mutex */ + mutex_unlock(&dev->mutex); +- request_module("w1-family-0x%02x", rn->family); ++ request_module("w1-family-0x%02X", rn->family); + mutex_lock(&dev->mutex); + + spin_lock(&w1_flock); +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c +index 468961c59fa5..21d679f88dfa 100644 +--- a/drivers/xen/events/events_base.c ++++ b/drivers/xen/events/events_base.c +@@ -637,8 +637,6 @@ static void __unbind_from_irq(unsigned int irq) + xen_irq_info_cleanup(info); + } + +- BUG_ON(info_for_irq(irq)->type == IRQT_UNBOUND); +- + xen_free_irq(irq); + } + +diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c +index 78f005f37847..dd784bcf7c96 100644 +--- a/fs/binfmt_misc.c ++++ b/fs/binfmt_misc.c +@@ -369,8 +369,13 @@ static Node *create_entry(const char __user *buffer, size_t count) + s = strchr(p, del); + if (!s) + goto einval; +- *s++ = '\0'; +- e->offset = simple_strtoul(p, &p, 10); ++ *s = '\0'; ++ if (p != s) { ++ int r = kstrtoint(p, 10, &e->offset); ++ if (r != 0 || e->offset < 0) ++ goto einval; ++ } ++ p = s; + if (*p++) + goto einval; + pr_debug("register: offset: %#x\n", e->offset); +@@ -410,7 +415,8 @@ static Node *create_entry(const char __user *buffer, size_t count) + if (e->mask && + string_unescape_inplace(e->mask, UNESCAPE_HEX) != e->size) + goto einval; +- if (e->size + e->offset > BINPRM_BUF_SIZE) ++ if (e->size > BINPRM_BUF_SIZE || ++ BINPRM_BUF_SIZE - e->size < e->offset) + goto einval; + pr_debug("register: magic/mask length: %i\n", e->size); + if (USE_DEBUG) { +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 1f01a8172308..b895be3d4311 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -1202,6 +1202,8 @@ static noinline int csum_exist_in_range(struct btrfs_root *root, + list_del(&sums->list); + kfree(sums); + } ++ if (ret < 0) ++ return ret; + return 1; + } + +@@ -1351,10 +1353,23 @@ next_slot: + goto out_check; + if (btrfs_extent_readonly(root, disk_bytenr)) + goto out_check; +- if (btrfs_cross_ref_exist(trans, root, ino, ++ ret = btrfs_cross_ref_exist(trans, root, ino, + found_key.offset - +- extent_offset, disk_bytenr)) ++ extent_offset, disk_bytenr); ++ if (ret) { ++ /* ++ * ret could be -EIO if the above fails to read ++ * metadata. ++ */ ++ if (ret < 0) { ++ if (cow_start != (u64)-1) ++ cur_offset = cow_start; ++ goto error; ++ } ++ ++ WARN_ON_ONCE(nolock); + goto out_check; ++ } + disk_bytenr += extent_offset; + disk_bytenr += cur_offset - found_key.offset; + num_bytes = min(end + 1, extent_end) - cur_offset; +@@ -1372,8 +1387,20 @@ next_slot: + * this ensure that csum for a given extent are + * either valid or do not exist. + */ +- if (csum_exist_in_range(root, disk_bytenr, num_bytes)) ++ ret = csum_exist_in_range(root, disk_bytenr, num_bytes); ++ if (ret) { ++ /* ++ * ret could be -EIO if the above fails to read ++ * metadata. ++ */ ++ if (ret < 0) { ++ if (cow_start != (u64)-1) ++ cur_offset = cow_start; ++ goto error; ++ } ++ WARN_ON_ONCE(nolock); + goto out_check; ++ } + nocow = 1; + } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { + extent_end = found_key.offset + +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index 4e3c889c1876..6caeb946fc1d 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3923,11 +3923,6 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd, + if (!(src_file.file->f_mode & FMODE_READ)) + goto out_fput; + +- /* don't make the dst file partly checksummed */ +- if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != +- (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) +- goto out_fput; +- + ret = -EISDIR; + if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode)) + goto out_fput; +@@ -3942,6 +3937,13 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd, + mutex_lock(&src->i_mutex); + } + ++ /* don't make the dst file partly checksummed */ ++ if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != ++ (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { ++ ret = -EINVAL; ++ goto out_unlock; ++ } ++ + /* determine range to clone */ + ret = -EINVAL; + if (off + len > src->i_size || off + len < off) +diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c +index b091d94ceef6..6dca9f937bf6 100644 +--- a/fs/btrfs/scrub.c ++++ b/fs/btrfs/scrub.c +@@ -2513,7 +2513,7 @@ static int scrub_extent(struct scrub_ctx *sctx, u64 logical, u64 len, + have_csum = scrub_find_csum(sctx, logical, csum); + if (have_csum == 0) + ++sctx->stat.no_csum; +- if (sctx->is_dev_replace && !have_csum) { ++ if (0 && sctx->is_dev_replace && !have_csum) { + ret = copy_nocow_pages(sctx, logical, l, + mirror_num, + physical_for_dev_replace); +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 56ce7fd0f0d0..30efeb656c1e 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3787,28 +3787,28 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) + EXT4_BLOCK_SIZE_BITS(sb); + stop_block = (offset + length) >> EXT4_BLOCK_SIZE_BITS(sb); + +- /* If there are no blocks to remove, return now */ +- if (first_block >= stop_block) +- goto out_stop; ++ /* If there are blocks to remove, do it */ ++ if (stop_block > first_block) { + +- down_write(&EXT4_I(inode)->i_data_sem); +- ext4_discard_preallocations(inode); ++ down_write(&EXT4_I(inode)->i_data_sem); ++ ext4_discard_preallocations(inode); + +- ret = ext4_es_remove_extent(inode, first_block, +- stop_block - first_block); +- if (ret) { +- up_write(&EXT4_I(inode)->i_data_sem); +- goto out_stop; +- } ++ ret = ext4_es_remove_extent(inode, first_block, ++ stop_block - first_block); ++ if (ret) { ++ up_write(&EXT4_I(inode)->i_data_sem); ++ goto out_stop; ++ } + +- if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) +- ret = ext4_ext_remove_space(inode, first_block, +- stop_block - 1); +- else +- ret = ext4_ind_remove_space(handle, inode, first_block, +- stop_block); ++ if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) ++ ret = ext4_ext_remove_space(inode, first_block, ++ stop_block - 1); ++ else ++ ret = ext4_ind_remove_space(handle, inode, first_block, ++ stop_block); + +- up_write(&EXT4_I(inode)->i_data_sem); ++ up_write(&EXT4_I(inode)->i_data_sem); ++ } + if (IS_SYNC(inode)) + ext4_handle_sync(handle); + +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c +index 74516efd874c..d2421fd38833 100644 +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -1903,7 +1903,7 @@ retry: + return 0; + + n_group = ext4_get_group_number(sb, n_blocks_count - 1); +- if (n_group > (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) { ++ if (n_group >= (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) { + ext4_warning(sb, "resize would cause inodes_count overflow"); + return -EINVAL; + } +diff --git a/fs/fuse/control.c b/fs/fuse/control.c +index f863ac6647ac..89a4b231e79c 100644 +--- a/fs/fuse/control.c ++++ b/fs/fuse/control.c +@@ -211,10 +211,11 @@ static struct dentry *fuse_ctl_add_dentry(struct dentry *parent, + if (!dentry) + return NULL; + +- fc->ctl_dentry[fc->ctl_ndents++] = dentry; + inode = new_inode(fuse_control_sb); +- if (!inode) ++ if (!inode) { ++ dput(dentry); + return NULL; ++ } + + inode->i_ino = get_next_ino(); + inode->i_mode = mode; +@@ -228,6 +229,9 @@ static struct dentry *fuse_ctl_add_dentry(struct dentry *parent, + set_nlink(inode, nlink); + inode->i_private = fc; + d_add(dentry, inode); ++ ++ fc->ctl_dentry[fc->ctl_ndents++] = dentry; ++ + return dentry; + } + +@@ -284,7 +288,10 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc) + for (i = fc->ctl_ndents - 1; i >= 0; i--) { + struct dentry *dentry = fc->ctl_dentry[i]; + d_inode(dentry)->i_private = NULL; +- d_drop(dentry); ++ if (!i) { ++ /* Get rid of submounts: */ ++ d_invalidate(dentry); ++ } + dput(dentry); + } + drop_nlink(d_inode(fuse_control_sb->s_root)); +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index 5068dbf80ff8..49b7b40f7598 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1609,8 +1609,19 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr, + return err; + + if (attr->ia_valid & ATTR_OPEN) { +- if (fc->atomic_o_trunc) ++ /* This is coming from open(..., ... | O_TRUNC); */ ++ WARN_ON(!(attr->ia_valid & ATTR_SIZE)); ++ WARN_ON(attr->ia_size != 0); ++ if (fc->atomic_o_trunc) { ++ /* ++ * No need to send request to userspace, since actual ++ * truncation has already been done by OPEN. But still ++ * need to truncate page cache. ++ */ ++ i_size_write(inode, 0); ++ truncate_pagecache(inode, 0); + return 0; ++ } + file = NULL; + } + +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c +index 0d5e8e59b390..f0b73e0c6d48 100644 +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -1158,6 +1158,7 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) + err_put_conn: + fuse_bdi_destroy(fc); + fuse_conn_put(fc); ++ sb->s_fs_info = NULL; + err_fput: + fput(file); + err: +diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c +index 1ee62e62ea76..c99a887100db 100644 +--- a/fs/nfs/nfs4idmap.c ++++ b/fs/nfs/nfs4idmap.c +@@ -343,7 +343,7 @@ static ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf, + int id_len; + ssize_t ret; + +- id_len = snprintf(id_str, sizeof(id_str), "%u", id); ++ id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str)); + ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap); + if (ret < 0) + return -EINVAL; +@@ -626,7 +626,8 @@ static int nfs_idmap_read_and_verify_message(struct idmap_msg *im, + if (strcmp(upcall->im_name, im->im_name) != 0) + break; + /* Note: here we store the NUL terminator too */ +- len = sprintf(id_str, "%d", im->im_id) + 1; ++ len = 1 + nfs_map_numeric_to_string(im->im_id, id_str, ++ sizeof(id_str)); + ret = nfs_idmap_instantiate(key, authkey, id_str, len); + break; + case IDMAP_CONV_IDTONAME: +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index 544672b440de..57e3262ec57a 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3595,7 +3595,8 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4 + nfserr = nfserr_resource; + goto err_no_verf; + } +- maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX); ++ maxcount = svc_max_payload(resp->rqstp); ++ maxcount = min_t(u32, readdir->rd_maxcount, maxcount); + /* + * Note the rfc defines rd_maxcount as the size of the + * READDIR4resok structure, which includes the verifier above +@@ -3609,7 +3610,7 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4 + + /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */ + if (!readdir->rd_dircount) +- readdir->rd_dircount = INT_MAX; ++ readdir->rd_dircount = svc_max_payload(resp->rqstp); + + readdir->xdr = xdr; + readdir->rd_maxcount = maxcount; +diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c +index 0b9da5b6e0f9..22dba8837a86 100644 +--- a/fs/ubifs/journal.c ++++ b/fs/ubifs/journal.c +@@ -1107,7 +1107,7 @@ static int recomp_data_node(const struct ubifs_info *c, + int err, len, compr_type, out_len; + + out_len = le32_to_cpu(dn->size); +- buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS); ++ buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS); + if (!buf) + return -ENOMEM; + +diff --git a/fs/udf/directory.c b/fs/udf/directory.c +index c763fda257bf..637114e8c7fd 100644 +--- a/fs/udf/directory.c ++++ b/fs/udf/directory.c +@@ -150,6 +150,9 @@ struct fileIdentDesc *udf_fileident_read(struct inode *dir, loff_t *nf_pos, + sizeof(struct fileIdentDesc)); + } + } ++ /* Got last entry outside of dir size - fs is corrupted! */ ++ if (*nf_pos > dir->i_size) ++ return NULL; + return fi; + } + +diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h +index fe14382f9664..1383e1c03ff2 100644 +--- a/include/linux/blkdev.h ++++ b/include/linux/blkdev.h +@@ -882,8 +882,8 @@ static inline unsigned int blk_max_size_offset(struct request_queue *q, + if (!q->limits.chunk_sectors) + return q->limits.max_sectors; + +- return q->limits.chunk_sectors - +- (offset & (q->limits.chunk_sectors - 1)); ++ return min(q->limits.max_sectors, (unsigned int)(q->limits.chunk_sectors - ++ (offset & (q->limits.chunk_sectors - 1)))); + } + + static inline unsigned int blk_rq_get_max_sectors(struct request *rq) +diff --git a/include/linux/compiler.h b/include/linux/compiler.h +index 6fc9a6dd5ed2..0db1fa621d8a 100644 +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -111,7 +111,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); + #define unlikely_notrace(x) __builtin_expect(!!(x), 0) + + #define __branch_check__(x, expect) ({ \ +- int ______r; \ ++ long ______r; \ + static struct ftrace_branch_data \ + __attribute__((__aligned__(4))) \ + __attribute__((section("_ftrace_annotated_branch"))) \ +diff --git a/include/linux/iio/buffer.h b/include/linux/iio/buffer.h +index 1600c55828e0..93a774ce4922 100644 +--- a/include/linux/iio/buffer.h ++++ b/include/linux/iio/buffer.h +@@ -49,7 +49,7 @@ struct iio_buffer_access_funcs { + int (*request_update)(struct iio_buffer *buffer); + + int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd); +- int (*set_length)(struct iio_buffer *buffer, int length); ++ int (*set_length)(struct iio_buffer *buffer, unsigned int length); + + void (*release)(struct iio_buffer *buffer); + +@@ -78,8 +78,8 @@ struct iio_buffer_access_funcs { + * @watermark: [INTERN] number of datums to wait for poll/read. + */ + struct iio_buffer { +- int length; +- int bytes_per_datum; ++ unsigned int length; ++ size_t bytes_per_datum; + struct attribute_group *scan_el_attrs; + long *scan_mask; + bool scan_timestamp; +diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h +index 1878d0a96333..876688b5a356 100644 +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -878,7 +878,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, + u16 conn_timeout, u8 role); + struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + u8 dst_type, u8 sec_level, u16 conn_timeout, +- u8 role); ++ u8 role, bdaddr_t *direct_rpa); + struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, + u8 sec_level, u8 auth_type); + struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, +diff --git a/kernel/time/time.c b/kernel/time/time.c +index 86751c68e08d..de70ac1f84d0 100644 +--- a/kernel/time/time.c ++++ b/kernel/time/time.c +@@ -28,6 +28,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -258,9 +259,10 @@ unsigned int jiffies_to_msecs(const unsigned long j) + return (j + (HZ / MSEC_PER_SEC) - 1)/(HZ / MSEC_PER_SEC); + #else + # if BITS_PER_LONG == 32 +- return (HZ_TO_MSEC_MUL32 * j) >> HZ_TO_MSEC_SHR32; ++ return (HZ_TO_MSEC_MUL32 * j + (1ULL << HZ_TO_MSEC_SHR32) - 1) >> ++ HZ_TO_MSEC_SHR32; + # else +- return (j * HZ_TO_MSEC_NUM) / HZ_TO_MSEC_DEN; ++ return DIV_ROUND_UP(j * HZ_TO_MSEC_NUM, HZ_TO_MSEC_DEN); + # endif + #endif + } +diff --git a/lib/vsprintf.c b/lib/vsprintf.c +index f9cee8e1233c..646009db4198 100644 +--- a/lib/vsprintf.c ++++ b/lib/vsprintf.c +@@ -1345,9 +1345,6 @@ char *clock(char *buf, char *end, struct clk *clk, struct printf_spec spec, + return string(buf, end, NULL, spec); + + switch (fmt[1]) { +- case 'r': +- return number(buf, end, clk_get_rate(clk), spec); +- + case 'n': + default: + #ifdef CONFIG_COMMON_CLK +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c +index 24e9410923d0..80be0ee17ff3 100644 +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -708,7 +708,8 @@ done: + } + + static void hci_req_add_le_create_conn(struct hci_request *req, +- struct hci_conn *conn) ++ struct hci_conn *conn, ++ bdaddr_t *direct_rpa) + { + struct hci_cp_le_create_conn cp; + struct hci_dev *hdev = conn->hdev; +@@ -716,11 +717,23 @@ static void hci_req_add_le_create_conn(struct hci_request *req, + + memset(&cp, 0, sizeof(cp)); + +- /* Update random address, but set require_privacy to false so +- * that we never connect with an non-resolvable address. ++ /* If direct address was provided we use it instead of current ++ * address. + */ +- if (hci_update_random_address(req, false, &own_addr_type)) +- return; ++ if (direct_rpa) { ++ if (bacmp(&req->hdev->random_addr, direct_rpa)) ++ hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, ++ direct_rpa); ++ ++ /* direct address is always RPA */ ++ own_addr_type = ADDR_LE_DEV_RANDOM; ++ } else { ++ /* Update random address, but set require_privacy to false so ++ * that we never connect with an non-resolvable address. ++ */ ++ if (hci_update_random_address(req, false, &own_addr_type)) ++ return; ++ } + + /* Set window to be the same value as the interval to enable + * continuous scanning. +@@ -782,7 +795,7 @@ static void hci_req_directed_advertising(struct hci_request *req, + + struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + u8 dst_type, u8 sec_level, u16 conn_timeout, +- u8 role) ++ u8 role, bdaddr_t *direct_rpa) + { + struct hci_conn_params *params; + struct hci_conn *conn, *conn_unfinished; +@@ -913,7 +926,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); + } + +- hci_req_add_le_create_conn(&req, conn); ++ hci_req_add_le_create_conn(&req, conn, direct_rpa); + + create_conn: + err = hci_req_run(&req, create_le_conn_complete); +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index d57c11c1c6b5..d40d32a2c12d 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -4632,7 +4632,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, + /* This function requires the caller holds hdev->lock */ + static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, + bdaddr_t *addr, +- u8 addr_type, u8 adv_type) ++ u8 addr_type, u8 adv_type, ++ bdaddr_t *direct_rpa) + { + struct hci_conn *conn; + struct hci_conn_params *params; +@@ -4683,7 +4684,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, + } + + conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, +- HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); ++ HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, ++ direct_rpa); + if (!IS_ERR(conn)) { + /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned + * by higher layer that tried to connect, if no then +@@ -4780,8 +4782,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, + bdaddr_type = irk->addr_type; + } + +- /* Check if we have been requested to connect to this device */ +- conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); ++ /* Check if we have been requested to connect to this device. ++ * ++ * direct_addr is set only for directed advertising reports (it is NULL ++ * for advertising reports) and is already verified to be RPA above. ++ */ ++ conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, ++ direct_addr); + if (conn && type == LE_ADV_IND) { + /* Store report for later inclusion by + * mgmt_device_connected +diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c +index 51eab9b5baa1..9f70c267a7a5 100644 +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -1912,7 +1912,8 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt, + int off, pad = 0; + unsigned int size_kern, match_size = mwt->match_size; + +- strlcpy(name, mwt->u.name, sizeof(name)); ++ if (strscpy(name, mwt->u.name, sizeof(name)) < 0) ++ return -EINVAL; + + if (state->buf_kern_start) + dst = state->buf_kern_start + state->buf_kern_offset; +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index 23b95aead897..a9041915afc0 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -612,7 +612,7 @@ void tcp_rcv_space_adjust(struct sock *sk) + sk->sk_rcvbuf = rcvbuf; + + /* Make the window clamp follow along. */ +- tp->window_clamp = rcvwin; ++ tp->window_clamp = tcp_win_from_space(rcvbuf); + } + } + tp->rcvq_space.space = copied; +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c +index 61c93a93f228..eeda67c3dd11 100644 +--- a/net/ipv4/tcp_ipv4.c ++++ b/net/ipv4/tcp_ipv4.c +@@ -1627,6 +1627,10 @@ process: + reqsk_put(req); + goto discard_it; + } ++ if (tcp_checksum_complete(skb)) { ++ reqsk_put(req); ++ goto csum_error; ++ } + if (unlikely(sk->sk_state != TCP_LISTEN)) { + inet_csk_reqsk_queue_drop_and_put(sk, req); + goto lookup; +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c +index 74cbcc4b399c..90abe88e1b40 100644 +--- a/net/ipv6/tcp_ipv6.c ++++ b/net/ipv6/tcp_ipv6.c +@@ -1415,6 +1415,10 @@ process: + reqsk_put(req); + goto discard_it; + } ++ if (tcp_checksum_complete(skb)) { ++ reqsk_put(req); ++ goto csum_error; ++ } + if (unlikely(sk->sk_state != TCP_LISTEN)) { + inet_csk_reqsk_queue_drop_and_put(sk, req); + goto lookup; +diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c +index c074771a10f7..1ca0c2f3d92b 100644 +--- a/net/ipv6/xfrm6_policy.c ++++ b/net/ipv6/xfrm6_policy.c +@@ -121,7 +121,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + struct flowi6 *fl6 = &fl->u.ip6; + int onlyproto = 0; + const struct ipv6hdr *hdr = ipv6_hdr(skb); +- u16 offset = sizeof(*hdr); ++ u32 offset = sizeof(*hdr); + struct ipv6_opt_hdr *exthdr; + const unsigned char *nh = skb_network_header(skb); + u16 nhoff = IP6CB(skb)->nhoff; +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index c0656510c4dc..3167ec76903a 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -2349,8 +2349,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) + struct ipvs_sync_daemon_cfg cfg; + + memset(&cfg, 0, sizeof(cfg)); +- strlcpy(cfg.mcast_ifn, dm->mcast_ifn, +- sizeof(cfg.mcast_ifn)); ++ ret = -EINVAL; ++ if (strscpy(cfg.mcast_ifn, dm->mcast_ifn, ++ sizeof(cfg.mcast_ifn)) <= 0) ++ goto out_dec; + cfg.syncid = dm->syncid; + ret = start_sync_thread(ipvs, &cfg, dm->state); + } else { +@@ -2388,12 +2390,19 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) + } + } + ++ if ((cmd == IP_VS_SO_SET_ADD || cmd == IP_VS_SO_SET_EDIT) && ++ strnlen(usvc.sched_name, IP_VS_SCHEDNAME_MAXLEN) == ++ IP_VS_SCHEDNAME_MAXLEN) { ++ ret = -EINVAL; ++ goto out_unlock; ++ } ++ + /* Check for valid protocol: TCP or UDP or SCTP, even for fwmark!=0 */ + if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP && + usvc.protocol != IPPROTO_SCTP) { +- pr_err("set_ctl: invalid protocol: %d %pI4:%d %s\n", ++ pr_err("set_ctl: invalid protocol: %d %pI4:%d\n", + usvc.protocol, &usvc.addr.ip, +- ntohs(usvc.port), usvc.sched_name); ++ ntohs(usvc.port)); + ret = -EFAULT; + goto out_unlock; + } +@@ -2822,7 +2831,7 @@ static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = { + static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = { + [IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 }, + [IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING, +- .len = IP_VS_IFNAME_MAXLEN }, ++ .len = IP_VS_IFNAME_MAXLEN - 1 }, + [IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 }, + [IPVS_DAEMON_ATTR_SYNC_MAXLEN] = { .type = NLA_U16 }, + [IPVS_DAEMON_ATTR_MCAST_GROUP] = { .type = NLA_U32 }, +@@ -2840,7 +2849,7 @@ static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = { + [IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 }, + [IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 }, + [IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING, +- .len = IP_VS_SCHEDNAME_MAXLEN }, ++ .len = IP_VS_SCHEDNAME_MAXLEN - 1 }, + [IPVS_SVC_ATTR_PE_NAME] = { .type = NLA_NUL_STRING, + .len = IP_VS_PENAME_MAXLEN }, + [IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY, +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index d95cb69460f0..f9a13b67df5e 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -626,6 +626,11 @@ static void xfrm_hash_rebuild(struct work_struct *work) + + /* re-insert all policies by order of creation */ + list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { ++ if (policy->walk.dead || ++ xfrm_policy_id2dir(policy->index) >= XFRM_POLICY_MAX) { ++ /* skip socket policies */ ++ continue; ++ } + newpos = NULL; + chain = policy_hash_bysel(net, &policy->selector, + policy->family, +diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c +index 9c6e10fb479f..273364c39171 100644 +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -547,8 +547,10 @@ int snd_hda_attach_pcm_stream(struct hda_bus *_bus, struct hda_codec *codec, + return err; + strlcpy(pcm->name, cpcm->name, sizeof(pcm->name)); + apcm = kzalloc(sizeof(*apcm), GFP_KERNEL); +- if (apcm == NULL) ++ if (apcm == NULL) { ++ snd_device_free(chip->card, pcm); + return -ENOMEM; ++ } + apcm->chip = chip; + apcm->pcm = pcm; + apcm->codec = codec; +diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c +index 9fae1d248318..cb19af145f46 100644 +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -851,6 +851,8 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { + SND_PCI_QUIRK(0x103c, 0x8079, "HP EliteBook 840 G3", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK), ++ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK), ++ SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE), + SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC), + SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN), +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 580b8943b965..d706a416b587 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2447,6 +2447,7 @@ static const struct snd_pci_quirk alc262_fixup_tbl[] = { + SND_PCI_QUIRK(0x10cf, 0x1397, "Fujitsu Lifebook S7110", ALC262_FIXUP_FSC_S7110), + SND_PCI_QUIRK(0x10cf, 0x142d, "Fujitsu Lifebook E8410", ALC262_FIXUP_BENQ), + SND_PCI_QUIRK(0x10f1, 0x2915, "Tyan Thunder n6650W", ALC262_FIXUP_TYAN), ++ SND_PCI_QUIRK(0x1734, 0x1141, "FSC ESPRIMO U9210", ALC262_FIXUP_FSC_H270), + SND_PCI_QUIRK(0x1734, 0x1147, "FSC Celsius H270", ALC262_FIXUP_FSC_H270), + SND_PCI_QUIRK(0x17aa, 0x384e, "Lenovo 3000", ALC262_FIXUP_LENOVO_3000), + SND_PCI_QUIRK(0x17ff, 0x0560, "Benq ED8", ALC262_FIXUP_BENQ), +diff --git a/sound/soc/cirrus/edb93xx.c b/sound/soc/cirrus/edb93xx.c +index 85962657aabe..517963ef4847 100644 +--- a/sound/soc/cirrus/edb93xx.c ++++ b/sound/soc/cirrus/edb93xx.c +@@ -67,7 +67,7 @@ static struct snd_soc_dai_link edb93xx_dai = { + .cpu_dai_name = "ep93xx-i2s", + .codec_name = "spi0.0", + .codec_dai_name = "cs4271-hifi", +- .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_IF | ++ .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF | + SND_SOC_DAIFMT_CBS_CFS, + .ops = &edb93xx_ops, + }; +diff --git a/sound/soc/cirrus/ep93xx-i2s.c b/sound/soc/cirrus/ep93xx-i2s.c +index 934f8aefdd90..0dc3852c4621 100644 +--- a/sound/soc/cirrus/ep93xx-i2s.c ++++ b/sound/soc/cirrus/ep93xx-i2s.c +@@ -51,7 +51,9 @@ + #define EP93XX_I2S_WRDLEN_24 (1 << 0) + #define EP93XX_I2S_WRDLEN_32 (2 << 0) + +-#define EP93XX_I2S_LINCTRLDATA_R_JUST (1 << 2) /* Right justify */ ++#define EP93XX_I2S_RXLINCTRLDATA_R_JUST BIT(1) /* Right justify */ ++ ++#define EP93XX_I2S_TXLINCTRLDATA_R_JUST BIT(2) /* Right justify */ + + #define EP93XX_I2S_CLKCFG_LRS (1 << 0) /* lrclk polarity */ + #define EP93XX_I2S_CLKCFG_CKP (1 << 1) /* Bit clock polarity */ +@@ -170,25 +172,25 @@ static int ep93xx_i2s_set_dai_fmt(struct snd_soc_dai *cpu_dai, + unsigned int fmt) + { + struct ep93xx_i2s_info *info = snd_soc_dai_get_drvdata(cpu_dai); +- unsigned int clk_cfg, lin_ctrl; ++ unsigned int clk_cfg; ++ unsigned int txlin_ctrl = 0; ++ unsigned int rxlin_ctrl = 0; + + clk_cfg = ep93xx_i2s_read_reg(info, EP93XX_I2S_RXCLKCFG); +- lin_ctrl = ep93xx_i2s_read_reg(info, EP93XX_I2S_RXLINCTRLDATA); + + switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) { + case SND_SOC_DAIFMT_I2S: + clk_cfg |= EP93XX_I2S_CLKCFG_REL; +- lin_ctrl &= ~EP93XX_I2S_LINCTRLDATA_R_JUST; + break; + + case SND_SOC_DAIFMT_LEFT_J: + clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; +- lin_ctrl &= ~EP93XX_I2S_LINCTRLDATA_R_JUST; + break; + + case SND_SOC_DAIFMT_RIGHT_J: + clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; +- lin_ctrl |= EP93XX_I2S_LINCTRLDATA_R_JUST; ++ rxlin_ctrl |= EP93XX_I2S_RXLINCTRLDATA_R_JUST; ++ txlin_ctrl |= EP93XX_I2S_TXLINCTRLDATA_R_JUST; + break; + + default: +@@ -213,32 +215,32 @@ static int ep93xx_i2s_set_dai_fmt(struct snd_soc_dai *cpu_dai, + switch (fmt & SND_SOC_DAIFMT_INV_MASK) { + case SND_SOC_DAIFMT_NB_NF: + /* Negative bit clock, lrclk low on left word */ +- clk_cfg &= ~(EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_REL); ++ clk_cfg &= ~(EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_LRS); + break; + + case SND_SOC_DAIFMT_NB_IF: + /* Negative bit clock, lrclk low on right word */ + clk_cfg &= ~EP93XX_I2S_CLKCFG_CKP; +- clk_cfg |= EP93XX_I2S_CLKCFG_REL; ++ clk_cfg |= EP93XX_I2S_CLKCFG_LRS; + break; + + case SND_SOC_DAIFMT_IB_NF: + /* Positive bit clock, lrclk low on left word */ + clk_cfg |= EP93XX_I2S_CLKCFG_CKP; +- clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; ++ clk_cfg &= ~EP93XX_I2S_CLKCFG_LRS; + break; + + case SND_SOC_DAIFMT_IB_IF: + /* Positive bit clock, lrclk low on right word */ +- clk_cfg |= EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_REL; ++ clk_cfg |= EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_LRS; + break; + } + + /* Write new register values */ + ep93xx_i2s_write_reg(info, EP93XX_I2S_RXCLKCFG, clk_cfg); + ep93xx_i2s_write_reg(info, EP93XX_I2S_TXCLKCFG, clk_cfg); +- ep93xx_i2s_write_reg(info, EP93XX_I2S_RXLINCTRLDATA, lin_ctrl); +- ep93xx_i2s_write_reg(info, EP93XX_I2S_TXLINCTRLDATA, lin_ctrl); ++ ep93xx_i2s_write_reg(info, EP93XX_I2S_RXLINCTRLDATA, rxlin_ctrl); ++ ep93xx_i2s_write_reg(info, EP93XX_I2S_TXLINCTRLDATA, txlin_ctrl); + return 0; + } + +diff --git a/sound/soc/cirrus/snappercl15.c b/sound/soc/cirrus/snappercl15.c +index 98089df08df6..c6737a573bc0 100644 +--- a/sound/soc/cirrus/snappercl15.c ++++ b/sound/soc/cirrus/snappercl15.c +@@ -72,7 +72,7 @@ static struct snd_soc_dai_link snappercl15_dai = { + .codec_dai_name = "tlv320aic23-hifi", + .codec_name = "tlv320aic23-codec.0-001a", + .platform_name = "ep93xx-i2s", +- .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_IF | ++ .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF | + SND_SOC_DAIFMT_CBS_CFS, + .ops = &snappercl15_ops, + }; +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c +index 6a438a361592..9e784cc3e5d2 100644 +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -425,6 +425,8 @@ err_data: + static void dapm_kcontrol_free(struct snd_kcontrol *kctl) + { + struct dapm_kcontrol_data *data = snd_kcontrol_chip(kctl); ++ ++ list_del(&data->paths); + kfree(data->wlist); + kfree(data); + } +diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c +index 425df5c86c9c..425597186677 100644 +--- a/tools/perf/util/dso.c ++++ b/tools/perf/util/dso.c +@@ -249,6 +249,8 @@ int __kmod_path__parse(struct kmod_path *m, const char *path, + if ((strncmp(name, "[kernel.kallsyms]", 17) == 0) || + (strncmp(name, "[guest.kernel.kallsyms", 22) == 0) || + (strncmp(name, "[vdso]", 6) == 0) || ++ (strncmp(name, "[vdso32]", 8) == 0) || ++ (strncmp(name, "[vdsox32]", 9) == 0) || + (strncmp(name, "[vsyscall]", 10) == 0)) { + m->kmod = false; + +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +index 0b540b84f8b7..dc17c881275d 100644 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -111,6 +111,7 @@ struct intel_pt_decoder { + bool have_cyc; + bool fixup_last_mtc; + bool have_last_ip; ++ enum intel_pt_param_flags flags; + uint64_t pos; + uint64_t last_ip; + uint64_t ip; +@@ -213,6 +214,8 @@ struct intel_pt_decoder *intel_pt_decoder_new(struct intel_pt_params *params) + decoder->data = params->data; + decoder->return_compression = params->return_compression; + ++ decoder->flags = params->flags; ++ + decoder->period = params->period; + decoder->period_type = params->period_type; + +@@ -1010,6 +1013,15 @@ out_no_progress: + return err; + } + ++static inline bool intel_pt_fup_with_nlip(struct intel_pt_decoder *decoder, ++ struct intel_pt_insn *intel_pt_insn, ++ uint64_t ip, int err) ++{ ++ return decoder->flags & INTEL_PT_FUP_WITH_NLIP && !err && ++ intel_pt_insn->branch == INTEL_PT_BR_INDIRECT && ++ ip == decoder->ip + intel_pt_insn->length; ++} ++ + static int intel_pt_walk_fup(struct intel_pt_decoder *decoder) + { + struct intel_pt_insn intel_pt_insn; +@@ -1022,7 +1034,8 @@ static int intel_pt_walk_fup(struct intel_pt_decoder *decoder) + err = intel_pt_walk_insn(decoder, &intel_pt_insn, ip); + if (err == INTEL_PT_RETURN) + return 0; +- if (err == -EAGAIN) { ++ if (err == -EAGAIN || ++ intel_pt_fup_with_nlip(decoder, &intel_pt_insn, ip, err)) { + if (decoder->set_fup_tx_flags) { + decoder->set_fup_tx_flags = false; + decoder->tx_flags = decoder->fup_tx_flags; +@@ -1032,7 +1045,7 @@ static int intel_pt_walk_fup(struct intel_pt_decoder *decoder) + decoder->state.flags = decoder->fup_tx_flags; + return 0; + } +- return err; ++ return -EAGAIN; + } + decoder->set_fup_tx_flags = false; + if (err) +@@ -1268,7 +1281,6 @@ static int intel_pt_overflow(struct intel_pt_decoder *decoder) + { + intel_pt_log("ERROR: Buffer overflow\n"); + intel_pt_clear_tx_flags(decoder); +- decoder->have_tma = false; + decoder->cbr = 0; + decoder->timestamp_insn_cnt = 0; + decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC; +@@ -1487,7 +1499,6 @@ static int intel_pt_walk_fup_tip(struct intel_pt_decoder *decoder) + case INTEL_PT_PSB: + case INTEL_PT_TSC: + case INTEL_PT_TMA: +- case INTEL_PT_CBR: + case INTEL_PT_MODE_TSX: + case INTEL_PT_BAD: + case INTEL_PT_PSBEND: +@@ -1496,6 +1507,10 @@ static int intel_pt_walk_fup_tip(struct intel_pt_decoder *decoder) + decoder->pkt_step = 0; + return -ENOENT; + ++ case INTEL_PT_CBR: ++ intel_pt_calc_cbr(decoder); ++ break; ++ + case INTEL_PT_OVF: + return intel_pt_overflow(decoder); + +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h +index 89a3eda6a318..e420bd3be159 100644 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h +@@ -53,6 +53,14 @@ enum { + INTEL_PT_ERR_MAX, + }; + ++enum intel_pt_param_flags { ++ /* ++ * FUP packet can contain next linear instruction pointer instead of ++ * current linear instruction pointer. ++ */ ++ INTEL_PT_FUP_WITH_NLIP = 1 << 0, ++}; ++ + struct intel_pt_state { + enum intel_pt_sample_type type; + int err; +@@ -91,6 +99,7 @@ struct intel_pt_params { + unsigned int mtc_period; + uint32_t tsc_ctc_ratio_n; + uint32_t tsc_ctc_ratio_d; ++ enum intel_pt_param_flags flags; + }; + + struct intel_pt_decoder; +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c +index 7528ae4f7e28..e5c6caf913f3 100644 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c +@@ -281,7 +281,7 @@ static int intel_pt_get_cyc(unsigned int byte, const unsigned char *buf, + if (len < offs) + return INTEL_PT_NEED_MORE_BYTES; + byte = buf[offs++]; +- payload |= (byte >> 1) << shift; ++ payload |= ((uint64_t)byte >> 1) << shift; + } + + packet->type = INTEL_PT_CYC; +diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c +index 3693cb26ec66..c8f2d084a8ce 100644 +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -676,6 +676,7 @@ static struct intel_pt_queue *intel_pt_alloc_queue(struct intel_pt *pt, + unsigned int queue_nr) + { + struct intel_pt_params params = { .get_trace = 0, }; ++ struct perf_env *env = pt->machine->env; + struct intel_pt_queue *ptq; + + ptq = zalloc(sizeof(struct intel_pt_queue)); +@@ -753,6 +754,9 @@ static struct intel_pt_queue *intel_pt_alloc_queue(struct intel_pt *pt, + } + } + ++ if (env->cpuid && !strncmp(env->cpuid, "GenuineIntel,6,92,", 18)) ++ params.flags |= INTEL_PT_FUP_WITH_NLIP; ++ + ptq->decoder = intel_pt_decoder_new(¶ms); + if (!ptq->decoder) + goto out_free; +@@ -1246,6 +1250,7 @@ static int intel_pt_sample(struct intel_pt_queue *ptq) + + if (intel_pt_is_switch_ip(ptq, state->to_ip)) { + switch (ptq->switch_state) { ++ case INTEL_PT_SS_NOT_TRACING: + case INTEL_PT_SS_UNKNOWN: + case INTEL_PT_SS_EXPECTING_SWITCH_IP: + err = intel_pt_next_tid(pt, ptq); diff --git a/patch/kernel/rk3328-default/04-patch-4.4.139-140.patch b/patch/kernel/rk3328-default/04-patch-4.4.139-140.patch new file mode 100644 index 0000000000..a2e3d0ef13 --- /dev/null +++ b/patch/kernel/rk3328-default/04-patch-4.4.139-140.patch @@ -0,0 +1,1823 @@ +diff --git a/Makefile b/Makefile +index 20a11fd36656..b842298a5970 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 139 ++SUBLEVEL = 140 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/arm/boot/dts/imx6q.dtsi b/arch/arm/boot/dts/imx6q.dtsi +index 399103b8e2c9..c81fb8fdc41f 100644 +--- a/arch/arm/boot/dts/imx6q.dtsi ++++ b/arch/arm/boot/dts/imx6q.dtsi +@@ -95,7 +95,7 @@ + clocks = <&clks IMX6Q_CLK_ECSPI5>, + <&clks IMX6Q_CLK_ECSPI5>; + clock-names = "ipg", "per"; +- dmas = <&sdma 11 7 1>, <&sdma 12 7 2>; ++ dmas = <&sdma 11 8 1>, <&sdma 12 8 2>; + dma-names = "rx", "tx"; + status = "disabled"; + }; +diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S +index 5416d5d68308..4cad1adff16b 100644 +--- a/arch/s390/kernel/entry.S ++++ b/arch/s390/kernel/entry.S +@@ -1170,7 +1170,7 @@ cleanup_critical: + jl 0f + clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end + jl .Lcleanup_load_fpu_regs +-0: BR_EX %r14 ++0: BR_EX %r14,%r11 + + .align 8 + .Lcleanup_table: +@@ -1200,7 +1200,7 @@ cleanup_critical: + ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE + lctlg %c1,%c1,__LC_USER_ASCE # load primary asce + larl %r9,sie_exit # skip forward to sie_exit +- BR_EX %r14 ++ BR_EX %r14,%r11 + #endif + + .Lcleanup_system_call: +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index 6edb9530d7e9..ddc9b8125918 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -980,11 +980,12 @@ void do_machine_check(struct pt_regs *regs, long error_code) + int i; + int worst = 0; + int severity; ++ + /* + * Establish sequential order between the CPUs entering the machine + * check handler. + */ +- int order; ++ int order = -1; + /* + * If no_way_out gets set, there is no safe way to recover from this + * MCE. If mca_cfg.tolerant is cranked up, we'll try anyway. +@@ -1000,7 +1001,12 @@ void do_machine_check(struct pt_regs *regs, long error_code) + char *msg = "Unknown"; + u64 recover_paddr = ~0ull; + int flags = MF_ACTION_REQUIRED; +- int lmce = 0; ++ ++ /* ++ * MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES ++ * on Intel. ++ */ ++ int lmce = 1; + + /* If this CPU is offline, just bail out. */ + if (cpu_is_offline(smp_processor_id())) { +@@ -1039,17 +1045,23 @@ void do_machine_check(struct pt_regs *regs, long error_code) + kill_it = 1; + + /* +- * Check if this MCE is signaled to only this logical processor ++ * Check if this MCE is signaled to only this logical processor, ++ * on Intel only. + */ +- if (m.mcgstatus & MCG_STATUS_LMCES) +- lmce = 1; +- else { +- /* +- * Go through all the banks in exclusion of the other CPUs. +- * This way we don't report duplicated events on shared banks +- * because the first one to see it will clear it. +- * If this is a Local MCE, then no need to perform rendezvous. +- */ ++ if (m.cpuvendor == X86_VENDOR_INTEL) ++ lmce = m.mcgstatus & MCG_STATUS_LMCES; ++ ++ /* ++ * Local machine check may already know that we have to panic. ++ * Broadcast machine check begins rendezvous in mce_start() ++ * Go through all banks in exclusion of the other CPUs. This way we ++ * don't report duplicated events on shared banks because the first one ++ * to see it will clear it. ++ */ ++ if (lmce) { ++ if (no_way_out) ++ mce_panic("Fatal local machine check", &m, msg); ++ } else { + order = mce_start(&no_way_out); + } + +@@ -1128,12 +1140,17 @@ void do_machine_check(struct pt_regs *regs, long error_code) + no_way_out = worst >= MCE_PANIC_SEVERITY; + } else { + /* +- * Local MCE skipped calling mce_reign() +- * If we found a fatal error, we need to panic here. ++ * If there was a fatal machine check we should have ++ * already called mce_panic earlier in this function. ++ * Since we re-read the banks, we might have found ++ * something new. Check again to see if we found a ++ * fatal error. We call "mce_severity()" again to ++ * make sure we have the right "msg". + */ +- if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) +- mce_panic("Machine check from unknown source", +- NULL, NULL); ++ if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) { ++ mce_severity(&m, cfg->tolerant, &msg, true); ++ mce_panic("Local fatal machine check!", &m, msg); ++ } + } + + /* +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c +index df9be5b91270..1f5c47a49e35 100644 +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -411,25 +411,38 @@ void free_insn_page(void *page) + module_memfree(page); + } + ++/* Prepare reljump right after instruction to boost */ ++static void prepare_boost(struct kprobe *p, int length) ++{ ++ if (can_boost(p->ainsn.insn, p->addr) && ++ MAX_INSN_SIZE - length >= RELATIVEJUMP_SIZE) { ++ /* ++ * These instructions can be executed directly if it ++ * jumps back to correct address. ++ */ ++ synthesize_reljump(p->ainsn.insn + length, p->addr + length); ++ p->ainsn.boostable = 1; ++ } else { ++ p->ainsn.boostable = -1; ++ } ++} ++ + static int arch_copy_kprobe(struct kprobe *p) + { +- int ret; ++ int len; + + set_memory_rw((unsigned long)p->ainsn.insn & PAGE_MASK, 1); + + /* Copy an instruction with recovering if other optprobe modifies it.*/ +- ret = __copy_instruction(p->ainsn.insn, p->addr); +- if (!ret) ++ len = __copy_instruction(p->ainsn.insn, p->addr); ++ if (!len) + return -EINVAL; + + /* + * __copy_instruction can modify the displacement of the instruction, + * but it doesn't affect boostable check. + */ +- if (can_boost(p->ainsn.insn, p->addr)) +- p->ainsn.boostable = 0; +- else +- p->ainsn.boostable = -1; ++ prepare_boost(p, len); + + set_memory_ro((unsigned long)p->ainsn.insn & PAGE_MASK, 1); + +@@ -894,21 +907,6 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs, + break; + } + +- if (p->ainsn.boostable == 0) { +- if ((regs->ip > copy_ip) && +- (regs->ip - copy_ip) + 5 < MAX_INSN_SIZE) { +- /* +- * These instructions can be executed directly if it +- * jumps back to correct address. +- */ +- synthesize_reljump((void *)regs->ip, +- (void *)orig_ip + (regs->ip - copy_ip)); +- p->ainsn.boostable = 1; +- } else { +- p->ainsn.boostable = -1; +- } +- } +- + regs->ip += orig_ip - copy_ip; + + no_change: +diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c +index a744506856b1..88ce150186c6 100644 +--- a/arch/x86/lib/cmdline.c ++++ b/arch/x86/lib/cmdline.c +@@ -21,12 +21,14 @@ static inline int myisspace(u8 c) + * @option: option string to look for + * + * Returns the position of that @option (starts counting with 1) +- * or 0 on not found. ++ * or 0 on not found. @option will only be found if it is found ++ * as an entire word in @cmdline. For instance, if @option="car" ++ * then a cmdline which contains "cart" will not match. + */ + int cmdline_find_option_bool(const char *cmdline, const char *option) + { + char c; +- int len, pos = 0, wstart = 0; ++ int pos = 0, wstart = 0; + const char *opptr = NULL; + enum { + st_wordstart = 0, /* Start of word/after whitespace */ +@@ -37,11 +39,14 @@ int cmdline_find_option_bool(const char *cmdline, const char *option) + if (!cmdline) + return -1; /* No command line */ + +- len = min_t(int, strlen(cmdline), COMMAND_LINE_SIZE); +- if (!len) ++ if (!strlen(cmdline)) + return 0; + +- while (len--) { ++ /* ++ * This 'pos' check ensures we do not overrun ++ * a non-NULL-terminated 'cmdline' ++ */ ++ while (pos < COMMAND_LINE_SIZE) { + c = *(char *)cmdline++; + pos++; + +@@ -58,17 +63,26 @@ int cmdline_find_option_bool(const char *cmdline, const char *option) + /* fall through */ + + case st_wordcmp: +- if (!*opptr) ++ if (!*opptr) { ++ /* ++ * We matched all the way to the end of the ++ * option we were looking for. If the ++ * command-line has a space _or_ ends, then ++ * we matched! ++ */ + if (!c || myisspace(c)) + return wstart; + else + state = st_wordskip; +- else if (!c) ++ } else if (!c) { ++ /* ++ * Hit the NULL terminator on the end of ++ * cmdline. ++ */ + return 0; +- else if (c != *opptr++) ++ } else if (c != *opptr++) { + state = st_wordskip; +- else if (!len) /* last word and is matching */ +- return wstart; ++ } + break; + + case st_wordskip: +diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c +index 5578c1477ba6..8bfd4fd7e9ec 100644 +--- a/drivers/block/drbd/drbd_worker.c ++++ b/drivers/block/drbd/drbd_worker.c +@@ -256,8 +256,8 @@ void drbd_request_endio(struct bio *bio) + } else + what = COMPLETED_OK; + +- bio_put(req->private_bio); + req->private_bio = ERR_PTR(bio->bi_error); ++ bio_put(bio); + + /* not req_mod(), we need irqsave here! */ + spin_lock_irqsave(&device->resource->req_lock, flags); +diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c +index 2886b645ced7..6c60f4b63d21 100644 +--- a/drivers/hid/hid-debug.c ++++ b/drivers/hid/hid-debug.c +@@ -1152,6 +1152,8 @@ copy_rest: + goto out; + if (list->tail > list->head) { + len = list->tail - list->head; ++ if (len > count) ++ len = count; + + if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { + ret = -EFAULT; +@@ -1161,6 +1163,8 @@ copy_rest: + list->head += len; + } else { + len = HID_DEBUG_BUFSIZE - list->head; ++ if (len > count) ++ len = count; + + if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { + ret = -EFAULT; +@@ -1168,7 +1172,9 @@ copy_rest: + } + list->head = 0; + ret += len; +- goto copy_rest; ++ count -= len; ++ if (count > 0) ++ goto copy_rest; + } + + } +diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c +index 4c3ed078c6b9..a5fed668fde1 100644 +--- a/drivers/hid/i2c-hid/i2c-hid.c ++++ b/drivers/hid/i2c-hid/i2c-hid.c +@@ -413,7 +413,7 @@ static void i2c_hid_get_input(struct i2c_hid *ihid) + return; + } + +- if ((ret_size > size) || (ret_size <= 2)) { ++ if ((ret_size > size) || (ret_size < 2)) { + dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n", + __func__, size, ret_size); + return; +diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c +index 700145b15088..b59b15d4caa9 100644 +--- a/drivers/hid/usbhid/hiddev.c ++++ b/drivers/hid/usbhid/hiddev.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #include "usbhid.h" + + #ifdef CONFIG_USB_DYNAMIC_MINORS +@@ -478,10 +479,14 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, + + if (uref->field_index >= report->maxfield) + goto inval; ++ uref->field_index = array_index_nospec(uref->field_index, ++ report->maxfield); + + field = report->field[uref->field_index]; + if (uref->usage_index >= field->maxusage) + goto inval; ++ uref->usage_index = array_index_nospec(uref->usage_index, ++ field->maxusage); + + uref->usage_code = field->usage[uref->usage_index].hid; + +@@ -508,6 +513,8 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, + + if (uref->field_index >= report->maxfield) + goto inval; ++ uref->field_index = array_index_nospec(uref->field_index, ++ report->maxfield); + + field = report->field[uref->field_index]; + +@@ -761,6 +768,8 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + + if (finfo.field_index >= report->maxfield) + break; ++ finfo.field_index = array_index_nospec(finfo.field_index, ++ report->maxfield); + + field = report->field[finfo.field_index]; + memset(&finfo, 0, sizeof(finfo)); +@@ -801,6 +810,8 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + + if (cinfo.index >= hid->maxcollection) + break; ++ cinfo.index = array_index_nospec(cinfo.index, ++ hid->maxcollection); + + cinfo.type = hid->collection[cinfo.index].type; + cinfo.usage = hid->collection[cinfo.index].usage; +diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c +index 6f89484765e3..dfe1a53ce4ad 100644 +--- a/drivers/i2c/busses/i2c-rcar.c ++++ b/drivers/i2c/busses/i2c-rcar.c +@@ -484,6 +484,8 @@ static int rcar_i2c_master_xfer(struct i2c_adapter *adap, + + pm_runtime_get_sync(dev); + ++ rcar_i2c_init(priv); ++ + ret = rcar_i2c_bus_barrier(priv); + if (ret < 0) + goto out; +@@ -624,7 +626,6 @@ static int rcar_i2c_probe(struct platform_device *pdev) + if (ret < 0) + goto out_pm_put; + +- rcar_i2c_init(priv); + pm_runtime_put(dev); + + irq = platform_get_irq(pdev, 0); +diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c +index 969c815c90b6..b1d5fa0bc8f7 100644 +--- a/drivers/md/dm-bufio.c ++++ b/drivers/md/dm-bufio.c +@@ -813,12 +813,14 @@ enum new_flag { + static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client *c, enum new_flag nf) + { + struct dm_buffer *b; ++ bool tried_noio_alloc = false; + + /* + * dm-bufio is resistant to allocation failures (it just keeps + * one buffer reserved in cases all the allocations fail). + * So set flags to not try too hard: +- * GFP_NOIO: don't recurse into the I/O layer ++ * GFP_NOWAIT: don't wait; if we need to sleep we'll release our ++ * mutex and wait ourselves. + * __GFP_NORETRY: don't retry and rather return failure + * __GFP_NOMEMALLOC: don't use emergency reserves + * __GFP_NOWARN: don't print a warning in case of failure +@@ -828,7 +830,7 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client + */ + while (1) { + if (dm_bufio_cache_size_latch != 1) { +- b = alloc_buffer(c, GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); ++ b = alloc_buffer(c, GFP_NOWAIT | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); + if (b) + return b; + } +@@ -836,6 +838,15 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client + if (nf == NF_PREFETCH) + return NULL; + ++ if (dm_bufio_cache_size_latch != 1 && !tried_noio_alloc) { ++ dm_bufio_unlock(c); ++ b = alloc_buffer(c, GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); ++ dm_bufio_lock(c); ++ if (b) ++ return b; ++ tried_noio_alloc = true; ++ } ++ + if (!list_empty(&c->reserved_buffers)) { + b = list_entry(c->reserved_buffers.next, + struct dm_buffer, lru_list); +@@ -1563,19 +1574,11 @@ dm_bufio_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) + static unsigned long + dm_bufio_shrink_count(struct shrinker *shrink, struct shrink_control *sc) + { +- struct dm_bufio_client *c; +- unsigned long count; +- unsigned long retain_target; +- +- c = container_of(shrink, struct dm_bufio_client, shrinker); +- if (sc->gfp_mask & __GFP_FS) +- dm_bufio_lock(c); +- else if (!dm_bufio_trylock(c)) +- return 0; ++ struct dm_bufio_client *c = container_of(shrink, struct dm_bufio_client, shrinker); ++ unsigned long count = READ_ONCE(c->n_buffers[LIST_CLEAN]) + ++ READ_ONCE(c->n_buffers[LIST_DIRTY]); ++ unsigned long retain_target = get_retain_buffers(c); + +- count = c->n_buffers[LIST_CLEAN] + c->n_buffers[LIST_DIRTY]; +- retain_target = get_retain_buffers(c); +- dm_bufio_unlock(c); + return (count < retain_target) ? 0 : (count - retain_target); + } + +diff --git a/drivers/media/i2c/cx25840/cx25840-core.c b/drivers/media/i2c/cx25840/cx25840-core.c +index a47ab1947cc4..17d217c3585a 100644 +--- a/drivers/media/i2c/cx25840/cx25840-core.c ++++ b/drivers/media/i2c/cx25840/cx25840-core.c +@@ -467,8 +467,13 @@ static void cx23885_initialize(struct i2c_client *client) + { + DEFINE_WAIT(wait); + struct cx25840_state *state = to_state(i2c_get_clientdata(client)); ++ u32 clk_freq = 0; + struct workqueue_struct *q; + ++ /* cx23885 sets hostdata to clk_freq pointer */ ++ if (v4l2_get_subdev_hostdata(&state->sd)) ++ clk_freq = *((u32 *)v4l2_get_subdev_hostdata(&state->sd)); ++ + /* + * Come out of digital power down + * The CX23888, at least, needs this, otherwise registers aside from +@@ -504,8 +509,13 @@ static void cx23885_initialize(struct i2c_client *client) + * 50.0 MHz * (0xb + 0xe8ba26/0x2000000)/4 = 5 * 28.636363 MHz + * 572.73 MHz before post divide + */ +- /* HVR1850 or 50MHz xtal */ +- cx25840_write(client, 0x2, 0x71); ++ if (clk_freq == 25000000) { ++ /* 888/ImpactVCBe or 25Mhz xtal */ ++ ; /* nothing to do */ ++ } else { ++ /* HVR1850 or 50MHz xtal */ ++ cx25840_write(client, 0x2, 0x71); ++ } + cx25840_write4(client, 0x11c, 0x01d1744c); + cx25840_write4(client, 0x118, 0x00000416); + cx25840_write4(client, 0x404, 0x0010253e); +@@ -548,9 +558,15 @@ static void cx23885_initialize(struct i2c_client *client) + /* HVR1850 */ + switch (state->id) { + case CX23888_AV: +- /* 888/HVR1250 specific */ +- cx25840_write4(client, 0x10c, 0x13333333); +- cx25840_write4(client, 0x108, 0x00000515); ++ if (clk_freq == 25000000) { ++ /* 888/ImpactVCBe or 25MHz xtal */ ++ cx25840_write4(client, 0x10c, 0x01b6db7b); ++ cx25840_write4(client, 0x108, 0x00000512); ++ } else { ++ /* 888/HVR1250 or 50MHz xtal */ ++ cx25840_write4(client, 0x10c, 0x13333333); ++ cx25840_write4(client, 0x108, 0x00000515); ++ } + break; + default: + cx25840_write4(client, 0x10c, 0x002be2c9); +@@ -577,7 +593,7 @@ static void cx23885_initialize(struct i2c_client *client) + * 368.64 MHz before post divide + * 122.88 MHz / 0xa = 12.288 MHz + */ +- /* HVR1850 or 50MHz xtal */ ++ /* HVR1850 or 50MHz xtal or 25MHz xtal */ + cx25840_write4(client, 0x114, 0x017dbf48); + cx25840_write4(client, 0x110, 0x000a030e); + break; +diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c +index c484ca8c909c..fb5a3052f144 100644 +--- a/drivers/mtd/chips/cfi_cmdset_0002.c ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c +@@ -42,7 +42,7 @@ + #define AMD_BOOTLOC_BUG + #define FORCE_WORD_WRITE 0 + +-#define MAX_WORD_RETRIES 3 ++#define MAX_RETRIES 3 + + #define SST49LF004B 0x0060 + #define SST49LF040B 0x0050 +@@ -1645,7 +1645,7 @@ static int __xipram do_write_oneword(struct map_info *map, struct flchip *chip, + map_write( map, CMD(0xF0), chip->start ); + /* FIXME - should have reset delay before continuing */ + +- if (++retry_cnt <= MAX_WORD_RETRIES) ++ if (++retry_cnt <= MAX_RETRIES) + goto retry; + + ret = -EIO; +@@ -2104,7 +2104,7 @@ retry: + map_write(map, CMD(0xF0), chip->start); + /* FIXME - should have reset delay before continuing */ + +- if (++retry_cnt <= MAX_WORD_RETRIES) ++ if (++retry_cnt <= MAX_RETRIES) + goto retry; + + ret = -EIO; +@@ -2239,6 +2239,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) + unsigned long int adr; + DECLARE_WAITQUEUE(wait, current); + int ret = 0; ++ int retry_cnt = 0; + + adr = cfi->addr_unlock1; + +@@ -2256,6 +2257,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) + ENABLE_VPP(map); + xip_disable(map, chip, adr); + ++ retry: + cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); + cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); + cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); +@@ -2292,12 +2294,13 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) + chip->erase_suspended = 0; + } + +- if (chip_ready(map, adr)) ++ if (chip_good(map, adr, map_word_ff(map))) + break; + + if (time_after(jiffies, timeo)) { + printk(KERN_WARNING "MTD %s(): software timeout\n", + __func__ ); ++ ret = -EIO; + break; + } + +@@ -2305,12 +2308,15 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) + UDELAY(map, chip, adr, 1000000/HZ); + } + /* Did we succeed? */ +- if (!chip_good(map, adr, map_word_ff(map))) { ++ if (ret) { + /* reset on all failures. */ + map_write( map, CMD(0xF0), chip->start ); + /* FIXME - should have reset delay before continuing */ + +- ret = -EIO; ++ if (++retry_cnt <= MAX_RETRIES) { ++ ret = 0; ++ goto retry; ++ } + } + + chip->state = FL_READY; +@@ -2329,6 +2335,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, + unsigned long timeo = jiffies + HZ; + DECLARE_WAITQUEUE(wait, current); + int ret = 0; ++ int retry_cnt = 0; + + adr += chip->start; + +@@ -2346,6 +2353,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, + ENABLE_VPP(map); + xip_disable(map, chip, adr); + ++ retry: + cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); + cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); + cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); +@@ -2382,7 +2390,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, + chip->erase_suspended = 0; + } + +- if (chip_ready(map, adr)) { ++ if (chip_good(map, adr, map_word_ff(map))) { + xip_enable(map, chip, adr); + break; + } +@@ -2391,6 +2399,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, + xip_enable(map, chip, adr); + printk(KERN_WARNING "MTD %s(): software timeout\n", + __func__ ); ++ ret = -EIO; + break; + } + +@@ -2398,12 +2407,15 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, + UDELAY(map, chip, adr, 1000000/HZ); + } + /* Did we succeed? */ +- if (!chip_good(map, adr, map_word_ff(map))) { ++ if (ret) { + /* reset on all failures. */ + map_write( map, CMD(0xF0), chip->start ); + /* FIXME - should have reset delay before continuing */ + +- ret = -EIO; ++ if (++retry_cnt <= MAX_RETRIES) { ++ ret = 0; ++ goto retry; ++ } + } + + chip->state = FL_READY; +diff --git a/drivers/mtd/nand/mxc_nand.c b/drivers/mtd/nand/mxc_nand.c +index 136e73a3e07e..53fe795fd716 100644 +--- a/drivers/mtd/nand/mxc_nand.c ++++ b/drivers/mtd/nand/mxc_nand.c +@@ -49,7 +49,7 @@ + #define NFC_V1_V2_CONFIG (host->regs + 0x0a) + #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) + #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) +-#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) ++#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) + #define NFC_V1_V2_WRPROT (host->regs + 0x12) + #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) + #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) +@@ -1034,6 +1034,9 @@ static void preset_v2(struct mtd_info *mtd) + writew(config1, NFC_V1_V2_CONFIG1); + /* preset operation */ + ++ /* spare area size in 16-bit half-words */ ++ writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); ++ + /* Unlock the internal RAM Buffer */ + writew(0x2, NFC_V1_V2_CONFIG); + +diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c +index 4dd0391d2942..c4a25c858c07 100644 +--- a/drivers/mtd/ubi/eba.c ++++ b/drivers/mtd/ubi/eba.c +@@ -350,6 +350,82 @@ out_unlock: + return err; + } + ++#ifdef CONFIG_MTD_UBI_FASTMAP ++/** ++ * check_mapping - check and fixup a mapping ++ * @ubi: UBI device description object ++ * @vol: volume description object ++ * @lnum: logical eraseblock number ++ * @pnum: physical eraseblock number ++ * ++ * Checks whether a given mapping is valid. Fastmap cannot track LEB unmap ++ * operations, if such an operation is interrupted the mapping still looks ++ * good, but upon first read an ECC is reported to the upper layer. ++ * Normaly during the full-scan at attach time this is fixed, for Fastmap ++ * we have to deal with it while reading. ++ * If the PEB behind a LEB shows this symthom we change the mapping to ++ * %UBI_LEB_UNMAPPED and schedule the PEB for erasure. ++ * ++ * Returns 0 on success, negative error code in case of failure. ++ */ ++static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, ++ int *pnum) ++{ ++ int err; ++ struct ubi_vid_hdr *vid_hdr; ++ ++ if (!ubi->fast_attach) ++ return 0; ++ ++ vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); ++ if (!vid_hdr) ++ return -ENOMEM; ++ ++ err = ubi_io_read_vid_hdr(ubi, *pnum, vid_hdr, 0); ++ if (err > 0 && err != UBI_IO_BITFLIPS) { ++ int torture = 0; ++ ++ switch (err) { ++ case UBI_IO_FF: ++ case UBI_IO_FF_BITFLIPS: ++ case UBI_IO_BAD_HDR: ++ case UBI_IO_BAD_HDR_EBADMSG: ++ break; ++ default: ++ ubi_assert(0); ++ } ++ ++ if (err == UBI_IO_BAD_HDR_EBADMSG || err == UBI_IO_FF_BITFLIPS) ++ torture = 1; ++ ++ down_read(&ubi->fm_eba_sem); ++ vol->eba_tbl[lnum] = UBI_LEB_UNMAPPED; ++ up_read(&ubi->fm_eba_sem); ++ ubi_wl_put_peb(ubi, vol->vol_id, lnum, *pnum, torture); ++ ++ *pnum = UBI_LEB_UNMAPPED; ++ } else if (err < 0) { ++ ubi_err(ubi, "unable to read VID header back from PEB %i: %i", ++ *pnum, err); ++ ++ goto out_free; ++ } ++ ++ err = 0; ++ ++out_free: ++ ubi_free_vid_hdr(ubi, vid_hdr); ++ ++ return err; ++} ++#else ++static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, ++ int *pnum) ++{ ++ return 0; ++} ++#endif ++ + /** + * ubi_eba_read_leb - read data. + * @ubi: UBI device description object +@@ -381,7 +457,13 @@ int ubi_eba_read_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + return err; + + pnum = vol->eba_tbl[lnum]; +- if (pnum < 0) { ++ if (pnum >= 0) { ++ err = check_mapping(ubi, vol, lnum, &pnum); ++ if (err < 0) ++ goto out_unlock; ++ } ++ ++ if (pnum == UBI_LEB_UNMAPPED) { + /* + * The logical eraseblock is not mapped, fill the whole buffer + * with 0xFF bytes. The exception is static volumes for which +@@ -696,6 +778,14 @@ int ubi_eba_write_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + return err; + + pnum = vol->eba_tbl[lnum]; ++ if (pnum >= 0) { ++ err = check_mapping(ubi, vol, lnum, &pnum); ++ if (err < 0) { ++ leb_write_unlock(ubi, vol_id, lnum); ++ return err; ++ } ++ } ++ + if (pnum >= 0) { + dbg_eba("write %d bytes at offset %d of LEB %d:%d, PEB %d", + len, offset, vol_id, lnum, pnum); +diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c +index d26cb37b1fbd..b32c47fe926d 100644 +--- a/drivers/net/wireless/ath/ath10k/htt_rx.c ++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c +@@ -1166,6 +1166,7 @@ static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar, + size_t hdr_len, crypto_len; + void *rfc1042; + bool is_first, is_last, is_amsdu; ++ int bytes_aligned = ar->hw_params.decap_align_bytes; + + rxd = (void *)msdu->data - sizeof(*rxd); + hdr = (void *)rxd->rx_hdr_status; +@@ -1182,8 +1183,8 @@ static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar, + hdr_len = ieee80211_hdrlen(hdr->frame_control); + crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); + +- rfc1042 += round_up(hdr_len, 4) + +- round_up(crypto_len, 4); ++ rfc1042 += round_up(hdr_len, bytes_aligned) + ++ round_up(crypto_len, bytes_aligned); + } + + if (is_amsdu) +diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c +index e86fcc9e9852..01f47b68b6e7 100644 +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -1589,11 +1589,11 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid) + if (result < 0) + goto release_cq; + ++ nvme_init_queue(nvmeq, qid); + result = queue_request_irq(dev, nvmeq, nvmeq->irqname); + if (result < 0) + goto release_sq; + +- nvme_init_queue(nvmeq, qid); + return result; + + release_sq: +@@ -1797,6 +1797,7 @@ static int nvme_configure_admin_queue(struct nvme_dev *dev) + goto free_nvmeq; + + nvmeq->cq_vector = 0; ++ nvme_init_queue(nvmeq, 0); + result = queue_request_irq(dev, nvmeq, nvmeq->irqname); + if (result) { + nvmeq->cq_vector = -1; +@@ -3165,7 +3166,6 @@ static void nvme_probe_work(struct work_struct *work) + goto disable; + } + +- nvme_init_queue(dev->queues[0], 0); + result = nvme_alloc_admin_tags(dev); + if (result) + goto disable; +diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c +index 841f3fbec77c..4302880a20b3 100644 +--- a/drivers/scsi/sg.c ++++ b/drivers/scsi/sg.c +@@ -51,6 +51,7 @@ static int sg_version_num = 30536; /* 2 digits for each component */ + #include + #include + #include ++#include /* for sg_check_file_access() */ + + #include "scsi.h" + #include +@@ -221,6 +222,33 @@ static void sg_device_destroy(struct kref *kref); + sdev_prefix_printk(prefix, (sdp)->device, \ + (sdp)->disk->disk_name, fmt, ##a) + ++/* ++ * The SCSI interfaces that use read() and write() as an asynchronous variant of ++ * ioctl(..., SG_IO, ...) are fundamentally unsafe, since there are lots of ways ++ * to trigger read() and write() calls from various contexts with elevated ++ * privileges. This can lead to kernel memory corruption (e.g. if these ++ * interfaces are called through splice()) and privilege escalation inside ++ * userspace (e.g. if a process with access to such a device passes a file ++ * descriptor to a SUID binary as stdin/stdout/stderr). ++ * ++ * This function provides protection for the legacy API by restricting the ++ * calling context. ++ */ ++static int sg_check_file_access(struct file *filp, const char *caller) ++{ ++ if (filp->f_cred != current_real_cred()) { ++ pr_err_once("%s: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n", ++ caller, task_tgid_vnr(current), current->comm); ++ return -EPERM; ++ } ++ if (unlikely(segment_eq(get_fs(), KERNEL_DS))) { ++ pr_err_once("%s: process %d (%s) called from kernel context, this is not allowed.\n", ++ caller, task_tgid_vnr(current), current->comm); ++ return -EACCES; ++ } ++ return 0; ++} ++ + static int sg_allow_access(struct file *filp, unsigned char *cmd) + { + struct sg_fd *sfp = filp->private_data; +@@ -405,6 +433,14 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) + struct sg_header *old_hdr = NULL; + int retval = 0; + ++ /* ++ * This could cause a response to be stranded. Close the associated ++ * file descriptor to free up any resources being held. ++ */ ++ retval = sg_check_file_access(filp, __func__); ++ if (retval) ++ return retval; ++ + if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) + return -ENXIO; + SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, +@@ -592,9 +628,11 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) + struct sg_header old_hdr; + sg_io_hdr_t *hp; + unsigned char cmnd[SG_MAX_CDB_SIZE]; ++ int retval; + +- if (unlikely(segment_eq(get_fs(), KERNEL_DS))) +- return -EINVAL; ++ retval = sg_check_file_access(filp, __func__); ++ if (retval) ++ return retval; + + if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) + return -ENXIO; +diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c +index ca15a87f6fd3..13a9b4c42b26 100644 +--- a/drivers/staging/android/ion/ion_heap.c ++++ b/drivers/staging/android/ion/ion_heap.c +@@ -38,7 +38,7 @@ void *ion_heap_map_kernel(struct ion_heap *heap, + struct page **tmp = pages; + + if (!pages) +- return NULL; ++ return ERR_PTR(-ENOMEM); + + if (buffer->flags & ION_FLAG_CACHED) + pgprot = PAGE_KERNEL; +diff --git a/drivers/staging/comedi/drivers/quatech_daqp_cs.c b/drivers/staging/comedi/drivers/quatech_daqp_cs.c +index e9e43139157d..769a94015117 100644 +--- a/drivers/staging/comedi/drivers/quatech_daqp_cs.c ++++ b/drivers/staging/comedi/drivers/quatech_daqp_cs.c +@@ -642,7 +642,7 @@ static int daqp_ao_insn_write(struct comedi_device *dev, + /* Make sure D/A update mode is direct update */ + outb(0, dev->iobase + DAQP_AUX_REG); + +- for (i = 0; i > insn->n; i++) { ++ for (i = 0; i < insn->n; i++) { + unsigned val = data[i]; + int ret; + +diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c +index 190e5dc15738..b1ec202099b2 100644 +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -128,6 +128,8 @@ struct n_tty_data { + struct mutex output_lock; + }; + ++#define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1)) ++ + static inline size_t read_cnt(struct n_tty_data *ldata) + { + return ldata->read_head - ldata->read_tail; +@@ -145,6 +147,7 @@ static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i) + + static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i) + { ++ smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */ + return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)]; + } + +@@ -322,9 +325,7 @@ static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata) + static void reset_buffer_flags(struct n_tty_data *ldata) + { + ldata->read_head = ldata->canon_head = ldata->read_tail = 0; +- ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0; + ldata->commit_head = 0; +- ldata->echo_mark = 0; + ldata->line_start = 0; + + ldata->erasing = 0; +@@ -645,12 +646,19 @@ static size_t __process_echoes(struct tty_struct *tty) + old_space = space = tty_write_room(tty); + + tail = ldata->echo_tail; +- while (ldata->echo_commit != tail) { ++ while (MASK(ldata->echo_commit) != MASK(tail)) { + c = echo_buf(ldata, tail); + if (c == ECHO_OP_START) { + unsigned char op; + int no_space_left = 0; + ++ /* ++ * Since add_echo_byte() is called without holding ++ * output_lock, we might see only portion of multi-byte ++ * operation. ++ */ ++ if (MASK(ldata->echo_commit) == MASK(tail + 1)) ++ goto not_yet_stored; + /* + * If the buffer byte is the start of a multi-byte + * operation, get the next byte, which is either the +@@ -662,6 +670,8 @@ static size_t __process_echoes(struct tty_struct *tty) + unsigned int num_chars, num_bs; + + case ECHO_OP_ERASE_TAB: ++ if (MASK(ldata->echo_commit) == MASK(tail + 2)) ++ goto not_yet_stored; + num_chars = echo_buf(ldata, tail + 2); + + /* +@@ -756,7 +766,8 @@ static size_t __process_echoes(struct tty_struct *tty) + /* If the echo buffer is nearly full (so that the possibility exists + * of echo overrun before the next commit), then discard enough + * data at the tail to prevent a subsequent overrun */ +- while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { ++ while (ldata->echo_commit > tail && ++ ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { + if (echo_buf(ldata, tail) == ECHO_OP_START) { + if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) + tail += 3; +@@ -766,6 +777,7 @@ static size_t __process_echoes(struct tty_struct *tty) + tail++; + } + ++ not_yet_stored: + ldata->echo_tail = tail; + return old_space - space; + } +@@ -776,6 +788,7 @@ static void commit_echoes(struct tty_struct *tty) + size_t nr, old, echoed; + size_t head; + ++ mutex_lock(&ldata->output_lock); + head = ldata->echo_head; + ldata->echo_mark = head; + old = ldata->echo_commit - ldata->echo_tail; +@@ -784,10 +797,12 @@ static void commit_echoes(struct tty_struct *tty) + * is over the threshold (and try again each time another + * block is accumulated) */ + nr = head - ldata->echo_tail; +- if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK)) ++ if (nr < ECHO_COMMIT_WATERMARK || ++ (nr % ECHO_BLOCK > old % ECHO_BLOCK)) { ++ mutex_unlock(&ldata->output_lock); + return; ++ } + +- mutex_lock(&ldata->output_lock); + ldata->echo_commit = head; + echoed = __process_echoes(tty); + mutex_unlock(&ldata->output_lock); +@@ -838,7 +853,9 @@ static void flush_echoes(struct tty_struct *tty) + + static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata) + { +- *echo_buf_addr(ldata, ldata->echo_head++) = c; ++ *echo_buf_addr(ldata, ldata->echo_head) = c; ++ smp_wmb(); /* Matches smp_rmb() in echo_buf(). */ ++ ldata->echo_head++; + } + + /** +@@ -1006,14 +1023,15 @@ static void eraser(unsigned char c, struct tty_struct *tty) + } + + seen_alnums = 0; +- while (ldata->read_head != ldata->canon_head) { ++ while (MASK(ldata->read_head) != MASK(ldata->canon_head)) { + head = ldata->read_head; + + /* erase a single possibly multibyte character */ + do { + head--; + c = read_buf(ldata, head); +- } while (is_continuation(c, tty) && head != ldata->canon_head); ++ } while (is_continuation(c, tty) && ++ MASK(head) != MASK(ldata->canon_head)); + + /* do not partially erase */ + if (is_continuation(c, tty)) +@@ -1055,7 +1073,7 @@ static void eraser(unsigned char c, struct tty_struct *tty) + * This info is used to go back the correct + * number of columns. + */ +- while (tail != ldata->canon_head) { ++ while (MASK(tail) != MASK(ldata->canon_head)) { + tail--; + c = read_buf(ldata, tail); + if (c == '\t') { +@@ -1332,7 +1350,7 @@ n_tty_receive_char_special(struct tty_struct *tty, unsigned char c) + finish_erasing(ldata); + echo_char(c, tty); + echo_char_raw('\n', ldata); +- while (tail != ldata->read_head) { ++ while (MASK(tail) != MASK(ldata->read_head)) { + echo_char(read_buf(ldata, tail), tty); + tail++; + } +@@ -1917,31 +1935,22 @@ static int n_tty_open(struct tty_struct *tty) + struct n_tty_data *ldata; + + /* Currently a malloc failure here can panic */ +- ldata = vmalloc(sizeof(*ldata)); ++ ldata = vzalloc(sizeof(*ldata)); + if (!ldata) +- goto err; ++ return -ENOMEM; + + ldata->overrun_time = jiffies; + mutex_init(&ldata->atomic_read_lock); + mutex_init(&ldata->output_lock); + + tty->disc_data = ldata; +- reset_buffer_flags(tty->disc_data); +- ldata->column = 0; +- ldata->canon_column = 0; + ldata->minimum_to_wake = 1; +- ldata->num_overrun = 0; +- ldata->no_room = 0; +- ldata->lnext = 0; + tty->closing = 0; + /* indicate buffer work may resume */ + clear_bit(TTY_LDISC_HALTED, &tty->flags); + n_tty_set_termios(tty, NULL); + tty_unthrottle(tty); +- + return 0; +-err: +- return -ENOMEM; + } + + static inline int input_available_p(struct tty_struct *tty, int poll) +@@ -2479,7 +2488,7 @@ static unsigned long inq_canon(struct n_tty_data *ldata) + tail = ldata->read_tail; + nr = head - tail; + /* Skip EOF-chars.. */ +- while (head != tail) { ++ while (MASK(head) != MASK(tail)) { + if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) && + read_buf(ldata, tail) == __DISABLED_CHAR) + nr--; +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c +index edd8ef4ee502..7ed30d0b5273 100644 +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -1698,6 +1698,9 @@ static const struct usb_device_id acm_ids[] = { + { USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */ + .driver_info = SINGLE_RX_URB, + }, ++ { USB_DEVICE(0x1965, 0x0018), /* Uniden UBC125XLT */ ++ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ ++ }, + { USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */ + .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ + }, +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index e7a051386b32..73835027a7cc 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -91,6 +91,9 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x8156) }, /* B&G H3000 link cable */ + { USB_DEVICE(0x10C4, 0x815E) }, /* Helicomm IP-Link 1220-DVM */ + { USB_DEVICE(0x10C4, 0x815F) }, /* Timewave HamLinkUSB */ ++ { USB_DEVICE(0x10C4, 0x817C) }, /* CESINEL MEDCAL N Power Quality Monitor */ ++ { USB_DEVICE(0x10C4, 0x817D) }, /* CESINEL MEDCAL NT Power Quality Monitor */ ++ { USB_DEVICE(0x10C4, 0x817E) }, /* CESINEL MEDCAL S Power Quality Monitor */ + { USB_DEVICE(0x10C4, 0x818B) }, /* AVIT Research USB to TTL */ + { USB_DEVICE(0x10C4, 0x819F) }, /* MJS USB Toslink Switcher */ + { USB_DEVICE(0x10C4, 0x81A6) }, /* ThinkOptics WavIt */ +@@ -108,6 +111,9 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x826B) }, /* Cygnal Integrated Products, Inc., Fasttrax GPS demonstration module */ + { USB_DEVICE(0x10C4, 0x8281) }, /* Nanotec Plug & Drive */ + { USB_DEVICE(0x10C4, 0x8293) }, /* Telegesis ETRX2USB */ ++ { USB_DEVICE(0x10C4, 0x82EF) }, /* CESINEL FALCO 6105 AC Power Supply */ ++ { USB_DEVICE(0x10C4, 0x82F1) }, /* CESINEL MEDCAL EFD Earth Fault Detector */ ++ { USB_DEVICE(0x10C4, 0x82F2) }, /* CESINEL MEDCAL ST Network Analyzer */ + { USB_DEVICE(0x10C4, 0x82F4) }, /* Starizona MicroTouch */ + { USB_DEVICE(0x10C4, 0x82F9) }, /* Procyon AVS */ + { USB_DEVICE(0x10C4, 0x8341) }, /* Siemens MC35PU GPRS Modem */ +@@ -120,7 +126,9 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x8470) }, /* Juniper Networks BX Series System Console */ + { USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */ + { USB_DEVICE(0x10C4, 0x84B6) }, /* Starizona Hyperion */ ++ { USB_DEVICE(0x10C4, 0x851E) }, /* CESINEL MEDCAL PT Network Analyzer */ + { USB_DEVICE(0x10C4, 0x85A7) }, /* LifeScan OneTouch Verio IQ */ ++ { USB_DEVICE(0x10C4, 0x85B8) }, /* CESINEL ReCon T Energy Logger */ + { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */ + { USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */ + { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */ +@@ -130,17 +138,23 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x8857) }, /* CEL EM357 ZigBee USB Stick */ + { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */ ++ { USB_DEVICE(0x10C4, 0x88FB) }, /* CESINEL MEDCAL STII Network Analyzer */ ++ { USB_DEVICE(0x10C4, 0x8938) }, /* CESINEL MEDCAL S II Network Analyzer */ + { USB_DEVICE(0x10C4, 0x8946) }, /* Ketra N1 Wireless Interface */ + { USB_DEVICE(0x10C4, 0x8962) }, /* Brim Brothers charging dock */ + { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ + { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ ++ { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ + { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ + { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ + { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ + { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */ + { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */ ++ { USB_DEVICE(0x10C4, 0xEA63) }, /* Silicon Labs Windows Update (CP2101-4/CP2102N) */ + { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */ + { USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */ ++ { USB_DEVICE(0x10C4, 0xEA7A) }, /* Silicon Labs Windows Update (CP2105) */ ++ { USB_DEVICE(0x10C4, 0xEA7B) }, /* Silicon Labs Windows Update (CP2108) */ + { USB_DEVICE(0x10C4, 0xF001) }, /* Elan Digital Systems USBscope50 */ + { USB_DEVICE(0x10C4, 0xF002) }, /* Elan Digital Systems USBwave12 */ + { USB_DEVICE(0x10C4, 0xF003) }, /* Elan Digital Systems USBpulse100 */ +diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c +index 8632380d2b94..63aea21e6298 100644 +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -150,8 +150,14 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) + * greater than cifs socket timeout which is 7 seconds + */ + while (server->tcpStatus == CifsNeedReconnect) { +- wait_event_interruptible_timeout(server->response_q, +- (server->tcpStatus != CifsNeedReconnect), 10 * HZ); ++ rc = wait_event_interruptible_timeout(server->response_q, ++ (server->tcpStatus != CifsNeedReconnect), ++ 10 * HZ); ++ if (rc < 0) { ++ cifs_dbg(FYI, "%s: aborting reconnect due to a received" ++ " signal by the process\n", __func__); ++ return -ERESTARTSYS; ++ } + + /* are we still trying to reconnect? */ + if (server->tcpStatus != CifsNeedReconnect) +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c +index 807e989f436a..5f5ba807b414 100644 +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -158,7 +158,7 @@ out: + static int + smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) + { +- int rc = 0; ++ int rc; + struct nls_table *nls_codepage; + struct cifs_ses *ses; + struct TCP_Server_Info *server; +@@ -169,10 +169,10 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) + * for those three - in the calling routine. + */ + if (tcon == NULL) +- return rc; ++ return 0; + + if (smb2_command == SMB2_TREE_CONNECT) +- return rc; ++ return 0; + + if (tcon->tidStatus == CifsExiting) { + /* +@@ -215,8 +215,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) + return -EAGAIN; + } + +- wait_event_interruptible_timeout(server->response_q, +- (server->tcpStatus != CifsNeedReconnect), 10 * HZ); ++ rc = wait_event_interruptible_timeout(server->response_q, ++ (server->tcpStatus != CifsNeedReconnect), ++ 10 * HZ); ++ if (rc < 0) { ++ cifs_dbg(FYI, "%s: aborting reconnect due to a received" ++ " signal by the process\n", __func__); ++ return -ERESTARTSYS; ++ } + + /* are we still trying to reconnect? */ + if (server->tcpStatus != CifsNeedReconnect) +@@ -234,7 +240,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) + } + + if (!tcon->ses->need_reconnect && !tcon->need_reconnect) +- return rc; ++ return 0; + + nls_codepage = load_nls_default(); + +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c +index c57a94f1c198..092da164bdc0 100644 +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -183,7 +183,6 @@ static int ext4_init_block_bitmap(struct super_block *sb, + unsigned int bit, bit_max; + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t start, tmp; +- int flex_bg = 0; + struct ext4_group_info *grp; + + J_ASSERT_BH(bh, buffer_locked(bh)); +@@ -216,22 +215,19 @@ static int ext4_init_block_bitmap(struct super_block *sb, + + start = ext4_group_first_block_no(sb, block_group); + +- if (ext4_has_feature_flex_bg(sb)) +- flex_bg = 1; +- + /* Set bits for block and inode bitmaps, and inode table */ + tmp = ext4_block_bitmap(sb, gdp); +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + + tmp = ext4_inode_bitmap(sb, gdp); +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + + tmp = ext4_inode_table(sb, gdp); + for (; tmp < ext4_inode_table(sb, gdp) + + sbi->s_itb_per_group; tmp++) { +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + } + +@@ -454,7 +450,16 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) + goto verify; + } + ext4_lock_group(sb, block_group); +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { ++ if (block_group == 0) { ++ ext4_unlock_group(sb, block_group); ++ unlock_buffer(bh); ++ ext4_error(sb, "Block bitmap for bg 0 marked " ++ "uninitialized"); ++ err = -EFSCORRUPTED; ++ goto out; ++ } + err = ext4_init_block_bitmap(sb, bh, block_group, desc); + set_bitmap_uptodate(bh); + set_buffer_uptodate(bh); +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h +index c8ad14c697c4..f5d9f82b173a 100644 +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -1468,11 +1468,6 @@ static inline struct timespec ext4_current_time(struct inode *inode) + static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino) + { + return ino == EXT4_ROOT_INO || +- ino == EXT4_USR_QUOTA_INO || +- ino == EXT4_GRP_QUOTA_INO || +- ino == EXT4_BOOT_LOADER_INO || +- ino == EXT4_JOURNAL_INO || +- ino == EXT4_RESIZE_INO || + (ino >= EXT4_FIRST_INO(sb) && + ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)); + } +diff --git a/fs/ext4/ext4_extents.h b/fs/ext4/ext4_extents.h +index 3c9381547094..2d8e73793512 100644 +--- a/fs/ext4/ext4_extents.h ++++ b/fs/ext4/ext4_extents.h +@@ -103,6 +103,7 @@ struct ext4_extent_header { + }; + + #define EXT4_EXT_MAGIC cpu_to_le16(0xf30a) ++#define EXT4_MAX_EXTENT_DEPTH 5 + + #define EXT4_EXTENT_TAIL_OFFSET(hdr) \ + (sizeof(struct ext4_extent_header) + \ +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index 4705c21f9d03..1708597659a1 100644 +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -876,6 +876,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, + + eh = ext_inode_hdr(inode); + depth = ext_depth(inode); ++ if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) { ++ EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d", ++ depth); ++ ret = -EFSCORRUPTED; ++ goto err; ++ } + + if (path) { + ext4_ext_drop_refs(path); +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c +index 9fe55b7d4c2c..48d818eba9c3 100644 +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -152,7 +152,16 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) + } + + ext4_lock_group(sb, block_group); +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) { ++ if (block_group == 0) { ++ ext4_unlock_group(sb, block_group); ++ unlock_buffer(bh); ++ ext4_error(sb, "Inode bitmap for bg 0 marked " ++ "uninitialized"); ++ err = -EFSCORRUPTED; ++ goto out; ++ } + memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8); + ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), + sb->s_blocksize * 8, bh->b_data); +@@ -919,7 +928,8 @@ got: + + /* recheck and clear flag under lock if we still need to */ + ext4_lock_group(sb, group); +- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); + ext4_free_group_clusters_set(sb, gdp, + ext4_free_clusters_after_init(sb, group, gdp)); +diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c +index 3006b81c107f..e72f53a89764 100644 +--- a/fs/ext4/inline.c ++++ b/fs/ext4/inline.c +@@ -434,6 +434,7 @@ static int ext4_destroy_inline_data_nolock(handle_t *handle, + + memset((void *)ext4_raw_inode(&is.iloc)->i_block, + 0, EXT4_MIN_INLINE_DATA_SIZE); ++ memset(ei->i_data, 0, EXT4_MIN_INLINE_DATA_SIZE); + + if (ext4_has_feature_extents(inode->i_sb)) { + if (S_ISDIR(inode->i_mode) || +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 30efeb656c1e..b507de0e4bbf 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -380,9 +380,9 @@ static int __check_block_validity(struct inode *inode, const char *func, + if (!ext4_data_block_valid(EXT4_SB(inode->i_sb), map->m_pblk, + map->m_len)) { + ext4_error_inode(inode, func, line, map->m_pblk, +- "lblock %lu mapped to illegal pblock " ++ "lblock %lu mapped to illegal pblock %llu " + "(length %d)", (unsigned long) map->m_lblk, +- map->m_len); ++ map->m_pblk, map->m_len); + return -EFSCORRUPTED; + } + return 0; +@@ -3991,7 +3991,8 @@ static int __ext4_get_inode_loc(struct inode *inode, + int inodes_per_block, inode_offset; + + iloc->bh = NULL; +- if (!ext4_valid_inum(sb, inode->i_ino)) ++ if (inode->i_ino < EXT4_ROOT_INO || ++ inode->i_ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)) + return -EFSCORRUPTED; + + iloc->block_group = (inode->i_ino - 1) / EXT4_INODES_PER_GROUP(sb); +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c +index d98ff184d94a..75f79ff29ce0 100644 +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -2445,7 +2445,8 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group, + * initialize bb_free to be able to skip + * empty groups without initialization + */ +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + meta_group_info[i]->bb_free = + ext4_free_clusters_after_init(sb, group, desc); + } else { +@@ -2966,7 +2967,8 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac, + #endif + ext4_set_bits(bitmap_bh->b_data, ac->ac_b_ex.fe_start, + ac->ac_b_ex.fe_len); +- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); + ext4_free_group_clusters_set(sb, gdp, + ext4_free_clusters_after_init(sb, +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 0e0438b5ddbe..49af3c50b263 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2102,6 +2102,7 @@ static int ext4_check_descriptors(struct super_block *sb, + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); + ext4_fsblk_t last_block; ++ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; + ext4_fsblk_t block_bitmap; + ext4_fsblk_t inode_bitmap; + ext4_fsblk_t inode_table; +@@ -2134,6 +2135,14 @@ static int ext4_check_descriptors(struct super_block *sb, + if (!(sb->s_flags & MS_RDONLY)) + return 0; + } ++ if (block_bitmap >= sb_block + 1 && ++ block_bitmap <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Block bitmap for group %u overlaps " ++ "block group descriptors", i); ++ if (!(sb->s_flags & MS_RDONLY)) ++ return 0; ++ } + if (block_bitmap < first_block || block_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Block bitmap for group %u not in group " +@@ -2148,6 +2157,14 @@ static int ext4_check_descriptors(struct super_block *sb, + if (!(sb->s_flags & MS_RDONLY)) + return 0; + } ++ if (inode_bitmap >= sb_block + 1 && ++ inode_bitmap <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode bitmap for group %u overlaps " ++ "block group descriptors", i); ++ if (!(sb->s_flags & MS_RDONLY)) ++ return 0; ++ } + if (inode_bitmap < first_block || inode_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Inode bitmap for group %u not in group " +@@ -2162,6 +2179,14 @@ static int ext4_check_descriptors(struct super_block *sb, + if (!(sb->s_flags & MS_RDONLY)) + return 0; + } ++ if (inode_table >= sb_block + 1 && ++ inode_table <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode table for group %u overlaps " ++ "block group descriptors", i); ++ if (!(sb->s_flags & MS_RDONLY)) ++ return 0; ++ } + if (inode_table < first_block || + inode_table + sbi->s_itb_per_group - 1 > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " +@@ -2842,13 +2867,22 @@ static ext4_group_t ext4_has_uninit_itable(struct super_block *sb) + ext4_group_t group, ngroups = EXT4_SB(sb)->s_groups_count; + struct ext4_group_desc *gdp = NULL; + ++ if (!ext4_has_group_desc_csum(sb)) ++ return ngroups; ++ + for (group = 0; group < ngroups; group++) { + gdp = ext4_get_group_desc(sb, group, NULL); + if (!gdp) + continue; + +- if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))) ++ if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)) ++ continue; ++ if (group != 0) + break; ++ ext4_error(sb, "Inode table for bg 0 marked as " ++ "needing zeroing"); ++ if (sb->s_flags & MS_RDONLY) ++ return ngroups; + } + + return group; +@@ -3451,6 +3485,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + le32_to_cpu(es->s_log_block_size)); + goto failed_mount; + } ++ if (le32_to_cpu(es->s_log_cluster_size) > ++ (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { ++ ext4_msg(sb, KERN_ERR, ++ "Invalid log cluster size: %u", ++ le32_to_cpu(es->s_log_cluster_size)); ++ goto failed_mount; ++ } + + if (le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) > (blocksize / 4)) { + ext4_msg(sb, KERN_ERR, +@@ -3515,6 +3556,11 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + } else { + sbi->s_inode_size = le16_to_cpu(es->s_inode_size); + sbi->s_first_ino = le32_to_cpu(es->s_first_ino); ++ if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) { ++ ext4_msg(sb, KERN_ERR, "invalid first ino: %u", ++ sbi->s_first_ino); ++ goto failed_mount; ++ } + if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || + (!is_power_of_2(sbi->s_inode_size)) || + (sbi->s_inode_size > blocksize)) { +@@ -3591,13 +3637,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + "block size (%d)", clustersize, blocksize); + goto failed_mount; + } +- if (le32_to_cpu(es->s_log_cluster_size) > +- (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { +- ext4_msg(sb, KERN_ERR, +- "Invalid log cluster size: %u", +- le32_to_cpu(es->s_log_cluster_size)); +- goto failed_mount; +- } + sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) - + le32_to_cpu(es->s_log_block_size); + sbi->s_clusters_per_group = +@@ -3618,10 +3657,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + } + } else { + if (clustersize != blocksize) { +- ext4_warning(sb, "fragment/cluster size (%d) != " +- "block size (%d)", clustersize, +- blocksize); +- clustersize = blocksize; ++ ext4_msg(sb, KERN_ERR, ++ "fragment/cluster size (%d) != " ++ "block size (%d)", clustersize, blocksize); ++ goto failed_mount; + } + if (sbi->s_blocks_per_group > blocksize * 8) { + ext4_msg(sb, KERN_ERR, +@@ -3675,6 +3714,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + ext4_blocks_count(es)); + goto failed_mount; + } ++ if ((es->s_first_data_block == 0) && (es->s_log_block_size == 0) && ++ (sbi->s_cluster_ratio == 1)) { ++ ext4_msg(sb, KERN_WARNING, "bad geometry: first data " ++ "block is 0 with a 1k block and cluster size"); ++ goto failed_mount; ++ } ++ + blocks_count = (ext4_blocks_count(es) - + le32_to_cpu(es->s_first_data_block) + + EXT4_BLOCKS_PER_GROUP(sb) - 1); +@@ -3710,6 +3756,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + ret = -ENOMEM; + goto failed_mount; + } ++ if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) != ++ le32_to_cpu(es->s_inodes_count)) { ++ ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu", ++ le32_to_cpu(es->s_inodes_count), ++ ((u64)sbi->s_groups_count * sbi->s_inodes_per_group)); ++ ret = -EINVAL; ++ goto failed_mount; ++ } + + bgl_lock_init(sbi->s_blockgroup_lock); + +@@ -4388,6 +4442,14 @@ static int ext4_commit_super(struct super_block *sb, int sync) + + if (!sbh || block_device_ejected(sb)) + return error; ++ ++ /* ++ * The superblock bh should be mapped, but it might not be if the ++ * device was hot-removed. Not much we can do but fail the I/O. ++ */ ++ if (!buffer_mapped(sbh)) ++ return error; ++ + if (buffer_write_io_error(sbh)) { + /* + * Oh, dear. A previous attempt to write the +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c +index f3a31f55f372..bce343febb9e 100644 +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1363,6 +1363,13 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) + if (jh->b_transaction == transaction && + jh->b_jlist != BJ_Metadata) { + jbd_lock_bh_state(bh); ++ if (jh->b_transaction == transaction && ++ jh->b_jlist != BJ_Metadata) ++ pr_err("JBD2: assertion failure: h_type=%u " ++ "h_line_no=%u block_no=%llu jlist=%u\n", ++ handle->h_type, handle->h_line_no, ++ (unsigned long long) bh->b_blocknr, ++ jh->b_jlist); + J_ASSERT_JH(jh, jh->b_transaction != transaction || + jh->b_jlist == BJ_Metadata); + jbd_unlock_bh_state(bh); +@@ -1382,11 +1389,11 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) + * of the transaction. This needs to be done + * once a transaction -bzzz + */ +- jh->b_modified = 1; + if (handle->h_buffer_credits <= 0) { + ret = -ENOSPC; + goto out_unlock_bh; + } ++ jh->b_modified = 1; + handle->h_buffer_credits--; + } + +diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c +index 7fd6f5a26143..e212ec4cfb4e 100644 +--- a/kernel/trace/trace_functions_graph.c ++++ b/kernel/trace/trace_functions_graph.c +@@ -768,6 +768,7 @@ print_graph_entry_leaf(struct trace_iterator *iter, + struct ftrace_graph_ret *graph_ret; + struct ftrace_graph_ent *call; + unsigned long long duration; ++ int cpu = iter->cpu; + int i; + + graph_ret = &ret_entry->ret; +@@ -776,7 +777,6 @@ print_graph_entry_leaf(struct trace_iterator *iter, + + if (data) { + struct fgraph_cpu_data *cpu_data; +- int cpu = iter->cpu; + + cpu_data = per_cpu_ptr(data->cpu_data, cpu); + +@@ -806,6 +806,9 @@ print_graph_entry_leaf(struct trace_iterator *iter, + + trace_seq_printf(s, "%ps();\n", (void *)call->func); + ++ print_graph_irq(iter, graph_ret->func, TRACE_GRAPH_RET, ++ cpu, iter->ent->pid, flags); ++ + return trace_handle_return(s); + } + +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index 7294301d8495..a813b03021b7 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -2038,6 +2038,7 @@ static void __init gather_bootmem_prealloc(void) + */ + if (hstate_is_gigantic(h)) + adjust_managed_page_count(page, 1 << h->order); ++ cond_resched(); + } + } + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index a4c9cd80c7b6..fd75e27c9b40 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -3109,8 +3109,6 @@ retry: + * the allocation is high priority and these type of + * allocations are system rather than user orientated + */ +- ac->zonelist = node_zonelist(numa_node_id(), gfp_mask); +- + page = __alloc_pages_high_priority(gfp_mask, order, ac); + + if (page) { +diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c +index 9d144cbd4e62..03ebff3950d8 100644 +--- a/net/ipv4/fib_semantics.c ++++ b/net/ipv4/fib_semantics.c +@@ -980,7 +980,7 @@ fib_convert_metrics(struct fib_info *fi, const struct fib_config *cfg) + return -EINVAL; + } else { + if (nla_len(nla) != sizeof(u32)) +- return false; ++ return -EINVAL; + val = nla_get_u32(nla); + } + if (type == RTAX_ADVMSS && val > 65535 - 40) +diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c +index 2c89f90cd7bc..f94a2e1172f0 100644 +--- a/net/netfilter/nf_log.c ++++ b/net/netfilter/nf_log.c +@@ -422,14 +422,17 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write, + rcu_assign_pointer(net->nf.nf_loggers[tindex], logger); + mutex_unlock(&nf_log_mutex); + } else { ++ struct ctl_table tmp = *table; ++ ++ tmp.data = buf; + mutex_lock(&nf_log_mutex); + logger = nft_log_dereference(net->nf.nf_loggers[tindex]); + if (!logger) +- table->data = "NONE"; ++ strlcpy(buf, "NONE", sizeof(buf)); + else +- table->data = logger->name; +- r = proc_dostring(table, write, buffer, lenp, ppos); ++ strlcpy(buf, logger->name, sizeof(buf)); + mutex_unlock(&nf_log_mutex); ++ r = proc_dostring(&tmp, write, buffer, lenp, ppos); + } + + return r; +diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c +index f3695a497408..99bc2f87a974 100644 +--- a/net/netfilter/nf_tables_core.c ++++ b/net/netfilter/nf_tables_core.c +@@ -167,7 +167,8 @@ next_rule: + + switch (regs.verdict.code) { + case NFT_JUMP: +- BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); ++ if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE)) ++ return NF_DROP; + jumpstack[stackptr].chain = chain; + jumpstack[stackptr].rule = rule; + jumpstack[stackptr].rulenum = rulenum; diff --git a/patch/kernel/rk3328-default/04-patch-4.4.140-141.patch b/patch/kernel/rk3328-default/04-patch-4.4.140-141.patch new file mode 100644 index 0000000000..eec959a713 --- /dev/null +++ b/patch/kernel/rk3328-default/04-patch-4.4.140-141.patch @@ -0,0 +1,2989 @@ +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 4df6bd7d01ed..e60d0b5809c1 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -652,7 +652,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + + clearcpuid=BITNUM [X86] + Disable CPUID feature X for the kernel. See +- arch/x86/include/asm/cpufeature.h for the valid bit ++ arch/x86/include/asm/cpufeatures.h for the valid bit + numbers. Note the Linux specific bits are not necessarily + stable over kernel options, but the vendor specific + ones should be. +diff --git a/Makefile b/Makefile +index b842298a5970..3fc39e41dbde 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 140 ++SUBLEVEL = 141 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/mips/mm/ioremap.c b/arch/mips/mm/ioremap.c +index 8d5008cbdc0f..a853a83f2944 100644 +--- a/arch/mips/mm/ioremap.c ++++ b/arch/mips/mm/ioremap.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -97,6 +98,20 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, + return error; + } + ++static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, ++ void *arg) ++{ ++ unsigned long i; ++ ++ for (i = 0; i < nr_pages; i++) { ++ if (pfn_valid(start_pfn + i) && ++ !PageReserved(pfn_to_page(start_pfn + i))) ++ return 1; ++ } ++ ++ return 0; ++} ++ + /* + * Generic mapping function (not visible outside): + */ +@@ -115,8 +130,8 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, + + void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long flags) + { ++ unsigned long offset, pfn, last_pfn; + struct vm_struct * area; +- unsigned long offset; + phys_addr_t last_addr; + void * addr; + +@@ -136,18 +151,16 @@ void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long + return (void __iomem *) CKSEG1ADDR(phys_addr); + + /* +- * Don't allow anybody to remap normal RAM that we're using.. ++ * Don't allow anybody to remap RAM that may be allocated by the page ++ * allocator, since that could lead to races & data clobbering. + */ +- if (phys_addr < virt_to_phys(high_memory)) { +- char *t_addr, *t_end; +- struct page *page; +- +- t_addr = __va(phys_addr); +- t_end = t_addr + (size - 1); +- +- for(page = virt_to_page(t_addr); page <= virt_to_page(t_end); page++) +- if(!PageReserved(page)) +- return NULL; ++ pfn = PFN_DOWN(phys_addr); ++ last_pfn = PFN_DOWN(last_addr); ++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL, ++ __ioremap_check_ram) == 1) { ++ WARN_ONCE(1, "ioremap on RAM at %pa - %pa\n", ++ &phys_addr, &last_addr); ++ return NULL; + } + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index eab1ef25eecd..d9afe6d40550 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -346,6 +346,17 @@ config X86_FEATURE_NAMES + + If in doubt, say Y. + ++config X86_FAST_FEATURE_TESTS ++ bool "Fast CPU feature tests" if EMBEDDED ++ default y ++ ---help--- ++ Some fast-paths in the kernel depend on the capabilities of the CPU. ++ Say Y here for the kernel to patch in the appropriate code at runtime ++ based on the capabilities of the CPU. The infrastructure for patching ++ code at runtime takes up some additional space; space-constrained ++ embedded systems may wish to say N here to produce smaller, slightly ++ slower code. ++ + config X86_X2APIC + bool "Support x2apic" + depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST) +diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug +index da00fe1f48f4..2aa212fb0faf 100644 +--- a/arch/x86/Kconfig.debug ++++ b/arch/x86/Kconfig.debug +@@ -367,16 +367,6 @@ config DEBUG_IMR_SELFTEST + + If unsure say N here. + +-config X86_DEBUG_STATIC_CPU_HAS +- bool "Debug alternatives" +- depends on DEBUG_KERNEL +- ---help--- +- This option causes additional code to be generated which +- fails if static_cpu_has() is used before alternatives have +- run. +- +- If unsure, say N. +- + config X86_DEBUG_FPU + bool "Debug the x86 FPU code" + depends on DEBUG_KERNEL +diff --git a/arch/x86/boot/cpuflags.h b/arch/x86/boot/cpuflags.h +index ea97697e51e4..4cb404fd45ce 100644 +--- a/arch/x86/boot/cpuflags.h ++++ b/arch/x86/boot/cpuflags.h +@@ -1,7 +1,7 @@ + #ifndef BOOT_CPUFLAGS_H + #define BOOT_CPUFLAGS_H + +-#include ++#include + #include + + struct cpu_features { +diff --git a/arch/x86/boot/mkcpustr.c b/arch/x86/boot/mkcpustr.c +index 637097e66a62..f72498dc90d2 100644 +--- a/arch/x86/boot/mkcpustr.c ++++ b/arch/x86/boot/mkcpustr.c +@@ -17,7 +17,7 @@ + + #include "../include/asm/required-features.h" + #include "../include/asm/disabled-features.h" +-#include "../include/asm/cpufeature.h" ++#include "../include/asm/cpufeatures.h" + #include "../kernel/cpu/capflags.c" + + int main(void) +diff --git a/arch/x86/crypto/crc32-pclmul_glue.c b/arch/x86/crypto/crc32-pclmul_glue.c +index 07d2c6c86a54..27226df3f7d8 100644 +--- a/arch/x86/crypto/crc32-pclmul_glue.c ++++ b/arch/x86/crypto/crc32-pclmul_glue.c +@@ -33,7 +33,7 @@ + #include + #include + +-#include ++#include + #include + #include + +diff --git a/arch/x86/crypto/crc32c-intel_glue.c b/arch/x86/crypto/crc32c-intel_glue.c +index 15f5c7675d42..715399b14ed7 100644 +--- a/arch/x86/crypto/crc32c-intel_glue.c ++++ b/arch/x86/crypto/crc32c-intel_glue.c +@@ -30,7 +30,7 @@ + #include + #include + +-#include ++#include + #include + #include + +diff --git a/arch/x86/crypto/crct10dif-pclmul_glue.c b/arch/x86/crypto/crct10dif-pclmul_glue.c +index a3fcfc97a311..cd4df9322501 100644 +--- a/arch/x86/crypto/crct10dif-pclmul_glue.c ++++ b/arch/x86/crypto/crct10dif-pclmul_glue.c +@@ -30,7 +30,7 @@ + #include + #include + #include +-#include ++#include + #include + + asmlinkage __u16 crc_t10dif_pcl(__u16 crc, const unsigned char *buf, +diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c +index b5eb1cca70a0..071582a3b5c0 100644 +--- a/arch/x86/entry/common.c ++++ b/arch/x86/entry/common.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + #define CREATE_TRACE_POINTS + #include +diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S +index d437f3871e53..49a8c9f7a379 100644 +--- a/arch/x86/entry/entry_32.S ++++ b/arch/x86/entry/entry_32.S +@@ -40,7 +40,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/entry/vdso/vdso32-setup.c b/arch/x86/entry/vdso/vdso32-setup.c +index a7508d7e20b7..3f9d1a83891a 100644 +--- a/arch/x86/entry/vdso/vdso32-setup.c ++++ b/arch/x86/entry/vdso/vdso32-setup.c +@@ -11,7 +11,6 @@ + #include + #include + +-#include + #include + #include + +diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso/vdso32/system_call.S +index 3a1d9297074b..0109ac6cb79c 100644 +--- a/arch/x86/entry/vdso/vdso32/system_call.S ++++ b/arch/x86/entry/vdso/vdso32/system_call.S +@@ -3,7 +3,7 @@ + */ + + #include +-#include ++#include + #include + + /* +diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c +index b8f69e264ac4..6b46648588d8 100644 +--- a/arch/x86/entry/vdso/vma.c ++++ b/arch/x86/entry/vdso/vma.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + #if defined(CONFIG_X86_64) + unsigned int __read_mostly vdso64_enabled = 1; +@@ -254,7 +255,7 @@ static void vgetcpu_cpu_init(void *arg) + #ifdef CONFIG_NUMA + node = cpu_to_node(cpu); + #endif +- if (cpu_has(&cpu_data(cpu), X86_FEATURE_RDTSCP)) ++ if (static_cpu_has(X86_FEATURE_RDTSCP)) + write_rdtscp_aux((node << 12) | cpu); + + /* +diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h +index 215ea9214215..002fcd901f07 100644 +--- a/arch/x86/include/asm/alternative.h ++++ b/arch/x86/include/asm/alternative.h +@@ -153,12 +153,6 @@ static inline int alternatives_text_reserved(void *start, void *end) + ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \ + ".popsection\n" + +-/* +- * This must be included *after* the definition of ALTERNATIVE due to +- * +- */ +-#include +- + /* + * Alternative instructions for different CPU types or capabilities. + * +diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h +index 163769d82475..fd810a57ab1b 100644 +--- a/arch/x86/include/asm/apic.h ++++ b/arch/x86/include/asm/apic.h +@@ -6,7 +6,6 @@ + + #include + #include +-#include + #include + #include + #include +diff --git a/arch/x86/include/asm/arch_hweight.h b/arch/x86/include/asm/arch_hweight.h +index 44f825c80ed5..e7cd63175de4 100644 +--- a/arch/x86/include/asm/arch_hweight.h ++++ b/arch/x86/include/asm/arch_hweight.h +@@ -1,6 +1,8 @@ + #ifndef _ASM_X86_HWEIGHT_H + #define _ASM_X86_HWEIGHT_H + ++#include ++ + #ifdef CONFIG_64BIT + /* popcnt %edi, %eax */ + #define POPCNT32 ".byte 0xf3,0x0f,0xb8,0xc7" +diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h +index ae5fb83e6d91..3e8674288198 100644 +--- a/arch/x86/include/asm/atomic.h ++++ b/arch/x86/include/asm/atomic.h +@@ -3,7 +3,6 @@ + + #include + #include +-#include + #include + #include + #include +diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h +index a11c30b77fb5..a984111135b1 100644 +--- a/arch/x86/include/asm/atomic64_32.h ++++ b/arch/x86/include/asm/atomic64_32.h +@@ -3,7 +3,6 @@ + + #include + #include +-#include + //#include + + /* An 64bit atomic type */ +diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h +index ad19841eddfe..9733361fed6f 100644 +--- a/arch/x86/include/asm/cmpxchg.h ++++ b/arch/x86/include/asm/cmpxchg.h +@@ -2,6 +2,7 @@ + #define ASM_X86_CMPXCHG_H + + #include ++#include + #include /* Provides LOCK_PREFIX */ + + /* +diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h +index 232621c5e859..dd0089841a0f 100644 +--- a/arch/x86/include/asm/cpufeature.h ++++ b/arch/x86/include/asm/cpufeature.h +@@ -1,294 +1,35 @@ +-/* +- * Defines x86 CPU feature bits +- */ + #ifndef _ASM_X86_CPUFEATURE_H + #define _ASM_X86_CPUFEATURE_H + +-#ifndef _ASM_X86_REQUIRED_FEATURES_H +-#include +-#endif +- +-#ifndef _ASM_X86_DISABLED_FEATURES_H +-#include +-#endif +- +-#define NCAPINTS 14 /* N 32-bit words worth of info */ +-#define NBUGINTS 1 /* N 32-bit bug flags */ +- +-/* +- * Note: If the comment begins with a quoted string, that string is used +- * in /proc/cpuinfo instead of the macro name. If the string is "", +- * this feature bit is not displayed in /proc/cpuinfo at all. +- */ +- +-/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */ +-#define X86_FEATURE_FPU ( 0*32+ 0) /* Onboard FPU */ +-#define X86_FEATURE_VME ( 0*32+ 1) /* Virtual Mode Extensions */ +-#define X86_FEATURE_DE ( 0*32+ 2) /* Debugging Extensions */ +-#define X86_FEATURE_PSE ( 0*32+ 3) /* Page Size Extensions */ +-#define X86_FEATURE_TSC ( 0*32+ 4) /* Time Stamp Counter */ +-#define X86_FEATURE_MSR ( 0*32+ 5) /* Model-Specific Registers */ +-#define X86_FEATURE_PAE ( 0*32+ 6) /* Physical Address Extensions */ +-#define X86_FEATURE_MCE ( 0*32+ 7) /* Machine Check Exception */ +-#define X86_FEATURE_CX8 ( 0*32+ 8) /* CMPXCHG8 instruction */ +-#define X86_FEATURE_APIC ( 0*32+ 9) /* Onboard APIC */ +-#define X86_FEATURE_SEP ( 0*32+11) /* SYSENTER/SYSEXIT */ +-#define X86_FEATURE_MTRR ( 0*32+12) /* Memory Type Range Registers */ +-#define X86_FEATURE_PGE ( 0*32+13) /* Page Global Enable */ +-#define X86_FEATURE_MCA ( 0*32+14) /* Machine Check Architecture */ +-#define X86_FEATURE_CMOV ( 0*32+15) /* CMOV instructions */ +- /* (plus FCMOVcc, FCOMI with FPU) */ +-#define X86_FEATURE_PAT ( 0*32+16) /* Page Attribute Table */ +-#define X86_FEATURE_PSE36 ( 0*32+17) /* 36-bit PSEs */ +-#define X86_FEATURE_PN ( 0*32+18) /* Processor serial number */ +-#define X86_FEATURE_CLFLUSH ( 0*32+19) /* CLFLUSH instruction */ +-#define X86_FEATURE_DS ( 0*32+21) /* "dts" Debug Store */ +-#define X86_FEATURE_ACPI ( 0*32+22) /* ACPI via MSR */ +-#define X86_FEATURE_MMX ( 0*32+23) /* Multimedia Extensions */ +-#define X86_FEATURE_FXSR ( 0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */ +-#define X86_FEATURE_XMM ( 0*32+25) /* "sse" */ +-#define X86_FEATURE_XMM2 ( 0*32+26) /* "sse2" */ +-#define X86_FEATURE_SELFSNOOP ( 0*32+27) /* "ss" CPU self snoop */ +-#define X86_FEATURE_HT ( 0*32+28) /* Hyper-Threading */ +-#define X86_FEATURE_ACC ( 0*32+29) /* "tm" Automatic clock control */ +-#define X86_FEATURE_IA64 ( 0*32+30) /* IA-64 processor */ +-#define X86_FEATURE_PBE ( 0*32+31) /* Pending Break Enable */ +- +-/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */ +-/* Don't duplicate feature flags which are redundant with Intel! */ +-#define X86_FEATURE_SYSCALL ( 1*32+11) /* SYSCALL/SYSRET */ +-#define X86_FEATURE_MP ( 1*32+19) /* MP Capable. */ +-#define X86_FEATURE_NX ( 1*32+20) /* Execute Disable */ +-#define X86_FEATURE_MMXEXT ( 1*32+22) /* AMD MMX extensions */ +-#define X86_FEATURE_FXSR_OPT ( 1*32+25) /* FXSAVE/FXRSTOR optimizations */ +-#define X86_FEATURE_GBPAGES ( 1*32+26) /* "pdpe1gb" GB pages */ +-#define X86_FEATURE_RDTSCP ( 1*32+27) /* RDTSCP */ +-#define X86_FEATURE_LM ( 1*32+29) /* Long Mode (x86-64) */ +-#define X86_FEATURE_3DNOWEXT ( 1*32+30) /* AMD 3DNow! extensions */ +-#define X86_FEATURE_3DNOW ( 1*32+31) /* 3DNow! */ +- +-/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */ +-#define X86_FEATURE_RECOVERY ( 2*32+ 0) /* CPU in recovery mode */ +-#define X86_FEATURE_LONGRUN ( 2*32+ 1) /* Longrun power control */ +-#define X86_FEATURE_LRTI ( 2*32+ 3) /* LongRun table interface */ +- +-/* Other features, Linux-defined mapping, word 3 */ +-/* This range is used for feature bits which conflict or are synthesized */ +-#define X86_FEATURE_CXMMX ( 3*32+ 0) /* Cyrix MMX extensions */ +-#define X86_FEATURE_K6_MTRR ( 3*32+ 1) /* AMD K6 nonstandard MTRRs */ +-#define X86_FEATURE_CYRIX_ARR ( 3*32+ 2) /* Cyrix ARRs (= MTRRs) */ +-#define X86_FEATURE_CENTAUR_MCR ( 3*32+ 3) /* Centaur MCRs (= MTRRs) */ +-/* cpu types for specific tunings: */ +-#define X86_FEATURE_K8 ( 3*32+ 4) /* "" Opteron, Athlon64 */ +-#define X86_FEATURE_K7 ( 3*32+ 5) /* "" Athlon */ +-#define X86_FEATURE_P3 ( 3*32+ 6) /* "" P3 */ +-#define X86_FEATURE_P4 ( 3*32+ 7) /* "" P4 */ +-#define X86_FEATURE_CONSTANT_TSC ( 3*32+ 8) /* TSC ticks at a constant rate */ +-#define X86_FEATURE_UP ( 3*32+ 9) /* smp kernel running on up */ +-/* free, was #define X86_FEATURE_FXSAVE_LEAK ( 3*32+10) * "" FXSAVE leaks FOP/FIP/FOP */ +-#define X86_FEATURE_ARCH_PERFMON ( 3*32+11) /* Intel Architectural PerfMon */ +-#define X86_FEATURE_PEBS ( 3*32+12) /* Precise-Event Based Sampling */ +-#define X86_FEATURE_BTS ( 3*32+13) /* Branch Trace Store */ +-#define X86_FEATURE_SYSCALL32 ( 3*32+14) /* "" syscall in ia32 userspace */ +-#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in ia32 userspace */ +-#define X86_FEATURE_REP_GOOD ( 3*32+16) /* rep microcode works well */ +-#define X86_FEATURE_MFENCE_RDTSC ( 3*32+17) /* "" Mfence synchronizes RDTSC */ +-#define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) /* "" Lfence synchronizes RDTSC */ +-/* free, was #define X86_FEATURE_11AP ( 3*32+19) * "" Bad local APIC aka 11AP */ +-#define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */ +-#define X86_FEATURE_ALWAYS ( 3*32+21) /* "" Always-present feature */ +-#define X86_FEATURE_XTOPOLOGY ( 3*32+22) /* cpu topology enum extensions */ +-#define X86_FEATURE_TSC_RELIABLE ( 3*32+23) /* TSC is known to be reliable */ +-#define X86_FEATURE_NONSTOP_TSC ( 3*32+24) /* TSC does not stop in C states */ +-/* free, was #define X86_FEATURE_CLFLUSH_MONITOR ( 3*32+25) * "" clflush reqd with monitor */ +-#define X86_FEATURE_EXTD_APICID ( 3*32+26) /* has extended APICID (8 bits) */ +-#define X86_FEATURE_AMD_DCM ( 3*32+27) /* multi-node processor */ +-#define X86_FEATURE_APERFMPERF ( 3*32+28) /* APERFMPERF */ +-/* free, was #define X86_FEATURE_EAGER_FPU ( 3*32+29) * "eagerfpu" Non lazy FPU restore */ +-#define X86_FEATURE_NONSTOP_TSC_S3 ( 3*32+30) /* TSC doesn't stop in S3 state */ +- +-/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */ +-#define X86_FEATURE_XMM3 ( 4*32+ 0) /* "pni" SSE-3 */ +-#define X86_FEATURE_PCLMULQDQ ( 4*32+ 1) /* PCLMULQDQ instruction */ +-#define X86_FEATURE_DTES64 ( 4*32+ 2) /* 64-bit Debug Store */ +-#define X86_FEATURE_MWAIT ( 4*32+ 3) /* "monitor" Monitor/Mwait support */ +-#define X86_FEATURE_DSCPL ( 4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */ +-#define X86_FEATURE_VMX ( 4*32+ 5) /* Hardware virtualization */ +-#define X86_FEATURE_SMX ( 4*32+ 6) /* Safer mode */ +-#define X86_FEATURE_EST ( 4*32+ 7) /* Enhanced SpeedStep */ +-#define X86_FEATURE_TM2 ( 4*32+ 8) /* Thermal Monitor 2 */ +-#define X86_FEATURE_SSSE3 ( 4*32+ 9) /* Supplemental SSE-3 */ +-#define X86_FEATURE_CID ( 4*32+10) /* Context ID */ +-#define X86_FEATURE_SDBG ( 4*32+11) /* Silicon Debug */ +-#define X86_FEATURE_FMA ( 4*32+12) /* Fused multiply-add */ +-#define X86_FEATURE_CX16 ( 4*32+13) /* CMPXCHG16B */ +-#define X86_FEATURE_XTPR ( 4*32+14) /* Send Task Priority Messages */ +-#define X86_FEATURE_PDCM ( 4*32+15) /* Performance Capabilities */ +-#define X86_FEATURE_PCID ( 4*32+17) /* Process Context Identifiers */ +-#define X86_FEATURE_DCA ( 4*32+18) /* Direct Cache Access */ +-#define X86_FEATURE_XMM4_1 ( 4*32+19) /* "sse4_1" SSE-4.1 */ +-#define X86_FEATURE_XMM4_2 ( 4*32+20) /* "sse4_2" SSE-4.2 */ +-#define X86_FEATURE_X2APIC ( 4*32+21) /* x2APIC */ +-#define X86_FEATURE_MOVBE ( 4*32+22) /* MOVBE instruction */ +-#define X86_FEATURE_POPCNT ( 4*32+23) /* POPCNT instruction */ +-#define X86_FEATURE_TSC_DEADLINE_TIMER ( 4*32+24) /* Tsc deadline timer */ +-#define X86_FEATURE_AES ( 4*32+25) /* AES instructions */ +-#define X86_FEATURE_XSAVE ( 4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */ +-#define X86_FEATURE_OSXSAVE ( 4*32+27) /* "" XSAVE enabled in the OS */ +-#define X86_FEATURE_AVX ( 4*32+28) /* Advanced Vector Extensions */ +-#define X86_FEATURE_F16C ( 4*32+29) /* 16-bit fp conversions */ +-#define X86_FEATURE_RDRAND ( 4*32+30) /* The RDRAND instruction */ +-#define X86_FEATURE_HYPERVISOR ( 4*32+31) /* Running on a hypervisor */ +- +-/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */ +-#define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ +-#define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ +-#define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ +-#define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enabled */ +-#define X86_FEATURE_ACE2 ( 5*32+ 8) /* Advanced Cryptography Engine v2 */ +-#define X86_FEATURE_ACE2_EN ( 5*32+ 9) /* ACE v2 enabled */ +-#define X86_FEATURE_PHE ( 5*32+10) /* PadLock Hash Engine */ +-#define X86_FEATURE_PHE_EN ( 5*32+11) /* PHE enabled */ +-#define X86_FEATURE_PMM ( 5*32+12) /* PadLock Montgomery Multiplier */ +-#define X86_FEATURE_PMM_EN ( 5*32+13) /* PMM enabled */ +- +-/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */ +-#define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* LAHF/SAHF in long mode */ +-#define X86_FEATURE_CMP_LEGACY ( 6*32+ 1) /* If yes HyperThreading not valid */ +-#define X86_FEATURE_SVM ( 6*32+ 2) /* Secure virtual machine */ +-#define X86_FEATURE_EXTAPIC ( 6*32+ 3) /* Extended APIC space */ +-#define X86_FEATURE_CR8_LEGACY ( 6*32+ 4) /* CR8 in 32-bit mode */ +-#define X86_FEATURE_ABM ( 6*32+ 5) /* Advanced bit manipulation */ +-#define X86_FEATURE_SSE4A ( 6*32+ 6) /* SSE-4A */ +-#define X86_FEATURE_MISALIGNSSE ( 6*32+ 7) /* Misaligned SSE mode */ +-#define X86_FEATURE_3DNOWPREFETCH ( 6*32+ 8) /* 3DNow prefetch instructions */ +-#define X86_FEATURE_OSVW ( 6*32+ 9) /* OS Visible Workaround */ +-#define X86_FEATURE_IBS ( 6*32+10) /* Instruction Based Sampling */ +-#define X86_FEATURE_XOP ( 6*32+11) /* extended AVX instructions */ +-#define X86_FEATURE_SKINIT ( 6*32+12) /* SKINIT/STGI instructions */ +-#define X86_FEATURE_WDT ( 6*32+13) /* Watchdog timer */ +-#define X86_FEATURE_LWP ( 6*32+15) /* Light Weight Profiling */ +-#define X86_FEATURE_FMA4 ( 6*32+16) /* 4 operands MAC instructions */ +-#define X86_FEATURE_TCE ( 6*32+17) /* translation cache extension */ +-#define X86_FEATURE_NODEID_MSR ( 6*32+19) /* NodeId MSR */ +-#define X86_FEATURE_TBM ( 6*32+21) /* trailing bit manipulations */ +-#define X86_FEATURE_TOPOEXT ( 6*32+22) /* topology extensions CPUID leafs */ +-#define X86_FEATURE_PERFCTR_CORE ( 6*32+23) /* core performance counter extensions */ +-#define X86_FEATURE_PERFCTR_NB ( 6*32+24) /* NB performance counter extensions */ +-#define X86_FEATURE_BPEXT (6*32+26) /* data breakpoint extension */ +-#define X86_FEATURE_PERFCTR_L2 ( 6*32+28) /* L2 performance counter extensions */ +-#define X86_FEATURE_MWAITX ( 6*32+29) /* MWAIT extension (MONITORX/MWAITX) */ +- +-/* +- * Auxiliary flags: Linux defined - For features scattered in various +- * CPUID levels like 0x6, 0xA etc, word 7 +- */ +-#define X86_FEATURE_IDA ( 7*32+ 0) /* Intel Dynamic Acceleration */ +-#define X86_FEATURE_ARAT ( 7*32+ 1) /* Always Running APIC Timer */ +-#define X86_FEATURE_CPB ( 7*32+ 2) /* AMD Core Performance Boost */ +-#define X86_FEATURE_EPB ( 7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */ +-#define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 4) /* Effectively INVPCID && CR4.PCIDE=1 */ +-#define X86_FEATURE_PLN ( 7*32+ 5) /* Intel Power Limit Notification */ +-#define X86_FEATURE_PTS ( 7*32+ 6) /* Intel Package Thermal Status */ +-#define X86_FEATURE_DTHERM ( 7*32+ 7) /* Digital Thermal Sensor */ +-#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ +-#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ +-#define X86_FEATURE_HWP ( 7*32+ 10) /* "hwp" Intel HWP */ +-#define X86_FEATURE_HWP_NOTIFY ( 7*32+ 11) /* Intel HWP_NOTIFY */ +-#define X86_FEATURE_HWP_ACT_WINDOW ( 7*32+ 12) /* Intel HWP_ACT_WINDOW */ +-#define X86_FEATURE_HWP_EPP ( 7*32+13) /* Intel HWP_EPP */ +-#define X86_FEATURE_HWP_PKG_REQ ( 7*32+14) /* Intel HWP_PKG_REQ */ +-#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ +-#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ +- +-#define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */ +-#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */ +-/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ +-#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ +- +-/* Virtualization flags: Linux defined, word 8 */ +-#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ +-#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */ +-#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */ +-#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */ +-#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */ +-#define X86_FEATURE_NPT ( 8*32+ 5) /* AMD Nested Page Table support */ +-#define X86_FEATURE_LBRV ( 8*32+ 6) /* AMD LBR Virtualization support */ +-#define X86_FEATURE_SVML ( 8*32+ 7) /* "svm_lock" AMD SVM locking MSR */ +-#define X86_FEATURE_NRIPS ( 8*32+ 8) /* "nrip_save" AMD SVM next_rip save */ +-#define X86_FEATURE_TSCRATEMSR ( 8*32+ 9) /* "tsc_scale" AMD TSC scaling support */ +-#define X86_FEATURE_VMCBCLEAN ( 8*32+10) /* "vmcb_clean" AMD VMCB clean bits support */ +-#define X86_FEATURE_FLUSHBYASID ( 8*32+11) /* AMD flush-by-ASID support */ +-#define X86_FEATURE_DECODEASSISTS ( 8*32+12) /* AMD Decode Assists support */ +-#define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */ +-#define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */ +-#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */ +-#define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */ +- +- +-/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ +-#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ +-#define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3b */ +-#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ +-#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ +-#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ +-#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */ +-#define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */ +-#define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */ +-#define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */ +-#define X86_FEATURE_RTM ( 9*32+11) /* Restricted Transactional Memory */ +-#define X86_FEATURE_CQM ( 9*32+12) /* Cache QoS Monitoring */ +-#define X86_FEATURE_MPX ( 9*32+14) /* Memory Protection Extension */ +-#define X86_FEATURE_AVX512F ( 9*32+16) /* AVX-512 Foundation */ +-#define X86_FEATURE_RDSEED ( 9*32+18) /* The RDSEED instruction */ +-#define X86_FEATURE_ADX ( 9*32+19) /* The ADCX and ADOX instructions */ +-#define X86_FEATURE_SMAP ( 9*32+20) /* Supervisor Mode Access Prevention */ +-#define X86_FEATURE_PCOMMIT ( 9*32+22) /* PCOMMIT instruction */ +-#define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ +-#define X86_FEATURE_CLWB ( 9*32+24) /* CLWB instruction */ +-#define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ +-#define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ +-#define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ +-#define X86_FEATURE_SHA_NI ( 9*32+29) /* SHA1/SHA256 Instruction Extensions */ +- +-/* Extended state features, CPUID level 0x0000000d:1 (eax), word 10 */ +-#define X86_FEATURE_XSAVEOPT (10*32+ 0) /* XSAVEOPT */ +-#define X86_FEATURE_XSAVEC (10*32+ 1) /* XSAVEC */ +-#define X86_FEATURE_XGETBV1 (10*32+ 2) /* XGETBV with ECX = 1 */ +-#define X86_FEATURE_XSAVES (10*32+ 3) /* XSAVES/XRSTORS */ +- +-/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:0 (edx), word 11 */ +-#define X86_FEATURE_CQM_LLC (11*32+ 1) /* LLC QoS if 1 */ +- +-/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:1 (edx), word 12 */ +-#define X86_FEATURE_CQM_OCCUP_LLC (12*32+ 0) /* LLC occupancy monitoring if 1 */ +- +-/* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */ +-#define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */ +- +-/* +- * BUG word(s) +- */ +-#define X86_BUG(x) (NCAPINTS*32 + (x)) +- +-#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */ +-#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */ +-#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */ +-#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */ +-#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */ +-#define X86_BUG_11AP X86_BUG(5) /* Bad local APIC aka 11AP */ +-#define X86_BUG_FXSAVE_LEAK X86_BUG(6) /* FXSAVE leaks FOP/FIP/FOP */ +-#define X86_BUG_CLFLUSH_MONITOR X86_BUG(7) /* AAI65, CLFLUSH required before MONITOR */ +-#define X86_BUG_SYSRET_SS_ATTRS X86_BUG(8) /* SYSRET doesn't fix up SS attrs */ +-#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ +-#define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ +-#define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ ++#include + + #if defined(__KERNEL__) && !defined(__ASSEMBLY__) + + #include + #include + ++enum cpuid_leafs ++{ ++ CPUID_1_EDX = 0, ++ CPUID_8000_0001_EDX, ++ CPUID_8086_0001_EDX, ++ CPUID_LNX_1, ++ CPUID_1_ECX, ++ CPUID_C000_0001_EDX, ++ CPUID_8000_0001_ECX, ++ CPUID_LNX_2, ++ CPUID_LNX_3, ++ CPUID_7_0_EBX, ++ CPUID_D_1_EAX, ++ CPUID_F_0_EDX, ++ CPUID_F_1_EDX, ++ CPUID_8000_0008_EBX, ++ CPUID_6_EAX, ++ CPUID_8000_000A_EDX, ++ CPUID_7_ECX, ++ CPUID_8000_0007_EBX, ++}; ++ + #ifdef CONFIG_X86_FEATURE_NAMES + extern const char * const x86_cap_flags[NCAPINTS*32]; + extern const char * const x86_power_flags[32]; +@@ -308,29 +49,59 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; + #define test_cpu_cap(c, bit) \ + test_bit(bit, (unsigned long *)((c)->x86_capability)) + +-#define REQUIRED_MASK_BIT_SET(bit) \ +- ( (((bit)>>5)==0 && (1UL<<((bit)&31) & REQUIRED_MASK0)) || \ +- (((bit)>>5)==1 && (1UL<<((bit)&31) & REQUIRED_MASK1)) || \ +- (((bit)>>5)==2 && (1UL<<((bit)&31) & REQUIRED_MASK2)) || \ +- (((bit)>>5)==3 && (1UL<<((bit)&31) & REQUIRED_MASK3)) || \ +- (((bit)>>5)==4 && (1UL<<((bit)&31) & REQUIRED_MASK4)) || \ +- (((bit)>>5)==5 && (1UL<<((bit)&31) & REQUIRED_MASK5)) || \ +- (((bit)>>5)==6 && (1UL<<((bit)&31) & REQUIRED_MASK6)) || \ +- (((bit)>>5)==7 && (1UL<<((bit)&31) & REQUIRED_MASK7)) || \ +- (((bit)>>5)==8 && (1UL<<((bit)&31) & REQUIRED_MASK8)) || \ +- (((bit)>>5)==9 && (1UL<<((bit)&31) & REQUIRED_MASK9)) ) +- +-#define DISABLED_MASK_BIT_SET(bit) \ +- ( (((bit)>>5)==0 && (1UL<<((bit)&31) & DISABLED_MASK0)) || \ +- (((bit)>>5)==1 && (1UL<<((bit)&31) & DISABLED_MASK1)) || \ +- (((bit)>>5)==2 && (1UL<<((bit)&31) & DISABLED_MASK2)) || \ +- (((bit)>>5)==3 && (1UL<<((bit)&31) & DISABLED_MASK3)) || \ +- (((bit)>>5)==4 && (1UL<<((bit)&31) & DISABLED_MASK4)) || \ +- (((bit)>>5)==5 && (1UL<<((bit)&31) & DISABLED_MASK5)) || \ +- (((bit)>>5)==6 && (1UL<<((bit)&31) & DISABLED_MASK6)) || \ +- (((bit)>>5)==7 && (1UL<<((bit)&31) & DISABLED_MASK7)) || \ +- (((bit)>>5)==8 && (1UL<<((bit)&31) & DISABLED_MASK8)) || \ +- (((bit)>>5)==9 && (1UL<<((bit)&31) & DISABLED_MASK9)) ) ++/* ++ * There are 32 bits/features in each mask word. The high bits ++ * (selected with (bit>>5) give us the word number and the low 5 ++ * bits give us the bit/feature number inside the word. ++ * (1UL<<((bit)&31) gives us a mask for the feature_bit so we can ++ * see if it is set in the mask word. ++ */ ++#define CHECK_BIT_IN_MASK_WORD(maskname, word, bit) \ ++ (((bit)>>5)==(word) && (1UL<<((bit)&31) & maskname##word )) ++ ++#define REQUIRED_MASK_BIT_SET(feature_bit) \ ++ ( CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 0, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 1, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 2, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 3, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 4, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 5, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 6, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 7, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 8, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 9, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 10, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 11, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 12, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 13, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 14, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 15, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 16, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) || \ ++ REQUIRED_MASK_CHECK || \ ++ BUILD_BUG_ON_ZERO(NCAPINTS != 18)) ++ ++#define DISABLED_MASK_BIT_SET(feature_bit) \ ++ ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 1, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 2, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 3, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 4, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 5, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 6, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 7, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 8, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 9, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 10, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 11, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 12, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 13, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 14, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 15, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 16, feature_bit) || \ ++ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) || \ ++ DISABLED_MASK_CHECK || \ ++ BUILD_BUG_ON_ZERO(NCAPINTS != 18)) + + #define cpu_has(c, bit) \ + (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \ +@@ -349,8 +120,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; + * is not relevant. + */ + #define cpu_feature_enabled(bit) \ +- (__builtin_constant_p(bit) && DISABLED_MASK_BIT_SET(bit) ? 0 : \ +- cpu_has(&boot_cpu_data, bit)) ++ (__builtin_constant_p(bit) && DISABLED_MASK_BIT_SET(bit) ? 0 : static_cpu_has(bit)) + + #define boot_cpu_has(bit) cpu_has(&boot_cpu_data, bit) + +@@ -388,106 +158,19 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; + #define cpu_has_osxsave boot_cpu_has(X86_FEATURE_OSXSAVE) + #define cpu_has_hypervisor boot_cpu_has(X86_FEATURE_HYPERVISOR) + /* +- * Do not add any more of those clumsy macros - use static_cpu_has_safe() for ++ * Do not add any more of those clumsy macros - use static_cpu_has() for + * fast paths and boot_cpu_has() otherwise! + */ + +-#if __GNUC__ >= 4 +-extern void warn_pre_alternatives(void); +-extern bool __static_cpu_has_safe(u16 bit); +- ++#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_X86_FAST_FEATURE_TESTS) + /* + * Static testing of CPU features. Used the same as boot_cpu_has(). +- * These are only valid after alternatives have run, but will statically +- * patch the target code for additional performance. ++ * These will statically patch the target code for additional ++ * performance. + */ +-static __always_inline __pure bool __static_cpu_has(u16 bit) +-{ +-#ifdef CC_HAVE_ASM_GOTO +- +-#ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS +- +- /* +- * Catch too early usage of this before alternatives +- * have run. +- */ +- asm_volatile_goto("1: jmp %l[t_warn]\n" +- "2:\n" +- ".section .altinstructions,\"a\"\n" +- " .long 1b - .\n" +- " .long 0\n" /* no replacement */ +- " .word %P0\n" /* 1: do replace */ +- " .byte 2b - 1b\n" /* source len */ +- " .byte 0\n" /* replacement len */ +- " .byte 0\n" /* pad len */ +- ".previous\n" +- /* skipping size check since replacement size = 0 */ +- : : "i" (X86_FEATURE_ALWAYS) : : t_warn); +- +-#endif +- +- asm_volatile_goto("1: jmp %l[t_no]\n" +- "2:\n" +- ".section .altinstructions,\"a\"\n" +- " .long 1b - .\n" +- " .long 0\n" /* no replacement */ +- " .word %P0\n" /* feature bit */ +- " .byte 2b - 1b\n" /* source len */ +- " .byte 0\n" /* replacement len */ +- " .byte 0\n" /* pad len */ +- ".previous\n" +- /* skipping size check since replacement size = 0 */ +- : : "i" (bit) : : t_no); +- return true; +- t_no: +- return false; +- +-#ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS +- t_warn: +- warn_pre_alternatives(); +- return false; +-#endif +- +-#else /* CC_HAVE_ASM_GOTO */ +- +- u8 flag; +- /* Open-coded due to __stringify() in ALTERNATIVE() */ +- asm volatile("1: movb $0,%0\n" +- "2:\n" +- ".section .altinstructions,\"a\"\n" +- " .long 1b - .\n" +- " .long 3f - .\n" +- " .word %P1\n" /* feature bit */ +- " .byte 2b - 1b\n" /* source len */ +- " .byte 4f - 3f\n" /* replacement len */ +- " .byte 0\n" /* pad len */ +- ".previous\n" +- ".section .discard,\"aw\",@progbits\n" +- " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ +- ".previous\n" +- ".section .altinstr_replacement,\"ax\"\n" +- "3: movb $1,%0\n" +- "4:\n" +- ".previous\n" +- : "=qm" (flag) : "i" (bit)); +- return flag; +- +-#endif /* CC_HAVE_ASM_GOTO */ +-} +- +-#define static_cpu_has(bit) \ +-( \ +- __builtin_constant_p(boot_cpu_has(bit)) ? \ +- boot_cpu_has(bit) : \ +- __builtin_constant_p(bit) ? \ +- __static_cpu_has(bit) : \ +- boot_cpu_has(bit) \ +-) +- +-static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ++static __always_inline __pure bool _static_cpu_has(u16 bit) + { +-#ifdef CC_HAVE_ASM_GOTO +- asm_volatile_goto("1: jmp %l[t_dynamic]\n" ++ asm_volatile_goto("1: jmp 6f\n" + "2:\n" + ".skip -(((5f-4f) - (2b-1b)) > 0) * " + "((5f-4f) - (2b-1b)),0x90\n" +@@ -512,66 +195,34 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) + " .byte 0\n" /* repl len */ + " .byte 0\n" /* pad len */ + ".previous\n" +- : : "i" (bit), "i" (X86_FEATURE_ALWAYS) +- : : t_dynamic, t_no); ++ ".section .altinstr_aux,\"ax\"\n" ++ "6:\n" ++ " testb %[bitnum],%[cap_byte]\n" ++ " jnz %l[t_yes]\n" ++ " jmp %l[t_no]\n" ++ ".previous\n" ++ : : "i" (bit), "i" (X86_FEATURE_ALWAYS), ++ [bitnum] "i" (1 << (bit & 7)), ++ [cap_byte] "m" (((const char *)boot_cpu_data.x86_capability)[bit >> 3]) ++ : : t_yes, t_no); ++ t_yes: + return true; + t_no: + return false; +- t_dynamic: +- return __static_cpu_has_safe(bit); +-#else +- u8 flag; +- /* Open-coded due to __stringify() in ALTERNATIVE() */ +- asm volatile("1: movb $2,%0\n" +- "2:\n" +- ".section .altinstructions,\"a\"\n" +- " .long 1b - .\n" /* src offset */ +- " .long 3f - .\n" /* repl offset */ +- " .word %P2\n" /* always replace */ +- " .byte 2b - 1b\n" /* source len */ +- " .byte 4f - 3f\n" /* replacement len */ +- " .byte 0\n" /* pad len */ +- ".previous\n" +- ".section .discard,\"aw\",@progbits\n" +- " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ +- ".previous\n" +- ".section .altinstr_replacement,\"ax\"\n" +- "3: movb $0,%0\n" +- "4:\n" +- ".previous\n" +- ".section .altinstructions,\"a\"\n" +- " .long 1b - .\n" /* src offset */ +- " .long 5f - .\n" /* repl offset */ +- " .word %P1\n" /* feature bit */ +- " .byte 4b - 3b\n" /* src len */ +- " .byte 6f - 5f\n" /* repl len */ +- " .byte 0\n" /* pad len */ +- ".previous\n" +- ".section .discard,\"aw\",@progbits\n" +- " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */ +- ".previous\n" +- ".section .altinstr_replacement,\"ax\"\n" +- "5: movb $1,%0\n" +- "6:\n" +- ".previous\n" +- : "=qm" (flag) +- : "i" (bit), "i" (X86_FEATURE_ALWAYS)); +- return (flag == 2 ? __static_cpu_has_safe(bit) : flag); +-#endif /* CC_HAVE_ASM_GOTO */ + } + +-#define static_cpu_has_safe(bit) \ ++#define static_cpu_has(bit) \ + ( \ + __builtin_constant_p(boot_cpu_has(bit)) ? \ + boot_cpu_has(bit) : \ +- _static_cpu_has_safe(bit) \ ++ _static_cpu_has(bit) \ + ) + #else + /* +- * gcc 3.x is too stupid to do the static test; fall back to dynamic. ++ * Fall back to dynamic for gcc versions which don't support asm goto. Should be ++ * a minority now anyway. + */ + #define static_cpu_has(bit) boot_cpu_has(bit) +-#define static_cpu_has_safe(bit) boot_cpu_has(bit) + #endif + + #define cpu_has_bug(c, bit) cpu_has(c, (bit)) +@@ -579,7 +230,6 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) + #define clear_cpu_bug(c, bit) clear_cpu_cap(c, (bit)) + + #define static_cpu_has_bug(bit) static_cpu_has((bit)) +-#define static_cpu_has_bug_safe(bit) static_cpu_has_safe((bit)) + #define boot_cpu_has_bug(bit) cpu_has_bug(&boot_cpu_data, (bit)) + + #define MAX_CPU_FEATURES (NCAPINTS * 32) +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h +new file mode 100644 +index 000000000000..205ce70c1d6c +--- /dev/null ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -0,0 +1,306 @@ ++#ifndef _ASM_X86_CPUFEATURES_H ++#define _ASM_X86_CPUFEATURES_H ++ ++#ifndef _ASM_X86_REQUIRED_FEATURES_H ++#include ++#endif ++ ++#ifndef _ASM_X86_DISABLED_FEATURES_H ++#include ++#endif ++ ++/* ++ * Defines x86 CPU feature bits ++ */ ++#define NCAPINTS 18 /* N 32-bit words worth of info */ ++#define NBUGINTS 1 /* N 32-bit bug flags */ ++ ++/* ++ * Note: If the comment begins with a quoted string, that string is used ++ * in /proc/cpuinfo instead of the macro name. If the string is "", ++ * this feature bit is not displayed in /proc/cpuinfo at all. ++ */ ++ ++/* Intel-defined CPU features, CPUID level 0x00000001 (edx), word 0 */ ++#define X86_FEATURE_FPU ( 0*32+ 0) /* Onboard FPU */ ++#define X86_FEATURE_VME ( 0*32+ 1) /* Virtual Mode Extensions */ ++#define X86_FEATURE_DE ( 0*32+ 2) /* Debugging Extensions */ ++#define X86_FEATURE_PSE ( 0*32+ 3) /* Page Size Extensions */ ++#define X86_FEATURE_TSC ( 0*32+ 4) /* Time Stamp Counter */ ++#define X86_FEATURE_MSR ( 0*32+ 5) /* Model-Specific Registers */ ++#define X86_FEATURE_PAE ( 0*32+ 6) /* Physical Address Extensions */ ++#define X86_FEATURE_MCE ( 0*32+ 7) /* Machine Check Exception */ ++#define X86_FEATURE_CX8 ( 0*32+ 8) /* CMPXCHG8 instruction */ ++#define X86_FEATURE_APIC ( 0*32+ 9) /* Onboard APIC */ ++#define X86_FEATURE_SEP ( 0*32+11) /* SYSENTER/SYSEXIT */ ++#define X86_FEATURE_MTRR ( 0*32+12) /* Memory Type Range Registers */ ++#define X86_FEATURE_PGE ( 0*32+13) /* Page Global Enable */ ++#define X86_FEATURE_MCA ( 0*32+14) /* Machine Check Architecture */ ++#define X86_FEATURE_CMOV ( 0*32+15) /* CMOV instructions */ ++ /* (plus FCMOVcc, FCOMI with FPU) */ ++#define X86_FEATURE_PAT ( 0*32+16) /* Page Attribute Table */ ++#define X86_FEATURE_PSE36 ( 0*32+17) /* 36-bit PSEs */ ++#define X86_FEATURE_PN ( 0*32+18) /* Processor serial number */ ++#define X86_FEATURE_CLFLUSH ( 0*32+19) /* CLFLUSH instruction */ ++#define X86_FEATURE_DS ( 0*32+21) /* "dts" Debug Store */ ++#define X86_FEATURE_ACPI ( 0*32+22) /* ACPI via MSR */ ++#define X86_FEATURE_MMX ( 0*32+23) /* Multimedia Extensions */ ++#define X86_FEATURE_FXSR ( 0*32+24) /* FXSAVE/FXRSTOR, CR4.OSFXSR */ ++#define X86_FEATURE_XMM ( 0*32+25) /* "sse" */ ++#define X86_FEATURE_XMM2 ( 0*32+26) /* "sse2" */ ++#define X86_FEATURE_SELFSNOOP ( 0*32+27) /* "ss" CPU self snoop */ ++#define X86_FEATURE_HT ( 0*32+28) /* Hyper-Threading */ ++#define X86_FEATURE_ACC ( 0*32+29) /* "tm" Automatic clock control */ ++#define X86_FEATURE_IA64 ( 0*32+30) /* IA-64 processor */ ++#define X86_FEATURE_PBE ( 0*32+31) /* Pending Break Enable */ ++ ++/* AMD-defined CPU features, CPUID level 0x80000001, word 1 */ ++/* Don't duplicate feature flags which are redundant with Intel! */ ++#define X86_FEATURE_SYSCALL ( 1*32+11) /* SYSCALL/SYSRET */ ++#define X86_FEATURE_MP ( 1*32+19) /* MP Capable. */ ++#define X86_FEATURE_NX ( 1*32+20) /* Execute Disable */ ++#define X86_FEATURE_MMXEXT ( 1*32+22) /* AMD MMX extensions */ ++#define X86_FEATURE_FXSR_OPT ( 1*32+25) /* FXSAVE/FXRSTOR optimizations */ ++#define X86_FEATURE_GBPAGES ( 1*32+26) /* "pdpe1gb" GB pages */ ++#define X86_FEATURE_RDTSCP ( 1*32+27) /* RDTSCP */ ++#define X86_FEATURE_LM ( 1*32+29) /* Long Mode (x86-64) */ ++#define X86_FEATURE_3DNOWEXT ( 1*32+30) /* AMD 3DNow! extensions */ ++#define X86_FEATURE_3DNOW ( 1*32+31) /* 3DNow! */ ++ ++/* Transmeta-defined CPU features, CPUID level 0x80860001, word 2 */ ++#define X86_FEATURE_RECOVERY ( 2*32+ 0) /* CPU in recovery mode */ ++#define X86_FEATURE_LONGRUN ( 2*32+ 1) /* Longrun power control */ ++#define X86_FEATURE_LRTI ( 2*32+ 3) /* LongRun table interface */ ++ ++/* Other features, Linux-defined mapping, word 3 */ ++/* This range is used for feature bits which conflict or are synthesized */ ++#define X86_FEATURE_CXMMX ( 3*32+ 0) /* Cyrix MMX extensions */ ++#define X86_FEATURE_K6_MTRR ( 3*32+ 1) /* AMD K6 nonstandard MTRRs */ ++#define X86_FEATURE_CYRIX_ARR ( 3*32+ 2) /* Cyrix ARRs (= MTRRs) */ ++#define X86_FEATURE_CENTAUR_MCR ( 3*32+ 3) /* Centaur MCRs (= MTRRs) */ ++/* cpu types for specific tunings: */ ++#define X86_FEATURE_K8 ( 3*32+ 4) /* "" Opteron, Athlon64 */ ++#define X86_FEATURE_K7 ( 3*32+ 5) /* "" Athlon */ ++#define X86_FEATURE_P3 ( 3*32+ 6) /* "" P3 */ ++#define X86_FEATURE_P4 ( 3*32+ 7) /* "" P4 */ ++#define X86_FEATURE_CONSTANT_TSC ( 3*32+ 8) /* TSC ticks at a constant rate */ ++#define X86_FEATURE_UP ( 3*32+ 9) /* smp kernel running on up */ ++/* free, was #define X86_FEATURE_FXSAVE_LEAK ( 3*32+10) * "" FXSAVE leaks FOP/FIP/FOP */ ++#define X86_FEATURE_ARCH_PERFMON ( 3*32+11) /* Intel Architectural PerfMon */ ++#define X86_FEATURE_PEBS ( 3*32+12) /* Precise-Event Based Sampling */ ++#define X86_FEATURE_BTS ( 3*32+13) /* Branch Trace Store */ ++#define X86_FEATURE_SYSCALL32 ( 3*32+14) /* "" syscall in ia32 userspace */ ++#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in ia32 userspace */ ++#define X86_FEATURE_REP_GOOD ( 3*32+16) /* rep microcode works well */ ++#define X86_FEATURE_MFENCE_RDTSC ( 3*32+17) /* "" Mfence synchronizes RDTSC */ ++#define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) /* "" Lfence synchronizes RDTSC */ ++/* free, was #define X86_FEATURE_11AP ( 3*32+19) * "" Bad local APIC aka 11AP */ ++#define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */ ++#define X86_FEATURE_ALWAYS ( 3*32+21) /* "" Always-present feature */ ++#define X86_FEATURE_XTOPOLOGY ( 3*32+22) /* cpu topology enum extensions */ ++#define X86_FEATURE_TSC_RELIABLE ( 3*32+23) /* TSC is known to be reliable */ ++#define X86_FEATURE_NONSTOP_TSC ( 3*32+24) /* TSC does not stop in C states */ ++/* free, was #define X86_FEATURE_CLFLUSH_MONITOR ( 3*32+25) * "" clflush reqd with monitor */ ++#define X86_FEATURE_EXTD_APICID ( 3*32+26) /* has extended APICID (8 bits) */ ++#define X86_FEATURE_AMD_DCM ( 3*32+27) /* multi-node processor */ ++#define X86_FEATURE_APERFMPERF ( 3*32+28) /* APERFMPERF */ ++/* free, was #define X86_FEATURE_EAGER_FPU ( 3*32+29) * "eagerfpu" Non lazy FPU restore */ ++#define X86_FEATURE_NONSTOP_TSC_S3 ( 3*32+30) /* TSC doesn't stop in S3 state */ ++ ++/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */ ++#define X86_FEATURE_XMM3 ( 4*32+ 0) /* "pni" SSE-3 */ ++#define X86_FEATURE_PCLMULQDQ ( 4*32+ 1) /* PCLMULQDQ instruction */ ++#define X86_FEATURE_DTES64 ( 4*32+ 2) /* 64-bit Debug Store */ ++#define X86_FEATURE_MWAIT ( 4*32+ 3) /* "monitor" Monitor/Mwait support */ ++#define X86_FEATURE_DSCPL ( 4*32+ 4) /* "ds_cpl" CPL Qual. Debug Store */ ++#define X86_FEATURE_VMX ( 4*32+ 5) /* Hardware virtualization */ ++#define X86_FEATURE_SMX ( 4*32+ 6) /* Safer mode */ ++#define X86_FEATURE_EST ( 4*32+ 7) /* Enhanced SpeedStep */ ++#define X86_FEATURE_TM2 ( 4*32+ 8) /* Thermal Monitor 2 */ ++#define X86_FEATURE_SSSE3 ( 4*32+ 9) /* Supplemental SSE-3 */ ++#define X86_FEATURE_CID ( 4*32+10) /* Context ID */ ++#define X86_FEATURE_SDBG ( 4*32+11) /* Silicon Debug */ ++#define X86_FEATURE_FMA ( 4*32+12) /* Fused multiply-add */ ++#define X86_FEATURE_CX16 ( 4*32+13) /* CMPXCHG16B */ ++#define X86_FEATURE_XTPR ( 4*32+14) /* Send Task Priority Messages */ ++#define X86_FEATURE_PDCM ( 4*32+15) /* Performance Capabilities */ ++#define X86_FEATURE_PCID ( 4*32+17) /* Process Context Identifiers */ ++#define X86_FEATURE_DCA ( 4*32+18) /* Direct Cache Access */ ++#define X86_FEATURE_XMM4_1 ( 4*32+19) /* "sse4_1" SSE-4.1 */ ++#define X86_FEATURE_XMM4_2 ( 4*32+20) /* "sse4_2" SSE-4.2 */ ++#define X86_FEATURE_X2APIC ( 4*32+21) /* x2APIC */ ++#define X86_FEATURE_MOVBE ( 4*32+22) /* MOVBE instruction */ ++#define X86_FEATURE_POPCNT ( 4*32+23) /* POPCNT instruction */ ++#define X86_FEATURE_TSC_DEADLINE_TIMER ( 4*32+24) /* Tsc deadline timer */ ++#define X86_FEATURE_AES ( 4*32+25) /* AES instructions */ ++#define X86_FEATURE_XSAVE ( 4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */ ++#define X86_FEATURE_OSXSAVE ( 4*32+27) /* "" XSAVE enabled in the OS */ ++#define X86_FEATURE_AVX ( 4*32+28) /* Advanced Vector Extensions */ ++#define X86_FEATURE_F16C ( 4*32+29) /* 16-bit fp conversions */ ++#define X86_FEATURE_RDRAND ( 4*32+30) /* The RDRAND instruction */ ++#define X86_FEATURE_HYPERVISOR ( 4*32+31) /* Running on a hypervisor */ ++ ++/* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */ ++#define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ ++#define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ ++#define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ ++#define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enabled */ ++#define X86_FEATURE_ACE2 ( 5*32+ 8) /* Advanced Cryptography Engine v2 */ ++#define X86_FEATURE_ACE2_EN ( 5*32+ 9) /* ACE v2 enabled */ ++#define X86_FEATURE_PHE ( 5*32+10) /* PadLock Hash Engine */ ++#define X86_FEATURE_PHE_EN ( 5*32+11) /* PHE enabled */ ++#define X86_FEATURE_PMM ( 5*32+12) /* PadLock Montgomery Multiplier */ ++#define X86_FEATURE_PMM_EN ( 5*32+13) /* PMM enabled */ ++ ++/* More extended AMD flags: CPUID level 0x80000001, ecx, word 6 */ ++#define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* LAHF/SAHF in long mode */ ++#define X86_FEATURE_CMP_LEGACY ( 6*32+ 1) /* If yes HyperThreading not valid */ ++#define X86_FEATURE_SVM ( 6*32+ 2) /* Secure virtual machine */ ++#define X86_FEATURE_EXTAPIC ( 6*32+ 3) /* Extended APIC space */ ++#define X86_FEATURE_CR8_LEGACY ( 6*32+ 4) /* CR8 in 32-bit mode */ ++#define X86_FEATURE_ABM ( 6*32+ 5) /* Advanced bit manipulation */ ++#define X86_FEATURE_SSE4A ( 6*32+ 6) /* SSE-4A */ ++#define X86_FEATURE_MISALIGNSSE ( 6*32+ 7) /* Misaligned SSE mode */ ++#define X86_FEATURE_3DNOWPREFETCH ( 6*32+ 8) /* 3DNow prefetch instructions */ ++#define X86_FEATURE_OSVW ( 6*32+ 9) /* OS Visible Workaround */ ++#define X86_FEATURE_IBS ( 6*32+10) /* Instruction Based Sampling */ ++#define X86_FEATURE_XOP ( 6*32+11) /* extended AVX instructions */ ++#define X86_FEATURE_SKINIT ( 6*32+12) /* SKINIT/STGI instructions */ ++#define X86_FEATURE_WDT ( 6*32+13) /* Watchdog timer */ ++#define X86_FEATURE_LWP ( 6*32+15) /* Light Weight Profiling */ ++#define X86_FEATURE_FMA4 ( 6*32+16) /* 4 operands MAC instructions */ ++#define X86_FEATURE_TCE ( 6*32+17) /* translation cache extension */ ++#define X86_FEATURE_NODEID_MSR ( 6*32+19) /* NodeId MSR */ ++#define X86_FEATURE_TBM ( 6*32+21) /* trailing bit manipulations */ ++#define X86_FEATURE_TOPOEXT ( 6*32+22) /* topology extensions CPUID leafs */ ++#define X86_FEATURE_PERFCTR_CORE ( 6*32+23) /* core performance counter extensions */ ++#define X86_FEATURE_PERFCTR_NB ( 6*32+24) /* NB performance counter extensions */ ++#define X86_FEATURE_BPEXT (6*32+26) /* data breakpoint extension */ ++#define X86_FEATURE_PERFCTR_L2 ( 6*32+28) /* L2 performance counter extensions */ ++#define X86_FEATURE_MWAITX ( 6*32+29) /* MWAIT extension (MONITORX/MWAITX) */ ++ ++/* ++ * Auxiliary flags: Linux defined - For features scattered in various ++ * CPUID levels like 0x6, 0xA etc, word 7. ++ * ++ * Reuse free bits when adding new feature flags! ++ */ ++ ++#define X86_FEATURE_CPB ( 7*32+ 2) /* AMD Core Performance Boost */ ++#define X86_FEATURE_EPB ( 7*32+ 3) /* IA32_ENERGY_PERF_BIAS support */ ++#define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 4) /* Effectively INVPCID && CR4.PCIDE=1 */ ++ ++#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ ++#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ ++ ++#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ ++#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ ++ ++#define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */ ++#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */ ++/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ ++#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ ++ ++/* Virtualization flags: Linux defined, word 8 */ ++#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ ++#define X86_FEATURE_VNMI ( 8*32+ 1) /* Intel Virtual NMI */ ++#define X86_FEATURE_FLEXPRIORITY ( 8*32+ 2) /* Intel FlexPriority */ ++#define X86_FEATURE_EPT ( 8*32+ 3) /* Intel Extended Page Table */ ++#define X86_FEATURE_VPID ( 8*32+ 4) /* Intel Virtual Processor ID */ ++ ++#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */ ++#define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */ ++ ++ ++/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ ++#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ ++#define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3b */ ++#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ ++#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ ++#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ ++#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */ ++#define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */ ++#define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */ ++#define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */ ++#define X86_FEATURE_RTM ( 9*32+11) /* Restricted Transactional Memory */ ++#define X86_FEATURE_CQM ( 9*32+12) /* Cache QoS Monitoring */ ++#define X86_FEATURE_MPX ( 9*32+14) /* Memory Protection Extension */ ++#define X86_FEATURE_AVX512F ( 9*32+16) /* AVX-512 Foundation */ ++#define X86_FEATURE_RDSEED ( 9*32+18) /* The RDSEED instruction */ ++#define X86_FEATURE_ADX ( 9*32+19) /* The ADCX and ADOX instructions */ ++#define X86_FEATURE_SMAP ( 9*32+20) /* Supervisor Mode Access Prevention */ ++#define X86_FEATURE_PCOMMIT ( 9*32+22) /* PCOMMIT instruction */ ++#define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ ++#define X86_FEATURE_CLWB ( 9*32+24) /* CLWB instruction */ ++#define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ ++#define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ ++#define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ ++#define X86_FEATURE_SHA_NI ( 9*32+29) /* SHA1/SHA256 Instruction Extensions */ ++ ++/* Extended state features, CPUID level 0x0000000d:1 (eax), word 10 */ ++#define X86_FEATURE_XSAVEOPT (10*32+ 0) /* XSAVEOPT */ ++#define X86_FEATURE_XSAVEC (10*32+ 1) /* XSAVEC */ ++#define X86_FEATURE_XGETBV1 (10*32+ 2) /* XGETBV with ECX = 1 */ ++#define X86_FEATURE_XSAVES (10*32+ 3) /* XSAVES/XRSTORS */ ++ ++/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:0 (edx), word 11 */ ++#define X86_FEATURE_CQM_LLC (11*32+ 1) /* LLC QoS if 1 */ ++ ++/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:1 (edx), word 12 */ ++#define X86_FEATURE_CQM_OCCUP_LLC (12*32+ 0) /* LLC occupancy monitoring if 1 */ ++ ++/* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */ ++#define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */ ++ ++/* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */ ++#define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */ ++#define X86_FEATURE_IDA (14*32+ 1) /* Intel Dynamic Acceleration */ ++#define X86_FEATURE_ARAT (14*32+ 2) /* Always Running APIC Timer */ ++#define X86_FEATURE_PLN (14*32+ 4) /* Intel Power Limit Notification */ ++#define X86_FEATURE_PTS (14*32+ 6) /* Intel Package Thermal Status */ ++#define X86_FEATURE_HWP (14*32+ 7) /* Intel Hardware P-states */ ++#define X86_FEATURE_HWP_NOTIFY (14*32+ 8) /* HWP Notification */ ++#define X86_FEATURE_HWP_ACT_WINDOW (14*32+ 9) /* HWP Activity Window */ ++#define X86_FEATURE_HWP_EPP (14*32+10) /* HWP Energy Perf. Preference */ ++#define X86_FEATURE_HWP_PKG_REQ (14*32+11) /* HWP Package Level Request */ ++ ++/* AMD SVM Feature Identification, CPUID level 0x8000000a (edx), word 15 */ ++#define X86_FEATURE_NPT (15*32+ 0) /* Nested Page Table support */ ++#define X86_FEATURE_LBRV (15*32+ 1) /* LBR Virtualization support */ ++#define X86_FEATURE_SVML (15*32+ 2) /* "svm_lock" SVM locking MSR */ ++#define X86_FEATURE_NRIPS (15*32+ 3) /* "nrip_save" SVM next_rip save */ ++#define X86_FEATURE_TSCRATEMSR (15*32+ 4) /* "tsc_scale" TSC scaling support */ ++#define X86_FEATURE_VMCBCLEAN (15*32+ 5) /* "vmcb_clean" VMCB clean bits support */ ++#define X86_FEATURE_FLUSHBYASID (15*32+ 6) /* flush-by-ASID support */ ++#define X86_FEATURE_DECODEASSISTS (15*32+ 7) /* Decode Assists support */ ++#define X86_FEATURE_PAUSEFILTER (15*32+10) /* filtered pause intercept */ ++#define X86_FEATURE_PFTHRESHOLD (15*32+12) /* pause filter threshold */ ++ ++/* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 16 */ ++#define X86_FEATURE_PKU (16*32+ 3) /* Protection Keys for Userspace */ ++#define X86_FEATURE_OSPKE (16*32+ 4) /* OS Protection Keys Enable */ ++ ++/* AMD-defined CPU features, CPUID level 0x80000007 (ebx), word 17 */ ++#define X86_FEATURE_OVERFLOW_RECOV (17*32+0) /* MCA overflow recovery support */ ++#define X86_FEATURE_SUCCOR (17*32+1) /* Uncorrectable error containment and recovery */ ++#define X86_FEATURE_SMCA (17*32+3) /* Scalable MCA */ ++ ++/* ++ * BUG word(s) ++ */ ++#define X86_BUG(x) (NCAPINTS*32 + (x)) ++ ++#define X86_BUG_F00F X86_BUG(0) /* Intel F00F */ ++#define X86_BUG_FDIV X86_BUG(1) /* FPU FDIV */ ++#define X86_BUG_COMA X86_BUG(2) /* Cyrix 6x86 coma */ ++#define X86_BUG_AMD_TLB_MMATCH X86_BUG(3) /* "tlb_mmatch" AMD Erratum 383 */ ++#define X86_BUG_AMD_APIC_C1E X86_BUG(4) /* "apic_c1e" AMD Erratum 400 */ ++#define X86_BUG_11AP X86_BUG(5) /* Bad local APIC aka 11AP */ ++#define X86_BUG_FXSAVE_LEAK X86_BUG(6) /* FXSAVE leaks FOP/FIP/FOP */ ++#define X86_BUG_CLFLUSH_MONITOR X86_BUG(7) /* AAI65, CLFLUSH required before MONITOR */ ++#define X86_BUG_SYSRET_SS_ATTRS X86_BUG(8) /* SYSRET doesn't fix up SS attrs */ ++#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ ++#define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ ++#define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ ++ ++#endif /* _ASM_X86_CPUFEATURES_H */ +diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h +index 8b17c2ad1048..21c5ac15657b 100644 +--- a/arch/x86/include/asm/disabled-features.h ++++ b/arch/x86/include/asm/disabled-features.h +@@ -30,6 +30,14 @@ + # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31)) + #endif /* CONFIG_X86_64 */ + ++#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS ++# define DISABLE_PKU 0 ++# define DISABLE_OSPKE 0 ++#else ++# define DISABLE_PKU (1<<(X86_FEATURE_PKU & 31)) ++# define DISABLE_OSPKE (1<<(X86_FEATURE_OSPKE & 31)) ++#endif /* CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS */ ++ + /* + * Make sure to add features to the correct mask + */ +@@ -43,5 +51,14 @@ + #define DISABLED_MASK7 0 + #define DISABLED_MASK8 0 + #define DISABLED_MASK9 (DISABLE_MPX) ++#define DISABLED_MASK10 0 ++#define DISABLED_MASK11 0 ++#define DISABLED_MASK12 0 ++#define DISABLED_MASK13 0 ++#define DISABLED_MASK14 0 ++#define DISABLED_MASK15 0 ++#define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE) ++#define DISABLED_MASK17 0 ++#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 18) + + #endif /* _ASM_X86_DISABLED_FEATURES_H */ +diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h +index 146d838e6ee7..ec2aedb6f92a 100644 +--- a/arch/x86/include/asm/fpu/internal.h ++++ b/arch/x86/include/asm/fpu/internal.h +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + /* + * High level FPU state handling functions: +@@ -63,17 +64,17 @@ static __always_inline __pure bool use_eager_fpu(void) + + static __always_inline __pure bool use_xsaveopt(void) + { +- return static_cpu_has_safe(X86_FEATURE_XSAVEOPT); ++ return static_cpu_has(X86_FEATURE_XSAVEOPT); + } + + static __always_inline __pure bool use_xsave(void) + { +- return static_cpu_has_safe(X86_FEATURE_XSAVE); ++ return static_cpu_has(X86_FEATURE_XSAVE); + } + + static __always_inline __pure bool use_fxsr(void) + { +- return static_cpu_has_safe(X86_FEATURE_FXSR); ++ return static_cpu_has(X86_FEATURE_FXSR); + } + + /* +@@ -225,18 +226,67 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu) + #define XRSTOR ".byte " REX_PREFIX "0x0f,0xae,0x2f" + #define XRSTORS ".byte " REX_PREFIX "0x0f,0xc7,0x1f" + +-/* xstate instruction fault handler: */ +-#define xstate_fault(__err) \ +- \ +- ".section .fixup,\"ax\"\n" \ +- \ +- "3: movl $-2,%[_err]\n" \ +- " jmp 2b\n" \ +- \ +- ".previous\n" \ +- \ +- _ASM_EXTABLE(1b, 3b) \ +- : [_err] "=r" (__err) ++#define XSTATE_OP(op, st, lmask, hmask, err) \ ++ asm volatile("1:" op "\n\t" \ ++ "xor %[err], %[err]\n" \ ++ "2:\n\t" \ ++ ".pushsection .fixup,\"ax\"\n\t" \ ++ "3: movl $-2,%[err]\n\t" \ ++ "jmp 2b\n\t" \ ++ ".popsection\n\t" \ ++ _ASM_EXTABLE(1b, 3b) \ ++ : [err] "=r" (err) \ ++ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ ++ : "memory") ++ ++/* ++ * If XSAVES is enabled, it replaces XSAVEOPT because it supports a compact ++ * format and supervisor states in addition to modified optimization in ++ * XSAVEOPT. ++ * ++ * Otherwise, if XSAVEOPT is enabled, XSAVEOPT replaces XSAVE because XSAVEOPT ++ * supports modified optimization which is not supported by XSAVE. ++ * ++ * We use XSAVE as a fallback. ++ * ++ * The 661 label is defined in the ALTERNATIVE* macros as the address of the ++ * original instruction which gets replaced. We need to use it here as the ++ * address of the instruction where we might get an exception at. ++ */ ++#define XSTATE_XSAVE(st, lmask, hmask, err) \ ++ asm volatile(ALTERNATIVE_2(XSAVE, \ ++ XSAVEOPT, X86_FEATURE_XSAVEOPT, \ ++ XSAVES, X86_FEATURE_XSAVES) \ ++ "\n" \ ++ "xor %[err], %[err]\n" \ ++ "3:\n" \ ++ ".pushsection .fixup,\"ax\"\n" \ ++ "4: movl $-2, %[err]\n" \ ++ "jmp 3b\n" \ ++ ".popsection\n" \ ++ _ASM_EXTABLE(661b, 4b) \ ++ : [err] "=r" (err) \ ++ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ ++ : "memory") ++ ++/* ++ * Use XRSTORS to restore context if it is enabled. XRSTORS supports compact ++ * XSAVE area format. ++ */ ++#define XSTATE_XRESTORE(st, lmask, hmask, err) \ ++ asm volatile(ALTERNATIVE(XRSTOR, \ ++ XRSTORS, X86_FEATURE_XSAVES) \ ++ "\n" \ ++ "xor %[err], %[err]\n" \ ++ "3:\n" \ ++ ".pushsection .fixup,\"ax\"\n" \ ++ "4: movl $-2, %[err]\n" \ ++ "jmp 3b\n" \ ++ ".popsection\n" \ ++ _ASM_EXTABLE(661b, 4b) \ ++ : [err] "=r" (err) \ ++ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ ++ : "memory") + + /* + * This function is called only during boot time when x86 caps are not set +@@ -247,22 +297,14 @@ static inline void copy_xregs_to_kernel_booting(struct xregs_state *xstate) + u64 mask = -1; + u32 lmask = mask; + u32 hmask = mask >> 32; +- int err = 0; ++ int err; + + WARN_ON(system_state != SYSTEM_BOOTING); + +- if (boot_cpu_has(X86_FEATURE_XSAVES)) +- asm volatile("1:"XSAVES"\n\t" +- "2:\n\t" +- xstate_fault(err) +- : "D" (xstate), "m" (*xstate), "a" (lmask), "d" (hmask), "0" (err) +- : "memory"); ++ if (static_cpu_has(X86_FEATURE_XSAVES)) ++ XSTATE_OP(XSAVES, xstate, lmask, hmask, err); + else +- asm volatile("1:"XSAVE"\n\t" +- "2:\n\t" +- xstate_fault(err) +- : "D" (xstate), "m" (*xstate), "a" (lmask), "d" (hmask), "0" (err) +- : "memory"); ++ XSTATE_OP(XSAVE, xstate, lmask, hmask, err); + + /* We should never fault when copying to a kernel buffer: */ + WARN_ON_FPU(err); +@@ -277,22 +319,14 @@ static inline void copy_kernel_to_xregs_booting(struct xregs_state *xstate) + u64 mask = -1; + u32 lmask = mask; + u32 hmask = mask >> 32; +- int err = 0; ++ int err; + + WARN_ON(system_state != SYSTEM_BOOTING); + +- if (boot_cpu_has(X86_FEATURE_XSAVES)) +- asm volatile("1:"XRSTORS"\n\t" +- "2:\n\t" +- xstate_fault(err) +- : "D" (xstate), "m" (*xstate), "a" (lmask), "d" (hmask), "0" (err) +- : "memory"); ++ if (static_cpu_has(X86_FEATURE_XSAVES)) ++ XSTATE_OP(XRSTORS, xstate, lmask, hmask, err); + else +- asm volatile("1:"XRSTOR"\n\t" +- "2:\n\t" +- xstate_fault(err) +- : "D" (xstate), "m" (*xstate), "a" (lmask), "d" (hmask), "0" (err) +- : "memory"); ++ XSTATE_OP(XRSTOR, xstate, lmask, hmask, err); + + /* We should never fault when copying from a kernel buffer: */ + WARN_ON_FPU(err); +@@ -306,33 +340,11 @@ static inline void copy_xregs_to_kernel(struct xregs_state *xstate) + u64 mask = -1; + u32 lmask = mask; + u32 hmask = mask >> 32; +- int err = 0; ++ int err; + + WARN_ON(!alternatives_patched); + +- /* +- * If xsaves is enabled, xsaves replaces xsaveopt because +- * it supports compact format and supervisor states in addition to +- * modified optimization in xsaveopt. +- * +- * Otherwise, if xsaveopt is enabled, xsaveopt replaces xsave +- * because xsaveopt supports modified optimization which is not +- * supported by xsave. +- * +- * If none of xsaves and xsaveopt is enabled, use xsave. +- */ +- alternative_input_2( +- "1:"XSAVE, +- XSAVEOPT, +- X86_FEATURE_XSAVEOPT, +- XSAVES, +- X86_FEATURE_XSAVES, +- [xstate] "D" (xstate), "a" (lmask), "d" (hmask) : +- "memory"); +- asm volatile("2:\n\t" +- xstate_fault(err) +- : "0" (err) +- : "memory"); ++ XSTATE_XSAVE(xstate, lmask, hmask, err); + + /* We should never fault when copying to a kernel buffer: */ + WARN_ON_FPU(err); +@@ -345,23 +357,9 @@ static inline void copy_kernel_to_xregs(struct xregs_state *xstate, u64 mask) + { + u32 lmask = mask; + u32 hmask = mask >> 32; +- int err = 0; ++ int err; + +- /* +- * Use xrstors to restore context if it is enabled. xrstors supports +- * compacted format of xsave area which is not supported by xrstor. +- */ +- alternative_input( +- "1: " XRSTOR, +- XRSTORS, +- X86_FEATURE_XSAVES, +- "D" (xstate), "m" (*xstate), "a" (lmask), "d" (hmask) +- : "memory"); +- +- asm volatile("2:\n" +- xstate_fault(err) +- : "0" (err) +- : "memory"); ++ XSTATE_XRESTORE(xstate, lmask, hmask, err); + + /* We should never fault when copying from a kernel buffer: */ + WARN_ON_FPU(err); +@@ -389,12 +387,10 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf) + if (unlikely(err)) + return -EFAULT; + +- __asm__ __volatile__(ASM_STAC "\n" +- "1:"XSAVE"\n" +- "2: " ASM_CLAC "\n" +- xstate_fault(err) +- : "D" (buf), "a" (-1), "d" (-1), "0" (err) +- : "memory"); ++ stac(); ++ XSTATE_OP(XSAVE, buf, -1, -1, err); ++ clac(); ++ + return err; + } + +@@ -406,14 +402,12 @@ static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask) + struct xregs_state *xstate = ((__force struct xregs_state *)buf); + u32 lmask = mask; + u32 hmask = mask >> 32; +- int err = 0; +- +- __asm__ __volatile__(ASM_STAC "\n" +- "1:"XRSTOR"\n" +- "2: " ASM_CLAC "\n" +- xstate_fault(err) +- : "D" (xstate), "a" (lmask), "d" (hmask), "0" (err) +- : "memory"); /* memory required? */ ++ int err; ++ ++ stac(); ++ XSTATE_OP(XRSTOR, xstate, lmask, hmask, err); ++ clac(); ++ + return err; + } + +@@ -467,7 +461,7 @@ static inline void copy_kernel_to_fpregs(union fpregs_state *fpstate) + * pending. Clear the x87 state here by setting it to fixed values. + * "m" is a random variable that should be in L1. + */ +- if (unlikely(static_cpu_has_bug_safe(X86_BUG_FXSAVE_LEAK))) { ++ if (unlikely(static_cpu_has_bug(X86_BUG_FXSAVE_LEAK))) { + asm volatile( + "fnclex\n\t" + "emms\n\t" +diff --git a/arch/x86/include/asm/irq_work.h b/arch/x86/include/asm/irq_work.h +index 78162f8e248b..d0afb05c84fc 100644 +--- a/arch/x86/include/asm/irq_work.h ++++ b/arch/x86/include/asm/irq_work.h +@@ -1,7 +1,7 @@ + #ifndef _ASM_IRQ_WORK_H + #define _ASM_IRQ_WORK_H + +-#include ++#include + + static inline bool arch_irq_work_has_interrupt(void) + { +diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h +index c70689b5e5aa..0deeb2d26df7 100644 +--- a/arch/x86/include/asm/mwait.h ++++ b/arch/x86/include/asm/mwait.h +@@ -3,6 +3,8 @@ + + #include + ++#include ++ + #define MWAIT_SUBSTATE_MASK 0xf + #define MWAIT_CSTATE_MASK 0xf + #define MWAIT_SUBSTATE_SIZE 4 +diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h +index 249f1c769f21..8b910416243c 100644 +--- a/arch/x86/include/asm/nospec-branch.h ++++ b/arch/x86/include/asm/nospec-branch.h +@@ -5,7 +5,7 @@ + + #include + #include +-#include ++#include + + /* + * Fill the CPU return stack buffer. +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h +index 9e77cea2a8ef..8e415cf65457 100644 +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -13,7 +13,7 @@ struct vm86; + #include + #include + #include +-#include ++#include + #include + #include + #include +@@ -24,7 +24,6 @@ struct vm86; + #include + + #include +-#include + #include + #include + #include +diff --git a/arch/x86/include/asm/required-features.h b/arch/x86/include/asm/required-features.h +index 5c6e4fb370f5..fac9a5c0abe9 100644 +--- a/arch/x86/include/asm/required-features.h ++++ b/arch/x86/include/asm/required-features.h +@@ -92,5 +92,14 @@ + #define REQUIRED_MASK7 0 + #define REQUIRED_MASK8 0 + #define REQUIRED_MASK9 0 ++#define REQUIRED_MASK10 0 ++#define REQUIRED_MASK11 0 ++#define REQUIRED_MASK12 0 ++#define REQUIRED_MASK13 0 ++#define REQUIRED_MASK14 0 ++#define REQUIRED_MASK15 0 ++#define REQUIRED_MASK16 0 ++#define REQUIRED_MASK17 0 ++#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 18) + + #endif /* _ASM_X86_REQUIRED_FEATURES_H */ +diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h +index ba665ebd17bb..db333300bd4b 100644 +--- a/arch/x86/include/asm/smap.h ++++ b/arch/x86/include/asm/smap.h +@@ -15,7 +15,7 @@ + + #include + #include +-#include ++#include + + /* "Raw" instruction opcodes */ + #define __ASM_CLAC .byte 0x0f,0x01,0xca +diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h +index a438c5598a90..04d6eef5f8a5 100644 +--- a/arch/x86/include/asm/smp.h ++++ b/arch/x86/include/asm/smp.h +@@ -16,7 +16,6 @@ + #endif + #include + #include +-#include + + extern int smp_num_siblings; + extern unsigned int num_processors; +diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h +index 9b028204685d..18c9aaa8c043 100644 +--- a/arch/x86/include/asm/thread_info.h ++++ b/arch/x86/include/asm/thread_info.h +@@ -49,7 +49,7 @@ + */ + #ifndef __ASSEMBLY__ + struct task_struct; +-#include ++#include + #include + + struct thread_info { +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index a691b66cc40a..e2a89d2577fb 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -5,6 +5,7 @@ + #include + + #include ++#include + #include + #include + +diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h +index f2f9b39b274a..d83a55b95a48 100644 +--- a/arch/x86/include/asm/uaccess_64.h ++++ b/arch/x86/include/asm/uaccess_64.h +@@ -8,7 +8,7 @@ + #include + #include + #include +-#include ++#include + #include + + /* +diff --git a/arch/x86/kernel/apic/apic_numachip.c b/arch/x86/kernel/apic/apic_numachip.c +index 2bd2292a316d..bac0805ea1d9 100644 +--- a/arch/x86/kernel/apic/apic_numachip.c ++++ b/arch/x86/kernel/apic/apic_numachip.c +@@ -30,7 +30,7 @@ static unsigned int numachip1_get_apic_id(unsigned long x) + unsigned long value; + unsigned int id = (x >> 24) & 0xff; + +- if (static_cpu_has_safe(X86_FEATURE_NODEID_MSR)) { ++ if (static_cpu_has(X86_FEATURE_NODEID_MSR)) { + rdmsrl(MSR_FAM10H_NODE_ID, value); + id |= (value << 2) & 0xff00; + } +@@ -178,7 +178,7 @@ static void fixup_cpu_id(struct cpuinfo_x86 *c, int node) + this_cpu_write(cpu_llc_id, node); + + /* Account for nodes per socket in multi-core-module processors */ +- if (static_cpu_has_safe(X86_FEATURE_NODEID_MSR)) { ++ if (static_cpu_has(X86_FEATURE_NODEID_MSR)) { + rdmsrl(MSR_FAM10H_NODE_ID, val); + nodes = ((val >> 3) & 7) + 1; + } +diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile +index 8f184615053b..924b65794abd 100644 +--- a/arch/x86/kernel/cpu/Makefile ++++ b/arch/x86/kernel/cpu/Makefile +@@ -62,7 +62,7 @@ ifdef CONFIG_X86_FEATURE_NAMES + quiet_cmd_mkcapflags = MKCAP $@ + cmd_mkcapflags = $(CONFIG_SHELL) $(srctree)/$(src)/mkcapflags.sh $< $@ + +-cpufeature = $(src)/../../include/asm/cpufeature.h ++cpufeature = $(src)/../../include/asm/cpufeatures.h + + targets += capflags.c + $(obj)/capflags.c: $(cpufeature) $(src)/mkcapflags.sh FORCE +diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c +index d8fba5c15fbd..6608c03c2126 100644 +--- a/arch/x86/kernel/cpu/centaur.c ++++ b/arch/x86/kernel/cpu/centaur.c +@@ -1,7 +1,7 @@ + #include + #include + +-#include ++#include + #include + #include + #include +@@ -43,7 +43,7 @@ static void init_c3(struct cpuinfo_x86 *c) + /* store Centaur Extended Feature Flags as + * word 5 of the CPU capability bit array + */ +- c->x86_capability[5] = cpuid_edx(0xC0000001); ++ c->x86_capability[CPUID_C000_0001_EDX] = cpuid_edx(0xC0000001); + } + #ifdef CONFIG_X86_32 + /* Cyrix III family needs CX8 & PGE explicitly enabled. */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 0498ad3702f5..814276d0eed1 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -676,50 +676,48 @@ static void apply_forced_caps(struct cpuinfo_x86 *c) + + void get_cpu_cap(struct cpuinfo_x86 *c) + { +- u32 tfms, xlvl; +- u32 ebx; ++ u32 eax, ebx, ecx, edx; + + /* Intel-defined flags: level 0x00000001 */ + if (c->cpuid_level >= 0x00000001) { +- u32 capability, excap; ++ cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + +- cpuid(0x00000001, &tfms, &ebx, &excap, &capability); +- c->x86_capability[0] = capability; +- c->x86_capability[4] = excap; ++ c->x86_capability[CPUID_1_ECX] = ecx; ++ c->x86_capability[CPUID_1_EDX] = edx; + } + + /* Additional Intel-defined flags: level 0x00000007 */ + if (c->cpuid_level >= 0x00000007) { +- u32 eax, ebx, ecx, edx; +- + cpuid_count(0x00000007, 0, &eax, &ebx, &ecx, &edx); + +- c->x86_capability[9] = ebx; ++ c->x86_capability[CPUID_7_0_EBX] = ebx; ++ ++ c->x86_capability[CPUID_6_EAX] = cpuid_eax(0x00000006); ++ c->x86_capability[CPUID_7_ECX] = ecx; + } + + /* Extended state features: level 0x0000000d */ + if (c->cpuid_level >= 0x0000000d) { +- u32 eax, ebx, ecx, edx; +- + cpuid_count(0x0000000d, 1, &eax, &ebx, &ecx, &edx); + +- c->x86_capability[10] = eax; ++ c->x86_capability[CPUID_D_1_EAX] = eax; + } + + /* Additional Intel-defined flags: level 0x0000000F */ + if (c->cpuid_level >= 0x0000000F) { +- u32 eax, ebx, ecx, edx; + + /* QoS sub-leaf, EAX=0Fh, ECX=0 */ + cpuid_count(0x0000000F, 0, &eax, &ebx, &ecx, &edx); +- c->x86_capability[11] = edx; ++ c->x86_capability[CPUID_F_0_EDX] = edx; ++ + if (cpu_has(c, X86_FEATURE_CQM_LLC)) { + /* will be overridden if occupancy monitoring exists */ + c->x86_cache_max_rmid = ebx; + + /* QoS sub-leaf, EAX=0Fh, ECX=1 */ + cpuid_count(0x0000000F, 1, &eax, &ebx, &ecx, &edx); +- c->x86_capability[12] = edx; ++ c->x86_capability[CPUID_F_1_EDX] = edx; ++ + if (cpu_has(c, X86_FEATURE_CQM_OCCUP_LLC)) { + c->x86_cache_max_rmid = ecx; + c->x86_cache_occ_scale = ebx; +@@ -731,30 +729,39 @@ void get_cpu_cap(struct cpuinfo_x86 *c) + } + + /* AMD-defined flags: level 0x80000001 */ +- xlvl = cpuid_eax(0x80000000); +- c->extended_cpuid_level = xlvl; ++ eax = cpuid_eax(0x80000000); ++ c->extended_cpuid_level = eax; ++ ++ if ((eax & 0xffff0000) == 0x80000000) { ++ if (eax >= 0x80000001) { ++ cpuid(0x80000001, &eax, &ebx, &ecx, &edx); + +- if ((xlvl & 0xffff0000) == 0x80000000) { +- if (xlvl >= 0x80000001) { +- c->x86_capability[1] = cpuid_edx(0x80000001); +- c->x86_capability[6] = cpuid_ecx(0x80000001); ++ c->x86_capability[CPUID_8000_0001_ECX] = ecx; ++ c->x86_capability[CPUID_8000_0001_EDX] = edx; + } + } + ++ if (c->extended_cpuid_level >= 0x80000007) { ++ cpuid(0x80000007, &eax, &ebx, &ecx, &edx); ++ ++ c->x86_capability[CPUID_8000_0007_EBX] = ebx; ++ c->x86_power = edx; ++ } ++ + if (c->extended_cpuid_level >= 0x80000008) { +- u32 eax = cpuid_eax(0x80000008); ++ cpuid(0x80000008, &eax, &ebx, &ecx, &edx); + + c->x86_virt_bits = (eax >> 8) & 0xff; + c->x86_phys_bits = eax & 0xff; +- c->x86_capability[13] = cpuid_ebx(0x80000008); ++ c->x86_capability[CPUID_8000_0008_EBX] = ebx; + } + #ifdef CONFIG_X86_32 + else if (cpu_has(c, X86_FEATURE_PAE) || cpu_has(c, X86_FEATURE_PSE36)) + c->x86_phys_bits = 36; + #endif + +- if (c->extended_cpuid_level >= 0x80000007) +- c->x86_power = cpuid_edx(0x80000007); ++ if (c->extended_cpuid_level >= 0x8000000a) ++ c->x86_capability[CPUID_8000_000A_EDX] = cpuid_edx(0x8000000a); + + init_scattered_cpuid_features(c); + } +@@ -1574,20 +1581,6 @@ void cpu_init(void) + } + #endif + +-#ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS +-void warn_pre_alternatives(void) +-{ +- WARN(1, "You're using static_cpu_has before alternatives have run!\n"); +-} +-EXPORT_SYMBOL_GPL(warn_pre_alternatives); +-#endif +- +-inline bool __static_cpu_has_safe(u16 bit) +-{ +- return boot_cpu_has(bit); +-} +-EXPORT_SYMBOL_GPL(__static_cpu_has_safe); +- + static void bsp_resume(void) + { + if (this_cpu->c_bsp_resume) +diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c +index aaf152e79637..15e47c1cd412 100644 +--- a/arch/x86/kernel/cpu/cyrix.c ++++ b/arch/x86/kernel/cpu/cyrix.c +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + + #include "cpu.h" + +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c +index 565648bc1a0a..9299e3bdfad6 100644 +--- a/arch/x86/kernel/cpu/intel.c ++++ b/arch/x86/kernel/cpu/intel.c +@@ -8,7 +8,7 @@ + #include + #include + +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c +index 3fa72317ad78..3557b3ceab14 100644 +--- a/arch/x86/kernel/cpu/intel_cacheinfo.c ++++ b/arch/x86/kernel/cpu/intel_cacheinfo.c +@@ -14,7 +14,7 @@ + #include + #include + +-#include ++#include + #include + #include + +diff --git a/arch/x86/kernel/cpu/match.c b/arch/x86/kernel/cpu/match.c +index afa9f0d487ea..fbb5e90557a5 100644 +--- a/arch/x86/kernel/cpu/match.c ++++ b/arch/x86/kernel/cpu/match.c +@@ -1,5 +1,5 @@ + #include +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/kernel/cpu/mkcapflags.sh b/arch/x86/kernel/cpu/mkcapflags.sh +index 3f20710a5b23..6988c74409a8 100644 +--- a/arch/x86/kernel/cpu/mkcapflags.sh ++++ b/arch/x86/kernel/cpu/mkcapflags.sh +@@ -1,6 +1,6 @@ + #!/bin/sh + # +-# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeature.h ++# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeatures.h + # + + IN=$1 +@@ -49,8 +49,8 @@ dump_array() + trap 'rm "$OUT"' EXIT + + ( +- echo "#ifndef _ASM_X86_CPUFEATURE_H" +- echo "#include " ++ echo "#ifndef _ASM_X86_CPUFEATURES_H" ++ echo "#include " + echo "#endif" + echo "" + +diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c +index f924f41af89a..49bd700d9b7f 100644 +--- a/arch/x86/kernel/cpu/mtrr/main.c ++++ b/arch/x86/kernel/cpu/mtrr/main.c +@@ -47,7 +47,7 @@ + #include + #include + +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c +index 608fb26c7254..8cb57df9398d 100644 +--- a/arch/x86/kernel/cpu/scattered.c ++++ b/arch/x86/kernel/cpu/scattered.c +@@ -31,32 +31,12 @@ void init_scattered_cpuid_features(struct cpuinfo_x86 *c) + const struct cpuid_bit *cb; + + static const struct cpuid_bit cpuid_bits[] = { +- { X86_FEATURE_DTHERM, CR_EAX, 0, 0x00000006, 0 }, +- { X86_FEATURE_IDA, CR_EAX, 1, 0x00000006, 0 }, +- { X86_FEATURE_ARAT, CR_EAX, 2, 0x00000006, 0 }, +- { X86_FEATURE_PLN, CR_EAX, 4, 0x00000006, 0 }, +- { X86_FEATURE_PTS, CR_EAX, 6, 0x00000006, 0 }, +- { X86_FEATURE_HWP, CR_EAX, 7, 0x00000006, 0 }, +- { X86_FEATURE_HWP_NOTIFY, CR_EAX, 8, 0x00000006, 0 }, +- { X86_FEATURE_HWP_ACT_WINDOW, CR_EAX, 9, 0x00000006, 0 }, +- { X86_FEATURE_HWP_EPP, CR_EAX,10, 0x00000006, 0 }, +- { X86_FEATURE_HWP_PKG_REQ, CR_EAX,11, 0x00000006, 0 }, + { X86_FEATURE_INTEL_PT, CR_EBX,25, 0x00000007, 0 }, + { X86_FEATURE_APERFMPERF, CR_ECX, 0, 0x00000006, 0 }, + { X86_FEATURE_EPB, CR_ECX, 3, 0x00000006, 0 }, + { X86_FEATURE_HW_PSTATE, CR_EDX, 7, 0x80000007, 0 }, + { X86_FEATURE_CPB, CR_EDX, 9, 0x80000007, 0 }, + { X86_FEATURE_PROC_FEEDBACK, CR_EDX,11, 0x80000007, 0 }, +- { X86_FEATURE_NPT, CR_EDX, 0, 0x8000000a, 0 }, +- { X86_FEATURE_LBRV, CR_EDX, 1, 0x8000000a, 0 }, +- { X86_FEATURE_SVML, CR_EDX, 2, 0x8000000a, 0 }, +- { X86_FEATURE_NRIPS, CR_EDX, 3, 0x8000000a, 0 }, +- { X86_FEATURE_TSCRATEMSR, CR_EDX, 4, 0x8000000a, 0 }, +- { X86_FEATURE_VMCBCLEAN, CR_EDX, 5, 0x8000000a, 0 }, +- { X86_FEATURE_FLUSHBYASID, CR_EDX, 6, 0x8000000a, 0 }, +- { X86_FEATURE_DECODEASSISTS, CR_EDX, 7, 0x8000000a, 0 }, +- { X86_FEATURE_PAUSEFILTER, CR_EDX,10, 0x8000000a, 0 }, +- { X86_FEATURE_PFTHRESHOLD, CR_EDX,12, 0x8000000a, 0 }, + { 0, 0, 0, 0, 0 } + }; + +diff --git a/arch/x86/kernel/cpu/transmeta.c b/arch/x86/kernel/cpu/transmeta.c +index 3fa0e5ad86b4..a19a663282b5 100644 +--- a/arch/x86/kernel/cpu/transmeta.c ++++ b/arch/x86/kernel/cpu/transmeta.c +@@ -1,6 +1,6 @@ + #include + #include +-#include ++#include + #include + #include "cpu.h" + +@@ -12,7 +12,7 @@ static void early_init_transmeta(struct cpuinfo_x86 *c) + xlvl = cpuid_eax(0x80860000); + if ((xlvl & 0xffff0000) == 0x80860000) { + if (xlvl >= 0x80860001) +- c->x86_capability[2] = cpuid_edx(0x80860001); ++ c->x86_capability[CPUID_8086_0001_EDX] = cpuid_edx(0x80860001); + } + } + +@@ -82,7 +82,7 @@ static void init_transmeta(struct cpuinfo_x86 *c) + /* Unhide possibly hidden capability flags */ + rdmsr(0x80860004, cap_mask, uk); + wrmsr(0x80860004, ~0, uk); +- c->x86_capability[0] = cpuid_edx(0x00000001); ++ c->x86_capability[CPUID_1_EDX] = cpuid_edx(0x00000001); + wrmsr(0x80860004, cap_mask, uk); + + /* All Transmeta CPUs have a constant TSC */ +diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c +index 52a2526c3fbe..19bc19d5e174 100644 +--- a/arch/x86/kernel/e820.c ++++ b/arch/x86/kernel/e820.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + /* + * The e820 map is the map that gets modified e.g. with command line parameters +diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S +index 70284d38fdc2..1c0b49fd6365 100644 +--- a/arch/x86/kernel/head_32.S ++++ b/arch/x86/kernel/head_32.S +@@ -19,7 +19,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S +index 4034e905741a..734ba1d0f686 100644 +--- a/arch/x86/kernel/head_64.S ++++ b/arch/x86/kernel/head_64.S +@@ -76,9 +76,7 @@ startup_64: + subq $_text - __START_KERNEL_map, %rbp + + /* Is the address not 2M aligned? */ +- movq %rbp, %rax +- andl $~PMD_PAGE_MASK, %eax +- testl %eax, %eax ++ testl $~PMD_PAGE_MASK, %ebp + jnz bad_address + + /* +diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c +index f48eb8eeefe2..3fdc1e53aaac 100644 +--- a/arch/x86/kernel/hpet.c ++++ b/arch/x86/kernel/hpet.c +@@ -12,6 +12,7 @@ + #include + #include + ++#include + #include + #include + #include +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 113e70784854..f95ac5d435aa 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -40,7 +40,7 @@ + #include + #include + +-#include ++#include + #include + + static struct class *msr_class; +diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c +index c6aace2bbe08..b8105289c60b 100644 +--- a/arch/x86/kernel/uprobes.c ++++ b/arch/x86/kernel/uprobes.c +@@ -290,7 +290,7 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool + insn_init(insn, auprobe->insn, sizeof(auprobe->insn), x86_64); + /* has the side-effect of processing the entire instruction */ + insn_get_length(insn); +- if (WARN_ON_ONCE(!insn_complete(insn))) ++ if (!insn_complete(insn)) + return -ENOEXEC; + + if (is_prefix_bad(insn)) +diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S +index 4cf401f581e7..b7c9db5deebe 100644 +--- a/arch/x86/kernel/verify_cpu.S ++++ b/arch/x86/kernel/verify_cpu.S +@@ -30,7 +30,7 @@ + * appropriately. Either display a message or halt. + */ + +-#include ++#include + #include + + verify_cpu: +diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c +index d6d64a519559..7f4839ef3608 100644 +--- a/arch/x86/kernel/vm86_32.c ++++ b/arch/x86/kernel/vm86_32.c +@@ -358,7 +358,7 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus) + /* make room for real-mode segments */ + tsk->thread.sp0 += 16; + +- if (static_cpu_has_safe(X86_FEATURE_SEP)) ++ if (static_cpu_has(X86_FEATURE_SEP)) + tsk->thread.sysenter_cs = 0; + + load_sp0(tss, &tsk->thread); +diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S +index e065065a4dfb..a703842b54de 100644 +--- a/arch/x86/kernel/vmlinux.lds.S ++++ b/arch/x86/kernel/vmlinux.lds.S +@@ -202,6 +202,17 @@ SECTIONS + :init + #endif + ++ /* ++ * Section for code used exclusively before alternatives are run. All ++ * references to such code must be patched out by alternatives, normally ++ * by using X86_FEATURE_ALWAYS CPU feature bit. ++ * ++ * See static_cpu_has() for an example. ++ */ ++ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { ++ *(.altinstr_aux) ++ } ++ + INIT_DATA_SECTION(16) + + .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { +diff --git a/arch/x86/lib/clear_page_64.S b/arch/x86/lib/clear_page_64.S +index a2fe51b00cce..65be7cfaf947 100644 +--- a/arch/x86/lib/clear_page_64.S ++++ b/arch/x86/lib/clear_page_64.S +@@ -1,5 +1,5 @@ + #include +-#include ++#include + #include + + /* +diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S +index 009f98216b7e..24ef1c2104d4 100644 +--- a/arch/x86/lib/copy_page_64.S ++++ b/arch/x86/lib/copy_page_64.S +@@ -1,7 +1,7 @@ + /* Written 2003 by Andi Kleen, based on a kernel by Evandro Menezes */ + + #include +-#include ++#include + #include + + /* +diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S +index 423644c230e7..accf7f2f557f 100644 +--- a/arch/x86/lib/copy_user_64.S ++++ b/arch/x86/lib/copy_user_64.S +@@ -10,7 +10,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S +index 16698bba87de..a0de849435ad 100644 +--- a/arch/x86/lib/memcpy_64.S ++++ b/arch/x86/lib/memcpy_64.S +@@ -1,7 +1,7 @@ + /* Copyright 2002 Andi Kleen */ + + #include +-#include ++#include + #include + + /* +diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S +index ca2afdd6d98e..90ce01bee00c 100644 +--- a/arch/x86/lib/memmove_64.S ++++ b/arch/x86/lib/memmove_64.S +@@ -6,7 +6,7 @@ + * - Copyright 2011 Fenghua Yu + */ + #include +-#include ++#include + #include + + #undef memmove +diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S +index 2661fad05827..c9c81227ea37 100644 +--- a/arch/x86/lib/memset_64.S ++++ b/arch/x86/lib/memset_64.S +@@ -1,7 +1,7 @@ + /* Copyright 2002 Andi Kleen, SuSE Labs */ + + #include +-#include ++#include + #include + + .weak memset +diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S +index 3d06b482ebc7..7bbb853e36bd 100644 +--- a/arch/x86/lib/retpoline.S ++++ b/arch/x86/lib/retpoline.S +@@ -3,7 +3,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c +index 92e2eacb3321..f65a33f505b6 100644 +--- a/arch/x86/mm/setup_nx.c ++++ b/arch/x86/mm/setup_nx.c +@@ -4,6 +4,7 @@ + + #include + #include ++#include + + static int disable_nx; + +diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c +index 50d86c0e9ba4..660a83c8287b 100644 +--- a/arch/x86/oprofile/op_model_amd.c ++++ b/arch/x86/oprofile/op_model_amd.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + + #include "op_x86_model.h" + #include "op_counter.h" +diff --git a/arch/x86/um/asm/barrier.h b/arch/x86/um/asm/barrier.h +index 755481f14d90..764ac2fc53fe 100644 +--- a/arch/x86/um/asm/barrier.h ++++ b/arch/x86/um/asm/barrier.h +@@ -3,7 +3,7 @@ + + #include + #include +-#include ++#include + #include + #include + +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c +index 5a6a01135470..34fdaa6e99ba 100644 +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -1229,6 +1229,59 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) + return strcmp(buf, dmi->driver_data) < 0; + } + ++static bool ahci_broken_lpm(struct pci_dev *pdev) ++{ ++ static const struct dmi_system_id sysids[] = { ++ /* Various Lenovo 50 series have LPM issues with older BIOSen */ ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad X250"), ++ }, ++ .driver_data = "20180406", /* 1.31 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L450"), ++ }, ++ .driver_data = "20180420", /* 1.28 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T450s"), ++ }, ++ .driver_data = "20180315", /* 1.33 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W541"), ++ }, ++ /* ++ * Note date based on release notes, 2.35 has been ++ * reported to be good, but I've been unable to get ++ * a hold of the reporter to get the DMI BIOS date. ++ * TODO: fix this. ++ */ ++ .driver_data = "20180310", /* 2.35 */ ++ }, ++ { } /* terminate list */ ++ }; ++ const struct dmi_system_id *dmi = dmi_first_match(sysids); ++ int year, month, date; ++ char buf[9]; ++ ++ if (!dmi) ++ return false; ++ ++ dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); ++ snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); ++ ++ return strcmp(buf, dmi->driver_data) < 0; ++} ++ + static bool ahci_broken_online(struct pci_dev *pdev) + { + #define ENCODE_BUSDEVFN(bus, slot, func) \ +@@ -1588,6 +1641,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + "quirky BIOS, skipping spindown on poweroff\n"); + } + ++ if (ahci_broken_lpm(pdev)) { ++ pi.flags |= ATA_FLAG_NO_LPM; ++ dev_warn(&pdev->dev, ++ "BIOS update required for Link Power Management support\n"); ++ } ++ + if (ahci_broken_suspend(pdev)) { + hpriv->flags |= AHCI_HFLAG_NO_SUSPEND; + dev_warn(&pdev->dev, +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 9afd06ee5b30..ba514fa733de 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -2209,6 +2209,9 @@ int ata_dev_configure(struct ata_device *dev) + (id[ATA_ID_SATA_CAPABILITY] & 0xe) == 0x2) + dev->horkage |= ATA_HORKAGE_NOLPM; + ++ if (ap->flags & ATA_FLAG_NO_LPM) ++ dev->horkage |= ATA_HORKAGE_NOLPM; ++ + if (dev->horkage & ATA_HORKAGE_NOLPM) { + ata_dev_warn(dev, "LPM support broken, forcing max_power\n"); + dev->link->ap->target_lpm_policy = ATA_LPM_MAX_POWER; +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index e8165ec55e6f..da3902ac16c8 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -651,6 +651,36 @@ static void loop_reread_partitions(struct loop_device *lo, + __func__, lo->lo_number, lo->lo_file_name, rc); + } + ++static inline int is_loop_device(struct file *file) ++{ ++ struct inode *i = file->f_mapping->host; ++ ++ return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; ++} ++ ++static int loop_validate_file(struct file *file, struct block_device *bdev) ++{ ++ struct inode *inode = file->f_mapping->host; ++ struct file *f = file; ++ ++ /* Avoid recursion */ ++ while (is_loop_device(f)) { ++ struct loop_device *l; ++ ++ if (f->f_mapping->host->i_bdev == bdev) ++ return -EBADF; ++ ++ l = f->f_mapping->host->i_bdev->bd_disk->private_data; ++ if (l->lo_state == Lo_unbound) { ++ return -EINVAL; ++ } ++ f = l->lo_backing_file; ++ } ++ if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) ++ return -EINVAL; ++ return 0; ++} ++ + /* + * loop_change_fd switched the backing store of a loopback device to + * a new file. This is useful for operating system installers to free up +@@ -680,14 +710,15 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, + if (!file) + goto out; + ++ error = loop_validate_file(file, bdev); ++ if (error) ++ goto out_putf; ++ + inode = file->f_mapping->host; + old_file = lo->lo_backing_file; + + error = -EINVAL; + +- if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) +- goto out_putf; +- + /* size of the new backing store needs to be the same */ + if (get_loop_size(lo, file) != get_loop_size(lo, old_file)) + goto out_putf; +@@ -708,13 +739,6 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, + return error; + } + +-static inline int is_loop_device(struct file *file) +-{ +- struct inode *i = file->f_mapping->host; +- +- return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; +-} +- + /* loop sysfs attributes */ + + static ssize_t loop_attr_show(struct device *dev, char *page, +@@ -811,16 +835,17 @@ static struct attribute_group loop_attribute_group = { + .attrs= loop_attrs, + }; + +-static int loop_sysfs_init(struct loop_device *lo) ++static void loop_sysfs_init(struct loop_device *lo) + { +- return sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj, +- &loop_attribute_group); ++ lo->sysfs_inited = !sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj, ++ &loop_attribute_group); + } + + static void loop_sysfs_exit(struct loop_device *lo) + { +- sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj, +- &loop_attribute_group); ++ if (lo->sysfs_inited) ++ sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj, ++ &loop_attribute_group); + } + + static void loop_config_discard(struct loop_device *lo) +@@ -872,7 +897,7 @@ static int loop_prepare_queue(struct loop_device *lo) + static int loop_set_fd(struct loop_device *lo, fmode_t mode, + struct block_device *bdev, unsigned int arg) + { +- struct file *file, *f; ++ struct file *file; + struct inode *inode; + struct address_space *mapping; + unsigned lo_blocksize; +@@ -892,29 +917,13 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, + if (lo->lo_state != Lo_unbound) + goto out_putf; + +- /* Avoid recursion */ +- f = file; +- while (is_loop_device(f)) { +- struct loop_device *l; +- +- if (f->f_mapping->host->i_bdev == bdev) +- goto out_putf; +- +- l = f->f_mapping->host->i_bdev->bd_disk->private_data; +- if (l->lo_state == Lo_unbound) { +- error = -EINVAL; +- goto out_putf; +- } +- f = l->lo_backing_file; +- } ++ error = loop_validate_file(file, bdev); ++ if (error) ++ goto out_putf; + + mapping = file->f_mapping; + inode = mapping->host; + +- error = -EINVAL; +- if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) +- goto out_putf; +- + if (!(file->f_mode & FMODE_WRITE) || !(mode & FMODE_WRITE) || + !file->f_op->write_iter) + lo_flags |= LO_FLAGS_READ_ONLY; +diff --git a/drivers/block/loop.h b/drivers/block/loop.h +index fb2237c73e61..60f0fd2c0c65 100644 +--- a/drivers/block/loop.h ++++ b/drivers/block/loop.h +@@ -59,6 +59,7 @@ struct loop_device { + struct kthread_worker worker; + struct task_struct *worker_task; + bool use_dio; ++ bool sysfs_inited; + + struct request_queue *lo_queue; + struct blk_mq_tag_set tag_set; +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index b316ab7e8996..60e2c9faa95f 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -512,6 +512,9 @@ + #define USB_VENDOR_ID_IRTOUCHSYSTEMS 0x6615 + #define USB_DEVICE_ID_IRTOUCH_INFRARED_USB 0x0070 + ++#define USB_VENDOR_ID_INNOMEDIA 0x1292 ++#define USB_DEVICE_ID_INNEX_GENESIS_ATARI 0x4745 ++ + #define USB_VENDOR_ID_ITE 0x048d + #define USB_DEVICE_ID_ITE_LENOVO_YOGA 0x8386 + #define USB_DEVICE_ID_ITE_LENOVO_YOGA2 0x8350 +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index ce1543d69acb..c9a11315493b 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -152,6 +152,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_MULTIPLE_1781, USB_DEVICE_ID_RAPHNET_4NES4SNES_OLD, HID_QUIRK_MULTI_INPUT }, + { USB_VENDOR_ID_DRACAL_RAPHNET, USB_DEVICE_ID_RAPHNET_2NES2SNES, HID_QUIRK_MULTI_INPUT }, + { USB_VENDOR_ID_DRACAL_RAPHNET, USB_DEVICE_ID_RAPHNET_4NES4SNES, HID_QUIRK_MULTI_INPUT }, ++ { USB_VENDOR_ID_INNOMEDIA, USB_DEVICE_ID_INNEX_GENESIS_ATARI, HID_QUIRK_MULTI_INPUT }, + + { 0, 0 } + }; +diff --git a/drivers/infiniband/Kconfig b/drivers/infiniband/Kconfig +index aa26f3c3416b..c151bb625179 100644 +--- a/drivers/infiniband/Kconfig ++++ b/drivers/infiniband/Kconfig +@@ -33,6 +33,18 @@ config INFINIBAND_USER_ACCESS + libibverbs, libibcm and a hardware driver library from + . + ++config INFINIBAND_USER_ACCESS_UCM ++ bool "Userspace CM (UCM, DEPRECATED)" ++ depends on BROKEN ++ depends on INFINIBAND_USER_ACCESS ++ help ++ The UCM module has known security flaws, which no one is ++ interested to fix. The user-space part of this code was ++ dropped from the upstream a long time ago. ++ ++ This option is DEPRECATED and planned to be removed. ++ ++ + config INFINIBAND_USER_MEM + bool + depends on INFINIBAND_USER_ACCESS != n +diff --git a/drivers/infiniband/core/Makefile b/drivers/infiniband/core/Makefile +index d43a8994ac5c..737612a442be 100644 +--- a/drivers/infiniband/core/Makefile ++++ b/drivers/infiniband/core/Makefile +@@ -5,8 +5,8 @@ obj-$(CONFIG_INFINIBAND) += ib_core.o ib_mad.o ib_sa.o \ + ib_cm.o iw_cm.o ib_addr.o \ + $(infiniband-y) + obj-$(CONFIG_INFINIBAND_USER_MAD) += ib_umad.o +-obj-$(CONFIG_INFINIBAND_USER_ACCESS) += ib_uverbs.o ib_ucm.o \ +- $(user_access-y) ++obj-$(CONFIG_INFINIBAND_USER_ACCESS) += ib_uverbs.o $(user_access-y) ++obj-$(CONFIG_INFINIBAND_USER_ACCESS_UCM) += ib_ucm.o $(user_access-y) + + ib_core-y := packer.o ud_header.o verbs.o sysfs.o \ + device.o fmr_pool.o cache.o netlink.o \ +diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c +index e1629ab58db7..8218d714fa01 100644 +--- a/drivers/infiniband/hw/cxgb4/mem.c ++++ b/drivers/infiniband/hw/cxgb4/mem.c +@@ -926,7 +926,7 @@ static int c4iw_set_page(struct ib_mr *ibmr, u64 addr) + { + struct c4iw_mr *mhp = to_c4iw_mr(ibmr); + +- if (unlikely(mhp->mpl_len == mhp->max_mpl_len)) ++ if (unlikely(mhp->mpl_len == mhp->attr.pbl_size)) + return -ENOMEM; + + mhp->mpl[mhp->mpl_len++] = addr; +diff --git a/drivers/misc/ibmasm/ibmasmfs.c b/drivers/misc/ibmasm/ibmasmfs.c +index e8b933111e0d..92109cadc3fc 100644 +--- a/drivers/misc/ibmasm/ibmasmfs.c ++++ b/drivers/misc/ibmasm/ibmasmfs.c +@@ -507,35 +507,14 @@ static int remote_settings_file_close(struct inode *inode, struct file *file) + static ssize_t remote_settings_file_read(struct file *file, char __user *buf, size_t count, loff_t *offset) + { + void __iomem *address = (void __iomem *)file->private_data; +- unsigned char *page; +- int retval; + int len = 0; + unsigned int value; +- +- if (*offset < 0) +- return -EINVAL; +- if (count == 0 || count > 1024) +- return 0; +- if (*offset != 0) +- return 0; +- +- page = (unsigned char *)__get_free_page(GFP_KERNEL); +- if (!page) +- return -ENOMEM; ++ char lbuf[20]; + + value = readl(address); +- len = sprintf(page, "%d\n", value); +- +- if (copy_to_user(buf, page, len)) { +- retval = -EFAULT; +- goto exit; +- } +- *offset += len; +- retval = len; ++ len = snprintf(lbuf, sizeof(lbuf), "%d\n", value); + +-exit: +- free_page((unsigned long)page); +- return retval; ++ return simple_read_from_buffer(buf, count, offset, lbuf, len); + } + + static ssize_t remote_settings_file_write(struct file *file, const char __user *ubuff, size_t count, loff_t *offset) +diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c +index fe90b7e04427..5e047bfc0cc4 100644 +--- a/drivers/misc/vmw_balloon.c ++++ b/drivers/misc/vmw_balloon.c +@@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b, + unsigned int num_pages, bool is_2m_pages, unsigned int *target) + { + unsigned long status; +- unsigned long pfn = page_to_pfn(b->page); ++ unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); + + STATS_INC(b->stats.lock[is_2m_pages]); + +@@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b, + unsigned int num_pages, bool is_2m_pages, unsigned int *target) + { + unsigned long status; +- unsigned long pfn = page_to_pfn(b->page); ++ unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); + + STATS_INC(b->stats.unlock[is_2m_pages]); + +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index 40ce175655e6..99f67764765f 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -231,6 +231,10 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Corsair K70 RGB */ + { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT }, + ++ /* Corsair Strafe */ ++ { USB_DEVICE(0x1b1c, 0x1b15), .driver_info = USB_QUIRK_DELAY_INIT | ++ USB_QUIRK_DELAY_CTRL_MSG }, ++ + /* Corsair Strafe RGB */ + { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT | + USB_QUIRK_DELAY_CTRL_MSG }, +diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c +index e4cf3322bcb3..0ec809a35a3f 100644 +--- a/drivers/usb/host/xhci-mem.c ++++ b/drivers/usb/host/xhci-mem.c +@@ -638,7 +638,7 @@ struct xhci_ring *xhci_stream_id_to_ring( + if (!ep->stream_info) + return NULL; + +- if (stream_id > ep->stream_info->num_streams) ++ if (stream_id >= ep->stream_info->num_streams) + return NULL; + return ep->stream_info->stream_rings[stream_id]; + } +diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c +index 343fa6ff9f4b..512c84adcace 100644 +--- a/drivers/usb/misc/yurex.c ++++ b/drivers/usb/misc/yurex.c +@@ -414,8 +414,7 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, + loff_t *ppos) + { + struct usb_yurex *dev; +- int retval = 0; +- int bytes_read = 0; ++ int len = 0; + char in_buffer[20]; + unsigned long flags; + +@@ -423,26 +422,16 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, + + mutex_lock(&dev->io_mutex); + if (!dev->interface) { /* already disconnected */ +- retval = -ENODEV; +- goto exit; ++ mutex_unlock(&dev->io_mutex); ++ return -ENODEV; + } + + spin_lock_irqsave(&dev->lock, flags); +- bytes_read = snprintf(in_buffer, 20, "%lld\n", dev->bbu); ++ len = snprintf(in_buffer, 20, "%lld\n", dev->bbu); + spin_unlock_irqrestore(&dev->lock, flags); +- +- if (*ppos < bytes_read) { +- if (copy_to_user(buffer, in_buffer + *ppos, bytes_read - *ppos)) +- retval = -EFAULT; +- else { +- retval = bytes_read - *ppos; +- *ppos += bytes_read; +- } +- } +- +-exit: + mutex_unlock(&dev->io_mutex); +- return retval; ++ ++ return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); + } + + static ssize_t yurex_write(struct file *file, const char __user *user_buffer, +diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c +index 71133d96f97d..f73ea14e8173 100644 +--- a/drivers/usb/serial/ch341.c ++++ b/drivers/usb/serial/ch341.c +@@ -118,7 +118,7 @@ static int ch341_control_in(struct usb_device *dev, + r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, + value, index, buf, bufsize, DEFAULT_TIMEOUT); +- if (r < bufsize) { ++ if (r < (int)bufsize) { + if (r >= 0) { + dev_err(&dev->dev, + "short control message received (%d < %u)\n", +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index 73835027a7cc..97382301c393 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -145,6 +145,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ + { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ + { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ ++ { USB_DEVICE(0x10C4, 0x89FB) }, /* Qivicon ZigBee USB Radio Stick */ + { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ + { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ + { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ +diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c +index 6b0942428917..8a4047de43dc 100644 +--- a/drivers/usb/serial/keyspan_pda.c ++++ b/drivers/usb/serial/keyspan_pda.c +@@ -373,8 +373,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, + 3, /* get pins */ + USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, + 0, 0, data, 1, 2000); +- if (rc >= 0) ++ if (rc == 1) + *value = *data; ++ else if (rc >= 0) ++ rc = -EIO; + + kfree(data); + return rc; +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c +index ed883a7ad533..58ba6904a087 100644 +--- a/drivers/usb/serial/mos7840.c ++++ b/drivers/usb/serial/mos7840.c +@@ -482,6 +482,9 @@ static void mos7840_control_callback(struct urb *urb) + } + + dev_dbg(dev, "%s urb buffer size is %d\n", __func__, urb->actual_length); ++ if (urb->actual_length < 1) ++ goto out; ++ + dev_dbg(dev, "%s mos7840_port->MsrLsr is %d port %d\n", __func__, + mos7840_port->MsrLsr, mos7840_port->port_num); + data = urb->transfer_buffer; +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 7efd70bfeaf7..d106b981d86f 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -923,7 +923,7 @@ static int check_async_write(struct inode *inode, unsigned long bio_flags) + if (bio_flags & EXTENT_BIO_TREE_LOG) + return 0; + #ifdef CONFIG_X86 +- if (static_cpu_has_safe(X86_FEATURE_XMM4_2)) ++ if (static_cpu_has(X86_FEATURE_XMM4_2)) + return 0; + #endif + return 1; +diff --git a/fs/inode.c b/fs/inode.c +index b95615f3fc50..a39c2724d8a0 100644 +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -1937,8 +1937,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, + inode->i_uid = current_fsuid(); + if (dir && dir->i_mode & S_ISGID) { + inode->i_gid = dir->i_gid; ++ ++ /* Directories are special, and always inherit S_ISGID */ + if (S_ISDIR(mode)) + mode |= S_ISGID; ++ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && ++ !in_group_p(inode->i_gid) && ++ !capable_wrt_inode_uidgid(dir, CAP_FSETID)) ++ mode &= ~S_ISGID; + } else + inode->i_gid = current_fsgid(); + inode->i_mode = mode; +diff --git a/include/linux/libata.h b/include/linux/libata.h +index b20a2752f934..6428ac4746de 100644 +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -210,6 +210,7 @@ enum { + ATA_FLAG_SLAVE_POSS = (1 << 0), /* host supports slave dev */ + /* (doesn't imply presence) */ + ATA_FLAG_SATA = (1 << 1), ++ ATA_FLAG_NO_LPM = (1 << 2), /* host not happy with LPM */ + ATA_FLAG_NO_LOG_PAGE = (1 << 5), /* do not issue log page read */ + ATA_FLAG_NO_ATAPI = (1 << 6), /* No ATAPI support */ + ATA_FLAG_PIO_DMA = (1 << 7), /* PIO cmds via DMA */ +diff --git a/kernel/power/user.c b/kernel/power/user.c +index 526e8911460a..f83c1876b39c 100644 +--- a/kernel/power/user.c ++++ b/kernel/power/user.c +@@ -184,6 +184,11 @@ static ssize_t snapshot_write(struct file *filp, const char __user *buf, + res = PAGE_SIZE - pg_offp; + } + ++ if (!data_of(data->handle)) { ++ res = -EINVAL; ++ goto unlock; ++ } ++ + res = simple_write_to_buffer(data_of(data->handle), res, &pg_offp, + buf, count); + if (res > 0) +diff --git a/lib/atomic64_test.c b/lib/atomic64_test.c +index 83c33a5bcffb..de67fea3cf46 100644 +--- a/lib/atomic64_test.c ++++ b/lib/atomic64_test.c +@@ -16,6 +16,10 @@ + #include + #include + ++#ifdef CONFIG_X86 ++#include /* for boot_cpu_has below */ ++#endif ++ + #define TEST(bit, op, c_op, val) \ + do { \ + atomic##bit##_set(&v, v0); \ +diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c +index 9f70c267a7a5..665fd87cc105 100644 +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -701,6 +701,8 @@ ebt_check_entry(struct ebt_entry *e, struct net *net, + } + i = 0; + ++ memset(&mtpar, 0, sizeof(mtpar)); ++ memset(&tgpar, 0, sizeof(tgpar)); + mtpar.net = tgpar.net = net; + mtpar.table = tgpar.table = name; + mtpar.entryinfo = tgpar.entryinfo = e; +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index dac62b5e7fe3..9363c1a70f16 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -663,6 +663,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, + return -ENOMEM; + + j = 0; ++ memset(&mtpar, 0, sizeof(mtpar)); + mtpar.net = net; + mtpar.table = name; + mtpar.entryinfo = &e->ip; +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 795c343347ec..6cb9e35d23ac 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -676,6 +676,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, + return -ENOMEM; + + j = 0; ++ memset(&mtpar, 0, sizeof(mtpar)); + mtpar.net = net; + mtpar.table = name; + mtpar.entryinfo = &e->ipv6; +diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c +index 7edcfda288c4..54cde78c2718 100644 +--- a/net/netfilter/nfnetlink_queue.c ++++ b/net/netfilter/nfnetlink_queue.c +@@ -1106,6 +1106,9 @@ nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, + static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = { + [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) }, + [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) }, ++ [NFQA_CFG_QUEUE_MAXLEN] = { .type = NLA_U32 }, ++ [NFQA_CFG_MASK] = { .type = NLA_U32 }, ++ [NFQA_CFG_FLAGS] = { .type = NLA_U32 }, + }; + + static const struct nf_queue_handler nfqh = { +diff --git a/tools/build/Build.include b/tools/build/Build.include +index 4d000bc959b4..1c570528baf7 100644 +--- a/tools/build/Build.include ++++ b/tools/build/Build.include +@@ -62,8 +62,8 @@ dep-cmd = $(if $(wildcard $(fixdep)), + $(fixdep) $(depfile) $@ '$(make-cmd)' > $(dot-target).tmp; \ + rm -f $(depfile); \ + mv -f $(dot-target).tmp $(dot-target).cmd, \ +- printf '\# cannot find fixdep (%s)\n' $(fixdep) > $(dot-target).cmd; \ +- printf '\# using basic dep data\n\n' >> $(dot-target).cmd; \ ++ printf '$(pound) cannot find fixdep (%s)\n' $(fixdep) > $(dot-target).cmd; \ ++ printf '$(pound) using basic dep data\n\n' >> $(dot-target).cmd; \ + cat $(depfile) >> $(dot-target).cmd; \ + printf '%s\n' 'cmd_$@ := $(make-cmd)' >> $(dot-target).cmd) + diff --git a/patch/kernel/rk3328-default/04-patch-4.4.141-142.patch b/patch/kernel/rk3328-default/04-patch-4.4.141-142.patch new file mode 100644 index 0000000000..dc7dd1ece7 --- /dev/null +++ b/patch/kernel/rk3328-default/04-patch-4.4.141-142.patch @@ -0,0 +1,186 @@ +diff --git a/Makefile b/Makefile +index 3fc39e41dbde..75d6176c8786 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 141 ++SUBLEVEL = 142 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 814276d0eed1..736e2843139b 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -686,13 +686,14 @@ void get_cpu_cap(struct cpuinfo_x86 *c) + c->x86_capability[CPUID_1_EDX] = edx; + } + ++ /* Thermal and Power Management Leaf: level 0x00000006 (eax) */ ++ if (c->cpuid_level >= 0x00000006) ++ c->x86_capability[CPUID_6_EAX] = cpuid_eax(0x00000006); ++ + /* Additional Intel-defined flags: level 0x00000007 */ + if (c->cpuid_level >= 0x00000007) { + cpuid_count(0x00000007, 0, &eax, &ebx, &ecx, &edx); +- + c->x86_capability[CPUID_7_0_EBX] = ebx; +- +- c->x86_capability[CPUID_6_EAX] = cpuid_eax(0x00000006); + c->x86_capability[CPUID_7_ECX] = ecx; + } + +diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include +index 1db6d73c8dd2..31a981d6229d 100644 +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -7,6 +7,7 @@ quote := " + squote := ' + empty := + space := $(empty) $(empty) ++pound := \# + + ### + # Name of target with a '.' as filename prefix. foo/bar.o => foo/.bar.o +@@ -236,11 +237,11 @@ endif + + # Replace >$< with >$$< to preserve $ when reloading the .cmd file + # (needed for make) +-# Replace >#< with >\#< to avoid starting a comment in the .cmd file ++# Replace >#< with >$(pound)< to avoid starting a comment in the .cmd file + # (needed for make) + # Replace >'< with >'\''< to be able to enclose the whole string in '...' + # (needed for the shell) +-make-cmd = $(call escsq,$(subst \#,\\\#,$(subst $$,$$$$,$(cmd_$(1))))) ++make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1))))) + + # Find any prerequisites that is newer than target or that does not exist. + # PHONY targets skipped in both cases. +diff --git a/tools/arch/x86/include/asm/unistd_32.h b/tools/arch/x86/include/asm/unistd_32.h +new file mode 100644 +index 000000000000..cf33ab09273d +--- /dev/null ++++ b/tools/arch/x86/include/asm/unistd_32.h +@@ -0,0 +1,9 @@ ++#ifndef __NR_perf_event_open ++# define __NR_perf_event_open 336 ++#endif ++#ifndef __NR_futex ++# define __NR_futex 240 ++#endif ++#ifndef __NR_gettid ++# define __NR_gettid 224 ++#endif +diff --git a/tools/arch/x86/include/asm/unistd_64.h b/tools/arch/x86/include/asm/unistd_64.h +new file mode 100644 +index 000000000000..2c9835695b56 +--- /dev/null ++++ b/tools/arch/x86/include/asm/unistd_64.h +@@ -0,0 +1,9 @@ ++#ifndef __NR_perf_event_open ++# define __NR_perf_event_open 298 ++#endif ++#ifndef __NR_futex ++# define __NR_futex 202 ++#endif ++#ifndef __NR_gettid ++# define __NR_gettid 186 ++#endif +diff --git a/tools/build/Build.include b/tools/build/Build.include +index 1c570528baf7..0340d8a51dab 100644 +--- a/tools/build/Build.include ++++ b/tools/build/Build.include +@@ -12,6 +12,7 @@ + # Convenient variables + comma := , + squote := ' ++pound := \# + + ### + # Name of target with a '.' as filename prefix. foo/bar.o => foo/.bar.o +@@ -43,11 +44,11 @@ echo-cmd = $(if $($(quiet)cmd_$(1)),\ + ### + # Replace >$< with >$$< to preserve $ when reloading the .cmd file + # (needed for make) +-# Replace >#< with >\#< to avoid starting a comment in the .cmd file ++# Replace >#< with >$(pound)< to avoid starting a comment in the .cmd file + # (needed for make) + # Replace >'< with >'\''< to be able to enclose the whole string in '...' + # (needed for the shell) +-make-cmd = $(call escsq,$(subst \#,\\\#,$(subst $$,$$$$,$(cmd_$(1))))) ++make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1))))) + + ### + # Find any prerequisites that is newer than target or that does not exist. +diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile +index de89ec574361..b92c952b01ef 100644 +--- a/tools/perf/config/Makefile ++++ b/tools/perf/config/Makefile +@@ -200,6 +200,7 @@ CFLAGS += -I$(src-perf)/arch/$(ARCH)/include + CFLAGS += -I$(srctree)/tools/include/ + CFLAGS += -I$(srctree)/arch/$(ARCH)/include/uapi + CFLAGS += -I$(srctree)/arch/$(ARCH)/include ++CFLAGS += -I$(srctree)/tools/arch/$(ARCH)/include + CFLAGS += -I$(srctree)/include/uapi + CFLAGS += -I$(srctree)/include + +diff --git a/tools/perf/perf-sys.h b/tools/perf/perf-sys.h +index 83a25cef82fd..5cee8a3d0455 100644 +--- a/tools/perf/perf-sys.h ++++ b/tools/perf/perf-sys.h +@@ -11,29 +11,11 @@ + #if defined(__i386__) + #define cpu_relax() asm volatile("rep; nop" ::: "memory"); + #define CPUINFO_PROC {"model name"} +-#ifndef __NR_perf_event_open +-# define __NR_perf_event_open 336 +-#endif +-#ifndef __NR_futex +-# define __NR_futex 240 +-#endif +-#ifndef __NR_gettid +-# define __NR_gettid 224 +-#endif + #endif + + #if defined(__x86_64__) + #define cpu_relax() asm volatile("rep; nop" ::: "memory"); + #define CPUINFO_PROC {"model name"} +-#ifndef __NR_perf_event_open +-# define __NR_perf_event_open 298 +-#endif +-#ifndef __NR_futex +-# define __NR_futex 202 +-#endif +-#ifndef __NR_gettid +-# define __NR_gettid 186 +-#endif + #endif + + #ifdef __powerpc__ +diff --git a/tools/perf/util/include/asm/unistd_32.h b/tools/perf/util/include/asm/unistd_32.h +deleted file mode 100644 +index 8b137891791f..000000000000 +--- a/tools/perf/util/include/asm/unistd_32.h ++++ /dev/null +@@ -1 +0,0 @@ +- +diff --git a/tools/perf/util/include/asm/unistd_64.h b/tools/perf/util/include/asm/unistd_64.h +deleted file mode 100644 +index 8b137891791f..000000000000 +--- a/tools/perf/util/include/asm/unistd_64.h ++++ /dev/null +@@ -1 +0,0 @@ +- +diff --git a/tools/scripts/Makefile.include b/tools/scripts/Makefile.include +index 19edc1a7a232..7ea4438b801d 100644 +--- a/tools/scripts/Makefile.include ++++ b/tools/scripts/Makefile.include +@@ -92,3 +92,5 @@ ifneq ($(silent),1) + QUIET_INSTALL = @printf ' INSTALL %s\n' $1; + endif + endif ++ ++pound := \# diff --git a/patch/kernel/rk3328-default/04-patch-4.4.142-143.patch b/patch/kernel/rk3328-default/04-patch-4.4.142-143.patch new file mode 100644 index 0000000000..3040a38248 --- /dev/null +++ b/patch/kernel/rk3328-default/04-patch-4.4.142-143.patch @@ -0,0 +1,1006 @@ +diff --git a/Makefile b/Makefile +index 75d6176c8786..54690fee0485 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 142 ++SUBLEVEL = 143 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c +index 1ee603d07847..354b99f56c1e 100644 +--- a/arch/mips/kernel/process.c ++++ b/arch/mips/kernel/process.c +@@ -629,21 +629,48 @@ unsigned long arch_align_stack(unsigned long sp) + return sp & ALMASK; + } + ++static DEFINE_PER_CPU(struct call_single_data, backtrace_csd); ++static struct cpumask backtrace_csd_busy; ++ + static void arch_dump_stack(void *info) + { + struct pt_regs *regs; ++ static arch_spinlock_t lock = __ARCH_SPIN_LOCK_UNLOCKED; + ++ arch_spin_lock(&lock); + regs = get_irq_regs(); + + if (regs) + show_regs(regs); ++ else ++ dump_stack(); ++ arch_spin_unlock(&lock); + +- dump_stack(); ++ cpumask_clear_cpu(smp_processor_id(), &backtrace_csd_busy); + } + + void arch_trigger_all_cpu_backtrace(bool include_self) + { +- smp_call_function(arch_dump_stack, NULL, 1); ++ struct call_single_data *csd; ++ int cpu; ++ ++ for_each_cpu(cpu, cpu_online_mask) { ++ /* ++ * If we previously sent an IPI to the target CPU & it hasn't ++ * cleared its bit in the busy cpumask then it didn't handle ++ * our previous IPI & it's not safe for us to reuse the ++ * call_single_data_t. ++ */ ++ if (cpumask_test_and_set_cpu(cpu, &backtrace_csd_busy)) { ++ pr_warn("Unable to send backtrace IPI to CPU%u - perhaps it hung?\n", ++ cpu); ++ continue; ++ } ++ ++ csd = &per_cpu(backtrace_csd, cpu); ++ csd->func = arch_dump_stack; ++ smp_call_function_single_async(cpu, csd); ++ } + } + + int mips_get_process_fp_mode(struct task_struct *task) +diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c +index 31ca2edd7218..1b901218e3ae 100644 +--- a/arch/mips/kernel/traps.c ++++ b/arch/mips/kernel/traps.c +@@ -344,6 +344,7 @@ static void __show_regs(const struct pt_regs *regs) + void show_regs(struct pt_regs *regs) + { + __show_regs((struct pt_regs *)regs); ++ dump_stack(); + } + + void show_registers(struct pt_regs *regs) +diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h +index 1c79c8add0eb..21e84a31d211 100644 +--- a/arch/x86/include/asm/asm.h ++++ b/arch/x86/include/asm/asm.h +@@ -44,6 +44,65 @@ + #define _ASM_SI __ASM_REG(si) + #define _ASM_DI __ASM_REG(di) + ++#ifndef __x86_64__ ++/* 32 bit */ ++ ++#define _ASM_ARG1 _ASM_AX ++#define _ASM_ARG2 _ASM_DX ++#define _ASM_ARG3 _ASM_CX ++ ++#define _ASM_ARG1L eax ++#define _ASM_ARG2L edx ++#define _ASM_ARG3L ecx ++ ++#define _ASM_ARG1W ax ++#define _ASM_ARG2W dx ++#define _ASM_ARG3W cx ++ ++#define _ASM_ARG1B al ++#define _ASM_ARG2B dl ++#define _ASM_ARG3B cl ++ ++#else ++/* 64 bit */ ++ ++#define _ASM_ARG1 _ASM_DI ++#define _ASM_ARG2 _ASM_SI ++#define _ASM_ARG3 _ASM_DX ++#define _ASM_ARG4 _ASM_CX ++#define _ASM_ARG5 r8 ++#define _ASM_ARG6 r9 ++ ++#define _ASM_ARG1Q rdi ++#define _ASM_ARG2Q rsi ++#define _ASM_ARG3Q rdx ++#define _ASM_ARG4Q rcx ++#define _ASM_ARG5Q r8 ++#define _ASM_ARG6Q r9 ++ ++#define _ASM_ARG1L edi ++#define _ASM_ARG2L esi ++#define _ASM_ARG3L edx ++#define _ASM_ARG4L ecx ++#define _ASM_ARG5L r8d ++#define _ASM_ARG6L r9d ++ ++#define _ASM_ARG1W di ++#define _ASM_ARG2W si ++#define _ASM_ARG3W dx ++#define _ASM_ARG4W cx ++#define _ASM_ARG5W r8w ++#define _ASM_ARG6W r9w ++ ++#define _ASM_ARG1B dil ++#define _ASM_ARG2B sil ++#define _ASM_ARG3B dl ++#define _ASM_ARG4B cl ++#define _ASM_ARG5B r8b ++#define _ASM_ARG6B r9b ++ ++#endif ++ + /* Exception table entry */ + #ifdef __ASSEMBLY__ + # define _ASM_EXTABLE(from,to) \ +diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c +index c302f47f6323..94712e1c5cf9 100644 +--- a/drivers/atm/zatm.c ++++ b/drivers/atm/zatm.c +@@ -1481,6 +1481,8 @@ static int zatm_ioctl(struct atm_dev *dev,unsigned int cmd,void __user *arg) + return -EFAULT; + if (pool < 0 || pool > ZATM_LAST_POOL) + return -EINVAL; ++ pool = array_index_nospec(pool, ++ ZATM_LAST_POOL + 1); + if (copy_from_user(&info, + &((struct zatm_pool_req __user *) arg)->info, + sizeof(info))) return -EFAULT; +diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c +index 58a630e55d5d..78d0722feacb 100644 +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -207,7 +207,7 @@ static u32 crypto4xx_build_pdr(struct crypto4xx_device *dev) + dev->pdr_pa); + return -ENOMEM; + } +- memset(dev->pdr, 0, sizeof(struct ce_pd) * PPC4XX_NUM_PD); ++ memset(dev->pdr, 0, sizeof(struct ce_pd) * PPC4XX_NUM_PD); + dev->shadow_sa_pool = dma_alloc_coherent(dev->core_dev->device, + 256 * PPC4XX_NUM_PD, + &dev->shadow_sa_pool_pa, +@@ -240,13 +240,15 @@ static u32 crypto4xx_build_pdr(struct crypto4xx_device *dev) + + static void crypto4xx_destroy_pdr(struct crypto4xx_device *dev) + { +- if (dev->pdr != NULL) ++ if (dev->pdr) + dma_free_coherent(dev->core_dev->device, + sizeof(struct ce_pd) * PPC4XX_NUM_PD, + dev->pdr, dev->pdr_pa); ++ + if (dev->shadow_sa_pool) + dma_free_coherent(dev->core_dev->device, 256 * PPC4XX_NUM_PD, + dev->shadow_sa_pool, dev->shadow_sa_pool_pa); ++ + if (dev->shadow_sr_pool) + dma_free_coherent(dev->core_dev->device, + sizeof(struct sa_state_record) * PPC4XX_NUM_PD, +@@ -416,12 +418,12 @@ static u32 crypto4xx_build_sdr(struct crypto4xx_device *dev) + + static void crypto4xx_destroy_sdr(struct crypto4xx_device *dev) + { +- if (dev->sdr != NULL) ++ if (dev->sdr) + dma_free_coherent(dev->core_dev->device, + sizeof(struct ce_sd) * PPC4XX_NUM_SD, + dev->sdr, dev->sdr_pa); + +- if (dev->scatter_buffer_va != NULL) ++ if (dev->scatter_buffer_va) + dma_free_coherent(dev->core_dev->device, + dev->scatter_buffer_size * PPC4XX_NUM_SD, + dev->scatter_buffer_va, +@@ -1029,12 +1031,10 @@ int crypto4xx_register_alg(struct crypto4xx_device *sec_dev, + break; + } + +- if (rc) { +- list_del(&alg->entry); ++ if (rc) + kfree(alg); +- } else { ++ else + list_add_tail(&alg->entry, &sec_dev->alg_list); +- } + } + + return 0; +@@ -1188,7 +1188,7 @@ static int crypto4xx_probe(struct platform_device *ofdev) + + rc = crypto4xx_build_gdr(core_dev->dev); + if (rc) +- goto err_build_gdr; ++ goto err_build_pdr; + + rc = crypto4xx_build_sdr(core_dev->dev); + if (rc) +@@ -1230,12 +1230,11 @@ err_iomap: + err_request_irq: + irq_dispose_mapping(core_dev->irq); + tasklet_kill(&core_dev->tasklet); +- crypto4xx_destroy_sdr(core_dev->dev); + err_build_sdr: ++ crypto4xx_destroy_sdr(core_dev->dev); + crypto4xx_destroy_gdr(core_dev->dev); +-err_build_gdr: +- crypto4xx_destroy_pdr(core_dev->dev); + err_build_pdr: ++ crypto4xx_destroy_pdr(core_dev->dev); + kfree(core_dev->dev); + err_alloc_dev: + kfree(core_dev); +diff --git a/drivers/net/ethernet/broadcom/bcm63xx_enet.c b/drivers/net/ethernet/broadcom/bcm63xx_enet.c +index 8b1929e9f698..ec5834087e4b 100644 +--- a/drivers/net/ethernet/broadcom/bcm63xx_enet.c ++++ b/drivers/net/ethernet/broadcom/bcm63xx_enet.c +@@ -1063,7 +1063,8 @@ static int bcm_enet_open(struct net_device *dev) + val = enet_readl(priv, ENET_CTL_REG); + val |= ENET_CTL_ENABLE_MASK; + enet_writel(priv, val, ENET_CTL_REG); +- enet_dma_writel(priv, ENETDMA_CFG_EN_MASK, ENETDMA_CFG_REG); ++ if (priv->dma_has_sram) ++ enet_dma_writel(priv, ENETDMA_CFG_EN_MASK, ENETDMA_CFG_REG); + enet_dmac_writel(priv, priv->dma_chan_en_mask, + ENETDMAC_CHANCFG, priv->rx_chan); + +@@ -1787,7 +1788,9 @@ static int bcm_enet_probe(struct platform_device *pdev) + ret = PTR_ERR(priv->mac_clk); + goto out; + } +- clk_prepare_enable(priv->mac_clk); ++ ret = clk_prepare_enable(priv->mac_clk); ++ if (ret) ++ goto out_put_clk_mac; + + /* initialize default and fetch platform data */ + priv->rx_ring_size = BCMENET_DEF_RX_DESC; +@@ -1819,9 +1822,11 @@ static int bcm_enet_probe(struct platform_device *pdev) + if (IS_ERR(priv->phy_clk)) { + ret = PTR_ERR(priv->phy_clk); + priv->phy_clk = NULL; +- goto out_put_clk_mac; ++ goto out_disable_clk_mac; + } +- clk_prepare_enable(priv->phy_clk); ++ ret = clk_prepare_enable(priv->phy_clk); ++ if (ret) ++ goto out_put_clk_phy; + } + + /* do minimal hardware init to be able to probe mii bus */ +@@ -1921,13 +1926,16 @@ out_free_mdio: + out_uninit_hw: + /* turn off mdc clock */ + enet_writel(priv, 0, ENET_MIISC_REG); +- if (priv->phy_clk) { ++ if (priv->phy_clk) + clk_disable_unprepare(priv->phy_clk); ++ ++out_put_clk_phy: ++ if (priv->phy_clk) + clk_put(priv->phy_clk); +- } + +-out_put_clk_mac: ++out_disable_clk_mac: + clk_disable_unprepare(priv->mac_clk); ++out_put_clk_mac: + clk_put(priv->mac_clk); + out: + free_netdev(dev); +@@ -2772,7 +2780,9 @@ static int bcm_enetsw_probe(struct platform_device *pdev) + ret = PTR_ERR(priv->mac_clk); + goto out_unmap; + } +- clk_enable(priv->mac_clk); ++ ret = clk_prepare_enable(priv->mac_clk); ++ if (ret) ++ goto out_put_clk; + + priv->rx_chan = 0; + priv->tx_chan = 1; +@@ -2793,7 +2803,7 @@ static int bcm_enetsw_probe(struct platform_device *pdev) + + ret = register_netdev(dev); + if (ret) +- goto out_put_clk; ++ goto out_disable_clk; + + netif_carrier_off(dev); + platform_set_drvdata(pdev, dev); +@@ -2802,6 +2812,9 @@ static int bcm_enetsw_probe(struct platform_device *pdev) + + return 0; + ++out_disable_clk: ++ clk_disable_unprepare(priv->mac_clk); ++ + out_put_clk: + clk_put(priv->mac_clk); + +@@ -2833,6 +2846,9 @@ static int bcm_enetsw_remove(struct platform_device *pdev) + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); + release_mem_region(res->start, resource_size(res)); + ++ clk_disable_unprepare(priv->mac_clk); ++ clk_put(priv->mac_clk); ++ + free_netdev(dev); + return 0; + } +diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +index 8f7aa53a4c4b..7ae8374bff13 100644 +--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +@@ -50,6 +50,7 @@ + #include + #include + #include ++#include + #include + + #include "common.h" +@@ -2256,6 +2257,7 @@ static int cxgb_extension_ioctl(struct net_device *dev, void __user *useraddr) + + if (t.qset_idx >= nqsets) + return -EINVAL; ++ t.qset_idx = array_index_nospec(t.qset_idx, nqsets); + + q = &adapter->params.sge.qset[q1 + t.qset_idx]; + t.rspq_size = q->rspq_size; +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +index 16bd585365a8..9ac14df0ca3b 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +@@ -643,6 +643,7 @@ static void cmd_work_handler(struct work_struct *work) + struct semaphore *sem; + unsigned long flags; + int alloc_ret; ++ int cmd_mode; + + sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; + down(sem); +@@ -688,6 +689,7 @@ static void cmd_work_handler(struct work_struct *work) + set_signature(ent, !cmd->checksum_disabled); + dump_command(dev, ent, 1); + ent->ts1 = ktime_get_ns(); ++ cmd_mode = cmd->mode; + + /* ring doorbell after the descriptor is valid */ + mlx5_core_dbg(dev, "writing 0x%x to command doorbell\n", 1 << ent->idx); +@@ -695,7 +697,7 @@ static void cmd_work_handler(struct work_struct *work) + iowrite32be(1 << ent->idx, &dev->iseg->cmd_dbell); + mmiowb(); + /* if not in polling don't use ent after this point */ +- if (cmd->mode == CMD_MODE_POLLING) { ++ if (cmd_mode == CMD_MODE_POLLING) { + poll_timeout(ent); + /* make sure we read the descriptor after ownership is SW */ + rmb(); +@@ -1126,7 +1128,7 @@ static ssize_t outlen_write(struct file *filp, const char __user *buf, + { + struct mlx5_core_dev *dev = filp->private_data; + struct mlx5_cmd_debug *dbg = &dev->cmd.dbg; +- char outlen_str[8]; ++ char outlen_str[8] = {0}; + int outlen; + void *ptr; + int err; +@@ -1141,8 +1143,6 @@ static ssize_t outlen_write(struct file *filp, const char __user *buf, + if (copy_from_user(outlen_str, buf, count)) + return -EFAULT; + +- outlen_str[7] = 0; +- + err = sscanf(outlen_str, "%d", &outlen); + if (err < 0) + return err; +diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c +index 174f7341c5c3..688b6da5a9bb 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_main.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_main.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + #include "qed.h" + #include "qed_sp.h" +@@ -634,6 +635,14 @@ static int qed_slowpath_setup_int(struct qed_dev *cdev, + /* We want a minimum of one slowpath and one fastpath vector per hwfn */ + cdev->int_params.in.min_msix_cnt = cdev->num_hwfns * 2; + ++ if (is_kdump_kernel()) { ++ DP_INFO(cdev, ++ "Kdump kernel: Limit the max number of requested MSI-X vectors to %hd\n", ++ cdev->int_params.in.min_msix_cnt); ++ cdev->int_params.in.num_vectors = ++ cdev->int_params.in.min_msix_cnt; ++ } ++ + rc = qed_set_int_mode(cdev, false); + if (rc) { + DP_ERR(cdev, "qed_slowpath_setup_int ERR\n"); +diff --git a/drivers/net/ethernet/sun/sungem.c b/drivers/net/ethernet/sun/sungem.c +index e23a642357e7..eb4d8df49399 100644 +--- a/drivers/net/ethernet/sun/sungem.c ++++ b/drivers/net/ethernet/sun/sungem.c +@@ -60,8 +60,7 @@ + #include + #include "sungem.h" + +-/* Stripping FCS is causing problems, disabled for now */ +-#undef STRIP_FCS ++#define STRIP_FCS + + #define DEFAULT_MSG (NETIF_MSG_DRV | \ + NETIF_MSG_PROBE | \ +@@ -435,7 +434,7 @@ static int gem_rxmac_reset(struct gem *gp) + writel(desc_dma & 0xffffffff, gp->regs + RXDMA_DBLOW); + writel(RX_RING_SIZE - 4, gp->regs + RXDMA_KICK); + val = (RXDMA_CFG_BASE | (RX_OFFSET << 10) | +- ((14 / 2) << 13) | RXDMA_CFG_FTHRESH_128); ++ (ETH_HLEN << 13) | RXDMA_CFG_FTHRESH_128); + writel(val, gp->regs + RXDMA_CFG); + if (readl(gp->regs + GREG_BIFCFG) & GREG_BIFCFG_M66EN) + writel(((5 & RXDMA_BLANK_IPKTS) | +@@ -760,7 +759,6 @@ static int gem_rx(struct gem *gp, int work_to_do) + struct net_device *dev = gp->dev; + int entry, drops, work_done = 0; + u32 done; +- __sum16 csum; + + if (netif_msg_rx_status(gp)) + printk(KERN_DEBUG "%s: rx interrupt, done: %d, rx_new: %d\n", +@@ -855,9 +853,13 @@ static int gem_rx(struct gem *gp, int work_to_do) + skb = copy_skb; + } + +- csum = (__force __sum16)htons((status & RXDCTRL_TCPCSUM) ^ 0xffff); +- skb->csum = csum_unfold(csum); +- skb->ip_summed = CHECKSUM_COMPLETE; ++ if (likely(dev->features & NETIF_F_RXCSUM)) { ++ __sum16 csum; ++ ++ csum = (__force __sum16)htons((status & RXDCTRL_TCPCSUM) ^ 0xffff); ++ skb->csum = csum_unfold(csum); ++ skb->ip_summed = CHECKSUM_COMPLETE; ++ } + skb->protocol = eth_type_trans(skb, gp->dev); + + napi_gro_receive(&gp->napi, skb); +@@ -1755,7 +1757,7 @@ static void gem_init_dma(struct gem *gp) + writel(0, gp->regs + TXDMA_KICK); + + val = (RXDMA_CFG_BASE | (RX_OFFSET << 10) | +- ((14 / 2) << 13) | RXDMA_CFG_FTHRESH_128); ++ (ETH_HLEN << 13) | RXDMA_CFG_FTHRESH_128); + writel(val, gp->regs + RXDMA_CFG); + + writel(desc_dma >> 32, gp->regs + RXDMA_DBHI); +@@ -2973,8 +2975,8 @@ static int gem_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + pci_set_drvdata(pdev, dev); + + /* We can do scatter/gather and HW checksum */ +- dev->hw_features = NETIF_F_SG | NETIF_F_HW_CSUM; +- dev->features |= dev->hw_features | NETIF_F_RXCSUM; ++ dev->hw_features = NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_RXCSUM; ++ dev->features = dev->hw_features; + if (pci_using_dac) + dev->features |= NETIF_F_HIGHDMA; + +diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c +index 2991d7155540..2bb336cb13ee 100644 +--- a/drivers/net/usb/r8152.c ++++ b/drivers/net/usb/r8152.c +@@ -3139,7 +3139,8 @@ static int rtl8152_close(struct net_device *netdev) + #ifdef CONFIG_PM_SLEEP + unregister_pm_notifier(&tp->pm_notifier); + #endif +- napi_disable(&tp->napi); ++ if (!test_bit(RTL8152_UNPLUG, &tp->flags)) ++ napi_disable(&tp->napi); + clear_bit(WORK_ENABLE, &tp->flags); + usb_kill_urb(tp->intr_urb); + cancel_delayed_work_sync(&tp->schedule); +diff --git a/drivers/net/wireless/realtek/rtlwifi/core.c b/drivers/net/wireless/realtek/rtlwifi/core.c +index 8b537a5a4b01..8006f0972ad1 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/core.c ++++ b/drivers/net/wireless/realtek/rtlwifi/core.c +@@ -135,7 +135,6 @@ found_alt: + firmware->size); + rtlpriv->rtlhal.wowlan_fwsize = firmware->size; + } +- rtlpriv->rtlhal.fwsize = firmware->size; + release_firmware(firmware); + } + +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c +index 44a5a8777053..645b2197930e 100644 +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -955,7 +955,8 @@ err_used: + if (ubufs) + vhost_net_ubuf_put_wait_and_free(ubufs); + err_ubufs: +- sockfd_put(sock); ++ if (sock) ++ sockfd_put(sock); + err_vq: + mutex_unlock(&vq->mutex); + err: +diff --git a/fs/ocfs2/cluster/nodemanager.c b/fs/ocfs2/cluster/nodemanager.c +index 72afdca3cea7..3c45a9301a09 100644 +--- a/fs/ocfs2/cluster/nodemanager.c ++++ b/fs/ocfs2/cluster/nodemanager.c +@@ -40,6 +40,9 @@ char *o2nm_fence_method_desc[O2NM_FENCE_METHODS] = { + "panic", /* O2NM_FENCE_PANIC */ + }; + ++static inline void o2nm_lock_subsystem(void); ++static inline void o2nm_unlock_subsystem(void); ++ + struct o2nm_node *o2nm_get_node_by_num(u8 node_num) + { + struct o2nm_node *node = NULL; +@@ -181,7 +184,10 @@ static struct o2nm_cluster *to_o2nm_cluster_from_node(struct o2nm_node *node) + { + /* through the first node_set .parent + * mycluster/nodes/mynode == o2nm_cluster->o2nm_node_group->o2nm_node */ +- return to_o2nm_cluster(node->nd_item.ci_parent->ci_parent); ++ if (node->nd_item.ci_parent) ++ return to_o2nm_cluster(node->nd_item.ci_parent->ci_parent); ++ else ++ return NULL; + } + + enum { +@@ -194,7 +200,7 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page, + size_t count) + { + struct o2nm_node *node = to_o2nm_node(item); +- struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); ++ struct o2nm_cluster *cluster; + unsigned long tmp; + char *p = (char *)page; + int ret = 0; +@@ -214,6 +220,13 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page, + !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes)) + return -EINVAL; /* XXX */ + ++ o2nm_lock_subsystem(); ++ cluster = to_o2nm_cluster_from_node(node); ++ if (!cluster) { ++ o2nm_unlock_subsystem(); ++ return -EINVAL; ++ } ++ + write_lock(&cluster->cl_nodes_lock); + if (cluster->cl_nodes[tmp]) + ret = -EEXIST; +@@ -226,6 +239,8 @@ static ssize_t o2nm_node_num_store(struct config_item *item, const char *page, + set_bit(tmp, cluster->cl_nodes_bitmap); + } + write_unlock(&cluster->cl_nodes_lock); ++ o2nm_unlock_subsystem(); ++ + if (ret) + return ret; + +@@ -269,7 +284,7 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item, + size_t count) + { + struct o2nm_node *node = to_o2nm_node(item); +- struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); ++ struct o2nm_cluster *cluster; + int ret, i; + struct rb_node **p, *parent; + unsigned int octets[4]; +@@ -286,6 +301,13 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item, + be32_add_cpu(&ipv4_addr, octets[i] << (i * 8)); + } + ++ o2nm_lock_subsystem(); ++ cluster = to_o2nm_cluster_from_node(node); ++ if (!cluster) { ++ o2nm_unlock_subsystem(); ++ return -EINVAL; ++ } ++ + ret = 0; + write_lock(&cluster->cl_nodes_lock); + if (o2nm_node_ip_tree_lookup(cluster, ipv4_addr, &p, &parent)) +@@ -298,6 +320,8 @@ static ssize_t o2nm_node_ipv4_address_store(struct config_item *item, + rb_insert_color(&node->nd_ip_node, &cluster->cl_node_ip_tree); + } + write_unlock(&cluster->cl_nodes_lock); ++ o2nm_unlock_subsystem(); ++ + if (ret) + return ret; + +@@ -315,7 +339,7 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page, + size_t count) + { + struct o2nm_node *node = to_o2nm_node(item); +- struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); ++ struct o2nm_cluster *cluster; + unsigned long tmp; + char *p = (char *)page; + ssize_t ret; +@@ -333,17 +357,26 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page, + !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes)) + return -EINVAL; /* XXX */ + ++ o2nm_lock_subsystem(); ++ cluster = to_o2nm_cluster_from_node(node); ++ if (!cluster) { ++ ret = -EINVAL; ++ goto out; ++ } ++ + /* the only failure case is trying to set a new local node + * when a different one is already set */ + if (tmp && tmp == cluster->cl_has_local && +- cluster->cl_local_node != node->nd_num) +- return -EBUSY; ++ cluster->cl_local_node != node->nd_num) { ++ ret = -EBUSY; ++ goto out; ++ } + + /* bring up the rx thread if we're setting the new local node. */ + if (tmp && !cluster->cl_has_local) { + ret = o2net_start_listening(node); + if (ret) +- return ret; ++ goto out; + } + + if (!tmp && cluster->cl_has_local && +@@ -358,7 +391,11 @@ static ssize_t o2nm_node_local_store(struct config_item *item, const char *page, + cluster->cl_local_node = node->nd_num; + } + +- return count; ++ ret = count; ++ ++out: ++ o2nm_unlock_subsystem(); ++ return ret; + } + + CONFIGFS_ATTR(o2nm_node_, num); +@@ -750,6 +787,16 @@ static struct o2nm_cluster_group o2nm_cluster_group = { + }, + }; + ++static inline void o2nm_lock_subsystem(void) ++{ ++ mutex_lock(&o2nm_cluster_group.cs_subsys.su_mutex); ++} ++ ++static inline void o2nm_unlock_subsystem(void) ++{ ++ mutex_unlock(&o2nm_cluster_group.cs_subsys.su_mutex); ++} ++ + int o2nm_depend_item(struct config_item *item) + { + return configfs_depend_item(&o2nm_cluster_group.cs_subsys, item); +diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c +index 665fd87cc105..8b8a43fda6ca 100644 +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -404,6 +404,12 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par, + watcher = xt_request_find_target(NFPROTO_BRIDGE, w->u.name, 0); + if (IS_ERR(watcher)) + return PTR_ERR(watcher); ++ ++ if (watcher->family != NFPROTO_BRIDGE) { ++ module_put(watcher->me); ++ return -ENOENT; ++ } ++ + w->u.watcher = watcher; + + par->target = watcher; +@@ -724,6 +730,13 @@ ebt_check_entry(struct ebt_entry *e, struct net *net, + goto cleanup_watchers; + } + ++ /* Reject UNSPEC, xtables verdicts/return values are incompatible */ ++ if (target->family != NFPROTO_BRIDGE) { ++ module_put(target->me); ++ ret = -ENOENT; ++ goto cleanup_watchers; ++ } ++ + t->u.target = target; + if (t->u.target == &ebt_standard_target) { + if (gap < sizeof(struct ebt_standard_target)) { +diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c +index 119c04317d48..03fcf3ee1534 100644 +--- a/net/dccp/ccids/ccid3.c ++++ b/net/dccp/ccids/ccid3.c +@@ -599,7 +599,7 @@ static void ccid3_hc_rx_send_feedback(struct sock *sk, + { + struct ccid3_hc_rx_sock *hc = ccid3_hc_rx_sk(sk); + struct dccp_sock *dp = dccp_sk(sk); +- ktime_t now = ktime_get_real(); ++ ktime_t now = ktime_get(); + s64 delta = 0; + + switch (fbtype) { +@@ -624,15 +624,14 @@ static void ccid3_hc_rx_send_feedback(struct sock *sk, + case CCID3_FBACK_PERIODIC: + delta = ktime_us_delta(now, hc->rx_tstamp_last_feedback); + if (delta <= 0) +- DCCP_BUG("delta (%ld) <= 0", (long)delta); +- else +- hc->rx_x_recv = scaled_div32(hc->rx_bytes_recv, delta); ++ delta = 1; ++ hc->rx_x_recv = scaled_div32(hc->rx_bytes_recv, delta); + break; + default: + return; + } + +- ccid3_pr_debug("Interval %ldusec, X_recv=%u, 1/p=%u\n", (long)delta, ++ ccid3_pr_debug("Interval %lldusec, X_recv=%u, 1/p=%u\n", delta, + hc->rx_x_recv, hc->rx_pinv); + + hc->rx_tstamp_last_feedback = now; +@@ -679,7 +678,8 @@ static int ccid3_hc_rx_insert_options(struct sock *sk, struct sk_buff *skb) + static u32 ccid3_first_li(struct sock *sk) + { + struct ccid3_hc_rx_sock *hc = ccid3_hc_rx_sk(sk); +- u32 x_recv, p, delta; ++ u32 x_recv, p; ++ s64 delta; + u64 fval; + + if (hc->rx_rtt == 0) { +@@ -687,7 +687,9 @@ static u32 ccid3_first_li(struct sock *sk) + hc->rx_rtt = DCCP_FALLBACK_RTT; + } + +- delta = ktime_to_us(net_timedelta(hc->rx_tstamp_last_feedback)); ++ delta = ktime_us_delta(ktime_get(), hc->rx_tstamp_last_feedback); ++ if (delta <= 0) ++ delta = 1; + x_recv = scaled_div32(hc->rx_bytes_recv, delta); + if (x_recv == 0) { /* would also trigger divide-by-zero */ + DCCP_WARN("X_recv==0\n"); +diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c +index e26df2764e83..1689c7bdf1c9 100644 +--- a/net/dns_resolver/dns_key.c ++++ b/net/dns_resolver/dns_key.c +@@ -87,35 +87,39 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) + opt++; + kdebug("options: '%s'", opt); + do { ++ int opt_len, opt_nlen; + const char *eq; +- int opt_len, opt_nlen, opt_vlen, tmp; ++ char optval[128]; + + next_opt = memchr(opt, '#', end - opt) ?: end; + opt_len = next_opt - opt; +- if (opt_len <= 0 || opt_len > 128) { ++ if (opt_len <= 0 || opt_len > sizeof(optval)) { + pr_warn_ratelimited("Invalid option length (%d) for dns_resolver key\n", + opt_len); + return -EINVAL; + } + +- eq = memchr(opt, '=', opt_len) ?: end; +- opt_nlen = eq - opt; +- eq++; +- opt_vlen = next_opt - eq; /* will be -1 if no value */ ++ eq = memchr(opt, '=', opt_len); ++ if (eq) { ++ opt_nlen = eq - opt; ++ eq++; ++ memcpy(optval, eq, next_opt - eq); ++ optval[next_opt - eq] = '\0'; ++ } else { ++ opt_nlen = opt_len; ++ optval[0] = '\0'; ++ } + +- tmp = opt_vlen >= 0 ? opt_vlen : 0; +- kdebug("option '%*.*s' val '%*.*s'", +- opt_nlen, opt_nlen, opt, tmp, tmp, eq); ++ kdebug("option '%*.*s' val '%s'", ++ opt_nlen, opt_nlen, opt, optval); + + /* see if it's an error number representing a DNS error + * that's to be recorded as the result in this key */ + if (opt_nlen == sizeof(DNS_ERRORNO_OPTION) - 1 && + memcmp(opt, DNS_ERRORNO_OPTION, opt_nlen) == 0) { + kdebug("dns error number option"); +- if (opt_vlen <= 0) +- goto bad_option_value; + +- ret = kstrtoul(eq, 10, &derrno); ++ ret = kstrtoul(optval, 10, &derrno); + if (ret < 0) + goto bad_option_value; + +diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c +index 70fb352e317f..75abf978ef30 100644 +--- a/net/ipv4/sysctl_net_ipv4.c ++++ b/net/ipv4/sysctl_net_ipv4.c +@@ -213,8 +213,9 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, + { + struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; + struct tcp_fastopen_context *ctxt; +- int ret; + u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ ++ __le32 key[4]; ++ int ret, i; + + tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); + if (!tbl.data) +@@ -223,11 +224,14 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, + rcu_read_lock(); + ctxt = rcu_dereference(tcp_fastopen_ctx); + if (ctxt) +- memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); ++ memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); + else +- memset(user_key, 0, sizeof(user_key)); ++ memset(key, 0, sizeof(key)); + rcu_read_unlock(); + ++ for (i = 0; i < ARRAY_SIZE(key); i++) ++ user_key[i] = le32_to_cpu(key[i]); ++ + snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", + user_key[0], user_key[1], user_key[2], user_key[3]); + ret = proc_dostring(&tbl, write, buffer, lenp, ppos); +@@ -243,12 +247,16 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, + * first invocation of tcp_fastopen_cookie_gen + */ + tcp_fastopen_init_key_once(false); +- tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH); ++ ++ for (i = 0; i < ARRAY_SIZE(user_key); i++) ++ key[i] = cpu_to_le32(user_key[i]); ++ ++ tcp_fastopen_reset_cipher(key, TCP_FASTOPEN_KEY_LENGTH); + } + + bad_key: + pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", +- user_key[0], user_key[1], user_key[2], user_key[3], ++ user_key[0], user_key[1], user_key[2], user_key[3], + (char *)tbl.data, ret); + kfree(tbl.data); + return ret; +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index a9041915afc0..4350ee058441 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -3218,6 +3218,15 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets, + + if (tcp_is_reno(tp)) { + tcp_remove_reno_sacks(sk, pkts_acked); ++ ++ /* If any of the cumulatively ACKed segments was ++ * retransmitted, non-SACK case cannot confirm that ++ * progress was due to original transmission due to ++ * lack of TCPCB_SACKED_ACKED bits even if some of ++ * the packets may have been never retransmitted. ++ */ ++ if (flag & FLAG_RETRANS_DATA_ACKED) ++ flag &= ~FLAG_ORIG_SACK_ACKED; + } else { + int delta; + +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index dec4e7bda5f3..11282ffca567 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -692,7 +692,6 @@ static int ipip6_rcv(struct sk_buff *skb) + + if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6))) + goto out; +- iph = ip_hdr(skb); + + err = IP_ECN_decapsulate(iph, skb); + if (unlikely(err)) { +diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c +index d25212b135ea..04f060488686 100644 +--- a/net/nfc/llcp_commands.c ++++ b/net/nfc/llcp_commands.c +@@ -754,11 +754,14 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, + pr_debug("Fragment %zd bytes remaining %zd", + frag_len, remaining_len); + +- pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT, ++ pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, 0, + frag_len + LLCP_HEADER_SIZE, &err); + if (pdu == NULL) { +- pr_err("Could not allocate PDU\n"); +- continue; ++ pr_err("Could not allocate PDU (error=%d)\n", err); ++ len -= remaining_len; ++ if (len == 0) ++ len = err; ++ break; + } + + pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); +diff --git a/net/rds/loop.c b/net/rds/loop.c +index 6b12b68541ae..05cab8c5a379 100644 +--- a/net/rds/loop.c ++++ b/net/rds/loop.c +@@ -191,4 +191,5 @@ struct rds_transport rds_loop_transport = { + .inc_copy_to_user = rds_message_inc_copy_to_user, + .inc_free = rds_loop_inc_free, + .t_name = "loopback", ++ .t_type = RDS_TRANS_LOOP, + }; +diff --git a/net/rds/rds.h b/net/rds/rds.h +index 4588860f4c3b..254f1345cf7e 100644 +--- a/net/rds/rds.h ++++ b/net/rds/rds.h +@@ -401,6 +401,11 @@ struct rds_notifier { + int n_status; + }; + ++/* Available as part of RDS core, so doesn't need to participate ++ * in get_preferred transport etc ++ */ ++#define RDS_TRANS_LOOP 3 ++ + /** + * struct rds_transport - transport specific behavioural hooks + * +diff --git a/net/rds/recv.c b/net/rds/recv.c +index 0514af3ab378..6275de19689c 100644 +--- a/net/rds/recv.c ++++ b/net/rds/recv.c +@@ -76,6 +76,11 @@ static void rds_recv_rcvbuf_delta(struct rds_sock *rs, struct sock *sk, + return; + + rs->rs_rcv_bytes += delta; ++ ++ /* loop transport doesn't send/recv congestion updates */ ++ if (rs->rs_transport->t_type == RDS_TRANS_LOOP) ++ return; ++ + now_congested = rs->rs_rcv_bytes > rds_sk_rcvbuf(rs); + + rdsdebug("rs %p (%pI4:%u) recv bytes %d buf %d " +diff --git a/net/sched/sch_blackhole.c b/net/sched/sch_blackhole.c +index 3fee70d9814f..562edd50fa94 100644 +--- a/net/sched/sch_blackhole.c ++++ b/net/sched/sch_blackhole.c +@@ -20,7 +20,7 @@ + static int blackhole_enqueue(struct sk_buff *skb, struct Qdisc *sch) + { + qdisc_drop(skb, sch); +- return NET_XMIT_SUCCESS; ++ return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS; + } + + static struct sk_buff *blackhole_dequeue(struct Qdisc *sch)