diff --git a/config/kernel/linux-odroidxu4-legacy.config b/config/kernel/linux-odroidxu4-legacy.config index 51009de2c8..6797d30b4a 100644 --- a/config/kernel/linux-odroidxu4-legacy.config +++ b/config/kernel/linux-odroidxu4-legacy.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.172 Kernel Configuration +# Linux/arm 4.14.173 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -2140,7 +2140,6 @@ CONFIG_WLAN_VENDOR_TI=y # CONFIG_WL12XX is not set # CONFIG_WL18XX is not set # CONFIG_WLCORE is not set -CONFIG_RTL8723DS=m CONFIG_RTL8822BU=m CONFIG_RTL8188EU=m # CONFIG_RTL8821CU is not set diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.165-166.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.165-166.patch deleted file mode 100644 index 2e6ac3e170..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.165-166.patch +++ /dev/null @@ -1,2162 +0,0 @@ -diff --git a/Documentation/ABI/testing/sysfs-bus-mei b/Documentation/ABI/testing/sysfs-bus-mei -index 6bd45346ac7e..3f8701e8fa24 100644 ---- a/Documentation/ABI/testing/sysfs-bus-mei -+++ b/Documentation/ABI/testing/sysfs-bus-mei -@@ -4,7 +4,7 @@ KernelVersion: 3.10 - Contact: Samuel Ortiz - linux-mei@linux.intel.com - Description: Stores the same MODALIAS value emitted by uevent -- Format: mei::: -+ Format: mei::: - - What: /sys/bus/mei/devices/.../name - Date: May 2015 -diff --git a/Makefile b/Makefile -index 166e18aa9ca9..7c62b4078c1b 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 165 -+SUBLEVEL = 166 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi b/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi -index 789f3e87321e..7a510505e0c2 100644 ---- a/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi -+++ b/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi -@@ -262,6 +262,8 @@ - l21 { - regulator-min-microvolt = <2950000>; - regulator-max-microvolt = <2950000>; -+ regulator-allow-set-load; -+ regulator-system-load = <200000>; - }; - l22 { - regulator-min-microvolt = <3300000>; -diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h -index e42c1f0ae6cf..47ba6a57dc45 100644 ---- a/arch/arm64/include/asm/kvm_mmu.h -+++ b/arch/arm64/include/asm/kvm_mmu.h -@@ -296,6 +296,11 @@ static inline bool __kvm_cpu_uses_extended_idmap(void) - return __cpu_uses_extended_idmap(); - } - -+/* -+ * Can't use pgd_populate here, because the extended idmap adds an extra level -+ * above CONFIG_PGTABLE_LEVELS (which is 2 or 3 if we're using the extended -+ * idmap), and pgd_populate is only available if CONFIG_PGTABLE_LEVELS = 4. -+ */ - static inline void __kvm_extend_hypmap(pgd_t *boot_hyp_pgd, - pgd_t *hyp_pgd, - pgd_t *merged_hyp_pgd, -diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h -index 9b676c3dd3ce..324db23b37de 100644 ---- a/arch/arm64/include/asm/pgtable.h -+++ b/arch/arm64/include/asm/pgtable.h -@@ -343,6 +343,7 @@ static inline int pmd_protnone(pmd_t pmd) - - #define pud_write(pud) pte_write(pud_pte(pud)) - #define pud_pfn(pud) (((pud_val(pud) & PUD_MASK) & PHYS_MASK) >> PAGE_SHIFT) -+#define pfn_pud(pfn,prot) (__pud(((phys_addr_t)(pfn) << PAGE_SHIFT) | pgprot_val(prot))) - - #define set_pmd_at(mm, addr, pmdp, pmd) set_pte_at(mm, addr, (pte_t *)pmdp, pmd_pte(pmd)) - -diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 60066315d669..09c6499bc500 100644 ---- a/arch/arm64/kernel/cpufeature.c -+++ b/arch/arm64/kernel/cpufeature.c -@@ -836,6 +836,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), -+ { /* sentinel */ } - }; - char const *str = "kpti command line option"; - bool meltdown_safe; -@@ -1277,9 +1278,9 @@ static void __update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, - - static void update_cpu_capabilities(u16 scope_mask) - { -- __update_cpu_capabilities(arm64_features, scope_mask, "detected:"); - __update_cpu_capabilities(arm64_errata, scope_mask, - "enabling workaround for"); -+ __update_cpu_capabilities(arm64_features, scope_mask, "detected:"); - } - - static int __enable_cpu_capability(void *arg) -@@ -1334,8 +1335,8 @@ __enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps, - - static void __init enable_cpu_capabilities(u16 scope_mask) - { -- __enable_cpu_capabilities(arm64_features, scope_mask); - __enable_cpu_capabilities(arm64_errata, scope_mask); -+ __enable_cpu_capabilities(arm64_features, scope_mask); - } - - /* -diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c -index bb444c693796..49f543ebd6cb 100644 ---- a/arch/arm64/kernel/hibernate.c -+++ b/arch/arm64/kernel/hibernate.c -@@ -246,8 +246,7 @@ static int create_safe_exec_page(void *src_start, size_t length, - } - - pte = pte_offset_kernel(pmd, dst_addr); -- set_pte(pte, __pte(virt_to_phys((void *)dst) | -- pgprot_val(PAGE_KERNEL_EXEC))); -+ set_pte(pte, pfn_pte(virt_to_pfn(dst), PAGE_KERNEL_EXEC)); - - /* - * Load our new page tables. A strict BBM approach requires that we -diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c -index abb9d2ecc675..e02a6326c800 100644 ---- a/arch/arm64/mm/mmu.c -+++ b/arch/arm64/mm/mmu.c -@@ -605,8 +605,8 @@ static void __init map_kernel(pgd_t *pgd) - * entry instead. - */ - BUG_ON(!IS_ENABLED(CONFIG_ARM64_16K_PAGES)); -- set_pud(pud_set_fixmap_offset(pgd, FIXADDR_START), -- __pud(__pa_symbol(bm_pmd) | PUD_TYPE_TABLE)); -+ pud_populate(&init_mm, pud_set_fixmap_offset(pgd, FIXADDR_START), -+ lm_alias(bm_pmd)); - pud_clear_fixmap(); - } else { - BUG(); -@@ -721,7 +721,7 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node) - if (!p) - return -ENOMEM; - -- set_pmd(pmd, __pmd(__pa(p) | PROT_SECT_NORMAL)); -+ pmd_set_huge(pmd, __pa(p), __pgprot(PROT_SECT_NORMAL)); - } else - vmemmap_verify((pte_t *)pmd, node, addr, next); - } while (addr = next, addr != end); -@@ -913,17 +913,35 @@ int __init arch_ioremap_pmd_supported(void) - return !IS_ENABLED(CONFIG_ARM64_PTDUMP_DEBUGFS); - } - --int pud_set_huge(pud_t *pud, phys_addr_t phys, pgprot_t prot) -+int pud_set_huge(pud_t *pudp, phys_addr_t phys, pgprot_t prot) - { -+ pgprot_t sect_prot = __pgprot(PUD_TYPE_SECT | -+ pgprot_val(mk_sect_prot(prot))); -+ pud_t new_pud = pfn_pud(__phys_to_pfn(phys), sect_prot); -+ -+ /* Only allow permission changes for now */ -+ if (!pgattr_change_is_safe(READ_ONCE(pud_val(*pudp)), -+ pud_val(new_pud))) -+ return 0; -+ - BUG_ON(phys & ~PUD_MASK); -- set_pud(pud, __pud(phys | PUD_TYPE_SECT | pgprot_val(mk_sect_prot(prot)))); -+ set_pud(pudp, new_pud); - return 1; - } - --int pmd_set_huge(pmd_t *pmd, phys_addr_t phys, pgprot_t prot) -+int pmd_set_huge(pmd_t *pmdp, phys_addr_t phys, pgprot_t prot) - { -+ pgprot_t sect_prot = __pgprot(PMD_TYPE_SECT | -+ pgprot_val(mk_sect_prot(prot))); -+ pmd_t new_pmd = pfn_pmd(__phys_to_pfn(phys), sect_prot); -+ -+ /* Only allow permission changes for now */ -+ if (!pgattr_change_is_safe(READ_ONCE(pmd_val(*pmdp)), -+ pmd_val(new_pmd))) -+ return 0; -+ - BUG_ON(phys & ~PMD_MASK); -- set_pmd(pmd, __pmd(phys | PMD_TYPE_SECT | pgprot_val(mk_sect_prot(prot)))); -+ set_pmd(pmdp, new_pmd); - return 1; - } - -diff --git a/arch/hexagon/include/asm/atomic.h b/arch/hexagon/include/asm/atomic.h -index fb3dfb2a667e..d4e283b4f335 100644 ---- a/arch/hexagon/include/asm/atomic.h -+++ b/arch/hexagon/include/asm/atomic.h -@@ -105,7 +105,7 @@ static inline void atomic_##op(int i, atomic_t *v) \ - "1: %0 = memw_locked(%1);\n" \ - " %0 = "#op "(%0,%2);\n" \ - " memw_locked(%1,P3)=%0;\n" \ -- " if !P3 jump 1b;\n" \ -+ " if (!P3) jump 1b;\n" \ - : "=&r" (output) \ - : "r" (&v->counter), "r" (i) \ - : "memory", "p3" \ -@@ -121,7 +121,7 @@ static inline int atomic_##op##_return(int i, atomic_t *v) \ - "1: %0 = memw_locked(%1);\n" \ - " %0 = "#op "(%0,%2);\n" \ - " memw_locked(%1,P3)=%0;\n" \ -- " if !P3 jump 1b;\n" \ -+ " if (!P3) jump 1b;\n" \ - : "=&r" (output) \ - : "r" (&v->counter), "r" (i) \ - : "memory", "p3" \ -@@ -138,7 +138,7 @@ static inline int atomic_fetch_##op(int i, atomic_t *v) \ - "1: %0 = memw_locked(%2);\n" \ - " %1 = "#op "(%0,%3);\n" \ - " memw_locked(%2,P3)=%1;\n" \ -- " if !P3 jump 1b;\n" \ -+ " if (!P3) jump 1b;\n" \ - : "=&r" (output), "=&r" (val) \ - : "r" (&v->counter), "r" (i) \ - : "memory", "p3" \ -@@ -187,7 +187,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) - " }" - " memw_locked(%2, p3) = %1;" - " {" -- " if !p3 jump 1b;" -+ " if (!p3) jump 1b;" - " }" - "2:" - : "=&r" (__oldval), "=&r" (tmp) -diff --git a/arch/hexagon/include/asm/bitops.h b/arch/hexagon/include/asm/bitops.h -index 2691a1857d20..634306cda006 100644 ---- a/arch/hexagon/include/asm/bitops.h -+++ b/arch/hexagon/include/asm/bitops.h -@@ -52,7 +52,7 @@ static inline int test_and_clear_bit(int nr, volatile void *addr) - "1: R12 = memw_locked(R10);\n" - " { P0 = tstbit(R12,R11); R12 = clrbit(R12,R11); }\n" - " memw_locked(R10,P1) = R12;\n" -- " {if !P1 jump 1b; %0 = mux(P0,#1,#0);}\n" -+ " {if (!P1) jump 1b; %0 = mux(P0,#1,#0);}\n" - : "=&r" (oldval) - : "r" (addr), "r" (nr) - : "r10", "r11", "r12", "p0", "p1", "memory" -@@ -76,7 +76,7 @@ static inline int test_and_set_bit(int nr, volatile void *addr) - "1: R12 = memw_locked(R10);\n" - " { P0 = tstbit(R12,R11); R12 = setbit(R12,R11); }\n" - " memw_locked(R10,P1) = R12;\n" -- " {if !P1 jump 1b; %0 = mux(P0,#1,#0);}\n" -+ " {if (!P1) jump 1b; %0 = mux(P0,#1,#0);}\n" - : "=&r" (oldval) - : "r" (addr), "r" (nr) - : "r10", "r11", "r12", "p0", "p1", "memory" -@@ -102,7 +102,7 @@ static inline int test_and_change_bit(int nr, volatile void *addr) - "1: R12 = memw_locked(R10);\n" - " { P0 = tstbit(R12,R11); R12 = togglebit(R12,R11); }\n" - " memw_locked(R10,P1) = R12;\n" -- " {if !P1 jump 1b; %0 = mux(P0,#1,#0);}\n" -+ " {if (!P1) jump 1b; %0 = mux(P0,#1,#0);}\n" - : "=&r" (oldval) - : "r" (addr), "r" (nr) - : "r10", "r11", "r12", "p0", "p1", "memory" -@@ -237,7 +237,7 @@ static inline int ffs(int x) - int r; - - asm("{ P0 = cmp.eq(%1,#0); %0 = ct0(%1);}\n" -- "{ if P0 %0 = #0; if !P0 %0 = add(%0,#1);}\n" -+ "{ if (P0) %0 = #0; if (!P0) %0 = add(%0,#1);}\n" - : "=&r" (r) - : "r" (x) - : "p0"); -diff --git a/arch/hexagon/include/asm/cmpxchg.h b/arch/hexagon/include/asm/cmpxchg.h -index a6e34e2acbba..db258424059f 100644 ---- a/arch/hexagon/include/asm/cmpxchg.h -+++ b/arch/hexagon/include/asm/cmpxchg.h -@@ -44,7 +44,7 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, - __asm__ __volatile__ ( - "1: %0 = memw_locked(%1);\n" /* load into retval */ - " memw_locked(%1,P0) = %2;\n" /* store into memory */ -- " if !P0 jump 1b;\n" -+ " if (!P0) jump 1b;\n" - : "=&r" (retval) - : "r" (ptr), "r" (x) - : "memory", "p0" -diff --git a/arch/hexagon/include/asm/futex.h b/arch/hexagon/include/asm/futex.h -index c889f5993ecd..e8e5e47afb37 100644 ---- a/arch/hexagon/include/asm/futex.h -+++ b/arch/hexagon/include/asm/futex.h -@@ -16,7 +16,7 @@ - /* For example: %1 = %4 */ \ - insn \ - "2: memw_locked(%3,p2) = %1;\n" \ -- " if !p2 jump 1b;\n" \ -+ " if (!p2) jump 1b;\n" \ - " %1 = #0;\n" \ - "3:\n" \ - ".section .fixup,\"ax\"\n" \ -@@ -84,10 +84,10 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, u32 oldval, - "1: %1 = memw_locked(%3)\n" - " {\n" - " p2 = cmp.eq(%1,%4)\n" -- " if !p2.new jump:NT 3f\n" -+ " if (!p2.new) jump:NT 3f\n" - " }\n" - "2: memw_locked(%3,p2) = %5\n" -- " if !p2 jump 1b\n" -+ " if (!p2) jump 1b\n" - "3:\n" - ".section .fixup,\"ax\"\n" - "4: %0 = #%6\n" -diff --git a/arch/hexagon/include/asm/spinlock.h b/arch/hexagon/include/asm/spinlock.h -index 53a8d5885887..007056263b8e 100644 ---- a/arch/hexagon/include/asm/spinlock.h -+++ b/arch/hexagon/include/asm/spinlock.h -@@ -44,9 +44,9 @@ static inline void arch_read_lock(arch_rwlock_t *lock) - __asm__ __volatile__( - "1: R6 = memw_locked(%0);\n" - " { P3 = cmp.ge(R6,#0); R6 = add(R6,#1);}\n" -- " { if !P3 jump 1b; }\n" -+ " { if (!P3) jump 1b; }\n" - " memw_locked(%0,P3) = R6;\n" -- " { if !P3 jump 1b; }\n" -+ " { if (!P3) jump 1b; }\n" - : - : "r" (&lock->lock) - : "memory", "r6", "p3" -@@ -60,7 +60,7 @@ static inline void arch_read_unlock(arch_rwlock_t *lock) - "1: R6 = memw_locked(%0);\n" - " R6 = add(R6,#-1);\n" - " memw_locked(%0,P3) = R6\n" -- " if !P3 jump 1b;\n" -+ " if (!P3) jump 1b;\n" - : - : "r" (&lock->lock) - : "memory", "r6", "p3" -@@ -75,7 +75,7 @@ static inline int arch_read_trylock(arch_rwlock_t *lock) - __asm__ __volatile__( - " R6 = memw_locked(%1);\n" - " { %0 = #0; P3 = cmp.ge(R6,#0); R6 = add(R6,#1);}\n" -- " { if !P3 jump 1f; }\n" -+ " { if (!P3) jump 1f; }\n" - " memw_locked(%1,P3) = R6;\n" - " { %0 = P3 }\n" - "1:\n" -@@ -102,9 +102,9 @@ static inline void arch_write_lock(arch_rwlock_t *lock) - __asm__ __volatile__( - "1: R6 = memw_locked(%0)\n" - " { P3 = cmp.eq(R6,#0); R6 = #-1;}\n" -- " { if !P3 jump 1b; }\n" -+ " { if (!P3) jump 1b; }\n" - " memw_locked(%0,P3) = R6;\n" -- " { if !P3 jump 1b; }\n" -+ " { if (!P3) jump 1b; }\n" - : - : "r" (&lock->lock) - : "memory", "r6", "p3" -@@ -118,7 +118,7 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) - __asm__ __volatile__( - " R6 = memw_locked(%1)\n" - " { %0 = #0; P3 = cmp.eq(R6,#0); R6 = #-1;}\n" -- " { if !P3 jump 1f; }\n" -+ " { if (!P3) jump 1f; }\n" - " memw_locked(%1,P3) = R6;\n" - " %0 = P3;\n" - "1:\n" -@@ -141,9 +141,9 @@ static inline void arch_spin_lock(arch_spinlock_t *lock) - __asm__ __volatile__( - "1: R6 = memw_locked(%0);\n" - " P3 = cmp.eq(R6,#0);\n" -- " { if !P3 jump 1b; R6 = #1; }\n" -+ " { if (!P3) jump 1b; R6 = #1; }\n" - " memw_locked(%0,P3) = R6;\n" -- " { if !P3 jump 1b; }\n" -+ " { if (!P3) jump 1b; }\n" - : - : "r" (&lock->lock) - : "memory", "r6", "p3" -@@ -163,7 +163,7 @@ static inline unsigned int arch_spin_trylock(arch_spinlock_t *lock) - __asm__ __volatile__( - " R6 = memw_locked(%1);\n" - " P3 = cmp.eq(R6,#0);\n" -- " { if !P3 jump 1f; R6 = #1; %0 = #0; }\n" -+ " { if (!P3) jump 1f; R6 = #1; %0 = #0; }\n" - " memw_locked(%1,P3) = R6;\n" - " %0 = P3;\n" - "1:\n" -diff --git a/arch/hexagon/kernel/stacktrace.c b/arch/hexagon/kernel/stacktrace.c -index 41866a06adf7..ec4ef682923d 100644 ---- a/arch/hexagon/kernel/stacktrace.c -+++ b/arch/hexagon/kernel/stacktrace.c -@@ -24,8 +24,6 @@ - #include - #include - --register unsigned long current_frame_pointer asm("r30"); -- - struct stackframe { - unsigned long fp; - unsigned long rets; -@@ -43,7 +41,7 @@ void save_stack_trace(struct stack_trace *trace) - - low = (unsigned long)task_stack_page(current); - high = low + THREAD_SIZE; -- fp = current_frame_pointer; -+ fp = (unsigned long)__builtin_frame_address(0); - - while (fp >= low && fp <= (high - sizeof(*frame))) { - frame = (struct stackframe *)fp; -diff --git a/arch/hexagon/kernel/vm_entry.S b/arch/hexagon/kernel/vm_entry.S -index 67c6ccc14770..9f4a73ff7203 100644 ---- a/arch/hexagon/kernel/vm_entry.S -+++ b/arch/hexagon/kernel/vm_entry.S -@@ -382,7 +382,7 @@ ret_from_fork: - R26.L = #LO(do_work_pending); - R0 = #VM_INT_DISABLE; - } -- if P0 jump check_work_pending -+ if (P0) jump check_work_pending - { - R0 = R25; - callr R24 -diff --git a/arch/mips/boot/compressed/Makefile b/arch/mips/boot/compressed/Makefile -index 331b9e0a8072..baa34e4deb78 100644 ---- a/arch/mips/boot/compressed/Makefile -+++ b/arch/mips/boot/compressed/Makefile -@@ -29,6 +29,9 @@ KBUILD_AFLAGS := $(KBUILD_AFLAGS) -D__ASSEMBLY__ \ - -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) \ - -DKERNEL_ENTRY=$(VMLINUX_ENTRY_ADDRESS) - -+# Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. -+KCOV_INSTRUMENT := n -+ - # decompressor objects (linked with vmlinuz) - vmlinuzobjs-y := $(obj)/head.o $(obj)/decompress.o $(obj)/string.o - -diff --git a/arch/mips/kernel/cacheinfo.c b/arch/mips/kernel/cacheinfo.c -index 428ef2189203..3ea95568ece4 100644 ---- a/arch/mips/kernel/cacheinfo.c -+++ b/arch/mips/kernel/cacheinfo.c -@@ -61,6 +61,25 @@ static int __init_cache_level(unsigned int cpu) - return 0; - } - -+static void fill_cpumask_siblings(int cpu, cpumask_t *cpu_map) -+{ -+ int cpu1; -+ -+ for_each_possible_cpu(cpu1) -+ if (cpus_are_siblings(cpu, cpu1)) -+ cpumask_set_cpu(cpu1, cpu_map); -+} -+ -+static void fill_cpumask_cluster(int cpu, cpumask_t *cpu_map) -+{ -+ int cpu1; -+ int cluster = cpu_cluster(&cpu_data[cpu]); -+ -+ for_each_possible_cpu(cpu1) -+ if (cpu_cluster(&cpu_data[cpu1]) == cluster) -+ cpumask_set_cpu(cpu1, cpu_map); -+} -+ - static int __populate_cache_leaves(unsigned int cpu) - { - struct cpuinfo_mips *c = ¤t_cpu_data; -@@ -68,14 +87,20 @@ static int __populate_cache_leaves(unsigned int cpu) - struct cacheinfo *this_leaf = this_cpu_ci->info_list; - - if (c->icache.waysize) { -+ /* L1 caches are per core */ -+ fill_cpumask_siblings(cpu, &this_leaf->shared_cpu_map); - populate_cache(dcache, this_leaf, 1, CACHE_TYPE_DATA); -+ fill_cpumask_siblings(cpu, &this_leaf->shared_cpu_map); - populate_cache(icache, this_leaf, 1, CACHE_TYPE_INST); - } else { - populate_cache(dcache, this_leaf, 1, CACHE_TYPE_UNIFIED); - } - -- if (c->scache.waysize) -+ if (c->scache.waysize) { -+ /* L2 cache is per cluster */ -+ fill_cpumask_cluster(cpu, &this_leaf->shared_cpu_map); - populate_cache(scache, this_leaf, 2, CACHE_TYPE_UNIFIED); -+ } - - if (c->tcache.waysize) - populate_cache(tcache, this_leaf, 3, CACHE_TYPE_UNIFIED); -diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c -index e2d031a3ec15..961c131a5b7e 100644 ---- a/arch/powerpc/platforms/powernv/pci.c -+++ b/arch/powerpc/platforms/powernv/pci.c -@@ -1118,6 +1118,23 @@ void __init pnv_pci_init(void) - if (!firmware_has_feature(FW_FEATURE_OPAL)) - return; - -+#ifdef CONFIG_PCIEPORTBUS -+ /* -+ * On PowerNV PCIe devices are (currently) managed in cooperation -+ * with firmware. This isn't *strictly* required, but there's enough -+ * assumptions baked into both firmware and the platform code that -+ * it's unwise to allow the portbus services to be used. -+ * -+ * We need to fix this eventually, but for now set this flag to disable -+ * the portbus driver. The AER service isn't required since that AER -+ * events are handled via EEH. The pciehp hotplug driver can't work -+ * without kernel changes (and portbus binding breaks pnv_php). The -+ * other services also require some thinking about how we're going -+ * to integrate them. -+ */ -+ pcie_ports_disabled = true; -+#endif -+ - /* Look for IODA IO-Hubs. */ - for_each_compatible_node(np, NULL, "ibm,ioda-hub") { - pnv_pci_init_ioda_hub(np); -diff --git a/drivers/clk/samsung/clk-exynos5420.c b/drivers/clk/samsung/clk-exynos5420.c -index 47a14f93f869..2f54df5bef8e 100644 ---- a/drivers/clk/samsung/clk-exynos5420.c -+++ b/drivers/clk/samsung/clk-exynos5420.c -@@ -170,6 +170,8 @@ static const unsigned long exynos5x_clk_regs[] __initconst = { - GATE_BUS_CPU, - GATE_SCLK_CPU, - CLKOUT_CMU_CPU, -+ APLL_CON0, -+ KPLL_CON0, - CPLL_CON0, - DPLL_CON0, - EPLL_CON0, -diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c -index f70cc74032ea..e3899ae429e0 100644 ---- a/drivers/dma/ioat/dma.c -+++ b/drivers/dma/ioat/dma.c -@@ -388,10 +388,11 @@ ioat_alloc_ring(struct dma_chan *c, int order, gfp_t flags) - - descs->virt = dma_alloc_coherent(to_dev(ioat_chan), - SZ_2M, &descs->hw, flags); -- if (!descs->virt && (i > 0)) { -+ if (!descs->virt) { - int idx; - - for (idx = 0; idx < i; idx++) { -+ descs = &ioat_chan->descs[idx]; - dma_free_coherent(to_dev(ioat_chan), SZ_2M, - descs->virt, descs->hw); - descs->virt = NULL; -diff --git a/drivers/dma/k3dma.c b/drivers/dma/k3dma.c -index 219ae3b545db..803045c92f3b 100644 ---- a/drivers/dma/k3dma.c -+++ b/drivers/dma/k3dma.c -@@ -222,9 +222,11 @@ static irqreturn_t k3_dma_int_handler(int irq, void *dev_id) - c = p->vchan; - if (c && (tc1 & BIT(i))) { - spin_lock_irqsave(&c->vc.lock, flags); -- vchan_cookie_complete(&p->ds_run->vd); -- p->ds_done = p->ds_run; -- p->ds_run = NULL; -+ if (p->ds_run != NULL) { -+ vchan_cookie_complete(&p->ds_run->vd); -+ p->ds_done = p->ds_run; -+ p->ds_run = NULL; -+ } - spin_unlock_irqrestore(&c->vc.lock, flags); - } - if (c && (tc2 & BIT(i))) { -@@ -264,6 +266,10 @@ static int k3_dma_start_txd(struct k3_dma_chan *c) - if (BIT(c->phy->idx) & k3_dma_get_chan_stat(d)) - return -EAGAIN; - -+ /* Avoid losing track of ds_run if a transaction is in flight */ -+ if (c->phy->ds_run) -+ return -EAGAIN; -+ - if (vd) { - struct k3_dma_desc_sw *ds = - container_of(vd, struct k3_dma_desc_sw, vd); -diff --git a/drivers/gpio/gpio-mpc8xxx.c b/drivers/gpio/gpio-mpc8xxx.c -index e7783b852d69..d5f735ce0dd4 100644 ---- a/drivers/gpio/gpio-mpc8xxx.c -+++ b/drivers/gpio/gpio-mpc8xxx.c -@@ -306,6 +306,7 @@ static int mpc8xxx_probe(struct platform_device *pdev) - return -ENOMEM; - - gc = &mpc8xxx_gc->gc; -+ gc->parent = &pdev->dev; - - if (of_property_read_bool(np, "little-endian")) { - ret = bgpio_init(gc, &pdev->dev, 4, -diff --git a/drivers/gpio/gpio-zynq.c b/drivers/gpio/gpio-zynq.c -index b3cc948a2d8b..f1d7066b6637 100644 ---- a/drivers/gpio/gpio-zynq.c -+++ b/drivers/gpio/gpio-zynq.c -@@ -639,6 +639,8 @@ static void zynq_gpio_restore_context(struct zynq_gpio *gpio) - unsigned int bank_num; - - for (bank_num = 0; bank_num < gpio->p_data->max_bank; bank_num++) { -+ writel_relaxed(ZYNQ_GPIO_IXR_DISABLE_ALL, gpio->base_addr + -+ ZYNQ_GPIO_INTDIS_OFFSET(bank_num)); - writel_relaxed(gpio->context.datalsw[bank_num], - gpio->base_addr + - ZYNQ_GPIO_DATA_LSW_OFFSET(bank_num)); -@@ -648,9 +650,6 @@ static void zynq_gpio_restore_context(struct zynq_gpio *gpio) - writel_relaxed(gpio->context.dirm[bank_num], - gpio->base_addr + - ZYNQ_GPIO_DIRM_OFFSET(bank_num)); -- writel_relaxed(gpio->context.int_en[bank_num], -- gpio->base_addr + -- ZYNQ_GPIO_INTEN_OFFSET(bank_num)); - writel_relaxed(gpio->context.int_type[bank_num], - gpio->base_addr + - ZYNQ_GPIO_INTTYPE_OFFSET(bank_num)); -@@ -660,6 +659,9 @@ static void zynq_gpio_restore_context(struct zynq_gpio *gpio) - writel_relaxed(gpio->context.int_any[bank_num], - gpio->base_addr + - ZYNQ_GPIO_INTANY_OFFSET(bank_num)); -+ writel_relaxed(~(gpio->context.int_en[bank_num]), -+ gpio->base_addr + -+ ZYNQ_GPIO_INTEN_OFFSET(bank_num)); - } - } - -diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c -index 2b75aab8b3a0..f0777a7a4305 100644 ---- a/drivers/gpio/gpiolib.c -+++ b/drivers/gpio/gpiolib.c -@@ -3167,8 +3167,9 @@ static struct gpio_desc *gpiod_find(struct device *dev, const char *con_id, - - if (chip->ngpio <= p->chip_hwnum) { - dev_err(dev, -- "requested GPIO %d is out of range [0..%d] for chip %s\n", -- idx, chip->ngpio, chip->label); -+ "requested GPIO %u (%u) is out of range [0..%u] for chip %s\n", -+ idx, p->chip_hwnum, chip->ngpio - 1, -+ chip->label); - return ERR_PTR(-EINVAL); - } - -diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c -index 3925a63c1661..cdb67889817c 100644 ---- a/drivers/gpu/drm/i915/i915_gem_context.c -+++ b/drivers/gpu/drm/i915/i915_gem_context.c -@@ -993,18 +993,19 @@ int i915_gem_context_destroy_ioctl(struct drm_device *dev, void *data, - if (args->ctx_id == DEFAULT_CONTEXT_HANDLE) - return -ENOENT; - -+ ret = i915_mutex_lock_interruptible(dev); -+ if (ret) -+ return ret; -+ - ctx = i915_gem_context_lookup(file_priv, args->ctx_id); -- if (!ctx) -+ if (!ctx) { -+ mutex_unlock(&dev->struct_mutex); - return -ENOENT; -- -- ret = mutex_lock_interruptible(&dev->struct_mutex); -- if (ret) -- goto out; -+ } - - __destroy_hw_context(ctx, file_priv); - mutex_unlock(&dev->struct_mutex); - --out: - i915_gem_context_put(ctx); - return 0; - } -diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c -index 5652bd0ffb4d..5243c4120819 100644 ---- a/drivers/hid/hidraw.c -+++ b/drivers/hid/hidraw.c -@@ -257,13 +257,14 @@ out: - static unsigned int hidraw_poll(struct file *file, poll_table *wait) - { - struct hidraw_list *list = file->private_data; -+ unsigned int mask = POLLOUT | POLLWRNORM; /* hidraw is always writable */ - - poll_wait(file, &list->hidraw->wait, wait); - if (list->head != list->tail) -- return POLLIN | POLLRDNORM; -+ mask |= POLLIN | POLLRDNORM; - if (!list->hidraw->exist) -- return POLLERR | POLLHUP; -- return 0; -+ mask |= POLLERR | POLLHUP; -+ return mask; - } - - static int hidraw_open(struct inode *inode, struct file *file) -diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c -index e63b761f600a..c749f449c7cb 100644 ---- a/drivers/hid/uhid.c -+++ b/drivers/hid/uhid.c -@@ -769,13 +769,14 @@ unlock: - static unsigned int uhid_char_poll(struct file *file, poll_table *wait) - { - struct uhid_device *uhid = file->private_data; -+ unsigned int mask = POLLOUT | POLLWRNORM; /* uhid is always writable */ - - poll_wait(file, &uhid->waitq, wait); - - if (uhid->head != uhid->tail) -- return POLLIN | POLLRDNORM; -+ mask |= POLLIN | POLLRDNORM; - -- return EPOLLOUT | EPOLLWRNORM; -+ return mask; - } - - static const struct file_operations uhid_fops = { -diff --git a/drivers/iio/imu/adis16480.c b/drivers/iio/imu/adis16480.c -index c950aa10d0ae..5abe095901c8 100644 ---- a/drivers/iio/imu/adis16480.c -+++ b/drivers/iio/imu/adis16480.c -@@ -372,12 +372,14 @@ static int adis16480_get_calibbias(struct iio_dev *indio_dev, - case IIO_MAGN: - case IIO_PRESSURE: - ret = adis_read_reg_16(&st->adis, reg, &val16); -- *bias = sign_extend32(val16, 15); -+ if (ret == 0) -+ *bias = sign_extend32(val16, 15); - break; - case IIO_ANGL_VEL: - case IIO_ACCEL: - ret = adis_read_reg_32(&st->adis, reg, &val32); -- *bias = sign_extend32(val32, 31); -+ if (ret == 0) -+ *bias = sign_extend32(val32, 31); - break; - default: - ret = -EINVAL; -diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c -index e8afc47f8949..908803fe8276 100644 ---- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c -+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c -@@ -2024,13 +2024,13 @@ static int bnxt_qplib_cq_process_req(struct bnxt_qplib_cq *cq, - bnxt_qplib_mark_qp_error(qp); - bnxt_qplib_unlock_buddy_cq(qp, cq); - } else { -+ /* Before we complete, do WA 9060 */ -+ if (do_wa9060(qp, cq, cq_cons, sw_sq_cons, -+ cqe_sq_cons)) { -+ *lib_qp = qp; -+ goto out; -+ } - if (swq->flags & SQ_SEND_FLAGS_SIGNAL_COMP) { -- /* Before we complete, do WA 9060 */ -- if (do_wa9060(qp, cq, cq_cons, sw_sq_cons, -- cqe_sq_cons)) { -- *lib_qp = qp; -- goto out; -- } - cqe->status = CQ_REQ_STATUS_OK; - cqe++; - (*budget)--; -diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c -index cfddca850cb4..fb45bfa4f845 100644 ---- a/drivers/infiniband/hw/mlx5/mr.c -+++ b/drivers/infiniband/hw/mlx5/mr.c -@@ -460,7 +460,7 @@ struct mlx5_ib_mr *mlx5_mr_cache_alloc(struct mlx5_ib_dev *dev, int entry) - - if (entry < 0 || entry >= MAX_MR_CACHE_ENTRIES) { - mlx5_ib_err(dev, "cache entry %d is out of range\n", entry); -- return NULL; -+ return ERR_PTR(-EINVAL); - } - - ent = &cache->ent[entry]; -diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c -index 94161ca526fc..1446e1cc69ae 100644 ---- a/drivers/infiniband/ulp/srpt/ib_srpt.c -+++ b/drivers/infiniband/ulp/srpt/ib_srpt.c -@@ -1246,9 +1246,11 @@ static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch, - struct srpt_send_ioctx *ioctx, u64 tag, - int status) - { -+ struct se_cmd *cmd = &ioctx->cmd; - struct srp_rsp *srp_rsp; - const u8 *sense_data; - int sense_data_len, max_sense_len; -+ u32 resid = cmd->residual_count; - - /* - * The lowest bit of all SAM-3 status codes is zero (see also -@@ -1270,6 +1272,28 @@ static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch, - srp_rsp->tag = tag; - srp_rsp->status = status; - -+ if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) { -+ if (cmd->data_direction == DMA_TO_DEVICE) { -+ /* residual data from an underflow write */ -+ srp_rsp->flags = SRP_RSP_FLAG_DOUNDER; -+ srp_rsp->data_out_res_cnt = cpu_to_be32(resid); -+ } else if (cmd->data_direction == DMA_FROM_DEVICE) { -+ /* residual data from an underflow read */ -+ srp_rsp->flags = SRP_RSP_FLAG_DIUNDER; -+ srp_rsp->data_in_res_cnt = cpu_to_be32(resid); -+ } -+ } else if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { -+ if (cmd->data_direction == DMA_TO_DEVICE) { -+ /* residual data from an overflow write */ -+ srp_rsp->flags = SRP_RSP_FLAG_DOOVER; -+ srp_rsp->data_out_res_cnt = cpu_to_be32(resid); -+ } else if (cmd->data_direction == DMA_FROM_DEVICE) { -+ /* residual data from an overflow read */ -+ srp_rsp->flags = SRP_RSP_FLAG_DIOVER; -+ srp_rsp->data_in_res_cnt = cpu_to_be32(resid); -+ } -+ } -+ - if (sense_data_len) { - BUILD_BUG_ON(MIN_MAX_RSP_SIZE <= sizeof(*srp_rsp)); - max_sense_len = ch->max_ti_iu_len - sizeof(*srp_rsp); -diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index 1620a6f49989..4b761678a18b 100644 ---- a/drivers/iommu/iommu.c -+++ b/drivers/iommu/iommu.c -@@ -613,6 +613,7 @@ err_put_group: - mutex_unlock(&group->mutex); - dev->iommu_group = NULL; - kobject_put(group->devices_kobj); -+ sysfs_remove_link(group->devices_kobj, device->name); - err_free_name: - kfree(device->name); - err_remove_link: -diff --git a/drivers/media/i2c/ov6650.c b/drivers/media/i2c/ov6650.c -index 348296be4925..4f67a515bdd8 100644 ---- a/drivers/media/i2c/ov6650.c -+++ b/drivers/media/i2c/ov6650.c -@@ -203,7 +203,6 @@ struct ov6650 { - unsigned long pclk_max; /* from resolution and format */ - struct v4l2_fract tpf; /* as requested with s_parm */ - u32 code; -- enum v4l2_colorspace colorspace; - }; - - -@@ -216,6 +215,17 @@ static u32 ov6650_codes[] = { - MEDIA_BUS_FMT_Y8_1X8, - }; - -+static const struct v4l2_mbus_framefmt ov6650_def_fmt = { -+ .width = W_CIF, -+ .height = H_CIF, -+ .code = MEDIA_BUS_FMT_SBGGR8_1X8, -+ .colorspace = V4L2_COLORSPACE_SRGB, -+ .field = V4L2_FIELD_NONE, -+ .ycbcr_enc = V4L2_YCBCR_ENC_DEFAULT, -+ .quantization = V4L2_QUANTIZATION_DEFAULT, -+ .xfer_func = V4L2_XFER_FUNC_DEFAULT, -+}; -+ - /* read a register */ - static int ov6650_reg_read(struct i2c_client *client, u8 reg, u8 *val) - { -@@ -517,12 +527,20 @@ static int ov6650_get_fmt(struct v4l2_subdev *sd, - if (format->pad) - return -EINVAL; - -- mf->width = priv->rect.width >> priv->half_scale; -- mf->height = priv->rect.height >> priv->half_scale; -- mf->code = priv->code; -- mf->colorspace = priv->colorspace; -- mf->field = V4L2_FIELD_NONE; -+ /* initialize response with default media bus frame format */ -+ *mf = ov6650_def_fmt; - -+ /* update media bus format code and frame size */ -+ if (format->which == V4L2_SUBDEV_FORMAT_TRY) { -+ mf->width = cfg->try_fmt.width; -+ mf->height = cfg->try_fmt.height; -+ mf->code = cfg->try_fmt.code; -+ -+ } else { -+ mf->width = priv->rect.width >> priv->half_scale; -+ mf->height = priv->rect.height >> priv->half_scale; -+ mf->code = priv->code; -+ } - return 0; - } - -@@ -627,11 +645,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) - priv->pclk_max = 8000000; - } - -- if (code == MEDIA_BUS_FMT_SBGGR8_1X8) -- priv->colorspace = V4L2_COLORSPACE_SRGB; -- else if (code != 0) -- priv->colorspace = V4L2_COLORSPACE_JPEG; -- - if (half_scale) { - dev_dbg(&client->dev, "max resolution: QCIF\n"); - coma_set |= COMA_QCIF; -@@ -665,11 +678,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) - if (!ret) - priv->code = code; - -- if (!ret) { -- mf->colorspace = priv->colorspace; -- mf->width = priv->rect.width >> half_scale; -- mf->height = priv->rect.height >> half_scale; -- } - return ret; - } - -@@ -688,8 +696,6 @@ static int ov6650_set_fmt(struct v4l2_subdev *sd, - v4l_bound_align_image(&mf->width, 2, W_CIF, 1, - &mf->height, 2, H_CIF, 1, 0); - -- mf->field = V4L2_FIELD_NONE; -- - switch (mf->code) { - case MEDIA_BUS_FMT_Y10_1X10: - mf->code = MEDIA_BUS_FMT_Y8_1X8; -@@ -699,20 +705,39 @@ static int ov6650_set_fmt(struct v4l2_subdev *sd, - case MEDIA_BUS_FMT_YUYV8_2X8: - case MEDIA_BUS_FMT_VYUY8_2X8: - case MEDIA_BUS_FMT_UYVY8_2X8: -- mf->colorspace = V4L2_COLORSPACE_JPEG; - break; - default: - mf->code = MEDIA_BUS_FMT_SBGGR8_1X8; - /* fall through */ - case MEDIA_BUS_FMT_SBGGR8_1X8: -- mf->colorspace = V4L2_COLORSPACE_SRGB; - break; - } - -- if (format->which == V4L2_SUBDEV_FORMAT_ACTIVE) -- return ov6650_s_fmt(sd, mf); -- cfg->try_fmt = *mf; -+ if (format->which == V4L2_SUBDEV_FORMAT_TRY) { -+ /* store media bus format code and frame size in pad config */ -+ cfg->try_fmt.width = mf->width; -+ cfg->try_fmt.height = mf->height; -+ cfg->try_fmt.code = mf->code; - -+ /* return default mbus frame format updated with pad config */ -+ *mf = ov6650_def_fmt; -+ mf->width = cfg->try_fmt.width; -+ mf->height = cfg->try_fmt.height; -+ mf->code = cfg->try_fmt.code; -+ -+ } else { -+ /* apply new media bus format code and frame size */ -+ int ret = ov6650_s_fmt(sd, mf); -+ -+ if (ret) -+ return ret; -+ -+ /* return default format updated with active size and code */ -+ *mf = ov6650_def_fmt; -+ mf->width = priv->rect.width >> priv->half_scale; -+ mf->height = priv->rect.height >> priv->half_scale; -+ mf->code = priv->code; -+ } - return 0; - } - -@@ -1020,7 +1045,6 @@ static int ov6650_probe(struct i2c_client *client, - priv->rect.height = H_CIF; - priv->half_scale = false; - priv->code = MEDIA_BUS_FMT_YUYV8_2X8; -- priv->colorspace = V4L2_COLORSPACE_JPEG; - - ret = ov6650_video_probe(client); - if (ret) -diff --git a/drivers/media/platform/exynos4-is/fimc-isp-video.c b/drivers/media/platform/exynos4-is/fimc-isp-video.c -index a920164f53f1..39340abefd14 100644 ---- a/drivers/media/platform/exynos4-is/fimc-isp-video.c -+++ b/drivers/media/platform/exynos4-is/fimc-isp-video.c -@@ -316,7 +316,7 @@ static int isp_video_release(struct file *file) - ivc->streaming = 0; - } - -- vb2_fop_release(file); -+ _vb2_fop_release(file, NULL); - - if (v4l2_fh_is_singular_file(file)) { - fimc_pipeline_call(&ivc->ve, close); -diff --git a/drivers/media/usb/zr364xx/zr364xx.c b/drivers/media/usb/zr364xx/zr364xx.c -index 4ff8d0aed015..d30f129a9db7 100644 ---- a/drivers/media/usb/zr364xx/zr364xx.c -+++ b/drivers/media/usb/zr364xx/zr364xx.c -@@ -706,7 +706,8 @@ static int zr364xx_vidioc_querycap(struct file *file, void *priv, - struct zr364xx_camera *cam = video_drvdata(file); - - strlcpy(cap->driver, DRIVER_DESC, sizeof(cap->driver)); -- strlcpy(cap->card, cam->udev->product, sizeof(cap->card)); -+ if (cam->udev->product) -+ strlcpy(cap->card, cam->udev->product, sizeof(cap->card)); - strlcpy(cap->bus_info, dev_name(&cam->udev->dev), - sizeof(cap->bus_info)); - cap->device_caps = V4L2_CAP_VIDEO_CAPTURE | -diff --git a/drivers/misc/enclosure.c b/drivers/misc/enclosure.c -index eb29113e0bac..b11737f7bdca 100644 ---- a/drivers/misc/enclosure.c -+++ b/drivers/misc/enclosure.c -@@ -419,10 +419,9 @@ int enclosure_remove_device(struct enclosure_device *edev, struct device *dev) - cdev = &edev->component[i]; - if (cdev->dev == dev) { - enclosure_remove_links(cdev); -- device_del(&cdev->cdev); - put_device(dev); - cdev->dev = NULL; -- return device_add(&cdev->cdev); -+ return 0; - } - } - return -ENODEV; -diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c -index d550148177a0..0fe3e39f870f 100644 ---- a/drivers/mtd/spi-nor/spi-nor.c -+++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -1216,7 +1216,7 @@ static int spi_nor_read(struct mtd_info *mtd, loff_t from, size_t len, - size_t *retlen, u_char *buf) - { - struct spi_nor *nor = mtd_to_spi_nor(mtd); -- int ret; -+ ssize_t ret; - - dev_dbg(nor->dev, "from 0x%08x, len %zd\n", (u32)from, len); - -@@ -1445,7 +1445,7 @@ static int macronix_quad_enable(struct spi_nor *nor) - */ - static int write_sr_cr(struct spi_nor *nor, u8 *sr_cr) - { -- int ret; -+ ssize_t ret; - - write_enable(nor); - -diff --git a/drivers/net/wimax/i2400m/op-rfkill.c b/drivers/net/wimax/i2400m/op-rfkill.c -index b0dba35a8ad2..dc6fe93ce71f 100644 ---- a/drivers/net/wimax/i2400m/op-rfkill.c -+++ b/drivers/net/wimax/i2400m/op-rfkill.c -@@ -147,6 +147,7 @@ error_msg_to_dev: - error_alloc: - d_fnend(4, dev, "(wimax_dev %p state %d) = %d\n", - wimax_dev, state, result); -+ kfree(cmd); - return result; - } - -diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c -index 4650b9e5da2b..ba9e7bfeca2c 100644 ---- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c -+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c -@@ -532,6 +532,7 @@ static struct scatterlist *alloc_sgtable(int size) - if (new_page) - __free_page(new_page); - } -+ kfree(table); - return NULL; - } - alloc_size = min_t(int, size, PAGE_SIZE); -diff --git a/drivers/net/wireless/realtek/rtlwifi/regd.c b/drivers/net/wireless/realtek/rtlwifi/regd.c -index 1bf3eb25c1da..72ca370331fb 100644 ---- a/drivers/net/wireless/realtek/rtlwifi/regd.c -+++ b/drivers/net/wireless/realtek/rtlwifi/regd.c -@@ -427,7 +427,7 @@ int rtl_regd_init(struct ieee80211_hw *hw, - struct wiphy *wiphy = hw->wiphy; - struct country_code_to_enum_rd *country = NULL; - -- if (wiphy == NULL || &rtlpriv->regd == NULL) -+ if (!wiphy) - return -EINVAL; - - /* init country_code from efuse channel plan */ -diff --git a/drivers/net/wireless/rsi/rsi_91x_mac80211.c b/drivers/net/wireless/rsi/rsi_91x_mac80211.c -index fa12c05d9e23..233b2239311d 100644 ---- a/drivers/net/wireless/rsi/rsi_91x_mac80211.c -+++ b/drivers/net/wireless/rsi/rsi_91x_mac80211.c -@@ -218,6 +218,7 @@ void rsi_mac80211_detach(struct rsi_hw *adapter) - ieee80211_stop_queues(hw); - ieee80211_unregister_hw(hw); - ieee80211_free_hw(hw); -+ adapter->hw = NULL; - } - - for (band = 0; band < NUM_NL80211_BANDS; band++) { -diff --git a/drivers/pci/pcie/ptm.c b/drivers/pci/pcie/ptm.c -index bab8ac63c4f3..3008bba360f3 100644 ---- a/drivers/pci/pcie/ptm.c -+++ b/drivers/pci/pcie/ptm.c -@@ -29,7 +29,7 @@ static void pci_ptm_info(struct pci_dev *dev) - snprintf(clock_desc, sizeof(clock_desc), ">254ns"); - break; - default: -- snprintf(clock_desc, sizeof(clock_desc), "%udns", -+ snprintf(clock_desc, sizeof(clock_desc), "%uns", - dev->ptm_granularity); - break; - } -diff --git a/drivers/pinctrl/intel/pinctrl-lewisburg.c b/drivers/pinctrl/intel/pinctrl-lewisburg.c -index 14d56ea6cfdc..c2164db14e9c 100644 ---- a/drivers/pinctrl/intel/pinctrl-lewisburg.c -+++ b/drivers/pinctrl/intel/pinctrl-lewisburg.c -@@ -34,6 +34,7 @@ - .npins = ((e) - (s) + 1), \ - } - -+/* Lewisburg */ - static const struct pinctrl_pin_desc lbg_pins[] = { - /* GPP_A */ - PINCTRL_PIN(0, "RCINB"), -@@ -73,7 +74,7 @@ static const struct pinctrl_pin_desc lbg_pins[] = { - PINCTRL_PIN(33, "SRCCLKREQB_4"), - PINCTRL_PIN(34, "SRCCLKREQB_5"), - PINCTRL_PIN(35, "GPP_B_11"), -- PINCTRL_PIN(36, "GLB_RST_WARN_N"), -+ PINCTRL_PIN(36, "SLP_S0B"), - PINCTRL_PIN(37, "PLTRSTB"), - PINCTRL_PIN(38, "SPKR"), - PINCTRL_PIN(39, "GPP_B_15"), -@@ -186,96 +187,96 @@ static const struct pinctrl_pin_desc lbg_pins[] = { - PINCTRL_PIN(141, "GBE_PCI_DIS"), - PINCTRL_PIN(142, "GBE_LAN_DIS"), - PINCTRL_PIN(143, "GPP_I_10"), -- PINCTRL_PIN(144, "GPIO_RCOMP_3P3"), - /* GPP_J */ -- PINCTRL_PIN(145, "GBE_LED_0_0"), -- PINCTRL_PIN(146, "GBE_LED_0_1"), -- PINCTRL_PIN(147, "GBE_LED_1_0"), -- PINCTRL_PIN(148, "GBE_LED_1_1"), -- PINCTRL_PIN(149, "GBE_LED_2_0"), -- PINCTRL_PIN(150, "GBE_LED_2_1"), -- PINCTRL_PIN(151, "GBE_LED_3_0"), -- PINCTRL_PIN(152, "GBE_LED_3_1"), -- PINCTRL_PIN(153, "GBE_SCL_0"), -- PINCTRL_PIN(154, "GBE_SDA_0"), -- PINCTRL_PIN(155, "GBE_SCL_1"), -- PINCTRL_PIN(156, "GBE_SDA_1"), -- PINCTRL_PIN(157, "GBE_SCL_2"), -- PINCTRL_PIN(158, "GBE_SDA_2"), -- PINCTRL_PIN(159, "GBE_SCL_3"), -- PINCTRL_PIN(160, "GBE_SDA_3"), -- PINCTRL_PIN(161, "GBE_SDP_0_0"), -- PINCTRL_PIN(162, "GBE_SDP_0_1"), -- PINCTRL_PIN(163, "GBE_SDP_1_0"), -- PINCTRL_PIN(164, "GBE_SDP_1_1"), -- PINCTRL_PIN(165, "GBE_SDP_2_0"), -- PINCTRL_PIN(166, "GBE_SDP_2_1"), -- PINCTRL_PIN(167, "GBE_SDP_3_0"), -- PINCTRL_PIN(168, "GBE_SDP_3_1"), -+ PINCTRL_PIN(144, "GBE_LED_0_0"), -+ PINCTRL_PIN(145, "GBE_LED_0_1"), -+ PINCTRL_PIN(146, "GBE_LED_1_0"), -+ PINCTRL_PIN(147, "GBE_LED_1_1"), -+ PINCTRL_PIN(148, "GBE_LED_2_0"), -+ PINCTRL_PIN(149, "GBE_LED_2_1"), -+ PINCTRL_PIN(150, "GBE_LED_3_0"), -+ PINCTRL_PIN(151, "GBE_LED_3_1"), -+ PINCTRL_PIN(152, "GBE_SCL_0"), -+ PINCTRL_PIN(153, "GBE_SDA_0"), -+ PINCTRL_PIN(154, "GBE_SCL_1"), -+ PINCTRL_PIN(155, "GBE_SDA_1"), -+ PINCTRL_PIN(156, "GBE_SCL_2"), -+ PINCTRL_PIN(157, "GBE_SDA_2"), -+ PINCTRL_PIN(158, "GBE_SCL_3"), -+ PINCTRL_PIN(159, "GBE_SDA_3"), -+ PINCTRL_PIN(160, "GBE_SDP_0_0"), -+ PINCTRL_PIN(161, "GBE_SDP_0_1"), -+ PINCTRL_PIN(162, "GBE_SDP_1_0"), -+ PINCTRL_PIN(163, "GBE_SDP_1_1"), -+ PINCTRL_PIN(164, "GBE_SDP_2_0"), -+ PINCTRL_PIN(165, "GBE_SDP_2_1"), -+ PINCTRL_PIN(166, "GBE_SDP_3_0"), -+ PINCTRL_PIN(167, "GBE_SDP_3_1"), - /* GPP_K */ -- PINCTRL_PIN(169, "GBE_RMIICLK"), -- PINCTRL_PIN(170, "GBE_RMII_TXD_0"), -- PINCTRL_PIN(171, "GBE_RMII_TXD_1"), -+ PINCTRL_PIN(168, "GBE_RMIICLK"), -+ PINCTRL_PIN(169, "GBE_RMII_RXD_0"), -+ PINCTRL_PIN(170, "GBE_RMII_RXD_1"), -+ PINCTRL_PIN(171, "GBE_RMII_CRS_DV"), - PINCTRL_PIN(172, "GBE_RMII_TX_EN"), -- PINCTRL_PIN(173, "GBE_RMII_CRS_DV"), -- PINCTRL_PIN(174, "GBE_RMII_RXD_0"), -- PINCTRL_PIN(175, "GBE_RMII_RXD_1"), -- PINCTRL_PIN(176, "GBE_RMII_RX_ER"), -- PINCTRL_PIN(177, "GBE_RMII_ARBIN"), -- PINCTRL_PIN(178, "GBE_RMII_ARB_OUT"), -- PINCTRL_PIN(179, "PE_RST_N"), -- PINCTRL_PIN(180, "GPIO_RCOMP_1P8_3P3"), -+ PINCTRL_PIN(173, "GBE_RMII_TXD_0"), -+ PINCTRL_PIN(174, "GBE_RMII_TXD_1"), -+ PINCTRL_PIN(175, "GBE_RMII_RX_ER"), -+ PINCTRL_PIN(176, "GBE_RMII_ARBIN"), -+ PINCTRL_PIN(177, "GBE_RMII_ARB_OUT"), -+ PINCTRL_PIN(178, "PE_RST_N"), - /* GPP_G */ -- PINCTRL_PIN(181, "FAN_TACH_0"), -- PINCTRL_PIN(182, "FAN_TACH_1"), -- PINCTRL_PIN(183, "FAN_TACH_2"), -- PINCTRL_PIN(184, "FAN_TACH_3"), -- PINCTRL_PIN(185, "FAN_TACH_4"), -- PINCTRL_PIN(186, "FAN_TACH_5"), -- PINCTRL_PIN(187, "FAN_TACH_6"), -- PINCTRL_PIN(188, "FAN_TACH_7"), -- PINCTRL_PIN(189, "FAN_PWM_0"), -- PINCTRL_PIN(190, "FAN_PWM_1"), -- PINCTRL_PIN(191, "FAN_PWM_2"), -- PINCTRL_PIN(192, "FAN_PWM_3"), -- PINCTRL_PIN(193, "GSXDOUT"), -- PINCTRL_PIN(194, "GSXSLOAD"), -- PINCTRL_PIN(195, "GSXDIN"), -- PINCTRL_PIN(196, "GSXSRESETB"), -- PINCTRL_PIN(197, "GSXCLK"), -- PINCTRL_PIN(198, "ADR_COMPLETE"), -- PINCTRL_PIN(199, "NMIB"), -- PINCTRL_PIN(200, "SMIB"), -- PINCTRL_PIN(201, "SSATA_DEVSLP_0"), -- PINCTRL_PIN(202, "SSATA_DEVSLP_1"), -- PINCTRL_PIN(203, "SSATA_DEVSLP_2"), -- PINCTRL_PIN(204, "SSATAXPCIE0_SSATAGP0"), -+ PINCTRL_PIN(179, "FAN_TACH_0"), -+ PINCTRL_PIN(180, "FAN_TACH_1"), -+ PINCTRL_PIN(181, "FAN_TACH_2"), -+ PINCTRL_PIN(182, "FAN_TACH_3"), -+ PINCTRL_PIN(183, "FAN_TACH_4"), -+ PINCTRL_PIN(184, "FAN_TACH_5"), -+ PINCTRL_PIN(185, "FAN_TACH_6"), -+ PINCTRL_PIN(186, "FAN_TACH_7"), -+ PINCTRL_PIN(187, "FAN_PWM_0"), -+ PINCTRL_PIN(188, "FAN_PWM_1"), -+ PINCTRL_PIN(189, "FAN_PWM_2"), -+ PINCTRL_PIN(190, "FAN_PWM_3"), -+ PINCTRL_PIN(191, "GSXDOUT"), -+ PINCTRL_PIN(192, "GSXSLOAD"), -+ PINCTRL_PIN(193, "GSXDIN"), -+ PINCTRL_PIN(194, "GSXSRESETB"), -+ PINCTRL_PIN(195, "GSXCLK"), -+ PINCTRL_PIN(196, "ADR_COMPLETE"), -+ PINCTRL_PIN(197, "NMIB"), -+ PINCTRL_PIN(198, "SMIB"), -+ PINCTRL_PIN(199, "SSATA_DEVSLP_0"), -+ PINCTRL_PIN(200, "SSATA_DEVSLP_1"), -+ PINCTRL_PIN(201, "SSATA_DEVSLP_2"), -+ PINCTRL_PIN(202, "SSATAXPCIE0_SSATAGP0"), - /* GPP_H */ -- PINCTRL_PIN(205, "SRCCLKREQB_6"), -- PINCTRL_PIN(206, "SRCCLKREQB_7"), -- PINCTRL_PIN(207, "SRCCLKREQB_8"), -- PINCTRL_PIN(208, "SRCCLKREQB_9"), -- PINCTRL_PIN(209, "SRCCLKREQB_10"), -- PINCTRL_PIN(210, "SRCCLKREQB_11"), -- PINCTRL_PIN(211, "SRCCLKREQB_12"), -- PINCTRL_PIN(212, "SRCCLKREQB_13"), -- PINCTRL_PIN(213, "SRCCLKREQB_14"), -- PINCTRL_PIN(214, "SRCCLKREQB_15"), -- PINCTRL_PIN(215, "SML2CLK"), -- PINCTRL_PIN(216, "SML2DATA"), -- PINCTRL_PIN(217, "SML2ALERTB"), -- PINCTRL_PIN(218, "SML3CLK"), -- PINCTRL_PIN(219, "SML3DATA"), -- PINCTRL_PIN(220, "SML3ALERTB"), -- PINCTRL_PIN(221, "SML4CLK"), -- PINCTRL_PIN(222, "SML4DATA"), -- PINCTRL_PIN(223, "SML4ALERTB"), -- PINCTRL_PIN(224, "SSATAXPCIE1_SSATAGP1"), -- PINCTRL_PIN(225, "SSATAXPCIE2_SSATAGP2"), -- PINCTRL_PIN(226, "SSATAXPCIE3_SSATAGP3"), -- PINCTRL_PIN(227, "SSATAXPCIE4_SSATAGP4"), -- PINCTRL_PIN(228, "SSATAXPCIE5_SSATAGP5"), -+ PINCTRL_PIN(203, "SRCCLKREQB_6"), -+ PINCTRL_PIN(204, "SRCCLKREQB_7"), -+ PINCTRL_PIN(205, "SRCCLKREQB_8"), -+ PINCTRL_PIN(206, "SRCCLKREQB_9"), -+ PINCTRL_PIN(207, "SRCCLKREQB_10"), -+ PINCTRL_PIN(208, "SRCCLKREQB_11"), -+ PINCTRL_PIN(209, "SRCCLKREQB_12"), -+ PINCTRL_PIN(210, "SRCCLKREQB_13"), -+ PINCTRL_PIN(211, "SRCCLKREQB_14"), -+ PINCTRL_PIN(212, "SRCCLKREQB_15"), -+ PINCTRL_PIN(213, "SML2CLK"), -+ PINCTRL_PIN(214, "SML2DATA"), -+ PINCTRL_PIN(215, "SML2ALERTB"), -+ PINCTRL_PIN(216, "SML3CLK"), -+ PINCTRL_PIN(217, "SML3DATA"), -+ PINCTRL_PIN(218, "SML3ALERTB"), -+ PINCTRL_PIN(219, "SML4CLK"), -+ PINCTRL_PIN(220, "SML4DATA"), -+ PINCTRL_PIN(221, "SML4ALERTB"), -+ PINCTRL_PIN(222, "SSATAXPCIE1_SSATAGP1"), -+ PINCTRL_PIN(223, "SSATAXPCIE2_SSATAGP2"), -+ PINCTRL_PIN(224, "SSATAXPCIE3_SSATAGP3"), -+ PINCTRL_PIN(225, "SSATAXPCIE4_SSATAGP4"), -+ PINCTRL_PIN(226, "SSATAXPCIE5_SSATAGP5"), - /* GPP_L */ -+ PINCTRL_PIN(227, "GPP_L_0"), -+ PINCTRL_PIN(228, "EC_CSME_INTR_OUT"), - PINCTRL_PIN(229, "VISA2CH0_D0"), - PINCTRL_PIN(230, "VISA2CH0_D1"), - PINCTRL_PIN(231, "VISA2CH0_D2"), -diff --git a/drivers/pinctrl/ti/pinctrl-ti-iodelay.c b/drivers/pinctrl/ti/pinctrl-ti-iodelay.c -index 5c1b6325d80d..8ac1f1ce4442 100644 ---- a/drivers/pinctrl/ti/pinctrl-ti-iodelay.c -+++ b/drivers/pinctrl/ti/pinctrl-ti-iodelay.c -@@ -496,7 +496,7 @@ static int ti_iodelay_dt_node_to_map(struct pinctrl_dev *pctldev, - return -EINVAL; - - rows = pinctrl_count_index_with_args(np, name); -- if (rows == -EINVAL) -+ if (rows < 0) - return rows; - - *map = devm_kzalloc(iod->dev, sizeof(**map), GFP_KERNEL); -diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index 1c1999600717..af26ca49996d 100644 ---- a/drivers/platform/x86/asus-wmi.c -+++ b/drivers/platform/x86/asus-wmi.c -@@ -457,13 +457,7 @@ static void kbd_led_update(struct work_struct *work) - - asus = container_of(work, struct asus_wmi, kbd_led_work); - -- /* -- * bits 0-2: level -- * bit 7: light on/off -- */ -- if (asus->kbd_led_wk > 0) -- ctrl_param = 0x80 | (asus->kbd_led_wk & 0x7F); -- -+ ctrl_param = 0x80 | (asus->kbd_led_wk & 0x7F); - asus_wmi_set_devstate(ASUS_WMI_DEVID_KBD_BACKLIGHT, ctrl_param, NULL); - } - -diff --git a/drivers/rtc/rtc-msm6242.c b/drivers/rtc/rtc-msm6242.c -index c1c5c4e3b3b4..c981301efbe5 100644 ---- a/drivers/rtc/rtc-msm6242.c -+++ b/drivers/rtc/rtc-msm6242.c -@@ -132,7 +132,8 @@ static int msm6242_read_time(struct device *dev, struct rtc_time *tm) - msm6242_read(priv, MSM6242_SECOND1); - tm->tm_min = msm6242_read(priv, MSM6242_MINUTE10) * 10 + - msm6242_read(priv, MSM6242_MINUTE1); -- tm->tm_hour = (msm6242_read(priv, MSM6242_HOUR10 & 3)) * 10 + -+ tm->tm_hour = (msm6242_read(priv, MSM6242_HOUR10) & -+ MSM6242_HOUR10_HR_MASK) * 10 + - msm6242_read(priv, MSM6242_HOUR1); - tm->tm_mday = msm6242_read(priv, MSM6242_DAY10) * 10 + - msm6242_read(priv, MSM6242_DAY1); -diff --git a/drivers/rtc/rtc-mt6397.c b/drivers/rtc/rtc-mt6397.c -index e82df43e5ca2..c696d9186451 100644 ---- a/drivers/rtc/rtc-mt6397.c -+++ b/drivers/rtc/rtc-mt6397.c -@@ -55,6 +55,14 @@ - - #define RTC_AL_SEC 0x0018 - -+#define RTC_AL_SEC_MASK 0x003f -+#define RTC_AL_MIN_MASK 0x003f -+#define RTC_AL_HOU_MASK 0x001f -+#define RTC_AL_DOM_MASK 0x001f -+#define RTC_AL_DOW_MASK 0x0007 -+#define RTC_AL_MTH_MASK 0x000f -+#define RTC_AL_YEA_MASK 0x007f -+ - #define RTC_PDN2 0x002e - #define RTC_PDN2_PWRON_ALARM BIT(4) - -@@ -111,7 +119,7 @@ static irqreturn_t mtk_rtc_irq_handler_thread(int irq, void *data) - irqen = irqsta & ~RTC_IRQ_EN_AL; - mutex_lock(&rtc->lock); - if (regmap_write(rtc->regmap, rtc->addr_base + RTC_IRQ_EN, -- irqen) < 0) -+ irqen) == 0) - mtk_rtc_write_trigger(rtc); - mutex_unlock(&rtc->lock); - -@@ -233,12 +241,12 @@ static int mtk_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alm) - alm->pending = !!(pdn2 & RTC_PDN2_PWRON_ALARM); - mutex_unlock(&rtc->lock); - -- tm->tm_sec = data[RTC_OFFSET_SEC]; -- tm->tm_min = data[RTC_OFFSET_MIN]; -- tm->tm_hour = data[RTC_OFFSET_HOUR]; -- tm->tm_mday = data[RTC_OFFSET_DOM]; -- tm->tm_mon = data[RTC_OFFSET_MTH]; -- tm->tm_year = data[RTC_OFFSET_YEAR]; -+ tm->tm_sec = data[RTC_OFFSET_SEC] & RTC_AL_SEC_MASK; -+ tm->tm_min = data[RTC_OFFSET_MIN] & RTC_AL_MIN_MASK; -+ tm->tm_hour = data[RTC_OFFSET_HOUR] & RTC_AL_HOU_MASK; -+ tm->tm_mday = data[RTC_OFFSET_DOM] & RTC_AL_DOM_MASK; -+ tm->tm_mon = data[RTC_OFFSET_MTH] & RTC_AL_MTH_MASK; -+ tm->tm_year = data[RTC_OFFSET_YEAR] & RTC_AL_YEA_MASK; - - tm->tm_year += RTC_MIN_YEAR_OFFSET; - tm->tm_mon--; -@@ -259,14 +267,25 @@ static int mtk_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alm) - tm->tm_year -= RTC_MIN_YEAR_OFFSET; - tm->tm_mon++; - -- data[RTC_OFFSET_SEC] = tm->tm_sec; -- data[RTC_OFFSET_MIN] = tm->tm_min; -- data[RTC_OFFSET_HOUR] = tm->tm_hour; -- data[RTC_OFFSET_DOM] = tm->tm_mday; -- data[RTC_OFFSET_MTH] = tm->tm_mon; -- data[RTC_OFFSET_YEAR] = tm->tm_year; -- - mutex_lock(&rtc->lock); -+ ret = regmap_bulk_read(rtc->regmap, rtc->addr_base + RTC_AL_SEC, -+ data, RTC_OFFSET_COUNT); -+ if (ret < 0) -+ goto exit; -+ -+ data[RTC_OFFSET_SEC] = ((data[RTC_OFFSET_SEC] & ~(RTC_AL_SEC_MASK)) | -+ (tm->tm_sec & RTC_AL_SEC_MASK)); -+ data[RTC_OFFSET_MIN] = ((data[RTC_OFFSET_MIN] & ~(RTC_AL_MIN_MASK)) | -+ (tm->tm_min & RTC_AL_MIN_MASK)); -+ data[RTC_OFFSET_HOUR] = ((data[RTC_OFFSET_HOUR] & ~(RTC_AL_HOU_MASK)) | -+ (tm->tm_hour & RTC_AL_HOU_MASK)); -+ data[RTC_OFFSET_DOM] = ((data[RTC_OFFSET_DOM] & ~(RTC_AL_DOM_MASK)) | -+ (tm->tm_mday & RTC_AL_DOM_MASK)); -+ data[RTC_OFFSET_MTH] = ((data[RTC_OFFSET_MTH] & ~(RTC_AL_MTH_MASK)) | -+ (tm->tm_mon & RTC_AL_MTH_MASK)); -+ data[RTC_OFFSET_YEAR] = ((data[RTC_OFFSET_YEAR] & ~(RTC_AL_YEA_MASK)) | -+ (tm->tm_year & RTC_AL_YEA_MASK)); -+ - if (alm->enabled) { - ret = regmap_bulk_write(rtc->regmap, - rtc->addr_base + RTC_AL_SEC, -diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c -index 902f5e03ec94..0d45658f163a 100644 ---- a/drivers/scsi/cxgbi/libcxgbi.c -+++ b/drivers/scsi/cxgbi/libcxgbi.c -@@ -121,7 +121,8 @@ static inline void cxgbi_device_destroy(struct cxgbi_device *cdev) - "cdev 0x%p, p# %u.\n", cdev, cdev->nports); - cxgbi_hbas_remove(cdev); - cxgbi_device_portmap_cleanup(cdev); -- cxgbi_ppm_release(cdev->cdev2ppm(cdev)); -+ if (cdev->cdev2ppm) -+ cxgbi_ppm_release(cdev->cdev2ppm(cdev)); - if (cdev->pmap.max_connect) - cxgbi_free_big_mem(cdev->pmap.port_csk); - kfree(cdev); -diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 35cea5827a7a..2955b856e9ec 100644 ---- a/drivers/scsi/sd.c -+++ b/drivers/scsi/sd.c -@@ -1697,20 +1697,30 @@ static void sd_rescan(struct device *dev) - static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, - unsigned int cmd, unsigned long arg) - { -- struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device; -+ struct gendisk *disk = bdev->bd_disk; -+ struct scsi_disk *sdkp = scsi_disk(disk); -+ struct scsi_device *sdev = sdkp->device; -+ void __user *p = compat_ptr(arg); - int error; - -+ error = scsi_verify_blk_ioctl(bdev, cmd); -+ if (error < 0) -+ return error; -+ - error = scsi_ioctl_block_when_processing_errors(sdev, cmd, - (mode & FMODE_NDELAY) != 0); - if (error) - return error; -+ -+ if (is_sed_ioctl(cmd)) -+ return sed_ioctl(sdkp->opal_dev, cmd, p); - - /* - * Let the static ioctl translation table take care of it. - */ - if (!sdev->host->hostt->compat_ioctl) - return -ENOIOCTLCMD; -- return sdev->host->hostt->compat_ioctl(sdev, cmd, (void __user *)arg); -+ return sdev->host->hostt->compat_ioctl(sdev, cmd, p); - } - #endif - -@@ -2206,8 +2216,10 @@ static int sd_read_protection_type(struct scsi_disk *sdkp, unsigned char *buffer - u8 type; - int ret = 0; - -- if (scsi_device_protection(sdp) == 0 || (buffer[12] & 1) == 0) -+ if (scsi_device_protection(sdp) == 0 || (buffer[12] & 1) == 0) { -+ sdkp->protection_type = 0; - return ret; -+ } - - type = ((buffer[12] >> 1) & 7) + 1; /* P_TYPE 0 = Type 1 */ - -diff --git a/drivers/spi/spi-atmel.c b/drivers/spi/spi-atmel.c -index d19331b66222..7b739c449227 100644 ---- a/drivers/spi/spi-atmel.c -+++ b/drivers/spi/spi-atmel.c -@@ -301,7 +301,6 @@ struct atmel_spi { - bool use_cs_gpios; - - bool keep_cs; -- bool cs_active; - - u32 fifo_size; - }; -@@ -1338,11 +1337,9 @@ static int atmel_spi_one_transfer(struct spi_master *master, - &msg->transfers)) { - as->keep_cs = true; - } else { -- as->cs_active = !as->cs_active; -- if (as->cs_active) -- cs_activate(as, msg->spi); -- else -- cs_deactivate(as, msg->spi); -+ cs_deactivate(as, msg->spi); -+ udelay(10); -+ cs_activate(as, msg->spi); - } - } - -@@ -1365,7 +1362,6 @@ static int atmel_spi_transfer_one_message(struct spi_master *master, - atmel_spi_lock(as); - cs_activate(as, spi); - -- as->cs_active = true; - as->keep_cs = false; - - msg->status = 0; -diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c -index aae68230fb7b..a81a5be0cf7a 100644 ---- a/drivers/tty/serial/imx.c -+++ b/drivers/tty/serial/imx.c -@@ -542,7 +542,7 @@ static void imx_dma_tx(struct imx_port *sport) - dev_err(dev, "DMA mapping error for TX.\n"); - return; - } -- desc = dmaengine_prep_slave_sg(chan, sgl, sport->dma_tx_nents, -+ desc = dmaengine_prep_slave_sg(chan, sgl, ret, - DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT); - if (!desc) { - dma_unmap_sg(dev, sgl, sport->dma_tx_nents, -diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c -index d9123f995705..15ddcbd1f9d2 100644 ---- a/drivers/tty/serial/pch_uart.c -+++ b/drivers/tty/serial/pch_uart.c -@@ -247,6 +247,7 @@ struct eg20t_port { - struct dma_chan *chan_rx; - struct scatterlist *sg_tx_p; - int nent; -+ int orig_nent; - struct scatterlist sg_rx; - int tx_dma_use; - void *rx_buf_virt; -@@ -801,9 +802,10 @@ static void pch_dma_tx_complete(void *arg) - } - xmit->tail &= UART_XMIT_SIZE - 1; - async_tx_ack(priv->desc_tx); -- dma_unmap_sg(port->dev, sg, priv->nent, DMA_TO_DEVICE); -+ dma_unmap_sg(port->dev, sg, priv->orig_nent, DMA_TO_DEVICE); - priv->tx_dma_use = 0; - priv->nent = 0; -+ priv->orig_nent = 0; - kfree(priv->sg_tx_p); - pch_uart_hal_enable_interrupt(priv, PCH_UART_HAL_TX_INT); - } -@@ -1027,6 +1029,7 @@ static unsigned int dma_handle_tx(struct eg20t_port *priv) - dev_err(priv->port.dev, "%s:dma_map_sg Failed\n", __func__); - return 0; - } -+ priv->orig_nent = num; - priv->nent = nent; - - for (i = 0; i < nent; i++, sg++) { -diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c -index bf654d48eb46..97be32da857a 100644 ---- a/fs/btrfs/file.c -+++ b/fs/btrfs/file.c -@@ -1890,9 +1890,10 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, - (iocb->ki_flags & IOCB_NOWAIT)) - return -EOPNOTSUPP; - -- if (!inode_trylock(inode)) { -- if (iocb->ki_flags & IOCB_NOWAIT) -+ if (iocb->ki_flags & IOCB_NOWAIT) { -+ if (!inode_trylock(inode)) - return -EAGAIN; -+ } else { - inode_lock(inode); - } - -diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c -index 2c809233084b..e270812927cf 100644 ---- a/fs/cifs/smb2file.c -+++ b/fs/cifs/smb2file.c -@@ -69,7 +69,7 @@ smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, - goto out; - - -- if (oparms->tcon->use_resilient) { -+ if (oparms->tcon->use_resilient) { - nr_ioctl_req.Timeout = 0; /* use server default (120 seconds) */ - nr_ioctl_req.Reserved = 0; - rc = SMB2_ioctl(xid, oparms->tcon, fid->persistent_fid, -diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 0e1c36c92f60..4eb0a9e7194b 100644 ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -575,6 +575,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) - } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { - /* ops set to 3.0 by default for default so update */ - ses->server->ops = &smb21_operations; -+ ses->server->vals = &smb21_values; - } - } else if (le16_to_cpu(rsp->DialectRevision) != - ses->server->vals->protocol_id) { -diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c -index ac3fa4bbed2d..afe7dcfff036 100644 ---- a/fs/f2fs/data.c -+++ b/fs/f2fs/data.c -@@ -1512,7 +1512,7 @@ static int __write_data_page(struct page *page, bool *submitted, - loff_t i_size = i_size_read(inode); - const pgoff_t end_index = ((unsigned long long) i_size) - >> PAGE_SHIFT; -- loff_t psize = (page->index + 1) << PAGE_SHIFT; -+ loff_t psize = (loff_t)(page->index + 1) << PAGE_SHIFT; - unsigned offset = 0; - bool need_balance_fs = false; - int err = 0; -diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c -index a90173b856f6..d98acc20a38a 100644 ---- a/fs/f2fs/file.c -+++ b/fs/f2fs/file.c -@@ -1059,7 +1059,7 @@ static int __clone_blkaddrs(struct inode *src_inode, struct inode *dst_inode, - } - dn.ofs_in_node++; - i++; -- new_size = (dst + i) << PAGE_SHIFT; -+ new_size = (loff_t)(dst + i) << PAGE_SHIFT; - if (dst_inode->i_size < new_size) - f2fs_i_size_write(dst_inode, new_size); - } while (--ilen && (do_replace[i] || blkaddr[i] == NULL_ADDR)); -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index f1526f65cc58..3dd403943b07 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -5797,8 +5797,10 @@ static void nfs4_delegreturn_prepare(struct rpc_task *task, void *data) - - d_data = (struct nfs4_delegreturndata *)data; - -- if (!d_data->lr.roc && nfs4_wait_on_layoutreturn(d_data->inode, task)) -+ if (!d_data->lr.roc && nfs4_wait_on_layoutreturn(d_data->inode, task)) { -+ nfs4_sequence_done(task, &d_data->res.seq_res); - return; -+ } - - nfs4_setup_sequence(d_data->res.server->nfs_client, - &d_data->args.seq_args, -diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c -index 2459ae9d2234..39bb80fb2934 100644 ---- a/fs/ocfs2/journal.c -+++ b/fs/ocfs2/journal.c -@@ -1080,6 +1080,14 @@ int ocfs2_journal_load(struct ocfs2_journal *journal, int local, int replayed) - - ocfs2_clear_journal_error(osb->sb, journal->j_journal, osb->slot_num); - -+ if (replayed) { -+ jbd2_journal_lock_updates(journal->j_journal); -+ status = jbd2_journal_flush(journal->j_journal); -+ jbd2_journal_unlock_updates(journal->j_journal); -+ if (status < 0) -+ mlog_errno(status); -+ } -+ - status = ocfs2_journal_toggle_dirty(osb, 1, replayed); - if (status < 0) { - mlog_errno(status); -diff --git a/include/linux/poll.h b/include/linux/poll.h -index d384f12abdd5..c7acd7c09747 100644 ---- a/include/linux/poll.h -+++ b/include/linux/poll.h -@@ -15,7 +15,11 @@ - extern struct ctl_table epoll_table[]; /* for sysctl */ - /* ~832 bytes of stack space used max in sys_select/sys_poll before allocating - additional memory. */ -+#ifdef __clang__ -+#define MAX_STACK_ALLOC 768 -+#else - #define MAX_STACK_ALLOC 832 -+#endif - #define FRONTEND_STACK_ALLOC 256 - #define SELECT_STACK_ALLOC FRONTEND_STACK_ALLOC - #define POLL_STACK_ALLOC FRONTEND_STACK_ALLOC -diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h -index ea0ed58db97e..a4c8e9d7dd06 100644 ---- a/include/net/cfg80211.h -+++ b/include/net/cfg80211.h -@@ -4479,6 +4479,17 @@ static inline const u8 *cfg80211_find_ext_ie(u8 ext_eid, const u8 *ies, int len) - const u8 *cfg80211_find_vendor_ie(unsigned int oui, int oui_type, - const u8 *ies, int len); - -+/** -+ * cfg80211_send_layer2_update - send layer 2 update frame -+ * -+ * @dev: network device -+ * @addr: STA MAC address -+ * -+ * Wireless drivers can use this function to update forwarding tables in bridge -+ * devices upon STA association. -+ */ -+void cfg80211_send_layer2_update(struct net_device *dev, const u8 *addr); -+ - /** - * DOC: Regulatory enforcement infrastructure - * -diff --git a/net/core/ethtool.c b/net/core/ethtool.c -index 7822defa5a5d..749d48393d06 100644 ---- a/net/core/ethtool.c -+++ b/net/core/ethtool.c -@@ -2343,9 +2343,10 @@ static int ethtool_set_tunable(struct net_device *dev, void __user *useraddr) - return ret; - } - --static int ethtool_get_per_queue_coalesce(struct net_device *dev, -- void __user *useraddr, -- struct ethtool_per_queue_op *per_queue_opt) -+static noinline_for_stack int -+ethtool_get_per_queue_coalesce(struct net_device *dev, -+ void __user *useraddr, -+ struct ethtool_per_queue_op *per_queue_opt) - { - u32 bit; - int ret; -@@ -2375,9 +2376,10 @@ static int ethtool_get_per_queue_coalesce(struct net_device *dev, - return 0; - } - --static int ethtool_set_per_queue_coalesce(struct net_device *dev, -- void __user *useraddr, -- struct ethtool_per_queue_op *per_queue_opt) -+static noinline_for_stack int -+ethtool_set_per_queue_coalesce(struct net_device *dev, -+ void __user *useraddr, -+ struct ethtool_per_queue_op *per_queue_opt) - { - u32 bit; - int i, ret = 0; -@@ -2434,7 +2436,7 @@ roll_back: - return ret; - } - --static int ethtool_set_per_queue(struct net_device *dev, -+static int noinline_for_stack ethtool_set_per_queue(struct net_device *dev, - void __user *useraddr, u32 sub_cmd) - { - struct ethtool_per_queue_op per_queue_opt; -diff --git a/net/dccp/feat.c b/net/dccp/feat.c -index f227f002c73d..db87d9f58019 100644 ---- a/net/dccp/feat.c -+++ b/net/dccp/feat.c -@@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local, - if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len)) - return -ENOMEM; - -- return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval); -+ if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) { -+ kfree(fval.sp.vec); -+ return -ENOMEM; -+ } -+ -+ return 0; - } - - /** -diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c -index cfe20f15f618..c962c406d7b1 100644 ---- a/net/hsr/hsr_device.c -+++ b/net/hsr/hsr_device.c -@@ -281,6 +281,8 @@ static void send_hsr_supervision_frame(struct hsr_port *master, - skb->dev->dev_addr, skb->len) <= 0) - goto out; - skb_reset_mac_header(skb); -+ skb_reset_network_header(skb); -+ skb_reset_transport_header(skb); - - if (hsrVer > 0) { - hsr_tag = skb_put(skb, sizeof(struct hsr_tag)); -diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 8168c667d91d..d437007b15bb 100644 ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -1089,50 +1089,6 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev) - return 0; - } - --/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ --struct iapp_layer2_update { -- u8 da[ETH_ALEN]; /* broadcast */ -- u8 sa[ETH_ALEN]; /* STA addr */ -- __be16 len; /* 6 */ -- u8 dsap; /* 0 */ -- u8 ssap; /* 0 */ -- u8 control; -- u8 xid_info[3]; --} __packed; -- --static void ieee80211_send_layer2_update(struct sta_info *sta) --{ -- struct iapp_layer2_update *msg; -- struct sk_buff *skb; -- -- /* Send Level 2 Update Frame to update forwarding tables in layer 2 -- * bridge devices */ -- -- skb = dev_alloc_skb(sizeof(*msg)); -- if (!skb) -- return; -- msg = skb_put(skb, sizeof(*msg)); -- -- /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) -- * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ -- -- eth_broadcast_addr(msg->da); -- memcpy(msg->sa, sta->sta.addr, ETH_ALEN); -- msg->len = htons(6); -- msg->dsap = 0; -- msg->ssap = 0x01; /* NULL LSAP, CR Bit: Response */ -- msg->control = 0xaf; /* XID response lsb.1111F101. -- * F=0 (no poll command; unsolicited frame) */ -- msg->xid_info[0] = 0x81; /* XID format identifier */ -- msg->xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ -- msg->xid_info[2] = 0; /* XID sender's receive window size (RW) */ -- -- skb->dev = sta->sdata->dev; -- skb->protocol = eth_type_trans(skb, sta->sdata->dev); -- memset(skb->cb, 0, sizeof(skb->cb)); -- netif_rx_ni(skb); --} -- - static int sta_apply_auth_flags(struct ieee80211_local *local, - struct sta_info *sta, - u32 mask, u32 set) -@@ -1442,7 +1398,6 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, - struct sta_info *sta; - struct ieee80211_sub_if_data *sdata; - int err; -- int layer2_update; - - if (params->vlan) { - sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); -@@ -1486,18 +1441,12 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, - test_sta_flag(sta, WLAN_STA_ASSOC)) - rate_control_rate_init(sta); - -- layer2_update = sdata->vif.type == NL80211_IFTYPE_AP_VLAN || -- sdata->vif.type == NL80211_IFTYPE_AP; -- - err = sta_info_insert_rcu(sta); - if (err) { - rcu_read_unlock(); - return err; - } - -- if (layer2_update) -- ieee80211_send_layer2_update(sta); -- - rcu_read_unlock(); - - return 0; -@@ -1595,10 +1544,11 @@ static int ieee80211_change_station(struct wiphy *wiphy, - sta->sdata = vlansdata; - ieee80211_check_fast_xmit(sta); - -- if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) -+ if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) { - ieee80211_vif_inc_num_mcast(sta->sdata); -- -- ieee80211_send_layer2_update(sta); -+ cfg80211_send_layer2_update(sta->sdata->dev, -+ sta->sta.addr); -+ } - } - - err = sta_apply_parameters(local, sta, params); -diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c -index 1a86974b02e3..627dc642f894 100644 ---- a/net/mac80211/sta_info.c -+++ b/net/mac80211/sta_info.c -@@ -1899,6 +1899,10 @@ int sta_info_move_state(struct sta_info *sta, - ieee80211_check_fast_xmit(sta); - ieee80211_check_fast_rx(sta); - } -+ if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN || -+ sta->sdata->vif.type == NL80211_IFTYPE_AP) -+ cfg80211_send_layer2_update(sta->sdata->dev, -+ sta->sta.addr); - break; - default: - break; -diff --git a/net/socket.c b/net/socket.c -index 5b134a6b6216..6a5ec658fcd8 100644 ---- a/net/socket.c -+++ b/net/socket.c -@@ -3267,6 +3267,7 @@ static int compat_sock_ioctl_trans(struct file *file, struct socket *sock, - case SIOCSARP: - case SIOCGARP: - case SIOCDARP: -+ case SIOCOUTQNSD: - case SIOCATMARK: - return sock_do_ioctl(net, sock, cmd, arg); - } -diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c -index 2aaf46599126..c5e991d14888 100644 ---- a/net/sunrpc/xprtrdma/verbs.c -+++ b/net/sunrpc/xprtrdma/verbs.c -@@ -264,6 +264,7 @@ rpcrdma_conn_upcall(struct rdma_cm_id *id, struct rdma_cm_event *event) - ia->ri_device->name, - sap, rpc_get_port(sap)); - #endif -+ init_completion(&ia->ri_remove_done); - set_bit(RPCRDMA_IAF_REMOVING, &ia->ri_flags); - ep->rep_connected = -ENODEV; - xprt_force_disconnect(&xprt->rx_xprt); -@@ -319,7 +320,6 @@ rpcrdma_create_id(struct rpcrdma_xprt *xprt, - int rc; - - init_completion(&ia->ri_done); -- init_completion(&ia->ri_remove_done); - - id = rdma_create_id(&init_net, rpcrdma_conn_upcall, xprt, RDMA_PS_TCP, - IB_QPT_RC); -diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 99f581a61cfa..091e93798eac 100644 ---- a/net/unix/af_unix.c -+++ b/net/unix/af_unix.c -@@ -644,6 +644,9 @@ static unsigned int unix_poll(struct file *, struct socket *, poll_table *); - static unsigned int unix_dgram_poll(struct file *, struct socket *, - poll_table *); - static int unix_ioctl(struct socket *, unsigned int, unsigned long); -+#ifdef CONFIG_COMPAT -+static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); -+#endif - static int unix_shutdown(struct socket *, int); - static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t); - static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int); -@@ -685,6 +688,9 @@ static const struct proto_ops unix_stream_ops = { - .getname = unix_getname, - .poll = unix_poll, - .ioctl = unix_ioctl, -+#ifdef CONFIG_COMPAT -+ .compat_ioctl = unix_compat_ioctl, -+#endif - .listen = unix_listen, - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, -@@ -708,6 +714,9 @@ static const struct proto_ops unix_dgram_ops = { - .getname = unix_getname, - .poll = unix_dgram_poll, - .ioctl = unix_ioctl, -+#ifdef CONFIG_COMPAT -+ .compat_ioctl = unix_compat_ioctl, -+#endif - .listen = sock_no_listen, - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, -@@ -730,6 +739,9 @@ static const struct proto_ops unix_seqpacket_ops = { - .getname = unix_getname, - .poll = unix_dgram_poll, - .ioctl = unix_ioctl, -+#ifdef CONFIG_COMPAT -+ .compat_ioctl = unix_compat_ioctl, -+#endif - .listen = unix_listen, - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, -@@ -2650,6 +2662,13 @@ static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) - return err; - } - -+#ifdef CONFIG_COMPAT -+static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) -+{ -+ return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); -+} -+#endif -+ - static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait) - { - struct sock *sk = sock->sk; -diff --git a/net/wireless/util.c b/net/wireless/util.c -index 0f6c34ff9b55..2234817f5dbb 100644 ---- a/net/wireless/util.c -+++ b/net/wireless/util.c -@@ -1873,3 +1873,48 @@ EXPORT_SYMBOL(rfc1042_header); - const unsigned char bridge_tunnel_header[] __aligned(2) = - { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; - EXPORT_SYMBOL(bridge_tunnel_header); -+ -+/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ -+struct iapp_layer2_update { -+ u8 da[ETH_ALEN]; /* broadcast */ -+ u8 sa[ETH_ALEN]; /* STA addr */ -+ __be16 len; /* 6 */ -+ u8 dsap; /* 0 */ -+ u8 ssap; /* 0 */ -+ u8 control; -+ u8 xid_info[3]; -+} __packed; -+ -+void cfg80211_send_layer2_update(struct net_device *dev, const u8 *addr) -+{ -+ struct iapp_layer2_update *msg; -+ struct sk_buff *skb; -+ -+ /* Send Level 2 Update Frame to update forwarding tables in layer 2 -+ * bridge devices */ -+ -+ skb = dev_alloc_skb(sizeof(*msg)); -+ if (!skb) -+ return; -+ msg = skb_put(skb, sizeof(*msg)); -+ -+ /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) -+ * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ -+ -+ eth_broadcast_addr(msg->da); -+ ether_addr_copy(msg->sa, addr); -+ msg->len = htons(6); -+ msg->dsap = 0; -+ msg->ssap = 0x01; /* NULL LSAP, CR Bit: Response */ -+ msg->control = 0xaf; /* XID response lsb.1111F101. -+ * F=0 (no poll command; unsolicited frame) */ -+ msg->xid_info[0] = 0x81; /* XID format identifier */ -+ msg->xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ -+ msg->xid_info[2] = 0; /* XID sender's receive window size (RW) */ -+ -+ skb->dev = dev; -+ skb->protocol = eth_type_trans(skb, dev); -+ memset(skb->cb, 0, sizeof(skb->cb)); -+ netif_rx_ni(skb); -+} -+EXPORT_SYMBOL(cfg80211_send_layer2_update); -diff --git a/sound/soc/stm/stm32_spdifrx.c b/sound/soc/stm/stm32_spdifrx.c -index 84cc5678beba..7bc57651e186 100644 ---- a/sound/soc/stm/stm32_spdifrx.c -+++ b/sound/soc/stm/stm32_spdifrx.c -@@ -213,6 +213,7 @@ - * @slave_config: dma slave channel runtime config pointer - * @phys_addr: SPDIFRX registers physical base address - * @lock: synchronization enabling lock -+ * @irq_lock: prevent race condition with IRQ on stream state - * @cs: channel status buffer - * @ub: user data buffer - * @irq: SPDIFRX interrupt line -@@ -233,6 +234,7 @@ struct stm32_spdifrx_data { - struct dma_slave_config slave_config; - dma_addr_t phys_addr; - spinlock_t lock; /* Sync enabling lock */ -+ spinlock_t irq_lock; /* Prevent race condition on stream state */ - unsigned char cs[SPDIFRX_CS_BYTES_NB]; - unsigned char ub[SPDIFRX_UB_BYTES_NB]; - int irq; -@@ -313,6 +315,7 @@ static void stm32_spdifrx_dma_ctrl_stop(struct stm32_spdifrx_data *spdifrx) - static int stm32_spdifrx_start_sync(struct stm32_spdifrx_data *spdifrx) - { - int cr, cr_mask, imr, ret; -+ unsigned long flags; - - /* Enable IRQs */ - imr = SPDIFRX_IMR_IFEIE | SPDIFRX_IMR_SYNCDIE | SPDIFRX_IMR_PERRIE; -@@ -320,7 +323,7 @@ static int stm32_spdifrx_start_sync(struct stm32_spdifrx_data *spdifrx) - if (ret) - return ret; - -- spin_lock(&spdifrx->lock); -+ spin_lock_irqsave(&spdifrx->lock, flags); - - spdifrx->refcount++; - -@@ -353,7 +356,7 @@ static int stm32_spdifrx_start_sync(struct stm32_spdifrx_data *spdifrx) - "Failed to start synchronization\n"); - } - -- spin_unlock(&spdifrx->lock); -+ spin_unlock_irqrestore(&spdifrx->lock, flags); - - return ret; - } -@@ -361,11 +364,12 @@ static int stm32_spdifrx_start_sync(struct stm32_spdifrx_data *spdifrx) - static void stm32_spdifrx_stop(struct stm32_spdifrx_data *spdifrx) - { - int cr, cr_mask, reg; -+ unsigned long flags; - -- spin_lock(&spdifrx->lock); -+ spin_lock_irqsave(&spdifrx->lock, flags); - - if (--spdifrx->refcount) { -- spin_unlock(&spdifrx->lock); -+ spin_unlock_irqrestore(&spdifrx->lock, flags); - return; - } - -@@ -384,7 +388,7 @@ static void stm32_spdifrx_stop(struct stm32_spdifrx_data *spdifrx) - regmap_read(spdifrx->regmap, STM32_SPDIFRX_DR, ®); - regmap_read(spdifrx->regmap, STM32_SPDIFRX_CSR, ®); - -- spin_unlock(&spdifrx->lock); -+ spin_unlock_irqrestore(&spdifrx->lock, flags); - } - - static int stm32_spdifrx_dma_ctrl_register(struct device *dev, -@@ -644,7 +648,6 @@ static const struct regmap_config stm32_h7_spdifrx_regmap_conf = { - static irqreturn_t stm32_spdifrx_isr(int irq, void *devid) - { - struct stm32_spdifrx_data *spdifrx = (struct stm32_spdifrx_data *)devid; -- struct snd_pcm_substream *substream = spdifrx->substream; - struct platform_device *pdev = spdifrx->pdev; - unsigned int cr, mask, sr, imr; - unsigned int flags; -@@ -712,14 +715,19 @@ static irqreturn_t stm32_spdifrx_isr(int irq, void *devid) - regmap_update_bits(spdifrx->regmap, STM32_SPDIFRX_CR, - SPDIFRX_CR_SPDIFEN_MASK, cr); - -- if (substream) -- snd_pcm_stop(substream, SNDRV_PCM_STATE_DISCONNECTED); -+ spin_lock(&spdifrx->irq_lock); -+ if (spdifrx->substream) -+ snd_pcm_stop(spdifrx->substream, -+ SNDRV_PCM_STATE_DISCONNECTED); -+ spin_unlock(&spdifrx->irq_lock); - - return IRQ_HANDLED; - } - -- if (err_xrun && substream) -- snd_pcm_stop_xrun(substream); -+ spin_lock(&spdifrx->irq_lock); -+ if (err_xrun && spdifrx->substream) -+ snd_pcm_stop_xrun(spdifrx->substream); -+ spin_unlock(&spdifrx->irq_lock); - - return IRQ_HANDLED; - } -@@ -728,9 +736,12 @@ static int stm32_spdifrx_startup(struct snd_pcm_substream *substream, - struct snd_soc_dai *cpu_dai) - { - struct stm32_spdifrx_data *spdifrx = snd_soc_dai_get_drvdata(cpu_dai); -+ unsigned long flags; - int ret; - -+ spin_lock_irqsave(&spdifrx->irq_lock, flags); - spdifrx->substream = substream; -+ spin_unlock_irqrestore(&spdifrx->irq_lock, flags); - - ret = clk_prepare_enable(spdifrx->kclk); - if (ret) -@@ -802,8 +813,12 @@ static void stm32_spdifrx_shutdown(struct snd_pcm_substream *substream, - struct snd_soc_dai *cpu_dai) - { - struct stm32_spdifrx_data *spdifrx = snd_soc_dai_get_drvdata(cpu_dai); -+ unsigned long flags; - -+ spin_lock_irqsave(&spdifrx->irq_lock, flags); - spdifrx->substream = NULL; -+ spin_unlock_irqrestore(&spdifrx->irq_lock, flags); -+ - clk_disable_unprepare(spdifrx->kclk); - } - -@@ -908,6 +923,7 @@ static int stm32_spdifrx_probe(struct platform_device *pdev) - spdifrx->pdev = pdev; - init_completion(&spdifrx->cs_completion); - spin_lock_init(&spdifrx->lock); -+ spin_lock_init(&spdifrx->irq_lock); - - platform_set_drvdata(pdev, spdifrx); - -diff --git a/tools/testing/selftests/rseq/settings b/tools/testing/selftests/rseq/settings -new file mode 100644 -index 000000000000..e7b9417537fb ---- /dev/null -+++ b/tools/testing/selftests/rseq/settings -@@ -0,0 +1 @@ -+timeout=0 diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.166-167.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.166-167.patch deleted file mode 100644 index 179628e2dc..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.166-167.patch +++ /dev/null @@ -1,2219 +0,0 @@ -diff --git a/Makefile b/Makefile -index 7c62b4078c1b..3e8eaabf2bcb 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 166 -+SUBLEVEL = 167 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/arch/arm/boot/dts/am571x-idk.dts b/arch/arm/boot/dts/am571x-idk.dts -index debf9464403e..96a4df4109d7 100644 ---- a/arch/arm/boot/dts/am571x-idk.dts -+++ b/arch/arm/boot/dts/am571x-idk.dts -@@ -93,7 +93,7 @@ - - &pcie1_rc { - status = "okay"; -- gpios = <&gpio3 23 GPIO_ACTIVE_HIGH>; -+ gpios = <&gpio5 18 GPIO_ACTIVE_HIGH>; - }; - - &pcie1_ep { -diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi -index e79f3defe002..c2ad4f97cef0 100644 ---- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi -+++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi -@@ -56,10 +56,10 @@ - - pmu { - compatible = "arm,armv8-pmuv3"; -- interrupts = <0 120 8>, -- <0 121 8>, -- <0 122 8>, -- <0 123 8>; -+ interrupts = <0 170 4>, -+ <0 171 4>, -+ <0 172 4>, -+ <0 173 4>; - interrupt-affinity = <&cpu0>, - <&cpu1>, - <&cpu2>, -diff --git a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-khadas-vim.dts b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-khadas-vim.dts -index fb5db5f33e8c..ce4a116382bf 100644 ---- a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-khadas-vim.dts -+++ b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-khadas-vim.dts -@@ -33,11 +33,9 @@ - - gpio-keys-polled { - compatible = "gpio-keys-polled"; -- #address-cells = <1>; -- #size-cells = <0>; - poll-interval = <100>; - -- button@0 { -+ power-button { - label = "power"; - linux,code = ; - gpios = <&gpio_ao GPIOAO_2 GPIO_ACTIVE_LOW>; -diff --git a/arch/arm64/boot/dts/arm/juno-base.dtsi b/arch/arm64/boot/dts/arm/juno-base.dtsi -index f165f04db0c9..13ee8ffa9bbf 100644 ---- a/arch/arm64/boot/dts/arm/juno-base.dtsi -+++ b/arch/arm64/boot/dts/arm/juno-base.dtsi -@@ -5,7 +5,6 @@ - /* - * Devices shared by all Juno boards - */ -- dma-ranges = <0 0 0 0 0x100 0>; - - memtimer: timer@2a810000 { - compatible = "arm,armv7-timer-mem"; -diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 4b3d92a37c80..39fdede523f2 100644 ---- a/arch/x86/boot/compressed/head_64.S -+++ b/arch/x86/boot/compressed/head_64.S -@@ -227,6 +227,11 @@ ENTRY(efi32_stub_entry) - leal efi32_config(%ebp), %eax - movl %eax, efi_config(%ebp) - -+ /* Disable paging */ -+ movl %cr0, %eax -+ btrl $X86_CR0_PG_BIT, %eax -+ movl %eax, %cr0 -+ - jmp startup_32 - ENDPROC(efi32_stub_entry) - #endif -diff --git a/arch/x86/kernel/cpu/intel_rdt.c b/arch/x86/kernel/cpu/intel_rdt.c -index 665d0f6cd62f..3f731d7f04bf 100644 ---- a/arch/x86/kernel/cpu/intel_rdt.c -+++ b/arch/x86/kernel/cpu/intel_rdt.c -@@ -526,7 +526,7 @@ static void domain_remove_cpu(int cpu, struct rdt_resource *r) - if (static_branch_unlikely(&rdt_mon_enable_key)) - rmdir_mondata_subdir_allrdtgrp(r, d->id); - list_del(&d->list); -- if (is_mbm_enabled()) -+ if (r->mon_capable && is_mbm_enabled()) - cancel_delayed_work(&d->mbm_over); - if (is_llc_occupancy_enabled() && has_busy_rmid(r, d)) { - /* -diff --git a/block/blk-settings.c b/block/blk-settings.c -index 474b0b95fcd1..6c2faaa38cc1 100644 ---- a/block/blk-settings.c -+++ b/block/blk-settings.c -@@ -379,7 +379,7 @@ EXPORT_SYMBOL(blk_queue_max_segment_size); - * storage device can address. The default of 512 covers most - * hardware. - **/ --void blk_queue_logical_block_size(struct request_queue *q, unsigned short size) -+void blk_queue_logical_block_size(struct request_queue *q, unsigned int size) - { - q->limits.logical_block_size = size; - -diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c -index 32ac5f551e55..e6887714fe0a 100644 ---- a/drivers/block/xen-blkfront.c -+++ b/drivers/block/xen-blkfront.c -@@ -1115,8 +1115,8 @@ static int xlvbd_alloc_gendisk(blkif_sector_t capacity, - if (!VDEV_IS_EXTENDED(info->vdevice)) { - err = xen_translate_vdev(info->vdevice, &minor, &offset); - if (err) -- return err; -- nr_parts = PARTS_PER_DISK; -+ return err; -+ nr_parts = PARTS_PER_DISK; - } else { - minor = BLKIF_MINOR_EXT(info->vdevice); - nr_parts = PARTS_PER_EXT_DISK; -diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c -index a3f52f678211..8341a128dab1 100644 ---- a/drivers/clk/clk.c -+++ b/drivers/clk/clk.c -@@ -2482,11 +2482,17 @@ static int __clk_core_init(struct clk_core *core) - if (core->flags & CLK_IS_CRITICAL) { - unsigned long flags; - -- clk_core_prepare(core); -+ ret = clk_core_prepare(core); -+ if (ret) -+ goto out; - - flags = clk_enable_lock(); -- clk_core_enable(core); -+ ret = clk_core_enable(core); - clk_enable_unlock(flags); -+ if (ret) { -+ clk_core_unprepare(core); -+ goto out; -+ } - } - - /* -diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c -index d50125766093..c3badf634378 100644 ---- a/drivers/iio/industrialio-buffer.c -+++ b/drivers/iio/industrialio-buffer.c -@@ -570,7 +570,7 @@ static int iio_compute_scan_bytes(struct iio_dev *indio_dev, - const unsigned long *mask, bool timestamp) - { - unsigned bytes = 0; -- int length, i; -+ int length, i, largest = 0; - - /* How much space will the demuxed element take? */ - for_each_set_bit(i, mask, -@@ -578,13 +578,17 @@ static int iio_compute_scan_bytes(struct iio_dev *indio_dev, - length = iio_storage_bytes_for_si(indio_dev, i); - bytes = ALIGN(bytes, length); - bytes += length; -+ largest = max(largest, length); - } - - if (timestamp) { - length = iio_storage_bytes_for_timestamp(indio_dev); - bytes = ALIGN(bytes, length); - bytes += length; -+ largest = max(largest, length); - } -+ -+ bytes = ALIGN(bytes, largest); - return bytes; - } - -diff --git a/drivers/md/dm-snap-persistent.c b/drivers/md/dm-snap-persistent.c -index c5534d294773..00025569e807 100644 ---- a/drivers/md/dm-snap-persistent.c -+++ b/drivers/md/dm-snap-persistent.c -@@ -17,7 +17,7 @@ - #include "dm-bufio.h" - - #define DM_MSG_PREFIX "persistent snapshot" --#define DM_CHUNK_SIZE_DEFAULT_SECTORS 32 /* 16KB */ -+#define DM_CHUNK_SIZE_DEFAULT_SECTORS 32U /* 16KB */ - - #define DM_PREFETCH_CHUNKS 12 - -diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c -index 204adde004a3..cdafa5e0ea6d 100644 ---- a/drivers/md/raid0.c -+++ b/drivers/md/raid0.c -@@ -94,7 +94,7 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) - char b[BDEVNAME_SIZE]; - char b2[BDEVNAME_SIZE]; - struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL); -- unsigned short blksize = 512; -+ unsigned blksize = 512; - - *private_conf = ERR_PTR(-ENOMEM); - if (!conf) -diff --git a/drivers/message/fusion/mptctl.c b/drivers/message/fusion/mptctl.c -index cf6ce9f600ca..f9b2e652c399 100644 ---- a/drivers/message/fusion/mptctl.c -+++ b/drivers/message/fusion/mptctl.c -@@ -100,19 +100,19 @@ struct buflist { - * Function prototypes. Called from OS entry point mptctl_ioctl. - * arg contents specific to function. - */ --static int mptctl_fw_download(unsigned long arg); --static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd); --static int mptctl_gettargetinfo(unsigned long arg); --static int mptctl_readtest(unsigned long arg); --static int mptctl_mpt_command(unsigned long arg); --static int mptctl_eventquery(unsigned long arg); --static int mptctl_eventenable(unsigned long arg); --static int mptctl_eventreport(unsigned long arg); --static int mptctl_replace_fw(unsigned long arg); -- --static int mptctl_do_reset(unsigned long arg); --static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd); --static int mptctl_hp_targetinfo(unsigned long arg); -+static int mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_getiocinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd); -+static int mptctl_gettargetinfo(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_readtest(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_mpt_command(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_eventquery(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_eventenable(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_eventreport(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_replace_fw(MPT_ADAPTER *iocp, unsigned long arg); -+ -+static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg); -+static int mptctl_hp_hostinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd); -+static int mptctl_hp_targetinfo(MPT_ADAPTER *iocp, unsigned long arg); - - static int mptctl_probe(struct pci_dev *, const struct pci_device_id *); - static void mptctl_remove(struct pci_dev *); -@@ -123,8 +123,8 @@ static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg); - /* - * Private function calls. - */ --static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr); --static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen); -+static int mptctl_do_mpt_command(MPT_ADAPTER *iocp, struct mpt_ioctl_command karg, void __user *mfPtr); -+static int mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen); - static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags, - struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc); - static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, -@@ -656,19 +656,19 @@ __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - * by TM and FW reloads. - */ - if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) { -- return mptctl_getiocinfo(arg, _IOC_SIZE(cmd)); -+ return mptctl_getiocinfo(iocp, arg, _IOC_SIZE(cmd)); - } else if (cmd == MPTTARGETINFO) { -- return mptctl_gettargetinfo(arg); -+ return mptctl_gettargetinfo(iocp, arg); - } else if (cmd == MPTTEST) { -- return mptctl_readtest(arg); -+ return mptctl_readtest(iocp, arg); - } else if (cmd == MPTEVENTQUERY) { -- return mptctl_eventquery(arg); -+ return mptctl_eventquery(iocp, arg); - } else if (cmd == MPTEVENTENABLE) { -- return mptctl_eventenable(arg); -+ return mptctl_eventenable(iocp, arg); - } else if (cmd == MPTEVENTREPORT) { -- return mptctl_eventreport(arg); -+ return mptctl_eventreport(iocp, arg); - } else if (cmd == MPTFWREPLACE) { -- return mptctl_replace_fw(arg); -+ return mptctl_replace_fw(iocp, arg); - } - - /* All of these commands require an interrupt or -@@ -678,15 +678,15 @@ __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - return ret; - - if (cmd == MPTFWDOWNLOAD) -- ret = mptctl_fw_download(arg); -+ ret = mptctl_fw_download(iocp, arg); - else if (cmd == MPTCOMMAND) -- ret = mptctl_mpt_command(arg); -+ ret = mptctl_mpt_command(iocp, arg); - else if (cmd == MPTHARDRESET) -- ret = mptctl_do_reset(arg); -+ ret = mptctl_do_reset(iocp, arg); - else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK)) -- ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd)); -+ ret = mptctl_hp_hostinfo(iocp, arg, _IOC_SIZE(cmd)); - else if (cmd == HP_GETTARGETINFO) -- ret = mptctl_hp_targetinfo(arg); -+ ret = mptctl_hp_targetinfo(iocp, arg); - else - ret = -EINVAL; - -@@ -705,11 +705,10 @@ mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - return ret; - } - --static int mptctl_do_reset(unsigned long arg) -+static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg) - { - struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg; - struct mpt_ioctl_diag_reset krinfo; -- MPT_ADAPTER *iocp; - - if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) { - printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - " -@@ -718,12 +717,6 @@ static int mptctl_do_reset(unsigned long arg) - return -EFAULT; - } - -- if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) { -- printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n", -- __FILE__, __LINE__, krinfo.hdr.iocnum); -- return -ENODEV; /* (-6) No such device or address */ -- } -- - dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n", - iocp->name)); - -@@ -754,7 +747,7 @@ static int mptctl_do_reset(unsigned long arg) - * -ENOMSG if FW upload returned bad status - */ - static int --mptctl_fw_download(unsigned long arg) -+mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg) - { - struct mpt_fw_xfer __user *ufwdl = (void __user *) arg; - struct mpt_fw_xfer kfwdl; -@@ -766,7 +759,7 @@ mptctl_fw_download(unsigned long arg) - return -EFAULT; - } - -- return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen); -+ return mptctl_do_fw_download(iocp, kfwdl.bufp, kfwdl.fwlen); - } - - /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ -@@ -784,11 +777,10 @@ mptctl_fw_download(unsigned long arg) - * -ENOMSG if FW upload returned bad status - */ - static int --mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen) -+mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen) - { - FWDownload_t *dlmsg; - MPT_FRAME_HDR *mf; -- MPT_ADAPTER *iocp; - FWDownloadTCSGE_t *ptsge; - MptSge_t *sgl, *sgIn; - char *sgOut; -@@ -808,17 +800,10 @@ mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen) - pFWDownloadReply_t ReplyMsg = NULL; - unsigned long timeleft; - -- if (mpt_verify_adapter(ioc, &iocp) < 0) { -- printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n", -- ioc); -- return -ENODEV; /* (-6) No such device or address */ -- } else { -- -- /* Valid device. Get a message frame and construct the FW download message. -- */ -- if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL) -- return -EAGAIN; -- } -+ /* Valid device. Get a message frame and construct the FW download message. -+ */ -+ if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL) -+ return -EAGAIN; - - dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT - "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id)); -@@ -826,8 +811,6 @@ mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen) - iocp->name, ufwbuf)); - dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n", - iocp->name, (int)fwlen)); -- dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc = %04xh\n", -- iocp->name, ioc)); - - dlmsg = (FWDownload_t*) mf; - ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL; -@@ -1238,13 +1221,11 @@ kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTE - * -ENODEV if no such device/adapter - */ - static int --mptctl_getiocinfo (unsigned long arg, unsigned int data_size) -+mptctl_getiocinfo (MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size) - { - struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg; - struct mpt_ioctl_iocinfo *karg; -- MPT_ADAPTER *ioc; - struct pci_dev *pdev; -- int iocnum; - unsigned int port; - int cim_rev; - struct scsi_device *sdev; -@@ -1272,14 +1253,6 @@ mptctl_getiocinfo (unsigned long arg, unsigned int data_size) - return PTR_ERR(karg); - } - -- if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- kfree(karg); -- return -ENODEV; -- } -- - /* Verify the data transfer size is correct. */ - if (karg->hdr.maxDataSize != data_size) { - printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - " -@@ -1385,15 +1358,13 @@ mptctl_getiocinfo (unsigned long arg, unsigned int data_size) - * -ENODEV if no such device/adapter - */ - static int --mptctl_gettargetinfo (unsigned long arg) -+mptctl_gettargetinfo (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg; - struct mpt_ioctl_targetinfo karg; -- MPT_ADAPTER *ioc; - VirtDevice *vdevice; - char *pmem; - int *pdata; -- int iocnum; - int numDevices = 0; - int lun; - int maxWordsLeft; -@@ -1408,13 +1379,6 @@ mptctl_gettargetinfo (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n", - ioc->name)); - /* Get the port number and set the maximum number of bytes -@@ -1510,12 +1474,10 @@ mptctl_gettargetinfo (unsigned long arg) - * -ENODEV if no such device/adapter - */ - static int --mptctl_readtest (unsigned long arg) -+mptctl_readtest (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_test __user *uarg = (void __user *) arg; - struct mpt_ioctl_test karg; -- MPT_ADAPTER *ioc; -- int iocnum; - - if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) { - printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - " -@@ -1524,13 +1486,6 @@ mptctl_readtest (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n", - ioc->name)); - /* Fill in the data and return the structure to the calling -@@ -1571,12 +1526,10 @@ mptctl_readtest (unsigned long arg) - * -ENODEV if no such device/adapter - */ - static int --mptctl_eventquery (unsigned long arg) -+mptctl_eventquery (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg; - struct mpt_ioctl_eventquery karg; -- MPT_ADAPTER *ioc; -- int iocnum; - - if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) { - printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - " -@@ -1585,13 +1538,6 @@ mptctl_eventquery (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n", - ioc->name)); - karg.eventEntries = MPTCTL_EVENT_LOG_SIZE; -@@ -1610,12 +1556,10 @@ mptctl_eventquery (unsigned long arg) - - /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ - static int --mptctl_eventenable (unsigned long arg) -+mptctl_eventenable (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg; - struct mpt_ioctl_eventenable karg; -- MPT_ADAPTER *ioc; -- int iocnum; - - if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) { - printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - " -@@ -1624,13 +1568,6 @@ mptctl_eventenable (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n", - ioc->name)); - if (ioc->events == NULL) { -@@ -1658,12 +1595,10 @@ mptctl_eventenable (unsigned long arg) - - /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ - static int --mptctl_eventreport (unsigned long arg) -+mptctl_eventreport (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg; - struct mpt_ioctl_eventreport karg; -- MPT_ADAPTER *ioc; -- int iocnum; - int numBytes, maxEvents, max; - - if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) { -@@ -1673,12 +1608,6 @@ mptctl_eventreport (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n", - ioc->name)); - -@@ -1712,12 +1641,10 @@ mptctl_eventreport (unsigned long arg) - - /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ - static int --mptctl_replace_fw (unsigned long arg) -+mptctl_replace_fw (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg; - struct mpt_ioctl_replace_fw karg; -- MPT_ADAPTER *ioc; -- int iocnum; - int newFwSize; - - if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) { -@@ -1727,13 +1654,6 @@ mptctl_replace_fw (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n", - ioc->name)); - /* If caching FW, Free the old FW image -@@ -1780,12 +1700,10 @@ mptctl_replace_fw (unsigned long arg) - * -ENOMEM if memory allocation error - */ - static int --mptctl_mpt_command (unsigned long arg) -+mptctl_mpt_command (MPT_ADAPTER *ioc, unsigned long arg) - { - struct mpt_ioctl_command __user *uarg = (void __user *) arg; - struct mpt_ioctl_command karg; -- MPT_ADAPTER *ioc; -- int iocnum; - int rc; - - -@@ -1796,14 +1714,7 @@ mptctl_mpt_command (unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- -- rc = mptctl_do_mpt_command (karg, &uarg->MF); -+ rc = mptctl_do_mpt_command (ioc, karg, &uarg->MF); - - return rc; - } -@@ -1821,9 +1732,8 @@ mptctl_mpt_command (unsigned long arg) - * -EPERM if SCSI I/O and target is untagged - */ - static int --mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr) -+mptctl_do_mpt_command (MPT_ADAPTER *ioc, struct mpt_ioctl_command karg, void __user *mfPtr) - { -- MPT_ADAPTER *ioc; - MPT_FRAME_HDR *mf = NULL; - MPIHeader_t *hdr; - char *psge; -@@ -1832,7 +1742,7 @@ mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr) - dma_addr_t dma_addr_in; - dma_addr_t dma_addr_out; - int sgSize = 0; /* Num SG elements */ -- int iocnum, flagsLength; -+ int flagsLength; - int sz, rc = 0; - int msgContext; - u16 req_idx; -@@ -1847,13 +1757,6 @@ mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr) - bufIn.kptr = bufOut.kptr = NULL; - bufIn.len = bufOut.len = 0; - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } -- - spin_lock_irqsave(&ioc->taskmgmt_lock, flags); - if (ioc->ioc_reset_in_progress) { - spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags); -@@ -2418,17 +2321,15 @@ done_free_mem: - * -ENOMEM if memory allocation error - */ - static int --mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size) -+mptctl_hp_hostinfo(MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size) - { - hp_host_info_t __user *uarg = (void __user *) arg; -- MPT_ADAPTER *ioc; - struct pci_dev *pdev; - char *pbuf=NULL; - dma_addr_t buf_dma; - hp_host_info_t karg; - CONFIGPARMS cfg; - ConfigPageHeader_t hdr; -- int iocnum; - int rc, cim_rev; - ToolboxIstwiReadWriteRequest_t *IstwiRWRequest; - MPT_FRAME_HDR *mf = NULL; -@@ -2452,12 +2353,6 @@ mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n", - ioc->name)); - -@@ -2670,15 +2565,13 @@ retry_wait: - * -ENOMEM if memory allocation error - */ - static int --mptctl_hp_targetinfo(unsigned long arg) -+mptctl_hp_targetinfo(MPT_ADAPTER *ioc, unsigned long arg) - { - hp_target_info_t __user *uarg = (void __user *) arg; - SCSIDevicePage0_t *pg0_alloc; - SCSIDevicePage3_t *pg3_alloc; -- MPT_ADAPTER *ioc; - MPT_SCSI_HOST *hd = NULL; - hp_target_info_t karg; -- int iocnum; - int data_sz; - dma_addr_t page_dma; - CONFIGPARMS cfg; -@@ -2692,12 +2585,6 @@ mptctl_hp_targetinfo(unsigned long arg) - return -EFAULT; - } - -- if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) || -- (ioc == NULL)) { -- printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n", -- __FILE__, __LINE__, iocnum); -- return -ENODEV; -- } - if (karg.hdr.id >= MPT_MAX_FC_DEVICES) - return -EINVAL; - dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n", -@@ -2865,7 +2752,7 @@ compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd, - kfw.fwlen = kfw32.fwlen; - kfw.bufp = compat_ptr(kfw32.bufp); - -- ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen); -+ ret = mptctl_do_fw_download(iocp, kfw.bufp, kfw.fwlen); - - mutex_unlock(&iocp->ioctl_cmds.mutex); - -@@ -2919,7 +2806,7 @@ compat_mpt_command(struct file *filp, unsigned int cmd, - - /* Pass new structure to do_mpt_command - */ -- ret = mptctl_do_mpt_command (karg, &uarg->MF); -+ ret = mptctl_do_mpt_command (iocp, karg, &uarg->MF); - - mutex_unlock(&iocp->ioctl_cmds.mutex); - -diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c b/drivers/net/ethernet/hisilicon/hns/hns_enet.c -index b681c07b33fb..0733745f4be6 100644 ---- a/drivers/net/ethernet/hisilicon/hns/hns_enet.c -+++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.c -@@ -669,7 +669,6 @@ static int hns_nic_poll_rx_skb(struct hns_nic_ring_data *ring_data, - skb = *out_skb = napi_alloc_skb(&ring_data->napi, - HNS_RX_HEAD_SIZE); - if (unlikely(!skb)) { -- netdev_err(ndev, "alloc rx skb fail\n"); - ring->stats.sw_err_cnt++; - return -ENOMEM; - } -@@ -1180,7 +1179,6 @@ static int hns_nic_common_poll(struct napi_struct *napi, int budget) - container_of(napi, struct hns_nic_ring_data, napi); - struct hnae_ring *ring = ring_data->ring; - --try_again: - clean_complete += ring_data->poll_one( - ring_data, budget - clean_complete, - ring_data->ex_process); -@@ -1190,7 +1188,7 @@ try_again: - napi_complete(napi); - ring->q->handle->dev->ops->toggle_ring_irq(ring, 0); - } else { -- goto try_again; -+ return budget; - } - } - -diff --git a/drivers/net/ethernet/stmicro/stmmac/common.h b/drivers/net/ethernet/stmicro/stmmac/common.h -index efc4a1a8343a..e51b50d94074 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/common.h -+++ b/drivers/net/ethernet/stmicro/stmmac/common.h -@@ -338,9 +338,8 @@ struct dma_features { - unsigned int rx_fifo_size; - }; - --/* GMAC TX FIFO is 8K, Rx FIFO is 16K */ --#define BUF_SIZE_16KiB 16384 --/* RX Buffer size must be < 8191 and multiple of 4/8/16 bytes */ -+/* RX Buffer size must be multiple of 4/8/16 bytes */ -+#define BUF_SIZE_16KiB 16368 - #define BUF_SIZE_8KiB 8188 - #define BUF_SIZE_4KiB 4096 - #define BUF_SIZE_2KiB 2048 -diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -index e89466bd432d..81d446469a35 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -@@ -1043,7 +1043,9 @@ static int stmmac_set_bfsize(int mtu, int bufsize) - { - int ret = bufsize; - -- if (mtu >= BUF_SIZE_4KiB) -+ if (mtu >= BUF_SIZE_8KiB) -+ ret = BUF_SIZE_16KiB; -+ else if (mtu >= BUF_SIZE_4KiB) - ret = BUF_SIZE_8KiB; - else if (mtu >= BUF_SIZE_2KiB) - ret = BUF_SIZE_4KiB; -diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index b19557c035f2..aa0bbffe4900 100644 ---- a/drivers/net/hyperv/rndis_filter.c -+++ b/drivers/net/hyperv/rndis_filter.c -@@ -1331,8 +1331,6 @@ void rndis_filter_device_remove(struct hv_device *dev, - /* Halt and release the rndis device */ - rndis_filter_halt_device(rndis_dev); - -- net_dev->extension = NULL; -- - netvsc_device_remove(dev); - } - -diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 2b977655834c..ab539136d5bf 100644 ---- a/drivers/net/macvlan.c -+++ b/drivers/net/macvlan.c -@@ -263,7 +263,7 @@ static void macvlan_broadcast(struct sk_buff *skb, - struct net_device *src, - enum macvlan_mode mode) - { -- const struct ethhdr *eth = skb_eth_hdr(skb); -+ const struct ethhdr *eth = eth_hdr(skb); - const struct macvlan_dev *vlan; - struct sk_buff *nskb; - unsigned int i; -@@ -515,10 +515,11 @@ static int macvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev) - const struct macvlan_dev *dest; - - if (vlan->mode == MACVLAN_MODE_BRIDGE) { -- const struct ethhdr *eth = (void *)skb->data; -+ const struct ethhdr *eth = skb_eth_hdr(skb); - - /* send to other bridge ports directly */ - if (is_multicast_ether_addr(eth->h_dest)) { -+ skb_reset_mac_header(skb); - macvlan_broadcast(skb, port, dev, MACVLAN_MODE_BRIDGE); - goto xmit_world; - } -diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c -index c23f35dba718..ee7194a9e231 100644 ---- a/drivers/net/usb/lan78xx.c -+++ b/drivers/net/usb/lan78xx.c -@@ -3612,6 +3612,7 @@ static int lan78xx_probe(struct usb_interface *intf, - - /* MTU range: 68 - 9000 */ - netdev->max_mtu = MAX_SINGLE_PACKET_SIZE; -+ netif_set_gso_max_size(netdev, MAX_SINGLE_PACKET_SIZE - MAX_HEADER); - - dev->ep_blkin = (intf->cur_altsetting)->endpoint + 0; - dev->ep_blkout = (intf->cur_altsetting)->endpoint + 1; -diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c -index 6a86a03c5e95..0083c60f5cdf 100644 ---- a/drivers/net/usb/r8152.c -+++ b/drivers/net/usb/r8152.c -@@ -5158,6 +5158,9 @@ static int rtl8152_probe(struct usb_interface *intf, - return -ENODEV; - } - -+ if (intf->cur_altsetting->desc.bNumEndpoints < 3) -+ return -ENODEV; -+ - usb_reset_device(udev); - netdev = alloc_etherdev(sizeof(struct r8152)); - if (!netdev) { -diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c -index 289dff262948..571a1ff8f81f 100644 ---- a/drivers/net/wan/fsl_ucc_hdlc.c -+++ b/drivers/net/wan/fsl_ucc_hdlc.c -@@ -76,7 +76,7 @@ static struct ucc_tdm_info utdm_primary_info = { - }, - }; - --static struct ucc_tdm_info utdm_info[MAX_HDLC_NUM]; -+static struct ucc_tdm_info utdm_info[UCC_MAX_NUM]; - - static int uhdlc_init(struct ucc_hdlc_private *priv) - { -diff --git a/drivers/net/wireless/st/cw1200/fwio.c b/drivers/net/wireless/st/cw1200/fwio.c -index 30e7646d04af..16be7fa82a23 100644 ---- a/drivers/net/wireless/st/cw1200/fwio.c -+++ b/drivers/net/wireless/st/cw1200/fwio.c -@@ -323,12 +323,12 @@ int cw1200_load_firmware(struct cw1200_common *priv) - goto out; - } - -- priv->hw_type = cw1200_get_hw_type(val32, &major_revision); -- if (priv->hw_type < 0) { -+ ret = cw1200_get_hw_type(val32, &major_revision); -+ if (ret < 0) { - pr_err("Can't deduce hardware type.\n"); -- ret = -ENOTSUPP; - goto out; - } -+ priv->hw_type = ret; - - /* Set DPLL Reg value, and read back to confirm writes work */ - ret = cw1200_reg_write_32(priv, ST90TDS_TSET_GEN_R_W_REG_ID, -diff --git a/drivers/nfc/pn533/usb.c b/drivers/nfc/pn533/usb.c -index fcb57d64d97e..a2c9b3f3bc23 100644 ---- a/drivers/nfc/pn533/usb.c -+++ b/drivers/nfc/pn533/usb.c -@@ -403,7 +403,7 @@ static int pn533_acr122_poweron_rdr(struct pn533_usb_phy *phy) - cmd, sizeof(cmd), false); - - rc = usb_bulk_msg(phy->udev, phy->out_urb->pipe, buffer, sizeof(cmd), -- &transferred, 0); -+ &transferred, 5000); - kfree(buffer); - if (rc || (transferred != sizeof(cmd))) { - nfc_err(&phy->udev->dev, -diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c -index b818f65480c1..e232233beb8f 100644 ---- a/drivers/ptp/ptp_clock.c -+++ b/drivers/ptp/ptp_clock.c -@@ -179,6 +179,7 @@ static void ptp_clock_release(struct device *dev) - { - struct ptp_clock *ptp = container_of(dev, struct ptp_clock, dev); - -+ ptp_cleanup_pin_groups(ptp); - mutex_destroy(&ptp->tsevq_mux); - mutex_destroy(&ptp->pincfg_mux); - ida_simple_remove(&ptp_clocks_map, ptp->index); -@@ -315,9 +316,8 @@ int ptp_clock_unregister(struct ptp_clock *ptp) - if (ptp->pps_source) - pps_unregister_source(ptp->pps_source); - -- ptp_cleanup_pin_groups(ptp); -- - posix_clock_unregister(&ptp->clock); -+ - return 0; - } - EXPORT_SYMBOL(ptp_clock_unregister); -diff --git a/drivers/scsi/bnx2i/bnx2i_iscsi.c b/drivers/scsi/bnx2i/bnx2i_iscsi.c -index 03c104b47f31..b832bd0ce202 100644 ---- a/drivers/scsi/bnx2i/bnx2i_iscsi.c -+++ b/drivers/scsi/bnx2i/bnx2i_iscsi.c -@@ -915,12 +915,12 @@ void bnx2i_free_hba(struct bnx2i_hba *hba) - INIT_LIST_HEAD(&hba->ep_ofld_list); - INIT_LIST_HEAD(&hba->ep_active_list); - INIT_LIST_HEAD(&hba->ep_destroy_list); -- pci_dev_put(hba->pcidev); - - if (hba->regview) { - pci_iounmap(hba->pcidev, hba->regview); - hba->regview = NULL; - } -+ pci_dev_put(hba->pcidev); - bnx2i_free_mp_bdt(hba); - bnx2i_release_free_cid_que(hba); - iscsi_host_free(shost); -diff --git a/drivers/scsi/esas2r/esas2r_flash.c b/drivers/scsi/esas2r/esas2r_flash.c -index 7bd376d95ed5..b02ac389e6c6 100644 ---- a/drivers/scsi/esas2r/esas2r_flash.c -+++ b/drivers/scsi/esas2r/esas2r_flash.c -@@ -1197,6 +1197,7 @@ bool esas2r_nvram_read_direct(struct esas2r_adapter *a) - if (!esas2r_read_flash_block(a, a->nvram, FLS_OFFSET_NVR, - sizeof(struct esas2r_sas_nvram))) { - esas2r_hdebug("NVRAM read failed, using defaults"); -+ up(&a->nvram_semaphore); - return false; - } - -diff --git a/drivers/scsi/fnic/vnic_dev.c b/drivers/scsi/fnic/vnic_dev.c -index ba69d6112fa1..c5b89a003d2a 100644 ---- a/drivers/scsi/fnic/vnic_dev.c -+++ b/drivers/scsi/fnic/vnic_dev.c -@@ -445,26 +445,26 @@ int vnic_dev_soft_reset_done(struct vnic_dev *vdev, int *done) - - int vnic_dev_hang_notify(struct vnic_dev *vdev) - { -- u64 a0, a1; -+ u64 a0 = 0, a1 = 0; - int wait = 1000; - return vnic_dev_cmd(vdev, CMD_HANG_NOTIFY, &a0, &a1, wait); - } - - int vnic_dev_mac_addr(struct vnic_dev *vdev, u8 *mac_addr) - { -- u64 a0, a1; -+ u64 a[2] = {}; - int wait = 1000; - int err, i; - - for (i = 0; i < ETH_ALEN; i++) - mac_addr[i] = 0; - -- err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a0, &a1, wait); -+ err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a[0], &a[1], wait); - if (err) - return err; - - for (i = 0; i < ETH_ALEN; i++) -- mac_addr[i] = ((u8 *)&a0)[i]; -+ mac_addr[i] = ((u8 *)&a)[i]; - - return 0; - } -@@ -489,30 +489,30 @@ void vnic_dev_packet_filter(struct vnic_dev *vdev, int directed, int multicast, - - void vnic_dev_add_addr(struct vnic_dev *vdev, u8 *addr) - { -- u64 a0 = 0, a1 = 0; -+ u64 a[2] = {}; - int wait = 1000; - int err; - int i; - - for (i = 0; i < ETH_ALEN; i++) -- ((u8 *)&a0)[i] = addr[i]; -+ ((u8 *)&a)[i] = addr[i]; - -- err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a0, &a1, wait); -+ err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a[0], &a[1], wait); - if (err) - pr_err("Can't add addr [%pM], %d\n", addr, err); - } - - void vnic_dev_del_addr(struct vnic_dev *vdev, u8 *addr) - { -- u64 a0 = 0, a1 = 0; -+ u64 a[2] = {}; - int wait = 1000; - int err; - int i; - - for (i = 0; i < ETH_ALEN; i++) -- ((u8 *)&a0)[i] = addr[i]; -+ ((u8 *)&a)[i] = addr[i]; - -- err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a0, &a1, wait); -+ err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a[0], &a[1], wait); - if (err) - pr_err("Can't del addr [%pM], %d\n", addr, err); - } -diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c -index bd2421863510..a66f7cec797c 100644 ---- a/drivers/scsi/qla2xxx/qla_init.c -+++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -5145,8 +5145,7 @@ qla2x00_find_all_fabric_devs(scsi_qla_host_t *vha) - if (test_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags)) - break; - -- if ((fcport->flags & FCF_FABRIC_DEVICE) == 0 || -- (fcport->flags & FCF_LOGIN_NEEDED) == 0) -+ if ((fcport->flags & FCF_FABRIC_DEVICE) == 0) - continue; - - if (fcport->scan_state == QLA_FCPORT_SCAN) { -@@ -5171,7 +5170,8 @@ qla2x00_find_all_fabric_devs(scsi_qla_host_t *vha) - } - } - -- if (fcport->scan_state == QLA_FCPORT_FOUND) -+ if (fcport->scan_state == QLA_FCPORT_FOUND && -+ (fcport->flags & FCF_LOGIN_NEEDED) != 0) - qla24xx_fcport_handle_login(vha, fcport); - } - return (rval); -diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c -index 7f2da56274bd..648916a9082c 100644 ---- a/drivers/scsi/qla2xxx/qla_isr.c -+++ b/drivers/scsi/qla2xxx/qla_isr.c -@@ -3519,7 +3519,7 @@ qla2x00_request_irqs(struct qla_hw_data *ha, struct rsp_que *rsp) - skip_msix: - - ql_log(ql_log_info, vha, 0x0037, -- "Falling back-to MSI mode -%d.\n", ret); -+ "Falling back-to MSI mode -- ret=%d.\n", ret); - - if (!IS_QLA24XX(ha) && !IS_QLA2532(ha) && !IS_QLA8432(ha) && - !IS_QLA8001(ha) && !IS_P3P_TYPE(ha) && !IS_QLAFX00(ha) && -@@ -3527,13 +3527,13 @@ skip_msix: - goto skip_msi; - - ret = pci_alloc_irq_vectors(ha->pdev, 1, 1, PCI_IRQ_MSI); -- if (!ret) { -+ if (ret > 0) { - ql_dbg(ql_dbg_init, vha, 0x0038, - "MSI: Enabled.\n"); - ha->flags.msi_enabled = 1; - } else - ql_log(ql_log_warn, vha, 0x0039, -- "Falling back-to INTa mode -- %d.\n", ret); -+ "Falling back-to INTa mode -- ret=%d.\n", ret); - skip_msi: - - /* Skip INTx on ISP82xx. */ -diff --git a/drivers/scsi/qla4xxx/ql4_mbx.c b/drivers/scsi/qla4xxx/ql4_mbx.c -index 1da04f323d38..c402fc583da3 100644 ---- a/drivers/scsi/qla4xxx/ql4_mbx.c -+++ b/drivers/scsi/qla4xxx/ql4_mbx.c -@@ -641,9 +641,6 @@ int qla4xxx_initialize_fw_cb(struct scsi_qla_host * ha) - - if (qla4xxx_get_ifcb(ha, &mbox_cmd[0], &mbox_sts[0], init_fw_cb_dma) != - QLA_SUCCESS) { -- dma_free_coherent(&ha->pdev->dev, -- sizeof(struct addr_ctrl_blk), -- init_fw_cb, init_fw_cb_dma); - goto exit_init_fw_cb; - } - -diff --git a/drivers/scsi/scsi_trace.c b/drivers/scsi/scsi_trace.c -index 617a60737590..22472d140ef7 100644 ---- a/drivers/scsi/scsi_trace.c -+++ b/drivers/scsi/scsi_trace.c -@@ -21,7 +21,7 @@ - #include - - #define SERVICE_ACTION16(cdb) (cdb[1] & 0x1f) --#define SERVICE_ACTION32(cdb) ((cdb[8] << 8) | cdb[9]) -+#define SERVICE_ACTION32(cdb) (get_unaligned_be16(&cdb[8])) - - static const char * - scsi_trace_misc(struct trace_seq *, unsigned char *, int); -@@ -51,17 +51,12 @@ static const char * - scsi_trace_rw10(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p); -- sector_t lba = 0, txlen = 0; -+ u32 lba, txlen; - -- lba |= (cdb[2] << 24); -- lba |= (cdb[3] << 16); -- lba |= (cdb[4] << 8); -- lba |= cdb[5]; -- txlen |= (cdb[7] << 8); -- txlen |= cdb[8]; -+ lba = get_unaligned_be32(&cdb[2]); -+ txlen = get_unaligned_be16(&cdb[7]); - -- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u", -- (unsigned long long)lba, (unsigned long long)txlen, -+ trace_seq_printf(p, "lba=%u txlen=%u protect=%u", lba, txlen, - cdb[1] >> 5); - - if (cdb[0] == WRITE_SAME) -@@ -76,19 +71,12 @@ static const char * - scsi_trace_rw12(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p); -- sector_t lba = 0, txlen = 0; -- -- lba |= (cdb[2] << 24); -- lba |= (cdb[3] << 16); -- lba |= (cdb[4] << 8); -- lba |= cdb[5]; -- txlen |= (cdb[6] << 24); -- txlen |= (cdb[7] << 16); -- txlen |= (cdb[8] << 8); -- txlen |= cdb[9]; -- -- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u", -- (unsigned long long)lba, (unsigned long long)txlen, -+ u32 lba, txlen; -+ -+ lba = get_unaligned_be32(&cdb[2]); -+ txlen = get_unaligned_be32(&cdb[6]); -+ -+ trace_seq_printf(p, "lba=%u txlen=%u protect=%u", lba, txlen, - cdb[1] >> 5); - trace_seq_putc(p, 0); - -@@ -99,23 +87,13 @@ static const char * - scsi_trace_rw16(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p); -- sector_t lba = 0, txlen = 0; -- -- lba |= ((u64)cdb[2] << 56); -- lba |= ((u64)cdb[3] << 48); -- lba |= ((u64)cdb[4] << 40); -- lba |= ((u64)cdb[5] << 32); -- lba |= (cdb[6] << 24); -- lba |= (cdb[7] << 16); -- lba |= (cdb[8] << 8); -- lba |= cdb[9]; -- txlen |= (cdb[10] << 24); -- txlen |= (cdb[11] << 16); -- txlen |= (cdb[12] << 8); -- txlen |= cdb[13]; -- -- trace_seq_printf(p, "lba=%llu txlen=%llu protect=%u", -- (unsigned long long)lba, (unsigned long long)txlen, -+ u64 lba; -+ u32 txlen; -+ -+ lba = get_unaligned_be64(&cdb[2]); -+ txlen = get_unaligned_be32(&cdb[10]); -+ -+ trace_seq_printf(p, "lba=%llu txlen=%u protect=%u", lba, txlen, - cdb[1] >> 5); - - if (cdb[0] == WRITE_SAME_16) -@@ -130,8 +108,8 @@ static const char * - scsi_trace_rw32(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p), *cmd; -- sector_t lba = 0, txlen = 0; -- u32 ei_lbrt = 0; -+ u64 lba; -+ u32 ei_lbrt, txlen; - - switch (SERVICE_ACTION32(cdb)) { - case READ_32: -@@ -151,26 +129,12 @@ scsi_trace_rw32(struct trace_seq *p, unsigned char *cdb, int len) - goto out; - } - -- lba |= ((u64)cdb[12] << 56); -- lba |= ((u64)cdb[13] << 48); -- lba |= ((u64)cdb[14] << 40); -- lba |= ((u64)cdb[15] << 32); -- lba |= (cdb[16] << 24); -- lba |= (cdb[17] << 16); -- lba |= (cdb[18] << 8); -- lba |= cdb[19]; -- ei_lbrt |= (cdb[20] << 24); -- ei_lbrt |= (cdb[21] << 16); -- ei_lbrt |= (cdb[22] << 8); -- ei_lbrt |= cdb[23]; -- txlen |= (cdb[28] << 24); -- txlen |= (cdb[29] << 16); -- txlen |= (cdb[30] << 8); -- txlen |= cdb[31]; -- -- trace_seq_printf(p, "%s_32 lba=%llu txlen=%llu protect=%u ei_lbrt=%u", -- cmd, (unsigned long long)lba, -- (unsigned long long)txlen, cdb[10] >> 5, ei_lbrt); -+ lba = get_unaligned_be64(&cdb[12]); -+ ei_lbrt = get_unaligned_be32(&cdb[20]); -+ txlen = get_unaligned_be32(&cdb[28]); -+ -+ trace_seq_printf(p, "%s_32 lba=%llu txlen=%u protect=%u ei_lbrt=%u", -+ cmd, lba, txlen, cdb[10] >> 5, ei_lbrt); - - if (SERVICE_ACTION32(cdb) == WRITE_SAME_32) - trace_seq_printf(p, " unmap=%u", cdb[10] >> 3 & 1); -@@ -185,7 +149,7 @@ static const char * - scsi_trace_unmap(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p); -- unsigned int regions = cdb[7] << 8 | cdb[8]; -+ unsigned int regions = get_unaligned_be16(&cdb[7]); - - trace_seq_printf(p, "regions=%u", (regions - 8) / 16); - trace_seq_putc(p, 0); -@@ -197,8 +161,8 @@ static const char * - scsi_trace_service_action_in(struct trace_seq *p, unsigned char *cdb, int len) - { - const char *ret = trace_seq_buffer_ptr(p), *cmd; -- sector_t lba = 0; -- u32 alloc_len = 0; -+ u64 lba; -+ u32 alloc_len; - - switch (SERVICE_ACTION16(cdb)) { - case SAI_READ_CAPACITY_16: -@@ -212,21 +176,10 @@ scsi_trace_service_action_in(struct trace_seq *p, unsigned char *cdb, int len) - goto out; - } - -- lba |= ((u64)cdb[2] << 56); -- lba |= ((u64)cdb[3] << 48); -- lba |= ((u64)cdb[4] << 40); -- lba |= ((u64)cdb[5] << 32); -- lba |= (cdb[6] << 24); -- lba |= (cdb[7] << 16); -- lba |= (cdb[8] << 8); -- lba |= cdb[9]; -- alloc_len |= (cdb[10] << 24); -- alloc_len |= (cdb[11] << 16); -- alloc_len |= (cdb[12] << 8); -- alloc_len |= cdb[13]; -- -- trace_seq_printf(p, "%s lba=%llu alloc_len=%u", cmd, -- (unsigned long long)lba, alloc_len); -+ lba = get_unaligned_be64(&cdb[2]); -+ alloc_len = get_unaligned_be32(&cdb[10]); -+ -+ trace_seq_printf(p, "%s lba=%llu alloc_len=%u", cmd, lba, alloc_len); - - out: - trace_seq_putc(p, 0); -diff --git a/drivers/target/target_core_fabric_lib.c b/drivers/target/target_core_fabric_lib.c -index 508da345b73f..95aa47ac4dcd 100644 ---- a/drivers/target/target_core_fabric_lib.c -+++ b/drivers/target/target_core_fabric_lib.c -@@ -131,7 +131,7 @@ static int srp_get_pr_transport_id( - memset(buf + 8, 0, leading_zero_bytes); - rc = hex2bin(buf + 8 + leading_zero_bytes, p, count); - if (rc < 0) { -- pr_debug("hex2bin failed for %s: %d\n", __func__, rc); -+ pr_debug("hex2bin failed for %s: %d\n", p, rc); - return rc; - } - -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 4efccf8bf99f..7d5ecf36a33c 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -1164,6 +1164,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) - * PORT_OVER_CURRENT is not. So check for any of them. - */ - if (udev || (portstatus & USB_PORT_STAT_CONNECTION) || -+ (portchange & USB_PORT_STAT_C_CONNECTION) || - (portstatus & USB_PORT_STAT_OVERCURRENT) || - (portchange & USB_PORT_STAT_C_OVERCURRENT)) - set_bit(port1, hub->change_bits); -diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c -index 578596d301b8..31cd798d2dac 100644 ---- a/drivers/usb/serial/ch341.c -+++ b/drivers/usb/serial/ch341.c -@@ -592,9 +592,13 @@ static int ch341_tiocmget(struct tty_struct *tty) - static int ch341_reset_resume(struct usb_serial *serial) - { - struct usb_serial_port *port = serial->port[0]; -- struct ch341_private *priv = usb_get_serial_port_data(port); -+ struct ch341_private *priv; - int ret; - -+ priv = usb_get_serial_port_data(port); -+ if (!priv) -+ return 0; -+ - /* reconfigure ch341 serial port after bus-reset */ - ch341_configure(serial->dev, priv); - -diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c -index 51b61545ccf2..3705b64ab948 100644 ---- a/drivers/usb/serial/io_edgeport.c -+++ b/drivers/usb/serial/io_edgeport.c -@@ -652,6 +652,7 @@ static void edge_interrupt_callback(struct urb *urb) - struct usb_serial_port *port; - unsigned char *data = urb->transfer_buffer; - int length = urb->actual_length; -+ unsigned long flags; - int bytes_avail; - int position; - int txCredits; -@@ -683,7 +684,7 @@ static void edge_interrupt_callback(struct urb *urb) - if (length > 1) { - bytes_avail = data[0] | (data[1] << 8); - if (bytes_avail) { -- spin_lock(&edge_serial->es_lock); -+ spin_lock_irqsave(&edge_serial->es_lock, flags); - edge_serial->rxBytesAvail += bytes_avail; - dev_dbg(dev, - "%s - bytes_avail=%d, rxBytesAvail=%d, read_in_progress=%d\n", -@@ -706,7 +707,8 @@ static void edge_interrupt_callback(struct urb *urb) - edge_serial->read_in_progress = false; - } - } -- spin_unlock(&edge_serial->es_lock); -+ spin_unlock_irqrestore(&edge_serial->es_lock, -+ flags); - } - } - /* grab the txcredits for the ports if available */ -@@ -718,10 +720,12 @@ static void edge_interrupt_callback(struct urb *urb) - if (txCredits) { - port = edge_serial->serial->port[portNumber]; - edge_port = usb_get_serial_port_data(port); -- if (edge_port->open) { -- spin_lock(&edge_port->ep_lock); -+ if (edge_port && edge_port->open) { -+ spin_lock_irqsave(&edge_port->ep_lock, -+ flags); - edge_port->txCredits += txCredits; -- spin_unlock(&edge_port->ep_lock); -+ spin_unlock_irqrestore(&edge_port->ep_lock, -+ flags); - dev_dbg(dev, "%s - txcredits for port%d = %d\n", - __func__, portNumber, - edge_port->txCredits); -@@ -762,6 +766,7 @@ static void edge_bulk_in_callback(struct urb *urb) - int retval; - __u16 raw_data_length; - int status = urb->status; -+ unsigned long flags; - - if (status) { - dev_dbg(&urb->dev->dev, "%s - nonzero read bulk status received: %d\n", -@@ -781,7 +786,7 @@ static void edge_bulk_in_callback(struct urb *urb) - - usb_serial_debug_data(dev, __func__, raw_data_length, data); - -- spin_lock(&edge_serial->es_lock); -+ spin_lock_irqsave(&edge_serial->es_lock, flags); - - /* decrement our rxBytes available by the number that we just got */ - edge_serial->rxBytesAvail -= raw_data_length; -@@ -805,7 +810,7 @@ static void edge_bulk_in_callback(struct urb *urb) - edge_serial->read_in_progress = false; - } - -- spin_unlock(&edge_serial->es_lock); -+ spin_unlock_irqrestore(&edge_serial->es_lock, flags); - } - - -@@ -1733,7 +1738,8 @@ static void edge_break(struct tty_struct *tty, int break_state) - static void process_rcvd_data(struct edgeport_serial *edge_serial, - unsigned char *buffer, __u16 bufferLength) - { -- struct device *dev = &edge_serial->serial->dev->dev; -+ struct usb_serial *serial = edge_serial->serial; -+ struct device *dev = &serial->dev->dev; - struct usb_serial_port *port; - struct edgeport_port *edge_port; - __u16 lastBufferLength; -@@ -1838,11 +1844,10 @@ static void process_rcvd_data(struct edgeport_serial *edge_serial, - - /* spit this data back into the tty driver if this - port is open */ -- if (rxLen) { -- port = edge_serial->serial->port[ -- edge_serial->rxPort]; -+ if (rxLen && edge_serial->rxPort < serial->num_ports) { -+ port = serial->port[edge_serial->rxPort]; - edge_port = usb_get_serial_port_data(port); -- if (edge_port->open) { -+ if (edge_port && edge_port->open) { - dev_dbg(dev, "%s - Sending %d bytes to TTY for port %d\n", - __func__, rxLen, - edge_serial->rxPort); -@@ -1850,8 +1855,8 @@ static void process_rcvd_data(struct edgeport_serial *edge_serial, - rxLen); - edge_port->port->icount.rx += rxLen; - } -- buffer += rxLen; - } -+ buffer += rxLen; - break; - - case EXPECT_HDR3: /* Expect 3rd byte of status header */ -@@ -1886,6 +1891,8 @@ static void process_rcvd_status(struct edgeport_serial *edge_serial, - __u8 code = edge_serial->rxStatusCode; - - /* switch the port pointer to the one being currently talked about */ -+ if (edge_serial->rxPort >= edge_serial->serial->num_ports) -+ return; - port = edge_serial->serial->port[edge_serial->rxPort]; - edge_port = usb_get_serial_port_data(port); - if (edge_port == NULL) { -diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c -index 2c5a53bdccd4..55a768487990 100644 ---- a/drivers/usb/serial/keyspan.c -+++ b/drivers/usb/serial/keyspan.c -@@ -1062,6 +1062,8 @@ static void usa49_glocont_callback(struct urb *urb) - for (i = 0; i < serial->num_ports; ++i) { - port = serial->port[i]; - p_priv = usb_get_serial_port_data(port); -+ if (!p_priv) -+ continue; - - if (p_priv->resend_cont) { - dev_dbg(&port->dev, "%s - sending setup\n", __func__); -@@ -1463,6 +1465,8 @@ static void usa67_glocont_callback(struct urb *urb) - for (i = 0; i < serial->num_ports; ++i) { - port = serial->port[i]; - p_priv = usb_get_serial_port_data(port); -+ if (!p_priv) -+ continue; - - if (p_priv->resend_cont) { - dev_dbg(&port->dev, "%s - sending setup\n", __func__); -diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c -index 58657d64678b..c37572a8bb06 100644 ---- a/drivers/usb/serial/opticon.c -+++ b/drivers/usb/serial/opticon.c -@@ -116,7 +116,7 @@ static int send_control_msg(struct usb_serial_port *port, u8 requesttype, - retval = usb_control_msg(serial->dev, usb_sndctrlpipe(serial->dev, 0), - requesttype, - USB_DIR_OUT|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, -- 0, 0, buffer, 1, 0); -+ 0, 0, buffer, 1, USB_CTRL_SET_TIMEOUT); - kfree(buffer); - - if (retval < 0) -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index e69e31539914..eff353de47cd 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -251,6 +251,7 @@ static void option_instat_callback(struct urb *urb); - #define QUECTEL_PRODUCT_BG96 0x0296 - #define QUECTEL_PRODUCT_EP06 0x0306 - #define QUECTEL_PRODUCT_EM12 0x0512 -+#define QUECTEL_PRODUCT_RM500Q 0x0800 - - #define CMOTECH_VENDOR_ID 0x16d8 - #define CMOTECH_PRODUCT_6001 0x6001 -@@ -1107,6 +1108,11 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, - { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0, 0) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x30) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0, 0) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x10), -+ .driver_info = ZLP }, -+ - { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, - { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, - { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), -diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c -index 60e17d1444c3..f16e0b8c1ed4 100644 ---- a/drivers/usb/serial/quatech2.c -+++ b/drivers/usb/serial/quatech2.c -@@ -867,7 +867,10 @@ static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch) - u8 newMSR = (u8) *ch; - unsigned long flags; - -+ /* May be called from qt2_process_read_urb() for an unbound port. */ - port_priv = usb_get_serial_port_data(port); -+ if (!port_priv) -+ return; - - spin_lock_irqsave(&port_priv->lock, flags); - port_priv->shadowMSR = newMSR; -@@ -895,7 +898,10 @@ static void qt2_update_lsr(struct usb_serial_port *port, unsigned char *ch) - unsigned long flags; - u8 newLSR = (u8) *ch; - -+ /* May be called from qt2_process_read_urb() for an unbound port. */ - port_priv = usb_get_serial_port_data(port); -+ if (!port_priv) -+ return; - - if (newLSR & UART_LSR_BI) - newLSR &= (u8) (UART_LSR_OE | UART_LSR_BI); -diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c -index 511242111403..15e05ebf37ac 100644 ---- a/drivers/usb/serial/usb-serial-simple.c -+++ b/drivers/usb/serial/usb-serial-simple.c -@@ -89,6 +89,8 @@ DEVICE(moto_modem, MOTO_IDS); - #define MOTOROLA_TETRA_IDS() \ - { USB_DEVICE(0x0cad, 0x9011) }, /* Motorola Solutions TETRA PEI */ \ - { USB_DEVICE(0x0cad, 0x9012) }, /* MTP6550 */ \ -+ { USB_DEVICE(0x0cad, 0x9013) }, /* MTP3xxx */ \ -+ { USB_DEVICE(0x0cad, 0x9015) }, /* MTP85xx */ \ - { USB_DEVICE(0x0cad, 0x9016) } /* TPG2200 */ - DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS); - -diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c -index 8115b7cccf1a..3dc3464626fb 100644 ---- a/drivers/usb/serial/usb-serial.c -+++ b/drivers/usb/serial/usb-serial.c -@@ -1332,6 +1332,9 @@ static int usb_serial_register(struct usb_serial_driver *driver) - return -EINVAL; - } - -+ /* Prevent individual ports from being unbound. */ -+ driver->driver.suppress_bind_attrs = true; -+ - usb_serial_operations_init(driver); - - /* Add this device to our list of devices */ -diff --git a/firmware/Makefile b/firmware/Makefile -index 168094a3fae7..30e6b738839e 100644 ---- a/firmware/Makefile -+++ b/firmware/Makefile -@@ -19,7 +19,7 @@ quiet_cmd_fwbin = MK_FW $@ - PROGBITS=$(if $(CONFIG_ARM),%,@)progbits; \ - echo "/* Generated by firmware/Makefile */" > $@;\ - echo " .section .rodata" >>$@;\ -- echo " .p2align $${ASM_ALIGN}" >>$@;\ -+ echo " .p2align 4" >>$@;\ - echo "_fw_$${FWSTR}_bin:" >>$@;\ - echo " .incbin \"$(2)\"" >>$@;\ - echo "_fw_end:" >>$@;\ -diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c -index cb6e8cb0de94..39a00b57ff01 100644 ---- a/fs/btrfs/qgroup.c -+++ b/fs/btrfs/qgroup.c -@@ -1928,8 +1928,12 @@ btrfs_qgroup_account_extent(struct btrfs_trans_handle *trans, - u64 nr_old_roots = 0; - int ret = 0; - -+ /* -+ * If quotas get disabled meanwhile, the resouces need to be freed and -+ * we can't just exit here. -+ */ - if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) -- return 0; -+ goto out_free; - - if (new_roots) { - if (!maybe_fs_roots(new_roots)) -diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c -index 29a0c0969e91..28f6daf371d3 100644 ---- a/fs/reiserfs/xattr.c -+++ b/fs/reiserfs/xattr.c -@@ -319,8 +319,12 @@ static int reiserfs_for_each_xattr(struct inode *inode, - out_dir: - dput(dir); - out: -- /* -ENODATA isn't an error */ -- if (err == -ENODATA) -+ /* -+ * -ENODATA: this object doesn't have any xattrs -+ * -EOPNOTSUPP: this file system doesn't have xattrs enabled on disk. -+ * Neither are errors -+ */ -+ if (err == -ENODATA || err == -EOPNOTSUPP) - err = 0; - return err; - } -diff --git a/include/dt-bindings/reset/amlogic,meson8b-reset.h b/include/dt-bindings/reset/amlogic,meson8b-reset.h -index 614aff2c7aff..a03e86fe2c57 100644 ---- a/include/dt-bindings/reset/amlogic,meson8b-reset.h -+++ b/include/dt-bindings/reset/amlogic,meson8b-reset.h -@@ -95,9 +95,9 @@ - #define RESET_VD_RMEM 64 - #define RESET_AUDIN 65 - #define RESET_DBLK 66 --#define RESET_PIC_DC 66 --#define RESET_PSC 66 --#define RESET_NAND 66 -+#define RESET_PIC_DC 67 -+#define RESET_PSC 68 -+#define RESET_NAND 69 - #define RESET_GE2D 70 - #define RESET_PARSER_REG 71 - #define RESET_PARSER_FETCH 72 -diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 4d4af0e94059..ad940102451c 100644 ---- a/include/linux/blkdev.h -+++ b/include/linux/blkdev.h -@@ -343,6 +343,7 @@ struct queue_limits { - unsigned int max_sectors; - unsigned int max_segment_size; - unsigned int physical_block_size; -+ unsigned int logical_block_size; - unsigned int alignment_offset; - unsigned int io_min; - unsigned int io_opt; -@@ -353,7 +354,6 @@ struct queue_limits { - unsigned int discard_granularity; - unsigned int discard_alignment; - -- unsigned short logical_block_size; - unsigned short max_segments; - unsigned short max_integrity_segments; - unsigned short max_discard_segments; -@@ -1178,7 +1178,7 @@ extern void blk_queue_max_write_same_sectors(struct request_queue *q, - unsigned int max_write_same_sectors); - extern void blk_queue_max_write_zeroes_sectors(struct request_queue *q, - unsigned int max_write_same_sectors); --extern void blk_queue_logical_block_size(struct request_queue *, unsigned short); -+extern void blk_queue_logical_block_size(struct request_queue *, unsigned int); - extern void blk_queue_physical_block_size(struct request_queue *, unsigned int); - extern void blk_queue_alignment_offset(struct request_queue *q, - unsigned int alignment); -@@ -1436,7 +1436,7 @@ static inline unsigned int queue_max_segment_size(struct request_queue *q) - return q->limits.max_segment_size; - } - --static inline unsigned short queue_logical_block_size(struct request_queue *q) -+static inline unsigned queue_logical_block_size(struct request_queue *q) - { - int retval = 512; - -@@ -1446,7 +1446,7 @@ static inline unsigned short queue_logical_block_size(struct request_queue *q) - return retval; - } - --static inline unsigned short bdev_logical_block_size(struct block_device *bdev) -+static inline unsigned int bdev_logical_block_size(struct block_device *bdev) - { - return queue_logical_block_size(bdev_get_queue(bdev)); - } -diff --git a/include/linux/regulator/ab8500.h b/include/linux/regulator/ab8500.h -index 260c4aa1d976..3f6b8b9ef49d 100644 ---- a/include/linux/regulator/ab8500.h -+++ b/include/linux/regulator/ab8500.h -@@ -43,8 +43,6 @@ enum ab8505_regulator_id { - AB8505_LDO_ANAMIC2, - AB8505_LDO_AUX8, - AB8505_LDO_ANA, -- AB8505_SYSCLKREQ_2, -- AB8505_SYSCLKREQ_4, - AB8505_NUM_REGULATORS, - }; - -diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 09fb3f58a838..43a283041296 100644 ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -258,12 +258,17 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) - return ret; - } - --static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) -+static bool ptrace_has_cap(const struct cred *cred, struct user_namespace *ns, -+ unsigned int mode) - { -+ int ret; -+ - if (mode & PTRACE_MODE_NOAUDIT) -- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); -+ ret = security_capable(cred, ns, CAP_SYS_PTRACE); - else -- return has_ns_capability(current, ns, CAP_SYS_PTRACE); -+ ret = security_capable(cred, ns, CAP_SYS_PTRACE); -+ -+ return ret == 0; - } - - /* Returns 0 on success, -errno on denial. */ -@@ -315,7 +320,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) - gid_eq(caller_gid, tcred->sgid) && - gid_eq(caller_gid, tcred->gid)) - goto ok; -- if (ptrace_has_cap(tcred->user_ns, mode)) -+ if (ptrace_has_cap(cred, tcred->user_ns, mode)) - goto ok; - rcu_read_unlock(); - return -EPERM; -@@ -334,7 +339,7 @@ ok: - mm = task->mm; - if (mm && - ((get_dumpable(mm) != SUID_DUMP_USER) && -- !ptrace_has_cap(mm->user_ns, mode))) -+ !ptrace_has_cap(cred, mm->user_ns, mode))) - return -EPERM; - - return security_ptrace_access_check(task, mode); -diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c -index a8fa0a896b78..3c7b400512eb 100644 ---- a/kernel/time/tick-sched.c -+++ b/kernel/time/tick-sched.c -@@ -60,8 +60,9 @@ static void tick_do_update_jiffies64(ktime_t now) - - /* - * Do a quick check without holding jiffies_lock: -+ * The READ_ONCE() pairs with two updates done later in this function. - */ -- delta = ktime_sub(now, last_jiffies_update); -+ delta = ktime_sub(now, READ_ONCE(last_jiffies_update)); - if (delta < tick_period) - return; - -@@ -72,8 +73,9 @@ static void tick_do_update_jiffies64(ktime_t now) - if (delta >= tick_period) { - - delta = ktime_sub(delta, tick_period); -- last_jiffies_update = ktime_add(last_jiffies_update, -- tick_period); -+ /* Pairs with the lockless read in this function. */ -+ WRITE_ONCE(last_jiffies_update, -+ ktime_add(last_jiffies_update, tick_period)); - - /* Slow path for long timeouts */ - if (unlikely(delta >= tick_period)) { -@@ -81,8 +83,10 @@ static void tick_do_update_jiffies64(ktime_t now) - - ticks = ktime_divns(delta, incr); - -- last_jiffies_update = ktime_add_ns(last_jiffies_update, -- incr * ticks); -+ /* Pairs with the lockless read in this function. */ -+ WRITE_ONCE(last_jiffies_update, -+ ktime_add_ns(last_jiffies_update, -+ incr * ticks)); - } - do_timer(++ticks); - -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 1adc2e6c50f9..92915cc87549 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -502,13 +502,13 @@ void prep_transhuge_page(struct page *page) - set_compound_page_dtor(page, TRANSHUGE_PAGE_DTOR); - } - --unsigned long __thp_get_unmapped_area(struct file *filp, unsigned long len, -+static unsigned long __thp_get_unmapped_area(struct file *filp, -+ unsigned long addr, unsigned long len, - loff_t off, unsigned long flags, unsigned long size) - { -- unsigned long addr; - loff_t off_end = off + len; - loff_t off_align = round_up(off, size); -- unsigned long len_pad; -+ unsigned long len_pad, ret; - - if (off_end <= off_align || (off_end - off_align) < size) - return 0; -@@ -517,30 +517,40 @@ unsigned long __thp_get_unmapped_area(struct file *filp, unsigned long len, - if (len_pad < len || (off + len_pad) < off) - return 0; - -- addr = current->mm->get_unmapped_area(filp, 0, len_pad, -+ ret = current->mm->get_unmapped_area(filp, addr, len_pad, - off >> PAGE_SHIFT, flags); -- if (IS_ERR_VALUE(addr)) -+ -+ /* -+ * The failure might be due to length padding. The caller will retry -+ * without the padding. -+ */ -+ if (IS_ERR_VALUE(ret)) - return 0; - -- addr += (off - addr) & (size - 1); -- return addr; -+ /* -+ * Do not try to align to THP boundary if allocation at the address -+ * hint succeeds. -+ */ -+ if (ret == addr) -+ return addr; -+ -+ ret += (off - ret) & (size - 1); -+ return ret; - } - - unsigned long thp_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { -+ unsigned long ret; - loff_t off = (loff_t)pgoff << PAGE_SHIFT; - -- if (addr) -- goto out; - if (!IS_DAX(filp->f_mapping->host) || !IS_ENABLED(CONFIG_FS_DAX_PMD)) - goto out; - -- addr = __thp_get_unmapped_area(filp, len, off, flags, PMD_SIZE); -- if (addr) -- return addr; -- -- out: -+ ret = __thp_get_unmapped_area(filp, addr, len, off, flags, PMD_SIZE); -+ if (ret) -+ return ret; -+out: - return current->mm->get_unmapped_area(filp, addr, len, pgoff, flags); - } - EXPORT_SYMBOL_GPL(thp_get_unmapped_area); -diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index a40c075fd8f1..29f9980c13ac 100644 ---- a/mm/page-writeback.c -+++ b/mm/page-writeback.c -@@ -201,11 +201,11 @@ static void wb_min_max_ratio(struct bdi_writeback *wb, - if (this_bw < tot_bw) { - if (min) { - min *= this_bw; -- do_div(min, tot_bw); -+ min = div64_ul(min, tot_bw); - } - if (max < 100) { - max *= this_bw; -- do_div(max, tot_bw); -+ max = div64_ul(max, tot_bw); - } - } - -diff --git a/mm/shmem.c b/mm/shmem.c -index 69106c600692..0b6db162083c 100644 ---- a/mm/shmem.c -+++ b/mm/shmem.c -@@ -2052,9 +2052,10 @@ unsigned long shmem_get_unmapped_area(struct file *file, - /* - * Our priority is to support MAP_SHARED mapped hugely; - * and support MAP_PRIVATE mapped hugely too, until it is COWed. -- * But if caller specified an address hint, respect that as before. -+ * But if caller specified an address hint and we allocated area there -+ * successfully, respect that as before. - */ -- if (uaddr) -+ if (uaddr == addr) - return addr; - - if (shmem_huge != SHMEM_HUGE_FORCE) { -@@ -2088,7 +2089,7 @@ unsigned long shmem_get_unmapped_area(struct file *file, - if (inflated_len < len) - return addr; - -- inflated_addr = get_area(NULL, 0, inflated_len, 0, flags); -+ inflated_addr = get_area(NULL, uaddr, inflated_len, 0, flags); - if (IS_ERR_VALUE(inflated_addr)) - return addr; - if (inflated_addr & ~PAGE_MASK) -diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c -index 8d1d0fdb157e..1519cbf70150 100644 ---- a/net/batman-adv/distributed-arp-table.c -+++ b/net/batman-adv/distributed-arp-table.c -@@ -243,6 +243,7 @@ static u32 batadv_hash_dat(const void *data, u32 size) - u32 hash = 0; - const struct batadv_dat_entry *dat = data; - const unsigned char *key; -+ __be16 vid; - u32 i; - - key = (const unsigned char *)&dat->ip; -@@ -252,7 +253,8 @@ static u32 batadv_hash_dat(const void *data, u32 size) - hash ^= (hash >> 6); - } - -- key = (const unsigned char *)&dat->vid; -+ vid = htons(dat->vid); -+ key = (__force const unsigned char *)&vid; - for (i = 0; i < sizeof(dat->vid); i++) { - hash += key[i]; - hash += (hash << 10); -diff --git a/net/dsa/tag_qca.c b/net/dsa/tag_qca.c -index b8c05f1cf47d..af3a12a36d88 100644 ---- a/net/dsa/tag_qca.c -+++ b/net/dsa/tag_qca.c -@@ -41,9 +41,6 @@ static struct sk_buff *qca_tag_xmit(struct sk_buff *skb, struct net_device *dev) - struct dsa_slave_priv *p = netdev_priv(dev); - u16 *phdr, hdr; - -- dev->stats.tx_packets++; -- dev->stats.tx_bytes += skb->len; -- - if (skb_cow_head(skb, 0) < 0) - return NULL; - -diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index e288489ae3d5..6dd727e0a72f 100644 ---- a/net/ipv4/netfilter/arp_tables.c -+++ b/net/ipv4/netfilter/arp_tables.c -@@ -506,12 +506,13 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, - return 0; - } - --static inline void cleanup_entry(struct arpt_entry *e) -+static void cleanup_entry(struct arpt_entry *e, struct net *net) - { - struct xt_tgdtor_param par; - struct xt_entry_target *t; - - t = arpt_get_target(e); -+ par.net = net; - par.target = t->u.kernel.target; - par.targinfo = t->data; - par.family = NFPROTO_ARP; -@@ -601,7 +602,7 @@ static int translate_table(struct net *net, - xt_entry_foreach(iter, entry0, newinfo->size) { - if (i-- == 0) - break; -- cleanup_entry(iter); -+ cleanup_entry(iter, net); - } - return ret; - } -@@ -926,7 +927,7 @@ static int __do_replace(struct net *net, const char *name, - /* Decrease module usage counts and free resource */ - loc_cpu_old_entry = oldinfo->entries; - xt_entry_foreach(iter, loc_cpu_old_entry, oldinfo->size) -- cleanup_entry(iter); -+ cleanup_entry(iter, net); - - xt_free_table_info(oldinfo); - if (copy_to_user(counters_ptr, counters, -@@ -990,7 +991,7 @@ static int do_replace(struct net *net, const void __user *user, - - free_newinfo_untrans: - xt_entry_foreach(iter, loc_cpu_entry, newinfo->size) -- cleanup_entry(iter); -+ cleanup_entry(iter, net); - free_newinfo: - xt_free_table_info(newinfo); - return ret; -@@ -1287,7 +1288,7 @@ static int compat_do_replace(struct net *net, void __user *user, - - free_newinfo_untrans: - xt_entry_foreach(iter, loc_cpu_entry, newinfo->size) -- cleanup_entry(iter); -+ cleanup_entry(iter, net); - free_newinfo: - xt_free_table_info(newinfo); - return ret; -@@ -1514,7 +1515,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len - return ret; - } - --static void __arpt_unregister_table(struct xt_table *table) -+static void __arpt_unregister_table(struct net *net, struct xt_table *table) - { - struct xt_table_info *private; - void *loc_cpu_entry; -@@ -1526,7 +1527,7 @@ static void __arpt_unregister_table(struct xt_table *table) - /* Decrease module usage counts and free resources */ - loc_cpu_entry = private->entries; - xt_entry_foreach(iter, loc_cpu_entry, private->size) -- cleanup_entry(iter); -+ cleanup_entry(iter, net); - if (private->number > private->initial_entries) - module_put(table_owner); - xt_free_table_info(private); -@@ -1566,7 +1567,7 @@ int arpt_register_table(struct net *net, - - ret = nf_register_net_hooks(net, ops, hweight32(table->valid_hooks)); - if (ret != 0) { -- __arpt_unregister_table(new_table); -+ __arpt_unregister_table(net, new_table); - *res = NULL; - } - -@@ -1581,7 +1582,7 @@ void arpt_unregister_table(struct net *net, struct xt_table *table, - const struct nf_hook_ops *ops) - { - nf_unregister_net_hooks(net, ops, hweight32(table->valid_hooks)); -- __arpt_unregister_table(table); -+ __arpt_unregister_table(net, table); - } - - /* The built-in targets: standard (NULL) and error. */ -diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index d2b1c39c4223..29f3df4ddd1f 100644 ---- a/net/ipv4/tcp_input.c -+++ b/net/ipv4/tcp_input.c -@@ -932,9 +932,10 @@ static void tcp_update_reordering(struct sock *sk, const int metric, - /* This must be called before lost_out is incremented */ - static void tcp_verify_retransmit_hint(struct tcp_sock *tp, struct sk_buff *skb) - { -- if (!tp->retransmit_skb_hint || -- before(TCP_SKB_CB(skb)->seq, -- TCP_SKB_CB(tp->retransmit_skb_hint)->seq)) -+ if ((!tp->retransmit_skb_hint && tp->retrans_out >= tp->lost_out) || -+ (tp->retransmit_skb_hint && -+ before(TCP_SKB_CB(skb)->seq, -+ TCP_SKB_CB(tp->retransmit_skb_hint)->seq))) - tp->retransmit_skb_hint = skb; - } - -diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h -index 8ad2b52a0b32..b0701f6259cc 100644 ---- a/net/netfilter/ipset/ip_set_bitmap_gen.h -+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h -@@ -64,9 +64,9 @@ mtype_destroy(struct ip_set *set) - if (SET_WITH_TIMEOUT(set)) - del_timer_sync(&map->gc); - -- ip_set_free(map->members); - if (set->dsize && set->extensions & IPSET_EXT_DESTROY) - mtype_ext_cleanup(set); -+ ip_set_free(map->members); - ip_set_free(map); - - set->data = NULL; -diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h -index 0c06240d25af..249919bdfc64 100644 ---- a/net/wireless/rdev-ops.h -+++ b/net/wireless/rdev-ops.h -@@ -537,6 +537,10 @@ static inline int - rdev_set_wiphy_params(struct cfg80211_registered_device *rdev, u32 changed) - { - int ret; -+ -+ if (!rdev->ops->set_wiphy_params) -+ return -EOPNOTSUPP; -+ - trace_rdev_set_wiphy_params(&rdev->wiphy, changed); - ret = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); - trace_rdev_return_int(&rdev->wiphy, ret); -diff --git a/net/wireless/util.c b/net/wireless/util.c -index 2234817f5dbb..935929b45411 100644 ---- a/net/wireless/util.c -+++ b/net/wireless/util.c -@@ -652,7 +652,7 @@ __frame_add_frag(struct sk_buff *skb, struct page *page, - struct skb_shared_info *sh = skb_shinfo(skb); - int page_offset; - -- page_ref_inc(page); -+ get_page(page); - page_offset = ptr - page_address(page); - skb_add_rx_frag(skb, sh->nr_frags, page, page_offset, len, size); - } -diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c -index b80985fbc334..0e1feb597586 100644 ---- a/sound/core/seq/seq_timer.c -+++ b/sound/core/seq/seq_timer.c -@@ -479,15 +479,19 @@ void snd_seq_info_timer_read(struct snd_info_entry *entry, - q = queueptr(idx); - if (q == NULL) - continue; -- if ((tmr = q->timer) == NULL || -- (ti = tmr->timeri) == NULL) { -- queuefree(q); -- continue; -- } -+ mutex_lock(&q->timer_mutex); -+ tmr = q->timer; -+ if (!tmr) -+ goto unlock; -+ ti = tmr->timeri; -+ if (!ti) -+ goto unlock; - snd_iprintf(buffer, "Timer for queue %i : %s\n", q->queue, ti->timer->name); - resolution = snd_timer_resolution(ti) * tmr->ticks; - snd_iprintf(buffer, " Period time : %lu.%09lu\n", resolution / 1000000000, resolution % 1000000000); - snd_iprintf(buffer, " Skew : %u / %u\n", tmr->skew, tmr->skew_base); -+unlock: -+ mutex_unlock(&q->timer_mutex); - queuefree(q); - } - } -diff --git a/sound/soc/codecs/msm8916-wcd-analog.c b/sound/soc/codecs/msm8916-wcd-analog.c -index 969283737787..3633eb30dd13 100644 ---- a/sound/soc/codecs/msm8916-wcd-analog.c -+++ b/sound/soc/codecs/msm8916-wcd-analog.c -@@ -876,10 +876,10 @@ static const struct snd_soc_dapm_widget pm8916_wcd_analog_dapm_widgets[] = { - - SND_SOC_DAPM_SUPPLY("MIC BIAS External1", CDC_A_MICB_1_EN, 7, 0, - pm8916_wcd_analog_enable_micbias_ext1, -- SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMD), -+ SND_SOC_DAPM_POST_PMU), - SND_SOC_DAPM_SUPPLY("MIC BIAS External2", CDC_A_MICB_2_EN, 7, 0, - pm8916_wcd_analog_enable_micbias_ext2, -- SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), -+ SND_SOC_DAPM_POST_PMU), - - SND_SOC_DAPM_ADC_E("ADC1", NULL, CDC_A_TX_1_EN, 7, 0, - pm8916_wcd_analog_enable_adc, -diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c -index fd4dd12b8f9d..17b26661b2f6 100644 ---- a/tools/perf/builtin-report.c -+++ b/tools/perf/builtin-report.c -@@ -742,6 +742,7 @@ int cmd_report(int argc, const char **argv) - struct stat st; - bool has_br_stack = false; - int branch_mode = -1; -+ int last_key = 0; - bool branch_call_mode = false; - char callchain_default_opt[] = CALLCHAIN_DEFAULT_OPT; - const char * const report_usage[] = { -@@ -1048,7 +1049,8 @@ repeat: - else - use_browser = 0; - -- if (setup_sorting(session->evlist) < 0) { -+ if ((last_key != K_SWITCH_INPUT_DATA) && -+ (setup_sorting(session->evlist) < 0)) { - if (sort_order) - parse_options_usage(report_usage, options, "s", 1); - if (field_order) -@@ -1108,6 +1110,7 @@ repeat: - ret = __cmd_report(&report); - if (ret == K_SWITCH_INPUT_DATA) { - perf_session__delete(session); -+ last_key = K_SWITCH_INPUT_DATA; - goto repeat; - } else - ret = 0; -diff --git a/tools/perf/util/hist.h b/tools/perf/util/hist.h -index b99d68943f25..595f91f46811 100644 ---- a/tools/perf/util/hist.h -+++ b/tools/perf/util/hist.h -@@ -317,10 +317,10 @@ static inline void perf_hpp__prepend_sort_field(struct perf_hpp_fmt *format) - list_for_each_entry_safe(format, tmp, &(_list)->sorts, sort_list) - - #define hists__for_each_format(hists, format) \ -- perf_hpp_list__for_each_format((hists)->hpp_list, fmt) -+ perf_hpp_list__for_each_format((hists)->hpp_list, format) - - #define hists__for_each_sort_list(hists, format) \ -- perf_hpp_list__for_each_sort_list((hists)->hpp_list, fmt) -+ perf_hpp_list__for_each_sort_list((hists)->hpp_list, format) - - extern struct perf_hpp_fmt perf_hpp__format[]; - -diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c -index 30a5e92b67bd..893193bd28c1 100644 ---- a/tools/perf/util/probe-finder.c -+++ b/tools/perf/util/probe-finder.c -@@ -615,38 +615,26 @@ static int convert_to_trace_point(Dwarf_Die *sp_die, Dwfl_Module *mod, - const char *function, - struct probe_trace_point *tp) - { -- Dwarf_Addr eaddr, highaddr; -+ Dwarf_Addr eaddr; - GElf_Sym sym; - const char *symbol; - - /* Verify the address is correct */ -- if (dwarf_entrypc(sp_die, &eaddr) != 0) { -- pr_warning("Failed to get entry address of %s\n", -- dwarf_diename(sp_die)); -- return -ENOENT; -- } -- if (dwarf_highpc(sp_die, &highaddr) != 0) { -- pr_warning("Failed to get end address of %s\n", -- dwarf_diename(sp_die)); -- return -ENOENT; -- } -- if (paddr > highaddr) { -- pr_warning("Offset specified is greater than size of %s\n", -+ if (!dwarf_haspc(sp_die, paddr)) { -+ pr_warning("Specified offset is out of %s\n", - dwarf_diename(sp_die)); - return -EINVAL; - } - -- symbol = dwarf_diename(sp_die); -+ /* Try to get actual symbol name from symtab */ -+ symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL); - if (!symbol) { -- /* Try to get the symbol name from symtab */ -- symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL); -- if (!symbol) { -- pr_warning("Failed to find symbol at 0x%lx\n", -- (unsigned long)paddr); -- return -ENOENT; -- } -- eaddr = sym.st_value; -+ pr_warning("Failed to find symbol at 0x%lx\n", -+ (unsigned long)paddr); -+ return -ENOENT; - } -+ eaddr = sym.st_value; -+ - tp->offset = (unsigned long)(paddr - eaddr); - tp->address = (unsigned long)paddr; - tp->symbol = strdup(symbol); diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.167-168-alt.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.167-168-alt.patch deleted file mode 100644 index 02279ee57b..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.167-168-alt.patch +++ /dev/null @@ -1,9416 +0,0 @@ -diff --git a/Makefile b/Makefile -index 3e8eaabf2bcb..1e74ba09cdda 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 167 -+SUBLEVEL = 168 - EXTRAVERSION = - NAME = Petit Gorille - -@@ -971,6 +971,7 @@ ifdef CONFIG_STACK_VALIDATION - endif - endif - -+PHONY += prepare0 - - ifeq ($(KBUILD_EXTMOD),) - core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/ -@@ -1065,8 +1066,7 @@ include/config/kernel.release: include/config/auto.conf FORCE - # archprepare is used in arch Makefiles and when processed asm symlink, - # version.h and scripts_basic is processed / created. - --# Listed in dependency order --PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3 -+PHONY += prepare archprepare prepare1 prepare2 prepare3 - - # prepare3 is used to check if we are building in a separate output directory, - # and if so do: -diff --git a/arch/arm/boot/dts/lpc3250-phy3250.dts b/arch/arm/boot/dts/lpc3250-phy3250.dts -index b7bd3a110a8d..dd0bdf765599 100644 ---- a/arch/arm/boot/dts/lpc3250-phy3250.dts -+++ b/arch/arm/boot/dts/lpc3250-phy3250.dts -@@ -49,8 +49,8 @@ - sd_reg: regulator@2 { - compatible = "regulator-fixed"; - regulator-name = "sd_reg"; -- regulator-min-microvolt = <1800000>; -- regulator-max-microvolt = <1800000>; -+ regulator-min-microvolt = <3300000>; -+ regulator-max-microvolt = <3300000>; - gpio = <&gpio 5 5 0>; - enable-active-high; - }; -diff --git a/arch/arm/boot/dts/lpc32xx.dtsi b/arch/arm/boot/dts/lpc32xx.dtsi -index d077bd2b9583..c5b119ddb70b 100644 ---- a/arch/arm/boot/dts/lpc32xx.dtsi -+++ b/arch/arm/boot/dts/lpc32xx.dtsi -@@ -139,11 +139,11 @@ - }; - - clcd: clcd@31040000 { -- compatible = "arm,pl110", "arm,primecell"; -+ compatible = "arm,pl111", "arm,primecell"; - reg = <0x31040000 0x1000>; - interrupts = <14 IRQ_TYPE_LEVEL_HIGH>; -- clocks = <&clk LPC32XX_CLK_LCD>; -- clock-names = "apb_pclk"; -+ clocks = <&clk LPC32XX_CLK_LCD>, <&clk LPC32XX_CLK_LCD>; -+ clock-names = "clcdclk", "apb_pclk"; - status = "disabled"; - }; - -@@ -462,7 +462,9 @@ - key: key@40050000 { - compatible = "nxp,lpc3220-key"; - reg = <0x40050000 0x1000>; -- interrupts = <54 IRQ_TYPE_LEVEL_HIGH>; -+ clocks = <&clk LPC32XX_CLK_KEY>; -+ interrupt-parent = <&sic1>; -+ interrupts = <22 IRQ_TYPE_LEVEL_HIGH>; - status = "disabled"; - }; - -diff --git a/arch/arm/boot/dts/ls1021a-twr.dts b/arch/arm/boot/dts/ls1021a-twr.dts -index 44715c8ef756..72a3fc63d0ec 100644 ---- a/arch/arm/boot/dts/ls1021a-twr.dts -+++ b/arch/arm/boot/dts/ls1021a-twr.dts -@@ -143,7 +143,7 @@ - }; - - &enet0 { -- tbi-handle = <&tbi1>; -+ tbi-handle = <&tbi0>; - phy-handle = <&sgmii_phy2>; - phy-connection-type = "sgmii"; - status = "okay"; -@@ -222,6 +222,13 @@ - sgmii_phy2: ethernet-phy@2 { - reg = <0x2>; - }; -+ tbi0: tbi-phy@1f { -+ reg = <0x1f>; -+ device_type = "tbi-phy"; -+ }; -+}; -+ -+&mdio1 { - tbi1: tbi-phy@1f { - reg = <0x1f>; - device_type = "tbi-phy"; -diff --git a/arch/arm/boot/dts/ls1021a.dtsi b/arch/arm/boot/dts/ls1021a.dtsi -index 2d20f60947b9..1343c86988c5 100644 ---- a/arch/arm/boot/dts/ls1021a.dtsi -+++ b/arch/arm/boot/dts/ls1021a.dtsi -@@ -562,13 +562,22 @@ - }; - - mdio0: mdio@2d24000 { -- compatible = "gianfar"; -+ compatible = "fsl,etsec2-mdio"; - device_type = "mdio"; - #address-cells = <1>; - #size-cells = <0>; - reg = <0x0 0x2d24000 0x0 0x4000>; - }; - -+ mdio1: mdio@2d64000 { -+ compatible = "fsl,etsec2-mdio"; -+ device_type = "mdio"; -+ #address-cells = <1>; -+ #size-cells = <0>; -+ reg = <0x0 0x2d64000 0x0 0x4000>, -+ <0x0 0x2d50030 0x0 0x4>; -+ }; -+ - ptp_clock@2d10e00 { - compatible = "fsl,etsec-ptp"; - reg = <0x0 0x2d10e00 0x0 0xb0>; -diff --git a/arch/arm/boot/dts/stm32h743i-eval.dts b/arch/arm/boot/dts/stm32h743i-eval.dts -index 6c07786e7ddb..0d98b2865bd7 100644 ---- a/arch/arm/boot/dts/stm32h743i-eval.dts -+++ b/arch/arm/boot/dts/stm32h743i-eval.dts -@@ -71,6 +71,7 @@ - }; - - &adc_12 { -+ vdda-supply = <&vdda>; - vref-supply = <&vdda>; - status = "okay"; - adc1: adc@0 { -diff --git a/arch/arm/boot/dts/sun8i-h3-beelink-x2.dts b/arch/arm/boot/dts/sun8i-h3-beelink-x2.dts -index 10da56e86ab8..21b38c386f1b 100644 ---- a/arch/arm/boot/dts/sun8i-h3-beelink-x2.dts -+++ b/arch/arm/boot/dts/sun8i-h3-beelink-x2.dts -@@ -79,6 +79,8 @@ - wifi_pwrseq: wifi_pwrseq { - compatible = "mmc-pwrseq-simple"; - reset-gpios = <&r_pio 0 7 GPIO_ACTIVE_LOW>; /* PL7 */ -+ clocks = <&rtc 1>; -+ clock-names = "ext_clock"; - }; - - sound_spdif { -@@ -128,6 +130,8 @@ - pinctrl-names = "default"; - pinctrl-0 = <&mmc1_pins_a>; - vmmc-supply = <®_vcc3v3>; -+ vqmmc-supply = <®_vcc3v3>; -+ mmc-pwrseq = <&wifi_pwrseq>; - bus-width = <4>; - non-removable; - status = "okay"; -diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 45c8f2ef4e23..9274a484c6a3 100644 ---- a/arch/arm/mach-omap2/omap_hwmod.c -+++ b/arch/arm/mach-omap2/omap_hwmod.c -@@ -2530,7 +2530,7 @@ static void _setup_iclk_autoidle(struct omap_hwmod *oh) - */ - static int _setup_reset(struct omap_hwmod *oh) - { -- int r; -+ int r = 0; - - if (oh->_state != _HWMOD_STATE_INITIALIZED) - return -EINVAL; -diff --git a/arch/arm/mach-rpc/irq.c b/arch/arm/mach-rpc/irq.c -index b8a61cb11207..7f0f40178634 100644 ---- a/arch/arm/mach-rpc/irq.c -+++ b/arch/arm/mach-rpc/irq.c -@@ -118,7 +118,7 @@ extern unsigned char rpc_default_fiq_start, rpc_default_fiq_end; - - void __init rpc_init_irq(void) - { -- unsigned int irq, clr, set = 0; -+ unsigned int irq, clr, set; - - iomd_writeb(0, IOMD_IRQMASKA); - iomd_writeb(0, IOMD_IRQMASKB); -@@ -130,6 +130,7 @@ void __init rpc_init_irq(void) - - for (irq = 0; irq < NR_IRQS; irq++) { - clr = IRQ_NOREQUEST; -+ set = 0; - - if (irq <= 6 || (irq >= 9 && irq <= 15)) - clr |= IRQ_NOPROBE; -diff --git a/arch/arm/plat-pxa/ssp.c b/arch/arm/plat-pxa/ssp.c -index b92673efffff..97bd43c16cd8 100644 ---- a/arch/arm/plat-pxa/ssp.c -+++ b/arch/arm/plat-pxa/ssp.c -@@ -230,18 +230,12 @@ static int pxa_ssp_probe(struct platform_device *pdev) - - static int pxa_ssp_remove(struct platform_device *pdev) - { -- struct resource *res; - struct ssp_device *ssp; - - ssp = platform_get_drvdata(pdev); - if (ssp == NULL) - return -ENODEV; - -- res = platform_get_resource(pdev, IORESOURCE_MEM, 0); -- release_mem_region(res->start, resource_size(res)); -- -- clk_put(ssp->clk); -- - mutex_lock(&ssp_lock); - list_del(&ssp->node); - mutex_unlock(&ssp_lock); -diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi -index 8c8db1b057df..788a6f8c5994 100644 ---- a/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi -+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi -@@ -274,7 +274,8 @@ - interrupts = , - , - ; -- clocks = <&ccu 58>; -+ clocks = <&ccu 58>, <&osc24M>, <&rtc 0>; -+ clock-names = "apb", "hosc", "losc"; - gpio-controller; - #gpio-cells = <3>; - interrupt-controller; -diff --git a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts -index e2c71753e327..407d32f4fe73 100644 ---- a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts -+++ b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts -@@ -226,7 +226,6 @@ - cap-mmc-highspeed; - mmc-ddr-3_3v; - max-frequency = <50000000>; -- non-removable; - disable-wp; - - mmc-pwrseq = <&emmc_pwrseq>; -diff --git a/arch/arm64/boot/dts/arm/juno-clocks.dtsi b/arch/arm64/boot/dts/arm/juno-clocks.dtsi -index e5e265dfa902..2870b5eeb198 100644 ---- a/arch/arm64/boot/dts/arm/juno-clocks.dtsi -+++ b/arch/arm64/boot/dts/arm/juno-clocks.dtsi -@@ -8,10 +8,10 @@ - */ - / { - /* SoC fixed clocks */ -- soc_uartclk: refclk7273800hz { -+ soc_uartclk: refclk7372800hz { - compatible = "fixed-clock"; - #clock-cells = <0>; -- clock-frequency = <7273800>; -+ clock-frequency = <7372800>; - clock-output-names = "juno:uartclk"; - }; - -diff --git a/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi b/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi -index b6b44fdf7fac..c1028b47edde 100644 ---- a/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi -+++ b/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi -@@ -458,6 +458,8 @@ - l11 { - regulator-min-microvolt = <1750000>; - regulator-max-microvolt = <3337000>; -+ regulator-allow-set-load; -+ regulator-system-load = <200000>; - }; - - l12 { -diff --git a/arch/m68k/amiga/cia.c b/arch/m68k/amiga/cia.c -index 2081b8cd5591..b9aee983e6f4 100644 ---- a/arch/m68k/amiga/cia.c -+++ b/arch/m68k/amiga/cia.c -@@ -88,10 +88,19 @@ static irqreturn_t cia_handler(int irq, void *dev_id) - struct ciabase *base = dev_id; - int mach_irq; - unsigned char ints; -+ unsigned long flags; - -+ /* Interrupts get disabled while the timer irq flag is cleared and -+ * the timer interrupt serviced. -+ */ - mach_irq = base->cia_irq; -+ local_irq_save(flags); - ints = cia_set_irq(base, CIA_ICR_ALL); - amiga_custom.intreq = base->int_mask; -+ if (ints & 1) -+ generic_handle_irq(mach_irq); -+ local_irq_restore(flags); -+ mach_irq++, ints >>= 1; - for (; ints; mach_irq++, ints >>= 1) { - if (ints & 1) - generic_handle_irq(mach_irq); -diff --git a/arch/m68k/atari/ataints.c b/arch/m68k/atari/ataints.c -index 3d2b63bedf05..56f02ea2c248 100644 ---- a/arch/m68k/atari/ataints.c -+++ b/arch/m68k/atari/ataints.c -@@ -142,7 +142,7 @@ struct mfptimerbase { - .name = "MFP Timer D" - }; - --static irqreturn_t mfptimer_handler(int irq, void *dev_id) -+static irqreturn_t mfp_timer_d_handler(int irq, void *dev_id) - { - struct mfptimerbase *base = dev_id; - int mach_irq; -@@ -344,7 +344,7 @@ void __init atari_init_IRQ(void) - st_mfp.tim_ct_cd = (st_mfp.tim_ct_cd & 0xf0) | 0x6; - - /* request timer D dispatch handler */ -- if (request_irq(IRQ_MFP_TIMD, mfptimer_handler, IRQF_SHARED, -+ if (request_irq(IRQ_MFP_TIMD, mfp_timer_d_handler, IRQF_SHARED, - stmfp_base.name, &stmfp_base)) - pr_err("Couldn't register %s interrupt\n", stmfp_base.name); - -diff --git a/arch/m68k/atari/time.c b/arch/m68k/atari/time.c -index c549b48174ec..972181c1fe4b 100644 ---- a/arch/m68k/atari/time.c -+++ b/arch/m68k/atari/time.c -@@ -24,6 +24,18 @@ - DEFINE_SPINLOCK(rtc_lock); - EXPORT_SYMBOL_GPL(rtc_lock); - -+static irqreturn_t mfp_timer_c_handler(int irq, void *dev_id) -+{ -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; -+ -+ local_irq_save(flags); -+ timer_routine(0, NULL); -+ local_irq_restore(flags); -+ -+ return IRQ_HANDLED; -+} -+ - void __init - atari_sched_init(irq_handler_t timer_routine) - { -@@ -32,7 +44,8 @@ atari_sched_init(irq_handler_t timer_routine) - /* start timer C, div = 1:100 */ - st_mfp.tim_ct_cd = (st_mfp.tim_ct_cd & 15) | 0x60; - /* install interrupt service routine for MFP Timer C */ -- if (request_irq(IRQ_MFP_TIMC, timer_routine, 0, "timer", timer_routine)) -+ if (request_irq(IRQ_MFP_TIMC, mfp_timer_c_handler, 0, "timer", -+ timer_routine)) - pr_err("Couldn't register timer interrupt\n"); - } - -diff --git a/arch/m68k/bvme6000/config.c b/arch/m68k/bvme6000/config.c -index 2cfff4765040..0e602c32b246 100644 ---- a/arch/m68k/bvme6000/config.c -+++ b/arch/m68k/bvme6000/config.c -@@ -45,11 +45,6 @@ extern int bvme6000_set_clock_mmss (unsigned long); - extern void bvme6000_reset (void); - void bvme6000_set_vectors (void); - --/* Save tick handler routine pointer, will point to xtime_update() in -- * kernel/timer/timekeeping.c, called via bvme6000_process_int() */ -- --static irq_handler_t tick_handler; -- - - int __init bvme6000_parse_bootinfo(const struct bi_record *bi) - { -@@ -159,12 +154,18 @@ irqreturn_t bvme6000_abort_int (int irq, void *dev_id) - - static irqreturn_t bvme6000_timer_int (int irq, void *dev_id) - { -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; - volatile RtcPtr_t rtc = (RtcPtr_t)BVME_RTC_BASE; -- unsigned char msr = rtc->msr & 0xc0; -+ unsigned char msr; - -+ local_irq_save(flags); -+ msr = rtc->msr & 0xc0; - rtc->msr = msr | 0x20; /* Ack the interrupt */ -+ timer_routine(0, NULL); -+ local_irq_restore(flags); - -- return tick_handler(irq, dev_id); -+ return IRQ_HANDLED; - } - - /* -@@ -183,9 +184,8 @@ void bvme6000_sched_init (irq_handler_t timer_routine) - - rtc->msr = 0; /* Ensure timer registers accessible */ - -- tick_handler = timer_routine; -- if (request_irq(BVME_IRQ_RTC, bvme6000_timer_int, 0, -- "timer", bvme6000_timer_int)) -+ if (request_irq(BVME_IRQ_RTC, bvme6000_timer_int, 0, "timer", -+ timer_routine)) - panic ("Couldn't register timer int"); - - rtc->t1cr_omr = 0x04; /* Mode 2, ext clk */ -diff --git a/arch/m68k/hp300/time.c b/arch/m68k/hp300/time.c -index 289d928a46cb..d30b03ea93a2 100644 ---- a/arch/m68k/hp300/time.c -+++ b/arch/m68k/hp300/time.c -@@ -38,13 +38,19 @@ - - static irqreturn_t hp300_tick(int irq, void *dev_id) - { -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; - unsigned long tmp; -- irq_handler_t vector = dev_id; -+ -+ local_irq_save(flags); - in_8(CLOCKBASE + CLKSR); - asm volatile ("movpw %1@(5),%0" : "=d" (tmp) : "a" (CLOCKBASE)); -+ timer_routine(0, NULL); -+ local_irq_restore(flags); -+ - /* Turn off the network and SCSI leds */ - blinken_leds(0, 0xe0); -- return vector(irq, NULL); -+ return IRQ_HANDLED; - } - - u32 hp300_gettimeoffset(void) -diff --git a/arch/m68k/mac/via.c b/arch/m68k/mac/via.c -index 9f59a662ace5..863806e6775a 100644 ---- a/arch/m68k/mac/via.c -+++ b/arch/m68k/mac/via.c -@@ -54,16 +54,6 @@ static __u8 rbv_clear; - - static int gIER,gIFR,gBufA,gBufB; - --/* -- * Timer defs. -- */ -- --#define TICK_SIZE 10000 --#define MAC_CLOCK_TICK (783300/HZ) /* ticks per HZ */ --#define MAC_CLOCK_LOW (MAC_CLOCK_TICK&0xFF) --#define MAC_CLOCK_HIGH (MAC_CLOCK_TICK>>8) -- -- - /* - * On Macs with a genuine VIA chip there is no way to mask an individual slot - * interrupt. This limitation also seems to apply to VIA clone logic cores in -@@ -278,22 +268,6 @@ void __init via_init(void) - } - } - --/* -- * Start the 100 Hz clock -- */ -- --void __init via_init_clock(irq_handler_t func) --{ -- via1[vACR] |= 0x40; -- via1[vT1LL] = MAC_CLOCK_LOW; -- via1[vT1LH] = MAC_CLOCK_HIGH; -- via1[vT1CL] = MAC_CLOCK_LOW; -- via1[vT1CH] = MAC_CLOCK_HIGH; -- -- if (request_irq(IRQ_MAC_TIMER_1, func, 0, "timer", func)) -- pr_err("Couldn't register %s interrupt\n", "timer"); --} -- - /* - * Debugging dump, used in various places to see what's going on. - */ -@@ -321,29 +295,6 @@ void via_debug_dump(void) - } - } - --/* -- * This is always executed with interrupts disabled. -- * -- * TBI: get time offset between scheduling timer ticks -- */ -- --u32 mac_gettimeoffset(void) --{ -- unsigned long ticks, offset = 0; -- -- /* read VIA1 timer 2 current value */ -- ticks = via1[vT1CL] | (via1[vT1CH] << 8); -- /* The probability of underflow is less than 2% */ -- if (ticks > MAC_CLOCK_TICK - MAC_CLOCK_TICK / 50) -- /* Check for pending timer interrupt in VIA1 IFR */ -- if (via1[vIFR] & 0x40) offset = TICK_SIZE; -- -- ticks = MAC_CLOCK_TICK - ticks; -- ticks = ticks * 10000L / MAC_CLOCK_TICK; -- -- return (ticks + offset) * 1000; --} -- - /* - * Flush the L2 cache on Macs that have it by flipping - * the system into 24-bit mode for an instant. -@@ -447,6 +398,8 @@ void via_nubus_irq_shutdown(int irq) - * via6522.c :-), disable/pending masks added. - */ - -+#define VIA_TIMER_1_INT BIT(6) -+ - void via1_irq(struct irq_desc *desc) - { - int irq_num; -@@ -456,6 +409,21 @@ void via1_irq(struct irq_desc *desc) - if (!events) - return; - -+ irq_num = IRQ_MAC_TIMER_1; -+ irq_bit = VIA_TIMER_1_INT; -+ if (events & irq_bit) { -+ unsigned long flags; -+ -+ local_irq_save(flags); -+ via1[vIFR] = irq_bit; -+ generic_handle_irq(irq_num); -+ local_irq_restore(flags); -+ -+ events &= ~irq_bit; -+ if (!events) -+ return; -+ } -+ - irq_num = VIA1_SOURCE_BASE; - irq_bit = 1; - do { -@@ -612,3 +580,56 @@ int via2_scsi_drq_pending(void) - return via2[gIFR] & (1 << IRQ_IDX(IRQ_MAC_SCSIDRQ)); - } - EXPORT_SYMBOL(via2_scsi_drq_pending); -+ -+/* timer and clock source */ -+ -+#define VIA_CLOCK_FREQ 783360 /* VIA "phase 2" clock in Hz */ -+#define VIA_TIMER_INTERVAL (1000000 / HZ) /* microseconds per jiffy */ -+#define VIA_TIMER_CYCLES (VIA_CLOCK_FREQ / HZ) /* clock cycles per jiffy */ -+ -+#define VIA_TC (VIA_TIMER_CYCLES - 2) /* including 0 and -1 */ -+#define VIA_TC_LOW (VIA_TC & 0xFF) -+#define VIA_TC_HIGH (VIA_TC >> 8) -+ -+void __init via_init_clock(irq_handler_t timer_routine) -+{ -+ if (request_irq(IRQ_MAC_TIMER_1, timer_routine, 0, "timer", NULL)) { -+ pr_err("Couldn't register %s interrupt\n", "timer"); -+ return; -+ } -+ -+ via1[vT1LL] = VIA_TC_LOW; -+ via1[vT1LH] = VIA_TC_HIGH; -+ via1[vT1CL] = VIA_TC_LOW; -+ via1[vT1CH] = VIA_TC_HIGH; -+ via1[vACR] |= 0x40; -+} -+ -+u32 mac_gettimeoffset(void) -+{ -+ unsigned long flags; -+ u8 count_high; -+ u16 count, offset = 0; -+ -+ /* -+ * Timer counter wrap-around is detected with the timer interrupt flag -+ * but reading the counter low byte (vT1CL) would reset the flag. -+ * Also, accessing both counter registers is essentially a data race. -+ * These problems are avoided by ignoring the low byte. Clock accuracy -+ * is 256 times worse (error can reach 0.327 ms) but CPU overhead is -+ * reduced by avoiding slow VIA register accesses. -+ */ -+ -+ local_irq_save(flags); -+ count_high = via1[vT1CH]; -+ if (count_high == 0xFF) -+ count_high = 0; -+ if (count_high > 0 && (via1[vIFR] & VIA_TIMER_1_INT)) -+ offset = VIA_TIMER_CYCLES; -+ local_irq_restore(flags); -+ -+ count = count_high << 8; -+ count = VIA_TIMER_CYCLES - count + offset; -+ -+ return ((count * VIA_TIMER_INTERVAL) / VIA_TIMER_CYCLES) * 1000; -+} -diff --git a/arch/m68k/mvme147/config.c b/arch/m68k/mvme147/config.c -index 8778612d1f31..78ae803c833e 100644 ---- a/arch/m68k/mvme147/config.c -+++ b/arch/m68k/mvme147/config.c -@@ -46,11 +46,6 @@ extern void mvme147_reset (void); - - static int bcd2int (unsigned char b); - --/* Save tick handler routine pointer, will point to xtime_update() in -- * kernel/time/timekeeping.c, called via mvme147_process_int() */ -- --irq_handler_t tick_handler; -- - - int __init mvme147_parse_bootinfo(const struct bi_record *bi) - { -@@ -106,16 +101,23 @@ void __init config_mvme147(void) - - static irqreturn_t mvme147_timer_int (int irq, void *dev_id) - { -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; -+ -+ local_irq_save(flags); - m147_pcc->t1_int_cntrl = PCC_TIMER_INT_CLR; - m147_pcc->t1_int_cntrl = PCC_INT_ENAB|PCC_LEVEL_TIMER1; -- return tick_handler(irq, dev_id); -+ timer_routine(0, NULL); -+ local_irq_restore(flags); -+ -+ return IRQ_HANDLED; - } - - - void mvme147_sched_init (irq_handler_t timer_routine) - { -- tick_handler = timer_routine; -- if (request_irq(PCC_IRQ_TIMER1, mvme147_timer_int, 0, "timer 1", NULL)) -+ if (request_irq(PCC_IRQ_TIMER1, mvme147_timer_int, 0, "timer 1", -+ timer_routine)) - pr_err("Couldn't register timer interrupt\n"); - - /* Init the clock with a value */ -diff --git a/arch/m68k/mvme16x/config.c b/arch/m68k/mvme16x/config.c -index 6fa06d4d16bf..3116dd576bb3 100644 ---- a/arch/m68k/mvme16x/config.c -+++ b/arch/m68k/mvme16x/config.c -@@ -51,11 +51,6 @@ extern void mvme16x_reset (void); - - int bcd2int (unsigned char b); - --/* Save tick handler routine pointer, will point to xtime_update() in -- * kernel/time/timekeeping.c, called via mvme16x_process_int() */ -- --static irq_handler_t tick_handler; -- - - unsigned short mvme16x_config; - EXPORT_SYMBOL(mvme16x_config); -@@ -354,8 +349,15 @@ static irqreturn_t mvme16x_abort_int (int irq, void *dev_id) - - static irqreturn_t mvme16x_timer_int (int irq, void *dev_id) - { -- *(volatile unsigned char *)0xfff4201b |= 8; -- return tick_handler(irq, dev_id); -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; -+ -+ local_irq_save(flags); -+ *(volatile unsigned char *)0xfff4201b |= 8; -+ timer_routine(0, NULL); -+ local_irq_restore(flags); -+ -+ return IRQ_HANDLED; - } - - void mvme16x_sched_init (irq_handler_t timer_routine) -@@ -363,14 +365,13 @@ void mvme16x_sched_init (irq_handler_t timer_routine) - uint16_t brdno = be16_to_cpu(mvme_bdid.brdno); - int irq; - -- tick_handler = timer_routine; - /* Using PCCchip2 or MC2 chip tick timer 1 */ - *(volatile unsigned long *)0xfff42008 = 0; - *(volatile unsigned long *)0xfff42004 = 10000; /* 10ms */ - *(volatile unsigned char *)0xfff42017 |= 3; - *(volatile unsigned char *)0xfff4201b = 0x16; -- if (request_irq(MVME16x_IRQ_TIMER, mvme16x_timer_int, 0, -- "timer", mvme16x_timer_int)) -+ if (request_irq(MVME16x_IRQ_TIMER, mvme16x_timer_int, 0, "timer", -+ timer_routine)) - panic ("Couldn't register timer int"); - - if (brdno == 0x0162 || brdno == 0x172) -diff --git a/arch/m68k/q40/q40ints.c b/arch/m68k/q40/q40ints.c -index 3e7603202977..1c696906c159 100644 ---- a/arch/m68k/q40/q40ints.c -+++ b/arch/m68k/q40/q40ints.c -@@ -127,10 +127,10 @@ void q40_mksound(unsigned int hz, unsigned int ticks) - sound_ticks = ticks << 1; - } - --static irq_handler_t q40_timer_routine; -- --static irqreturn_t q40_timer_int (int irq, void * dev) -+static irqreturn_t q40_timer_int(int irq, void *dev_id) - { -+ irq_handler_t timer_routine = dev_id; -+ - ql_ticks = ql_ticks ? 0 : 1; - if (sound_ticks) { - unsigned char sval=(sound_ticks & 1) ? 128-SVOL : 128+SVOL; -@@ -139,8 +139,13 @@ static irqreturn_t q40_timer_int (int irq, void * dev) - *DAC_RIGHT=sval; - } - -- if (!ql_ticks) -- q40_timer_routine(irq, dev); -+ if (!ql_ticks) { -+ unsigned long flags; -+ -+ local_irq_save(flags); -+ timer_routine(0, NULL); -+ local_irq_restore(flags); -+ } - return IRQ_HANDLED; - } - -@@ -148,11 +153,9 @@ void q40_sched_init (irq_handler_t timer_routine) - { - int timer_irq; - -- q40_timer_routine = timer_routine; - timer_irq = Q40_IRQ_FRAME; - -- if (request_irq(timer_irq, q40_timer_int, 0, -- "timer", q40_timer_int)) -+ if (request_irq(timer_irq, q40_timer_int, 0, "timer", timer_routine)) - panic("Couldn't register timer int"); - - master_outb(-1, FRAME_CLEAR_REG); -diff --git a/arch/m68k/sun3/sun3ints.c b/arch/m68k/sun3/sun3ints.c -index 6bbca30c9188..a5824abb4a39 100644 ---- a/arch/m68k/sun3/sun3ints.c -+++ b/arch/m68k/sun3/sun3ints.c -@@ -61,8 +61,10 @@ static irqreturn_t sun3_int7(int irq, void *dev_id) - - static irqreturn_t sun3_int5(int irq, void *dev_id) - { -+ unsigned long flags; - unsigned int cnt; - -+ local_irq_save(flags); - #ifdef CONFIG_SUN3 - intersil_clear(); - #endif -@@ -76,6 +78,7 @@ static irqreturn_t sun3_int5(int irq, void *dev_id) - cnt = kstat_irqs_cpu(irq, 0); - if (!(cnt % 20)) - sun3_leds(led_pattern[cnt % 160 / 20]); -+ local_irq_restore(flags); - return IRQ_HANDLED; - } - -diff --git a/arch/m68k/sun3x/time.c b/arch/m68k/sun3x/time.c -index 7a2c53d9f779..48b43903253e 100644 ---- a/arch/m68k/sun3x/time.c -+++ b/arch/m68k/sun3x/time.c -@@ -78,15 +78,19 @@ u32 sun3x_gettimeoffset(void) - } - - #if 0 --static void sun3x_timer_tick(int irq, void *dev_id, struct pt_regs *regs) -+static irqreturn_t sun3x_timer_tick(int irq, void *dev_id) - { -- void (*vector)(int, void *, struct pt_regs *) = dev_id; -+ irq_handler_t timer_routine = dev_id; -+ unsigned long flags; - -- /* Clear the pending interrupt - pulse the enable line low */ -- disable_irq(5); -- enable_irq(5); -+ local_irq_save(flags); -+ /* Clear the pending interrupt - pulse the enable line low */ -+ disable_irq(5); -+ enable_irq(5); -+ timer_routine(0, NULL); -+ local_irq_restore(flags); - -- vector(irq, NULL, regs); -+ return IRQ_HANDLED; - } - #endif - -diff --git a/arch/mips/bcm63xx/Makefile b/arch/mips/bcm63xx/Makefile -index c69f297fc1df..d89651e538f6 100644 ---- a/arch/mips/bcm63xx/Makefile -+++ b/arch/mips/bcm63xx/Makefile -@@ -1,8 +1,8 @@ - # SPDX-License-Identifier: GPL-2.0 - obj-y += clk.o cpu.o cs.o gpio.o irq.o nvram.o prom.o reset.o \ -- setup.o timer.o dev-dsp.o dev-enet.o dev-flash.o \ -- dev-pcmcia.o dev-rng.o dev-spi.o dev-hsspi.o dev-uart.o \ -- dev-wdt.o dev-usb-usbd.o -+ setup.o timer.o dev-enet.o dev-flash.o dev-pcmcia.o \ -+ dev-rng.o dev-spi.o dev-hsspi.o dev-uart.o dev-wdt.o \ -+ dev-usb-usbd.o - obj-$(CONFIG_EARLY_PRINTK) += early_printk.o - - obj-y += boards/ -diff --git a/arch/mips/bcm63xx/boards/board_bcm963xx.c b/arch/mips/bcm63xx/boards/board_bcm963xx.c -index b2097c0d2ed7..36ec3dc2c999 100644 ---- a/arch/mips/bcm63xx/boards/board_bcm963xx.c -+++ b/arch/mips/bcm63xx/boards/board_bcm963xx.c -@@ -23,7 +23,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -289,14 +288,6 @@ static struct board_info __initdata board_96348gw_10 = { - .has_pccard = 1, - .has_ehci0 = 1, - -- .has_dsp = 1, -- .dsp = { -- .gpio_rst = 6, -- .gpio_int = 34, -- .cs = 2, -- .ext_irq = 2, -- }, -- - .leds = { - { - .name = "adsl-fail", -@@ -401,14 +392,6 @@ static struct board_info __initdata board_96348gw = { - - .has_ohci0 = 1, - -- .has_dsp = 1, -- .dsp = { -- .gpio_rst = 6, -- .gpio_int = 34, -- .ext_irq = 2, -- .cs = 2, -- }, -- - .leds = { - { - .name = "adsl-fail", -@@ -898,9 +881,6 @@ int __init board_register_devices(void) - if (board.has_usbd) - bcm63xx_usbd_register(&board.usbd); - -- if (board.has_dsp) -- bcm63xx_dsp_register(&board.dsp); -- - /* Generate MAC address for WLAN and register our SPROM, - * do this after registering enet devices - */ -diff --git a/arch/mips/bcm63xx/dev-dsp.c b/arch/mips/bcm63xx/dev-dsp.c -deleted file mode 100644 -index 5bb5b154c9bd..000000000000 ---- a/arch/mips/bcm63xx/dev-dsp.c -+++ /dev/null -@@ -1,56 +0,0 @@ --/* -- * Broadcom BCM63xx VoIP DSP registration -- * -- * This file is subject to the terms and conditions of the GNU General Public -- * License. See the file "COPYING" in the main directory of this archive -- * for more details. -- * -- * Copyright (C) 2009 Florian Fainelli -- */ -- --#include --#include --#include -- --#include --#include --#include --#include -- --static struct resource voip_dsp_resources[] = { -- { -- .start = -1, /* filled at runtime */ -- .end = -1, /* filled at runtime */ -- .flags = IORESOURCE_MEM, -- }, -- { -- .start = -1, /* filled at runtime */ -- .flags = IORESOURCE_IRQ, -- }, --}; -- --static struct platform_device bcm63xx_voip_dsp_device = { -- .name = "bcm63xx-voip-dsp", -- .id = -1, -- .num_resources = ARRAY_SIZE(voip_dsp_resources), -- .resource = voip_dsp_resources, --}; -- --int __init bcm63xx_dsp_register(const struct bcm63xx_dsp_platform_data *pd) --{ -- struct bcm63xx_dsp_platform_data *dpd; -- u32 val; -- -- /* Get the memory window */ -- val = bcm_mpi_readl(MPI_CSBASE_REG(pd->cs - 1)); -- val &= MPI_CSBASE_BASE_MASK; -- voip_dsp_resources[0].start = val; -- voip_dsp_resources[0].end = val + 0xFFFFFFF; -- voip_dsp_resources[1].start = pd->ext_irq; -- -- /* copy given platform data */ -- dpd = bcm63xx_voip_dsp_device.dev.platform_data; -- memcpy(dpd, pd, sizeof (*pd)); -- -- return platform_device_register(&bcm63xx_voip_dsp_device); --} -diff --git a/arch/mips/include/asm/io.h b/arch/mips/include/asm/io.h -index 57b34257be2b..98eb15b0524c 100644 ---- a/arch/mips/include/asm/io.h -+++ b/arch/mips/include/asm/io.h -@@ -60,21 +60,11 @@ - * instruction, so the lower 16 bits must be zero. Should be true on - * on any sane architecture; generic code does not use this assumption. - */ --extern const unsigned long mips_io_port_base; -+extern unsigned long mips_io_port_base; - --/* -- * Gcc will generate code to load the value of mips_io_port_base after each -- * function call which may be fairly wasteful in some cases. So we don't -- * play quite by the book. We tell gcc mips_io_port_base is a long variable -- * which solves the code generation issue. Now we need to violate the -- * aliasing rules a little to make initialization possible and finally we -- * will need the barrier() to fight side effects of the aliasing chat. -- * This trickery will eventually collapse under gcc's optimizer. Oh well. -- */ - static inline void set_io_port_base(unsigned long base) - { -- * (unsigned long *) &mips_io_port_base = base; -- barrier(); -+ mips_io_port_base = base; - } - - /* -diff --git a/arch/mips/include/asm/mach-bcm63xx/bcm63xx_dev_dsp.h b/arch/mips/include/asm/mach-bcm63xx/bcm63xx_dev_dsp.h -deleted file mode 100644 -index 4e4970787371..000000000000 ---- a/arch/mips/include/asm/mach-bcm63xx/bcm63xx_dev_dsp.h -+++ /dev/null -@@ -1,14 +0,0 @@ --/* SPDX-License-Identifier: GPL-2.0 */ --#ifndef __BCM63XX_DSP_H --#define __BCM63XX_DSP_H -- --struct bcm63xx_dsp_platform_data { -- unsigned gpio_rst; -- unsigned gpio_int; -- unsigned cs; -- unsigned ext_irq; --}; -- --int __init bcm63xx_dsp_register(const struct bcm63xx_dsp_platform_data *pd); -- --#endif /* __BCM63XX_DSP_H */ -diff --git a/arch/mips/include/asm/mach-bcm63xx/board_bcm963xx.h b/arch/mips/include/asm/mach-bcm63xx/board_bcm963xx.h -index 5e5b1bc4a324..830f53f28e3f 100644 ---- a/arch/mips/include/asm/mach-bcm63xx/board_bcm963xx.h -+++ b/arch/mips/include/asm/mach-bcm63xx/board_bcm963xx.h -@@ -7,7 +7,6 @@ - #include - #include - #include --#include - - /* - * flash mapping -@@ -31,7 +30,6 @@ struct board_info { - unsigned int has_ohci0:1; - unsigned int has_ehci0:1; - unsigned int has_usbd:1; -- unsigned int has_dsp:1; - unsigned int has_uart0:1; - unsigned int has_uart1:1; - -@@ -43,9 +41,6 @@ struct board_info { - /* USB config */ - struct bcm63xx_usbd_platform_data usbd; - -- /* DSP config */ -- struct bcm63xx_dsp_platform_data dsp; -- - /* GPIO LEDs */ - struct gpio_led leds[5]; - -diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c -index 795caa763da3..05ed4ed411c7 100644 ---- a/arch/mips/kernel/setup.c -+++ b/arch/mips/kernel/setup.c -@@ -75,7 +75,7 @@ static char __initdata builtin_cmdline[COMMAND_LINE_SIZE] = CONFIG_CMDLINE; - * mips_io_port_base is the begin of the address space to which x86 style - * I/O ports are mapped. - */ --const unsigned long mips_io_port_base = -1; -+unsigned long mips_io_port_base = -1; - EXPORT_SYMBOL(mips_io_port_base); - - static struct resource code_resource = { .name = "Kernel code", }; -diff --git a/arch/nios2/kernel/nios2_ksyms.c b/arch/nios2/kernel/nios2_ksyms.c -index bf2f55d10a4d..4e704046a150 100644 ---- a/arch/nios2/kernel/nios2_ksyms.c -+++ b/arch/nios2/kernel/nios2_ksyms.c -@@ -9,12 +9,20 @@ - #include - #include - -+#include -+#include -+ - /* string functions */ - - EXPORT_SYMBOL(memcpy); - EXPORT_SYMBOL(memset); - EXPORT_SYMBOL(memmove); - -+/* memory management */ -+ -+EXPORT_SYMBOL(empty_zero_page); -+EXPORT_SYMBOL(flush_icache_range); -+ - /* - * libgcc functions - functions that are used internally by the - * compiler... (prototypes are not correct though, but that -@@ -31,3 +39,7 @@ DECLARE_EXPORT(__udivsi3); - DECLARE_EXPORT(__umoddi3); - DECLARE_EXPORT(__umodsi3); - DECLARE_EXPORT(__muldi3); -+DECLARE_EXPORT(__ucmpdi2); -+DECLARE_EXPORT(__lshrdi3); -+DECLARE_EXPORT(__ashldi3); -+DECLARE_EXPORT(__ashrdi3); -diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile -index 0f04c878113e..9c78ef298257 100644 ---- a/arch/powerpc/Makefile -+++ b/arch/powerpc/Makefile -@@ -385,7 +385,9 @@ vdso_install: - ifeq ($(CONFIG_PPC64),y) - $(Q)$(MAKE) $(build)=arch/$(ARCH)/kernel/vdso64 $@ - endif -+ifdef CONFIG_VDSO32 - $(Q)$(MAKE) $(build)=arch/$(ARCH)/kernel/vdso32 $@ -+endif - - archclean: - $(Q)$(MAKE) $(clean)=$(boot) -diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h -index 9c63b596e6ce..a09595f00cab 100644 ---- a/arch/powerpc/include/asm/archrandom.h -+++ b/arch/powerpc/include/asm/archrandom.h -@@ -28,7 +28,7 @@ static inline int arch_get_random_seed_int(unsigned int *v) - unsigned long val; - int rc; - -- rc = arch_get_random_long(&val); -+ rc = arch_get_random_seed_long(&val); - if (rc) - *v = val; - -diff --git a/arch/powerpc/kernel/cacheinfo.c b/arch/powerpc/kernel/cacheinfo.c -index a8f20e5928e1..9edb45430133 100644 ---- a/arch/powerpc/kernel/cacheinfo.c -+++ b/arch/powerpc/kernel/cacheinfo.c -@@ -865,4 +865,25 @@ void cacheinfo_cpu_offline(unsigned int cpu_id) - if (cache) - cache_cpu_clear(cache, cpu_id); - } -+ -+void cacheinfo_teardown(void) -+{ -+ unsigned int cpu; -+ -+ lockdep_assert_cpus_held(); -+ -+ for_each_online_cpu(cpu) -+ cacheinfo_cpu_offline(cpu); -+} -+ -+void cacheinfo_rebuild(void) -+{ -+ unsigned int cpu; -+ -+ lockdep_assert_cpus_held(); -+ -+ for_each_online_cpu(cpu) -+ cacheinfo_cpu_online(cpu); -+} -+ - #endif /* (CONFIG_PPC_PSERIES && CONFIG_SUSPEND) || CONFIG_HOTPLUG_CPU */ -diff --git a/arch/powerpc/kernel/cacheinfo.h b/arch/powerpc/kernel/cacheinfo.h -index 955f5e999f1b..52bd3fc6642d 100644 ---- a/arch/powerpc/kernel/cacheinfo.h -+++ b/arch/powerpc/kernel/cacheinfo.h -@@ -6,4 +6,8 @@ - extern void cacheinfo_cpu_online(unsigned int cpu_id); - extern void cacheinfo_cpu_offline(unsigned int cpu_id); - -+/* Allow migration/suspend to tear down and rebuild the hierarchy. */ -+extern void cacheinfo_teardown(void); -+extern void cacheinfo_rebuild(void); -+ - #endif /* _PPC_CACHEINFO_H */ -diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c b/arch/powerpc/kernel/dt_cpu_ftrs.c -index 2357df60de95..7ed2b1b6643c 100644 ---- a/arch/powerpc/kernel/dt_cpu_ftrs.c -+++ b/arch/powerpc/kernel/dt_cpu_ftrs.c -@@ -705,8 +705,10 @@ static bool __init cpufeatures_process_feature(struct dt_cpu_feature *f) - m = &dt_cpu_feature_match_table[i]; - if (!strcmp(f->name, m->name)) { - known = true; -- if (m->enable(f)) -+ if (m->enable(f)) { -+ cur_cpu_spec->cpu_features |= m->cpu_ftr_bit_mask; - break; -+ } - - pr_info("not enabling: %s (disabled or unsupported by kernel)\n", - f->name); -@@ -714,17 +716,12 @@ static bool __init cpufeatures_process_feature(struct dt_cpu_feature *f) - } - } - -- if (!known && enable_unknown) { -- if (!feat_try_enable_unknown(f)) { -- pr_info("not enabling: %s (unknown and unsupported by kernel)\n", -- f->name); -- return false; -- } -+ if (!known && (!enable_unknown || !feat_try_enable_unknown(f))) { -+ pr_info("not enabling: %s (unknown and unsupported by kernel)\n", -+ f->name); -+ return false; - } - -- if (m->cpu_ftr_bit_mask) -- cur_cpu_spec->cpu_features |= m->cpu_ftr_bit_mask; -- - if (known) - pr_debug("enabling: %s\n", f->name); - else -diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c -index 5e4446296021..ef6a58838e7c 100644 ---- a/arch/powerpc/kvm/book3s_64_vio.c -+++ b/arch/powerpc/kvm/book3s_64_vio.c -@@ -134,7 +134,6 @@ extern void kvm_spapr_tce_release_iommu_group(struct kvm *kvm, - continue; - - kref_put(&stit->kref, kvm_spapr_tce_liobn_put); -- return; - } - } - } -diff --git a/arch/powerpc/mm/dump_hashpagetable.c b/arch/powerpc/mm/dump_hashpagetable.c -index 5c4c93dcff19..f666d74f05f5 100644 ---- a/arch/powerpc/mm/dump_hashpagetable.c -+++ b/arch/powerpc/mm/dump_hashpagetable.c -@@ -343,7 +343,7 @@ static unsigned long hpte_find(struct pg_state *st, unsigned long ea, int psize) - - /* Look in secondary table */ - if (slot == -1) -- slot = base_hpte_find(ea, psize, true, &v, &r); -+ slot = base_hpte_find(ea, psize, false, &v, &r); - - /* No entry found */ - if (slot == -1) -diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c -index 9739a055e5f7..2d3668acb6ef 100644 ---- a/arch/powerpc/platforms/pseries/mobility.c -+++ b/arch/powerpc/platforms/pseries/mobility.c -@@ -23,6 +23,7 @@ - #include - #include - #include "pseries.h" -+#include "../../kernel/cacheinfo.h" - - static struct kobject *mobility_kobj; - -@@ -359,11 +360,20 @@ void post_mobility_fixup(void) - */ - cpus_read_lock(); - -+ /* -+ * It's common for the destination firmware to replace cache -+ * nodes. Release all of the cacheinfo hierarchy's references -+ * before updating the device tree. -+ */ -+ cacheinfo_teardown(); -+ - rc = pseries_devicetree_update(MIGRATION_SCOPE); - if (rc) - printk(KERN_ERR "Post-mobility device tree update " - "failed: %d\n", rc); - -+ cacheinfo_rebuild(); -+ - cpus_read_unlock(); - - /* Possibly switch to a new RFI flush type */ -diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index 6293a8768a91..bec0952c5595 100644 ---- a/arch/x86/Kconfig.debug -+++ b/arch/x86/Kconfig.debug -@@ -189,7 +189,7 @@ config HAVE_MMIOTRACE_SUPPORT - - config X86_DECODER_SELFTEST - bool "x86 instruction decoder selftest" -- depends on DEBUG_KERNEL && KPROBES -+ depends on DEBUG_KERNEL && INSTRUCTION_DECODER - depends on !COMPILE_TEST - ---help--- - Perform x86 instruction decoder selftests at build time. -diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index 8e36f249646e..904e18bb38c5 100644 ---- a/arch/x86/kernel/kgdb.c -+++ b/arch/x86/kernel/kgdb.c -@@ -438,7 +438,7 @@ static void kgdb_disable_hw_debug(struct pt_regs *regs) - */ - void kgdb_roundup_cpus(unsigned long flags) - { -- apic->send_IPI_allbutself(APIC_DM_NMI); -+ apic->send_IPI_allbutself(NMI_VECTOR); - } - #endif - -diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 5400a24e1a8c..c5d7b4ae17ca 100644 ---- a/arch/x86/mm/tlb.c -+++ b/arch/x86/mm/tlb.c -@@ -651,9 +651,6 @@ void native_flush_tlb_others(const struct cpumask *cpumask, - * that UV should be updated so that smp_call_function_many(), - * etc, are optimal on UV. - */ -- unsigned int cpu; -- -- cpu = smp_processor_id(); - cpumask = uv_flush_tlb_others(cpumask, info); - if (cpumask) - smp_call_function_many(cpumask, flush_tlb_func_remote, -diff --git a/block/blk-merge.c b/block/blk-merge.c -index f61b50a01bc7..415b5dafd9e6 100644 ---- a/block/blk-merge.c -+++ b/block/blk-merge.c -@@ -299,13 +299,7 @@ void blk_recalc_rq_segments(struct request *rq) - - void blk_recount_segments(struct request_queue *q, struct bio *bio) - { -- unsigned short seg_cnt; -- -- /* estimate segment number by bi_vcnt for non-cloned bio */ -- if (bio_flagged(bio, BIO_CLONED)) -- seg_cnt = bio_segments(bio); -- else -- seg_cnt = bio->bi_vcnt; -+ unsigned short seg_cnt = bio_segments(bio); - - if (test_bit(QUEUE_FLAG_NO_SG_MERGE, &q->queue_flags) && - (seg_cnt < queue_max_segments(q))) -diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index f8ec3d4ba4a8..a5718c0a3dc4 100644 ---- a/crypto/pcrypt.c -+++ b/crypto/pcrypt.c -@@ -394,7 +394,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) - int ret; - - pinst->kobj.kset = pcrypt_kset; -- ret = kobject_add(&pinst->kobj, NULL, name); -+ ret = kobject_add(&pinst->kobj, NULL, "%s", name); - if (!ret) - kobject_uevent(&pinst->kobj, KOBJ_ADD); - -diff --git a/crypto/tgr192.c b/crypto/tgr192.c -index 321bc6ff2a9d..904c8444aa0a 100644 ---- a/crypto/tgr192.c -+++ b/crypto/tgr192.c -@@ -25,8 +25,9 @@ - #include - #include - #include --#include - #include -+#include -+#include - - #define TGR192_DIGEST_SIZE 24 - #define TGR160_DIGEST_SIZE 20 -@@ -468,10 +469,9 @@ static void tgr192_transform(struct tgr192_ctx *tctx, const u8 * data) - u64 a, b, c, aa, bb, cc; - u64 x[8]; - int i; -- const __le64 *ptr = (const __le64 *)data; - - for (i = 0; i < 8; i++) -- x[i] = le64_to_cpu(ptr[i]); -+ x[i] = get_unaligned_le64(data + i * sizeof(__le64)); - - /* save */ - a = aa = tctx->a; -diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index cda9a0b5bdaa..7473ff46de66 100644 ---- a/drivers/ata/libahci.c -+++ b/drivers/ata/libahci.c -@@ -191,7 +191,6 @@ struct ata_port_operations ahci_pmp_retry_srst_ops = { - EXPORT_SYMBOL_GPL(ahci_pmp_retry_srst_ops); - - static bool ahci_em_messages __read_mostly = true; --EXPORT_SYMBOL_GPL(ahci_em_messages); - module_param(ahci_em_messages, bool, 0444); - /* add other LED protocol types when they become supported */ - MODULE_PARM_DESC(ahci_em_messages, -diff --git a/drivers/base/core.c b/drivers/base/core.c -index 2b0a1054535c..93c2fc58013e 100644 ---- a/drivers/base/core.c -+++ b/drivers/base/core.c -@@ -180,11 +180,20 @@ struct device_link *device_link_add(struct device *consumer, - struct device *supplier, u32 flags) - { - struct device_link *link; -+ bool rpm_put_supplier = false; - - if (!consumer || !supplier || - ((flags & DL_FLAG_STATELESS) && (flags & DL_FLAG_AUTOREMOVE))) - return NULL; - -+ if (flags & DL_FLAG_PM_RUNTIME && flags & DL_FLAG_RPM_ACTIVE) { -+ if (pm_runtime_get_sync(supplier) < 0) { -+ pm_runtime_put_noidle(supplier); -+ return NULL; -+ } -+ rpm_put_supplier = true; -+ } -+ - device_links_write_lock(); - device_pm_lock(); - -@@ -209,13 +218,8 @@ struct device_link *device_link_add(struct device *consumer, - - if (flags & DL_FLAG_PM_RUNTIME) { - if (flags & DL_FLAG_RPM_ACTIVE) { -- if (pm_runtime_get_sync(supplier) < 0) { -- pm_runtime_put_noidle(supplier); -- kfree(link); -- link = NULL; -- goto out; -- } - link->rpm_active = true; -+ rpm_put_supplier = false; - } - pm_runtime_new_link(consumer); - /* -@@ -286,6 +290,10 @@ struct device_link *device_link_add(struct device *consumer, - out: - device_pm_unlock(); - device_links_write_unlock(); -+ -+ if (rpm_put_supplier) -+ pm_runtime_put(supplier); -+ - return link; - } - EXPORT_SYMBOL_GPL(device_link_add); -diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index df53e2b3296b..877b2a1767a5 100644 ---- a/drivers/base/power/wakeup.c -+++ b/drivers/base/power/wakeup.c -@@ -877,7 +877,7 @@ EXPORT_SYMBOL_GPL(pm_system_wakeup); - - void pm_system_cancel_wakeup(void) - { -- atomic_dec(&pm_abort_suspend); -+ atomic_dec_if_positive(&pm_abort_suspend); - } - - void pm_wakeup_clear(bool reset) -diff --git a/drivers/bcma/driver_pci.c b/drivers/bcma/driver_pci.c -index f499a469e66d..12b2cc9a3fbe 100644 ---- a/drivers/bcma/driver_pci.c -+++ b/drivers/bcma/driver_pci.c -@@ -78,7 +78,7 @@ static u16 bcma_pcie_mdio_read(struct bcma_drv_pci *pc, u16 device, u8 address) - v |= (address << BCMA_CORE_PCI_MDIODATA_REGADDR_SHF_OLD); - } - -- v = BCMA_CORE_PCI_MDIODATA_START; -+ v |= BCMA_CORE_PCI_MDIODATA_START; - v |= BCMA_CORE_PCI_MDIODATA_READ; - v |= BCMA_CORE_PCI_MDIODATA_TA; - -@@ -121,7 +121,7 @@ static void bcma_pcie_mdio_write(struct bcma_drv_pci *pc, u16 device, - v |= (address << BCMA_CORE_PCI_MDIODATA_REGADDR_SHF_OLD); - } - -- v = BCMA_CORE_PCI_MDIODATA_START; -+ v |= BCMA_CORE_PCI_MDIODATA_START; - v |= BCMA_CORE_PCI_MDIODATA_WRITE; - v |= BCMA_CORE_PCI_MDIODATA_TA; - v |= data; -diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 7ea13b5497fd..b998e3abca7a 100644 ---- a/drivers/block/drbd/drbd_main.c -+++ b/drivers/block/drbd/drbd_main.c -@@ -334,6 +334,8 @@ static int drbd_thread_setup(void *arg) - thi->name[0], - resource->name); - -+ allow_kernel_signal(DRBD_SIGKILL); -+ allow_kernel_signal(SIGXCPU); - restart: - retval = thi->function(thi); - -diff --git a/drivers/clk/clk-highbank.c b/drivers/clk/clk-highbank.c -index 727ed8e1bb72..8e4581004695 100644 ---- a/drivers/clk/clk-highbank.c -+++ b/drivers/clk/clk-highbank.c -@@ -293,6 +293,7 @@ static __init struct clk *hb_clk_init(struct device_node *node, const struct clk - /* Map system registers */ - srnp = of_find_compatible_node(NULL, NULL, "calxeda,hb-sregs"); - hb_clk->reg = of_iomap(srnp, 0); -+ of_node_put(srnp); - BUG_ON(!hb_clk->reg); - hb_clk->reg += reg; - -diff --git a/drivers/clk/clk-qoriq.c b/drivers/clk/clk-qoriq.c -index 1a292519d84f..999a90a16609 100644 ---- a/drivers/clk/clk-qoriq.c -+++ b/drivers/clk/clk-qoriq.c -@@ -1382,6 +1382,7 @@ static void __init clockgen_init(struct device_node *np) - pr_err("%s: Couldn't map %pOF regs\n", __func__, - guts); - } -+ of_node_put(guts); - } - - } -diff --git a/drivers/clk/imx/clk-imx6q.c b/drivers/clk/imx/clk-imx6q.c -index 8eb93eb2f857..e0547654cb7b 100644 ---- a/drivers/clk/imx/clk-imx6q.c -+++ b/drivers/clk/imx/clk-imx6q.c -@@ -431,6 +431,7 @@ static void __init imx6q_clocks_init(struct device_node *ccm_node) - np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-anatop"); - anatop_base = base = of_iomap(np, 0); - WARN_ON(!base); -+ of_node_put(np); - - /* Audio/video PLL post dividers do not work on i.MX6q revision 1.0 */ - if (clk_on_imx6q() && imx_get_soc_revision() == IMX_CHIP_REVISION_1_0) { -diff --git a/drivers/clk/imx/clk-imx6sx.c b/drivers/clk/imx/clk-imx6sx.c -index e6d389e333d7..baa07553a0dd 100644 ---- a/drivers/clk/imx/clk-imx6sx.c -+++ b/drivers/clk/imx/clk-imx6sx.c -@@ -164,6 +164,7 @@ static void __init imx6sx_clocks_init(struct device_node *ccm_node) - np = of_find_compatible_node(NULL, NULL, "fsl,imx6sx-anatop"); - base = of_iomap(np, 0); - WARN_ON(!base); -+ of_node_put(np); - - clks[IMX6SX_PLL1_BYPASS_SRC] = imx_clk_mux("pll1_bypass_src", base + 0x00, 14, 1, pll_bypass_src_sels, ARRAY_SIZE(pll_bypass_src_sels)); - clks[IMX6SX_PLL2_BYPASS_SRC] = imx_clk_mux("pll2_bypass_src", base + 0x30, 14, 1, pll_bypass_src_sels, ARRAY_SIZE(pll_bypass_src_sels)); -diff --git a/drivers/clk/imx/clk-imx7d.c b/drivers/clk/imx/clk-imx7d.c -index 0ac9b30c8b90..9f5e5b9d4a25 100644 ---- a/drivers/clk/imx/clk-imx7d.c -+++ b/drivers/clk/imx/clk-imx7d.c -@@ -416,6 +416,7 @@ static void __init imx7d_clocks_init(struct device_node *ccm_node) - np = of_find_compatible_node(NULL, NULL, "fsl,imx7d-anatop"); - base = of_iomap(np, 0); - WARN_ON(!base); -+ of_node_put(np); - - clks[IMX7D_PLL_ARM_MAIN_SRC] = imx_clk_mux("pll_arm_main_src", base + 0x60, 14, 2, pll_bypass_src_sel, ARRAY_SIZE(pll_bypass_src_sel)); - clks[IMX7D_PLL_DRAM_MAIN_SRC] = imx_clk_mux("pll_dram_main_src", base + 0x70, 14, 2, pll_bypass_src_sel, ARRAY_SIZE(pll_bypass_src_sel)); -diff --git a/drivers/clk/imx/clk-vf610.c b/drivers/clk/imx/clk-vf610.c -index 6dae54325a91..a334667c450a 100644 ---- a/drivers/clk/imx/clk-vf610.c -+++ b/drivers/clk/imx/clk-vf610.c -@@ -203,6 +203,7 @@ static void __init vf610_clocks_init(struct device_node *ccm_node) - np = of_find_compatible_node(NULL, NULL, "fsl,vf610-anatop"); - anatop_base = of_iomap(np, 0); - BUG_ON(!anatop_base); -+ of_node_put(np); - - np = ccm_node; - ccm_base = of_iomap(np, 0); -diff --git a/drivers/clk/mvebu/armada-370.c b/drivers/clk/mvebu/armada-370.c -index 2c7c1085f883..8fdfa97900cd 100644 ---- a/drivers/clk/mvebu/armada-370.c -+++ b/drivers/clk/mvebu/armada-370.c -@@ -177,8 +177,10 @@ static void __init a370_clk_init(struct device_node *np) - - mvebu_coreclk_setup(np, &a370_coreclks); - -- if (cgnp) -+ if (cgnp) { - mvebu_clk_gating_setup(cgnp, a370_gating_desc); -+ of_node_put(cgnp); -+ } - } - CLK_OF_DECLARE(a370_clk, "marvell,armada-370-core-clock", a370_clk_init); - -diff --git a/drivers/clk/mvebu/armada-xp.c b/drivers/clk/mvebu/armada-xp.c -index 0ec44ae9a2a2..df529982adc9 100644 ---- a/drivers/clk/mvebu/armada-xp.c -+++ b/drivers/clk/mvebu/armada-xp.c -@@ -228,7 +228,9 @@ static void __init axp_clk_init(struct device_node *np) - - mvebu_coreclk_setup(np, &axp_coreclks); - -- if (cgnp) -+ if (cgnp) { - mvebu_clk_gating_setup(cgnp, axp_gating_desc); -+ of_node_put(cgnp); -+ } - } - CLK_OF_DECLARE(axp_clk, "marvell,armada-xp-core-clock", axp_clk_init); -diff --git a/drivers/clk/mvebu/dove.c b/drivers/clk/mvebu/dove.c -index 59fad9546c84..5f258c9bb68b 100644 ---- a/drivers/clk/mvebu/dove.c -+++ b/drivers/clk/mvebu/dove.c -@@ -190,10 +190,14 @@ static void __init dove_clk_init(struct device_node *np) - - mvebu_coreclk_setup(np, &dove_coreclks); - -- if (ddnp) -+ if (ddnp) { - dove_divider_clk_init(ddnp); -+ of_node_put(ddnp); -+ } - -- if (cgnp) -+ if (cgnp) { - mvebu_clk_gating_setup(cgnp, dove_gating_desc); -+ of_node_put(cgnp); -+ } - } - CLK_OF_DECLARE(dove_clk, "marvell,dove-core-clock", dove_clk_init); -diff --git a/drivers/clk/mvebu/kirkwood.c b/drivers/clk/mvebu/kirkwood.c -index a2a8d614039d..890ebf623261 100644 ---- a/drivers/clk/mvebu/kirkwood.c -+++ b/drivers/clk/mvebu/kirkwood.c -@@ -333,6 +333,8 @@ static void __init kirkwood_clk_init(struct device_node *np) - if (cgnp) { - mvebu_clk_gating_setup(cgnp, kirkwood_gating_desc); - kirkwood_clk_muxing_setup(cgnp, kirkwood_mux_desc); -+ -+ of_node_put(cgnp); - } - } - CLK_OF_DECLARE(kirkwood_clk, "marvell,kirkwood-core-clock", -diff --git a/drivers/clk/mvebu/mv98dx3236.c b/drivers/clk/mvebu/mv98dx3236.c -index 6e203af73cac..c8a0d03d2cd6 100644 ---- a/drivers/clk/mvebu/mv98dx3236.c -+++ b/drivers/clk/mvebu/mv98dx3236.c -@@ -174,7 +174,9 @@ static void __init mv98dx3236_clk_init(struct device_node *np) - - mvebu_coreclk_setup(np, &mv98dx3236_core_clocks); - -- if (cgnp) -+ if (cgnp) { - mvebu_clk_gating_setup(cgnp, mv98dx3236_gating_desc); -+ of_node_put(cgnp); -+ } - } - CLK_OF_DECLARE(mv98dx3236_clk, "marvell,mv98dx3236-core-clock", mv98dx3236_clk_init); -diff --git a/drivers/clk/qcom/gcc-msm8996.c b/drivers/clk/qcom/gcc-msm8996.c -index 7ddec886fcd3..c0b043b1bd24 100644 ---- a/drivers/clk/qcom/gcc-msm8996.c -+++ b/drivers/clk/qcom/gcc-msm8996.c -@@ -140,22 +140,6 @@ static const char * const gcc_xo_gpll0_gpll4_gpll0_early_div[] = { - "gpll0_early_div" - }; - --static const struct parent_map gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div_map[] = { -- { P_XO, 0 }, -- { P_GPLL0, 1 }, -- { P_GPLL2, 2 }, -- { P_GPLL3, 3 }, -- { P_GPLL0_EARLY_DIV, 6 } --}; -- --static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div[] = { -- "xo", -- "gpll0", -- "gpll2", -- "gpll3", -- "gpll0_early_div" --}; -- - static const struct parent_map gcc_xo_gpll0_gpll1_early_div_gpll1_gpll4_gpll0_early_div_map[] = { - { P_XO, 0 }, - { P_GPLL0, 1 }, -@@ -194,26 +178,6 @@ static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll2_early_gpll0_early - "gpll0_early_div" - }; - --static const struct parent_map gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div_map[] = { -- { P_XO, 0 }, -- { P_GPLL0, 1 }, -- { P_GPLL2, 2 }, -- { P_GPLL3, 3 }, -- { P_GPLL1, 4 }, -- { P_GPLL4, 5 }, -- { P_GPLL0_EARLY_DIV, 6 } --}; -- --static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div[] = { -- "xo", -- "gpll0", -- "gpll2", -- "gpll3", -- "gpll1", -- "gpll4", -- "gpll0_early_div" --}; -- - static struct clk_fixed_factor xo = { - .mult = 1, - .div = 1, -diff --git a/drivers/clk/samsung/clk-exynos4.c b/drivers/clk/samsung/clk-exynos4.c -index d8d3cb67b402..3d3026221927 100644 ---- a/drivers/clk/samsung/clk-exynos4.c -+++ b/drivers/clk/samsung/clk-exynos4.c -@@ -1240,6 +1240,7 @@ static unsigned long __init exynos4_get_xom(void) - xom = readl(chipid_base + 8); - - iounmap(chipid_base); -+ of_node_put(np); - } - - return xom; -diff --git a/drivers/clk/socfpga/clk-pll-a10.c b/drivers/clk/socfpga/clk-pll-a10.c -index 35fabe1a32c3..269467e8e07e 100644 ---- a/drivers/clk/socfpga/clk-pll-a10.c -+++ b/drivers/clk/socfpga/clk-pll-a10.c -@@ -95,6 +95,7 @@ static struct clk * __init __socfpga_pll_init(struct device_node *node, - - clkmgr_np = of_find_compatible_node(NULL, NULL, "altr,clk-mgr"); - clk_mgr_a10_base_addr = of_iomap(clkmgr_np, 0); -+ of_node_put(clkmgr_np); - BUG_ON(!clk_mgr_a10_base_addr); - pll_clk->hw.reg = clk_mgr_a10_base_addr + reg; - -diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c -index c7f463172e4b..b4b44e9b5901 100644 ---- a/drivers/clk/socfpga/clk-pll.c -+++ b/drivers/clk/socfpga/clk-pll.c -@@ -100,6 +100,7 @@ static __init struct clk *__socfpga_pll_init(struct device_node *node, - - clkmgr_np = of_find_compatible_node(NULL, NULL, "altr,clk-mgr"); - clk_mgr_base_addr = of_iomap(clkmgr_np, 0); -+ of_node_put(clkmgr_np); - BUG_ON(!clk_mgr_base_addr); - pll_clk->hw.reg = clk_mgr_base_addr + reg; - -diff --git a/drivers/clk/sunxi-ng/ccu-sun8i-a23.c b/drivers/clk/sunxi-ng/ccu-sun8i-a23.c -index d93b452f0df9..1cef040ebe82 100644 ---- a/drivers/clk/sunxi-ng/ccu-sun8i-a23.c -+++ b/drivers/clk/sunxi-ng/ccu-sun8i-a23.c -@@ -132,7 +132,7 @@ static SUNXI_CCU_NKM_WITH_GATE_LOCK(pll_mipi_clk, "pll-mipi", - 8, 4, /* N */ - 4, 2, /* K */ - 0, 4, /* M */ -- BIT(31), /* gate */ -+ BIT(31) | BIT(23) | BIT(22), /* gate */ - BIT(28), /* lock */ - CLK_SET_RATE_UNGATE); - -diff --git a/drivers/clk/sunxi-ng/ccu-sun8i-v3s.c b/drivers/clk/sunxi-ng/ccu-sun8i-v3s.c -index 9e3f4088724b..c7f9d974b10d 100644 ---- a/drivers/clk/sunxi-ng/ccu-sun8i-v3s.c -+++ b/drivers/clk/sunxi-ng/ccu-sun8i-v3s.c -@@ -84,7 +84,7 @@ static SUNXI_CCU_NM_WITH_FRAC_GATE_LOCK(pll_ve_clk, "pll-ve", - BIT(28), /* lock */ - 0); - --static SUNXI_CCU_NKM_WITH_GATE_LOCK(pll_ddr_clk, "pll-ddr", -+static SUNXI_CCU_NKM_WITH_GATE_LOCK(pll_ddr0_clk, "pll-ddr0", - "osc24M", 0x020, - 8, 5, /* N */ - 4, 2, /* K */ -@@ -123,6 +123,14 @@ static SUNXI_CCU_NK_WITH_GATE_LOCK_POSTDIV(pll_periph1_clk, "pll-periph1", - 2, /* post-div */ - 0); - -+static SUNXI_CCU_NM_WITH_GATE_LOCK(pll_ddr1_clk, "pll-ddr1", -+ "osc24M", 0x04c, -+ 8, 7, /* N */ -+ 0, 2, /* M */ -+ BIT(31), /* gate */ -+ BIT(28), /* lock */ -+ 0); -+ - static const char * const cpu_parents[] = { "osc32k", "osc24M", - "pll-cpu", "pll-cpu" }; - static SUNXI_CCU_MUX(cpu_clk, "cpu", cpu_parents, -@@ -310,7 +318,8 @@ static SUNXI_CCU_GATE(usb_phy0_clk, "usb-phy0", "osc24M", - static SUNXI_CCU_GATE(usb_ohci0_clk, "usb-ohci0", "osc24M", - 0x0cc, BIT(16), 0); - --static const char * const dram_parents[] = { "pll-ddr", "pll-periph0-2x" }; -+static const char * const dram_parents[] = { "pll-ddr0", "pll-ddr1", -+ "pll-periph0-2x" }; - static SUNXI_CCU_M_WITH_MUX(dram_clk, "dram", dram_parents, - 0x0f4, 0, 4, 20, 2, CLK_IS_CRITICAL); - -@@ -369,10 +378,11 @@ static struct ccu_common *sun8i_v3s_ccu_clks[] = { - &pll_audio_base_clk.common, - &pll_video_clk.common, - &pll_ve_clk.common, -- &pll_ddr_clk.common, -+ &pll_ddr0_clk.common, - &pll_periph0_clk.common, - &pll_isp_clk.common, - &pll_periph1_clk.common, -+ &pll_ddr1_clk.common, - &cpu_clk.common, - &axi_clk.common, - &ahb1_clk.common, -@@ -457,11 +467,12 @@ static struct clk_hw_onecell_data sun8i_v3s_hw_clks = { - [CLK_PLL_AUDIO_8X] = &pll_audio_8x_clk.hw, - [CLK_PLL_VIDEO] = &pll_video_clk.common.hw, - [CLK_PLL_VE] = &pll_ve_clk.common.hw, -- [CLK_PLL_DDR] = &pll_ddr_clk.common.hw, -+ [CLK_PLL_DDR0] = &pll_ddr0_clk.common.hw, - [CLK_PLL_PERIPH0] = &pll_periph0_clk.common.hw, - [CLK_PLL_PERIPH0_2X] = &pll_periph0_2x_clk.hw, - [CLK_PLL_ISP] = &pll_isp_clk.common.hw, - [CLK_PLL_PERIPH1] = &pll_periph1_clk.common.hw, -+ [CLK_PLL_DDR1] = &pll_ddr1_clk.common.hw, - [CLK_CPU] = &cpu_clk.common.hw, - [CLK_AXI] = &axi_clk.common.hw, - [CLK_AHB1] = &ahb1_clk.common.hw, -diff --git a/drivers/clk/sunxi-ng/ccu-sun8i-v3s.h b/drivers/clk/sunxi-ng/ccu-sun8i-v3s.h -index 4a4d36fdad96..a091b7217dfd 100644 ---- a/drivers/clk/sunxi-ng/ccu-sun8i-v3s.h -+++ b/drivers/clk/sunxi-ng/ccu-sun8i-v3s.h -@@ -29,7 +29,7 @@ - #define CLK_PLL_AUDIO_8X 5 - #define CLK_PLL_VIDEO 6 - #define CLK_PLL_VE 7 --#define CLK_PLL_DDR 8 -+#define CLK_PLL_DDR0 8 - #define CLK_PLL_PERIPH0 9 - #define CLK_PLL_PERIPH0_2X 10 - #define CLK_PLL_ISP 11 -@@ -58,6 +58,8 @@ - - /* And the GPU module clock is exported */ - --#define CLK_NUMBER (CLK_MIPI_CSI + 1) -+#define CLK_PLL_DDR1 74 -+ -+#define CLK_NUMBER (CLK_PLL_DDR1 + 1) - - #endif /* _CCU_SUN8I_H3_H_ */ -diff --git a/drivers/clocksource/exynos_mct.c b/drivers/clocksource/exynos_mct.c -index aaf5bfa9bd9c..e3ae041ac30e 100644 ---- a/drivers/clocksource/exynos_mct.c -+++ b/drivers/clocksource/exynos_mct.c -@@ -563,7 +563,19 @@ static int __init exynos4_timer_resources(struct device_node *np, void __iomem * - return 0; - - out_irq: -- free_percpu_irq(mct_irqs[MCT_L0_IRQ], &percpu_mct_tick); -+ if (mct_int_type == MCT_INT_PPI) { -+ free_percpu_irq(mct_irqs[MCT_L0_IRQ], &percpu_mct_tick); -+ } else { -+ for_each_possible_cpu(cpu) { -+ struct mct_clock_event_device *pcpu_mevt = -+ per_cpu_ptr(&percpu_mct_tick, cpu); -+ -+ if (pcpu_mevt->evt.irq != -1) { -+ free_irq(pcpu_mevt->evt.irq, pcpu_mevt); -+ pcpu_mevt->evt.irq = -1; -+ } -+ } -+ } - return err; - } - -diff --git a/drivers/clocksource/timer-sun5i.c b/drivers/clocksource/timer-sun5i.c -index 2a3fe83ec337..6f4a9a8faccc 100644 ---- a/drivers/clocksource/timer-sun5i.c -+++ b/drivers/clocksource/timer-sun5i.c -@@ -202,6 +202,11 @@ static int __init sun5i_setup_clocksource(struct device_node *node, - } - - rate = clk_get_rate(clk); -+ if (!rate) { -+ pr_err("Couldn't get parent clock rate\n"); -+ ret = -EINVAL; -+ goto err_disable_clk; -+ } - - cs->timer.base = base; - cs->timer.clk = clk; -@@ -275,6 +280,11 @@ static int __init sun5i_setup_clockevent(struct device_node *node, void __iomem - } - - rate = clk_get_rate(clk); -+ if (!rate) { -+ pr_err("Couldn't get parent clock rate\n"); -+ ret = -EINVAL; -+ goto err_disable_clk; -+ } - - ce->timer.base = base; - ce->timer.ticks_per_jiffy = DIV_ROUND_UP(rate, HZ); -diff --git a/drivers/cpufreq/brcmstb-avs-cpufreq.c b/drivers/cpufreq/brcmstb-avs-cpufreq.c -index 7281a2c19c36..39c462711eae 100644 ---- a/drivers/cpufreq/brcmstb-avs-cpufreq.c -+++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c -@@ -468,12 +468,12 @@ static int brcm_avs_set_pstate(struct private_data *priv, unsigned int pstate) - return __issue_avs_command(priv, AVS_CMD_SET_PSTATE, true, args); - } - --static unsigned long brcm_avs_get_voltage(void __iomem *base) -+static u32 brcm_avs_get_voltage(void __iomem *base) - { - return readl(base + AVS_MBOX_VOLTAGE1); - } - --static unsigned long brcm_avs_get_frequency(void __iomem *base) -+static u32 brcm_avs_get_frequency(void __iomem *base) - { - return readl(base + AVS_MBOX_FREQUENCY) * 1000; /* in kHz */ - } -@@ -762,8 +762,8 @@ static bool brcm_avs_is_firmware_loaded(struct private_data *priv) - rc = brcm_avs_get_pmap(priv, NULL); - magic = readl(priv->base + AVS_MBOX_MAGIC); - -- return (magic == AVS_FIRMWARE_MAGIC) && (rc != -ENOTSUPP) && -- (rc != -EINVAL); -+ return (magic == AVS_FIRMWARE_MAGIC) && ((rc != -ENOTSUPP) || -+ (rc != -EINVAL)); - } - - static unsigned int brcm_avs_cpufreq_get(unsigned int cpu) -@@ -973,14 +973,14 @@ static ssize_t show_brcm_avs_voltage(struct cpufreq_policy *policy, char *buf) - { - struct private_data *priv = policy->driver_data; - -- return sprintf(buf, "0x%08lx\n", brcm_avs_get_voltage(priv->base)); -+ return sprintf(buf, "0x%08x\n", brcm_avs_get_voltage(priv->base)); - } - - static ssize_t show_brcm_avs_frequency(struct cpufreq_policy *policy, char *buf) - { - struct private_data *priv = policy->driver_data; - -- return sprintf(buf, "0x%08lx\n", brcm_avs_get_frequency(priv->base)); -+ return sprintf(buf, "0x%08x\n", brcm_avs_get_frequency(priv->base)); - } - - cpufreq_freq_attr_ro(brcm_avs_pstate); -diff --git a/drivers/crypto/amcc/crypto4xx_trng.h b/drivers/crypto/amcc/crypto4xx_trng.h -index 931d22531f51..7bbda51b7337 100644 ---- a/drivers/crypto/amcc/crypto4xx_trng.h -+++ b/drivers/crypto/amcc/crypto4xx_trng.h -@@ -26,9 +26,9 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev); - void ppc4xx_trng_remove(struct crypto4xx_core_device *core_dev); - #else - static inline void ppc4xx_trng_probe( -- struct crypto4xx_device *dev __maybe_unused) { } -+ struct crypto4xx_core_device *dev __maybe_unused) { } - static inline void ppc4xx_trng_remove( -- struct crypto4xx_device *dev __maybe_unused) { } -+ struct crypto4xx_core_device *dev __maybe_unused) { } - #endif - - #endif -diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c -index 84422435f39b..279e907590e9 100644 ---- a/drivers/crypto/bcm/cipher.c -+++ b/drivers/crypto/bcm/cipher.c -@@ -718,7 +718,7 @@ static int handle_ahash_req(struct iproc_reqctx_s *rctx) - */ - unsigned int new_data_len; - -- unsigned int chunk_start = 0; -+ unsigned int __maybe_unused chunk_start = 0; - u32 db_size; /* Length of data field, incl gcm and hash padding */ - int pad_len = 0; /* total pad len, including gcm, hash, stat padding */ - u32 data_pad_len = 0; /* length of GCM/CCM padding */ -@@ -1676,8 +1676,6 @@ static void spu_rx_callback(struct mbox_client *cl, void *msg) - struct spu_hw *spu = &iproc_priv.spu; - struct brcm_message *mssg = msg; - struct iproc_reqctx_s *rctx; -- struct iproc_ctx_s *ctx; -- struct crypto_async_request *areq; - int err = 0; - - rctx = mssg->ctx; -@@ -1687,8 +1685,6 @@ static void spu_rx_callback(struct mbox_client *cl, void *msg) - err = -EFAULT; - goto cb_finish; - } -- areq = rctx->parent; -- ctx = rctx->ctx; - - /* process the SPU status */ - err = spu->spu_status_process(rctx->msg_buf.rx_stat); -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c -index fde07d4ff019..ff6718a11e9e 100644 ---- a/drivers/crypto/caam/caamrng.c -+++ b/drivers/crypto/caam/caamrng.c -@@ -353,7 +353,10 @@ static int __init caam_rng_init(void) - goto free_rng_ctx; - - dev_info(dev, "registering rng-caam\n"); -- return hwrng_register(&caam_rng); -+ -+ err = hwrng_register(&caam_rng); -+ if (!err) -+ return err; - - free_rng_ctx: - kfree(rng_ctx); -diff --git a/drivers/crypto/caam/error.c b/drivers/crypto/caam/error.c -index 8da88beb1abb..832ba2afdcd5 100644 ---- a/drivers/crypto/caam/error.c -+++ b/drivers/crypto/caam/error.c -@@ -22,7 +22,7 @@ void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, - size_t len; - void *buf; - -- for (it = sg; it && tlen > 0 ; it = sg_next(sg)) { -+ for (it = sg; it && tlen > 0 ; it = sg_next(it)) { - /* - * make sure the scatterlist's page - * has a valid virtual memory mapping -diff --git a/drivers/crypto/ccp/ccp-crypto-aes.c b/drivers/crypto/ccp/ccp-crypto-aes.c -index 89291c15015c..3f768699332b 100644 ---- a/drivers/crypto/ccp/ccp-crypto-aes.c -+++ b/drivers/crypto/ccp/ccp-crypto-aes.c -@@ -1,7 +1,8 @@ -+// SPDX-License-Identifier: GPL-2.0 - /* - * AMD Cryptographic Coprocessor (CCP) AES crypto API support - * -- * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. -+ * Copyright (C) 2013-2019 Advanced Micro Devices, Inc. - * - * Author: Tom Lendacky - * -@@ -79,8 +80,7 @@ static int ccp_aes_crypt(struct ablkcipher_request *req, bool encrypt) - return -EINVAL; - - if (((ctx->u.aes.mode == CCP_AES_MODE_ECB) || -- (ctx->u.aes.mode == CCP_AES_MODE_CBC) || -- (ctx->u.aes.mode == CCP_AES_MODE_CFB)) && -+ (ctx->u.aes.mode == CCP_AES_MODE_CBC)) && - (req->nbytes & (AES_BLOCK_SIZE - 1))) - return -EINVAL; - -@@ -291,7 +291,7 @@ static struct ccp_aes_def aes_algs[] = { - .version = CCP_VERSION(3, 0), - .name = "cfb(aes)", - .driver_name = "cfb-aes-ccp", -- .blocksize = AES_BLOCK_SIZE, -+ .blocksize = 1, - .ivsize = AES_BLOCK_SIZE, - .alg_defaults = &ccp_aes_defaults, - }, -diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c -index 1e2e42106dee..330853a2702f 100644 ---- a/drivers/crypto/ccp/ccp-ops.c -+++ b/drivers/crypto/ccp/ccp-ops.c -@@ -458,8 +458,8 @@ static int ccp_copy_from_sb(struct ccp_cmd_queue *cmd_q, - return ccp_copy_to_from_sb(cmd_q, wa, jobid, sb, byte_swap, true); - } - --static int ccp_run_aes_cmac_cmd(struct ccp_cmd_queue *cmd_q, -- struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_aes_cmac_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_aes_engine *aes = &cmd->u.aes; - struct ccp_dm_workarea key, ctx; -@@ -614,8 +614,8 @@ e_key: - return ret; - } - --static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, -- struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_aes_engine *aes = &cmd->u.aes; - struct ccp_dm_workarea key, ctx, final_wa, tag; -@@ -897,7 +897,8 @@ e_key: - return ret; - } - --static int ccp_run_aes_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_aes_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_aes_engine *aes = &cmd->u.aes; - struct ccp_dm_workarea key, ctx; -@@ -907,12 +908,6 @@ static int ccp_run_aes_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - bool in_place = false; - int ret; - -- if (aes->mode == CCP_AES_MODE_CMAC) -- return ccp_run_aes_cmac_cmd(cmd_q, cmd); -- -- if (aes->mode == CCP_AES_MODE_GCM) -- return ccp_run_aes_gcm_cmd(cmd_q, cmd); -- - if (!((aes->key_len == AES_KEYSIZE_128) || - (aes->key_len == AES_KEYSIZE_192) || - (aes->key_len == AES_KEYSIZE_256))) -@@ -1080,8 +1075,8 @@ e_key: - return ret; - } - --static int ccp_run_xts_aes_cmd(struct ccp_cmd_queue *cmd_q, -- struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_xts_aes_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_xts_aes_engine *xts = &cmd->u.xts; - struct ccp_dm_workarea key, ctx; -@@ -1280,7 +1275,8 @@ e_key: - return ret; - } - --static int ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_des3_engine *des3 = &cmd->u.des3; - -@@ -1293,6 +1289,9 @@ static int ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - int ret; - - /* Error checks */ -+ if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) -+ return -EINVAL; -+ - if (!cmd_q->ccp->vdata->perform->des3) - return -EINVAL; - -@@ -1375,8 +1374,6 @@ static int ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - * passthru option to convert from big endian to little endian. - */ - if (des3->mode != CCP_DES3_MODE_ECB) { -- u32 load_mode; -- - op.sb_ctx = cmd_q->sb_ctx; - - ret = ccp_init_dm_workarea(&ctx, cmd_q, -@@ -1392,12 +1389,8 @@ static int ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - if (ret) - goto e_ctx; - -- if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) -- load_mode = CCP_PASSTHRU_BYTESWAP_NOOP; -- else -- load_mode = CCP_PASSTHRU_BYTESWAP_256BIT; - ret = ccp_copy_to_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, -- load_mode); -+ CCP_PASSTHRU_BYTESWAP_256BIT); - if (ret) { - cmd->engine_error = cmd_q->cmd_error; - goto e_ctx; -@@ -1459,10 +1452,6 @@ static int ccp_run_des3_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - } - - /* ...but we only need the last DES3_EDE_BLOCK_SIZE bytes */ -- if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) -- dm_offset = CCP_SB_BYTES - des3->iv_len; -- else -- dm_offset = 0; - ccp_get_dm_area(&ctx, dm_offset, des3->iv, 0, - DES3_EDE_BLOCK_SIZE); - } -@@ -1483,7 +1472,8 @@ e_key: - return ret; - } - --static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_sha_engine *sha = &cmd->u.sha; - struct ccp_dm_workarea ctx; -@@ -1827,7 +1817,8 @@ e_ctx: - return ret; - } - --static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_rsa_engine *rsa = &cmd->u.rsa; - struct ccp_dm_workarea exp, src, dst; -@@ -1958,8 +1949,8 @@ e_sb: - return ret; - } - --static int ccp_run_passthru_cmd(struct ccp_cmd_queue *cmd_q, -- struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_passthru_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_passthru_engine *pt = &cmd->u.passthru; - struct ccp_dm_workarea mask; -@@ -2090,7 +2081,8 @@ e_mask: - return ret; - } - --static int ccp_run_passthru_nomap_cmd(struct ccp_cmd_queue *cmd_q, -+static noinline_for_stack int -+ccp_run_passthru_nomap_cmd(struct ccp_cmd_queue *cmd_q, - struct ccp_cmd *cmd) - { - struct ccp_passthru_nomap_engine *pt = &cmd->u.passthru_nomap; -@@ -2431,7 +2423,8 @@ e_src: - return ret; - } - --static int ccp_run_ecc_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) -+static noinline_for_stack int -+ccp_run_ecc_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - { - struct ccp_ecc_engine *ecc = &cmd->u.ecc; - -@@ -2468,7 +2461,17 @@ int ccp_run_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) - - switch (cmd->engine) { - case CCP_ENGINE_AES: -- ret = ccp_run_aes_cmd(cmd_q, cmd); -+ switch (cmd->u.aes.mode) { -+ case CCP_AES_MODE_CMAC: -+ ret = ccp_run_aes_cmac_cmd(cmd_q, cmd); -+ break; -+ case CCP_AES_MODE_GCM: -+ ret = ccp_run_aes_gcm_cmd(cmd_q, cmd); -+ break; -+ default: -+ ret = ccp_run_aes_cmd(cmd_q, cmd); -+ break; -+ } - break; - case CCP_ENGINE_XTS_AES_128: - ret = ccp_run_xts_aes_cmd(cmd_q, cmd); -diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c -index 1a724263761b..2d178e013535 100644 ---- a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c -+++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c -@@ -179,7 +179,7 @@ static int sun4i_hash(struct ahash_request *areq) - */ - unsigned int i = 0, end, fill, min_fill, nwait, nbw = 0, j = 0, todo; - unsigned int in_i = 0; -- u32 spaces, rx_cnt = SS_RX_DEFAULT, bf[32] = {0}, wb = 0, v, ivmode = 0; -+ u32 spaces, rx_cnt = SS_RX_DEFAULT, bf[32] = {0}, v, ivmode = 0; - struct sun4i_req_ctx *op = ahash_request_ctx(areq); - struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); - struct sun4i_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); -@@ -188,6 +188,7 @@ static int sun4i_hash(struct ahash_request *areq) - struct sg_mapping_iter mi; - int in_r, err = 0; - size_t copied = 0; -+ __le32 wb = 0; - - dev_dbg(ss->dev, "%s %s bc=%llu len=%u mode=%x wl=%u h0=%0x", - __func__, crypto_tfm_alg_name(areq->base.tfm), -@@ -399,7 +400,7 @@ hash_final: - - nbw = op->len - 4 * nwait; - if (nbw) { -- wb = *(u32 *)(op->buf + nwait * 4); -+ wb = cpu_to_le32(*(u32 *)(op->buf + nwait * 4)); - wb &= GENMASK((nbw * 8) - 1, 0); - - op->byte_count += nbw; -@@ -408,7 +409,7 @@ hash_final: - - /* write the remaining bytes of the nbw buffer */ - wb |= ((1 << 7) << (nbw * 8)); -- bf[j++] = wb; -+ bf[j++] = le32_to_cpu(wb); - - /* - * number of space to pad to obtain 64o minus 8(size) minus 4 (final 1) -@@ -427,13 +428,13 @@ hash_final: - - /* write the length of data */ - if (op->mode == SS_OP_SHA1) { -- __be64 bits = cpu_to_be64(op->byte_count << 3); -- bf[j++] = lower_32_bits(bits); -- bf[j++] = upper_32_bits(bits); -+ __be64 *bits = (__be64 *)&bf[j]; -+ *bits = cpu_to_be64(op->byte_count << 3); -+ j += 2; - } else { -- __le64 bits = op->byte_count << 3; -- bf[j++] = lower_32_bits(bits); -- bf[j++] = upper_32_bits(bits); -+ __le64 *bits = (__le64 *)&bf[j]; -+ *bits = cpu_to_le64(op->byte_count << 3); -+ j += 2; - } - writesl(ss->base + SS_RXFIFO, bf, j); - -@@ -475,7 +476,7 @@ hash_final: - } - } else { - for (i = 0; i < 4; i++) { -- v = readl(ss->base + SS_MD0 + i * 4); -+ v = cpu_to_le32(readl(ss->base + SS_MD0 + i * 4)); - memcpy(areq->result + i * 4, &v, 4); - } - } -diff --git a/drivers/dma/dma-axi-dmac.c b/drivers/dma/dma-axi-dmac.c -index 7f0b9aa15867..9887f2a14aa9 100644 ---- a/drivers/dma/dma-axi-dmac.c -+++ b/drivers/dma/dma-axi-dmac.c -@@ -451,7 +451,7 @@ static struct dma_async_tx_descriptor *axi_dmac_prep_interleaved( - - if (chan->hw_2d) { - if (!axi_dmac_check_len(chan, xt->sgl[0].size) || -- !axi_dmac_check_len(chan, xt->numf)) -+ xt->numf == 0) - return NULL; - if (xt->sgl[0].size + dst_icg > chan->max_length || - xt->sgl[0].size + src_icg > chan->max_length) -diff --git a/drivers/dma/dw/platform.c b/drivers/dma/dw/platform.c -index 46a519e07195..b408c07662f5 100644 ---- a/drivers/dma/dw/platform.c -+++ b/drivers/dma/dw/platform.c -@@ -87,13 +87,20 @@ static void dw_dma_acpi_controller_register(struct dw_dma *dw) - dma_cap_set(DMA_SLAVE, info->dma_cap); - info->filter_fn = dw_dma_acpi_filter; - -- ret = devm_acpi_dma_controller_register(dev, acpi_dma_simple_xlate, -- info); -+ ret = acpi_dma_controller_register(dev, acpi_dma_simple_xlate, info); - if (ret) - dev_err(dev, "could not register acpi_dma_controller\n"); - } -+ -+static void dw_dma_acpi_controller_free(struct dw_dma *dw) -+{ -+ struct device *dev = dw->dma.dev; -+ -+ acpi_dma_controller_free(dev); -+} - #else /* !CONFIG_ACPI */ - static inline void dw_dma_acpi_controller_register(struct dw_dma *dw) {} -+static inline void dw_dma_acpi_controller_free(struct dw_dma *dw) {} - #endif /* !CONFIG_ACPI */ - - #ifdef CONFIG_OF -@@ -249,6 +256,9 @@ static int dw_remove(struct platform_device *pdev) - { - struct dw_dma_chip *chip = platform_get_drvdata(pdev); - -+ if (ACPI_HANDLE(&pdev->dev)) -+ dw_dma_acpi_controller_free(chip->dw); -+ - if (pdev->dev.of_node) - of_dma_controller_free(pdev->dev.of_node); - -diff --git a/drivers/dma/edma.c b/drivers/dma/edma.c -index 519c24465dea..57a49fe713fd 100644 ---- a/drivers/dma/edma.c -+++ b/drivers/dma/edma.c -@@ -2340,8 +2340,10 @@ static int edma_probe(struct platform_device *pdev) - - ecc->tc_list = devm_kcalloc(dev, ecc->num_tc, - sizeof(*ecc->tc_list), GFP_KERNEL); -- if (!ecc->tc_list) -- return -ENOMEM; -+ if (!ecc->tc_list) { -+ ret = -ENOMEM; -+ goto err_reg1; -+ } - - for (i = 0;; i++) { - ret = of_parse_phandle_with_fixed_args(node, "ti,tptcs", -diff --git a/drivers/dma/hsu/hsu.c b/drivers/dma/hsu/hsu.c -index 29d04ca71d52..15525a2b8ebd 100644 ---- a/drivers/dma/hsu/hsu.c -+++ b/drivers/dma/hsu/hsu.c -@@ -64,10 +64,10 @@ static void hsu_dma_chan_start(struct hsu_dma_chan *hsuc) - - if (hsuc->direction == DMA_MEM_TO_DEV) { - bsr = config->dst_maxburst; -- mtsr = config->src_addr_width; -+ mtsr = config->dst_addr_width; - } else if (hsuc->direction == DMA_DEV_TO_MEM) { - bsr = config->src_maxburst; -- mtsr = config->dst_addr_width; -+ mtsr = config->src_addr_width; - } - - hsu_chan_disable(hsuc); -diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c -index 0fc12a8783e3..99f3f22ed647 100644 ---- a/drivers/dma/imx-sdma.c -+++ b/drivers/dma/imx-sdma.c -@@ -1441,6 +1441,14 @@ static void sdma_add_scripts(struct sdma_engine *sdma, - if (!sdma->script_number) - sdma->script_number = SDMA_SCRIPT_ADDRS_ARRAY_SIZE_V1; - -+ if (sdma->script_number > sizeof(struct sdma_script_start_addrs) -+ / sizeof(s32)) { -+ dev_err(sdma->dev, -+ "SDMA script number %d not match with firmware.\n", -+ sdma->script_number); -+ return; -+ } -+ - for (i = 0; i < sdma->script_number; i++) - if (addr_arr[i] > 0) - saddr_arr[i] = addr_arr[i]; -diff --git a/drivers/dma/mv_xor.c b/drivers/dma/mv_xor.c -index 1993889003fd..1c57577f49fe 100644 ---- a/drivers/dma/mv_xor.c -+++ b/drivers/dma/mv_xor.c -@@ -1059,6 +1059,7 @@ mv_xor_channel_add(struct mv_xor_device *xordev, - mv_chan->op_in_desc = XOR_MODE_IN_DESC; - - dma_dev = &mv_chan->dmadev; -+ dma_dev->dev = &pdev->dev; - mv_chan->xordev = xordev; - - /* -@@ -1091,7 +1092,6 @@ mv_xor_channel_add(struct mv_xor_device *xordev, - dma_dev->device_free_chan_resources = mv_xor_free_chan_resources; - dma_dev->device_tx_status = mv_xor_status; - dma_dev->device_issue_pending = mv_xor_issue_pending; -- dma_dev->dev = &pdev->dev; - - /* set prep routines based on capability */ - if (dma_has_cap(DMA_INTERRUPT, dma_dev->cap_mask)) -diff --git a/drivers/dma/tegra210-adma.c b/drivers/dma/tegra210-adma.c -index 09b6756366c3..4f4733d831a1 100644 ---- a/drivers/dma/tegra210-adma.c -+++ b/drivers/dma/tegra210-adma.c -@@ -98,6 +98,7 @@ struct tegra_adma_chan_regs { - unsigned int src_addr; - unsigned int trg_addr; - unsigned int fifo_ctrl; -+ unsigned int cmd; - unsigned int tc; - }; - -@@ -127,6 +128,7 @@ struct tegra_adma_chan { - enum dma_transfer_direction sreq_dir; - unsigned int sreq_index; - bool sreq_reserved; -+ struct tegra_adma_chan_regs ch_regs; - - /* Transfer count and position info */ - unsigned int tx_buf_count; -@@ -635,8 +637,30 @@ static struct dma_chan *tegra_dma_of_xlate(struct of_phandle_args *dma_spec, - static int tegra_adma_runtime_suspend(struct device *dev) - { - struct tegra_adma *tdma = dev_get_drvdata(dev); -+ struct tegra_adma_chan_regs *ch_reg; -+ struct tegra_adma_chan *tdc; -+ int i; - - tdma->global_cmd = tdma_read(tdma, ADMA_GLOBAL_CMD); -+ if (!tdma->global_cmd) -+ goto clk_disable; -+ -+ for (i = 0; i < tdma->nr_channels; i++) { -+ tdc = &tdma->channels[i]; -+ ch_reg = &tdc->ch_regs; -+ ch_reg->cmd = tdma_ch_read(tdc, ADMA_CH_CMD); -+ /* skip if channel is not active */ -+ if (!ch_reg->cmd) -+ continue; -+ ch_reg->tc = tdma_ch_read(tdc, ADMA_CH_TC); -+ ch_reg->src_addr = tdma_ch_read(tdc, ADMA_CH_LOWER_SRC_ADDR); -+ ch_reg->trg_addr = tdma_ch_read(tdc, ADMA_CH_LOWER_TRG_ADDR); -+ ch_reg->ctrl = tdma_ch_read(tdc, ADMA_CH_CTRL); -+ ch_reg->fifo_ctrl = tdma_ch_read(tdc, ADMA_CH_FIFO_CTRL); -+ ch_reg->config = tdma_ch_read(tdc, ADMA_CH_CONFIG); -+ } -+ -+clk_disable: - clk_disable_unprepare(tdma->ahub_clk); - - return 0; -@@ -645,7 +669,9 @@ static int tegra_adma_runtime_suspend(struct device *dev) - static int tegra_adma_runtime_resume(struct device *dev) - { - struct tegra_adma *tdma = dev_get_drvdata(dev); -- int ret; -+ struct tegra_adma_chan_regs *ch_reg; -+ struct tegra_adma_chan *tdc; -+ int ret, i; - - ret = clk_prepare_enable(tdma->ahub_clk); - if (ret) { -@@ -654,6 +680,24 @@ static int tegra_adma_runtime_resume(struct device *dev) - } - tdma_write(tdma, ADMA_GLOBAL_CMD, tdma->global_cmd); - -+ if (!tdma->global_cmd) -+ return 0; -+ -+ for (i = 0; i < tdma->nr_channels; i++) { -+ tdc = &tdma->channels[i]; -+ ch_reg = &tdc->ch_regs; -+ /* skip if channel was not active earlier */ -+ if (!ch_reg->cmd) -+ continue; -+ tdma_ch_write(tdc, ADMA_CH_TC, ch_reg->tc); -+ tdma_ch_write(tdc, ADMA_CH_LOWER_SRC_ADDR, ch_reg->src_addr); -+ tdma_ch_write(tdc, ADMA_CH_LOWER_TRG_ADDR, ch_reg->trg_addr); -+ tdma_ch_write(tdc, ADMA_CH_CTRL, ch_reg->ctrl); -+ tdma_ch_write(tdc, ADMA_CH_FIFO_CTRL, ch_reg->fifo_ctrl); -+ tdma_ch_write(tdc, ADMA_CH_CONFIG, ch_reg->config); -+ tdma_ch_write(tdc, ADMA_CH_CMD, ch_reg->cmd); -+ } -+ - return 0; - } - -@@ -700,16 +744,6 @@ static int tegra_adma_probe(struct platform_device *pdev) - return PTR_ERR(tdma->ahub_clk); - } - -- pm_runtime_enable(&pdev->dev); -- -- ret = pm_runtime_get_sync(&pdev->dev); -- if (ret < 0) -- goto rpm_disable; -- -- ret = tegra_adma_init(tdma); -- if (ret) -- goto rpm_put; -- - INIT_LIST_HEAD(&tdma->dma_dev.channels); - for (i = 0; i < tdma->nr_channels; i++) { - struct tegra_adma_chan *tdc = &tdma->channels[i]; -@@ -727,6 +761,16 @@ static int tegra_adma_probe(struct platform_device *pdev) - tdc->tdma = tdma; - } - -+ pm_runtime_enable(&pdev->dev); -+ -+ ret = pm_runtime_get_sync(&pdev->dev); -+ if (ret < 0) -+ goto rpm_disable; -+ -+ ret = tegra_adma_init(tdma); -+ if (ret) -+ goto rpm_put; -+ - dma_cap_set(DMA_SLAVE, tdma->dma_dev.cap_mask); - dma_cap_set(DMA_PRIVATE, tdma->dma_dev.cap_mask); - dma_cap_set(DMA_CYCLIC, tdma->dma_dev.cap_mask); -@@ -768,13 +812,13 @@ static int tegra_adma_probe(struct platform_device *pdev) - - dma_remove: - dma_async_device_unregister(&tdma->dma_dev); --irq_dispose: -- while (--i >= 0) -- irq_dispose_mapping(tdma->channels[i].irq); - rpm_put: - pm_runtime_put_sync(&pdev->dev); - rpm_disable: - pm_runtime_disable(&pdev->dev); -+irq_dispose: -+ while (--i >= 0) -+ irq_dispose_mapping(tdma->channels[i].irq); - - return ret; - } -diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c -index f7fa05fee45a..329021189c38 100644 ---- a/drivers/edac/edac_mc.c -+++ b/drivers/edac/edac_mc.c -@@ -680,22 +680,18 @@ static int del_mc_from_global_list(struct mem_ctl_info *mci) - - struct mem_ctl_info *edac_mc_find(int idx) - { -- struct mem_ctl_info *mci = NULL; -+ struct mem_ctl_info *mci; - struct list_head *item; - - mutex_lock(&mem_ctls_mutex); - - list_for_each(item, &mc_devices) { - mci = list_entry(item, struct mem_ctl_info, link); -- -- if (mci->mc_idx >= idx) { -- if (mci->mc_idx == idx) { -- goto unlock; -- } -- break; -- } -+ if (mci->mc_idx == idx) -+ goto unlock; - } - -+ mci = NULL; - unlock: - mutex_unlock(&mem_ctls_mutex); - return mci; -diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c -index c8c83f84aced..9d94c306c8ca 100644 ---- a/drivers/gpu/drm/drm_dp_mst_topology.c -+++ b/drivers/gpu/drm/drm_dp_mst_topology.c -@@ -982,9 +982,20 @@ static struct drm_dp_mst_port *drm_dp_mst_get_port_ref_locked(struct drm_dp_mst_ - static struct drm_dp_mst_port *drm_dp_get_validated_port_ref(struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port) - { - struct drm_dp_mst_port *rport = NULL; -+ - mutex_lock(&mgr->lock); -- if (mgr->mst_primary) -- rport = drm_dp_mst_get_port_ref_locked(mgr->mst_primary, port); -+ /* -+ * Port may or may not be 'valid' but we don't care about that when -+ * destroying the port and we are guaranteed that the port pointer -+ * will be valid until we've finished -+ */ -+ if (current_work() == &mgr->destroy_connector_work) { -+ kref_get(&port->kref); -+ rport = port; -+ } else if (mgr->mst_primary) { -+ rport = drm_dp_mst_get_port_ref_locked(mgr->mst_primary, -+ port); -+ } - mutex_unlock(&mgr->lock); - return rport; - } -diff --git a/drivers/gpu/drm/etnaviv/etnaviv_dump.c b/drivers/gpu/drm/etnaviv/etnaviv_dump.c -index 2d955d7d7b6d..e154e6fb64da 100644 ---- a/drivers/gpu/drm/etnaviv/etnaviv_dump.c -+++ b/drivers/gpu/drm/etnaviv/etnaviv_dump.c -@@ -207,7 +207,7 @@ void etnaviv_core_dump(struct etnaviv_gpu *gpu) - mutex_lock(&obj->lock); - pages = etnaviv_gem_get_pages(obj); - mutex_unlock(&obj->lock); -- if (pages) { -+ if (!IS_ERR(pages)) { - int j; - - iter.hdr->data[0] = bomap - bomap_start; -diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c -index ae884723e9b1..880b95511b98 100644 ---- a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c -+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c -@@ -26,7 +26,7 @@ struct sg_table *etnaviv_gem_prime_get_sg_table(struct drm_gem_object *obj) - int npages = obj->size >> PAGE_SHIFT; - - if (WARN_ON(!etnaviv_obj->pages)) /* should have already pinned! */ -- return NULL; -+ return ERR_PTR(-EINVAL); - - return drm_prime_pages_to_sg(etnaviv_obj->pages, npages); - } -diff --git a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_fbdev.c b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_fbdev.c -index 8bd29075ae4e..edcca1761500 100644 ---- a/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_fbdev.c -+++ b/drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_fbdev.c -@@ -71,7 +71,6 @@ static int hibmc_drm_fb_create(struct drm_fb_helper *helper, - DRM_DEBUG_DRIVER("surface width(%d), height(%d) and bpp(%d)\n", - sizes->surface_width, sizes->surface_height, - sizes->surface_bpp); -- sizes->surface_depth = 32; - - bytes_per_pixel = DIV_ROUND_UP(sizes->surface_bpp, 8); - -diff --git a/drivers/gpu/drm/msm/adreno/a3xx_gpu.c b/drivers/gpu/drm/msm/adreno/a3xx_gpu.c -index 7791313405b5..c8671b1578c6 100644 ---- a/drivers/gpu/drm/msm/adreno/a3xx_gpu.c -+++ b/drivers/gpu/drm/msm/adreno/a3xx_gpu.c -@@ -394,19 +394,17 @@ static const unsigned int a3xx_registers[] = { - 0x2200, 0x2212, 0x2214, 0x2217, 0x221a, 0x221a, 0x2240, 0x227e, - 0x2280, 0x228b, 0x22c0, 0x22c0, 0x22c4, 0x22ce, 0x22d0, 0x22d8, - 0x22df, 0x22e6, 0x22e8, 0x22e9, 0x22ec, 0x22ec, 0x22f0, 0x22f7, -- 0x22ff, 0x22ff, 0x2340, 0x2343, 0x2348, 0x2349, 0x2350, 0x2356, -- 0x2360, 0x2360, 0x2440, 0x2440, 0x2444, 0x2444, 0x2448, 0x244d, -- 0x2468, 0x2469, 0x246c, 0x246d, 0x2470, 0x2470, 0x2472, 0x2472, -- 0x2474, 0x2475, 0x2479, 0x247a, 0x24c0, 0x24d3, 0x24e4, 0x24ef, -- 0x2500, 0x2509, 0x250c, 0x250c, 0x250e, 0x250e, 0x2510, 0x2511, -- 0x2514, 0x2515, 0x25e4, 0x25e4, 0x25ea, 0x25ea, 0x25ec, 0x25ed, -- 0x25f0, 0x25f0, 0x2600, 0x2612, 0x2614, 0x2617, 0x261a, 0x261a, -- 0x2640, 0x267e, 0x2680, 0x268b, 0x26c0, 0x26c0, 0x26c4, 0x26ce, -- 0x26d0, 0x26d8, 0x26df, 0x26e6, 0x26e8, 0x26e9, 0x26ec, 0x26ec, -- 0x26f0, 0x26f7, 0x26ff, 0x26ff, 0x2740, 0x2743, 0x2748, 0x2749, -- 0x2750, 0x2756, 0x2760, 0x2760, 0x300c, 0x300e, 0x301c, 0x301d, -- 0x302a, 0x302a, 0x302c, 0x302d, 0x3030, 0x3031, 0x3034, 0x3036, -- 0x303c, 0x303c, 0x305e, 0x305f, -+ 0x22ff, 0x22ff, 0x2340, 0x2343, 0x2440, 0x2440, 0x2444, 0x2444, -+ 0x2448, 0x244d, 0x2468, 0x2469, 0x246c, 0x246d, 0x2470, 0x2470, -+ 0x2472, 0x2472, 0x2474, 0x2475, 0x2479, 0x247a, 0x24c0, 0x24d3, -+ 0x24e4, 0x24ef, 0x2500, 0x2509, 0x250c, 0x250c, 0x250e, 0x250e, -+ 0x2510, 0x2511, 0x2514, 0x2515, 0x25e4, 0x25e4, 0x25ea, 0x25ea, -+ 0x25ec, 0x25ed, 0x25f0, 0x25f0, 0x2600, 0x2612, 0x2614, 0x2617, -+ 0x261a, 0x261a, 0x2640, 0x267e, 0x2680, 0x268b, 0x26c0, 0x26c0, -+ 0x26c4, 0x26ce, 0x26d0, 0x26d8, 0x26df, 0x26e6, 0x26e8, 0x26e9, -+ 0x26ec, 0x26ec, 0x26f0, 0x26f7, 0x26ff, 0x26ff, 0x2740, 0x2743, -+ 0x300c, 0x300e, 0x301c, 0x301d, 0x302a, 0x302a, 0x302c, 0x302d, -+ 0x3030, 0x3031, 0x3034, 0x3036, 0x303c, 0x303c, 0x305e, 0x305f, - ~0 /* sentinel */ - }; - -diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c -index a9a0b56f1fbc..b9cb7c09e05a 100644 ---- a/drivers/gpu/drm/msm/dsi/dsi_host.c -+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c -@@ -34,6 +34,8 @@ - #include "dsi_cfg.h" - #include "msm_kms.h" - -+#define DSI_RESET_TOGGLE_DELAY_MS 20 -+ - static int dsi_get_version(const void __iomem *base, u32 *major, u32 *minor) - { - u32 ver; -@@ -906,7 +908,7 @@ static void dsi_sw_reset(struct msm_dsi_host *msm_host) - wmb(); /* clocks need to be enabled before reset */ - - dsi_write(msm_host, REG_DSI_RESET, 1); -- wmb(); /* make sure reset happen */ -+ msleep(DSI_RESET_TOGGLE_DELAY_MS); /* make sure reset happen */ - dsi_write(msm_host, REG_DSI_RESET, 0); - } - -@@ -1288,7 +1290,7 @@ static void dsi_sw_reset_restore(struct msm_dsi_host *msm_host) - - /* dsi controller can only be reset while clocks are running */ - dsi_write(msm_host, REG_DSI_RESET, 1); -- wmb(); /* make sure reset happen */ -+ msleep(DSI_RESET_TOGGLE_DELAY_MS); /* make sure reset happen */ - dsi_write(msm_host, REG_DSI_RESET, 0); - wmb(); /* controller out of reset */ - dsi_write(msm_host, REG_DSI_CTRL, data0); -diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c -index 824067d2d427..42f0ecb0cf35 100644 ---- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c -+++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c -@@ -635,7 +635,7 @@ fail: - if (cfg_handler) - mdp5_cfg_destroy(cfg_handler); - -- return NULL; -+ return ERR_PTR(ret); - } - - static struct mdp5_cfg_platform *mdp5_get_config(struct platform_device *dev) -diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gddr3.c b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gddr3.c -index 60ece0a8a2e1..1d2d6bae73cd 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gddr3.c -+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gddr3.c -@@ -87,7 +87,7 @@ nvkm_gddr3_calc(struct nvkm_ram *ram) - WR = (ram->next->bios.timing[2] & 0x007f0000) >> 16; - /* XXX: Get these values from the VBIOS instead */ - DLL = !(ram->mr[1] & 0x1); -- RON = !(ram->mr[1] & 0x300) >> 8; -+ RON = !((ram->mr[1] & 0x300) >> 8); - break; - default: - return -ENOSYS; -diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/memx.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/memx.c -index 11b28b086a06..7b052879af72 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/memx.c -+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/memx.c -@@ -88,10 +88,10 @@ nvkm_memx_fini(struct nvkm_memx **pmemx, bool exec) - if (exec) { - nvkm_pmu_send(pmu, reply, PROC_MEMX, MEMX_MSG_EXEC, - memx->base, finish); -+ nvkm_debug(subdev, "Exec took %uns, PMU_IN %08x\n", -+ reply[0], reply[1]); - } - -- nvkm_debug(subdev, "Exec took %uns, PMU_IN %08x\n", -- reply[0], reply[1]); - kfree(memx); - return 0; - } -diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c -index ce8b353b5753..ba31c7674fcd 100644 ---- a/drivers/gpu/drm/radeon/cik.c -+++ b/drivers/gpu/drm/radeon/cik.c -@@ -7012,8 +7012,8 @@ static int cik_irq_init(struct radeon_device *rdev) - } - - /* setup interrupt control */ -- /* XXX this should actually be a bus address, not an MC address. same on older asics */ -- WREG32(INTERRUPT_CNTL2, rdev->ih.gpu_addr >> 8); -+ /* set dummy read address to dummy page address */ -+ WREG32(INTERRUPT_CNTL2, rdev->dummy_page.addr >> 8); - interrupt_cntl = RREG32(INTERRUPT_CNTL); - /* IH_DUMMY_RD_OVERRIDE=0 - dummy read disabled with msi, enabled without msi - * IH_DUMMY_RD_OVERRIDE=1 - dummy read controlled by IH_DUMMY_RD_EN -diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c -index e06e2d8feab3..a724bb87cfad 100644 ---- a/drivers/gpu/drm/radeon/r600.c -+++ b/drivers/gpu/drm/radeon/r600.c -@@ -3690,8 +3690,8 @@ int r600_irq_init(struct radeon_device *rdev) - } - - /* setup interrupt control */ -- /* set dummy read address to ring address */ -- WREG32(INTERRUPT_CNTL2, rdev->ih.gpu_addr >> 8); -+ /* set dummy read address to dummy page address */ -+ WREG32(INTERRUPT_CNTL2, rdev->dummy_page.addr >> 8); - interrupt_cntl = RREG32(INTERRUPT_CNTL); - /* IH_DUMMY_RD_OVERRIDE=0 - dummy read disabled with msi, enabled without msi - * IH_DUMMY_RD_OVERRIDE=1 - dummy read controlled by IH_DUMMY_RD_EN -diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c -index 1907c950d76f..1144cafea9ac 100644 ---- a/drivers/gpu/drm/radeon/si.c -+++ b/drivers/gpu/drm/radeon/si.c -@@ -5993,8 +5993,8 @@ static int si_irq_init(struct radeon_device *rdev) - } - - /* setup interrupt control */ -- /* set dummy read address to ring address */ -- WREG32(INTERRUPT_CNTL2, rdev->ih.gpu_addr >> 8); -+ /* set dummy read address to dummy page address */ -+ WREG32(INTERRUPT_CNTL2, rdev->dummy_page.addr >> 8); - interrupt_cntl = RREG32(INTERRUPT_CNTL); - /* IH_DUMMY_RD_OVERRIDE=0 - dummy read disabled with msi, enabled without msi - * IH_DUMMY_RD_OVERRIDE=1 - dummy read controlled by IH_DUMMY_RD_EN -diff --git a/drivers/gpu/drm/shmobile/shmob_drm_drv.c b/drivers/gpu/drm/shmobile/shmob_drm_drv.c -index 592572554eb0..58d8a98c749b 100644 ---- a/drivers/gpu/drm/shmobile/shmob_drm_drv.c -+++ b/drivers/gpu/drm/shmobile/shmob_drm_drv.c -@@ -233,8 +233,8 @@ static int shmob_drm_probe(struct platform_device *pdev) - - res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - sdev->mmio = devm_ioremap_resource(&pdev->dev, res); -- if (sdev->mmio == NULL) -- return -ENOMEM; -+ if (IS_ERR(sdev->mmio)) -+ return PTR_ERR(sdev->mmio); - - ret = shmob_drm_setup_clocks(sdev, pdata->clk_source); - if (ret < 0) -diff --git a/drivers/gpu/drm/sti/sti_hda.c b/drivers/gpu/drm/sti/sti_hda.c -index cf65e32b5090..0399bb18d387 100644 ---- a/drivers/gpu/drm/sti/sti_hda.c -+++ b/drivers/gpu/drm/sti/sti_hda.c -@@ -721,7 +721,6 @@ static int sti_hda_bind(struct device *dev, struct device *master, void *data) - return 0; - - err_sysfs: -- drm_bridge_remove(bridge); - return -EINVAL; - } - -diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c -index 30f02d2fdd03..bbb195a92e93 100644 ---- a/drivers/gpu/drm/sti/sti_hdmi.c -+++ b/drivers/gpu/drm/sti/sti_hdmi.c -@@ -1314,7 +1314,6 @@ static int sti_hdmi_bind(struct device *dev, struct device *master, void *data) - return 0; - - err_sysfs: -- drm_bridge_remove(bridge); - hdmi->drm_connector = NULL; - return -EINVAL; - } -diff --git a/drivers/gpu/drm/sun4i/sun4i_hdmi_tmds_clk.c b/drivers/gpu/drm/sun4i/sun4i_hdmi_tmds_clk.c -index 5cf2527bffc8..d7a8fea94557 100644 ---- a/drivers/gpu/drm/sun4i/sun4i_hdmi_tmds_clk.c -+++ b/drivers/gpu/drm/sun4i/sun4i_hdmi_tmds_clk.c -@@ -50,7 +50,7 @@ static unsigned long sun4i_tmds_calc_divider(unsigned long rate, - (rate - tmp_rate) < (rate - best_rate)) { - best_rate = tmp_rate; - best_m = m; -- is_double = d; -+ is_double = (d == 2) ? true : false; - } - } - } -diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c -index 21c2de81f3e3..a3be65e689fd 100644 ---- a/drivers/gpu/drm/virtio/virtgpu_vq.c -+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c -@@ -648,11 +648,11 @@ int virtio_gpu_cmd_get_capset(struct virtio_gpu_device *vgdev, - { - struct virtio_gpu_get_capset *cmd_p; - struct virtio_gpu_vbuffer *vbuf; -- int max_size = vgdev->capsets[idx].max_size; -+ int max_size; - struct virtio_gpu_drv_cap_cache *cache_ent; - void *resp_buf; - -- if (idx > vgdev->num_capsets) -+ if (idx >= vgdev->num_capsets) - return -EINVAL; - - if (version > vgdev->capsets[idx].max_version) -@@ -662,6 +662,7 @@ int virtio_gpu_cmd_get_capset(struct virtio_gpu_device *vgdev, - if (!cache_ent) - return -ENOMEM; - -+ max_size = vgdev->capsets[idx].max_size; - cache_ent->caps_cache = kmalloc(max_size, GFP_KERNEL); - if (!cache_ent->caps_cache) { - kfree(cache_ent); -diff --git a/drivers/hwmon/lm75.c b/drivers/hwmon/lm75.c -index 005ffb5ffa92..1737bb5fbaaf 100644 ---- a/drivers/hwmon/lm75.c -+++ b/drivers/hwmon/lm75.c -@@ -165,7 +165,7 @@ static int lm75_write(struct device *dev, enum hwmon_sensor_types type, - temp = DIV_ROUND_CLOSEST(temp << (resolution - 8), - 1000) << (16 - resolution); - -- return regmap_write(data->regmap, reg, temp); -+ return regmap_write(data->regmap, reg, (u16)temp); - } - - static umode_t lm75_is_visible(const void *data, enum hwmon_sensor_types type, -diff --git a/drivers/hwmon/pmbus/tps53679.c b/drivers/hwmon/pmbus/tps53679.c -index 85b515cd9df0..2bc352c5357f 100644 ---- a/drivers/hwmon/pmbus/tps53679.c -+++ b/drivers/hwmon/pmbus/tps53679.c -@@ -80,7 +80,14 @@ static struct pmbus_driver_info tps53679_info = { - static int tps53679_probe(struct i2c_client *client, - const struct i2c_device_id *id) - { -- return pmbus_do_probe(client, id, &tps53679_info); -+ struct pmbus_driver_info *info; -+ -+ info = devm_kmemdup(&client->dev, &tps53679_info, sizeof(*info), -+ GFP_KERNEL); -+ if (!info) -+ return -ENOMEM; -+ -+ return pmbus_do_probe(client, id, info); - } - - static const struct i2c_device_id tps53679_id[] = { -diff --git a/drivers/hwmon/shtc1.c b/drivers/hwmon/shtc1.c -index decd7df995ab..2a18539591ea 100644 ---- a/drivers/hwmon/shtc1.c -+++ b/drivers/hwmon/shtc1.c -@@ -38,7 +38,7 @@ static const unsigned char shtc1_cmd_read_id_reg[] = { 0xef, 0xc8 }; - - /* constants for reading the ID register */ - #define SHTC1_ID 0x07 --#define SHTC1_ID_REG_MASK 0x1f -+#define SHTC1_ID_REG_MASK 0x3f - - /* delays for non-blocking i2c commands, both in us */ - #define SHTC1_NONBLOCKING_WAIT_TIME_HPM 14400 -diff --git a/drivers/hwmon/w83627hf.c b/drivers/hwmon/w83627hf.c -index 8ac89d0781cc..a575e1cdb81a 100644 ---- a/drivers/hwmon/w83627hf.c -+++ b/drivers/hwmon/w83627hf.c -@@ -130,17 +130,23 @@ superio_select(struct w83627hf_sio_data *sio, int ld) - outb(ld, sio->sioaddr + 1); - } - --static inline void -+static inline int - superio_enter(struct w83627hf_sio_data *sio) - { -+ if (!request_muxed_region(sio->sioaddr, 2, DRVNAME)) -+ return -EBUSY; -+ - outb(0x87, sio->sioaddr); - outb(0x87, sio->sioaddr); -+ -+ return 0; - } - - static inline void - superio_exit(struct w83627hf_sio_data *sio) - { - outb(0xAA, sio->sioaddr); -+ release_region(sio->sioaddr, 2); - } - - #define W627_DEVID 0x52 -@@ -1278,7 +1284,7 @@ static DEVICE_ATTR_RO(name); - static int __init w83627hf_find(int sioaddr, unsigned short *addr, - struct w83627hf_sio_data *sio_data) - { -- int err = -ENODEV; -+ int err; - u16 val; - - static __initconst char *const names[] = { -@@ -1290,7 +1296,11 @@ static int __init w83627hf_find(int sioaddr, unsigned short *addr, - }; - - sio_data->sioaddr = sioaddr; -- superio_enter(sio_data); -+ err = superio_enter(sio_data); -+ if (err) -+ return err; -+ -+ err = -ENODEV; - val = force_id ? force_id : superio_inb(sio_data, DEVID); - switch (val) { - case W627_DEVID: -@@ -1644,9 +1654,21 @@ static int w83627thf_read_gpio5(struct platform_device *pdev) - struct w83627hf_sio_data *sio_data = dev_get_platdata(&pdev->dev); - int res = 0xff, sel; - -- superio_enter(sio_data); -+ if (superio_enter(sio_data)) { -+ /* -+ * Some other driver reserved the address space for itself. -+ * We don't want to fail driver instantiation because of that, -+ * so display a warning and keep going. -+ */ -+ dev_warn(&pdev->dev, -+ "Can not read VID data: Failed to enable SuperIO access\n"); -+ return res; -+ } -+ - superio_select(sio_data, W83627HF_LD_GPIO5); - -+ res = 0xff; -+ - /* Make sure these GPIO pins are enabled */ - if (!(superio_inb(sio_data, W83627THF_GPIO5_EN) & (1<<3))) { - dev_dbg(&pdev->dev, "GPIO5 disabled, no VID function\n"); -@@ -1677,7 +1699,17 @@ static int w83687thf_read_vid(struct platform_device *pdev) - struct w83627hf_sio_data *sio_data = dev_get_platdata(&pdev->dev); - int res = 0xff; - -- superio_enter(sio_data); -+ if (superio_enter(sio_data)) { -+ /* -+ * Some other driver reserved the address space for itself. -+ * We don't want to fail driver instantiation because of that, -+ * so display a warning and keep going. -+ */ -+ dev_warn(&pdev->dev, -+ "Can not read VID data: Failed to enable SuperIO access\n"); -+ return res; -+ } -+ - superio_select(sio_data, W83627HF_LD_HWM); - - /* Make sure these GPIO pins are enabled */ -diff --git a/drivers/iio/dac/ad5380.c b/drivers/iio/dac/ad5380.c -index 97d2c5111f43..8bf7fc626a9d 100644 ---- a/drivers/iio/dac/ad5380.c -+++ b/drivers/iio/dac/ad5380.c -@@ -221,7 +221,7 @@ static int ad5380_read_raw(struct iio_dev *indio_dev, - if (ret) - return ret; - *val >>= chan->scan_type.shift; -- val -= (1 << chan->scan_type.realbits) / 2; -+ *val -= (1 << chan->scan_type.realbits) / 2; - return IIO_VAL_INT; - case IIO_CHAN_INFO_SCALE: - *val = 2 * st->vref; -diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c -index fc4630e4acdd..1614f6f3677c 100644 ---- a/drivers/infiniband/core/cma.c -+++ b/drivers/infiniband/core/cma.c -@@ -2789,7 +2789,7 @@ static void addr_handler(int status, struct sockaddr *src_addr, - if (status) - pr_debug_ratelimited("RDMA CM: ADDR_ERROR: failed to acquire device. status %d\n", - status); -- } else { -+ } else if (status) { - pr_debug_ratelimited("RDMA CM: ADDR_ERROR: failed to resolve IP. status %d\n", status); - } - -diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c -index bb36cdf82a8d..7eb1cc1b1aa0 100644 ---- a/drivers/infiniband/hw/cxgb4/cm.c -+++ b/drivers/infiniband/hw/cxgb4/cm.c -@@ -2056,7 +2056,7 @@ static int import_ep(struct c4iw_ep *ep, int iptype, __u8 *peer_ip, - } else { - pdev = get_real_dev(n->dev); - ep->l2t = cxgb4_l2t_get(cdev->rdev.lldi.l2t, -- n, pdev, 0); -+ n, pdev, rt_tos2priority(tos)); - if (!ep->l2t) - goto out; - ep->mtu = dst_mtu(dst); -@@ -2147,7 +2147,8 @@ static int c4iw_reconnect(struct c4iw_ep *ep) - laddr6->sin6_addr.s6_addr, - raddr6->sin6_addr.s6_addr, - laddr6->sin6_port, -- raddr6->sin6_port, 0, -+ raddr6->sin6_port, -+ ep->com.cm_id->tos, - raddr6->sin6_scope_id); - iptype = 6; - ra = (__u8 *)&raddr6->sin6_addr; -@@ -2923,15 +2924,18 @@ static int terminate(struct c4iw_dev *dev, struct sk_buff *skb) - ep = get_ep_from_tid(dev, tid); - BUG_ON(!ep); - -- if (ep && ep->com.qp) { -- pr_warn("TERM received tid %u qpid %u\n", -- tid, ep->com.qp->wq.sq.qid); -- attrs.next_state = C4IW_QP_STATE_TERMINATE; -- c4iw_modify_qp(ep->com.qp->rhp, ep->com.qp, -- C4IW_QP_ATTR_NEXT_STATE, &attrs, 1); -+ if (ep) { -+ if (ep->com.qp) { -+ pr_warn("TERM received tid %u qpid %u\n", tid, -+ ep->com.qp->wq.sq.qid); -+ attrs.next_state = C4IW_QP_STATE_TERMINATE; -+ c4iw_modify_qp(ep->com.qp->rhp, ep->com.qp, -+ C4IW_QP_ATTR_NEXT_STATE, &attrs, 1); -+ } -+ -+ c4iw_put_ep(&ep->com); - } else - pr_warn("TERM received tid %u no ep/qp\n", tid); -- c4iw_put_ep(&ep->com); - - return 0; - } -@@ -3295,7 +3299,7 @@ int c4iw_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) - laddr6->sin6_addr.s6_addr, - raddr6->sin6_addr.s6_addr, - laddr6->sin6_port, -- raddr6->sin6_port, 0, -+ raddr6->sin6_port, cm_id->tos, - raddr6->sin6_scope_id); - } - if (!ep->dst) { -diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c -index 9f78bb07744c..4a0b7c003477 100644 ---- a/drivers/infiniband/hw/hfi1/chip.c -+++ b/drivers/infiniband/hw/hfi1/chip.c -@@ -10552,12 +10552,29 @@ void set_link_down_reason(struct hfi1_pportdata *ppd, u8 lcl_reason, - } - } - --/* -- * Verify if BCT for data VLs is non-zero. -+/** -+ * data_vls_operational() - Verify if data VL BCT credits and MTU -+ * are both set. -+ * @ppd: pointer to hfi1_pportdata structure -+ * -+ * Return: true - Ok, false -otherwise. - */ - static inline bool data_vls_operational(struct hfi1_pportdata *ppd) - { -- return !!ppd->actual_vls_operational; -+ int i; -+ u64 reg; -+ -+ if (!ppd->actual_vls_operational) -+ return false; -+ -+ for (i = 0; i < ppd->vls_supported; i++) { -+ reg = read_csr(ppd->dd, SEND_CM_CREDIT_VL + (8 * i)); -+ if ((reg && !ppd->dd->vld[i].mtu) || -+ (!reg && ppd->dd->vld[i].mtu)) -+ return false; -+ } -+ -+ return true; - } - - /* -@@ -10662,7 +10679,8 @@ int set_link_state(struct hfi1_pportdata *ppd, u32 state) - - if (!data_vls_operational(ppd)) { - dd_dev_err(dd, -- "%s: data VLs not operational\n", __func__); -+ "%s: Invalid data VL credits or mtu\n", -+ __func__); - ret = -EINVAL; - break; - } -diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c -index 3a37d26889df..281e9987ffc8 100644 ---- a/drivers/infiniband/hw/hns/hns_roce_qp.c -+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c -@@ -241,7 +241,6 @@ void hns_roce_qp_free(struct hns_roce_dev *hr_dev, struct hns_roce_qp *hr_qp) - - if ((hr_qp->ibqp.qp_type) != IB_QPT_GSI) { - hns_roce_table_put(hr_dev, &qp_table->irrl_table, hr_qp->qpn); -- hns_roce_table_put(hr_dev, &qp_table->qp_table, hr_qp->qpn); - } - } - -diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c -index 5a7dcb5afe6e..84c962820aa2 100644 ---- a/drivers/infiniband/hw/mlx5/qp.c -+++ b/drivers/infiniband/hw/mlx5/qp.c -@@ -2357,6 +2357,11 @@ static enum mlx5_qp_optpar opt_mask[MLX5_QP_NUM_STATE][MLX5_QP_NUM_STATE][MLX5_Q - [MLX5_QP_ST_UD] = MLX5_QP_OPTPAR_PKEY_INDEX | - MLX5_QP_OPTPAR_Q_KEY | - MLX5_QP_OPTPAR_PRI_PORT, -+ [MLX5_QP_ST_XRC] = MLX5_QP_OPTPAR_RRE | -+ MLX5_QP_OPTPAR_RAE | -+ MLX5_QP_OPTPAR_RWE | -+ MLX5_QP_OPTPAR_PKEY_INDEX | -+ MLX5_QP_OPTPAR_PRI_PORT, - }, - [MLX5_QP_STATE_RTR] = { - [MLX5_QP_ST_RC] = MLX5_QP_OPTPAR_ALT_ADDR_PATH | -@@ -2390,6 +2395,12 @@ static enum mlx5_qp_optpar opt_mask[MLX5_QP_NUM_STATE][MLX5_QP_NUM_STATE][MLX5_Q - MLX5_QP_OPTPAR_RWE | - MLX5_QP_OPTPAR_PM_STATE, - [MLX5_QP_ST_UD] = MLX5_QP_OPTPAR_Q_KEY, -+ [MLX5_QP_ST_XRC] = MLX5_QP_OPTPAR_ALT_ADDR_PATH | -+ MLX5_QP_OPTPAR_RRE | -+ MLX5_QP_OPTPAR_RAE | -+ MLX5_QP_OPTPAR_RWE | -+ MLX5_QP_OPTPAR_PM_STATE | -+ MLX5_QP_OPTPAR_RNR_TIMEOUT, - }, - }, - [MLX5_QP_STATE_RTS] = { -@@ -2406,6 +2417,12 @@ static enum mlx5_qp_optpar opt_mask[MLX5_QP_NUM_STATE][MLX5_QP_NUM_STATE][MLX5_Q - [MLX5_QP_ST_UD] = MLX5_QP_OPTPAR_Q_KEY | - MLX5_QP_OPTPAR_SRQN | - MLX5_QP_OPTPAR_CQN_RCV, -+ [MLX5_QP_ST_XRC] = MLX5_QP_OPTPAR_RRE | -+ MLX5_QP_OPTPAR_RAE | -+ MLX5_QP_OPTPAR_RWE | -+ MLX5_QP_OPTPAR_RNR_TIMEOUT | -+ MLX5_QP_OPTPAR_PM_STATE | -+ MLX5_QP_OPTPAR_ALT_ADDR_PATH, - }, - }, - [MLX5_QP_STATE_SQER] = { -@@ -2417,6 +2434,10 @@ static enum mlx5_qp_optpar opt_mask[MLX5_QP_NUM_STATE][MLX5_QP_NUM_STATE][MLX5_Q - MLX5_QP_OPTPAR_RWE | - MLX5_QP_OPTPAR_RAE | - MLX5_QP_OPTPAR_RRE, -+ [MLX5_QP_ST_XRC] = MLX5_QP_OPTPAR_RNR_TIMEOUT | -+ MLX5_QP_OPTPAR_RWE | -+ MLX5_QP_OPTPAR_RAE | -+ MLX5_QP_OPTPAR_RRE, - }, - }, - }; -diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c -index 27d5e8d9f08d..7683d13dad3d 100644 ---- a/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c -+++ b/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c -@@ -55,7 +55,7 @@ - - int ocrdma_query_pkey(struct ib_device *ibdev, u8 port, u16 index, u16 *pkey) - { -- if (index > 1) -+ if (index > 0) - return -EINVAL; - - *pkey = 0xffff; -diff --git a/drivers/infiniband/hw/qedr/verbs.c b/drivers/infiniband/hw/qedr/verbs.c -index 656e7c1a4449..6ae72accae3d 100644 ---- a/drivers/infiniband/hw/qedr/verbs.c -+++ b/drivers/infiniband/hw/qedr/verbs.c -@@ -63,7 +63,7 @@ static inline int qedr_ib_copy_to_udata(struct ib_udata *udata, void *src, - - int qedr_query_pkey(struct ib_device *ibdev, u8 port, u16 index, u16 *pkey) - { -- if (index > QEDR_ROCE_PKEY_TABLE_LEN) -+ if (index >= QEDR_ROCE_PKEY_TABLE_LEN) - return -EINVAL; - - *pkey = QEDR_ROCE_PKEY_DEFAULT; -@@ -178,54 +178,47 @@ int qedr_query_device(struct ib_device *ibdev, - return 0; - } - --#define QEDR_SPEED_SDR (1) --#define QEDR_SPEED_DDR (2) --#define QEDR_SPEED_QDR (4) --#define QEDR_SPEED_FDR10 (8) --#define QEDR_SPEED_FDR (16) --#define QEDR_SPEED_EDR (32) -- - static inline void get_link_speed_and_width(int speed, u8 *ib_speed, - u8 *ib_width) - { - switch (speed) { - case 1000: -- *ib_speed = QEDR_SPEED_SDR; -+ *ib_speed = IB_SPEED_SDR; - *ib_width = IB_WIDTH_1X; - break; - case 10000: -- *ib_speed = QEDR_SPEED_QDR; -+ *ib_speed = IB_SPEED_QDR; - *ib_width = IB_WIDTH_1X; - break; - - case 20000: -- *ib_speed = QEDR_SPEED_DDR; -+ *ib_speed = IB_SPEED_DDR; - *ib_width = IB_WIDTH_4X; - break; - - case 25000: -- *ib_speed = QEDR_SPEED_EDR; -+ *ib_speed = IB_SPEED_EDR; - *ib_width = IB_WIDTH_1X; - break; - - case 40000: -- *ib_speed = QEDR_SPEED_QDR; -+ *ib_speed = IB_SPEED_QDR; - *ib_width = IB_WIDTH_4X; - break; - - case 50000: -- *ib_speed = QEDR_SPEED_QDR; -- *ib_width = IB_WIDTH_4X; -+ *ib_speed = IB_SPEED_HDR; -+ *ib_width = IB_WIDTH_1X; - break; - - case 100000: -- *ib_speed = QEDR_SPEED_EDR; -+ *ib_speed = IB_SPEED_EDR; - *ib_width = IB_WIDTH_4X; - break; - - default: - /* Unsupported */ -- *ib_speed = QEDR_SPEED_SDR; -+ *ib_speed = IB_SPEED_SDR; - *ib_width = IB_WIDTH_1X; - } - } -diff --git a/drivers/infiniband/hw/usnic/usnic_ib_verbs.c b/drivers/infiniband/hw/usnic/usnic_ib_verbs.c -index fdfa25059723..2602c7375d58 100644 ---- a/drivers/infiniband/hw/usnic/usnic_ib_verbs.c -+++ b/drivers/infiniband/hw/usnic/usnic_ib_verbs.c -@@ -423,7 +423,7 @@ struct net_device *usnic_get_netdev(struct ib_device *device, u8 port_num) - int usnic_ib_query_pkey(struct ib_device *ibdev, u8 port, u16 index, - u16 *pkey) - { -- if (index > 1) -+ if (index > 0) - return -EINVAL; - - *pkey = 0xffff; -diff --git a/drivers/infiniband/sw/rxe/rxe_cq.c b/drivers/infiniband/sw/rxe/rxe_cq.c -index c4aabf78dc90..f6e036ded046 100644 ---- a/drivers/infiniband/sw/rxe/rxe_cq.c -+++ b/drivers/infiniband/sw/rxe/rxe_cq.c -@@ -30,7 +30,7 @@ - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ -- -+#include - #include "rxe.h" - #include "rxe_loc.h" - #include "rxe_queue.h" -@@ -97,7 +97,7 @@ int rxe_cq_from_init(struct rxe_dev *rxe, struct rxe_cq *cq, int cqe, - err = do_mmap_info(rxe, udata, false, context, cq->queue->buf, - cq->queue->buf_size, &cq->queue->ip); - if (err) { -- kvfree(cq->queue->buf); -+ vfree(cq->queue->buf); - kfree(cq->queue); - return err; - } -diff --git a/drivers/infiniband/sw/rxe/rxe_pool.c b/drivers/infiniband/sw/rxe/rxe_pool.c -index b4a8acc7bb7d..0e2425f28233 100644 ---- a/drivers/infiniband/sw/rxe/rxe_pool.c -+++ b/drivers/infiniband/sw/rxe/rxe_pool.c -@@ -112,6 +112,18 @@ static inline struct kmem_cache *pool_cache(struct rxe_pool *pool) - return rxe_type_info[pool->type].cache; - } - -+static void rxe_cache_clean(size_t cnt) -+{ -+ int i; -+ struct rxe_type_info *type; -+ -+ for (i = 0; i < cnt; i++) { -+ type = &rxe_type_info[i]; -+ kmem_cache_destroy(type->cache); -+ type->cache = NULL; -+ } -+} -+ - int rxe_cache_init(void) - { - int err; -@@ -136,24 +148,14 @@ int rxe_cache_init(void) - return 0; - - err1: -- while (--i >= 0) { -- kmem_cache_destroy(type->cache); -- type->cache = NULL; -- } -+ rxe_cache_clean(i); - - return err; - } - - void rxe_cache_exit(void) - { -- int i; -- struct rxe_type_info *type; -- -- for (i = 0; i < RXE_NUM_TYPES; i++) { -- type = &rxe_type_info[i]; -- kmem_cache_destroy(type->cache); -- type->cache = NULL; -- } -+ rxe_cache_clean(RXE_NUM_TYPES); - } - - static int rxe_pool_init_index(struct rxe_pool *pool, u32 max, u32 min) -diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c -index aeea994b04c4..25055a68a2c0 100644 ---- a/drivers/infiniband/sw/rxe/rxe_qp.c -+++ b/drivers/infiniband/sw/rxe/rxe_qp.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include "rxe.h" - #include "rxe_loc.h" -@@ -255,7 +256,7 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, struct rxe_qp *qp, - qp->sq.queue->buf_size, &qp->sq.queue->ip); - - if (err) { -- kvfree(qp->sq.queue->buf); -+ vfree(qp->sq.queue->buf); - kfree(qp->sq.queue); - return err; - } -@@ -308,7 +309,7 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, - qp->rq.queue->buf_size, - &qp->rq.queue->ip); - if (err) { -- kvfree(qp->rq.queue->buf); -+ vfree(qp->rq.queue->buf); - kfree(qp->rq.queue); - return err; - } -diff --git a/drivers/infiniband/ulp/iser/iscsi_iser.h b/drivers/infiniband/ulp/iser/iscsi_iser.h -index c1ae4aeae2f9..46dfc6ae9d1c 100644 ---- a/drivers/infiniband/ulp/iser/iscsi_iser.h -+++ b/drivers/infiniband/ulp/iser/iscsi_iser.h -@@ -197,7 +197,7 @@ struct iser_data_buf { - struct scatterlist *sg; - int size; - unsigned long data_len; -- unsigned int dma_nents; -+ int dma_nents; - }; - - /* fwd declarations */ -diff --git a/drivers/infiniband/ulp/iser/iser_memory.c b/drivers/infiniband/ulp/iser/iser_memory.c -index 322209d5ff58..19883169e7b7 100644 ---- a/drivers/infiniband/ulp/iser/iser_memory.c -+++ b/drivers/infiniband/ulp/iser/iser_memory.c -@@ -240,8 +240,8 @@ int iser_fast_reg_fmr(struct iscsi_iser_task *iser_task, - page_vec->npages = 0; - page_vec->fake_mr.page_size = SIZE_4K; - plen = ib_sg_to_pages(&page_vec->fake_mr, mem->sg, -- mem->size, NULL, iser_set_page); -- if (unlikely(plen < mem->size)) { -+ mem->dma_nents, NULL, iser_set_page); -+ if (unlikely(plen < mem->dma_nents)) { - iser_err("page vec too short to hold this SG\n"); - iser_data_buf_dump(mem, device->ib_device); - iser_dump_page_vec(page_vec); -@@ -450,10 +450,10 @@ static int iser_fast_reg_mr(struct iscsi_iser_task *iser_task, - - ib_update_fast_reg_key(mr, ib_inc_rkey(mr->rkey)); - -- n = ib_map_mr_sg(mr, mem->sg, mem->size, NULL, SIZE_4K); -- if (unlikely(n != mem->size)) { -+ n = ib_map_mr_sg(mr, mem->sg, mem->dma_nents, NULL, SIZE_4K); -+ if (unlikely(n != mem->dma_nents)) { - iser_err("failed to map sg (%d/%d)\n", -- n, mem->size); -+ n, mem->dma_nents); - return n < 0 ? n : -EINVAL; - } - -diff --git a/drivers/input/keyboard/nomadik-ske-keypad.c b/drivers/input/keyboard/nomadik-ske-keypad.c -index 8567ee47761e..ae3b04557074 100644 ---- a/drivers/input/keyboard/nomadik-ske-keypad.c -+++ b/drivers/input/keyboard/nomadik-ske-keypad.c -@@ -100,7 +100,7 @@ static int __init ske_keypad_chip_init(struct ske_keypad *keypad) - while ((readl(keypad->reg_base + SKE_RIS) != 0x00000000) && timeout--) - cpu_relax(); - -- if (!timeout) -+ if (timeout == -1) - return -EINVAL; - - /* -diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c -index d09c24825734..778f167be2d3 100644 ---- a/drivers/iommu/amd_iommu.c -+++ b/drivers/iommu/amd_iommu.c -@@ -2160,6 +2160,8 @@ skip_ats_check: - */ - domain_flush_tlb_pde(domain); - -+ domain_flush_complete(domain); -+ - return ret; - } - -diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c -index 6a3cf4d0bd5e..4d2920988d60 100644 ---- a/drivers/iommu/amd_iommu_init.c -+++ b/drivers/iommu/amd_iommu_init.c -@@ -420,6 +420,9 @@ static void iommu_enable(struct amd_iommu *iommu) - - static void iommu_disable(struct amd_iommu *iommu) - { -+ if (!iommu->mmio_base) -+ return; -+ - /* Disable command buffer */ - iommu_feature_disable(iommu, CONTROL_CMDBUF_EN); - -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c -index 523d0889c2a4..b48666849dbe 100644 ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -442,7 +442,6 @@ struct dmar_rmrr_unit { - u64 end_address; /* reserved end address */ - struct dmar_dev_scope *devices; /* target devices */ - int devices_cnt; /* target device count */ -- struct iommu_resv_region *resv; /* reserved region handle */ - }; - - struct dmar_atsr_unit { -@@ -3361,9 +3360,12 @@ static int __init init_dmars(void) - iommu_identity_mapping |= IDENTMAP_ALL; - - #ifdef CONFIG_INTEL_IOMMU_BROKEN_GFX_WA -- iommu_identity_mapping |= IDENTMAP_GFX; -+ dmar_map_gfx = 0; - #endif - -+ if (!dmar_map_gfx) -+ iommu_identity_mapping |= IDENTMAP_GFX; -+ - check_tylersburg_isoch(); - - if (iommu_identity_mapping) { -@@ -4168,7 +4170,6 @@ static inline void init_iommu_pm_ops(void) {} - int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg) - { - struct acpi_dmar_reserved_memory *rmrr; -- int prot = DMA_PTE_READ|DMA_PTE_WRITE; - struct dmar_rmrr_unit *rmrru; - size_t length; - -@@ -4182,22 +4183,16 @@ int __init dmar_parse_one_rmrr(struct acpi_dmar_header *header, void *arg) - rmrru->end_address = rmrr->end_address; - - length = rmrr->end_address - rmrr->base_address + 1; -- rmrru->resv = iommu_alloc_resv_region(rmrr->base_address, length, prot, -- IOMMU_RESV_DIRECT); -- if (!rmrru->resv) -- goto free_rmrru; - - rmrru->devices = dmar_alloc_dev_scope((void *)(rmrr + 1), - ((void *)rmrr) + rmrr->header.length, - &rmrru->devices_cnt); - if (rmrru->devices_cnt && rmrru->devices == NULL) -- goto free_all; -+ goto free_rmrru; - - list_add(&rmrru->list, &dmar_rmrr_units); - - return 0; --free_all: -- kfree(rmrru->resv); - free_rmrru: - kfree(rmrru); - out: -@@ -4415,7 +4410,6 @@ static void intel_iommu_free_dmars(void) - list_for_each_entry_safe(rmrru, rmrr_n, &dmar_rmrr_units, list) { - list_del(&rmrru->list); - dmar_free_dev_scope(&rmrru->devices, &rmrru->devices_cnt); -- kfree(rmrru->resv); - kfree(rmrru); - } - -@@ -5183,22 +5177,33 @@ static void intel_iommu_remove_device(struct device *dev) - static void intel_iommu_get_resv_regions(struct device *device, - struct list_head *head) - { -+ int prot = DMA_PTE_READ | DMA_PTE_WRITE; - struct iommu_resv_region *reg; - struct dmar_rmrr_unit *rmrr; - struct device *i_dev; - int i; - -- rcu_read_lock(); -+ down_read(&dmar_global_lock); - for_each_rmrr_units(rmrr) { - for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt, - i, i_dev) { -+ struct iommu_resv_region *resv; -+ size_t length; -+ - if (i_dev != device) - continue; - -- list_add_tail(&rmrr->resv->list, head); -+ length = rmrr->end_address - rmrr->base_address + 1; -+ resv = iommu_alloc_resv_region(rmrr->base_address, -+ length, prot, -+ IOMMU_RESV_DIRECT); -+ if (!resv) -+ break; -+ -+ list_add_tail(&resv->list, head); - } - } -- rcu_read_unlock(); -+ up_read(&dmar_global_lock); - - reg = iommu_alloc_resv_region(IOAPIC_RANGE_START, - IOAPIC_RANGE_END - IOAPIC_RANGE_START + 1, -@@ -5213,10 +5218,8 @@ static void intel_iommu_put_resv_regions(struct device *dev, - { - struct iommu_resv_region *entry, *next; - -- list_for_each_entry_safe(entry, next, head, list) { -- if (entry->type == IOMMU_RESV_MSI) -- kfree(entry); -- } -+ list_for_each_entry_safe(entry, next, head, list) -+ kfree(entry); - } - - #ifdef CONFIG_INTEL_IOMMU_SVM -diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index 4b761678a18b..2c48a9d6d91e 100644 ---- a/drivers/iommu/iommu.c -+++ b/drivers/iommu/iommu.c -@@ -1856,9 +1856,9 @@ int iommu_request_dm_for_dev(struct device *dev) - int ret; - - /* Device must already be in a group before calling this function */ -- group = iommu_group_get_for_dev(dev); -- if (IS_ERR(group)) -- return PTR_ERR(group); -+ group = iommu_group_get(dev); -+ if (!group) -+ return -EINVAL; - - mutex_lock(&group->mutex); - -diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c -index c30f62700431..0f99e95a1a73 100644 ---- a/drivers/iommu/mtk_iommu.c -+++ b/drivers/iommu/mtk_iommu.c -@@ -115,6 +115,30 @@ struct mtk_iommu_domain { - - static struct iommu_ops mtk_iommu_ops; - -+/* -+ * In M4U 4GB mode, the physical address is remapped as below: -+ * -+ * CPU Physical address: -+ * ==================== -+ * -+ * 0 1G 2G 3G 4G 5G -+ * |---A---|---B---|---C---|---D---|---E---| -+ * +--I/O--+------------Memory-------------+ -+ * -+ * IOMMU output physical address: -+ * ============================= -+ * -+ * 4G 5G 6G 7G 8G -+ * |---E---|---B---|---C---|---D---| -+ * +------------Memory-------------+ -+ * -+ * The Region 'A'(I/O) can NOT be mapped by M4U; For Region 'B'/'C'/'D', the -+ * bit32 of the CPU physical address always is needed to set, and for Region -+ * 'E', the CPU physical address keep as is. -+ * Additionally, The iommu consumers always use the CPU phyiscal address. -+ */ -+#define MTK_IOMMU_4GB_MODE_REMAP_BASE 0x40000000 -+ - static LIST_HEAD(m4ulist); /* List all the M4U HWs */ - - #define for_each_m4u(data) list_for_each_entry(data, &m4ulist, list) -@@ -404,7 +428,7 @@ static phys_addr_t mtk_iommu_iova_to_phys(struct iommu_domain *domain, - pa = dom->iop->iova_to_phys(dom->iop, iova); - spin_unlock_irqrestore(&dom->pgtlock, flags); - -- if (data->enable_4GB) -+ if (data->enable_4GB && pa < MTK_IOMMU_4GB_MODE_REMAP_BASE) - pa |= BIT_ULL(32); - - return pa; -diff --git a/drivers/lightnvm/pblk-rb.c b/drivers/lightnvm/pblk-rb.c -index c0dd17a82170..73de2deaba67 100644 ---- a/drivers/lightnvm/pblk-rb.c -+++ b/drivers/lightnvm/pblk-rb.c -@@ -825,8 +825,8 @@ int pblk_rb_tear_down_check(struct pblk_rb *rb) - } - - out: -- spin_unlock(&rb->w_lock); - spin_unlock_irq(&rb->s_lock); -+ spin_unlock(&rb->w_lock); - - return ret; - } -diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c -index 44b0584eb8a6..e7768ed1ff9c 100644 ---- a/drivers/media/i2c/ov2659.c -+++ b/drivers/media/i2c/ov2659.c -@@ -1136,7 +1136,7 @@ static int ov2659_set_fmt(struct v4l2_subdev *sd, - mf = v4l2_subdev_get_try_format(sd, cfg, fmt->pad); - *mf = fmt->format; - #else -- return -ENOTTY; -+ ret = -ENOTTY; - #endif - } else { - s64 val; -diff --git a/drivers/media/pci/cx18/cx18-fileops.c b/drivers/media/pci/cx18/cx18-fileops.c -index 98467b2089fa..099d59b992c1 100644 ---- a/drivers/media/pci/cx18/cx18-fileops.c -+++ b/drivers/media/pci/cx18/cx18-fileops.c -@@ -484,7 +484,7 @@ static ssize_t cx18_read_pos(struct cx18_stream *s, char __user *ubuf, - - CX18_DEBUG_HI_FILE("read %zd from %s, got %zd\n", count, s->name, rc); - if (rc > 0) -- pos += rc; -+ *pos += rc; - return rc; - } - -diff --git a/drivers/media/pci/cx23885/cx23885-dvb.c b/drivers/media/pci/cx23885/cx23885-dvb.c -index e795ddeb7fe2..60f122edaefb 100644 ---- a/drivers/media/pci/cx23885/cx23885-dvb.c -+++ b/drivers/media/pci/cx23885/cx23885-dvb.c -@@ -1460,8 +1460,9 @@ static int dvb_register(struct cx23885_tsport *port) - if (fe0->dvb.frontend != NULL) { - struct i2c_adapter *tun_i2c; - -- fe0->dvb.frontend->sec_priv = kmalloc(sizeof(dib7000p_ops), GFP_KERNEL); -- memcpy(fe0->dvb.frontend->sec_priv, &dib7000p_ops, sizeof(dib7000p_ops)); -+ fe0->dvb.frontend->sec_priv = kmemdup(&dib7000p_ops, sizeof(dib7000p_ops), GFP_KERNEL); -+ if (!fe0->dvb.frontend->sec_priv) -+ return -ENOMEM; - tun_i2c = dib7000p_ops.get_i2c_master(fe0->dvb.frontend, DIBX000_I2C_INTERFACE_TUNER, 1); - if (!dvb_attach(dib0070_attach, fe0->dvb.frontend, tun_i2c, &dib7070p_dib0070_config)) - return -ENODEV; -diff --git a/drivers/media/pci/ivtv/ivtv-fileops.c b/drivers/media/pci/ivtv/ivtv-fileops.c -index c9bd018e53de..e2b19c3eaa87 100644 ---- a/drivers/media/pci/ivtv/ivtv-fileops.c -+++ b/drivers/media/pci/ivtv/ivtv-fileops.c -@@ -420,7 +420,7 @@ static ssize_t ivtv_read_pos(struct ivtv_stream *s, char __user *ubuf, size_t co - - IVTV_DEBUG_HI_FILE("read %zd from %s, got %zd\n", count, s->name, rc); - if (rc > 0) -- pos += rc; -+ *pos += rc; - return rc; - } - -diff --git a/drivers/media/pci/tw5864/tw5864-video.c b/drivers/media/pci/tw5864/tw5864-video.c -index e7bd2b8484e3..ee1230440b39 100644 ---- a/drivers/media/pci/tw5864/tw5864-video.c -+++ b/drivers/media/pci/tw5864/tw5864-video.c -@@ -1395,13 +1395,13 @@ static void tw5864_handle_frame(struct tw5864_h264_frame *frame) - input->vb = NULL; - spin_unlock_irqrestore(&input->slock, flags); - -- v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf); -- - if (!vb) { /* Gone because of disabling */ - dev_dbg(&dev->pci->dev, "vb is empty, dropping frame\n"); - return; - } - -+ v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf); -+ - /* - * Check for space. - * Mind the overhead of startcode emulation prevention. -diff --git a/drivers/media/platform/atmel/atmel-isi.c b/drivers/media/platform/atmel/atmel-isi.c -index 891fa2505efa..2f962a3418f6 100644 ---- a/drivers/media/platform/atmel/atmel-isi.c -+++ b/drivers/media/platform/atmel/atmel-isi.c -@@ -496,7 +496,7 @@ static void stop_streaming(struct vb2_queue *vq) - spin_unlock_irq(&isi->irqlock); - - if (!isi->enable_preview_path) { -- timeout = jiffies + FRAME_INTERVAL_MILLI_SEC * HZ; -+ timeout = jiffies + (FRAME_INTERVAL_MILLI_SEC * HZ) / 1000; - /* Wait until the end of the current frame. */ - while ((isi_readl(isi, ISI_STATUS) & ISI_CTRL_CDC) && - time_before(jiffies, timeout)) -diff --git a/drivers/media/platform/davinci/isif.c b/drivers/media/platform/davinci/isif.c -index 90d0f13283ae..12065ad1ac45 100644 ---- a/drivers/media/platform/davinci/isif.c -+++ b/drivers/media/platform/davinci/isif.c -@@ -886,9 +886,7 @@ static int isif_set_hw_if_params(struct vpfe_hw_if_param *params) - static int isif_config_ycbcr(void) - { - struct isif_ycbcr_config *params = &isif_cfg.ycbcr; -- struct vpss_pg_frame_size frame_size; - u32 modeset = 0, ccdcfg = 0; -- struct vpss_sync_pol sync; - - dev_dbg(isif_cfg.dev, "\nStarting isif_config_ycbcr..."); - -@@ -976,13 +974,6 @@ static int isif_config_ycbcr(void) - /* two fields are interleaved in memory */ - regw(0x00000249, SDOFST); - -- /* Setup test pattern if enabled */ -- if (isif_cfg.bayer.config_params.test_pat_gen) { -- sync.ccdpg_hdpol = params->hd_pol; -- sync.ccdpg_vdpol = params->vd_pol; -- dm365_vpss_set_sync_pol(sync); -- dm365_vpss_set_pg_frame_size(frame_size); -- } - return 0; - } - -diff --git a/drivers/media/platform/davinci/vpbe.c b/drivers/media/platform/davinci/vpbe.c -index 1d3c13e36904..915af9ca4711 100644 ---- a/drivers/media/platform/davinci/vpbe.c -+++ b/drivers/media/platform/davinci/vpbe.c -@@ -126,7 +126,7 @@ static int vpbe_enum_outputs(struct vpbe_device *vpbe_dev, - struct v4l2_output *output) - { - struct vpbe_config *cfg = vpbe_dev->cfg; -- int temp_index = output->index; -+ unsigned int temp_index = output->index; - - if (temp_index >= cfg->num_outputs) - return -EINVAL; -diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index 4d29860d27b4..18604b608ab2 100644 ---- a/drivers/media/platform/omap/omap_vout.c -+++ b/drivers/media/platform/omap/omap_vout.c -@@ -1527,23 +1527,20 @@ static int vidioc_dqbuf(struct file *file, void *fh, struct v4l2_buffer *b) - unsigned long size; - struct videobuf_buffer *vb; - -- vb = q->bufs[b->index]; -- - if (!vout->streaming) - return -EINVAL; - -- if (file->f_flags & O_NONBLOCK) -- /* Call videobuf_dqbuf for non blocking mode */ -- ret = videobuf_dqbuf(q, (struct v4l2_buffer *)b, 1); -- else -- /* Call videobuf_dqbuf for blocking mode */ -- ret = videobuf_dqbuf(q, (struct v4l2_buffer *)b, 0); -+ ret = videobuf_dqbuf(q, b, !!(file->f_flags & O_NONBLOCK)); -+ if (ret) -+ return ret; -+ -+ vb = q->bufs[b->index]; - - addr = (unsigned long) vout->buf_phy_addr[vb->i]; - size = (unsigned long) vb->size; - dma_unmap_single(vout->vid_dev->v4l2_dev.dev, addr, - size, DMA_TO_DEVICE); -- return ret; -+ return 0; - } - - static int vidioc_streamon(struct file *file, void *fh, enum v4l2_buf_type i) -diff --git a/drivers/media/platform/s5p-jpeg/jpeg-core.c b/drivers/media/platform/s5p-jpeg/jpeg-core.c -index 4568e68e15fa..85a5e33600c0 100644 ---- a/drivers/media/platform/s5p-jpeg/jpeg-core.c -+++ b/drivers/media/platform/s5p-jpeg/jpeg-core.c -@@ -2005,7 +2005,7 @@ static int s5p_jpeg_controls_create(struct s5p_jpeg_ctx *ctx) - - v4l2_ctrl_new_std(&ctx->ctrl_handler, &s5p_jpeg_ctrl_ops, - V4L2_CID_JPEG_RESTART_INTERVAL, -- 0, 3, 0xffff, 0); -+ 0, 0xffff, 1, 0); - if (ctx->jpeg->variant->version == SJPEG_S5P) - mask = ~0x06; /* 422, 420 */ - } -diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c -index bdc380b14e0c..a95b7c56569e 100644 ---- a/drivers/media/platform/vivid/vivid-osd.c -+++ b/drivers/media/platform/vivid/vivid-osd.c -@@ -167,7 +167,7 @@ static int _vivid_fb_check_var(struct fb_var_screeninfo *var, struct vivid_dev * - var->nonstd = 0; - - var->vmode &= ~FB_VMODE_MASK; -- var->vmode = FB_VMODE_NONINTERLACED; -+ var->vmode |= FB_VMODE_NONINTERLACED; - - /* Dummy values */ - var->hsync_len = 24; -diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c -index 26895ae42fcf..2d20d908e280 100644 ---- a/drivers/media/radio/wl128x/fmdrv_common.c -+++ b/drivers/media/radio/wl128x/fmdrv_common.c -@@ -1271,8 +1271,9 @@ static int fm_download_firmware(struct fmdev *fmdev, const u8 *fw_name) - - switch (action->type) { - case ACTION_SEND_COMMAND: /* Send */ -- if (fmc_send_cmd(fmdev, 0, 0, action->data, -- action->size, NULL, NULL)) -+ ret = fmc_send_cmd(fmdev, 0, 0, action->data, -+ action->size, NULL, NULL); -+ if (ret) - goto rel_fw; - - cmd_cnt++; -diff --git a/drivers/mfd/intel-lpss-pci.c b/drivers/mfd/intel-lpss-pci.c -index 2b7e8eeaa59e..0504761516f7 100644 ---- a/drivers/mfd/intel-lpss-pci.c -+++ b/drivers/mfd/intel-lpss-pci.c -@@ -126,6 +126,18 @@ static const struct intel_lpss_platform_info apl_i2c_info = { - .properties = apl_i2c_properties, - }; - -+static struct property_entry glk_i2c_properties[] = { -+ PROPERTY_ENTRY_U32("i2c-sda-hold-time-ns", 313), -+ PROPERTY_ENTRY_U32("i2c-sda-falling-time-ns", 171), -+ PROPERTY_ENTRY_U32("i2c-scl-falling-time-ns", 290), -+ { }, -+}; -+ -+static const struct intel_lpss_platform_info glk_i2c_info = { -+ .clk_rate = 133000000, -+ .properties = glk_i2c_properties, -+}; -+ - static const struct intel_lpss_platform_info cnl_i2c_info = { - .clk_rate = 216000000, - .properties = spt_i2c_properties, -@@ -165,14 +177,14 @@ static const struct pci_device_id intel_lpss_pci_ids[] = { - { PCI_VDEVICE(INTEL, 0x1ac6), (kernel_ulong_t)&bxt_info }, - { PCI_VDEVICE(INTEL, 0x1aee), (kernel_ulong_t)&bxt_uart_info }, - /* GLK */ -- { PCI_VDEVICE(INTEL, 0x31ac), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31ae), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31b0), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31b2), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31b4), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31b6), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31b8), (kernel_ulong_t)&bxt_i2c_info }, -- { PCI_VDEVICE(INTEL, 0x31ba), (kernel_ulong_t)&bxt_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31ac), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31ae), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31b0), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31b2), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31b4), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31b6), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31b8), (kernel_ulong_t)&glk_i2c_info }, -+ { PCI_VDEVICE(INTEL, 0x31ba), (kernel_ulong_t)&glk_i2c_info }, - { PCI_VDEVICE(INTEL, 0x31bc), (kernel_ulong_t)&bxt_uart_info }, - { PCI_VDEVICE(INTEL, 0x31be), (kernel_ulong_t)&bxt_uart_info }, - { PCI_VDEVICE(INTEL, 0x31c0), (kernel_ulong_t)&bxt_uart_info }, -diff --git a/drivers/mfd/intel-lpss.c b/drivers/mfd/intel-lpss.c -index b5c4f8f974aa..9ed573e232c0 100644 ---- a/drivers/mfd/intel-lpss.c -+++ b/drivers/mfd/intel-lpss.c -@@ -541,6 +541,7 @@ module_init(intel_lpss_init); - - static void __exit intel_lpss_exit(void) - { -+ ida_destroy(&intel_lpss_devid_ida); - debugfs_remove(intel_lpss_debugfs); - } - module_exit(intel_lpss_exit); -diff --git a/drivers/misc/mic/card/mic_x100.c b/drivers/misc/mic/card/mic_x100.c -index b9f0710ffa6b..4007adc666f3 100644 ---- a/drivers/misc/mic/card/mic_x100.c -+++ b/drivers/misc/mic/card/mic_x100.c -@@ -249,6 +249,9 @@ static int __init mic_probe(struct platform_device *pdev) - mdrv->dev = &pdev->dev; - snprintf(mdrv->name, sizeof(mic_driver_name), mic_driver_name); - -+ /* FIXME: use dma_set_mask_and_coherent() and check result */ -+ dma_coerce_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64)); -+ - mdev->mmio.pa = MIC_X100_MMIO_BASE; - mdev->mmio.len = MIC_X100_MMIO_LEN; - mdev->mmio.va = devm_ioremap(&pdev->dev, MIC_X100_MMIO_BASE, -@@ -294,18 +297,6 @@ static void mic_platform_shutdown(struct platform_device *pdev) - mic_remove(pdev); - } - --static u64 mic_dma_mask = DMA_BIT_MASK(64); -- --static struct platform_device mic_platform_dev = { -- .name = mic_driver_name, -- .id = 0, -- .num_resources = 0, -- .dev = { -- .dma_mask = &mic_dma_mask, -- .coherent_dma_mask = DMA_BIT_MASK(64), -- }, --}; -- - static struct platform_driver __refdata mic_platform_driver = { - .probe = mic_probe, - .remove = mic_remove, -@@ -315,6 +306,8 @@ static struct platform_driver __refdata mic_platform_driver = { - }, - }; - -+static struct platform_device *mic_platform_dev; -+ - static int __init mic_init(void) - { - int ret; -@@ -328,9 +321,12 @@ static int __init mic_init(void) - - request_module("mic_x100_dma"); - mic_init_card_debugfs(); -- ret = platform_device_register(&mic_platform_dev); -+ -+ mic_platform_dev = platform_device_register_simple(mic_driver_name, -+ 0, NULL, 0); -+ ret = PTR_ERR_OR_ZERO(mic_platform_dev); - if (ret) { -- pr_err("platform_device_register ret %d\n", ret); -+ pr_err("platform_device_register_full ret %d\n", ret); - goto cleanup_debugfs; - } - ret = platform_driver_register(&mic_platform_driver); -@@ -341,7 +337,7 @@ static int __init mic_init(void) - return ret; - - device_unregister: -- platform_device_unregister(&mic_platform_dev); -+ platform_device_unregister(mic_platform_dev); - cleanup_debugfs: - mic_exit_card_debugfs(); - done: -@@ -351,7 +347,7 @@ done: - static void __exit mic_exit(void) - { - platform_driver_unregister(&mic_platform_driver); -- platform_device_unregister(&mic_platform_dev); -+ platform_device_unregister(mic_platform_dev); - mic_exit_card_debugfs(); - } - -diff --git a/drivers/misc/sgi-xp/xpc_partition.c b/drivers/misc/sgi-xp/xpc_partition.c -index 6956f7e7d439..ca5f0102daef 100644 ---- a/drivers/misc/sgi-xp/xpc_partition.c -+++ b/drivers/misc/sgi-xp/xpc_partition.c -@@ -70,7 +70,7 @@ xpc_get_rsvd_page_pa(int nasid) - unsigned long rp_pa = nasid; /* seed with nasid */ - size_t len = 0; - size_t buf_len = 0; -- void *buf = buf; -+ void *buf = NULL; - void *buf_base = NULL; - enum xp_retval (*get_partition_rsvd_page_pa) - (void *, u64 *, unsigned long *, size_t *) = -diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c -index ad88deb2e8f3..3740fb0052a4 100644 ---- a/drivers/mmc/core/host.c -+++ b/drivers/mmc/core/host.c -@@ -376,8 +376,6 @@ struct mmc_host *mmc_alloc_host(int extra, struct device *dev) - - if (mmc_gpio_alloc(host)) { - put_device(&host->class_dev); -- ida_simple_remove(&mmc_host_ida, host->index); -- kfree(host); - return NULL; - } - -diff --git a/drivers/mmc/core/quirks.h b/drivers/mmc/core/quirks.h -index 5153577754f0..09897abb79ed 100644 ---- a/drivers/mmc/core/quirks.h -+++ b/drivers/mmc/core/quirks.h -@@ -119,7 +119,14 @@ static const struct mmc_fixup mmc_ext_csd_fixups[] = { - END_FIXUP - }; - -+ - static const struct mmc_fixup sdio_fixup_methods[] = { -+ SDIO_FIXUP(SDIO_VENDOR_ID_TI_WL1251, SDIO_DEVICE_ID_TI_WL1251, -+ add_quirk, MMC_QUIRK_NONSTD_FUNC_IF), -+ -+ SDIO_FIXUP(SDIO_VENDOR_ID_TI_WL1251, SDIO_DEVICE_ID_TI_WL1251, -+ add_quirk, MMC_QUIRK_DISABLE_CD), -+ - SDIO_FIXUP(SDIO_VENDOR_ID_TI, SDIO_DEVICE_ID_TI_WL1271, - add_quirk, MMC_QUIRK_NONSTD_FUNC_IF), - -diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c -index 552bddc5096c..1cd10356fc14 100644 ---- a/drivers/mmc/host/sdhci-brcmstb.c -+++ b/drivers/mmc/host/sdhci-brcmstb.c -@@ -55,7 +55,9 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev) - } - - sdhci_get_of_property(pdev); -- mmc_of_parse(host->mmc); -+ res = mmc_of_parse(host->mmc); -+ if (res) -+ goto err; - - /* - * Supply the existing CAPS, but clear the UHS modes. This -diff --git a/drivers/net/dsa/qca8k.c b/drivers/net/dsa/qca8k.c -index 8e49974ffa0e..8ee59b20b47a 100644 ---- a/drivers/net/dsa/qca8k.c -+++ b/drivers/net/dsa/qca8k.c -@@ -459,6 +459,18 @@ qca8k_set_pad_ctrl(struct qca8k_priv *priv, int port, int mode) - qca8k_write(priv, QCA8K_REG_PORT5_PAD_CTRL, - QCA8K_PORT_PAD_RGMII_RX_DELAY_EN); - break; -+ case PHY_INTERFACE_MODE_RGMII_ID: -+ /* RGMII_ID needs internal delay. This is enabled through -+ * PORT5_PAD_CTRL for all ports, rather than individual port -+ * registers -+ */ -+ qca8k_write(priv, reg, -+ QCA8K_PORT_PAD_RGMII_EN | -+ QCA8K_PORT_PAD_RGMII_TX_DELAY(QCA8K_MAX_DELAY) | -+ QCA8K_PORT_PAD_RGMII_RX_DELAY(QCA8K_MAX_DELAY)); -+ qca8k_write(priv, QCA8K_REG_PORT5_PAD_CTRL, -+ QCA8K_PORT_PAD_RGMII_RX_DELAY_EN); -+ break; - case PHY_INTERFACE_MODE_SGMII: - qca8k_write(priv, reg, QCA8K_PORT_PAD_SGMII_EN); - break; -diff --git a/drivers/net/dsa/qca8k.h b/drivers/net/dsa/qca8k.h -index 613fe5c50236..d146e54c8a6c 100644 ---- a/drivers/net/dsa/qca8k.h -+++ b/drivers/net/dsa/qca8k.h -@@ -40,6 +40,7 @@ - ((0x8 + (x & 0x3)) << 22) - #define QCA8K_PORT_PAD_RGMII_RX_DELAY(x) \ - ((0x10 + (x & 0x3)) << 20) -+#define QCA8K_MAX_DELAY 3 - #define QCA8K_PORT_PAD_RGMII_RX_DELAY_EN BIT(24) - #define QCA8K_PORT_PAD_SGMII_EN BIT(7) - #define QCA8K_REG_MODULE_EN 0x030 -diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c -index 1a4ffc5d3da4..10e6053f6671 100644 ---- a/drivers/net/ethernet/amazon/ena/ena_com.c -+++ b/drivers/net/ethernet/amazon/ena/ena_com.c -@@ -2002,7 +2002,7 @@ int ena_com_set_hash_function(struct ena_com_dev *ena_dev) - if (unlikely(ret)) - return ret; - -- if (get_resp.u.flow_hash_func.supported_func & (1 << rss->hash_func)) { -+ if (!(get_resp.u.flow_hash_func.supported_func & BIT(rss->hash_func))) { - pr_err("Func hash %d isn't supported by device, abort\n", - rss->hash_func); - return -EOPNOTSUPP; -@@ -2087,6 +2087,7 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev, - return -EINVAL; - } - -+ rss->hash_func = func; - rc = ena_com_set_hash_function(ena_dev); - - /* Restore the old function */ -diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c -index 967020fb26ee..a2f02c23fe14 100644 ---- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c -+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c -@@ -694,8 +694,8 @@ static int ena_set_rxfh(struct net_device *netdev, const u32 *indir, - if (indir) { - for (i = 0; i < ENA_RX_RSS_TABLE_SIZE; i++) { - rc = ena_com_indirect_table_fill_entry(ena_dev, -- ENA_IO_RXQ_IDX(indir[i]), -- i); -+ i, -+ ENA_IO_RXQ_IDX(indir[i])); - if (unlikely(rc)) { - netif_err(adapter, drv, netdev, - "Cannot fill indirect table (index is too large)\n"); -diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c -index d22b138c2b09..518ff393a026 100644 ---- a/drivers/net/ethernet/amazon/ena/ena_netdev.c -+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c -@@ -1796,6 +1796,7 @@ err_setup_rx: - err_setup_tx: - ena_free_io_irq(adapter); - err_req_irq: -+ ena_del_napi(adapter); - - return rc; - } -diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_vec.c b/drivers/net/ethernet/aquantia/atlantic/aq_vec.c -index 5fecc9a099ef..bb2894a333f2 100644 ---- a/drivers/net/ethernet/aquantia/atlantic/aq_vec.c -+++ b/drivers/net/ethernet/aquantia/atlantic/aq_vec.c -@@ -310,15 +310,13 @@ irqreturn_t aq_vec_isr_legacy(int irq, void *private) - { - struct aq_vec_s *self = private; - u64 irq_mask = 0U; -- irqreturn_t err = 0; -+ int err; - -- if (!self) { -- err = -EINVAL; -- goto err_exit; -- } -+ if (!self) -+ return IRQ_NONE; - err = self->aq_hw_ops->hw_irq_read(self->aq_hw, &irq_mask); - if (err < 0) -- goto err_exit; -+ return IRQ_NONE; - - if (irq_mask) { - self->aq_hw_ops->hw_irq_disable(self->aq_hw, -@@ -326,11 +324,10 @@ irqreturn_t aq_vec_isr_legacy(int irq, void *private) - napi_schedule(&self->napi); - } else { - self->aq_hw_ops->hw_irq_enable(self->aq_hw, 1U); -- err = IRQ_NONE; -+ return IRQ_NONE; - } - --err_exit: -- return err >= 0 ? IRQ_HANDLED : IRQ_NONE; -+ return IRQ_HANDLED; - } - - cpumask_t *aq_vec_get_affinity_mask(struct aq_vec_s *self) -diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c -index b0abd187cead..b83ee74d2839 100644 ---- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c -+++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c -@@ -182,8 +182,8 @@ static int hw_atl_a0_hw_rss_set(struct aq_hw_s *self, - u32 i = 0U; - u32 num_rss_queues = max(1U, self->aq_nic_cfg->num_rss_queues); - int err = 0; -- u16 bitary[(HW_ATL_A0_RSS_REDIRECTION_MAX * -- HW_ATL_A0_RSS_REDIRECTION_BITS / 16U)]; -+ u16 bitary[1 + (HW_ATL_A0_RSS_REDIRECTION_MAX * -+ HW_ATL_A0_RSS_REDIRECTION_BITS / 16U)]; - - memset(bitary, 0, sizeof(bitary)); - -diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c -index 236325f48ec9..1c1bb074f664 100644 ---- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c -+++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c -@@ -183,8 +183,8 @@ static int hw_atl_b0_hw_rss_set(struct aq_hw_s *self, - u32 i = 0U; - u32 num_rss_queues = max(1U, self->aq_nic_cfg->num_rss_queues); - int err = 0; -- u16 bitary[(HW_ATL_B0_RSS_REDIRECTION_MAX * -- HW_ATL_B0_RSS_REDIRECTION_BITS / 16U)]; -+ u16 bitary[1 + (HW_ATL_B0_RSS_REDIRECTION_MAX * -+ HW_ATL_B0_RSS_REDIRECTION_BITS / 16U)]; - - memset(bitary, 0, sizeof(bitary)); - -diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c -index 79018fea7be2..69b2f99b0c19 100644 ---- a/drivers/net/ethernet/broadcom/bcmsysport.c -+++ b/drivers/net/ethernet/broadcom/bcmsysport.c -@@ -2116,7 +2116,7 @@ static int bcm_sysport_probe(struct platform_device *pdev) - - priv->phy_interface = of_get_phy_mode(dn); - /* Default to GMII interface mode */ -- if (priv->phy_interface < 0) -+ if ((int)priv->phy_interface < 0) - priv->phy_interface = PHY_INTERFACE_MODE_GMII; - - /* In the case of a fixed PHY, the DT node associated -diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c -index fc8e185718a1..3c78cd1cdd6f 100644 ---- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c -+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c -@@ -1667,21 +1667,19 @@ static int bnxt_flash_package_from_file(struct net_device *dev, - mutex_lock(&bp->hwrm_cmd_lock); - hwrm_err = _hwrm_send_message(bp, &install, sizeof(install), - INSTALL_PACKAGE_TIMEOUT); -- if (hwrm_err) -- goto flash_pkg_exit; -- -- if (resp->error_code) { -+ if (hwrm_err) { - u8 error_code = ((struct hwrm_err_output *)resp)->cmd_err; - -- if (error_code == NVM_INSTALL_UPDATE_CMD_ERR_CODE_FRAG_ERR) { -+ if (resp->error_code && error_code == -+ NVM_INSTALL_UPDATE_CMD_ERR_CODE_FRAG_ERR) { - install.flags |= cpu_to_le16( - NVM_INSTALL_UPDATE_REQ_FLAGS_ALLOWED_TO_DEFRAG); - hwrm_err = _hwrm_send_message(bp, &install, - sizeof(install), - INSTALL_PACKAGE_TIMEOUT); -- if (hwrm_err) -- goto flash_pkg_exit; - } -+ if (hwrm_err) -+ goto flash_pkg_exit; - } - - if (resp->result) { -@@ -2463,7 +2461,7 @@ static void bnxt_self_test(struct net_device *dev, struct ethtool_test *etest, - bool offline = false; - u8 test_results = 0; - u8 test_mask = 0; -- int rc, i; -+ int rc = 0, i; - - if (!bp->num_tests || !BNXT_SINGLE_PF(bp)) - return; -@@ -2521,9 +2519,9 @@ static void bnxt_self_test(struct net_device *dev, struct ethtool_test *etest, - } - bnxt_hwrm_phy_loopback(bp, false); - bnxt_half_close_nic(bp); -- bnxt_open_nic(bp, false, true); -+ rc = bnxt_open_nic(bp, false, true); - } -- if (bnxt_test_irq(bp)) { -+ if (rc || bnxt_test_irq(bp)) { - buf[BNXT_IRQ_TEST_IDX] = 1; - etest->flags |= ETH_TEST_FL_FAILED; - } -diff --git a/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c b/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c -index aab6fb10af94..6adf6831d120 100644 ---- a/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c -+++ b/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c -@@ -1202,7 +1202,7 @@ static int hix5hd2_dev_probe(struct platform_device *pdev) - goto err_free_mdio; - - priv->phy_mode = of_get_phy_mode(node); -- if (priv->phy_mode < 0) { -+ if ((int)priv->phy_mode < 0) { - netdev_err(ndev, "not find phy-mode\n"); - ret = -EINVAL; - goto err_mdiobus; -diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h -index 9fcfd9395424..a4c5e72d6012 100644 ---- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h -+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h -@@ -480,7 +480,7 @@ struct hclge_vport { - u16 alloc_rss_size; - - u16 qs_offset; -- u16 bw_limit; /* VSI BW Limit (0 = disabled) */ -+ u32 bw_limit; /* VSI BW Limit (0 = disabled) */ - u8 dwrr; - - int vport_id; -diff --git a/drivers/net/ethernet/ibm/ehea/ehea_main.c b/drivers/net/ethernet/ibm/ehea/ehea_main.c -index 30cbdf0fed59..373deb247ac0 100644 ---- a/drivers/net/ethernet/ibm/ehea/ehea_main.c -+++ b/drivers/net/ethernet/ibm/ehea/ehea_main.c -@@ -1475,7 +1475,7 @@ static int ehea_init_port_res(struct ehea_port *port, struct ehea_port_res *pr, - - memset(pr, 0, sizeof(struct ehea_port_res)); - -- pr->tx_bytes = rx_bytes; -+ pr->tx_bytes = tx_bytes; - pr->tx_packets = tx_packets; - pr->rx_bytes = rx_bytes; - pr->rx_packets = rx_packets; -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -index 0edfd199937d..e4c1e6345edd 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -@@ -1871,13 +1871,7 @@ static void ixgbe_pull_tail(struct ixgbe_ring *rx_ring, - static void ixgbe_dma_sync_frag(struct ixgbe_ring *rx_ring, - struct sk_buff *skb) - { -- /* if the page was released unmap it, else just sync our portion */ -- if (unlikely(IXGBE_CB(skb)->page_released)) { -- dma_unmap_page_attrs(rx_ring->dev, IXGBE_CB(skb)->dma, -- ixgbe_rx_pg_size(rx_ring), -- DMA_FROM_DEVICE, -- IXGBE_RX_DMA_ATTR); -- } else if (ring_uses_build_skb(rx_ring)) { -+ if (ring_uses_build_skb(rx_ring)) { - unsigned long offset = (unsigned long)(skb->data) & ~PAGE_MASK; - - dma_sync_single_range_for_cpu(rx_ring->dev, -@@ -1894,6 +1888,14 @@ static void ixgbe_dma_sync_frag(struct ixgbe_ring *rx_ring, - skb_frag_size(frag), - DMA_FROM_DEVICE); - } -+ -+ /* If the page was released, just unmap it. */ -+ if (unlikely(IXGBE_CB(skb)->page_released)) { -+ dma_unmap_page_attrs(rx_ring->dev, IXGBE_CB(skb)->dma, -+ ixgbe_rx_pg_size(rx_ring), -+ DMA_FROM_DEVICE, -+ IXGBE_RX_DMA_ATTR); -+ } - } - - /** -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/qp.c b/drivers/net/ethernet/mellanox/mlx5/core/qp.c -index 5f091c6ea049..b92d5690287b 100644 ---- a/drivers/net/ethernet/mellanox/mlx5/core/qp.c -+++ b/drivers/net/ethernet/mellanox/mlx5/core/qp.c -@@ -44,14 +44,15 @@ static struct mlx5_core_rsc_common *mlx5_get_rsc(struct mlx5_core_dev *dev, - { - struct mlx5_qp_table *table = &dev->priv.qp_table; - struct mlx5_core_rsc_common *common; -+ unsigned long flags; - -- spin_lock(&table->lock); -+ spin_lock_irqsave(&table->lock, flags); - - common = radix_tree_lookup(&table->tree, rsn); - if (common) - atomic_inc(&common->refcount); - -- spin_unlock(&table->lock); -+ spin_unlock_irqrestore(&table->lock, flags); - - if (!common) { - mlx5_core_warn(dev, "Async event for bogus resource 0x%x\n", -diff --git a/drivers/net/ethernet/mellanox/mlxsw/reg.h b/drivers/net/ethernet/mellanox/mlxsw/reg.h -index 8ab7a4f98a07..e7974ba06432 100644 ---- a/drivers/net/ethernet/mellanox/mlxsw/reg.h -+++ b/drivers/net/ethernet/mellanox/mlxsw/reg.h -@@ -2452,7 +2452,7 @@ static inline void mlxsw_reg_qtct_pack(char *payload, u8 local_port, - * Configures the ETS elements. - */ - #define MLXSW_REG_QEEC_ID 0x400D --#define MLXSW_REG_QEEC_LEN 0x1C -+#define MLXSW_REG_QEEC_LEN 0x20 - - MLXSW_REG_DEFINE(qeec, MLXSW_REG_QEEC_ID, MLXSW_REG_QEEC_LEN); - -@@ -2494,6 +2494,15 @@ MLXSW_ITEM32(reg, qeec, element_index, 0x04, 0, 8); - */ - MLXSW_ITEM32(reg, qeec, next_element_index, 0x08, 0, 8); - -+/* reg_qeec_mise -+ * Min shaper configuration enable. Enables configuration of the min -+ * shaper on this ETS element -+ * 0 - Disable -+ * 1 - Enable -+ * Access: RW -+ */ -+MLXSW_ITEM32(reg, qeec, mise, 0x0C, 31, 1); -+ - enum { - MLXSW_REG_QEEC_BYTES_MODE, - MLXSW_REG_QEEC_PACKETS_MODE, -@@ -2510,6 +2519,17 @@ enum { - */ - MLXSW_ITEM32(reg, qeec, pb, 0x0C, 28, 1); - -+/* The smallest permitted min shaper rate. */ -+#define MLXSW_REG_QEEC_MIS_MIN 200000 /* Kbps */ -+ -+/* reg_qeec_min_shaper_rate -+ * Min shaper information rate. -+ * For CPU port, can only be configured for port hierarchy. -+ * When in bytes mode, value is specified in units of 1000bps. -+ * Access: RW -+ */ -+MLXSW_ITEM32(reg, qeec, min_shaper_rate, 0x0C, 0, 28); -+ - /* reg_qeec_mase - * Max shaper configuration enable. Enables configuration of the max - * shaper on this ETS element. -diff --git a/drivers/net/ethernet/natsemi/sonic.c b/drivers/net/ethernet/natsemi/sonic.c -index 23821540ab07..a051dddcbd76 100644 ---- a/drivers/net/ethernet/natsemi/sonic.c -+++ b/drivers/net/ethernet/natsemi/sonic.c -@@ -221,9 +221,9 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) - - laddr = dma_map_single(lp->device, skb->data, length, DMA_TO_DEVICE); - if (!laddr) { -- printk(KERN_ERR "%s: failed to map tx DMA buffer.\n", dev->name); -- dev_kfree_skb(skb); -- return NETDEV_TX_BUSY; -+ pr_err_ratelimited("%s: failed to map tx DMA buffer.\n", dev->name); -+ dev_kfree_skb_any(skb); -+ return NETDEV_TX_OK; - } - - sonic_tda_put(dev, entry, SONIC_TD_STATUS, 0); /* clear status */ -diff --git a/drivers/net/ethernet/pasemi/pasemi_mac.c b/drivers/net/ethernet/pasemi/pasemi_mac.c -index 49591d9c2e1b..c9b4ac9d3330 100644 ---- a/drivers/net/ethernet/pasemi/pasemi_mac.c -+++ b/drivers/net/ethernet/pasemi/pasemi_mac.c -@@ -1053,7 +1053,6 @@ static int pasemi_mac_phy_init(struct net_device *dev) - - dn = pci_device_to_OF_node(mac->pdev); - phy_dn = of_parse_phandle(dn, "phy-handle", 0); -- of_node_put(phy_dn); - - mac->link = 0; - mac->speed = 0; -@@ -1062,6 +1061,7 @@ static int pasemi_mac_phy_init(struct net_device *dev) - phydev = of_phy_connect(dev, phy_dn, &pasemi_adjust_link, 0, - PHY_INTERFACE_MODE_SGMII); - -+ of_node_put(phy_dn); - if (!phydev) { - printk(KERN_ERR "%s: Could not attach to phy\n", dev->name); - return -ENODEV; -diff --git a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c -index bb09f5a9846f..38d0f62bf037 100644 ---- a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c -+++ b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c -@@ -509,7 +509,8 @@ int qed_iwarp_destroy_qp(struct qed_hwfn *p_hwfn, struct qed_rdma_qp *qp) - - /* Make sure ep is closed before returning and freeing memory. */ - if (ep) { -- while (ep->state != QED_IWARP_EP_CLOSED && wait_count++ < 200) -+ while (READ_ONCE(ep->state) != QED_IWARP_EP_CLOSED && -+ wait_count++ < 200) - msleep(100); - - if (ep->state != QED_IWARP_EP_CLOSED) -@@ -991,8 +992,6 @@ qed_iwarp_mpa_complete(struct qed_hwfn *p_hwfn, - - params.ep_context = ep; - -- ep->state = QED_IWARP_EP_CLOSED; -- - switch (fw_return_code) { - case RDMA_RETURN_OK: - ep->qp->max_rd_atomic_req = ep->cm_info.ord; -@@ -1052,6 +1051,10 @@ qed_iwarp_mpa_complete(struct qed_hwfn *p_hwfn, - break; - } - -+ if (fw_return_code != RDMA_RETURN_OK) -+ /* paired with READ_ONCE in destroy_qp */ -+ smp_store_release(&ep->state, QED_IWARP_EP_CLOSED); -+ - ep->event_cb(ep->cb_context, ¶ms); - - /* on passive side, if there is no associated QP (REJECT) we need to -@@ -2069,7 +2072,9 @@ void qed_iwarp_qp_in_error(struct qed_hwfn *p_hwfn, - params.status = (fw_return_code == IWARP_QP_IN_ERROR_GOOD_CLOSE) ? - 0 : -ECONNRESET; - -- ep->state = QED_IWARP_EP_CLOSED; -+ /* paired with READ_ONCE in destroy_qp */ -+ smp_store_release(&ep->state, QED_IWARP_EP_CLOSED); -+ - spin_lock_bh(&p_hwfn->p_rdma_info->iwarp.iw_lock); - list_del(&ep->list_entry); - spin_unlock_bh(&p_hwfn->p_rdma_info->iwarp.iw_lock); -@@ -2157,7 +2162,8 @@ qed_iwarp_tcp_connect_unsuccessful(struct qed_hwfn *p_hwfn, - params.event = QED_IWARP_EVENT_ACTIVE_COMPLETE; - params.ep_context = ep; - params.cm_info = &ep->cm_info; -- ep->state = QED_IWARP_EP_CLOSED; -+ /* paired with READ_ONCE in destroy_qp */ -+ smp_store_release(&ep->state, QED_IWARP_EP_CLOSED); - - switch (fw_return_code) { - case IWARP_CONN_ERROR_TCP_CONNECT_INVALID_PACKET: -diff --git a/drivers/net/ethernet/qlogic/qed/qed_l2.c b/drivers/net/ethernet/qlogic/qed/qed_l2.c -index 62cde3854a5c..5d7adedac68d 100644 ---- a/drivers/net/ethernet/qlogic/qed/qed_l2.c -+++ b/drivers/net/ethernet/qlogic/qed/qed_l2.c -@@ -1629,10 +1629,9 @@ static void __qed_get_vport_pstats_addrlen(struct qed_hwfn *p_hwfn, - } - } - --static void __qed_get_vport_pstats(struct qed_hwfn *p_hwfn, -- struct qed_ptt *p_ptt, -- struct qed_eth_stats *p_stats, -- u16 statistics_bin) -+static noinline_for_stack void -+__qed_get_vport_pstats(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt, -+ struct qed_eth_stats *p_stats, u16 statistics_bin) - { - struct eth_pstorm_per_queue_stat pstats; - u32 pstats_addr = 0, pstats_len = 0; -@@ -1659,10 +1658,9 @@ static void __qed_get_vport_pstats(struct qed_hwfn *p_hwfn, - HILO_64_REGPAIR(pstats.error_drop_pkts); - } - --static void __qed_get_vport_tstats(struct qed_hwfn *p_hwfn, -- struct qed_ptt *p_ptt, -- struct qed_eth_stats *p_stats, -- u16 statistics_bin) -+static noinline_for_stack void -+__qed_get_vport_tstats(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt, -+ struct qed_eth_stats *p_stats, u16 statistics_bin) - { - struct tstorm_per_port_stat tstats; - u32 tstats_addr, tstats_len; -@@ -1705,10 +1703,9 @@ static void __qed_get_vport_ustats_addrlen(struct qed_hwfn *p_hwfn, - } - } - --static void __qed_get_vport_ustats(struct qed_hwfn *p_hwfn, -- struct qed_ptt *p_ptt, -- struct qed_eth_stats *p_stats, -- u16 statistics_bin) -+static noinline_for_stack -+void __qed_get_vport_ustats(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt, -+ struct qed_eth_stats *p_stats, u16 statistics_bin) - { - struct eth_ustorm_per_queue_stat ustats; - u32 ustats_addr = 0, ustats_len = 0; -@@ -1747,10 +1744,9 @@ static void __qed_get_vport_mstats_addrlen(struct qed_hwfn *p_hwfn, - } - } - --static void __qed_get_vport_mstats(struct qed_hwfn *p_hwfn, -- struct qed_ptt *p_ptt, -- struct qed_eth_stats *p_stats, -- u16 statistics_bin) -+static noinline_for_stack void -+__qed_get_vport_mstats(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt, -+ struct qed_eth_stats *p_stats, u16 statistics_bin) - { - struct eth_mstorm_per_queue_stat mstats; - u32 mstats_addr = 0, mstats_len = 0; -@@ -1776,9 +1772,9 @@ static void __qed_get_vport_mstats(struct qed_hwfn *p_hwfn, - HILO_64_REGPAIR(mstats.tpa_coalesced_bytes); - } - --static void __qed_get_vport_port_stats(struct qed_hwfn *p_hwfn, -- struct qed_ptt *p_ptt, -- struct qed_eth_stats *p_stats) -+static noinline_for_stack void -+__qed_get_vport_port_stats(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt, -+ struct qed_eth_stats *p_stats) - { - struct qed_eth_stats_common *p_common = &p_stats->common; - struct port_stats port_stats; -diff --git a/drivers/net/ethernet/qualcomm/qca_spi.c b/drivers/net/ethernet/qualcomm/qca_spi.c -index 275fc6f154a7..1c87178fc485 100644 ---- a/drivers/net/ethernet/qualcomm/qca_spi.c -+++ b/drivers/net/ethernet/qualcomm/qca_spi.c -@@ -475,7 +475,6 @@ qcaspi_qca7k_sync(struct qcaspi *qca, int event) - u16 signature = 0; - u16 spi_config; - u16 wrbuf_space = 0; -- static u16 reset_count; - - if (event == QCASPI_EVENT_CPUON) { - /* Read signature twice, if not valid -@@ -528,13 +527,13 @@ qcaspi_qca7k_sync(struct qcaspi *qca, int event) - - qca->sync = QCASPI_SYNC_RESET; - qca->stats.trig_reset++; -- reset_count = 0; -+ qca->reset_count = 0; - break; - case QCASPI_SYNC_RESET: -- reset_count++; -+ qca->reset_count++; - netdev_dbg(qca->net_dev, "sync: waiting for CPU on, count %u.\n", -- reset_count); -- if (reset_count >= QCASPI_RESET_TIMEOUT) { -+ qca->reset_count); -+ if (qca->reset_count >= QCASPI_RESET_TIMEOUT) { - /* reset did not seem to take place, try again */ - qca->sync = QCASPI_SYNC_UNKNOWN; - qca->stats.reset_timeout++; -diff --git a/drivers/net/ethernet/qualcomm/qca_spi.h b/drivers/net/ethernet/qualcomm/qca_spi.h -index fc0e98726b36..719c41227f22 100644 ---- a/drivers/net/ethernet/qualcomm/qca_spi.h -+++ b/drivers/net/ethernet/qualcomm/qca_spi.h -@@ -92,6 +92,7 @@ struct qcaspi { - - unsigned int intr_req; - unsigned int intr_svc; -+ u16 reset_count; - - #ifdef CONFIG_DEBUG_FS - struct dentry *device_root; -diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c -index 9b1906a65e11..25f3b2ad26e9 100644 ---- a/drivers/net/ethernet/renesas/sh_eth.c -+++ b/drivers/net/ethernet/renesas/sh_eth.c -@@ -3046,12 +3046,16 @@ static struct sh_eth_plat_data *sh_eth_parse_dt(struct device *dev) - struct device_node *np = dev->of_node; - struct sh_eth_plat_data *pdata; - const char *mac_addr; -+ int ret; - - pdata = devm_kzalloc(dev, sizeof(*pdata), GFP_KERNEL); - if (!pdata) - return NULL; - -- pdata->phy_interface = of_get_phy_mode(np); -+ ret = of_get_phy_mode(np); -+ if (ret < 0) -+ return NULL; -+ pdata->phy_interface = ret; - - mac_addr = of_get_mac_address(np); - if (mac_addr) -diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c -index 866444b6c82f..11a4a81b0397 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c -+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c -@@ -203,7 +203,7 @@ static int ipq806x_gmac_of_parse(struct ipq806x_gmac *gmac) - struct device *dev = &gmac->pdev->dev; - - gmac->phy_mode = of_get_phy_mode(dev->of_node); -- if (gmac->phy_mode < 0) { -+ if ((int)gmac->phy_mode < 0) { - dev_err(dev, "missing phy mode property\n"); - return -EINVAL; - } -diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c -index 8be4b32544ef..d71d3c1c85ee 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c -+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c -@@ -285,7 +285,7 @@ static int meson8b_dwmac_probe(struct platform_device *pdev) - - dwmac->pdev = pdev; - dwmac->phy_mode = of_get_phy_mode(pdev->dev.of_node); -- if (dwmac->phy_mode < 0) { -+ if ((int)dwmac->phy_mode < 0) { - dev_err(&pdev->dev, "missing phy-mode property\n"); - ret = -EINVAL; - goto err_remove_config_dt; -diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c -index 8445af580cb6..e5566c121525 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c -+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c -@@ -438,7 +438,7 @@ static void dwmac4_set_filter(struct mac_device_info *hw, - } - - /* Handle multiple unicast addresses */ -- if (netdev_uc_count(dev) > GMAC_MAX_PERFECT_ADDRESSES) { -+ if (netdev_uc_count(dev) > hw->unicast_filter_entries) { - /* Switch to promiscuous mode if more than 128 addrs - * are required - */ -diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c -index e471a903c654..1c1d6a942822 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c -+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c -@@ -154,7 +154,7 @@ static int stmmac_enable(struct ptp_clock_info *ptp, - /* structure describing a PTP hardware clock */ - static const struct ptp_clock_info stmmac_ptp_clock_ops = { - .owner = THIS_MODULE, -- .name = "stmmac_ptp_clock", -+ .name = "stmmac ptp", - .max_adj = 62500000, - .n_alarm = 0, - .n_ext_ts = 0, -diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c -index 9ccd08a051f6..1152d74433f6 100644 ---- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c -+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c -@@ -1574,7 +1574,7 @@ static int axienet_probe(struct platform_device *pdev) - } - } else { - lp->phy_mode = of_get_phy_mode(pdev->dev.of_node); -- if (lp->phy_mode < 0) { -+ if ((int)lp->phy_mode < 0) { - ret = -EINVAL; - goto free_netdev; - } -diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c -index a89de5752a8c..14451e14d99d 100644 ---- a/drivers/net/hyperv/netvsc_drv.c -+++ b/drivers/net/hyperv/netvsc_drv.c -@@ -282,9 +282,9 @@ static inline u32 netvsc_get_hash( - else if (flow.basic.n_proto == htons(ETH_P_IPV6)) - hash = jhash2((u32 *)&flow.addrs.v6addrs, 8, hashrnd); - else -- hash = 0; -+ return 0; - -- skb_set_hash(skb, hash, PKT_HASH_TYPE_L3); -+ __skb_set_sw_hash(skb, hash, false); - } - - return hash; -@@ -802,8 +802,7 @@ static struct sk_buff *netvsc_alloc_recv_skb(struct net_device *net, - skb->protocol == htons(ETH_P_IP)) - netvsc_comp_ipcsum(skb); - -- /* Do L4 checksum offload if enabled and present. -- */ -+ /* Do L4 checksum offload if enabled and present. */ - if (csum_info && (net->features & NETIF_F_RXCSUM)) { - if (csum_info->receive.tcp_checksum_succeeded || - csum_info->receive.udp_checksum_succeeded) -@@ -1840,6 +1839,12 @@ static rx_handler_result_t netvsc_vf_handle_frame(struct sk_buff **pskb) - struct netvsc_vf_pcpu_stats *pcpu_stats - = this_cpu_ptr(ndev_ctx->vf_stats); - -+ skb = skb_share_check(skb, GFP_ATOMIC); -+ if (unlikely(!skb)) -+ return RX_HANDLER_CONSUMED; -+ -+ *pskb = skb; -+ - skb->dev = ndev; - - u64_stats_update_begin(&pcpu_stats->syncp); -diff --git a/drivers/net/phy/fixed_phy.c b/drivers/net/phy/fixed_phy.c -index eb5167210681..3ab2eb677a59 100644 ---- a/drivers/net/phy/fixed_phy.c -+++ b/drivers/net/phy/fixed_phy.c -@@ -67,11 +67,11 @@ static int fixed_mdio_read(struct mii_bus *bus, int phy_addr, int reg_num) - do { - s = read_seqcount_begin(&fp->seqcount); - /* Issue callback if user registered it. */ -- if (fp->link_update) { -+ if (fp->link_update) - fp->link_update(fp->phydev->attached_dev, - &fp->status); -- fixed_phy_update(fp); -- } -+ /* Check the GPIO for change in status */ -+ fixed_phy_update(fp); - state = fp->status; - } while (read_seqcount_retry(&fp->seqcount, s)); - -diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c -index a98c227a4c2e..99dae55cd334 100644 ---- a/drivers/net/phy/phy_device.c -+++ b/drivers/net/phy/phy_device.c -@@ -76,7 +76,7 @@ static LIST_HEAD(phy_fixup_list); - static DEFINE_MUTEX(phy_fixup_lock); - - #ifdef CONFIG_PM --static bool mdio_bus_phy_may_suspend(struct phy_device *phydev) -+static bool mdio_bus_phy_may_suspend(struct phy_device *phydev, bool suspend) - { - struct device_driver *drv = phydev->mdio.dev.driver; - struct phy_driver *phydrv = to_phy_driver(drv); -@@ -88,10 +88,11 @@ static bool mdio_bus_phy_may_suspend(struct phy_device *phydev) - /* PHY not attached? May suspend if the PHY has not already been - * suspended as part of a prior call to phy_disconnect() -> - * phy_detach() -> phy_suspend() because the parent netdev might be the -- * MDIO bus driver and clock gated at this point. -+ * MDIO bus driver and clock gated at this point. Also may resume if -+ * PHY is not attached. - */ - if (!netdev) -- return !phydev->suspended; -+ return suspend ? !phydev->suspended : phydev->suspended; - - /* Don't suspend PHY if the attached netdev parent may wakeup. - * The parent may point to a PCI device, as in tg3 driver. -@@ -121,7 +122,7 @@ static int mdio_bus_phy_suspend(struct device *dev) - if (phydev->attached_dev && phydev->adjust_link) - phy_stop_machine(phydev); - -- if (!mdio_bus_phy_may_suspend(phydev)) -+ if (!mdio_bus_phy_may_suspend(phydev, true)) - return 0; - - return phy_suspend(phydev); -@@ -132,7 +133,7 @@ static int mdio_bus_phy_resume(struct device *dev) - struct phy_device *phydev = to_phy_device(dev); - int ret; - -- if (!mdio_bus_phy_may_suspend(phydev)) -+ if (!mdio_bus_phy_may_suspend(phydev, false)) - goto no_resume; - - ret = phy_resume(phydev); -diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 5aa7d5091f4d..4d97a7b5fe3c 100644 ---- a/drivers/net/vxlan.c -+++ b/drivers/net/vxlan.c -@@ -3494,7 +3494,6 @@ static int vxlan_changelink(struct net_device *dev, struct nlattr *tb[], - struct vxlan_rdst *dst = &vxlan->default_dst; - struct vxlan_rdst old_dst; - struct vxlan_config conf; -- struct vxlan_fdb *f = NULL; - int err; - - err = vxlan_nl2conf(tb, data, -@@ -3520,19 +3519,19 @@ static int vxlan_changelink(struct net_device *dev, struct nlattr *tb[], - old_dst.remote_ifindex, 0); - - if (!vxlan_addr_any(&dst->remote_ip)) { -- err = vxlan_fdb_create(vxlan, all_zeros_mac, -+ err = vxlan_fdb_update(vxlan, all_zeros_mac, - &dst->remote_ip, - NUD_REACHABLE | NUD_PERMANENT, -+ NLM_F_APPEND | NLM_F_CREATE, - vxlan->cfg.dst_port, - dst->remote_vni, - dst->remote_vni, - dst->remote_ifindex, -- NTF_SELF, &f); -+ NTF_SELF); - if (err) { - spin_unlock_bh(&vxlan->hash_lock); - return err; - } -- vxlan_fdb_notify(vxlan, f, first_remote_rtnl(f), RTM_NEWNEIGH); - } - spin_unlock_bh(&vxlan->hash_lock); - } -diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c -index 0a1248ebccf5..f49b21b137c1 100644 ---- a/drivers/net/wireless/ath/ath10k/sdio.c -+++ b/drivers/net/wireless/ath/ath10k/sdio.c -@@ -392,16 +392,11 @@ static int ath10k_sdio_mbox_rx_process_packet(struct ath10k *ar, - struct ath10k_htc_hdr *htc_hdr = (struct ath10k_htc_hdr *)skb->data; - bool trailer_present = htc_hdr->flags & ATH10K_HTC_FLAG_TRAILER_PRESENT; - enum ath10k_htc_ep_id eid; -- u16 payload_len; - u8 *trailer; - int ret; - -- payload_len = le16_to_cpu(htc_hdr->len); -- skb->len = payload_len + sizeof(struct ath10k_htc_hdr); -- - if (trailer_present) { -- trailer = skb->data + sizeof(*htc_hdr) + -- payload_len - htc_hdr->trailer_len; -+ trailer = skb->data + skb->len - htc_hdr->trailer_len; - - eid = pipe_id_to_eid(htc_hdr->eid); - -@@ -635,13 +630,31 @@ static int ath10k_sdio_mbox_rx_packet(struct ath10k *ar, - { - struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar); - struct sk_buff *skb = pkt->skb; -+ struct ath10k_htc_hdr *htc_hdr; - int ret; - - ret = ath10k_sdio_readsb(ar, ar_sdio->mbox_info.htc_addr, - skb->data, pkt->alloc_len); -+ if (ret) -+ goto out; -+ -+ /* Update actual length. The original length may be incorrect, -+ * as the FW will bundle multiple packets as long as their sizes -+ * fit within the same aligned length (pkt->alloc_len). -+ */ -+ htc_hdr = (struct ath10k_htc_hdr *)skb->data; -+ pkt->act_len = le16_to_cpu(htc_hdr->len) + sizeof(*htc_hdr); -+ if (pkt->act_len > pkt->alloc_len) { -+ ath10k_warn(ar, "rx packet too large (%zu > %zu)\n", -+ pkt->act_len, pkt->alloc_len); -+ ret = -EMSGSIZE; -+ goto out; -+ } -+ -+ skb_put(skb, pkt->act_len); -+ -+out: - pkt->status = ret; -- if (!ret) -- skb_put(skb, pkt->act_len); - - return ret; - } -diff --git a/drivers/net/wireless/ath/ath9k/dynack.c b/drivers/net/wireless/ath/ath9k/dynack.c -index 6e236a485431..71b4888b30e7 100644 ---- a/drivers/net/wireless/ath/ath9k/dynack.c -+++ b/drivers/net/wireless/ath/ath9k/dynack.c -@@ -300,9 +300,9 @@ void ath_dynack_node_init(struct ath_hw *ah, struct ath_node *an) - - an->ackto = ackto; - -- spin_lock(&da->qlock); -+ spin_lock_bh(&da->qlock); - list_add_tail(&an->list, &da->nodes); -- spin_unlock(&da->qlock); -+ spin_unlock_bh(&da->qlock); - } - EXPORT_SYMBOL(ath_dynack_node_init); - -@@ -316,9 +316,9 @@ void ath_dynack_node_deinit(struct ath_hw *ah, struct ath_node *an) - { - struct ath_dynack *da = &ah->dynack; - -- spin_lock(&da->qlock); -+ spin_lock_bh(&da->qlock); - list_del(&an->list); -- spin_unlock(&da->qlock); -+ spin_unlock_bh(&da->qlock); - } - EXPORT_SYMBOL(ath_dynack_node_deinit); - -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c -index 78228f870f8f..754dcc1c1f40 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c -@@ -107,12 +107,12 @@ static int iwl_send_rss_cfg_cmd(struct iwl_mvm *mvm) - int i; - struct iwl_rss_config_cmd cmd = { - .flags = cpu_to_le32(IWL_RSS_ENABLE), -- .hash_mask = IWL_RSS_HASH_TYPE_IPV4_TCP | -- IWL_RSS_HASH_TYPE_IPV4_UDP | -- IWL_RSS_HASH_TYPE_IPV4_PAYLOAD | -- IWL_RSS_HASH_TYPE_IPV6_TCP | -- IWL_RSS_HASH_TYPE_IPV6_UDP | -- IWL_RSS_HASH_TYPE_IPV6_PAYLOAD, -+ .hash_mask = BIT(IWL_RSS_HASH_TYPE_IPV4_TCP) | -+ BIT(IWL_RSS_HASH_TYPE_IPV4_UDP) | -+ BIT(IWL_RSS_HASH_TYPE_IPV4_PAYLOAD) | -+ BIT(IWL_RSS_HASH_TYPE_IPV6_TCP) | -+ BIT(IWL_RSS_HASH_TYPE_IPV6_UDP) | -+ BIT(IWL_RSS_HASH_TYPE_IPV6_PAYLOAD), - }; - - if (mvm->trans->num_rx_queues == 1) -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c -index 7fb8bbaf2142..1a12e829e98b 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c -@@ -871,12 +871,12 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *mvm, struct napi_struct *napi, - bool toggle_bit = phy_info & IWL_RX_MPDU_PHY_AMPDU_TOGGLE; - - rx_status->flag |= RX_FLAG_AMPDU_DETAILS; -- rx_status->ampdu_reference = mvm->ampdu_ref; - /* toggle is switched whenever new aggregation starts */ - if (toggle_bit != mvm->ampdu_toggle) { - mvm->ampdu_ref++; - mvm->ampdu_toggle = toggle_bit; - } -+ rx_status->ampdu_reference = mvm->ampdu_ref; - } - - rcu_read_lock(); -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -index 0cfdbaa2af3a..684c0f65a052 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -@@ -2417,7 +2417,7 @@ int iwl_mvm_sta_tx_agg_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, - struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); - struct iwl_mvm_tid_data *tid_data; - u16 normalized_ssn; -- int txq_id; -+ u16 txq_id; - int ret; - - if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT)) -@@ -2452,17 +2452,24 @@ int iwl_mvm_sta_tx_agg_start(struct iwl_mvm *mvm, struct ieee80211_vif *vif, - */ - txq_id = mvmsta->tid_data[tid].txq_id; - if (txq_id == IWL_MVM_INVALID_QUEUE) { -- txq_id = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, -- IWL_MVM_DQA_MIN_DATA_QUEUE, -- IWL_MVM_DQA_MAX_DATA_QUEUE); -- if (txq_id < 0) { -- ret = txq_id; -+ ret = iwl_mvm_find_free_queue(mvm, mvmsta->sta_id, -+ IWL_MVM_DQA_MIN_DATA_QUEUE, -+ IWL_MVM_DQA_MAX_DATA_QUEUE); -+ if (ret < 0) { - IWL_ERR(mvm, "Failed to allocate agg queue\n"); - goto release_locks; - } - -+ txq_id = ret; -+ - /* TXQ hasn't yet been enabled, so mark it only as reserved */ - mvm->queue_info[txq_id].status = IWL_MVM_QUEUE_RESERVED; -+ } else if (WARN_ON(txq_id >= IWL_MAX_HW_QUEUES)) { -+ ret = -ENXIO; -+ IWL_ERR(mvm, "tid_id %d out of range (0, %d)!\n", -+ tid, IWL_MAX_HW_QUEUES - 1); -+ goto out; -+ - } else if (unlikely(mvm->queue_info[txq_id].status == - IWL_MVM_QUEUE_SHARED)) { - ret = -ENXIO; -diff --git a/drivers/net/wireless/marvell/libertas_tf/cmd.c b/drivers/net/wireless/marvell/libertas_tf/cmd.c -index 909ac3685010..2b193f1257a5 100644 ---- a/drivers/net/wireless/marvell/libertas_tf/cmd.c -+++ b/drivers/net/wireless/marvell/libertas_tf/cmd.c -@@ -69,7 +69,7 @@ static void lbtf_geo_init(struct lbtf_private *priv) - break; - } - -- for (ch = priv->range.start; ch < priv->range.end; ch++) -+ for (ch = range->start; ch < range->end; ch++) - priv->channels[CHAN_TO_IDX(ch)].flags = 0; - } - -diff --git a/drivers/net/wireless/mediatek/mt7601u/phy.c b/drivers/net/wireless/mediatek/mt7601u/phy.c -index ca09a5d4305e..71a47459bf8a 100644 ---- a/drivers/net/wireless/mediatek/mt7601u/phy.c -+++ b/drivers/net/wireless/mediatek/mt7601u/phy.c -@@ -221,7 +221,7 @@ int mt7601u_wait_bbp_ready(struct mt7601u_dev *dev) - - do { - val = mt7601u_bbp_rr(dev, MT_BBP_REG_VERSION); -- if (val && ~val) -+ if (val && val != 0xff) - break; - } while (--i); - -diff --git a/drivers/ntb/hw/idt/ntb_hw_idt.c b/drivers/ntb/hw/idt/ntb_hw_idt.c -index d44d7ef38fe8..b68e2cad74cc 100644 ---- a/drivers/ntb/hw/idt/ntb_hw_idt.c -+++ b/drivers/ntb/hw/idt/ntb_hw_idt.c -@@ -1105,9 +1105,9 @@ static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port, - } - - /* Allocate memory for memory window descriptors */ -- ret_mws = devm_kcalloc(&ndev->ntb.pdev->dev, *mw_cnt, -- sizeof(*ret_mws), GFP_KERNEL); -- if (IS_ERR_OR_NULL(ret_mws)) -+ ret_mws = devm_kcalloc(&ndev->ntb.pdev->dev, *mw_cnt, sizeof(*ret_mws), -+ GFP_KERNEL); -+ if (!ret_mws) - return ERR_PTR(-ENOMEM); - - /* Copy the info of detected memory windows */ -@@ -2393,7 +2393,7 @@ static struct idt_ntb_dev *idt_create_dev(struct pci_dev *pdev, - - /* Allocate memory for the IDT PCIe-device descriptor */ - ndev = devm_kzalloc(&pdev->dev, sizeof(*ndev), GFP_KERNEL); -- if (IS_ERR_OR_NULL(ndev)) { -+ if (!ndev) { - dev_err(&pdev->dev, "Memory allocation failed for descriptor"); - return ERR_PTR(-ENOMEM); - } -diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c -index cd11cced3678..3788c053a0b1 100644 ---- a/drivers/nvme/host/pci.c -+++ b/drivers/nvme/host/pci.c -@@ -2274,7 +2274,7 @@ static int nvme_pci_reg_write32(struct nvme_ctrl *ctrl, u32 off, u32 val) - - static int nvme_pci_reg_read64(struct nvme_ctrl *ctrl, u32 off, u64 *val) - { -- *val = readq(to_nvme_dev(ctrl)->bar + off); -+ *val = lo_hi_readq(to_nvme_dev(ctrl)->bar + off); - return 0; - } - -diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c -index 193ca8fd350a..0c8c3b9bb6a7 100644 ---- a/drivers/nvmem/imx-ocotp.c -+++ b/drivers/nvmem/imx-ocotp.c -@@ -199,7 +199,8 @@ static int imx_ocotp_write(void *context, unsigned int offset, void *val, - strobe_prog = clk_rate / (1000000000 / 10000) + 2 * (DEF_RELAX + 1) - 1; - strobe_read = clk_rate / (1000000000 / 40) + 2 * (DEF_RELAX + 1) - 1; - -- timing = strobe_prog & 0x00000FFF; -+ timing = readl(priv->base + IMX_OCOTP_ADDR_TIMING) & 0x0FC00000; -+ timing |= strobe_prog & 0x00000FFF; - timing |= (relax << 12) & 0x0000F000; - timing |= (strobe_read << 16) & 0x003F0000; - -diff --git a/drivers/of/of_mdio.c b/drivers/of/of_mdio.c -index 8c1819230ed2..fe26697d3bd7 100644 ---- a/drivers/of/of_mdio.c -+++ b/drivers/of/of_mdio.c -@@ -358,7 +358,7 @@ struct phy_device *of_phy_get_and_connect(struct net_device *dev, - struct phy_device *phy; - - iface = of_get_phy_mode(np); -- if (iface < 0) -+ if ((int)iface < 0) - return NULL; - - phy_np = of_parse_phandle(np, "phy-handle", 0); -diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c -index f9308c2f22e6..c2541a772abc 100644 ---- a/drivers/pci/endpoint/functions/pci-epf-test.c -+++ b/drivers/pci/endpoint/functions/pci-epf-test.c -@@ -177,7 +177,7 @@ static int pci_epf_test_read(struct pci_epf_test *epf_test) - goto err_map_addr; - } - -- memcpy(buf, src_addr, reg->size); -+ memcpy_fromio(buf, src_addr, reg->size); - - crc32 = crc32_le(~0, buf, reg->size); - if (crc32 != reg->checksum) -@@ -231,7 +231,7 @@ static int pci_epf_test_write(struct pci_epf_test *epf_test) - get_random_bytes(buf, reg->size); - reg->checksum = crc32_le(~0, buf, reg->size); - -- memcpy(dst_addr, buf, reg->size); -+ memcpy_toio(dst_addr, buf, reg->size); - - /* - * wait 1ms inorder for the write to complete. Without this delay L3 -diff --git a/drivers/pci/host/pcie-iproc.c b/drivers/pci/host/pcie-iproc.c -index c0ecc9f35667..8f8dac0155d6 100644 ---- a/drivers/pci/host/pcie-iproc.c -+++ b/drivers/pci/host/pcie-iproc.c -@@ -573,14 +573,6 @@ static void __iomem *iproc_pcie_map_cfg_bus(struct iproc_pcie *pcie, - return (pcie->base + offset); - } - -- /* -- * PAXC is connected to an internally emulated EP within the SoC. It -- * allows only one device. -- */ -- if (pcie->ep_is_internal) -- if (slot > 0) -- return NULL; -- - return iproc_pcie_map_ep_cfg_reg(pcie, busno, slot, fn, where); - } - -diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c -index 0941555b84a5..73dba2739849 100644 ---- a/drivers/pci/switch/switchtec.c -+++ b/drivers/pci/switch/switchtec.c -@@ -399,10 +399,6 @@ static void mrpc_cmd_submit(struct switchtec_dev *stdev) - stuser->data, stuser->data_len); - iowrite32(stuser->cmd, &stdev->mmio_mrpc->cmd); - -- stuser->status = ioread32(&stdev->mmio_mrpc->status); -- if (stuser->status != SWITCHTEC_MRPC_STATUS_INPROGRESS) -- mrpc_complete_cmd(stdev); -- - schedule_delayed_work(&stdev->mrpc_timeout, - msecs_to_jiffies(500)); - } -diff --git a/drivers/pinctrl/bcm/pinctrl-iproc-gpio.c b/drivers/pinctrl/bcm/pinctrl-iproc-gpio.c -index 85a8c97d9dfe..5fe419e468ec 100644 ---- a/drivers/pinctrl/bcm/pinctrl-iproc-gpio.c -+++ b/drivers/pinctrl/bcm/pinctrl-iproc-gpio.c -@@ -54,8 +54,12 @@ - /* drive strength control for ASIU GPIO */ - #define IPROC_GPIO_ASIU_DRV0_CTRL_OFFSET 0x58 - --/* drive strength control for CCM/CRMU (AON) GPIO */ --#define IPROC_GPIO_DRV0_CTRL_OFFSET 0x00 -+/* pinconf for CCM GPIO */ -+#define IPROC_GPIO_PULL_DN_OFFSET 0x10 -+#define IPROC_GPIO_PULL_UP_OFFSET 0x14 -+ -+/* pinconf for CRMU(aon) GPIO and CCM GPIO*/ -+#define IPROC_GPIO_DRV_CTRL_OFFSET 0x00 - - #define GPIO_BANK_SIZE 0x200 - #define NGPIOS_PER_BANK 32 -@@ -76,6 +80,12 @@ enum iproc_pinconf_param { - IPROC_PINCON_MAX, - }; - -+enum iproc_pinconf_ctrl_type { -+ IOCTRL_TYPE_AON = 1, -+ IOCTRL_TYPE_CDRU, -+ IOCTRL_TYPE_INVALID, -+}; -+ - /* - * Iproc GPIO core - * -@@ -100,6 +110,7 @@ struct iproc_gpio { - - void __iomem *base; - void __iomem *io_ctrl; -+ enum iproc_pinconf_ctrl_type io_ctrl_type; - - raw_spinlock_t lock; - -@@ -461,20 +472,44 @@ static const struct pinctrl_ops iproc_pctrl_ops = { - static int iproc_gpio_set_pull(struct iproc_gpio *chip, unsigned gpio, - bool disable, bool pull_up) - { -+ void __iomem *base; - unsigned long flags; -+ unsigned int shift; -+ u32 val_1, val_2; - - raw_spin_lock_irqsave(&chip->lock, flags); -- -- if (disable) { -- iproc_set_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio, false); -+ if (chip->io_ctrl_type == IOCTRL_TYPE_CDRU) { -+ base = chip->io_ctrl; -+ shift = IPROC_GPIO_SHIFT(gpio); -+ -+ val_1 = readl(base + IPROC_GPIO_PULL_UP_OFFSET); -+ val_2 = readl(base + IPROC_GPIO_PULL_DN_OFFSET); -+ if (disable) { -+ /* no pull-up or pull-down */ -+ val_1 &= ~BIT(shift); -+ val_2 &= ~BIT(shift); -+ } else if (pull_up) { -+ val_1 |= BIT(shift); -+ val_2 &= ~BIT(shift); -+ } else { -+ val_1 &= ~BIT(shift); -+ val_2 |= BIT(shift); -+ } -+ writel(val_1, base + IPROC_GPIO_PULL_UP_OFFSET); -+ writel(val_2, base + IPROC_GPIO_PULL_DN_OFFSET); - } else { -- iproc_set_bit(chip, IPROC_GPIO_PAD_RES_OFFSET, gpio, -- pull_up); -- iproc_set_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio, true); -+ if (disable) { -+ iproc_set_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio, -+ false); -+ } else { -+ iproc_set_bit(chip, IPROC_GPIO_PAD_RES_OFFSET, gpio, -+ pull_up); -+ iproc_set_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio, -+ true); -+ } - } - - raw_spin_unlock_irqrestore(&chip->lock, flags); -- - dev_dbg(chip->dev, "gpio:%u set pullup:%d\n", gpio, pull_up); - - return 0; -@@ -483,14 +518,35 @@ static int iproc_gpio_set_pull(struct iproc_gpio *chip, unsigned gpio, - static void iproc_gpio_get_pull(struct iproc_gpio *chip, unsigned gpio, - bool *disable, bool *pull_up) - { -+ void __iomem *base; - unsigned long flags; -+ unsigned int shift; -+ u32 val_1, val_2; - - raw_spin_lock_irqsave(&chip->lock, flags); -- *disable = !iproc_get_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio); -- *pull_up = iproc_get_bit(chip, IPROC_GPIO_PAD_RES_OFFSET, gpio); -+ if (chip->io_ctrl_type == IOCTRL_TYPE_CDRU) { -+ base = chip->io_ctrl; -+ shift = IPROC_GPIO_SHIFT(gpio); -+ -+ val_1 = readl(base + IPROC_GPIO_PULL_UP_OFFSET) & BIT(shift); -+ val_2 = readl(base + IPROC_GPIO_PULL_DN_OFFSET) & BIT(shift); -+ -+ *pull_up = val_1 ? true : false; -+ *disable = (val_1 | val_2) ? false : true; -+ -+ } else { -+ *disable = !iproc_get_bit(chip, IPROC_GPIO_RES_EN_OFFSET, gpio); -+ *pull_up = iproc_get_bit(chip, IPROC_GPIO_PAD_RES_OFFSET, gpio); -+ } - raw_spin_unlock_irqrestore(&chip->lock, flags); - } - -+#define DRV_STRENGTH_OFFSET(gpio, bit, type) ((type) == IOCTRL_TYPE_AON ? \ -+ ((2 - (bit)) * 4 + IPROC_GPIO_DRV_CTRL_OFFSET) : \ -+ ((type) == IOCTRL_TYPE_CDRU) ? \ -+ ((bit) * 4 + IPROC_GPIO_DRV_CTRL_OFFSET) : \ -+ ((bit) * 4 + IPROC_GPIO_REG(gpio, IPROC_GPIO_ASIU_DRV0_CTRL_OFFSET))) -+ - static int iproc_gpio_set_strength(struct iproc_gpio *chip, unsigned gpio, - unsigned strength) - { -@@ -505,11 +561,8 @@ static int iproc_gpio_set_strength(struct iproc_gpio *chip, unsigned gpio, - - if (chip->io_ctrl) { - base = chip->io_ctrl; -- offset = IPROC_GPIO_DRV0_CTRL_OFFSET; - } else { - base = chip->base; -- offset = IPROC_GPIO_REG(gpio, -- IPROC_GPIO_ASIU_DRV0_CTRL_OFFSET); - } - - shift = IPROC_GPIO_SHIFT(gpio); -@@ -520,11 +573,11 @@ static int iproc_gpio_set_strength(struct iproc_gpio *chip, unsigned gpio, - raw_spin_lock_irqsave(&chip->lock, flags); - strength = (strength / 2) - 1; - for (i = 0; i < GPIO_DRV_STRENGTH_BITS; i++) { -+ offset = DRV_STRENGTH_OFFSET(gpio, i, chip->io_ctrl_type); - val = readl(base + offset); - val &= ~BIT(shift); - val |= ((strength >> i) & 0x1) << shift; - writel(val, base + offset); -- offset += 4; - } - raw_spin_unlock_irqrestore(&chip->lock, flags); - -@@ -541,11 +594,8 @@ static int iproc_gpio_get_strength(struct iproc_gpio *chip, unsigned gpio, - - if (chip->io_ctrl) { - base = chip->io_ctrl; -- offset = IPROC_GPIO_DRV0_CTRL_OFFSET; - } else { - base = chip->base; -- offset = IPROC_GPIO_REG(gpio, -- IPROC_GPIO_ASIU_DRV0_CTRL_OFFSET); - } - - shift = IPROC_GPIO_SHIFT(gpio); -@@ -553,10 +603,10 @@ static int iproc_gpio_get_strength(struct iproc_gpio *chip, unsigned gpio, - raw_spin_lock_irqsave(&chip->lock, flags); - *strength = 0; - for (i = 0; i < GPIO_DRV_STRENGTH_BITS; i++) { -+ offset = DRV_STRENGTH_OFFSET(gpio, i, chip->io_ctrl_type); - val = readl(base + offset) & BIT(shift); - val >>= shift; - *strength += (val << i); -- offset += 4; - } - - /* convert to mA */ -@@ -734,6 +784,7 @@ static int iproc_gpio_probe(struct platform_device *pdev) - u32 ngpios, pinconf_disable_mask = 0; - int irq, ret; - bool no_pinconf = false; -+ enum iproc_pinconf_ctrl_type io_ctrl_type = IOCTRL_TYPE_INVALID; - - /* NSP does not support drive strength config */ - if (of_device_is_compatible(dev->of_node, "brcm,iproc-nsp-gpio")) -@@ -764,8 +815,15 @@ static int iproc_gpio_probe(struct platform_device *pdev) - dev_err(dev, "unable to map I/O memory\n"); - return PTR_ERR(chip->io_ctrl); - } -+ if (of_device_is_compatible(dev->of_node, -+ "brcm,cygnus-ccm-gpio")) -+ io_ctrl_type = IOCTRL_TYPE_CDRU; -+ else -+ io_ctrl_type = IOCTRL_TYPE_AON; - } - -+ chip->io_ctrl_type = io_ctrl_type; -+ - if (of_property_read_u32(dev->of_node, "ngpios", &ngpios)) { - dev_err(&pdev->dev, "missing ngpios DT property\n"); - return -ENODEV; -diff --git a/drivers/pinctrl/sh-pfc/pfc-emev2.c b/drivers/pinctrl/sh-pfc/pfc-emev2.c -index 1cbbe04d7df6..eafd8edbcbe9 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-emev2.c -+++ b/drivers/pinctrl/sh-pfc/pfc-emev2.c -@@ -1263,6 +1263,14 @@ static const char * const dtv_groups[] = { - "dtv_b", - }; - -+static const char * const err_rst_reqb_groups[] = { -+ "err_rst_reqb", -+}; -+ -+static const char * const ext_clki_groups[] = { -+ "ext_clki", -+}; -+ - static const char * const iic0_groups[] = { - "iic0", - }; -@@ -1285,6 +1293,10 @@ static const char * const lcd_groups[] = { - "yuv3", - }; - -+static const char * const lowpwr_groups[] = { -+ "lowpwr", -+}; -+ - static const char * const ntsc_groups[] = { - "ntsc_clk", - "ntsc_data", -@@ -1298,6 +1310,10 @@ static const char * const pwm1_groups[] = { - "pwm1", - }; - -+static const char * const ref_clko_groups[] = { -+ "ref_clko", -+}; -+ - static const char * const sd_groups[] = { - "sd_cki", - }; -@@ -1391,13 +1407,17 @@ static const struct sh_pfc_function pinmux_functions[] = { - SH_PFC_FUNCTION(cam), - SH_PFC_FUNCTION(cf), - SH_PFC_FUNCTION(dtv), -+ SH_PFC_FUNCTION(err_rst_reqb), -+ SH_PFC_FUNCTION(ext_clki), - SH_PFC_FUNCTION(iic0), - SH_PFC_FUNCTION(iic1), - SH_PFC_FUNCTION(jtag), - SH_PFC_FUNCTION(lcd), -+ SH_PFC_FUNCTION(lowpwr), - SH_PFC_FUNCTION(ntsc), - SH_PFC_FUNCTION(pwm0), - SH_PFC_FUNCTION(pwm1), -+ SH_PFC_FUNCTION(ref_clko), - SH_PFC_FUNCTION(sd), - SH_PFC_FUNCTION(sdi0), - SH_PFC_FUNCTION(sdi1), -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a7740.c b/drivers/pinctrl/sh-pfc/pfc-r8a7740.c -index 35f436bcb849..e9739dbcb356 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a7740.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7740.c -@@ -1982,7 +1982,7 @@ static const unsigned int gether_gmii_pins[] = { - */ - 185, 186, 187, 188, 189, 190, 191, 192, 174, 161, 204, - 171, 170, 169, 168, 167, 166, 173, 172, 176, 184, 183, 203, -- 205, 163, 206, 207, -+ 205, 163, 206, 207, 158, - }; - static const unsigned int gether_gmii_mux[] = { - ET_ERXD0_MARK, ET_ERXD1_MARK, ET_ERXD2_MARK, ET_ERXD3_MARK, -@@ -2154,6 +2154,7 @@ static const unsigned int lcd0_data24_1_mux[] = { - LCD0_D0_MARK, LCD0_D1_MARK, LCD0_D2_MARK, LCD0_D3_MARK, - LCD0_D4_MARK, LCD0_D5_MARK, LCD0_D6_MARK, LCD0_D7_MARK, - LCD0_D8_MARK, LCD0_D9_MARK, LCD0_D10_MARK, LCD0_D11_MARK, -+ LCD0_D12_MARK, LCD0_D13_MARK, LCD0_D14_MARK, LCD0_D15_MARK, - LCD0_D16_MARK, LCD0_D17_MARK, LCD0_D18_PORT163_MARK, - LCD0_D19_PORT162_MARK, LCD0_D20_PORT161_MARK, LCD0_D21_PORT158_MARK, - LCD0_D22_PORT160_MARK, LCD0_D23_PORT159_MARK, -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a7791.c b/drivers/pinctrl/sh-pfc/pfc-r8a7791.c -index c01ef02d326b..e4774b220040 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a7791.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7791.c -@@ -3220,8 +3220,7 @@ static const unsigned int qspi_data4_b_pins[] = { - RCAR_GP_PIN(6, 4), - }; - static const unsigned int qspi_data4_b_mux[] = { -- SPCLK_B_MARK, MOSI_IO0_B_MARK, MISO_IO1_B_MARK, -- IO2_B_MARK, IO3_B_MARK, SSL_B_MARK, -+ MOSI_IO0_B_MARK, MISO_IO1_B_MARK, IO2_B_MARK, IO3_B_MARK, - }; - /* - SCIF0 ------------------------------------------------------------------ */ - static const unsigned int scif0_data_pins[] = { -@@ -4349,17 +4348,14 @@ static const unsigned int vin1_b_data18_pins[] = { - }; - static const unsigned int vin1_b_data18_mux[] = { - /* B */ -- VI1_DATA0_B_MARK, VI1_DATA1_B_MARK, - VI1_DATA2_B_MARK, VI1_DATA3_B_MARK, - VI1_DATA4_B_MARK, VI1_DATA5_B_MARK, - VI1_DATA6_B_MARK, VI1_DATA7_B_MARK, - /* G */ -- VI1_G0_B_MARK, VI1_G1_B_MARK, - VI1_G2_B_MARK, VI1_G3_B_MARK, - VI1_G4_B_MARK, VI1_G5_B_MARK, - VI1_G6_B_MARK, VI1_G7_B_MARK, - /* R */ -- VI1_R0_B_MARK, VI1_R1_B_MARK, - VI1_R2_B_MARK, VI1_R3_B_MARK, - VI1_R4_B_MARK, VI1_R5_B_MARK, - VI1_R6_B_MARK, VI1_R7_B_MARK, -@@ -5213,7 +5209,7 @@ static const char * const scifb2_groups[] = { - "scifb2_data_b", - "scifb2_clk_b", - "scifb2_ctrl_b", -- "scifb0_data_c", -+ "scifb2_data_c", - "scifb2_clk_c", - "scifb2_data_d", - }; -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a7792.c b/drivers/pinctrl/sh-pfc/pfc-r8a7792.c -index cc3597f66605..46c41ca6ea38 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a7792.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7792.c -@@ -1916,6 +1916,7 @@ static const char * const vin1_groups[] = { - "vin1_data8", - "vin1_data24_b", - "vin1_data20_b", -+ "vin1_data18_b", - "vin1_data16_b", - "vin1_sync", - "vin1_field", -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a7794.c b/drivers/pinctrl/sh-pfc/pfc-r8a7794.c -index a0ed220071f5..93bdd3e8fb67 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a7794.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7794.c -@@ -4742,7 +4742,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { - FN_AVB_MDC, FN_SSI_SDATA6_B, 0, 0, } - }, - { PINMUX_CFG_REG_VAR("IPSR9", 0xE6060044, 32, -- 1, 3, 3, 3, 3, 2, 2, 3, 3, 3, 3, 3, 3) { -+ 1, 3, 3, 3, 3, 2, 2, 3, 3, 3, 3, 3) { - /* IP9_31 [1] */ - 0, 0, - /* IP9_30_28 [3] */ -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a77995.c b/drivers/pinctrl/sh-pfc/pfc-r8a77995.c -index 4f5ee1d7317d..36421df1b326 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a77995.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a77995.c -@@ -391,10 +391,10 @@ FM(IP12_31_28) IP12_31_28 \ - #define MOD_SEL0_27 FM(SEL_MSIOF3_0) FM(SEL_MSIOF3_1) - #define MOD_SEL0_26 FM(SEL_HSCIF3_0) FM(SEL_HSCIF3_1) - #define MOD_SEL0_25 FM(SEL_SCIF4_0) FM(SEL_SCIF4_1) --#define MOD_SEL0_24_23 FM(SEL_PWM0_0) FM(SEL_PWM0_1) FM(SEL_PWM0_2) FM(SEL_PWM0_3) --#define MOD_SEL0_22_21 FM(SEL_PWM1_0) FM(SEL_PWM1_1) FM(SEL_PWM1_2) FM(SEL_PWM1_3) --#define MOD_SEL0_20_19 FM(SEL_PWM2_0) FM(SEL_PWM2_1) FM(SEL_PWM2_2) FM(SEL_PWM2_3) --#define MOD_SEL0_18_17 FM(SEL_PWM3_0) FM(SEL_PWM3_1) FM(SEL_PWM3_2) FM(SEL_PWM3_3) -+#define MOD_SEL0_24_23 FM(SEL_PWM0_0) FM(SEL_PWM0_1) FM(SEL_PWM0_2) F_(0, 0) -+#define MOD_SEL0_22_21 FM(SEL_PWM1_0) FM(SEL_PWM1_1) FM(SEL_PWM1_2) F_(0, 0) -+#define MOD_SEL0_20_19 FM(SEL_PWM2_0) FM(SEL_PWM2_1) FM(SEL_PWM2_2) F_(0, 0) -+#define MOD_SEL0_18_17 FM(SEL_PWM3_0) FM(SEL_PWM3_1) FM(SEL_PWM3_2) F_(0, 0) - #define MOD_SEL0_15 FM(SEL_IRQ_0_0) FM(SEL_IRQ_0_1) - #define MOD_SEL0_14 FM(SEL_IRQ_1_0) FM(SEL_IRQ_1_1) - #define MOD_SEL0_13 FM(SEL_IRQ_2_0) FM(SEL_IRQ_2_1) -diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7269.c b/drivers/pinctrl/sh-pfc/pfc-sh7269.c -index a50d22bef1f4..cfdb4fc177c3 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-sh7269.c -+++ b/drivers/pinctrl/sh-pfc/pfc-sh7269.c -@@ -2119,7 +2119,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { - }, - - { PINMUX_CFG_REG("PCIOR0", 0xfffe3852, 16, 1) { -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - PC8_IN, PC8_OUT, - PC7_IN, PC7_OUT, - PC6_IN, PC6_OUT, -diff --git a/drivers/pinctrl/sh-pfc/pfc-sh73a0.c b/drivers/pinctrl/sh-pfc/pfc-sh73a0.c -index d25e6f674d0a..6dca760f9f28 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-sh73a0.c -+++ b/drivers/pinctrl/sh-pfc/pfc-sh73a0.c -@@ -3086,6 +3086,7 @@ static const unsigned int tpu4_to2_mux[] = { - }; - static const unsigned int tpu4_to3_pins[] = { - /* TO */ -+ PIN_NUMBER(6, 26), - }; - static const unsigned int tpu4_to3_mux[] = { - TPU4TO3_MARK, -@@ -3366,7 +3367,8 @@ static const char * const fsic_groups[] = { - "fsic_sclk_out", - "fsic_data_in", - "fsic_data_out", -- "fsic_spdif", -+ "fsic_spdif_0", -+ "fsic_spdif_1", - }; - - static const char * const fsid_groups[] = { -diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7734.c b/drivers/pinctrl/sh-pfc/pfc-sh7734.c -index 3eccc9b3ca84..c691e5e9d9de 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-sh7734.c -+++ b/drivers/pinctrl/sh-pfc/pfc-sh7734.c -@@ -2231,13 +2231,13 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { - FN_LCD_CL1_B, 0, 0, - /* IP10_5_3 [3] */ - FN_SSI_WS23, FN_VI1_5_B, FN_TX1_D, FN_HSCK0_C, FN_FALE_B, -- FN_LCD_DON_B, 0, 0, 0, -+ FN_LCD_DON_B, 0, 0, - /* IP10_2_0 [3] */ - FN_SSI_SCK23, FN_VI1_4_B, FN_RX1_D, FN_FCLE_B, - FN_LCD_DATA15_B, 0, 0, 0 } - }, - { PINMUX_CFG_REG_VAR("IPSR11", 0xFFFC0048, 32, -- 3, 1, 2, 2, 2, 3, 3, 1, 2, 3, 3, 1, 1, 1, 1) { -+ 3, 1, 2, 3, 2, 2, 3, 3, 1, 2, 3, 3, 1, 1, 1, 1) { - /* IP11_31_29 [3] */ - 0, 0, 0, 0, 0, 0, 0, 0, - /* IP11_28 [1] */ -diff --git a/drivers/platform/mips/cpu_hwmon.c b/drivers/platform/mips/cpu_hwmon.c -index 322de58eebaf..02484ae9a116 100644 ---- a/drivers/platform/mips/cpu_hwmon.c -+++ b/drivers/platform/mips/cpu_hwmon.c -@@ -158,7 +158,7 @@ static int __init loongson_hwmon_init(void) - - cpu_hwmon_dev = hwmon_device_register(NULL); - if (IS_ERR(cpu_hwmon_dev)) { -- ret = -ENOMEM; -+ ret = PTR_ERR(cpu_hwmon_dev); - pr_err("hwmon_device_register fail!\n"); - goto fail_hwmon_device_register; - } -diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c -index e335b18da20f..2c82188f8486 100644 ---- a/drivers/platform/x86/alienware-wmi.c -+++ b/drivers/platform/x86/alienware-wmi.c -@@ -505,23 +505,22 @@ static acpi_status alienware_wmax_command(struct wmax_basic_args *in_args, - - input.length = (acpi_size) sizeof(*in_args); - input.pointer = in_args; -- if (out_data != NULL) { -+ if (out_data) { - output.length = ACPI_ALLOCATE_BUFFER; - output.pointer = NULL; - status = wmi_evaluate_method(WMAX_CONTROL_GUID, 0, - command, &input, &output); -- } else -+ if (ACPI_SUCCESS(status)) { -+ obj = (union acpi_object *)output.pointer; -+ if (obj && obj->type == ACPI_TYPE_INTEGER) -+ *out_data = (u32)obj->integer.value; -+ } -+ kfree(output.pointer); -+ } else { - status = wmi_evaluate_method(WMAX_CONTROL_GUID, 0, - command, &input, NULL); -- -- if (ACPI_SUCCESS(status) && out_data != NULL) { -- obj = (union acpi_object *)output.pointer; -- if (obj && obj->type == ACPI_TYPE_INTEGER) -- *out_data = (u32) obj->integer.value; - } -- kfree(output.pointer); - return status; -- - } - - /* -@@ -571,7 +570,7 @@ static ssize_t show_hdmi_source(struct device *dev, - return scnprintf(buf, PAGE_SIZE, - "input [gpu] unknown\n"); - } -- pr_err("alienware-wmi: unknown HDMI source status: %d\n", out_data); -+ pr_err("alienware-wmi: unknown HDMI source status: %u\n", status); - return scnprintf(buf, PAGE_SIZE, "input gpu [unknown]\n"); - } - -diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c -index 7f8fa42a1084..a56e997816b2 100644 ---- a/drivers/platform/x86/wmi.c -+++ b/drivers/platform/x86/wmi.c -@@ -748,6 +748,9 @@ static int wmi_dev_match(struct device *dev, struct device_driver *driver) - struct wmi_block *wblock = dev_to_wblock(dev); - const struct wmi_device_id *id = wmi_driver->id_table; - -+ if (id == NULL) -+ return 0; -+ - while (id->guid_string) { - uuid_le driver_guid; - -diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c -index 3226faebe0a0..0f1a0efd5926 100644 ---- a/drivers/power/supply/power_supply_core.c -+++ b/drivers/power/supply/power_supply_core.c -@@ -891,14 +891,14 @@ __power_supply_register(struct device *parent, - } - - spin_lock_init(&psy->changed_lock); -- rc = device_init_wakeup(dev, ws); -- if (rc) -- goto wakeup_init_failed; -- - rc = device_add(dev); - if (rc) - goto device_add_failed; - -+ rc = device_init_wakeup(dev, ws); -+ if (rc) -+ goto wakeup_init_failed; -+ - rc = psy_register_thermal(psy); - if (rc) - goto register_thermal_failed; -@@ -935,8 +935,8 @@ register_cooler_failed: - psy_unregister_thermal(psy); - register_thermal_failed: - device_del(dev); --device_add_failed: - wakeup_init_failed: -+device_add_failed: - check_supplies_failed: - dev_set_name_failed: - put_device(dev); -diff --git a/drivers/pwm/pwm-lpss.c b/drivers/pwm/pwm-lpss.c -index 1e69c1c9ec09..7a4a6406cf69 100644 ---- a/drivers/pwm/pwm-lpss.c -+++ b/drivers/pwm/pwm-lpss.c -@@ -216,6 +216,12 @@ EXPORT_SYMBOL_GPL(pwm_lpss_probe); - - int pwm_lpss_remove(struct pwm_lpss_chip *lpwm) - { -+ int i; -+ -+ for (i = 0; i < lpwm->info->npwm; i++) { -+ if (pwm_is_enabled(&lpwm->chip.pwms[i])) -+ pm_runtime_put(lpwm->chip.dev); -+ } - return pwmchip_remove(&lpwm->chip); - } - EXPORT_SYMBOL_GPL(pwm_lpss_remove); -diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c -index 9b79cbc7a715..3d2c36963a4f 100644 ---- a/drivers/pwm/pwm-meson.c -+++ b/drivers/pwm/pwm-meson.c -@@ -188,7 +188,7 @@ static int meson_pwm_calc(struct meson_pwm *meson, - do_div(fin_ps, fin_freq); - - /* Calc pre_div with the period */ -- for (pre_div = 0; pre_div < MISC_CLK_DIV_MASK; pre_div++) { -+ for (pre_div = 0; pre_div <= MISC_CLK_DIV_MASK; pre_div++) { - cnt = DIV_ROUND_CLOSEST_ULL((u64)period * 1000, - fin_ps * (pre_div + 1)); - dev_dbg(meson->chip.dev, "fin_ps=%llu pre_div=%u cnt=%u\n", -@@ -197,7 +197,7 @@ static int meson_pwm_calc(struct meson_pwm *meson, - break; - } - -- if (pre_div == MISC_CLK_DIV_MASK) { -+ if (pre_div > MISC_CLK_DIV_MASK) { - dev_err(meson->chip.dev, "unable to get period pre_div\n"); - return -EINVAL; - } -@@ -325,11 +325,6 @@ static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, - if (state->period != channel->state.period || - state->duty_cycle != channel->state.duty_cycle || - state->polarity != channel->state.polarity) { -- if (channel->state.enabled) { -- meson_pwm_disable(meson, pwm->hwpwm); -- channel->state.enabled = false; -- } -- - if (state->polarity != channel->state.polarity) { - if (state->polarity == PWM_POLARITY_NORMAL) - meson->inverter_mask |= BIT(pwm->hwpwm); -diff --git a/drivers/rapidio/rio_cm.c b/drivers/rapidio/rio_cm.c -index ef989a15aefc..b29fc258eeba 100644 ---- a/drivers/rapidio/rio_cm.c -+++ b/drivers/rapidio/rio_cm.c -@@ -1215,7 +1215,9 @@ static int riocm_ch_listen(u16 ch_id) - riocm_debug(CHOP, "(ch_%d)", ch_id); - - ch = riocm_get_channel(ch_id); -- if (!ch || !riocm_cmp_exch(ch, RIO_CM_CHAN_BOUND, RIO_CM_LISTEN)) -+ if (!ch) -+ return -EINVAL; -+ if (!riocm_cmp_exch(ch, RIO_CM_CHAN_BOUND, RIO_CM_LISTEN)) - ret = -EINVAL; - riocm_put_channel(ch); - return ret; -diff --git a/drivers/regulator/lp87565-regulator.c b/drivers/regulator/lp87565-regulator.c -index cfdbe294fb6a..32d4e6ec2e19 100644 ---- a/drivers/regulator/lp87565-regulator.c -+++ b/drivers/regulator/lp87565-regulator.c -@@ -188,7 +188,7 @@ static int lp87565_regulator_probe(struct platform_device *pdev) - struct lp87565 *lp87565 = dev_get_drvdata(pdev->dev.parent); - struct regulator_config config = { }; - struct regulator_dev *rdev; -- int i, min_idx = LP87565_BUCK_1, max_idx = LP87565_BUCK_3; -+ int i, min_idx = LP87565_BUCK_0, max_idx = LP87565_BUCK_3; - - platform_set_drvdata(pdev, lp87565); - -diff --git a/drivers/regulator/pv88060-regulator.c b/drivers/regulator/pv88060-regulator.c -index a9446056435f..1f2d8180506b 100644 ---- a/drivers/regulator/pv88060-regulator.c -+++ b/drivers/regulator/pv88060-regulator.c -@@ -135,7 +135,7 @@ static int pv88060_set_current_limit(struct regulator_dev *rdev, int min, - int i; - - /* search for closest to maximum */ -- for (i = info->n_current_limits; i >= 0; i--) { -+ for (i = info->n_current_limits - 1; i >= 0; i--) { - if (min <= info->current_limits[i] - && max >= info->current_limits[i]) { - return regmap_update_bits(rdev->regmap, -diff --git a/drivers/regulator/pv88080-regulator.c b/drivers/regulator/pv88080-regulator.c -index 9a08cb2de501..6770e4de2097 100644 ---- a/drivers/regulator/pv88080-regulator.c -+++ b/drivers/regulator/pv88080-regulator.c -@@ -279,7 +279,7 @@ static int pv88080_set_current_limit(struct regulator_dev *rdev, int min, - int i; - - /* search for closest to maximum */ -- for (i = info->n_current_limits; i >= 0; i--) { -+ for (i = info->n_current_limits - 1; i >= 0; i--) { - if (min <= info->current_limits[i] - && max >= info->current_limits[i]) { - return regmap_update_bits(rdev->regmap, -diff --git a/drivers/regulator/pv88090-regulator.c b/drivers/regulator/pv88090-regulator.c -index 7a0c15957bd0..2302b0df7630 100644 ---- a/drivers/regulator/pv88090-regulator.c -+++ b/drivers/regulator/pv88090-regulator.c -@@ -157,7 +157,7 @@ static int pv88090_set_current_limit(struct regulator_dev *rdev, int min, - int i; - - /* search for closest to maximum */ -- for (i = info->n_current_limits; i >= 0; i--) { -+ for (i = info->n_current_limits - 1; i >= 0; i--) { - if (min <= info->current_limits[i] - && max >= info->current_limits[i]) { - return regmap_update_bits(rdev->regmap, -diff --git a/drivers/regulator/tps65086-regulator.c b/drivers/regulator/tps65086-regulator.c -index 45e96e154690..5a5e9b5bf4be 100644 ---- a/drivers/regulator/tps65086-regulator.c -+++ b/drivers/regulator/tps65086-regulator.c -@@ -90,8 +90,8 @@ static const struct regulator_linear_range tps65086_buck345_25mv_ranges[] = { - static const struct regulator_linear_range tps65086_ldoa1_ranges[] = { - REGULATOR_LINEAR_RANGE(1350000, 0x0, 0x0, 0), - REGULATOR_LINEAR_RANGE(1500000, 0x1, 0x7, 100000), -- REGULATOR_LINEAR_RANGE(2300000, 0x8, 0xA, 100000), -- REGULATOR_LINEAR_RANGE(2700000, 0xB, 0xD, 150000), -+ REGULATOR_LINEAR_RANGE(2300000, 0x8, 0xB, 100000), -+ REGULATOR_LINEAR_RANGE(2850000, 0xC, 0xD, 150000), - REGULATOR_LINEAR_RANGE(3300000, 0xE, 0xE, 0), - }; - -diff --git a/drivers/regulator/wm831x-dcdc.c b/drivers/regulator/wm831x-dcdc.c -index 5a5bc4bb08d2..df591435d12a 100644 ---- a/drivers/regulator/wm831x-dcdc.c -+++ b/drivers/regulator/wm831x-dcdc.c -@@ -327,8 +327,8 @@ static int wm831x_buckv_get_voltage_sel(struct regulator_dev *rdev) - } - - /* Current limit options */ --static u16 wm831x_dcdc_ilim[] = { -- 125, 250, 375, 500, 625, 750, 875, 1000 -+static const unsigned int wm831x_dcdc_ilim[] = { -+ 125000, 250000, 375000, 500000, 625000, 750000, 875000, 1000000 - }; - - static int wm831x_buckv_set_current_limit(struct regulator_dev *rdev, -diff --git a/drivers/rtc/rtc-88pm80x.c b/drivers/rtc/rtc-88pm80x.c -index 466bf7f9a285..7da2a1fb50f8 100644 ---- a/drivers/rtc/rtc-88pm80x.c -+++ b/drivers/rtc/rtc-88pm80x.c -@@ -116,12 +116,14 @@ static int pm80x_rtc_read_time(struct device *dev, struct rtc_time *tm) - unsigned char buf[4]; - unsigned long ticks, base, data; - regmap_raw_read(info->map, PM800_RTC_EXPIRE2_1, buf, 4); -- base = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ base = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - dev_dbg(info->dev, "%x-%x-%x-%x\n", buf[0], buf[1], buf[2], buf[3]); - - /* load 32-bit read-only counter */ - regmap_raw_read(info->map, PM800_RTC_COUNTER1, buf, 4); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -144,7 +146,8 @@ static int pm80x_rtc_set_time(struct device *dev, struct rtc_time *tm) - - /* load 32-bit read-only counter */ - regmap_raw_read(info->map, PM800_RTC_COUNTER1, buf, 4); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - base = ticks - data; - dev_dbg(info->dev, "set base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -165,11 +168,13 @@ static int pm80x_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alrm) - int ret; - - regmap_raw_read(info->map, PM800_RTC_EXPIRE2_1, buf, 4); -- base = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ base = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - dev_dbg(info->dev, "%x-%x-%x-%x\n", buf[0], buf[1], buf[2], buf[3]); - - regmap_raw_read(info->map, PM800_RTC_EXPIRE1_1, buf, 4); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -192,12 +197,14 @@ static int pm80x_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alrm) - regmap_update_bits(info->map, PM800_RTC_CONTROL, PM800_ALARM1_EN, 0); - - regmap_raw_read(info->map, PM800_RTC_EXPIRE2_1, buf, 4); -- base = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ base = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - dev_dbg(info->dev, "%x-%x-%x-%x\n", buf[0], buf[1], buf[2], buf[3]); - - /* load 32-bit read-only counter */ - regmap_raw_read(info->map, PM800_RTC_COUNTER1, buf, 4); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -diff --git a/drivers/rtc/rtc-88pm860x.c b/drivers/rtc/rtc-88pm860x.c -index 166faae3a59c..7d3e5168fcef 100644 ---- a/drivers/rtc/rtc-88pm860x.c -+++ b/drivers/rtc/rtc-88pm860x.c -@@ -115,11 +115,13 @@ static int pm860x_rtc_read_time(struct device *dev, struct rtc_time *tm) - pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf); - dev_dbg(info->dev, "%x-%x-%x-%x-%x-%x-%x-%x\n", buf[0], buf[1], - buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); -- base = (buf[1] << 24) | (buf[3] << 16) | (buf[5] << 8) | buf[7]; -+ base = ((unsigned long)buf[1] << 24) | (buf[3] << 16) | -+ (buf[5] << 8) | buf[7]; - - /* load 32-bit read-only counter */ - pm860x_bulk_read(info->i2c, PM8607_RTC_COUNTER1, 4, buf); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -145,7 +147,8 @@ static int pm860x_rtc_set_time(struct device *dev, struct rtc_time *tm) - - /* load 32-bit read-only counter */ - pm860x_bulk_read(info->i2c, PM8607_RTC_COUNTER1, 4, buf); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - base = ticks - data; - dev_dbg(info->dev, "set base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -170,10 +173,12 @@ static int pm860x_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alrm) - pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf); - dev_dbg(info->dev, "%x-%x-%x-%x-%x-%x-%x-%x\n", buf[0], buf[1], - buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); -- base = (buf[1] << 24) | (buf[3] << 16) | (buf[5] << 8) | buf[7]; -+ base = ((unsigned long)buf[1] << 24) | (buf[3] << 16) | -+ (buf[5] << 8) | buf[7]; - - pm860x_bulk_read(info->i2c, PM8607_RTC_EXPIRE1, 4, buf); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -@@ -198,11 +203,13 @@ static int pm860x_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alrm) - pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf); - dev_dbg(info->dev, "%x-%x-%x-%x-%x-%x-%x-%x\n", buf[0], buf[1], - buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); -- base = (buf[1] << 24) | (buf[3] << 16) | (buf[5] << 8) | buf[7]; -+ base = ((unsigned long)buf[1] << 24) | (buf[3] << 16) | -+ (buf[5] << 8) | buf[7]; - - /* load 32-bit read-only counter */ - pm860x_bulk_read(info->i2c, PM8607_RTC_COUNTER1, 4, buf); -- data = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ data = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - ticks = base + data; - dev_dbg(info->dev, "get base:0x%lx, RO count:0x%lx, ticks:0x%lx\n", - base, data, ticks); -diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c -index e7d9215c9201..8d45d93b1db6 100644 ---- a/drivers/rtc/rtc-ds1307.c -+++ b/drivers/rtc/rtc-ds1307.c -@@ -733,8 +733,8 @@ static int rx8130_set_alarm(struct device *dev, struct rtc_wkalrm *t) - if (ret < 0) - return ret; - -- ctl[0] &= ~RX8130_REG_EXTENSION_WADA; -- ctl[1] |= RX8130_REG_FLAG_AF; -+ ctl[0] &= RX8130_REG_EXTENSION_WADA; -+ ctl[1] &= ~RX8130_REG_FLAG_AF; - ctl[2] &= ~RX8130_REG_CONTROL0_AIE; - - ret = regmap_bulk_write(ds1307->regmap, RX8130_REG_EXTENSION, ctl, -@@ -757,8 +757,7 @@ static int rx8130_set_alarm(struct device *dev, struct rtc_wkalrm *t) - - ctl[2] |= RX8130_REG_CONTROL0_AIE; - -- return regmap_bulk_write(ds1307->regmap, RX8130_REG_EXTENSION, ctl, -- sizeof(ctl)); -+ return regmap_write(ds1307->regmap, RX8130_REG_CONTROL0, ctl[2]); - } - - static int rx8130_alarm_irq_enable(struct device *dev, unsigned int enabled) -diff --git a/drivers/rtc/rtc-ds1672.c b/drivers/rtc/rtc-ds1672.c -index 9caaccccaa57..b1ebca099b0d 100644 ---- a/drivers/rtc/rtc-ds1672.c -+++ b/drivers/rtc/rtc-ds1672.c -@@ -58,7 +58,8 @@ static int ds1672_get_datetime(struct i2c_client *client, struct rtc_time *tm) - "%s: raw read data - counters=%02x,%02x,%02x,%02x\n", - __func__, buf[0], buf[1], buf[2], buf[3]); - -- time = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; -+ time = ((unsigned long)buf[3] << 24) | (buf[2] << 16) | -+ (buf[1] << 8) | buf[0]; - - rtc_time_to_tm(time, tm); - -diff --git a/drivers/rtc/rtc-mc146818-lib.c b/drivers/rtc/rtc-mc146818-lib.c -index 2f1772a358ca..18a6f15e313d 100644 ---- a/drivers/rtc/rtc-mc146818-lib.c -+++ b/drivers/rtc/rtc-mc146818-lib.c -@@ -82,7 +82,7 @@ unsigned int mc146818_get_time(struct rtc_time *time) - time->tm_year += real_year - 72; - #endif - -- if (century) -+ if (century > 20) - time->tm_year += (century - 19) * 100; - - /* -diff --git a/drivers/rtc/rtc-pcf2127.c b/drivers/rtc/rtc-pcf2127.c -index 9f1b14bf91ae..367e0f803440 100644 ---- a/drivers/rtc/rtc-pcf2127.c -+++ b/drivers/rtc/rtc-pcf2127.c -@@ -52,20 +52,14 @@ static int pcf2127_rtc_read_time(struct device *dev, struct rtc_time *tm) - struct pcf2127 *pcf2127 = dev_get_drvdata(dev); - unsigned char buf[10]; - int ret; -- int i; - -- for (i = 0; i <= PCF2127_REG_CTRL3; i++) { -- ret = regmap_read(pcf2127->regmap, PCF2127_REG_CTRL1 + i, -- (unsigned int *)(buf + i)); -- if (ret) { -- dev_err(dev, "%s: read error\n", __func__); -- return ret; -- } -- } -- -- ret = regmap_bulk_read(pcf2127->regmap, PCF2127_REG_SC, -- (buf + PCF2127_REG_SC), -- ARRAY_SIZE(buf) - PCF2127_REG_SC); -+ /* -+ * Avoid reading CTRL2 register as it causes WD_VAL register -+ * value to reset to 0 which means watchdog is stopped. -+ */ -+ ret = regmap_bulk_read(pcf2127->regmap, PCF2127_REG_CTRL3, -+ (buf + PCF2127_REG_CTRL3), -+ ARRAY_SIZE(buf) - PCF2127_REG_CTRL3); - if (ret) { - dev_err(dev, "%s: read error\n", __func__); - return ret; -@@ -86,14 +80,12 @@ static int pcf2127_rtc_read_time(struct device *dev, struct rtc_time *tm) - } - - dev_dbg(dev, -- "%s: raw data is cr1=%02x, cr2=%02x, cr3=%02x, " -- "sec=%02x, min=%02x, hr=%02x, " -+ "%s: raw data is cr3=%02x, sec=%02x, min=%02x, hr=%02x, " - "mday=%02x, wday=%02x, mon=%02x, year=%02x\n", -- __func__, -- buf[0], buf[1], buf[2], -- buf[3], buf[4], buf[5], -- buf[6], buf[7], buf[8], buf[9]); -- -+ __func__, buf[PCF2127_REG_CTRL3], buf[PCF2127_REG_SC], -+ buf[PCF2127_REG_MN], buf[PCF2127_REG_HR], -+ buf[PCF2127_REG_DM], buf[PCF2127_REG_DW], -+ buf[PCF2127_REG_MO], buf[PCF2127_REG_YR]); - - tm->tm_sec = bcd2bin(buf[PCF2127_REG_SC] & 0x7F); - tm->tm_min = bcd2bin(buf[PCF2127_REG_MN] & 0x7F); -diff --git a/drivers/rtc/rtc-pcf8563.c b/drivers/rtc/rtc-pcf8563.c -index 8c836c51a508..4d0b81f9805f 100644 ---- a/drivers/rtc/rtc-pcf8563.c -+++ b/drivers/rtc/rtc-pcf8563.c -@@ -563,7 +563,6 @@ static int pcf8563_probe(struct i2c_client *client, - struct pcf8563 *pcf8563; - int err; - unsigned char buf; -- unsigned char alm_pending; - - dev_dbg(&client->dev, "%s\n", __func__); - -@@ -587,13 +586,13 @@ static int pcf8563_probe(struct i2c_client *client, - return err; - } - -- err = pcf8563_get_alarm_mode(client, NULL, &alm_pending); -- if (err) { -- dev_err(&client->dev, "%s: read error\n", __func__); -+ /* Clear flags and disable interrupts */ -+ buf = 0; -+ err = pcf8563_write_block_data(client, PCF8563_REG_ST2, 1, &buf); -+ if (err < 0) { -+ dev_err(&client->dev, "%s: write error\n", __func__); - return err; - } -- if (alm_pending) -- pcf8563_set_alarm_mode(client, 0); - - pcf8563->rtc = devm_rtc_device_register(&client->dev, - pcf8563_driver.driver.name, -@@ -605,7 +604,7 @@ static int pcf8563_probe(struct i2c_client *client, - if (client->irq > 0) { - err = devm_request_threaded_irq(&client->dev, client->irq, - NULL, pcf8563_irq, -- IRQF_SHARED|IRQF_ONESHOT|IRQF_TRIGGER_FALLING, -+ IRQF_SHARED | IRQF_ONESHOT | IRQF_TRIGGER_LOW, - pcf8563_driver.driver.name, client); - if (err) { - dev_err(&client->dev, "unable to request IRQ %d\n", -diff --git a/drivers/rtc/rtc-pm8xxx.c b/drivers/rtc/rtc-pm8xxx.c -index fac835530671..a1b4b0ed1f19 100644 ---- a/drivers/rtc/rtc-pm8xxx.c -+++ b/drivers/rtc/rtc-pm8xxx.c -@@ -186,7 +186,8 @@ static int pm8xxx_rtc_read_time(struct device *dev, struct rtc_time *tm) - } - } - -- secs = value[0] | (value[1] << 8) | (value[2] << 16) | (value[3] << 24); -+ secs = value[0] | (value[1] << 8) | (value[2] << 16) | -+ ((unsigned long)value[3] << 24); - - rtc_time_to_tm(secs, tm); - -@@ -267,7 +268,8 @@ static int pm8xxx_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm) - return rc; - } - -- secs = value[0] | (value[1] << 8) | (value[2] << 16) | (value[3] << 24); -+ secs = value[0] | (value[1] << 8) | (value[2] << 16) | -+ ((unsigned long)value[3] << 24); - - rtc_time_to_tm(secs, &alarm->time); - -diff --git a/drivers/scsi/fnic/fnic_isr.c b/drivers/scsi/fnic/fnic_isr.c -index 4e3a50202e8c..d28088218c36 100644 ---- a/drivers/scsi/fnic/fnic_isr.c -+++ b/drivers/scsi/fnic/fnic_isr.c -@@ -254,7 +254,7 @@ int fnic_set_intr_mode(struct fnic *fnic) - int vecs = n + m + o + 1; - - if (pci_alloc_irq_vectors(fnic->pdev, vecs, vecs, -- PCI_IRQ_MSIX) < 0) { -+ PCI_IRQ_MSIX) == vecs) { - fnic->rq_count = n; - fnic->raw_wq_count = m; - fnic->wq_copy_count = o; -@@ -280,7 +280,7 @@ int fnic_set_intr_mode(struct fnic *fnic) - fnic->wq_copy_count >= 1 && - fnic->cq_count >= 3 && - fnic->intr_count >= 1 && -- pci_alloc_irq_vectors(fnic->pdev, 1, 1, PCI_IRQ_MSI) < 0) { -+ pci_alloc_irq_vectors(fnic->pdev, 1, 1, PCI_IRQ_MSI) == 1) { - fnic->rq_count = 1; - fnic->raw_wq_count = 1; - fnic->wq_copy_count = 1; -diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index 42bcf7f3a0f9..6ba257cbc6d9 100644 ---- a/drivers/scsi/libfc/fc_exch.c -+++ b/drivers/scsi/libfc/fc_exch.c -@@ -2603,7 +2603,7 @@ void fc_exch_recv(struct fc_lport *lport, struct fc_frame *fp) - - /* lport lock ? */ - if (!lport || lport->state == LPORT_ST_DISABLED) { -- FC_LPORT_DBG(lport, "Receiving frames for an lport that " -+ FC_LIBFC_DBG("Receiving frames for an lport that " - "has not been initialized correctly\n"); - fc_frame_free(fp); - return; -diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c -index 577513649afb..6abad63b127a 100644 ---- a/drivers/scsi/megaraid/megaraid_sas_base.c -+++ b/drivers/scsi/megaraid/megaraid_sas_base.c -@@ -3823,12 +3823,12 @@ megasas_transition_to_ready(struct megasas_instance *instance, int ocr) - /* - * The cur_state should not last for more than max_wait secs - */ -- for (i = 0; i < max_wait; i++) { -+ for (i = 0; i < max_wait * 50; i++) { - curr_abs_state = instance->instancet-> - read_fw_status_reg(instance->reg_set); - - if (abs_state == curr_abs_state) { -- msleep(1000); -+ msleep(20); - } else - break; - } -diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index 5617bb18c233..5f9d4dbc4a98 100644 ---- a/drivers/scsi/qla2xxx/qla_os.c -+++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -6714,8 +6714,7 @@ qla2x00_module_init(void) - /* Initialize target kmem_cache and mem_pools */ - ret = qlt_init(); - if (ret < 0) { -- kmem_cache_destroy(srb_cachep); -- return ret; -+ goto destroy_cache; - } else if (ret > 0) { - /* - * If initiator mode is explictly disabled by qlt_init(), -@@ -6736,11 +6735,10 @@ qla2x00_module_init(void) - qla2xxx_transport_template = - fc_attach_transport(&qla2xxx_transport_functions); - if (!qla2xxx_transport_template) { -- kmem_cache_destroy(srb_cachep); - ql_log(ql_log_fatal, NULL, 0x0002, - "fc_attach_transport failed...Failing load!.\n"); -- qlt_exit(); -- return -ENODEV; -+ ret = -ENODEV; -+ goto qlt_exit; - } - - apidev_major = register_chrdev(0, QLA2XXX_APIDEV, &apidev_fops); -@@ -6752,27 +6750,37 @@ qla2x00_module_init(void) - qla2xxx_transport_vport_template = - fc_attach_transport(&qla2xxx_transport_vport_functions); - if (!qla2xxx_transport_vport_template) { -- kmem_cache_destroy(srb_cachep); -- qlt_exit(); -- fc_release_transport(qla2xxx_transport_template); - ql_log(ql_log_fatal, NULL, 0x0004, - "fc_attach_transport vport failed...Failing load!.\n"); -- return -ENODEV; -+ ret = -ENODEV; -+ goto unreg_chrdev; - } - ql_log(ql_log_info, NULL, 0x0005, - "QLogic Fibre Channel HBA Driver: %s.\n", - qla2x00_version_str); - ret = pci_register_driver(&qla2xxx_pci_driver); - if (ret) { -- kmem_cache_destroy(srb_cachep); -- qlt_exit(); -- fc_release_transport(qla2xxx_transport_template); -- fc_release_transport(qla2xxx_transport_vport_template); - ql_log(ql_log_fatal, NULL, 0x0006, - "pci_register_driver failed...ret=%d Failing load!.\n", - ret); -+ goto release_vport_transport; - } - return ret; -+ -+release_vport_transport: -+ fc_release_transport(qla2xxx_transport_vport_template); -+ -+unreg_chrdev: -+ if (apidev_major >= 0) -+ unregister_chrdev(apidev_major, QLA2XXX_APIDEV); -+ fc_release_transport(qla2xxx_transport_template); -+ -+qlt_exit: -+ qlt_exit(); -+ -+destroy_cache: -+ kmem_cache_destroy(srb_cachep); -+ return ret; - } - - /** -diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c -index 55227d20496a..21011c5fddeb 100644 ---- a/drivers/scsi/qla2xxx/qla_target.c -+++ b/drivers/scsi/qla2xxx/qla_target.c -@@ -2122,14 +2122,14 @@ void qlt_send_resp_ctio(struct qla_qpair *qpair, struct qla_tgt_cmd *cmd, - ctio->u.status1.scsi_status |= - cpu_to_le16(SS_RESIDUAL_UNDER); - -- /* Response code and sense key */ -- put_unaligned_le32(((0x70 << 24) | (sense_key << 8)), -- (&ctio->u.status1.sense_data)[0]); -+ /* Fixed format sense data. */ -+ ctio->u.status1.sense_data[0] = 0x70; -+ ctio->u.status1.sense_data[2] = sense_key; - /* Additional sense length */ -- put_unaligned_le32(0x0a, (&ctio->u.status1.sense_data)[1]); -+ ctio->u.status1.sense_data[7] = 0xa; - /* ASC and ASCQ */ -- put_unaligned_le32(((asc << 24) | (ascq << 16)), -- (&ctio->u.status1.sense_data)[3]); -+ ctio->u.status1.sense_data[12] = asc; -+ ctio->u.status1.sense_data[13] = ascq; - - /* Memory Barrier */ - wmb(); -@@ -2179,7 +2179,7 @@ void qlt_xmit_tm_rsp(struct qla_tgt_mgmt_cmd *mcmd) - mcmd->orig_iocb.imm_ntfy.u.isp24.status_subcode == - ELS_TPRLO) { - ql_dbg(ql_dbg_disc, vha, 0x2106, -- "TM response logo %phC status %#x state %#x", -+ "TM response logo %8phC status %#x state %#x", - mcmd->sess->port_name, mcmd->fc_tm_rsp, - mcmd->flags); - qlt_schedule_sess_for_deletion_lock(mcmd->sess); -diff --git a/drivers/soc/fsl/qe/gpio.c b/drivers/soc/fsl/qe/gpio.c -index 3b27075c21a7..5cbc5ce5ac15 100644 ---- a/drivers/soc/fsl/qe/gpio.c -+++ b/drivers/soc/fsl/qe/gpio.c -@@ -152,8 +152,10 @@ struct qe_pin *qe_pin_request(struct device_node *np, int index) - if (err < 0) - goto err0; - gc = gpio_to_chip(err); -- if (WARN_ON(!gc)) -+ if (WARN_ON(!gc)) { -+ err = -ENODEV; - goto err0; -+ } - - if (!of_device_is_compatible(gc->of_node, "fsl,mpc8323-qe-pario-bank")) { - pr_debug("%s: tried to get a non-qe pin\n", __func__); -diff --git a/drivers/spi/spi-bcm2835aux.c b/drivers/spi/spi-bcm2835aux.c -index 5c89bbb05441..e075712c501e 100644 ---- a/drivers/spi/spi-bcm2835aux.c -+++ b/drivers/spi/spi-bcm2835aux.c -@@ -416,7 +416,18 @@ static int bcm2835aux_spi_probe(struct platform_device *pdev) - platform_set_drvdata(pdev, master); - master->mode_bits = (SPI_CPOL | SPI_CS_HIGH | SPI_NO_CS); - master->bits_per_word_mask = SPI_BPW_MASK(8); -- master->num_chipselect = -1; -+ /* even though the driver never officially supported native CS -+ * allow a single native CS for legacy DT support purposes when -+ * no cs-gpio is configured. -+ * Known limitations for native cs are: -+ * * multiple chip-selects: cs0-cs2 are all simultaniously asserted -+ * whenever there is a transfer - this even includes SPI_NO_CS -+ * * SPI_CS_HIGH: is ignores - cs are always asserted low -+ * * cs_change: cs is deasserted after each spi_transfer -+ * * cs_delay_usec: cs is always deasserted one SCK cycle after -+ * a spi_transfer -+ */ -+ master->num_chipselect = 1; - master->transfer_one = bcm2835aux_spi_transfer_one; - master->handle_err = bcm2835aux_spi_handle_err; - master->prepare_message = bcm2835aux_spi_prepare_message; -diff --git a/drivers/spi/spi-cadence.c b/drivers/spi/spi-cadence.c -index 02bd1eba045b..d08ad93d97a1 100644 ---- a/drivers/spi/spi-cadence.c -+++ b/drivers/spi/spi-cadence.c -@@ -584,11 +584,6 @@ static int cdns_spi_probe(struct platform_device *pdev) - goto clk_dis_apb; - } - -- pm_runtime_use_autosuspend(&pdev->dev); -- pm_runtime_set_autosuspend_delay(&pdev->dev, SPI_AUTOSUSPEND_TIMEOUT); -- pm_runtime_set_active(&pdev->dev); -- pm_runtime_enable(&pdev->dev); -- - ret = of_property_read_u32(pdev->dev.of_node, "num-cs", &num_cs); - if (ret < 0) - master->num_chipselect = CDNS_SPI_DEFAULT_NUM_CS; -@@ -603,8 +598,10 @@ static int cdns_spi_probe(struct platform_device *pdev) - /* SPI controller initializations */ - cdns_spi_init_hw(xspi); - -- pm_runtime_mark_last_busy(&pdev->dev); -- pm_runtime_put_autosuspend(&pdev->dev); -+ pm_runtime_set_active(&pdev->dev); -+ pm_runtime_enable(&pdev->dev); -+ pm_runtime_use_autosuspend(&pdev->dev); -+ pm_runtime_set_autosuspend_delay(&pdev->dev, SPI_AUTOSUSPEND_TIMEOUT); - - irq = platform_get_irq(pdev, 0); - if (irq <= 0) { -diff --git a/drivers/spi/spi-fsl-spi.c b/drivers/spi/spi-fsl-spi.c -index 8b79e36fab21..cd784552de7f 100644 ---- a/drivers/spi/spi-fsl-spi.c -+++ b/drivers/spi/spi-fsl-spi.c -@@ -407,7 +407,6 @@ static int fsl_spi_do_one_msg(struct spi_master *master, - } - - m->status = status; -- spi_finalize_current_message(master); - - if (status || !cs_change) { - ndelay(nsecs); -@@ -415,6 +414,7 @@ static int fsl_spi_do_one_msg(struct spi_master *master, - } - - fsl_spi_setup_transfer(spi, NULL); -+ spi_finalize_current_message(master); - return 0; - } - -diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c -index 2ad04796ef29..84ff0c507f0b 100644 ---- a/drivers/spi/spi-tegra114.c -+++ b/drivers/spi/spi-tegra114.c -@@ -307,10 +307,16 @@ static unsigned tegra_spi_fill_tx_fifo_from_client_txbuf( - x |= (u32)(*tx_buf++) << (i * 8); - tegra_spi_writel(tspi, x, SPI_TX_FIFO); - } -+ -+ tspi->cur_tx_pos += written_words * tspi->bytes_per_word; - } else { -+ unsigned int write_bytes; - max_n_32bit = min(tspi->curr_dma_words, tx_empty_count); - written_words = max_n_32bit; - nbytes = written_words * tspi->bytes_per_word; -+ if (nbytes > t->len - tspi->cur_pos) -+ nbytes = t->len - tspi->cur_pos; -+ write_bytes = nbytes; - for (count = 0; count < max_n_32bit; count++) { - u32 x = 0; - -@@ -319,8 +325,10 @@ static unsigned tegra_spi_fill_tx_fifo_from_client_txbuf( - x |= (u32)(*tx_buf++) << (i * 8); - tegra_spi_writel(tspi, x, SPI_TX_FIFO); - } -+ -+ tspi->cur_tx_pos += write_bytes; - } -- tspi->cur_tx_pos += written_words * tspi->bytes_per_word; -+ - return written_words; - } - -@@ -344,20 +352,27 @@ static unsigned int tegra_spi_read_rx_fifo_to_client_rxbuf( - for (i = 0; len && (i < 4); i++, len--) - *rx_buf++ = (x >> i*8) & 0xFF; - } -- tspi->cur_rx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - read_words += tspi->curr_dma_words; -+ tspi->cur_rx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - } else { - u32 rx_mask = ((u32)1 << t->bits_per_word) - 1; -+ u8 bytes_per_word = tspi->bytes_per_word; -+ unsigned int read_bytes; - -+ len = rx_full_count * bytes_per_word; -+ if (len > t->len - tspi->cur_pos) -+ len = t->len - tspi->cur_pos; -+ read_bytes = len; - for (count = 0; count < rx_full_count; count++) { - u32 x = tegra_spi_readl(tspi, SPI_RX_FIFO) & rx_mask; - -- for (i = 0; (i < tspi->bytes_per_word); i++) -+ for (i = 0; len && (i < bytes_per_word); i++, len--) - *rx_buf++ = (x >> (i*8)) & 0xFF; - } -- tspi->cur_rx_pos += rx_full_count * tspi->bytes_per_word; - read_words += rx_full_count; -+ tspi->cur_rx_pos += read_bytes; - } -+ - return read_words; - } - -@@ -372,12 +387,17 @@ static void tegra_spi_copy_client_txbuf_to_spi_txbuf( - unsigned len = tspi->curr_dma_words * tspi->bytes_per_word; - - memcpy(tspi->tx_dma_buf, t->tx_buf + tspi->cur_pos, len); -+ tspi->cur_tx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - } else { - unsigned int i; - unsigned int count; - u8 *tx_buf = (u8 *)t->tx_buf + tspi->cur_tx_pos; - unsigned consume = tspi->curr_dma_words * tspi->bytes_per_word; -+ unsigned int write_bytes; - -+ if (consume > t->len - tspi->cur_pos) -+ consume = t->len - tspi->cur_pos; -+ write_bytes = consume; - for (count = 0; count < tspi->curr_dma_words; count++) { - u32 x = 0; - -@@ -386,8 +406,9 @@ static void tegra_spi_copy_client_txbuf_to_spi_txbuf( - x |= (u32)(*tx_buf++) << (i * 8); - tspi->tx_dma_buf[count] = x; - } -+ -+ tspi->cur_tx_pos += write_bytes; - } -- tspi->cur_tx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - - /* Make the dma buffer to read by dma */ - dma_sync_single_for_device(tspi->dev, tspi->tx_dma_phys, -@@ -405,20 +426,28 @@ static void tegra_spi_copy_spi_rxbuf_to_client_rxbuf( - unsigned len = tspi->curr_dma_words * tspi->bytes_per_word; - - memcpy(t->rx_buf + tspi->cur_rx_pos, tspi->rx_dma_buf, len); -+ tspi->cur_rx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - } else { - unsigned int i; - unsigned int count; - unsigned char *rx_buf = t->rx_buf + tspi->cur_rx_pos; - u32 rx_mask = ((u32)1 << t->bits_per_word) - 1; -+ unsigned consume = tspi->curr_dma_words * tspi->bytes_per_word; -+ unsigned int read_bytes; - -+ if (consume > t->len - tspi->cur_pos) -+ consume = t->len - tspi->cur_pos; -+ read_bytes = consume; - for (count = 0; count < tspi->curr_dma_words; count++) { - u32 x = tspi->rx_dma_buf[count] & rx_mask; - -- for (i = 0; (i < tspi->bytes_per_word); i++) -+ for (i = 0; consume && (i < tspi->bytes_per_word); -+ i++, consume--) - *rx_buf++ = (x >> (i*8)) & 0xFF; - } -+ -+ tspi->cur_rx_pos += read_bytes; - } -- tspi->cur_rx_pos += tspi->curr_dma_words * tspi->bytes_per_word; - - /* Make the dma buffer to read by dma */ - dma_sync_single_for_device(tspi->dev, tspi->rx_dma_phys, -@@ -470,22 +499,39 @@ static int tegra_spi_start_rx_dma(struct tegra_spi_data *tspi, int len) - return 0; - } - --static int tegra_spi_start_dma_based_transfer( -- struct tegra_spi_data *tspi, struct spi_transfer *t) -+static int tegra_spi_flush_fifos(struct tegra_spi_data *tspi) - { -- u32 val; -- unsigned int len; -- int ret = 0; -+ unsigned long timeout = jiffies + HZ; - u32 status; - -- /* Make sure that Rx and Tx fifo are empty */ - status = tegra_spi_readl(tspi, SPI_FIFO_STATUS); - if ((status & SPI_FIFO_EMPTY) != SPI_FIFO_EMPTY) { -- dev_err(tspi->dev, "Rx/Tx fifo are not empty status 0x%08x\n", -- (unsigned)status); -- return -EIO; -+ status |= SPI_RX_FIFO_FLUSH | SPI_TX_FIFO_FLUSH; -+ tegra_spi_writel(tspi, status, SPI_FIFO_STATUS); -+ while ((status & SPI_FIFO_EMPTY) != SPI_FIFO_EMPTY) { -+ status = tegra_spi_readl(tspi, SPI_FIFO_STATUS); -+ if (time_after(jiffies, timeout)) { -+ dev_err(tspi->dev, -+ "timeout waiting for fifo flush\n"); -+ return -EIO; -+ } -+ -+ udelay(1); -+ } - } - -+ return 0; -+} -+ -+static int tegra_spi_start_dma_based_transfer( -+ struct tegra_spi_data *tspi, struct spi_transfer *t) -+{ -+ u32 val; -+ unsigned int len; -+ int ret = 0; -+ u8 dma_burst; -+ struct dma_slave_config dma_sconfig = {0}; -+ - val = SPI_DMA_BLK_SET(tspi->curr_dma_words - 1); - tegra_spi_writel(tspi, val, SPI_DMA_BLK); - -@@ -496,12 +542,16 @@ static int tegra_spi_start_dma_based_transfer( - len = tspi->curr_dma_words * 4; - - /* Set attention level based on length of transfer */ -- if (len & 0xF) -+ if (len & 0xF) { - val |= SPI_TX_TRIG_1 | SPI_RX_TRIG_1; -- else if (((len) >> 4) & 0x1) -+ dma_burst = 1; -+ } else if (((len) >> 4) & 0x1) { - val |= SPI_TX_TRIG_4 | SPI_RX_TRIG_4; -- else -+ dma_burst = 4; -+ } else { - val |= SPI_TX_TRIG_8 | SPI_RX_TRIG_8; -+ dma_burst = 8; -+ } - - if (tspi->cur_direction & DATA_DIR_TX) - val |= SPI_IE_TX; -@@ -512,7 +562,18 @@ static int tegra_spi_start_dma_based_transfer( - tegra_spi_writel(tspi, val, SPI_DMA_CTL); - tspi->dma_control_reg = val; - -+ dma_sconfig.device_fc = true; - if (tspi->cur_direction & DATA_DIR_TX) { -+ dma_sconfig.dst_addr = tspi->phys + SPI_TX_FIFO; -+ dma_sconfig.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; -+ dma_sconfig.dst_maxburst = dma_burst; -+ ret = dmaengine_slave_config(tspi->tx_dma_chan, &dma_sconfig); -+ if (ret < 0) { -+ dev_err(tspi->dev, -+ "DMA slave config failed: %d\n", ret); -+ return ret; -+ } -+ - tegra_spi_copy_client_txbuf_to_spi_txbuf(tspi, t); - ret = tegra_spi_start_tx_dma(tspi, len); - if (ret < 0) { -@@ -523,6 +584,16 @@ static int tegra_spi_start_dma_based_transfer( - } - - if (tspi->cur_direction & DATA_DIR_RX) { -+ dma_sconfig.src_addr = tspi->phys + SPI_RX_FIFO; -+ dma_sconfig.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; -+ dma_sconfig.src_maxburst = dma_burst; -+ ret = dmaengine_slave_config(tspi->rx_dma_chan, &dma_sconfig); -+ if (ret < 0) { -+ dev_err(tspi->dev, -+ "DMA slave config failed: %d\n", ret); -+ return ret; -+ } -+ - /* Make the dma buffer to read by dma */ - dma_sync_single_for_device(tspi->dev, tspi->rx_dma_phys, - tspi->dma_buf_size, DMA_FROM_DEVICE); -@@ -582,7 +653,6 @@ static int tegra_spi_init_dma_param(struct tegra_spi_data *tspi, - u32 *dma_buf; - dma_addr_t dma_phys; - int ret; -- struct dma_slave_config dma_sconfig; - - dma_chan = dma_request_slave_channel_reason(tspi->dev, - dma_to_memory ? "rx" : "tx"); -@@ -602,19 +672,6 @@ static int tegra_spi_init_dma_param(struct tegra_spi_data *tspi, - return -ENOMEM; - } - -- if (dma_to_memory) { -- dma_sconfig.src_addr = tspi->phys + SPI_RX_FIFO; -- dma_sconfig.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; -- dma_sconfig.src_maxburst = 0; -- } else { -- dma_sconfig.dst_addr = tspi->phys + SPI_TX_FIFO; -- dma_sconfig.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; -- dma_sconfig.dst_maxburst = 0; -- } -- -- ret = dmaengine_slave_config(dma_chan, &dma_sconfig); -- if (ret) -- goto scrub; - if (dma_to_memory) { - tspi->rx_dma_chan = dma_chan; - tspi->rx_dma_buf = dma_buf; -@@ -625,11 +682,6 @@ static int tegra_spi_init_dma_param(struct tegra_spi_data *tspi, - tspi->tx_dma_phys = dma_phys; - } - return 0; -- --scrub: -- dma_free_coherent(tspi->dev, tspi->dma_buf_size, dma_buf, dma_phys); -- dma_release_channel(dma_chan); -- return ret; - } - - static void tegra_spi_deinit_dma_param(struct tegra_spi_data *tspi, -@@ -730,6 +782,8 @@ static int tegra_spi_start_transfer_one(struct spi_device *spi, - - if (tspi->is_packed) - command1 |= SPI_PACKED; -+ else -+ command1 &= ~SPI_PACKED; - - command1 &= ~(SPI_CS_SEL_MASK | SPI_TX_EN | SPI_RX_EN); - tspi->cur_direction = 0; -@@ -748,6 +802,9 @@ static int tegra_spi_start_transfer_one(struct spi_device *spi, - dev_dbg(tspi->dev, "The def 0x%x and written 0x%x\n", - tspi->def_command1_reg, (unsigned)command1); - -+ ret = tegra_spi_flush_fifos(tspi); -+ if (ret < 0) -+ return ret; - if (total_fifo_words > SPI_FIFO_DEPTH) - ret = tegra_spi_start_dma_based_transfer(tspi, t); - else -@@ -838,7 +895,17 @@ static int tegra_spi_transfer_one_message(struct spi_master *master, - if (WARN_ON(ret == 0)) { - dev_err(tspi->dev, - "spi transfer timeout, err %d\n", ret); -+ if (tspi->is_curr_dma_xfer && -+ (tspi->cur_direction & DATA_DIR_TX)) -+ dmaengine_terminate_all(tspi->tx_dma_chan); -+ if (tspi->is_curr_dma_xfer && -+ (tspi->cur_direction & DATA_DIR_RX)) -+ dmaengine_terminate_all(tspi->rx_dma_chan); - ret = -EIO; -+ tegra_spi_flush_fifos(tspi); -+ reset_control_assert(tspi->rst); -+ udelay(2); -+ reset_control_deassert(tspi->rst); - goto complete_xfer; - } - -@@ -889,6 +956,7 @@ static irqreturn_t handle_cpu_based_xfer(struct tegra_spi_data *tspi) - tspi->status_reg); - dev_err(tspi->dev, "CpuXfer 0x%08x:0x%08x\n", - tspi->command1_reg, tspi->dma_control_reg); -+ tegra_spi_flush_fifos(tspi); - reset_control_assert(tspi->rst); - udelay(2); - reset_control_deassert(tspi->rst); -@@ -961,6 +1029,7 @@ static irqreturn_t handle_dma_based_xfer(struct tegra_spi_data *tspi) - tspi->status_reg); - dev_err(tspi->dev, "DmaXfer 0x%08x:0x%08x\n", - tspi->command1_reg, tspi->dma_control_reg); -+ tegra_spi_flush_fifos(tspi); - reset_control_assert(tspi->rst); - udelay(2); - reset_control_deassert(tspi->rst); -diff --git a/drivers/spi/spi-topcliff-pch.c b/drivers/spi/spi-topcliff-pch.c -index 4389ab80c23e..fa730a871d25 100644 ---- a/drivers/spi/spi-topcliff-pch.c -+++ b/drivers/spi/spi-topcliff-pch.c -@@ -1008,6 +1008,9 @@ static void pch_spi_handle_dma(struct pch_spi_data *data, int *bpw) - - /* RX */ - dma->sg_rx_p = kcalloc(num, sizeof(*dma->sg_rx_p), GFP_ATOMIC); -+ if (!dma->sg_rx_p) -+ return; -+ - sg_init_table(dma->sg_rx_p, num); /* Initialize SG table */ - /* offset, length setting */ - sg = dma->sg_rx_p; -@@ -1068,6 +1071,9 @@ static void pch_spi_handle_dma(struct pch_spi_data *data, int *bpw) - } - - dma->sg_tx_p = kcalloc(num, sizeof(*dma->sg_tx_p), GFP_ATOMIC); -+ if (!dma->sg_tx_p) -+ return; -+ - sg_init_table(dma->sg_tx_p, num); /* Initialize SG table */ - /* offset, length setting */ - sg = dma->sg_tx_p; -diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c -index 36361bdf934a..2f82dcb1fd06 100644 ---- a/drivers/staging/comedi/drivers/ni_mio_common.c -+++ b/drivers/staging/comedi/drivers/ni_mio_common.c -@@ -4991,7 +4991,10 @@ static int ni_valid_rtsi_output_source(struct comedi_device *dev, - case NI_RTSI_OUTPUT_G_SRC0: - case NI_RTSI_OUTPUT_G_GATE0: - case NI_RTSI_OUTPUT_RGOUT0: -- case NI_RTSI_OUTPUT_RTSI_BRD_0: -+ case NI_RTSI_OUTPUT_RTSI_BRD(0): -+ case NI_RTSI_OUTPUT_RTSI_BRD(1): -+ case NI_RTSI_OUTPUT_RTSI_BRD(2): -+ case NI_RTSI_OUTPUT_RTSI_BRD(3): - return 1; - case NI_RTSI_OUTPUT_RTSI_OSC: - return (devpriv->is_m_series) ? 1 : 0; -@@ -5012,11 +5015,18 @@ static int ni_set_rtsi_routing(struct comedi_device *dev, - devpriv->rtsi_trig_a_output_reg |= NISTC_RTSI_TRIG(chan, src); - ni_stc_writew(dev, devpriv->rtsi_trig_a_output_reg, - NISTC_RTSI_TRIGA_OUT_REG); -- } else if (chan < 8) { -+ } else if (chan < NISTC_RTSI_TRIG_NUM_CHAN(devpriv->is_m_series)) { - devpriv->rtsi_trig_b_output_reg &= ~NISTC_RTSI_TRIG_MASK(chan); - devpriv->rtsi_trig_b_output_reg |= NISTC_RTSI_TRIG(chan, src); - ni_stc_writew(dev, devpriv->rtsi_trig_b_output_reg, - NISTC_RTSI_TRIGB_OUT_REG); -+ } else if (chan != NISTC_RTSI_TRIG_OLD_CLK_CHAN) { -+ /* probably should never reach this, since the -+ * ni_valid_rtsi_output_source above errors out if chan is too -+ * high -+ */ -+ dev_err(dev->class_dev, "%s: unknown rtsi channel\n", __func__); -+ return -EINVAL; - } - return 2; - } -@@ -5032,12 +5042,12 @@ static unsigned int ni_get_rtsi_routing(struct comedi_device *dev, - } else if (chan < NISTC_RTSI_TRIG_NUM_CHAN(devpriv->is_m_series)) { - return NISTC_RTSI_TRIG_TO_SRC(chan, - devpriv->rtsi_trig_b_output_reg); -- } else { -- if (chan == NISTC_RTSI_TRIG_OLD_CLK_CHAN) -- return NI_RTSI_OUTPUT_RTSI_OSC; -- dev_err(dev->class_dev, "bug! should never get here?\n"); -- return 0; -+ } else if (chan == NISTC_RTSI_TRIG_OLD_CLK_CHAN) { -+ return NI_RTSI_OUTPUT_RTSI_OSC; - } -+ -+ dev_err(dev->class_dev, "%s: unknown rtsi channel\n", __func__); -+ return -EINVAL; - } - - static int ni_rtsi_insn_config(struct comedi_device *dev, -diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c -index 0f538b8c3a07..4e7575147775 100644 ---- a/drivers/staging/greybus/light.c -+++ b/drivers/staging/greybus/light.c -@@ -1103,21 +1103,21 @@ static void gb_lights_channel_release(struct gb_channel *channel) - static void gb_lights_light_release(struct gb_light *light) - { - int i; -- int count; - - light->ready = false; - -- count = light->channels_count; -- - if (light->has_flash) - gb_lights_light_v4l2_unregister(light); -+ light->has_flash = false; - -- for (i = 0; i < count; i++) { -+ for (i = 0; i < light->channels_count; i++) - gb_lights_channel_release(&light->channels[i]); -- light->channels_count--; -- } -+ light->channels_count = 0; -+ - kfree(light->channels); -+ light->channels = NULL; - kfree(light->name); -+ light->name = NULL; - } - - static void gb_lights_release(struct gb_lights *glights) -diff --git a/drivers/staging/most/aim-cdev/cdev.c b/drivers/staging/most/aim-cdev/cdev.c -index 1e5cbc893496..d000b6ff8a7d 100644 ---- a/drivers/staging/most/aim-cdev/cdev.c -+++ b/drivers/staging/most/aim-cdev/cdev.c -@@ -455,7 +455,9 @@ static int aim_probe(struct most_interface *iface, int channel_id, - c->devno = MKDEV(major, current_minor); - cdev_init(&c->cdev, &channel_fops); - c->cdev.owner = THIS_MODULE; -- cdev_add(&c->cdev, c->devno, 1); -+ retval = cdev_add(&c->cdev, c->devno, 1); -+ if (retval < 0) -+ goto err_free_c; - c->iface = iface; - c->cfg = cfg; - c->channel_id = channel_id; -@@ -491,6 +493,7 @@ error_create_device: - list_del(&c->list); - error_alloc_kfifo: - cdev_del(&c->cdev); -+err_free_c: - kfree(c); - error_alloc_channel: - ida_simple_remove(&minor_id, current_minor); -diff --git a/drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c b/drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c -index 544f638ed3ef..65edd14a1147 100644 ---- a/drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c -+++ b/drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c -@@ -2492,8 +2492,11 @@ halmac_parse_psd_data_88xx(struct halmac_adapter *halmac_adapter, u8 *c2h_buf, - segment_size = (u8)PSD_DATA_GET_SEGMENT_SIZE(c2h_buf); - psd_set->data_size = total_size; - -- if (!psd_set->data) -+ if (!psd_set->data) { - psd_set->data = kzalloc(psd_set->data_size, GFP_KERNEL); -+ if (!psd_set->data) -+ return HALMAC_RET_MALLOC_FAIL; -+ } - - if (segment_id == 0) - psd_set->segment_size = segment_size; -diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c -index 377da037f31c..b521752d9aa0 100644 ---- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c -+++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c -@@ -1849,6 +1849,12 @@ static int __init bm2835_mmal_init(void) - num_cameras = get_num_cameras(instance, - resolutions, - MAX_BCM2835_CAMERAS); -+ -+ if (num_cameras < 1) { -+ ret = -ENODEV; -+ goto cleanup_mmal; -+ } -+ - if (num_cameras > MAX_BCM2835_CAMERAS) - num_cameras = MAX_BCM2835_CAMERAS; - -@@ -1948,6 +1954,9 @@ cleanup_gdev: - pr_info("%s: error %d while loading driver\n", - BM2835_MMAL_MODULE_NAME, ret); - -+cleanup_mmal: -+ vchiq_mmal_finalise(instance); -+ - return ret; - } - -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 92b52d2314b5..cebef8e5a43d 100644 ---- a/drivers/target/target_core_device.c -+++ b/drivers/target/target_core_device.c -@@ -85,7 +85,7 @@ transport_lookup_cmd_lun(struct se_cmd *se_cmd, u64 unpacked_lun) - goto out_unlock; - } - -- se_cmd->se_lun = rcu_dereference(deve->se_lun); -+ se_cmd->se_lun = se_lun; - se_cmd->pr_res_key = deve->pr_res_key; - se_cmd->orig_fe_lun = unpacked_lun; - se_cmd->se_cmd_flags |= SCF_SE_LUN_CMD; -@@ -176,7 +176,7 @@ int transport_lookup_tmr_lun(struct se_cmd *se_cmd, u64 unpacked_lun) - goto out_unlock; - } - -- se_cmd->se_lun = rcu_dereference(deve->se_lun); -+ se_cmd->se_lun = se_lun; - se_cmd->pr_res_key = deve->pr_res_key; - se_cmd->orig_fe_lun = unpacked_lun; - se_cmd->se_cmd_flags |= SCF_SE_LUN_CMD; -diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c -index 908a8014cf76..aed995ec2c90 100644 ---- a/drivers/thermal/cpu_cooling.c -+++ b/drivers/thermal/cpu_cooling.c -@@ -514,7 +514,7 @@ static int cpufreq_get_requested_power(struct thermal_cooling_device *cdev, - load = 0; - - total_load += load; -- if (trace_thermal_power_cpu_limit_enabled() && load_cpu) -+ if (load_cpu) - load_cpu[i] = load; - - i++; -diff --git a/drivers/thermal/mtk_thermal.c b/drivers/thermal/mtk_thermal.c -index 1e61c09153c9..76b92083744c 100644 ---- a/drivers/thermal/mtk_thermal.c -+++ b/drivers/thermal/mtk_thermal.c -@@ -407,7 +407,8 @@ static int mtk_thermal_bank_temperature(struct mtk_thermal_bank *bank) - u32 raw; - - for (i = 0; i < conf->bank_data[bank->id].num_sensors; i++) { -- raw = readl(mt->thermal_base + conf->msr[i]); -+ raw = readl(mt->thermal_base + -+ conf->msr[conf->bank_data[bank->id].sensors[i]]); - - temp = raw_to_mcelsius(mt, - conf->bank_data[bank->id].sensors[i], -@@ -544,7 +545,8 @@ static void mtk_thermal_init_bank(struct mtk_thermal *mt, int num, - - for (i = 0; i < conf->bank_data[num].num_sensors; i++) - writel(conf->sensor_mux_values[conf->bank_data[num].sensors[i]], -- mt->thermal_base + conf->adcpnp[i]); -+ mt->thermal_base + -+ conf->adcpnp[conf->bank_data[num].sensors[i]]); - - writel((1 << conf->bank_data[num].num_sensors) - 1, - mt->thermal_base + TEMP_MONCTL0); -diff --git a/drivers/tty/ipwireless/hardware.c b/drivers/tty/ipwireless/hardware.c -index a6b8240af6cd..960e9375a1a9 100644 ---- a/drivers/tty/ipwireless/hardware.c -+++ b/drivers/tty/ipwireless/hardware.c -@@ -1516,6 +1516,8 @@ static void ipw_send_setup_packet(struct ipw_hardware *hw) - sizeof(struct ipw_setup_get_version_query_packet), - ADDR_SETUP_PROT, TL_PROTOCOLID_SETUP, - TL_SETUP_SIGNO_GET_VERSION_QRY); -+ if (!ver_packet) -+ return; - ver_packet->header.length = sizeof(struct tl_setup_get_version_qry); - - /* -diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c -index fb2dcb3f8591..16422987ab0f 100644 ---- a/drivers/tty/serial/fsl_lpuart.c -+++ b/drivers/tty/serial/fsl_lpuart.c -@@ -532,26 +532,26 @@ static int lpuart32_poll_init(struct uart_port *port) - spin_lock_irqsave(&sport->port.lock, flags); - - /* Disable Rx & Tx */ -- writel(0, sport->port.membase + UARTCTRL); -+ lpuart32_write(&sport->port, UARTCTRL, 0); - -- temp = readl(sport->port.membase + UARTFIFO); -+ temp = lpuart32_read(&sport->port, UARTFIFO); - - /* Enable Rx and Tx FIFO */ -- writel(temp | UARTFIFO_RXFE | UARTFIFO_TXFE, -- sport->port.membase + UARTFIFO); -+ lpuart32_write(&sport->port, UARTFIFO, -+ temp | UARTFIFO_RXFE | UARTFIFO_TXFE); - - /* flush Tx and Rx FIFO */ -- writel(UARTFIFO_TXFLUSH | UARTFIFO_RXFLUSH, -- sport->port.membase + UARTFIFO); -+ lpuart32_write(&sport->port, UARTFIFO, -+ UARTFIFO_TXFLUSH | UARTFIFO_RXFLUSH); - - /* explicitly clear RDRF */ -- if (readl(sport->port.membase + UARTSTAT) & UARTSTAT_RDRF) { -- readl(sport->port.membase + UARTDATA); -- writel(UARTFIFO_RXUF, sport->port.membase + UARTFIFO); -+ if (lpuart32_read(&sport->port, UARTSTAT) & UARTSTAT_RDRF) { -+ lpuart32_read(&sport->port, UARTDATA); -+ lpuart32_write(&sport->port, UARTFIFO, UARTFIFO_RXUF); - } - - /* Enable Rx and Tx */ -- writel(UARTCTRL_RE | UARTCTRL_TE, sport->port.membase + UARTCTRL); -+ lpuart32_write(&sport->port, UARTCTRL, UARTCTRL_RE | UARTCTRL_TE); - spin_unlock_irqrestore(&sport->port.lock, flags); - - return 0; -@@ -559,18 +559,18 @@ static int lpuart32_poll_init(struct uart_port *port) - - static void lpuart32_poll_put_char(struct uart_port *port, unsigned char c) - { -- while (!(readl(port->membase + UARTSTAT) & UARTSTAT_TDRE)) -+ while (!(lpuart32_read(port, UARTSTAT) & UARTSTAT_TDRE)) - barrier(); - -- writel(c, port->membase + UARTDATA); -+ lpuart32_write(port, UARTDATA, c); - } - - static int lpuart32_poll_get_char(struct uart_port *port) - { -- if (!(readl(port->membase + UARTSTAT) & UARTSTAT_RDRF)) -+ if (!(lpuart32_read(port, UARTSTAT) & UARTSTAT_RDRF)) - return NO_POLL_CHAR; - -- return readl(port->membase + UARTDATA); -+ return lpuart32_read(port, UARTDATA); - } - #endif - -diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c -index 03a583264d9e..1e854e1851fb 100644 ---- a/drivers/tty/serial/stm32-usart.c -+++ b/drivers/tty/serial/stm32-usart.c -@@ -118,35 +118,51 @@ static void stm32_receive_chars(struct uart_port *port, bool threaded) - - while (stm32_pending_rx(port, &sr, &stm32_port->last_res, threaded)) { - sr |= USART_SR_DUMMY_RX; -- c = stm32_get_char(port, &sr, &stm32_port->last_res); - flag = TTY_NORMAL; -- port->icount.rx++; - -+ /* -+ * Status bits has to be cleared before reading the RDR: -+ * In FIFO mode, reading the RDR will pop the next data -+ * (if any) along with its status bits into the SR. -+ * Not doing so leads to misalignement between RDR and SR, -+ * and clear status bits of the next rx data. -+ * -+ * Clear errors flags for stm32f7 and stm32h7 compatible -+ * devices. On stm32f4 compatible devices, the error bit is -+ * cleared by the sequence [read SR - read DR]. -+ */ -+ if ((sr & USART_SR_ERR_MASK) && ofs->icr != UNDEF_REG) -+ writel_relaxed(sr & USART_SR_ERR_MASK, -+ port->membase + ofs->icr); -+ -+ c = stm32_get_char(port, &sr, &stm32_port->last_res); -+ port->icount.rx++; - if (sr & USART_SR_ERR_MASK) { -- if (sr & USART_SR_LBD) { -- port->icount.brk++; -- if (uart_handle_break(port)) -- continue; -- } else if (sr & USART_SR_ORE) { -- if (ofs->icr != UNDEF_REG) -- writel_relaxed(USART_ICR_ORECF, -- port->membase + -- ofs->icr); -+ if (sr & USART_SR_ORE) { - port->icount.overrun++; - } else if (sr & USART_SR_PE) { - port->icount.parity++; - } else if (sr & USART_SR_FE) { -- port->icount.frame++; -+ /* Break detection if character is null */ -+ if (!c) { -+ port->icount.brk++; -+ if (uart_handle_break(port)) -+ continue; -+ } else { -+ port->icount.frame++; -+ } - } - - sr &= port->read_status_mask; - -- if (sr & USART_SR_LBD) -- flag = TTY_BREAK; -- else if (sr & USART_SR_PE) -+ if (sr & USART_SR_PE) { - flag = TTY_PARITY; -- else if (sr & USART_SR_FE) -- flag = TTY_FRAME; -+ } else if (sr & USART_SR_FE) { -+ if (!c) -+ flag = TTY_BREAK; -+ else -+ flag = TTY_FRAME; -+ } - } - - if (uart_handle_sysrq_char(port, c)) -@@ -164,21 +180,6 @@ static void stm32_tx_dma_complete(void *arg) - struct uart_port *port = arg; - struct stm32_port *stm32port = to_stm32_port(port); - struct stm32_usart_offsets *ofs = &stm32port->info->ofs; -- unsigned int isr; -- int ret; -- -- ret = readl_relaxed_poll_timeout_atomic(port->membase + ofs->isr, -- isr, -- (isr & USART_SR_TC), -- 10, 100000); -- -- if (ret) -- dev_err(port->dev, "terminal count not set\n"); -- -- if (ofs->icr == UNDEF_REG) -- stm32_clr_bits(port, ofs->isr, USART_SR_TC); -- else -- stm32_set_bits(port, ofs->icr, USART_CR_TC); - - stm32_clr_bits(port, ofs->cr3, USART_CR3_DMAT); - stm32port->tx_dma_busy = false; -@@ -270,7 +271,6 @@ static void stm32_transmit_chars_dma(struct uart_port *port) - /* Issue pending DMA TX requests */ - dma_async_issue_pending(stm32port->tx_ch); - -- stm32_clr_bits(port, ofs->isr, USART_SR_TC); - stm32_set_bits(port, ofs->cr3, USART_CR3_DMAT); - - xmit->tail = (xmit->tail + count) & (UART_XMIT_SIZE - 1); -@@ -294,15 +294,15 @@ static void stm32_transmit_chars(struct uart_port *port) - return; - } - -- if (uart_tx_stopped(port)) { -- stm32_stop_tx(port); -+ if (uart_circ_empty(xmit) || uart_tx_stopped(port)) { -+ stm32_clr_bits(port, ofs->cr1, USART_CR1_TXEIE); - return; - } - -- if (uart_circ_empty(xmit)) { -- stm32_stop_tx(port); -- return; -- } -+ if (ofs->icr == UNDEF_REG) -+ stm32_clr_bits(port, ofs->isr, USART_SR_TC); -+ else -+ writel_relaxed(USART_ICR_TCCF, port->membase + ofs->icr); - - if (stm32_port->tx_ch) - stm32_transmit_chars_dma(port); -@@ -313,7 +313,7 @@ static void stm32_transmit_chars(struct uart_port *port) - uart_write_wakeup(port); - - if (uart_circ_empty(xmit)) -- stm32_stop_tx(port); -+ stm32_clr_bits(port, ofs->cr1, USART_CR1_TXEIE); - } - - static irqreturn_t stm32_interrupt(int irq, void *ptr) -@@ -447,7 +447,6 @@ static int stm32_startup(struct uart_port *port) - { - struct stm32_port *stm32_port = to_stm32_port(port); - struct stm32_usart_offsets *ofs = &stm32_port->info->ofs; -- struct stm32_usart_config *cfg = &stm32_port->info->cfg; - const char *name = to_platform_device(port->dev)->name; - u32 val; - int ret; -@@ -458,15 +457,6 @@ static int stm32_startup(struct uart_port *port) - if (ret) - return ret; - -- if (cfg->has_wakeup && stm32_port->wakeirq >= 0) { -- ret = dev_pm_set_dedicated_wake_irq(port->dev, -- stm32_port->wakeirq); -- if (ret) { -- free_irq(port->irq, port); -- return ret; -- } -- } -- - val = USART_CR1_RXNEIE | USART_CR1_TE | USART_CR1_RE; - if (stm32_port->fifoen) - val |= USART_CR1_FIFOEN; -@@ -480,15 +470,23 @@ static void stm32_shutdown(struct uart_port *port) - struct stm32_port *stm32_port = to_stm32_port(port); - struct stm32_usart_offsets *ofs = &stm32_port->info->ofs; - struct stm32_usart_config *cfg = &stm32_port->info->cfg; -- u32 val; -+ u32 val, isr; -+ int ret; - - val = USART_CR1_TXEIE | USART_CR1_RXNEIE | USART_CR1_TE | USART_CR1_RE; - val |= BIT(cfg->uart_enable_bit); - if (stm32_port->fifoen) - val |= USART_CR1_FIFOEN; -+ -+ ret = readl_relaxed_poll_timeout(port->membase + ofs->isr, -+ isr, (isr & USART_SR_TC), -+ 10, 100000); -+ -+ if (ret) -+ dev_err(port->dev, "transmission complete not set\n"); -+ - stm32_clr_bits(port, ofs->cr1, val); - -- dev_pm_clear_wake_irq(port->dev); - free_irq(port->irq, port); - } - -@@ -569,14 +567,14 @@ static void stm32_set_termios(struct uart_port *port, struct ktermios *termios, - if (termios->c_iflag & INPCK) - port->read_status_mask |= USART_SR_PE | USART_SR_FE; - if (termios->c_iflag & (IGNBRK | BRKINT | PARMRK)) -- port->read_status_mask |= USART_SR_LBD; -+ port->read_status_mask |= USART_SR_FE; - - /* Characters to ignore */ - port->ignore_status_mask = 0; - if (termios->c_iflag & IGNPAR) - port->ignore_status_mask = USART_SR_PE | USART_SR_FE; - if (termios->c_iflag & IGNBRK) { -- port->ignore_status_mask |= USART_SR_LBD; -+ port->ignore_status_mask |= USART_SR_FE; - /* - * If we're ignoring parity and break indicators, - * ignore overruns too (for real raw support). -@@ -895,11 +893,18 @@ static int stm32_serial_probe(struct platform_device *pdev) - ret = device_init_wakeup(&pdev->dev, true); - if (ret) - goto err_uninit; -+ -+ ret = dev_pm_set_dedicated_wake_irq(&pdev->dev, -+ stm32port->wakeirq); -+ if (ret) -+ goto err_nowup; -+ -+ device_set_wakeup_enable(&pdev->dev, false); - } - - ret = uart_add_one_port(&stm32_usart_driver, &stm32port->port); - if (ret) -- goto err_nowup; -+ goto err_wirq; - - ret = stm32_of_dma_rx_probe(stm32port, pdev); - if (ret) -@@ -913,6 +918,10 @@ static int stm32_serial_probe(struct platform_device *pdev) - - return 0; - -+err_wirq: -+ if (stm32port->info->cfg.has_wakeup && stm32port->wakeirq >= 0) -+ dev_pm_clear_wake_irq(&pdev->dev); -+ - err_nowup: - if (stm32port->info->cfg.has_wakeup && stm32port->wakeirq >= 0) - device_init_wakeup(&pdev->dev, false); -@@ -950,8 +959,10 @@ static int stm32_serial_remove(struct platform_device *pdev) - TX_BUF_L, stm32_port->tx_buf, - stm32_port->tx_dma_buf); - -- if (cfg->has_wakeup && stm32_port->wakeirq >= 0) -+ if (cfg->has_wakeup && stm32_port->wakeirq >= 0) { -+ dev_pm_clear_wake_irq(&pdev->dev); - device_init_wakeup(&pdev->dev, false); -+ } - - clk_disable_unprepare(stm32_port->clk); - -diff --git a/drivers/tty/serial/stm32-usart.h b/drivers/tty/serial/stm32-usart.h -index ffc0c5285e51..9d087881913a 100644 ---- a/drivers/tty/serial/stm32-usart.h -+++ b/drivers/tty/serial/stm32-usart.h -@@ -108,7 +108,6 @@ struct stm32_usart_info stm32h7_info = { - #define USART_SR_RXNE BIT(5) - #define USART_SR_TC BIT(6) - #define USART_SR_TXE BIT(7) --#define USART_SR_LBD BIT(8) - #define USART_SR_CTSIF BIT(9) - #define USART_SR_CTS BIT(10) /* F7 */ - #define USART_SR_RTOF BIT(11) /* F7 */ -@@ -120,8 +119,7 @@ struct stm32_usart_info stm32h7_info = { - #define USART_SR_SBKF BIT(18) /* F7 */ - #define USART_SR_WUF BIT(20) /* H7 */ - #define USART_SR_TEACK BIT(21) /* F7 */ --#define USART_SR_ERR_MASK (USART_SR_LBD | USART_SR_ORE | \ -- USART_SR_FE | USART_SR_PE) -+#define USART_SR_ERR_MASK (USART_SR_ORE | USART_SR_FE | USART_SR_PE) - /* Dummy bits */ - #define USART_SR_DUMMY_RX BIT(16) - -@@ -166,8 +164,6 @@ struct stm32_usart_info stm32h7_info = { - /* USART_CR2 */ - #define USART_CR2_ADD_MASK GENMASK(3, 0) /* F4 */ - #define USART_CR2_ADDM7 BIT(4) /* F7 */ --#define USART_CR2_LBDL BIT(5) --#define USART_CR2_LBDIE BIT(6) - #define USART_CR2_LBCL BIT(8) - #define USART_CR2_CPHA BIT(9) - #define USART_CR2_CPOL BIT(10) -@@ -224,12 +220,10 @@ struct stm32_usart_info stm32h7_info = { - - /* USART_ICR */ - #define USART_ICR_PECF BIT(0) /* F7 */ --#define USART_ICR_FFECF BIT(1) /* F7 */ --#define USART_ICR_NCF BIT(2) /* F7 */ -+#define USART_ICR_FECF BIT(1) /* F7 */ - #define USART_ICR_ORECF BIT(3) /* F7 */ - #define USART_ICR_IDLECF BIT(4) /* F7 */ - #define USART_ICR_TCCF BIT(6) /* F7 */ --#define USART_ICR_LBDCF BIT(8) /* F7 */ - #define USART_ICR_CTSCF BIT(9) /* F7 */ - #define USART_ICR_RTOCF BIT(11) /* F7 */ - #define USART_ICR_EOBCF BIT(12) /* F7 */ -diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index fb5c9701b1fb..7c18536a3742 100644 ---- a/drivers/uio/uio.c -+++ b/drivers/uio/uio.c -@@ -939,9 +939,12 @@ int __uio_register_device(struct module *owner, - atomic_set(&idev->event, 0); - - ret = uio_get_minor(idev); -- if (ret) -+ if (ret) { -+ kfree(idev); - return ret; -+ } - -+ device_initialize(&idev->dev); - idev->dev.devt = MKDEV(uio_major, idev->minor); - idev->dev.class = &uio_class; - idev->dev.parent = parent; -@@ -952,7 +955,7 @@ int __uio_register_device(struct module *owner, - if (ret) - goto err_device_create; - -- ret = device_register(&idev->dev); -+ ret = device_add(&idev->dev); - if (ret) - goto err_device_create; - -@@ -984,9 +987,10 @@ int __uio_register_device(struct module *owner, - err_request_irq: - uio_dev_del_attributes(idev); - err_uio_dev_add_attributes: -- device_unregister(&idev->dev); -+ device_del(&idev->dev); - err_device_create: - uio_free_minor(idev); -+ put_device(&idev->dev); - return ret; - } - EXPORT_SYMBOL_GPL(__uio_register_device); -diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c -index a593cdfc897f..d5d42dccda10 100644 ---- a/drivers/usb/class/cdc-wdm.c -+++ b/drivers/usb/class/cdc-wdm.c -@@ -1085,7 +1085,7 @@ static int wdm_post_reset(struct usb_interface *intf) - rv = recover_from_urb_loss(desc); - mutex_unlock(&desc->wlock); - mutex_unlock(&desc->rlock); -- return 0; -+ return rv; - } - - static struct usb_driver wdm_driver = { -diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c -index e164439b2154..4af9a1c652ed 100644 ---- a/drivers/usb/dwc2/gadget.c -+++ b/drivers/usb/dwc2/gadget.c -@@ -2276,6 +2276,7 @@ static unsigned int dwc2_gadget_get_xfersize_ddma(struct dwc2_hsotg_ep *hs_ep) - if (status & DEV_DMA_STS_MASK) - dev_err(hsotg->dev, "descriptor %d closed with %x\n", - i, status & DEV_DMA_STS_MASK); -+ desc++; - } - - return bytes_rem; -diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c -index d1363f3fabfa..3bb38d9dc45b 100644 ---- a/drivers/usb/host/xhci-hub.c -+++ b/drivers/usb/host/xhci-hub.c -@@ -1118,7 +1118,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, - } - port_li = readl(port_array[wIndex] + PORTLI); - status = xhci_get_ext_port_status(temp, port_li); -- put_unaligned_le32(cpu_to_le32(status), &buf[4]); -+ put_unaligned_le32(status, &buf[4]); - } - break; - case SetPortFeature: -diff --git a/drivers/usb/phy/Kconfig b/drivers/usb/phy/Kconfig -index 85a92d0813dd..440238061edd 100644 ---- a/drivers/usb/phy/Kconfig -+++ b/drivers/usb/phy/Kconfig -@@ -20,7 +20,7 @@ config AB8500_USB - in host mode, low speed. - - config FSL_USB2_OTG -- bool "Freescale USB OTG Transceiver Driver" -+ tristate "Freescale USB OTG Transceiver Driver" - depends on USB_EHCI_FSL && USB_FSL_USB2 && USB_OTG_FSM=y && PM - depends on USB_GADGET || !USB_GADGET # if USB_GADGET=m, this can't be 'y' - select USB_PHY -diff --git a/drivers/usb/phy/phy-twl6030-usb.c b/drivers/usb/phy/phy-twl6030-usb.c -index b5dc077ed7d3..8e14fa221191 100644 ---- a/drivers/usb/phy/phy-twl6030-usb.c -+++ b/drivers/usb/phy/phy-twl6030-usb.c -@@ -413,7 +413,7 @@ static int twl6030_usb_remove(struct platform_device *pdev) - { - struct twl6030_usb *twl = platform_get_drvdata(pdev); - -- cancel_delayed_work(&twl->get_status_work); -+ cancel_delayed_work_sync(&twl->get_status_work); - twl6030_interrupt_mask(TWL6030_USBOTG_INT_MASK, - REG_INT_MSK_LINE_C); - twl6030_interrupt_mask(TWL6030_USBOTG_INT_MASK, -diff --git a/drivers/vfio/mdev/mdev_core.c b/drivers/vfio/mdev/mdev_core.c -index 0212f0ee8aea..e052f62fdea7 100644 ---- a/drivers/vfio/mdev/mdev_core.c -+++ b/drivers/vfio/mdev/mdev_core.c -@@ -150,10 +150,10 @@ static int mdev_device_remove_ops(struct mdev_device *mdev, bool force_remove) - - static int mdev_device_remove_cb(struct device *dev, void *data) - { -- if (!dev_is_mdev(dev)) -- return 0; -+ if (dev_is_mdev(dev)) -+ mdev_device_remove(dev, true); - -- return mdev_device_remove(dev, data ? *(bool *)data : true); -+ return 0; - } - - /* -@@ -182,6 +182,7 @@ int mdev_register_device(struct device *dev, const struct mdev_parent_ops *ops) - /* Check for duplicate */ - parent = __find_parent_device(dev); - if (parent) { -+ parent = NULL; - ret = -EEXIST; - goto add_dev_err; - } -@@ -240,7 +241,6 @@ EXPORT_SYMBOL(mdev_register_device); - void mdev_unregister_device(struct device *dev) - { - struct mdev_parent *parent; -- bool force_remove = true; - - mutex_lock(&parent_list_lock); - parent = __find_parent_device(dev); -@@ -254,8 +254,7 @@ void mdev_unregister_device(struct device *dev) - list_del(&parent->next); - class_compat_remove_link(mdev_bus_compat_class, dev, NULL); - -- device_for_each_child(dev, (void *)&force_remove, -- mdev_device_remove_cb); -+ device_for_each_child(dev, NULL, mdev_device_remove_cb); - - parent_remove_sysfs_files(parent); - -diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c -index 9bd3e7911af2..550ab7707b57 100644 ---- a/drivers/vfio/pci/vfio_pci.c -+++ b/drivers/vfio/pci/vfio_pci.c -@@ -717,6 +717,7 @@ static long vfio_pci_ioctl(void *device_data, - { - void __iomem *io; - size_t size; -+ u16 orig_cmd; - - info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); - info.flags = 0; -@@ -732,15 +733,23 @@ static long vfio_pci_ioctl(void *device_data, - break; - } - -- /* Is it really there? */ -+ /* -+ * Is it really there? Enable memory decode for -+ * implicit access in pci_map_rom(). -+ */ -+ pci_read_config_word(pdev, PCI_COMMAND, &orig_cmd); -+ pci_write_config_word(pdev, PCI_COMMAND, -+ orig_cmd | PCI_COMMAND_MEMORY); -+ - io = pci_map_rom(pdev, &size); -- if (!io || !size) { -+ if (io) { -+ info.flags = VFIO_REGION_INFO_FLAG_READ; -+ pci_unmap_rom(pdev, io); -+ } else { - info.size = 0; -- break; - } -- pci_unmap_rom(pdev, io); - -- info.flags = VFIO_REGION_INFO_FLAG_READ; -+ pci_write_config_word(pdev, PCI_COMMAND, orig_cmd); - break; - } - case VFIO_PCI_VGA_REGION_INDEX: -diff --git a/drivers/video/backlight/lm3630a_bl.c b/drivers/video/backlight/lm3630a_bl.c -index 2030a6b77a09..ef2553f452ca 100644 ---- a/drivers/video/backlight/lm3630a_bl.c -+++ b/drivers/video/backlight/lm3630a_bl.c -@@ -201,7 +201,7 @@ static int lm3630a_bank_a_update_status(struct backlight_device *bl) - LM3630A_LEDA_ENABLE, LM3630A_LEDA_ENABLE); - if (ret < 0) - goto out_i2c_err; -- return bl->props.brightness; -+ return 0; - - out_i2c_err: - dev_err(pchip->dev, "i2c failed to access\n"); -@@ -278,7 +278,7 @@ static int lm3630a_bank_b_update_status(struct backlight_device *bl) - LM3630A_LEDB_ENABLE, LM3630A_LEDB_ENABLE); - if (ret < 0) - goto out_i2c_err; -- return bl->props.brightness; -+ return 0; - - out_i2c_err: - dev_err(pchip->dev, "i2c failed to access REG_CTRL\n"); -diff --git a/drivers/video/fbdev/chipsfb.c b/drivers/video/fbdev/chipsfb.c -index f103665cad43..f9b366d17587 100644 ---- a/drivers/video/fbdev/chipsfb.c -+++ b/drivers/video/fbdev/chipsfb.c -@@ -350,7 +350,7 @@ static void init_chips(struct fb_info *p, unsigned long addr) - static int chipsfb_pci_init(struct pci_dev *dp, const struct pci_device_id *ent) - { - struct fb_info *p; -- unsigned long addr, size; -+ unsigned long addr; - unsigned short cmd; - int rc = -ENODEV; - -@@ -362,7 +362,6 @@ static int chipsfb_pci_init(struct pci_dev *dp, const struct pci_device_id *ent) - if ((dp->resource[0].flags & IORESOURCE_MEM) == 0) - goto err_disable; - addr = pci_resource_start(dp, 0); -- size = pci_resource_len(dp, 0); - if (addr == 0) - goto err_disable; - -diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c -index b1357aa4bc55..f192b6f42da9 100644 ---- a/drivers/xen/cpu_hotplug.c -+++ b/drivers/xen/cpu_hotplug.c -@@ -54,7 +54,7 @@ static int vcpu_online(unsigned int cpu) - } - static void vcpu_hotplug(unsigned int cpu) - { -- if (!cpu_possible(cpu)) -+ if (cpu >= nr_cpu_ids || !cpu_possible(cpu)) - return; - - switch (vcpu_online(cpu)) { -diff --git a/drivers/xen/pvcalls-back.c b/drivers/xen/pvcalls-back.c -index abd6dbc29ac2..58be15c27b6d 100644 ---- a/drivers/xen/pvcalls-back.c -+++ b/drivers/xen/pvcalls-back.c -@@ -792,7 +792,7 @@ static int pvcalls_back_poll(struct xenbus_device *dev, - mappass->reqcopy = *req; - icsk = inet_csk(mappass->sock->sk); - queue = &icsk->icsk_accept_queue; -- data = queue->rskq_accept_head != NULL; -+ data = READ_ONCE(queue->rskq_accept_head) != NULL; - if (data) { - mappass->reqcopy.cmd = 0; - ret = 0; -diff --git a/fs/affs/super.c b/fs/affs/super.c -index 884bedab7266..789a1c7db5d8 100644 ---- a/fs/affs/super.c -+++ b/fs/affs/super.c -@@ -559,14 +559,9 @@ affs_remount(struct super_block *sb, int *flags, char *data) - int root_block; - unsigned long mount_flags; - int res = 0; -- char *new_opts; - char volume[32]; - char *prefix = NULL; - -- new_opts = kstrdup(data, GFP_KERNEL); -- if (data && !new_opts) -- return -ENOMEM; -- - pr_debug("%s(flags=0x%x,opts=\"%s\")\n", __func__, *flags, data); - - sync_filesystem(sb); -@@ -577,7 +572,6 @@ affs_remount(struct super_block *sb, int *flags, char *data) - &blocksize, &prefix, volume, - &mount_flags)) { - kfree(prefix); -- kfree(new_opts); - return -EINVAL; - } - -diff --git a/fs/afs/super.c b/fs/afs/super.c -index 689173c0a682..f8529ddbd587 100644 ---- a/fs/afs/super.c -+++ b/fs/afs/super.c -@@ -359,6 +359,7 @@ static int afs_fill_super(struct super_block *sb, - /* fill in the superblock */ - sb->s_blocksize = PAGE_SIZE; - sb->s_blocksize_bits = PAGE_SHIFT; -+ sb->s_maxbytes = MAX_LFS_FILESIZE; - sb->s_magic = AFS_FS_MAGIC; - sb->s_op = &afs_super_ops; - sb->s_xattr = afs_xattr_handlers; -diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c -index 2830e4f48d85..7c6b62a94e7e 100644 ---- a/fs/afs/xattr.c -+++ b/fs/afs/xattr.c -@@ -50,7 +50,7 @@ static int afs_xattr_get_cell(const struct xattr_handler *handler, - return namelen; - if (namelen > size) - return -ERANGE; -- memcpy(buffer, cell->name, size); -+ memcpy(buffer, cell->name, namelen); - return namelen; - } - -@@ -104,7 +104,7 @@ static int afs_xattr_get_volume(const struct xattr_handler *handler, - return namelen; - if (namelen > size) - return -ERANGE; -- memcpy(buffer, volname, size); -+ memcpy(buffer, volname, namelen); - return namelen; - } - -diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c -index 97be32da857a..c68ce3412dc1 100644 ---- a/fs/btrfs/file.c -+++ b/fs/btrfs/file.c -@@ -1882,7 +1882,7 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, - bool sync = (file->f_flags & O_DSYNC) || IS_SYNC(file->f_mapping->host); - ssize_t err; - loff_t pos; -- size_t count = iov_iter_count(from); -+ size_t count; - loff_t oldsize; - int clean_page = 0; - -@@ -1904,6 +1904,7 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, - } - - pos = iocb->ki_pos; -+ count = iov_iter_count(from); - if (iocb->ki_flags & IOCB_NOWAIT) { - /* - * We will allocate space in case nodatacow is not set, -diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c -index d02019747d00..2ae32451fb5b 100644 ---- a/fs/btrfs/inode-map.c -+++ b/fs/btrfs/inode-map.c -@@ -26,6 +26,19 @@ - #include "inode-map.h" - #include "transaction.h" - -+static void fail_caching_thread(struct btrfs_root *root) -+{ -+ struct btrfs_fs_info *fs_info = root->fs_info; -+ -+ btrfs_warn(fs_info, "failed to start inode caching task"); -+ btrfs_clear_pending_and_info(fs_info, INODE_MAP_CACHE, -+ "disabling inode map caching"); -+ spin_lock(&root->ino_cache_lock); -+ root->ino_cache_state = BTRFS_CACHE_ERROR; -+ spin_unlock(&root->ino_cache_lock); -+ wake_up(&root->ino_cache_wait); -+} -+ - static int caching_kthread(void *data) - { - struct btrfs_root *root = data; -@@ -42,8 +55,10 @@ static int caching_kthread(void *data) - return 0; - - path = btrfs_alloc_path(); -- if (!path) -+ if (!path) { -+ fail_caching_thread(root); - return -ENOMEM; -+ } - - /* Since the commit root is read-only, we can safely skip locking. */ - path->skip_locking = 1; -@@ -159,6 +174,7 @@ static void start_caching(struct btrfs_root *root) - spin_lock(&root->ino_cache_lock); - root->ino_cache_state = BTRFS_CACHE_FINISHED; - spin_unlock(&root->ino_cache_lock); -+ wake_up(&root->ino_cache_wait); - return; - } - -@@ -177,11 +193,8 @@ static void start_caching(struct btrfs_root *root) - - tsk = kthread_run(caching_kthread, root, "btrfs-ino-cache-%llu", - root->root_key.objectid); -- if (IS_ERR(tsk)) { -- btrfs_warn(fs_info, "failed to start inode caching task"); -- btrfs_clear_pending_and_info(fs_info, INODE_MAP_CACHE, -- "disabling inode map caching"); -- } -+ if (IS_ERR(tsk)) -+ fail_caching_thread(root); - } - - int btrfs_find_free_ino(struct btrfs_root *root, u64 *objectid) -@@ -199,11 +212,14 @@ again: - - wait_event(root->ino_cache_wait, - root->ino_cache_state == BTRFS_CACHE_FINISHED || -+ root->ino_cache_state == BTRFS_CACHE_ERROR || - root->free_ino_ctl->free_space > 0); - - if (root->ino_cache_state == BTRFS_CACHE_FINISHED && - root->free_ino_ctl->free_space == 0) - return -ENOSPC; -+ else if (root->ino_cache_state == BTRFS_CACHE_ERROR) -+ return btrfs_find_free_objectid(root, objectid); - else - goto again; - } -diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c -index f523a9ca9574..f0b1279a7de6 100644 ---- a/fs/cifs/connect.c -+++ b/fs/cifs/connect.c -@@ -921,6 +921,7 @@ cifs_demultiplex_thread(void *p) - mempool_resize(cifs_req_poolp, length + cifs_min_rcv); - - set_freezable(); -+ allow_kernel_signal(SIGKILL); - while (server->tcpStatus != CifsExiting) { - if (try_to_freeze()) - continue; -@@ -2320,7 +2321,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) - - task = xchg(&server->tsk, NULL); - if (task) -- force_sig(SIGKILL, task); -+ send_sig(SIGKILL, task, 1); - } - - static struct TCP_Server_Info * -diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c -index a561ae17cf43..c08960040dd0 100644 ---- a/fs/exportfs/expfs.c -+++ b/fs/exportfs/expfs.c -@@ -147,6 +147,7 @@ static struct dentry *reconnect_one(struct vfsmount *mnt, - tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); - if (IS_ERR(tmp)) { - dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); -+ err = PTR_ERR(tmp); - goto out_err; - } - if (tmp != dentry) { -diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c -index 137c752ab985..6064bcb8572b 100644 ---- a/fs/ext4/inline.c -+++ b/fs/ext4/inline.c -@@ -1425,7 +1425,7 @@ int htree_inlinedir_to_tree(struct file *dir_file, - err = ext4_htree_store_dirent(dir_file, hinfo->hash, - hinfo->minor_hash, de, &tmp_str); - if (err) { -- count = err; -+ ret = err; - goto out; - } - count++; -diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c -index 4d973524c887..224ef034004b 100644 ---- a/fs/jfs/jfs_txnmgr.c -+++ b/fs/jfs/jfs_txnmgr.c -@@ -1928,8 +1928,7 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd, - * header ? - */ - if (tlck->type & tlckTRUNCATE) { -- /* This odd declaration suppresses a bogus gcc warning */ -- pxd_t pxd = pxd; /* truncated extent of xad */ -+ pxd_t pxd; /* truncated extent of xad */ - int twm; - - /* -diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c -index 04d57e11577e..09b3bcb86d32 100644 ---- a/fs/nfs/delegation.c -+++ b/fs/nfs/delegation.c -@@ -234,6 +234,8 @@ static struct inode *nfs_delegation_grab_inode(struct nfs_delegation *delegation - spin_lock(&delegation->lock); - if (delegation->inode != NULL) - inode = igrab(delegation->inode); -+ if (!inode) -+ set_bit(NFS_DELEGATION_INODE_FREEING, &delegation->flags); - spin_unlock(&delegation->lock); - return inode; - } -@@ -863,10 +865,11 @@ restart: - list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) { - list_for_each_entry_rcu(delegation, &server->delegations, - super_list) { -- if (test_bit(NFS_DELEGATION_RETURNING, -- &delegation->flags)) -- continue; -- if (test_bit(NFS_DELEGATION_NEED_RECLAIM, -+ if (test_bit(NFS_DELEGATION_INODE_FREEING, -+ &delegation->flags) || -+ test_bit(NFS_DELEGATION_RETURNING, -+ &delegation->flags) || -+ test_bit(NFS_DELEGATION_NEED_RECLAIM, - &delegation->flags) == 0) - continue; - if (!nfs_sb_active(server->super)) -@@ -971,10 +974,11 @@ restart: - list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) { - list_for_each_entry_rcu(delegation, &server->delegations, - super_list) { -- if (test_bit(NFS_DELEGATION_RETURNING, -- &delegation->flags)) -- continue; -- if (test_bit(NFS_DELEGATION_TEST_EXPIRED, -+ if (test_bit(NFS_DELEGATION_INODE_FREEING, -+ &delegation->flags) || -+ test_bit(NFS_DELEGATION_RETURNING, -+ &delegation->flags) || -+ test_bit(NFS_DELEGATION_TEST_EXPIRED, - &delegation->flags) == 0) - continue; - if (!nfs_sb_active(server->super)) -diff --git a/fs/nfs/delegation.h b/fs/nfs/delegation.h -index df41d16dc6ab..510c9edcc712 100644 ---- a/fs/nfs/delegation.h -+++ b/fs/nfs/delegation.h -@@ -34,6 +34,7 @@ enum { - NFS_DELEGATION_RETURNING, - NFS_DELEGATION_REVOKED, - NFS_DELEGATION_TEST_EXPIRED, -+ NFS_DELEGATION_INODE_FREEING, - }; - - int nfs_inode_set_delegation(struct inode *inode, struct rpc_cred *cred, struct nfs_openres *res); -diff --git a/fs/nfs/flexfilelayout/flexfilelayout.h b/fs/nfs/flexfilelayout/flexfilelayout.h -index d6515f1584f3..d78ec99b6c4c 100644 ---- a/fs/nfs/flexfilelayout/flexfilelayout.h -+++ b/fs/nfs/flexfilelayout/flexfilelayout.h -@@ -131,16 +131,6 @@ FF_LAYOUT_LSEG(struct pnfs_layout_segment *lseg) - generic_hdr); - } - --static inline struct nfs4_deviceid_node * --FF_LAYOUT_DEVID_NODE(struct pnfs_layout_segment *lseg, u32 idx) --{ -- if (idx >= FF_LAYOUT_LSEG(lseg)->mirror_array_cnt || -- FF_LAYOUT_LSEG(lseg)->mirror_array[idx] == NULL || -- FF_LAYOUT_LSEG(lseg)->mirror_array[idx]->mirror_ds == NULL) -- return NULL; -- return &FF_LAYOUT_LSEG(lseg)->mirror_array[idx]->mirror_ds->id_node; --} -- - static inline struct nfs4_ff_layout_ds * - FF_LAYOUT_MIRROR_DS(struct nfs4_deviceid_node *node) - { -@@ -150,9 +140,25 @@ FF_LAYOUT_MIRROR_DS(struct nfs4_deviceid_node *node) - static inline struct nfs4_ff_layout_mirror * - FF_LAYOUT_COMP(struct pnfs_layout_segment *lseg, u32 idx) - { -- if (idx >= FF_LAYOUT_LSEG(lseg)->mirror_array_cnt) -- return NULL; -- return FF_LAYOUT_LSEG(lseg)->mirror_array[idx]; -+ struct nfs4_ff_layout_segment *fls = FF_LAYOUT_LSEG(lseg); -+ -+ if (idx < fls->mirror_array_cnt) -+ return fls->mirror_array[idx]; -+ return NULL; -+} -+ -+static inline struct nfs4_deviceid_node * -+FF_LAYOUT_DEVID_NODE(struct pnfs_layout_segment *lseg, u32 idx) -+{ -+ struct nfs4_ff_layout_mirror *mirror = FF_LAYOUT_COMP(lseg, idx); -+ -+ if (mirror != NULL) { -+ struct nfs4_ff_layout_ds *mirror_ds = mirror->mirror_ds; -+ -+ if (!IS_ERR_OR_NULL(mirror_ds)) -+ return &mirror_ds->id_node; -+ } -+ return NULL; - } - - static inline u32 -diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c -index ec04cce31814..83abf3dd7351 100644 ---- a/fs/nfs/pnfs.c -+++ b/fs/nfs/pnfs.c -@@ -725,22 +725,35 @@ static int - pnfs_layout_bulk_destroy_byserver_locked(struct nfs_client *clp, - struct nfs_server *server, - struct list_head *layout_list) -+ __must_hold(&clp->cl_lock) -+ __must_hold(RCU) - { - struct pnfs_layout_hdr *lo, *next; - struct inode *inode; - - list_for_each_entry_safe(lo, next, &server->layouts, plh_layouts) { -- if (test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags)) -+ if (test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags) || -+ test_bit(NFS_LAYOUT_INODE_FREEING, &lo->plh_flags) || -+ !list_empty(&lo->plh_bulk_destroy)) - continue; -+ /* If the sb is being destroyed, just bail */ -+ if (!nfs_sb_active(server->super)) -+ break; - inode = igrab(lo->plh_inode); -- if (inode == NULL) -- continue; -- list_del_init(&lo->plh_layouts); -- if (pnfs_layout_add_bulk_destroy_list(inode, layout_list)) -- continue; -- rcu_read_unlock(); -- spin_unlock(&clp->cl_lock); -- iput(inode); -+ if (inode != NULL) { -+ list_del_init(&lo->plh_layouts); -+ if (pnfs_layout_add_bulk_destroy_list(inode, -+ layout_list)) -+ continue; -+ rcu_read_unlock(); -+ spin_unlock(&clp->cl_lock); -+ iput(inode); -+ } else { -+ rcu_read_unlock(); -+ spin_unlock(&clp->cl_lock); -+ set_bit(NFS_LAYOUT_INODE_FREEING, &lo->plh_flags); -+ } -+ nfs_sb_deactive(server->super); - spin_lock(&clp->cl_lock); - rcu_read_lock(); - return -EAGAIN; -@@ -778,7 +791,7 @@ pnfs_layout_free_bulk_destroy_list(struct list_head *layout_list, - /* Free all lsegs that are attached to commit buckets */ - nfs_commit_inode(inode, 0); - pnfs_put_layout_hdr(lo); -- iput(inode); -+ nfs_iput_and_deactive(inode); - } - return ret; - } -diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h -index 87f144f14d1e..965d657086c8 100644 ---- a/fs/nfs/pnfs.h -+++ b/fs/nfs/pnfs.h -@@ -99,6 +99,7 @@ enum { - NFS_LAYOUT_RETURN_REQUESTED, /* Return this layout ASAP */ - NFS_LAYOUT_INVALID_STID, /* layout stateid id is invalid */ - NFS_LAYOUT_FIRST_LAYOUTGET, /* Serialize first layoutget */ -+ NFS_LAYOUT_INODE_FREEING, /* The inode is being freed */ - }; - - enum layoutdriver_policy_flags { -diff --git a/fs/nfs/super.c b/fs/nfs/super.c -index f464f8d9060c..470b761839a5 100644 ---- a/fs/nfs/super.c -+++ b/fs/nfs/super.c -@@ -1925,7 +1925,7 @@ static int nfs_parse_devname(const char *dev_name, - /* kill possible hostname list: not supported */ - comma = strchr(dev_name, ','); - if (comma != NULL && comma < end) -- *comma = 0; -+ len = comma - dev_name; - } - - if (len > maxnamlen) -diff --git a/fs/nfs/write.c b/fs/nfs/write.c -index 01b9d9341b54..ed3f5afc4ff7 100644 ---- a/fs/nfs/write.c -+++ b/fs/nfs/write.c -@@ -643,7 +643,7 @@ out: - return ret; - out_launder: - nfs_write_error_remove_page(req); -- return ret; -+ return 0; - } - - static int nfs_do_writepage(struct page *page, struct writeback_control *wbc, -diff --git a/fs/xfs/xfs_quotaops.c b/fs/xfs/xfs_quotaops.c -index a65108594a07..21bc6d2d23ca 100644 ---- a/fs/xfs/xfs_quotaops.c -+++ b/fs/xfs/xfs_quotaops.c -@@ -214,6 +214,9 @@ xfs_fs_rm_xquota( - if (XFS_IS_QUOTA_ON(mp)) - return -EINVAL; - -+ if (uflags & ~(FS_USER_QUOTA | FS_GROUP_QUOTA | FS_PROJ_QUOTA)) -+ return -EINVAL; -+ - if (uflags & FS_USER_QUOTA) - flags |= XFS_DQ_USER; - if (uflags & FS_GROUP_QUOTA) -diff --git a/include/linux/device.h b/include/linux/device.h -index 66fe271c2544..0b2e67014a83 100644 ---- a/include/linux/device.h -+++ b/include/linux/device.h -@@ -682,7 +682,8 @@ extern unsigned long devm_get_free_pages(struct device *dev, - gfp_t gfp_mask, unsigned int order); - extern void devm_free_pages(struct device *dev, unsigned long addr); - --void __iomem *devm_ioremap_resource(struct device *dev, struct resource *res); -+void __iomem *devm_ioremap_resource(struct device *dev, -+ const struct resource *res); - - /* allows to add/remove a custom action to devres stack */ - int devm_add_action(struct device *dev, void (*action)(void *), void *data); -diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h -index 845ff8c51564..0fe1fdedb8a1 100644 ---- a/include/linux/irqchip/arm-gic-v3.h -+++ b/include/linux/irqchip/arm-gic-v3.h -@@ -152,7 +152,7 @@ - #define GICR_PROPBASER_nCnB GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, nCnB) - #define GICR_PROPBASER_nC GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, nC) - #define GICR_PROPBASER_RaWt GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, RaWt) --#define GICR_PROPBASER_RaWb GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, RaWt) -+#define GICR_PROPBASER_RaWb GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, RaWb) - #define GICR_PROPBASER_WaWt GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, WaWt) - #define GICR_PROPBASER_WaWb GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, WaWb) - #define GICR_PROPBASER_RaWaWt GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, RaWaWt) -@@ -179,7 +179,7 @@ - #define GICR_PENDBASER_nCnB GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, nCnB) - #define GICR_PENDBASER_nC GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, nC) - #define GICR_PENDBASER_RaWt GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, RaWt) --#define GICR_PENDBASER_RaWb GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, RaWt) -+#define GICR_PENDBASER_RaWb GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, RaWb) - #define GICR_PENDBASER_WaWt GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, WaWt) - #define GICR_PENDBASER_WaWb GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, WaWb) - #define GICR_PENDBASER_RaWaWt GIC_BASER_CACHEABILITY(GICR_PENDBASER, INNER, RaWaWt) -@@ -238,7 +238,7 @@ - #define GICR_VPROPBASER_nCnB GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, nCnB) - #define GICR_VPROPBASER_nC GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, nC) - #define GICR_VPROPBASER_RaWt GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, RaWt) --#define GICR_VPROPBASER_RaWb GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, RaWt) -+#define GICR_VPROPBASER_RaWb GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, RaWb) - #define GICR_VPROPBASER_WaWt GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, WaWt) - #define GICR_VPROPBASER_WaWb GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, WaWb) - #define GICR_VPROPBASER_RaWaWt GIC_BASER_CACHEABILITY(GICR_VPROPBASER, INNER, RaWaWt) -@@ -264,7 +264,7 @@ - #define GICR_VPENDBASER_nCnB GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, nCnB) - #define GICR_VPENDBASER_nC GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, nC) - #define GICR_VPENDBASER_RaWt GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, RaWt) --#define GICR_VPENDBASER_RaWb GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, RaWt) -+#define GICR_VPENDBASER_RaWb GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, RaWb) - #define GICR_VPENDBASER_WaWt GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, WaWt) - #define GICR_VPENDBASER_WaWb GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, WaWb) - #define GICR_VPENDBASER_RaWaWt GIC_BASER_CACHEABILITY(GICR_VPENDBASER, INNER, RaWaWt) -@@ -337,7 +337,7 @@ - #define GITS_CBASER_nCnB GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, nCnB) - #define GITS_CBASER_nC GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, nC) - #define GITS_CBASER_RaWt GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, RaWt) --#define GITS_CBASER_RaWb GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, RaWt) -+#define GITS_CBASER_RaWb GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, RaWb) - #define GITS_CBASER_WaWt GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, WaWt) - #define GITS_CBASER_WaWb GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, WaWb) - #define GITS_CBASER_RaWaWt GIC_BASER_CACHEABILITY(GITS_CBASER, INNER, RaWaWt) -@@ -361,7 +361,7 @@ - #define GITS_BASER_nCnB GIC_BASER_CACHEABILITY(GITS_BASER, INNER, nCnB) - #define GITS_BASER_nC GIC_BASER_CACHEABILITY(GITS_BASER, INNER, nC) - #define GITS_BASER_RaWt GIC_BASER_CACHEABILITY(GITS_BASER, INNER, RaWt) --#define GITS_BASER_RaWb GIC_BASER_CACHEABILITY(GITS_BASER, INNER, RaWt) -+#define GITS_BASER_RaWb GIC_BASER_CACHEABILITY(GITS_BASER, INNER, RaWb) - #define GITS_BASER_WaWt GIC_BASER_CACHEABILITY(GITS_BASER, INNER, WaWt) - #define GITS_BASER_WaWb GIC_BASER_CACHEABILITY(GITS_BASER, INNER, WaWb) - #define GITS_BASER_RaWaWt GIC_BASER_CACHEABILITY(GITS_BASER, INNER, RaWaWt) -diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h -index 1d793d86d55f..6ffa181598e6 100644 ---- a/include/linux/mlx5/mlx5_ifc.h -+++ b/include/linux/mlx5/mlx5_ifc.h -@@ -8671,8 +8671,6 @@ struct mlx5_ifc_query_lag_out_bits { - - u8 syndrome[0x20]; - -- u8 reserved_at_40[0x40]; -- - struct mlx5_ifc_lagc_bits ctx; - }; - -diff --git a/include/linux/mmc/sdio_ids.h b/include/linux/mmc/sdio_ids.h -index 0a7abe8a407f..68bbbd9edc08 100644 ---- a/include/linux/mmc/sdio_ids.h -+++ b/include/linux/mmc/sdio_ids.h -@@ -67,6 +67,8 @@ - - #define SDIO_VENDOR_ID_TI 0x0097 - #define SDIO_DEVICE_ID_TI_WL1271 0x4076 -+#define SDIO_VENDOR_ID_TI_WL1251 0x104c -+#define SDIO_DEVICE_ID_TI_WL1251 0x9066 - - #define SDIO_VENDOR_ID_STE 0x0020 - #define SDIO_DEVICE_ID_STE_CW1200 0x2280 -diff --git a/include/linux/platform_data/dma-imx-sdma.h b/include/linux/platform_data/dma-imx-sdma.h -index 6eaa53cef0bd..30e676b36b24 100644 ---- a/include/linux/platform_data/dma-imx-sdma.h -+++ b/include/linux/platform_data/dma-imx-sdma.h -@@ -51,7 +51,10 @@ struct sdma_script_start_addrs { - /* End of v2 array */ - s32 zcanfd_2_mcu_addr; - s32 zqspi_2_mcu_addr; -+ s32 mcu_2_ecspi_addr; - /* End of v3 array */ -+ s32 mcu_2_zqspi_addr; -+ /* End of v4 array */ - }; - - /** -diff --git a/include/linux/signal.h b/include/linux/signal.h -index 843bd62b1ead..c4e3eb89a622 100644 ---- a/include/linux/signal.h -+++ b/include/linux/signal.h -@@ -268,6 +268,9 @@ extern void signal_setup_done(int failed, struct ksignal *ksig, int stepping); - extern void exit_signals(struct task_struct *tsk); - extern void kernel_sigaction(int, __sighandler_t); - -+#define SIG_KTHREAD ((__force __sighandler_t)2) -+#define SIG_KTHREAD_KERNEL ((__force __sighandler_t)3) -+ - static inline void allow_signal(int sig) - { - /* -@@ -275,7 +278,17 @@ static inline void allow_signal(int sig) - * know it'll be handled, so that they don't get converted to - * SIGKILL or just silently dropped. - */ -- kernel_sigaction(sig, (__force __sighandler_t)2); -+ kernel_sigaction(sig, SIG_KTHREAD); -+} -+ -+static inline void allow_kernel_signal(int sig) -+{ -+ /* -+ * Kernel threads handle their own signals. Let the signal code -+ * know signals sent by the kernel will be handled, so that they -+ * don't get silently dropped. -+ */ -+ kernel_sigaction(sig, SIG_KTHREAD_KERNEL); - } - - static inline void disallow_signal(int sig) -diff --git a/include/media/davinci/vpbe.h b/include/media/davinci/vpbe.h -index 79a566d7defd..180a05e91497 100644 ---- a/include/media/davinci/vpbe.h -+++ b/include/media/davinci/vpbe.h -@@ -92,7 +92,7 @@ struct vpbe_config { - struct encoder_config_info *ext_encoders; - /* amplifier information goes here */ - struct amp_config_info *amp; -- int num_outputs; -+ unsigned int num_outputs; - /* Order is venc outputs followed by LCD and then external encoders */ - struct vpbe_output *outputs; - }; -diff --git a/include/net/request_sock.h b/include/net/request_sock.h -index 23e22054aa60..04aa2c7d35c4 100644 ---- a/include/net/request_sock.h -+++ b/include/net/request_sock.h -@@ -181,7 +181,7 @@ void reqsk_fastopen_remove(struct sock *sk, struct request_sock *req, - - static inline bool reqsk_queue_empty(const struct request_sock_queue *queue) - { -- return queue->rskq_accept_head == NULL; -+ return READ_ONCE(queue->rskq_accept_head) == NULL; - } - - static inline struct request_sock *reqsk_queue_remove(struct request_sock_queue *queue, -@@ -193,7 +193,7 @@ static inline struct request_sock *reqsk_queue_remove(struct request_sock_queue - req = queue->rskq_accept_head; - if (req) { - sk_acceptq_removed(parent); -- queue->rskq_accept_head = req->dl_next; -+ WRITE_ONCE(queue->rskq_accept_head, req->dl_next); - if (queue->rskq_accept_head == NULL) - queue->rskq_accept_tail = NULL; - } -diff --git a/include/net/tcp.h b/include/net/tcp.h -index 00d10f0e1194..c96302310314 100644 ---- a/include/net/tcp.h -+++ b/include/net/tcp.h -@@ -289,7 +289,7 @@ static inline bool tcp_under_memory_pressure(const struct sock *sk) - mem_cgroup_under_socket_pressure(sk->sk_memcg)) - return true; - -- return tcp_memory_pressure; -+ return READ_ONCE(tcp_memory_pressure); - } - /* - * The next routines deal with comparing 32 bit unsigned ints -diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 993db6b2348e..15d902daeef6 100644 ---- a/kernel/debug/kdb/kdb_main.c -+++ b/kernel/debug/kdb/kdb_main.c -@@ -2634,7 +2634,7 @@ static int kdb_per_cpu(int argc, const char **argv) - diag = kdbgetularg(argv[3], &whichcpu); - if (diag) - return diag; -- if (!cpu_online(whichcpu)) { -+ if (whichcpu >= nr_cpu_ids || !cpu_online(whichcpu)) { - kdb_printf("cpu %ld is not online\n", whichcpu); - return KDB_BADCPUNUM; - } -diff --git a/kernel/events/core.c b/kernel/events/core.c -index ea4f3f7a0c6f..2ac73b4cb8a9 100644 ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -4762,6 +4762,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg) - if (perf_event_check_period(event, value)) - return -EINVAL; - -+ if (!event->attr.freq && (value & (1ULL << 63))) -+ return -EINVAL; -+ - event_function_call(event, __perf_event_period, &value); - - return 0; -diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c -index ac4644e92b49..0f0e7975a309 100644 ---- a/kernel/irq/irqdomain.c -+++ b/kernel/irq/irqdomain.c -@@ -147,6 +147,7 @@ struct irq_domain *__irq_domain_add(struct fwnode_handle *fwnode, int size, - switch (fwid->type) { - case IRQCHIP_FWNODE_NAMED: - case IRQCHIP_FWNODE_NAMED_ID: -+ domain->fwnode = fwnode; - domain->name = kstrdup(fwid->name, GFP_KERNEL); - if (!domain->name) { - kfree(domain); -diff --git a/kernel/signal.c b/kernel/signal.c -index c9b203875001..8fee1f2eba2f 100644 ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -85,6 +85,11 @@ static int sig_task_ignored(struct task_struct *t, int sig, bool force) - handler == SIG_DFL && !(force && sig_kernel_only(sig))) - return 1; - -+ /* Only allow kernel generated signals to this kthread */ -+ if (unlikely((t->flags & PF_KTHREAD) && -+ (handler == SIG_KTHREAD_KERNEL) && !force)) -+ return true; -+ - return sig_handler_ignored(handler, sig); - } - -diff --git a/lib/devres.c b/lib/devres.c -index 5f2aedd58bc5..40a8b12a8b6b 100644 ---- a/lib/devres.c -+++ b/lib/devres.c -@@ -132,7 +132,8 @@ EXPORT_SYMBOL(devm_iounmap); - * if (IS_ERR(base)) - * return PTR_ERR(base); - */ --void __iomem *devm_ioremap_resource(struct device *dev, struct resource *res) -+void __iomem *devm_ioremap_resource(struct device *dev, -+ const struct resource *res) - { - resource_size_t size; - const char *name; -diff --git a/lib/kfifo.c b/lib/kfifo.c -index 90ba1eb1df06..a94227c55551 100644 ---- a/lib/kfifo.c -+++ b/lib/kfifo.c -@@ -82,7 +82,8 @@ int __kfifo_init(struct __kfifo *fifo, void *buffer, - { - size /= esize; - -- size = roundup_pow_of_two(size); -+ if (!is_power_of_2(size)) -+ size = rounddown_pow_of_two(size); - - fifo->in = 0; - fifo->out = 0; -diff --git a/net/6lowpan/nhc.c b/net/6lowpan/nhc.c -index 4fa2fdda174d..9e56fb98f33c 100644 ---- a/net/6lowpan/nhc.c -+++ b/net/6lowpan/nhc.c -@@ -18,7 +18,7 @@ - #include "nhc.h" - - static struct rb_root rb_root = RB_ROOT; --static struct lowpan_nhc *lowpan_nexthdr_nhcs[NEXTHDR_MAX]; -+static struct lowpan_nhc *lowpan_nexthdr_nhcs[NEXTHDR_MAX + 1]; - static DEFINE_SPINLOCK(lowpan_nhc_lock); - - static int lowpan_nhc_insert(struct lowpan_nhc *nhc) -diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 35a670ec9077..a1834ad7422c 100644 ---- a/net/bridge/netfilter/ebtables.c -+++ b/net/bridge/netfilter/ebtables.c -@@ -2164,7 +2164,9 @@ static int compat_copy_entries(unsigned char *data, unsigned int size_user, - if (ret < 0) - return ret; - -- WARN_ON(size_remaining); -+ if (size_remaining) -+ return -EINVAL; -+ - return state->buf_kern_offset; - } - -diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 16ac50b1b9a7..567e431813e5 100644 ---- a/net/core/neighbour.c -+++ b/net/core/neighbour.c -@@ -1877,8 +1877,8 @@ static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, - goto nla_put_failure; - { - unsigned long now = jiffies; -- unsigned int flush_delta = now - tbl->last_flush; -- unsigned int rand_delta = now - tbl->last_rand; -+ long flush_delta = now - tbl->last_flush; -+ long rand_delta = now - tbl->last_rand; - struct neigh_hash_table *nht; - struct ndt_config ndc = { - .ndtc_key_len = tbl->key_len, -diff --git a/net/core/sock.c b/net/core/sock.c -index 90ccbbf9e6b0..03ca2f638eb4 100644 ---- a/net/core/sock.c -+++ b/net/core/sock.c -@@ -2165,8 +2165,8 @@ static void sk_leave_memory_pressure(struct sock *sk) - } else { - unsigned long *memory_pressure = sk->sk_prot->memory_pressure; - -- if (memory_pressure && *memory_pressure) -- *memory_pressure = 0; -+ if (memory_pressure && READ_ONCE(*memory_pressure)) -+ WRITE_ONCE(*memory_pressure, 0); - } - } - -diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c -index ec7a5da56129..e873a6a007f2 100644 ---- a/net/ieee802154/6lowpan/reassembly.c -+++ b/net/ieee802154/6lowpan/reassembly.c -@@ -634,7 +634,7 @@ err_sysctl: - - void lowpan_net_frag_exit(void) - { -- inet_frags_fini(&lowpan_frags); - lowpan_frags_sysctl_unregister(); - unregister_pernet_subsys(&lowpan_frags_ops); -+ inet_frags_fini(&lowpan_frags); - } -diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c -index f7224c4fc30f..da55ce62fe50 100644 ---- a/net/ipv4/inet_connection_sock.c -+++ b/net/ipv4/inet_connection_sock.c -@@ -936,7 +936,7 @@ struct sock *inet_csk_reqsk_queue_add(struct sock *sk, - req->sk = child; - req->dl_next = NULL; - if (queue->rskq_accept_head == NULL) -- queue->rskq_accept_head = req; -+ WRITE_ONCE(queue->rskq_accept_head, req); - else - queue->rskq_accept_tail->dl_next = req; - queue->rskq_accept_tail = req; -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c -index 8f07655718f3..db1eceda2359 100644 ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -328,7 +328,7 @@ void tcp_enter_memory_pressure(struct sock *sk) - { - unsigned long val; - -- if (tcp_memory_pressure) -+ if (READ_ONCE(tcp_memory_pressure)) - return; - val = jiffies; - -@@ -343,7 +343,7 @@ void tcp_leave_memory_pressure(struct sock *sk) - { - unsigned long val; - -- if (!tcp_memory_pressure) -+ if (!READ_ONCE(tcp_memory_pressure)) - return; - val = xchg(&tcp_memory_pressure, 0); - if (val) -diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index fe797b29ca89..6dea6e92e686 100644 ---- a/net/ipv6/reassembly.c -+++ b/net/ipv6/reassembly.c -@@ -593,8 +593,8 @@ err_protocol: - - void ipv6_frag_exit(void) - { -- inet_frags_fini(&ip6_frags); - ip6_frags_sysctl_unregister(); - unregister_pernet_subsys(&ip6_frags_ops); - inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); -+ inet_frags_fini(&ip6_frags); - } -diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index ca98276c2709..7a9cbc9502d9 100644 ---- a/net/iucv/af_iucv.c -+++ b/net/iucv/af_iucv.c -@@ -2446,6 +2446,13 @@ out: - return err; - } - -+static void afiucv_iucv_exit(void) -+{ -+ device_unregister(af_iucv_dev); -+ driver_unregister(&af_iucv_driver); -+ pr_iucv->iucv_unregister(&af_iucv_handler, 0); -+} -+ - static int __init afiucv_init(void) - { - int err; -@@ -2479,11 +2486,18 @@ static int __init afiucv_init(void) - err = afiucv_iucv_init(); - if (err) - goto out_sock; -- } else -- register_netdevice_notifier(&afiucv_netdev_notifier); -+ } -+ -+ err = register_netdevice_notifier(&afiucv_netdev_notifier); -+ if (err) -+ goto out_notifier; -+ - dev_add_pack(&iucv_packet_type); - return 0; - -+out_notifier: -+ if (pr_iucv) -+ afiucv_iucv_exit(); - out_sock: - sock_unregister(PF_IUCV); - out_proto: -@@ -2497,12 +2511,11 @@ out: - static void __exit afiucv_exit(void) - { - if (pr_iucv) { -- device_unregister(af_iucv_dev); -- driver_unregister(&af_iucv_driver); -- pr_iucv->iucv_unregister(&af_iucv_handler, 0); -+ afiucv_iucv_exit(); - symbol_put(iucv_if); -- } else -- unregister_netdevice_notifier(&afiucv_netdev_notifier); -+ } -+ -+ unregister_netdevice_notifier(&afiucv_netdev_notifier); - dev_remove_pack(&iucv_packet_type); - sock_unregister(PF_IUCV); - proto_unregister(&iucv_proto); -diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c -index e494f04819e9..b9be0360ab94 100644 ---- a/net/l2tp/l2tp_core.c -+++ b/net/l2tp/l2tp_core.c -@@ -1892,7 +1892,8 @@ static __net_exit void l2tp_exit_net(struct net *net) - } - rcu_read_unlock_bh(); - -- flush_workqueue(l2tp_wq); -+ if (l2tp_wq) -+ flush_workqueue(l2tp_wq); - rcu_barrier(); - } - -diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c -index 2e472d5c3ea4..d552e8819713 100644 ---- a/net/llc/af_llc.c -+++ b/net/llc/af_llc.c -@@ -113,22 +113,26 @@ static inline u8 llc_ui_header_len(struct sock *sk, struct sockaddr_llc *addr) - * - * Send data via reliable llc2 connection. - * Returns 0 upon success, non-zero if action did not succeed. -+ * -+ * This function always consumes a reference to the skb. - */ - static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock) - { - struct llc_sock* llc = llc_sk(sk); -- int rc = 0; - - if (unlikely(llc_data_accept_state(llc->state) || - llc->remote_busy_flag || - llc->p_flag)) { - long timeout = sock_sndtimeo(sk, noblock); -+ int rc; - - rc = llc_ui_wait_for_busy_core(sk, timeout); -+ if (rc) { -+ kfree_skb(skb); -+ return rc; -+ } - } -- if (unlikely(!rc)) -- rc = llc_build_and_send_pkt(sk, skb); -- return rc; -+ return llc_build_and_send_pkt(sk, skb); - } - - static void llc_ui_sk_init(struct socket *sock, struct sock *sk) -@@ -900,7 +904,7 @@ static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) - DECLARE_SOCKADDR(struct sockaddr_llc *, addr, msg->msg_name); - int flags = msg->msg_flags; - int noblock = flags & MSG_DONTWAIT; -- struct sk_buff *skb; -+ struct sk_buff *skb = NULL; - size_t size = 0; - int rc = -EINVAL, copied = 0, hdrlen; - -@@ -909,10 +913,10 @@ static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) - lock_sock(sk); - if (addr) { - if (msg->msg_namelen < sizeof(*addr)) -- goto release; -+ goto out; - } else { - if (llc_ui_addr_null(&llc->addr)) -- goto release; -+ goto out; - addr = &llc->addr; - } - /* must bind connection to sap if user hasn't done it. */ -@@ -920,7 +924,7 @@ static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) - /* bind to sap with null dev, exclusive. */ - rc = llc_ui_autobind(sock, addr); - if (rc) -- goto release; -+ goto out; - } - hdrlen = llc->dev->hard_header_len + llc_ui_header_len(sk, addr); - size = hdrlen + len; -@@ -929,12 +933,12 @@ static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) - copied = size - hdrlen; - rc = -EINVAL; - if (copied < 0) -- goto release; -+ goto out; - release_sock(sk); - skb = sock_alloc_send_skb(sk, size, noblock, &rc); - lock_sock(sk); - if (!skb) -- goto release; -+ goto out; - skb->dev = llc->dev; - skb->protocol = llc_proto_type(addr->sllc_arphrd); - skb_reserve(skb, hdrlen); -@@ -944,29 +948,31 @@ static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) - if (sk->sk_type == SOCK_DGRAM || addr->sllc_ua) { - llc_build_and_send_ui_pkt(llc->sap, skb, addr->sllc_mac, - addr->sllc_sap); -+ skb = NULL; - goto out; - } - if (addr->sllc_test) { - llc_build_and_send_test_pkt(llc->sap, skb, addr->sllc_mac, - addr->sllc_sap); -+ skb = NULL; - goto out; - } - if (addr->sllc_xid) { - llc_build_and_send_xid_pkt(llc->sap, skb, addr->sllc_mac, - addr->sllc_sap); -+ skb = NULL; - goto out; - } - rc = -ENOPROTOOPT; - if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua)) - goto out; - rc = llc_ui_send_data(sk, skb, noblock); -+ skb = NULL; - out: -- if (rc) { -- kfree_skb(skb); --release: -+ kfree_skb(skb); -+ if (rc) - dprintk("%s: failed sending from %02X to %02X: %d\n", - __func__, llc->laddr.lsap, llc->daddr.lsap, rc); -- } - release_sock(sk); - return rc ? : copied; - } -diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c -index 444c13e752a0..7fbc682aff04 100644 ---- a/net/llc/llc_conn.c -+++ b/net/llc/llc_conn.c -@@ -55,6 +55,8 @@ int sysctl_llc2_busy_timeout = LLC2_BUSY_TIME * HZ; - * (executing it's actions and changing state), upper layer will be - * indicated or confirmed, if needed. Returns 0 for success, 1 for - * failure. The socket lock has to be held before calling this function. -+ * -+ * This function always consumes a reference to the skb. - */ - int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - { -@@ -62,12 +64,6 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - struct llc_sock *llc = llc_sk(skb->sk); - struct llc_conn_state_ev *ev = llc_conn_ev(skb); - -- /* -- * We have to hold the skb, because llc_conn_service will kfree it in -- * the sending path and we need to look at the skb->cb, where we encode -- * llc_conn_state_ev. -- */ -- skb_get(skb); - ev->ind_prim = ev->cfm_prim = 0; - /* - * Send event to state machine -@@ -75,21 +71,12 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - rc = llc_conn_service(skb->sk, skb); - if (unlikely(rc != 0)) { - printk(KERN_ERR "%s: llc_conn_service failed\n", __func__); -- goto out_kfree_skb; -- } -- -- if (unlikely(!ev->ind_prim && !ev->cfm_prim)) { -- /* indicate or confirm not required */ -- if (!skb->next) -- goto out_kfree_skb; - goto out_skb_put; - } - -- if (unlikely(ev->ind_prim && ev->cfm_prim)) /* Paranoia */ -- skb_get(skb); -- - switch (ev->ind_prim) { - case LLC_DATA_PRIM: -+ skb_get(skb); - llc_save_primitive(sk, skb, LLC_DATA_PRIM); - if (unlikely(sock_queue_rcv_skb(sk, skb))) { - /* -@@ -106,6 +93,7 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - * skb->sk pointing to the newly created struct sock in - * llc_conn_handler. -acme - */ -+ skb_get(skb); - skb_queue_tail(&sk->sk_receive_queue, skb); - sk->sk_state_change(sk); - break; -@@ -121,7 +109,6 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - sk->sk_state_change(sk); - } - } -- kfree_skb(skb); - sock_put(sk); - break; - case LLC_RESET_PRIM: -@@ -130,14 +117,11 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - * RESET is not being notified to upper layers for now - */ - printk(KERN_INFO "%s: received a reset ind!\n", __func__); -- kfree_skb(skb); - break; - default: -- if (ev->ind_prim) { -+ if (ev->ind_prim) - printk(KERN_INFO "%s: received unknown %d prim!\n", - __func__, ev->ind_prim); -- kfree_skb(skb); -- } - /* No indication */ - break; - } -@@ -179,15 +163,12 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) - printk(KERN_INFO "%s: received a reset conf!\n", __func__); - break; - default: -- if (ev->cfm_prim) { -+ if (ev->cfm_prim) - printk(KERN_INFO "%s: received unknown %d prim!\n", - __func__, ev->cfm_prim); -- break; -- } -- goto out_skb_put; /* No confirmation */ -+ /* No confirmation */ -+ break; - } --out_kfree_skb: -- kfree_skb(skb); - out_skb_put: - kfree_skb(skb); - return rc; -diff --git a/net/llc/llc_if.c b/net/llc/llc_if.c -index 6daf391b3e84..fc4d2bd8816f 100644 ---- a/net/llc/llc_if.c -+++ b/net/llc/llc_if.c -@@ -38,6 +38,8 @@ - * closed and -EBUSY when sending data is not permitted in this state or - * LLC has send an I pdu with p bit set to 1 and is waiting for it's - * response. -+ * -+ * This function always consumes a reference to the skb. - */ - int llc_build_and_send_pkt(struct sock *sk, struct sk_buff *skb) - { -@@ -46,20 +48,22 @@ int llc_build_and_send_pkt(struct sock *sk, struct sk_buff *skb) - struct llc_sock *llc = llc_sk(sk); - - if (unlikely(llc->state == LLC_CONN_STATE_ADM)) -- goto out; -+ goto out_free; - rc = -EBUSY; - if (unlikely(llc_data_accept_state(llc->state) || /* data_conn_refuse */ - llc->p_flag)) { - llc->failed_data_req = 1; -- goto out; -+ goto out_free; - } - ev = llc_conn_ev(skb); - ev->type = LLC_CONN_EV_TYPE_PRIM; - ev->prim = LLC_DATA_PRIM; - ev->prim_type = LLC_PRIM_TYPE_REQ; - skb->dev = llc->dev; -- rc = llc_conn_state_process(sk, skb); --out: -+ return llc_conn_state_process(sk, skb); -+ -+out_free: -+ kfree_skb(skb); - return rc; - } - -diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c -index e57811e4b91f..7ba4272642c9 100644 ---- a/net/mac80211/rc80211_minstrel_ht.c -+++ b/net/mac80211/rc80211_minstrel_ht.c -@@ -529,7 +529,7 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi) - - /* (re)Initialize group rate indexes */ - for(j = 0; j < MAX_THR_RATES; j++) -- tmp_group_tp_rate[j] = group; -+ tmp_group_tp_rate[j] = MCS_GROUP_RATES * group; - - for (i = 0; i < MCS_GROUP_RATES; i++) { - if (!(mi->supported[group] & BIT(i))) -diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c -index 4a6b3c7b35e3..31000622376d 100644 ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -3227,9 +3227,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) - case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): - /* process for all: mesh, mlme, ibss */ - break; -+ case cpu_to_le16(IEEE80211_STYPE_DEAUTH): -+ if (is_multicast_ether_addr(mgmt->da) && -+ !is_broadcast_ether_addr(mgmt->da)) -+ return RX_DROP_MONITOR; -+ -+ /* process only for station/IBSS */ -+ if (sdata->vif.type != NL80211_IFTYPE_STATION && -+ sdata->vif.type != NL80211_IFTYPE_ADHOC) -+ return RX_DROP_MONITOR; -+ break; - case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): - case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): -- case cpu_to_le16(IEEE80211_STYPE_DEAUTH): - case cpu_to_le16(IEEE80211_STYPE_DISASSOC): - if (is_multicast_ether_addr(mgmt->da) && - !is_broadcast_ether_addr(mgmt->da)) -diff --git a/net/mpls/mpls_iptunnel.c b/net/mpls/mpls_iptunnel.c -index 6e558a419f60..6c01166f972b 100644 ---- a/net/mpls/mpls_iptunnel.c -+++ b/net/mpls/mpls_iptunnel.c -@@ -28,7 +28,7 @@ - #include "internal.h" - - static const struct nla_policy mpls_iptunnel_policy[MPLS_IPTUNNEL_MAX + 1] = { -- [MPLS_IPTUNNEL_DST] = { .type = NLA_U32 }, -+ [MPLS_IPTUNNEL_DST] = { .len = sizeof(u32) }, - [MPLS_IPTUNNEL_TTL] = { .type = NLA_U8 }, - }; - -diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c -index 33aa2ac3a62e..73f8f99b1193 100644 ---- a/net/netfilter/nft_set_hash.c -+++ b/net/netfilter/nft_set_hash.c -@@ -442,6 +442,23 @@ static bool nft_hash_lookup_fast(const struct net *net, - return false; - } - -+static u32 nft_jhash(const struct nft_set *set, const struct nft_hash *priv, -+ const struct nft_set_ext *ext) -+{ -+ const struct nft_data *key = nft_set_ext_key(ext); -+ u32 hash, k1; -+ -+ if (set->klen == 4) { -+ k1 = *(u32 *)key; -+ hash = jhash_1word(k1, priv->seed); -+ } else { -+ hash = jhash(key, set->klen, priv->seed); -+ } -+ hash = reciprocal_scale(hash, priv->buckets); -+ -+ return hash; -+} -+ - static int nft_hash_insert(const struct net *net, const struct nft_set *set, - const struct nft_set_elem *elem, - struct nft_set_ext **ext) -@@ -451,8 +468,7 @@ static int nft_hash_insert(const struct net *net, const struct nft_set *set, - u8 genmask = nft_genmask_next(net); - u32 hash; - -- hash = jhash(nft_set_ext_key(&this->ext), set->klen, priv->seed); -- hash = reciprocal_scale(hash, priv->buckets); -+ hash = nft_jhash(set, priv, &this->ext); - hlist_for_each_entry(he, &priv->table[hash], node) { - if (!memcmp(nft_set_ext_key(&this->ext), - nft_set_ext_key(&he->ext), set->klen) && -@@ -491,8 +507,7 @@ static void *nft_hash_deactivate(const struct net *net, - u8 genmask = nft_genmask_next(net); - u32 hash; - -- hash = jhash(nft_set_ext_key(&this->ext), set->klen, priv->seed); -- hash = reciprocal_scale(hash, priv->buckets); -+ hash = nft_jhash(set, priv, &this->ext); - hlist_for_each_entry(he, &priv->table[hash], node) { - if (!memcmp(nft_set_ext_key(&this->ext), &elem->key.val, - set->klen) || -diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 4e1058159b08..46b7fac82775 100644 ---- a/net/packet/af_packet.c -+++ b/net/packet/af_packet.c -@@ -1337,15 +1337,21 @@ static void packet_sock_destruct(struct sock *sk) - - static bool fanout_flow_is_huge(struct packet_sock *po, struct sk_buff *skb) - { -- u32 rxhash; -+ u32 *history = po->rollover->history; -+ u32 victim, rxhash; - int i, count = 0; - - rxhash = skb_get_hash(skb); - for (i = 0; i < ROLLOVER_HLEN; i++) -- if (po->rollover->history[i] == rxhash) -+ if (READ_ONCE(history[i]) == rxhash) - count++; - -- po->rollover->history[prandom_u32() % ROLLOVER_HLEN] = rxhash; -+ victim = prandom_u32() % ROLLOVER_HLEN; -+ -+ /* Avoid dirtying the cache line if possible */ -+ if (READ_ONCE(history[victim]) != rxhash) -+ WRITE_ONCE(history[victim], rxhash); -+ - return count > (ROLLOVER_HLEN >> 1); - } - -@@ -3407,20 +3413,29 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, - sock_recv_ts_and_drops(msg, sk, skb); - - if (msg->msg_name) { -+ int copy_len; -+ - /* If the address length field is there to be filled - * in, we fill it in now. - */ - if (sock->type == SOCK_PACKET) { - __sockaddr_check_size(sizeof(struct sockaddr_pkt)); - msg->msg_namelen = sizeof(struct sockaddr_pkt); -+ copy_len = msg->msg_namelen; - } else { - struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; - - msg->msg_namelen = sll->sll_halen + - offsetof(struct sockaddr_ll, sll_addr); -+ copy_len = msg->msg_namelen; -+ if (msg->msg_namelen < sizeof(struct sockaddr_ll)) { -+ memset(msg->msg_name + -+ offsetof(struct sockaddr_ll, sll_addr), -+ 0, sizeof(sll->sll_addr)); -+ msg->msg_namelen = sizeof(struct sockaddr_ll); -+ } - } -- memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, -- msg->msg_namelen); -+ memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); - } - - if (pkt_sk(sk)->auxdata) { -diff --git a/net/rds/ib_stats.c b/net/rds/ib_stats.c -index 9252ad126335..ac46d8961b61 100644 ---- a/net/rds/ib_stats.c -+++ b/net/rds/ib_stats.c -@@ -42,7 +42,7 @@ DEFINE_PER_CPU_SHARED_ALIGNED(struct rds_ib_statistics, rds_ib_stats); - static const char *const rds_ib_stat_names[] = { - "ib_connect_raced", - "ib_listen_closed_stale", -- "s_ib_evt_handler_call", -+ "ib_evt_handler_call", - "ib_tasklet_call", - "ib_tx_cq_event", - "ib_tx_ring_full", -diff --git a/net/rds/stats.c b/net/rds/stats.c -index 73be187d389e..6bbab4d74c4f 100644 ---- a/net/rds/stats.c -+++ b/net/rds/stats.c -@@ -76,6 +76,8 @@ static const char *const rds_stat_names[] = { - "cong_update_received", - "cong_send_error", - "cong_send_blocked", -+ "recv_bytes_added_to_sock", -+ "recv_bytes_freed_fromsock", - }; - - void rds_stats_info_copy(struct rds_info_iterator *iter, -diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c -index 5b67cb5d47f0..edddbacf33bc 100644 ---- a/net/rxrpc/output.c -+++ b/net/rxrpc/output.c -@@ -404,6 +404,9 @@ send_fragmentable: - } - break; - #endif -+ -+ default: -+ BUG(); - } - - up_write(&conn->params.local->defrag_sem); -diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c -index 529bb064c4a4..dcfaa4f9c7c5 100644 ---- a/net/sched/act_mirred.c -+++ b/net/sched/act_mirred.c -@@ -371,7 +371,11 @@ static int __init mirred_init_module(void) - return err; - - pr_info("Mirror/redirect action on\n"); -- return tcf_register_action(&act_mirred_ops, &mirred_net_ops); -+ err = tcf_register_action(&act_mirred_ops, &mirred_net_ops); -+ if (err) -+ unregister_netdevice_notifier(&mirred_device_notifier); -+ -+ return err; - } - - static void __exit mirred_cleanup_module(void) -diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c -index 6266121a03f9..328b043edf07 100644 ---- a/net/sched/sch_netem.c -+++ b/net/sched/sch_netem.c -@@ -431,8 +431,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, - struct netem_skb_cb *cb; - struct sk_buff *skb2; - struct sk_buff *segs = NULL; -- unsigned int len = 0, last_len, prev_len = qdisc_pkt_len(skb); -- int nb = 0; -+ unsigned int prev_len = qdisc_pkt_len(skb); - int count = 1; - int rc = NET_XMIT_SUCCESS; - int rc_drop = NET_XMIT_DROP; -@@ -489,6 +488,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, - segs = netem_segment(skb, sch, to_free); - if (!segs) - return rc_drop; -+ qdisc_skb_cb(segs)->pkt_len = segs->len; - } else { - segs = skb; - } -@@ -504,6 +504,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, - if (skb->ip_summed == CHECKSUM_PARTIAL && - skb_checksum_help(skb)) { - qdisc_drop(skb, sch, to_free); -+ skb = NULL; - goto finish_segs; - } - -@@ -579,6 +580,12 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch, - - finish_segs: - if (segs) { -+ unsigned int len, last_len; -+ int nb; -+ -+ len = skb ? skb->len : 0; -+ nb = skb ? 1 : 0; -+ - while (segs) { - skb2 = segs->next; - segs->next = NULL; -@@ -594,9 +601,10 @@ finish_segs: - } - segs = skb2; - } -- sch->q.qlen += nb; -- if (nb > 1) -- qdisc_tree_reduce_backlog(sch, 1 - nb, prev_len - len); -+ /* Parent qdiscs accounted for 1 skb of size @prev_len */ -+ qdisc_tree_reduce_backlog(sch, -(nb - 1), -(len - prev_len)); -+ } else if (!skb) { -+ return NET_XMIT_DROP; - } - return NET_XMIT_SUCCESS; - } -diff --git a/net/tipc/link.c b/net/tipc/link.c -index da749916faac..82e4e0e152d1 100644 ---- a/net/tipc/link.c -+++ b/net/tipc/link.c -@@ -811,18 +811,31 @@ static int link_schedule_user(struct tipc_link *l, struct tipc_msg *hdr) - */ - void link_prepare_wakeup(struct tipc_link *l) - { -+ struct sk_buff_head *wakeupq = &l->wakeupq; -+ struct sk_buff_head *inputq = l->inputq; - struct sk_buff *skb, *tmp; -- int imp, i = 0; -+ struct sk_buff_head tmpq; -+ int avail[5] = {0,}; -+ int imp = 0; -+ -+ __skb_queue_head_init(&tmpq); - -- skb_queue_walk_safe(&l->wakeupq, skb, tmp) { -+ for (; imp <= TIPC_SYSTEM_IMPORTANCE; imp++) -+ avail[imp] = l->backlog[imp].limit - l->backlog[imp].len; -+ -+ skb_queue_walk_safe(wakeupq, skb, tmp) { - imp = TIPC_SKB_CB(skb)->chain_imp; -- if (l->backlog[imp].len < l->backlog[imp].limit) { -- skb_unlink(skb, &l->wakeupq); -- skb_queue_tail(l->inputq, skb); -- } else if (i++ > 10) { -- break; -- } -+ if (avail[imp] <= 0) -+ continue; -+ avail[imp]--; -+ __skb_unlink(skb, wakeupq); -+ __skb_queue_tail(&tmpq, skb); - } -+ -+ spin_lock_bh(&inputq->lock); -+ skb_queue_splice_tail(&tmpq, inputq); -+ spin_unlock_bh(&inputq->lock); -+ - } - - void tipc_link_reset(struct tipc_link *l) -diff --git a/net/tipc/node.c b/net/tipc/node.c -index 42e9bdcc4bb6..82f8f69f4d6b 100644 ---- a/net/tipc/node.c -+++ b/net/tipc/node.c -@@ -688,10 +688,10 @@ static void __tipc_node_link_down(struct tipc_node *n, int *bearer_id, - static void tipc_node_link_down(struct tipc_node *n, int bearer_id, bool delete) - { - struct tipc_link_entry *le = &n->links[bearer_id]; -+ struct tipc_media_addr *maddr = NULL; - struct tipc_link *l = le->link; -- struct tipc_media_addr *maddr; -- struct sk_buff_head xmitq; - int old_bearer_id = bearer_id; -+ struct sk_buff_head xmitq; - - if (!l) - return; -@@ -713,7 +713,8 @@ static void tipc_node_link_down(struct tipc_node *n, int bearer_id, bool delete) - tipc_node_write_unlock(n); - if (delete) - tipc_mon_remove_peer(n->net, n->addr, old_bearer_id); -- tipc_bearer_xmit(n->net, bearer_id, &xmitq, maddr); -+ if (!skb_queue_empty(&xmitq)) -+ tipc_bearer_xmit(n->net, bearer_id, &xmitq, maddr); - tipc_sk_rcv(n->net, &le->inputq); - } - -diff --git a/net/tipc/socket.c b/net/tipc/socket.c -index 21929ba196eb..d9ec6335c7dc 100644 ---- a/net/tipc/socket.c -+++ b/net/tipc/socket.c -@@ -487,7 +487,7 @@ static void __tipc_shutdown(struct socket *sock, int error) - struct sock *sk = sock->sk; - struct tipc_sock *tsk = tipc_sk(sk); - struct net *net = sock_net(sk); -- long timeout = CONN_TIMEOUT_DEFAULT; -+ long timeout = msecs_to_jiffies(CONN_TIMEOUT_DEFAULT); - u32 dnode = tsk_peer_node(tsk); - struct sk_buff *skb; - -diff --git a/net/tipc/sysctl.c b/net/tipc/sysctl.c -index 1a779b1e8510..40f6d82083d7 100644 ---- a/net/tipc/sysctl.c -+++ b/net/tipc/sysctl.c -@@ -37,6 +37,8 @@ - - #include - -+static int zero; -+static int one = 1; - static struct ctl_table_header *tipc_ctl_hdr; - - static struct ctl_table tipc_table[] = { -@@ -45,14 +47,16 @@ static struct ctl_table tipc_table[] = { - .data = &sysctl_tipc_rmem, - .maxlen = sizeof(sysctl_tipc_rmem), - .mode = 0644, -- .proc_handler = proc_dointvec, -+ .proc_handler = proc_dointvec_minmax, -+ .extra1 = &one, - }, - { - .procname = "named_timeout", - .data = &sysctl_tipc_named_timeout, - .maxlen = sizeof(sysctl_tipc_named_timeout), - .mode = 0644, -- .proc_handler = proc_dointvec, -+ .proc_handler = proc_dointvec_minmax, -+ .extra1 = &zero, - }, - {} - }; -diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h -index 6ae07e9aaa17..812cdec9dd3b 100644 ---- a/security/apparmor/include/context.h -+++ b/security/apparmor/include/context.h -@@ -191,6 +191,8 @@ static inline struct aa_label *begin_current_label_crit_section(void) - { - struct aa_label *label = aa_current_raw_label(); - -+ might_sleep(); -+ - if (label_is_stale(label)) { - label = aa_get_newest_label(label); - if (aa_replace_current_label(label) == 0) -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 1346ee5be04f..4f08023101f3 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -108,12 +108,12 @@ static int apparmor_ptrace_access_check(struct task_struct *child, - struct aa_label *tracer, *tracee; - int error; - -- tracer = begin_current_label_crit_section(); -+ tracer = __begin_current_label_crit_section(); - tracee = aa_get_task_label(child); - error = aa_may_ptrace(tracer, tracee, - mode == PTRACE_MODE_READ ? AA_PTRACE_READ : AA_PTRACE_TRACE); - aa_put_label(tracee); -- end_current_label_crit_section(tracer); -+ __end_current_label_crit_section(tracer); - - return error; - } -diff --git a/security/keys/key.c b/security/keys/key.c -index 87172f99f73e..17244f5f54c6 100644 ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -297,6 +297,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, - key->gid = gid; - key->perm = perm; - key->restrict_link = restrict_link; -+ key->last_used_at = ktime_get_real_seconds(); - - if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) - key->flags |= 1 << KEY_FLAG_IN_QUOTA; -diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c -index d2d96ca082b7..6224fd3bbf7c 100644 ---- a/sound/aoa/codecs/onyx.c -+++ b/sound/aoa/codecs/onyx.c -@@ -74,8 +74,10 @@ static int onyx_read_register(struct onyx *onyx, u8 reg, u8 *value) - return 0; - } - v = i2c_smbus_read_byte_data(onyx->i2c, reg); -- if (v < 0) -+ if (v < 0) { -+ *value = 0; - return -1; -+ } - *value = (u8)v; - onyx->cache[ONYX_REG_CONTROL-FIRSTREGISTER] = *value; - return 0; -diff --git a/sound/pci/hda/hda_controller.h b/sound/pci/hda/hda_controller.h -index 8a9dd4767b1e..63cc10604afc 100644 ---- a/sound/pci/hda/hda_controller.h -+++ b/sound/pci/hda/hda_controller.h -@@ -176,11 +176,10 @@ struct azx { - #define azx_bus(chip) (&(chip)->bus.core) - #define bus_to_azx(_bus) container_of(_bus, struct azx, bus.core) - --#ifdef CONFIG_X86 --#define azx_snoop(chip) ((chip)->snoop) --#else --#define azx_snoop(chip) true --#endif -+static inline bool azx_snoop(struct azx *chip) -+{ -+ return !IS_ENABLED(CONFIG_X86) || chip->snoop; -+} - - /* - * macros for easy use -diff --git a/sound/soc/codecs/cs4349.c b/sound/soc/codecs/cs4349.c -index 0a749c79ef57..1d38e53dc95c 100644 ---- a/sound/soc/codecs/cs4349.c -+++ b/sound/soc/codecs/cs4349.c -@@ -380,6 +380,7 @@ static struct i2c_driver cs4349_i2c_driver = { - .driver = { - .name = "cs4349", - .of_match_table = cs4349_of_match, -+ .pm = &cs4349_runtime_pm, - }, - .id_table = cs4349_i2c_id, - .probe = cs4349_i2c_probe, -diff --git a/sound/soc/codecs/es8328.c b/sound/soc/codecs/es8328.c -index bcdb8914ec16..e2f44fa46262 100644 ---- a/sound/soc/codecs/es8328.c -+++ b/sound/soc/codecs/es8328.c -@@ -231,7 +231,7 @@ static const struct soc_enum es8328_rline_enum = - ARRAY_SIZE(es8328_line_texts), - es8328_line_texts); - static const struct snd_kcontrol_new es8328_right_line_controls = -- SOC_DAPM_ENUM("Route", es8328_lline_enum); -+ SOC_DAPM_ENUM("Route", es8328_rline_enum); - - /* Left Mixer */ - static const struct snd_kcontrol_new es8328_left_mixer_controls[] = { -diff --git a/sound/soc/codecs/wm8737.c b/sound/soc/codecs/wm8737.c -index f0cb1c4afe3c..c5a8d758f58b 100644 ---- a/sound/soc/codecs/wm8737.c -+++ b/sound/soc/codecs/wm8737.c -@@ -170,7 +170,7 @@ SOC_DOUBLE("Polarity Invert Switch", WM8737_ADC_CONTROL, 5, 6, 1, 0), - SOC_SINGLE("3D Switch", WM8737_3D_ENHANCE, 0, 1, 0), - SOC_SINGLE("3D Depth", WM8737_3D_ENHANCE, 1, 15, 0), - SOC_ENUM("3D Low Cut-off", low_3d), --SOC_ENUM("3D High Cut-off", low_3d), -+SOC_ENUM("3D High Cut-off", high_3d), - SOC_SINGLE_TLV("3D ADC Volume", WM8737_3D_ENHANCE, 7, 1, 1, adc_tlv), - - SOC_SINGLE("Noise Gate Switch", WM8737_NOISE_GATE, 0, 1, 0), -diff --git a/sound/soc/davinci/davinci-mcasp.c b/sound/soc/davinci/davinci-mcasp.c -index 07bac9ea65c4..e10e03800cce 100644 ---- a/sound/soc/davinci/davinci-mcasp.c -+++ b/sound/soc/davinci/davinci-mcasp.c -@@ -882,14 +882,13 @@ static int mcasp_i2s_hw_param(struct davinci_mcasp *mcasp, int stream, - active_slots = hweight32(mcasp->tdm_mask[stream]); - active_serializers = (channels + active_slots - 1) / - active_slots; -- if (active_serializers == 1) { -+ if (active_serializers == 1) - active_slots = channels; -- for (i = 0; i < total_slots; i++) { -- if ((1 << i) & mcasp->tdm_mask[stream]) { -- mask |= (1 << i); -- if (--active_slots <= 0) -- break; -- } -+ for (i = 0; i < total_slots; i++) { -+ if ((1 << i) & mcasp->tdm_mask[stream]) { -+ mask |= (1 << i); -+ if (--active_slots <= 0) -+ break; - } - } - } else { -diff --git a/sound/soc/fsl/imx-sgtl5000.c b/sound/soc/fsl/imx-sgtl5000.c -index 8e525f7ac08d..3d99a8579c99 100644 ---- a/sound/soc/fsl/imx-sgtl5000.c -+++ b/sound/soc/fsl/imx-sgtl5000.c -@@ -119,7 +119,8 @@ static int imx_sgtl5000_probe(struct platform_device *pdev) - codec_dev = of_find_i2c_device_by_node(codec_np); - if (!codec_dev) { - dev_err(&pdev->dev, "failed to find codec platform device\n"); -- return -EPROBE_DEFER; -+ ret = -EPROBE_DEFER; -+ goto fail; - } - - data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL); -diff --git a/sound/soc/qcom/apq8016_sbc.c b/sound/soc/qcom/apq8016_sbc.c -index d49adc822a11..8e6b88d68ca6 100644 ---- a/sound/soc/qcom/apq8016_sbc.c -+++ b/sound/soc/qcom/apq8016_sbc.c -@@ -163,41 +163,52 @@ static struct apq8016_sbc_data *apq8016_sbc_parse_of(struct snd_soc_card *card) - - if (!cpu || !codec) { - dev_err(dev, "Can't find cpu/codec DT node\n"); -- return ERR_PTR(-EINVAL); -+ ret = -EINVAL; -+ goto error; - } - - link->cpu_of_node = of_parse_phandle(cpu, "sound-dai", 0); - if (!link->cpu_of_node) { - dev_err(card->dev, "error getting cpu phandle\n"); -- return ERR_PTR(-EINVAL); -+ ret = -EINVAL; -+ goto error; - } - - ret = snd_soc_of_get_dai_name(cpu, &link->cpu_dai_name); - if (ret) { - dev_err(card->dev, "error getting cpu dai name\n"); -- return ERR_PTR(ret); -+ goto error; - } - - ret = snd_soc_of_get_dai_link_codecs(dev, codec, link); - - if (ret < 0) { - dev_err(card->dev, "error getting codec dai name\n"); -- return ERR_PTR(ret); -+ goto error; - } - - link->platform_of_node = link->cpu_of_node; - ret = of_property_read_string(np, "link-name", &link->name); - if (ret) { - dev_err(card->dev, "error getting codec dai_link name\n"); -- return ERR_PTR(ret); -+ goto error; - } - - link->stream_name = link->name; - link->init = apq8016_sbc_dai_init; - link++; -+ -+ of_node_put(cpu); -+ of_node_put(codec); - } - - return data; -+ -+ error: -+ of_node_put(np); -+ of_node_put(cpu); -+ of_node_put(codec); -+ return ERR_PTR(ret); - } - - static const struct snd_soc_dapm_widget apq8016_sbc_dapm_widgets[] = { -diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index 24047375c2fb..70e1a60a2e98 100644 ---- a/sound/soc/soc-pcm.c -+++ b/sound/soc/soc-pcm.c -@@ -48,8 +48,8 @@ static bool snd_soc_dai_stream_valid(struct snd_soc_dai *dai, int stream) - else - codec_stream = &dai->driver->capture; - -- /* If the codec specifies any rate at all, it supports the stream. */ -- return codec_stream->rates; -+ /* If the codec specifies any channels at all, it supports the stream */ -+ return codec_stream->channels_min; - } - - /** -diff --git a/sound/soc/sunxi/sun4i-i2s.c b/sound/soc/sunxi/sun4i-i2s.c -index da0a2083e12a..d2802fd8c1dd 100644 ---- a/sound/soc/sunxi/sun4i-i2s.c -+++ b/sound/soc/sunxi/sun4i-i2s.c -@@ -80,8 +80,8 @@ - #define SUN4I_I2S_CLK_DIV_MCLK_MASK GENMASK(3, 0) - #define SUN4I_I2S_CLK_DIV_MCLK(mclk) ((mclk) << 0) - --#define SUN4I_I2S_RX_CNT_REG 0x28 --#define SUN4I_I2S_TX_CNT_REG 0x2c -+#define SUN4I_I2S_TX_CNT_REG 0x28 -+#define SUN4I_I2S_RX_CNT_REG 0x2c - - #define SUN4I_I2S_TX_CHAN_SEL_REG 0x30 - #define SUN4I_I2S_CHAN_SEL(num_chan) (((num_chan) - 1) << 0) -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index 044193b2364d..e6e4c3b9d9d3 100644 ---- a/sound/usb/mixer.c -+++ b/sound/usb/mixer.c -@@ -2632,7 +2632,9 @@ int snd_usb_create_mixer(struct snd_usb_audio *chip, int ctrlif, - (err = snd_usb_mixer_status_create(mixer)) < 0) - goto _error; - -- snd_usb_mixer_apply_create_quirk(mixer); -+ err = snd_usb_mixer_apply_create_quirk(mixer); -+ if (err < 0) -+ goto _error; - - err = snd_device_new(chip->card, SNDRV_DEV_CODEC, mixer, &dev_ops); - if (err < 0) -diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h -index d32727c74a16..c892b4d1e733 100644 ---- a/sound/usb/quirks-table.h -+++ b/sound/usb/quirks-table.h -@@ -3293,19 +3293,14 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"), - .ifnum = 0, - .type = QUIRK_AUDIO_STANDARD_MIXER, - }, -- /* Capture */ -- { -- .ifnum = 1, -- .type = QUIRK_IGNORE_INTERFACE, -- }, - /* Playback */ - { -- .ifnum = 2, -+ .ifnum = 1, - .type = QUIRK_AUDIO_FIXED_ENDPOINT, - .data = &(const struct audioformat) { - .formats = SNDRV_PCM_FMTBIT_S16_LE, - .channels = 2, -- .iface = 2, -+ .iface = 1, - .altsetting = 1, - .altset_idx = 1, - .attributes = UAC_EP_CS_ATTR_FILL_MAX | -diff --git a/tools/testing/selftests/ipc/msgque.c b/tools/testing/selftests/ipc/msgque.c -index ee9382bdfadc..c5587844fbb8 100644 ---- a/tools/testing/selftests/ipc/msgque.c -+++ b/tools/testing/selftests/ipc/msgque.c -@@ -1,9 +1,10 @@ - // SPDX-License-Identifier: GPL-2.0 -+#define _GNU_SOURCE - #include - #include - #include - #include --#include -+#include - #include - - #include "../kselftest.h" -@@ -73,7 +74,7 @@ int restore_queue(struct msgque_data *msgque) - return 0; - - destroy: -- if (msgctl(id, IPC_RMID, 0)) -+ if (msgctl(id, IPC_RMID, NULL)) - printf("Failed to destroy queue: %d\n", -errno); - return ret; - } -@@ -120,7 +121,7 @@ int check_and_destroy_queue(struct msgque_data *msgque) - - ret = 0; - err: -- if (msgctl(msgque->msq_id, IPC_RMID, 0)) { -+ if (msgctl(msgque->msq_id, IPC_RMID, NULL)) { - printf("Failed to destroy queue: %d\n", -errno); - return -errno; - } -@@ -129,7 +130,7 @@ err: - - int dump_queue(struct msgque_data *msgque) - { -- struct msqid64_ds ds; -+ struct msqid_ds ds; - int kern_id; - int i, ret; - -@@ -246,7 +247,7 @@ int main(int argc, char **argv) - return ksft_exit_pass(); - - err_destroy: -- if (msgctl(msgque.msq_id, IPC_RMID, 0)) { -+ if (msgctl(msgque.msq_id, IPC_RMID, NULL)) { - printf("Failed to destroy queue: %d\n", -errno); - return ksft_exit_fail(); - } diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.168-169.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.168-169.patch deleted file mode 100644 index c56331205d..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.168-169.patch +++ /dev/null @@ -1,1600 +0,0 @@ -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 933465eff40e..7e0a4be3503d 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -1845,6 +1845,12 @@ - Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y, - the default is off. - -+ kpti= [ARM64] Control page table isolation of user -+ and kernel address spaces. -+ Default: enabled on cores which need mitigation. -+ 0: force disabled -+ 1: force enabled -+ - kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs. - Default is 0 (don't ignore, but inject #GP) - -diff --git a/Makefile b/Makefile -index 1e74ba09cdda..795d93bfe156 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 168 -+SUBLEVEL = 169 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 6b6368a56526..0e449ee11ac7 100644 ---- a/drivers/atm/firestream.c -+++ b/drivers/atm/firestream.c -@@ -927,6 +927,7 @@ static int fs_open(struct atm_vcc *atm_vcc) - } - if (!to) { - printk ("No more free channels for FS50..\n"); -+ kfree(vcc); - return -EBUSY; - } - vcc->channo = dev->channo; -@@ -937,6 +938,7 @@ static int fs_open(struct atm_vcc *atm_vcc) - if (((DO_DIRECTION(rxtp) && dev->atm_vccs[vcc->channo])) || - ( DO_DIRECTION(txtp) && test_bit (vcc->channo, dev->tx_inuse))) { - printk ("Channel is in use for FS155.\n"); -+ kfree(vcc); - return -EBUSY; - } - } -@@ -950,6 +952,7 @@ static int fs_open(struct atm_vcc *atm_vcc) - tc, sizeof (struct fs_transmit_config)); - if (!tc) { - fs_dprintk (FS_DEBUG_OPEN, "fs: can't alloc transmit_config.\n"); -+ kfree(vcc); - return -ENOMEM; - } - -diff --git a/drivers/hwmon/adt7475.c b/drivers/hwmon/adt7475.c -index 37db2eb66ed7..d7d1f2467100 100644 ---- a/drivers/hwmon/adt7475.c -+++ b/drivers/hwmon/adt7475.c -@@ -297,9 +297,10 @@ static inline u16 volt2reg(int channel, long volt, u8 bypass_attn) - long reg; - - if (bypass_attn & (1 << channel)) -- reg = (volt * 1024) / 2250; -+ reg = DIV_ROUND_CLOSEST(volt * 1024, 2250); - else -- reg = (volt * r[1] * 1024) / ((r[0] + r[1]) * 2250); -+ reg = DIV_ROUND_CLOSEST(volt * r[1] * 1024, -+ (r[0] + r[1]) * 2250); - return clamp_val(reg, 0, 1023) & (0xff << 2); - } - -diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c -index 7b53065e9882..652973d83a07 100644 ---- a/drivers/hwmon/hwmon.c -+++ b/drivers/hwmon/hwmon.c -@@ -51,6 +51,7 @@ struct hwmon_device_attribute { - - #define to_hwmon_attr(d) \ - container_of(d, struct hwmon_device_attribute, dev_attr) -+#define to_dev_attr(a) container_of(a, struct device_attribute, attr) - - /* - * Thermal zone information -@@ -58,7 +59,7 @@ struct hwmon_device_attribute { - * also provides the sensor index. - */ - struct hwmon_thermal_data { -- struct hwmon_device *hwdev; /* Reference to hwmon device */ -+ struct device *dev; /* Reference to hwmon device */ - int index; /* sensor index */ - }; - -@@ -95,9 +96,27 @@ static const struct attribute_group *hwmon_dev_attr_groups[] = { - NULL - }; - -+static void hwmon_free_attrs(struct attribute **attrs) -+{ -+ int i; -+ -+ for (i = 0; attrs[i]; i++) { -+ struct device_attribute *dattr = to_dev_attr(attrs[i]); -+ struct hwmon_device_attribute *hattr = to_hwmon_attr(dattr); -+ -+ kfree(hattr); -+ } -+ kfree(attrs); -+} -+ - static void hwmon_dev_release(struct device *dev) - { -- kfree(to_hwmon_device(dev)); -+ struct hwmon_device *hwdev = to_hwmon_device(dev); -+ -+ if (hwdev->group.attrs) -+ hwmon_free_attrs(hwdev->group.attrs); -+ kfree(hwdev->groups); -+ kfree(hwdev); - } - - static struct class hwmon_class = { -@@ -121,11 +140,11 @@ static DEFINE_IDA(hwmon_ida); - static int hwmon_thermal_get_temp(void *data, int *temp) - { - struct hwmon_thermal_data *tdata = data; -- struct hwmon_device *hwdev = tdata->hwdev; -+ struct hwmon_device *hwdev = to_hwmon_device(tdata->dev); - int ret; - long t; - -- ret = hwdev->chip->ops->read(&hwdev->dev, hwmon_temp, hwmon_temp_input, -+ ret = hwdev->chip->ops->read(tdata->dev, hwmon_temp, hwmon_temp_input, - tdata->index, &t); - if (ret < 0) - return ret; -@@ -139,26 +158,31 @@ static const struct thermal_zone_of_device_ops hwmon_thermal_ops = { - .get_temp = hwmon_thermal_get_temp, - }; - --static int hwmon_thermal_add_sensor(struct device *dev, -- struct hwmon_device *hwdev, int index) -+static int hwmon_thermal_add_sensor(struct device *dev, int index) - { - struct hwmon_thermal_data *tdata; -+ struct thermal_zone_device *tzd; - - tdata = devm_kzalloc(dev, sizeof(*tdata), GFP_KERNEL); - if (!tdata) - return -ENOMEM; - -- tdata->hwdev = hwdev; -+ tdata->dev = dev; - tdata->index = index; - -- devm_thermal_zone_of_sensor_register(&hwdev->dev, index, tdata, -- &hwmon_thermal_ops); -+ tzd = devm_thermal_zone_of_sensor_register(dev, index, tdata, -+ &hwmon_thermal_ops); -+ /* -+ * If CONFIG_THERMAL_OF is disabled, this returns -ENODEV, -+ * so ignore that error but forward any other error. -+ */ -+ if (IS_ERR(tzd) && (PTR_ERR(tzd) != -ENODEV)) -+ return PTR_ERR(tzd); - - return 0; - } - #else --static int hwmon_thermal_add_sensor(struct device *dev, -- struct hwmon_device *hwdev, int index) -+static int hwmon_thermal_add_sensor(struct device *dev, int index) - { - return 0; - } -@@ -235,8 +259,7 @@ static bool is_string_attr(enum hwmon_sensor_types type, u32 attr) - (type == hwmon_fan && attr == hwmon_fan_label); - } - --static struct attribute *hwmon_genattr(struct device *dev, -- const void *drvdata, -+static struct attribute *hwmon_genattr(const void *drvdata, - enum hwmon_sensor_types type, - u32 attr, - int index, -@@ -264,7 +287,7 @@ static struct attribute *hwmon_genattr(struct device *dev, - if ((mode & S_IWUGO) && !ops->write) - return ERR_PTR(-EINVAL); - -- hattr = devm_kzalloc(dev, sizeof(*hattr), GFP_KERNEL); -+ hattr = kzalloc(sizeof(*hattr), GFP_KERNEL); - if (!hattr) - return ERR_PTR(-ENOMEM); - -@@ -467,8 +490,7 @@ static int hwmon_num_channel_attrs(const struct hwmon_channel_info *info) - return n; - } - --static int hwmon_genattrs(struct device *dev, -- const void *drvdata, -+static int hwmon_genattrs(const void *drvdata, - struct attribute **attrs, - const struct hwmon_ops *ops, - const struct hwmon_channel_info *info) -@@ -494,7 +516,7 @@ static int hwmon_genattrs(struct device *dev, - attr_mask &= ~BIT(attr); - if (attr >= template_size) - return -EINVAL; -- a = hwmon_genattr(dev, drvdata, info->type, attr, i, -+ a = hwmon_genattr(drvdata, info->type, attr, i, - templates[attr], ops); - if (IS_ERR(a)) { - if (PTR_ERR(a) != -ENOENT) -@@ -508,8 +530,7 @@ static int hwmon_genattrs(struct device *dev, - } - - static struct attribute ** --__hwmon_create_attrs(struct device *dev, const void *drvdata, -- const struct hwmon_chip_info *chip) -+__hwmon_create_attrs(const void *drvdata, const struct hwmon_chip_info *chip) - { - int ret, i, aindex = 0, nattrs = 0; - struct attribute **attrs; -@@ -520,15 +541,17 @@ __hwmon_create_attrs(struct device *dev, const void *drvdata, - if (nattrs == 0) - return ERR_PTR(-EINVAL); - -- attrs = devm_kcalloc(dev, nattrs + 1, sizeof(*attrs), GFP_KERNEL); -+ attrs = kcalloc(nattrs + 1, sizeof(*attrs), GFP_KERNEL); - if (!attrs) - return ERR_PTR(-ENOMEM); - - for (i = 0; chip->info[i]; i++) { -- ret = hwmon_genattrs(dev, drvdata, &attrs[aindex], chip->ops, -+ ret = hwmon_genattrs(drvdata, &attrs[aindex], chip->ops, - chip->info[i]); -- if (ret < 0) -+ if (ret < 0) { -+ hwmon_free_attrs(attrs); - return ERR_PTR(ret); -+ } - aindex += ret; - } - -@@ -570,14 +593,13 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, - for (i = 0; groups[i]; i++) - ngroups++; - -- hwdev->groups = devm_kcalloc(dev, ngroups, sizeof(*groups), -- GFP_KERNEL); -+ hwdev->groups = kcalloc(ngroups, sizeof(*groups), GFP_KERNEL); - if (!hwdev->groups) { - err = -ENOMEM; - goto free_hwmon; - } - -- attrs = __hwmon_create_attrs(dev, drvdata, chip); -+ attrs = __hwmon_create_attrs(drvdata, chip); - if (IS_ERR(attrs)) { - err = PTR_ERR(attrs); - goto free_hwmon; -@@ -621,8 +643,13 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, - if (!chip->ops->is_visible(drvdata, hwmon_temp, - hwmon_temp_input, j)) - continue; -- if (info[i]->config[j] & HWMON_T_INPUT) -- hwmon_thermal_add_sensor(dev, hwdev, j); -+ if (info[i]->config[j] & HWMON_T_INPUT) { -+ err = hwmon_thermal_add_sensor(hdev, j); -+ if (err) { -+ device_unregister(hdev); -+ goto ida_remove; -+ } -+ } - } - } - } -@@ -630,7 +657,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, - return hdev; - - free_hwmon: -- kfree(hwdev); -+ hwmon_dev_release(hdev); - ida_remove: - ida_simple_remove(&hwmon_ida, id); - return ERR_PTR(err); -diff --git a/drivers/hwmon/nct7802.c b/drivers/hwmon/nct7802.c -index 38ffbdb0a85f..779ec8fdfae0 100644 ---- a/drivers/hwmon/nct7802.c -+++ b/drivers/hwmon/nct7802.c -@@ -32,8 +32,8 @@ - static const u8 REG_VOLTAGE[5] = { 0x09, 0x0a, 0x0c, 0x0d, 0x0e }; - - static const u8 REG_VOLTAGE_LIMIT_LSB[2][5] = { -- { 0x40, 0x00, 0x42, 0x44, 0x46 }, -- { 0x3f, 0x00, 0x41, 0x43, 0x45 }, -+ { 0x46, 0x00, 0x40, 0x42, 0x44 }, -+ { 0x45, 0x00, 0x3f, 0x41, 0x43 }, - }; - - static const u8 REG_VOLTAGE_LIMIT_MSB[5] = { 0x48, 0x00, 0x47, 0x47, 0x48 }; -diff --git a/drivers/hwtracing/coresight/coresight-etb10.c b/drivers/hwtracing/coresight/coresight-etb10.c -index d14a9cb7959a..cb675a596302 100644 ---- a/drivers/hwtracing/coresight/coresight-etb10.c -+++ b/drivers/hwtracing/coresight/coresight-etb10.c -@@ -287,9 +287,7 @@ static void *etb_alloc_buffer(struct coresight_device *csdev, int cpu, - int node; - struct cs_buffers *buf; - -- if (cpu == -1) -- cpu = smp_processor_id(); -- node = cpu_to_node(cpu); -+ node = (cpu == -1) ? NUMA_NO_NODE : cpu_to_node(cpu); - - buf = kzalloc_node(sizeof(struct cs_buffers), GFP_KERNEL, node); - if (!buf) -diff --git a/drivers/hwtracing/coresight/coresight-tmc-etf.c b/drivers/hwtracing/coresight/coresight-tmc-etf.c -index 336194d059fe..0a00f4e941fb 100644 ---- a/drivers/hwtracing/coresight/coresight-tmc-etf.c -+++ b/drivers/hwtracing/coresight/coresight-tmc-etf.c -@@ -308,9 +308,7 @@ static void *tmc_alloc_etf_buffer(struct coresight_device *csdev, int cpu, - int node; - struct cs_buffers *buf; - -- if (cpu == -1) -- cpu = smp_processor_id(); -- node = cpu_to_node(cpu); -+ node = (cpu == -1) ? NUMA_NO_NODE : cpu_to_node(cpu); - - /* Allocate memory structure for interaction with Perf */ - buf = kzalloc_node(sizeof(struct cs_buffers), GFP_KERNEL, node); -diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c -index ee3f630c9217..9b5691f306a2 100644 ---- a/drivers/infiniband/ulp/isert/ib_isert.c -+++ b/drivers/infiniband/ulp/isert/ib_isert.c -@@ -2582,17 +2582,6 @@ isert_wait4logout(struct isert_conn *isert_conn) - } - } - --static void --isert_wait4cmds(struct iscsi_conn *conn) --{ -- isert_info("iscsi_conn %p\n", conn); -- -- if (conn->sess) { -- target_sess_cmd_list_set_waiting(conn->sess->se_sess); -- target_wait_for_sess_cmds(conn->sess->se_sess); -- } --} -- - /** - * isert_put_unsol_pending_cmds() - Drop commands waiting for - * unsolicitate dataout -@@ -2640,7 +2629,6 @@ static void isert_wait_conn(struct iscsi_conn *conn) - - ib_drain_qp(isert_conn->qp); - isert_put_unsol_pending_cmds(conn); -- isert_wait4cmds(conn); - isert_wait4logout(isert_conn); - - queue_work(isert_release_wq, &isert_conn->release_work); -diff --git a/drivers/input/misc/keyspan_remote.c b/drivers/input/misc/keyspan_remote.c -index 77c47d6325fe..a9ee813eef10 100644 ---- a/drivers/input/misc/keyspan_remote.c -+++ b/drivers/input/misc/keyspan_remote.c -@@ -344,7 +344,8 @@ static int keyspan_setup(struct usb_device* dev) - int retval = 0; - - retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), -- 0x11, 0x40, 0x5601, 0x0, NULL, 0, 0); -+ 0x11, 0x40, 0x5601, 0x0, NULL, 0, -+ USB_CTRL_SET_TIMEOUT); - if (retval) { - dev_dbg(&dev->dev, "%s - failed to set bit rate due to error: %d\n", - __func__, retval); -@@ -352,7 +353,8 @@ static int keyspan_setup(struct usb_device* dev) - } - - retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), -- 0x44, 0x40, 0x0, 0x0, NULL, 0, 0); -+ 0x44, 0x40, 0x0, 0x0, NULL, 0, -+ USB_CTRL_SET_TIMEOUT); - if (retval) { - dev_dbg(&dev->dev, "%s - failed to set resume sensitivity due to error: %d\n", - __func__, retval); -@@ -360,7 +362,8 @@ static int keyspan_setup(struct usb_device* dev) - } - - retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), -- 0x22, 0x40, 0x0, 0x0, NULL, 0, 0); -+ 0x22, 0x40, 0x0, 0x0, NULL, 0, -+ USB_CTRL_SET_TIMEOUT); - if (retval) { - dev_dbg(&dev->dev, "%s - failed to turn receive on due to error: %d\n", - __func__, retval); -diff --git a/drivers/input/misc/pm8xxx-vibrator.c b/drivers/input/misc/pm8xxx-vibrator.c -index 7dd1c1fbe42a..27b3db154a33 100644 ---- a/drivers/input/misc/pm8xxx-vibrator.c -+++ b/drivers/input/misc/pm8xxx-vibrator.c -@@ -98,7 +98,7 @@ static int pm8xxx_vib_set(struct pm8xxx_vib *vib, bool on) - - if (regs->enable_mask) - rc = regmap_update_bits(vib->regmap, regs->enable_addr, -- on ? regs->enable_mask : 0, val); -+ regs->enable_mask, on ? ~0 : 0); - - return rc; - } -diff --git a/drivers/input/rmi4/rmi_smbus.c b/drivers/input/rmi4/rmi_smbus.c -index 4b2466cf2fb1..b6ccf39c6a7b 100644 ---- a/drivers/input/rmi4/rmi_smbus.c -+++ b/drivers/input/rmi4/rmi_smbus.c -@@ -166,6 +166,7 @@ static int rmi_smb_write_block(struct rmi_transport_dev *xport, u16 rmiaddr, - /* prepare to write next block of bytes */ - cur_len -= SMB_MAX_COUNT; - databuff += SMB_MAX_COUNT; -+ rmiaddr += SMB_MAX_COUNT; - } - exit: - mutex_unlock(&rmi_smb->page_mutex); -@@ -217,6 +218,7 @@ static int rmi_smb_read_block(struct rmi_transport_dev *xport, u16 rmiaddr, - /* prepare to read next block of bytes */ - cur_len -= SMB_MAX_COUNT; - databuff += SMB_MAX_COUNT; -+ rmiaddr += SMB_MAX_COUNT; - } - - retval = 0; -diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c -index 0b55e1f375b3..fbe2df91aad3 100644 ---- a/drivers/input/tablet/aiptek.c -+++ b/drivers/input/tablet/aiptek.c -@@ -1822,14 +1822,14 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id) - input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0); - - /* Verify that a device really has an endpoint */ -- if (intf->altsetting[0].desc.bNumEndpoints < 1) { -+ if (intf->cur_altsetting->desc.bNumEndpoints < 1) { - dev_err(&intf->dev, - "interface has %d endpoints, but must have minimum 1\n", -- intf->altsetting[0].desc.bNumEndpoints); -+ intf->cur_altsetting->desc.bNumEndpoints); - err = -EINVAL; - goto fail3; - } -- endpoint = &intf->altsetting[0].endpoint[0].desc; -+ endpoint = &intf->cur_altsetting->endpoint[0].desc; - - /* Go set up our URB, which is called when the tablet receives - * input. -diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c -index 35031228a6d0..799c94dda651 100644 ---- a/drivers/input/tablet/gtco.c -+++ b/drivers/input/tablet/gtco.c -@@ -875,18 +875,14 @@ static int gtco_probe(struct usb_interface *usbinterface, - } - - /* Sanity check that a device has an endpoint */ -- if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { -+ if (usbinterface->cur_altsetting->desc.bNumEndpoints < 1) { - dev_err(&usbinterface->dev, - "Invalid number of endpoints\n"); - error = -EINVAL; - goto err_free_urb; - } - -- /* -- * The endpoint is always altsetting 0, we know this since we know -- * this device only has one interrupt endpoint -- */ -- endpoint = &usbinterface->altsetting[0].endpoint[0].desc; -+ endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; - - /* Some debug */ - dev_dbg(&usbinterface->dev, "gtco # interfaces: %d\n", usbinterface->num_altsetting); -@@ -973,7 +969,7 @@ static int gtco_probe(struct usb_interface *usbinterface, - input_dev->dev.parent = &usbinterface->dev; - - /* Setup the URB, it will be posted later on open of input device */ -- endpoint = &usbinterface->altsetting[0].endpoint[0].desc; -+ endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; - - usb_fill_int_urb(gtco->urbinfo, - udev, -diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c -index 47de5a81172f..2319144802c9 100644 ---- a/drivers/input/tablet/pegasus_notetaker.c -+++ b/drivers/input/tablet/pegasus_notetaker.c -@@ -260,7 +260,7 @@ static int pegasus_probe(struct usb_interface *intf, - return -ENODEV; - - /* Sanity check that the device has an endpoint */ -- if (intf->altsetting[0].desc.bNumEndpoints < 1) { -+ if (intf->cur_altsetting->desc.bNumEndpoints < 1) { - dev_err(&intf->dev, "Invalid number of endpoints\n"); - return -EINVAL; - } -diff --git a/drivers/input/touchscreen/sun4i-ts.c b/drivers/input/touchscreen/sun4i-ts.c -index d2e14d9e5975..ab44eb0352d0 100644 ---- a/drivers/input/touchscreen/sun4i-ts.c -+++ b/drivers/input/touchscreen/sun4i-ts.c -@@ -246,6 +246,7 @@ static int sun4i_ts_probe(struct platform_device *pdev) - struct device *dev = &pdev->dev; - struct device_node *np = dev->of_node; - struct device *hwmon; -+ struct thermal_zone_device *thermal; - int error; - u32 reg; - bool ts_attached; -@@ -365,7 +366,10 @@ static int sun4i_ts_probe(struct platform_device *pdev) - if (IS_ERR(hwmon)) - return PTR_ERR(hwmon); - -- devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, &sun4i_ts_tz_ops); -+ thermal = devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, -+ &sun4i_ts_tz_ops); -+ if (IS_ERR(thermal)) -+ return PTR_ERR(thermal); - - writel(TEMP_IRQ_EN(1), ts->base + TP_INT_FIFOC); - -diff --git a/drivers/input/touchscreen/sur40.c b/drivers/input/touchscreen/sur40.c -index f16f8358c70a..98e03d0ca03c 100644 ---- a/drivers/input/touchscreen/sur40.c -+++ b/drivers/input/touchscreen/sur40.c -@@ -537,7 +537,7 @@ static int sur40_probe(struct usb_interface *interface, - int error; - - /* Check if we really have the right interface. */ -- iface_desc = &interface->altsetting[0]; -+ iface_desc = interface->cur_altsetting; - if (iface_desc->desc.bInterfaceClass != 0xFF) - return -ENODEV; - -diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 0cabf31fb163..7eb76a1a2505 100644 ---- a/drivers/md/bitmap.c -+++ b/drivers/md/bitmap.c -@@ -1729,7 +1729,7 @@ void bitmap_flush(struct mddev *mddev) - /* - * free memory that was allocated - */ --void bitmap_free(struct bitmap *bitmap) -+void md_bitmap_free(struct bitmap *bitmap) - { - unsigned long k, pages; - struct bitmap_page *bp; -@@ -1763,7 +1763,7 @@ void bitmap_free(struct bitmap *bitmap) - kfree(bp); - kfree(bitmap); - } --EXPORT_SYMBOL(bitmap_free); -+EXPORT_SYMBOL(md_bitmap_free); - - void bitmap_wait_behind_writes(struct mddev *mddev) - { -@@ -1796,7 +1796,7 @@ void bitmap_destroy(struct mddev *mddev) - if (mddev->thread) - mddev->thread->timeout = MAX_SCHEDULE_TIMEOUT; - -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - } - - /* -@@ -1887,7 +1887,7 @@ struct bitmap *bitmap_create(struct mddev *mddev, int slot) - - return bitmap; - error: -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - return ERR_PTR(err); - } - -@@ -1958,7 +1958,7 @@ struct bitmap *get_bitmap_from_slot(struct mddev *mddev, int slot) - - rv = bitmap_init_from_disk(bitmap, 0); - if (rv) { -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - return ERR_PTR(rv); - } - -diff --git a/drivers/md/bitmap.h b/drivers/md/bitmap.h -index 5df35ca90f58..dd53a978c5f2 100644 ---- a/drivers/md/bitmap.h -+++ b/drivers/md/bitmap.h -@@ -271,7 +271,7 @@ int bitmap_resize(struct bitmap *bitmap, sector_t blocks, - struct bitmap *get_bitmap_from_slot(struct mddev *mddev, int slot); - int bitmap_copy_from_slot(struct mddev *mddev, int slot, - sector_t *lo, sector_t *hi, bool clear_bits); --void bitmap_free(struct bitmap *bitmap); -+void md_bitmap_free(struct bitmap *bitmap); - void bitmap_wait_behind_writes(struct mddev *mddev); - #endif - -diff --git a/drivers/md/md-cluster.c b/drivers/md/md-cluster.c -index 717aaffc227d..10057ac85476 100644 ---- a/drivers/md/md-cluster.c -+++ b/drivers/md/md-cluster.c -@@ -1128,7 +1128,7 @@ int cluster_check_sync_size(struct mddev *mddev) - bm_lockres = lockres_init(mddev, str, NULL, 1); - if (!bm_lockres) { - pr_err("md-cluster: Cannot initialize %s\n", str); -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - return -1; - } - bm_lockres->flags |= DLM_LKF_NOQUEUE; -@@ -1142,11 +1142,11 @@ int cluster_check_sync_size(struct mddev *mddev) - sync_size = sb->sync_size; - else if (sync_size != sb->sync_size) { - kunmap_atomic(sb); -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - return -1; - } - kunmap_atomic(sb); -- bitmap_free(bitmap); -+ md_bitmap_free(bitmap); - } - - return (my_sync_size == sync_size) ? 0 : -1; -diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c -index 7cafc8a57950..8eb52139684a 100644 ---- a/drivers/media/v4l2-core/v4l2-ioctl.c -+++ b/drivers/media/v4l2-core/v4l2-ioctl.c -@@ -1496,12 +1496,12 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, - case V4L2_BUF_TYPE_VBI_CAPTURE: - if (unlikely(!ops->vidioc_s_fmt_vbi_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.vbi); -+ CLEAR_AFTER_FIELD(p, fmt.vbi.flags); - return ops->vidioc_s_fmt_vbi_cap(file, fh, arg); - case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: - if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sliced); -+ CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); - return ops->vidioc_s_fmt_sliced_vbi_cap(file, fh, arg); - case V4L2_BUF_TYPE_VIDEO_OUTPUT: - if (unlikely(!ops->vidioc_s_fmt_vid_out)) -@@ -1524,22 +1524,22 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, - case V4L2_BUF_TYPE_VBI_OUTPUT: - if (unlikely(!ops->vidioc_s_fmt_vbi_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.vbi); -+ CLEAR_AFTER_FIELD(p, fmt.vbi.flags); - return ops->vidioc_s_fmt_vbi_out(file, fh, arg); - case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sliced); -+ CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); - return ops->vidioc_s_fmt_sliced_vbi_out(file, fh, arg); - case V4L2_BUF_TYPE_SDR_CAPTURE: - if (unlikely(!ops->vidioc_s_fmt_sdr_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sdr); -+ CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); - return ops->vidioc_s_fmt_sdr_cap(file, fh, arg); - case V4L2_BUF_TYPE_SDR_OUTPUT: - if (unlikely(!ops->vidioc_s_fmt_sdr_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sdr); -+ CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); - return ops->vidioc_s_fmt_sdr_out(file, fh, arg); - case V4L2_BUF_TYPE_META_CAPTURE: - if (unlikely(!ops->vidioc_s_fmt_meta_cap)) -@@ -1583,12 +1583,12 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, - case V4L2_BUF_TYPE_VBI_CAPTURE: - if (unlikely(!ops->vidioc_try_fmt_vbi_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.vbi); -+ CLEAR_AFTER_FIELD(p, fmt.vbi.flags); - return ops->vidioc_try_fmt_vbi_cap(file, fh, arg); - case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: - if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sliced); -+ CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); - return ops->vidioc_try_fmt_sliced_vbi_cap(file, fh, arg); - case V4L2_BUF_TYPE_VIDEO_OUTPUT: - if (unlikely(!ops->vidioc_try_fmt_vid_out)) -@@ -1611,22 +1611,22 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, - case V4L2_BUF_TYPE_VBI_OUTPUT: - if (unlikely(!ops->vidioc_try_fmt_vbi_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.vbi); -+ CLEAR_AFTER_FIELD(p, fmt.vbi.flags); - return ops->vidioc_try_fmt_vbi_out(file, fh, arg); - case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sliced); -+ CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); - return ops->vidioc_try_fmt_sliced_vbi_out(file, fh, arg); - case V4L2_BUF_TYPE_SDR_CAPTURE: - if (unlikely(!ops->vidioc_try_fmt_sdr_cap)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sdr); -+ CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); - return ops->vidioc_try_fmt_sdr_cap(file, fh, arg); - case V4L2_BUF_TYPE_SDR_OUTPUT: - if (unlikely(!ops->vidioc_try_fmt_sdr_out)) - break; -- CLEAR_AFTER_FIELD(p, fmt.sdr); -+ CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); - return ops->vidioc_try_fmt_sdr_out(file, fh, arg); - case V4L2_BUF_TYPE_META_CAPTURE: - if (unlikely(!ops->vidioc_try_fmt_meta_cap)) -diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c -index ce3f344d2b66..d2b0a62bfce1 100644 ---- a/drivers/mmc/host/sdhci-tegra.c -+++ b/drivers/mmc/host/sdhci-tegra.c -@@ -177,7 +177,7 @@ static void tegra_sdhci_reset(struct sdhci_host *host, u8 mask) - misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_DDR50; - if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR104) - misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR104; -- if (soc_data->nvquirks & SDHCI_MISC_CTRL_ENABLE_SDR50) -+ if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR50) - clk_ctrl |= SDHCI_CLOCK_CTRL_SDR50_TUNING_OVERRIDE; - } - -diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c -index 645775dd4edb..4f1c884c0b50 100644 ---- a/drivers/mmc/host/sdhci.c -+++ b/drivers/mmc/host/sdhci.c -@@ -3592,11 +3592,13 @@ int sdhci_setup_host(struct sdhci_host *host) - if (host->ops->get_min_clock) - mmc->f_min = host->ops->get_min_clock(host); - else if (host->version >= SDHCI_SPEC_300) { -- if (host->clk_mul) { -- mmc->f_min = (host->max_clk * host->clk_mul) / 1024; -+ if (host->clk_mul) - max_clk = host->max_clk * host->clk_mul; -- } else -- mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; -+ /* -+ * Divided Clock Mode minimum clock rate is always less than -+ * Programmable Clock Mode minimum clock rate. -+ */ -+ mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; - } else - mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_200; - -diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c -index a42737b4ac79..35564a9561b7 100644 ---- a/drivers/net/can/slcan.c -+++ b/drivers/net/can/slcan.c -@@ -343,9 +343,16 @@ static void slcan_transmit(struct work_struct *work) - */ - static void slcan_write_wakeup(struct tty_struct *tty) - { -- struct slcan *sl = tty->disc_data; -+ struct slcan *sl; -+ -+ rcu_read_lock(); -+ sl = rcu_dereference(tty->disc_data); -+ if (!sl) -+ goto out; - - schedule_work(&sl->tx_work); -+out: -+ rcu_read_unlock(); - } - - /* Send a can_frame to a TTY queue. */ -@@ -640,10 +647,11 @@ static void slcan_close(struct tty_struct *tty) - return; - - spin_lock_bh(&sl->lock); -- tty->disc_data = NULL; -+ rcu_assign_pointer(tty->disc_data, NULL); - sl->tty = NULL; - spin_unlock_bh(&sl->lock); - -+ synchronize_rcu(); - flush_work(&sl->tx_work); - - /* Flush network side */ -diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -index 338683e5ef1e..b8779afb8550 100644 ---- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -@@ -2449,6 +2449,8 @@ static int cxgb_extension_ioctl(struct net_device *dev, void __user *useraddr) - - if (!is_offload(adapter)) - return -EOPNOTSUPP; -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; - if (!(adapter->flags & FULL_INIT_DONE)) - return -EIO; /* need the memory controllers */ - if (copy_from_user(&t, useraddr, sizeof(t))) -diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c -index 25be27826a22..3840f21dd635 100644 ---- a/drivers/net/gtp.c -+++ b/drivers/net/gtp.c -@@ -807,19 +807,21 @@ static struct sock *gtp_encap_enable_socket(int fd, int type, - return NULL; - } - -- if (sock->sk->sk_protocol != IPPROTO_UDP) { -+ sk = sock->sk; -+ if (sk->sk_protocol != IPPROTO_UDP || -+ sk->sk_type != SOCK_DGRAM || -+ (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)) { - pr_debug("socket fd=%d not UDP\n", fd); - sk = ERR_PTR(-EINVAL); - goto out_sock; - } - -- lock_sock(sock->sk); -- if (sock->sk->sk_user_data) { -+ lock_sock(sk); -+ if (sk->sk_user_data) { - sk = ERR_PTR(-EBUSY); - goto out_rel_sock; - } - -- sk = sock->sk; - sock_hold(sk); - - tuncfg.sk_user_data = gtp; -diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c -index d6dc00b4ba55..b07f367abd91 100644 ---- a/drivers/net/slip/slip.c -+++ b/drivers/net/slip/slip.c -@@ -452,9 +452,16 @@ static void slip_transmit(struct work_struct *work) - */ - static void slip_write_wakeup(struct tty_struct *tty) - { -- struct slip *sl = tty->disc_data; -+ struct slip *sl; -+ -+ rcu_read_lock(); -+ sl = rcu_dereference(tty->disc_data); -+ if (!sl) -+ goto out; - - schedule_work(&sl->tx_work); -+out: -+ rcu_read_unlock(); - } - - static void sl_tx_timeout(struct net_device *dev) -@@ -886,10 +893,11 @@ static void slip_close(struct tty_struct *tty) - return; - - spin_lock_bh(&sl->lock); -- tty->disc_data = NULL; -+ rcu_assign_pointer(tty->disc_data, NULL); - sl->tty = NULL; - spin_unlock_bh(&sl->lock); - -+ synchronize_rcu(); - flush_work(&sl->tx_work); - - /* VSV = very important to remove timers */ -diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c -index ee7194a9e231..b179a96ea08c 100644 ---- a/drivers/net/usb/lan78xx.c -+++ b/drivers/net/usb/lan78xx.c -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -3525,6 +3526,19 @@ static void lan78xx_tx_timeout(struct net_device *net) - tasklet_schedule(&dev->bh); - } - -+static netdev_features_t lan78xx_features_check(struct sk_buff *skb, -+ struct net_device *netdev, -+ netdev_features_t features) -+{ -+ if (skb->len + TX_OVERHEAD > MAX_SINGLE_PACKET_SIZE) -+ features &= ~NETIF_F_GSO_MASK; -+ -+ features = vlan_features_check(skb, features); -+ features = vxlan_features_check(skb, features); -+ -+ return features; -+} -+ - static const struct net_device_ops lan78xx_netdev_ops = { - .ndo_open = lan78xx_open, - .ndo_stop = lan78xx_stop, -@@ -3538,6 +3552,7 @@ static const struct net_device_ops lan78xx_netdev_ops = { - .ndo_set_features = lan78xx_set_features, - .ndo_vlan_rx_add_vid = lan78xx_vlan_rx_add_vid, - .ndo_vlan_rx_kill_vid = lan78xx_vlan_rx_kill_vid, -+ .ndo_features_check = lan78xx_features_check, - }; - - static void lan78xx_stat_monitor(unsigned long param) -diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c -index 9f3a7b512673..4ffc188d2ffd 100644 ---- a/drivers/net/wireless/marvell/libertas/cfg.c -+++ b/drivers/net/wireless/marvell/libertas/cfg.c -@@ -273,6 +273,10 @@ add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) - int hw, ap, ap_max = ie[1]; - u8 hw_rate; - -+ if (ap_max > MAX_RATES) { -+ lbs_deb_assoc("invalid rates\n"); -+ return tlv; -+ } - /* Advance past IE header */ - ie += 2; - -@@ -1720,6 +1724,9 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, - struct cmd_ds_802_11_ad_hoc_join cmd; - u8 preamble = RADIO_PREAMBLE_SHORT; - int ret = 0; -+ int hw, i; -+ u8 rates_max; -+ u8 *rates; - - /* TODO: set preamble based on scan result */ - ret = lbs_set_radio(priv, preamble, 1); -@@ -1778,9 +1785,12 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, - if (!rates_eid) { - lbs_add_rates(cmd.bss.rates); - } else { -- int hw, i; -- u8 rates_max = rates_eid[1]; -- u8 *rates = cmd.bss.rates; -+ rates_max = rates_eid[1]; -+ if (rates_max > MAX_RATES) { -+ lbs_deb_join("invalid rates"); -+ goto out; -+ } -+ rates = cmd.bss.rates; - for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { - u8 hw_rate = lbs_rates[hw].bitrate / 5; - for (i = 0; i < rates_max; i++) { -diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index b4d06bd9ed51..95d71e301a53 100644 ---- a/drivers/scsi/scsi_transport_iscsi.c -+++ b/drivers/scsi/scsi_transport_iscsi.c -@@ -37,6 +37,8 @@ - - #define ISCSI_TRANSPORT_VERSION "2.0-870" - -+#define ISCSI_SEND_MAX_ALLOWED 10 -+ - static int dbg_session; - module_param_named(debug_session, dbg_session, int, - S_IRUGO | S_IWUSR); -@@ -3680,6 +3682,7 @@ iscsi_if_rx(struct sk_buff *skb) - struct nlmsghdr *nlh; - struct iscsi_uevent *ev; - uint32_t group; -+ int retries = ISCSI_SEND_MAX_ALLOWED; - - nlh = nlmsg_hdr(skb); - if (nlh->nlmsg_len < sizeof(*nlh) + sizeof(*ev) || -@@ -3710,6 +3713,10 @@ iscsi_if_rx(struct sk_buff *skb) - break; - err = iscsi_if_send_reply(portid, nlh->nlmsg_type, - ev, sizeof(*ev)); -+ if (err == -EAGAIN && --retries < 0) { -+ printk(KERN_WARNING "Send reply failed, error %d\n", err); -+ break; -+ } - } while (err < 0 && err != -ECONNREFUSED && err != -ESRCH); - skb_pull(skb, rlen); - } -diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 2955b856e9ec..e8c2afbb82e9 100644 ---- a/drivers/scsi/sd.c -+++ b/drivers/scsi/sd.c -@@ -1981,9 +1981,13 @@ static int sd_done(struct scsi_cmnd *SCpnt) - } - break; - case REQ_OP_ZONE_REPORT: -+ /* To avoid that the block layer performs an incorrect -+ * bio_advance() call and restart of the remainder of -+ * incomplete report zone BIOs, always indicate a full -+ * completion of REQ_OP_ZONE_REPORT. -+ */ - if (!result) { -- good_bytes = scsi_bufflen(SCpnt) -- - scsi_get_resid(SCpnt); -+ good_bytes = scsi_bufflen(SCpnt); - scsi_set_resid(SCpnt, 0); - } else { - good_bytes = 0; -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 21ce92ee1652..37d64acea5e1 100644 ---- a/drivers/target/iscsi/iscsi_target.c -+++ b/drivers/target/iscsi/iscsi_target.c -@@ -4155,9 +4155,6 @@ int iscsit_close_connection( - iscsit_stop_nopin_response_timer(conn); - iscsit_stop_nopin_timer(conn); - -- if (conn->conn_transport->iscsit_wait_conn) -- conn->conn_transport->iscsit_wait_conn(conn); -- - /* - * During Connection recovery drop unacknowledged out of order - * commands for this connection, and prepare the other commands -@@ -4243,6 +4240,9 @@ int iscsit_close_connection( - target_sess_cmd_list_set_waiting(sess->se_sess); - target_wait_for_sess_cmds(sess->se_sess); - -+ if (conn->conn_transport->iscsit_wait_conn) -+ conn->conn_transport->iscsit_wait_conn(conn); -+ - ahash_request_free(conn->conn_tx_hash); - if (conn->conn_rx_hash) { - struct crypto_ahash *tfm; -diff --git a/fs/namei.c b/fs/namei.c -index d1e467b7b9de..d648d6d2b635 100644 ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -1023,7 +1023,8 @@ static int may_linkat(struct path *link) - * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory - * should be allowed, or not, on files that already - * exist. -- * @dir: the sticky parent directory -+ * @dir_mode: mode bits of directory -+ * @dir_uid: owner of directory - * @inode: the inode of the file to open - * - * Block an O_CREAT open of a FIFO (or a regular file) when: -@@ -1039,18 +1040,18 @@ static int may_linkat(struct path *link) - * - * Returns 0 if the open is allowed, -ve on error. - */ --static int may_create_in_sticky(struct dentry * const dir, -+static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid, - struct inode * const inode) - { - if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || - (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || -- likely(!(dir->d_inode->i_mode & S_ISVTX)) || -- uid_eq(inode->i_uid, dir->d_inode->i_uid) || -+ likely(!(dir_mode & S_ISVTX)) || -+ uid_eq(inode->i_uid, dir_uid) || - uid_eq(current_fsuid(), inode->i_uid)) - return 0; - -- if (likely(dir->d_inode->i_mode & 0002) || -- (dir->d_inode->i_mode & 0020 && -+ if (likely(dir_mode & 0002) || -+ (dir_mode & 0020 && - ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || - (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { - return -EACCES; -@@ -3265,6 +3266,8 @@ static int do_last(struct nameidata *nd, - int *opened) - { - struct dentry *dir = nd->path.dentry; -+ kuid_t dir_uid = dir->d_inode->i_uid; -+ umode_t dir_mode = dir->d_inode->i_mode; - int open_flag = op->open_flag; - bool will_truncate = (open_flag & O_TRUNC) != 0; - bool got_write = false; -@@ -3400,7 +3403,7 @@ finish_open: - error = -EISDIR; - if (d_is_dir(nd->path.dentry)) - goto out; -- error = may_create_in_sticky(dir, -+ error = may_create_in_sticky(dir_mode, dir_uid, - d_backing_inode(nd->path.dentry)); - if (unlikely(error)) - goto out; -diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h -index aec255fb62aa..10a4dd02221d 100644 ---- a/include/linux/bitmap.h -+++ b/include/linux/bitmap.h -@@ -86,6 +86,14 @@ - * contain all bit positions from 0 to 'bits' - 1. - */ - -+/* -+ * Allocation and deallocation of bitmap. -+ * Provided in lib/bitmap.c to avoid circular dependency. -+ */ -+extern unsigned long *bitmap_alloc(unsigned int nbits, gfp_t flags); -+extern unsigned long *bitmap_zalloc(unsigned int nbits, gfp_t flags); -+extern void bitmap_free(const unsigned long *bitmap); -+ - /* - * lib/bitmap.c provides these functions: - */ -diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 8818291815bc..31fc54757bf2 100644 ---- a/include/linux/netdevice.h -+++ b/include/linux/netdevice.h -@@ -3313,6 +3313,7 @@ int dev_set_alias(struct net_device *, const char *, size_t); - int dev_change_net_namespace(struct net_device *, struct net *, const char *); - int __dev_set_mtu(struct net_device *, int); - int dev_set_mtu(struct net_device *, int); -+int dev_validate_mtu(struct net_device *dev, int mtu); - void dev_set_group(struct net_device *, int); - int dev_set_mac_address(struct net_device *, struct sockaddr *); - int dev_change_carrier(struct net_device *, bool new_carrier); -diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h -index 91a533bd3eb1..b7246b7e0bf4 100644 ---- a/include/linux/netfilter/ipset/ip_set.h -+++ b/include/linux/netfilter/ipset/ip_set.h -@@ -445,13 +445,6 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr) - sizeof(*addr)); - } - --/* Calculate the bytes required to store the inclusive range of a-b */ --static inline int --bitmap_bytes(u32 a, u32 b) --{ -- return 4 * ((((b - a + 8) / 8) + 3) / 4); --} -- - #include - #include - #include -diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h -index 2ec9064a2bb7..e5150fc67e91 100644 ---- a/include/trace/events/xen.h -+++ b/include/trace/events/xen.h -@@ -66,7 +66,11 @@ TRACE_EVENT(xen_mc_callback, - TP_PROTO(xen_mc_callback_fn_t fn, void *data), - TP_ARGS(fn, data), - TP_STRUCT__entry( -- __field(xen_mc_callback_fn_t, fn) -+ /* -+ * Use field_struct to avoid is_signed_type() -+ * comparison of a function pointer. -+ */ -+ __field_struct(xen_mc_callback_fn_t, fn) - __field(void *, data) - ), - TP_fast_assign( -diff --git a/lib/bitmap.c b/lib/bitmap.c -index 2a9373ef4054..fbe38a83acb3 100644 ---- a/lib/bitmap.c -+++ b/lib/bitmap.c -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -1212,3 +1213,22 @@ void bitmap_copy_le(unsigned long *dst, const unsigned long *src, unsigned int n - } - EXPORT_SYMBOL(bitmap_copy_le); - #endif -+ -+unsigned long *bitmap_alloc(unsigned int nbits, gfp_t flags) -+{ -+ return kmalloc_array(BITS_TO_LONGS(nbits), sizeof(unsigned long), -+ flags); -+} -+EXPORT_SYMBOL(bitmap_alloc); -+ -+unsigned long *bitmap_zalloc(unsigned int nbits, gfp_t flags) -+{ -+ return bitmap_alloc(nbits, flags | __GFP_ZERO); -+} -+EXPORT_SYMBOL(bitmap_zalloc); -+ -+void bitmap_free(const unsigned long *bitmap) -+{ -+ kfree(bitmap); -+} -+EXPORT_SYMBOL(bitmap_free); -diff --git a/net/core/dev.c b/net/core/dev.c -index f9f05b3df460..36d926d2d5f0 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -6896,18 +6896,9 @@ int dev_set_mtu(struct net_device *dev, int new_mtu) - if (new_mtu == dev->mtu) - return 0; - -- /* MTU must be positive, and in range */ -- if (new_mtu < 0 || new_mtu < dev->min_mtu) { -- net_err_ratelimited("%s: Invalid MTU %d requested, hw min %d\n", -- dev->name, new_mtu, dev->min_mtu); -- return -EINVAL; -- } -- -- if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { -- net_err_ratelimited("%s: Invalid MTU %d requested, hw max %d\n", -- dev->name, new_mtu, dev->max_mtu); -- return -EINVAL; -- } -+ err = dev_validate_mtu(dev, new_mtu); -+ if (err) -+ return err; - - if (!netif_device_present(dev)) - return -ENODEV; -@@ -7667,8 +7658,10 @@ int register_netdevice(struct net_device *dev) - goto err_uninit; - - ret = netdev_register_kobject(dev); -- if (ret) -+ if (ret) { -+ dev->reg_state = NETREG_UNREGISTERED; - goto err_uninit; -+ } - dev->reg_state = NETREG_REGISTERED; - - __netdev_update_features(dev); -@@ -7767,6 +7760,23 @@ int init_dummy_netdev(struct net_device *dev) - EXPORT_SYMBOL_GPL(init_dummy_netdev); - - -+int dev_validate_mtu(struct net_device *dev, int new_mtu) -+{ -+ /* MTU must be positive, and in range */ -+ if (new_mtu < 0 || new_mtu < dev->min_mtu) { -+ net_err_ratelimited("%s: Invalid MTU %d requested, hw min %d\n", -+ dev->name, new_mtu, dev->min_mtu); -+ return -EINVAL; -+ } -+ -+ if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { -+ net_err_ratelimited("%s: Invalid MTU %d requested, hw max %d\n", -+ dev->name, new_mtu, dev->max_mtu); -+ return -EINVAL; -+ } -+ return 0; -+} -+ - /** - * register_netdev - register a network device - * @dev: device to register -diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c -index dee57c5ff738..baf771d2d088 100644 ---- a/net/core/net-sysfs.c -+++ b/net/core/net-sysfs.c -@@ -911,25 +911,30 @@ static int rx_queue_add_kobject(struct net_device *dev, int index) - struct kobject *kobj = &queue->kobj; - int error = 0; - -+ /* Kobject_put later will trigger rx_queue_release call which -+ * decreases dev refcount: Take that reference here -+ */ -+ dev_hold(queue->dev); -+ - kobj->kset = dev->queues_kset; - error = kobject_init_and_add(kobj, &rx_queue_ktype, NULL, - "rx-%u", index); - if (error) -- return error; -- -- dev_hold(queue->dev); -+ goto err; - - if (dev->sysfs_rx_queue_group) { - error = sysfs_create_group(kobj, dev->sysfs_rx_queue_group); -- if (error) { -- kobject_put(kobj); -- return error; -- } -+ if (error) -+ goto err; - } - - kobject_uevent(kobj, KOBJ_ADD); - - return error; -+ -+err: -+ kobject_put(kobj); -+ return error; - } - #endif /* CONFIG_SYSFS */ - -@@ -1322,25 +1327,29 @@ static int netdev_queue_add_kobject(struct net_device *dev, int index) - struct kobject *kobj = &queue->kobj; - int error = 0; - -+ /* Kobject_put later will trigger netdev_queue_release call -+ * which decreases dev refcount: Take that reference here -+ */ -+ dev_hold(queue->dev); -+ - kobj->kset = dev->queues_kset; - error = kobject_init_and_add(kobj, &netdev_queue_ktype, NULL, - "tx-%u", index); - if (error) -- return error; -- -- dev_hold(queue->dev); -+ goto err; - - #ifdef CONFIG_BQL - error = sysfs_create_group(kobj, &dql_group); -- if (error) { -- kobject_put(kobj); -- return error; -- } -+ if (error) -+ goto err; - #endif - - kobject_uevent(kobj, KOBJ_ADD); -- - return 0; -+ -+err: -+ kobject_put(kobj); -+ return error; - } - #endif /* CONFIG_SYSFS */ - -diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index b598e9909fec..7c479c1ffd77 100644 ---- a/net/core/rtnetlink.c -+++ b/net/core/rtnetlink.c -@@ -2466,8 +2466,17 @@ struct net_device *rtnl_create_link(struct net *net, - dev->rtnl_link_ops = ops; - dev->rtnl_link_state = RTNL_LINK_INITIALIZING; - -- if (tb[IFLA_MTU]) -- dev->mtu = nla_get_u32(tb[IFLA_MTU]); -+ if (tb[IFLA_MTU]) { -+ u32 mtu = nla_get_u32(tb[IFLA_MTU]); -+ int err; -+ -+ err = dev_validate_mtu(dev, mtu); -+ if (err) { -+ free_netdev(dev); -+ return ERR_PTR(err); -+ } -+ dev->mtu = mtu; -+ } - if (tb[IFLA_ADDRESS]) { - memcpy(dev->dev_addr, nla_data(tb[IFLA_ADDRESS]), - nla_len(tb[IFLA_ADDRESS])); -diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c -index f1784162acc2..404dc765f2bf 100644 ---- a/net/ipv4/ip_tunnel.c -+++ b/net/ipv4/ip_tunnel.c -@@ -1202,10 +1202,8 @@ int ip_tunnel_init(struct net_device *dev) - iph->version = 4; - iph->ihl = 5; - -- if (tunnel->collect_md) { -- dev->features |= NETIF_F_NETNS_LOCAL; -+ if (tunnel->collect_md) - netif_keep_dst(dev); -- } - return 0; - } - EXPORT_SYMBOL_GPL(ip_tunnel_init); -diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c -index 06f247ca9197..434ad1e72447 100644 ---- a/net/ipv4/tcp_bbr.c -+++ b/net/ipv4/tcp_bbr.c -@@ -678,8 +678,7 @@ static void bbr_update_bw(struct sock *sk, const struct rate_sample *rs) - * bandwidth sample. Delivered is in packets and interval_us in uS and - * ratio will be <<1 for most connections. So delivered is first scaled. - */ -- bw = (u64)rs->delivered * BW_UNIT; -- do_div(bw, rs->interval_us); -+ bw = div64_long((u64)rs->delivered * BW_UNIT, rs->interval_us); - - /* If this sample is application-limited, it is likely to have a very - * low delivered count that represents application behavior rather than -diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 5bc2788e6ba4..c2644405bab1 100644 ---- a/net/ipv6/ip6_tunnel.c -+++ b/net/ipv6/ip6_tunnel.c -@@ -1878,10 +1878,8 @@ static int ip6_tnl_dev_init(struct net_device *dev) - if (err) - return err; - ip6_tnl_link_config(t); -- if (t->parms.collect_md) { -- dev->features |= NETIF_F_NETNS_LOCAL; -+ if (t->parms.collect_md) - netif_keep_dst(dev); -- } - return 0; - } - -diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c -index 825b8e01f947..9a01f72d907f 100644 ---- a/net/ipv6/seg6_local.c -+++ b/net/ipv6/seg6_local.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - #ifdef CONFIG_IPV6_SEG6_HMAC - #include - #endif -@@ -126,7 +127,8 @@ static bool decap_and_validate(struct sk_buff *skb, int proto) - - skb_reset_network_header(skb); - skb_reset_transport_header(skb); -- skb->encapsulation = 0; -+ if (iptunnel_pull_offloads(skb)) -+ return false; - - return true; - } -diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h -index b0701f6259cc..3c0e345367a5 100644 ---- a/net/netfilter/ipset/ip_set_bitmap_gen.h -+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h -@@ -79,7 +79,7 @@ mtype_flush(struct ip_set *set) - - if (set->extensions & IPSET_EXT_DESTROY) - mtype_ext_cleanup(set); -- memset(map->members, 0, map->memsize); -+ bitmap_zero(map->members, map->elements); - set->elements = 0; - set->ext_size = 0; - } -diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c -index 4783efff0bde..a4c104a4977f 100644 ---- a/net/netfilter/ipset/ip_set_bitmap_ip.c -+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c -@@ -40,7 +40,7 @@ MODULE_ALIAS("ip_set_bitmap:ip"); - - /* Type structure */ - struct bitmap_ip { -- void *members; /* the set members */ -+ unsigned long *members; /* the set members */ - u32 first_ip; /* host byte order, included in range */ - u32 last_ip; /* host byte order, included in range */ - u32 elements; /* number of max elements in the set */ -@@ -222,7 +222,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, - u32 first_ip, u32 last_ip, - u32 elements, u32 hosts, u8 netmask) - { -- map->members = ip_set_alloc(map->memsize); -+ map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); - if (!map->members) - return false; - map->first_ip = first_ip; -@@ -315,7 +315,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], - if (!map) - return -ENOMEM; - -- map->memsize = bitmap_bytes(0, elements - 1); -+ map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); - set->variant = &bitmap_ip; - if (!init_map_ip(set, map, first_ip, last_ip, - elements, hosts, netmask)) { -diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c -index 9a065f672d3a..8e58e7e34981 100644 ---- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c -+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c -@@ -46,7 +46,7 @@ enum { - - /* Type structure */ - struct bitmap_ipmac { -- void *members; /* the set members */ -+ unsigned long *members; /* the set members */ - u32 first_ip; /* host byte order, included in range */ - u32 last_ip; /* host byte order, included in range */ - u32 elements; /* number of max elements in the set */ -@@ -299,7 +299,7 @@ static bool - init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, - u32 first_ip, u32 last_ip, u32 elements) - { -- map->members = ip_set_alloc(map->memsize); -+ map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); - if (!map->members) - return false; - map->first_ip = first_ip; -@@ -363,7 +363,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[], - if (!map) - return -ENOMEM; - -- map->memsize = bitmap_bytes(0, elements - 1); -+ map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); - set->variant = &bitmap_ipmac; - if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { - kfree(map); -diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c -index 7f0c733358a4..6771b362a123 100644 ---- a/net/netfilter/ipset/ip_set_bitmap_port.c -+++ b/net/netfilter/ipset/ip_set_bitmap_port.c -@@ -34,7 +34,7 @@ MODULE_ALIAS("ip_set_bitmap:port"); - - /* Type structure */ - struct bitmap_port { -- void *members; /* the set members */ -+ unsigned long *members; /* the set members */ - u16 first_port; /* host byte order, included in range */ - u16 last_port; /* host byte order, included in range */ - u32 elements; /* number of max elements in the set */ -@@ -207,7 +207,7 @@ static bool - init_map_port(struct ip_set *set, struct bitmap_port *map, - u16 first_port, u16 last_port) - { -- map->members = ip_set_alloc(map->memsize); -+ map->members = bitmap_zalloc(map->elements, GFP_KERNEL | __GFP_NOWARN); - if (!map->members) - return false; - map->first_port = first_port; -@@ -250,7 +250,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[], - return -ENOMEM; - - map->elements = elements; -- map->memsize = bitmap_bytes(0, map->elements); -+ map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); - set->variant = &bitmap_port; - if (!init_map_port(set, map, first_port, last_port)) { - kfree(map); -diff --git a/net/sched/ematch.c b/net/sched/ematch.c -index 03b677bc0700..60f2354c1789 100644 ---- a/net/sched/ematch.c -+++ b/net/sched/ematch.c -@@ -267,12 +267,12 @@ static int tcf_em_validate(struct tcf_proto *tp, - } - em->data = (unsigned long) v; - } -+ em->datalen = data_len; - } - } - - em->matchid = em_hdr->matchid; - em->flags = em_hdr->flags; -- em->datalen = data_len; - em->net = net; - - err = 0; -diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c -index a156b6dc3a72..f4fa33b84cde 100644 ---- a/net/x25/af_x25.c -+++ b/net/x25/af_x25.c -@@ -764,6 +764,10 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, - if (sk->sk_state == TCP_ESTABLISHED) - goto out; - -+ rc = -EALREADY; /* Do nothing if call is already in progress */ -+ if (sk->sk_state == TCP_SYN_SENT) -+ goto out; -+ - sk->sk_state = TCP_CLOSE; - sock->state = SS_UNCONNECTED; - -@@ -810,7 +814,7 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, - /* Now the loop */ - rc = -EINPROGRESS; - if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) -- goto out_put_neigh; -+ goto out; - - rc = x25_wait_for_connection_establishment(sk); - if (rc) -diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c -index 16e086dcc567..a4888e955466 100644 ---- a/scripts/recordmcount.c -+++ b/scripts/recordmcount.c -@@ -53,6 +53,10 @@ - #define R_AARCH64_ABS64 257 - #endif - -+#define R_ARM_PC24 1 -+#define R_ARM_THM_CALL 10 -+#define R_ARM_CALL 28 -+ - static int fd_map; /* File descriptor for file being modified. */ - static int mmap_failed; /* Boolean flag. */ - static char gpfx; /* prefix for global symbol name (sometimes '_') */ -@@ -428,6 +432,18 @@ is_mcounted_section_name(char const *const txtname) - #define RECORD_MCOUNT_64 - #include "recordmcount.h" - -+static int arm_is_fake_mcount(Elf32_Rel const *rp) -+{ -+ switch (ELF32_R_TYPE(w(rp->r_info))) { -+ case R_ARM_THM_CALL: -+ case R_ARM_CALL: -+ case R_ARM_PC24: -+ return 0; -+ } -+ -+ return 1; -+} -+ - /* 64-bit EM_MIPS has weird ELF64_Rela.r_info. - * http://techpubs.sgi.com/library/manuals/4000/007-4658-001/pdf/007-4658-001.pdf - * We interpret Table 29 Relocation Operation (Elf64_Rel, Elf64_Rela) [p.40] -@@ -529,6 +545,7 @@ do_file(char const *const fname) - altmcount = "__gnu_mcount_nc"; - make_nop = make_nop_arm; - rel_type_nop = R_ARM_NONE; -+ is_fake_mcount32 = arm_is_fake_mcount; - break; - case EM_AARCH64: - reltype = R_AARCH64_ABS64; diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.169-170.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.169-170.patch deleted file mode 100644 index 5f3c3d21e5..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.169-170.patch +++ /dev/null @@ -1,3128 +0,0 @@ -diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq -index ee39acacf6f8..335595a79866 100644 ---- a/Documentation/ABI/testing/sysfs-class-devfreq -+++ b/Documentation/ABI/testing/sysfs-class-devfreq -@@ -7,6 +7,13 @@ Description: - The name of devfreq object denoted as ... is same as the - name of device using devfreq. - -+What: /sys/class/devfreq/.../name -+Date: November 2019 -+Contact: Chanwoo Choi -+Description: -+ The /sys/class/devfreq/.../name shows the name of device -+ of the corresponding devfreq object. -+ - What: /sys/class/devfreq/.../governor - Date: September 2011 - Contact: MyungJoo Ham -diff --git a/Makefile b/Makefile -index 795d93bfe156..b614291199f8 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 169 -+SUBLEVEL = 170 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/arch/arc/plat-eznps/Kconfig b/arch/arc/plat-eznps/Kconfig -index 8eff057efcae..ce908e2c5282 100644 ---- a/arch/arc/plat-eznps/Kconfig -+++ b/arch/arc/plat-eznps/Kconfig -@@ -7,7 +7,7 @@ - menuconfig ARC_PLAT_EZNPS - bool "\"EZchip\" ARC dev platform" - select CPU_BIG_ENDIAN -- select CLKSRC_NPS -+ select CLKSRC_NPS if !PHYS_ADDR_T_64BIT - select EZNPS_GIC - select EZCHIP_NPS_MANAGEMENT_ENET if ETHERNET - help -diff --git a/arch/arm/boot/dts/am335x-boneblack-common.dtsi b/arch/arm/boot/dts/am335x-boneblack-common.dtsi -index 325daae40278..485c27f039f5 100644 ---- a/arch/arm/boot/dts/am335x-boneblack-common.dtsi -+++ b/arch/arm/boot/dts/am335x-boneblack-common.dtsi -@@ -131,6 +131,11 @@ - }; - - / { -+ memory@80000000 { -+ device_type = "memory"; -+ reg = <0x80000000 0x20000000>; /* 512 MB */ -+ }; -+ - clk_mcasp0_fixed: clk_mcasp0_fixed { - #clock-cells = <0>; - compatible = "fixed-clock"; -diff --git a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi -index 49aeecd312b4..d578a9f7e1a0 100644 ---- a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi -+++ b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi -@@ -32,6 +32,27 @@ - reg = <0x0 0x80000000 0x0 0x80000000>; - }; - -+ main_12v0: fixedregulator-main_12v0 { -+ /* main supply */ -+ compatible = "regulator-fixed"; -+ regulator-name = "main_12v0"; -+ regulator-min-microvolt = <12000000>; -+ regulator-max-microvolt = <12000000>; -+ regulator-always-on; -+ regulator-boot-on; -+ }; -+ -+ evm_5v0: fixedregulator-evm_5v0 { -+ /* Output of TPS54531D */ -+ compatible = "regulator-fixed"; -+ regulator-name = "evm_5v0"; -+ regulator-min-microvolt = <5000000>; -+ regulator-max-microvolt = <5000000>; -+ vin-supply = <&main_12v0>; -+ regulator-always-on; -+ regulator-boot-on; -+ }; -+ - vdd_3v3: fixedregulator-vdd_3v3 { - compatible = "regulator-fixed"; - regulator-name = "vdd_3v3"; -diff --git a/arch/arm/boot/dts/sun8i-a83t-cubietruck-plus.dts b/arch/arm/boot/dts/sun8i-a83t-cubietruck-plus.dts -index 716a205c6dbb..1fed3231f5c1 100644 ---- a/arch/arm/boot/dts/sun8i-a83t-cubietruck-plus.dts -+++ b/arch/arm/boot/dts/sun8i-a83t-cubietruck-plus.dts -@@ -90,7 +90,7 @@ - initial-mode = <1>; /* initialize in HUB mode */ - disabled-ports = <1>; - intn-gpios = <&pio 7 5 GPIO_ACTIVE_HIGH>; /* PH5 */ -- reset-gpios = <&pio 4 16 GPIO_ACTIVE_HIGH>; /* PE16 */ -+ reset-gpios = <&pio 4 16 GPIO_ACTIVE_LOW>; /* PE16 */ - connect-gpios = <&pio 4 17 GPIO_ACTIVE_HIGH>; /* PE17 */ - refclk-frequency = <19200000>; - }; -diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S -index 82a942894fc0..83e463c05dcd 100644 ---- a/arch/arm/kernel/hyp-stub.S -+++ b/arch/arm/kernel/hyp-stub.S -@@ -159,10 +159,9 @@ ARM_BE8(orr r7, r7, #(1 << 25)) @ HSCTLR.EE - #if !defined(ZIMAGE) && defined(CONFIG_ARM_ARCH_TIMER) - @ make CNTP_* and CNTPCT accessible from PL1 - mrc p15, 0, r7, c0, c1, 1 @ ID_PFR1 -- lsr r7, #16 -- and r7, #0xf -- cmp r7, #1 -- bne 1f -+ ubfx r7, r7, #16, #4 -+ teq r7, #0 -+ beq 1f - mrc p15, 4, r7, c14, c1, 0 @ CNTHCTL - orr r7, r7, #3 @ PL1PCEN | PL1PCTEN - mcr p15, 4, r7, c14, c1, 0 @ CNTHCTL -diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile -index 1f012c506434..cd3414898d10 100644 ---- a/arch/arm64/boot/Makefile -+++ b/arch/arm64/boot/Makefile -@@ -16,7 +16,7 @@ - - OBJCOPYFLAGS_Image :=-O binary -R .note -R .note.gnu.build-id -R .comment -S - --targets := Image Image.gz -+targets := Image Image.bz2 Image.gz Image.lz4 Image.lzma Image.lzo - - $(obj)/Image: vmlinux FORCE - $(call if_changed,objcopy) -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0-best-effort.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0-best-effort.dtsi -index e1a961f05dcd..baa0c503e741 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0-best-effort.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0-best-effort.dtsi -@@ -63,6 +63,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe1000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy0: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0.dtsi -index c288f3c6c637..93095600e808 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-0.dtsi -@@ -60,6 +60,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xf1000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy6: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1-best-effort.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1-best-effort.dtsi -index 94f3e7175012..ff4bd38f0645 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1-best-effort.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1-best-effort.dtsi -@@ -63,6 +63,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe3000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy1: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1.dtsi -index 94a76982d214..1fa38ed6f59e 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-10g-1.dtsi -@@ -60,6 +60,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xf3000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy7: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-0.dtsi -index b5ff5f71c6b8..a8cc9780c0c4 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-0.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-0.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe1000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy0: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-1.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-1.dtsi -index ee44182c6348..8b8bd70c9382 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-1.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-1.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe3000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy1: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-2.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-2.dtsi -index f05f0d775039..619c880b54d8 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-2.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-2.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe5000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy2: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-3.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-3.dtsi -index a9114ec51075..d7ebb73a400d 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-3.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-3.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe7000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy3: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-4.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-4.dtsi -index 44dd00ac7367..b151d696a069 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-4.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-4.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe9000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy4: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-5.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-5.dtsi -index 5b1b84b58602..adc0ae0013a3 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-5.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-0-1g-5.dtsi -@@ -59,6 +59,7 @@ fman@400000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xeb000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy5: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-0.dtsi -index 0e1daaef9e74..435047e0e250 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-0.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-0.dtsi -@@ -60,6 +60,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xf1000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy14: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-1.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-1.dtsi -index 68c5ef779266..c098657cca0a 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-1.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-10g-1.dtsi -@@ -60,6 +60,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xf3000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy15: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-0.dtsi -index 605363cc1117..9d06824815f3 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-0.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-0.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe1000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy8: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-1.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-1.dtsi -index 1955dfa13634..70e947730c4b 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-1.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-1.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe3000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy9: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-2.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-2.dtsi -index 2c1476454ee0..ad96e6529595 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-2.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-2.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe5000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy10: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-3.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-3.dtsi -index b8b541ff5fb0..034bc4b71f7a 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-3.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-3.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe7000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy11: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-4.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-4.dtsi -index 4b2cfddd1b15..93ca23d82b39 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-4.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-4.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xe9000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy12: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-5.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-5.dtsi -index 0a52ddf7cc17..23b3117a2fd2 100644 ---- a/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-5.dtsi -+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3-1-1g-5.dtsi -@@ -59,6 +59,7 @@ fman@500000 { - #size-cells = <0>; - compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; - reg = <0xeb000 0x1000>; -+ fsl,erratum-a011043; /* must ignore read errors */ - - pcsphy13: ethernet-phy@0 { - reg = <0x0>; -diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c -index 2dae1b3c42fc..0ec30b2384c0 100644 ---- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c -+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c -@@ -1107,7 +1107,7 @@ static struct dentry *rdt_mount(struct file_system_type *fs_type, - - if (rdt_mon_capable) { - ret = mongroup_create_dir(rdtgroup_default.kn, -- NULL, "mon_groups", -+ &rdtgroup_default, "mon_groups", - &kn_mongrp); - if (ret) { - dentry = ERR_PTR(ret); -@@ -1260,7 +1260,11 @@ static void free_all_child_rdtgrp(struct rdtgroup *rdtgrp) - list_for_each_entry_safe(sentry, stmp, head, mon.crdtgrp_list) { - free_rmid(sentry->mon.rmid); - list_del(&sentry->mon.crdtgrp_list); -- kfree(sentry); -+ -+ if (atomic_read(&sentry->waitcount) != 0) -+ sentry->flags = RDT_DELETED; -+ else -+ kfree(sentry); - } - } - -@@ -1294,7 +1298,11 @@ static void rmdir_all_sub(void) - - kernfs_remove(rdtgrp->kn); - list_del(&rdtgrp->rdtgroup_list); -- kfree(rdtgrp); -+ -+ if (atomic_read(&rdtgrp->waitcount) != 0) -+ rdtgrp->flags = RDT_DELETED; -+ else -+ kfree(rdtgrp); - } - /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */ - update_closid_rmid(cpu_online_mask, &rdtgroup_default); -@@ -1491,7 +1499,7 @@ static int mkdir_mondata_all(struct kernfs_node *parent_kn, - /* - * Create the mon_data directory first. - */ -- ret = mongroup_create_dir(parent_kn, NULL, "mon_data", &kn); -+ ret = mongroup_create_dir(parent_kn, prgrp, "mon_data", &kn); - if (ret) - return ret; - -@@ -1525,7 +1533,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn, - uint files = 0; - int ret; - -- prdtgrp = rdtgroup_kn_lock_live(prgrp_kn); -+ prdtgrp = rdtgroup_kn_lock_live(parent_kn); - if (!prdtgrp) { - ret = -ENODEV; - goto out_unlock; -@@ -1581,7 +1589,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn, - kernfs_activate(kn); - - /* -- * The caller unlocks the prgrp_kn upon success. -+ * The caller unlocks the parent_kn upon success. - */ - return 0; - -@@ -1592,7 +1600,7 @@ out_destroy: - out_free_rgrp: - kfree(rdtgrp); - out_unlock: -- rdtgroup_kn_unlock(prgrp_kn); -+ rdtgroup_kn_unlock(parent_kn); - return ret; - } - -@@ -1630,7 +1638,7 @@ static int rdtgroup_mkdir_mon(struct kernfs_node *parent_kn, - */ - list_add_tail(&rdtgrp->mon.crdtgrp_list, &prgrp->mon.crdtgrp_list); - -- rdtgroup_kn_unlock(prgrp_kn); -+ rdtgroup_kn_unlock(parent_kn); - return ret; - } - -@@ -1667,7 +1675,7 @@ static int rdtgroup_mkdir_ctrl_mon(struct kernfs_node *parent_kn, - * Create an empty mon_groups directory to hold the subset - * of tasks and cpus to monitor. - */ -- ret = mongroup_create_dir(kn, NULL, "mon_groups", NULL); -+ ret = mongroup_create_dir(kn, rdtgrp, "mon_groups", NULL); - if (ret) - goto out_id_free; - } -@@ -1680,7 +1688,7 @@ out_id_free: - out_common_fail: - mkdir_rdt_prepare_clean(rdtgrp); - out_unlock: -- rdtgroup_kn_unlock(prgrp_kn); -+ rdtgroup_kn_unlock(parent_kn); - return ret; - } - -@@ -1792,11 +1800,6 @@ static int rdtgroup_rmdir_ctrl(struct kernfs_node *kn, struct rdtgroup *rdtgrp, - closid_free(rdtgrp->closid); - free_rmid(rdtgrp->mon.rmid); - -- /* -- * Free all the child monitor group rmids. -- */ -- free_all_child_rdtgrp(rdtgrp); -- - list_del(&rdtgrp->rdtgroup_list); - - /* -@@ -1806,6 +1809,11 @@ static int rdtgroup_rmdir_ctrl(struct kernfs_node *kn, struct rdtgroup *rdtgrp, - kernfs_get(kn); - kernfs_remove(rdtgrp->kn); - -+ /* -+ * Free all the child monitor group rmids. -+ */ -+ free_all_child_rdtgrp(rdtgrp); -+ - return 0; - } - -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index 422bba808f73..0679c35adf55 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -139,11 +139,13 @@ void af_alg_release_parent(struct sock *sk) - sk = ask->parent; - ask = alg_sk(sk); - -- lock_sock(sk); -+ local_bh_disable(); -+ bh_lock_sock(sk); - ask->nokey_refcnt -= nokey; - if (!last) - last = !--ask->refcnt; -- release_sock(sk); -+ bh_unlock_sock(sk); -+ local_bh_enable(); - - if (last) - sock_put(sk); -diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index a5718c0a3dc4..1348541da463 100644 ---- a/crypto/pcrypt.c -+++ b/crypto/pcrypt.c -@@ -505,11 +505,12 @@ err: - - static void __exit pcrypt_exit(void) - { -+ crypto_unregister_template(&pcrypt_tmpl); -+ - pcrypt_fini_padata(&pencrypt); - pcrypt_fini_padata(&pdecrypt); - - kset_unregister(pcrypt_kset); -- crypto_unregister_template(&pcrypt_tmpl); - } - - module_init(pcrypt_init); -diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index ce47eb17901d..a106d15f6def 100644 ---- a/drivers/atm/eni.c -+++ b/drivers/atm/eni.c -@@ -372,7 +372,7 @@ static int do_rx_dma(struct atm_vcc *vcc,struct sk_buff *skb, - here = (eni_vcc->descr+skip) & (eni_vcc->words-1); - dma[j++] = (here << MID_DMA_COUNT_SHIFT) | (vcc->vci - << MID_DMA_VCI_SHIFT) | MID_DT_JK; -- j++; -+ dma[j++] = 0; - } - here = (eni_vcc->descr+size+skip) & (eni_vcc->words-1); - if (!eff) size += skip; -@@ -445,7 +445,7 @@ static int do_rx_dma(struct atm_vcc *vcc,struct sk_buff *skb, - if (size != eff) { - dma[j++] = (here << MID_DMA_COUNT_SHIFT) | - (vcc->vci << MID_DMA_VCI_SHIFT) | MID_DT_JK; -- j++; -+ dma[j++] = 0; - } - if (!j || j > 2*RX_DMA_BUF) { - printk(KERN_CRIT DEV_LABEL "!j or j too big!!!\n"); -diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c -index 67549ce88cc9..774748497ace 100644 ---- a/drivers/char/ttyprintk.c -+++ b/drivers/char/ttyprintk.c -@@ -18,10 +18,11 @@ - #include - #include - #include -+#include - - struct ttyprintk_port { - struct tty_port port; -- struct mutex port_write_mutex; -+ spinlock_t spinlock; - }; - - static struct ttyprintk_port tpk_port; -@@ -100,11 +101,12 @@ static int tpk_open(struct tty_struct *tty, struct file *filp) - static void tpk_close(struct tty_struct *tty, struct file *filp) - { - struct ttyprintk_port *tpkp = tty->driver_data; -+ unsigned long flags; - -- mutex_lock(&tpkp->port_write_mutex); -+ spin_lock_irqsave(&tpkp->spinlock, flags); - /* flush tpk_printk buffer */ - tpk_printk(NULL, 0); -- mutex_unlock(&tpkp->port_write_mutex); -+ spin_unlock_irqrestore(&tpkp->spinlock, flags); - - tty_port_close(&tpkp->port, tty, filp); - } -@@ -116,13 +118,14 @@ static int tpk_write(struct tty_struct *tty, - const unsigned char *buf, int count) - { - struct ttyprintk_port *tpkp = tty->driver_data; -+ unsigned long flags; - int ret; - - - /* exclusive use of tpk_printk within this tty */ -- mutex_lock(&tpkp->port_write_mutex); -+ spin_lock_irqsave(&tpkp->spinlock, flags); - ret = tpk_printk(buf, count); -- mutex_unlock(&tpkp->port_write_mutex); -+ spin_unlock_irqrestore(&tpkp->spinlock, flags); - - return ret; - } -@@ -172,7 +175,7 @@ static int __init ttyprintk_init(void) - { - int ret = -ENOMEM; - -- mutex_init(&tpk_port.port_write_mutex); -+ spin_lock_init(&tpk_port.spinlock); - - ttyprintk_driver = tty_alloc_driver(1, - TTY_DRIVER_RESET_TERMIOS | -diff --git a/drivers/clk/mmp/clk-of-mmp2.c b/drivers/clk/mmp/clk-of-mmp2.c -index d083b860f083..10689d8cd386 100644 ---- a/drivers/clk/mmp/clk-of-mmp2.c -+++ b/drivers/clk/mmp/clk-of-mmp2.c -@@ -134,7 +134,7 @@ static DEFINE_SPINLOCK(ssp3_lock); - static const char *ssp_parent_names[] = {"vctcxo_4", "vctcxo_2", "vctcxo", "pll1_16"}; - - static DEFINE_SPINLOCK(timer_lock); --static const char *timer_parent_names[] = {"clk32", "vctcxo_2", "vctcxo_4", "vctcxo"}; -+static const char *timer_parent_names[] = {"clk32", "vctcxo_4", "vctcxo_2", "vctcxo"}; - - static DEFINE_SPINLOCK(reset_lock); - -diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c -index bb7b59fc5c08..8d39f3a07bf8 100644 ---- a/drivers/crypto/chelsio/chcr_algo.c -+++ b/drivers/crypto/chelsio/chcr_algo.c -@@ -2693,9 +2693,6 @@ static int chcr_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) - aeadctx->mayverify = VERIFY_SW; - break; - default: -- -- crypto_tfm_set_flags((struct crypto_tfm *) tfm, -- CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize); -@@ -2720,8 +2717,6 @@ static int chcr_4106_4309_setauthsize(struct crypto_aead *tfm, - aeadctx->mayverify = VERIFY_HW; - break; - default: -- crypto_tfm_set_flags((struct crypto_tfm *)tfm, -- CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize); -@@ -2762,8 +2757,6 @@ static int chcr_ccm_setauthsize(struct crypto_aead *tfm, - aeadctx->mayverify = VERIFY_HW; - break; - default: -- crypto_tfm_set_flags((struct crypto_tfm *)tfm, -- CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - return crypto_aead_setauthsize(aeadctx->sw_cipher, authsize); -@@ -2790,8 +2783,7 @@ static int chcr_ccm_common_setkey(struct crypto_aead *aead, - ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256; - mk_size = CHCR_KEYCTX_MAC_KEY_SIZE_256; - } else { -- crypto_tfm_set_flags((struct crypto_tfm *)aead, -- CRYPTO_TFM_RES_BAD_KEY_LEN); -+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - aeadctx->enckey_len = 0; - return -EINVAL; - } -@@ -2831,8 +2823,7 @@ static int chcr_aead_rfc4309_setkey(struct crypto_aead *aead, const u8 *key, - int error; - - if (keylen < 3) { -- crypto_tfm_set_flags((struct crypto_tfm *)aead, -- CRYPTO_TFM_RES_BAD_KEY_LEN); -+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - aeadctx->enckey_len = 0; - return -EINVAL; - } -@@ -2883,8 +2874,7 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, const u8 *key, - } else if (keylen == AES_KEYSIZE_256) { - ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256; - } else { -- crypto_tfm_set_flags((struct crypto_tfm *)aead, -- CRYPTO_TFM_RES_BAD_KEY_LEN); -+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - pr_err("GCM: Invalid key length %d\n", keylen); - ret = -EINVAL; - goto out; -diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c -index ad18de955b6c..58ec3abfd321 100644 ---- a/drivers/devfreq/devfreq.c -+++ b/drivers/devfreq/devfreq.c -@@ -902,6 +902,14 @@ err_out: - } - EXPORT_SYMBOL(devfreq_remove_governor); - -+static ssize_t name_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ struct devfreq *devfreq = to_devfreq(dev); -+ return sprintf(buf, "%s\n", dev_name(devfreq->dev.parent)); -+} -+static DEVICE_ATTR_RO(name); -+ - static ssize_t governor_show(struct device *dev, - struct device_attribute *attr, char *buf) - { -@@ -1200,6 +1208,7 @@ static ssize_t trans_stat_show(struct device *dev, - static DEVICE_ATTR_RO(trans_stat); - - static struct attribute *devfreq_attrs[] = { -+ &dev_attr_name.attr, - &dev_attr_governor.attr, - &dev_attr_available_governors.attr, - &dev_attr_cur_freq.attr, -diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig -index 2357d2f73c1a..8d2ab77c6581 100644 ---- a/drivers/gpio/Kconfig -+++ b/drivers/gpio/Kconfig -@@ -990,6 +990,7 @@ config GPIO_LP87565 - config GPIO_MAX77620 - tristate "GPIO support for PMIC MAX77620 and MAX20024" - depends on MFD_MAX77620 -+ select GPIOLIB_IRQCHIP - help - GPIO driver for MAX77620 and MAX20024 PMIC from Maxim Semiconductor. - MAX77620 PMIC has 8 pins that can be configured as GPIOs. The -diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h -index 1e2e6e58256a..9d372fa7c298 100644 ---- a/drivers/hid/hid-ids.h -+++ b/drivers/hid/hid-ids.h -@@ -1024,6 +1024,7 @@ - #define USB_DEVICE_ID_SYNAPTICS_LTS2 0x1d10 - #define USB_DEVICE_ID_SYNAPTICS_HD 0x0ac3 - #define USB_DEVICE_ID_SYNAPTICS_QUAD_HD 0x1ac3 -+#define USB_DEVICE_ID_SYNAPTICS_ACER_SWITCH5_012 0x2968 - #define USB_DEVICE_ID_SYNAPTICS_TP_V103 0x5710 - - #define USB_VENDOR_ID_TEXAS_INSTRUMENTS 0x2047 -diff --git a/drivers/hid/hid-ite.c b/drivers/hid/hid-ite.c -index 98b059d79bc8..2ce1eb0c9212 100644 ---- a/drivers/hid/hid-ite.c -+++ b/drivers/hid/hid-ite.c -@@ -43,6 +43,9 @@ static int ite_event(struct hid_device *hdev, struct hid_field *field, - static const struct hid_device_id ite_devices[] = { - { HID_USB_DEVICE(USB_VENDOR_ID_ITE, USB_DEVICE_ID_ITE8595) }, - { HID_USB_DEVICE(USB_VENDOR_ID_258A, USB_DEVICE_ID_258A_6A88) }, -+ /* ITE8595 USB kbd ctlr, with Synaptics touchpad connected to it. */ -+ { HID_USB_DEVICE(USB_VENDOR_ID_SYNAPTICS, -+ USB_DEVICE_ID_SYNAPTICS_ACER_SWITCH5_012) }, - { } - }; - MODULE_DEVICE_TABLE(hid, ite_devices); -diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c -index b60fb6ed5aeb..527535614342 100644 ---- a/drivers/media/radio/si470x/radio-si470x-i2c.c -+++ b/drivers/media/radio/si470x/radio-si470x-i2c.c -@@ -453,10 +453,10 @@ static int si470x_i2c_remove(struct i2c_client *client) - - free_irq(client->irq, radio); - video_unregister_device(&radio->videodev); -- kfree(radio); - - v4l2_ctrl_handler_free(&radio->hdl); - v4l2_device_unregister(&radio->v4l2_dev); -+ kfree(radio); - return 0; - } - -diff --git a/drivers/media/usb/dvb-usb/af9005.c b/drivers/media/usb/dvb-usb/af9005.c -index c047a0bdf91f..66990a193bc5 100644 ---- a/drivers/media/usb/dvb-usb/af9005.c -+++ b/drivers/media/usb/dvb-usb/af9005.c -@@ -563,7 +563,7 @@ static int af9005_boot_packet(struct usb_device *udev, int type, u8 *reply, - u8 *buf, int size) - { - u16 checksum; -- int act_len, i, ret; -+ int act_len = 0, i, ret; - - memset(buf, 0, size); - buf[0] = (u8) (FW_BULKOUT_SIZE & 0xff); -diff --git a/drivers/media/usb/dvb-usb/digitv.c b/drivers/media/usb/dvb-usb/digitv.c -index 475a3c0cdee7..20d33f0544ed 100644 ---- a/drivers/media/usb/dvb-usb/digitv.c -+++ b/drivers/media/usb/dvb-usb/digitv.c -@@ -233,18 +233,22 @@ static struct rc_map_table rc_map_digitv_table[] = { - - static int digitv_rc_query(struct dvb_usb_device *d, u32 *event, int *state) - { -- int i; -+ int ret, i; - u8 key[5]; - u8 b[4] = { 0 }; - - *event = 0; - *state = REMOTE_NO_KEY_PRESSED; - -- digitv_ctrl_msg(d,USB_READ_REMOTE,0,NULL,0,&key[1],4); -+ ret = digitv_ctrl_msg(d, USB_READ_REMOTE, 0, NULL, 0, &key[1], 4); -+ if (ret) -+ return ret; - - /* Tell the device we've read the remote. Not sure how necessary - this is, but the Nebula SDK does it. */ -- digitv_ctrl_msg(d,USB_WRITE_REMOTE,0,b,4,NULL,0); -+ ret = digitv_ctrl_msg(d, USB_WRITE_REMOTE, 0, b, 4, NULL, 0); -+ if (ret) -+ return ret; - - /* if something is inside the buffer, simulate key press */ - if (key[1] != 0) -diff --git a/drivers/media/usb/dvb-usb/dvb-usb-urb.c b/drivers/media/usb/dvb-usb/dvb-usb-urb.c -index c1b4e94a37f8..2aabf90d8697 100644 ---- a/drivers/media/usb/dvb-usb/dvb-usb-urb.c -+++ b/drivers/media/usb/dvb-usb/dvb-usb-urb.c -@@ -12,7 +12,7 @@ - int dvb_usb_generic_rw(struct dvb_usb_device *d, u8 *wbuf, u16 wlen, u8 *rbuf, - u16 rlen, int delay_ms) - { -- int actlen,ret = -ENOMEM; -+ int actlen = 0, ret = -ENOMEM; - - if (!d || wbuf == NULL || wlen == 0) - return -EINVAL; -diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c -index 0f141762abf1..87582be4a39d 100644 ---- a/drivers/media/usb/gspca/gspca.c -+++ b/drivers/media/usb/gspca/gspca.c -@@ -2038,7 +2038,7 @@ int gspca_dev_probe2(struct usb_interface *intf, - pr_err("couldn't kzalloc gspca struct\n"); - return -ENOMEM; - } -- gspca_dev->usb_buf = kmalloc(USB_BUF_SZ, GFP_KERNEL); -+ gspca_dev->usb_buf = kzalloc(USB_BUF_SZ, GFP_KERNEL); - if (!gspca_dev->usb_buf) { - pr_err("out of memory\n"); - ret = -ENOMEM; -diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c -index 94ad2fdd6ef0..05440b727261 100644 ---- a/drivers/net/dsa/bcm_sf2.c -+++ b/drivers/net/dsa/bcm_sf2.c -@@ -137,7 +137,7 @@ static void bcm_sf2_imp_setup(struct dsa_switch *ds, int port) - - /* Force link status for IMP port */ - reg = core_readl(priv, offset); -- reg |= (MII_SW_OR | LINK_STS); -+ reg |= (MII_SW_OR | LINK_STS | GMII_SPEED_UP_2G); - core_writel(priv, reg, offset); - - /* Enable Broadcast, Multicast, Unicast forwarding to IMP port */ -diff --git a/drivers/net/ethernet/broadcom/b44.c b/drivers/net/ethernet/broadcom/b44.c -index a1125d10c825..8b9a0ce1d29f 100644 ---- a/drivers/net/ethernet/broadcom/b44.c -+++ b/drivers/net/ethernet/broadcom/b44.c -@@ -1521,8 +1521,10 @@ static int b44_magic_pattern(u8 *macaddr, u8 *ppattern, u8 *pmask, int offset) - int ethaddr_bytes = ETH_ALEN; - - memset(ppattern + offset, 0xff, magicsync); -- for (j = 0; j < magicsync; j++) -- set_bit(len++, (unsigned long *) pmask); -+ for (j = 0; j < magicsync; j++) { -+ pmask[len >> 3] |= BIT(len & 7); -+ len++; -+ } - - for (j = 0; j < B44_MAX_PATTERNS; j++) { - if ((B44_PATTERN_SIZE - len) >= ETH_ALEN) -@@ -1534,7 +1536,8 @@ static int b44_magic_pattern(u8 *macaddr, u8 *ppattern, u8 *pmask, int offset) - for (k = 0; k< ethaddr_bytes; k++) { - ppattern[offset + magicsync + - (j * ETH_ALEN) + k] = macaddr[k]; -- set_bit(len++, (unsigned long *) pmask); -+ pmask[len >> 3] |= BIT(len & 7); -+ len++; - } - } - return len - 1; -diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c -index 38ee7692132c..7461e7b9eaae 100644 ---- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c -+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c -@@ -7402,11 +7402,23 @@ static bool bnxt_fltr_match(struct bnxt_ntuple_filter *f1, - struct flow_keys *keys1 = &f1->fkeys; - struct flow_keys *keys2 = &f2->fkeys; - -- if (keys1->addrs.v4addrs.src == keys2->addrs.v4addrs.src && -- keys1->addrs.v4addrs.dst == keys2->addrs.v4addrs.dst && -- keys1->ports.ports == keys2->ports.ports && -- keys1->basic.ip_proto == keys2->basic.ip_proto && -- keys1->basic.n_proto == keys2->basic.n_proto && -+ if (keys1->basic.n_proto != keys2->basic.n_proto || -+ keys1->basic.ip_proto != keys2->basic.ip_proto) -+ return false; -+ -+ if (keys1->basic.n_proto == htons(ETH_P_IP)) { -+ if (keys1->addrs.v4addrs.src != keys2->addrs.v4addrs.src || -+ keys1->addrs.v4addrs.dst != keys2->addrs.v4addrs.dst) -+ return false; -+ } else { -+ if (memcmp(&keys1->addrs.v6addrs.src, &keys2->addrs.v6addrs.src, -+ sizeof(keys1->addrs.v6addrs.src)) || -+ memcmp(&keys1->addrs.v6addrs.dst, &keys2->addrs.v6addrs.dst, -+ sizeof(keys1->addrs.v6addrs.dst))) -+ return false; -+ } -+ -+ if (keys1->ports.ports == keys2->ports.ports && - keys1->control.flags == keys2->control.flags && - ether_addr_equal(f1->src_mac_addr, f2->src_mac_addr) && - ether_addr_equal(f1->dst_mac_addr, f2->dst_mac_addr)) -diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c -index 9e5cd18e7358..8bd90ad15607 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c -+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c -@@ -66,8 +66,7 @@ static void *seq_tab_start(struct seq_file *seq, loff_t *pos) - static void *seq_tab_next(struct seq_file *seq, void *v, loff_t *pos) - { - v = seq_tab_get_idx(seq->private, *pos + 1); -- if (v) -- ++*pos; -+ ++(*pos); - return v; - } - -diff --git a/drivers/net/ethernet/chelsio/cxgb4/l2t.c b/drivers/net/ethernet/chelsio/cxgb4/l2t.c -index f7ef8871dd0b..67aa3c997417 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4/l2t.c -+++ b/drivers/net/ethernet/chelsio/cxgb4/l2t.c -@@ -682,8 +682,7 @@ static void *l2t_seq_start(struct seq_file *seq, loff_t *pos) - static void *l2t_seq_next(struct seq_file *seq, void *v, loff_t *pos) - { - v = l2t_get_idx(seq, *pos); -- if (v) -- ++*pos; -+ ++(*pos); - return v; - } - -diff --git a/drivers/net/ethernet/freescale/fman/fman_memac.c b/drivers/net/ethernet/freescale/fman/fman_memac.c -index 75ce773c21a6..b33650a897f1 100644 ---- a/drivers/net/ethernet/freescale/fman/fman_memac.c -+++ b/drivers/net/ethernet/freescale/fman/fman_memac.c -@@ -110,7 +110,7 @@ do { \ - /* Interface Mode Register (IF_MODE) */ - - #define IF_MODE_MASK 0x00000003 /* 30-31 Mask on i/f mode bits */ --#define IF_MODE_XGMII 0x00000000 /* 30-31 XGMII (10G) interface */ -+#define IF_MODE_10G 0x00000000 /* 30-31 10G interface */ - #define IF_MODE_GMII 0x00000002 /* 30-31 GMII (1G) interface */ - #define IF_MODE_RGMII 0x00000004 - #define IF_MODE_RGMII_AUTO 0x00008000 -@@ -439,7 +439,7 @@ static int init(struct memac_regs __iomem *regs, struct memac_cfg *cfg, - tmp = 0; - switch (phy_if) { - case PHY_INTERFACE_MODE_XGMII: -- tmp |= IF_MODE_XGMII; -+ tmp |= IF_MODE_10G; - break; - default: - tmp |= IF_MODE_GMII; -diff --git a/drivers/net/ethernet/freescale/xgmac_mdio.c b/drivers/net/ethernet/freescale/xgmac_mdio.c -index e03b30c60dcf..c82c85ef5fb3 100644 ---- a/drivers/net/ethernet/freescale/xgmac_mdio.c -+++ b/drivers/net/ethernet/freescale/xgmac_mdio.c -@@ -49,6 +49,7 @@ struct tgec_mdio_controller { - struct mdio_fsl_priv { - struct tgec_mdio_controller __iomem *mdio_base; - bool is_little_endian; -+ bool has_a011043; - }; - - static u32 xgmac_read32(void __iomem *regs, -@@ -226,7 +227,8 @@ static int xgmac_mdio_read(struct mii_bus *bus, int phy_id, int regnum) - return ret; - - /* Return all Fs if nothing was there */ -- if (xgmac_read32(®s->mdio_stat, endian) & MDIO_STAT_RD_ER) { -+ if ((xgmac_read32(®s->mdio_stat, endian) & MDIO_STAT_RD_ER) && -+ !priv->has_a011043) { - dev_err(&bus->dev, - "Error while reading PHY%d reg at %d.%hhu\n", - phy_id, dev_addr, regnum); -@@ -274,6 +276,9 @@ static int xgmac_mdio_probe(struct platform_device *pdev) - priv->is_little_endian = of_property_read_bool(pdev->dev.of_node, - "little-endian"); - -+ priv->has_a011043 = of_property_read_bool(pdev->dev.of_node, -+ "fsl,erratum-a011043"); -+ - ret = of_mdiobus_register(bus, np); - if (ret) { - dev_err(&pdev->dev, "cannot register MDIO bus\n"); -diff --git a/drivers/net/ethernet/intel/igb/e1000_82575.c b/drivers/net/ethernet/intel/igb/e1000_82575.c -index c37cc8bccf47..158c277ec353 100644 ---- a/drivers/net/ethernet/intel/igb/e1000_82575.c -+++ b/drivers/net/ethernet/intel/igb/e1000_82575.c -@@ -562,7 +562,7 @@ static s32 igb_set_sfp_media_type_82575(struct e1000_hw *hw) - dev_spec->module_plugged = true; - if (eth_flags->e1000_base_lx || eth_flags->e1000_base_sx) { - hw->phy.media_type = e1000_media_type_internal_serdes; -- } else if (eth_flags->e100_base_fx) { -+ } else if (eth_flags->e100_base_fx || eth_flags->e100_base_lx) { - dev_spec->sgmii_active = true; - hw->phy.media_type = e1000_media_type_internal_serdes; - } else if (eth_flags->e1000_base_t) { -@@ -689,14 +689,10 @@ static s32 igb_get_invariants_82575(struct e1000_hw *hw) - break; - } - -- /* do not change link mode for 100BaseFX */ -- if (dev_spec->eth_flags.e100_base_fx) -- break; -- - /* change current link mode setting */ - ctrl_ext &= ~E1000_CTRL_EXT_LINK_MODE_MASK; - -- if (hw->phy.media_type == e1000_media_type_copper) -+ if (dev_spec->sgmii_active) - ctrl_ext |= E1000_CTRL_EXT_LINK_MODE_SGMII; - else - ctrl_ext |= E1000_CTRL_EXT_LINK_MODE_PCIE_SERDES; -diff --git a/drivers/net/ethernet/intel/igb/igb_ethtool.c b/drivers/net/ethernet/intel/igb/igb_ethtool.c -index d06a8db514d4..82028ce355fb 100644 ---- a/drivers/net/ethernet/intel/igb/igb_ethtool.c -+++ b/drivers/net/ethernet/intel/igb/igb_ethtool.c -@@ -201,7 +201,7 @@ static int igb_get_link_ksettings(struct net_device *netdev, - advertising &= ~ADVERTISED_1000baseKX_Full; - } - } -- if (eth_flags->e100_base_fx) { -+ if (eth_flags->e100_base_fx || eth_flags->e100_base_lx) { - supported |= SUPPORTED_100baseT_Full; - advertising |= ADVERTISED_100baseT_Full; - } -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -index e4c1e6345edd..ba184287e11f 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -@@ -5131,7 +5131,7 @@ static void ixgbe_fdir_filter_restore(struct ixgbe_adapter *adapter) - struct ixgbe_hw *hw = &adapter->hw; - struct hlist_node *node2; - struct ixgbe_fdir_filter *filter; -- u64 action; -+ u8 queue; - - spin_lock(&adapter->fdir_perfect_lock); - -@@ -5140,17 +5140,34 @@ static void ixgbe_fdir_filter_restore(struct ixgbe_adapter *adapter) - - hlist_for_each_entry_safe(filter, node2, - &adapter->fdir_filter_list, fdir_node) { -- action = filter->action; -- if (action != IXGBE_FDIR_DROP_QUEUE && action != 0) -- action = -- (action >> ETHTOOL_RX_FLOW_SPEC_RING_VF_OFF) - 1; -+ if (filter->action == IXGBE_FDIR_DROP_QUEUE) { -+ queue = IXGBE_FDIR_DROP_QUEUE; -+ } else { -+ u32 ring = ethtool_get_flow_spec_ring(filter->action); -+ u8 vf = ethtool_get_flow_spec_ring_vf(filter->action); -+ -+ if (!vf && (ring >= adapter->num_rx_queues)) { -+ e_err(drv, "FDIR restore failed without VF, ring: %u\n", -+ ring); -+ continue; -+ } else if (vf && -+ ((vf > adapter->num_vfs) || -+ ring >= adapter->num_rx_queues_per_pool)) { -+ e_err(drv, "FDIR restore failed with VF, vf: %hhu, ring: %u\n", -+ vf, ring); -+ continue; -+ } -+ -+ /* Map the ring onto the absolute queue index */ -+ if (!vf) -+ queue = adapter->rx_ring[ring]->reg_idx; -+ else -+ queue = ((vf - 1) * -+ adapter->num_rx_queues_per_pool) + ring; -+ } - - ixgbe_fdir_write_perfect_filter_82599(hw, -- &filter->filter, -- filter->sw_idx, -- (action == IXGBE_FDIR_DROP_QUEUE) ? -- IXGBE_FDIR_DROP_QUEUE : -- adapter->rx_ring[action]->reg_idx); -+ &filter->filter, filter->sw_idx, queue); - } - - spin_unlock(&adapter->fdir_perfect_lock); -diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -index e238f6e85ab6..a7708e14aa5c 100644 ---- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -@@ -1858,11 +1858,6 @@ static int ixgbevf_write_uc_addr_list(struct net_device *netdev) - struct ixgbe_hw *hw = &adapter->hw; - int count = 0; - -- if ((netdev_uc_count(netdev)) > 10) { -- pr_err("Too many unicast filters - No Space\n"); -- return -ENOSPC; -- } -- - if (!netdev_uc_empty(netdev)) { - struct netdev_hw_addr *ha; - -diff --git a/drivers/net/ethernet/natsemi/sonic.c b/drivers/net/ethernet/natsemi/sonic.c -index a051dddcbd76..254e6dbc4c6a 100644 ---- a/drivers/net/ethernet/natsemi/sonic.c -+++ b/drivers/net/ethernet/natsemi/sonic.c -@@ -50,6 +50,8 @@ static int sonic_open(struct net_device *dev) - if (sonic_debug > 2) - printk("sonic_open: initializing sonic driver.\n"); - -+ spin_lock_init(&lp->lock); -+ - for (i = 0; i < SONIC_NUM_RRS; i++) { - struct sk_buff *skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); - if (skb == NULL) { -@@ -101,6 +103,24 @@ static int sonic_open(struct net_device *dev) - return 0; - } - -+/* Wait for the SONIC to become idle. */ -+static void sonic_quiesce(struct net_device *dev, u16 mask) -+{ -+ struct sonic_local * __maybe_unused lp = netdev_priv(dev); -+ int i; -+ u16 bits; -+ -+ for (i = 0; i < 1000; ++i) { -+ bits = SONIC_READ(SONIC_CMD) & mask; -+ if (!bits) -+ return; -+ if (irqs_disabled() || in_interrupt()) -+ udelay(20); -+ else -+ usleep_range(100, 200); -+ } -+ WARN_ONCE(1, "command deadline expired! 0x%04x\n", bits); -+} - - /* - * Close the SONIC device -@@ -118,6 +138,9 @@ static int sonic_close(struct net_device *dev) - /* - * stop the SONIC, disable interrupts - */ -+ SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); -+ sonic_quiesce(dev, SONIC_CR_ALL); -+ - SONIC_WRITE(SONIC_IMR, 0); - SONIC_WRITE(SONIC_ISR, 0x7fff); - SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); -@@ -157,6 +180,9 @@ static void sonic_tx_timeout(struct net_device *dev) - * put the Sonic into software-reset mode and - * disable all interrupts before releasing DMA buffers - */ -+ SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); -+ sonic_quiesce(dev, SONIC_CR_ALL); -+ - SONIC_WRITE(SONIC_IMR, 0); - SONIC_WRITE(SONIC_ISR, 0x7fff); - SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); -@@ -194,8 +220,6 @@ static void sonic_tx_timeout(struct net_device *dev) - * wake the tx queue - * Concurrently with all of this, the SONIC is potentially writing to - * the status flags of the TDs. -- * Until some mutual exclusion is added, this code will not work with SMP. However, -- * MIPS Jazz machines and m68k Macs were all uni-processor machines. - */ - - static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) -@@ -203,7 +227,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) - struct sonic_local *lp = netdev_priv(dev); - dma_addr_t laddr; - int length; -- int entry = lp->next_tx; -+ int entry; -+ unsigned long flags; - - if (sonic_debug > 2) - printk("sonic_send_packet: skb=%p, dev=%p\n", skb, dev); -@@ -226,6 +251,10 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) - return NETDEV_TX_OK; - } - -+ spin_lock_irqsave(&lp->lock, flags); -+ -+ entry = lp->next_tx; -+ - sonic_tda_put(dev, entry, SONIC_TD_STATUS, 0); /* clear status */ - sonic_tda_put(dev, entry, SONIC_TD_FRAG_COUNT, 1); /* single fragment */ - sonic_tda_put(dev, entry, SONIC_TD_PKTSIZE, length); /* length of packet */ -@@ -235,10 +264,6 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) - sonic_tda_put(dev, entry, SONIC_TD_LINK, - sonic_tda_get(dev, entry, SONIC_TD_LINK) | SONIC_EOL); - -- /* -- * Must set tx_skb[entry] only after clearing status, and -- * before clearing EOL and before stopping queue -- */ - wmb(); - lp->tx_len[entry] = length; - lp->tx_laddr[entry] = laddr; -@@ -263,6 +288,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) - - SONIC_WRITE(SONIC_CMD, SONIC_CR_TXP); - -+ spin_unlock_irqrestore(&lp->lock, flags); -+ - return NETDEV_TX_OK; - } - -@@ -275,9 +302,21 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) - struct net_device *dev = dev_id; - struct sonic_local *lp = netdev_priv(dev); - int status; -+ unsigned long flags; -+ -+ /* The lock has two purposes. Firstly, it synchronizes sonic_interrupt() -+ * with sonic_send_packet() so that the two functions can share state. -+ * Secondly, it makes sonic_interrupt() re-entrant, as that is required -+ * by macsonic which must use two IRQs with different priority levels. -+ */ -+ spin_lock_irqsave(&lp->lock, flags); -+ -+ status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; -+ if (!status) { -+ spin_unlock_irqrestore(&lp->lock, flags); - -- if (!(status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)) - return IRQ_NONE; -+ } - - do { - if (status & SONIC_INT_PKTRX) { -@@ -292,11 +331,12 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) - int td_status; - int freed_some = 0; - -- /* At this point, cur_tx is the index of a TD that is one of: -- * unallocated/freed (status set & tx_skb[entry] clear) -- * allocated and sent (status set & tx_skb[entry] set ) -- * allocated and not yet sent (status clear & tx_skb[entry] set ) -- * still being allocated by sonic_send_packet (status clear & tx_skb[entry] clear) -+ /* The state of a Transmit Descriptor may be inferred -+ * from { tx_skb[entry], td_status } as follows. -+ * { clear, clear } => the TD has never been used -+ * { set, clear } => the TD was handed to SONIC -+ * { set, set } => the TD was handed back -+ * { clear, set } => the TD is available for re-use - */ - - if (sonic_debug > 2) -@@ -398,10 +438,30 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) - /* load CAM done */ - if (status & SONIC_INT_LCD) - SONIC_WRITE(SONIC_ISR, SONIC_INT_LCD); /* clear the interrupt */ -- } while((status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)); -+ -+ status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; -+ } while (status); -+ -+ spin_unlock_irqrestore(&lp->lock, flags); -+ - return IRQ_HANDLED; - } - -+/* Return the array index corresponding to a given Receive Buffer pointer. */ -+static int index_from_addr(struct sonic_local *lp, dma_addr_t addr, -+ unsigned int last) -+{ -+ unsigned int i = last; -+ -+ do { -+ i = (i + 1) & SONIC_RRS_MASK; -+ if (addr == lp->rx_laddr[i]) -+ return i; -+ } while (i != last); -+ -+ return -ENOENT; -+} -+ - /* - * We have a good packet(s), pass it/them up the network stack. - */ -@@ -421,6 +481,16 @@ static void sonic_rx(struct net_device *dev) - - status = sonic_rda_get(dev, entry, SONIC_RD_STATUS); - if (status & SONIC_RCR_PRX) { -+ u32 addr = (sonic_rda_get(dev, entry, -+ SONIC_RD_PKTPTR_H) << 16) | -+ sonic_rda_get(dev, entry, SONIC_RD_PKTPTR_L); -+ int i = index_from_addr(lp, addr, entry); -+ -+ if (i < 0) { -+ WARN_ONCE(1, "failed to find buffer!\n"); -+ break; -+ } -+ - /* Malloc up new buffer. */ - new_skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); - if (new_skb == NULL) { -@@ -442,7 +512,7 @@ static void sonic_rx(struct net_device *dev) - - /* now we have a new skb to replace it, pass the used one up the stack */ - dma_unmap_single(lp->device, lp->rx_laddr[entry], SONIC_RBSIZE, DMA_FROM_DEVICE); -- used_skb = lp->rx_skb[entry]; -+ used_skb = lp->rx_skb[i]; - pkt_len = sonic_rda_get(dev, entry, SONIC_RD_PKTLEN); - skb_trim(used_skb, pkt_len); - used_skb->protocol = eth_type_trans(used_skb, dev); -@@ -451,13 +521,13 @@ static void sonic_rx(struct net_device *dev) - lp->stats.rx_bytes += pkt_len; - - /* and insert the new skb */ -- lp->rx_laddr[entry] = new_laddr; -- lp->rx_skb[entry] = new_skb; -+ lp->rx_laddr[i] = new_laddr; -+ lp->rx_skb[i] = new_skb; - - bufadr_l = (unsigned long)new_laddr & 0xffff; - bufadr_h = (unsigned long)new_laddr >> 16; -- sonic_rra_put(dev, entry, SONIC_RR_BUFADR_L, bufadr_l); -- sonic_rra_put(dev, entry, SONIC_RR_BUFADR_H, bufadr_h); -+ sonic_rra_put(dev, i, SONIC_RR_BUFADR_L, bufadr_l); -+ sonic_rra_put(dev, i, SONIC_RR_BUFADR_H, bufadr_h); - } else { - /* This should only happen, if we enable accepting broken packets. */ - lp->stats.rx_errors++; -@@ -592,6 +662,7 @@ static int sonic_init(struct net_device *dev) - */ - SONIC_WRITE(SONIC_CMD, 0); - SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); -+ sonic_quiesce(dev, SONIC_CR_ALL); - - /* - * initialize the receive resource area -diff --git a/drivers/net/ethernet/natsemi/sonic.h b/drivers/net/ethernet/natsemi/sonic.h -index 421b1a283fed..7dc011655e70 100644 ---- a/drivers/net/ethernet/natsemi/sonic.h -+++ b/drivers/net/ethernet/natsemi/sonic.h -@@ -110,6 +110,9 @@ - #define SONIC_CR_TXP 0x0002 - #define SONIC_CR_HTX 0x0001 - -+#define SONIC_CR_ALL (SONIC_CR_LCAM | SONIC_CR_RRRA | \ -+ SONIC_CR_RXEN | SONIC_CR_TXP) -+ - /* - * SONIC data configuration bits - */ -@@ -274,8 +277,9 @@ - #define SONIC_NUM_RDS SONIC_NUM_RRS /* number of receive descriptors */ - #define SONIC_NUM_TDS 16 /* number of transmit descriptors */ - --#define SONIC_RDS_MASK (SONIC_NUM_RDS-1) --#define SONIC_TDS_MASK (SONIC_NUM_TDS-1) -+#define SONIC_RRS_MASK (SONIC_NUM_RRS - 1) -+#define SONIC_RDS_MASK (SONIC_NUM_RDS - 1) -+#define SONIC_TDS_MASK (SONIC_NUM_TDS - 1) - - #define SONIC_RBSIZE 1520 /* size of one resource buffer */ - -@@ -321,6 +325,7 @@ struct sonic_local { - unsigned int next_tx; /* next free TD */ - struct device *device; /* generic device */ - struct net_device_stats stats; -+ spinlock_t lock; - }; - - #define TX_TIMEOUT (3 * HZ) -@@ -342,30 +347,30 @@ static void sonic_tx_timeout(struct net_device *dev); - as far as we can tell. */ - /* OpenBSD calls this "SWO". I'd like to think that sonic_buf_put() - is a much better name. */ --static inline void sonic_buf_put(void* base, int bitmode, -+static inline void sonic_buf_put(u16 *base, int bitmode, - int offset, __u16 val) - { - if (bitmode) - #ifdef __BIG_ENDIAN -- ((__u16 *) base + (offset*2))[1] = val; -+ __raw_writew(val, base + (offset * 2) + 1); - #else -- ((__u16 *) base + (offset*2))[0] = val; -+ __raw_writew(val, base + (offset * 2) + 0); - #endif - else -- ((__u16 *) base)[offset] = val; -+ __raw_writew(val, base + (offset * 1) + 0); - } - --static inline __u16 sonic_buf_get(void* base, int bitmode, -+static inline __u16 sonic_buf_get(u16 *base, int bitmode, - int offset) - { - if (bitmode) - #ifdef __BIG_ENDIAN -- return ((volatile __u16 *) base + (offset*2))[1]; -+ return __raw_readw(base + (offset * 2) + 1); - #else -- return ((volatile __u16 *) base + (offset*2))[0]; -+ return __raw_readw(base + (offset * 2) + 0); - #endif - else -- return ((volatile __u16 *) base)[offset]; -+ return __raw_readw(base + (offset * 1) + 0); - } - - /* Inlines that you should actually use for reading/writing DMA buffers */ -diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -index a496390b8632..07f9067affc6 100644 ---- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -@@ -2043,6 +2043,7 @@ static void qlcnic_83xx_exec_template_cmd(struct qlcnic_adapter *p_dev, - break; - } - entry += p_hdr->size; -+ cond_resched(); - } - p_dev->ahw->reset.seq_index = index; - } -diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c -index afa10a163da1..f34ae8c75bc5 100644 ---- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c -+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c -@@ -703,6 +703,7 @@ static u32 qlcnic_read_memory_test_agent(struct qlcnic_adapter *adapter, - addr += 16; - reg_read -= 16; - ret += 16; -+ cond_resched(); - } - out: - mutex_unlock(&adapter->ahw->mem_lock); -@@ -1383,6 +1384,7 @@ int qlcnic_dump_fw(struct qlcnic_adapter *adapter) - buf_offset += entry->hdr.cap_size; - entry_offset += entry->hdr.offset; - buffer = fw_dump->data + buf_offset; -+ cond_resched(); - } - - fw_dump->clr = 1; -diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c -index 4a984b76a60e..db70d4c5778a 100644 ---- a/drivers/net/usb/qmi_wwan.c -+++ b/drivers/net/usb/qmi_wwan.c -@@ -999,6 +999,7 @@ static const struct usb_device_id products[] = { - {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0125)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */ - {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0306)}, /* Quectel EP06/EG06/EM06 */ - {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */ -+ {QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0800)}, /* Quectel RM500Q-GL */ - - /* 3. Combined interface devices matching on interface number */ - {QMI_FIXED_INTF(0x0408, 0xea42, 4)}, /* Yota / Megafon M100-1 */ -diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c -index 0083c60f5cdf..a7f9c1886bd4 100644 ---- a/drivers/net/usb/r8152.c -+++ b/drivers/net/usb/r8152.c -@@ -5244,6 +5244,11 @@ static int rtl8152_probe(struct usb_interface *intf, - - intf->needs_remote_wakeup = 1; - -+ if (!rtl_can_wakeup(tp)) -+ __rtl_set_wol(tp, 0); -+ else -+ tp->saved_wolopts = __rtl_get_wol(tp); -+ - tp->rtl_ops.init(tp); - queue_delayed_work(system_long_wq, &tp->hw_phy_work, 0); - set_ethernet_addr(tp); -@@ -5257,10 +5262,6 @@ static int rtl8152_probe(struct usb_interface *intf, - goto out1; - } - -- if (!rtl_can_wakeup(tp)) -- __rtl_set_wol(tp, 0); -- -- tp->saved_wolopts = __rtl_get_wol(tp); - if (tp->saved_wolopts) - device_set_wakeup_enable(&udev->dev, true); - else -diff --git a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c -index 236c62538036..1eb329fc7241 100644 ---- a/drivers/net/wan/sdla.c -+++ b/drivers/net/wan/sdla.c -@@ -711,7 +711,7 @@ static netdev_tx_t sdla_transmit(struct sk_buff *skb, - - spin_lock_irqsave(&sdla_lock, flags); - SDLA_WINDOW(dev, addr); -- pbuf = (void *)(((int) dev->mem_start) + (addr & SDLA_ADDR_MASK)); -+ pbuf = (void *)(dev->mem_start + (addr & SDLA_ADDR_MASK)); - __sdla_write(dev, pbuf->buf_addr, skb->data, skb->len); - SDLA_WINDOW(dev, addr); - pbuf->opp_flag = 1; -diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c -index c5f4dd808745..6f669166c263 100644 ---- a/drivers/net/wireless/ath/ath9k/hif_usb.c -+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c -@@ -1214,7 +1214,7 @@ err_fw: - static int send_eject_command(struct usb_interface *interface) - { - struct usb_device *udev = interface_to_usbdev(interface); -- struct usb_host_interface *iface_desc = &interface->altsetting[0]; -+ struct usb_host_interface *iface_desc = interface->cur_altsetting; - struct usb_endpoint_descriptor *endpoint; - unsigned char *cmd; - u8 bulk_out_ep; -diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -index be855aa32154..2eb5fe7367c6 100644 ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -@@ -1333,7 +1333,7 @@ brcmf_usb_probe(struct usb_interface *intf, const struct usb_device_id *id) - goto fail; - } - -- desc = &intf->altsetting[0].desc; -+ desc = &intf->cur_altsetting->desc; - if ((desc->bInterfaceClass != USB_CLASS_VENDOR_SPEC) || - (desc->bInterfaceSubClass != 2) || - (desc->bInterfaceProtocol != 0xff)) { -@@ -1346,7 +1346,7 @@ brcmf_usb_probe(struct usb_interface *intf, const struct usb_device_id *id) - - num_of_eps = desc->bNumEndpoints; - for (ep = 0; ep < num_of_eps; ep++) { -- endpoint = &intf->altsetting[0].endpoint[ep].desc; -+ endpoint = &intf->cur_altsetting->endpoint[ep].desc; - endpoint_num = usb_endpoint_num(endpoint); - if (!usb_endpoint_xfer_bulk(endpoint)) - continue; -diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c -index fc49255bab00..f3f20abbe269 100644 ---- a/drivers/net/wireless/cisco/airo.c -+++ b/drivers/net/wireless/cisco/airo.c -@@ -7788,16 +7788,8 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { - case AIROGVLIST: ridcode = RID_APLIST; break; - case AIROGDRVNAM: ridcode = RID_DRVNAME; break; - case AIROGEHTENC: ridcode = RID_ETHERENCAP; break; -- case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; -- /* Only super-user can read WEP keys */ -- if (!capable(CAP_NET_ADMIN)) -- return -EPERM; -- break; -- case AIROGWEPKNV: ridcode = RID_WEP_PERM; -- /* Only super-user can read WEP keys */ -- if (!capable(CAP_NET_ADMIN)) -- return -EPERM; -- break; -+ case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; break; -+ case AIROGWEPKNV: ridcode = RID_WEP_PERM; break; - case AIROGSTAT: ridcode = RID_STATUS; break; - case AIROGSTATSD32: ridcode = RID_STATSDELTA; break; - case AIROGSTATSC32: ridcode = RID_STATS; break; -@@ -7811,7 +7803,13 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { - return -EINVAL; - } - -- if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL) -+ if (ridcode == RID_WEP_TEMP || ridcode == RID_WEP_PERM) { -+ /* Only super-user can read WEP keys */ -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ } -+ -+ if ((iobuf = kzalloc(RIDSIZE, GFP_KERNEL)) == NULL) - return -ENOMEM; - - PC4500_readrid(ai,ridcode,iobuf,RIDSIZE, 1); -diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -index 56f6e3b71f48..95015d74b1c0 100644 ---- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1613,9 +1613,9 @@ static int ezusb_probe(struct usb_interface *interface, - /* set up the endpoint information */ - /* check out the endpoints */ - -- iface_desc = &interface->altsetting[0].desc; -+ iface_desc = &interface->cur_altsetting->desc; - for (i = 0; i < iface_desc->bNumEndpoints; ++i) { -- ep = &interface->altsetting[0].endpoint[i].desc; -+ ep = &interface->cur_altsetting->endpoint[i].desc; - - if (usb_endpoint_is_bulk_in(ep)) { - /* we found a bulk in endpoint */ -diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c -index 73fc5952fd37..63f37fa72e4b 100644 ---- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c -+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c -@@ -5921,7 +5921,7 @@ static int rtl8xxxu_parse_usb(struct rtl8xxxu_priv *priv, - u8 dir, xtype, num; - int ret = 0; - -- host_interface = &interface->altsetting[0]; -+ host_interface = interface->cur_altsetting; - interface_desc = &host_interface->desc; - endpoints = interface_desc->bNumEndpoints; - -diff --git a/drivers/net/wireless/rsi/rsi_91x_hal.c b/drivers/net/wireless/rsi/rsi_91x_hal.c -index 120b0ff545c1..d205947c4c55 100644 ---- a/drivers/net/wireless/rsi/rsi_91x_hal.c -+++ b/drivers/net/wireless/rsi/rsi_91x_hal.c -@@ -541,6 +541,7 @@ static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) - bl_start_cmd_timer(adapter, timeout); - status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); - if (status < 0) { -+ bl_stop_cmd_timer(adapter); - rsi_dbg(ERR_ZONE, - "%s: Command %s (%0x) writing failed..\n", - __func__, str, cmd); -@@ -656,10 +657,9 @@ static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) - } - - status = bl_cmd(adapter, cmd_req, cmd_resp, str); -- if (status) { -- bl_stop_cmd_timer(adapter); -+ if (status) - return status; -- } -+ - return 0; - } - -@@ -749,10 +749,9 @@ static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, - - status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, - "EOF_REACHED"); -- if (status) { -- bl_stop_cmd_timer(adapter); -+ if (status) - return status; -- } -+ - rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); - return 0; - } -@@ -773,6 +772,7 @@ static int rsi_load_firmware(struct rsi_hw *adapter) - status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, - ®out_val, 2); - if (status < 0) { -+ bl_stop_cmd_timer(adapter); - rsi_dbg(ERR_ZONE, - "%s: REGOUT read failed\n", __func__); - return status; -diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c -index f90c10b3c921..786a330bc470 100644 ---- a/drivers/net/wireless/rsi/rsi_91x_usb.c -+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c -@@ -105,7 +105,7 @@ static int rsi_find_bulk_in_and_out_endpoints(struct usb_interface *interface, - __le16 buffer_size; - int ii, bep_found = 0; - -- iface_desc = &(interface->altsetting[0]); -+ iface_desc = interface->cur_altsetting; - - for (ii = 0; ii < iface_desc->desc.bNumEndpoints; ++ii) { - endpoint = &(iface_desc->endpoint[ii].desc); -diff --git a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -index c30bf118c67d..1e396eb26ccf 100644 ---- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -+++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -@@ -1272,7 +1272,7 @@ static void print_id(struct usb_device *udev) - static int eject_installer(struct usb_interface *intf) - { - struct usb_device *udev = interface_to_usbdev(intf); -- struct usb_host_interface *iface_desc = &intf->altsetting[0]; -+ struct usb_host_interface *iface_desc = intf->cur_altsetting; - struct usb_endpoint_descriptor *endpoint; - unsigned char *cmd; - u8 bulk_out_ep; -diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 90df085e9f92..e7ed051ec125 100644 ---- a/drivers/pci/quirks.c -+++ b/drivers/pci/quirks.c -@@ -4019,6 +4019,40 @@ static void quirk_mic_x200_dma_alias(struct pci_dev *pdev) - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2260, quirk_mic_x200_dma_alias); - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2264, quirk_mic_x200_dma_alias); - -+/* -+ * Intel Visual Compute Accelerator (VCA) is a family of PCIe add-in devices -+ * exposing computational units via Non Transparent Bridges (NTB, PEX 87xx). -+ * -+ * Similarly to MIC x200, we need to add DMA aliases to allow buffer access -+ * when IOMMU is enabled. These aliases allow computational unit access to -+ * host memory. These aliases mark the whole VCA device as one IOMMU -+ * group. -+ * -+ * All possible slot numbers (0x20) are used, since we are unable to tell -+ * what slot is used on other side. This quirk is intended for both host -+ * and computational unit sides. The VCA devices have up to five functions -+ * (four for DMA channels and one additional). -+ */ -+static void quirk_pex_vca_alias(struct pci_dev *pdev) -+{ -+ const unsigned int num_pci_slots = 0x20; -+ unsigned int slot; -+ -+ for (slot = 0; slot < num_pci_slots; slot++) { -+ pci_add_dma_alias(pdev, PCI_DEVFN(slot, 0x0)); -+ pci_add_dma_alias(pdev, PCI_DEVFN(slot, 0x1)); -+ pci_add_dma_alias(pdev, PCI_DEVFN(slot, 0x2)); -+ pci_add_dma_alias(pdev, PCI_DEVFN(slot, 0x3)); -+ pci_add_dma_alias(pdev, PCI_DEVFN(slot, 0x4)); -+ } -+} -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2954, quirk_pex_vca_alias); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2955, quirk_pex_vca_alias); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2956, quirk_pex_vca_alias); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2958, quirk_pex_vca_alias); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2959, quirk_pex_vca_alias); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x295A, quirk_pex_vca_alias); -+ - /* - * The IOMMU and interrupt controller on Broadcom Vulcan/Cavium ThunderX2 are - * associated not at the root bus, but at a bridge below. This quirk avoids -diff --git a/drivers/phy/motorola/phy-cpcap-usb.c b/drivers/phy/motorola/phy-cpcap-usb.c -index 4ba3634009af..593c77dbde2e 100644 ---- a/drivers/phy/motorola/phy-cpcap-usb.c -+++ b/drivers/phy/motorola/phy-cpcap-usb.c -@@ -115,7 +115,7 @@ struct cpcap_usb_ints_state { - enum cpcap_gpio_mode { - CPCAP_DM_DP, - CPCAP_MDM_RX_TX, -- CPCAP_UNKNOWN, -+ CPCAP_UNKNOWN_DISABLED, /* Seems to disable USB lines */ - CPCAP_OTG_DM_DP, - }; - -@@ -379,7 +379,8 @@ static int cpcap_usb_set_uart_mode(struct cpcap_phy_ddata *ddata) - { - int error; - -- error = cpcap_usb_gpio_set_mode(ddata, CPCAP_DM_DP); -+ /* Disable lines to prevent glitches from waking up mdm6600 */ -+ error = cpcap_usb_gpio_set_mode(ddata, CPCAP_UNKNOWN_DISABLED); - if (error) - goto out_err; - -@@ -406,6 +407,11 @@ static int cpcap_usb_set_uart_mode(struct cpcap_phy_ddata *ddata) - if (error) - goto out_err; - -+ /* Enable UART mode */ -+ error = cpcap_usb_gpio_set_mode(ddata, CPCAP_DM_DP); -+ if (error) -+ goto out_err; -+ - return 0; - - out_err: -@@ -418,7 +424,8 @@ static int cpcap_usb_set_usb_mode(struct cpcap_phy_ddata *ddata) - { - int error; - -- error = cpcap_usb_gpio_set_mode(ddata, CPCAP_OTG_DM_DP); -+ /* Disable lines to prevent glitches from waking up mdm6600 */ -+ error = cpcap_usb_gpio_set_mode(ddata, CPCAP_UNKNOWN_DISABLED); - if (error) - return error; - -@@ -458,6 +465,11 @@ static int cpcap_usb_set_usb_mode(struct cpcap_phy_ddata *ddata) - if (error) - goto out_err; - -+ /* Enable USB mode */ -+ error = cpcap_usb_gpio_set_mode(ddata, CPCAP_OTG_DM_DP); -+ if (error) -+ goto out_err; -+ - return 0; - - out_err: -diff --git a/drivers/scsi/fnic/fnic_scsi.c b/drivers/scsi/fnic/fnic_scsi.c -index 242e2ee494a1..d79ac0b24f5a 100644 ---- a/drivers/scsi/fnic/fnic_scsi.c -+++ b/drivers/scsi/fnic/fnic_scsi.c -@@ -446,6 +446,9 @@ static int fnic_queuecommand_lck(struct scsi_cmnd *sc, void (*done)(struct scsi_ - if (unlikely(fnic_chk_state_flags_locked(fnic, FNIC_FLAGS_IO_BLOCKED))) - return SCSI_MLQUEUE_HOST_BUSY; - -+ if (unlikely(fnic_chk_state_flags_locked(fnic, FNIC_FLAGS_FWRESET))) -+ return SCSI_MLQUEUE_HOST_BUSY; -+ - rport = starget_to_rport(scsi_target(sc->device)); - if (!rport) { - FNIC_SCSI_DBG(KERN_DEBUG, fnic->lport->host, -diff --git a/drivers/soc/ti/wkup_m3_ipc.c b/drivers/soc/ti/wkup_m3_ipc.c -index 369aef5e7228..651827c6ee6f 100644 ---- a/drivers/soc/ti/wkup_m3_ipc.c -+++ b/drivers/soc/ti/wkup_m3_ipc.c -@@ -375,6 +375,8 @@ static void wkup_m3_rproc_boot_thread(struct wkup_m3_ipc *m3_ipc) - ret = rproc_boot(m3_ipc->rproc); - if (ret) - dev_err(dev, "rproc_boot failed\n"); -+ else -+ m3_ipc_state = m3_ipc; - - do_exit(0); - } -@@ -461,8 +463,6 @@ static int wkup_m3_ipc_probe(struct platform_device *pdev) - goto err_put_rproc; - } - -- m3_ipc_state = m3_ipc; -- - return 0; - - err_put_rproc: -diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c -index b217c22ff72f..b461200871f8 100644 ---- a/drivers/spi/spi-dw.c -+++ b/drivers/spi/spi-dw.c -@@ -180,9 +180,11 @@ static inline u32 rx_max(struct dw_spi *dws) - - static void dw_writer(struct dw_spi *dws) - { -- u32 max = tx_max(dws); -+ u32 max; - u16 txw = 0; - -+ spin_lock(&dws->buf_lock); -+ max = tx_max(dws); - while (max--) { - /* Set the tx word if the transfer's original "tx" is not null */ - if (dws->tx_end - dws->len) { -@@ -194,13 +196,16 @@ static void dw_writer(struct dw_spi *dws) - dw_write_io_reg(dws, DW_SPI_DR, txw); - dws->tx += dws->n_bytes; - } -+ spin_unlock(&dws->buf_lock); - } - - static void dw_reader(struct dw_spi *dws) - { -- u32 max = rx_max(dws); -+ u32 max; - u16 rxw; - -+ spin_lock(&dws->buf_lock); -+ max = rx_max(dws); - while (max--) { - rxw = dw_read_io_reg(dws, DW_SPI_DR); - /* Care rx only if the transfer's original "rx" is not null */ -@@ -212,6 +217,7 @@ static void dw_reader(struct dw_spi *dws) - } - dws->rx += dws->n_bytes; - } -+ spin_unlock(&dws->buf_lock); - } - - static void int_error_stop(struct dw_spi *dws, const char *msg) -@@ -284,18 +290,20 @@ static int dw_spi_transfer_one(struct spi_master *master, - { - struct dw_spi *dws = spi_master_get_devdata(master); - struct chip_data *chip = spi_get_ctldata(spi); -+ unsigned long flags; - u8 imask = 0; - u16 txlevel = 0; - u32 cr0; - int ret; - - dws->dma_mapped = 0; -- -+ spin_lock_irqsave(&dws->buf_lock, flags); - dws->tx = (void *)transfer->tx_buf; - dws->tx_end = dws->tx + transfer->len; - dws->rx = transfer->rx_buf; - dws->rx_end = dws->rx + transfer->len; - dws->len = transfer->len; -+ spin_unlock_irqrestore(&dws->buf_lock, flags); - - spi_enable_chip(dws, 0); - -@@ -486,6 +494,7 @@ int dw_spi_add_host(struct device *dev, struct dw_spi *dws) - dws->type = SSI_MOTO_SPI; - dws->dma_inited = 0; - dws->dma_addr = (dma_addr_t)(dws->paddr + DW_SPI_DR); -+ spin_lock_init(&dws->buf_lock); - - ret = request_irq(dws->irq, dw_spi_irq, IRQF_SHARED, dev_name(dev), - master); -diff --git a/drivers/spi/spi-dw.h b/drivers/spi/spi-dw.h -index 5c07cf8f19e0..45fbf3ad591c 100644 ---- a/drivers/spi/spi-dw.h -+++ b/drivers/spi/spi-dw.h -@@ -117,6 +117,7 @@ struct dw_spi { - size_t len; - void *tx; - void *tx_end; -+ spinlock_t buf_lock; - void *rx; - void *rx_end; - int dma_mapped; -diff --git a/drivers/staging/most/aim-network/networking.c b/drivers/staging/most/aim-network/networking.c -index 936f013c350e..6398c27563c9 100644 ---- a/drivers/staging/most/aim-network/networking.c -+++ b/drivers/staging/most/aim-network/networking.c -@@ -85,6 +85,11 @@ static int skb_to_mamac(const struct sk_buff *skb, struct mbo *mbo) - unsigned int payload_len = skb->len - ETH_HLEN; - unsigned int mdp_len = payload_len + MDP_HDR_LEN; - -+ if (mdp_len < skb->len) { -+ pr_err("drop: too large packet! (%u)\n", skb->len); -+ return -EINVAL; -+ } -+ - if (mbo->buffer_length < mdp_len) { - pr_err("drop: too small buffer! (%d for %d)\n", - mbo->buffer_length, mdp_len); -@@ -132,6 +137,11 @@ static int skb_to_mep(const struct sk_buff *skb, struct mbo *mbo) - u8 *buff = mbo->virt_address; - unsigned int mep_len = skb->len + MEP_HDR_LEN; - -+ if (mep_len < skb->len) { -+ pr_err("drop: too large packet! (%u)\n", skb->len); -+ return -EINVAL; -+ } -+ - if (mbo->buffer_length < mep_len) { - pr_err("drop: too small buffer! (%d for %d)\n", - mbo->buffer_length, mep_len); -diff --git a/drivers/staging/vt6656/device.h b/drivers/staging/vt6656/device.h -index 705fffa59da9..41a4f9555d07 100644 ---- a/drivers/staging/vt6656/device.h -+++ b/drivers/staging/vt6656/device.h -@@ -62,6 +62,8 @@ - #define RATE_AUTO 12 - - #define MAX_RATE 12 -+#define VNT_B_RATES (BIT(RATE_1M) | BIT(RATE_2M) |\ -+ BIT(RATE_5M) | BIT(RATE_11M)) - - /* - * device specific -diff --git a/drivers/staging/vt6656/int.c b/drivers/staging/vt6656/int.c -index c6ffbe0e2728..c521729c4192 100644 ---- a/drivers/staging/vt6656/int.c -+++ b/drivers/staging/vt6656/int.c -@@ -107,9 +107,11 @@ static int vnt_int_report_rate(struct vnt_private *priv, u8 pkt_no, u8 tsr) - - info->status.rates[0].count = tx_retry; - -- if (!(tsr & (TSR_TMO | TSR_RETRYTMO))) { -+ if (!(tsr & TSR_TMO)) { - info->status.rates[0].idx = idx; -- info->flags |= IEEE80211_TX_STAT_ACK; -+ -+ if (!(info->flags & IEEE80211_TX_CTL_NO_ACK)) -+ info->flags |= IEEE80211_TX_STAT_ACK; - } - - ieee80211_tx_status_irqsafe(priv->hw, context->skb); -diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c -index 645ea16b53d5..e8ccd800c94f 100644 ---- a/drivers/staging/vt6656/main_usb.c -+++ b/drivers/staging/vt6656/main_usb.c -@@ -977,6 +977,7 @@ vt6656_probe(struct usb_interface *intf, const struct usb_device_id *id) - ieee80211_hw_set(priv->hw, RX_INCLUDES_FCS); - ieee80211_hw_set(priv->hw, REPORTS_TX_ACK_STATUS); - ieee80211_hw_set(priv->hw, SUPPORTS_PS); -+ ieee80211_hw_set(priv->hw, PS_NULLFUNC_STACK); - - priv->hw->max_signal = 100; - -diff --git a/drivers/staging/vt6656/rxtx.c b/drivers/staging/vt6656/rxtx.c -index a44abcce6fb4..f78f31ce6443 100644 ---- a/drivers/staging/vt6656/rxtx.c -+++ b/drivers/staging/vt6656/rxtx.c -@@ -288,11 +288,9 @@ static u16 vnt_rxtx_datahead_g(struct vnt_usb_send_context *tx_context, - PK_TYPE_11B, &buf->b); - - /* Get Duration and TimeStamp */ -- if (ieee80211_is_pspoll(hdr->frame_control)) { -- __le16 dur = cpu_to_le16(priv->current_aid | BIT(14) | BIT(15)); -- -- buf->duration_a = dur; -- buf->duration_b = dur; -+ if (ieee80211_is_nullfunc(hdr->frame_control)) { -+ buf->duration_a = hdr->duration_id; -+ buf->duration_b = hdr->duration_id; - } else { - buf->duration_a = vnt_get_duration_le(priv, - tx_context->pkt_type, need_ack); -@@ -381,10 +379,8 @@ static u16 vnt_rxtx_datahead_ab(struct vnt_usb_send_context *tx_context, - tx_context->pkt_type, &buf->ab); - - /* Get Duration and TimeStampOff */ -- if (ieee80211_is_pspoll(hdr->frame_control)) { -- __le16 dur = cpu_to_le16(priv->current_aid | BIT(14) | BIT(15)); -- -- buf->duration = dur; -+ if (ieee80211_is_nullfunc(hdr->frame_control)) { -+ buf->duration = hdr->duration_id; - } else { - buf->duration = vnt_get_duration_le(priv, tx_context->pkt_type, - need_ack); -@@ -825,10 +821,14 @@ int vnt_tx_packet(struct vnt_private *priv, struct sk_buff *skb) - if (info->band == NL80211_BAND_5GHZ) { - pkt_type = PK_TYPE_11A; - } else { -- if (tx_rate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT) -- pkt_type = PK_TYPE_11GB; -- else -- pkt_type = PK_TYPE_11GA; -+ if (tx_rate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT) { -+ if (priv->basic_rates & VNT_B_RATES) -+ pkt_type = PK_TYPE_11GB; -+ else -+ pkt_type = PK_TYPE_11GA; -+ } else { -+ pkt_type = PK_TYPE_11A; -+ } - } - } else { - pkt_type = PK_TYPE_11B; -diff --git a/drivers/staging/wlan-ng/prism2mgmt.c b/drivers/staging/wlan-ng/prism2mgmt.c -index c4aa9e7e7003..be89a0ee44bf 100644 ---- a/drivers/staging/wlan-ng/prism2mgmt.c -+++ b/drivers/staging/wlan-ng/prism2mgmt.c -@@ -945,7 +945,7 @@ int prism2mgmt_flashdl_state(struct wlandevice *wlandev, void *msgp) - } - } - -- return 0; -+ return result; - } - - /*---------------------------------------------------------------- -diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig -index 0126de898036..108600c6eb56 100644 ---- a/drivers/tee/optee/Kconfig -+++ b/drivers/tee/optee/Kconfig -@@ -2,6 +2,7 @@ - config OPTEE - tristate "OP-TEE" - depends on HAVE_ARM_SMCCC -+ depends on MMU - help - This implements the OP-TEE Trusted Execution Environment (TEE) - driver. -diff --git a/drivers/tty/serial/8250/8250_bcm2835aux.c b/drivers/tty/serial/8250/8250_bcm2835aux.c -index a23c7da42ea8..7bbcae75e651 100644 ---- a/drivers/tty/serial/8250/8250_bcm2835aux.c -+++ b/drivers/tty/serial/8250/8250_bcm2835aux.c -@@ -119,7 +119,7 @@ static int bcm2835aux_serial_remove(struct platform_device *pdev) - { - struct bcm2835aux_data *data = platform_get_drvdata(pdev); - -- serial8250_unregister_port(data->uart.port.line); -+ serial8250_unregister_port(data->line); - clk_disable_unprepare(data->clk); - - return 0; -diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c -index a497b878c3e2..021899c58028 100644 ---- a/drivers/usb/dwc3/core.c -+++ b/drivers/usb/dwc3/core.c -@@ -1031,6 +1031,9 @@ static void dwc3_core_exit_mode(struct dwc3 *dwc) - /* do nothing */ - break; - } -+ -+ /* de-assert DRVVBUS for HOST and OTG mode */ -+ dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); - } - - static void dwc3_get_properties(struct dwc3 *dwc) -diff --git a/drivers/usb/serial/ir-usb.c b/drivers/usb/serial/ir-usb.c -index f9734a96d516..a3e3b4703f38 100644 ---- a/drivers/usb/serial/ir-usb.c -+++ b/drivers/usb/serial/ir-usb.c -@@ -49,9 +49,10 @@ static int buffer_size; - static int xbof = -1; - - static int ir_startup (struct usb_serial *serial); --static int ir_open(struct tty_struct *tty, struct usb_serial_port *port); --static int ir_prepare_write_buffer(struct usb_serial_port *port, -- void *dest, size_t size); -+static int ir_write(struct tty_struct *tty, struct usb_serial_port *port, -+ const unsigned char *buf, int count); -+static int ir_write_room(struct tty_struct *tty); -+static void ir_write_bulk_callback(struct urb *urb); - static void ir_process_read_urb(struct urb *urb); - static void ir_set_termios(struct tty_struct *tty, - struct usb_serial_port *port, struct ktermios *old_termios); -@@ -81,8 +82,9 @@ static struct usb_serial_driver ir_device = { - .num_ports = 1, - .set_termios = ir_set_termios, - .attach = ir_startup, -- .open = ir_open, -- .prepare_write_buffer = ir_prepare_write_buffer, -+ .write = ir_write, -+ .write_room = ir_write_room, -+ .write_bulk_callback = ir_write_bulk_callback, - .process_read_urb = ir_process_read_urb, - }; - -@@ -199,6 +201,9 @@ static int ir_startup(struct usb_serial *serial) - struct usb_irda_cs_descriptor *irda_desc; - int rates; - -+ if (serial->num_bulk_in < 1 || serial->num_bulk_out < 1) -+ return -ENODEV; -+ - irda_desc = irda_usb_find_class_desc(serial, 0); - if (!irda_desc) { - dev_err(&serial->dev->dev, -@@ -255,35 +260,102 @@ static int ir_startup(struct usb_serial *serial) - return 0; - } - --static int ir_open(struct tty_struct *tty, struct usb_serial_port *port) -+static int ir_write(struct tty_struct *tty, struct usb_serial_port *port, -+ const unsigned char *buf, int count) - { -- int i; -+ struct urb *urb = NULL; -+ unsigned long flags; -+ int ret; - -- for (i = 0; i < ARRAY_SIZE(port->write_urbs); ++i) -- port->write_urbs[i]->transfer_flags = URB_ZERO_PACKET; -+ if (port->bulk_out_size == 0) -+ return -EINVAL; - -- /* Start reading from the device */ -- return usb_serial_generic_open(tty, port); --} -+ if (count == 0) -+ return 0; - --static int ir_prepare_write_buffer(struct usb_serial_port *port, -- void *dest, size_t size) --{ -- unsigned char *buf = dest; -- int count; -+ count = min(count, port->bulk_out_size - 1); -+ -+ spin_lock_irqsave(&port->lock, flags); -+ if (__test_and_clear_bit(0, &port->write_urbs_free)) { -+ urb = port->write_urbs[0]; -+ port->tx_bytes += count; -+ } -+ spin_unlock_irqrestore(&port->lock, flags); -+ -+ if (!urb) -+ return 0; - - /* - * The first byte of the packet we send to the device contains an -- * inbound header which indicates an additional number of BOFs and -+ * outbound header which indicates an additional number of BOFs and - * a baud rate change. - * - * See section 5.4.2.2 of the USB IrDA spec. - */ -- *buf = ir_xbof | ir_baud; -+ *(u8 *)urb->transfer_buffer = ir_xbof | ir_baud; -+ -+ memcpy(urb->transfer_buffer + 1, buf, count); -+ -+ urb->transfer_buffer_length = count + 1; -+ urb->transfer_flags = URB_ZERO_PACKET; -+ -+ ret = usb_submit_urb(urb, GFP_ATOMIC); -+ if (ret) { -+ dev_err(&port->dev, "failed to submit write urb: %d\n", ret); -+ -+ spin_lock_irqsave(&port->lock, flags); -+ __set_bit(0, &port->write_urbs_free); -+ port->tx_bytes -= count; -+ spin_unlock_irqrestore(&port->lock, flags); -+ -+ return ret; -+ } -+ -+ return count; -+} -+ -+static void ir_write_bulk_callback(struct urb *urb) -+{ -+ struct usb_serial_port *port = urb->context; -+ int status = urb->status; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&port->lock, flags); -+ __set_bit(0, &port->write_urbs_free); -+ port->tx_bytes -= urb->transfer_buffer_length - 1; -+ spin_unlock_irqrestore(&port->lock, flags); -+ -+ switch (status) { -+ case 0: -+ break; -+ case -ENOENT: -+ case -ECONNRESET: -+ case -ESHUTDOWN: -+ dev_dbg(&port->dev, "write urb stopped: %d\n", status); -+ return; -+ case -EPIPE: -+ dev_err(&port->dev, "write urb stopped: %d\n", status); -+ return; -+ default: -+ dev_err(&port->dev, "nonzero write-urb status: %d\n", status); -+ break; -+ } -+ -+ usb_serial_port_softint(port); -+} -+ -+static int ir_write_room(struct tty_struct *tty) -+{ -+ struct usb_serial_port *port = tty->driver_data; -+ int count = 0; -+ -+ if (port->bulk_out_size == 0) -+ return 0; -+ -+ if (test_bit(0, &port->write_urbs_free)) -+ count = port->bulk_out_size - 1; - -- count = kfifo_out_locked(&port->write_fifo, buf + 1, size - 1, -- &port->lock); -- return count + 1; -+ return count; - } - - static void ir_process_read_urb(struct urb *urb) -@@ -336,34 +408,34 @@ static void ir_set_termios(struct tty_struct *tty, - - switch (baud) { - case 2400: -- ir_baud = USB_IRDA_BR_2400; -+ ir_baud = USB_IRDA_LS_2400; - break; - case 9600: -- ir_baud = USB_IRDA_BR_9600; -+ ir_baud = USB_IRDA_LS_9600; - break; - case 19200: -- ir_baud = USB_IRDA_BR_19200; -+ ir_baud = USB_IRDA_LS_19200; - break; - case 38400: -- ir_baud = USB_IRDA_BR_38400; -+ ir_baud = USB_IRDA_LS_38400; - break; - case 57600: -- ir_baud = USB_IRDA_BR_57600; -+ ir_baud = USB_IRDA_LS_57600; - break; - case 115200: -- ir_baud = USB_IRDA_BR_115200; -+ ir_baud = USB_IRDA_LS_115200; - break; - case 576000: -- ir_baud = USB_IRDA_BR_576000; -+ ir_baud = USB_IRDA_LS_576000; - break; - case 1152000: -- ir_baud = USB_IRDA_BR_1152000; -+ ir_baud = USB_IRDA_LS_1152000; - break; - case 4000000: -- ir_baud = USB_IRDA_BR_4000000; -+ ir_baud = USB_IRDA_LS_4000000; - break; - default: -- ir_baud = USB_IRDA_BR_9600; -+ ir_baud = USB_IRDA_LS_9600; - baud = 9600; - } - -diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h -index f15aa47c54a9..0eb8c67ee138 100644 ---- a/drivers/usb/storage/unusual_uas.h -+++ b/drivers/usb/storage/unusual_uas.h -@@ -163,12 +163,15 @@ UNUSUAL_DEV(0x2537, 0x1068, 0x0000, 0x9999, - USB_SC_DEVICE, USB_PR_DEVICE, NULL, - US_FL_IGNORE_UAS), - --/* Reported-by: Takeo Nakayama */ -+/* -+ * Initially Reported-by: Takeo Nakayama -+ * UAS Ignore Reported by Steven Ellis -+ */ - UNUSUAL_DEV(0x357d, 0x7788, 0x0000, 0x9999, - "JMicron", - "JMS566", - USB_SC_DEVICE, USB_PR_DEVICE, NULL, -- US_FL_NO_REPORT_OPCODES), -+ US_FL_NO_REPORT_OPCODES | US_FL_IGNORE_UAS), - - /* Reported-by: Hans de Goede */ - UNUSUAL_DEV(0x4971, 0x1012, 0x0000, 0x9999, -diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig -index f55328a31629..fa15a683ae2d 100644 ---- a/drivers/watchdog/Kconfig -+++ b/drivers/watchdog/Kconfig -@@ -563,6 +563,7 @@ config MAX63XX_WATCHDOG - config MAX77620_WATCHDOG - tristate "Maxim Max77620 Watchdog Timer" - depends on MFD_MAX77620 || COMPILE_TEST -+ select WATCHDOG_CORE - help - This is the driver for the Max77620 watchdog timer. - Say 'Y' here to enable the watchdog timer support for -diff --git a/drivers/watchdog/rn5t618_wdt.c b/drivers/watchdog/rn5t618_wdt.c -index e60f55702ab7..d2e79cf70e77 100644 ---- a/drivers/watchdog/rn5t618_wdt.c -+++ b/drivers/watchdog/rn5t618_wdt.c -@@ -193,6 +193,7 @@ static struct platform_driver rn5t618_wdt_driver = { - - module_platform_driver(rn5t618_wdt_driver); - -+MODULE_ALIAS("platform:rn5t618-wdt"); - MODULE_AUTHOR("Beniamino Galvani "); - MODULE_DESCRIPTION("RN5T618 watchdog driver"); - MODULE_LICENSE("GPL v2"); -diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index 204d585e012a..3ab79fa00dc7 100644 ---- a/fs/btrfs/super.c -+++ b/fs/btrfs/super.c -@@ -2114,7 +2114,15 @@ static int btrfs_statfs(struct dentry *dentry, struct kstatfs *buf) - */ - thresh = 4 * 1024 * 1024; - -- if (!mixed && total_free_meta - thresh < block_rsv->size) -+ /* -+ * We only want to claim there's no available space if we can no longer -+ * allocate chunks for our metadata profile and our global reserve will -+ * not fit in the free metadata space. If we aren't ->full then we -+ * still can allocate chunks and thus are fine using the currently -+ * calculated f_bavail. -+ */ -+ if (!mixed && block_rsv->space_info->full && -+ total_free_meta - thresh < block_rsv->size) - buf->f_bavail = 0; - - buf->f_type = BTRFS_SUPER_MAGIC; -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 1a0a56647974..93d8aa6ef661 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -1782,6 +1782,13 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token, - arg = JBD2_DEFAULT_MAX_COMMIT_AGE; - sbi->s_commit_interval = HZ * arg; - } else if (token == Opt_debug_want_extra_isize) { -+ if ((arg & 1) || -+ (arg < 4) || -+ (arg > (sbi->s_inode_size - EXT4_GOOD_OLD_INODE_SIZE))) { -+ ext4_msg(sb, KERN_ERR, -+ "Invalid want_extra_isize %d", arg); -+ return -1; -+ } - sbi->s_want_extra_isize = arg; - } else if (token == Opt_max_batch_time) { - sbi->s_max_batch_time = arg; -@@ -3454,40 +3461,6 @@ int ext4_calculate_overhead(struct super_block *sb) - return 0; - } - --static void ext4_clamp_want_extra_isize(struct super_block *sb) --{ -- struct ext4_sb_info *sbi = EXT4_SB(sb); -- struct ext4_super_block *es = sbi->s_es; -- unsigned def_extra_isize = sizeof(struct ext4_inode) - -- EXT4_GOOD_OLD_INODE_SIZE; -- -- if (sbi->s_inode_size == EXT4_GOOD_OLD_INODE_SIZE) { -- sbi->s_want_extra_isize = 0; -- return; -- } -- if (sbi->s_want_extra_isize < 4) { -- sbi->s_want_extra_isize = def_extra_isize; -- if (ext4_has_feature_extra_isize(sb)) { -- if (sbi->s_want_extra_isize < -- le16_to_cpu(es->s_want_extra_isize)) -- sbi->s_want_extra_isize = -- le16_to_cpu(es->s_want_extra_isize); -- if (sbi->s_want_extra_isize < -- le16_to_cpu(es->s_min_extra_isize)) -- sbi->s_want_extra_isize = -- le16_to_cpu(es->s_min_extra_isize); -- } -- } -- /* Check if enough inode space is available */ -- if ((sbi->s_want_extra_isize > sbi->s_inode_size) || -- (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > -- sbi->s_inode_size)) { -- sbi->s_want_extra_isize = def_extra_isize; -- ext4_msg(sb, KERN_INFO, -- "required extra inode space not available"); -- } --} -- - static void ext4_set_resv_clusters(struct super_block *sb) - { - ext4_fsblk_t resv_clusters; -@@ -3695,6 +3668,65 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - */ - sbi->s_li_wait_mult = EXT4_DEF_LI_WAIT_MULT; - -+ if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { -+ sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; -+ sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; -+ } else { -+ sbi->s_inode_size = le16_to_cpu(es->s_inode_size); -+ sbi->s_first_ino = le32_to_cpu(es->s_first_ino); -+ if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) { -+ ext4_msg(sb, KERN_ERR, "invalid first ino: %u", -+ sbi->s_first_ino); -+ goto failed_mount; -+ } -+ if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || -+ (!is_power_of_2(sbi->s_inode_size)) || -+ (sbi->s_inode_size > blocksize)) { -+ ext4_msg(sb, KERN_ERR, -+ "unsupported inode size: %d", -+ sbi->s_inode_size); -+ goto failed_mount; -+ } -+ /* -+ * i_atime_extra is the last extra field available for -+ * [acm]times in struct ext4_inode. Checking for that -+ * field should suffice to ensure we have extra space -+ * for all three. -+ */ -+ if (sbi->s_inode_size >= offsetof(struct ext4_inode, i_atime_extra) + -+ sizeof(((struct ext4_inode *)0)->i_atime_extra)) { -+ sb->s_time_gran = 1; -+ } else { -+ sb->s_time_gran = NSEC_PER_SEC; -+ } -+ } -+ if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { -+ sbi->s_want_extra_isize = sizeof(struct ext4_inode) - -+ EXT4_GOOD_OLD_INODE_SIZE; -+ if (ext4_has_feature_extra_isize(sb)) { -+ unsigned v, max = (sbi->s_inode_size - -+ EXT4_GOOD_OLD_INODE_SIZE); -+ -+ v = le16_to_cpu(es->s_want_extra_isize); -+ if (v > max) { -+ ext4_msg(sb, KERN_ERR, -+ "bad s_want_extra_isize: %d", v); -+ goto failed_mount; -+ } -+ if (sbi->s_want_extra_isize < v) -+ sbi->s_want_extra_isize = v; -+ -+ v = le16_to_cpu(es->s_min_extra_isize); -+ if (v > max) { -+ ext4_msg(sb, KERN_ERR, -+ "bad s_min_extra_isize: %d", v); -+ goto failed_mount; -+ } -+ if (sbi->s_want_extra_isize < v) -+ sbi->s_want_extra_isize = v; -+ } -+ } -+ - if (sbi->s_es->s_mount_opts[0]) { - char *s_mount_opts = kstrndup(sbi->s_es->s_mount_opts, - sizeof(sbi->s_es->s_mount_opts), -@@ -3893,29 +3925,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - has_huge_files); - sb->s_maxbytes = ext4_max_size(sb->s_blocksize_bits, has_huge_files); - -- if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { -- sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; -- sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; -- } else { -- sbi->s_inode_size = le16_to_cpu(es->s_inode_size); -- sbi->s_first_ino = le32_to_cpu(es->s_first_ino); -- if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) { -- ext4_msg(sb, KERN_ERR, "invalid first ino: %u", -- sbi->s_first_ino); -- goto failed_mount; -- } -- if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || -- (!is_power_of_2(sbi->s_inode_size)) || -- (sbi->s_inode_size > blocksize)) { -- ext4_msg(sb, KERN_ERR, -- "unsupported inode size: %d", -- sbi->s_inode_size); -- goto failed_mount; -- } -- if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) -- sb->s_time_gran = 1 << (EXT4_EPOCH_BITS - 2); -- } -- - sbi->s_desc_size = le16_to_cpu(es->s_desc_size); - if (ext4_has_feature_64bit(sb)) { - if (sbi->s_desc_size < EXT4_MIN_DESC_SIZE_64BIT || -@@ -4354,8 +4363,6 @@ no_journal: - if (ext4_setup_super(sb, es, sb_rdonly(sb))) - sb->s_flags |= MS_RDONLY; - -- ext4_clamp_want_extra_isize(sb); -- - ext4_set_resv_clusters(sb); - - err = ext4_setup_system_zone(sb); -@@ -5139,8 +5146,6 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) - goto restore_opts; - } - -- ext4_clamp_want_extra_isize(sb); -- - if ((old_opts.s_mount_opt & EXT4_MOUNT_JOURNAL_CHECKSUM) ^ - test_opt(sb, JOURNAL_CHECKSUM)) { - ext4_msg(sb, KERN_ERR, "changing journal_checksum " -diff --git a/fs/namei.c b/fs/namei.c -index d648d6d2b635..f421f8d80f4d 100644 ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -3266,8 +3266,8 @@ static int do_last(struct nameidata *nd, - int *opened) - { - struct dentry *dir = nd->path.dentry; -- kuid_t dir_uid = dir->d_inode->i_uid; -- umode_t dir_mode = dir->d_inode->i_mode; -+ kuid_t dir_uid = nd->inode->i_uid; -+ umode_t dir_mode = nd->inode->i_mode; - int open_flag = op->open_flag; - bool will_truncate = (open_flag & O_TRUNC) != 0; - bool got_write = false; -diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index cc0b22c72e83..5208d85dd30c 100644 ---- a/fs/reiserfs/super.c -+++ b/fs/reiserfs/super.c -@@ -629,6 +629,7 @@ static void reiserfs_put_super(struct super_block *s) - reiserfs_write_unlock(s); - mutex_destroy(&REISERFS_SB(s)->lock); - destroy_workqueue(REISERFS_SB(s)->commit_wq); -+ kfree(REISERFS_SB(s)->s_jdev); - kfree(s->s_fs_info); - s->s_fs_info = NULL; - } -@@ -2243,6 +2244,7 @@ error_unlocked: - kfree(qf_names[j]); - } - #endif -+ kfree(sbi->s_jdev); - kfree(sbi); - - s->s_fs_info = NULL; -diff --git a/include/linux/usb/irda.h b/include/linux/usb/irda.h -index 396d2b043e64..556a801efce3 100644 ---- a/include/linux/usb/irda.h -+++ b/include/linux/usb/irda.h -@@ -119,11 +119,22 @@ struct usb_irda_cs_descriptor { - * 6 - 115200 bps - * 7 - 576000 bps - * 8 - 1.152 Mbps -- * 9 - 5 mbps -+ * 9 - 4 Mbps - * 10..15 - Reserved - */ - #define USB_IRDA_STATUS_LINK_SPEED 0x0f - -+#define USB_IRDA_LS_NO_CHANGE 0 -+#define USB_IRDA_LS_2400 1 -+#define USB_IRDA_LS_9600 2 -+#define USB_IRDA_LS_19200 3 -+#define USB_IRDA_LS_38400 4 -+#define USB_IRDA_LS_57600 5 -+#define USB_IRDA_LS_115200 6 -+#define USB_IRDA_LS_576000 7 -+#define USB_IRDA_LS_1152000 8 -+#define USB_IRDA_LS_4000000 9 -+ - /* The following is a 4-bit value used only for - * outbound header: - * -diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h -index a4c8e9d7dd06..030eea38f258 100644 ---- a/include/net/cfg80211.h -+++ b/include/net/cfg80211.h -@@ -2843,6 +2843,9 @@ struct cfg80211_pmk_conf { - * - * @start_radar_detection: Start radar detection in the driver. - * -+ * @end_cac: End running CAC, probably because a related CAC -+ * was finished on another phy. -+ * - * @update_ft_ies: Provide updated Fast BSS Transition information to the - * driver. If the SME is in the driver/firmware, this information can be - * used in building Authentication and Reassociation Request frames. -@@ -3148,6 +3151,8 @@ struct cfg80211_ops { - struct net_device *dev, - struct cfg80211_chan_def *chandef, - u32 cac_time_ms); -+ void (*end_cac)(struct wiphy *wiphy, -+ struct net_device *dev); - int (*update_ft_ies)(struct wiphy *wiphy, struct net_device *dev, - struct cfg80211_update_ft_ies_params *ftie); - int (*crit_proto_start)(struct wiphy *wiphy, -diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c -index 2c57030f54aa..829943aad7be 100644 ---- a/kernel/cgroup/cgroup.c -+++ b/kernel/cgroup/cgroup.c -@@ -2884,8 +2884,6 @@ static int cgroup_apply_control_enable(struct cgroup *cgrp) - for_each_subsys(ss, ssid) { - struct cgroup_subsys_state *css = cgroup_css(dsct, ss); - -- WARN_ON_ONCE(css && percpu_ref_is_dying(&css->refcnt)); -- - if (!(cgroup_ss_mask(dsct) & (1 << ss->id))) - continue; - -@@ -2895,6 +2893,8 @@ static int cgroup_apply_control_enable(struct cgroup *cgrp) - return PTR_ERR(css); - } - -+ WARN_ON_ONCE(percpu_ref_is_dying(&css->refcnt)); -+ - if (css_visible(css)) { - ret = css_populate_dir(css); - if (ret) -@@ -2930,11 +2930,11 @@ static void cgroup_apply_control_disable(struct cgroup *cgrp) - for_each_subsys(ss, ssid) { - struct cgroup_subsys_state *css = cgroup_css(dsct, ss); - -- WARN_ON_ONCE(css && percpu_ref_is_dying(&css->refcnt)); -- - if (!css) - continue; - -+ WARN_ON_ONCE(percpu_ref_is_dying(&css->refcnt)); -+ - if (css->parent && - !(cgroup_ss_mask(dsct) & (1 << ss->id))) { - kill_css(css); -@@ -3221,7 +3221,8 @@ static ssize_t cgroup_type_write(struct kernfs_open_file *of, char *buf, - if (strcmp(strstrip(buf), "threaded")) - return -EINVAL; - -- cgrp = cgroup_kn_lock_live(of->kn, false); -+ /* drain dying csses before we re-apply (threaded) subtree control */ -+ cgrp = cgroup_kn_lock_live(of->kn, true); - if (!cgrp) - return -ENOENT; - -diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index a37cfa88669e..1b34f2e35951 100644 ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -2724,6 +2724,9 @@ int mpol_parse_str(char *str, struct mempolicy **mpol) - char *flags = strchr(str, '='); - int err = 1; - -+ if (flags) -+ *flags++ = '\0'; /* terminate mode string */ -+ - if (nodelist) { - /* NUL-terminate mode or flags string */ - *nodelist++ = '\0'; -@@ -2734,9 +2737,6 @@ int mpol_parse_str(char *str, struct mempolicy **mpol) - } else - nodes_clear(nodes); - -- if (flags) -- *flags++ = '\0'; /* terminate mode string */ -- - for (mode = 0; mode < MPOL_MAX; mode++) { - if (!strcmp(str, policy_modes[mode])) { - break; -diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c -index 4a05235929b9..93093d7c3824 100644 ---- a/net/bluetooth/hci_sock.c -+++ b/net/bluetooth/hci_sock.c -@@ -826,6 +826,8 @@ static int hci_sock_release(struct socket *sock) - if (!sk) - return 0; - -+ lock_sock(sk); -+ - switch (hci_pi(sk)->channel) { - case HCI_CHANNEL_MONITOR: - atomic_dec(&monitor_promisc); -@@ -873,6 +875,7 @@ static int hci_sock_release(struct socket *sock) - skb_queue_purge(&sk->sk_receive_queue); - skb_queue_purge(&sk->sk_write_queue); - -+ release_sock(sk); - sock_put(sk); - return 0; - } -diff --git a/net/core/utils.c b/net/core/utils.c -index 93066bd0305a..b1823e76b877 100644 ---- a/net/core/utils.c -+++ b/net/core/utils.c -@@ -419,6 +419,23 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, - } - EXPORT_SYMBOL(inet_proto_csum_replace4); - -+/** -+ * inet_proto_csum_replace16 - update layer 4 header checksum field -+ * @sum: Layer 4 header checksum field -+ * @skb: sk_buff for the packet -+ * @from: old IPv6 address -+ * @to: new IPv6 address -+ * @pseudohdr: True if layer 4 header checksum includes pseudoheader -+ * -+ * Update layer 4 header as per the update in IPv6 src/dst address. -+ * -+ * There is no need to update skb->csum in this function, because update in two -+ * fields a.) IPv6 src/dst address and b.) L4 header checksum cancels each other -+ * for skb->csum calculation. Whereas inet_proto_csum_replace4 function needs to -+ * update skb->csum, because update in 3 fields a.) IPv4 src/dst address, -+ * b.) IPv4 Header checksum and c.) L4 header checksum results in same diff as -+ * L4 Header checksum for skb->csum calculation. -+ */ - void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, - const __be32 *from, const __be32 *to, - bool pseudohdr) -@@ -430,9 +447,6 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, - if (skb->ip_summed != CHECKSUM_PARTIAL) { - *sum = csum_fold(csum_partial(diff, sizeof(diff), - ~csum_unfold(*sum))); -- if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) -- skb->csum = ~csum_partial(diff, sizeof(diff), -- ~skb->csum); - } else if (pseudohdr) - *sum = ~csum_fold(csum_partial(diff, sizeof(diff), - csum_unfold(*sum))); -diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c -index 08c15dd42d93..59384ffe89f7 100644 ---- a/net/ipv4/ip_vti.c -+++ b/net/ipv4/ip_vti.c -@@ -208,8 +208,17 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev, - int mtu; - - if (!dst) { -- dev->stats.tx_carrier_errors++; -- goto tx_error_icmp; -+ struct rtable *rt; -+ -+ fl->u.ip4.flowi4_oif = dev->ifindex; -+ fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC; -+ rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4); -+ if (IS_ERR(rt)) { -+ dev->stats.tx_carrier_errors++; -+ goto tx_error_icmp; -+ } -+ dst = &rt->dst; -+ skb_dst_set(skb, dst); - } - - dst_hold(dst); -diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c -index 557fe3880a3f..396a0f61f5f8 100644 ---- a/net/ipv6/ip6_vti.c -+++ b/net/ipv6/ip6_vti.c -@@ -453,8 +453,17 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) - int err = -1; - int mtu; - -- if (!dst) -- goto tx_err_link_failure; -+ if (!dst) { -+ fl->u.ip6.flowi6_oif = dev->ifindex; -+ fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC; -+ dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6); -+ if (dst->error) { -+ dst_release(dst); -+ dst = NULL; -+ goto tx_err_link_failure; -+ } -+ skb_dst_set(skb, dst); -+ } - - dst_hold(dst); - dst = xfrm_lookup(t->net, dst, fl, NULL, 0); -diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index d437007b15bb..b1484b8316e8 100644 ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -2800,6 +2800,28 @@ static int ieee80211_start_radar_detection(struct wiphy *wiphy, - return err; - } - -+static void ieee80211_end_cac(struct wiphy *wiphy, -+ struct net_device *dev) -+{ -+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); -+ struct ieee80211_local *local = sdata->local; -+ -+ mutex_lock(&local->mtx); -+ list_for_each_entry(sdata, &local->interfaces, list) { -+ /* it might be waiting for the local->mtx, but then -+ * by the time it gets it, sdata->wdev.cac_started -+ * will no longer be true -+ */ -+ cancel_delayed_work(&sdata->dfs_cac_timer_work); -+ -+ if (sdata->wdev.cac_started) { -+ ieee80211_vif_release_channel(sdata); -+ sdata->wdev.cac_started = false; -+ } -+ } -+ mutex_unlock(&local->mtx); -+} -+ - static struct cfg80211_beacon_data * - cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon) - { -@@ -3730,6 +3752,7 @@ const struct cfg80211_ops mac80211_config_ops = { - #endif - .get_channel = ieee80211_cfg_get_channel, - .start_radar_detection = ieee80211_start_radar_detection, -+ .end_cac = ieee80211_end_cac, - .channel_switch = ieee80211_channel_switch, - .set_qos_map = ieee80211_set_qos_map, - .set_ap_chanwidth = ieee80211_set_ap_chanwidth, -diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c -index fab0764c315f..994dde6e5f9d 100644 ---- a/net/mac80211/mesh_hwmp.c -+++ b/net/mac80211/mesh_hwmp.c -@@ -326,6 +326,9 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local, - unsigned long fail_avg = - ewma_mesh_fail_avg_read(&sta->mesh->fail_avg); - -+ if (sta->mesh->plink_state != NL80211_PLINK_ESTAB) -+ return MAX_METRIC; -+ - /* Try to get rate based on HW/SW RC algorithm. - * Rate is returned in units of Kbps, correct this - * to comply with airtime calculation units -diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c -index b3622823bad2..ebd66e8f46b3 100644 ---- a/net/mac80211/tkip.c -+++ b/net/mac80211/tkip.c -@@ -266,9 +266,21 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, - if ((keyid >> 6) != key->conf.keyidx) - return TKIP_DECRYPT_INVALID_KEYIDX; - -- if (rx_ctx->ctx.state != TKIP_STATE_NOT_INIT && -- (iv32 < rx_ctx->iv32 || -- (iv32 == rx_ctx->iv32 && iv16 <= rx_ctx->iv16))) -+ /* Reject replays if the received TSC is smaller than or equal to the -+ * last received value in a valid message, but with an exception for -+ * the case where a new key has been set and no valid frame using that -+ * key has yet received and the local RSC was initialized to 0. This -+ * exception allows the very first frame sent by the transmitter to be -+ * accepted even if that transmitter were to use TSC 0 (IEEE 802.11 -+ * described TSC to be initialized to 1 whenever a new key is taken into -+ * use). -+ */ -+ if (iv32 < rx_ctx->iv32 || -+ (iv32 == rx_ctx->iv32 && -+ (iv16 < rx_ctx->iv16 || -+ (iv16 == rx_ctx->iv16 && -+ (rx_ctx->iv32 || rx_ctx->iv16 || -+ rx_ctx->ctx.state != TKIP_STATE_NOT_INIT))))) - return TKIP_DECRYPT_REPLAY; - - if (only_iv) { -diff --git a/net/sched/ematch.c b/net/sched/ematch.c -index 60f2354c1789..a48dca26f178 100644 ---- a/net/sched/ematch.c -+++ b/net/sched/ematch.c -@@ -242,6 +242,9 @@ static int tcf_em_validate(struct tcf_proto *tp, - goto errout; - - if (em->ops->change) { -+ err = -EINVAL; -+ if (em_hdr->flags & TCF_EM_SIMPLE) -+ goto errout; - err = em->ops->change(net, data, data_len, em); - if (err < 0) - goto errout; -diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h -index 249919bdfc64..4077bb3af440 100644 ---- a/net/wireless/rdev-ops.h -+++ b/net/wireless/rdev-ops.h -@@ -1143,6 +1143,16 @@ rdev_start_radar_detection(struct cfg80211_registered_device *rdev, - return ret; - } - -+static inline void -+rdev_end_cac(struct cfg80211_registered_device *rdev, -+ struct net_device *dev) -+{ -+ trace_rdev_end_cac(&rdev->wiphy, dev); -+ if (rdev->ops->end_cac) -+ rdev->ops->end_cac(&rdev->wiphy, dev); -+ trace_rdev_return_void(&rdev->wiphy); -+} -+ - static inline int - rdev_set_mcast_rate(struct cfg80211_registered_device *rdev, - struct net_device *dev, -diff --git a/net/wireless/reg.c b/net/wireless/reg.c -index 804eac073b6b..a520f433d476 100644 ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -1718,14 +1718,15 @@ static void update_all_wiphy_regulatory(enum nl80211_reg_initiator initiator) - - static void handle_channel_custom(struct wiphy *wiphy, - struct ieee80211_channel *chan, -- const struct ieee80211_regdomain *regd) -+ const struct ieee80211_regdomain *regd, -+ u32 min_bw) - { - u32 bw_flags = 0; - const struct ieee80211_reg_rule *reg_rule = NULL; - const struct ieee80211_power_rule *power_rule = NULL; - u32 bw; - -- for (bw = MHZ_TO_KHZ(20); bw >= MHZ_TO_KHZ(5); bw = bw / 2) { -+ for (bw = MHZ_TO_KHZ(20); bw >= min_bw; bw = bw / 2) { - reg_rule = freq_reg_info_regd(MHZ_TO_KHZ(chan->center_freq), - regd, bw); - if (!IS_ERR(reg_rule)) -@@ -1781,8 +1782,14 @@ static void handle_band_custom(struct wiphy *wiphy, - if (!sband) - return; - -+ /* -+ * We currently assume that you always want at least 20 MHz, -+ * otherwise channel 12 might get enabled if this rule is -+ * compatible to US, which permits 2402 - 2472 MHz. -+ */ - for (i = 0; i < sband->n_channels; i++) -- handle_channel_custom(wiphy, &sband->channels[i], regd); -+ handle_channel_custom(wiphy, &sband->channels[i], regd, -+ MHZ_TO_KHZ(20)); - } - - /* Used by drivers prior to wiphy registration */ -@@ -3296,6 +3303,25 @@ bool regulatory_pre_cac_allowed(struct wiphy *wiphy) - return pre_cac_allowed; - } - -+static void cfg80211_check_and_end_cac(struct cfg80211_registered_device *rdev) -+{ -+ struct wireless_dev *wdev; -+ /* If we finished CAC or received radar, we should end any -+ * CAC running on the same channels. -+ * the check !cfg80211_chandef_dfs_usable contain 2 options: -+ * either all channels are available - those the CAC_FINISHED -+ * event has effected another wdev state, or there is a channel -+ * in unavailable state in wdev chandef - those the RADAR_DETECTED -+ * event has effected another wdev state. -+ * In both cases we should end the CAC on the wdev. -+ */ -+ list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { -+ if (wdev->cac_started && -+ !cfg80211_chandef_dfs_usable(&rdev->wiphy, &wdev->chandef)) -+ rdev_end_cac(rdev, wdev->netdev); -+ } -+} -+ - void regulatory_propagate_dfs_state(struct wiphy *wiphy, - struct cfg80211_chan_def *chandef, - enum nl80211_dfs_state dfs_state, -@@ -3322,8 +3348,10 @@ void regulatory_propagate_dfs_state(struct wiphy *wiphy, - cfg80211_set_dfs_state(&rdev->wiphy, chandef, dfs_state); - - if (event == NL80211_RADAR_DETECTED || -- event == NL80211_RADAR_CAC_FINISHED) -+ event == NL80211_RADAR_CAC_FINISHED) { - cfg80211_sched_dfs_chan_update(rdev); -+ cfg80211_check_and_end_cac(rdev); -+ } - - nl80211_radar_notify(rdev, chandef, event, NULL, GFP_KERNEL); - } -diff --git a/net/wireless/trace.h b/net/wireless/trace.h -index f3353fe5b35b..cd0a1c7c185d 100644 ---- a/net/wireless/trace.h -+++ b/net/wireless/trace.h -@@ -607,6 +607,11 @@ DEFINE_EVENT(wiphy_netdev_evt, rdev_flush_pmksa, - TP_ARGS(wiphy, netdev) - ); - -+DEFINE_EVENT(wiphy_netdev_evt, rdev_end_cac, -+ TP_PROTO(struct wiphy *wiphy, struct net_device *netdev), -+ TP_ARGS(wiphy, netdev) -+); -+ - DECLARE_EVENT_CLASS(station_add_change, - TP_PROTO(struct wiphy *wiphy, struct net_device *netdev, u8 *mac, - struct station_parameters *params), -diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c -index 6cdb054484d6..5236a3c2c0cc 100644 ---- a/net/wireless/wext-core.c -+++ b/net/wireless/wext-core.c -@@ -659,7 +659,8 @@ struct iw_statistics *get_wireless_stats(struct net_device *dev) - return NULL; - } - --static int iw_handler_get_iwstats(struct net_device * dev, -+/* noinline to avoid a bogus warning with -O3 */ -+static noinline int iw_handler_get_iwstats(struct net_device * dev, - struct iw_request_info * info, - union iwreq_data * wrqu, - char * extra) -diff --git a/sound/soc/sti/uniperif_player.c b/sound/soc/sti/uniperif_player.c -index d8b6936e544e..908f13623f8c 100644 ---- a/sound/soc/sti/uniperif_player.c -+++ b/sound/soc/sti/uniperif_player.c -@@ -226,7 +226,6 @@ static void uni_player_set_channel_status(struct uniperif *player, - * sampling frequency. If no sample rate is already specified, then - * set one. - */ -- mutex_lock(&player->ctrl_lock); - if (runtime) { - switch (runtime->rate) { - case 22050: -@@ -303,7 +302,6 @@ static void uni_player_set_channel_status(struct uniperif *player, - player->stream_settings.iec958.status[3 + (n * 4)] << 24; - SET_UNIPERIF_CHANNEL_STA_REGN(player, n, status); - } -- mutex_unlock(&player->ctrl_lock); - - /* Update the channel status */ - if (player->ver < SND_ST_UNIPERIF_VERSION_UNI_PLR_TOP_1_0) -@@ -365,8 +363,10 @@ static int uni_player_prepare_iec958(struct uniperif *player, - - SET_UNIPERIF_CTRL_ZERO_STUFF_HW(player); - -+ mutex_lock(&player->ctrl_lock); - /* Update the channel status */ - uni_player_set_channel_status(player, runtime); -+ mutex_unlock(&player->ctrl_lock); - - /* Clear the user validity user bits */ - SET_UNIPERIF_USER_VALIDITY_VALIDITY_LR(player, 0); -@@ -598,7 +598,6 @@ static int uni_player_ctl_iec958_put(struct snd_kcontrol *kcontrol, - iec958->status[1] = ucontrol->value.iec958.status[1]; - iec958->status[2] = ucontrol->value.iec958.status[2]; - iec958->status[3] = ucontrol->value.iec958.status[3]; -- mutex_unlock(&player->ctrl_lock); - - spin_lock_irqsave(&player->irq_lock, flags); - if (player->substream && player->substream->runtime) -@@ -608,6 +607,8 @@ static int uni_player_ctl_iec958_put(struct snd_kcontrol *kcontrol, - uni_player_set_channel_status(player, NULL); - - spin_unlock_irqrestore(&player->irq_lock, flags); -+ mutex_unlock(&player->ctrl_lock); -+ - return 0; - } - -diff --git a/tools/include/linux/string.h b/tools/include/linux/string.h -index 6c3e2cc274c5..0ec646f127dc 100644 ---- a/tools/include/linux/string.h -+++ b/tools/include/linux/string.h -@@ -14,7 +14,15 @@ int strtobool(const char *s, bool *res); - * However uClibc headers also define __GLIBC__ hence the hack below - */ - #if defined(__GLIBC__) && !defined(__UCLIBC__) -+// pragma diagnostic was introduced in gcc 4.6 -+#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wredundant-decls" -+#endif - extern size_t strlcpy(char *dest, const char *src, size_t size); -+#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) -+#pragma GCC diagnostic pop -+#endif - #endif - - char *str_error_r(int errnum, char *buf, size_t buflen); -diff --git a/tools/lib/string.c b/tools/lib/string.c -index 93b3d4b6feac..ee0afcbdd696 100644 ---- a/tools/lib/string.c -+++ b/tools/lib/string.c -@@ -95,6 +95,10 @@ int strtobool(const char *s, bool *res) - * If libc has strlcpy() then that version will override this - * implementation: - */ -+#ifdef __clang__ -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wignored-attributes" -+#endif - size_t __weak strlcpy(char *dest, const char *src, size_t size) - { - size_t ret = strlen(src); -@@ -106,3 +110,6 @@ size_t __weak strlcpy(char *dest, const char *src, size_t size) - } - return ret; - } -+#ifdef __clang__ -+#pragma clang diagnostic pop -+#endif -diff --git a/tools/perf/builtin-c2c.c b/tools/perf/builtin-c2c.c -index bec7a2f1fb4d..264d458bfe2a 100644 ---- a/tools/perf/builtin-c2c.c -+++ b/tools/perf/builtin-c2c.c -@@ -528,8 +528,8 @@ tot_hitm_cmp(struct perf_hpp_fmt *fmt __maybe_unused, - { - struct c2c_hist_entry *c2c_left; - struct c2c_hist_entry *c2c_right; -- unsigned int tot_hitm_left; -- unsigned int tot_hitm_right; -+ uint64_t tot_hitm_left; -+ uint64_t tot_hitm_right; - - c2c_left = container_of(left, struct c2c_hist_entry, he); - c2c_right = container_of(right, struct c2c_hist_entry, he); -@@ -562,7 +562,8 @@ __f ## _cmp(struct perf_hpp_fmt *fmt __maybe_unused, \ - \ - c2c_left = container_of(left, struct c2c_hist_entry, he); \ - c2c_right = container_of(right, struct c2c_hist_entry, he); \ -- return c2c_left->stats.__f - c2c_right->stats.__f; \ -+ return (uint64_t) c2c_left->stats.__f - \ -+ (uint64_t) c2c_right->stats.__f; \ - } - - #define STAT_FN(__f) \ -@@ -615,7 +616,8 @@ ld_llcmiss_cmp(struct perf_hpp_fmt *fmt __maybe_unused, - c2c_left = container_of(left, struct c2c_hist_entry, he); - c2c_right = container_of(right, struct c2c_hist_entry, he); - -- return llc_miss(&c2c_left->stats) - llc_miss(&c2c_right->stats); -+ return (uint64_t) llc_miss(&c2c_left->stats) - -+ (uint64_t) llc_miss(&c2c_right->stats); - } - - static uint64_t total_records(struct c2c_stats *stats) -diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c -index 17b26661b2f6..429c3e140dc3 100644 ---- a/tools/perf/builtin-report.c -+++ b/tools/perf/builtin-report.c -@@ -342,10 +342,10 @@ static int report__setup_sample_type(struct report *rep) - PERF_SAMPLE_BRANCH_ANY)) - rep->nonany_branch_mode = true; - --#ifndef HAVE_LIBUNWIND_SUPPORT -+#if !defined(HAVE_LIBUNWIND_SUPPORT) && !defined(HAVE_DWARF_SUPPORT) - if (dwarf_callchain_users) { -- ui__warning("Please install libunwind development packages " -- "during the perf build.\n"); -+ ui__warning("Please install libunwind or libdw " -+ "development packages during the perf build.\n"); - } - #endif - diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.170-171.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.170-171.patch deleted file mode 100644 index ffeec633d0..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.170-171.patch +++ /dev/null @@ -1,14184 +0,0 @@ -diff --git a/Makefile b/Makefile -index b614291199f8..f2657f4838db 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 170 -+SUBLEVEL = 171 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/arch/arc/boot/dts/axs10x_mb.dtsi b/arch/arc/boot/dts/axs10x_mb.dtsi -index e114000a84f5..d825b9dbae5d 100644 ---- a/arch/arc/boot/dts/axs10x_mb.dtsi -+++ b/arch/arc/boot/dts/axs10x_mb.dtsi -@@ -70,6 +70,7 @@ - interrupt-names = "macirq"; - phy-mode = "rgmii"; - snps,pbl = < 32 >; -+ snps,multicast-filter-bins = <256>; - clocks = <&apbclk>; - clock-names = "stmmaceth"; - max-speed = <100>; -diff --git a/arch/arm/boot/dts/sama5d3.dtsi b/arch/arm/boot/dts/sama5d3.dtsi -index 554d0bdedc7a..f96b41ed5b96 100644 ---- a/arch/arm/boot/dts/sama5d3.dtsi -+++ b/arch/arm/boot/dts/sama5d3.dtsi -@@ -1185,49 +1185,49 @@ - usart0_clk: usart0_clk { - #clock-cells = <0>; - reg = <12>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - usart1_clk: usart1_clk { - #clock-cells = <0>; - reg = <13>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - usart2_clk: usart2_clk { - #clock-cells = <0>; - reg = <14>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - usart3_clk: usart3_clk { - #clock-cells = <0>; - reg = <15>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - uart0_clk: uart0_clk { - #clock-cells = <0>; - reg = <16>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - twi0_clk: twi0_clk { - reg = <18>; - #clock-cells = <0>; -- atmel,clk-output-range = <0 16625000>; -+ atmel,clk-output-range = <0 41500000>; - }; - - twi1_clk: twi1_clk { - #clock-cells = <0>; - reg = <19>; -- atmel,clk-output-range = <0 16625000>; -+ atmel,clk-output-range = <0 41500000>; - }; - - twi2_clk: twi2_clk { - #clock-cells = <0>; - reg = <20>; -- atmel,clk-output-range = <0 16625000>; -+ atmel,clk-output-range = <0 41500000>; - }; - - mci0_clk: mci0_clk { -@@ -1243,19 +1243,19 @@ - spi0_clk: spi0_clk { - #clock-cells = <0>; - reg = <24>; -- atmel,clk-output-range = <0 133000000>; -+ atmel,clk-output-range = <0 166000000>; - }; - - spi1_clk: spi1_clk { - #clock-cells = <0>; - reg = <25>; -- atmel,clk-output-range = <0 133000000>; -+ atmel,clk-output-range = <0 166000000>; - }; - - tcb0_clk: tcb0_clk { - #clock-cells = <0>; - reg = <26>; -- atmel,clk-output-range = <0 133000000>; -+ atmel,clk-output-range = <0 166000000>; - }; - - pwm_clk: pwm_clk { -@@ -1266,7 +1266,7 @@ - adc_clk: adc_clk { - #clock-cells = <0>; - reg = <29>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - dma0_clk: dma0_clk { -@@ -1297,13 +1297,13 @@ - ssc0_clk: ssc0_clk { - #clock-cells = <0>; - reg = <38>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - ssc1_clk: ssc1_clk { - #clock-cells = <0>; - reg = <39>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - sha_clk: sha_clk { -diff --git a/arch/arm/boot/dts/sama5d3_can.dtsi b/arch/arm/boot/dts/sama5d3_can.dtsi -index c5a3772741bf..0fac79f75c06 100644 ---- a/arch/arm/boot/dts/sama5d3_can.dtsi -+++ b/arch/arm/boot/dts/sama5d3_can.dtsi -@@ -37,13 +37,13 @@ - can0_clk: can0_clk { - #clock-cells = <0>; - reg = <40>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - can1_clk: can1_clk { - #clock-cells = <0>; - reg = <41>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - }; - }; -diff --git a/arch/arm/boot/dts/sama5d3_tcb1.dtsi b/arch/arm/boot/dts/sama5d3_tcb1.dtsi -index 801f9745e82f..b80dbc45a3c2 100644 ---- a/arch/arm/boot/dts/sama5d3_tcb1.dtsi -+++ b/arch/arm/boot/dts/sama5d3_tcb1.dtsi -@@ -23,6 +23,7 @@ - tcb1_clk: tcb1_clk { - #clock-cells = <0>; - reg = <27>; -+ atmel,clk-output-range = <0 166000000>; - }; - }; - }; -diff --git a/arch/arm/boot/dts/sama5d3_uart.dtsi b/arch/arm/boot/dts/sama5d3_uart.dtsi -index 186377d41c91..48e23d18e5e3 100644 ---- a/arch/arm/boot/dts/sama5d3_uart.dtsi -+++ b/arch/arm/boot/dts/sama5d3_uart.dtsi -@@ -42,13 +42,13 @@ - uart0_clk: uart0_clk { - #clock-cells = <0>; - reg = <16>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - - uart1_clk: uart1_clk { - #clock-cells = <0>; - reg = <17>; -- atmel,clk-output-range = <0 66000000>; -+ atmel,clk-output-range = <0 83000000>; - }; - }; - }; -diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h -index 98089ffd91bb..078dbd25cca4 100644 ---- a/arch/arm/include/asm/kvm_emulate.h -+++ b/arch/arm/include/asm/kvm_emulate.h -@@ -144,6 +144,11 @@ static inline bool kvm_vcpu_dabt_issext(struct kvm_vcpu *vcpu) - return kvm_vcpu_get_hsr(vcpu) & HSR_SSE; - } - -+static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu) -+{ -+ return false; -+} -+ - static inline int kvm_vcpu_dabt_get_rd(struct kvm_vcpu *vcpu) - { - return (kvm_vcpu_get_hsr(vcpu) & HSR_SRT_MASK) >> HSR_SRT_SHIFT; -diff --git a/arch/arm/include/asm/kvm_mmio.h b/arch/arm/include/asm/kvm_mmio.h -index f3a7de71f515..848339d76f9a 100644 ---- a/arch/arm/include/asm/kvm_mmio.h -+++ b/arch/arm/include/asm/kvm_mmio.h -@@ -26,6 +26,8 @@ - struct kvm_decode { - unsigned long rt; - bool sign_extend; -+ /* Not used on 32-bit arm */ -+ bool sixty_four; - }; - - void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data); -diff --git a/arch/arm/mach-tegra/sleep-tegra30.S b/arch/arm/mach-tegra/sleep-tegra30.S -index dd4a67dabd91..b7cd41461e7d 100644 ---- a/arch/arm/mach-tegra/sleep-tegra30.S -+++ b/arch/arm/mach-tegra/sleep-tegra30.S -@@ -382,6 +382,14 @@ _pll_m_c_x_done: - pll_locked r1, r0, CLK_RESET_PLLC_BASE - pll_locked r1, r0, CLK_RESET_PLLX_BASE - -+ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1 -+ cmp r1, #TEGRA30 -+ beq 1f -+ ldr r1, [r0, #CLK_RESET_PLLP_BASE] -+ bic r1, r1, #(1<<31) @ disable PllP bypass -+ str r1, [r0, #CLK_RESET_PLLP_BASE] -+1: -+ - mov32 r7, TEGRA_TMRUS_BASE - ldr r1, [r7] - add r1, r1, #LOCK_DELAY -@@ -641,7 +649,10 @@ tegra30_switch_cpu_to_clk32k: - str r0, [r4, #PMC_PLLP_WB0_OVERRIDE] - - /* disable PLLP, PLLA, PLLC and PLLX */ -+ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1 -+ cmp r1, #TEGRA30 - ldr r0, [r5, #CLK_RESET_PLLP_BASE] -+ orrne r0, r0, #(1 << 31) @ enable PllP bypass on fast cluster - bic r0, r0, #(1 << 30) - str r0, [r5, #CLK_RESET_PLLP_BASE] - ldr r0, [r5, #CLK_RESET_PLLA_BASE] -diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index 27a40101dd3a..fd26b5c92b44 100644 ---- a/arch/arm/mm/init.c -+++ b/arch/arm/mm/init.c -@@ -356,7 +356,7 @@ static inline void poison_init_mem(void *s, size_t count) - *p++ = 0xe7fddef0; - } - --static inline void -+static inline void __init - free_memmap(unsigned long start_pfn, unsigned long end_pfn) - { - struct page *start_pg, *end_pg; -diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h -index 2b55aee7c051..92f70a34c5e6 100644 ---- a/arch/arm64/include/asm/kvm_emulate.h -+++ b/arch/arm64/include/asm/kvm_emulate.h -@@ -188,6 +188,11 @@ static inline bool kvm_vcpu_dabt_issext(const struct kvm_vcpu *vcpu) - return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SSE); - } - -+static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu) -+{ -+ return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SF); -+} -+ - static inline int kvm_vcpu_dabt_get_rd(const struct kvm_vcpu *vcpu) - { - return (kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SRT_MASK) >> ESR_ELx_SRT_SHIFT; -diff --git a/arch/arm64/include/asm/kvm_mmio.h b/arch/arm64/include/asm/kvm_mmio.h -index 75ea42079757..0240290cf764 100644 ---- a/arch/arm64/include/asm/kvm_mmio.h -+++ b/arch/arm64/include/asm/kvm_mmio.h -@@ -21,13 +21,11 @@ - #include - #include - --/* -- * This is annoying. The mmio code requires this, even if we don't -- * need any decoding. To be fixed. -- */ - struct kvm_decode { - unsigned long rt; - bool sign_extend; -+ /* Witdth of the register accessed by the faulting instruction is 64-bits */ -+ bool sixty_four; - }; - - void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data); -diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 09c6499bc500..c477fd34a912 100644 ---- a/arch/arm64/kernel/cpufeature.c -+++ b/arch/arm64/kernel/cpufeature.c -@@ -1103,7 +1103,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { - { - /* FP/SIMD is not implemented */ - .capability = ARM64_HAS_NO_FPSIMD, -- .type = ARM64_CPUCAP_SYSTEM_FEATURE, -+ .type = ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE, - .min_field_value = 0, - .matches = has_no_fpsimd, - }, -diff --git a/arch/mips/Makefile.postlink b/arch/mips/Makefile.postlink -index 4eea4188cb20..13e0beb9eee3 100644 ---- a/arch/mips/Makefile.postlink -+++ b/arch/mips/Makefile.postlink -@@ -12,7 +12,7 @@ __archpost: - include scripts/Kbuild.include - - CMD_RELOCS = arch/mips/boot/tools/relocs --quiet_cmd_relocs = RELOCS $@ -+quiet_cmd_relocs = RELOCS $@ - cmd_relocs = $(CMD_RELOCS) $@ - - # `@true` prevents complaint when there is nothing to be done -diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index de3b07c7be30..277e4ffb928b 100644 ---- a/arch/powerpc/Kconfig -+++ b/arch/powerpc/Kconfig -@@ -225,6 +225,7 @@ config PPC - select MODULES_USE_ELF_RELA - select NO_BOOTMEM - select OF -+ select OF_DMA_DEFAULT_COHERENT if !NOT_COHERENT_CACHE - select OF_EARLY_FLATTREE - select OF_RESERVED_MEM - select OLD_SIGACTION if PPC32 -diff --git a/arch/powerpc/boot/4xx.c b/arch/powerpc/boot/4xx.c -index f7da65169124..3c8774163c7e 100644 ---- a/arch/powerpc/boot/4xx.c -+++ b/arch/powerpc/boot/4xx.c -@@ -232,7 +232,7 @@ void ibm4xx_denali_fixup_memsize(void) - dpath = 8; /* 64 bits */ - - /* get address pins (rows) */ -- val = SDRAM0_READ(DDR0_42); -+ val = SDRAM0_READ(DDR0_42); - - row = DDR_GET_VAL(val, DDR_APIN, DDR_APIN_SHIFT); - if (row > max_row) -diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c -index 7de26809340a..e4f81f014206 100644 ---- a/arch/powerpc/kvm/book3s_hv.c -+++ b/arch/powerpc/kvm/book3s_hv.c -@@ -1997,7 +1997,7 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm, - mutex_unlock(&kvm->lock); - - if (!vcore) -- goto free_vcpu; -+ goto uninit_vcpu; - - spin_lock(&vcore->lock); - ++vcore->num_threads; -@@ -2014,6 +2014,8 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm, - - return vcpu; - -+uninit_vcpu: -+ kvm_vcpu_uninit(vcpu); - free_vcpu: - kmem_cache_free(kvm_vcpu_cache, vcpu); - out: -diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c -index e2ef16198456..f5bbb188f18d 100644 ---- a/arch/powerpc/kvm/book3s_pr.c -+++ b/arch/powerpc/kvm/book3s_pr.c -@@ -1482,10 +1482,12 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_pr(struct kvm *kvm, - - err = kvmppc_mmu_init(vcpu); - if (err < 0) -- goto uninit_vcpu; -+ goto free_shared_page; - - return vcpu; - -+free_shared_page: -+ free_page((unsigned long)vcpu->arch.shared); - uninit_vcpu: - kvm_vcpu_uninit(vcpu); - free_shadow_vcpu: -diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c -index fdfce7a46d73..a0847be0b035 100644 ---- a/arch/powerpc/platforms/pseries/hotplug-memory.c -+++ b/arch/powerpc/platforms/pseries/hotplug-memory.c -@@ -452,8 +452,10 @@ static bool lmb_is_removable(struct of_drconf_cell *lmb) - - for (i = 0; i < scns_per_block; i++) { - pfn = PFN_DOWN(phys_addr); -- if (!pfn_present(pfn)) -+ if (!pfn_present(pfn)) { -+ phys_addr += MIN_MEMORY_BLOCK_SIZE; - continue; -+ } - - rc &= is_mem_section_removable(pfn, PAGES_PER_SECTION); - phys_addr += MIN_MEMORY_BLOCK_SIZE; -diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c -index 7c181467d0ad..0e4e22dfa6b5 100644 ---- a/arch/powerpc/platforms/pseries/iommu.c -+++ b/arch/powerpc/platforms/pseries/iommu.c -@@ -168,10 +168,10 @@ static unsigned long tce_get_pseries(struct iommu_table *tbl, long index) - return be64_to_cpu(*tcep); - } - --static void tce_free_pSeriesLP(struct iommu_table*, long, long); -+static void tce_free_pSeriesLP(unsigned long liobn, long, long); - static void tce_freemulti_pSeriesLP(struct iommu_table*, long, long); - --static int tce_build_pSeriesLP(struct iommu_table *tbl, long tcenum, -+static int tce_build_pSeriesLP(unsigned long liobn, long tcenum, long tceshift, - long npages, unsigned long uaddr, - enum dma_data_direction direction, - unsigned long attrs) -@@ -182,25 +182,25 @@ static int tce_build_pSeriesLP(struct iommu_table *tbl, long tcenum, - int ret = 0; - long tcenum_start = tcenum, npages_start = npages; - -- rpn = __pa(uaddr) >> TCE_SHIFT; -+ rpn = __pa(uaddr) >> tceshift; - proto_tce = TCE_PCI_READ; - if (direction != DMA_TO_DEVICE) - proto_tce |= TCE_PCI_WRITE; - - while (npages--) { -- tce = proto_tce | (rpn & TCE_RPN_MASK) << TCE_RPN_SHIFT; -- rc = plpar_tce_put((u64)tbl->it_index, (u64)tcenum << 12, tce); -+ tce = proto_tce | (rpn & TCE_RPN_MASK) << tceshift; -+ rc = plpar_tce_put((u64)liobn, (u64)tcenum << tceshift, tce); - - if (unlikely(rc == H_NOT_ENOUGH_RESOURCES)) { - ret = (int)rc; -- tce_free_pSeriesLP(tbl, tcenum_start, -+ tce_free_pSeriesLP(liobn, tcenum_start, - (npages_start - (npages + 1))); - break; - } - - if (rc && printk_ratelimit()) { - printk("tce_build_pSeriesLP: plpar_tce_put failed. rc=%lld\n", rc); -- printk("\tindex = 0x%llx\n", (u64)tbl->it_index); -+ printk("\tindex = 0x%llx\n", (u64)liobn); - printk("\ttcenum = 0x%llx\n", (u64)tcenum); - printk("\ttce val = 0x%llx\n", tce ); - dump_stack(); -@@ -229,7 +229,8 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, - unsigned long flags; - - if ((npages == 1) || !firmware_has_feature(FW_FEATURE_MULTITCE)) { -- return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr, -+ return tce_build_pSeriesLP(tbl->it_index, tcenum, -+ tbl->it_page_shift, npages, uaddr, - direction, attrs); - } - -@@ -245,8 +246,9 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, - /* If allocation fails, fall back to the loop implementation */ - if (!tcep) { - local_irq_restore(flags); -- return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr, -- direction, attrs); -+ return tce_build_pSeriesLP(tbl->it_index, tcenum, -+ tbl->it_page_shift, -+ npages, uaddr, direction, attrs); - } - __this_cpu_write(tce_page, tcep); - } -@@ -297,16 +299,16 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, - return ret; - } - --static void tce_free_pSeriesLP(struct iommu_table *tbl, long tcenum, long npages) -+static void tce_free_pSeriesLP(unsigned long liobn, long tcenum, long npages) - { - u64 rc; - - while (npages--) { -- rc = plpar_tce_put((u64)tbl->it_index, (u64)tcenum << 12, 0); -+ rc = plpar_tce_put((u64)liobn, (u64)tcenum << 12, 0); - - if (rc && printk_ratelimit()) { - printk("tce_free_pSeriesLP: plpar_tce_put failed. rc=%lld\n", rc); -- printk("\tindex = 0x%llx\n", (u64)tbl->it_index); -+ printk("\tindex = 0x%llx\n", (u64)liobn); - printk("\ttcenum = 0x%llx\n", (u64)tcenum); - dump_stack(); - } -@@ -321,7 +323,7 @@ static void tce_freemulti_pSeriesLP(struct iommu_table *tbl, long tcenum, long n - u64 rc; - - if (!firmware_has_feature(FW_FEATURE_MULTITCE)) -- return tce_free_pSeriesLP(tbl, tcenum, npages); -+ return tce_free_pSeriesLP(tbl->it_index, tcenum, npages); - - rc = plpar_tce_stuff((u64)tbl->it_index, (u64)tcenum << 12, 0, npages); - -@@ -436,6 +438,19 @@ static int tce_setrange_multi_pSeriesLP(unsigned long start_pfn, - u64 rc = 0; - long l, limit; - -+ if (!firmware_has_feature(FW_FEATURE_MULTITCE)) { -+ unsigned long tceshift = be32_to_cpu(maprange->tce_shift); -+ unsigned long dmastart = (start_pfn << PAGE_SHIFT) + -+ be64_to_cpu(maprange->dma_base); -+ unsigned long tcenum = dmastart >> tceshift; -+ unsigned long npages = num_pfn << PAGE_SHIFT >> tceshift; -+ void *uaddr = __va(start_pfn << PAGE_SHIFT); -+ -+ return tce_build_pSeriesLP(be32_to_cpu(maprange->liobn), -+ tcenum, tceshift, npages, (unsigned long) uaddr, -+ DMA_BIDIRECTIONAL, 0); -+ } -+ - local_irq_disable(); /* to protect tcep and the page behind it */ - tcep = __this_cpu_read(tce_page); - -diff --git a/arch/powerpc/platforms/pseries/vio.c b/arch/powerpc/platforms/pseries/vio.c -index d86938260a86..fc778865a412 100644 ---- a/arch/powerpc/platforms/pseries/vio.c -+++ b/arch/powerpc/platforms/pseries/vio.c -@@ -1195,6 +1195,8 @@ static struct iommu_table *vio_build_iommu_table(struct vio_dev *dev) - if (tbl == NULL) - return NULL; - -+ kref_init(&tbl->it_kref); -+ - of_parse_dma_window(dev->dev.of_node, dma_window, - &tbl->it_index, &offset, &size); - -diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c -index 51a53fd51722..0885993b2fb4 100644 ---- a/arch/powerpc/xmon/xmon.c -+++ b/arch/powerpc/xmon/xmon.c -@@ -1830,15 +1830,14 @@ static void dump_300_sprs(void) - - printf("pidr = %.16lx tidr = %.16lx\n", - mfspr(SPRN_PID), mfspr(SPRN_TIDR)); -- printf("asdr = %.16lx psscr = %.16lx\n", -- mfspr(SPRN_ASDR), hv ? mfspr(SPRN_PSSCR) -- : mfspr(SPRN_PSSCR_PR)); -+ printf("psscr = %.16lx\n", -+ hv ? mfspr(SPRN_PSSCR) : mfspr(SPRN_PSSCR_PR)); - - if (!hv) - return; - -- printf("ptcr = %.16lx\n", -- mfspr(SPRN_PTCR)); -+ printf("ptcr = %.16lx asdr = %.16lx\n", -+ mfspr(SPRN_PTCR), mfspr(SPRN_ASDR)); - #endif - } - -diff --git a/arch/s390/include/asm/page.h b/arch/s390/include/asm/page.h -index 41e3908b397f..779c589b7089 100644 ---- a/arch/s390/include/asm/page.h -+++ b/arch/s390/include/asm/page.h -@@ -33,6 +33,8 @@ - #define ARCH_HAS_PREPARE_HUGEPAGE - #define ARCH_HAS_HUGEPAGE_CLEAR_FLUSH - -+#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA -+ - #include - #ifndef __ASSEMBLY__ - -diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c -index 91c24e87fe10..46fee3f4dedd 100644 ---- a/arch/s390/kvm/kvm-s390.c -+++ b/arch/s390/kvm/kvm-s390.c -@@ -2384,9 +2384,7 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu) - memset(vcpu->arch.sie_block->gcr, 0, 16 * sizeof(__u64)); - vcpu->arch.sie_block->gcr[0] = 0xE0UL; - vcpu->arch.sie_block->gcr[14] = 0xC2000000UL; -- /* make sure the new fpc will be lazily loaded */ -- save_fpu_regs(); -- current->thread.fpu.fpc = 0; -+ vcpu->run->s.regs.fpc = 0; - vcpu->arch.sie_block->gbea = 1; - vcpu->arch.sie_block->pp = 0; - vcpu->arch.sie_block->fpf &= ~FPF_BPBC; -@@ -3753,7 +3751,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp, - } - case KVM_S390_STORE_STATUS: - idx = srcu_read_lock(&vcpu->kvm->srcu); -- r = kvm_s390_vcpu_store_status(vcpu, arg); -+ r = kvm_s390_store_status_unloaded(vcpu, arg); - srcu_read_unlock(&vcpu->kvm->srcu, idx); - break; - case KVM_S390_SET_INITIAL_PSW: { -diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c -index e804090f4470..e19ea9ebe960 100644 ---- a/arch/s390/mm/hugetlbpage.c -+++ b/arch/s390/mm/hugetlbpage.c -@@ -2,7 +2,7 @@ - /* - * IBM System z Huge TLB Page Support for Kernel. - * -- * Copyright IBM Corp. 2007,2016 -+ * Copyright IBM Corp. 2007,2020 - * Author(s): Gerald Schaefer - */ - -@@ -11,6 +11,9 @@ - - #include - #include -+#include -+#include -+#include - - /* - * If the bit selected by single-bit bitmask "a" is set within "x", move -@@ -243,3 +246,98 @@ static __init int setup_hugepagesz(char *opt) - return 1; - } - __setup("hugepagesz=", setup_hugepagesz); -+ -+static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, -+ unsigned long addr, unsigned long len, -+ unsigned long pgoff, unsigned long flags) -+{ -+ struct hstate *h = hstate_file(file); -+ struct vm_unmapped_area_info info; -+ -+ info.flags = 0; -+ info.length = len; -+ info.low_limit = current->mm->mmap_base; -+ info.high_limit = TASK_SIZE; -+ info.align_mask = PAGE_MASK & ~huge_page_mask(h); -+ info.align_offset = 0; -+ return vm_unmapped_area(&info); -+} -+ -+static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, -+ unsigned long addr0, unsigned long len, -+ unsigned long pgoff, unsigned long flags) -+{ -+ struct hstate *h = hstate_file(file); -+ struct vm_unmapped_area_info info; -+ unsigned long addr; -+ -+ info.flags = VM_UNMAPPED_AREA_TOPDOWN; -+ info.length = len; -+ info.low_limit = max(PAGE_SIZE, mmap_min_addr); -+ info.high_limit = current->mm->mmap_base; -+ info.align_mask = PAGE_MASK & ~huge_page_mask(h); -+ info.align_offset = 0; -+ addr = vm_unmapped_area(&info); -+ -+ /* -+ * A failed mmap() very likely causes application failure, -+ * so fall back to the bottom-up function here. This scenario -+ * can happen with large stack limits and large mmap() -+ * allocations. -+ */ -+ if (addr & ~PAGE_MASK) { -+ VM_BUG_ON(addr != -ENOMEM); -+ info.flags = 0; -+ info.low_limit = TASK_UNMAPPED_BASE; -+ info.high_limit = TASK_SIZE; -+ addr = vm_unmapped_area(&info); -+ } -+ -+ return addr; -+} -+ -+unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, -+ unsigned long len, unsigned long pgoff, unsigned long flags) -+{ -+ struct hstate *h = hstate_file(file); -+ struct mm_struct *mm = current->mm; -+ struct vm_area_struct *vma; -+ int rc; -+ -+ if (len & ~huge_page_mask(h)) -+ return -EINVAL; -+ if (len > TASK_SIZE - mmap_min_addr) -+ return -ENOMEM; -+ -+ if (flags & MAP_FIXED) { -+ if (prepare_hugepage_range(file, addr, len)) -+ return -EINVAL; -+ goto check_asce_limit; -+ } -+ -+ if (addr) { -+ addr = ALIGN(addr, huge_page_size(h)); -+ vma = find_vma(mm, addr); -+ if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -+ (!vma || addr + len <= vm_start_gap(vma))) -+ goto check_asce_limit; -+ } -+ -+ if (mm->get_unmapped_area == arch_get_unmapped_area) -+ addr = hugetlb_get_unmapped_area_bottomup(file, addr, len, -+ pgoff, flags); -+ else -+ addr = hugetlb_get_unmapped_area_topdown(file, addr, len, -+ pgoff, flags); -+ if (addr & ~PAGE_MASK) -+ return addr; -+ -+check_asce_limit: -+ if (addr + len > current->mm->context.asce_limit && -+ addr + len <= TASK_SIZE) { -+ rc = crst_table_upgrade(mm, addr + len); -+ if (rc) -+ return (unsigned long) rc; -+ } -+ return addr; -+} -diff --git a/arch/sparc/include/uapi/asm/ipcbuf.h b/arch/sparc/include/uapi/asm/ipcbuf.h -index 9d0d125500e2..084b8949ddff 100644 ---- a/arch/sparc/include/uapi/asm/ipcbuf.h -+++ b/arch/sparc/include/uapi/asm/ipcbuf.h -@@ -15,19 +15,19 @@ - - struct ipc64_perm - { -- __kernel_key_t key; -- __kernel_uid_t uid; -- __kernel_gid_t gid; -- __kernel_uid_t cuid; -- __kernel_gid_t cgid; -+ __kernel_key_t key; -+ __kernel_uid32_t uid; -+ __kernel_gid32_t gid; -+ __kernel_uid32_t cuid; -+ __kernel_gid32_t cgid; - #ifndef __arch64__ -- unsigned short __pad0; -+ unsigned short __pad0; - #endif -- __kernel_mode_t mode; -- unsigned short __pad1; -- unsigned short seq; -- unsigned long long __unused1; -- unsigned long long __unused2; -+ __kernel_mode_t mode; -+ unsigned short __pad1; -+ unsigned short seq; -+ unsigned long long __unused1; -+ unsigned long long __unused2; - }; - - #endif /* __SPARC_IPCBUF_H */ -diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c -index 3e20d322bc98..032509adf9de 100644 ---- a/arch/x86/kernel/cpu/tsx.c -+++ b/arch/x86/kernel/cpu/tsx.c -@@ -115,11 +115,12 @@ void __init tsx_init(void) - tsx_disable(); - - /* -- * tsx_disable() will change the state of the -- * RTM CPUID bit. Clear it here since it is now -- * expected to be not set. -+ * tsx_disable() will change the state of the RTM and HLE CPUID -+ * bits. Clear them here since they are now expected to be not -+ * set. - */ - setup_clear_cpu_cap(X86_FEATURE_RTM); -+ setup_clear_cpu_cap(X86_FEATURE_HLE); - } else if (tsx_ctrl_state == TSX_CTRL_ENABLE) { - - /* -@@ -131,10 +132,10 @@ void __init tsx_init(void) - tsx_enable(); - - /* -- * tsx_enable() will change the state of the -- * RTM CPUID bit. Force it here since it is now -- * expected to be set. -+ * tsx_enable() will change the state of the RTM and HLE CPUID -+ * bits. Force them here since they are now expected to be set. - */ - setup_force_cpu_cap(X86_FEATURE_RTM); -+ setup_force_cpu_cap(X86_FEATURE_HLE); - } - } -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index eb8b843325f4..041b9b05fae1 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -5094,16 +5094,28 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len) - ctxt->ad_bytes = def_ad_bytes ^ 6; - break; - case 0x26: /* ES override */ -+ has_seg_override = true; -+ ctxt->seg_override = VCPU_SREG_ES; -+ break; - case 0x2e: /* CS override */ -+ has_seg_override = true; -+ ctxt->seg_override = VCPU_SREG_CS; -+ break; - case 0x36: /* SS override */ -+ has_seg_override = true; -+ ctxt->seg_override = VCPU_SREG_SS; -+ break; - case 0x3e: /* DS override */ - has_seg_override = true; -- ctxt->seg_override = (ctxt->b >> 3) & 3; -+ ctxt->seg_override = VCPU_SREG_DS; - break; - case 0x64: /* FS override */ -+ has_seg_override = true; -+ ctxt->seg_override = VCPU_SREG_FS; -+ break; - case 0x65: /* GS override */ - has_seg_override = true; -- ctxt->seg_override = ctxt->b & 7; -+ ctxt->seg_override = VCPU_SREG_GS; - break; - case 0x40 ... 0x4f: /* REX */ - if (mode != X86EMUL_MODE_PROT64) -@@ -5187,10 +5199,15 @@ done_prefixes: - } - break; - case Escape: -- if (ctxt->modrm > 0xbf) -- opcode = opcode.u.esc->high[ctxt->modrm - 0xc0]; -- else -+ if (ctxt->modrm > 0xbf) { -+ size_t size = ARRAY_SIZE(opcode.u.esc->high); -+ u32 index = array_index_nospec( -+ ctxt->modrm - 0xc0, size); -+ -+ opcode = opcode.u.esc->high[index]; -+ } else { - opcode = opcode.u.esc->op[(ctxt->modrm >> 3) & 7]; -+ } - break; - case InstrDual: - if ((ctxt->modrm >> 6) == 3) -diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c -index 5d13abecb384..2fba82b06c2d 100644 ---- a/arch/x86/kvm/hyperv.c -+++ b/arch/x86/kvm/hyperv.c -@@ -747,11 +747,12 @@ static int kvm_hv_msr_get_crash_data(struct kvm_vcpu *vcpu, - u32 index, u64 *pdata) - { - struct kvm_hv *hv = &vcpu->kvm->arch.hyperv; -+ size_t size = ARRAY_SIZE(hv->hv_crash_param); - -- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param))) -+ if (WARN_ON_ONCE(index >= size)) - return -EINVAL; - -- *pdata = hv->hv_crash_param[index]; -+ *pdata = hv->hv_crash_param[array_index_nospec(index, size)]; - return 0; - } - -@@ -790,11 +791,12 @@ static int kvm_hv_msr_set_crash_data(struct kvm_vcpu *vcpu, - u32 index, u64 data) - { - struct kvm_hv *hv = &vcpu->kvm->arch.hyperv; -+ size_t size = ARRAY_SIZE(hv->hv_crash_param); - -- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param))) -+ if (WARN_ON_ONCE(index >= size)) - return -EINVAL; - -- hv->hv_crash_param[index] = data; -+ hv->hv_crash_param[array_index_nospec(index, size)] = data; - return 0; - } - -diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c -index bdcd4139eca9..38a36a1cc87f 100644 ---- a/arch/x86/kvm/i8259.c -+++ b/arch/x86/kvm/i8259.c -@@ -460,10 +460,14 @@ static int picdev_write(struct kvm_pic *s, - switch (addr) { - case 0x20: - case 0x21: -+ pic_lock(s); -+ pic_ioport_write(&s->pics[0], addr, data); -+ pic_unlock(s); -+ break; - case 0xa0: - case 0xa1: - pic_lock(s); -- pic_ioport_write(&s->pics[addr >> 7], addr, data); -+ pic_ioport_write(&s->pics[1], addr, data); - pic_unlock(s); - break; - case 0x4d0: -diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c -index 9d270ba9643c..dab6940ea99c 100644 ---- a/arch/x86/kvm/ioapic.c -+++ b/arch/x86/kvm/ioapic.c -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -73,13 +74,14 @@ static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic, - default: - { - u32 redir_index = (ioapic->ioregsel - 0x10) >> 1; -- u64 redir_content; -+ u64 redir_content = ~0ULL; - -- if (redir_index < IOAPIC_NUM_PINS) -- redir_content = -- ioapic->redirtbl[redir_index].bits; -- else -- redir_content = ~0ULL; -+ if (redir_index < IOAPIC_NUM_PINS) { -+ u32 index = array_index_nospec( -+ redir_index, IOAPIC_NUM_PINS); -+ -+ redir_content = ioapic->redirtbl[index].bits; -+ } - - result = (ioapic->ioregsel & 0x1) ? - (redir_content >> 32) & 0xffffffff : -@@ -297,6 +299,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val) - ioapic_debug("change redir index %x val %x\n", index, val); - if (index >= IOAPIC_NUM_PINS) - return; -+ index = array_index_nospec(index, IOAPIC_NUM_PINS); - e = &ioapic->redirtbl[index]; - mask_before = e->fields.mask; - /* Preserve read-only fields */ -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 2307f63efd20..8715711f2755 100644 ---- a/arch/x86/kvm/lapic.c -+++ b/arch/x86/kvm/lapic.c -@@ -1754,15 +1754,20 @@ int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVT1: -- case APIC_LVTERR: -+ case APIC_LVTERR: { - /* TODO: Check vector */ -+ size_t size; -+ u32 index; -+ - if (!kvm_apic_sw_enabled(apic)) - val |= APIC_LVT_MASKED; -- -- val &= apic_lvt_mask[(reg - APIC_LVTT) >> 4]; -+ size = ARRAY_SIZE(apic_lvt_mask); -+ index = array_index_nospec( -+ (reg - APIC_LVTT) >> 4, size); -+ val &= apic_lvt_mask[index]; - kvm_lapic_set_reg(apic, reg, val); -- - break; -+ } - - case APIC_LVTT: - if (!kvm_apic_sw_enabled(apic)) -diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index c0b0135ef07f..e5af08b58132 100644 ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -1165,12 +1165,12 @@ static bool mmu_gfn_lpage_is_disallowed(struct kvm_vcpu *vcpu, gfn_t gfn, - return __mmu_gfn_lpage_is_disallowed(gfn, level, slot); - } - --static int host_mapping_level(struct kvm *kvm, gfn_t gfn) -+static int host_mapping_level(struct kvm_vcpu *vcpu, gfn_t gfn) - { - unsigned long page_size; - int i, ret = 0; - -- page_size = kvm_host_page_size(kvm, gfn); -+ page_size = kvm_host_page_size(vcpu, gfn); - - for (i = PT_PAGE_TABLE_LEVEL; i <= PT_MAX_HUGEPAGE_LEVEL; ++i) { - if (page_size >= KVM_HPAGE_SIZE(i)) -@@ -1220,7 +1220,7 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn, - if (unlikely(*force_pt_level)) - return PT_PAGE_TABLE_LEVEL; - -- host_level = host_mapping_level(vcpu->kvm, large_gfn); -+ host_level = host_mapping_level(vcpu, large_gfn); - - if (host_level == PT_PAGE_TABLE_LEVEL) - return host_level; -diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c -index e9ea2d45ae66..1209447d6014 100644 ---- a/arch/x86/kvm/mtrr.c -+++ b/arch/x86/kvm/mtrr.c -@@ -202,11 +202,15 @@ static bool fixed_msr_to_seg_unit(u32 msr, int *seg, int *unit) - break; - case MSR_MTRRfix16K_80000 ... MSR_MTRRfix16K_A0000: - *seg = 1; -- *unit = msr - MSR_MTRRfix16K_80000; -+ *unit = array_index_nospec( -+ msr - MSR_MTRRfix16K_80000, -+ MSR_MTRRfix16K_A0000 - MSR_MTRRfix16K_80000 + 1); - break; - case MSR_MTRRfix4K_C0000 ... MSR_MTRRfix4K_F8000: - *seg = 2; -- *unit = msr - MSR_MTRRfix4K_C0000; -+ *unit = array_index_nospec( -+ msr - MSR_MTRRfix4K_C0000, -+ MSR_MTRRfix4K_F8000 - MSR_MTRRfix4K_C0000 + 1); - break; - default: - return false; -diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h -index a9a62b9a73e2..c67a636b268f 100644 ---- a/arch/x86/kvm/pmu.h -+++ b/arch/x86/kvm/pmu.h -@@ -2,6 +2,8 @@ - #ifndef __KVM_X86_PMU_H - #define __KVM_X86_PMU_H - -+#include -+ - #define vcpu_to_pmu(vcpu) (&(vcpu)->arch.pmu) - #define pmu_to_vcpu(pmu) (container_of((pmu), struct kvm_vcpu, arch.pmu)) - #define pmc_to_pmu(pmc) (&(pmc)->vcpu->arch.pmu) -@@ -81,8 +83,12 @@ static inline bool pmc_is_enabled(struct kvm_pmc *pmc) - static inline struct kvm_pmc *get_gp_pmc(struct kvm_pmu *pmu, u32 msr, - u32 base) - { -- if (msr >= base && msr < base + pmu->nr_arch_gp_counters) -- return &pmu->gp_counters[msr - base]; -+ if (msr >= base && msr < base + pmu->nr_arch_gp_counters) { -+ u32 index = array_index_nospec(msr - base, -+ pmu->nr_arch_gp_counters); -+ -+ return &pmu->gp_counters[index]; -+ } - - return NULL; - } -@@ -92,8 +98,12 @@ static inline struct kvm_pmc *get_fixed_pmc(struct kvm_pmu *pmu, u32 msr) - { - int base = MSR_CORE_PERF_FIXED_CTR0; - -- if (msr >= base && msr < base + pmu->nr_arch_fixed_counters) -- return &pmu->fixed_counters[msr - base]; -+ if (msr >= base && msr < base + pmu->nr_arch_fixed_counters) { -+ u32 index = array_index_nospec(msr - base, -+ pmu->nr_arch_fixed_counters); -+ -+ return &pmu->fixed_counters[index]; -+ } - - return NULL; - } -diff --git a/arch/x86/kvm/pmu_intel.c b/arch/x86/kvm/pmu_intel.c -index 2729131fe9bf..84ae4dd261ca 100644 ---- a/arch/x86/kvm/pmu_intel.c -+++ b/arch/x86/kvm/pmu_intel.c -@@ -87,10 +87,14 @@ static unsigned intel_find_arch_event(struct kvm_pmu *pmu, - - static unsigned intel_find_fixed_event(int idx) - { -- if (idx >= ARRAY_SIZE(fixed_pmc_events)) -+ u32 event; -+ size_t size = ARRAY_SIZE(fixed_pmc_events); -+ -+ if (idx >= size) - return PERF_COUNT_HW_MAX; - -- return intel_arch_events[fixed_pmc_events[idx]].event_type; -+ event = fixed_pmc_events[array_index_nospec(idx, size)]; -+ return intel_arch_events[event].event_type; - } - - /* check if a PMC is enabled by comparing it with globl_ctrl bits. */ -@@ -131,15 +135,19 @@ static struct kvm_pmc *intel_msr_idx_to_pmc(struct kvm_vcpu *vcpu, - struct kvm_pmu *pmu = vcpu_to_pmu(vcpu); - bool fixed = idx & (1u << 30); - struct kvm_pmc *counters; -+ unsigned int num_counters; - - idx &= ~(3u << 30); -- if (!fixed && idx >= pmu->nr_arch_gp_counters) -- return NULL; -- if (fixed && idx >= pmu->nr_arch_fixed_counters) -+ if (fixed) { -+ counters = pmu->fixed_counters; -+ num_counters = pmu->nr_arch_fixed_counters; -+ } else { -+ counters = pmu->gp_counters; -+ num_counters = pmu->nr_arch_gp_counters; -+ } -+ if (idx >= num_counters) - return NULL; -- counters = fixed ? pmu->fixed_counters : pmu->gp_counters; -- -- return &counters[idx]; -+ return &counters[array_index_nospec(idx, num_counters)]; - } - - static bool intel_is_valid_msr(struct kvm_vcpu *vcpu, u32 msr) -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index c579cda1721e..809d1b031fd9 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -8014,8 +8014,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu) - /* _system ok, nested_vmx_check_permission has verified cpl=0 */ - if (kvm_write_guest_virt_system(vcpu, gva, &field_value, - (is_long_mode(vcpu) ? 8 : 4), -- &e)) -+ &e)) { - kvm_inject_page_fault(vcpu, &e); -+ return 1; -+ } - } - - nested_vmx_succeed(vcpu); -diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c -new file mode 100644 -index 000000000000..3791ce8d269e ---- /dev/null -+++ b/arch/x86/kvm/vmx/vmx.c -@@ -0,0 +1,8033 @@ -+// SPDX-License-Identifier: GPL-2.0-only -+/* -+ * Kernel-based Virtual Machine driver for Linux -+ * -+ * This module enables machines with Intel VT-x extensions to run virtual -+ * machines without emulation or binary translation. -+ * -+ * Copyright (C) 2006 Qumranet, Inc. -+ * Copyright 2010 Red Hat, Inc. and/or its affiliates. -+ * -+ * Authors: -+ * Avi Kivity -+ * Yaniv Kamay -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "capabilities.h" -+#include "cpuid.h" -+#include "evmcs.h" -+#include "irq.h" -+#include "kvm_cache_regs.h" -+#include "lapic.h" -+#include "mmu.h" -+#include "nested.h" -+#include "ops.h" -+#include "pmu.h" -+#include "trace.h" -+#include "vmcs.h" -+#include "vmcs12.h" -+#include "vmx.h" -+#include "x86.h" -+ -+MODULE_AUTHOR("Qumranet"); -+MODULE_LICENSE("GPL"); -+ -+static const struct x86_cpu_id vmx_cpu_id[] = { -+ X86_FEATURE_MATCH(X86_FEATURE_VMX), -+ {} -+}; -+MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id); -+ -+bool __read_mostly enable_vpid = 1; -+module_param_named(vpid, enable_vpid, bool, 0444); -+ -+static bool __read_mostly enable_vnmi = 1; -+module_param_named(vnmi, enable_vnmi, bool, S_IRUGO); -+ -+bool __read_mostly flexpriority_enabled = 1; -+module_param_named(flexpriority, flexpriority_enabled, bool, S_IRUGO); -+ -+bool __read_mostly enable_ept = 1; -+module_param_named(ept, enable_ept, bool, S_IRUGO); -+ -+bool __read_mostly enable_unrestricted_guest = 1; -+module_param_named(unrestricted_guest, -+ enable_unrestricted_guest, bool, S_IRUGO); -+ -+bool __read_mostly enable_ept_ad_bits = 1; -+module_param_named(eptad, enable_ept_ad_bits, bool, S_IRUGO); -+ -+static bool __read_mostly emulate_invalid_guest_state = true; -+module_param(emulate_invalid_guest_state, bool, S_IRUGO); -+ -+static bool __read_mostly fasteoi = 1; -+module_param(fasteoi, bool, S_IRUGO); -+ -+static bool __read_mostly enable_apicv = 1; -+module_param(enable_apicv, bool, S_IRUGO); -+ -+/* -+ * If nested=1, nested virtualization is supported, i.e., guests may use -+ * VMX and be a hypervisor for its own guests. If nested=0, guests may not -+ * use VMX instructions. -+ */ -+static bool __read_mostly nested = 1; -+module_param(nested, bool, S_IRUGO); -+ -+bool __read_mostly enable_pml = 1; -+module_param_named(pml, enable_pml, bool, S_IRUGO); -+ -+static bool __read_mostly dump_invalid_vmcs = 0; -+module_param(dump_invalid_vmcs, bool, 0644); -+ -+#define MSR_BITMAP_MODE_X2APIC 1 -+#define MSR_BITMAP_MODE_X2APIC_APICV 2 -+ -+#define KVM_VMX_TSC_MULTIPLIER_MAX 0xffffffffffffffffULL -+ -+/* Guest_tsc -> host_tsc conversion requires 64-bit division. */ -+static int __read_mostly cpu_preemption_timer_multi; -+static bool __read_mostly enable_preemption_timer = 1; -+#ifdef CONFIG_X86_64 -+module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO); -+#endif -+ -+#define KVM_VM_CR0_ALWAYS_OFF (X86_CR0_NW | X86_CR0_CD) -+#define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR0_NE -+#define KVM_VM_CR0_ALWAYS_ON \ -+ (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | \ -+ X86_CR0_WP | X86_CR0_PG | X86_CR0_PE) -+#define KVM_CR4_GUEST_OWNED_BITS \ -+ (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ -+ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_TSD) -+ -+#define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR4_VMXE -+#define KVM_PMODE_VM_CR4_ALWAYS_ON (X86_CR4_PAE | X86_CR4_VMXE) -+#define KVM_RMODE_VM_CR4_ALWAYS_ON (X86_CR4_VME | X86_CR4_PAE | X86_CR4_VMXE) -+ -+#define RMODE_GUEST_OWNED_EFLAGS_BITS (~(X86_EFLAGS_IOPL | X86_EFLAGS_VM)) -+ -+#define MSR_IA32_RTIT_STATUS_MASK (~(RTIT_STATUS_FILTEREN | \ -+ RTIT_STATUS_CONTEXTEN | RTIT_STATUS_TRIGGEREN | \ -+ RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \ -+ RTIT_STATUS_BYTECNT)) -+ -+#define MSR_IA32_RTIT_OUTPUT_BASE_MASK \ -+ (~((1UL << cpuid_query_maxphyaddr(vcpu)) - 1) | 0x7f) -+ -+/* -+ * These 2 parameters are used to config the controls for Pause-Loop Exiting: -+ * ple_gap: upper bound on the amount of time between two successive -+ * executions of PAUSE in a loop. Also indicate if ple enabled. -+ * According to test, this time is usually smaller than 128 cycles. -+ * ple_window: upper bound on the amount of time a guest is allowed to execute -+ * in a PAUSE loop. Tests indicate that most spinlocks are held for -+ * less than 2^12 cycles -+ * Time is measured based on a counter that runs at the same rate as the TSC, -+ * refer SDM volume 3b section 21.6.13 & 22.1.3. -+ */ -+static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; -+module_param(ple_gap, uint, 0444); -+ -+static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; -+module_param(ple_window, uint, 0444); -+ -+/* Default doubles per-vcpu window every exit. */ -+static unsigned int ple_window_grow = KVM_DEFAULT_PLE_WINDOW_GROW; -+module_param(ple_window_grow, uint, 0444); -+ -+/* Default resets per-vcpu window every exit to ple_window. */ -+static unsigned int ple_window_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK; -+module_param(ple_window_shrink, uint, 0444); -+ -+/* Default is to compute the maximum so we can never overflow. */ -+static unsigned int ple_window_max = KVM_VMX_DEFAULT_PLE_WINDOW_MAX; -+module_param(ple_window_max, uint, 0444); -+ -+/* Default is SYSTEM mode, 1 for host-guest mode */ -+int __read_mostly pt_mode = PT_MODE_SYSTEM; -+module_param(pt_mode, int, S_IRUGO); -+ -+static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush); -+static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond); -+static DEFINE_MUTEX(vmx_l1d_flush_mutex); -+ -+/* Storage for pre module init parameter parsing */ -+static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO; -+ -+static const struct { -+ const char *option; -+ bool for_parse; -+} vmentry_l1d_param[] = { -+ [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, -+ [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, -+ [VMENTER_L1D_FLUSH_COND] = {"cond", true}, -+ [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, -+ [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, -+ [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, -+}; -+ -+#define L1D_CACHE_ORDER 4 -+static void *vmx_l1d_flush_pages; -+ -+static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) -+{ -+ struct page *page; -+ unsigned int i; -+ -+ if (!boot_cpu_has_bug(X86_BUG_L1TF)) { -+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; -+ return 0; -+ } -+ -+ if (!enable_ept) { -+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED; -+ return 0; -+ } -+ -+ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) { -+ u64 msr; -+ -+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr); -+ if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) { -+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; -+ return 0; -+ } -+ } -+ -+ /* If set to auto use the default l1tf mitigation method */ -+ if (l1tf == VMENTER_L1D_FLUSH_AUTO) { -+ switch (l1tf_mitigation) { -+ case L1TF_MITIGATION_OFF: -+ l1tf = VMENTER_L1D_FLUSH_NEVER; -+ break; -+ case L1TF_MITIGATION_FLUSH_NOWARN: -+ case L1TF_MITIGATION_FLUSH: -+ case L1TF_MITIGATION_FLUSH_NOSMT: -+ l1tf = VMENTER_L1D_FLUSH_COND; -+ break; -+ case L1TF_MITIGATION_FULL: -+ case L1TF_MITIGATION_FULL_FORCE: -+ l1tf = VMENTER_L1D_FLUSH_ALWAYS; -+ break; -+ } -+ } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) { -+ l1tf = VMENTER_L1D_FLUSH_ALWAYS; -+ } -+ -+ if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages && -+ !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) { -+ /* -+ * This allocation for vmx_l1d_flush_pages is not tied to a VM -+ * lifetime and so should not be charged to a memcg. -+ */ -+ page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER); -+ if (!page) -+ return -ENOMEM; -+ vmx_l1d_flush_pages = page_address(page); -+ -+ /* -+ * Initialize each page with a different pattern in -+ * order to protect against KSM in the nested -+ * virtualization case. -+ */ -+ for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) { -+ memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1, -+ PAGE_SIZE); -+ } -+ } -+ -+ l1tf_vmx_mitigation = l1tf; -+ -+ if (l1tf != VMENTER_L1D_FLUSH_NEVER) -+ static_branch_enable(&vmx_l1d_should_flush); -+ else -+ static_branch_disable(&vmx_l1d_should_flush); -+ -+ if (l1tf == VMENTER_L1D_FLUSH_COND) -+ static_branch_enable(&vmx_l1d_flush_cond); -+ else -+ static_branch_disable(&vmx_l1d_flush_cond); -+ return 0; -+} -+ -+static int vmentry_l1d_flush_parse(const char *s) -+{ -+ unsigned int i; -+ -+ if (s) { -+ for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { -+ if (vmentry_l1d_param[i].for_parse && -+ sysfs_streq(s, vmentry_l1d_param[i].option)) -+ return i; -+ } -+ } -+ return -EINVAL; -+} -+ -+static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) -+{ -+ int l1tf, ret; -+ -+ l1tf = vmentry_l1d_flush_parse(s); -+ if (l1tf < 0) -+ return l1tf; -+ -+ if (!boot_cpu_has(X86_BUG_L1TF)) -+ return 0; -+ -+ /* -+ * Has vmx_init() run already? If not then this is the pre init -+ * parameter parsing. In that case just store the value and let -+ * vmx_init() do the proper setup after enable_ept has been -+ * established. -+ */ -+ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) { -+ vmentry_l1d_flush_param = l1tf; -+ return 0; -+ } -+ -+ mutex_lock(&vmx_l1d_flush_mutex); -+ ret = vmx_setup_l1d_flush(l1tf); -+ mutex_unlock(&vmx_l1d_flush_mutex); -+ return ret; -+} -+ -+static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) -+{ -+ if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) -+ return sprintf(s, "???\n"); -+ -+ return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); -+} -+ -+static const struct kernel_param_ops vmentry_l1d_flush_ops = { -+ .set = vmentry_l1d_flush_set, -+ .get = vmentry_l1d_flush_get, -+}; -+module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644); -+ -+static bool guest_state_valid(struct kvm_vcpu *vcpu); -+static u32 vmx_segment_access_rights(struct kvm_segment *var); -+static __always_inline void vmx_disable_intercept_for_msr(unsigned long *msr_bitmap, -+ u32 msr, int type); -+ -+void vmx_vmexit(void); -+ -+#define vmx_insn_failed(fmt...) \ -+do { \ -+ WARN_ONCE(1, fmt); \ -+ pr_warn_ratelimited(fmt); \ -+} while (0) -+ -+asmlinkage void vmread_error(unsigned long field, bool fault) -+{ -+ if (fault) -+ kvm_spurious_fault(); -+ else -+ vmx_insn_failed("kvm: vmread failed: field=%lx\n", field); -+} -+ -+noinline void vmwrite_error(unsigned long field, unsigned long value) -+{ -+ vmx_insn_failed("kvm: vmwrite failed: field=%lx val=%lx err=%d\n", -+ field, value, vmcs_read32(VM_INSTRUCTION_ERROR)); -+} -+ -+noinline void vmclear_error(struct vmcs *vmcs, u64 phys_addr) -+{ -+ vmx_insn_failed("kvm: vmclear failed: %p/%llx\n", vmcs, phys_addr); -+} -+ -+noinline void vmptrld_error(struct vmcs *vmcs, u64 phys_addr) -+{ -+ vmx_insn_failed("kvm: vmptrld failed: %p/%llx\n", vmcs, phys_addr); -+} -+ -+noinline void invvpid_error(unsigned long ext, u16 vpid, gva_t gva) -+{ -+ vmx_insn_failed("kvm: invvpid failed: ext=0x%lx vpid=%u gva=0x%lx\n", -+ ext, vpid, gva); -+} -+ -+noinline void invept_error(unsigned long ext, u64 eptp, gpa_t gpa) -+{ -+ vmx_insn_failed("kvm: invept failed: ext=0x%lx eptp=%llx gpa=0x%llx\n", -+ ext, eptp, gpa); -+} -+ -+static DEFINE_PER_CPU(struct vmcs *, vmxarea); -+DEFINE_PER_CPU(struct vmcs *, current_vmcs); -+/* -+ * We maintain a per-CPU linked-list of VMCS loaded on that CPU. This is needed -+ * when a CPU is brought down, and we need to VMCLEAR all VMCSs loaded on it. -+ */ -+static DEFINE_PER_CPU(struct list_head, loaded_vmcss_on_cpu); -+ -+/* -+ * We maintian a per-CPU linked-list of vCPU, so in wakeup_handler() we -+ * can find which vCPU should be waken up. -+ */ -+static DEFINE_PER_CPU(struct list_head, blocked_vcpu_on_cpu); -+static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock); -+ -+static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS); -+static DEFINE_SPINLOCK(vmx_vpid_lock); -+ -+struct vmcs_config vmcs_config; -+struct vmx_capability vmx_capability; -+ -+#define VMX_SEGMENT_FIELD(seg) \ -+ [VCPU_SREG_##seg] = { \ -+ .selector = GUEST_##seg##_SELECTOR, \ -+ .base = GUEST_##seg##_BASE, \ -+ .limit = GUEST_##seg##_LIMIT, \ -+ .ar_bytes = GUEST_##seg##_AR_BYTES, \ -+ } -+ -+static const struct kvm_vmx_segment_field { -+ unsigned selector; -+ unsigned base; -+ unsigned limit; -+ unsigned ar_bytes; -+} kvm_vmx_segment_fields[] = { -+ VMX_SEGMENT_FIELD(CS), -+ VMX_SEGMENT_FIELD(DS), -+ VMX_SEGMENT_FIELD(ES), -+ VMX_SEGMENT_FIELD(FS), -+ VMX_SEGMENT_FIELD(GS), -+ VMX_SEGMENT_FIELD(SS), -+ VMX_SEGMENT_FIELD(TR), -+ VMX_SEGMENT_FIELD(LDTR), -+}; -+ -+u64 host_efer; -+static unsigned long host_idt_base; -+ -+/* -+ * Though SYSCALL is only supported in 64-bit mode on Intel CPUs, kvm -+ * will emulate SYSCALL in legacy mode if the vendor string in guest -+ * CPUID.0:{EBX,ECX,EDX} is "AuthenticAMD" or "AMDisbetter!" To -+ * support this emulation, IA32_STAR must always be included in -+ * vmx_msr_index[], even in i386 builds. -+ */ -+const u32 vmx_msr_index[] = { -+#ifdef CONFIG_X86_64 -+ MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR, -+#endif -+ MSR_EFER, MSR_TSC_AUX, MSR_STAR, -+ MSR_IA32_TSX_CTRL, -+}; -+ -+#if IS_ENABLED(CONFIG_HYPERV) -+static bool __read_mostly enlightened_vmcs = true; -+module_param(enlightened_vmcs, bool, 0444); -+ -+/* check_ept_pointer() should be under protection of ept_pointer_lock. */ -+static void check_ept_pointer_match(struct kvm *kvm) -+{ -+ struct kvm_vcpu *vcpu; -+ u64 tmp_eptp = INVALID_PAGE; -+ int i; -+ -+ kvm_for_each_vcpu(i, vcpu, kvm) { -+ if (!VALID_PAGE(tmp_eptp)) { -+ tmp_eptp = to_vmx(vcpu)->ept_pointer; -+ } else if (tmp_eptp != to_vmx(vcpu)->ept_pointer) { -+ to_kvm_vmx(kvm)->ept_pointers_match -+ = EPT_POINTERS_MISMATCH; -+ return; -+ } -+ } -+ -+ to_kvm_vmx(kvm)->ept_pointers_match = EPT_POINTERS_MATCH; -+} -+ -+static int kvm_fill_hv_flush_list_func(struct hv_guest_mapping_flush_list *flush, -+ void *data) -+{ -+ struct kvm_tlb_range *range = data; -+ -+ return hyperv_fill_flush_guest_mapping_list(flush, range->start_gfn, -+ range->pages); -+} -+ -+static inline int __hv_remote_flush_tlb_with_range(struct kvm *kvm, -+ struct kvm_vcpu *vcpu, struct kvm_tlb_range *range) -+{ -+ u64 ept_pointer = to_vmx(vcpu)->ept_pointer; -+ -+ /* -+ * FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE hypercall needs address -+ * of the base of EPT PML4 table, strip off EPT configuration -+ * information. -+ */ -+ if (range) -+ return hyperv_flush_guest_mapping_range(ept_pointer & PAGE_MASK, -+ kvm_fill_hv_flush_list_func, (void *)range); -+ else -+ return hyperv_flush_guest_mapping(ept_pointer & PAGE_MASK); -+} -+ -+static int hv_remote_flush_tlb_with_range(struct kvm *kvm, -+ struct kvm_tlb_range *range) -+{ -+ struct kvm_vcpu *vcpu; -+ int ret = 0, i; -+ -+ spin_lock(&to_kvm_vmx(kvm)->ept_pointer_lock); -+ -+ if (to_kvm_vmx(kvm)->ept_pointers_match == EPT_POINTERS_CHECK) -+ check_ept_pointer_match(kvm); -+ -+ if (to_kvm_vmx(kvm)->ept_pointers_match != EPT_POINTERS_MATCH) { -+ kvm_for_each_vcpu(i, vcpu, kvm) { -+ /* If ept_pointer is invalid pointer, bypass flush request. */ -+ if (VALID_PAGE(to_vmx(vcpu)->ept_pointer)) -+ ret |= __hv_remote_flush_tlb_with_range( -+ kvm, vcpu, range); -+ } -+ } else { -+ ret = __hv_remote_flush_tlb_with_range(kvm, -+ kvm_get_vcpu(kvm, 0), range); -+ } -+ -+ spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); -+ return ret; -+} -+static int hv_remote_flush_tlb(struct kvm *kvm) -+{ -+ return hv_remote_flush_tlb_with_range(kvm, NULL); -+} -+ -+static int hv_enable_direct_tlbflush(struct kvm_vcpu *vcpu) -+{ -+ struct hv_enlightened_vmcs *evmcs; -+ struct hv_partition_assist_pg **p_hv_pa_pg = -+ &vcpu->kvm->arch.hyperv.hv_pa_pg; -+ /* -+ * Synthetic VM-Exit is not enabled in current code and so All -+ * evmcs in singe VM shares same assist page. -+ */ -+ if (!*p_hv_pa_pg) -+ *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL); -+ -+ if (!*p_hv_pa_pg) -+ return -ENOMEM; -+ -+ evmcs = (struct hv_enlightened_vmcs *)to_vmx(vcpu)->loaded_vmcs->vmcs; -+ -+ evmcs->partition_assist_page = -+ __pa(*p_hv_pa_pg); -+ evmcs->hv_vm_id = (unsigned long)vcpu->kvm; -+ evmcs->hv_enlightenments_control.nested_flush_hypercall = 1; -+ -+ return 0; -+} -+ -+#endif /* IS_ENABLED(CONFIG_HYPERV) */ -+ -+/* -+ * Comment's format: document - errata name - stepping - processor name. -+ * Refer from -+ * https://www.virtualbox.org/svn/vbox/trunk/src/VBox/VMM/VMMR0/HMR0.cpp -+ */ -+static u32 vmx_preemption_cpu_tfms[] = { -+/* 323344.pdf - BA86 - D0 - Xeon 7500 Series */ -+0x000206E6, -+/* 323056.pdf - AAX65 - C2 - Xeon L3406 */ -+/* 322814.pdf - AAT59 - C2 - i7-600, i5-500, i5-400 and i3-300 Mobile */ -+/* 322911.pdf - AAU65 - C2 - i5-600, i3-500 Desktop and Pentium G6950 */ -+0x00020652, -+/* 322911.pdf - AAU65 - K0 - i5-600, i3-500 Desktop and Pentium G6950 */ -+0x00020655, -+/* 322373.pdf - AAO95 - B1 - Xeon 3400 Series */ -+/* 322166.pdf - AAN92 - B1 - i7-800 and i5-700 Desktop */ -+/* -+ * 320767.pdf - AAP86 - B1 - -+ * i7-900 Mobile Extreme, i7-800 and i7-700 Mobile -+ */ -+0x000106E5, -+/* 321333.pdf - AAM126 - C0 - Xeon 3500 */ -+0x000106A0, -+/* 321333.pdf - AAM126 - C1 - Xeon 3500 */ -+0x000106A1, -+/* 320836.pdf - AAJ124 - C0 - i7-900 Desktop Extreme and i7-900 Desktop */ -+0x000106A4, -+ /* 321333.pdf - AAM126 - D0 - Xeon 3500 */ -+ /* 321324.pdf - AAK139 - D0 - Xeon 5500 */ -+ /* 320836.pdf - AAJ124 - D0 - i7-900 Extreme and i7-900 Desktop */ -+0x000106A5, -+ /* Xeon E3-1220 V2 */ -+0x000306A8, -+}; -+ -+static inline bool cpu_has_broken_vmx_preemption_timer(void) -+{ -+ u32 eax = cpuid_eax(0x00000001), i; -+ -+ /* Clear the reserved bits */ -+ eax &= ~(0x3U << 14 | 0xfU << 28); -+ for (i = 0; i < ARRAY_SIZE(vmx_preemption_cpu_tfms); i++) -+ if (eax == vmx_preemption_cpu_tfms[i]) -+ return true; -+ -+ return false; -+} -+ -+static inline bool cpu_need_virtualize_apic_accesses(struct kvm_vcpu *vcpu) -+{ -+ return flexpriority_enabled && lapic_in_kernel(vcpu); -+} -+ -+static inline bool report_flexpriority(void) -+{ -+ return flexpriority_enabled; -+} -+ -+static inline int __find_msr_index(struct vcpu_vmx *vmx, u32 msr) -+{ -+ int i; -+ -+ for (i = 0; i < vmx->nmsrs; ++i) -+ if (vmx_msr_index[vmx->guest_msrs[i].index] == msr) -+ return i; -+ return -1; -+} -+ -+struct shared_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr) -+{ -+ int i; -+ -+ i = __find_msr_index(vmx, msr); -+ if (i >= 0) -+ return &vmx->guest_msrs[i]; -+ return NULL; -+} -+ -+static int vmx_set_guest_msr(struct vcpu_vmx *vmx, struct shared_msr_entry *msr, u64 data) -+{ -+ int ret = 0; -+ -+ u64 old_msr_data = msr->data; -+ msr->data = data; -+ if (msr - vmx->guest_msrs < vmx->save_nmsrs) { -+ preempt_disable(); -+ ret = kvm_set_shared_msr(msr->index, msr->data, -+ msr->mask); -+ preempt_enable(); -+ if (ret) -+ msr->data = old_msr_data; -+ } -+ return ret; -+} -+ -+void loaded_vmcs_init(struct loaded_vmcs *loaded_vmcs) -+{ -+ vmcs_clear(loaded_vmcs->vmcs); -+ if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched) -+ vmcs_clear(loaded_vmcs->shadow_vmcs); -+ loaded_vmcs->cpu = -1; -+ loaded_vmcs->launched = 0; -+} -+ -+#ifdef CONFIG_KEXEC_CORE -+/* -+ * This bitmap is used to indicate whether the vmclear -+ * operation is enabled on all cpus. All disabled by -+ * default. -+ */ -+static cpumask_t crash_vmclear_enabled_bitmap = CPU_MASK_NONE; -+ -+static inline void crash_enable_local_vmclear(int cpu) -+{ -+ cpumask_set_cpu(cpu, &crash_vmclear_enabled_bitmap); -+} -+ -+static inline void crash_disable_local_vmclear(int cpu) -+{ -+ cpumask_clear_cpu(cpu, &crash_vmclear_enabled_bitmap); -+} -+ -+static inline int crash_local_vmclear_enabled(int cpu) -+{ -+ return cpumask_test_cpu(cpu, &crash_vmclear_enabled_bitmap); -+} -+ -+static void crash_vmclear_local_loaded_vmcss(void) -+{ -+ int cpu = raw_smp_processor_id(); -+ struct loaded_vmcs *v; -+ -+ if (!crash_local_vmclear_enabled(cpu)) -+ return; -+ -+ list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu), -+ loaded_vmcss_on_cpu_link) -+ vmcs_clear(v->vmcs); -+} -+#else -+static inline void crash_enable_local_vmclear(int cpu) { } -+static inline void crash_disable_local_vmclear(int cpu) { } -+#endif /* CONFIG_KEXEC_CORE */ -+ -+static void __loaded_vmcs_clear(void *arg) -+{ -+ struct loaded_vmcs *loaded_vmcs = arg; -+ int cpu = raw_smp_processor_id(); -+ -+ if (loaded_vmcs->cpu != cpu) -+ return; /* vcpu migration can race with cpu offline */ -+ if (per_cpu(current_vmcs, cpu) == loaded_vmcs->vmcs) -+ per_cpu(current_vmcs, cpu) = NULL; -+ crash_disable_local_vmclear(cpu); -+ list_del(&loaded_vmcs->loaded_vmcss_on_cpu_link); -+ -+ /* -+ * we should ensure updating loaded_vmcs->loaded_vmcss_on_cpu_link -+ * is before setting loaded_vmcs->vcpu to -1 which is done in -+ * loaded_vmcs_init. Otherwise, other cpu can see vcpu = -1 fist -+ * then adds the vmcs into percpu list before it is deleted. -+ */ -+ smp_wmb(); -+ -+ loaded_vmcs_init(loaded_vmcs); -+ crash_enable_local_vmclear(cpu); -+} -+ -+void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs) -+{ -+ int cpu = loaded_vmcs->cpu; -+ -+ if (cpu != -1) -+ smp_call_function_single(cpu, -+ __loaded_vmcs_clear, loaded_vmcs, 1); -+} -+ -+static bool vmx_segment_cache_test_set(struct vcpu_vmx *vmx, unsigned seg, -+ unsigned field) -+{ -+ bool ret; -+ u32 mask = 1 << (seg * SEG_FIELD_NR + field); -+ -+ if (!kvm_register_is_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS)) { -+ kvm_register_mark_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS); -+ vmx->segment_cache.bitmask = 0; -+ } -+ ret = vmx->segment_cache.bitmask & mask; -+ vmx->segment_cache.bitmask |= mask; -+ return ret; -+} -+ -+static u16 vmx_read_guest_seg_selector(struct vcpu_vmx *vmx, unsigned seg) -+{ -+ u16 *p = &vmx->segment_cache.seg[seg].selector; -+ -+ if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_SEL)) -+ *p = vmcs_read16(kvm_vmx_segment_fields[seg].selector); -+ return *p; -+} -+ -+static ulong vmx_read_guest_seg_base(struct vcpu_vmx *vmx, unsigned seg) -+{ -+ ulong *p = &vmx->segment_cache.seg[seg].base; -+ -+ if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_BASE)) -+ *p = vmcs_readl(kvm_vmx_segment_fields[seg].base); -+ return *p; -+} -+ -+static u32 vmx_read_guest_seg_limit(struct vcpu_vmx *vmx, unsigned seg) -+{ -+ u32 *p = &vmx->segment_cache.seg[seg].limit; -+ -+ if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_LIMIT)) -+ *p = vmcs_read32(kvm_vmx_segment_fields[seg].limit); -+ return *p; -+} -+ -+static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg) -+{ -+ u32 *p = &vmx->segment_cache.seg[seg].ar; -+ -+ if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_AR)) -+ *p = vmcs_read32(kvm_vmx_segment_fields[seg].ar_bytes); -+ return *p; -+} -+ -+void update_exception_bitmap(struct kvm_vcpu *vcpu) -+{ -+ u32 eb; -+ -+ eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) | -+ (1u << DB_VECTOR) | (1u << AC_VECTOR); -+ /* -+ * Guest access to VMware backdoor ports could legitimately -+ * trigger #GP because of TSS I/O permission bitmap. -+ * We intercept those #GP and allow access to them anyway -+ * as VMware does. -+ */ -+ if (enable_vmware_backdoor) -+ eb |= (1u << GP_VECTOR); -+ if ((vcpu->guest_debug & -+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) == -+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) -+ eb |= 1u << BP_VECTOR; -+ if (to_vmx(vcpu)->rmode.vm86_active) -+ eb = ~0; -+ if (enable_ept) -+ eb &= ~(1u << PF_VECTOR); /* bypass_guest_pf = 0 */ -+ -+ /* When we are running a nested L2 guest and L1 specified for it a -+ * certain exception bitmap, we must trap the same exceptions and pass -+ * them to L1. When running L2, we will only handle the exceptions -+ * specified above if L1 did not want them. -+ */ -+ if (is_guest_mode(vcpu)) -+ eb |= get_vmcs12(vcpu)->exception_bitmap; -+ -+ vmcs_write32(EXCEPTION_BITMAP, eb); -+} -+ -+/* -+ * Check if MSR is intercepted for currently loaded MSR bitmap. -+ */ -+static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) -+{ -+ unsigned long *msr_bitmap; -+ int f = sizeof(unsigned long); -+ -+ if (!cpu_has_vmx_msr_bitmap()) -+ return true; -+ -+ msr_bitmap = to_vmx(vcpu)->loaded_vmcs->msr_bitmap; -+ -+ if (msr <= 0x1fff) { -+ return !!test_bit(msr, msr_bitmap + 0x800 / f); -+ } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -+ msr &= 0x1fff; -+ return !!test_bit(msr, msr_bitmap + 0xc00 / f); -+ } -+ -+ return true; -+} -+ -+static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx, -+ unsigned long entry, unsigned long exit) -+{ -+ vm_entry_controls_clearbit(vmx, entry); -+ vm_exit_controls_clearbit(vmx, exit); -+} -+ -+int vmx_find_msr_index(struct vmx_msrs *m, u32 msr) -+{ -+ unsigned int i; -+ -+ for (i = 0; i < m->nr; ++i) { -+ if (m->val[i].index == msr) -+ return i; -+ } -+ return -ENOENT; -+} -+ -+static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) -+{ -+ int i; -+ struct msr_autoload *m = &vmx->msr_autoload; -+ -+ switch (msr) { -+ case MSR_EFER: -+ if (cpu_has_load_ia32_efer()) { -+ clear_atomic_switch_msr_special(vmx, -+ VM_ENTRY_LOAD_IA32_EFER, -+ VM_EXIT_LOAD_IA32_EFER); -+ return; -+ } -+ break; -+ case MSR_CORE_PERF_GLOBAL_CTRL: -+ if (cpu_has_load_perf_global_ctrl()) { -+ clear_atomic_switch_msr_special(vmx, -+ VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, -+ VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL); -+ return; -+ } -+ break; -+ } -+ i = vmx_find_msr_index(&m->guest, msr); -+ if (i < 0) -+ goto skip_guest; -+ --m->guest.nr; -+ m->guest.val[i] = m->guest.val[m->guest.nr]; -+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); -+ -+skip_guest: -+ i = vmx_find_msr_index(&m->host, msr); -+ if (i < 0) -+ return; -+ -+ --m->host.nr; -+ m->host.val[i] = m->host.val[m->host.nr]; -+ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); -+} -+ -+static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, -+ unsigned long entry, unsigned long exit, -+ unsigned long guest_val_vmcs, unsigned long host_val_vmcs, -+ u64 guest_val, u64 host_val) -+{ -+ vmcs_write64(guest_val_vmcs, guest_val); -+ if (host_val_vmcs != HOST_IA32_EFER) -+ vmcs_write64(host_val_vmcs, host_val); -+ vm_entry_controls_setbit(vmx, entry); -+ vm_exit_controls_setbit(vmx, exit); -+} -+ -+static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, -+ u64 guest_val, u64 host_val, bool entry_only) -+{ -+ int i, j = 0; -+ struct msr_autoload *m = &vmx->msr_autoload; -+ -+ switch (msr) { -+ case MSR_EFER: -+ if (cpu_has_load_ia32_efer()) { -+ add_atomic_switch_msr_special(vmx, -+ VM_ENTRY_LOAD_IA32_EFER, -+ VM_EXIT_LOAD_IA32_EFER, -+ GUEST_IA32_EFER, -+ HOST_IA32_EFER, -+ guest_val, host_val); -+ return; -+ } -+ break; -+ case MSR_CORE_PERF_GLOBAL_CTRL: -+ if (cpu_has_load_perf_global_ctrl()) { -+ add_atomic_switch_msr_special(vmx, -+ VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, -+ VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL, -+ GUEST_IA32_PERF_GLOBAL_CTRL, -+ HOST_IA32_PERF_GLOBAL_CTRL, -+ guest_val, host_val); -+ return; -+ } -+ break; -+ case MSR_IA32_PEBS_ENABLE: -+ /* PEBS needs a quiescent period after being disabled (to write -+ * a record). Disabling PEBS through VMX MSR swapping doesn't -+ * provide that period, so a CPU could write host's record into -+ * guest's memory. -+ */ -+ wrmsrl(MSR_IA32_PEBS_ENABLE, 0); -+ } -+ -+ i = vmx_find_msr_index(&m->guest, msr); -+ if (!entry_only) -+ j = vmx_find_msr_index(&m->host, msr); -+ -+ if ((i < 0 && m->guest.nr == NR_LOADSTORE_MSRS) || -+ (j < 0 && m->host.nr == NR_LOADSTORE_MSRS)) { -+ printk_once(KERN_WARNING "Not enough msr switch entries. " -+ "Can't add msr %x\n", msr); -+ return; -+ } -+ if (i < 0) { -+ i = m->guest.nr++; -+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); -+ } -+ m->guest.val[i].index = msr; -+ m->guest.val[i].value = guest_val; -+ -+ if (entry_only) -+ return; -+ -+ if (j < 0) { -+ j = m->host.nr++; -+ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); -+ } -+ m->host.val[j].index = msr; -+ m->host.val[j].value = host_val; -+} -+ -+static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) -+{ -+ u64 guest_efer = vmx->vcpu.arch.efer; -+ u64 ignore_bits = 0; -+ -+ /* Shadow paging assumes NX to be available. */ -+ if (!enable_ept) -+ guest_efer |= EFER_NX; -+ -+ /* -+ * LMA and LME handled by hardware; SCE meaningless outside long mode. -+ */ -+ ignore_bits |= EFER_SCE; -+#ifdef CONFIG_X86_64 -+ ignore_bits |= EFER_LMA | EFER_LME; -+ /* SCE is meaningful only in long mode on Intel */ -+ if (guest_efer & EFER_LMA) -+ ignore_bits &= ~(u64)EFER_SCE; -+#endif -+ -+ /* -+ * On EPT, we can't emulate NX, so we must switch EFER atomically. -+ * On CPUs that support "load IA32_EFER", always switch EFER -+ * atomically, since it's faster than switching it manually. -+ */ -+ if (cpu_has_load_ia32_efer() || -+ (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) { -+ if (!(guest_efer & EFER_LMA)) -+ guest_efer &= ~EFER_LME; -+ if (guest_efer != host_efer) -+ add_atomic_switch_msr(vmx, MSR_EFER, -+ guest_efer, host_efer, false); -+ else -+ clear_atomic_switch_msr(vmx, MSR_EFER); -+ return false; -+ } else { -+ clear_atomic_switch_msr(vmx, MSR_EFER); -+ -+ guest_efer &= ~ignore_bits; -+ guest_efer |= host_efer & ignore_bits; -+ -+ vmx->guest_msrs[efer_offset].data = guest_efer; -+ vmx->guest_msrs[efer_offset].mask = ~ignore_bits; -+ -+ return true; -+ } -+} -+ -+#ifdef CONFIG_X86_32 -+/* -+ * On 32-bit kernels, VM exits still load the FS and GS bases from the -+ * VMCS rather than the segment table. KVM uses this helper to figure -+ * out the current bases to poke them into the VMCS before entry. -+ */ -+static unsigned long segment_base(u16 selector) -+{ -+ struct desc_struct *table; -+ unsigned long v; -+ -+ if (!(selector & ~SEGMENT_RPL_MASK)) -+ return 0; -+ -+ table = get_current_gdt_ro(); -+ -+ if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) { -+ u16 ldt_selector = kvm_read_ldt(); -+ -+ if (!(ldt_selector & ~SEGMENT_RPL_MASK)) -+ return 0; -+ -+ table = (struct desc_struct *)segment_base(ldt_selector); -+ } -+ v = get_desc_base(&table[selector >> 3]); -+ return v; -+} -+#endif -+ -+static inline void pt_load_msr(struct pt_ctx *ctx, u32 addr_range) -+{ -+ u32 i; -+ -+ wrmsrl(MSR_IA32_RTIT_STATUS, ctx->status); -+ wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base); -+ wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask); -+ wrmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match); -+ for (i = 0; i < addr_range; i++) { -+ wrmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]); -+ wrmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]); -+ } -+} -+ -+static inline void pt_save_msr(struct pt_ctx *ctx, u32 addr_range) -+{ -+ u32 i; -+ -+ rdmsrl(MSR_IA32_RTIT_STATUS, ctx->status); -+ rdmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base); -+ rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask); -+ rdmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match); -+ for (i = 0; i < addr_range; i++) { -+ rdmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]); -+ rdmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]); -+ } -+} -+ -+static void pt_guest_enter(struct vcpu_vmx *vmx) -+{ -+ if (pt_mode == PT_MODE_SYSTEM) -+ return; -+ -+ /* -+ * GUEST_IA32_RTIT_CTL is already set in the VMCS. -+ * Save host state before VM entry. -+ */ -+ rdmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl); -+ if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) { -+ wrmsrl(MSR_IA32_RTIT_CTL, 0); -+ pt_save_msr(&vmx->pt_desc.host, vmx->pt_desc.addr_range); -+ pt_load_msr(&vmx->pt_desc.guest, vmx->pt_desc.addr_range); -+ } -+} -+ -+static void pt_guest_exit(struct vcpu_vmx *vmx) -+{ -+ if (pt_mode == PT_MODE_SYSTEM) -+ return; -+ -+ if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) { -+ pt_save_msr(&vmx->pt_desc.guest, vmx->pt_desc.addr_range); -+ pt_load_msr(&vmx->pt_desc.host, vmx->pt_desc.addr_range); -+ } -+ -+ /* Reload host state (IA32_RTIT_CTL will be cleared on VM exit). */ -+ wrmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl); -+} -+ -+void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel, -+ unsigned long fs_base, unsigned long gs_base) -+{ -+ if (unlikely(fs_sel != host->fs_sel)) { -+ if (!(fs_sel & 7)) -+ vmcs_write16(HOST_FS_SELECTOR, fs_sel); -+ else -+ vmcs_write16(HOST_FS_SELECTOR, 0); -+ host->fs_sel = fs_sel; -+ } -+ if (unlikely(gs_sel != host->gs_sel)) { -+ if (!(gs_sel & 7)) -+ vmcs_write16(HOST_GS_SELECTOR, gs_sel); -+ else -+ vmcs_write16(HOST_GS_SELECTOR, 0); -+ host->gs_sel = gs_sel; -+ } -+ if (unlikely(fs_base != host->fs_base)) { -+ vmcs_writel(HOST_FS_BASE, fs_base); -+ host->fs_base = fs_base; -+ } -+ if (unlikely(gs_base != host->gs_base)) { -+ vmcs_writel(HOST_GS_BASE, gs_base); -+ host->gs_base = gs_base; -+ } -+} -+ -+void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct vmcs_host_state *host_state; -+#ifdef CONFIG_X86_64 -+ int cpu = raw_smp_processor_id(); -+#endif -+ unsigned long fs_base, gs_base; -+ u16 fs_sel, gs_sel; -+ int i; -+ -+ vmx->req_immediate_exit = false; -+ -+ /* -+ * Note that guest MSRs to be saved/restored can also be changed -+ * when guest state is loaded. This happens when guest transitions -+ * to/from long-mode by setting MSR_EFER.LMA. -+ */ -+ if (!vmx->guest_msrs_ready) { -+ vmx->guest_msrs_ready = true; -+ for (i = 0; i < vmx->save_nmsrs; ++i) -+ kvm_set_shared_msr(vmx->guest_msrs[i].index, -+ vmx->guest_msrs[i].data, -+ vmx->guest_msrs[i].mask); -+ -+ } -+ if (vmx->guest_state_loaded) -+ return; -+ -+ host_state = &vmx->loaded_vmcs->host_state; -+ -+ /* -+ * Set host fs and gs selectors. Unfortunately, 22.2.3 does not -+ * allow segment selectors with cpl > 0 or ti == 1. -+ */ -+ host_state->ldt_sel = kvm_read_ldt(); -+ -+#ifdef CONFIG_X86_64 -+ savesegment(ds, host_state->ds_sel); -+ savesegment(es, host_state->es_sel); -+ -+ gs_base = cpu_kernelmode_gs_base(cpu); -+ if (likely(is_64bit_mm(current->mm))) { -+ save_fsgs_for_kvm(); -+ fs_sel = current->thread.fsindex; -+ gs_sel = current->thread.gsindex; -+ fs_base = current->thread.fsbase; -+ vmx->msr_host_kernel_gs_base = current->thread.gsbase; -+ } else { -+ savesegment(fs, fs_sel); -+ savesegment(gs, gs_sel); -+ fs_base = read_msr(MSR_FS_BASE); -+ vmx->msr_host_kernel_gs_base = read_msr(MSR_KERNEL_GS_BASE); -+ } -+ -+ wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); -+#else -+ savesegment(fs, fs_sel); -+ savesegment(gs, gs_sel); -+ fs_base = segment_base(fs_sel); -+ gs_base = segment_base(gs_sel); -+#endif -+ -+ vmx_set_host_fs_gs(host_state, fs_sel, gs_sel, fs_base, gs_base); -+ vmx->guest_state_loaded = true; -+} -+ -+static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx) -+{ -+ struct vmcs_host_state *host_state; -+ -+ if (!vmx->guest_state_loaded) -+ return; -+ -+ host_state = &vmx->loaded_vmcs->host_state; -+ -+ ++vmx->vcpu.stat.host_state_reload; -+ -+#ifdef CONFIG_X86_64 -+ rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); -+#endif -+ if (host_state->ldt_sel || (host_state->gs_sel & 7)) { -+ kvm_load_ldt(host_state->ldt_sel); -+#ifdef CONFIG_X86_64 -+ load_gs_index(host_state->gs_sel); -+#else -+ loadsegment(gs, host_state->gs_sel); -+#endif -+ } -+ if (host_state->fs_sel & 7) -+ loadsegment(fs, host_state->fs_sel); -+#ifdef CONFIG_X86_64 -+ if (unlikely(host_state->ds_sel | host_state->es_sel)) { -+ loadsegment(ds, host_state->ds_sel); -+ loadsegment(es, host_state->es_sel); -+ } -+#endif -+ invalidate_tss_limit(); -+#ifdef CONFIG_X86_64 -+ wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base); -+#endif -+ load_fixmap_gdt(raw_smp_processor_id()); -+ vmx->guest_state_loaded = false; -+ vmx->guest_msrs_ready = false; -+} -+ -+#ifdef CONFIG_X86_64 -+static u64 vmx_read_guest_kernel_gs_base(struct vcpu_vmx *vmx) -+{ -+ preempt_disable(); -+ if (vmx->guest_state_loaded) -+ rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); -+ preempt_enable(); -+ return vmx->msr_guest_kernel_gs_base; -+} -+ -+static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data) -+{ -+ preempt_disable(); -+ if (vmx->guest_state_loaded) -+ wrmsrl(MSR_KERNEL_GS_BASE, data); -+ preempt_enable(); -+ vmx->msr_guest_kernel_gs_base = data; -+} -+#endif -+ -+static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu) -+{ -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ struct pi_desc old, new; -+ unsigned int dest; -+ -+ /* -+ * In case of hot-plug or hot-unplug, we may have to undo -+ * vmx_vcpu_pi_put even if there is no assigned device. And we -+ * always keep PI.NDST up to date for simplicity: it makes the -+ * code easier, and CPU migration is not a fast path. -+ */ -+ if (!pi_test_sn(pi_desc) && vcpu->cpu == cpu) -+ return; -+ -+ /* -+ * If the 'nv' field is POSTED_INTR_WAKEUP_VECTOR, do not change -+ * PI.NDST: pi_post_block is the one expected to change PID.NDST and the -+ * wakeup handler expects the vCPU to be on the blocked_vcpu_list that -+ * matches PI.NDST. Otherwise, a vcpu may not be able to be woken up -+ * correctly. -+ */ -+ if (pi_desc->nv == POSTED_INTR_WAKEUP_VECTOR || vcpu->cpu == cpu) { -+ pi_clear_sn(pi_desc); -+ goto after_clear_sn; -+ } -+ -+ /* The full case. */ -+ do { -+ old.control = new.control = pi_desc->control; -+ -+ dest = cpu_physical_id(cpu); -+ -+ if (x2apic_enabled()) -+ new.ndst = dest; -+ else -+ new.ndst = (dest << 8) & 0xFF00; -+ -+ new.sn = 0; -+ } while (cmpxchg64(&pi_desc->control, old.control, -+ new.control) != old.control); -+ -+after_clear_sn: -+ -+ /* -+ * Clear SN before reading the bitmap. The VT-d firmware -+ * writes the bitmap and reads SN atomically (5.2.3 in the -+ * spec), so it doesn't really have a memory barrier that -+ * pairs with this, but we cannot do that and we need one. -+ */ -+ smp_mb__after_atomic(); -+ -+ if (!pi_is_pir_empty(pi_desc)) -+ pi_set_on(pi_desc); -+} -+ -+void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ bool already_loaded = vmx->loaded_vmcs->cpu == cpu; -+ -+ if (!already_loaded) { -+ loaded_vmcs_clear(vmx->loaded_vmcs); -+ local_irq_disable(); -+ crash_disable_local_vmclear(cpu); -+ -+ /* -+ * Read loaded_vmcs->cpu should be before fetching -+ * loaded_vmcs->loaded_vmcss_on_cpu_link. -+ * See the comments in __loaded_vmcs_clear(). -+ */ -+ smp_rmb(); -+ -+ list_add(&vmx->loaded_vmcs->loaded_vmcss_on_cpu_link, -+ &per_cpu(loaded_vmcss_on_cpu, cpu)); -+ crash_enable_local_vmclear(cpu); -+ local_irq_enable(); -+ } -+ -+ if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { -+ per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; -+ vmcs_load(vmx->loaded_vmcs->vmcs); -+ indirect_branch_prediction_barrier(); -+ } -+ -+ if (!already_loaded) { -+ void *gdt = get_current_gdt_ro(); -+ unsigned long sysenter_esp; -+ -+ kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -+ -+ /* -+ * Linux uses per-cpu TSS and GDT, so set these when switching -+ * processors. See 22.2.4. -+ */ -+ vmcs_writel(HOST_TR_BASE, -+ (unsigned long)&get_cpu_entry_area(cpu)->tss.x86_tss); -+ vmcs_writel(HOST_GDTR_BASE, (unsigned long)gdt); /* 22.2.4 */ -+ -+ rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); -+ vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ -+ -+ vmx->loaded_vmcs->cpu = cpu; -+ } -+ -+ /* Setup TSC multiplier */ -+ if (kvm_has_tsc_control && -+ vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio) -+ decache_tsc_multiplier(vmx); -+} -+ -+/* -+ * Switches to specified vcpu, until a matching vcpu_put(), but assumes -+ * vcpu mutex is already taken. -+ */ -+void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ vmx_vcpu_load_vmcs(vcpu, cpu); -+ -+ vmx_vcpu_pi_load(vcpu, cpu); -+ -+ vmx->host_pkru = read_pkru(); -+ vmx->host_debugctlmsr = get_debugctlmsr(); -+} -+ -+static void vmx_vcpu_pi_put(struct kvm_vcpu *vcpu) -+{ -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ -+ if (!kvm_arch_has_assigned_device(vcpu->kvm) || -+ !irq_remapping_cap(IRQ_POSTING_CAP) || -+ !kvm_vcpu_apicv_active(vcpu)) -+ return; -+ -+ /* Set SN when the vCPU is preempted */ -+ if (vcpu->preempted) -+ pi_set_sn(pi_desc); -+} -+ -+static void vmx_vcpu_put(struct kvm_vcpu *vcpu) -+{ -+ vmx_vcpu_pi_put(vcpu); -+ -+ vmx_prepare_switch_to_host(to_vmx(vcpu)); -+} -+ -+static bool emulation_required(struct kvm_vcpu *vcpu) -+{ -+ return emulate_invalid_guest_state && !guest_state_valid(vcpu); -+} -+ -+static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu); -+ -+unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long rflags, save_rflags; -+ -+ if (!kvm_register_is_available(vcpu, VCPU_EXREG_RFLAGS)) { -+ kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS); -+ rflags = vmcs_readl(GUEST_RFLAGS); -+ if (vmx->rmode.vm86_active) { -+ rflags &= RMODE_GUEST_OWNED_EFLAGS_BITS; -+ save_rflags = vmx->rmode.save_rflags; -+ rflags |= save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS; -+ } -+ vmx->rflags = rflags; -+ } -+ return vmx->rflags; -+} -+ -+void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long old_rflags; -+ -+ if (enable_unrestricted_guest) { -+ kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS); -+ vmx->rflags = rflags; -+ vmcs_writel(GUEST_RFLAGS, rflags); -+ return; -+ } -+ -+ old_rflags = vmx_get_rflags(vcpu); -+ vmx->rflags = rflags; -+ if (vmx->rmode.vm86_active) { -+ vmx->rmode.save_rflags = rflags; -+ rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; -+ } -+ vmcs_writel(GUEST_RFLAGS, rflags); -+ -+ if ((old_rflags ^ vmx->rflags) & X86_EFLAGS_VM) -+ vmx->emulation_required = emulation_required(vcpu); -+} -+ -+u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu) -+{ -+ u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); -+ int ret = 0; -+ -+ if (interruptibility & GUEST_INTR_STATE_STI) -+ ret |= KVM_X86_SHADOW_INT_STI; -+ if (interruptibility & GUEST_INTR_STATE_MOV_SS) -+ ret |= KVM_X86_SHADOW_INT_MOV_SS; -+ -+ return ret; -+} -+ -+void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask) -+{ -+ u32 interruptibility_old = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); -+ u32 interruptibility = interruptibility_old; -+ -+ interruptibility &= ~(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS); -+ -+ if (mask & KVM_X86_SHADOW_INT_MOV_SS) -+ interruptibility |= GUEST_INTR_STATE_MOV_SS; -+ else if (mask & KVM_X86_SHADOW_INT_STI) -+ interruptibility |= GUEST_INTR_STATE_STI; -+ -+ if ((interruptibility != interruptibility_old)) -+ vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility); -+} -+ -+static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long value; -+ -+ /* -+ * Any MSR write that attempts to change bits marked reserved will -+ * case a #GP fault. -+ */ -+ if (data & vmx->pt_desc.ctl_bitmask) -+ return 1; -+ -+ /* -+ * Any attempt to modify IA32_RTIT_CTL while TraceEn is set will -+ * result in a #GP unless the same write also clears TraceEn. -+ */ -+ if ((vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) && -+ ((vmx->pt_desc.guest.ctl ^ data) & ~RTIT_CTL_TRACEEN)) -+ return 1; -+ -+ /* -+ * WRMSR to IA32_RTIT_CTL that sets TraceEn but clears this bit -+ * and FabricEn would cause #GP, if -+ * CPUID.(EAX=14H, ECX=0):ECX.SNGLRGNOUT[bit 2] = 0 -+ */ -+ if ((data & RTIT_CTL_TRACEEN) && !(data & RTIT_CTL_TOPA) && -+ !(data & RTIT_CTL_FABRIC_EN) && -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_single_range_output)) -+ return 1; -+ -+ /* -+ * MTCFreq, CycThresh and PSBFreq encodings check, any MSR write that -+ * utilize encodings marked reserved will casue a #GP fault. -+ */ -+ value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc_periods); -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc) && -+ !test_bit((data & RTIT_CTL_MTC_RANGE) >> -+ RTIT_CTL_MTC_RANGE_OFFSET, &value)) -+ return 1; -+ value = intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_cycle_thresholds); -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) && -+ !test_bit((data & RTIT_CTL_CYC_THRESH) >> -+ RTIT_CTL_CYC_THRESH_OFFSET, &value)) -+ return 1; -+ value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_periods); -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) && -+ !test_bit((data & RTIT_CTL_PSB_FREQ) >> -+ RTIT_CTL_PSB_FREQ_OFFSET, &value)) -+ return 1; -+ -+ /* -+ * If ADDRx_CFG is reserved or the encodings is >2 will -+ * cause a #GP fault. -+ */ -+ value = (data & RTIT_CTL_ADDR0) >> RTIT_CTL_ADDR0_OFFSET; -+ if ((value && (vmx->pt_desc.addr_range < 1)) || (value > 2)) -+ return 1; -+ value = (data & RTIT_CTL_ADDR1) >> RTIT_CTL_ADDR1_OFFSET; -+ if ((value && (vmx->pt_desc.addr_range < 2)) || (value > 2)) -+ return 1; -+ value = (data & RTIT_CTL_ADDR2) >> RTIT_CTL_ADDR2_OFFSET; -+ if ((value && (vmx->pt_desc.addr_range < 3)) || (value > 2)) -+ return 1; -+ value = (data & RTIT_CTL_ADDR3) >> RTIT_CTL_ADDR3_OFFSET; -+ if ((value && (vmx->pt_desc.addr_range < 4)) || (value > 2)) -+ return 1; -+ -+ return 0; -+} -+ -+static int skip_emulated_instruction(struct kvm_vcpu *vcpu) -+{ -+ unsigned long rip; -+ -+ /* -+ * Using VMCS.VM_EXIT_INSTRUCTION_LEN on EPT misconfig depends on -+ * undefined behavior: Intel's SDM doesn't mandate the VMCS field be -+ * set when EPT misconfig occurs. In practice, real hardware updates -+ * VM_EXIT_INSTRUCTION_LEN on EPT misconfig, but other hypervisors -+ * (namely Hyper-V) don't set it due to it being undefined behavior, -+ * i.e. we end up advancing IP with some random value. -+ */ -+ if (!static_cpu_has(X86_FEATURE_HYPERVISOR) || -+ to_vmx(vcpu)->exit_reason != EXIT_REASON_EPT_MISCONFIG) { -+ rip = kvm_rip_read(vcpu); -+ rip += vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -+ kvm_rip_write(vcpu, rip); -+ } else { -+ if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP)) -+ return 0; -+ } -+ -+ /* skipping an emulated instruction also counts */ -+ vmx_set_interrupt_shadow(vcpu, 0); -+ -+ return 1; -+} -+ -+static void vmx_clear_hlt(struct kvm_vcpu *vcpu) -+{ -+ /* -+ * Ensure that we clear the HLT state in the VMCS. We don't need to -+ * explicitly skip the instruction because if the HLT state is set, -+ * then the instruction is already executing and RIP has already been -+ * advanced. -+ */ -+ if (kvm_hlt_in_guest(vcpu->kvm) && -+ vmcs_read32(GUEST_ACTIVITY_STATE) == GUEST_ACTIVITY_HLT) -+ vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE); -+} -+ -+static void vmx_queue_exception(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned nr = vcpu->arch.exception.nr; -+ bool has_error_code = vcpu->arch.exception.has_error_code; -+ u32 error_code = vcpu->arch.exception.error_code; -+ u32 intr_info = nr | INTR_INFO_VALID_MASK; -+ -+ kvm_deliver_exception_payload(vcpu); -+ -+ if (has_error_code) { -+ vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code); -+ intr_info |= INTR_INFO_DELIVER_CODE_MASK; -+ } -+ -+ if (vmx->rmode.vm86_active) { -+ int inc_eip = 0; -+ if (kvm_exception_is_soft(nr)) -+ inc_eip = vcpu->arch.event_exit_inst_len; -+ kvm_inject_realmode_interrupt(vcpu, nr, inc_eip); -+ return; -+ } -+ -+ WARN_ON_ONCE(vmx->emulation_required); -+ -+ if (kvm_exception_is_soft(nr)) { -+ vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, -+ vmx->vcpu.arch.event_exit_inst_len); -+ intr_info |= INTR_TYPE_SOFT_EXCEPTION; -+ } else -+ intr_info |= INTR_TYPE_HARD_EXCEPTION; -+ -+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info); -+ -+ vmx_clear_hlt(vcpu); -+} -+ -+static bool vmx_rdtscp_supported(void) -+{ -+ return cpu_has_vmx_rdtscp(); -+} -+ -+static bool vmx_invpcid_supported(void) -+{ -+ return cpu_has_vmx_invpcid(); -+} -+ -+/* -+ * Swap MSR entry in host/guest MSR entry array. -+ */ -+static void move_msr_up(struct vcpu_vmx *vmx, int from, int to) -+{ -+ struct shared_msr_entry tmp; -+ -+ tmp = vmx->guest_msrs[to]; -+ vmx->guest_msrs[to] = vmx->guest_msrs[from]; -+ vmx->guest_msrs[from] = tmp; -+} -+ -+/* -+ * Set up the vmcs to automatically save and restore system -+ * msrs. Don't touch the 64-bit msrs if the guest is in legacy -+ * mode, as fiddling with msrs is very expensive. -+ */ -+static void setup_msrs(struct vcpu_vmx *vmx) -+{ -+ int save_nmsrs, index; -+ -+ save_nmsrs = 0; -+#ifdef CONFIG_X86_64 -+ /* -+ * The SYSCALL MSRs are only needed on long mode guests, and only -+ * when EFER.SCE is set. -+ */ -+ if (is_long_mode(&vmx->vcpu) && (vmx->vcpu.arch.efer & EFER_SCE)) { -+ index = __find_msr_index(vmx, MSR_STAR); -+ if (index >= 0) -+ move_msr_up(vmx, index, save_nmsrs++); -+ index = __find_msr_index(vmx, MSR_LSTAR); -+ if (index >= 0) -+ move_msr_up(vmx, index, save_nmsrs++); -+ index = __find_msr_index(vmx, MSR_SYSCALL_MASK); -+ if (index >= 0) -+ move_msr_up(vmx, index, save_nmsrs++); -+ } -+#endif -+ index = __find_msr_index(vmx, MSR_EFER); -+ if (index >= 0 && update_transition_efer(vmx, index)) -+ move_msr_up(vmx, index, save_nmsrs++); -+ index = __find_msr_index(vmx, MSR_TSC_AUX); -+ if (index >= 0 && guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDTSCP)) -+ move_msr_up(vmx, index, save_nmsrs++); -+ index = __find_msr_index(vmx, MSR_IA32_TSX_CTRL); -+ if (index >= 0) -+ move_msr_up(vmx, index, save_nmsrs++); -+ -+ vmx->save_nmsrs = save_nmsrs; -+ vmx->guest_msrs_ready = false; -+ -+ if (cpu_has_vmx_msr_bitmap()) -+ vmx_update_msr_bitmap(&vmx->vcpu); -+} -+ -+static u64 vmx_read_l1_tsc_offset(struct kvm_vcpu *vcpu) -+{ -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ -+ if (is_guest_mode(vcpu) && -+ (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETTING)) -+ return vcpu->arch.tsc_offset - vmcs12->tsc_offset; -+ -+ return vcpu->arch.tsc_offset; -+} -+ -+static u64 vmx_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) -+{ -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ u64 g_tsc_offset = 0; -+ -+ /* -+ * We're here if L1 chose not to trap WRMSR to TSC. According -+ * to the spec, this should set L1's TSC; The offset that L1 -+ * set for L2 remains unchanged, and still needs to be added -+ * to the newly set TSC to get L2's TSC. -+ */ -+ if (is_guest_mode(vcpu) && -+ (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETTING)) -+ g_tsc_offset = vmcs12->tsc_offset; -+ -+ trace_kvm_write_tsc_offset(vcpu->vcpu_id, -+ vcpu->arch.tsc_offset - g_tsc_offset, -+ offset); -+ vmcs_write64(TSC_OFFSET, offset + g_tsc_offset); -+ return offset + g_tsc_offset; -+} -+ -+/* -+ * nested_vmx_allowed() checks whether a guest should be allowed to use VMX -+ * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for -+ * all guests if the "nested" module option is off, and can also be disabled -+ * for a single guest by disabling its VMX cpuid bit. -+ */ -+bool nested_vmx_allowed(struct kvm_vcpu *vcpu) -+{ -+ return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX); -+} -+ -+static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, -+ uint64_t val) -+{ -+ uint64_t valid_bits = to_vmx(vcpu)->msr_ia32_feature_control_valid_bits; -+ -+ return !(val & ~valid_bits); -+} -+ -+static int vmx_get_msr_feature(struct kvm_msr_entry *msr) -+{ -+ switch (msr->index) { -+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -+ if (!nested) -+ return 1; -+ return vmx_get_vmx_msr(&vmcs_config.nested, msr->index, &msr->data); -+ default: -+ return 1; -+ } -+} -+ -+/* -+ * Reads an msr value (of 'msr_index') into 'pdata'. -+ * Returns 0 on success, non-0 otherwise. -+ * Assumes vcpu_load() was already called. -+ */ -+static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct shared_msr_entry *msr; -+ u32 index; -+ -+ switch (msr_info->index) { -+#ifdef CONFIG_X86_64 -+ case MSR_FS_BASE: -+ msr_info->data = vmcs_readl(GUEST_FS_BASE); -+ break; -+ case MSR_GS_BASE: -+ msr_info->data = vmcs_readl(GUEST_GS_BASE); -+ break; -+ case MSR_KERNEL_GS_BASE: -+ msr_info->data = vmx_read_guest_kernel_gs_base(vmx); -+ break; -+#endif -+ case MSR_EFER: -+ return kvm_get_msr_common(vcpu, msr_info); -+ case MSR_IA32_TSX_CTRL: -+ if (!msr_info->host_initiated && -+ !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR)) -+ return 1; -+ goto find_shared_msr; -+ case MSR_IA32_UMWAIT_CONTROL: -+ if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx)) -+ return 1; -+ -+ msr_info->data = vmx->msr_ia32_umwait_control; -+ break; -+ case MSR_IA32_SPEC_CTRL: -+ if (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -+ return 1; -+ -+ msr_info->data = to_vmx(vcpu)->spec_ctrl; -+ break; -+ case MSR_IA32_SYSENTER_CS: -+ msr_info->data = vmcs_read32(GUEST_SYSENTER_CS); -+ break; -+ case MSR_IA32_SYSENTER_EIP: -+ msr_info->data = vmcs_readl(GUEST_SYSENTER_EIP); -+ break; -+ case MSR_IA32_SYSENTER_ESP: -+ msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP); -+ break; -+ case MSR_IA32_BNDCFGS: -+ if (!kvm_mpx_supported() || -+ (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) -+ return 1; -+ msr_info->data = vmcs_read64(GUEST_BNDCFGS); -+ break; -+ case MSR_IA32_MCG_EXT_CTL: -+ if (!msr_info->host_initiated && -+ !(vmx->msr_ia32_feature_control & -+ FEATURE_CONTROL_LMCE)) -+ return 1; -+ msr_info->data = vcpu->arch.mcg_ext_ctl; -+ break; -+ case MSR_IA32_FEATURE_CONTROL: -+ msr_info->data = vmx->msr_ia32_feature_control; -+ break; -+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -+ if (!nested_vmx_allowed(vcpu)) -+ return 1; -+ return vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, -+ &msr_info->data); -+ case MSR_IA32_RTIT_CTL: -+ if (pt_mode != PT_MODE_HOST_GUEST) -+ return 1; -+ msr_info->data = vmx->pt_desc.guest.ctl; -+ break; -+ case MSR_IA32_RTIT_STATUS: -+ if (pt_mode != PT_MODE_HOST_GUEST) -+ return 1; -+ msr_info->data = vmx->pt_desc.guest.status; -+ break; -+ case MSR_IA32_RTIT_CR3_MATCH: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_cr3_filtering)) -+ return 1; -+ msr_info->data = vmx->pt_desc.guest.cr3_match; -+ break; -+ case MSR_IA32_RTIT_OUTPUT_BASE: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (!intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_topa_output) && -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_single_range_output))) -+ return 1; -+ msr_info->data = vmx->pt_desc.guest.output_base; -+ break; -+ case MSR_IA32_RTIT_OUTPUT_MASK: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (!intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_topa_output) && -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_single_range_output))) -+ return 1; -+ msr_info->data = vmx->pt_desc.guest.output_mask; -+ break; -+ case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: -+ index = msr_info->index - MSR_IA32_RTIT_ADDR0_A; -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_num_address_ranges))) -+ return 1; -+ if (is_noncanonical_address(data, vcpu)) -+ return 1; -+ if (index % 2) -+ msr_info->data = vmx->pt_desc.guest.addr_b[index / 2]; -+ else -+ msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; -+ break; -+ case MSR_TSC_AUX: -+ if (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) -+ return 1; -+ goto find_shared_msr; -+ default: -+ find_shared_msr: -+ msr = find_msr_entry(vmx, msr_info->index); -+ if (msr) { -+ msr_info->data = msr->data; -+ break; -+ } -+ return kvm_get_msr_common(vcpu, msr_info); -+ } -+ -+ return 0; -+} -+ -+/* -+ * Writes msr value into the appropriate "register". -+ * Returns 0 on success, non-0 otherwise. -+ * Assumes vcpu_load() was already called. -+ */ -+static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct shared_msr_entry *msr; -+ int ret = 0; -+ u32 msr_index = msr_info->index; -+ u64 data = msr_info->data; -+ u32 index; -+ -+ switch (msr_index) { -+ case MSR_EFER: -+ ret = kvm_set_msr_common(vcpu, msr_info); -+ break; -+#ifdef CONFIG_X86_64 -+ case MSR_FS_BASE: -+ vmx_segment_cache_clear(vmx); -+ vmcs_writel(GUEST_FS_BASE, data); -+ break; -+ case MSR_GS_BASE: -+ vmx_segment_cache_clear(vmx); -+ vmcs_writel(GUEST_GS_BASE, data); -+ break; -+ case MSR_KERNEL_GS_BASE: -+ vmx_write_guest_kernel_gs_base(vmx, data); -+ break; -+#endif -+ case MSR_IA32_SYSENTER_CS: -+ if (is_guest_mode(vcpu)) -+ get_vmcs12(vcpu)->guest_sysenter_cs = data; -+ vmcs_write32(GUEST_SYSENTER_CS, data); -+ break; -+ case MSR_IA32_SYSENTER_EIP: -+ if (is_guest_mode(vcpu)) -+ get_vmcs12(vcpu)->guest_sysenter_eip = data; -+ vmcs_writel(GUEST_SYSENTER_EIP, data); -+ break; -+ case MSR_IA32_SYSENTER_ESP: -+ if (is_guest_mode(vcpu)) -+ get_vmcs12(vcpu)->guest_sysenter_esp = data; -+ vmcs_writel(GUEST_SYSENTER_ESP, data); -+ break; -+ case MSR_IA32_DEBUGCTLMSR: -+ if (is_guest_mode(vcpu) && get_vmcs12(vcpu)->vm_exit_controls & -+ VM_EXIT_SAVE_DEBUG_CONTROLS) -+ get_vmcs12(vcpu)->guest_ia32_debugctl = data; -+ -+ ret = kvm_set_msr_common(vcpu, msr_info); -+ break; -+ -+ case MSR_IA32_BNDCFGS: -+ if (!kvm_mpx_supported() || -+ (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) -+ return 1; -+ if (is_noncanonical_address(data & PAGE_MASK, vcpu) || -+ (data & MSR_IA32_BNDCFGS_RSVD)) -+ return 1; -+ vmcs_write64(GUEST_BNDCFGS, data); -+ break; -+ case MSR_IA32_UMWAIT_CONTROL: -+ if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx)) -+ return 1; -+ -+ /* The reserved bit 1 and non-32 bit [63:32] should be zero */ -+ if (data & (BIT_ULL(1) | GENMASK_ULL(63, 32))) -+ return 1; -+ -+ vmx->msr_ia32_umwait_control = data; -+ break; -+ case MSR_IA32_SPEC_CTRL: -+ if (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -+ return 1; -+ -+ /* The STIBP bit doesn't fault even if it's not advertised */ -+ if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD)) -+ return 1; -+ -+ vmx->spec_ctrl = data; -+ -+ if (!data) -+ break; -+ -+ /* -+ * For non-nested: -+ * When it's written (to non-zero) for the first time, pass -+ * it through. -+ * -+ * For nested: -+ * The handling of the MSR bitmap for L2 guests is done in -+ * nested_vmx_prepare_msr_bitmap. We should not touch the -+ * vmcs02.msr_bitmap here since it gets completely overwritten -+ * in the merging. We update the vmcs01 here for L1 as well -+ * since it will end up touching the MSR anyway now. -+ */ -+ vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, -+ MSR_IA32_SPEC_CTRL, -+ MSR_TYPE_RW); -+ break; -+ case MSR_IA32_TSX_CTRL: -+ if (!msr_info->host_initiated && -+ !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR)) -+ return 1; -+ if (data & ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR)) -+ return 1; -+ goto find_shared_msr; -+ case MSR_IA32_PRED_CMD: -+ if (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -+ return 1; -+ -+ if (data & ~PRED_CMD_IBPB) -+ return 1; -+ -+ if (!data) -+ break; -+ -+ wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB); -+ -+ /* -+ * For non-nested: -+ * When it's written (to non-zero) for the first time, pass -+ * it through. -+ * -+ * For nested: -+ * The handling of the MSR bitmap for L2 guests is done in -+ * nested_vmx_prepare_msr_bitmap. We should not touch the -+ * vmcs02.msr_bitmap here since it gets completely overwritten -+ * in the merging. -+ */ -+ vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD, -+ MSR_TYPE_W); -+ break; -+ case MSR_IA32_CR_PAT: -+ if (!kvm_pat_valid(data)) -+ return 1; -+ -+ if (is_guest_mode(vcpu) && -+ get_vmcs12(vcpu)->vm_exit_controls & VM_EXIT_SAVE_IA32_PAT) -+ get_vmcs12(vcpu)->guest_ia32_pat = data; -+ -+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) { -+ vmcs_write64(GUEST_IA32_PAT, data); -+ vcpu->arch.pat = data; -+ break; -+ } -+ ret = kvm_set_msr_common(vcpu, msr_info); -+ break; -+ case MSR_IA32_TSC_ADJUST: -+ ret = kvm_set_msr_common(vcpu, msr_info); -+ break; -+ case MSR_IA32_MCG_EXT_CTL: -+ if ((!msr_info->host_initiated && -+ !(to_vmx(vcpu)->msr_ia32_feature_control & -+ FEATURE_CONTROL_LMCE)) || -+ (data & ~MCG_EXT_CTL_LMCE_EN)) -+ return 1; -+ vcpu->arch.mcg_ext_ctl = data; -+ break; -+ case MSR_IA32_FEATURE_CONTROL: -+ if (!vmx_feature_control_msr_valid(vcpu, data) || -+ (to_vmx(vcpu)->msr_ia32_feature_control & -+ FEATURE_CONTROL_LOCKED && !msr_info->host_initiated)) -+ return 1; -+ vmx->msr_ia32_feature_control = data; -+ if (msr_info->host_initiated && data == 0) -+ vmx_leave_nested(vcpu); -+ break; -+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -+ if (!msr_info->host_initiated) -+ return 1; /* they are read-only */ -+ if (!nested_vmx_allowed(vcpu)) -+ return 1; -+ return vmx_set_vmx_msr(vcpu, msr_index, data); -+ case MSR_IA32_RTIT_CTL: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ vmx_rtit_ctl_check(vcpu, data) || -+ vmx->nested.vmxon) -+ return 1; -+ vmcs_write64(GUEST_IA32_RTIT_CTL, data); -+ vmx->pt_desc.guest.ctl = data; -+ pt_update_intercept_for_msr(vmx); -+ break; -+ case MSR_IA32_RTIT_STATUS: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -+ (data & MSR_IA32_RTIT_STATUS_MASK)) -+ return 1; -+ vmx->pt_desc.guest.status = data; -+ break; -+ case MSR_IA32_RTIT_CR3_MATCH: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_cr3_filtering)) -+ return 1; -+ vmx->pt_desc.guest.cr3_match = data; -+ break; -+ case MSR_IA32_RTIT_OUTPUT_BASE: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -+ (!intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_topa_output) && -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_single_range_output)) || -+ (data & MSR_IA32_RTIT_OUTPUT_BASE_MASK)) -+ return 1; -+ vmx->pt_desc.guest.output_base = data; -+ break; -+ case MSR_IA32_RTIT_OUTPUT_MASK: -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -+ (!intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_topa_output) && -+ !intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_single_range_output))) -+ return 1; -+ vmx->pt_desc.guest.output_mask = data; -+ break; -+ case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: -+ index = msr_info->index - MSR_IA32_RTIT_ADDR0_A; -+ if ((pt_mode != PT_MODE_HOST_GUEST) || -+ (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -+ (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_num_address_ranges))) -+ return 1; -+ if (is_noncanonical_address(data, vcpu)) -+ return 1; -+ if (index % 2) -+ vmx->pt_desc.guest.addr_b[index / 2] = data; -+ else -+ vmx->pt_desc.guest.addr_a[index / 2] = data; -+ break; -+ case MSR_TSC_AUX: -+ if (!msr_info->host_initiated && -+ !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) -+ return 1; -+ /* Check reserved bit, higher 32 bits should be zero */ -+ if ((data >> 32) != 0) -+ return 1; -+ goto find_shared_msr; -+ -+ default: -+ find_shared_msr: -+ msr = find_msr_entry(vmx, msr_index); -+ if (msr) -+ ret = vmx_set_guest_msr(vmx, msr, data); -+ else -+ ret = kvm_set_msr_common(vcpu, msr_info); -+ } -+ -+ return ret; -+} -+ -+static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) -+{ -+ kvm_register_mark_available(vcpu, reg); -+ -+ switch (reg) { -+ case VCPU_REGS_RSP: -+ vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP); -+ break; -+ case VCPU_REGS_RIP: -+ vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP); -+ break; -+ case VCPU_EXREG_PDPTR: -+ if (enable_ept) -+ ept_save_pdptrs(vcpu); -+ break; -+ case VCPU_EXREG_CR3: -+ if (enable_unrestricted_guest || (enable_ept && is_paging(vcpu))) -+ vcpu->arch.cr3 = vmcs_readl(GUEST_CR3); -+ break; -+ default: -+ WARN_ON_ONCE(1); -+ break; -+ } -+} -+ -+static __init int cpu_has_kvm_support(void) -+{ -+ return cpu_has_vmx(); -+} -+ -+static __init int vmx_disabled_by_bios(void) -+{ -+ u64 msr; -+ -+ rdmsrl(MSR_IA32_FEATURE_CONTROL, msr); -+ if (msr & FEATURE_CONTROL_LOCKED) { -+ /* launched w/ TXT and VMX disabled */ -+ if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX) -+ && tboot_enabled()) -+ return 1; -+ /* launched w/o TXT and VMX only enabled w/ TXT */ -+ if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX) -+ && (msr & FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX) -+ && !tboot_enabled()) { -+ printk(KERN_WARNING "kvm: disable TXT in the BIOS or " -+ "activate TXT before enabling KVM\n"); -+ return 1; -+ } -+ /* launched w/o TXT and VMX disabled */ -+ if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX) -+ && !tboot_enabled()) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+static void kvm_cpu_vmxon(u64 addr) -+{ -+ cr4_set_bits(X86_CR4_VMXE); -+ intel_pt_handle_vmx(1); -+ -+ asm volatile ("vmxon %0" : : "m"(addr)); -+} -+ -+static int hardware_enable(void) -+{ -+ int cpu = raw_smp_processor_id(); -+ u64 phys_addr = __pa(per_cpu(vmxarea, cpu)); -+ u64 old, test_bits; -+ -+ if (cr4_read_shadow() & X86_CR4_VMXE) -+ return -EBUSY; -+ -+ /* -+ * This can happen if we hot-added a CPU but failed to allocate -+ * VP assist page for it. -+ */ -+ if (static_branch_unlikely(&enable_evmcs) && -+ !hv_get_vp_assist_page(cpu)) -+ return -EFAULT; -+ -+ INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu)); -+ INIT_LIST_HEAD(&per_cpu(blocked_vcpu_on_cpu, cpu)); -+ spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); -+ -+ /* -+ * Now we can enable the vmclear operation in kdump -+ * since the loaded_vmcss_on_cpu list on this cpu -+ * has been initialized. -+ * -+ * Though the cpu is not in VMX operation now, there -+ * is no problem to enable the vmclear operation -+ * for the loaded_vmcss_on_cpu list is empty! -+ */ -+ crash_enable_local_vmclear(cpu); -+ -+ rdmsrl(MSR_IA32_FEATURE_CONTROL, old); -+ -+ test_bits = FEATURE_CONTROL_LOCKED; -+ test_bits |= FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; -+ if (tboot_enabled()) -+ test_bits |= FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX; -+ -+ if ((old & test_bits) != test_bits) { -+ /* enable and lock */ -+ wrmsrl(MSR_IA32_FEATURE_CONTROL, old | test_bits); -+ } -+ kvm_cpu_vmxon(phys_addr); -+ if (enable_ept) -+ ept_sync_global(); -+ -+ return 0; -+} -+ -+static void vmclear_local_loaded_vmcss(void) -+{ -+ int cpu = raw_smp_processor_id(); -+ struct loaded_vmcs *v, *n; -+ -+ list_for_each_entry_safe(v, n, &per_cpu(loaded_vmcss_on_cpu, cpu), -+ loaded_vmcss_on_cpu_link) -+ __loaded_vmcs_clear(v); -+} -+ -+ -+/* Just like cpu_vmxoff(), but with the __kvm_handle_fault_on_reboot() -+ * tricks. -+ */ -+static void kvm_cpu_vmxoff(void) -+{ -+ asm volatile (__ex("vmxoff")); -+ -+ intel_pt_handle_vmx(0); -+ cr4_clear_bits(X86_CR4_VMXE); -+} -+ -+static void hardware_disable(void) -+{ -+ vmclear_local_loaded_vmcss(); -+ kvm_cpu_vmxoff(); -+} -+ -+static __init int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, -+ u32 msr, u32 *result) -+{ -+ u32 vmx_msr_low, vmx_msr_high; -+ u32 ctl = ctl_min | ctl_opt; -+ -+ rdmsr(msr, vmx_msr_low, vmx_msr_high); -+ -+ ctl &= vmx_msr_high; /* bit == 0 in high word ==> must be zero */ -+ ctl |= vmx_msr_low; /* bit == 1 in low word ==> must be one */ -+ -+ /* Ensure minimum (required) set of control bits are supported. */ -+ if (ctl_min & ~ctl) -+ return -EIO; -+ -+ *result = ctl; -+ return 0; -+} -+ -+static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf, -+ struct vmx_capability *vmx_cap) -+{ -+ u32 vmx_msr_low, vmx_msr_high; -+ u32 min, opt, min2, opt2; -+ u32 _pin_based_exec_control = 0; -+ u32 _cpu_based_exec_control = 0; -+ u32 _cpu_based_2nd_exec_control = 0; -+ u32 _vmexit_control = 0; -+ u32 _vmentry_control = 0; -+ -+ memset(vmcs_conf, 0, sizeof(*vmcs_conf)); -+ min = CPU_BASED_HLT_EXITING | -+#ifdef CONFIG_X86_64 -+ CPU_BASED_CR8_LOAD_EXITING | -+ CPU_BASED_CR8_STORE_EXITING | -+#endif -+ CPU_BASED_CR3_LOAD_EXITING | -+ CPU_BASED_CR3_STORE_EXITING | -+ CPU_BASED_UNCOND_IO_EXITING | -+ CPU_BASED_MOV_DR_EXITING | -+ CPU_BASED_USE_TSC_OFFSETTING | -+ CPU_BASED_MWAIT_EXITING | -+ CPU_BASED_MONITOR_EXITING | -+ CPU_BASED_INVLPG_EXITING | -+ CPU_BASED_RDPMC_EXITING; -+ -+ opt = CPU_BASED_TPR_SHADOW | -+ CPU_BASED_USE_MSR_BITMAPS | -+ CPU_BASED_ACTIVATE_SECONDARY_CONTROLS; -+ if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS, -+ &_cpu_based_exec_control) < 0) -+ return -EIO; -+#ifdef CONFIG_X86_64 -+ if ((_cpu_based_exec_control & CPU_BASED_TPR_SHADOW)) -+ _cpu_based_exec_control &= ~CPU_BASED_CR8_LOAD_EXITING & -+ ~CPU_BASED_CR8_STORE_EXITING; -+#endif -+ if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) { -+ min2 = 0; -+ opt2 = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -+ SECONDARY_EXEC_WBINVD_EXITING | -+ SECONDARY_EXEC_ENABLE_VPID | -+ SECONDARY_EXEC_ENABLE_EPT | -+ SECONDARY_EXEC_UNRESTRICTED_GUEST | -+ SECONDARY_EXEC_PAUSE_LOOP_EXITING | -+ SECONDARY_EXEC_DESC | -+ SECONDARY_EXEC_RDTSCP | -+ SECONDARY_EXEC_ENABLE_INVPCID | -+ SECONDARY_EXEC_APIC_REGISTER_VIRT | -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | -+ SECONDARY_EXEC_SHADOW_VMCS | -+ SECONDARY_EXEC_XSAVES | -+ SECONDARY_EXEC_RDSEED_EXITING | -+ SECONDARY_EXEC_RDRAND_EXITING | -+ SECONDARY_EXEC_ENABLE_PML | -+ SECONDARY_EXEC_TSC_SCALING | -+ SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE | -+ SECONDARY_EXEC_PT_USE_GPA | -+ SECONDARY_EXEC_PT_CONCEAL_VMX | -+ SECONDARY_EXEC_ENABLE_VMFUNC | -+ SECONDARY_EXEC_ENCLS_EXITING; -+ if (adjust_vmx_controls(min2, opt2, -+ MSR_IA32_VMX_PROCBASED_CTLS2, -+ &_cpu_based_2nd_exec_control) < 0) -+ return -EIO; -+ } -+#ifndef CONFIG_X86_64 -+ if (!(_cpu_based_2nd_exec_control & -+ SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) -+ _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW; -+#endif -+ -+ if (!(_cpu_based_exec_control & CPU_BASED_TPR_SHADOW)) -+ _cpu_based_2nd_exec_control &= ~( -+ SECONDARY_EXEC_APIC_REGISTER_VIRT | -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -+ -+ rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, -+ &vmx_cap->ept, &vmx_cap->vpid); -+ -+ if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) { -+ /* CR3 accesses and invlpg don't need to cause VM Exits when EPT -+ enabled */ -+ _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING | -+ CPU_BASED_CR3_STORE_EXITING | -+ CPU_BASED_INVLPG_EXITING); -+ } else if (vmx_cap->ept) { -+ vmx_cap->ept = 0; -+ pr_warn_once("EPT CAP should not exist if not support " -+ "1-setting enable EPT VM-execution control\n"); -+ } -+ if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_VPID) && -+ vmx_cap->vpid) { -+ vmx_cap->vpid = 0; -+ pr_warn_once("VPID CAP should not exist if not support " -+ "1-setting enable VPID VM-execution control\n"); -+ } -+ -+ min = VM_EXIT_SAVE_DEBUG_CONTROLS | VM_EXIT_ACK_INTR_ON_EXIT; -+#ifdef CONFIG_X86_64 -+ min |= VM_EXIT_HOST_ADDR_SPACE_SIZE; -+#endif -+ opt = VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | -+ VM_EXIT_LOAD_IA32_PAT | -+ VM_EXIT_LOAD_IA32_EFER | -+ VM_EXIT_CLEAR_BNDCFGS | -+ VM_EXIT_PT_CONCEAL_PIP | -+ VM_EXIT_CLEAR_IA32_RTIT_CTL; -+ if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_EXIT_CTLS, -+ &_vmexit_control) < 0) -+ return -EIO; -+ -+ min = PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING; -+ opt = PIN_BASED_VIRTUAL_NMIS | PIN_BASED_POSTED_INTR | -+ PIN_BASED_VMX_PREEMPTION_TIMER; -+ if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PINBASED_CTLS, -+ &_pin_based_exec_control) < 0) -+ return -EIO; -+ -+ if (cpu_has_broken_vmx_preemption_timer()) -+ _pin_based_exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER; -+ if (!(_cpu_based_2nd_exec_control & -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)) -+ _pin_based_exec_control &= ~PIN_BASED_POSTED_INTR; -+ -+ min = VM_ENTRY_LOAD_DEBUG_CONTROLS; -+ opt = VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | -+ VM_ENTRY_LOAD_IA32_PAT | -+ VM_ENTRY_LOAD_IA32_EFER | -+ VM_ENTRY_LOAD_BNDCFGS | -+ VM_ENTRY_PT_CONCEAL_PIP | -+ VM_ENTRY_LOAD_IA32_RTIT_CTL; -+ if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_ENTRY_CTLS, -+ &_vmentry_control) < 0) -+ return -EIO; -+ -+ /* -+ * Some cpus support VM_{ENTRY,EXIT}_IA32_PERF_GLOBAL_CTRL but they -+ * can't be used due to an errata where VM Exit may incorrectly clear -+ * IA32_PERF_GLOBAL_CTRL[34:32]. Workaround the errata by using the -+ * MSR load mechanism to switch IA32_PERF_GLOBAL_CTRL. -+ */ -+ if (boot_cpu_data.x86 == 0x6) { -+ switch (boot_cpu_data.x86_model) { -+ case 26: /* AAK155 */ -+ case 30: /* AAP115 */ -+ case 37: /* AAT100 */ -+ case 44: /* BC86,AAY89,BD102 */ -+ case 46: /* BA97 */ -+ _vmentry_control &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; -+ _vmexit_control &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL; -+ pr_warn_once("kvm: VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL " -+ "does not work properly. Using workaround\n"); -+ break; -+ default: -+ break; -+ } -+ } -+ -+ -+ rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high); -+ -+ /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */ -+ if ((vmx_msr_high & 0x1fff) > PAGE_SIZE) -+ return -EIO; -+ -+#ifdef CONFIG_X86_64 -+ /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */ -+ if (vmx_msr_high & (1u<<16)) -+ return -EIO; -+#endif -+ -+ /* Require Write-Back (WB) memory type for VMCS accesses. */ -+ if (((vmx_msr_high >> 18) & 15) != 6) -+ return -EIO; -+ -+ vmcs_conf->size = vmx_msr_high & 0x1fff; -+ vmcs_conf->order = get_order(vmcs_conf->size); -+ vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff; -+ -+ vmcs_conf->revision_id = vmx_msr_low; -+ -+ vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control; -+ vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; -+ vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control; -+ vmcs_conf->vmexit_ctrl = _vmexit_control; -+ vmcs_conf->vmentry_ctrl = _vmentry_control; -+ -+ if (static_branch_unlikely(&enable_evmcs)) -+ evmcs_sanitize_exec_ctrls(vmcs_conf); -+ -+ return 0; -+} -+ -+struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags) -+{ -+ int node = cpu_to_node(cpu); -+ struct page *pages; -+ struct vmcs *vmcs; -+ -+ pages = __alloc_pages_node(node, flags, vmcs_config.order); -+ if (!pages) -+ return NULL; -+ vmcs = page_address(pages); -+ memset(vmcs, 0, vmcs_config.size); -+ -+ /* KVM supports Enlightened VMCS v1 only */ -+ if (static_branch_unlikely(&enable_evmcs)) -+ vmcs->hdr.revision_id = KVM_EVMCS_VERSION; -+ else -+ vmcs->hdr.revision_id = vmcs_config.revision_id; -+ -+ if (shadow) -+ vmcs->hdr.shadow_vmcs = 1; -+ return vmcs; -+} -+ -+void free_vmcs(struct vmcs *vmcs) -+{ -+ free_pages((unsigned long)vmcs, vmcs_config.order); -+} -+ -+/* -+ * Free a VMCS, but before that VMCLEAR it on the CPU where it was last loaded -+ */ -+void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) -+{ -+ if (!loaded_vmcs->vmcs) -+ return; -+ loaded_vmcs_clear(loaded_vmcs); -+ free_vmcs(loaded_vmcs->vmcs); -+ loaded_vmcs->vmcs = NULL; -+ if (loaded_vmcs->msr_bitmap) -+ free_page((unsigned long)loaded_vmcs->msr_bitmap); -+ WARN_ON(loaded_vmcs->shadow_vmcs != NULL); -+} -+ -+int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) -+{ -+ loaded_vmcs->vmcs = alloc_vmcs(false); -+ if (!loaded_vmcs->vmcs) -+ return -ENOMEM; -+ -+ loaded_vmcs->shadow_vmcs = NULL; -+ loaded_vmcs->hv_timer_soft_disabled = false; -+ loaded_vmcs_init(loaded_vmcs); -+ -+ if (cpu_has_vmx_msr_bitmap()) { -+ loaded_vmcs->msr_bitmap = (unsigned long *) -+ __get_free_page(GFP_KERNEL_ACCOUNT); -+ if (!loaded_vmcs->msr_bitmap) -+ goto out_vmcs; -+ memset(loaded_vmcs->msr_bitmap, 0xff, PAGE_SIZE); -+ -+ if (IS_ENABLED(CONFIG_HYPERV) && -+ static_branch_unlikely(&enable_evmcs) && -+ (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) { -+ struct hv_enlightened_vmcs *evmcs = -+ (struct hv_enlightened_vmcs *)loaded_vmcs->vmcs; -+ -+ evmcs->hv_enlightenments_control.msr_bitmap = 1; -+ } -+ } -+ -+ memset(&loaded_vmcs->host_state, 0, sizeof(struct vmcs_host_state)); -+ memset(&loaded_vmcs->controls_shadow, 0, -+ sizeof(struct vmcs_controls_shadow)); -+ -+ return 0; -+ -+out_vmcs: -+ free_loaded_vmcs(loaded_vmcs); -+ return -ENOMEM; -+} -+ -+static void free_kvm_area(void) -+{ -+ int cpu; -+ -+ for_each_possible_cpu(cpu) { -+ free_vmcs(per_cpu(vmxarea, cpu)); -+ per_cpu(vmxarea, cpu) = NULL; -+ } -+} -+ -+static __init int alloc_kvm_area(void) -+{ -+ int cpu; -+ -+ for_each_possible_cpu(cpu) { -+ struct vmcs *vmcs; -+ -+ vmcs = alloc_vmcs_cpu(false, cpu, GFP_KERNEL); -+ if (!vmcs) { -+ free_kvm_area(); -+ return -ENOMEM; -+ } -+ -+ /* -+ * When eVMCS is enabled, alloc_vmcs_cpu() sets -+ * vmcs->revision_id to KVM_EVMCS_VERSION instead of -+ * revision_id reported by MSR_IA32_VMX_BASIC. -+ * -+ * However, even though not explicitly documented by -+ * TLFS, VMXArea passed as VMXON argument should -+ * still be marked with revision_id reported by -+ * physical CPU. -+ */ -+ if (static_branch_unlikely(&enable_evmcs)) -+ vmcs->hdr.revision_id = vmcs_config.revision_id; -+ -+ per_cpu(vmxarea, cpu) = vmcs; -+ } -+ return 0; -+} -+ -+static void fix_pmode_seg(struct kvm_vcpu *vcpu, int seg, -+ struct kvm_segment *save) -+{ -+ if (!emulate_invalid_guest_state) { -+ /* -+ * CS and SS RPL should be equal during guest entry according -+ * to VMX spec, but in reality it is not always so. Since vcpu -+ * is in the middle of the transition from real mode to -+ * protected mode it is safe to assume that RPL 0 is a good -+ * default value. -+ */ -+ if (seg == VCPU_SREG_CS || seg == VCPU_SREG_SS) -+ save->selector &= ~SEGMENT_RPL_MASK; -+ save->dpl = save->selector & SEGMENT_RPL_MASK; -+ save->s = 1; -+ } -+ vmx_set_segment(vcpu, save, seg); -+} -+ -+static void enter_pmode(struct kvm_vcpu *vcpu) -+{ -+ unsigned long flags; -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ /* -+ * Update real mode segment cache. It may be not up-to-date if sement -+ * register was written while vcpu was in a guest mode. -+ */ -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS); -+ -+ vmx->rmode.vm86_active = 0; -+ -+ vmx_segment_cache_clear(vmx); -+ -+ vmx_set_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR); -+ -+ flags = vmcs_readl(GUEST_RFLAGS); -+ flags &= RMODE_GUEST_OWNED_EFLAGS_BITS; -+ flags |= vmx->rmode.save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS; -+ vmcs_writel(GUEST_RFLAGS, flags); -+ -+ vmcs_writel(GUEST_CR4, (vmcs_readl(GUEST_CR4) & ~X86_CR4_VME) | -+ (vmcs_readl(CR4_READ_SHADOW) & X86_CR4_VME)); -+ -+ update_exception_bitmap(vcpu); -+ -+ fix_pmode_seg(vcpu, VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]); -+ fix_pmode_seg(vcpu, VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]); -+ fix_pmode_seg(vcpu, VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]); -+ fix_pmode_seg(vcpu, VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]); -+ fix_pmode_seg(vcpu, VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]); -+ fix_pmode_seg(vcpu, VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]); -+} -+ -+static void fix_rmode_seg(int seg, struct kvm_segment *save) -+{ -+ const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -+ struct kvm_segment var = *save; -+ -+ var.dpl = 0x3; -+ if (seg == VCPU_SREG_CS) -+ var.type = 0x3; -+ -+ if (!emulate_invalid_guest_state) { -+ var.selector = var.base >> 4; -+ var.base = var.base & 0xffff0; -+ var.limit = 0xffff; -+ var.g = 0; -+ var.db = 0; -+ var.present = 1; -+ var.s = 1; -+ var.l = 0; -+ var.unusable = 0; -+ var.type = 0x3; -+ var.avl = 0; -+ if (save->base & 0xf) -+ printk_once(KERN_WARNING "kvm: segment base is not " -+ "paragraph aligned when entering " -+ "protected mode (seg=%d)", seg); -+ } -+ -+ vmcs_write16(sf->selector, var.selector); -+ vmcs_writel(sf->base, var.base); -+ vmcs_write32(sf->limit, var.limit); -+ vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(&var)); -+} -+ -+static void enter_rmode(struct kvm_vcpu *vcpu) -+{ -+ unsigned long flags; -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct kvm_vmx *kvm_vmx = to_kvm_vmx(vcpu->kvm); -+ -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS); -+ vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS); -+ -+ vmx->rmode.vm86_active = 1; -+ -+ /* -+ * Very old userspace does not call KVM_SET_TSS_ADDR before entering -+ * vcpu. Warn the user that an update is overdue. -+ */ -+ if (!kvm_vmx->tss_addr) -+ printk_once(KERN_WARNING "kvm: KVM_SET_TSS_ADDR need to be " -+ "called before entering vcpu\n"); -+ -+ vmx_segment_cache_clear(vmx); -+ -+ vmcs_writel(GUEST_TR_BASE, kvm_vmx->tss_addr); -+ vmcs_write32(GUEST_TR_LIMIT, RMODE_TSS_SIZE - 1); -+ vmcs_write32(GUEST_TR_AR_BYTES, 0x008b); -+ -+ flags = vmcs_readl(GUEST_RFLAGS); -+ vmx->rmode.save_rflags = flags; -+ -+ flags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; -+ -+ vmcs_writel(GUEST_RFLAGS, flags); -+ vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME); -+ update_exception_bitmap(vcpu); -+ -+ fix_rmode_seg(VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]); -+ fix_rmode_seg(VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]); -+ fix_rmode_seg(VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]); -+ fix_rmode_seg(VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]); -+ fix_rmode_seg(VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]); -+ fix_rmode_seg(VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]); -+ -+ kvm_mmu_reset_context(vcpu); -+} -+ -+void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct shared_msr_entry *msr = find_msr_entry(vmx, MSR_EFER); -+ -+ if (!msr) -+ return; -+ -+ vcpu->arch.efer = efer; -+ if (efer & EFER_LMA) { -+ vm_entry_controls_setbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -+ msr->data = efer; -+ } else { -+ vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -+ -+ msr->data = efer & ~EFER_LME; -+ } -+ setup_msrs(vmx); -+} -+ -+#ifdef CONFIG_X86_64 -+ -+static void enter_lmode(struct kvm_vcpu *vcpu) -+{ -+ u32 guest_tr_ar; -+ -+ vmx_segment_cache_clear(to_vmx(vcpu)); -+ -+ guest_tr_ar = vmcs_read32(GUEST_TR_AR_BYTES); -+ if ((guest_tr_ar & VMX_AR_TYPE_MASK) != VMX_AR_TYPE_BUSY_64_TSS) { -+ pr_debug_ratelimited("%s: tss fixup for long mode. \n", -+ __func__); -+ vmcs_write32(GUEST_TR_AR_BYTES, -+ (guest_tr_ar & ~VMX_AR_TYPE_MASK) -+ | VMX_AR_TYPE_BUSY_64_TSS); -+ } -+ vmx_set_efer(vcpu, vcpu->arch.efer | EFER_LMA); -+} -+ -+static void exit_lmode(struct kvm_vcpu *vcpu) -+{ -+ vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -+ vmx_set_efer(vcpu, vcpu->arch.efer & ~EFER_LMA); -+} -+ -+#endif -+ -+static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr) -+{ -+ int vpid = to_vmx(vcpu)->vpid; -+ -+ if (!vpid_sync_vcpu_addr(vpid, addr)) -+ vpid_sync_context(vpid); -+ -+ /* -+ * If VPIDs are not supported or enabled, then the above is a no-op. -+ * But we don't really need a TLB flush in that case anyway, because -+ * each VM entry/exit includes an implicit flush when VPID is 0. -+ */ -+} -+ -+static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu) -+{ -+ ulong cr0_guest_owned_bits = vcpu->arch.cr0_guest_owned_bits; -+ -+ vcpu->arch.cr0 &= ~cr0_guest_owned_bits; -+ vcpu->arch.cr0 |= vmcs_readl(GUEST_CR0) & cr0_guest_owned_bits; -+} -+ -+static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu) -+{ -+ ulong cr4_guest_owned_bits = vcpu->arch.cr4_guest_owned_bits; -+ -+ vcpu->arch.cr4 &= ~cr4_guest_owned_bits; -+ vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & cr4_guest_owned_bits; -+} -+ -+static void ept_load_pdptrs(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_mmu *mmu = vcpu->arch.walk_mmu; -+ -+ if (!kvm_register_is_dirty(vcpu, VCPU_EXREG_PDPTR)) -+ return; -+ -+ if (is_pae_paging(vcpu)) { -+ vmcs_write64(GUEST_PDPTR0, mmu->pdptrs[0]); -+ vmcs_write64(GUEST_PDPTR1, mmu->pdptrs[1]); -+ vmcs_write64(GUEST_PDPTR2, mmu->pdptrs[2]); -+ vmcs_write64(GUEST_PDPTR3, mmu->pdptrs[3]); -+ } -+} -+ -+void ept_save_pdptrs(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_mmu *mmu = vcpu->arch.walk_mmu; -+ -+ if (is_pae_paging(vcpu)) { -+ mmu->pdptrs[0] = vmcs_read64(GUEST_PDPTR0); -+ mmu->pdptrs[1] = vmcs_read64(GUEST_PDPTR1); -+ mmu->pdptrs[2] = vmcs_read64(GUEST_PDPTR2); -+ mmu->pdptrs[3] = vmcs_read64(GUEST_PDPTR3); -+ } -+ -+ kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR); -+} -+ -+static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, -+ unsigned long cr0, -+ struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3)) -+ vmx_cache_reg(vcpu, VCPU_EXREG_CR3); -+ if (!(cr0 & X86_CR0_PG)) { -+ /* From paging/starting to nonpaging */ -+ exec_controls_setbit(vmx, CPU_BASED_CR3_LOAD_EXITING | -+ CPU_BASED_CR3_STORE_EXITING); -+ vcpu->arch.cr0 = cr0; -+ vmx_set_cr4(vcpu, kvm_read_cr4(vcpu)); -+ } else if (!is_paging(vcpu)) { -+ /* From nonpaging to paging */ -+ exec_controls_clearbit(vmx, CPU_BASED_CR3_LOAD_EXITING | -+ CPU_BASED_CR3_STORE_EXITING); -+ vcpu->arch.cr0 = cr0; -+ vmx_set_cr4(vcpu, kvm_read_cr4(vcpu)); -+ } -+ -+ if (!(cr0 & X86_CR0_WP)) -+ *hw_cr0 &= ~X86_CR0_WP; -+} -+ -+void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long hw_cr0; -+ -+ hw_cr0 = (cr0 & ~KVM_VM_CR0_ALWAYS_OFF); -+ if (enable_unrestricted_guest) -+ hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST; -+ else { -+ hw_cr0 |= KVM_VM_CR0_ALWAYS_ON; -+ -+ if (vmx->rmode.vm86_active && (cr0 & X86_CR0_PE)) -+ enter_pmode(vcpu); -+ -+ if (!vmx->rmode.vm86_active && !(cr0 & X86_CR0_PE)) -+ enter_rmode(vcpu); -+ } -+ -+#ifdef CONFIG_X86_64 -+ if (vcpu->arch.efer & EFER_LME) { -+ if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) -+ enter_lmode(vcpu); -+ if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) -+ exit_lmode(vcpu); -+ } -+#endif -+ -+ if (enable_ept && !enable_unrestricted_guest) -+ ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu); -+ -+ vmcs_writel(CR0_READ_SHADOW, cr0); -+ vmcs_writel(GUEST_CR0, hw_cr0); -+ vcpu->arch.cr0 = cr0; -+ -+ /* depends on vcpu->arch.cr0 to be set to a new value */ -+ vmx->emulation_required = emulation_required(vcpu); -+} -+ -+static int get_ept_level(struct kvm_vcpu *vcpu) -+{ -+ if (cpu_has_vmx_ept_5levels() && (cpuid_maxphyaddr(vcpu) > 48)) -+ return 5; -+ return 4; -+} -+ -+u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa) -+{ -+ u64 eptp = VMX_EPTP_MT_WB; -+ -+ eptp |= (get_ept_level(vcpu) == 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4; -+ -+ if (enable_ept_ad_bits && -+ (!is_guest_mode(vcpu) || nested_ept_ad_enabled(vcpu))) -+ eptp |= VMX_EPTP_AD_ENABLE_BIT; -+ eptp |= (root_hpa & PAGE_MASK); -+ -+ return eptp; -+} -+ -+void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) -+{ -+ struct kvm *kvm = vcpu->kvm; -+ bool update_guest_cr3 = true; -+ unsigned long guest_cr3; -+ u64 eptp; -+ -+ guest_cr3 = cr3; -+ if (enable_ept) { -+ eptp = construct_eptp(vcpu, cr3); -+ vmcs_write64(EPT_POINTER, eptp); -+ -+ if (kvm_x86_ops->tlb_remote_flush) { -+ spin_lock(&to_kvm_vmx(kvm)->ept_pointer_lock); -+ to_vmx(vcpu)->ept_pointer = eptp; -+ to_kvm_vmx(kvm)->ept_pointers_match -+ = EPT_POINTERS_CHECK; -+ spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); -+ } -+ -+ /* Loading vmcs02.GUEST_CR3 is handled by nested VM-Enter. */ -+ if (is_guest_mode(vcpu)) -+ update_guest_cr3 = false; -+ else if (!enable_unrestricted_guest && !is_paging(vcpu)) -+ guest_cr3 = to_kvm_vmx(kvm)->ept_identity_map_addr; -+ else if (test_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail)) -+ guest_cr3 = vcpu->arch.cr3; -+ else /* vmcs01.GUEST_CR3 is already up-to-date. */ -+ update_guest_cr3 = false; -+ ept_load_pdptrs(vcpu); -+ } -+ -+ if (update_guest_cr3) -+ vmcs_writel(GUEST_CR3, guest_cr3); -+} -+ -+int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ /* -+ * Pass through host's Machine Check Enable value to hw_cr4, which -+ * is in force while we are in guest mode. Do not let guests control -+ * this bit, even if host CR4.MCE == 0. -+ */ -+ unsigned long hw_cr4; -+ -+ hw_cr4 = (cr4_read_shadow() & X86_CR4_MCE) | (cr4 & ~X86_CR4_MCE); -+ if (enable_unrestricted_guest) -+ hw_cr4 |= KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST; -+ else if (vmx->rmode.vm86_active) -+ hw_cr4 |= KVM_RMODE_VM_CR4_ALWAYS_ON; -+ else -+ hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON; -+ -+ if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) { -+ if (cr4 & X86_CR4_UMIP) { -+ secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC); -+ hw_cr4 &= ~X86_CR4_UMIP; -+ } else if (!is_guest_mode(vcpu) || -+ !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) { -+ secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC); -+ } -+ } -+ -+ if (cr4 & X86_CR4_VMXE) { -+ /* -+ * To use VMXON (and later other VMX instructions), a guest -+ * must first be able to turn on cr4.VMXE (see handle_vmon()). -+ * So basically the check on whether to allow nested VMX -+ * is here. We operate under the default treatment of SMM, -+ * so VMX cannot be enabled under SMM. -+ */ -+ if (!nested_vmx_allowed(vcpu) || is_smm(vcpu)) -+ return 1; -+ } -+ -+ if (vmx->nested.vmxon && !nested_cr4_valid(vcpu, cr4)) -+ return 1; -+ -+ vcpu->arch.cr4 = cr4; -+ -+ if (!enable_unrestricted_guest) { -+ if (enable_ept) { -+ if (!is_paging(vcpu)) { -+ hw_cr4 &= ~X86_CR4_PAE; -+ hw_cr4 |= X86_CR4_PSE; -+ } else if (!(cr4 & X86_CR4_PAE)) { -+ hw_cr4 &= ~X86_CR4_PAE; -+ } -+ } -+ -+ /* -+ * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in -+ * hardware. To emulate this behavior, SMEP/SMAP/PKU needs -+ * to be manually disabled when guest switches to non-paging -+ * mode. -+ * -+ * If !enable_unrestricted_guest, the CPU is always running -+ * with CR0.PG=1 and CR4 needs to be modified. -+ * If enable_unrestricted_guest, the CPU automatically -+ * disables SMEP/SMAP/PKU when the guest sets CR0.PG=0. -+ */ -+ if (!is_paging(vcpu)) -+ hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); -+ } -+ -+ vmcs_writel(CR4_READ_SHADOW, cr4); -+ vmcs_writel(GUEST_CR4, hw_cr4); -+ return 0; -+} -+ -+void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ u32 ar; -+ -+ if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) { -+ *var = vmx->rmode.segs[seg]; -+ if (seg == VCPU_SREG_TR -+ || var->selector == vmx_read_guest_seg_selector(vmx, seg)) -+ return; -+ var->base = vmx_read_guest_seg_base(vmx, seg); -+ var->selector = vmx_read_guest_seg_selector(vmx, seg); -+ return; -+ } -+ var->base = vmx_read_guest_seg_base(vmx, seg); -+ var->limit = vmx_read_guest_seg_limit(vmx, seg); -+ var->selector = vmx_read_guest_seg_selector(vmx, seg); -+ ar = vmx_read_guest_seg_ar(vmx, seg); -+ var->unusable = (ar >> 16) & 1; -+ var->type = ar & 15; -+ var->s = (ar >> 4) & 1; -+ var->dpl = (ar >> 5) & 3; -+ /* -+ * Some userspaces do not preserve unusable property. Since usable -+ * segment has to be present according to VMX spec we can use present -+ * property to amend userspace bug by making unusable segment always -+ * nonpresent. vmx_segment_access_rights() already marks nonpresent -+ * segment as unusable. -+ */ -+ var->present = !var->unusable; -+ var->avl = (ar >> 12) & 1; -+ var->l = (ar >> 13) & 1; -+ var->db = (ar >> 14) & 1; -+ var->g = (ar >> 15) & 1; -+} -+ -+static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg) -+{ -+ struct kvm_segment s; -+ -+ if (to_vmx(vcpu)->rmode.vm86_active) { -+ vmx_get_segment(vcpu, &s, seg); -+ return s.base; -+ } -+ return vmx_read_guest_seg_base(to_vmx(vcpu), seg); -+} -+ -+int vmx_get_cpl(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (unlikely(vmx->rmode.vm86_active)) -+ return 0; -+ else { -+ int ar = vmx_read_guest_seg_ar(vmx, VCPU_SREG_SS); -+ return VMX_AR_DPL(ar); -+ } -+} -+ -+static u32 vmx_segment_access_rights(struct kvm_segment *var) -+{ -+ u32 ar; -+ -+ if (var->unusable || !var->present) -+ ar = 1 << 16; -+ else { -+ ar = var->type & 15; -+ ar |= (var->s & 1) << 4; -+ ar |= (var->dpl & 3) << 5; -+ ar |= (var->present & 1) << 7; -+ ar |= (var->avl & 1) << 12; -+ ar |= (var->l & 1) << 13; -+ ar |= (var->db & 1) << 14; -+ ar |= (var->g & 1) << 15; -+ } -+ -+ return ar; -+} -+ -+void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -+ -+ vmx_segment_cache_clear(vmx); -+ -+ if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) { -+ vmx->rmode.segs[seg] = *var; -+ if (seg == VCPU_SREG_TR) -+ vmcs_write16(sf->selector, var->selector); -+ else if (var->s) -+ fix_rmode_seg(seg, &vmx->rmode.segs[seg]); -+ goto out; -+ } -+ -+ vmcs_writel(sf->base, var->base); -+ vmcs_write32(sf->limit, var->limit); -+ vmcs_write16(sf->selector, var->selector); -+ -+ /* -+ * Fix the "Accessed" bit in AR field of segment registers for older -+ * qemu binaries. -+ * IA32 arch specifies that at the time of processor reset the -+ * "Accessed" bit in the AR field of segment registers is 1. And qemu -+ * is setting it to 0 in the userland code. This causes invalid guest -+ * state vmexit when "unrestricted guest" mode is turned on. -+ * Fix for this setup issue in cpu_reset is being pushed in the qemu -+ * tree. Newer qemu binaries with that qemu fix would not need this -+ * kvm hack. -+ */ -+ if (enable_unrestricted_guest && (seg != VCPU_SREG_LDTR)) -+ var->type |= 0x1; /* Accessed */ -+ -+ vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(var)); -+ -+out: -+ vmx->emulation_required = emulation_required(vcpu); -+} -+ -+static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l) -+{ -+ u32 ar = vmx_read_guest_seg_ar(to_vmx(vcpu), VCPU_SREG_CS); -+ -+ *db = (ar >> 14) & 1; -+ *l = (ar >> 13) & 1; -+} -+ -+static void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) -+{ -+ dt->size = vmcs_read32(GUEST_IDTR_LIMIT); -+ dt->address = vmcs_readl(GUEST_IDTR_BASE); -+} -+ -+static void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) -+{ -+ vmcs_write32(GUEST_IDTR_LIMIT, dt->size); -+ vmcs_writel(GUEST_IDTR_BASE, dt->address); -+} -+ -+static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) -+{ -+ dt->size = vmcs_read32(GUEST_GDTR_LIMIT); -+ dt->address = vmcs_readl(GUEST_GDTR_BASE); -+} -+ -+static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) -+{ -+ vmcs_write32(GUEST_GDTR_LIMIT, dt->size); -+ vmcs_writel(GUEST_GDTR_BASE, dt->address); -+} -+ -+static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg) -+{ -+ struct kvm_segment var; -+ u32 ar; -+ -+ vmx_get_segment(vcpu, &var, seg); -+ var.dpl = 0x3; -+ if (seg == VCPU_SREG_CS) -+ var.type = 0x3; -+ ar = vmx_segment_access_rights(&var); -+ -+ if (var.base != (var.selector << 4)) -+ return false; -+ if (var.limit != 0xffff) -+ return false; -+ if (ar != 0xf3) -+ return false; -+ -+ return true; -+} -+ -+static bool code_segment_valid(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_segment cs; -+ unsigned int cs_rpl; -+ -+ vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); -+ cs_rpl = cs.selector & SEGMENT_RPL_MASK; -+ -+ if (cs.unusable) -+ return false; -+ if (~cs.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_ACCESSES_MASK)) -+ return false; -+ if (!cs.s) -+ return false; -+ if (cs.type & VMX_AR_TYPE_WRITEABLE_MASK) { -+ if (cs.dpl > cs_rpl) -+ return false; -+ } else { -+ if (cs.dpl != cs_rpl) -+ return false; -+ } -+ if (!cs.present) -+ return false; -+ -+ /* TODO: Add Reserved field check, this'll require a new member in the kvm_segment_field structure */ -+ return true; -+} -+ -+static bool stack_segment_valid(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_segment ss; -+ unsigned int ss_rpl; -+ -+ vmx_get_segment(vcpu, &ss, VCPU_SREG_SS); -+ ss_rpl = ss.selector & SEGMENT_RPL_MASK; -+ -+ if (ss.unusable) -+ return true; -+ if (ss.type != 3 && ss.type != 7) -+ return false; -+ if (!ss.s) -+ return false; -+ if (ss.dpl != ss_rpl) /* DPL != RPL */ -+ return false; -+ if (!ss.present) -+ return false; -+ -+ return true; -+} -+ -+static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg) -+{ -+ struct kvm_segment var; -+ unsigned int rpl; -+ -+ vmx_get_segment(vcpu, &var, seg); -+ rpl = var.selector & SEGMENT_RPL_MASK; -+ -+ if (var.unusable) -+ return true; -+ if (!var.s) -+ return false; -+ if (!var.present) -+ return false; -+ if (~var.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_WRITEABLE_MASK)) { -+ if (var.dpl < rpl) /* DPL < RPL */ -+ return false; -+ } -+ -+ /* TODO: Add other members to kvm_segment_field to allow checking for other access -+ * rights flags -+ */ -+ return true; -+} -+ -+static bool tr_valid(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_segment tr; -+ -+ vmx_get_segment(vcpu, &tr, VCPU_SREG_TR); -+ -+ if (tr.unusable) -+ return false; -+ if (tr.selector & SEGMENT_TI_MASK) /* TI = 1 */ -+ return false; -+ if (tr.type != 3 && tr.type != 11) /* TODO: Check if guest is in IA32e mode */ -+ return false; -+ if (!tr.present) -+ return false; -+ -+ return true; -+} -+ -+static bool ldtr_valid(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_segment ldtr; -+ -+ vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR); -+ -+ if (ldtr.unusable) -+ return true; -+ if (ldtr.selector & SEGMENT_TI_MASK) /* TI = 1 */ -+ return false; -+ if (ldtr.type != 2) -+ return false; -+ if (!ldtr.present) -+ return false; -+ -+ return true; -+} -+ -+static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu) -+{ -+ struct kvm_segment cs, ss; -+ -+ vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); -+ vmx_get_segment(vcpu, &ss, VCPU_SREG_SS); -+ -+ return ((cs.selector & SEGMENT_RPL_MASK) == -+ (ss.selector & SEGMENT_RPL_MASK)); -+} -+ -+/* -+ * Check if guest state is valid. Returns true if valid, false if -+ * not. -+ * We assume that registers are always usable -+ */ -+static bool guest_state_valid(struct kvm_vcpu *vcpu) -+{ -+ if (enable_unrestricted_guest) -+ return true; -+ -+ /* real mode guest state checks */ -+ if (!is_protmode(vcpu) || (vmx_get_rflags(vcpu) & X86_EFLAGS_VM)) { -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_CS)) -+ return false; -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_SS)) -+ return false; -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_DS)) -+ return false; -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_ES)) -+ return false; -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_FS)) -+ return false; -+ if (!rmode_segment_valid(vcpu, VCPU_SREG_GS)) -+ return false; -+ } else { -+ /* protected mode guest state checks */ -+ if (!cs_ss_rpl_check(vcpu)) -+ return false; -+ if (!code_segment_valid(vcpu)) -+ return false; -+ if (!stack_segment_valid(vcpu)) -+ return false; -+ if (!data_segment_valid(vcpu, VCPU_SREG_DS)) -+ return false; -+ if (!data_segment_valid(vcpu, VCPU_SREG_ES)) -+ return false; -+ if (!data_segment_valid(vcpu, VCPU_SREG_FS)) -+ return false; -+ if (!data_segment_valid(vcpu, VCPU_SREG_GS)) -+ return false; -+ if (!tr_valid(vcpu)) -+ return false; -+ if (!ldtr_valid(vcpu)) -+ return false; -+ } -+ /* TODO: -+ * - Add checks on RIP -+ * - Add checks on RFLAGS -+ */ -+ -+ return true; -+} -+ -+static int init_rmode_tss(struct kvm *kvm) -+{ -+ gfn_t fn; -+ u16 data = 0; -+ int idx, r; -+ -+ idx = srcu_read_lock(&kvm->srcu); -+ fn = to_kvm_vmx(kvm)->tss_addr >> PAGE_SHIFT; -+ r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); -+ if (r < 0) -+ goto out; -+ data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE; -+ r = kvm_write_guest_page(kvm, fn++, &data, -+ TSS_IOPB_BASE_OFFSET, sizeof(u16)); -+ if (r < 0) -+ goto out; -+ r = kvm_clear_guest_page(kvm, fn++, 0, PAGE_SIZE); -+ if (r < 0) -+ goto out; -+ r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); -+ if (r < 0) -+ goto out; -+ data = ~0; -+ r = kvm_write_guest_page(kvm, fn, &data, -+ RMODE_TSS_SIZE - 2 * PAGE_SIZE - 1, -+ sizeof(u8)); -+out: -+ srcu_read_unlock(&kvm->srcu, idx); -+ return r; -+} -+ -+static int init_rmode_identity_map(struct kvm *kvm) -+{ -+ struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm); -+ int i, idx, r = 0; -+ kvm_pfn_t identity_map_pfn; -+ u32 tmp; -+ -+ /* Protect kvm_vmx->ept_identity_pagetable_done. */ -+ mutex_lock(&kvm->slots_lock); -+ -+ if (likely(kvm_vmx->ept_identity_pagetable_done)) -+ goto out2; -+ -+ if (!kvm_vmx->ept_identity_map_addr) -+ kvm_vmx->ept_identity_map_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR; -+ identity_map_pfn = kvm_vmx->ept_identity_map_addr >> PAGE_SHIFT; -+ -+ r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, -+ kvm_vmx->ept_identity_map_addr, PAGE_SIZE); -+ if (r < 0) -+ goto out2; -+ -+ idx = srcu_read_lock(&kvm->srcu); -+ r = kvm_clear_guest_page(kvm, identity_map_pfn, 0, PAGE_SIZE); -+ if (r < 0) -+ goto out; -+ /* Set up identity-mapping pagetable for EPT in real mode */ -+ for (i = 0; i < PT32_ENT_PER_PAGE; i++) { -+ tmp = (i << 22) + (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | -+ _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE); -+ r = kvm_write_guest_page(kvm, identity_map_pfn, -+ &tmp, i * sizeof(tmp), sizeof(tmp)); -+ if (r < 0) -+ goto out; -+ } -+ kvm_vmx->ept_identity_pagetable_done = true; -+ -+out: -+ srcu_read_unlock(&kvm->srcu, idx); -+ -+out2: -+ mutex_unlock(&kvm->slots_lock); -+ return r; -+} -+ -+static void seg_setup(int seg) -+{ -+ const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -+ unsigned int ar; -+ -+ vmcs_write16(sf->selector, 0); -+ vmcs_writel(sf->base, 0); -+ vmcs_write32(sf->limit, 0xffff); -+ ar = 0x93; -+ if (seg == VCPU_SREG_CS) -+ ar |= 0x08; /* code segment */ -+ -+ vmcs_write32(sf->ar_bytes, ar); -+} -+ -+static int alloc_apic_access_page(struct kvm *kvm) -+{ -+ struct page *page; -+ int r = 0; -+ -+ mutex_lock(&kvm->slots_lock); -+ if (kvm->arch.apic_access_page_done) -+ goto out; -+ r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, -+ APIC_DEFAULT_PHYS_BASE, PAGE_SIZE); -+ if (r) -+ goto out; -+ -+ page = gfn_to_page(kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT); -+ if (is_error_page(page)) { -+ r = -EFAULT; -+ goto out; -+ } -+ -+ /* -+ * Do not pin the page in memory, so that memory hot-unplug -+ * is able to migrate it. -+ */ -+ put_page(page); -+ kvm->arch.apic_access_page_done = true; -+out: -+ mutex_unlock(&kvm->slots_lock); -+ return r; -+} -+ -+int allocate_vpid(void) -+{ -+ int vpid; -+ -+ if (!enable_vpid) -+ return 0; -+ spin_lock(&vmx_vpid_lock); -+ vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS); -+ if (vpid < VMX_NR_VPIDS) -+ __set_bit(vpid, vmx_vpid_bitmap); -+ else -+ vpid = 0; -+ spin_unlock(&vmx_vpid_lock); -+ return vpid; -+} -+ -+void free_vpid(int vpid) -+{ -+ if (!enable_vpid || vpid == 0) -+ return; -+ spin_lock(&vmx_vpid_lock); -+ __clear_bit(vpid, vmx_vpid_bitmap); -+ spin_unlock(&vmx_vpid_lock); -+} -+ -+static __always_inline void vmx_disable_intercept_for_msr(unsigned long *msr_bitmap, -+ u32 msr, int type) -+{ -+ int f = sizeof(unsigned long); -+ -+ if (!cpu_has_vmx_msr_bitmap()) -+ return; -+ -+ if (static_branch_unlikely(&enable_evmcs)) -+ evmcs_touch_msr_bitmap(); -+ -+ /* -+ * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals -+ * have the write-low and read-high bitmap offsets the wrong way round. -+ * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff. -+ */ -+ if (msr <= 0x1fff) { -+ if (type & MSR_TYPE_R) -+ /* read-low */ -+ __clear_bit(msr, msr_bitmap + 0x000 / f); -+ -+ if (type & MSR_TYPE_W) -+ /* write-low */ -+ __clear_bit(msr, msr_bitmap + 0x800 / f); -+ -+ } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -+ msr &= 0x1fff; -+ if (type & MSR_TYPE_R) -+ /* read-high */ -+ __clear_bit(msr, msr_bitmap + 0x400 / f); -+ -+ if (type & MSR_TYPE_W) -+ /* write-high */ -+ __clear_bit(msr, msr_bitmap + 0xc00 / f); -+ -+ } -+} -+ -+static __always_inline void vmx_enable_intercept_for_msr(unsigned long *msr_bitmap, -+ u32 msr, int type) -+{ -+ int f = sizeof(unsigned long); -+ -+ if (!cpu_has_vmx_msr_bitmap()) -+ return; -+ -+ if (static_branch_unlikely(&enable_evmcs)) -+ evmcs_touch_msr_bitmap(); -+ -+ /* -+ * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals -+ * have the write-low and read-high bitmap offsets the wrong way round. -+ * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff. -+ */ -+ if (msr <= 0x1fff) { -+ if (type & MSR_TYPE_R) -+ /* read-low */ -+ __set_bit(msr, msr_bitmap + 0x000 / f); -+ -+ if (type & MSR_TYPE_W) -+ /* write-low */ -+ __set_bit(msr, msr_bitmap + 0x800 / f); -+ -+ } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -+ msr &= 0x1fff; -+ if (type & MSR_TYPE_R) -+ /* read-high */ -+ __set_bit(msr, msr_bitmap + 0x400 / f); -+ -+ if (type & MSR_TYPE_W) -+ /* write-high */ -+ __set_bit(msr, msr_bitmap + 0xc00 / f); -+ -+ } -+} -+ -+static __always_inline void vmx_set_intercept_for_msr(unsigned long *msr_bitmap, -+ u32 msr, int type, bool value) -+{ -+ if (value) -+ vmx_enable_intercept_for_msr(msr_bitmap, msr, type); -+ else -+ vmx_disable_intercept_for_msr(msr_bitmap, msr, type); -+} -+ -+static u8 vmx_msr_bitmap_mode(struct kvm_vcpu *vcpu) -+{ -+ u8 mode = 0; -+ -+ if (cpu_has_secondary_exec_ctrls() && -+ (secondary_exec_controls_get(to_vmx(vcpu)) & -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) { -+ mode |= MSR_BITMAP_MODE_X2APIC; -+ if (enable_apicv && kvm_vcpu_apicv_active(vcpu)) -+ mode |= MSR_BITMAP_MODE_X2APIC_APICV; -+ } -+ -+ return mode; -+} -+ -+static void vmx_update_msr_bitmap_x2apic(unsigned long *msr_bitmap, -+ u8 mode) -+{ -+ int msr; -+ -+ for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -+ unsigned word = msr / BITS_PER_LONG; -+ msr_bitmap[word] = (mode & MSR_BITMAP_MODE_X2APIC_APICV) ? 0 : ~0; -+ msr_bitmap[word + (0x800 / sizeof(long))] = ~0; -+ } -+ -+ if (mode & MSR_BITMAP_MODE_X2APIC) { -+ /* -+ * TPR reads and writes can be virtualized even if virtual interrupt -+ * delivery is not in use. -+ */ -+ vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TASKPRI), MSR_TYPE_RW); -+ if (mode & MSR_BITMAP_MODE_X2APIC_APICV) { -+ vmx_enable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_R); -+ vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_EOI), MSR_TYPE_W); -+ vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W); -+ } -+ } -+} -+ -+void vmx_update_msr_bitmap(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap; -+ u8 mode = vmx_msr_bitmap_mode(vcpu); -+ u8 changed = mode ^ vmx->msr_bitmap_mode; -+ -+ if (!changed) -+ return; -+ -+ if (changed & (MSR_BITMAP_MODE_X2APIC | MSR_BITMAP_MODE_X2APIC_APICV)) -+ vmx_update_msr_bitmap_x2apic(msr_bitmap, mode); -+ -+ vmx->msr_bitmap_mode = mode; -+} -+ -+void pt_update_intercept_for_msr(struct vcpu_vmx *vmx) -+{ -+ unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap; -+ bool flag = !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN); -+ u32 i; -+ -+ vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_STATUS, -+ MSR_TYPE_RW, flag); -+ vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_BASE, -+ MSR_TYPE_RW, flag); -+ vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_MASK, -+ MSR_TYPE_RW, flag); -+ vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_CR3_MATCH, -+ MSR_TYPE_RW, flag); -+ for (i = 0; i < vmx->pt_desc.addr_range; i++) { -+ vmx_set_intercept_for_msr(msr_bitmap, -+ MSR_IA32_RTIT_ADDR0_A + i * 2, MSR_TYPE_RW, flag); -+ vmx_set_intercept_for_msr(msr_bitmap, -+ MSR_IA32_RTIT_ADDR0_B + i * 2, MSR_TYPE_RW, flag); -+ } -+} -+ -+static bool vmx_get_enable_apicv(struct kvm *kvm) -+{ -+ return enable_apicv; -+} -+ -+static bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ void *vapic_page; -+ u32 vppr; -+ int rvi; -+ -+ if (WARN_ON_ONCE(!is_guest_mode(vcpu)) || -+ !nested_cpu_has_vid(get_vmcs12(vcpu)) || -+ WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn)) -+ return false; -+ -+ rvi = vmx_get_rvi(); -+ -+ vapic_page = vmx->nested.virtual_apic_map.hva; -+ vppr = *((u32 *)(vapic_page + APIC_PROCPRI)); -+ -+ return ((rvi & 0xf0) > (vppr & 0xf0)); -+} -+ -+static inline bool kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu, -+ bool nested) -+{ -+#ifdef CONFIG_SMP -+ int pi_vec = nested ? POSTED_INTR_NESTED_VECTOR : POSTED_INTR_VECTOR; -+ -+ if (vcpu->mode == IN_GUEST_MODE) { -+ /* -+ * The vector of interrupt to be delivered to vcpu had -+ * been set in PIR before this function. -+ * -+ * Following cases will be reached in this block, and -+ * we always send a notification event in all cases as -+ * explained below. -+ * -+ * Case 1: vcpu keeps in non-root mode. Sending a -+ * notification event posts the interrupt to vcpu. -+ * -+ * Case 2: vcpu exits to root mode and is still -+ * runnable. PIR will be synced to vIRR before the -+ * next vcpu entry. Sending a notification event in -+ * this case has no effect, as vcpu is not in root -+ * mode. -+ * -+ * Case 3: vcpu exits to root mode and is blocked. -+ * vcpu_block() has already synced PIR to vIRR and -+ * never blocks vcpu if vIRR is not cleared. Therefore, -+ * a blocked vcpu here does not wait for any requested -+ * interrupts in PIR, and sending a notification event -+ * which has no effect is safe here. -+ */ -+ -+ apic->send_IPI_mask(get_cpu_mask(vcpu->cpu), pi_vec); -+ return true; -+ } -+#endif -+ return false; -+} -+ -+static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, -+ int vector) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (is_guest_mode(vcpu) && -+ vector == vmx->nested.posted_intr_nv) { -+ /* -+ * If a posted intr is not recognized by hardware, -+ * we will accomplish it in the next vmentry. -+ */ -+ vmx->nested.pi_pending = true; -+ kvm_make_request(KVM_REQ_EVENT, vcpu); -+ /* the PIR and ON have been set by L1. */ -+ if (!kvm_vcpu_trigger_posted_interrupt(vcpu, true)) -+ kvm_vcpu_kick(vcpu); -+ return 0; -+ } -+ return -1; -+} -+/* -+ * Send interrupt to vcpu via posted interrupt way. -+ * 1. If target vcpu is running(non-root mode), send posted interrupt -+ * notification to vcpu and hardware will sync PIR to vIRR atomically. -+ * 2. If target vcpu isn't running(root mode), kick it to pick up the -+ * interrupt from PIR in next vmentry. -+ */ -+static void vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ int r; -+ -+ r = vmx_deliver_nested_posted_interrupt(vcpu, vector); -+ if (!r) -+ return; -+ -+ if (pi_test_and_set_pir(vector, &vmx->pi_desc)) -+ return; -+ -+ /* If a previous notification has sent the IPI, nothing to do. */ -+ if (pi_test_and_set_on(&vmx->pi_desc)) -+ return; -+ -+ if (!kvm_vcpu_trigger_posted_interrupt(vcpu, false)) -+ kvm_vcpu_kick(vcpu); -+} -+ -+/* -+ * Set up the vmcs's constant host-state fields, i.e., host-state fields that -+ * will not change in the lifetime of the guest. -+ * Note that host-state that does change is set elsewhere. E.g., host-state -+ * that is set differently for each CPU is set in vmx_vcpu_load(), not here. -+ */ -+void vmx_set_constant_host_state(struct vcpu_vmx *vmx) -+{ -+ u32 low32, high32; -+ unsigned long tmpl; -+ unsigned long cr0, cr3, cr4; -+ -+ cr0 = read_cr0(); -+ WARN_ON(cr0 & X86_CR0_TS); -+ vmcs_writel(HOST_CR0, cr0); /* 22.2.3 */ -+ -+ /* -+ * Save the most likely value for this task's CR3 in the VMCS. -+ * We can't use __get_current_cr3_fast() because we're not atomic. -+ */ -+ cr3 = __read_cr3(); -+ vmcs_writel(HOST_CR3, cr3); /* 22.2.3 FIXME: shadow tables */ -+ vmx->loaded_vmcs->host_state.cr3 = cr3; -+ -+ /* Save the most likely value for this task's CR4 in the VMCS. */ -+ cr4 = cr4_read_shadow(); -+ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ -+ vmx->loaded_vmcs->host_state.cr4 = cr4; -+ -+ vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ -+#ifdef CONFIG_X86_64 -+ /* -+ * Load null selectors, so we can avoid reloading them in -+ * vmx_prepare_switch_to_host(), in case userspace uses -+ * the null selectors too (the expected case). -+ */ -+ vmcs_write16(HOST_DS_SELECTOR, 0); -+ vmcs_write16(HOST_ES_SELECTOR, 0); -+#else -+ vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -+ vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -+#endif -+ vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -+ vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); /* 22.2.4 */ -+ -+ vmcs_writel(HOST_IDTR_BASE, host_idt_base); /* 22.2.4 */ -+ -+ vmcs_writel(HOST_RIP, (unsigned long)vmx_vmexit); /* 22.2.5 */ -+ -+ rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); -+ vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -+ rdmsrl(MSR_IA32_SYSENTER_EIP, tmpl); -+ vmcs_writel(HOST_IA32_SYSENTER_EIP, tmpl); /* 22.2.3 */ -+ -+ if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) { -+ rdmsr(MSR_IA32_CR_PAT, low32, high32); -+ vmcs_write64(HOST_IA32_PAT, low32 | ((u64) high32 << 32)); -+ } -+ -+ if (cpu_has_load_ia32_efer()) -+ vmcs_write64(HOST_IA32_EFER, host_efer); -+} -+ -+void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) -+{ -+ vmx->vcpu.arch.cr4_guest_owned_bits = KVM_CR4_GUEST_OWNED_BITS; -+ if (enable_ept) -+ vmx->vcpu.arch.cr4_guest_owned_bits |= X86_CR4_PGE; -+ if (is_guest_mode(&vmx->vcpu)) -+ vmx->vcpu.arch.cr4_guest_owned_bits &= -+ ~get_vmcs12(&vmx->vcpu)->cr4_guest_host_mask; -+ vmcs_writel(CR4_GUEST_HOST_MASK, ~vmx->vcpu.arch.cr4_guest_owned_bits); -+} -+ -+u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx) -+{ -+ u32 pin_based_exec_ctrl = vmcs_config.pin_based_exec_ctrl; -+ -+ if (!kvm_vcpu_apicv_active(&vmx->vcpu)) -+ pin_based_exec_ctrl &= ~PIN_BASED_POSTED_INTR; -+ -+ if (!enable_vnmi) -+ pin_based_exec_ctrl &= ~PIN_BASED_VIRTUAL_NMIS; -+ -+ if (!enable_preemption_timer) -+ pin_based_exec_ctrl &= ~PIN_BASED_VMX_PREEMPTION_TIMER; -+ -+ return pin_based_exec_ctrl; -+} -+ -+static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx)); -+ if (cpu_has_secondary_exec_ctrls()) { -+ if (kvm_vcpu_apicv_active(vcpu)) -+ secondary_exec_controls_setbit(vmx, -+ SECONDARY_EXEC_APIC_REGISTER_VIRT | -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -+ else -+ secondary_exec_controls_clearbit(vmx, -+ SECONDARY_EXEC_APIC_REGISTER_VIRT | -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -+ } -+ -+ if (cpu_has_vmx_msr_bitmap()) -+ vmx_update_msr_bitmap(vcpu); -+} -+ -+u32 vmx_exec_control(struct vcpu_vmx *vmx) -+{ -+ u32 exec_control = vmcs_config.cpu_based_exec_ctrl; -+ -+ if (vmx->vcpu.arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT) -+ exec_control &= ~CPU_BASED_MOV_DR_EXITING; -+ -+ if (!cpu_need_tpr_shadow(&vmx->vcpu)) { -+ exec_control &= ~CPU_BASED_TPR_SHADOW; -+#ifdef CONFIG_X86_64 -+ exec_control |= CPU_BASED_CR8_STORE_EXITING | -+ CPU_BASED_CR8_LOAD_EXITING; -+#endif -+ } -+ if (!enable_ept) -+ exec_control |= CPU_BASED_CR3_STORE_EXITING | -+ CPU_BASED_CR3_LOAD_EXITING | -+ CPU_BASED_INVLPG_EXITING; -+ if (kvm_mwait_in_guest(vmx->vcpu.kvm)) -+ exec_control &= ~(CPU_BASED_MWAIT_EXITING | -+ CPU_BASED_MONITOR_EXITING); -+ if (kvm_hlt_in_guest(vmx->vcpu.kvm)) -+ exec_control &= ~CPU_BASED_HLT_EXITING; -+ return exec_control; -+} -+ -+ -+static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) -+{ -+ struct kvm_vcpu *vcpu = &vmx->vcpu; -+ -+ u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl; -+ -+ if (pt_mode == PT_MODE_SYSTEM) -+ exec_control &= ~(SECONDARY_EXEC_PT_USE_GPA | SECONDARY_EXEC_PT_CONCEAL_VMX); -+ if (!cpu_need_virtualize_apic_accesses(vcpu)) -+ exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; -+ if (vmx->vpid == 0) -+ exec_control &= ~SECONDARY_EXEC_ENABLE_VPID; -+ if (!enable_ept) { -+ exec_control &= ~SECONDARY_EXEC_ENABLE_EPT; -+ enable_unrestricted_guest = 0; -+ } -+ if (!enable_unrestricted_guest) -+ exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST; -+ if (kvm_pause_in_guest(vmx->vcpu.kvm)) -+ exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING; -+ if (!kvm_vcpu_apicv_active(vcpu)) -+ exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT | -+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -+ exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; -+ -+ /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP, -+ * in vmx_set_cr4. */ -+ exec_control &= ~SECONDARY_EXEC_DESC; -+ -+ /* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD -+ (handle_vmptrld). -+ We can NOT enable shadow_vmcs here because we don't have yet -+ a current VMCS12 -+ */ -+ exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS; -+ -+ if (!enable_pml) -+ exec_control &= ~SECONDARY_EXEC_ENABLE_PML; -+ -+ if (vmx_xsaves_supported()) { -+ /* Exposing XSAVES only when XSAVE is exposed */ -+ bool xsaves_enabled = -+ guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && -+ guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); -+ -+ vcpu->arch.xsaves_enabled = xsaves_enabled; -+ -+ if (!xsaves_enabled) -+ exec_control &= ~SECONDARY_EXEC_XSAVES; -+ -+ if (nested) { -+ if (xsaves_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_XSAVES; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_XSAVES; -+ } -+ } -+ -+ if (vmx_rdtscp_supported()) { -+ bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP); -+ if (!rdtscp_enabled) -+ exec_control &= ~SECONDARY_EXEC_RDTSCP; -+ -+ if (nested) { -+ if (rdtscp_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_RDTSCP; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_RDTSCP; -+ } -+ } -+ -+ if (vmx_invpcid_supported()) { -+ /* Exposing INVPCID only when PCID is exposed */ -+ bool invpcid_enabled = -+ guest_cpuid_has(vcpu, X86_FEATURE_INVPCID) && -+ guest_cpuid_has(vcpu, X86_FEATURE_PCID); -+ -+ if (!invpcid_enabled) { -+ exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID; -+ guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); -+ } -+ -+ if (nested) { -+ if (invpcid_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_ENABLE_INVPCID; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_ENABLE_INVPCID; -+ } -+ } -+ -+ if (vmx_rdrand_supported()) { -+ bool rdrand_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDRAND); -+ if (rdrand_enabled) -+ exec_control &= ~SECONDARY_EXEC_RDRAND_EXITING; -+ -+ if (nested) { -+ if (rdrand_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_RDRAND_EXITING; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_RDRAND_EXITING; -+ } -+ } -+ -+ if (vmx_rdseed_supported()) { -+ bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); -+ if (rdseed_enabled) -+ exec_control &= ~SECONDARY_EXEC_RDSEED_EXITING; -+ -+ if (nested) { -+ if (rdseed_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_RDSEED_EXITING; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_RDSEED_EXITING; -+ } -+ } -+ -+ if (vmx_waitpkg_supported()) { -+ bool waitpkg_enabled = -+ guest_cpuid_has(vcpu, X86_FEATURE_WAITPKG); -+ -+ if (!waitpkg_enabled) -+ exec_control &= ~SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -+ -+ if (nested) { -+ if (waitpkg_enabled) -+ vmx->nested.msrs.secondary_ctls_high |= -+ SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -+ else -+ vmx->nested.msrs.secondary_ctls_high &= -+ ~SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -+ } -+ } -+ -+ vmx->secondary_exec_control = exec_control; -+} -+ -+static void ept_set_mmio_spte_mask(void) -+{ -+ /* -+ * EPT Misconfigurations can be generated if the value of bits 2:0 -+ * of an EPT paging-structure entry is 110b (write/execute). -+ */ -+ kvm_mmu_set_mmio_spte_mask(VMX_EPT_RWX_MASK, -+ VMX_EPT_MISCONFIG_WX_VALUE, 0); -+} -+ -+#define VMX_XSS_EXIT_BITMAP 0 -+ -+/* -+ * Noting that the initialization of Guest-state Area of VMCS is in -+ * vmx_vcpu_reset(). -+ */ -+static void init_vmcs(struct vcpu_vmx *vmx) -+{ -+ if (nested) -+ nested_vmx_set_vmcs_shadowing_bitmap(); -+ -+ if (cpu_has_vmx_msr_bitmap()) -+ vmcs_write64(MSR_BITMAP, __pa(vmx->vmcs01.msr_bitmap)); -+ -+ vmcs_write64(VMCS_LINK_POINTER, -1ull); /* 22.3.1.5 */ -+ -+ /* Control */ -+ pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx)); -+ -+ exec_controls_set(vmx, vmx_exec_control(vmx)); -+ -+ if (cpu_has_secondary_exec_ctrls()) { -+ vmx_compute_secondary_exec_control(vmx); -+ secondary_exec_controls_set(vmx, vmx->secondary_exec_control); -+ } -+ -+ if (kvm_vcpu_apicv_active(&vmx->vcpu)) { -+ vmcs_write64(EOI_EXIT_BITMAP0, 0); -+ vmcs_write64(EOI_EXIT_BITMAP1, 0); -+ vmcs_write64(EOI_EXIT_BITMAP2, 0); -+ vmcs_write64(EOI_EXIT_BITMAP3, 0); -+ -+ vmcs_write16(GUEST_INTR_STATUS, 0); -+ -+ vmcs_write16(POSTED_INTR_NV, POSTED_INTR_VECTOR); -+ vmcs_write64(POSTED_INTR_DESC_ADDR, __pa((&vmx->pi_desc))); -+ } -+ -+ if (!kvm_pause_in_guest(vmx->vcpu.kvm)) { -+ vmcs_write32(PLE_GAP, ple_gap); -+ vmx->ple_window = ple_window; -+ vmx->ple_window_dirty = true; -+ } -+ -+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, 0); -+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, 0); -+ vmcs_write32(CR3_TARGET_COUNT, 0); /* 22.2.1 */ -+ -+ vmcs_write16(HOST_FS_SELECTOR, 0); /* 22.2.4 */ -+ vmcs_write16(HOST_GS_SELECTOR, 0); /* 22.2.4 */ -+ vmx_set_constant_host_state(vmx); -+ vmcs_writel(HOST_FS_BASE, 0); /* 22.2.4 */ -+ vmcs_writel(HOST_GS_BASE, 0); /* 22.2.4 */ -+ -+ if (cpu_has_vmx_vmfunc()) -+ vmcs_write64(VM_FUNCTION_CONTROL, 0); -+ -+ vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); -+ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0); -+ vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val)); -+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0); -+ vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val)); -+ -+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) -+ vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat); -+ -+ vm_exit_controls_set(vmx, vmx_vmexit_ctrl()); -+ -+ /* 22.2.1, 20.8.1 */ -+ vm_entry_controls_set(vmx, vmx_vmentry_ctrl()); -+ -+ vmx->vcpu.arch.cr0_guest_owned_bits = X86_CR0_TS; -+ vmcs_writel(CR0_GUEST_HOST_MASK, ~X86_CR0_TS); -+ -+ set_cr4_guest_host_mask(vmx); -+ -+ if (vmx->vpid != 0) -+ vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid); -+ -+ if (vmx_xsaves_supported()) -+ vmcs_write64(XSS_EXIT_BITMAP, VMX_XSS_EXIT_BITMAP); -+ -+ if (enable_pml) { -+ vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg)); -+ vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); -+ } -+ -+ if (cpu_has_vmx_encls_vmexit()) -+ vmcs_write64(ENCLS_EXITING_BITMAP, -1ull); -+ -+ if (pt_mode == PT_MODE_HOST_GUEST) { -+ memset(&vmx->pt_desc, 0, sizeof(vmx->pt_desc)); -+ /* Bit[6~0] are forced to 1, writes are ignored. */ -+ vmx->pt_desc.guest.output_mask = 0x7F; -+ vmcs_write64(GUEST_IA32_RTIT_CTL, 0); -+ } -+} -+ -+static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct msr_data apic_base_msr; -+ u64 cr0; -+ -+ vmx->rmode.vm86_active = 0; -+ vmx->spec_ctrl = 0; -+ -+ vmx->msr_ia32_umwait_control = 0; -+ -+ vcpu->arch.microcode_version = 0x100000000ULL; -+ vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val(); -+ vmx->hv_deadline_tsc = -1; -+ kvm_set_cr8(vcpu, 0); -+ -+ if (!init_event) { -+ apic_base_msr.data = APIC_DEFAULT_PHYS_BASE | -+ MSR_IA32_APICBASE_ENABLE; -+ if (kvm_vcpu_is_reset_bsp(vcpu)) -+ apic_base_msr.data |= MSR_IA32_APICBASE_BSP; -+ apic_base_msr.host_initiated = true; -+ kvm_set_apic_base(vcpu, &apic_base_msr); -+ } -+ -+ vmx_segment_cache_clear(vmx); -+ -+ seg_setup(VCPU_SREG_CS); -+ vmcs_write16(GUEST_CS_SELECTOR, 0xf000); -+ vmcs_writel(GUEST_CS_BASE, 0xffff0000ul); -+ -+ seg_setup(VCPU_SREG_DS); -+ seg_setup(VCPU_SREG_ES); -+ seg_setup(VCPU_SREG_FS); -+ seg_setup(VCPU_SREG_GS); -+ seg_setup(VCPU_SREG_SS); -+ -+ vmcs_write16(GUEST_TR_SELECTOR, 0); -+ vmcs_writel(GUEST_TR_BASE, 0); -+ vmcs_write32(GUEST_TR_LIMIT, 0xffff); -+ vmcs_write32(GUEST_TR_AR_BYTES, 0x008b); -+ -+ vmcs_write16(GUEST_LDTR_SELECTOR, 0); -+ vmcs_writel(GUEST_LDTR_BASE, 0); -+ vmcs_write32(GUEST_LDTR_LIMIT, 0xffff); -+ vmcs_write32(GUEST_LDTR_AR_BYTES, 0x00082); -+ -+ if (!init_event) { -+ vmcs_write32(GUEST_SYSENTER_CS, 0); -+ vmcs_writel(GUEST_SYSENTER_ESP, 0); -+ vmcs_writel(GUEST_SYSENTER_EIP, 0); -+ vmcs_write64(GUEST_IA32_DEBUGCTL, 0); -+ } -+ -+ kvm_set_rflags(vcpu, X86_EFLAGS_FIXED); -+ kvm_rip_write(vcpu, 0xfff0); -+ -+ vmcs_writel(GUEST_GDTR_BASE, 0); -+ vmcs_write32(GUEST_GDTR_LIMIT, 0xffff); -+ -+ vmcs_writel(GUEST_IDTR_BASE, 0); -+ vmcs_write32(GUEST_IDTR_LIMIT, 0xffff); -+ -+ vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE); -+ vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, 0); -+ vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, 0); -+ if (kvm_mpx_supported()) -+ vmcs_write64(GUEST_BNDCFGS, 0); -+ -+ setup_msrs(vmx); -+ -+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */ -+ -+ if (cpu_has_vmx_tpr_shadow() && !init_event) { -+ vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, 0); -+ if (cpu_need_tpr_shadow(vcpu)) -+ vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, -+ __pa(vcpu->arch.apic->regs)); -+ vmcs_write32(TPR_THRESHOLD, 0); -+ } -+ -+ kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); -+ -+ cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET; -+ vmx->vcpu.arch.cr0 = cr0; -+ vmx_set_cr0(vcpu, cr0); /* enter rmode */ -+ vmx_set_cr4(vcpu, 0); -+ vmx_set_efer(vcpu, 0); -+ -+ update_exception_bitmap(vcpu); -+ -+ vpid_sync_context(vmx->vpid); -+ if (init_event) -+ vmx_clear_hlt(vcpu); -+} -+ -+static void enable_irq_window(struct kvm_vcpu *vcpu) -+{ -+ exec_controls_setbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING); -+} -+ -+static void enable_nmi_window(struct kvm_vcpu *vcpu) -+{ -+ if (!enable_vnmi || -+ vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) { -+ enable_irq_window(vcpu); -+ return; -+ } -+ -+ exec_controls_setbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING); -+} -+ -+static void vmx_inject_irq(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ uint32_t intr; -+ int irq = vcpu->arch.interrupt.nr; -+ -+ trace_kvm_inj_virq(irq); -+ -+ ++vcpu->stat.irq_injections; -+ if (vmx->rmode.vm86_active) { -+ int inc_eip = 0; -+ if (vcpu->arch.interrupt.soft) -+ inc_eip = vcpu->arch.event_exit_inst_len; -+ kvm_inject_realmode_interrupt(vcpu, irq, inc_eip); -+ return; -+ } -+ intr = irq | INTR_INFO_VALID_MASK; -+ if (vcpu->arch.interrupt.soft) { -+ intr |= INTR_TYPE_SOFT_INTR; -+ vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, -+ vmx->vcpu.arch.event_exit_inst_len); -+ } else -+ intr |= INTR_TYPE_EXT_INTR; -+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr); -+ -+ vmx_clear_hlt(vcpu); -+} -+ -+static void vmx_inject_nmi(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (!enable_vnmi) { -+ /* -+ * Tracking the NMI-blocked state in software is built upon -+ * finding the next open IRQ window. This, in turn, depends on -+ * well-behaving guests: They have to keep IRQs disabled at -+ * least as long as the NMI handler runs. Otherwise we may -+ * cause NMI nesting, maybe breaking the guest. But as this is -+ * highly unlikely, we can live with the residual risk. -+ */ -+ vmx->loaded_vmcs->soft_vnmi_blocked = 1; -+ vmx->loaded_vmcs->vnmi_blocked_time = 0; -+ } -+ -+ ++vcpu->stat.nmi_injections; -+ vmx->loaded_vmcs->nmi_known_unmasked = false; -+ -+ if (vmx->rmode.vm86_active) { -+ kvm_inject_realmode_interrupt(vcpu, NMI_VECTOR, 0); -+ return; -+ } -+ -+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, -+ INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR); -+ -+ vmx_clear_hlt(vcpu); -+} -+ -+bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ bool masked; -+ -+ if (!enable_vnmi) -+ return vmx->loaded_vmcs->soft_vnmi_blocked; -+ if (vmx->loaded_vmcs->nmi_known_unmasked) -+ return false; -+ masked = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_NMI; -+ vmx->loaded_vmcs->nmi_known_unmasked = !masked; -+ return masked; -+} -+ -+void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (!enable_vnmi) { -+ if (vmx->loaded_vmcs->soft_vnmi_blocked != masked) { -+ vmx->loaded_vmcs->soft_vnmi_blocked = masked; -+ vmx->loaded_vmcs->vnmi_blocked_time = 0; -+ } -+ } else { -+ vmx->loaded_vmcs->nmi_known_unmasked = !masked; -+ if (masked) -+ vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -+ GUEST_INTR_STATE_NMI); -+ else -+ vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO, -+ GUEST_INTR_STATE_NMI); -+ } -+} -+ -+static int vmx_nmi_allowed(struct kvm_vcpu *vcpu) -+{ -+ if (to_vmx(vcpu)->nested.nested_run_pending) -+ return 0; -+ -+ if (!enable_vnmi && -+ to_vmx(vcpu)->loaded_vmcs->soft_vnmi_blocked) -+ return 0; -+ -+ return !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & -+ (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI -+ | GUEST_INTR_STATE_NMI)); -+} -+ -+static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu) -+{ -+ return (!to_vmx(vcpu)->nested.nested_run_pending && -+ vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) && -+ !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & -+ (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS)); -+} -+ -+static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr) -+{ -+ int ret; -+ -+ if (enable_unrestricted_guest) -+ return 0; -+ -+ ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr, -+ PAGE_SIZE * 3); -+ if (ret) -+ return ret; -+ to_kvm_vmx(kvm)->tss_addr = addr; -+ return init_rmode_tss(kvm); -+} -+ -+static int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr) -+{ -+ to_kvm_vmx(kvm)->ept_identity_map_addr = ident_addr; -+ return 0; -+} -+ -+static bool rmode_exception(struct kvm_vcpu *vcpu, int vec) -+{ -+ switch (vec) { -+ case BP_VECTOR: -+ /* -+ * Update instruction length as we may reinject the exception -+ * from user space while in guest debugging mode. -+ */ -+ to_vmx(vcpu)->vcpu.arch.event_exit_inst_len = -+ vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -+ if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) -+ return false; -+ /* fall through */ -+ case DB_VECTOR: -+ if (vcpu->guest_debug & -+ (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) -+ return false; -+ /* fall through */ -+ case DE_VECTOR: -+ case OF_VECTOR: -+ case BR_VECTOR: -+ case UD_VECTOR: -+ case DF_VECTOR: -+ case SS_VECTOR: -+ case GP_VECTOR: -+ case MF_VECTOR: -+ return true; -+ break; -+ } -+ return false; -+} -+ -+static int handle_rmode_exception(struct kvm_vcpu *vcpu, -+ int vec, u32 err_code) -+{ -+ /* -+ * Instruction with address size override prefix opcode 0x67 -+ * Cause the #SS fault with 0 error code in VM86 mode. -+ */ -+ if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) { -+ if (kvm_emulate_instruction(vcpu, 0)) { -+ if (vcpu->arch.halt_request) { -+ vcpu->arch.halt_request = 0; -+ return kvm_vcpu_halt(vcpu); -+ } -+ return 1; -+ } -+ return 0; -+ } -+ -+ /* -+ * Forward all other exceptions that are valid in real mode. -+ * FIXME: Breaks guest debugging in real mode, needs to be fixed with -+ * the required debugging infrastructure rework. -+ */ -+ kvm_queue_exception(vcpu, vec); -+ return 1; -+} -+ -+/* -+ * Trigger machine check on the host. We assume all the MSRs are already set up -+ * by the CPU and that we still run on the same CPU as the MCE occurred on. -+ * We pass a fake environment to the machine check handler because we want -+ * the guest to be always treated like user space, no matter what context -+ * it used internally. -+ */ -+static void kvm_machine_check(void) -+{ -+#if defined(CONFIG_X86_MCE) && defined(CONFIG_X86_64) -+ struct pt_regs regs = { -+ .cs = 3, /* Fake ring 3 no matter what the guest ran on */ -+ .flags = X86_EFLAGS_IF, -+ }; -+ -+ do_machine_check(®s, 0); -+#endif -+} -+ -+static int handle_machine_check(struct kvm_vcpu *vcpu) -+{ -+ /* handled by vmx_vcpu_run() */ -+ return 1; -+} -+ -+static int handle_exception_nmi(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct kvm_run *kvm_run = vcpu->run; -+ u32 intr_info, ex_no, error_code; -+ unsigned long cr2, rip, dr6; -+ u32 vect_info; -+ -+ vect_info = vmx->idt_vectoring_info; -+ intr_info = vmx->exit_intr_info; -+ -+ if (is_machine_check(intr_info) || is_nmi(intr_info)) -+ return 1; /* handled by handle_exception_nmi_irqoff() */ -+ -+ if (is_invalid_opcode(intr_info)) -+ return handle_ud(vcpu); -+ -+ error_code = 0; -+ if (intr_info & INTR_INFO_DELIVER_CODE_MASK) -+ error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE); -+ -+ if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) { -+ WARN_ON_ONCE(!enable_vmware_backdoor); -+ -+ /* -+ * VMware backdoor emulation on #GP interception only handles -+ * IN{S}, OUT{S}, and RDPMC, none of which generate a non-zero -+ * error code on #GP. -+ */ -+ if (error_code) { -+ kvm_queue_exception_e(vcpu, GP_VECTOR, error_code); -+ return 1; -+ } -+ return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP); -+ } -+ -+ /* -+ * The #PF with PFEC.RSVD = 1 indicates the guest is accessing -+ * MMIO, it is better to report an internal error. -+ * See the comments in vmx_handle_exit. -+ */ -+ if ((vect_info & VECTORING_INFO_VALID_MASK) && -+ !(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) { -+ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -+ vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX; -+ vcpu->run->internal.ndata = 3; -+ vcpu->run->internal.data[0] = vect_info; -+ vcpu->run->internal.data[1] = intr_info; -+ vcpu->run->internal.data[2] = error_code; -+ return 0; -+ } -+ -+ if (is_page_fault(intr_info)) { -+ cr2 = vmcs_readl(EXIT_QUALIFICATION); -+ /* EPT won't cause page fault directly */ -+ WARN_ON_ONCE(!vcpu->arch.apf.host_apf_reason && enable_ept); -+ return kvm_handle_page_fault(vcpu, error_code, cr2, NULL, 0); -+ } -+ -+ ex_no = intr_info & INTR_INFO_VECTOR_MASK; -+ -+ if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no)) -+ return handle_rmode_exception(vcpu, ex_no, error_code); -+ -+ switch (ex_no) { -+ case AC_VECTOR: -+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); -+ return 1; -+ case DB_VECTOR: -+ dr6 = vmcs_readl(EXIT_QUALIFICATION); -+ if (!(vcpu->guest_debug & -+ (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) { -+ vcpu->arch.dr6 &= ~DR_TRAP_BITS; -+ vcpu->arch.dr6 |= dr6 | DR6_RTM; -+ if (is_icebp(intr_info)) -+ WARN_ON(!skip_emulated_instruction(vcpu)); -+ -+ kvm_queue_exception(vcpu, DB_VECTOR); -+ return 1; -+ } -+ kvm_run->debug.arch.dr6 = dr6 | DR6_FIXED_1; -+ kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7); -+ /* fall through */ -+ case BP_VECTOR: -+ /* -+ * Update instruction length as we may reinject #BP from -+ * user space while in guest debugging mode. Reading it for -+ * #DB as well causes no harm, it is not used in that case. -+ */ -+ vmx->vcpu.arch.event_exit_inst_len = -+ vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -+ kvm_run->exit_reason = KVM_EXIT_DEBUG; -+ rip = kvm_rip_read(vcpu); -+ kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip; -+ kvm_run->debug.arch.exception = ex_no; -+ break; -+ default: -+ kvm_run->exit_reason = KVM_EXIT_EXCEPTION; -+ kvm_run->ex.exception = ex_no; -+ kvm_run->ex.error_code = error_code; -+ break; -+ } -+ return 0; -+} -+ -+static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu) -+{ -+ ++vcpu->stat.irq_exits; -+ return 1; -+} -+ -+static int handle_triple_fault(struct kvm_vcpu *vcpu) -+{ -+ vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN; -+ vcpu->mmio_needed = 0; -+ return 0; -+} -+ -+static int handle_io(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification; -+ int size, in, string; -+ unsigned port; -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ string = (exit_qualification & 16) != 0; -+ -+ ++vcpu->stat.io_exits; -+ -+ if (string) -+ return kvm_emulate_instruction(vcpu, 0); -+ -+ port = exit_qualification >> 16; -+ size = (exit_qualification & 7) + 1; -+ in = (exit_qualification & 8) != 0; -+ -+ return kvm_fast_pio(vcpu, size, port, in); -+} -+ -+static void -+vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall) -+{ -+ /* -+ * Patch in the VMCALL instruction: -+ */ -+ hypercall[0] = 0x0f; -+ hypercall[1] = 0x01; -+ hypercall[2] = 0xc1; -+} -+ -+/* called to set cr0 as appropriate for a mov-to-cr0 exit. */ -+static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val) -+{ -+ if (is_guest_mode(vcpu)) { -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ unsigned long orig_val = val; -+ -+ /* -+ * We get here when L2 changed cr0 in a way that did not change -+ * any of L1's shadowed bits (see nested_vmx_exit_handled_cr), -+ * but did change L0 shadowed bits. So we first calculate the -+ * effective cr0 value that L1 would like to write into the -+ * hardware. It consists of the L2-owned bits from the new -+ * value combined with the L1-owned bits from L1's guest_cr0. -+ */ -+ val = (val & ~vmcs12->cr0_guest_host_mask) | -+ (vmcs12->guest_cr0 & vmcs12->cr0_guest_host_mask); -+ -+ if (!nested_guest_cr0_valid(vcpu, val)) -+ return 1; -+ -+ if (kvm_set_cr0(vcpu, val)) -+ return 1; -+ vmcs_writel(CR0_READ_SHADOW, orig_val); -+ return 0; -+ } else { -+ if (to_vmx(vcpu)->nested.vmxon && -+ !nested_host_cr0_valid(vcpu, val)) -+ return 1; -+ -+ return kvm_set_cr0(vcpu, val); -+ } -+} -+ -+static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val) -+{ -+ if (is_guest_mode(vcpu)) { -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ unsigned long orig_val = val; -+ -+ /* analogously to handle_set_cr0 */ -+ val = (val & ~vmcs12->cr4_guest_host_mask) | -+ (vmcs12->guest_cr4 & vmcs12->cr4_guest_host_mask); -+ if (kvm_set_cr4(vcpu, val)) -+ return 1; -+ vmcs_writel(CR4_READ_SHADOW, orig_val); -+ return 0; -+ } else -+ return kvm_set_cr4(vcpu, val); -+} -+ -+static int handle_desc(struct kvm_vcpu *vcpu) -+{ -+ WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP)); -+ return kvm_emulate_instruction(vcpu, 0); -+} -+ -+static int handle_cr(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification, val; -+ int cr; -+ int reg; -+ int err; -+ int ret; -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ cr = exit_qualification & 15; -+ reg = (exit_qualification >> 8) & 15; -+ switch ((exit_qualification >> 4) & 3) { -+ case 0: /* mov to cr */ -+ val = kvm_register_readl(vcpu, reg); -+ trace_kvm_cr_write(cr, val); -+ switch (cr) { -+ case 0: -+ err = handle_set_cr0(vcpu, val); -+ return kvm_complete_insn_gp(vcpu, err); -+ case 3: -+ WARN_ON_ONCE(enable_unrestricted_guest); -+ err = kvm_set_cr3(vcpu, val); -+ return kvm_complete_insn_gp(vcpu, err); -+ case 4: -+ err = handle_set_cr4(vcpu, val); -+ return kvm_complete_insn_gp(vcpu, err); -+ case 8: { -+ u8 cr8_prev = kvm_get_cr8(vcpu); -+ u8 cr8 = (u8)val; -+ err = kvm_set_cr8(vcpu, cr8); -+ ret = kvm_complete_insn_gp(vcpu, err); -+ if (lapic_in_kernel(vcpu)) -+ return ret; -+ if (cr8_prev <= cr8) -+ return ret; -+ /* -+ * TODO: we might be squashing a -+ * KVM_GUESTDBG_SINGLESTEP-triggered -+ * KVM_EXIT_DEBUG here. -+ */ -+ vcpu->run->exit_reason = KVM_EXIT_SET_TPR; -+ return 0; -+ } -+ } -+ break; -+ case 2: /* clts */ -+ WARN_ONCE(1, "Guest should always own CR0.TS"); -+ vmx_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~X86_CR0_TS)); -+ trace_kvm_cr_write(0, kvm_read_cr0(vcpu)); -+ return kvm_skip_emulated_instruction(vcpu); -+ case 1: /*mov from cr*/ -+ switch (cr) { -+ case 3: -+ WARN_ON_ONCE(enable_unrestricted_guest); -+ val = kvm_read_cr3(vcpu); -+ kvm_register_write(vcpu, reg, val); -+ trace_kvm_cr_read(cr, val); -+ return kvm_skip_emulated_instruction(vcpu); -+ case 8: -+ val = kvm_get_cr8(vcpu); -+ kvm_register_write(vcpu, reg, val); -+ trace_kvm_cr_read(cr, val); -+ return kvm_skip_emulated_instruction(vcpu); -+ } -+ break; -+ case 3: /* lmsw */ -+ val = (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f; -+ trace_kvm_cr_write(0, (kvm_read_cr0(vcpu) & ~0xful) | val); -+ kvm_lmsw(vcpu, val); -+ -+ return kvm_skip_emulated_instruction(vcpu); -+ default: -+ break; -+ } -+ vcpu->run->exit_reason = 0; -+ vcpu_unimpl(vcpu, "unhandled control register: op %d cr %d\n", -+ (int)(exit_qualification >> 4) & 3, cr); -+ return 0; -+} -+ -+static int handle_dr(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification; -+ int dr, dr7, reg; -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ dr = exit_qualification & DEBUG_REG_ACCESS_NUM; -+ -+ /* First, if DR does not exist, trigger UD */ -+ if (!kvm_require_dr(vcpu, dr)) -+ return 1; -+ -+ /* Do not handle if the CPL > 0, will trigger GP on re-entry */ -+ if (!kvm_require_cpl(vcpu, 0)) -+ return 1; -+ dr7 = vmcs_readl(GUEST_DR7); -+ if (dr7 & DR7_GD) { -+ /* -+ * As the vm-exit takes precedence over the debug trap, we -+ * need to emulate the latter, either for the host or the -+ * guest debugging itself. -+ */ -+ if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) { -+ vcpu->run->debug.arch.dr6 = vcpu->arch.dr6; -+ vcpu->run->debug.arch.dr7 = dr7; -+ vcpu->run->debug.arch.pc = kvm_get_linear_rip(vcpu); -+ vcpu->run->debug.arch.exception = DB_VECTOR; -+ vcpu->run->exit_reason = KVM_EXIT_DEBUG; -+ return 0; -+ } else { -+ vcpu->arch.dr6 &= ~DR_TRAP_BITS; -+ vcpu->arch.dr6 |= DR6_BD | DR6_RTM; -+ kvm_queue_exception(vcpu, DB_VECTOR); -+ return 1; -+ } -+ } -+ -+ if (vcpu->guest_debug == 0) { -+ exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING); -+ -+ /* -+ * No more DR vmexits; force a reload of the debug registers -+ * and reenter on this instruction. The next vmexit will -+ * retrieve the full state of the debug registers. -+ */ -+ vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT; -+ return 1; -+ } -+ -+ reg = DEBUG_REG_ACCESS_REG(exit_qualification); -+ if (exit_qualification & TYPE_MOV_FROM_DR) { -+ unsigned long val; -+ -+ if (kvm_get_dr(vcpu, dr, &val)) -+ return 1; -+ kvm_register_write(vcpu, reg, val); -+ } else -+ if (kvm_set_dr(vcpu, dr, kvm_register_readl(vcpu, reg))) -+ return 1; -+ -+ return kvm_skip_emulated_instruction(vcpu); -+} -+ -+static u64 vmx_get_dr6(struct kvm_vcpu *vcpu) -+{ -+ return vcpu->arch.dr6; -+} -+ -+static void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) -+{ -+} -+ -+static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) -+{ -+ get_debugreg(vcpu->arch.db[0], 0); -+ get_debugreg(vcpu->arch.db[1], 1); -+ get_debugreg(vcpu->arch.db[2], 2); -+ get_debugreg(vcpu->arch.db[3], 3); -+ get_debugreg(vcpu->arch.dr6, 6); -+ vcpu->arch.dr7 = vmcs_readl(GUEST_DR7); -+ -+ vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT; -+ exec_controls_setbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING); -+} -+ -+static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) -+{ -+ vmcs_writel(GUEST_DR7, val); -+} -+ -+static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu) -+{ -+ kvm_apic_update_ppr(vcpu); -+ return 1; -+} -+ -+static int handle_interrupt_window(struct kvm_vcpu *vcpu) -+{ -+ exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING); -+ -+ kvm_make_request(KVM_REQ_EVENT, vcpu); -+ -+ ++vcpu->stat.irq_window_exits; -+ return 1; -+} -+ -+static int handle_vmcall(struct kvm_vcpu *vcpu) -+{ -+ return kvm_emulate_hypercall(vcpu); -+} -+ -+static int handle_invd(struct kvm_vcpu *vcpu) -+{ -+ return kvm_emulate_instruction(vcpu, 0); -+} -+ -+static int handle_invlpg(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ -+ kvm_mmu_invlpg(vcpu, exit_qualification); -+ return kvm_skip_emulated_instruction(vcpu); -+} -+ -+static int handle_rdpmc(struct kvm_vcpu *vcpu) -+{ -+ int err; -+ -+ err = kvm_rdpmc(vcpu); -+ return kvm_complete_insn_gp(vcpu, err); -+} -+ -+static int handle_wbinvd(struct kvm_vcpu *vcpu) -+{ -+ return kvm_emulate_wbinvd(vcpu); -+} -+ -+static int handle_xsetbv(struct kvm_vcpu *vcpu) -+{ -+ u64 new_bv = kvm_read_edx_eax(vcpu); -+ u32 index = kvm_rcx_read(vcpu); -+ -+ if (kvm_set_xcr(vcpu, index, new_bv) == 0) -+ return kvm_skip_emulated_instruction(vcpu); -+ return 1; -+} -+ -+static int handle_apic_access(struct kvm_vcpu *vcpu) -+{ -+ if (likely(fasteoi)) { -+ unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ int access_type, offset; -+ -+ access_type = exit_qualification & APIC_ACCESS_TYPE; -+ offset = exit_qualification & APIC_ACCESS_OFFSET; -+ /* -+ * Sane guest uses MOV to write EOI, with written value -+ * not cared. So make a short-circuit here by avoiding -+ * heavy instruction emulation. -+ */ -+ if ((access_type == TYPE_LINEAR_APIC_INST_WRITE) && -+ (offset == APIC_EOI)) { -+ kvm_lapic_set_eoi(vcpu); -+ return kvm_skip_emulated_instruction(vcpu); -+ } -+ } -+ return kvm_emulate_instruction(vcpu, 0); -+} -+ -+static int handle_apic_eoi_induced(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ int vector = exit_qualification & 0xff; -+ -+ /* EOI-induced VM exit is trap-like and thus no need to adjust IP */ -+ kvm_apic_set_eoi_accelerated(vcpu, vector); -+ return 1; -+} -+ -+static int handle_apic_write(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ u32 offset = exit_qualification & 0xfff; -+ -+ /* APIC-write VM exit is trap-like and thus no need to adjust IP */ -+ kvm_apic_write_nodecode(vcpu, offset); -+ return 1; -+} -+ -+static int handle_task_switch(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long exit_qualification; -+ bool has_error_code = false; -+ u32 error_code = 0; -+ u16 tss_selector; -+ int reason, type, idt_v, idt_index; -+ -+ idt_v = (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK); -+ idt_index = (vmx->idt_vectoring_info & VECTORING_INFO_VECTOR_MASK); -+ type = (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK); -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ -+ reason = (u32)exit_qualification >> 30; -+ if (reason == TASK_SWITCH_GATE && idt_v) { -+ switch (type) { -+ case INTR_TYPE_NMI_INTR: -+ vcpu->arch.nmi_injected = false; -+ vmx_set_nmi_mask(vcpu, true); -+ break; -+ case INTR_TYPE_EXT_INTR: -+ case INTR_TYPE_SOFT_INTR: -+ kvm_clear_interrupt_queue(vcpu); -+ break; -+ case INTR_TYPE_HARD_EXCEPTION: -+ if (vmx->idt_vectoring_info & -+ VECTORING_INFO_DELIVER_CODE_MASK) { -+ has_error_code = true; -+ error_code = -+ vmcs_read32(IDT_VECTORING_ERROR_CODE); -+ } -+ /* fall through */ -+ case INTR_TYPE_SOFT_EXCEPTION: -+ kvm_clear_exception_queue(vcpu); -+ break; -+ default: -+ break; -+ } -+ } -+ tss_selector = exit_qualification; -+ -+ if (!idt_v || (type != INTR_TYPE_HARD_EXCEPTION && -+ type != INTR_TYPE_EXT_INTR && -+ type != INTR_TYPE_NMI_INTR)) -+ WARN_ON(!skip_emulated_instruction(vcpu)); -+ -+ /* -+ * TODO: What about debug traps on tss switch? -+ * Are we supposed to inject them and update dr6? -+ */ -+ return kvm_task_switch(vcpu, tss_selector, -+ type == INTR_TYPE_SOFT_INTR ? idt_index : -1, -+ reason, has_error_code, error_code); -+} -+ -+static int handle_ept_violation(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification; -+ gpa_t gpa; -+ u64 error_code; -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ -+ /* -+ * EPT violation happened while executing iret from NMI, -+ * "blocked by NMI" bit has to be set before next VM entry. -+ * There are errata that may cause this bit to not be set: -+ * AAK134, BY25. -+ */ -+ if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) && -+ enable_vnmi && -+ (exit_qualification & INTR_INFO_UNBLOCK_NMI)) -+ vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI); -+ -+ gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); -+ trace_kvm_page_fault(gpa, exit_qualification); -+ -+ /* Is it a read fault? */ -+ error_code = (exit_qualification & EPT_VIOLATION_ACC_READ) -+ ? PFERR_USER_MASK : 0; -+ /* Is it a write fault? */ -+ error_code |= (exit_qualification & EPT_VIOLATION_ACC_WRITE) -+ ? PFERR_WRITE_MASK : 0; -+ /* Is it a fetch fault? */ -+ error_code |= (exit_qualification & EPT_VIOLATION_ACC_INSTR) -+ ? PFERR_FETCH_MASK : 0; -+ /* ept page table entry is present? */ -+ error_code |= (exit_qualification & -+ (EPT_VIOLATION_READABLE | EPT_VIOLATION_WRITABLE | -+ EPT_VIOLATION_EXECUTABLE)) -+ ? PFERR_PRESENT_MASK : 0; -+ -+ error_code |= (exit_qualification & 0x100) != 0 ? -+ PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; -+ -+ vcpu->arch.exit_qualification = exit_qualification; -+ return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0); -+} -+ -+static int handle_ept_misconfig(struct kvm_vcpu *vcpu) -+{ -+ gpa_t gpa; -+ -+ /* -+ * A nested guest cannot optimize MMIO vmexits, because we have an -+ * nGPA here instead of the required GPA. -+ */ -+ gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); -+ if (!is_guest_mode(vcpu) && -+ !kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) { -+ trace_kvm_fast_mmio(gpa); -+ return kvm_skip_emulated_instruction(vcpu); -+ } -+ -+ return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0); -+} -+ -+static int handle_nmi_window(struct kvm_vcpu *vcpu) -+{ -+ WARN_ON_ONCE(!enable_vnmi); -+ exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING); -+ ++vcpu->stat.nmi_window_exits; -+ kvm_make_request(KVM_REQ_EVENT, vcpu); -+ -+ return 1; -+} -+ -+static int handle_invalid_guest_state(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ bool intr_window_requested; -+ unsigned count = 130; -+ -+ /* -+ * We should never reach the point where we are emulating L2 -+ * due to invalid guest state as that means we incorrectly -+ * allowed a nested VMEntry with an invalid vmcs12. -+ */ -+ WARN_ON_ONCE(vmx->emulation_required && vmx->nested.nested_run_pending); -+ -+ intr_window_requested = exec_controls_get(vmx) & -+ CPU_BASED_INTR_WINDOW_EXITING; -+ -+ while (vmx->emulation_required && count-- != 0) { -+ if (intr_window_requested && vmx_interrupt_allowed(vcpu)) -+ return handle_interrupt_window(&vmx->vcpu); -+ -+ if (kvm_test_request(KVM_REQ_EVENT, vcpu)) -+ return 1; -+ -+ if (!kvm_emulate_instruction(vcpu, 0)) -+ return 0; -+ -+ if (vmx->emulation_required && !vmx->rmode.vm86_active && -+ vcpu->arch.exception.pending) { -+ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -+ vcpu->run->internal.suberror = -+ KVM_INTERNAL_ERROR_EMULATION; -+ vcpu->run->internal.ndata = 0; -+ return 0; -+ } -+ -+ if (vcpu->arch.halt_request) { -+ vcpu->arch.halt_request = 0; -+ return kvm_vcpu_halt(vcpu); -+ } -+ -+ /* -+ * Note, return 1 and not 0, vcpu_run() is responsible for -+ * morphing the pending signal into the proper return code. -+ */ -+ if (signal_pending(current)) -+ return 1; -+ -+ if (need_resched()) -+ schedule(); -+ } -+ -+ return 1; -+} -+ -+static void grow_ple_window(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned int old = vmx->ple_window; -+ -+ vmx->ple_window = __grow_ple_window(old, ple_window, -+ ple_window_grow, -+ ple_window_max); -+ -+ if (vmx->ple_window != old) { -+ vmx->ple_window_dirty = true; -+ trace_kvm_ple_window_update(vcpu->vcpu_id, -+ vmx->ple_window, old); -+ } -+} -+ -+static void shrink_ple_window(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned int old = vmx->ple_window; -+ -+ vmx->ple_window = __shrink_ple_window(old, ple_window, -+ ple_window_shrink, -+ ple_window); -+ -+ if (vmx->ple_window != old) { -+ vmx->ple_window_dirty = true; -+ trace_kvm_ple_window_update(vcpu->vcpu_id, -+ vmx->ple_window, old); -+ } -+} -+ -+/* -+ * Handler for POSTED_INTERRUPT_WAKEUP_VECTOR. -+ */ -+static void wakeup_handler(void) -+{ -+ struct kvm_vcpu *vcpu; -+ int cpu = smp_processor_id(); -+ -+ spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); -+ list_for_each_entry(vcpu, &per_cpu(blocked_vcpu_on_cpu, cpu), -+ blocked_vcpu_list) { -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ -+ if (pi_test_on(pi_desc) == 1) -+ kvm_vcpu_kick(vcpu); -+ } -+ spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); -+} -+ -+static void vmx_enable_tdp(void) -+{ -+ kvm_mmu_set_mask_ptes(VMX_EPT_READABLE_MASK, -+ enable_ept_ad_bits ? VMX_EPT_ACCESS_BIT : 0ull, -+ enable_ept_ad_bits ? VMX_EPT_DIRTY_BIT : 0ull, -+ 0ull, VMX_EPT_EXECUTABLE_MASK, -+ cpu_has_vmx_ept_execute_only() ? 0ull : VMX_EPT_READABLE_MASK, -+ VMX_EPT_RWX_MASK, 0ull); -+ -+ ept_set_mmio_spte_mask(); -+ kvm_enable_tdp(); -+} -+ -+/* -+ * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE -+ * exiting, so only get here on cpu with PAUSE-Loop-Exiting. -+ */ -+static int handle_pause(struct kvm_vcpu *vcpu) -+{ -+ if (!kvm_pause_in_guest(vcpu->kvm)) -+ grow_ple_window(vcpu); -+ -+ /* -+ * Intel sdm vol3 ch-25.1.3 says: The "PAUSE-loop exiting" -+ * VM-execution control is ignored if CPL > 0. OTOH, KVM -+ * never set PAUSE_EXITING and just set PLE if supported, -+ * so the vcpu must be CPL=0 if it gets a PAUSE exit. -+ */ -+ kvm_vcpu_on_spin(vcpu, true); -+ return kvm_skip_emulated_instruction(vcpu); -+} -+ -+static int handle_nop(struct kvm_vcpu *vcpu) -+{ -+ return kvm_skip_emulated_instruction(vcpu); -+} -+ -+static int handle_mwait(struct kvm_vcpu *vcpu) -+{ -+ printk_once(KERN_WARNING "kvm: MWAIT instruction emulated as NOP!\n"); -+ return handle_nop(vcpu); -+} -+ -+static int handle_invalid_op(struct kvm_vcpu *vcpu) -+{ -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+} -+ -+static int handle_monitor_trap(struct kvm_vcpu *vcpu) -+{ -+ return 1; -+} -+ -+static int handle_monitor(struct kvm_vcpu *vcpu) -+{ -+ printk_once(KERN_WARNING "kvm: MONITOR instruction emulated as NOP!\n"); -+ return handle_nop(vcpu); -+} -+ -+static int handle_invpcid(struct kvm_vcpu *vcpu) -+{ -+ u32 vmx_instruction_info; -+ unsigned long type; -+ bool pcid_enabled; -+ gva_t gva; -+ struct x86_exception e; -+ unsigned i; -+ unsigned long roots_to_free = 0; -+ struct { -+ u64 pcid; -+ u64 gla; -+ } operand; -+ -+ if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) { -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+ } -+ -+ vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); -+ type = kvm_register_readl(vcpu, (vmx_instruction_info >> 28) & 0xf); -+ -+ if (type > 3) { -+ kvm_inject_gp(vcpu, 0); -+ return 1; -+ } -+ -+ /* According to the Intel instruction reference, the memory operand -+ * is read even if it isn't needed (e.g., for type==all) -+ */ -+ if (get_vmx_mem_address(vcpu, vmcs_readl(EXIT_QUALIFICATION), -+ vmx_instruction_info, false, -+ sizeof(operand), &gva)) -+ return 1; -+ -+ if (kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e)) { -+ kvm_inject_page_fault(vcpu, &e); -+ return 1; -+ } -+ -+ if (operand.pcid >> 12 != 0) { -+ kvm_inject_gp(vcpu, 0); -+ return 1; -+ } -+ -+ pcid_enabled = kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE); -+ -+ switch (type) { -+ case INVPCID_TYPE_INDIV_ADDR: -+ if ((!pcid_enabled && (operand.pcid != 0)) || -+ is_noncanonical_address(operand.gla, vcpu)) { -+ kvm_inject_gp(vcpu, 0); -+ return 1; -+ } -+ kvm_mmu_invpcid_gva(vcpu, operand.gla, operand.pcid); -+ return kvm_skip_emulated_instruction(vcpu); -+ -+ case INVPCID_TYPE_SINGLE_CTXT: -+ if (!pcid_enabled && (operand.pcid != 0)) { -+ kvm_inject_gp(vcpu, 0); -+ return 1; -+ } -+ -+ if (kvm_get_active_pcid(vcpu) == operand.pcid) { -+ kvm_mmu_sync_roots(vcpu); -+ kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -+ } -+ -+ for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) -+ if (kvm_get_pcid(vcpu, vcpu->arch.mmu->prev_roots[i].cr3) -+ == operand.pcid) -+ roots_to_free |= KVM_MMU_ROOT_PREVIOUS(i); -+ -+ kvm_mmu_free_roots(vcpu, vcpu->arch.mmu, roots_to_free); -+ /* -+ * If neither the current cr3 nor any of the prev_roots use the -+ * given PCID, then nothing needs to be done here because a -+ * resync will happen anyway before switching to any other CR3. -+ */ -+ -+ return kvm_skip_emulated_instruction(vcpu); -+ -+ case INVPCID_TYPE_ALL_NON_GLOBAL: -+ /* -+ * Currently, KVM doesn't mark global entries in the shadow -+ * page tables, so a non-global flush just degenerates to a -+ * global flush. If needed, we could optimize this later by -+ * keeping track of global entries in shadow page tables. -+ */ -+ -+ /* fall-through */ -+ case INVPCID_TYPE_ALL_INCL_GLOBAL: -+ kvm_mmu_unload(vcpu); -+ return kvm_skip_emulated_instruction(vcpu); -+ -+ default: -+ BUG(); /* We have already checked above that type <= 3 */ -+ } -+} -+ -+static int handle_pml_full(struct kvm_vcpu *vcpu) -+{ -+ unsigned long exit_qualification; -+ -+ trace_kvm_pml_full(vcpu->vcpu_id); -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ -+ /* -+ * PML buffer FULL happened while executing iret from NMI, -+ * "blocked by NMI" bit has to be set before next VM entry. -+ */ -+ if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) && -+ enable_vnmi && -+ (exit_qualification & INTR_INFO_UNBLOCK_NMI)) -+ vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -+ GUEST_INTR_STATE_NMI); -+ -+ /* -+ * PML buffer already flushed at beginning of VMEXIT. Nothing to do -+ * here.., and there's no userspace involvement needed for PML. -+ */ -+ return 1; -+} -+ -+static int handle_preemption_timer(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (!vmx->req_immediate_exit && -+ !unlikely(vmx->loaded_vmcs->hv_timer_soft_disabled)) -+ kvm_lapic_expired_hv_timer(vcpu); -+ -+ return 1; -+} -+ -+/* -+ * When nested=0, all VMX instruction VM Exits filter here. The handlers -+ * are overwritten by nested_vmx_setup() when nested=1. -+ */ -+static int handle_vmx_instruction(struct kvm_vcpu *vcpu) -+{ -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+} -+ -+static int handle_encls(struct kvm_vcpu *vcpu) -+{ -+ /* -+ * SGX virtualization is not yet supported. There is no software -+ * enable bit for SGX, so we have to trap ENCLS and inject a #UD -+ * to prevent the guest from executing ENCLS. -+ */ -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+} -+ -+/* -+ * The exit handlers return 1 if the exit was handled fully and guest execution -+ * may resume. Otherwise they set the kvm_run parameter to indicate what needs -+ * to be done to userspace and return 0. -+ */ -+static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { -+ [EXIT_REASON_EXCEPTION_NMI] = handle_exception_nmi, -+ [EXIT_REASON_EXTERNAL_INTERRUPT] = handle_external_interrupt, -+ [EXIT_REASON_TRIPLE_FAULT] = handle_triple_fault, -+ [EXIT_REASON_NMI_WINDOW] = handle_nmi_window, -+ [EXIT_REASON_IO_INSTRUCTION] = handle_io, -+ [EXIT_REASON_CR_ACCESS] = handle_cr, -+ [EXIT_REASON_DR_ACCESS] = handle_dr, -+ [EXIT_REASON_CPUID] = kvm_emulate_cpuid, -+ [EXIT_REASON_MSR_READ] = kvm_emulate_rdmsr, -+ [EXIT_REASON_MSR_WRITE] = kvm_emulate_wrmsr, -+ [EXIT_REASON_INTERRUPT_WINDOW] = handle_interrupt_window, -+ [EXIT_REASON_HLT] = kvm_emulate_halt, -+ [EXIT_REASON_INVD] = handle_invd, -+ [EXIT_REASON_INVLPG] = handle_invlpg, -+ [EXIT_REASON_RDPMC] = handle_rdpmc, -+ [EXIT_REASON_VMCALL] = handle_vmcall, -+ [EXIT_REASON_VMCLEAR] = handle_vmx_instruction, -+ [EXIT_REASON_VMLAUNCH] = handle_vmx_instruction, -+ [EXIT_REASON_VMPTRLD] = handle_vmx_instruction, -+ [EXIT_REASON_VMPTRST] = handle_vmx_instruction, -+ [EXIT_REASON_VMREAD] = handle_vmx_instruction, -+ [EXIT_REASON_VMRESUME] = handle_vmx_instruction, -+ [EXIT_REASON_VMWRITE] = handle_vmx_instruction, -+ [EXIT_REASON_VMOFF] = handle_vmx_instruction, -+ [EXIT_REASON_VMON] = handle_vmx_instruction, -+ [EXIT_REASON_TPR_BELOW_THRESHOLD] = handle_tpr_below_threshold, -+ [EXIT_REASON_APIC_ACCESS] = handle_apic_access, -+ [EXIT_REASON_APIC_WRITE] = handle_apic_write, -+ [EXIT_REASON_EOI_INDUCED] = handle_apic_eoi_induced, -+ [EXIT_REASON_WBINVD] = handle_wbinvd, -+ [EXIT_REASON_XSETBV] = handle_xsetbv, -+ [EXIT_REASON_TASK_SWITCH] = handle_task_switch, -+ [EXIT_REASON_MCE_DURING_VMENTRY] = handle_machine_check, -+ [EXIT_REASON_GDTR_IDTR] = handle_desc, -+ [EXIT_REASON_LDTR_TR] = handle_desc, -+ [EXIT_REASON_EPT_VIOLATION] = handle_ept_violation, -+ [EXIT_REASON_EPT_MISCONFIG] = handle_ept_misconfig, -+ [EXIT_REASON_PAUSE_INSTRUCTION] = handle_pause, -+ [EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait, -+ [EXIT_REASON_MONITOR_TRAP_FLAG] = handle_monitor_trap, -+ [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, -+ [EXIT_REASON_INVEPT] = handle_vmx_instruction, -+ [EXIT_REASON_INVVPID] = handle_vmx_instruction, -+ [EXIT_REASON_RDRAND] = handle_invalid_op, -+ [EXIT_REASON_RDSEED] = handle_invalid_op, -+ [EXIT_REASON_PML_FULL] = handle_pml_full, -+ [EXIT_REASON_INVPCID] = handle_invpcid, -+ [EXIT_REASON_VMFUNC] = handle_vmx_instruction, -+ [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer, -+ [EXIT_REASON_ENCLS] = handle_encls, -+}; -+ -+static const int kvm_vmx_max_exit_handlers = -+ ARRAY_SIZE(kvm_vmx_exit_handlers); -+ -+static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2) -+{ -+ *info1 = vmcs_readl(EXIT_QUALIFICATION); -+ *info2 = vmcs_read32(VM_EXIT_INTR_INFO); -+} -+ -+static void vmx_destroy_pml_buffer(struct vcpu_vmx *vmx) -+{ -+ if (vmx->pml_pg) { -+ __free_page(vmx->pml_pg); -+ vmx->pml_pg = NULL; -+ } -+} -+ -+static void vmx_flush_pml_buffer(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ u64 *pml_buf; -+ u16 pml_idx; -+ -+ pml_idx = vmcs_read16(GUEST_PML_INDEX); -+ -+ /* Do nothing if PML buffer is empty */ -+ if (pml_idx == (PML_ENTITY_NUM - 1)) -+ return; -+ -+ /* PML index always points to next available PML buffer entity */ -+ if (pml_idx >= PML_ENTITY_NUM) -+ pml_idx = 0; -+ else -+ pml_idx++; -+ -+ pml_buf = page_address(vmx->pml_pg); -+ for (; pml_idx < PML_ENTITY_NUM; pml_idx++) { -+ u64 gpa; -+ -+ gpa = pml_buf[pml_idx]; -+ WARN_ON(gpa & (PAGE_SIZE - 1)); -+ kvm_vcpu_mark_page_dirty(vcpu, gpa >> PAGE_SHIFT); -+ } -+ -+ /* reset PML index */ -+ vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); -+} -+ -+/* -+ * Flush all vcpus' PML buffer and update logged GPAs to dirty_bitmap. -+ * Called before reporting dirty_bitmap to userspace. -+ */ -+static void kvm_flush_pml_buffers(struct kvm *kvm) -+{ -+ int i; -+ struct kvm_vcpu *vcpu; -+ /* -+ * We only need to kick vcpu out of guest mode here, as PML buffer -+ * is flushed at beginning of all VMEXITs, and it's obvious that only -+ * vcpus running in guest are possible to have unflushed GPAs in PML -+ * buffer. -+ */ -+ kvm_for_each_vcpu(i, vcpu, kvm) -+ kvm_vcpu_kick(vcpu); -+} -+ -+static void vmx_dump_sel(char *name, uint32_t sel) -+{ -+ pr_err("%s sel=0x%04x, attr=0x%05x, limit=0x%08x, base=0x%016lx\n", -+ name, vmcs_read16(sel), -+ vmcs_read32(sel + GUEST_ES_AR_BYTES - GUEST_ES_SELECTOR), -+ vmcs_read32(sel + GUEST_ES_LIMIT - GUEST_ES_SELECTOR), -+ vmcs_readl(sel + GUEST_ES_BASE - GUEST_ES_SELECTOR)); -+} -+ -+static void vmx_dump_dtsel(char *name, uint32_t limit) -+{ -+ pr_err("%s limit=0x%08x, base=0x%016lx\n", -+ name, vmcs_read32(limit), -+ vmcs_readl(limit + GUEST_GDTR_BASE - GUEST_GDTR_LIMIT)); -+} -+ -+void dump_vmcs(void) -+{ -+ u32 vmentry_ctl, vmexit_ctl; -+ u32 cpu_based_exec_ctrl, pin_based_exec_ctrl, secondary_exec_control; -+ unsigned long cr4; -+ u64 efer; -+ int i, n; -+ -+ if (!dump_invalid_vmcs) { -+ pr_warn_ratelimited("set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.\n"); -+ return; -+ } -+ -+ vmentry_ctl = vmcs_read32(VM_ENTRY_CONTROLS); -+ vmexit_ctl = vmcs_read32(VM_EXIT_CONTROLS); -+ cpu_based_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); -+ pin_based_exec_ctrl = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL); -+ cr4 = vmcs_readl(GUEST_CR4); -+ efer = vmcs_read64(GUEST_IA32_EFER); -+ secondary_exec_control = 0; -+ if (cpu_has_secondary_exec_ctrls()) -+ secondary_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL); -+ -+ pr_err("*** Guest State ***\n"); -+ pr_err("CR0: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n", -+ vmcs_readl(GUEST_CR0), vmcs_readl(CR0_READ_SHADOW), -+ vmcs_readl(CR0_GUEST_HOST_MASK)); -+ pr_err("CR4: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n", -+ cr4, vmcs_readl(CR4_READ_SHADOW), vmcs_readl(CR4_GUEST_HOST_MASK)); -+ pr_err("CR3 = 0x%016lx\n", vmcs_readl(GUEST_CR3)); -+ if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) && -+ (cr4 & X86_CR4_PAE) && !(efer & EFER_LMA)) -+ { -+ pr_err("PDPTR0 = 0x%016llx PDPTR1 = 0x%016llx\n", -+ vmcs_read64(GUEST_PDPTR0), vmcs_read64(GUEST_PDPTR1)); -+ pr_err("PDPTR2 = 0x%016llx PDPTR3 = 0x%016llx\n", -+ vmcs_read64(GUEST_PDPTR2), vmcs_read64(GUEST_PDPTR3)); -+ } -+ pr_err("RSP = 0x%016lx RIP = 0x%016lx\n", -+ vmcs_readl(GUEST_RSP), vmcs_readl(GUEST_RIP)); -+ pr_err("RFLAGS=0x%08lx DR7 = 0x%016lx\n", -+ vmcs_readl(GUEST_RFLAGS), vmcs_readl(GUEST_DR7)); -+ pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", -+ vmcs_readl(GUEST_SYSENTER_ESP), -+ vmcs_read32(GUEST_SYSENTER_CS), vmcs_readl(GUEST_SYSENTER_EIP)); -+ vmx_dump_sel("CS: ", GUEST_CS_SELECTOR); -+ vmx_dump_sel("DS: ", GUEST_DS_SELECTOR); -+ vmx_dump_sel("SS: ", GUEST_SS_SELECTOR); -+ vmx_dump_sel("ES: ", GUEST_ES_SELECTOR); -+ vmx_dump_sel("FS: ", GUEST_FS_SELECTOR); -+ vmx_dump_sel("GS: ", GUEST_GS_SELECTOR); -+ vmx_dump_dtsel("GDTR:", GUEST_GDTR_LIMIT); -+ vmx_dump_sel("LDTR:", GUEST_LDTR_SELECTOR); -+ vmx_dump_dtsel("IDTR:", GUEST_IDTR_LIMIT); -+ vmx_dump_sel("TR: ", GUEST_TR_SELECTOR); -+ if ((vmexit_ctl & (VM_EXIT_SAVE_IA32_PAT | VM_EXIT_SAVE_IA32_EFER)) || -+ (vmentry_ctl & (VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_IA32_EFER))) -+ pr_err("EFER = 0x%016llx PAT = 0x%016llx\n", -+ efer, vmcs_read64(GUEST_IA32_PAT)); -+ pr_err("DebugCtl = 0x%016llx DebugExceptions = 0x%016lx\n", -+ vmcs_read64(GUEST_IA32_DEBUGCTL), -+ vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS)); -+ if (cpu_has_load_perf_global_ctrl() && -+ vmentry_ctl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) -+ pr_err("PerfGlobCtl = 0x%016llx\n", -+ vmcs_read64(GUEST_IA32_PERF_GLOBAL_CTRL)); -+ if (vmentry_ctl & VM_ENTRY_LOAD_BNDCFGS) -+ pr_err("BndCfgS = 0x%016llx\n", vmcs_read64(GUEST_BNDCFGS)); -+ pr_err("Interruptibility = %08x ActivityState = %08x\n", -+ vmcs_read32(GUEST_INTERRUPTIBILITY_INFO), -+ vmcs_read32(GUEST_ACTIVITY_STATE)); -+ if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) -+ pr_err("InterruptStatus = %04x\n", -+ vmcs_read16(GUEST_INTR_STATUS)); -+ -+ pr_err("*** Host State ***\n"); -+ pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", -+ vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); -+ pr_err("CS=%04x SS=%04x DS=%04x ES=%04x FS=%04x GS=%04x TR=%04x\n", -+ vmcs_read16(HOST_CS_SELECTOR), vmcs_read16(HOST_SS_SELECTOR), -+ vmcs_read16(HOST_DS_SELECTOR), vmcs_read16(HOST_ES_SELECTOR), -+ vmcs_read16(HOST_FS_SELECTOR), vmcs_read16(HOST_GS_SELECTOR), -+ vmcs_read16(HOST_TR_SELECTOR)); -+ pr_err("FSBase=%016lx GSBase=%016lx TRBase=%016lx\n", -+ vmcs_readl(HOST_FS_BASE), vmcs_readl(HOST_GS_BASE), -+ vmcs_readl(HOST_TR_BASE)); -+ pr_err("GDTBase=%016lx IDTBase=%016lx\n", -+ vmcs_readl(HOST_GDTR_BASE), vmcs_readl(HOST_IDTR_BASE)); -+ pr_err("CR0=%016lx CR3=%016lx CR4=%016lx\n", -+ vmcs_readl(HOST_CR0), vmcs_readl(HOST_CR3), -+ vmcs_readl(HOST_CR4)); -+ pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", -+ vmcs_readl(HOST_IA32_SYSENTER_ESP), -+ vmcs_read32(HOST_IA32_SYSENTER_CS), -+ vmcs_readl(HOST_IA32_SYSENTER_EIP)); -+ if (vmexit_ctl & (VM_EXIT_LOAD_IA32_PAT | VM_EXIT_LOAD_IA32_EFER)) -+ pr_err("EFER = 0x%016llx PAT = 0x%016llx\n", -+ vmcs_read64(HOST_IA32_EFER), -+ vmcs_read64(HOST_IA32_PAT)); -+ if (cpu_has_load_perf_global_ctrl() && -+ vmexit_ctl & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) -+ pr_err("PerfGlobCtl = 0x%016llx\n", -+ vmcs_read64(HOST_IA32_PERF_GLOBAL_CTRL)); -+ -+ pr_err("*** Control State ***\n"); -+ pr_err("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", -+ pin_based_exec_ctrl, cpu_based_exec_ctrl, secondary_exec_control); -+ pr_err("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); -+ pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", -+ vmcs_read32(EXCEPTION_BITMAP), -+ vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK), -+ vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH)); -+ pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x\n", -+ vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), -+ vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE), -+ vmcs_read32(VM_ENTRY_INSTRUCTION_LEN)); -+ pr_err("VMExit: intr_info=%08x errcode=%08x ilen=%08x\n", -+ vmcs_read32(VM_EXIT_INTR_INFO), -+ vmcs_read32(VM_EXIT_INTR_ERROR_CODE), -+ vmcs_read32(VM_EXIT_INSTRUCTION_LEN)); -+ pr_err(" reason=%08x qualification=%016lx\n", -+ vmcs_read32(VM_EXIT_REASON), vmcs_readl(EXIT_QUALIFICATION)); -+ pr_err("IDTVectoring: info=%08x errcode=%08x\n", -+ vmcs_read32(IDT_VECTORING_INFO_FIELD), -+ vmcs_read32(IDT_VECTORING_ERROR_CODE)); -+ pr_err("TSC Offset = 0x%016llx\n", vmcs_read64(TSC_OFFSET)); -+ if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING) -+ pr_err("TSC Multiplier = 0x%016llx\n", -+ vmcs_read64(TSC_MULTIPLIER)); -+ if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW) { -+ if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) { -+ u16 status = vmcs_read16(GUEST_INTR_STATUS); -+ pr_err("SVI|RVI = %02x|%02x ", status >> 8, status & 0xff); -+ } -+ pr_cont("TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD)); -+ if (secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES) -+ pr_err("APIC-access addr = 0x%016llx ", vmcs_read64(APIC_ACCESS_ADDR)); -+ pr_cont("virt-APIC addr = 0x%016llx\n", vmcs_read64(VIRTUAL_APIC_PAGE_ADDR)); -+ } -+ if (pin_based_exec_ctrl & PIN_BASED_POSTED_INTR) -+ pr_err("PostedIntrVec = 0x%02x\n", vmcs_read16(POSTED_INTR_NV)); -+ if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT)) -+ pr_err("EPT pointer = 0x%016llx\n", vmcs_read64(EPT_POINTER)); -+ n = vmcs_read32(CR3_TARGET_COUNT); -+ for (i = 0; i + 1 < n; i += 4) -+ pr_err("CR3 target%u=%016lx target%u=%016lx\n", -+ i, vmcs_readl(CR3_TARGET_VALUE0 + i * 2), -+ i + 1, vmcs_readl(CR3_TARGET_VALUE0 + i * 2 + 2)); -+ if (i < n) -+ pr_err("CR3 target%u=%016lx\n", -+ i, vmcs_readl(CR3_TARGET_VALUE0 + i * 2)); -+ if (secondary_exec_control & SECONDARY_EXEC_PAUSE_LOOP_EXITING) -+ pr_err("PLE Gap=%08x Window=%08x\n", -+ vmcs_read32(PLE_GAP), vmcs_read32(PLE_WINDOW)); -+ if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) -+ pr_err("Virtual processor ID = 0x%04x\n", -+ vmcs_read16(VIRTUAL_PROCESSOR_ID)); -+} -+ -+/* -+ * The guest has exited. See if we can fix it or if we need userspace -+ * assistance. -+ */ -+static int vmx_handle_exit(struct kvm_vcpu *vcpu, -+ enum exit_fastpath_completion exit_fastpath) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ u32 exit_reason = vmx->exit_reason; -+ u32 vectoring_info = vmx->idt_vectoring_info; -+ -+ trace_kvm_exit(exit_reason, vcpu, KVM_ISA_VMX); -+ -+ /* -+ * Flush logged GPAs PML buffer, this will make dirty_bitmap more -+ * updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before -+ * querying dirty_bitmap, we only need to kick all vcpus out of guest -+ * mode as if vcpus is in root mode, the PML buffer must has been -+ * flushed already. -+ */ -+ if (enable_pml) -+ vmx_flush_pml_buffer(vcpu); -+ -+ /* If guest state is invalid, start emulating */ -+ if (vmx->emulation_required) -+ return handle_invalid_guest_state(vcpu); -+ -+ if (is_guest_mode(vcpu) && nested_vmx_exit_reflected(vcpu, exit_reason)) -+ return nested_vmx_reflect_vmexit(vcpu, exit_reason); -+ -+ if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) { -+ dump_vmcs(); -+ vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY; -+ vcpu->run->fail_entry.hardware_entry_failure_reason -+ = exit_reason; -+ return 0; -+ } -+ -+ if (unlikely(vmx->fail)) { -+ dump_vmcs(); -+ vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY; -+ vcpu->run->fail_entry.hardware_entry_failure_reason -+ = vmcs_read32(VM_INSTRUCTION_ERROR); -+ return 0; -+ } -+ -+ /* -+ * Note: -+ * Do not try to fix EXIT_REASON_EPT_MISCONFIG if it caused by -+ * delivery event since it indicates guest is accessing MMIO. -+ * The vm-exit can be triggered again after return to guest that -+ * will cause infinite loop. -+ */ -+ if ((vectoring_info & VECTORING_INFO_VALID_MASK) && -+ (exit_reason != EXIT_REASON_EXCEPTION_NMI && -+ exit_reason != EXIT_REASON_EPT_VIOLATION && -+ exit_reason != EXIT_REASON_PML_FULL && -+ exit_reason != EXIT_REASON_TASK_SWITCH)) { -+ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -+ vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV; -+ vcpu->run->internal.ndata = 3; -+ vcpu->run->internal.data[0] = vectoring_info; -+ vcpu->run->internal.data[1] = exit_reason; -+ vcpu->run->internal.data[2] = vcpu->arch.exit_qualification; -+ if (exit_reason == EXIT_REASON_EPT_MISCONFIG) { -+ vcpu->run->internal.ndata++; -+ vcpu->run->internal.data[3] = -+ vmcs_read64(GUEST_PHYSICAL_ADDRESS); -+ } -+ return 0; -+ } -+ -+ if (unlikely(!enable_vnmi && -+ vmx->loaded_vmcs->soft_vnmi_blocked)) { -+ if (vmx_interrupt_allowed(vcpu)) { -+ vmx->loaded_vmcs->soft_vnmi_blocked = 0; -+ } else if (vmx->loaded_vmcs->vnmi_blocked_time > 1000000000LL && -+ vcpu->arch.nmi_pending) { -+ /* -+ * This CPU don't support us in finding the end of an -+ * NMI-blocked window if the guest runs with IRQs -+ * disabled. So we pull the trigger after 1 s of -+ * futile waiting, but inform the user about this. -+ */ -+ printk(KERN_WARNING "%s: Breaking out of NMI-blocked " -+ "state on VCPU %d after 1 s timeout\n", -+ __func__, vcpu->vcpu_id); -+ vmx->loaded_vmcs->soft_vnmi_blocked = 0; -+ } -+ } -+ -+ if (exit_fastpath == EXIT_FASTPATH_SKIP_EMUL_INS) { -+ kvm_skip_emulated_instruction(vcpu); -+ return 1; -+ } else if (exit_reason < kvm_vmx_max_exit_handlers -+ && kvm_vmx_exit_handlers[exit_reason]) { -+#ifdef CONFIG_RETPOLINE -+ if (exit_reason == EXIT_REASON_MSR_WRITE) -+ return kvm_emulate_wrmsr(vcpu); -+ else if (exit_reason == EXIT_REASON_PREEMPTION_TIMER) -+ return handle_preemption_timer(vcpu); -+ else if (exit_reason == EXIT_REASON_INTERRUPT_WINDOW) -+ return handle_interrupt_window(vcpu); -+ else if (exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT) -+ return handle_external_interrupt(vcpu); -+ else if (exit_reason == EXIT_REASON_HLT) -+ return kvm_emulate_halt(vcpu); -+ else if (exit_reason == EXIT_REASON_EPT_MISCONFIG) -+ return handle_ept_misconfig(vcpu); -+#endif -+ return kvm_vmx_exit_handlers[exit_reason](vcpu); -+ } else { -+ vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n", -+ exit_reason); -+ dump_vmcs(); -+ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -+ vcpu->run->internal.suberror = -+ KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; -+ vcpu->run->internal.ndata = 1; -+ vcpu->run->internal.data[0] = exit_reason; -+ return 0; -+ } -+} -+ -+/* -+ * Software based L1D cache flush which is used when microcode providing -+ * the cache control MSR is not loaded. -+ * -+ * The L1D cache is 32 KiB on Nehalem and later microarchitectures, but to -+ * flush it is required to read in 64 KiB because the replacement algorithm -+ * is not exactly LRU. This could be sized at runtime via topology -+ * information but as all relevant affected CPUs have 32KiB L1D cache size -+ * there is no point in doing so. -+ */ -+static void vmx_l1d_flush(struct kvm_vcpu *vcpu) -+{ -+ int size = PAGE_SIZE << L1D_CACHE_ORDER; -+ -+ /* -+ * This code is only executed when the the flush mode is 'cond' or -+ * 'always' -+ */ -+ if (static_branch_likely(&vmx_l1d_flush_cond)) { -+ bool flush_l1d; -+ -+ /* -+ * Clear the per-vcpu flush bit, it gets set again -+ * either from vcpu_run() or from one of the unsafe -+ * VMEXIT handlers. -+ */ -+ flush_l1d = vcpu->arch.l1tf_flush_l1d; -+ vcpu->arch.l1tf_flush_l1d = false; -+ -+ /* -+ * Clear the per-cpu flush bit, it gets set again from -+ * the interrupt handlers. -+ */ -+ flush_l1d |= kvm_get_cpu_l1tf_flush_l1d(); -+ kvm_clear_cpu_l1tf_flush_l1d(); -+ -+ if (!flush_l1d) -+ return; -+ } -+ -+ vcpu->stat.l1d_flush++; -+ -+ if (static_cpu_has(X86_FEATURE_FLUSH_L1D)) { -+ wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH); -+ return; -+ } -+ -+ asm volatile( -+ /* First ensure the pages are in the TLB */ -+ "xorl %%eax, %%eax\n" -+ ".Lpopulate_tlb:\n\t" -+ "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" -+ "addl $4096, %%eax\n\t" -+ "cmpl %%eax, %[size]\n\t" -+ "jne .Lpopulate_tlb\n\t" -+ "xorl %%eax, %%eax\n\t" -+ "cpuid\n\t" -+ /* Now fill the cache */ -+ "xorl %%eax, %%eax\n" -+ ".Lfill_cache:\n" -+ "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" -+ "addl $64, %%eax\n\t" -+ "cmpl %%eax, %[size]\n\t" -+ "jne .Lfill_cache\n\t" -+ "lfence\n" -+ :: [flush_pages] "r" (vmx_l1d_flush_pages), -+ [size] "r" (size) -+ : "eax", "ebx", "ecx", "edx"); -+} -+ -+static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) -+{ -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ int tpr_threshold; -+ -+ if (is_guest_mode(vcpu) && -+ nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) -+ return; -+ -+ tpr_threshold = (irr == -1 || tpr < irr) ? 0 : irr; -+ if (is_guest_mode(vcpu)) -+ to_vmx(vcpu)->nested.l1_tpr_threshold = tpr_threshold; -+ else -+ vmcs_write32(TPR_THRESHOLD, tpr_threshold); -+} -+ -+void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ u32 sec_exec_control; -+ -+ if (!lapic_in_kernel(vcpu)) -+ return; -+ -+ if (!flexpriority_enabled && -+ !cpu_has_vmx_virtualize_x2apic_mode()) -+ return; -+ -+ /* Postpone execution until vmcs01 is the current VMCS. */ -+ if (is_guest_mode(vcpu)) { -+ vmx->nested.change_vmcs01_virtual_apic_mode = true; -+ return; -+ } -+ -+ sec_exec_control = secondary_exec_controls_get(vmx); -+ sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE); -+ -+ switch (kvm_get_apic_mode(vcpu)) { -+ case LAPIC_MODE_INVALID: -+ WARN_ONCE(true, "Invalid local APIC state"); -+ case LAPIC_MODE_DISABLED: -+ break; -+ case LAPIC_MODE_XAPIC: -+ if (flexpriority_enabled) { -+ sec_exec_control |= -+ SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; -+ vmx_flush_tlb(vcpu, true); -+ } -+ break; -+ case LAPIC_MODE_X2APIC: -+ if (cpu_has_vmx_virtualize_x2apic_mode()) -+ sec_exec_control |= -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; -+ break; -+ } -+ secondary_exec_controls_set(vmx, sec_exec_control); -+ -+ vmx_update_msr_bitmap(vcpu); -+} -+ -+static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu, hpa_t hpa) -+{ -+ if (!is_guest_mode(vcpu)) { -+ vmcs_write64(APIC_ACCESS_ADDR, hpa); -+ vmx_flush_tlb(vcpu, true); -+ } -+} -+ -+static void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) -+{ -+ u16 status; -+ u8 old; -+ -+ if (max_isr == -1) -+ max_isr = 0; -+ -+ status = vmcs_read16(GUEST_INTR_STATUS); -+ old = status >> 8; -+ if (max_isr != old) { -+ status &= 0xff; -+ status |= max_isr << 8; -+ vmcs_write16(GUEST_INTR_STATUS, status); -+ } -+} -+ -+static void vmx_set_rvi(int vector) -+{ -+ u16 status; -+ u8 old; -+ -+ if (vector == -1) -+ vector = 0; -+ -+ status = vmcs_read16(GUEST_INTR_STATUS); -+ old = (u8)status & 0xff; -+ if ((u8)vector != old) { -+ status &= ~0xff; -+ status |= (u8)vector; -+ vmcs_write16(GUEST_INTR_STATUS, status); -+ } -+} -+ -+static void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr) -+{ -+ /* -+ * When running L2, updating RVI is only relevant when -+ * vmcs12 virtual-interrupt-delivery enabled. -+ * However, it can be enabled only when L1 also -+ * intercepts external-interrupts and in that case -+ * we should not update vmcs02 RVI but instead intercept -+ * interrupt. Therefore, do nothing when running L2. -+ */ -+ if (!is_guest_mode(vcpu)) -+ vmx_set_rvi(max_irr); -+} -+ -+static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ int max_irr; -+ bool max_irr_updated; -+ -+ WARN_ON(!vcpu->arch.apicv_active); -+ if (pi_test_on(&vmx->pi_desc)) { -+ pi_clear_on(&vmx->pi_desc); -+ /* -+ * IOMMU can write to PID.ON, so the barrier matters even on UP. -+ * But on x86 this is just a compiler barrier anyway. -+ */ -+ smp_mb__after_atomic(); -+ max_irr_updated = -+ kvm_apic_update_irr(vcpu, vmx->pi_desc.pir, &max_irr); -+ -+ /* -+ * If we are running L2 and L1 has a new pending interrupt -+ * which can be injected, we should re-evaluate -+ * what should be done with this new L1 interrupt. -+ * If L1 intercepts external-interrupts, we should -+ * exit from L2 to L1. Otherwise, interrupt should be -+ * delivered directly to L2. -+ */ -+ if (is_guest_mode(vcpu) && max_irr_updated) { -+ if (nested_exit_on_intr(vcpu)) -+ kvm_vcpu_exiting_guest_mode(vcpu); -+ else -+ kvm_make_request(KVM_REQ_EVENT, vcpu); -+ } -+ } else { -+ max_irr = kvm_lapic_find_highest_irr(vcpu); -+ } -+ vmx_hwapic_irr_update(vcpu, max_irr); -+ return max_irr; -+} -+ -+static bool vmx_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu) -+{ -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ -+ return pi_test_on(pi_desc) || -+ (pi_test_sn(pi_desc) && !pi_is_pir_empty(pi_desc)); -+} -+ -+static void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap) -+{ -+ if (!kvm_vcpu_apicv_active(vcpu)) -+ return; -+ -+ vmcs_write64(EOI_EXIT_BITMAP0, eoi_exit_bitmap[0]); -+ vmcs_write64(EOI_EXIT_BITMAP1, eoi_exit_bitmap[1]); -+ vmcs_write64(EOI_EXIT_BITMAP2, eoi_exit_bitmap[2]); -+ vmcs_write64(EOI_EXIT_BITMAP3, eoi_exit_bitmap[3]); -+} -+ -+static void vmx_apicv_post_state_restore(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ pi_clear_on(&vmx->pi_desc); -+ memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir)); -+} -+ -+static void handle_exception_nmi_irqoff(struct vcpu_vmx *vmx) -+{ -+ vmx->exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -+ -+ /* if exit due to PF check for async PF */ -+ if (is_page_fault(vmx->exit_intr_info)) -+ vmx->vcpu.arch.apf.host_apf_reason = kvm_read_and_reset_pf_reason(); -+ -+ /* Handle machine checks before interrupts are enabled */ -+ if (is_machine_check(vmx->exit_intr_info)) -+ kvm_machine_check(); -+ -+ /* We need to handle NMIs before interrupts are enabled */ -+ if (is_nmi(vmx->exit_intr_info)) { -+ kvm_before_interrupt(&vmx->vcpu); -+ asm("int $2"); -+ kvm_after_interrupt(&vmx->vcpu); -+ } -+} -+ -+static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu) -+{ -+ unsigned int vector; -+ unsigned long entry; -+#ifdef CONFIG_X86_64 -+ unsigned long tmp; -+#endif -+ gate_desc *desc; -+ u32 intr_info; -+ -+ intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -+ if (WARN_ONCE(!is_external_intr(intr_info), -+ "KVM: unexpected VM-Exit interrupt info: 0x%x", intr_info)) -+ return; -+ -+ vector = intr_info & INTR_INFO_VECTOR_MASK; -+ desc = (gate_desc *)host_idt_base + vector; -+ entry = gate_offset(desc); -+ -+ kvm_before_interrupt(vcpu); -+ -+ asm volatile( -+#ifdef CONFIG_X86_64 -+ "mov %%" _ASM_SP ", %[sp]\n\t" -+ "and $0xfffffffffffffff0, %%" _ASM_SP "\n\t" -+ "push $%c[ss]\n\t" -+ "push %[sp]\n\t" -+#endif -+ "pushf\n\t" -+ __ASM_SIZE(push) " $%c[cs]\n\t" -+ CALL_NOSPEC -+ : -+#ifdef CONFIG_X86_64 -+ [sp]"=&r"(tmp), -+#endif -+ ASM_CALL_CONSTRAINT -+ : -+ THUNK_TARGET(entry), -+ [ss]"i"(__KERNEL_DS), -+ [cs]"i"(__KERNEL_CS) -+ ); -+ -+ kvm_after_interrupt(vcpu); -+} -+STACK_FRAME_NON_STANDARD(handle_external_interrupt_irqoff); -+ -+static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu, -+ enum exit_fastpath_completion *exit_fastpath) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (vmx->exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT) -+ handle_external_interrupt_irqoff(vcpu); -+ else if (vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI) -+ handle_exception_nmi_irqoff(vmx); -+ else if (!is_guest_mode(vcpu) && -+ vmx->exit_reason == EXIT_REASON_MSR_WRITE) -+ *exit_fastpath = handle_fastpath_set_msr_irqoff(vcpu); -+} -+ -+static bool vmx_has_emulated_msr(int index) -+{ -+ switch (index) { -+ case MSR_IA32_SMBASE: -+ /* -+ * We cannot do SMM unless we can run the guest in big -+ * real mode. -+ */ -+ return enable_unrestricted_guest || emulate_invalid_guest_state; -+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -+ return nested; -+ case MSR_AMD64_VIRT_SPEC_CTRL: -+ /* This is AMD only. */ -+ return false; -+ default: -+ return true; -+ } -+} -+ -+static bool vmx_pt_supported(void) -+{ -+ return pt_mode == PT_MODE_HOST_GUEST; -+} -+ -+static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) -+{ -+ u32 exit_intr_info; -+ bool unblock_nmi; -+ u8 vector; -+ bool idtv_info_valid; -+ -+ idtv_info_valid = vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK; -+ -+ if (enable_vnmi) { -+ if (vmx->loaded_vmcs->nmi_known_unmasked) -+ return; -+ /* -+ * Can't use vmx->exit_intr_info since we're not sure what -+ * the exit reason is. -+ */ -+ exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -+ unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0; -+ vector = exit_intr_info & INTR_INFO_VECTOR_MASK; -+ /* -+ * SDM 3: 27.7.1.2 (September 2008) -+ * Re-set bit "block by NMI" before VM entry if vmexit caused by -+ * a guest IRET fault. -+ * SDM 3: 23.2.2 (September 2008) -+ * Bit 12 is undefined in any of the following cases: -+ * If the VM exit sets the valid bit in the IDT-vectoring -+ * information field. -+ * If the VM exit is due to a double fault. -+ */ -+ if ((exit_intr_info & INTR_INFO_VALID_MASK) && unblock_nmi && -+ vector != DF_VECTOR && !idtv_info_valid) -+ vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -+ GUEST_INTR_STATE_NMI); -+ else -+ vmx->loaded_vmcs->nmi_known_unmasked = -+ !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) -+ & GUEST_INTR_STATE_NMI); -+ } else if (unlikely(vmx->loaded_vmcs->soft_vnmi_blocked)) -+ vmx->loaded_vmcs->vnmi_blocked_time += -+ ktime_to_ns(ktime_sub(ktime_get(), -+ vmx->loaded_vmcs->entry_time)); -+} -+ -+static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, -+ u32 idt_vectoring_info, -+ int instr_len_field, -+ int error_code_field) -+{ -+ u8 vector; -+ int type; -+ bool idtv_info_valid; -+ -+ idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK; -+ -+ vcpu->arch.nmi_injected = false; -+ kvm_clear_exception_queue(vcpu); -+ kvm_clear_interrupt_queue(vcpu); -+ -+ if (!idtv_info_valid) -+ return; -+ -+ kvm_make_request(KVM_REQ_EVENT, vcpu); -+ -+ vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK; -+ type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK; -+ -+ switch (type) { -+ case INTR_TYPE_NMI_INTR: -+ vcpu->arch.nmi_injected = true; -+ /* -+ * SDM 3: 27.7.1.2 (September 2008) -+ * Clear bit "block by NMI" before VM entry if a NMI -+ * delivery faulted. -+ */ -+ vmx_set_nmi_mask(vcpu, false); -+ break; -+ case INTR_TYPE_SOFT_EXCEPTION: -+ vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); -+ /* fall through */ -+ case INTR_TYPE_HARD_EXCEPTION: -+ if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) { -+ u32 err = vmcs_read32(error_code_field); -+ kvm_requeue_exception_e(vcpu, vector, err); -+ } else -+ kvm_requeue_exception(vcpu, vector); -+ break; -+ case INTR_TYPE_SOFT_INTR: -+ vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); -+ /* fall through */ -+ case INTR_TYPE_EXT_INTR: -+ kvm_queue_interrupt(vcpu, vector, type == INTR_TYPE_SOFT_INTR); -+ break; -+ default: -+ break; -+ } -+} -+ -+static void vmx_complete_interrupts(struct vcpu_vmx *vmx) -+{ -+ __vmx_complete_interrupts(&vmx->vcpu, vmx->idt_vectoring_info, -+ VM_EXIT_INSTRUCTION_LEN, -+ IDT_VECTORING_ERROR_CODE); -+} -+ -+static void vmx_cancel_injection(struct kvm_vcpu *vcpu) -+{ -+ __vmx_complete_interrupts(vcpu, -+ vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), -+ VM_ENTRY_INSTRUCTION_LEN, -+ VM_ENTRY_EXCEPTION_ERROR_CODE); -+ -+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); -+} -+ -+static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) -+{ -+ int i, nr_msrs; -+ struct perf_guest_switch_msr *msrs; -+ -+ msrs = perf_guest_get_msrs(&nr_msrs); -+ -+ if (!msrs) -+ return; -+ -+ for (i = 0; i < nr_msrs; i++) -+ if (msrs[i].host == msrs[i].guest) -+ clear_atomic_switch_msr(vmx, msrs[i].msr); -+ else -+ add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest, -+ msrs[i].host, false); -+} -+ -+static void atomic_switch_umwait_control_msr(struct vcpu_vmx *vmx) -+{ -+ u32 host_umwait_control; -+ -+ if (!vmx_has_waitpkg(vmx)) -+ return; -+ -+ host_umwait_control = get_umwait_control_msr(); -+ -+ if (vmx->msr_ia32_umwait_control != host_umwait_control) -+ add_atomic_switch_msr(vmx, MSR_IA32_UMWAIT_CONTROL, -+ vmx->msr_ia32_umwait_control, -+ host_umwait_control, false); -+ else -+ clear_atomic_switch_msr(vmx, MSR_IA32_UMWAIT_CONTROL); -+} -+ -+static void vmx_update_hv_timer(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ u64 tscl; -+ u32 delta_tsc; -+ -+ if (vmx->req_immediate_exit) { -+ vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, 0); -+ vmx->loaded_vmcs->hv_timer_soft_disabled = false; -+ } else if (vmx->hv_deadline_tsc != -1) { -+ tscl = rdtsc(); -+ if (vmx->hv_deadline_tsc > tscl) -+ /* set_hv_timer ensures the delta fits in 32-bits */ -+ delta_tsc = (u32)((vmx->hv_deadline_tsc - tscl) >> -+ cpu_preemption_timer_multi); -+ else -+ delta_tsc = 0; -+ -+ vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, delta_tsc); -+ vmx->loaded_vmcs->hv_timer_soft_disabled = false; -+ } else if (!vmx->loaded_vmcs->hv_timer_soft_disabled) { -+ vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, -1); -+ vmx->loaded_vmcs->hv_timer_soft_disabled = true; -+ } -+} -+ -+void vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp) -+{ -+ if (unlikely(host_rsp != vmx->loaded_vmcs->host_state.rsp)) { -+ vmx->loaded_vmcs->host_state.rsp = host_rsp; -+ vmcs_writel(HOST_RSP, host_rsp); -+ } -+} -+ -+bool __vmx_vcpu_run(struct vcpu_vmx *vmx, unsigned long *regs, bool launched); -+ -+static void vmx_vcpu_run(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ unsigned long cr3, cr4; -+ -+ /* Record the guest's net vcpu time for enforced NMI injections. */ -+ if (unlikely(!enable_vnmi && -+ vmx->loaded_vmcs->soft_vnmi_blocked)) -+ vmx->loaded_vmcs->entry_time = ktime_get(); -+ -+ /* Don't enter VMX if guest state is invalid, let the exit handler -+ start emulation until we arrive back to a valid state */ -+ if (vmx->emulation_required) -+ return; -+ -+ if (vmx->ple_window_dirty) { -+ vmx->ple_window_dirty = false; -+ vmcs_write32(PLE_WINDOW, vmx->ple_window); -+ } -+ -+ if (vmx->nested.need_vmcs12_to_shadow_sync) -+ nested_sync_vmcs12_to_shadow(vcpu); -+ -+ if (kvm_register_is_dirty(vcpu, VCPU_REGS_RSP)) -+ vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]); -+ if (kvm_register_is_dirty(vcpu, VCPU_REGS_RIP)) -+ vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); -+ -+ cr3 = __get_current_cr3_fast(); -+ if (unlikely(cr3 != vmx->loaded_vmcs->host_state.cr3)) { -+ vmcs_writel(HOST_CR3, cr3); -+ vmx->loaded_vmcs->host_state.cr3 = cr3; -+ } -+ -+ cr4 = cr4_read_shadow(); -+ if (unlikely(cr4 != vmx->loaded_vmcs->host_state.cr4)) { -+ vmcs_writel(HOST_CR4, cr4); -+ vmx->loaded_vmcs->host_state.cr4 = cr4; -+ } -+ -+ /* When single-stepping over STI and MOV SS, we must clear the -+ * corresponding interruptibility bits in the guest state. Otherwise -+ * vmentry fails as it then expects bit 14 (BS) in pending debug -+ * exceptions being set, but that's not correct for the guest debugging -+ * case. */ -+ if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) -+ vmx_set_interrupt_shadow(vcpu, 0); -+ -+ kvm_load_guest_xsave_state(vcpu); -+ -+ if (static_cpu_has(X86_FEATURE_PKU) && -+ kvm_read_cr4_bits(vcpu, X86_CR4_PKE) && -+ vcpu->arch.pkru != vmx->host_pkru) -+ __write_pkru(vcpu->arch.pkru); -+ -+ pt_guest_enter(vmx); -+ -+ atomic_switch_perf_msrs(vmx); -+ atomic_switch_umwait_control_msr(vmx); -+ -+ if (enable_preemption_timer) -+ vmx_update_hv_timer(vcpu); -+ -+ if (lapic_in_kernel(vcpu) && -+ vcpu->arch.apic->lapic_timer.timer_advance_ns) -+ kvm_wait_lapic_expire(vcpu); -+ -+ /* -+ * If this vCPU has touched SPEC_CTRL, restore the guest's value if -+ * it's non-zero. Since vmentry is serialising on affected CPUs, there -+ * is no need to worry about the conditional branch over the wrmsr -+ * being speculatively taken. -+ */ -+ x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0); -+ -+ /* L1D Flush includes CPU buffer clear to mitigate MDS */ -+ if (static_branch_unlikely(&vmx_l1d_should_flush)) -+ vmx_l1d_flush(vcpu); -+ else if (static_branch_unlikely(&mds_user_clear)) -+ mds_clear_cpu_buffers(); -+ -+ if (vcpu->arch.cr2 != read_cr2()) -+ write_cr2(vcpu->arch.cr2); -+ -+ vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs, -+ vmx->loaded_vmcs->launched); -+ -+ vcpu->arch.cr2 = read_cr2(); -+ -+ /* -+ * We do not use IBRS in the kernel. If this vCPU has used the -+ * SPEC_CTRL MSR it may have left it on; save the value and -+ * turn it off. This is much more efficient than blindly adding -+ * it to the atomic save/restore list. Especially as the former -+ * (Saving guest MSRs on vmexit) doesn't even exist in KVM. -+ * -+ * For non-nested case: -+ * If the L01 MSR bitmap does not intercept the MSR, then we need to -+ * save it. -+ * -+ * For nested case: -+ * If the L02 MSR bitmap does not intercept the MSR, then we need to -+ * save it. -+ */ -+ if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) -+ vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); -+ -+ x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0); -+ -+ /* All fields are clean at this point */ -+ if (static_branch_unlikely(&enable_evmcs)) -+ current_evmcs->hv_clean_fields |= -+ HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL; -+ -+ if (static_branch_unlikely(&enable_evmcs)) -+ current_evmcs->hv_vp_id = vcpu->arch.hyperv.vp_index; -+ -+ /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ -+ if (vmx->host_debugctlmsr) -+ update_debugctlmsr(vmx->host_debugctlmsr); -+ -+#ifndef CONFIG_X86_64 -+ /* -+ * The sysexit path does not restore ds/es, so we must set them to -+ * a reasonable value ourselves. -+ * -+ * We can't defer this to vmx_prepare_switch_to_host() since that -+ * function may be executed in interrupt context, which saves and -+ * restore segments around it, nullifying its effect. -+ */ -+ loadsegment(ds, __USER_DS); -+ loadsegment(es, __USER_DS); -+#endif -+ -+ vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) -+ | (1 << VCPU_EXREG_RFLAGS) -+ | (1 << VCPU_EXREG_PDPTR) -+ | (1 << VCPU_EXREG_SEGMENTS) -+ | (1 << VCPU_EXREG_CR3)); -+ vcpu->arch.regs_dirty = 0; -+ -+ pt_guest_exit(vmx); -+ -+ /* -+ * eager fpu is enabled if PKEY is supported and CR4 is switched -+ * back on host, so it is safe to read guest PKRU from current -+ * XSAVE. -+ */ -+ if (static_cpu_has(X86_FEATURE_PKU) && -+ kvm_read_cr4_bits(vcpu, X86_CR4_PKE)) { -+ vcpu->arch.pkru = rdpkru(); -+ if (vcpu->arch.pkru != vmx->host_pkru) -+ __write_pkru(vmx->host_pkru); -+ } -+ -+ kvm_load_host_xsave_state(vcpu); -+ -+ vmx->nested.nested_run_pending = 0; -+ vmx->idt_vectoring_info = 0; -+ -+ vmx->exit_reason = vmx->fail ? 0xdead : vmcs_read32(VM_EXIT_REASON); -+ if ((u16)vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY) -+ kvm_machine_check(); -+ -+ if (vmx->fail || (vmx->exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) -+ return; -+ -+ vmx->loaded_vmcs->launched = 1; -+ vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD); -+ -+ vmx_recover_nmi_blocking(vmx); -+ vmx_complete_interrupts(vmx); -+} -+ -+static struct kvm *vmx_vm_alloc(void) -+{ -+ struct kvm_vmx *kvm_vmx = __vmalloc(sizeof(struct kvm_vmx), -+ GFP_KERNEL_ACCOUNT | __GFP_ZERO, -+ PAGE_KERNEL); -+ return &kvm_vmx->kvm; -+} -+ -+static void vmx_vm_free(struct kvm *kvm) -+{ -+ kfree(kvm->arch.hyperv.hv_pa_pg); -+ vfree(to_kvm_vmx(kvm)); -+} -+ -+static void vmx_free_vcpu(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (enable_pml) -+ vmx_destroy_pml_buffer(vmx); -+ free_vpid(vmx->vpid); -+ nested_vmx_free_vcpu(vcpu); -+ free_loaded_vmcs(vmx->loaded_vmcs); -+ kvm_vcpu_uninit(vcpu); -+ kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.user_fpu); -+ kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.guest_fpu); -+ kmem_cache_free(kvm_vcpu_cache, vmx); -+} -+ -+static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) -+{ -+ int err; -+ struct vcpu_vmx *vmx; -+ unsigned long *msr_bitmap; -+ int i, cpu; -+ -+ BUILD_BUG_ON_MSG(offsetof(struct vcpu_vmx, vcpu) != 0, -+ "struct kvm_vcpu must be at offset 0 for arch usercopy region"); -+ -+ vmx = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT); -+ if (!vmx) -+ return ERR_PTR(-ENOMEM); -+ -+ vmx->vcpu.arch.user_fpu = kmem_cache_zalloc(x86_fpu_cache, -+ GFP_KERNEL_ACCOUNT); -+ if (!vmx->vcpu.arch.user_fpu) { -+ printk(KERN_ERR "kvm: failed to allocate kvm userspace's fpu\n"); -+ err = -ENOMEM; -+ goto free_partial_vcpu; -+ } -+ -+ vmx->vcpu.arch.guest_fpu = kmem_cache_zalloc(x86_fpu_cache, -+ GFP_KERNEL_ACCOUNT); -+ if (!vmx->vcpu.arch.guest_fpu) { -+ printk(KERN_ERR "kvm: failed to allocate vcpu's fpu\n"); -+ err = -ENOMEM; -+ goto free_user_fpu; -+ } -+ -+ vmx->vpid = allocate_vpid(); -+ -+ err = kvm_vcpu_init(&vmx->vcpu, kvm, id); -+ if (err) -+ goto free_vcpu; -+ -+ err = -ENOMEM; -+ -+ /* -+ * If PML is turned on, failure on enabling PML just results in failure -+ * of creating the vcpu, therefore we can simplify PML logic (by -+ * avoiding dealing with cases, such as enabling PML partially on vcpus -+ * for the guest), etc. -+ */ -+ if (enable_pml) { -+ vmx->pml_pg = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); -+ if (!vmx->pml_pg) -+ goto uninit_vcpu; -+ } -+ -+ BUILD_BUG_ON(ARRAY_SIZE(vmx_msr_index) != NR_SHARED_MSRS); -+ -+ for (i = 0; i < ARRAY_SIZE(vmx_msr_index); ++i) { -+ u32 index = vmx_msr_index[i]; -+ u32 data_low, data_high; -+ int j = vmx->nmsrs; -+ -+ if (rdmsr_safe(index, &data_low, &data_high) < 0) -+ continue; -+ if (wrmsr_safe(index, data_low, data_high) < 0) -+ continue; -+ -+ vmx->guest_msrs[j].index = i; -+ vmx->guest_msrs[j].data = 0; -+ switch (index) { -+ case MSR_IA32_TSX_CTRL: -+ /* -+ * No need to pass TSX_CTRL_CPUID_CLEAR through, so -+ * let's avoid changing CPUID bits under the host -+ * kernel's feet. -+ */ -+ vmx->guest_msrs[j].mask = ~(u64)TSX_CTRL_CPUID_CLEAR; -+ break; -+ default: -+ vmx->guest_msrs[j].mask = -1ull; -+ break; -+ } -+ ++vmx->nmsrs; -+ } -+ -+ err = alloc_loaded_vmcs(&vmx->vmcs01); -+ if (err < 0) -+ goto free_pml; -+ -+ msr_bitmap = vmx->vmcs01.msr_bitmap; -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_TSC, MSR_TYPE_R); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_FS_BASE, MSR_TYPE_RW); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_GS_BASE, MSR_TYPE_RW); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); -+ if (kvm_cstate_in_guest(kvm)) { -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C1_RES, MSR_TYPE_R); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R); -+ vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R); -+ } -+ vmx->msr_bitmap_mode = 0; -+ -+ vmx->loaded_vmcs = &vmx->vmcs01; -+ cpu = get_cpu(); -+ vmx_vcpu_load(&vmx->vcpu, cpu); -+ vmx->vcpu.cpu = cpu; -+ init_vmcs(vmx); -+ vmx_vcpu_put(&vmx->vcpu); -+ put_cpu(); -+ if (cpu_need_virtualize_apic_accesses(&vmx->vcpu)) { -+ err = alloc_apic_access_page(kvm); -+ if (err) -+ goto free_vmcs; -+ } -+ -+ if (enable_ept && !enable_unrestricted_guest) { -+ err = init_rmode_identity_map(kvm); -+ if (err) -+ goto free_vmcs; -+ } -+ -+ if (nested) -+ nested_vmx_setup_ctls_msrs(&vmx->nested.msrs, -+ vmx_capability.ept, -+ kvm_vcpu_apicv_active(&vmx->vcpu)); -+ else -+ memset(&vmx->nested.msrs, 0, sizeof(vmx->nested.msrs)); -+ -+ vmx->nested.posted_intr_nv = -1; -+ vmx->nested.current_vmptr = -1ull; -+ -+ vmx->msr_ia32_feature_control_valid_bits = FEATURE_CONTROL_LOCKED; -+ -+ /* -+ * Enforce invariant: pi_desc.nv is always either POSTED_INTR_VECTOR -+ * or POSTED_INTR_WAKEUP_VECTOR. -+ */ -+ vmx->pi_desc.nv = POSTED_INTR_VECTOR; -+ vmx->pi_desc.sn = 1; -+ -+ vmx->ept_pointer = INVALID_PAGE; -+ -+ return &vmx->vcpu; -+ -+free_vmcs: -+ free_loaded_vmcs(vmx->loaded_vmcs); -+free_pml: -+ vmx_destroy_pml_buffer(vmx); -+uninit_vcpu: -+ kvm_vcpu_uninit(&vmx->vcpu); -+free_vcpu: -+ free_vpid(vmx->vpid); -+ kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.guest_fpu); -+free_user_fpu: -+ kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.user_fpu); -+free_partial_vcpu: -+ kmem_cache_free(kvm_vcpu_cache, vmx); -+ return ERR_PTR(err); -+} -+ -+#define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" -+#define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" -+ -+static int vmx_vm_init(struct kvm *kvm) -+{ -+ spin_lock_init(&to_kvm_vmx(kvm)->ept_pointer_lock); -+ -+ if (!ple_gap) -+ kvm->arch.pause_in_guest = true; -+ -+ if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) { -+ switch (l1tf_mitigation) { -+ case L1TF_MITIGATION_OFF: -+ case L1TF_MITIGATION_FLUSH_NOWARN: -+ /* 'I explicitly don't care' is set */ -+ break; -+ case L1TF_MITIGATION_FLUSH: -+ case L1TF_MITIGATION_FLUSH_NOSMT: -+ case L1TF_MITIGATION_FULL: -+ /* -+ * Warn upon starting the first VM in a potentially -+ * insecure environment. -+ */ -+ if (sched_smt_active()) -+ pr_warn_once(L1TF_MSG_SMT); -+ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER) -+ pr_warn_once(L1TF_MSG_L1D); -+ break; -+ case L1TF_MITIGATION_FULL_FORCE: -+ /* Flush is enforced */ -+ break; -+ } -+ } -+ return 0; -+} -+ -+static int __init vmx_check_processor_compat(void) -+{ -+ struct vmcs_config vmcs_conf; -+ struct vmx_capability vmx_cap; -+ -+ if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) -+ return -EIO; -+ if (nested) -+ nested_vmx_setup_ctls_msrs(&vmcs_conf.nested, vmx_cap.ept, -+ enable_apicv); -+ if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config)) != 0) { -+ printk(KERN_ERR "kvm: CPU %d feature inconsistency!\n", -+ smp_processor_id()); -+ return -EIO; -+ } -+ return 0; -+} -+ -+static u64 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio) -+{ -+ u8 cache; -+ u64 ipat = 0; -+ -+ /* For VT-d and EPT combination -+ * 1. MMIO: always map as UC -+ * 2. EPT with VT-d: -+ * a. VT-d without snooping control feature: can't guarantee the -+ * result, try to trust guest. -+ * b. VT-d with snooping control feature: snooping control feature of -+ * VT-d engine can guarantee the cache correctness. Just set it -+ * to WB to keep consistent with host. So the same as item 3. -+ * 3. EPT without VT-d: always map as WB and set IPAT=1 to keep -+ * consistent with host MTRR -+ */ -+ if (is_mmio) { -+ cache = MTRR_TYPE_UNCACHABLE; -+ goto exit; -+ } -+ -+ if (!kvm_arch_has_noncoherent_dma(vcpu->kvm)) { -+ ipat = VMX_EPT_IPAT_BIT; -+ cache = MTRR_TYPE_WRBACK; -+ goto exit; -+ } -+ -+ if (kvm_read_cr0(vcpu) & X86_CR0_CD) { -+ ipat = VMX_EPT_IPAT_BIT; -+ if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) -+ cache = MTRR_TYPE_WRBACK; -+ else -+ cache = MTRR_TYPE_UNCACHABLE; -+ goto exit; -+ } -+ -+ cache = kvm_mtrr_get_guest_memory_type(vcpu, gfn); -+ -+exit: -+ return (cache << VMX_EPT_MT_EPTE_SHIFT) | ipat; -+} -+ -+static int vmx_get_lpage_level(void) -+{ -+ if (enable_ept && !cpu_has_vmx_ept_1g_page()) -+ return PT_DIRECTORY_LEVEL; -+ else -+ /* For shadow and EPT supported 1GB page */ -+ return PT_PDPE_LEVEL; -+} -+ -+static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx) -+{ -+ /* -+ * These bits in the secondary execution controls field -+ * are dynamic, the others are mostly based on the hypervisor -+ * architecture and the guest's CPUID. Do not touch the -+ * dynamic bits. -+ */ -+ u32 mask = -+ SECONDARY_EXEC_SHADOW_VMCS | -+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -+ SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -+ SECONDARY_EXEC_DESC; -+ -+ u32 new_ctl = vmx->secondary_exec_control; -+ u32 cur_ctl = secondary_exec_controls_get(vmx); -+ -+ secondary_exec_controls_set(vmx, (new_ctl & ~mask) | (cur_ctl & mask)); -+} -+ -+/* -+ * Generate MSR_IA32_VMX_CR{0,4}_FIXED1 according to CPUID. Only set bits -+ * (indicating "allowed-1") if they are supported in the guest's CPUID. -+ */ -+static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct kvm_cpuid_entry2 *entry; -+ -+ vmx->nested.msrs.cr0_fixed1 = 0xffffffff; -+ vmx->nested.msrs.cr4_fixed1 = X86_CR4_PCE; -+ -+#define cr4_fixed1_update(_cr4_mask, _reg, _cpuid_mask) do { \ -+ if (entry && (entry->_reg & (_cpuid_mask))) \ -+ vmx->nested.msrs.cr4_fixed1 |= (_cr4_mask); \ -+} while (0) -+ -+ entry = kvm_find_cpuid_entry(vcpu, 0x1, 0); -+ cr4_fixed1_update(X86_CR4_VME, edx, bit(X86_FEATURE_VME)); -+ cr4_fixed1_update(X86_CR4_PVI, edx, bit(X86_FEATURE_VME)); -+ cr4_fixed1_update(X86_CR4_TSD, edx, bit(X86_FEATURE_TSC)); -+ cr4_fixed1_update(X86_CR4_DE, edx, bit(X86_FEATURE_DE)); -+ cr4_fixed1_update(X86_CR4_PSE, edx, bit(X86_FEATURE_PSE)); -+ cr4_fixed1_update(X86_CR4_PAE, edx, bit(X86_FEATURE_PAE)); -+ cr4_fixed1_update(X86_CR4_MCE, edx, bit(X86_FEATURE_MCE)); -+ cr4_fixed1_update(X86_CR4_PGE, edx, bit(X86_FEATURE_PGE)); -+ cr4_fixed1_update(X86_CR4_OSFXSR, edx, bit(X86_FEATURE_FXSR)); -+ cr4_fixed1_update(X86_CR4_OSXMMEXCPT, edx, bit(X86_FEATURE_XMM)); -+ cr4_fixed1_update(X86_CR4_VMXE, ecx, bit(X86_FEATURE_VMX)); -+ cr4_fixed1_update(X86_CR4_SMXE, ecx, bit(X86_FEATURE_SMX)); -+ cr4_fixed1_update(X86_CR4_PCIDE, ecx, bit(X86_FEATURE_PCID)); -+ cr4_fixed1_update(X86_CR4_OSXSAVE, ecx, bit(X86_FEATURE_XSAVE)); -+ -+ entry = kvm_find_cpuid_entry(vcpu, 0x7, 0); -+ cr4_fixed1_update(X86_CR4_FSGSBASE, ebx, bit(X86_FEATURE_FSGSBASE)); -+ cr4_fixed1_update(X86_CR4_SMEP, ebx, bit(X86_FEATURE_SMEP)); -+ cr4_fixed1_update(X86_CR4_SMAP, ebx, bit(X86_FEATURE_SMAP)); -+ cr4_fixed1_update(X86_CR4_PKE, ecx, bit(X86_FEATURE_PKU)); -+ cr4_fixed1_update(X86_CR4_UMIP, ecx, bit(X86_FEATURE_UMIP)); -+ cr4_fixed1_update(X86_CR4_LA57, ecx, bit(X86_FEATURE_LA57)); -+ -+#undef cr4_fixed1_update -+} -+ -+static void nested_vmx_entry_exit_ctls_update(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ if (kvm_mpx_supported()) { -+ bool mpx_enabled = guest_cpuid_has(vcpu, X86_FEATURE_MPX); -+ -+ if (mpx_enabled) { -+ vmx->nested.msrs.entry_ctls_high |= VM_ENTRY_LOAD_BNDCFGS; -+ vmx->nested.msrs.exit_ctls_high |= VM_EXIT_CLEAR_BNDCFGS; -+ } else { -+ vmx->nested.msrs.entry_ctls_high &= ~VM_ENTRY_LOAD_BNDCFGS; -+ vmx->nested.msrs.exit_ctls_high &= ~VM_EXIT_CLEAR_BNDCFGS; -+ } -+ } -+} -+ -+static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ struct kvm_cpuid_entry2 *best = NULL; -+ int i; -+ -+ for (i = 0; i < PT_CPUID_LEAVES; i++) { -+ best = kvm_find_cpuid_entry(vcpu, 0x14, i); -+ if (!best) -+ return; -+ vmx->pt_desc.caps[CPUID_EAX + i*PT_CPUID_REGS_NUM] = best->eax; -+ vmx->pt_desc.caps[CPUID_EBX + i*PT_CPUID_REGS_NUM] = best->ebx; -+ vmx->pt_desc.caps[CPUID_ECX + i*PT_CPUID_REGS_NUM] = best->ecx; -+ vmx->pt_desc.caps[CPUID_EDX + i*PT_CPUID_REGS_NUM] = best->edx; -+ } -+ -+ /* Get the number of configurable Address Ranges for filtering */ -+ vmx->pt_desc.addr_range = intel_pt_validate_cap(vmx->pt_desc.caps, -+ PT_CAP_num_address_ranges); -+ -+ /* Initialize and clear the no dependency bits */ -+ vmx->pt_desc.ctl_bitmask = ~(RTIT_CTL_TRACEEN | RTIT_CTL_OS | -+ RTIT_CTL_USR | RTIT_CTL_TSC_EN | RTIT_CTL_DISRETC); -+ -+ /* -+ * If CPUID.(EAX=14H,ECX=0):EBX[0]=1 CR3Filter can be set otherwise -+ * will inject an #GP -+ */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_cr3_filtering)) -+ vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_CR3EN; -+ -+ /* -+ * If CPUID.(EAX=14H,ECX=0):EBX[1]=1 CYCEn, CycThresh and -+ * PSBFreq can be set -+ */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc)) -+ vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_CYCLEACC | -+ RTIT_CTL_CYC_THRESH | RTIT_CTL_PSB_FREQ); -+ -+ /* -+ * If CPUID.(EAX=14H,ECX=0):EBX[3]=1 MTCEn BranchEn and -+ * MTCFreq can be set -+ */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc)) -+ vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_MTC_EN | -+ RTIT_CTL_BRANCH_EN | RTIT_CTL_MTC_RANGE); -+ -+ /* If CPUID.(EAX=14H,ECX=0):EBX[4]=1 FUPonPTW and PTWEn can be set */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_ptwrite)) -+ vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_FUP_ON_PTW | -+ RTIT_CTL_PTW_EN); -+ -+ /* If CPUID.(EAX=14H,ECX=0):EBX[5]=1 PwrEvEn can be set */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_power_event_trace)) -+ vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_PWR_EVT_EN; -+ -+ /* If CPUID.(EAX=14H,ECX=0):ECX[0]=1 ToPA can be set */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_topa_output)) -+ vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_TOPA; -+ -+ /* If CPUID.(EAX=14H,ECX=0):ECX[3]=1 FabircEn can be set */ -+ if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_output_subsys)) -+ vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_FABRIC_EN; -+ -+ /* unmask address range configure area */ -+ for (i = 0; i < vmx->pt_desc.addr_range; i++) -+ vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); -+} -+ -+static void vmx_cpuid_update(struct kvm_vcpu *vcpu) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ /* xsaves_enabled is recomputed in vmx_compute_secondary_exec_control(). */ -+ vcpu->arch.xsaves_enabled = false; -+ -+ if (cpu_has_secondary_exec_ctrls()) { -+ vmx_compute_secondary_exec_control(vmx); -+ vmcs_set_secondary_exec_control(vmx); -+ } -+ -+ if (nested_vmx_allowed(vcpu)) -+ to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |= -+ FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX | -+ FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; -+ else -+ to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= -+ ~(FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX | -+ FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX); -+ -+ if (nested_vmx_allowed(vcpu)) { -+ nested_vmx_cr_fixed1_bits_update(vcpu); -+ nested_vmx_entry_exit_ctls_update(vcpu); -+ } -+ -+ if (boot_cpu_has(X86_FEATURE_INTEL_PT) && -+ guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT)) -+ update_intel_pt_cfg(vcpu); -+ -+ if (boot_cpu_has(X86_FEATURE_RTM)) { -+ struct shared_msr_entry *msr; -+ msr = find_msr_entry(vmx, MSR_IA32_TSX_CTRL); -+ if (msr) { -+ bool enabled = guest_cpuid_has(vcpu, X86_FEATURE_RTM); -+ vmx_set_guest_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE); -+ } -+ } -+} -+ -+static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry) -+{ -+ if (func == 1 && nested) -+ entry->ecx |= bit(X86_FEATURE_VMX); -+} -+ -+static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) -+{ -+ to_vmx(vcpu)->req_immediate_exit = true; -+} -+ -+static int vmx_check_intercept(struct kvm_vcpu *vcpu, -+ struct x86_instruction_info *info, -+ enum x86_intercept_stage stage) -+{ -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt; -+ -+ /* -+ * RDPID causes #UD if disabled through secondary execution controls. -+ * Because it is marked as EmulateOnUD, we need to intercept it here. -+ */ -+ if (info->intercept == x86_intercept_rdtscp && -+ !nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDTSCP)) { -+ ctxt->exception.vector = UD_VECTOR; -+ ctxt->exception.error_code_valid = false; -+ return X86EMUL_PROPAGATE_FAULT; -+ } -+ -+ /* TODO: check more intercepts... */ -+ return X86EMUL_CONTINUE; -+} -+ -+#ifdef CONFIG_X86_64 -+/* (a << shift) / divisor, return 1 if overflow otherwise 0 */ -+static inline int u64_shl_div_u64(u64 a, unsigned int shift, -+ u64 divisor, u64 *result) -+{ -+ u64 low = a << shift, high = a >> (64 - shift); -+ -+ /* To avoid the overflow on divq */ -+ if (high >= divisor) -+ return 1; -+ -+ /* Low hold the result, high hold rem which is discarded */ -+ asm("divq %2\n\t" : "=a" (low), "=d" (high) : -+ "rm" (divisor), "0" (low), "1" (high)); -+ *result = low; -+ -+ return 0; -+} -+ -+static int vmx_set_hv_timer(struct kvm_vcpu *vcpu, u64 guest_deadline_tsc, -+ bool *expired) -+{ -+ struct vcpu_vmx *vmx; -+ u64 tscl, guest_tscl, delta_tsc, lapic_timer_advance_cycles; -+ struct kvm_timer *ktimer = &vcpu->arch.apic->lapic_timer; -+ -+ if (kvm_mwait_in_guest(vcpu->kvm) || -+ kvm_can_post_timer_interrupt(vcpu)) -+ return -EOPNOTSUPP; -+ -+ vmx = to_vmx(vcpu); -+ tscl = rdtsc(); -+ guest_tscl = kvm_read_l1_tsc(vcpu, tscl); -+ delta_tsc = max(guest_deadline_tsc, guest_tscl) - guest_tscl; -+ lapic_timer_advance_cycles = nsec_to_cycles(vcpu, -+ ktimer->timer_advance_ns); -+ -+ if (delta_tsc > lapic_timer_advance_cycles) -+ delta_tsc -= lapic_timer_advance_cycles; -+ else -+ delta_tsc = 0; -+ -+ /* Convert to host delta tsc if tsc scaling is enabled */ -+ if (vcpu->arch.tsc_scaling_ratio != kvm_default_tsc_scaling_ratio && -+ delta_tsc && u64_shl_div_u64(delta_tsc, -+ kvm_tsc_scaling_ratio_frac_bits, -+ vcpu->arch.tsc_scaling_ratio, &delta_tsc)) -+ return -ERANGE; -+ -+ /* -+ * If the delta tsc can't fit in the 32 bit after the multi shift, -+ * we can't use the preemption timer. -+ * It's possible that it fits on later vmentries, but checking -+ * on every vmentry is costly so we just use an hrtimer. -+ */ -+ if (delta_tsc >> (cpu_preemption_timer_multi + 32)) -+ return -ERANGE; -+ -+ vmx->hv_deadline_tsc = tscl + delta_tsc; -+ *expired = !delta_tsc; -+ return 0; -+} -+ -+static void vmx_cancel_hv_timer(struct kvm_vcpu *vcpu) -+{ -+ to_vmx(vcpu)->hv_deadline_tsc = -1; -+} -+#endif -+ -+static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu) -+{ -+ if (!kvm_pause_in_guest(vcpu->kvm)) -+ shrink_ple_window(vcpu); -+} -+ -+static void vmx_slot_enable_log_dirty(struct kvm *kvm, -+ struct kvm_memory_slot *slot) -+{ -+ kvm_mmu_slot_leaf_clear_dirty(kvm, slot); -+ kvm_mmu_slot_largepage_remove_write_access(kvm, slot); -+} -+ -+static void vmx_slot_disable_log_dirty(struct kvm *kvm, -+ struct kvm_memory_slot *slot) -+{ -+ kvm_mmu_slot_set_dirty(kvm, slot); -+} -+ -+static void vmx_flush_log_dirty(struct kvm *kvm) -+{ -+ kvm_flush_pml_buffers(kvm); -+} -+ -+static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu) -+{ -+ struct vmcs12 *vmcs12; -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ gpa_t gpa, dst; -+ -+ if (is_guest_mode(vcpu)) { -+ WARN_ON_ONCE(vmx->nested.pml_full); -+ -+ /* -+ * Check if PML is enabled for the nested guest. -+ * Whether eptp bit 6 is set is already checked -+ * as part of A/D emulation. -+ */ -+ vmcs12 = get_vmcs12(vcpu); -+ if (!nested_cpu_has_pml(vmcs12)) -+ return 0; -+ -+ if (vmcs12->guest_pml_index >= PML_ENTITY_NUM) { -+ vmx->nested.pml_full = true; -+ return 1; -+ } -+ -+ gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS) & ~0xFFFull; -+ dst = vmcs12->pml_address + sizeof(u64) * vmcs12->guest_pml_index; -+ -+ if (kvm_write_guest_page(vcpu->kvm, gpa_to_gfn(dst), &gpa, -+ offset_in_page(dst), sizeof(gpa))) -+ return 0; -+ -+ vmcs12->guest_pml_index--; -+ } -+ -+ return 0; -+} -+ -+static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm, -+ struct kvm_memory_slot *memslot, -+ gfn_t offset, unsigned long mask) -+{ -+ kvm_mmu_clear_dirty_pt_masked(kvm, memslot, offset, mask); -+} -+ -+static void __pi_post_block(struct kvm_vcpu *vcpu) -+{ -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ struct pi_desc old, new; -+ unsigned int dest; -+ -+ do { -+ old.control = new.control = pi_desc->control; -+ WARN(old.nv != POSTED_INTR_WAKEUP_VECTOR, -+ "Wakeup handler not enabled while the VCPU is blocked\n"); -+ -+ dest = cpu_physical_id(vcpu->cpu); -+ -+ if (x2apic_enabled()) -+ new.ndst = dest; -+ else -+ new.ndst = (dest << 8) & 0xFF00; -+ -+ /* set 'NV' to 'notification vector' */ -+ new.nv = POSTED_INTR_VECTOR; -+ } while (cmpxchg64(&pi_desc->control, old.control, -+ new.control) != old.control); -+ -+ if (!WARN_ON_ONCE(vcpu->pre_pcpu == -1)) { -+ spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -+ list_del(&vcpu->blocked_vcpu_list); -+ spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -+ vcpu->pre_pcpu = -1; -+ } -+} -+ -+/* -+ * This routine does the following things for vCPU which is going -+ * to be blocked if VT-d PI is enabled. -+ * - Store the vCPU to the wakeup list, so when interrupts happen -+ * we can find the right vCPU to wake up. -+ * - Change the Posted-interrupt descriptor as below: -+ * 'NDST' <-- vcpu->pre_pcpu -+ * 'NV' <-- POSTED_INTR_WAKEUP_VECTOR -+ * - If 'ON' is set during this process, which means at least one -+ * interrupt is posted for this vCPU, we cannot block it, in -+ * this case, return 1, otherwise, return 0. -+ * -+ */ -+static int pi_pre_block(struct kvm_vcpu *vcpu) -+{ -+ unsigned int dest; -+ struct pi_desc old, new; -+ struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -+ -+ if (!kvm_arch_has_assigned_device(vcpu->kvm) || -+ !irq_remapping_cap(IRQ_POSTING_CAP) || -+ !kvm_vcpu_apicv_active(vcpu)) -+ return 0; -+ -+ WARN_ON(irqs_disabled()); -+ local_irq_disable(); -+ if (!WARN_ON_ONCE(vcpu->pre_pcpu != -1)) { -+ vcpu->pre_pcpu = vcpu->cpu; -+ spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -+ list_add_tail(&vcpu->blocked_vcpu_list, -+ &per_cpu(blocked_vcpu_on_cpu, -+ vcpu->pre_pcpu)); -+ spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -+ } -+ -+ do { -+ old.control = new.control = pi_desc->control; -+ -+ WARN((pi_desc->sn == 1), -+ "Warning: SN field of posted-interrupts " -+ "is set before blocking\n"); -+ -+ /* -+ * Since vCPU can be preempted during this process, -+ * vcpu->cpu could be different with pre_pcpu, we -+ * need to set pre_pcpu as the destination of wakeup -+ * notification event, then we can find the right vCPU -+ * to wakeup in wakeup handler if interrupts happen -+ * when the vCPU is in blocked state. -+ */ -+ dest = cpu_physical_id(vcpu->pre_pcpu); -+ -+ if (x2apic_enabled()) -+ new.ndst = dest; -+ else -+ new.ndst = (dest << 8) & 0xFF00; -+ -+ /* set 'NV' to 'wakeup vector' */ -+ new.nv = POSTED_INTR_WAKEUP_VECTOR; -+ } while (cmpxchg64(&pi_desc->control, old.control, -+ new.control) != old.control); -+ -+ /* We should not block the vCPU if an interrupt is posted for it. */ -+ if (pi_test_on(pi_desc) == 1) -+ __pi_post_block(vcpu); -+ -+ local_irq_enable(); -+ return (vcpu->pre_pcpu == -1); -+} -+ -+static int vmx_pre_block(struct kvm_vcpu *vcpu) -+{ -+ if (pi_pre_block(vcpu)) -+ return 1; -+ -+ if (kvm_lapic_hv_timer_in_use(vcpu)) -+ kvm_lapic_switch_to_sw_timer(vcpu); -+ -+ return 0; -+} -+ -+static void pi_post_block(struct kvm_vcpu *vcpu) -+{ -+ if (vcpu->pre_pcpu == -1) -+ return; -+ -+ WARN_ON(irqs_disabled()); -+ local_irq_disable(); -+ __pi_post_block(vcpu); -+ local_irq_enable(); -+} -+ -+static void vmx_post_block(struct kvm_vcpu *vcpu) -+{ -+ if (kvm_x86_ops->set_hv_timer) -+ kvm_lapic_switch_to_hv_timer(vcpu); -+ -+ pi_post_block(vcpu); -+} -+ -+/* -+ * vmx_update_pi_irte - set IRTE for Posted-Interrupts -+ * -+ * @kvm: kvm -+ * @host_irq: host irq of the interrupt -+ * @guest_irq: gsi of the interrupt -+ * @set: set or unset PI -+ * returns 0 on success, < 0 on failure -+ */ -+static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, -+ uint32_t guest_irq, bool set) -+{ -+ struct kvm_kernel_irq_routing_entry *e; -+ struct kvm_irq_routing_table *irq_rt; -+ struct kvm_lapic_irq irq; -+ struct kvm_vcpu *vcpu; -+ struct vcpu_data vcpu_info; -+ int idx, ret = 0; -+ -+ if (!kvm_arch_has_assigned_device(kvm) || -+ !irq_remapping_cap(IRQ_POSTING_CAP) || -+ !kvm_vcpu_apicv_active(kvm->vcpus[0])) -+ return 0; -+ -+ idx = srcu_read_lock(&kvm->irq_srcu); -+ irq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu); -+ if (guest_irq >= irq_rt->nr_rt_entries || -+ hlist_empty(&irq_rt->map[guest_irq])) { -+ pr_warn_once("no route for guest_irq %u/%u (broken user space?)\n", -+ guest_irq, irq_rt->nr_rt_entries); -+ goto out; -+ } -+ -+ hlist_for_each_entry(e, &irq_rt->map[guest_irq], link) { -+ if (e->type != KVM_IRQ_ROUTING_MSI) -+ continue; -+ /* -+ * VT-d PI cannot support posting multicast/broadcast -+ * interrupts to a vCPU, we still use interrupt remapping -+ * for these kind of interrupts. -+ * -+ * For lowest-priority interrupts, we only support -+ * those with single CPU as the destination, e.g. user -+ * configures the interrupts via /proc/irq or uses -+ * irqbalance to make the interrupts single-CPU. -+ * -+ * We will support full lowest-priority interrupt later. -+ * -+ * In addition, we can only inject generic interrupts using -+ * the PI mechanism, refuse to route others through it. -+ */ -+ -+ kvm_set_msi_irq(kvm, e, &irq); -+ if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) || -+ !kvm_irq_is_postable(&irq)) { -+ /* -+ * Make sure the IRTE is in remapped mode if -+ * we don't handle it in posted mode. -+ */ -+ ret = irq_set_vcpu_affinity(host_irq, NULL); -+ if (ret < 0) { -+ printk(KERN_INFO -+ "failed to back to remapped mode, irq: %u\n", -+ host_irq); -+ goto out; -+ } -+ -+ continue; -+ } -+ -+ vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); -+ vcpu_info.vector = irq.vector; -+ -+ trace_kvm_pi_irte_update(host_irq, vcpu->vcpu_id, e->gsi, -+ vcpu_info.vector, vcpu_info.pi_desc_addr, set); -+ -+ if (set) -+ ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); -+ else -+ ret = irq_set_vcpu_affinity(host_irq, NULL); -+ -+ if (ret < 0) { -+ printk(KERN_INFO "%s: failed to update PI IRTE\n", -+ __func__); -+ goto out; -+ } -+ } -+ -+ ret = 0; -+out: -+ srcu_read_unlock(&kvm->irq_srcu, idx); -+ return ret; -+} -+ -+static void vmx_setup_mce(struct kvm_vcpu *vcpu) -+{ -+ if (vcpu->arch.mcg_cap & MCG_LMCE_P) -+ to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |= -+ FEATURE_CONTROL_LMCE; -+ else -+ to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= -+ ~FEATURE_CONTROL_LMCE; -+} -+ -+static int vmx_smi_allowed(struct kvm_vcpu *vcpu) -+{ -+ /* we need a nested vmexit to enter SMM, postpone if run is pending */ -+ if (to_vmx(vcpu)->nested.nested_run_pending) -+ return 0; -+ return 1; -+} -+ -+static int vmx_pre_enter_smm(struct kvm_vcpu *vcpu, char *smstate) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ -+ vmx->nested.smm.guest_mode = is_guest_mode(vcpu); -+ if (vmx->nested.smm.guest_mode) -+ nested_vmx_vmexit(vcpu, -1, 0, 0); -+ -+ vmx->nested.smm.vmxon = vmx->nested.vmxon; -+ vmx->nested.vmxon = false; -+ vmx_clear_hlt(vcpu); -+ return 0; -+} -+ -+static int vmx_pre_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) -+{ -+ struct vcpu_vmx *vmx = to_vmx(vcpu); -+ int ret; -+ -+ if (vmx->nested.smm.vmxon) { -+ vmx->nested.vmxon = true; -+ vmx->nested.smm.vmxon = false; -+ } -+ -+ if (vmx->nested.smm.guest_mode) { -+ ret = nested_vmx_enter_non_root_mode(vcpu, false); -+ if (ret) -+ return ret; -+ -+ vmx->nested.smm.guest_mode = false; -+ } -+ return 0; -+} -+ -+static int enable_smi_window(struct kvm_vcpu *vcpu) -+{ -+ return 0; -+} -+ -+static bool vmx_need_emulation_on_page_fault(struct kvm_vcpu *vcpu) -+{ -+ return false; -+} -+ -+static bool vmx_apic_init_signal_blocked(struct kvm_vcpu *vcpu) -+{ -+ return to_vmx(vcpu)->nested.vmxon; -+} -+ -+static __init int hardware_setup(void) -+{ -+ unsigned long host_bndcfgs; -+ struct desc_ptr dt; -+ int r, i; -+ -+ rdmsrl_safe(MSR_EFER, &host_efer); -+ -+ store_idt(&dt); -+ host_idt_base = dt.address; -+ -+ for (i = 0; i < ARRAY_SIZE(vmx_msr_index); ++i) -+ kvm_define_shared_msr(i, vmx_msr_index[i]); -+ -+ if (setup_vmcs_config(&vmcs_config, &vmx_capability) < 0) -+ return -EIO; -+ -+ if (boot_cpu_has(X86_FEATURE_NX)) -+ kvm_enable_efer_bits(EFER_NX); -+ -+ if (boot_cpu_has(X86_FEATURE_MPX)) { -+ rdmsrl(MSR_IA32_BNDCFGS, host_bndcfgs); -+ WARN_ONCE(host_bndcfgs, "KVM: BNDCFGS in host will be lost"); -+ } -+ -+ if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || -+ !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) -+ enable_vpid = 0; -+ -+ if (!cpu_has_vmx_ept() || -+ !cpu_has_vmx_ept_4levels() || -+ !cpu_has_vmx_ept_mt_wb() || -+ !cpu_has_vmx_invept_global()) -+ enable_ept = 0; -+ -+ if (!cpu_has_vmx_ept_ad_bits() || !enable_ept) -+ enable_ept_ad_bits = 0; -+ -+ if (!cpu_has_vmx_unrestricted_guest() || !enable_ept) -+ enable_unrestricted_guest = 0; -+ -+ if (!cpu_has_vmx_flexpriority()) -+ flexpriority_enabled = 0; -+ -+ if (!cpu_has_virtual_nmis()) -+ enable_vnmi = 0; -+ -+ /* -+ * set_apic_access_page_addr() is used to reload apic access -+ * page upon invalidation. No need to do anything if not -+ * using the APIC_ACCESS_ADDR VMCS field. -+ */ -+ if (!flexpriority_enabled) -+ kvm_x86_ops->set_apic_access_page_addr = NULL; -+ -+ if (!cpu_has_vmx_tpr_shadow()) -+ kvm_x86_ops->update_cr8_intercept = NULL; -+ -+ if (enable_ept && !cpu_has_vmx_ept_2m_page()) -+ kvm_disable_largepages(); -+ -+#if IS_ENABLED(CONFIG_HYPERV) -+ if (ms_hyperv.nested_features & HV_X64_NESTED_GUEST_MAPPING_FLUSH -+ && enable_ept) { -+ kvm_x86_ops->tlb_remote_flush = hv_remote_flush_tlb; -+ kvm_x86_ops->tlb_remote_flush_with_range = -+ hv_remote_flush_tlb_with_range; -+ } -+#endif -+ -+ if (!cpu_has_vmx_ple()) { -+ ple_gap = 0; -+ ple_window = 0; -+ ple_window_grow = 0; -+ ple_window_max = 0; -+ ple_window_shrink = 0; -+ } -+ -+ if (!cpu_has_vmx_apicv()) { -+ enable_apicv = 0; -+ kvm_x86_ops->sync_pir_to_irr = NULL; -+ } -+ -+ if (cpu_has_vmx_tsc_scaling()) { -+ kvm_has_tsc_control = true; -+ kvm_max_tsc_scaling_ratio = KVM_VMX_TSC_MULTIPLIER_MAX; -+ kvm_tsc_scaling_ratio_frac_bits = 48; -+ } -+ -+ set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */ -+ -+ if (enable_ept) -+ vmx_enable_tdp(); -+ else -+ kvm_disable_tdp(); -+ -+ /* -+ * Only enable PML when hardware supports PML feature, and both EPT -+ * and EPT A/D bit features are enabled -- PML depends on them to work. -+ */ -+ if (!enable_ept || !enable_ept_ad_bits || !cpu_has_vmx_pml()) -+ enable_pml = 0; -+ -+ if (!enable_pml) { -+ kvm_x86_ops->slot_enable_log_dirty = NULL; -+ kvm_x86_ops->slot_disable_log_dirty = NULL; -+ kvm_x86_ops->flush_log_dirty = NULL; -+ kvm_x86_ops->enable_log_dirty_pt_masked = NULL; -+ } -+ -+ if (!cpu_has_vmx_preemption_timer()) -+ enable_preemption_timer = false; -+ -+ if (enable_preemption_timer) { -+ u64 use_timer_freq = 5000ULL * 1000 * 1000; -+ u64 vmx_msr; -+ -+ rdmsrl(MSR_IA32_VMX_MISC, vmx_msr); -+ cpu_preemption_timer_multi = -+ vmx_msr & VMX_MISC_PREEMPTION_TIMER_RATE_MASK; -+ -+ if (tsc_khz) -+ use_timer_freq = (u64)tsc_khz * 1000; -+ use_timer_freq >>= cpu_preemption_timer_multi; -+ -+ /* -+ * KVM "disables" the preemption timer by setting it to its max -+ * value. Don't use the timer if it might cause spurious exits -+ * at a rate faster than 0.1 Hz (of uninterrupted guest time). -+ */ -+ if (use_timer_freq > 0xffffffffu / 10) -+ enable_preemption_timer = false; -+ } -+ -+ if (!enable_preemption_timer) { -+ kvm_x86_ops->set_hv_timer = NULL; -+ kvm_x86_ops->cancel_hv_timer = NULL; -+ kvm_x86_ops->request_immediate_exit = __kvm_request_immediate_exit; -+ } -+ -+ kvm_set_posted_intr_wakeup_handler(wakeup_handler); -+ -+ kvm_mce_cap_supported |= MCG_LMCE_P; -+ -+ if (pt_mode != PT_MODE_SYSTEM && pt_mode != PT_MODE_HOST_GUEST) -+ return -EINVAL; -+ if (!enable_ept || !cpu_has_vmx_intel_pt()) -+ pt_mode = PT_MODE_SYSTEM; -+ -+ if (nested) { -+ nested_vmx_setup_ctls_msrs(&vmcs_config.nested, -+ vmx_capability.ept, enable_apicv); -+ -+ r = nested_vmx_hardware_setup(kvm_vmx_exit_handlers); -+ if (r) -+ return r; -+ } -+ -+ r = alloc_kvm_area(); -+ if (r) -+ nested_vmx_hardware_unsetup(); -+ return r; -+} -+ -+static __exit void hardware_unsetup(void) -+{ -+ if (nested) -+ nested_vmx_hardware_unsetup(); -+ -+ free_kvm_area(); -+} -+ -+static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { -+ .cpu_has_kvm_support = cpu_has_kvm_support, -+ .disabled_by_bios = vmx_disabled_by_bios, -+ .hardware_setup = hardware_setup, -+ .hardware_unsetup = hardware_unsetup, -+ .check_processor_compatibility = vmx_check_processor_compat, -+ .hardware_enable = hardware_enable, -+ .hardware_disable = hardware_disable, -+ .cpu_has_accelerated_tpr = report_flexpriority, -+ .has_emulated_msr = vmx_has_emulated_msr, -+ -+ .vm_init = vmx_vm_init, -+ .vm_alloc = vmx_vm_alloc, -+ .vm_free = vmx_vm_free, -+ -+ .vcpu_create = vmx_create_vcpu, -+ .vcpu_free = vmx_free_vcpu, -+ .vcpu_reset = vmx_vcpu_reset, -+ -+ .prepare_guest_switch = vmx_prepare_switch_to_guest, -+ .vcpu_load = vmx_vcpu_load, -+ .vcpu_put = vmx_vcpu_put, -+ -+ .update_bp_intercept = update_exception_bitmap, -+ .get_msr_feature = vmx_get_msr_feature, -+ .get_msr = vmx_get_msr, -+ .set_msr = vmx_set_msr, -+ .get_segment_base = vmx_get_segment_base, -+ .get_segment = vmx_get_segment, -+ .set_segment = vmx_set_segment, -+ .get_cpl = vmx_get_cpl, -+ .get_cs_db_l_bits = vmx_get_cs_db_l_bits, -+ .decache_cr0_guest_bits = vmx_decache_cr0_guest_bits, -+ .decache_cr4_guest_bits = vmx_decache_cr4_guest_bits, -+ .set_cr0 = vmx_set_cr0, -+ .set_cr3 = vmx_set_cr3, -+ .set_cr4 = vmx_set_cr4, -+ .set_efer = vmx_set_efer, -+ .get_idt = vmx_get_idt, -+ .set_idt = vmx_set_idt, -+ .get_gdt = vmx_get_gdt, -+ .set_gdt = vmx_set_gdt, -+ .get_dr6 = vmx_get_dr6, -+ .set_dr6 = vmx_set_dr6, -+ .set_dr7 = vmx_set_dr7, -+ .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, -+ .cache_reg = vmx_cache_reg, -+ .get_rflags = vmx_get_rflags, -+ .set_rflags = vmx_set_rflags, -+ -+ .tlb_flush = vmx_flush_tlb, -+ .tlb_flush_gva = vmx_flush_tlb_gva, -+ -+ .run = vmx_vcpu_run, -+ .handle_exit = vmx_handle_exit, -+ .skip_emulated_instruction = skip_emulated_instruction, -+ .set_interrupt_shadow = vmx_set_interrupt_shadow, -+ .get_interrupt_shadow = vmx_get_interrupt_shadow, -+ .patch_hypercall = vmx_patch_hypercall, -+ .set_irq = vmx_inject_irq, -+ .set_nmi = vmx_inject_nmi, -+ .queue_exception = vmx_queue_exception, -+ .cancel_injection = vmx_cancel_injection, -+ .interrupt_allowed = vmx_interrupt_allowed, -+ .nmi_allowed = vmx_nmi_allowed, -+ .get_nmi_mask = vmx_get_nmi_mask, -+ .set_nmi_mask = vmx_set_nmi_mask, -+ .enable_nmi_window = enable_nmi_window, -+ .enable_irq_window = enable_irq_window, -+ .update_cr8_intercept = update_cr8_intercept, -+ .set_virtual_apic_mode = vmx_set_virtual_apic_mode, -+ .set_apic_access_page_addr = vmx_set_apic_access_page_addr, -+ .get_enable_apicv = vmx_get_enable_apicv, -+ .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl, -+ .load_eoi_exitmap = vmx_load_eoi_exitmap, -+ .apicv_post_state_restore = vmx_apicv_post_state_restore, -+ .hwapic_irr_update = vmx_hwapic_irr_update, -+ .hwapic_isr_update = vmx_hwapic_isr_update, -+ .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, -+ .sync_pir_to_irr = vmx_sync_pir_to_irr, -+ .deliver_posted_interrupt = vmx_deliver_posted_interrupt, -+ .dy_apicv_has_pending_interrupt = vmx_dy_apicv_has_pending_interrupt, -+ -+ .set_tss_addr = vmx_set_tss_addr, -+ .set_identity_map_addr = vmx_set_identity_map_addr, -+ .get_tdp_level = get_ept_level, -+ .get_mt_mask = vmx_get_mt_mask, -+ -+ .get_exit_info = vmx_get_exit_info, -+ -+ .get_lpage_level = vmx_get_lpage_level, -+ -+ .cpuid_update = vmx_cpuid_update, -+ -+ .rdtscp_supported = vmx_rdtscp_supported, -+ .invpcid_supported = vmx_invpcid_supported, -+ -+ .set_supported_cpuid = vmx_set_supported_cpuid, -+ -+ .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit, -+ -+ .read_l1_tsc_offset = vmx_read_l1_tsc_offset, -+ .write_l1_tsc_offset = vmx_write_l1_tsc_offset, -+ -+ .set_tdp_cr3 = vmx_set_cr3, -+ -+ .check_intercept = vmx_check_intercept, -+ .handle_exit_irqoff = vmx_handle_exit_irqoff, -+ .mpx_supported = vmx_mpx_supported, -+ .xsaves_supported = vmx_xsaves_supported, -+ .umip_emulated = vmx_umip_emulated, -+ .pt_supported = vmx_pt_supported, -+ -+ .request_immediate_exit = vmx_request_immediate_exit, -+ -+ .sched_in = vmx_sched_in, -+ -+ .slot_enable_log_dirty = vmx_slot_enable_log_dirty, -+ .slot_disable_log_dirty = vmx_slot_disable_log_dirty, -+ .flush_log_dirty = vmx_flush_log_dirty, -+ .enable_log_dirty_pt_masked = vmx_enable_log_dirty_pt_masked, -+ .write_log_dirty = vmx_write_pml_buffer, -+ -+ .pre_block = vmx_pre_block, -+ .post_block = vmx_post_block, -+ -+ .pmu_ops = &intel_pmu_ops, -+ -+ .update_pi_irte = vmx_update_pi_irte, -+ -+#ifdef CONFIG_X86_64 -+ .set_hv_timer = vmx_set_hv_timer, -+ .cancel_hv_timer = vmx_cancel_hv_timer, -+#endif -+ -+ .setup_mce = vmx_setup_mce, -+ -+ .smi_allowed = vmx_smi_allowed, -+ .pre_enter_smm = vmx_pre_enter_smm, -+ .pre_leave_smm = vmx_pre_leave_smm, -+ .enable_smi_window = enable_smi_window, -+ -+ .check_nested_events = NULL, -+ .get_nested_state = NULL, -+ .set_nested_state = NULL, -+ .get_vmcs12_pages = NULL, -+ .nested_enable_evmcs = NULL, -+ .nested_get_evmcs_version = NULL, -+ .need_emulation_on_page_fault = vmx_need_emulation_on_page_fault, -+ .apic_init_signal_blocked = vmx_apic_init_signal_blocked, -+}; -+ -+static void vmx_cleanup_l1d_flush(void) -+{ -+ if (vmx_l1d_flush_pages) { -+ free_pages((unsigned long)vmx_l1d_flush_pages, L1D_CACHE_ORDER); -+ vmx_l1d_flush_pages = NULL; -+ } -+ /* Restore state so sysfs ignores VMX */ -+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; -+} -+ -+static void vmx_exit(void) -+{ -+#ifdef CONFIG_KEXEC_CORE -+ RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL); -+ synchronize_rcu(); -+#endif -+ -+ kvm_exit(); -+ -+#if IS_ENABLED(CONFIG_HYPERV) -+ if (static_branch_unlikely(&enable_evmcs)) { -+ int cpu; -+ struct hv_vp_assist_page *vp_ap; -+ /* -+ * Reset everything to support using non-enlightened VMCS -+ * access later (e.g. when we reload the module with -+ * enlightened_vmcs=0) -+ */ -+ for_each_online_cpu(cpu) { -+ vp_ap = hv_get_vp_assist_page(cpu); -+ -+ if (!vp_ap) -+ continue; -+ -+ vp_ap->nested_control.features.directhypercall = 0; -+ vp_ap->current_nested_vmcs = 0; -+ vp_ap->enlighten_vmentry = 0; -+ } -+ -+ static_branch_disable(&enable_evmcs); -+ } -+#endif -+ vmx_cleanup_l1d_flush(); -+} -+module_exit(vmx_exit); -+ -+static int __init vmx_init(void) -+{ -+ int r; -+ -+#if IS_ENABLED(CONFIG_HYPERV) -+ /* -+ * Enlightened VMCS usage should be recommended and the host needs -+ * to support eVMCS v1 or above. We can also disable eVMCS support -+ * with module parameter. -+ */ -+ if (enlightened_vmcs && -+ ms_hyperv.hints & HV_X64_ENLIGHTENED_VMCS_RECOMMENDED && -+ (ms_hyperv.nested_features & HV_X64_ENLIGHTENED_VMCS_VERSION) >= -+ KVM_EVMCS_VERSION) { -+ int cpu; -+ -+ /* Check that we have assist pages on all online CPUs */ -+ for_each_online_cpu(cpu) { -+ if (!hv_get_vp_assist_page(cpu)) { -+ enlightened_vmcs = false; -+ break; -+ } -+ } -+ -+ if (enlightened_vmcs) { -+ pr_info("KVM: vmx: using Hyper-V Enlightened VMCS\n"); -+ static_branch_enable(&enable_evmcs); -+ } -+ -+ if (ms_hyperv.nested_features & HV_X64_NESTED_DIRECT_FLUSH) -+ vmx_x86_ops.enable_direct_tlbflush -+ = hv_enable_direct_tlbflush; -+ -+ } else { -+ enlightened_vmcs = false; -+ } -+#endif -+ -+ r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), -+ __alignof__(struct vcpu_vmx), THIS_MODULE); -+ if (r) -+ return r; -+ -+ /* -+ * Must be called after kvm_init() so enable_ept is properly set -+ * up. Hand the parameter mitigation value in which was stored in -+ * the pre module init parser. If no parameter was given, it will -+ * contain 'auto' which will be turned into the default 'cond' -+ * mitigation mode. -+ */ -+ r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); -+ if (r) { -+ vmx_exit(); -+ return r; -+ } -+ -+#ifdef CONFIG_KEXEC_CORE -+ rcu_assign_pointer(crash_vmclear_loaded_vmcss, -+ crash_vmclear_local_loaded_vmcss); -+#endif -+ vmx_check_vmcs12_offsets(); -+ -+ return 0; -+} -+module_init(vmx_init); -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 8a51442247c5..d6851636edab 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -924,9 +924,11 @@ static u64 kvm_dr6_fixed(struct kvm_vcpu *vcpu) - - static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val) - { -+ size_t size = ARRAY_SIZE(vcpu->arch.db); -+ - switch (dr) { - case 0 ... 3: -- vcpu->arch.db[dr] = val; -+ vcpu->arch.db[array_index_nospec(dr, size)] = val; - if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) - vcpu->arch.eff_db[dr] = val; - break; -@@ -963,9 +965,11 @@ EXPORT_SYMBOL_GPL(kvm_set_dr); - - int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val) - { -+ size_t size = ARRAY_SIZE(vcpu->arch.db); -+ - switch (dr) { - case 0 ... 3: -- *val = vcpu->arch.db[dr]; -+ *val = vcpu->arch.db[array_index_nospec(dr, size)]; - break; - case 4: - /* fall through */ -@@ -2161,7 +2165,10 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data) - default: - if (msr >= MSR_IA32_MC0_CTL && - msr < MSR_IA32_MCx_CTL(bank_num)) { -- u32 offset = msr - MSR_IA32_MC0_CTL; -+ u32 offset = array_index_nospec( -+ msr - MSR_IA32_MC0_CTL, -+ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL); -+ - /* only 0 or all 1s can be written to IA32_MCi_CTL - * some Linux kernels though clear bit 10 in bank 4 to - * workaround a BIOS/GART TBL issue on AMD K8s, ignore -@@ -2545,7 +2552,10 @@ static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) - default: - if (msr >= MSR_IA32_MC0_CTL && - msr < MSR_IA32_MCx_CTL(bank_num)) { -- u32 offset = msr - MSR_IA32_MC0_CTL; -+ u32 offset = array_index_nospec( -+ msr - MSR_IA32_MC0_CTL, -+ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL); -+ - data = vcpu->arch.mce_banks[offset]; - break; - } -@@ -6304,7 +6314,7 @@ static void kvm_set_mmio_spte_mask(void) - * If reserved bit is not supported, clear the present bit to disable - * mmio page fault. - */ -- if (IS_ENABLED(CONFIG_X86_64) && maxphyaddr == 52) -+ if (maxphyaddr == 52) - mask &= ~1ull; - - kvm_mmu_set_mmio_spte_mask(mask, mask); -@@ -7667,6 +7677,9 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu, - int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu, - struct kvm_mp_state *mp_state) - { -+ if (kvm_mpx_supported()) -+ kvm_load_guest_fpu(vcpu); -+ - kvm_apic_accept_events(vcpu); - if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED && - vcpu->arch.pv.pv_unhalted) -@@ -7674,6 +7687,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu, - else - mp_state->mp_state = vcpu->arch.mp_state; - -+ if (kvm_mpx_supported()) -+ kvm_put_guest_fpu(vcpu); - return 0; - } - -@@ -8053,7 +8068,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) - kvm_mmu_unload(vcpu); - vcpu_put(vcpu); - -- kvm_x86_ops->vcpu_free(vcpu); -+ kvm_arch_vcpu_free(vcpu); - } - - void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) -diff --git a/crypto/algapi.c b/crypto/algapi.c -index 50eb828db767..603d2d637209 100644 ---- a/crypto/algapi.c -+++ b/crypto/algapi.c -@@ -652,11 +652,9 @@ EXPORT_SYMBOL_GPL(crypto_grab_spawn); - - void crypto_drop_spawn(struct crypto_spawn *spawn) - { -- if (!spawn->alg) -- return; -- - down_write(&crypto_alg_sem); -- list_del(&spawn->list); -+ if (spawn->alg) -+ list_del(&spawn->list); - up_write(&crypto_alg_sem); - } - EXPORT_SYMBOL_GPL(crypto_drop_spawn); -@@ -664,22 +662,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn); - static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn) - { - struct crypto_alg *alg; -- struct crypto_alg *alg2; - - down_read(&crypto_alg_sem); - alg = spawn->alg; -- alg2 = alg; -- if (alg2) -- alg2 = crypto_mod_get(alg2); -- up_read(&crypto_alg_sem); -- -- if (!alg2) { -- if (alg) -- crypto_shoot_alg(alg); -- return ERR_PTR(-EAGAIN); -+ if (alg && !crypto_mod_get(alg)) { -+ alg->cra_flags |= CRYPTO_ALG_DYING; -+ alg = NULL; - } -+ up_read(&crypto_alg_sem); - -- return alg; -+ return alg ?: ERR_PTR(-EAGAIN); - } - - struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, -diff --git a/crypto/api.c b/crypto/api.c -index e485aed11ad0..187795a6687d 100644 ---- a/crypto/api.c -+++ b/crypto/api.c -@@ -339,13 +339,12 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask) - return len; - } - --void crypto_shoot_alg(struct crypto_alg *alg) -+static void crypto_shoot_alg(struct crypto_alg *alg) - { - down_write(&crypto_alg_sem); - alg->cra_flags |= CRYPTO_ALG_DYING; - up_write(&crypto_alg_sem); - } --EXPORT_SYMBOL_GPL(crypto_shoot_alg); - - struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, - u32 mask) -diff --git a/crypto/internal.h b/crypto/internal.h -index f07320423191..6262ec0435b4 100644 ---- a/crypto/internal.h -+++ b/crypto/internal.h -@@ -84,7 +84,6 @@ void crypto_alg_tested(const char *name, int err); - void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, - struct crypto_alg *nalg); - void crypto_remove_final(struct list_head *list); --void crypto_shoot_alg(struct crypto_alg *alg); - struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, - u32 mask); - void *crypto_create_tfm(struct crypto_alg *alg, -diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index 1348541da463..85082574c515 100644 ---- a/crypto/pcrypt.c -+++ b/crypto/pcrypt.c -@@ -130,7 +130,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err) - struct padata_priv *padata = pcrypt_request_padata(preq); - - padata->info = err; -- req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; - - padata_do_serial(padata); - } -diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c -index 43587ac680e4..214c4e2e8ade 100644 ---- a/drivers/acpi/video_detect.c -+++ b/drivers/acpi/video_detect.c -@@ -328,6 +328,11 @@ static const struct dmi_system_id video_detect_dmi_table[] = { - DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7510"), - }, - }, -+ -+ /* -+ * Desktops which falsely report a backlight and which our heuristics -+ * for this do not catch. -+ */ - { - .callback = video_detect_force_none, - .ident = "Dell OptiPlex 9020M", -@@ -336,6 +341,14 @@ static const struct dmi_system_id video_detect_dmi_table[] = { - DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 9020M"), - }, - }, -+ { -+ .callback = video_detect_force_none, -+ .ident = "MSI MS-7721", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "MSI"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "MS-7721"), -+ }, -+ }, - { }, - }; - -diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c -index a30ff97632a5..0e7fa1f27ad4 100644 ---- a/drivers/base/power/main.c -+++ b/drivers/base/power/main.c -@@ -269,10 +269,38 @@ static void dpm_wait_for_suppliers(struct device *dev, bool async) - device_links_read_unlock(idx); - } - --static void dpm_wait_for_superior(struct device *dev, bool async) -+static bool dpm_wait_for_superior(struct device *dev, bool async) - { -- dpm_wait(dev->parent, async); -+ struct device *parent; -+ -+ /* -+ * If the device is resumed asynchronously and the parent's callback -+ * deletes both the device and the parent itself, the parent object may -+ * be freed while this function is running, so avoid that by reference -+ * counting the parent once more unless the device has been deleted -+ * already (in which case return right away). -+ */ -+ mutex_lock(&dpm_list_mtx); -+ -+ if (!device_pm_initialized(dev)) { -+ mutex_unlock(&dpm_list_mtx); -+ return false; -+ } -+ -+ parent = get_device(dev->parent); -+ -+ mutex_unlock(&dpm_list_mtx); -+ -+ dpm_wait(parent, async); -+ put_device(parent); -+ - dpm_wait_for_suppliers(dev, async); -+ -+ /* -+ * If the parent's callback has deleted the device, attempting to resume -+ * it would be invalid, so avoid doing that then. -+ */ -+ return device_pm_initialized(dev); - } - - static void dpm_wait_for_consumers(struct device *dev, bool async) -@@ -551,7 +579,8 @@ static int device_resume_noirq(struct device *dev, pm_message_t state, bool asyn - if (!dev->power.is_noirq_suspended) - goto Out; - -- dpm_wait_for_superior(dev, async); -+ if (!dpm_wait_for_superior(dev, async)) -+ goto Out; - - if (dev->pm_domain) { - info = "noirq power domain "; -@@ -691,7 +720,8 @@ static int device_resume_early(struct device *dev, pm_message_t state, bool asyn - if (!dev->power.is_late_suspended) - goto Out; - -- dpm_wait_for_superior(dev, async); -+ if (!dpm_wait_for_superior(dev, async)) -+ goto Out; - - if (dev->pm_domain) { - info = "early power domain "; -@@ -823,7 +853,9 @@ static int device_resume(struct device *dev, pm_message_t state, bool async) - goto Complete; - } - -- dpm_wait_for_superior(dev, async); -+ if (!dpm_wait_for_superior(dev, async)) -+ goto Complete; -+ - dpm_watchdog_set(&wd, dev); - device_lock(dev); - -diff --git a/drivers/clk/tegra/clk-tegra-periph.c b/drivers/clk/tegra/clk-tegra-periph.c -index 848255cc0209..d300a256fcac 100644 ---- a/drivers/clk/tegra/clk-tegra-periph.c -+++ b/drivers/clk/tegra/clk-tegra-periph.c -@@ -825,7 +825,11 @@ static struct tegra_periph_init_data gate_clks[] = { - GATE("vcp", "clk_m", 29, 0, tegra_clk_vcp, 0), - GATE("apbdma", "clk_m", 34, 0, tegra_clk_apbdma, 0), - GATE("kbc", "clk_32k", 36, TEGRA_PERIPH_ON_APB | TEGRA_PERIPH_NO_RESET, tegra_clk_kbc, 0), -- GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, 0), -+ /* -+ * Critical for RAM re-repair operation, which must occur on resume -+ * from LP1 system suspend and as part of CCPLEX cluster switching. -+ */ -+ GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, CLK_IS_CRITICAL), - GATE("fuse_burn", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse_burn, 0), - GATE("kfuse", "clk_m", 40, TEGRA_PERIPH_ON_APB, tegra_clk_kfuse, 0), - GATE("apbif", "clk_m", 107, TEGRA_PERIPH_ON_APB, tegra_clk_apbif, 0), -diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c -index 11129b796dda..b8153142bcc6 100644 ---- a/drivers/crypto/atmel-aes.c -+++ b/drivers/crypto/atmel-aes.c -@@ -91,7 +91,6 @@ - struct atmel_aes_caps { - bool has_dualbuff; - bool has_cfb64; -- bool has_ctr32; - bool has_gcm; - bool has_xts; - bool has_authenc; -@@ -990,8 +989,9 @@ static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd) - struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx); - struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq); - struct scatterlist *src, *dst; -- u32 ctr, blocks; - size_t datalen; -+ u32 ctr; -+ u16 blocks, start, end; - bool use_dma, fragmented = false; - - /* Check for transfer completion. */ -@@ -1003,27 +1003,17 @@ static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd) - datalen = req->nbytes - ctx->offset; - blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE); - ctr = be32_to_cpu(ctx->iv[3]); -- if (dd->caps.has_ctr32) { -- /* Check 32bit counter overflow. */ -- u32 start = ctr; -- u32 end = start + blocks - 1; -- -- if (end < start) { -- ctr |= 0xffffffff; -- datalen = AES_BLOCK_SIZE * -start; -- fragmented = true; -- } -- } else { -- /* Check 16bit counter overflow. */ -- u16 start = ctr & 0xffff; -- u16 end = start + (u16)blocks - 1; -- -- if (blocks >> 16 || end < start) { -- ctr |= 0xffff; -- datalen = AES_BLOCK_SIZE * (0x10000-start); -- fragmented = true; -- } -+ -+ /* Check 16bit counter overflow. */ -+ start = ctr & 0xffff; -+ end = start + blocks - 1; -+ -+ if (blocks >> 16 || end < start) { -+ ctr |= 0xffff; -+ datalen = AES_BLOCK_SIZE * (0x10000 - start); -+ fragmented = true; - } -+ - use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD); - - /* Jump to offset. */ -@@ -2536,7 +2526,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd) - { - dd->caps.has_dualbuff = 0; - dd->caps.has_cfb64 = 0; -- dd->caps.has_ctr32 = 0; - dd->caps.has_gcm = 0; - dd->caps.has_xts = 0; - dd->caps.has_authenc = 0; -@@ -2547,7 +2536,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd) - case 0x500: - dd->caps.has_dualbuff = 1; - dd->caps.has_cfb64 = 1; -- dd->caps.has_ctr32 = 1; - dd->caps.has_gcm = 1; - dd->caps.has_xts = 1; - dd->caps.has_authenc = 1; -@@ -2556,7 +2544,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd) - case 0x200: - dd->caps.has_dualbuff = 1; - dd->caps.has_cfb64 = 1; -- dd->caps.has_ctr32 = 1; - dd->caps.has_gcm = 1; - dd->caps.max_burst_size = 4; - break; -diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c -index 3e2f41b3eaf3..15e68774034a 100644 ---- a/drivers/crypto/atmel-sha.c -+++ b/drivers/crypto/atmel-sha.c -@@ -1921,12 +1921,7 @@ static int atmel_sha_hmac_setkey(struct crypto_ahash *tfm, const u8 *key, - { - struct atmel_sha_hmac_ctx *hmac = crypto_ahash_ctx(tfm); - -- if (atmel_sha_hmac_key_set(&hmac->hkey, key, keylen)) { -- crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); -- return -EINVAL; -- } -- -- return 0; -+ return atmel_sha_hmac_key_set(&hmac->hkey, key, keylen); - } - - static int atmel_sha_hmac_init(struct ahash_request *req) -diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c -index 9f82e14983f6..a886245b931e 100644 ---- a/drivers/crypto/axis/artpec6_crypto.c -+++ b/drivers/crypto/axis/artpec6_crypto.c -@@ -1256,7 +1256,7 @@ static int artpec6_crypto_aead_set_key(struct crypto_aead *tfm, const u8 *key, - - if (len != 16 && len != 24 && len != 32) { - crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); -- return -1; -+ return -EINVAL; - } - - ctx->key_length = len; -diff --git a/drivers/crypto/ccp/ccp-dev-v3.c b/drivers/crypto/ccp/ccp-dev-v3.c -index 240bebbcb8ac..ae0cc0a4dc5c 100644 ---- a/drivers/crypto/ccp/ccp-dev-v3.c -+++ b/drivers/crypto/ccp/ccp-dev-v3.c -@@ -590,6 +590,7 @@ const struct ccp_vdata ccpv3_platform = { - .setup = NULL, - .perform = &ccp3_actions, - .offset = 0, -+ .rsamax = CCP_RSA_MAX_WIDTH, - }; - - const struct ccp_vdata ccpv3 = { -diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c -index b6f14844702e..7eaeb8507e06 100644 ---- a/drivers/crypto/picoxcell_crypto.c -+++ b/drivers/crypto/picoxcell_crypto.c -@@ -1616,6 +1616,11 @@ static const struct of_device_id spacc_of_id_table[] = { - MODULE_DEVICE_TABLE(of, spacc_of_id_table); - #endif /* CONFIG_OF */ - -+static void spacc_tasklet_kill(void *data) -+{ -+ tasklet_kill(data); -+} -+ - static int spacc_probe(struct platform_device *pdev) - { - int i, err, ret = -EINVAL; -@@ -1659,6 +1664,14 @@ static int spacc_probe(struct platform_device *pdev) - return -ENXIO; - } - -+ tasklet_init(&engine->complete, spacc_spacc_complete, -+ (unsigned long)engine); -+ -+ ret = devm_add_action(&pdev->dev, spacc_tasklet_kill, -+ &engine->complete); -+ if (ret) -+ return ret; -+ - if (devm_request_irq(&pdev->dev, irq->start, spacc_spacc_irq, 0, - engine->name, engine)) { - dev_err(engine->dev, "failed to request IRQ\n"); -@@ -1721,8 +1734,6 @@ static int spacc_probe(struct platform_device *pdev) - INIT_LIST_HEAD(&engine->completed); - INIT_LIST_HEAD(&engine->in_progress); - engine->in_flight = 0; -- tasklet_init(&engine->complete, spacc_spacc_complete, -- (unsigned long)engine); - - platform_set_drvdata(pdev, engine); - -diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c -index d73281095fac..976109c20d49 100644 ---- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c -+++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c -@@ -79,7 +79,11 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c) - struct videomode vm; - unsigned long prate; - unsigned int cfg; -- int div; -+ int div, ret; -+ -+ ret = clk_prepare_enable(crtc->dc->hlcdc->sys_clk); -+ if (ret) -+ return; - - vm.vfront_porch = adj->crtc_vsync_start - adj->crtc_vdisplay; - vm.vback_porch = adj->crtc_vtotal - adj->crtc_vsync_end; -@@ -138,6 +142,8 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c) - ATMEL_HLCDC_VSPSU | ATMEL_HLCDC_VSPHO | - ATMEL_HLCDC_GUARDTIME_MASK | ATMEL_HLCDC_MODE_MASK, - cfg); -+ -+ clk_disable_unprepare(crtc->dc->hlcdc->sys_clk); - } - - static enum drm_mode_status -diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c -index 0824405f93fb..2d93c8f454bc 100644 ---- a/drivers/hv/hv_balloon.c -+++ b/drivers/hv/hv_balloon.c -@@ -1170,10 +1170,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm, - unsigned int i = 0; - struct page *pg; - -- if (num_pages < alloc_unit) -- return 0; -- -- for (i = 0; (i * alloc_unit) < num_pages; i++) { -+ for (i = 0; i < num_pages / alloc_unit; i++) { - if (bl_resp->hdr.size + sizeof(union dm_mem_page_range) > - PAGE_SIZE) - return i * alloc_unit; -@@ -1207,7 +1204,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm, - - } - -- return num_pages; -+ return i * alloc_unit; - } - - static void balloon_up(struct work_struct *dummy) -@@ -1222,9 +1219,6 @@ static void balloon_up(struct work_struct *dummy) - long avail_pages; - unsigned long floor; - -- /* The host balloons pages in 2M granularity. */ -- WARN_ON_ONCE(num_pages % PAGES_IN_2M != 0); -- - /* - * We will attempt 2M allocations. However, if we fail to - * allocate 2M chunks, we will go back to 4k allocations. -@@ -1234,14 +1228,13 @@ static void balloon_up(struct work_struct *dummy) - avail_pages = si_mem_available(); - floor = compute_balloon_floor(); - -- /* Refuse to balloon below the floor, keep the 2M granularity. */ -+ /* Refuse to balloon below the floor. */ - if (avail_pages < num_pages || avail_pages - num_pages < floor) { - pr_warn("Balloon request will be partially fulfilled. %s\n", - avail_pages < num_pages ? "Not enough memory." : - "Balloon floor reached."); - - num_pages = avail_pages > floor ? (avail_pages - floor) : 0; -- num_pages -= num_pages % PAGES_IN_2M; - } - - while (!done) { -diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c -index aadaa9e84eee..c2bbe0df0931 100644 ---- a/drivers/infiniband/core/addr.c -+++ b/drivers/infiniband/core/addr.c -@@ -140,7 +140,7 @@ int ib_nl_handle_ip_res_resp(struct sk_buff *skb, - if (ib_nl_is_good_ip_resp(nlh)) - ib_nl_process_good_ip_rsep(nlh); - -- return skb->len; -+ return 0; - } - - static int ib_nl_ip_send_msg(struct rdma_dev_addr *dev_addr, -diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c -index 50068b0a91fa..83dad5401c93 100644 ---- a/drivers/infiniband/core/sa_query.c -+++ b/drivers/infiniband/core/sa_query.c -@@ -1078,7 +1078,7 @@ int ib_nl_handle_set_timeout(struct sk_buff *skb, - } - - settimeout_out: -- return skb->len; -+ return 0; - } - - static inline int ib_nl_is_good_resolve_resp(const struct nlmsghdr *nlh) -@@ -1149,7 +1149,7 @@ int ib_nl_handle_resolve_resp(struct sk_buff *skb, - } - - resp_out: -- return skb->len; -+ return 0; - } - - static void free_sm_ah(struct kref *kref) -diff --git a/drivers/infiniband/core/umem_odp.c b/drivers/infiniband/core/umem_odp.c -index 55e8f5ed8b3c..57b41125b146 100644 ---- a/drivers/infiniband/core/umem_odp.c -+++ b/drivers/infiniband/core/umem_odp.c -@@ -637,7 +637,7 @@ int ib_umem_odp_map_dma_pages(struct ib_umem *umem, u64 user_virt, u64 bcnt, - - while (bcnt > 0) { - const size_t gup_num_pages = min_t(size_t, -- (bcnt + BIT(page_shift) - 1) >> page_shift, -+ ALIGN(bcnt, PAGE_SIZE) / PAGE_SIZE, - PAGE_SIZE / sizeof(struct page *)); - - down_read(&owning_mm->mmap_sem); -diff --git a/drivers/infiniband/hw/mlx5/gsi.c b/drivers/infiniband/hw/mlx5/gsi.c -index 79e6309460dc..262c18b2f525 100644 ---- a/drivers/infiniband/hw/mlx5/gsi.c -+++ b/drivers/infiniband/hw/mlx5/gsi.c -@@ -507,8 +507,7 @@ int mlx5_ib_gsi_post_send(struct ib_qp *qp, struct ib_send_wr *wr, - ret = ib_post_send(tx_qp, &cur_wr.wr, bad_wr); - if (ret) { - /* Undo the effect of adding the outstanding wr */ -- gsi->outstanding_pi = (gsi->outstanding_pi - 1) % -- gsi->cap.max_send_wr; -+ gsi->outstanding_pi--; - goto err; - } - spin_unlock_irqrestore(&gsi->lock, flags); -diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c -index 94b8d81f6020..d9a67759fdb5 100644 ---- a/drivers/md/dm-crypt.c -+++ b/drivers/md/dm-crypt.c -@@ -485,8 +485,14 @@ static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, - static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti, - const char *opts) - { -- unsigned bs = crypto_skcipher_blocksize(any_tfm(cc)); -- int log = ilog2(bs); -+ unsigned bs; -+ int log; -+ -+ if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags)) -+ bs = crypto_aead_blocksize(any_tfm_aead(cc)); -+ else -+ bs = crypto_skcipher_blocksize(any_tfm(cc)); -+ log = ilog2(bs); - - /* we need to calculate how far we must shift the sector count - * to get the cipher block count, we use this shift in _gen */ -diff --git a/drivers/md/dm-zoned-metadata.c b/drivers/md/dm-zoned-metadata.c -index 9b78f4a74a12..e3b67b145027 100644 ---- a/drivers/md/dm-zoned-metadata.c -+++ b/drivers/md/dm-zoned-metadata.c -@@ -132,6 +132,7 @@ struct dmz_metadata { - - sector_t zone_bitmap_size; - unsigned int zone_nr_bitmap_blocks; -+ unsigned int zone_bits_per_mblk; - - unsigned int nr_bitmap_blocks; - unsigned int nr_map_blocks; -@@ -1165,7 +1166,10 @@ static int dmz_init_zones(struct dmz_metadata *zmd) - - /* Init */ - zmd->zone_bitmap_size = dev->zone_nr_blocks >> 3; -- zmd->zone_nr_bitmap_blocks = zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT; -+ zmd->zone_nr_bitmap_blocks = -+ max_t(sector_t, 1, zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT); -+ zmd->zone_bits_per_mblk = min_t(sector_t, dev->zone_nr_blocks, -+ DMZ_BLOCK_SIZE_BITS); - - /* Allocate zone array */ - zmd->zones = kcalloc(dev->nr_zones, sizeof(struct dm_zone), GFP_KERNEL); -@@ -1982,7 +1986,7 @@ int dmz_copy_valid_blocks(struct dmz_metadata *zmd, struct dm_zone *from_zone, - dmz_release_mblock(zmd, to_mblk); - dmz_release_mblock(zmd, from_mblk); - -- chunk_block += DMZ_BLOCK_SIZE_BITS; -+ chunk_block += zmd->zone_bits_per_mblk; - } - - to_zone->weight = from_zone->weight; -@@ -2043,7 +2047,7 @@ int dmz_validate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone, - - /* Set bits */ - bit = chunk_block & DMZ_BLOCK_MASK_BITS; -- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit); -+ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit); - - count = dmz_set_bits((unsigned long *)mblk->data, bit, nr_bits); - if (count) { -@@ -2122,7 +2126,7 @@ int dmz_invalidate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone, - - /* Clear bits */ - bit = chunk_block & DMZ_BLOCK_MASK_BITS; -- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit); -+ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit); - - count = dmz_clear_bits((unsigned long *)mblk->data, - bit, nr_bits); -@@ -2182,6 +2186,7 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone, - { - struct dmz_mblock *mblk; - unsigned int bit, set_bit, nr_bits; -+ unsigned int zone_bits = zmd->zone_bits_per_mblk; - unsigned long *bitmap; - int n = 0; - -@@ -2196,15 +2201,15 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone, - /* Get offset */ - bitmap = (unsigned long *) mblk->data; - bit = chunk_block & DMZ_BLOCK_MASK_BITS; -- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit); -+ nr_bits = min(nr_blocks, zone_bits - bit); - if (set) -- set_bit = find_next_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit); -+ set_bit = find_next_bit(bitmap, zone_bits, bit); - else -- set_bit = find_next_zero_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit); -+ set_bit = find_next_zero_bit(bitmap, zone_bits, bit); - dmz_release_mblock(zmd, mblk); - - n += set_bit - bit; -- if (set_bit < DMZ_BLOCK_SIZE_BITS) -+ if (set_bit < zone_bits) - break; - - nr_blocks -= nr_bits; -@@ -2307,7 +2312,7 @@ static void dmz_get_zone_weight(struct dmz_metadata *zmd, struct dm_zone *zone) - /* Count bits in this block */ - bitmap = mblk->data; - bit = chunk_block & DMZ_BLOCK_MASK_BITS; -- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit); -+ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit); - n += dmz_count_bits(bitmap, bit, nr_bits); - - dmz_release_mblock(zmd, mblk); -diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index a56008b2e7c2..02ba6849f89d 100644 ---- a/drivers/md/dm.c -+++ b/drivers/md/dm.c -@@ -1647,7 +1647,6 @@ void dm_init_md_queue(struct mapped_device *md) - * - must do so here (in alloc_dev callchain) before queue is used - */ - md->queue->queuedata = md; -- md->queue->backing_dev_info->congested_data = md; - } - - void dm_init_normal_md_queue(struct mapped_device *md) -@@ -1658,6 +1657,7 @@ void dm_init_normal_md_queue(struct mapped_device *md) - /* - * Initialize aspects of queue that aren't relevant for blk-mq - */ -+ md->queue->backing_dev_info->congested_data = md; - md->queue->backing_dev_info->congested_fn = dm_any_congested; - } - -@@ -1750,6 +1750,12 @@ static struct mapped_device *alloc_dev(int minor) - goto bad; - - dm_init_md_queue(md); -+ /* -+ * default to bio-based required ->make_request_fn until DM -+ * table is loaded and md->type established. If request-based -+ * table is loaded: blk-mq will override accordingly. -+ */ -+ blk_queue_make_request(md->queue, dm_make_request); - - md->disk = alloc_disk_node(1, numa_node_id); - if (!md->disk) -@@ -2055,7 +2061,6 @@ int dm_setup_md_queue(struct mapped_device *md, struct dm_table *t) - case DM_TYPE_BIO_BASED: - case DM_TYPE_DAX_BIO_BASED: - dm_init_normal_md_queue(md); -- blk_queue_make_request(md->queue, dm_make_request); - /* - * DM handles splitting bios as needed. Free the bio_split bioset - * since it won't be used (saves 1 process per bio-based DM device). -diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c -index 829b4ce057d8..97f16fe14f54 100644 ---- a/drivers/md/persistent-data/dm-space-map-common.c -+++ b/drivers/md/persistent-data/dm-space-map-common.c -@@ -382,6 +382,33 @@ int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin, - return -ENOSPC; - } - -+int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll, -+ dm_block_t begin, dm_block_t end, dm_block_t *b) -+{ -+ int r; -+ uint32_t count; -+ -+ do { -+ r = sm_ll_find_free_block(new_ll, begin, new_ll->nr_blocks, b); -+ if (r) -+ break; -+ -+ /* double check this block wasn't used in the old transaction */ -+ if (*b >= old_ll->nr_blocks) -+ count = 0; -+ else { -+ r = sm_ll_lookup(old_ll, *b, &count); -+ if (r) -+ break; -+ -+ if (count) -+ begin = *b + 1; -+ } -+ } while (count); -+ -+ return r; -+} -+ - static int sm_ll_mutate(struct ll_disk *ll, dm_block_t b, - int (*mutator)(void *context, uint32_t old, uint32_t *new), - void *context, enum allocation_event *ev) -diff --git a/drivers/md/persistent-data/dm-space-map-common.h b/drivers/md/persistent-data/dm-space-map-common.h -index b3078d5eda0c..8de63ce39bdd 100644 ---- a/drivers/md/persistent-data/dm-space-map-common.h -+++ b/drivers/md/persistent-data/dm-space-map-common.h -@@ -109,6 +109,8 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result); - int sm_ll_lookup(struct ll_disk *ll, dm_block_t b, uint32_t *result); - int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin, - dm_block_t end, dm_block_t *result); -+int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll, -+ dm_block_t begin, dm_block_t end, dm_block_t *result); - int sm_ll_insert(struct ll_disk *ll, dm_block_t b, uint32_t ref_count, enum allocation_event *ev); - int sm_ll_inc(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev); - int sm_ll_dec(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev); -diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c -index 32adf6b4a9c7..bf4c5e2ccb6f 100644 ---- a/drivers/md/persistent-data/dm-space-map-disk.c -+++ b/drivers/md/persistent-data/dm-space-map-disk.c -@@ -167,8 +167,10 @@ static int sm_disk_new_block(struct dm_space_map *sm, dm_block_t *b) - enum allocation_event ev; - struct sm_disk *smd = container_of(sm, struct sm_disk, sm); - -- /* FIXME: we should loop round a couple of times */ -- r = sm_ll_find_free_block(&smd->old_ll, smd->begin, smd->old_ll.nr_blocks, b); -+ /* -+ * Any block we allocate has to be free in both the old and current ll. -+ */ -+ r = sm_ll_find_common_free_block(&smd->old_ll, &smd->ll, smd->begin, smd->ll.nr_blocks, b); - if (r) - return r; - -diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c -index b23cac2c4738..31a999458be9 100644 ---- a/drivers/md/persistent-data/dm-space-map-metadata.c -+++ b/drivers/md/persistent-data/dm-space-map-metadata.c -@@ -447,7 +447,10 @@ static int sm_metadata_new_block_(struct dm_space_map *sm, dm_block_t *b) - enum allocation_event ev; - struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm); - -- r = sm_ll_find_free_block(&smm->old_ll, smm->begin, smm->old_ll.nr_blocks, b); -+ /* -+ * Any block we allocate has to be free in both the old and current ll. -+ */ -+ r = sm_ll_find_common_free_block(&smm->old_ll, &smm->ll, smm->begin, smm->ll.nr_blocks, b); - if (r) - return r; - -diff --git a/drivers/media/i2c/adv748x/adv748x.h b/drivers/media/i2c/adv748x/adv748x.h -index 296c5f8a8c63..1991c22be51a 100644 ---- a/drivers/media/i2c/adv748x/adv748x.h -+++ b/drivers/media/i2c/adv748x/adv748x.h -@@ -372,10 +372,10 @@ int adv748x_write_block(struct adv748x_state *state, int client_page, - - #define io_read(s, r) adv748x_read(s, ADV748X_PAGE_IO, r) - #define io_write(s, r, v) adv748x_write(s, ADV748X_PAGE_IO, r, v) --#define io_clrset(s, r, m, v) io_write(s, r, (io_read(s, r) & ~m) | v) -+#define io_clrset(s, r, m, v) io_write(s, r, (io_read(s, r) & ~(m)) | (v)) - - #define hdmi_read(s, r) adv748x_read(s, ADV748X_PAGE_HDMI, r) --#define hdmi_read16(s, r, m) (((hdmi_read(s, r) << 8) | hdmi_read(s, r+1)) & m) -+#define hdmi_read16(s, r, m) (((hdmi_read(s, r) << 8) | hdmi_read(s, (r)+1)) & (m)) - #define hdmi_write(s, r, v) adv748x_write(s, ADV748X_PAGE_HDMI, r, v) - - #define repeater_read(s, r) adv748x_read(s, ADV748X_PAGE_REPEATER, r) -@@ -383,11 +383,11 @@ int adv748x_write_block(struct adv748x_state *state, int client_page, - - #define sdp_read(s, r) adv748x_read(s, ADV748X_PAGE_SDP, r) - #define sdp_write(s, r, v) adv748x_write(s, ADV748X_PAGE_SDP, r, v) --#define sdp_clrset(s, r, m, v) sdp_write(s, r, (sdp_read(s, r) & ~m) | v) -+#define sdp_clrset(s, r, m, v) sdp_write(s, r, (sdp_read(s, r) & ~(m)) | (v)) - - #define cp_read(s, r) adv748x_read(s, ADV748X_PAGE_CP, r) - #define cp_write(s, r, v) adv748x_write(s, ADV748X_PAGE_CP, r, v) --#define cp_clrset(s, r, m, v) cp_write(s, r, (cp_read(s, r) & ~m) | v) -+#define cp_clrset(s, r, m, v) cp_write(s, r, (cp_read(s, r) & ~(m)) | (v)) - - #define txa_read(s, r) adv748x_read(s, ADV748X_PAGE_TXA, r) - #define txb_read(s, r) adv748x_read(s, ADV748X_PAGE_TXB, r) -diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c -index 3c2e248ceca8..03dbbfba71fc 100644 ---- a/drivers/media/rc/iguanair.c -+++ b/drivers/media/rc/iguanair.c -@@ -427,7 +427,7 @@ static int iguanair_probe(struct usb_interface *intf, - int ret, pipein, pipeout; - struct usb_host_interface *idesc; - -- idesc = intf->altsetting; -+ idesc = intf->cur_altsetting; - if (idesc->desc.bNumEndpoints < 2) - return -ENODEV; - -diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c -index 6445b638f207..5899593dabaf 100644 ---- a/drivers/media/usb/uvc/uvc_driver.c -+++ b/drivers/media/usb/uvc/uvc_driver.c -@@ -1446,6 +1446,11 @@ static int uvc_scan_chain_forward(struct uvc_video_chain *chain, - break; - if (forward == prev) - continue; -+ if (forward->chain.next || forward->chain.prev) { -+ uvc_trace(UVC_TRACE_DESCR, "Found reference to " -+ "entity %d already in chain.\n", forward->id); -+ return -EINVAL; -+ } - - switch (UVC_ENTITY_TYPE(forward)) { - case UVC_VC_EXTENSION_UNIT: -@@ -1527,6 +1532,13 @@ static int uvc_scan_chain_backward(struct uvc_video_chain *chain, - return -1; - } - -+ if (term->chain.next || term->chain.prev) { -+ uvc_trace(UVC_TRACE_DESCR, "Found reference to " -+ "entity %d already in chain.\n", -+ term->id); -+ return -EINVAL; -+ } -+ - if (uvc_trace_param & UVC_TRACE_PROBE) - printk(KERN_CONT " %d", term->id); - -diff --git a/drivers/media/v4l2-core/videobuf-dma-sg.c b/drivers/media/v4l2-core/videobuf-dma-sg.c -index f412429cf5ba..c55e607f5631 100644 ---- a/drivers/media/v4l2-core/videobuf-dma-sg.c -+++ b/drivers/media/v4l2-core/videobuf-dma-sg.c -@@ -352,8 +352,11 @@ int videobuf_dma_free(struct videobuf_dmabuf *dma) - BUG_ON(dma->sglen); - - if (dma->pages) { -- for (i = 0; i < dma->nr_pages; i++) -+ for (i = 0; i < dma->nr_pages; i++) { -+ if (dma->direction == DMA_FROM_DEVICE) -+ set_page_dirty_lock(dma->pages[i]); - put_page(dma->pages[i]); -+ } - kfree(dma->pages); - dma->pages = NULL; - } -diff --git a/drivers/mfd/da9062-core.c b/drivers/mfd/da9062-core.c -index fe1811523e4a..eff6ae5073c8 100644 ---- a/drivers/mfd/da9062-core.c -+++ b/drivers/mfd/da9062-core.c -@@ -257,7 +257,7 @@ static const struct mfd_cell da9062_devs[] = { - .name = "da9062-watchdog", - .num_resources = ARRAY_SIZE(da9062_wdt_resources), - .resources = da9062_wdt_resources, -- .of_compatible = "dlg,da9062-wdt", -+ .of_compatible = "dlg,da9062-watchdog", - }, - { - .name = "da9062-thermal", -diff --git a/drivers/mfd/dln2.c b/drivers/mfd/dln2.c -index 704e189ca162..95d0f2df0ad4 100644 ---- a/drivers/mfd/dln2.c -+++ b/drivers/mfd/dln2.c -@@ -729,6 +729,8 @@ static int dln2_probe(struct usb_interface *interface, - const struct usb_device_id *usb_id) - { - struct usb_host_interface *hostif = interface->cur_altsetting; -+ struct usb_endpoint_descriptor *epin; -+ struct usb_endpoint_descriptor *epout; - struct device *dev = &interface->dev; - struct dln2_dev *dln2; - int ret; -@@ -738,12 +740,19 @@ static int dln2_probe(struct usb_interface *interface, - hostif->desc.bNumEndpoints < 2) - return -ENODEV; - -+ epin = &hostif->endpoint[0].desc; -+ epout = &hostif->endpoint[1].desc; -+ if (!usb_endpoint_is_bulk_out(epout)) -+ return -ENODEV; -+ if (!usb_endpoint_is_bulk_in(epin)) -+ return -ENODEV; -+ - dln2 = kzalloc(sizeof(*dln2), GFP_KERNEL); - if (!dln2) - return -ENOMEM; - -- dln2->ep_out = hostif->endpoint[0].desc.bEndpointAddress; -- dln2->ep_in = hostif->endpoint[1].desc.bEndpointAddress; -+ dln2->ep_out = epout->bEndpointAddress; -+ dln2->ep_in = epin->bEndpointAddress; - dln2->usb_dev = usb_get_dev(interface_to_usbdev(interface)); - dln2->interface = interface; - usb_set_intfdata(interface, dln2); -diff --git a/drivers/mfd/rn5t618.c b/drivers/mfd/rn5t618.c -index f4037d42a60f..dd4251f105e0 100644 ---- a/drivers/mfd/rn5t618.c -+++ b/drivers/mfd/rn5t618.c -@@ -32,6 +32,7 @@ static bool rn5t618_volatile_reg(struct device *dev, unsigned int reg) - case RN5T618_WATCHDOGCNT: - case RN5T618_DCIRQ: - case RN5T618_ILIMDATAH ... RN5T618_AIN0DATAL: -+ case RN5T618_ADCCNT3: - case RN5T618_IR_ADC1 ... RN5T618_IR_ADC3: - case RN5T618_IR_GPR: - case RN5T618_IR_GPF: -diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c -index ea254d00541f..24795454d106 100644 ---- a/drivers/mmc/host/mmc_spi.c -+++ b/drivers/mmc/host/mmc_spi.c -@@ -1154,17 +1154,22 @@ static void mmc_spi_initsequence(struct mmc_spi_host *host) - * SPI protocol. Another is that when chipselect is released while - * the card returns BUSY status, the clock must issue several cycles - * with chipselect high before the card will stop driving its output. -+ * -+ * SPI_CS_HIGH means "asserted" here. In some cases like when using -+ * GPIOs for chip select, SPI_CS_HIGH is set but this will be logically -+ * inverted by gpiolib, so if we want to ascertain to drive it high -+ * we should toggle the default with an XOR as we do here. - */ -- host->spi->mode |= SPI_CS_HIGH; -+ host->spi->mode ^= SPI_CS_HIGH; - if (spi_setup(host->spi) != 0) { - /* Just warn; most cards work without it. */ - dev_warn(&host->spi->dev, - "can't change chip-select polarity\n"); -- host->spi->mode &= ~SPI_CS_HIGH; -+ host->spi->mode ^= SPI_CS_HIGH; - } else { - mmc_spi_readbytes(host, 18); - -- host->spi->mode &= ~SPI_CS_HIGH; -+ host->spi->mode ^= SPI_CS_HIGH; - if (spi_setup(host->spi) != 0) { - /* Wot, we can't get the same setup we had before? */ - dev_err(&host->spi->dev, -diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c -index 564e7be21e06..1dadd460cc8f 100644 ---- a/drivers/mmc/host/sdhci-of-at91.c -+++ b/drivers/mmc/host/sdhci-of-at91.c -@@ -331,19 +331,22 @@ static int sdhci_at91_probe(struct platform_device *pdev) - priv->mainck = devm_clk_get(&pdev->dev, "baseclk"); - if (IS_ERR(priv->mainck)) { - dev_err(&pdev->dev, "failed to get baseclk\n"); -- return PTR_ERR(priv->mainck); -+ ret = PTR_ERR(priv->mainck); -+ goto sdhci_pltfm_free; - } - - priv->hclock = devm_clk_get(&pdev->dev, "hclock"); - if (IS_ERR(priv->hclock)) { - dev_err(&pdev->dev, "failed to get hclock\n"); -- return PTR_ERR(priv->hclock); -+ ret = PTR_ERR(priv->hclock); -+ goto sdhci_pltfm_free; - } - - priv->gck = devm_clk_get(&pdev->dev, "multclk"); - if (IS_ERR(priv->gck)) { - dev_err(&pdev->dev, "failed to get multclk\n"); -- return PTR_ERR(priv->gck); -+ ret = PTR_ERR(priv->gck); -+ goto sdhci_pltfm_free; - } - - ret = sdhci_at91_set_clks_presets(&pdev->dev); -diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c -index 63e8527f7b65..18aba1cf8acc 100644 ---- a/drivers/mtd/ubi/fastmap.c -+++ b/drivers/mtd/ubi/fastmap.c -@@ -73,7 +73,7 @@ static int self_check_seen(struct ubi_device *ubi, unsigned long *seen) - return 0; - - for (pnum = 0; pnum < ubi->peb_count; pnum++) { -- if (test_bit(pnum, seen) && ubi->lookuptbl[pnum]) { -+ if (!test_bit(pnum, seen) && ubi->lookuptbl[pnum]) { - ubi_err(ubi, "self-check failed for PEB %d, fastmap didn't see it", pnum); - ret = -EINVAL; - } -@@ -1147,7 +1147,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - struct rb_node *tmp_rb; - int ret, i, j, free_peb_count, used_peb_count, vol_count; - int scrub_peb_count, erase_peb_count; -- unsigned long *seen_pebs = NULL; -+ unsigned long *seen_pebs; - - fm_raw = ubi->fm_buf; - memset(ubi->fm_buf, 0, ubi->fm_size); -@@ -1161,7 +1161,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - dvbuf = new_fm_vbuf(ubi, UBI_FM_DATA_VOLUME_ID); - if (!dvbuf) { - ret = -ENOMEM; -- goto out_kfree; -+ goto out_free_avbuf; - } - - avhdr = ubi_get_vid_hdr(avbuf); -@@ -1170,7 +1170,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - seen_pebs = init_seen(ubi); - if (IS_ERR(seen_pebs)) { - ret = PTR_ERR(seen_pebs); -- goto out_kfree; -+ goto out_free_dvbuf; - } - - spin_lock(&ubi->volumes_lock); -@@ -1338,7 +1338,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avbuf); - if (ret) { - ubi_err(ubi, "unable to write vid_hdr to fastmap SB!"); -- goto out_kfree; -+ goto out_free_seen; - } - - for (i = 0; i < new_fm->used_blocks; i++) { -@@ -1360,7 +1360,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - if (ret) { - ubi_err(ubi, "unable to write vid_hdr to PEB %i!", - new_fm->e[i]->pnum); -- goto out_kfree; -+ goto out_free_seen; - } - } - -@@ -1370,7 +1370,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - if (ret) { - ubi_err(ubi, "unable to write fastmap to PEB %i!", - new_fm->e[i]->pnum); -- goto out_kfree; -+ goto out_free_seen; - } - } - -@@ -1380,10 +1380,13 @@ static int ubi_write_fastmap(struct ubi_device *ubi, - ret = self_check_seen(ubi, seen_pebs); - dbg_bld("fastmap written!"); - --out_kfree: -- ubi_free_vid_buf(avbuf); -- ubi_free_vid_buf(dvbuf); -+out_free_seen: - free_seen(seen_pebs); -+out_free_dvbuf: -+ ubi_free_vid_buf(dvbuf); -+out_free_avbuf: -+ ubi_free_vid_buf(avbuf); -+ - out: - return ret; - } -diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c -index 60666db31886..755d588bbcb1 100644 ---- a/drivers/net/bonding/bond_alb.c -+++ b/drivers/net/bonding/bond_alb.c -@@ -1403,26 +1403,31 @@ int bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev) - bool do_tx_balance = true; - u32 hash_index = 0; - const u8 *hash_start = NULL; -- struct ipv6hdr *ip6hdr; - - skb_reset_mac_header(skb); - eth_data = eth_hdr(skb); - - switch (ntohs(skb->protocol)) { - case ETH_P_IP: { -- const struct iphdr *iph = ip_hdr(skb); -+ const struct iphdr *iph; - - if (ether_addr_equal_64bits(eth_data->h_dest, mac_bcast) || -- (iph->daddr == ip_bcast) || -- (iph->protocol == IPPROTO_IGMP)) { -+ (!pskb_network_may_pull(skb, sizeof(*iph)))) { -+ do_tx_balance = false; -+ break; -+ } -+ iph = ip_hdr(skb); -+ if (iph->daddr == ip_bcast || iph->protocol == IPPROTO_IGMP) { - do_tx_balance = false; - break; - } - hash_start = (char *)&(iph->daddr); - hash_size = sizeof(iph->daddr); -- } - break; -- case ETH_P_IPV6: -+ } -+ case ETH_P_IPV6: { -+ const struct ipv6hdr *ip6hdr; -+ - /* IPv6 doesn't really use broadcast mac address, but leave - * that here just in case. - */ -@@ -1439,7 +1444,11 @@ int bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev) - break; - } - -- /* Additianally, DAD probes should not be tx-balanced as that -+ if (!pskb_network_may_pull(skb, sizeof(*ip6hdr))) { -+ do_tx_balance = false; -+ break; -+ } -+ /* Additionally, DAD probes should not be tx-balanced as that - * will lead to false positives for duplicate addresses and - * prevent address configuration from working. - */ -@@ -1449,17 +1458,26 @@ int bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev) - break; - } - -- hash_start = (char *)&(ipv6_hdr(skb)->daddr); -- hash_size = sizeof(ipv6_hdr(skb)->daddr); -+ hash_start = (char *)&ip6hdr->daddr; -+ hash_size = sizeof(ip6hdr->daddr); - break; -- case ETH_P_IPX: -- if (ipx_hdr(skb)->ipx_checksum != IPX_NO_CHECKSUM) { -+ } -+ case ETH_P_IPX: { -+ const struct ipxhdr *ipxhdr; -+ -+ if (pskb_network_may_pull(skb, sizeof(*ipxhdr))) { -+ do_tx_balance = false; -+ break; -+ } -+ ipxhdr = (struct ipxhdr *)skb_network_header(skb); -+ -+ if (ipxhdr->ipx_checksum != IPX_NO_CHECKSUM) { - /* something is wrong with this packet */ - do_tx_balance = false; - break; - } - -- if (ipx_hdr(skb)->ipx_type != IPX_TYPE_NCP) { -+ if (ipxhdr->ipx_type != IPX_TYPE_NCP) { - /* The only protocol worth balancing in - * this family since it has an "ARP" like - * mechanism -@@ -1468,9 +1486,11 @@ int bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev) - break; - } - -+ eth_data = eth_hdr(skb); - hash_start = (char *)eth_data->h_dest; - hash_size = ETH_ALEN; - break; -+ } - case ETH_P_ARP: - do_tx_balance = false; - if (bond_info->rlb_enabled) -diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c -index 05440b727261..747062f04bb5 100644 ---- a/drivers/net/dsa/bcm_sf2.c -+++ b/drivers/net/dsa/bcm_sf2.c -@@ -137,7 +137,9 @@ static void bcm_sf2_imp_setup(struct dsa_switch *ds, int port) - - /* Force link status for IMP port */ - reg = core_readl(priv, offset); -- reg |= (MII_SW_OR | LINK_STS | GMII_SPEED_UP_2G); -+ reg |= (MII_SW_OR | LINK_STS); -+ if (priv->type == BCM7278_DEVICE_ID) -+ reg |= GMII_SPEED_UP_2G; - core_writel(priv, reg, offset); - - /* Enable Broadcast, Multicast, Unicast forwarding to IMP port */ -diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c -index 69b2f99b0c19..f48f7d104af2 100644 ---- a/drivers/net/ethernet/broadcom/bcmsysport.c -+++ b/drivers/net/ethernet/broadcom/bcmsysport.c -@@ -2329,6 +2329,9 @@ static int bcm_sysport_resume(struct device *d) - - umac_reset(priv); - -+ /* Disable the UniMAC RX/TX */ -+ umac_enable_set(priv, CMD_RX_EN | CMD_TX_EN, 0); -+ - /* We may have been suspended and never received a WOL event that - * would turn off MPD detection, take care of that now - */ -diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c -index 7461e7b9eaae..41bc7820d2dd 100644 ---- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c -+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c -@@ -5375,7 +5375,7 @@ static void bnxt_setup_msix(struct bnxt *bp) - int tcs, i; - - tcs = netdev_get_num_tc(dev); -- if (tcs > 1) { -+ if (tcs) { - int i, off, count; - - for (i = 0; i < tcs; i++) { -diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c -index 5aff1b460151..b01b242c2bf0 100644 ---- a/drivers/net/ethernet/cadence/macb_main.c -+++ b/drivers/net/ethernet/cadence/macb_main.c -@@ -66,7 +66,11 @@ - /* Max length of transmit frame must be a multiple of 8 bytes */ - #define MACB_TX_LEN_ALIGN 8 - #define MACB_MAX_TX_LEN ((unsigned int)((1 << MACB_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1))) --#define GEM_MAX_TX_LEN ((unsigned int)((1 << GEM_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1))) -+/* Limit maximum TX length as per Cadence TSO errata. This is to avoid a -+ * false amba_error in TX path from the DMA assuming there is not enough -+ * space in the SRAM (16KB) even when there is. -+ */ -+#define GEM_MAX_TX_LEN (unsigned int)(0x3FC0) - - #define GEM_MTU_MIN_SIZE ETH_MIN_MTU - #define MACB_NETIF_LSO NETIF_F_TSO -@@ -1577,16 +1581,14 @@ static netdev_features_t macb_features_check(struct sk_buff *skb, - - /* Validate LSO compatibility */ - -- /* there is only one buffer */ -- if (!skb_is_nonlinear(skb)) -+ /* there is only one buffer or protocol is not UDP */ -+ if (!skb_is_nonlinear(skb) || (ip_hdr(skb)->protocol != IPPROTO_UDP)) - return features; - - /* length of header */ - hdrlen = skb_transport_offset(skb); -- if (ip_hdr(skb)->protocol == IPPROTO_TCP) -- hdrlen += tcp_hdrlen(skb); - -- /* For LSO: -+ /* For UFO only: - * When software supplies two or more payload buffers all payload buffers - * apart from the last must be a multiple of 8 bytes in size. - */ -diff --git a/drivers/net/ethernet/dec/tulip/dmfe.c b/drivers/net/ethernet/dec/tulip/dmfe.c -index 07e10a45beaa..cd5309668186 100644 ---- a/drivers/net/ethernet/dec/tulip/dmfe.c -+++ b/drivers/net/ethernet/dec/tulip/dmfe.c -@@ -2224,15 +2224,16 @@ static int __init dmfe_init_module(void) - if (cr6set) - dmfe_cr6_user_set = cr6set; - -- switch(mode) { -- case DMFE_10MHF: -+ switch (mode) { -+ case DMFE_10MHF: - case DMFE_100MHF: - case DMFE_10MFD: - case DMFE_100MFD: - case DMFE_1M_HPNA: - dmfe_media_mode = mode; - break; -- default:dmfe_media_mode = DMFE_AUTO; -+ default: -+ dmfe_media_mode = DMFE_AUTO; - break; - } - -diff --git a/drivers/net/ethernet/dec/tulip/uli526x.c b/drivers/net/ethernet/dec/tulip/uli526x.c -index 7fc248efc4ba..9779555eea25 100644 ---- a/drivers/net/ethernet/dec/tulip/uli526x.c -+++ b/drivers/net/ethernet/dec/tulip/uli526x.c -@@ -1819,8 +1819,8 @@ static int __init uli526x_init_module(void) - if (cr6set) - uli526x_cr6_user_set = cr6set; - -- switch (mode) { -- case ULI526X_10MHF: -+ switch (mode) { -+ case ULI526X_10MHF: - case ULI526X_100MHF: - case ULI526X_10MFD: - case ULI526X_100MFD: -diff --git a/drivers/net/ethernet/smsc/smc911x.c b/drivers/net/ethernet/smsc/smc911x.c -index 42d35a87bcc9..f4f52a64f450 100644 ---- a/drivers/net/ethernet/smsc/smc911x.c -+++ b/drivers/net/ethernet/smsc/smc911x.c -@@ -948,7 +948,7 @@ static void smc911x_phy_configure(struct work_struct *work) - if (lp->ctl_rspeed != 100) - my_ad_caps &= ~(ADVERTISE_100BASE4|ADVERTISE_100FULL|ADVERTISE_100HALF); - -- if (!lp->ctl_rfduplx) -+ if (!lp->ctl_rfduplx) - my_ad_caps &= ~(ADVERTISE_100FULL|ADVERTISE_10FULL); - - /* Update our Auto-Neg Advertisement Register */ -diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c -index 3840f21dd635..92e4e5d53053 100644 ---- a/drivers/net/gtp.c -+++ b/drivers/net/gtp.c -@@ -771,11 +771,13 @@ static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize) - { - int i; - -- gtp->addr_hash = kmalloc(sizeof(struct hlist_head) * hsize, GFP_KERNEL); -+ gtp->addr_hash = kmalloc(sizeof(struct hlist_head) * hsize, -+ GFP_KERNEL | __GFP_NOWARN); - if (gtp->addr_hash == NULL) - return -ENOMEM; - -- gtp->tid_hash = kmalloc(sizeof(struct hlist_head) * hsize, GFP_KERNEL); -+ gtp->tid_hash = kmalloc(sizeof(struct hlist_head) * hsize, -+ GFP_KERNEL | __GFP_NOWARN); - if (gtp->tid_hash == NULL) - goto err1; - -diff --git a/drivers/net/ppp/ppp_async.c b/drivers/net/ppp/ppp_async.c -index 814fd8fae67d..297a986e6653 100644 ---- a/drivers/net/ppp/ppp_async.c -+++ b/drivers/net/ppp/ppp_async.c -@@ -878,15 +878,15 @@ ppp_async_input(struct asyncppp *ap, const unsigned char *buf, - skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2); - if (!skb) - goto nomem; -- ap->rpkt = skb; -- } -- if (skb->len == 0) { -- /* Try to get the payload 4-byte aligned. -- * This should match the -- * PPP_ALLSTATIONS/PPP_UI/compressed tests in -- * process_input_packet, but we do not have -- * enough chars here to test buf[1] and buf[2]. -- */ -+ ap->rpkt = skb; -+ } -+ if (skb->len == 0) { -+ /* Try to get the payload 4-byte aligned. -+ * This should match the -+ * PPP_ALLSTATIONS/PPP_UI/compressed tests in -+ * process_input_packet, but we do not have -+ * enough chars here to test buf[1] and buf[2]. -+ */ - if (buf[0] != PPP_ALLSTATIONS) - skb_reserve(skb, 2 + (buf[0] & 1)); - } -diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -index 2eb5fe7367c6..4ad830b7b1c9 100644 ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c -@@ -441,6 +441,7 @@ fail: - usb_free_urb(req->urb); - list_del(q->next); - } -+ kfree(reqs); - return NULL; - - } -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c -index ca2d66ce8424..8f3032b7174d 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c -@@ -298,7 +298,7 @@ iwl_parse_nvm_sections(struct iwl_mvm *mvm) - int regulatory_type; - - /* Checking for required sections */ -- if (mvm->trans->cfg->nvm_type != IWL_NVM_EXT) { -+ if (mvm->trans->cfg->nvm_type == IWL_NVM) { - if (!mvm->nvm_sections[NVM_SECTION_TYPE_SW].data || - !mvm->nvm_sections[mvm->cfg->nvm_hw_section_num].data) { - IWL_ERR(mvm, "Can't parse empty OTP/NVM sections\n"); -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -index 684c0f65a052..d9ab85c8eb6a 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c -@@ -2981,6 +2981,10 @@ static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm, - igtk_cmd.sta_id = cpu_to_le32(sta_id); - - if (remove_key) { -+ /* This is a valid situation for IGTK */ -+ if (sta_id == IWL_MVM_INVALID_STA) -+ return 0; -+ - igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID); - } else { - struct ieee80211_key_seq seq; -@@ -3285,9 +3289,9 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm, - IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n", - keyconf->keyidx, sta_id); - -- if (mvm_sta && (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC || -- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 || -- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256)) -+ if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC || -+ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 || -+ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256) - return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true); - - if (!__test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table)) { -diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c -index 4ffc188d2ffd..fbeb12018c3d 100644 ---- a/drivers/net/wireless/marvell/libertas/cfg.c -+++ b/drivers/net/wireless/marvell/libertas/cfg.c -@@ -1788,6 +1788,8 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, - rates_max = rates_eid[1]; - if (rates_max > MAX_RATES) { - lbs_deb_join("invalid rates"); -+ rcu_read_unlock(); -+ ret = -EINVAL; - goto out; - } - rates = cmd.bss.rates; -diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c -index c013c94fbf15..0071c40afe81 100644 ---- a/drivers/net/wireless/marvell/mwifiex/scan.c -+++ b/drivers/net/wireless/marvell/mwifiex/scan.c -@@ -2890,6 +2890,13 @@ mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv, - vs_param_set->header.len = - cpu_to_le16((((u16) priv->vs_ie[id].ie[1]) - & 0x00FF) + 2); -+ if (le16_to_cpu(vs_param_set->header.len) > -+ MWIFIEX_MAX_VSIE_LEN) { -+ mwifiex_dbg(priv->adapter, ERROR, -+ "Invalid param length!\n"); -+ break; -+ } -+ - memcpy(vs_param_set->ie, priv->vs_ie[id].ie, - le16_to_cpu(vs_param_set->header.len)); - *buffer += le16_to_cpu(vs_param_set->header.len) + -diff --git a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c -index f88a953b3cd5..652acafca136 100644 ---- a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c -+++ b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c -@@ -274,6 +274,7 @@ static int mwifiex_process_country_ie(struct mwifiex_private *priv, - - if (country_ie_len > - (IEEE80211_COUNTRY_STRING_LEN + MWIFIEX_MAX_TRIPLET_802_11D)) { -+ rcu_read_unlock(); - mwifiex_dbg(priv->adapter, ERROR, - "11D: country_ie_len overflow!, deauth AP\n"); - return -EINVAL; -diff --git a/drivers/net/wireless/marvell/mwifiex/wmm.c b/drivers/net/wireless/marvell/mwifiex/wmm.c -index 7fba4d940131..a13b05ec8fc0 100644 ---- a/drivers/net/wireless/marvell/mwifiex/wmm.c -+++ b/drivers/net/wireless/marvell/mwifiex/wmm.c -@@ -976,6 +976,10 @@ int mwifiex_ret_wmm_get_status(struct mwifiex_private *priv, - "WMM Parameter Set Count: %d\n", - wmm_param_ie->qos_info_bitmap & mask); - -+ if (wmm_param_ie->vend_hdr.len + 2 > -+ sizeof(struct ieee_types_wmm_parameter)) -+ break; -+ - memcpy((u8 *) &priv->curr_bss_params.bss_descriptor. - wmm_ie, wmm_param_ie, - wmm_param_ie->vend_hdr.len + 2); -diff --git a/drivers/nfc/pn544/pn544.c b/drivers/nfc/pn544/pn544.c -index 70e898e38b16..f30bdf95610f 100644 ---- a/drivers/nfc/pn544/pn544.c -+++ b/drivers/nfc/pn544/pn544.c -@@ -704,7 +704,7 @@ static int pn544_hci_check_presence(struct nfc_hci_dev *hdev, - target->nfcid1_len != 10) - return -EOPNOTSUPP; - -- return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE, -+ return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE, - PN544_RF_READER_CMD_ACTIVATE_NEXT, - target->nfcid1, target->nfcid1_len, NULL); - } else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK | -diff --git a/drivers/of/Kconfig b/drivers/of/Kconfig -index ba7b034b2b91..6b8646db110c 100644 ---- a/drivers/of/Kconfig -+++ b/drivers/of/Kconfig -@@ -112,4 +112,8 @@ config OF_OVERLAY - config OF_NUMA - bool - -+config OF_DMA_DEFAULT_COHERENT -+ # arches should select this if DMA is coherent by default for OF devices -+ bool -+ - endif # OF -diff --git a/drivers/of/address.c b/drivers/of/address.c -index 792722e7d458..456339c19aed 100644 ---- a/drivers/of/address.c -+++ b/drivers/of/address.c -@@ -894,12 +894,16 @@ EXPORT_SYMBOL_GPL(of_dma_get_range); - * @np: device node - * - * It returns true if "dma-coherent" property was found -- * for this device in DT. -+ * for this device in the DT, or if DMA is coherent by -+ * default for OF devices on the current platform. - */ - bool of_dma_is_coherent(struct device_node *np) - { - struct device_node *node = of_node_get(np); - -+ if (IS_ENABLED(CONFIG_OF_DMA_DEFAULT_COHERENT)) -+ return true; -+ - while (node) { - if (of_property_read_bool(node, "dma-coherent")) { - of_node_put(node); -diff --git a/drivers/pci/dwc/pci-keystone-dw.c b/drivers/pci/dwc/pci-keystone-dw.c -index 2fb20b887d2a..4cf2662930d8 100644 ---- a/drivers/pci/dwc/pci-keystone-dw.c -+++ b/drivers/pci/dwc/pci-keystone-dw.c -@@ -510,7 +510,7 @@ void ks_dw_pcie_initiate_link_train(struct keystone_pcie *ks_pcie) - /* Disable Link training */ - val = ks_dw_app_readl(ks_pcie, CMD_STATUS); - val &= ~LTSSM_EN_VAL; -- ks_dw_app_writel(ks_pcie, CMD_STATUS, LTSSM_EN_VAL | val); -+ ks_dw_app_writel(ks_pcie, CMD_STATUS, val); - - /* Initiate Link Training */ - val = ks_dw_app_readl(ks_pcie, CMD_STATUS); -diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c -index 958da7db9033..fb73e975d22b 100644 ---- a/drivers/pci/setup-bus.c -+++ b/drivers/pci/setup-bus.c -@@ -1824,12 +1824,18 @@ again: - /* restore size and flags */ - list_for_each_entry(fail_res, &fail_head, list) { - struct resource *res = fail_res->res; -+ int idx; - - res->start = fail_res->start; - res->end = fail_res->end; - res->flags = fail_res->flags; -- if (fail_res->dev->subordinate) -- res->flags = 0; -+ -+ if (pci_is_bridge(fail_res->dev)) { -+ idx = res - &fail_res->dev->resource[0]; -+ if (idx >= PCI_BRIDGE_RESOURCES && -+ idx <= PCI_BRIDGE_RESOURCE_END) -+ res->flags = 0; -+ } - } - free_list(&fail_head); - -@@ -1895,12 +1901,18 @@ again: - /* restore size and flags */ - list_for_each_entry(fail_res, &fail_head, list) { - struct resource *res = fail_res->res; -+ int idx; - - res->start = fail_res->start; - res->end = fail_res->end; - res->flags = fail_res->flags; -- if (fail_res->dev->subordinate) -- res->flags = 0; -+ -+ if (pci_is_bridge(fail_res->dev)) { -+ idx = res - &fail_res->dev->resource[0]; -+ if (idx >= PCI_BRIDGE_RESOURCES && -+ idx <= PCI_BRIDGE_RESOURCE_END) -+ res->flags = 0; -+ } - } - free_list(&fail_head); - -diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c -index 73dba2739849..bf229b442e72 100644 ---- a/drivers/pci/switch/switchtec.c -+++ b/drivers/pci/switch/switchtec.c -@@ -1399,7 +1399,7 @@ static int switchtec_init_isr(struct switchtec_dev *stdev) - if (nvecs < 0) - return nvecs; - -- event_irq = ioread32(&stdev->mmio_part_cfg->vep_vector_number); -+ event_irq = ioread16(&stdev->mmio_part_cfg->vep_vector_number); - if (event_irq < 0 || event_irq >= nvecs) - return -EFAULT; - -diff --git a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c -index 69ce2afac015..c6925e3e878b 100644 ---- a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c -+++ b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c -@@ -88,7 +88,7 @@ static int read_poll_timeout(void __iomem *addr, u32 mask) - if (readl_relaxed(addr) & mask) - return 0; - -- usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50); -+ usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50); - } while (!time_after(jiffies, timeout)); - - return (readl_relaxed(addr) & mask) ? 0 : -ETIMEDOUT; -diff --git a/drivers/pinctrl/sh-pfc/pfc-r8a7778.c b/drivers/pinctrl/sh-pfc/pfc-r8a7778.c -index c3af9ebee4af..28c0405ba396 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-r8a7778.c -+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7778.c -@@ -2325,7 +2325,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { - FN_ATAG0_A, 0, FN_REMOCON_B, 0, - /* IP0_11_8 [4] */ - FN_SD1_DAT2_A, FN_MMC_D2, 0, FN_BS, -- FN_ATADIR0_A, 0, FN_SDSELF_B, 0, -+ FN_ATADIR0_A, 0, FN_SDSELF_A, 0, - FN_PWM4_B, 0, 0, 0, - 0, 0, 0, 0, - /* IP0_7_5 [3] */ -@@ -2367,7 +2367,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { - FN_TS_SDAT0_A, 0, 0, 0, - 0, 0, 0, 0, - /* IP1_10_8 [3] */ -- FN_SD1_CLK_B, FN_MMC_D6, 0, FN_A24, -+ FN_SD1_CD_A, FN_MMC_D6, 0, FN_A24, - FN_DREQ1_A, 0, FN_HRX0_B, FN_TS_SPSYNC0_A, - /* IP1_7_5 [3] */ - FN_A23, FN_HTX0_B, FN_TX2_B, FN_DACK2_A, -diff --git a/drivers/platform/x86/intel_mid_powerbtn.c b/drivers/platform/x86/intel_mid_powerbtn.c -index 5ad44204a9c3..10dbd6cac48a 100644 ---- a/drivers/platform/x86/intel_mid_powerbtn.c -+++ b/drivers/platform/x86/intel_mid_powerbtn.c -@@ -158,9 +158,10 @@ static int mid_pb_probe(struct platform_device *pdev) - - input_set_capability(input, EV_KEY, KEY_POWER); - -- ddata = (struct mid_pb_ddata *)id->driver_data; -+ ddata = devm_kmemdup(&pdev->dev, (void *)id->driver_data, -+ sizeof(*ddata), GFP_KERNEL); - if (!ddata) -- return -ENODATA; -+ return -ENOMEM; - - ddata->dev = &pdev->dev; - ddata->irq = irq; -diff --git a/drivers/platform/x86/intel_scu_ipc.c b/drivers/platform/x86/intel_scu_ipc.c -index 2c85f75e32b0..2434ce8bead6 100644 ---- a/drivers/platform/x86/intel_scu_ipc.c -+++ b/drivers/platform/x86/intel_scu_ipc.c -@@ -69,26 +69,22 @@ - struct intel_scu_ipc_pdata_t { - u32 i2c_base; - u32 i2c_len; -- u8 irq_mode; - }; - - static const struct intel_scu_ipc_pdata_t intel_scu_ipc_lincroft_pdata = { - .i2c_base = 0xff12b000, - .i2c_len = 0x10, -- .irq_mode = 0, - }; - - /* Penwell and Cloverview */ - static const struct intel_scu_ipc_pdata_t intel_scu_ipc_penwell_pdata = { - .i2c_base = 0xff12b000, - .i2c_len = 0x10, -- .irq_mode = 1, - }; - - static const struct intel_scu_ipc_pdata_t intel_scu_ipc_tangier_pdata = { - .i2c_base = 0xff00d000, - .i2c_len = 0x10, -- .irq_mode = 0, - }; - - struct intel_scu_ipc_dev { -@@ -101,6 +97,9 @@ struct intel_scu_ipc_dev { - - static struct intel_scu_ipc_dev ipcdev; /* Only one for now */ - -+#define IPC_STATUS 0x04 -+#define IPC_STATUS_IRQ BIT(2) -+ - /* - * IPC Read Buffer (Read Only): - * 16 byte buffer for receiving data from SCU, if IPC command -@@ -122,11 +121,8 @@ static DEFINE_MUTEX(ipclock); /* lock used to prevent multiple call to SCU */ - */ - static inline void ipc_command(struct intel_scu_ipc_dev *scu, u32 cmd) - { -- if (scu->irq_mode) { -- reinit_completion(&scu->cmd_complete); -- writel(cmd | IPC_IOC, scu->ipc_base); -- } -- writel(cmd, scu->ipc_base); -+ reinit_completion(&scu->cmd_complete); -+ writel(cmd | IPC_IOC, scu->ipc_base); - } - - /* -@@ -612,9 +608,10 @@ EXPORT_SYMBOL(intel_scu_ipc_i2c_cntrl); - static irqreturn_t ioc(int irq, void *dev_id) - { - struct intel_scu_ipc_dev *scu = dev_id; -+ int status = ipc_read_status(scu); - -- if (scu->irq_mode) -- complete(&scu->cmd_complete); -+ writel(status | IPC_STATUS_IRQ, scu->ipc_base + IPC_STATUS); -+ complete(&scu->cmd_complete); - - return IRQ_HANDLED; - } -@@ -640,8 +637,6 @@ static int ipc_probe(struct pci_dev *pdev, const struct pci_device_id *id) - if (!pdata) - return -ENODEV; - -- scu->irq_mode = pdata->irq_mode; -- - err = pcim_enable_device(pdev); - if (err) - return err; -diff --git a/drivers/power/supply/ltc2941-battery-gauge.c b/drivers/power/supply/ltc2941-battery-gauge.c -index 9621d6dd88c6..50bdf2d5248b 100644 ---- a/drivers/power/supply/ltc2941-battery-gauge.c -+++ b/drivers/power/supply/ltc2941-battery-gauge.c -@@ -406,7 +406,7 @@ static int ltc294x_i2c_remove(struct i2c_client *client) - { - struct ltc294x_info *info = i2c_get_clientdata(client); - -- cancel_delayed_work(&info->work); -+ cancel_delayed_work_sync(&info->work); - power_supply_unregister(info->supply); - return 0; - } -diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index 9dca53df3584..5b7c16b85dc0 100644 ---- a/drivers/rtc/rtc-cmos.c -+++ b/drivers/rtc/rtc-cmos.c -@@ -806,7 +806,7 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) - rtc_cmos_int_handler = cmos_interrupt; - - retval = request_irq(rtc_irq, rtc_cmos_int_handler, -- IRQF_SHARED, dev_name(&cmos_rtc.rtc->dev), -+ 0, dev_name(&cmos_rtc.rtc->dev), - cmos_rtc.rtc); - if (retval < 0) { - dev_dbg(dev, "IRQ %d is already in use\n", rtc_irq); -diff --git a/drivers/rtc/rtc-hym8563.c b/drivers/rtc/rtc-hym8563.c -index e5ad527cb75e..a8c2d38b2411 100644 ---- a/drivers/rtc/rtc-hym8563.c -+++ b/drivers/rtc/rtc-hym8563.c -@@ -105,7 +105,7 @@ static int hym8563_rtc_read_time(struct device *dev, struct rtc_time *tm) - - if (!hym8563->valid) { - dev_warn(&client->dev, "no valid clock/calendar values available\n"); -- return -EPERM; -+ return -EINVAL; - } - - ret = i2c_smbus_read_i2c_block_data(client, HYM8563_SEC, 7, buf); -diff --git a/drivers/scsi/csiostor/csio_scsi.c b/drivers/scsi/csiostor/csio_scsi.c -index e09c7f360dbd..0cb585759de6 100644 ---- a/drivers/scsi/csiostor/csio_scsi.c -+++ b/drivers/scsi/csiostor/csio_scsi.c -@@ -1383,7 +1383,7 @@ csio_device_reset(struct device *dev, - return -EINVAL; - - /* Delete NPIV lnodes */ -- csio_lnodes_exit(hw, 1); -+ csio_lnodes_exit(hw, 1); - - /* Block upper IOs */ - csio_lnodes_block_request(hw); -diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c -index 6abad63b127a..42d876034741 100644 ---- a/drivers/scsi/megaraid/megaraid_sas_base.c -+++ b/drivers/scsi/megaraid/megaraid_sas_base.c -@@ -4109,7 +4109,8 @@ dcmd_timeout_ocr_possible(struct megasas_instance *instance) { - if (instance->adapter_type == MFI_SERIES) - return KILL_ADAPTER; - else if (instance->unload || -- test_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags)) -+ test_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, -+ &instance->reset_flags)) - return IGNORE_TIMEOUT; - else - return INITIATE_OCR; -diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c -index 7be2b9e11332..b13721290f4b 100644 ---- a/drivers/scsi/megaraid/megaraid_sas_fusion.c -+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c -@@ -4212,6 +4212,7 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int reason) - if (instance->requestorId && !instance->skip_heartbeat_timer_del) - del_timer_sync(&instance->sriov_heartbeat_timer); - set_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags); -+ set_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags); - atomic_set(&instance->adprecovery, MEGASAS_ADPRESET_SM_POLLING); - instance->instancet->disable_intr(instance); - megasas_sync_irqs((unsigned long)instance); -@@ -4399,7 +4400,7 @@ fail_kill_adapter: - atomic_set(&instance->adprecovery, MEGASAS_HBA_OPERATIONAL); - } - out: -- clear_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags); -+ clear_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags); - mutex_unlock(&instance->reset_mutex); - return retval; - } -diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h -index 7c1f7ccf031d..40724df20780 100644 ---- a/drivers/scsi/megaraid/megaraid_sas_fusion.h -+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h -@@ -100,6 +100,7 @@ enum MR_RAID_FLAGS_IO_SUB_TYPE { - - #define MEGASAS_FP_CMD_LEN 16 - #define MEGASAS_FUSION_IN_RESET 0 -+#define MEGASAS_FUSION_OCR_NOT_POSSIBLE 1 - #define THRESHOLD_REPLY_COUNT 50 - #define RAID_1_PEER_CMDS 2 - #define JBOD_MAPS_COUNT 2 -diff --git a/drivers/scsi/qla2xxx/qla_dbg.c b/drivers/scsi/qla2xxx/qla_dbg.c -index 3e9dc54b89a3..91e185731b1e 100644 ---- a/drivers/scsi/qla2xxx/qla_dbg.c -+++ b/drivers/scsi/qla2xxx/qla_dbg.c -@@ -2517,12 +2517,6 @@ qla83xx_fw_dump_failed: - /* Driver Debug Functions. */ - /****************************************************************************/ - --static inline int --ql_mask_match(uint32_t level) --{ -- return (level & ql2xextended_error_logging) == level; --} -- - /* - * This function is for formatting and logging debug information. - * It is to be used when vha is available. It formats the message -diff --git a/drivers/scsi/qla2xxx/qla_dbg.h b/drivers/scsi/qla2xxx/qla_dbg.h -index 8877aa97d829..ceca6dd34db1 100644 ---- a/drivers/scsi/qla2xxx/qla_dbg.h -+++ b/drivers/scsi/qla2xxx/qla_dbg.h -@@ -374,3 +374,9 @@ extern int qla24xx_dump_ram(struct qla_hw_data *, uint32_t, uint32_t *, - extern void qla24xx_pause_risc(struct device_reg_24xx __iomem *, - struct qla_hw_data *); - extern int qla24xx_soft_reset(struct qla_hw_data *); -+ -+static inline int -+ql_mask_match(uint level) -+{ -+ return (level & ql2xextended_error_logging) == level; -+} -diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c -index 648916a9082c..b39faf2bfa0d 100644 ---- a/drivers/scsi/qla2xxx/qla_isr.c -+++ b/drivers/scsi/qla2xxx/qla_isr.c -@@ -1853,6 +1853,18 @@ qla24xx_nvme_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, void *tsk) - inbuf = (uint32_t *)&sts->nvme_ersp_data; - outbuf = (uint32_t *)fd->rspaddr; - iocb->u.nvme.rsp_pyld_len = le16_to_cpu(sts->nvme_rsp_pyld_len); -+ if (unlikely(iocb->u.nvme.rsp_pyld_len > -+ sizeof(struct nvme_fc_ersp_iu))) { -+ if (ql_mask_match(ql_dbg_io)) { -+ WARN_ONCE(1, "Unexpected response payload length %u.\n", -+ iocb->u.nvme.rsp_pyld_len); -+ ql_log(ql_log_warn, fcport->vha, 0x5100, -+ "Unexpected response payload length %u.\n", -+ iocb->u.nvme.rsp_pyld_len); -+ } -+ iocb->u.nvme.rsp_pyld_len = -+ sizeof(struct nvme_fc_ersp_iu); -+ } - iter = iocb->u.nvme.rsp_pyld_len >> 2; - for (; iter; iter--) - *outbuf++ = swab32(*inbuf++); -diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c -index 459481ce5872..5e8ae510aef8 100644 ---- a/drivers/scsi/qla2xxx/qla_mbx.c -+++ b/drivers/scsi/qla2xxx/qla_mbx.c -@@ -5853,9 +5853,8 @@ qla2x00_dump_mctp_data(scsi_qla_host_t *vha, dma_addr_t req_dma, uint32_t addr, - mcp->mb[7] = LSW(MSD(req_dma)); - mcp->mb[8] = MSW(addr); - /* Setting RAM ID to valid */ -- mcp->mb[10] |= BIT_7; - /* For MCTP RAM ID is 0x40 */ -- mcp->mb[10] |= 0x40; -+ mcp->mb[10] = BIT_7 | 0x40; - - mcp->out_mb |= MBX_10|MBX_8|MBX_7|MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1| - MBX_0; -diff --git a/drivers/scsi/qla2xxx/qla_nx.c b/drivers/scsi/qla2xxx/qla_nx.c -index a77c33987703..a5b8313cf491 100644 ---- a/drivers/scsi/qla2xxx/qla_nx.c -+++ b/drivers/scsi/qla2xxx/qla_nx.c -@@ -1605,8 +1605,7 @@ qla82xx_get_bootld_offset(struct qla_hw_data *ha) - return (u8 *)&ha->hablob->fw->data[offset]; - } - --static __le32 --qla82xx_get_fw_size(struct qla_hw_data *ha) -+static u32 qla82xx_get_fw_size(struct qla_hw_data *ha) - { - struct qla82xx_uri_data_desc *uri_desc = NULL; - -@@ -1617,7 +1616,7 @@ qla82xx_get_fw_size(struct qla_hw_data *ha) - return cpu_to_le32(uri_desc->size); - } - -- return cpu_to_le32(*(u32 *)&ha->hablob->fw->data[FW_SIZE_OFFSET]); -+ return get_unaligned_le32(&ha->hablob->fw->data[FW_SIZE_OFFSET]); - } - - static u8 * -@@ -1808,7 +1807,7 @@ qla82xx_fw_load_from_blob(struct qla_hw_data *ha) - } - - flashaddr = FLASH_ADDR_START; -- size = (__force u32)qla82xx_get_fw_size(ha) / 8; -+ size = qla82xx_get_fw_size(ha) / 8; - ptr64 = (u64 *)qla82xx_get_fw_offs(ha); - - for (i = 0; i < size; i++) { -diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index b0ad60565fe9..fb3abaf817a3 100644 ---- a/drivers/scsi/qla4xxx/ql4_os.c -+++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -4150,7 +4150,7 @@ static void qla4xxx_mem_free(struct scsi_qla_host *ha) - dma_free_coherent(&ha->pdev->dev, ha->queues_len, ha->queues, - ha->queues_dma); - -- if (ha->fw_dump) -+ if (ha->fw_dump) - vfree(ha->fw_dump); - - ha->queues_len = 0; -diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c -index d25082e573e0..ce40de334f11 100644 ---- a/drivers/scsi/ufs/ufshcd.c -+++ b/drivers/scsi/ufs/ufshcd.c -@@ -4812,6 +4812,7 @@ static int ufshcd_disable_auto_bkops(struct ufs_hba *hba) - - hba->auto_bkops_enabled = false; - trace_ufshcd_auto_bkops_state(dev_name(hba->dev), "Disabled"); -+ hba->is_urgent_bkops_lvl_checked = false; - out: - return err; - } -@@ -4836,6 +4837,7 @@ static void ufshcd_force_reset_auto_bkops(struct ufs_hba *hba) - hba->ee_ctrl_mask &= ~MASK_EE_URGENT_BKOPS; - ufshcd_disable_auto_bkops(hba); - } -+ hba->is_urgent_bkops_lvl_checked = false; - } - - static inline int ufshcd_get_bkops_status(struct ufs_hba *hba, u32 *status) -@@ -4882,6 +4884,7 @@ static int ufshcd_bkops_ctrl(struct ufs_hba *hba, - err = ufshcd_enable_auto_bkops(hba); - else - err = ufshcd_disable_auto_bkops(hba); -+ hba->urgent_bkops_lvl = curr_status; - out: - return err; - } -@@ -6412,7 +6415,8 @@ static int ufshcd_probe_hba(struct ufs_hba *hba) - ufshcd_init_icc_levels(hba); - - /* Add required well known logical units to scsi mid layer */ -- if (ufshcd_scsi_add_wlus(hba)) -+ ret = ufshcd_scsi_add_wlus(hba); -+ if (ret) - goto out; - - /* Initialize devfreq after UFS device is detected */ -diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c -index 0dbfd02e3b19..81657f09761c 100644 ---- a/drivers/tty/serial/xilinx_uartps.c -+++ b/drivers/tty/serial/xilinx_uartps.c -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - - #define CDNS_UART_TTY_NAME "ttyPS" - #define CDNS_UART_NAME "xuartps" -@@ -39,6 +40,7 @@ - #define CDNS_UART_NR_PORTS 2 - #define CDNS_UART_FIFO_SIZE 64 /* FIFO size */ - #define CDNS_UART_REGISTER_SPACE 0x1000 -+#define TX_TIMEOUT 500000 - - /* Rx Trigger level */ - static int rx_trigger_level = 56; -@@ -685,18 +687,21 @@ static void cdns_uart_set_termios(struct uart_port *port, - unsigned int cval = 0; - unsigned int baud, minbaud, maxbaud; - unsigned long flags; -- unsigned int ctrl_reg, mode_reg; -- -- spin_lock_irqsave(&port->lock, flags); -+ unsigned int ctrl_reg, mode_reg, val; -+ int err; - - /* Wait for the transmit FIFO to empty before making changes */ - if (!(readl(port->membase + CDNS_UART_CR) & - CDNS_UART_CR_TX_DIS)) { -- while (!(readl(port->membase + CDNS_UART_SR) & -- CDNS_UART_SR_TXEMPTY)) { -- cpu_relax(); -+ err = readl_poll_timeout(port->membase + CDNS_UART_SR, -+ val, (val & CDNS_UART_SR_TXEMPTY), -+ 1000, TX_TIMEOUT); -+ if (err) { -+ dev_err(port->dev, "timed out waiting for tx empty"); -+ return; - } - } -+ spin_lock_irqsave(&port->lock, flags); - - /* Disable the TX and RX to set baud rate */ - ctrl_reg = readl(port->membase + CDNS_UART_CR); -diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c -index dc99ed94f03d..8e3e44382785 100644 ---- a/drivers/usb/gadget/function/f_ecm.c -+++ b/drivers/usb/gadget/function/f_ecm.c -@@ -56,6 +56,7 @@ struct f_ecm { - struct usb_ep *notify; - struct usb_request *notify_req; - u8 notify_state; -+ atomic_t notify_count; - bool is_open; - - /* FIXME is_open needs some irq-ish locking -@@ -384,7 +385,7 @@ static void ecm_do_notify(struct f_ecm *ecm) - int status; - - /* notification already in flight? */ -- if (!req) -+ if (atomic_read(&ecm->notify_count)) - return; - - event = req->buf; -@@ -424,10 +425,10 @@ static void ecm_do_notify(struct f_ecm *ecm) - event->bmRequestType = 0xA1; - event->wIndex = cpu_to_le16(ecm->ctrl_id); - -- ecm->notify_req = NULL; -+ atomic_inc(&ecm->notify_count); - status = usb_ep_queue(ecm->notify, req, GFP_ATOMIC); - if (status < 0) { -- ecm->notify_req = req; -+ atomic_dec(&ecm->notify_count); - DBG(cdev, "notify --> %d\n", status); - } - } -@@ -452,17 +453,19 @@ static void ecm_notify_complete(struct usb_ep *ep, struct usb_request *req) - switch (req->status) { - case 0: - /* no fault */ -+ atomic_dec(&ecm->notify_count); - break; - case -ECONNRESET: - case -ESHUTDOWN: -+ atomic_set(&ecm->notify_count, 0); - ecm->notify_state = ECM_NOTIFY_NONE; - break; - default: - DBG(cdev, "event %02x --> %d\n", - event->bNotificationType, req->status); -+ atomic_dec(&ecm->notify_count); - break; - } -- ecm->notify_req = req; - ecm_do_notify(ecm); - } - -@@ -909,6 +912,11 @@ static void ecm_unbind(struct usb_configuration *c, struct usb_function *f) - - usb_free_all_descriptors(f); - -+ if (atomic_read(&ecm->notify_count)) { -+ usb_ep_dequeue(ecm->notify, ecm->notify_req); -+ atomic_set(&ecm->notify_count, 0); -+ } -+ - kfree(ecm->notify_req->buf); - usb_ep_free_request(ecm->notify, ecm->notify_req); - } -diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c -index 45b334ceaf2e..5c2d39232bb0 100644 ---- a/drivers/usb/gadget/function/f_ncm.c -+++ b/drivers/usb/gadget/function/f_ncm.c -@@ -58,6 +58,7 @@ struct f_ncm { - struct usb_ep *notify; - struct usb_request *notify_req; - u8 notify_state; -+ atomic_t notify_count; - bool is_open; - - const struct ndp_parser_opts *parser_opts; -@@ -553,7 +554,7 @@ static void ncm_do_notify(struct f_ncm *ncm) - int status; - - /* notification already in flight? */ -- if (!req) -+ if (atomic_read(&ncm->notify_count)) - return; - - event = req->buf; -@@ -593,7 +594,8 @@ static void ncm_do_notify(struct f_ncm *ncm) - event->bmRequestType = 0xA1; - event->wIndex = cpu_to_le16(ncm->ctrl_id); - -- ncm->notify_req = NULL; -+ atomic_inc(&ncm->notify_count); -+ - /* - * In double buffering if there is a space in FIFO, - * completion callback can be called right after the call, -@@ -603,7 +605,7 @@ static void ncm_do_notify(struct f_ncm *ncm) - status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC); - spin_lock(&ncm->lock); - if (status < 0) { -- ncm->notify_req = req; -+ atomic_dec(&ncm->notify_count); - DBG(cdev, "notify --> %d\n", status); - } - } -@@ -638,17 +640,19 @@ static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req) - case 0: - VDBG(cdev, "Notification %02x sent\n", - event->bNotificationType); -+ atomic_dec(&ncm->notify_count); - break; - case -ECONNRESET: - case -ESHUTDOWN: -+ atomic_set(&ncm->notify_count, 0); - ncm->notify_state = NCM_NOTIFY_NONE; - break; - default: - DBG(cdev, "event %02x --> %d\n", - event->bNotificationType, req->status); -+ atomic_dec(&ncm->notify_count); - break; - } -- ncm->notify_req = req; - ncm_do_notify(ncm); - spin_unlock(&ncm->lock); - } -@@ -1632,6 +1636,11 @@ static void ncm_unbind(struct usb_configuration *c, struct usb_function *f) - ncm_string_defs[0].id = 0; - usb_free_all_descriptors(f); - -+ if (atomic_read(&ncm->notify_count)) { -+ usb_ep_dequeue(ncm->notify, ncm->notify_req); -+ atomic_set(&ncm->notify_count, 0); -+ } -+ - kfree(ncm->notify_req->buf); - usb_ep_free_request(ncm->notify, ncm->notify_req); - } -diff --git a/drivers/usb/gadget/legacy/cdc2.c b/drivers/usb/gadget/legacy/cdc2.c -index 51c08682de84..5ee25beb52f0 100644 ---- a/drivers/usb/gadget/legacy/cdc2.c -+++ b/drivers/usb/gadget/legacy/cdc2.c -@@ -229,7 +229,7 @@ static struct usb_composite_driver cdc_driver = { - .name = "g_cdc", - .dev = &device_desc, - .strings = dev_strings, -- .max_speed = USB_SPEED_HIGH, -+ .max_speed = USB_SPEED_SUPER, - .bind = cdc_bind, - .unbind = cdc_unbind, - }; -diff --git a/drivers/usb/gadget/legacy/g_ffs.c b/drivers/usb/gadget/legacy/g_ffs.c -index 6da7316f8e87..54ee4e31645b 100644 ---- a/drivers/usb/gadget/legacy/g_ffs.c -+++ b/drivers/usb/gadget/legacy/g_ffs.c -@@ -153,7 +153,7 @@ static struct usb_composite_driver gfs_driver = { - .name = DRIVER_NAME, - .dev = &gfs_dev_desc, - .strings = gfs_dev_strings, -- .max_speed = USB_SPEED_HIGH, -+ .max_speed = USB_SPEED_SUPER, - .bind = gfs_bind, - .unbind = gfs_unbind, - }; -diff --git a/drivers/usb/gadget/legacy/multi.c b/drivers/usb/gadget/legacy/multi.c -index a70a406580ea..3b7fc5c7e9c3 100644 ---- a/drivers/usb/gadget/legacy/multi.c -+++ b/drivers/usb/gadget/legacy/multi.c -@@ -486,7 +486,7 @@ static struct usb_composite_driver multi_driver = { - .name = "g_multi", - .dev = &device_desc, - .strings = dev_strings, -- .max_speed = USB_SPEED_HIGH, -+ .max_speed = USB_SPEED_SUPER, - .bind = multi_bind, - .unbind = multi_unbind, - .needs_serial = 1, -diff --git a/drivers/usb/gadget/legacy/ncm.c b/drivers/usb/gadget/legacy/ncm.c -index 0aba68253e3d..2fb4a847dd52 100644 ---- a/drivers/usb/gadget/legacy/ncm.c -+++ b/drivers/usb/gadget/legacy/ncm.c -@@ -203,7 +203,7 @@ static struct usb_composite_driver ncm_driver = { - .name = "g_ncm", - .dev = &device_desc, - .strings = dev_strings, -- .max_speed = USB_SPEED_HIGH, -+ .max_speed = USB_SPEED_SUPER, - .bind = gncm_bind, - .unbind = gncm_unbind, - }; -diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c -index cf8ef8cee5a0..112e8b5e6fee 100644 ---- a/drivers/xen/xen-balloon.c -+++ b/drivers/xen/xen-balloon.c -@@ -82,7 +82,7 @@ static void watch_target(struct xenbus_watch *watch, - "%llu", &static_max) == 1)) - static_max >>= PAGE_SHIFT - 10; - else -- static_max = new_target; -+ static_max = balloon_stats.current_pages; - - target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0 - : static_max - balloon_stats.target_pages; -diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 740ef428acdd..f5a8c0d26cf3 100644 ---- a/fs/btrfs/ctree.c -+++ b/fs/btrfs/ctree.c -@@ -334,26 +334,6 @@ struct tree_mod_elem { - struct tree_mod_root old_root; - }; - --static inline void tree_mod_log_read_lock(struct btrfs_fs_info *fs_info) --{ -- read_lock(&fs_info->tree_mod_log_lock); --} -- --static inline void tree_mod_log_read_unlock(struct btrfs_fs_info *fs_info) --{ -- read_unlock(&fs_info->tree_mod_log_lock); --} -- --static inline void tree_mod_log_write_lock(struct btrfs_fs_info *fs_info) --{ -- write_lock(&fs_info->tree_mod_log_lock); --} -- --static inline void tree_mod_log_write_unlock(struct btrfs_fs_info *fs_info) --{ -- write_unlock(&fs_info->tree_mod_log_lock); --} -- - /* - * Pull a new tree mod seq number for our operation. - */ -@@ -373,14 +353,12 @@ static inline u64 btrfs_inc_tree_mod_seq(struct btrfs_fs_info *fs_info) - u64 btrfs_get_tree_mod_seq(struct btrfs_fs_info *fs_info, - struct seq_list *elem) - { -- tree_mod_log_write_lock(fs_info); -- spin_lock(&fs_info->tree_mod_seq_lock); -+ write_lock(&fs_info->tree_mod_log_lock); - if (!elem->seq) { - elem->seq = btrfs_inc_tree_mod_seq(fs_info); - list_add_tail(&elem->list, &fs_info->tree_mod_seq_list); - } -- spin_unlock(&fs_info->tree_mod_seq_lock); -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - - return elem->seq; - } -@@ -399,7 +377,7 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info, - if (!seq_putting) - return; - -- spin_lock(&fs_info->tree_mod_seq_lock); -+ write_lock(&fs_info->tree_mod_log_lock); - list_del(&elem->list); - elem->seq = 0; - -@@ -410,19 +388,17 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info, - * blocker with lower sequence number exists, we - * cannot remove anything from the log - */ -- spin_unlock(&fs_info->tree_mod_seq_lock); -+ write_unlock(&fs_info->tree_mod_log_lock); - return; - } - min_seq = cur_elem->seq; - } - } -- spin_unlock(&fs_info->tree_mod_seq_lock); - - /* - * anything that's lower than the lowest existing (read: blocked) - * sequence number can be removed from the tree. - */ -- tree_mod_log_write_lock(fs_info); - tm_root = &fs_info->tree_mod_log; - for (node = rb_first(tm_root); node; node = next) { - next = rb_next(node); -@@ -432,7 +408,7 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info, - rb_erase(node, tm_root); - kfree(tm); - } -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - } - - /* -@@ -443,7 +419,7 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info, - * for root replace operations, or the logical address of the affected - * block for all other operations. - * -- * Note: must be called with write lock (tree_mod_log_write_lock). -+ * Note: must be called with write lock for fs_info::tree_mod_log_lock. - */ - static noinline int - __tree_mod_log_insert(struct btrfs_fs_info *fs_info, struct tree_mod_elem *tm) -@@ -481,7 +457,7 @@ __tree_mod_log_insert(struct btrfs_fs_info *fs_info, struct tree_mod_elem *tm) - * Determines if logging can be omitted. Returns 1 if it can. Otherwise, it - * returns zero with the tree_mod_log_lock acquired. The caller must hold - * this until all tree mod log insertions are recorded in the rb tree and then -- * call tree_mod_log_write_unlock() to release. -+ * write unlock fs_info::tree_mod_log_lock. - */ - static inline int tree_mod_dont_log(struct btrfs_fs_info *fs_info, - struct extent_buffer *eb) { -@@ -491,9 +467,9 @@ static inline int tree_mod_dont_log(struct btrfs_fs_info *fs_info, - if (eb && btrfs_header_level(eb) == 0) - return 1; - -- tree_mod_log_write_lock(fs_info); -+ write_lock(&fs_info->tree_mod_log_lock); - if (list_empty(&(fs_info)->tree_mod_seq_list)) { -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - return 1; - } - -@@ -557,7 +533,7 @@ tree_mod_log_insert_key(struct btrfs_fs_info *fs_info, - } - - ret = __tree_mod_log_insert(fs_info, tm); -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&eb->fs_info->tree_mod_log_lock); - if (ret) - kfree(tm); - -@@ -621,7 +597,7 @@ tree_mod_log_insert_move(struct btrfs_fs_info *fs_info, - ret = __tree_mod_log_insert(fs_info, tm); - if (ret) - goto free_tms; -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&eb->fs_info->tree_mod_log_lock); - kfree(tm_list); - - return 0; -@@ -632,7 +608,7 @@ free_tms: - kfree(tm_list[i]); - } - if (locked) -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&eb->fs_info->tree_mod_log_lock); - kfree(tm_list); - kfree(tm); - -@@ -713,7 +689,7 @@ tree_mod_log_insert_root(struct btrfs_fs_info *fs_info, - if (!ret) - ret = __tree_mod_log_insert(fs_info, tm); - -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - if (ret) - goto free_tms; - kfree(tm_list); -@@ -740,7 +716,7 @@ __tree_mod_log_search(struct btrfs_fs_info *fs_info, u64 start, u64 min_seq, - struct tree_mod_elem *cur = NULL; - struct tree_mod_elem *found = NULL; - -- tree_mod_log_read_lock(fs_info); -+ read_lock(&fs_info->tree_mod_log_lock); - tm_root = &fs_info->tree_mod_log; - node = tm_root->rb_node; - while (node) { -@@ -768,7 +744,7 @@ __tree_mod_log_search(struct btrfs_fs_info *fs_info, u64 start, u64 min_seq, - break; - } - } -- tree_mod_log_read_unlock(fs_info); -+ read_unlock(&fs_info->tree_mod_log_lock); - - return found; - } -@@ -849,7 +825,7 @@ tree_mod_log_eb_copy(struct btrfs_fs_info *fs_info, struct extent_buffer *dst, - goto free_tms; - } - -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - kfree(tm_list); - - return 0; -@@ -861,7 +837,7 @@ free_tms: - kfree(tm_list[i]); - } - if (locked) -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&fs_info->tree_mod_log_lock); - kfree(tm_list); - - return ret; -@@ -921,7 +897,7 @@ tree_mod_log_free_eb(struct btrfs_fs_info *fs_info, struct extent_buffer *eb) - goto free_tms; - - ret = __tree_mod_log_free_eb(fs_info, tm_list, nritems); -- tree_mod_log_write_unlock(fs_info); -+ write_unlock(&eb->fs_info->tree_mod_log_lock); - if (ret) - goto free_tms; - kfree(tm_list); -@@ -1279,7 +1255,7 @@ __tree_mod_log_rewind(struct btrfs_fs_info *fs_info, struct extent_buffer *eb, - unsigned long p_size = sizeof(struct btrfs_key_ptr); - - n = btrfs_header_nritems(eb); -- tree_mod_log_read_lock(fs_info); -+ read_lock(&fs_info->tree_mod_log_lock); - while (tm && tm->seq >= time_seq) { - /* - * all the operations are recorded with the operator used for -@@ -1334,7 +1310,7 @@ __tree_mod_log_rewind(struct btrfs_fs_info *fs_info, struct extent_buffer *eb, - if (tm->logical != first_tm->logical) - break; - } -- tree_mod_log_read_unlock(fs_info); -+ read_unlock(&fs_info->tree_mod_log_lock); - btrfs_set_header_nritems(eb, n); - } - -diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h -index 588760c49fe2..5412b12491cb 100644 ---- a/fs/btrfs/ctree.h -+++ b/fs/btrfs/ctree.h -@@ -869,14 +869,12 @@ struct btrfs_fs_info { - struct list_head delayed_iputs; - struct mutex cleaner_delayed_iput_mutex; - -- /* this protects tree_mod_seq_list */ -- spinlock_t tree_mod_seq_lock; - atomic64_t tree_mod_seq; -- struct list_head tree_mod_seq_list; - -- /* this protects tree_mod_log */ -+ /* this protects tree_mod_log and tree_mod_seq_list */ - rwlock_t tree_mod_log_lock; - struct rb_root tree_mod_log; -+ struct list_head tree_mod_seq_list; - - atomic_t nr_async_submits; - atomic_t async_submit_draining; -@@ -2408,32 +2406,6 @@ static inline u32 btrfs_file_extent_inline_item_len( - return btrfs_item_size(eb, e) - BTRFS_FILE_EXTENT_INLINE_DATA_START; - } - --/* this returns the number of file bytes represented by the inline item. -- * If an item is compressed, this is the uncompressed size -- */ --static inline u32 btrfs_file_extent_inline_len(const struct extent_buffer *eb, -- int slot, -- const struct btrfs_file_extent_item *fi) --{ -- struct btrfs_map_token token; -- -- btrfs_init_map_token(&token); -- /* -- * return the space used on disk if this item isn't -- * compressed or encoded -- */ -- if (btrfs_token_file_extent_compression(eb, fi, &token) == 0 && -- btrfs_token_file_extent_encryption(eb, fi, &token) == 0 && -- btrfs_token_file_extent_other_encoding(eb, fi, &token) == 0) { -- return btrfs_file_extent_inline_item_len(eb, -- btrfs_item_nr(slot)); -- } -- -- /* otherwise use the ram bytes field */ -- return btrfs_token_file_extent_ram_bytes(eb, fi, &token); --} -- -- - /* btrfs_dev_stats_item */ - static inline u64 btrfs_dev_stats_value(const struct extent_buffer *eb, - const struct btrfs_dev_stats_item *ptr, -diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c -index d56bd3625468..45714f1c43a3 100644 ---- a/fs/btrfs/delayed-ref.c -+++ b/fs/btrfs/delayed-ref.c -@@ -281,7 +281,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans, - if (head->is_data) - return; - -- spin_lock(&fs_info->tree_mod_seq_lock); -+ read_lock(&fs_info->tree_mod_log_lock); - if (!list_empty(&fs_info->tree_mod_seq_list)) { - struct seq_list *elem; - -@@ -289,7 +289,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans, - struct seq_list, list); - seq = elem->seq; - } -- spin_unlock(&fs_info->tree_mod_seq_lock); -+ read_unlock(&fs_info->tree_mod_log_lock); - - ref = list_first_entry(&head->ref_list, struct btrfs_delayed_ref_node, - list); -@@ -317,7 +317,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, - struct seq_list *elem; - int ret = 0; - -- spin_lock(&fs_info->tree_mod_seq_lock); -+ read_lock(&fs_info->tree_mod_log_lock); - if (!list_empty(&fs_info->tree_mod_seq_list)) { - elem = list_first_entry(&fs_info->tree_mod_seq_list, - struct seq_list, list); -@@ -331,7 +331,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, - } - } - -- spin_unlock(&fs_info->tree_mod_seq_lock); -+ read_unlock(&fs_info->tree_mod_log_lock); - return ret; - } - -diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c -index a8ea56218d6b..44b15617c7b9 100644 ---- a/fs/btrfs/disk-io.c -+++ b/fs/btrfs/disk-io.c -@@ -2051,7 +2051,7 @@ static void free_root_extent_buffers(struct btrfs_root *root) - } - - /* helper to cleanup tree roots */ --static void free_root_pointers(struct btrfs_fs_info *info, int chunk_root) -+static void free_root_pointers(struct btrfs_fs_info *info, bool free_chunk_root) - { - free_root_extent_buffers(info->tree_root); - -@@ -2060,7 +2060,7 @@ static void free_root_pointers(struct btrfs_fs_info *info, int chunk_root) - free_root_extent_buffers(info->csum_root); - free_root_extent_buffers(info->quota_root); - free_root_extent_buffers(info->uuid_root); -- if (chunk_root) -+ if (free_chunk_root) - free_root_extent_buffers(info->chunk_root); - free_root_extent_buffers(info->free_space_root); - } -@@ -2455,7 +2455,6 @@ int open_ctree(struct super_block *sb, - spin_lock_init(&fs_info->fs_roots_radix_lock); - spin_lock_init(&fs_info->delayed_iput_lock); - spin_lock_init(&fs_info->defrag_inodes_lock); -- spin_lock_init(&fs_info->tree_mod_seq_lock); - spin_lock_init(&fs_info->super_lock); - spin_lock_init(&fs_info->qgroup_op_lock); - spin_lock_init(&fs_info->buffer_lock); -@@ -3069,7 +3068,7 @@ fail_block_groups: - btrfs_put_block_group_cache(fs_info); - - fail_tree_roots: -- free_root_pointers(fs_info, 1); -+ free_root_pointers(fs_info, true); - invalidate_inode_pages2(fs_info->btree_inode->i_mapping); - - fail_sb_buffer: -@@ -3097,7 +3096,7 @@ recovery_tree_root: - if (!btrfs_test_opt(fs_info, USEBACKUPROOT)) - goto fail_tree_roots; - -- free_root_pointers(fs_info, 0); -+ free_root_pointers(fs_info, false); - - /* don't use the log in recovery mode, it won't be valid */ - btrfs_set_super_log_root(disk_super, 0); -@@ -3761,10 +3760,17 @@ void close_ctree(struct btrfs_fs_info *fs_info) - invalidate_inode_pages2(fs_info->btree_inode->i_mapping); - btrfs_stop_all_workers(fs_info); - -- btrfs_free_block_groups(fs_info); -- - clear_bit(BTRFS_FS_OPEN, &fs_info->flags); -- free_root_pointers(fs_info, 1); -+ free_root_pointers(fs_info, true); -+ -+ /* -+ * We must free the block groups after dropping the fs_roots as we could -+ * have had an IO error and have left over tree log blocks that aren't -+ * cleaned up until the fs roots are freed. This makes the block group -+ * accounting appear to be wrong because there's pending reserved bytes, -+ * so make sure we do the block group cleanup afterwards. -+ */ -+ btrfs_free_block_groups(fs_info); - - iput(fs_info->btree_inode); - -diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c -index fced434bbddc..a8be9478ca3e 100644 ---- a/fs/btrfs/extent_io.c -+++ b/fs/btrfs/extent_io.c -@@ -4048,6 +4048,14 @@ retry: - */ - scanned = 1; - index = 0; -+ -+ /* -+ * If we're looping we could run into a page that is locked by a -+ * writer and that writer could be waiting on writeback for a -+ * page in our current bio, and thus deadlock, so flush the -+ * write bio here. -+ */ -+ flush_write_bio(data); - goto retry; - } - -diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c -index fdcb41002623..702b3606ad0e 100644 ---- a/fs/btrfs/file-item.c -+++ b/fs/btrfs/file-item.c -@@ -955,7 +955,7 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, - btrfs_file_extent_num_bytes(leaf, fi); - } else if (type == BTRFS_FILE_EXTENT_INLINE) { - size_t size; -- size = btrfs_file_extent_inline_len(leaf, slot, fi); -+ size = btrfs_file_extent_ram_bytes(leaf, fi); - extent_end = ALIGN(extent_start + size, - fs_info->sectorsize); - } -diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c -index c68ce3412dc1..725544ec9c84 100644 ---- a/fs/btrfs/file.c -+++ b/fs/btrfs/file.c -@@ -784,8 +784,7 @@ next_slot: - btrfs_file_extent_num_bytes(leaf, fi); - } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { - extent_end = key.offset + -- btrfs_file_extent_inline_len(leaf, -- path->slots[0], fi); -+ btrfs_file_extent_ram_bytes(leaf, fi); - } else { - /* can't happen */ - BUG(); -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index f2dc517768f0..abecc4724a3b 100644 ---- a/fs/btrfs/inode.c -+++ b/fs/btrfs/inode.c -@@ -1476,8 +1476,7 @@ next_slot: - nocow = 1; - } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { - extent_end = found_key.offset + -- btrfs_file_extent_inline_len(leaf, -- path->slots[0], fi); -+ btrfs_file_extent_ram_bytes(leaf, fi); - extent_end = ALIGN(extent_end, - fs_info->sectorsize); - } else { -@@ -4651,8 +4650,8 @@ search_again: - BTRFS_I(inode), leaf, fi, - found_key.offset); - } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { -- item_end += btrfs_file_extent_inline_len(leaf, -- path->slots[0], fi); -+ item_end += btrfs_file_extent_ram_bytes(leaf, -+ fi); - - trace_btrfs_truncate_show_fi_inline( - BTRFS_I(inode), leaf, fi, path->slots[0], -@@ -7167,7 +7166,8 @@ again: - extent_start); - } else if (found_type == BTRFS_FILE_EXTENT_INLINE) { - size_t size; -- size = btrfs_file_extent_inline_len(leaf, path->slots[0], item); -+ -+ size = btrfs_file_extent_ram_bytes(leaf, item); - extent_end = ALIGN(extent_start + size, - fs_info->sectorsize); - -@@ -7218,7 +7218,7 @@ next: - if (new_inline) - goto out; - -- size = btrfs_file_extent_inline_len(leaf, path->slots[0], item); -+ size = btrfs_file_extent_ram_bytes(leaf, item); - extent_offset = page_offset(page) + pg_offset - extent_start; - copy_size = min_t(u64, PAGE_SIZE - pg_offset, - size - extent_offset); -diff --git a/fs/btrfs/print-tree.c b/fs/btrfs/print-tree.c -index 569205e651c7..47336d4b19d8 100644 ---- a/fs/btrfs/print-tree.c -+++ b/fs/btrfs/print-tree.c -@@ -259,8 +259,8 @@ void btrfs_print_leaf(struct extent_buffer *l) - struct btrfs_file_extent_item); - if (btrfs_file_extent_type(l, fi) == - BTRFS_FILE_EXTENT_INLINE) { -- pr_info("\t\tinline extent data size %u\n", -- btrfs_file_extent_inline_len(l, i, fi)); -+ pr_info("\t\tinline extent data size %llu\n", -+ btrfs_file_extent_ram_bytes(l, fi)); - break; - } - pr_info("\t\textent data disk bytenr %llu nr %llu\n", -diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c -index 1211fdcd425d..ca15d65a2070 100644 ---- a/fs/btrfs/send.c -+++ b/fs/btrfs/send.c -@@ -1545,7 +1545,7 @@ static int read_symlink(struct btrfs_root *root, - BUG_ON(compression); - - off = btrfs_file_extent_inline_start(ei); -- len = btrfs_file_extent_inline_len(path->nodes[0], path->slots[0], ei); -+ len = btrfs_file_extent_ram_bytes(path->nodes[0], ei); - - ret = fs_path_add_from_extent_buffer(dest, path->nodes[0], off, len); - -@@ -5195,7 +5195,7 @@ static int clone_range(struct send_ctx *sctx, - ei = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); - type = btrfs_file_extent_type(leaf, ei); - if (type == BTRFS_FILE_EXTENT_INLINE) { -- ext_len = btrfs_file_extent_inline_len(leaf, slot, ei); -+ ext_len = btrfs_file_extent_ram_bytes(leaf, ei); - ext_len = PAGE_ALIGN(ext_len); - } else { - ext_len = btrfs_file_extent_num_bytes(leaf, ei); -@@ -5271,8 +5271,7 @@ static int send_write_or_clone(struct send_ctx *sctx, - struct btrfs_file_extent_item); - type = btrfs_file_extent_type(path->nodes[0], ei); - if (type == BTRFS_FILE_EXTENT_INLINE) { -- len = btrfs_file_extent_inline_len(path->nodes[0], -- path->slots[0], ei); -+ len = btrfs_file_extent_ram_bytes(path->nodes[0], ei); - /* - * it is possible the inline item won't cover the whole page, - * but there may be items after this page. Make -@@ -5405,7 +5404,7 @@ static int is_extent_unchanged(struct send_ctx *sctx, - } - - if (right_type == BTRFS_FILE_EXTENT_INLINE) { -- right_len = btrfs_file_extent_inline_len(eb, slot, ei); -+ right_len = btrfs_file_extent_ram_bytes(eb, ei); - right_len = PAGE_ALIGN(right_len); - } else { - right_len = btrfs_file_extent_num_bytes(eb, ei); -@@ -5526,8 +5525,7 @@ static int get_last_extent(struct send_ctx *sctx, u64 offset) - struct btrfs_file_extent_item); - type = btrfs_file_extent_type(path->nodes[0], fi); - if (type == BTRFS_FILE_EXTENT_INLINE) { -- u64 size = btrfs_file_extent_inline_len(path->nodes[0], -- path->slots[0], fi); -+ u64 size = btrfs_file_extent_ram_bytes(path->nodes[0], fi); - extent_end = ALIGN(key.offset + size, - sctx->send_root->fs_info->sectorsize); - } else { -@@ -5590,7 +5588,7 @@ static int range_is_hole_in_parent(struct send_ctx *sctx, - fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); - if (btrfs_file_extent_type(leaf, fi) == - BTRFS_FILE_EXTENT_INLINE) { -- u64 size = btrfs_file_extent_inline_len(leaf, slot, fi); -+ u64 size = btrfs_file_extent_ram_bytes(leaf, fi); - - extent_end = ALIGN(key.offset + size, - root->fs_info->sectorsize); -@@ -5636,8 +5634,7 @@ static int maybe_send_hole(struct send_ctx *sctx, struct btrfs_path *path, - struct btrfs_file_extent_item); - type = btrfs_file_extent_type(path->nodes[0], fi); - if (type == BTRFS_FILE_EXTENT_INLINE) { -- u64 size = btrfs_file_extent_inline_len(path->nodes[0], -- path->slots[0], fi); -+ u64 size = btrfs_file_extent_ram_bytes(path->nodes[0], fi); - extent_end = ALIGN(key->offset + size, - sctx->send_root->fs_info->sectorsize); - } else { -diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c -index d3f25376a0f8..6c92101e8092 100644 ---- a/fs/btrfs/tests/btrfs-tests.c -+++ b/fs/btrfs/tests/btrfs-tests.c -@@ -115,7 +115,6 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(u32 nodesize, u32 sectorsize) - spin_lock_init(&fs_info->qgroup_op_lock); - spin_lock_init(&fs_info->super_lock); - spin_lock_init(&fs_info->fs_roots_radix_lock); -- spin_lock_init(&fs_info->tree_mod_seq_lock); - mutex_init(&fs_info->qgroup_ioctl_lock); - mutex_init(&fs_info->qgroup_rescan_lock); - rwlock_init(&fs_info->tree_mod_log_lock); -diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c -index fa8f56e6f665..a066ad581976 100644 ---- a/fs/btrfs/transaction.c -+++ b/fs/btrfs/transaction.c -@@ -1948,6 +1948,14 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans) - struct btrfs_transaction *prev_trans = NULL; - int ret; - -+ /* -+ * Some places just start a transaction to commit it. We need to make -+ * sure that if this commit fails that the abort code actually marks the -+ * transaction as failed, so set trans->dirty to make the abort code do -+ * the right thing. -+ */ -+ trans->dirty = true; -+ - /* Stop the commit early if ->aborted is set */ - if (unlikely(READ_ONCE(cur_trans->aborted))) { - ret = cur_trans->aborted; -diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c -index 98c397eb054c..0b62c8080af0 100644 ---- a/fs/btrfs/tree-log.c -+++ b/fs/btrfs/tree-log.c -@@ -619,7 +619,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, - if (btrfs_file_extent_disk_bytenr(eb, item) == 0) - nbytes = 0; - } else if (found_type == BTRFS_FILE_EXTENT_INLINE) { -- size = btrfs_file_extent_inline_len(eb, slot, item); -+ size = btrfs_file_extent_ram_bytes(eb, item); - nbytes = btrfs_file_extent_ram_bytes(eb, item); - extent_end = ALIGN(start + size, - fs_info->sectorsize); -@@ -3758,7 +3758,7 @@ static int log_inode_item(struct btrfs_trans_handle *trans, - static noinline int copy_items(struct btrfs_trans_handle *trans, - struct btrfs_inode *inode, - struct btrfs_path *dst_path, -- struct btrfs_path *src_path, u64 *last_extent, -+ struct btrfs_path *src_path, - int start_slot, int nr, int inode_only, - u64 logged_isize) - { -@@ -3769,7 +3769,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - struct btrfs_file_extent_item *extent; - struct btrfs_inode_item *inode_item; - struct extent_buffer *src = src_path->nodes[0]; -- struct btrfs_key first_key, last_key, key; - int ret; - struct btrfs_key *ins_keys; - u32 *ins_sizes; -@@ -3777,9 +3776,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - int i; - struct list_head ordered_sums; - int skip_csum = inode->flags & BTRFS_INODE_NODATASUM; -- bool has_extents = false; -- bool need_find_last_extent = true; -- bool done = false; - - INIT_LIST_HEAD(&ordered_sums); - -@@ -3788,8 +3784,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - if (!ins_data) - return -ENOMEM; - -- first_key.objectid = (u64)-1; -- - ins_sizes = (u32 *)ins_data; - ins_keys = (struct btrfs_key *)(ins_data + nr * sizeof(u32)); - -@@ -3810,9 +3804,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - - src_offset = btrfs_item_ptr_offset(src, start_slot + i); - -- if (i == nr - 1) -- last_key = ins_keys[i]; -- - if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) { - inode_item = btrfs_item_ptr(dst_path->nodes[0], - dst_path->slots[0], -@@ -3826,20 +3817,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - src_offset, ins_sizes[i]); - } - -- /* -- * We set need_find_last_extent here in case we know we were -- * processing other items and then walk into the first extent in -- * the inode. If we don't hit an extent then nothing changes, -- * we'll do the last search the next time around. -- */ -- if (ins_keys[i].type == BTRFS_EXTENT_DATA_KEY) { -- has_extents = true; -- if (first_key.objectid == (u64)-1) -- first_key = ins_keys[i]; -- } else { -- need_find_last_extent = false; -- } -- - /* take a reference on file data extents so that truncates - * or deletes of this inode don't have to relog the inode - * again -@@ -3905,169 +3882,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, - kfree(sums); - } - -- if (!has_extents) -- return ret; -- -- if (need_find_last_extent && *last_extent == first_key.offset) { -- /* -- * We don't have any leafs between our current one and the one -- * we processed before that can have file extent items for our -- * inode (and have a generation number smaller than our current -- * transaction id). -- */ -- need_find_last_extent = false; -- } -- -- /* -- * Because we use btrfs_search_forward we could skip leaves that were -- * not modified and then assume *last_extent is valid when it really -- * isn't. So back up to the previous leaf and read the end of the last -- * extent before we go and fill in holes. -- */ -- if (need_find_last_extent) { -- u64 len; -- -- ret = btrfs_prev_leaf(inode->root, src_path); -- if (ret < 0) -- return ret; -- if (ret) -- goto fill_holes; -- if (src_path->slots[0]) -- src_path->slots[0]--; -- src = src_path->nodes[0]; -- btrfs_item_key_to_cpu(src, &key, src_path->slots[0]); -- if (key.objectid != btrfs_ino(inode) || -- key.type != BTRFS_EXTENT_DATA_KEY) -- goto fill_holes; -- extent = btrfs_item_ptr(src, src_path->slots[0], -- struct btrfs_file_extent_item); -- if (btrfs_file_extent_type(src, extent) == -- BTRFS_FILE_EXTENT_INLINE) { -- len = btrfs_file_extent_inline_len(src, -- src_path->slots[0], -- extent); -- *last_extent = ALIGN(key.offset + len, -- fs_info->sectorsize); -- } else { -- len = btrfs_file_extent_num_bytes(src, extent); -- *last_extent = key.offset + len; -- } -- } --fill_holes: -- /* So we did prev_leaf, now we need to move to the next leaf, but a few -- * things could have happened -- * -- * 1) A merge could have happened, so we could currently be on a leaf -- * that holds what we were copying in the first place. -- * 2) A split could have happened, and now not all of the items we want -- * are on the same leaf. -- * -- * So we need to adjust how we search for holes, we need to drop the -- * path and re-search for the first extent key we found, and then walk -- * forward until we hit the last one we copied. -- */ -- if (need_find_last_extent) { -- /* btrfs_prev_leaf could return 1 without releasing the path */ -- btrfs_release_path(src_path); -- ret = btrfs_search_slot(NULL, inode->root, &first_key, -- src_path, 0, 0); -- if (ret < 0) -- return ret; -- ASSERT(ret == 0); -- src = src_path->nodes[0]; -- i = src_path->slots[0]; -- } else { -- i = start_slot; -- } -- -- /* -- * Ok so here we need to go through and fill in any holes we may have -- * to make sure that holes are punched for those areas in case they had -- * extents previously. -- */ -- while (!done) { -- u64 offset, len; -- u64 extent_end; -- -- if (i >= btrfs_header_nritems(src_path->nodes[0])) { -- ret = btrfs_next_leaf(inode->root, src_path); -- if (ret < 0) -- return ret; -- ASSERT(ret == 0); -- src = src_path->nodes[0]; -- i = 0; -- need_find_last_extent = true; -- } -- -- btrfs_item_key_to_cpu(src, &key, i); -- if (!btrfs_comp_cpu_keys(&key, &last_key)) -- done = true; -- if (key.objectid != btrfs_ino(inode) || -- key.type != BTRFS_EXTENT_DATA_KEY) { -- i++; -- continue; -- } -- extent = btrfs_item_ptr(src, i, struct btrfs_file_extent_item); -- if (btrfs_file_extent_type(src, extent) == -- BTRFS_FILE_EXTENT_INLINE) { -- len = btrfs_file_extent_inline_len(src, i, extent); -- extent_end = ALIGN(key.offset + len, -- fs_info->sectorsize); -- } else { -- len = btrfs_file_extent_num_bytes(src, extent); -- extent_end = key.offset + len; -- } -- i++; -- -- if (*last_extent == key.offset) { -- *last_extent = extent_end; -- continue; -- } -- offset = *last_extent; -- len = key.offset - *last_extent; -- ret = btrfs_insert_file_extent(trans, log, btrfs_ino(inode), -- offset, 0, 0, len, 0, len, 0, 0, 0); -- if (ret) -- break; -- *last_extent = extent_end; -- } -- -- /* -- * Check if there is a hole between the last extent found in our leaf -- * and the first extent in the next leaf. If there is one, we need to -- * log an explicit hole so that at replay time we can punch the hole. -- */ -- if (ret == 0 && -- key.objectid == btrfs_ino(inode) && -- key.type == BTRFS_EXTENT_DATA_KEY && -- i == btrfs_header_nritems(src_path->nodes[0])) { -- ret = btrfs_next_leaf(inode->root, src_path); -- need_find_last_extent = true; -- if (ret > 0) { -- ret = 0; -- } else if (ret == 0) { -- btrfs_item_key_to_cpu(src_path->nodes[0], &key, -- src_path->slots[0]); -- if (key.objectid == btrfs_ino(inode) && -- key.type == BTRFS_EXTENT_DATA_KEY && -- *last_extent < key.offset) { -- const u64 len = key.offset - *last_extent; -- -- ret = btrfs_insert_file_extent(trans, log, -- btrfs_ino(inode), -- *last_extent, 0, -- 0, len, 0, len, -- 0, 0, 0); -- *last_extent += len; -- } -- } -- } -- /* -- * Need to let the callers know we dropped the path so they should -- * re-search. -- */ -- if (!ret && need_find_last_extent) -- ret = 1; - return ret; - } - -@@ -4340,7 +4154,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, - const u64 i_size = i_size_read(&inode->vfs_inode); - const u64 ino = btrfs_ino(inode); - struct btrfs_path *dst_path = NULL; -- u64 last_extent = (u64)-1; -+ bool dropped_extents = false; - int ins_nr = 0; - int start_slot; - int ret; -@@ -4362,8 +4176,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, - if (slot >= btrfs_header_nritems(leaf)) { - if (ins_nr > 0) { - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, start_slot, -- ins_nr, 1, 0); -+ start_slot, ins_nr, 1, 0); - if (ret < 0) - goto out; - ins_nr = 0; -@@ -4387,8 +4200,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, - path->slots[0]++; - continue; - } -- if (last_extent == (u64)-1) { -- last_extent = key.offset; -+ if (!dropped_extents) { - /* - * Avoid logging extent items logged in past fsync calls - * and leading to duplicate keys in the log tree. -@@ -4402,6 +4214,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, - } while (ret == -EAGAIN); - if (ret) - goto out; -+ dropped_extents = true; - } - if (ins_nr == 0) - start_slot = slot; -@@ -4416,7 +4229,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, - } - } - if (ins_nr > 0) { -- ret = copy_items(trans, inode, dst_path, path, &last_extent, -+ ret = copy_items(trans, inode, dst_path, path, - start_slot, ins_nr, 1, 0); - if (ret > 0) - ret = 0; -@@ -4610,13 +4423,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans, - - if (slot >= nritems) { - if (ins_nr > 0) { -- u64 last_extent = 0; -- - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, start_slot, -- ins_nr, 1, 0); -- /* can't be 1, extent items aren't processed */ -- ASSERT(ret <= 0); -+ start_slot, ins_nr, 1, 0); - if (ret < 0) - return ret; - ins_nr = 0; -@@ -4640,13 +4448,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans, - cond_resched(); - } - if (ins_nr > 0) { -- u64 last_extent = 0; -- - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, start_slot, -- ins_nr, 1, 0); -- /* can't be 1, extent items aren't processed */ -- ASSERT(ret <= 0); -+ start_slot, ins_nr, 1, 0); - if (ret < 0) - return ret; - } -@@ -4655,109 +4458,119 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans, - } - - /* -- * If the no holes feature is enabled we need to make sure any hole between the -- * last extent and the i_size of our inode is explicitly marked in the log. This -- * is to make sure that doing something like: -- * -- * 1) create file with 128Kb of data -- * 2) truncate file to 64Kb -- * 3) truncate file to 256Kb -- * 4) fsync file -- * 5) -- * 6) mount fs and trigger log replay -- * -- * Will give us a file with a size of 256Kb, the first 64Kb of data match what -- * the file had in its first 64Kb of data at step 1 and the last 192Kb of the -- * file correspond to a hole. The presence of explicit holes in a log tree is -- * what guarantees that log replay will remove/adjust file extent items in the -- * fs/subvol tree. -- * -- * Here we do not need to care about holes between extents, that is already done -- * by copy_items(). We also only need to do this in the full sync path, where we -- * lookup for extents from the fs/subvol tree only. In the fast path case, we -- * lookup the list of modified extent maps and if any represents a hole, we -- * insert a corresponding extent representing a hole in the log tree. -+ * When using the NO_HOLES feature if we punched a hole that causes the -+ * deletion of entire leafs or all the extent items of the first leaf (the one -+ * that contains the inode item and references) we may end up not processing -+ * any extents, because there are no leafs with a generation matching the -+ * current transaction that have extent items for our inode. So we need to find -+ * if any holes exist and then log them. We also need to log holes after any -+ * truncate operation that changes the inode's size. - */ --static int btrfs_log_trailing_hole(struct btrfs_trans_handle *trans, -- struct btrfs_root *root, -- struct btrfs_inode *inode, -- struct btrfs_path *path) -+static int btrfs_log_holes(struct btrfs_trans_handle *trans, -+ struct btrfs_root *root, -+ struct btrfs_inode *inode, -+ struct btrfs_path *path) - { - struct btrfs_fs_info *fs_info = root->fs_info; -- int ret; - struct btrfs_key key; -- u64 hole_start; -- u64 hole_size; -- struct extent_buffer *leaf; -- struct btrfs_root *log = root->log_root; - const u64 ino = btrfs_ino(inode); - const u64 i_size = i_size_read(&inode->vfs_inode); -+ u64 prev_extent_end = 0; -+ int ret; - -- if (!btrfs_fs_incompat(fs_info, NO_HOLES)) -+ if (!btrfs_fs_incompat(fs_info, NO_HOLES) || i_size == 0) - return 0; - - key.objectid = ino; - key.type = BTRFS_EXTENT_DATA_KEY; -- key.offset = (u64)-1; -+ key.offset = 0; - - ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); -- ASSERT(ret != 0); - if (ret < 0) - return ret; - -- ASSERT(path->slots[0] > 0); -- path->slots[0]--; -- leaf = path->nodes[0]; -- btrfs_item_key_to_cpu(leaf, &key, path->slots[0]); -- -- if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY) { -- /* inode does not have any extents */ -- hole_start = 0; -- hole_size = i_size; -- } else { -+ while (true) { - struct btrfs_file_extent_item *extent; -+ struct extent_buffer *leaf = path->nodes[0]; - u64 len; - -- /* -- * If there's an extent beyond i_size, an explicit hole was -- * already inserted by copy_items(). -- */ -- if (key.offset >= i_size) -- return 0; -+ if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) { -+ ret = btrfs_next_leaf(root, path); -+ if (ret < 0) -+ return ret; -+ if (ret > 0) { -+ ret = 0; -+ break; -+ } -+ leaf = path->nodes[0]; -+ } -+ -+ btrfs_item_key_to_cpu(leaf, &key, path->slots[0]); -+ if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY) -+ break; -+ -+ /* We have a hole, log it. */ -+ if (prev_extent_end < key.offset) { -+ const u64 hole_len = key.offset - prev_extent_end; -+ -+ /* -+ * Release the path to avoid deadlocks with other code -+ * paths that search the root while holding locks on -+ * leafs from the log root. -+ */ -+ btrfs_release_path(path); -+ ret = btrfs_insert_file_extent(trans, root->log_root, -+ ino, prev_extent_end, 0, -+ 0, hole_len, 0, hole_len, -+ 0, 0, 0); -+ if (ret < 0) -+ return ret; -+ -+ /* -+ * Search for the same key again in the root. Since it's -+ * an extent item and we are holding the inode lock, the -+ * key must still exist. If it doesn't just emit warning -+ * and return an error to fall back to a transaction -+ * commit. -+ */ -+ ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); -+ if (ret < 0) -+ return ret; -+ if (WARN_ON(ret > 0)) -+ return -ENOENT; -+ leaf = path->nodes[0]; -+ } - - extent = btrfs_item_ptr(leaf, path->slots[0], - struct btrfs_file_extent_item); -- - if (btrfs_file_extent_type(leaf, extent) == - BTRFS_FILE_EXTENT_INLINE) { -- len = btrfs_file_extent_inline_len(leaf, -- path->slots[0], -- extent); -- ASSERT(len == i_size || -- (len == fs_info->sectorsize && -- btrfs_file_extent_compression(leaf, extent) != -- BTRFS_COMPRESS_NONE) || -- (len < i_size && i_size < fs_info->sectorsize)); -- return 0; -+ len = btrfs_file_extent_ram_bytes(leaf, extent); -+ prev_extent_end = ALIGN(key.offset + len, -+ fs_info->sectorsize); -+ } else { -+ len = btrfs_file_extent_num_bytes(leaf, extent); -+ prev_extent_end = key.offset + len; - } - -- len = btrfs_file_extent_num_bytes(leaf, extent); -- /* Last extent goes beyond i_size, no need to log a hole. */ -- if (key.offset + len > i_size) -- return 0; -- hole_start = key.offset + len; -- hole_size = i_size - hole_start; -+ path->slots[0]++; -+ cond_resched(); - } -- btrfs_release_path(path); - -- /* Last extent ends at i_size. */ -- if (hole_size == 0) -- return 0; -+ if (prev_extent_end < i_size) { -+ u64 hole_len; - -- hole_size = ALIGN(hole_size, fs_info->sectorsize); -- ret = btrfs_insert_file_extent(trans, log, ino, hole_start, 0, 0, -- hole_size, 0, hole_size, 0, 0, 0); -- return ret; -+ btrfs_release_path(path); -+ hole_len = ALIGN(i_size - prev_extent_end, fs_info->sectorsize); -+ ret = btrfs_insert_file_extent(trans, root->log_root, -+ ino, prev_extent_end, 0, 0, -+ hole_len, 0, hole_len, -+ 0, 0, 0); -+ if (ret < 0) -+ return ret; -+ } -+ -+ return 0; - } - - /* -@@ -4925,7 +4738,6 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, - struct btrfs_root *log = root->log_root; - struct extent_buffer *src = NULL; - LIST_HEAD(logged_list); -- u64 last_extent = 0; - int err = 0; - int ret; - int nritems; -@@ -5099,7 +4911,7 @@ again: - ins_start_slot = path->slots[0]; - } - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, ins_start_slot, -+ ins_start_slot, - ins_nr, inode_only, - logged_isize); - if (ret < 0) { -@@ -5153,17 +4965,13 @@ again: - if (ins_nr == 0) - goto next_slot; - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, ins_start_slot, -+ ins_start_slot, - ins_nr, inode_only, logged_isize); - if (ret < 0) { - err = ret; - goto out_unlock; - } - ins_nr = 0; -- if (ret) { -- btrfs_release_path(path); -- continue; -- } - goto next_slot; - } - -@@ -5177,18 +4985,13 @@ again: - goto next_slot; - } - -- ret = copy_items(trans, inode, dst_path, path, &last_extent, -+ ret = copy_items(trans, inode, dst_path, path, - ins_start_slot, ins_nr, inode_only, - logged_isize); - if (ret < 0) { - err = ret; - goto out_unlock; - } -- if (ret) { -- ins_nr = 0; -- btrfs_release_path(path); -- continue; -- } - ins_nr = 1; - ins_start_slot = path->slots[0]; - next_slot: -@@ -5202,13 +5005,12 @@ next_slot: - } - if (ins_nr) { - ret = copy_items(trans, inode, dst_path, path, -- &last_extent, ins_start_slot, -+ ins_start_slot, - ins_nr, inode_only, logged_isize); - if (ret < 0) { - err = ret; - goto out_unlock; - } -- ret = 0; - ins_nr = 0; - } - btrfs_release_path(path); -@@ -5223,14 +5025,13 @@ next_key: - } - } - if (ins_nr) { -- ret = copy_items(trans, inode, dst_path, path, &last_extent, -+ ret = copy_items(trans, inode, dst_path, path, - ins_start_slot, ins_nr, inode_only, - logged_isize); - if (ret < 0) { - err = ret; - goto out_unlock; - } -- ret = 0; - ins_nr = 0; - } - -@@ -5243,7 +5044,7 @@ next_key: - if (max_key.type >= BTRFS_EXTENT_DATA_KEY && !fast_search) { - btrfs_release_path(path); - btrfs_release_path(dst_path); -- err = btrfs_log_trailing_hole(trans, root, inode, path); -+ err = btrfs_log_holes(trans, root, inode, path); - if (err) - goto out_unlock; - } -diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 4eb0a9e7194b..1c87a429ce72 100644 ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -257,9 +257,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) - } - - rc = cifs_negotiate_protocol(0, tcon->ses); -- if (!rc && tcon->ses->need_reconnect) -+ if (!rc && tcon->ses->need_reconnect) { - rc = cifs_setup_session(0, tcon->ses, nls_codepage); -- -+ if ((rc == -EACCES) && !tcon->retry) { -+ rc = -EHOSTDOWN; -+ mutex_unlock(&tcon->ses->session_mutex); -+ goto failed; -+ } -+ } - if (rc || !tcon->need_reconnect) { - mutex_unlock(&tcon->ses->session_mutex); - goto out; -@@ -301,6 +306,7 @@ out: - case SMB2_SET_INFO: - rc = -EAGAIN; - } -+failed: - unload_nls(nls_codepage); - return rc; - } -diff --git a/fs/ext2/super.c b/fs/ext2/super.c -index 13f470636672..4a338576ebb1 100644 ---- a/fs/ext2/super.c -+++ b/fs/ext2/super.c -@@ -1077,9 +1077,9 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) - - if (EXT2_BLOCKS_PER_GROUP(sb) == 0) - goto cantfind_ext2; -- sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) - -- le32_to_cpu(es->s_first_data_block) - 1) -- / EXT2_BLOCKS_PER_GROUP(sb)) + 1; -+ sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) - -+ le32_to_cpu(es->s_first_data_block) - 1) -+ / EXT2_BLOCKS_PER_GROUP(sb)) + 1; - db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) / - EXT2_DESC_PER_BLOCK(sb); - sbi->s_group_desc = kmalloc (db_count * sizeof (struct buffer_head *), GFP_KERNEL); -diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c -index db7590178dfc..9cc79b7b0df1 100644 ---- a/fs/ext4/page-io.c -+++ b/fs/ext4/page-io.c -@@ -481,17 +481,26 @@ int ext4_bio_write_page(struct ext4_io_submit *io, - nr_to_submit) { - gfp_t gfp_flags = GFP_NOFS; - -+ /* -+ * Since bounce page allocation uses a mempool, we can only use -+ * a waiting mask (i.e. request guaranteed allocation) on the -+ * first page of the bio. Otherwise it can deadlock. -+ */ -+ if (io->io_bio) -+ gfp_flags = GFP_NOWAIT | __GFP_NOWARN; - retry_encrypt: - data_page = fscrypt_encrypt_page(inode, page, PAGE_SIZE, 0, - page->index, gfp_flags); - if (IS_ERR(data_page)) { - ret = PTR_ERR(data_page); -- if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) { -- if (io->io_bio) { -+ if (ret == -ENOMEM && -+ (io->io_bio || wbc->sync_mode == WB_SYNC_ALL)) { -+ gfp_flags = GFP_NOFS; -+ if (io->io_bio) - ext4_io_submit(io); -- congestion_wait(BLK_RW_ASYNC, HZ/50); -- } -- gfp_flags |= __GFP_NOFAIL; -+ else -+ gfp_flags |= __GFP_NOFAIL; -+ congestion_wait(BLK_RW_ASYNC, HZ/50); - goto retry_encrypt; - } - data_page = NULL; -diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c -index e4aabfc21bd4..2d021a33914a 100644 ---- a/fs/f2fs/super.c -+++ b/fs/f2fs/super.c -@@ -912,9 +912,11 @@ static int f2fs_statfs_project(struct super_block *sb, - return PTR_ERR(dquot); - spin_lock(&dq_data_lock); - -- limit = (dquot->dq_dqb.dqb_bsoftlimit ? -- dquot->dq_dqb.dqb_bsoftlimit : -- dquot->dq_dqb.dqb_bhardlimit) >> sb->s_blocksize_bits; -+ limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, -+ dquot->dq_dqb.dqb_bhardlimit); -+ if (limit) -+ limit >>= sb->s_blocksize_bits; -+ - if (limit && buf->f_blocks > limit) { - curblock = dquot->dq_dqb.dqb_curspace >> sb->s_blocksize_bits; - buf->f_blocks = limit; -@@ -923,9 +925,9 @@ static int f2fs_statfs_project(struct super_block *sb, - (buf->f_blocks - curblock) : 0; - } - -- limit = dquot->dq_dqb.dqb_isoftlimit ? -- dquot->dq_dqb.dqb_isoftlimit : -- dquot->dq_dqb.dqb_ihardlimit; -+ limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, -+ dquot->dq_dqb.dqb_ihardlimit); -+ - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = -diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig -index 5f93cfacb3d1..ac3e06367cb6 100644 ---- a/fs/nfs/Kconfig -+++ b/fs/nfs/Kconfig -@@ -89,7 +89,7 @@ config NFS_V4 - config NFS_SWAP - bool "Provide swap over NFS support" - default n -- depends on NFS_FS -+ depends on NFS_FS && SWAP - select SUNRPC_SWAP - help - This option enables swapon to work on files located on NFS mounts. -diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c -index 50c181fa0025..673d89bb817e 100644 ---- a/fs/nfs/dir.c -+++ b/fs/nfs/dir.c -@@ -169,6 +169,17 @@ typedef struct { - bool eof; - } nfs_readdir_descriptor_t; - -+static -+void nfs_readdir_init_array(struct page *page) -+{ -+ struct nfs_cache_array *array; -+ -+ array = kmap_atomic(page); -+ memset(array, 0, sizeof(struct nfs_cache_array)); -+ array->eof_index = -1; -+ kunmap_atomic(array); -+} -+ - /* - * we are freeing strings created by nfs_add_to_readdir_array() - */ -@@ -181,6 +192,7 @@ void nfs_readdir_clear_array(struct page *page) - array = kmap_atomic(page); - for (i = 0; i < array->size; i++) - kfree(array->array[i].string.name); -+ array->size = 0; - kunmap_atomic(array); - } - -@@ -617,6 +629,8 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page, - int status = -ENOMEM; - unsigned int array_size = ARRAY_SIZE(pages); - -+ nfs_readdir_init_array(page); -+ - entry.prev_cookie = 0; - entry.cookie = desc->last_cookie; - entry.eof = 0; -@@ -633,8 +647,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page, - } - - array = kmap(page); -- memset(array, 0, sizeof(struct nfs_cache_array)); -- array->eof_index = -1; - - status = nfs_readdir_alloc_pages(pages, array_size); - if (status < 0) -@@ -688,6 +700,7 @@ int nfs_readdir_filler(nfs_readdir_descriptor_t *desc, struct page* page) - unlock_page(page); - return 0; - error: -+ nfs_readdir_clear_array(page); - unlock_page(page); - return ret; - } -@@ -695,8 +708,6 @@ int nfs_readdir_filler(nfs_readdir_descriptor_t *desc, struct page* page) - static - void cache_page_release(nfs_readdir_descriptor_t *desc) - { -- if (!desc->page->mapping) -- nfs_readdir_clear_array(desc->page); - put_page(desc->page); - desc->page = NULL; - } -@@ -710,19 +721,28 @@ struct page *get_cache_page(nfs_readdir_descriptor_t *desc) - - /* - * Returns 0 if desc->dir_cookie was found on page desc->page_index -+ * and locks the page to prevent removal from the page cache. - */ - static --int find_cache_page(nfs_readdir_descriptor_t *desc) -+int find_and_lock_cache_page(nfs_readdir_descriptor_t *desc) - { - int res; - - desc->page = get_cache_page(desc); - if (IS_ERR(desc->page)) - return PTR_ERR(desc->page); -- -- res = nfs_readdir_search_array(desc); -+ res = lock_page_killable(desc->page); - if (res != 0) -- cache_page_release(desc); -+ goto error; -+ res = -EAGAIN; -+ if (desc->page->mapping != NULL) { -+ res = nfs_readdir_search_array(desc); -+ if (res == 0) -+ return 0; -+ } -+ unlock_page(desc->page); -+error: -+ cache_page_release(desc); - return res; - } - -@@ -737,7 +757,7 @@ int readdir_search_pagecache(nfs_readdir_descriptor_t *desc) - desc->last_cookie = 0; - } - do { -- res = find_cache_page(desc); -+ res = find_and_lock_cache_page(desc); - } while (res == -EAGAIN); - return res; - } -@@ -776,7 +796,6 @@ int nfs_do_filldir(nfs_readdir_descriptor_t *desc) - desc->eof = 1; - - kunmap(desc->page); -- cache_page_release(desc); - dfprintk(DIRCACHE, "NFS: nfs_do_filldir() filling ended @ cookie %Lu; returning = %d\n", - (unsigned long long)*desc->dir_cookie, res); - return res; -@@ -822,13 +841,13 @@ int uncached_readdir(nfs_readdir_descriptor_t *desc) - - status = nfs_do_filldir(desc); - -+ out_release: -+ nfs_readdir_clear_array(desc->page); -+ cache_page_release(desc); - out: - dfprintk(DIRCACHE, "NFS: %s: returns %d\n", - __func__, status); - return status; -- out_release: -- cache_page_release(desc); -- goto out; - } - - /* The file offset position represents the dirent entry number. A -@@ -893,6 +912,8 @@ static int nfs_readdir(struct file *file, struct dir_context *ctx) - break; - - res = nfs_do_filldir(desc); -+ unlock_page(desc->page); -+ cache_page_release(desc); - if (res < 0) - break; - } while (!desc->eof); -diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c -index 9cdac9945483..9d07b53e1647 100644 ---- a/fs/nfs/direct.c -+++ b/fs/nfs/direct.c -@@ -261,10 +261,10 @@ static int nfs_direct_cmp_commit_data_verf(struct nfs_direct_req *dreq, - data->ds_commit_index); - - /* verifier not set so always fail */ -- if (verfp->committed < 0) -+ if (verfp->committed < 0 || data->res.verf->committed <= NFS_UNSTABLE) - return 1; - -- return nfs_direct_cmp_verf(verfp, &data->verf); -+ return nfs_direct_cmp_verf(verfp, data->res.verf); - } - - /** -diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c -index 6cd33bd5da87..f1cb0b7eb05f 100644 ---- a/fs/nfs/nfs3xdr.c -+++ b/fs/nfs/nfs3xdr.c -@@ -2373,6 +2373,7 @@ static int nfs3_xdr_dec_commit3res(struct rpc_rqst *req, - void *data) - { - struct nfs_commitres *result = data; -+ struct nfs_writeverf *verf = result->verf; - enum nfs_stat status; - int error; - -@@ -2385,7 +2386,9 @@ static int nfs3_xdr_dec_commit3res(struct rpc_rqst *req, - result->op_status = status; - if (status != NFS3_OK) - goto out_status; -- error = decode_writeverf3(xdr, &result->verf->verifier); -+ error = decode_writeverf3(xdr, &verf->verifier); -+ if (!error) -+ verf->committed = NFS_FILE_SYNC; - out: - return error; - out_status: -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index 3dd403943b07..4d45786738ab 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -2923,6 +2923,11 @@ static struct nfs4_state *nfs4_do_open(struct inode *dir, - exception.retry = 1; - continue; - } -+ if (status == -NFS4ERR_EXPIRED) { -+ nfs4_schedule_lease_recovery(server->nfs_client); -+ exception.retry = 1; -+ continue; -+ } - if (status == -EAGAIN) { - /* We must have found a delegation */ - exception.retry = 1; -diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c -index 525684b0056f..0b2d051990e9 100644 ---- a/fs/nfs/nfs4xdr.c -+++ b/fs/nfs/nfs4xdr.c -@@ -4409,11 +4409,14 @@ static int decode_write_verifier(struct xdr_stream *xdr, struct nfs_write_verifi - - static int decode_commit(struct xdr_stream *xdr, struct nfs_commitres *res) - { -+ struct nfs_writeverf *verf = res->verf; - int status; - - status = decode_op_hdr(xdr, OP_COMMIT); - if (!status) -- status = decode_write_verifier(xdr, &res->verf->verifier); -+ status = decode_write_verifier(xdr, &verf->verifier); -+ if (!status) -+ verf->committed = NFS_FILE_SYNC; - return status; - } - -diff --git a/fs/nfs/pnfs_nfs.c b/fs/nfs/pnfs_nfs.c -index 4a3dd66175fe..b0ef37f3e2dd 100644 ---- a/fs/nfs/pnfs_nfs.c -+++ b/fs/nfs/pnfs_nfs.c -@@ -30,12 +30,11 @@ EXPORT_SYMBOL_GPL(pnfs_generic_rw_release); - /* Fake up some data that will cause nfs_commit_release to retry the writes. */ - void pnfs_generic_prepare_to_resend_writes(struct nfs_commit_data *data) - { -- struct nfs_page *first = nfs_list_entry(data->pages.next); -+ struct nfs_writeverf *verf = data->res.verf; - - data->task.tk_status = 0; -- memcpy(&data->verf.verifier, &first->wb_verf, -- sizeof(data->verf.verifier)); -- data->verf.verifier.data[0]++; /* ensure verifier mismatch */ -+ memset(&verf->verifier, 0, sizeof(verf->verifier)); -+ verf->committed = NFS_UNSTABLE; - } - EXPORT_SYMBOL_GPL(pnfs_generic_prepare_to_resend_writes); - -diff --git a/fs/nfs/write.c b/fs/nfs/write.c -index ed3f5afc4ff7..89f36040adf6 100644 ---- a/fs/nfs/write.c -+++ b/fs/nfs/write.c -@@ -1807,6 +1807,7 @@ static void nfs_commit_done(struct rpc_task *task, void *calldata) - - static void nfs_commit_release_pages(struct nfs_commit_data *data) - { -+ const struct nfs_writeverf *verf = data->res.verf; - struct nfs_page *req; - int status = data->task.tk_status; - struct nfs_commit_info cinfo; -@@ -1833,7 +1834,8 @@ static void nfs_commit_release_pages(struct nfs_commit_data *data) - - /* Okay, COMMIT succeeded, apparently. Check the verifier - * returned by the server against all stored verfs. */ -- if (!nfs_write_verifier_cmp(&req->wb_verf, &data->verf.verifier)) { -+ if (verf->committed > NFS_UNSTABLE && -+ !nfs_write_verifier_cmp(&req->wb_verf, &verf->verifier)) { - /* We have a match */ - if (req->wb_page) - nfs_inode_remove_request(req); -diff --git a/fs/nfsd/nfs4layouts.c b/fs/nfsd/nfs4layouts.c -index ea45d954e8d7..99add0cf20ff 100644 ---- a/fs/nfsd/nfs4layouts.c -+++ b/fs/nfsd/nfs4layouts.c -@@ -683,7 +683,7 @@ nfsd4_cb_layout_done(struct nfsd4_callback *cb, struct rpc_task *task) - - /* Client gets 2 lease periods to return it */ - cutoff = ktime_add_ns(task->tk_start, -- nn->nfsd4_lease * NSEC_PER_SEC * 2); -+ (u64)nn->nfsd4_lease * NSEC_PER_SEC * 2); - - if (ktime_before(now, cutoff)) { - rpc_delay(task, HZ/100); /* 10 mili-seconds */ -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c -index fc13236d1be1..fca8b2e7fbeb 100644 ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -6040,7 +6040,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, - } - - if (fl_flags & FL_SLEEP) { -- nbl->nbl_time = jiffies; -+ nbl->nbl_time = get_seconds(); - spin_lock(&nn->blocked_locks_lock); - list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); - list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); -diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h -index 133d8bf62a5c..7872b1ead885 100644 ---- a/fs/nfsd/state.h -+++ b/fs/nfsd/state.h -@@ -591,7 +591,7 @@ static inline bool nfsd4_stateid_generation_after(stateid_t *a, stateid_t *b) - struct nfsd4_blocked_lock { - struct list_head nbl_list; - struct list_head nbl_lru; -- unsigned long nbl_time; -+ time_t nbl_time; - struct file_lock nbl_lock; - struct knfsd_fh nbl_fh; - struct nfsd4_callback nbl_cb; -diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c -index 4e6e32c0c08a..358abc26dbc0 100644 ---- a/fs/ubifs/dir.c -+++ b/fs/ubifs/dir.c -@@ -253,6 +253,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, - if (nm.hash) { - ubifs_assert(fname_len(&nm) == 0); - ubifs_assert(fname_name(&nm) == NULL); -+ if (nm.hash & ~UBIFS_S_KEY_HASH_MASK) -+ goto done; /* ENOENT */ - dent_key_init_hash(c, &key, dir->i_ino, nm.hash); - err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash); - } else { -diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c -index a02aa59d1e24..46e5a58c4b05 100644 ---- a/fs/ubifs/file.c -+++ b/fs/ubifs/file.c -@@ -797,7 +797,9 @@ static int ubifs_do_bulk_read(struct ubifs_info *c, struct bu_info *bu, - - if (page_offset > end_index) - break; -- page = find_or_create_page(mapping, page_offset, ra_gfp_mask); -+ page = pagecache_get_page(mapping, page_offset, -+ FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT, -+ ra_gfp_mask); - if (!page) - break; - if (!PageUptodate(page)) -diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c -index fdc311246807..1f6d16105990 100644 ---- a/fs/ubifs/ioctl.c -+++ b/fs/ubifs/ioctl.c -@@ -28,6 +28,11 @@ - #include - #include "ubifs.h" - -+/* Need to be kept consistent with checked flags in ioctl2ubifs() */ -+#define UBIFS_SUPPORTED_IOCTL_FLAGS \ -+ (FS_COMPR_FL | FS_SYNC_FL | FS_APPEND_FL | \ -+ FS_IMMUTABLE_FL | FS_DIRSYNC_FL) -+ - /** - * ubifs_set_inode_flags - set VFS inode flags. - * @inode: VFS inode to set flags for -@@ -124,7 +129,8 @@ static int setflags(struct inode *inode, int flags) - } - } - -- ui->flags = ioctl2ubifs(flags); -+ ui->flags &= ~ioctl2ubifs(UBIFS_SUPPORTED_IOCTL_FLAGS); -+ ui->flags |= ioctl2ubifs(flags); - ubifs_set_inode_flags(inode); - inode->i_ctime = current_time(inode); - release = ui->dirty; -@@ -166,6 +172,9 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - if (get_user(flags, (int __user *) arg)) - return -EFAULT; - -+ if (flags & ~UBIFS_SUPPORTED_IOCTL_FLAGS) -+ return -EOPNOTSUPP; -+ - if (!S_ISDIR(inode->i_mode)) - flags &= ~FS_DIRSYNC_FL; - -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 7668c68ddb5b..30376715a607 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -695,7 +695,7 @@ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len); - int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); - struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); - bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); --unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn); -+unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn); - void mark_page_dirty(struct kvm *kvm, gfn_t gfn); - - struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu); -diff --git a/include/media/v4l2-rect.h b/include/media/v4l2-rect.h -index d2125f0cc7cd..1584c760b993 100644 ---- a/include/media/v4l2-rect.h -+++ b/include/media/v4l2-rect.h -@@ -75,10 +75,10 @@ static inline void v4l2_rect_map_inside(struct v4l2_rect *r, - r->left = boundary->left; - if (r->top < boundary->top) - r->top = boundary->top; -- if (r->left + r->width > boundary->width) -- r->left = boundary->width - r->width; -- if (r->top + r->height > boundary->height) -- r->top = boundary->height - r->height; -+ if (r->left + r->width > boundary->left + boundary->width) -+ r->left = boundary->left + boundary->width - r->width; -+ if (r->top + r->height > boundary->top + boundary->height) -+ r->top = boundary->top + boundary->height - r->height; - } - - /** -diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h -index 32d0c1fe2bfa..3ebada29a313 100644 ---- a/include/trace/events/btrfs.h -+++ b/include/trace/events/btrfs.h -@@ -325,7 +325,7 @@ DECLARE_EVENT_CLASS( - __entry->extent_type = btrfs_file_extent_type(l, fi); - __entry->compression = btrfs_file_extent_compression(l, fi); - __entry->extent_start = start; -- __entry->extent_end = (start + btrfs_file_extent_inline_len(l, slot, fi)); -+ __entry->extent_end = (start + btrfs_file_extent_ram_bytes(l, fi)); - ), - - TP_printk_btrfs( -diff --git a/kernel/events/core.c b/kernel/events/core.c -index 2ac73b4cb8a9..845c8a1a9d30 100644 ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -5441,7 +5441,15 @@ accounting: - */ - user_lock_limit *= num_online_cpus(); - -- user_locked = atomic_long_read(&user->locked_vm) + user_extra; -+ user_locked = atomic_long_read(&user->locked_vm); -+ -+ /* -+ * sysctl_perf_event_mlock may have changed, so that -+ * user->locked_vm > user_lock_limit -+ */ -+ if (user_locked > user_lock_limit) -+ user_locked = user_lock_limit; -+ user_locked += user_extra; - - if (user_locked > user_lock_limit) - extra = user_locked - user_lock_limit; -diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c -index 0f0e7975a309..b269ae16b10c 100644 ---- a/kernel/irq/irqdomain.c -+++ b/kernel/irq/irqdomain.c -@@ -1538,6 +1538,7 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg) - if (rv) { - /* Restore the original irq_data. */ - *root_irq_data = *child_irq_data; -+ kfree(child_irq_data); - goto error; - } - -diff --git a/kernel/module.c b/kernel/module.c -index feb1e0fbc3e8..2806c9b6577c 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -1730,6 +1730,8 @@ static int module_add_modinfo_attrs(struct module *mod) - error_out: - if (i > 0) - module_remove_modinfo_attrs(mod, --i); -+ else -+ kfree(mod->modinfo_attrs); - return error; - } - -diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index f4255a65c44b..9eece67f29f3 100644 ---- a/kernel/time/alarmtimer.c -+++ b/kernel/time/alarmtimer.c -@@ -91,6 +91,7 @@ static int alarmtimer_rtc_add_device(struct device *dev, - unsigned long flags; - struct rtc_device *rtc = to_rtc_device(dev); - struct wakeup_source *__ws; -+ int ret = 0; - - if (rtcdev) - return -EBUSY; -@@ -105,8 +106,8 @@ static int alarmtimer_rtc_add_device(struct device *dev, - spin_lock_irqsave(&rtcdev_lock, flags); - if (!rtcdev) { - if (!try_module_get(rtc->owner)) { -- spin_unlock_irqrestore(&rtcdev_lock, flags); -- return -1; -+ ret = -1; -+ goto unlock; - } - - rtcdev = rtc; -@@ -115,11 +116,12 @@ static int alarmtimer_rtc_add_device(struct device *dev, - ws = __ws; - __ws = NULL; - } -+unlock: - spin_unlock_irqrestore(&rtcdev_lock, flags); - - wakeup_source_unregister(__ws); - -- return 0; -+ return ret; - } - - static inline void alarmtimer_rtc_timer_init(void) -diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c -index 3b71d859ee38..825d24df921a 100644 ---- a/kernel/time/clocksource.c -+++ b/kernel/time/clocksource.c -@@ -280,8 +280,15 @@ static void clocksource_watchdog(unsigned long data) - next_cpu = cpumask_next(raw_smp_processor_id(), cpu_online_mask); - if (next_cpu >= nr_cpu_ids) - next_cpu = cpumask_first(cpu_online_mask); -- watchdog_timer.expires += WATCHDOG_INTERVAL; -- add_timer_on(&watchdog_timer, next_cpu); -+ -+ /* -+ * Arm timer if not already pending: could race with concurrent -+ * pair clocksource_stop_watchdog() clocksource_start_watchdog(). -+ */ -+ if (!timer_pending(&watchdog_timer)) { -+ watchdog_timer.expires += WATCHDOG_INTERVAL; -+ add_timer_on(&watchdog_timer, next_cpu); -+ } - out: - spin_unlock(&watchdog_lock); - } -diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 3864d2341442..8974ecbcca3c 100644 ---- a/kernel/trace/ftrace.c -+++ b/kernel/trace/ftrace.c -@@ -5146,8 +5146,8 @@ static const struct file_operations ftrace_notrace_fops = { - - static DEFINE_MUTEX(graph_lock); - --struct ftrace_hash *ftrace_graph_hash = EMPTY_HASH; --struct ftrace_hash *ftrace_graph_notrace_hash = EMPTY_HASH; -+struct ftrace_hash __rcu *ftrace_graph_hash = EMPTY_HASH; -+struct ftrace_hash __rcu *ftrace_graph_notrace_hash = EMPTY_HASH; - - enum graph_filter_type { - GRAPH_FILTER_NOTRACE = 0, -@@ -5419,8 +5419,15 @@ ftrace_graph_release(struct inode *inode, struct file *file) - - mutex_unlock(&graph_lock); - -- /* Wait till all users are no longer using the old hash */ -- synchronize_sched(); -+ /* -+ * We need to do a hard force of sched synchronization. -+ * This is because we use preempt_disable() to do RCU, but -+ * the function tracers can be called where RCU is not watching -+ * (like before user_exit()). We can not rely on the RCU -+ * infrastructure to do the synchronization, thus we must do it -+ * ourselves. -+ */ -+ schedule_on_each_cpu(ftrace_sync); - - free_ftrace_hash(old_hash); - } -diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index dbb212c40a41..c4c61ebb8d05 100644 ---- a/kernel/trace/trace.h -+++ b/kernel/trace/trace.h -@@ -868,22 +868,31 @@ extern void __trace_graph_return(struct trace_array *tr, - unsigned long flags, int pc); - - #ifdef CONFIG_DYNAMIC_FTRACE --extern struct ftrace_hash *ftrace_graph_hash; --extern struct ftrace_hash *ftrace_graph_notrace_hash; -+extern struct ftrace_hash __rcu *ftrace_graph_hash; -+extern struct ftrace_hash __rcu *ftrace_graph_notrace_hash; - - static inline int ftrace_graph_addr(struct ftrace_graph_ent *trace) - { - unsigned long addr = trace->func; - int ret = 0; -+ struct ftrace_hash *hash; - - preempt_disable_notrace(); - -- if (ftrace_hash_empty(ftrace_graph_hash)) { -+ /* -+ * Have to open code "rcu_dereference_sched()" because the -+ * function graph tracer can be called when RCU is not -+ * "watching". -+ * Protected with schedule_on_each_cpu(ftrace_sync) -+ */ -+ hash = rcu_dereference_protected(ftrace_graph_hash, !preemptible()); -+ -+ if (ftrace_hash_empty(hash)) { - ret = 1; - goto out; - } - -- if (ftrace_lookup_ip(ftrace_graph_hash, addr)) { -+ if (ftrace_lookup_ip(hash, addr)) { - - /* - * This needs to be cleared on the return functions -@@ -919,10 +928,20 @@ static inline void ftrace_graph_addr_finish(struct ftrace_graph_ret *trace) - static inline int ftrace_graph_notrace_addr(unsigned long addr) - { - int ret = 0; -+ struct ftrace_hash *notrace_hash; - - preempt_disable_notrace(); - -- if (ftrace_lookup_ip(ftrace_graph_notrace_hash, addr)) -+ /* -+ * Have to open code "rcu_dereference_sched()" because the -+ * function graph tracer can be called when RCU is not -+ * "watching". -+ * Protected with schedule_on_each_cpu(ftrace_sync) -+ */ -+ notrace_hash = rcu_dereference_protected(ftrace_graph_notrace_hash, -+ !preemptible()); -+ -+ if (ftrace_lookup_ip(notrace_hash, addr)) - ret = 1; - - preempt_enable_notrace(); -diff --git a/kernel/trace/trace_sched_switch.c b/kernel/trace/trace_sched_switch.c -index e288168661e1..e304196d7c28 100644 ---- a/kernel/trace/trace_sched_switch.c -+++ b/kernel/trace/trace_sched_switch.c -@@ -89,8 +89,10 @@ static void tracing_sched_unregister(void) - - static void tracing_start_sched_switch(int ops) - { -- bool sched_register = (!sched_cmdline_ref && !sched_tgid_ref); -+ bool sched_register; -+ - mutex_lock(&sched_register_mutex); -+ sched_register = (!sched_cmdline_ref && !sched_tgid_ref); - - switch (ops) { - case RECORD_CMDLINE: -diff --git a/lib/test_kasan.c b/lib/test_kasan.c -index d6e46dd1350b..1399d1000130 100644 ---- a/lib/test_kasan.c -+++ b/lib/test_kasan.c -@@ -126,6 +126,7 @@ static noinline void __init kmalloc_oob_krealloc_more(void) - if (!ptr1 || !ptr2) { - pr_err("Allocation failed\n"); - kfree(ptr1); -+ kfree(ptr2); - return; - } - -diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c -index 56080da4aa77..5fee6ec7c93d 100644 ---- a/net/hsr/hsr_slave.c -+++ b/net/hsr/hsr_slave.c -@@ -32,6 +32,8 @@ static rx_handler_result_t hsr_handle_frame(struct sk_buff **pskb) - - rcu_read_lock(); /* hsr->node_db, hsr->ports */ - port = hsr_port_get_rcu(skb->dev); -+ if (!port) -+ goto finish_pass; - - if (hsr_addr_is_self(port->hsr, eth_hdr(skb)->h_source)) { - /* Directly kill frames sent by ourselves */ -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c -index db1eceda2359..0c69b66d93d7 100644 ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -2363,9 +2363,11 @@ int tcp_disconnect(struct sock *sk, int flags) - tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; - tp->snd_cwnd_cnt = 0; - tp->window_clamp = 0; -+ tp->delivered = 0; - tcp_set_ca_state(sk, TCP_CA_Open); - tp->is_sack_reneg = 0; - tcp_clear_retrans(tp); -+ tp->total_retrans = 0; - inet_csk_delack_init(sk); - /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0 - * issue in __tcp_select_window() -@@ -2377,8 +2379,12 @@ int tcp_disconnect(struct sock *sk, int flags) - dst_release(sk->sk_rx_dst); - sk->sk_rx_dst = NULL; - tcp_saved_syn_free(tp); -+ tp->segs_in = 0; -+ tp->segs_out = 0; - tp->bytes_acked = 0; - tp->bytes_received = 0; -+ tp->data_segs_in = 0; -+ tp->data_segs_out = 0; - - /* Clean up fastopen related fields */ - tcp_free_fastopen_req(tp); -diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c -index b9be0360ab94..b8c90f8d1a57 100644 ---- a/net/l2tp/l2tp_core.c -+++ b/net/l2tp/l2tp_core.c -@@ -358,8 +358,13 @@ static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel, - - spin_lock_bh(&pn->l2tp_session_hlist_lock); - -+ /* IP encap expects session IDs to be globally unique, while -+ * UDP encap doesn't. -+ */ - hlist_for_each_entry(session_walk, g_head, global_hlist) -- if (session_walk->session_id == session->session_id) { -+ if (session_walk->session_id == session->session_id && -+ (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP || -+ tunnel->encap == L2TP_ENCAPTYPE_IP)) { - err = -EEXIST; - goto err_tlock_pnlock; - } -diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h -index 71c7f1dd4599..b5581b0b9480 100644 ---- a/net/rxrpc/ar-internal.h -+++ b/net/rxrpc/ar-internal.h -@@ -451,6 +451,7 @@ enum rxrpc_call_flag { - RXRPC_CALL_SEND_PING, /* A ping will need to be sent */ - RXRPC_CALL_PINGING, /* Ping in process */ - RXRPC_CALL_RETRANS_TIMEOUT, /* Retransmission due to timeout occurred */ -+ RXRPC_CALL_DISCONNECTED, /* The call has been disconnected */ - }; - - /* -diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c -index ddaa471a2607..7021725fa38a 100644 ---- a/net/rxrpc/call_object.c -+++ b/net/rxrpc/call_object.c -@@ -505,7 +505,7 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) - - _debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn); - -- if (conn) -+ if (conn && !test_bit(RXRPC_CALL_DISCONNECTED, &call->flags)) - rxrpc_disconnect_call(call); - - for (i = 0; i < RXRPC_RXTX_BUFF_SIZE; i++) { -@@ -639,6 +639,7 @@ static void rxrpc_rcu_destroy_call(struct rcu_head *rcu) - { - struct rxrpc_call *call = container_of(rcu, struct rxrpc_call, rcu); - -+ rxrpc_put_connection(call->conn); - rxrpc_put_peer(call->peer); - kfree(call->rxtx_buffer); - kfree(call->rxtx_annotations); -@@ -660,7 +661,6 @@ void rxrpc_cleanup_call(struct rxrpc_call *call) - - ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE); - ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags)); -- ASSERTCMP(call->conn, ==, NULL); - - /* Clean up the Rx/Tx buffer */ - for (i = 0; i < RXRPC_RXTX_BUFF_SIZE; i++) -diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c -index 0aa4bf09fb9c..05d17ec63635 100644 ---- a/net/rxrpc/conn_client.c -+++ b/net/rxrpc/conn_client.c -@@ -762,9 +762,9 @@ void rxrpc_disconnect_client_call(struct rxrpc_call *call) - struct rxrpc_net *rxnet = rxrpc_net(sock_net(&call->socket->sk)); - - trace_rxrpc_client(conn, channel, rxrpc_client_chan_disconnect); -- call->conn = NULL; - - spin_lock(&conn->channel_lock); -+ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags); - - /* Calls that have never actually been assigned a channel can simply be - * discarded. If the conn didn't get used either, it will follow -@@ -863,7 +863,6 @@ out: - spin_unlock(&rxnet->client_conn_cache_lock); - out_2: - spin_unlock(&conn->channel_lock); -- rxrpc_put_connection(conn); - _leave(""); - return; - -diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c -index a48c817b792b..af0232820597 100644 ---- a/net/rxrpc/conn_object.c -+++ b/net/rxrpc/conn_object.c -@@ -207,9 +207,8 @@ void rxrpc_disconnect_call(struct rxrpc_call *call) - __rxrpc_disconnect_call(conn, call); - spin_unlock(&conn->channel_lock); - -- call->conn = NULL; -+ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags); - conn->idle_timestamp = jiffies; -- rxrpc_put_connection(conn); - } - - /* -diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c -index ea506a77f3c8..18ce6f97462b 100644 ---- a/net/rxrpc/input.c -+++ b/net/rxrpc/input.c -@@ -585,8 +585,7 @@ ack: - immediate_ack, true, - rxrpc_propose_ack_input_data); - -- if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1) -- rxrpc_notify_socket(call); -+ rxrpc_notify_socket(call); - _leave(" [queued]"); - } - -diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c -index edddbacf33bc..9619c56ef4cd 100644 ---- a/net/rxrpc/output.c -+++ b/net/rxrpc/output.c -@@ -96,7 +96,7 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_call *call, - */ - int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping) - { -- struct rxrpc_connection *conn = NULL; -+ struct rxrpc_connection *conn; - struct rxrpc_ack_buffer *pkt; - struct msghdr msg; - struct kvec iov[2]; -@@ -106,18 +106,14 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping) - int ret; - u8 reason; - -- spin_lock_bh(&call->lock); -- if (call->conn) -- conn = rxrpc_get_connection_maybe(call->conn); -- spin_unlock_bh(&call->lock); -- if (!conn) -+ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags)) - return -ECONNRESET; - - pkt = kzalloc(sizeof(*pkt), GFP_KERNEL); -- if (!pkt) { -- rxrpc_put_connection(conn); -+ if (!pkt) - return -ENOMEM; -- } -+ -+ conn = call->conn; - - msg.msg_name = &call->peer->srx.transport; - msg.msg_namelen = call->peer->srx.transport_len; -@@ -204,7 +200,6 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping) - } - - out: -- rxrpc_put_connection(conn); - kfree(pkt); - return ret; - } -@@ -214,20 +209,18 @@ out: - */ - int rxrpc_send_abort_packet(struct rxrpc_call *call) - { -- struct rxrpc_connection *conn = NULL; -+ struct rxrpc_connection *conn; - struct rxrpc_abort_buffer pkt; - struct msghdr msg; - struct kvec iov[1]; - rxrpc_serial_t serial; - int ret; - -- spin_lock_bh(&call->lock); -- if (call->conn) -- conn = rxrpc_get_connection_maybe(call->conn); -- spin_unlock_bh(&call->lock); -- if (!conn) -+ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags)) - return -ECONNRESET; - -+ conn = call->conn; -+ - msg.msg_name = &call->peer->srx.transport; - msg.msg_namelen = call->peer->srx.transport_len; - msg.msg_control = NULL; -@@ -255,7 +248,6 @@ int rxrpc_send_abort_packet(struct rxrpc_call *call) - ret = kernel_sendmsg(conn->params.local->socket, - &msg, iov, 1, sizeof(pkt)); - -- rxrpc_put_connection(conn); - return ret; - } - -diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h -index cf325625c99d..89259819e9ed 100644 ---- a/net/sched/cls_rsvp.h -+++ b/net/sched/cls_rsvp.h -@@ -475,10 +475,8 @@ static u32 gen_tunnel(struct rsvp_head *data) - - static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = { - [TCA_RSVP_CLASSID] = { .type = NLA_U32 }, -- [TCA_RSVP_DST] = { .type = NLA_BINARY, -- .len = RSVP_DST_LEN * sizeof(u32) }, -- [TCA_RSVP_SRC] = { .type = NLA_BINARY, -- .len = RSVP_DST_LEN * sizeof(u32) }, -+ [TCA_RSVP_DST] = { .len = RSVP_DST_LEN * sizeof(u32) }, -+ [TCA_RSVP_SRC] = { .len = RSVP_DST_LEN * sizeof(u32) }, - [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, - }; - -diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c -index 75c7c7cc7499..796b4e1beb12 100644 ---- a/net/sched/cls_tcindex.c -+++ b/net/sched/cls_tcindex.c -@@ -351,12 +351,31 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, - cp->fall_through = p->fall_through; - cp->tp = tp; - -+ if (tb[TCA_TCINDEX_HASH]) -+ cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]); -+ -+ if (tb[TCA_TCINDEX_MASK]) -+ cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]); -+ -+ if (tb[TCA_TCINDEX_SHIFT]) -+ cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]); -+ -+ if (!cp->hash) { -+ /* Hash not specified, use perfect hash if the upper limit -+ * of the hashing index is below the threshold. -+ */ -+ if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD) -+ cp->hash = (cp->mask >> cp->shift) + 1; -+ else -+ cp->hash = DEFAULT_HASH_SIZE; -+ } -+ - if (p->perfect) { - int i; - - if (tcindex_alloc_perfect_hash(cp) < 0) - goto errout; -- for (i = 0; i < cp->hash; i++) -+ for (i = 0; i < min(cp->hash, p->hash); i++) - cp->perfect[i].res = p->perfect[i].res; - balloc = 1; - } -@@ -364,19 +383,10 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, - - err = tcindex_filter_result_init(&new_filter_result); - if (err < 0) -- goto errout1; -+ goto errout_alloc; - if (old_r) - cr = r->res; - -- if (tb[TCA_TCINDEX_HASH]) -- cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]); -- -- if (tb[TCA_TCINDEX_MASK]) -- cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]); -- -- if (tb[TCA_TCINDEX_SHIFT]) -- cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]); -- - err = -EBUSY; - - /* Hash already allocated, make sure that we still meet the -@@ -394,16 +404,6 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, - if (tb[TCA_TCINDEX_FALL_THROUGH]) - cp->fall_through = nla_get_u32(tb[TCA_TCINDEX_FALL_THROUGH]); - -- if (!cp->hash) { -- /* Hash not specified, use perfect hash if the upper limit -- * of the hashing index is below the threshold. -- */ -- if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD) -- cp->hash = (cp->mask >> cp->shift) + 1; -- else -- cp->hash = DEFAULT_HASH_SIZE; -- } -- - if (!cp->perfect && !cp->h) - cp->alloc_hash = cp->hash; - -@@ -502,7 +502,6 @@ errout_alloc: - tcindex_free_perfect_hash(cp); - else if (balloc == 2) - kfree(cp->h); --errout1: - tcf_exts_destroy(&new_filter_result.exts); - errout: - kfree(cp); -diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c -index cc08cb1292a9..a457e7afb768 100644 ---- a/net/sunrpc/auth_gss/svcauth_gss.c -+++ b/net/sunrpc/auth_gss/svcauth_gss.c -@@ -1188,6 +1188,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, - dprintk("RPC: No creds found!\n"); - goto out; - } else { -+ struct timespec64 boot; - - /* steal creds */ - rsci.cred = ud->creds; -@@ -1208,6 +1209,9 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, - &expiry, GFP_KERNEL); - if (status) - goto out; -+ -+ getboottime64(&boot); -+ expiry -= boot.tv_sec; - } - - rsci.h.expiry_time = expiry; -diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c -index 6614512f8180..736b76ec8cf0 100644 ---- a/net/vmw_vsock/hyperv_transport.c -+++ b/net/vmw_vsock/hyperv_transport.c -@@ -144,28 +144,15 @@ struct hvsock { - **************************************************************************** - * The only valid Service GUIDs, from the perspectives of both the host and * - * Linux VM, that can be connected by the other end, must conform to this * -- * format: -facb-11e6-bd58-64006a7986d3, and the "port" must be in * -- * this range [0, 0x7FFFFFFF]. * -+ * format: -facb-11e6-bd58-64006a7986d3. * - **************************************************************************** - * - * When we write apps on the host to connect(), the GUID ServiceID is used. - * When we write apps in Linux VM to connect(), we only need to specify the - * port and the driver will form the GUID and use that to request the host. - * -- * From the perspective of Linux VM: -- * 1. the local ephemeral port (i.e. the local auto-bound port when we call -- * connect() without explicit bind()) is generated by __vsock_bind_stream(), -- * and the range is [1024, 0xFFFFFFFF). -- * 2. the remote ephemeral port (i.e. the auto-generated remote port for -- * a connect request initiated by the host's connect()) is generated by -- * hvs_remote_addr_init() and the range is [0x80000000, 0xFFFFFFFF). - */ - --#define MAX_LISTEN_PORT ((u32)0x7FFFFFFF) --#define MAX_VM_LISTEN_PORT MAX_LISTEN_PORT --#define MAX_HOST_LISTEN_PORT MAX_LISTEN_PORT --#define MIN_HOST_EPHEMERAL_PORT (MAX_HOST_LISTEN_PORT + 1) -- - /* 00000000-facb-11e6-bd58-64006a7986d3 */ - static const uuid_le srv_id_template = - UUID_LE(0x00000000, 0xfacb, 0x11e6, 0xbd, 0x58, -@@ -188,33 +175,6 @@ static void hvs_addr_init(struct sockaddr_vm *addr, const uuid_le *svr_id) - vsock_addr_init(addr, VMADDR_CID_ANY, port); - } - --static void hvs_remote_addr_init(struct sockaddr_vm *remote, -- struct sockaddr_vm *local) --{ -- static u32 host_ephemeral_port = MIN_HOST_EPHEMERAL_PORT; -- struct sock *sk; -- -- vsock_addr_init(remote, VMADDR_CID_ANY, VMADDR_PORT_ANY); -- -- while (1) { -- /* Wrap around ? */ -- if (host_ephemeral_port < MIN_HOST_EPHEMERAL_PORT || -- host_ephemeral_port == VMADDR_PORT_ANY) -- host_ephemeral_port = MIN_HOST_EPHEMERAL_PORT; -- -- remote->svm_port = host_ephemeral_port++; -- -- sk = vsock_find_connected_socket(remote, local); -- if (!sk) { -- /* Found an available ephemeral port */ -- return; -- } -- -- /* Release refcnt got in vsock_find_connected_socket */ -- sock_put(sk); -- } --} -- - static void hvs_set_channel_pending_send_size(struct vmbus_channel *chan) - { - set_channel_pending_send_size(chan, -@@ -342,12 +302,7 @@ static void hvs_open_connection(struct vmbus_channel *chan) - if_type = &chan->offermsg.offer.if_type; - if_instance = &chan->offermsg.offer.if_instance; - conn_from_host = chan->offermsg.offer.u.pipe.user_def[0]; -- -- /* The host or the VM should only listen on a port in -- * [0, MAX_LISTEN_PORT] -- */ -- if (!is_valid_srv_id(if_type) || -- get_port_by_srv_id(if_type) > MAX_LISTEN_PORT) -+ if (!is_valid_srv_id(if_type)) - return; - - hvs_addr_init(&addr, conn_from_host ? if_type : if_instance); -@@ -372,6 +327,13 @@ static void hvs_open_connection(struct vmbus_channel *chan) - - new->sk_state = TCP_SYN_SENT; - vnew = vsock_sk(new); -+ -+ hvs_addr_init(&vnew->local_addr, if_type); -+ -+ /* Remote peer is always the host */ -+ vsock_addr_init(&vnew->remote_addr, -+ VMADDR_CID_HOST, VMADDR_PORT_ANY); -+ vnew->remote_addr.svm_port = get_port_by_srv_id(if_instance); - hvs_new = vnew->trans; - hvs_new->chan = chan; - } else { -@@ -411,8 +373,6 @@ static void hvs_open_connection(struct vmbus_channel *chan) - sk->sk_ack_backlog++; - - hvs_addr_init(&vnew->local_addr, if_type); -- hvs_remote_addr_init(&vnew->remote_addr, &vnew->local_addr); -- - hvs_new->vm_srv_id = *if_type; - hvs_new->host_srv_id = *if_instance; - -@@ -717,16 +677,6 @@ static bool hvs_stream_is_active(struct vsock_sock *vsk) - - static bool hvs_stream_allow(u32 cid, u32 port) - { -- /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) is -- * reserved as ephemeral ports, which are used as the host's ports -- * when the host initiates connections. -- * -- * Perform this check in the guest so an immediate error is produced -- * instead of a timeout. -- */ -- if (port > MAX_HOST_LISTEN_PORT) -- return false; -- - if (cid == VMADDR_CID_HOST) - return true; - -diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile -index c1dc632d4ea4..3460036621e4 100644 ---- a/samples/bpf/Makefile -+++ b/samples/bpf/Makefile -@@ -184,7 +184,7 @@ all: $(LIBBPF) - - clean: - $(MAKE) -C ../../ M=$(CURDIR) clean -- @rm -f *~ -+ @find $(CURDIR) -type f -name '*~' -delete - - $(LIBBPF): FORCE - $(MAKE) -C $(dir $@) $(notdir $@) -diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c -index c0939a0164a6..aeb65d7d4cb3 100644 ---- a/sound/drivers/dummy.c -+++ b/sound/drivers/dummy.c -@@ -933,7 +933,7 @@ static void print_formats(struct snd_dummy *dummy, - { - int i; - -- for (i = 0; i < SNDRV_PCM_FORMAT_LAST; i++) { -+ for (i = 0; i <= SNDRV_PCM_FORMAT_LAST; i++) { - if (dummy->pcm_hw.formats & (1ULL << i)) - snd_iprintf(buffer, " %s", snd_pcm_format_name(i)); - } -diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index 70e1a60a2e98..89f772ed4705 100644 ---- a/sound/soc/soc-pcm.c -+++ b/sound/soc/soc-pcm.c -@@ -2123,42 +2123,81 @@ int dpcm_be_dai_trigger(struct snd_soc_pcm_runtime *fe, int stream, - } - EXPORT_SYMBOL_GPL(dpcm_be_dai_trigger); - -+static int dpcm_dai_trigger_fe_be(struct snd_pcm_substream *substream, -+ int cmd, bool fe_first) -+{ -+ struct snd_soc_pcm_runtime *fe = substream->private_data; -+ int ret; -+ -+ /* call trigger on the frontend before the backend. */ -+ if (fe_first) { -+ dev_dbg(fe->dev, "ASoC: pre trigger FE %s cmd %d\n", -+ fe->dai_link->name, cmd); -+ -+ ret = soc_pcm_trigger(substream, cmd); -+ if (ret < 0) -+ return ret; -+ -+ ret = dpcm_be_dai_trigger(fe, substream->stream, cmd); -+ return ret; -+ } -+ -+ /* call trigger on the frontend after the backend. */ -+ ret = dpcm_be_dai_trigger(fe, substream->stream, cmd); -+ if (ret < 0) -+ return ret; -+ -+ dev_dbg(fe->dev, "ASoC: post trigger FE %s cmd %d\n", -+ fe->dai_link->name, cmd); -+ -+ ret = soc_pcm_trigger(substream, cmd); -+ -+ return ret; -+} -+ - static int dpcm_fe_dai_do_trigger(struct snd_pcm_substream *substream, int cmd) - { - struct snd_soc_pcm_runtime *fe = substream->private_data; -- int stream = substream->stream, ret; -+ int stream = substream->stream; -+ int ret = 0; - enum snd_soc_dpcm_trigger trigger = fe->dai_link->trigger[stream]; - - fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; - - switch (trigger) { - case SND_SOC_DPCM_TRIGGER_PRE: -- /* call trigger on the frontend before the backend. */ -- -- dev_dbg(fe->dev, "ASoC: pre trigger FE %s cmd %d\n", -- fe->dai_link->name, cmd); -- -- ret = soc_pcm_trigger(substream, cmd); -- if (ret < 0) { -- dev_err(fe->dev,"ASoC: trigger FE failed %d\n", ret); -- goto out; -+ switch (cmd) { -+ case SNDRV_PCM_TRIGGER_START: -+ case SNDRV_PCM_TRIGGER_RESUME: -+ case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: -+ ret = dpcm_dai_trigger_fe_be(substream, cmd, true); -+ break; -+ case SNDRV_PCM_TRIGGER_STOP: -+ case SNDRV_PCM_TRIGGER_SUSPEND: -+ case SNDRV_PCM_TRIGGER_PAUSE_PUSH: -+ ret = dpcm_dai_trigger_fe_be(substream, cmd, false); -+ break; -+ default: -+ ret = -EINVAL; -+ break; - } -- -- ret = dpcm_be_dai_trigger(fe, substream->stream, cmd); - break; - case SND_SOC_DPCM_TRIGGER_POST: -- /* call trigger on the frontend after the backend. */ -- -- ret = dpcm_be_dai_trigger(fe, substream->stream, cmd); -- if (ret < 0) { -- dev_err(fe->dev,"ASoC: trigger FE failed %d\n", ret); -- goto out; -+ switch (cmd) { -+ case SNDRV_PCM_TRIGGER_START: -+ case SNDRV_PCM_TRIGGER_RESUME: -+ case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: -+ ret = dpcm_dai_trigger_fe_be(substream, cmd, false); -+ break; -+ case SNDRV_PCM_TRIGGER_STOP: -+ case SNDRV_PCM_TRIGGER_SUSPEND: -+ case SNDRV_PCM_TRIGGER_PAUSE_PUSH: -+ ret = dpcm_dai_trigger_fe_be(substream, cmd, true); -+ break; -+ default: -+ ret = -EINVAL; -+ break; - } -- -- dev_dbg(fe->dev, "ASoC: post trigger FE %s cmd %d\n", -- fe->dai_link->name, cmd); -- -- ret = soc_pcm_trigger(substream, cmd); - break; - case SND_SOC_DPCM_TRIGGER_BESPOKE: - /* bespoke trigger() - handles both FE and BEs */ -@@ -2167,10 +2206,6 @@ static int dpcm_fe_dai_do_trigger(struct snd_pcm_substream *substream, int cmd) - fe->dai_link->name, cmd); - - ret = soc_pcm_bespoke_trigger(substream, cmd); -- if (ret < 0) { -- dev_err(fe->dev,"ASoC: trigger FE failed %d\n", ret); -- goto out; -- } - break; - default: - dev_err(fe->dev, "ASoC: invalid trigger cmd %d for %s\n", cmd, -@@ -2179,6 +2214,12 @@ static int dpcm_fe_dai_do_trigger(struct snd_pcm_substream *substream, int cmd) - goto out; - } - -+ if (ret < 0) { -+ dev_err(fe->dev, "ASoC: trigger FE cmd: %d failed: %d\n", -+ cmd, ret); -+ goto out; -+ } -+ - switch (cmd) { - case SNDRV_PCM_TRIGGER_START: - case SNDRV_PCM_TRIGGER_RESUME: -diff --git a/tools/kvm/kvm_stat/kvm_stat b/tools/kvm/kvm_stat/kvm_stat -index c0d653d36c0f..fb02aa4591eb 100755 ---- a/tools/kvm/kvm_stat/kvm_stat -+++ b/tools/kvm/kvm_stat/kvm_stat -@@ -261,6 +261,7 @@ class ArchX86(Arch): - def __init__(self, exit_reasons): - self.sc_perf_evt_open = 298 - self.ioctl_numbers = IOCTL_NUMBERS -+ self.exit_reason_field = 'exit_reason' - self.exit_reasons = exit_reasons - - -@@ -276,6 +277,7 @@ class ArchPPC(Arch): - # numbers depend on the wordsize. - char_ptr_size = ctypes.sizeof(ctypes.c_char_p) - self.ioctl_numbers['SET_FILTER'] = 0x80002406 | char_ptr_size << 16 -+ self.exit_reason_field = 'exit_nr' - self.exit_reasons = {} - - -@@ -283,6 +285,7 @@ class ArchA64(Arch): - def __init__(self): - self.sc_perf_evt_open = 241 - self.ioctl_numbers = IOCTL_NUMBERS -+ self.exit_reason_field = 'esr_ec' - self.exit_reasons = AARCH64_EXIT_REASONS - - -@@ -290,6 +293,7 @@ class ArchS390(Arch): - def __init__(self): - self.sc_perf_evt_open = 331 - self.ioctl_numbers = IOCTL_NUMBERS -+ self.exit_reason_field = None - self.exit_reasons = None - - ARCH = Arch.get_arch() -@@ -513,8 +517,8 @@ class TracepointProvider(Provider): - """ - filters = {} - filters['kvm_userspace_exit'] = ('reason', USERSPACE_EXIT_REASONS) -- if ARCH.exit_reasons: -- filters['kvm_exit'] = ('exit_reason', ARCH.exit_reasons) -+ if ARCH.exit_reason_field and ARCH.exit_reasons: -+ filters['kvm_exit'] = (ARCH.exit_reason_field, ARCH.exit_reasons) - return filters - - def get_available_fields(self): -diff --git a/tools/power/acpi/Makefile.config b/tools/power/acpi/Makefile.config -index f304be71c278..fc116c060b98 100644 ---- a/tools/power/acpi/Makefile.config -+++ b/tools/power/acpi/Makefile.config -@@ -18,7 +18,7 @@ include $(srctree)/../../scripts/Makefile.include - - OUTPUT=$(srctree)/ - ifeq ("$(origin O)", "command line") -- OUTPUT := $(O)/power/acpi/ -+ OUTPUT := $(O)/tools/power/acpi/ - endif - #$(info Determined 'OUTPUT' to be $(OUTPUT)) - -diff --git a/virt/kvm/arm/mmio.c b/virt/kvm/arm/mmio.c -index 3caee91bca08..878e0edb2e1b 100644 ---- a/virt/kvm/arm/mmio.c -+++ b/virt/kvm/arm/mmio.c -@@ -117,6 +117,9 @@ int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run) - data = (data ^ mask) - mask; - } - -+ if (!vcpu->arch.mmio_decode.sixty_four) -+ data = data & 0xffffffff; -+ - trace_kvm_mmio(KVM_TRACE_MMIO_READ, len, run->mmio.phys_addr, - &data); - data = vcpu_data_host_to_guest(vcpu, data, len); -@@ -137,6 +140,7 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len) - unsigned long rt; - int access_size; - bool sign_extend; -+ bool sixty_four; - - if (kvm_vcpu_dabt_iss1tw(vcpu)) { - /* page table accesses IO mem: tell guest to fix its TTBR */ -@@ -150,11 +154,13 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len) - - *is_write = kvm_vcpu_dabt_iswrite(vcpu); - sign_extend = kvm_vcpu_dabt_issext(vcpu); -+ sixty_four = kvm_vcpu_dabt_issf(vcpu); - rt = kvm_vcpu_dabt_get_rd(vcpu); - - *len = access_size; - vcpu->arch.mmio_decode.sign_extend = sign_extend; - vcpu->arch.mmio_decode.rt = rt; -+ vcpu->arch.mmio_decode.sixty_four = sixty_four; - - return 0; - } -diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c -index 9f69202d8e49..3814cdad643a 100644 ---- a/virt/kvm/arm/mmu.c -+++ b/virt/kvm/arm/mmu.c -@@ -1736,7 +1736,8 @@ int kvm_test_age_hva(struct kvm *kvm, unsigned long hva) - if (!kvm->arch.pgd) - return 0; - trace_kvm_test_age_hva(hva); -- return handle_hva_to_gpa(kvm, hva, hva, kvm_test_age_hva_handler, NULL); -+ return handle_hva_to_gpa(kvm, hva, hva + PAGE_SIZE, -+ kvm_test_age_hva_handler, NULL); - } - - void kvm_mmu_free_memory_caches(struct kvm_vcpu *vcpu) -diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c -index 526d808ecbbd..8354ec4ef912 100644 ---- a/virt/kvm/arm/vgic/vgic-its.c -+++ b/virt/kvm/arm/vgic/vgic-its.c -@@ -2210,7 +2210,8 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) - target_addr = (u32)(val >> KVM_ITS_CTE_RDBASE_SHIFT); - coll_id = val & KVM_ITS_CTE_ICID_MASK; - -- if (target_addr >= atomic_read(&kvm->online_vcpus)) -+ if (target_addr != COLLECTION_NOT_MAPPED && -+ target_addr >= atomic_read(&kvm->online_vcpus)) - return -EINVAL; - - collection = find_collection(its, coll_id); -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index deff4b3eb972..745ee09083dd 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1277,14 +1277,14 @@ bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn) - } - EXPORT_SYMBOL_GPL(kvm_is_visible_gfn); - --unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn) -+unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn) - { - struct vm_area_struct *vma; - unsigned long addr, size; - - size = PAGE_SIZE; - -- addr = gfn_to_hva(kvm, gfn); -+ addr = kvm_vcpu_gfn_to_hva_prot(vcpu, gfn, NULL); - if (kvm_is_error_hva(addr)) - return PAGE_SIZE; - diff --git a/patch/kernel/odroidxu4-legacy/patch-4.14.171-172.patch b/patch/kernel/odroidxu4-legacy/patch-4.14.171-172.patch deleted file mode 100644 index 6532eedb9d..0000000000 --- a/patch/kernel/odroidxu4-legacy/patch-4.14.171-172.patch +++ /dev/null @@ -1,15749 +0,0 @@ -diff --git a/MAINTAINERS b/MAINTAINERS -index 029f96c43250..e2dd302345c2 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -6877,7 +6877,7 @@ M: Joonas Lahtinen - M: Rodrigo Vivi - L: intel-gfx@lists.freedesktop.org - W: https://01.org/linuxgraphics/ --B: https://01.org/linuxgraphics/documentation/how-report-bugs -+B: https://gitlab.freedesktop.org/drm/intel/-/wikis/How-to-file-i915-bugs - C: irc://chat.freenode.net/intel-gfx - Q: http://patchwork.freedesktop.org/project/intel-gfx/ - T: git git://anongit.freedesktop.org/drm-intel -diff --git a/Makefile b/Makefile -index f2657f4838db..6d3cecad7f1e 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - VERSION = 4 - PATCHLEVEL = 14 --SUBLEVEL = 171 -+SUBLEVEL = 172 - EXTRAVERSION = - NAME = Petit Gorille - -diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index cf69aab648fb..7a8fbe9a077b 100644 ---- a/arch/arm/Kconfig -+++ b/arch/arm/Kconfig -@@ -1533,12 +1533,10 @@ config THUMB2_KERNEL - bool "Compile the kernel in Thumb-2 mode" if !CPU_THUMBONLY - depends on (CPU_V7 || CPU_V7M) && !CPU_V6 && !CPU_V6K - default y if CPU_THUMBONLY -- select ARM_ASM_UNIFIED - select ARM_UNWIND - help - By enabling this option, the kernel will be compiled in -- Thumb-2 mode. A compiler/assembler that understand the unified -- ARM-Thumb syntax is needed. -+ Thumb-2 mode. - - If unsure, say N. - -@@ -1573,9 +1571,6 @@ config THUMB2_AVOID_R_ARM_THM_JUMP11 - - Unless you are sure your tools don't have this problem, say Y. - --config ARM_ASM_UNIFIED -- bool -- - config ARM_PATCH_IDIV - bool "Runtime patch udiv/sdiv instructions into __aeabi_{u}idiv()" - depends on CPU_32v7 && !XIP_KERNEL -@@ -2010,7 +2005,7 @@ config XIP_PHYS_ADDR - config KEXEC - bool "Kexec system call (EXPERIMENTAL)" - depends on (!SMP || PM_SLEEP_SMP) -- depends on !CPU_V7M -+ depends on MMU - select KEXEC_CORE - help - kexec is a system call that implements the ability to shutdown your -diff --git a/arch/arm/Makefile b/arch/arm/Makefile -index 17e80f483281..234ee43b4438 100644 ---- a/arch/arm/Makefile -+++ b/arch/arm/Makefile -@@ -115,9 +115,11 @@ ifeq ($(CONFIG_ARM_UNWIND),y) - CFLAGS_ABI +=-funwind-tables - endif - -+# Accept old syntax despite ".syntax unified" -+AFLAGS_NOWARN :=$(call as-option,-Wa$(comma)-mno-warn-deprecated,-Wa$(comma)-W) -+ - ifeq ($(CONFIG_THUMB2_KERNEL),y) - AFLAGS_AUTOIT :=$(call as-option,-Wa$(comma)-mimplicit-it=always,-Wa$(comma)-mauto-it) --AFLAGS_NOWARN :=$(call as-option,-Wa$(comma)-mno-warn-deprecated,-Wa$(comma)-W) - CFLAGS_ISA :=-mthumb $(AFLAGS_AUTOIT) $(AFLAGS_NOWARN) - AFLAGS_ISA :=$(CFLAGS_ISA) -Wa$(comma)-mthumb - # Work around buggy relocation from gas if requested: -@@ -125,7 +127,7 @@ ifeq ($(CONFIG_THUMB2_AVOID_R_ARM_THM_JUMP11),y) - CFLAGS_MODULE +=-fno-optimize-sibling-calls - endif - else --CFLAGS_ISA :=$(call cc-option,-marm,) -+CFLAGS_ISA :=$(call cc-option,-marm,) $(AFLAGS_NOWARN) - AFLAGS_ISA :=$(CFLAGS_ISA) - endif - -diff --git a/arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi b/arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi -index 849eb3443cde..719e63092c2e 100644 ---- a/arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi -+++ b/arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi -@@ -587,7 +587,7 @@ - pinctrl-0 = <&pinctrl_usdhc2>; - bus-width = <4>; - cd-gpios = <&gpio2 2 GPIO_ACTIVE_LOW>; -- wp-gpios = <&gpio2 3 GPIO_ACTIVE_HIGH>; -+ disable-wp; - vmmc-supply = <®_3p3v_sd>; - vqmmc-supply = <®_3p3v>; - status = "okay"; -@@ -598,7 +598,7 @@ - pinctrl-0 = <&pinctrl_usdhc3>; - bus-width = <4>; - cd-gpios = <&gpio2 0 GPIO_ACTIVE_LOW>; -- wp-gpios = <&gpio2 1 GPIO_ACTIVE_HIGH>; -+ disable-wp; - vmmc-supply = <®_3p3v_sd>; - vqmmc-supply = <®_3p3v>; - status = "okay"; -@@ -1001,7 +1001,6 @@ - MX6QDL_PAD_SD2_DAT1__SD2_DATA1 0x17059 - MX6QDL_PAD_SD2_DAT2__SD2_DATA2 0x17059 - MX6QDL_PAD_SD2_DAT3__SD2_DATA3 0x17059 -- MX6QDL_PAD_NANDF_D3__GPIO2_IO03 0x40010040 - MX6QDL_PAD_NANDF_D2__GPIO2_IO02 0x40010040 - >; - }; -@@ -1014,7 +1013,6 @@ - MX6QDL_PAD_SD3_DAT1__SD3_DATA1 0x17059 - MX6QDL_PAD_SD3_DAT2__SD3_DATA2 0x17059 - MX6QDL_PAD_SD3_DAT3__SD3_DATA3 0x17059 -- MX6QDL_PAD_NANDF_D1__GPIO2_IO01 0x40010040 - MX6QDL_PAD_NANDF_D0__GPIO2_IO00 0x40010040 - - >; -diff --git a/arch/arm/boot/dts/r8a7779.dtsi b/arch/arm/boot/dts/r8a7779.dtsi -index 8ee0b2ca5d39..2face089d65b 100644 ---- a/arch/arm/boot/dts/r8a7779.dtsi -+++ b/arch/arm/boot/dts/r8a7779.dtsi -@@ -67,6 +67,14 @@ - <0xf0000100 0x100>; - }; - -+ timer@f0000200 { -+ compatible = "arm,cortex-a9-global-timer"; -+ reg = <0xf0000200 0x100>; -+ interrupts = ; -+ clocks = <&cpg_clocks R8A7779_CLK_ZS>; -+ }; -+ - timer@f0000600 { - compatible = "arm,cortex-a9-twd-timer"; - reg = <0xf0000600 0x20>; -diff --git a/arch/arm/include/asm/unified.h b/arch/arm/include/asm/unified.h -index a91ae499614c..2c3b952be63e 100644 ---- a/arch/arm/include/asm/unified.h -+++ b/arch/arm/include/asm/unified.h -@@ -20,8 +20,10 @@ - #ifndef __ASM_UNIFIED_H - #define __ASM_UNIFIED_H - --#if defined(__ASSEMBLY__) && defined(CONFIG_ARM_ASM_UNIFIED) -+#if defined(__ASSEMBLY__) - .syntax unified -+#else -+__asm__(".syntax unified"); - #endif - - #ifdef CONFIG_CPU_V7M -@@ -64,77 +66,4 @@ - - #endif /* CONFIG_THUMB2_KERNEL */ - --#ifndef CONFIG_ARM_ASM_UNIFIED -- --/* -- * If the unified assembly syntax isn't used (in ARM mode), these -- * macros expand to an empty string -- */ --#ifdef __ASSEMBLY__ -- .macro it, cond -- .endm -- .macro itt, cond -- .endm -- .macro ite, cond -- .endm -- .macro ittt, cond -- .endm -- .macro itte, cond -- .endm -- .macro itet, cond -- .endm -- .macro itee, cond -- .endm -- .macro itttt, cond -- .endm -- .macro ittte, cond -- .endm -- .macro ittet, cond -- .endm -- .macro ittee, cond -- .endm -- .macro itett, cond -- .endm -- .macro itete, cond -- .endm -- .macro iteet, cond -- .endm -- .macro iteee, cond -- .endm --#else /* !__ASSEMBLY__ */ --__asm__( --" .macro it, cond\n" --" .endm\n" --" .macro itt, cond\n" --" .endm\n" --" .macro ite, cond\n" --" .endm\n" --" .macro ittt, cond\n" --" .endm\n" --" .macro itte, cond\n" --" .endm\n" --" .macro itet, cond\n" --" .endm\n" --" .macro itee, cond\n" --" .endm\n" --" .macro itttt, cond\n" --" .endm\n" --" .macro ittte, cond\n" --" .endm\n" --" .macro ittet, cond\n" --" .endm\n" --" .macro ittee, cond\n" --" .endm\n" --" .macro itett, cond\n" --" .endm\n" --" .macro itete, cond\n" --" .endm\n" --" .macro iteet, cond\n" --" .endm\n" --" .macro iteee, cond\n" --" .endm\n"); --#endif /* __ASSEMBLY__ */ -- --#endif /* CONFIG_ARM_ASM_UNIFIED */ -- - #endif /* !__ASM_UNIFIED_H */ -diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi -index 6f372ec055dd..da2949586c7a 100644 ---- a/arch/arm64/boot/dts/qcom/msm8996.dtsi -+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi -@@ -788,6 +788,8 @@ - interrupts = <0 138 0>; - phys = <&hsusb_phy2>; - phy-names = "usb2-phy"; -+ snps,dis_u2_susphy_quirk; -+ snps,dis_enblslpm_quirk; - }; - }; - -@@ -817,6 +819,8 @@ - interrupts = <0 131 0>; - phys = <&hsusb_phy1>, <&ssusb_phy_0>; - phy-names = "usb2-phy", "usb3-phy"; -+ snps,dis_u2_susphy_quirk; -+ snps,dis_enblslpm_quirk; - }; - }; - }; -diff --git a/arch/arm64/include/asm/alternative.h b/arch/arm64/include/asm/alternative.h -index a91933b1e2e6..4cd4a793dc32 100644 ---- a/arch/arm64/include/asm/alternative.h -+++ b/arch/arm64/include/asm/alternative.h -@@ -30,13 +30,16 @@ typedef void (*alternative_cb_t)(struct alt_instr *alt, - void __init apply_alternatives_all(void); - void apply_alternatives(void *start, size_t length); - --#define ALTINSTR_ENTRY(feature,cb) \ -+#define ALTINSTR_ENTRY(feature) \ - " .word 661b - .\n" /* label */ \ -- " .if " __stringify(cb) " == 0\n" \ - " .word 663f - .\n" /* new instruction */ \ -- " .else\n" \ -+ " .hword " __stringify(feature) "\n" /* feature bit */ \ -+ " .byte 662b-661b\n" /* source len */ \ -+ " .byte 664f-663f\n" /* replacement len */ -+ -+#define ALTINSTR_ENTRY_CB(feature, cb) \ -+ " .word 661b - .\n" /* label */ \ - " .word " __stringify(cb) "- .\n" /* callback */ \ -- " .endif\n" \ - " .hword " __stringify(feature) "\n" /* feature bit */ \ - " .byte 662b-661b\n" /* source len */ \ - " .byte 664f-663f\n" /* replacement len */ -@@ -57,15 +60,14 @@ void apply_alternatives(void *start, size_t length); - * - * Alternatives with callbacks do not generate replacement instructions. - */ --#define __ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg_enabled, cb) \ -+#define __ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg_enabled) \ - ".if "__stringify(cfg_enabled)" == 1\n" \ - "661:\n\t" \ - oldinstr "\n" \ - "662:\n" \ - ".pushsection .altinstructions,\"a\"\n" \ -- ALTINSTR_ENTRY(feature,cb) \ -+ ALTINSTR_ENTRY(feature) \ - ".popsection\n" \ -- " .if " __stringify(cb) " == 0\n" \ - ".pushsection .altinstr_replacement, \"a\"\n" \ - "663:\n\t" \ - newinstr "\n" \ -@@ -73,17 +75,25 @@ void apply_alternatives(void *start, size_t length); - ".popsection\n\t" \ - ".org . - (664b-663b) + (662b-661b)\n\t" \ - ".org . - (662b-661b) + (664b-663b)\n" \ -- ".else\n\t" \ -+ ".endif\n" -+ -+#define __ALTERNATIVE_CFG_CB(oldinstr, feature, cfg_enabled, cb) \ -+ ".if "__stringify(cfg_enabled)" == 1\n" \ -+ "661:\n\t" \ -+ oldinstr "\n" \ -+ "662:\n" \ -+ ".pushsection .altinstructions,\"a\"\n" \ -+ ALTINSTR_ENTRY_CB(feature, cb) \ -+ ".popsection\n" \ - "663:\n\t" \ - "664:\n\t" \ -- ".endif\n" \ - ".endif\n" - - #define _ALTERNATIVE_CFG(oldinstr, newinstr, feature, cfg, ...) \ -- __ALTERNATIVE_CFG(oldinstr, newinstr, feature, IS_ENABLED(cfg), 0) -+ __ALTERNATIVE_CFG(oldinstr, newinstr, feature, IS_ENABLED(cfg)) - - #define ALTERNATIVE_CB(oldinstr, cb) \ -- __ALTERNATIVE_CFG(oldinstr, "NOT_AN_INSTRUCTION", ARM64_CB_PATCH, 1, cb) -+ __ALTERNATIVE_CFG_CB(oldinstr, ARM64_CB_PATCH, 1, cb) - #else - - #include -diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index c477fd34a912..6b3bb67596ae 100644 ---- a/arch/arm64/kernel/cpufeature.c -+++ b/arch/arm64/kernel/cpufeature.c -@@ -41,9 +41,7 @@ EXPORT_SYMBOL_GPL(elf_hwcap); - #define COMPAT_ELF_HWCAP_DEFAULT \ - (COMPAT_HWCAP_HALF|COMPAT_HWCAP_THUMB|\ - COMPAT_HWCAP_FAST_MULT|COMPAT_HWCAP_EDSP|\ -- COMPAT_HWCAP_TLS|COMPAT_HWCAP_VFP|\ -- COMPAT_HWCAP_VFPv3|COMPAT_HWCAP_VFPv4|\ -- COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV|\ -+ COMPAT_HWCAP_TLS|COMPAT_HWCAP_IDIV|\ - COMPAT_HWCAP_LPAE) - unsigned int compat_elf_hwcap __read_mostly = COMPAT_ELF_HWCAP_DEFAULT; - unsigned int compat_elf_hwcap2 __read_mostly; -@@ -1134,17 +1132,30 @@ static const struct arm64_cpu_capabilities arm64_features[] = { - {}, - }; - --#define HWCAP_CAP(reg, field, s, min_value, cap_type, cap) \ -- { \ -- .desc = #cap, \ -- .type = ARM64_CPUCAP_SYSTEM_FEATURE, \ -+ -+#define HWCAP_CPUID_MATCH(reg, field, s, min_value) \ - .matches = has_cpuid_feature, \ - .sys_reg = reg, \ - .field_pos = field, \ - .sign = s, \ - .min_field_value = min_value, \ -+ -+#define __HWCAP_CAP(name, cap_type, cap) \ -+ .desc = name, \ -+ .type = ARM64_CPUCAP_SYSTEM_FEATURE, \ - .hwcap_type = cap_type, \ - .hwcap = cap, \ -+ -+#define HWCAP_CAP(reg, field, s, min_value, cap_type, cap) \ -+ { \ -+ __HWCAP_CAP(#cap, cap_type, cap) \ -+ HWCAP_CPUID_MATCH(reg, field, s, min_value) \ -+ } -+ -+#define HWCAP_CAP_MATCH(match, cap_type, cap) \ -+ { \ -+ __HWCAP_CAP(#cap, cap_type, cap) \ -+ .matches = match, \ - } - - static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { -@@ -1177,8 +1188,35 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { - {}, - }; - -+#ifdef CONFIG_COMPAT -+static bool compat_has_neon(const struct arm64_cpu_capabilities *cap, int scope) -+{ -+ /* -+ * Check that all of MVFR1_EL1.{SIMDSP, SIMDInt, SIMDLS} are available, -+ * in line with that of arm32 as in vfp_init(). We make sure that the -+ * check is future proof, by making sure value is non-zero. -+ */ -+ u32 mvfr1; -+ -+ WARN_ON(scope == SCOPE_LOCAL_CPU && preemptible()); -+ if (scope == SCOPE_SYSTEM) -+ mvfr1 = read_sanitised_ftr_reg(SYS_MVFR1_EL1); -+ else -+ mvfr1 = read_sysreg_s(SYS_MVFR1_EL1); -+ -+ return cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDSP_SHIFT) && -+ cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDINT_SHIFT) && -+ cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDLS_SHIFT); -+} -+#endif -+ - static const struct arm64_cpu_capabilities compat_elf_hwcaps[] = { - #ifdef CONFIG_COMPAT -+ HWCAP_CAP_MATCH(compat_has_neon, CAP_COMPAT_HWCAP, COMPAT_HWCAP_NEON), -+ HWCAP_CAP(SYS_MVFR1_EL1, MVFR1_SIMDFMAC_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFPv4), -+ /* Arm v8 mandates MVFR0.FPDP == {0, 2}. So, piggy back on this for the presence of VFP support */ -+ HWCAP_CAP(SYS_MVFR0_EL1, MVFR0_FPDP_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFP), -+ HWCAP_CAP(SYS_MVFR0_EL1, MVFR0_FPDP_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFPv3), - HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_AES_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_PMULL), - HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_AES_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_AES), - HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_SHA1_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_SHA1), -diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c -index f4fdf6420ac5..4cd962f6c430 100644 ---- a/arch/arm64/kernel/fpsimd.c -+++ b/arch/arm64/kernel/fpsimd.c -@@ -206,8 +206,19 @@ void fpsimd_preserve_current_state(void) - */ - void fpsimd_restore_current_state(void) - { -- if (!system_supports_fpsimd()) -+ /* -+ * For the tasks that were created before we detected the absence of -+ * FP/SIMD, the TIF_FOREIGN_FPSTATE could be set via fpsimd_thread_switch(), -+ * e.g, init. This could be then inherited by the children processes. -+ * If we later detect that the system doesn't support FP/SIMD, -+ * we must clear the flag for all the tasks to indicate that the -+ * FPSTATE is clean (as we can't have one) to avoid looping for ever in -+ * do_notify_resume(). -+ */ -+ if (!system_supports_fpsimd()) { -+ clear_thread_flag(TIF_FOREIGN_FPSTATE); - return; -+ } - - local_bh_disable(); - -@@ -229,7 +240,7 @@ void fpsimd_restore_current_state(void) - */ - void fpsimd_update_current_state(struct fpsimd_state *state) - { -- if (!system_supports_fpsimd()) -+ if (WARN_ON(!system_supports_fpsimd())) - return; - - local_bh_disable(); -diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 243fd247d04e..ee5ce03c9315 100644 ---- a/arch/arm64/kernel/process.c -+++ b/arch/arm64/kernel/process.c -@@ -354,6 +354,13 @@ static void ssbs_thread_switch(struct task_struct *next) - if (unlikely(next->flags & PF_KTHREAD)) - return; - -+ /* -+ * If all CPUs implement the SSBS extension, then we just need to -+ * context-switch the PSTATE field. -+ */ -+ if (cpu_have_feature(cpu_feature(SSBS))) -+ return; -+ - /* If the mitigation is enabled, then we leave SSBS clear. */ - if ((arm64_get_ssbd_state() == ARM64_SSBD_FORCE_ENABLE) || - test_tsk_thread_flag(next, TIF_SSBD)) -diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c -index 242527f29c41..e230b4dff960 100644 ---- a/arch/arm64/kernel/ptrace.c -+++ b/arch/arm64/kernel/ptrace.c -@@ -624,6 +624,13 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset, - return 0; - } - -+static int fpr_active(struct task_struct *target, const struct user_regset *regset) -+{ -+ if (!system_supports_fpsimd()) -+ return -ENODEV; -+ return regset->n; -+} -+ - /* - * TODO: update fp accessors for lazy context switching (sync/flush hwstate) - */ -@@ -634,6 +641,9 @@ static int fpr_get(struct task_struct *target, const struct user_regset *regset, - struct user_fpsimd_state *uregs; - uregs = &target->thread.fpsimd_state.user_fpsimd; - -+ if (!system_supports_fpsimd()) -+ return -EINVAL; -+ - if (target == current) - fpsimd_preserve_current_state(); - -@@ -648,6 +658,9 @@ static int fpr_set(struct task_struct *target, const struct user_regset *regset, - struct user_fpsimd_state newstate = - target->thread.fpsimd_state.user_fpsimd; - -+ if (!system_supports_fpsimd()) -+ return -EINVAL; -+ - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 0, -1); - if (ret) - return ret; -@@ -740,6 +753,7 @@ static const struct user_regset aarch64_regsets[] = { - */ - .size = sizeof(u32), - .align = sizeof(u32), -+ .active = fpr_active, - .get = fpr_get, - .set = fpr_set - }, -@@ -914,6 +928,9 @@ static int compat_vfp_get(struct task_struct *target, - compat_ulong_t fpscr; - int ret, vregs_end_pos; - -+ if (!system_supports_fpsimd()) -+ return -EINVAL; -+ - uregs = &target->thread.fpsimd_state.user_fpsimd; - - if (target == current) -@@ -947,6 +964,9 @@ static int compat_vfp_set(struct task_struct *target, - compat_ulong_t fpscr; - int ret, vregs_end_pos; - -+ if (!system_supports_fpsimd()) -+ return -EINVAL; -+ - uregs = &target->thread.fpsimd_state.user_fpsimd; - - vregs_end_pos = VFP_STATE_SIZE - sizeof(compat_ulong_t); -@@ -1004,6 +1024,7 @@ static const struct user_regset aarch32_regsets[] = { - .n = VFP_STATE_SIZE / sizeof(compat_ulong_t), - .size = sizeof(compat_ulong_t), - .align = sizeof(compat_ulong_t), -+ .active = fpr_active, - .get = compat_vfp_get, - .set = compat_vfp_set - }, -diff --git a/arch/microblaze/kernel/cpu/cache.c b/arch/microblaze/kernel/cpu/cache.c -index 0bde47e4fa69..dcba53803fa5 100644 ---- a/arch/microblaze/kernel/cpu/cache.c -+++ b/arch/microblaze/kernel/cpu/cache.c -@@ -92,7 +92,8 @@ static inline void __disable_dcache_nomsr(void) - #define CACHE_LOOP_LIMITS(start, end, cache_line_length, cache_size) \ - do { \ - int align = ~(cache_line_length - 1); \ -- end = min(start + cache_size, end); \ -+ if (start < UINT_MAX - cache_size) \ -+ end = min(start + cache_size, end); \ - start &= align; \ - } while (0) - -diff --git a/arch/mips/loongson64/loongson-3/platform.c b/arch/mips/loongson64/loongson-3/platform.c -index 25a97cc0ee33..0db4cc3196eb 100644 ---- a/arch/mips/loongson64/loongson-3/platform.c -+++ b/arch/mips/loongson64/loongson-3/platform.c -@@ -31,6 +31,9 @@ static int __init loongson3_platform_init(void) - continue; - - pdev = kzalloc(sizeof(struct platform_device), GFP_KERNEL); -+ if (!pdev) -+ return -ENOMEM; -+ - pdev->name = loongson_sysconf.sensors[i].name; - pdev->id = loongson_sysconf.sensors[i].id; - pdev->dev.platform_data = &loongson_sysconf.sensors[i]; -diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c -index 470284f9e4f6..5a48c93aaa1b 100644 ---- a/arch/powerpc/kernel/eeh_driver.c -+++ b/arch/powerpc/kernel/eeh_driver.c -@@ -520,12 +520,6 @@ static void *eeh_rmv_device(void *data, void *userdata) - - pci_iov_remove_virtfn(edev->physfn, pdn->vf_index, 0); - edev->pdev = NULL; -- -- /* -- * We have to set the VF PE number to invalid one, which is -- * required to plug the VF successfully. -- */ -- pdn->pe_number = IODA_INVALID_PE; - #endif - if (rmv_data) - list_add(&edev->rmv_list, &rmv_data->edev_list); -diff --git a/arch/powerpc/kernel/pci_dn.c b/arch/powerpc/kernel/pci_dn.c -index 0e395afbf0f4..0e45a446a8c7 100644 ---- a/arch/powerpc/kernel/pci_dn.c -+++ b/arch/powerpc/kernel/pci_dn.c -@@ -261,9 +261,22 @@ void remove_dev_pci_data(struct pci_dev *pdev) - continue; - - #ifdef CONFIG_EEH -- /* Release EEH device for the VF */ -+ /* -+ * Release EEH state for this VF. The PCI core -+ * has already torn down the pci_dev for this VF, but -+ * we're responsible to removing the eeh_dev since it -+ * has the same lifetime as the pci_dn that spawned it. -+ */ - edev = pdn_to_eeh_dev(pdn); - if (edev) { -+ /* -+ * We allocate pci_dn's for the totalvfs count, -+ * but only only the vfs that were activated -+ * have a configured PE. -+ */ -+ if (edev->pe) -+ eeh_rmv_from_parent_pe(edev); -+ - pdn->edev = NULL; - kfree(edev); - } -diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c -index d3d5796f7df6..36ef504eeab3 100644 ---- a/arch/powerpc/platforms/powernv/pci-ioda.c -+++ b/arch/powerpc/platforms/powernv/pci-ioda.c -@@ -1523,6 +1523,10 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) - - /* Reserve PE for each VF */ - for (vf_index = 0; vf_index < num_vfs; vf_index++) { -+ int vf_devfn = pci_iov_virtfn_devfn(pdev, vf_index); -+ int vf_bus = pci_iov_virtfn_bus(pdev, vf_index); -+ struct pci_dn *vf_pdn; -+ - if (pdn->m64_single_mode) - pe_num = pdn->pe_num_map[vf_index]; - else -@@ -1535,13 +1539,11 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) - pe->pbus = NULL; - pe->parent_dev = pdev; - pe->mve_number = -1; -- pe->rid = (pci_iov_virtfn_bus(pdev, vf_index) << 8) | -- pci_iov_virtfn_devfn(pdev, vf_index); -+ pe->rid = (vf_bus << 8) | vf_devfn; - - pe_info(pe, "VF %04d:%02d:%02d.%d associated with PE#%x\n", - hose->global_number, pdev->bus->number, -- PCI_SLOT(pci_iov_virtfn_devfn(pdev, vf_index)), -- PCI_FUNC(pci_iov_virtfn_devfn(pdev, vf_index)), pe_num); -+ PCI_SLOT(vf_devfn), PCI_FUNC(vf_devfn), pe_num); - - if (pnv_ioda_configure_pe(phb, pe)) { - /* XXX What do we do here ? */ -@@ -1555,6 +1557,15 @@ static void pnv_ioda_setup_vf_PE(struct pci_dev *pdev, u16 num_vfs) - list_add_tail(&pe->list, &phb->ioda.pe_list); - mutex_unlock(&phb->ioda.pe_list_mutex); - -+ /* associate this pe to it's pdn */ -+ list_for_each_entry(vf_pdn, &pdn->parent->child_list, list) { -+ if (vf_pdn->busno == vf_bus && -+ vf_pdn->devfn == vf_devfn) { -+ vf_pdn->pe_number = pe_num; -+ break; -+ } -+ } -+ - pnv_pci_ioda2_setup_dma_pe(phb, pe); - } - } -diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c -index 961c131a5b7e..844ca1886063 100644 ---- a/arch/powerpc/platforms/powernv/pci.c -+++ b/arch/powerpc/platforms/powernv/pci.c -@@ -978,16 +978,12 @@ void pnv_pci_dma_dev_setup(struct pci_dev *pdev) - struct pnv_phb *phb = hose->private_data; - #ifdef CONFIG_PCI_IOV - struct pnv_ioda_pe *pe; -- struct pci_dn *pdn; - - /* Fix the VF pdn PE number */ - if (pdev->is_virtfn) { -- pdn = pci_get_pdn(pdev); -- WARN_ON(pdn->pe_number != IODA_INVALID_PE); - list_for_each_entry(pe, &phb->ioda.pe_list, list) { - if (pe->rid == ((pdev->bus->number << 8) | - (pdev->devfn & 0xff))) { -- pdn->pe_number = pe->pe_number; - pe->pdev = pdev; - break; - } -diff --git a/arch/s390/include/asm/page.h b/arch/s390/include/asm/page.h -index 779c589b7089..5f2e272895ff 100644 ---- a/arch/s390/include/asm/page.h -+++ b/arch/s390/include/asm/page.h -@@ -42,7 +42,7 @@ void __storage_key_init_range(unsigned long start, unsigned long end); - - static inline void storage_key_init_range(unsigned long start, unsigned long end) - { -- if (PAGE_DEFAULT_KEY) -+ if (PAGE_DEFAULT_KEY != 0) - __storage_key_init_range(start, end); - } - -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h -index 2dc9eb4e1acc..b6a4ce9dafaf 100644 ---- a/arch/s390/include/asm/timex.h -+++ b/arch/s390/include/asm/timex.h -@@ -155,7 +155,7 @@ static inline void get_tod_clock_ext(char *clk) - - static inline unsigned long long get_tod_clock(void) - { -- unsigned char clk[STORE_CLOCK_EXT_SIZE]; -+ char clk[STORE_CLOCK_EXT_SIZE]; - - get_tod_clock_ext(clk); - return *((unsigned long long *)&clk[1]); -diff --git a/arch/s390/kernel/mcount.S b/arch/s390/kernel/mcount.S -index 27110f3294ed..0cfd5a83a1da 100644 ---- a/arch/s390/kernel/mcount.S -+++ b/arch/s390/kernel/mcount.S -@@ -25,6 +25,12 @@ ENTRY(ftrace_stub) - #define STACK_PTREGS (STACK_FRAME_OVERHEAD) - #define STACK_PTREGS_GPRS (STACK_PTREGS + __PT_GPRS) - #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) -+#ifdef __PACK_STACK -+/* allocate just enough for r14, r15 and backchain */ -+#define TRACED_FUNC_FRAME_SIZE 24 -+#else -+#define TRACED_FUNC_FRAME_SIZE STACK_FRAME_OVERHEAD -+#endif - - ENTRY(_mcount) - BR_EX %r14 -@@ -38,9 +44,16 @@ ENTRY(ftrace_caller) - #ifndef CC_USING_HOTPATCH - aghi %r0,MCOUNT_RETURN_FIXUP - #endif -- aghi %r15,-STACK_FRAME_SIZE -+ # allocate stack frame for ftrace_caller to contain traced function -+ aghi %r15,-TRACED_FUNC_FRAME_SIZE - stg %r1,__SF_BACKCHAIN(%r15) -+ stg %r0,(__SF_GPRS+8*8)(%r15) -+ stg %r15,(__SF_GPRS+9*8)(%r15) -+ # allocate pt_regs and stack frame for ftrace_trace_function -+ aghi %r15,-STACK_FRAME_SIZE - stg %r1,(STACK_PTREGS_GPRS+15*8)(%r15) -+ aghi %r1,-TRACED_FUNC_FRAME_SIZE -+ stg %r1,__SF_BACKCHAIN(%r15) - stg %r0,(STACK_PTREGS_PSW+8)(%r15) - stmg %r2,%r14,(STACK_PTREGS_GPRS+2*8)(%r15) - #ifdef CONFIG_HAVE_MARCH_Z196_FEATURES -diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c -index 28f3796d23c8..61d25e2c82ef 100644 ---- a/arch/s390/kvm/interrupt.c -+++ b/arch/s390/kvm/interrupt.c -@@ -1913,7 +1913,7 @@ static int flic_ais_mode_get_all(struct kvm *kvm, struct kvm_device_attr *attr) - return -EINVAL; - - if (!test_kvm_facility(kvm, 72)) -- return -ENOTSUPP; -+ return -EOPNOTSUPP; - - mutex_lock(&fi->ais_lock); - ais.simm = fi->simm; -@@ -2214,7 +2214,7 @@ static int modify_ais_mode(struct kvm *kvm, struct kvm_device_attr *attr) - int ret = 0; - - if (!test_kvm_facility(kvm, 72)) -- return -ENOTSUPP; -+ return -EOPNOTSUPP; - - if (copy_from_user(&req, (void __user *)attr->addr, sizeof(req))) - return -EFAULT; -@@ -2294,7 +2294,7 @@ static int flic_ais_mode_set_all(struct kvm *kvm, struct kvm_device_attr *attr) - struct kvm_s390_ais_all ais; - - if (!test_kvm_facility(kvm, 72)) -- return -ENOTSUPP; -+ return -EOPNOTSUPP; - - if (copy_from_user(&ais, (void __user *)attr->addr, sizeof(ais))) - return -EFAULT; -diff --git a/arch/sh/include/cpu-sh2a/cpu/sh7269.h b/arch/sh/include/cpu-sh2a/cpu/sh7269.h -index d516e5d48818..b887cc402b71 100644 ---- a/arch/sh/include/cpu-sh2a/cpu/sh7269.h -+++ b/arch/sh/include/cpu-sh2a/cpu/sh7269.h -@@ -78,8 +78,15 @@ enum { - GPIO_FN_WDTOVF, - - /* CAN */ -- GPIO_FN_CTX1, GPIO_FN_CRX1, GPIO_FN_CTX0, GPIO_FN_CTX0_CTX1, -- GPIO_FN_CRX0, GPIO_FN_CRX0_CRX1, GPIO_FN_CRX0_CRX1_CRX2, -+ GPIO_FN_CTX2, GPIO_FN_CRX2, -+ GPIO_FN_CTX1, GPIO_FN_CRX1, -+ GPIO_FN_CTX0, GPIO_FN_CRX0, -+ GPIO_FN_CTX0_CTX1, GPIO_FN_CRX0_CRX1, -+ GPIO_FN_CTX0_CTX1_CTX2, GPIO_FN_CRX0_CRX1_CRX2, -+ GPIO_FN_CTX2_PJ21, GPIO_FN_CRX2_PJ20, -+ GPIO_FN_CTX1_PJ23, GPIO_FN_CRX1_PJ22, -+ GPIO_FN_CTX0_CTX1_PJ23, GPIO_FN_CRX0_CRX1_PJ22, -+ GPIO_FN_CTX0_CTX1_CTX2_PJ21, GPIO_FN_CRX0_CRX1_CRX2_PJ20, - - /* DMAC */ - GPIO_FN_TEND0, GPIO_FN_DACK0, GPIO_FN_DREQ0, -diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S -index 5a2344574f39..4323dc4ae4c7 100644 ---- a/arch/sparc/kernel/vmlinux.lds.S -+++ b/arch/sparc/kernel/vmlinux.lds.S -@@ -167,12 +167,14 @@ SECTIONS - } - PERCPU_SECTION(SMP_CACHE_BYTES) - --#ifdef CONFIG_JUMP_LABEL - . = ALIGN(PAGE_SIZE); - .exit.text : { - EXIT_TEXT - } --#endif -+ -+ .exit.data : { -+ EXIT_DATA -+ } - - . = ALIGN(PAGE_SIZE); - __init_end = .; -diff --git a/arch/x86/entry/vdso/vdso32-setup.c b/arch/x86/entry/vdso/vdso32-setup.c -index 42d4c89f990e..ddff0ca6f509 100644 ---- a/arch/x86/entry/vdso/vdso32-setup.c -+++ b/arch/x86/entry/vdso/vdso32-setup.c -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - - #include - #include -diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c -index defb536aebce..c3ec535fd36b 100644 ---- a/arch/x86/events/amd/core.c -+++ b/arch/x86/events/amd/core.c -@@ -245,6 +245,7 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = - [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, - [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, - [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, -+ [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, - [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, - [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, - [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x0287, -diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c -index 3310f9f6c3e1..550b7814ef92 100644 ---- a/arch/x86/events/intel/ds.c -+++ b/arch/x86/events/intel/ds.c -@@ -1368,6 +1368,8 @@ intel_pmu_save_and_restart_reload(struct perf_event *event, int count) - old = ((s64)(prev_raw_count << shift) >> shift); - local64_add(new - old + count * period, &event->count); - -+ local64_set(&hwc->period_left, -new); -+ - perf_event_update_userpage(event); - - return 0; -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index d0e17813a9b0..2cdf654ed132 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -1006,7 +1006,7 @@ struct kvm_x86_ops { - void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap); - void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu); - void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu, hpa_t hpa); -- void (*deliver_posted_interrupt)(struct kvm_vcpu *vcpu, int vector); -+ int (*deliver_posted_interrupt)(struct kvm_vcpu *vcpu, int vector); - int (*sync_pir_to_irr)(struct kvm_vcpu *vcpu); - int (*set_tss_addr)(struct kvm *kvm, unsigned int addr); - int (*get_tdp_level)(struct kvm_vcpu *vcpu); -diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c -index a8f47697276b..bbe94b682119 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce_amd.c -+++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c -@@ -1116,9 +1116,12 @@ static const struct sysfs_ops threshold_ops = { - .store = store, - }; - -+static void threshold_block_release(struct kobject *kobj); -+ - static struct kobj_type threshold_ktype = { - .sysfs_ops = &threshold_ops, - .default_attrs = default_attrs, -+ .release = threshold_block_release, - }; - - static const char *get_name(unsigned int bank, struct threshold_block *b) -@@ -1151,8 +1154,9 @@ static const char *get_name(unsigned int bank, struct threshold_block *b) - return buf_mcatype; - } - --static int allocate_threshold_blocks(unsigned int cpu, unsigned int bank, -- unsigned int block, u32 address) -+static int allocate_threshold_blocks(unsigned int cpu, struct threshold_bank *tb, -+ unsigned int bank, unsigned int block, -+ u32 address) - { - struct threshold_block *b = NULL; - u32 low, high; -@@ -1196,16 +1200,12 @@ static int allocate_threshold_blocks(unsigned int cpu, unsigned int bank, - - INIT_LIST_HEAD(&b->miscj); - -- if (per_cpu(threshold_banks, cpu)[bank]->blocks) { -- list_add(&b->miscj, -- &per_cpu(threshold_banks, cpu)[bank]->blocks->miscj); -- } else { -- per_cpu(threshold_banks, cpu)[bank]->blocks = b; -- } -+ if (tb->blocks) -+ list_add(&b->miscj, &tb->blocks->miscj); -+ else -+ tb->blocks = b; - -- err = kobject_init_and_add(&b->kobj, &threshold_ktype, -- per_cpu(threshold_banks, cpu)[bank]->kobj, -- get_name(bank, b)); -+ err = kobject_init_and_add(&b->kobj, &threshold_ktype, tb->kobj, get_name(bank, b)); - if (err) - goto out_free; - recurse: -@@ -1213,7 +1213,7 @@ recurse: - if (!address) - return 0; - -- err = allocate_threshold_blocks(cpu, bank, block, address); -+ err = allocate_threshold_blocks(cpu, tb, bank, block, address); - if (err) - goto out_free; - -@@ -1298,8 +1298,6 @@ static int threshold_create_bank(unsigned int cpu, unsigned int bank) - goto out_free; - } - -- per_cpu(threshold_banks, cpu)[bank] = b; -- - if (is_shared_bank(bank)) { - refcount_set(&b->cpus, 1); - -@@ -1310,9 +1308,13 @@ static int threshold_create_bank(unsigned int cpu, unsigned int bank) - } - } - -- err = allocate_threshold_blocks(cpu, bank, 0, msr_ops.misc(bank)); -- if (!err) -- goto out; -+ err = allocate_threshold_blocks(cpu, b, bank, 0, msr_ops.misc(bank)); -+ if (err) -+ goto out_free; -+ -+ per_cpu(threshold_banks, cpu)[bank] = b; -+ -+ return 0; - - out_free: - kfree(b); -@@ -1321,8 +1323,12 @@ static int threshold_create_bank(unsigned int cpu, unsigned int bank) - return err; - } - --static void deallocate_threshold_block(unsigned int cpu, -- unsigned int bank) -+static void threshold_block_release(struct kobject *kobj) -+{ -+ kfree(to_block(kobj)); -+} -+ -+static void deallocate_threshold_block(unsigned int cpu, unsigned int bank) - { - struct threshold_block *pos = NULL; - struct threshold_block *tmp = NULL; -@@ -1332,13 +1338,11 @@ static void deallocate_threshold_block(unsigned int cpu, - return; - - list_for_each_entry_safe(pos, tmp, &head->blocks->miscj, miscj) { -- kobject_put(&pos->kobj); - list_del(&pos->miscj); -- kfree(pos); -+ kobject_put(&pos->kobj); - } - -- kfree(per_cpu(threshold_banks, cpu)[bank]->blocks); -- per_cpu(threshold_banks, cpu)[bank]->blocks = NULL; -+ kobject_put(&head->blocks->kobj); - } - - static void __threshold_remove_blocks(struct threshold_bank *b) -diff --git a/arch/x86/kernel/sysfb_simplefb.c b/arch/x86/kernel/sysfb_simplefb.c -index 85195d447a92..f3215346e47f 100644 ---- a/arch/x86/kernel/sysfb_simplefb.c -+++ b/arch/x86/kernel/sysfb_simplefb.c -@@ -94,11 +94,11 @@ __init int create_simplefb(const struct screen_info *si, - if (si->orig_video_isVGA == VIDEO_TYPE_VLFB) - size <<= 16; - length = mode->height * mode->stride; -- length = PAGE_ALIGN(length); - if (length > size) { - printk(KERN_WARNING "sysfb: VRAM smaller than advertised\n"); - return -EINVAL; - } -+ length = PAGE_ALIGN(length); - - /* setup IORESOURCE_MEM as framebuffer memory */ - memset(&res, 0, sizeof(res)); -diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 38959b173a42..1152afad524f 100644 ---- a/arch/x86/kvm/cpuid.c -+++ b/arch/x86/kvm/cpuid.c -@@ -291,13 +291,18 @@ static int __do_cpuid_ent_emulated(struct kvm_cpuid_entry2 *entry, - { - switch (func) { - case 0: -- entry->eax = 1; /* only one leaf currently */ -+ entry->eax = 7; - ++*nent; - break; - case 1: - entry->ecx = F(MOVBE); - ++*nent; - break; -+ case 7: -+ entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; -+ if (index == 0) -+ entry->ecx = F(RDPID); -+ ++*nent; - default: - break; - } -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 041b9b05fae1..70f3636aff11 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -3539,6 +3539,16 @@ static int em_cwd(struct x86_emulate_ctxt *ctxt) - return X86EMUL_CONTINUE; - } - -+static int em_rdpid(struct x86_emulate_ctxt *ctxt) -+{ -+ u64 tsc_aux = 0; -+ -+ if (ctxt->ops->get_msr(ctxt, MSR_TSC_AUX, &tsc_aux)) -+ return emulate_gp(ctxt, 0); -+ ctxt->dst.val = tsc_aux; -+ return X86EMUL_CONTINUE; -+} -+ - static int em_rdtsc(struct x86_emulate_ctxt *ctxt) - { - u64 tsc = 0; -@@ -4431,10 +4441,20 @@ static const struct opcode group8[] = { - F(DstMem | SrcImmByte | Lock | PageTable, em_btc), - }; - -+/* -+ * The "memory" destination is actually always a register, since we come -+ * from the register case of group9. -+ */ -+static const struct gprefix pfx_0f_c7_7 = { -+ N, N, N, II(DstMem | ModRM | Op3264 | EmulateOnUD, em_rdpid, rdtscp), -+}; -+ -+ - static const struct group_dual group9 = { { - N, I(DstMem64 | Lock | PageTable, em_cmpxchg8b), N, N, N, N, N, N, - }, { -- N, N, N, N, N, N, N, N, -+ N, N, N, N, N, N, N, -+ GP(0, &pfx_0f_c7_7), - } }; - - static const struct opcode group11[] = { -diff --git a/arch/x86/kvm/irq_comm.c b/arch/x86/kvm/irq_comm.c -index 3cc3b2d130a0..4d000aea05e0 100644 ---- a/arch/x86/kvm/irq_comm.c -+++ b/arch/x86/kvm/irq_comm.c -@@ -427,7 +427,7 @@ void kvm_scan_ioapic_routes(struct kvm_vcpu *vcpu, - - kvm_set_msi_irq(vcpu->kvm, entry, &irq); - -- if (irq.level && kvm_apic_match_dest(vcpu, NULL, 0, -+ if (irq.trig_mode && kvm_apic_match_dest(vcpu, NULL, 0, - irq.dest_id, irq.dest_mode)) - __set_bit(irq.vector, ioapic_handled_vectors); - } -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 8715711f2755..537c36b55b5d 100644 ---- a/arch/x86/kvm/lapic.c -+++ b/arch/x86/kvm/lapic.c -@@ -566,9 +566,11 @@ static inline bool pv_eoi_enabled(struct kvm_vcpu *vcpu) - static bool pv_eoi_get_pending(struct kvm_vcpu *vcpu) - { - u8 val; -- if (pv_eoi_get_user(vcpu, &val) < 0) -+ if (pv_eoi_get_user(vcpu, &val) < 0) { - apic_debug("Can't read EOI MSR value: 0x%llx\n", - (unsigned long long)vcpu->arch.pv_eoi.msr_val); -+ return false; -+ } - return val & 0x1; - } - -@@ -993,11 +995,8 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode, - apic_clear_vector(vector, apic->regs + APIC_TMR); - } - -- if (vcpu->arch.apicv_active) -- kvm_x86_ops->deliver_posted_interrupt(vcpu, vector); -- else { -+ if (kvm_x86_ops->deliver_posted_interrupt(vcpu, vector)) { - kvm_lapic_set_irr(vector, apic); -- - kvm_make_request(KVM_REQ_EVENT, vcpu); - kvm_vcpu_kick(vcpu); - } -diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 52edb8cf1c40..8e65a9b40c18 100644 ---- a/arch/x86/kvm/svm.c -+++ b/arch/x86/kvm/svm.c -@@ -4631,8 +4631,11 @@ static void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap) - return; - } - --static void svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec) -+static int svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec) - { -+ if (!vcpu->arch.apicv_active) -+ return -1; -+ - kvm_lapic_set_irr(vec, vcpu->arch.apic); - smp_mb__after_atomic(); - -@@ -4641,6 +4644,8 @@ static void svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec) - kvm_cpu_get_apicid(vcpu->cpu)); - else - kvm_vcpu_wake_up(vcpu); -+ -+ return 0; - } - - static bool svm_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu) -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 809d1b031fd9..acf72da288f9 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -4597,6 +4597,9 @@ static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) - - static int get_ept_level(struct kvm_vcpu *vcpu) - { -+ /* Nested EPT currently only supports 4-level walks. */ -+ if (is_guest_mode(vcpu) && nested_cpu_has_ept(get_vmcs12(vcpu))) -+ return 4; - if (cpu_has_vmx_ept_5levels() && (cpuid_maxphyaddr(vcpu) > 48)) - return 5; - return 4; -@@ -4988,6 +4991,26 @@ static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu) - (ss.selector & SEGMENT_RPL_MASK)); - } - -+static bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, -+ unsigned int port, int size); -+static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu, -+ struct vmcs12 *vmcs12) -+{ -+ unsigned long exit_qualification; -+ unsigned short port; -+ int size; -+ -+ if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS)) -+ return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING); -+ -+ exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -+ -+ port = exit_qualification >> 16; -+ size = (exit_qualification & 7) + 1; -+ -+ return nested_vmx_check_io_bitmaps(vcpu, port, size); -+} -+ - /* - * Check if guest state is valid. Returns true if valid, false if - * not. -@@ -5518,24 +5541,29 @@ static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, - * 2. If target vcpu isn't running(root mode), kick it to pick up the - * interrupt from PIR in next vmentry. - */ --static void vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector) -+static int vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); - int r; - - r = vmx_deliver_nested_posted_interrupt(vcpu, vector); - if (!r) -- return; -+ return 0; -+ -+ if (!vcpu->arch.apicv_active) -+ return -1; - - if (pi_test_and_set_pir(vector, &vmx->pi_desc)) -- return; -+ return 0; - - /* If a previous notification has sent the IPI, nothing to do. */ - if (pi_test_and_set_on(&vmx->pi_desc)) -- return; -+ return 0; - - if (!kvm_vcpu_trigger_posted_interrupt(vcpu, false)) - kvm_vcpu_kick(vcpu); -+ -+ return 0; - } - - /* -@@ -8518,23 +8546,17 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { - static const int kvm_vmx_max_exit_handlers = - ARRAY_SIZE(kvm_vmx_exit_handlers); - --static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu, -- struct vmcs12 *vmcs12) -+/* -+ * Return true if an IO instruction with the specified port and size should cause -+ * a VM-exit into L1. -+ */ -+bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port, -+ int size) - { -- unsigned long exit_qualification; -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); - gpa_t bitmap, last_bitmap; -- unsigned int port; -- int size; - u8 b; - -- if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS)) -- return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING); -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- -- port = exit_qualification >> 16; -- size = (exit_qualification & 7) + 1; -- - last_bitmap = (gpa_t)-1; - b = -1; - -@@ -12318,11 +12340,71 @@ static void nested_vmx_entry_failure(struct kvm_vcpu *vcpu, - to_vmx(vcpu)->nested.sync_shadow_vmcs = true; - } - -+static int vmx_check_intercept_io(struct kvm_vcpu *vcpu, -+ struct x86_instruction_info *info) -+{ -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ unsigned short port; -+ bool intercept; -+ int size; -+ -+ if (info->intercept == x86_intercept_in || -+ info->intercept == x86_intercept_ins) { -+ port = info->src_val; -+ size = info->dst_bytes; -+ } else { -+ port = info->dst_val; -+ size = info->src_bytes; -+ } -+ -+ /* -+ * If the 'use IO bitmaps' VM-execution control is 0, IO instruction -+ * VM-exits depend on the 'unconditional IO exiting' VM-execution -+ * control. -+ * -+ * Otherwise, IO instruction VM-exits are controlled by the IO bitmaps. -+ */ -+ if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS)) -+ intercept = nested_cpu_has(vmcs12, -+ CPU_BASED_UNCOND_IO_EXITING); -+ else -+ intercept = nested_vmx_check_io_bitmaps(vcpu, port, size); -+ -+ return intercept ? X86EMUL_UNHANDLEABLE : X86EMUL_CONTINUE; -+} -+ - static int vmx_check_intercept(struct kvm_vcpu *vcpu, - struct x86_instruction_info *info, - enum x86_intercept_stage stage) - { -- return X86EMUL_CONTINUE; -+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -+ struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt; -+ -+ switch (info->intercept) { -+ /* -+ * RDPID causes #UD if disabled through secondary execution controls. -+ * Because it is marked as EmulateOnUD, we need to intercept it here. -+ */ -+ case x86_intercept_rdtscp: -+ if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDTSCP)) { -+ ctxt->exception.vector = UD_VECTOR; -+ ctxt->exception.error_code_valid = false; -+ return X86EMUL_PROPAGATE_FAULT; -+ } -+ break; -+ -+ case x86_intercept_in: -+ case x86_intercept_ins: -+ case x86_intercept_out: -+ case x86_intercept_outs: -+ return vmx_check_intercept_io(vcpu, info); -+ -+ /* TODO: check more intercepts... */ -+ default: -+ break; -+ } -+ -+ return X86EMUL_UNHANDLEABLE; - } - - #ifdef CONFIG_X86_64 -diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c -deleted file mode 100644 -index 3791ce8d269e..000000000000 ---- a/arch/x86/kvm/vmx/vmx.c -+++ /dev/null -@@ -1,8033 +0,0 @@ --// SPDX-License-Identifier: GPL-2.0-only --/* -- * Kernel-based Virtual Machine driver for Linux -- * -- * This module enables machines with Intel VT-x extensions to run virtual -- * machines without emulation or binary translation. -- * -- * Copyright (C) 2006 Qumranet, Inc. -- * Copyright 2010 Red Hat, Inc. and/or its affiliates. -- * -- * Authors: -- * Avi Kivity -- * Yaniv Kamay -- */ -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --#include "capabilities.h" --#include "cpuid.h" --#include "evmcs.h" --#include "irq.h" --#include "kvm_cache_regs.h" --#include "lapic.h" --#include "mmu.h" --#include "nested.h" --#include "ops.h" --#include "pmu.h" --#include "trace.h" --#include "vmcs.h" --#include "vmcs12.h" --#include "vmx.h" --#include "x86.h" -- --MODULE_AUTHOR("Qumranet"); --MODULE_LICENSE("GPL"); -- --static const struct x86_cpu_id vmx_cpu_id[] = { -- X86_FEATURE_MATCH(X86_FEATURE_VMX), -- {} --}; --MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id); -- --bool __read_mostly enable_vpid = 1; --module_param_named(vpid, enable_vpid, bool, 0444); -- --static bool __read_mostly enable_vnmi = 1; --module_param_named(vnmi, enable_vnmi, bool, S_IRUGO); -- --bool __read_mostly flexpriority_enabled = 1; --module_param_named(flexpriority, flexpriority_enabled, bool, S_IRUGO); -- --bool __read_mostly enable_ept = 1; --module_param_named(ept, enable_ept, bool, S_IRUGO); -- --bool __read_mostly enable_unrestricted_guest = 1; --module_param_named(unrestricted_guest, -- enable_unrestricted_guest, bool, S_IRUGO); -- --bool __read_mostly enable_ept_ad_bits = 1; --module_param_named(eptad, enable_ept_ad_bits, bool, S_IRUGO); -- --static bool __read_mostly emulate_invalid_guest_state = true; --module_param(emulate_invalid_guest_state, bool, S_IRUGO); -- --static bool __read_mostly fasteoi = 1; --module_param(fasteoi, bool, S_IRUGO); -- --static bool __read_mostly enable_apicv = 1; --module_param(enable_apicv, bool, S_IRUGO); -- --/* -- * If nested=1, nested virtualization is supported, i.e., guests may use -- * VMX and be a hypervisor for its own guests. If nested=0, guests may not -- * use VMX instructions. -- */ --static bool __read_mostly nested = 1; --module_param(nested, bool, S_IRUGO); -- --bool __read_mostly enable_pml = 1; --module_param_named(pml, enable_pml, bool, S_IRUGO); -- --static bool __read_mostly dump_invalid_vmcs = 0; --module_param(dump_invalid_vmcs, bool, 0644); -- --#define MSR_BITMAP_MODE_X2APIC 1 --#define MSR_BITMAP_MODE_X2APIC_APICV 2 -- --#define KVM_VMX_TSC_MULTIPLIER_MAX 0xffffffffffffffffULL -- --/* Guest_tsc -> host_tsc conversion requires 64-bit division. */ --static int __read_mostly cpu_preemption_timer_multi; --static bool __read_mostly enable_preemption_timer = 1; --#ifdef CONFIG_X86_64 --module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO); --#endif -- --#define KVM_VM_CR0_ALWAYS_OFF (X86_CR0_NW | X86_CR0_CD) --#define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR0_NE --#define KVM_VM_CR0_ALWAYS_ON \ -- (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | \ -- X86_CR0_WP | X86_CR0_PG | X86_CR0_PE) --#define KVM_CR4_GUEST_OWNED_BITS \ -- (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ -- | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_TSD) -- --#define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR4_VMXE --#define KVM_PMODE_VM_CR4_ALWAYS_ON (X86_CR4_PAE | X86_CR4_VMXE) --#define KVM_RMODE_VM_CR4_ALWAYS_ON (X86_CR4_VME | X86_CR4_PAE | X86_CR4_VMXE) -- --#define RMODE_GUEST_OWNED_EFLAGS_BITS (~(X86_EFLAGS_IOPL | X86_EFLAGS_VM)) -- --#define MSR_IA32_RTIT_STATUS_MASK (~(RTIT_STATUS_FILTEREN | \ -- RTIT_STATUS_CONTEXTEN | RTIT_STATUS_TRIGGEREN | \ -- RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \ -- RTIT_STATUS_BYTECNT)) -- --#define MSR_IA32_RTIT_OUTPUT_BASE_MASK \ -- (~((1UL << cpuid_query_maxphyaddr(vcpu)) - 1) | 0x7f) -- --/* -- * These 2 parameters are used to config the controls for Pause-Loop Exiting: -- * ple_gap: upper bound on the amount of time between two successive -- * executions of PAUSE in a loop. Also indicate if ple enabled. -- * According to test, this time is usually smaller than 128 cycles. -- * ple_window: upper bound on the amount of time a guest is allowed to execute -- * in a PAUSE loop. Tests indicate that most spinlocks are held for -- * less than 2^12 cycles -- * Time is measured based on a counter that runs at the same rate as the TSC, -- * refer SDM volume 3b section 21.6.13 & 22.1.3. -- */ --static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; --module_param(ple_gap, uint, 0444); -- --static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; --module_param(ple_window, uint, 0444); -- --/* Default doubles per-vcpu window every exit. */ --static unsigned int ple_window_grow = KVM_DEFAULT_PLE_WINDOW_GROW; --module_param(ple_window_grow, uint, 0444); -- --/* Default resets per-vcpu window every exit to ple_window. */ --static unsigned int ple_window_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK; --module_param(ple_window_shrink, uint, 0444); -- --/* Default is to compute the maximum so we can never overflow. */ --static unsigned int ple_window_max = KVM_VMX_DEFAULT_PLE_WINDOW_MAX; --module_param(ple_window_max, uint, 0444); -- --/* Default is SYSTEM mode, 1 for host-guest mode */ --int __read_mostly pt_mode = PT_MODE_SYSTEM; --module_param(pt_mode, int, S_IRUGO); -- --static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush); --static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond); --static DEFINE_MUTEX(vmx_l1d_flush_mutex); -- --/* Storage for pre module init parameter parsing */ --static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO; -- --static const struct { -- const char *option; -- bool for_parse; --} vmentry_l1d_param[] = { -- [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, -- [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, -- [VMENTER_L1D_FLUSH_COND] = {"cond", true}, -- [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, -- [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, -- [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, --}; -- --#define L1D_CACHE_ORDER 4 --static void *vmx_l1d_flush_pages; -- --static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) --{ -- struct page *page; -- unsigned int i; -- -- if (!boot_cpu_has_bug(X86_BUG_L1TF)) { -- l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; -- return 0; -- } -- -- if (!enable_ept) { -- l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED; -- return 0; -- } -- -- if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) { -- u64 msr; -- -- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr); -- if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) { -- l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; -- return 0; -- } -- } -- -- /* If set to auto use the default l1tf mitigation method */ -- if (l1tf == VMENTER_L1D_FLUSH_AUTO) { -- switch (l1tf_mitigation) { -- case L1TF_MITIGATION_OFF: -- l1tf = VMENTER_L1D_FLUSH_NEVER; -- break; -- case L1TF_MITIGATION_FLUSH_NOWARN: -- case L1TF_MITIGATION_FLUSH: -- case L1TF_MITIGATION_FLUSH_NOSMT: -- l1tf = VMENTER_L1D_FLUSH_COND; -- break; -- case L1TF_MITIGATION_FULL: -- case L1TF_MITIGATION_FULL_FORCE: -- l1tf = VMENTER_L1D_FLUSH_ALWAYS; -- break; -- } -- } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) { -- l1tf = VMENTER_L1D_FLUSH_ALWAYS; -- } -- -- if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages && -- !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) { -- /* -- * This allocation for vmx_l1d_flush_pages is not tied to a VM -- * lifetime and so should not be charged to a memcg. -- */ -- page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER); -- if (!page) -- return -ENOMEM; -- vmx_l1d_flush_pages = page_address(page); -- -- /* -- * Initialize each page with a different pattern in -- * order to protect against KSM in the nested -- * virtualization case. -- */ -- for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) { -- memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1, -- PAGE_SIZE); -- } -- } -- -- l1tf_vmx_mitigation = l1tf; -- -- if (l1tf != VMENTER_L1D_FLUSH_NEVER) -- static_branch_enable(&vmx_l1d_should_flush); -- else -- static_branch_disable(&vmx_l1d_should_flush); -- -- if (l1tf == VMENTER_L1D_FLUSH_COND) -- static_branch_enable(&vmx_l1d_flush_cond); -- else -- static_branch_disable(&vmx_l1d_flush_cond); -- return 0; --} -- --static int vmentry_l1d_flush_parse(const char *s) --{ -- unsigned int i; -- -- if (s) { -- for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { -- if (vmentry_l1d_param[i].for_parse && -- sysfs_streq(s, vmentry_l1d_param[i].option)) -- return i; -- } -- } -- return -EINVAL; --} -- --static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) --{ -- int l1tf, ret; -- -- l1tf = vmentry_l1d_flush_parse(s); -- if (l1tf < 0) -- return l1tf; -- -- if (!boot_cpu_has(X86_BUG_L1TF)) -- return 0; -- -- /* -- * Has vmx_init() run already? If not then this is the pre init -- * parameter parsing. In that case just store the value and let -- * vmx_init() do the proper setup after enable_ept has been -- * established. -- */ -- if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) { -- vmentry_l1d_flush_param = l1tf; -- return 0; -- } -- -- mutex_lock(&vmx_l1d_flush_mutex); -- ret = vmx_setup_l1d_flush(l1tf); -- mutex_unlock(&vmx_l1d_flush_mutex); -- return ret; --} -- --static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) --{ -- if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) -- return sprintf(s, "???\n"); -- -- return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); --} -- --static const struct kernel_param_ops vmentry_l1d_flush_ops = { -- .set = vmentry_l1d_flush_set, -- .get = vmentry_l1d_flush_get, --}; --module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644); -- --static bool guest_state_valid(struct kvm_vcpu *vcpu); --static u32 vmx_segment_access_rights(struct kvm_segment *var); --static __always_inline void vmx_disable_intercept_for_msr(unsigned long *msr_bitmap, -- u32 msr, int type); -- --void vmx_vmexit(void); -- --#define vmx_insn_failed(fmt...) \ --do { \ -- WARN_ONCE(1, fmt); \ -- pr_warn_ratelimited(fmt); \ --} while (0) -- --asmlinkage void vmread_error(unsigned long field, bool fault) --{ -- if (fault) -- kvm_spurious_fault(); -- else -- vmx_insn_failed("kvm: vmread failed: field=%lx\n", field); --} -- --noinline void vmwrite_error(unsigned long field, unsigned long value) --{ -- vmx_insn_failed("kvm: vmwrite failed: field=%lx val=%lx err=%d\n", -- field, value, vmcs_read32(VM_INSTRUCTION_ERROR)); --} -- --noinline void vmclear_error(struct vmcs *vmcs, u64 phys_addr) --{ -- vmx_insn_failed("kvm: vmclear failed: %p/%llx\n", vmcs, phys_addr); --} -- --noinline void vmptrld_error(struct vmcs *vmcs, u64 phys_addr) --{ -- vmx_insn_failed("kvm: vmptrld failed: %p/%llx\n", vmcs, phys_addr); --} -- --noinline void invvpid_error(unsigned long ext, u16 vpid, gva_t gva) --{ -- vmx_insn_failed("kvm: invvpid failed: ext=0x%lx vpid=%u gva=0x%lx\n", -- ext, vpid, gva); --} -- --noinline void invept_error(unsigned long ext, u64 eptp, gpa_t gpa) --{ -- vmx_insn_failed("kvm: invept failed: ext=0x%lx eptp=%llx gpa=0x%llx\n", -- ext, eptp, gpa); --} -- --static DEFINE_PER_CPU(struct vmcs *, vmxarea); --DEFINE_PER_CPU(struct vmcs *, current_vmcs); --/* -- * We maintain a per-CPU linked-list of VMCS loaded on that CPU. This is needed -- * when a CPU is brought down, and we need to VMCLEAR all VMCSs loaded on it. -- */ --static DEFINE_PER_CPU(struct list_head, loaded_vmcss_on_cpu); -- --/* -- * We maintian a per-CPU linked-list of vCPU, so in wakeup_handler() we -- * can find which vCPU should be waken up. -- */ --static DEFINE_PER_CPU(struct list_head, blocked_vcpu_on_cpu); --static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock); -- --static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS); --static DEFINE_SPINLOCK(vmx_vpid_lock); -- --struct vmcs_config vmcs_config; --struct vmx_capability vmx_capability; -- --#define VMX_SEGMENT_FIELD(seg) \ -- [VCPU_SREG_##seg] = { \ -- .selector = GUEST_##seg##_SELECTOR, \ -- .base = GUEST_##seg##_BASE, \ -- .limit = GUEST_##seg##_LIMIT, \ -- .ar_bytes = GUEST_##seg##_AR_BYTES, \ -- } -- --static const struct kvm_vmx_segment_field { -- unsigned selector; -- unsigned base; -- unsigned limit; -- unsigned ar_bytes; --} kvm_vmx_segment_fields[] = { -- VMX_SEGMENT_FIELD(CS), -- VMX_SEGMENT_FIELD(DS), -- VMX_SEGMENT_FIELD(ES), -- VMX_SEGMENT_FIELD(FS), -- VMX_SEGMENT_FIELD(GS), -- VMX_SEGMENT_FIELD(SS), -- VMX_SEGMENT_FIELD(TR), -- VMX_SEGMENT_FIELD(LDTR), --}; -- --u64 host_efer; --static unsigned long host_idt_base; -- --/* -- * Though SYSCALL is only supported in 64-bit mode on Intel CPUs, kvm -- * will emulate SYSCALL in legacy mode if the vendor string in guest -- * CPUID.0:{EBX,ECX,EDX} is "AuthenticAMD" or "AMDisbetter!" To -- * support this emulation, IA32_STAR must always be included in -- * vmx_msr_index[], even in i386 builds. -- */ --const u32 vmx_msr_index[] = { --#ifdef CONFIG_X86_64 -- MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR, --#endif -- MSR_EFER, MSR_TSC_AUX, MSR_STAR, -- MSR_IA32_TSX_CTRL, --}; -- --#if IS_ENABLED(CONFIG_HYPERV) --static bool __read_mostly enlightened_vmcs = true; --module_param(enlightened_vmcs, bool, 0444); -- --/* check_ept_pointer() should be under protection of ept_pointer_lock. */ --static void check_ept_pointer_match(struct kvm *kvm) --{ -- struct kvm_vcpu *vcpu; -- u64 tmp_eptp = INVALID_PAGE; -- int i; -- -- kvm_for_each_vcpu(i, vcpu, kvm) { -- if (!VALID_PAGE(tmp_eptp)) { -- tmp_eptp = to_vmx(vcpu)->ept_pointer; -- } else if (tmp_eptp != to_vmx(vcpu)->ept_pointer) { -- to_kvm_vmx(kvm)->ept_pointers_match -- = EPT_POINTERS_MISMATCH; -- return; -- } -- } -- -- to_kvm_vmx(kvm)->ept_pointers_match = EPT_POINTERS_MATCH; --} -- --static int kvm_fill_hv_flush_list_func(struct hv_guest_mapping_flush_list *flush, -- void *data) --{ -- struct kvm_tlb_range *range = data; -- -- return hyperv_fill_flush_guest_mapping_list(flush, range->start_gfn, -- range->pages); --} -- --static inline int __hv_remote_flush_tlb_with_range(struct kvm *kvm, -- struct kvm_vcpu *vcpu, struct kvm_tlb_range *range) --{ -- u64 ept_pointer = to_vmx(vcpu)->ept_pointer; -- -- /* -- * FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE hypercall needs address -- * of the base of EPT PML4 table, strip off EPT configuration -- * information. -- */ -- if (range) -- return hyperv_flush_guest_mapping_range(ept_pointer & PAGE_MASK, -- kvm_fill_hv_flush_list_func, (void *)range); -- else -- return hyperv_flush_guest_mapping(ept_pointer & PAGE_MASK); --} -- --static int hv_remote_flush_tlb_with_range(struct kvm *kvm, -- struct kvm_tlb_range *range) --{ -- struct kvm_vcpu *vcpu; -- int ret = 0, i; -- -- spin_lock(&to_kvm_vmx(kvm)->ept_pointer_lock); -- -- if (to_kvm_vmx(kvm)->ept_pointers_match == EPT_POINTERS_CHECK) -- check_ept_pointer_match(kvm); -- -- if (to_kvm_vmx(kvm)->ept_pointers_match != EPT_POINTERS_MATCH) { -- kvm_for_each_vcpu(i, vcpu, kvm) { -- /* If ept_pointer is invalid pointer, bypass flush request. */ -- if (VALID_PAGE(to_vmx(vcpu)->ept_pointer)) -- ret |= __hv_remote_flush_tlb_with_range( -- kvm, vcpu, range); -- } -- } else { -- ret = __hv_remote_flush_tlb_with_range(kvm, -- kvm_get_vcpu(kvm, 0), range); -- } -- -- spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); -- return ret; --} --static int hv_remote_flush_tlb(struct kvm *kvm) --{ -- return hv_remote_flush_tlb_with_range(kvm, NULL); --} -- --static int hv_enable_direct_tlbflush(struct kvm_vcpu *vcpu) --{ -- struct hv_enlightened_vmcs *evmcs; -- struct hv_partition_assist_pg **p_hv_pa_pg = -- &vcpu->kvm->arch.hyperv.hv_pa_pg; -- /* -- * Synthetic VM-Exit is not enabled in current code and so All -- * evmcs in singe VM shares same assist page. -- */ -- if (!*p_hv_pa_pg) -- *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL); -- -- if (!*p_hv_pa_pg) -- return -ENOMEM; -- -- evmcs = (struct hv_enlightened_vmcs *)to_vmx(vcpu)->loaded_vmcs->vmcs; -- -- evmcs->partition_assist_page = -- __pa(*p_hv_pa_pg); -- evmcs->hv_vm_id = (unsigned long)vcpu->kvm; -- evmcs->hv_enlightenments_control.nested_flush_hypercall = 1; -- -- return 0; --} -- --#endif /* IS_ENABLED(CONFIG_HYPERV) */ -- --/* -- * Comment's format: document - errata name - stepping - processor name. -- * Refer from -- * https://www.virtualbox.org/svn/vbox/trunk/src/VBox/VMM/VMMR0/HMR0.cpp -- */ --static u32 vmx_preemption_cpu_tfms[] = { --/* 323344.pdf - BA86 - D0 - Xeon 7500 Series */ --0x000206E6, --/* 323056.pdf - AAX65 - C2 - Xeon L3406 */ --/* 322814.pdf - AAT59 - C2 - i7-600, i5-500, i5-400 and i3-300 Mobile */ --/* 322911.pdf - AAU65 - C2 - i5-600, i3-500 Desktop and Pentium G6950 */ --0x00020652, --/* 322911.pdf - AAU65 - K0 - i5-600, i3-500 Desktop and Pentium G6950 */ --0x00020655, --/* 322373.pdf - AAO95 - B1 - Xeon 3400 Series */ --/* 322166.pdf - AAN92 - B1 - i7-800 and i5-700 Desktop */ --/* -- * 320767.pdf - AAP86 - B1 - -- * i7-900 Mobile Extreme, i7-800 and i7-700 Mobile -- */ --0x000106E5, --/* 321333.pdf - AAM126 - C0 - Xeon 3500 */ --0x000106A0, --/* 321333.pdf - AAM126 - C1 - Xeon 3500 */ --0x000106A1, --/* 320836.pdf - AAJ124 - C0 - i7-900 Desktop Extreme and i7-900 Desktop */ --0x000106A4, -- /* 321333.pdf - AAM126 - D0 - Xeon 3500 */ -- /* 321324.pdf - AAK139 - D0 - Xeon 5500 */ -- /* 320836.pdf - AAJ124 - D0 - i7-900 Extreme and i7-900 Desktop */ --0x000106A5, -- /* Xeon E3-1220 V2 */ --0x000306A8, --}; -- --static inline bool cpu_has_broken_vmx_preemption_timer(void) --{ -- u32 eax = cpuid_eax(0x00000001), i; -- -- /* Clear the reserved bits */ -- eax &= ~(0x3U << 14 | 0xfU << 28); -- for (i = 0; i < ARRAY_SIZE(vmx_preemption_cpu_tfms); i++) -- if (eax == vmx_preemption_cpu_tfms[i]) -- return true; -- -- return false; --} -- --static inline bool cpu_need_virtualize_apic_accesses(struct kvm_vcpu *vcpu) --{ -- return flexpriority_enabled && lapic_in_kernel(vcpu); --} -- --static inline bool report_flexpriority(void) --{ -- return flexpriority_enabled; --} -- --static inline int __find_msr_index(struct vcpu_vmx *vmx, u32 msr) --{ -- int i; -- -- for (i = 0; i < vmx->nmsrs; ++i) -- if (vmx_msr_index[vmx->guest_msrs[i].index] == msr) -- return i; -- return -1; --} -- --struct shared_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr) --{ -- int i; -- -- i = __find_msr_index(vmx, msr); -- if (i >= 0) -- return &vmx->guest_msrs[i]; -- return NULL; --} -- --static int vmx_set_guest_msr(struct vcpu_vmx *vmx, struct shared_msr_entry *msr, u64 data) --{ -- int ret = 0; -- -- u64 old_msr_data = msr->data; -- msr->data = data; -- if (msr - vmx->guest_msrs < vmx->save_nmsrs) { -- preempt_disable(); -- ret = kvm_set_shared_msr(msr->index, msr->data, -- msr->mask); -- preempt_enable(); -- if (ret) -- msr->data = old_msr_data; -- } -- return ret; --} -- --void loaded_vmcs_init(struct loaded_vmcs *loaded_vmcs) --{ -- vmcs_clear(loaded_vmcs->vmcs); -- if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched) -- vmcs_clear(loaded_vmcs->shadow_vmcs); -- loaded_vmcs->cpu = -1; -- loaded_vmcs->launched = 0; --} -- --#ifdef CONFIG_KEXEC_CORE --/* -- * This bitmap is used to indicate whether the vmclear -- * operation is enabled on all cpus. All disabled by -- * default. -- */ --static cpumask_t crash_vmclear_enabled_bitmap = CPU_MASK_NONE; -- --static inline void crash_enable_local_vmclear(int cpu) --{ -- cpumask_set_cpu(cpu, &crash_vmclear_enabled_bitmap); --} -- --static inline void crash_disable_local_vmclear(int cpu) --{ -- cpumask_clear_cpu(cpu, &crash_vmclear_enabled_bitmap); --} -- --static inline int crash_local_vmclear_enabled(int cpu) --{ -- return cpumask_test_cpu(cpu, &crash_vmclear_enabled_bitmap); --} -- --static void crash_vmclear_local_loaded_vmcss(void) --{ -- int cpu = raw_smp_processor_id(); -- struct loaded_vmcs *v; -- -- if (!crash_local_vmclear_enabled(cpu)) -- return; -- -- list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu), -- loaded_vmcss_on_cpu_link) -- vmcs_clear(v->vmcs); --} --#else --static inline void crash_enable_local_vmclear(int cpu) { } --static inline void crash_disable_local_vmclear(int cpu) { } --#endif /* CONFIG_KEXEC_CORE */ -- --static void __loaded_vmcs_clear(void *arg) --{ -- struct loaded_vmcs *loaded_vmcs = arg; -- int cpu = raw_smp_processor_id(); -- -- if (loaded_vmcs->cpu != cpu) -- return; /* vcpu migration can race with cpu offline */ -- if (per_cpu(current_vmcs, cpu) == loaded_vmcs->vmcs) -- per_cpu(current_vmcs, cpu) = NULL; -- crash_disable_local_vmclear(cpu); -- list_del(&loaded_vmcs->loaded_vmcss_on_cpu_link); -- -- /* -- * we should ensure updating loaded_vmcs->loaded_vmcss_on_cpu_link -- * is before setting loaded_vmcs->vcpu to -1 which is done in -- * loaded_vmcs_init. Otherwise, other cpu can see vcpu = -1 fist -- * then adds the vmcs into percpu list before it is deleted. -- */ -- smp_wmb(); -- -- loaded_vmcs_init(loaded_vmcs); -- crash_enable_local_vmclear(cpu); --} -- --void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs) --{ -- int cpu = loaded_vmcs->cpu; -- -- if (cpu != -1) -- smp_call_function_single(cpu, -- __loaded_vmcs_clear, loaded_vmcs, 1); --} -- --static bool vmx_segment_cache_test_set(struct vcpu_vmx *vmx, unsigned seg, -- unsigned field) --{ -- bool ret; -- u32 mask = 1 << (seg * SEG_FIELD_NR + field); -- -- if (!kvm_register_is_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS)) { -- kvm_register_mark_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS); -- vmx->segment_cache.bitmask = 0; -- } -- ret = vmx->segment_cache.bitmask & mask; -- vmx->segment_cache.bitmask |= mask; -- return ret; --} -- --static u16 vmx_read_guest_seg_selector(struct vcpu_vmx *vmx, unsigned seg) --{ -- u16 *p = &vmx->segment_cache.seg[seg].selector; -- -- if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_SEL)) -- *p = vmcs_read16(kvm_vmx_segment_fields[seg].selector); -- return *p; --} -- --static ulong vmx_read_guest_seg_base(struct vcpu_vmx *vmx, unsigned seg) --{ -- ulong *p = &vmx->segment_cache.seg[seg].base; -- -- if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_BASE)) -- *p = vmcs_readl(kvm_vmx_segment_fields[seg].base); -- return *p; --} -- --static u32 vmx_read_guest_seg_limit(struct vcpu_vmx *vmx, unsigned seg) --{ -- u32 *p = &vmx->segment_cache.seg[seg].limit; -- -- if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_LIMIT)) -- *p = vmcs_read32(kvm_vmx_segment_fields[seg].limit); -- return *p; --} -- --static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg) --{ -- u32 *p = &vmx->segment_cache.seg[seg].ar; -- -- if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_AR)) -- *p = vmcs_read32(kvm_vmx_segment_fields[seg].ar_bytes); -- return *p; --} -- --void update_exception_bitmap(struct kvm_vcpu *vcpu) --{ -- u32 eb; -- -- eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) | -- (1u << DB_VECTOR) | (1u << AC_VECTOR); -- /* -- * Guest access to VMware backdoor ports could legitimately -- * trigger #GP because of TSS I/O permission bitmap. -- * We intercept those #GP and allow access to them anyway -- * as VMware does. -- */ -- if (enable_vmware_backdoor) -- eb |= (1u << GP_VECTOR); -- if ((vcpu->guest_debug & -- (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) == -- (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) -- eb |= 1u << BP_VECTOR; -- if (to_vmx(vcpu)->rmode.vm86_active) -- eb = ~0; -- if (enable_ept) -- eb &= ~(1u << PF_VECTOR); /* bypass_guest_pf = 0 */ -- -- /* When we are running a nested L2 guest and L1 specified for it a -- * certain exception bitmap, we must trap the same exceptions and pass -- * them to L1. When running L2, we will only handle the exceptions -- * specified above if L1 did not want them. -- */ -- if (is_guest_mode(vcpu)) -- eb |= get_vmcs12(vcpu)->exception_bitmap; -- -- vmcs_write32(EXCEPTION_BITMAP, eb); --} -- --/* -- * Check if MSR is intercepted for currently loaded MSR bitmap. -- */ --static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) --{ -- unsigned long *msr_bitmap; -- int f = sizeof(unsigned long); -- -- if (!cpu_has_vmx_msr_bitmap()) -- return true; -- -- msr_bitmap = to_vmx(vcpu)->loaded_vmcs->msr_bitmap; -- -- if (msr <= 0x1fff) { -- return !!test_bit(msr, msr_bitmap + 0x800 / f); -- } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -- msr &= 0x1fff; -- return !!test_bit(msr, msr_bitmap + 0xc00 / f); -- } -- -- return true; --} -- --static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx, -- unsigned long entry, unsigned long exit) --{ -- vm_entry_controls_clearbit(vmx, entry); -- vm_exit_controls_clearbit(vmx, exit); --} -- --int vmx_find_msr_index(struct vmx_msrs *m, u32 msr) --{ -- unsigned int i; -- -- for (i = 0; i < m->nr; ++i) { -- if (m->val[i].index == msr) -- return i; -- } -- return -ENOENT; --} -- --static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) --{ -- int i; -- struct msr_autoload *m = &vmx->msr_autoload; -- -- switch (msr) { -- case MSR_EFER: -- if (cpu_has_load_ia32_efer()) { -- clear_atomic_switch_msr_special(vmx, -- VM_ENTRY_LOAD_IA32_EFER, -- VM_EXIT_LOAD_IA32_EFER); -- return; -- } -- break; -- case MSR_CORE_PERF_GLOBAL_CTRL: -- if (cpu_has_load_perf_global_ctrl()) { -- clear_atomic_switch_msr_special(vmx, -- VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, -- VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL); -- return; -- } -- break; -- } -- i = vmx_find_msr_index(&m->guest, msr); -- if (i < 0) -- goto skip_guest; -- --m->guest.nr; -- m->guest.val[i] = m->guest.val[m->guest.nr]; -- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); -- --skip_guest: -- i = vmx_find_msr_index(&m->host, msr); -- if (i < 0) -- return; -- -- --m->host.nr; -- m->host.val[i] = m->host.val[m->host.nr]; -- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); --} -- --static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, -- unsigned long entry, unsigned long exit, -- unsigned long guest_val_vmcs, unsigned long host_val_vmcs, -- u64 guest_val, u64 host_val) --{ -- vmcs_write64(guest_val_vmcs, guest_val); -- if (host_val_vmcs != HOST_IA32_EFER) -- vmcs_write64(host_val_vmcs, host_val); -- vm_entry_controls_setbit(vmx, entry); -- vm_exit_controls_setbit(vmx, exit); --} -- --static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, -- u64 guest_val, u64 host_val, bool entry_only) --{ -- int i, j = 0; -- struct msr_autoload *m = &vmx->msr_autoload; -- -- switch (msr) { -- case MSR_EFER: -- if (cpu_has_load_ia32_efer()) { -- add_atomic_switch_msr_special(vmx, -- VM_ENTRY_LOAD_IA32_EFER, -- VM_EXIT_LOAD_IA32_EFER, -- GUEST_IA32_EFER, -- HOST_IA32_EFER, -- guest_val, host_val); -- return; -- } -- break; -- case MSR_CORE_PERF_GLOBAL_CTRL: -- if (cpu_has_load_perf_global_ctrl()) { -- add_atomic_switch_msr_special(vmx, -- VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, -- VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL, -- GUEST_IA32_PERF_GLOBAL_CTRL, -- HOST_IA32_PERF_GLOBAL_CTRL, -- guest_val, host_val); -- return; -- } -- break; -- case MSR_IA32_PEBS_ENABLE: -- /* PEBS needs a quiescent period after being disabled (to write -- * a record). Disabling PEBS through VMX MSR swapping doesn't -- * provide that period, so a CPU could write host's record into -- * guest's memory. -- */ -- wrmsrl(MSR_IA32_PEBS_ENABLE, 0); -- } -- -- i = vmx_find_msr_index(&m->guest, msr); -- if (!entry_only) -- j = vmx_find_msr_index(&m->host, msr); -- -- if ((i < 0 && m->guest.nr == NR_LOADSTORE_MSRS) || -- (j < 0 && m->host.nr == NR_LOADSTORE_MSRS)) { -- printk_once(KERN_WARNING "Not enough msr switch entries. " -- "Can't add msr %x\n", msr); -- return; -- } -- if (i < 0) { -- i = m->guest.nr++; -- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); -- } -- m->guest.val[i].index = msr; -- m->guest.val[i].value = guest_val; -- -- if (entry_only) -- return; -- -- if (j < 0) { -- j = m->host.nr++; -- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); -- } -- m->host.val[j].index = msr; -- m->host.val[j].value = host_val; --} -- --static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) --{ -- u64 guest_efer = vmx->vcpu.arch.efer; -- u64 ignore_bits = 0; -- -- /* Shadow paging assumes NX to be available. */ -- if (!enable_ept) -- guest_efer |= EFER_NX; -- -- /* -- * LMA and LME handled by hardware; SCE meaningless outside long mode. -- */ -- ignore_bits |= EFER_SCE; --#ifdef CONFIG_X86_64 -- ignore_bits |= EFER_LMA | EFER_LME; -- /* SCE is meaningful only in long mode on Intel */ -- if (guest_efer & EFER_LMA) -- ignore_bits &= ~(u64)EFER_SCE; --#endif -- -- /* -- * On EPT, we can't emulate NX, so we must switch EFER atomically. -- * On CPUs that support "load IA32_EFER", always switch EFER -- * atomically, since it's faster than switching it manually. -- */ -- if (cpu_has_load_ia32_efer() || -- (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) { -- if (!(guest_efer & EFER_LMA)) -- guest_efer &= ~EFER_LME; -- if (guest_efer != host_efer) -- add_atomic_switch_msr(vmx, MSR_EFER, -- guest_efer, host_efer, false); -- else -- clear_atomic_switch_msr(vmx, MSR_EFER); -- return false; -- } else { -- clear_atomic_switch_msr(vmx, MSR_EFER); -- -- guest_efer &= ~ignore_bits; -- guest_efer |= host_efer & ignore_bits; -- -- vmx->guest_msrs[efer_offset].data = guest_efer; -- vmx->guest_msrs[efer_offset].mask = ~ignore_bits; -- -- return true; -- } --} -- --#ifdef CONFIG_X86_32 --/* -- * On 32-bit kernels, VM exits still load the FS and GS bases from the -- * VMCS rather than the segment table. KVM uses this helper to figure -- * out the current bases to poke them into the VMCS before entry. -- */ --static unsigned long segment_base(u16 selector) --{ -- struct desc_struct *table; -- unsigned long v; -- -- if (!(selector & ~SEGMENT_RPL_MASK)) -- return 0; -- -- table = get_current_gdt_ro(); -- -- if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) { -- u16 ldt_selector = kvm_read_ldt(); -- -- if (!(ldt_selector & ~SEGMENT_RPL_MASK)) -- return 0; -- -- table = (struct desc_struct *)segment_base(ldt_selector); -- } -- v = get_desc_base(&table[selector >> 3]); -- return v; --} --#endif -- --static inline void pt_load_msr(struct pt_ctx *ctx, u32 addr_range) --{ -- u32 i; -- -- wrmsrl(MSR_IA32_RTIT_STATUS, ctx->status); -- wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base); -- wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask); -- wrmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match); -- for (i = 0; i < addr_range; i++) { -- wrmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]); -- wrmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]); -- } --} -- --static inline void pt_save_msr(struct pt_ctx *ctx, u32 addr_range) --{ -- u32 i; -- -- rdmsrl(MSR_IA32_RTIT_STATUS, ctx->status); -- rdmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base); -- rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask); -- rdmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match); -- for (i = 0; i < addr_range; i++) { -- rdmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]); -- rdmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]); -- } --} -- --static void pt_guest_enter(struct vcpu_vmx *vmx) --{ -- if (pt_mode == PT_MODE_SYSTEM) -- return; -- -- /* -- * GUEST_IA32_RTIT_CTL is already set in the VMCS. -- * Save host state before VM entry. -- */ -- rdmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl); -- if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) { -- wrmsrl(MSR_IA32_RTIT_CTL, 0); -- pt_save_msr(&vmx->pt_desc.host, vmx->pt_desc.addr_range); -- pt_load_msr(&vmx->pt_desc.guest, vmx->pt_desc.addr_range); -- } --} -- --static void pt_guest_exit(struct vcpu_vmx *vmx) --{ -- if (pt_mode == PT_MODE_SYSTEM) -- return; -- -- if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) { -- pt_save_msr(&vmx->pt_desc.guest, vmx->pt_desc.addr_range); -- pt_load_msr(&vmx->pt_desc.host, vmx->pt_desc.addr_range); -- } -- -- /* Reload host state (IA32_RTIT_CTL will be cleared on VM exit). */ -- wrmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl); --} -- --void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel, -- unsigned long fs_base, unsigned long gs_base) --{ -- if (unlikely(fs_sel != host->fs_sel)) { -- if (!(fs_sel & 7)) -- vmcs_write16(HOST_FS_SELECTOR, fs_sel); -- else -- vmcs_write16(HOST_FS_SELECTOR, 0); -- host->fs_sel = fs_sel; -- } -- if (unlikely(gs_sel != host->gs_sel)) { -- if (!(gs_sel & 7)) -- vmcs_write16(HOST_GS_SELECTOR, gs_sel); -- else -- vmcs_write16(HOST_GS_SELECTOR, 0); -- host->gs_sel = gs_sel; -- } -- if (unlikely(fs_base != host->fs_base)) { -- vmcs_writel(HOST_FS_BASE, fs_base); -- host->fs_base = fs_base; -- } -- if (unlikely(gs_base != host->gs_base)) { -- vmcs_writel(HOST_GS_BASE, gs_base); -- host->gs_base = gs_base; -- } --} -- --void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct vmcs_host_state *host_state; --#ifdef CONFIG_X86_64 -- int cpu = raw_smp_processor_id(); --#endif -- unsigned long fs_base, gs_base; -- u16 fs_sel, gs_sel; -- int i; -- -- vmx->req_immediate_exit = false; -- -- /* -- * Note that guest MSRs to be saved/restored can also be changed -- * when guest state is loaded. This happens when guest transitions -- * to/from long-mode by setting MSR_EFER.LMA. -- */ -- if (!vmx->guest_msrs_ready) { -- vmx->guest_msrs_ready = true; -- for (i = 0; i < vmx->save_nmsrs; ++i) -- kvm_set_shared_msr(vmx->guest_msrs[i].index, -- vmx->guest_msrs[i].data, -- vmx->guest_msrs[i].mask); -- -- } -- if (vmx->guest_state_loaded) -- return; -- -- host_state = &vmx->loaded_vmcs->host_state; -- -- /* -- * Set host fs and gs selectors. Unfortunately, 22.2.3 does not -- * allow segment selectors with cpl > 0 or ti == 1. -- */ -- host_state->ldt_sel = kvm_read_ldt(); -- --#ifdef CONFIG_X86_64 -- savesegment(ds, host_state->ds_sel); -- savesegment(es, host_state->es_sel); -- -- gs_base = cpu_kernelmode_gs_base(cpu); -- if (likely(is_64bit_mm(current->mm))) { -- save_fsgs_for_kvm(); -- fs_sel = current->thread.fsindex; -- gs_sel = current->thread.gsindex; -- fs_base = current->thread.fsbase; -- vmx->msr_host_kernel_gs_base = current->thread.gsbase; -- } else { -- savesegment(fs, fs_sel); -- savesegment(gs, gs_sel); -- fs_base = read_msr(MSR_FS_BASE); -- vmx->msr_host_kernel_gs_base = read_msr(MSR_KERNEL_GS_BASE); -- } -- -- wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); --#else -- savesegment(fs, fs_sel); -- savesegment(gs, gs_sel); -- fs_base = segment_base(fs_sel); -- gs_base = segment_base(gs_sel); --#endif -- -- vmx_set_host_fs_gs(host_state, fs_sel, gs_sel, fs_base, gs_base); -- vmx->guest_state_loaded = true; --} -- --static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx) --{ -- struct vmcs_host_state *host_state; -- -- if (!vmx->guest_state_loaded) -- return; -- -- host_state = &vmx->loaded_vmcs->host_state; -- -- ++vmx->vcpu.stat.host_state_reload; -- --#ifdef CONFIG_X86_64 -- rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); --#endif -- if (host_state->ldt_sel || (host_state->gs_sel & 7)) { -- kvm_load_ldt(host_state->ldt_sel); --#ifdef CONFIG_X86_64 -- load_gs_index(host_state->gs_sel); --#else -- loadsegment(gs, host_state->gs_sel); --#endif -- } -- if (host_state->fs_sel & 7) -- loadsegment(fs, host_state->fs_sel); --#ifdef CONFIG_X86_64 -- if (unlikely(host_state->ds_sel | host_state->es_sel)) { -- loadsegment(ds, host_state->ds_sel); -- loadsegment(es, host_state->es_sel); -- } --#endif -- invalidate_tss_limit(); --#ifdef CONFIG_X86_64 -- wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base); --#endif -- load_fixmap_gdt(raw_smp_processor_id()); -- vmx->guest_state_loaded = false; -- vmx->guest_msrs_ready = false; --} -- --#ifdef CONFIG_X86_64 --static u64 vmx_read_guest_kernel_gs_base(struct vcpu_vmx *vmx) --{ -- preempt_disable(); -- if (vmx->guest_state_loaded) -- rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); -- preempt_enable(); -- return vmx->msr_guest_kernel_gs_base; --} -- --static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data) --{ -- preempt_disable(); -- if (vmx->guest_state_loaded) -- wrmsrl(MSR_KERNEL_GS_BASE, data); -- preempt_enable(); -- vmx->msr_guest_kernel_gs_base = data; --} --#endif -- --static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu) --{ -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- struct pi_desc old, new; -- unsigned int dest; -- -- /* -- * In case of hot-plug or hot-unplug, we may have to undo -- * vmx_vcpu_pi_put even if there is no assigned device. And we -- * always keep PI.NDST up to date for simplicity: it makes the -- * code easier, and CPU migration is not a fast path. -- */ -- if (!pi_test_sn(pi_desc) && vcpu->cpu == cpu) -- return; -- -- /* -- * If the 'nv' field is POSTED_INTR_WAKEUP_VECTOR, do not change -- * PI.NDST: pi_post_block is the one expected to change PID.NDST and the -- * wakeup handler expects the vCPU to be on the blocked_vcpu_list that -- * matches PI.NDST. Otherwise, a vcpu may not be able to be woken up -- * correctly. -- */ -- if (pi_desc->nv == POSTED_INTR_WAKEUP_VECTOR || vcpu->cpu == cpu) { -- pi_clear_sn(pi_desc); -- goto after_clear_sn; -- } -- -- /* The full case. */ -- do { -- old.control = new.control = pi_desc->control; -- -- dest = cpu_physical_id(cpu); -- -- if (x2apic_enabled()) -- new.ndst = dest; -- else -- new.ndst = (dest << 8) & 0xFF00; -- -- new.sn = 0; -- } while (cmpxchg64(&pi_desc->control, old.control, -- new.control) != old.control); -- --after_clear_sn: -- -- /* -- * Clear SN before reading the bitmap. The VT-d firmware -- * writes the bitmap and reads SN atomically (5.2.3 in the -- * spec), so it doesn't really have a memory barrier that -- * pairs with this, but we cannot do that and we need one. -- */ -- smp_mb__after_atomic(); -- -- if (!pi_is_pir_empty(pi_desc)) -- pi_set_on(pi_desc); --} -- --void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- bool already_loaded = vmx->loaded_vmcs->cpu == cpu; -- -- if (!already_loaded) { -- loaded_vmcs_clear(vmx->loaded_vmcs); -- local_irq_disable(); -- crash_disable_local_vmclear(cpu); -- -- /* -- * Read loaded_vmcs->cpu should be before fetching -- * loaded_vmcs->loaded_vmcss_on_cpu_link. -- * See the comments in __loaded_vmcs_clear(). -- */ -- smp_rmb(); -- -- list_add(&vmx->loaded_vmcs->loaded_vmcss_on_cpu_link, -- &per_cpu(loaded_vmcss_on_cpu, cpu)); -- crash_enable_local_vmclear(cpu); -- local_irq_enable(); -- } -- -- if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { -- per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; -- vmcs_load(vmx->loaded_vmcs->vmcs); -- indirect_branch_prediction_barrier(); -- } -- -- if (!already_loaded) { -- void *gdt = get_current_gdt_ro(); -- unsigned long sysenter_esp; -- -- kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -- -- /* -- * Linux uses per-cpu TSS and GDT, so set these when switching -- * processors. See 22.2.4. -- */ -- vmcs_writel(HOST_TR_BASE, -- (unsigned long)&get_cpu_entry_area(cpu)->tss.x86_tss); -- vmcs_writel(HOST_GDTR_BASE, (unsigned long)gdt); /* 22.2.4 */ -- -- rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); -- vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ -- -- vmx->loaded_vmcs->cpu = cpu; -- } -- -- /* Setup TSC multiplier */ -- if (kvm_has_tsc_control && -- vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio) -- decache_tsc_multiplier(vmx); --} -- --/* -- * Switches to specified vcpu, until a matching vcpu_put(), but assumes -- * vcpu mutex is already taken. -- */ --void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- vmx_vcpu_load_vmcs(vcpu, cpu); -- -- vmx_vcpu_pi_load(vcpu, cpu); -- -- vmx->host_pkru = read_pkru(); -- vmx->host_debugctlmsr = get_debugctlmsr(); --} -- --static void vmx_vcpu_pi_put(struct kvm_vcpu *vcpu) --{ -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- -- if (!kvm_arch_has_assigned_device(vcpu->kvm) || -- !irq_remapping_cap(IRQ_POSTING_CAP) || -- !kvm_vcpu_apicv_active(vcpu)) -- return; -- -- /* Set SN when the vCPU is preempted */ -- if (vcpu->preempted) -- pi_set_sn(pi_desc); --} -- --static void vmx_vcpu_put(struct kvm_vcpu *vcpu) --{ -- vmx_vcpu_pi_put(vcpu); -- -- vmx_prepare_switch_to_host(to_vmx(vcpu)); --} -- --static bool emulation_required(struct kvm_vcpu *vcpu) --{ -- return emulate_invalid_guest_state && !guest_state_valid(vcpu); --} -- --static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu); -- --unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long rflags, save_rflags; -- -- if (!kvm_register_is_available(vcpu, VCPU_EXREG_RFLAGS)) { -- kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS); -- rflags = vmcs_readl(GUEST_RFLAGS); -- if (vmx->rmode.vm86_active) { -- rflags &= RMODE_GUEST_OWNED_EFLAGS_BITS; -- save_rflags = vmx->rmode.save_rflags; -- rflags |= save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS; -- } -- vmx->rflags = rflags; -- } -- return vmx->rflags; --} -- --void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long old_rflags; -- -- if (enable_unrestricted_guest) { -- kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS); -- vmx->rflags = rflags; -- vmcs_writel(GUEST_RFLAGS, rflags); -- return; -- } -- -- old_rflags = vmx_get_rflags(vcpu); -- vmx->rflags = rflags; -- if (vmx->rmode.vm86_active) { -- vmx->rmode.save_rflags = rflags; -- rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; -- } -- vmcs_writel(GUEST_RFLAGS, rflags); -- -- if ((old_rflags ^ vmx->rflags) & X86_EFLAGS_VM) -- vmx->emulation_required = emulation_required(vcpu); --} -- --u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu) --{ -- u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); -- int ret = 0; -- -- if (interruptibility & GUEST_INTR_STATE_STI) -- ret |= KVM_X86_SHADOW_INT_STI; -- if (interruptibility & GUEST_INTR_STATE_MOV_SS) -- ret |= KVM_X86_SHADOW_INT_MOV_SS; -- -- return ret; --} -- --void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask) --{ -- u32 interruptibility_old = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); -- u32 interruptibility = interruptibility_old; -- -- interruptibility &= ~(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS); -- -- if (mask & KVM_X86_SHADOW_INT_MOV_SS) -- interruptibility |= GUEST_INTR_STATE_MOV_SS; -- else if (mask & KVM_X86_SHADOW_INT_STI) -- interruptibility |= GUEST_INTR_STATE_STI; -- -- if ((interruptibility != interruptibility_old)) -- vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility); --} -- --static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long value; -- -- /* -- * Any MSR write that attempts to change bits marked reserved will -- * case a #GP fault. -- */ -- if (data & vmx->pt_desc.ctl_bitmask) -- return 1; -- -- /* -- * Any attempt to modify IA32_RTIT_CTL while TraceEn is set will -- * result in a #GP unless the same write also clears TraceEn. -- */ -- if ((vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) && -- ((vmx->pt_desc.guest.ctl ^ data) & ~RTIT_CTL_TRACEEN)) -- return 1; -- -- /* -- * WRMSR to IA32_RTIT_CTL that sets TraceEn but clears this bit -- * and FabricEn would cause #GP, if -- * CPUID.(EAX=14H, ECX=0):ECX.SNGLRGNOUT[bit 2] = 0 -- */ -- if ((data & RTIT_CTL_TRACEEN) && !(data & RTIT_CTL_TOPA) && -- !(data & RTIT_CTL_FABRIC_EN) && -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_single_range_output)) -- return 1; -- -- /* -- * MTCFreq, CycThresh and PSBFreq encodings check, any MSR write that -- * utilize encodings marked reserved will casue a #GP fault. -- */ -- value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc_periods); -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc) && -- !test_bit((data & RTIT_CTL_MTC_RANGE) >> -- RTIT_CTL_MTC_RANGE_OFFSET, &value)) -- return 1; -- value = intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_cycle_thresholds); -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) && -- !test_bit((data & RTIT_CTL_CYC_THRESH) >> -- RTIT_CTL_CYC_THRESH_OFFSET, &value)) -- return 1; -- value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_periods); -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) && -- !test_bit((data & RTIT_CTL_PSB_FREQ) >> -- RTIT_CTL_PSB_FREQ_OFFSET, &value)) -- return 1; -- -- /* -- * If ADDRx_CFG is reserved or the encodings is >2 will -- * cause a #GP fault. -- */ -- value = (data & RTIT_CTL_ADDR0) >> RTIT_CTL_ADDR0_OFFSET; -- if ((value && (vmx->pt_desc.addr_range < 1)) || (value > 2)) -- return 1; -- value = (data & RTIT_CTL_ADDR1) >> RTIT_CTL_ADDR1_OFFSET; -- if ((value && (vmx->pt_desc.addr_range < 2)) || (value > 2)) -- return 1; -- value = (data & RTIT_CTL_ADDR2) >> RTIT_CTL_ADDR2_OFFSET; -- if ((value && (vmx->pt_desc.addr_range < 3)) || (value > 2)) -- return 1; -- value = (data & RTIT_CTL_ADDR3) >> RTIT_CTL_ADDR3_OFFSET; -- if ((value && (vmx->pt_desc.addr_range < 4)) || (value > 2)) -- return 1; -- -- return 0; --} -- --static int skip_emulated_instruction(struct kvm_vcpu *vcpu) --{ -- unsigned long rip; -- -- /* -- * Using VMCS.VM_EXIT_INSTRUCTION_LEN on EPT misconfig depends on -- * undefined behavior: Intel's SDM doesn't mandate the VMCS field be -- * set when EPT misconfig occurs. In practice, real hardware updates -- * VM_EXIT_INSTRUCTION_LEN on EPT misconfig, but other hypervisors -- * (namely Hyper-V) don't set it due to it being undefined behavior, -- * i.e. we end up advancing IP with some random value. -- */ -- if (!static_cpu_has(X86_FEATURE_HYPERVISOR) || -- to_vmx(vcpu)->exit_reason != EXIT_REASON_EPT_MISCONFIG) { -- rip = kvm_rip_read(vcpu); -- rip += vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -- kvm_rip_write(vcpu, rip); -- } else { -- if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP)) -- return 0; -- } -- -- /* skipping an emulated instruction also counts */ -- vmx_set_interrupt_shadow(vcpu, 0); -- -- return 1; --} -- --static void vmx_clear_hlt(struct kvm_vcpu *vcpu) --{ -- /* -- * Ensure that we clear the HLT state in the VMCS. We don't need to -- * explicitly skip the instruction because if the HLT state is set, -- * then the instruction is already executing and RIP has already been -- * advanced. -- */ -- if (kvm_hlt_in_guest(vcpu->kvm) && -- vmcs_read32(GUEST_ACTIVITY_STATE) == GUEST_ACTIVITY_HLT) -- vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE); --} -- --static void vmx_queue_exception(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned nr = vcpu->arch.exception.nr; -- bool has_error_code = vcpu->arch.exception.has_error_code; -- u32 error_code = vcpu->arch.exception.error_code; -- u32 intr_info = nr | INTR_INFO_VALID_MASK; -- -- kvm_deliver_exception_payload(vcpu); -- -- if (has_error_code) { -- vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code); -- intr_info |= INTR_INFO_DELIVER_CODE_MASK; -- } -- -- if (vmx->rmode.vm86_active) { -- int inc_eip = 0; -- if (kvm_exception_is_soft(nr)) -- inc_eip = vcpu->arch.event_exit_inst_len; -- kvm_inject_realmode_interrupt(vcpu, nr, inc_eip); -- return; -- } -- -- WARN_ON_ONCE(vmx->emulation_required); -- -- if (kvm_exception_is_soft(nr)) { -- vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, -- vmx->vcpu.arch.event_exit_inst_len); -- intr_info |= INTR_TYPE_SOFT_EXCEPTION; -- } else -- intr_info |= INTR_TYPE_HARD_EXCEPTION; -- -- vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info); -- -- vmx_clear_hlt(vcpu); --} -- --static bool vmx_rdtscp_supported(void) --{ -- return cpu_has_vmx_rdtscp(); --} -- --static bool vmx_invpcid_supported(void) --{ -- return cpu_has_vmx_invpcid(); --} -- --/* -- * Swap MSR entry in host/guest MSR entry array. -- */ --static void move_msr_up(struct vcpu_vmx *vmx, int from, int to) --{ -- struct shared_msr_entry tmp; -- -- tmp = vmx->guest_msrs[to]; -- vmx->guest_msrs[to] = vmx->guest_msrs[from]; -- vmx->guest_msrs[from] = tmp; --} -- --/* -- * Set up the vmcs to automatically save and restore system -- * msrs. Don't touch the 64-bit msrs if the guest is in legacy -- * mode, as fiddling with msrs is very expensive. -- */ --static void setup_msrs(struct vcpu_vmx *vmx) --{ -- int save_nmsrs, index; -- -- save_nmsrs = 0; --#ifdef CONFIG_X86_64 -- /* -- * The SYSCALL MSRs are only needed on long mode guests, and only -- * when EFER.SCE is set. -- */ -- if (is_long_mode(&vmx->vcpu) && (vmx->vcpu.arch.efer & EFER_SCE)) { -- index = __find_msr_index(vmx, MSR_STAR); -- if (index >= 0) -- move_msr_up(vmx, index, save_nmsrs++); -- index = __find_msr_index(vmx, MSR_LSTAR); -- if (index >= 0) -- move_msr_up(vmx, index, save_nmsrs++); -- index = __find_msr_index(vmx, MSR_SYSCALL_MASK); -- if (index >= 0) -- move_msr_up(vmx, index, save_nmsrs++); -- } --#endif -- index = __find_msr_index(vmx, MSR_EFER); -- if (index >= 0 && update_transition_efer(vmx, index)) -- move_msr_up(vmx, index, save_nmsrs++); -- index = __find_msr_index(vmx, MSR_TSC_AUX); -- if (index >= 0 && guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDTSCP)) -- move_msr_up(vmx, index, save_nmsrs++); -- index = __find_msr_index(vmx, MSR_IA32_TSX_CTRL); -- if (index >= 0) -- move_msr_up(vmx, index, save_nmsrs++); -- -- vmx->save_nmsrs = save_nmsrs; -- vmx->guest_msrs_ready = false; -- -- if (cpu_has_vmx_msr_bitmap()) -- vmx_update_msr_bitmap(&vmx->vcpu); --} -- --static u64 vmx_read_l1_tsc_offset(struct kvm_vcpu *vcpu) --{ -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- -- if (is_guest_mode(vcpu) && -- (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETTING)) -- return vcpu->arch.tsc_offset - vmcs12->tsc_offset; -- -- return vcpu->arch.tsc_offset; --} -- --static u64 vmx_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) --{ -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- u64 g_tsc_offset = 0; -- -- /* -- * We're here if L1 chose not to trap WRMSR to TSC. According -- * to the spec, this should set L1's TSC; The offset that L1 -- * set for L2 remains unchanged, and still needs to be added -- * to the newly set TSC to get L2's TSC. -- */ -- if (is_guest_mode(vcpu) && -- (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETTING)) -- g_tsc_offset = vmcs12->tsc_offset; -- -- trace_kvm_write_tsc_offset(vcpu->vcpu_id, -- vcpu->arch.tsc_offset - g_tsc_offset, -- offset); -- vmcs_write64(TSC_OFFSET, offset + g_tsc_offset); -- return offset + g_tsc_offset; --} -- --/* -- * nested_vmx_allowed() checks whether a guest should be allowed to use VMX -- * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for -- * all guests if the "nested" module option is off, and can also be disabled -- * for a single guest by disabling its VMX cpuid bit. -- */ --bool nested_vmx_allowed(struct kvm_vcpu *vcpu) --{ -- return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX); --} -- --static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, -- uint64_t val) --{ -- uint64_t valid_bits = to_vmx(vcpu)->msr_ia32_feature_control_valid_bits; -- -- return !(val & ~valid_bits); --} -- --static int vmx_get_msr_feature(struct kvm_msr_entry *msr) --{ -- switch (msr->index) { -- case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -- if (!nested) -- return 1; -- return vmx_get_vmx_msr(&vmcs_config.nested, msr->index, &msr->data); -- default: -- return 1; -- } --} -- --/* -- * Reads an msr value (of 'msr_index') into 'pdata'. -- * Returns 0 on success, non-0 otherwise. -- * Assumes vcpu_load() was already called. -- */ --static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct shared_msr_entry *msr; -- u32 index; -- -- switch (msr_info->index) { --#ifdef CONFIG_X86_64 -- case MSR_FS_BASE: -- msr_info->data = vmcs_readl(GUEST_FS_BASE); -- break; -- case MSR_GS_BASE: -- msr_info->data = vmcs_readl(GUEST_GS_BASE); -- break; -- case MSR_KERNEL_GS_BASE: -- msr_info->data = vmx_read_guest_kernel_gs_base(vmx); -- break; --#endif -- case MSR_EFER: -- return kvm_get_msr_common(vcpu, msr_info); -- case MSR_IA32_TSX_CTRL: -- if (!msr_info->host_initiated && -- !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR)) -- return 1; -- goto find_shared_msr; -- case MSR_IA32_UMWAIT_CONTROL: -- if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx)) -- return 1; -- -- msr_info->data = vmx->msr_ia32_umwait_control; -- break; -- case MSR_IA32_SPEC_CTRL: -- if (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -- return 1; -- -- msr_info->data = to_vmx(vcpu)->spec_ctrl; -- break; -- case MSR_IA32_SYSENTER_CS: -- msr_info->data = vmcs_read32(GUEST_SYSENTER_CS); -- break; -- case MSR_IA32_SYSENTER_EIP: -- msr_info->data = vmcs_readl(GUEST_SYSENTER_EIP); -- break; -- case MSR_IA32_SYSENTER_ESP: -- msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP); -- break; -- case MSR_IA32_BNDCFGS: -- if (!kvm_mpx_supported() || -- (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) -- return 1; -- msr_info->data = vmcs_read64(GUEST_BNDCFGS); -- break; -- case MSR_IA32_MCG_EXT_CTL: -- if (!msr_info->host_initiated && -- !(vmx->msr_ia32_feature_control & -- FEATURE_CONTROL_LMCE)) -- return 1; -- msr_info->data = vcpu->arch.mcg_ext_ctl; -- break; -- case MSR_IA32_FEATURE_CONTROL: -- msr_info->data = vmx->msr_ia32_feature_control; -- break; -- case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -- if (!nested_vmx_allowed(vcpu)) -- return 1; -- return vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, -- &msr_info->data); -- case MSR_IA32_RTIT_CTL: -- if (pt_mode != PT_MODE_HOST_GUEST) -- return 1; -- msr_info->data = vmx->pt_desc.guest.ctl; -- break; -- case MSR_IA32_RTIT_STATUS: -- if (pt_mode != PT_MODE_HOST_GUEST) -- return 1; -- msr_info->data = vmx->pt_desc.guest.status; -- break; -- case MSR_IA32_RTIT_CR3_MATCH: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_cr3_filtering)) -- return 1; -- msr_info->data = vmx->pt_desc.guest.cr3_match; -- break; -- case MSR_IA32_RTIT_OUTPUT_BASE: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (!intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_topa_output) && -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_single_range_output))) -- return 1; -- msr_info->data = vmx->pt_desc.guest.output_base; -- break; -- case MSR_IA32_RTIT_OUTPUT_MASK: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (!intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_topa_output) && -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_single_range_output))) -- return 1; -- msr_info->data = vmx->pt_desc.guest.output_mask; -- break; -- case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: -- index = msr_info->index - MSR_IA32_RTIT_ADDR0_A; -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_num_address_ranges))) -- return 1; -- if (is_noncanonical_address(data, vcpu)) -- return 1; -- if (index % 2) -- msr_info->data = vmx->pt_desc.guest.addr_b[index / 2]; -- else -- msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; -- break; -- case MSR_TSC_AUX: -- if (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) -- return 1; -- goto find_shared_msr; -- default: -- find_shared_msr: -- msr = find_msr_entry(vmx, msr_info->index); -- if (msr) { -- msr_info->data = msr->data; -- break; -- } -- return kvm_get_msr_common(vcpu, msr_info); -- } -- -- return 0; --} -- --/* -- * Writes msr value into the appropriate "register". -- * Returns 0 on success, non-0 otherwise. -- * Assumes vcpu_load() was already called. -- */ --static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct shared_msr_entry *msr; -- int ret = 0; -- u32 msr_index = msr_info->index; -- u64 data = msr_info->data; -- u32 index; -- -- switch (msr_index) { -- case MSR_EFER: -- ret = kvm_set_msr_common(vcpu, msr_info); -- break; --#ifdef CONFIG_X86_64 -- case MSR_FS_BASE: -- vmx_segment_cache_clear(vmx); -- vmcs_writel(GUEST_FS_BASE, data); -- break; -- case MSR_GS_BASE: -- vmx_segment_cache_clear(vmx); -- vmcs_writel(GUEST_GS_BASE, data); -- break; -- case MSR_KERNEL_GS_BASE: -- vmx_write_guest_kernel_gs_base(vmx, data); -- break; --#endif -- case MSR_IA32_SYSENTER_CS: -- if (is_guest_mode(vcpu)) -- get_vmcs12(vcpu)->guest_sysenter_cs = data; -- vmcs_write32(GUEST_SYSENTER_CS, data); -- break; -- case MSR_IA32_SYSENTER_EIP: -- if (is_guest_mode(vcpu)) -- get_vmcs12(vcpu)->guest_sysenter_eip = data; -- vmcs_writel(GUEST_SYSENTER_EIP, data); -- break; -- case MSR_IA32_SYSENTER_ESP: -- if (is_guest_mode(vcpu)) -- get_vmcs12(vcpu)->guest_sysenter_esp = data; -- vmcs_writel(GUEST_SYSENTER_ESP, data); -- break; -- case MSR_IA32_DEBUGCTLMSR: -- if (is_guest_mode(vcpu) && get_vmcs12(vcpu)->vm_exit_controls & -- VM_EXIT_SAVE_DEBUG_CONTROLS) -- get_vmcs12(vcpu)->guest_ia32_debugctl = data; -- -- ret = kvm_set_msr_common(vcpu, msr_info); -- break; -- -- case MSR_IA32_BNDCFGS: -- if (!kvm_mpx_supported() || -- (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) -- return 1; -- if (is_noncanonical_address(data & PAGE_MASK, vcpu) || -- (data & MSR_IA32_BNDCFGS_RSVD)) -- return 1; -- vmcs_write64(GUEST_BNDCFGS, data); -- break; -- case MSR_IA32_UMWAIT_CONTROL: -- if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx)) -- return 1; -- -- /* The reserved bit 1 and non-32 bit [63:32] should be zero */ -- if (data & (BIT_ULL(1) | GENMASK_ULL(63, 32))) -- return 1; -- -- vmx->msr_ia32_umwait_control = data; -- break; -- case MSR_IA32_SPEC_CTRL: -- if (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -- return 1; -- -- /* The STIBP bit doesn't fault even if it's not advertised */ -- if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD)) -- return 1; -- -- vmx->spec_ctrl = data; -- -- if (!data) -- break; -- -- /* -- * For non-nested: -- * When it's written (to non-zero) for the first time, pass -- * it through. -- * -- * For nested: -- * The handling of the MSR bitmap for L2 guests is done in -- * nested_vmx_prepare_msr_bitmap. We should not touch the -- * vmcs02.msr_bitmap here since it gets completely overwritten -- * in the merging. We update the vmcs01 here for L1 as well -- * since it will end up touching the MSR anyway now. -- */ -- vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, -- MSR_IA32_SPEC_CTRL, -- MSR_TYPE_RW); -- break; -- case MSR_IA32_TSX_CTRL: -- if (!msr_info->host_initiated && -- !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR)) -- return 1; -- if (data & ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR)) -- return 1; -- goto find_shared_msr; -- case MSR_IA32_PRED_CMD: -- if (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -- return 1; -- -- if (data & ~PRED_CMD_IBPB) -- return 1; -- -- if (!data) -- break; -- -- wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB); -- -- /* -- * For non-nested: -- * When it's written (to non-zero) for the first time, pass -- * it through. -- * -- * For nested: -- * The handling of the MSR bitmap for L2 guests is done in -- * nested_vmx_prepare_msr_bitmap. We should not touch the -- * vmcs02.msr_bitmap here since it gets completely overwritten -- * in the merging. -- */ -- vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD, -- MSR_TYPE_W); -- break; -- case MSR_IA32_CR_PAT: -- if (!kvm_pat_valid(data)) -- return 1; -- -- if (is_guest_mode(vcpu) && -- get_vmcs12(vcpu)->vm_exit_controls & VM_EXIT_SAVE_IA32_PAT) -- get_vmcs12(vcpu)->guest_ia32_pat = data; -- -- if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) { -- vmcs_write64(GUEST_IA32_PAT, data); -- vcpu->arch.pat = data; -- break; -- } -- ret = kvm_set_msr_common(vcpu, msr_info); -- break; -- case MSR_IA32_TSC_ADJUST: -- ret = kvm_set_msr_common(vcpu, msr_info); -- break; -- case MSR_IA32_MCG_EXT_CTL: -- if ((!msr_info->host_initiated && -- !(to_vmx(vcpu)->msr_ia32_feature_control & -- FEATURE_CONTROL_LMCE)) || -- (data & ~MCG_EXT_CTL_LMCE_EN)) -- return 1; -- vcpu->arch.mcg_ext_ctl = data; -- break; -- case MSR_IA32_FEATURE_CONTROL: -- if (!vmx_feature_control_msr_valid(vcpu, data) || -- (to_vmx(vcpu)->msr_ia32_feature_control & -- FEATURE_CONTROL_LOCKED && !msr_info->host_initiated)) -- return 1; -- vmx->msr_ia32_feature_control = data; -- if (msr_info->host_initiated && data == 0) -- vmx_leave_nested(vcpu); -- break; -- case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -- if (!msr_info->host_initiated) -- return 1; /* they are read-only */ -- if (!nested_vmx_allowed(vcpu)) -- return 1; -- return vmx_set_vmx_msr(vcpu, msr_index, data); -- case MSR_IA32_RTIT_CTL: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- vmx_rtit_ctl_check(vcpu, data) || -- vmx->nested.vmxon) -- return 1; -- vmcs_write64(GUEST_IA32_RTIT_CTL, data); -- vmx->pt_desc.guest.ctl = data; -- pt_update_intercept_for_msr(vmx); -- break; -- case MSR_IA32_RTIT_STATUS: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -- (data & MSR_IA32_RTIT_STATUS_MASK)) -- return 1; -- vmx->pt_desc.guest.status = data; -- break; -- case MSR_IA32_RTIT_CR3_MATCH: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_cr3_filtering)) -- return 1; -- vmx->pt_desc.guest.cr3_match = data; -- break; -- case MSR_IA32_RTIT_OUTPUT_BASE: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -- (!intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_topa_output) && -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_single_range_output)) || -- (data & MSR_IA32_RTIT_OUTPUT_BASE_MASK)) -- return 1; -- vmx->pt_desc.guest.output_base = data; -- break; -- case MSR_IA32_RTIT_OUTPUT_MASK: -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -- (!intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_topa_output) && -- !intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_single_range_output))) -- return 1; -- vmx->pt_desc.guest.output_mask = data; -- break; -- case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: -- index = msr_info->index - MSR_IA32_RTIT_ADDR0_A; -- if ((pt_mode != PT_MODE_HOST_GUEST) || -- (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) || -- (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_num_address_ranges))) -- return 1; -- if (is_noncanonical_address(data, vcpu)) -- return 1; -- if (index % 2) -- vmx->pt_desc.guest.addr_b[index / 2] = data; -- else -- vmx->pt_desc.guest.addr_a[index / 2] = data; -- break; -- case MSR_TSC_AUX: -- if (!msr_info->host_initiated && -- !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) -- return 1; -- /* Check reserved bit, higher 32 bits should be zero */ -- if ((data >> 32) != 0) -- return 1; -- goto find_shared_msr; -- -- default: -- find_shared_msr: -- msr = find_msr_entry(vmx, msr_index); -- if (msr) -- ret = vmx_set_guest_msr(vmx, msr, data); -- else -- ret = kvm_set_msr_common(vcpu, msr_info); -- } -- -- return ret; --} -- --static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) --{ -- kvm_register_mark_available(vcpu, reg); -- -- switch (reg) { -- case VCPU_REGS_RSP: -- vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP); -- break; -- case VCPU_REGS_RIP: -- vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP); -- break; -- case VCPU_EXREG_PDPTR: -- if (enable_ept) -- ept_save_pdptrs(vcpu); -- break; -- case VCPU_EXREG_CR3: -- if (enable_unrestricted_guest || (enable_ept && is_paging(vcpu))) -- vcpu->arch.cr3 = vmcs_readl(GUEST_CR3); -- break; -- default: -- WARN_ON_ONCE(1); -- break; -- } --} -- --static __init int cpu_has_kvm_support(void) --{ -- return cpu_has_vmx(); --} -- --static __init int vmx_disabled_by_bios(void) --{ -- u64 msr; -- -- rdmsrl(MSR_IA32_FEATURE_CONTROL, msr); -- if (msr & FEATURE_CONTROL_LOCKED) { -- /* launched w/ TXT and VMX disabled */ -- if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX) -- && tboot_enabled()) -- return 1; -- /* launched w/o TXT and VMX only enabled w/ TXT */ -- if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX) -- && (msr & FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX) -- && !tboot_enabled()) { -- printk(KERN_WARNING "kvm: disable TXT in the BIOS or " -- "activate TXT before enabling KVM\n"); -- return 1; -- } -- /* launched w/o TXT and VMX disabled */ -- if (!(msr & FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX) -- && !tboot_enabled()) -- return 1; -- } -- -- return 0; --} -- --static void kvm_cpu_vmxon(u64 addr) --{ -- cr4_set_bits(X86_CR4_VMXE); -- intel_pt_handle_vmx(1); -- -- asm volatile ("vmxon %0" : : "m"(addr)); --} -- --static int hardware_enable(void) --{ -- int cpu = raw_smp_processor_id(); -- u64 phys_addr = __pa(per_cpu(vmxarea, cpu)); -- u64 old, test_bits; -- -- if (cr4_read_shadow() & X86_CR4_VMXE) -- return -EBUSY; -- -- /* -- * This can happen if we hot-added a CPU but failed to allocate -- * VP assist page for it. -- */ -- if (static_branch_unlikely(&enable_evmcs) && -- !hv_get_vp_assist_page(cpu)) -- return -EFAULT; -- -- INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu)); -- INIT_LIST_HEAD(&per_cpu(blocked_vcpu_on_cpu, cpu)); -- spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); -- -- /* -- * Now we can enable the vmclear operation in kdump -- * since the loaded_vmcss_on_cpu list on this cpu -- * has been initialized. -- * -- * Though the cpu is not in VMX operation now, there -- * is no problem to enable the vmclear operation -- * for the loaded_vmcss_on_cpu list is empty! -- */ -- crash_enable_local_vmclear(cpu); -- -- rdmsrl(MSR_IA32_FEATURE_CONTROL, old); -- -- test_bits = FEATURE_CONTROL_LOCKED; -- test_bits |= FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; -- if (tboot_enabled()) -- test_bits |= FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX; -- -- if ((old & test_bits) != test_bits) { -- /* enable and lock */ -- wrmsrl(MSR_IA32_FEATURE_CONTROL, old | test_bits); -- } -- kvm_cpu_vmxon(phys_addr); -- if (enable_ept) -- ept_sync_global(); -- -- return 0; --} -- --static void vmclear_local_loaded_vmcss(void) --{ -- int cpu = raw_smp_processor_id(); -- struct loaded_vmcs *v, *n; -- -- list_for_each_entry_safe(v, n, &per_cpu(loaded_vmcss_on_cpu, cpu), -- loaded_vmcss_on_cpu_link) -- __loaded_vmcs_clear(v); --} -- -- --/* Just like cpu_vmxoff(), but with the __kvm_handle_fault_on_reboot() -- * tricks. -- */ --static void kvm_cpu_vmxoff(void) --{ -- asm volatile (__ex("vmxoff")); -- -- intel_pt_handle_vmx(0); -- cr4_clear_bits(X86_CR4_VMXE); --} -- --static void hardware_disable(void) --{ -- vmclear_local_loaded_vmcss(); -- kvm_cpu_vmxoff(); --} -- --static __init int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, -- u32 msr, u32 *result) --{ -- u32 vmx_msr_low, vmx_msr_high; -- u32 ctl = ctl_min | ctl_opt; -- -- rdmsr(msr, vmx_msr_low, vmx_msr_high); -- -- ctl &= vmx_msr_high; /* bit == 0 in high word ==> must be zero */ -- ctl |= vmx_msr_low; /* bit == 1 in low word ==> must be one */ -- -- /* Ensure minimum (required) set of control bits are supported. */ -- if (ctl_min & ~ctl) -- return -EIO; -- -- *result = ctl; -- return 0; --} -- --static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf, -- struct vmx_capability *vmx_cap) --{ -- u32 vmx_msr_low, vmx_msr_high; -- u32 min, opt, min2, opt2; -- u32 _pin_based_exec_control = 0; -- u32 _cpu_based_exec_control = 0; -- u32 _cpu_based_2nd_exec_control = 0; -- u32 _vmexit_control = 0; -- u32 _vmentry_control = 0; -- -- memset(vmcs_conf, 0, sizeof(*vmcs_conf)); -- min = CPU_BASED_HLT_EXITING | --#ifdef CONFIG_X86_64 -- CPU_BASED_CR8_LOAD_EXITING | -- CPU_BASED_CR8_STORE_EXITING | --#endif -- CPU_BASED_CR3_LOAD_EXITING | -- CPU_BASED_CR3_STORE_EXITING | -- CPU_BASED_UNCOND_IO_EXITING | -- CPU_BASED_MOV_DR_EXITING | -- CPU_BASED_USE_TSC_OFFSETTING | -- CPU_BASED_MWAIT_EXITING | -- CPU_BASED_MONITOR_EXITING | -- CPU_BASED_INVLPG_EXITING | -- CPU_BASED_RDPMC_EXITING; -- -- opt = CPU_BASED_TPR_SHADOW | -- CPU_BASED_USE_MSR_BITMAPS | -- CPU_BASED_ACTIVATE_SECONDARY_CONTROLS; -- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS, -- &_cpu_based_exec_control) < 0) -- return -EIO; --#ifdef CONFIG_X86_64 -- if ((_cpu_based_exec_control & CPU_BASED_TPR_SHADOW)) -- _cpu_based_exec_control &= ~CPU_BASED_CR8_LOAD_EXITING & -- ~CPU_BASED_CR8_STORE_EXITING; --#endif -- if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) { -- min2 = 0; -- opt2 = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -- SECONDARY_EXEC_WBINVD_EXITING | -- SECONDARY_EXEC_ENABLE_VPID | -- SECONDARY_EXEC_ENABLE_EPT | -- SECONDARY_EXEC_UNRESTRICTED_GUEST | -- SECONDARY_EXEC_PAUSE_LOOP_EXITING | -- SECONDARY_EXEC_DESC | -- SECONDARY_EXEC_RDTSCP | -- SECONDARY_EXEC_ENABLE_INVPCID | -- SECONDARY_EXEC_APIC_REGISTER_VIRT | -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | -- SECONDARY_EXEC_SHADOW_VMCS | -- SECONDARY_EXEC_XSAVES | -- SECONDARY_EXEC_RDSEED_EXITING | -- SECONDARY_EXEC_RDRAND_EXITING | -- SECONDARY_EXEC_ENABLE_PML | -- SECONDARY_EXEC_TSC_SCALING | -- SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE | -- SECONDARY_EXEC_PT_USE_GPA | -- SECONDARY_EXEC_PT_CONCEAL_VMX | -- SECONDARY_EXEC_ENABLE_VMFUNC | -- SECONDARY_EXEC_ENCLS_EXITING; -- if (adjust_vmx_controls(min2, opt2, -- MSR_IA32_VMX_PROCBASED_CTLS2, -- &_cpu_based_2nd_exec_control) < 0) -- return -EIO; -- } --#ifndef CONFIG_X86_64 -- if (!(_cpu_based_2nd_exec_control & -- SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) -- _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW; --#endif -- -- if (!(_cpu_based_exec_control & CPU_BASED_TPR_SHADOW)) -- _cpu_based_2nd_exec_control &= ~( -- SECONDARY_EXEC_APIC_REGISTER_VIRT | -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -- -- rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, -- &vmx_cap->ept, &vmx_cap->vpid); -- -- if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) { -- /* CR3 accesses and invlpg don't need to cause VM Exits when EPT -- enabled */ -- _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING | -- CPU_BASED_CR3_STORE_EXITING | -- CPU_BASED_INVLPG_EXITING); -- } else if (vmx_cap->ept) { -- vmx_cap->ept = 0; -- pr_warn_once("EPT CAP should not exist if not support " -- "1-setting enable EPT VM-execution control\n"); -- } -- if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_VPID) && -- vmx_cap->vpid) { -- vmx_cap->vpid = 0; -- pr_warn_once("VPID CAP should not exist if not support " -- "1-setting enable VPID VM-execution control\n"); -- } -- -- min = VM_EXIT_SAVE_DEBUG_CONTROLS | VM_EXIT_ACK_INTR_ON_EXIT; --#ifdef CONFIG_X86_64 -- min |= VM_EXIT_HOST_ADDR_SPACE_SIZE; --#endif -- opt = VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | -- VM_EXIT_LOAD_IA32_PAT | -- VM_EXIT_LOAD_IA32_EFER | -- VM_EXIT_CLEAR_BNDCFGS | -- VM_EXIT_PT_CONCEAL_PIP | -- VM_EXIT_CLEAR_IA32_RTIT_CTL; -- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_EXIT_CTLS, -- &_vmexit_control) < 0) -- return -EIO; -- -- min = PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING; -- opt = PIN_BASED_VIRTUAL_NMIS | PIN_BASED_POSTED_INTR | -- PIN_BASED_VMX_PREEMPTION_TIMER; -- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PINBASED_CTLS, -- &_pin_based_exec_control) < 0) -- return -EIO; -- -- if (cpu_has_broken_vmx_preemption_timer()) -- _pin_based_exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER; -- if (!(_cpu_based_2nd_exec_control & -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)) -- _pin_based_exec_control &= ~PIN_BASED_POSTED_INTR; -- -- min = VM_ENTRY_LOAD_DEBUG_CONTROLS; -- opt = VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | -- VM_ENTRY_LOAD_IA32_PAT | -- VM_ENTRY_LOAD_IA32_EFER | -- VM_ENTRY_LOAD_BNDCFGS | -- VM_ENTRY_PT_CONCEAL_PIP | -- VM_ENTRY_LOAD_IA32_RTIT_CTL; -- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_ENTRY_CTLS, -- &_vmentry_control) < 0) -- return -EIO; -- -- /* -- * Some cpus support VM_{ENTRY,EXIT}_IA32_PERF_GLOBAL_CTRL but they -- * can't be used due to an errata where VM Exit may incorrectly clear -- * IA32_PERF_GLOBAL_CTRL[34:32]. Workaround the errata by using the -- * MSR load mechanism to switch IA32_PERF_GLOBAL_CTRL. -- */ -- if (boot_cpu_data.x86 == 0x6) { -- switch (boot_cpu_data.x86_model) { -- case 26: /* AAK155 */ -- case 30: /* AAP115 */ -- case 37: /* AAT100 */ -- case 44: /* BC86,AAY89,BD102 */ -- case 46: /* BA97 */ -- _vmentry_control &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; -- _vmexit_control &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL; -- pr_warn_once("kvm: VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL " -- "does not work properly. Using workaround\n"); -- break; -- default: -- break; -- } -- } -- -- -- rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high); -- -- /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */ -- if ((vmx_msr_high & 0x1fff) > PAGE_SIZE) -- return -EIO; -- --#ifdef CONFIG_X86_64 -- /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */ -- if (vmx_msr_high & (1u<<16)) -- return -EIO; --#endif -- -- /* Require Write-Back (WB) memory type for VMCS accesses. */ -- if (((vmx_msr_high >> 18) & 15) != 6) -- return -EIO; -- -- vmcs_conf->size = vmx_msr_high & 0x1fff; -- vmcs_conf->order = get_order(vmcs_conf->size); -- vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff; -- -- vmcs_conf->revision_id = vmx_msr_low; -- -- vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control; -- vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; -- vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control; -- vmcs_conf->vmexit_ctrl = _vmexit_control; -- vmcs_conf->vmentry_ctrl = _vmentry_control; -- -- if (static_branch_unlikely(&enable_evmcs)) -- evmcs_sanitize_exec_ctrls(vmcs_conf); -- -- return 0; --} -- --struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags) --{ -- int node = cpu_to_node(cpu); -- struct page *pages; -- struct vmcs *vmcs; -- -- pages = __alloc_pages_node(node, flags, vmcs_config.order); -- if (!pages) -- return NULL; -- vmcs = page_address(pages); -- memset(vmcs, 0, vmcs_config.size); -- -- /* KVM supports Enlightened VMCS v1 only */ -- if (static_branch_unlikely(&enable_evmcs)) -- vmcs->hdr.revision_id = KVM_EVMCS_VERSION; -- else -- vmcs->hdr.revision_id = vmcs_config.revision_id; -- -- if (shadow) -- vmcs->hdr.shadow_vmcs = 1; -- return vmcs; --} -- --void free_vmcs(struct vmcs *vmcs) --{ -- free_pages((unsigned long)vmcs, vmcs_config.order); --} -- --/* -- * Free a VMCS, but before that VMCLEAR it on the CPU where it was last loaded -- */ --void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) --{ -- if (!loaded_vmcs->vmcs) -- return; -- loaded_vmcs_clear(loaded_vmcs); -- free_vmcs(loaded_vmcs->vmcs); -- loaded_vmcs->vmcs = NULL; -- if (loaded_vmcs->msr_bitmap) -- free_page((unsigned long)loaded_vmcs->msr_bitmap); -- WARN_ON(loaded_vmcs->shadow_vmcs != NULL); --} -- --int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) --{ -- loaded_vmcs->vmcs = alloc_vmcs(false); -- if (!loaded_vmcs->vmcs) -- return -ENOMEM; -- -- loaded_vmcs->shadow_vmcs = NULL; -- loaded_vmcs->hv_timer_soft_disabled = false; -- loaded_vmcs_init(loaded_vmcs); -- -- if (cpu_has_vmx_msr_bitmap()) { -- loaded_vmcs->msr_bitmap = (unsigned long *) -- __get_free_page(GFP_KERNEL_ACCOUNT); -- if (!loaded_vmcs->msr_bitmap) -- goto out_vmcs; -- memset(loaded_vmcs->msr_bitmap, 0xff, PAGE_SIZE); -- -- if (IS_ENABLED(CONFIG_HYPERV) && -- static_branch_unlikely(&enable_evmcs) && -- (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) { -- struct hv_enlightened_vmcs *evmcs = -- (struct hv_enlightened_vmcs *)loaded_vmcs->vmcs; -- -- evmcs->hv_enlightenments_control.msr_bitmap = 1; -- } -- } -- -- memset(&loaded_vmcs->host_state, 0, sizeof(struct vmcs_host_state)); -- memset(&loaded_vmcs->controls_shadow, 0, -- sizeof(struct vmcs_controls_shadow)); -- -- return 0; -- --out_vmcs: -- free_loaded_vmcs(loaded_vmcs); -- return -ENOMEM; --} -- --static void free_kvm_area(void) --{ -- int cpu; -- -- for_each_possible_cpu(cpu) { -- free_vmcs(per_cpu(vmxarea, cpu)); -- per_cpu(vmxarea, cpu) = NULL; -- } --} -- --static __init int alloc_kvm_area(void) --{ -- int cpu; -- -- for_each_possible_cpu(cpu) { -- struct vmcs *vmcs; -- -- vmcs = alloc_vmcs_cpu(false, cpu, GFP_KERNEL); -- if (!vmcs) { -- free_kvm_area(); -- return -ENOMEM; -- } -- -- /* -- * When eVMCS is enabled, alloc_vmcs_cpu() sets -- * vmcs->revision_id to KVM_EVMCS_VERSION instead of -- * revision_id reported by MSR_IA32_VMX_BASIC. -- * -- * However, even though not explicitly documented by -- * TLFS, VMXArea passed as VMXON argument should -- * still be marked with revision_id reported by -- * physical CPU. -- */ -- if (static_branch_unlikely(&enable_evmcs)) -- vmcs->hdr.revision_id = vmcs_config.revision_id; -- -- per_cpu(vmxarea, cpu) = vmcs; -- } -- return 0; --} -- --static void fix_pmode_seg(struct kvm_vcpu *vcpu, int seg, -- struct kvm_segment *save) --{ -- if (!emulate_invalid_guest_state) { -- /* -- * CS and SS RPL should be equal during guest entry according -- * to VMX spec, but in reality it is not always so. Since vcpu -- * is in the middle of the transition from real mode to -- * protected mode it is safe to assume that RPL 0 is a good -- * default value. -- */ -- if (seg == VCPU_SREG_CS || seg == VCPU_SREG_SS) -- save->selector &= ~SEGMENT_RPL_MASK; -- save->dpl = save->selector & SEGMENT_RPL_MASK; -- save->s = 1; -- } -- vmx_set_segment(vcpu, save, seg); --} -- --static void enter_pmode(struct kvm_vcpu *vcpu) --{ -- unsigned long flags; -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- /* -- * Update real mode segment cache. It may be not up-to-date if sement -- * register was written while vcpu was in a guest mode. -- */ -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS); -- -- vmx->rmode.vm86_active = 0; -- -- vmx_segment_cache_clear(vmx); -- -- vmx_set_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR); -- -- flags = vmcs_readl(GUEST_RFLAGS); -- flags &= RMODE_GUEST_OWNED_EFLAGS_BITS; -- flags |= vmx->rmode.save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS; -- vmcs_writel(GUEST_RFLAGS, flags); -- -- vmcs_writel(GUEST_CR4, (vmcs_readl(GUEST_CR4) & ~X86_CR4_VME) | -- (vmcs_readl(CR4_READ_SHADOW) & X86_CR4_VME)); -- -- update_exception_bitmap(vcpu); -- -- fix_pmode_seg(vcpu, VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]); -- fix_pmode_seg(vcpu, VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]); -- fix_pmode_seg(vcpu, VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]); -- fix_pmode_seg(vcpu, VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]); -- fix_pmode_seg(vcpu, VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]); -- fix_pmode_seg(vcpu, VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]); --} -- --static void fix_rmode_seg(int seg, struct kvm_segment *save) --{ -- const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -- struct kvm_segment var = *save; -- -- var.dpl = 0x3; -- if (seg == VCPU_SREG_CS) -- var.type = 0x3; -- -- if (!emulate_invalid_guest_state) { -- var.selector = var.base >> 4; -- var.base = var.base & 0xffff0; -- var.limit = 0xffff; -- var.g = 0; -- var.db = 0; -- var.present = 1; -- var.s = 1; -- var.l = 0; -- var.unusable = 0; -- var.type = 0x3; -- var.avl = 0; -- if (save->base & 0xf) -- printk_once(KERN_WARNING "kvm: segment base is not " -- "paragraph aligned when entering " -- "protected mode (seg=%d)", seg); -- } -- -- vmcs_write16(sf->selector, var.selector); -- vmcs_writel(sf->base, var.base); -- vmcs_write32(sf->limit, var.limit); -- vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(&var)); --} -- --static void enter_rmode(struct kvm_vcpu *vcpu) --{ -- unsigned long flags; -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct kvm_vmx *kvm_vmx = to_kvm_vmx(vcpu->kvm); -- -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS); -- vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS); -- -- vmx->rmode.vm86_active = 1; -- -- /* -- * Very old userspace does not call KVM_SET_TSS_ADDR before entering -- * vcpu. Warn the user that an update is overdue. -- */ -- if (!kvm_vmx->tss_addr) -- printk_once(KERN_WARNING "kvm: KVM_SET_TSS_ADDR need to be " -- "called before entering vcpu\n"); -- -- vmx_segment_cache_clear(vmx); -- -- vmcs_writel(GUEST_TR_BASE, kvm_vmx->tss_addr); -- vmcs_write32(GUEST_TR_LIMIT, RMODE_TSS_SIZE - 1); -- vmcs_write32(GUEST_TR_AR_BYTES, 0x008b); -- -- flags = vmcs_readl(GUEST_RFLAGS); -- vmx->rmode.save_rflags = flags; -- -- flags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; -- -- vmcs_writel(GUEST_RFLAGS, flags); -- vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME); -- update_exception_bitmap(vcpu); -- -- fix_rmode_seg(VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]); -- fix_rmode_seg(VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]); -- fix_rmode_seg(VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]); -- fix_rmode_seg(VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]); -- fix_rmode_seg(VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]); -- fix_rmode_seg(VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]); -- -- kvm_mmu_reset_context(vcpu); --} -- --void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct shared_msr_entry *msr = find_msr_entry(vmx, MSR_EFER); -- -- if (!msr) -- return; -- -- vcpu->arch.efer = efer; -- if (efer & EFER_LMA) { -- vm_entry_controls_setbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -- msr->data = efer; -- } else { -- vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -- -- msr->data = efer & ~EFER_LME; -- } -- setup_msrs(vmx); --} -- --#ifdef CONFIG_X86_64 -- --static void enter_lmode(struct kvm_vcpu *vcpu) --{ -- u32 guest_tr_ar; -- -- vmx_segment_cache_clear(to_vmx(vcpu)); -- -- guest_tr_ar = vmcs_read32(GUEST_TR_AR_BYTES); -- if ((guest_tr_ar & VMX_AR_TYPE_MASK) != VMX_AR_TYPE_BUSY_64_TSS) { -- pr_debug_ratelimited("%s: tss fixup for long mode. \n", -- __func__); -- vmcs_write32(GUEST_TR_AR_BYTES, -- (guest_tr_ar & ~VMX_AR_TYPE_MASK) -- | VMX_AR_TYPE_BUSY_64_TSS); -- } -- vmx_set_efer(vcpu, vcpu->arch.efer | EFER_LMA); --} -- --static void exit_lmode(struct kvm_vcpu *vcpu) --{ -- vm_entry_controls_clearbit(to_vmx(vcpu), VM_ENTRY_IA32E_MODE); -- vmx_set_efer(vcpu, vcpu->arch.efer & ~EFER_LMA); --} -- --#endif -- --static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr) --{ -- int vpid = to_vmx(vcpu)->vpid; -- -- if (!vpid_sync_vcpu_addr(vpid, addr)) -- vpid_sync_context(vpid); -- -- /* -- * If VPIDs are not supported or enabled, then the above is a no-op. -- * But we don't really need a TLB flush in that case anyway, because -- * each VM entry/exit includes an implicit flush when VPID is 0. -- */ --} -- --static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu) --{ -- ulong cr0_guest_owned_bits = vcpu->arch.cr0_guest_owned_bits; -- -- vcpu->arch.cr0 &= ~cr0_guest_owned_bits; -- vcpu->arch.cr0 |= vmcs_readl(GUEST_CR0) & cr0_guest_owned_bits; --} -- --static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu) --{ -- ulong cr4_guest_owned_bits = vcpu->arch.cr4_guest_owned_bits; -- -- vcpu->arch.cr4 &= ~cr4_guest_owned_bits; -- vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & cr4_guest_owned_bits; --} -- --static void ept_load_pdptrs(struct kvm_vcpu *vcpu) --{ -- struct kvm_mmu *mmu = vcpu->arch.walk_mmu; -- -- if (!kvm_register_is_dirty(vcpu, VCPU_EXREG_PDPTR)) -- return; -- -- if (is_pae_paging(vcpu)) { -- vmcs_write64(GUEST_PDPTR0, mmu->pdptrs[0]); -- vmcs_write64(GUEST_PDPTR1, mmu->pdptrs[1]); -- vmcs_write64(GUEST_PDPTR2, mmu->pdptrs[2]); -- vmcs_write64(GUEST_PDPTR3, mmu->pdptrs[3]); -- } --} -- --void ept_save_pdptrs(struct kvm_vcpu *vcpu) --{ -- struct kvm_mmu *mmu = vcpu->arch.walk_mmu; -- -- if (is_pae_paging(vcpu)) { -- mmu->pdptrs[0] = vmcs_read64(GUEST_PDPTR0); -- mmu->pdptrs[1] = vmcs_read64(GUEST_PDPTR1); -- mmu->pdptrs[2] = vmcs_read64(GUEST_PDPTR2); -- mmu->pdptrs[3] = vmcs_read64(GUEST_PDPTR3); -- } -- -- kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR); --} -- --static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, -- unsigned long cr0, -- struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3)) -- vmx_cache_reg(vcpu, VCPU_EXREG_CR3); -- if (!(cr0 & X86_CR0_PG)) { -- /* From paging/starting to nonpaging */ -- exec_controls_setbit(vmx, CPU_BASED_CR3_LOAD_EXITING | -- CPU_BASED_CR3_STORE_EXITING); -- vcpu->arch.cr0 = cr0; -- vmx_set_cr4(vcpu, kvm_read_cr4(vcpu)); -- } else if (!is_paging(vcpu)) { -- /* From nonpaging to paging */ -- exec_controls_clearbit(vmx, CPU_BASED_CR3_LOAD_EXITING | -- CPU_BASED_CR3_STORE_EXITING); -- vcpu->arch.cr0 = cr0; -- vmx_set_cr4(vcpu, kvm_read_cr4(vcpu)); -- } -- -- if (!(cr0 & X86_CR0_WP)) -- *hw_cr0 &= ~X86_CR0_WP; --} -- --void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long hw_cr0; -- -- hw_cr0 = (cr0 & ~KVM_VM_CR0_ALWAYS_OFF); -- if (enable_unrestricted_guest) -- hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST; -- else { -- hw_cr0 |= KVM_VM_CR0_ALWAYS_ON; -- -- if (vmx->rmode.vm86_active && (cr0 & X86_CR0_PE)) -- enter_pmode(vcpu); -- -- if (!vmx->rmode.vm86_active && !(cr0 & X86_CR0_PE)) -- enter_rmode(vcpu); -- } -- --#ifdef CONFIG_X86_64 -- if (vcpu->arch.efer & EFER_LME) { -- if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) -- enter_lmode(vcpu); -- if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) -- exit_lmode(vcpu); -- } --#endif -- -- if (enable_ept && !enable_unrestricted_guest) -- ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu); -- -- vmcs_writel(CR0_READ_SHADOW, cr0); -- vmcs_writel(GUEST_CR0, hw_cr0); -- vcpu->arch.cr0 = cr0; -- -- /* depends on vcpu->arch.cr0 to be set to a new value */ -- vmx->emulation_required = emulation_required(vcpu); --} -- --static int get_ept_level(struct kvm_vcpu *vcpu) --{ -- if (cpu_has_vmx_ept_5levels() && (cpuid_maxphyaddr(vcpu) > 48)) -- return 5; -- return 4; --} -- --u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa) --{ -- u64 eptp = VMX_EPTP_MT_WB; -- -- eptp |= (get_ept_level(vcpu) == 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4; -- -- if (enable_ept_ad_bits && -- (!is_guest_mode(vcpu) || nested_ept_ad_enabled(vcpu))) -- eptp |= VMX_EPTP_AD_ENABLE_BIT; -- eptp |= (root_hpa & PAGE_MASK); -- -- return eptp; --} -- --void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) --{ -- struct kvm *kvm = vcpu->kvm; -- bool update_guest_cr3 = true; -- unsigned long guest_cr3; -- u64 eptp; -- -- guest_cr3 = cr3; -- if (enable_ept) { -- eptp = construct_eptp(vcpu, cr3); -- vmcs_write64(EPT_POINTER, eptp); -- -- if (kvm_x86_ops->tlb_remote_flush) { -- spin_lock(&to_kvm_vmx(kvm)->ept_pointer_lock); -- to_vmx(vcpu)->ept_pointer = eptp; -- to_kvm_vmx(kvm)->ept_pointers_match -- = EPT_POINTERS_CHECK; -- spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); -- } -- -- /* Loading vmcs02.GUEST_CR3 is handled by nested VM-Enter. */ -- if (is_guest_mode(vcpu)) -- update_guest_cr3 = false; -- else if (!enable_unrestricted_guest && !is_paging(vcpu)) -- guest_cr3 = to_kvm_vmx(kvm)->ept_identity_map_addr; -- else if (test_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail)) -- guest_cr3 = vcpu->arch.cr3; -- else /* vmcs01.GUEST_CR3 is already up-to-date. */ -- update_guest_cr3 = false; -- ept_load_pdptrs(vcpu); -- } -- -- if (update_guest_cr3) -- vmcs_writel(GUEST_CR3, guest_cr3); --} -- --int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- /* -- * Pass through host's Machine Check Enable value to hw_cr4, which -- * is in force while we are in guest mode. Do not let guests control -- * this bit, even if host CR4.MCE == 0. -- */ -- unsigned long hw_cr4; -- -- hw_cr4 = (cr4_read_shadow() & X86_CR4_MCE) | (cr4 & ~X86_CR4_MCE); -- if (enable_unrestricted_guest) -- hw_cr4 |= KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST; -- else if (vmx->rmode.vm86_active) -- hw_cr4 |= KVM_RMODE_VM_CR4_ALWAYS_ON; -- else -- hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON; -- -- if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) { -- if (cr4 & X86_CR4_UMIP) { -- secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC); -- hw_cr4 &= ~X86_CR4_UMIP; -- } else if (!is_guest_mode(vcpu) || -- !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) { -- secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC); -- } -- } -- -- if (cr4 & X86_CR4_VMXE) { -- /* -- * To use VMXON (and later other VMX instructions), a guest -- * must first be able to turn on cr4.VMXE (see handle_vmon()). -- * So basically the check on whether to allow nested VMX -- * is here. We operate under the default treatment of SMM, -- * so VMX cannot be enabled under SMM. -- */ -- if (!nested_vmx_allowed(vcpu) || is_smm(vcpu)) -- return 1; -- } -- -- if (vmx->nested.vmxon && !nested_cr4_valid(vcpu, cr4)) -- return 1; -- -- vcpu->arch.cr4 = cr4; -- -- if (!enable_unrestricted_guest) { -- if (enable_ept) { -- if (!is_paging(vcpu)) { -- hw_cr4 &= ~X86_CR4_PAE; -- hw_cr4 |= X86_CR4_PSE; -- } else if (!(cr4 & X86_CR4_PAE)) { -- hw_cr4 &= ~X86_CR4_PAE; -- } -- } -- -- /* -- * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in -- * hardware. To emulate this behavior, SMEP/SMAP/PKU needs -- * to be manually disabled when guest switches to non-paging -- * mode. -- * -- * If !enable_unrestricted_guest, the CPU is always running -- * with CR0.PG=1 and CR4 needs to be modified. -- * If enable_unrestricted_guest, the CPU automatically -- * disables SMEP/SMAP/PKU when the guest sets CR0.PG=0. -- */ -- if (!is_paging(vcpu)) -- hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); -- } -- -- vmcs_writel(CR4_READ_SHADOW, cr4); -- vmcs_writel(GUEST_CR4, hw_cr4); -- return 0; --} -- --void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- u32 ar; -- -- if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) { -- *var = vmx->rmode.segs[seg]; -- if (seg == VCPU_SREG_TR -- || var->selector == vmx_read_guest_seg_selector(vmx, seg)) -- return; -- var->base = vmx_read_guest_seg_base(vmx, seg); -- var->selector = vmx_read_guest_seg_selector(vmx, seg); -- return; -- } -- var->base = vmx_read_guest_seg_base(vmx, seg); -- var->limit = vmx_read_guest_seg_limit(vmx, seg); -- var->selector = vmx_read_guest_seg_selector(vmx, seg); -- ar = vmx_read_guest_seg_ar(vmx, seg); -- var->unusable = (ar >> 16) & 1; -- var->type = ar & 15; -- var->s = (ar >> 4) & 1; -- var->dpl = (ar >> 5) & 3; -- /* -- * Some userspaces do not preserve unusable property. Since usable -- * segment has to be present according to VMX spec we can use present -- * property to amend userspace bug by making unusable segment always -- * nonpresent. vmx_segment_access_rights() already marks nonpresent -- * segment as unusable. -- */ -- var->present = !var->unusable; -- var->avl = (ar >> 12) & 1; -- var->l = (ar >> 13) & 1; -- var->db = (ar >> 14) & 1; -- var->g = (ar >> 15) & 1; --} -- --static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg) --{ -- struct kvm_segment s; -- -- if (to_vmx(vcpu)->rmode.vm86_active) { -- vmx_get_segment(vcpu, &s, seg); -- return s.base; -- } -- return vmx_read_guest_seg_base(to_vmx(vcpu), seg); --} -- --int vmx_get_cpl(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (unlikely(vmx->rmode.vm86_active)) -- return 0; -- else { -- int ar = vmx_read_guest_seg_ar(vmx, VCPU_SREG_SS); -- return VMX_AR_DPL(ar); -- } --} -- --static u32 vmx_segment_access_rights(struct kvm_segment *var) --{ -- u32 ar; -- -- if (var->unusable || !var->present) -- ar = 1 << 16; -- else { -- ar = var->type & 15; -- ar |= (var->s & 1) << 4; -- ar |= (var->dpl & 3) << 5; -- ar |= (var->present & 1) << 7; -- ar |= (var->avl & 1) << 12; -- ar |= (var->l & 1) << 13; -- ar |= (var->db & 1) << 14; -- ar |= (var->g & 1) << 15; -- } -- -- return ar; --} -- --void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -- -- vmx_segment_cache_clear(vmx); -- -- if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) { -- vmx->rmode.segs[seg] = *var; -- if (seg == VCPU_SREG_TR) -- vmcs_write16(sf->selector, var->selector); -- else if (var->s) -- fix_rmode_seg(seg, &vmx->rmode.segs[seg]); -- goto out; -- } -- -- vmcs_writel(sf->base, var->base); -- vmcs_write32(sf->limit, var->limit); -- vmcs_write16(sf->selector, var->selector); -- -- /* -- * Fix the "Accessed" bit in AR field of segment registers for older -- * qemu binaries. -- * IA32 arch specifies that at the time of processor reset the -- * "Accessed" bit in the AR field of segment registers is 1. And qemu -- * is setting it to 0 in the userland code. This causes invalid guest -- * state vmexit when "unrestricted guest" mode is turned on. -- * Fix for this setup issue in cpu_reset is being pushed in the qemu -- * tree. Newer qemu binaries with that qemu fix would not need this -- * kvm hack. -- */ -- if (enable_unrestricted_guest && (seg != VCPU_SREG_LDTR)) -- var->type |= 0x1; /* Accessed */ -- -- vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(var)); -- --out: -- vmx->emulation_required = emulation_required(vcpu); --} -- --static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l) --{ -- u32 ar = vmx_read_guest_seg_ar(to_vmx(vcpu), VCPU_SREG_CS); -- -- *db = (ar >> 14) & 1; -- *l = (ar >> 13) & 1; --} -- --static void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) --{ -- dt->size = vmcs_read32(GUEST_IDTR_LIMIT); -- dt->address = vmcs_readl(GUEST_IDTR_BASE); --} -- --static void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) --{ -- vmcs_write32(GUEST_IDTR_LIMIT, dt->size); -- vmcs_writel(GUEST_IDTR_BASE, dt->address); --} -- --static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) --{ -- dt->size = vmcs_read32(GUEST_GDTR_LIMIT); -- dt->address = vmcs_readl(GUEST_GDTR_BASE); --} -- --static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) --{ -- vmcs_write32(GUEST_GDTR_LIMIT, dt->size); -- vmcs_writel(GUEST_GDTR_BASE, dt->address); --} -- --static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg) --{ -- struct kvm_segment var; -- u32 ar; -- -- vmx_get_segment(vcpu, &var, seg); -- var.dpl = 0x3; -- if (seg == VCPU_SREG_CS) -- var.type = 0x3; -- ar = vmx_segment_access_rights(&var); -- -- if (var.base != (var.selector << 4)) -- return false; -- if (var.limit != 0xffff) -- return false; -- if (ar != 0xf3) -- return false; -- -- return true; --} -- --static bool code_segment_valid(struct kvm_vcpu *vcpu) --{ -- struct kvm_segment cs; -- unsigned int cs_rpl; -- -- vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); -- cs_rpl = cs.selector & SEGMENT_RPL_MASK; -- -- if (cs.unusable) -- return false; -- if (~cs.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_ACCESSES_MASK)) -- return false; -- if (!cs.s) -- return false; -- if (cs.type & VMX_AR_TYPE_WRITEABLE_MASK) { -- if (cs.dpl > cs_rpl) -- return false; -- } else { -- if (cs.dpl != cs_rpl) -- return false; -- } -- if (!cs.present) -- return false; -- -- /* TODO: Add Reserved field check, this'll require a new member in the kvm_segment_field structure */ -- return true; --} -- --static bool stack_segment_valid(struct kvm_vcpu *vcpu) --{ -- struct kvm_segment ss; -- unsigned int ss_rpl; -- -- vmx_get_segment(vcpu, &ss, VCPU_SREG_SS); -- ss_rpl = ss.selector & SEGMENT_RPL_MASK; -- -- if (ss.unusable) -- return true; -- if (ss.type != 3 && ss.type != 7) -- return false; -- if (!ss.s) -- return false; -- if (ss.dpl != ss_rpl) /* DPL != RPL */ -- return false; -- if (!ss.present) -- return false; -- -- return true; --} -- --static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg) --{ -- struct kvm_segment var; -- unsigned int rpl; -- -- vmx_get_segment(vcpu, &var, seg); -- rpl = var.selector & SEGMENT_RPL_MASK; -- -- if (var.unusable) -- return true; -- if (!var.s) -- return false; -- if (!var.present) -- return false; -- if (~var.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_WRITEABLE_MASK)) { -- if (var.dpl < rpl) /* DPL < RPL */ -- return false; -- } -- -- /* TODO: Add other members to kvm_segment_field to allow checking for other access -- * rights flags -- */ -- return true; --} -- --static bool tr_valid(struct kvm_vcpu *vcpu) --{ -- struct kvm_segment tr; -- -- vmx_get_segment(vcpu, &tr, VCPU_SREG_TR); -- -- if (tr.unusable) -- return false; -- if (tr.selector & SEGMENT_TI_MASK) /* TI = 1 */ -- return false; -- if (tr.type != 3 && tr.type != 11) /* TODO: Check if guest is in IA32e mode */ -- return false; -- if (!tr.present) -- return false; -- -- return true; --} -- --static bool ldtr_valid(struct kvm_vcpu *vcpu) --{ -- struct kvm_segment ldtr; -- -- vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR); -- -- if (ldtr.unusable) -- return true; -- if (ldtr.selector & SEGMENT_TI_MASK) /* TI = 1 */ -- return false; -- if (ldtr.type != 2) -- return false; -- if (!ldtr.present) -- return false; -- -- return true; --} -- --static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu) --{ -- struct kvm_segment cs, ss; -- -- vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); -- vmx_get_segment(vcpu, &ss, VCPU_SREG_SS); -- -- return ((cs.selector & SEGMENT_RPL_MASK) == -- (ss.selector & SEGMENT_RPL_MASK)); --} -- --/* -- * Check if guest state is valid. Returns true if valid, false if -- * not. -- * We assume that registers are always usable -- */ --static bool guest_state_valid(struct kvm_vcpu *vcpu) --{ -- if (enable_unrestricted_guest) -- return true; -- -- /* real mode guest state checks */ -- if (!is_protmode(vcpu) || (vmx_get_rflags(vcpu) & X86_EFLAGS_VM)) { -- if (!rmode_segment_valid(vcpu, VCPU_SREG_CS)) -- return false; -- if (!rmode_segment_valid(vcpu, VCPU_SREG_SS)) -- return false; -- if (!rmode_segment_valid(vcpu, VCPU_SREG_DS)) -- return false; -- if (!rmode_segment_valid(vcpu, VCPU_SREG_ES)) -- return false; -- if (!rmode_segment_valid(vcpu, VCPU_SREG_FS)) -- return false; -- if (!rmode_segment_valid(vcpu, VCPU_SREG_GS)) -- return false; -- } else { -- /* protected mode guest state checks */ -- if (!cs_ss_rpl_check(vcpu)) -- return false; -- if (!code_segment_valid(vcpu)) -- return false; -- if (!stack_segment_valid(vcpu)) -- return false; -- if (!data_segment_valid(vcpu, VCPU_SREG_DS)) -- return false; -- if (!data_segment_valid(vcpu, VCPU_SREG_ES)) -- return false; -- if (!data_segment_valid(vcpu, VCPU_SREG_FS)) -- return false; -- if (!data_segment_valid(vcpu, VCPU_SREG_GS)) -- return false; -- if (!tr_valid(vcpu)) -- return false; -- if (!ldtr_valid(vcpu)) -- return false; -- } -- /* TODO: -- * - Add checks on RIP -- * - Add checks on RFLAGS -- */ -- -- return true; --} -- --static int init_rmode_tss(struct kvm *kvm) --{ -- gfn_t fn; -- u16 data = 0; -- int idx, r; -- -- idx = srcu_read_lock(&kvm->srcu); -- fn = to_kvm_vmx(kvm)->tss_addr >> PAGE_SHIFT; -- r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); -- if (r < 0) -- goto out; -- data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE; -- r = kvm_write_guest_page(kvm, fn++, &data, -- TSS_IOPB_BASE_OFFSET, sizeof(u16)); -- if (r < 0) -- goto out; -- r = kvm_clear_guest_page(kvm, fn++, 0, PAGE_SIZE); -- if (r < 0) -- goto out; -- r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); -- if (r < 0) -- goto out; -- data = ~0; -- r = kvm_write_guest_page(kvm, fn, &data, -- RMODE_TSS_SIZE - 2 * PAGE_SIZE - 1, -- sizeof(u8)); --out: -- srcu_read_unlock(&kvm->srcu, idx); -- return r; --} -- --static int init_rmode_identity_map(struct kvm *kvm) --{ -- struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm); -- int i, idx, r = 0; -- kvm_pfn_t identity_map_pfn; -- u32 tmp; -- -- /* Protect kvm_vmx->ept_identity_pagetable_done. */ -- mutex_lock(&kvm->slots_lock); -- -- if (likely(kvm_vmx->ept_identity_pagetable_done)) -- goto out2; -- -- if (!kvm_vmx->ept_identity_map_addr) -- kvm_vmx->ept_identity_map_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR; -- identity_map_pfn = kvm_vmx->ept_identity_map_addr >> PAGE_SHIFT; -- -- r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, -- kvm_vmx->ept_identity_map_addr, PAGE_SIZE); -- if (r < 0) -- goto out2; -- -- idx = srcu_read_lock(&kvm->srcu); -- r = kvm_clear_guest_page(kvm, identity_map_pfn, 0, PAGE_SIZE); -- if (r < 0) -- goto out; -- /* Set up identity-mapping pagetable for EPT in real mode */ -- for (i = 0; i < PT32_ENT_PER_PAGE; i++) { -- tmp = (i << 22) + (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | -- _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE); -- r = kvm_write_guest_page(kvm, identity_map_pfn, -- &tmp, i * sizeof(tmp), sizeof(tmp)); -- if (r < 0) -- goto out; -- } -- kvm_vmx->ept_identity_pagetable_done = true; -- --out: -- srcu_read_unlock(&kvm->srcu, idx); -- --out2: -- mutex_unlock(&kvm->slots_lock); -- return r; --} -- --static void seg_setup(int seg) --{ -- const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; -- unsigned int ar; -- -- vmcs_write16(sf->selector, 0); -- vmcs_writel(sf->base, 0); -- vmcs_write32(sf->limit, 0xffff); -- ar = 0x93; -- if (seg == VCPU_SREG_CS) -- ar |= 0x08; /* code segment */ -- -- vmcs_write32(sf->ar_bytes, ar); --} -- --static int alloc_apic_access_page(struct kvm *kvm) --{ -- struct page *page; -- int r = 0; -- -- mutex_lock(&kvm->slots_lock); -- if (kvm->arch.apic_access_page_done) -- goto out; -- r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, -- APIC_DEFAULT_PHYS_BASE, PAGE_SIZE); -- if (r) -- goto out; -- -- page = gfn_to_page(kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT); -- if (is_error_page(page)) { -- r = -EFAULT; -- goto out; -- } -- -- /* -- * Do not pin the page in memory, so that memory hot-unplug -- * is able to migrate it. -- */ -- put_page(page); -- kvm->arch.apic_access_page_done = true; --out: -- mutex_unlock(&kvm->slots_lock); -- return r; --} -- --int allocate_vpid(void) --{ -- int vpid; -- -- if (!enable_vpid) -- return 0; -- spin_lock(&vmx_vpid_lock); -- vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS); -- if (vpid < VMX_NR_VPIDS) -- __set_bit(vpid, vmx_vpid_bitmap); -- else -- vpid = 0; -- spin_unlock(&vmx_vpid_lock); -- return vpid; --} -- --void free_vpid(int vpid) --{ -- if (!enable_vpid || vpid == 0) -- return; -- spin_lock(&vmx_vpid_lock); -- __clear_bit(vpid, vmx_vpid_bitmap); -- spin_unlock(&vmx_vpid_lock); --} -- --static __always_inline void vmx_disable_intercept_for_msr(unsigned long *msr_bitmap, -- u32 msr, int type) --{ -- int f = sizeof(unsigned long); -- -- if (!cpu_has_vmx_msr_bitmap()) -- return; -- -- if (static_branch_unlikely(&enable_evmcs)) -- evmcs_touch_msr_bitmap(); -- -- /* -- * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals -- * have the write-low and read-high bitmap offsets the wrong way round. -- * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff. -- */ -- if (msr <= 0x1fff) { -- if (type & MSR_TYPE_R) -- /* read-low */ -- __clear_bit(msr, msr_bitmap + 0x000 / f); -- -- if (type & MSR_TYPE_W) -- /* write-low */ -- __clear_bit(msr, msr_bitmap + 0x800 / f); -- -- } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -- msr &= 0x1fff; -- if (type & MSR_TYPE_R) -- /* read-high */ -- __clear_bit(msr, msr_bitmap + 0x400 / f); -- -- if (type & MSR_TYPE_W) -- /* write-high */ -- __clear_bit(msr, msr_bitmap + 0xc00 / f); -- -- } --} -- --static __always_inline void vmx_enable_intercept_for_msr(unsigned long *msr_bitmap, -- u32 msr, int type) --{ -- int f = sizeof(unsigned long); -- -- if (!cpu_has_vmx_msr_bitmap()) -- return; -- -- if (static_branch_unlikely(&enable_evmcs)) -- evmcs_touch_msr_bitmap(); -- -- /* -- * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals -- * have the write-low and read-high bitmap offsets the wrong way round. -- * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff. -- */ -- if (msr <= 0x1fff) { -- if (type & MSR_TYPE_R) -- /* read-low */ -- __set_bit(msr, msr_bitmap + 0x000 / f); -- -- if (type & MSR_TYPE_W) -- /* write-low */ -- __set_bit(msr, msr_bitmap + 0x800 / f); -- -- } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { -- msr &= 0x1fff; -- if (type & MSR_TYPE_R) -- /* read-high */ -- __set_bit(msr, msr_bitmap + 0x400 / f); -- -- if (type & MSR_TYPE_W) -- /* write-high */ -- __set_bit(msr, msr_bitmap + 0xc00 / f); -- -- } --} -- --static __always_inline void vmx_set_intercept_for_msr(unsigned long *msr_bitmap, -- u32 msr, int type, bool value) --{ -- if (value) -- vmx_enable_intercept_for_msr(msr_bitmap, msr, type); -- else -- vmx_disable_intercept_for_msr(msr_bitmap, msr, type); --} -- --static u8 vmx_msr_bitmap_mode(struct kvm_vcpu *vcpu) --{ -- u8 mode = 0; -- -- if (cpu_has_secondary_exec_ctrls() && -- (secondary_exec_controls_get(to_vmx(vcpu)) & -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) { -- mode |= MSR_BITMAP_MODE_X2APIC; -- if (enable_apicv && kvm_vcpu_apicv_active(vcpu)) -- mode |= MSR_BITMAP_MODE_X2APIC_APICV; -- } -- -- return mode; --} -- --static void vmx_update_msr_bitmap_x2apic(unsigned long *msr_bitmap, -- u8 mode) --{ -- int msr; -- -- for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -- unsigned word = msr / BITS_PER_LONG; -- msr_bitmap[word] = (mode & MSR_BITMAP_MODE_X2APIC_APICV) ? 0 : ~0; -- msr_bitmap[word + (0x800 / sizeof(long))] = ~0; -- } -- -- if (mode & MSR_BITMAP_MODE_X2APIC) { -- /* -- * TPR reads and writes can be virtualized even if virtual interrupt -- * delivery is not in use. -- */ -- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TASKPRI), MSR_TYPE_RW); -- if (mode & MSR_BITMAP_MODE_X2APIC_APICV) { -- vmx_enable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_R); -- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_EOI), MSR_TYPE_W); -- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W); -- } -- } --} -- --void vmx_update_msr_bitmap(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap; -- u8 mode = vmx_msr_bitmap_mode(vcpu); -- u8 changed = mode ^ vmx->msr_bitmap_mode; -- -- if (!changed) -- return; -- -- if (changed & (MSR_BITMAP_MODE_X2APIC | MSR_BITMAP_MODE_X2APIC_APICV)) -- vmx_update_msr_bitmap_x2apic(msr_bitmap, mode); -- -- vmx->msr_bitmap_mode = mode; --} -- --void pt_update_intercept_for_msr(struct vcpu_vmx *vmx) --{ -- unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap; -- bool flag = !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN); -- u32 i; -- -- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_STATUS, -- MSR_TYPE_RW, flag); -- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_BASE, -- MSR_TYPE_RW, flag); -- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_MASK, -- MSR_TYPE_RW, flag); -- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_CR3_MATCH, -- MSR_TYPE_RW, flag); -- for (i = 0; i < vmx->pt_desc.addr_range; i++) { -- vmx_set_intercept_for_msr(msr_bitmap, -- MSR_IA32_RTIT_ADDR0_A + i * 2, MSR_TYPE_RW, flag); -- vmx_set_intercept_for_msr(msr_bitmap, -- MSR_IA32_RTIT_ADDR0_B + i * 2, MSR_TYPE_RW, flag); -- } --} -- --static bool vmx_get_enable_apicv(struct kvm *kvm) --{ -- return enable_apicv; --} -- --static bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- void *vapic_page; -- u32 vppr; -- int rvi; -- -- if (WARN_ON_ONCE(!is_guest_mode(vcpu)) || -- !nested_cpu_has_vid(get_vmcs12(vcpu)) || -- WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn)) -- return false; -- -- rvi = vmx_get_rvi(); -- -- vapic_page = vmx->nested.virtual_apic_map.hva; -- vppr = *((u32 *)(vapic_page + APIC_PROCPRI)); -- -- return ((rvi & 0xf0) > (vppr & 0xf0)); --} -- --static inline bool kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu, -- bool nested) --{ --#ifdef CONFIG_SMP -- int pi_vec = nested ? POSTED_INTR_NESTED_VECTOR : POSTED_INTR_VECTOR; -- -- if (vcpu->mode == IN_GUEST_MODE) { -- /* -- * The vector of interrupt to be delivered to vcpu had -- * been set in PIR before this function. -- * -- * Following cases will be reached in this block, and -- * we always send a notification event in all cases as -- * explained below. -- * -- * Case 1: vcpu keeps in non-root mode. Sending a -- * notification event posts the interrupt to vcpu. -- * -- * Case 2: vcpu exits to root mode and is still -- * runnable. PIR will be synced to vIRR before the -- * next vcpu entry. Sending a notification event in -- * this case has no effect, as vcpu is not in root -- * mode. -- * -- * Case 3: vcpu exits to root mode and is blocked. -- * vcpu_block() has already synced PIR to vIRR and -- * never blocks vcpu if vIRR is not cleared. Therefore, -- * a blocked vcpu here does not wait for any requested -- * interrupts in PIR, and sending a notification event -- * which has no effect is safe here. -- */ -- -- apic->send_IPI_mask(get_cpu_mask(vcpu->cpu), pi_vec); -- return true; -- } --#endif -- return false; --} -- --static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, -- int vector) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (is_guest_mode(vcpu) && -- vector == vmx->nested.posted_intr_nv) { -- /* -- * If a posted intr is not recognized by hardware, -- * we will accomplish it in the next vmentry. -- */ -- vmx->nested.pi_pending = true; -- kvm_make_request(KVM_REQ_EVENT, vcpu); -- /* the PIR and ON have been set by L1. */ -- if (!kvm_vcpu_trigger_posted_interrupt(vcpu, true)) -- kvm_vcpu_kick(vcpu); -- return 0; -- } -- return -1; --} --/* -- * Send interrupt to vcpu via posted interrupt way. -- * 1. If target vcpu is running(non-root mode), send posted interrupt -- * notification to vcpu and hardware will sync PIR to vIRR atomically. -- * 2. If target vcpu isn't running(root mode), kick it to pick up the -- * interrupt from PIR in next vmentry. -- */ --static void vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- int r; -- -- r = vmx_deliver_nested_posted_interrupt(vcpu, vector); -- if (!r) -- return; -- -- if (pi_test_and_set_pir(vector, &vmx->pi_desc)) -- return; -- -- /* If a previous notification has sent the IPI, nothing to do. */ -- if (pi_test_and_set_on(&vmx->pi_desc)) -- return; -- -- if (!kvm_vcpu_trigger_posted_interrupt(vcpu, false)) -- kvm_vcpu_kick(vcpu); --} -- --/* -- * Set up the vmcs's constant host-state fields, i.e., host-state fields that -- * will not change in the lifetime of the guest. -- * Note that host-state that does change is set elsewhere. E.g., host-state -- * that is set differently for each CPU is set in vmx_vcpu_load(), not here. -- */ --void vmx_set_constant_host_state(struct vcpu_vmx *vmx) --{ -- u32 low32, high32; -- unsigned long tmpl; -- unsigned long cr0, cr3, cr4; -- -- cr0 = read_cr0(); -- WARN_ON(cr0 & X86_CR0_TS); -- vmcs_writel(HOST_CR0, cr0); /* 22.2.3 */ -- -- /* -- * Save the most likely value for this task's CR3 in the VMCS. -- * We can't use __get_current_cr3_fast() because we're not atomic. -- */ -- cr3 = __read_cr3(); -- vmcs_writel(HOST_CR3, cr3); /* 22.2.3 FIXME: shadow tables */ -- vmx->loaded_vmcs->host_state.cr3 = cr3; -- -- /* Save the most likely value for this task's CR4 in the VMCS. */ -- cr4 = cr4_read_shadow(); -- vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ -- vmx->loaded_vmcs->host_state.cr4 = cr4; -- -- vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ --#ifdef CONFIG_X86_64 -- /* -- * Load null selectors, so we can avoid reloading them in -- * vmx_prepare_switch_to_host(), in case userspace uses -- * the null selectors too (the expected case). -- */ -- vmcs_write16(HOST_DS_SELECTOR, 0); -- vmcs_write16(HOST_ES_SELECTOR, 0); --#else -- vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -- vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); /* 22.2.4 */ --#endif -- vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -- vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); /* 22.2.4 */ -- -- vmcs_writel(HOST_IDTR_BASE, host_idt_base); /* 22.2.4 */ -- -- vmcs_writel(HOST_RIP, (unsigned long)vmx_vmexit); /* 22.2.5 */ -- -- rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); -- vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -- rdmsrl(MSR_IA32_SYSENTER_EIP, tmpl); -- vmcs_writel(HOST_IA32_SYSENTER_EIP, tmpl); /* 22.2.3 */ -- -- if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) { -- rdmsr(MSR_IA32_CR_PAT, low32, high32); -- vmcs_write64(HOST_IA32_PAT, low32 | ((u64) high32 << 32)); -- } -- -- if (cpu_has_load_ia32_efer()) -- vmcs_write64(HOST_IA32_EFER, host_efer); --} -- --void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) --{ -- vmx->vcpu.arch.cr4_guest_owned_bits = KVM_CR4_GUEST_OWNED_BITS; -- if (enable_ept) -- vmx->vcpu.arch.cr4_guest_owned_bits |= X86_CR4_PGE; -- if (is_guest_mode(&vmx->vcpu)) -- vmx->vcpu.arch.cr4_guest_owned_bits &= -- ~get_vmcs12(&vmx->vcpu)->cr4_guest_host_mask; -- vmcs_writel(CR4_GUEST_HOST_MASK, ~vmx->vcpu.arch.cr4_guest_owned_bits); --} -- --u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx) --{ -- u32 pin_based_exec_ctrl = vmcs_config.pin_based_exec_ctrl; -- -- if (!kvm_vcpu_apicv_active(&vmx->vcpu)) -- pin_based_exec_ctrl &= ~PIN_BASED_POSTED_INTR; -- -- if (!enable_vnmi) -- pin_based_exec_ctrl &= ~PIN_BASED_VIRTUAL_NMIS; -- -- if (!enable_preemption_timer) -- pin_based_exec_ctrl &= ~PIN_BASED_VMX_PREEMPTION_TIMER; -- -- return pin_based_exec_ctrl; --} -- --static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx)); -- if (cpu_has_secondary_exec_ctrls()) { -- if (kvm_vcpu_apicv_active(vcpu)) -- secondary_exec_controls_setbit(vmx, -- SECONDARY_EXEC_APIC_REGISTER_VIRT | -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -- else -- secondary_exec_controls_clearbit(vmx, -- SECONDARY_EXEC_APIC_REGISTER_VIRT | -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -- } -- -- if (cpu_has_vmx_msr_bitmap()) -- vmx_update_msr_bitmap(vcpu); --} -- --u32 vmx_exec_control(struct vcpu_vmx *vmx) --{ -- u32 exec_control = vmcs_config.cpu_based_exec_ctrl; -- -- if (vmx->vcpu.arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT) -- exec_control &= ~CPU_BASED_MOV_DR_EXITING; -- -- if (!cpu_need_tpr_shadow(&vmx->vcpu)) { -- exec_control &= ~CPU_BASED_TPR_SHADOW; --#ifdef CONFIG_X86_64 -- exec_control |= CPU_BASED_CR8_STORE_EXITING | -- CPU_BASED_CR8_LOAD_EXITING; --#endif -- } -- if (!enable_ept) -- exec_control |= CPU_BASED_CR3_STORE_EXITING | -- CPU_BASED_CR3_LOAD_EXITING | -- CPU_BASED_INVLPG_EXITING; -- if (kvm_mwait_in_guest(vmx->vcpu.kvm)) -- exec_control &= ~(CPU_BASED_MWAIT_EXITING | -- CPU_BASED_MONITOR_EXITING); -- if (kvm_hlt_in_guest(vmx->vcpu.kvm)) -- exec_control &= ~CPU_BASED_HLT_EXITING; -- return exec_control; --} -- -- --static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) --{ -- struct kvm_vcpu *vcpu = &vmx->vcpu; -- -- u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl; -- -- if (pt_mode == PT_MODE_SYSTEM) -- exec_control &= ~(SECONDARY_EXEC_PT_USE_GPA | SECONDARY_EXEC_PT_CONCEAL_VMX); -- if (!cpu_need_virtualize_apic_accesses(vcpu)) -- exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; -- if (vmx->vpid == 0) -- exec_control &= ~SECONDARY_EXEC_ENABLE_VPID; -- if (!enable_ept) { -- exec_control &= ~SECONDARY_EXEC_ENABLE_EPT; -- enable_unrestricted_guest = 0; -- } -- if (!enable_unrestricted_guest) -- exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST; -- if (kvm_pause_in_guest(vmx->vcpu.kvm)) -- exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING; -- if (!kvm_vcpu_apicv_active(vcpu)) -- exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT | -- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); -- exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; -- -- /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP, -- * in vmx_set_cr4. */ -- exec_control &= ~SECONDARY_EXEC_DESC; -- -- /* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD -- (handle_vmptrld). -- We can NOT enable shadow_vmcs here because we don't have yet -- a current VMCS12 -- */ -- exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS; -- -- if (!enable_pml) -- exec_control &= ~SECONDARY_EXEC_ENABLE_PML; -- -- if (vmx_xsaves_supported()) { -- /* Exposing XSAVES only when XSAVE is exposed */ -- bool xsaves_enabled = -- guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && -- guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); -- -- vcpu->arch.xsaves_enabled = xsaves_enabled; -- -- if (!xsaves_enabled) -- exec_control &= ~SECONDARY_EXEC_XSAVES; -- -- if (nested) { -- if (xsaves_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_XSAVES; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_XSAVES; -- } -- } -- -- if (vmx_rdtscp_supported()) { -- bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP); -- if (!rdtscp_enabled) -- exec_control &= ~SECONDARY_EXEC_RDTSCP; -- -- if (nested) { -- if (rdtscp_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_RDTSCP; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_RDTSCP; -- } -- } -- -- if (vmx_invpcid_supported()) { -- /* Exposing INVPCID only when PCID is exposed */ -- bool invpcid_enabled = -- guest_cpuid_has(vcpu, X86_FEATURE_INVPCID) && -- guest_cpuid_has(vcpu, X86_FEATURE_PCID); -- -- if (!invpcid_enabled) { -- exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID; -- guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); -- } -- -- if (nested) { -- if (invpcid_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_ENABLE_INVPCID; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_ENABLE_INVPCID; -- } -- } -- -- if (vmx_rdrand_supported()) { -- bool rdrand_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDRAND); -- if (rdrand_enabled) -- exec_control &= ~SECONDARY_EXEC_RDRAND_EXITING; -- -- if (nested) { -- if (rdrand_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_RDRAND_EXITING; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_RDRAND_EXITING; -- } -- } -- -- if (vmx_rdseed_supported()) { -- bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); -- if (rdseed_enabled) -- exec_control &= ~SECONDARY_EXEC_RDSEED_EXITING; -- -- if (nested) { -- if (rdseed_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_RDSEED_EXITING; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_RDSEED_EXITING; -- } -- } -- -- if (vmx_waitpkg_supported()) { -- bool waitpkg_enabled = -- guest_cpuid_has(vcpu, X86_FEATURE_WAITPKG); -- -- if (!waitpkg_enabled) -- exec_control &= ~SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -- -- if (nested) { -- if (waitpkg_enabled) -- vmx->nested.msrs.secondary_ctls_high |= -- SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -- else -- vmx->nested.msrs.secondary_ctls_high &= -- ~SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; -- } -- } -- -- vmx->secondary_exec_control = exec_control; --} -- --static void ept_set_mmio_spte_mask(void) --{ -- /* -- * EPT Misconfigurations can be generated if the value of bits 2:0 -- * of an EPT paging-structure entry is 110b (write/execute). -- */ -- kvm_mmu_set_mmio_spte_mask(VMX_EPT_RWX_MASK, -- VMX_EPT_MISCONFIG_WX_VALUE, 0); --} -- --#define VMX_XSS_EXIT_BITMAP 0 -- --/* -- * Noting that the initialization of Guest-state Area of VMCS is in -- * vmx_vcpu_reset(). -- */ --static void init_vmcs(struct vcpu_vmx *vmx) --{ -- if (nested) -- nested_vmx_set_vmcs_shadowing_bitmap(); -- -- if (cpu_has_vmx_msr_bitmap()) -- vmcs_write64(MSR_BITMAP, __pa(vmx->vmcs01.msr_bitmap)); -- -- vmcs_write64(VMCS_LINK_POINTER, -1ull); /* 22.3.1.5 */ -- -- /* Control */ -- pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx)); -- -- exec_controls_set(vmx, vmx_exec_control(vmx)); -- -- if (cpu_has_secondary_exec_ctrls()) { -- vmx_compute_secondary_exec_control(vmx); -- secondary_exec_controls_set(vmx, vmx->secondary_exec_control); -- } -- -- if (kvm_vcpu_apicv_active(&vmx->vcpu)) { -- vmcs_write64(EOI_EXIT_BITMAP0, 0); -- vmcs_write64(EOI_EXIT_BITMAP1, 0); -- vmcs_write64(EOI_EXIT_BITMAP2, 0); -- vmcs_write64(EOI_EXIT_BITMAP3, 0); -- -- vmcs_write16(GUEST_INTR_STATUS, 0); -- -- vmcs_write16(POSTED_INTR_NV, POSTED_INTR_VECTOR); -- vmcs_write64(POSTED_INTR_DESC_ADDR, __pa((&vmx->pi_desc))); -- } -- -- if (!kvm_pause_in_guest(vmx->vcpu.kvm)) { -- vmcs_write32(PLE_GAP, ple_gap); -- vmx->ple_window = ple_window; -- vmx->ple_window_dirty = true; -- } -- -- vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, 0); -- vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, 0); -- vmcs_write32(CR3_TARGET_COUNT, 0); /* 22.2.1 */ -- -- vmcs_write16(HOST_FS_SELECTOR, 0); /* 22.2.4 */ -- vmcs_write16(HOST_GS_SELECTOR, 0); /* 22.2.4 */ -- vmx_set_constant_host_state(vmx); -- vmcs_writel(HOST_FS_BASE, 0); /* 22.2.4 */ -- vmcs_writel(HOST_GS_BASE, 0); /* 22.2.4 */ -- -- if (cpu_has_vmx_vmfunc()) -- vmcs_write64(VM_FUNCTION_CONTROL, 0); -- -- vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); -- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0); -- vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val)); -- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0); -- vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val)); -- -- if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) -- vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat); -- -- vm_exit_controls_set(vmx, vmx_vmexit_ctrl()); -- -- /* 22.2.1, 20.8.1 */ -- vm_entry_controls_set(vmx, vmx_vmentry_ctrl()); -- -- vmx->vcpu.arch.cr0_guest_owned_bits = X86_CR0_TS; -- vmcs_writel(CR0_GUEST_HOST_MASK, ~X86_CR0_TS); -- -- set_cr4_guest_host_mask(vmx); -- -- if (vmx->vpid != 0) -- vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid); -- -- if (vmx_xsaves_supported()) -- vmcs_write64(XSS_EXIT_BITMAP, VMX_XSS_EXIT_BITMAP); -- -- if (enable_pml) { -- vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg)); -- vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); -- } -- -- if (cpu_has_vmx_encls_vmexit()) -- vmcs_write64(ENCLS_EXITING_BITMAP, -1ull); -- -- if (pt_mode == PT_MODE_HOST_GUEST) { -- memset(&vmx->pt_desc, 0, sizeof(vmx->pt_desc)); -- /* Bit[6~0] are forced to 1, writes are ignored. */ -- vmx->pt_desc.guest.output_mask = 0x7F; -- vmcs_write64(GUEST_IA32_RTIT_CTL, 0); -- } --} -- --static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct msr_data apic_base_msr; -- u64 cr0; -- -- vmx->rmode.vm86_active = 0; -- vmx->spec_ctrl = 0; -- -- vmx->msr_ia32_umwait_control = 0; -- -- vcpu->arch.microcode_version = 0x100000000ULL; -- vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val(); -- vmx->hv_deadline_tsc = -1; -- kvm_set_cr8(vcpu, 0); -- -- if (!init_event) { -- apic_base_msr.data = APIC_DEFAULT_PHYS_BASE | -- MSR_IA32_APICBASE_ENABLE; -- if (kvm_vcpu_is_reset_bsp(vcpu)) -- apic_base_msr.data |= MSR_IA32_APICBASE_BSP; -- apic_base_msr.host_initiated = true; -- kvm_set_apic_base(vcpu, &apic_base_msr); -- } -- -- vmx_segment_cache_clear(vmx); -- -- seg_setup(VCPU_SREG_CS); -- vmcs_write16(GUEST_CS_SELECTOR, 0xf000); -- vmcs_writel(GUEST_CS_BASE, 0xffff0000ul); -- -- seg_setup(VCPU_SREG_DS); -- seg_setup(VCPU_SREG_ES); -- seg_setup(VCPU_SREG_FS); -- seg_setup(VCPU_SREG_GS); -- seg_setup(VCPU_SREG_SS); -- -- vmcs_write16(GUEST_TR_SELECTOR, 0); -- vmcs_writel(GUEST_TR_BASE, 0); -- vmcs_write32(GUEST_TR_LIMIT, 0xffff); -- vmcs_write32(GUEST_TR_AR_BYTES, 0x008b); -- -- vmcs_write16(GUEST_LDTR_SELECTOR, 0); -- vmcs_writel(GUEST_LDTR_BASE, 0); -- vmcs_write32(GUEST_LDTR_LIMIT, 0xffff); -- vmcs_write32(GUEST_LDTR_AR_BYTES, 0x00082); -- -- if (!init_event) { -- vmcs_write32(GUEST_SYSENTER_CS, 0); -- vmcs_writel(GUEST_SYSENTER_ESP, 0); -- vmcs_writel(GUEST_SYSENTER_EIP, 0); -- vmcs_write64(GUEST_IA32_DEBUGCTL, 0); -- } -- -- kvm_set_rflags(vcpu, X86_EFLAGS_FIXED); -- kvm_rip_write(vcpu, 0xfff0); -- -- vmcs_writel(GUEST_GDTR_BASE, 0); -- vmcs_write32(GUEST_GDTR_LIMIT, 0xffff); -- -- vmcs_writel(GUEST_IDTR_BASE, 0); -- vmcs_write32(GUEST_IDTR_LIMIT, 0xffff); -- -- vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE); -- vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, 0); -- vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, 0); -- if (kvm_mpx_supported()) -- vmcs_write64(GUEST_BNDCFGS, 0); -- -- setup_msrs(vmx); -- -- vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */ -- -- if (cpu_has_vmx_tpr_shadow() && !init_event) { -- vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, 0); -- if (cpu_need_tpr_shadow(vcpu)) -- vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, -- __pa(vcpu->arch.apic->regs)); -- vmcs_write32(TPR_THRESHOLD, 0); -- } -- -- kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); -- -- cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET; -- vmx->vcpu.arch.cr0 = cr0; -- vmx_set_cr0(vcpu, cr0); /* enter rmode */ -- vmx_set_cr4(vcpu, 0); -- vmx_set_efer(vcpu, 0); -- -- update_exception_bitmap(vcpu); -- -- vpid_sync_context(vmx->vpid); -- if (init_event) -- vmx_clear_hlt(vcpu); --} -- --static void enable_irq_window(struct kvm_vcpu *vcpu) --{ -- exec_controls_setbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING); --} -- --static void enable_nmi_window(struct kvm_vcpu *vcpu) --{ -- if (!enable_vnmi || -- vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) { -- enable_irq_window(vcpu); -- return; -- } -- -- exec_controls_setbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING); --} -- --static void vmx_inject_irq(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- uint32_t intr; -- int irq = vcpu->arch.interrupt.nr; -- -- trace_kvm_inj_virq(irq); -- -- ++vcpu->stat.irq_injections; -- if (vmx->rmode.vm86_active) { -- int inc_eip = 0; -- if (vcpu->arch.interrupt.soft) -- inc_eip = vcpu->arch.event_exit_inst_len; -- kvm_inject_realmode_interrupt(vcpu, irq, inc_eip); -- return; -- } -- intr = irq | INTR_INFO_VALID_MASK; -- if (vcpu->arch.interrupt.soft) { -- intr |= INTR_TYPE_SOFT_INTR; -- vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, -- vmx->vcpu.arch.event_exit_inst_len); -- } else -- intr |= INTR_TYPE_EXT_INTR; -- vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr); -- -- vmx_clear_hlt(vcpu); --} -- --static void vmx_inject_nmi(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (!enable_vnmi) { -- /* -- * Tracking the NMI-blocked state in software is built upon -- * finding the next open IRQ window. This, in turn, depends on -- * well-behaving guests: They have to keep IRQs disabled at -- * least as long as the NMI handler runs. Otherwise we may -- * cause NMI nesting, maybe breaking the guest. But as this is -- * highly unlikely, we can live with the residual risk. -- */ -- vmx->loaded_vmcs->soft_vnmi_blocked = 1; -- vmx->loaded_vmcs->vnmi_blocked_time = 0; -- } -- -- ++vcpu->stat.nmi_injections; -- vmx->loaded_vmcs->nmi_known_unmasked = false; -- -- if (vmx->rmode.vm86_active) { -- kvm_inject_realmode_interrupt(vcpu, NMI_VECTOR, 0); -- return; -- } -- -- vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, -- INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR); -- -- vmx_clear_hlt(vcpu); --} -- --bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- bool masked; -- -- if (!enable_vnmi) -- return vmx->loaded_vmcs->soft_vnmi_blocked; -- if (vmx->loaded_vmcs->nmi_known_unmasked) -- return false; -- masked = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_NMI; -- vmx->loaded_vmcs->nmi_known_unmasked = !masked; -- return masked; --} -- --void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (!enable_vnmi) { -- if (vmx->loaded_vmcs->soft_vnmi_blocked != masked) { -- vmx->loaded_vmcs->soft_vnmi_blocked = masked; -- vmx->loaded_vmcs->vnmi_blocked_time = 0; -- } -- } else { -- vmx->loaded_vmcs->nmi_known_unmasked = !masked; -- if (masked) -- vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -- GUEST_INTR_STATE_NMI); -- else -- vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO, -- GUEST_INTR_STATE_NMI); -- } --} -- --static int vmx_nmi_allowed(struct kvm_vcpu *vcpu) --{ -- if (to_vmx(vcpu)->nested.nested_run_pending) -- return 0; -- -- if (!enable_vnmi && -- to_vmx(vcpu)->loaded_vmcs->soft_vnmi_blocked) -- return 0; -- -- return !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & -- (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI -- | GUEST_INTR_STATE_NMI)); --} -- --static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu) --{ -- return (!to_vmx(vcpu)->nested.nested_run_pending && -- vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) && -- !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & -- (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS)); --} -- --static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr) --{ -- int ret; -- -- if (enable_unrestricted_guest) -- return 0; -- -- ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr, -- PAGE_SIZE * 3); -- if (ret) -- return ret; -- to_kvm_vmx(kvm)->tss_addr = addr; -- return init_rmode_tss(kvm); --} -- --static int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr) --{ -- to_kvm_vmx(kvm)->ept_identity_map_addr = ident_addr; -- return 0; --} -- --static bool rmode_exception(struct kvm_vcpu *vcpu, int vec) --{ -- switch (vec) { -- case BP_VECTOR: -- /* -- * Update instruction length as we may reinject the exception -- * from user space while in guest debugging mode. -- */ -- to_vmx(vcpu)->vcpu.arch.event_exit_inst_len = -- vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -- if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) -- return false; -- /* fall through */ -- case DB_VECTOR: -- if (vcpu->guest_debug & -- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) -- return false; -- /* fall through */ -- case DE_VECTOR: -- case OF_VECTOR: -- case BR_VECTOR: -- case UD_VECTOR: -- case DF_VECTOR: -- case SS_VECTOR: -- case GP_VECTOR: -- case MF_VECTOR: -- return true; -- break; -- } -- return false; --} -- --static int handle_rmode_exception(struct kvm_vcpu *vcpu, -- int vec, u32 err_code) --{ -- /* -- * Instruction with address size override prefix opcode 0x67 -- * Cause the #SS fault with 0 error code in VM86 mode. -- */ -- if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) { -- if (kvm_emulate_instruction(vcpu, 0)) { -- if (vcpu->arch.halt_request) { -- vcpu->arch.halt_request = 0; -- return kvm_vcpu_halt(vcpu); -- } -- return 1; -- } -- return 0; -- } -- -- /* -- * Forward all other exceptions that are valid in real mode. -- * FIXME: Breaks guest debugging in real mode, needs to be fixed with -- * the required debugging infrastructure rework. -- */ -- kvm_queue_exception(vcpu, vec); -- return 1; --} -- --/* -- * Trigger machine check on the host. We assume all the MSRs are already set up -- * by the CPU and that we still run on the same CPU as the MCE occurred on. -- * We pass a fake environment to the machine check handler because we want -- * the guest to be always treated like user space, no matter what context -- * it used internally. -- */ --static void kvm_machine_check(void) --{ --#if defined(CONFIG_X86_MCE) && defined(CONFIG_X86_64) -- struct pt_regs regs = { -- .cs = 3, /* Fake ring 3 no matter what the guest ran on */ -- .flags = X86_EFLAGS_IF, -- }; -- -- do_machine_check(®s, 0); --#endif --} -- --static int handle_machine_check(struct kvm_vcpu *vcpu) --{ -- /* handled by vmx_vcpu_run() */ -- return 1; --} -- --static int handle_exception_nmi(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct kvm_run *kvm_run = vcpu->run; -- u32 intr_info, ex_no, error_code; -- unsigned long cr2, rip, dr6; -- u32 vect_info; -- -- vect_info = vmx->idt_vectoring_info; -- intr_info = vmx->exit_intr_info; -- -- if (is_machine_check(intr_info) || is_nmi(intr_info)) -- return 1; /* handled by handle_exception_nmi_irqoff() */ -- -- if (is_invalid_opcode(intr_info)) -- return handle_ud(vcpu); -- -- error_code = 0; -- if (intr_info & INTR_INFO_DELIVER_CODE_MASK) -- error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE); -- -- if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) { -- WARN_ON_ONCE(!enable_vmware_backdoor); -- -- /* -- * VMware backdoor emulation on #GP interception only handles -- * IN{S}, OUT{S}, and RDPMC, none of which generate a non-zero -- * error code on #GP. -- */ -- if (error_code) { -- kvm_queue_exception_e(vcpu, GP_VECTOR, error_code); -- return 1; -- } -- return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP); -- } -- -- /* -- * The #PF with PFEC.RSVD = 1 indicates the guest is accessing -- * MMIO, it is better to report an internal error. -- * See the comments in vmx_handle_exit. -- */ -- if ((vect_info & VECTORING_INFO_VALID_MASK) && -- !(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) { -- vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -- vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX; -- vcpu->run->internal.ndata = 3; -- vcpu->run->internal.data[0] = vect_info; -- vcpu->run->internal.data[1] = intr_info; -- vcpu->run->internal.data[2] = error_code; -- return 0; -- } -- -- if (is_page_fault(intr_info)) { -- cr2 = vmcs_readl(EXIT_QUALIFICATION); -- /* EPT won't cause page fault directly */ -- WARN_ON_ONCE(!vcpu->arch.apf.host_apf_reason && enable_ept); -- return kvm_handle_page_fault(vcpu, error_code, cr2, NULL, 0); -- } -- -- ex_no = intr_info & INTR_INFO_VECTOR_MASK; -- -- if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no)) -- return handle_rmode_exception(vcpu, ex_no, error_code); -- -- switch (ex_no) { -- case AC_VECTOR: -- kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); -- return 1; -- case DB_VECTOR: -- dr6 = vmcs_readl(EXIT_QUALIFICATION); -- if (!(vcpu->guest_debug & -- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) { -- vcpu->arch.dr6 &= ~DR_TRAP_BITS; -- vcpu->arch.dr6 |= dr6 | DR6_RTM; -- if (is_icebp(intr_info)) -- WARN_ON(!skip_emulated_instruction(vcpu)); -- -- kvm_queue_exception(vcpu, DB_VECTOR); -- return 1; -- } -- kvm_run->debug.arch.dr6 = dr6 | DR6_FIXED_1; -- kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7); -- /* fall through */ -- case BP_VECTOR: -- /* -- * Update instruction length as we may reinject #BP from -- * user space while in guest debugging mode. Reading it for -- * #DB as well causes no harm, it is not used in that case. -- */ -- vmx->vcpu.arch.event_exit_inst_len = -- vmcs_read32(VM_EXIT_INSTRUCTION_LEN); -- kvm_run->exit_reason = KVM_EXIT_DEBUG; -- rip = kvm_rip_read(vcpu); -- kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip; -- kvm_run->debug.arch.exception = ex_no; -- break; -- default: -- kvm_run->exit_reason = KVM_EXIT_EXCEPTION; -- kvm_run->ex.exception = ex_no; -- kvm_run->ex.error_code = error_code; -- break; -- } -- return 0; --} -- --static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu) --{ -- ++vcpu->stat.irq_exits; -- return 1; --} -- --static int handle_triple_fault(struct kvm_vcpu *vcpu) --{ -- vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN; -- vcpu->mmio_needed = 0; -- return 0; --} -- --static int handle_io(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification; -- int size, in, string; -- unsigned port; -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- string = (exit_qualification & 16) != 0; -- -- ++vcpu->stat.io_exits; -- -- if (string) -- return kvm_emulate_instruction(vcpu, 0); -- -- port = exit_qualification >> 16; -- size = (exit_qualification & 7) + 1; -- in = (exit_qualification & 8) != 0; -- -- return kvm_fast_pio(vcpu, size, port, in); --} -- --static void --vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall) --{ -- /* -- * Patch in the VMCALL instruction: -- */ -- hypercall[0] = 0x0f; -- hypercall[1] = 0x01; -- hypercall[2] = 0xc1; --} -- --/* called to set cr0 as appropriate for a mov-to-cr0 exit. */ --static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val) --{ -- if (is_guest_mode(vcpu)) { -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- unsigned long orig_val = val; -- -- /* -- * We get here when L2 changed cr0 in a way that did not change -- * any of L1's shadowed bits (see nested_vmx_exit_handled_cr), -- * but did change L0 shadowed bits. So we first calculate the -- * effective cr0 value that L1 would like to write into the -- * hardware. It consists of the L2-owned bits from the new -- * value combined with the L1-owned bits from L1's guest_cr0. -- */ -- val = (val & ~vmcs12->cr0_guest_host_mask) | -- (vmcs12->guest_cr0 & vmcs12->cr0_guest_host_mask); -- -- if (!nested_guest_cr0_valid(vcpu, val)) -- return 1; -- -- if (kvm_set_cr0(vcpu, val)) -- return 1; -- vmcs_writel(CR0_READ_SHADOW, orig_val); -- return 0; -- } else { -- if (to_vmx(vcpu)->nested.vmxon && -- !nested_host_cr0_valid(vcpu, val)) -- return 1; -- -- return kvm_set_cr0(vcpu, val); -- } --} -- --static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val) --{ -- if (is_guest_mode(vcpu)) { -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- unsigned long orig_val = val; -- -- /* analogously to handle_set_cr0 */ -- val = (val & ~vmcs12->cr4_guest_host_mask) | -- (vmcs12->guest_cr4 & vmcs12->cr4_guest_host_mask); -- if (kvm_set_cr4(vcpu, val)) -- return 1; -- vmcs_writel(CR4_READ_SHADOW, orig_val); -- return 0; -- } else -- return kvm_set_cr4(vcpu, val); --} -- --static int handle_desc(struct kvm_vcpu *vcpu) --{ -- WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP)); -- return kvm_emulate_instruction(vcpu, 0); --} -- --static int handle_cr(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification, val; -- int cr; -- int reg; -- int err; -- int ret; -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- cr = exit_qualification & 15; -- reg = (exit_qualification >> 8) & 15; -- switch ((exit_qualification >> 4) & 3) { -- case 0: /* mov to cr */ -- val = kvm_register_readl(vcpu, reg); -- trace_kvm_cr_write(cr, val); -- switch (cr) { -- case 0: -- err = handle_set_cr0(vcpu, val); -- return kvm_complete_insn_gp(vcpu, err); -- case 3: -- WARN_ON_ONCE(enable_unrestricted_guest); -- err = kvm_set_cr3(vcpu, val); -- return kvm_complete_insn_gp(vcpu, err); -- case 4: -- err = handle_set_cr4(vcpu, val); -- return kvm_complete_insn_gp(vcpu, err); -- case 8: { -- u8 cr8_prev = kvm_get_cr8(vcpu); -- u8 cr8 = (u8)val; -- err = kvm_set_cr8(vcpu, cr8); -- ret = kvm_complete_insn_gp(vcpu, err); -- if (lapic_in_kernel(vcpu)) -- return ret; -- if (cr8_prev <= cr8) -- return ret; -- /* -- * TODO: we might be squashing a -- * KVM_GUESTDBG_SINGLESTEP-triggered -- * KVM_EXIT_DEBUG here. -- */ -- vcpu->run->exit_reason = KVM_EXIT_SET_TPR; -- return 0; -- } -- } -- break; -- case 2: /* clts */ -- WARN_ONCE(1, "Guest should always own CR0.TS"); -- vmx_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~X86_CR0_TS)); -- trace_kvm_cr_write(0, kvm_read_cr0(vcpu)); -- return kvm_skip_emulated_instruction(vcpu); -- case 1: /*mov from cr*/ -- switch (cr) { -- case 3: -- WARN_ON_ONCE(enable_unrestricted_guest); -- val = kvm_read_cr3(vcpu); -- kvm_register_write(vcpu, reg, val); -- trace_kvm_cr_read(cr, val); -- return kvm_skip_emulated_instruction(vcpu); -- case 8: -- val = kvm_get_cr8(vcpu); -- kvm_register_write(vcpu, reg, val); -- trace_kvm_cr_read(cr, val); -- return kvm_skip_emulated_instruction(vcpu); -- } -- break; -- case 3: /* lmsw */ -- val = (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f; -- trace_kvm_cr_write(0, (kvm_read_cr0(vcpu) & ~0xful) | val); -- kvm_lmsw(vcpu, val); -- -- return kvm_skip_emulated_instruction(vcpu); -- default: -- break; -- } -- vcpu->run->exit_reason = 0; -- vcpu_unimpl(vcpu, "unhandled control register: op %d cr %d\n", -- (int)(exit_qualification >> 4) & 3, cr); -- return 0; --} -- --static int handle_dr(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification; -- int dr, dr7, reg; -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- dr = exit_qualification & DEBUG_REG_ACCESS_NUM; -- -- /* First, if DR does not exist, trigger UD */ -- if (!kvm_require_dr(vcpu, dr)) -- return 1; -- -- /* Do not handle if the CPL > 0, will trigger GP on re-entry */ -- if (!kvm_require_cpl(vcpu, 0)) -- return 1; -- dr7 = vmcs_readl(GUEST_DR7); -- if (dr7 & DR7_GD) { -- /* -- * As the vm-exit takes precedence over the debug trap, we -- * need to emulate the latter, either for the host or the -- * guest debugging itself. -- */ -- if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) { -- vcpu->run->debug.arch.dr6 = vcpu->arch.dr6; -- vcpu->run->debug.arch.dr7 = dr7; -- vcpu->run->debug.arch.pc = kvm_get_linear_rip(vcpu); -- vcpu->run->debug.arch.exception = DB_VECTOR; -- vcpu->run->exit_reason = KVM_EXIT_DEBUG; -- return 0; -- } else { -- vcpu->arch.dr6 &= ~DR_TRAP_BITS; -- vcpu->arch.dr6 |= DR6_BD | DR6_RTM; -- kvm_queue_exception(vcpu, DB_VECTOR); -- return 1; -- } -- } -- -- if (vcpu->guest_debug == 0) { -- exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING); -- -- /* -- * No more DR vmexits; force a reload of the debug registers -- * and reenter on this instruction. The next vmexit will -- * retrieve the full state of the debug registers. -- */ -- vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT; -- return 1; -- } -- -- reg = DEBUG_REG_ACCESS_REG(exit_qualification); -- if (exit_qualification & TYPE_MOV_FROM_DR) { -- unsigned long val; -- -- if (kvm_get_dr(vcpu, dr, &val)) -- return 1; -- kvm_register_write(vcpu, reg, val); -- } else -- if (kvm_set_dr(vcpu, dr, kvm_register_readl(vcpu, reg))) -- return 1; -- -- return kvm_skip_emulated_instruction(vcpu); --} -- --static u64 vmx_get_dr6(struct kvm_vcpu *vcpu) --{ -- return vcpu->arch.dr6; --} -- --static void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) --{ --} -- --static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) --{ -- get_debugreg(vcpu->arch.db[0], 0); -- get_debugreg(vcpu->arch.db[1], 1); -- get_debugreg(vcpu->arch.db[2], 2); -- get_debugreg(vcpu->arch.db[3], 3); -- get_debugreg(vcpu->arch.dr6, 6); -- vcpu->arch.dr7 = vmcs_readl(GUEST_DR7); -- -- vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT; -- exec_controls_setbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING); --} -- --static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) --{ -- vmcs_writel(GUEST_DR7, val); --} -- --static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu) --{ -- kvm_apic_update_ppr(vcpu); -- return 1; --} -- --static int handle_interrupt_window(struct kvm_vcpu *vcpu) --{ -- exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING); -- -- kvm_make_request(KVM_REQ_EVENT, vcpu); -- -- ++vcpu->stat.irq_window_exits; -- return 1; --} -- --static int handle_vmcall(struct kvm_vcpu *vcpu) --{ -- return kvm_emulate_hypercall(vcpu); --} -- --static int handle_invd(struct kvm_vcpu *vcpu) --{ -- return kvm_emulate_instruction(vcpu, 0); --} -- --static int handle_invlpg(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- -- kvm_mmu_invlpg(vcpu, exit_qualification); -- return kvm_skip_emulated_instruction(vcpu); --} -- --static int handle_rdpmc(struct kvm_vcpu *vcpu) --{ -- int err; -- -- err = kvm_rdpmc(vcpu); -- return kvm_complete_insn_gp(vcpu, err); --} -- --static int handle_wbinvd(struct kvm_vcpu *vcpu) --{ -- return kvm_emulate_wbinvd(vcpu); --} -- --static int handle_xsetbv(struct kvm_vcpu *vcpu) --{ -- u64 new_bv = kvm_read_edx_eax(vcpu); -- u32 index = kvm_rcx_read(vcpu); -- -- if (kvm_set_xcr(vcpu, index, new_bv) == 0) -- return kvm_skip_emulated_instruction(vcpu); -- return 1; --} -- --static int handle_apic_access(struct kvm_vcpu *vcpu) --{ -- if (likely(fasteoi)) { -- unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- int access_type, offset; -- -- access_type = exit_qualification & APIC_ACCESS_TYPE; -- offset = exit_qualification & APIC_ACCESS_OFFSET; -- /* -- * Sane guest uses MOV to write EOI, with written value -- * not cared. So make a short-circuit here by avoiding -- * heavy instruction emulation. -- */ -- if ((access_type == TYPE_LINEAR_APIC_INST_WRITE) && -- (offset == APIC_EOI)) { -- kvm_lapic_set_eoi(vcpu); -- return kvm_skip_emulated_instruction(vcpu); -- } -- } -- return kvm_emulate_instruction(vcpu, 0); --} -- --static int handle_apic_eoi_induced(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- int vector = exit_qualification & 0xff; -- -- /* EOI-induced VM exit is trap-like and thus no need to adjust IP */ -- kvm_apic_set_eoi_accelerated(vcpu, vector); -- return 1; --} -- --static int handle_apic_write(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- u32 offset = exit_qualification & 0xfff; -- -- /* APIC-write VM exit is trap-like and thus no need to adjust IP */ -- kvm_apic_write_nodecode(vcpu, offset); -- return 1; --} -- --static int handle_task_switch(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long exit_qualification; -- bool has_error_code = false; -- u32 error_code = 0; -- u16 tss_selector; -- int reason, type, idt_v, idt_index; -- -- idt_v = (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK); -- idt_index = (vmx->idt_vectoring_info & VECTORING_INFO_VECTOR_MASK); -- type = (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK); -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- -- reason = (u32)exit_qualification >> 30; -- if (reason == TASK_SWITCH_GATE && idt_v) { -- switch (type) { -- case INTR_TYPE_NMI_INTR: -- vcpu->arch.nmi_injected = false; -- vmx_set_nmi_mask(vcpu, true); -- break; -- case INTR_TYPE_EXT_INTR: -- case INTR_TYPE_SOFT_INTR: -- kvm_clear_interrupt_queue(vcpu); -- break; -- case INTR_TYPE_HARD_EXCEPTION: -- if (vmx->idt_vectoring_info & -- VECTORING_INFO_DELIVER_CODE_MASK) { -- has_error_code = true; -- error_code = -- vmcs_read32(IDT_VECTORING_ERROR_CODE); -- } -- /* fall through */ -- case INTR_TYPE_SOFT_EXCEPTION: -- kvm_clear_exception_queue(vcpu); -- break; -- default: -- break; -- } -- } -- tss_selector = exit_qualification; -- -- if (!idt_v || (type != INTR_TYPE_HARD_EXCEPTION && -- type != INTR_TYPE_EXT_INTR && -- type != INTR_TYPE_NMI_INTR)) -- WARN_ON(!skip_emulated_instruction(vcpu)); -- -- /* -- * TODO: What about debug traps on tss switch? -- * Are we supposed to inject them and update dr6? -- */ -- return kvm_task_switch(vcpu, tss_selector, -- type == INTR_TYPE_SOFT_INTR ? idt_index : -1, -- reason, has_error_code, error_code); --} -- --static int handle_ept_violation(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification; -- gpa_t gpa; -- u64 error_code; -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- -- /* -- * EPT violation happened while executing iret from NMI, -- * "blocked by NMI" bit has to be set before next VM entry. -- * There are errata that may cause this bit to not be set: -- * AAK134, BY25. -- */ -- if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) && -- enable_vnmi && -- (exit_qualification & INTR_INFO_UNBLOCK_NMI)) -- vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI); -- -- gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); -- trace_kvm_page_fault(gpa, exit_qualification); -- -- /* Is it a read fault? */ -- error_code = (exit_qualification & EPT_VIOLATION_ACC_READ) -- ? PFERR_USER_MASK : 0; -- /* Is it a write fault? */ -- error_code |= (exit_qualification & EPT_VIOLATION_ACC_WRITE) -- ? PFERR_WRITE_MASK : 0; -- /* Is it a fetch fault? */ -- error_code |= (exit_qualification & EPT_VIOLATION_ACC_INSTR) -- ? PFERR_FETCH_MASK : 0; -- /* ept page table entry is present? */ -- error_code |= (exit_qualification & -- (EPT_VIOLATION_READABLE | EPT_VIOLATION_WRITABLE | -- EPT_VIOLATION_EXECUTABLE)) -- ? PFERR_PRESENT_MASK : 0; -- -- error_code |= (exit_qualification & 0x100) != 0 ? -- PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; -- -- vcpu->arch.exit_qualification = exit_qualification; -- return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0); --} -- --static int handle_ept_misconfig(struct kvm_vcpu *vcpu) --{ -- gpa_t gpa; -- -- /* -- * A nested guest cannot optimize MMIO vmexits, because we have an -- * nGPA here instead of the required GPA. -- */ -- gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); -- if (!is_guest_mode(vcpu) && -- !kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) { -- trace_kvm_fast_mmio(gpa); -- return kvm_skip_emulated_instruction(vcpu); -- } -- -- return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0); --} -- --static int handle_nmi_window(struct kvm_vcpu *vcpu) --{ -- WARN_ON_ONCE(!enable_vnmi); -- exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING); -- ++vcpu->stat.nmi_window_exits; -- kvm_make_request(KVM_REQ_EVENT, vcpu); -- -- return 1; --} -- --static int handle_invalid_guest_state(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- bool intr_window_requested; -- unsigned count = 130; -- -- /* -- * We should never reach the point where we are emulating L2 -- * due to invalid guest state as that means we incorrectly -- * allowed a nested VMEntry with an invalid vmcs12. -- */ -- WARN_ON_ONCE(vmx->emulation_required && vmx->nested.nested_run_pending); -- -- intr_window_requested = exec_controls_get(vmx) & -- CPU_BASED_INTR_WINDOW_EXITING; -- -- while (vmx->emulation_required && count-- != 0) { -- if (intr_window_requested && vmx_interrupt_allowed(vcpu)) -- return handle_interrupt_window(&vmx->vcpu); -- -- if (kvm_test_request(KVM_REQ_EVENT, vcpu)) -- return 1; -- -- if (!kvm_emulate_instruction(vcpu, 0)) -- return 0; -- -- if (vmx->emulation_required && !vmx->rmode.vm86_active && -- vcpu->arch.exception.pending) { -- vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -- vcpu->run->internal.suberror = -- KVM_INTERNAL_ERROR_EMULATION; -- vcpu->run->internal.ndata = 0; -- return 0; -- } -- -- if (vcpu->arch.halt_request) { -- vcpu->arch.halt_request = 0; -- return kvm_vcpu_halt(vcpu); -- } -- -- /* -- * Note, return 1 and not 0, vcpu_run() is responsible for -- * morphing the pending signal into the proper return code. -- */ -- if (signal_pending(current)) -- return 1; -- -- if (need_resched()) -- schedule(); -- } -- -- return 1; --} -- --static void grow_ple_window(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned int old = vmx->ple_window; -- -- vmx->ple_window = __grow_ple_window(old, ple_window, -- ple_window_grow, -- ple_window_max); -- -- if (vmx->ple_window != old) { -- vmx->ple_window_dirty = true; -- trace_kvm_ple_window_update(vcpu->vcpu_id, -- vmx->ple_window, old); -- } --} -- --static void shrink_ple_window(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned int old = vmx->ple_window; -- -- vmx->ple_window = __shrink_ple_window(old, ple_window, -- ple_window_shrink, -- ple_window); -- -- if (vmx->ple_window != old) { -- vmx->ple_window_dirty = true; -- trace_kvm_ple_window_update(vcpu->vcpu_id, -- vmx->ple_window, old); -- } --} -- --/* -- * Handler for POSTED_INTERRUPT_WAKEUP_VECTOR. -- */ --static void wakeup_handler(void) --{ -- struct kvm_vcpu *vcpu; -- int cpu = smp_processor_id(); -- -- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); -- list_for_each_entry(vcpu, &per_cpu(blocked_vcpu_on_cpu, cpu), -- blocked_vcpu_list) { -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- -- if (pi_test_on(pi_desc) == 1) -- kvm_vcpu_kick(vcpu); -- } -- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); --} -- --static void vmx_enable_tdp(void) --{ -- kvm_mmu_set_mask_ptes(VMX_EPT_READABLE_MASK, -- enable_ept_ad_bits ? VMX_EPT_ACCESS_BIT : 0ull, -- enable_ept_ad_bits ? VMX_EPT_DIRTY_BIT : 0ull, -- 0ull, VMX_EPT_EXECUTABLE_MASK, -- cpu_has_vmx_ept_execute_only() ? 0ull : VMX_EPT_READABLE_MASK, -- VMX_EPT_RWX_MASK, 0ull); -- -- ept_set_mmio_spte_mask(); -- kvm_enable_tdp(); --} -- --/* -- * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE -- * exiting, so only get here on cpu with PAUSE-Loop-Exiting. -- */ --static int handle_pause(struct kvm_vcpu *vcpu) --{ -- if (!kvm_pause_in_guest(vcpu->kvm)) -- grow_ple_window(vcpu); -- -- /* -- * Intel sdm vol3 ch-25.1.3 says: The "PAUSE-loop exiting" -- * VM-execution control is ignored if CPL > 0. OTOH, KVM -- * never set PAUSE_EXITING and just set PLE if supported, -- * so the vcpu must be CPL=0 if it gets a PAUSE exit. -- */ -- kvm_vcpu_on_spin(vcpu, true); -- return kvm_skip_emulated_instruction(vcpu); --} -- --static int handle_nop(struct kvm_vcpu *vcpu) --{ -- return kvm_skip_emulated_instruction(vcpu); --} -- --static int handle_mwait(struct kvm_vcpu *vcpu) --{ -- printk_once(KERN_WARNING "kvm: MWAIT instruction emulated as NOP!\n"); -- return handle_nop(vcpu); --} -- --static int handle_invalid_op(struct kvm_vcpu *vcpu) --{ -- kvm_queue_exception(vcpu, UD_VECTOR); -- return 1; --} -- --static int handle_monitor_trap(struct kvm_vcpu *vcpu) --{ -- return 1; --} -- --static int handle_monitor(struct kvm_vcpu *vcpu) --{ -- printk_once(KERN_WARNING "kvm: MONITOR instruction emulated as NOP!\n"); -- return handle_nop(vcpu); --} -- --static int handle_invpcid(struct kvm_vcpu *vcpu) --{ -- u32 vmx_instruction_info; -- unsigned long type; -- bool pcid_enabled; -- gva_t gva; -- struct x86_exception e; -- unsigned i; -- unsigned long roots_to_free = 0; -- struct { -- u64 pcid; -- u64 gla; -- } operand; -- -- if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) { -- kvm_queue_exception(vcpu, UD_VECTOR); -- return 1; -- } -- -- vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); -- type = kvm_register_readl(vcpu, (vmx_instruction_info >> 28) & 0xf); -- -- if (type > 3) { -- kvm_inject_gp(vcpu, 0); -- return 1; -- } -- -- /* According to the Intel instruction reference, the memory operand -- * is read even if it isn't needed (e.g., for type==all) -- */ -- if (get_vmx_mem_address(vcpu, vmcs_readl(EXIT_QUALIFICATION), -- vmx_instruction_info, false, -- sizeof(operand), &gva)) -- return 1; -- -- if (kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e)) { -- kvm_inject_page_fault(vcpu, &e); -- return 1; -- } -- -- if (operand.pcid >> 12 != 0) { -- kvm_inject_gp(vcpu, 0); -- return 1; -- } -- -- pcid_enabled = kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE); -- -- switch (type) { -- case INVPCID_TYPE_INDIV_ADDR: -- if ((!pcid_enabled && (operand.pcid != 0)) || -- is_noncanonical_address(operand.gla, vcpu)) { -- kvm_inject_gp(vcpu, 0); -- return 1; -- } -- kvm_mmu_invpcid_gva(vcpu, operand.gla, operand.pcid); -- return kvm_skip_emulated_instruction(vcpu); -- -- case INVPCID_TYPE_SINGLE_CTXT: -- if (!pcid_enabled && (operand.pcid != 0)) { -- kvm_inject_gp(vcpu, 0); -- return 1; -- } -- -- if (kvm_get_active_pcid(vcpu) == operand.pcid) { -- kvm_mmu_sync_roots(vcpu); -- kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -- } -- -- for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) -- if (kvm_get_pcid(vcpu, vcpu->arch.mmu->prev_roots[i].cr3) -- == operand.pcid) -- roots_to_free |= KVM_MMU_ROOT_PREVIOUS(i); -- -- kvm_mmu_free_roots(vcpu, vcpu->arch.mmu, roots_to_free); -- /* -- * If neither the current cr3 nor any of the prev_roots use the -- * given PCID, then nothing needs to be done here because a -- * resync will happen anyway before switching to any other CR3. -- */ -- -- return kvm_skip_emulated_instruction(vcpu); -- -- case INVPCID_TYPE_ALL_NON_GLOBAL: -- /* -- * Currently, KVM doesn't mark global entries in the shadow -- * page tables, so a non-global flush just degenerates to a -- * global flush. If needed, we could optimize this later by -- * keeping track of global entries in shadow page tables. -- */ -- -- /* fall-through */ -- case INVPCID_TYPE_ALL_INCL_GLOBAL: -- kvm_mmu_unload(vcpu); -- return kvm_skip_emulated_instruction(vcpu); -- -- default: -- BUG(); /* We have already checked above that type <= 3 */ -- } --} -- --static int handle_pml_full(struct kvm_vcpu *vcpu) --{ -- unsigned long exit_qualification; -- -- trace_kvm_pml_full(vcpu->vcpu_id); -- -- exit_qualification = vmcs_readl(EXIT_QUALIFICATION); -- -- /* -- * PML buffer FULL happened while executing iret from NMI, -- * "blocked by NMI" bit has to be set before next VM entry. -- */ -- if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) && -- enable_vnmi && -- (exit_qualification & INTR_INFO_UNBLOCK_NMI)) -- vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -- GUEST_INTR_STATE_NMI); -- -- /* -- * PML buffer already flushed at beginning of VMEXIT. Nothing to do -- * here.., and there's no userspace involvement needed for PML. -- */ -- return 1; --} -- --static int handle_preemption_timer(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (!vmx->req_immediate_exit && -- !unlikely(vmx->loaded_vmcs->hv_timer_soft_disabled)) -- kvm_lapic_expired_hv_timer(vcpu); -- -- return 1; --} -- --/* -- * When nested=0, all VMX instruction VM Exits filter here. The handlers -- * are overwritten by nested_vmx_setup() when nested=1. -- */ --static int handle_vmx_instruction(struct kvm_vcpu *vcpu) --{ -- kvm_queue_exception(vcpu, UD_VECTOR); -- return 1; --} -- --static int handle_encls(struct kvm_vcpu *vcpu) --{ -- /* -- * SGX virtualization is not yet supported. There is no software -- * enable bit for SGX, so we have to trap ENCLS and inject a #UD -- * to prevent the guest from executing ENCLS. -- */ -- kvm_queue_exception(vcpu, UD_VECTOR); -- return 1; --} -- --/* -- * The exit handlers return 1 if the exit was handled fully and guest execution -- * may resume. Otherwise they set the kvm_run parameter to indicate what needs -- * to be done to userspace and return 0. -- */ --static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { -- [EXIT_REASON_EXCEPTION_NMI] = handle_exception_nmi, -- [EXIT_REASON_EXTERNAL_INTERRUPT] = handle_external_interrupt, -- [EXIT_REASON_TRIPLE_FAULT] = handle_triple_fault, -- [EXIT_REASON_NMI_WINDOW] = handle_nmi_window, -- [EXIT_REASON_IO_INSTRUCTION] = handle_io, -- [EXIT_REASON_CR_ACCESS] = handle_cr, -- [EXIT_REASON_DR_ACCESS] = handle_dr, -- [EXIT_REASON_CPUID] = kvm_emulate_cpuid, -- [EXIT_REASON_MSR_READ] = kvm_emulate_rdmsr, -- [EXIT_REASON_MSR_WRITE] = kvm_emulate_wrmsr, -- [EXIT_REASON_INTERRUPT_WINDOW] = handle_interrupt_window, -- [EXIT_REASON_HLT] = kvm_emulate_halt, -- [EXIT_REASON_INVD] = handle_invd, -- [EXIT_REASON_INVLPG] = handle_invlpg, -- [EXIT_REASON_RDPMC] = handle_rdpmc, -- [EXIT_REASON_VMCALL] = handle_vmcall, -- [EXIT_REASON_VMCLEAR] = handle_vmx_instruction, -- [EXIT_REASON_VMLAUNCH] = handle_vmx_instruction, -- [EXIT_REASON_VMPTRLD] = handle_vmx_instruction, -- [EXIT_REASON_VMPTRST] = handle_vmx_instruction, -- [EXIT_REASON_VMREAD] = handle_vmx_instruction, -- [EXIT_REASON_VMRESUME] = handle_vmx_instruction, -- [EXIT_REASON_VMWRITE] = handle_vmx_instruction, -- [EXIT_REASON_VMOFF] = handle_vmx_instruction, -- [EXIT_REASON_VMON] = handle_vmx_instruction, -- [EXIT_REASON_TPR_BELOW_THRESHOLD] = handle_tpr_below_threshold, -- [EXIT_REASON_APIC_ACCESS] = handle_apic_access, -- [EXIT_REASON_APIC_WRITE] = handle_apic_write, -- [EXIT_REASON_EOI_INDUCED] = handle_apic_eoi_induced, -- [EXIT_REASON_WBINVD] = handle_wbinvd, -- [EXIT_REASON_XSETBV] = handle_xsetbv, -- [EXIT_REASON_TASK_SWITCH] = handle_task_switch, -- [EXIT_REASON_MCE_DURING_VMENTRY] = handle_machine_check, -- [EXIT_REASON_GDTR_IDTR] = handle_desc, -- [EXIT_REASON_LDTR_TR] = handle_desc, -- [EXIT_REASON_EPT_VIOLATION] = handle_ept_violation, -- [EXIT_REASON_EPT_MISCONFIG] = handle_ept_misconfig, -- [EXIT_REASON_PAUSE_INSTRUCTION] = handle_pause, -- [EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait, -- [EXIT_REASON_MONITOR_TRAP_FLAG] = handle_monitor_trap, -- [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, -- [EXIT_REASON_INVEPT] = handle_vmx_instruction, -- [EXIT_REASON_INVVPID] = handle_vmx_instruction, -- [EXIT_REASON_RDRAND] = handle_invalid_op, -- [EXIT_REASON_RDSEED] = handle_invalid_op, -- [EXIT_REASON_PML_FULL] = handle_pml_full, -- [EXIT_REASON_INVPCID] = handle_invpcid, -- [EXIT_REASON_VMFUNC] = handle_vmx_instruction, -- [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer, -- [EXIT_REASON_ENCLS] = handle_encls, --}; -- --static const int kvm_vmx_max_exit_handlers = -- ARRAY_SIZE(kvm_vmx_exit_handlers); -- --static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2) --{ -- *info1 = vmcs_readl(EXIT_QUALIFICATION); -- *info2 = vmcs_read32(VM_EXIT_INTR_INFO); --} -- --static void vmx_destroy_pml_buffer(struct vcpu_vmx *vmx) --{ -- if (vmx->pml_pg) { -- __free_page(vmx->pml_pg); -- vmx->pml_pg = NULL; -- } --} -- --static void vmx_flush_pml_buffer(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- u64 *pml_buf; -- u16 pml_idx; -- -- pml_idx = vmcs_read16(GUEST_PML_INDEX); -- -- /* Do nothing if PML buffer is empty */ -- if (pml_idx == (PML_ENTITY_NUM - 1)) -- return; -- -- /* PML index always points to next available PML buffer entity */ -- if (pml_idx >= PML_ENTITY_NUM) -- pml_idx = 0; -- else -- pml_idx++; -- -- pml_buf = page_address(vmx->pml_pg); -- for (; pml_idx < PML_ENTITY_NUM; pml_idx++) { -- u64 gpa; -- -- gpa = pml_buf[pml_idx]; -- WARN_ON(gpa & (PAGE_SIZE - 1)); -- kvm_vcpu_mark_page_dirty(vcpu, gpa >> PAGE_SHIFT); -- } -- -- /* reset PML index */ -- vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); --} -- --/* -- * Flush all vcpus' PML buffer and update logged GPAs to dirty_bitmap. -- * Called before reporting dirty_bitmap to userspace. -- */ --static void kvm_flush_pml_buffers(struct kvm *kvm) --{ -- int i; -- struct kvm_vcpu *vcpu; -- /* -- * We only need to kick vcpu out of guest mode here, as PML buffer -- * is flushed at beginning of all VMEXITs, and it's obvious that only -- * vcpus running in guest are possible to have unflushed GPAs in PML -- * buffer. -- */ -- kvm_for_each_vcpu(i, vcpu, kvm) -- kvm_vcpu_kick(vcpu); --} -- --static void vmx_dump_sel(char *name, uint32_t sel) --{ -- pr_err("%s sel=0x%04x, attr=0x%05x, limit=0x%08x, base=0x%016lx\n", -- name, vmcs_read16(sel), -- vmcs_read32(sel + GUEST_ES_AR_BYTES - GUEST_ES_SELECTOR), -- vmcs_read32(sel + GUEST_ES_LIMIT - GUEST_ES_SELECTOR), -- vmcs_readl(sel + GUEST_ES_BASE - GUEST_ES_SELECTOR)); --} -- --static void vmx_dump_dtsel(char *name, uint32_t limit) --{ -- pr_err("%s limit=0x%08x, base=0x%016lx\n", -- name, vmcs_read32(limit), -- vmcs_readl(limit + GUEST_GDTR_BASE - GUEST_GDTR_LIMIT)); --} -- --void dump_vmcs(void) --{ -- u32 vmentry_ctl, vmexit_ctl; -- u32 cpu_based_exec_ctrl, pin_based_exec_ctrl, secondary_exec_control; -- unsigned long cr4; -- u64 efer; -- int i, n; -- -- if (!dump_invalid_vmcs) { -- pr_warn_ratelimited("set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.\n"); -- return; -- } -- -- vmentry_ctl = vmcs_read32(VM_ENTRY_CONTROLS); -- vmexit_ctl = vmcs_read32(VM_EXIT_CONTROLS); -- cpu_based_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); -- pin_based_exec_ctrl = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL); -- cr4 = vmcs_readl(GUEST_CR4); -- efer = vmcs_read64(GUEST_IA32_EFER); -- secondary_exec_control = 0; -- if (cpu_has_secondary_exec_ctrls()) -- secondary_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL); -- -- pr_err("*** Guest State ***\n"); -- pr_err("CR0: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n", -- vmcs_readl(GUEST_CR0), vmcs_readl(CR0_READ_SHADOW), -- vmcs_readl(CR0_GUEST_HOST_MASK)); -- pr_err("CR4: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n", -- cr4, vmcs_readl(CR4_READ_SHADOW), vmcs_readl(CR4_GUEST_HOST_MASK)); -- pr_err("CR3 = 0x%016lx\n", vmcs_readl(GUEST_CR3)); -- if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) && -- (cr4 & X86_CR4_PAE) && !(efer & EFER_LMA)) -- { -- pr_err("PDPTR0 = 0x%016llx PDPTR1 = 0x%016llx\n", -- vmcs_read64(GUEST_PDPTR0), vmcs_read64(GUEST_PDPTR1)); -- pr_err("PDPTR2 = 0x%016llx PDPTR3 = 0x%016llx\n", -- vmcs_read64(GUEST_PDPTR2), vmcs_read64(GUEST_PDPTR3)); -- } -- pr_err("RSP = 0x%016lx RIP = 0x%016lx\n", -- vmcs_readl(GUEST_RSP), vmcs_readl(GUEST_RIP)); -- pr_err("RFLAGS=0x%08lx DR7 = 0x%016lx\n", -- vmcs_readl(GUEST_RFLAGS), vmcs_readl(GUEST_DR7)); -- pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", -- vmcs_readl(GUEST_SYSENTER_ESP), -- vmcs_read32(GUEST_SYSENTER_CS), vmcs_readl(GUEST_SYSENTER_EIP)); -- vmx_dump_sel("CS: ", GUEST_CS_SELECTOR); -- vmx_dump_sel("DS: ", GUEST_DS_SELECTOR); -- vmx_dump_sel("SS: ", GUEST_SS_SELECTOR); -- vmx_dump_sel("ES: ", GUEST_ES_SELECTOR); -- vmx_dump_sel("FS: ", GUEST_FS_SELECTOR); -- vmx_dump_sel("GS: ", GUEST_GS_SELECTOR); -- vmx_dump_dtsel("GDTR:", GUEST_GDTR_LIMIT); -- vmx_dump_sel("LDTR:", GUEST_LDTR_SELECTOR); -- vmx_dump_dtsel("IDTR:", GUEST_IDTR_LIMIT); -- vmx_dump_sel("TR: ", GUEST_TR_SELECTOR); -- if ((vmexit_ctl & (VM_EXIT_SAVE_IA32_PAT | VM_EXIT_SAVE_IA32_EFER)) || -- (vmentry_ctl & (VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_IA32_EFER))) -- pr_err("EFER = 0x%016llx PAT = 0x%016llx\n", -- efer, vmcs_read64(GUEST_IA32_PAT)); -- pr_err("DebugCtl = 0x%016llx DebugExceptions = 0x%016lx\n", -- vmcs_read64(GUEST_IA32_DEBUGCTL), -- vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS)); -- if (cpu_has_load_perf_global_ctrl() && -- vmentry_ctl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) -- pr_err("PerfGlobCtl = 0x%016llx\n", -- vmcs_read64(GUEST_IA32_PERF_GLOBAL_CTRL)); -- if (vmentry_ctl & VM_ENTRY_LOAD_BNDCFGS) -- pr_err("BndCfgS = 0x%016llx\n", vmcs_read64(GUEST_BNDCFGS)); -- pr_err("Interruptibility = %08x ActivityState = %08x\n", -- vmcs_read32(GUEST_INTERRUPTIBILITY_INFO), -- vmcs_read32(GUEST_ACTIVITY_STATE)); -- if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) -- pr_err("InterruptStatus = %04x\n", -- vmcs_read16(GUEST_INTR_STATUS)); -- -- pr_err("*** Host State ***\n"); -- pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", -- vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); -- pr_err("CS=%04x SS=%04x DS=%04x ES=%04x FS=%04x GS=%04x TR=%04x\n", -- vmcs_read16(HOST_CS_SELECTOR), vmcs_read16(HOST_SS_SELECTOR), -- vmcs_read16(HOST_DS_SELECTOR), vmcs_read16(HOST_ES_SELECTOR), -- vmcs_read16(HOST_FS_SELECTOR), vmcs_read16(HOST_GS_SELECTOR), -- vmcs_read16(HOST_TR_SELECTOR)); -- pr_err("FSBase=%016lx GSBase=%016lx TRBase=%016lx\n", -- vmcs_readl(HOST_FS_BASE), vmcs_readl(HOST_GS_BASE), -- vmcs_readl(HOST_TR_BASE)); -- pr_err("GDTBase=%016lx IDTBase=%016lx\n", -- vmcs_readl(HOST_GDTR_BASE), vmcs_readl(HOST_IDTR_BASE)); -- pr_err("CR0=%016lx CR3=%016lx CR4=%016lx\n", -- vmcs_readl(HOST_CR0), vmcs_readl(HOST_CR3), -- vmcs_readl(HOST_CR4)); -- pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", -- vmcs_readl(HOST_IA32_SYSENTER_ESP), -- vmcs_read32(HOST_IA32_SYSENTER_CS), -- vmcs_readl(HOST_IA32_SYSENTER_EIP)); -- if (vmexit_ctl & (VM_EXIT_LOAD_IA32_PAT | VM_EXIT_LOAD_IA32_EFER)) -- pr_err("EFER = 0x%016llx PAT = 0x%016llx\n", -- vmcs_read64(HOST_IA32_EFER), -- vmcs_read64(HOST_IA32_PAT)); -- if (cpu_has_load_perf_global_ctrl() && -- vmexit_ctl & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) -- pr_err("PerfGlobCtl = 0x%016llx\n", -- vmcs_read64(HOST_IA32_PERF_GLOBAL_CTRL)); -- -- pr_err("*** Control State ***\n"); -- pr_err("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", -- pin_based_exec_ctrl, cpu_based_exec_ctrl, secondary_exec_control); -- pr_err("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); -- pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", -- vmcs_read32(EXCEPTION_BITMAP), -- vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK), -- vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH)); -- pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x\n", -- vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), -- vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE), -- vmcs_read32(VM_ENTRY_INSTRUCTION_LEN)); -- pr_err("VMExit: intr_info=%08x errcode=%08x ilen=%08x\n", -- vmcs_read32(VM_EXIT_INTR_INFO), -- vmcs_read32(VM_EXIT_INTR_ERROR_CODE), -- vmcs_read32(VM_EXIT_INSTRUCTION_LEN)); -- pr_err(" reason=%08x qualification=%016lx\n", -- vmcs_read32(VM_EXIT_REASON), vmcs_readl(EXIT_QUALIFICATION)); -- pr_err("IDTVectoring: info=%08x errcode=%08x\n", -- vmcs_read32(IDT_VECTORING_INFO_FIELD), -- vmcs_read32(IDT_VECTORING_ERROR_CODE)); -- pr_err("TSC Offset = 0x%016llx\n", vmcs_read64(TSC_OFFSET)); -- if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING) -- pr_err("TSC Multiplier = 0x%016llx\n", -- vmcs_read64(TSC_MULTIPLIER)); -- if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW) { -- if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) { -- u16 status = vmcs_read16(GUEST_INTR_STATUS); -- pr_err("SVI|RVI = %02x|%02x ", status >> 8, status & 0xff); -- } -- pr_cont("TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD)); -- if (secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES) -- pr_err("APIC-access addr = 0x%016llx ", vmcs_read64(APIC_ACCESS_ADDR)); -- pr_cont("virt-APIC addr = 0x%016llx\n", vmcs_read64(VIRTUAL_APIC_PAGE_ADDR)); -- } -- if (pin_based_exec_ctrl & PIN_BASED_POSTED_INTR) -- pr_err("PostedIntrVec = 0x%02x\n", vmcs_read16(POSTED_INTR_NV)); -- if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT)) -- pr_err("EPT pointer = 0x%016llx\n", vmcs_read64(EPT_POINTER)); -- n = vmcs_read32(CR3_TARGET_COUNT); -- for (i = 0; i + 1 < n; i += 4) -- pr_err("CR3 target%u=%016lx target%u=%016lx\n", -- i, vmcs_readl(CR3_TARGET_VALUE0 + i * 2), -- i + 1, vmcs_readl(CR3_TARGET_VALUE0 + i * 2 + 2)); -- if (i < n) -- pr_err("CR3 target%u=%016lx\n", -- i, vmcs_readl(CR3_TARGET_VALUE0 + i * 2)); -- if (secondary_exec_control & SECONDARY_EXEC_PAUSE_LOOP_EXITING) -- pr_err("PLE Gap=%08x Window=%08x\n", -- vmcs_read32(PLE_GAP), vmcs_read32(PLE_WINDOW)); -- if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) -- pr_err("Virtual processor ID = 0x%04x\n", -- vmcs_read16(VIRTUAL_PROCESSOR_ID)); --} -- --/* -- * The guest has exited. See if we can fix it or if we need userspace -- * assistance. -- */ --static int vmx_handle_exit(struct kvm_vcpu *vcpu, -- enum exit_fastpath_completion exit_fastpath) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- u32 exit_reason = vmx->exit_reason; -- u32 vectoring_info = vmx->idt_vectoring_info; -- -- trace_kvm_exit(exit_reason, vcpu, KVM_ISA_VMX); -- -- /* -- * Flush logged GPAs PML buffer, this will make dirty_bitmap more -- * updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before -- * querying dirty_bitmap, we only need to kick all vcpus out of guest -- * mode as if vcpus is in root mode, the PML buffer must has been -- * flushed already. -- */ -- if (enable_pml) -- vmx_flush_pml_buffer(vcpu); -- -- /* If guest state is invalid, start emulating */ -- if (vmx->emulation_required) -- return handle_invalid_guest_state(vcpu); -- -- if (is_guest_mode(vcpu) && nested_vmx_exit_reflected(vcpu, exit_reason)) -- return nested_vmx_reflect_vmexit(vcpu, exit_reason); -- -- if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) { -- dump_vmcs(); -- vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY; -- vcpu->run->fail_entry.hardware_entry_failure_reason -- = exit_reason; -- return 0; -- } -- -- if (unlikely(vmx->fail)) { -- dump_vmcs(); -- vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY; -- vcpu->run->fail_entry.hardware_entry_failure_reason -- = vmcs_read32(VM_INSTRUCTION_ERROR); -- return 0; -- } -- -- /* -- * Note: -- * Do not try to fix EXIT_REASON_EPT_MISCONFIG if it caused by -- * delivery event since it indicates guest is accessing MMIO. -- * The vm-exit can be triggered again after return to guest that -- * will cause infinite loop. -- */ -- if ((vectoring_info & VECTORING_INFO_VALID_MASK) && -- (exit_reason != EXIT_REASON_EXCEPTION_NMI && -- exit_reason != EXIT_REASON_EPT_VIOLATION && -- exit_reason != EXIT_REASON_PML_FULL && -- exit_reason != EXIT_REASON_TASK_SWITCH)) { -- vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -- vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV; -- vcpu->run->internal.ndata = 3; -- vcpu->run->internal.data[0] = vectoring_info; -- vcpu->run->internal.data[1] = exit_reason; -- vcpu->run->internal.data[2] = vcpu->arch.exit_qualification; -- if (exit_reason == EXIT_REASON_EPT_MISCONFIG) { -- vcpu->run->internal.ndata++; -- vcpu->run->internal.data[3] = -- vmcs_read64(GUEST_PHYSICAL_ADDRESS); -- } -- return 0; -- } -- -- if (unlikely(!enable_vnmi && -- vmx->loaded_vmcs->soft_vnmi_blocked)) { -- if (vmx_interrupt_allowed(vcpu)) { -- vmx->loaded_vmcs->soft_vnmi_blocked = 0; -- } else if (vmx->loaded_vmcs->vnmi_blocked_time > 1000000000LL && -- vcpu->arch.nmi_pending) { -- /* -- * This CPU don't support us in finding the end of an -- * NMI-blocked window if the guest runs with IRQs -- * disabled. So we pull the trigger after 1 s of -- * futile waiting, but inform the user about this. -- */ -- printk(KERN_WARNING "%s: Breaking out of NMI-blocked " -- "state on VCPU %d after 1 s timeout\n", -- __func__, vcpu->vcpu_id); -- vmx->loaded_vmcs->soft_vnmi_blocked = 0; -- } -- } -- -- if (exit_fastpath == EXIT_FASTPATH_SKIP_EMUL_INS) { -- kvm_skip_emulated_instruction(vcpu); -- return 1; -- } else if (exit_reason < kvm_vmx_max_exit_handlers -- && kvm_vmx_exit_handlers[exit_reason]) { --#ifdef CONFIG_RETPOLINE -- if (exit_reason == EXIT_REASON_MSR_WRITE) -- return kvm_emulate_wrmsr(vcpu); -- else if (exit_reason == EXIT_REASON_PREEMPTION_TIMER) -- return handle_preemption_timer(vcpu); -- else if (exit_reason == EXIT_REASON_INTERRUPT_WINDOW) -- return handle_interrupt_window(vcpu); -- else if (exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT) -- return handle_external_interrupt(vcpu); -- else if (exit_reason == EXIT_REASON_HLT) -- return kvm_emulate_halt(vcpu); -- else if (exit_reason == EXIT_REASON_EPT_MISCONFIG) -- return handle_ept_misconfig(vcpu); --#endif -- return kvm_vmx_exit_handlers[exit_reason](vcpu); -- } else { -- vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n", -- exit_reason); -- dump_vmcs(); -- vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; -- vcpu->run->internal.suberror = -- KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; -- vcpu->run->internal.ndata = 1; -- vcpu->run->internal.data[0] = exit_reason; -- return 0; -- } --} -- --/* -- * Software based L1D cache flush which is used when microcode providing -- * the cache control MSR is not loaded. -- * -- * The L1D cache is 32 KiB on Nehalem and later microarchitectures, but to -- * flush it is required to read in 64 KiB because the replacement algorithm -- * is not exactly LRU. This could be sized at runtime via topology -- * information but as all relevant affected CPUs have 32KiB L1D cache size -- * there is no point in doing so. -- */ --static void vmx_l1d_flush(struct kvm_vcpu *vcpu) --{ -- int size = PAGE_SIZE << L1D_CACHE_ORDER; -- -- /* -- * This code is only executed when the the flush mode is 'cond' or -- * 'always' -- */ -- if (static_branch_likely(&vmx_l1d_flush_cond)) { -- bool flush_l1d; -- -- /* -- * Clear the per-vcpu flush bit, it gets set again -- * either from vcpu_run() or from one of the unsafe -- * VMEXIT handlers. -- */ -- flush_l1d = vcpu->arch.l1tf_flush_l1d; -- vcpu->arch.l1tf_flush_l1d = false; -- -- /* -- * Clear the per-cpu flush bit, it gets set again from -- * the interrupt handlers. -- */ -- flush_l1d |= kvm_get_cpu_l1tf_flush_l1d(); -- kvm_clear_cpu_l1tf_flush_l1d(); -- -- if (!flush_l1d) -- return; -- } -- -- vcpu->stat.l1d_flush++; -- -- if (static_cpu_has(X86_FEATURE_FLUSH_L1D)) { -- wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH); -- return; -- } -- -- asm volatile( -- /* First ensure the pages are in the TLB */ -- "xorl %%eax, %%eax\n" -- ".Lpopulate_tlb:\n\t" -- "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" -- "addl $4096, %%eax\n\t" -- "cmpl %%eax, %[size]\n\t" -- "jne .Lpopulate_tlb\n\t" -- "xorl %%eax, %%eax\n\t" -- "cpuid\n\t" -- /* Now fill the cache */ -- "xorl %%eax, %%eax\n" -- ".Lfill_cache:\n" -- "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" -- "addl $64, %%eax\n\t" -- "cmpl %%eax, %[size]\n\t" -- "jne .Lfill_cache\n\t" -- "lfence\n" -- :: [flush_pages] "r" (vmx_l1d_flush_pages), -- [size] "r" (size) -- : "eax", "ebx", "ecx", "edx"); --} -- --static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) --{ -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- int tpr_threshold; -- -- if (is_guest_mode(vcpu) && -- nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) -- return; -- -- tpr_threshold = (irr == -1 || tpr < irr) ? 0 : irr; -- if (is_guest_mode(vcpu)) -- to_vmx(vcpu)->nested.l1_tpr_threshold = tpr_threshold; -- else -- vmcs_write32(TPR_THRESHOLD, tpr_threshold); --} -- --void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- u32 sec_exec_control; -- -- if (!lapic_in_kernel(vcpu)) -- return; -- -- if (!flexpriority_enabled && -- !cpu_has_vmx_virtualize_x2apic_mode()) -- return; -- -- /* Postpone execution until vmcs01 is the current VMCS. */ -- if (is_guest_mode(vcpu)) { -- vmx->nested.change_vmcs01_virtual_apic_mode = true; -- return; -- } -- -- sec_exec_control = secondary_exec_controls_get(vmx); -- sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE); -- -- switch (kvm_get_apic_mode(vcpu)) { -- case LAPIC_MODE_INVALID: -- WARN_ONCE(true, "Invalid local APIC state"); -- case LAPIC_MODE_DISABLED: -- break; -- case LAPIC_MODE_XAPIC: -- if (flexpriority_enabled) { -- sec_exec_control |= -- SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; -- vmx_flush_tlb(vcpu, true); -- } -- break; -- case LAPIC_MODE_X2APIC: -- if (cpu_has_vmx_virtualize_x2apic_mode()) -- sec_exec_control |= -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; -- break; -- } -- secondary_exec_controls_set(vmx, sec_exec_control); -- -- vmx_update_msr_bitmap(vcpu); --} -- --static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu, hpa_t hpa) --{ -- if (!is_guest_mode(vcpu)) { -- vmcs_write64(APIC_ACCESS_ADDR, hpa); -- vmx_flush_tlb(vcpu, true); -- } --} -- --static void vmx_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr) --{ -- u16 status; -- u8 old; -- -- if (max_isr == -1) -- max_isr = 0; -- -- status = vmcs_read16(GUEST_INTR_STATUS); -- old = status >> 8; -- if (max_isr != old) { -- status &= 0xff; -- status |= max_isr << 8; -- vmcs_write16(GUEST_INTR_STATUS, status); -- } --} -- --static void vmx_set_rvi(int vector) --{ -- u16 status; -- u8 old; -- -- if (vector == -1) -- vector = 0; -- -- status = vmcs_read16(GUEST_INTR_STATUS); -- old = (u8)status & 0xff; -- if ((u8)vector != old) { -- status &= ~0xff; -- status |= (u8)vector; -- vmcs_write16(GUEST_INTR_STATUS, status); -- } --} -- --static void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr) --{ -- /* -- * When running L2, updating RVI is only relevant when -- * vmcs12 virtual-interrupt-delivery enabled. -- * However, it can be enabled only when L1 also -- * intercepts external-interrupts and in that case -- * we should not update vmcs02 RVI but instead intercept -- * interrupt. Therefore, do nothing when running L2. -- */ -- if (!is_guest_mode(vcpu)) -- vmx_set_rvi(max_irr); --} -- --static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- int max_irr; -- bool max_irr_updated; -- -- WARN_ON(!vcpu->arch.apicv_active); -- if (pi_test_on(&vmx->pi_desc)) { -- pi_clear_on(&vmx->pi_desc); -- /* -- * IOMMU can write to PID.ON, so the barrier matters even on UP. -- * But on x86 this is just a compiler barrier anyway. -- */ -- smp_mb__after_atomic(); -- max_irr_updated = -- kvm_apic_update_irr(vcpu, vmx->pi_desc.pir, &max_irr); -- -- /* -- * If we are running L2 and L1 has a new pending interrupt -- * which can be injected, we should re-evaluate -- * what should be done with this new L1 interrupt. -- * If L1 intercepts external-interrupts, we should -- * exit from L2 to L1. Otherwise, interrupt should be -- * delivered directly to L2. -- */ -- if (is_guest_mode(vcpu) && max_irr_updated) { -- if (nested_exit_on_intr(vcpu)) -- kvm_vcpu_exiting_guest_mode(vcpu); -- else -- kvm_make_request(KVM_REQ_EVENT, vcpu); -- } -- } else { -- max_irr = kvm_lapic_find_highest_irr(vcpu); -- } -- vmx_hwapic_irr_update(vcpu, max_irr); -- return max_irr; --} -- --static bool vmx_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu) --{ -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- -- return pi_test_on(pi_desc) || -- (pi_test_sn(pi_desc) && !pi_is_pir_empty(pi_desc)); --} -- --static void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap) --{ -- if (!kvm_vcpu_apicv_active(vcpu)) -- return; -- -- vmcs_write64(EOI_EXIT_BITMAP0, eoi_exit_bitmap[0]); -- vmcs_write64(EOI_EXIT_BITMAP1, eoi_exit_bitmap[1]); -- vmcs_write64(EOI_EXIT_BITMAP2, eoi_exit_bitmap[2]); -- vmcs_write64(EOI_EXIT_BITMAP3, eoi_exit_bitmap[3]); --} -- --static void vmx_apicv_post_state_restore(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- pi_clear_on(&vmx->pi_desc); -- memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir)); --} -- --static void handle_exception_nmi_irqoff(struct vcpu_vmx *vmx) --{ -- vmx->exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -- -- /* if exit due to PF check for async PF */ -- if (is_page_fault(vmx->exit_intr_info)) -- vmx->vcpu.arch.apf.host_apf_reason = kvm_read_and_reset_pf_reason(); -- -- /* Handle machine checks before interrupts are enabled */ -- if (is_machine_check(vmx->exit_intr_info)) -- kvm_machine_check(); -- -- /* We need to handle NMIs before interrupts are enabled */ -- if (is_nmi(vmx->exit_intr_info)) { -- kvm_before_interrupt(&vmx->vcpu); -- asm("int $2"); -- kvm_after_interrupt(&vmx->vcpu); -- } --} -- --static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu) --{ -- unsigned int vector; -- unsigned long entry; --#ifdef CONFIG_X86_64 -- unsigned long tmp; --#endif -- gate_desc *desc; -- u32 intr_info; -- -- intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -- if (WARN_ONCE(!is_external_intr(intr_info), -- "KVM: unexpected VM-Exit interrupt info: 0x%x", intr_info)) -- return; -- -- vector = intr_info & INTR_INFO_VECTOR_MASK; -- desc = (gate_desc *)host_idt_base + vector; -- entry = gate_offset(desc); -- -- kvm_before_interrupt(vcpu); -- -- asm volatile( --#ifdef CONFIG_X86_64 -- "mov %%" _ASM_SP ", %[sp]\n\t" -- "and $0xfffffffffffffff0, %%" _ASM_SP "\n\t" -- "push $%c[ss]\n\t" -- "push %[sp]\n\t" --#endif -- "pushf\n\t" -- __ASM_SIZE(push) " $%c[cs]\n\t" -- CALL_NOSPEC -- : --#ifdef CONFIG_X86_64 -- [sp]"=&r"(tmp), --#endif -- ASM_CALL_CONSTRAINT -- : -- THUNK_TARGET(entry), -- [ss]"i"(__KERNEL_DS), -- [cs]"i"(__KERNEL_CS) -- ); -- -- kvm_after_interrupt(vcpu); --} --STACK_FRAME_NON_STANDARD(handle_external_interrupt_irqoff); -- --static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu, -- enum exit_fastpath_completion *exit_fastpath) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (vmx->exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT) -- handle_external_interrupt_irqoff(vcpu); -- else if (vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI) -- handle_exception_nmi_irqoff(vmx); -- else if (!is_guest_mode(vcpu) && -- vmx->exit_reason == EXIT_REASON_MSR_WRITE) -- *exit_fastpath = handle_fastpath_set_msr_irqoff(vcpu); --} -- --static bool vmx_has_emulated_msr(int index) --{ -- switch (index) { -- case MSR_IA32_SMBASE: -- /* -- * We cannot do SMM unless we can run the guest in big -- * real mode. -- */ -- return enable_unrestricted_guest || emulate_invalid_guest_state; -- case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: -- return nested; -- case MSR_AMD64_VIRT_SPEC_CTRL: -- /* This is AMD only. */ -- return false; -- default: -- return true; -- } --} -- --static bool vmx_pt_supported(void) --{ -- return pt_mode == PT_MODE_HOST_GUEST; --} -- --static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) --{ -- u32 exit_intr_info; -- bool unblock_nmi; -- u8 vector; -- bool idtv_info_valid; -- -- idtv_info_valid = vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK; -- -- if (enable_vnmi) { -- if (vmx->loaded_vmcs->nmi_known_unmasked) -- return; -- /* -- * Can't use vmx->exit_intr_info since we're not sure what -- * the exit reason is. -- */ -- exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); -- unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0; -- vector = exit_intr_info & INTR_INFO_VECTOR_MASK; -- /* -- * SDM 3: 27.7.1.2 (September 2008) -- * Re-set bit "block by NMI" before VM entry if vmexit caused by -- * a guest IRET fault. -- * SDM 3: 23.2.2 (September 2008) -- * Bit 12 is undefined in any of the following cases: -- * If the VM exit sets the valid bit in the IDT-vectoring -- * information field. -- * If the VM exit is due to a double fault. -- */ -- if ((exit_intr_info & INTR_INFO_VALID_MASK) && unblock_nmi && -- vector != DF_VECTOR && !idtv_info_valid) -- vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, -- GUEST_INTR_STATE_NMI); -- else -- vmx->loaded_vmcs->nmi_known_unmasked = -- !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) -- & GUEST_INTR_STATE_NMI); -- } else if (unlikely(vmx->loaded_vmcs->soft_vnmi_blocked)) -- vmx->loaded_vmcs->vnmi_blocked_time += -- ktime_to_ns(ktime_sub(ktime_get(), -- vmx->loaded_vmcs->entry_time)); --} -- --static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, -- u32 idt_vectoring_info, -- int instr_len_field, -- int error_code_field) --{ -- u8 vector; -- int type; -- bool idtv_info_valid; -- -- idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK; -- -- vcpu->arch.nmi_injected = false; -- kvm_clear_exception_queue(vcpu); -- kvm_clear_interrupt_queue(vcpu); -- -- if (!idtv_info_valid) -- return; -- -- kvm_make_request(KVM_REQ_EVENT, vcpu); -- -- vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK; -- type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK; -- -- switch (type) { -- case INTR_TYPE_NMI_INTR: -- vcpu->arch.nmi_injected = true; -- /* -- * SDM 3: 27.7.1.2 (September 2008) -- * Clear bit "block by NMI" before VM entry if a NMI -- * delivery faulted. -- */ -- vmx_set_nmi_mask(vcpu, false); -- break; -- case INTR_TYPE_SOFT_EXCEPTION: -- vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); -- /* fall through */ -- case INTR_TYPE_HARD_EXCEPTION: -- if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) { -- u32 err = vmcs_read32(error_code_field); -- kvm_requeue_exception_e(vcpu, vector, err); -- } else -- kvm_requeue_exception(vcpu, vector); -- break; -- case INTR_TYPE_SOFT_INTR: -- vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); -- /* fall through */ -- case INTR_TYPE_EXT_INTR: -- kvm_queue_interrupt(vcpu, vector, type == INTR_TYPE_SOFT_INTR); -- break; -- default: -- break; -- } --} -- --static void vmx_complete_interrupts(struct vcpu_vmx *vmx) --{ -- __vmx_complete_interrupts(&vmx->vcpu, vmx->idt_vectoring_info, -- VM_EXIT_INSTRUCTION_LEN, -- IDT_VECTORING_ERROR_CODE); --} -- --static void vmx_cancel_injection(struct kvm_vcpu *vcpu) --{ -- __vmx_complete_interrupts(vcpu, -- vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), -- VM_ENTRY_INSTRUCTION_LEN, -- VM_ENTRY_EXCEPTION_ERROR_CODE); -- -- vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); --} -- --static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) --{ -- int i, nr_msrs; -- struct perf_guest_switch_msr *msrs; -- -- msrs = perf_guest_get_msrs(&nr_msrs); -- -- if (!msrs) -- return; -- -- for (i = 0; i < nr_msrs; i++) -- if (msrs[i].host == msrs[i].guest) -- clear_atomic_switch_msr(vmx, msrs[i].msr); -- else -- add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest, -- msrs[i].host, false); --} -- --static void atomic_switch_umwait_control_msr(struct vcpu_vmx *vmx) --{ -- u32 host_umwait_control; -- -- if (!vmx_has_waitpkg(vmx)) -- return; -- -- host_umwait_control = get_umwait_control_msr(); -- -- if (vmx->msr_ia32_umwait_control != host_umwait_control) -- add_atomic_switch_msr(vmx, MSR_IA32_UMWAIT_CONTROL, -- vmx->msr_ia32_umwait_control, -- host_umwait_control, false); -- else -- clear_atomic_switch_msr(vmx, MSR_IA32_UMWAIT_CONTROL); --} -- --static void vmx_update_hv_timer(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- u64 tscl; -- u32 delta_tsc; -- -- if (vmx->req_immediate_exit) { -- vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, 0); -- vmx->loaded_vmcs->hv_timer_soft_disabled = false; -- } else if (vmx->hv_deadline_tsc != -1) { -- tscl = rdtsc(); -- if (vmx->hv_deadline_tsc > tscl) -- /* set_hv_timer ensures the delta fits in 32-bits */ -- delta_tsc = (u32)((vmx->hv_deadline_tsc - tscl) >> -- cpu_preemption_timer_multi); -- else -- delta_tsc = 0; -- -- vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, delta_tsc); -- vmx->loaded_vmcs->hv_timer_soft_disabled = false; -- } else if (!vmx->loaded_vmcs->hv_timer_soft_disabled) { -- vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, -1); -- vmx->loaded_vmcs->hv_timer_soft_disabled = true; -- } --} -- --void vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp) --{ -- if (unlikely(host_rsp != vmx->loaded_vmcs->host_state.rsp)) { -- vmx->loaded_vmcs->host_state.rsp = host_rsp; -- vmcs_writel(HOST_RSP, host_rsp); -- } --} -- --bool __vmx_vcpu_run(struct vcpu_vmx *vmx, unsigned long *regs, bool launched); -- --static void vmx_vcpu_run(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long cr3, cr4; -- -- /* Record the guest's net vcpu time for enforced NMI injections. */ -- if (unlikely(!enable_vnmi && -- vmx->loaded_vmcs->soft_vnmi_blocked)) -- vmx->loaded_vmcs->entry_time = ktime_get(); -- -- /* Don't enter VMX if guest state is invalid, let the exit handler -- start emulation until we arrive back to a valid state */ -- if (vmx->emulation_required) -- return; -- -- if (vmx->ple_window_dirty) { -- vmx->ple_window_dirty = false; -- vmcs_write32(PLE_WINDOW, vmx->ple_window); -- } -- -- if (vmx->nested.need_vmcs12_to_shadow_sync) -- nested_sync_vmcs12_to_shadow(vcpu); -- -- if (kvm_register_is_dirty(vcpu, VCPU_REGS_RSP)) -- vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]); -- if (kvm_register_is_dirty(vcpu, VCPU_REGS_RIP)) -- vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); -- -- cr3 = __get_current_cr3_fast(); -- if (unlikely(cr3 != vmx->loaded_vmcs->host_state.cr3)) { -- vmcs_writel(HOST_CR3, cr3); -- vmx->loaded_vmcs->host_state.cr3 = cr3; -- } -- -- cr4 = cr4_read_shadow(); -- if (unlikely(cr4 != vmx->loaded_vmcs->host_state.cr4)) { -- vmcs_writel(HOST_CR4, cr4); -- vmx->loaded_vmcs->host_state.cr4 = cr4; -- } -- -- /* When single-stepping over STI and MOV SS, we must clear the -- * corresponding interruptibility bits in the guest state. Otherwise -- * vmentry fails as it then expects bit 14 (BS) in pending debug -- * exceptions being set, but that's not correct for the guest debugging -- * case. */ -- if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) -- vmx_set_interrupt_shadow(vcpu, 0); -- -- kvm_load_guest_xsave_state(vcpu); -- -- if (static_cpu_has(X86_FEATURE_PKU) && -- kvm_read_cr4_bits(vcpu, X86_CR4_PKE) && -- vcpu->arch.pkru != vmx->host_pkru) -- __write_pkru(vcpu->arch.pkru); -- -- pt_guest_enter(vmx); -- -- atomic_switch_perf_msrs(vmx); -- atomic_switch_umwait_control_msr(vmx); -- -- if (enable_preemption_timer) -- vmx_update_hv_timer(vcpu); -- -- if (lapic_in_kernel(vcpu) && -- vcpu->arch.apic->lapic_timer.timer_advance_ns) -- kvm_wait_lapic_expire(vcpu); -- -- /* -- * If this vCPU has touched SPEC_CTRL, restore the guest's value if -- * it's non-zero. Since vmentry is serialising on affected CPUs, there -- * is no need to worry about the conditional branch over the wrmsr -- * being speculatively taken. -- */ -- x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0); -- -- /* L1D Flush includes CPU buffer clear to mitigate MDS */ -- if (static_branch_unlikely(&vmx_l1d_should_flush)) -- vmx_l1d_flush(vcpu); -- else if (static_branch_unlikely(&mds_user_clear)) -- mds_clear_cpu_buffers(); -- -- if (vcpu->arch.cr2 != read_cr2()) -- write_cr2(vcpu->arch.cr2); -- -- vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs, -- vmx->loaded_vmcs->launched); -- -- vcpu->arch.cr2 = read_cr2(); -- -- /* -- * We do not use IBRS in the kernel. If this vCPU has used the -- * SPEC_CTRL MSR it may have left it on; save the value and -- * turn it off. This is much more efficient than blindly adding -- * it to the atomic save/restore list. Especially as the former -- * (Saving guest MSRs on vmexit) doesn't even exist in KVM. -- * -- * For non-nested case: -- * If the L01 MSR bitmap does not intercept the MSR, then we need to -- * save it. -- * -- * For nested case: -- * If the L02 MSR bitmap does not intercept the MSR, then we need to -- * save it. -- */ -- if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) -- vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); -- -- x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0); -- -- /* All fields are clean at this point */ -- if (static_branch_unlikely(&enable_evmcs)) -- current_evmcs->hv_clean_fields |= -- HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL; -- -- if (static_branch_unlikely(&enable_evmcs)) -- current_evmcs->hv_vp_id = vcpu->arch.hyperv.vp_index; -- -- /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ -- if (vmx->host_debugctlmsr) -- update_debugctlmsr(vmx->host_debugctlmsr); -- --#ifndef CONFIG_X86_64 -- /* -- * The sysexit path does not restore ds/es, so we must set them to -- * a reasonable value ourselves. -- * -- * We can't defer this to vmx_prepare_switch_to_host() since that -- * function may be executed in interrupt context, which saves and -- * restore segments around it, nullifying its effect. -- */ -- loadsegment(ds, __USER_DS); -- loadsegment(es, __USER_DS); --#endif -- -- vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) -- | (1 << VCPU_EXREG_RFLAGS) -- | (1 << VCPU_EXREG_PDPTR) -- | (1 << VCPU_EXREG_SEGMENTS) -- | (1 << VCPU_EXREG_CR3)); -- vcpu->arch.regs_dirty = 0; -- -- pt_guest_exit(vmx); -- -- /* -- * eager fpu is enabled if PKEY is supported and CR4 is switched -- * back on host, so it is safe to read guest PKRU from current -- * XSAVE. -- */ -- if (static_cpu_has(X86_FEATURE_PKU) && -- kvm_read_cr4_bits(vcpu, X86_CR4_PKE)) { -- vcpu->arch.pkru = rdpkru(); -- if (vcpu->arch.pkru != vmx->host_pkru) -- __write_pkru(vmx->host_pkru); -- } -- -- kvm_load_host_xsave_state(vcpu); -- -- vmx->nested.nested_run_pending = 0; -- vmx->idt_vectoring_info = 0; -- -- vmx->exit_reason = vmx->fail ? 0xdead : vmcs_read32(VM_EXIT_REASON); -- if ((u16)vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY) -- kvm_machine_check(); -- -- if (vmx->fail || (vmx->exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) -- return; -- -- vmx->loaded_vmcs->launched = 1; -- vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD); -- -- vmx_recover_nmi_blocking(vmx); -- vmx_complete_interrupts(vmx); --} -- --static struct kvm *vmx_vm_alloc(void) --{ -- struct kvm_vmx *kvm_vmx = __vmalloc(sizeof(struct kvm_vmx), -- GFP_KERNEL_ACCOUNT | __GFP_ZERO, -- PAGE_KERNEL); -- return &kvm_vmx->kvm; --} -- --static void vmx_vm_free(struct kvm *kvm) --{ -- kfree(kvm->arch.hyperv.hv_pa_pg); -- vfree(to_kvm_vmx(kvm)); --} -- --static void vmx_free_vcpu(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (enable_pml) -- vmx_destroy_pml_buffer(vmx); -- free_vpid(vmx->vpid); -- nested_vmx_free_vcpu(vcpu); -- free_loaded_vmcs(vmx->loaded_vmcs); -- kvm_vcpu_uninit(vcpu); -- kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.user_fpu); -- kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.guest_fpu); -- kmem_cache_free(kvm_vcpu_cache, vmx); --} -- --static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) --{ -- int err; -- struct vcpu_vmx *vmx; -- unsigned long *msr_bitmap; -- int i, cpu; -- -- BUILD_BUG_ON_MSG(offsetof(struct vcpu_vmx, vcpu) != 0, -- "struct kvm_vcpu must be at offset 0 for arch usercopy region"); -- -- vmx = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT); -- if (!vmx) -- return ERR_PTR(-ENOMEM); -- -- vmx->vcpu.arch.user_fpu = kmem_cache_zalloc(x86_fpu_cache, -- GFP_KERNEL_ACCOUNT); -- if (!vmx->vcpu.arch.user_fpu) { -- printk(KERN_ERR "kvm: failed to allocate kvm userspace's fpu\n"); -- err = -ENOMEM; -- goto free_partial_vcpu; -- } -- -- vmx->vcpu.arch.guest_fpu = kmem_cache_zalloc(x86_fpu_cache, -- GFP_KERNEL_ACCOUNT); -- if (!vmx->vcpu.arch.guest_fpu) { -- printk(KERN_ERR "kvm: failed to allocate vcpu's fpu\n"); -- err = -ENOMEM; -- goto free_user_fpu; -- } -- -- vmx->vpid = allocate_vpid(); -- -- err = kvm_vcpu_init(&vmx->vcpu, kvm, id); -- if (err) -- goto free_vcpu; -- -- err = -ENOMEM; -- -- /* -- * If PML is turned on, failure on enabling PML just results in failure -- * of creating the vcpu, therefore we can simplify PML logic (by -- * avoiding dealing with cases, such as enabling PML partially on vcpus -- * for the guest), etc. -- */ -- if (enable_pml) { -- vmx->pml_pg = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); -- if (!vmx->pml_pg) -- goto uninit_vcpu; -- } -- -- BUILD_BUG_ON(ARRAY_SIZE(vmx_msr_index) != NR_SHARED_MSRS); -- -- for (i = 0; i < ARRAY_SIZE(vmx_msr_index); ++i) { -- u32 index = vmx_msr_index[i]; -- u32 data_low, data_high; -- int j = vmx->nmsrs; -- -- if (rdmsr_safe(index, &data_low, &data_high) < 0) -- continue; -- if (wrmsr_safe(index, data_low, data_high) < 0) -- continue; -- -- vmx->guest_msrs[j].index = i; -- vmx->guest_msrs[j].data = 0; -- switch (index) { -- case MSR_IA32_TSX_CTRL: -- /* -- * No need to pass TSX_CTRL_CPUID_CLEAR through, so -- * let's avoid changing CPUID bits under the host -- * kernel's feet. -- */ -- vmx->guest_msrs[j].mask = ~(u64)TSX_CTRL_CPUID_CLEAR; -- break; -- default: -- vmx->guest_msrs[j].mask = -1ull; -- break; -- } -- ++vmx->nmsrs; -- } -- -- err = alloc_loaded_vmcs(&vmx->vmcs01); -- if (err < 0) -- goto free_pml; -- -- msr_bitmap = vmx->vmcs01.msr_bitmap; -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_TSC, MSR_TYPE_R); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_FS_BASE, MSR_TYPE_RW); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_GS_BASE, MSR_TYPE_RW); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); -- if (kvm_cstate_in_guest(kvm)) { -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C1_RES, MSR_TYPE_R); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R); -- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R); -- } -- vmx->msr_bitmap_mode = 0; -- -- vmx->loaded_vmcs = &vmx->vmcs01; -- cpu = get_cpu(); -- vmx_vcpu_load(&vmx->vcpu, cpu); -- vmx->vcpu.cpu = cpu; -- init_vmcs(vmx); -- vmx_vcpu_put(&vmx->vcpu); -- put_cpu(); -- if (cpu_need_virtualize_apic_accesses(&vmx->vcpu)) { -- err = alloc_apic_access_page(kvm); -- if (err) -- goto free_vmcs; -- } -- -- if (enable_ept && !enable_unrestricted_guest) { -- err = init_rmode_identity_map(kvm); -- if (err) -- goto free_vmcs; -- } -- -- if (nested) -- nested_vmx_setup_ctls_msrs(&vmx->nested.msrs, -- vmx_capability.ept, -- kvm_vcpu_apicv_active(&vmx->vcpu)); -- else -- memset(&vmx->nested.msrs, 0, sizeof(vmx->nested.msrs)); -- -- vmx->nested.posted_intr_nv = -1; -- vmx->nested.current_vmptr = -1ull; -- -- vmx->msr_ia32_feature_control_valid_bits = FEATURE_CONTROL_LOCKED; -- -- /* -- * Enforce invariant: pi_desc.nv is always either POSTED_INTR_VECTOR -- * or POSTED_INTR_WAKEUP_VECTOR. -- */ -- vmx->pi_desc.nv = POSTED_INTR_VECTOR; -- vmx->pi_desc.sn = 1; -- -- vmx->ept_pointer = INVALID_PAGE; -- -- return &vmx->vcpu; -- --free_vmcs: -- free_loaded_vmcs(vmx->loaded_vmcs); --free_pml: -- vmx_destroy_pml_buffer(vmx); --uninit_vcpu: -- kvm_vcpu_uninit(&vmx->vcpu); --free_vcpu: -- free_vpid(vmx->vpid); -- kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.guest_fpu); --free_user_fpu: -- kmem_cache_free(x86_fpu_cache, vmx->vcpu.arch.user_fpu); --free_partial_vcpu: -- kmem_cache_free(kvm_vcpu_cache, vmx); -- return ERR_PTR(err); --} -- --#define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" --#define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" -- --static int vmx_vm_init(struct kvm *kvm) --{ -- spin_lock_init(&to_kvm_vmx(kvm)->ept_pointer_lock); -- -- if (!ple_gap) -- kvm->arch.pause_in_guest = true; -- -- if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) { -- switch (l1tf_mitigation) { -- case L1TF_MITIGATION_OFF: -- case L1TF_MITIGATION_FLUSH_NOWARN: -- /* 'I explicitly don't care' is set */ -- break; -- case L1TF_MITIGATION_FLUSH: -- case L1TF_MITIGATION_FLUSH_NOSMT: -- case L1TF_MITIGATION_FULL: -- /* -- * Warn upon starting the first VM in a potentially -- * insecure environment. -- */ -- if (sched_smt_active()) -- pr_warn_once(L1TF_MSG_SMT); -- if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER) -- pr_warn_once(L1TF_MSG_L1D); -- break; -- case L1TF_MITIGATION_FULL_FORCE: -- /* Flush is enforced */ -- break; -- } -- } -- return 0; --} -- --static int __init vmx_check_processor_compat(void) --{ -- struct vmcs_config vmcs_conf; -- struct vmx_capability vmx_cap; -- -- if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) -- return -EIO; -- if (nested) -- nested_vmx_setup_ctls_msrs(&vmcs_conf.nested, vmx_cap.ept, -- enable_apicv); -- if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config)) != 0) { -- printk(KERN_ERR "kvm: CPU %d feature inconsistency!\n", -- smp_processor_id()); -- return -EIO; -- } -- return 0; --} -- --static u64 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio) --{ -- u8 cache; -- u64 ipat = 0; -- -- /* For VT-d and EPT combination -- * 1. MMIO: always map as UC -- * 2. EPT with VT-d: -- * a. VT-d without snooping control feature: can't guarantee the -- * result, try to trust guest. -- * b. VT-d with snooping control feature: snooping control feature of -- * VT-d engine can guarantee the cache correctness. Just set it -- * to WB to keep consistent with host. So the same as item 3. -- * 3. EPT without VT-d: always map as WB and set IPAT=1 to keep -- * consistent with host MTRR -- */ -- if (is_mmio) { -- cache = MTRR_TYPE_UNCACHABLE; -- goto exit; -- } -- -- if (!kvm_arch_has_noncoherent_dma(vcpu->kvm)) { -- ipat = VMX_EPT_IPAT_BIT; -- cache = MTRR_TYPE_WRBACK; -- goto exit; -- } -- -- if (kvm_read_cr0(vcpu) & X86_CR0_CD) { -- ipat = VMX_EPT_IPAT_BIT; -- if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) -- cache = MTRR_TYPE_WRBACK; -- else -- cache = MTRR_TYPE_UNCACHABLE; -- goto exit; -- } -- -- cache = kvm_mtrr_get_guest_memory_type(vcpu, gfn); -- --exit: -- return (cache << VMX_EPT_MT_EPTE_SHIFT) | ipat; --} -- --static int vmx_get_lpage_level(void) --{ -- if (enable_ept && !cpu_has_vmx_ept_1g_page()) -- return PT_DIRECTORY_LEVEL; -- else -- /* For shadow and EPT supported 1GB page */ -- return PT_PDPE_LEVEL; --} -- --static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx) --{ -- /* -- * These bits in the secondary execution controls field -- * are dynamic, the others are mostly based on the hypervisor -- * architecture and the guest's CPUID. Do not touch the -- * dynamic bits. -- */ -- u32 mask = -- SECONDARY_EXEC_SHADOW_VMCS | -- SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | -- SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | -- SECONDARY_EXEC_DESC; -- -- u32 new_ctl = vmx->secondary_exec_control; -- u32 cur_ctl = secondary_exec_controls_get(vmx); -- -- secondary_exec_controls_set(vmx, (new_ctl & ~mask) | (cur_ctl & mask)); --} -- --/* -- * Generate MSR_IA32_VMX_CR{0,4}_FIXED1 according to CPUID. Only set bits -- * (indicating "allowed-1") if they are supported in the guest's CPUID. -- */ --static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct kvm_cpuid_entry2 *entry; -- -- vmx->nested.msrs.cr0_fixed1 = 0xffffffff; -- vmx->nested.msrs.cr4_fixed1 = X86_CR4_PCE; -- --#define cr4_fixed1_update(_cr4_mask, _reg, _cpuid_mask) do { \ -- if (entry && (entry->_reg & (_cpuid_mask))) \ -- vmx->nested.msrs.cr4_fixed1 |= (_cr4_mask); \ --} while (0) -- -- entry = kvm_find_cpuid_entry(vcpu, 0x1, 0); -- cr4_fixed1_update(X86_CR4_VME, edx, bit(X86_FEATURE_VME)); -- cr4_fixed1_update(X86_CR4_PVI, edx, bit(X86_FEATURE_VME)); -- cr4_fixed1_update(X86_CR4_TSD, edx, bit(X86_FEATURE_TSC)); -- cr4_fixed1_update(X86_CR4_DE, edx, bit(X86_FEATURE_DE)); -- cr4_fixed1_update(X86_CR4_PSE, edx, bit(X86_FEATURE_PSE)); -- cr4_fixed1_update(X86_CR4_PAE, edx, bit(X86_FEATURE_PAE)); -- cr4_fixed1_update(X86_CR4_MCE, edx, bit(X86_FEATURE_MCE)); -- cr4_fixed1_update(X86_CR4_PGE, edx, bit(X86_FEATURE_PGE)); -- cr4_fixed1_update(X86_CR4_OSFXSR, edx, bit(X86_FEATURE_FXSR)); -- cr4_fixed1_update(X86_CR4_OSXMMEXCPT, edx, bit(X86_FEATURE_XMM)); -- cr4_fixed1_update(X86_CR4_VMXE, ecx, bit(X86_FEATURE_VMX)); -- cr4_fixed1_update(X86_CR4_SMXE, ecx, bit(X86_FEATURE_SMX)); -- cr4_fixed1_update(X86_CR4_PCIDE, ecx, bit(X86_FEATURE_PCID)); -- cr4_fixed1_update(X86_CR4_OSXSAVE, ecx, bit(X86_FEATURE_XSAVE)); -- -- entry = kvm_find_cpuid_entry(vcpu, 0x7, 0); -- cr4_fixed1_update(X86_CR4_FSGSBASE, ebx, bit(X86_FEATURE_FSGSBASE)); -- cr4_fixed1_update(X86_CR4_SMEP, ebx, bit(X86_FEATURE_SMEP)); -- cr4_fixed1_update(X86_CR4_SMAP, ebx, bit(X86_FEATURE_SMAP)); -- cr4_fixed1_update(X86_CR4_PKE, ecx, bit(X86_FEATURE_PKU)); -- cr4_fixed1_update(X86_CR4_UMIP, ecx, bit(X86_FEATURE_UMIP)); -- cr4_fixed1_update(X86_CR4_LA57, ecx, bit(X86_FEATURE_LA57)); -- --#undef cr4_fixed1_update --} -- --static void nested_vmx_entry_exit_ctls_update(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- if (kvm_mpx_supported()) { -- bool mpx_enabled = guest_cpuid_has(vcpu, X86_FEATURE_MPX); -- -- if (mpx_enabled) { -- vmx->nested.msrs.entry_ctls_high |= VM_ENTRY_LOAD_BNDCFGS; -- vmx->nested.msrs.exit_ctls_high |= VM_EXIT_CLEAR_BNDCFGS; -- } else { -- vmx->nested.msrs.entry_ctls_high &= ~VM_ENTRY_LOAD_BNDCFGS; -- vmx->nested.msrs.exit_ctls_high &= ~VM_EXIT_CLEAR_BNDCFGS; -- } -- } --} -- --static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- struct kvm_cpuid_entry2 *best = NULL; -- int i; -- -- for (i = 0; i < PT_CPUID_LEAVES; i++) { -- best = kvm_find_cpuid_entry(vcpu, 0x14, i); -- if (!best) -- return; -- vmx->pt_desc.caps[CPUID_EAX + i*PT_CPUID_REGS_NUM] = best->eax; -- vmx->pt_desc.caps[CPUID_EBX + i*PT_CPUID_REGS_NUM] = best->ebx; -- vmx->pt_desc.caps[CPUID_ECX + i*PT_CPUID_REGS_NUM] = best->ecx; -- vmx->pt_desc.caps[CPUID_EDX + i*PT_CPUID_REGS_NUM] = best->edx; -- } -- -- /* Get the number of configurable Address Ranges for filtering */ -- vmx->pt_desc.addr_range = intel_pt_validate_cap(vmx->pt_desc.caps, -- PT_CAP_num_address_ranges); -- -- /* Initialize and clear the no dependency bits */ -- vmx->pt_desc.ctl_bitmask = ~(RTIT_CTL_TRACEEN | RTIT_CTL_OS | -- RTIT_CTL_USR | RTIT_CTL_TSC_EN | RTIT_CTL_DISRETC); -- -- /* -- * If CPUID.(EAX=14H,ECX=0):EBX[0]=1 CR3Filter can be set otherwise -- * will inject an #GP -- */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_cr3_filtering)) -- vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_CR3EN; -- -- /* -- * If CPUID.(EAX=14H,ECX=0):EBX[1]=1 CYCEn, CycThresh and -- * PSBFreq can be set -- */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc)) -- vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_CYCLEACC | -- RTIT_CTL_CYC_THRESH | RTIT_CTL_PSB_FREQ); -- -- /* -- * If CPUID.(EAX=14H,ECX=0):EBX[3]=1 MTCEn BranchEn and -- * MTCFreq can be set -- */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc)) -- vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_MTC_EN | -- RTIT_CTL_BRANCH_EN | RTIT_CTL_MTC_RANGE); -- -- /* If CPUID.(EAX=14H,ECX=0):EBX[4]=1 FUPonPTW and PTWEn can be set */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_ptwrite)) -- vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_FUP_ON_PTW | -- RTIT_CTL_PTW_EN); -- -- /* If CPUID.(EAX=14H,ECX=0):EBX[5]=1 PwrEvEn can be set */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_power_event_trace)) -- vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_PWR_EVT_EN; -- -- /* If CPUID.(EAX=14H,ECX=0):ECX[0]=1 ToPA can be set */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_topa_output)) -- vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_TOPA; -- -- /* If CPUID.(EAX=14H,ECX=0):ECX[3]=1 FabircEn can be set */ -- if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_output_subsys)) -- vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_FABRIC_EN; -- -- /* unmask address range configure area */ -- for (i = 0; i < vmx->pt_desc.addr_range; i++) -- vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); --} -- --static void vmx_cpuid_update(struct kvm_vcpu *vcpu) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- /* xsaves_enabled is recomputed in vmx_compute_secondary_exec_control(). */ -- vcpu->arch.xsaves_enabled = false; -- -- if (cpu_has_secondary_exec_ctrls()) { -- vmx_compute_secondary_exec_control(vmx); -- vmcs_set_secondary_exec_control(vmx); -- } -- -- if (nested_vmx_allowed(vcpu)) -- to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |= -- FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX | -- FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; -- else -- to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= -- ~(FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX | -- FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX); -- -- if (nested_vmx_allowed(vcpu)) { -- nested_vmx_cr_fixed1_bits_update(vcpu); -- nested_vmx_entry_exit_ctls_update(vcpu); -- } -- -- if (boot_cpu_has(X86_FEATURE_INTEL_PT) && -- guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT)) -- update_intel_pt_cfg(vcpu); -- -- if (boot_cpu_has(X86_FEATURE_RTM)) { -- struct shared_msr_entry *msr; -- msr = find_msr_entry(vmx, MSR_IA32_TSX_CTRL); -- if (msr) { -- bool enabled = guest_cpuid_has(vcpu, X86_FEATURE_RTM); -- vmx_set_guest_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE); -- } -- } --} -- --static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry) --{ -- if (func == 1 && nested) -- entry->ecx |= bit(X86_FEATURE_VMX); --} -- --static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) --{ -- to_vmx(vcpu)->req_immediate_exit = true; --} -- --static int vmx_check_intercept(struct kvm_vcpu *vcpu, -- struct x86_instruction_info *info, -- enum x86_intercept_stage stage) --{ -- struct vmcs12 *vmcs12 = get_vmcs12(vcpu); -- struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt; -- -- /* -- * RDPID causes #UD if disabled through secondary execution controls. -- * Because it is marked as EmulateOnUD, we need to intercept it here. -- */ -- if (info->intercept == x86_intercept_rdtscp && -- !nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDTSCP)) { -- ctxt->exception.vector = UD_VECTOR; -- ctxt->exception.error_code_valid = false; -- return X86EMUL_PROPAGATE_FAULT; -- } -- -- /* TODO: check more intercepts... */ -- return X86EMUL_CONTINUE; --} -- --#ifdef CONFIG_X86_64 --/* (a << shift) / divisor, return 1 if overflow otherwise 0 */ --static inline int u64_shl_div_u64(u64 a, unsigned int shift, -- u64 divisor, u64 *result) --{ -- u64 low = a << shift, high = a >> (64 - shift); -- -- /* To avoid the overflow on divq */ -- if (high >= divisor) -- return 1; -- -- /* Low hold the result, high hold rem which is discarded */ -- asm("divq %2\n\t" : "=a" (low), "=d" (high) : -- "rm" (divisor), "0" (low), "1" (high)); -- *result = low; -- -- return 0; --} -- --static int vmx_set_hv_timer(struct kvm_vcpu *vcpu, u64 guest_deadline_tsc, -- bool *expired) --{ -- struct vcpu_vmx *vmx; -- u64 tscl, guest_tscl, delta_tsc, lapic_timer_advance_cycles; -- struct kvm_timer *ktimer = &vcpu->arch.apic->lapic_timer; -- -- if (kvm_mwait_in_guest(vcpu->kvm) || -- kvm_can_post_timer_interrupt(vcpu)) -- return -EOPNOTSUPP; -- -- vmx = to_vmx(vcpu); -- tscl = rdtsc(); -- guest_tscl = kvm_read_l1_tsc(vcpu, tscl); -- delta_tsc = max(guest_deadline_tsc, guest_tscl) - guest_tscl; -- lapic_timer_advance_cycles = nsec_to_cycles(vcpu, -- ktimer->timer_advance_ns); -- -- if (delta_tsc > lapic_timer_advance_cycles) -- delta_tsc -= lapic_timer_advance_cycles; -- else -- delta_tsc = 0; -- -- /* Convert to host delta tsc if tsc scaling is enabled */ -- if (vcpu->arch.tsc_scaling_ratio != kvm_default_tsc_scaling_ratio && -- delta_tsc && u64_shl_div_u64(delta_tsc, -- kvm_tsc_scaling_ratio_frac_bits, -- vcpu->arch.tsc_scaling_ratio, &delta_tsc)) -- return -ERANGE; -- -- /* -- * If the delta tsc can't fit in the 32 bit after the multi shift, -- * we can't use the preemption timer. -- * It's possible that it fits on later vmentries, but checking -- * on every vmentry is costly so we just use an hrtimer. -- */ -- if (delta_tsc >> (cpu_preemption_timer_multi + 32)) -- return -ERANGE; -- -- vmx->hv_deadline_tsc = tscl + delta_tsc; -- *expired = !delta_tsc; -- return 0; --} -- --static void vmx_cancel_hv_timer(struct kvm_vcpu *vcpu) --{ -- to_vmx(vcpu)->hv_deadline_tsc = -1; --} --#endif -- --static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu) --{ -- if (!kvm_pause_in_guest(vcpu->kvm)) -- shrink_ple_window(vcpu); --} -- --static void vmx_slot_enable_log_dirty(struct kvm *kvm, -- struct kvm_memory_slot *slot) --{ -- kvm_mmu_slot_leaf_clear_dirty(kvm, slot); -- kvm_mmu_slot_largepage_remove_write_access(kvm, slot); --} -- --static void vmx_slot_disable_log_dirty(struct kvm *kvm, -- struct kvm_memory_slot *slot) --{ -- kvm_mmu_slot_set_dirty(kvm, slot); --} -- --static void vmx_flush_log_dirty(struct kvm *kvm) --{ -- kvm_flush_pml_buffers(kvm); --} -- --static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu) --{ -- struct vmcs12 *vmcs12; -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- gpa_t gpa, dst; -- -- if (is_guest_mode(vcpu)) { -- WARN_ON_ONCE(vmx->nested.pml_full); -- -- /* -- * Check if PML is enabled for the nested guest. -- * Whether eptp bit 6 is set is already checked -- * as part of A/D emulation. -- */ -- vmcs12 = get_vmcs12(vcpu); -- if (!nested_cpu_has_pml(vmcs12)) -- return 0; -- -- if (vmcs12->guest_pml_index >= PML_ENTITY_NUM) { -- vmx->nested.pml_full = true; -- return 1; -- } -- -- gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS) & ~0xFFFull; -- dst = vmcs12->pml_address + sizeof(u64) * vmcs12->guest_pml_index; -- -- if (kvm_write_guest_page(vcpu->kvm, gpa_to_gfn(dst), &gpa, -- offset_in_page(dst), sizeof(gpa))) -- return 0; -- -- vmcs12->guest_pml_index--; -- } -- -- return 0; --} -- --static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm, -- struct kvm_memory_slot *memslot, -- gfn_t offset, unsigned long mask) --{ -- kvm_mmu_clear_dirty_pt_masked(kvm, memslot, offset, mask); --} -- --static void __pi_post_block(struct kvm_vcpu *vcpu) --{ -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- struct pi_desc old, new; -- unsigned int dest; -- -- do { -- old.control = new.control = pi_desc->control; -- WARN(old.nv != POSTED_INTR_WAKEUP_VECTOR, -- "Wakeup handler not enabled while the VCPU is blocked\n"); -- -- dest = cpu_physical_id(vcpu->cpu); -- -- if (x2apic_enabled()) -- new.ndst = dest; -- else -- new.ndst = (dest << 8) & 0xFF00; -- -- /* set 'NV' to 'notification vector' */ -- new.nv = POSTED_INTR_VECTOR; -- } while (cmpxchg64(&pi_desc->control, old.control, -- new.control) != old.control); -- -- if (!WARN_ON_ONCE(vcpu->pre_pcpu == -1)) { -- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -- list_del(&vcpu->blocked_vcpu_list); -- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -- vcpu->pre_pcpu = -1; -- } --} -- --/* -- * This routine does the following things for vCPU which is going -- * to be blocked if VT-d PI is enabled. -- * - Store the vCPU to the wakeup list, so when interrupts happen -- * we can find the right vCPU to wake up. -- * - Change the Posted-interrupt descriptor as below: -- * 'NDST' <-- vcpu->pre_pcpu -- * 'NV' <-- POSTED_INTR_WAKEUP_VECTOR -- * - If 'ON' is set during this process, which means at least one -- * interrupt is posted for this vCPU, we cannot block it, in -- * this case, return 1, otherwise, return 0. -- * -- */ --static int pi_pre_block(struct kvm_vcpu *vcpu) --{ -- unsigned int dest; -- struct pi_desc old, new; -- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); -- -- if (!kvm_arch_has_assigned_device(vcpu->kvm) || -- !irq_remapping_cap(IRQ_POSTING_CAP) || -- !kvm_vcpu_apicv_active(vcpu)) -- return 0; -- -- WARN_ON(irqs_disabled()); -- local_irq_disable(); -- if (!WARN_ON_ONCE(vcpu->pre_pcpu != -1)) { -- vcpu->pre_pcpu = vcpu->cpu; -- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -- list_add_tail(&vcpu->blocked_vcpu_list, -- &per_cpu(blocked_vcpu_on_cpu, -- vcpu->pre_pcpu)); -- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu)); -- } -- -- do { -- old.control = new.control = pi_desc->control; -- -- WARN((pi_desc->sn == 1), -- "Warning: SN field of posted-interrupts " -- "is set before blocking\n"); -- -- /* -- * Since vCPU can be preempted during this process, -- * vcpu->cpu could be different with pre_pcpu, we -- * need to set pre_pcpu as the destination of wakeup -- * notification event, then we can find the right vCPU -- * to wakeup in wakeup handler if interrupts happen -- * when the vCPU is in blocked state. -- */ -- dest = cpu_physical_id(vcpu->pre_pcpu); -- -- if (x2apic_enabled()) -- new.ndst = dest; -- else -- new.ndst = (dest << 8) & 0xFF00; -- -- /* set 'NV' to 'wakeup vector' */ -- new.nv = POSTED_INTR_WAKEUP_VECTOR; -- } while (cmpxchg64(&pi_desc->control, old.control, -- new.control) != old.control); -- -- /* We should not block the vCPU if an interrupt is posted for it. */ -- if (pi_test_on(pi_desc) == 1) -- __pi_post_block(vcpu); -- -- local_irq_enable(); -- return (vcpu->pre_pcpu == -1); --} -- --static int vmx_pre_block(struct kvm_vcpu *vcpu) --{ -- if (pi_pre_block(vcpu)) -- return 1; -- -- if (kvm_lapic_hv_timer_in_use(vcpu)) -- kvm_lapic_switch_to_sw_timer(vcpu); -- -- return 0; --} -- --static void pi_post_block(struct kvm_vcpu *vcpu) --{ -- if (vcpu->pre_pcpu == -1) -- return; -- -- WARN_ON(irqs_disabled()); -- local_irq_disable(); -- __pi_post_block(vcpu); -- local_irq_enable(); --} -- --static void vmx_post_block(struct kvm_vcpu *vcpu) --{ -- if (kvm_x86_ops->set_hv_timer) -- kvm_lapic_switch_to_hv_timer(vcpu); -- -- pi_post_block(vcpu); --} -- --/* -- * vmx_update_pi_irte - set IRTE for Posted-Interrupts -- * -- * @kvm: kvm -- * @host_irq: host irq of the interrupt -- * @guest_irq: gsi of the interrupt -- * @set: set or unset PI -- * returns 0 on success, < 0 on failure -- */ --static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, -- uint32_t guest_irq, bool set) --{ -- struct kvm_kernel_irq_routing_entry *e; -- struct kvm_irq_routing_table *irq_rt; -- struct kvm_lapic_irq irq; -- struct kvm_vcpu *vcpu; -- struct vcpu_data vcpu_info; -- int idx, ret = 0; -- -- if (!kvm_arch_has_assigned_device(kvm) || -- !irq_remapping_cap(IRQ_POSTING_CAP) || -- !kvm_vcpu_apicv_active(kvm->vcpus[0])) -- return 0; -- -- idx = srcu_read_lock(&kvm->irq_srcu); -- irq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu); -- if (guest_irq >= irq_rt->nr_rt_entries || -- hlist_empty(&irq_rt->map[guest_irq])) { -- pr_warn_once("no route for guest_irq %u/%u (broken user space?)\n", -- guest_irq, irq_rt->nr_rt_entries); -- goto out; -- } -- -- hlist_for_each_entry(e, &irq_rt->map[guest_irq], link) { -- if (e->type != KVM_IRQ_ROUTING_MSI) -- continue; -- /* -- * VT-d PI cannot support posting multicast/broadcast -- * interrupts to a vCPU, we still use interrupt remapping -- * for these kind of interrupts. -- * -- * For lowest-priority interrupts, we only support -- * those with single CPU as the destination, e.g. user -- * configures the interrupts via /proc/irq or uses -- * irqbalance to make the interrupts single-CPU. -- * -- * We will support full lowest-priority interrupt later. -- * -- * In addition, we can only inject generic interrupts using -- * the PI mechanism, refuse to route others through it. -- */ -- -- kvm_set_msi_irq(kvm, e, &irq); -- if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) || -- !kvm_irq_is_postable(&irq)) { -- /* -- * Make sure the IRTE is in remapped mode if -- * we don't handle it in posted mode. -- */ -- ret = irq_set_vcpu_affinity(host_irq, NULL); -- if (ret < 0) { -- printk(KERN_INFO -- "failed to back to remapped mode, irq: %u\n", -- host_irq); -- goto out; -- } -- -- continue; -- } -- -- vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); -- vcpu_info.vector = irq.vector; -- -- trace_kvm_pi_irte_update(host_irq, vcpu->vcpu_id, e->gsi, -- vcpu_info.vector, vcpu_info.pi_desc_addr, set); -- -- if (set) -- ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); -- else -- ret = irq_set_vcpu_affinity(host_irq, NULL); -- -- if (ret < 0) { -- printk(KERN_INFO "%s: failed to update PI IRTE\n", -- __func__); -- goto out; -- } -- } -- -- ret = 0; --out: -- srcu_read_unlock(&kvm->irq_srcu, idx); -- return ret; --} -- --static void vmx_setup_mce(struct kvm_vcpu *vcpu) --{ -- if (vcpu->arch.mcg_cap & MCG_LMCE_P) -- to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |= -- FEATURE_CONTROL_LMCE; -- else -- to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= -- ~FEATURE_CONTROL_LMCE; --} -- --static int vmx_smi_allowed(struct kvm_vcpu *vcpu) --{ -- /* we need a nested vmexit to enter SMM, postpone if run is pending */ -- if (to_vmx(vcpu)->nested.nested_run_pending) -- return 0; -- return 1; --} -- --static int vmx_pre_enter_smm(struct kvm_vcpu *vcpu, char *smstate) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- -- vmx->nested.smm.guest_mode = is_guest_mode(vcpu); -- if (vmx->nested.smm.guest_mode) -- nested_vmx_vmexit(vcpu, -1, 0, 0); -- -- vmx->nested.smm.vmxon = vmx->nested.vmxon; -- vmx->nested.vmxon = false; -- vmx_clear_hlt(vcpu); -- return 0; --} -- --static int vmx_pre_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) --{ -- struct vcpu_vmx *vmx = to_vmx(vcpu); -- int ret; -- -- if (vmx->nested.smm.vmxon) { -- vmx->nested.vmxon = true; -- vmx->nested.smm.vmxon = false; -- } -- -- if (vmx->nested.smm.guest_mode) { -- ret = nested_vmx_enter_non_root_mode(vcpu, false); -- if (ret) -- return ret; -- -- vmx->nested.smm.guest_mode = false; -- } -- return 0; --} -- --static int enable_smi_window(struct kvm_vcpu *vcpu) --{ -- return 0; --} -- --static bool vmx_need_emulation_on_page_fault(struct kvm_vcpu *vcpu) --{ -- return false; --} -- --static bool vmx_apic_init_signal_blocked(struct kvm_vcpu *vcpu) --{ -- return to_vmx(vcpu)->nested.vmxon; --} -- --static __init int hardware_setup(void) --{ -- unsigned long host_bndcfgs; -- struct desc_ptr dt; -- int r, i; -- -- rdmsrl_safe(MSR_EFER, &host_efer); -- -- store_idt(&dt); -- host_idt_base = dt.address; -- -- for (i = 0; i < ARRAY_SIZE(vmx_msr_index); ++i) -- kvm_define_shared_msr(i, vmx_msr_index[i]); -- -- if (setup_vmcs_config(&vmcs_config, &vmx_capability) < 0) -- return -EIO; -- -- if (boot_cpu_has(X86_FEATURE_NX)) -- kvm_enable_efer_bits(EFER_NX); -- -- if (boot_cpu_has(X86_FEATURE_MPX)) { -- rdmsrl(MSR_IA32_BNDCFGS, host_bndcfgs); -- WARN_ONCE(host_bndcfgs, "KVM: BNDCFGS in host will be lost"); -- } -- -- if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || -- !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) -- enable_vpid = 0; -- -- if (!cpu_has_vmx_ept() || -- !cpu_has_vmx_ept_4levels() || -- !cpu_has_vmx_ept_mt_wb() || -- !cpu_has_vmx_invept_global()) -- enable_ept = 0; -- -- if (!cpu_has_vmx_ept_ad_bits() || !enable_ept) -- enable_ept_ad_bits = 0; -- -- if (!cpu_has_vmx_unrestricted_guest() || !enable_ept) -- enable_unrestricted_guest = 0; -- -- if (!cpu_has_vmx_flexpriority()) -- flexpriority_enabled = 0; -- -- if (!cpu_has_virtual_nmis()) -- enable_vnmi = 0; -- -- /* -- * set_apic_access_page_addr() is used to reload apic access -- * page upon invalidation. No need to do anything if not -- * using the APIC_ACCESS_ADDR VMCS field. -- */ -- if (!flexpriority_enabled) -- kvm_x86_ops->set_apic_access_page_addr = NULL; -- -- if (!cpu_has_vmx_tpr_shadow()) -- kvm_x86_ops->update_cr8_intercept = NULL; -- -- if (enable_ept && !cpu_has_vmx_ept_2m_page()) -- kvm_disable_largepages(); -- --#if IS_ENABLED(CONFIG_HYPERV) -- if (ms_hyperv.nested_features & HV_X64_NESTED_GUEST_MAPPING_FLUSH -- && enable_ept) { -- kvm_x86_ops->tlb_remote_flush = hv_remote_flush_tlb; -- kvm_x86_ops->tlb_remote_flush_with_range = -- hv_remote_flush_tlb_with_range; -- } --#endif -- -- if (!cpu_has_vmx_ple()) { -- ple_gap = 0; -- ple_window = 0; -- ple_window_grow = 0; -- ple_window_max = 0; -- ple_window_shrink = 0; -- } -- -- if (!cpu_has_vmx_apicv()) { -- enable_apicv = 0; -- kvm_x86_ops->sync_pir_to_irr = NULL; -- } -- -- if (cpu_has_vmx_tsc_scaling()) { -- kvm_has_tsc_control = true; -- kvm_max_tsc_scaling_ratio = KVM_VMX_TSC_MULTIPLIER_MAX; -- kvm_tsc_scaling_ratio_frac_bits = 48; -- } -- -- set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */ -- -- if (enable_ept) -- vmx_enable_tdp(); -- else -- kvm_disable_tdp(); -- -- /* -- * Only enable PML when hardware supports PML feature, and both EPT -- * and EPT A/D bit features are enabled -- PML depends on them to work. -- */ -- if (!enable_ept || !enable_ept_ad_bits || !cpu_has_vmx_pml()) -- enable_pml = 0; -- -- if (!enable_pml) { -- kvm_x86_ops->slot_enable_log_dirty = NULL; -- kvm_x86_ops->slot_disable_log_dirty = NULL; -- kvm_x86_ops->flush_log_dirty = NULL; -- kvm_x86_ops->enable_log_dirty_pt_masked = NULL; -- } -- -- if (!cpu_has_vmx_preemption_timer()) -- enable_preemption_timer = false; -- -- if (enable_preemption_timer) { -- u64 use_timer_freq = 5000ULL * 1000 * 1000; -- u64 vmx_msr; -- -- rdmsrl(MSR_IA32_VMX_MISC, vmx_msr); -- cpu_preemption_timer_multi = -- vmx_msr & VMX_MISC_PREEMPTION_TIMER_RATE_MASK; -- -- if (tsc_khz) -- use_timer_freq = (u64)tsc_khz * 1000; -- use_timer_freq >>= cpu_preemption_timer_multi; -- -- /* -- * KVM "disables" the preemption timer by setting it to its max -- * value. Don't use the timer if it might cause spurious exits -- * at a rate faster than 0.1 Hz (of uninterrupted guest time). -- */ -- if (use_timer_freq > 0xffffffffu / 10) -- enable_preemption_timer = false; -- } -- -- if (!enable_preemption_timer) { -- kvm_x86_ops->set_hv_timer = NULL; -- kvm_x86_ops->cancel_hv_timer = NULL; -- kvm_x86_ops->request_immediate_exit = __kvm_request_immediate_exit; -- } -- -- kvm_set_posted_intr_wakeup_handler(wakeup_handler); -- -- kvm_mce_cap_supported |= MCG_LMCE_P; -- -- if (pt_mode != PT_MODE_SYSTEM && pt_mode != PT_MODE_HOST_GUEST) -- return -EINVAL; -- if (!enable_ept || !cpu_has_vmx_intel_pt()) -- pt_mode = PT_MODE_SYSTEM; -- -- if (nested) { -- nested_vmx_setup_ctls_msrs(&vmcs_config.nested, -- vmx_capability.ept, enable_apicv); -- -- r = nested_vmx_hardware_setup(kvm_vmx_exit_handlers); -- if (r) -- return r; -- } -- -- r = alloc_kvm_area(); -- if (r) -- nested_vmx_hardware_unsetup(); -- return r; --} -- --static __exit void hardware_unsetup(void) --{ -- if (nested) -- nested_vmx_hardware_unsetup(); -- -- free_kvm_area(); --} -- --static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { -- .cpu_has_kvm_support = cpu_has_kvm_support, -- .disabled_by_bios = vmx_disabled_by_bios, -- .hardware_setup = hardware_setup, -- .hardware_unsetup = hardware_unsetup, -- .check_processor_compatibility = vmx_check_processor_compat, -- .hardware_enable = hardware_enable, -- .hardware_disable = hardware_disable, -- .cpu_has_accelerated_tpr = report_flexpriority, -- .has_emulated_msr = vmx_has_emulated_msr, -- -- .vm_init = vmx_vm_init, -- .vm_alloc = vmx_vm_alloc, -- .vm_free = vmx_vm_free, -- -- .vcpu_create = vmx_create_vcpu, -- .vcpu_free = vmx_free_vcpu, -- .vcpu_reset = vmx_vcpu_reset, -- -- .prepare_guest_switch = vmx_prepare_switch_to_guest, -- .vcpu_load = vmx_vcpu_load, -- .vcpu_put = vmx_vcpu_put, -- -- .update_bp_intercept = update_exception_bitmap, -- .get_msr_feature = vmx_get_msr_feature, -- .get_msr = vmx_get_msr, -- .set_msr = vmx_set_msr, -- .get_segment_base = vmx_get_segment_base, -- .get_segment = vmx_get_segment, -- .set_segment = vmx_set_segment, -- .get_cpl = vmx_get_cpl, -- .get_cs_db_l_bits = vmx_get_cs_db_l_bits, -- .decache_cr0_guest_bits = vmx_decache_cr0_guest_bits, -- .decache_cr4_guest_bits = vmx_decache_cr4_guest_bits, -- .set_cr0 = vmx_set_cr0, -- .set_cr3 = vmx_set_cr3, -- .set_cr4 = vmx_set_cr4, -- .set_efer = vmx_set_efer, -- .get_idt = vmx_get_idt, -- .set_idt = vmx_set_idt, -- .get_gdt = vmx_get_gdt, -- .set_gdt = vmx_set_gdt, -- .get_dr6 = vmx_get_dr6, -- .set_dr6 = vmx_set_dr6, -- .set_dr7 = vmx_set_dr7, -- .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, -- .cache_reg = vmx_cache_reg, -- .get_rflags = vmx_get_rflags, -- .set_rflags = vmx_set_rflags, -- -- .tlb_flush = vmx_flush_tlb, -- .tlb_flush_gva = vmx_flush_tlb_gva, -- -- .run = vmx_vcpu_run, -- .handle_exit = vmx_handle_exit, -- .skip_emulated_instruction = skip_emulated_instruction, -- .set_interrupt_shadow = vmx_set_interrupt_shadow, -- .get_interrupt_shadow = vmx_get_interrupt_shadow, -- .patch_hypercall = vmx_patch_hypercall, -- .set_irq = vmx_inject_irq, -- .set_nmi = vmx_inject_nmi, -- .queue_exception = vmx_queue_exception, -- .cancel_injection = vmx_cancel_injection, -- .interrupt_allowed = vmx_interrupt_allowed, -- .nmi_allowed = vmx_nmi_allowed, -- .get_nmi_mask = vmx_get_nmi_mask, -- .set_nmi_mask = vmx_set_nmi_mask, -- .enable_nmi_window = enable_nmi_window, -- .enable_irq_window = enable_irq_window, -- .update_cr8_intercept = update_cr8_intercept, -- .set_virtual_apic_mode = vmx_set_virtual_apic_mode, -- .set_apic_access_page_addr = vmx_set_apic_access_page_addr, -- .get_enable_apicv = vmx_get_enable_apicv, -- .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl, -- .load_eoi_exitmap = vmx_load_eoi_exitmap, -- .apicv_post_state_restore = vmx_apicv_post_state_restore, -- .hwapic_irr_update = vmx_hwapic_irr_update, -- .hwapic_isr_update = vmx_hwapic_isr_update, -- .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, -- .sync_pir_to_irr = vmx_sync_pir_to_irr, -- .deliver_posted_interrupt = vmx_deliver_posted_interrupt, -- .dy_apicv_has_pending_interrupt = vmx_dy_apicv_has_pending_interrupt, -- -- .set_tss_addr = vmx_set_tss_addr, -- .set_identity_map_addr = vmx_set_identity_map_addr, -- .get_tdp_level = get_ept_level, -- .get_mt_mask = vmx_get_mt_mask, -- -- .get_exit_info = vmx_get_exit_info, -- -- .get_lpage_level = vmx_get_lpage_level, -- -- .cpuid_update = vmx_cpuid_update, -- -- .rdtscp_supported = vmx_rdtscp_supported, -- .invpcid_supported = vmx_invpcid_supported, -- -- .set_supported_cpuid = vmx_set_supported_cpuid, -- -- .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit, -- -- .read_l1_tsc_offset = vmx_read_l1_tsc_offset, -- .write_l1_tsc_offset = vmx_write_l1_tsc_offset, -- -- .set_tdp_cr3 = vmx_set_cr3, -- -- .check_intercept = vmx_check_intercept, -- .handle_exit_irqoff = vmx_handle_exit_irqoff, -- .mpx_supported = vmx_mpx_supported, -- .xsaves_supported = vmx_xsaves_supported, -- .umip_emulated = vmx_umip_emulated, -- .pt_supported = vmx_pt_supported, -- -- .request_immediate_exit = vmx_request_immediate_exit, -- -- .sched_in = vmx_sched_in, -- -- .slot_enable_log_dirty = vmx_slot_enable_log_dirty, -- .slot_disable_log_dirty = vmx_slot_disable_log_dirty, -- .flush_log_dirty = vmx_flush_log_dirty, -- .enable_log_dirty_pt_masked = vmx_enable_log_dirty_pt_masked, -- .write_log_dirty = vmx_write_pml_buffer, -- -- .pre_block = vmx_pre_block, -- .post_block = vmx_post_block, -- -- .pmu_ops = &intel_pmu_ops, -- -- .update_pi_irte = vmx_update_pi_irte, -- --#ifdef CONFIG_X86_64 -- .set_hv_timer = vmx_set_hv_timer, -- .cancel_hv_timer = vmx_cancel_hv_timer, --#endif -- -- .setup_mce = vmx_setup_mce, -- -- .smi_allowed = vmx_smi_allowed, -- .pre_enter_smm = vmx_pre_enter_smm, -- .pre_leave_smm = vmx_pre_leave_smm, -- .enable_smi_window = enable_smi_window, -- -- .check_nested_events = NULL, -- .get_nested_state = NULL, -- .set_nested_state = NULL, -- .get_vmcs12_pages = NULL, -- .nested_enable_evmcs = NULL, -- .nested_get_evmcs_version = NULL, -- .need_emulation_on_page_fault = vmx_need_emulation_on_page_fault, -- .apic_init_signal_blocked = vmx_apic_init_signal_blocked, --}; -- --static void vmx_cleanup_l1d_flush(void) --{ -- if (vmx_l1d_flush_pages) { -- free_pages((unsigned long)vmx_l1d_flush_pages, L1D_CACHE_ORDER); -- vmx_l1d_flush_pages = NULL; -- } -- /* Restore state so sysfs ignores VMX */ -- l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; --} -- --static void vmx_exit(void) --{ --#ifdef CONFIG_KEXEC_CORE -- RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL); -- synchronize_rcu(); --#endif -- -- kvm_exit(); -- --#if IS_ENABLED(CONFIG_HYPERV) -- if (static_branch_unlikely(&enable_evmcs)) { -- int cpu; -- struct hv_vp_assist_page *vp_ap; -- /* -- * Reset everything to support using non-enlightened VMCS -- * access later (e.g. when we reload the module with -- * enlightened_vmcs=0) -- */ -- for_each_online_cpu(cpu) { -- vp_ap = hv_get_vp_assist_page(cpu); -- -- if (!vp_ap) -- continue; -- -- vp_ap->nested_control.features.directhypercall = 0; -- vp_ap->current_nested_vmcs = 0; -- vp_ap->enlighten_vmentry = 0; -- } -- -- static_branch_disable(&enable_evmcs); -- } --#endif -- vmx_cleanup_l1d_flush(); --} --module_exit(vmx_exit); -- --static int __init vmx_init(void) --{ -- int r; -- --#if IS_ENABLED(CONFIG_HYPERV) -- /* -- * Enlightened VMCS usage should be recommended and the host needs -- * to support eVMCS v1 or above. We can also disable eVMCS support -- * with module parameter. -- */ -- if (enlightened_vmcs && -- ms_hyperv.hints & HV_X64_ENLIGHTENED_VMCS_RECOMMENDED && -- (ms_hyperv.nested_features & HV_X64_ENLIGHTENED_VMCS_VERSION) >= -- KVM_EVMCS_VERSION) { -- int cpu; -- -- /* Check that we have assist pages on all online CPUs */ -- for_each_online_cpu(cpu) { -- if (!hv_get_vp_assist_page(cpu)) { -- enlightened_vmcs = false; -- break; -- } -- } -- -- if (enlightened_vmcs) { -- pr_info("KVM: vmx: using Hyper-V Enlightened VMCS\n"); -- static_branch_enable(&enable_evmcs); -- } -- -- if (ms_hyperv.nested_features & HV_X64_NESTED_DIRECT_FLUSH) -- vmx_x86_ops.enable_direct_tlbflush -- = hv_enable_direct_tlbflush; -- -- } else { -- enlightened_vmcs = false; -- } --#endif -- -- r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), -- __alignof__(struct vcpu_vmx), THIS_MODULE); -- if (r) -- return r; -- -- /* -- * Must be called after kvm_init() so enable_ept is properly set -- * up. Hand the parameter mitigation value in which was stored in -- * the pre module init parser. If no parameter was given, it will -- * contain 'auto' which will be turned into the default 'cond' -- * mitigation mode. -- */ -- r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); -- if (r) { -- vmx_exit(); -- return r; -- } -- --#ifdef CONFIG_KEXEC_CORE -- rcu_assign_pointer(crash_vmclear_loaded_vmcss, -- crash_vmclear_local_loaded_vmcss); --#endif -- vmx_check_vmcs12_offsets(); -- -- return 0; --} --module_init(vmx_init); -diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt -index 0a0e9112f284..5cb9f009f2be 100644 ---- a/arch/x86/lib/x86-opcode-map.txt -+++ b/arch/x86/lib/x86-opcode-map.txt -@@ -909,7 +909,7 @@ EndTable - - GrpTable: Grp3_2 - 0: TEST Ev,Iz --1: -+1: TEST Ev,Iz - 2: NOT Ev - 3: NEG Ev - 4: MUL rAX,Ev -diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index 835620ab435f..eaee1a7ed0b5 100644 ---- a/arch/x86/mm/pageattr.c -+++ b/arch/x86/mm/pageattr.c -@@ -2077,19 +2077,13 @@ int kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address, - .pgd = pgd, - .numpages = numpages, - .mask_set = __pgprot(0), -- .mask_clr = __pgprot(0), -+ .mask_clr = __pgprot(~page_flags & (_PAGE_NX|_PAGE_RW)), - .flags = 0, - }; - - if (!(__supported_pte_mask & _PAGE_NX)) - goto out; - -- if (!(page_flags & _PAGE_NX)) -- cpa.mask_clr = __pgprot(_PAGE_NX); -- -- if (!(page_flags & _PAGE_RW)) -- cpa.mask_clr = __pgprot(_PAGE_RW); -- - if (!(page_flags & _PAGE_ENC)) - cpa.mask_clr = pgprot_encrypted(cpa.mask_clr); - -diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c -index 335a62e74a2e..e7f19dec16b9 100644 ---- a/arch/x86/platform/efi/efi.c -+++ b/arch/x86/platform/efi/efi.c -@@ -480,7 +480,6 @@ void __init efi_init(void) - efi_char16_t *c16; - char vendor[100] = "unknown"; - int i = 0; -- void *tmp; - - #ifdef CONFIG_X86_32 - if (boot_params.efi_info.efi_systab_hi || -@@ -505,14 +504,16 @@ void __init efi_init(void) - /* - * Show what we know for posterity - */ -- c16 = tmp = early_memremap(efi.systab->fw_vendor, 2); -+ c16 = early_memremap_ro(efi.systab->fw_vendor, -+ sizeof(vendor) * sizeof(efi_char16_t)); - if (c16) { -- for (i = 0; i < sizeof(vendor) - 1 && *c16; ++i) -- vendor[i] = *c16++; -+ for (i = 0; i < sizeof(vendor) - 1 && c16[i]; ++i) -+ vendor[i] = c16[i]; - vendor[i] = '\0'; -- } else -+ early_memunmap(c16, sizeof(vendor) * sizeof(efi_char16_t)); -+ } else { - pr_err("Could not map the firmware vendor!\n"); -- early_memunmap(tmp, 2); -+ } - - pr_info("EFI v%u.%.02u by %s\n", - efi.systab->hdr.revision >> 16, -@@ -929,16 +930,14 @@ static void __init __efi_enter_virtual_mode(void) - - if (efi_alloc_page_tables()) { - pr_err("Failed to allocate EFI page tables\n"); -- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); -- return; -+ goto err; - } - - efi_merge_regions(); - new_memmap = efi_map_regions(&count, &pg_shift); - if (!new_memmap) { - pr_err("Error reallocating memory, EFI runtime non-functional!\n"); -- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); -- return; -+ goto err; - } - - pa = __pa(new_memmap); -@@ -952,8 +951,7 @@ static void __init __efi_enter_virtual_mode(void) - - if (efi_memmap_init_late(pa, efi.memmap.desc_size * count)) { - pr_err("Failed to remap late EFI memory map\n"); -- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); -- return; -+ goto err; - } - - if (efi_enabled(EFI_DBG)) { -@@ -961,12 +959,11 @@ static void __init __efi_enter_virtual_mode(void) - efi_print_memmap(); - } - -- BUG_ON(!efi.systab); -+ if (WARN_ON(!efi.systab)) -+ goto err; - -- if (efi_setup_page_tables(pa, 1 << pg_shift)) { -- clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); -- return; -- } -+ if (efi_setup_page_tables(pa, 1 << pg_shift)) -+ goto err; - - efi_sync_low_kernel_mappings(); - -@@ -986,9 +983,9 @@ static void __init __efi_enter_virtual_mode(void) - } - - if (status != EFI_SUCCESS) { -- pr_alert("Unable to switch EFI into virtual mode (status=%lx)!\n", -- status); -- panic("EFI call to SetVirtualAddressMap() failed!"); -+ pr_err("Unable to switch EFI into virtual mode (status=%lx)!\n", -+ status); -+ goto err; - } - - /* -@@ -1015,6 +1012,10 @@ static void __init __efi_enter_virtual_mode(void) - - /* clean DUMMY object */ - efi_delete_dummy_variable(); -+ return; -+ -+err: -+ clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); - } - - void __init efi_enter_virtual_mode(void) -diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index ae369c2bbc3e..0ebb7f94fd51 100644 ---- a/arch/x86/platform/efi/efi_64.c -+++ b/arch/x86/platform/efi/efi_64.c -@@ -390,11 +390,12 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) - return 0; - - page = alloc_page(GFP_KERNEL|__GFP_DMA32); -- if (!page) -- panic("Unable to allocate EFI runtime stack < 4GB\n"); -+ if (!page) { -+ pr_err("Unable to allocate EFI runtime stack < 4GB\n"); -+ return 1; -+ } - -- efi_scratch.phys_stack = virt_to_phys(page_address(page)); -- efi_scratch.phys_stack += PAGE_SIZE; /* stack grows down */ -+ efi_scratch.phys_stack = page_to_phys(page + 1); /* stack grows down */ - - npages = (_etext - _text) >> PAGE_SHIFT; - text = __pa(_text); -diff --git a/drivers/acpi/acpica/dsfield.c b/drivers/acpi/acpica/dsfield.c -index 7bcf5f5ea029..8df4a49a99a6 100644 ---- a/drivers/acpi/acpica/dsfield.c -+++ b/drivers/acpi/acpica/dsfield.c -@@ -273,7 +273,7 @@ cleanup: - * FUNCTION: acpi_ds_get_field_names - * - * PARAMETERS: info - create_field info structure -- * ` walk_state - Current method state -+ * walk_state - Current method state - * arg - First parser arg for the field name list - * - * RETURN: Status -diff --git a/drivers/acpi/acpica/dswload.c b/drivers/acpi/acpica/dswload.c -index eaa859a89702..1d82e1419397 100644 ---- a/drivers/acpi/acpica/dswload.c -+++ b/drivers/acpi/acpica/dswload.c -@@ -444,6 +444,27 @@ acpi_status acpi_ds_load1_end_op(struct acpi_walk_state *walk_state) - ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH, "Op=%p State=%p\n", op, - walk_state)); - -+ /* -+ * Disassembler: handle create field operators here. -+ * -+ * create_buffer_field is a deferred op that is typically processed in load -+ * pass 2. However, disassembly of control method contents walk the parse -+ * tree with ACPI_PARSE_LOAD_PASS1 and AML_CREATE operators are processed -+ * in a later walk. This is a problem when there is a control method that -+ * has the same name as the AML_CREATE object. In this case, any use of the -+ * name segment will be detected as a method call rather than a reference -+ * to a buffer field. -+ * -+ * This earlier creation during disassembly solves this issue by inserting -+ * the named object in the ACPI namespace so that references to this name -+ * would be a name string rather than a method call. -+ */ -+ if ((walk_state->parse_flags & ACPI_PARSE_DISASSEMBLE) && -+ (walk_state->op_info->flags & AML_CREATE)) { -+ status = acpi_ds_create_buffer_field(op, walk_state); -+ return_ACPI_STATUS(status); -+ } -+ - /* We are only interested in opcodes that have an associated name */ - - if (!(walk_state->op_info->flags & (AML_NAMED | AML_FIELD))) { -diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c -index f003e301723a..0905c07b8c7e 100644 ---- a/drivers/ata/ahci.c -+++ b/drivers/ata/ahci.c -@@ -88,6 +88,7 @@ enum board_ids { - - static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); - static void ahci_remove_one(struct pci_dev *dev); -+static void ahci_shutdown_one(struct pci_dev *dev); - static int ahci_vt8251_hardreset(struct ata_link *link, unsigned int *class, - unsigned long deadline); - static int ahci_avn_hardreset(struct ata_link *link, unsigned int *class, -@@ -586,6 +587,7 @@ static struct pci_driver ahci_pci_driver = { - .id_table = ahci_pci_tbl, - .probe = ahci_init_one, - .remove = ahci_remove_one, -+ .shutdown = ahci_shutdown_one, - .driver = { - .pm = &ahci_pci_pm_ops, - }, -@@ -1823,6 +1825,11 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) - return 0; - } - -+static void ahci_shutdown_one(struct pci_dev *pdev) -+{ -+ ata_pci_shutdown_one(pdev); -+} -+ - static void ahci_remove_one(struct pci_dev *pdev) - { - pm_runtime_get_noresume(&pdev->dev); -diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 08f67c109429..33eb5e342a7a 100644 ---- a/drivers/ata/libata-core.c -+++ b/drivers/ata/libata-core.c -@@ -6706,6 +6706,26 @@ void ata_pci_remove_one(struct pci_dev *pdev) - ata_host_detach(host); - } - -+void ata_pci_shutdown_one(struct pci_dev *pdev) -+{ -+ struct ata_host *host = pci_get_drvdata(pdev); -+ int i; -+ -+ for (i = 0; i < host->n_ports; i++) { -+ struct ata_port *ap = host->ports[i]; -+ -+ ap->pflags |= ATA_PFLAG_FROZEN; -+ -+ /* Disable port interrupts */ -+ if (ap->ops->freeze) -+ ap->ops->freeze(ap); -+ -+ /* Stop the port DMA engines */ -+ if (ap->ops->port_stop) -+ ap->ops->port_stop(ap); -+ } -+} -+ - /* move to PCI subsystem */ - int pci_test_config_bits(struct pci_dev *pdev, const struct pci_bits *bits) - { -@@ -7326,6 +7346,7 @@ EXPORT_SYMBOL_GPL(ata_timing_cycle2mode); - - #ifdef CONFIG_PCI - EXPORT_SYMBOL_GPL(pci_test_config_bits); -+EXPORT_SYMBOL_GPL(ata_pci_shutdown_one); - EXPORT_SYMBOL_GPL(ata_pci_remove_one); - #ifdef CONFIG_PM - EXPORT_SYMBOL_GPL(ata_pci_device_do_suspend); -diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c -index f8b7e86907cc..0a1ad1a1d34f 100644 ---- a/drivers/atm/fore200e.c -+++ b/drivers/atm/fore200e.c -@@ -1496,12 +1496,14 @@ fore200e_open(struct atm_vcc *vcc) - static void - fore200e_close(struct atm_vcc* vcc) - { -- struct fore200e* fore200e = FORE200E_DEV(vcc->dev); - struct fore200e_vcc* fore200e_vcc; -+ struct fore200e* fore200e; - struct fore200e_vc_map* vc_map; - unsigned long flags; - - ASSERT(vcc); -+ fore200e = FORE200E_DEV(vcc->dev); -+ - ASSERT((vcc->vpi >= 0) && (vcc->vpi < 1<vci >= 0) && (vcc->vci < 1<dev); -- struct fore200e_vcc* fore200e_vcc = FORE200E_VCC(vcc); -+ struct fore200e* fore200e; -+ struct fore200e_vcc* fore200e_vcc; - struct fore200e_vc_map* vc_map; -- struct host_txq* txq = &fore200e->host_txq; -+ struct host_txq* txq; - struct host_txq_entry* entry; - struct tpd* tpd; - struct tpd_haddr tpd_haddr; -@@ -1562,9 +1564,18 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) - unsigned char* data; - unsigned long flags; - -- ASSERT(vcc); -- ASSERT(fore200e); -- ASSERT(fore200e_vcc); -+ if (!vcc) -+ return -EINVAL; -+ -+ fore200e = FORE200E_DEV(vcc->dev); -+ fore200e_vcc = FORE200E_VCC(vcc); -+ -+ if (!fore200e) -+ return -EINVAL; -+ -+ txq = &fore200e->host_txq; -+ if (!fore200e_vcc) -+ return -EINVAL; - - if (!test_bit(ATM_VF_READY, &vcc->flags)) { - DPRINTK(1, "VC %d.%d.%d not ready for tx\n", vcc->itf, vcc->vpi, vcc->vpi); -diff --git a/drivers/base/dd.c b/drivers/base/dd.c -index 536c9ac3b848..aa1a2d32360f 100644 ---- a/drivers/base/dd.c -+++ b/drivers/base/dd.c -@@ -375,7 +375,10 @@ static int really_probe(struct device *dev, struct device_driver *drv) - atomic_inc(&probe_count); - pr_debug("bus: '%s': %s: probing driver %s with device %s\n", - drv->bus->name, __func__, drv->name, dev_name(dev)); -- WARN_ON(!list_empty(&dev->devres_head)); -+ if (!list_empty(&dev->devres_head)) { -+ dev_crit(dev, "Resources present before probing\n"); -+ return -EBUSY; -+ } - - re_probe: - dev->driver = drv; -diff --git a/drivers/base/platform.c b/drivers/base/platform.c -index f1105de0d9fe..bcb6519fe211 100644 ---- a/drivers/base/platform.c -+++ b/drivers/base/platform.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include "base.h" - #include "power/power.h" -@@ -68,7 +69,7 @@ void __weak arch_setup_pdev_archdata(struct platform_device *pdev) - struct resource *platform_get_resource(struct platform_device *dev, - unsigned int type, unsigned int num) - { -- int i; -+ u32 i; - - for (i = 0; i < dev->num_resources; i++) { - struct resource *r = &dev->resource[i]; -@@ -163,7 +164,7 @@ struct resource *platform_get_resource_byname(struct platform_device *dev, - unsigned int type, - const char *name) - { -- int i; -+ u32 i; - - for (i = 0; i < dev->num_resources; i++) { - struct resource *r = &dev->resource[i]; -@@ -360,7 +361,8 @@ EXPORT_SYMBOL_GPL(platform_device_add_properties); - */ - int platform_device_add(struct platform_device *pdev) - { -- int i, ret; -+ u32 i; -+ int ret; - - if (!pdev) - return -EINVAL; -@@ -426,7 +428,7 @@ int platform_device_add(struct platform_device *pdev) - pdev->id = PLATFORM_DEVID_AUTO; - } - -- while (--i >= 0) { -+ while (i--) { - struct resource *r = &pdev->resource[i]; - if (r->parent) - release_resource(r); -@@ -447,7 +449,7 @@ EXPORT_SYMBOL_GPL(platform_device_add); - */ - void platform_device_del(struct platform_device *pdev) - { -- int i; -+ u32 i; - - if (pdev) { - device_remove_properties(&pdev->dev); -diff --git a/drivers/block/brd.c b/drivers/block/brd.c -index 2d7178f7754e..0129b1921cb3 100644 ---- a/drivers/block/brd.c -+++ b/drivers/block/brd.c -@@ -529,6 +529,25 @@ static struct kobject *brd_probe(dev_t dev, int *part, void *data) - return kobj; - } - -+static inline void brd_check_and_reset_par(void) -+{ -+ if (unlikely(!max_part)) -+ max_part = 1; -+ -+ /* -+ * make sure 'max_part' can be divided exactly by (1U << MINORBITS), -+ * otherwise, it is possiable to get same dev_t when adding partitions. -+ */ -+ if ((1U << MINORBITS) % max_part != 0) -+ max_part = 1UL << fls(max_part); -+ -+ if (max_part > DISK_MAX_PARTS) { -+ pr_info("brd: max_part can't be larger than %d, reset max_part = %d.\n", -+ DISK_MAX_PARTS, DISK_MAX_PARTS); -+ max_part = DISK_MAX_PARTS; -+ } -+} -+ - static int __init brd_init(void) - { - struct brd_device *brd, *next; -@@ -552,8 +571,7 @@ static int __init brd_init(void) - if (register_blkdev(RAMDISK_MAJOR, "ramdisk")) - return -EIO; - -- if (unlikely(!max_part)) -- max_part = 1; -+ brd_check_and_reset_par(); - - for (i = 0; i < rd_nr; i++) { - brd = brd_alloc(i); -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c -index 5f1aa3197244..cbf74731cfce 100644 ---- a/drivers/block/floppy.c -+++ b/drivers/block/floppy.c -@@ -848,14 +848,17 @@ static void reset_fdc_info(int mode) - /* selects the fdc and drive, and enables the fdc's input/dma. */ - static void set_fdc(int drive) - { -+ unsigned int new_fdc = fdc; -+ - if (drive >= 0 && drive < N_DRIVE) { -- fdc = FDC(drive); -+ new_fdc = FDC(drive); - current_drive = drive; - } -- if (fdc != 1 && fdc != 0) { -+ if (new_fdc >= N_FDC) { - pr_info("bad fdc value\n"); - return; - } -+ fdc = new_fdc; - set_dor(fdc, ~0, 8); - #if N_FDC > 1 - set_dor(1 - fdc, ~8, 0); -diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c -index 4c661ad91e7d..8f56e6b2f114 100644 ---- a/drivers/block/nbd.c -+++ b/drivers/block/nbd.c -@@ -1203,6 +1203,16 @@ static int nbd_start_device(struct nbd_device *nbd) - args = kzalloc(sizeof(*args), GFP_KERNEL); - if (!args) { - sock_shutdown(nbd); -+ /* -+ * If num_connections is m (2 < m), -+ * and NO.1 ~ NO.n(1 < n < m) kzallocs are successful. -+ * But NO.(n + 1) failed. We still have n recv threads. -+ * So, add flush_workqueue here to prevent recv threads -+ * dropping the last config_refs and trying to destroy -+ * the workqueue from inside the workqueue. -+ */ -+ if (i) -+ flush_workqueue(nbd->recv_workq); - return -ENOMEM; - } - sk_set_memalloc(config->socks[i]->sock->sk); -diff --git a/drivers/char/random.c b/drivers/char/random.c -index e6efa07e9f9e..50d5846acf48 100644 ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -1598,8 +1598,9 @@ static void _warn_unseeded_randomness(const char *func_name, void *caller, - print_once = true; - #endif - if (__ratelimit(&unseeded_warning)) -- pr_notice("random: %s called from %pS with crng_init=%d\n", -- func_name, caller, crng_init); -+ printk_deferred(KERN_NOTICE "random: %s called from %pS " -+ "with crng_init=%d\n", func_name, caller, -+ crng_init); - } - - /* -diff --git a/drivers/clk/qcom/clk-rcg2.c b/drivers/clk/qcom/clk-rcg2.c -index a93439242565..d3953ea69fda 100644 ---- a/drivers/clk/qcom/clk-rcg2.c -+++ b/drivers/clk/qcom/clk-rcg2.c -@@ -210,6 +210,9 @@ static int _freq_tbl_determine_rate(struct clk_hw *hw, const struct freq_tbl *f, - - clk_flags = clk_hw_get_flags(hw); - p = clk_hw_get_parent_by_index(hw, index); -+ if (!p) -+ return -EINVAL; -+ - if (clk_flags & CLK_SET_RATE_PARENT) { - if (f->pre_div) { - if (!rate) -diff --git a/drivers/clk/sunxi-ng/ccu-sun50i-a64.c b/drivers/clk/sunxi-ng/ccu-sun50i-a64.c -index eaafc038368f..183985c8c9ba 100644 ---- a/drivers/clk/sunxi-ng/ccu-sun50i-a64.c -+++ b/drivers/clk/sunxi-ng/ccu-sun50i-a64.c -@@ -884,11 +884,26 @@ static const struct sunxi_ccu_desc sun50i_a64_ccu_desc = { - .num_resets = ARRAY_SIZE(sun50i_a64_ccu_resets), - }; - -+static struct ccu_pll_nb sun50i_a64_pll_cpu_nb = { -+ .common = &pll_cpux_clk.common, -+ /* copy from pll_cpux_clk */ -+ .enable = BIT(31), -+ .lock = BIT(28), -+}; -+ -+static struct ccu_mux_nb sun50i_a64_cpu_nb = { -+ .common = &cpux_clk.common, -+ .cm = &cpux_clk.mux, -+ .delay_us = 1, /* > 8 clock cycles at 24 MHz */ -+ .bypass_index = 1, /* index of 24 MHz oscillator */ -+}; -+ - static int sun50i_a64_ccu_probe(struct platform_device *pdev) - { - struct resource *res; - void __iomem *reg; - u32 val; -+ int ret; - - res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - reg = devm_ioremap_resource(&pdev->dev, res); -@@ -902,7 +917,18 @@ static int sun50i_a64_ccu_probe(struct platform_device *pdev) - - writel(0x515, reg + SUN50I_A64_PLL_MIPI_REG); - -- return sunxi_ccu_probe(pdev->dev.of_node, reg, &sun50i_a64_ccu_desc); -+ ret = sunxi_ccu_probe(pdev->dev.of_node, reg, &sun50i_a64_ccu_desc); -+ if (ret) -+ return ret; -+ -+ /* Gate then ungate PLL CPU after any rate changes */ -+ ccu_pll_notifier_register(&sun50i_a64_pll_cpu_nb); -+ -+ /* Reparent CPU during PLL CPU rate changes */ -+ ccu_mux_notifier_register(pll_cpux_clk.common.hw.clk, -+ &sun50i_a64_cpu_nb); -+ -+ return 0; - } - - static const struct of_device_id sun50i_a64_ccu_ids[] = { -diff --git a/drivers/clocksource/bcm2835_timer.c b/drivers/clocksource/bcm2835_timer.c -index 39e489a96ad7..8894cfc32be0 100644 ---- a/drivers/clocksource/bcm2835_timer.c -+++ b/drivers/clocksource/bcm2835_timer.c -@@ -134,7 +134,7 @@ static int __init bcm2835_timer_init(struct device_node *node) - ret = setup_irq(irq, &timer->act); - if (ret) { - pr_err("Can't set up timer IRQ\n"); -- goto err_iounmap; -+ goto err_timer_free; - } - - clockevents_config_and_register(&timer->evt, freq, 0xf, 0xffffffff); -@@ -143,6 +143,9 @@ static int __init bcm2835_timer_init(struct device_node *node) - - return 0; - -+err_timer_free: -+ kfree(timer); -+ - err_iounmap: - iounmap(base); - return ret; -diff --git a/drivers/devfreq/Kconfig b/drivers/devfreq/Kconfig -index 6a172d338f6d..4c4ec68b0566 100644 ---- a/drivers/devfreq/Kconfig -+++ b/drivers/devfreq/Kconfig -@@ -103,7 +103,8 @@ config ARM_TEGRA_DEVFREQ - - config ARM_RK3399_DMC_DEVFREQ - tristate "ARM RK3399 DMC DEVFREQ Driver" -- depends on ARCH_ROCKCHIP -+ depends on (ARCH_ROCKCHIP && HAVE_ARM_SMCCC) || \ -+ (COMPILE_TEST && HAVE_ARM_SMCCC) - select DEVFREQ_EVENT_ROCKCHIP_DFI - select DEVFREQ_GOV_SIMPLE_ONDEMAND - select PM_DEVFREQ_EVENT -diff --git a/drivers/devfreq/event/Kconfig b/drivers/devfreq/event/Kconfig -index cd949800eed9..8851bc4e8e3e 100644 ---- a/drivers/devfreq/event/Kconfig -+++ b/drivers/devfreq/event/Kconfig -@@ -33,7 +33,7 @@ config DEVFREQ_EVENT_EXYNOS_PPMU - - config DEVFREQ_EVENT_ROCKCHIP_DFI - tristate "ROCKCHIP DFI DEVFREQ event Driver" -- depends on ARCH_ROCKCHIP -+ depends on ARCH_ROCKCHIP || COMPILE_TEST - help - This add the devfreq-event driver for Rockchip SoC. It provides DFI - (DDR Monitor Module) driver to count ddr load. -diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c -index b451354735d3..faaaf10311ec 100644 ---- a/drivers/dma/dmaengine.c -+++ b/drivers/dma/dmaengine.c -@@ -192,7 +192,7 @@ __dma_device_satisfies_mask(struct dma_device *device, - - static struct module *dma_chan_to_owner(struct dma_chan *chan) - { -- return chan->device->dev->driver->owner; -+ return chan->device->owner; - } - - /** -@@ -928,6 +928,8 @@ int dma_async_device_register(struct dma_device *device) - return -EIO; - } - -+ device->owner = device->dev->driver->owner; -+ - if (dma_has_cap(DMA_MEMCPY, device->cap_mask) && !device->device_prep_dma_memcpy) { - dev_err(device->dev, - "Device claims capability %s, but op is not defined\n", -diff --git a/drivers/gpio/gpio-grgpio.c b/drivers/gpio/gpio-grgpio.c -index 6544a16ab02e..7541bd327e6c 100644 ---- a/drivers/gpio/gpio-grgpio.c -+++ b/drivers/gpio/gpio-grgpio.c -@@ -259,17 +259,16 @@ static int grgpio_irq_map(struct irq_domain *d, unsigned int irq, - lirq->irq = irq; - uirq = &priv->uirqs[lirq->index]; - if (uirq->refcnt == 0) { -+ spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); - ret = request_irq(uirq->uirq, grgpio_irq_handler, 0, - dev_name(priv->dev), priv); - if (ret) { - dev_err(priv->dev, - "Could not request underlying irq %d\n", - uirq->uirq); -- -- spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); -- - return ret; - } -+ spin_lock_irqsave(&priv->gc.bgpio_lock, flags); - } - uirq->refcnt++; - -@@ -315,8 +314,11 @@ static void grgpio_irq_unmap(struct irq_domain *d, unsigned int irq) - if (index >= 0) { - uirq = &priv->uirqs[lirq->index]; - uirq->refcnt--; -- if (uirq->refcnt == 0) -+ if (uirq->refcnt == 0) { -+ spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); - free_irq(uirq->uirq, priv); -+ return; -+ } - } - - spin_unlock_irqrestore(&priv->gc.bgpio_lock, flags); -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c -index cc4e18dcd8b6..4779740421a8 100644 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c -@@ -336,17 +336,9 @@ bool amdgpu_atombios_get_connector_info_from_object_table(struct amdgpu_device * - path_size += le16_to_cpu(path->usSize); - - if (device_support & le16_to_cpu(path->usDeviceTag)) { -- uint8_t con_obj_id, con_obj_num, con_obj_type; -- -- con_obj_id = -+ uint8_t con_obj_id = - (le16_to_cpu(path->usConnObjectId) & OBJECT_ID_MASK) - >> OBJECT_ID_SHIFT; -- con_obj_num = -- (le16_to_cpu(path->usConnObjectId) & ENUM_ID_MASK) -- >> ENUM_ID_SHIFT; -- con_obj_type = -- (le16_to_cpu(path->usConnObjectId) & -- OBJECT_TYPE_MASK) >> OBJECT_TYPE_SHIFT; - - /* Skip TV/CV support */ - if ((le16_to_cpu(path->usDeviceTag) == -@@ -371,14 +363,7 @@ bool amdgpu_atombios_get_connector_info_from_object_table(struct amdgpu_device * - router.ddc_valid = false; - router.cd_valid = false; - for (j = 0; j < ((le16_to_cpu(path->usSize) - 8) / 2); j++) { -- uint8_t grph_obj_id, grph_obj_num, grph_obj_type; -- -- grph_obj_id = -- (le16_to_cpu(path->usGraphicObjIds[j]) & -- OBJECT_ID_MASK) >> OBJECT_ID_SHIFT; -- grph_obj_num = -- (le16_to_cpu(path->usGraphicObjIds[j]) & -- ENUM_ID_MASK) >> ENUM_ID_SHIFT; -+ uint8_t grph_obj_type= - grph_obj_type = - (le16_to_cpu(path->usGraphicObjIds[j]) & - OBJECT_TYPE_MASK) >> OBJECT_TYPE_SHIFT; -diff --git a/drivers/gpu/drm/amd/amdgpu/soc15.c b/drivers/gpu/drm/amd/amdgpu/soc15.c -index ff7d4827385e..7a2366bd1fba 100644 ---- a/drivers/gpu/drm/amd/amdgpu/soc15.c -+++ b/drivers/gpu/drm/amd/amdgpu/soc15.c -@@ -279,7 +279,12 @@ static void soc15_init_golden_registers(struct amdgpu_device *adev) - } - static u32 soc15_get_xclk(struct amdgpu_device *adev) - { -- return adev->clock.spll.reference_freq; -+ u32 reference_clock = adev->clock.spll.reference_freq; -+ -+ if (adev->asic_type == CHIP_RAVEN) -+ return reference_clock / 4; -+ -+ return reference_clock; - } - - -diff --git a/drivers/gpu/drm/drm_debugfs_crc.c b/drivers/gpu/drm/drm_debugfs_crc.c -index 2901b7944068..6858c80d2eb5 100644 ---- a/drivers/gpu/drm/drm_debugfs_crc.c -+++ b/drivers/gpu/drm/drm_debugfs_crc.c -@@ -101,8 +101,8 @@ static ssize_t crc_control_write(struct file *file, const char __user *ubuf, - if (IS_ERR(source)) - return PTR_ERR(source); - -- if (source[len] == '\n') -- source[len] = '\0'; -+ if (source[len - 1] == '\n') -+ source[len - 1] = '\0'; - - spin_lock_irq(&crc->lock); - -diff --git a/drivers/gpu/drm/gma500/framebuffer.c b/drivers/gpu/drm/gma500/framebuffer.c -index 2570c7f647a6..883fc45870dd 100644 ---- a/drivers/gpu/drm/gma500/framebuffer.c -+++ b/drivers/gpu/drm/gma500/framebuffer.c -@@ -486,6 +486,7 @@ static int psbfb_probe(struct drm_fb_helper *helper, - container_of(helper, struct psb_fbdev, psb_fb_helper); - struct drm_device *dev = psb_fbdev->psb_fb_helper.dev; - struct drm_psb_private *dev_priv = dev->dev_private; -+ unsigned int fb_size; - int bytespp; - - bytespp = sizes->surface_bpp / 8; -@@ -495,8 +496,11 @@ static int psbfb_probe(struct drm_fb_helper *helper, - /* If the mode will not fit in 32bit then switch to 16bit to get - a console on full resolution. The X mode setting server will - allocate its own 32bit GEM framebuffer */ -- if (ALIGN(sizes->fb_width * bytespp, 64) * sizes->fb_height > -- dev_priv->vram_stolen_size) { -+ fb_size = ALIGN(sizes->surface_width * bytespp, 64) * -+ sizes->surface_height; -+ fb_size = ALIGN(fb_size, PAGE_SIZE); -+ -+ if (fb_size > dev_priv->vram_stolen_size) { - sizes->surface_bpp = 16; - sizes->surface_depth = 16; - } -diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c -index 658b8dd45b83..3ea311d32fa9 100644 ---- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c -+++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c -@@ -307,6 +307,7 @@ err_pm_runtime_put: - static void mtk_crtc_ddp_hw_fini(struct mtk_drm_crtc *mtk_crtc) - { - struct drm_device *drm = mtk_crtc->base.dev; -+ struct drm_crtc *crtc = &mtk_crtc->base; - int i; - - DRM_DEBUG_DRIVER("%s\n", __func__); -@@ -328,6 +329,13 @@ static void mtk_crtc_ddp_hw_fini(struct mtk_drm_crtc *mtk_crtc) - mtk_disp_mutex_unprepare(mtk_crtc->mutex); - - pm_runtime_put(drm->dev); -+ -+ if (crtc->state->event && !crtc->state->active) { -+ spin_lock_irq(&crtc->dev->event_lock); -+ drm_crtc_send_vblank_event(crtc, crtc->state->event); -+ crtc->state->event = NULL; -+ spin_unlock_irq(&crtc->dev->event_lock); -+ } - } - - static void mtk_crtc_ddp_config(struct drm_crtc *crtc) -diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c -index 99e14e3e0fe4..72532539369f 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_fence.c -+++ b/drivers/gpu/drm/nouveau/nouveau_fence.c -@@ -158,7 +158,7 @@ nouveau_fence_wait_uevent_handler(struct nvif_notify *notify) - - fence = list_entry(fctx->pending.next, typeof(*fence), head); - chan = rcu_dereference_protected(fence->channel, lockdep_is_held(&fctx->lock)); -- if (nouveau_fence_update(fence->channel, fctx)) -+ if (nouveau_fence_update(chan, fctx)) - ret = NVIF_NOTIFY_DROP; - } - spin_unlock_irqrestore(&fctx->lock, flags); -diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c -index 0c0310498afd..cd9666583d4b 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c -+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c -@@ -73,6 +73,8 @@ nv50_disp_chan_mthd(struct nv50_disp_chan *chan, int debug) - - if (debug > subdev->debug) - return; -+ if (!mthd) -+ return; - - for (i = 0; (list = mthd->data[i].mthd) != NULL; i++) { - u32 base = chan->head * mthd->addr; -diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gk20a.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gk20a.c -index de8b806b88fd..7618b2eb4fdf 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gk20a.c -+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gk20a.c -@@ -143,23 +143,24 @@ gk20a_gr_av_to_method(struct gf100_gr *gr, const char *fw_name, - - nent = (fuc.size / sizeof(struct gk20a_fw_av)); - -- pack = vzalloc((sizeof(*pack) * max_classes) + -- (sizeof(*init) * (nent + 1))); -+ pack = vzalloc((sizeof(*pack) * (max_classes + 1)) + -+ (sizeof(*init) * (nent + max_classes + 1))); - if (!pack) { - ret = -ENOMEM; - goto end; - } - -- init = (void *)(pack + max_classes); -+ init = (void *)(pack + max_classes + 1); - -- for (i = 0; i < nent; i++) { -- struct gf100_gr_init *ent = &init[i]; -+ for (i = 0; i < nent; i++, init++) { - struct gk20a_fw_av *av = &((struct gk20a_fw_av *)fuc.data)[i]; - u32 class = av->addr & 0xffff; - u32 addr = (av->addr & 0xffff0000) >> 14; - - if (prevclass != class) { -- pack[classidx].init = ent; -+ if (prevclass) /* Add terminator to the method list. */ -+ init++; -+ pack[classidx].init = init; - pack[classidx].type = class; - prevclass = class; - if (++classidx >= max_classes) { -@@ -169,10 +170,10 @@ gk20a_gr_av_to_method(struct gf100_gr *gr, const char *fw_name, - } - } - -- ent->addr = addr; -- ent->data = av->data; -- ent->count = 1; -- ent->pitch = 1; -+ init->addr = addr; -+ init->data = av->data; -+ init->count = 1; -+ init->pitch = 1; - } - - *ppack = pack; -diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c -index 30491d132d59..fbd10a67c6c6 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c -+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c -@@ -108,6 +108,7 @@ gm20b_secboot_new(struct nvkm_device *device, int index, - struct gm200_secboot *gsb; - struct nvkm_acr *acr; - -+ *psb = NULL; - acr = acr_r352_new(BIT(NVKM_SECBOOT_FALCON_FECS) | - BIT(NVKM_SECBOOT_FALCON_PMU)); - if (IS_ERR(acr)) -@@ -116,10 +117,8 @@ gm20b_secboot_new(struct nvkm_device *device, int index, - acr->optional_falcons = BIT(NVKM_SECBOOT_FALCON_PMU); - - gsb = kzalloc(sizeof(*gsb), GFP_KERNEL); -- if (!gsb) { -- psb = NULL; -+ if (!gsb) - return -ENOMEM; -- } - *psb = &gsb->base; - - ret = nvkm_secboot_ctor(&gm20b_secboot, acr, device, index, &gsb->base); -diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c -index 4f94b78cb464..d86110cdf085 100644 ---- a/drivers/gpu/drm/radeon/radeon_display.c -+++ b/drivers/gpu/drm/radeon/radeon_display.c -@@ -119,6 +119,8 @@ static void dce5_crtc_load_lut(struct drm_crtc *crtc) - - DRM_DEBUG_KMS("%d\n", radeon_crtc->crtc_id); - -+ msleep(10); -+ - WREG32(NI_INPUT_CSC_CONTROL + radeon_crtc->crtc_offset, - (NI_INPUT_CSC_GRPH_MODE(NI_INPUT_CSC_BYPASS) | - NI_INPUT_CSC_OVL_MODE(NI_INPUT_CSC_BYPASS))); -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c b/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c -index 36c7b6c839c0..738ad2fc79a2 100644 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c -@@ -210,8 +210,10 @@ int vmw_cmdbuf_res_add(struct vmw_cmdbuf_res_manager *man, - - cres->hash.key = user_key | (res_type << 24); - ret = drm_ht_insert_item(&man->resources, &cres->hash); -- if (unlikely(ret != 0)) -+ if (unlikely(ret != 0)) { -+ kfree(cres); - goto out_invalid_key; -+ } - - cres->state = VMW_CMDBUF_RES_ADD; - cres->res = vmw_resource_reference(res); -diff --git a/drivers/hwmon/pmbus/ltc2978.c b/drivers/hwmon/pmbus/ltc2978.c -index 58b789c28b48..94eea2ac6251 100644 ---- a/drivers/hwmon/pmbus/ltc2978.c -+++ b/drivers/hwmon/pmbus/ltc2978.c -@@ -89,8 +89,8 @@ enum chips { ltc2974, ltc2975, ltc2977, ltc2978, ltc2980, ltc3880, ltc3882, - - #define LTC_POLL_TIMEOUT 100 /* in milli-seconds */ - --#define LTC_NOT_BUSY BIT(5) --#define LTC_NOT_PENDING BIT(4) -+#define LTC_NOT_BUSY BIT(6) -+#define LTC_NOT_PENDING BIT(5) - - /* - * LTC2978 clears peak data whenever the CLEAR_FAULTS command is executed, which -diff --git a/drivers/ide/cmd64x.c b/drivers/ide/cmd64x.c -index b127ed60c733..9dde8390da09 100644 ---- a/drivers/ide/cmd64x.c -+++ b/drivers/ide/cmd64x.c -@@ -65,6 +65,9 @@ static void cmd64x_program_timings(ide_drive_t *drive, u8 mode) - struct ide_timing t; - u8 arttim = 0; - -+ if (drive->dn >= ARRAY_SIZE(drwtim_regs)) -+ return; -+ - ide_timing_compute(drive, mode, &t, T, 0); - - /* -diff --git a/drivers/ide/serverworks.c b/drivers/ide/serverworks.c -index a97affca18ab..0f57d45484d1 100644 ---- a/drivers/ide/serverworks.c -+++ b/drivers/ide/serverworks.c -@@ -114,6 +114,9 @@ static void svwks_set_pio_mode(ide_hwif_t *hwif, ide_drive_t *drive) - struct pci_dev *dev = to_pci_dev(hwif->dev); - const u8 pio = drive->pio_mode - XFER_PIO_0; - -+ if (drive->dn >= ARRAY_SIZE(drive_pci)) -+ return; -+ - pci_write_config_byte(dev, drive_pci[drive->dn], pio_modes[pio]); - - if (svwks_csb_check(dev)) { -@@ -140,6 +143,9 @@ static void svwks_set_dma_mode(ide_hwif_t *hwif, ide_drive_t *drive) - - u8 ultra_enable = 0, ultra_timing = 0, dma_timing = 0; - -+ if (drive->dn >= ARRAY_SIZE(drive_pci2)) -+ return; -+ - pci_read_config_byte(dev, (0x56|hwif->channel), &ultra_timing); - pci_read_config_byte(dev, 0x54, &ultra_enable); - -diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c -index a3dd88c57be7..9b8276691329 100644 ---- a/drivers/infiniband/core/security.c -+++ b/drivers/infiniband/core/security.c -@@ -338,22 +338,16 @@ static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp, - if (!new_pps) - return NULL; - -- if (qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) { -- if (!qp_pps) { -- new_pps->main.port_num = qp_attr->port_num; -- new_pps->main.pkey_index = qp_attr->pkey_index; -- } else { -- new_pps->main.port_num = (qp_attr_mask & IB_QP_PORT) ? -- qp_attr->port_num : -- qp_pps->main.port_num; -- -- new_pps->main.pkey_index = -- (qp_attr_mask & IB_QP_PKEY_INDEX) ? -- qp_attr->pkey_index : -- qp_pps->main.pkey_index; -- } -+ if (qp_attr_mask & IB_QP_PORT) -+ new_pps->main.port_num = -+ (qp_pps) ? qp_pps->main.port_num : qp_attr->port_num; -+ if (qp_attr_mask & IB_QP_PKEY_INDEX) -+ new_pps->main.pkey_index = (qp_pps) ? qp_pps->main.pkey_index : -+ qp_attr->pkey_index; -+ if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT)) - new_pps->main.state = IB_PORT_PKEY_VALID; -- } else if (qp_pps) { -+ -+ if (!(qp_attr_mask & (IB_QP_PKEY_INDEX || IB_QP_PORT)) && qp_pps) { - new_pps->main.port_num = qp_pps->main.port_num; - new_pps->main.pkey_index = qp_pps->main.pkey_index; - if (qp_pps->main.state != IB_PORT_PKEY_NOT_VALID) -diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c -index 4a0b7c003477..cb5785dda524 100644 ---- a/drivers/infiniband/hw/hfi1/chip.c -+++ b/drivers/infiniband/hw/hfi1/chip.c -@@ -1686,6 +1686,14 @@ static u64 access_sw_pio_drain(const struct cntr_entry *entry, - return dd->verbs_dev.n_piodrain; - } - -+static u64 access_sw_ctx0_seq_drop(const struct cntr_entry *entry, -+ void *context, int vl, int mode, u64 data) -+{ -+ struct hfi1_devdata *dd = context; -+ -+ return dd->ctx0_seq_drop; -+} -+ - static u64 access_sw_vtx_wait(const struct cntr_entry *entry, - void *context, int vl, int mode, u64 data) - { -@@ -4246,6 +4254,8 @@ static struct cntr_entry dev_cntrs[DEV_CNTR_LAST] = { - access_sw_cpu_intr), - [C_SW_CPU_RCV_LIM] = CNTR_ELEM("RcvLimit", 0, 0, CNTR_NORMAL, - access_sw_cpu_rcv_limit), -+[C_SW_CTX0_SEQ_DROP] = CNTR_ELEM("SeqDrop0", 0, 0, CNTR_NORMAL, -+ access_sw_ctx0_seq_drop), - [C_SW_VTX_WAIT] = CNTR_ELEM("vTxWait", 0, 0, CNTR_NORMAL, - access_sw_vtx_wait), - [C_SW_PIO_WAIT] = CNTR_ELEM("PioWait", 0, 0, CNTR_NORMAL, -diff --git a/drivers/infiniband/hw/hfi1/chip.h b/drivers/infiniband/hw/hfi1/chip.h -index 50b8645d0b87..a88ef2433cea 100644 ---- a/drivers/infiniband/hw/hfi1/chip.h -+++ b/drivers/infiniband/hw/hfi1/chip.h -@@ -864,6 +864,7 @@ enum { - C_DC_PG_STS_TX_MBE_CNT, - C_SW_CPU_INTR, - C_SW_CPU_RCV_LIM, -+ C_SW_CTX0_SEQ_DROP, - C_SW_VTX_WAIT, - C_SW_PIO_WAIT, - C_SW_PIO_DRAIN, -diff --git a/drivers/infiniband/hw/hfi1/driver.c b/drivers/infiniband/hw/hfi1/driver.c -index 72c836b826ca..7aa1aabb7a43 100644 ---- a/drivers/infiniband/hw/hfi1/driver.c -+++ b/drivers/infiniband/hw/hfi1/driver.c -@@ -710,6 +710,7 @@ static noinline int skip_rcv_packet(struct hfi1_packet *packet, int thread) - { - int ret; - -+ packet->rcd->dd->ctx0_seq_drop++; - /* Set up for the next packet */ - packet->rhqoff += packet->rsize; - if (packet->rhqoff >= packet->maxcnt) -diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c -index 76861a8b5c1e..b3ab803bf8b1 100644 ---- a/drivers/infiniband/hw/hfi1/file_ops.c -+++ b/drivers/infiniband/hw/hfi1/file_ops.c -@@ -195,23 +195,24 @@ static int hfi1_file_open(struct inode *inode, struct file *fp) - - fd = kzalloc(sizeof(*fd), GFP_KERNEL); - -- if (fd) { -- fd->rec_cpu_num = -1; /* no cpu affinity by default */ -- fd->mm = current->mm; -- mmgrab(fd->mm); -- fd->dd = dd; -- kobject_get(&fd->dd->kobj); -- fp->private_data = fd; -- } else { -- fp->private_data = NULL; -- -- if (atomic_dec_and_test(&dd->user_refcount)) -- complete(&dd->user_comp); -- -- return -ENOMEM; -- } -- -+ if (!fd || init_srcu_struct(&fd->pq_srcu)) -+ goto nomem; -+ spin_lock_init(&fd->pq_rcu_lock); -+ spin_lock_init(&fd->tid_lock); -+ spin_lock_init(&fd->invalid_lock); -+ fd->rec_cpu_num = -1; /* no cpu affinity by default */ -+ fd->mm = current->mm; -+ mmgrab(fd->mm); -+ fd->dd = dd; -+ kobject_get(&fd->dd->kobj); -+ fp->private_data = fd; - return 0; -+nomem: -+ kfree(fd); -+ fp->private_data = NULL; -+ if (atomic_dec_and_test(&dd->user_refcount)) -+ complete(&dd->user_comp); -+ return -ENOMEM; - } - - static long hfi1_file_ioctl(struct file *fp, unsigned int cmd, -@@ -417,21 +418,30 @@ static long hfi1_file_ioctl(struct file *fp, unsigned int cmd, - static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from) - { - struct hfi1_filedata *fd = kiocb->ki_filp->private_data; -- struct hfi1_user_sdma_pkt_q *pq = fd->pq; -+ struct hfi1_user_sdma_pkt_q *pq; - struct hfi1_user_sdma_comp_q *cq = fd->cq; - int done = 0, reqs = 0; - unsigned long dim = from->nr_segs; -+ int idx; - -- if (!cq || !pq) -+ idx = srcu_read_lock(&fd->pq_srcu); -+ pq = srcu_dereference(fd->pq, &fd->pq_srcu); -+ if (!cq || !pq) { -+ srcu_read_unlock(&fd->pq_srcu, idx); - return -EIO; -+ } - -- if (!iter_is_iovec(from) || !dim) -+ if (!iter_is_iovec(from) || !dim) { -+ srcu_read_unlock(&fd->pq_srcu, idx); - return -EINVAL; -+ } - - trace_hfi1_sdma_request(fd->dd, fd->uctxt->ctxt, fd->subctxt, dim); - -- if (atomic_read(&pq->n_reqs) == pq->n_max_reqs) -+ if (atomic_read(&pq->n_reqs) == pq->n_max_reqs) { -+ srcu_read_unlock(&fd->pq_srcu, idx); - return -ENOSPC; -+ } - - while (dim) { - int ret; -@@ -449,6 +459,7 @@ static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from) - reqs++; - } - -+ srcu_read_unlock(&fd->pq_srcu, idx); - return reqs; - } - -@@ -824,6 +835,7 @@ done: - if (atomic_dec_and_test(&dd->user_refcount)) - complete(&dd->user_comp); - -+ cleanup_srcu_struct(&fdata->pq_srcu); - kfree(fdata); - return 0; - } -diff --git a/drivers/infiniband/hw/hfi1/hfi.h b/drivers/infiniband/hw/hfi1/hfi.h -index af550c1767e3..cf9bc95d8039 100644 ---- a/drivers/infiniband/hw/hfi1/hfi.h -+++ b/drivers/infiniband/hw/hfi1/hfi.h -@@ -1043,6 +1043,8 @@ struct hfi1_devdata { - - char *boardname; /* human readable board info */ - -+ u64 ctx0_seq_drop; -+ - /* reset value */ - u64 z_int_counter; - u64 z_rcv_limit; -@@ -1353,10 +1355,13 @@ struct mmu_rb_handler; - - /* Private data for file operations */ - struct hfi1_filedata { -+ struct srcu_struct pq_srcu; - struct hfi1_devdata *dd; - struct hfi1_ctxtdata *uctxt; - struct hfi1_user_sdma_comp_q *cq; -- struct hfi1_user_sdma_pkt_q *pq; -+ /* update side lock for SRCU */ -+ spinlock_t pq_rcu_lock; -+ struct hfi1_user_sdma_pkt_q __rcu *pq; - u16 subctxt; - /* for cpu affinity; -1 if none */ - int rec_cpu_num; -diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c -index b38e3808836c..c6d085e1c10d 100644 ---- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c -+++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c -@@ -90,9 +90,6 @@ int hfi1_user_exp_rcv_init(struct hfi1_filedata *fd, - struct hfi1_devdata *dd = uctxt->dd; - int ret = 0; - -- spin_lock_init(&fd->tid_lock); -- spin_lock_init(&fd->invalid_lock); -- - fd->entry_to_rb = kcalloc(uctxt->expected_count, - sizeof(struct rb_node *), - GFP_KERNEL); -diff --git a/drivers/infiniband/hw/hfi1/user_sdma.c b/drivers/infiniband/hw/hfi1/user_sdma.c -index 4854a4a453b5..f23d47194c12 100644 ---- a/drivers/infiniband/hw/hfi1/user_sdma.c -+++ b/drivers/infiniband/hw/hfi1/user_sdma.c -@@ -179,7 +179,6 @@ int hfi1_user_sdma_alloc_queues(struct hfi1_ctxtdata *uctxt, - pq = kzalloc(sizeof(*pq), GFP_KERNEL); - if (!pq) - return -ENOMEM; -- - pq->dd = dd; - pq->ctxt = uctxt->ctxt; - pq->subctxt = fd->subctxt; -@@ -236,7 +235,7 @@ int hfi1_user_sdma_alloc_queues(struct hfi1_ctxtdata *uctxt, - goto pq_mmu_fail; - } - -- fd->pq = pq; -+ rcu_assign_pointer(fd->pq, pq); - fd->cq = cq; - - return 0; -@@ -264,8 +263,14 @@ int hfi1_user_sdma_free_queues(struct hfi1_filedata *fd, - - trace_hfi1_sdma_user_free_queues(uctxt->dd, uctxt->ctxt, fd->subctxt); - -- pq = fd->pq; -+ spin_lock(&fd->pq_rcu_lock); -+ pq = srcu_dereference_check(fd->pq, &fd->pq_srcu, -+ lockdep_is_held(&fd->pq_rcu_lock)); - if (pq) { -+ rcu_assign_pointer(fd->pq, NULL); -+ spin_unlock(&fd->pq_rcu_lock); -+ synchronize_srcu(&fd->pq_srcu); -+ /* at this point there can be no more new requests */ - if (pq->handler) - hfi1_mmu_rb_unregister(pq->handler); - iowait_sdma_drain(&pq->busy); -@@ -277,7 +282,8 @@ int hfi1_user_sdma_free_queues(struct hfi1_filedata *fd, - kfree(pq->req_in_use); - kmem_cache_destroy(pq->txreq_cache); - kfree(pq); -- fd->pq = NULL; -+ } else { -+ spin_unlock(&fd->pq_rcu_lock); - } - if (fd->cq) { - vfree(fd->cq->comps); -@@ -321,7 +327,8 @@ int hfi1_user_sdma_process_request(struct hfi1_filedata *fd, - { - int ret = 0, i; - struct hfi1_ctxtdata *uctxt = fd->uctxt; -- struct hfi1_user_sdma_pkt_q *pq = fd->pq; -+ struct hfi1_user_sdma_pkt_q *pq = -+ srcu_dereference(fd->pq, &fd->pq_srcu); - struct hfi1_user_sdma_comp_q *cq = fd->cq; - struct hfi1_devdata *dd = pq->dd; - unsigned long idx = 0; -diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.h b/drivers/infiniband/sw/rxe/rxe_verbs.h -index d1cc89f6f2e3..46c8a66731e6 100644 ---- a/drivers/infiniband/sw/rxe/rxe_verbs.h -+++ b/drivers/infiniband/sw/rxe/rxe_verbs.h -@@ -408,7 +408,7 @@ struct rxe_dev { - struct list_head pending_mmaps; - - spinlock_t mmap_offset_lock; /* guard mmap_offset */ -- int mmap_offset; -+ u64 mmap_offset; - - atomic64_t stats_counters[RXE_NUM_OF_COUNTERS]; - -diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c -index 9b5691f306a2..ee3f630c9217 100644 ---- a/drivers/infiniband/ulp/isert/ib_isert.c -+++ b/drivers/infiniband/ulp/isert/ib_isert.c -@@ -2582,6 +2582,17 @@ isert_wait4logout(struct isert_conn *isert_conn) - } - } - -+static void -+isert_wait4cmds(struct iscsi_conn *conn) -+{ -+ isert_info("iscsi_conn %p\n", conn); -+ -+ if (conn->sess) { -+ target_sess_cmd_list_set_waiting(conn->sess->se_sess); -+ target_wait_for_sess_cmds(conn->sess->se_sess); -+ } -+} -+ - /** - * isert_put_unsol_pending_cmds() - Drop commands waiting for - * unsolicitate dataout -@@ -2629,6 +2640,7 @@ static void isert_wait_conn(struct iscsi_conn *conn) - - ib_drain_qp(isert_conn->qp); - isert_put_unsol_pending_cmds(conn); -+ isert_wait4cmds(conn); - isert_wait4logout(isert_conn); - - queue_work(isert_release_wq, &isert_conn->release_work); -diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c -index 111a71190547..5f764e0993a4 100644 ---- a/drivers/input/mouse/synaptics.c -+++ b/drivers/input/mouse/synaptics.c -@@ -149,7 +149,6 @@ static const char * const topbuttonpad_pnp_ids[] = { - "LEN0042", /* Yoga */ - "LEN0045", - "LEN0047", -- "LEN0049", - "LEN2000", /* S540 */ - "LEN2001", /* Edge E431 */ - "LEN2002", /* Edge E531 */ -@@ -169,9 +168,11 @@ static const char * const smbus_pnp_ids[] = { - /* all of the topbuttonpad_pnp_ids are valid, we just add some extras */ - "LEN0048", /* X1 Carbon 3 */ - "LEN0046", /* X250 */ -+ "LEN0049", /* Yoga 11e */ - "LEN004a", /* W541 */ - "LEN005b", /* P50 */ - "LEN005e", /* T560 */ -+ "LEN006c", /* T470s */ - "LEN0071", /* T480 */ - "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ - "LEN0073", /* X1 Carbon G5 (Elantech) */ -@@ -182,6 +183,7 @@ static const char * const smbus_pnp_ids[] = { - "LEN0097", /* X280 -> ALPS trackpoint */ - "LEN009b", /* T580 */ - "LEN200f", /* T450s */ -+ "LEN2044", /* L470 */ - "LEN2054", /* E480 */ - "LEN2055", /* E580 */ - "SYN3052", /* HP EliteBook 840 G4 */ -diff --git a/drivers/input/touchscreen/edt-ft5x06.c b/drivers/input/touchscreen/edt-ft5x06.c -index 5bf63f76ddda..4eff5b44640c 100644 ---- a/drivers/input/touchscreen/edt-ft5x06.c -+++ b/drivers/input/touchscreen/edt-ft5x06.c -@@ -888,6 +888,7 @@ static int edt_ft5x06_ts_probe(struct i2c_client *client, - { - const struct edt_i2c_chip_data *chip_data; - struct edt_ft5x06_ts_data *tsdata; -+ u8 buf[2] = { 0xfc, 0x00 }; - struct input_dev *input; - unsigned long irq_flags; - int error; -@@ -957,6 +958,12 @@ static int edt_ft5x06_ts_probe(struct i2c_client *client, - return error; - } - -+ /* -+ * Dummy read access. EP0700MLP1 returns bogus data on the first -+ * register read access and ignores writes. -+ */ -+ edt_ft5x06_ts_readwrite(tsdata->client, 2, buf, 2, buf); -+ - edt_ft5x06_ts_set_regs(tsdata); - edt_ft5x06_ts_get_defaults(&client->dev, tsdata); - edt_ft5x06_ts_get_parameters(tsdata); -diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c -index 09eb258a9a7d..29feafa8007f 100644 ---- a/drivers/iommu/arm-smmu-v3.c -+++ b/drivers/iommu/arm-smmu-v3.c -@@ -1145,7 +1145,8 @@ static void arm_smmu_write_strtab_ent(struct arm_smmu_device *smmu, u32 sid, - } - - arm_smmu_sync_ste_for_sid(smmu, sid); -- dst[0] = cpu_to_le64(val); -+ /* See comment in arm_smmu_write_ctx_desc() */ -+ WRITE_ONCE(dst[0], cpu_to_le64(val)); - arm_smmu_sync_ste_for_sid(smmu, sid); - - /* It's likely that we'll want to use the new STE soon */ -diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c -index c8a587d034b0..b08002851e06 100644 ---- a/drivers/iommu/qcom_iommu.c -+++ b/drivers/iommu/qcom_iommu.c -@@ -327,21 +327,19 @@ static void qcom_iommu_domain_free(struct iommu_domain *domain) - { - struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain); - -- if (WARN_ON(qcom_domain->iommu)) /* forgot to detach? */ -- return; -- - iommu_put_dma_cookie(domain); - -- /* NOTE: unmap can be called after client device is powered off, -- * for example, with GPUs or anything involving dma-buf. So we -- * cannot rely on the device_link. Make sure the IOMMU is on to -- * avoid unclocked accesses in the TLB inv path: -- */ -- pm_runtime_get_sync(qcom_domain->iommu->dev); -- -- free_io_pgtable_ops(qcom_domain->pgtbl_ops); -- -- pm_runtime_put_sync(qcom_domain->iommu->dev); -+ if (qcom_domain->iommu) { -+ /* -+ * NOTE: unmap can be called after client device is powered -+ * off, for example, with GPUs or anything involving dma-buf. -+ * So we cannot rely on the device_link. Make sure the IOMMU -+ * is on to avoid unclocked accesses in the TLB inv path: -+ */ -+ pm_runtime_get_sync(qcom_domain->iommu->dev); -+ free_io_pgtable_ops(qcom_domain->pgtbl_ops); -+ pm_runtime_put_sync(qcom_domain->iommu->dev); -+ } - - kfree(qcom_domain); - } -@@ -386,7 +384,7 @@ static void qcom_iommu_detach_dev(struct iommu_domain *domain, struct device *de - struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain); - unsigned i; - -- if (!qcom_domain->iommu) -+ if (WARN_ON(!qcom_domain->iommu)) - return; - - pm_runtime_get_sync(qcom_iommu->dev); -@@ -397,8 +395,6 @@ static void qcom_iommu_detach_dev(struct iommu_domain *domain, struct device *de - iommu_writel(ctx, ARM_SMMU_CB_SCTLR, 0); - } - pm_runtime_put_sync(qcom_iommu->dev); -- -- qcom_domain->iommu = NULL; - } - - static int qcom_iommu_map(struct iommu_domain *domain, unsigned long iova, -diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c -index 52238e6bed39..799df1e598db 100644 ---- a/drivers/irqchip/irq-gic-v3-its.c -+++ b/drivers/irqchip/irq-gic-v3-its.c -@@ -527,7 +527,7 @@ static struct its_collection *its_build_invall_cmd(struct its_cmd_block *cmd, - struct its_cmd_desc *desc) - { - its_encode_cmd(cmd, GITS_CMD_INVALL); -- its_encode_collection(cmd, desc->its_mapc_cmd.col->col_id); -+ its_encode_collection(cmd, desc->its_invall_cmd.col->col_id); - - its_fixup_cmd(cmd); - -diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c -index 3d7374655587..730b3c1cf7f6 100644 ---- a/drivers/irqchip/irq-gic-v3.c -+++ b/drivers/irqchip/irq-gic-v3.c -@@ -1253,6 +1253,7 @@ static struct - struct redist_region *redist_regs; - u32 nr_redist_regions; - bool single_redist; -+ int enabled_rdists; - u32 maint_irq; - int maint_irq_mode; - phys_addr_t vcpu_base; -@@ -1347,8 +1348,10 @@ static int __init gic_acpi_match_gicc(struct acpi_subtable_header *header, - * If GICC is enabled and has valid gicr base address, then it means - * GICR base is presented via GICC - */ -- if ((gicc->flags & ACPI_MADT_ENABLED) && gicc->gicr_base_address) -+ if ((gicc->flags & ACPI_MADT_ENABLED) && gicc->gicr_base_address) { -+ acpi_data.enabled_rdists++; - return 0; -+ } - - /* - * It's perfectly valid firmware can pass disabled GICC entry, driver -@@ -1378,8 +1381,10 @@ static int __init gic_acpi_count_gicr_regions(void) - - count = acpi_table_parse_madt(ACPI_MADT_TYPE_GENERIC_INTERRUPT, - gic_acpi_match_gicc, 0); -- if (count > 0) -+ if (count > 0) { - acpi_data.single_redist = true; -+ count = acpi_data.enabled_rdists; -+ } - - return count; - } -diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c -index 98b6e1d4b1a6..f7fdbf5d183b 100644 ---- a/drivers/irqchip/irq-mbigen.c -+++ b/drivers/irqchip/irq-mbigen.c -@@ -381,6 +381,7 @@ static struct platform_driver mbigen_platform_driver = { - .name = "Hisilicon MBIGEN-V2", - .of_match_table = mbigen_of_match, - .acpi_match_table = ACPI_PTR(mbigen_acpi_match), -+ .suppress_bind_attrs = true, - }, - .probe = mbigen_device_probe, - }; -diff --git a/drivers/leds/leds-pca963x.c b/drivers/leds/leds-pca963x.c -index 3bf9a1271819..88c7313cf869 100644 ---- a/drivers/leds/leds-pca963x.c -+++ b/drivers/leds/leds-pca963x.c -@@ -43,6 +43,8 @@ - #define PCA963X_LED_PWM 0x2 /* Controlled through PWM */ - #define PCA963X_LED_GRP_PWM 0x3 /* Controlled through PWM/GRPPWM */ - -+#define PCA963X_MODE2_OUTDRV 0x04 /* Open-drain or totem pole */ -+#define PCA963X_MODE2_INVRT 0x10 /* Normal or inverted direction */ - #define PCA963X_MODE2_DMBLNK 0x20 /* Enable blinking */ - - #define PCA963X_MODE1 0x00 -@@ -462,12 +464,12 @@ static int pca963x_probe(struct i2c_client *client, - PCA963X_MODE2); - /* Configure output: open-drain or totem pole (push-pull) */ - if (pdata->outdrv == PCA963X_OPEN_DRAIN) -- mode2 |= 0x01; -+ mode2 &= ~PCA963X_MODE2_OUTDRV; - else -- mode2 |= 0x05; -+ mode2 |= PCA963X_MODE2_OUTDRV; - /* Configure direction: normal or inverted */ - if (pdata->dir == PCA963X_INVERTED) -- mode2 |= 0x10; -+ mode2 |= PCA963X_MODE2_INVRT; - i2c_smbus_write_byte_data(pca963x->chip->client, PCA963X_MODE2, - mode2); - } -diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h -index 8d1964b472e7..0bfde500af19 100644 ---- a/drivers/md/bcache/bset.h -+++ b/drivers/md/bcache/bset.h -@@ -381,7 +381,8 @@ void bch_btree_keys_stats(struct btree_keys *, struct bset_stats *); - - /* Bkey utility code */ - --#define bset_bkey_last(i) bkey_idx((struct bkey *) (i)->d, (i)->keys) -+#define bset_bkey_last(i) bkey_idx((struct bkey *) (i)->d, \ -+ (unsigned int)(i)->keys) - - static inline struct bkey *bset_bkey_idx(struct bset *i, unsigned idx) - { -diff --git a/drivers/media/i2c/mt9v032.c b/drivers/media/i2c/mt9v032.c -index 8a430640c85d..1a20d0d558d3 100644 ---- a/drivers/media/i2c/mt9v032.c -+++ b/drivers/media/i2c/mt9v032.c -@@ -423,10 +423,12 @@ static int mt9v032_enum_mbus_code(struct v4l2_subdev *subdev, - struct v4l2_subdev_pad_config *cfg, - struct v4l2_subdev_mbus_code_enum *code) - { -+ struct mt9v032 *mt9v032 = to_mt9v032(subdev); -+ - if (code->index > 0) - return -EINVAL; - -- code->code = MEDIA_BUS_FMT_SGRBG10_1X10; -+ code->code = mt9v032->format.code; - return 0; - } - -@@ -434,7 +436,11 @@ static int mt9v032_enum_frame_size(struct v4l2_subdev *subdev, - struct v4l2_subdev_pad_config *cfg, - struct v4l2_subdev_frame_size_enum *fse) - { -- if (fse->index >= 3 || fse->code != MEDIA_BUS_FMT_SGRBG10_1X10) -+ struct mt9v032 *mt9v032 = to_mt9v032(subdev); -+ -+ if (fse->index >= 3) -+ return -EINVAL; -+ if (mt9v032->format.code != fse->code) - return -EINVAL; - - fse->min_width = MT9V032_WINDOW_WIDTH_DEF / (1 << fse->index); -diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c b/drivers/media/platform/sti/bdisp/bdisp-hw.c -index b7892f3efd98..5c4c3f0c57be 100644 ---- a/drivers/media/platform/sti/bdisp/bdisp-hw.c -+++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c -@@ -14,8 +14,8 @@ - #define MAX_SRC_WIDTH 2048 - - /* Reset & boot poll config */ --#define POLL_RST_MAX 50 --#define POLL_RST_DELAY_MS 20 -+#define POLL_RST_MAX 500 -+#define POLL_RST_DELAY_MS 2 - - enum bdisp_target_plan { - BDISP_RGB, -@@ -382,7 +382,7 @@ int bdisp_hw_reset(struct bdisp_dev *bdisp) - for (i = 0; i < POLL_RST_MAX; i++) { - if (readl(bdisp->regs + BLT_STA1) & BLT_STA1_IDLE) - break; -- msleep(POLL_RST_DELAY_MS); -+ udelay(POLL_RST_DELAY_MS * 1000); - } - if (i == POLL_RST_MAX) - dev_err(bdisp->dev, "Reset timeout\n"); -diff --git a/drivers/net/ethernet/cisco/enic/enic_main.c b/drivers/net/ethernet/cisco/enic/enic_main.c -index 19f374b180fc..52a3b32390a9 100644 ---- a/drivers/net/ethernet/cisco/enic/enic_main.c -+++ b/drivers/net/ethernet/cisco/enic/enic_main.c -@@ -1972,10 +1972,10 @@ static int enic_stop(struct net_device *netdev) - napi_disable(&enic->napi[i]); - - netif_carrier_off(netdev); -- netif_tx_disable(netdev); - if (vnic_dev_get_intr_mode(enic->vdev) == VNIC_DEV_INTR_MODE_MSIX) - for (i = 0; i < enic->wq_count; i++) - napi_disable(&enic->napi[enic_cq_wq(enic, i)]); -+ netif_tx_disable(netdev); - - if (!enic_is_dynamic(enic) && !enic_is_sriov_vf(enic)) - enic_dev_del_station_addr(enic); -diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c -index 27d0e3b9833c..e4a2c74a9b47 100644 ---- a/drivers/net/ethernet/freescale/gianfar.c -+++ b/drivers/net/ethernet/freescale/gianfar.c -@@ -2685,13 +2685,17 @@ static void gfar_clean_tx_ring(struct gfar_priv_tx_q *tx_queue) - skb_dirtytx = tx_queue->skb_dirtytx; - - while ((skb = tx_queue->tx_skbuff[skb_dirtytx])) { -+ bool do_tstamp; -+ -+ do_tstamp = (skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP) && -+ priv->hwts_tx_en; - - frags = skb_shinfo(skb)->nr_frags; - - /* When time stamping, one additional TxBD must be freed. - * Also, we need to dma_unmap_single() the TxPAL. - */ -- if (unlikely(skb_shinfo(skb)->tx_flags & SKBTX_IN_PROGRESS)) -+ if (unlikely(do_tstamp)) - nr_txbds = frags + 2; - else - nr_txbds = frags + 1; -@@ -2705,7 +2709,7 @@ static void gfar_clean_tx_ring(struct gfar_priv_tx_q *tx_queue) - (lstatus & BD_LENGTH_MASK)) - break; - -- if (unlikely(skb_shinfo(skb)->tx_flags & SKBTX_IN_PROGRESS)) { -+ if (unlikely(do_tstamp)) { - next = next_txbd(bdp, base, tx_ring_size); - buflen = be16_to_cpu(next->length) + - GMAC_FCB_LEN + GMAC_TXPAL_LEN; -@@ -2715,7 +2719,7 @@ static void gfar_clean_tx_ring(struct gfar_priv_tx_q *tx_queue) - dma_unmap_single(priv->dev, be32_to_cpu(bdp->bufPtr), - buflen, DMA_TO_DEVICE); - -- if (unlikely(skb_shinfo(skb)->tx_flags & SKBTX_IN_PROGRESS)) { -+ if (unlikely(do_tstamp)) { - struct skb_shared_hwtstamps shhwtstamps; - u64 *ns = (u64 *)(((uintptr_t)skb->data + 0x10) & - ~0x7UL); -diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dpipe.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dpipe.c -index 51e6846da72b..3c04f3d5de2d 100644 ---- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dpipe.c -+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dpipe.c -@@ -225,7 +225,7 @@ mlxsw_sp_dpipe_table_erif_entries_dump(void *priv, bool counters_enabled, - start_again: - err = devlink_dpipe_entry_ctx_prepare(dump_ctx); - if (err) -- return err; -+ goto err_ctx_prepare; - j = 0; - for (; i < rif_count; i++) { - struct mlxsw_sp_rif *rif = mlxsw_sp_rif_by_index(mlxsw_sp, i); -@@ -257,6 +257,7 @@ start_again: - return 0; - err_entry_append: - err_entry_get: -+err_ctx_prepare: - rtnl_unlock(); - devlink_dpipe_entry_clear(&entry); - return err; -diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c -index 571a1ff8f81f..6a26cef62193 100644 ---- a/drivers/net/wan/fsl_ucc_hdlc.c -+++ b/drivers/net/wan/fsl_ucc_hdlc.c -@@ -240,6 +240,11 @@ static int uhdlc_init(struct ucc_hdlc_private *priv) - ret = -ENOMEM; - goto free_riptr; - } -+ if (riptr != (u16)riptr || tiptr != (u16)tiptr) { -+ dev_err(priv->dev, "MURAM allocation out of addressable range\n"); -+ ret = -ENOMEM; -+ goto free_tiptr; -+ } - - /* Set RIPTR, TIPTR */ - iowrite16be(riptr, &priv->ucc_pram->riptr); -diff --git a/drivers/net/wan/ixp4xx_hss.c b/drivers/net/wan/ixp4xx_hss.c -index 6a505c26a3e7..a269ed63d90f 100644 ---- a/drivers/net/wan/ixp4xx_hss.c -+++ b/drivers/net/wan/ixp4xx_hss.c -@@ -261,7 +261,7 @@ struct port { - struct hss_plat_info *plat; - buffer_t *rx_buff_tab[RX_DESCS], *tx_buff_tab[TX_DESCS]; - struct desc *desc_tab; /* coherent */ -- u32 desc_tab_phys; -+ dma_addr_t desc_tab_phys; - unsigned int id; - unsigned int clock_type, clock_rate, loopback; - unsigned int initialized, carrier; -@@ -861,7 +861,7 @@ static int hss_hdlc_xmit(struct sk_buff *skb, struct net_device *dev) - dev->stats.tx_dropped++; - return NETDEV_TX_OK; - } -- memcpy_swab32(mem, (u32 *)((int)skb->data & ~3), bytes / 4); -+ memcpy_swab32(mem, (u32 *)((uintptr_t)skb->data & ~3), bytes / 4); - dev_kfree_skb(skb); - #endif - -diff --git a/drivers/net/wireless/broadcom/b43legacy/main.c b/drivers/net/wireless/broadcom/b43legacy/main.c -index f1e3dad57629..f435bd0f8b5b 100644 ---- a/drivers/net/wireless/broadcom/b43legacy/main.c -+++ b/drivers/net/wireless/broadcom/b43legacy/main.c -@@ -1304,8 +1304,9 @@ static void handle_irq_ucode_debug(struct b43legacy_wldev *dev) - } - - /* Interrupt handler bottom-half */ --static void b43legacy_interrupt_tasklet(struct b43legacy_wldev *dev) -+static void b43legacy_interrupt_tasklet(unsigned long data) - { -+ struct b43legacy_wldev *dev = (struct b43legacy_wldev *)data; - u32 reason; - u32 dma_reason[ARRAY_SIZE(dev->dma_reason)]; - u32 merged_dma_reason = 0; -@@ -3775,7 +3776,7 @@ static int b43legacy_one_core_attach(struct ssb_device *dev, - b43legacy_set_status(wldev, B43legacy_STAT_UNINIT); - wldev->bad_frames_preempt = modparam_bad_frames_preempt; - tasklet_init(&wldev->isr_tasklet, -- (void (*)(unsigned long))b43legacy_interrupt_tasklet, -+ b43legacy_interrupt_tasklet, - (unsigned long)wldev); - if (modparam_pio) - wldev->__using_pio = true; -diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c -index 4c28b04ea605..d198a8780b96 100644 ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c -@@ -1932,6 +1932,7 @@ static uint brcmf_sdio_readframes(struct brcmf_sdio *bus, uint maxframes) - BRCMF_SDIO_FT_NORMAL)) { - rd->len = 0; - brcmu_pkt_buf_free_skb(pkt); -+ continue; - } - bus->sdcnt.rx_readahead_cnt++; - if (rd->len != roundup(rd_new.len, 16)) { -diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2100.c b/drivers/net/wireless/intel/ipw2x00/ipw2100.c -index 19c442cb93e4..8fbdd7d4fd0c 100644 ---- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c -+++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c -@@ -3220,8 +3220,9 @@ static void ipw2100_tx_send_data(struct ipw2100_priv *priv) - } - } - --static void ipw2100_irq_tasklet(struct ipw2100_priv *priv) -+static void ipw2100_irq_tasklet(unsigned long data) - { -+ struct ipw2100_priv *priv = (struct ipw2100_priv *)data; - struct net_device *dev = priv->net_dev; - unsigned long flags; - u32 inta, tmp; -@@ -6027,7 +6028,7 @@ static void ipw2100_rf_kill(struct work_struct *work) - spin_unlock_irqrestore(&priv->low_lock, flags); - } - --static void ipw2100_irq_tasklet(struct ipw2100_priv *priv); -+static void ipw2100_irq_tasklet(unsigned long data); - - static const struct net_device_ops ipw2100_netdev_ops = { - .ndo_open = ipw2100_open, -@@ -6157,7 +6158,7 @@ static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev, - INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill); - INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event); - -- tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long)) -+ tasklet_init(&priv->irq_tasklet, - ipw2100_irq_tasklet, (unsigned long)priv); - - /* NOTE: We do not start the deferred work for status checks yet */ -diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c -index 8da87496cb58..2d0734ab3f74 100644 ---- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c -+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c -@@ -1966,8 +1966,9 @@ static void notify_wx_assoc_event(struct ipw_priv *priv) - wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL); - } - --static void ipw_irq_tasklet(struct ipw_priv *priv) -+static void ipw_irq_tasklet(unsigned long data) - { -+ struct ipw_priv *priv = (struct ipw_priv *)data; - u32 inta, inta_mask, handled = 0; - unsigned long flags; - int rc = 0; -@@ -10702,7 +10703,7 @@ static int ipw_setup_deferred_work(struct ipw_priv *priv) - INIT_WORK(&priv->qos_activate, ipw_bg_qos_activate); - #endif /* CONFIG_IPW2200_QOS */ - -- tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long)) -+ tasklet_init(&priv->irq_tasklet, - ipw_irq_tasklet, (unsigned long)priv); - - return ret; -diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c -index 329f3a63dadd..0fb81151a132 100644 ---- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c -+++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c -@@ -1399,8 +1399,9 @@ il3945_dump_nic_error_log(struct il_priv *il) - } - - static void --il3945_irq_tasklet(struct il_priv *il) -+il3945_irq_tasklet(unsigned long data) - { -+ struct il_priv *il = (struct il_priv *)data; - u32 inta, handled = 0; - u32 inta_fh; - unsigned long flags; -@@ -3432,7 +3433,7 @@ il3945_setup_deferred_work(struct il_priv *il) - setup_timer(&il->watchdog, il_bg_watchdog, (unsigned long)il); - - tasklet_init(&il->irq_tasklet, -- (void (*)(unsigned long))il3945_irq_tasklet, -+ il3945_irq_tasklet, - (unsigned long)il); - } - -diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c -index de9b6522c43f..665e82effb03 100644 ---- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c -+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c -@@ -4363,8 +4363,9 @@ il4965_synchronize_irq(struct il_priv *il) - } - - static void --il4965_irq_tasklet(struct il_priv *il) -+il4965_irq_tasklet(unsigned long data) - { -+ struct il_priv *il = (struct il_priv *)data; - u32 inta, handled = 0; - u32 inta_fh; - unsigned long flags; -@@ -6264,7 +6265,7 @@ il4965_setup_deferred_work(struct il_priv *il) - setup_timer(&il->watchdog, il_bg_watchdog, (unsigned long)il); - - tasklet_init(&il->irq_tasklet, -- (void (*)(unsigned long))il4965_irq_tasklet, -+ il4965_irq_tasklet, - (unsigned long)il); - } - -diff --git a/drivers/net/wireless/intel/iwlegacy/common.c b/drivers/net/wireless/intel/iwlegacy/common.c -index 8d5acda92a9b..6e6b124f0d5e 100644 ---- a/drivers/net/wireless/intel/iwlegacy/common.c -+++ b/drivers/net/wireless/intel/iwlegacy/common.c -@@ -717,7 +717,7 @@ il_eeprom_init(struct il_priv *il) - u32 gp = _il_rd(il, CSR_EEPROM_GP); - int sz; - int ret; -- u16 addr; -+ int addr; - - /* allocate eeprom */ - sz = il->cfg->eeprom_size; -diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tt.c b/drivers/net/wireless/intel/iwlwifi/mvm/tt.c -index 1232f63278eb..319103f4b432 100644 ---- a/drivers/net/wireless/intel/iwlwifi/mvm/tt.c -+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tt.c -@@ -739,7 +739,8 @@ static struct thermal_zone_device_ops tzone_ops = { - static void iwl_mvm_thermal_zone_register(struct iwl_mvm *mvm) - { - int i; -- char name[] = "iwlwifi"; -+ char name[16]; -+ static atomic_t counter = ATOMIC_INIT(0); - - if (!iwl_mvm_is_tt_in_fw(mvm)) { - mvm->tz_device.tzone = NULL; -@@ -749,6 +750,7 @@ static void iwl_mvm_thermal_zone_register(struct iwl_mvm *mvm) - - BUILD_BUG_ON(ARRAY_SIZE(name) >= THERMAL_NAME_LENGTH); - -+ sprintf(name, "iwlwifi_%u", atomic_inc_return(&counter) & 0xFF); - mvm->tz_device.tzone = thermal_zone_device_register(name, - IWL_MAX_DTS_TRIPS, - IWL_WRITABLE_TRIPS_MSK, -diff --git a/drivers/net/wireless/intersil/hostap/hostap_ap.c b/drivers/net/wireless/intersil/hostap/hostap_ap.c -index 1a8d8db80b05..486ca1ee306e 100644 ---- a/drivers/net/wireless/intersil/hostap/hostap_ap.c -+++ b/drivers/net/wireless/intersil/hostap/hostap_ap.c -@@ -2568,7 +2568,7 @@ static int prism2_hostapd_add_sta(struct ap_data *ap, - sta->supported_rates[0] = 2; - if (sta->tx_supp_rates & WLAN_RATE_2M) - sta->supported_rates[1] = 4; -- if (sta->tx_supp_rates & WLAN_RATE_5M5) -+ if (sta->tx_supp_rates & WLAN_RATE_5M5) - sta->supported_rates[2] = 11; - if (sta->tx_supp_rates & WLAN_RATE_11M) - sta->supported_rates[3] = 22; -diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -index 95015d74b1c0..5a64674a5c8d 100644 ---- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1364,7 +1364,8 @@ static int ezusb_init(struct hermes *hw) - int retval; - - BUG_ON(in_interrupt()); -- BUG_ON(!upriv); -+ if (!upriv) -+ return -EINVAL; - - upriv->reply_count = 0; - /* Write the MAGIC number on the simulated registers to keep -diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c -index 457a0f725c8a..ab74f3155854 100644 ---- a/drivers/net/wireless/realtek/rtlwifi/pci.c -+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c -@@ -1091,13 +1091,15 @@ done: - return ret; - } - --static void _rtl_pci_irq_tasklet(struct ieee80211_hw *hw) -+static void _rtl_pci_irq_tasklet(unsigned long data) - { -+ struct ieee80211_hw *hw = (struct ieee80211_hw *)data; - _rtl_pci_tx_chk_waitq(hw); - } - --static void _rtl_pci_prepare_bcn_tasklet(struct ieee80211_hw *hw) -+static void _rtl_pci_prepare_bcn_tasklet(unsigned long data) - { -+ struct ieee80211_hw *hw = (struct ieee80211_hw *)data; - struct rtl_priv *rtlpriv = rtl_priv(hw); - struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); - struct rtl_mac *mac = rtl_mac(rtl_priv(hw)); -@@ -1223,10 +1225,10 @@ static void _rtl_pci_init_struct(struct ieee80211_hw *hw, - - /*task */ - tasklet_init(&rtlpriv->works.irq_tasklet, -- (void (*)(unsigned long))_rtl_pci_irq_tasklet, -+ _rtl_pci_irq_tasklet, - (unsigned long)hw); - tasklet_init(&rtlpriv->works.irq_prepare_bcn_tasklet, -- (void (*)(unsigned long))_rtl_pci_prepare_bcn_tasklet, -+ _rtl_pci_prepare_bcn_tasklet, - (unsigned long)hw); - INIT_WORK(&rtlpriv->works.lps_change_work, - rtl_lps_change_work_callback); -diff --git a/drivers/nfc/port100.c b/drivers/nfc/port100.c -index 60ae382f50da..06bb226c62ef 100644 ---- a/drivers/nfc/port100.c -+++ b/drivers/nfc/port100.c -@@ -574,7 +574,7 @@ static void port100_tx_update_payload_len(void *_frame, int len) - { - struct port100_frame *frame = _frame; - -- frame->datalen = cpu_to_le16(le16_to_cpu(frame->datalen) + len); -+ le16_add_cpu(&frame->datalen, len); - } - - static bool port100_rx_frame_is_valid(void *_frame) -diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c -index 0fd8e164339c..0dc646c1bc3d 100644 ---- a/drivers/pci/iov.c -+++ b/drivers/pci/iov.c -@@ -179,6 +179,7 @@ int pci_iov_add_virtfn(struct pci_dev *dev, int id, int reset) - failed2: - sysfs_remove_link(&dev->dev.kobj, buf); - failed1: -+ pci_stop_and_remove_bus_device(virtfn); - pci_dev_put(dev); - pci_stop_and_remove_bus_device(virtfn); - failed0: -diff --git a/drivers/pinctrl/intel/pinctrl-baytrail.c b/drivers/pinctrl/intel/pinctrl-baytrail.c -index 9df5d29d708d..4fb3e44f9133 100644 ---- a/drivers/pinctrl/intel/pinctrl-baytrail.c -+++ b/drivers/pinctrl/intel/pinctrl-baytrail.c -@@ -958,7 +958,13 @@ static void byt_gpio_clear_triggering(struct byt_gpio *vg, unsigned int offset) - - raw_spin_lock_irqsave(&byt_lock, flags); - value = readl(reg); -- value &= ~(BYT_TRIG_POS | BYT_TRIG_NEG | BYT_TRIG_LVL); -+ -+ /* Do not clear direct-irq enabled IRQs (from gpio_disable_free) */ -+ if (value & BYT_DIRECT_IRQ_EN) -+ /* nothing to do */ ; -+ else -+ value &= ~(BYT_TRIG_POS | BYT_TRIG_NEG | BYT_TRIG_LVL); -+ - writel(value, reg); - raw_spin_unlock_irqrestore(&byt_lock, flags); - } -diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7264.c b/drivers/pinctrl/sh-pfc/pfc-sh7264.c -index e1c34e19222e..3ddb9565ed80 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-sh7264.c -+++ b/drivers/pinctrl/sh-pfc/pfc-sh7264.c -@@ -500,17 +500,15 @@ enum { - SD_WP_MARK, SD_CLK_MARK, SD_CMD_MARK, - CRX0_MARK, CRX1_MARK, - CTX0_MARK, CTX1_MARK, -+ CRX0_CRX1_MARK, CTX0_CTX1_MARK, - - PWM1A_MARK, PWM1B_MARK, PWM1C_MARK, PWM1D_MARK, - PWM1E_MARK, PWM1F_MARK, PWM1G_MARK, PWM1H_MARK, - PWM2A_MARK, PWM2B_MARK, PWM2C_MARK, PWM2D_MARK, - PWM2E_MARK, PWM2F_MARK, PWM2G_MARK, PWM2H_MARK, - IERXD_MARK, IETXD_MARK, -- CRX0_CRX1_MARK, - WDTOVF_MARK, - -- CRX0X1_MARK, -- - /* DMAC */ - TEND0_MARK, DACK0_MARK, DREQ0_MARK, - TEND1_MARK, DACK1_MARK, DREQ1_MARK, -@@ -998,12 +996,12 @@ static const u16 pinmux_data[] = { - - PINMUX_DATA(PJ3_DATA, PJ3MD_00), - PINMUX_DATA(CRX1_MARK, PJ3MD_01), -- PINMUX_DATA(CRX0X1_MARK, PJ3MD_10), -+ PINMUX_DATA(CRX0_CRX1_MARK, PJ3MD_10), - PINMUX_DATA(IRQ1_PJ_MARK, PJ3MD_11), - - PINMUX_DATA(PJ2_DATA, PJ2MD_000), - PINMUX_DATA(CTX1_MARK, PJ2MD_001), -- PINMUX_DATA(CRX0_CRX1_MARK, PJ2MD_010), -+ PINMUX_DATA(CTX0_CTX1_MARK, PJ2MD_010), - PINMUX_DATA(CS2_MARK, PJ2MD_011), - PINMUX_DATA(SCK0_MARK, PJ2MD_100), - PINMUX_DATA(LCD_M_DISP_MARK, PJ2MD_101), -@@ -1248,6 +1246,7 @@ static const struct pinmux_func pinmux_func_gpios[] = { - GPIO_FN(CTX1), - GPIO_FN(CRX1), - GPIO_FN(CTX0), -+ GPIO_FN(CTX0_CTX1), - GPIO_FN(CRX0), - GPIO_FN(CRX0_CRX1), - -diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7269.c b/drivers/pinctrl/sh-pfc/pfc-sh7269.c -index cfdb4fc177c3..3df0c0d139d0 100644 ---- a/drivers/pinctrl/sh-pfc/pfc-sh7269.c -+++ b/drivers/pinctrl/sh-pfc/pfc-sh7269.c -@@ -740,13 +740,12 @@ enum { - CRX0_MARK, CTX0_MARK, - CRX1_MARK, CTX1_MARK, - CRX2_MARK, CTX2_MARK, -- CRX0_CRX1_MARK, -- CRX0_CRX1_CRX2_MARK, -- CTX0CTX1CTX2_MARK, -+ CRX0_CRX1_MARK, CTX0_CTX1_MARK, -+ CRX0_CRX1_CRX2_MARK, CTX0_CTX1_CTX2_MARK, - CRX1_PJ22_MARK, CTX1_PJ23_MARK, - CRX2_PJ20_MARK, CTX2_PJ21_MARK, -- CRX0CRX1_PJ22_MARK, -- CRX0CRX1CRX2_PJ20_MARK, -+ CRX0_CRX1_PJ22_MARK, CTX0_CTX1_PJ23_MARK, -+ CRX0_CRX1_CRX2_PJ20_MARK, CTX0_CTX1_CTX2_PJ21_MARK, - - /* VDC */ - DV_CLK_MARK, -@@ -824,6 +823,7 @@ static const u16 pinmux_data[] = { - PINMUX_DATA(CS3_MARK, PC8MD_001), - PINMUX_DATA(TXD7_MARK, PC8MD_010), - PINMUX_DATA(CTX1_MARK, PC8MD_011), -+ PINMUX_DATA(CTX0_CTX1_MARK, PC8MD_100), - - PINMUX_DATA(PC7_DATA, PC7MD_000), - PINMUX_DATA(CKE_MARK, PC7MD_001), -@@ -836,11 +836,12 @@ static const u16 pinmux_data[] = { - PINMUX_DATA(CAS_MARK, PC6MD_001), - PINMUX_DATA(SCK7_MARK, PC6MD_010), - PINMUX_DATA(CTX0_MARK, PC6MD_011), -+ PINMUX_DATA(CTX0_CTX1_CTX2_MARK, PC6MD_100), - - PINMUX_DATA(PC5_DATA, PC5MD_000), - PINMUX_DATA(RAS_MARK, PC5MD_001), - PINMUX_DATA(CRX0_MARK, PC5MD_011), -- PINMUX_DATA(CTX0CTX1CTX2_MARK, PC5MD_100), -+ PINMUX_DATA(CTX0_CTX1_CTX2_MARK, PC5MD_100), - PINMUX_DATA(IRQ0_PC_MARK, PC5MD_101), - - PINMUX_DATA(PC4_DATA, PC4MD_00), -@@ -1292,30 +1293,32 @@ static const u16 pinmux_data[] = { - PINMUX_DATA(LCD_DATA23_PJ23_MARK, PJ23MD_010), - PINMUX_DATA(LCD_TCON6_MARK, PJ23MD_011), - PINMUX_DATA(IRQ3_PJ_MARK, PJ23MD_100), -- PINMUX_DATA(CTX1_MARK, PJ23MD_101), -+ PINMUX_DATA(CTX1_PJ23_MARK, PJ23MD_101), -+ PINMUX_DATA(CTX0_CTX1_PJ23_MARK, PJ23MD_110), - - PINMUX_DATA(PJ22_DATA, PJ22MD_000), - PINMUX_DATA(DV_DATA22_MARK, PJ22MD_001), - PINMUX_DATA(LCD_DATA22_PJ22_MARK, PJ22MD_010), - PINMUX_DATA(LCD_TCON5_MARK, PJ22MD_011), - PINMUX_DATA(IRQ2_PJ_MARK, PJ22MD_100), -- PINMUX_DATA(CRX1_MARK, PJ22MD_101), -- PINMUX_DATA(CRX0_CRX1_MARK, PJ22MD_110), -+ PINMUX_DATA(CRX1_PJ22_MARK, PJ22MD_101), -+ PINMUX_DATA(CRX0_CRX1_PJ22_MARK, PJ22MD_110), - - PINMUX_DATA(PJ21_DATA, PJ21MD_000), - PINMUX_DATA(DV_DATA21_MARK, PJ21MD_001), - PINMUX_DATA(LCD_DATA21_PJ21_MARK, PJ21MD_010), - PINMUX_DATA(LCD_TCON4_MARK, PJ21MD_011), - PINMUX_DATA(IRQ1_PJ_MARK, PJ21MD_100), -- PINMUX_DATA(CTX2_MARK, PJ21MD_101), -+ PINMUX_DATA(CTX2_PJ21_MARK, PJ21MD_101), -+ PINMUX_DATA(CTX0_CTX1_CTX2_PJ21_MARK, PJ21MD_110), - - PINMUX_DATA(PJ20_DATA, PJ20MD_000), - PINMUX_DATA(DV_DATA20_MARK, PJ20MD_001), - PINMUX_DATA(LCD_DATA20_PJ20_MARK, PJ20MD_010), - PINMUX_DATA(LCD_TCON3_MARK, PJ20MD_011), - PINMUX_DATA(IRQ0_PJ_MARK, PJ20MD_100), -- PINMUX_DATA(CRX2_MARK, PJ20MD_101), -- PINMUX_DATA(CRX0CRX1CRX2_PJ20_MARK, PJ20MD_110), -+ PINMUX_DATA(CRX2_PJ20_MARK, PJ20MD_101), -+ PINMUX_DATA(CRX0_CRX1_CRX2_PJ20_MARK, PJ20MD_110), - - PINMUX_DATA(PJ19_DATA, PJ19MD_000), - PINMUX_DATA(DV_DATA19_MARK, PJ19MD_001), -@@ -1666,12 +1669,24 @@ static const struct pinmux_func pinmux_func_gpios[] = { - GPIO_FN(WDTOVF), - - /* CAN */ -+ GPIO_FN(CTX2), -+ GPIO_FN(CRX2), - GPIO_FN(CTX1), - GPIO_FN(CRX1), - GPIO_FN(CTX0), - GPIO_FN(CRX0), -+ GPIO_FN(CTX0_CTX1), - GPIO_FN(CRX0_CRX1), -+ GPIO_FN(CTX0_CTX1_CTX2), - GPIO_FN(CRX0_CRX1_CRX2), -+ GPIO_FN(CTX2_PJ21), -+ GPIO_FN(CRX2_PJ20), -+ GPIO_FN(CTX1_PJ23), -+ GPIO_FN(CRX1_PJ22), -+ GPIO_FN(CTX0_CTX1_PJ23), -+ GPIO_FN(CRX0_CRX1_PJ22), -+ GPIO_FN(CTX0_CTX1_CTX2_PJ21), -+ GPIO_FN(CRX0_CRX1_CRX2_PJ20), - - /* DMAC */ - GPIO_FN(TEND0), -diff --git a/drivers/pwm/pwm-omap-dmtimer.c b/drivers/pwm/pwm-omap-dmtimer.c -index 5ad42f33e70c..2e15acf13893 100644 ---- a/drivers/pwm/pwm-omap-dmtimer.c -+++ b/drivers/pwm/pwm-omap-dmtimer.c -@@ -337,6 +337,11 @@ static int pwm_omap_dmtimer_probe(struct platform_device *pdev) - static int pwm_omap_dmtimer_remove(struct platform_device *pdev) - { - struct pwm_omap_dmtimer_chip *omap = platform_get_drvdata(pdev); -+ int ret; -+ -+ ret = pwmchip_remove(&omap->chip); -+ if (ret) -+ return ret; - - if (pm_runtime_active(&omap->dm_timer_pdev->dev)) - omap->pdata->stop(omap->dm_timer); -@@ -345,7 +350,7 @@ static int pwm_omap_dmtimer_remove(struct platform_device *pdev) - - mutex_destroy(&omap->mutex); - -- return pwmchip_remove(&omap->chip); -+ return 0; - } - - static const struct of_device_id pwm_omap_dmtimer_of_match[] = { -diff --git a/drivers/pwm/pwm-pca9685.c b/drivers/pwm/pwm-pca9685.c -index 567f5e2771c4..e1e5dfcb16f3 100644 ---- a/drivers/pwm/pwm-pca9685.c -+++ b/drivers/pwm/pwm-pca9685.c -@@ -170,13 +170,9 @@ static void pca9685_pwm_gpio_set(struct gpio_chip *gpio, unsigned int offset, - static void pca9685_pwm_gpio_free(struct gpio_chip *gpio, unsigned int offset) - { - struct pca9685 *pca = gpiochip_get_data(gpio); -- struct pwm_device *pwm; - - pca9685_pwm_gpio_set(gpio, offset, 0); - pm_runtime_put(pca->chip.dev); -- mutex_lock(&pca->lock); -- pwm = &pca->chip.pwms[offset]; -- mutex_unlock(&pca->lock); - } - - static int pca9685_pwm_gpio_get_direction(struct gpio_chip *chip, -diff --git a/drivers/regulator/rk808-regulator.c b/drivers/regulator/rk808-regulator.c -index 213b68743cc8..92498ac50303 100644 ---- a/drivers/regulator/rk808-regulator.c -+++ b/drivers/regulator/rk808-regulator.c -@@ -714,7 +714,7 @@ static int rk808_regulator_dt_parse_pdata(struct device *dev, - } - - if (!pdata->dvs_gpio[i]) { -- dev_warn(dev, "there is no dvs%d gpio\n", i); -+ dev_info(dev, "there is no dvs%d gpio\n", i); - continue; - } - -diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c -index eab14b414bf0..cc733b89560a 100644 ---- a/drivers/remoteproc/remoteproc_core.c -+++ b/drivers/remoteproc/remoteproc_core.c -@@ -1620,7 +1620,7 @@ static int __init remoteproc_init(void) - - return 0; - } --module_init(remoteproc_init); -+subsys_initcall(remoteproc_init); - - static void __exit remoteproc_exit(void) - { -diff --git a/drivers/scsi/aic7xxx/aic7xxx_core.c b/drivers/scsi/aic7xxx/aic7xxx_core.c -index 381846164003..fdbb0a3dc9b4 100644 ---- a/drivers/scsi/aic7xxx/aic7xxx_core.c -+++ b/drivers/scsi/aic7xxx/aic7xxx_core.c -@@ -2321,7 +2321,7 @@ ahc_find_syncrate(struct ahc_softc *ahc, u_int *period, - * At some speeds, we only support - * ST transfers. - */ -- if ((syncrate->sxfr_u2 & ST_SXFR) != 0) -+ if ((syncrate->sxfr_u2 & ST_SXFR) != 0) - *ppr_options &= ~MSG_EXT_PPR_DT_REQ; - break; - } -diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c -index 7e3a77d3c6f0..e3ca16043f9a 100644 ---- a/drivers/scsi/iscsi_tcp.c -+++ b/drivers/scsi/iscsi_tcp.c -@@ -890,6 +890,10 @@ free_host: - static void iscsi_sw_tcp_session_destroy(struct iscsi_cls_session *cls_session) - { - struct Scsi_Host *shost = iscsi_session_to_shost(cls_session); -+ struct iscsi_session *session = cls_session->dd_data; -+ -+ if (WARN_ON_ONCE(session->leadconn)) -+ return; - - iscsi_tcp_r2tpool_free(cls_session->dd_data); - iscsi_session_teardown(cls_session); -diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index 5f9d4dbc4a98..d4024015f859 100644 ---- a/drivers/scsi/qla2xxx/qla_os.c -+++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -3178,6 +3178,10 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) - base_vha->mgmt_svr_loop_id, host->sg_tablesize); - - ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 0); -+ if (unlikely(!ha->wq)) { -+ ret = -ENOMEM; -+ goto probe_failed; -+ } - - if (ha->mqenable) { - bool mq = false; -diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 95d71e301a53..aecb563a2b4e 100644 ---- a/drivers/scsi/scsi_transport_iscsi.c -+++ b/drivers/scsi/scsi_transport_iscsi.c -@@ -2945,6 +2945,24 @@ iscsi_set_path(struct iscsi_transport *transport, struct iscsi_uevent *ev) - return err; - } - -+static int iscsi_session_has_conns(int sid) -+{ -+ struct iscsi_cls_conn *conn; -+ unsigned long flags; -+ int found = 0; -+ -+ spin_lock_irqsave(&connlock, flags); -+ list_for_each_entry(conn, &connlist, conn_list) { -+ if (iscsi_conn_get_sid(conn) == sid) { -+ found = 1; -+ break; -+ } -+ } -+ spin_unlock_irqrestore(&connlock, flags); -+ -+ return found; -+} -+ - static int - iscsi_set_iface_params(struct iscsi_transport *transport, - struct iscsi_uevent *ev, uint32_t len) -@@ -3522,10 +3540,12 @@ iscsi_if_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, uint32_t *group) - break; - case ISCSI_UEVENT_DESTROY_SESSION: - session = iscsi_session_lookup(ev->u.d_session.sid); -- if (session) -- transport->destroy_session(session); -- else -+ if (!session) - err = -EINVAL; -+ else if (iscsi_session_has_conns(ev->u.d_session.sid)) -+ err = -EBUSY; -+ else -+ transport->destroy_session(session); - break; - case ISCSI_UEVENT_UNBIND_SESSION: - session = iscsi_session_lookup(ev->u.d_session.sid); -diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c -index ce40de334f11..c35045324695 100644 ---- a/drivers/scsi/ufs/ufshcd.c -+++ b/drivers/scsi/ufs/ufshcd.c -@@ -4580,7 +4580,7 @@ ufshcd_transfer_rsp_status(struct ufs_hba *hba, struct ufshcd_lrb *lrbp) - break; - } /* end of switch */ - -- if (host_byte(result) != DID_OK) -+ if ((host_byte(result) != DID_OK) && !hba->silence_err_logs) - ufshcd_print_trs(hba, 1 << lrbp->task_tag, true); - return result; - } -@@ -5109,8 +5109,8 @@ static void ufshcd_err_handler(struct work_struct *work) - - /* - * if host reset is required then skip clearing the pending -- * transfers forcefully because they will automatically get -- * cleared after link startup. -+ * transfers forcefully because they will get cleared during -+ * host reset and restore - */ - if (needs_reset) - goto skip_pending_xfer_clear; -@@ -5749,9 +5749,15 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) - int err; - unsigned long flags; - -- /* Reset the host controller */ -+ /* -+ * Stop the host controller and complete the requests -+ * cleared by h/w -+ */ - spin_lock_irqsave(hba->host->host_lock, flags); - ufshcd_hba_stop(hba, false); -+ hba->silence_err_logs = true; -+ ufshcd_complete_requests(hba); -+ hba->silence_err_logs = false; - spin_unlock_irqrestore(hba->host->host_lock, flags); - - /* scale up clocks to max frequency before full reinitialization */ -@@ -5785,22 +5791,12 @@ out: - static int ufshcd_reset_and_restore(struct ufs_hba *hba) - { - int err = 0; -- unsigned long flags; - int retries = MAX_HOST_RESET_RETRIES; - - do { - err = ufshcd_host_reset_and_restore(hba); - } while (err && --retries); - -- /* -- * After reset the door-bell might be cleared, complete -- * outstanding requests in s/w here. -- */ -- spin_lock_irqsave(hba->host->host_lock, flags); -- ufshcd_transfer_req_compl(hba); -- ufshcd_tmc_handler(hba); -- spin_unlock_irqrestore(hba->host->host_lock, flags); -- - return err; - } - -diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h -index cdc8bd05f7df..4aac4d86f57b 100644 ---- a/drivers/scsi/ufs/ufshcd.h -+++ b/drivers/scsi/ufs/ufshcd.h -@@ -485,6 +485,7 @@ struct ufs_stats { - * @uic_error: UFS interconnect layer error status - * @saved_err: sticky error mask - * @saved_uic_err: sticky UIC error mask -+ * @silence_err_logs: flag to silence error logs - * @dev_cmd: ufs device management command information - * @last_dme_cmd_tstamp: time stamp of the last completed DME command - * @auto_bkops_enabled: to track whether bkops is enabled in device -@@ -621,6 +622,7 @@ struct ufs_hba { - u32 saved_err; - u32 saved_uic_err; - struct ufs_stats ufs_stats; -+ bool silence_err_logs; - - /* Device management request data */ - struct ufs_dev_cmd dev_cmd; -diff --git a/drivers/soc/tegra/fuse/tegra-apbmisc.c b/drivers/soc/tegra/fuse/tegra-apbmisc.c -index 5b18f6ffa45c..cd61c883c19f 100644 ---- a/drivers/soc/tegra/fuse/tegra-apbmisc.c -+++ b/drivers/soc/tegra/fuse/tegra-apbmisc.c -@@ -134,7 +134,7 @@ void __init tegra_init_apbmisc(void) - apbmisc.flags = IORESOURCE_MEM; - - /* strapping options */ -- if (tegra_get_chip_id() == TEGRA124) { -+ if (of_machine_is_compatible("nvidia,tegra124")) { - straps.start = 0x7000e864; - straps.end = 0x7000e867; - } else { -diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c -index 4151bb44a410..9481c0b23386 100644 ---- a/drivers/staging/android/ashmem.c -+++ b/drivers/staging/android/ashmem.c -@@ -361,8 +361,23 @@ static inline vm_flags_t calc_vm_may_flags(unsigned long prot) - _calc_vm_trans(prot, PROT_EXEC, VM_MAYEXEC); - } - -+static int ashmem_vmfile_mmap(struct file *file, struct vm_area_struct *vma) -+{ -+ /* do not allow to mmap ashmem backing shmem file directly */ -+ return -EPERM; -+} -+ -+static unsigned long -+ashmem_vmfile_get_unmapped_area(struct file *file, unsigned long addr, -+ unsigned long len, unsigned long pgoff, -+ unsigned long flags) -+{ -+ return current->mm->get_unmapped_area(file, addr, len, pgoff, flags); -+} -+ - static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) - { -+ static struct file_operations vmfile_fops; - struct ashmem_area *asma = file->private_data; - int ret = 0; - -@@ -403,6 +418,19 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) - } - vmfile->f_mode |= FMODE_LSEEK; - asma->file = vmfile; -+ /* -+ * override mmap operation of the vmfile so that it can't be -+ * remapped which would lead to creation of a new vma with no -+ * asma permission checks. Have to override get_unmapped_area -+ * as well to prevent VM_BUG_ON check for f_ops modification. -+ */ -+ if (!vmfile_fops.mmap) { -+ vmfile_fops = *vmfile->f_op; -+ vmfile_fops.mmap = ashmem_vmfile_mmap; -+ vmfile_fops.get_unmapped_area = -+ ashmem_vmfile_get_unmapped_area; -+ } -+ vmfile->f_op = &vmfile_fops; - } - get_file(asma->file); - -diff --git a/drivers/staging/greybus/audio_manager.c b/drivers/staging/greybus/audio_manager.c -index aa6508b44fab..ed7c32542cb3 100644 ---- a/drivers/staging/greybus/audio_manager.c -+++ b/drivers/staging/greybus/audio_manager.c -@@ -90,8 +90,8 @@ void gb_audio_manager_remove_all(void) - - list_for_each_entry_safe(module, next, &modules_list, list) { - list_del(&module->list); -- kobject_put(&module->kobj); - ida_simple_remove(&module_id, module->id); -+ kobject_put(&module->kobj); - } - - is_empty = list_empty(&modules_list); -diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c -index 446310775e90..184fc05a0f8b 100644 ---- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c -+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c -@@ -2051,7 +2051,7 @@ static int wpa_supplicant_ioctl(struct net_device *dev, struct iw_point *p) - struct ieee_param *param; - uint ret = 0; - -- if (p->length < sizeof(struct ieee_param) || !p->pointer) { -+ if (!p->pointer || p->length != sizeof(struct ieee_param)) { - ret = -EINVAL; - goto out; - } -@@ -2856,7 +2856,7 @@ static int rtw_hostapd_ioctl(struct net_device *dev, struct iw_point *p) - goto out; - } - -- if (!p->pointer) { -+ if (!p->pointer || p->length != sizeof(struct ieee_param)) { - ret = -EINVAL; - goto out; - } -diff --git a/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c b/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c -index d0b317077511..f92f9073c507 100644 ---- a/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c -+++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c -@@ -486,14 +486,13 @@ int rtl8723bs_xmit_thread(void *context) - s32 ret; - struct adapter *padapter; - struct xmit_priv *pxmitpriv; -- u8 thread_name[20] = "RTWHALXT"; -- -+ u8 thread_name[20]; - - ret = _SUCCESS; - padapter = context; - pxmitpriv = &padapter->xmitpriv; - -- rtw_sprintf(thread_name, 20, "%s-"ADPT_FMT, thread_name, ADPT_ARG(padapter)); -+ rtw_sprintf(thread_name, 20, "RTWHALXT-" ADPT_FMT, ADPT_ARG(padapter)); - thread_enter(thread_name); - - DBG_871X("start "FUNC_ADPT_FMT"\n", FUNC_ADPT_ARG(padapter)); -diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c -index 1b61da61690b..d51f6c452972 100644 ---- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c -+++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c -@@ -3495,7 +3495,7 @@ static int wpa_supplicant_ioctl(struct net_device *dev, struct iw_point *p) - - /* down(&ieee->wx_sem); */ - -- if (p->length < sizeof(struct ieee_param) || !p->pointer) { -+ if (!p->pointer || p->length != sizeof(struct ieee_param)) { - ret = -EINVAL; - goto out; - } -@@ -4340,7 +4340,7 @@ static int rtw_hostapd_ioctl(struct net_device *dev, struct iw_point *p) - - - /* if (p->length < sizeof(struct ieee_param) || !p->pointer) { */ -- if (!p->pointer) { -+ if (!p->pointer || p->length != sizeof(*param)) { - ret = -EINVAL; - goto out; - } -diff --git a/drivers/staging/vt6656/dpc.c b/drivers/staging/vt6656/dpc.c -index 655f0002f880..7b73fa2f8834 100644 ---- a/drivers/staging/vt6656/dpc.c -+++ b/drivers/staging/vt6656/dpc.c -@@ -140,7 +140,7 @@ int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb, - - vnt_rf_rssi_to_dbm(priv, *rssi, &rx_dbm); - -- priv->bb_pre_ed_rssi = (u8)rx_dbm + 1; -+ priv->bb_pre_ed_rssi = (u8)-rx_dbm + 1; - priv->current_rssi = priv->bb_pre_ed_rssi; - - frame = skb_data + 8; -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 37d64acea5e1..fb7bd422e2e1 100644 ---- a/drivers/target/iscsi/iscsi_target.c -+++ b/drivers/target/iscsi/iscsi_target.c -@@ -1158,9 +1158,7 @@ int iscsit_setup_scsi_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, - hdr->cmdsn, be32_to_cpu(hdr->data_length), payload_length, - conn->cid); - -- if (target_get_sess_cmd(&cmd->se_cmd, true) < 0) -- return iscsit_add_reject_cmd(cmd, -- ISCSI_REASON_WAITING_FOR_LOGOUT, buf); -+ target_get_sess_cmd(&cmd->se_cmd, true); - - cmd->sense_reason = transport_lookup_cmd_lun(&cmd->se_cmd, - scsilun_to_int(&hdr->lun)); -@@ -2006,9 +2004,7 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, - conn->sess->se_sess, 0, DMA_NONE, - TCM_SIMPLE_TAG, cmd->sense_buffer + 2); - -- if (target_get_sess_cmd(&cmd->se_cmd, true) < 0) -- return iscsit_add_reject_cmd(cmd, -- ISCSI_REASON_WAITING_FOR_LOGOUT, buf); -+ target_get_sess_cmd(&cmd->se_cmd, true); - - /* - * TASK_REASSIGN for ERL=2 / connection stays inside of -@@ -4155,6 +4151,9 @@ int iscsit_close_connection( - iscsit_stop_nopin_response_timer(conn); - iscsit_stop_nopin_timer(conn); - -+ if (conn->conn_transport->iscsit_wait_conn) -+ conn->conn_transport->iscsit_wait_conn(conn); -+ - /* - * During Connection recovery drop unacknowledged out of order - * commands for this connection, and prepare the other commands -@@ -4237,11 +4236,6 @@ int iscsit_close_connection( - * must wait until they have completed. - */ - iscsit_check_conn_usage_count(conn); -- target_sess_cmd_list_set_waiting(sess->se_sess); -- target_wait_for_sess_cmds(sess->se_sess); -- -- if (conn->conn_transport->iscsit_wait_conn) -- conn->conn_transport->iscsit_wait_conn(conn); - - ahash_request_free(conn->conn_tx_hash); - if (conn->conn_rx_hash) { -diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c -index fe2384b019ec..9cfc65ca173d 100644 ---- a/drivers/thunderbolt/switch.c -+++ b/drivers/thunderbolt/switch.c -@@ -240,6 +240,12 @@ static int tb_switch_nvm_read(void *priv, unsigned int offset, void *val, - return dma_port_flash_read(sw->dma_port, offset, val, bytes); - } - -+static int tb_switch_nvm_no_read(void *priv, unsigned int offset, void *val, -+ size_t bytes) -+{ -+ return -EPERM; -+} -+ - static int tb_switch_nvm_write(void *priv, unsigned int offset, void *val, - size_t bytes) - { -@@ -285,6 +291,7 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id, - config.read_only = true; - } else { - config.name = "nvm_non_active"; -+ config.reg_read = tb_switch_nvm_no_read; - config.reg_write = tb_switch_nvm_write; - config.root_only = true; - } -diff --git a/drivers/tty/serdev/serdev-ttyport.c b/drivers/tty/serdev/serdev-ttyport.c -index 69fc6d9ab490..88cf520da739 100644 ---- a/drivers/tty/serdev/serdev-ttyport.c -+++ b/drivers/tty/serdev/serdev-ttyport.c -@@ -238,7 +238,6 @@ struct device *serdev_tty_port_register(struct tty_port *port, - struct device *parent, - struct tty_driver *drv, int idx) - { -- const struct tty_port_client_operations *old_ops; - struct serdev_controller *ctrl; - struct serport *serport; - int ret; -@@ -257,7 +256,6 @@ struct device *serdev_tty_port_register(struct tty_port *port, - - ctrl->ops = &ctrl_ops; - -- old_ops = port->client_ops; - port->client_ops = &client_ops; - port->client_data = ctrl; - -@@ -270,7 +268,7 @@ struct device *serdev_tty_port_register(struct tty_port *port, - - err_reset_data: - port->client_data = NULL; -- port->client_ops = old_ops; -+ port->client_ops = &tty_port_default_client_ops; - serdev_controller_put(ctrl); - - return ERR_PTR(ret); -@@ -285,8 +283,8 @@ int serdev_tty_port_unregister(struct tty_port *port) - return -ENODEV; - - serdev_controller_remove(ctrl); -- port->client_ops = NULL; - port->client_data = NULL; -+ port->client_ops = &tty_port_default_client_ops; - serdev_controller_put(ctrl); - - return 0; -diff --git a/drivers/tty/serial/8250/8250_aspeed_vuart.c b/drivers/tty/serial/8250/8250_aspeed_vuart.c -index 33a801353114..0a89df390f24 100644 ---- a/drivers/tty/serial/8250/8250_aspeed_vuart.c -+++ b/drivers/tty/serial/8250/8250_aspeed_vuart.c -@@ -256,7 +256,6 @@ static int aspeed_vuart_probe(struct platform_device *pdev) - port.port.line = rc; - - port.port.irq = irq_of_parse_and_map(np, 0); -- port.port.irqflags = IRQF_SHARED; - port.port.iotype = UPIO_MEM; - port.port.type = PORT_16550A; - port.port.uartclk = clk; -diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c -index c698ebab6d3b..5017a0f46b82 100644 ---- a/drivers/tty/serial/8250/8250_core.c -+++ b/drivers/tty/serial/8250/8250_core.c -@@ -181,7 +181,7 @@ static int serial_link_irq_chain(struct uart_8250_port *up) - struct hlist_head *h; - struct hlist_node *n; - struct irq_info *i; -- int ret, irq_flags = up->port.flags & UPF_SHARE_IRQ ? IRQF_SHARED : 0; -+ int ret; - - mutex_lock(&hash_mutex); - -@@ -216,9 +216,8 @@ static int serial_link_irq_chain(struct uart_8250_port *up) - INIT_LIST_HEAD(&up->list); - i->head = &up->list; - spin_unlock_irq(&i->lock); -- irq_flags |= up->port.irqflags; - ret = request_irq(up->port.irq, serial8250_interrupt, -- irq_flags, up->port.name, i); -+ up->port.irqflags, up->port.name, i); - if (ret < 0) - serial_do_unlink(i, up); - } -diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c -index a73d2bc4b685..90a93c001e16 100644 ---- a/drivers/tty/serial/8250/8250_port.c -+++ b/drivers/tty/serial/8250/8250_port.c -@@ -2258,6 +2258,10 @@ int serial8250_do_startup(struct uart_port *port) - } - } - -+ /* Check if we need to have shared IRQs */ -+ if (port->irq && (up->port.flags & UPF_SHARE_IRQ)) -+ up->port.irqflags |= IRQF_SHARED; -+ - if (port->irq && !(up->port.flags & UPF_NO_THRE_TEST)) { - unsigned char iir1; - /* -diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c -index 367ce812743e..a00227d312d3 100644 ---- a/drivers/tty/serial/atmel_serial.c -+++ b/drivers/tty/serial/atmel_serial.c -@@ -498,7 +498,8 @@ static void atmel_stop_tx(struct uart_port *port) - atmel_uart_writel(port, ATMEL_US_IDR, atmel_port->tx_done_mask); - - if (atmel_uart_is_half_duplex(port)) -- atmel_start_rx(port); -+ if (!atomic_read(&atmel_port->tasklet_shutdown)) -+ atmel_start_rx(port); - - } - -diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c -index a81a5be0cf7a..630065b551f5 100644 ---- a/drivers/tty/serial/imx.c -+++ b/drivers/tty/serial/imx.c -@@ -80,7 +80,7 @@ - #define UCR1_IDEN (1<<12) /* Idle condition interrupt */ - #define UCR1_ICD_REG(x) (((x) & 3) << 10) /* idle condition detect */ - #define UCR1_RRDYEN (1<<9) /* Recv ready interrupt enable */ --#define UCR1_RDMAEN (1<<8) /* Recv ready DMA enable */ -+#define UCR1_RXDMAEN (1<<8) /* Recv ready DMA enable */ - #define UCR1_IREN (1<<7) /* Infrared interface enable */ - #define UCR1_TXMPTYEN (1<<6) /* Transimitter empty interrupt enable */ - #define UCR1_RTSDEN (1<<5) /* RTS delta interrupt enable */ -@@ -352,6 +352,30 @@ static void imx_port_rts_auto(struct imx_port *sport, unsigned long *ucr2) - *ucr2 |= UCR2_CTSC; - } - -+/* -+ * interrupts disabled on entry -+ */ -+static void imx_start_rx(struct uart_port *port) -+{ -+ struct imx_port *sport = (struct imx_port *)port; -+ unsigned int ucr1, ucr2; -+ -+ ucr1 = readl(port->membase + UCR1); -+ ucr2 = readl(port->membase + UCR2); -+ -+ ucr2 |= UCR2_RXEN; -+ -+ if (sport->dma_is_enabled) { -+ ucr1 |= UCR1_RXDMAEN | UCR1_ATDMAEN; -+ } else { -+ ucr1 |= UCR1_RRDYEN; -+ } -+ -+ /* Write UCR2 first as it includes RXEN */ -+ writel(ucr2, port->membase + UCR2); -+ writel(ucr1, port->membase + UCR1); -+} -+ - /* - * interrupts disabled on entry - */ -@@ -378,9 +402,10 @@ static void imx_stop_tx(struct uart_port *port) - imx_port_rts_active(sport, &temp); - else - imx_port_rts_inactive(sport, &temp); -- temp |= UCR2_RXEN; - writel(temp, port->membase + UCR2); - -+ imx_start_rx(port); -+ - temp = readl(port->membase + UCR4); - temp &= ~UCR4_TCEN; - writel(temp, port->membase + UCR4); -@@ -393,7 +418,7 @@ static void imx_stop_tx(struct uart_port *port) - static void imx_stop_rx(struct uart_port *port) - { - struct imx_port *sport = (struct imx_port *)port; -- unsigned long temp; -+ unsigned long ucr1, ucr2; - - if (sport->dma_is_enabled && sport->dma_is_rxing) { - if (sport->port.suspended) { -@@ -404,12 +429,18 @@ static void imx_stop_rx(struct uart_port *port) - } - } - -- temp = readl(sport->port.membase + UCR2); -- writel(temp & ~UCR2_RXEN, sport->port.membase + UCR2); -+ ucr1 = readl(sport->port.membase + UCR1); -+ ucr2 = readl(sport->port.membase + UCR2); - -- /* disable the `Receiver Ready Interrrupt` */ -- temp = readl(sport->port.membase + UCR1); -- writel(temp & ~UCR1_RRDYEN, sport->port.membase + UCR1); -+ if (sport->dma_is_enabled) { -+ ucr1 &= ~(UCR1_RXDMAEN | UCR1_ATDMAEN); -+ } else { -+ ucr1 &= ~UCR1_RRDYEN; -+ } -+ writel(ucr1, port->membase + UCR1); -+ -+ ucr2 &= ~UCR2_RXEN; -+ writel(ucr2, port->membase + UCR2); - } - - /* -@@ -526,7 +557,7 @@ static void imx_dma_tx(struct imx_port *sport) - - sport->tx_bytes = uart_circ_chars_pending(xmit); - -- if (xmit->tail < xmit->head) { -+ if (xmit->tail < xmit->head || xmit->head == 0) { - sport->dma_tx_nents = 1; - sg_init_one(sgl, xmit->buf + xmit->tail, sport->tx_bytes); - } else { -@@ -581,10 +612,11 @@ static void imx_start_tx(struct uart_port *port) - imx_port_rts_active(sport, &temp); - else - imx_port_rts_inactive(sport, &temp); -- if (!(port->rs485.flags & SER_RS485_RX_DURING_TX)) -- temp &= ~UCR2_RXEN; - writel(temp, port->membase + UCR2); - -+ if (!(port->rs485.flags & SER_RS485_RX_DURING_TX)) -+ imx_stop_rx(port); -+ - /* enable transmitter and shifter empty irq */ - temp = readl(port->membase + UCR4); - temp |= UCR4_TCEN; -@@ -811,14 +843,42 @@ static void imx_mctrl_check(struct imx_port *sport) - static irqreturn_t imx_int(int irq, void *dev_id) - { - struct imx_port *sport = dev_id; -- unsigned int sts; -- unsigned int sts2; -+ unsigned int usr1, usr2, ucr1, ucr2, ucr3, ucr4; - irqreturn_t ret = IRQ_NONE; - -- sts = readl(sport->port.membase + USR1); -- sts2 = readl(sport->port.membase + USR2); -+ usr1 = readl(sport->port.membase + USR1); -+ usr2 = readl(sport->port.membase + USR2); -+ ucr1 = readl(sport->port.membase + UCR1); -+ ucr2 = readl(sport->port.membase + UCR2); -+ ucr3 = readl(sport->port.membase + UCR3); -+ ucr4 = readl(sport->port.membase + UCR4); - -- if (sts & (USR1_RRDY | USR1_AGTIM)) { -+ /* -+ * Even if a condition is true that can trigger an irq only handle it if -+ * the respective irq source is enabled. This prevents some undesired -+ * actions, for example if a character that sits in the RX FIFO and that -+ * should be fetched via DMA is tried to be fetched using PIO. Or the -+ * receiver is currently off and so reading from URXD0 results in an -+ * exception. So just mask the (raw) status bits for disabled irqs. -+ */ -+ if ((ucr1 & UCR1_RRDYEN) == 0) -+ usr1 &= ~USR1_RRDY; -+ if ((ucr2 & UCR2_ATEN) == 0) -+ usr1 &= ~USR1_AGTIM; -+ if ((ucr1 & UCR1_TXMPTYEN) == 0) -+ usr1 &= ~USR1_TRDY; -+ if ((ucr4 & UCR4_TCEN) == 0) -+ usr2 &= ~USR2_TXDC; -+ if ((ucr3 & UCR3_DTRDEN) == 0) -+ usr1 &= ~USR1_DTRD; -+ if ((ucr1 & UCR1_RTSDEN) == 0) -+ usr1 &= ~USR1_RTSD; -+ if ((ucr3 & UCR3_AWAKEN) == 0) -+ usr1 &= ~USR1_AWAKE; -+ if ((ucr4 & UCR4_OREN) == 0) -+ usr2 &= ~USR2_ORE; -+ -+ if (usr1 & (USR1_RRDY | USR1_AGTIM)) { - if (sport->dma_is_enabled) - imx_dma_rxint(sport); - else -@@ -826,18 +886,15 @@ static irqreturn_t imx_int(int irq, void *dev_id) - ret = IRQ_HANDLED; - } - -- if ((sts & USR1_TRDY && -- readl(sport->port.membase + UCR1) & UCR1_TXMPTYEN) || -- (sts2 & USR2_TXDC && -- readl(sport->port.membase + UCR4) & UCR4_TCEN)) { -+ if ((usr1 & USR1_TRDY) || (usr2 & USR2_TXDC)) { - imx_txint(irq, dev_id); - ret = IRQ_HANDLED; - } - -- if (sts & USR1_DTRD) { -+ if (usr1 & USR1_DTRD) { - unsigned long flags; - -- if (sts & USR1_DTRD) -+ if (usr1 & USR1_DTRD) - writel(USR1_DTRD, sport->port.membase + USR1); - - spin_lock_irqsave(&sport->port.lock, flags); -@@ -847,17 +904,17 @@ static irqreturn_t imx_int(int irq, void *dev_id) - ret = IRQ_HANDLED; - } - -- if (sts & USR1_RTSD) { -+ if (usr1 & USR1_RTSD) { - imx_rtsint(irq, dev_id); - ret = IRQ_HANDLED; - } - -- if (sts & USR1_AWAKE) { -+ if (usr1 & USR1_AWAKE) { - writel(USR1_AWAKE, sport->port.membase + USR1); - ret = IRQ_HANDLED; - } - -- if (sts2 & USR2_ORE) { -+ if (usr2 & USR2_ORE) { - sport->port.icount.overrun++; - writel(USR2_ORE, sport->port.membase + USR2); - ret = IRQ_HANDLED; -@@ -1206,7 +1263,7 @@ static void imx_enable_dma(struct imx_port *sport) - - /* set UCR1 */ - temp = readl(sport->port.membase + UCR1); -- temp |= UCR1_RDMAEN | UCR1_TDMAEN | UCR1_ATDMAEN; -+ temp |= UCR1_RXDMAEN | UCR1_TDMAEN | UCR1_ATDMAEN; - writel(temp, sport->port.membase + UCR1); - - temp = readl(sport->port.membase + UCR2); -@@ -1224,7 +1281,7 @@ static void imx_disable_dma(struct imx_port *sport) - - /* clear UCR1 */ - temp = readl(sport->port.membase + UCR1); -- temp &= ~(UCR1_RDMAEN | UCR1_TDMAEN | UCR1_ATDMAEN); -+ temp &= ~(UCR1_RXDMAEN | UCR1_TDMAEN | UCR1_ATDMAEN); - writel(temp, sport->port.membase + UCR1); - - /* clear UCR2 */ -@@ -1289,11 +1346,9 @@ static int imx_startup(struct uart_port *port) - writel(USR1_RTSD | USR1_DTRD, sport->port.membase + USR1); - writel(USR2_ORE, sport->port.membase + USR2); - -- if (sport->dma_is_inited && !sport->dma_is_enabled) -- imx_enable_dma(sport); -- - temp = readl(sport->port.membase + UCR1); -- temp |= UCR1_RRDYEN | UCR1_UARTEN; -+ temp &= ~UCR1_RRDYEN; -+ temp |= UCR1_UARTEN; - if (sport->have_rtscts) - temp |= UCR1_RTSDEN; - -@@ -1332,14 +1387,13 @@ static int imx_startup(struct uart_port *port) - */ - imx_enable_ms(&sport->port); - -- /* -- * Start RX DMA immediately instead of waiting for RX FIFO interrupts. -- * In our iMX53 the average delay for the first reception dropped from -- * approximately 35000 microseconds to 1000 microseconds. -- */ -- if (sport->dma_is_enabled) { -- imx_disable_rx_int(sport); -+ if (sport->dma_is_inited) { -+ imx_enable_dma(sport); - start_rx_dma(sport); -+ } else { -+ temp = readl(sport->port.membase + UCR1); -+ temp |= UCR1_RRDYEN; -+ writel(temp, sport->port.membase + UCR1); - } - - spin_unlock_irqrestore(&sport->port.lock, flags); -@@ -1386,7 +1440,8 @@ static void imx_shutdown(struct uart_port *port) - - spin_lock_irqsave(&sport->port.lock, flags); - temp = readl(sport->port.membase + UCR1); -- temp &= ~(UCR1_TXMPTYEN | UCR1_RRDYEN | UCR1_RTSDEN | UCR1_UARTEN); -+ temp &= ~(UCR1_TXMPTYEN | UCR1_RRDYEN | UCR1_RTSDEN | UCR1_UARTEN | -+ UCR1_RXDMAEN | UCR1_ATDMAEN); - - writel(temp, sport->port.membase + UCR1); - spin_unlock_irqrestore(&sport->port.lock, flags); -@@ -1659,7 +1714,7 @@ static int imx_poll_init(struct uart_port *port) - { - struct imx_port *sport = (struct imx_port *)port; - unsigned long flags; -- unsigned long temp; -+ unsigned long ucr1, ucr2; - int retval; - - retval = clk_prepare_enable(sport->clk_ipg); -@@ -1673,16 +1728,29 @@ static int imx_poll_init(struct uart_port *port) - - spin_lock_irqsave(&sport->port.lock, flags); - -- temp = readl(sport->port.membase + UCR1); -+ /* -+ * Be careful about the order of enabling bits here. First enable the -+ * receiver (UARTEN + RXEN) and only then the corresponding irqs. -+ * This prevents that a character that already sits in the RX fifo is -+ * triggering an irq but the try to fetch it from there results in an -+ * exception because UARTEN or RXEN is still off. -+ */ -+ ucr1 = readl(port->membase + UCR1); -+ ucr2 = readl(port->membase + UCR2); -+ - if (is_imx1_uart(sport)) -- temp |= IMX1_UCR1_UARTCLKEN; -- temp |= UCR1_UARTEN | UCR1_RRDYEN; -- temp &= ~(UCR1_TXMPTYEN | UCR1_RTSDEN); -- writel(temp, sport->port.membase + UCR1); -+ ucr1 |= IMX1_UCR1_UARTCLKEN; - -- temp = readl(sport->port.membase + UCR2); -- temp |= UCR2_RXEN; -- writel(temp, sport->port.membase + UCR2); -+ ucr1 |= UCR1_UARTEN; -+ ucr1 &= ~(UCR1_TXMPTYEN | UCR1_RTSDEN | UCR1_RRDYEN); -+ -+ ucr2 |= UCR2_RXEN; -+ -+ writel(ucr1, sport->port.membase + UCR1); -+ writel(ucr2, sport->port.membase + UCR2); -+ -+ /* now enable irqs */ -+ writel(ucr1 | UCR1_RRDYEN, sport->port.membase + UCR1); - - spin_unlock_irqrestore(&sport->port.lock, flags); - -@@ -1742,11 +1810,8 @@ static int imx_rs485_config(struct uart_port *port, - - /* Make sure Rx is enabled in case Tx is active with Rx disabled */ - if (!(rs485conf->flags & SER_RS485_ENABLED) || -- rs485conf->flags & SER_RS485_RX_DURING_TX) { -- temp = readl(sport->port.membase + UCR2); -- temp |= UCR2_RXEN; -- writel(temp, sport->port.membase + UCR2); -- } -+ rs485conf->flags & SER_RS485_RX_DURING_TX) -+ imx_start_rx(port); - - port->rs485 = *rs485conf; - -diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index 344e8c427c7e..9d68f89a2bf8 100644 ---- a/drivers/tty/synclink_gt.c -+++ b/drivers/tty/synclink_gt.c -@@ -1349,10 +1349,10 @@ static void throttle(struct tty_struct * tty) - DBGINFO(("%s throttle\n", info->device_name)); - if (I_IXOFF(tty)) - send_xchar(tty, STOP_CHAR(tty)); -- if (C_CRTSCTS(tty)) { -+ if (C_CRTSCTS(tty)) { - spin_lock_irqsave(&info->lock,flags); - info->signals &= ~SerialSignal_RTS; -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - } -@@ -1374,10 +1374,10 @@ static void unthrottle(struct tty_struct * tty) - else - send_xchar(tty, START_CHAR(tty)); - } -- if (C_CRTSCTS(tty)) { -+ if (C_CRTSCTS(tty)) { - spin_lock_irqsave(&info->lock,flags); - info->signals |= SerialSignal_RTS; -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - } -@@ -2575,8 +2575,8 @@ static void change_params(struct slgt_info *info) - info->read_status_mask = IRQ_RXOVER; - if (I_INPCK(info->port.tty)) - info->read_status_mask |= MASK_PARITY | MASK_FRAMING; -- if (I_BRKINT(info->port.tty) || I_PARMRK(info->port.tty)) -- info->read_status_mask |= MASK_BREAK; -+ if (I_BRKINT(info->port.tty) || I_PARMRK(info->port.tty)) -+ info->read_status_mask |= MASK_BREAK; - if (I_IGNPAR(info->port.tty)) - info->ignore_status_mask |= MASK_PARITY | MASK_FRAMING; - if (I_IGNBRK(info->port.tty)) { -@@ -3207,7 +3207,7 @@ static int tiocmset(struct tty_struct *tty, - info->signals &= ~SerialSignal_DTR; - - spin_lock_irqsave(&info->lock,flags); -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - return 0; - } -@@ -3218,7 +3218,7 @@ static int carrier_raised(struct tty_port *port) - struct slgt_info *info = container_of(port, struct slgt_info, port); - - spin_lock_irqsave(&info->lock,flags); -- get_signals(info); -+ get_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - return (info->signals & SerialSignal_DCD) ? 1 : 0; - } -@@ -3233,7 +3233,7 @@ static void dtr_rts(struct tty_port *port, int on) - info->signals |= SerialSignal_RTS | SerialSignal_DTR; - else - info->signals &= ~(SerialSignal_RTS | SerialSignal_DTR); -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - -diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index 4fed9e7b281f..3c9e314406b4 100644 ---- a/drivers/tty/synclinkmp.c -+++ b/drivers/tty/synclinkmp.c -@@ -1467,10 +1467,10 @@ static void throttle(struct tty_struct * tty) - if (I_IXOFF(tty)) - send_xchar(tty, STOP_CHAR(tty)); - -- if (C_CRTSCTS(tty)) { -+ if (C_CRTSCTS(tty)) { - spin_lock_irqsave(&info->lock,flags); - info->serial_signals &= ~SerialSignal_RTS; -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - } -@@ -1496,10 +1496,10 @@ static void unthrottle(struct tty_struct * tty) - send_xchar(tty, START_CHAR(tty)); - } - -- if (C_CRTSCTS(tty)) { -+ if (C_CRTSCTS(tty)) { - spin_lock_irqsave(&info->lock,flags); - info->serial_signals |= SerialSignal_RTS; -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - } -@@ -2484,7 +2484,7 @@ static void isr_io_pin( SLMP_INFO *info, u16 status ) - if (status & SerialSignal_CTS) { - if ( debug_level >= DEBUG_LEVEL_ISR ) - printk("CTS tx start..."); -- info->port.tty->hw_stopped = 0; -+ info->port.tty->hw_stopped = 0; - tx_start(info); - info->pending_bh |= BH_TRANSMIT; - return; -@@ -2493,7 +2493,7 @@ static void isr_io_pin( SLMP_INFO *info, u16 status ) - if (!(status & SerialSignal_CTS)) { - if ( debug_level >= DEBUG_LEVEL_ISR ) - printk("CTS tx stop..."); -- info->port.tty->hw_stopped = 1; -+ info->port.tty->hw_stopped = 1; - tx_stop(info); - } - } -@@ -2820,8 +2820,8 @@ static void change_params(SLMP_INFO *info) - info->read_status_mask2 = OVRN; - if (I_INPCK(info->port.tty)) - info->read_status_mask2 |= PE | FRME; -- if (I_BRKINT(info->port.tty) || I_PARMRK(info->port.tty)) -- info->read_status_mask1 |= BRKD; -+ if (I_BRKINT(info->port.tty) || I_PARMRK(info->port.tty)) -+ info->read_status_mask1 |= BRKD; - if (I_IGNPAR(info->port.tty)) - info->ignore_status_mask2 |= PE | FRME; - if (I_IGNBRK(info->port.tty)) { -@@ -3191,7 +3191,7 @@ static int tiocmget(struct tty_struct *tty) - unsigned long flags; - - spin_lock_irqsave(&info->lock,flags); -- get_signals(info); -+ get_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - - result = ((info->serial_signals & SerialSignal_RTS) ? TIOCM_RTS : 0) | -@@ -3229,7 +3229,7 @@ static int tiocmset(struct tty_struct *tty, - info->serial_signals &= ~SerialSignal_DTR; - - spin_lock_irqsave(&info->lock,flags); -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - - return 0; -@@ -3241,7 +3241,7 @@ static int carrier_raised(struct tty_port *port) - unsigned long flags; - - spin_lock_irqsave(&info->lock,flags); -- get_signals(info); -+ get_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - - return (info->serial_signals & SerialSignal_DCD) ? 1 : 0; -@@ -3257,7 +3257,7 @@ static void dtr_rts(struct tty_port *port, int on) - info->serial_signals |= SerialSignal_RTS | SerialSignal_DTR; - else - info->serial_signals &= ~(SerialSignal_RTS | SerialSignal_DTR); -- set_signals(info); -+ set_signals(info); - spin_unlock_irqrestore(&info->lock,flags); - } - -diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c -index c93a33701d32..dd12c3b86eb4 100644 ---- a/drivers/tty/tty_port.c -+++ b/drivers/tty/tty_port.c -@@ -51,10 +51,11 @@ static void tty_port_default_wakeup(struct tty_port *port) - } - } - --static const struct tty_port_client_operations default_client_ops = { -+const struct tty_port_client_operations tty_port_default_client_ops = { - .receive_buf = tty_port_default_receive_buf, - .write_wakeup = tty_port_default_wakeup, - }; -+EXPORT_SYMBOL_GPL(tty_port_default_client_ops); - - void tty_port_init(struct tty_port *port) - { -@@ -67,7 +68,7 @@ void tty_port_init(struct tty_port *port) - spin_lock_init(&port->lock); - port->close_delay = (50 * HZ) / 100; - port->closing_wait = (3000 * HZ) / 100; -- port->client_ops = &default_client_ops; -+ port->client_ops = &tty_port_default_client_ops; - kref_init(&port->kref); - } - EXPORT_SYMBOL(tty_port_init); -diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c -index 7a4c8022c023..b157f17d2be2 100644 ---- a/drivers/tty/vt/selection.c -+++ b/drivers/tty/vt/selection.c -@@ -27,6 +27,8 @@ - #include - #include - -+#include -+ - /* Don't take this from : 011-015 on the screen aren't spaces */ - #define isspace(c) ((c) == ' ') - -@@ -338,6 +340,7 @@ int paste_selection(struct tty_struct *tty) - unsigned int count; - struct tty_ldisc *ld; - DECLARE_WAITQUEUE(wait, current); -+ int ret = 0; - - console_lock(); - poke_blanked_console(); -@@ -351,6 +354,10 @@ int paste_selection(struct tty_struct *tty) - add_wait_queue(&vc->paste_wait, &wait); - while (sel_buffer && sel_buffer_lth > pasted) { - set_current_state(TASK_INTERRUPTIBLE); -+ if (signal_pending(current)) { -+ ret = -EINTR; -+ break; -+ } - if (tty_throttled(tty)) { - schedule(); - continue; -@@ -366,5 +373,5 @@ int paste_selection(struct tty_struct *tty) - - tty_buffer_unlock_exclusive(&vc->port); - tty_ldisc_deref(ld); -- return 0; -+ return ret; - } -diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c -index 7b34b0ddbf0e..c320fefab360 100644 ---- a/drivers/tty/vt/vt_ioctl.c -+++ b/drivers/tty/vt/vt_ioctl.c -@@ -847,58 +847,49 @@ int vt_ioctl(struct tty_struct *tty, - - case VT_RESIZEX: - { -- struct vt_consize __user *vtconsize = up; -- ushort ll,cc,vlin,clin,vcol,ccol; -+ struct vt_consize v; - if (!perm) - return -EPERM; -- if (!access_ok(VERIFY_READ, vtconsize, -- sizeof(struct vt_consize))) { -- ret = -EFAULT; -- break; -- } -+ if (copy_from_user(&v, up, sizeof(struct vt_consize))) -+ return -EFAULT; - /* FIXME: Should check the copies properly */ -- __get_user(ll, &vtconsize->v_rows); -- __get_user(cc, &vtconsize->v_cols); -- __get_user(vlin, &vtconsize->v_vlin); -- __get_user(clin, &vtconsize->v_clin); -- __get_user(vcol, &vtconsize->v_vcol); -- __get_user(ccol, &vtconsize->v_ccol); -- vlin = vlin ? vlin : vc->vc_scan_lines; -- if (clin) { -- if (ll) { -- if (ll != vlin/clin) { -- /* Parameters don't add up */ -- ret = -EINVAL; -- break; -- } -- } else -- ll = vlin/clin; -+ if (!v.v_vlin) -+ v.v_vlin = vc->vc_scan_lines; -+ if (v.v_clin) { -+ int rows = v.v_vlin/v.v_clin; -+ if (v.v_rows != rows) { -+ if (v.v_rows) /* Parameters don't add up */ -+ return -EINVAL; -+ v.v_rows = rows; -+ } - } -- if (vcol && ccol) { -- if (cc) { -- if (cc != vcol/ccol) { -- ret = -EINVAL; -- break; -- } -- } else -- cc = vcol/ccol; -+ if (v.v_vcol && v.v_ccol) { -+ int cols = v.v_vcol/v.v_ccol; -+ if (v.v_cols != cols) { -+ if (v.v_cols) -+ return -EINVAL; -+ v.v_cols = cols; -+ } - } - -- if (clin > 32) { -- ret = -EINVAL; -- break; -- } -- -+ if (v.v_clin > 32) -+ return -EINVAL; -+ - for (i = 0; i < MAX_NR_CONSOLES; i++) { -+ struct vc_data *vcp; -+ - if (!vc_cons[i].d) - continue; - console_lock(); -- if (vlin) -- vc_cons[i].d->vc_scan_lines = vlin; -- if (clin) -- vc_cons[i].d->vc_font.height = clin; -- vc_cons[i].d->vc_resize_user = 1; -- vc_resize(vc_cons[i].d, cc, ll); -+ vcp = vc_cons[i].d; -+ if (vcp) { -+ if (v.v_vlin) -+ vcp->vc_scan_lines = v.v_vlin; -+ if (v.v_clin) -+ vcp->vc_font.height = v.v_clin; -+ vcp->vc_resize_user = 1; -+ vc_resize(vcp, v.v_cols, v.v_rows); -+ } - console_unlock(); - } - break; -diff --git a/drivers/uio/uio_dmem_genirq.c b/drivers/uio/uio_dmem_genirq.c -index e1134a4d97f3..a00b4aee6c79 100644 ---- a/drivers/uio/uio_dmem_genirq.c -+++ b/drivers/uio/uio_dmem_genirq.c -@@ -135,11 +135,13 @@ static int uio_dmem_genirq_irqcontrol(struct uio_info *dev_info, s32 irq_on) - if (irq_on) { - if (test_and_clear_bit(0, &priv->flags)) - enable_irq(dev_info->irq); -+ spin_unlock_irqrestore(&priv->lock, flags); - } else { -- if (!test_and_set_bit(0, &priv->flags)) -+ if (!test_and_set_bit(0, &priv->flags)) { -+ spin_unlock_irqrestore(&priv->lock, flags); - disable_irq(dev_info->irq); -+ } - } -- spin_unlock_irqrestore(&priv->lock, flags); - - return 0; - } -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 7d5ecf36a33c..ff1be6a6841b 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -36,7 +36,9 @@ - #include "otg_whitelist.h" - - #define USB_VENDOR_GENESYS_LOGIC 0x05e3 -+#define USB_VENDOR_SMSC 0x0424 - #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 -+#define HUB_QUIRK_DISABLE_AUTOSUSPEND 0x02 - - /* Protect struct usb_device->state and ->children members - * Note: Both are also protected by ->dev.sem, except that ->state can -@@ -1189,11 +1191,6 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) - #ifdef CONFIG_PM - udev->reset_resume = 1; - #endif -- /* Don't set the change_bits when the device -- * was powered off. -- */ -- if (test_bit(port1, hub->power_bits)) -- set_bit(port1, hub->change_bits); - - } else { - /* The power session is gone; tell hub_wq */ -@@ -1685,6 +1682,10 @@ static void hub_disconnect(struct usb_interface *intf) - kfree(hub->buffer); - - pm_suspend_ignore_children(&intf->dev, false); -+ -+ if (hub->quirk_disable_autosuspend) -+ usb_autopm_put_interface(intf); -+ - kref_put(&hub->kref, hub_release); - } - -@@ -1815,6 +1816,11 @@ static int hub_probe(struct usb_interface *intf, const struct usb_device_id *id) - if (id->driver_info & HUB_QUIRK_CHECK_PORT_AUTOSUSPEND) - hub->quirk_check_port_auto_suspend = 1; - -+ if (id->driver_info & HUB_QUIRK_DISABLE_AUTOSUSPEND) { -+ hub->quirk_disable_autosuspend = 1; -+ usb_autopm_get_interface(intf); -+ } -+ - if (hub_configure(hub, &desc->endpoint[0].desc) >= 0) - return 0; - -@@ -5293,6 +5299,10 @@ out_hdev_lock: - } - - static const struct usb_device_id hub_id_table[] = { -+ { .match_flags = USB_DEVICE_ID_MATCH_VENDOR | USB_DEVICE_ID_MATCH_INT_CLASS, -+ .idVendor = USB_VENDOR_SMSC, -+ .bInterfaceClass = USB_CLASS_HUB, -+ .driver_info = HUB_QUIRK_DISABLE_AUTOSUSPEND}, - { .match_flags = USB_DEVICE_ID_MATCH_VENDOR - | USB_DEVICE_ID_MATCH_INT_CLASS, - .idVendor = USB_VENDOR_GENESYS_LOGIC, -diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h -index 34c1a7e22aae..657bacfbe3a7 100644 ---- a/drivers/usb/core/hub.h -+++ b/drivers/usb/core/hub.h -@@ -69,6 +69,7 @@ struct usb_hub { - unsigned quiescing:1; - unsigned disconnected:1; - unsigned in_reset:1; -+ unsigned quirk_disable_autosuspend:1; - - unsigned quirk_check_port_auto_suspend:1; - -diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c -index 19e819aa2419..ad8307140df8 100644 ---- a/drivers/usb/core/quirks.c -+++ b/drivers/usb/core/quirks.c -@@ -291,6 +291,9 @@ static const struct usb_device_id usb_quirk_list[] = { - /* INTEL VALUE SSD */ - { USB_DEVICE(0x8086, 0xf1a5), .driver_info = USB_QUIRK_RESET_RESUME }, - -+ /* novation SoundControl XL */ -+ { USB_DEVICE(0x1235, 0x0061), .driver_info = USB_QUIRK_RESET_RESUME }, -+ - { } /* terminating entry must be last */ - }; - -diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c -index 4af9a1c652ed..aeb6f7c84ea0 100644 ---- a/drivers/usb/dwc2/gadget.c -+++ b/drivers/usb/dwc2/gadget.c -@@ -3933,11 +3933,12 @@ static int dwc2_hsotg_ep_enable(struct usb_ep *ep, - * a unique tx-fifo even if it is non-periodic. - */ - if (dir_in && hsotg->dedicated_fifos) { -+ unsigned fifo_count = dwc2_hsotg_tx_fifo_count(hsotg); - u32 fifo_index = 0; - u32 fifo_size = UINT_MAX; - - size = hs_ep->ep.maxpacket * hs_ep->mc; -- for (i = 1; i < hsotg->num_of_eps; ++i) { -+ for (i = 1; i <= fifo_count; ++i) { - if (hsotg->fifo_map & (1 << i)) - continue; - val = dwc2_readl(hsotg->regs + DPTXFSIZN(i)); -diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c -index b29cd3979391..6e30b177aa22 100644 ---- a/drivers/usb/gadget/composite.c -+++ b/drivers/usb/gadget/composite.c -@@ -440,12 +440,10 @@ static u8 encode_bMaxPower(enum usb_device_speed speed, - val = CONFIG_USB_GADGET_VBUS_DRAW; - if (!val) - return 0; -- switch (speed) { -- case USB_SPEED_SUPER: -- return DIV_ROUND_UP(val, 8); -- default: -+ if (speed < USB_SPEED_SUPER) - return DIV_ROUND_UP(val, 2); -- } -+ else -+ return DIV_ROUND_UP(val, 8); - } - - static int config_buf(struct usb_configuration *config, -diff --git a/drivers/usb/gadget/udc/gr_udc.c b/drivers/usb/gadget/udc/gr_udc.c -index 1f9941145746..feb73a1c42ef 100644 ---- a/drivers/usb/gadget/udc/gr_udc.c -+++ b/drivers/usb/gadget/udc/gr_udc.c -@@ -2200,8 +2200,6 @@ static int gr_probe(struct platform_device *pdev) - return -ENOMEM; - } - -- spin_lock(&dev->lock); -- - /* Inside lock so that no gadget can use this udc until probe is done */ - retval = usb_add_gadget_udc(dev->dev, &dev->gadget); - if (retval) { -@@ -2210,15 +2208,21 @@ static int gr_probe(struct platform_device *pdev) - } - dev->added = 1; - -+ spin_lock(&dev->lock); -+ - retval = gr_udc_init(dev); -- if (retval) -+ if (retval) { -+ spin_unlock(&dev->lock); - goto out; -- -- gr_dfs_create(dev); -+ } - - /* Clear all interrupt enables that might be left on since last boot */ - gr_disable_interrupts_and_pullup(dev); - -+ spin_unlock(&dev->lock); -+ -+ gr_dfs_create(dev); -+ - retval = gr_request_irq(dev, dev->irq); - if (retval) { - dev_err(dev->dev, "Failed to request irq %d\n", dev->irq); -@@ -2247,8 +2251,6 @@ static int gr_probe(struct platform_device *pdev) - dev_info(dev->dev, "regs: %p, irq %d\n", dev->regs, dev->irq); - - out: -- spin_unlock(&dev->lock); -- - if (retval) - gr_remove(pdev); - -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c -index a80a57decda1..70452c881e56 100644 ---- a/drivers/usb/host/xhci-mem.c -+++ b/drivers/usb/host/xhci-mem.c -@@ -1479,9 +1479,15 @@ int xhci_endpoint_init(struct xhci_hcd *xhci, - /* Allow 3 retries for everything but isoc, set CErr = 3 */ - if (!usb_endpoint_xfer_isoc(&ep->desc)) - err_count = 3; -- /* Some devices get this wrong */ -- if (usb_endpoint_xfer_bulk(&ep->desc) && udev->speed == USB_SPEED_HIGH) -- max_packet = 512; -+ /* HS bulk max packet should be 512, FS bulk supports 8, 16, 32 or 64 */ -+ if (usb_endpoint_xfer_bulk(&ep->desc)) { -+ if (udev->speed == USB_SPEED_HIGH) -+ max_packet = 512; -+ if (udev->speed == USB_SPEED_FULL) { -+ max_packet = rounddown_pow_of_two(max_packet); -+ max_packet = clamp_val(max_packet, 8, 64); -+ } -+ } - /* xHCI 1.0 and 1.1 indicates that ctrl ep avg TRB Length should be 8 */ - if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version >= 0x100) - avg_trb_len = 8; -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c -index 09f228279c01..908496ed3254 100644 ---- a/drivers/usb/host/xhci-pci.c -+++ b/drivers/usb/host/xhci-pci.c -@@ -53,6 +53,7 @@ - #define PCI_DEVICE_ID_INTEL_BROXTON_B_XHCI 0x1aa8 - #define PCI_DEVICE_ID_INTEL_APL_XHCI 0x5aa8 - #define PCI_DEVICE_ID_INTEL_DNV_XHCI 0x19d0 -+#define PCI_DEVICE_ID_INTEL_CML_XHCI 0xa3af - - #define PCI_DEVICE_ID_AMD_PROMONTORYA_4 0x43b9 - #define PCI_DEVICE_ID_AMD_PROMONTORYA_3 0x43ba -@@ -191,7 +192,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) - pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI || - pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_B_XHCI || - pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI || -- pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI)) { -+ pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI || -+ pdev->device == PCI_DEVICE_ID_INTEL_CML_XHCI)) { - xhci->quirks |= XHCI_PME_STUCK_QUIRK; - } - if (pdev->vendor == PCI_VENDOR_ID_INTEL && -@@ -284,6 +286,9 @@ static int xhci_pci_setup(struct usb_hcd *hcd) - if (!usb_hcd_is_primary_hcd(hcd)) - return 0; - -+ if (xhci->quirks & XHCI_PME_STUCK_QUIRK) -+ xhci_pme_acpi_rtd3_enable(pdev); -+ - xhci_dbg(xhci, "Got SBRN %u\n", (unsigned int) xhci->sbrn); - - /* Find any debug ports */ -@@ -344,9 +349,6 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id) - HCC_MAX_PSA(xhci->hcc_params) >= 4) - xhci->shared_hcd->can_do_streams = 1; - -- if (xhci->quirks & XHCI_PME_STUCK_QUIRK) -- xhci_pme_acpi_rtd3_enable(dev); -- - /* USB-2 and USB-3 roothubs initialized, allow runtime pm suspend */ - pm_runtime_put_noidle(&dev->dev); - -diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c -index 61fa3007a74a..868878f5b72b 100644 ---- a/drivers/usb/host/xhci-ring.c -+++ b/drivers/usb/host/xhci-ring.c -@@ -2758,6 +2758,42 @@ static int xhci_handle_event(struct xhci_hcd *xhci) - return 1; - } - -+/* -+ * Update Event Ring Dequeue Pointer: -+ * - When all events have finished -+ * - To avoid "Event Ring Full Error" condition -+ */ -+static void xhci_update_erst_dequeue(struct xhci_hcd *xhci, -+ union xhci_trb *event_ring_deq) -+{ -+ u64 temp_64; -+ dma_addr_t deq; -+ -+ temp_64 = xhci_read_64(xhci, &xhci->ir_set->erst_dequeue); -+ /* If necessary, update the HW's version of the event ring deq ptr. */ -+ if (event_ring_deq != xhci->event_ring->dequeue) { -+ deq = xhci_trb_virt_to_dma(xhci->event_ring->deq_seg, -+ xhci->event_ring->dequeue); -+ if (deq == 0) -+ xhci_warn(xhci, "WARN something wrong with SW event ring dequeue ptr\n"); -+ /* -+ * Per 4.9.4, Software writes to the ERDP register shall -+ * always advance the Event Ring Dequeue Pointer value. -+ */ -+ if ((temp_64 & (u64) ~ERST_PTR_MASK) == -+ ((u64) deq & (u64) ~ERST_PTR_MASK)) -+ return; -+ -+ /* Update HC event ring dequeue pointer */ -+ temp_64 &= ERST_PTR_MASK; -+ temp_64 |= ((u64) deq & (u64) ~ERST_PTR_MASK); -+ } -+ -+ /* Clear the event handler busy flag (RW1C) */ -+ temp_64 |= ERST_EHB; -+ xhci_write_64(xhci, temp_64, &xhci->ir_set->erst_dequeue); -+} -+ - /* - * xHCI spec says we can get an interrupt, and if the HC has an error condition, - * we might get bad data out of the event ring. Section 4.10.2.7 has a list of -@@ -2769,9 +2805,9 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd) - union xhci_trb *event_ring_deq; - irqreturn_t ret = IRQ_NONE; - unsigned long flags; -- dma_addr_t deq; - u64 temp_64; - u32 status; -+ int event_loop = 0; - - spin_lock_irqsave(&xhci->lock, flags); - /* Check if the xHC generated the interrupt, or the irq is shared */ -@@ -2825,24 +2861,14 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd) - /* FIXME this should be a delayed service routine - * that clears the EHB. - */ -- while (xhci_handle_event(xhci) > 0) {} -- -- temp_64 = xhci_read_64(xhci, &xhci->ir_set->erst_dequeue); -- /* If necessary, update the HW's version of the event ring deq ptr. */ -- if (event_ring_deq != xhci->event_ring->dequeue) { -- deq = xhci_trb_virt_to_dma(xhci->event_ring->deq_seg, -- xhci->event_ring->dequeue); -- if (deq == 0) -- xhci_warn(xhci, "WARN something wrong with SW event " -- "ring dequeue ptr.\n"); -- /* Update HC event ring dequeue pointer */ -- temp_64 &= ERST_PTR_MASK; -- temp_64 |= ((u64) deq & (u64) ~ERST_PTR_MASK); -+ while (xhci_handle_event(xhci) > 0) { -+ if (event_loop++ < TRBS_PER_SEGMENT / 2) -+ continue; -+ xhci_update_erst_dequeue(xhci, event_ring_deq); -+ event_loop = 0; - } - -- /* Clear the event handler busy flag (RW1C); event ring is empty. */ -- temp_64 |= ERST_EHB; -- xhci_write_64(xhci, temp_64, &xhci->ir_set->erst_dequeue); -+ xhci_update_erst_dequeue(xhci, event_ring_deq); - ret = IRQ_HANDLED; - - out: -diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c -index 7f226cc3ef8a..1ec32e5aa004 100644 ---- a/drivers/usb/misc/iowarrior.c -+++ b/drivers/usb/misc/iowarrior.c -@@ -32,6 +32,14 @@ - #define USB_DEVICE_ID_CODEMERCS_IOWPV2 0x1512 - /* full speed iowarrior */ - #define USB_DEVICE_ID_CODEMERCS_IOW56 0x1503 -+/* fuller speed iowarrior */ -+#define USB_DEVICE_ID_CODEMERCS_IOW28 0x1504 -+#define USB_DEVICE_ID_CODEMERCS_IOW28L 0x1505 -+#define USB_DEVICE_ID_CODEMERCS_IOW100 0x1506 -+ -+/* OEMed devices */ -+#define USB_DEVICE_ID_CODEMERCS_IOW24SAG 0x158a -+#define USB_DEVICE_ID_CODEMERCS_IOW56AM 0x158b - - /* Get a minor range for your devices from the usb maintainer */ - #ifdef CONFIG_USB_DYNAMIC_MINORS -@@ -137,6 +145,11 @@ static const struct usb_device_id iowarrior_ids[] = { - {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOWPV1)}, - {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOWPV2)}, - {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW56)}, -+ {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW24SAG)}, -+ {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW56AM)}, -+ {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW28)}, -+ {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW28L)}, -+ {USB_DEVICE(USB_VENDOR_ID_CODEMERCS, USB_DEVICE_ID_CODEMERCS_IOW100)}, - {} /* Terminating entry */ - }; - MODULE_DEVICE_TABLE(usb, iowarrior_ids); -@@ -364,6 +377,7 @@ static ssize_t iowarrior_write(struct file *file, - } - switch (dev->product_id) { - case USB_DEVICE_ID_CODEMERCS_IOW24: -+ case USB_DEVICE_ID_CODEMERCS_IOW24SAG: - case USB_DEVICE_ID_CODEMERCS_IOWPV1: - case USB_DEVICE_ID_CODEMERCS_IOWPV2: - case USB_DEVICE_ID_CODEMERCS_IOW40: -@@ -378,6 +392,10 @@ static ssize_t iowarrior_write(struct file *file, - goto exit; - break; - case USB_DEVICE_ID_CODEMERCS_IOW56: -+ case USB_DEVICE_ID_CODEMERCS_IOW56AM: -+ case USB_DEVICE_ID_CODEMERCS_IOW28: -+ case USB_DEVICE_ID_CODEMERCS_IOW28L: -+ case USB_DEVICE_ID_CODEMERCS_IOW100: - /* The IOW56 uses asynchronous IO and more urbs */ - if (atomic_read(&dev->write_busy) == MAX_WRITES_IN_FLIGHT) { - /* Wait until we are below the limit for submitted urbs */ -@@ -502,6 +520,7 @@ static long iowarrior_ioctl(struct file *file, unsigned int cmd, - switch (cmd) { - case IOW_WRITE: - if (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW24 || -+ dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW24SAG || - dev->product_id == USB_DEVICE_ID_CODEMERCS_IOWPV1 || - dev->product_id == USB_DEVICE_ID_CODEMERCS_IOWPV2 || - dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW40) { -@@ -786,7 +805,11 @@ static int iowarrior_probe(struct usb_interface *interface, - goto error; - } - -- if (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56) { -+ if ((dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56AM) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28L) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW100)) { - res = usb_find_last_int_out_endpoint(iface_desc, - &dev->int_out_endpoint); - if (res) { -@@ -799,7 +822,11 @@ static int iowarrior_probe(struct usb_interface *interface, - /* we have to check the report_size often, so remember it in the endianness suitable for our machine */ - dev->report_size = usb_endpoint_maxp(dev->int_in_endpoint); - if ((dev->interface->cur_altsetting->desc.bInterfaceNumber == 0) && -- (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56)) -+ ((dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56AM) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28L) || -+ (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW100))) - /* IOWarrior56 has wMaxPacketSize different from report size */ - dev->report_size = 7; - -diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c -index 456f3e6ecf03..26e69c2766f5 100644 ---- a/drivers/usb/musb/omap2430.c -+++ b/drivers/usb/musb/omap2430.c -@@ -388,8 +388,6 @@ static const struct musb_platform_ops omap2430_ops = { - .init = omap2430_musb_init, - .exit = omap2430_musb_exit, - -- .set_vbus = omap2430_musb_set_vbus, -- - .enable = omap2430_musb_enable, - .disable = omap2430_musb_disable, - -diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c -index 8391a88cf90f..9d97543449e6 100644 ---- a/drivers/usb/storage/uas.c -+++ b/drivers/usb/storage/uas.c -@@ -46,6 +46,7 @@ struct uas_dev_info { - struct scsi_cmnd *cmnd[MAX_CMNDS]; - spinlock_t lock; - struct work_struct work; -+ struct work_struct scan_work; /* for async scanning */ - }; - - enum { -@@ -115,6 +116,17 @@ out: - spin_unlock_irqrestore(&devinfo->lock, flags); - } - -+static void uas_scan_work(struct work_struct *work) -+{ -+ struct uas_dev_info *devinfo = -+ container_of(work, struct uas_dev_info, scan_work); -+ struct Scsi_Host *shost = usb_get_intfdata(devinfo->intf); -+ -+ dev_dbg(&devinfo->intf->dev, "starting scan\n"); -+ scsi_scan_host(shost); -+ dev_dbg(&devinfo->intf->dev, "scan complete\n"); -+} -+ - static void uas_add_work(struct uas_cmd_info *cmdinfo) - { - struct scsi_pointer *scp = (void *)cmdinfo; -@@ -989,6 +1001,7 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id) - init_usb_anchor(&devinfo->data_urbs); - spin_lock_init(&devinfo->lock); - INIT_WORK(&devinfo->work, uas_do_work); -+ INIT_WORK(&devinfo->scan_work, uas_scan_work); - - result = uas_configure_endpoints(devinfo); - if (result) -@@ -1005,7 +1018,9 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id) - if (result) - goto free_streams; - -- scsi_scan_host(shost); -+ /* Submit the delayed_work for SCSI-device scanning */ -+ schedule_work(&devinfo->scan_work); -+ - return result; - - free_streams: -@@ -1173,6 +1188,12 @@ static void uas_disconnect(struct usb_interface *intf) - usb_kill_anchored_urbs(&devinfo->data_urbs); - uas_zap_pending(devinfo, DID_NO_CONNECT); - -+ /* -+ * Prevent SCSI scanning (if it hasn't started yet) -+ * or wait for the SCSI-scanning routine to stop. -+ */ -+ cancel_work_sync(&devinfo->scan_work); -+ - scsi_remove_host(shost); - uas_free_streams(devinfo); - scsi_host_put(shost); -diff --git a/drivers/video/fbdev/pxa168fb.c b/drivers/video/fbdev/pxa168fb.c -index d059d04c63ac..20195d3dbf08 100644 ---- a/drivers/video/fbdev/pxa168fb.c -+++ b/drivers/video/fbdev/pxa168fb.c -@@ -769,8 +769,8 @@ failed_free_cmap: - failed_free_clk: - clk_disable_unprepare(fbi->clk); - failed_free_fbmem: -- dma_free_coherent(fbi->dev, info->fix.smem_len, -- info->screen_base, fbi->fb_start_dma); -+ dma_free_wc(fbi->dev, info->fix.smem_len, -+ info->screen_base, fbi->fb_start_dma); - failed_free_info: - kfree(info); - -@@ -804,7 +804,7 @@ static int pxa168fb_remove(struct platform_device *pdev) - - irq = platform_get_irq(pdev, 0); - -- dma_free_wc(fbi->dev, PAGE_ALIGN(info->fix.smem_len), -+ dma_free_wc(fbi->dev, info->fix.smem_len, - info->screen_base, info->fix.smem_start); - - clk_disable_unprepare(fbi->clk); -diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c -index 499531608fa2..71970773aad1 100644 ---- a/drivers/virtio/virtio_balloon.c -+++ b/drivers/virtio/virtio_balloon.c -@@ -132,6 +132,8 @@ static void set_page_pfns(struct virtio_balloon *vb, - { - unsigned int i; - -+ BUILD_BUG_ON(VIRTIO_BALLOON_PAGES_PER_PAGE > VIRTIO_BALLOON_ARRAY_PFNS_MAX); -+ - /* - * Set balloon pfns pointing at this page. - * Note that the first pfn points at start of the page. -diff --git a/drivers/vme/bridges/vme_fake.c b/drivers/vme/bridges/vme_fake.c -index 30b3acc93833..e81ec763b555 100644 ---- a/drivers/vme/bridges/vme_fake.c -+++ b/drivers/vme/bridges/vme_fake.c -@@ -418,8 +418,9 @@ static void fake_lm_check(struct fake_driver *bridge, unsigned long long addr, - } - } - --static u8 fake_vmeread8(struct fake_driver *bridge, unsigned long long addr, -- u32 aspace, u32 cycle) -+static noinline_for_stack u8 fake_vmeread8(struct fake_driver *bridge, -+ unsigned long long addr, -+ u32 aspace, u32 cycle) - { - u8 retval = 0xff; - int i; -@@ -450,8 +451,9 @@ static u8 fake_vmeread8(struct fake_driver *bridge, unsigned long long addr, - return retval; - } - --static u16 fake_vmeread16(struct fake_driver *bridge, unsigned long long addr, -- u32 aspace, u32 cycle) -+static noinline_for_stack u16 fake_vmeread16(struct fake_driver *bridge, -+ unsigned long long addr, -+ u32 aspace, u32 cycle) - { - u16 retval = 0xffff; - int i; -@@ -482,8 +484,9 @@ static u16 fake_vmeread16(struct fake_driver *bridge, unsigned long long addr, - return retval; - } - --static u32 fake_vmeread32(struct fake_driver *bridge, unsigned long long addr, -- u32 aspace, u32 cycle) -+static noinline_for_stack u32 fake_vmeread32(struct fake_driver *bridge, -+ unsigned long long addr, -+ u32 aspace, u32 cycle) - { - u32 retval = 0xffffffff; - int i; -@@ -613,8 +616,9 @@ out: - return retval; - } - --static void fake_vmewrite8(struct fake_driver *bridge, u8 *buf, -- unsigned long long addr, u32 aspace, u32 cycle) -+static noinline_for_stack void fake_vmewrite8(struct fake_driver *bridge, -+ u8 *buf, unsigned long long addr, -+ u32 aspace, u32 cycle) - { - int i; - unsigned long long start, end, offset; -@@ -643,8 +647,9 @@ static void fake_vmewrite8(struct fake_driver *bridge, u8 *buf, - - } - --static void fake_vmewrite16(struct fake_driver *bridge, u16 *buf, -- unsigned long long addr, u32 aspace, u32 cycle) -+static noinline_for_stack void fake_vmewrite16(struct fake_driver *bridge, -+ u16 *buf, unsigned long long addr, -+ u32 aspace, u32 cycle) - { - int i; - unsigned long long start, end, offset; -@@ -673,8 +678,9 @@ static void fake_vmewrite16(struct fake_driver *bridge, u16 *buf, - - } - --static void fake_vmewrite32(struct fake_driver *bridge, u32 *buf, -- unsigned long long addr, u32 aspace, u32 cycle) -+static noinline_for_stack void fake_vmewrite32(struct fake_driver *bridge, -+ u32 *buf, unsigned long long addr, -+ u32 aspace, u32 cycle) - { - int i; - unsigned long long start, end, offset; -diff --git a/drivers/xen/preempt.c b/drivers/xen/preempt.c -index 08cb419eb4e6..5f6b77ea34fb 100644 ---- a/drivers/xen/preempt.c -+++ b/drivers/xen/preempt.c -@@ -37,7 +37,9 @@ asmlinkage __visible void xen_maybe_preempt_hcall(void) - * cpu. - */ - __this_cpu_write(xen_in_preemptible_hcall, false); -- _cond_resched(); -+ local_irq_enable(); -+ cond_resched(); -+ local_irq_disable(); - __this_cpu_write(xen_in_preemptible_hcall, true); - } - } -diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c -index 7d5a9b51f0d7..4be07cf31d74 100644 ---- a/fs/btrfs/check-integrity.c -+++ b/fs/btrfs/check-integrity.c -@@ -642,7 +642,6 @@ static struct btrfsic_dev_state *btrfsic_dev_state_hashtable_lookup(dev_t dev, - static int btrfsic_process_superblock(struct btrfsic_state *state, - struct btrfs_fs_devices *fs_devices) - { -- struct btrfs_fs_info *fs_info = state->fs_info; - struct btrfs_super_block *selected_super; - struct list_head *dev_head = &fs_devices->devices; - struct btrfs_device *device; -@@ -713,7 +712,7 @@ static int btrfsic_process_superblock(struct btrfsic_state *state, - break; - } - -- num_copies = btrfs_num_copies(fs_info, next_bytenr, -+ num_copies = btrfs_num_copies(state->fs_info, next_bytenr, - state->metablock_size); - if (state->print_mask & BTRFSIC_PRINT_MASK_NUM_COPIES) - pr_info("num_copies(log_bytenr=%llu) = %d\n", -diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c -index 44b15617c7b9..6b4fee5c79f9 100644 ---- a/fs/btrfs/disk-io.c -+++ b/fs/btrfs/disk-io.c -@@ -2913,6 +2913,7 @@ retry_root_backup: - /* do not make disk changes in broken FS or nologreplay is given */ - if (btrfs_super_log_root(disk_super) != 0 && - !btrfs_test_opt(fs_info, NOLOGREPLAY)) { -+ btrfs_info(fs_info, "start tree-log replay"); - ret = btrfs_replay_log(fs_info, fs_devices); - if (ret) { - err = ret; -@@ -4393,7 +4394,6 @@ void btrfs_cleanup_one_transaction(struct btrfs_transaction *cur_trans, - wake_up(&fs_info->transaction_wait); - - btrfs_destroy_delayed_inodes(fs_info); -- btrfs_assert_delayed_root_empty(fs_info); - - btrfs_destroy_marked_extents(fs_info, &cur_trans->dirty_pages, - EXTENT_DIRTY); -diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c -index 2e348fb0b280..c87d673ce334 100644 ---- a/fs/btrfs/extent_map.c -+++ b/fs/btrfs/extent_map.c -@@ -228,6 +228,17 @@ static void try_merge_map(struct extent_map_tree *tree, struct extent_map *em) - struct extent_map *merge = NULL; - struct rb_node *rb; - -+ /* -+ * We can't modify an extent map that is in the tree and that is being -+ * used by another task, as it can cause that other task to see it in -+ * inconsistent state during the merging. We always have 1 reference for -+ * the tree and 1 for this task (which is unpinning the extent map or -+ * clearing the logging flag), so anything > 2 means it's being used by -+ * other tasks too. -+ */ -+ if (refcount_read(&em->refs) > 2) -+ return; -+ - if (em->start != 0) { - rb = rb_prev(&em->rb_node); - if (rb) -diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c -index 702b3606ad0e..717d82d51bb1 100644 ---- a/fs/btrfs/file-item.c -+++ b/fs/btrfs/file-item.c -@@ -288,7 +288,8 @@ found: - csum += count * csum_size; - nblocks -= count; - next: -- while (count--) { -+ while (count > 0) { -+ count--; - disk_bytenr += fs_info->sectorsize; - offset += fs_info->sectorsize; - page_bytes_left -= fs_info->sectorsize; -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index abecc4724a3b..2a196bb134d9 100644 ---- a/fs/btrfs/inode.c -+++ b/fs/btrfs/inode.c -@@ -10639,6 +10639,7 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_key ins; - u64 cur_offset = start; -+ u64 clear_offset = start; - u64 i_size; - u64 cur_bytes; - u64 last_alloc = (u64)-1; -@@ -10673,6 +10674,15 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, - btrfs_end_transaction(trans); - break; - } -+ -+ /* -+ * We've reserved this space, and thus converted it from -+ * ->bytes_may_use to ->bytes_reserved. Any error that happens -+ * from here on out we will only need to clear our reservation -+ * for the remaining unreserved area, so advance our -+ * clear_offset by our extent size. -+ */ -+ clear_offset += ins.offset; - btrfs_dec_block_group_reservations(fs_info, ins.objectid); - - last_alloc = ins.offset; -@@ -10753,9 +10763,9 @@ next: - if (own_trans) - btrfs_end_transaction(trans); - } -- if (cur_offset < end) -- btrfs_free_reserved_data_space(inode, NULL, cur_offset, -- end - cur_offset + 1); -+ if (clear_offset < end) -+ btrfs_free_reserved_data_space(inode, NULL, clear_offset, -+ end - clear_offset + 1); - return ret; - } - -diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c -index a3aca495e33e..d2287ea9fc50 100644 ---- a/fs/btrfs/ordered-data.c -+++ b/fs/btrfs/ordered-data.c -@@ -838,10 +838,15 @@ int btrfs_wait_ordered_range(struct inode *inode, u64 start, u64 len) - } - btrfs_start_ordered_extent(inode, ordered, 1); - end = ordered->file_offset; -+ /* -+ * If the ordered extent had an error save the error but don't -+ * exit without waiting first for all other ordered extents in -+ * the range to complete. -+ */ - if (test_bit(BTRFS_ORDERED_IOERR, &ordered->flags)) - ret = -EIO; - btrfs_put_ordered_extent(ordered); -- if (ret || end == 0 || end == start) -+ if (end == 0 || end == start) - break; - end--; - } -diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index 3ab79fa00dc7..17a8463ef35c 100644 ---- a/fs/btrfs/super.c -+++ b/fs/btrfs/super.c -@@ -1801,6 +1801,8 @@ static int btrfs_remount(struct super_block *sb, int *flags, char *data) - } - - if (btrfs_super_log_root(fs_info->super_copy) != 0) { -+ btrfs_warn(fs_info, -+ "mount required to replay tree-log, cannot remount read-write"); - ret = -EINVAL; - goto restore; - } -diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c -index 358e930df4ac..6d34842912e8 100644 ---- a/fs/btrfs/volumes.c -+++ b/fs/btrfs/volumes.c -@@ -7227,6 +7227,8 @@ int btrfs_get_dev_stats(struct btrfs_fs_info *fs_info, - else - btrfs_dev_stat_reset(dev, i); - } -+ btrfs_info(fs_info, "device stats zeroed by %s (%d)", -+ current->comm, task_pid_nr(current)); - } else { - for (i = 0; i < BTRFS_DEV_STAT_VALUES_MAX; i++) - if (stats->nr_items > i) -diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c -index b968334f841e..f36ddfea4997 100644 ---- a/fs/ceph/mds_client.c -+++ b/fs/ceph/mds_client.c -@@ -2261,8 +2261,7 @@ static int __do_request(struct ceph_mds_client *mdsc, - if (!(mdsc->fsc->mount_options->flags & - CEPH_MOUNT_OPT_MOUNTWAIT) && - !ceph_mdsmap_is_cluster_available(mdsc->mdsmap)) { -- err = -ENOENT; -- pr_info("probably no mds server is up\n"); -+ err = -EHOSTUNREACH; - goto finish; - } - } -diff --git a/fs/ceph/super.c b/fs/ceph/super.c -index 088c4488b449..6b10b20bfe32 100644 ---- a/fs/ceph/super.c -+++ b/fs/ceph/super.c -@@ -1055,6 +1055,11 @@ static struct dentry *ceph_mount(struct file_system_type *fs_type, - return res; - - out_splat: -+ if (!ceph_mdsmap_is_cluster_available(fsc->mdsc->mdsmap)) { -+ pr_info("No mds server is up or the cluster is laggy\n"); -+ err = -EHOSTUNREACH; -+ } -+ - ceph_mdsc_close_sessions(fsc->mdsc); - deactivate_locked_super(sb); - goto out_final; -diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c -index f0b1279a7de6..6e5ecf70996a 100644 ---- a/fs/cifs/connect.c -+++ b/fs/cifs/connect.c -@@ -3047,8 +3047,10 @@ match_prepath(struct super_block *sb, struct cifs_mnt_data *mnt_data) - { - struct cifs_sb_info *old = CIFS_SB(sb); - struct cifs_sb_info *new = mnt_data->cifs_sb; -- bool old_set = old->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH; -- bool new_set = new->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH; -+ bool old_set = (old->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) && -+ old->prepath; -+ bool new_set = (new->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH) && -+ new->prepath; - - if (old_set && new_set && !strcmp(new->prepath, old->prepath)) - return 1; -diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c -index bd25ab837011..eed38ae86c6c 100644 ---- a/fs/ecryptfs/crypto.c -+++ b/fs/ecryptfs/crypto.c -@@ -339,8 +339,10 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, - struct extent_crypt_result ecr; - int rc = 0; - -- BUG_ON(!crypt_stat || !crypt_stat->tfm -- || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); -+ if (!crypt_stat || !crypt_stat->tfm -+ || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) -+ return -EINVAL; -+ - if (unlikely(ecryptfs_verbosity > 0)) { - ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n", - crypt_stat->key_size); -diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c -index fa218cd64f74..3f3ec50bf773 100644 ---- a/fs/ecryptfs/keystore.c -+++ b/fs/ecryptfs/keystore.c -@@ -1285,7 +1285,7 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, - printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n", - ECRYPTFS_TAG_1_PACKET_TYPE); - rc = -EINVAL; -- goto out; -+ goto out_free; - } - /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or - * at end of function upon failure */ -diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c -index 4f457d5c4933..26464f9d9b76 100644 ---- a/fs/ecryptfs/messaging.c -+++ b/fs/ecryptfs/messaging.c -@@ -397,6 +397,7 @@ int __init ecryptfs_init_messaging(void) - * ecryptfs_message_buf_len), - GFP_KERNEL); - if (!ecryptfs_msg_ctx_arr) { -+ kfree(ecryptfs_daemon_hash); - rc = -ENOMEM; - printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); - goto out; -diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c -index c17855fead7b..90beca85c416 100644 ---- a/fs/ext4/dir.c -+++ b/fs/ext4/dir.c -@@ -125,12 +125,14 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) - if (err != ERR_BAD_DX_DIR) { - return err; - } -- /* -- * We don't set the inode dirty flag since it's not -- * critical that it get flushed back to the disk. -- */ -- ext4_clear_inode_flag(file_inode(file), -- EXT4_INODE_INDEX); -+ /* Can we just clear INDEX flag to ignore htree information? */ -+ if (!ext4_has_metadata_csum(sb)) { -+ /* -+ * We don't set the inode dirty flag since it's not -+ * critical that it gets flushed back to the disk. -+ */ -+ ext4_clear_inode_flag(inode, EXT4_INODE_INDEX); -+ } - } - - if (ext4_has_inline_data(inode)) { -diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 95ef26b39e69..b162f602c430 100644 ---- a/fs/ext4/ext4.h -+++ b/fs/ext4/ext4.h -@@ -1532,8 +1532,11 @@ struct ext4_sb_info { - struct ratelimit_state s_warning_ratelimit_state; - struct ratelimit_state s_msg_ratelimit_state; - -- /* Barrier between changing inodes' journal flags and writepages ops. */ -- struct percpu_rw_semaphore s_journal_flag_rwsem; -+ /* -+ * Barrier between writepages ops and changing any inode's JOURNAL_DATA -+ * or EXTENTS flag. -+ */ -+ struct percpu_rw_semaphore s_writepages_rwsem; - struct dax_device *s_daxdev; - }; - -@@ -2386,8 +2389,11 @@ void ext4_insert_dentry(struct inode *inode, - struct ext4_filename *fname); - static inline void ext4_update_dx_flag(struct inode *inode) - { -- if (!ext4_has_feature_dir_index(inode->i_sb)) -+ if (!ext4_has_feature_dir_index(inode->i_sb)) { -+ /* ext4_iget() should have caught this... */ -+ WARN_ON_ONCE(ext4_has_feature_metadata_csum(inode->i_sb)); - ext4_clear_inode_flag(inode, EXT4_INODE_INDEX); -+ } - } - static const unsigned char ext4_filetype_table[] = { - DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK -@@ -2864,7 +2870,7 @@ static inline void ext4_update_i_disksize(struct inode *inode, loff_t newsize) - !inode_is_locked(inode)); - down_write(&EXT4_I(inode)->i_data_sem); - if (newsize > EXT4_I(inode)->i_disksize) -- EXT4_I(inode)->i_disksize = newsize; -+ WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize); - up_write(&EXT4_I(inode)->i_data_sem); - } - -diff --git a/fs/ext4/file.c b/fs/ext4/file.c -index 4ede0af9d6fe..acec134da57d 100644 ---- a/fs/ext4/file.c -+++ b/fs/ext4/file.c -@@ -38,9 +38,10 @@ static ssize_t ext4_dax_read_iter(struct kiocb *iocb, struct iov_iter *to) - struct inode *inode = file_inode(iocb->ki_filp); - ssize_t ret; - -- if (!inode_trylock_shared(inode)) { -- if (iocb->ki_flags & IOCB_NOWAIT) -+ if (iocb->ki_flags & IOCB_NOWAIT) { -+ if (!inode_trylock_shared(inode)) - return -EAGAIN; -+ } else { - inode_lock_shared(inode); - } - /* -@@ -188,9 +189,10 @@ ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from) - struct inode *inode = file_inode(iocb->ki_filp); - ssize_t ret; - -- if (!inode_trylock(inode)) { -- if (iocb->ki_flags & IOCB_NOWAIT) -+ if (iocb->ki_flags & IOCB_NOWAIT) { -+ if (!inode_trylock(inode)) - return -EAGAIN; -+ } else { - inode_lock(inode); - } - ret = ext4_write_checks(iocb, from); -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index a91b8404d3dc..1e2edebd0929 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -2564,7 +2564,7 @@ update_disksize: - * truncate are avoided by checking i_size under i_data_sem. - */ - disksize = ((loff_t)mpd->first_page) << PAGE_SHIFT; -- if (disksize > EXT4_I(inode)->i_disksize) { -+ if (disksize > READ_ONCE(EXT4_I(inode)->i_disksize)) { - int err2; - loff_t i_size; - -@@ -2744,7 +2744,7 @@ static int ext4_writepages(struct address_space *mapping, - if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) - return -EIO; - -- percpu_down_read(&sbi->s_journal_flag_rwsem); -+ percpu_down_read(&sbi->s_writepages_rwsem); - trace_ext4_writepages(inode, wbc); - - if (dax_mapping(mapping)) { -@@ -2974,7 +2974,7 @@ unplug: - out_writepages: - trace_ext4_writepages_result(inode, wbc, ret, - nr_to_write - wbc->nr_to_write); -- percpu_up_read(&sbi->s_journal_flag_rwsem); -+ percpu_up_read(&sbi->s_writepages_rwsem); - return ret; - } - -@@ -4817,6 +4817,18 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) - ret = -EFSCORRUPTED; - goto bad_inode; - } -+ /* -+ * If dir_index is not enabled but there's dir with INDEX flag set, -+ * we'd normally treat htree data as empty space. But with metadata -+ * checksumming that corrupts checksums so forbid that. -+ */ -+ if (!ext4_has_feature_dir_index(sb) && ext4_has_metadata_csum(sb) && -+ ext4_test_inode_flag(inode, EXT4_INODE_INDEX)) { -+ EXT4_ERROR_INODE(inode, -+ "iget: Dir with htree data on filesystem without dir_index feature."); -+ ret = -EFSCORRUPTED; -+ goto bad_inode; -+ } - ei->i_disksize = inode->i_size; - #ifdef CONFIG_QUOTA - ei->i_reserved_quota = 0; -@@ -6038,7 +6050,7 @@ int ext4_change_inode_journal_flag(struct inode *inode, int val) - } - } - -- percpu_down_write(&sbi->s_journal_flag_rwsem); -+ percpu_down_write(&sbi->s_writepages_rwsem); - jbd2_journal_lock_updates(journal); - - /* -@@ -6055,7 +6067,7 @@ int ext4_change_inode_journal_flag(struct inode *inode, int val) - err = jbd2_journal_flush(journal); - if (err < 0) { - jbd2_journal_unlock_updates(journal); -- percpu_up_write(&sbi->s_journal_flag_rwsem); -+ percpu_up_write(&sbi->s_writepages_rwsem); - ext4_inode_resume_unlocked_dio(inode); - return err; - } -@@ -6064,7 +6076,7 @@ int ext4_change_inode_journal_flag(struct inode *inode, int val) - ext4_set_aops(inode); - - jbd2_journal_unlock_updates(journal); -- percpu_up_write(&sbi->s_journal_flag_rwsem); -+ percpu_up_write(&sbi->s_writepages_rwsem); - - if (val) - up_write(&EXT4_I(inode)->i_mmap_sem); -diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c -index 78d45c7d3fa7..0d785868cc50 100644 ---- a/fs/ext4/migrate.c -+++ b/fs/ext4/migrate.c -@@ -434,6 +434,7 @@ static int free_ext_block(handle_t *handle, struct inode *inode) - - int ext4_ext_migrate(struct inode *inode) - { -+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); - handle_t *handle; - int retval = 0, i; - __le32 *i_data; -@@ -458,6 +459,8 @@ int ext4_ext_migrate(struct inode *inode) - */ - return retval; - -+ percpu_down_write(&sbi->s_writepages_rwsem); -+ - /* - * Worst case we can touch the allocation bitmaps, a bgd - * block, and a block to link in the orphan list. We do need -@@ -468,7 +471,7 @@ int ext4_ext_migrate(struct inode *inode) - - if (IS_ERR(handle)) { - retval = PTR_ERR(handle); -- return retval; -+ goto out_unlock; - } - goal = (((inode->i_ino - 1) / EXT4_INODES_PER_GROUP(inode->i_sb)) * - EXT4_INODES_PER_GROUP(inode->i_sb)) + 1; -@@ -479,7 +482,7 @@ int ext4_ext_migrate(struct inode *inode) - if (IS_ERR(tmp_inode)) { - retval = PTR_ERR(tmp_inode); - ext4_journal_stop(handle); -- return retval; -+ goto out_unlock; - } - i_size_write(tmp_inode, i_size_read(inode)); - /* -@@ -521,7 +524,7 @@ int ext4_ext_migrate(struct inode *inode) - */ - ext4_orphan_del(NULL, tmp_inode); - retval = PTR_ERR(handle); -- goto out; -+ goto out_tmp_inode; - } - - ei = EXT4_I(inode); -@@ -602,10 +605,11 @@ err_out: - /* Reset the extent details */ - ext4_ext_tree_init(handle, tmp_inode); - ext4_journal_stop(handle); --out: -+out_tmp_inode: - unlock_new_inode(tmp_inode); - iput(tmp_inode); -- -+out_unlock: -+ percpu_up_write(&sbi->s_writepages_rwsem); - return retval; - } - -@@ -615,7 +619,8 @@ out: - int ext4_ind_migrate(struct inode *inode) - { - struct ext4_extent_header *eh; -- struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es; -+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); -+ struct ext4_super_block *es = sbi->s_es; - struct ext4_inode_info *ei = EXT4_I(inode); - struct ext4_extent *ex; - unsigned int i, len; -@@ -639,9 +644,13 @@ int ext4_ind_migrate(struct inode *inode) - if (test_opt(inode->i_sb, DELALLOC)) - ext4_alloc_da_blocks(inode); - -+ percpu_down_write(&sbi->s_writepages_rwsem); -+ - handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, 1); -- if (IS_ERR(handle)) -- return PTR_ERR(handle); -+ if (IS_ERR(handle)) { -+ ret = PTR_ERR(handle); -+ goto out_unlock; -+ } - - down_write(&EXT4_I(inode)->i_data_sem); - ret = ext4_ext_check_inode(inode); -@@ -676,5 +685,7 @@ int ext4_ind_migrate(struct inode *inode) - errout: - ext4_journal_stop(handle); - up_write(&EXT4_I(inode)->i_data_sem); -+out_unlock: -+ percpu_up_write(&sbi->s_writepages_rwsem); - return ret; - } -diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c -index 38e6a846aac1..0c042bd43246 100644 ---- a/fs/ext4/mmp.c -+++ b/fs/ext4/mmp.c -@@ -120,10 +120,10 @@ void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, - { - __ext4_warning(sb, function, line, "%s", msg); - __ext4_warning(sb, function, line, -- "MMP failure info: last update time: %llu, last update " -- "node: %s, last update device: %s", -- (long long unsigned int) le64_to_cpu(mmp->mmp_time), -- mmp->mmp_nodename, mmp->mmp_bdevname); -+ "MMP failure info: last update time: %llu, last update node: %.*s, last update device: %.*s", -+ (unsigned long long)le64_to_cpu(mmp->mmp_time), -+ (int)sizeof(mmp->mmp_nodename), mmp->mmp_nodename, -+ (int)sizeof(mmp->mmp_bdevname), mmp->mmp_bdevname); - } - - /* -@@ -154,6 +154,7 @@ static int kmmpd(void *data) - mmp_check_interval = max(EXT4_MMP_CHECK_MULT * mmp_update_interval, - EXT4_MMP_MIN_CHECK_INTERVAL); - mmp->mmp_check_interval = cpu_to_le16(mmp_check_interval); -+ BUILD_BUG_ON(sizeof(mmp->mmp_bdevname) < BDEVNAME_SIZE); - bdevname(bh->b_bdev, mmp->mmp_bdevname); - - memcpy(mmp->mmp_nodename, init_utsname()->nodename, -@@ -375,7 +376,8 @@ skip: - /* - * Start a kernel thread to update the MMP block periodically. - */ -- EXT4_SB(sb)->s_mmp_tsk = kthread_run(kmmpd, mmpd_data, "kmmpd-%s", -+ EXT4_SB(sb)->s_mmp_tsk = kthread_run(kmmpd, mmpd_data, "kmmpd-%.*s", -+ (int)sizeof(mmp->mmp_bdevname), - bdevname(bh->b_bdev, - mmp->mmp_bdevname)); - if (IS_ERR(EXT4_SB(sb)->s_mmp_tsk)) { -diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c -index 0b5c36bd5418..3f7b3836166c 100644 ---- a/fs/ext4/namei.c -+++ b/fs/ext4/namei.c -@@ -1430,6 +1430,7 @@ restart: - /* - * We deal with the read-ahead logic here. - */ -+ cond_resched(); - if (ra_ptr >= ra_max) { - /* Refill the readahead buffer */ - ra_ptr = 0; -@@ -2094,6 +2095,13 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, - retval = ext4_dx_add_entry(handle, &fname, dir, inode); - if (!retval || (retval != ERR_BAD_DX_DIR)) - goto out; -+ /* Can we just ignore htree data? */ -+ if (ext4_has_metadata_csum(sb)) { -+ EXT4_ERROR_INODE(dir, -+ "Directory has corrupted htree index."); -+ retval = -EFSCORRUPTED; -+ goto out; -+ } - ext4_clear_inode_flag(dir, EXT4_INODE_INDEX); - dx_fallback++; - ext4_mark_inode_dirty(handle, dir); -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 93d8aa6ef661..09b443709bca 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -939,7 +939,7 @@ static void ext4_put_super(struct super_block *sb) - percpu_counter_destroy(&sbi->s_freeinodes_counter); - percpu_counter_destroy(&sbi->s_dirs_counter); - percpu_counter_destroy(&sbi->s_dirtyclusters_counter); -- percpu_free_rwsem(&sbi->s_journal_flag_rwsem); -+ percpu_free_rwsem(&sbi->s_writepages_rwsem); - #ifdef CONFIG_QUOTA - for (i = 0; i < EXT4_MAXQUOTAS; i++) - kfree(get_qf_name(sb, sbi, i)); -@@ -2863,17 +2863,11 @@ static int ext4_feature_set_ok(struct super_block *sb, int readonly) - return 0; - } - --#ifndef CONFIG_QUOTA -- if (ext4_has_feature_quota(sb) && !readonly) { -+#if !IS_ENABLED(CONFIG_QUOTA) || !IS_ENABLED(CONFIG_QFMT_V2) -+ if (!readonly && (ext4_has_feature_quota(sb) || -+ ext4_has_feature_project(sb))) { - ext4_msg(sb, KERN_ERR, -- "Filesystem with quota feature cannot be mounted RDWR " -- "without CONFIG_QUOTA"); -- return 0; -- } -- if (ext4_has_feature_project(sb) && !readonly) { -- ext4_msg(sb, KERN_ERR, -- "Filesystem with project quota feature cannot be mounted RDWR " -- "without CONFIG_QUOTA"); -+ "The kernel was not built with CONFIG_QUOTA and CONFIG_QFMT_V2"); - return 0; - } - #endif /* CONFIG_QUOTA */ -@@ -3668,6 +3662,15 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - */ - sbi->s_li_wait_mult = EXT4_DEF_LI_WAIT_MULT; - -+ blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); -+ if (blocksize < EXT4_MIN_BLOCK_SIZE || -+ blocksize > EXT4_MAX_BLOCK_SIZE) { -+ ext4_msg(sb, KERN_ERR, -+ "Unsupported filesystem blocksize %d (%d log_block_size)", -+ blocksize, le32_to_cpu(es->s_log_block_size)); -+ goto failed_mount; -+ } -+ - if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { - sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; - sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; -@@ -3685,6 +3688,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - ext4_msg(sb, KERN_ERR, - "unsupported inode size: %d", - sbi->s_inode_size); -+ ext4_msg(sb, KERN_ERR, "blocksize: %d", blocksize); - goto failed_mount; - } - /* -@@ -3848,14 +3852,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - if (!ext4_feature_set_ok(sb, (sb_rdonly(sb)))) - goto failed_mount; - -- blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); -- if (blocksize < EXT4_MIN_BLOCK_SIZE || -- blocksize > EXT4_MAX_BLOCK_SIZE) { -- ext4_msg(sb, KERN_ERR, -- "Unsupported filesystem blocksize %d (%d log_block_size)", -- blocksize, le32_to_cpu(es->s_log_block_size)); -- goto failed_mount; -- } - if (le32_to_cpu(es->s_log_block_size) > - (EXT4_MAX_BLOCK_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { - ext4_msg(sb, KERN_ERR, -@@ -4400,7 +4396,7 @@ no_journal: - err = percpu_counter_init(&sbi->s_dirtyclusters_counter, 0, - GFP_KERNEL); - if (!err) -- err = percpu_init_rwsem(&sbi->s_journal_flag_rwsem); -+ err = percpu_init_rwsem(&sbi->s_writepages_rwsem); - - if (err) { - ext4_msg(sb, KERN_ERR, "insufficient memory"); -@@ -4494,7 +4490,7 @@ failed_mount6: - percpu_counter_destroy(&sbi->s_freeinodes_counter); - percpu_counter_destroy(&sbi->s_dirs_counter); - percpu_counter_destroy(&sbi->s_dirtyclusters_counter); -- percpu_free_rwsem(&sbi->s_journal_flag_rwsem); -+ percpu_free_rwsem(&sbi->s_writepages_rwsem); - failed_mount5: - ext4_ext_release(sb); - ext4_release_system_zone(sb); -diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c -index 93af9d7dfcdc..a55919eec035 100644 ---- a/fs/f2fs/sysfs.c -+++ b/fs/f2fs/sysfs.c -@@ -507,10 +507,12 @@ int __init f2fs_init_sysfs(void) - - ret = kobject_init_and_add(&f2fs_feat, &f2fs_feat_ktype, - NULL, "features"); -- if (ret) -+ if (ret) { -+ kobject_put(&f2fs_feat); - kset_unregister(&f2fs_kset); -- else -+ } else { - f2fs_proc_root = proc_mkdir("fs/f2fs", NULL); -+ } - return ret; - } - -@@ -531,8 +533,11 @@ int f2fs_register_sysfs(struct f2fs_sb_info *sbi) - init_completion(&sbi->s_kobj_unregister); - err = kobject_init_and_add(&sbi->s_kobj, &f2fs_sb_ktype, NULL, - "%s", sb->s_id); -- if (err) -+ if (err) { -+ kobject_put(&sbi->s_kobj); -+ wait_for_completion(&sbi->s_kobj_unregister); - return err; -+ } - - if (f2fs_proc_root) - sbi->s_proc = proc_mkdir(sb->s_id, f2fs_proc_root); -@@ -557,4 +562,5 @@ void f2fs_unregister_sysfs(struct f2fs_sb_info *sbi) - remove_proc_entry(sbi->sb->s_id, f2fs_proc_root); - } - kobject_del(&sbi->s_kobj); -+ kobject_put(&sbi->s_kobj); - } -diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c -index fe4fe155b7fb..15d129b7494b 100644 ---- a/fs/jbd2/checkpoint.c -+++ b/fs/jbd2/checkpoint.c -@@ -168,7 +168,7 @@ void __jbd2_log_wait_for_space(journal_t *journal) - "journal space in %s\n", __func__, - journal->j_devname); - WARN_ON(1); -- jbd2_journal_abort(journal, 0); -+ jbd2_journal_abort(journal, -EIO); - } - write_lock(&journal->j_state_lock); - } else { -diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c -index 7dd613392592..1a4bd8d9636e 100644 ---- a/fs/jbd2/commit.c -+++ b/fs/jbd2/commit.c -@@ -783,7 +783,7 @@ start_journal_io: - err = journal_submit_commit_record(journal, commit_transaction, - &cbh, crc32_sum); - if (err) -- __jbd2_journal_abort_hard(journal); -+ jbd2_journal_abort(journal, err); - } - - blk_finish_plug(&plug); -@@ -876,7 +876,7 @@ start_journal_io: - err = journal_submit_commit_record(journal, commit_transaction, - &cbh, crc32_sum); - if (err) -- __jbd2_journal_abort_hard(journal); -+ jbd2_journal_abort(journal, err); - } - if (cbh) - err = journal_wait_on_commit_record(journal, cbh); -@@ -973,29 +973,33 @@ restart_loop: - * it. */ - - /* -- * A buffer which has been freed while still being journaled by -- * a previous transaction. -- */ -- if (buffer_freed(bh)) { -+ * A buffer which has been freed while still being journaled -+ * by a previous transaction, refile the buffer to BJ_Forget of -+ * the running transaction. If the just committed transaction -+ * contains "add to orphan" operation, we can completely -+ * invalidate the buffer now. We are rather through in that -+ * since the buffer may be still accessible when blocksize < -+ * pagesize and it is attached to the last partial page. -+ */ -+ if (buffer_freed(bh) && !jh->b_next_transaction) { -+ struct address_space *mapping; -+ -+ clear_buffer_freed(bh); -+ clear_buffer_jbddirty(bh); -+ - /* -- * If the running transaction is the one containing -- * "add to orphan" operation (b_next_transaction != -- * NULL), we have to wait for that transaction to -- * commit before we can really get rid of the buffer. -- * So just clear b_modified to not confuse transaction -- * credit accounting and refile the buffer to -- * BJ_Forget of the running transaction. If the just -- * committed transaction contains "add to orphan" -- * operation, we can completely invalidate the buffer -- * now. We are rather through in that since the -- * buffer may be still accessible when blocksize < -- * pagesize and it is attached to the last partial -- * page. -+ * Block device buffers need to stay mapped all the -+ * time, so it is enough to clear buffer_jbddirty and -+ * buffer_freed bits. For the file mapping buffers (i.e. -+ * journalled data) we need to unmap buffer and clear -+ * more bits. We also need to be careful about the check -+ * because the data page mapping can get cleared under -+ * out hands, which alse need not to clear more bits -+ * because the page and buffers will be freed and can -+ * never be reused once we are done with them. - */ -- jh->b_modified = 0; -- if (!jh->b_next_transaction) { -- clear_buffer_freed(bh); -- clear_buffer_jbddirty(bh); -+ mapping = READ_ONCE(bh->b_page->mapping); -+ if (mapping && !sb_is_blkdev_sb(mapping->host->i_sb)) { - clear_buffer_mapped(bh); - clear_buffer_new(bh); - clear_buffer_req(bh); -diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c -index d3cce5c86fd9..6e054b368b5f 100644 ---- a/fs/jbd2/journal.c -+++ b/fs/jbd2/journal.c -@@ -1687,6 +1687,11 @@ int jbd2_journal_load(journal_t *journal) - journal->j_devname); - return -EFSCORRUPTED; - } -+ /* -+ * clear JBD2_ABORT flag initialized in journal_init_common -+ * here to update log tail information with the newest seq. -+ */ -+ journal->j_flags &= ~JBD2_ABORT; - - /* OK, we've finished with the dynamic journal bits: - * reinitialise the dynamic contents of the superblock in memory -@@ -1694,7 +1699,6 @@ int jbd2_journal_load(journal_t *journal) - if (journal_reset(journal)) - goto recovery_error; - -- journal->j_flags &= ~JBD2_ABORT; - journal->j_flags |= JBD2_LOADED; - return 0; - -@@ -2115,8 +2119,7 @@ static void __journal_abort_soft (journal_t *journal, int errno) - - if (journal->j_flags & JBD2_ABORT) { - write_unlock(&journal->j_state_lock); -- if (!old_errno && old_errno != -ESHUTDOWN && -- errno == -ESHUTDOWN) -+ if (old_errno != -ESHUTDOWN && errno == -ESHUTDOWN) - jbd2_journal_update_sb_errno(journal); - return; - } -@@ -2124,12 +2127,10 @@ static void __journal_abort_soft (journal_t *journal, int errno) - - __jbd2_journal_abort_hard(journal); - -- if (errno) { -- jbd2_journal_update_sb_errno(journal); -- write_lock(&journal->j_state_lock); -- journal->j_flags |= JBD2_REC_ERR; -- write_unlock(&journal->j_state_lock); -- } -+ jbd2_journal_update_sb_errno(journal); -+ write_lock(&journal->j_state_lock); -+ journal->j_flags |= JBD2_REC_ERR; -+ write_unlock(&journal->j_state_lock); - } - - /** -@@ -2171,11 +2172,6 @@ static void __journal_abort_soft (journal_t *journal, int errno) - * failure to disk. ext3_error, for example, now uses this - * functionality. - * -- * Errors which originate from within the journaling layer will NOT -- * supply an errno; a null errno implies that absolutely no further -- * writes are done to the journal (unless there are any already in -- * progress). -- * - */ - - void jbd2_journal_abort(journal_t *journal, int errno) -diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c -index 7fe422eced89..f2ff141a4479 100644 ---- a/fs/jbd2/transaction.c -+++ b/fs/jbd2/transaction.c -@@ -2231,14 +2231,16 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh, - return -EBUSY; - } - /* -- * OK, buffer won't be reachable after truncate. We just set -- * j_next_transaction to the running transaction (if there is -- * one) and mark buffer as freed so that commit code knows it -- * should clear dirty bits when it is done with the buffer. -+ * OK, buffer won't be reachable after truncate. We just clear -+ * b_modified to not confuse transaction credit accounting, and -+ * set j_next_transaction to the running transaction (if there -+ * is one) and mark buffer as freed so that commit code knows -+ * it should clear dirty bits when it is done with the buffer. - */ - set_buffer_freed(bh); - if (journal->j_running_transaction && buffer_jbddirty(bh)) - jh->b_next_transaction = journal->j_running_transaction; -+ jh->b_modified = 0; - jbd2_journal_put_journal_head(jh); - spin_unlock(&journal->j_list_lock); - jbd_unlock_bh_state(bh); -diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h -index 497a4171ef61..bfb50fc51528 100644 ---- a/fs/ocfs2/journal.h -+++ b/fs/ocfs2/journal.h -@@ -637,9 +637,11 @@ static inline void ocfs2_update_inode_fsync_trans(handle_t *handle, - { - struct ocfs2_inode_info *oi = OCFS2_I(inode); - -- oi->i_sync_tid = handle->h_transaction->t_tid; -- if (datasync) -- oi->i_datasync_tid = handle->h_transaction->t_tid; -+ if (!is_handle_aborted(handle)) { -+ oi->i_sync_tid = handle->h_transaction->t_tid; -+ if (datasync) -+ oi->i_datasync_tid = handle->h_transaction->t_tid; -+ } - } - - #endif /* OCFS2_JOURNAL_H */ -diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c -index 1c59dff530de..34d1cc98260d 100644 ---- a/fs/orangefs/orangefs-debugfs.c -+++ b/fs/orangefs/orangefs-debugfs.c -@@ -305,6 +305,7 @@ static void *help_start(struct seq_file *m, loff_t *pos) - - static void *help_next(struct seq_file *m, void *v, loff_t *pos) - { -+ (*pos)++; - gossip_debug(GOSSIP_DEBUGFS_DEBUG, "help_next: start\n"); - - return NULL; -diff --git a/fs/reiserfs/stree.c b/fs/reiserfs/stree.c -index 0037aea97d39..2946713cb00d 100644 ---- a/fs/reiserfs/stree.c -+++ b/fs/reiserfs/stree.c -@@ -2250,7 +2250,8 @@ error_out: - /* also releases the path */ - unfix_nodes(&s_ins_balance); - #ifdef REISERQUOTA_DEBUG -- reiserfs_debug(th->t_super, REISERFS_DEBUG_CODE, -+ if (inode) -+ reiserfs_debug(th->t_super, REISERFS_DEBUG_CODE, - "reiserquota insert_item(): freeing %u id=%u type=%c", - quota_bytes, inode->i_uid, head2type(ih)); - #endif -diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index 5208d85dd30c..9caf3948417c 100644 ---- a/fs/reiserfs/super.c -+++ b/fs/reiserfs/super.c -@@ -1954,7 +1954,7 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) - if (!sbi->s_jdev) { - SWARN(silent, s, "", "Cannot allocate memory for " - "journal device name"); -- goto error; -+ goto error_unlocked; - } - } - #ifdef CONFIG_QUOTA -diff --git a/fs/udf/super.c b/fs/udf/super.c -index 242d960df9a1..51de27685e18 100644 ---- a/fs/udf/super.c -+++ b/fs/udf/super.c -@@ -2467,17 +2467,29 @@ static unsigned int udf_count_free_table(struct super_block *sb, - static unsigned int udf_count_free(struct super_block *sb) - { - unsigned int accum = 0; -- struct udf_sb_info *sbi; -+ struct udf_sb_info *sbi = UDF_SB(sb); - struct udf_part_map *map; -+ unsigned int part = sbi->s_partition; -+ int ptype = sbi->s_partmaps[part].s_partition_type; -+ -+ if (ptype == UDF_METADATA_MAP25) { -+ part = sbi->s_partmaps[part].s_type_specific.s_metadata. -+ s_phys_partition_ref; -+ } else if (ptype == UDF_VIRTUAL_MAP15 || ptype == UDF_VIRTUAL_MAP20) { -+ /* -+ * Filesystems with VAT are append-only and we cannot write to -+ * them. Let's just report 0 here. -+ */ -+ return 0; -+ } - -- sbi = UDF_SB(sb); - if (sbi->s_lvid_bh) { - struct logicalVolIntegrityDesc *lvid = - (struct logicalVolIntegrityDesc *) - sbi->s_lvid_bh->b_data; -- if (le32_to_cpu(lvid->numOfPartitions) > sbi->s_partition) { -+ if (le32_to_cpu(lvid->numOfPartitions) > part) { - accum = le32_to_cpu( -- lvid->freeSpaceTable[sbi->s_partition]); -+ lvid->freeSpaceTable[part]); - if (accum == 0xFFFFFFFF) - accum = 0; - } -@@ -2486,7 +2498,7 @@ static unsigned int udf_count_free(struct super_block *sb) - if (accum) - return accum; - -- map = &sbi->s_partmaps[sbi->s_partition]; -+ map = &sbi->s_partmaps[part]; - if (map->s_partition_flags & UDF_PART_FLAG_UNALLOC_BITMAP) { - accum += udf_count_free_bitmap(sb, - map->s_uspace.s_bitmap); -diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index 087cbe776868..8089e28539f1 100644 ---- a/include/linux/dmaengine.h -+++ b/include/linux/dmaengine.h -@@ -677,6 +677,7 @@ struct dma_filter { - * @fill_align: alignment shift for memset operations - * @dev_id: unique device ID - * @dev: struct device reference for dma mapping api -+ * @owner: owner module (automatically set based on the provided dev) - * @src_addr_widths: bit mask of src addr widths the device supports - * @dst_addr_widths: bit mask of dst addr widths the device supports - * @directions: bit mask of slave direction the device supports since -@@ -738,6 +739,7 @@ struct dma_device { - - int dev_id; - struct device *dev; -+ struct module *owner; - - u32 src_addr_widths; - u32 dst_addr_widths; -diff --git a/include/linux/intel-svm.h b/include/linux/intel-svm.h -index 99bc5b3ae26e..733eaf95e207 100644 ---- a/include/linux/intel-svm.h -+++ b/include/linux/intel-svm.h -@@ -130,7 +130,7 @@ static inline int intel_svm_unbind_mm(struct device *dev, int pasid) - BUG(); - } - --static int intel_svm_is_pasid_valid(struct device *dev, int pasid) -+static inline int intel_svm_is_pasid_valid(struct device *dev, int pasid) - { - return -EINVAL; - } -diff --git a/include/linux/libata.h b/include/linux/libata.h -index c5188dc389c8..93838d98e3f3 100644 ---- a/include/linux/libata.h -+++ b/include/linux/libata.h -@@ -1229,6 +1229,7 @@ struct pci_bits { - }; - - extern int pci_test_config_bits(struct pci_dev *pdev, const struct pci_bits *bits); -+extern void ata_pci_shutdown_one(struct pci_dev *pdev); - extern void ata_pci_remove_one(struct pci_dev *pdev); - - #ifdef CONFIG_PM -diff --git a/include/linux/list_nulls.h b/include/linux/list_nulls.h -index 3ef96743db8d..1ecd35664e0d 100644 ---- a/include/linux/list_nulls.h -+++ b/include/linux/list_nulls.h -@@ -72,10 +72,10 @@ static inline void hlist_nulls_add_head(struct hlist_nulls_node *n, - struct hlist_nulls_node *first = h->first; - - n->next = first; -- n->pprev = &h->first; -+ WRITE_ONCE(n->pprev, &h->first); - h->first = n; - if (!is_a_nulls(first)) -- first->pprev = &n->next; -+ WRITE_ONCE(first->pprev, &n->next); - } - - static inline void __hlist_nulls_del(struct hlist_nulls_node *n) -@@ -85,13 +85,13 @@ static inline void __hlist_nulls_del(struct hlist_nulls_node *n) - - WRITE_ONCE(*pprev, next); - if (!is_a_nulls(next)) -- next->pprev = pprev; -+ WRITE_ONCE(next->pprev, pprev); - } - - static inline void hlist_nulls_del(struct hlist_nulls_node *n) - { - __hlist_nulls_del(n); -- n->pprev = LIST_POISON2; -+ WRITE_ONCE(n->pprev, LIST_POISON2); - } - - /** -diff --git a/include/linux/rculist_nulls.h b/include/linux/rculist_nulls.h -index a10da545b3f6..cf64a9492256 100644 ---- a/include/linux/rculist_nulls.h -+++ b/include/linux/rculist_nulls.h -@@ -34,7 +34,7 @@ static inline void hlist_nulls_del_init_rcu(struct hlist_nulls_node *n) - { - if (!hlist_nulls_unhashed(n)) { - __hlist_nulls_del(n); -- n->pprev = NULL; -+ WRITE_ONCE(n->pprev, NULL); - } - } - -@@ -66,7 +66,7 @@ static inline void hlist_nulls_del_init_rcu(struct hlist_nulls_node *n) - static inline void hlist_nulls_del_rcu(struct hlist_nulls_node *n) - { - __hlist_nulls_del(n); -- n->pprev = LIST_POISON2; -+ WRITE_ONCE(n->pprev, LIST_POISON2); - } - - /** -@@ -94,10 +94,10 @@ static inline void hlist_nulls_add_head_rcu(struct hlist_nulls_node *n, - struct hlist_nulls_node *first = h->first; - - n->next = first; -- n->pprev = &h->first; -+ WRITE_ONCE(n->pprev, &h->first); - rcu_assign_pointer(hlist_nulls_first_rcu(h), n); - if (!is_a_nulls(first)) -- first->pprev = &n->next; -+ WRITE_ONCE(first->pprev, &n->next); - } - - /** -diff --git a/include/linux/tty.h b/include/linux/tty.h -index 0cd621d8c7f0..ead308e996c0 100644 ---- a/include/linux/tty.h -+++ b/include/linux/tty.h -@@ -224,6 +224,8 @@ struct tty_port_client_operations { - void (*write_wakeup)(struct tty_port *port); - }; - -+extern const struct tty_port_client_operations tty_port_default_client_ops; -+ - struct tty_port { - struct tty_bufhead buf; /* Locked internally */ - struct tty_struct *tty; /* Back pointer */ -diff --git a/include/media/v4l2-device.h b/include/media/v4l2-device.h -index 8ffa94009d1a..76002416cead 100644 ---- a/include/media/v4l2-device.h -+++ b/include/media/v4l2-device.h -@@ -268,7 +268,7 @@ static inline void v4l2_subdev_notify(struct v4l2_subdev *sd, - struct v4l2_subdev *__sd; \ - \ - __v4l2_device_call_subdevs_p(v4l2_dev, __sd, \ -- !(grpid) || __sd->grp_id == (grpid), o, f , \ -+ (grpid) == 0 || __sd->grp_id == (grpid), o, f , \ - ##args); \ - } while (0) - -@@ -280,7 +280,7 @@ static inline void v4l2_subdev_notify(struct v4l2_subdev *sd, - ({ \ - struct v4l2_subdev *__sd; \ - __v4l2_device_call_subdevs_until_err_p(v4l2_dev, __sd, \ -- !(grpid) || __sd->grp_id == (grpid), o, f , \ -+ (grpid) == 0 || __sd->grp_id == (grpid), o, f , \ - ##args); \ - }) - -@@ -294,8 +294,8 @@ static inline void v4l2_subdev_notify(struct v4l2_subdev *sd, - struct v4l2_subdev *__sd; \ - \ - __v4l2_device_call_subdevs_p(v4l2_dev, __sd, \ -- !(grpmsk) || (__sd->grp_id & (grpmsk)), o, f , \ -- ##args); \ -+ (grpmsk) == 0 || (__sd->grp_id & (grpmsk)), o, \ -+ f , ##args); \ - } while (0) - - /* -@@ -308,8 +308,8 @@ static inline void v4l2_subdev_notify(struct v4l2_subdev *sd, - ({ \ - struct v4l2_subdev *__sd; \ - __v4l2_device_call_subdevs_until_err_p(v4l2_dev, __sd, \ -- !(grpmsk) || (__sd->grp_id & (grpmsk)), o, f , \ -- ##args); \ -+ (grpmsk) == 0 || (__sd->grp_id & (grpmsk)), o, \ -+ f , ##args); \ - }) - - /* -diff --git a/include/scsi/iscsi_proto.h b/include/scsi/iscsi_proto.h -index f0a01a54bd15..df156f1d50b2 100644 ---- a/include/scsi/iscsi_proto.h -+++ b/include/scsi/iscsi_proto.h -@@ -638,7 +638,6 @@ struct iscsi_reject { - #define ISCSI_REASON_BOOKMARK_INVALID 9 - #define ISCSI_REASON_BOOKMARK_NO_RESOURCES 10 - #define ISCSI_REASON_NEGOTIATION_RESET 11 --#define ISCSI_REASON_WAITING_FOR_LOGOUT 12 - - /* Max. number of Key=Value pairs in a text message */ - #define MAX_KEY_VALUE_PAIRS 8192 -diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h -index 6665cb29e1a2..c2a71fd8dfaf 100644 ---- a/include/sound/rawmidi.h -+++ b/include/sound/rawmidi.h -@@ -92,9 +92,9 @@ struct snd_rawmidi_substream { - struct list_head list; /* list of all substream for given stream */ - int stream; /* direction */ - int number; /* substream number */ -- unsigned int opened: 1, /* open flag */ -- append: 1, /* append flag (merge more streams) */ -- active_sensing: 1; /* send active sensing when close */ -+ bool opened; /* open flag */ -+ bool append; /* append flag (merge more streams) */ -+ bool active_sensing; /* send active sensing when close */ - int use_count; /* use counter (for output) */ - size_t bytes; - struct snd_rawmidi *rmidi; -diff --git a/ipc/sem.c b/ipc/sem.c -index d6dd2dc9ddad..6adc245f3e02 100644 ---- a/ipc/sem.c -+++ b/ipc/sem.c -@@ -2248,11 +2248,9 @@ void exit_sem(struct task_struct *tsk) - ipc_assert_locked_object(&sma->sem_perm); - list_del(&un->list_id); - -- /* we are the last process using this ulp, acquiring ulp->lock -- * isn't required. Besides that, we are also protected against -- * IPC_RMID as we hold sma->sem_perm lock now -- */ -+ spin_lock(&ulp->lock); - list_del_rcu(&un->list_proc); -+ spin_unlock(&ulp->lock); - - /* perform adjustments registered in un */ - for (i = 0; i < sma->sem_nsems; i++) { -diff --git a/kernel/cpu.c b/kernel/cpu.c -index 49273130e4f1..96c0a868232e 100644 ---- a/kernel/cpu.c -+++ b/kernel/cpu.c -@@ -494,8 +494,7 @@ static int bringup_wait_for_ap(unsigned int cpu) - if (WARN_ON_ONCE((!cpu_online(cpu)))) - return -ECANCELED; - -- /* Unpark the stopper thread and the hotplug thread of the target cpu */ -- stop_machine_unpark(cpu); -+ /* Unpark the hotplug thread of the target cpu */ - kthread_unpark(st->thread); - - /* -@@ -1064,8 +1063,8 @@ void notify_cpu_starting(unsigned int cpu) - - /* - * Called from the idle task. Wake up the controlling task which brings the -- * stopper and the hotplug thread of the upcoming CPU up and then delegates -- * the rest of the online bringup to the hotplug thread. -+ * hotplug thread of the upcoming CPU up and then delegates the rest of the -+ * online bringup to the hotplug thread. - */ - void cpuhp_online_idle(enum cpuhp_state state) - { -@@ -1075,6 +1074,12 @@ void cpuhp_online_idle(enum cpuhp_state state) - if (state != CPUHP_AP_ONLINE_IDLE) - return; - -+ /* -+ * Unpart the stopper thread before we start the idle loop (and start -+ * scheduling); this ensures the stopper task is always available. -+ */ -+ stop_machine_unpark(smp_processor_id()); -+ - st->state = CPUHP_AP_ONLINE_IDLE; - complete_ap_thread(st, true); - } -diff --git a/kernel/irq/internals.h b/kernel/irq/internals.h -index 4ef7f3b820ce..5230c47fc43e 100644 ---- a/kernel/irq/internals.h -+++ b/kernel/irq/internals.h -@@ -119,8 +119,6 @@ static inline void unregister_handler_proc(unsigned int irq, - - extern bool irq_can_set_affinity_usr(unsigned int irq); - --extern int irq_select_affinity_usr(unsigned int irq); -- - extern void irq_set_thread_affinity(struct irq_desc *desc); - - extern int irq_do_set_affinity(struct irq_data *data, -diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c -index 9c86a3e45110..037e8fc1b008 100644 ---- a/kernel/irq/manage.c -+++ b/kernel/irq/manage.c -@@ -382,23 +382,9 @@ int irq_setup_affinity(struct irq_desc *desc) - { - return irq_select_affinity(irq_desc_get_irq(desc)); - } --#endif -+#endif /* CONFIG_AUTO_IRQ_AFFINITY */ -+#endif /* CONFIG_SMP */ - --/* -- * Called when a bogus affinity is set via /proc/irq -- */ --int irq_select_affinity_usr(unsigned int irq) --{ -- struct irq_desc *desc = irq_to_desc(irq); -- unsigned long flags; -- int ret; -- -- raw_spin_lock_irqsave(&desc->lock, flags); -- ret = irq_setup_affinity(desc); -- raw_spin_unlock_irqrestore(&desc->lock, flags); -- return ret; --} --#endif - - /** - * irq_set_vcpu_affinity - Set vcpu affinity for the interrupt -diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c -index c010cc0daf79..b031db9d56c6 100644 ---- a/kernel/irq/proc.c -+++ b/kernel/irq/proc.c -@@ -117,6 +117,28 @@ static int irq_affinity_list_proc_show(struct seq_file *m, void *v) - return show_irq_affinity(AFFINITY_LIST, m); - } - -+#ifndef CONFIG_AUTO_IRQ_AFFINITY -+static inline int irq_select_affinity_usr(unsigned int irq) -+{ -+ /* -+ * If the interrupt is started up already then this fails. The -+ * interrupt is assigned to an online CPU already. There is no -+ * point to move it around randomly. Tell user space that the -+ * selected mask is bogus. -+ * -+ * If not then any change to the affinity is pointless because the -+ * startup code invokes irq_setup_affinity() which will select -+ * a online CPU anyway. -+ */ -+ return -EINVAL; -+} -+#else -+/* ALPHA magic affinity auto selector. Keep it for historical reasons. */ -+static inline int irq_select_affinity_usr(unsigned int irq) -+{ -+ return irq_select_affinity(irq); -+} -+#endif - - static ssize_t write_irq_affinity(int type, struct file *file, - const char __user *buffer, size_t count, loff_t *pos) -diff --git a/kernel/padata.c b/kernel/padata.c -index 87540ce72aea..528a251217df 100644 ---- a/kernel/padata.c -+++ b/kernel/padata.c -@@ -34,6 +34,8 @@ - - #define MAX_OBJ_NUM 1000 - -+static void padata_free_pd(struct parallel_data *pd); -+ - static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index) - { - int cpu, target_cpu; -@@ -292,6 +294,7 @@ static void padata_serial_worker(struct work_struct *serial_work) - struct padata_serial_queue *squeue; - struct parallel_data *pd; - LIST_HEAD(local_list); -+ int cnt; - - local_bh_disable(); - squeue = container_of(serial_work, struct padata_serial_queue, work); -@@ -301,6 +304,8 @@ static void padata_serial_worker(struct work_struct *serial_work) - list_replace_init(&squeue->serial.list, &local_list); - spin_unlock(&squeue->serial.lock); - -+ cnt = 0; -+ - while (!list_empty(&local_list)) { - struct padata_priv *padata; - -@@ -310,9 +315,12 @@ static void padata_serial_worker(struct work_struct *serial_work) - list_del_init(&padata->list); - - padata->serial(padata); -- atomic_dec(&pd->refcnt); -+ cnt++; - } - local_bh_enable(); -+ -+ if (atomic_sub_and_test(cnt, &pd->refcnt)) -+ padata_free_pd(pd); - } - - /** -@@ -435,7 +443,7 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst, - setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd); - atomic_set(&pd->seq_nr, -1); - atomic_set(&pd->reorder_objects, 0); -- atomic_set(&pd->refcnt, 0); -+ atomic_set(&pd->refcnt, 1); - pd->pinst = pinst; - spin_lock_init(&pd->lock); - -@@ -460,31 +468,6 @@ static void padata_free_pd(struct parallel_data *pd) - kfree(pd); - } - --/* Flush all objects out of the padata queues. */ --static void padata_flush_queues(struct parallel_data *pd) --{ -- int cpu; -- struct padata_parallel_queue *pqueue; -- struct padata_serial_queue *squeue; -- -- for_each_cpu(cpu, pd->cpumask.pcpu) { -- pqueue = per_cpu_ptr(pd->pqueue, cpu); -- flush_work(&pqueue->work); -- } -- -- del_timer_sync(&pd->timer); -- -- if (atomic_read(&pd->reorder_objects)) -- padata_reorder(pd); -- -- for_each_cpu(cpu, pd->cpumask.cbcpu) { -- squeue = per_cpu_ptr(pd->squeue, cpu); -- flush_work(&squeue->work); -- } -- -- BUG_ON(atomic_read(&pd->refcnt) != 0); --} -- - static void __padata_start(struct padata_instance *pinst) - { - pinst->flags |= PADATA_INIT; -@@ -498,10 +481,6 @@ static void __padata_stop(struct padata_instance *pinst) - pinst->flags &= ~PADATA_INIT; - - synchronize_rcu(); -- -- get_online_cpus(); -- padata_flush_queues(pinst->pd); -- put_online_cpus(); - } - - /* Replace the internal control structure with a new one. */ -@@ -522,8 +501,8 @@ static void padata_replace(struct padata_instance *pinst, - if (!cpumask_equal(pd_old->cpumask.cbcpu, pd_new->cpumask.cbcpu)) - notification_mask |= PADATA_CPU_SERIAL; - -- padata_flush_queues(pd_old); -- padata_free_pd(pd_old); -+ if (atomic_dec_and_test(&pd_old->refcnt)) -+ padata_free_pd(pd_old); - - if (notification_mask) - blocking_notifier_call_chain(&pinst->cpumask_change_notifier, -diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 8974ecbcca3c..8a8d92a8045b 100644 ---- a/kernel/trace/ftrace.c -+++ b/kernel/trace/ftrace.c -@@ -6317,9 +6317,10 @@ static void *fpid_next(struct seq_file *m, void *v, loff_t *pos) - struct trace_array *tr = m->private; - struct trace_pid_list *pid_list = rcu_dereference_sched(tr->function_pids); - -- if (v == FTRACE_NO_PIDS) -+ if (v == FTRACE_NO_PIDS) { -+ (*pos)++; - return NULL; -- -+ } - return trace_pid_next(pid_list, v, pos); - } - -diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c -index e2da180ca172..31e91efe243e 100644 ---- a/kernel/trace/trace_events_trigger.c -+++ b/kernel/trace/trace_events_trigger.c -@@ -127,9 +127,10 @@ static void *trigger_next(struct seq_file *m, void *t, loff_t *pos) - { - struct trace_event_file *event_file = event_file_data(m->private); - -- if (t == SHOW_AVAILABLE_TRIGGERS) -+ if (t == SHOW_AVAILABLE_TRIGGERS) { -+ (*pos)++; - return NULL; -- -+ } - return seq_list_next(t, &event_file->triggers, pos); - } - -diff --git a/kernel/trace/trace_stat.c b/kernel/trace/trace_stat.c -index 75bf1bcb4a8a..92b76f9e25ed 100644 ---- a/kernel/trace/trace_stat.c -+++ b/kernel/trace/trace_stat.c -@@ -278,18 +278,22 @@ static int tracing_stat_init(void) - - d_tracing = tracing_init_dentry(); - if (IS_ERR(d_tracing)) -- return 0; -+ return -ENODEV; - - stat_dir = tracefs_create_dir("trace_stat", d_tracing); -- if (!stat_dir) -+ if (!stat_dir) { - pr_warn("Could not create tracefs 'trace_stat' entry\n"); -+ return -ENOMEM; -+ } - return 0; - } - - static int init_stat_file(struct stat_session *session) - { -- if (!stat_dir && tracing_stat_init()) -- return -ENODEV; -+ int ret; -+ -+ if (!stat_dir && (ret = tracing_stat_init())) -+ return ret; - - session->file = tracefs_create_file(session->ts->name, 0644, - stat_dir, -@@ -302,7 +306,7 @@ static int init_stat_file(struct stat_session *session) - int register_stat_tracer(struct tracer_stat *trace) - { - struct stat_session *session, *node; -- int ret; -+ int ret = -EINVAL; - - if (!trace) - return -EINVAL; -@@ -313,17 +317,15 @@ int register_stat_tracer(struct tracer_stat *trace) - /* Already registered? */ - mutex_lock(&all_stat_sessions_mutex); - list_for_each_entry(node, &all_stat_sessions, session_list) { -- if (node->ts == trace) { -- mutex_unlock(&all_stat_sessions_mutex); -- return -EINVAL; -- } -+ if (node->ts == trace) -+ goto out; - } -- mutex_unlock(&all_stat_sessions_mutex); - -+ ret = -ENOMEM; - /* Init the session */ - session = kzalloc(sizeof(*session), GFP_KERNEL); - if (!session) -- return -ENOMEM; -+ goto out; - - session->ts = trace; - INIT_LIST_HEAD(&session->session_list); -@@ -332,15 +334,16 @@ int register_stat_tracer(struct tracer_stat *trace) - ret = init_stat_file(session); - if (ret) { - destroy_session(session); -- return ret; -+ goto out; - } - -+ ret = 0; - /* Register */ -- mutex_lock(&all_stat_sessions_mutex); - list_add_tail(&session->session_list, &all_stat_sessions); -+ out: - mutex_unlock(&all_stat_sessions_mutex); - -- return 0; -+ return ret; - } - - void unregister_stat_tracer(struct tracer_stat *trace) -diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index 087994b23f8b..e4db5d54c07c 100644 ---- a/kernel/watchdog.c -+++ b/kernel/watchdog.c -@@ -164,6 +164,8 @@ static void lockup_detector_update_enable(void) - - #ifdef CONFIG_SOFTLOCKUP_DETECTOR - -+#define SOFTLOCKUP_RESET ULONG_MAX -+ - /* Global variables, exported for sysctl */ - unsigned int __read_mostly softlockup_panic = - CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE; -@@ -271,7 +273,7 @@ notrace void touch_softlockup_watchdog_sched(void) - * Preemption can be enabled. It doesn't matter which CPU's timestamp - * gets zeroed here, so use the raw_ operation. - */ -- raw_cpu_write(watchdog_touch_ts, 0); -+ raw_cpu_write(watchdog_touch_ts, SOFTLOCKUP_RESET); - } - - notrace void touch_softlockup_watchdog(void) -@@ -295,14 +297,14 @@ void touch_all_softlockup_watchdogs(void) - * the softlockup check. - */ - for_each_cpu(cpu, &watchdog_allowed_mask) -- per_cpu(watchdog_touch_ts, cpu) = 0; -+ per_cpu(watchdog_touch_ts, cpu) = SOFTLOCKUP_RESET; - wq_watchdog_touch(-1); - } - - void touch_softlockup_watchdog_sync(void) - { - __this_cpu_write(softlockup_touch_sync, true); -- __this_cpu_write(watchdog_touch_ts, 0); -+ __this_cpu_write(watchdog_touch_ts, SOFTLOCKUP_RESET); - } - - static int is_softlockup(unsigned long touch_ts) -@@ -354,7 +356,7 @@ static enum hrtimer_restart watchdog_timer_fn(struct hrtimer *hrtimer) - /* .. and repeat */ - hrtimer_forward_now(hrtimer, ns_to_ktime(sample_period)); - -- if (touch_ts == 0) { -+ if (touch_ts == SOFTLOCKUP_RESET) { - if (unlikely(__this_cpu_read(softlockup_touch_sync))) { - /* - * If the time stamp was touched atomically -diff --git a/lib/scatterlist.c b/lib/scatterlist.c -index 11fce289d116..834c846c5af8 100644 ---- a/lib/scatterlist.c -+++ b/lib/scatterlist.c -@@ -317,7 +317,7 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents, - if (prv) - table->nents = ++table->orig_nents; - -- return -ENOMEM; -+ return -ENOMEM; - } - - sg_init_table(sg, alloc_size); -diff --git a/lib/stackdepot.c b/lib/stackdepot.c -index f87d138e9672..759ff419fe61 100644 ---- a/lib/stackdepot.c -+++ b/lib/stackdepot.c -@@ -92,15 +92,19 @@ static bool init_stack_slab(void **prealloc) - return true; - if (stack_slabs[depot_index] == NULL) { - stack_slabs[depot_index] = *prealloc; -+ *prealloc = NULL; - } else { -- stack_slabs[depot_index + 1] = *prealloc; -+ /* If this is the last depot slab, do not touch the next one. */ -+ if (depot_index + 1 < STACK_ALLOC_MAX_SLABS) { -+ stack_slabs[depot_index + 1] = *prealloc; -+ *prealloc = NULL; -+ } - /* - * This smp_store_release pairs with smp_load_acquire() from - * |next_slab_inited| above and in depot_save_stack(). - */ - smp_store_release(&next_slab_inited, 1); - } -- *prealloc = NULL; - return true; - } - -diff --git a/mm/vmscan.c b/mm/vmscan.c -index 0cc3c1eb15f5..c6962aa5ddb4 100644 ---- a/mm/vmscan.c -+++ b/mm/vmscan.c -@@ -2369,10 +2369,13 @@ out: - /* - * Scan types proportional to swappiness and - * their relative recent reclaim efficiency. -- * Make sure we don't miss the last page -- * because of a round-off error. -+ * Make sure we don't miss the last page on -+ * the offlined memory cgroups because of a -+ * round-off error. - */ -- scan = DIV64_U64_ROUND_UP(scan * fraction[file], -+ scan = mem_cgroup_online(memcg) ? -+ div64_u64(scan * fraction[file], denominator) : -+ DIV64_U64_ROUND_UP(scan * fraction[file], - denominator); - break; - case SCAN_FILE: -diff --git a/net/dsa/tag_qca.c b/net/dsa/tag_qca.c -index af3a12a36d88..f268c5c3eedb 100644 ---- a/net/dsa/tag_qca.c -+++ b/net/dsa/tag_qca.c -@@ -41,7 +41,7 @@ static struct sk_buff *qca_tag_xmit(struct sk_buff *skb, struct net_device *dev) - struct dsa_slave_priv *p = netdev_priv(dev); - u16 *phdr, hdr; - -- if (skb_cow_head(skb, 0) < 0) -+ if (skb_cow_head(skb, QCA_HDR_LEN) < 0) - return NULL; - - skb_push(skb, QCA_HDR_LEN); -diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c -index fe8e8a1622b5..186f97f1c6c0 100644 ---- a/net/netfilter/xt_hashlimit.c -+++ b/net/netfilter/xt_hashlimit.c -@@ -845,6 +845,8 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) - return hashlimit_mt_common(skb, par, hinfo, &info->cfg, 3); - } - -+#define HASHLIMIT_MAX_SIZE 1048576 -+ - static int hashlimit_mt_check_common(const struct xt_mtchk_param *par, - struct xt_hashlimit_htable **hinfo, - struct hashlimit_cfg3 *cfg, -@@ -855,6 +857,14 @@ static int hashlimit_mt_check_common(const struct xt_mtchk_param *par, - - if (cfg->gc_interval == 0 || cfg->expire == 0) - return -EINVAL; -+ if (cfg->size > HASHLIMIT_MAX_SIZE) { -+ cfg->size = HASHLIMIT_MAX_SIZE; -+ pr_info_ratelimited("size too large, truncated to %u\n", cfg->size); -+ } -+ if (cfg->max > HASHLIMIT_MAX_SIZE) { -+ cfg->max = HASHLIMIT_MAX_SIZE; -+ pr_info_ratelimited("max too large, truncated to %u\n", cfg->max); -+ } - if (par->family == NFPROTO_IPV4) { - if (cfg->srcmask > 32 || cfg->dstmask > 32) - return -EINVAL; -diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c -index 1879665e5a2b..80a5a6d503c8 100644 ---- a/net/sched/cls_flower.c -+++ b/net/sched/cls_flower.c -@@ -445,6 +445,7 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { - [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 }, - [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 }, - [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 }, -+ [TCA_FLOWER_FLAGS] = { .type = NLA_U32 }, - }; - - static void fl_set_key_val(struct nlattr **tb, -diff --git a/net/sched/cls_matchall.c b/net/sched/cls_matchall.c -index d8fd152779c8..a985f91e8b47 100644 ---- a/net/sched/cls_matchall.c -+++ b/net/sched/cls_matchall.c -@@ -136,6 +136,7 @@ static void *mall_get(struct tcf_proto *tp, u32 handle) - static const struct nla_policy mall_policy[TCA_MATCHALL_MAX + 1] = { - [TCA_MATCHALL_UNSPEC] = { .type = NLA_UNSPEC }, - [TCA_MATCHALL_CLASSID] = { .type = NLA_U32 }, -+ [TCA_MATCHALL_FLAGS] = { .type = NLA_U32 }, - }; - - static int mall_set_parms(struct net *net, struct tcf_proto *tp, -diff --git a/net/smc/smc_diag.c b/net/smc/smc_diag.c -index d2d01cf70224..576c37d86051 100644 ---- a/net/smc/smc_diag.c -+++ b/net/smc/smc_diag.c -@@ -38,15 +38,14 @@ static void smc_diag_msg_common_fill(struct smc_diag_msg *r, struct sock *sk) - { - struct smc_sock *smc = smc_sk(sk); - -+ memset(r, 0, sizeof(*r)); - r->diag_family = sk->sk_family; -+ sock_diag_save_cookie(sk, r->id.idiag_cookie); - if (!smc->clcsock) - return; - r->id.idiag_sport = htons(smc->clcsock->sk->sk_num); - r->id.idiag_dport = smc->clcsock->sk->sk_dport; - r->id.idiag_if = smc->clcsock->sk->sk_bound_dev_if; -- sock_diag_save_cookie(sk, r->id.idiag_cookie); -- memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -- memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); - r->id.idiag_src[0] = smc->clcsock->sk->sk_rcv_saddr; - r->id.idiag_dst[0] = smc->clcsock->sk->sk_daddr; - } -diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c -index 27aac273205b..fa423fcd1a92 100644 ---- a/scripts/kconfig/confdata.c -+++ b/scripts/kconfig/confdata.c -@@ -1238,7 +1238,7 @@ bool conf_set_all_new_symbols(enum conf_def_mode mode) - - sym_calc_value(csym); - if (mode == def_random) -- has_changed = randomize_choice_values(csym); -+ has_changed |= randomize_choice_values(csym); - else { - set_all_choice_values(csym); - has_changed = true; -diff --git a/security/selinux/avc.c b/security/selinux/avc.c -index 2380b8d72cec..23f387b30ece 100644 ---- a/security/selinux/avc.c -+++ b/security/selinux/avc.c -@@ -863,7 +863,7 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, - if (orig->ae.xp_node) { - rc = avc_xperms_populate(node, orig->ae.xp_node); - if (rc) { -- kmem_cache_free(avc_node_cachep, node); -+ avc_node_kill(node); - goto out_unlock; - } - } -diff --git a/sound/core/control.c b/sound/core/control.c -index 36571cd49be3..a0ce22164957 100644 ---- a/sound/core/control.c -+++ b/sound/core/control.c -@@ -1467,8 +1467,9 @@ static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, - if (kctl->tlv.c == NULL) - return -ENXIO; - -- /* When locked, this is unavailable. */ -- if (vd->owner != NULL && vd->owner != file) -+ /* Write and command operations are not allowed for locked element. */ -+ if (op_flag != SNDRV_CTL_TLV_OP_READ && -+ vd->owner != NULL && vd->owner != file) - return -EPERM; - - return kctl->tlv.c(kctl, op_flag, size, buf); -diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c -index 92b0d4523a07..6fe93d5f6f71 100644 ---- a/sound/core/seq/seq_clientmgr.c -+++ b/sound/core/seq/seq_clientmgr.c -@@ -564,7 +564,7 @@ static int update_timestamp_of_queue(struct snd_seq_event *event, - event->queue = queue; - event->flags &= ~SNDRV_SEQ_TIME_STAMP_MASK; - if (real_time) { -- event->time.time = snd_seq_timer_get_cur_time(q->timer); -+ event->time.time = snd_seq_timer_get_cur_time(q->timer, true); - event->flags |= SNDRV_SEQ_TIME_STAMP_REAL; - } else { - event->time.tick = snd_seq_timer_get_cur_tick(q->timer); -@@ -1639,7 +1639,7 @@ static int snd_seq_ioctl_get_queue_status(struct snd_seq_client *client, - tmr = queue->timer; - status->events = queue->tickq->cells + queue->timeq->cells; - -- status->time = snd_seq_timer_get_cur_time(tmr); -+ status->time = snd_seq_timer_get_cur_time(tmr, true); - status->tick = snd_seq_timer_get_cur_tick(tmr); - - status->running = tmr->running; -diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c -index 1a6dc4ff44a6..ea1aa0796276 100644 ---- a/sound/core/seq/seq_queue.c -+++ b/sound/core/seq/seq_queue.c -@@ -261,6 +261,8 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) - { - unsigned long flags; - struct snd_seq_event_cell *cell; -+ snd_seq_tick_time_t cur_tick; -+ snd_seq_real_time_t cur_time; - - if (q == NULL) - return; -@@ -277,17 +279,18 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) - - __again: - /* Process tick queue... */ -+ cur_tick = snd_seq_timer_get_cur_tick(q->timer); - for (;;) { -- cell = snd_seq_prioq_cell_out(q->tickq, -- &q->timer->tick.cur_tick); -+ cell = snd_seq_prioq_cell_out(q->tickq, &cur_tick); - if (!cell) - break; - snd_seq_dispatch_event(cell, atomic, hop); - } - - /* Process time queue... */ -+ cur_time = snd_seq_timer_get_cur_time(q->timer, false); - for (;;) { -- cell = snd_seq_prioq_cell_out(q->timeq, &q->timer->cur_time); -+ cell = snd_seq_prioq_cell_out(q->timeq, &cur_time); - if (!cell) - break; - snd_seq_dispatch_event(cell, atomic, hop); -@@ -415,6 +418,7 @@ int snd_seq_queue_check_access(int queueid, int client) - int snd_seq_queue_set_owner(int queueid, int client, int locked) - { - struct snd_seq_queue *q = queueptr(queueid); -+ unsigned long flags; - - if (q == NULL) - return -EINVAL; -@@ -424,8 +428,10 @@ int snd_seq_queue_set_owner(int queueid, int client, int locked) - return -EPERM; - } - -+ spin_lock_irqsave(&q->owner_lock, flags); - q->locked = locked ? 1 : 0; - q->owner = client; -+ spin_unlock_irqrestore(&q->owner_lock, flags); - queue_access_unlock(q); - queuefree(q); - -@@ -564,15 +570,17 @@ void snd_seq_queue_client_termination(int client) - unsigned long flags; - int i; - struct snd_seq_queue *q; -+ bool matched; - - for (i = 0; i < SNDRV_SEQ_MAX_QUEUES; i++) { - if ((q = queueptr(i)) == NULL) - continue; - spin_lock_irqsave(&q->owner_lock, flags); -- if (q->owner == client) -+ matched = (q->owner == client); -+ if (matched) - q->klocked = 1; - spin_unlock_irqrestore(&q->owner_lock, flags); -- if (q->owner == client) { -+ if (matched) { - if (q->timer->running) - snd_seq_timer_stop(q->timer); - snd_seq_timer_reset(q->timer); -@@ -764,6 +772,8 @@ void snd_seq_info_queues_read(struct snd_info_entry *entry, - int i, bpm; - struct snd_seq_queue *q; - struct snd_seq_timer *tmr; -+ bool locked; -+ int owner; - - for (i = 0; i < SNDRV_SEQ_MAX_QUEUES; i++) { - if ((q = queueptr(i)) == NULL) -@@ -775,9 +785,14 @@ void snd_seq_info_queues_read(struct snd_info_entry *entry, - else - bpm = 0; - -+ spin_lock_irq(&q->owner_lock); -+ locked = q->locked; -+ owner = q->owner; -+ spin_unlock_irq(&q->owner_lock); -+ - snd_iprintf(buffer, "queue %d: [%s]\n", q->queue, q->name); -- snd_iprintf(buffer, "owned by client : %d\n", q->owner); -- snd_iprintf(buffer, "lock status : %s\n", q->locked ? "Locked" : "Free"); -+ snd_iprintf(buffer, "owned by client : %d\n", owner); -+ snd_iprintf(buffer, "lock status : %s\n", locked ? "Locked" : "Free"); - snd_iprintf(buffer, "queued time events : %d\n", snd_seq_prioq_avail(q->timeq)); - snd_iprintf(buffer, "queued tick events : %d\n", snd_seq_prioq_avail(q->tickq)); - snd_iprintf(buffer, "timer state : %s\n", tmr->running ? "Running" : "Stopped"); -diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c -index 0e1feb597586..bd5e5a5d52a8 100644 ---- a/sound/core/seq/seq_timer.c -+++ b/sound/core/seq/seq_timer.c -@@ -436,14 +436,15 @@ int snd_seq_timer_continue(struct snd_seq_timer *tmr) - } - - /* return current 'real' time. use timeofday() to get better granularity. */ --snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr) -+snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr, -+ bool adjust_ktime) - { - snd_seq_real_time_t cur_time; - unsigned long flags; - - spin_lock_irqsave(&tmr->lock, flags); - cur_time = tmr->cur_time; -- if (tmr->running) { -+ if (adjust_ktime && tmr->running) { - struct timespec64 tm; - - ktime_get_ts64(&tm); -@@ -460,7 +461,13 @@ snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr) - high PPQ values) */ - snd_seq_tick_time_t snd_seq_timer_get_cur_tick(struct snd_seq_timer *tmr) - { -- return tmr->tick.cur_tick; -+ snd_seq_tick_time_t cur_tick; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&tmr->lock, flags); -+ cur_tick = tmr->tick.cur_tick; -+ spin_unlock_irqrestore(&tmr->lock, flags); -+ return cur_tick; - } - - -diff --git a/sound/core/seq/seq_timer.h b/sound/core/seq/seq_timer.h -index 9506b661fe5b..5d47d559465e 100644 ---- a/sound/core/seq/seq_timer.h -+++ b/sound/core/seq/seq_timer.h -@@ -135,7 +135,8 @@ int snd_seq_timer_set_ppq(struct snd_seq_timer *tmr, int ppq); - int snd_seq_timer_set_position_tick(struct snd_seq_timer *tmr, snd_seq_tick_time_t position); - int snd_seq_timer_set_position_time(struct snd_seq_timer *tmr, snd_seq_real_time_t position); - int snd_seq_timer_set_skew(struct snd_seq_timer *tmr, unsigned int skew, unsigned int base); --snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr); -+snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr, -+ bool adjust_ktime); - snd_seq_tick_time_t snd_seq_timer_get_cur_tick(struct snd_seq_timer *tmr); - - extern int seq_default_timer_class; -diff --git a/sound/hda/hdmi_chmap.c b/sound/hda/hdmi_chmap.c -index f21633cd9b38..acbe61b8db7b 100644 ---- a/sound/hda/hdmi_chmap.c -+++ b/sound/hda/hdmi_chmap.c -@@ -249,7 +249,7 @@ void snd_hdac_print_channel_allocation(int spk_alloc, char *buf, int buflen) - - for (i = 0, j = 0; i < ARRAY_SIZE(cea_speaker_allocation_names); i++) { - if (spk_alloc & (1 << i)) -- j += snprintf(buf + j, buflen - j, " %s", -+ j += scnprintf(buf + j, buflen - j, " %s", - cea_speaker_allocation_names[i]); - } - buf[j] = '\0'; /* necessary when j == 0 */ -diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index e3f3351da480..a6f7561e7bb9 100644 ---- a/sound/pci/hda/hda_codec.c -+++ b/sound/pci/hda/hda_codec.c -@@ -4002,7 +4002,7 @@ void snd_print_pcm_bits(int pcm, char *buf, int buflen) - - for (i = 0, j = 0; i < ARRAY_SIZE(bits); i++) - if (pcm & (AC_SUPPCM_BITS_8 << i)) -- j += snprintf(buf + j, buflen - j, " %d", bits[i]); -+ j += scnprintf(buf + j, buflen - j, " %d", bits[i]); - - buf[j] = '\0'; /* necessary when j == 0 */ - } -diff --git a/sound/pci/hda/hda_eld.c b/sound/pci/hda/hda_eld.c -index ba7fe9b6655c..864cc8c9ada0 100644 ---- a/sound/pci/hda/hda_eld.c -+++ b/sound/pci/hda/hda_eld.c -@@ -373,7 +373,7 @@ static void hdmi_print_pcm_rates(int pcm, char *buf, int buflen) - - for (i = 0, j = 0; i < ARRAY_SIZE(alsa_rates); i++) - if (pcm & (1 << i)) -- j += snprintf(buf + j, buflen - j, " %d", -+ j += scnprintf(buf + j, buflen - j, " %d", - alsa_rates[i]); - - buf[j] = '\0'; /* necessary when j == 0 */ -diff --git a/sound/pci/hda/hda_sysfs.c b/sound/pci/hda/hda_sysfs.c -index 9b7efece4484..2a173de7ca02 100644 ---- a/sound/pci/hda/hda_sysfs.c -+++ b/sound/pci/hda/hda_sysfs.c -@@ -221,7 +221,7 @@ static ssize_t init_verbs_show(struct device *dev, - mutex_lock(&codec->user_mutex); - for (i = 0; i < codec->init_verbs.used; i++) { - struct hda_verb *v = snd_array_elem(&codec->init_verbs, i); -- len += snprintf(buf + len, PAGE_SIZE - len, -+ len += scnprintf(buf + len, PAGE_SIZE - len, - "0x%02x 0x%03x 0x%04x\n", - v->nid, v->verb, v->param); - } -@@ -271,7 +271,7 @@ static ssize_t hints_show(struct device *dev, - mutex_lock(&codec->user_mutex); - for (i = 0; i < codec->hints.used; i++) { - struct hda_hint *hint = snd_array_elem(&codec->hints, i); -- len += snprintf(buf + len, PAGE_SIZE - len, -+ len += scnprintf(buf + len, PAGE_SIZE - len, - "%s = %s\n", hint->key, hint->val); - } - mutex_unlock(&codec->user_mutex); -diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c -index 382b6d2ed803..9cc9304ff21a 100644 ---- a/sound/pci/hda/patch_conexant.c -+++ b/sound/pci/hda/patch_conexant.c -@@ -969,6 +969,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { - SND_PCI_QUIRK(0x17aa, 0x215f, "Lenovo T510", CXT_PINCFG_LENOVO_TP410), - SND_PCI_QUIRK(0x17aa, 0x21ce, "Lenovo T420", CXT_PINCFG_LENOVO_TP410), - SND_PCI_QUIRK(0x17aa, 0x21cf, "Lenovo T520", CXT_PINCFG_LENOVO_TP410), -+ SND_PCI_QUIRK(0x17aa, 0x21d2, "Lenovo T420s", CXT_PINCFG_LENOVO_TP410), - SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410), - SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410), - SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD), -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c -index f21405597215..12913368c231 100644 ---- a/sound/pci/hda/patch_hdmi.c -+++ b/sound/pci/hda/patch_hdmi.c -@@ -2574,9 +2574,12 @@ static int alloc_intel_hdmi(struct hda_codec *codec) - /* parse and post-process for Intel codecs */ - static int parse_intel_hdmi(struct hda_codec *codec) - { -- int err; -+ int err, retries = 3; -+ -+ do { -+ err = hdmi_parse_codec(codec); -+ } while (err < 0 && retries--); - -- err = hdmi_parse_codec(codec); - if (err < 0) { - generic_spec_free(codec); - return err; -diff --git a/sound/sh/aica.c b/sound/sh/aica.c -index fdc680ae8aa0..d9acf551a898 100644 ---- a/sound/sh/aica.c -+++ b/sound/sh/aica.c -@@ -117,10 +117,10 @@ static void spu_memset(u32 toi, u32 what, int length) - } - - /* spu_memload - write to SPU address space */ --static void spu_memload(u32 toi, void *from, int length) -+static void spu_memload(u32 toi, const void *from, int length) - { - unsigned long flags; -- u32 *froml = from; -+ const u32 *froml = from; - u32 __iomem *to = (u32 __iomem *) (SPU_MEMORY_BASE + toi); - int i; - u32 val; -diff --git a/sound/sh/sh_dac_audio.c b/sound/sh/sh_dac_audio.c -index 834b2574786f..6251b5e1b64a 100644 ---- a/sound/sh/sh_dac_audio.c -+++ b/sound/sh/sh_dac_audio.c -@@ -190,7 +190,6 @@ static int snd_sh_dac_pcm_copy(struct snd_pcm_substream *substream, - { - /* channel is not used (interleaved data) */ - struct snd_sh_dac *chip = snd_pcm_substream_chip(substream); -- struct snd_pcm_runtime *runtime = substream->runtime; - - if (copy_from_user_toio(chip->data_buffer + pos, src, count)) - return -EFAULT; -@@ -210,7 +209,6 @@ static int snd_sh_dac_pcm_copy_kernel(struct snd_pcm_substream *substream, - { - /* channel is not used (interleaved data) */ - struct snd_sh_dac *chip = snd_pcm_substream_chip(substream); -- struct snd_pcm_runtime *runtime = substream->runtime; - - memcpy_toio(chip->data_buffer + pos, src, count); - chip->buffer_end = chip->data_buffer + pos + count; -@@ -229,7 +227,6 @@ static int snd_sh_dac_pcm_silence(struct snd_pcm_substream *substream, - { - /* channel is not used (interleaved data) */ - struct snd_sh_dac *chip = snd_pcm_substream_chip(substream); -- struct snd_pcm_runtime *runtime = substream->runtime; - - memset_io(chip->data_buffer + pos, 0, count); - chip->buffer_end = chip->data_buffer + pos + count; -diff --git a/sound/soc/atmel/Kconfig b/sound/soc/atmel/Kconfig -index 4a56f3dfba51..23887613b5c3 100644 ---- a/sound/soc/atmel/Kconfig -+++ b/sound/soc/atmel/Kconfig -@@ -25,6 +25,8 @@ config SND_ATMEL_SOC_DMA - - config SND_ATMEL_SOC_SSC_DMA - tristate -+ select SND_ATMEL_SOC_DMA -+ select SND_ATMEL_SOC_PDC - - config SND_ATMEL_SOC_SSC - tristate -diff --git a/sound/soc/sunxi/sun8i-codec.c b/sound/soc/sunxi/sun8i-codec.c -index 7a312168f864..a031f25031b4 100644 ---- a/sound/soc/sunxi/sun8i-codec.c -+++ b/sound/soc/sunxi/sun8i-codec.c -@@ -71,6 +71,7 @@ - - #define SUN8I_SYS_SR_CTRL_AIF1_FS_MASK GENMASK(15, 12) - #define SUN8I_SYS_SR_CTRL_AIF2_FS_MASK GENMASK(11, 8) -+#define SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK GENMASK(3, 2) - #define SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK GENMASK(5, 4) - #define SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK GENMASK(8, 6) - #define SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK GENMASK(12, 9) -@@ -221,7 +222,7 @@ static int sun8i_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) - return -EINVAL; - } - regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, -- BIT(SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT), -+ SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK, - value << SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT); - - return 0; -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index 51ee7910e98c..4872c27f6054 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -1151,6 +1151,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip) - case USB_ID(0x1de7, 0x0014): /* Phoenix Audio TMX320 */ - case USB_ID(0x1de7, 0x0114): /* Phoenix Audio MT202pcs */ - case USB_ID(0x21B4, 0x0081): /* AudioQuest DragonFly */ -+ case USB_ID(0x2912, 0x30c8): /* Audioengine D1 */ - return true; - } - return false; -diff --git a/sound/usb/usx2y/usX2Yhwdep.c b/sound/usb/usx2y/usX2Yhwdep.c -index f4b3cda412fc..e75271e731b2 100644 ---- a/sound/usb/usx2y/usX2Yhwdep.c -+++ b/sound/usb/usx2y/usX2Yhwdep.c -@@ -131,7 +131,7 @@ static int snd_usX2Y_hwdep_dsp_status(struct snd_hwdep *hw, - info->num_dsps = 2; // 0: Prepad Data, 1: FPGA Code - if (us428->chip_status & USX2Y_STAT_CHIP_INIT) - info->chip_ready = 1; -- info->version = USX2Y_DRIVER_VERSION; -+ info->version = USX2Y_DRIVER_VERSION; - return 0; - } - -diff --git a/tools/lib/api/fs/fs.c b/tools/lib/api/fs/fs.c -index b24afc0e6e81..45b50b89009a 100644 ---- a/tools/lib/api/fs/fs.c -+++ b/tools/lib/api/fs/fs.c -@@ -210,6 +210,7 @@ static bool fs__env_override(struct fs *fs) - size_t name_len = strlen(fs->name); - /* name + "_PATH" + '\0' */ - char upper_name[name_len + 5 + 1]; -+ - memcpy(upper_name, fs->name, name_len); - mem_toupper(upper_name, name_len); - strcpy(&upper_name[name_len], "_PATH"); -@@ -219,7 +220,8 @@ static bool fs__env_override(struct fs *fs) - return false; - - fs->found = true; -- strncpy(fs->path, override_path, sizeof(fs->path)); -+ strncpy(fs->path, override_path, sizeof(fs->path) - 1); -+ fs->path[sizeof(fs->path) - 1] = '\0'; - return true; - } - -diff --git a/tools/objtool/arch/x86/lib/x86-opcode-map.txt b/tools/objtool/arch/x86/lib/x86-opcode-map.txt -index 0a0e9112f284..5cb9f009f2be 100644 ---- a/tools/objtool/arch/x86/lib/x86-opcode-map.txt -+++ b/tools/objtool/arch/x86/lib/x86-opcode-map.txt -@@ -909,7 +909,7 @@ EndTable - - GrpTable: Grp3_2 - 0: TEST Ev,Iz --1: -+1: TEST Ev,Iz - 2: NOT Ev - 3: NEG Ev - 4: MUL rAX,Ev -diff --git a/tools/testing/selftests/size/get_size.c b/tools/testing/selftests/size/get_size.c -index d4b59ab979a0..f55943b6d1e2 100644 ---- a/tools/testing/selftests/size/get_size.c -+++ b/tools/testing/selftests/size/get_size.c -@@ -12,23 +12,35 @@ - * own execution. It also attempts to have as few dependencies - * on kernel features as possible. - * -- * It should be statically linked, with startup libs avoided. -- * It uses no library calls, and only the following 3 syscalls: -+ * It should be statically linked, with startup libs avoided. It uses -+ * no library calls except the syscall() function for the following 3 -+ * syscalls: - * sysinfo(), write(), and _exit() - * - * For output, it avoids printf (which in some C libraries - * has large external dependencies) by implementing it's own - * number output and print routines, and using __builtin_strlen() -+ * -+ * The test may crash if any of the above syscalls fails because in some -+ * libc implementations (e.g. the GNU C Library) errno is saved in -+ * thread-local storage, which does not get initialized due to avoiding -+ * startup libs. - */ - - #include - #include -+#include - - #define STDOUT_FILENO 1 - - static int print(const char *s) - { -- return write(STDOUT_FILENO, s, __builtin_strlen(s)); -+ size_t len = 0; -+ -+ while (s[len] != '\0') -+ len++; -+ -+ return syscall(SYS_write, STDOUT_FILENO, s, len); - } - - static inline char *num_to_str(unsigned long num, char *buf, int len) -@@ -80,12 +92,12 @@ void _start(void) - print("TAP version 13\n"); - print("# Testing system size.\n"); - -- ccode = sysinfo(&info); -+ ccode = syscall(SYS_sysinfo, &info); - if (ccode < 0) { - print("not ok 1"); - print(test_name); - print(" ---\n reason: \"could not get sysinfo\"\n ...\n"); -- _exit(ccode); -+ syscall(SYS_exit, ccode); - } - print("ok 1"); - print(test_name); -@@ -101,5 +113,5 @@ void _start(void) - print(" ...\n"); - print("1..1\n"); - -- _exit(0); -+ syscall(SYS_exit, 0); - } -diff --git a/tools/usb/usbip/src/usbip_network.c b/tools/usb/usbip/src/usbip_network.c -index b4c37e76a6e0..187dfaa67d0a 100644 ---- a/tools/usb/usbip/src/usbip_network.c -+++ b/tools/usb/usbip/src/usbip_network.c -@@ -62,39 +62,39 @@ void usbip_setup_port_number(char *arg) - info("using port %d (\"%s\")", usbip_port, usbip_port_string); - } - --void usbip_net_pack_uint32_t(int pack, uint32_t *num) -+uint32_t usbip_net_pack_uint32_t(int pack, uint32_t num) - { - uint32_t i; - - if (pack) -- i = htonl(*num); -+ i = htonl(num); - else -- i = ntohl(*num); -+ i = ntohl(num); - -- *num = i; -+ return i; - } - --void usbip_net_pack_uint16_t(int pack, uint16_t *num) -+uint16_t usbip_net_pack_uint16_t(int pack, uint16_t num) - { - uint16_t i; - - if (pack) -- i = htons(*num); -+ i = htons(num); - else -- i = ntohs(*num); -+ i = ntohs(num); - -- *num = i; -+ return i; - } - - void usbip_net_pack_usb_device(int pack, struct usbip_usb_device *udev) - { -- usbip_net_pack_uint32_t(pack, &udev->busnum); -- usbip_net_pack_uint32_t(pack, &udev->devnum); -- usbip_net_pack_uint32_t(pack, &udev->speed); -+ udev->busnum = usbip_net_pack_uint32_t(pack, udev->busnum); -+ udev->devnum = usbip_net_pack_uint32_t(pack, udev->devnum); -+ udev->speed = usbip_net_pack_uint32_t(pack, udev->speed); - -- usbip_net_pack_uint16_t(pack, &udev->idVendor); -- usbip_net_pack_uint16_t(pack, &udev->idProduct); -- usbip_net_pack_uint16_t(pack, &udev->bcdDevice); -+ udev->idVendor = usbip_net_pack_uint16_t(pack, udev->idVendor); -+ udev->idProduct = usbip_net_pack_uint16_t(pack, udev->idProduct); -+ udev->bcdDevice = usbip_net_pack_uint16_t(pack, udev->bcdDevice); - } - - void usbip_net_pack_usb_interface(int pack __attribute__((unused)), -@@ -141,6 +141,14 @@ ssize_t usbip_net_send(int sockfd, void *buff, size_t bufflen) - return usbip_net_xmit(sockfd, buff, bufflen, 1); - } - -+static inline void usbip_net_pack_op_common(int pack, -+ struct op_common *op_common) -+{ -+ op_common->version = usbip_net_pack_uint16_t(pack, op_common->version); -+ op_common->code = usbip_net_pack_uint16_t(pack, op_common->code); -+ op_common->status = usbip_net_pack_uint32_t(pack, op_common->status); -+} -+ - int usbip_net_send_op_common(int sockfd, uint32_t code, uint32_t status) - { - struct op_common op_common; -@@ -152,7 +160,7 @@ int usbip_net_send_op_common(int sockfd, uint32_t code, uint32_t status) - op_common.code = code; - op_common.status = status; - -- PACK_OP_COMMON(1, &op_common); -+ usbip_net_pack_op_common(1, &op_common); - - rc = usbip_net_send(sockfd, &op_common, sizeof(op_common)); - if (rc < 0) { -@@ -176,7 +184,7 @@ int usbip_net_recv_op_common(int sockfd, uint16_t *code) - goto err; - } - -- PACK_OP_COMMON(0, &op_common); -+ usbip_net_pack_op_common(0, &op_common); - - if (op_common.version != USBIP_VERSION) { - dbg("version mismatch: %d %d", op_common.version, -diff --git a/tools/usb/usbip/src/usbip_network.h b/tools/usb/usbip/src/usbip_network.h -index 7032687621d3..8e8330c0f1c9 100644 ---- a/tools/usb/usbip/src/usbip_network.h -+++ b/tools/usb/usbip/src/usbip_network.h -@@ -34,12 +34,6 @@ struct op_common { - - } __attribute__((packed)); - --#define PACK_OP_COMMON(pack, op_common) do {\ -- usbip_net_pack_uint16_t(pack, &(op_common)->version);\ -- usbip_net_pack_uint16_t(pack, &(op_common)->code);\ -- usbip_net_pack_uint32_t(pack, &(op_common)->status);\ --} while (0) -- - /* ---------------------------------------------------------------------- */ - /* Dummy Code */ - #define OP_UNSPEC 0x00 -@@ -165,11 +159,11 @@ struct op_devlist_reply_extra { - } while (0) - - #define PACK_OP_DEVLIST_REPLY(pack, reply) do {\ -- usbip_net_pack_uint32_t(pack, &(reply)->ndev);\ -+ (reply)->ndev = usbip_net_pack_uint32_t(pack, (reply)->ndev);\ - } while (0) - --void usbip_net_pack_uint32_t(int pack, uint32_t *num); --void usbip_net_pack_uint16_t(int pack, uint16_t *num); -+uint32_t usbip_net_pack_uint32_t(int pack, uint32_t num); -+uint16_t usbip_net_pack_uint16_t(int pack, uint16_t num); - void usbip_net_pack_usb_device(int pack, struct usbip_usb_device *udev); - void usbip_net_pack_usb_interface(int pack, struct usbip_usb_interface *uinf); -