summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-08-14 06:40:25 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-08-14 06:40:25 -0400
commit046f9cd3210f4affd139f18cc43dfb197c87e947 (patch)
treeba7e33d3efc7597e0bb413ae9a4090e07ea36945
parentgrsecurity-3.1-4.6.5-201607312210 (diff)
downloadhardened-patchset-046f9cd3210f4affd139f18cc43dfb197c87e947.tar.gz
hardened-patchset-046f9cd3210f4affd139f18cc43dfb197c87e947.tar.bz2
hardened-patchset-046f9cd3210f4affd139f18cc43dfb197c87e947.zip
grsecurity-3.1-4.7-20160813124020160813
-rw-r--r--4.6.5/1004_linux-4.6.5.patch7262
-rw-r--r--4.7.0/0000_README (renamed from 4.6.5/0000_README)6
-rw-r--r--4.7.0/4420_grsecurity-3.1-4.7-201608131240.patch (renamed from 4.6.5/4420_grsecurity-3.1-4.6.5-201607312210.patch)12491
-rw-r--r--4.7.0/4425_grsec_remove_EI_PAX.patch (renamed from 4.6.5/4425_grsec_remove_EI_PAX.patch)2
-rw-r--r--4.7.0/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.6.5/4427_force_XATTR_PAX_tmpfs.patch)12
-rw-r--r--4.7.0/4430_grsec-remove-localversion-grsec.patch (renamed from 4.6.5/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.7.0/4435_grsec-mute-warnings.patch (renamed from 4.6.5/4435_grsec-mute-warnings.patch)2
-rw-r--r--4.7.0/4440_grsec-remove-protected-paths.patch (renamed from 4.6.5/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.7.0/4450_grsec-kconfig-default-gids.patch (renamed from 4.6.5/4450_grsec-kconfig-default-gids.patch)8
-rw-r--r--4.7.0/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.6.5/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.7.0/4470_disable-compat_vdso.patch (renamed from 4.6.5/4470_disable-compat_vdso.patch)2
-rw-r--r--4.7.0/4475_emutramp_default_on.patch (renamed from 4.6.5/4475_emutramp_default_on.patch)4
12 files changed, 6598 insertions, 13191 deletions
diff --git a/4.6.5/1004_linux-4.6.5.patch b/4.6.5/1004_linux-4.6.5.patch
deleted file mode 100644
index 98b6b74..0000000
--- a/4.6.5/1004_linux-4.6.5.patch
+++ /dev/null
@@ -1,7262 +0,0 @@
-diff --git a/Documentation/ABI/testing/sysfs-bus-iio-proximity-as3935 b/Documentation/ABI/testing/sysfs-bus-iio-proximity-as3935
-index 6708c5e..33e96f7 100644
---- a/Documentation/ABI/testing/sysfs-bus-iio-proximity-as3935
-+++ b/Documentation/ABI/testing/sysfs-bus-iio-proximity-as3935
-@@ -1,4 +1,4 @@
--What /sys/bus/iio/devices/iio:deviceX/in_proximity_raw
-+What /sys/bus/iio/devices/iio:deviceX/in_proximity_input
- Date: March 2014
- KernelVersion: 3.15
- Contact: Matt Ranostay <mranostay@gmail.com>
-diff --git a/Documentation/scsi/scsi_eh.txt b/Documentation/scsi/scsi_eh.txt
-index 8638f61..37eca00 100644
---- a/Documentation/scsi/scsi_eh.txt
-+++ b/Documentation/scsi/scsi_eh.txt
-@@ -263,19 +263,23 @@ scmd->allowed.
-
- 3. scmd recovered
- ACTION: scsi_eh_finish_cmd() is invoked to EH-finish scmd
-- - shost->host_failed--
- - clear scmd->eh_eflags
- - scsi_setup_cmd_retry()
- - move from local eh_work_q to local eh_done_q
- LOCKING: none
-+ CONCURRENCY: at most one thread per separate eh_work_q to
-+ keep queue manipulation lockless
-
- 4. EH completes
- ACTION: scsi_eh_flush_done_q() retries scmds or notifies upper
-- layer of failure.
-+ layer of failure. May be called concurrently but must have
-+ a no more than one thread per separate eh_work_q to
-+ manipulate the queue locklessly
- - scmd is removed from eh_done_q and scmd->eh_entry is cleared
- - if retry is necessary, scmd is requeued using
- scsi_queue_insert()
- - otherwise, scsi_finish_command() is invoked for scmd
-+ - zero shost->host_failed
- LOCKING: queue or finish function performs appropriate locking
-
-
-diff --git a/Makefile b/Makefile
-index cd37442..7d693a8 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 4
- PATCHLEVEL = 6
--SUBLEVEL = 4
-+SUBLEVEL = 5
- EXTRAVERSION =
- NAME = Charred Weasel
-
-diff --git a/arch/arm/boot/dts/armada-385-linksys.dtsi b/arch/arm/boot/dts/armada-385-linksys.dtsi
-index 8450944..22f7a13 100644
---- a/arch/arm/boot/dts/armada-385-linksys.dtsi
-+++ b/arch/arm/boot/dts/armada-385-linksys.dtsi
-@@ -58,8 +58,8 @@
- soc {
- ranges = <MBUS_ID(0xf0, 0x01) 0 0xf1000000 0x100000
- MBUS_ID(0x01, 0x1d) 0 0xfff00000 0x100000
-- MBUS_ID(0x09, 0x09) 0 0xf1100000 0x10000
-- MBUS_ID(0x09, 0x05) 0 0xf1110000 0x10000>;
-+ MBUS_ID(0x09, 0x19) 0 0xf1100000 0x10000
-+ MBUS_ID(0x09, 0x15) 0 0xf1110000 0x10000>;
-
- internal-regs {
-
-diff --git a/arch/arm/boot/dts/sun5i-r8-chip.dts b/arch/arm/boot/dts/sun5i-r8-chip.dts
-index f6898c6..c937c85 100644
---- a/arch/arm/boot/dts/sun5i-r8-chip.dts
-+++ b/arch/arm/boot/dts/sun5i-r8-chip.dts
-@@ -52,7 +52,7 @@
-
- / {
- model = "NextThing C.H.I.P.";
-- compatible = "nextthing,chip", "allwinner,sun5i-r8";
-+ compatible = "nextthing,chip", "allwinner,sun5i-r8", "allwinner,sun5i-a13";
-
- aliases {
- i2c0 = &i2c0;
-diff --git a/arch/arm/boot/dts/sun6i-a31s-primo81.dts b/arch/arm/boot/dts/sun6i-a31s-primo81.dts
-index 68b479b..73c133f 100644
---- a/arch/arm/boot/dts/sun6i-a31s-primo81.dts
-+++ b/arch/arm/boot/dts/sun6i-a31s-primo81.dts
-@@ -176,8 +176,6 @@
- };
-
- &reg_dc1sw {
-- regulator-min-microvolt = <3000000>;
-- regulator-max-microvolt = <3000000>;
- regulator-name = "vcc-lcd";
- };
-
-diff --git a/arch/arm/boot/dts/sun6i-a31s-yones-toptech-bs1078-v2.dts b/arch/arm/boot/dts/sun6i-a31s-yones-toptech-bs1078-v2.dts
-index 360adfb..d6ad619 100644
---- a/arch/arm/boot/dts/sun6i-a31s-yones-toptech-bs1078-v2.dts
-+++ b/arch/arm/boot/dts/sun6i-a31s-yones-toptech-bs1078-v2.dts
-@@ -135,8 +135,6 @@
-
- &reg_dc1sw {
- regulator-name = "vcc-lcd-usb2";
-- regulator-min-microvolt = <3000000>;
-- regulator-max-microvolt = <3000000>;
- };
-
- &reg_dc5ldo {
-diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h
-index aeddd28..92fd2c8 100644
---- a/arch/arm/include/asm/pgtable-2level.h
-+++ b/arch/arm/include/asm/pgtable-2level.h
-@@ -193,6 +193,7 @@ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long addr)
-
- #define pmd_large(pmd) (pmd_val(pmd) & 2)
- #define pmd_bad(pmd) (pmd_val(pmd) & 2)
-+#define pmd_present(pmd) (pmd_val(pmd))
-
- #define copy_pmd(pmdpd,pmdps) \
- do { \
-diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index dc46398..7411466 100644
---- a/arch/arm/include/asm/pgtable-3level.h
-+++ b/arch/arm/include/asm/pgtable-3level.h
-@@ -211,6 +211,7 @@ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long addr)
- : !!(pmd_val(pmd) & (val)))
- #define pmd_isclear(pmd, val) (!(pmd_val(pmd) & (val)))
-
-+#define pmd_present(pmd) (pmd_isset((pmd), L_PMD_SECT_VALID))
- #define pmd_young(pmd) (pmd_isset((pmd), PMD_SECT_AF))
- #define pte_special(pte) (pte_isset((pte), L_PTE_SPECIAL))
- static inline pte_t pte_mkspecial(pte_t pte)
-@@ -249,10 +250,10 @@ PMD_BIT_FUNC(mkyoung, |= PMD_SECT_AF);
- #define pfn_pmd(pfn,prot) (__pmd(((phys_addr_t)(pfn) << PAGE_SHIFT) | pgprot_val(prot)))
- #define mk_pmd(page,prot) pfn_pmd(page_to_pfn(page),prot)
-
--/* represent a notpresent pmd by zero, this is used by pmdp_invalidate */
-+/* represent a notpresent pmd by faulting entry, this is used by pmdp_invalidate */
- static inline pmd_t pmd_mknotpresent(pmd_t pmd)
- {
-- return __pmd(0);
-+ return __pmd(pmd_val(pmd) & ~L_PMD_SECT_VALID);
- }
-
- static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
-diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
-index 348caab..d622040 100644
---- a/arch/arm/include/asm/pgtable.h
-+++ b/arch/arm/include/asm/pgtable.h
-@@ -182,7 +182,6 @@ extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
- #define pgd_offset_k(addr) pgd_offset(&init_mm, addr)
-
- #define pmd_none(pmd) (!pmd_val(pmd))
--#define pmd_present(pmd) (pmd_val(pmd))
-
- static inline pte_t *pmd_page_vaddr(pmd_t pmd)
- {
-diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
-index dded1b7..72b11d9 100644
---- a/arch/arm/kvm/arm.c
-+++ b/arch/arm/kvm/arm.c
-@@ -267,6 +267,7 @@ void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
- kvm_timer_vcpu_terminate(vcpu);
- kvm_vgic_vcpu_destroy(vcpu);
- kvm_pmu_vcpu_destroy(vcpu);
-+ kvm_vcpu_uninit(vcpu);
- kmem_cache_free(kvm_vcpu_cache, vcpu);
- }
-
-diff --git a/arch/arm/mach-imx/mach-imx6ul.c b/arch/arm/mach-imx/mach-imx6ul.c
-index a38b16b..b56de4b 100644
---- a/arch/arm/mach-imx/mach-imx6ul.c
-+++ b/arch/arm/mach-imx/mach-imx6ul.c
-@@ -46,7 +46,7 @@ static int ksz8081_phy_fixup(struct phy_device *dev)
- static void __init imx6ul_enet_phy_init(void)
- {
- if (IS_BUILTIN(CONFIG_PHYLIB))
-- phy_register_fixup_for_uid(PHY_ID_KSZ8081, 0xffffffff,
-+ phy_register_fixup_for_uid(PHY_ID_KSZ8081, MICREL_PHY_ID_MASK,
- ksz8081_phy_fixup);
- }
-
-diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
-index 7e989d6..474abff 100644
---- a/arch/arm/mach-mvebu/coherency.c
-+++ b/arch/arm/mach-mvebu/coherency.c
-@@ -162,22 +162,16 @@ exit:
- }
-
- /*
-- * This ioremap hook is used on Armada 375/38x to ensure that PCIe
-- * memory areas are mapped as MT_UNCACHED instead of MT_DEVICE. This
-- * is needed as a workaround for a deadlock issue between the PCIe
-- * interface and the cache controller.
-+ * This ioremap hook is used on Armada 375/38x to ensure that all MMIO
-+ * areas are mapped as MT_UNCACHED instead of MT_DEVICE. This is
-+ * needed for the HW I/O coherency mechanism to work properly without
-+ * deadlock.
- */
- static void __iomem *
--armada_pcie_wa_ioremap_caller(phys_addr_t phys_addr, size_t size,
-- unsigned int mtype, void *caller)
-+armada_wa_ioremap_caller(phys_addr_t phys_addr, size_t size,
-+ unsigned int mtype, void *caller)
- {
-- struct resource pcie_mem;
--
-- mvebu_mbus_get_pcie_mem_aperture(&pcie_mem);
--
-- if (pcie_mem.start <= phys_addr && (phys_addr + size) <= pcie_mem.end)
-- mtype = MT_UNCACHED;
--
-+ mtype = MT_UNCACHED;
- return __arm_ioremap_caller(phys_addr, size, mtype, caller);
- }
-
-@@ -186,7 +180,7 @@ static void __init armada_375_380_coherency_init(struct device_node *np)
- struct device_node *cache_dn;
-
- coherency_cpu_base = of_iomap(np, 0);
-- arch_ioremap_caller = armada_pcie_wa_ioremap_caller;
-+ arch_ioremap_caller = armada_wa_ioremap_caller;
-
- /*
- * We should switch the PL310 to I/O coherency mode only if
-diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
-index a307eb6..7f94755 100644
---- a/arch/arm64/include/asm/ptrace.h
-+++ b/arch/arm64/include/asm/ptrace.h
-@@ -117,6 +117,8 @@ struct pt_regs {
- };
- u64 orig_x0;
- u64 syscallno;
-+ u64 orig_addr_limit;
-+ u64 unused; // maintain 16 byte alignment
- };
-
- #define arch_has_single_step() (1)
-diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
-index 3ae6b31..1abcd88 100644
---- a/arch/arm64/kernel/asm-offsets.c
-+++ b/arch/arm64/kernel/asm-offsets.c
-@@ -59,6 +59,7 @@ int main(void)
- DEFINE(S_PC, offsetof(struct pt_regs, pc));
- DEFINE(S_ORIG_X0, offsetof(struct pt_regs, orig_x0));
- DEFINE(S_SYSCALLNO, offsetof(struct pt_regs, syscallno));
-+ DEFINE(S_ORIG_ADDR_LIMIT, offsetof(struct pt_regs, orig_addr_limit));
- DEFINE(S_FRAME_SIZE, sizeof(struct pt_regs));
- BLANK();
- DEFINE(MM_CONTEXT_ID, offsetof(struct mm_struct, context.id.counter));
-diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
-index 12e8d2b..6c3b734 100644
---- a/arch/arm64/kernel/entry.S
-+++ b/arch/arm64/kernel/entry.S
-@@ -28,6 +28,7 @@
- #include <asm/errno.h>
- #include <asm/esr.h>
- #include <asm/irq.h>
-+#include <asm/memory.h>
- #include <asm/thread_info.h>
- #include <asm/unistd.h>
-
-@@ -97,7 +98,14 @@
- mov x29, xzr // fp pointed to user-space
- .else
- add x21, sp, #S_FRAME_SIZE
-- .endif
-+ get_thread_info tsk
-+ /* Save the task's original addr_limit and set USER_DS (TASK_SIZE_64) */
-+ ldr x20, [tsk, #TI_ADDR_LIMIT]
-+ str x20, [sp, #S_ORIG_ADDR_LIMIT]
-+ mov x20, #TASK_SIZE_64
-+ str x20, [tsk, #TI_ADDR_LIMIT]
-+ ALTERNATIVE(nop, SET_PSTATE_UAO(0), ARM64_HAS_UAO, CONFIG_ARM64_UAO)
-+ .endif /* \el == 0 */
- mrs x22, elr_el1
- mrs x23, spsr_el1
- stp lr, x21, [sp, #S_LR]
-@@ -128,6 +136,14 @@
- .endm
-
- .macro kernel_exit, el
-+ .if \el != 0
-+ /* Restore the task's original addr_limit. */
-+ ldr x20, [sp, #S_ORIG_ADDR_LIMIT]
-+ str x20, [tsk, #TI_ADDR_LIMIT]
-+
-+ /* No need to restore UAO, it will be restored from SPSR_EL1 */
-+ .endif
-+
- ldp x21, x22, [sp, #S_PC] // load ELR, SPSR
- .if \el == 0
- ct_user_enter
-@@ -406,7 +422,6 @@ el1_irq:
- bl trace_hardirqs_off
- #endif
-
-- get_thread_info tsk
- irq_handler
-
- #ifdef CONFIG_PREEMPT
-diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
-index c539208..58651a9 100644
---- a/arch/arm64/kernel/traps.c
-+++ b/arch/arm64/kernel/traps.c
-@@ -64,8 +64,7 @@ static void dump_mem(const char *lvl, const char *str, unsigned long bottom,
-
- /*
- * We need to switch to kernel mode so that we can use __get_user
-- * to safely read from kernel space. Note that we now dump the
-- * code first, just in case the backtrace kills us.
-+ * to safely read from kernel space.
- */
- fs = get_fs();
- set_fs(KERNEL_DS);
-@@ -111,21 +110,12 @@ static void dump_backtrace_entry(unsigned long where)
- print_ip_sym(where);
- }
-
--static void dump_instr(const char *lvl, struct pt_regs *regs)
-+static void __dump_instr(const char *lvl, struct pt_regs *regs)
- {
- unsigned long addr = instruction_pointer(regs);
-- mm_segment_t fs;
- char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
- int i;
-
-- /*
-- * We need to switch to kernel mode so that we can use __get_user
-- * to safely read from kernel space. Note that we now dump the
-- * code first, just in case the backtrace kills us.
-- */
-- fs = get_fs();
-- set_fs(KERNEL_DS);
--
- for (i = -4; i < 1; i++) {
- unsigned int val, bad;
-
-@@ -139,8 +129,18 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
- }
- }
- printk("%sCode: %s\n", lvl, str);
-+}
-
-- set_fs(fs);
-+static void dump_instr(const char *lvl, struct pt_regs *regs)
-+{
-+ if (!user_mode(regs)) {
-+ mm_segment_t fs = get_fs();
-+ set_fs(KERNEL_DS);
-+ __dump_instr(lvl, regs);
-+ set_fs(fs);
-+ } else {
-+ __dump_instr(lvl, regs);
-+ }
- }
-
- static void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk)
-diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
-index 10b79e9..e22849a9 100644
---- a/arch/arm64/mm/fault.c
-+++ b/arch/arm64/mm/fault.c
-@@ -284,7 +284,8 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
- }
-
- if (permission_fault(esr) && (addr < USER_DS)) {
-- if (get_fs() == KERNEL_DS)
-+ /* regs->orig_addr_limit may be 0 if we entered from EL0 */
-+ if (regs->orig_addr_limit == KERNEL_DS)
- die("Accessing user space memory with fs=KERNEL_DS", regs, esr);
-
- if (!search_exception_tables(regs->pc))
-diff --git a/arch/arm64/mm/flush.c b/arch/arm64/mm/flush.c
-index dbd12ea..43a76b0 100644
---- a/arch/arm64/mm/flush.c
-+++ b/arch/arm64/mm/flush.c
-@@ -71,10 +71,6 @@ void __sync_icache_dcache(pte_t pte, unsigned long addr)
- {
- struct page *page = pte_page(pte);
-
-- /* no flushing needed for anonymous pages */
-- if (!page_mapping(page))
-- return;
--
- if (!test_and_set_bit(PG_dcache_clean, &page->flags))
- sync_icache_aliases(page_address(page),
- PAGE_SIZE << compound_order(page));
-diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
-index 942b8f6..1907ab3 100644
---- a/arch/mips/include/asm/kvm_host.h
-+++ b/arch/mips/include/asm/kvm_host.h
-@@ -336,6 +336,7 @@ struct kvm_mips_tlb {
- #define KVM_MIPS_GUEST_TLB_SIZE 64
- struct kvm_vcpu_arch {
- void *host_ebase, *guest_ebase;
-+ int (*vcpu_run)(struct kvm_run *run, struct kvm_vcpu *vcpu);
- unsigned long host_stack;
- unsigned long host_gp;
-
-diff --git a/arch/mips/kvm/interrupt.h b/arch/mips/kvm/interrupt.h
-index 4ab4bdf..2143884 100644
---- a/arch/mips/kvm/interrupt.h
-+++ b/arch/mips/kvm/interrupt.h
-@@ -28,6 +28,7 @@
- #define MIPS_EXC_MAX 12
- /* XXXSL More to follow */
-
-+extern char __kvm_mips_vcpu_run_end[];
- extern char mips32_exception[], mips32_exceptionEnd[];
- extern char mips32_GuestException[], mips32_GuestExceptionEnd[];
-
-diff --git a/arch/mips/kvm/locore.S b/arch/mips/kvm/locore.S
-index 81687ab..fc93a08 100644
---- a/arch/mips/kvm/locore.S
-+++ b/arch/mips/kvm/locore.S
-@@ -227,6 +227,7 @@ FEXPORT(__kvm_mips_load_k0k1)
-
- /* Jump to guest */
- eret
-+EXPORT(__kvm_mips_vcpu_run_end)
-
- VECTOR(MIPSX(exception), unknown)
- /* Find out what mode we came from and jump to the proper handler. */
-diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
-index 70ef1a4..e223cb3 100644
---- a/arch/mips/kvm/mips.c
-+++ b/arch/mips/kvm/mips.c
-@@ -314,6 +314,15 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
- memcpy(gebase + offset, mips32_GuestException,
- mips32_GuestExceptionEnd - mips32_GuestException);
-
-+#ifdef MODULE
-+ offset += mips32_GuestExceptionEnd - mips32_GuestException;
-+ memcpy(gebase + offset, (char *)__kvm_mips_vcpu_run,
-+ __kvm_mips_vcpu_run_end - (char *)__kvm_mips_vcpu_run);
-+ vcpu->arch.vcpu_run = gebase + offset;
-+#else
-+ vcpu->arch.vcpu_run = __kvm_mips_vcpu_run;
-+#endif
-+
- /* Invalidate the icache for these ranges */
- local_flush_icache_range((unsigned long)gebase,
- (unsigned long)gebase + ALIGN(size, PAGE_SIZE));
-@@ -403,7 +412,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
- /* Disable hardware page table walking while in guest */
- htw_stop();
-
-- r = __kvm_mips_vcpu_run(run, vcpu);
-+ r = vcpu->arch.vcpu_run(run, vcpu);
-
- /* Re-enable HTW before enabling interrupts */
- htw_start();
-diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index b8500b4..bec85055 100644
---- a/arch/powerpc/kernel/process.c
-+++ b/arch/powerpc/kernel/process.c
-@@ -1501,6 +1501,16 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp)
- current->thread.regs = regs - 1;
- }
-
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+ /*
-+ * Clear any transactional state, we're exec()ing. The cause is
-+ * not important as there will never be a recheckpoint so it's not
-+ * user visible.
-+ */
-+ if (MSR_TM_SUSPENDED(mfmsr()))
-+ tm_reclaim_current(0);
-+#endif
-+
- memset(regs->gpr, 0, sizeof(regs->gpr));
- regs->ctr = 0;
- regs->link = 0;
-diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
-index ccd2037..6ee4b72 100644
---- a/arch/powerpc/kernel/prom_init.c
-+++ b/arch/powerpc/kernel/prom_init.c
-@@ -719,7 +719,7 @@ unsigned char ibm_architecture_vec[] = {
- * must match by the macro below. Update the definition if
- * the structure layout changes.
- */
--#define IBM_ARCH_VEC_NRCORES_OFFSET 125
-+#define IBM_ARCH_VEC_NRCORES_OFFSET 133
- W(NR_CPUS), /* number of cores supported */
- 0,
- 0,
-diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
-index bd98ce2..3e8865b 100644
---- a/arch/powerpc/platforms/pseries/iommu.c
-+++ b/arch/powerpc/platforms/pseries/iommu.c
-@@ -912,7 +912,8 @@ machine_arch_initcall(pseries, find_existing_ddw_windows);
- static int query_ddw(struct pci_dev *dev, const u32 *ddw_avail,
- struct ddw_query_response *query)
- {
-- struct eeh_dev *edev;
-+ struct device_node *dn;
-+ struct pci_dn *pdn;
- u32 cfg_addr;
- u64 buid;
- int ret;
-@@ -923,11 +924,10 @@ static int query_ddw(struct pci_dev *dev, const u32 *ddw_avail,
- * Retrieve them from the pci device, not the node with the
- * dma-window property
- */
-- edev = pci_dev_to_eeh_dev(dev);
-- cfg_addr = edev->config_addr;
-- if (edev->pe_config_addr)
-- cfg_addr = edev->pe_config_addr;
-- buid = edev->phb->buid;
-+ dn = pci_device_to_OF_node(dev);
-+ pdn = PCI_DN(dn);
-+ buid = pdn->phb->buid;
-+ cfg_addr = ((pdn->busno << 16) | (pdn->devfn << 8));
-
- ret = rtas_call(ddw_avail[0], 3, 5, (u32 *)query,
- cfg_addr, BUID_HI(buid), BUID_LO(buid));
-@@ -941,7 +941,8 @@ static int create_ddw(struct pci_dev *dev, const u32 *ddw_avail,
- struct ddw_create_response *create, int page_shift,
- int window_shift)
- {
-- struct eeh_dev *edev;
-+ struct device_node *dn;
-+ struct pci_dn *pdn;
- u32 cfg_addr;
- u64 buid;
- int ret;
-@@ -952,11 +953,10 @@ static int create_ddw(struct pci_dev *dev, const u32 *ddw_avail,
- * Retrieve them from the pci device, not the node with the
- * dma-window property
- */
-- edev = pci_dev_to_eeh_dev(dev);
-- cfg_addr = edev->config_addr;
-- if (edev->pe_config_addr)
-- cfg_addr = edev->pe_config_addr;
-- buid = edev->phb->buid;
-+ dn = pci_device_to_OF_node(dev);
-+ pdn = PCI_DN(dn);
-+ buid = pdn->phb->buid;
-+ cfg_addr = ((pdn->busno << 16) | (pdn->devfn << 8));
-
- do {
- /* extra outputs are LIOBN and dma-addr (hi, lo) */
-diff --git a/arch/s390/include/asm/fpu/api.h b/arch/s390/include/asm/fpu/api.h
-index 5e04f3c..8ae236b0 100644
---- a/arch/s390/include/asm/fpu/api.h
-+++ b/arch/s390/include/asm/fpu/api.h
-@@ -22,7 +22,7 @@ static inline int test_fp_ctl(u32 fpc)
- " la %0,0\n"
- "1:\n"
- EX_TABLE(0b,1b)
-- : "=d" (rc), "=d" (orig_fpc)
-+ : "=d" (rc), "=&d" (orig_fpc)
- : "d" (fpc), "0" (-EINVAL));
- return rc;
- }
-diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
-index f20abdb..d14069d 100644
---- a/arch/s390/kernel/ipl.c
-+++ b/arch/s390/kernel/ipl.c
-@@ -2064,12 +2064,5 @@ void s390_reset_system(void)
- S390_lowcore.program_new_psw.addr =
- (unsigned long) s390_base_pgm_handler;
-
-- /*
-- * Clear subchannel ID and number to signal new kernel that no CCW or
-- * SCSI IPL has been done (for kexec and kdump)
-- */
-- S390_lowcore.subchannel_id = 0;
-- S390_lowcore.subchannel_nr = 0;
--
- do_reset_calls();
- }
-diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
-index 4324b87..9f0ce0e 100644
---- a/arch/s390/mm/pgtable.c
-+++ b/arch/s390/mm/pgtable.c
-@@ -437,7 +437,7 @@ void ptep_zap_unused(struct mm_struct *mm, unsigned long addr,
- pgste = pgste_get_lock(ptep);
- pgstev = pgste_val(pgste);
- pte = *ptep;
-- if (pte_swap(pte) &&
-+ if (!reset && pte_swap(pte) &&
- ((pgstev & _PGSTE_GPS_USAGE_MASK) == _PGSTE_GPS_USAGE_UNUSED ||
- (pgstev & _PGSTE_GPS_ZERO))) {
- ptep_zap_swap_entry(mm, pte_to_swp_entry(pte));
-diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index b1ef9e4..b67f9e8 100644
---- a/arch/x86/boot/Makefile
-+++ b/arch/x86/boot/Makefile
-@@ -171,6 +171,9 @@ isoimage: $(obj)/bzImage
- for i in lib lib64 share end ; do \
- if [ -f /usr/$$i/syslinux/isolinux.bin ] ; then \
- cp /usr/$$i/syslinux/isolinux.bin $(obj)/isoimage ; \
-+ if [ -f /usr/$$i/syslinux/ldlinux.c32 ]; then \
-+ cp /usr/$$i/syslinux/ldlinux.c32 $(obj)/isoimage ; \
-+ fi ; \
- break ; \
- fi ; \
- if [ $$i = end ] ; then exit 1 ; fi ; \
-diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
-index 041e442..7eb806c 100644
---- a/arch/x86/events/core.c
-+++ b/arch/x86/events/core.c
-@@ -2313,7 +2313,7 @@ void
- perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
- {
- struct stack_frame frame;
-- const void __user *fp;
-+ const unsigned long __user *fp;
-
- if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
- /* TODO: We don't support guest os callchain now */
-@@ -2326,7 +2326,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
- if (regs->flags & (X86_VM_MASK | PERF_EFLAGS_VM))
- return;
-
-- fp = (void __user *)regs->bp;
-+ fp = (unsigned long __user *)regs->bp;
-
- perf_callchain_store(entry, regs->ip);
-
-@@ -2339,16 +2339,17 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
- pagefault_disable();
- while (entry->nr < PERF_MAX_STACK_DEPTH) {
- unsigned long bytes;
-+
- frame.next_frame = NULL;
- frame.return_address = 0;
-
-- if (!access_ok(VERIFY_READ, fp, 16))
-+ if (!access_ok(VERIFY_READ, fp, sizeof(*fp) * 2))
- break;
-
-- bytes = __copy_from_user_nmi(&frame.next_frame, fp, 8);
-+ bytes = __copy_from_user_nmi(&frame.next_frame, fp, sizeof(*fp));
- if (bytes != 0)
- break;
-- bytes = __copy_from_user_nmi(&frame.return_address, fp+8, 8);
-+ bytes = __copy_from_user_nmi(&frame.return_address, fp + 1, sizeof(*fp));
- if (bytes != 0)
- break;
-
-diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
-index 1705c9d..78ee9eb 100644
---- a/arch/x86/events/intel/rapl.c
-+++ b/arch/x86/events/intel/rapl.c
-@@ -665,7 +665,7 @@ static void __init cleanup_rapl_pmus(void)
- int i;
-
- for (i = 0; i < rapl_pmus->maxpkg; i++)
-- kfree(rapl_pmus->pmus + i);
-+ kfree(rapl_pmus->pmus[i]);
- kfree(rapl_pmus);
- }
-
-diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
-index 7a79ee2..33c709c 100644
---- a/arch/x86/include/asm/msr.h
-+++ b/arch/x86/include/asm/msr.h
-@@ -112,7 +112,7 @@ static inline void native_write_msr(unsigned int msr,
- unsigned low, unsigned high)
- {
- asm volatile("wrmsr" : : "c" (msr), "a"(low), "d" (high) : "memory");
-- if (msr_tracepoint_active(__tracepoint_read_msr))
-+ if (msr_tracepoint_active(__tracepoint_write_msr))
- do_trace_write_msr(msr, ((u64)high << 32 | low), 0);
- }
-
-@@ -131,7 +131,7 @@ notrace static inline int native_write_msr_safe(unsigned int msr,
- : "c" (msr), "0" (low), "d" (high),
- [fault] "i" (-EIO)
- : "memory");
-- if (msr_tracepoint_active(__tracepoint_read_msr))
-+ if (msr_tracepoint_active(__tracepoint_write_msr))
- do_trace_write_msr(msr, ((u64)high << 32 | low), err);
- return err;
- }
-diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
-index a147e67..e991d5c 100644
---- a/arch/x86/kernel/amd_nb.c
-+++ b/arch/x86/kernel/amd_nb.c
-@@ -71,8 +71,8 @@ int amd_cache_northbridges(void)
- while ((misc = next_northbridge(misc, amd_nb_misc_ids)) != NULL)
- i++;
-
-- if (i == 0)
-- return 0;
-+ if (!i)
-+ return -ENODEV;
-
- nb = kzalloc(i * sizeof(struct amd_northbridge), GFP_KERNEL);
- if (!nb)
-diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
-index ae703ac..44bcd57 100644
---- a/arch/x86/kernel/kprobes/core.c
-+++ b/arch/x86/kernel/kprobes/core.c
-@@ -960,7 +960,19 @@ int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
- * normal page fault.
- */
- regs->ip = (unsigned long)cur->addr;
-+ /*
-+ * Trap flag (TF) has been set here because this fault
-+ * happened where the single stepping will be done.
-+ * So clear it by resetting the current kprobe:
-+ */
-+ regs->flags &= ~X86_EFLAGS_TF;
-+
-+ /*
-+ * If the TF flag was set before the kprobe hit,
-+ * don't touch it:
-+ */
- regs->flags |= kcb->kprobe_old_flags;
-+
- if (kcb->kprobe_status == KPROBE_REENTER)
- restore_previous_kprobe(kcb);
- else
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index faf52bac..c4217a2 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -2072,7 +2072,8 @@ static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
- unsigned int dest;
-
- if (!kvm_arch_has_assigned_device(vcpu->kvm) ||
-- !irq_remapping_cap(IRQ_POSTING_CAP))
-+ !irq_remapping_cap(IRQ_POSTING_CAP) ||
-+ !kvm_vcpu_apicv_active(vcpu))
- return;
-
- do {
-@@ -2180,7 +2181,8 @@ static void vmx_vcpu_pi_put(struct kvm_vcpu *vcpu)
- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu);
-
- if (!kvm_arch_has_assigned_device(vcpu->kvm) ||
-- !irq_remapping_cap(IRQ_POSTING_CAP))
-+ !irq_remapping_cap(IRQ_POSTING_CAP) ||
-+ !kvm_vcpu_apicv_active(vcpu))
- return;
-
- /* Set SN when the vCPU is preempted */
-@@ -6657,7 +6659,13 @@ static int get_vmx_mem_address(struct kvm_vcpu *vcpu,
-
- /* Checks for #GP/#SS exceptions. */
- exn = false;
-- if (is_protmode(vcpu)) {
-+ if (is_long_mode(vcpu)) {
-+ /* Long mode: #GP(0)/#SS(0) if the memory address is in a
-+ * non-canonical form. This is the only check on the memory
-+ * destination for long mode!
-+ */
-+ exn = is_noncanonical_address(*ret);
-+ } else if (is_protmode(vcpu)) {
- /* Protected mode: apply checks for segment validity in the
- * following order:
- * - segment type check (#GP(0) may be thrown)
-@@ -6674,17 +6682,10 @@ static int get_vmx_mem_address(struct kvm_vcpu *vcpu,
- * execute-only code segment
- */
- exn = ((s.type & 0xa) == 8);
-- }
-- if (exn) {
-- kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
-- return 1;
-- }
-- if (is_long_mode(vcpu)) {
-- /* Long mode: #GP(0)/#SS(0) if the memory address is in a
-- * non-canonical form. This is an only check for long mode.
-- */
-- exn = is_noncanonical_address(*ret);
-- } else if (is_protmode(vcpu)) {
-+ if (exn) {
-+ kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
-+ return 1;
-+ }
- /* Protected mode: #GP(0)/#SS(0) if the segment is unusable.
- */
- exn = (s.unusable != 0);
-@@ -10702,7 +10703,8 @@ static int vmx_pre_block(struct kvm_vcpu *vcpu)
- struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu);
-
- if (!kvm_arch_has_assigned_device(vcpu->kvm) ||
-- !irq_remapping_cap(IRQ_POSTING_CAP))
-+ !irq_remapping_cap(IRQ_POSTING_CAP) ||
-+ !kvm_vcpu_apicv_active(vcpu))
- return 0;
-
- vcpu->pre_pcpu = vcpu->cpu;
-@@ -10768,7 +10770,8 @@ static void vmx_post_block(struct kvm_vcpu *vcpu)
- unsigned long flags;
-
- if (!kvm_arch_has_assigned_device(vcpu->kvm) ||
-- !irq_remapping_cap(IRQ_POSTING_CAP))
-+ !irq_remapping_cap(IRQ_POSTING_CAP) ||
-+ !kvm_vcpu_apicv_active(vcpu))
- return;
-
- do {
-@@ -10821,7 +10824,8 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
- int idx, ret = -EINVAL;
-
- if (!kvm_arch_has_assigned_device(kvm) ||
-- !irq_remapping_cap(IRQ_POSTING_CAP))
-+ !irq_remapping_cap(IRQ_POSTING_CAP) ||
-+ !kvm_vcpu_apicv_active(kvm->vcpus[0]))
- return 0;
-
- idx = srcu_read_lock(&kvm->irq_srcu);
-diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
-index ead8dc0..8ba4266 100644
---- a/crypto/rsa-pkcs1pad.c
-+++ b/crypto/rsa-pkcs1pad.c
-@@ -102,10 +102,10 @@ struct pkcs1pad_inst_ctx {
- };
-
- struct pkcs1pad_request {
-- struct akcipher_request child_req;
--
- struct scatterlist in_sg[3], out_sg[2];
- uint8_t *in_buf, *out_buf;
-+
-+ struct akcipher_request child_req;
- };
-
- static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
-diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
-index 961acc7..91a9e6a 100644
---- a/drivers/ata/libata-eh.c
-+++ b/drivers/ata/libata-eh.c
-@@ -606,7 +606,7 @@ void ata_scsi_error(struct Scsi_Host *host)
- ata_scsi_port_error_handler(host, ap);
-
- /* finish or retry handled scmd's and clean up */
-- WARN_ON(host->host_failed || !list_empty(&eh_work_q));
-+ WARN_ON(!list_empty(&eh_work_q));
-
- DPRINTK("EXIT\n");
- }
-diff --git a/drivers/base/module.c b/drivers/base/module.c
-index db930d3..2a21578 100644
---- a/drivers/base/module.c
-+++ b/drivers/base/module.c
-@@ -24,10 +24,12 @@ static char *make_driver_name(struct device_driver *drv)
-
- static void module_create_drivers_dir(struct module_kobject *mk)
- {
-- if (!mk || mk->drivers_dir)
-- return;
-+ static DEFINE_MUTEX(drivers_dir_mutex);
-
-- mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj);
-+ mutex_lock(&drivers_dir_mutex);
-+ if (mk && !mk->drivers_dir)
-+ mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj);
-+ mutex_unlock(&drivers_dir_mutex);
- }
-
- void module_add_driver(struct module *mod, struct device_driver *drv)
-diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
-index 94fb407..44b1bd6 100644
---- a/drivers/char/ipmi/ipmi_msghandler.c
-+++ b/drivers/char/ipmi/ipmi_msghandler.c
-@@ -3820,6 +3820,7 @@ static void handle_new_recv_msgs(ipmi_smi_t intf)
- while (!list_empty(&intf->waiting_rcv_msgs)) {
- smi_msg = list_entry(intf->waiting_rcv_msgs.next,
- struct ipmi_smi_msg, link);
-+ list_del(&smi_msg->link);
- if (!run_to_completion)
- spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
- flags);
-@@ -3829,11 +3830,14 @@ static void handle_new_recv_msgs(ipmi_smi_t intf)
- if (rv > 0) {
- /*
- * To preserve message order, quit if we
-- * can't handle a message.
-+ * can't handle a message. Add the message
-+ * back at the head, this is safe because this
-+ * tasklet is the only thing that pulls the
-+ * messages.
- */
-+ list_add(&smi_msg->link, &intf->waiting_rcv_msgs);
- break;
- } else {
-- list_del(&smi_msg->link);
- if (rv == 0)
- /* Message handled */
- ipmi_free_smi_msg(smi_msg);
-diff --git a/drivers/crypto/qat/qat_common/Makefile b/drivers/crypto/qat/qat_common/Makefile
-index 29c7c53..92561c8 100644
---- a/drivers/crypto/qat/qat_common/Makefile
-+++ b/drivers/crypto/qat/qat_common/Makefile
-@@ -2,6 +2,7 @@ $(obj)/qat_rsapubkey-asn1.o: $(obj)/qat_rsapubkey-asn1.c \
- $(obj)/qat_rsapubkey-asn1.h
- $(obj)/qat_rsaprivkey-asn1.o: $(obj)/qat_rsaprivkey-asn1.c \
- $(obj)/qat_rsaprivkey-asn1.h
-+$(obj)/qat_asym_algs.o: $(obj)/qat_rsapubkey-asn1.h $(obj)/qat_rsaprivkey-asn1.h
-
- clean-files += qat_rsapubkey-asn1.c qat_rsapubkey-asn1.h
- clean-files += qat_rsaprivkey-asn1.c qat_rsaprivkey-asn1.h
-diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
-index 1472f48..ff51b51 100644
---- a/drivers/edac/edac_mc.c
-+++ b/drivers/edac/edac_mc.c
-@@ -565,7 +565,8 @@ void edac_mc_reset_delay_period(unsigned long value)
- list_for_each(item, &mc_devices) {
- mci = list_entry(item, struct mem_ctl_info, link);
-
-- edac_mod_work(&mci->work, value);
-+ if (mci->op_state == OP_RUNNING_POLL)
-+ edac_mod_work(&mci->work, value);
- }
- mutex_unlock(&mem_ctls_mutex);
- }
-diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
-index 8bf745d..b274fa2 100644
---- a/drivers/edac/sb_edac.c
-+++ b/drivers/edac/sb_edac.c
-@@ -239,8 +239,11 @@ static const u32 rir_offset[MAX_RIR_RANGES][MAX_RIR_WAY] = {
- { 0x1a0, 0x1a4, 0x1a8, 0x1ac, 0x1b0, 0x1b4, 0x1b8, 0x1bc },
- };
-
--#define RIR_RNK_TGT(reg) GET_BITFIELD(reg, 16, 19)
--#define RIR_OFFSET(reg) GET_BITFIELD(reg, 2, 14)
-+#define RIR_RNK_TGT(type, reg) (((type) == BROADWELL) ? \
-+ GET_BITFIELD(reg, 20, 23) : GET_BITFIELD(reg, 16, 19))
-+
-+#define RIR_OFFSET(type, reg) (((type) == HASWELL || (type) == BROADWELL) ? \
-+ GET_BITFIELD(reg, 2, 15) : GET_BITFIELD(reg, 2, 14))
-
- /* Device 16, functions 2-7 */
-
-@@ -1916,14 +1919,14 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
- pci_read_config_dword(pvt->pci_tad[i],
- rir_offset[j][k],
- &reg);
-- tmp_mb = RIR_OFFSET(reg) << 6;
-+ tmp_mb = RIR_OFFSET(pvt->info.type, reg) << 6;
-
- gb = div_u64_rem(tmp_mb, 1024, &mb);
- edac_dbg(0, "CH#%d RIR#%d INTL#%d, offset %u.%03u GB (0x%016Lx), tgt: %d, reg=0x%08x\n",
- i, j, k,
- gb, (mb*1000)/1024,
- ((u64)tmp_mb) << 20L,
-- (u32)RIR_RNK_TGT(reg),
-+ (u32)RIR_RNK_TGT(pvt->info.type, reg),
- reg);
- }
- }
-@@ -2256,7 +2259,7 @@ static int get_memory_error_data(struct mem_ctl_info *mci,
- pci_read_config_dword(pvt->pci_tad[ch_add + base_ch],
- rir_offset[n_rir][idx],
- &reg);
-- *rank = RIR_RNK_TGT(reg);
-+ *rank = RIR_RNK_TGT(pvt->info.type, reg);
-
- edac_dbg(0, "RIR#%d: channel address 0x%08Lx < 0x%08Lx, RIR interleave %d, index %d\n",
- n_rir,
-diff --git a/drivers/extcon/extcon-palmas.c b/drivers/extcon/extcon-palmas.c
-index 8b3226d..caff46c 100644
---- a/drivers/extcon/extcon-palmas.c
-+++ b/drivers/extcon/extcon-palmas.c
-@@ -360,6 +360,8 @@ static int palmas_usb_probe(struct platform_device *pdev)
-
- palmas_enable_irq(palmas_usb);
- /* perform initial detection */
-+ if (palmas_usb->enable_gpio_vbus_detection)
-+ palmas_vbus_irq_handler(palmas_usb->gpio_vbus_irq, palmas_usb);
- palmas_gpio_id_detect(&palmas_usb->wq_detectid.work);
- device_set_wakeup_capable(&pdev->dev, true);
- return 0;
-diff --git a/drivers/gpio/gpio-sch.c b/drivers/gpio/gpio-sch.c
-index e85e753..eb43ae4 100644
---- a/drivers/gpio/gpio-sch.c
-+++ b/drivers/gpio/gpio-sch.c
-@@ -61,9 +61,8 @@ static unsigned sch_gpio_bit(struct sch_gpio *sch, unsigned gpio)
- return gpio % 8;
- }
-
--static int sch_gpio_reg_get(struct gpio_chip *gc, unsigned gpio, unsigned reg)
-+static int sch_gpio_reg_get(struct sch_gpio *sch, unsigned gpio, unsigned reg)
- {
-- struct sch_gpio *sch = gpiochip_get_data(gc);
- unsigned short offset, bit;
- u8 reg_val;
-
-@@ -75,10 +74,9 @@ static int sch_gpio_reg_get(struct gpio_chip *gc, unsigned gpio, unsigned reg)
- return reg_val;
- }
-
--static void sch_gpio_reg_set(struct gpio_chip *gc, unsigned gpio, unsigned reg,
-+static void sch_gpio_reg_set(struct sch_gpio *sch, unsigned gpio, unsigned reg,
- int val)
- {
-- struct sch_gpio *sch = gpiochip_get_data(gc);
- unsigned short offset, bit;
- u8 reg_val;
-
-@@ -98,14 +96,15 @@ static int sch_gpio_direction_in(struct gpio_chip *gc, unsigned gpio_num)
- struct sch_gpio *sch = gpiochip_get_data(gc);
-
- spin_lock(&sch->lock);
-- sch_gpio_reg_set(gc, gpio_num, GIO, 1);
-+ sch_gpio_reg_set(sch, gpio_num, GIO, 1);
- spin_unlock(&sch->lock);
- return 0;
- }
-
- static int sch_gpio_get(struct gpio_chip *gc, unsigned gpio_num)
- {
-- return sch_gpio_reg_get(gc, gpio_num, GLV);
-+ struct sch_gpio *sch = gpiochip_get_data(gc);
-+ return sch_gpio_reg_get(sch, gpio_num, GLV);
- }
-
- static void sch_gpio_set(struct gpio_chip *gc, unsigned gpio_num, int val)
-@@ -113,7 +112,7 @@ static void sch_gpio_set(struct gpio_chip *gc, unsigned gpio_num, int val)
- struct sch_gpio *sch = gpiochip_get_data(gc);
-
- spin_lock(&sch->lock);
-- sch_gpio_reg_set(gc, gpio_num, GLV, val);
-+ sch_gpio_reg_set(sch, gpio_num, GLV, val);
- spin_unlock(&sch->lock);
- }
-
-@@ -123,7 +122,7 @@ static int sch_gpio_direction_out(struct gpio_chip *gc, unsigned gpio_num,
- struct sch_gpio *sch = gpiochip_get_data(gc);
-
- spin_lock(&sch->lock);
-- sch_gpio_reg_set(gc, gpio_num, GIO, 0);
-+ sch_gpio_reg_set(sch, gpio_num, GIO, 0);
- spin_unlock(&sch->lock);
-
- /*
-@@ -182,13 +181,13 @@ static int sch_gpio_probe(struct platform_device *pdev)
- * GPIO7 is configured by the CMC as SLPIOVR
- * Enable GPIO[9:8] core powered gpios explicitly
- */
-- sch_gpio_reg_set(&sch->chip, 8, GEN, 1);
-- sch_gpio_reg_set(&sch->chip, 9, GEN, 1);
-+ sch_gpio_reg_set(sch, 8, GEN, 1);
-+ sch_gpio_reg_set(sch, 9, GEN, 1);
- /*
- * SUS_GPIO[2:0] enabled by default
- * Enable SUS_GPIO3 resume powered gpio explicitly
- */
-- sch_gpio_reg_set(&sch->chip, 13, GEN, 1);
-+ sch_gpio_reg_set(sch, 13, GEN, 1);
- break;
-
- case PCI_DEVICE_ID_INTEL_ITC_LPC:
-diff --git a/drivers/gpio/gpiolib-legacy.c b/drivers/gpio/gpiolib-legacy.c
-index 3a5c701..8b83099 100644
---- a/drivers/gpio/gpiolib-legacy.c
-+++ b/drivers/gpio/gpiolib-legacy.c
-@@ -28,6 +28,10 @@ int gpio_request_one(unsigned gpio, unsigned long flags, const char *label)
- if (!desc && gpio_is_valid(gpio))
- return -EPROBE_DEFER;
-
-+ err = gpiod_request(desc, label);
-+ if (err)
-+ return err;
-+
- if (flags & GPIOF_OPEN_DRAIN)
- set_bit(FLAG_OPEN_DRAIN, &desc->flags);
-
-@@ -37,10 +41,6 @@ int gpio_request_one(unsigned gpio, unsigned long flags, const char *label)
- if (flags & GPIOF_ACTIVE_LOW)
- set_bit(FLAG_ACTIVE_LOW, &desc->flags);
-
-- err = gpiod_request(desc, label);
-- if (err)
-- return err;
--
- if (flags & GPIOF_DIR_IN)
- err = gpiod_direction_input(desc);
- else
-diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
-index cf3e712..996a733 100644
---- a/drivers/gpio/gpiolib.c
-+++ b/drivers/gpio/gpiolib.c
-@@ -1324,14 +1324,6 @@ static int __gpiod_request(struct gpio_desc *desc, const char *label)
- spin_lock_irqsave(&gpio_lock, flags);
- }
- done:
-- if (status < 0) {
-- /* Clear flags that might have been set by the caller before
-- * requesting the GPIO.
-- */
-- clear_bit(FLAG_ACTIVE_LOW, &desc->flags);
-- clear_bit(FLAG_OPEN_DRAIN, &desc->flags);
-- clear_bit(FLAG_OPEN_SOURCE, &desc->flags);
-- }
- spin_unlock_irqrestore(&gpio_lock, flags);
- return status;
- }
-@@ -1345,8 +1337,12 @@ done:
- #define VALIDATE_DESC(desc) do { \
- if (!desc) \
- return 0; \
-+ if (IS_ERR(desc)) { \
-+ pr_warn("%s: invalid GPIO (errorpointer)\n", __func__); \
-+ return PTR_ERR(desc); \
-+ } \
- if (!desc->gdev) { \
-- pr_warn("%s: invalid GPIO\n", __func__); \
-+ pr_warn("%s: invalid GPIO (no device)\n", __func__); \
- return -EINVAL; \
- } \
- if ( !desc->gdev->chip ) { \
-@@ -1358,8 +1354,12 @@ done:
- #define VALIDATE_DESC_VOID(desc) do { \
- if (!desc) \
- return; \
-+ if (IS_ERR(desc)) { \
-+ pr_warn("%s: invalid GPIO (errorpointer)\n", __func__); \
-+ return; \
-+ } \
- if (!desc->gdev) { \
-- pr_warn("%s: invalid GPIO\n", __func__); \
-+ pr_warn("%s: invalid GPIO (no device)\n", __func__); \
- return; \
- } \
- if (!desc->gdev->chip) { \
-@@ -2011,7 +2011,7 @@ int gpiod_to_irq(const struct gpio_desc *desc)
- * requires this function to not return zero on an invalid descriptor
- * but rather a negative error number.
- */
-- if (!desc || !desc->gdev || !desc->gdev->chip)
-+ if (!desc || IS_ERR(desc) || !desc->gdev || !desc->gdev->chip)
- return -EINVAL;
-
- chip = desc->gdev->chip;
-@@ -2507,28 +2507,13 @@ struct gpio_desc *__must_check gpiod_get_optional(struct device *dev,
- }
- EXPORT_SYMBOL_GPL(gpiod_get_optional);
-
--/**
-- * gpiod_parse_flags - helper function to parse GPIO lookup flags
-- * @desc: gpio to be setup
-- * @lflags: gpio_lookup_flags - returned from of_find_gpio() or
-- * of_get_gpio_hog()
-- *
-- * Set the GPIO descriptor flags based on the given GPIO lookup flags.
-- */
--static void gpiod_parse_flags(struct gpio_desc *desc, unsigned long lflags)
--{
-- if (lflags & GPIO_ACTIVE_LOW)
-- set_bit(FLAG_ACTIVE_LOW, &desc->flags);
-- if (lflags & GPIO_OPEN_DRAIN)
-- set_bit(FLAG_OPEN_DRAIN, &desc->flags);
-- if (lflags & GPIO_OPEN_SOURCE)
-- set_bit(FLAG_OPEN_SOURCE, &desc->flags);
--}
-
- /**
- * gpiod_configure_flags - helper function to configure a given GPIO
- * @desc: gpio whose value will be assigned
- * @con_id: function within the GPIO consumer
-+ * @lflags: gpio_lookup_flags - returned from of_find_gpio() or
-+ * of_get_gpio_hog()
- * @dflags: gpiod_flags - optional GPIO initialization flags
- *
- * Return 0 on success, -ENOENT if no GPIO has been assigned to the
-@@ -2536,10 +2521,17 @@ static void gpiod_parse_flags(struct gpio_desc *desc, unsigned long lflags)
- * occurred while trying to acquire the GPIO.
- */
- static int gpiod_configure_flags(struct gpio_desc *desc, const char *con_id,
-- enum gpiod_flags dflags)
-+ unsigned long lflags, enum gpiod_flags dflags)
- {
- int status;
-
-+ if (lflags & GPIO_ACTIVE_LOW)
-+ set_bit(FLAG_ACTIVE_LOW, &desc->flags);
-+ if (lflags & GPIO_OPEN_DRAIN)
-+ set_bit(FLAG_OPEN_DRAIN, &desc->flags);
-+ if (lflags & GPIO_OPEN_SOURCE)
-+ set_bit(FLAG_OPEN_SOURCE, &desc->flags);
-+
- /* No particular flag request, return here... */
- if (!(dflags & GPIOD_FLAGS_BIT_DIR_SET)) {
- pr_debug("no flags found for %s\n", con_id);
-@@ -2606,13 +2598,11 @@ struct gpio_desc *__must_check gpiod_get_index(struct device *dev,
- return desc;
- }
-
-- gpiod_parse_flags(desc, lookupflags);
--
- status = gpiod_request(desc, con_id);
- if (status < 0)
- return ERR_PTR(status);
-
-- status = gpiod_configure_flags(desc, con_id, flags);
-+ status = gpiod_configure_flags(desc, con_id, lookupflags, flags);
- if (status < 0) {
- dev_dbg(dev, "setup of GPIO %s failed\n", con_id);
- gpiod_put(desc);
-@@ -2668,6 +2658,10 @@ struct gpio_desc *fwnode_get_named_gpiod(struct fwnode_handle *fwnode,
- if (IS_ERR(desc))
- return desc;
-
-+ ret = gpiod_request(desc, NULL);
-+ if (ret)
-+ return ERR_PTR(ret);
-+
- if (active_low)
- set_bit(FLAG_ACTIVE_LOW, &desc->flags);
-
-@@ -2678,10 +2672,6 @@ struct gpio_desc *fwnode_get_named_gpiod(struct fwnode_handle *fwnode,
- set_bit(FLAG_OPEN_SOURCE, &desc->flags);
- }
-
-- ret = gpiod_request(desc, NULL);
-- if (ret)
-- return ERR_PTR(ret);
--
- return desc;
- }
- EXPORT_SYMBOL_GPL(fwnode_get_named_gpiod);
-@@ -2734,8 +2724,6 @@ int gpiod_hog(struct gpio_desc *desc, const char *name,
- chip = gpiod_to_chip(desc);
- hwnum = gpio_chip_hwgpio(desc);
-
-- gpiod_parse_flags(desc, lflags);
--
- local_desc = gpiochip_request_own_desc(chip, hwnum, name);
- if (IS_ERR(local_desc)) {
- pr_err("requesting hog GPIO %s (chip %s, offset %d) failed\n",
-@@ -2743,7 +2731,7 @@ int gpiod_hog(struct gpio_desc *desc, const char *name,
- return PTR_ERR(local_desc);
- }
-
-- status = gpiod_configure_flags(desc, name, dflags);
-+ status = gpiod_configure_flags(desc, name, lflags, dflags);
- if (status < 0) {
- pr_err("setup of hog GPIO %s (chip %s, offset %d) failed\n",
- name, chip->label, hwnum);
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-index 6043dc7..3e21732 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-@@ -880,7 +880,7 @@ static int amdgpu_cgs_acpi_eval_object(void *cgs_device,
- struct cgs_acpi_method_argument *argument = NULL;
- uint32_t i, count;
- acpi_status status;
-- int result;
-+ int result = 0;
- uint32_t func_no = 0xFFFFFFFF;
-
- handle = ACPI_HANDLE(&adev->pdev->dev);
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
-index b04337d..d78739d 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
-@@ -448,7 +448,8 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
- dev_info.max_memory_clock = adev->pm.default_mclk * 10;
- }
- dev_info.enabled_rb_pipes_mask = adev->gfx.config.backend_enable_mask;
-- dev_info.num_rb_pipes = adev->gfx.config.num_rbs;
-+ dev_info.num_rb_pipes = adev->gfx.config.max_backends_per_se *
-+ adev->gfx.config.max_shader_engines;
- dev_info.num_hw_gfx_contexts = adev->gfx.config.max_hw_contexts;
- dev_info._pad = 0;
- dev_info.ids_flags = 0;
-diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-index bb8709066..d2216f8 100644
---- a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-@@ -5074,7 +5074,7 @@ static int gfx_v7_0_eop_irq(struct amdgpu_device *adev,
- case 2:
- for (i = 0; i < adev->gfx.num_compute_rings; i++) {
- ring = &adev->gfx.compute_ring[i];
-- if ((ring->me == me_id) & (ring->pipe == pipe_id))
-+ if ((ring->me == me_id) && (ring->pipe == pipe_id))
- amdgpu_fence_process(ring);
- }
- break;
-diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
-index ac00579..7708d90 100644
---- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
-+++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
-@@ -242,13 +242,19 @@ static void kfd_process_notifier_release(struct mmu_notifier *mn,
- pqm_uninit(&p->pqm);
-
- /* Iterate over all process device data structure and check
-- * if we should reset all wavefronts */
-- list_for_each_entry(pdd, &p->per_device_data, per_device_list)
-+ * if we should delete debug managers and reset all wavefronts
-+ */
-+ list_for_each_entry(pdd, &p->per_device_data, per_device_list) {
-+ if ((pdd->dev->dbgmgr) &&
-+ (pdd->dev->dbgmgr->pasid == p->pasid))
-+ kfd_dbgmgr_destroy(pdd->dev->dbgmgr);
-+
- if (pdd->reset_wavefronts) {
- pr_warn("amdkfd: Resetting all wave fronts\n");
- dbgdev_wave_reset_wavefronts(pdd->dev, p);
- pdd->reset_wavefronts = false;
- }
-+ }
-
- mutex_unlock(&p->mutex);
-
-@@ -404,42 +410,52 @@ void kfd_unbind_process_from_device(struct kfd_dev *dev, unsigned int pasid)
-
- idx = srcu_read_lock(&kfd_processes_srcu);
-
-+ /*
-+ * Look for the process that matches the pasid. If there is no such
-+ * process, we either released it in amdkfd's own notifier, or there
-+ * is a bug. Unfortunately, there is no way to tell...
-+ */
- hash_for_each_rcu(kfd_processes_table, i, p, kfd_processes)
-- if (p->pasid == pasid)
-- break;
-+ if (p->pasid == pasid) {
-
-- srcu_read_unlock(&kfd_processes_srcu, idx);
-+ srcu_read_unlock(&kfd_processes_srcu, idx);
-
-- BUG_ON(p->pasid != pasid);
-+ pr_debug("Unbinding process %d from IOMMU\n", pasid);
-
-- mutex_lock(&p->mutex);
-+ mutex_lock(&p->mutex);
-
-- if ((dev->dbgmgr) && (dev->dbgmgr->pasid == p->pasid))
-- kfd_dbgmgr_destroy(dev->dbgmgr);
-+ if ((dev->dbgmgr) && (dev->dbgmgr->pasid == p->pasid))
-+ kfd_dbgmgr_destroy(dev->dbgmgr);
-
-- pqm_uninit(&p->pqm);
-+ pqm_uninit(&p->pqm);
-
-- pdd = kfd_get_process_device_data(dev, p);
-+ pdd = kfd_get_process_device_data(dev, p);
-
-- if (!pdd) {
-- mutex_unlock(&p->mutex);
-- return;
-- }
-+ if (!pdd) {
-+ mutex_unlock(&p->mutex);
-+ return;
-+ }
-
-- if (pdd->reset_wavefronts) {
-- dbgdev_wave_reset_wavefronts(pdd->dev, p);
-- pdd->reset_wavefronts = false;
-- }
-+ if (pdd->reset_wavefronts) {
-+ dbgdev_wave_reset_wavefronts(pdd->dev, p);
-+ pdd->reset_wavefronts = false;
-+ }
-
-- /*
-- * Just mark pdd as unbound, because we still need it to call
-- * amd_iommu_unbind_pasid() in when the process exits.
-- * We don't call amd_iommu_unbind_pasid() here
-- * because the IOMMU called us.
-- */
-- pdd->bound = false;
-+ /*
-+ * Just mark pdd as unbound, because we still need it
-+ * to call amd_iommu_unbind_pasid() in when the
-+ * process exits.
-+ * We don't call amd_iommu_unbind_pasid() here
-+ * because the IOMMU called us.
-+ */
-+ pdd->bound = false;
-
-- mutex_unlock(&p->mutex);
-+ mutex_unlock(&p->mutex);
-+
-+ return;
-+ }
-+
-+ srcu_read_unlock(&kfd_processes_srcu, idx);
- }
-
- struct kfd_process_device *kfd_get_first_process_device_data(struct kfd_process *p)
-diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c b/drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c
-index fa208ad..efb77ed 100644
---- a/drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c
-+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c
-@@ -306,10 +306,14 @@ int phm_store_dal_configuration_data(struct pp_hwmgr *hwmgr,
- {
- PHM_FUNC_CHECK(hwmgr);
-
-- if (hwmgr->hwmgr_func->store_cc6_data == NULL)
-+ if (display_config == NULL)
- return -EINVAL;
-
- hwmgr->display_config = *display_config;
-+
-+ if (hwmgr->hwmgr_func->store_cc6_data == NULL)
-+ return -EINVAL;
-+
- /* to do pass other display configuration in furture */
-
- if (hwmgr->hwmgr_func->store_cc6_data)
-diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/pp_acpi.c b/drivers/gpu/drm/amd/powerplay/hwmgr/pp_acpi.c
-index 7b2d500..7cce483 100644
---- a/drivers/gpu/drm/amd/powerplay/hwmgr/pp_acpi.c
-+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/pp_acpi.c
-@@ -21,6 +21,20 @@ bool acpi_atcs_functions_supported(void *device, uint32_t index)
- return result == 0 ? (output_buf.function_bits & (1 << (index - 1))) != 0 : false;
- }
-
-+bool acpi_atcs_notify_pcie_device_ready(void *device)
-+{
-+ int32_t temp_buffer = 1;
-+
-+ return cgs_call_acpi_method(device, CGS_ACPI_METHOD_ATCS,
-+ ATCS_FUNCTION_PCIE_DEVICE_READY_NOTIFICATION,
-+ &temp_buffer,
-+ NULL,
-+ 0,
-+ sizeof(temp_buffer),
-+ 0);
-+}
-+
-+
- int acpi_pcie_perf_request(void *device, uint8_t perf_req, bool advertise)
- {
- struct atcs_pref_req_input atcs_input;
-@@ -29,7 +43,7 @@ int acpi_pcie_perf_request(void *device, uint8_t perf_req, bool advertise)
- int result;
- struct cgs_system_info info = {0};
-
-- if (!acpi_atcs_functions_supported(device, ATCS_FUNCTION_PCIE_PERFORMANCE_REQUEST))
-+ if( 0 != acpi_atcs_notify_pcie_device_ready(device))
- return -EINVAL;
-
- info.size = sizeof(struct cgs_system_info);
-@@ -54,7 +68,7 @@ int acpi_pcie_perf_request(void *device, uint8_t perf_req, bool advertise)
- ATCS_FUNCTION_PCIE_PERFORMANCE_REQUEST,
- &atcs_input,
- &atcs_output,
-- 0,
-+ 1,
- sizeof(atcs_input),
- sizeof(atcs_output));
- if (result != 0)
-diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_hwmgr.c
-index 0d5d837..aae2e8e 100644
---- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_hwmgr.c
-+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_hwmgr.c
-@@ -1298,7 +1298,7 @@ static int tonga_populate_smc_mvdd_table(struct pp_hwmgr *hwmgr,
- table->Smio[count] |=
- data->mvdd_voltage_table.entries[count].smio_low;
- }
-- table->SmioMask2 = data->vddci_voltage_table.mask_low;
-+ table->SmioMask2 = data->mvdd_voltage_table.mask_low;
-
- CONVERT_FROM_HOST_TO_SMC_UL(table->MvddLevelCount);
- }
-diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_processpptables.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_processpptables.c
-index b156481..17766e8 100644
---- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_processpptables.c
-+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_processpptables.c
-@@ -299,7 +299,7 @@ static int init_dpm_2_parameters(
- (((unsigned long)powerplay_table) + le16_to_cpu(powerplay_table->usPPMTableOffset));
-
- if (0 != powerplay_table->usPPMTableOffset) {
-- if (1 == get_platform_power_management_table(hwmgr, atom_ppm_table)) {
-+ if (get_platform_power_management_table(hwmgr, atom_ppm_table) == 0) {
- phm_cap_set(hwmgr->platform_descriptor.platformCaps,
- PHM_PlatformCaps_EnablePlatformPowerManagement);
- }
-diff --git a/drivers/gpu/drm/amd/powerplay/inc/pp_acpi.h b/drivers/gpu/drm/amd/powerplay/inc/pp_acpi.h
-index 3bd5e69..3df5de2 100644
---- a/drivers/gpu/drm/amd/powerplay/inc/pp_acpi.h
-+++ b/drivers/gpu/drm/amd/powerplay/inc/pp_acpi.h
-@@ -26,3 +26,4 @@ extern bool acpi_atcs_functions_supported(void *device,
- extern int acpi_pcie_perf_request(void *device,
- uint8_t perf_req,
- bool advertise);
-+extern bool acpi_atcs_notify_pcie_device_ready(void *device);
-diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c
-index d65dcae..6d9c0f5 100644
---- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c
-+++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c
-@@ -335,6 +335,8 @@ atmel_hlcdc_plane_update_pos_and_size(struct atmel_hlcdc_plane *plane,
-
- atmel_hlcdc_layer_update_cfg(&plane->layer, 13, 0xffffffff,
- factor_reg);
-+ } else {
-+ atmel_hlcdc_layer_update_cfg(&plane->layer, 13, 0xffffffff, 0);
- }
- }
-
-diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
-index d307d96..080a090 100644
---- a/drivers/gpu/drm/drm_atomic.c
-+++ b/drivers/gpu/drm/drm_atomic.c
-@@ -354,6 +354,8 @@ int drm_atomic_set_mode_prop_for_crtc(struct drm_crtc_state *state,
- drm_property_unreference_blob(state->mode_blob);
- state->mode_blob = NULL;
-
-+ memset(&state->mode, 0, sizeof(state->mode));
-+
- if (blob) {
- if (blob->length != sizeof(struct drm_mode_modeinfo) ||
- drm_mode_convert_umode(&state->mode,
-@@ -366,7 +368,6 @@ int drm_atomic_set_mode_prop_for_crtc(struct drm_crtc_state *state,
- DRM_DEBUG_ATOMIC("Set [MODE:%s] for CRTC state %p\n",
- state->mode.name, state);
- } else {
-- memset(&state->mode, 0, sizeof(state->mode));
- state->enable = false;
- DRM_DEBUG_ATOMIC("Set [NOMODE] for CRTC state %p\n",
- state);
-@@ -1287,14 +1288,39 @@ EXPORT_SYMBOL(drm_atomic_add_affected_planes);
- */
- void drm_atomic_legacy_backoff(struct drm_atomic_state *state)
- {
-+ struct drm_device *dev = state->dev;
-+ unsigned crtc_mask = 0;
-+ struct drm_crtc *crtc;
- int ret;
-+ bool global = false;
-+
-+ drm_for_each_crtc(crtc, dev) {
-+ if (crtc->acquire_ctx != state->acquire_ctx)
-+ continue;
-+
-+ crtc_mask |= drm_crtc_mask(crtc);
-+ crtc->acquire_ctx = NULL;
-+ }
-+
-+ if (WARN_ON(dev->mode_config.acquire_ctx == state->acquire_ctx)) {
-+ global = true;
-+
-+ dev->mode_config.acquire_ctx = NULL;
-+ }
-
- retry:
- drm_modeset_backoff(state->acquire_ctx);
-
-- ret = drm_modeset_lock_all_ctx(state->dev, state->acquire_ctx);
-+ ret = drm_modeset_lock_all_ctx(dev, state->acquire_ctx);
- if (ret)
- goto retry;
-+
-+ drm_for_each_crtc(crtc, dev)
-+ if (drm_crtc_mask(crtc) & crtc_mask)
-+ crtc->acquire_ctx = state->acquire_ctx;
-+
-+ if (global)
-+ dev->mode_config.acquire_ctx = state->acquire_ctx;
- }
- EXPORT_SYMBOL(drm_atomic_legacy_backoff);
-
-diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
-index f30de80..691a1b9 100644
---- a/drivers/gpu/drm/drm_crtc.c
-+++ b/drivers/gpu/drm/drm_crtc.c
-@@ -2800,8 +2800,6 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
- goto out;
- }
-
-- drm_mode_set_crtcinfo(mode, CRTC_INTERLACE_HALVE_V);
--
- /*
- * Check whether the primary plane supports the fb pixel format.
- * Drivers not implementing the universal planes API use a
-diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
-index 71ea052..ccfe7e7 100644
---- a/drivers/gpu/drm/drm_dp_mst_topology.c
-+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
-@@ -2908,11 +2908,9 @@ static void drm_dp_destroy_connector_work(struct work_struct *work)
- drm_dp_port_teardown_pdt(port, port->pdt);
-
- if (!port->input && port->vcpi.vcpi > 0) {
-- if (mgr->mst_state) {
-- drm_dp_mst_reset_vcpi_slots(mgr, port);
-- drm_dp_update_payload_part1(mgr);
-- drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
-- }
-+ drm_dp_mst_reset_vcpi_slots(mgr, port);
-+ drm_dp_update_payload_part1(mgr);
-+ drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
- }
-
- kref_put(&port->kref, drm_dp_free_mst_port);
-diff --git a/drivers/gpu/drm/drm_fb_cma_helper.c b/drivers/gpu/drm/drm_fb_cma_helper.c
-index bb88e3d..e619b00 100644
---- a/drivers/gpu/drm/drm_fb_cma_helper.c
-+++ b/drivers/gpu/drm/drm_fb_cma_helper.c
-@@ -301,7 +301,7 @@ static int drm_fbdev_cma_create(struct drm_fb_helper *helper,
- err_fb_info_destroy:
- drm_fb_helper_release_fbi(helper);
- err_gem_free_object:
-- dev->driver->gem_free_object(&obj->base);
-+ drm_gem_object_unreference_unlocked(&obj->base);
- return ret;
- }
-
-diff --git a/drivers/gpu/drm/drm_gem_cma_helper.c b/drivers/gpu/drm/drm_gem_cma_helper.c
-index 1f500a1..d988ca0 100644
---- a/drivers/gpu/drm/drm_gem_cma_helper.c
-+++ b/drivers/gpu/drm/drm_gem_cma_helper.c
-@@ -121,7 +121,7 @@ struct drm_gem_cma_object *drm_gem_cma_create(struct drm_device *drm,
- return cma_obj;
-
- error:
-- drm->driver->gem_free_object(&cma_obj->base);
-+ drm_gem_object_unreference_unlocked(&cma_obj->base);
- return ERR_PTR(ret);
- }
- EXPORT_SYMBOL_GPL(drm_gem_cma_create);
-@@ -162,18 +162,12 @@ drm_gem_cma_create_with_handle(struct drm_file *file_priv,
- * and handle has the id what user can see.
- */
- ret = drm_gem_handle_create(file_priv, gem_obj, handle);
-- if (ret)
-- goto err_handle_create;
--
- /* drop reference from allocate - handle holds it now. */
- drm_gem_object_unreference_unlocked(gem_obj);
-+ if (ret)
-+ return ERR_PTR(ret);
-
- return cma_obj;
--
--err_handle_create:
-- drm->driver->gem_free_object(gem_obj);
--
-- return ERR_PTR(ret);
- }
-
- /**
-diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
-index f7448a5..5d0fc26 100644
---- a/drivers/gpu/drm/drm_modes.c
-+++ b/drivers/gpu/drm/drm_modes.c
-@@ -1518,6 +1518,8 @@ int drm_mode_convert_umode(struct drm_display_mode *out,
- if (out->status != MODE_OK)
- goto out;
-
-+ drm_mode_set_crtcinfo(out, CRTC_INTERLACE_HALVE_V);
-+
- ret = 0;
-
- out:
-diff --git a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
-index e8d9337..77886f1 100644
---- a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
-+++ b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
-@@ -40,9 +40,10 @@ static const struct regmap_config fsl_dcu_regmap_config = {
- .reg_bits = 32,
- .reg_stride = 4,
- .val_bits = 32,
-- .cache_type = REGCACHE_RBTREE,
-+ .cache_type = REGCACHE_FLAT,
-
- .volatile_reg = fsl_dcu_drm_is_volatile_reg,
-+ .max_register = 0x11fc,
- };
-
- static int fsl_dcu_drm_irq_init(struct drm_device *dev)
-diff --git a/drivers/gpu/drm/i915/i915_gem_shrinker.c b/drivers/gpu/drm/i915/i915_gem_shrinker.c
-index d3c473f..3af4061 100644
---- a/drivers/gpu/drm/i915/i915_gem_shrinker.c
-+++ b/drivers/gpu/drm/i915/i915_gem_shrinker.c
-@@ -39,7 +39,7 @@ static bool mutex_is_locked_by(struct mutex *mutex, struct task_struct *task)
- if (!mutex_is_locked(mutex))
- return false;
-
--#if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_MUTEXES)
-+#if defined(CONFIG_DEBUG_MUTEXES) || defined(CONFIG_MUTEX_SPIN_ON_OWNER)
- return mutex->owner == task;
- #else
- /* Since UP may be pre-empted, we cannot assume that we own the lock */
-diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 7741efb..e5db9e1 100644
---- a/drivers/gpu/drm/i915/intel_display.c
-+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -8229,12 +8229,14 @@ static void ironlake_init_pch_refclk(struct drm_device *dev)
- {
- struct drm_i915_private *dev_priv = dev->dev_private;
- struct intel_encoder *encoder;
-+ int i;
- u32 val, final;
- bool has_lvds = false;
- bool has_cpu_edp = false;
- bool has_panel = false;
- bool has_ck505 = false;
- bool can_ssc = false;
-+ bool using_ssc_source = false;
-
- /* We need to take the global config into account */
- for_each_intel_encoder(dev, encoder) {
-@@ -8261,8 +8263,22 @@ static void ironlake_init_pch_refclk(struct drm_device *dev)
- can_ssc = true;
- }
-
-- DRM_DEBUG_KMS("has_panel %d has_lvds %d has_ck505 %d\n",
-- has_panel, has_lvds, has_ck505);
-+ /* Check if any DPLLs are using the SSC source */
-+ for (i = 0; i < dev_priv->num_shared_dpll; i++) {
-+ u32 temp = I915_READ(PCH_DPLL(i));
-+
-+ if (!(temp & DPLL_VCO_ENABLE))
-+ continue;
-+
-+ if ((temp & PLL_REF_INPUT_MASK) ==
-+ PLLB_REF_INPUT_SPREADSPECTRUMIN) {
-+ using_ssc_source = true;
-+ break;
-+ }
-+ }
-+
-+ DRM_DEBUG_KMS("has_panel %d has_lvds %d has_ck505 %d using_ssc_source %d\n",
-+ has_panel, has_lvds, has_ck505, using_ssc_source);
-
- /* Ironlake: try to setup display ref clock before DPLL
- * enabling. This is only under driver's control after
-@@ -8299,9 +8315,9 @@ static void ironlake_init_pch_refclk(struct drm_device *dev)
- final |= DREF_CPU_SOURCE_OUTPUT_NONSPREAD;
- } else
- final |= DREF_CPU_SOURCE_OUTPUT_DISABLE;
-- } else {
-- final |= DREF_SSC_SOURCE_DISABLE;
-- final |= DREF_CPU_SOURCE_OUTPUT_DISABLE;
-+ } else if (using_ssc_source) {
-+ final |= DREF_SSC_SOURCE_ENABLE;
-+ final |= DREF_SSC1_ENABLE;
- }
-
- if (final == val)
-@@ -8347,7 +8363,7 @@ static void ironlake_init_pch_refclk(struct drm_device *dev)
- POSTING_READ(PCH_DREF_CONTROL);
- udelay(200);
- } else {
-- DRM_DEBUG_KMS("Disabling SSC entirely\n");
-+ DRM_DEBUG_KMS("Disabling CPU source output\n");
-
- val &= ~DREF_CPU_SOURCE_OUTPUT_MASK;
-
-@@ -8358,16 +8374,20 @@ static void ironlake_init_pch_refclk(struct drm_device *dev)
- POSTING_READ(PCH_DREF_CONTROL);
- udelay(200);
-
-- /* Turn off the SSC source */
-- val &= ~DREF_SSC_SOURCE_MASK;
-- val |= DREF_SSC_SOURCE_DISABLE;
-+ if (!using_ssc_source) {
-+ DRM_DEBUG_KMS("Disabling SSC source\n");
-
-- /* Turn off SSC1 */
-- val &= ~DREF_SSC1_ENABLE;
-+ /* Turn off the SSC source */
-+ val &= ~DREF_SSC_SOURCE_MASK;
-+ val |= DREF_SSC_SOURCE_DISABLE;
-
-- I915_WRITE(PCH_DREF_CONTROL, val);
-- POSTING_READ(PCH_DREF_CONTROL);
-- udelay(200);
-+ /* Turn off SSC1 */
-+ val &= ~DREF_SSC1_ENABLE;
-+
-+ I915_WRITE(PCH_DREF_CONTROL, val);
-+ POSTING_READ(PCH_DREF_CONTROL);
-+ udelay(200);
-+ }
- }
-
- BUG_ON(val != final);
-diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
-index 412a34c..69054ef 100644
---- a/drivers/gpu/drm/i915/intel_dp.c
-+++ b/drivers/gpu/drm/i915/intel_dp.c
-@@ -4942,13 +4942,15 @@ static void intel_edp_panel_vdd_sanitize(struct intel_dp *intel_dp)
-
- void intel_dp_encoder_reset(struct drm_encoder *encoder)
- {
-- struct intel_dp *intel_dp;
-+ struct drm_i915_private *dev_priv = to_i915(encoder->dev);
-+ struct intel_dp *intel_dp = enc_to_intel_dp(encoder);
-+
-+ if (!HAS_DDI(dev_priv))
-+ intel_dp->DP = I915_READ(intel_dp->output_reg);
-
- if (to_intel_encoder(encoder)->type != INTEL_OUTPUT_EDP)
- return;
-
-- intel_dp = enc_to_intel_dp(encoder);
--
- pps_lock(intel_dp);
-
- /*
-@@ -5020,9 +5022,6 @@ intel_dp_hpd_pulse(struct intel_digital_port *intel_dig_port, bool long_hpd)
- intel_display_power_get(dev_priv, power_domain);
-
- if (long_hpd) {
-- /* indicate that we need to restart link training */
-- intel_dp->train_set_valid = false;
--
- if (!intel_digital_port_connected(dev_priv, intel_dig_port))
- goto mst_fail;
-
-diff --git a/drivers/gpu/drm/i915/intel_dp_link_training.c b/drivers/gpu/drm/i915/intel_dp_link_training.c
-index 0b8eefc..926a1e6 100644
---- a/drivers/gpu/drm/i915/intel_dp_link_training.c
-+++ b/drivers/gpu/drm/i915/intel_dp_link_training.c
-@@ -85,8 +85,7 @@ static bool
- intel_dp_reset_link_train(struct intel_dp *intel_dp,
- uint8_t dp_train_pat)
- {
-- if (!intel_dp->train_set_valid)
-- memset(intel_dp->train_set, 0, sizeof(intel_dp->train_set));
-+ memset(intel_dp->train_set, 0, sizeof(intel_dp->train_set));
- intel_dp_set_signal_levels(intel_dp);
- return intel_dp_set_link_train(intel_dp, dp_train_pat);
- }
-@@ -161,22 +160,6 @@ intel_dp_link_training_clock_recovery(struct intel_dp *intel_dp)
- break;
- }
-
-- /*
-- * if we used previously trained voltage and pre-emphasis values
-- * and we don't get clock recovery, reset link training values
-- */
-- if (intel_dp->train_set_valid) {
-- DRM_DEBUG_KMS("clock recovery not ok, reset");
-- /* clear the flag as we are not reusing train set */
-- intel_dp->train_set_valid = false;
-- if (!intel_dp_reset_link_train(intel_dp,
-- DP_TRAINING_PATTERN_1 |
-- DP_LINK_SCRAMBLING_DISABLE)) {
-- DRM_ERROR("failed to enable link training\n");
-- return;
-- }
-- continue;
-- }
-
- /* Check to see if we've tried the max voltage */
- for (i = 0; i < intel_dp->lane_count; i++)
-@@ -284,7 +267,6 @@ intel_dp_link_training_channel_equalization(struct intel_dp *intel_dp)
- /* Make sure clock is still ok */
- if (!drm_dp_clock_recovery_ok(link_status,
- intel_dp->lane_count)) {
-- intel_dp->train_set_valid = false;
- intel_dp_link_training_clock_recovery(intel_dp);
- intel_dp_set_link_train(intel_dp,
- training_pattern |
-@@ -301,7 +283,6 @@ intel_dp_link_training_channel_equalization(struct intel_dp *intel_dp)
-
- /* Try 5 times, then try clock recovery if that fails */
- if (tries > 5) {
-- intel_dp->train_set_valid = false;
- intel_dp_link_training_clock_recovery(intel_dp);
- intel_dp_set_link_train(intel_dp,
- training_pattern |
-@@ -322,10 +303,8 @@ intel_dp_link_training_channel_equalization(struct intel_dp *intel_dp)
-
- intel_dp_set_idle_link_train(intel_dp);
-
-- if (channel_eq) {
-- intel_dp->train_set_valid = true;
-+ if (channel_eq)
- DRM_DEBUG_KMS("Channel EQ done. DP Training successful\n");
-- }
- }
-
- void intel_dp_stop_link_train(struct intel_dp *intel_dp)
-diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
-index 3a30b37..8dd2cc5 100644
---- a/drivers/gpu/drm/i915/intel_drv.h
-+++ b/drivers/gpu/drm/i915/intel_drv.h
-@@ -811,8 +811,6 @@ struct intel_dp {
- /* This is called before a link training is starterd */
- void (*prepare_link_retrain)(struct intel_dp *intel_dp);
-
-- bool train_set_valid;
--
- /* Displayport compliance testing */
- unsigned long compliance_test_type;
- unsigned long compliance_test_data;
-diff --git a/drivers/gpu/drm/i915/intel_fbc.c b/drivers/gpu/drm/i915/intel_fbc.c
-index 0f0492f..28f4407 100644
---- a/drivers/gpu/drm/i915/intel_fbc.c
-+++ b/drivers/gpu/drm/i915/intel_fbc.c
-@@ -823,8 +823,7 @@ static bool intel_fbc_can_choose(struct intel_crtc *crtc)
- {
- struct drm_i915_private *dev_priv = crtc->base.dev->dev_private;
- struct intel_fbc *fbc = &dev_priv->fbc;
-- bool enable_by_default = IS_HASWELL(dev_priv) ||
-- IS_BROADWELL(dev_priv);
-+ bool enable_by_default = IS_BROADWELL(dev_priv);
-
- if (intel_vgpu_active(dev_priv->dev)) {
- fbc->no_fbc_reason = "VGPU is active";
-diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
-index 14e64e0..d347dca 100644
---- a/drivers/gpu/drm/mgag200/mgag200_mode.c
-+++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
-@@ -182,7 +182,7 @@ static int mga_g200se_set_plls(struct mga_device *mdev, long clock)
- }
- }
-
-- fvv = pllreffreq * testn / testm;
-+ fvv = pllreffreq * (n + 1) / (m + 1);
- fvv = (fvv - 800000) / 50000;
-
- if (fvv > 15)
-@@ -202,6 +202,14 @@ static int mga_g200se_set_plls(struct mga_device *mdev, long clock)
- WREG_DAC(MGA1064_PIX_PLLC_M, m);
- WREG_DAC(MGA1064_PIX_PLLC_N, n);
- WREG_DAC(MGA1064_PIX_PLLC_P, p);
-+
-+ if (mdev->unique_rev_id >= 0x04) {
-+ WREG_DAC(0x1a, 0x09);
-+ msleep(20);
-+ WREG_DAC(0x1a, 0x01);
-+
-+ }
-+
- return 0;
- }
-
-diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/disp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/disp.h
-index db10c11..c5a6ebd 100644
---- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/disp.h
-+++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/disp.h
-@@ -25,7 +25,8 @@ u16 nvbios_outp_match(struct nvkm_bios *, u16 type, u16 mask,
- u8 *ver, u8 *hdr, u8 *cnt, u8 *len, struct nvbios_outp *);
-
- struct nvbios_ocfg {
-- u16 match;
-+ u8 proto;
-+ u8 flags;
- u16 clkcmp[2];
- };
-
-@@ -33,7 +34,7 @@ u16 nvbios_ocfg_entry(struct nvkm_bios *, u16 outp, u8 idx,
- u8 *ver, u8 *hdr, u8 *cnt, u8 *len);
- u16 nvbios_ocfg_parse(struct nvkm_bios *, u16 outp, u8 idx,
- u8 *ver, u8 *hdr, u8 *cnt, u8 *len, struct nvbios_ocfg *);
--u16 nvbios_ocfg_match(struct nvkm_bios *, u16 outp, u16 type,
-+u16 nvbios_ocfg_match(struct nvkm_bios *, u16 outp, u8 proto, u8 flags,
- u8 *ver, u8 *hdr, u8 *cnt, u8 *len, struct nvbios_ocfg *);
- u16 nvbios_oclk_match(struct nvkm_bios *, u16 cmp, u32 khz);
- #endif
-diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c
-index 59f27e7..e40a1b0 100644
---- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c
-+++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c
-@@ -557,6 +557,8 @@ nouveau_fbcon_init(struct drm_device *dev)
- if (ret)
- goto fini;
-
-+ if (fbcon->helper.fbdev)
-+ fbcon->helper.fbdev->pixmap.buf_align = 4;
- return 0;
-
- fini:
-diff --git a/drivers/gpu/drm/nouveau/nv04_fbcon.c b/drivers/gpu/drm/nouveau/nv04_fbcon.c
-index 789dc29..8f715fe 100644
---- a/drivers/gpu/drm/nouveau/nv04_fbcon.c
-+++ b/drivers/gpu/drm/nouveau/nv04_fbcon.c
-@@ -82,7 +82,6 @@ nv04_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- uint32_t fg;
- uint32_t bg;
- uint32_t dsize;
-- uint32_t width;
- uint32_t *data = (uint32_t *)image->data;
- int ret;
-
-@@ -93,9 +92,6 @@ nv04_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- if (ret)
- return ret;
-
-- width = ALIGN(image->width, 8);
-- dsize = ALIGN(width * image->height, 32) >> 5;
--
- if (info->fix.visual == FB_VISUAL_TRUECOLOR ||
- info->fix.visual == FB_VISUAL_DIRECTCOLOR) {
- fg = ((uint32_t *) info->pseudo_palette)[image->fg_color];
-@@ -111,10 +107,11 @@ nv04_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- ((image->dx + image->width) & 0xffff));
- OUT_RING(chan, bg);
- OUT_RING(chan, fg);
-- OUT_RING(chan, (image->height << 16) | width);
-+ OUT_RING(chan, (image->height << 16) | image->width);
- OUT_RING(chan, (image->height << 16) | image->width);
- OUT_RING(chan, (image->dy << 16) | (image->dx & 0xffff));
-
-+ dsize = ALIGN(image->width * image->height, 32) >> 5;
- while (dsize) {
- int iter_len = dsize > 128 ? 128 : dsize;
-
-diff --git a/drivers/gpu/drm/nouveau/nv50_fbcon.c b/drivers/gpu/drm/nouveau/nv50_fbcon.c
-index e05499d..a4e259a 100644
---- a/drivers/gpu/drm/nouveau/nv50_fbcon.c
-+++ b/drivers/gpu/drm/nouveau/nv50_fbcon.c
-@@ -95,7 +95,7 @@ nv50_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- struct nouveau_fbdev *nfbdev = info->par;
- struct nouveau_drm *drm = nouveau_drm(nfbdev->dev);
- struct nouveau_channel *chan = drm->channel;
-- uint32_t width, dwords, *data = (uint32_t *)image->data;
-+ uint32_t dwords, *data = (uint32_t *)image->data;
- uint32_t mask = ~(~0 >> (32 - info->var.bits_per_pixel));
- uint32_t *palette = info->pseudo_palette;
- int ret;
-@@ -107,9 +107,6 @@ nv50_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- if (ret)
- return ret;
-
-- width = ALIGN(image->width, 32);
-- dwords = (width * image->height) >> 5;
--
- BEGIN_NV04(chan, NvSub2D, 0x0814, 2);
- if (info->fix.visual == FB_VISUAL_TRUECOLOR ||
- info->fix.visual == FB_VISUAL_DIRECTCOLOR) {
-@@ -128,6 +125,7 @@ nv50_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- OUT_RING(chan, 0);
- OUT_RING(chan, image->dy);
-
-+ dwords = ALIGN(image->width * image->height, 32) >> 5;
- while (dwords) {
- int push = dwords > 2047 ? 2047 : dwords;
-
-diff --git a/drivers/gpu/drm/nouveau/nvc0_fbcon.c b/drivers/gpu/drm/nouveau/nvc0_fbcon.c
-index c97395b..f28315e 100644
---- a/drivers/gpu/drm/nouveau/nvc0_fbcon.c
-+++ b/drivers/gpu/drm/nouveau/nvc0_fbcon.c
-@@ -95,7 +95,7 @@ nvc0_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- struct nouveau_fbdev *nfbdev = info->par;
- struct nouveau_drm *drm = nouveau_drm(nfbdev->dev);
- struct nouveau_channel *chan = drm->channel;
-- uint32_t width, dwords, *data = (uint32_t *)image->data;
-+ uint32_t dwords, *data = (uint32_t *)image->data;
- uint32_t mask = ~(~0 >> (32 - info->var.bits_per_pixel));
- uint32_t *palette = info->pseudo_palette;
- int ret;
-@@ -107,9 +107,6 @@ nvc0_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- if (ret)
- return ret;
-
-- width = ALIGN(image->width, 32);
-- dwords = (width * image->height) >> 5;
--
- BEGIN_NVC0(chan, NvSub2D, 0x0814, 2);
- if (info->fix.visual == FB_VISUAL_TRUECOLOR ||
- info->fix.visual == FB_VISUAL_DIRECTCOLOR) {
-@@ -128,6 +125,7 @@ nvc0_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
- OUT_RING (chan, 0);
- OUT_RING (chan, image->dy);
-
-+ dwords = ALIGN(image->width * image->height, 32) >> 5;
- while (dwords) {
- int push = dwords > 2047 ? 2047 : dwords;
-
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c
-index 18fab397..62ad030 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/pci.c
-@@ -1614,7 +1614,7 @@ nvkm_device_pci_func = {
- .fini = nvkm_device_pci_fini,
- .resource_addr = nvkm_device_pci_resource_addr,
- .resource_size = nvkm_device_pci_resource_size,
-- .cpu_coherent = !IS_ENABLED(CONFIG_ARM) && !IS_ENABLED(CONFIG_ARM64),
-+ .cpu_coherent = !IS_ENABLED(CONFIG_ARM),
- };
-
- int
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/Kbuild b/drivers/gpu/drm/nouveau/nvkm/engine/disp/Kbuild
-index a74c5dd..e2a64ed 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/Kbuild
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/Kbuild
-@@ -18,6 +18,7 @@ nvkm-y += nvkm/engine/disp/piornv50.o
- nvkm-y += nvkm/engine/disp/sornv50.o
- nvkm-y += nvkm/engine/disp/sorg94.o
- nvkm-y += nvkm/engine/disp/sorgf119.o
-+nvkm-y += nvkm/engine/disp/sorgm107.o
- nvkm-y += nvkm/engine/disp/sorgm200.o
- nvkm-y += nvkm/engine/disp/dport.o
-
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/gf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/gf119.c
-index f031466..5dd3438 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/gf119.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/gf119.c
-@@ -76,6 +76,7 @@ exec_lookup(struct nv50_disp *disp, int head, int or, u32 ctrl,
- mask |= 0x0001 << or;
- mask |= 0x0100 << head;
-
-+
- list_for_each_entry(outp, &disp->base.outp, head) {
- if ((outp->info.hasht & 0xff) == type &&
- (outp->info.hashm & mask) == mask) {
-@@ -155,25 +156,21 @@ exec_clkcmp(struct nv50_disp *disp, int head, int id, u32 pclk, u32 *conf)
- if (!outp)
- return NULL;
-
-+ *conf = (ctrl & 0x00000f00) >> 8;
- switch (outp->info.type) {
- case DCB_OUTPUT_TMDS:
-- *conf = (ctrl & 0x00000f00) >> 8;
- if (*conf == 5)
- *conf |= 0x0100;
- break;
- case DCB_OUTPUT_LVDS:
-- *conf = disp->sor.lvdsconf;
-- break;
-- case DCB_OUTPUT_DP:
-- *conf = (ctrl & 0x00000f00) >> 8;
-+ *conf |= disp->sor.lvdsconf;
- break;
-- case DCB_OUTPUT_ANALOG:
- default:
-- *conf = 0x00ff;
- break;
- }
-
-- data = nvbios_ocfg_match(bios, data, *conf, &ver, &hdr, &cnt, &len, &info2);
-+ data = nvbios_ocfg_match(bios, data, *conf & 0xff, *conf >> 8,
-+ &ver, &hdr, &cnt, &len, &info2);
- if (data && id < 0xff) {
- data = nvbios_oclk_match(bios, info2.clkcmp[id], pclk);
- if (data) {
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/gm107.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/gm107.c
-index b694414..f4b9cf8 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/gm107.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/gm107.c
-@@ -36,7 +36,7 @@ gm107_disp = {
- .outp.internal.crt = nv50_dac_output_new,
- .outp.internal.tmds = nv50_sor_output_new,
- .outp.internal.lvds = nv50_sor_output_new,
-- .outp.internal.dp = gf119_sor_dp_new,
-+ .outp.internal.dp = gm107_sor_dp_new,
- .dac.nr = 3,
- .dac.power = nv50_dac_power,
- .dac.sense = nv50_dac_sense,
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c
-index 4226d21..fcb1b0c 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c
-@@ -387,22 +387,17 @@ exec_clkcmp(struct nv50_disp *disp, int head, int id, u32 pclk, u32 *conf)
- if (!outp)
- return NULL;
-
-+ *conf = (ctrl & 0x00000f00) >> 8;
- if (outp->info.location == 0) {
- switch (outp->info.type) {
- case DCB_OUTPUT_TMDS:
-- *conf = (ctrl & 0x00000f00) >> 8;
- if (*conf == 5)
- *conf |= 0x0100;
- break;
- case DCB_OUTPUT_LVDS:
-- *conf = disp->sor.lvdsconf;
-+ *conf |= disp->sor.lvdsconf;
- break;
-- case DCB_OUTPUT_DP:
-- *conf = (ctrl & 0x00000f00) >> 8;
-- break;
-- case DCB_OUTPUT_ANALOG:
- default:
-- *conf = 0x00ff;
- break;
- }
- } else {
-@@ -410,7 +405,8 @@ exec_clkcmp(struct nv50_disp *disp, int head, int id, u32 pclk, u32 *conf)
- pclk = pclk / 2;
- }
-
-- data = nvbios_ocfg_match(bios, data, *conf, &ver, &hdr, &cnt, &len, &info2);
-+ data = nvbios_ocfg_match(bios, data, *conf & 0xff, *conf >> 8,
-+ &ver, &hdr, &cnt, &len, &info2);
- if (data && id < 0xff) {
- data = nvbios_oclk_match(bios, info2.clkcmp[id], pclk);
- if (data) {
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/outpdp.h b/drivers/gpu/drm/nouveau/nvkm/engine/disp/outpdp.h
-index e9067ba..4e983f6 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/outpdp.h
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/outpdp.h
-@@ -62,7 +62,12 @@ int g94_sor_dp_lnk_pwr(struct nvkm_output_dp *, int);
- int gf119_sor_dp_new(struct nvkm_disp *, int, struct dcb_output *,
- struct nvkm_output **);
- int gf119_sor_dp_lnk_ctl(struct nvkm_output_dp *, int, int, bool);
-+int gf119_sor_dp_drv_ctl(struct nvkm_output_dp *, int, int, int, int);
-
--int gm200_sor_dp_new(struct nvkm_disp *, int, struct dcb_output *,
-- struct nvkm_output **);
-+int gm107_sor_dp_new(struct nvkm_disp *, int, struct dcb_output *,
-+ struct nvkm_output **);
-+int gm107_sor_dp_pattern(struct nvkm_output_dp *, int);
-+
-+int gm200_sor_dp_new(struct nvkm_disp *, int, struct dcb_output *,
-+ struct nvkm_output **);
- #endif
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c
-index b4b41b1..49bd5da 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c
-@@ -40,8 +40,8 @@ static int
- gf119_sor_dp_pattern(struct nvkm_output_dp *outp, int pattern)
- {
- struct nvkm_device *device = outp->base.disp->engine.subdev.device;
-- const u32 loff = gf119_sor_loff(outp);
-- nvkm_mask(device, 0x61c110 + loff, 0x0f0f0f0f, 0x01010101 * pattern);
-+ const u32 soff = gf119_sor_soff(outp);
-+ nvkm_mask(device, 0x61c110 + soff, 0x0f0f0f0f, 0x01010101 * pattern);
- return 0;
- }
-
-@@ -64,7 +64,7 @@ gf119_sor_dp_lnk_ctl(struct nvkm_output_dp *outp, int nr, int bw, bool ef)
- return 0;
- }
-
--static int
-+int
- gf119_sor_dp_drv_ctl(struct nvkm_output_dp *outp,
- int ln, int vs, int pe, int pc)
- {
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm107.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm107.c
-new file mode 100644
-index 0000000..37790b2
---- /dev/null
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm107.c
-@@ -0,0 +1,53 @@
-+/*
-+ * Copyright 2016 Red Hat Inc.
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the "Software"),
-+ * to deal in the Software without restriction, including without limitation
-+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
-+ * and/or sell copies of the Software, and to permit persons to whom the
-+ * Software is furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice shall be included in
-+ * all copies or substantial portions of the Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-+ * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
-+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-+ * OTHER DEALINGS IN THE SOFTWARE.
-+ *
-+ * Authors: Ben Skeggs <bskeggs@redhat.com>
-+ */
-+#include "nv50.h"
-+#include "outpdp.h"
-+
-+int
-+gm107_sor_dp_pattern(struct nvkm_output_dp *outp, int pattern)
-+{
-+ struct nvkm_device *device = outp->base.disp->engine.subdev.device;
-+ const u32 soff = outp->base.or * 0x800;
-+ const u32 data = 0x01010101 * pattern;
-+ if (outp->base.info.sorconf.link & 1)
-+ nvkm_mask(device, 0x61c110 + soff, 0x0f0f0f0f, data);
-+ else
-+ nvkm_mask(device, 0x61c12c + soff, 0x0f0f0f0f, data);
-+ return 0;
-+}
-+
-+static const struct nvkm_output_dp_func
-+gm107_sor_dp_func = {
-+ .pattern = gm107_sor_dp_pattern,
-+ .lnk_pwr = g94_sor_dp_lnk_pwr,
-+ .lnk_ctl = gf119_sor_dp_lnk_ctl,
-+ .drv_ctl = gf119_sor_dp_drv_ctl,
-+};
-+
-+int
-+gm107_sor_dp_new(struct nvkm_disp *disp, int index,
-+ struct dcb_output *dcbE, struct nvkm_output **poutp)
-+{
-+ return nvkm_output_dp_new_(&gm107_sor_dp_func, disp, index, dcbE, poutp);
-+}
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm200.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm200.c
-index 2cfbef9..c44fa7e 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm200.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgm200.c
-@@ -57,19 +57,6 @@ gm200_sor_dp_lane_map(struct nvkm_device *device, u8 lane)
- }
-
- static int
--gm200_sor_dp_pattern(struct nvkm_output_dp *outp, int pattern)
--{
-- struct nvkm_device *device = outp->base.disp->engine.subdev.device;
-- const u32 soff = gm200_sor_soff(outp);
-- const u32 data = 0x01010101 * pattern;
-- if (outp->base.info.sorconf.link & 1)
-- nvkm_mask(device, 0x61c110 + soff, 0x0f0f0f0f, data);
-- else
-- nvkm_mask(device, 0x61c12c + soff, 0x0f0f0f0f, data);
-- return 0;
--}
--
--static int
- gm200_sor_dp_lnk_pwr(struct nvkm_output_dp *outp, int nr)
- {
- struct nvkm_device *device = outp->base.disp->engine.subdev.device;
-@@ -129,7 +116,7 @@ gm200_sor_dp_drv_ctl(struct nvkm_output_dp *outp,
-
- static const struct nvkm_output_dp_func
- gm200_sor_dp_func = {
-- .pattern = gm200_sor_dp_pattern,
-+ .pattern = gm107_sor_dp_pattern,
- .lnk_pwr = gm200_sor_dp_lnk_pwr,
- .lnk_ctl = gf119_sor_dp_lnk_ctl,
- .drv_ctl = gm200_sor_dp_drv_ctl,
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-index b2de290..b0c7216 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
-@@ -942,22 +942,41 @@ gf100_gr_trap_gpc_rop(struct gf100_gr *gr, int gpc)
- }
-
- static const struct nvkm_enum gf100_mp_warp_error[] = {
-- { 0x00, "NO_ERROR" },
-- { 0x01, "STACK_MISMATCH" },
-+ { 0x01, "STACK_ERROR" },
-+ { 0x02, "API_STACK_ERROR" },
-+ { 0x03, "RET_EMPTY_STACK_ERROR" },
-+ { 0x04, "PC_WRAP" },
- { 0x05, "MISALIGNED_PC" },
-- { 0x08, "MISALIGNED_GPR" },
-- { 0x09, "INVALID_OPCODE" },
-- { 0x0d, "GPR_OUT_OF_BOUNDS" },
-- { 0x0e, "MEM_OUT_OF_BOUNDS" },
-- { 0x0f, "UNALIGNED_MEM_ACCESS" },
-+ { 0x06, "PC_OVERFLOW" },
-+ { 0x07, "MISALIGNED_IMMC_ADDR" },
-+ { 0x08, "MISALIGNED_REG" },
-+ { 0x09, "ILLEGAL_INSTR_ENCODING" },
-+ { 0x0a, "ILLEGAL_SPH_INSTR_COMBO" },
-+ { 0x0b, "ILLEGAL_INSTR_PARAM" },
-+ { 0x0c, "INVALID_CONST_ADDR" },
-+ { 0x0d, "OOR_REG" },
-+ { 0x0e, "OOR_ADDR" },
-+ { 0x0f, "MISALIGNED_ADDR" },
- { 0x10, "INVALID_ADDR_SPACE" },
-- { 0x11, "INVALID_PARAM" },
-+ { 0x11, "ILLEGAL_INSTR_PARAM2" },
-+ { 0x12, "INVALID_CONST_ADDR_LDC" },
-+ { 0x13, "GEOMETRY_SM_ERROR" },
-+ { 0x14, "DIVERGENT" },
-+ { 0x15, "WARP_EXIT" },
- {}
- };
-
- static const struct nvkm_bitfield gf100_mp_global_error[] = {
-+ { 0x00000001, "SM_TO_SM_FAULT" },
-+ { 0x00000002, "L1_ERROR" },
- { 0x00000004, "MULTIPLE_WARP_ERRORS" },
-- { 0x00000008, "OUT_OF_STACK_SPACE" },
-+ { 0x00000008, "PHYSICAL_STACK_OVERFLOW" },
-+ { 0x00000010, "BPT_INT" },
-+ { 0x00000020, "BPT_PAUSE" },
-+ { 0x00000040, "SINGLE_STEP_COMPLETE" },
-+ { 0x20000000, "ECC_SEC_ERROR" },
-+ { 0x40000000, "ECC_DED_ERROR" },
-+ { 0x80000000, "TIMEOUT" },
- {}
- };
-
-diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/disp.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/disp.c
-index a5e9213..9efb1b4 100644
---- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/disp.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/disp.c
-@@ -141,7 +141,8 @@ nvbios_ocfg_parse(struct nvkm_bios *bios, u16 outp, u8 idx,
- {
- u16 data = nvbios_ocfg_entry(bios, outp, idx, ver, hdr, cnt, len);
- if (data) {
-- info->match = nvbios_rd16(bios, data + 0x00);
-+ info->proto = nvbios_rd08(bios, data + 0x00);
-+ info->flags = nvbios_rd16(bios, data + 0x01);
- info->clkcmp[0] = nvbios_rd16(bios, data + 0x02);
- info->clkcmp[1] = nvbios_rd16(bios, data + 0x04);
- }
-@@ -149,12 +150,13 @@ nvbios_ocfg_parse(struct nvkm_bios *bios, u16 outp, u8 idx,
- }
-
- u16
--nvbios_ocfg_match(struct nvkm_bios *bios, u16 outp, u16 type,
-+nvbios_ocfg_match(struct nvkm_bios *bios, u16 outp, u8 proto, u8 flags,
- u8 *ver, u8 *hdr, u8 *cnt, u8 *len, struct nvbios_ocfg *info)
- {
- u16 data, idx = 0;
- while ((data = nvbios_ocfg_parse(bios, outp, idx++, ver, hdr, cnt, len, info))) {
-- if (info->match == type)
-+ if ((info->proto == proto || info->proto == 0xff) &&
-+ (info->flags == flags))
- break;
- }
- return data;
-diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm107.c b/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm107.c
-index e292f56..389fb13 100644
---- a/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm107.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm107.c
-@@ -69,11 +69,11 @@ gm107_ltc_zbc_clear_depth(struct nvkm_ltc *ltc, int i, const u32 depth)
- }
-
- static void
--gm107_ltc_lts_isr(struct nvkm_ltc *ltc, int c, int s)
-+gm107_ltc_intr_lts(struct nvkm_ltc *ltc, int c, int s)
- {
- struct nvkm_subdev *subdev = &ltc->subdev;
- struct nvkm_device *device = subdev->device;
-- u32 base = 0x140000 + (c * 0x2000) + (s * 0x200);
-+ u32 base = 0x140400 + (c * 0x2000) + (s * 0x200);
- u32 stat = nvkm_rd32(device, base + 0x00c);
-
- if (stat) {
-@@ -92,7 +92,7 @@ gm107_ltc_intr(struct nvkm_ltc *ltc)
- while (mask) {
- u32 s, c = __ffs(mask);
- for (s = 0; s < ltc->lts_nr; s++)
-- gm107_ltc_lts_isr(ltc, c, s);
-+ gm107_ltc_intr_lts(ltc, c, s);
- mask &= ~(1 << c);
- }
- }
-diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm200.c b/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm200.c
-index 2a29bfd..e18e0dc 100644
---- a/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm200.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/ltc/gm200.c
-@@ -46,7 +46,7 @@ static const struct nvkm_ltc_func
- gm200_ltc = {
- .oneinit = gm200_ltc_oneinit,
- .init = gm200_ltc_init,
-- .intr = gm107_ltc_intr, /*XXX: not validated */
-+ .intr = gm107_ltc_intr,
- .cbc_clear = gm107_ltc_cbc_clear,
- .cbc_wait = gm107_ltc_cbc_wait,
- .zbc = 16,
-diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index d0826fb..cb29868 100644
---- a/drivers/gpu/drm/radeon/radeon_device.c
-+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -630,6 +630,23 @@ void radeon_gtt_location(struct radeon_device *rdev, struct radeon_mc *mc)
- /*
- * GPU helpers function.
- */
-+
-+/**
-+ * radeon_device_is_virtual - check if we are running is a virtual environment
-+ *
-+ * Check if the asic has been passed through to a VM (all asics).
-+ * Used at driver startup.
-+ * Returns true if virtual or false if not.
-+ */
-+static bool radeon_device_is_virtual(void)
-+{
-+#ifdef CONFIG_X86
-+ return boot_cpu_has(X86_FEATURE_HYPERVISOR);
-+#else
-+ return false;
-+#endif
-+}
-+
- /**
- * radeon_card_posted - check if the hw has already been initialized
- *
-@@ -643,6 +660,10 @@ bool radeon_card_posted(struct radeon_device *rdev)
- {
- uint32_t reg;
-
-+ /* for pass through, always force asic_init */
-+ if (radeon_device_is_virtual())
-+ return false;
-+
- /* required for EFI mode on macbook2,1 which uses an r5xx asic */
- if (efi_enabled(EFI_BOOT) &&
- (rdev->pdev->subsystem_vendor == PCI_VENDOR_ID_APPLE) &&
-diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
-index e3daafa..3e7c9ac 100644
---- a/drivers/gpu/drm/ttm/ttm_bo.c
-+++ b/drivers/gpu/drm/ttm/ttm_bo.c
-@@ -1016,9 +1016,9 @@ out_unlock:
- return ret;
- }
-
--static bool ttm_bo_mem_compat(struct ttm_placement *placement,
-- struct ttm_mem_reg *mem,
-- uint32_t *new_flags)
-+bool ttm_bo_mem_compat(struct ttm_placement *placement,
-+ struct ttm_mem_reg *mem,
-+ uint32_t *new_flags)
- {
- int i;
-
-@@ -1050,6 +1050,7 @@ static bool ttm_bo_mem_compat(struct ttm_placement *placement,
-
- return false;
- }
-+EXPORT_SYMBOL(ttm_bo_mem_compat);
-
- int ttm_bo_validate(struct ttm_buffer_object *bo,
- struct ttm_placement *placement,
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
-index 299925a..eadc981 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
-@@ -49,6 +49,7 @@ int vmw_dmabuf_pin_in_placement(struct vmw_private *dev_priv,
- {
- struct ttm_buffer_object *bo = &buf->base;
- int ret;
-+ uint32_t new_flags;
-
- ret = ttm_write_lock(&dev_priv->reservation_sem, interruptible);
- if (unlikely(ret != 0))
-@@ -60,7 +61,12 @@ int vmw_dmabuf_pin_in_placement(struct vmw_private *dev_priv,
- if (unlikely(ret != 0))
- goto err;
-
-- ret = ttm_bo_validate(bo, placement, interruptible, false);
-+ if (buf->pin_count > 0)
-+ ret = ttm_bo_mem_compat(placement, &bo->mem,
-+ &new_flags) == true ? 0 : -EINVAL;
-+ else
-+ ret = ttm_bo_validate(bo, placement, interruptible, false);
-+
- if (!ret)
- vmw_bo_pin_reserved(buf, true);
-
-@@ -91,6 +97,7 @@ int vmw_dmabuf_pin_in_vram_or_gmr(struct vmw_private *dev_priv,
- {
- struct ttm_buffer_object *bo = &buf->base;
- int ret;
-+ uint32_t new_flags;
-
- ret = ttm_write_lock(&dev_priv->reservation_sem, interruptible);
- if (unlikely(ret != 0))
-@@ -102,6 +109,12 @@ int vmw_dmabuf_pin_in_vram_or_gmr(struct vmw_private *dev_priv,
- if (unlikely(ret != 0))
- goto err;
-
-+ if (buf->pin_count > 0) {
-+ ret = ttm_bo_mem_compat(&vmw_vram_gmr_placement, &bo->mem,
-+ &new_flags) == true ? 0 : -EINVAL;
-+ goto out_unreserve;
-+ }
-+
- ret = ttm_bo_validate(bo, &vmw_vram_gmr_placement, interruptible,
- false);
- if (likely(ret == 0) || ret == -ERESTARTSYS)
-@@ -161,6 +174,7 @@ int vmw_dmabuf_pin_in_start_of_vram(struct vmw_private *dev_priv,
- struct ttm_placement placement;
- struct ttm_place place;
- int ret = 0;
-+ uint32_t new_flags;
-
- place = vmw_vram_placement.placement[0];
- place.lpfn = bo->num_pages;
-@@ -185,10 +199,15 @@ int vmw_dmabuf_pin_in_start_of_vram(struct vmw_private *dev_priv,
- */
- if (bo->mem.mem_type == TTM_PL_VRAM &&
- bo->mem.start < bo->num_pages &&
-- bo->mem.start > 0)
-+ bo->mem.start > 0 &&
-+ buf->pin_count == 0)
- (void) ttm_bo_validate(bo, &vmw_sys_placement, false, false);
-
-- ret = ttm_bo_validate(bo, &placement, interruptible, false);
-+ if (buf->pin_count > 0)
-+ ret = ttm_bo_mem_compat(&placement, &bo->mem,
-+ &new_flags) == true ? 0 : -EINVAL;
-+ else
-+ ret = ttm_bo_validate(bo, &placement, interruptible, false);
-
- /* For some reason we didn't end up at the start of vram */
- WARN_ON(ret == 0 && bo->offset != 0);
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
-index f2cf923..2a50546 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
-@@ -227,6 +227,7 @@ static int vmw_force_iommu;
- static int vmw_restrict_iommu;
- static int vmw_force_coherent;
- static int vmw_restrict_dma_mask;
-+static int vmw_assume_16bpp;
-
- static int vmw_probe(struct pci_dev *, const struct pci_device_id *);
- static void vmw_master_init(struct vmw_master *);
-@@ -243,6 +244,8 @@ MODULE_PARM_DESC(force_coherent, "Force coherent TTM pages");
- module_param_named(force_coherent, vmw_force_coherent, int, 0600);
- MODULE_PARM_DESC(restrict_dma_mask, "Restrict DMA mask to 44 bits with IOMMU");
- module_param_named(restrict_dma_mask, vmw_restrict_dma_mask, int, 0600);
-+MODULE_PARM_DESC(assume_16bpp, "Assume 16-bpp when filtering modes");
-+module_param_named(assume_16bpp, vmw_assume_16bpp, int, 0600);
-
-
- static void vmw_print_capabilities(uint32_t capabilities)
-@@ -653,6 +656,8 @@ static int vmw_driver_load(struct drm_device *dev, unsigned long chipset)
- dev_priv->vram_start = pci_resource_start(dev->pdev, 1);
- dev_priv->mmio_start = pci_resource_start(dev->pdev, 2);
-
-+ dev_priv->assume_16bpp = !!vmw_assume_16bpp;
-+
- dev_priv->enable_fb = enable_fbdev;
-
- vmw_write(dev_priv, SVGA_REG_ID, SVGA_ID_2);
-@@ -699,6 +704,13 @@ static int vmw_driver_load(struct drm_device *dev, unsigned long chipset)
- vmw_read(dev_priv,
- SVGA_REG_SUGGESTED_GBOBJECT_MEM_SIZE_KB);
-
-+ /*
-+ * Workaround for low memory 2D VMs to compensate for the
-+ * allocation taken by fbdev
-+ */
-+ if (!(dev_priv->capabilities & SVGA_CAP_3D))
-+ mem_size *= 2;
-+
- dev_priv->max_mob_pages = mem_size * 1024 / PAGE_SIZE;
- dev_priv->prim_bb_mem =
- vmw_read(dev_priv,
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-index 6db358a..cab0c54 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-@@ -386,6 +386,7 @@ struct vmw_private {
- spinlock_t hw_lock;
- spinlock_t cap_lock;
- bool has_dx;
-+ bool assume_16bpp;
-
- /*
- * VGA registers.
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
-index 679a4cb..d2d9395 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
-@@ -517,28 +517,6 @@ static int vmw_fb_kms_framebuffer(struct fb_info *info)
-
- par->set_fb = &vfb->base;
-
-- if (!par->bo_ptr) {
-- /*
-- * Pin before mapping. Since we don't know in what placement
-- * to pin, call into KMS to do it for us.
-- */
-- ret = vfb->pin(vfb);
-- if (ret) {
-- DRM_ERROR("Could not pin the fbdev framebuffer.\n");
-- return ret;
-- }
--
-- ret = ttm_bo_kmap(&par->vmw_bo->base, 0,
-- par->vmw_bo->base.num_pages, &par->map);
-- if (ret) {
-- vfb->unpin(vfb);
-- DRM_ERROR("Could not map the fbdev framebuffer.\n");
-- return ret;
-- }
--
-- par->bo_ptr = ttm_kmap_obj_virtual(&par->map, &par->bo_iowrite);
-- }
--
- return 0;
- }
-
-@@ -601,6 +579,31 @@ static int vmw_fb_set_par(struct fb_info *info)
- if (ret)
- goto out_unlock;
-
-+ if (!par->bo_ptr) {
-+ struct vmw_framebuffer *vfb = vmw_framebuffer_to_vfb(set.fb);
-+
-+ /*
-+ * Pin before mapping. Since we don't know in what placement
-+ * to pin, call into KMS to do it for us.
-+ */
-+ ret = vfb->pin(vfb);
-+ if (ret) {
-+ DRM_ERROR("Could not pin the fbdev framebuffer.\n");
-+ goto out_unlock;
-+ }
-+
-+ ret = ttm_bo_kmap(&par->vmw_bo->base, 0,
-+ par->vmw_bo->base.num_pages, &par->map);
-+ if (ret) {
-+ vfb->unpin(vfb);
-+ DRM_ERROR("Could not map the fbdev framebuffer.\n");
-+ goto out_unlock;
-+ }
-+
-+ par->bo_ptr = ttm_kmap_obj_virtual(&par->map, &par->bo_iowrite);
-+ }
-+
-+
- vmw_fb_dirty_mark(par, par->fb_x, par->fb_y,
- par->set_fb->width, par->set_fb->height);
-
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
-index b07543b..6ccd61d 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
-@@ -1553,14 +1553,10 @@ int vmw_du_connector_fill_modes(struct drm_connector *connector,
- DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
- };
- int i;
-- u32 assumed_bpp = 2;
-+ u32 assumed_bpp = 4;
-
-- /*
-- * If using screen objects, then assume 32-bpp because that's what the
-- * SVGA device is assuming
-- */
-- if (dev_priv->active_display_unit == vmw_du_screen_object)
-- assumed_bpp = 4;
-+ if (dev_priv->assume_16bpp)
-+ assumed_bpp = 2;
-
- if (dev_priv->active_display_unit == vmw_du_screen_target) {
- max_width = min(max_width, dev_priv->stdu_max_width);
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c
-index 9ca818f..41932a7 100644
---- a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c
-@@ -399,8 +399,10 @@ static int vmw_stdu_bind_fb(struct vmw_private *dev_priv,
-
- WARN_ON_ONCE(!stdu->defined);
-
-- if (!vfb->dmabuf && new_fb->width == mode->hdisplay &&
-- new_fb->height == mode->vdisplay)
-+ new_vfbs = (vfb->dmabuf) ? NULL : vmw_framebuffer_to_vfbs(new_fb);
-+
-+ if (new_vfbs && new_vfbs->surface->base_size.width == mode->hdisplay &&
-+ new_vfbs->surface->base_size.height == mode->vdisplay)
- new_content_type = SAME_AS_DISPLAY;
- else if (vfb->dmabuf)
- new_content_type = SEPARATE_DMA;
-@@ -444,7 +446,6 @@ static int vmw_stdu_bind_fb(struct vmw_private *dev_priv,
- content_srf.mip_levels[0] = 1;
- content_srf.multisample_count = 0;
- } else {
-- new_vfbs = vmw_framebuffer_to_vfbs(new_fb);
- content_srf = *new_vfbs->surface;
- }
-
-@@ -464,7 +465,6 @@ static int vmw_stdu_bind_fb(struct vmw_private *dev_priv,
- return ret;
- }
- } else if (new_content_type == SAME_AS_DISPLAY) {
-- new_vfbs = vmw_framebuffer_to_vfbs(new_fb);
- new_display_srf = vmw_surface_reference(new_vfbs->surface);
- }
-
-diff --git a/drivers/hid/hid-elo.c b/drivers/hid/hid-elo.c
-index aad8c16..0cd4f72 100644
---- a/drivers/hid/hid-elo.c
-+++ b/drivers/hid/hid-elo.c
-@@ -261,7 +261,7 @@ static void elo_remove(struct hid_device *hdev)
- struct elo_priv *priv = hid_get_drvdata(hdev);
-
- hid_hw_stop(hdev);
-- flush_workqueue(wq);
-+ cancel_delayed_work_sync(&priv->work);
- kfree(priv);
- }
-
-diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
-index c741f5e..0088979 100644
---- a/drivers/hid/hid-multitouch.c
-+++ b/drivers/hid/hid-multitouch.c
-@@ -61,6 +61,7 @@ MODULE_LICENSE("GPL");
- #define MT_QUIRK_ALWAYS_VALID (1 << 4)
- #define MT_QUIRK_VALID_IS_INRANGE (1 << 5)
- #define MT_QUIRK_VALID_IS_CONFIDENCE (1 << 6)
-+#define MT_QUIRK_CONFIDENCE (1 << 7)
- #define MT_QUIRK_SLOT_IS_CONTACTID_MINUS_ONE (1 << 8)
- #define MT_QUIRK_NO_AREA (1 << 9)
- #define MT_QUIRK_IGNORE_DUPLICATES (1 << 10)
-@@ -78,6 +79,7 @@ struct mt_slot {
- __s32 contactid; /* the device ContactID assigned to this slot */
- bool touch_state; /* is the touch valid? */
- bool inrange_state; /* is the finger in proximity of the sensor? */
-+ bool confidence_state; /* is the touch made by a finger? */
- };
-
- struct mt_class {
-@@ -503,10 +505,8 @@ static int mt_touch_input_mapping(struct hid_device *hdev, struct hid_input *hi,
- return 1;
- case HID_DG_CONFIDENCE:
- if (cls->name == MT_CLS_WIN_8 &&
-- field->application == HID_DG_TOUCHPAD) {
-- cls->quirks &= ~MT_QUIRK_ALWAYS_VALID;
-- cls->quirks |= MT_QUIRK_VALID_IS_CONFIDENCE;
-- }
-+ field->application == HID_DG_TOUCHPAD)
-+ cls->quirks |= MT_QUIRK_CONFIDENCE;
- mt_store_field(usage, td, hi);
- return 1;
- case HID_DG_TIPSWITCH:
-@@ -619,6 +619,7 @@ static void mt_complete_slot(struct mt_device *td, struct input_dev *input)
- return;
-
- if (td->curvalid || (td->mtclass.quirks & MT_QUIRK_ALWAYS_VALID)) {
-+ int active;
- int slotnum = mt_compute_slot(td, input);
- struct mt_slot *s = &td->curdata;
- struct input_mt *mt = input->mt;
-@@ -633,10 +634,14 @@ static void mt_complete_slot(struct mt_device *td, struct input_dev *input)
- return;
- }
-
-+ if (!(td->mtclass.quirks & MT_QUIRK_CONFIDENCE))
-+ s->confidence_state = 1;
-+ active = (s->touch_state || s->inrange_state) &&
-+ s->confidence_state;
-+
- input_mt_slot(input, slotnum);
-- input_mt_report_slot_state(input, MT_TOOL_FINGER,
-- s->touch_state || s->inrange_state);
-- if (s->touch_state || s->inrange_state) {
-+ input_mt_report_slot_state(input, MT_TOOL_FINGER, active);
-+ if (active) {
- /* this finger is in proximity of the sensor */
- int wide = (s->w > s->h);
- /* divided by two to match visual scale of touch */
-@@ -701,6 +706,8 @@ static void mt_process_mt_event(struct hid_device *hid, struct hid_field *field,
- td->curdata.touch_state = value;
- break;
- case HID_DG_CONFIDENCE:
-+ if (quirks & MT_QUIRK_CONFIDENCE)
-+ td->curdata.confidence_state = value;
- if (quirks & MT_QUIRK_VALID_IS_CONFIDENCE)
- td->curvalid = value;
- break;
-diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
-index 2f1ddca..700145b 100644
---- a/drivers/hid/usbhid/hiddev.c
-+++ b/drivers/hid/usbhid/hiddev.c
-@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
- goto inval;
- } else if (uref->usage_index >= field->report_count)
- goto inval;
--
-- else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
-- (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
-- uref->usage_index + uref_multi->num_values > field->report_count))
-- goto inval;
- }
-
-+ if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
-+ (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
-+ uref->usage_index + uref_multi->num_values > field->report_count))
-+ goto inval;
-+
- switch (cmd) {
- case HIDIOCGUSAGE:
- uref->value = field->value[uref->usage_index];
-diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
-index c43318d..a9356a3 100644
---- a/drivers/hwmon/dell-smm-hwmon.c
-+++ b/drivers/hwmon/dell-smm-hwmon.c
-@@ -66,11 +66,13 @@
-
- static DEFINE_MUTEX(i8k_mutex);
- static char bios_version[4];
-+static char bios_machineid[16];
- static struct device *i8k_hwmon_dev;
- static u32 i8k_hwmon_flags;
- static uint i8k_fan_mult = I8K_FAN_MULT;
- static uint i8k_pwm_mult;
- static uint i8k_fan_max = I8K_FAN_HIGH;
-+static bool disallow_fan_type_call;
-
- #define I8K_HWMON_HAVE_TEMP1 (1 << 0)
- #define I8K_HWMON_HAVE_TEMP2 (1 << 1)
-@@ -94,13 +96,13 @@ module_param(ignore_dmi, bool, 0);
- MODULE_PARM_DESC(ignore_dmi, "Continue probing hardware even if DMI data does not match");
-
- #if IS_ENABLED(CONFIG_I8K)
--static bool restricted;
-+static bool restricted = true;
- module_param(restricted, bool, 0);
--MODULE_PARM_DESC(restricted, "Allow fan control if SYS_ADMIN capability set");
-+MODULE_PARM_DESC(restricted, "Restrict fan control and serial number to CAP_SYS_ADMIN (default: 1)");
-
- static bool power_status;
- module_param(power_status, bool, 0600);
--MODULE_PARM_DESC(power_status, "Report power status in /proc/i8k");
-+MODULE_PARM_DESC(power_status, "Report power status in /proc/i8k (default: 0)");
- #endif
-
- static uint fan_mult;
-@@ -235,14 +237,28 @@ static int i8k_get_fan_speed(int fan)
- /*
- * Read the fan type.
- */
--static int i8k_get_fan_type(int fan)
-+static int _i8k_get_fan_type(int fan)
- {
- struct smm_regs regs = { .eax = I8K_SMM_GET_FAN_TYPE, };
-
-+ if (disallow_fan_type_call)
-+ return -EINVAL;
-+
- regs.ebx = fan & 0xff;
- return i8k_smm(&regs) ? : regs.eax & 0xff;
- }
-
-+static int i8k_get_fan_type(int fan)
-+{
-+ /* I8K_SMM_GET_FAN_TYPE SMM call is expensive, so cache values */
-+ static int types[2] = { INT_MIN, INT_MIN };
-+
-+ if (types[fan] == INT_MIN)
-+ types[fan] = _i8k_get_fan_type(fan);
-+
-+ return types[fan];
-+}
-+
- /*
- * Read the fan nominal rpm for specific fan speed.
- */
-@@ -392,9 +408,11 @@ i8k_ioctl_unlocked(struct file *fp, unsigned int cmd, unsigned long arg)
- break;
-
- case I8K_MACHINE_ID:
-- memset(buff, 0, 16);
-- strlcpy(buff, i8k_get_dmi_data(DMI_PRODUCT_SERIAL),
-- sizeof(buff));
-+ if (restricted && !capable(CAP_SYS_ADMIN))
-+ return -EPERM;
-+
-+ memset(buff, 0, sizeof(buff));
-+ strlcpy(buff, bios_machineid, sizeof(buff));
- break;
-
- case I8K_FN_STATUS:
-@@ -511,7 +529,7 @@ static int i8k_proc_show(struct seq_file *seq, void *offset)
- seq_printf(seq, "%s %s %s %d %d %d %d %d %d %d\n",
- I8K_PROC_FMT,
- bios_version,
-- i8k_get_dmi_data(DMI_PRODUCT_SERIAL),
-+ (restricted && !capable(CAP_SYS_ADMIN)) ? "-1" : bios_machineid,
- cpu_temp,
- left_fan, right_fan, left_speed, right_speed,
- ac_power, fn_key);
-@@ -718,6 +736,9 @@ static struct attribute *i8k_attrs[] = {
- static umode_t i8k_is_visible(struct kobject *kobj, struct attribute *attr,
- int index)
- {
-+ if (disallow_fan_type_call &&
-+ (index == 9 || index == 12))
-+ return 0;
- if (index >= 0 && index <= 1 &&
- !(i8k_hwmon_flags & I8K_HWMON_HAVE_TEMP1))
- return 0;
-@@ -767,13 +788,17 @@ static int __init i8k_init_hwmon(void)
- if (err >= 0)
- i8k_hwmon_flags |= I8K_HWMON_HAVE_TEMP4;
-
-- /* First fan attributes, if fan type is OK */
-- err = i8k_get_fan_type(0);
-+ /* First fan attributes, if fan status or type is OK */
-+ err = i8k_get_fan_status(0);
-+ if (err < 0)
-+ err = i8k_get_fan_type(0);
- if (err >= 0)
- i8k_hwmon_flags |= I8K_HWMON_HAVE_FAN1;
-
-- /* Second fan attributes, if fan type is OK */
-- err = i8k_get_fan_type(1);
-+ /* Second fan attributes, if fan status or type is OK */
-+ err = i8k_get_fan_status(1);
-+ if (err < 0)
-+ err = i8k_get_fan_type(1);
- if (err >= 0)
- i8k_hwmon_flags |= I8K_HWMON_HAVE_FAN2;
-
-@@ -929,12 +954,14 @@ static struct dmi_system_id i8k_dmi_table[] __initdata = {
-
- MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
-
--static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
-+/*
-+ * On some machines once I8K_SMM_GET_FAN_TYPE is issued then CPU fan speed
-+ * randomly going up and down due to bug in Dell SMM or BIOS. Here is blacklist
-+ * of affected Dell machines for which we disallow I8K_SMM_GET_FAN_TYPE call.
-+ * See bug: https://bugzilla.kernel.org/show_bug.cgi?id=100121
-+ */
-+static struct dmi_system_id i8k_blacklist_fan_type_dmi_table[] __initdata = {
- {
-- /*
-- * CPU fan speed going up and down on Dell Studio XPS 8000
-- * for unknown reasons.
-- */
- .ident = "Dell Studio XPS 8000",
- .matches = {
- DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
-@@ -942,16 +969,19 @@ static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
- },
- },
- {
-- /*
-- * CPU fan speed going up and down on Dell Studio XPS 8100
-- * for unknown reasons.
-- */
- .ident = "Dell Studio XPS 8100",
- .matches = {
- DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
- DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Studio XPS 8100"),
- },
- },
-+ {
-+ .ident = "Dell Inspiron 580",
-+ .matches = {
-+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
-+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Inspiron 580 "),
-+ },
-+ },
- { }
- };
-
-@@ -966,8 +996,7 @@ static int __init i8k_probe(void)
- /*
- * Get DMI information
- */
-- if (!dmi_check_system(i8k_dmi_table) ||
-- dmi_check_system(i8k_blacklist_dmi_table)) {
-+ if (!dmi_check_system(i8k_dmi_table)) {
- if (!ignore_dmi && !force)
- return -ENODEV;
-
-@@ -978,8 +1007,13 @@ static int __init i8k_probe(void)
- i8k_get_dmi_data(DMI_BIOS_VERSION));
- }
-
-+ if (dmi_check_system(i8k_blacklist_fan_type_dmi_table))
-+ disallow_fan_type_call = true;
-+
- strlcpy(bios_version, i8k_get_dmi_data(DMI_BIOS_VERSION),
- sizeof(bios_version));
-+ strlcpy(bios_machineid, i8k_get_dmi_data(DMI_PRODUCT_SERIAL),
-+ sizeof(bios_machineid));
-
- /*
- * Get SMM Dell signature
-diff --git a/drivers/iio/accel/kxsd9.c b/drivers/iio/accel/kxsd9.c
-index 923f565..3a9f106 100644
---- a/drivers/iio/accel/kxsd9.c
-+++ b/drivers/iio/accel/kxsd9.c
-@@ -81,7 +81,7 @@ static int kxsd9_write_scale(struct iio_dev *indio_dev, int micro)
-
- mutex_lock(&st->buf_lock);
- ret = spi_w8r8(st->us, KXSD9_READ(KXSD9_REG_CTRL_C));
-- if (ret)
-+ if (ret < 0)
- goto error_ret;
- st->tx[0] = KXSD9_WRITE(KXSD9_REG_CTRL_C);
- st->tx[1] = (ret & ~KXSD9_FS_MASK) | i;
-@@ -163,7 +163,7 @@ static int kxsd9_read_raw(struct iio_dev *indio_dev,
- break;
- case IIO_CHAN_INFO_SCALE:
- ret = spi_w8r8(st->us, KXSD9_READ(KXSD9_REG_CTRL_C));
-- if (ret)
-+ if (ret < 0)
- goto error_ret;
- *val2 = kxsd9_micro_scales[ret & KXSD9_FS_MASK];
- ret = IIO_VAL_INT_PLUS_MICRO;
-diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c
-index 21e19b6..2123f0a 100644
---- a/drivers/iio/adc/ad7266.c
-+++ b/drivers/iio/adc/ad7266.c
-@@ -396,8 +396,8 @@ static int ad7266_probe(struct spi_device *spi)
-
- st = iio_priv(indio_dev);
-
-- st->reg = devm_regulator_get(&spi->dev, "vref");
-- if (!IS_ERR_OR_NULL(st->reg)) {
-+ st->reg = devm_regulator_get_optional(&spi->dev, "vref");
-+ if (!IS_ERR(st->reg)) {
- ret = regulator_enable(st->reg);
- if (ret)
- return ret;
-@@ -408,6 +408,9 @@ static int ad7266_probe(struct spi_device *spi)
-
- st->vref_mv = ret / 1000;
- } else {
-+ /* Any other error indicates that the regulator does exist */
-+ if (PTR_ERR(st->reg) != -ENODEV)
-+ return PTR_ERR(st->reg);
- /* Use internal reference */
- st->vref_mv = 2500;
- }
-diff --git a/drivers/iio/humidity/hdc100x.c b/drivers/iio/humidity/hdc100x.c
-index fa47676..a03832a 100644
---- a/drivers/iio/humidity/hdc100x.c
-+++ b/drivers/iio/humidity/hdc100x.c
-@@ -55,7 +55,7 @@ static const struct {
- },
- { /* IIO_HUMIDITYRELATIVE channel */
- .shift = 8,
-- .mask = 2,
-+ .mask = 3,
- },
- };
-
-@@ -164,14 +164,14 @@ static int hdc100x_get_measurement(struct hdc100x_data *data,
- dev_err(&client->dev, "cannot read high byte measurement");
- return ret;
- }
-- val = ret << 6;
-+ val = ret << 8;
-
- ret = i2c_smbus_read_byte(client);
- if (ret < 0) {
- dev_err(&client->dev, "cannot read low byte measurement");
- return ret;
- }
-- val |= ret >> 2;
-+ val |= ret;
-
- return val;
- }
-@@ -211,18 +211,18 @@ static int hdc100x_read_raw(struct iio_dev *indio_dev,
- return IIO_VAL_INT_PLUS_MICRO;
- case IIO_CHAN_INFO_SCALE:
- if (chan->type == IIO_TEMP) {
-- *val = 165;
-- *val2 = 65536 >> 2;
-+ *val = 165000;
-+ *val2 = 65536;
- return IIO_VAL_FRACTIONAL;
- } else {
-- *val = 0;
-- *val2 = 10000;
-- return IIO_VAL_INT_PLUS_MICRO;
-+ *val = 100;
-+ *val2 = 65536;
-+ return IIO_VAL_FRACTIONAL;
- }
- break;
- case IIO_CHAN_INFO_OFFSET:
-- *val = -3971;
-- *val2 = 879096;
-+ *val = -15887;
-+ *val2 = 515151;
- return IIO_VAL_INT_PLUS_MICRO;
- default:
- return -EINVAL;
-diff --git a/drivers/iio/industrialio-trigger.c b/drivers/iio/industrialio-trigger.c
-index ae2806a..0c52dfe 100644
---- a/drivers/iio/industrialio-trigger.c
-+++ b/drivers/iio/industrialio-trigger.c
-@@ -210,22 +210,35 @@ static int iio_trigger_attach_poll_func(struct iio_trigger *trig,
-
- /* Prevent the module from being removed whilst attached to a trigger */
- __module_get(pf->indio_dev->info->driver_module);
-+
-+ /* Get irq number */
- pf->irq = iio_trigger_get_irq(trig);
-+ if (pf->irq < 0)
-+ goto out_put_module;
-+
-+ /* Request irq */
- ret = request_threaded_irq(pf->irq, pf->h, pf->thread,
- pf->type, pf->name,
- pf);
-- if (ret < 0) {
-- module_put(pf->indio_dev->info->driver_module);
-- return ret;
-- }
-+ if (ret < 0)
-+ goto out_put_irq;
-
-+ /* Enable trigger in driver */
- if (trig->ops && trig->ops->set_trigger_state && notinuse) {
- ret = trig->ops->set_trigger_state(trig, true);
- if (ret < 0)
-- module_put(pf->indio_dev->info->driver_module);
-+ goto out_free_irq;
- }
-
- return ret;
-+
-+out_free_irq:
-+ free_irq(pf->irq, pf);
-+out_put_irq:
-+ iio_trigger_put_irq(trig, pf->irq);
-+out_put_module:
-+ module_put(pf->indio_dev->info->driver_module);
-+ return ret;
- }
-
- static int iio_trigger_detach_poll_func(struct iio_trigger *trig,
-diff --git a/drivers/iio/light/apds9960.c b/drivers/iio/light/apds9960.c
-index a6af56a..6443aad 100644
---- a/drivers/iio/light/apds9960.c
-+++ b/drivers/iio/light/apds9960.c
-@@ -1006,6 +1006,7 @@ static int apds9960_probe(struct i2c_client *client,
-
- iio_device_attach_buffer(indio_dev, buffer);
-
-+ indio_dev->dev.parent = &client->dev;
- indio_dev->info = &apds9960_info;
- indio_dev->name = APDS9960_DRV_NAME;
- indio_dev->channels = apds9960_channels;
-diff --git a/drivers/iio/pressure/st_pressure_core.c b/drivers/iio/pressure/st_pressure_core.c
-index 172393a..d3ca320 100644
---- a/drivers/iio/pressure/st_pressure_core.c
-+++ b/drivers/iio/pressure/st_pressure_core.c
-@@ -28,15 +28,21 @@
- #include <linux/iio/common/st_sensors.h>
- #include "st_pressure.h"
-
-+#define MCELSIUS_PER_CELSIUS 1000
-+
-+/* Default pressure sensitivity */
- #define ST_PRESS_LSB_PER_MBAR 4096UL
- #define ST_PRESS_KPASCAL_NANO_SCALE (100000000UL / \
- ST_PRESS_LSB_PER_MBAR)
-+
-+/* Default temperature sensitivity */
- #define ST_PRESS_LSB_PER_CELSIUS 480UL
--#define ST_PRESS_CELSIUS_NANO_SCALE (1000000000UL / \
-- ST_PRESS_LSB_PER_CELSIUS)
-+#define ST_PRESS_MILLI_CELSIUS_OFFSET 42500UL
-+
- #define ST_PRESS_NUMBER_DATA_CHANNELS 1
-
- /* FULLSCALE */
-+#define ST_PRESS_FS_AVL_1100MB 1100
- #define ST_PRESS_FS_AVL_1260MB 1260
-
- #define ST_PRESS_1_OUT_XL_ADDR 0x28
-@@ -54,9 +60,6 @@
- #define ST_PRESS_LPS331AP_PW_MASK 0x80
- #define ST_PRESS_LPS331AP_FS_ADDR 0x23
- #define ST_PRESS_LPS331AP_FS_MASK 0x30
--#define ST_PRESS_LPS331AP_FS_AVL_1260_VAL 0x00
--#define ST_PRESS_LPS331AP_FS_AVL_1260_GAIN ST_PRESS_KPASCAL_NANO_SCALE
--#define ST_PRESS_LPS331AP_FS_AVL_TEMP_GAIN ST_PRESS_CELSIUS_NANO_SCALE
- #define ST_PRESS_LPS331AP_BDU_ADDR 0x20
- #define ST_PRESS_LPS331AP_BDU_MASK 0x04
- #define ST_PRESS_LPS331AP_DRDY_IRQ_ADDR 0x22
-@@ -65,9 +68,14 @@
- #define ST_PRESS_LPS331AP_IHL_IRQ_ADDR 0x22
- #define ST_PRESS_LPS331AP_IHL_IRQ_MASK 0x80
- #define ST_PRESS_LPS331AP_MULTIREAD_BIT true
--#define ST_PRESS_LPS331AP_TEMP_OFFSET 42500
-
- /* CUSTOM VALUES FOR LPS001WP SENSOR */
-+
-+/* LPS001WP pressure resolution */
-+#define ST_PRESS_LPS001WP_LSB_PER_MBAR 16UL
-+/* LPS001WP temperature resolution */
-+#define ST_PRESS_LPS001WP_LSB_PER_CELSIUS 64UL
-+
- #define ST_PRESS_LPS001WP_WAI_EXP 0xba
- #define ST_PRESS_LPS001WP_ODR_ADDR 0x20
- #define ST_PRESS_LPS001WP_ODR_MASK 0x30
-@@ -76,6 +84,8 @@
- #define ST_PRESS_LPS001WP_ODR_AVL_13HZ_VAL 0x03
- #define ST_PRESS_LPS001WP_PW_ADDR 0x20
- #define ST_PRESS_LPS001WP_PW_MASK 0x40
-+#define ST_PRESS_LPS001WP_FS_AVL_PRESS_GAIN \
-+ (100000000UL / ST_PRESS_LPS001WP_LSB_PER_MBAR)
- #define ST_PRESS_LPS001WP_BDU_ADDR 0x20
- #define ST_PRESS_LPS001WP_BDU_MASK 0x04
- #define ST_PRESS_LPS001WP_MULTIREAD_BIT true
-@@ -92,11 +102,6 @@
- #define ST_PRESS_LPS25H_ODR_AVL_25HZ_VAL 0x04
- #define ST_PRESS_LPS25H_PW_ADDR 0x20
- #define ST_PRESS_LPS25H_PW_MASK 0x80
--#define ST_PRESS_LPS25H_FS_ADDR 0x00
--#define ST_PRESS_LPS25H_FS_MASK 0x00
--#define ST_PRESS_LPS25H_FS_AVL_1260_VAL 0x00
--#define ST_PRESS_LPS25H_FS_AVL_1260_GAIN ST_PRESS_KPASCAL_NANO_SCALE
--#define ST_PRESS_LPS25H_FS_AVL_TEMP_GAIN ST_PRESS_CELSIUS_NANO_SCALE
- #define ST_PRESS_LPS25H_BDU_ADDR 0x20
- #define ST_PRESS_LPS25H_BDU_MASK 0x04
- #define ST_PRESS_LPS25H_DRDY_IRQ_ADDR 0x23
-@@ -105,7 +110,6 @@
- #define ST_PRESS_LPS25H_IHL_IRQ_ADDR 0x22
- #define ST_PRESS_LPS25H_IHL_IRQ_MASK 0x80
- #define ST_PRESS_LPS25H_MULTIREAD_BIT true
--#define ST_PRESS_LPS25H_TEMP_OFFSET 42500
- #define ST_PRESS_LPS25H_OUT_XL_ADDR 0x28
- #define ST_TEMP_LPS25H_OUT_L_ADDR 0x2b
-
-@@ -157,7 +161,9 @@ static const struct iio_chan_spec st_press_lps001wp_channels[] = {
- .storagebits = 16,
- .endianness = IIO_LE,
- },
-- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
-+ .info_mask_separate =
-+ BIT(IIO_CHAN_INFO_RAW) |
-+ BIT(IIO_CHAN_INFO_SCALE),
- .modified = 0,
- },
- {
-@@ -173,7 +179,7 @@ static const struct iio_chan_spec st_press_lps001wp_channels[] = {
- },
- .info_mask_separate =
- BIT(IIO_CHAN_INFO_RAW) |
-- BIT(IIO_CHAN_INFO_OFFSET),
-+ BIT(IIO_CHAN_INFO_SCALE),
- .modified = 0,
- },
- IIO_CHAN_SOFT_TIMESTAMP(1)
-@@ -208,11 +214,14 @@ static const struct st_sensor_settings st_press_sensors_settings[] = {
- .addr = ST_PRESS_LPS331AP_FS_ADDR,
- .mask = ST_PRESS_LPS331AP_FS_MASK,
- .fs_avl = {
-+ /*
-+ * Pressure and temperature sensitivity values
-+ * as defined in table 3 of LPS331AP datasheet.
-+ */
- [0] = {
- .num = ST_PRESS_FS_AVL_1260MB,
-- .value = ST_PRESS_LPS331AP_FS_AVL_1260_VAL,
-- .gain = ST_PRESS_LPS331AP_FS_AVL_1260_GAIN,
-- .gain2 = ST_PRESS_LPS331AP_FS_AVL_TEMP_GAIN,
-+ .gain = ST_PRESS_KPASCAL_NANO_SCALE,
-+ .gain2 = ST_PRESS_LSB_PER_CELSIUS,
- },
- },
- },
-@@ -254,7 +263,17 @@ static const struct st_sensor_settings st_press_sensors_settings[] = {
- .value_off = ST_SENSORS_DEFAULT_POWER_OFF_VALUE,
- },
- .fs = {
-- .addr = 0,
-+ .fs_avl = {
-+ /*
-+ * Pressure and temperature resolution values
-+ * as defined in table 3 of LPS001WP datasheet.
-+ */
-+ [0] = {
-+ .num = ST_PRESS_FS_AVL_1100MB,
-+ .gain = ST_PRESS_LPS001WP_FS_AVL_PRESS_GAIN,
-+ .gain2 = ST_PRESS_LPS001WP_LSB_PER_CELSIUS,
-+ },
-+ },
- },
- .bdu = {
- .addr = ST_PRESS_LPS001WP_BDU_ADDR,
-@@ -291,14 +310,15 @@ static const struct st_sensor_settings st_press_sensors_settings[] = {
- .value_off = ST_SENSORS_DEFAULT_POWER_OFF_VALUE,
- },
- .fs = {
-- .addr = ST_PRESS_LPS25H_FS_ADDR,
-- .mask = ST_PRESS_LPS25H_FS_MASK,
- .fs_avl = {
-+ /*
-+ * Pressure and temperature sensitivity values
-+ * as defined in table 3 of LPS25H datasheet.
-+ */
- [0] = {
- .num = ST_PRESS_FS_AVL_1260MB,
-- .value = ST_PRESS_LPS25H_FS_AVL_1260_VAL,
-- .gain = ST_PRESS_LPS25H_FS_AVL_1260_GAIN,
-- .gain2 = ST_PRESS_LPS25H_FS_AVL_TEMP_GAIN,
-+ .gain = ST_PRESS_KPASCAL_NANO_SCALE,
-+ .gain2 = ST_PRESS_LSB_PER_CELSIUS,
- },
- },
- },
-@@ -354,26 +374,26 @@ static int st_press_read_raw(struct iio_dev *indio_dev,
-
- return IIO_VAL_INT;
- case IIO_CHAN_INFO_SCALE:
-- *val = 0;
--
- switch (ch->type) {
- case IIO_PRESSURE:
-+ *val = 0;
- *val2 = press_data->current_fullscale->gain;
-- break;
-+ return IIO_VAL_INT_PLUS_NANO;
- case IIO_TEMP:
-+ *val = MCELSIUS_PER_CELSIUS;
- *val2 = press_data->current_fullscale->gain2;
-- break;
-+ return IIO_VAL_FRACTIONAL;
- default:
- err = -EINVAL;
- goto read_error;
- }
-
-- return IIO_VAL_INT_PLUS_NANO;
- case IIO_CHAN_INFO_OFFSET:
- switch (ch->type) {
- case IIO_TEMP:
-- *val = 425;
-- *val2 = 10;
-+ *val = ST_PRESS_MILLI_CELSIUS_OFFSET *
-+ press_data->current_fullscale->gain2;
-+ *val2 = MCELSIUS_PER_CELSIUS;
- break;
- default:
- err = -EINVAL;
-diff --git a/drivers/iio/proximity/as3935.c b/drivers/iio/proximity/as3935.c
-index f4d29d5..e2f926c 100644
---- a/drivers/iio/proximity/as3935.c
-+++ b/drivers/iio/proximity/as3935.c
-@@ -64,6 +64,7 @@ struct as3935_state {
- struct delayed_work work;
-
- u32 tune_cap;
-+ u8 buffer[16]; /* 8-bit data + 56-bit padding + 64-bit timestamp */
- u8 buf[2] ____cacheline_aligned;
- };
-
-@@ -72,7 +73,8 @@ static const struct iio_chan_spec as3935_channels[] = {
- .type = IIO_PROXIMITY,
- .info_mask_separate =
- BIT(IIO_CHAN_INFO_RAW) |
-- BIT(IIO_CHAN_INFO_PROCESSED),
-+ BIT(IIO_CHAN_INFO_PROCESSED) |
-+ BIT(IIO_CHAN_INFO_SCALE),
- .scan_index = 0,
- .scan_type = {
- .sign = 'u',
-@@ -181,7 +183,12 @@ static int as3935_read_raw(struct iio_dev *indio_dev,
- /* storm out of range */
- if (*val == AS3935_DATA_MASK)
- return -EINVAL;
-- *val *= 1000;
-+
-+ if (m == IIO_CHAN_INFO_PROCESSED)
-+ *val *= 1000;
-+ break;
-+ case IIO_CHAN_INFO_SCALE:
-+ *val = 1000;
- break;
- default:
- return -EINVAL;
-@@ -206,10 +213,10 @@ static irqreturn_t as3935_trigger_handler(int irq, void *private)
- ret = as3935_read(st, AS3935_DATA, &val);
- if (ret)
- goto err_read;
-- val &= AS3935_DATA_MASK;
-- val *= 1000;
-
-- iio_push_to_buffers_with_timestamp(indio_dev, &val, pf->timestamp);
-+ st->buffer[0] = val & AS3935_DATA_MASK;
-+ iio_push_to_buffers_with_timestamp(indio_dev, &st->buffer,
-+ pf->timestamp);
- err_read:
- iio_trigger_notify_done(indio_dev->trig);
-
-diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
-index 1d92e09..c995255 100644
---- a/drivers/infiniband/core/cm.c
-+++ b/drivers/infiniband/core/cm.c
-@@ -3452,14 +3452,14 @@ static int cm_establish(struct ib_cm_id *cm_id)
- work->cm_event.event = IB_CM_USER_ESTABLISHED;
-
- /* Check if the device started its remove_one */
-- spin_lock_irq(&cm.lock);
-+ spin_lock_irqsave(&cm.lock, flags);
- if (!cm_dev->going_down) {
- queue_delayed_work(cm.wq, &work->work, 0);
- } else {
- kfree(work);
- ret = -ENODEV;
- }
-- spin_unlock_irq(&cm.lock);
-+ spin_unlock_irqrestore(&cm.lock, flags);
-
- out:
- return ret;
-diff --git a/drivers/infiniband/hw/mlx4/ah.c b/drivers/infiniband/hw/mlx4/ah.c
-index 105246f..5fc6233 100644
---- a/drivers/infiniband/hw/mlx4/ah.c
-+++ b/drivers/infiniband/hw/mlx4/ah.c
-@@ -47,6 +47,7 @@ static struct ib_ah *create_ib_ah(struct ib_pd *pd, struct ib_ah_attr *ah_attr,
-
- ah->av.ib.port_pd = cpu_to_be32(to_mpd(pd)->pdn | (ah_attr->port_num << 24));
- ah->av.ib.g_slid = ah_attr->src_path_bits;
-+ ah->av.ib.sl_tclass_flowlabel = cpu_to_be32(ah_attr->sl << 28);
- if (ah_attr->ah_flags & IB_AH_GRH) {
- ah->av.ib.g_slid |= 0x80;
- ah->av.ib.gid_index = ah_attr->grh.sgid_index;
-@@ -64,7 +65,6 @@ static struct ib_ah *create_ib_ah(struct ib_pd *pd, struct ib_ah_attr *ah_attr,
- !(1 << ah->av.ib.stat_rate & dev->caps.stat_rate_support))
- --ah->av.ib.stat_rate;
- }
-- ah->av.ib.sl_tclass_flowlabel = cpu_to_be32(ah_attr->sl << 28);
-
- return &ah->ibah;
- }
-diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
-index a9e3bcc..a0ecf08 100644
---- a/drivers/infiniband/sw/rdmavt/qp.c
-+++ b/drivers/infiniband/sw/rdmavt/qp.c
-@@ -683,8 +683,10 @@ struct ib_qp *rvt_create_qp(struct ib_pd *ibpd,
- * initialization that is needed.
- */
- priv = rdi->driver_f.qp_priv_alloc(rdi, qp, gfp);
-- if (!priv)
-+ if (IS_ERR(priv)) {
-+ ret = priv;
- goto bail_qp;
-+ }
- qp->priv = priv;
- qp->timeout_jiffies =
- usecs_to_jiffies((4096UL * (1UL << qp->timeout)) /
-diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
-index bf4959f..94f1bf7 100644
---- a/drivers/iommu/amd_iommu_init.c
-+++ b/drivers/iommu/amd_iommu_init.c
-@@ -1363,13 +1363,23 @@ static int __init amd_iommu_init_pci(void)
- break;
- }
-
-+ /*
-+ * Order is important here to make sure any unity map requirements are
-+ * fulfilled. The unity mappings are created and written to the device
-+ * table during the amd_iommu_init_api() call.
-+ *
-+ * After that we call init_device_table_dma() to make sure any
-+ * uninitialized DTE will block DMA, and in the end we flush the caches
-+ * of all IOMMUs to make sure the changes to the device table are
-+ * active.
-+ */
-+ ret = amd_iommu_init_api();
-+
- init_device_table_dma();
-
- for_each_iommu(iommu)
- iommu_flush_all_caches(iommu);
-
-- ret = amd_iommu_init_api();
--
- if (!ret)
- print_iommu_info();
-
-diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
-index 4ff73ff..3e20208 100644
---- a/drivers/iommu/arm-smmu-v3.c
-+++ b/drivers/iommu/arm-smmu-v3.c
-@@ -1942,6 +1942,7 @@ static struct iommu_ops arm_smmu_ops = {
- .attach_dev = arm_smmu_attach_dev,
- .map = arm_smmu_map,
- .unmap = arm_smmu_unmap,
-+ .map_sg = default_iommu_map_sg,
- .iova_to_phys = arm_smmu_iova_to_phys,
- .add_device = arm_smmu_add_device,
- .remove_device = arm_smmu_remove_device,
-diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
-index e1852e8..ae364e0 100644
---- a/drivers/iommu/intel-iommu.c
-+++ b/drivers/iommu/intel-iommu.c
-@@ -3169,11 +3169,6 @@ static int __init init_dmars(void)
- }
- }
-
-- iommu_flush_write_buffer(iommu);
-- iommu_set_root_entry(iommu);
-- iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
-- iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
--
- if (!ecap_pass_through(iommu->ecap))
- hw_pass_through = 0;
- #ifdef CONFIG_INTEL_IOMMU_SVM
-@@ -3182,6 +3177,18 @@ static int __init init_dmars(void)
- #endif
- }
-
-+ /*
-+ * Now that qi is enabled on all iommus, set the root entry and flush
-+ * caches. This is required on some Intel X58 chipsets, otherwise the
-+ * flush_context function will loop forever and the boot hangs.
-+ */
-+ for_each_active_iommu(iommu, drhd) {
-+ iommu_flush_write_buffer(iommu);
-+ iommu_set_root_entry(iommu);
-+ iommu->flush.flush_context(iommu, 0, 0, 0, DMA_CCMD_GLOBAL_INVL);
-+ iommu->flush.flush_iotlb(iommu, 0, 0, 0, DMA_TLB_GLOBAL_FLUSH);
-+ }
-+
- if (iommu_pass_through)
- iommu_identity_mapping |= IDENTMAP_ALL;
-
-diff --git a/drivers/iommu/rockchip-iommu.c b/drivers/iommu/rockchip-iommu.c
-index 5710a06..0ea8d9a 100644
---- a/drivers/iommu/rockchip-iommu.c
-+++ b/drivers/iommu/rockchip-iommu.c
-@@ -815,7 +815,7 @@ static int rk_iommu_attach_device(struct iommu_domain *domain,
- dte_addr = virt_to_phys(rk_domain->dt);
- for (i = 0; i < iommu->num_mmu; i++) {
- rk_iommu_write(iommu->bases[i], RK_MMU_DTE_ADDR, dte_addr);
-- rk_iommu_command(iommu->bases[i], RK_MMU_CMD_ZAP_CACHE);
-+ rk_iommu_base_command(iommu->bases[i], RK_MMU_CMD_ZAP_CACHE);
- rk_iommu_write(iommu->bases[i], RK_MMU_INT_MASK, RK_MMU_IRQ_MASK);
- }
-
-diff --git a/drivers/irqchip/irq-mips-gic.c b/drivers/irqchip/irq-mips-gic.c
-index 4dffccf..40fb120 100644
---- a/drivers/irqchip/irq-mips-gic.c
-+++ b/drivers/irqchip/irq-mips-gic.c
-@@ -734,6 +734,12 @@ static int gic_irq_domain_alloc(struct irq_domain *d, unsigned int virq,
- /* verify that it doesn't conflict with an IPI irq */
- if (test_bit(spec->hwirq, ipi_resrv))
- return -EBUSY;
-+
-+ hwirq = GIC_SHARED_TO_HWIRQ(spec->hwirq);
-+
-+ return irq_domain_set_hwirq_and_chip(d, virq, hwirq,
-+ &gic_level_irq_controller,
-+ NULL);
- } else {
- base_hwirq = find_first_bit(ipi_resrv, gic_shared_intrs);
- if (base_hwirq == gic_shared_intrs) {
-@@ -855,10 +861,14 @@ static int gic_dev_domain_alloc(struct irq_domain *d, unsigned int virq,
- &gic_level_irq_controller,
- NULL);
- if (ret)
-- return ret;
-+ goto error;
- }
-
- return 0;
-+
-+error:
-+ irq_domain_free_irqs_parent(d, virq, nr_irqs);
-+ return ret;
- }
-
- void gic_dev_domain_free(struct irq_domain *d, unsigned int virq,
-diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
-index d7723ce..12690c1 100644
---- a/drivers/media/usb/uvc/uvc_v4l2.c
-+++ b/drivers/media/usb/uvc/uvc_v4l2.c
-@@ -1408,47 +1408,44 @@ static int uvc_v4l2_put_xu_query(const struct uvc_xu_control_query *kp,
- static long uvc_v4l2_compat_ioctl32(struct file *file,
- unsigned int cmd, unsigned long arg)
- {
-+ struct uvc_fh *handle = file->private_data;
- union {
- struct uvc_xu_control_mapping xmap;
- struct uvc_xu_control_query xqry;
- } karg;
- void __user *up = compat_ptr(arg);
-- mm_segment_t old_fs;
- long ret;
-
- switch (cmd) {
- case UVCIOC_CTRL_MAP32:
-- cmd = UVCIOC_CTRL_MAP;
- ret = uvc_v4l2_get_xu_mapping(&karg.xmap, up);
-+ if (ret)
-+ return ret;
-+ ret = uvc_ioctl_ctrl_map(handle->chain, &karg.xmap);
-+ if (ret)
-+ return ret;
-+ ret = uvc_v4l2_put_xu_mapping(&karg.xmap, up);
-+ if (ret)
-+ return ret;
-+
- break;
-
- case UVCIOC_CTRL_QUERY32:
-- cmd = UVCIOC_CTRL_QUERY;
- ret = uvc_v4l2_get_xu_query(&karg.xqry, up);
-+ if (ret)
-+ return ret;
-+ ret = uvc_xu_ctrl_query(handle->chain, &karg.xqry);
-+ if (ret)
-+ return ret;
-+ ret = uvc_v4l2_put_xu_query(&karg.xqry, up);
-+ if (ret)
-+ return ret;
- break;
-
- default:
- return -ENOIOCTLCMD;
- }
-
-- old_fs = get_fs();
-- set_fs(KERNEL_DS);
-- ret = video_ioctl2(file, cmd, (unsigned long)&karg);
-- set_fs(old_fs);
--
-- if (ret < 0)
-- return ret;
--
-- switch (cmd) {
-- case UVCIOC_CTRL_MAP:
-- ret = uvc_v4l2_put_xu_mapping(&karg.xmap, up);
-- break;
--
-- case UVCIOC_CTRL_QUERY:
-- ret = uvc_v4l2_put_xu_query(&karg.xqry, up);
-- break;
-- }
--
- return ret;
- }
- #endif
-diff --git a/drivers/memory/omap-gpmc.c b/drivers/memory/omap-gpmc.c
-index 21825dd..859b4a1 100644
---- a/drivers/memory/omap-gpmc.c
-+++ b/drivers/memory/omap-gpmc.c
-@@ -394,7 +394,7 @@ static void gpmc_cs_bool_timings(int cs, const struct gpmc_bool_timings *p)
- gpmc_cs_modify_reg(cs, GPMC_CS_CONFIG4,
- GPMC_CONFIG4_OEEXTRADELAY, p->oe_extra_delay);
- gpmc_cs_modify_reg(cs, GPMC_CS_CONFIG4,
-- GPMC_CONFIG4_OEEXTRADELAY, p->we_extra_delay);
-+ GPMC_CONFIG4_WEEXTRADELAY, p->we_extra_delay);
- gpmc_cs_modify_reg(cs, GPMC_CS_CONFIG6,
- GPMC_CONFIG6_CYCLE2CYCLESAMECSEN,
- p->cycle2cyclesamecsen);
-diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
-index 96fddb0..4dd0391 100644
---- a/drivers/mtd/ubi/eba.c
-+++ b/drivers/mtd/ubi/eba.c
-@@ -575,6 +575,7 @@ static int recover_peb(struct ubi_device *ubi, int pnum, int vol_id, int lnum,
- int err, idx = vol_id2idx(ubi, vol_id), new_pnum, data_size, tries = 0;
- struct ubi_volume *vol = ubi->volumes[idx];
- struct ubi_vid_hdr *vid_hdr;
-+ uint32_t crc;
-
- vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
- if (!vid_hdr)
-@@ -599,14 +600,8 @@ retry:
- goto out_put;
- }
-
-- vid_hdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
-- err = ubi_io_write_vid_hdr(ubi, new_pnum, vid_hdr);
-- if (err) {
-- up_read(&ubi->fm_eba_sem);
-- goto write_error;
-- }
-+ ubi_assert(vid_hdr->vol_type == UBI_VID_DYNAMIC);
-
-- data_size = offset + len;
- mutex_lock(&ubi->buf_mutex);
- memset(ubi->peb_buf + offset, 0xFF, len);
-
-@@ -621,6 +616,19 @@ retry:
-
- memcpy(ubi->peb_buf + offset, buf, len);
-
-+ data_size = offset + len;
-+ crc = crc32(UBI_CRC32_INIT, ubi->peb_buf, data_size);
-+ vid_hdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
-+ vid_hdr->copy_flag = 1;
-+ vid_hdr->data_size = cpu_to_be32(data_size);
-+ vid_hdr->data_crc = cpu_to_be32(crc);
-+ err = ubi_io_write_vid_hdr(ubi, new_pnum, vid_hdr);
-+ if (err) {
-+ mutex_unlock(&ubi->buf_mutex);
-+ up_read(&ubi->fm_eba_sem);
-+ goto write_error;
-+ }
-+
- err = ubi_io_write_data(ubi, ubi->peb_buf, new_pnum, 0, data_size);
- if (err) {
- mutex_unlock(&ubi->buf_mutex);
-diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
-index 9fcb489..c70e515 100644
---- a/drivers/net/geneve.c
-+++ b/drivers/net/geneve.c
-@@ -1092,12 +1092,17 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev)
-
- static int __geneve_change_mtu(struct net_device *dev, int new_mtu, bool strict)
- {
-+ struct geneve_dev *geneve = netdev_priv(dev);
- /* The max_mtu calculation does not take account of GENEVE
- * options, to avoid excluding potentially valid
- * configurations.
- */
-- int max_mtu = IP_MAX_MTU - GENEVE_BASE_HLEN - sizeof(struct iphdr)
-- - dev->hard_header_len;
-+ int max_mtu = IP_MAX_MTU - GENEVE_BASE_HLEN - dev->hard_header_len;
-+
-+ if (geneve->remote.sa.sa_family == AF_INET6)
-+ max_mtu -= sizeof(struct ipv6hdr);
-+ else
-+ max_mtu -= sizeof(struct iphdr);
-
- if (new_mtu < 68)
- return -EINVAL;
-diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
-index 9e803bb..8f3c55d 100644
---- a/drivers/net/macsec.c
-+++ b/drivers/net/macsec.c
-@@ -2564,6 +2564,7 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
- u64_stats_update_begin(&secy_stats->syncp);
- secy_stats->stats.OutPktsUntagged++;
- u64_stats_update_end(&secy_stats->syncp);
-+ skb->dev = macsec->real_dev;
- len = skb->len;
- ret = dev_queue_xmit(skb);
- count_tx(dev, ret, len);
-diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
-index 2fb31ed..d4425c56 100644
---- a/drivers/net/usb/cdc_ncm.c
-+++ b/drivers/net/usb/cdc_ncm.c
-@@ -852,6 +852,13 @@ int cdc_ncm_bind_common(struct usbnet *dev, struct usb_interface *intf, u8 data_
- if (cdc_ncm_init(dev))
- goto error2;
-
-+ /* Some firmwares need a pause here or they will silently fail
-+ * to set up the interface properly. This value was decided
-+ * empirically on a Sierra Wireless MC7455 running 02.08.02.00
-+ * firmware.
-+ */
-+ usleep_range(10000, 20000);
-+
- /* configure data interface */
- temp = usb_set_interface(dev->udev, iface_no, data_altsetting);
- if (temp) {
-diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index e85e073..06664ba 100644
---- a/drivers/net/wireless/mac80211_hwsim.c
-+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2771,6 +2771,7 @@ static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2,
- if (!info->attrs[HWSIM_ATTR_ADDR_TRANSMITTER] ||
- !info->attrs[HWSIM_ATTR_FLAGS] ||
- !info->attrs[HWSIM_ATTR_COOKIE] ||
-+ !info->attrs[HWSIM_ATTR_SIGNAL] ||
- !info->attrs[HWSIM_ATTR_TX_INFO])
- goto out;
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/core.c b/drivers/net/wireless/realtek/rtlwifi/core.c
-index 0f48048..3a0faa8 100644
---- a/drivers/net/wireless/realtek/rtlwifi/core.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/core.c
-@@ -54,7 +54,7 @@ EXPORT_SYMBOL(channel5g_80m);
- void rtl_addr_delay(u32 addr)
- {
- if (addr == 0xfe)
-- msleep(50);
-+ mdelay(50);
- else if (addr == 0xfd)
- msleep(5);
- else if (addr == 0xfc)
-@@ -75,7 +75,7 @@ void rtl_rfreg_delay(struct ieee80211_hw *hw, enum radio_path rfpath, u32 addr,
- rtl_addr_delay(addr);
- } else {
- rtl_set_rfreg(hw, rfpath, addr, mask, data);
-- usleep_range(1, 2);
-+ udelay(1);
- }
- }
- EXPORT_SYMBOL(rtl_rfreg_delay);
-@@ -86,7 +86,7 @@ void rtl_bb_delay(struct ieee80211_hw *hw, u32 addr, u32 data)
- rtl_addr_delay(addr);
- } else {
- rtl_set_bbreg(hw, addr, MASKDWORD, data);
-- usleep_range(1, 2);
-+ udelay(1);
- }
- }
- EXPORT_SYMBOL(rtl_bb_delay);
-diff --git a/drivers/of/irq.c b/drivers/of/irq.c
-index e7bfc17..6ec743f 100644
---- a/drivers/of/irq.c
-+++ b/drivers/of/irq.c
-@@ -386,13 +386,13 @@ int of_irq_to_resource(struct device_node *dev, int index, struct resource *r)
- EXPORT_SYMBOL_GPL(of_irq_to_resource);
-
- /**
-- * of_irq_get - Decode a node's IRQ and return it as a Linux irq number
-+ * of_irq_get - Decode a node's IRQ and return it as a Linux IRQ number
- * @dev: pointer to device tree node
-- * @index: zero-based index of the irq
-- *
-- * Returns Linux irq number on success, or -EPROBE_DEFER if the irq domain
-- * is not yet created.
-+ * @index: zero-based index of the IRQ
- *
-+ * Returns Linux IRQ number on success, or 0 on the IRQ mapping failure, or
-+ * -EPROBE_DEFER if the IRQ domain is not yet created, or error code in case
-+ * of any other failure.
- */
- int of_irq_get(struct device_node *dev, int index)
- {
-@@ -413,12 +413,13 @@ int of_irq_get(struct device_node *dev, int index)
- EXPORT_SYMBOL_GPL(of_irq_get);
-
- /**
-- * of_irq_get_byname - Decode a node's IRQ and return it as a Linux irq number
-+ * of_irq_get_byname - Decode a node's IRQ and return it as a Linux IRQ number
- * @dev: pointer to device tree node
-- * @name: irq name
-+ * @name: IRQ name
- *
-- * Returns Linux irq number on success, or -EPROBE_DEFER if the irq domain
-- * is not yet created, or error code in case of any other failure.
-+ * Returns Linux IRQ number on success, or 0 on the IRQ mapping failure, or
-+ * -EPROBE_DEFER if the IRQ domain is not yet created, or error code in case
-+ * of any other failure.
- */
- int of_irq_get_byname(struct device_node *dev, const char *name)
- {
-diff --git a/drivers/pci/vc.c b/drivers/pci/vc.c
-index dfbab61..1fa3a32 100644
---- a/drivers/pci/vc.c
-+++ b/drivers/pci/vc.c
-@@ -221,9 +221,9 @@ static int pci_vc_do_save_buffer(struct pci_dev *dev, int pos,
- else
- pci_write_config_word(dev, pos + PCI_VC_PORT_CTRL,
- *(u16 *)buf);
-- buf += 2;
-+ buf += 4;
- }
-- len += 2;
-+ len += 4;
-
- /*
- * If we have any Low Priority VCs and a VC Arbitration Table Offset
-diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
-index 56a17ec..6c7fe477 100644
---- a/drivers/regulator/qcom_smd-regulator.c
-+++ b/drivers/regulator/qcom_smd-regulator.c
-@@ -140,6 +140,18 @@ static const struct regulator_ops rpm_smps_ldo_ops = {
- .enable = rpm_reg_enable,
- .disable = rpm_reg_disable,
- .is_enabled = rpm_reg_is_enabled,
-+ .list_voltage = regulator_list_voltage_linear_range,
-+
-+ .get_voltage = rpm_reg_get_voltage,
-+ .set_voltage = rpm_reg_set_voltage,
-+
-+ .set_load = rpm_reg_set_load,
-+};
-+
-+static const struct regulator_ops rpm_smps_ldo_ops_fixed = {
-+ .enable = rpm_reg_enable,
-+ .disable = rpm_reg_disable,
-+ .is_enabled = rpm_reg_is_enabled,
-
- .get_voltage = rpm_reg_get_voltage,
- .set_voltage = rpm_reg_set_voltage,
-@@ -247,7 +259,7 @@ static const struct regulator_desc pm8941_nldo = {
- static const struct regulator_desc pm8941_lnldo = {
- .fixed_uV = 1740000,
- .n_voltages = 1,
-- .ops = &rpm_smps_ldo_ops,
-+ .ops = &rpm_smps_ldo_ops_fixed,
- };
-
- static const struct regulator_desc pm8941_switch = {
-diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
-index d4c2856..3ddc85e 100644
---- a/drivers/scsi/53c700.c
-+++ b/drivers/scsi/53c700.c
-@@ -1122,7 +1122,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
- } else {
- struct scsi_cmnd *SCp;
-
-- SCp = scsi_host_find_tag(SDp->host, SCSI_NO_TAG);
-+ SCp = SDp->current_cmnd;
- if(unlikely(SCp == NULL)) {
- sdev_printk(KERN_ERR, SDp,
- "no saved request for untagged cmd\n");
-@@ -1826,7 +1826,7 @@ NCR_700_queuecommand_lck(struct scsi_cmnd *SCp, void (*done)(struct scsi_cmnd *)
- slot->tag, slot);
- } else {
- slot->tag = SCSI_NO_TAG;
-- /* must populate current_cmnd for scsi_host_find_tag to work */
-+ /* save current command for reselection */
- SCp->device->current_cmnd = SCp;
- }
- /* sanity check: some of the commands generated by the mid-layer
-diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
-index 984ddcb..1b9c049 100644
---- a/drivers/scsi/scsi_error.c
-+++ b/drivers/scsi/scsi_error.c
-@@ -1127,7 +1127,6 @@ static int scsi_eh_action(struct scsi_cmnd *scmd, int rtn)
- */
- void scsi_eh_finish_cmd(struct scsi_cmnd *scmd, struct list_head *done_q)
- {
-- scmd->device->host->host_failed--;
- scmd->eh_eflags = 0;
- list_move_tail(&scmd->eh_entry, done_q);
- }
-@@ -2226,6 +2225,9 @@ int scsi_error_handler(void *data)
- else
- scsi_unjam_host(shost);
-
-+ /* All scmds have been handled */
-+ shost->host_failed = 0;
-+
- /*
- * Note - if the above fails completely, the action is to take
- * individual devices offline and flush the queue of any
-diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index f52b74c..41c3a2c 100644
---- a/drivers/scsi/sd.c
-+++ b/drivers/scsi/sd.c
-@@ -2862,10 +2862,10 @@ static int sd_revalidate_disk(struct gendisk *disk)
- if (sdkp->opt_xfer_blocks &&
- sdkp->opt_xfer_blocks <= dev_max &&
- sdkp->opt_xfer_blocks <= SD_DEF_XFER_BLOCKS &&
-- sdkp->opt_xfer_blocks * sdp->sector_size >= PAGE_SIZE)
-- rw_max = q->limits.io_opt =
-- sdkp->opt_xfer_blocks * sdp->sector_size;
-- else
-+ logical_to_bytes(sdp, sdkp->opt_xfer_blocks) >= PAGE_SIZE) {
-+ q->limits.io_opt = logical_to_bytes(sdp, sdkp->opt_xfer_blocks);
-+ rw_max = logical_to_sectors(sdp, sdkp->opt_xfer_blocks);
-+ } else
- rw_max = BLK_DEF_MAX_SECTORS;
-
- /* Combine with controller limits */
-diff --git a/drivers/scsi/sd.h b/drivers/scsi/sd.h
-index 654630b..765a6f1 100644
---- a/drivers/scsi/sd.h
-+++ b/drivers/scsi/sd.h
-@@ -151,6 +151,11 @@ static inline sector_t logical_to_sectors(struct scsi_device *sdev, sector_t blo
- return blocks << (ilog2(sdev->sector_size) - 9);
- }
-
-+static inline unsigned int logical_to_bytes(struct scsi_device *sdev, sector_t blocks)
-+{
-+ return blocks * sdev->sector_size;
-+}
-+
- /*
- * A DIF-capable target device can be formatted with different
- * protection schemes. Currently 0 through 3 are defined:
-diff --git a/drivers/staging/iio/accel/sca3000_core.c b/drivers/staging/iio/accel/sca3000_core.c
-index a8f533a..ec12181 100644
---- a/drivers/staging/iio/accel/sca3000_core.c
-+++ b/drivers/staging/iio/accel/sca3000_core.c
-@@ -594,7 +594,7 @@ static ssize_t sca3000_read_frequency(struct device *dev,
- goto error_ret_mut;
- ret = sca3000_read_ctrl_reg(st, SCA3000_REG_CTRL_SEL_OUT_CTRL);
- mutex_unlock(&st->lock);
-- if (ret)
-+ if (ret < 0)
- goto error_ret;
- val = ret;
- if (base_freq > 0)
-diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c
-index 6ceac4f..5b4b47e 100644
---- a/drivers/thermal/cpu_cooling.c
-+++ b/drivers/thermal/cpu_cooling.c
-@@ -857,14 +857,6 @@ __cpufreq_cooling_register(struct device_node *np,
- goto free_power_table;
- }
-
-- snprintf(dev_name, sizeof(dev_name), "thermal-cpufreq-%d",
-- cpufreq_dev->id);
--
-- cool_dev = thermal_of_cooling_device_register(np, dev_name, cpufreq_dev,
-- &cpufreq_cooling_ops);
-- if (IS_ERR(cool_dev))
-- goto remove_idr;
--
- /* Fill freq-table in descending order of frequencies */
- for (i = 0, freq = -1; i <= cpufreq_dev->max_level; i++) {
- freq = find_next_max(table, freq);
-@@ -877,6 +869,14 @@ __cpufreq_cooling_register(struct device_node *np,
- pr_debug("%s: freq:%u KHz\n", __func__, freq);
- }
-
-+ snprintf(dev_name, sizeof(dev_name), "thermal-cpufreq-%d",
-+ cpufreq_dev->id);
-+
-+ cool_dev = thermal_of_cooling_device_register(np, dev_name, cpufreq_dev,
-+ &cpufreq_cooling_ops);
-+ if (IS_ERR(cool_dev))
-+ goto remove_idr;
-+
- cpufreq_dev->clipped_freq = cpufreq_dev->freq_table[0];
- cpufreq_dev->cool_dev = cool_dev;
-
-diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
-index f973bfc..1e93a37 100644
---- a/drivers/tty/vt/keyboard.c
-+++ b/drivers/tty/vt/keyboard.c
-@@ -366,34 +366,22 @@ static void to_utf8(struct vc_data *vc, uint c)
-
- static void do_compute_shiftstate(void)
- {
-- unsigned int i, j, k, sym, val;
-+ unsigned int k, sym, val;
-
- shift_state = 0;
- memset(shift_down, 0, sizeof(shift_down));
-
-- for (i = 0; i < ARRAY_SIZE(key_down); i++) {
--
-- if (!key_down[i])
-+ for_each_set_bit(k, key_down, min(NR_KEYS, KEY_CNT)) {
-+ sym = U(key_maps[0][k]);
-+ if (KTYP(sym) != KT_SHIFT && KTYP(sym) != KT_SLOCK)
- continue;
-
-- k = i * BITS_PER_LONG;
--
-- for (j = 0; j < BITS_PER_LONG; j++, k++) {
--
-- if (!test_bit(k, key_down))
-- continue;
-+ val = KVAL(sym);
-+ if (val == KVAL(K_CAPSSHIFT))
-+ val = KVAL(K_SHIFT);
-
-- sym = U(key_maps[0][k]);
-- if (KTYP(sym) != KT_SHIFT && KTYP(sym) != KT_SLOCK)
-- continue;
--
-- val = KVAL(sym);
-- if (val == KVAL(K_CAPSSHIFT))
-- val = KVAL(K_SHIFT);
--
-- shift_down[val]++;
-- shift_state |= (1 << val);
-- }
-+ shift_down[val]++;
-+ shift_state |= BIT(val);
- }
- }
-
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index bd523ad..e9e29de 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -750,6 +750,7 @@ static void visual_init(struct vc_data *vc, int num, int init)
- vc->vc_complement_mask = 0;
- vc->vc_can_do_color = 0;
- vc->vc_panic_force_write = false;
-+ vc->vc_cur_blink_ms = DEFAULT_CURSOR_BLINK_MS;
- vc->vc_sw->con_init(vc, init);
- if (!vc->vc_complement_mask)
- vc->vc_complement_mask = vc->vc_can_do_color ? 0x7700 : 0x0800;
-diff --git a/drivers/usb/common/usb-otg-fsm.c b/drivers/usb/common/usb-otg-fsm.c
-index 504708f..6c6040c 100644
---- a/drivers/usb/common/usb-otg-fsm.c
-+++ b/drivers/usb/common/usb-otg-fsm.c
-@@ -21,6 +21,7 @@
- * 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-+#include <linux/module.h>
- #include <linux/kernel.h>
- #include <linux/types.h>
- #include <linux/mutex.h>
-@@ -452,3 +453,4 @@ int otg_statemachine(struct otg_fsm *fsm)
- return state_changed;
- }
- EXPORT_SYMBOL_GPL(otg_statemachine);
-+MODULE_LICENSE("GPL");
-diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 980fc57..2d107d0 100644
---- a/drivers/usb/core/hcd.c
-+++ b/drivers/usb/core/hcd.c
-@@ -2597,26 +2597,23 @@ EXPORT_SYMBOL_GPL(usb_create_hcd);
- * Don't deallocate the bandwidth_mutex until the last shared usb_hcd is
- * deallocated.
- *
-- * Make sure to only deallocate the bandwidth_mutex when the primary HCD is
-- * freed. When hcd_release() is called for either hcd in a peer set
-- * invalidate the peer's ->shared_hcd and ->primary_hcd pointers to
-- * block new peering attempts
-+ * Make sure to deallocate the bandwidth_mutex only when the last HCD is
-+ * freed. When hcd_release() is called for either hcd in a peer set,
-+ * invalidate the peer's ->shared_hcd and ->primary_hcd pointers.
- */
- static void hcd_release(struct kref *kref)
- {
- struct usb_hcd *hcd = container_of (kref, struct usb_hcd, kref);
-
- mutex_lock(&usb_port_peer_mutex);
-- if (usb_hcd_is_primary_hcd(hcd)) {
-- kfree(hcd->address0_mutex);
-- kfree(hcd->bandwidth_mutex);
-- }
- if (hcd->shared_hcd) {
- struct usb_hcd *peer = hcd->shared_hcd;
-
- peer->shared_hcd = NULL;
-- if (peer->primary_hcd == hcd)
-- peer->primary_hcd = NULL;
-+ peer->primary_hcd = NULL;
-+ } else {
-+ kfree(hcd->address0_mutex);
-+ kfree(hcd->bandwidth_mutex);
- }
- mutex_unlock(&usb_port_peer_mutex);
- kfree(hcd);
-diff --git a/drivers/usb/dwc2/core.h b/drivers/usb/dwc2/core.h
-index 3c58d63..dec0b21 100644
---- a/drivers/usb/dwc2/core.h
-+++ b/drivers/usb/dwc2/core.h
-@@ -64,6 +64,17 @@
- DWC2_TRACE_SCHEDULER_VB(pr_fmt("%s: SCH: " fmt), \
- dev_name(hsotg->dev), ##__VA_ARGS__)
-
-+#ifdef CONFIG_MIPS
-+/*
-+ * There are some MIPS machines that can run in either big-endian
-+ * or little-endian mode and that use the dwc2 register without
-+ * a byteswap in both ways.
-+ * Unlike other architectures, MIPS apparently does not require a
-+ * barrier before the __raw_writel() to synchronize with DMA but does
-+ * require the barrier after the __raw_writel() to serialize a set of
-+ * writes. This set of operations was added specifically for MIPS and
-+ * should only be used there.
-+ */
- static inline u32 dwc2_readl(const void __iomem *addr)
- {
- u32 value = __raw_readl(addr);
-@@ -90,6 +101,22 @@ static inline void dwc2_writel(u32 value, void __iomem *addr)
- pr_info("INFO:: wrote %08x to %p\n", value, addr);
- #endif
- }
-+#else
-+/* Normal architectures just use readl/write */
-+static inline u32 dwc2_readl(const void __iomem *addr)
-+{
-+ return readl(addr);
-+}
-+
-+static inline void dwc2_writel(u32 value, void __iomem *addr)
-+{
-+ writel(value, addr);
-+
-+#ifdef DWC2_LOG_WRITES
-+ pr_info("info:: wrote %08x to %p\n", value, addr);
-+#endif
-+}
-+#endif
-
- /* Maximum number of Endpoints/HostChannels */
- #define MAX_EPS_CHANNELS 16
-diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
-index 7b6d74f..476c0e3 100644
---- a/drivers/virtio/virtio_balloon.c
-+++ b/drivers/virtio/virtio_balloon.c
-@@ -75,7 +75,7 @@ struct virtio_balloon {
-
- /* The array of pfns we tell the Host about. */
- unsigned int num_pfns;
-- u32 pfns[VIRTIO_BALLOON_ARRAY_PFNS_MAX];
-+ __virtio32 pfns[VIRTIO_BALLOON_ARRAY_PFNS_MAX];
-
- /* Memory statistics */
- struct virtio_balloon_stat stats[VIRTIO_BALLOON_S_NR];
-@@ -127,14 +127,16 @@ static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
-
- }
-
--static void set_page_pfns(u32 pfns[], struct page *page)
-+static void set_page_pfns(struct virtio_balloon *vb,
-+ __virtio32 pfns[], struct page *page)
- {
- unsigned int i;
-
- /* Set balloon pfns pointing at this page.
- * Note that the first pfn points at start of the page. */
- for (i = 0; i < VIRTIO_BALLOON_PAGES_PER_PAGE; i++)
-- pfns[i] = page_to_balloon_pfn(page) + i;
-+ pfns[i] = cpu_to_virtio32(vb->vdev,
-+ page_to_balloon_pfn(page) + i);
- }
-
- static unsigned fill_balloon(struct virtio_balloon *vb, size_t num)
-@@ -158,7 +160,7 @@ static unsigned fill_balloon(struct virtio_balloon *vb, size_t num)
- msleep(200);
- break;
- }
-- set_page_pfns(vb->pfns + vb->num_pfns, page);
-+ set_page_pfns(vb, vb->pfns + vb->num_pfns, page);
- vb->num_pages += VIRTIO_BALLOON_PAGES_PER_PAGE;
- if (!virtio_has_feature(vb->vdev,
- VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
-@@ -177,10 +179,12 @@ static unsigned fill_balloon(struct virtio_balloon *vb, size_t num)
- static void release_pages_balloon(struct virtio_balloon *vb)
- {
- unsigned int i;
-+ struct page *page;
-
- /* Find pfns pointing at start of each page, get pages and free them. */
- for (i = 0; i < vb->num_pfns; i += VIRTIO_BALLOON_PAGES_PER_PAGE) {
-- struct page *page = balloon_pfn_to_page(vb->pfns[i]);
-+ page = balloon_pfn_to_page(virtio32_to_cpu(vb->vdev,
-+ vb->pfns[i]));
- if (!virtio_has_feature(vb->vdev,
- VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
- adjust_managed_page_count(page, 1);
-@@ -203,7 +207,7 @@ static unsigned leak_balloon(struct virtio_balloon *vb, size_t num)
- page = balloon_page_dequeue(vb_dev_info);
- if (!page)
- break;
-- set_page_pfns(vb->pfns + vb->num_pfns, page);
-+ set_page_pfns(vb, vb->pfns + vb->num_pfns, page);
- vb->num_pages -= VIRTIO_BALLOON_PAGES_PER_PAGE;
- }
-
-@@ -471,13 +475,13 @@ static int virtballoon_migratepage(struct balloon_dev_info *vb_dev_info,
- __count_vm_event(BALLOON_MIGRATE);
- spin_unlock_irqrestore(&vb_dev_info->pages_lock, flags);
- vb->num_pfns = VIRTIO_BALLOON_PAGES_PER_PAGE;
-- set_page_pfns(vb->pfns, newpage);
-+ set_page_pfns(vb, vb->pfns, newpage);
- tell_host(vb, vb->inflate_vq);
-
- /* balloon's page migration 2nd step -- deflate "page" */
- balloon_page_delete(page);
- vb->num_pfns = VIRTIO_BALLOON_PAGES_PER_PAGE;
-- set_page_pfns(vb->pfns, page);
-+ set_page_pfns(vb, vb->pfns, page);
- tell_host(vb, vb->deflate_vq);
-
- mutex_unlock(&vb->balloon_lock);
-diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
-index d46839f..e4db19e 100644
---- a/drivers/xen/balloon.c
-+++ b/drivers/xen/balloon.c
-@@ -151,8 +151,6 @@ static DECLARE_WAIT_QUEUE_HEAD(balloon_wq);
- static void balloon_process(struct work_struct *work);
- static DECLARE_DELAYED_WORK(balloon_worker, balloon_process);
-
--static void release_memory_resource(struct resource *resource);
--
- /* When ballooning out (allocating memory to return to Xen) we don't really
- want the kernel to try too hard since that can trigger the oom killer. */
- #define GFP_BALLOON \
-@@ -248,6 +246,19 @@ static enum bp_state update_schedule(enum bp_state state)
- }
-
- #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
-+static void release_memory_resource(struct resource *resource)
-+{
-+ if (!resource)
-+ return;
-+
-+ /*
-+ * No need to reset region to identity mapped since we now
-+ * know that no I/O can be in this region
-+ */
-+ release_resource(resource);
-+ kfree(resource);
-+}
-+
- static struct resource *additional_memory_resource(phys_addr_t size)
- {
- struct resource *res;
-@@ -286,19 +297,6 @@ static struct resource *additional_memory_resource(phys_addr_t size)
- return res;
- }
-
--static void release_memory_resource(struct resource *resource)
--{
-- if (!resource)
-- return;
--
-- /*
-- * No need to reset region to identity mapped since we now
-- * know that no I/O can be in this region
-- */
-- release_resource(resource);
-- kfree(resource);
--}
--
- static enum bp_state reserve_additional_memory(void)
- {
- long credit;
-diff --git a/drivers/xen/xen-acpi-processor.c b/drivers/xen/xen-acpi-processor.c
-index 076970a..4ce10bc 100644
---- a/drivers/xen/xen-acpi-processor.c
-+++ b/drivers/xen/xen-acpi-processor.c
-@@ -423,36 +423,7 @@ upload:
-
- return 0;
- }
--static int __init check_prereq(void)
--{
-- struct cpuinfo_x86 *c = &cpu_data(0);
--
-- if (!xen_initial_domain())
-- return -ENODEV;
--
-- if (!acpi_gbl_FADT.smi_command)
-- return -ENODEV;
--
-- if (c->x86_vendor == X86_VENDOR_INTEL) {
-- if (!cpu_has(c, X86_FEATURE_EST))
-- return -ENODEV;
-
-- return 0;
-- }
-- if (c->x86_vendor == X86_VENDOR_AMD) {
-- /* Copied from powernow-k8.h, can't include ../cpufreq/powernow
-- * as we get compile warnings for the static functions.
-- */
--#define CPUID_FREQ_VOLT_CAPABILITIES 0x80000007
--#define USE_HW_PSTATE 0x00000080
-- u32 eax, ebx, ecx, edx;
-- cpuid(CPUID_FREQ_VOLT_CAPABILITIES, &eax, &ebx, &ecx, &edx);
-- if ((edx & USE_HW_PSTATE) != USE_HW_PSTATE)
-- return -ENODEV;
-- return 0;
-- }
-- return -ENODEV;
--}
- /* acpi_perf_data is a pointer to percpu data. */
- static struct acpi_processor_performance __percpu *acpi_perf_data;
-
-@@ -509,10 +480,10 @@ struct notifier_block xen_acpi_processor_resume_nb = {
- static int __init xen_acpi_processor_init(void)
- {
- unsigned int i;
-- int rc = check_prereq();
-+ int rc;
-
-- if (rc)
-- return rc;
-+ if (!xen_initial_domain())
-+ return -ENODEV;
-
- nr_acpi_bits = get_max_acpi_id() + 1;
- acpi_ids_done = kcalloc(BITS_TO_LONGS(nr_acpi_bits), sizeof(unsigned long), GFP_KERNEL);
-diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index ec7928a..234707c 100644
---- a/fs/btrfs/ctree.c
-+++ b/fs/btrfs/ctree.c
-@@ -1552,6 +1552,7 @@ noinline int btrfs_cow_block(struct btrfs_trans_handle *trans,
- trans->transid, root->fs_info->generation);
-
- if (!should_cow_block(trans, root, buf)) {
-+ trans->dirty = true;
- *cow_ret = buf;
- return 0;
- }
-@@ -2773,8 +2774,10 @@ again:
- * then we don't want to set the path blocking,
- * so we test it here
- */
-- if (!should_cow_block(trans, root, b))
-+ if (!should_cow_block(trans, root, b)) {
-+ trans->dirty = true;
- goto cow_done;
-+ }
-
- /*
- * must have write locks on this node and the
-diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
-index 84e060e..78f1b57 100644
---- a/fs/btrfs/extent-tree.c
-+++ b/fs/btrfs/extent-tree.c
-@@ -7929,7 +7929,7 @@ btrfs_init_new_buffer(struct btrfs_trans_handle *trans, struct btrfs_root *root,
- set_extent_dirty(&trans->transaction->dirty_pages, buf->start,
- buf->start + buf->len - 1, GFP_NOFS);
- }
-- trans->blocks_used++;
-+ trans->dirty = true;
- /* this returns a buffer locked for blocking */
- return buf;
- }
-diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index 00b8f37..d7c138f 100644
---- a/fs/btrfs/super.c
-+++ b/fs/btrfs/super.c
-@@ -239,7 +239,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
- trans->aborted = errno;
- /* Nothing used. The other threads that have joined this
- * transaction may be able to continue. */
-- if (!trans->blocks_used && list_empty(&trans->new_bgs)) {
-+ if (!trans->dirty && list_empty(&trans->new_bgs)) {
- const char *errstr;
-
- errstr = btrfs_decode_error(errno);
-diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h
-index 72be51f..c0b501a 100644
---- a/fs/btrfs/transaction.h
-+++ b/fs/btrfs/transaction.h
-@@ -110,7 +110,6 @@ struct btrfs_trans_handle {
- u64 chunk_bytes_reserved;
- unsigned long use_count;
- unsigned long blocks_reserved;
-- unsigned long blocks_used;
- unsigned long delayed_ref_updates;
- struct btrfs_transaction *transaction;
- struct btrfs_block_rsv *block_rsv;
-@@ -121,6 +120,7 @@ struct btrfs_trans_handle {
- bool can_flush_pending_bgs;
- bool reloc_reserved;
- bool sync;
-+ bool dirty;
- unsigned int type;
- /*
- * this root is only needed to validate that the root passed to
-diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c
-index 5a53ac6..02b071bf 100644
---- a/fs/cifs/cifs_unicode.c
-+++ b/fs/cifs/cifs_unicode.c
-@@ -101,6 +101,12 @@ convert_sfm_char(const __u16 src_char, char *target)
- case SFM_SLASH:
- *target = '\\';
- break;
-+ case SFM_SPACE:
-+ *target = ' ';
-+ break;
-+ case SFM_PERIOD:
-+ *target = '.';
-+ break;
- default:
- return false;
- }
-@@ -404,7 +410,7 @@ static __le16 convert_to_sfu_char(char src_char)
- return dest_char;
- }
-
--static __le16 convert_to_sfm_char(char src_char)
-+static __le16 convert_to_sfm_char(char src_char, bool end_of_string)
- {
- __le16 dest_char;
-
-@@ -427,6 +433,18 @@ static __le16 convert_to_sfm_char(char src_char)
- case '|':
- dest_char = cpu_to_le16(SFM_PIPE);
- break;
-+ case '.':
-+ if (end_of_string)
-+ dest_char = cpu_to_le16(SFM_PERIOD);
-+ else
-+ dest_char = 0;
-+ break;
-+ case ' ':
-+ if (end_of_string)
-+ dest_char = cpu_to_le16(SFM_SPACE);
-+ else
-+ dest_char = 0;
-+ break;
- default:
- dest_char = 0;
- }
-@@ -469,9 +487,16 @@ cifsConvertToUTF16(__le16 *target, const char *source, int srclen,
- /* see if we must remap this char */
- if (map_chars == SFU_MAP_UNI_RSVD)
- dst_char = convert_to_sfu_char(src_char);
-- else if (map_chars == SFM_MAP_UNI_RSVD)
-- dst_char = convert_to_sfm_char(src_char);
-- else
-+ else if (map_chars == SFM_MAP_UNI_RSVD) {
-+ bool end_of_string;
-+
-+ if (i == srclen - 1)
-+ end_of_string = true;
-+ else
-+ end_of_string = false;
-+
-+ dst_char = convert_to_sfm_char(src_char, end_of_string);
-+ } else
- dst_char = 0;
- /*
- * FIXME: We can not handle remapping backslash (UNI_SLASH)
-diff --git a/fs/cifs/cifs_unicode.h b/fs/cifs/cifs_unicode.h
-index bdc52cb..479bc0a 100644
---- a/fs/cifs/cifs_unicode.h
-+++ b/fs/cifs/cifs_unicode.h
-@@ -64,6 +64,8 @@
- #define SFM_LESSTHAN ((__u16) 0xF023)
- #define SFM_PIPE ((__u16) 0xF027)
- #define SFM_SLASH ((__u16) 0xF026)
-+#define SFM_PERIOD ((__u16) 0xF028)
-+#define SFM_SPACE ((__u16) 0xF029)
-
- /*
- * Mapping mechanism to use when one of the seven reserved characters is
-diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
-index 6f62ac8..34cbc58 100644
---- a/fs/cifs/connect.c
-+++ b/fs/cifs/connect.c
-@@ -428,7 +428,9 @@ cifs_echo_request(struct work_struct *work)
- * server->ops->need_neg() == true. Also, no need to ping if
- * we got a response recently.
- */
-- if (!server->ops->need_neg || server->ops->need_neg(server) ||
-+
-+ if (server->tcpStatus == CifsNeedReconnect ||
-+ server->tcpStatus == CifsExiting || server->tcpStatus == CifsNew ||
- (server->ops->can_echo && !server->ops->can_echo(server)) ||
- time_before(jiffies, server->lstrp + echo_interval - HZ))
- goto requeue_echo;
-diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
-index 848249f..3079b38 100644
---- a/fs/cifs/ntlmssp.h
-+++ b/fs/cifs/ntlmssp.h
-@@ -133,6 +133,6 @@ typedef struct _AUTHENTICATE_MESSAGE {
-
- int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, struct cifs_ses *ses);
- void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, struct cifs_ses *ses);
--int build_ntlmssp_auth_blob(unsigned char *pbuffer, u16 *buflen,
-+int build_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen,
- struct cifs_ses *ses,
- const struct nls_table *nls_cp);
-diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
-index af0ec2d..e88ffe1 100644
---- a/fs/cifs/sess.c
-+++ b/fs/cifs/sess.c
-@@ -364,19 +364,43 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
- sec_blob->DomainName.MaximumLength = 0;
- }
-
--/* We do not malloc the blob, it is passed in pbuffer, because its
-- maximum possible size is fixed and small, making this approach cleaner.
-- This function returns the length of the data in the blob */
--int build_ntlmssp_auth_blob(unsigned char *pbuffer,
-+static int size_of_ntlmssp_blob(struct cifs_ses *ses)
-+{
-+ int sz = sizeof(AUTHENTICATE_MESSAGE) + ses->auth_key.len
-+ - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
-+
-+ if (ses->domainName)
-+ sz += 2 * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
-+ else
-+ sz += 2;
-+
-+ if (ses->user_name)
-+ sz += 2 * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
-+ else
-+ sz += 2;
-+
-+ return sz;
-+}
-+
-+int build_ntlmssp_auth_blob(unsigned char **pbuffer,
- u16 *buflen,
- struct cifs_ses *ses,
- const struct nls_table *nls_cp)
- {
- int rc;
-- AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
-+ AUTHENTICATE_MESSAGE *sec_blob;
- __u32 flags;
- unsigned char *tmp;
-
-+ rc = setup_ntlmv2_rsp(ses, nls_cp);
-+ if (rc) {
-+ cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
-+ *buflen = 0;
-+ goto setup_ntlmv2_ret;
-+ }
-+ *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
-+ sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
-+
- memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
- sec_blob->MessageType = NtLmAuthenticate;
-
-@@ -391,7 +415,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
- }
-
-- tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
-+ tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
- sec_blob->NegotiateFlags = cpu_to_le32(flags);
-
- sec_blob->LmChallengeResponse.BufferOffset =
-@@ -399,13 +423,9 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- sec_blob->LmChallengeResponse.Length = 0;
- sec_blob->LmChallengeResponse.MaximumLength = 0;
-
-- sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->NtChallengeResponse.BufferOffset =
-+ cpu_to_le32(tmp - *pbuffer);
- if (ses->user_name != NULL) {
-- rc = setup_ntlmv2_rsp(ses, nls_cp);
-- if (rc) {
-- cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
-- goto setup_ntlmv2_ret;
-- }
- memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
- ses->auth_key.len - CIFS_SESS_KEY_SIZE);
- tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
-@@ -423,7 +443,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- }
-
- if (ses->domainName == NULL) {
-- sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->DomainName.Length = 0;
- sec_blob->DomainName.MaximumLength = 0;
- tmp += 2;
-@@ -432,14 +452,14 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
- CIFS_MAX_USERNAME_LEN, nls_cp);
- len *= 2; /* unicode is 2 bytes each */
-- sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->DomainName.Length = cpu_to_le16(len);
- sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
- tmp += len;
- }
-
- if (ses->user_name == NULL) {
-- sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->UserName.Length = 0;
- sec_blob->UserName.MaximumLength = 0;
- tmp += 2;
-@@ -448,13 +468,13 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
- CIFS_MAX_USERNAME_LEN, nls_cp);
- len *= 2; /* unicode is 2 bytes each */
-- sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->UserName.Length = cpu_to_le16(len);
- sec_blob->UserName.MaximumLength = cpu_to_le16(len);
- tmp += len;
- }
-
-- sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->WorkstationName.Length = 0;
- sec_blob->WorkstationName.MaximumLength = 0;
- tmp += 2;
-@@ -463,19 +483,19 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
- (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
- && !calc_seckey(ses)) {
- memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
-- sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
- sec_blob->SessionKey.MaximumLength =
- cpu_to_le16(CIFS_CPHTXT_SIZE);
- tmp += CIFS_CPHTXT_SIZE;
- } else {
-- sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
-+ sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
- sec_blob->SessionKey.Length = 0;
- sec_blob->SessionKey.MaximumLength = 0;
- }
-
-+ *buflen = tmp - *pbuffer;
- setup_ntlmv2_ret:
-- *buflen = tmp - pbuffer;
- return rc;
- }
-
-@@ -1266,7 +1286,7 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
- struct cifs_ses *ses = sess_data->ses;
- __u16 bytes_remaining;
- char *bcc_ptr;
-- char *ntlmsspblob = NULL;
-+ unsigned char *ntlmsspblob = NULL;
- u16 blob_len;
-
- cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
-@@ -1279,19 +1299,7 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
- /* Build security blob before we assemble the request */
- pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
- smb_buf = (struct smb_hdr *)pSMB;
-- /*
-- * 5 is an empirical value, large enough to hold
-- * authenticate message plus max 10 of av paris,
-- * domain, user, workstation names, flags, etc.
-- */
-- ntlmsspblob = kzalloc(5*sizeof(struct _AUTHENTICATE_MESSAGE),
-- GFP_KERNEL);
-- if (!ntlmsspblob) {
-- rc = -ENOMEM;
-- goto out;
-- }
--
-- rc = build_ntlmssp_auth_blob(ntlmsspblob,
-+ rc = build_ntlmssp_auth_blob(&ntlmsspblob,
- &blob_len, ses, sess_data->nls_cp);
- if (rc)
- goto out_free_ntlmsspblob;
-diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 8f38e33..29e06db 100644
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -588,7 +588,7 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
- u16 blob_length = 0;
- struct key *spnego_key = NULL;
- char *security_blob = NULL;
-- char *ntlmssp_blob = NULL;
-+ unsigned char *ntlmssp_blob = NULL;
- bool use_spnego = false; /* else use raw ntlmssp */
-
- cifs_dbg(FYI, "Session Setup\n");
-@@ -713,13 +713,7 @@ ssetup_ntlmssp_authenticate:
- iov[1].iov_len = blob_length;
- } else if (phase == NtLmAuthenticate) {
- req->hdr.SessionId = ses->Suid;
-- ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
-- GFP_KERNEL);
-- if (ntlmssp_blob == NULL) {
-- rc = -ENOMEM;
-- goto ssetup_exit;
-- }
-- rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses,
-+ rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, ses,
- nls_cp);
- if (rc) {
- cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n",
-@@ -1818,6 +1812,33 @@ SMB2_echo(struct TCP_Server_Info *server)
-
- cifs_dbg(FYI, "In echo request\n");
-
-+ if (server->tcpStatus == CifsNeedNegotiate) {
-+ struct list_head *tmp, *tmp2;
-+ struct cifs_ses *ses;
-+ struct cifs_tcon *tcon;
-+
-+ cifs_dbg(FYI, "Need negotiate, reconnecting tcons\n");
-+ spin_lock(&cifs_tcp_ses_lock);
-+ list_for_each(tmp, &server->smb_ses_list) {
-+ ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
-+ list_for_each(tmp2, &ses->tcon_list) {
-+ tcon = list_entry(tmp2, struct cifs_tcon,
-+ tcon_list);
-+ /* add check for persistent handle reconnect */
-+ if (tcon && tcon->need_reconnect) {
-+ spin_unlock(&cifs_tcp_ses_lock);
-+ rc = smb2_reconnect(SMB2_ECHO, tcon);
-+ spin_lock(&cifs_tcp_ses_lock);
-+ }
-+ }
-+ }
-+ spin_unlock(&cifs_tcp_ses_lock);
-+ }
-+
-+ /* if no session, renegotiate failed above */
-+ if (server->tcpStatus == CifsNeedNegotiate)
-+ return -EIO;
-+
- rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
- if (rc)
- return rc;
-diff --git a/fs/namei.c b/fs/namei.c
-index 30145f8..aaa3b69 100644
---- a/fs/namei.c
-+++ b/fs/namei.c
-@@ -3173,6 +3173,10 @@ retry_lookup:
- got_write = false;
- }
-
-+ error = follow_managed(&path, nd);
-+ if (unlikely(error < 0))
-+ return error;
-+
- if (unlikely(d_is_negative(path.dentry))) {
- path_to_nameidata(&path, nd);
- return -ENOENT;
-@@ -3188,10 +3192,6 @@ retry_lookup:
- return -EEXIST;
- }
-
-- error = follow_managed(&path, nd);
-- if (unlikely(error < 0))
-- return error;
--
- seq = 0; /* out of RCU mode, so the value doesn't matter */
- inode = d_backing_inode(path.dentry);
- finish_lookup:
-diff --git a/fs/namespace.c b/fs/namespace.c
-index 4fb1691..783004a 100644
---- a/fs/namespace.c
-+++ b/fs/namespace.c
-@@ -2409,8 +2409,10 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
- mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
- }
- if (type->fs_flags & FS_USERNS_VISIBLE) {
-- if (!fs_fully_visible(type, &mnt_flags))
-+ if (!fs_fully_visible(type, &mnt_flags)) {
-+ put_filesystem(type);
- return -EPERM;
-+ }
- }
- }
-
-@@ -3245,6 +3247,10 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
- if (mnt->mnt.mnt_sb->s_iflags & SB_I_NOEXEC)
- mnt_flags &= ~(MNT_LOCK_NOSUID | MNT_LOCK_NOEXEC);
-
-+ /* Don't miss readonly hidden in the superblock flags */
-+ if (mnt->mnt.mnt_sb->s_flags & MS_RDONLY)
-+ mnt_flags |= MNT_LOCK_READONLY;
-+
- /* Verify the mount flags are equal to or more permissive
- * than the proposed new mount.
- */
-@@ -3271,7 +3277,7 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
- list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
- struct inode *inode = child->mnt_mountpoint->d_inode;
- /* Only worry about locked mounts */
-- if (!(mnt_flags & MNT_LOCKED))
-+ if (!(child->mnt.mnt_flags & MNT_LOCKED))
- continue;
- /* Is the directory permanetly empty? */
- if (!is_empty_dir_inode(inode))
-diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
-index 33eb817..a7dd1fe 100644
---- a/fs/nfs/dir.c
-+++ b/fs/nfs/dir.c
-@@ -1527,9 +1527,9 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry,
- err = PTR_ERR(inode);
- trace_nfs_atomic_open_exit(dir, ctx, open_flags, err);
- put_nfs_open_context(ctx);
-+ d_drop(dentry);
- switch (err) {
- case -ENOENT:
-- d_drop(dentry);
- d_add(dentry, NULL);
- nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
- break;
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index 327b8c3..de2523f 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -2860,12 +2860,11 @@ static void nfs4_close_prepare(struct rpc_task *task, void *data)
- call_close |= is_wronly;
- else if (is_wronly)
- calldata->arg.fmode |= FMODE_WRITE;
-+ if (calldata->arg.fmode != (FMODE_READ|FMODE_WRITE))
-+ call_close |= is_rdwr;
- } else if (is_rdwr)
- calldata->arg.fmode |= FMODE_READ|FMODE_WRITE;
-
-- if (calldata->arg.fmode == 0)
-- call_close |= is_rdwr;
--
- if (!nfs4_valid_open_stateid(state))
- call_close = 0;
- spin_unlock(&state->owner->so_lock);
-diff --git a/fs/nfs/pnfs_nfs.c b/fs/nfs/pnfs_nfs.c
-index 776dccb..dcb7000 100644
---- a/fs/nfs/pnfs_nfs.c
-+++ b/fs/nfs/pnfs_nfs.c
-@@ -247,7 +247,11 @@ void pnfs_fetch_commit_bucket_list(struct list_head *pages,
- }
-
- /* Helper function for pnfs_generic_commit_pagelist to catch an empty
-- * page list. This can happen when two commits race. */
-+ * page list. This can happen when two commits race.
-+ *
-+ * This must be called instead of nfs_init_commit - call one or the other, but
-+ * not both!
-+ */
- static bool
- pnfs_generic_commit_cancel_empty_pagelist(struct list_head *pages,
- struct nfs_commit_data *data,
-@@ -256,7 +260,11 @@ pnfs_generic_commit_cancel_empty_pagelist(struct list_head *pages,
- if (list_empty(pages)) {
- if (atomic_dec_and_test(&cinfo->mds->rpcs_out))
- wake_up_atomic_t(&cinfo->mds->rpcs_out);
-- nfs_commitdata_release(data);
-+ /* don't call nfs_commitdata_release - it tries to put
-+ * the open_context which is not acquired until nfs_init_commit
-+ * which has not been called on @data */
-+ WARN_ON_ONCE(data->context);
-+ nfs_commit_free(data);
- return true;
- }
-
-diff --git a/fs/nfs/read.c b/fs/nfs/read.c
-index 6776d7a..572e5b3 100644
---- a/fs/nfs/read.c
-+++ b/fs/nfs/read.c
-@@ -367,13 +367,13 @@ readpage_async_filler(void *data, struct page *page)
- nfs_list_remove_request(new);
- nfs_readpage_release(new);
- error = desc->pgio->pg_error;
-- goto out_unlock;
-+ goto out;
- }
- return 0;
- out_error:
- error = PTR_ERR(new);
--out_unlock:
- unlock_page(page);
-+out:
- return error;
- }
-
-diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
-index 1580ea6..d08cd88 100644
---- a/fs/nfsd/nfs2acl.c
-+++ b/fs/nfsd/nfs2acl.c
-@@ -104,22 +104,21 @@ static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp,
- goto out;
-
- inode = d_inode(fh->fh_dentry);
-- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
-- error = -EOPNOTSUPP;
-- goto out_errno;
-- }
-
- error = fh_want_write(fh);
- if (error)
- goto out_errno;
-
-- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
-+ fh_lock(fh);
-+
-+ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
- if (error)
-- goto out_drop_write;
-- error = inode->i_op->set_acl(inode, argp->acl_default,
-- ACL_TYPE_DEFAULT);
-+ goto out_drop_lock;
-+ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
- if (error)
-- goto out_drop_write;
-+ goto out_drop_lock;
-+
-+ fh_unlock(fh);
-
- fh_drop_write(fh);
-
-@@ -131,7 +130,8 @@ out:
- posix_acl_release(argp->acl_access);
- posix_acl_release(argp->acl_default);
- return nfserr;
--out_drop_write:
-+out_drop_lock:
-+ fh_unlock(fh);
- fh_drop_write(fh);
- out_errno:
- nfserr = nfserrno(error);
-diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
-index 01df4cd..0c89034 100644
---- a/fs/nfsd/nfs3acl.c
-+++ b/fs/nfsd/nfs3acl.c
-@@ -95,22 +95,20 @@ static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp,
- goto out;
-
- inode = d_inode(fh->fh_dentry);
-- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
-- error = -EOPNOTSUPP;
-- goto out_errno;
-- }
-
- error = fh_want_write(fh);
- if (error)
- goto out_errno;
-
-- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
-+ fh_lock(fh);
-+
-+ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
- if (error)
-- goto out_drop_write;
-- error = inode->i_op->set_acl(inode, argp->acl_default,
-- ACL_TYPE_DEFAULT);
-+ goto out_drop_lock;
-+ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
-
--out_drop_write:
-+out_drop_lock:
-+ fh_unlock(fh);
- fh_drop_write(fh);
- out_errno:
- nfserr = nfserrno(error);
-diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
-index 6adabd6..71292a0 100644
---- a/fs/nfsd/nfs4acl.c
-+++ b/fs/nfsd/nfs4acl.c
-@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
- dentry = fhp->fh_dentry;
- inode = d_inode(dentry);
-
-- if (!inode->i_op->set_acl || !IS_POSIXACL(inode))
-- return nfserr_attrnotsupp;
--
- if (S_ISDIR(inode->i_mode))
- flags = NFS4_ACL_DIR;
-
-@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
- if (host_error < 0)
- goto out_nfserr;
-
-- host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS);
-+ fh_lock(fhp);
-+
-+ host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl);
- if (host_error < 0)
-- goto out_release;
-+ goto out_drop_lock;
-
- if (S_ISDIR(inode->i_mode)) {
-- host_error = inode->i_op->set_acl(inode, dpacl,
-- ACL_TYPE_DEFAULT);
-+ host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl);
- }
-
--out_release:
-+out_drop_lock:
-+ fh_unlock(fhp);
-+
- posix_acl_release(pacl);
- posix_acl_release(dpacl);
- out_nfserr:
-diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
-index 7389cb1..04c68d9 100644
---- a/fs/nfsd/nfs4callback.c
-+++ b/fs/nfsd/nfs4callback.c
-@@ -710,22 +710,6 @@ static struct rpc_cred *get_backchannel_cred(struct nfs4_client *clp, struct rpc
- }
- }
-
--static struct rpc_clnt *create_backchannel_client(struct rpc_create_args *args)
--{
-- struct rpc_xprt *xprt;
--
-- if (args->protocol != XPRT_TRANSPORT_BC_TCP)
-- return rpc_create(args);
--
-- xprt = args->bc_xprt->xpt_bc_xprt;
-- if (xprt) {
-- xprt_get(xprt);
-- return rpc_create_xprt(args, xprt);
-- }
--
-- return rpc_create(args);
--}
--
- static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *conn, struct nfsd4_session *ses)
- {
- int maxtime = max_cb_time(clp->net);
-@@ -768,7 +752,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
- args.authflavor = ses->se_cb_sec.flavor;
- }
- /* Create RPC client */
-- client = create_backchannel_client(&args);
-+ client = rpc_create(&args);
- if (IS_ERR(client)) {
- dprintk("NFSD: couldn't create callback client: %ld\n",
- PTR_ERR(client));
-diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
-index 0462eed..9e04e49 100644
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -3487,6 +3487,10 @@ init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp,
- struct nfs4_openowner *oo = open->op_openowner;
- struct nfs4_ol_stateid *retstp = NULL;
-
-+ /* We are moving these outside of the spinlocks to avoid the warnings */
-+ mutex_init(&stp->st_mutex);
-+ mutex_lock(&stp->st_mutex);
-+
- spin_lock(&oo->oo_owner.so_client->cl_lock);
- spin_lock(&fp->fi_lock);
-
-@@ -3502,13 +3506,17 @@ init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp,
- stp->st_access_bmap = 0;
- stp->st_deny_bmap = 0;
- stp->st_openstp = NULL;
-- init_rwsem(&stp->st_rwsem);
- list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
- list_add(&stp->st_perfile, &fp->fi_stateids);
-
- out_unlock:
- spin_unlock(&fp->fi_lock);
- spin_unlock(&oo->oo_owner.so_client->cl_lock);
-+ if (retstp) {
-+ mutex_lock(&retstp->st_mutex);
-+ /* Not that we need to, just for neatness */
-+ mutex_unlock(&stp->st_mutex);
-+ }
- return retstp;
- }
-
-@@ -4335,32 +4343,34 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
- */
- if (stp) {
- /* Stateid was found, this is an OPEN upgrade */
-- down_read(&stp->st_rwsem);
-+ mutex_lock(&stp->st_mutex);
- status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
- if (status) {
-- up_read(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- goto out;
- }
- } else {
- stp = open->op_stp;
- open->op_stp = NULL;
-+ /*
-+ * init_open_stateid() either returns a locked stateid
-+ * it found, or initializes and locks the new one we passed in
-+ */
- swapstp = init_open_stateid(stp, fp, open);
- if (swapstp) {
- nfs4_put_stid(&stp->st_stid);
- stp = swapstp;
-- down_read(&stp->st_rwsem);
- status = nfs4_upgrade_open(rqstp, fp, current_fh,
- stp, open);
- if (status) {
-- up_read(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- goto out;
- }
- goto upgrade_out;
- }
-- down_read(&stp->st_rwsem);
- status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
- if (status) {
-- up_read(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- release_open_stateid(stp);
- goto out;
- }
-@@ -4372,7 +4382,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
- }
- upgrade_out:
- nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
-- up_read(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
-
- if (nfsd4_has_session(&resp->cstate)) {
- if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
-@@ -4983,12 +4993,12 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
- * revoked delegations are kept only for free_stateid.
- */
- return nfserr_bad_stateid;
-- down_write(&stp->st_rwsem);
-+ mutex_lock(&stp->st_mutex);
- status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
- if (status == nfs_ok)
- status = nfs4_check_fh(current_fh, &stp->st_stid);
- if (status != nfs_ok)
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- return status;
- }
-
-@@ -5036,7 +5046,7 @@ static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cs
- return status;
- oo = openowner(stp->st_stateowner);
- if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- nfs4_put_stid(&stp->st_stid);
- return nfserr_bad_stateid;
- }
-@@ -5068,12 +5078,12 @@ nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- oo = openowner(stp->st_stateowner);
- status = nfserr_bad_stateid;
- if (oo->oo_flags & NFS4_OO_CONFIRMED) {
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- goto put_stateid;
- }
- oo->oo_flags |= NFS4_OO_CONFIRMED;
- nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid);
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
- __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid));
-
-@@ -5149,7 +5159,7 @@ nfsd4_open_downgrade(struct svc_rqst *rqstp,
- nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid);
- status = nfs_ok;
- put_stateid:
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- nfs4_put_stid(&stp->st_stid);
- out:
- nfsd4_bump_seqid(cstate, status);
-@@ -5202,7 +5212,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- if (status)
- goto out;
- nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid);
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
-
- nfsd4_close_open_stateid(stp);
-
-@@ -5428,7 +5438,7 @@ init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo,
- stp->st_access_bmap = 0;
- stp->st_deny_bmap = open_stp->st_deny_bmap;
- stp->st_openstp = open_stp;
-- init_rwsem(&stp->st_rwsem);
-+ mutex_init(&stp->st_mutex);
- list_add(&stp->st_locks, &open_stp->st_locks);
- list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
- spin_lock(&fp->fi_lock);
-@@ -5597,7 +5607,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- &open_stp, nn);
- if (status)
- goto out;
-- up_write(&open_stp->st_rwsem);
-+ mutex_unlock(&open_stp->st_mutex);
- open_sop = openowner(open_stp->st_stateowner);
- status = nfserr_bad_stateid;
- if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
-@@ -5606,7 +5616,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- status = lookup_or_create_lock_state(cstate, open_stp, lock,
- &lock_stp, &new);
- if (status == nfs_ok)
-- down_write(&lock_stp->st_rwsem);
-+ mutex_lock(&lock_stp->st_mutex);
- } else {
- status = nfs4_preprocess_seqid_op(cstate,
- lock->lk_old_lock_seqid,
-@@ -5710,7 +5720,7 @@ out:
- seqid_mutating_err(ntohl(status)))
- lock_sop->lo_owner.so_seqid++;
-
-- up_write(&lock_stp->st_rwsem);
-+ mutex_unlock(&lock_stp->st_mutex);
-
- /*
- * If this is a new, never-before-used stateid, and we are
-@@ -5880,7 +5890,7 @@ nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- fput:
- fput(filp);
- put_stateid:
-- up_write(&stp->st_rwsem);
-+ mutex_unlock(&stp->st_mutex);
- nfs4_put_stid(&stp->st_stid);
- out:
- nfsd4_bump_seqid(cstate, status);
-diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h
-index c050c53..c89d7b5 100644
---- a/fs/nfsd/state.h
-+++ b/fs/nfsd/state.h
-@@ -535,7 +535,7 @@ struct nfs4_ol_stateid {
- unsigned char st_access_bmap;
- unsigned char st_deny_bmap;
- struct nfs4_ol_stateid *st_openstp;
-- struct rw_semaphore st_rwsem;
-+ struct mutex st_mutex;
- };
-
- static inline struct nfs4_ol_stateid *openlockstateid(struct nfs4_stid *s)
-diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
-index b3fc0a3..fb35aa2 100644
---- a/fs/overlayfs/dir.c
-+++ b/fs/overlayfs/dir.c
-@@ -511,6 +511,7 @@ static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir)
- struct dentry *upper;
- struct dentry *opaquedir = NULL;
- int err;
-+ int flags = 0;
-
- if (WARN_ON(!workdir))
- return -EROFS;
-@@ -540,46 +541,39 @@ static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir)
- if (err)
- goto out_dput;
-
-- whiteout = ovl_whiteout(workdir, dentry);
-- err = PTR_ERR(whiteout);
-- if (IS_ERR(whiteout))
-+ upper = lookup_one_len(dentry->d_name.name, upperdir,
-+ dentry->d_name.len);
-+ err = PTR_ERR(upper);
-+ if (IS_ERR(upper))
- goto out_unlock;
-
-- upper = ovl_dentry_upper(dentry);
-- if (!upper) {
-- upper = lookup_one_len(dentry->d_name.name, upperdir,
-- dentry->d_name.len);
-- err = PTR_ERR(upper);
-- if (IS_ERR(upper))
-- goto kill_whiteout;
--
-- err = ovl_do_rename(wdir, whiteout, udir, upper, 0);
-- dput(upper);
-- if (err)
-- goto kill_whiteout;
-- } else {
-- int flags = 0;
-+ err = -ESTALE;
-+ if ((opaquedir && upper != opaquedir) ||
-+ (!opaquedir && ovl_dentry_upper(dentry) &&
-+ upper != ovl_dentry_upper(dentry))) {
-+ goto out_dput_upper;
-+ }
-
-- if (opaquedir)
-- upper = opaquedir;
-- err = -ESTALE;
-- if (upper->d_parent != upperdir)
-- goto kill_whiteout;
-+ whiteout = ovl_whiteout(workdir, dentry);
-+ err = PTR_ERR(whiteout);
-+ if (IS_ERR(whiteout))
-+ goto out_dput_upper;
-
-- if (is_dir)
-- flags |= RENAME_EXCHANGE;
-+ if (d_is_dir(upper))
-+ flags = RENAME_EXCHANGE;
-
-- err = ovl_do_rename(wdir, whiteout, udir, upper, flags);
-- if (err)
-- goto kill_whiteout;
-+ err = ovl_do_rename(wdir, whiteout, udir, upper, flags);
-+ if (err)
-+ goto kill_whiteout;
-+ if (flags)
-+ ovl_cleanup(wdir, upper);
-
-- if (is_dir)
-- ovl_cleanup(wdir, upper);
-- }
- ovl_dentry_version_inc(dentry->d_parent);
- out_d_drop:
- d_drop(dentry);
- dput(whiteout);
-+out_dput_upper:
-+ dput(upper);
- out_unlock:
- unlock_rename(workdir, upperdir);
- out_dput:
-diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
-index a4ff5d0..d46fa60 100644
---- a/fs/overlayfs/inode.c
-+++ b/fs/overlayfs/inode.c
-@@ -59,16 +59,40 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
- if (err)
- goto out;
-
-+ if (attr->ia_valid & ATTR_SIZE) {
-+ struct inode *realinode = d_inode(ovl_dentry_real(dentry));
-+
-+ err = -ETXTBSY;
-+ if (atomic_read(&realinode->i_writecount) < 0)
-+ goto out_drop_write;
-+ }
-+
- err = ovl_copy_up(dentry);
- if (!err) {
-+ struct inode *winode = NULL;
-+
- upperdentry = ovl_dentry_upper(dentry);
-
-+ if (attr->ia_valid & ATTR_SIZE) {
-+ winode = d_inode(upperdentry);
-+ err = get_write_access(winode);
-+ if (err)
-+ goto out_drop_write;
-+ }
-+
-+ if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
-+ attr->ia_valid &= ~ATTR_MODE;
-+
- inode_lock(upperdentry->d_inode);
- err = notify_change(upperdentry, attr, NULL);
- if (!err)
- ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
- inode_unlock(upperdentry->d_inode);
-+
-+ if (winode)
-+ put_write_access(winode);
- }
-+out_drop_write:
- ovl_drop_write(dentry);
- out:
- return err;
-@@ -121,16 +145,18 @@ int ovl_permission(struct inode *inode, int mask)
-
- err = vfs_getattr(&realpath, &stat);
- if (err)
-- return err;
-+ goto out_dput;
-
-+ err = -ESTALE;
- if ((stat.mode ^ inode->i_mode) & S_IFMT)
-- return -ESTALE;
-+ goto out_dput;
-
- inode->i_mode = stat.mode;
- inode->i_uid = stat.uid;
- inode->i_gid = stat.gid;
-
-- return generic_permission(inode, mask);
-+ err = generic_permission(inode, mask);
-+ goto out_dput;
- }
-
- /* Careful in RCU walk mode */
-@@ -400,12 +426,11 @@ struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
- if (!inode)
- return NULL;
-
-- mode &= S_IFMT;
--
- inode->i_ino = get_next_ino();
- inode->i_mode = mode;
- inode->i_flags |= S_NOATIME | S_NOCMTIME;
-
-+ mode &= S_IFMT;
- switch (mode) {
- case S_IFDIR:
- inode->i_private = oe;
-diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
-index 6a7090f..294ccc0 100644
---- a/fs/overlayfs/overlayfs.h
-+++ b/fs/overlayfs/overlayfs.h
-@@ -185,6 +185,7 @@ static inline void ovl_copyattr(struct inode *from, struct inode *to)
- {
- to->i_uid = from->i_uid;
- to->i_gid = from->i_gid;
-+ to->i_mode = from->i_mode;
- }
-
- /* dir.c */
-diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
-index 791235e..7952a50f 100644
---- a/fs/overlayfs/super.c
-+++ b/fs/overlayfs/super.c
-@@ -1064,16 +1064,21 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
- /*
- * Upper should support d_type, else whiteouts are visible.
- * Given workdir and upper are on same fs, we can do
-- * iterate_dir() on workdir.
-+ * iterate_dir() on workdir. This check requires successful
-+ * creation of workdir in previous step.
- */
-- err = ovl_check_d_type_supported(&workpath);
-- if (err < 0)
-- goto out_put_workdir;
-+ if (ufs->workdir) {
-+ err = ovl_check_d_type_supported(&workpath);
-+ if (err < 0)
-+ goto out_put_workdir;
-
-- if (!err) {
-- pr_err("overlayfs: upper fs needs to support d_type.\n");
-- err = -EINVAL;
-- goto out_put_workdir;
-+ /*
-+ * We allowed this configuration and don't want to
-+ * break users over kernel upgrade. So warn instead
-+ * of erroring out.
-+ */
-+ if (!err)
-+ pr_warn("overlayfs: upper fs needs to support d_type.\n");
- }
- }
-
-diff --git a/fs/posix_acl.c b/fs/posix_acl.c
-index 711dd51..e11ea5f 100644
---- a/fs/posix_acl.c
-+++ b/fs/posix_acl.c
-@@ -786,39 +786,43 @@ posix_acl_xattr_get(const struct xattr_handler *handler,
- return error;
- }
-
--static int
--posix_acl_xattr_set(const struct xattr_handler *handler,
-- struct dentry *dentry, const char *name,
-- const void *value, size_t size, int flags)
-+int
-+set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
- {
-- struct inode *inode = d_backing_inode(dentry);
-- struct posix_acl *acl = NULL;
-- int ret;
--
- if (!IS_POSIXACL(inode))
- return -EOPNOTSUPP;
- if (!inode->i_op->set_acl)
- return -EOPNOTSUPP;
-
-- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
-- return value ? -EACCES : 0;
-+ if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
-+ return acl ? -EACCES : 0;
- if (!inode_owner_or_capable(inode))
- return -EPERM;
-
-+ if (acl) {
-+ int ret = posix_acl_valid(acl);
-+ if (ret)
-+ return ret;
-+ }
-+ return inode->i_op->set_acl(inode, acl, type);
-+}
-+EXPORT_SYMBOL(set_posix_acl);
-+
-+static int
-+posix_acl_xattr_set(const struct xattr_handler *handler,
-+ struct dentry *dentry, const char *name,
-+ const void *value, size_t size, int flags)
-+{
-+ struct inode *inode = d_backing_inode(dentry);
-+ struct posix_acl *acl = NULL;
-+ int ret;
-+
- if (value) {
- acl = posix_acl_from_xattr(&init_user_ns, value, size);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
--
-- if (acl) {
-- ret = posix_acl_valid(acl);
-- if (ret)
-- goto out;
-- }
- }
--
-- ret = inode->i_op->set_acl(inode, acl, handler->flags);
--out:
-+ ret = set_posix_acl(inode, handler->flags, acl);
- posix_acl_release(acl);
- return ret;
- }
-diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
-index 446753d..5b5ec8d 100644
---- a/fs/ubifs/file.c
-+++ b/fs/ubifs/file.c
-@@ -52,6 +52,7 @@
- #include "ubifs.h"
- #include <linux/mount.h>
- #include <linux/slab.h>
-+#include <linux/migrate.h>
-
- static int read_block(struct inode *inode, void *addr, unsigned int block,
- struct ubifs_data_node *dn)
-@@ -1452,6 +1453,26 @@ static int ubifs_set_page_dirty(struct page *page)
- return ret;
- }
-
-+#ifdef CONFIG_MIGRATION
-+static int ubifs_migrate_page(struct address_space *mapping,
-+ struct page *newpage, struct page *page, enum migrate_mode mode)
-+{
-+ int rc;
-+
-+ rc = migrate_page_move_mapping(mapping, newpage, page, NULL, mode, 0);
-+ if (rc != MIGRATEPAGE_SUCCESS)
-+ return rc;
-+
-+ if (PagePrivate(page)) {
-+ ClearPagePrivate(page);
-+ SetPagePrivate(newpage);
-+ }
-+
-+ migrate_page_copy(newpage, page);
-+ return MIGRATEPAGE_SUCCESS;
-+}
-+#endif
-+
- static int ubifs_releasepage(struct page *page, gfp_t unused_gfp_flags)
- {
- /*
-@@ -1591,6 +1612,9 @@ const struct address_space_operations ubifs_file_address_operations = {
- .write_end = ubifs_write_end,
- .invalidatepage = ubifs_invalidatepage,
- .set_page_dirty = ubifs_set_page_dirty,
-+#ifdef CONFIG_MIGRATION
-+ .migratepage = ubifs_migrate_page,
-+#endif
- .releasepage = ubifs_releasepage,
- };
-
-diff --git a/include/asm-generic/qspinlock.h b/include/asm-generic/qspinlock.h
-index 6bd0570..05f05f1 100644
---- a/include/asm-generic/qspinlock.h
-+++ b/include/asm-generic/qspinlock.h
-@@ -22,37 +22,33 @@
- #include <asm-generic/qspinlock_types.h>
-
- /**
-+ * queued_spin_unlock_wait - wait until the _current_ lock holder releases the lock
-+ * @lock : Pointer to queued spinlock structure
-+ *
-+ * There is a very slight possibility of live-lock if the lockers keep coming
-+ * and the waiter is just unfortunate enough to not see any unlock state.
-+ */
-+#ifndef queued_spin_unlock_wait
-+extern void queued_spin_unlock_wait(struct qspinlock *lock);
-+#endif
-+
-+/**
- * queued_spin_is_locked - is the spinlock locked?
- * @lock: Pointer to queued spinlock structure
- * Return: 1 if it is locked, 0 otherwise
- */
-+#ifndef queued_spin_is_locked
- static __always_inline int queued_spin_is_locked(struct qspinlock *lock)
- {
- /*
-- * queued_spin_lock_slowpath() can ACQUIRE the lock before
-- * issuing the unordered store that sets _Q_LOCKED_VAL.
-- *
-- * See both smp_cond_acquire() sites for more detail.
-- *
-- * This however means that in code like:
-- *
-- * spin_lock(A) spin_lock(B)
-- * spin_unlock_wait(B) spin_is_locked(A)
-- * do_something() do_something()
-- *
-- * Both CPUs can end up running do_something() because the store
-- * setting _Q_LOCKED_VAL will pass through the loads in
-- * spin_unlock_wait() and/or spin_is_locked().
-+ * See queued_spin_unlock_wait().
- *
-- * Avoid this by issuing a full memory barrier between the spin_lock()
-- * and the loads in spin_unlock_wait() and spin_is_locked().
-- *
-- * Note that regular mutual exclusion doesn't care about this
-- * delayed store.
-+ * Any !0 state indicates it is locked, even if _Q_LOCKED_VAL
-+ * isn't immediately observable.
- */
-- smp_mb();
-- return atomic_read(&lock->val) & _Q_LOCKED_MASK;
-+ return atomic_read(&lock->val);
- }
-+#endif
-
- /**
- * queued_spin_value_unlocked - is the spinlock structure unlocked?
-@@ -122,21 +118,6 @@ static __always_inline void queued_spin_unlock(struct qspinlock *lock)
- }
- #endif
-
--/**
-- * queued_spin_unlock_wait - wait until current lock holder releases the lock
-- * @lock : Pointer to queued spinlock structure
-- *
-- * There is a very slight possibility of live-lock if the lockers keep coming
-- * and the waiter is just unfortunate enough to not see any unlock state.
-- */
--static inline void queued_spin_unlock_wait(struct qspinlock *lock)
--{
-- /* See queued_spin_is_locked() */
-- smp_mb();
-- while (atomic_read(&lock->val) & _Q_LOCKED_MASK)
-- cpu_relax();
--}
--
- #ifndef virt_spin_lock
- static __always_inline bool virt_spin_lock(struct qspinlock *lock)
- {
-diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h
-index 055a08d..a74c49d 100644
---- a/include/drm/ttm/ttm_bo_api.h
-+++ b/include/drm/ttm/ttm_bo_api.h
-@@ -316,6 +316,20 @@ ttm_bo_reference(struct ttm_buffer_object *bo)
- */
- extern int ttm_bo_wait(struct ttm_buffer_object *bo, bool lazy,
- bool interruptible, bool no_wait);
-+
-+/**
-+ * ttm_bo_mem_compat - Check if proposed placement is compatible with a bo
-+ *
-+ * @placement: Return immediately if buffer is busy.
-+ * @mem: The struct ttm_mem_reg indicating the region where the bo resides
-+ * @new_flags: Describes compatible placement found
-+ *
-+ * Returns true if the placement is compatible
-+ */
-+extern bool ttm_bo_mem_compat(struct ttm_placement *placement,
-+ struct ttm_mem_reg *mem,
-+ uint32_t *new_flags);
-+
- /**
- * ttm_bo_validate
- *
-diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h
-index 786ad32..07b83d3 100644
---- a/include/linux/cpuidle.h
-+++ b/include/linux/cpuidle.h
-@@ -152,6 +152,8 @@ extern void cpuidle_disable_device(struct cpuidle_device *dev);
- extern int cpuidle_play_dead(void);
-
- extern struct cpuidle_driver *cpuidle_get_cpu_driver(struct cpuidle_device *dev);
-+static inline struct cpuidle_device *cpuidle_get_device(void)
-+{return __this_cpu_read(cpuidle_devices); }
- #else
- static inline void disable_cpuidle(void) { }
- static inline bool cpuidle_not_available(struct cpuidle_driver *drv,
-@@ -187,6 +189,7 @@ static inline void cpuidle_disable_device(struct cpuidle_device *dev) { }
- static inline int cpuidle_play_dead(void) {return -ENODEV; }
- static inline struct cpuidle_driver *cpuidle_get_cpu_driver(
- struct cpuidle_device *dev) {return NULL; }
-+static inline struct cpuidle_device *cpuidle_get_device(void) {return NULL; }
- #endif
-
- #if defined(CONFIG_CPU_IDLE) && defined(CONFIG_SUSPEND)
-diff --git a/include/linux/dcache.h b/include/linux/dcache.h
-index 7e9422c..ad5d582 100644
---- a/include/linux/dcache.h
-+++ b/include/linux/dcache.h
-@@ -576,5 +576,17 @@ static inline struct inode *vfs_select_inode(struct dentry *dentry,
- return inode;
- }
-
-+/**
-+ * d_real_inode - Return the real inode
-+ * @dentry: The dentry to query
-+ *
-+ * If dentry is on an union/overlay, then return the underlying, real inode.
-+ * Otherwise return d_inode().
-+ */
-+static inline struct inode *d_real_inode(struct dentry *dentry)
-+{
-+ return d_backing_inode(d_real(dentry));
-+}
-+
-
- #endif /* __LINUX_DCACHE_H */
-diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h
-index 0536524..6890446 100644
---- a/include/linux/jump_label.h
-+++ b/include/linux/jump_label.h
-@@ -117,13 +117,18 @@ struct module;
-
- #include <linux/atomic.h>
-
-+#ifdef HAVE_JUMP_LABEL
-+
- static inline int static_key_count(struct static_key *key)
- {
-- return atomic_read(&key->enabled);
-+ /*
-+ * -1 means the first static_key_slow_inc() is in progress.
-+ * static_key_enabled() must return true, so return 1 here.
-+ */
-+ int n = atomic_read(&key->enabled);
-+ return n >= 0 ? n : 1;
- }
-
--#ifdef HAVE_JUMP_LABEL
--
- #define JUMP_TYPE_FALSE 0UL
- #define JUMP_TYPE_TRUE 1UL
- #define JUMP_TYPE_MASK 1UL
-@@ -162,6 +167,11 @@ extern void jump_label_apply_nops(struct module *mod);
-
- #else /* !HAVE_JUMP_LABEL */
-
-+static inline int static_key_count(struct static_key *key)
-+{
-+ return atomic_read(&key->enabled);
-+}
-+
- static __always_inline void jump_label_init(void)
- {
- static_key_initialized = true;
-diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 15d0df9..794b924 100644
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -1062,6 +1062,7 @@ __skb_set_sw_hash(struct sk_buff *skb, __u32 hash, bool is_l4)
- }
-
- void __skb_get_hash(struct sk_buff *skb);
-+u32 __skb_get_hash_symmetric(struct sk_buff *skb);
- u32 skb_get_poff(const struct sk_buff *skb);
- u32 __skb_get_poff(const struct sk_buff *skb, void *data,
- const struct flow_keys *keys, int hlen);
-@@ -2860,6 +2861,25 @@ static inline void skb_postpush_rcsum(struct sk_buff *skb,
- }
-
- /**
-+ * skb_push_rcsum - push skb and update receive checksum
-+ * @skb: buffer to update
-+ * @len: length of data pulled
-+ *
-+ * This function performs an skb_push on the packet and updates
-+ * the CHECKSUM_COMPLETE checksum. It should be used on
-+ * receive path processing instead of skb_push unless you know
-+ * that the checksum difference is zero (e.g., a valid IP header)
-+ * or you are setting ip_summed to CHECKSUM_NONE.
-+ */
-+static inline unsigned char *skb_push_rcsum(struct sk_buff *skb,
-+ unsigned int len)
-+{
-+ skb_push(skb, len);
-+ skb_postpush_rcsum(skb, skb->data, len);
-+ return skb->data;
-+}
-+
-+/**
- * pskb_trim_rcsum - trim received skb and update checksum
- * @skb: buffer to trim
- * @len: new length
-diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 9a7ddba..14d70f5 100644
---- a/include/linux/sunrpc/clnt.h
-+++ b/include/linux/sunrpc/clnt.h
-@@ -137,8 +137,6 @@ struct rpc_create_args {
- #define RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (1UL << 9)
-
- struct rpc_clnt *rpc_create(struct rpc_create_args *args);
--struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args,
-- struct rpc_xprt *xprt);
- struct rpc_clnt *rpc_bind_new_program(struct rpc_clnt *,
- const struct rpc_program *, u32);
- struct rpc_clnt *rpc_clone_client(struct rpc_clnt *);
-diff --git a/include/linux/sunrpc/svc_xprt.h b/include/linux/sunrpc/svc_xprt.h
-index b7dabc4..79ba508 100644
---- a/include/linux/sunrpc/svc_xprt.h
-+++ b/include/linux/sunrpc/svc_xprt.h
-@@ -84,6 +84,7 @@ struct svc_xprt {
-
- struct net *xpt_net;
- struct rpc_xprt *xpt_bc_xprt; /* NFSv4.1 backchannel */
-+ struct rpc_xprt_switch *xpt_bc_xps; /* NFSv4.1 backchannel */
- };
-
- static inline void unregister_xpt_user(struct svc_xprt *xpt, struct svc_xpt_user *u)
-diff --git a/include/linux/sunrpc/xprt.h b/include/linux/sunrpc/xprt.h
-index fb0d212..9f51e1d 100644
---- a/include/linux/sunrpc/xprt.h
-+++ b/include/linux/sunrpc/xprt.h
-@@ -296,6 +296,7 @@ struct xprt_create {
- size_t addrlen;
- const char *servername;
- struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */
-+ struct rpc_xprt_switch *bc_xps;
- unsigned int flags;
- };
-
-diff --git a/include/linux/usb/ehci_def.h b/include/linux/usb/ehci_def.h
-index 966889a..e479033 100644
---- a/include/linux/usb/ehci_def.h
-+++ b/include/linux/usb/ehci_def.h
-@@ -180,11 +180,11 @@ struct ehci_regs {
- * PORTSCx
- */
- /* HOSTPC: offset 0x84 */
-- u32 hostpc[1]; /* HOSTPC extension */
-+ u32 hostpc[0]; /* HOSTPC extension */
- #define HOSTPC_PHCD (1<<22) /* Phy clock disable */
- #define HOSTPC_PSPD (3<<25) /* Port speed detection */
-
-- u32 reserved5[16];
-+ u32 reserved5[17];
-
- /* USBMODE_EX: offset 0xc8 */
- u32 usbmode_ex; /* USB Device mode extension */
-diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
-index fb2cef4..b8334a6 100644
---- a/include/rdma/ib_verbs.h
-+++ b/include/rdma/ib_verbs.h
-@@ -217,7 +217,7 @@ enum ib_device_cap_flags {
- IB_DEVICE_CROSS_CHANNEL = (1 << 27),
- IB_DEVICE_MANAGED_FLOW_STEERING = (1 << 29),
- IB_DEVICE_SIGNATURE_HANDOVER = (1 << 30),
-- IB_DEVICE_ON_DEMAND_PAGING = (1 << 31),
-+ IB_DEVICE_ON_DEMAND_PAGING = (1ULL << 31),
- IB_DEVICE_SG_GAPS_REG = (1ULL << 32),
- IB_DEVICE_VIRTUAL_FUNCTION = ((u64)1 << 33),
- };
-diff --git a/include/rdma/rdma_vt.h b/include/rdma/rdma_vt.h
-index a869655..6ee9d97 100644
---- a/include/rdma/rdma_vt.h
-+++ b/include/rdma/rdma_vt.h
-@@ -203,7 +203,9 @@ struct rvt_driver_provided {
-
- /*
- * Allocate a private queue pair data structure for driver specific
-- * information which is opaque to rdmavt.
-+ * information which is opaque to rdmavt. Errors are returned via
-+ * ERR_PTR(err). The driver is free to return NULL or a valid
-+ * pointer.
- */
- void * (*qp_priv_alloc)(struct rvt_dev_info *rdi, struct rvt_qp *qp,
- gfp_t gfp);
-diff --git a/kernel/futex.c b/kernel/futex.c
-index c20f06f..6555d54 100644
---- a/kernel/futex.c
-+++ b/kernel/futex.c
-@@ -469,7 +469,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
- {
- unsigned long address = (unsigned long)uaddr;
- struct mm_struct *mm = current->mm;
-- struct page *page;
-+ struct page *page, *tail;
- struct address_space *mapping;
- int err, ro = 0;
-
-@@ -530,7 +530,15 @@ again:
- * considered here and page lock forces unnecessarily serialization
- * From this point on, mapping will be re-verified if necessary and
- * page lock will be acquired only if it is unavoidable
-- */
-+ *
-+ * Mapping checks require the head page for any compound page so the
-+ * head page and mapping is looked up now. For anonymous pages, it
-+ * does not matter if the page splits in the future as the key is
-+ * based on the address. For filesystem-backed pages, the tail is
-+ * required as the index of the page determines the key. For
-+ * base pages, there is no tail page and tail == page.
-+ */
-+ tail = page;
- page = compound_head(page);
- mapping = READ_ONCE(page->mapping);
-
-@@ -654,7 +662,7 @@ again:
-
- key->both.offset |= FUT_OFF_INODE; /* inode-based key */
- key->shared.inode = inode;
-- key->shared.pgoff = basepage_index(page);
-+ key->shared.pgoff = basepage_index(tail);
- rcu_read_unlock();
- }
-
-diff --git a/kernel/jump_label.c b/kernel/jump_label.c
-index 05254ee..4b353e0 100644
---- a/kernel/jump_label.c
-+++ b/kernel/jump_label.c
-@@ -58,13 +58,36 @@ static void jump_label_update(struct static_key *key);
-
- void static_key_slow_inc(struct static_key *key)
- {
-+ int v, v1;
-+
- STATIC_KEY_CHECK_USE();
-- if (atomic_inc_not_zero(&key->enabled))
-- return;
-+
-+ /*
-+ * Careful if we get concurrent static_key_slow_inc() calls;
-+ * later calls must wait for the first one to _finish_ the
-+ * jump_label_update() process. At the same time, however,
-+ * the jump_label_update() call below wants to see
-+ * static_key_enabled(&key) for jumps to be updated properly.
-+ *
-+ * So give a special meaning to negative key->enabled: it sends
-+ * static_key_slow_inc() down the slow path, and it is non-zero
-+ * so it counts as "enabled" in jump_label_update(). Note that
-+ * atomic_inc_unless_negative() checks >= 0, so roll our own.
-+ */
-+ for (v = atomic_read(&key->enabled); v > 0; v = v1) {
-+ v1 = atomic_cmpxchg(&key->enabled, v, v + 1);
-+ if (likely(v1 == v))
-+ return;
-+ }
-
- jump_label_lock();
-- if (atomic_inc_return(&key->enabled) == 1)
-+ if (atomic_read(&key->enabled) == 0) {
-+ atomic_set(&key->enabled, -1);
- jump_label_update(key);
-+ atomic_set(&key->enabled, 1);
-+ } else {
-+ atomic_inc(&key->enabled);
-+ }
- jump_label_unlock();
- }
- EXPORT_SYMBOL_GPL(static_key_slow_inc);
-@@ -72,6 +95,13 @@ EXPORT_SYMBOL_GPL(static_key_slow_inc);
- static void __static_key_slow_dec(struct static_key *key,
- unsigned long rate_limit, struct delayed_work *work)
- {
-+ /*
-+ * The negative count check is valid even when a negative
-+ * key->enabled is in use by static_key_slow_inc(); a
-+ * __static_key_slow_dec() before the first static_key_slow_inc()
-+ * returns is unbalanced, because all other static_key_slow_inc()
-+ * instances block while the update is in progress.
-+ */
- if (!atomic_dec_and_mutex_lock(&key->enabled, &jump_label_mutex)) {
- WARN(atomic_read(&key->enabled) < 0,
- "jump label: negative count!\n");
-diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
-index e364b42..79d2d76 100644
---- a/kernel/locking/mutex.c
-+++ b/kernel/locking/mutex.c
-@@ -486,9 +486,6 @@ __ww_mutex_lock_check_stamp(struct mutex *lock, struct ww_acquire_ctx *ctx)
- if (!hold_ctx)
- return 0;
-
-- if (unlikely(ctx == hold_ctx))
-- return -EALREADY;
--
- if (ctx->stamp - hold_ctx->stamp <= LONG_MAX &&
- (ctx->stamp != hold_ctx->stamp || ctx > hold_ctx)) {
- #ifdef CONFIG_DEBUG_MUTEXES
-@@ -514,6 +511,12 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
- unsigned long flags;
- int ret;
-
-+ if (use_ww_ctx) {
-+ struct ww_mutex *ww = container_of(lock, struct ww_mutex, base);
-+ if (unlikely(ww_ctx == READ_ONCE(ww->ctx)))
-+ return -EALREADY;
-+ }
-+
- preempt_disable();
- mutex_acquire_nest(&lock->dep_map, subclass, 0, nest_lock, ip);
-
-diff --git a/kernel/locking/qspinlock.c b/kernel/locking/qspinlock.c
-index ce2f75e..5fc8c31 100644
---- a/kernel/locking/qspinlock.c
-+++ b/kernel/locking/qspinlock.c
-@@ -267,6 +267,66 @@ static __always_inline u32 __pv_wait_head_or_lock(struct qspinlock *lock,
- #define queued_spin_lock_slowpath native_queued_spin_lock_slowpath
- #endif
-
-+/*
-+ * queued_spin_lock_slowpath() can (load-)ACQUIRE the lock before
-+ * issuing an _unordered_ store to set _Q_LOCKED_VAL.
-+ *
-+ * This means that the store can be delayed, but no later than the
-+ * store-release from the unlock. This means that simply observing
-+ * _Q_LOCKED_VAL is not sufficient to determine if the lock is acquired.
-+ *
-+ * There are two paths that can issue the unordered store:
-+ *
-+ * (1) clear_pending_set_locked(): *,1,0 -> *,0,1
-+ *
-+ * (2) set_locked(): t,0,0 -> t,0,1 ; t != 0
-+ * atomic_cmpxchg_relaxed(): t,0,0 -> 0,0,1
-+ *
-+ * However, in both cases we have other !0 state we've set before to queue
-+ * ourseves:
-+ *
-+ * For (1) we have the atomic_cmpxchg_acquire() that set _Q_PENDING_VAL, our
-+ * load is constrained by that ACQUIRE to not pass before that, and thus must
-+ * observe the store.
-+ *
-+ * For (2) we have a more intersting scenario. We enqueue ourselves using
-+ * xchg_tail(), which ends up being a RELEASE. This in itself is not
-+ * sufficient, however that is followed by an smp_cond_acquire() on the same
-+ * word, giving a RELEASE->ACQUIRE ordering. This again constrains our load and
-+ * guarantees we must observe that store.
-+ *
-+ * Therefore both cases have other !0 state that is observable before the
-+ * unordered locked byte store comes through. This means we can use that to
-+ * wait for the lock store, and then wait for an unlock.
-+ */
-+#ifndef queued_spin_unlock_wait
-+void queued_spin_unlock_wait(struct qspinlock *lock)
-+{
-+ u32 val;
-+
-+ for (;;) {
-+ val = atomic_read(&lock->val);
-+
-+ if (!val) /* not locked, we're done */
-+ goto done;
-+
-+ if (val & _Q_LOCKED_MASK) /* locked, go wait for unlock */
-+ break;
-+
-+ /* not locked, but pending, wait until we observe the lock */
-+ cpu_relax();
-+ }
-+
-+ /* any unlock is good */
-+ while (atomic_read(&lock->val) & _Q_LOCKED_MASK)
-+ cpu_relax();
-+
-+done:
-+ smp_rmb(); /* CTRL + RMB -> ACQUIRE */
-+}
-+EXPORT_SYMBOL(queued_spin_unlock_wait);
-+#endif
-+
- #endif /* _GEN_PV_LOCK_SLOWPATH */
-
- /**
-diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index e7dd0ec..eeaf920 100644
---- a/kernel/sched/fair.c
-+++ b/kernel/sched/fair.c
-@@ -2821,6 +2821,23 @@ static inline void update_tg_load_avg(struct cfs_rq *cfs_rq, int force) {}
-
- static inline u64 cfs_rq_clock_task(struct cfs_rq *cfs_rq);
-
-+/*
-+ * Unsigned subtract and clamp on underflow.
-+ *
-+ * Explicitly do a load-store to ensure the intermediate value never hits
-+ * memory. This allows lockless observations without ever seeing the negative
-+ * values.
-+ */
-+#define sub_positive(_ptr, _val) do { \
-+ typeof(_ptr) ptr = (_ptr); \
-+ typeof(*ptr) val = (_val); \
-+ typeof(*ptr) res, var = READ_ONCE(*ptr); \
-+ res = var - val; \
-+ if (res > var) \
-+ res = 0; \
-+ WRITE_ONCE(*ptr, res); \
-+} while (0)
-+
- /* Group cfs_rq's load_avg is used for task_h_load and update_cfs_share */
- static inline int update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq)
- {
-@@ -2829,15 +2846,15 @@ static inline int update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq)
-
- if (atomic_long_read(&cfs_rq->removed_load_avg)) {
- s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
-- sa->load_avg = max_t(long, sa->load_avg - r, 0);
-- sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0);
-+ sub_positive(&sa->load_avg, r);
-+ sub_positive(&sa->load_sum, r * LOAD_AVG_MAX);
- removed = 1;
- }
-
- if (atomic_long_read(&cfs_rq->removed_util_avg)) {
- long r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0);
-- sa->util_avg = max_t(long, sa->util_avg - r, 0);
-- sa->util_sum = max_t(s32, sa->util_sum - r * LOAD_AVG_MAX, 0);
-+ sub_positive(&sa->util_avg, r);
-+ sub_positive(&sa->util_sum, r * LOAD_AVG_MAX);
- }
-
- decayed = __update_load_avg(now, cpu_of(rq_of(cfs_rq)), sa,
-@@ -2927,10 +2944,10 @@ static void detach_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *s
- &se->avg, se->on_rq * scale_load_down(se->load.weight),
- cfs_rq->curr == se, NULL);
-
-- cfs_rq->avg.load_avg = max_t(long, cfs_rq->avg.load_avg - se->avg.load_avg, 0);
-- cfs_rq->avg.load_sum = max_t(s64, cfs_rq->avg.load_sum - se->avg.load_sum, 0);
-- cfs_rq->avg.util_avg = max_t(long, cfs_rq->avg.util_avg - se->avg.util_avg, 0);
-- cfs_rq->avg.util_sum = max_t(s32, cfs_rq->avg.util_sum - se->avg.util_sum, 0);
-+ sub_positive(&cfs_rq->avg.load_avg, se->avg.load_avg);
-+ sub_positive(&cfs_rq->avg.load_sum, se->avg.load_sum);
-+ sub_positive(&cfs_rq->avg.util_avg, se->avg.util_avg);
-+ sub_positive(&cfs_rq->avg.util_sum, se->avg.util_sum);
- }
-
- /* Add the load generated by se into cfs_rq's load average */
-diff --git a/kernel/sched/idle.c b/kernel/sched/idle.c
-index bd12c6c..c5aeedf 100644
---- a/kernel/sched/idle.c
-+++ b/kernel/sched/idle.c
-@@ -127,7 +127,7 @@ static int call_cpuidle(struct cpuidle_driver *drv, struct cpuidle_device *dev,
- */
- static void cpuidle_idle_call(void)
- {
-- struct cpuidle_device *dev = __this_cpu_read(cpuidle_devices);
-+ struct cpuidle_device *dev = cpuidle_get_device();
- struct cpuidle_driver *drv = cpuidle_get_cpu_driver(dev);
- int next_state, entered_state;
-
-diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c
-index f96f038..ad1d616 100644
---- a/kernel/trace/trace_printk.c
-+++ b/kernel/trace/trace_printk.c
-@@ -36,6 +36,10 @@ struct trace_bprintk_fmt {
- static inline struct trace_bprintk_fmt *lookup_format(const char *fmt)
- {
- struct trace_bprintk_fmt *pos;
-+
-+ if (!fmt)
-+ return ERR_PTR(-EINVAL);
-+
- list_for_each_entry(pos, &trace_bprintk_fmt_list, list) {
- if (!strcmp(pos->fmt, fmt))
- return pos;
-@@ -57,7 +61,8 @@ void hold_module_trace_bprintk_format(const char **start, const char **end)
- for (iter = start; iter < end; iter++) {
- struct trace_bprintk_fmt *tb_fmt = lookup_format(*iter);
- if (tb_fmt) {
-- *iter = tb_fmt->fmt;
-+ if (!IS_ERR(tb_fmt))
-+ *iter = tb_fmt->fmt;
- continue;
- }
-
-diff --git a/mm/migrate.c b/mm/migrate.c
-index f9dfb18..bdf3410 100644
---- a/mm/migrate.c
-+++ b/mm/migrate.c
-@@ -431,6 +431,7 @@ int migrate_page_move_mapping(struct address_space *mapping,
-
- return MIGRATEPAGE_SUCCESS;
- }
-+EXPORT_SYMBOL(migrate_page_move_mapping);
-
- /*
- * The expected number of remaining references is the same as that
-@@ -586,6 +587,7 @@ void migrate_page_copy(struct page *newpage, struct page *page)
-
- mem_cgroup_migrate(page, newpage);
- }
-+EXPORT_SYMBOL(migrate_page_copy);
-
- /************************************************************
- * Migration functions
-diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index bc5149d..e389f0a 100644
---- a/mm/page-writeback.c
-+++ b/mm/page-writeback.c
-@@ -369,8 +369,9 @@ static void domain_dirty_limits(struct dirty_throttle_control *dtc)
- struct dirty_throttle_control *gdtc = mdtc_gdtc(dtc);
- unsigned long bytes = vm_dirty_bytes;
- unsigned long bg_bytes = dirty_background_bytes;
-- unsigned long ratio = vm_dirty_ratio;
-- unsigned long bg_ratio = dirty_background_ratio;
-+ /* convert ratios to per-PAGE_SIZE for higher precision */
-+ unsigned long ratio = (vm_dirty_ratio * PAGE_SIZE) / 100;
-+ unsigned long bg_ratio = (dirty_background_ratio * PAGE_SIZE) / 100;
- unsigned long thresh;
- unsigned long bg_thresh;
- struct task_struct *tsk;
-@@ -382,26 +383,28 @@ static void domain_dirty_limits(struct dirty_throttle_control *dtc)
- /*
- * The byte settings can't be applied directly to memcg
- * domains. Convert them to ratios by scaling against
-- * globally available memory.
-+ * globally available memory. As the ratios are in
-+ * per-PAGE_SIZE, they can be obtained by dividing bytes by
-+ * number of pages.
- */
- if (bytes)
-- ratio = min(DIV_ROUND_UP(bytes, PAGE_SIZE) * 100 /
-- global_avail, 100UL);
-+ ratio = min(DIV_ROUND_UP(bytes, global_avail),
-+ PAGE_SIZE);
- if (bg_bytes)
-- bg_ratio = min(DIV_ROUND_UP(bg_bytes, PAGE_SIZE) * 100 /
-- global_avail, 100UL);
-+ bg_ratio = min(DIV_ROUND_UP(bg_bytes, global_avail),
-+ PAGE_SIZE);
- bytes = bg_bytes = 0;
- }
-
- if (bytes)
- thresh = DIV_ROUND_UP(bytes, PAGE_SIZE);
- else
-- thresh = (ratio * available_memory) / 100;
-+ thresh = (ratio * available_memory) / PAGE_SIZE;
-
- if (bg_bytes)
- bg_thresh = DIV_ROUND_UP(bg_bytes, PAGE_SIZE);
- else
-- bg_thresh = (bg_ratio * available_memory) / 100;
-+ bg_thresh = (bg_ratio * available_memory) / PAGE_SIZE;
-
- if (bg_thresh >= thresh)
- bg_thresh = thresh / 2;
-diff --git a/mm/percpu.c b/mm/percpu.c
-index 0c59684..9903830 100644
---- a/mm/percpu.c
-+++ b/mm/percpu.c
-@@ -112,7 +112,7 @@ struct pcpu_chunk {
- int map_used; /* # of map entries used before the sentry */
- int map_alloc; /* # of map entries allocated */
- int *map; /* allocation map */
-- struct work_struct map_extend_work;/* async ->map[] extension */
-+ struct list_head map_extend_list;/* on pcpu_map_extend_chunks */
-
- void *data; /* chunk data */
- int first_free; /* no free below this */
-@@ -162,10 +162,13 @@ static struct pcpu_chunk *pcpu_reserved_chunk;
- static int pcpu_reserved_chunk_limit;
-
- static DEFINE_SPINLOCK(pcpu_lock); /* all internal data structures */
--static DEFINE_MUTEX(pcpu_alloc_mutex); /* chunk create/destroy, [de]pop */
-+static DEFINE_MUTEX(pcpu_alloc_mutex); /* chunk create/destroy, [de]pop, map ext */
-
- static struct list_head *pcpu_slot __read_mostly; /* chunk list slots */
-
-+/* chunks which need their map areas extended, protected by pcpu_lock */
-+static LIST_HEAD(pcpu_map_extend_chunks);
-+
- /*
- * The number of empty populated pages, protected by pcpu_lock. The
- * reserved chunk doesn't contribute to the count.
-@@ -395,13 +398,19 @@ static int pcpu_need_to_extend(struct pcpu_chunk *chunk, bool is_atomic)
- {
- int margin, new_alloc;
-
-+ lockdep_assert_held(&pcpu_lock);
-+
- if (is_atomic) {
- margin = 3;
-
- if (chunk->map_alloc <
-- chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW &&
-- pcpu_async_enabled)
-- schedule_work(&chunk->map_extend_work);
-+ chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW) {
-+ if (list_empty(&chunk->map_extend_list)) {
-+ list_add_tail(&chunk->map_extend_list,
-+ &pcpu_map_extend_chunks);
-+ pcpu_schedule_balance_work();
-+ }
-+ }
- } else {
- margin = PCPU_ATOMIC_MAP_MARGIN_HIGH;
- }
-@@ -435,6 +444,8 @@ static int pcpu_extend_area_map(struct pcpu_chunk *chunk, int new_alloc)
- size_t old_size = 0, new_size = new_alloc * sizeof(new[0]);
- unsigned long flags;
-
-+ lockdep_assert_held(&pcpu_alloc_mutex);
-+
- new = pcpu_mem_zalloc(new_size);
- if (!new)
- return -ENOMEM;
-@@ -467,20 +478,6 @@ out_unlock:
- return 0;
- }
-
--static void pcpu_map_extend_workfn(struct work_struct *work)
--{
-- struct pcpu_chunk *chunk = container_of(work, struct pcpu_chunk,
-- map_extend_work);
-- int new_alloc;
--
-- spin_lock_irq(&pcpu_lock);
-- new_alloc = pcpu_need_to_extend(chunk, false);
-- spin_unlock_irq(&pcpu_lock);
--
-- if (new_alloc)
-- pcpu_extend_area_map(chunk, new_alloc);
--}
--
- /**
- * pcpu_fit_in_area - try to fit the requested allocation in a candidate area
- * @chunk: chunk the candidate area belongs to
-@@ -740,7 +737,7 @@ static struct pcpu_chunk *pcpu_alloc_chunk(void)
- chunk->map_used = 1;
-
- INIT_LIST_HEAD(&chunk->list);
-- INIT_WORK(&chunk->map_extend_work, pcpu_map_extend_workfn);
-+ INIT_LIST_HEAD(&chunk->map_extend_list);
- chunk->free_size = pcpu_unit_size;
- chunk->contig_hint = pcpu_unit_size;
-
-@@ -895,6 +892,9 @@ static void __percpu *pcpu_alloc(size_t size, size_t align, bool reserved,
- return NULL;
- }
-
-+ if (!is_atomic)
-+ mutex_lock(&pcpu_alloc_mutex);
-+
- spin_lock_irqsave(&pcpu_lock, flags);
-
- /* serve reserved allocations from the reserved chunk if available */
-@@ -967,12 +967,9 @@ restart:
- if (is_atomic)
- goto fail;
-
-- mutex_lock(&pcpu_alloc_mutex);
--
- if (list_empty(&pcpu_slot[pcpu_nr_slots - 1])) {
- chunk = pcpu_create_chunk();
- if (!chunk) {
-- mutex_unlock(&pcpu_alloc_mutex);
- err = "failed to allocate new chunk";
- goto fail;
- }
-@@ -983,7 +980,6 @@ restart:
- spin_lock_irqsave(&pcpu_lock, flags);
- }
-
-- mutex_unlock(&pcpu_alloc_mutex);
- goto restart;
-
- area_found:
-@@ -993,8 +989,6 @@ area_found:
- if (!is_atomic) {
- int page_start, page_end, rs, re;
-
-- mutex_lock(&pcpu_alloc_mutex);
--
- page_start = PFN_DOWN(off);
- page_end = PFN_UP(off + size);
-
-@@ -1005,7 +999,6 @@ area_found:
-
- spin_lock_irqsave(&pcpu_lock, flags);
- if (ret) {
-- mutex_unlock(&pcpu_alloc_mutex);
- pcpu_free_area(chunk, off, &occ_pages);
- err = "failed to populate";
- goto fail_unlock;
-@@ -1045,6 +1038,8 @@ fail:
- /* see the flag handling in pcpu_blance_workfn() */
- pcpu_atomic_alloc_failed = true;
- pcpu_schedule_balance_work();
-+ } else {
-+ mutex_unlock(&pcpu_alloc_mutex);
- }
- return NULL;
- }
-@@ -1129,6 +1124,7 @@ static void pcpu_balance_workfn(struct work_struct *work)
- if (chunk == list_first_entry(free_head, struct pcpu_chunk, list))
- continue;
-
-+ list_del_init(&chunk->map_extend_list);
- list_move(&chunk->list, &to_free);
- }
-
-@@ -1146,6 +1142,25 @@ static void pcpu_balance_workfn(struct work_struct *work)
- pcpu_destroy_chunk(chunk);
- }
-
-+ /* service chunks which requested async area map extension */
-+ do {
-+ int new_alloc = 0;
-+
-+ spin_lock_irq(&pcpu_lock);
-+
-+ chunk = list_first_entry_or_null(&pcpu_map_extend_chunks,
-+ struct pcpu_chunk, map_extend_list);
-+ if (chunk) {
-+ list_del_init(&chunk->map_extend_list);
-+ new_alloc = pcpu_need_to_extend(chunk, false);
-+ }
-+
-+ spin_unlock_irq(&pcpu_lock);
-+
-+ if (new_alloc)
-+ pcpu_extend_area_map(chunk, new_alloc);
-+ } while (chunk);
-+
- /*
- * Ensure there are certain number of free populated pages for
- * atomic allocs. Fill up from the most packed so that atomic
-@@ -1644,7 +1659,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
- */
- schunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
- INIT_LIST_HEAD(&schunk->list);
-- INIT_WORK(&schunk->map_extend_work, pcpu_map_extend_workfn);
-+ INIT_LIST_HEAD(&schunk->map_extend_list);
- schunk->base_addr = base_addr;
- schunk->map = smap;
- schunk->map_alloc = ARRAY_SIZE(smap);
-@@ -1673,7 +1688,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
- if (dyn_size) {
- dchunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
- INIT_LIST_HEAD(&dchunk->list);
-- INIT_WORK(&dchunk->map_extend_work, pcpu_map_extend_workfn);
-+ INIT_LIST_HEAD(&dchunk->map_extend_list);
- dchunk->base_addr = base_addr;
- dchunk->map = dmap;
- dchunk->map_alloc = ARRAY_SIZE(dmap);
-diff --git a/mm/shmem.c b/mm/shmem.c
-index 719bd6b..9ca09f5 100644
---- a/mm/shmem.c
-+++ b/mm/shmem.c
-@@ -2236,9 +2236,11 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
- NULL);
- if (error) {
- /* Remove the !PageUptodate pages we added */
-- shmem_undo_range(inode,
-- (loff_t)start << PAGE_SHIFT,
-- (loff_t)index << PAGE_SHIFT, true);
-+ if (index > start) {
-+ shmem_undo_range(inode,
-+ (loff_t)start << PAGE_SHIFT,
-+ ((loff_t)index << PAGE_SHIFT) - 1, true);
-+ }
- goto undone;
- }
-
-diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
-index a669dea..61ad43f 100644
---- a/net/core/flow_dissector.c
-+++ b/net/core/flow_dissector.c
-@@ -651,6 +651,23 @@ void make_flow_keys_digest(struct flow_keys_digest *digest,
- }
- EXPORT_SYMBOL(make_flow_keys_digest);
-
-+static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
-+
-+u32 __skb_get_hash_symmetric(struct sk_buff *skb)
-+{
-+ struct flow_keys keys;
-+
-+ __flow_hash_secret_init();
-+
-+ memset(&keys, 0, sizeof(keys));
-+ __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
-+ NULL, 0, 0, 0,
-+ FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
-+
-+ return __flow_hash_from_keys(&keys, hashrnd);
-+}
-+EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
-+
- /**
- * __skb_get_hash: calculate a flow hash
- * @skb: sk_buff to calculate flow hash from
-@@ -868,6 +885,29 @@ static const struct flow_dissector_key flow_keys_dissector_keys[] = {
- },
- };
-
-+static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
-+ {
-+ .key_id = FLOW_DISSECTOR_KEY_CONTROL,
-+ .offset = offsetof(struct flow_keys, control),
-+ },
-+ {
-+ .key_id = FLOW_DISSECTOR_KEY_BASIC,
-+ .offset = offsetof(struct flow_keys, basic),
-+ },
-+ {
-+ .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
-+ .offset = offsetof(struct flow_keys, addrs.v4addrs),
-+ },
-+ {
-+ .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
-+ .offset = offsetof(struct flow_keys, addrs.v6addrs),
-+ },
-+ {
-+ .key_id = FLOW_DISSECTOR_KEY_PORTS,
-+ .offset = offsetof(struct flow_keys, ports),
-+ },
-+};
-+
- static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
- {
- .key_id = FLOW_DISSECTOR_KEY_CONTROL,
-@@ -889,6 +929,9 @@ static int __init init_default_flow_dissectors(void)
- skb_flow_dissector_init(&flow_keys_dissector,
- flow_keys_dissector_keys,
- ARRAY_SIZE(flow_keys_dissector_keys));
-+ skb_flow_dissector_init(&flow_keys_dissector_symmetric,
-+ flow_keys_dissector_symmetric_keys,
-+ ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
- skb_flow_dissector_init(&flow_keys_buf_dissector,
- flow_keys_buf_dissector_keys,
- ARRAY_SIZE(flow_keys_buf_dissector_keys));
-diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index e561f9f..59bf4d7 100644
---- a/net/core/skbuff.c
-+++ b/net/core/skbuff.c
-@@ -3016,24 +3016,6 @@ int skb_append_pagefrags(struct sk_buff *skb, struct page *page,
- EXPORT_SYMBOL_GPL(skb_append_pagefrags);
-
- /**
-- * skb_push_rcsum - push skb and update receive checksum
-- * @skb: buffer to update
-- * @len: length of data pulled
-- *
-- * This function performs an skb_push on the packet and updates
-- * the CHECKSUM_COMPLETE checksum. It should be used on
-- * receive path processing instead of skb_push unless you know
-- * that the checksum difference is zero (e.g., a valid IP header)
-- * or you are setting ip_summed to CHECKSUM_NONE.
-- */
--static unsigned char *skb_push_rcsum(struct sk_buff *skb, unsigned len)
--{
-- skb_push(skb, len);
-- skb_postpush_rcsum(skb, skb->data, len);
-- return skb->data;
--}
--
--/**
- * skb_pull_rcsum - pull skb and update receive checksum
- * @skb: buffer to update
- * @len: length of data pulled
-diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
-index ea071fa..c26fac2 100644
---- a/net/ipv6/ip6_fib.c
-+++ b/net/ipv6/ip6_fib.c
-@@ -177,6 +177,7 @@ static void rt6_free_pcpu(struct rt6_info *non_pcpu_rt)
- }
- }
-
-+ free_percpu(non_pcpu_rt->rt6i_pcpu);
- non_pcpu_rt->rt6i_pcpu = NULL;
- }
-
-diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
-index d32cefc..34a5712 100644
---- a/net/mac80211/mesh.c
-+++ b/net/mac80211/mesh.c
-@@ -150,19 +150,26 @@ u32 mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata)
- void mesh_sta_cleanup(struct sta_info *sta)
- {
- struct ieee80211_sub_if_data *sdata = sta->sdata;
-- u32 changed;
-+ u32 changed = 0;
-
- /*
- * maybe userspace handles peer allocation and peering, but in either
- * case the beacon is still generated by the kernel and we might need
- * an update.
- */
-- changed = mesh_accept_plinks_update(sdata);
-+ if (sdata->u.mesh.user_mpm &&
-+ sta->mesh->plink_state == NL80211_PLINK_ESTAB)
-+ changed |= mesh_plink_dec_estab_count(sdata);
-+ changed |= mesh_accept_plinks_update(sdata);
- if (!sdata->u.mesh.user_mpm) {
- changed |= mesh_plink_deactivate(sta);
- del_timer_sync(&sta->mesh->plink_timer);
- }
-
-+ /* make sure no readers can access nexthop sta from here on */
-+ mesh_path_flush_by_nexthop(sta);
-+ synchronize_net();
-+
- if (changed)
- ieee80211_mbss_info_change_notify(sdata, changed);
- }
-diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
-index 62193f4..ba7ce53 100644
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -275,7 +275,7 @@ struct ieee80211_fast_tx {
- u8 sa_offs, da_offs, pn_offs;
- u8 band;
- u8 hdr[30 + 2 + IEEE80211_FAST_XMIT_MAX_IV +
-- sizeof(rfc1042_header)];
-+ sizeof(rfc1042_header)] __aligned(2);
-
- struct rcu_head rcu_head;
- };
-diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 18d0bec..8012f67 100644
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -1340,7 +1340,7 @@ static unsigned int fanout_demux_hash(struct packet_fanout *f,
- struct sk_buff *skb,
- unsigned int num)
- {
-- return reciprocal_scale(skb_get_hash(skb), num);
-+ return reciprocal_scale(__skb_get_hash_symmetric(skb), num);
- }
-
- static unsigned int fanout_demux_lb(struct packet_fanout *f,
-diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
-index 8f3948d..934336e 100644
---- a/net/sched/act_mirred.c
-+++ b/net/sched/act_mirred.c
-@@ -180,7 +180,7 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a,
-
- if (!(at & AT_EGRESS)) {
- if (m->tcfm_ok_push)
-- skb_push(skb2, skb->mac_len);
-+ skb_push_rcsum(skb2, skb->mac_len);
- }
-
- /* mirror is always swallowed */
-diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 7e0c9bf..837dd91 100644
---- a/net/sunrpc/clnt.c
-+++ b/net/sunrpc/clnt.c
-@@ -446,16 +446,27 @@ out_no_rpciod:
- return ERR_PTR(err);
- }
-
--struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args,
-+static struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args,
- struct rpc_xprt *xprt)
- {
- struct rpc_clnt *clnt = NULL;
- struct rpc_xprt_switch *xps;
-
-- xps = xprt_switch_alloc(xprt, GFP_KERNEL);
-- if (xps == NULL)
-- return ERR_PTR(-ENOMEM);
--
-+ if (args->bc_xprt && args->bc_xprt->xpt_bc_xps) {
-+ WARN_ON(args->protocol != XPRT_TRANSPORT_BC_TCP);
-+ xps = args->bc_xprt->xpt_bc_xps;
-+ xprt_switch_get(xps);
-+ } else {
-+ xps = xprt_switch_alloc(xprt, GFP_KERNEL);
-+ if (xps == NULL) {
-+ xprt_put(xprt);
-+ return ERR_PTR(-ENOMEM);
-+ }
-+ if (xprt->bc_xprt) {
-+ xprt_switch_get(xps);
-+ xprt->bc_xprt->xpt_bc_xps = xps;
-+ }
-+ }
- clnt = rpc_new_client(args, xps, xprt, NULL);
- if (IS_ERR(clnt))
- return clnt;
-@@ -483,7 +494,6 @@ struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args,
-
- return clnt;
- }
--EXPORT_SYMBOL_GPL(rpc_create_xprt);
-
- /**
- * rpc_create - create an RPC client and transport with one call
-@@ -509,6 +519,15 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
- };
- char servername[48];
-
-+ if (args->bc_xprt) {
-+ WARN_ON(args->protocol != XPRT_TRANSPORT_BC_TCP);
-+ xprt = args->bc_xprt->xpt_bc_xprt;
-+ if (xprt) {
-+ xprt_get(xprt);
-+ return rpc_create_xprt(args, xprt);
-+ }
-+ }
-+
- if (args->flags & RPC_CLNT_CREATE_INFINITE_SLOTS)
- xprtargs.flags |= XPRT_CREATE_INFINITE_SLOTS;
- if (args->flags & RPC_CLNT_CREATE_NO_IDLE_TIMEOUT)
-diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
-index 7422f28..7231cb4 100644
---- a/net/sunrpc/svc_xprt.c
-+++ b/net/sunrpc/svc_xprt.c
-@@ -136,6 +136,8 @@ static void svc_xprt_free(struct kref *kref)
- /* See comment on corresponding get in xs_setup_bc_tcp(): */
- if (xprt->xpt_bc_xprt)
- xprt_put(xprt->xpt_bc_xprt);
-+ if (xprt->xpt_bc_xps)
-+ xprt_switch_put(xprt->xpt_bc_xps);
- xprt->xpt_ops->xpo_free(xprt);
- module_put(owner);
- }
-diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
-index 65e7595..e9e5dd0 100644
---- a/net/sunrpc/xprtsock.c
-+++ b/net/sunrpc/xprtsock.c
-@@ -3050,6 +3050,7 @@ static struct rpc_xprt *xs_setup_bc_tcp(struct xprt_create *args)
- return xprt;
-
- args->bc_xprt->xpt_bc_xprt = NULL;
-+ args->bc_xprt->xpt_bc_xps = NULL;
- xprt_put(xprt);
- ret = ERR_PTR(-EINVAL);
- out_err:
-diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 8269da7..7748199 100644
---- a/net/unix/af_unix.c
-+++ b/net/unix/af_unix.c
-@@ -315,7 +315,7 @@ static struct sock *unix_find_socket_byinode(struct inode *i)
- &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
- struct dentry *dentry = unix_sk(s)->path.dentry;
-
-- if (dentry && d_backing_inode(dentry) == i) {
-+ if (dentry && d_real_inode(dentry) == i) {
- sock_hold(s);
- goto found;
- }
-@@ -911,7 +911,7 @@ static struct sock *unix_find_other(struct net *net,
- err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
- if (err)
- goto fail;
-- inode = d_backing_inode(path.dentry);
-+ inode = d_real_inode(path.dentry);
- err = inode_permission(inode, MAY_WRITE);
- if (err)
- goto put_fail;
-@@ -1048,7 +1048,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
- goto out_up;
- }
- addr->hash = UNIX_HASH_SIZE;
-- hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
-+ hash = d_real_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
- spin_lock(&unix_table_lock);
- u->path = u_path;
- list = &unix_socket_table[hash];
-diff --git a/net/wireless/core.c b/net/wireless/core.c
-index 9f1c4aa..c878045 100644
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -360,8 +360,6 @@ struct wiphy *wiphy_new_nm(const struct cfg80211_ops *ops, int sizeof_priv,
- WARN_ON(ops->remain_on_channel && !ops->cancel_remain_on_channel);
- WARN_ON(ops->tdls_channel_switch && !ops->tdls_cancel_channel_switch);
- WARN_ON(ops->add_tx_ts && !ops->del_tx_ts);
-- WARN_ON(ops->set_tx_power && !ops->get_tx_power);
-- WARN_ON(ops->set_antenna && !ops->get_antenna);
-
- alloc_size = sizeof(*rdev) + sizeof_priv;
-
-diff --git a/net/wireless/util.c b/net/wireless/util.c
-index 9f440a9..47b9178 100644
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -509,7 +509,7 @@ static int __ieee80211_data_to_8023(struct sk_buff *skb, struct ethhdr *ehdr,
- * replace EtherType */
- hdrlen += ETH_ALEN + 2;
- else
-- tmp.h_proto = htons(skb->len);
-+ tmp.h_proto = htons(skb->len - hdrlen);
-
- pskb_pull(skb, hdrlen);
-
-diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index a915507..fec7578 100644
---- a/scripts/mod/file2alias.c
-+++ b/scripts/mod/file2alias.c
-@@ -384,7 +384,7 @@ static void do_of_entry_multi(void *symval, struct module *mod)
- len = sprintf(alias, "of:N%sT%s", (*name)[0] ? *name : "*",
- (*type)[0] ? *type : "*");
-
-- if (compatible[0])
-+ if ((*compatible)[0])
- sprintf(&alias[len], "%sC%s", (*type)[0] ? "*" : "",
- *compatible);
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index dec607c..5ee8201 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -523,34 +523,34 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- {
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
-- char *command, *args = value;
-+ char *command, *largs = NULL, *args = value;
- size_t arg_size;
- int error;
-
- if (size == 0)
- return -EINVAL;
-- /* args points to a PAGE_SIZE buffer, AppArmor requires that
-- * the buffer must be null terminated or have size <= PAGE_SIZE -1
-- * so that AppArmor can null terminate them
-- */
-- if (args[size - 1] != '\0') {
-- if (size == PAGE_SIZE)
-- return -EINVAL;
-- args[size] = '\0';
-- }
--
- /* task can only write its own attributes */
- if (current != task)
- return -EACCES;
-
-- args = value;
-+ /* AppArmor requires that the buffer must be null terminated atm */
-+ if (args[size - 1] != '\0') {
-+ /* null terminate */
-+ largs = args = kmalloc(size + 1, GFP_KERNEL);
-+ if (!args)
-+ return -ENOMEM;
-+ memcpy(args, value, size);
-+ args[size] = '\0';
-+ }
-+
-+ error = -EINVAL;
- args = strim(args);
- command = strsep(&args, " ");
- if (!args)
-- return -EINVAL;
-+ goto out;
- args = skip_spaces(args);
- if (!*args)
-- return -EINVAL;
-+ goto out;
-
- arg_size = size - (args - (char *) value);
- if (strcmp(name, "current") == 0) {
-@@ -576,10 +576,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- goto fail;
- } else
- /* only support the "current" and "exec" process attributes */
-- return -EINVAL;
-+ goto fail;
-
- if (!error)
- error = size;
-+out:
-+ kfree(largs);
- return error;
-
- fail:
-@@ -588,9 +590,9 @@ fail:
- aad.profile = aa_current_profile();
- aad.op = OP_SETPROCATTR;
- aad.info = name;
-- aad.error = -EINVAL;
-+ aad.error = error = -EINVAL;
- aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
-- return -EINVAL;
-+ goto out;
- }
-
- static int apparmor_task_setrlimit(struct task_struct *task,
-diff --git a/security/keys/key.c b/security/keys/key.c
-index b287551..af7f682 100644
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -584,7 +584,7 @@ int key_reject_and_link(struct key *key,
-
- mutex_unlock(&key_construction_mutex);
-
-- if (keyring)
-+ if (keyring && link_ret == 0)
- __key_link_end(keyring, &key->index_key, edit);
-
- /* wake up anyone waiting for a key to be constructed */
-diff --git a/sound/core/control.c b/sound/core/control.c
-index a85d455..b4fe9b0 100644
---- a/sound/core/control.c
-+++ b/sound/core/control.c
-@@ -160,6 +160,8 @@ void snd_ctl_notify(struct snd_card *card, unsigned int mask,
-
- if (snd_BUG_ON(!card || !id))
- return;
-+ if (card->shutdown)
-+ return;
- read_lock(&card->ctl_files_rwlock);
- #if IS_ENABLED(CONFIG_SND_MIXER_OSS)
- card->mixer_oss_change_count++;
-diff --git a/sound/core/pcm.c b/sound/core/pcm.c
-index 308c9ec..8e980aa 100644
---- a/sound/core/pcm.c
-+++ b/sound/core/pcm.c
-@@ -849,6 +849,14 @@ int snd_pcm_new_internal(struct snd_card *card, const char *id, int device,
- }
- EXPORT_SYMBOL(snd_pcm_new_internal);
-
-+static void free_chmap(struct snd_pcm_str *pstr)
-+{
-+ if (pstr->chmap_kctl) {
-+ snd_ctl_remove(pstr->pcm->card, pstr->chmap_kctl);
-+ pstr->chmap_kctl = NULL;
-+ }
-+}
-+
- static void snd_pcm_free_stream(struct snd_pcm_str * pstr)
- {
- struct snd_pcm_substream *substream, *substream_next;
-@@ -871,6 +879,7 @@ static void snd_pcm_free_stream(struct snd_pcm_str * pstr)
- kfree(setup);
- }
- #endif
-+ free_chmap(pstr);
- if (pstr->substream_count)
- put_device(&pstr->dev);
- }
-@@ -1135,10 +1144,7 @@ static int snd_pcm_dev_disconnect(struct snd_device *device)
- for (cidx = 0; cidx < 2; cidx++) {
- if (!pcm->internal)
- snd_unregister_device(&pcm->streams[cidx].dev);
-- if (pcm->streams[cidx].chmap_kctl) {
-- snd_ctl_remove(pcm->card, pcm->streams[cidx].chmap_kctl);
-- pcm->streams[cidx].chmap_kctl = NULL;
-- }
-+ free_chmap(&pcm->streams[cidx]);
- }
- mutex_unlock(&pcm->open_mutex);
- mutex_unlock(&register_mutex);
-diff --git a/sound/core/timer.c b/sound/core/timer.c
-index 6469bed..23b73f6 100644
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1954,6 +1954,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
-
- qhead = tu->qhead++;
- tu->qhead %= tu->queue_size;
-+ tu->qused--;
- spin_unlock_irq(&tu->qlock);
-
- if (tu->tread) {
-@@ -1967,7 +1968,6 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
- }
-
- spin_lock_irq(&tu->qlock);
-- tu->qused--;
- if (err < 0)
- goto _error;
- result += unit;
-diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
-index c0f8f61..172dacd 100644
---- a/sound/drivers/dummy.c
-+++ b/sound/drivers/dummy.c
-@@ -420,6 +420,7 @@ static int dummy_hrtimer_stop(struct snd_pcm_substream *substream)
-
- static inline void dummy_hrtimer_sync(struct dummy_hrtimer_pcm *dpcm)
- {
-+ hrtimer_cancel(&dpcm->timer);
- tasklet_kill(&dpcm->tasklet);
- }
-
-diff --git a/sound/hda/hdac_regmap.c b/sound/hda/hdac_regmap.c
-index 87041dd..47a358f 100644
---- a/sound/hda/hdac_regmap.c
-+++ b/sound/hda/hdac_regmap.c
-@@ -444,7 +444,7 @@ int snd_hdac_regmap_write_raw(struct hdac_device *codec, unsigned int reg,
- err = reg_raw_write(codec, reg, val);
- if (err == -EAGAIN) {
- err = snd_hdac_power_up_pm(codec);
-- if (!err)
-+ if (err >= 0)
- err = reg_raw_write(codec, reg, val);
- snd_hdac_power_down_pm(codec);
- }
-@@ -470,7 +470,7 @@ static int __snd_hdac_regmap_read_raw(struct hdac_device *codec,
- err = reg_raw_read(codec, reg, val, uncached);
- if (err == -EAGAIN) {
- err = snd_hdac_power_up_pm(codec);
-- if (!err)
-+ if (err >= 0)
- err = reg_raw_read(codec, reg, val, uncached);
- snd_hdac_power_down_pm(codec);
- }
-diff --git a/sound/pci/au88x0/au88x0_core.c b/sound/pci/au88x0/au88x0_core.c
-index 4667c32..7417718 100644
---- a/sound/pci/au88x0/au88x0_core.c
-+++ b/sound/pci/au88x0/au88x0_core.c
-@@ -1444,9 +1444,8 @@ static int vortex_wtdma_bufshift(vortex_t * vortex, int wtdma)
- int page, p, pp, delta, i;
-
- page =
-- (hwread(vortex->mmio, VORTEX_WTDMA_STAT + (wtdma << 2)) &
-- WT_SUBBUF_MASK)
-- >> WT_SUBBUF_SHIFT;
-+ (hwread(vortex->mmio, VORTEX_WTDMA_STAT + (wtdma << 2))
-+ >> WT_SUBBUF_SHIFT) & WT_SUBBUF_MASK;
- if (dma->nr_periods >= 4)
- delta = (page - dma->period_real) & 3;
- else {
-diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
-index 1cb85ae..286f5e3 100644
---- a/sound/pci/echoaudio/echoaudio.c
-+++ b/sound/pci/echoaudio/echoaudio.c
-@@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device *dev)
- u32 pipe_alloc_mask;
- int err;
-
-- commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL);
-+ commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL);
- if (commpage_bak == NULL)
- return -ENOMEM;
- commpage = chip->comm_page;
-- memcpy(commpage_bak, commpage, sizeof(struct comm_page));
-+ memcpy(commpage_bak, commpage, sizeof(*commpage));
-
- err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device);
- if (err < 0) {
-diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
-index dfaf1a9..d77cc76 100644
---- a/sound/pci/hda/hda_generic.c
-+++ b/sound/pci/hda/hda_generic.c
-@@ -3977,6 +3977,8 @@ static hda_nid_t set_path_power(struct hda_codec *codec, hda_nid_t nid,
-
- for (n = 0; n < spec->paths.used; n++) {
- path = snd_array_elem(&spec->paths, n);
-+ if (!path->depth)
-+ continue;
- if (path->path[0] == nid ||
- path->path[path->depth - 1] == nid) {
- bool pin_old = path->pin_enabled;
-diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
-index 94089fc..6f8ea13 100644
---- a/sound/pci/hda/hda_intel.c
-+++ b/sound/pci/hda/hda_intel.c
-@@ -367,9 +367,10 @@ enum {
- #define IS_SKL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d70)
- #define IS_KBL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa171)
- #define IS_KBL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d71)
-+#define IS_KBL_H(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa2f0)
- #define IS_BXT(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x5a98)
- #define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci)) || \
-- IS_KBL(pci) || IS_KBL_LP(pci)
-+ IS_KBL(pci) || IS_KBL_LP(pci) || IS_KBL_H(pci)
-
- static char *driver_short_names[] = {
- [AZX_DRIVER_ICH] = "HDA Intel",
-@@ -1217,8 +1218,10 @@ static int azx_free(struct azx *chip)
- if (use_vga_switcheroo(hda)) {
- if (chip->disabled && hda->probe_continued)
- snd_hda_unlock_devices(&chip->bus);
-- if (hda->vga_switcheroo_registered)
-+ if (hda->vga_switcheroo_registered) {
- vga_switcheroo_unregister_client(chip->pci);
-+ vga_switcheroo_fini_domain_pm_ops(chip->card->dev);
-+ }
- }
-
- if (bus->chip_init) {
-@@ -2190,6 +2193,9 @@ static const struct pci_device_id azx_ids[] = {
- /* Kabylake-LP */
- { PCI_DEVICE(0x8086, 0x9d71),
- .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_SKYLAKE },
-+ /* Kabylake-H */
-+ { PCI_DEVICE(0x8086, 0xa2f0),
-+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_SKYLAKE },
- /* Broxton-P(Apollolake) */
- { PCI_DEVICE(0x8086, 0x5a98),
- .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_BROXTON },
-@@ -2263,6 +2269,8 @@ static const struct pci_device_id azx_ids[] = {
- .driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
- { PCI_DEVICE(0x1002, 0x157a),
- .driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
-+ { PCI_DEVICE(0x1002, 0x15b3),
-+ .driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
- { PCI_DEVICE(0x1002, 0x793b),
- .driver_data = AZX_DRIVER_ATIHDMI | AZX_DCAPS_PRESET_ATI_HDMI },
- { PCI_DEVICE(0x1002, 0x7919),
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index 0fe18ed..abcb5a6 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -5650,6 +5650,9 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
- SND_PCI_QUIRK(0x17aa, 0x503c, "Thinkpad L450", ALC292_FIXUP_TPT440_DOCK),
- SND_PCI_QUIRK(0x17aa, 0x504a, "ThinkPad X260", ALC292_FIXUP_TPT440_DOCK),
- SND_PCI_QUIRK(0x17aa, 0x504b, "Thinkpad", ALC293_FIXUP_LENOVO_SPK_NOISE),
-+ SND_PCI_QUIRK(0x17aa, 0x5050, "Thinkpad T560p", ALC292_FIXUP_TPT460),
-+ SND_PCI_QUIRK(0x17aa, 0x5051, "Thinkpad L460", ALC292_FIXUP_TPT460),
-+ SND_PCI_QUIRK(0x17aa, 0x5053, "Thinkpad T460", ALC292_FIXUP_TPT460),
- SND_PCI_QUIRK(0x17aa, 0x5109, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
- SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
-@@ -5735,7 +5738,6 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
- {}
- };
- #define ALC225_STANDARD_PINS \
-- {0x12, 0xb7a60130}, \
- {0x21, 0x04211020}
-
- #define ALC256_STANDARD_PINS \
-@@ -5760,10 +5762,24 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
- static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
- SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC225_STANDARD_PINS,
-+ {0x12, 0xb7a60130},
- {0x14, 0x901701a0}),
- SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC225_STANDARD_PINS,
-+ {0x12, 0xb7a60130},
- {0x14, 0x901701b0}),
-+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC225_STANDARD_PINS,
-+ {0x12, 0xb7a60150},
-+ {0x14, 0x901701a0}),
-+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC225_STANDARD_PINS,
-+ {0x12, 0xb7a60150},
-+ {0x14, 0x901701b0}),
-+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC225_STANDARD_PINS,
-+ {0x12, 0xb7a60130},
-+ {0x1b, 0x90170110}),
- SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL2_MIC_NO_PRESENCE,
- {0x14, 0x90170110},
- {0x21, 0x02211020}),
-@@ -5832,6 +5848,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
- {0x14, 0x90170120},
- {0x21, 0x02211030}),
- SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ {0x12, 0x90a60170},
-+ {0x14, 0x90170120},
-+ {0x21, 0x02211030}),
-+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC256_STANDARD_PINS),
- SND_HDA_PIN_QUIRK(0x10ec0280, 0x103c, "HP", ALC280_FIXUP_HP_GPIO4,
- {0x12, 0x90a60130},
-diff --git a/sound/usb/card.c b/sound/usb/card.c
-index 3fc6358..2d49350 100644
---- a/sound/usb/card.c
-+++ b/sound/usb/card.c
-@@ -552,7 +552,6 @@ static int usb_audio_probe(struct usb_interface *intf,
- goto __error;
- }
- chip = usb_chip[i];
-- dev_set_drvdata(&dev->dev, chip);
- atomic_inc(&chip->active); /* avoid autopm */
- break;
- }
-@@ -578,6 +577,7 @@ static int usb_audio_probe(struct usb_interface *intf,
- goto __error;
- }
- }
-+ dev_set_drvdata(&dev->dev, chip);
-
- /*
- * For devices with more than one control interface, we assume the
-diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 4fd482f..7cb1224 100644
---- a/virt/kvm/kvm_main.c
-+++ b/virt/kvm/kvm_main.c
-@@ -2868,7 +2868,7 @@ static long kvm_vm_ioctl(struct file *filp,
- if (copy_from_user(&routing, argp, sizeof(routing)))
- goto out;
- r = -EINVAL;
-- if (routing.nr >= KVM_MAX_IRQ_ROUTES)
-+ if (routing.nr > KVM_MAX_IRQ_ROUTES)
- goto out;
- if (routing.flags)
- goto out;
diff --git a/4.6.5/0000_README b/4.7.0/0000_README
index a3be0b4..f41c54f 100644
--- a/4.6.5/0000_README
+++ b/4.7.0/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1004_linux-4.6.5.patch
-From: http://www.kernel.org
-Desc: Linux 4.6.5
-
-Patch: 4420_grsecurity-3.1-4.6.5-201607312210.patch
+Patch: 4420_grsecurity-3.1-4.7-201608131240.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.6.5/4420_grsecurity-3.1-4.6.5-201607312210.patch b/4.7.0/4420_grsecurity-3.1-4.7-201608131240.patch
index 5a9676a..d3e1770 100644
--- a/4.6.5/4420_grsecurity-3.1-4.6.5-201607312210.patch
+++ b/4.7.0/4420_grsecurity-3.1-4.7-201608131240.patch
@@ -1,5 +1,5 @@
diff --git a/.gitignore b/.gitignore
-index fd3a355..c47e86a 100644
+index 0c320bf..2be25f7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,7 @@ modules.builtin
@@ -323,10 +323,10 @@ index 13f888a..250729b 100644
A typical pattern in a Kbuild file looks like this:
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 0b3de80..550d8e8 100644
+index 82b42c9..7151845 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -1320,6 +1320,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1341,6 +1341,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
[KNL] Should the hard-lockup detector generate
backtraces on all cpus.
Format: <integer>
@@ -339,7 +339,7 @@ index 0b3de80..550d8e8 100644
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
-@@ -2515,6 +2521,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2556,6 +2562,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
@@ -350,7 +350,7 @@ index 0b3de80..550d8e8 100644
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2818,6 +2828,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2862,6 +2872,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -387,7 +387,7 @@ index 0b3de80..550d8e8 100644
pcd. [PARIDE]
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
-index fcddfd5..71afd6b 100644
+index a3683ce..5ec8bf4 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -42,6 +42,7 @@ show up in /proc/sys/kernel:
@@ -398,7 +398,7 @@ index fcddfd5..71afd6b 100644
- modprobe ==> Documentation/debugging-modules.txt
- modules_disabled
- msg_next_id [ sysv ipc ]
-@@ -406,6 +407,20 @@ This flag controls the L2 cache of G3 processor boards. If
+@@ -408,6 +409,20 @@ This flag controls the L2 cache of G3 processor boards. If
==============================================================
@@ -420,10 +420,10 @@ index fcddfd5..71afd6b 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 7d693a8..28a594e 100644
+index 66da9a3..69d3a1ae 100644
--- a/Makefile
+++ b/Makefile
-@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
+@@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
HOSTCC = gcc
HOSTCXX = g++
HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89
@@ -434,7 +434,7 @@ index 7d693a8..28a594e 100644
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
-@@ -548,7 +550,7 @@ ifeq ($(KBUILD_EXTMOD),)
+@@ -554,7 +556,7 @@ ifeq ($(KBUILD_EXTMOD),)
# in parallel
PHONY += scripts
scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
@@ -443,7 +443,7 @@ index 7d693a8..28a594e 100644
$(Q)$(MAKE) $(build)=$(@)
# Objects we will link into vmlinux / subdirs we need to visit
-@@ -623,6 +625,8 @@ endif
+@@ -633,6 +635,8 @@ endif
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
@@ -452,7 +452,7 @@ index 7d693a8..28a594e 100644
ifdef CONFIG_READABLE_ASM
# Disable optimizations that make assembler listings hard to read.
# reorder blocks reorders the control in the function
-@@ -724,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
+@@ -734,7 +738,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
else
KBUILD_CFLAGS += -g
endif
@@ -461,7 +461,7 @@ index 7d693a8..28a594e 100644
endif
ifdef CONFIG_DEBUG_INFO_DWARF4
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
-@@ -899,7 +903,7 @@ export mod_sign_cmd
+@@ -909,7 +913,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -470,16 +470,16 @@ index 7d693a8..28a594e 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -1002,7 +1006,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -1028,7 +1032,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
--prepare0: archprepare FORCE
-+prepare0: archprepare gcc-plugins FORCE
+-prepare0: archprepare
++prepare0: archprepare gcc-plugins
$(Q)$(MAKE) $(build)=.
# All the preparing..
-@@ -1220,7 +1224,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1247,7 +1251,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.pem signing_key.priv signing_key.x509 \
x509.genkey extra_certificates signing_key.x509.keyid \
@@ -492,7 +492,7 @@ index 7d693a8..28a594e 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1259,7 +1267,7 @@ distclean: mrproper
+@@ -1286,7 +1294,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -501,7 +501,7 @@ index 7d693a8..28a594e 100644
-type f -print | xargs rm -f
-@@ -1480,6 +1488,7 @@ clean: $(clean-dirs)
+@@ -1509,6 +1517,7 @@ clean: $(clean-dirs)
-o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
-o -name '*.symtypes' -o -name 'modules.order' \
-o -name modules.builtin -o -name '.tmp_*.o.*' \
@@ -510,10 +510,10 @@ index 7d693a8..28a594e 100644
# Generate tags for editors
diff --git a/arch/Kconfig b/arch/Kconfig
-index 81869a5..b10fc6c 100644
+index 1599629..1ef557b 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
-@@ -353,6 +353,20 @@ config SECCOMP_FILTER
+@@ -357,6 +357,20 @@ config SECCOMP_FILTER
See Documentation/prctl/seccomp_filter.txt for details.
@@ -598,7 +598,7 @@ index 968d999..d36b2df 100644
registered using atexit. This provides a mean for the dynamic
linker to call DT_FINI functions for shared libraries that have
diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h
-index aab14a0..b4fa3e7 100644
+index c2ebb6f..93a0613 100644
--- a/arch/alpha/include/asm/pgalloc.h
+++ b/arch/alpha/include/asm/pgalloc.h
@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
@@ -650,7 +650,7 @@ index 936bc8f..bb1859f 100644
for (i = 0; i < n; i++) {
diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
-index 6cc0816..3dd424d 100644
+index ffb93f49..ced8233 100644
--- a/arch/alpha/kernel/osf_sys.c
+++ b/arch/alpha/kernel/osf_sys.c
@@ -1300,10 +1300,11 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p)
@@ -865,10 +865,10 @@ index 4a905bd..0a4da53 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arc/Kconfig b/arch/arc/Kconfig
-index a876743..fe2a193 100644
+index 0d3e59f..4418d65 100644
--- a/arch/arc/Kconfig
+++ b/arch/arc/Kconfig
-@@ -549,6 +549,7 @@ config ARC_DBG_TLB_MISS_COUNT
+@@ -541,6 +541,7 @@ config ARC_DBG_TLB_MISS_COUNT
bool "Profile TLB Misses"
default n
select DEBUG_FS
@@ -877,10 +877,10 @@ index a876743..fe2a193 100644
Counts number of I and D TLB Misses and exports them via Debugfs
The counters can be cleared via Debugfs as well
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index cdfa6c2..f39881d 100644
+index 90542db..769febf 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
-@@ -53,6 +53,7 @@ config ARM
+@@ -54,6 +54,7 @@ config ARM
select HAVE_FTRACE_MCOUNT_RECORD if (!XIP_KERNEL)
select HAVE_FUNCTION_GRAPH_TRACER if (!THUMB2_KERNEL)
select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
@@ -888,7 +888,7 @@ index cdfa6c2..f39881d 100644
select HAVE_GENERIC_DMA_COHERENT
select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K || CPU_V7))
select HAVE_IDE if PCI || ISA || PCMCIA
-@@ -1561,6 +1562,7 @@ config AEABI
+@@ -1581,6 +1582,7 @@ config AEABI
config OABI_COMPAT
bool "Allow old ABI binaries to run with this kernel (EXPERIMENTAL)"
depends on AEABI && !THUMB2_KERNEL
@@ -896,7 +896,7 @@ index cdfa6c2..f39881d 100644
help
This option preserves the old syscall interface along with the
new (ARM EABI) one. It also provides a compatibility layer to
-@@ -1629,6 +1631,7 @@ config HIGHPTE
+@@ -1649,6 +1651,7 @@ config HIGHPTE
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
@@ -904,7 +904,7 @@ index cdfa6c2..f39881d 100644
default y
help
Increase kernel security by ensuring that normal kernel accesses
-@@ -1705,7 +1708,7 @@ config ALIGNMENT_TRAP
+@@ -1725,7 +1728,7 @@ config ALIGNMENT_TRAP
config UACCESS_WITH_MEMCPY
bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -913,7 +913,7 @@ index cdfa6c2..f39881d 100644
default y if CPU_FEROCEON
help
Implement faster copy_to_user and clear_user methods for CPU
-@@ -1960,6 +1963,7 @@ config KEXEC
+@@ -1980,6 +1983,7 @@ config KEXEC
depends on (!SMP || PM_SLEEP_SMP)
depends on !CPU_V7M
select KEXEC_CORE
@@ -921,7 +921,7 @@ index cdfa6c2..f39881d 100644
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -2004,7 +2008,7 @@ config EFI_STUB
+@@ -2024,7 +2028,7 @@ config EFI_STUB
config EFI
bool "UEFI runtime support"
@@ -931,7 +931,7 @@ index cdfa6c2..f39881d 100644
select EFI_PARAMS_FROM_FDT
select EFI_STUB
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
-index 1098e91..d6415c8 100644
+index 19a3dcf..4a81b0e 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -7,6 +7,7 @@ config ARM_PTDUMP
@@ -956,7 +956,7 @@ index d50430c..01cc53b 100644
# but it is being used too early to link to meaningful stack_chk logic.
nossp_flags := $(call cc-option, -fno-stack-protector)
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 9e10c45..5a423a2 100644
+index 9e10c45..330d7f2 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -18,17 +18,41 @@
@@ -1190,7 +1190,7 @@ index 9e10c45..5a423a2 100644
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
int c, old;
-@@ -201,16 +300,32 @@ ATOMIC_OP(xor, ^=, eor)
+@@ -201,16 +300,29 @@ ATOMIC_OP(xor, ^=, eor)
#undef ATOMIC_OPS
#undef ATOMIC_OP_RETURN
@@ -1199,10 +1199,7 @@ index 9e10c45..5a423a2 100644
+#undef __ATOMIC_OP
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
-+static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
-+{
-+ return xchg_relaxed(&v->counter, new);
-+}
++#define atomic_xchg_unchecked(v, new) (xchg(&((v)->counter), new))
#define atomic_inc(v) atomic_add(1, v)
+static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
@@ -1223,7 +1220,7 @@ index 9e10c45..5a423a2 100644
#define atomic_dec_return_relaxed(v) (atomic_sub_return_relaxed(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -221,6 +336,14 @@ typedef struct {
+@@ -221,6 +333,14 @@ typedef struct {
long long counter;
} atomic64_t;
@@ -1238,7 +1235,7 @@ index 9e10c45..5a423a2 100644
#define ATOMIC64_INIT(i) { (i) }
#ifdef CONFIG_ARM_LPAE
-@@ -237,6 +360,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -237,6 +357,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
@@ -1258,7 +1255,7 @@ index 9e10c45..5a423a2 100644
static inline void atomic64_set(atomic64_t *v, long long i)
{
__asm__ __volatile__("@ atomic64_set\n"
-@@ -245,6 +381,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -245,6 +378,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
);
}
@@ -1274,7 +1271,7 @@ index 9e10c45..5a423a2 100644
#else
static inline long long atomic64_read(const atomic64_t *v)
{
-@@ -259,6 +404,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -259,6 +401,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
@@ -1294,7 +1291,7 @@ index 9e10c45..5a423a2 100644
static inline void atomic64_set(atomic64_t *v, long long i)
{
long long tmp;
-@@ -273,43 +431,73 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -273,43 +428,73 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
: "cc");
}
@@ -1376,7 +1373,7 @@ index 9e10c45..5a423a2 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \
: "r" (&v->counter), "r" (i) \
: "cc"); \
-@@ -317,6 +505,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \
+@@ -317,6 +502,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \
return result; \
}
@@ -1386,7 +1383,7 @@ index 9e10c45..5a423a2 100644
#define ATOMIC64_OPS(op, op1, op2) \
ATOMIC64_OP(op, op1, op2) \
ATOMIC64_OP_RETURN(op, op1, op2)
-@@ -325,6 +516,7 @@ ATOMIC64_OPS(add, adds, adc)
+@@ -325,6 +513,7 @@ ATOMIC64_OPS(add, adds, adc)
ATOMIC64_OPS(sub, subs, sbc)
#define atomic64_add_return_relaxed atomic64_add_return_relaxed
@@ -1394,7 +1391,7 @@ index 9e10c45..5a423a2 100644
#define atomic64_sub_return_relaxed atomic64_sub_return_relaxed
#define atomic64_andnot atomic64_andnot
-@@ -336,7 +528,12 @@ ATOMIC64_OP(xor, eor, eor)
+@@ -336,7 +525,12 @@ ATOMIC64_OP(xor, eor, eor)
#undef ATOMIC64_OPS
#undef ATOMIC64_OP_RETURN
@@ -1407,7 +1404,7 @@ index 9e10c45..5a423a2 100644
static inline long long
atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
-@@ -361,6 +558,31 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
+@@ -361,6 +555,31 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
return oldval;
}
#define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed
@@ -1439,7 +1436,7 @@ index 9e10c45..5a423a2 100644
static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
{
-@@ -380,26 +602,60 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
+@@ -380,26 +599,60 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
return result;
}
@@ -1506,7 +1503,7 @@ index 9e10c45..5a423a2 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -423,13 +679,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -423,13 +676,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
@@ -1535,7 +1532,7 @@ index 9e10c45..5a423a2 100644
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -442,10 +710,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -442,10 +707,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
@@ -1619,7 +1616,7 @@ index 97882f9..0cc6ef1 100644
#include <asm-generic/cmpxchg-local.h>
diff --git a/arch/arm/include/asm/cpuidle.h b/arch/arm/include/asm/cpuidle.h
-index 3848259..bee9d84 100644
+index baefe1d..29cb35a 100644
--- a/arch/arm/include/asm/cpuidle.h
+++ b/arch/arm/include/asm/cpuidle.h
@@ -32,7 +32,7 @@ struct device_node;
@@ -1850,7 +1847,7 @@ index 4355f0e..cd9168e 100644
#ifdef MULTI_USER
extern struct cpu_user_fns cpu_user;
diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h
-index 19cfab5..3f5c7e9 100644
+index 20febb3..8d498e1 100644
--- a/arch/arm/include/asm/pgalloc.h
+++ b/arch/arm/include/asm/pgalloc.h
@@ -17,6 +17,7 @@
@@ -1945,7 +1942,7 @@ index 92fd2c8..061dae1 100644
* These are the memory types, defined to be compatible with
* pre-ARMv6 CPUs cacheable and bufferable bits: n/a,n/a,C,B
diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index 7411466..c57e55a 100644
+index 2a029bc..a0524c7 100644
--- a/arch/arm/include/asm/pgtable-3level.h
+++ b/arch/arm/include/asm/pgtable-3level.h
@@ -80,6 +80,7 @@
@@ -2392,7 +2389,7 @@ index 7e45f69..2c047db 100644
EXPORT_SYMBOL(__csum_ipv6_magic);
diff --git a/arch/arm/kernel/cpuidle.c b/arch/arm/kernel/cpuidle.c
-index 703926e..39aa432 100644
+index a44b268e..eea8f58 100644
--- a/arch/arm/kernel/cpuidle.c
+++ b/arch/arm/kernel/cpuidle.c
@@ -19,7 +19,7 @@ extern struct of_cpuidle_method __cpuidle_method_of_table[];
@@ -2876,7 +2873,7 @@ index 69bda1a..755113a 100644
if (waddr != addr) {
flush_kernel_vmap_range(waddr, twopage ? size / 2 : size);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 4adfb46..65a3b13 100644
+index 4a803c5..6c8688f 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -114,8 +114,8 @@ void __show_regs(struct pt_regs *regs)
@@ -2908,7 +2905,7 @@ index 4adfb46..65a3b13 100644
return 0;
}
arch_initcall(gate_vma_init);
-@@ -362,91 +362,13 @@ const char *arch_vma_name(struct vm_area_struct *vma)
+@@ -362,92 +362,14 @@ const char *arch_vma_name(struct vm_area_struct *vma)
return is_gate_vma(vma) ? "[vectors]" : NULL;
}
@@ -2970,7 +2967,8 @@ index 4adfb46..65a3b13 100644
- npages = 1; /* for sigpage */
- npages += vdso_total_pages;
- down_write(&mm->mmap_sem);
+ if (down_write_killable(&mm->mmap_sem))
+ return -EINTR;
- hint = sigpage_addr(mm, npages);
- addr = get_unmapped_area(NULL, hint, npages << PAGE_SHIFT, 0, 0);
- if (IS_ERR_VALUE(addr)) {
@@ -3027,10 +3025,10 @@ index 4d93758..c2f471f92 100644
#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
if (secure_computing() == -1)
diff --git a/arch/arm/kernel/reboot.c b/arch/arm/kernel/reboot.c
-index 71a2ff9..7753acf 100644
+index 3fa867a..d610607 100644
--- a/arch/arm/kernel/reboot.c
+++ b/arch/arm/kernel/reboot.c
-@@ -122,6 +122,7 @@ void machine_power_off(void)
+@@ -120,6 +120,7 @@ void machine_power_off(void)
if (pm_power_off)
pm_power_off();
@@ -3039,7 +3037,7 @@ index 71a2ff9..7753acf 100644
/*
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 2c4bea3..3f5625e 100644
+index 7b53500..d25a7aa 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -113,21 +113,23 @@ EXPORT_SYMBOL(elf_hwcap);
@@ -3145,7 +3143,7 @@ index 7b8f214..ece8e28 100644
- return page;
-}
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index baee702..49e7294 100644
+index 8615216..f5be307 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -82,7 +82,7 @@ enum ipi_msg_type {
@@ -3244,10 +3242,10 @@ index e2c6da0..6155a88 100644
. = ALIGN(1<<SECTION_SHIFT);
#else
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
-index 72b11d9..505a0f5 100644
+index f1bde7c..6dc92ba 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
-@@ -59,7 +59,7 @@ static unsigned long hyp_default_vectors;
+@@ -58,7 +58,7 @@ static unsigned long hyp_default_vectors;
static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_arm_running_vcpu);
/* The VMID used in the VTTBR */
@@ -3256,7 +3254,7 @@ index 72b11d9..505a0f5 100644
static u32 kvm_next_vmid;
static unsigned int kvm_vmid_bits __read_mostly;
static DEFINE_SPINLOCK(kvm_vmid_lock);
-@@ -393,7 +393,7 @@ void force_vm_exit(const cpumask_t *mask)
+@@ -389,7 +389,7 @@ void force_vm_exit(const cpumask_t *mask)
*/
static bool need_new_vmid_gen(struct kvm *kvm)
{
@@ -3265,7 +3263,7 @@ index 72b11d9..505a0f5 100644
}
/**
-@@ -426,7 +426,7 @@ static void update_vttbr(struct kvm *kvm)
+@@ -422,7 +422,7 @@ static void update_vttbr(struct kvm *kvm)
/* First user of a new VMID generation? */
if (unlikely(kvm_next_vmid == 0)) {
@@ -3274,7 +3272,7 @@ index 72b11d9..505a0f5 100644
kvm_next_vmid = 1;
/*
-@@ -443,7 +443,7 @@ static void update_vttbr(struct kvm *kvm)
+@@ -439,7 +439,7 @@ static void update_vttbr(struct kvm *kvm)
kvm_call_hyp(__kvm_flush_vm_context);
}
@@ -3346,10 +3344,10 @@ index 6bd1089..e999400 100644
{
unsigned long ua_flags;
diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
-index fee2b00..943ea95 100644
+index f216909..7b6776e 100644
--- a/arch/arm/mach-exynos/suspend.c
+++ b/arch/arm/mach-exynos/suspend.c
-@@ -734,8 +734,10 @@ void __init exynos_pm_init(void)
+@@ -718,8 +718,10 @@ void __init exynos_pm_init(void)
tmp |= pm_data->wake_disable_mask;
pmu_raw_writel(tmp, S5P_WAKEUP_MASK);
@@ -3393,7 +3391,7 @@ index 1ccbba9..7a95c29 100644
}
diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
-index 474abff..0d6a05a 100644
+index e80f0dd..0262909 100644
--- a/arch/arm/mach-mvebu/coherency.c
+++ b/arch/arm/mach-mvebu/coherency.c
@@ -163,7 +163,7 @@ exit:
@@ -3414,6 +3412,15 @@ index 474abff..0d6a05a 100644
return __arm_ioremap_caller(phys_addr, size, mtype, caller);
}
+@@ -181,7 +181,7 @@ static void __init armada_375_380_coherency_init(struct device_node *np)
+
+ coherency_cpu_base = of_iomap(np, 0);
+ arch_ioremap_caller = armada_wa_ioremap_caller;
+- pci_ioremap_set_mem_type(MT_UNCACHED);
++ pci_ioremap_set_mem_type(MT_UNCACHED_RW);
+
+ /*
+ * We should switch the PL310 to I/O coherency mode only if
diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
index b6443a4..20a0b74 100644
--- a/arch/arm/mach-omap2/board-n8x0.c
@@ -3450,7 +3457,7 @@ index 65024af..70bf184 100644
.resume = dummy_cpu_resume,
.scu_prepare = dummy_scu_prepare,
diff --git a/arch/arm/mach-omap2/omap-smp.c b/arch/arm/mach-omap2/omap-smp.c
-index c625cc1..3f47aae 100644
+index 8cd1de9..1fcee77 100644
--- a/arch/arm/mach-omap2/omap-smp.c
+++ b/arch/arm/mach-omap2/omap-smp.c
@@ -19,6 +19,7 @@
@@ -3503,7 +3510,7 @@ index 78c02b3..c94109a 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 2af6ff6..1f2959f 100644
+index 83cb527..e82f20f 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -200,10 +200,10 @@ struct omap_hwmod_soc_ops {
@@ -3651,10 +3658,10 @@ index 7cd9865..a00b6ab 100644
#include "common.h"
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
-index 5534766..1ffd12a 100644
+index cb569b6..da9d9db 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
-@@ -442,6 +442,7 @@ config CPU_32v5
+@@ -445,6 +445,7 @@ config CPU_32v5
config CPU_32v6
bool
@@ -3662,7 +3669,7 @@ index 5534766..1ffd12a 100644
select TLS_REG_EMUL if !CPU_32v6K && !MMU
config CPU_32v6K
-@@ -596,6 +597,7 @@ config CPU_CP15_MPU
+@@ -599,6 +600,7 @@ config CPU_CP15_MPU
config CPU_USE_DOMAINS
bool
@@ -3670,7 +3677,7 @@ index 5534766..1ffd12a 100644
help
This option enables or disables the use of domain switching
via the set_fs() function.
-@@ -806,7 +808,7 @@ config NEED_KUSER_HELPERS
+@@ -809,7 +811,7 @@ config NEED_KUSER_HELPERS
config KUSER_HELPERS
bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
@@ -3679,7 +3686,7 @@ index 5534766..1ffd12a 100644
default y
help
Warning: disabling this option may break user programs.
-@@ -820,7 +822,7 @@ config KUSER_HELPERS
+@@ -823,7 +825,7 @@ config KUSER_HELPERS
See Documentation/arm/kernel_user_helpers.txt for details.
However, the fixed address nature of these helpers can be used
@@ -3688,7 +3695,7 @@ index 5534766..1ffd12a 100644
exploits.
If all of the binaries and libraries which run on your platform
-@@ -835,7 +837,7 @@ config KUSER_HELPERS
+@@ -838,7 +840,7 @@ config KUSER_HELPERS
config VDSO
bool "Enable VDSO for acceleration of some system calls"
@@ -3760,7 +3767,7 @@ index 7d5f4c7..c6a0816 100644
ai_sys += 1;
diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c
-index 9f9d542..5189649 100644
+index c61996c..56d36df 100644
--- a/arch/arm/mm/cache-l2x0.c
+++ b/arch/arm/mm/cache-l2x0.c
@@ -44,7 +44,7 @@ struct l2c_init_data {
@@ -4136,10 +4143,10 @@ index 370581a..b985cc1 100644
free_reserved_area(&__tcm_start, &__tcm_end, -1, "TCM link");
#endif
diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
-index 66a978d..e808c4b 100644
+index ff0eed2..f17f1c9 100644
--- a/arch/arm/mm/ioremap.c
+++ b/arch/arm/mm/ioremap.c
-@@ -406,9 +406,9 @@ __arm_ioremap_exec(phys_addr_t phys_addr, size_t size, bool cached)
+@@ -411,9 +411,9 @@ __arm_ioremap_exec(phys_addr_t phys_addr, size_t size, bool cached)
unsigned int mtype;
if (cached)
@@ -4768,10 +4775,10 @@ index a5bc92d..0bb4730 100644
+ pax_close_kernel();
}
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
-index 4f43622..22c9473 100644
+index 5a0a691..658577c 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
-@@ -72,6 +72,7 @@ config ARM64
+@@ -76,6 +76,7 @@ config ARM64
select HAVE_FTRACE_MCOUNT_RECORD
select HAVE_FUNCTION_TRACER
select HAVE_FUNCTION_GRAPH_TRACER
@@ -4780,7 +4787,7 @@ index 4f43622..22c9473 100644
select HAVE_HW_BREAKPOINT if PERF_EVENTS
select HAVE_IRQ_TIME_ACCOUNTING
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
-index 7e76845..e5ce349 100644
+index 0cc758c..de67415 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -6,6 +6,7 @@ config ARM64_PTDUMP
@@ -4792,10 +4799,19 @@ index 7e76845..e5ce349 100644
Say Y here if you want to show the kernel pagetable layout in a
debugfs file. This information is only useful for kernel developers
diff --git a/arch/arm64/include/asm/atomic.h b/arch/arm64/include/asm/atomic.h
-index f3a3586..832c720 100644
+index f3a3586..5763299 100644
--- a/arch/arm64/include/asm/atomic.h
+++ b/arch/arm64/include/asm/atomic.h
-@@ -146,5 +146,15 @@
+@@ -98,6 +98,8 @@
+ #define __atomic_add_unless(v, a, u) ___atomic_add_unless(v, a, u,)
+ #define atomic_andnot atomic_andnot
+
++#define atomic_inc_return_unchecked_relaxed(v) atomic_add_return_relaxed(1, (v))
++
+ /*
+ * 64-bit atomic operations.
+ */
+@@ -146,5 +148,16 @@
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
@@ -4808,9 +4824,26 @@ index f3a3586..832c720 100644
+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
+#define atomic64_dec_unchecked(v) atomic64_dec(v)
+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
++#define atomic64_xchg_unchecked(v, n) atomic64_xchg((v), (n))
+
#endif
#endif
+diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h
+index 5082b30..79247453 100644
+--- a/arch/arm64/include/asm/cache.h
++++ b/arch/arm64/include/asm/cache.h
+@@ -18,8 +18,10 @@
+
+ #include <asm/cachetype.h>
+
++#include <linux/const.h>
++
+ #define L1_CACHE_SHIFT 7
+-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
+
+ /*
+ * Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/arm64/include/asm/percpu.h b/arch/arm64/include/asm/percpu.h
index 0a456be..7799ff5 100644
--- a/arch/arm64/include/asm/percpu.h
@@ -4837,7 +4870,7 @@ index 0a456be..7799ff5 100644
default:
BUILD_BUG();
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
-index ff98585..65eced1 100644
+index d25f4f1..0bd8842 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
@@ -51,6 +51,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
@@ -4852,6 +4885,20 @@ index ff98585..65eced1 100644
#else
static inline void __pud_populate(pud_t *pud, phys_addr_t pmd, pudval_t prot)
{
+diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
+index 46472a9..9f2efc0 100644
+--- a/arch/arm64/include/asm/pgtable.h
++++ b/arch/arm64/include/asm/pgtable.h
+@@ -23,6 +23,9 @@
+ #include <asm/pgtable-hwdef.h>
+ #include <asm/pgtable-prot.h>
+
++#define ktla_ktva(addr) (addr)
++#define ktva_ktla(addr) (addr)
++
+ /*
+ * VMALLOC range.
+ *
diff --git a/arch/arm64/include/asm/string.h b/arch/arm64/include/asm/string.h
index 2eb714c..6c0fdb7 100644
--- a/arch/arm64/include/asm/string.h
@@ -4909,10 +4956,10 @@ index 2eb714c..6c0fdb7 100644
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
-index 0685d74..6898549 100644
+index 9e397a5..6cd98e5 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
-@@ -114,6 +114,7 @@ static inline void set_fs(mm_segment_t fs)
+@@ -101,6 +101,7 @@ static inline void set_fs(mm_segment_t fs)
flag; \
})
@@ -4920,8 +4967,82 @@ index 0685d74..6898549 100644
#define access_ok(type, addr, size) __range_ok(addr, size)
#define user_addr_max get_fs
+diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
+index 6cd2612..56d72e5c 100644
+--- a/arch/arm64/kernel/process.c
++++ b/arch/arm64/kernel/process.c
+@@ -63,7 +63,7 @@ EXPORT_SYMBOL(__stack_chk_guard);
+ /*
+ * Function pointers to optional machine specific functions
+ */
+-void (*pm_power_off)(void);
++void (* pm_power_off)(void);
+ EXPORT_SYMBOL_GPL(pm_power_off);
+
+ void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd);
+@@ -109,7 +109,7 @@ void machine_shutdown(void)
+ * activity (executing tasks, handling interrupts). smp_send_stop()
+ * achieves this.
+ */
+-void machine_halt(void)
++void __noreturn machine_halt(void)
+ {
+ local_irq_disable();
+ smp_send_stop();
+@@ -122,12 +122,13 @@ void machine_halt(void)
+ * achieves this. When the system power is turned off, it will take all CPUs
+ * with it.
+ */
+-void machine_power_off(void)
++void __noreturn machine_power_off(void)
+ {
+ local_irq_disable();
+ smp_send_stop();
+ if (pm_power_off)
+ pm_power_off();
++ while(1);
+ }
+
+ /*
+@@ -139,7 +140,7 @@ void machine_power_off(void)
+ * executing pre-reset code, and using RAM that the primary CPU's code wishes
+ * to use. Implementing such co-ordination would be essentially impossible.
+ */
+-void machine_restart(char *cmd)
++void __noreturn machine_restart(char *cmd)
+ {
+ /* Disable interrupts first */
+ local_irq_disable();
+diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
+index d9751a4..aeda309 100644
+--- a/arch/arm64/kernel/stacktrace.c
++++ b/arch/arm64/kernel/stacktrace.c
+@@ -92,8 +92,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
+ struct pt_regs *irq_args;
+ unsigned long orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);
+
+- if (object_is_on_stack((void *)orig_sp) &&
+- object_is_on_stack((void *)frame->fp)) {
++ if (object_starts_on_stack((void *)orig_sp) &&
++ object_starts_on_stack((void *)frame->fp)) {
+ frame->sp = orig_sp;
+
+ /* orig_sp is the saved pt_regs, find the elr */
+diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
+index 2a43012..3409956 100644
+--- a/arch/arm64/kernel/traps.c
++++ b/arch/arm64/kernel/traps.c
+@@ -420,7 +420,7 @@ asmlinkage long do_ni_syscall(struct pt_regs *regs)
+ __show_regs(regs);
+ }
+
+- return sys_ni_syscall();
++ return -ENOSYS;
+ }
+
+ static const char *esr_class_str[] = {
diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
-index a6e757c..00fc586 100644
+index c566ec8..3e01953 100644
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -132,7 +132,7 @@ static void __dma_free_coherent(struct device *dev, size_t size,
@@ -5195,10 +5316,10 @@ index 69952c18..4fa2908 100644
#define ARCH_DMA_MINALIGN L1_CACHE_BYTES
diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
-index b534eba..ace220a 100644
+index e109ee9..a426a85 100644
--- a/arch/ia64/Kconfig
+++ b/arch/ia64/Kconfig
-@@ -518,6 +518,7 @@ config KEXEC
+@@ -519,6 +519,7 @@ config KEXEC
bool "kexec system call"
depends on !IA64_HP_SIM && (!SMP || HOTPLUG_CPU)
select KEXEC_CORE
@@ -5207,15 +5328,15 @@ index b534eba..ace220a 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile
-index 970d0bd..e750b9b 100644
+index c100d78..07538cc 100644
--- a/arch/ia64/Makefile
+++ b/arch/ia64/Makefile
@@ -98,5 +98,6 @@ endef
- archprepare: make_nr_irqs_h FORCE
- PHONY += make_nr_irqs_h FORCE
+ archprepare: make_nr_irqs_h
+ PHONY += make_nr_irqs_h
+make_nr_irqs_h: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
- make_nr_irqs_h: FORCE
+ make_nr_irqs_h:
$(Q)$(MAKE) $(build)=arch/ia64/kernel include/generated/nr-irqs.h
diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h
index 8dfb5f6..d58bd69 100644
@@ -5696,7 +5817,7 @@ index 0395c51..5f26031 100644
#define ARCH_DMA_MINALIGN L1_CACHE_BYTES
diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
-index b38700ae..15f5c87 100644
+index db1b7da..8e13684 100644
--- a/arch/metag/mm/hugetlbpage.c
+++ b/arch/metag/mm/hugetlbpage.c
@@ -189,6 +189,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
@@ -5739,18 +5860,18 @@ index 5c3f688..f8cc1b3 100644
# platform specific definitions
include arch/mips/Kbuild.platforms
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
-index 2018c2b..fdd3972 100644
+index ac91939..a1df96d 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
-@@ -49,6 +49,7 @@ config MIPS
- select GENERIC_CMOS_UPDATE
+@@ -50,6 +50,7 @@ config MIPS
select HAVE_MOD_ARCH_SPECIFIC
+ select HAVE_NMI
select VIRT_TO_BUS
+ select HAVE_GCC_PLUGINS
select MODULES_USE_ELF_REL if MODULES
select MODULES_USE_ELF_RELA if MODULES && 64BIT
select CLONE_BACKWARDS
-@@ -2648,6 +2649,7 @@ source "kernel/Kconfig.preempt"
+@@ -2775,6 +2776,7 @@ source "kernel/Kconfig.preempt"
config KEXEC
bool "Kexec system call"
select KEXEC_CORE
@@ -6408,10 +6529,10 @@ index b4db69f..8f3b093 100644
#define SMP_CACHE_SHIFT L1_CACHE_SHIFT
#define SMP_CACHE_BYTES L1_CACHE_BYTES
diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h
-index e090fc3..eae24400 100644
+index f5f4571..38cf967 100644
--- a/arch/mips/include/asm/elf.h
+++ b/arch/mips/include/asm/elf.h
-@@ -425,6 +425,13 @@ extern const char *__elf_platform;
+@@ -458,6 +458,13 @@ extern const char *__elf_platform;
#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
#endif
@@ -6567,7 +6688,7 @@ index 21ed715..774a251 100644
typedef struct { unsigned long long pte; } pte_t;
#define pte_val(x) ((x).pte)
diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h
-index b336037..5b874cc 100644
+index 93c079a..1d6bf7c 100644
--- a/arch/mips/include/asm/pgalloc.h
+++ b/arch/mips/include/asm/pgalloc.h
@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
@@ -6583,7 +6704,7 @@ index b336037..5b874cc 100644
/*
diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h
-index 65bf2c0..09b7819 100644
+index 7d44e88..6f28830 100644
--- a/arch/mips/include/asm/pgtable.h
+++ b/arch/mips/include/asm/pgtable.h
@@ -20,6 +20,9 @@
@@ -6651,10 +6772,10 @@ index 7f109d4..40b1195 100644
likely(__access_ok((addr), (size), __access_mask))
diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
-index 1b992c6..4f250db 100644
+index 58ad63d..051b4b7 100644
--- a/arch/mips/kernel/binfmt_elfn32.c
+++ b/arch/mips/kernel/binfmt_elfn32.c
-@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
+@@ -36,6 +36,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -6669,10 +6790,10 @@ index 1b992c6..4f250db 100644
#include <linux/module.h>
#include <linux/elfcore.h>
diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c
-index abd3aff..ab1b84a 100644
+index 49fb881..b9ab7c2 100644
--- a/arch/mips/kernel/binfmt_elfo32.c
+++ b/arch/mips/kernel/binfmt_elfo32.c
-@@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
+@@ -40,6 +40,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -6700,7 +6821,7 @@ index 44a1f79..2bd6aa3 100644
void __init gt641xx_irq_init(void)
diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
-index 8eb5af8..2baf465 100644
+index f25f7ea..19e1c62 100644
--- a/arch/mips/kernel/irq.c
+++ b/arch/mips/kernel/irq.c
@@ -34,17 +34,17 @@ void ack_bad_irq(unsigned int irq)
@@ -6724,7 +6845,7 @@ index 8eb5af8..2baf465 100644
}
void __init init_IRQ(void)
-@@ -58,6 +58,8 @@ void __init init_IRQ(void)
+@@ -61,6 +61,8 @@ void __init init_IRQ(void)
}
#ifdef CONFIG_DEBUG_STACKOVERFLOW
@@ -6733,7 +6854,7 @@ index 8eb5af8..2baf465 100644
static inline void check_stack_overflow(void)
{
unsigned long sp;
-@@ -73,6 +75,7 @@ static inline void check_stack_overflow(void)
+@@ -76,6 +78,7 @@ static inline void check_stack_overflow(void)
printk("do_IRQ: stack overflow: %ld\n",
sp - sizeof(struct thread_info));
dump_stack();
@@ -6742,7 +6863,7 @@ index 8eb5af8..2baf465 100644
}
#else
diff --git a/arch/mips/kernel/pm-cps.c b/arch/mips/kernel/pm-cps.c
-index fa3f9eb..98ada7a 100644
+index adda3ff..ac067e2 100644
--- a/arch/mips/kernel/pm-cps.c
+++ b/arch/mips/kernel/pm-cps.c
@@ -172,7 +172,7 @@ int cps_pm_enter_state(enum cps_pm_state state)
@@ -6755,10 +6876,10 @@ index fa3f9eb..98ada7a 100644
/* Run the generated entry code */
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index d83730c..ced3459 100644
+index 813ed78..0acf903 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
-@@ -539,18 +539,6 @@ out:
+@@ -531,18 +531,6 @@ out:
return pc;
}
@@ -6778,10 +6899,10 @@ index d83730c..ced3459 100644
{
struct pt_regs *regs;
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
-index 4285d8b..febcfeb 100644
+index 0dcf691..b75d89a 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
-@@ -881,6 +881,10 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -882,6 +882,10 @@ long arch_ptrace(struct task_struct *child, long request,
return ret;
}
@@ -6792,7 +6913,7 @@ index 4285d8b..febcfeb 100644
/*
* Notification of system call entry/exit
* - triggered by current->work.syscall_trace
-@@ -899,6 +903,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
+@@ -900,6 +904,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
tracehook_report_syscall_entry(regs))
ret = -1;
@@ -6874,10 +6995,10 @@ index 4472a7f..c5905e6 100644
}
/* Arrange for an interrupt in a short while */
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index 5aa1d5c..491df0d 100644
+index 4a1712b..a1348b9 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
-@@ -698,7 +698,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
+@@ -695,7 +695,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
};
prev_state = exception_enter();
@@ -7069,10 +7190,10 @@ index 4b88fa0..b16bc17 100644
tsk->thread.error_code = write;
if (show_unhandled_signals &&
diff --git a/arch/mips/mm/init.c b/arch/mips/mm/init.c
-index 7e5fa09..65c1072 100644
+index 9b58eb5..b1f2558 100644
--- a/arch/mips/mm/init.c
+++ b/arch/mips/mm/init.c
-@@ -468,10 +468,10 @@ void __init mem_init(void)
+@@ -472,10 +472,10 @@ void __init mem_init(void)
#ifdef CONFIG_64BIT
if ((unsigned long) &_text > (unsigned long) CKSEG0)
@@ -7158,7 +7279,7 @@ index 3530376..754dde3 100644
}
}
diff --git a/arch/mips/sgi-ip27/ip27-nmi.c b/arch/mips/sgi-ip27/ip27-nmi.c
-index a2358b4..7cead4f 100644
+index cfceaea..65deeb4 100644
--- a/arch/mips/sgi-ip27/ip27-nmi.c
+++ b/arch/mips/sgi-ip27/ip27-nmi.c
@@ -187,9 +187,9 @@ void
@@ -7183,7 +7304,7 @@ index a2358b4..7cead4f 100644
/*
diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c
-index a046b30..6799527 100644
+index 160b880..3b53fdc 100644
--- a/arch/mips/sni/rm200.c
+++ b/arch/mips/sni/rm200.c
@@ -270,7 +270,7 @@ spurious_8259A_irq:
@@ -7351,7 +7472,7 @@ index 78c9fd3..42fa66a 100644
instruction set this CPU supports. This could be done in user space,
but it's not easy, and we've already done it here. */
diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h
-index f2fd327..2bb2a26 100644
+index f08dda3..ea6aa1b 100644
--- a/arch/parisc/include/asm/pgalloc.h
+++ b/arch/parisc/include/asm/pgalloc.h
@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
@@ -7365,8 +7486,8 @@ index f2fd327..2bb2a26 100644
+
static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address)
{
- pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT,
-@@ -97,6 +102,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd)
+ pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL, PMD_ORDER);
+@@ -96,6 +101,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd)
#define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); })
#define pmd_free(mm, x) do { } while (0)
#define pgd_populate(mm, pmd, pte) BUG()
@@ -7397,10 +7518,10 @@ index 291cee2..2ac33db 100644
#define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC)
#define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX)
diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
-index 7955e43..7f3661d 100644
+index 0f59fd9..c502784 100644
--- a/arch/parisc/include/asm/uaccess.h
+++ b/arch/parisc/include/asm/uaccess.h
-@@ -243,10 +243,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
+@@ -220,10 +220,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
const void __user *from,
unsigned long n)
{
@@ -7751,10 +7872,10 @@ index 16dbe81..db2ed24 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
-index 7cd32c0..30c918b 100644
+index 0a9d439..2b95815 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
-@@ -144,6 +144,7 @@ config PPC
+@@ -146,6 +146,7 @@ config PPC
select ARCH_USE_BUILTIN_BSWAP
select OLD_SIGSUSPEND
select OLD_SIGACTION if PPC32
@@ -7762,7 +7883,7 @@ index 7cd32c0..30c918b 100644
select HAVE_DEBUG_STACKOVERFLOW
select HAVE_IRQ_EXIT_ON_IRQ_STACK
select ARCH_USE_CMPXCHG_LOCKREF if PPC64
-@@ -439,6 +440,7 @@ config KEXEC
+@@ -443,6 +444,7 @@ config KEXEC
bool "kexec system call"
depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) || PPC_BOOK3E
select KEXEC_CORE
@@ -7771,10 +7892,14 @@ index 7cd32c0..30c918b 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
-index ae0751e..c7fad52 100644
+index ae0751e..70e03dc 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
-@@ -12,6 +12,11 @@
+@@ -9,9 +9,15 @@
+ #include <linux/types.h>
+ #include <asm/cmpxchg.h>
+ #include <asm/barrier.h>
++#include <asm/asm-compat.h>
#define ATOMIC_INIT(i) { (i) }
@@ -7786,7 +7911,7 @@ index ae0751e..c7fad52 100644
/*
* Since *_return_relaxed and {cmp}xchg_relaxed are implemented with
* a "bne-" instruction at the end, so an isync is enough as a acquire barrier
-@@ -39,38 +44,79 @@ static __inline__ int atomic_read(const atomic_t *v)
+@@ -39,38 +45,79 @@ static __inline__ int atomic_read(const atomic_t *v)
return t;
}
@@ -7819,8 +7944,8 @@ index ae0751e..c7fad52 100644
+ " bf 4*cr0+so, 3f\n" \
+ "2: .long 0x00c00b00\n" \
+ "3:\n"
-+#define __OVERFLOW_EXTABLE \
-+ "\n4:\n"
++#define __OVERFLOW_EXTABLE \
++ "\n4:\n" \
+ _ASM_EXTABLE(2b, 4b)
+#else
+#define __REFCOUNT_OP(op) op
@@ -7872,7 +7997,7 @@ index ae0751e..c7fad52 100644
: "=&r" (t), "+m" (v->counter) \
: "r" (a), "r" (&v->counter) \
: "cc"); \
-@@ -78,6 +124,9 @@ static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
+@@ -78,6 +125,9 @@ static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
return t; \
}
@@ -7882,7 +8007,12 @@ index ae0751e..c7fad52 100644
#define ATOMIC_OPS(op, asm_op) \
ATOMIC_OP(op, asm_op) \
ATOMIC_OP_RETURN_RELAXED(op, asm_op)
-@@ -94,40 +143,29 @@ ATOMIC_OP(xor, xor)
+@@ -90,44 +140,34 @@ ATOMIC_OP(or, or)
+ ATOMIC_OP(xor, xor)
+
+ #define atomic_add_return_relaxed atomic_add_return_relaxed
++#define atomic_add_return_unchecked_relaxed atomic_add_return_unchecked_relaxed
+ #define atomic_sub_return_relaxed atomic_sub_return_relaxed
#undef ATOMIC_OPS
#undef ATOMIC_OP_RETURN_RELAXED
@@ -7938,13 +8068,13 @@ index ae0751e..c7fad52 100644
}
/*
-@@ -140,36 +178,23 @@ static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
+@@ -139,42 +179,22 @@ static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
+ * other cases.
*/
#define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
-
+-
-static __inline__ void atomic_dec(atomic_t *v)
-+static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
- {
+-{
- int t;
-
- __asm__ __volatile__(
@@ -7956,10 +8086,11 @@ index ae0751e..c7fad52 100644
- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
- : "cc", "xer");
-+ return atomic_add_return_unchecked(1, v) == 0;
- }
-
+-}
+-
-static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
++#define atomic_inc_and_test_unchecked(v) (atomic_add_return_unchecked(1, v) == 0)
++
+/*
+ * atomic_dec - decrement atomic variable
+ * @v: pointer of type atomic_t
@@ -7987,8 +8118,13 @@ index ae0751e..c7fad52 100644
+ atomic_sub_unchecked(1, v);
}
- #define atomic_inc_return_relaxed atomic_inc_return_relaxed
-@@ -184,6 +209,16 @@ static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
+-#define atomic_inc_return_relaxed atomic_inc_return_relaxed
+-#define atomic_dec_return_relaxed atomic_dec_return_relaxed
+-
+ #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic_cmpxchg_relaxed(v, o, n) \
+ cmpxchg_relaxed(&((v)->counter), (o), (n))
+@@ -184,6 +204,13 @@ static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
#define atomic_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
@@ -7997,15 +8133,12 @@ index ae0751e..c7fad52 100644
+ return cmpxchg(&(v->counter), old, new);
+}
+
-+static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
-+{
-+ return xchg(&(v->counter), new);
-+}
++#define atomic_xchg_unchecked(v, new) (xchg(&((v)->counter), new))
+
/**
* __atomic_add_unless - add unless the number is a given value
* @v: pointer of type atomic_t
-@@ -201,11 +236,27 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -201,11 +228,27 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
PPC_ATOMIC_ENTRY_BARRIER
"1: lwarx %0,0,%1 # __atomic_add_unless\n\
cmpw 0,%0,%3 \n\
@@ -8035,7 +8168,7 @@ index ae0751e..c7fad52 100644
PPC_ATOMIC_EXIT_BARRIER
" subf %0,%2,%0 \n\
2:"
-@@ -291,37 +342,59 @@ static __inline__ long atomic64_read(const atomic64_t *v)
+@@ -291,37 +334,59 @@ static __inline__ long atomic64_read(const atomic64_t *v)
return t;
}
@@ -8100,7 +8233,7 @@ index ae0751e..c7fad52 100644
: "=&r" (t), "+m" (v->counter) \
: "r" (a), "r" (&v->counter) \
: "cc"); \
-@@ -329,6 +402,9 @@ atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
+@@ -329,6 +394,9 @@ atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
return t; \
}
@@ -8110,7 +8243,7 @@ index ae0751e..c7fad52 100644
#define ATOMIC64_OPS(op, asm_op) \
ATOMIC64_OP(op, asm_op) \
ATOMIC64_OP_RETURN_RELAXED(op, asm_op)
-@@ -344,38 +420,33 @@ ATOMIC64_OP(xor, xor)
+@@ -344,38 +412,33 @@ ATOMIC64_OP(xor, xor)
#undef ATOPIC64_OPS
#undef ATOMIC64_OP_RETURN_RELAXED
@@ -8168,7 +8301,7 @@ index ae0751e..c7fad52 100644
}
/*
-@@ -388,34 +459,18 @@ static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
+@@ -388,39 +451,20 @@ static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
*/
#define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
@@ -8194,8 +8327,9 @@ index ae0751e..c7fad52 100644
- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
- : "cc", "xer");
--}
--
++ atomic64_sub_unchecked(1, v);
+ }
+
-static __inline__ long atomic64_dec_return_relaxed(atomic64_t *v)
-{
- long t;
@@ -8210,11 +8344,15 @@ index ae0751e..c7fad52 100644
- : "cc", "xer");
-
- return t;
-+ atomic64_sub_unchecked(1, v);
- }
+-}
+-
+-#define atomic64_inc_return_relaxed atomic64_inc_return_relaxed
+-#define atomic64_dec_return_relaxed atomic64_dec_return_relaxed
+-
+ #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0)
+ #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0)
- #define atomic64_inc_return_relaxed atomic64_inc_return_relaxed
-@@ -457,6 +512,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
+@@ -457,6 +501,13 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
#define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
#define atomic64_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
@@ -8223,15 +8361,12 @@ index ae0751e..c7fad52 100644
+ return cmpxchg(&(v->counter), old, new);
+}
+
-+static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
-+{
-+ return xchg(&(v->counter), new);
-+}
++#define atomic64_xchg_unchecked(v, new) (xchg(&((v)->counter), new))
+
/**
* atomic64_add_unless - add unless the number is a given value
* @v: pointer of type atomic64_t
-@@ -472,13 +537,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
+@@ -472,13 +523,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
__asm__ __volatile__ (
PPC_ATOMIC_ENTRY_BARRIER
@@ -8265,7 +8400,7 @@ index ae0751e..c7fad52 100644
2:"
: "=&r" (t)
diff --git a/arch/powerpc/include/asm/book3s/32/hash.h b/arch/powerpc/include/asm/book3s/32/hash.h
-index 264b754..187b7f6 100644
+index 880db13..017716c 100644
--- a/arch/powerpc/include/asm/book3s/32/hash.h
+++ b/arch/powerpc/include/asm/book3s/32/hash.h
@@ -20,6 +20,7 @@
@@ -8276,6 +8411,34 @@ index 264b754..187b7f6 100644
#define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
+diff --git a/arch/powerpc/include/asm/book3s/64/pgalloc.h b/arch/powerpc/include/asm/book3s/64/pgalloc.h
+index cd5e7aa..7709061 100644
+--- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
++++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
+@@ -91,6 +91,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
+ pgd_set(pgd, __pgtable_ptr_val(pud) | PGD_VAL_BITS);
+ }
+
++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
++{
++ pgd_populate(mm, pgd, pud);
++}
++
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+ return kmem_cache_alloc(PGT_CACHE(PUD_INDEX_SIZE), GFP_KERNEL);
+@@ -106,6 +111,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ pud_set(pud, __pgtable_ptr_val(pmd) | PUD_VAL_BITS);
+ }
+
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate_kernel(mm, pud, pmd);
++}
++
+ static inline void __pud_free_tlb(struct mmu_gather *tlb, pud_t *pud,
+ unsigned long address)
+ {
diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h
index ffbafbf..71d037f 100644
--- a/arch/powerpc/include/asm/cache.h
@@ -8438,8 +8601,40 @@ index 2563c43..d6fdd62 100644
{
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
+diff --git a/arch/powerpc/include/asm/nohash/64/pgalloc.h b/arch/powerpc/include/asm/nohash/64/pgalloc.h
+index 897d2e1..399f34f 100644
+--- a/arch/powerpc/include/asm/nohash/64/pgalloc.h
++++ b/arch/powerpc/include/asm/nohash/64/pgalloc.h
+@@ -54,6 +54,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+ #ifndef CONFIG_PPC_64K_PAGES
+
+ #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, (unsigned long)PUD)
++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD))
+
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+@@ -70,6 +71,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ pud_set(pud, (unsigned long)pmd);
+ }
+
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate(mm, pud, pmd);
++}
++
+ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
+ pte_t *pte)
+ {
+@@ -139,6 +145,7 @@ extern void __tlb_remove_table(void *_table);
+ #endif
+
+ #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
+
+ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
+ pte_t *pte)
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
-index ab3d897..cbc0693 100644
+index 51db3a3..0bd72ae 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -230,8 +230,9 @@ extern long long virt_phys_offset;
@@ -8465,10 +8660,10 @@ index ab3d897..cbc0693 100644
/*
* Use the top bit of the higher-level page table entries to indicate whether
diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h
-index d908a46..3753f71 100644
+index dd5f071..0470718 100644
--- a/arch/powerpc/include/asm/page_64.h
+++ b/arch/powerpc/include/asm/page_64.h
-@@ -172,15 +172,18 @@ do { \
+@@ -169,15 +169,18 @@ do { \
* stack by default, so in the absence of a PT_GNU_STACK program header
* we turn execute permission off.
*/
@@ -8489,44 +8684,8 @@ index d908a46..3753f71 100644
#include <asm-generic/getorder.h>
-diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h
-index 8d5fc3a..528a418 100644
---- a/arch/powerpc/include/asm/pgalloc-64.h
-+++ b/arch/powerpc/include/asm/pgalloc-64.h
-@@ -54,6 +54,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
- #ifndef CONFIG_PPC_64K_PAGES
-
- #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, __pgtable_ptr_val(PUD))
-+#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD))
-
- static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
- {
-@@ -71,6 +72,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
- pud_set(pud, __pgtable_ptr_val(pmd));
- }
-
-+static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
-+{
-+ pud_populate(mm, pud, pmd);
-+}
-+
- static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
- pte_t *pte)
- {
-@@ -195,6 +201,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
- pud_set(pud, __pgtable_ptr_val(pmd));
- }
-
-+static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
-+{
-+ pud_populate(mm, pud, pmd);
-+}
-+
- static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
- pte_t *pte)
- {
diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
-index 47897a3..6d21683 100644
+index ee09e99..7e580ee 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -1,6 +1,7 @@
@@ -8538,7 +8697,7 @@ index 47897a3..6d21683 100644
#include <linux/mmdebug.h>
#include <linux/mmzone.h>
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index 166d863..7d5ebdf 100644
+index a0948f4..ddcf6be 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -261,6 +261,7 @@
@@ -8563,10 +8722,18 @@ index e1afd4c..d75924a 100644
extern void smp_send_debugger_break(void);
extern void start_secondary_resume(void);
diff --git a/arch/powerpc/include/asm/spinlock.h b/arch/powerpc/include/asm/spinlock.h
-index 523673d..4aeef3b 100644
+index 523673d..10dc784 100644
--- a/arch/powerpc/include/asm/spinlock.h
+++ b/arch/powerpc/include/asm/spinlock.h
-@@ -202,13 +202,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
+@@ -27,6 +27,7 @@
+ #include <asm/asm-compat.h>
+ #include <asm/synch.h>
+ #include <asm/ppc-opcode.h>
++#include <asm/atomic.h>
+
+ #ifdef CONFIG_PPC64
+ /* use 0x800000yy when locked, where yy == CPU number */
+@@ -202,13 +203,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
__asm__ __volatile__(
"1: " PPC_LWARX(%0,0,%1,1) "\n"
__DO_SIGN_EXTEND
@@ -8599,7 +8766,7 @@ index 523673d..4aeef3b 100644
: "r" (&rw->lock)
: "cr0", "xer", "memory");
-@@ -284,11 +300,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw)
+@@ -284,11 +301,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw)
__asm__ __volatile__(
"# read_unlock\n\t"
PPC_RELEASE_BARRIER
@@ -8661,10 +8828,10 @@ index e40010a..d3c3d6b 100644
#endif /* __KERNEL__ */
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
-index 7efee4a..48d47cc 100644
+index 8febc3f..a4614f3 100644
--- a/arch/powerpc/include/asm/thread_info.h
+++ b/arch/powerpc/include/asm/thread_info.h
-@@ -101,6 +101,8 @@ static inline struct thread_info *current_thread_info(void)
+@@ -103,6 +103,8 @@ static inline struct thread_info *current_thread_info(void)
#if defined(CONFIG_PPC64)
#define TIF_ELF2ABI 18 /* function descriptors must die! */
#endif
@@ -8673,7 +8840,7 @@ index 7efee4a..48d47cc 100644
/* as above, but as bit values */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -119,9 +121,10 @@ static inline struct thread_info *current_thread_info(void)
+@@ -121,9 +123,10 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_EMULATE_STACK_STORE (1<<TIF_EMULATE_STACK_STORE)
#define _TIF_NOHZ (1<<TIF_NOHZ)
@@ -8913,10 +9080,10 @@ index 488e631..6cdd928 100644
ld r4,_DAR(r1)
bl bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 2b66f25..80884d4 100644
+index 8bcc1b4..d2acf44 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
-@@ -1578,10 +1578,10 @@ handle_page_fault:
+@@ -1488,10 +1488,10 @@ handle_page_fault:
11: ld r4,_DAR(r1)
ld r5,_DSISR(r1)
addi r3,r1,STACK_FRAME_OVERHEAD
@@ -8929,10 +9096,10 @@ index 2b66f25..80884d4 100644
addi r3,r1,STACK_FRAME_OVERHEAD
lwz r4,_DAR(r1)
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
-index 290559d..0094ddb 100644
+index 3cb46a3..a8c0477 100644
--- a/arch/powerpc/kernel/irq.c
+++ b/arch/powerpc/kernel/irq.c
-@@ -460,6 +460,8 @@ void migrate_irqs(void)
+@@ -461,6 +461,8 @@ void migrate_irqs(void)
}
#endif
@@ -8941,7 +9108,7 @@ index 290559d..0094ddb 100644
static inline void check_stack_overflow(void)
{
#ifdef CONFIG_DEBUG_STACKOVERFLOW
-@@ -472,6 +474,7 @@ static inline void check_stack_overflow(void)
+@@ -473,6 +475,7 @@ static inline void check_stack_overflow(void)
pr_err("do_IRQ: stack overflow: %ld\n",
sp - sizeof(struct thread_info));
dump_stack();
@@ -8992,10 +9159,10 @@ index 5a7a78f..c0e4207 100644
sechdrs, module);
if (!module->arch.tramp)
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index bec85055..8a6b0c2b 100644
+index 0b93893..4c72fc1 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -1318,8 +1318,8 @@ void show_regs(struct pt_regs * regs)
+@@ -1321,8 +1321,8 @@ void show_regs(struct pt_regs * regs)
* Lookup NIP late so we have the best change of getting the
* above info out without failing
*/
@@ -9006,7 +9173,7 @@ index bec85055..8a6b0c2b 100644
#endif
show_stack(current, (unsigned long *) regs->gpr[1]);
if (!user_mode(regs))
-@@ -1839,10 +1839,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1843,10 +1843,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
@@ -9019,7 +9186,7 @@ index bec85055..8a6b0c2b 100644
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1862,7 +1862,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1866,7 +1866,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
@@ -9028,7 +9195,7 @@ index bec85055..8a6b0c2b 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1899,13 +1899,6 @@ void notrace __ppc64_runlatch_off(void)
+@@ -1903,13 +1903,6 @@ void notrace __ppc64_runlatch_off(void)
}
#endif /* CONFIG_PPC64 */
@@ -9043,7 +9210,7 @@ index bec85055..8a6b0c2b 100644
{
unsigned long rnd = 0;
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
-index 30a03c0..e2d507b 100644
+index 060b140..b67ca8c 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1801,6 +1801,10 @@ static int do_seccomp(struct pt_regs *regs)
@@ -9108,7 +9275,7 @@ index 2552079..a290dc8a 100644
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 9229ba6..f6aaa3c 100644
+index 9229ba6..ddd4d5e 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -36,6 +36,7 @@
@@ -9148,7 +9315,7 @@ index 9229ba6..f6aaa3c 100644
+
+ if (reason & REASON_ILLEGAL) {
+ /* Check if PaX bad instruction */
-+ if (!probe_kernel_address(regs->nip, bkpt) && bkpt == 0xc00b00) {
++ if (!probe_kernel_address((void *)regs->nip, bkpt) && bkpt == 0xc00b00) {
+ current->thread.trap_nr = 0;
+ pax_report_refcount_overflow(regs);
+ /* fixup_exception() for PowerPC does not exist, simulate its job */
@@ -9166,7 +9333,7 @@ index 9229ba6..f6aaa3c 100644
* has no FPU, in that case the reason flags will be 0 */
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
-index def1b8b..51ae209 100644
+index 6767605..75520c0 100644
--- a/arch/powerpc/kernel/vdso.c
+++ b/arch/powerpc/kernel/vdso.c
@@ -34,6 +34,7 @@
@@ -9186,7 +9353,7 @@ index def1b8b..51ae209 100644
/* vDSO has a problem and was disabled, just don't "enable" it for the
* process
-@@ -199,7 +200,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -200,7 +201,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdso_base = get_unmapped_area(NULL, vdso_base,
(vdso_pages << PAGE_SHIFT) +
((VDSO_ALIGNMENT - 1) & PAGE_MASK),
@@ -9331,10 +9498,10 @@ index a67c6d7..a662e6d 100644
goto bail;
}
diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
-index 4087705..7e75693 100644
+index 2f1e443..de888bf 100644
--- a/arch/powerpc/mm/mmap.c
+++ b/arch/powerpc/mm/mmap.c
-@@ -86,6 +86,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -194,6 +194,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
{
unsigned long random_factor = 0UL;
@@ -9345,7 +9512,7 @@ index 4087705..7e75693 100644
if (current->flags & PF_RANDOMIZE)
random_factor = arch_mmap_rnd();
-@@ -95,9 +99,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -205,9 +209,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -9368,7 +9535,7 @@ index 4087705..7e75693 100644
}
}
diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
-index 42954f0..a8252e2 100644
+index 2b27458..7c7c59b 100644
--- a/arch/powerpc/mm/slice.c
+++ b/arch/powerpc/mm/slice.c
@@ -105,7 +105,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr,
@@ -9393,7 +9560,7 @@ index 42954f0..a8252e2 100644
while (addr < TASK_SIZE) {
info.low_limit = addr;
if (!slice_scan_available(addr, available, 1, &addr))
-@@ -409,6 +415,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
+@@ -410,6 +416,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
if (fixed && addr > (mm->task_size - len))
return -ENOMEM;
@@ -9405,7 +9572,7 @@ index 42954f0..a8252e2 100644
/* If hint, make sure it matches our alignment restrictions */
if (!fixed && addr) {
addr = _ALIGN_UP(addr, 1ul << pshift);
-@@ -554,10 +565,10 @@ unsigned long arch_get_unmapped_area(struct file *filp,
+@@ -555,10 +566,10 @@ unsigned long arch_get_unmapped_area(struct file *filp,
}
unsigned long arch_get_unmapped_area_topdown(struct file *filp,
@@ -9554,10 +9721,10 @@ index e0900dd..72d683d 100644
return n;
}
diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
-index 7873e17..d21af5b 100644
+index fbc0789..e7962a1 100644
--- a/arch/s390/kernel/module.c
+++ b/arch/s390/kernel/module.c
-@@ -159,11 +159,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+@@ -163,11 +163,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
/* Increase core size by size of got & plt and set start
offsets for got and plt. */
@@ -9574,7 +9741,7 @@ index 7873e17..d21af5b 100644
return 0;
}
-@@ -279,7 +279,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -283,7 +283,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
if (info->got_initialized == 0) {
Elf_Addr *gotent;
@@ -9583,7 +9750,7 @@ index 7873e17..d21af5b 100644
info->got_offset;
*gotent = val;
info->got_initialized = 1;
-@@ -302,7 +302,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -306,7 +306,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
rc = apply_rela_bits(loc, val, 0, 64, 0);
else if (r_type == R_390_GOTENT ||
r_type == R_390_GOTPLTENT) {
@@ -9592,7 +9759,7 @@ index 7873e17..d21af5b 100644
rc = apply_rela_bits(loc, val, 1, 32, 1);
}
break;
-@@ -315,7 +315,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -319,7 +319,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
if (info->plt_initialized == 0) {
unsigned int *ip;
@@ -9601,7 +9768,7 @@ index 7873e17..d21af5b 100644
info->plt_offset;
ip[0] = 0x0d10e310; /* basr 1,0; lg 1,10(1); br 1 */
ip[1] = 0x100a0004;
-@@ -334,7 +334,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -338,7 +338,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
val - loc + 0xffffUL < 0x1ffffeUL) ||
(r_type == R_390_PLT32DBL &&
val - loc + 0xffffffffULL < 0x1fffffffeULL)))
@@ -9610,7 +9777,7 @@ index 7873e17..d21af5b 100644
me->arch.plt_offset +
info->plt_offset;
val += rela->r_addend - loc;
-@@ -356,7 +356,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -360,7 +360,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
case R_390_GOTOFF32: /* 32 bit offset to GOT. */
case R_390_GOTOFF64: /* 64 bit offset to GOT. */
val = val + rela->r_addend -
@@ -9619,7 +9786,7 @@ index 7873e17..d21af5b 100644
if (r_type == R_390_GOTOFF16)
rc = apply_rela_bits(loc, val, 0, 16, 0);
else if (r_type == R_390_GOTOFF32)
-@@ -366,7 +366,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -370,7 +370,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
break;
case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
@@ -9629,10 +9796,10 @@ index 7873e17..d21af5b 100644
if (r_type == R_390_GOTPC)
rc = apply_rela_bits(loc, val, 1, 32, 0);
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
-index 2bba7df..8f1e6b5 100644
+index bba4fa7..9c32b3c 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
-@@ -234,13 +234,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -217,13 +217,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -9647,10 +9814,10 @@ index 2bba7df..8f1e6b5 100644
{
return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index 89cf09e..cc41962 100644
+index eb9df28..7b686ba 100644
--- a/arch/s390/mm/mmap.c
+++ b/arch/s390/mm/mmap.c
-@@ -200,9 +200,9 @@ s390_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -201,9 +201,9 @@ s390_get_unmapped_area(struct file *filp, unsigned long addr,
}
static unsigned long
@@ -9663,7 +9830,7 @@ index 89cf09e..cc41962 100644
{
struct mm_struct *mm = current->mm;
unsigned long area;
-@@ -229,6 +229,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -230,6 +230,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
{
unsigned long random_factor = 0UL;
@@ -9674,7 +9841,7 @@ index 89cf09e..cc41962 100644
if (current->flags & PF_RANDOMIZE)
random_factor = arch_mmap_rnd();
-@@ -238,9 +242,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -239,9 +243,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = mmap_base_legacy(random_factor);
@@ -9724,10 +9891,10 @@ index f9f3cd5..58ff438 100644
#endif /* _ASM_SCORE_EXEC_H */
diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c
-index a1519ad3..e8ac1ff 100644
+index aae9480..93e40a4 100644
--- a/arch/score/kernel/process.c
+++ b/arch/score/kernel/process.c
-@@ -116,8 +116,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -114,8 +114,3 @@ unsigned long get_wchan(struct task_struct *task)
return task_pt_regs(task)->cp0_epc;
}
@@ -9847,7 +10014,7 @@ index 6777177..d44b592 100644
addr = vm_unmapped_area(&info);
}
diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
-index 57ffaf2..4d1fe9a 100644
+index 546293d..cb6ea17 100644
--- a/arch/sparc/Kconfig
+++ b/arch/sparc/Kconfig
@@ -39,6 +39,7 @@ config SPARC
@@ -9859,7 +10026,7 @@ index 57ffaf2..4d1fe9a 100644
select OLD_SIGSUSPEND
select ARCH_HAS_SG_CHAIN
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
-index f2fbf9e..c217c17 100644
+index f2fbf9e..470e701 100644
--- a/arch/sparc/include/asm/atomic_64.h
+++ b/arch/sparc/include/asm/atomic_64.h
@@ -15,18 +15,38 @@
@@ -10006,7 +10173,7 @@ index f2fbf9e..c217c17 100644
if (likely(old == c))
break;
c = old;
-@@ -93,21 +162,47 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -93,21 +162,42 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
#define atomic64_cmpxchg(v, o, n) \
((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n)))
@@ -10021,11 +10188,6 @@ index f2fbf9e..c217c17 100644
+{
+ return xchg(&v->counter, new);
+}
-+static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old,
-+ long new)
-+{
-+ return cmpxchg(&(v->counter), old, new);
-+}
static inline long atomic64_add_unless(atomic64_t *v, long a, long u)
{
@@ -10113,7 +10275,7 @@ index 9331083..59c0499 100644
#define ELF_HWCAP sparc64_elf_hwcap
diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
-index a3890da..f6a408e 100644
+index 0346c7e..c5c25b9 100644
--- a/arch/sparc/include/asm/pgalloc_32.h
+++ b/arch/sparc/include/asm/pgalloc_32.h
@@ -35,6 +35,7 @@ static inline void pgd_set(pgd_t * pgdp, pmd_t * pmdp)
@@ -10125,7 +10287,7 @@ index a3890da..f6a408e 100644
static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
unsigned long address)
diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
-index 5e31871..13469c6 100644
+index 3529f13..d98a28c 100644
--- a/arch/sparc/include/asm/pgalloc_64.h
+++ b/arch/sparc/include/asm/pgalloc_64.h
@@ -21,6 +21,7 @@ static inline void __pgd_populate(pgd_t *pgd, pud_t *pud)
@@ -10158,7 +10320,7 @@ index 59ba6f6..4518128 100644
+
#endif
diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h
-index 91b963a..9a806c1 100644
+index ce6f569..593b043 100644
--- a/arch/sparc/include/asm/pgtable_32.h
+++ b/arch/sparc/include/asm/pgtable_32.h
@@ -51,6 +51,9 @@ unsigned long __init bootmem_init(unsigned long *pages_avail);
@@ -10532,7 +10694,7 @@ index fdb1332..1b10f89 100644
extra-y := head_$(BITS).o
diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
-index c5113c7..52322e4 100644
+index b7780a5..28315f0 100644
--- a/arch/sparc/kernel/process_32.c
+++ b/arch/sparc/kernel/process_32.c
@@ -123,14 +123,14 @@ void show_regs(struct pt_regs *r)
@@ -10562,7 +10724,7 @@ index c5113c7..52322e4 100644
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index c16ef1a..8b38d7b 100644
+index fa14402..b2a7408 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
@@ -161,7 +161,7 @@ static void show_regwindow(struct pt_regs *regs)
@@ -10654,7 +10816,7 @@ index 9ddc492..27a5619 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index 8a6151a..fa3cbb1 100644
+index 8a6151a..fa3cbb19 100644
--- a/arch/sparc/kernel/smp_64.c
+++ b/arch/sparc/kernel/smp_64.c
@@ -891,7 +891,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
@@ -12288,7 +12450,7 @@ index ba52e64..eee5791 100644
pte_t *huge_pte_alloc(struct mm_struct *mm,
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
-index 14bb0d5..ae289b8 100644
+index aec508e..ad807e7 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
@@ -189,9 +189,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
@@ -12326,10 +12488,10 @@ index 14bb0d5..ae289b8 100644
#endif /* CONFIG_DEBUG_DCFLUSH */
}
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
-index 8171930..c60b093 100644
+index 4820a02..4366ab2 100644
--- a/arch/tile/Kconfig
+++ b/arch/tile/Kconfig
-@@ -203,6 +203,7 @@ source "kernel/Kconfig.hz"
+@@ -194,6 +194,7 @@ source "kernel/Kconfig.hz"
config KEXEC
bool "kexec system call"
select KEXEC_CORE
@@ -12338,10 +12500,10 @@ index 8171930..c60b093 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
-index 51cabc2..77cceee 100644
+index b0531a6..555a389 100644
--- a/arch/tile/include/asm/atomic_64.h
+++ b/arch/tile/include/asm/atomic_64.h
-@@ -145,6 +145,16 @@ static inline void atomic64_xor(long i, atomic64_t *v)
+@@ -158,6 +158,16 @@ static inline void atomic64_xor(long i, atomic64_t *v)
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
@@ -12393,7 +12555,7 @@ index 0a9c4265..bfb62d1 100644
else
copy_from_user_overflow();
diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
-index e212c64..5f238fc 100644
+index 77ceaa3..3630dea 100644
--- a/arch/tile/mm/hugetlbpage.c
+++ b/arch/tile/mm/hugetlbpage.c
@@ -174,6 +174,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
@@ -12484,10 +12646,10 @@ index bae8523..ba9484b 100644
#ifdef CONFIG_64BIT
#define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
-index 48af59a..4c75105 100644
+index 034b42c7..5c186ce 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
-@@ -347,22 +347,6 @@ int singlestepping(void * t)
+@@ -343,22 +343,6 @@ int singlestepping(void * t)
return 2;
}
@@ -12528,7 +12690,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 2dc18605..5796232 100644
+index d9a94da..4c060aa 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -39,14 +39,13 @@ config X86
@@ -12550,13 +12712,13 @@ index 2dc18605..5796232 100644
@@ -92,7 +91,7 @@ config X86
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
- select HAVE_BPF_JIT if X86_64
+ select HAVE_EBPF_JIT if X86_64
- select HAVE_CC_STACKPROTECTOR
+ select HAVE_CC_STACKPROTECTOR if X86_64 || !PAX_MEMORY_UDEREF
select HAVE_CMPXCHG_DOUBLE
select HAVE_CMPXCHG_LOCAL
select HAVE_CONTEXT_TRACKING if X86_64
-@@ -110,6 +109,7 @@ config X86
+@@ -111,6 +110,7 @@ config X86
select HAVE_FUNCTION_GRAPH_FP_TEST
select HAVE_FUNCTION_GRAPH_TRACER
select HAVE_FUNCTION_TRACER
@@ -12564,7 +12726,7 @@ index 2dc18605..5796232 100644
select HAVE_GENERIC_DMA_COHERENT if X86_32
select HAVE_HW_BREAKPOINT
select HAVE_IDE
-@@ -188,11 +188,13 @@ config MMU
+@@ -186,11 +186,13 @@ config MMU
def_bool y
config ARCH_MMAP_RND_BITS_MIN
@@ -12580,7 +12742,7 @@ index 2dc18605..5796232 100644
default 16
config ARCH_MMAP_RND_COMPAT_BITS_MIN
-@@ -294,7 +296,7 @@ config X86_64_SMP
+@@ -292,7 +294,7 @@ config X86_64_SMP
config X86_32_LAZY_GS
def_bool y
@@ -12589,7 +12751,7 @@ index 2dc18605..5796232 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -681,6 +683,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -679,6 +681,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig HYPERVISOR_GUEST
bool "Linux guest support"
@@ -12605,7 +12767,7 @@ index 2dc18605..5796232 100644
default y
depends on MODIFY_LDT_SYSCALL
---help---
-@@ -1243,6 +1247,7 @@ choice
+@@ -1234,6 +1238,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12613,7 +12775,7 @@ index 2dc18605..5796232 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1279,6 +1284,7 @@ config NOHIGHMEM
+@@ -1270,6 +1275,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12621,7 +12783,7 @@ index 2dc18605..5796232 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1331,7 +1337,7 @@ config PAGE_OFFSET
+@@ -1322,7 +1328,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12630,7 +12792,7 @@ index 2dc18605..5796232 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1352,7 +1358,6 @@ config X86_PAE
+@@ -1343,7 +1349,6 @@ config X86_PAE
config ARCH_PHYS_ADDR_T_64BIT
def_bool y
@@ -12638,7 +12800,7 @@ index 2dc18605..5796232 100644
config ARCH_DMA_ADDR_T_64BIT
def_bool y
-@@ -1483,7 +1488,7 @@ config ARCH_PROC_KCORE_TEXT
+@@ -1474,7 +1479,7 @@ config ARCH_PROC_KCORE_TEXT
config ILLEGAL_POINTER_VALUE
hex
@@ -12647,7 +12809,7 @@ index 2dc18605..5796232 100644
default 0xdead000000000000 if X86_64
source "mm/Kconfig"
-@@ -1806,6 +1811,7 @@ source kernel/Kconfig.hz
+@@ -1797,6 +1802,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
select KEXEC_CORE
@@ -12655,7 +12817,7 @@ index 2dc18605..5796232 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1988,7 +1994,9 @@ config X86_NEED_RELOCS
+@@ -1963,7 +1969,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12666,7 +12828,7 @@ index 2dc18605..5796232 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -2071,6 +2079,7 @@ config COMPAT_VDSO
+@@ -2046,6 +2054,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -12674,7 +12836,7 @@ index 2dc18605..5796232 100644
---help---
Certain buggy versions of glibc will crash if they are
presented with a 32-bit vDSO that is not mapped at the address
-@@ -2111,15 +2120,6 @@ choice
+@@ -2086,15 +2095,6 @@ choice
If unsure, select "Emulate".
@@ -12690,7 +12852,7 @@ index 2dc18605..5796232 100644
config LEGACY_VSYSCALL_EMULATE
bool "Emulate"
help
-@@ -2200,6 +2200,22 @@ config MODIFY_LDT_SYSCALL
+@@ -2175,6 +2175,22 @@ config MODIFY_LDT_SYSCALL
Saying 'N' here may make sense for embedded or server kernels.
@@ -12782,7 +12944,7 @@ index 67eec55..1a5c1ab 100644
---help---
This is a debug driver, which gets the power states
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 4086abc..52a0a9b 100644
+index 6fce7f0..9a4d7ce 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -75,9 +75,6 @@ ifeq ($(CONFIG_X86_32),y)
@@ -12813,7 +12975,7 @@ index 4086abc..52a0a9b 100644
ifeq ($(CONFIG_KEXEC_FILE),y)
$(Q)$(MAKE) $(build)=arch/x86/purgatory arch/x86/purgatory/kexec-purgatory.c
endif
-@@ -284,3 +285,9 @@ define archhelp
+@@ -285,3 +286,9 @@ define archhelp
echo ' FDARGS="..." arguments for the booted kernel'
echo ' FDINITRD=file initrd for the booted kernel'
endef
@@ -12859,7 +13021,7 @@ index 9011a88..06aa820 100644
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 8774cb2..54bc0df 100644
+index f135688..1249175 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -35,6 +35,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse
@@ -12944,7 +13106,7 @@ index 630384a..278e788 100644
.quad 0x0000000000000000 /* TS continued */
efi_gdt64_end:
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 0256064..bef8bbd 100644
+index 1038524..b6acc21 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -169,10 +169,10 @@ preferred_addr:
@@ -12961,7 +13123,7 @@ index 0256064..bef8bbd 100644
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 86558a1..32f1e7e 100644
+index 0d80a7a..ed3e0ff 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -103,10 +103,10 @@ ENTRY(startup_32)
@@ -12977,7 +13139,7 @@ index 86558a1..32f1e7e 100644
1:
/* Target address to relocate to for decompression */
-@@ -331,10 +331,10 @@ preferred_addr:
+@@ -333,10 +333,10 @@ preferred_addr:
addq %rax, %rbp
notq %rax
andq %rax, %rbp
@@ -12990,7 +13152,7 @@ index 86558a1..32f1e7e 100644
1:
/* Target address to relocate to for decompression */
-@@ -443,8 +443,8 @@ gdt:
+@@ -444,8 +444,8 @@ gdt:
.long gdt
.word 0
.quad 0x0000000000000000 /* NULL descriptor */
@@ -13002,10 +13164,20 @@ index 86558a1..32f1e7e 100644
.quad 0x0000000000000000 /* TS continued */
gdt_end:
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 79dac17..1549446 100644
+index f14db4e..d2c951e 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
-@@ -259,7 +259,7 @@ static void handle_relocations(void *output, unsigned long output_len)
+@@ -175,13 +175,17 @@ static void handle_relocations(void *output, unsigned long output_len)
+ int *reloc;
+ unsigned long delta, map, ptr;
+ unsigned long min_addr = (unsigned long)output;
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++ unsigned long max_addr = min_addr + (VO___bss_start - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR);
++#else
+ unsigned long max_addr = min_addr + (VO___bss_start - VO__text);
++#endif
+
+ /*
* Calculate the delta between where vmlinux was linked to load
* and where it was actually loaded.
*/
@@ -13014,7 +13186,7 @@ index 79dac17..1549446 100644
if (!delta) {
debug_putstr("No relocation needed... ");
return;
-@@ -341,7 +341,7 @@ static void parse_elf(void *output)
+@@ -263,7 +267,7 @@ static void parse_elf(void *output)
Elf32_Ehdr ehdr;
Elf32_Phdr *phdrs, *phdr;
#endif
@@ -13023,7 +13195,7 @@ index 79dac17..1549446 100644
int i;
memcpy(&ehdr, output, sizeof(ehdr));
-@@ -368,13 +368,16 @@ static void parse_elf(void *output)
+@@ -290,11 +294,14 @@ static void parse_elf(void *output)
case PT_LOAD:
#ifdef CONFIG_RELOCATABLE
dest = output;
@@ -13032,16 +13204,26 @@ index 79dac17..1549446 100644
#else
dest = (void *)(phdr->p_paddr);
#endif
- memcpy(dest,
- output + phdr->p_offset,
- phdr->p_filesz);
+ memmove(dest, output + phdr->p_offset, phdr->p_filesz);
+ if (i)
+ memset(prev, 0xff, dest - prev);
+ prev = dest + phdr->p_filesz;
break;
default: /* Ignore other PT_* */ break;
}
-@@ -443,7 +446,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
+@@ -326,7 +333,11 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
+ unsigned char *output,
+ unsigned long output_len)
+ {
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++ const unsigned long kernel_total_size = VO__end - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR;
++#else
+ const unsigned long kernel_total_size = VO__end - VO__text;
++#endif
+ unsigned char *output_orig = output;
+
+ /* Retain x86 boot parameters pointer passed from startup_32/64. */
+@@ -381,7 +392,7 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
@@ -13050,6 +13232,18 @@ index 79dac17..1549446 100644
error("Wrong destination address");
#endif
+diff --git a/arch/x86/boot/compressed/pagetable.c b/arch/x86/boot/compressed/pagetable.c
+index 34b95df..e6d5fc2 100644
+--- a/arch/x86/boot/compressed/pagetable.c
++++ b/arch/x86/boot/compressed/pagetable.c
+@@ -11,6 +11,7 @@
+ */
+ #define __pa(x) ((unsigned long)(x))
+ #define __va(x) ((void *)((unsigned long)(x)))
++#undef CONFIG_PAX_KERNEXEC
+
+ #include "misc.h"
+
diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c
index 1fd7d57..0f7d096 100644
--- a/arch/x86/boot/cpucheck.c
@@ -13096,24 +13290,30 @@ index 1fd7d57..0f7d096 100644
err = check_cpuflags();
} else if (err == 0x01 &&
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
-index 6236b9e..3099904 100644
+index 3dd5be3..16720a2 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
-@@ -438,10 +438,14 @@ setup_data: .quad 0 # 64-bit physical pointer to
+@@ -438,7 +438,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
# single linked list of
# struct setup_data
-pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
+pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
- #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
+ #
+ # Getting to provably safe in-place decompression is hard. Worst case
+@@ -543,7 +543,12 @@ pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
+
+ #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset)
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+#define VO_INIT_SIZE (VO__end - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR)
+#else
#define VO_INIT_SIZE (VO__end - VO__text)
+#endif
++
#if ZO_INIT_SIZE > VO_INIT_SIZE
- #define INIT_SIZE ZO_INIT_SIZE
+ # define INIT_SIZE ZO_INIT_SIZE
#else
diff --git a/arch/x86/boot/memory.c b/arch/x86/boot/memory.c
index db75d07..8e6d0af 100644
@@ -13608,7 +13808,7 @@ index 383a6f8..a4db591 100644
ENDPROC(aesni_xts_crypt8)
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
-index 064c7e2..df15412 100644
+index 5b7fa14..fb27be1 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -82,9 +82,9 @@ struct aesni_xts_ctx {
@@ -14009,7 +14209,7 @@ index 310319c..9253a8f 100644
ret;
ENDPROC(camellia_dec_blk_2way)
diff --git a/arch/x86/crypto/camellia_aesni_avx2_glue.c b/arch/x86/crypto/camellia_aesni_avx2_glue.c
-index d844569..edaf489 100644
+index 60907c1..fe8638d 100644
--- a/arch/x86/crypto/camellia_aesni_avx2_glue.c
+++ b/arch/x86/crypto/camellia_aesni_avx2_glue.c
@@ -27,20 +27,20 @@
@@ -14043,7 +14243,7 @@ index d844569..edaf489 100644
static const struct common_glue_ctx camellia_enc = {
.num_funcs = 4,
diff --git a/arch/x86/crypto/camellia_aesni_avx_glue.c b/arch/x86/crypto/camellia_aesni_avx_glue.c
-index 93d8f29..4218a74 100644
+index d96429d..18ab2e6 100644
--- a/arch/x86/crypto/camellia_aesni_avx_glue.c
+++ b/arch/x86/crypto/camellia_aesni_avx_glue.c
@@ -26,28 +26,28 @@
@@ -14794,7 +14994,7 @@ index acc066c..1559cc4 100644
ret;
ENDPROC(serpent_dec_blk_8way)
diff --git a/arch/x86/crypto/serpent_avx2_glue.c b/arch/x86/crypto/serpent_avx2_glue.c
-index 6d19834..a08fbe9 100644
+index 870f6d8..9fed18e 100644
--- a/arch/x86/crypto/serpent_avx2_glue.c
+++ b/arch/x86/crypto/serpent_avx2_glue.c
@@ -27,18 +27,18 @@
@@ -14866,7 +15066,7 @@ index 6f778d3..3cf277e 100644
void __serpent_crypt_ctr(void *ctx, u128 *dst, const u128 *src, le128 *iv)
diff --git a/arch/x86/crypto/serpent_sse2_glue.c b/arch/x86/crypto/serpent_sse2_glue.c
-index 8943407..beb882d 100644
+index 644f97a..4d069a1 100644
--- a/arch/x86/crypto/serpent_sse2_glue.c
+++ b/arch/x86/crypto/serpent_sse2_glue.c
@@ -45,8 +45,10 @@
@@ -14962,7 +15162,7 @@ index a410950..02d2056 100644
ENDPROC(\name)
diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c
-index dd14616..53358bb 100644
+index 1024e37..7958186 100644
--- a/arch/x86/crypto/sha1_ssse3_glue.c
+++ b/arch/x86/crypto/sha1_ssse3_glue.c
@@ -31,8 +31,8 @@
@@ -15219,7 +15419,7 @@ index 748cdf2..959bb4d 100644
shl $6, NUM_BLKS /* convert to bytes */
jz .Ldone_hash
diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c
-index 5f4d608..ddce00d 100644
+index 3ae0f43..524beeb 100644
--- a/arch/x86/crypto/sha256_ssse3_glue.c
+++ b/arch/x86/crypto/sha256_ssse3_glue.c
@@ -40,9 +40,9 @@
@@ -15381,7 +15581,7 @@ index e610e29..83f1cde 100644
ENDPROC(sha512_transform_ssse3)
diff --git a/arch/x86/crypto/sha512_ssse3_glue.c b/arch/x86/crypto/sha512_ssse3_glue.c
-index 34e5083..eb57a5e 100644
+index 0b17c83..6959deb 100644
--- a/arch/x86/crypto/sha512_ssse3_glue.c
+++ b/arch/x86/crypto/sha512_ssse3_glue.c
@@ -39,10 +39,10 @@
@@ -15944,7 +16144,7 @@ index 9a9e588..b900d1c 100644
.macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
-index e79d93d..31091ce 100644
+index ec138e5..3e47a7a 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -33,9 +33,7 @@
@@ -16001,7 +16201,7 @@ index e79d93d..31091ce 100644
-long syscall_trace_enter(struct pt_regs *regs)
+static long syscall_trace_enter(struct pt_regs *regs)
{
- u32 arch = is_ia32_task() ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
+ u32 arch = in_ia32_syscall() ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
unsigned long phase1_result = syscall_trace_enter_phase1(regs, arch);
- if (phase1_result == 0)
@@ -16140,7 +16340,7 @@ index e79d93d..31091ce 100644
) {
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
-index 10868aa..e645e1d 100644
+index 983e5d3..d660273 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -147,13 +147,157 @@
@@ -16327,7 +16527,7 @@ index 10868aa..e645e1d 100644
.macro RESTORE_INT_REGS
popl %ebx
popl %ecx
-@@ -216,7 +369,7 @@ ENTRY(ret_from_fork)
+@@ -213,7 +366,7 @@ ENTRY(ret_from_fork)
movl %esp, %eax
call syscall_return_slowpath
jmp restore_all
@@ -16336,7 +16536,7 @@ index 10868aa..e645e1d 100644
ENTRY(ret_from_kernel_thread)
pushl %eax
-@@ -264,15 +417,23 @@ ret_from_intr:
+@@ -257,15 +410,23 @@ ret_from_intr:
andl $SEGMENT_RPL_MASK, %eax
#endif
cmpl $USER_RPL, %eax
@@ -16362,7 +16562,7 @@ index 10868aa..e645e1d 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -284,7 +445,7 @@ need_resched:
+@@ -277,7 +438,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -16371,7 +16571,7 @@ index 10868aa..e645e1d 100644
#endif
GLOBAL(__begin_SYSENTER_singlestep_region)
-@@ -351,6 +512,10 @@ sysenter_past_esp:
+@@ -344,6 +505,10 @@ sysenter_past_esp:
pushl %eax /* pt_regs->orig_ax */
SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
@@ -16382,7 +16582,7 @@ index 10868aa..e645e1d 100644
/*
* SYSENTER doesn't filter flags, so we need to clear NT, AC
* and TF ourselves. To save a few cycles, we can check whether
-@@ -386,11 +551,20 @@ sysenter_past_esp:
+@@ -379,11 +544,20 @@ sysenter_past_esp:
ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \
"jmp .Lsyscall_32_done", X86_FEATURE_XENPV
@@ -16403,7 +16603,7 @@ index 10868aa..e645e1d 100644
PTGS_TO_GS
popl %ebx /* pt_regs->bx */
addl $2*4, %esp /* skip pt_regs->cx and pt_regs->dx */
-@@ -416,10 +590,16 @@ sysenter_past_esp:
+@@ -409,10 +583,16 @@ sysenter_past_esp:
sysexit
.pushsection .fixup, "ax"
@@ -16422,7 +16622,7 @@ index 10868aa..e645e1d 100644
PTGS_TO_GS_EX
.Lsysenter_fix_flags:
-@@ -462,6 +642,10 @@ ENTRY(entry_INT80_32)
+@@ -455,6 +635,10 @@ ENTRY(entry_INT80_32)
pushl %eax /* pt_regs->orig_ax */
SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
@@ -16433,7 +16633,7 @@ index 10868aa..e645e1d 100644
/*
* User mode is traced as though IRQs are on, and the interrupt gate
* turned them off.
-@@ -472,6 +656,13 @@ ENTRY(entry_INT80_32)
+@@ -465,6 +649,13 @@ ENTRY(entry_INT80_32)
call do_int80_syscall_32
.Lsyscall_32_done:
@@ -16447,7 +16647,7 @@ index 10868aa..e645e1d 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -515,14 +706,34 @@ ldt_ss:
+@@ -508,14 +699,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -16485,7 +16685,7 @@ index 10868aa..e645e1d 100644
pushl $__ESPFIX_SS
pushl %eax /* new kernel esp */
/*
-@@ -546,8 +757,15 @@ ENDPROC(entry_INT80_32)
+@@ -539,8 +750,15 @@ ENDPROC(entry_INT80_32)
*/
#ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
@@ -16503,7 +16703,7 @@ index 10868aa..e645e1d 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl $__KERNEL_DS
-@@ -583,7 +801,7 @@ ENTRY(irq_entries_start)
+@@ -576,7 +794,7 @@ ENTRY(irq_entries_start)
jmp common_interrupt
.align 8
.endr
@@ -16512,7 +16712,7 @@ index 10868aa..e645e1d 100644
/*
* the CPU automatically disables interrupts when executing an IRQ vector,
-@@ -630,7 +848,7 @@ ENTRY(coprocessor_error)
+@@ -623,7 +841,7 @@ ENTRY(coprocessor_error)
pushl $0
pushl $do_coprocessor_error
jmp error_code
@@ -16521,7 +16721,7 @@ index 10868aa..e645e1d 100644
ENTRY(simd_coprocessor_error)
ASM_CLAC
-@@ -644,20 +862,20 @@ ENTRY(simd_coprocessor_error)
+@@ -637,20 +855,20 @@ ENTRY(simd_coprocessor_error)
pushl $do_simd_coprocessor_error
#endif
jmp error_code
@@ -16545,7 +16745,7 @@ index 10868aa..e645e1d 100644
#endif
ENTRY(overflow)
-@@ -665,59 +883,59 @@ ENTRY(overflow)
+@@ -658,59 +876,59 @@ ENTRY(overflow)
pushl $0
pushl $do_overflow
jmp error_code
@@ -16614,7 +16814,7 @@ index 10868aa..e645e1d 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -725,7 +943,7 @@ ENTRY(machine_check)
+@@ -718,7 +936,7 @@ ENTRY(machine_check)
pushl $0
pushl machine_check_vector
jmp error_code
@@ -16623,7 +16823,7 @@ index 10868aa..e645e1d 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -733,7 +951,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -726,7 +944,7 @@ ENTRY(spurious_interrupt_bug)
pushl $0
pushl $do_spurious_interrupt_bug
jmp error_code
@@ -16632,7 +16832,7 @@ index 10868aa..e645e1d 100644
#ifdef CONFIG_XEN
ENTRY(xen_hypervisor_callback)
-@@ -832,7 +1050,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -825,7 +1043,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -16641,7 +16841,7 @@ index 10868aa..e645e1d 100644
ENTRY(ftrace_caller)
pushl %eax
-@@ -862,7 +1080,7 @@ ftrace_graph_call:
+@@ -855,7 +1073,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -16650,7 +16850,7 @@ index 10868aa..e645e1d 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -960,7 +1178,7 @@ trace:
+@@ -953,7 +1171,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -16659,7 +16859,7 @@ index 10868aa..e645e1d 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -978,7 +1196,7 @@ ENTRY(ftrace_graph_caller)
+@@ -971,7 +1189,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -16668,7 +16868,7 @@ index 10868aa..e645e1d 100644
.globl return_to_handler
return_to_handler:
-@@ -997,7 +1215,7 @@ ENTRY(trace_page_fault)
+@@ -990,7 +1208,7 @@ ENTRY(trace_page_fault)
ASM_CLAC
pushl $trace_do_page_fault
jmp error_code
@@ -16677,7 +16877,7 @@ index 10868aa..e645e1d 100644
#endif
ENTRY(page_fault)
-@@ -1026,16 +1244,19 @@ error_code:
+@@ -1019,16 +1237,19 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -16700,7 +16900,7 @@ index 10868aa..e645e1d 100644
/*
* #DB can happen at the first instruction of
* entry_SYSENTER_32 or in Xen's SYSENTER prologue. If this
-@@ -1052,7 +1273,13 @@ ENTRY(debug)
+@@ -1045,7 +1266,13 @@ ENTRY(debug)
movl %esp, %eax # pt_regs pointer
/* Are we currently on the SYSENTER stack? */
@@ -16715,7 +16915,7 @@ index 10868aa..e645e1d 100644
subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */
cmpl $SIZEOF_SYSENTER_stack, %ecx
jb .Ldebug_from_sysenter_stack
-@@ -1069,7 +1296,7 @@ ENTRY(debug)
+@@ -1062,7 +1289,7 @@ ENTRY(debug)
call do_debug
movl %ebp, %esp
jmp ret_from_exception
@@ -16724,7 +16924,7 @@ index 10868aa..e645e1d 100644
/*
* NMI is doubly nasty. It can happen on the first instruction of
-@@ -1094,13 +1321,22 @@ ENTRY(nmi)
+@@ -1087,13 +1314,22 @@ ENTRY(nmi)
movl %esp, %eax # pt_regs pointer
/* Are we currently on the SYSENTER stack? */
@@ -16748,7 +16948,7 @@ index 10868aa..e645e1d 100644
jmp restore_all_notrace
.Lnmi_from_sysenter_stack:
-@@ -1112,6 +1348,9 @@ ENTRY(nmi)
+@@ -1105,6 +1341,9 @@ ENTRY(nmi)
movl PER_CPU_VAR(cpu_current_top_of_stack), %esp
call do_nmi
movl %ebp, %esp
@@ -16758,7 +16958,7 @@ index 10868aa..e645e1d 100644
jmp restore_all_notrace
#ifdef CONFIG_X86_ESPFIX32
-@@ -1131,11 +1370,14 @@ nmi_espfix_stack:
+@@ -1124,11 +1363,14 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx, %edx # zero error code
call do_nmi
@@ -16774,7 +16974,7 @@ index 10868aa..e645e1d 100644
ENTRY(int3)
ASM_CLAC
-@@ -1146,17 +1388,17 @@ ENTRY(int3)
+@@ -1139,17 +1381,17 @@ ENTRY(int3)
movl %esp, %eax # pt_regs pointer
call do_int3
jmp ret_from_exception
@@ -16796,7 +16996,7 @@ index 10868aa..e645e1d 100644
+ENDPROC(async_page_fault)
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
-index 858b555..9e9c957 100644
+index 9ee0da1..2421755 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -36,6 +36,8 @@
@@ -17287,7 +17487,7 @@ index 858b555..9e9c957 100644
.endm
/* Instantiate ptregs_stub for each ptregs-using syscall */
-@@ -400,10 +809,12 @@ ENTRY(ret_from_fork)
+@@ -397,10 +806,12 @@ ENTRY(ret_from_fork)
1:
movq %rsp, %rdi
call syscall_return_slowpath /* returns with IRQs disabled */
@@ -17301,7 +17501,7 @@ index 858b555..9e9c957 100644
/*
* Build the entry stubs with some assembler magic.
-@@ -418,7 +829,7 @@ ENTRY(irq_entries_start)
+@@ -415,7 +826,7 @@ ENTRY(irq_entries_start)
jmp common_interrupt
.align 8
.endr
@@ -17310,7 +17510,7 @@ index 858b555..9e9c957 100644
/*
* Interrupt entry/exit.
-@@ -444,6 +855,12 @@ END(irq_entries_start)
+@@ -441,6 +852,12 @@ END(irq_entries_start)
*/
SWAPGS
@@ -17323,7 +17523,7 @@ index 858b555..9e9c957 100644
/*
* We need to tell lockdep that IRQs are off. We can't do this until
* we fix gsbase, and we should do it before enter_from_user_mode
-@@ -456,7 +873,9 @@ END(irq_entries_start)
+@@ -453,7 +870,9 @@ END(irq_entries_start)
CALL_enter_from_user_mode
@@ -17334,7 +17534,7 @@ index 858b555..9e9c957 100644
/*
* Save previous stack pointer, optionally switch to interrupt stack.
* irq_count is used to check if a CPU is already on an interrupt stack
-@@ -468,6 +887,7 @@ END(irq_entries_start)
+@@ -465,6 +884,7 @@ END(irq_entries_start)
incl PER_CPU_VAR(irq_count)
cmovzq PER_CPU_VAR(irq_stack_ptr), %rsp
pushq %rdi
@@ -17342,7 +17542,7 @@ index 858b555..9e9c957 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
-@@ -499,6 +919,8 @@ ret_from_intr:
+@@ -496,6 +916,8 @@ ret_from_intr:
GLOBAL(retint_user)
mov %rsp,%rdi
call prepare_exit_to_usermode
@@ -17351,7 +17551,7 @@ index 858b555..9e9c957 100644
TRACE_IRQS_IRETQ
SWAPGS
jmp restore_regs_and_iret
-@@ -516,6 +938,21 @@ retint_kernel:
+@@ -513,6 +935,21 @@ retint_kernel:
jmp 0b
1:
#endif
@@ -17373,7 +17573,7 @@ index 858b555..9e9c957 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -559,15 +996,15 @@ native_irq_return_ldt:
+@@ -556,15 +993,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr), %rdi
movq %rax, (0*8)(%rdi) /* RAX */
@@ -17394,7 +17594,7 @@ index 858b555..9e9c957 100644
movq %rax, (4*8)(%rdi)
andl $0xffff0000, %eax
popq %rdi
-@@ -577,7 +1014,7 @@ native_irq_return_ldt:
+@@ -574,7 +1011,7 @@ native_irq_return_ldt:
popq %rax
jmp native_irq_return_iret
#endif
@@ -17403,7 +17603,7 @@ index 858b555..9e9c957 100644
/*
* APIC interrupts.
-@@ -589,7 +1026,7 @@ ENTRY(\sym)
+@@ -586,7 +1023,7 @@ ENTRY(\sym)
.Lcommon_\sym:
interrupt \do_sym
jmp ret_from_intr
@@ -17412,7 +17612,7 @@ index 858b555..9e9c957 100644
.endm
#ifdef CONFIG_TRACING
-@@ -654,7 +1091,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
+@@ -651,7 +1088,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
/*
* Exception entry points.
*/
@@ -17421,7 +17621,7 @@ index 858b555..9e9c957 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -701,6 +1138,12 @@ ENTRY(\sym)
+@@ -698,6 +1135,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
@@ -17434,7 +17634,7 @@ index 858b555..9e9c957 100644
subq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
.endif
-@@ -744,7 +1187,7 @@ ENTRY(\sym)
+@@ -741,7 +1184,7 @@ ENTRY(\sym)
jmp error_exit /* %ebx: no swapgs flag */
.endif
@@ -17443,8 +17643,8 @@ index 858b555..9e9c957 100644
.endm
#ifdef CONFIG_TRACING
-@@ -786,8 +1229,9 @@ gs_change:
- 2: mfence /* workaround */
+@@ -783,8 +1226,9 @@ ENTRY(native_load_gs_index)
+ 2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE
SWAPGS
popfq
+ pax_force_retaddr
@@ -17452,9 +17652,9 @@ index 858b555..9e9c957 100644
-END(native_load_gs_index)
+ENDPROC(native_load_gs_index)
- _ASM_EXTABLE(gs_change, bad_gs)
+ _ASM_EXTABLE(.Lgs_change, bad_gs)
.section .fixup, "ax"
-@@ -809,8 +1253,9 @@ ENTRY(do_softirq_own_stack)
+@@ -812,8 +1256,9 @@ ENTRY(do_softirq_own_stack)
call __do_softirq
leaveq
decl PER_CPU_VAR(irq_count)
@@ -17465,7 +17665,7 @@ index 858b555..9e9c957 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -846,7 +1291,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
+@@ -849,7 +1294,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
call xen_maybe_preempt_hcall
#endif
jmp error_exit
@@ -17474,7 +17674,7 @@ index 858b555..9e9c957 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -891,7 +1336,7 @@ ENTRY(xen_failsafe_callback)
+@@ -894,7 +1339,7 @@ ENTRY(xen_failsafe_callback)
SAVE_C_REGS
SAVE_EXTRA_REGS
jmp error_exit
@@ -17483,7 +17683,7 @@ index 858b555..9e9c957 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -903,7 +1348,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
+@@ -906,7 +1351,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
hyperv_callback_vector hyperv_vector_handler
#endif /* CONFIG_HYPERV */
@@ -17492,7 +17692,7 @@ index 858b555..9e9c957 100644
idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
idtentry stack_segment do_stack_segment has_error_code=1
-@@ -940,8 +1385,34 @@ ENTRY(paranoid_entry)
+@@ -943,8 +1388,34 @@ ENTRY(paranoid_entry)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx, %ebx
@@ -17529,7 +17729,7 @@ index 858b555..9e9c957 100644
/*
* "Paranoid" exit path from exception stack. This is invoked
-@@ -958,19 +1429,26 @@ END(paranoid_entry)
+@@ -961,19 +1432,26 @@ END(paranoid_entry)
ENTRY(paranoid_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -17558,7 +17758,7 @@ index 858b555..9e9c957 100644
/*
* Save all registers in pt_regs, and switch gs if needed.
-@@ -984,13 +1462,18 @@ ENTRY(error_entry)
+@@ -987,13 +1465,18 @@ ENTRY(error_entry)
testb $3, CS+8(%rsp)
jz .Lerror_kernelspace
@@ -17578,7 +17778,7 @@ index 858b555..9e9c957 100644
.Lerror_entry_from_usermode_after_swapgs:
/*
* We need to tell lockdep that IRQs are off. We can't do this until
-@@ -999,10 +1482,12 @@ ENTRY(error_entry)
+@@ -1002,10 +1485,12 @@ ENTRY(error_entry)
*/
TRACE_IRQS_OFF
CALL_enter_from_user_mode
@@ -17591,17 +17791,17 @@ index 858b555..9e9c957 100644
ret
/*
-@@ -1020,14 +1505,16 @@ ENTRY(error_entry)
+@@ -1023,14 +1508,16 @@ ENTRY(error_entry)
cmpq %rax, RIP+8(%rsp)
je .Lbstep_iret
- cmpq $gs_change, RIP+8(%rsp)
+ cmpq $.Lgs_change, RIP+8(%rsp)
- jne .Lerror_entry_done
+ jne 1f
/*
- * hack: gs_change can fail with user gsbase. If this happens, fix up
+ * hack: .Lgs_change can fail with user gsbase. If this happens, fix up
* gsbase and proceed. We'll fix up the exception and land in
- * gs_change's error handler with kernel gsbase.
+ * .Lgs_change's error handler with kernel gsbase.
*/
- jmp .Lerror_entry_from_usermode_swapgs
+ SWAPGS
@@ -17610,7 +17810,7 @@ index 858b555..9e9c957 100644
.Lbstep_iret:
/* Fix truncated RIP */
-@@ -1041,6 +1528,12 @@ ENTRY(error_entry)
+@@ -1044,6 +1531,12 @@ ENTRY(error_entry)
*/
SWAPGS
@@ -17623,7 +17823,7 @@ index 858b555..9e9c957 100644
/*
* Pretend that the exception came from user mode: set up pt_regs
* as if we faulted immediately after IRET and clear EBX so that
-@@ -1051,11 +1544,11 @@ ENTRY(error_entry)
+@@ -1054,11 +1547,11 @@ ENTRY(error_entry)
mov %rax, %rsp
decl %ebx
jmp .Lerror_entry_from_usermode_after_swapgs
@@ -17637,7 +17837,7 @@ index 858b555..9e9c957 100644
* 1: already in kernel mode, don't need SWAPGS
* 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode
*/
-@@ -1063,10 +1556,10 @@ ENTRY(error_exit)
+@@ -1066,10 +1559,10 @@ ENTRY(error_exit)
movl %ebx, %eax
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -17650,7 +17850,7 @@ index 858b555..9e9c957 100644
/* Runs on exception stack */
ENTRY(nmi)
-@@ -1120,6 +1613,8 @@ ENTRY(nmi)
+@@ -1123,6 +1616,8 @@ ENTRY(nmi)
* other IST entries.
*/
@@ -17659,7 +17859,7 @@ index 858b555..9e9c957 100644
/* Use %rdx as our temp variable throughout */
pushq %rdx
-@@ -1163,6 +1658,12 @@ ENTRY(nmi)
+@@ -1166,6 +1661,12 @@ ENTRY(nmi)
pushq %r14 /* pt_regs->r14 */
pushq %r15 /* pt_regs->r15 */
@@ -17672,7 +17872,7 @@ index 858b555..9e9c957 100644
/*
* At this point we no longer need to worry about stack damage
* due to nesting -- we're on the normal thread stack and we're
-@@ -1173,12 +1674,19 @@ ENTRY(nmi)
+@@ -1176,12 +1677,19 @@ ENTRY(nmi)
movq $-1, %rsi
call do_nmi
@@ -17692,7 +17892,7 @@ index 858b555..9e9c957 100644
jmp restore_c_regs_and_iret
.Lnmi_from_kernel:
-@@ -1300,6 +1808,7 @@ nested_nmi_out:
+@@ -1303,6 +1811,7 @@ nested_nmi_out:
popq %rdx
/* We are returning to kernel mode, so this cannot result in a fault. */
@@ -17700,7 +17900,7 @@ index 858b555..9e9c957 100644
INTERRUPT_RETURN
first_nmi:
-@@ -1328,7 +1837,7 @@ first_nmi:
+@@ -1331,7 +1840,7 @@ first_nmi:
pushq %rsp /* RSP (minus 8 because of the previous push) */
addq $8, (%rsp) /* Fix up RSP */
pushfq /* RFLAGS */
@@ -17709,7 +17909,7 @@ index 858b555..9e9c957 100644
pushq $1f /* RIP */
INTERRUPT_RETURN /* continues at repeat_nmi below */
1:
-@@ -1373,20 +1882,22 @@ end_repeat_nmi:
+@@ -1376,20 +1885,22 @@ end_repeat_nmi:
ALLOC_PT_GPREGS_ON_STACK
/*
@@ -17735,7 +17935,7 @@ index 858b555..9e9c957 100644
jnz nmi_restore
nmi_swapgs:
SWAPGS_UNSAFE_STACK
-@@ -1397,6 +1908,8 @@ nmi_restore:
+@@ -1400,6 +1911,8 @@ nmi_restore:
/* Point RSP at the "iret" frame. */
REMOVE_PT_GPREGS_FROM_STACK 6*8
@@ -17744,7 +17944,7 @@ index 858b555..9e9c957 100644
/*
* Clear "NMI executing". Set DF first so that we can easily
* distinguish the remaining code between here and IRET from
-@@ -1414,9 +1927,9 @@ nmi_restore:
+@@ -1417,9 +1930,9 @@ nmi_restore:
* mode, so this cannot result in a fault.
*/
INTERRUPT_RETURN
@@ -17757,7 +17957,7 @@ index 858b555..9e9c957 100644
-END(ignore_sysret)
+ENDPROC(ignore_sysret)
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
-index 847f2f0..5f601b1 100644
+index e1721da..83f2c49 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -13,11 +13,39 @@
@@ -17800,13 +18000,9 @@ index 847f2f0..5f601b1 100644
/*
* 32-bit SYSENTER entry.
*
-@@ -72,26 +100,36 @@ ENTRY(entry_SYSENTER_compat)
- pushfq /* pt_regs->flags (except IF = 0) */
- orl $X86_EFLAGS_IF, (%rsp) /* Fix saved flags */
+@@ -74,23 +102,34 @@ ENTRY(entry_SYSENTER_compat)
pushq $__USER32_CS /* pt_regs->cs */
-- xorq %r8,%r8
-- pushq %r8 /* pt_regs->ip = 0 (placeholder) */
-+ pushq $0 /* pt_regs->ip = 0 (placeholder) */
+ pushq $0 /* pt_regs->ip = 0 (placeholder) */
pushq %rax /* pt_regs->orig_ax */
+ xorl %eax,%eax
pushq %rdi /* pt_regs->di */
@@ -17814,20 +18010,20 @@ index 847f2f0..5f601b1 100644
pushq %rdx /* pt_regs->dx */
pushq %rcx /* pt_regs->cx */
pushq $-ENOSYS /* pt_regs->ax */
-- pushq %r8 /* pt_regs->r8 = 0 */
-- pushq %r8 /* pt_regs->r9 = 0 */
-- pushq %r8 /* pt_regs->r10 = 0 */
-- pushq %r8 /* pt_regs->r11 = 0 */
-+ pushq %rax /* pt_regs->r8 = 0 */
-+ pushq %rax /* pt_regs->r9 = 0 */
-+ pushq %rax /* pt_regs->r10 = 0 */
-+ pushq %rax /* pt_regs->r11 = 0 */
+- pushq $0 /* pt_regs->r8 = 0 */
+- pushq $0 /* pt_regs->r9 = 0 */
+- pushq $0 /* pt_regs->r10 = 0 */
+- pushq $0 /* pt_regs->r11 = 0 */
++ pushq %rax /* pt_regs->r8 = 0 */
++ pushq %rax /* pt_regs->r9 = 0 */
++ pushq %rax /* pt_regs->r10 = 0 */
++ pushq %rax /* pt_regs->r11 = 0 */
pushq %rbx /* pt_regs->rbx */
pushq %rbp /* pt_regs->rbp (will be overwritten) */
-- pushq %r8 /* pt_regs->r12 = 0 */
-- pushq %r8 /* pt_regs->r13 = 0 */
-- pushq %r8 /* pt_regs->r14 = 0 */
-- pushq %r8 /* pt_regs->r15 = 0 */
+- pushq $0 /* pt_regs->r12 = 0 */
+- pushq $0 /* pt_regs->r13 = 0 */
+- pushq $0 /* pt_regs->r14 = 0 */
+- pushq $0 /* pt_regs->r15 = 0 */
+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
+ pushq %r12 /* pt_regs->r12 */
+#else
@@ -17847,26 +18043,25 @@ index 847f2f0..5f601b1 100644
/*
* SYSENTER doesn't filter flags, so we need to clear NT and AC
* ourselves. To save a few cycles, we can check whether
-@@ -205,17 +243,27 @@ ENTRY(entry_SYSCALL_compat)
+@@ -204,16 +243,27 @@ ENTRY(entry_SYSCALL_compat)
pushq %rdx /* pt_regs->dx */
pushq %rbp /* pt_regs->cx (stashed in bp) */
pushq $-ENOSYS /* pt_regs->ax */
-- xorq %r8,%r8
-- pushq %r8 /* pt_regs->r8 = 0 */
-- pushq %r8 /* pt_regs->r9 = 0 */
-- pushq %r8 /* pt_regs->r10 = 0 */
-- pushq %r8 /* pt_regs->r11 = 0 */
+- pushq $0 /* pt_regs->r8 = 0 */
+- pushq $0 /* pt_regs->r9 = 0 */
+- pushq $0 /* pt_regs->r10 = 0 */
+- pushq $0 /* pt_regs->r11 = 0 */
+ xorl %eax,%eax
-+ pushq %rax /* pt_regs->r8 = 0 */
-+ pushq %rax /* pt_regs->r9 = 0 */
-+ pushq %rax /* pt_regs->r10 = 0 */
-+ pushq %rax /* pt_regs->r11 = 0 */
++ pushq %rax /* pt_regs->r8 = 0 */
++ pushq %rax /* pt_regs->r9 = 0 */
++ pushq %rax /* pt_regs->r10 = 0 */
++ pushq %rax /* pt_regs->r11 = 0 */
pushq %rbx /* pt_regs->rbx */
pushq %rbp /* pt_regs->rbp (will be overwritten) */
-- pushq %r8 /* pt_regs->r12 = 0 */
-- pushq %r8 /* pt_regs->r13 = 0 */
-- pushq %r8 /* pt_regs->r14 = 0 */
-- pushq %r8 /* pt_regs->r15 = 0 */
+- pushq $0 /* pt_regs->r12 = 0 */
+- pushq $0 /* pt_regs->r13 = 0 */
+- pushq $0 /* pt_regs->r14 = 0 */
+- pushq $0 /* pt_regs->r15 = 0 */
+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
+ pushq %r12 /* pt_regs->r12 */
+#else
@@ -17884,7 +18079,7 @@ index 847f2f0..5f601b1 100644
/*
* User mode is traced as though IRQs are on, and SYSENTER
-@@ -231,11 +279,18 @@ ENTRY(entry_SYSCALL_compat)
+@@ -229,11 +279,18 @@ ENTRY(entry_SYSCALL_compat)
/* Opportunistic SYSRET */
sysret32_from_system_call:
@@ -17903,7 +18098,7 @@ index 847f2f0..5f601b1 100644
addq $RAX, %rsp /* Skip r8-r15 */
popq %rax /* pt_regs->rax */
popq %rdx /* Skip pt_regs->cx */
-@@ -264,7 +319,7 @@ sysret32_from_system_call:
+@@ -262,7 +319,7 @@ sysret32_from_system_call:
movq RSP-ORIG_RAX(%rsp), %rsp
swapgs
sysretl
@@ -17912,24 +18107,23 @@ index 847f2f0..5f601b1 100644
/*
* 32-bit legacy system call entry.
-@@ -316,11 +371,11 @@ ENTRY(entry_INT80_compat)
+@@ -314,10 +371,11 @@ ENTRY(entry_INT80_compat)
pushq %rdx /* pt_regs->dx */
pushq %rcx /* pt_regs->cx */
pushq $-ENOSYS /* pt_regs->ax */
-- xorq %r8,%r8
-- pushq %r8 /* pt_regs->r8 = 0 */
-- pushq %r8 /* pt_regs->r9 = 0 */
-- pushq %r8 /* pt_regs->r10 = 0 */
-- pushq %r8 /* pt_regs->r11 = 0 */
+- pushq $0 /* pt_regs->r8 = 0 */
+- pushq $0 /* pt_regs->r9 = 0 */
+- pushq $0 /* pt_regs->r10 = 0 */
+- pushq $0 /* pt_regs->r11 = 0 */
+ xorl %eax,%eax
-+ pushq %rax /* pt_regs->r8 = 0 */
-+ pushq %rax /* pt_regs->r9 = 0 */
-+ pushq %rax /* pt_regs->r10 = 0 */
-+ pushq %rax /* pt_regs->r11 = 0 */
++ pushq %rax /* pt_regs->r8 = 0 */
++ pushq %rax /* pt_regs->r9 = 0 */
++ pushq %rax /* pt_regs->r10 = 0 */
++ pushq %rax /* pt_regs->r11 = 0 */
pushq %rbx /* pt_regs->rbx */
pushq %rbp /* pt_regs->rbp */
pushq %r12 /* pt_regs->r12 */
-@@ -329,6 +384,12 @@ ENTRY(entry_INT80_compat)
+@@ -326,6 +384,12 @@ ENTRY(entry_INT80_compat)
pushq %r15 /* pt_regs->r15 */
cld
@@ -17942,7 +18136,7 @@ index 847f2f0..5f601b1 100644
/*
* User mode is traced as though IRQs are on, and the interrupt
* gate turned them off.
-@@ -340,10 +401,12 @@ ENTRY(entry_INT80_compat)
+@@ -337,10 +401,12 @@ ENTRY(entry_INT80_compat)
.Lsyscall_32_done:
/* Go back to user mode. */
@@ -17957,27 +18151,27 @@ index 847f2f0..5f601b1 100644
ALIGN
GLOBAL(stub32_clone)
diff --git a/arch/x86/entry/thunk_64.S b/arch/x86/entry/thunk_64.S
-index 98df1fa..b2ef8bd 100644
+index 027aec4..0e3afc9 100644
--- a/arch/x86/entry/thunk_64.S
+++ b/arch/x86/entry/thunk_64.S
-@@ -9,6 +9,7 @@
+@@ -8,6 +8,7 @@
+ #include <linux/linkage.h>
#include "calling.h"
#include <asm/asm.h>
- #include <asm/frame.h>
+#include <asm/alternative-asm.h>
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
.macro THUNK name, func, put_ret_addr_in_rdi=0
-@@ -66,6 +67,7 @@ restore:
+@@ -65,6 +66,7 @@ restore:
popq %rsi
popq %rdi
- FRAME_END
+ popq %rbp
+ pax_force_retaddr
ret
_ASM_NOKPROBE(restore)
#endif
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
-index 6874da5..acbad90 100644
+index 253b72e..e0fb97e 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -75,7 +75,7 @@ CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
@@ -18007,10 +18201,10 @@ index 6874da5..acbad90 100644
GCOV_PROFILE := n
diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c
-index 03c3eb7..23f58a5 100644
+index 2f02d23..86d61a3 100644
--- a/arch/x86/entry/vdso/vclock_gettime.c
+++ b/arch/x86/entry/vdso/vclock_gettime.c
-@@ -330,5 +330,5 @@ notrace time_t __vdso_time(time_t *t)
+@@ -315,5 +315,5 @@ notrace time_t __vdso_time(time_t *t)
*t = result;
return result;
}
@@ -18040,11 +18234,11 @@ index 63a03bb..ee6bd34 100644
GET_LE(&symtab_hdr->sh_entsize) * i;
const char *name = raw_addr + GET_LE(&strtab_hdr->sh_offset) +
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index 10f7045..ebe6eb7 100644
+index ab220ac..a7b22cd 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
-@@ -21,10 +21,7 @@
- #include <asm/hpet.h>
+@@ -20,10 +20,7 @@
+ #include <asm/page.h>
#include <asm/desc.h>
#include <asm/cpufeature.h>
-
@@ -18055,7 +18249,7 @@ index 10f7045..ebe6eb7 100644
void __init init_vdso_image(const struct vdso_image *image)
{
-@@ -90,7 +87,7 @@ static int vdso_fault(const struct vm_special_mapping *sm,
+@@ -89,7 +86,7 @@ static int vdso_fault(const struct vm_special_mapping *sm,
{
const struct vdso_image *image = vma->vm_mm->context.vdso_image;
@@ -18064,7 +18258,7 @@ index 10f7045..ebe6eb7 100644
return VM_FAULT_SIGBUS;
vmf->page = virt_to_page(image->data + (vmf->pgoff << PAGE_SHIFT));
-@@ -167,6 +164,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -156,6 +153,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
.fault = vvar_fault,
};
@@ -18076,8 +18270,8 @@ index 10f7045..ebe6eb7 100644
if (calculate_addr) {
addr = vdso_addr(current->mm->start_stack,
image->size - image->sym_vvar_start);
-@@ -177,15 +179,15 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
- down_write(&mm->mmap_sem);
+@@ -167,15 +169,15 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+ return -EINTR;
addr = get_unmapped_area(NULL, addr,
- image->size - image->sym_vvar_start, 0, 0);
@@ -18095,7 +18289,7 @@ index 10f7045..ebe6eb7 100644
/*
* MAYWRITE to allow gdb to COW and set breakpoints
-@@ -209,14 +211,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -199,14 +201,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
VM_PFNMAP,
&vvar_mapping);
@@ -18112,7 +18306,7 @@ index 10f7045..ebe6eb7 100644
up_write(&mm->mmap_sem);
return ret;
-@@ -235,9 +235,6 @@ static int load_vdso32(void)
+@@ -225,9 +225,6 @@ static int load_vdso32(void)
#ifdef CONFIG_X86_64
int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
{
@@ -18122,7 +18316,7 @@ index 10f7045..ebe6eb7 100644
return map_vdso(&vdso_image_64, true);
}
-@@ -246,12 +243,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -236,12 +233,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
int uses_interp)
{
#ifdef CONFIG_X86_X32_ABI
@@ -18136,7 +18330,7 @@ index 10f7045..ebe6eb7 100644
#endif
#ifdef CONFIG_IA32_EMULATION
return load_vdso32();
-@@ -268,15 +261,6 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -258,15 +251,6 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
#endif
#ifdef CONFIG_X86_64
@@ -18260,10 +18454,10 @@ index 6011a57..311bea0 100644
while (amd_iommu_v2_event_descs[i].attr.attr.name)
diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
-index 7eb806c..13eb73d 100644
+index 91eac39..a8bc9c0 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
-@@ -1535,7 +1535,7 @@ static void __init pmu_check_apic(void)
+@@ -1541,7 +1541,7 @@ static void __init pmu_check_apic(void)
}
@@ -18272,7 +18466,7 @@ index 7eb806c..13eb73d 100644
.name = "format",
.attrs = NULL,
};
-@@ -1643,7 +1643,7 @@ static struct attribute *events_attr[] = {
+@@ -1649,7 +1649,7 @@ static struct attribute *events_attr[] = {
NULL,
};
@@ -18281,7 +18475,7 @@ index 7eb806c..13eb73d 100644
.name = "events",
.attrs = events_attr,
};
-@@ -2251,7 +2251,7 @@ static unsigned long get_segment_base(unsigned int segment)
+@@ -2257,7 +2257,7 @@ static unsigned long get_segment_base(unsigned int segment)
if (idx > GDT_ENTRIES)
return 0;
@@ -18290,7 +18484,7 @@ index 7eb806c..13eb73d 100644
}
return get_desc_base(desc);
-@@ -2357,7 +2357,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -2363,7 +2363,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs
break;
perf_callchain_store(entry, frame.return_address);
@@ -18300,19 +18494,19 @@ index 7eb806c..13eb73d 100644
pagefault_enable();
}
diff --git a/arch/x86/events/intel/bts.c b/arch/x86/events/intel/bts.c
-index b99dc92..407392a 100644
+index 0a6e393..aa36c3d 100644
--- a/arch/x86/events/intel/bts.c
+++ b/arch/x86/events/intel/bts.c
-@@ -250,7 +250,7 @@ static void bts_event_start(struct perf_event *event, int flags)
+@@ -252,7 +252,7 @@ static void bts_event_start(struct perf_event *event, int flags)
__bts_event_start(event);
/* PMI handler: this counter is running and likely generating PMIs */
- ACCESS_ONCE(bts->started) = 1;
+ ACCESS_ONCE_RW(bts->started) = 1;
- }
- static void __bts_event_stop(struct perf_event *event)
-@@ -264,7 +264,7 @@ static void __bts_event_stop(struct perf_event *event)
+ return;
+
+@@ -274,7 +274,7 @@ static void __bts_event_stop(struct perf_event *event)
if (event->hw.state & PERF_HES_STOPPED)
return;
@@ -18321,8 +18515,8 @@ index b99dc92..407392a 100644
}
static void bts_event_stop(struct perf_event *event, int flags)
-@@ -272,7 +272,7 @@ static void bts_event_stop(struct perf_event *event, int flags)
- struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
+@@ -284,7 +284,7 @@ static void bts_event_stop(struct perf_event *event, int flags)
+ struct bts_buffer *buf = perf_get_aux(&bts->handle);
/* PMI handler: don't restart this counter */
- ACCESS_ONCE(bts->started) = 0;
@@ -18331,10 +18525,10 @@ index b99dc92..407392a 100644
__bts_event_stop(event);
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
-index 5210eaa..b6846dc 100644
+index 9b4f9d3..ce64392 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
-@@ -2185,6 +2185,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
+@@ -2348,6 +2348,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
}
static void
@@ -18343,7 +18537,7 @@ index 5210eaa..b6846dc 100644
intel_start_scheduling(struct cpu_hw_events *cpuc)
{
struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
-@@ -2194,14 +2196,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
+@@ -2357,14 +2359,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
/*
* nothing needed if in group validation mode
*/
@@ -18364,7 +18558,7 @@ index 5210eaa..b6846dc 100644
xl = &excl_cntrs->states[tid];
-@@ -2241,6 +2247,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
+@@ -2404,6 +2410,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
}
static void
@@ -18373,7 +18567,7 @@ index 5210eaa..b6846dc 100644
intel_stop_scheduling(struct cpu_hw_events *cpuc)
{
struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
-@@ -2250,13 +2258,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
+@@ -2413,13 +2421,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
/*
* nothing needed if in group validation mode
*/
@@ -18394,7 +18588,7 @@ index 5210eaa..b6846dc 100644
xl = &excl_cntrs->states[tid];
-@@ -2439,19 +2452,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
+@@ -2602,19 +2615,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
* unused now.
*/
if (hwc->idx >= 0) {
@@ -18419,7 +18613,7 @@ index 5210eaa..b6846dc 100644
raw_spin_unlock(&excl_cntrs->lock);
}
}
-@@ -3360,10 +3376,10 @@ __init int intel_pmu_init(void)
+@@ -3523,10 +3539,10 @@ __init int intel_pmu_init(void)
x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
if (boot_cpu_has(X86_FEATURE_PDCM)) {
@@ -18476,11 +18670,11 @@ index 7b5fd81..3ca58b5 100644
ret = perf_pmu_register(&intel_cqm_pmu, "intel_cqm", -1);
if (ret) {
diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
-index 7946c42..75c730b 100644
+index 9ba4e41..f931fb9 100644
--- a/arch/x86/events/intel/cstate.c
+++ b/arch/x86/events/intel/cstate.c
-@@ -92,14 +92,14 @@
- #include "../perf_event.h"
+@@ -94,14 +94,14 @@
+ MODULE_LICENSE("GPL");
#define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
-static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
@@ -18498,7 +18692,7 @@ index 7946c42..75c730b 100644
static ssize_t cstate_get_attr_cpumask(struct device *dev,
diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
-index 8584b90..82c274a 100644
+index 7ce9f3f..dc9146c 100644
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -601,7 +601,7 @@ unlock:
@@ -18510,7 +18704,7 @@ index 8584b90..82c274a 100644
x86_pmu.drain_pebs(&regs);
}
-@@ -903,7 +903,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
+@@ -909,7 +909,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
unsigned long from = cpuc->lbr_entries[0].from;
unsigned long old_to, to = cpuc->lbr_entries[0].to;
@@ -18519,7 +18713,7 @@ index 8584b90..82c274a 100644
int is_64bit = 0;
void *kaddr;
int size;
-@@ -955,6 +955,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
+@@ -961,6 +961,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
} else {
kaddr = (void *)to;
}
@@ -18527,7 +18721,7 @@ index 8584b90..82c274a 100644
do {
struct insn insn;
-@@ -1103,7 +1104,7 @@ static void setup_pebs_sample_data(struct perf_event *event,
+@@ -1109,7 +1110,7 @@ static void setup_pebs_sample_data(struct perf_event *event,
}
if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
@@ -18537,10 +18731,10 @@ index 8584b90..82c274a 100644
} else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs))
regs->flags |= PERF_EFLAGS_EXACT;
diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c
-index 1ca5d1e..3835cc0 100644
+index 9e2b40c..a9013c2 100644
--- a/arch/x86/events/intel/lbr.c
+++ b/arch/x86/events/intel/lbr.c
-@@ -706,7 +706,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
+@@ -717,7 +717,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
* Ensure we don't blindy read any address by validating it is
* a known text address.
*/
@@ -18549,7 +18743,7 @@ index 1ca5d1e..3835cc0 100644
addr = (void *)from;
/*
* Assume we can get the maximum possible size
-@@ -728,7 +728,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
+@@ -739,7 +739,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
#ifdef CONFIG_X86_64
is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32);
#endif
@@ -18559,28 +18753,24 @@ index 1ca5d1e..3835cc0 100644
if (!insn.opcode.got)
return X86_BR_ABORT;
diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
-index 7377814..a128ad7 100644
+index 04bb5fb..69cbd32 100644
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
-@@ -133,14 +133,12 @@ static const struct attribute_group *pt_attr_groups[] = {
+@@ -172,11 +172,9 @@ static const struct attribute_group *pt_attr_groups[] = {
static int __init pt_pmu_hw_init(void)
{
- struct dev_ext_attribute *de_attrs;
- struct attribute **attrs;
- size_t size;
-- u64 reg;
-- int ret;
+ static struct dev_ext_attribute de_attrs[ARRAY_SIZE(pt_caps)];
+ static struct attribute *attrs[ARRAY_SIZE(pt_caps)];
+ u64 reg;
+- int ret;
long i;
- if (boot_cpu_has(X86_FEATURE_VMX)) {
-+ u64 reg;
- /*
- * Intel SDM, 36.5 "Tracing post-VMXON" says that
- * "IA32_VMX_MISC[bit 14]" being 1 means PT can trace
-@@ -151,8 +149,6 @@ static int __init pt_pmu_hw_init(void)
+ rdmsrl(MSR_PLATFORM_INFO, reg);
+@@ -207,8 +205,6 @@ static int __init pt_pmu_hw_init(void)
pt_pmu.vmx = true;
}
@@ -18589,7 +18779,7 @@ index 7377814..a128ad7 100644
for (i = 0; i < PT_CPUID_LEAVES; i++) {
cpuid_count(20, i,
&pt_pmu.caps[CR_EAX + i*PT_CPUID_REGS_NUM],
-@@ -161,39 +157,25 @@ static int __init pt_pmu_hw_init(void)
+@@ -217,39 +213,25 @@ static int __init pt_pmu_hw_init(void)
&pt_pmu.caps[CR_EDX + i*PT_CPUID_REGS_NUM]);
}
@@ -18637,29 +18827,11 @@ index 7377814..a128ad7 100644
}
#define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC | \
-@@ -1051,7 +1033,7 @@ static void pt_event_start(struct perf_event *event, int mode)
- return;
- }
-
-- ACCESS_ONCE(pt->handle_nmi) = 1;
-+ ACCESS_ONCE_RW(pt->handle_nmi) = 1;
- event->hw.state = 0;
-
- pt_config_buffer(buf->cur->table, buf->cur_idx,
-@@ -1067,7 +1049,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
- * Protect against the PMI racing with disabling wrmsr,
- * see comment in intel_pt_interrupt().
- */
-- ACCESS_ONCE(pt->handle_nmi) = 0;
-+ ACCESS_ONCE_RW(pt->handle_nmi) = 0;
-
- pt_config_stop(event);
-
diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
-index 78ee9eb..1aae264 100644
+index e30eef4..2c79b8e 100644
--- a/arch/x86/events/intel/rapl.c
+++ b/arch/x86/events/intel/rapl.c
-@@ -100,14 +100,14 @@ static const char *const rapl_domain_names[NR_RAPL_DOMAINS] __initconst = {
+@@ -116,14 +116,14 @@ static const char *const rapl_domain_names[NR_RAPL_DOMAINS] __initconst = {
#define RAPL_EVENT_MASK 0xFFULL
#define DEFINE_RAPL_FORMAT_ATTR(_var, _name, _format) \
@@ -18677,7 +18849,7 @@ index 78ee9eb..1aae264 100644
__ATTR(_name, 0444, __rapl_##_var##_show, NULL)
#define RAPL_CNTR_WIDTH 32
-@@ -488,7 +488,7 @@ static struct attribute *rapl_events_knl_attr[] = {
+@@ -532,7 +532,7 @@ static struct attribute *rapl_events_knl_attr[] = {
NULL,
};
@@ -18687,10 +18859,10 @@ index 78ee9eb..1aae264 100644
.attrs = NULL, /* patched at runtime */
};
diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
-index f921a1e..8f8920f 100644
+index fce7406..4187d6a 100644
--- a/arch/x86/events/intel/uncore.c
+++ b/arch/x86/events/intel/uncore.c
-@@ -84,8 +84,8 @@ end:
+@@ -87,8 +87,8 @@ end:
return map;
}
@@ -18701,7 +18873,7 @@ index f921a1e..8f8920f 100644
{
struct uncore_event_desc *event =
container_of(attr, struct uncore_event_desc, attr);
-@@ -813,7 +813,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
+@@ -816,7 +816,7 @@ static void uncore_types_exit(struct intel_uncore_type **types)
static int __init uncore_type_init(struct intel_uncore_type *type, bool setid)
{
struct intel_uncore_pmu *pmus;
@@ -18756,10 +18928,10 @@ index 79766b9..8e2b3d0 100644
static inline unsigned uncore_pci_box_ctl(struct intel_uncore_box *box)
diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
-index ad4dc7f..1eff595 100644
+index 8bd764d..76a1790 100644
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
-@@ -792,7 +792,7 @@ static inline void set_linear_ip(struct pt_regs *regs, unsigned long ip)
+@@ -793,7 +793,7 @@ static inline void set_linear_ip(struct pt_regs *regs, unsigned long ip)
regs->cs = kernel_ip(ip) ? __KERNEL_CS : __USER_CS;
if (regs->flags & X86_VM_MASK)
regs->flags ^= (PERF_EFLAGS_VM | X86_VM_MASK);
@@ -18769,7 +18941,7 @@ index ad4dc7f..1eff595 100644
ssize_t x86_event_sysfs_show(char *page, u64 config, u64 event);
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index ae6aad1..719d6d9 100644
+index cb26f18..4f43f23 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -153,6 +153,8 @@ static int aout_core_dump(struct coredump_params *cprm)
@@ -18782,7 +18954,7 @@ index ae6aad1..719d6d9 100644
set_fs(KERNEL_DS);
has_dumped = 1;
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
-index 0552884..4e736e4 100644
+index 2f29f4e..ac453b4 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -123,7 +123,7 @@ asmlinkage long sys32_sigreturn(void)
@@ -19021,10 +19193,10 @@ index e7636ba..e1fb78a 100644
\newinstr1
144:
diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
-index 99afb66..c098094 100644
+index e77a644..cf157f4 100644
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
-@@ -136,7 +136,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
+@@ -137,7 +137,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
".pushsection .altinstructions,\"a\"\n" \
ALTINSTR_ENTRY(feature, 1) \
".popsection\n" \
@@ -19033,7 +19205,7 @@ index 99afb66..c098094 100644
ALTINSTR_REPLACEMENT(newinstr, feature, 1) \
".popsection"
-@@ -146,7 +146,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
+@@ -147,7 +147,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
ALTINSTR_ENTRY(feature1, 1) \
ALTINSTR_ENTRY(feature2, 2) \
".popsection\n" \
@@ -19043,7 +19215,7 @@ index 99afb66..c098094 100644
ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \
".popsection"
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
-index 98f25bb..230bd9e 100644
+index bc27611..6fccbde 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -49,7 +49,7 @@ static inline void generic_apic_probe(void)
@@ -20015,7 +20187,7 @@ index 7766d1c..f545428 100644
int bitpos = -1;
/*
diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h
-index 6b8d6e8..3cbf4f8 100644
+index abd06b1..17fc65f 100644
--- a/arch/x86/include/asm/boot.h
+++ b/arch/x86/include/asm/boot.h
@@ -6,7 +6,7 @@
@@ -20150,7 +20322,7 @@ index 9733361..2053014 100644
({ \
__typeof__ (*(ptr)) __ret = (inc); \
diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h
-index ebb102e..4240767 100644
+index 5a3b2c1..80226b4 100644
--- a/arch/x86/include/asm/compat.h
+++ b/arch/x86/include/asm/compat.h
@@ -41,7 +41,11 @@ typedef s64 __attribute__((aligned(4))) compat_s64;
@@ -20166,10 +20338,10 @@ index ebb102e..4240767 100644
struct compat_timespec {
compat_time_t tv_sec;
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index aeab479..5467e0b 100644
+index 483fb54..3b9022c 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -164,7 +164,7 @@ static __always_inline __pure bool _static_cpu_has(u16 bit)
+@@ -140,7 +140,7 @@ static __always_inline __pure bool _static_cpu_has(u16 bit)
" .byte 5f - 4f\n" /* repl len */
" .byte 3b - 2b\n" /* pad len */
".previous\n"
@@ -20179,10 +20351,10 @@ index aeab479..5467e0b 100644
"5:\n"
".previous\n"
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
-index 8f9afef..378b605 100644
+index c64b1e9..1bdb386 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -204,7 +204,8 @@
+@@ -205,7 +205,8 @@
#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
#define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */
@@ -20192,7 +20364,7 @@ index 8f9afef..378b605 100644
/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
-@@ -212,7 +213,7 @@
+@@ -213,7 +214,7 @@
#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
@@ -20687,10 +20859,10 @@ index fe884e1..46149ae 100644
{
spin_unlock_irqrestore(&dma_spin_lock, flags);
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
-index 53748c4..283147d 100644
+index 78d1e74..7a769dc 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
-@@ -168,6 +168,11 @@ static inline bool efi_is_native(void)
+@@ -153,6 +153,11 @@ static inline bool efi_is_native(void)
static inline bool efi_runtime_supported(void)
{
@@ -20703,7 +20875,7 @@ index 53748c4..283147d 100644
return true;
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
-index 15340e3..f338653 100644
+index fea7724..1986ecdf 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;
@@ -21250,25 +21422,18 @@ index b77f5ed..a2f791e 100644
#define INTERRUPT_RETURN iret
#define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
diff --git a/arch/x86/include/asm/kprobes.h b/arch/x86/include/asm/kprobes.h
-index 4421b5d..8543006 100644
+index d1d1e50..5bacb6d 100644
--- a/arch/x86/include/asm/kprobes.h
+++ b/arch/x86/include/asm/kprobes.h
-@@ -37,13 +37,8 @@ typedef u8 kprobe_opcode_t;
+@@ -37,7 +37,7 @@ typedef u8 kprobe_opcode_t;
#define RELATIVEJUMP_SIZE 5
#define RELATIVECALL_OPCODE 0xe8
#define RELATIVE_ADDR_SIZE 4
-#define MAX_STACK_SIZE 64
--#define MIN_STACK_SIZE(ADDR) \
-- (((MAX_STACK_SIZE) < (((unsigned long)current_thread_info()) + \
-- THREAD_SIZE - (unsigned long)(ADDR))) \
-- ? (MAX_STACK_SIZE) \
-- : (((unsigned long)current_thread_info()) + \
-- THREAD_SIZE - (unsigned long)(ADDR)))
+#define MAX_STACK_SIZE 64UL
-+#define MIN_STACK_SIZE(ADDR) min(MAX_STACK_SIZE, current->thread.sp0 - (unsigned long)(ADDR))
-
- #define flush_insn_slot(p) do { } while (0)
-
+ #define CUR_STACK_SIZE(ADDR) \
+ (current_top_of_stack() - (unsigned long)(ADDR))
+ #define MIN_STACK_SIZE(ADDR) \
diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
index e9cd7be..0f3574f 100644
--- a/arch/x86/include/asm/kvm_emulate.h
@@ -21476,6 +21641,19 @@ index 4ad6560..75c7bdd 100644
/* Always has a lock prefix */
#define local_xchg(l, n) (xchg(&((l)->a.counter), (n)))
+diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
+index 8bf766e..d800b61 100644
+--- a/arch/x86/include/asm/mce.h
++++ b/arch/x86/include/asm/mce.h
+@@ -184,7 +184,7 @@ struct mca_msr_regs {
+ u32 (*status) (int bank);
+ u32 (*addr) (int bank);
+ u32 (*misc) (int bank);
+-};
++} __no_const;
+
+ extern struct mce_vendor_flags mce_flags;
+
diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h
new file mode 100644
index 0000000..2bfd3ba
@@ -21523,7 +21701,7 @@ index 1ea0bae..25de747 100644
atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
-index 8428002..89716a8 100644
+index 39634819..c944992 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -46,7 +46,7 @@ struct ldt_struct {
@@ -21580,157 +21758,6 @@ index 8428002..89716a8 100644
#ifdef CONFIG_SMP
if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
-@@ -115,13 +146,64 @@ static inline void destroy_context(struct mm_struct *mm)
- destroy_context_ldt(mm);
- }
-
-+static inline void pax_switch_mm(struct mm_struct *next, unsigned int cpu)
-+{
-+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ pax_open_kernel();
-+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF))
-+ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
-+ else
-+#endif
-+
-+ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd);
-+
-+ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd);
-+
-+ pax_close_kernel();
-+
-+ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
-+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
-+ if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+ u64 descriptor[2];
-+ descriptor[0] = PCID_USER;
-+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
-+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
-+ descriptor[0] = PCID_KERNEL;
-+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
-+ }
-+ } else {
-+ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
-+ if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
-+ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
-+ else
-+ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
-+ }
-+ } else
-+#endif
-+
-+ load_cr3(get_cpu_pgd(cpu, kernel));
-+#endif
-+
-+}
-+
- static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- struct task_struct *tsk)
- {
- unsigned cpu = smp_processor_id();
-+#if defined(CONFIG_X86_32) && defined(CONFIG_SMP) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
-+ int tlbstate = TLBSTATE_OK;
-+#endif
-
- if (likely(prev != next)) {
- #ifdef CONFIG_SMP
-+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
-+ tlbstate = this_cpu_read(cpu_tlbstate.state);
-+#endif
- this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
- this_cpu_write(cpu_tlbstate.active_mm, next);
- #endif
-@@ -140,7 +222,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- * We need to prevent an outcome in which CPU 1 observes
- * the new PTE value and CPU 0 observes bit 1 clear in
- * mm_cpumask. (If that occurs, then the IPI will never
-- * be sent, and CPU 0's TLB will contain a stale entry.)
-+ * be sent, and CPU 1's TLB will contain a stale entry.)
- *
- * The bad outcome can occur if either CPU's load is
- * reordered before that CPU's store, so both CPUs must
-@@ -155,7 +237,11 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- * ordering guarantee we need.
- *
- */
-+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ pax_switch_mm(next, cpu);
-+#else
- load_cr3(next->pgd);
-+#endif
-
- trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
-
-@@ -181,9 +267,31 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- if (unlikely(prev->context.ldt != next->context.ldt))
- load_mm_ldt(next);
- #endif
-+
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
-+ if (!(__supported_pte_mask & _PAGE_NX)) {
-+ smp_mb__before_atomic();
-+ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
-+ smp_mb__after_atomic();
-+ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
-+ }
-+#endif
-+
-+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
-+ if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
-+ prev->context.user_cs_limit != next->context.user_cs_limit))
-+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
-+#ifdef CONFIG_SMP
-+ else if (unlikely(tlbstate != TLBSTATE_OK))
-+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
-+#endif
-+#endif
-+
- }
-+ else {
-+ pax_switch_mm(next, cpu);
-+
- #ifdef CONFIG_SMP
-- else {
- this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
- BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
-
-@@ -204,13 +312,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- * As above, load_cr3() is serializing and orders TLB
- * fills with respect to the mm_cpumask write.
- */
-+
-+#ifndef CONFIG_PAX_PER_CPU_PGD
- load_cr3(next->pgd);
- trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
-+#endif
-+
- load_mm_cr4(next);
- load_mm_ldt(next);
-+
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
-+ if (!(__supported_pte_mask & _PAGE_NX))
-+ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
-+#endif
-+
-+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
-+#ifdef CONFIG_PAX_PAGEEXEC
-+ if (!((next->pax_flags & MF_PAX_PAGEEXEC) && (__supported_pte_mask & _PAGE_NX)))
-+#endif
-+ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
-+#endif
-+
- }
-+#endif
- }
--#endif
- }
-
- #define activate_mm(prev, next) \
diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h
index e3b7819..ba128ec 100644
--- a/arch/x86/include/asm/module.h
@@ -21818,18 +21845,19 @@ index 5f2fc44..106caa6 100644
void unregister_nmi_handler(unsigned int, const char *);
diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
-index 802dde3..9183e68 100644
+index cf8f619..bbcf5e6 100644
--- a/arch/x86/include/asm/page.h
+++ b/arch/x86/include/asm/page.h
-@@ -52,6 +52,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
- __phys_addr_symbol(__phys_reloc_hide((unsigned long)(x)))
-
+@@ -58,6 +58,8 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
#define __va(x) ((void *)((unsigned long)(x)+PAGE_OFFSET))
-+#define __early_va(x) ((void *)((unsigned long)(x)+__START_KERNEL_map - phys_base))
+ #endif
++#define __early_va(x) ((void *)((unsigned long)(x)+__START_KERNEL_map - phys_base))
++
#define __boot_va(x) __va(x)
#define __boot_pa(x) __pa(x)
-@@ -60,11 +61,21 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
+
+@@ -65,11 +67,21 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
* virt_to_page(kaddr) returns a valid pointer if and only if
* virt_addr_valid(kaddr) returns true.
*/
@@ -21913,10 +21941,10 @@ index b3bebf9..cb419e7 100644
#define __phys_reloc_hide(x) (x)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
-index 601f1b8..1d2f5a1 100644
+index 2970d22..fce32bd 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
-@@ -511,7 +511,7 @@ static inline pmd_t __pmd(pmdval_t val)
+@@ -509,7 +509,7 @@ static inline pmd_t __pmd(pmdval_t val)
return (pmd_t) { ret };
}
@@ -21925,7 +21953,7 @@ index 601f1b8..1d2f5a1 100644
{
pmdval_t ret;
-@@ -577,6 +577,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
+@@ -575,6 +575,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
val);
}
@@ -21944,7 +21972,7 @@ index 601f1b8..1d2f5a1 100644
static inline void pgd_clear(pgd_t *pgdp)
{
set_pgd(pgdp, __pgd(0));
-@@ -661,6 +673,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
+@@ -659,6 +671,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
@@ -21966,7 +21994,7 @@ index 601f1b8..1d2f5a1 100644
#if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
#ifdef CONFIG_QUEUED_SPINLOCKS
-@@ -888,7 +915,7 @@ extern void default_banner(void);
+@@ -886,7 +913,7 @@ extern void default_banner(void);
#define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
#define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
@@ -21975,7 +22003,7 @@ index 601f1b8..1d2f5a1 100644
#endif
#define INTERRUPT_RETURN \
-@@ -946,6 +973,21 @@ extern void default_banner(void);
+@@ -944,6 +971,21 @@ extern void default_banner(void);
PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \
CLBR_NONE, \
jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64))
@@ -21998,10 +22026,10 @@ index 601f1b8..1d2f5a1 100644
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
-index e8c2326..4458a61 100644
+index 7fa9e77..aa09e68 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
-@@ -89,7 +89,7 @@ struct pv_init_ops {
+@@ -83,7 +83,7 @@ struct pv_init_ops {
*/
unsigned (*patch)(u8 type, u16 clobber, void *insnbuf,
unsigned long addr, unsigned len);
@@ -22010,7 +22038,7 @@ index e8c2326..4458a61 100644
struct pv_lazy_ops {
-@@ -97,12 +97,12 @@ struct pv_lazy_ops {
+@@ -91,12 +91,12 @@ struct pv_lazy_ops {
void (*enter)(void);
void (*leave)(void);
void (*flush)(void);
@@ -22093,7 +22121,7 @@ index e8c2326..4458a61 100644
extern struct pv_info pv_info;
extern struct pv_init_ops pv_init_ops;
diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h
-index bf7f8b5..ca5799d 100644
+index 574c23c..55fb8b05 100644
--- a/arch/x86/include/asm/pgalloc.h
+++ b/arch/x86/include/asm/pgalloc.h
@@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm,
@@ -22145,7 +22173,7 @@ index bf7f8b5..ca5799d 100644
+
static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
{
- return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT);
+ return (pud_t *)get_zeroed_page(GFP_KERNEL);
diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
index fd74a11..35fd5af 100644
--- a/arch/x86/include/asm/pgtable-2level.h
@@ -22195,7 +22223,7 @@ index cdaa58c..ae30f0d 100644
static inline void pud_clear(pud_t *pudp)
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 97f3242..2603a59 100644
+index 1a27396..a9c27d3 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -54,6 +54,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -22272,7 +22300,7 @@ index 97f3242..2603a59 100644
#define pte_page(pte) pfn_to_page(pte_pfn(pte))
static inline int pmd_large(pmd_t pte)
-@@ -223,9 +270,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+@@ -224,9 +271,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
return pte_clear_flags(pte, _PAGE_RW);
}
@@ -22303,7 +22331,7 @@ index 97f3242..2603a59 100644
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -430,7 +497,7 @@ static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
+@@ -431,7 +498,7 @@ static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
#define canon_pgprot(p) __pgprot(massage_pgprot(p))
@@ -22312,7 +22340,7 @@ index 97f3242..2603a59 100644
enum page_cache_mode pcm,
enum page_cache_mode new_pcm)
{
-@@ -473,6 +540,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -474,6 +541,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
@@ -22329,7 +22357,7 @@ index 97f3242..2603a59 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -673,7 +750,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -674,7 +751,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -22338,7 +22366,7 @@ index 97f3242..2603a59 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -688,7 +765,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -689,7 +766,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -22347,7 +22375,7 @@ index 97f3242..2603a59 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -711,7 +788,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -712,7 +789,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -22361,7 +22389,7 @@ index 97f3242..2603a59 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -722,6 +804,25 @@ static inline int pgd_none(pgd_t pgd)
+@@ -723,6 +805,25 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -22387,7 +22415,7 @@ index 97f3242..2603a59 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -876,11 +977,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -877,11 +978,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -22698,7 +22726,7 @@ index d397deb..e977c3b 100644
/*
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 9264476..a56f17d 100644
+index 62c6cc3..93d0f25 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -135,7 +135,7 @@ struct cpuinfo_x86 {
@@ -22754,9 +22782,9 @@ index 9264476..a56f17d 100644
#endif
#ifdef CONFIG_X86_32
unsigned long ip;
-@@ -392,6 +403,9 @@ struct thread_struct {
+@@ -399,6 +410,9 @@ struct thread_struct {
+ unsigned long gs;
#endif
- unsigned long gs;
+ /* Floating point and extended processor state */
+ struct fpu fpu;
@@ -22764,7 +22792,7 @@ index 9264476..a56f17d 100644
/* Save middle states of ptrace breakpoints */
struct perf_event *ptrace_bps[HBP_NUM];
/* Debug status used for traps, single steps, etc... */
-@@ -411,13 +425,6 @@ struct thread_struct {
+@@ -418,13 +432,6 @@ struct thread_struct {
unsigned long iopl;
/* Max allowed port in the bitmap, in bytes: */
unsigned io_bitmap_max;
@@ -22778,20 +22806,20 @@ index 9264476..a56f17d 100644
};
/*
-@@ -459,10 +466,10 @@ static inline void native_swapgs(void)
- #endif
- }
+@@ -468,12 +475,8 @@ static inline void native_swapgs(void)
--static inline unsigned long current_top_of_stack(void)
-+static inline unsigned long current_top_of_stack(unsigned int cpu)
+ static inline unsigned long current_top_of_stack(void)
{
- #ifdef CONFIG_X86_64
+-#ifdef CONFIG_X86_64
- return this_cpu_read_stable(cpu_tss.x86_tss.sp0);
-+ return cpu_tss[cpu].x86_tss.sp0;
- #else
+-#else
/* sp0 on x86_32 is special in and around vm86 mode. */
return this_cpu_read_stable(cpu_current_top_of_stack);
-@@ -698,19 +705,29 @@ static inline void spin_lock_prefetch(const void *x)
+-#endif
+ }
+
+ #ifdef CONFIG_PARAVIRT
+@@ -703,19 +706,29 @@ static inline void spin_lock_prefetch(const void *x)
#define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
TOP_OF_KERNEL_STACK_PADDING)
@@ -22822,7 +22850,7 @@ index 9264476..a56f17d 100644
}
extern unsigned long thread_saved_pc(struct task_struct *tsk);
-@@ -725,12 +742,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -730,12 +743,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
* "struct pt_regs" is possible, but they may contain the
* completely wrong values.
*/
@@ -22836,7 +22864,7 @@ index 9264476..a56f17d 100644
#define KSTK_ESP(task) (task_pt_regs(task)->sp)
-@@ -744,13 +756,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -749,13 +757,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
* particular problem by preventing anything from being mapped
* at the maximum canonical address.
*/
@@ -22852,7 +22880,7 @@ index 9264476..a56f17d 100644
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -761,7 +773,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -766,7 +774,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
@@ -22862,7 +22890,7 @@ index 9264476..a56f17d 100644
}
/*
-@@ -784,6 +797,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -789,6 +798,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
@@ -22873,7 +22901,7 @@ index 9264476..a56f17d 100644
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
/* Get/set a process' ability to use the timestamp counter instruction */
-@@ -829,7 +846,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
+@@ -834,7 +847,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
return 0;
}
@@ -22882,7 +22910,7 @@ index 9264476..a56f17d 100644
extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
void default_idle(void);
-@@ -839,6 +856,6 @@ bool xen_set_default_idle(void);
+@@ -844,6 +857,6 @@ bool xen_set_default_idle(void);
#define xen_set_default_idle 0
#endif
@@ -23097,7 +23125,7 @@ index 8f7866a..e442f20 100644
#endif /* CC_HAVE_ASM_GOTO */
diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h
-index ceec86eb..872e33a 100644
+index 453744c..e6ad97e 100644
--- a/arch/x86/include/asm/rwsem.h
+++ b/arch/x86/include/asm/rwsem.h
@@ -64,6 +64,14 @@ static inline void __down_read(struct rw_semaphore *sem)
@@ -23130,22 +23158,31 @@ index ceec86eb..872e33a 100644
" jle 2f\n\t"
LOCK_PREFIX " cmpxchg %2,%0\n\t"
" jnz 1b\n\t"
-@@ -104,6 +120,14 @@ static inline void __down_write_nested(struct rw_semaphore *sem, int subclass)
- long tmp;
- asm volatile("# beginning down_write\n\t"
- LOCK_PREFIX " xadd %1,(%2)\n\t"
-+
+@@ -99,12 +115,23 @@ static inline int __down_read_trylock(struct rw_semaphore *sem)
+ /*
+ * lock for writing
+ */
+#ifdef CONFIG_PAX_REFCOUNT
-+ "jno 0f\n"
-+ "mov %1,(%2)\n"
-+ "int $4\n0:\n"
++#define ____down_write_undo \
++ "jno 0f\n"\
++ "mov %1,(%2)\n"\
++ "int $4\n0:\n"\
+ _ASM_EXTABLE(0b, 0b)
++#else
++#define ____down_write_undo
+#endif
+
- /* adds 0xffff0001, returns the old value */
- " test " __ASM_SEL(%w1,%k1) "," __ASM_SEL(%w1,%k1) "\n\t"
- /* was the active mask 0 before? */
-@@ -155,6 +179,14 @@ static inline void __up_read(struct rw_semaphore *sem)
+ #define ____down_write(sem, slow_path) \
+ ({ \
+ long tmp; \
+ struct rw_semaphore* ret; \
+ asm volatile("# beginning down_write\n\t" \
+ LOCK_PREFIX " xadd %1,(%3)\n\t" \
++ ____down_write_undo \
+ /* adds 0xffff0001, returns the old value */ \
+ " test " __ASM_SEL(%w1,%k1) "," __ASM_SEL(%w1,%k1) "\n\t" \
+ /* was the active mask 0 before? */\
+@@ -165,6 +192,14 @@ static inline void __up_read(struct rw_semaphore *sem)
long tmp;
asm volatile("# beginning __up_read\n\t"
LOCK_PREFIX " xadd %1,(%2)\n\t"
@@ -23160,7 +23197,7 @@ index ceec86eb..872e33a 100644
/* subtracts 1, returns the old value */
" jns 1f\n\t"
" call call_rwsem_wake\n" /* expects old value in %edx */
-@@ -173,6 +205,14 @@ static inline void __up_write(struct rw_semaphore *sem)
+@@ -183,6 +218,14 @@ static inline void __up_write(struct rw_semaphore *sem)
long tmp;
asm volatile("# beginning __up_write\n\t"
LOCK_PREFIX " xadd %1,(%2)\n\t"
@@ -23175,7 +23212,7 @@ index ceec86eb..872e33a 100644
/* subtracts 0xffff0001, returns the old value */
" jns 1f\n\t"
" call call_rwsem_wake\n" /* expects old value in %edx */
-@@ -190,6 +230,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
+@@ -200,6 +243,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
{
asm volatile("# beginning __downgrade_write\n\t"
LOCK_PREFIX _ASM_ADD "%2,(%1)\n\t"
@@ -23190,7 +23227,7 @@ index ceec86eb..872e33a 100644
/*
* transitions 0xZZZZ0001 -> 0xYYYY0001 (i386)
* 0xZZZZZZZZ00000001 -> 0xYYYYYYYY00000001 (x86_64)
-@@ -208,7 +256,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
+@@ -218,7 +269,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
*/
static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
{
@@ -23207,7 +23244,7 @@ index ceec86eb..872e33a 100644
: "+m" (sem->count)
: "er" (delta));
}
-@@ -218,7 +274,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
+@@ -228,7 +287,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
*/
static inline long rwsem_atomic_update(long delta, struct rw_semaphore *sem)
{
@@ -23217,10 +23254,10 @@ index ceec86eb..872e33a 100644
#endif /* __KERNEL__ */
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
-index 7d5a192..23ef1aa 100644
+index 1549caa0..aa9ebe1 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
-@@ -82,14 +82,20 @@
+@@ -83,14 +83,20 @@
* 26 - ESPFIX small SS
* 27 - per-cpu [ offset to per-cpu data area ]
* 28 - stack_canary-20 [ for stack protector ] <=== cacheline #8
@@ -23243,7 +23280,7 @@ index 7d5a192..23ef1aa 100644
#define GDT_ENTRY_KERNEL_DS 13
#define GDT_ENTRY_DEFAULT_USER_CS 14
#define GDT_ENTRY_DEFAULT_USER_DS 15
-@@ -106,6 +112,12 @@
+@@ -107,6 +113,12 @@
#define GDT_ENTRY_PERCPU 27
#define GDT_ENTRY_STACK_CANARY 28
@@ -23256,7 +23293,7 @@ index 7d5a192..23ef1aa 100644
#define GDT_ENTRY_DOUBLEFAULT_TSS 31
/*
-@@ -118,6 +130,7 @@
+@@ -119,6 +131,7 @@
*/
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
@@ -23264,7 +23301,7 @@ index 7d5a192..23ef1aa 100644
#define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8)
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8 + 3)
-@@ -129,7 +142,7 @@
+@@ -130,7 +143,7 @@
#define PNP_CS16 (GDT_ENTRY_PNPBIOS_CS16*8)
/* "Is this PNP code selector (PNP_CS32 or PNP_CS16)?" */
@@ -23273,7 +23310,7 @@ index 7d5a192..23ef1aa 100644
/* data segment for BIOS: */
#define PNP_DS (GDT_ENTRY_PNPBIOS_DS*8)
-@@ -176,6 +189,8 @@
+@@ -177,6 +190,8 @@
#define GDT_ENTRY_DEFAULT_USER_DS 5
#define GDT_ENTRY_DEFAULT_USER_CS 6
@@ -23282,7 +23319,7 @@ index 7d5a192..23ef1aa 100644
/* Needs two entries */
#define GDT_ENTRY_TSS 8
/* Needs two entries */
-@@ -187,10 +202,12 @@
+@@ -188,10 +203,12 @@
/* Abused to load per CPU data from limit */
#define GDT_ENTRY_PER_CPU 15
@@ -23296,7 +23333,7 @@ index 7d5a192..23ef1aa 100644
/*
* Segment selector values corresponding to the above entries:
-@@ -200,7 +217,9 @@
+@@ -201,7 +218,9 @@
*/
#define __KERNEL32_CS (GDT_ENTRY_KERNEL32_CS*8)
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
@@ -23429,7 +23466,7 @@ index 58505f0..bff3b5b 100644
#endif
}
diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h
-index 7c247e7..2f17b1b 100644
+index 0944218..2f17b1b 100644
--- a/arch/x86/include/asm/stacktrace.h
+++ b/arch/x86/include/asm/stacktrace.h
@@ -11,28 +11,20 @@
@@ -23440,7 +23477,7 @@ index 7c247e7..2f17b1b 100644
+struct task_struct;
struct stacktrace_ops;
--typedef unsigned long (*walk_stack_t)(struct thread_info *tinfo,
+-typedef unsigned long (*walk_stack_t)(struct task_struct *task,
- unsigned long *stack,
- unsigned long bp,
- const struct stacktrace_ops *ops,
@@ -23457,13 +23494,13 @@ index 7c247e7..2f17b1b 100644
+ int *graph);
-extern unsigned long
--print_context_stack(struct thread_info *tinfo,
+-print_context_stack(struct task_struct *task,
- unsigned long *stack, unsigned long bp,
- const struct stacktrace_ops *ops, void *data,
- unsigned long *end, int *graph);
-
-extern unsigned long
--print_context_stack_bp(struct thread_info *tinfo,
+-print_context_stack_bp(struct task_struct *task,
- unsigned long *stack, unsigned long bp,
- const struct stacktrace_ops *ops, void *data,
- unsigned long *end, int *graph);
@@ -23579,10 +23616,10 @@ index 90dbbd9..04e8caa 100644
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
-index 751bf4b..a1278b5 100644
+index 8f321a1..6207183 100644
--- a/arch/x86/include/asm/switch_to.h
+++ b/arch/x86/include/asm/switch_to.h
-@@ -112,7 +112,7 @@ do { \
+@@ -110,7 +110,7 @@ do { \
"call __switch_to\n\t" \
"movq "__percpu_arg([current_task])",%%rsi\n\t" \
__switch_canary \
@@ -23591,7 +23628,7 @@ index 751bf4b..a1278b5 100644
"movq %%rax,%%rdi\n\t" \
"testl %[_tif_fork],%P[ti_flags](%%r8)\n\t" \
"jnz ret_from_fork\n\t" \
-@@ -123,7 +123,7 @@ do { \
+@@ -121,7 +121,7 @@ do { \
[threadrsp] "i" (offsetof(struct task_struct, thread.sp)), \
[ti_flags] "i" (offsetof(struct thread_info, flags)), \
[_tif_fork] "i" (_TIF_FORK), \
@@ -23625,7 +23662,7 @@ index 82c34ee..940fa40 100644
unsigned, unsigned, unsigned);
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index ffae84d..20997c3 100644
+index 30c133a..5cdfb3f 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -39,7 +39,7 @@
@@ -23752,7 +23789,7 @@ index ffae84d..20997c3 100644
#endif
-@@ -279,6 +250,13 @@ static inline bool is_ia32_task(void)
+@@ -279,6 +250,13 @@ static inline bool in_ia32_syscall(void)
extern void arch_task_cache_init(void);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
extern void arch_release_task_struct(struct task_struct *tsk);
@@ -23767,7 +23804,7 @@ index ffae84d..20997c3 100644
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 1fde8d5..de33497 100644
+index 4e5be94..44a409e 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -135,18 +135,44 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
@@ -23888,18 +23925,18 @@ index c3496619..3f3a7dc 100644
asmlinkage void smp_deferred_error_interrupt(void);
#endif
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 2e7513d..792107f 100644
+index 2982387..a619e60c 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
-@@ -7,6 +7,7 @@
- #include <linux/compiler.h>
+@@ -8,6 +8,7 @@
+ #include <linux/kasan-checks.h>
#include <linux/thread_info.h>
#include <linux/string.h>
+#include <linux/spinlock.h>
#include <asm/asm.h>
#include <asm/page.h>
#include <asm/smap.h>
-@@ -29,7 +30,12 @@
+@@ -30,7 +31,12 @@
#define get_ds() (KERNEL_DS)
#define get_fs() (current_thread_info()->addr_limit)
@@ -23912,7 +23949,7 @@ index 2e7513d..792107f 100644
#define segment_eq(a, b) ((a).seg == (b).seg)
-@@ -86,8 +92,36 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
+@@ -87,8 +93,36 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
* checks that the pointer is in the user space range - after calling
* this function, memory access functions may still return -EFAULT.
*/
@@ -23951,7 +23988,7 @@ index 2e7513d..792107f 100644
/*
* The exception table consists of triples of addresses relative to the
-@@ -145,11 +179,13 @@ extern int __get_user_bad(void);
+@@ -146,11 +180,13 @@ extern int __get_user_bad(void);
#define __uaccess_end() clac()
/*
@@ -23968,7 +24005,7 @@ index 2e7513d..792107f 100644
/**
* get_user: - Get a simple variable from user space.
-@@ -189,10 +225,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -190,10 +226,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
register void *__sp asm(_ASM_SP); \
__chk_user_ptr(ptr); \
might_fault(); \
@@ -23981,7 +24018,7 @@ index 2e7513d..792107f 100644
__builtin_expect(__ret_gu, 0); \
})
-@@ -200,13 +238,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -201,13 +239,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
@@ -24006,7 +24043,7 @@ index 2e7513d..792107f 100644
"3:" \
".section .fixup,\"ax\"\n" \
"4: movl %3,%0\n" \
-@@ -219,8 +265,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -220,8 +266,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
#define __put_user_asm_ex_u64(x, addr) \
asm volatile("\n" \
@@ -24017,7 +24054,7 @@ index 2e7513d..792107f 100644
"3:" \
_ASM_EXTABLE_EX(1b, 2b) \
_ASM_EXTABLE_EX(2b, 3b) \
-@@ -268,10 +314,11 @@ extern void __put_user_8(void);
+@@ -269,10 +315,11 @@ extern void __put_user_8(void);
#define put_user(x, ptr) \
({ \
int __ret_pu; \
@@ -24031,7 +24068,7 @@ index 2e7513d..792107f 100644
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -289,6 +336,7 @@ extern void __put_user_8(void);
+@@ -290,6 +337,7 @@ extern void __put_user_8(void);
__put_user_x(X, __pu_val, ptr, __ret_pu); \
break; \
} \
@@ -24039,7 +24076,7 @@ index 2e7513d..792107f 100644
__builtin_expect(__ret_pu, 0); \
})
-@@ -356,10 +404,10 @@ do { \
+@@ -357,10 +405,10 @@ do { \
__chk_user_ptr(ptr); \
switch (size) { \
case 1: \
@@ -24052,7 +24089,7 @@ index 2e7513d..792107f 100644
break; \
case 4: \
__get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \
-@@ -373,17 +421,21 @@ do { \
+@@ -374,17 +422,21 @@ do { \
} while (0)
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -24078,7 +24115,7 @@ index 2e7513d..792107f 100644
/*
* This doesn't do __uaccess_begin/end - the exception handling
-@@ -394,10 +446,10 @@ do { \
+@@ -395,10 +447,10 @@ do { \
__chk_user_ptr(ptr); \
switch (size) { \
case 1: \
@@ -24091,7 +24128,7 @@ index 2e7513d..792107f 100644
break; \
case 4: \
__get_user_asm_ex(x, ptr, "l", "k", "=r"); \
-@@ -411,7 +463,7 @@ do { \
+@@ -412,7 +464,7 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -24100,7 +24137,7 @@ index 2e7513d..792107f 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: ltype(x) : "m" (__m(addr)))
-@@ -432,13 +484,24 @@ do { \
+@@ -433,13 +485,24 @@ do { \
__uaccess_begin(); \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
__uaccess_end(); \
@@ -24127,7 +24164,7 @@ index 2e7513d..792107f 100644
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -446,8 +509,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -447,8 +510,10 @@ struct __large_struct { unsigned long buf[100]; };
* aliasing issues.
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -24139,7 +24176,7 @@ index 2e7513d..792107f 100644
"2:\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -455,10 +520,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -456,10 +521,12 @@ struct __large_struct { unsigned long buf[100]; };
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=r"(err) \
@@ -24154,7 +24191,7 @@ index 2e7513d..792107f 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: : ltype(x), "m" (__m(addr)))
-@@ -468,11 +535,13 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -469,11 +536,13 @@ struct __large_struct { unsigned long buf[100]; };
*/
#define uaccess_try do { \
current_thread_info()->uaccess_err = 0; \
@@ -24168,7 +24205,7 @@ index 2e7513d..792107f 100644
(err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
} while (0)
-@@ -498,8 +567,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -499,8 +568,12 @@ struct __large_struct { unsigned long buf[100]; };
* On error, the variable @x is set to zero.
*/
@@ -24181,7 +24218,7 @@ index 2e7513d..792107f 100644
/**
* __put_user: - Write a simple value into user space, with less checking.
-@@ -522,8 +595,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -523,8 +596,12 @@ struct __large_struct { unsigned long buf[100]; };
* Returns zero on success, or -EFAULT on error.
*/
@@ -24194,7 +24231,7 @@ index 2e7513d..792107f 100644
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
-@@ -541,7 +618,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -542,7 +619,7 @@ struct __large_struct { unsigned long buf[100]; };
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -24203,7 +24240,7 @@ index 2e7513d..792107f 100644
} while (0)
#define put_user_try uaccess_try
-@@ -559,7 +636,7 @@ extern __must_check long strlen_user(const char __user *str);
+@@ -560,7 +637,7 @@ extern __must_check long strlen_user(const char __user *str);
extern __must_check long strnlen_user(const char __user *str, long n);
unsigned long __must_check clear_user(void __user *mem, unsigned long len);
@@ -24212,7 +24249,7 @@ index 2e7513d..792107f 100644
extern void __cmpxchg_wrong_size(void)
__compiletime_error("Bad argument size for cmpxchg");
-@@ -567,22 +644,23 @@ extern void __cmpxchg_wrong_size(void)
+@@ -568,22 +645,23 @@ extern void __cmpxchg_wrong_size(void)
#define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \
({ \
int __ret = 0; \
@@ -24241,7 +24278,7 @@ index 2e7513d..792107f 100644
: "i" (-EFAULT), "q" (__new), "1" (__old) \
: "memory" \
); \
-@@ -591,14 +669,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -592,14 +670,14 @@ extern void __cmpxchg_wrong_size(void)
case 2: \
{ \
asm volatile("\n" \
@@ -24258,7 +24295,7 @@ index 2e7513d..792107f 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -607,14 +685,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -608,14 +686,14 @@ extern void __cmpxchg_wrong_size(void)
case 4: \
{ \
asm volatile("\n" \
@@ -24275,7 +24312,7 @@ index 2e7513d..792107f 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -626,14 +704,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -627,14 +705,14 @@ extern void __cmpxchg_wrong_size(void)
__cmpxchg_wrong_size(); \
\
asm volatile("\n" \
@@ -24292,7 +24329,7 @@ index 2e7513d..792107f 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -643,6 +721,7 @@ extern void __cmpxchg_wrong_size(void)
+@@ -644,6 +722,7 @@ extern void __cmpxchg_wrong_size(void)
__cmpxchg_wrong_size(); \
} \
__uaccess_end(); \
@@ -24300,7 +24337,7 @@ index 2e7513d..792107f 100644
*__uval = __old; \
__ret; \
})
-@@ -666,17 +745,6 @@ extern struct movsl_mask {
+@@ -667,17 +746,6 @@ extern struct movsl_mask {
#define ARCH_HAS_NOCACHE_UACCESS 1
@@ -24318,7 +24355,7 @@ index 2e7513d..792107f 100644
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
# define copy_user_diag __compiletime_error
#else
-@@ -686,7 +754,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
+@@ -687,7 +755,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
extern void copy_user_diag("copy_from_user() buffer size is too small")
copy_from_user_overflow(void);
extern void copy_user_diag("copy_to_user() buffer size is too small")
@@ -24327,7 +24364,7 @@ index 2e7513d..792107f 100644
#undef copy_user_diag
-@@ -699,7 +767,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
+@@ -700,7 +768,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
extern void
__compiletime_warning("copy_to_user() buffer size is not provably correct")
@@ -24336,7 +24373,7 @@ index 2e7513d..792107f 100644
#define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
#else
-@@ -714,10 +782,16 @@ __copy_from_user_overflow(int size, unsigned long count)
+@@ -715,10 +783,16 @@ __copy_from_user_overflow(int size, unsigned long count)
#endif
@@ -24354,7 +24391,7 @@ index 2e7513d..792107f 100644
might_fault();
-@@ -739,12 +813,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -742,12 +816,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
* case, and do only runtime checking for non-constant sizes.
*/
@@ -24376,13 +24413,15 @@ index 2e7513d..792107f 100644
return n;
}
-@@ -752,17 +829,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -755,19 +832,20 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
static inline unsigned long __must_check
copy_to_user(void __user *to, const void *from, unsigned long n)
{
- int sz = __compiletime_object_size(from);
+ size_t sz = __compiletime_object_size(from);
+ kasan_check_read(from, n);
+
might_fault();
/* See the comment in copy_from_user() above. */
@@ -24403,13 +24442,13 @@ index 2e7513d..792107f 100644
return n;
}
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 3fe0eac..18dfa8b 100644
+index 4b32da24..73da0ef 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
-@@ -40,9 +40,14 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
- * anything, so this is accurate.
+@@ -34,9 +34,14 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
+ * The caller should also make sure he pins the user space address
+ * so that we don't result in page fault and sleep.
*/
-
-static __always_inline unsigned long __must_check
+static __always_inline __size_overflow(3) unsigned long __must_check
__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
@@ -24419,10 +24458,10 @@ index 3fe0eac..18dfa8b 100644
+
+ check_object_size(from, n, true);
+
- if (__builtin_constant_p(n)) {
- unsigned long ret;
+ return __copy_to_user_ll(to, from, n);
+ }
-@@ -95,12 +100,16 @@ static __always_inline unsigned long __must_check
+@@ -59,12 +64,16 @@ static __always_inline unsigned long __must_check
__copy_to_user(void __user *to, const void *from, unsigned long n)
{
might_fault();
@@ -24437,10 +24476,10 @@ index 3fe0eac..18dfa8b 100644
+ if ((long)n < 0)
+ return n;
+
- /* Avoid zeroing the tail if the copy fails..
- * If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
- * but as the zeroing behaviour is only significant when n is not
-@@ -157,6 +166,12 @@ static __always_inline unsigned long
+ return __copy_from_user_ll_nozero(to, from, n);
+ }
+
+@@ -95,6 +104,12 @@ static __always_inline unsigned long
__copy_from_user(void *to, const void __user *from, unsigned long n)
{
might_fault();
@@ -24453,7 +24492,7 @@ index 3fe0eac..18dfa8b 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -185,6 +200,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
+@@ -123,6 +138,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
const void __user *from, unsigned long n)
{
might_fault();
@@ -24464,7 +24503,7 @@ index 3fe0eac..18dfa8b 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -213,7 +232,10 @@ static __always_inline unsigned long
+@@ -151,7 +170,10 @@ static __always_inline unsigned long
__copy_from_user_inatomic_nocache(void *to, const void __user *from,
unsigned long n)
{
@@ -24477,10 +24516,10 @@ index 3fe0eac..18dfa8b 100644
#endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 3076986..7688db9 100644
+index 2eac2aa..bf537a3 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
-@@ -10,6 +10,9 @@
+@@ -11,6 +11,9 @@
#include <asm/alternative.h>
#include <asm/cpufeatures.h>
#include <asm/page.h>
@@ -24490,7 +24529,7 @@ index 3076986..7688db9 100644
/*
* Copy To/From Userspace
-@@ -23,8 +26,8 @@ copy_user_generic_string(void *to, const void *from, unsigned len);
+@@ -24,8 +27,8 @@ copy_user_generic_string(void *to, const void *from, unsigned len);
__must_check unsigned long
copy_user_generic_unrolled(void *to, const void *from, unsigned len);
@@ -24501,7 +24540,7 @@ index 3076986..7688db9 100644
{
unsigned ret;
-@@ -46,152 +49,201 @@ copy_user_generic(void *to, const void *from, unsigned len)
+@@ -47,67 +50,86 @@ copy_user_generic(void *to, const void *from, unsigned len)
}
__must_check unsigned long
@@ -24601,7 +24640,8 @@ index 3076986..7688db9 100644
+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
{
might_fault();
- return __copy_from_user_nocheck(dst, src, size);
+ kasan_check_write(dst, size);
+@@ -115,66 +137,85 @@ int __copy_from_user(void *dst, const void __user *src, unsigned size)
}
static __always_inline __must_check
@@ -24699,7 +24739,8 @@ index 3076986..7688db9 100644
+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
{
might_fault();
- return __copy_to_user_nocheck(dst, src, size);
+ kasan_check_read(src, size);
+@@ -182,19 +223,30 @@ int __copy_to_user(void __user *dst, const void *src, unsigned size)
}
static __always_inline __must_check
@@ -24735,7 +24776,7 @@ index 3076986..7688db9 100644
ret, "b", "b", "=q", 1);
if (likely(!ret))
__put_user_asm(tmp, (u8 __user *)dst,
-@@ -202,7 +254,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -205,7 +257,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 2: {
u16 tmp;
__uaccess_begin();
@@ -24744,7 +24785,7 @@ index 3076986..7688db9 100644
ret, "w", "w", "=r", 2);
if (likely(!ret))
__put_user_asm(tmp, (u16 __user *)dst,
-@@ -214,7 +266,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -217,7 +269,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 4: {
u32 tmp;
__uaccess_begin();
@@ -24753,7 +24794,7 @@ index 3076986..7688db9 100644
ret, "l", "k", "=r", 4);
if (likely(!ret))
__put_user_asm(tmp, (u32 __user *)dst,
-@@ -225,7 +277,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -228,7 +280,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 8: {
u64 tmp;
__uaccess_begin();
@@ -24762,7 +24803,7 @@ index 3076986..7688db9 100644
ret, "q", "", "=r", 8);
if (likely(!ret))
__put_user_asm(tmp, (u64 __user *)dst,
-@@ -234,41 +286,58 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -237,45 +289,63 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
return ret;
}
default:
@@ -24778,6 +24819,7 @@ index 3076986..7688db9 100644
+static __must_check __always_inline unsigned long
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size)
{
+ kasan_check_write(dst, size);
return __copy_from_user_nocheck(dst, src, size);
}
@@ -24786,6 +24828,7 @@ index 3076986..7688db9 100644
+static __must_check __always_inline unsigned long
+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size)
{
+ kasan_check_read(src, size);
return __copy_to_user_nocheck(dst, src, size);
}
@@ -24800,6 +24843,7 @@ index 3076986..7688db9 100644
+__copy_from_user_nocache(void *dst, const void __user *src, unsigned long size)
{
might_fault();
+ kasan_check_write(dst, size);
+
+ if (size > INT_MAX)
+ return size;
@@ -24818,6 +24862,8 @@ index 3076986..7688db9 100644
- unsigned size)
+ unsigned long size)
{
+ kasan_check_write(dst, size);
++
+ if (size > INT_MAX)
+ return size;
+
@@ -24848,7 +24894,7 @@ index 5b238981..77fdd78 100644
#define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) }
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
-index 1ae89a2..a279bf4 100644
+index 4dcdf74..9eb489e 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -126,7 +126,7 @@ struct x86_init_ops {
@@ -24869,16 +24915,7 @@ index 1ae89a2..a279bf4 100644
struct timespec;
-@@ -165,7 +165,7 @@ struct x86_platform_ops {
- void (*save_sched_clock_state)(void);
- void (*restore_sched_clock_state)(void);
- void (*apic_post_init)(void);
--};
-+} __no_const;
-
- struct pci_dev;
-
-@@ -174,12 +174,12 @@ struct x86_msi_ops {
+@@ -222,12 +222,12 @@ struct x86_msi_ops {
void (*teardown_msi_irq)(unsigned int irq);
void (*teardown_msi_irqs)(struct pci_dev *dev);
void (*restore_msi_irqs)(struct pci_dev *dev);
@@ -24920,10 +24957,10 @@ index 9dafe59..0293c1d 100644
#define BIOS_ROM_BASE 0xffe00000
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index 616ebd2..7386ebf 100644
+index 0503f5b..f00b6e8 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
-@@ -42,7 +42,7 @@ obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
+@@ -46,7 +46,7 @@ obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o
obj-$(CONFIG_IRQ_WORK) += irq_work.o
obj-y += probe_roms.o
@@ -24933,10 +24970,10 @@ index 616ebd2..7386ebf 100644
obj-$(CONFIG_X86_64) += mcount_64.o
obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index 8c2f1ef..e4e5c19 100644
+index 9414f84..724b296 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
-@@ -1341,7 +1341,7 @@ static void __init acpi_reduced_hw_init(void)
+@@ -1349,7 +1349,7 @@ static void __init acpi_reduced_hw_init(void)
* If your system is blacklisted here, but you find that acpi=force
* works for you, please contact linux-acpi@vger.kernel.org
*/
@@ -24945,7 +24982,7 @@ index 8c2f1ef..e4e5c19 100644
/*
* Boxes that need ACPI disabled
*/
-@@ -1416,7 +1416,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+@@ -1424,7 +1424,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
};
/* second table for DMI checks that should run after early-quirks */
@@ -24992,10 +25029,10 @@ index 0c26b1b..a766e85 100644
bogus_magic:
jmp bogus_magic
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
-index 25f9093..3418d54 100644
+index 5cb272a..2bcff83 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
-@@ -20,6 +20,7 @@
+@@ -21,6 +21,7 @@
#include <asm/tlbflush.h>
#include <asm/io.h>
#include <asm/fixmap.h>
@@ -25003,7 +25040,7 @@ index 25f9093..3418d54 100644
int __read_mostly alternatives_patched;
-@@ -261,7 +262,9 @@ static void __init_or_module add_nops(void *insns, unsigned int len)
+@@ -262,7 +263,9 @@ static void __init_or_module add_nops(void *insns, unsigned int len)
unsigned int noplen = len;
if (noplen > ASM_NOP_MAX)
noplen = ASM_NOP_MAX;
@@ -25013,7 +25050,7 @@ index 25f9093..3418d54 100644
insns += noplen;
len -= noplen;
}
-@@ -289,6 +292,13 @@ recompute_jump(struct alt_instr *a, u8 *orig_insn, u8 *repl_insn, u8 *insnbuf)
+@@ -290,6 +293,13 @@ recompute_jump(struct alt_instr *a, u8 *orig_insn, u8 *repl_insn, u8 *insnbuf)
if (a->replacementlen != 5)
return;
@@ -25027,7 +25064,7 @@ index 25f9093..3418d54 100644
o_dspl = *(s32 *)(insnbuf + 1);
/* next_rip of the replacement JMP */
-@@ -364,6 +374,7 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
+@@ -365,6 +375,7 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
{
struct alt_instr *a;
u8 *instr, *replacement;
@@ -25035,7 +25072,7 @@ index 25f9093..3418d54 100644
u8 insnbuf[MAX_PATCH_LEN];
DPRINTK("alt table %p -> %p", start, end);
-@@ -379,46 +390,71 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
+@@ -380,46 +391,71 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
for (a = start; a < end; a++) {
int insnbuf_sz = 0;
@@ -25121,7 +25158,7 @@ index 25f9093..3418d54 100644
text_poke_early(instr, insnbuf, insnbuf_sz);
}
-@@ -434,10 +470,16 @@ static void alternatives_smp_lock(const s32 *start, const s32 *end,
+@@ -435,10 +471,16 @@ static void alternatives_smp_lock(const s32 *start, const s32 *end,
for (poff = start; poff < end; poff++) {
u8 *ptr = (u8 *)poff + *poff;
@@ -25139,7 +25176,7 @@ index 25f9093..3418d54 100644
text_poke(ptr, ((unsigned char []){0xf0}), 1);
}
mutex_unlock(&text_mutex);
-@@ -452,10 +494,16 @@ static void alternatives_smp_unlock(const s32 *start, const s32 *end,
+@@ -453,10 +495,16 @@ static void alternatives_smp_unlock(const s32 *start, const s32 *end,
for (poff = start; poff < end; poff++) {
u8 *ptr = (u8 *)poff + *poff;
@@ -25157,7 +25194,7 @@ index 25f9093..3418d54 100644
text_poke(ptr, ((unsigned char []){0x3E}), 1);
}
mutex_unlock(&text_mutex);
-@@ -592,7 +640,7 @@ void __init_or_module apply_paravirt(struct paravirt_patch_site *start,
+@@ -593,7 +641,7 @@ void __init_or_module apply_paravirt(struct paravirt_patch_site *start,
BUG_ON(p->len > MAX_PATCH_LEN);
/* prep the buffer with the original instructions */
@@ -25166,7 +25203,7 @@ index 25f9093..3418d54 100644
used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
(unsigned long)p->instr, p->len);
-@@ -639,7 +687,7 @@ void __init alternative_instructions(void)
+@@ -640,7 +688,7 @@ void __init alternative_instructions(void)
if (!uniproc_patched || num_possible_cpus() == 1)
free_init_pages("SMP alternatives",
(unsigned long)__smp_locks,
@@ -25175,7 +25212,7 @@ index 25f9093..3418d54 100644
#endif
apply_paravirt(__parainstructions, __parainstructions_end);
-@@ -660,13 +708,17 @@ void __init alternative_instructions(void)
+@@ -661,13 +709,17 @@ void __init alternative_instructions(void)
* instructions. And on the local CPU you need to be protected again NMI or MCE
* handlers seeing an inconsistent instruction while you patch.
*/
@@ -25195,7 +25232,7 @@ index 25f9093..3418d54 100644
local_irq_restore(flags);
/* Could also do a CLFLUSH here to speed up CPU recovery; but
that causes hangs on some VIA CPUs. */
-@@ -689,19 +741,25 @@ void *__init_or_module text_poke_early(void *addr, const void *opcode,
+@@ -690,19 +742,25 @@ void *__init_or_module text_poke_early(void *addr, const void *opcode,
void *text_poke(void *addr, const void *opcode, size_t len)
{
unsigned long flags;
@@ -25227,7 +25264,7 @@ index 25f9093..3418d54 100644
local_irq_save(flags);
set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
if (pages[1])
-@@ -718,6 +776,7 @@ void *text_poke(void *addr, const void *opcode, size_t len)
+@@ -719,6 +777,7 @@ void *text_poke(void *addr, const void *opcode, size_t len)
for (i = 0; i < len; i++)
BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
local_irq_restore(flags);
@@ -25235,7 +25272,7 @@ index 25f9093..3418d54 100644
return addr;
}
-@@ -771,7 +830,7 @@ int poke_int3_handler(struct pt_regs *regs)
+@@ -772,7 +831,7 @@ int poke_int3_handler(struct pt_regs *regs)
*/
void *text_poke_bp(void *addr, const void *opcode, size_t len, void *handler)
{
@@ -25245,7 +25282,7 @@ index 25f9093..3418d54 100644
bp_int3_handler = handler;
bp_int3_addr = (u8 *)addr + sizeof(int3);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index d356987..ed8a52b 100644
+index 60078a6..b9fb105 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -177,7 +177,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
@@ -25298,11 +25335,11 @@ index 76f89e2..4a349aaa 100644
.name = "physical flat",
.probe = physflat_probe,
diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c
-index 331a7a0..2173347 100644
+index 13d19ed..fe1730f 100644
--- a/arch/x86/kernel/apic/apic_noop.c
+++ b/arch/x86/kernel/apic/apic_noop.c
@@ -109,7 +109,7 @@ static void noop_apic_write(u32 reg, u32 v)
- WARN_ON_ONCE(cpu_has_apic && !disable_apic);
+ WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_APIC) && !disable_apic);
}
-struct apic apic_noop = {
@@ -25324,7 +25361,7 @@ index cf9bd89..75fcb85 100644
.name = "bigsmp",
.probe = probe_bigsmp,
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index fdb0fbf..352c2f0 100644
+index 446702e..ed37083 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1682,7 +1682,7 @@ static unsigned int startup_ioapic_irq(struct irq_data *data)
@@ -25408,7 +25445,7 @@ index f316e34..48c21c5 100644
static int cmdline_apic __initdata;
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
-index ef49551..ba2e857 100644
+index a5e400a..d070a03 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -37,6 +37,7 @@ static struct irq_chip lapic_controller;
@@ -25454,10 +25491,10 @@ index a1242e2..0e7f712 100644
.name = "physical x2apic",
.probe = x2apic_phys_probe,
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index d7ce96a..99cedd7 100644
+index 2900315..ff2a970 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
-@@ -374,7 +374,7 @@ static int uv_probe(void)
+@@ -554,7 +554,7 @@ static int uv_probe(void)
return apic == &apic_x2apic_uv_x;
}
@@ -25467,7 +25504,7 @@ index d7ce96a..99cedd7 100644
.name = "UV large system",
.probe = uv_probe,
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index 9307f18..a43f175 100644
+index c7364bd..20cd21a 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -432,7 +432,7 @@ static DEFINE_MUTEX(apm_mutex);
@@ -25551,7 +25588,7 @@ index 9307f18..a43f175 100644
proc_create("apm", 0, NULL, &apm_file_ops);
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
-index 5c04246..e280385 100644
+index 674134e..bb9947e 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,6 +32,8 @@ void common(void) {
@@ -25590,7 +25627,7 @@ index 5c04246..e280385 100644
#ifdef CONFIG_XEN
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
-@@ -85,4 +105,5 @@ void common(void) {
+@@ -86,4 +106,5 @@ void common(void) {
BLANK();
DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
@@ -25612,10 +25649,10 @@ index 4a8697f..8a13428 100644
obj-y += common.o
obj-y += rdrand.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 7b76eb6..99cb9cc 100644
+index f5c69d8..5eecf58 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -776,7 +776,7 @@ static void init_amd(struct cpuinfo_x86 *c)
+@@ -780,7 +780,7 @@ static void init_amd(struct cpuinfo_x86 *c)
static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
{
/* AMD errata T13 (order #21922) */
@@ -25645,10 +25682,10 @@ index a972ac4..938c163 100644
/*
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index f45a4b9..9d999f8 100644
+index 0fe6953..a253a78 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
-@@ -92,60 +92,6 @@ static const struct cpu_dev default_cpu = {
+@@ -93,60 +93,6 @@ static const struct cpu_dev default_cpu = {
static const struct cpu_dev *this_cpu = &default_cpu;
@@ -25709,7 +25746,7 @@ index f45a4b9..9d999f8 100644
static int __init x86_mpx_setup(char *s)
{
/* require an exact match without trailing characters */
-@@ -278,6 +224,10 @@ static __always_inline void setup_smep(struct cpuinfo_x86 *c)
+@@ -281,6 +227,10 @@ static __always_inline void setup_smep(struct cpuinfo_x86 *c)
{
if (cpu_has(c, X86_FEATURE_SMEP))
cr4_set_bits(X86_CR4_SMEP);
@@ -25720,7 +25757,7 @@ index f45a4b9..9d999f8 100644
}
static __init int setup_disable_smap(char *arg)
-@@ -303,6 +253,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+@@ -306,6 +256,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
}
}
@@ -25830,7 +25867,7 @@ index f45a4b9..9d999f8 100644
/*
* Protection Keys are not available in 32-bit mode.
*/
-@@ -448,7 +501,7 @@ void switch_to_new_gdt(int cpu)
+@@ -451,7 +504,7 @@ void switch_to_new_gdt(int cpu)
{
struct desc_ptr gdt_descr;
@@ -25839,7 +25876,7 @@ index f45a4b9..9d999f8 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -1004,6 +1057,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -1042,6 +1095,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
setup_smep(c);
setup_smap(c);
@@ -25860,16 +25897,16 @@ index f45a4b9..9d999f8 100644
/*
* The vendor-specific functions might have changed features.
* Now we do "generic changes."
-@@ -1081,7 +1148,7 @@ void enable_sep_cpu(void)
- int cpu;
+@@ -1122,7 +1189,7 @@ void enable_sep_cpu(void)
+ return;
cpu = get_cpu();
- tss = &per_cpu(cpu_tss, cpu);
+ tss = cpu_tss + cpu;
- if (!boot_cpu_has(X86_FEATURE_SEP))
- goto out;
-@@ -1227,10 +1294,12 @@ static __init int setup_disablecpuid(char *arg)
+ /*
+ * We cache MSR_IA32_SYSENTER_CS's value in the TSS's ss1 field --
+@@ -1264,10 +1331,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -25885,7 +25922,7 @@ index f45a4b9..9d999f8 100644
DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE) __visible;
-@@ -1342,21 +1411,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
+@@ -1379,21 +1448,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
EXPORT_PER_CPU_SYMBOL(__preempt_count);
@@ -25914,7 +25951,7 @@ index f45a4b9..9d999f8 100644
/*
* Clear all 6 debug registers:
*/
-@@ -1432,7 +1501,7 @@ void cpu_init(void)
+@@ -1469,7 +1538,7 @@ void cpu_init(void)
*/
load_ucode_ap();
@@ -25923,7 +25960,7 @@ index f45a4b9..9d999f8 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1464,7 +1533,6 @@ void cpu_init(void)
+@@ -1501,7 +1570,6 @@ void cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -25931,7 +25968,7 @@ index f45a4b9..9d999f8 100644
x2apic_setup();
/*
-@@ -1516,7 +1584,7 @@ void cpu_init(void)
+@@ -1553,7 +1621,7 @@ void cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -25993,7 +26030,7 @@ index de6626c..c84e8c1 100644
return &cache_private_group;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index f0c921b..2c7b33b 100644
+index 92e5e37..bc2c026 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -47,6 +47,7 @@
@@ -26004,7 +26041,7 @@ index f0c921b..2c7b33b 100644
#include "mce-internal.h"
-@@ -211,8 +212,7 @@ static struct notifier_block mce_srao_nb;
+@@ -209,8 +210,7 @@ static struct notifier_block mce_srao_nb;
void mce_register_decode_chain(struct notifier_block *nb)
{
/* Ensure SRAO notifier has the highest priority in the decode chain. */
@@ -26014,7 +26051,16 @@ index f0c921b..2c7b33b 100644
atomic_notifier_chain_register(&x86_mce_decoder_chain, nb);
}
-@@ -236,7 +236,7 @@ static void print_mce(struct mce *m)
+@@ -262,7 +262,7 @@ static inline u32 smca_misc_reg(int bank)
+ return MSR_AMD64_SMCA_MCx_MISC(bank);
+ }
+
+-struct mca_msr_regs msr_ops = {
++struct mca_msr_regs msr_ops __read_only = {
+ .ctl = ctl_reg,
+ .status = status_reg,
+ .addr = addr_reg,
+@@ -281,7 +281,7 @@ static void print_mce(struct mce *m)
!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
m->cs, m->ip);
@@ -26023,7 +26069,7 @@ index f0c921b..2c7b33b 100644
print_symbol("{%s}", m->ip);
pr_cont("\n");
}
-@@ -269,10 +269,10 @@ static void print_mce(struct mce *m)
+@@ -314,10 +314,10 @@ static void print_mce(struct mce *m)
#define PANIC_TIMEOUT 5 /* 5 seconds */
@@ -26036,7 +26082,7 @@ index f0c921b..2c7b33b 100644
/* Panic in progress. Enable interrupts and wait for final IPI */
static void wait_for_panic(void)
-@@ -296,7 +296,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
+@@ -343,7 +343,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
/*
* Make sure only one CPU runs in machine check panic
*/
@@ -26045,7 +26091,7 @@ index f0c921b..2c7b33b 100644
wait_for_panic();
barrier();
-@@ -304,7 +304,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
+@@ -351,7 +351,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
console_verbose();
} else {
/* Don't log too much for fake panic */
@@ -26053,8 +26099,8 @@ index f0c921b..2c7b33b 100644
+ if (atomic_inc_return_unchecked(&mce_fake_panicked) > 1)
return;
}
- /* First print corrected ones that are still unlogged */
-@@ -343,7 +343,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
+ pending = mce_gen_pool_prepare_records();
+@@ -387,7 +387,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
if (!fake_panic) {
if (panic_timeout == 0)
panic_timeout = mca_cfg.panic_timeout;
@@ -26063,7 +26109,7 @@ index f0c921b..2c7b33b 100644
} else
pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
}
-@@ -717,7 +717,7 @@ static int mce_timed_out(u64 *t, const char *msg)
+@@ -761,7 +761,7 @@ static int mce_timed_out(u64 *t, const char *msg)
* might have been modified by someone else.
*/
rmb();
@@ -26072,7 +26118,20 @@ index f0c921b..2c7b33b 100644
wait_for_panic();
if (!mca_cfg.monarch_timeout)
goto out;
-@@ -1684,7 +1684,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1691,10 +1691,12 @@ static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
+ * Install proper ops for Scalable MCA enabled processors
+ */
+ if (mce_flags.smca) {
++ pax_open_kernel();
+ msr_ops.ctl = smca_ctl_reg;
+ msr_ops.status = smca_status_reg;
+ msr_ops.addr = smca_addr_reg;
+ msr_ops.misc = smca_misc_reg;
++ pax_close_kernel();
+ }
+ mce_amd_feature_init(c);
+
+@@ -1747,7 +1749,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
}
/* Call the installed machine check handler for this CPU setup. */
@@ -26081,7 +26140,7 @@ index f0c921b..2c7b33b 100644
unexpected_machine_check;
/*
-@@ -1713,7 +1713,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1776,7 +1778,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c)
return;
}
@@ -26091,7 +26150,7 @@ index f0c921b..2c7b33b 100644
__mcheck_cpu_init_generic();
__mcheck_cpu_init_vendor(c);
-@@ -1744,7 +1746,7 @@ void mcheck_cpu_clear(struct cpuinfo_x86 *c)
+@@ -1808,7 +1812,7 @@ void mcheck_cpu_clear(struct cpuinfo_x86 *c)
*/
static DEFINE_SPINLOCK(mce_chrdev_state_lock);
@@ -26100,7 +26159,7 @@ index f0c921b..2c7b33b 100644
static int mce_chrdev_open_exclu; /* already open exclusive? */
static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1752,7 +1754,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1816,7 +1820,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
spin_lock(&mce_chrdev_state_lock);
if (mce_chrdev_open_exclu ||
@@ -26109,7 +26168,7 @@ index f0c921b..2c7b33b 100644
spin_unlock(&mce_chrdev_state_lock);
return -EBUSY;
-@@ -1760,7 +1762,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1824,7 +1828,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
if (file->f_flags & O_EXCL)
mce_chrdev_open_exclu = 1;
@@ -26118,7 +26177,7 @@ index f0c921b..2c7b33b 100644
spin_unlock(&mce_chrdev_state_lock);
-@@ -1771,7 +1773,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1835,7 +1839,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
{
spin_lock(&mce_chrdev_state_lock);
@@ -26127,7 +26186,7 @@ index f0c921b..2c7b33b 100644
mce_chrdev_open_exclu = 0;
spin_unlock(&mce_chrdev_state_lock);
-@@ -2463,7 +2465,7 @@ static __init void mce_init_banks(void)
+@@ -2529,7 +2533,7 @@ static __init void mce_init_banks(void)
for (i = 0; i < mca_cfg.banks; i++) {
struct mce_bank *b = &mce_banks[i];
@@ -26136,7 +26195,7 @@ index f0c921b..2c7b33b 100644
sysfs_attr_init(&a->attr);
a->attr.name = b->attrname;
-@@ -2570,7 +2572,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2636,7 +2640,7 @@ struct dentry *mce_get_debugfs_dir(void)
static void mce_reset(void)
{
cpu_missing = 0;
@@ -26190,7 +26249,7 @@ index c6a722e..4016140 100644
wmb();
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
-index cbb3cf0..f3b73a3 100644
+index 65cbbcd..c41a7f8 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -1003,13 +1003,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
@@ -26223,10 +26282,10 @@ index 10c11b4..18c4d71 100644
.detect = ms_hyperv_platform,
.init_platform = ms_hyperv_init_platform,
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
-index 19f5736..8f92a72 100644
+index 16e37a2..61decea 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
-@@ -722,7 +722,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
+@@ -726,7 +726,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
* The caller must ensure that local interrupts are disabled and
* are reenabled after post_set() has been called.
*/
@@ -26236,7 +26295,7 @@ index 19f5736..8f92a72 100644
{
unsigned long cr0;
-@@ -758,7 +759,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
+@@ -762,7 +763,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
wbinvd();
}
@@ -26247,7 +26306,7 @@ index 19f5736..8f92a72 100644
/* Flush TLBs (no need to flush caches - they are disabled) */
count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
-index 10f8d47..481f5b4 100644
+index 7d393ec..488842d 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -72,7 +72,7 @@ static DEFINE_MUTEX(mtrr_mutex);
@@ -26260,7 +26319,7 @@ index 10f8d47..481f5b4 100644
const struct mtrr_ops *mtrr_if;
diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.h b/arch/x86/kernel/cpu/mtrr/mtrr.h
-index 951884d..4796b75 100644
+index 6c7ced0..55ee554 100644
--- a/arch/x86/kernel/cpu/mtrr/mtrr.h
+++ b/arch/x86/kernel/cpu/mtrr/mtrr.h
@@ -25,7 +25,7 @@ struct mtrr_ops {
@@ -26273,7 +26332,7 @@ index 951884d..4796b75 100644
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
-index 364e583..1124b95 100644
+index 8cac429..ccecccb 100644
--- a/arch/x86/kernel/cpu/vmware.c
+++ b/arch/x86/kernel/cpu/vmware.c
@@ -136,7 +136,7 @@ static bool __init vmware_legacy_x2apic_available(void)
@@ -26334,7 +26393,7 @@ index f6dfd93..892ade4 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index 8efa57a..9750a3d 100644
+index ef8017c..1543ef8 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -26347,7 +26406,7 @@ index 8efa57a..9750a3d 100644
#include <linux/kallsyms.h>
#include <linux/kprobes.h>
#include <linux/uaccess.h>
-@@ -35,23 +38,21 @@ static void printk_stack_address(unsigned long address, int reliable,
+@@ -35,7 +38,7 @@ static void printk_stack_address(unsigned long address, int reliable,
void printk_address(unsigned long address)
{
@@ -26356,49 +26415,23 @@ index 8efa57a..9750a3d 100644
}
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
- static void
- print_ftrace_graph_addr(unsigned long addr, void *data,
- const struct stacktrace_ops *ops,
-- struct thread_info *tinfo, int *graph)
-+ struct task_struct *task, int *graph)
- {
-- struct task_struct *task;
- unsigned long ret_addr;
- int index;
-
- if (addr != (unsigned long)return_to_handler)
- return;
-
-- task = tinfo->task;
- index = task->curr_ret_stack;
-
- if (!task->ret_stack || index < *graph)
-@@ -68,7 +69,7 @@ print_ftrace_graph_addr(unsigned long addr, void *data,
- static inline void
- print_ftrace_graph_addr(unsigned long addr, void *data,
- const struct stacktrace_ops *ops,
-- struct thread_info *tinfo, int *graph)
-+ struct task_struct *task, int *graph)
- { }
- #endif
-
-@@ -79,10 +80,8 @@ print_ftrace_graph_addr(unsigned long addr, void *data,
+@@ -77,10 +80,8 @@ print_ftrace_graph_addr(unsigned long addr, void *data,
* severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
*/
--static inline int valid_stack_ptr(struct thread_info *tinfo,
+-static inline int valid_stack_ptr(struct task_struct *task,
- void *p, unsigned int size, void *end)
+static inline int valid_stack_ptr(void *t, void *p, unsigned int size, void *end)
{
-- void *t = tinfo;
+- void *t = task_stack_page(task);
if (end) {
if (p < end && p >= (end-THREAD_SIZE))
return 1;
-@@ -93,14 +92,14 @@ static inline int valid_stack_ptr(struct thread_info *tinfo,
+@@ -91,14 +92,14 @@ static inline int valid_stack_ptr(struct task_struct *task,
}
unsigned long
--print_context_stack(struct thread_info *tinfo,
+-print_context_stack(struct task_struct *task,
+print_context_stack(struct task_struct *task, void *stack_start,
unsigned long *stack, unsigned long bp,
const struct stacktrace_ops *ops, void *data,
@@ -26406,48 +26439,30 @@ index 8efa57a..9750a3d 100644
{
struct stack_frame *frame = (struct stack_frame *)bp;
-- while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
+- while (valid_stack_ptr(task, stack, sizeof(*stack), end)) {
+ while (valid_stack_ptr(stack_start, stack, sizeof(*stack), end)) {
unsigned long addr;
addr = *stack;
-@@ -112,7 +111,7 @@ print_context_stack(struct thread_info *tinfo,
- } else {
- ops->address(data, addr, 0);
- }
-- print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
-+ print_ftrace_graph_addr(addr, data, ops, task, graph);
- }
- stack++;
- }
-@@ -121,7 +120,7 @@ print_context_stack(struct thread_info *tinfo,
+@@ -119,7 +120,7 @@ print_context_stack(struct task_struct *task,
EXPORT_SYMBOL_GPL(print_context_stack);
unsigned long
--print_context_stack_bp(struct thread_info *tinfo,
+-print_context_stack_bp(struct task_struct *task,
+print_context_stack_bp(struct task_struct *task, void *stack_start,
unsigned long *stack, unsigned long bp,
const struct stacktrace_ops *ops, void *data,
unsigned long *end, int *graph)
-@@ -129,7 +128,7 @@ print_context_stack_bp(struct thread_info *tinfo,
+@@ -127,7 +128,7 @@ print_context_stack_bp(struct task_struct *task,
struct stack_frame *frame = (struct stack_frame *)bp;
unsigned long *ret_addr = &frame->return_address;
-- while (valid_stack_ptr(tinfo, ret_addr, sizeof(*ret_addr), end)) {
+- while (valid_stack_ptr(task, ret_addr, sizeof(*ret_addr), end)) {
+ while (valid_stack_ptr(stack_start, ret_addr, sizeof(*ret_addr), end)) {
unsigned long addr = *ret_addr;
if (!__kernel_text_address(addr))
-@@ -139,7 +138,7 @@ print_context_stack_bp(struct thread_info *tinfo,
- break;
- frame = frame->next_frame;
- ret_addr = &frame->return_address;
-- print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
-+ print_ftrace_graph_addr(addr, data, ops, task, graph);
- }
-
- return (unsigned long)frame;
-@@ -228,6 +227,8 @@ unsigned long oops_begin(void)
+@@ -226,6 +227,8 @@ unsigned long oops_begin(void)
EXPORT_SYMBOL_GPL(oops_begin);
NOKPROBE_SYMBOL(oops_begin);
@@ -26456,7 +26471,7 @@ index 8efa57a..9750a3d 100644
void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
{
if (regs && kexec_should_crash(current))
-@@ -249,7 +250,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+@@ -247,7 +250,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -26469,14 +26484,13 @@ index 8efa57a..9750a3d 100644
NOKPROBE_SYMBOL(oops_end);
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
-index 464ffd6..01f2cda 100644
+index fef917e..01f2cda 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
-@@ -61,15 +61,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
+@@ -61,13 +61,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
bp = stack_frame(task, regs);
for (;;) {
-- struct thread_info *context;
+ void *stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
void *end_stack;
@@ -26484,13 +26498,12 @@ index 464ffd6..01f2cda 100644
if (!end_stack)
end_stack = is_softirq_stack(stack, cpu);
-- context = task_thread_info(task);
-- bp = ops->walk_stack(context, stack, bp, ops, data,
+- bp = ops->walk_stack(task, stack, bp, ops, data,
+ bp = ops->walk_stack(task, stack_start, stack, bp, ops, data,
end_stack, &graph);
/* Stop if not on irq stack */
-@@ -137,16 +136,17 @@ void show_regs(struct pt_regs *regs)
+@@ -135,16 +136,17 @@ void show_regs(struct pt_regs *regs)
unsigned int code_len = code_bytes;
unsigned char c;
u8 *ip;
@@ -26510,7 +26523,7 @@ index 464ffd6..01f2cda 100644
code_len = code_len - code_prologue + 1;
}
for (i = 0; i < code_len; i++, ip++) {
-@@ -155,7 +155,7 @@ void show_regs(struct pt_regs *regs)
+@@ -153,7 +155,7 @@ void show_regs(struct pt_regs *regs)
pr_cont(" Bad EIP value.");
break;
}
@@ -26519,7 +26532,7 @@ index 464ffd6..01f2cda 100644
pr_cont(" <%02x>", c);
else
pr_cont(" %02x", c);
-@@ -168,6 +168,7 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -166,6 +168,7 @@ int is_valid_bugaddr(unsigned long ip)
{
unsigned short ud2;
@@ -26527,7 +26540,7 @@ index 464ffd6..01f2cda 100644
if (ip < PAGE_OFFSET)
return 0;
if (probe_kernel_address((unsigned short *)ip, ud2))
-@@ -175,3 +176,15 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -173,3 +176,15 @@ int is_valid_bugaddr(unsigned long ip)
return ud2 == 0x0b0f;
}
@@ -26544,16 +26557,10 @@ index 464ffd6..01f2cda 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 5f1c626..059e830 100644
+index d558a8a..059e830 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
-@@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
- const struct stacktrace_ops *ops, void *data)
- {
- const unsigned cpu = get_cpu();
-- struct thread_info *tinfo;
- unsigned long *irq_stack = (unsigned long *)per_cpu(irq_stack_ptr, cpu);
- unsigned long dummy;
+@@ -158,6 +158,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
unsigned used = 0;
int graph = 0;
int done = 0;
@@ -26561,15 +26568,7 @@ index 5f1c626..059e830 100644
if (!task)
task = current;
-@@ -179,7 +179,6 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
- * current stack address. If the stacks consist of nested
- * exceptions
- */
-- tinfo = task_thread_info(task);
- while (!done) {
- unsigned long *stack_end;
- enum stack_type stype;
-@@ -192,17 +191,19 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
+@@ -190,17 +191,19 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
done = 1;
switch (stype) {
@@ -26588,12 +26587,12 @@ index 5f1c626..059e830 100644
if (ops->stack(data, id) < 0)
break;
-- bp = ops->walk_stack(tinfo, stack, bp, ops,
+- bp = ops->walk_stack(task, stack, bp, ops,
+ bp = ops->walk_stack(task, stack_end - EXCEPTION_STKSZ, stack, bp, ops,
data, stack_end, &graph);
ops->stack(data, "<EOE>");
/*
-@@ -210,15 +211,16 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
+@@ -208,15 +211,16 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
* second-to-last pointer (index -2 to end) in the
* exception stack:
*/
@@ -26607,24 +26606,24 @@ index 5f1c626..059e830 100644
-
if (ops->stack(data, "IRQ") < 0)
break;
-- bp = ops->walk_stack(tinfo, stack, bp,
+- bp = ops->walk_stack(task, stack, bp,
+ bp = ops->walk_stack(task, irq_stack, stack, bp,
ops, data, stack_end, &graph);
/*
* We link to the next stack (which would be
-@@ -237,10 +239,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
+@@ -235,10 +239,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
}
}
- /*
- * This handles the process stack:
- */
-- bp = ops->walk_stack(tinfo, stack, bp, ops, data, NULL, &graph);
+- bp = ops->walk_stack(task, stack, bp, ops, data, NULL, &graph);
+out:
put_cpu();
}
EXPORT_SYMBOL(dump_trace);
-@@ -347,8 +346,55 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -345,8 +346,55 @@ int is_valid_bugaddr(unsigned long ip)
{
unsigned short ud2;
@@ -26709,7 +26708,7 @@ index 8a12199..e63bebf 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
-index 4d38416..ec7cc4e 100644
+index 04f89ca..43ad7de 100644
--- a/arch/x86/kernel/espfix_64.c
+++ b/arch/x86/kernel/espfix_64.c
@@ -41,6 +41,7 @@
@@ -26806,7 +26805,7 @@ index 4d38416..ec7cc4e 100644
unlock_done:
mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
-index 8e37cc8..0ce76b8 100644
+index 9702754..1858c7b 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -131,7 +131,7 @@ void __kernel_fpu_end(void)
@@ -26894,45 +26893,39 @@ index 8e37cc8..0ce76b8 100644
fpu->counter++;
kernel_fpu_enable();
}
-@@ -509,25 +509,25 @@ void fpu__clear(struct fpu *fpu)
- static inline unsigned short get_fpu_cwd(struct fpu *fpu)
- {
- if (cpu_has_fxsr) {
-- return fpu->state.fxsave.cwd;
-+ return fpu->state->fxsave.cwd;
- } else {
-- return (unsigned short)fpu->state.fsave.cwd;
-+ return (unsigned short)fpu->state->fsave.cwd;
- }
- }
+@@ -523,11 +523,11 @@ int fpu__exception_code(struct fpu *fpu, int trap_nr)
+ * fully reproduce the context of the exception.
+ */
+ if (boot_cpu_has(X86_FEATURE_FXSR)) {
+- cwd = fpu->state.fxsave.cwd;
+- swd = fpu->state.fxsave.swd;
++ cwd = fpu->state->fxsave.cwd;
++ swd = fpu->state->fxsave.swd;
+ } else {
+- cwd = (unsigned short)fpu->state.fsave.cwd;
+- swd = (unsigned short)fpu->state.fsave.swd;
++ cwd = (unsigned short)fpu->state->fsave.cwd;
++ swd = (unsigned short)fpu->state->fsave.swd;
+ }
- static inline unsigned short get_fpu_swd(struct fpu *fpu)
- {
- if (cpu_has_fxsr) {
-- return fpu->state.fxsave.swd;
-+ return fpu->state->fxsave.swd;
- } else {
-- return (unsigned short)fpu->state.fsave.swd;
-+ return (unsigned short)fpu->state->fsave.swd;
- }
- }
+ err = swd & ~cwd;
+@@ -541,7 +541,7 @@ int fpu__exception_code(struct fpu *fpu, int trap_nr)
+ unsigned short mxcsr = MXCSR_DEFAULT;
- static inline unsigned short get_fpu_mxcsr(struct fpu *fpu)
- {
- if (cpu_has_xmm) {
-- return fpu->state.fxsave.mxcsr;
-+ return fpu->state->fxsave.mxcsr;
- } else {
- return MXCSR_DEFAULT;
+ if (boot_cpu_has(X86_FEATURE_XMM))
+- mxcsr = fpu->state.fxsave.mxcsr;
++ mxcsr = fpu->state->fxsave.mxcsr;
+
+ err = ~(mxcsr >> 7) & mxcsr;
}
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index 54c86ff..703757b 100644
+index aacfd7a..3f07533 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -45,7 +45,7 @@ static void fpu__init_cpu_generic(void)
/* Flush out any pending x87 state: */
#ifdef CONFIG_MATH_EMULATION
- if (!cpu_has_fpu)
+ if (!boot_cpu_has(X86_FEATURE_FPU))
- fpstate_init_soft(&current->thread.fpu.state.soft);
+ fpstate_init_soft(&current->thread.fpu.state->soft);
else
@@ -27000,10 +26993,10 @@ index 54c86ff..703757b 100644
fpu__init_system_ctx_switch();
}
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
-index 8bd1c00..765a913 100644
+index 81422df..f89e945 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
-@@ -37,7 +37,7 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -40,7 +40,7 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
fpstate_sanitize_xstate(fpu);
return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
@@ -27012,7 +27005,7 @@ index 8bd1c00..765a913 100644
}
int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
-@@ -54,19 +54,19 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -57,19 +57,19 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
fpstate_sanitize_xstate(fpu);
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
@@ -27029,13 +27022,13 @@ index 8bd1c00..765a913 100644
* update the header bits in the xsave header, indicating the
* presence of FP and SSE state.
*/
- if (cpu_has_xsave)
+ if (boot_cpu_has(X86_FEATURE_XSAVE))
- fpu->state.xsave.header.xfeatures |= XFEATURE_MASK_FPSSE;
+ fpu->state->xsave.header.xfeatures |= XFEATURE_MASK_FPSSE;
return ret;
}
-@@ -84,7 +84,7 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -87,7 +87,7 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
fpu__activate_fpstate_read(fpu);
@@ -27044,7 +27037,7 @@ index 8bd1c00..765a913 100644
/*
* Copy the 48bytes defined by the software first into the xstate
-@@ -113,7 +113,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -116,7 +116,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
fpu__activate_fpstate_write(fpu);
@@ -27053,7 +27046,7 @@ index 8bd1c00..765a913 100644
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, xsave, 0, -1);
/*
-@@ -204,7 +204,7 @@ static inline u32 twd_fxsr_to_i387(struct fxregs_state *fxsave)
+@@ -207,7 +207,7 @@ static inline u32 twd_fxsr_to_i387(struct fxregs_state *fxsave)
void
convert_from_fxsr(struct user_i387_ia32_struct *env, struct task_struct *tsk)
{
@@ -27062,7 +27055,7 @@ index 8bd1c00..765a913 100644
struct _fpreg *to = (struct _fpreg *) &env->st_space[0];
struct _fpxreg *from = (struct _fpxreg *) &fxsave->st_space[0];
int i;
-@@ -242,7 +242,7 @@ void convert_to_fxsr(struct task_struct *tsk,
+@@ -245,7 +245,7 @@ void convert_to_fxsr(struct task_struct *tsk,
const struct user_i387_ia32_struct *env)
{
@@ -27071,28 +27064,28 @@ index 8bd1c00..765a913 100644
struct _fpreg *from = (struct _fpreg *) &env->st_space[0];
struct _fpxreg *to = (struct _fpxreg *) &fxsave->st_space[0];
int i;
-@@ -280,7 +280,7 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -283,7 +283,7 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
- if (!cpu_has_fxsr)
+ if (!boot_cpu_has(X86_FEATURE_FXSR))
return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
- &fpu->state.fsave, 0,
+ &fpu->state->fsave, 0,
-1);
fpstate_sanitize_xstate(fpu);
-@@ -311,7 +311,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -314,7 +314,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
- if (!cpu_has_fxsr)
+ if (!boot_cpu_has(X86_FEATURE_FXSR))
return user_regset_copyin(&pos, &count, &kbuf, &ubuf,
- &fpu->state.fsave, 0,
+ &fpu->state->fsave, 0,
-1);
if (pos > 0 || count < sizeof(env))
-@@ -326,7 +326,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -329,7 +329,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
* presence of FP.
*/
- if (cpu_has_xsave)
+ if (boot_cpu_has(X86_FEATURE_XSAVE))
- fpu->state.xsave.header.xfeatures |= XFEATURE_MASK_FP;
+ fpu->state->xsave.header.xfeatures |= XFEATURE_MASK_FP;
return ret;
@@ -27189,7 +27182,7 @@ index 31c6a60..523f27e 100644
} else {
sanitize_restored_xstate(tsk, &env, xfeatures, fx_only);
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
-index b48ef35..10f3b79 100644
+index 4ea2a59..bbecb39 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -122,14 +122,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures);
@@ -27336,7 +27329,7 @@ index d036cfb..cb4c991 100644
/* ALLOC_TRAMP flags lets us know we created it */
ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
-index 1f4422d..995e17d 100644
+index b72fb0b..7cb3f8a 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -62,12 +62,12 @@ again:
@@ -27390,7 +27383,7 @@ index 1f4422d..995e17d 100644
for (i = 0; i < NUM_EXCEPTION_VECTORS; i++)
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index af11129..e506d32 100644
+index 6f8902b..5d42150 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -27,6 +27,12 @@
@@ -27620,26 +27613,7 @@ index af11129..e506d32 100644
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -558,7 +650,7 @@ early_idt_handler_common:
- cmpl $2,(%esp) # X86_TRAP_NMI
- je .Lis_nmi # Ignore NMI
-
-- cmpl $2,%ss:early_recursion_flag
-+ cmpl $1,%ss:early_recursion_flag
- je hlt_loop
- incl %ss:early_recursion_flag
-
-@@ -596,8 +688,8 @@ early_idt_handler_common:
- pushl (20+6*4)(%esp) /* trapno */
- pushl $fault_msg
- call printk
--#endif
- call dump_stack
-+#endif
- hlt_loop:
- hlt
- jmp hlt_loop
-@@ -617,8 +709,11 @@ ENDPROC(early_idt_handler_common)
+@@ -608,8 +700,11 @@ ENDPROC(early_idt_handler_common)
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -27652,7 +27626,7 @@ index af11129..e506d32 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -627,9 +722,6 @@ ignore_int:
+@@ -618,9 +713,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -27662,7 +27636,7 @@ index af11129..e506d32 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -660,11 +752,8 @@ ENTRY(initial_code)
+@@ -655,11 +747,8 @@ ENTRY(initial_code)
ENTRY(setup_once_ref)
.long setup_once
@@ -27676,7 +27650,7 @@ index af11129..e506d32 100644
#ifdef CONFIG_X86_PAE
initial_pg_pmd:
.fill 1024*KPMDS,4,0
-@@ -677,15 +766,18 @@ initial_pg_fixmap:
+@@ -672,15 +761,18 @@ initial_pg_fixmap:
ENTRY(empty_zero_page)
.fill 4096,1,0
ENTRY(swapper_pg_dir)
@@ -27699,7 +27673,7 @@ index af11129..e506d32 100644
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -703,13 +795,21 @@ ENTRY(initial_page_table)
+@@ -698,13 +790,21 @@ ENTRY(initial_page_table)
# else
# error "Kernel PMDs should be 1, 2 or 3"
# endif
@@ -27723,7 +27697,7 @@ index af11129..e506d32 100644
__INITRODATA
int_msg:
-@@ -737,7 +837,7 @@ fault_msg:
+@@ -719,7 +819,7 @@ int_msg:
* segment size, and 32-bit linear address value:
*/
@@ -27732,7 +27706,7 @@ index af11129..e506d32 100644
.globl boot_gdt_descr
.globl idt_descr
-@@ -746,7 +846,7 @@ fault_msg:
+@@ -728,7 +828,7 @@ int_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -27741,7 +27715,7 @@ index af11129..e506d32 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -757,7 +857,7 @@ idt_descr:
+@@ -739,7 +839,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -27750,7 +27724,7 @@ index af11129..e506d32 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -766,5 +866,65 @@ ENTRY(early_gdt_descr)
+@@ -748,5 +848,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -27819,7 +27793,7 @@ index af11129..e506d32 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 22fbf9d..1137e22 100644
+index 5df831e..47801b0 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -27828,10 +27802,10 @@ index 22fbf9d..1137e22 100644
#include <asm/nops.h>
+#include <asm/cpufeatures.h>
+#include <asm/alternative-asm.h>
+ #include "../entry/calling.h"
#ifdef CONFIG_PARAVIRT
- #include <asm/asm-offsets.h>
-@@ -40,6 +42,12 @@
+@@ -41,6 +43,12 @@
L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET)
L4_START_KERNEL = pgd_index(__START_KERNEL_map)
L3_START_KERNEL = pud_index(__START_KERNEL_map)
@@ -27844,7 +27818,7 @@ index 22fbf9d..1137e22 100644
.text
__HEAD
-@@ -89,11 +97,36 @@ startup_64:
+@@ -98,11 +106,36 @@ startup_64:
* Fixup the physical addresses in the page table
*/
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
@@ -27883,7 +27857,7 @@ index 22fbf9d..1137e22 100644
/*
* Set up the identity mapping for the switchover. These
-@@ -177,11 +210,12 @@ ENTRY(secondary_startup_64)
+@@ -186,11 +219,12 @@ ENTRY(secondary_startup_64)
/* Sanitize CPU configuration */
call verify_cpu
@@ -27898,7 +27872,7 @@ index 22fbf9d..1137e22 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -202,10 +236,24 @@ ENTRY(secondary_startup_64)
+@@ -211,10 +245,24 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -27924,7 +27898,7 @@ index 22fbf9d..1137e22 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -285,6 +333,7 @@ ENTRY(secondary_startup_64)
+@@ -294,6 +342,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -27932,7 +27906,7 @@ index 22fbf9d..1137e22 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -318,7 +367,7 @@ ENDPROC(start_cpu0)
+@@ -327,7 +376,7 @@ ENDPROC(start_cpu0)
.quad INIT_PER_CPU_VAR(irq_stack_union)
GLOBAL(stack_start)
@@ -27941,24 +27915,7 @@ index 22fbf9d..1137e22 100644
.word 0
__FINITDATA
-@@ -398,7 +447,7 @@ early_idt_handler_common:
- call dump_stack
- #ifdef CONFIG_KALLSYMS
- leaq early_idt_ripmsg(%rip),%rdi
-- movq 40(%rsp),%rsi # %rip again
-+ movq 88(%rsp),%rsi # %rip again
- call __print_symbol
- #endif
- #endif /* EARLY_PRINTK */
-@@ -427,6 +476,7 @@ ENDPROC(early_idt_handler_common)
- early_recursion_flag:
- .long 0
-
-+ __READ_ONLY
- #ifdef CONFIG_EARLY_PRINTK
- early_idt_msg:
- .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -449,40 +499,70 @@ GLOBAL(name)
+@@ -416,40 +465,70 @@ GLOBAL(name)
__INITDATA
NEXT_PAGE(early_level4_pgt)
.fill 511,8,0
@@ -28041,7 +27998,7 @@ index 22fbf9d..1137e22 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -499,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -466,31 +545,79 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -28294,7 +28251,7 @@ index 61521dc..5ce5a37 100644
}
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 38da8f2..5653e36 100644
+index c627bf8..5653e36 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -23,6 +23,8 @@
@@ -28368,7 +28325,7 @@ index 38da8f2..5653e36 100644
return 1;
}
-@@ -109,32 +120,18 @@ static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
+@@ -109,23 +120,11 @@ static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
*/
void irq_ctx_init(int cpu)
{
@@ -28394,16 +28351,7 @@ index 38da8f2..5653e36 100644
}
void do_softirq_own_stack(void)
- {
-- struct thread_info *curstk;
- struct irq_stack *irqstk;
- u32 *isp, *prev_esp;
-
-- curstk = current_stack();
- irqstk = __this_cpu_read(softirq_stack);
-
- /* build the stack frame on the softirq stack */
-@@ -144,7 +141,16 @@ void do_softirq_own_stack(void)
+@@ -142,7 +141,16 @@ void do_softirq_own_stack(void)
prev_esp = (u32 *)irqstk;
*prev_esp = current_stack_pointer();
@@ -28443,10 +28391,10 @@ index 206d0b9..ecb677c 100644
panic("low stack detected by irq handler - check messages\n");
#endif
diff --git a/arch/x86/kernel/jump_label.c b/arch/x86/kernel/jump_label.c
-index e565e0e..fdfeb45 100644
+index fc25f69..d31d60c 100644
--- a/arch/x86/kernel/jump_label.c
+++ b/arch/x86/kernel/jump_label.c
-@@ -31,6 +31,8 @@ static void bug_at(unsigned char *ip, int line)
+@@ -32,6 +32,8 @@ static void bug_at(unsigned char *ip, int line)
* Something went wrong. Crash the box, as something could be
* corrupting the kernel.
*/
@@ -28455,7 +28403,7 @@ index e565e0e..fdfeb45 100644
pr_warning("Unexpected op at %pS [%p] (%02x %02x %02x %02x %02x) %s:%d\n",
ip, ip, ip[0], ip[1], ip[2], ip[3], ip[4], __FILE__, line);
BUG();
-@@ -51,7 +53,7 @@ static void __jump_label_transform(struct jump_entry *entry,
+@@ -52,7 +54,7 @@ static void __jump_label_transform(struct jump_entry *entry,
* Jump label is enabled for the first time.
* So we expect a default_nop...
*/
@@ -28464,7 +28412,7 @@ index e565e0e..fdfeb45 100644
!= 0))
bug_at((void *)entry->code, __LINE__);
} else {
-@@ -59,7 +61,7 @@ static void __jump_label_transform(struct jump_entry *entry,
+@@ -60,7 +62,7 @@ static void __jump_label_transform(struct jump_entry *entry,
* ...otherwise expect an ideal_nop. Otherwise
* something went horribly wrong.
*/
@@ -28473,7 +28421,7 @@ index e565e0e..fdfeb45 100644
!= 0))
bug_at((void *)entry->code, __LINE__);
}
-@@ -75,13 +77,13 @@ static void __jump_label_transform(struct jump_entry *entry,
+@@ -76,13 +78,13 @@ static void __jump_label_transform(struct jump_entry *entry,
* are converting the default nop to the ideal nop.
*/
if (init) {
@@ -28490,10 +28438,10 @@ index e565e0e..fdfeb45 100644
}
memcpy(&code, ideal_nops[NOP_ATOMIC5], JUMP_LABEL_NOP_SIZE);
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
-index 2da6ee9..fc0ca78 100644
+index 04cde52..8b2900b 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
-@@ -228,7 +228,10 @@ static void kgdb_correct_hw_break(void)
+@@ -229,7 +229,10 @@ static void kgdb_correct_hw_break(void)
bp->attr.bp_addr = breakinfo[breakno].addr;
bp->attr.bp_len = breakinfo[breakno].len;
bp->attr.bp_type = breakinfo[breakno].type;
@@ -28505,7 +28453,7 @@ index 2da6ee9..fc0ca78 100644
info->len = breakinfo[breakno].len;
info->type = breakinfo[breakno].type;
val = arch_install_hw_breakpoint(bp);
-@@ -475,12 +478,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
+@@ -476,12 +479,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
case 'k':
/* clear the trace bit */
linux_regs->flags &= ~X86_EFLAGS_TF;
@@ -28520,7 +28468,7 @@ index 2da6ee9..fc0ca78 100644
raw_smp_processor_id());
}
-@@ -550,7 +553,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
+@@ -551,7 +554,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
switch (cmd) {
case DIE_DEBUG:
@@ -28529,7 +28477,7 @@ index 2da6ee9..fc0ca78 100644
if (user_mode(regs))
return single_step_cont(regs, args);
break;
-@@ -753,11 +756,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
+@@ -754,11 +757,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
char opc[BREAK_INSTR_SIZE];
bpt->type = BP_BREAKPOINT;
@@ -28543,7 +28491,7 @@ index 2da6ee9..fc0ca78 100644
arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE);
if (!err)
return err;
-@@ -769,7 +772,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
+@@ -770,7 +773,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
return -EBUSY;
text_poke((void *)bpt->bpt_addr, arch_kgdb_ops.gdb_bpt_instr,
BREAK_INSTR_SIZE);
@@ -28552,7 +28500,7 @@ index 2da6ee9..fc0ca78 100644
if (err)
return err;
if (memcmp(opc, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE))
-@@ -793,13 +796,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
+@@ -794,13 +797,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
if (mutex_is_locked(&text_mutex))
goto knl_write;
text_poke((void *)bpt->bpt_addr, bpt->saved_instr, BREAK_INSTR_SIZE);
@@ -28569,10 +28517,10 @@ index 2da6ee9..fc0ca78 100644
}
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
-index 44bcd57..044428a 100644
+index 7847e5c..cec50fd 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
-@@ -121,9 +121,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
+@@ -122,9 +122,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
s32 raddr;
} __packed *insn;
@@ -28586,7 +28534,7 @@ index 44bcd57..044428a 100644
}
/* Insert a jump instruction at address 'from', which jumps to address 'to'.*/
-@@ -169,7 +172,7 @@ int can_boost(kprobe_opcode_t *opcodes)
+@@ -170,7 +173,7 @@ int can_boost(kprobe_opcode_t *opcodes)
kprobe_opcode_t opcode;
kprobe_opcode_t *orig_opcodes = opcodes;
@@ -28595,7 +28543,7 @@ index 44bcd57..044428a 100644
return 0; /* Page fault may occur on this address. */
retry:
-@@ -261,12 +264,12 @@ __recover_probed_insn(kprobe_opcode_t *buf, unsigned long addr)
+@@ -262,12 +265,12 @@ __recover_probed_insn(kprobe_opcode_t *buf, unsigned long addr)
* Fortunately, we know that the original code is the ideal 5-byte
* long NOP.
*/
@@ -28610,7 +28558,7 @@ index 44bcd57..044428a 100644
}
/*
-@@ -368,7 +371,9 @@ int __copy_instruction(u8 *dest, u8 *src)
+@@ -369,7 +372,9 @@ int __copy_instruction(u8 *dest, u8 *src)
/* Another subsystem puts a breakpoint, failed to recover */
if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
return 0;
@@ -28620,7 +28568,7 @@ index 44bcd57..044428a 100644
#ifdef CONFIG_X86_64
if (insn_rip_relative(&insn)) {
-@@ -395,7 +400,9 @@ int __copy_instruction(u8 *dest, u8 *src)
+@@ -396,7 +401,9 @@ int __copy_instruction(u8 *dest, u8 *src)
return 0;
}
disp = (u8 *) dest + insn_offset_displacement(&insn);
@@ -28630,7 +28578,7 @@ index 44bcd57..044428a 100644
}
#endif
return length;
-@@ -537,7 +544,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
+@@ -538,7 +545,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
* nor set current_kprobe, because it doesn't use single
* stepping.
*/
@@ -28639,7 +28587,7 @@ index 44bcd57..044428a 100644
preempt_enable_no_resched();
return;
}
-@@ -554,9 +561,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
+@@ -555,9 +562,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
regs->flags &= ~X86_EFLAGS_IF;
/* single step inline if the instruction is an int3 */
if (p->opcode == BREAKPOINT_INSTRUCTION)
@@ -28651,7 +28599,7 @@ index 44bcd57..044428a 100644
}
NOKPROBE_SYMBOL(setup_singlestep);
-@@ -641,7 +648,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
+@@ -642,7 +649,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
setup_singlestep(p, regs, kcb, 0);
return 1;
}
@@ -28660,7 +28608,7 @@ index 44bcd57..044428a 100644
/*
* The breakpoint instruction was removed right
* after we hit it. Another cpu has removed
-@@ -687,6 +694,9 @@ asm(
+@@ -688,6 +695,9 @@ asm(
" movq %rax, 152(%rsp)\n"
RESTORE_REGS_STRING
" popfq\n"
@@ -28670,7 +28618,7 @@ index 44bcd57..044428a 100644
#else
" pushf\n"
SAVE_REGS_STRING
-@@ -828,7 +838,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
+@@ -829,7 +839,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
struct kprobe_ctlblk *kcb)
{
unsigned long *tos = stack_addr(regs);
@@ -28680,10 +28628,10 @@ index 44bcd57..044428a 100644
kprobe_opcode_t *insn = p->ainsn.insn;
diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c
-index 7b3b9d1..e2478b91 100644
+index 4425f59..34a112f 100644
--- a/arch/x86/kernel/kprobes/opt.c
+++ b/arch/x86/kernel/kprobes/opt.c
-@@ -79,6 +79,7 @@ found:
+@@ -80,6 +80,7 @@ found:
/* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */
static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
{
@@ -28691,7 +28639,7 @@ index 7b3b9d1..e2478b91 100644
#ifdef CONFIG_X86_64
*addr++ = 0x48;
*addr++ = 0xbf;
-@@ -86,6 +87,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
+@@ -87,6 +88,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
*addr++ = 0xb8;
#endif
*(unsigned long *)addr = val;
@@ -28699,7 +28647,7 @@ index 7b3b9d1..e2478b91 100644
}
asm (
-@@ -342,7 +344,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
+@@ -343,7 +345,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
* Verify if the address gap is in 2GB range, because this uses
* a relative jump.
*/
@@ -28708,13 +28656,13 @@ index 7b3b9d1..e2478b91 100644
if (abs(rel) > 0x7fffffff) {
__arch_remove_optimized_kprobe(op, 0);
return -ERANGE;
-@@ -359,16 +361,18 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
+@@ -360,16 +362,18 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
op->optinsn.size = ret;
/* Copy arch-dep-instance from template */
- memcpy(buf, &optprobe_template_entry, TMPL_END_IDX);
+ pax_open_kernel();
-+ memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX);
++ memcpy(buf, (u8 *)ktla_ktva((unsigned long)&optprobe_template_entry), TMPL_END_IDX);
+ pax_close_kernel();
/* Set probe information */
@@ -28722,24 +28670,24 @@ index 7b3b9d1..e2478b91 100644
/* Set probe function call */
- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback);
-+ synthesize_relcall(ktva_ktla(buf) + TMPL_CALL_IDX, optimized_callback);
++ synthesize_relcall((u8 *)ktva_ktla((unsigned long)buf) + TMPL_CALL_IDX, optimized_callback);
/* Set returning jmp instruction at the tail of out-of-line buffer */
- synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size,
-+ synthesize_reljump(ktva_ktla(buf) + TMPL_END_IDX + op->optinsn.size,
++ synthesize_reljump((u8 *)ktva_ktla((unsigned long)buf) + TMPL_END_IDX + op->optinsn.size,
(u8 *)op->kp.addr + op->optinsn.size);
flush_icache_range((unsigned long) buf,
-@@ -393,7 +397,7 @@ void arch_optimize_kprobes(struct list_head *oplist)
+@@ -394,7 +398,7 @@ void arch_optimize_kprobes(struct list_head *oplist)
WARN_ON(kprobe_disabled(&op->kp));
/* Backup instructions which will be replaced by jump address */
- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE,
-+ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE,
++ memcpy(op->optinsn.copied_insn, (u8 *)ktla_ktva((unsigned long)op->kp.addr) + INT3_SIZE,
RELATIVE_ADDR_SIZE);
insn_buf[0] = RELATIVEJUMP_OPCODE;
-@@ -441,7 +445,7 @@ int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
+@@ -442,7 +446,7 @@ int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
/* This kprobe is really able to run optimized path. */
op = container_of(p, struct optimized_kprobe, kp);
/* Detour through copied instructions */
@@ -28762,10 +28710,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index 8079508..b34be72 100644
+index eea2a6f..4e97ff3 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
-@@ -554,7 +554,7 @@ static uint32_t __init kvm_detect(void)
+@@ -546,7 +546,7 @@ static uint32_t __init kvm_detect(void)
return kvm_cpuid_base();
}
@@ -28930,33 +28878,6 @@ index 6707039..254f32c 100644
switch (func) {
case 0:
ret = read_ldt(ptr, bytecount);
-diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c
-index 92fc1a5..478b427 100644
---- a/arch/x86/kernel/livepatch.c
-+++ b/arch/x86/kernel/livepatch.c
-@@ -38,8 +38,10 @@ int klp_write_module_reloc(struct module *mod, unsigned long type,
- {
- size_t size = 4;
- unsigned long val;
-- unsigned long core = (unsigned long)mod->core_layout.base;
-- unsigned long core_size = mod->core_layout.size;
-+ unsigned long core_rx = (unsigned long)mod->core_layout.base_rx;
-+ unsigned long core_rw = (unsigned long)mod->core_layout.base_rw;
-+ unsigned long core_size_rx = mod->core_layout.size_rx;
-+ unsigned long core_size_rw = mod->core_layout.size_rw;
-
- switch (type) {
- case R_X86_64_NONE:
-@@ -62,7 +64,8 @@ int klp_write_module_reloc(struct module *mod, unsigned long type,
- return -EINVAL;
- }
-
-- if (loc < core || loc >= core + core_size)
-+ if ((loc < core_rx || loc >= core_rx + core_size_rx) &&
-+ (loc < core_rw || loc >= core_rw + core_size_rw))
- /* loc does not point to any symbol inside the module */
- return -EINVAL;
-
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 469b23d..5449cfe 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -28989,7 +28910,7 @@ index 469b23d..5449cfe 100644
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
-index ed48a9f..23a6a8f 100644
+index 61924222..0e4856e 100644
--- a/arch/x86/kernel/mcount_64.S
+++ b/arch/x86/kernel/mcount_64.S
@@ -7,7 +7,7 @@
@@ -29012,12 +28933,12 @@ index ed48a9f..23a6a8f 100644
ENTRY(ftrace_caller)
/* save_mcount_regs fills in first two parameters */
-@@ -182,9 +183,10 @@ GLOBAL(ftrace_graph_call)
- jmp ftrace_stub
+@@ -183,9 +184,10 @@ GLOBAL(ftrace_graph_call)
#endif
--GLOBAL(ftrace_stub)
-+RAP_ENTRY(ftrace_stub)
+ /* This is weak to keep gas from relaxing the jumps */
+-WEAK(ftrace_stub)
++RAP_WEAK(ftrace_stub)
+ pax_force_retaddr
retq
-END(ftrace_caller)
@@ -29025,7 +28946,7 @@ index ed48a9f..23a6a8f 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before any operations that can change them */
-@@ -255,7 +257,7 @@ GLOBAL(ftrace_regs_caller_end)
+@@ -256,7 +258,7 @@ GLOBAL(ftrace_regs_caller_end)
jmp ftrace_epilogue
@@ -29034,7 +28955,7 @@ index ed48a9f..23a6a8f 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -274,6 +276,7 @@ fgraph_trace:
+@@ -275,6 +277,7 @@ fgraph_trace:
#endif
GLOBAL(ftrace_stub)
@@ -29042,7 +28963,7 @@ index ed48a9f..23a6a8f 100644
retq
trace:
-@@ -286,12 +289,13 @@ trace:
+@@ -287,12 +290,13 @@ trace:
* ip and parent ip are used and the list function is called when
* function tracing is enabled.
*/
@@ -29057,7 +28978,7 @@ index ed48a9f..23a6a8f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -313,8 +317,9 @@ ENTRY(ftrace_graph_caller)
+@@ -314,8 +318,9 @@ ENTRY(ftrace_graph_caller)
restore_mcount_regs
@@ -29068,7 +28989,7 @@ index ed48a9f..23a6a8f 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -330,5 +335,7 @@ GLOBAL(return_to_handler)
+@@ -331,5 +336,7 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -29077,10 +28998,10 @@ index ed48a9f..23a6a8f 100644
+ENDPROC(return_to_handler)
#endif
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
-index 005c03e..7000fe4 100644
+index 477ae80..c8e40a3 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
-@@ -75,17 +75,17 @@ static unsigned long int get_module_load_offset(void)
+@@ -76,17 +76,17 @@ static unsigned long int get_module_load_offset(void)
}
#endif
@@ -29102,7 +29023,7 @@ index 005c03e..7000fe4 100644
__builtin_return_address(0));
if (p && (kasan_module_alloc(p, size) < 0)) {
vfree(p);
-@@ -95,6 +95,51 @@ void *module_alloc(unsigned long size)
+@@ -96,6 +96,51 @@ void *module_alloc(unsigned long size)
return p;
}
@@ -29154,7 +29075,7 @@ index 005c03e..7000fe4 100644
#ifdef CONFIG_X86_32
int apply_relocate(Elf32_Shdr *sechdrs,
const char *strtab,
-@@ -105,14 +150,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -106,14 +151,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
unsigned int i;
Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
Elf32_Sym *sym;
@@ -29174,7 +29095,7 @@ index 005c03e..7000fe4 100644
/* This is the symbol it is referring to. Note that all
undefined symbols have been resolved. */
sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
-@@ -121,11 +168,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -122,11 +169,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
switch (ELF32_R_TYPE(rel[i].r_info)) {
case R_386_32:
/* We add the value into the location given */
@@ -29192,7 +29113,7 @@ index 005c03e..7000fe4 100644
break;
default:
pr_err("%s: Unknown relocation: %u\n",
-@@ -170,21 +221,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
+@@ -171,21 +222,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
case R_X86_64_NONE:
break;
case R_X86_64_64:
@@ -29430,7 +29351,7 @@ index 33ee3e0..6d23e5c 100644
#endif /* SMP */
};
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
-index f08ac28..4599189 100644
+index 7b3b3f2..68b5f72 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -64,6 +64,9 @@ u64 _paravirt_ident_64(u64 x)
@@ -29483,9 +29404,9 @@ index f08ac28..4599189 100644
-struct pv_info pv_info = {
+struct pv_info pv_info __read_only = {
.name = "bare hardware",
- .paravirt_enabled = 0,
.kernel_rpl = 0,
-@@ -303,16 +310,16 @@ struct pv_info pv_info = {
+ .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
+@@ -302,16 +309,16 @@ struct pv_info pv_info = {
#endif
};
@@ -29505,7 +29426,7 @@ index f08ac28..4599189 100644
.save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
.restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
.irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
-@@ -324,7 +331,23 @@ __visible struct pv_irq_ops pv_irq_ops = {
+@@ -323,7 +330,23 @@ __visible struct pv_irq_ops pv_irq_ops = {
#endif
};
@@ -29530,7 +29451,7 @@ index f08ac28..4599189 100644
.cpuid = native_cpuid,
.get_debugreg = native_get_debugreg,
.set_debugreg = native_set_debugreg,
-@@ -356,8 +379,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
+@@ -357,8 +380,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
.write_gdt_entry = native_write_gdt_entry,
.write_idt_entry = native_write_idt_entry,
@@ -29541,7 +29462,7 @@ index f08ac28..4599189 100644
.load_sp0 = native_load_sp0,
-@@ -370,8 +393,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
+@@ -371,8 +394,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
.set_iopl_mask = native_set_iopl_mask,
.io_delay = native_io_delay,
@@ -29552,7 +29473,7 @@ index f08ac28..4599189 100644
};
/* At this point, native_get/set_debugreg has real function entries */
-@@ -379,15 +402,64 @@ NOKPROBE_SYMBOL(native_get_debugreg);
+@@ -380,15 +403,64 @@ NOKPROBE_SYMBOL(native_get_debugreg);
NOKPROBE_SYMBOL(native_set_debugreg);
NOKPROBE_SYMBOL(native_load_idt);
@@ -29619,7 +29540,7 @@ index f08ac28..4599189 100644
.read_cr2 = native_read_cr2,
.write_cr2 = native_write_cr2,
-@@ -400,20 +472,20 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -401,20 +473,20 @@ struct pv_mmu_ops pv_mmu_ops = {
.flush_tlb_others = native_flush_tlb_others,
.pgd_alloc = __paravirt_pgd_alloc,
@@ -29648,7 +29569,7 @@ index f08ac28..4599189 100644
.ptep_modify_prot_start = __ptep_modify_prot_start,
.ptep_modify_prot_commit = __ptep_modify_prot_commit,
-@@ -434,6 +506,7 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -435,6 +507,7 @@ struct pv_mmu_ops pv_mmu_ops = {
.make_pud = PTE_IDENT,
.set_pgd = native_set_pgd,
@@ -29656,7 +29577,7 @@ index f08ac28..4599189 100644
#endif
#endif /* CONFIG_PGTABLE_LEVELS >= 3 */
-@@ -443,9 +516,9 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -444,9 +517,9 @@ struct pv_mmu_ops pv_mmu_ops = {
.make_pte = PTE_IDENT,
.make_pgd = PTE_IDENT,
@@ -29669,7 +29590,7 @@ index f08ac28..4599189 100644
.lazy_mode = {
.enter = paravirt_nop,
-@@ -454,6 +527,12 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -455,6 +528,12 @@ struct pv_mmu_ops pv_mmu_ops = {
},
.set_fixmap = native_set_fixmap,
@@ -29724,7 +29645,7 @@ index 833b1d3..f839e8b 100644
}
}
diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c
-index 35ccf75..7a15747 100644
+index f712dfd..0172a75 100644
--- a/arch/x86/kernel/pci-iommu_table.c
+++ b/arch/x86/kernel/pci-iommu_table.c
@@ -2,7 +2,7 @@
@@ -29750,7 +29671,7 @@ index 7c577a1..3557b10 100644
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 2915d54..8e43324 100644
+index 96becbb..a18444b 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -15,6 +15,7 @@
@@ -29820,7 +29741,7 @@ index 2915d54..8e43324 100644
/*
* Free current thread data structures etc..
*/
-@@ -105,7 +127,7 @@ void exit_thread(void)
+@@ -104,7 +126,7 @@ void exit_thread(struct task_struct *tsk)
struct fpu *fpu = &t->fpu;
if (bp) {
@@ -29829,7 +29750,7 @@ index 2915d54..8e43324 100644
t->io_bitmap_ptr = NULL;
clear_thread_flag(TIF_IO_BITMAP);
-@@ -127,6 +149,9 @@ void flush_thread(void)
+@@ -126,6 +148,9 @@ void flush_thread(void)
{
struct task_struct *tsk = current;
@@ -29839,7 +29760,7 @@ index 2915d54..8e43324 100644
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
-@@ -268,7 +293,7 @@ static void __exit_idle(void)
+@@ -267,7 +292,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
@@ -29848,7 +29769,7 @@ index 2915d54..8e43324 100644
return;
__exit_idle();
}
-@@ -321,7 +346,7 @@ bool xen_set_default_idle(void)
+@@ -320,7 +345,7 @@ bool xen_set_default_idle(void)
return ret;
}
#endif
@@ -29857,7 +29778,7 @@ index 2915d54..8e43324 100644
{
local_irq_disable();
/*
-@@ -499,13 +524,6 @@ static int __init idle_setup(char *str)
+@@ -498,13 +523,6 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -29871,7 +29792,7 @@ index 2915d54..8e43324 100644
unsigned long arch_randomize_brk(struct mm_struct *mm)
{
unsigned long range_end = mm->brk + 0x02000000;
-@@ -537,9 +555,7 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -536,9 +554,7 @@ unsigned long get_wchan(struct task_struct *p)
* PADDING
* ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
* stack
@@ -29882,7 +29803,7 @@ index 2915d54..8e43324 100644
*
* The tasks stack pointer points at the location where the
* framepointer is stored. The data on the stack is:
-@@ -550,7 +566,7 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -549,7 +565,7 @@ unsigned long get_wchan(struct task_struct *p)
*/
top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
top -= 2 * sizeof(unsigned long);
@@ -29891,7 +29812,7 @@ index 2915d54..8e43324 100644
sp = READ_ONCE(p->thread.sp);
if (sp < bottom || sp > top)
-@@ -567,3 +583,35 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -566,3 +582,35 @@ unsigned long get_wchan(struct task_struct *p)
} while (count++ < 16 && p->state != TASK_RUNNING);
return 0;
}
@@ -30027,10 +29948,10 @@ index 9f95091..6885108 100644
return prev_p;
}
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 6cbab31..2fd4ca3 100644
+index 6e789ca..7c4bae4 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
-@@ -162,9 +162,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+@@ -143,9 +143,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
@@ -30042,8 +29963,8 @@ index 6cbab31..2fd4ca3 100644
set_tsk_thread_flag(p, TIF_FORK);
p->thread.io_bitmap_ptr = NULL;
-@@ -174,6 +175,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
- p->thread.fs = p->thread.fsindex ? 0 : me->thread.fs;
+@@ -155,6 +156,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+ p->thread.fsbase = p->thread.fsindex ? 0 : me->thread.fsbase;
savesegment(es, p->thread.es);
savesegment(ds, p->thread.ds);
+ savesegment(ss, p->thread.ss);
@@ -30051,16 +29972,16 @@ index 6cbab31..2fd4ca3 100644
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
if (unlikely(p->flags & PF_KTHREAD)) {
-@@ -281,7 +284,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -262,7 +265,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct fpu *prev_fpu = &prev->fpu;
struct fpu *next_fpu = &next->fpu;
int cpu = smp_processor_id();
- struct tss_struct *tss = &per_cpu(cpu_tss, cpu);
+ struct tss_struct *tss = cpu_tss + cpu;
- unsigned fsindex, gsindex;
+ unsigned prev_fsindex, prev_gsindex;
fpu_switch_t fpu_switch;
-@@ -332,6 +335,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -313,6 +316,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
if (unlikely(next->ds | prev->ds))
loadsegment(ds, next->ds);
@@ -30071,7 +29992,7 @@ index 6cbab31..2fd4ca3 100644
/*
* Switch FS and GS.
*
-@@ -403,10 +410,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -422,10 +429,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
* Switch the PDA and FPU contexts.
*/
this_cpu_write(current_task, next_p);
@@ -30086,7 +30007,7 @@ index 6cbab31..2fd4ca3 100644
* Now maybe reload the debug registers and handle I/O bitmaps
*/
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 32e9d9c..afd5732 100644
+index 600edd2..d514c66 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -169,10 +169,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -30102,8 +30023,8 @@ index 32e9d9c..afd5732 100644
if (prev_esp)
return (unsigned long)prev_esp;
-@@ -429,6 +429,20 @@ static int putreg(struct task_struct *child,
- if (child->thread.gs != value)
+@@ -411,6 +411,20 @@ static int putreg(struct task_struct *child,
+ if (child->thread.gsbase != value)
return do_arch_prctl(child, ARCH_SET_GS, value);
return 0;
+
@@ -30123,7 +30044,7 @@ index 32e9d9c..afd5732 100644
#endif
}
-@@ -565,7 +579,7 @@ static void ptrace_triggered(struct perf_event *bp,
+@@ -533,7 +547,7 @@ static void ptrace_triggered(struct perf_event *bp,
static unsigned long ptrace_get_dr7(struct perf_event *bp[])
{
int i;
@@ -30132,7 +30053,7 @@ index 32e9d9c..afd5732 100644
struct arch_hw_breakpoint *info;
for (i = 0; i < HBP_NUM; i++) {
-@@ -799,7 +813,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -767,7 +781,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -30141,7 +30062,7 @@ index 32e9d9c..afd5732 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -884,14 +898,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -852,14 +866,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -30158,7 +30079,7 @@ index 32e9d9c..afd5732 100644
break;
#endif
-@@ -1279,7 +1293,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+@@ -1247,7 +1261,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64
@@ -30167,7 +30088,7 @@ index 32e9d9c..afd5732 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long),
-@@ -1320,7 +1334,7 @@ static const struct user_regset_view user_x86_64_view = {
+@@ -1288,7 +1302,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
@@ -30176,7 +30097,7 @@ index 32e9d9c..afd5732 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32),
-@@ -1373,7 +1387,7 @@ static const struct user_regset_view user_x86_32_view = {
+@@ -1341,7 +1355,7 @@ static const struct user_regset_view user_x86_32_view = {
*/
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
@@ -30185,7 +30106,7 @@ index 32e9d9c..afd5732 100644
{
#ifdef CONFIG_X86_64
x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-@@ -1408,7 +1422,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1376,7 +1390,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -30195,7 +30116,7 @@ index 32e9d9c..afd5732 100644
void user_single_step_siginfo(struct task_struct *tsk,
diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c
-index 99bfc02..c85b4c4 100644
+index 06c58ce..8f89e99 100644
--- a/arch/x86/kernel/pvclock.c
+++ b/arch/x86/kernel/pvclock.c
@@ -51,11 +51,11 @@ void pvclock_touch_watchdogs(void)
@@ -30212,7 +30133,7 @@ index 99bfc02..c85b4c4 100644
}
u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src)
-@@ -105,11 +105,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
+@@ -112,11 +112,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
* updating at the same time, and one of them could be slightly behind,
* making the assumption that last_value always go forward fail to hold.
*/
@@ -30227,7 +30148,7 @@ index 99bfc02..c85b4c4 100644
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index ab0adc0..502dfc2 100644
+index a9b31eb..71706d1 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -70,6 +70,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d)
@@ -30291,7 +30212,7 @@ index ab0adc0..502dfc2 100644
{
int i;
int attempt = 0;
-@@ -639,13 +666,13 @@ void native_machine_shutdown(void)
+@@ -648,13 +675,13 @@ void native_machine_shutdown(void)
#endif
}
@@ -30307,7 +30228,7 @@ index ab0adc0..502dfc2 100644
{
pr_notice("machine restart\n");
-@@ -654,7 +681,7 @@ static void native_machine_restart(char *__unused)
+@@ -663,7 +690,7 @@ static void native_machine_restart(char *__unused)
__machine_emergency_restart(0);
}
@@ -30316,7 +30237,7 @@ index ab0adc0..502dfc2 100644
{
/* Stop other cpus and apics */
machine_shutdown();
-@@ -664,7 +691,7 @@ static void native_machine_halt(void)
+@@ -673,7 +700,7 @@ static void native_machine_halt(void)
stop_this_cpu(NULL);
}
@@ -30325,7 +30246,7 @@ index ab0adc0..502dfc2 100644
{
if (pm_power_off) {
if (!reboot_force)
-@@ -673,9 +700,10 @@ static void native_machine_power_off(void)
+@@ -682,9 +709,10 @@ static void native_machine_power_off(void)
}
/* A fallback in case there is no PM info available */
tboot_shutdown(TB_SHUTDOWN_HALT);
@@ -30365,7 +30286,7 @@ index 98111b3..73ca125 100644
identity_mapped:
/* set return address to 0 if not preserving context */
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 2367ae0..2d1264d 100644
+index c4e7b39..429c9b9 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -113,6 +113,7 @@
@@ -30392,7 +30313,7 @@ index 2367ae0..2d1264d 100644
#endif
/* Boot loader ID and version as integers, for the benefit of proc_dointvec */
-@@ -759,7 +762,7 @@ static void __init trim_bios_range(void)
+@@ -767,7 +770,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -30401,7 +30322,7 @@ index 2367ae0..2d1264d 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -767,7 +770,7 @@ static void __init trim_bios_range(void)
+@@ -775,7 +778,7 @@ static void __init trim_bios_range(void)
/* called before trim_bios_range() to spare extra sanitize */
static void __init e820_add_kernel_range(void)
{
@@ -30410,7 +30331,7 @@ index 2367ae0..2d1264d 100644
u64 size = __pa_symbol(_end) - start;
/*
-@@ -848,8 +851,8 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
+@@ -856,8 +859,8 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
void __init setup_arch(char **cmdline_p)
{
@@ -30421,7 +30342,7 @@ index 2367ae0..2d1264d 100644
early_reserve_initrd();
-@@ -942,16 +945,16 @@ void __init setup_arch(char **cmdline_p)
+@@ -950,16 +953,16 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -30521,7 +30442,7 @@ index e4fcb87..9c06c55 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 548ddf7..9b53e78 100644
+index 22cc2f9..249765f 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -226,7 +226,7 @@ static unsigned long align_sigframe(unsigned long sp)
@@ -30533,7 +30454,7 @@ index 548ddf7..9b53e78 100644
#else /* !CONFIG_X86_32 */
sp = round_down(sp, 16) - 8;
#endif
-@@ -335,10 +335,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -334,10 +334,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
}
if (current->mm->context.vdso)
@@ -30546,7 +30467,7 @@ index 548ddf7..9b53e78 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
-@@ -352,7 +351,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -351,7 +350,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -30555,7 +30476,7 @@ index 548ddf7..9b53e78 100644
if (err)
return -EFAULT;
-@@ -399,8 +398,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -398,8 +397,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
save_altstack_ex(&frame->uc.uc_stack, regs->sp);
/* Set up to return from userspace. */
@@ -30568,7 +30489,7 @@ index 548ddf7..9b53e78 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
put_user_ex(restorer, &frame->pretcode);
-@@ -412,7 +413,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -411,7 +412,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -30577,7 +30498,7 @@ index 548ddf7..9b53e78 100644
} put_user_catch(err);
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
-@@ -682,7 +683,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -681,7 +682,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
{
int usig = ksig->sig;
sigset_t *set = sigmask_to_save();
@@ -30591,7 +30512,7 @@ index 548ddf7..9b53e78 100644
/* Set up the stack frame */
if (is_ia32_frame()) {
-@@ -693,7 +699,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -692,7 +698,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
} else if (is_x32_frame()) {
return x32_setup_rt_frame(ksig, cset, regs);
} else {
@@ -30614,7 +30535,7 @@ index 658777c..6285f88 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 0e4329e..286c7ca 100644
+index fafe8b9..d6ee9af 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -221,14 +221,17 @@ static void notrace start_secondary(void *unused)
@@ -31009,7 +30930,7 @@ index 10e0272..a73232f 100644
if (!(addr & ~PAGE_MASK))
return addr;
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
-index e72a07f..b67cc32 100644
+index 9b0185f..7776af1 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -44,6 +44,7 @@
@@ -31020,7 +30941,7 @@ index e72a07f..b67cc32 100644
#include "../realmode/rm/wakeup.h"
-@@ -151,6 +152,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn,
+@@ -145,6 +146,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn,
if (!tboot_pg_dir)
return -1;
@@ -31031,7 +30952,7 @@ index e72a07f..b67cc32 100644
for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) {
if (map_tboot_page(vaddr, start_pfn, PAGE_KERNEL_EXEC))
return -1;
-@@ -221,8 +226,6 @@ static int tboot_setup_sleep(void)
+@@ -215,8 +220,6 @@ static int tboot_setup_sleep(void)
void tboot_shutdown(u32 shutdown_type)
{
@@ -31040,7 +30961,7 @@ index e72a07f..b67cc32 100644
if (!tboot_enabled())
return;
-@@ -242,9 +245,12 @@ void tboot_shutdown(u32 shutdown_type)
+@@ -236,9 +239,12 @@ void tboot_shutdown(u32 shutdown_type)
tboot->shutdown_type = shutdown_type;
switch_to_tboot_pt();
@@ -31055,7 +30976,7 @@ index e72a07f..b67cc32 100644
/* should not reach here */
while (1)
-@@ -310,7 +316,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+@@ -304,7 +310,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
return -ENODEV;
}
@@ -31064,7 +30985,7 @@ index e72a07f..b67cc32 100644
static int tboot_wait_for_aps(int num_aps)
{
-@@ -334,9 +340,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action,
+@@ -328,9 +334,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action,
{
switch (action) {
case CPU_DYING:
@@ -31076,7 +30997,7 @@ index e72a07f..b67cc32 100644
return NOTIFY_BAD;
break;
}
-@@ -422,7 +428,7 @@ static __init int tboot_late_init(void)
+@@ -416,7 +422,7 @@ static __init int tboot_late_init(void)
tboot_create_trampoline();
@@ -31117,10 +31038,10 @@ index d39c091..1df4349 100644
return pc;
}
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
-index 7fc5e84..c6e445a 100644
+index 9692a5e..aea9fa5 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
-@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
+@@ -140,6 +140,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
return -EINVAL;
@@ -31131,8 +31052,8 @@ index 7fc5e84..c6e445a 100644
+
set_tls_desc(p, idx, &info, 1);
- return 0;
-@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
+ /*
+@@ -298,7 +303,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
if (kbuf)
info = kbuf;
@@ -31160,10 +31081,10 @@ index 1c113db..287b42e 100644
static int trace_irq_vector_refcount;
static DEFINE_MUTEX(irq_vector_mutex);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 87bd6b6..8f46fc9 100644
+index 00f03d8..94ee9fc 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
-@@ -70,7 +70,7 @@
+@@ -71,7 +71,7 @@
#include <asm/proto.h>
/* No need to be aligned, but done to keep all IDTs defined the same way. */
@@ -31172,7 +31093,7 @@ index 87bd6b6..8f46fc9 100644
#else
#include <asm/processor-flags.h>
#include <asm/setup.h>
-@@ -78,7 +78,7 @@ gate_desc debug_idt_table[NR_VECTORS] __page_aligned_bss;
+@@ -79,7 +79,7 @@ gate_desc debug_idt_table[NR_VECTORS] __page_aligned_bss;
#endif
/* Must be page-aligned because the real IDT is used in a fixmap. */
@@ -31181,16 +31102,7 @@ index 87bd6b6..8f46fc9 100644
DECLARE_BITMAP(used_vectors, NR_VECTORS);
EXPORT_SYMBOL_GPL(used_vectors);
-@@ -151,7 +151,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
- * will catch asm bugs and any attempt to use ist_preempt_enable
- * from double_fault.
- */
-- BUG_ON((unsigned long)(current_top_of_stack() -
-+ BUG_ON((unsigned long)(current_top_of_stack(smp_processor_id()) -
- current_stack_pointer()) >= THREAD_SIZE);
-
- preempt_enable_no_resched();
-@@ -168,7 +168,7 @@ void ist_end_non_atomic(void)
+@@ -169,7 +169,7 @@ void ist_end_non_atomic(void)
}
static nokprobe_inline int
@@ -31199,7 +31111,7 @@ index 87bd6b6..8f46fc9 100644
struct pt_regs *regs, long error_code)
{
if (v8086_mode(regs)) {
-@@ -188,8 +188,25 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
+@@ -189,8 +189,25 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
if (!fixup_exception(regs, trapnr)) {
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = trapnr;
@@ -31225,7 +31137,7 @@ index 87bd6b6..8f46fc9 100644
return 0;
}
-@@ -228,7 +245,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr,
+@@ -229,7 +246,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr,
}
static void
@@ -31234,7 +31146,7 @@ index 87bd6b6..8f46fc9 100644
long error_code, siginfo_t *info)
{
struct task_struct *tsk = current;
-@@ -251,7 +268,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
+@@ -252,7 +269,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
printk_ratelimit()) {
pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx",
@@ -31243,7 +31155,7 @@ index 87bd6b6..8f46fc9 100644
regs->ip, regs->sp, error_code);
print_vma_addr(" in ", regs->ip);
pr_cont("\n");
-@@ -331,6 +348,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
+@@ -332,6 +349,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_DF;
@@ -31255,7 +31167,7 @@ index 87bd6b6..8f46fc9 100644
#ifdef CONFIG_DOUBLEFAULT
df_debug(regs, error_code);
#endif
-@@ -443,11 +465,35 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -444,11 +466,35 @@ do_general_protection(struct pt_regs *regs, long error_code)
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
if (notify_die(DIE_GPF, "general protection fault", regs, error_code,
@@ -31292,7 +31204,7 @@ index 87bd6b6..8f46fc9 100644
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
-@@ -545,6 +591,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
+@@ -546,6 +592,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
container_of(task_pt_regs(current),
struct bad_iret_stack, regs);
@@ -31302,7 +31214,7 @@ index 87bd6b6..8f46fc9 100644
/* Copy the IRET target to the new stack. */
memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8);
-@@ -716,7 +765,7 @@ exit:
+@@ -717,7 +766,7 @@ exit:
* This is the most likely code path that involves non-trivial use
* of the SYSENTER stack. Check that we haven't overrun it.
*/
@@ -31311,7 +31223,7 @@ index 87bd6b6..8f46fc9 100644
"Overran or corrupted SYSENTER stack\n");
#endif
ist_exit(regs);
-@@ -846,7 +895,7 @@ void __init early_trap_init(void)
+@@ -847,7 +896,7 @@ void __init early_trap_init(void)
* since we don't have trace_debug and it will be reset to
* 'debug' in trap_init() by set_intr_gate_ist().
*/
@@ -31320,7 +31232,7 @@ index 87bd6b6..8f46fc9 100644
/* int3 can be called from all */
set_system_intr_gate(X86_TRAP_BP, &int3);
#ifdef CONFIG_X86_32
-@@ -931,7 +980,7 @@ void __init trap_init(void)
+@@ -932,7 +981,7 @@ void __init trap_init(void)
* in early_trap_init(). However, ITS works only after
* cpu_init() loads TSS. See comments in early_trap_init().
*/
@@ -31329,7 +31241,7 @@ index 87bd6b6..8f46fc9 100644
/* int3 can be called from all */
set_system_intr_gate_ist(X86_TRAP_BP, &int3, DEBUG_STACK);
-@@ -939,7 +988,7 @@ void __init trap_init(void)
+@@ -940,7 +989,7 @@ void __init trap_init(void)
#ifdef CONFIG_X86_64
memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16);
@@ -31339,7 +31251,7 @@ index 87bd6b6..8f46fc9 100644
#endif
}
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
-index c9c4c7c..f6a623a 100644
+index 38ba6de..6c77173 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -156,7 +156,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
@@ -31352,7 +31264,7 @@ index c9c4c7c..f6a623a 100644
/*
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
-index bf4db6e..624137c 100644
+index 6c1ff31..cc5d294 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -287,7 +287,7 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool
@@ -31446,7 +31358,7 @@ index 3dce1ca..3dce2ad 100644
case VM86_GET_AND_RESET_IRQ: {
return get_and_reset_irq(irqnumber);
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 4c941f8..459a84d 100644
+index 9297a00..3dc41ac 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -31768,10 +31680,10 @@ index dad5fe9..ce5f4ba 100644
.disable = native_disable_io_apic,
};
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index bbbaa80..25071dc 100644
+index 7597b42..4c3b5e9 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
-@@ -222,15 +222,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
+@@ -224,15 +224,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
struct kvm_cpuid2 *cpuid,
struct kvm_cpuid_entry2 __user *entries)
{
@@ -31795,7 +31707,7 @@ index bbbaa80..25071dc 100644
vcpu->arch.cpuid_nent = cpuid->nent;
kvm_apic_set_version(vcpu);
kvm_x86_ops->cpuid_update(vcpu);
-@@ -243,15 +248,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+@@ -245,15 +250,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
struct kvm_cpuid2 *cpuid,
struct kvm_cpuid_entry2 __user *entries)
{
@@ -31959,7 +31871,7 @@ index 7cc2360..6ae1236 100644
{
struct kvm_kpic_state *s = opaque;
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
-index 9db4709..0423b6f 100644
+index 5f42d03..052f8a4 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -413,6 +413,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
@@ -31972,7 +31884,7 @@ index 9db4709..0423b6f 100644
{
struct dest_map *dest_map = &ioapic->rtc_status.dest_map;
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 1a2da0e..d1a84c1 100644
+index a397200..b4a6f32 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -57,7 +57,7 @@
@@ -31982,8 +31894,8 @@ index 1a2da0e..d1a84c1 100644
-#define apic_debug(fmt, arg...)
+#define apic_debug(fmt, arg...) do {} while (0)
- #define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
+ #define APIC_VERSION (0x14UL | ((KVM_APIC_LVT_NUM - 1) << 16))
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index bc019f7..51a5631 100644
--- a/arch/x86/kvm/paging_tmpl.h
@@ -31998,10 +31910,10 @@ index bc019f7..51a5631 100644
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 31346a3..038711e 100644
+index 16ef31b..23496f1 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3533,7 +3533,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -4120,7 +4120,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -32013,7 +31925,7 @@ index 31346a3..038711e 100644
load_TR_desc();
}
-@@ -3932,6 +3936,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -4559,6 +4563,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -32024,8 +31936,8 @@ index 31346a3..038711e 100644
reload_tss(vcpu);
local_irq_disable();
-@@ -4307,7 +4315,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
- {
+@@ -4955,7 +4963,7 @@ static inline void avic_post_state_restore(struct kvm_vcpu *vcpu)
+ avic_handle_ldr_update(vcpu);
}
-static struct kvm_x86_ops svm_x86_ops = {
@@ -32034,7 +31946,7 @@ index 31346a3..038711e 100644
.disabled_by_bios = is_disabled,
.hardware_setup = svm_hardware_setup,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index c4217a2..964fb8e 100644
+index 64a79f2..d392b19 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1589,14 +1589,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
@@ -32077,7 +31989,7 @@ index c4217a2..964fb8e 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
-@@ -2483,7 +2491,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2485,7 +2493,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
* guest_tsc = (host_tsc * tsc multiplier) >> 48 + tsc_offset
* -- Intel TSC Scaling for Virtualization White Paper, sec 1.3
*/
@@ -32086,7 +31998,7 @@ index c4217a2..964fb8e 100644
{
u64 host_tsc, tsc_offset;
-@@ -4724,7 +4732,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4726,7 +4734,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
unsigned long cr4;
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
@@ -32097,7 +32009,7 @@ index c4217a2..964fb8e 100644
/* Save the most likely value for this task's CR4 in the VMCS. */
cr4 = cr4_read_shadow();
-@@ -4751,7 +4762,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4753,7 +4764,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
vmx->host_idt_base = dt.address;
@@ -32106,7 +32018,7 @@ index c4217a2..964fb8e 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6299,11 +6310,17 @@ static __init int hardware_setup(void)
+@@ -6314,11 +6325,17 @@ static __init int hardware_setup(void)
* page upon invalidation. No need to do anything if not
* using the APIC_ACCESS_ADDR VMCS field.
*/
@@ -32126,7 +32038,7 @@ index c4217a2..964fb8e 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -6373,10 +6390,12 @@ static __init int hardware_setup(void)
+@@ -6385,10 +6402,12 @@ static __init int hardware_setup(void)
enable_pml = 0;
if (!enable_pml) {
@@ -32139,7 +32051,7 @@ index c4217a2..964fb8e 100644
}
kvm_set_posted_intr_wakeup_handler(wakeup_handler);
-@@ -8706,6 +8725,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8718,6 +8737,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -32152,7 +32064,7 @@ index c4217a2..964fb8e 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -8758,6 +8783,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8770,6 +8795,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -32164,7 +32076,7 @@ index c4217a2..964fb8e 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -8771,7 +8801,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8783,7 +8813,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -32173,7 +32085,7 @@ index c4217a2..964fb8e 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -8780,8 +8810,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8792,8 +8822,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -32194,7 +32106,7 @@ index c4217a2..964fb8e 100644
#endif
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
-@@ -10893,7 +10933,7 @@ out:
+@@ -10905,7 +10945,7 @@ out:
return ret;
}
@@ -32204,10 +32116,10 @@ index c4217a2..964fb8e 100644
.disabled_by_bios = vmx_disabled_by_bios,
.hardware_setup = hardware_setup,
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 6b9701b..86084df 100644
+index 7da5dd2..b667a94 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1945,8 +1945,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1940,8 +1940,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -32218,7 +32130,7 @@ index 6b9701b..86084df 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2647,6 +2647,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2646,6 +2646,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -32227,7 +32139,7 @@ index 6b9701b..86084df 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -3051,7 +3053,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+@@ -3054,7 +3056,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
{
@@ -32236,7 +32148,7 @@ index 6b9701b..86084df 100644
u64 xstate_bv = xsave->header.xfeatures;
u64 valid;
-@@ -3087,7 +3089,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
+@@ -3090,7 +3092,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
{
@@ -32245,7 +32157,7 @@ index 6b9701b..86084df 100644
u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET);
u64 valid;
-@@ -3131,7 +3133,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
+@@ -3134,7 +3136,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
fill_xsave((u8 *) guest_xsave->region, vcpu);
} else {
memcpy(guest_xsave->region,
@@ -32254,7 +32166,7 @@ index 6b9701b..86084df 100644
sizeof(struct fxregs_state));
*(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
XFEATURE_MASK_FPSSE;
-@@ -3156,7 +3158,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+@@ -3159,7 +3161,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
} else {
if (xstate_bv & ~XFEATURE_MASK_FPSSE)
return -EINVAL;
@@ -32263,7 +32175,7 @@ index 6b9701b..86084df 100644
guest_xsave->region, sizeof(struct fxregs_state));
}
return 0;
-@@ -6447,6 +6449,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
+@@ -6450,6 +6452,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
* exiting to the userspace. Otherwise, the value will be returned to the
* userspace.
*/
@@ -32271,7 +32183,7 @@ index 6b9701b..86084df 100644
static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
{
int r;
-@@ -6717,6 +6720,7 @@ out:
+@@ -6720,6 +6723,7 @@ out:
return r;
}
@@ -32279,7 +32191,7 @@ index 6b9701b..86084df 100644
static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
{
if (!kvm_arch_vcpu_runnable(vcpu) &&
-@@ -7264,7 +7268,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
+@@ -7267,7 +7271,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
{
struct fxregs_state *fxsave =
@@ -32288,7 +32200,7 @@ index 6b9701b..86084df 100644
memcpy(fpu->fpr, fxsave->st_space, 128);
fpu->fcw = fxsave->cwd;
-@@ -7281,7 +7285,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
+@@ -7284,7 +7288,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
{
struct fxregs_state *fxsave =
@@ -32297,19 +32209,19 @@ index 6b9701b..86084df 100644
memcpy(fxsave->st_space, fpu->fpr, 128);
fxsave->cwd = fpu->fcw;
-@@ -7297,9 +7301,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
+@@ -7300,9 +7304,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
static void fx_init(struct kvm_vcpu *vcpu)
{
- fpstate_init(&vcpu->arch.guest_fpu.state);
+ fpstate_init(vcpu->arch.guest_fpu.state);
- if (cpu_has_xsaves)
+ if (boot_cpu_has(X86_FEATURE_XSAVES))
- vcpu->arch.guest_fpu.state.xsave.header.xcomp_bv =
+ vcpu->arch.guest_fpu.state->xsave.header.xcomp_bv =
host_xcr0 | XSTATE_COMPACTION_ENABLED;
/*
-@@ -7322,7 +7326,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
+@@ -7325,7 +7329,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
*/
vcpu->guest_fpu_loaded = 1;
__kernel_fpu_begin();
@@ -32318,7 +32230,7 @@ index 6b9701b..86084df 100644
trace_kvm_fpu(1);
}
-@@ -7624,6 +7628,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
+@@ -7627,6 +7631,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
struct static_key kvm_no_apic_vcpu __read_mostly;
EXPORT_SYMBOL_GPL(kvm_no_apic_vcpu);
@@ -32327,7 +32239,7 @@ index 6b9701b..86084df 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
{
struct page *page;
-@@ -7641,11 +7647,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
+@@ -7644,11 +7650,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
else
vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
@@ -32346,7 +32258,7 @@ index 6b9701b..86084df 100644
vcpu->arch.pio_data = page_address(page);
kvm_set_tsc_khz(vcpu, max_tsc_khz);
-@@ -7703,6 +7712,9 @@ fail_mmu_destroy:
+@@ -7706,6 +7715,9 @@ fail_mmu_destroy:
kvm_mmu_destroy(vcpu);
fail_free_pio_data:
free_page((unsigned long)vcpu->arch.pio_data);
@@ -32356,7 +32268,7 @@ index 6b9701b..86084df 100644
fail:
return r;
}
-@@ -7721,6 +7733,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
+@@ -7724,6 +7736,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
free_page((unsigned long)vcpu->arch.pio_data);
if (!lapic_in_kernel(vcpu))
static_key_slow_dec(&kvm_no_apic_vcpu);
@@ -32366,7 +32278,7 @@ index 6b9701b..86084df 100644
void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index fd57d3a..7e9ec76 100644
+index 3847e73..39f5456 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -1336,9 +1336,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
@@ -34226,10 +34138,10 @@ index e0817a1..bc9cf66 100644
xor %eax,%eax
EXIT
diff --git a/arch/x86/lib/rwsem.S b/arch/x86/lib/rwsem.S
-index be110ef..6728d71 100644
+index bf2c607..0e6d18b 100644
--- a/arch/x86/lib/rwsem.S
+++ b/arch/x86/lib/rwsem.S
-@@ -93,6 +93,7 @@ ENTRY(call_rwsem_down_read_failed)
+@@ -95,6 +95,7 @@ ENTRY(call_rwsem_down_read_failed)
__ASM_SIZE(pop,) %__ASM_REG(dx)
restore_common_regs
FRAME_END
@@ -34237,7 +34149,7 @@ index be110ef..6728d71 100644
ret
ENDPROC(call_rwsem_down_read_failed)
-@@ -103,6 +104,7 @@ ENTRY(call_rwsem_down_write_failed)
+@@ -105,6 +106,7 @@ ENTRY(call_rwsem_down_write_failed)
call rwsem_down_write_failed
restore_common_regs
FRAME_END
@@ -34245,7 +34157,7 @@ index be110ef..6728d71 100644
ret
ENDPROC(call_rwsem_down_write_failed)
-@@ -116,6 +118,7 @@ ENTRY(call_rwsem_wake)
+@@ -128,6 +130,7 @@ ENTRY(call_rwsem_wake)
call rwsem_wake
restore_common_regs
1: FRAME_END
@@ -34253,7 +34165,7 @@ index be110ef..6728d71 100644
ret
ENDPROC(call_rwsem_wake)
-@@ -128,5 +131,6 @@ ENTRY(call_rwsem_downgrade_wake)
+@@ -140,5 +143,6 @@ ENTRY(call_rwsem_downgrade_wake)
__ASM_SIZE(pop,) %__ASM_REG(dx)
restore_common_regs
FRAME_END
@@ -34261,7 +34173,7 @@ index be110ef..6728d71 100644
ret
ENDPROC(call_rwsem_downgrade_wake)
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
-index 91d93b9..4b22130 100644
+index b559d92..625a909 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -42,11 +42,13 @@ do { \
@@ -34759,7 +34671,7 @@ index 91d93b9..4b22130 100644
return n;
}
@@ -632,60 +743,38 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
- if (n > 64 && cpu_has_xmm2)
+ if (n > 64 && static_cpu_has(X86_FEATURE_XMM2))
n = __copy_user_intel_nocache(to, from, n);
else
- __copy_user(to, from, n);
@@ -35047,10 +34959,10 @@ index 0054835..a3bd671 100644
void fconst(void)
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
-index f989132..7c590d6 100644
+index 62c0043..0fae532 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
-@@ -39,3 +39,6 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
+@@ -38,3 +38,6 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
@@ -35155,17 +35067,18 @@ index 99bfb19..237fb1d 100644
} else {
walk_pud_level(m, &st, *start,
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
-index 82447b3..95c2b03 100644
+index 4bb53b8..7e79b52 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
-@@ -1,5 +1,6 @@
+@@ -1,6 +1,7 @@
#include <linux/module.h>
#include <asm/uaccess.h>
+ #include <asm/traps.h>
+#include <asm/boot.h>
typedef bool (*ex_handler_t)(const struct exception_table_entry *,
struct pt_regs *, int);
-@@ -7,12 +8,25 @@ typedef bool (*ex_handler_t)(const struct exception_table_entry *,
+@@ -8,12 +9,25 @@ typedef bool (*ex_handler_t)(const struct exception_table_entry *,
static inline unsigned long
ex_fixup_addr(const struct exception_table_entry *x)
{
@@ -35193,7 +35106,7 @@ index 82447b3..95c2b03 100644
}
bool ex_handler_default(const struct exception_table_entry *fixup,
-@@ -61,7 +75,7 @@ int fixup_exception(struct pt_regs *regs, int trapnr)
+@@ -99,7 +113,7 @@ int fixup_exception(struct pt_regs *regs, int trapnr)
ex_handler_t handler;
#ifdef CONFIG_PNPBIOS
@@ -35203,7 +35116,7 @@ index 82447b3..95c2b03 100644
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 5ce1ed0..f713160 100644
+index 7d1fa7c..5c07d66 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,6 +14,8 @@
@@ -35288,7 +35201,7 @@ index 5ce1ed0..f713160 100644
@@ -294,10 +335,27 @@ void vmalloc_sync_all(void)
for (address = VMALLOC_START & PMD_MASK;
- address >= TASK_SIZE && address < FIXADDR_TOP;
+ address >= TASK_SIZE_MAX && address < FIXADDR_TOP;
address += PMD_SIZE) {
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
@@ -35428,11 +35341,10 @@ index 5ce1ed0..f713160 100644
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -854,6 +950,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
- return;
+@@ -855,6 +951,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
}
#endif
-+
+
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
+ if (pax_is_fetch_fault(regs, error_code, address)) {
+
@@ -35448,10 +35360,10 @@ index 5ce1ed0..f713160 100644
+ }
+#endif
+
- /* Kernel addresses are always protection faults: */
- if (address >= TASK_SIZE)
- error_code |= PF_PROT;
-@@ -961,7 +1073,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+ /*
+ * To avoid leaking information about the kernel page table
+ * layout, pretend that user-mode accesses to kernel addresses
+@@ -966,7 +1077,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -35460,7 +35372,7 @@ index 5ce1ed0..f713160 100644
code = BUS_MCEERR_AR;
}
#endif
-@@ -1020,6 +1132,109 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -1025,6 +1136,109 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
@@ -35570,7 +35482,7 @@ index 5ce1ed0..f713160 100644
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -1107,6 +1322,10 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
+@@ -1112,6 +1326,10 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
{
/* This is only called for the current mm, so: */
bool foreign = false;
@@ -35581,7 +35493,7 @@ index 5ce1ed0..f713160 100644
/*
* Make sure to check the VMA so that we do not perform
* faults just to hit a PF_PK as soon as we fill in a
-@@ -1178,6 +1397,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1183,6 +1401,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
tsk = current;
mm = tsk->mm;
@@ -35604,7 +35516,7 @@ index 5ce1ed0..f713160 100644
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1304,6 +1539,11 @@ retry:
+@@ -1309,6 +1543,11 @@ retry:
might_sleep();
}
@@ -35616,7 +35528,7 @@ index 5ce1ed0..f713160 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1315,18 +1555,24 @@ retry:
+@@ -1320,18 +1559,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -35652,7 +35564,7 @@ index 5ce1ed0..f713160 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1446,3 +1692,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1451,3 +1696,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
}
NOKPROBE_SYMBOL(trace_do_page_fault);
#endif /* CONFIG_TRACING */
@@ -35995,7 +35907,7 @@ index a6d7392..3b105a8 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 740d7ac..4091827 100644
+index 2ae8584..e8f8f29 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -74,23 +74,24 @@ int pud_huge(pud_t pud)
@@ -36097,7 +36009,7 @@ index 740d7ac..4091827 100644
#endif /* CONFIG_HUGETLB_PAGE */
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 9d56f27..0d15fff 100644
+index 372aad2..15d0667 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -36205,7 +36117,7 @@ index 9d56f27..0d15fff 100644
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index bd7a9b9..f1dad0b 100644
+index 84df150..aacf18e 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
@@ -36433,7 +36345,7 @@ index bd7a9b9..f1dad0b 100644
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -871,7 +873,7 @@ static noinline int do_test_wp_bit(void)
+@@ -868,7 +870,7 @@ static noinline int do_test_wp_bit(void)
const int rodata_test_data = 0xC3;
EXPORT_SYMBOL_GPL(rodata_test_data);
@@ -36442,7 +36354,7 @@ index bd7a9b9..f1dad0b 100644
void set_kernel_text_rw(void)
{
-@@ -881,6 +883,7 @@ void set_kernel_text_rw(void)
+@@ -878,6 +880,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
@@ -36450,7 +36362,7 @@ index bd7a9b9..f1dad0b 100644
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -895,6 +898,7 @@ void set_kernel_text_ro(void)
+@@ -892,6 +895,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
@@ -36458,7 +36370,7 @@ index bd7a9b9..f1dad0b 100644
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -907,7 +911,7 @@ static void mark_nxdata_nx(void)
+@@ -904,7 +908,7 @@ static void mark_nxdata_nx(void)
* When this called, init has already been executed and released,
* so everything past _etext should be NX.
*/
@@ -36467,7 +36379,7 @@ index bd7a9b9..f1dad0b 100644
/*
* This comes from is_kernel_text upper limit. Also HPAGE where used:
*/
-@@ -923,26 +927,52 @@ void mark_rodata_ro(void)
+@@ -920,26 +924,52 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
@@ -36529,10 +36441,10 @@ index bd7a9b9..f1dad0b 100644
#ifdef CONFIG_CPA_DEBUG
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 214afda..7fd6c3f 100644
+index bce2e5d..2a2bf30 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
-@@ -138,7 +138,7 @@ int kernel_ident_mapping_init(struct x86_mapping_info *info, pgd_t *pgd_page,
+@@ -66,7 +66,7 @@
* around without checking the pgd every time.
*/
@@ -36541,7 +36453,7 @@ index 214afda..7fd6c3f 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
int force_personality32;
-@@ -171,7 +171,12 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -99,7 +99,12 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
for (address = start; address <= end; address += PGDIR_SIZE) {
const pgd_t *pgd_ref = pgd_offset_k(address);
@@ -36554,7 +36466,7 @@ index 214afda..7fd6c3f 100644
/*
* When it is called after memory hot remove, pgd_none()
-@@ -182,6 +187,25 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -110,6 +115,25 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
continue;
spin_lock(&pgd_lock);
@@ -36580,7 +36492,7 @@ index 214afda..7fd6c3f 100644
list_for_each_entry(page, &pgd_list, lru) {
pgd_t *pgd;
spinlock_t *pgt_lock;
-@@ -190,6 +214,7 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -118,6 +142,7 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
/* the pgt_lock only for Xen */
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
spin_lock(pgt_lock);
@@ -36588,7 +36500,7 @@ index 214afda..7fd6c3f 100644
if (!pgd_none(*pgd_ref) && !pgd_none(*pgd))
BUG_ON(pgd_page_vaddr(*pgd)
-@@ -203,7 +228,10 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -131,7 +156,10 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
set_pgd(pgd, *pgd_ref);
}
@@ -36599,7 +36511,7 @@ index 214afda..7fd6c3f 100644
}
spin_unlock(&pgd_lock);
}
-@@ -236,7 +264,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
+@@ -164,7 +192,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
{
if (pgd_none(*pgd)) {
pud_t *pud = (pud_t *)spp_getpage();
@@ -36608,7 +36520,7 @@ index 214afda..7fd6c3f 100644
if (pud != pud_offset(pgd, 0))
printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
pud, pud_offset(pgd, 0));
-@@ -248,7 +276,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
+@@ -176,7 +204,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
{
if (pud_none(*pud)) {
pmd_t *pmd = (pmd_t *) spp_getpage();
@@ -36617,7 +36529,7 @@ index 214afda..7fd6c3f 100644
if (pmd != pmd_offset(pud, 0))
printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
pmd, pmd_offset(pud, 0));
-@@ -277,7 +305,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
+@@ -205,7 +233,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
pmd = fill_pmd(pud, vaddr);
pte = fill_pte(pmd, vaddr);
@@ -36627,7 +36539,7 @@ index 214afda..7fd6c3f 100644
/*
* It's enough to flush this one mapping.
-@@ -339,14 +369,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
+@@ -267,14 +297,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
pgd = pgd_offset_k((unsigned long)__va(phys));
if (pgd_none(*pgd)) {
pud = (pud_t *) spp_getpage();
@@ -36644,7 +36556,7 @@ index 214afda..7fd6c3f 100644
}
pmd = pmd_offset(pud, phys);
BUG_ON(!pmd_none(*pmd));
-@@ -587,7 +615,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
+@@ -515,7 +543,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
prot);
spin_lock(&init_mm.page_table_lock);
@@ -36653,7 +36565,7 @@ index 214afda..7fd6c3f 100644
spin_unlock(&init_mm.page_table_lock);
}
__flush_tlb_all();
-@@ -628,7 +656,7 @@ kernel_physical_mapping_init(unsigned long start,
+@@ -556,7 +584,7 @@ kernel_physical_mapping_init(unsigned long start,
page_size_mask);
spin_lock(&init_mm.page_table_lock);
@@ -36662,7 +36574,7 @@ index 214afda..7fd6c3f 100644
spin_unlock(&init_mm.page_table_lock);
pgd_changed = true;
}
-@@ -1078,7 +1106,7 @@ void __init mem_init(void)
+@@ -1006,7 +1034,7 @@ void __init mem_init(void)
const int rodata_test_data = 0xC3;
EXPORT_SYMBOL_GPL(rodata_test_data);
@@ -36671,7 +36583,7 @@ index 214afda..7fd6c3f 100644
void set_kernel_text_rw(void)
{
-@@ -1107,8 +1135,7 @@ void set_kernel_text_ro(void)
+@@ -1035,8 +1063,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
@@ -36681,7 +36593,7 @@ index 214afda..7fd6c3f 100644
/*
* Set the kernel identity mapping for text RO.
-@@ -1119,18 +1146,23 @@ void set_kernel_text_ro(void)
+@@ -1047,18 +1074,23 @@ void set_kernel_text_ro(void)
void mark_rodata_ro(void)
{
unsigned long start = PFN_ALIGN(_text);
@@ -36709,7 +36621,7 @@ index 214afda..7fd6c3f 100644
/*
* The rodata/data/bss/brk section (but not the kernel text!)
* should also be not-executable.
-@@ -1156,12 +1188,54 @@ void mark_rodata_ro(void)
+@@ -1084,12 +1116,54 @@ void mark_rodata_ro(void)
set_memory_ro(start, (end-start) >> PAGE_SHIFT);
#endif
@@ -36781,7 +36693,7 @@ index 9c0ff04..9020d5f 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index 0d8d53d..74815a4 100644
+index f089491..467113c 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -59,8 +59,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
@@ -37065,7 +36977,7 @@ index 8047687..6351be43 100644
err_out:
/* info might be NULL, but kfree() handles that */
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
-index f70c1ff..fdb449c 100644
+index 9c086c5..421e25b 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -529,7 +529,7 @@ static void __init numa_clear_kernel_node_hotplug(void)
@@ -37078,7 +36990,7 @@ index f70c1ff..fdb449c 100644
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index 01be9ec..2b8c8c7 100644
+index 7a1f7bb..b245aea 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -258,7 +258,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
@@ -37171,7 +37083,7 @@ index 01be9ec..2b8c8c7 100644
unsigned long address)
{
struct page *base;
-@@ -1157,6 +1180,7 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
+@@ -1163,6 +1186,7 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
}
}
@@ -37179,7 +37091,7 @@ index 01be9ec..2b8c8c7 100644
static int __change_page_attr(struct cpa_data *cpa, int primary)
{
unsigned long address;
-@@ -1215,7 +1239,9 @@ repeat:
+@@ -1221,7 +1245,9 @@ repeat:
* Do we really change anything ?
*/
if (pte_val(old_pte) != pte_val(new_pte)) {
@@ -37190,10 +37102,10 @@ index 01be9ec..2b8c8c7 100644
}
cpa->numpages = 1;
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
-index faec01e..437ec71 100644
+index fb0604f..b9e0399 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
-@@ -589,7 +589,7 @@ int free_memtype(u64 start, u64 end)
+@@ -633,7 +633,7 @@ int free_memtype(u64 start, u64 end)
if (IS_ERR(entry)) {
pr_info("x86/PAT: %s:%d freeing invalid memtype [mem %#010Lx-%#010Lx]\n",
@@ -37202,7 +37114,7 @@ index faec01e..437ec71 100644
return -EINVAL;
}
-@@ -712,8 +712,8 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
+@@ -756,8 +756,8 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
while (cursor < to) {
if (!devmem_is_allowed(pfn)) {
@@ -37213,7 +37125,7 @@ index faec01e..437ec71 100644
return 0;
}
cursor += PAGE_SIZE;
-@@ -783,7 +783,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size,
+@@ -808,7 +808,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size,
if (ioremap_change_attr((unsigned long)__va(base), id_sz, pcm) < 0) {
pr_info("x86/PAT: %s:%d ioremap_change_attr failed %s for [mem %#010Lx-%#010Lx]\n",
@@ -37222,7 +37134,7 @@ index faec01e..437ec71 100644
cattr_name(pcm),
base, (unsigned long long)(base + size-1));
return -EINVAL;
-@@ -818,7 +818,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
+@@ -843,7 +843,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
pcm = lookup_memtype(paddr);
if (want_pcm != pcm) {
pr_warn("x86/PAT: %s:%d map pfn RAM range req %s for [mem %#010Lx-%#010Lx], got %s\n",
@@ -37231,7 +37143,7 @@ index faec01e..437ec71 100644
cattr_name(want_pcm),
(unsigned long long)paddr,
(unsigned long long)(paddr + size - 1),
-@@ -839,7 +839,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
+@@ -864,7 +864,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
!is_new_memtype_allowed(paddr, size, want_pcm, pcm)) {
free_memtype(paddr, paddr + size);
pr_err("x86/PAT: %s:%d map pfn expected mapping type %s for [mem %#010Lx-%#010Lx], got %s\n",
@@ -37303,7 +37215,7 @@ index 9f0614d..92ae64a 100644
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 4eb287e..a021315 100644
+index aa0ff4b..be1aee7 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -98,10 +98,75 @@ static inline void pgd_list_del(pgd_t *pgd)
@@ -37718,10 +37630,10 @@ index f65a33f..f408a99 100644
}
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
-index fe9b9f7..35b4936e 100644
+index 5643fd0..3104402 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
-@@ -45,7 +45,11 @@ void leave_mm(int cpu)
+@@ -47,7 +47,11 @@ void leave_mm(int cpu)
BUG();
if (cpumask_test_cpu(cpu, mm_cpumask(active_mm))) {
cpumask_clear_cpu(cpu, mm_cpumask(active_mm));
@@ -37733,6 +37645,160 @@ index fe9b9f7..35b4936e 100644
/*
* This gets called in the idle path where RCU
* functions differently. Tracing normally
+@@ -61,6 +65,51 @@ EXPORT_SYMBOL_GPL(leave_mm);
+
+ #endif /* CONFIG_SMP */
+
++static void pax_switch_mm(struct mm_struct *next, unsigned int cpu)
++{
++
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ pax_open_kernel();
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCIDUDEREF))
++ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
++ else
++#endif
++
++ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd);
++
++ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd);
++
++ pax_close_kernel();
++
++ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ u64 descriptor[2];
++ descriptor[0] = PCID_USER;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
++ descriptor[0] = PCID_KERNEL;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
++ }
++ } else {
++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++ if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ else
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
++ }
++ } else
++#endif
++
++ load_cr3(get_cpu_pgd(cpu, kernel));
++#endif
++
++}
++
+ void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+ struct task_struct *tsk)
+ {
+@@ -75,9 +124,15 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
+ struct task_struct *tsk)
+ {
+ unsigned cpu = smp_processor_id();
++#if defined(CONFIG_X86_32) && defined(CONFIG_SMP) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
++ int tlbstate = TLBSTATE_OK;
++#endif
+
+ if (likely(prev != next)) {
+ #ifdef CONFIG_SMP
++#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
++ tlbstate = this_cpu_read(cpu_tlbstate.state);
++#endif
+ this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
+ this_cpu_write(cpu_tlbstate.active_mm, next);
+ #endif
+@@ -96,7 +151,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
+ * We need to prevent an outcome in which CPU 1 observes
+ * the new PTE value and CPU 0 observes bit 1 clear in
+ * mm_cpumask. (If that occurs, then the IPI will never
+- * be sent, and CPU 0's TLB will contain a stale entry.)
++ * be sent, and CPU 1's TLB will contain a stale entry.)
+ *
+ * The bad outcome can occur if either CPU's load is
+ * reordered before that CPU's store, so both CPUs must
+@@ -111,7 +166,11 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
+ * ordering guarantee we need.
+ *
+ */
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ pax_switch_mm(next, cpu);
++#else
+ load_cr3(next->pgd);
++#endif
+
+ trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
+
+@@ -137,9 +196,31 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
+ if (unlikely(prev->context.ldt != next->context.ldt))
+ load_mm_ldt(next);
+ #endif
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++ if (!(__supported_pte_mask & _PAGE_NX)) {
++ smp_mb__before_atomic();
++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
++ smp_mb__after_atomic();
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
++ }
++#endif
++
++#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
++ if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
++ prev->context.user_cs_limit != next->context.user_cs_limit))
++ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
++#ifdef CONFIG_SMP
++ else if (unlikely(tlbstate != TLBSTATE_OK))
++ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
++#endif
++#endif
++
+ }
++ else {
++ pax_switch_mm(next, cpu);
++
+ #ifdef CONFIG_SMP
+- else {
+ this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
+ BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
+
+@@ -160,13 +241,30 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
+ * As above, load_cr3() is serializing and orders TLB
+ * fills with respect to the mm_cpumask write.
+ */
++
++#ifndef CONFIG_PAX_PER_CPU_PGD
+ load_cr3(next->pgd);
+ trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
++#endif
++
+ load_mm_cr4(next);
+ load_mm_ldt(next);
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
++ if (!(__supported_pte_mask & _PAGE_NX))
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
++#endif
++
++#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
++#ifdef CONFIG_PAX_PAGEEXEC
++ if (!((next->pax_flags & MF_PAX_PAGEEXEC) && (__supported_pte_mask & _PAGE_NX)))
++#endif
++ set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
++#endif
++
+ }
++#endif
+ }
+-#endif
+ }
+
+ #ifdef CONFIG_SMP
diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c
new file mode 100644
index 0000000..3fda3f3
@@ -37866,7 +37932,7 @@ index f2a7faf..b77bb6c 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 4286f36..54471fd 100644
+index fe04a04..99be1fa 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -14,7 +14,11 @@
@@ -37881,7 +37947,7 @@ index 4286f36..54471fd 100644
/*
* assembly code in arch/x86/net/bpf_jit.S
-@@ -176,7 +180,9 @@ static u8 add_2reg(u8 byte, u32 dst_reg, u32 src_reg)
+@@ -183,7 +187,9 @@ static u8 add_2reg(u8 byte, u32 dst_reg, u32 src_reg)
static void jit_fill_hole(void *area, unsigned int size)
{
/* fill whole space with int3 instructions */
@@ -37891,7 +37957,7 @@ index 4286f36..54471fd 100644
}
struct jit_context {
-@@ -1060,7 +1066,9 @@ common_load:
+@@ -1076,7 +1082,9 @@ common_load:
pr_err("bpf_jit_compile fatal error\n");
return -EFAULT;
}
@@ -37901,7 +37967,7 @@ index 4286f36..54471fd 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -1137,7 +1145,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -1169,7 +1177,6 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
if (image) {
bpf_flush_icache(header, image + proglen);
@@ -37909,7 +37975,7 @@ index 4286f36..54471fd 100644
prog->bpf_func = (void *)image;
prog->jited = 1;
}
-@@ -1150,12 +1157,8 @@ void bpf_jit_free(struct bpf_prog *fp)
+@@ -1188,12 +1195,8 @@ void bpf_jit_free(struct bpf_prog *fp)
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
struct bpf_binary_header *header = (void *)addr;
@@ -37952,7 +38018,7 @@ index cb31a44..b942435 100644
return NULL;
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
-index 0e07e09..334d300 100644
+index 28c0412..568d0a4 100644
--- a/arch/x86/oprofile/nmi_int.c
+++ b/arch/x86/oprofile/nmi_int.c
@@ -23,6 +23,7 @@
@@ -38006,7 +38072,7 @@ index 660a83c..6ff762b 100644
return 0;
}
diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c
-index d90528e..a44aa09 100644
+index 350f709..77882e0 100644
--- a/arch/x86/oprofile/op_model_ppro.c
+++ b/arch/x86/oprofile/op_model_ppro.c
@@ -19,6 +19,7 @@
@@ -38397,10 +38463,10 @@ index 338402b9..29ea50ab 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
-index 49e4dd4..d714abf 100644
+index b226b3f..c9a3540 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
-@@ -93,6 +93,11 @@ pgd_t * __init efi_call_phys_prolog(void)
+@@ -91,6 +91,11 @@ pgd_t * __init efi_call_phys_prolog(void)
vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
}
@@ -38412,7 +38478,7 @@ index 49e4dd4..d714abf 100644
out:
__flush_tlb_all();
-@@ -120,6 +125,10 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
+@@ -118,6 +123,10 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
kfree(save_pgd);
@@ -38423,7 +38489,7 @@ index 49e4dd4..d714abf 100644
__flush_tlb_all();
early_code_mapping_set_exec(0);
}
-@@ -220,8 +229,23 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+@@ -218,8 +227,23 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
unsigned npages;
pgd_t *pgd;
@@ -38578,21 +38644,21 @@ index 040192b..7d3300f 100644
.long 0
efi_rt_function_ptr:
diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
-index 92723ae..c9adfb7 100644
+index cd95075..a7b6d47 100644
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
-@@ -12,6 +12,7 @@
+@@ -11,6 +11,7 @@
+ #include <asm/msr.h>
#include <asm/processor-flags.h>
#include <asm/page_types.h>
- #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#define SAVE_XMM \
mov %rsp, %rax; \
-@@ -54,5 +55,6 @@ ENTRY(efi_call)
+@@ -53,5 +54,6 @@ ENTRY(efi_call)
addq $48, %rsp
RESTORE_XMM
- FRAME_END
+ popq %rbp
+ pax_force_retaddr 0, 1
ret
ENDPROC(efi_call)
@@ -39147,10 +39213,10 @@ index c7b15f3..cc09a65 100644
This is the Linux Xen port. Enabling this will allow the
kernel to boot in a paravirtualized environment under the
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 880862c..53dcb02 100644
+index 760789a..dbf5054 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
-@@ -132,8 +132,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
+@@ -131,8 +131,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
struct shared_info xen_dummy_shared_info;
@@ -39159,7 +39225,7 @@ index 880862c..53dcb02 100644
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -591,8 +589,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+@@ -590,8 +588,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -39169,7 +39235,7 @@ index 880862c..53dcb02 100644
int f;
/*
-@@ -640,8 +637,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -639,8 +636,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -39179,7 +39245,7 @@ index 880862c..53dcb02 100644
int f;
/*
-@@ -649,7 +645,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -648,7 +644,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
* 8-byte entries, or 16 4k pages..
*/
@@ -39188,7 +39254,7 @@ index 880862c..53dcb02 100644
BUG_ON(va & ~PAGE_MASK);
for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
-@@ -778,7 +774,7 @@ static int cvt_gate_to_trap(int vector, const gate_desc *val,
+@@ -777,7 +773,7 @@ static int cvt_gate_to_trap(int vector, const gate_desc *val,
* so we should never see them. Warn if
* there's an unexpected IST-using fault handler.
*/
@@ -39197,7 +39263,7 @@ index 880862c..53dcb02 100644
addr = (unsigned long)xen_debug;
else if (addr == (unsigned long)int3)
addr = (unsigned long)xen_int3;
-@@ -1263,7 +1259,7 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
+@@ -1283,7 +1279,7 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
.end_context_switch = xen_end_context_switch,
};
@@ -39206,7 +39272,7 @@ index 880862c..53dcb02 100644
{
struct sched_shutdown r = { .reason = reason };
int cpu;
-@@ -1271,26 +1267,26 @@ static void xen_reboot(int reason)
+@@ -1291,26 +1287,26 @@ static void xen_reboot(int reason)
for_each_online_cpu(cpu)
xen_pmu_finish(cpu);
@@ -39239,7 +39305,7 @@ index 880862c..53dcb02 100644
{
if (pm_power_off)
pm_power_off();
-@@ -1443,8 +1439,11 @@ static void __ref xen_setup_gdt(int cpu)
+@@ -1463,8 +1459,11 @@ static void __ref xen_setup_gdt(int cpu)
pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
pv_cpu_ops.load_gdt = xen_load_gdt_boot;
@@ -39253,7 +39319,7 @@ index 880862c..53dcb02 100644
pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
pv_cpu_ops.load_gdt = xen_load_gdt;
-@@ -1561,7 +1560,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1583,7 +1582,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
@@ -39272,7 +39338,7 @@ index 880862c..53dcb02 100644
/* Get mfn list */
xen_build_dynamic_phys_to_machine();
-@@ -1589,13 +1598,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1611,13 +1620,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
@@ -39287,10 +39353,10 @@ index 880862c..53dcb02 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 478a2de..4f5e7b6 100644
+index 6743371..26347de 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1939,7 +1939,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
* L3_k[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
@@ -39305,7 +39371,7 @@ index 478a2de..4f5e7b6 100644
convert_pfn_mfn(level2_fixmap_pgt);
}
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
-@@ -1980,11 +1987,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1969,11 +1976,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -39332,7 +39398,7 @@ index 478a2de..4f5e7b6 100644
/* Pin down new L4 */
pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
-@@ -2395,6 +2416,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2384,6 +2405,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if CONFIG_PGTABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -39340,7 +39406,7 @@ index 478a2de..4f5e7b6 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2423,6 +2445,10 @@ static void xen_leave_lazy_mmu(void)
+@@ -2413,6 +2435,10 @@ static void xen_leave_lazy_mmu(void)
preempt_enable();
}
@@ -39351,7 +39417,7 @@ index 478a2de..4f5e7b6 100644
static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.read_cr2 = xen_read_cr2,
.write_cr2 = xen_write_cr2,
-@@ -2435,7 +2461,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2425,7 +2451,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.flush_tlb_single = xen_flush_tlb_single,
.flush_tlb_others = xen_flush_tlb_others,
@@ -39360,7 +39426,7 @@ index 478a2de..4f5e7b6 100644
.pgd_alloc = xen_pgd_alloc,
.pgd_free = xen_pgd_free,
-@@ -2472,6 +2498,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2462,6 +2488,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -39509,10 +39575,10 @@ index 2f33760..835e50a 100644
#define XCHAL_ICACHE_SIZE 8192 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 8192 /* D-cache size in bytes or 0 */
diff --git a/block/bio.c b/block/bio.c
-index 807d25e..ac1e9e7 100644
+index 0e4aa42..a05fa6e 100644
--- a/block/bio.c
+++ b/block/bio.c
-@@ -1149,7 +1149,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+@@ -1138,7 +1138,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -39521,7 +39587,7 @@ index 807d25e..ac1e9e7 100644
return ERR_PTR(-EINVAL);
nr_pages += end - start;
-@@ -1274,7 +1274,7 @@ struct bio *bio_map_user_iov(struct request_queue *q,
+@@ -1263,7 +1263,7 @@ struct bio *bio_map_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -39711,7 +39777,7 @@ index 9f42526..fcc8648 100644
EXPORT_SYMBOL(blk_unregister_region);
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
-index 26cb624..a49c3a5 100644
+index bcd86e5..fe457ef 100644
--- a/block/partitions/efi.c
+++ b/block/partitions/efi.c
@@ -293,14 +293,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
@@ -40009,10 +40075,10 @@ index f71b756..b96847c 100644
#endif
diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
-index 4361bc9..5d5306e 100644
+index c1d138e..fa32222f 100644
--- a/drivers/acpi/acpi_video.c
+++ b/drivers/acpi/acpi_video.c
-@@ -419,7 +419,7 @@ static int video_set_report_key_events(const struct dmi_system_id *id)
+@@ -406,7 +406,7 @@ static int video_set_report_key_events(const struct dmi_system_id *id)
return 0;
}
@@ -40106,7 +40172,7 @@ index 60746ef..02a1ddc 100644
do_div(period, (count + 1));
if (period > max_period) {
diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
-index b719ab3..371e2a6 100644
+index ab23479..9aa32bf 100644
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -75,7 +75,7 @@ MODULE_PARM_DESC(cache_time, "cache time in milliseconds");
@@ -40136,29 +40202,36 @@ index 75f128e..72b03af 100644
bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj);
if (!bgrt_kobj)
diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
-index 96809cd..6a49f979 100644
+index bdc67ba..a82756b 100644
--- a/drivers/acpi/blacklist.c
+++ b/drivers/acpi/blacklist.c
-@@ -47,7 +47,7 @@ struct acpi_blacklist_item {
+@@ -47,13 +47,13 @@ struct acpi_blacklist_item {
u32 is_critical_error;
};
--static struct dmi_system_id acpi_osi_dmi_table[] __initdata;
-+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst;
+-static struct dmi_system_id acpi_rev_dmi_table[] __initdata;
++static const struct dmi_system_id acpi_rev_dmi_table[] __initconst;
/*
* POLICY: If *anything* doesn't work, put it on the blacklist.
-@@ -168,7 +168,7 @@ static int __init dmi_enable_rev_override(const struct dmi_system_id *d)
+ * If they are critical errors, mark it critical, and abort driver load.
+ */
+-static struct acpi_blacklist_item acpi_blacklist[] __initdata = {
++static const struct acpi_blacklist_item acpi_blacklist[] __initconst = {
+ /* Compaq Presario 1700 */
+ {"PTLTD ", " DSDT ", 0x06040000, ACPI_SIG_DSDT, less_than_or_equal,
+ "Multiple problems", 1},
+@@ -144,7 +144,7 @@ static int __init dmi_enable_rev_override(const struct dmi_system_id *d)
}
#endif
--static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
-+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
- {
- .callback = dmi_disable_osi_vista,
- .ident = "Fujitsu Siemens",
+-static struct dmi_system_id acpi_rev_dmi_table[] __initdata = {
++static const struct dmi_system_id acpi_rev_dmi_table[] __initconst = {
+ #ifdef CONFIG_ACPI_REV_OVERRIDE_POSSIBLE
+ /*
+ * DELL XPS 13 (2015) switches sound between HDA and I2S
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
-index c068c82..7611bc1 100644
+index 262ca31..31a014f 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -63,7 +63,7 @@ static int set_copy_dsdt(const struct dmi_system_id *id)
@@ -40224,20 +40297,20 @@ index 993fd31..cc15d14 100644
}
EXPORT_SYMBOL_GPL(acpi_dev_pm_attach);
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
-index b420fb4..b66c430 100644
+index 290d6f5..888bde8 100644
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
-@@ -1503,7 +1503,7 @@ static int ec_clear_on_resume(const struct dmi_system_id *id)
+@@ -1536,7 +1536,7 @@ static int ec_correct_ecdt(const struct dmi_system_id *id)
return 0;
}
-static struct dmi_system_id ec_dmi_table[] __initdata = {
+static const struct dmi_system_id ec_dmi_table[] __initconst = {
{
- ec_skip_dsdt_scan, "Compal JFL92", {
- DMI_MATCH(DMI_BIOS_VENDOR, "COMPAL"),
-@@ -1610,7 +1610,7 @@ error:
- return -ENODEV;
+ ec_correct_ecdt, "Asus L4R", {
+ DMI_MATCH(DMI_BIOS_VERSION, "1008.006"),
+@@ -1613,7 +1613,7 @@ error:
+ return ret;
}
-static int param_set_event_clearing(const char *val, struct kernel_param *kp)
@@ -40245,7 +40318,7 @@ index b420fb4..b66c430 100644
{
int result = 0;
-@@ -1628,7 +1628,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp)
+@@ -1631,7 +1631,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp)
return result;
}
@@ -40254,6 +40327,19 @@ index b420fb4..b66c430 100644
{
switch (ec_event_clearing) {
case ACPI_EC_EVT_TIMING_STATUS:
+diff --git a/drivers/acpi/osi.c b/drivers/acpi/osi.c
+index 849f9d2..c97dd81 100644
+--- a/drivers/acpi/osi.c
++++ b/drivers/acpi/osi.c
+@@ -318,7 +318,7 @@ static int __init dmi_disable_osi_win8(const struct dmi_system_id *d)
+ * Note that _OSI("Linux")/_OSI("Darwin") determined here can be overridden
+ * by acpi_osi=!Linux/acpi_osi=!Darwin command line options.
+ */
+-static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
++static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
+ {
+ .callback = dmi_disable_osi_vista,
+ .ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/pci_slot.c b/drivers/acpi/pci_slot.c
index 7188e53..6012bc4 100644
--- a/drivers/acpi/pci_slot.c
@@ -40294,10 +40380,10 @@ index 7cfbda4..74f738c 100644
set_no_mwait, "Extensa 5220", {
DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"),
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
-index 2a8b596..90a329e 100644
+index 7a2e4d4..0de00c5 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
-@@ -149,7 +149,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
+@@ -154,7 +154,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
return 0;
}
@@ -40307,7 +40393,7 @@ index 2a8b596..90a329e 100644
.callback = init_old_suspend_ordering,
.ident = "Abit KN9 (nForce4 variant)",
diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
-index 0243d37..dcf52db 100644
+index 4b3a9e2..c80f3c2 100644
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@@ -227,7 +227,7 @@ module_param_cb(trace_method_name, &param_ops_trace_method, &trace_method_name,
@@ -40351,7 +40437,7 @@ index 0243d37..dcf52db 100644
static void delete_gpe_attr_array(void)
{
-@@ -777,13 +777,13 @@ static void __exit interrupt_stats_exit(void)
+@@ -776,13 +776,13 @@ static void __exit interrupt_stats_exit(void)
}
static ssize_t
@@ -40381,7 +40467,7 @@ index 82707f9..a6b19f5 100644
* Award BIOS on this AOpen makes thermal control almost worthless.
* http://bugzilla.kernel.org/show_bug.cgi?id=8842
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
-index 1316ddd..0f10a1d 100644
+index 3d13276..e4d0f31 100644
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -41,7 +41,6 @@ ACPI_MODULE_NAME("video");
@@ -40426,10 +40512,10 @@ index 16288e7..91ab5f3 100644
int ret;
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 55e257c..554c697 100644
+index 31c183a..f09c966 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -103,7 +103,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
+@@ -104,7 +104,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
static void ata_dev_xfermask(struct ata_device *dev);
static unsigned long ata_dev_blacklisted(const struct ata_device *dev);
@@ -40438,7 +40524,7 @@ index 55e257c..554c697 100644
struct ata_force_param {
const char *name;
-@@ -4804,7 +4804,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4987,7 +4987,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -40447,7 +40533,7 @@ index 55e257c..554c697 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4821,7 +4821,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -5004,7 +5004,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -40456,7 +40542,7 @@ index 55e257c..554c697 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5928,6 +5928,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -6111,6 +6111,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -40464,7 +40550,7 @@ index 55e257c..554c697 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5941,8 +5942,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -6124,8 +6125,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -40475,7 +40561,7 @@ index 55e257c..554c697 100644
spin_unlock(&lock);
}
-@@ -6138,7 +6140,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6321,7 +6323,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
/* give ports names and add SCSI hosts */
for (i = 0; i < host->n_ports; i++) {
@@ -40485,10 +40571,10 @@ index 55e257c..554c697 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index 567859c..ffe7c75 100644
+index bfec66f..e3e9c6e 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
-@@ -4196,7 +4196,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4673,7 +4673,7 @@ int ata_sas_port_init(struct ata_port *ap)
if (rc)
return rc;
@@ -40498,7 +40584,7 @@ index 567859c..ffe7c75 100644
}
EXPORT_SYMBOL_GPL(ata_sas_port_init);
diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h
-index f840ca1..edd6ef3 100644
+index 3b301a4..ff15676 100644
--- a/drivers/ata/libata.h
+++ b/drivers/ata/libata.h
@@ -53,7 +53,7 @@ enum {
@@ -40681,10 +40767,10 @@ index 6339efd..2b441d5 100644
dma_complete++;
}
diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c
-index a969a7e..f5c5cd8 100644
+index 85aaf22..8730d15 100644
--- a/drivers/atm/firestream.c
+++ b/drivers/atm/firestream.c
-@@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q)
+@@ -753,7 +753,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q)
}
}
@@ -40693,7 +40779,7 @@ index a969a7e..f5c5cd8 100644
fs_dprintk (FS_DEBUG_TXMEM, "i");
fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
-@@ -816,7 +816,7 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
+@@ -820,7 +820,7 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
#endif
skb_put (skb, qe->p1 & 0xffff);
ATM_SKB(skb)->vcc = atm_vcc;
@@ -40702,7 +40788,7 @@ index a969a7e..f5c5cd8 100644
__net_timestamp(skb);
fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
atm_vcc->push (atm_vcc, skb);
-@@ -837,12 +837,12 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
+@@ -841,12 +841,12 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
kfree (pe);
}
if (atm_vcc)
@@ -41043,7 +41129,7 @@ index 074616b..d6b3d5f 100644
}
atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
-index 7d00f29..a9a6c74 100644
+index 809dd1e..ee10755 100644
--- a/drivers/atm/iphase.c
+++ b/drivers/atm/iphase.c
@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
@@ -41650,10 +41736,10 @@ index 279e539..4c9d7fb 100644
static void platform_msi_free_descs(struct device *dev, int base, int nvec)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index 56705b5..4e938f5 100644
+index de23b64..7821200 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
-@@ -1841,8 +1841,10 @@ int genpd_dev_pm_attach(struct device *dev)
+@@ -1814,8 +1814,10 @@ int genpd_dev_pm_attach(struct device *dev)
goto out;
}
@@ -42114,7 +42200,7 @@ index 7a1cf7e..0330e12 100644
int rs_last_events; /* counter of read or write "events" (unit sectors)
* on the lower level device when we last looked. */
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index fa20977..1285a70 100644
+index 2ba1494..e799369 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1329,7 +1329,7 @@ static int _drbd_send_ack(struct drbd_peer_device *peer_device, enum drbd_packet
@@ -42158,7 +42244,7 @@ index fa20977..1285a70 100644
idr_destroy(&connection->peer_devices);
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
-index 1fd1dcc..30ab091 100644
+index 0bac9c8..8b1cde594 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -89,8 +89,8 @@ int drbd_adm_get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
@@ -42172,7 +42258,7 @@ index 1fd1dcc..30ab091 100644
DEFINE_MUTEX(notification_mutex);
-@@ -4389,7 +4389,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib)
+@@ -4393,7 +4393,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib)
unsigned seq;
int err = -ENOMEM;
@@ -42181,7 +42267,7 @@ index 1fd1dcc..30ab091 100644
msg = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
if (!msg)
goto failed;
-@@ -4441,7 +4441,7 @@ void notify_resource_state(struct sk_buff *skb,
+@@ -4445,7 +4445,7 @@ void notify_resource_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42190,7 +42276,7 @@ index 1fd1dcc..30ab091 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4492,7 +4492,7 @@ void notify_device_state(struct sk_buff *skb,
+@@ -4496,7 +4496,7 @@ void notify_device_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42199,7 +42285,7 @@ index 1fd1dcc..30ab091 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4541,7 +4541,7 @@ void notify_connection_state(struct sk_buff *skb,
+@@ -4545,7 +4545,7 @@ void notify_connection_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42208,7 +42294,7 @@ index 1fd1dcc..30ab091 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4591,7 +4591,7 @@ void notify_peer_device_state(struct sk_buff *skb,
+@@ -4595,7 +4595,7 @@ void notify_peer_device_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42217,7 +42303,7 @@ index 1fd1dcc..30ab091 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4634,7 +4634,7 @@ void notify_helper(enum drbd_notification_type type,
+@@ -4638,7 +4638,7 @@ void notify_helper(enum drbd_notification_type type,
{
struct drbd_resource *resource = device ? device->resource : connection->resource;
struct drbd_helper_info helper_info;
@@ -42591,7 +42677,7 @@ index d06c62e..cd04d96 100644
if (ti.nwa_v) {
pd->nwa = be32_to_cpu(ti.next_writable);
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
-index 0ede6d7..9bc6529 100644
+index 81666a5..938f3bb 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -64,7 +64,7 @@
@@ -42768,7 +42854,7 @@ index 584bc31..e64a12c 100644
static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index 3ec0766..bf9f1e9 100644
+index 601f64f..3958e475 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -17,7 +17,8 @@ config DEVMEM
@@ -42781,9 +42867,9 @@ index 3ec0766..bf9f1e9 100644
help
Say Y here if you want to support the /dev/kmem device. The
/dev/kmem device is rarely used, but can be used for certain
-@@ -587,6 +588,7 @@ config DEVPORT
+@@ -585,6 +586,7 @@ config TELCLOCK
+ config DEVPORT
bool
- depends on !M68K
depends on ISA || PCI
+ depends on !GRKERNSEC_KMEM
default y
@@ -42912,7 +42998,7 @@ index 9f2e3be..676c910 100644
int rv = param_set_int(val, kp);
if (rv)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 1e25b52..9b8ee6a 100644
+index 7b1c412..0b41fca 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -302,7 +302,7 @@ struct smi_info {
@@ -42945,7 +43031,7 @@ index 1e25b52..9b8ee6a 100644
module_param_call(hotmod, hotmod_handler, NULL, NULL, 0200);
MODULE_PARM_DESC(hotmod, "Add and remove interfaces. See"
-@@ -1806,7 +1806,7 @@ static struct smi_info *smi_info_alloc(void)
+@@ -1819,7 +1819,7 @@ static struct smi_info *smi_info_alloc(void)
return info;
}
@@ -42954,7 +43040,7 @@ index 1e25b52..9b8ee6a 100644
{
char *str = kstrdup(val, GFP_KERNEL);
int rv;
-@@ -3626,7 +3626,7 @@ static int try_smi_init(struct smi_info *new_smi)
+@@ -3639,7 +3639,7 @@ static int try_smi_init(struct smi_info *new_smi)
atomic_set(&new_smi->req_events, 0);
new_smi->run_to_completion = false;
for (i = 0; i < SI_NUM_STATS; i++)
@@ -42964,7 +43050,7 @@ index 1e25b52..9b8ee6a 100644
new_smi->interrupt_disabled = true;
atomic_set(&new_smi->need_watch, 0);
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
-index 8b3be8b..c342470 100644
+index 097c868..f14f1d2 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -284,17 +284,17 @@ struct ssif_info {
@@ -43170,10 +43256,10 @@ index 678fa97..5598cef 100644
*ppos = i;
diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c
-index 22c2765..d92c8fa 100644
+index d28922d..3c343d6 100644
--- a/drivers/char/pcmcia/synclink_cs.c
+++ b/drivers/char/pcmcia/synclink_cs.c
-@@ -2340,7 +2340,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2333,7 +2333,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) entry, count=%d\n",
@@ -43182,7 +43268,7 @@ index 22c2765..d92c8fa 100644
if (tty_port_close_start(port, tty, filp) == 0)
goto cleanup;
-@@ -2358,7 +2358,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2351,7 +2351,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
cleanup:
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__,
@@ -43191,7 +43277,7 @@ index 22c2765..d92c8fa 100644
}
/* Wait until the transmitter is empty.
-@@ -2500,7 +2500,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2493,7 +2493,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_open(%s), old ref count = %d\n",
@@ -43200,7 +43286,7 @@ index 22c2765..d92c8fa 100644
port->low_latency = (port->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -2511,11 +2511,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2504,11 +2504,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
goto cleanup;
}
spin_lock(&port->lock);
@@ -43214,7 +43300,7 @@ index 22c2765..d92c8fa 100644
/* 1st open on this device, init hardware */
retval = startup(info, tty);
if (retval < 0)
-@@ -3904,7 +3904,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -3897,7 +3897,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
unsigned short new_crctype;
/* return error if TTY interface open */
@@ -43223,7 +43309,7 @@ index 22c2765..d92c8fa 100644
return -EBUSY;
switch (encoding)
-@@ -4008,7 +4008,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -4001,7 +4001,7 @@ static int hdlcdev_open(struct net_device *dev)
/* arbitrate between network and tty opens */
spin_lock_irqsave(&info->netlock, flags);
@@ -43232,7 +43318,7 @@ index 22c2765..d92c8fa 100644
printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
spin_unlock_irqrestore(&info->netlock, flags);
return -EBUSY;
-@@ -4098,7 +4098,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -4091,7 +4091,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name);
/* return error if TTY interface open */
@@ -43242,10 +43328,10 @@ index 22c2765..d92c8fa 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index b583e53..f3bb4ac 100644
+index 0158d3b..69116a2 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
-@@ -289,9 +289,6 @@
+@@ -290,9 +290,6 @@
/*
* To allow fractional bits to be tracked, the entropy_count field is
* denominated in units of 1/8th bits.
@@ -43255,7 +43341,7 @@ index b583e53..f3bb4ac 100644
*/
#define ENTROPY_SHIFT 3
#define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
-@@ -442,9 +439,9 @@ struct entropy_store {
+@@ -443,9 +440,9 @@ struct entropy_store {
};
static void push_to_pool(struct work_struct *work);
@@ -43268,7 +43354,7 @@ index b583e53..f3bb4ac 100644
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
-@@ -654,7 +651,7 @@ retry:
+@@ -655,7 +652,7 @@ retry:
/* The +2 corresponds to the /4 in the denominator */
do {
@@ -43277,7 +43363,7 @@ index b583e53..f3bb4ac 100644
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
-@@ -1227,7 +1224,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1228,7 +1225,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -43286,7 +43372,7 @@ index b583e53..f3bb4ac 100644
ret = -EFAULT;
break;
}
-@@ -1668,7 +1665,7 @@ static char sysctl_bootid[16];
+@@ -1649,7 +1646,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -43295,7 +43381,7 @@ index b583e53..f3bb4ac 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1698,7 +1695,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
+@@ -1679,7 +1676,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
static int proc_do_entropy(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -43449,18 +43535,18 @@ index d2406fe..473a5c0 100644
static void resize_console(struct port *port)
diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c
-index 1f903e1f8..5f1b4cb 100644
+index 00269de..3e17e60 100644
--- a/drivers/clk/clk-composite.c
+++ b/drivers/clk/clk-composite.c
-@@ -194,7 +194,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name,
- struct clk *clk;
+@@ -221,7 +221,7 @@ struct clk_hw *clk_hw_register_composite(struct device *dev, const char *name,
+ struct clk_hw *hw;
struct clk_init_data init;
struct clk_composite *composite;
- struct clk_ops *clk_composite_ops;
+ clk_ops_no_const *clk_composite_ops;
+ int ret;
composite = kzalloc(sizeof(*composite), GFP_KERNEL);
- if (!composite)
diff --git a/drivers/clk/samsung/clk.h b/drivers/clk/samsung/clk.h
index aa872d2..afeae37 100644
--- a/drivers/clk/samsung/clk.h
@@ -43650,10 +43736,10 @@ index 5fcf247..446780a 100644
return 0;
}
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
-index fb57121..ff57f22 100644
+index 32a1505..586dac0 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
-@@ -658,8 +658,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -697,8 +697,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
data->acpi_perf_cpu = cpu;
policy->driver_data = data;
@@ -43667,7 +43753,7 @@ index fb57121..ff57f22 100644
result = acpi_processor_register_performance(perf, cpu);
if (result)
-@@ -798,7 +801,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -836,7 +839,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
break;
case ACPI_ADR_SPACE_FIXED_HARDWARE:
@@ -43678,7 +43764,7 @@ index fb57121..ff57f22 100644
break;
default:
break;
-@@ -892,8 +897,10 @@ static void __init acpi_cpufreq_boost_init(void)
+@@ -933,8 +938,10 @@ static void __init acpi_cpufreq_boost_init(void)
if (!msrs)
return;
@@ -43692,10 +43778,10 @@ index fb57121..ff57f22 100644
cpu_notifier_register_begin();
diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
-index 5f8dbe6..57754e5 100644
+index 3957de8..fe991bb 100644
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
-@@ -368,7 +368,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
+@@ -366,7 +366,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
if (ret)
return ret;
@@ -43707,10 +43793,10 @@ index 5f8dbe6..57754e5 100644
ret = cpufreq_register_driver(&dt_cpufreq_driver);
if (ret)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index c4acfc5..95ed094 100644
+index 5617c70..eef44db 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -434,12 +434,12 @@ EXPORT_SYMBOL_GPL(cpufreq_freq_transition_end);
+@@ -511,12 +511,12 @@ EXPORT_SYMBOL_GPL(cpufreq_disable_fast_switch);
* SYSFS INTERFACE *
*********************************************************************/
static ssize_t show_boost(struct kobject *kobj,
@@ -43725,7 +43811,7 @@ index c4acfc5..95ed094 100644
const char *buf, size_t count)
{
int ret, enable;
-@@ -1999,7 +1999,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -2103,7 +2103,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
read_unlock_irqrestore(&cpufreq_driver_lock, flags);
mutex_lock(&cpufreq_governor_mutex);
@@ -43734,7 +43820,7 @@ index c4acfc5..95ed094 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2207,7 +2207,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2300,7 +2300,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -43743,7 +43829,7 @@ index c4acfc5..95ed094 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2250,13 +2250,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2343,13 +2343,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -43763,7 +43849,7 @@ index c4acfc5..95ed094 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n",
-@@ -2297,7 +2301,9 @@ int cpufreq_enable_boost_support(void)
+@@ -2390,7 +2394,9 @@ int cpufreq_enable_boost_support(void)
if (cpufreq_boost_supported())
return 0;
@@ -43774,7 +43860,7 @@ index c4acfc5..95ed094 100644
/* This will get removed on driver unregister */
return create_boost_sysfs_file();
-@@ -2354,8 +2360,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2447,8 +2453,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
cpufreq_driver = driver_data;
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
@@ -43789,10 +43875,10 @@ index c4acfc5..95ed094 100644
if (cpufreq_boost_supported()) {
ret = create_boost_sysfs_file();
diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
-index 61ff82f..ccc29a1 100644
+index 34eb214..7d41bf1 100644
--- a/drivers/cpufreq/cpufreq_governor.h
+++ b/drivers/cpufreq/cpufreq_governor.h
-@@ -176,7 +176,7 @@ static inline struct dbs_governor *dbs_governor_of(struct cpufreq_policy *policy
+@@ -152,7 +152,7 @@ static inline struct dbs_governor *dbs_governor_of(struct cpufreq_policy *policy
struct od_ops {
unsigned int (*powersave_bias_target)(struct cpufreq_policy *policy,
unsigned int freq_next, unsigned int relation);
@@ -43802,10 +43888,10 @@ index 61ff82f..ccc29a1 100644
unsigned int dbs_update(struct cpufreq_policy *policy);
int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event);
diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
-index acd8027..1d206c6 100644
+index 3001634..911f7d1 100644
--- a/drivers/cpufreq/cpufreq_ondemand.c
+++ b/drivers/cpufreq/cpufreq_ondemand.c
-@@ -410,7 +410,7 @@ static void od_start(struct cpufreq_policy *policy)
+@@ -415,7 +415,7 @@ static void od_start(struct cpufreq_policy *policy)
ondemand_powersave_bias_init(policy);
}
@@ -43814,7 +43900,7 @@ index acd8027..1d206c6 100644
.powersave_bias_target = generic_powersave_bias_target,
};
-@@ -471,14 +471,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
+@@ -476,14 +476,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
(struct cpufreq_policy *, unsigned int, unsigned int),
unsigned int powersave_bias)
{
@@ -43836,10 +43922,10 @@ index acd8027..1d206c6 100644
}
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index b230eba..aeb6923 100644
+index 1fa1a32..0f3e23e 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
-@@ -249,13 +249,13 @@ struct pstate_funcs {
+@@ -276,13 +276,13 @@ struct pstate_funcs {
struct cpu_defaults {
struct pstate_adjust_policy pid_policy;
struct pstate_funcs funcs;
@@ -43854,8 +43940,8 @@ index b230eba..aeb6923 100644
+static struct pstate_funcs *pstate_funcs;
static int hwp_active;
-
-@@ -521,13 +521,13 @@ static void __init intel_pstate_debug_expose_params(void)
+ #ifdef CONFIG_ACPI
+@@ -651,13 +651,13 @@ static void __init intel_pstate_debug_expose_params(void)
/************************** sysfs begin ************************/
#define show_one(file_name, object) \
static ssize_t show_##file_name \
@@ -43871,7 +43957,7 @@ index b230eba..aeb6923 100644
{
struct cpudata *cpu;
int total, no_turbo, turbo_pct;
-@@ -543,7 +543,7 @@ static ssize_t show_turbo_pct(struct kobject *kobj,
+@@ -673,7 +673,7 @@ static ssize_t show_turbo_pct(struct kobject *kobj,
}
static ssize_t show_num_pstates(struct kobject *kobj,
@@ -43880,7 +43966,7 @@ index b230eba..aeb6923 100644
{
struct cpudata *cpu;
int total;
-@@ -554,7 +554,7 @@ static ssize_t show_num_pstates(struct kobject *kobj,
+@@ -684,7 +684,7 @@ static ssize_t show_num_pstates(struct kobject *kobj,
}
static ssize_t show_no_turbo(struct kobject *kobj,
@@ -43889,7 +43975,7 @@ index b230eba..aeb6923 100644
{
ssize_t ret;
-@@ -567,7 +567,7 @@ static ssize_t show_no_turbo(struct kobject *kobj,
+@@ -697,7 +697,7 @@ static ssize_t show_no_turbo(struct kobject *kobj,
return ret;
}
@@ -43898,7 +43984,7 @@ index b230eba..aeb6923 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -591,7 +591,7 @@ static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
+@@ -721,7 +721,7 @@ static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
return count;
}
@@ -43907,7 +43993,7 @@ index b230eba..aeb6923 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -616,7 +616,7 @@ static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
+@@ -745,7 +745,7 @@ static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
return count;
}
@@ -43916,7 +44002,7 @@ index b230eba..aeb6923 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -1002,19 +1002,19 @@ static void intel_pstate_set_min_pstate(struct cpudata *cpu)
+@@ -1130,19 +1130,19 @@ static void intel_pstate_set_min_pstate(struct cpudata *cpu)
* right CPU.
*/
wrmsrl_on_cpu(cpu->cpu, MSR_IA32_PERF_CTL,
@@ -43944,7 +44030,7 @@ index b230eba..aeb6923 100644
intel_pstate_set_min_pstate(cpu);
}
-@@ -1164,7 +1164,7 @@ static inline void intel_pstate_update_pstate(struct cpudata *cpu, int pstate)
+@@ -1287,7 +1287,7 @@ static inline void intel_pstate_update_pstate(struct cpudata *cpu, int pstate)
return;
intel_pstate_record_pstate(cpu, pstate);
@@ -43953,7 +44039,7 @@ index b230eba..aeb6923 100644
}
static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
-@@ -1174,7 +1174,7 @@ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
+@@ -1297,7 +1297,7 @@ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
from = cpu->pstate.current_pstate;
@@ -43962,7 +44048,7 @@ index b230eba..aeb6923 100644
intel_pstate_update_pstate(cpu, target_pstate);
-@@ -1434,15 +1434,15 @@ static unsigned int force_load;
+@@ -1582,15 +1582,15 @@ static unsigned int force_load;
static int intel_pstate_msrs_not_valid(void)
{
@@ -43982,7 +44068,7 @@ index b230eba..aeb6923 100644
{
pid_params.sample_rate_ms = policy->sample_rate_ms;
pid_params.sample_rate_ns = pid_params.sample_rate_ms * NSEC_PER_MSEC;
-@@ -1455,15 +1455,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+@@ -1603,15 +1603,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
static void copy_cpu_funcs(struct pstate_funcs *funcs)
{
@@ -43998,12 +44084,12 @@ index b230eba..aeb6923 100644
+ pstate_funcs = funcs;
}
- #if IS_ENABLED(CONFIG_ACPI)
+ #ifdef CONFIG_ACPI
diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c
-index 5dd95da..ac41e5e 100644
+index fd77812..97e3efe 100644
--- a/drivers/cpufreq/p4-clockmod.c
+++ b/drivers/cpufreq/p4-clockmod.c
-@@ -134,10 +134,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+@@ -130,10 +130,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
case 0x0F: /* Core Duo */
case 0x16: /* Celeron Core */
case 0x1C: /* Atom */
@@ -44020,7 +44106,7 @@ index 5dd95da..ac41e5e 100644
/* fall through */
case 0x09: /* Pentium M (Banias) */
return speedstep_get_frequency(SPEEDSTEP_CPU_PM);
-@@ -149,7 +153,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+@@ -145,7 +149,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
/* on P-4s, the TSC runs with constant frequency independent whether
* throttling is active or not. */
@@ -44030,7 +44116,7 @@ index 5dd95da..ac41e5e 100644
+ pax_close_kernel();
if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
- printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. "
+ pr_warn("Warning: Pentium 4-M detected. The speedstep-ich or acpi cpufreq modules offer voltage scaling in addition of frequency scaling. You should use either one instead of p4-clockmod, if possible.\n");
diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c
index 9bb42ba..b01b4a2 100644
--- a/drivers/cpufreq/sparc-us3-cpufreq.c
@@ -44142,10 +44228,10 @@ index 9bb42ba..b01b4a2 100644
MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c
-index 7d4a315..ce41fb3 100644
+index 41bc539..e46a74d 100644
--- a/drivers/cpufreq/speedstep-centrino.c
+++ b/drivers/cpufreq/speedstep-centrino.c
-@@ -351,8 +351,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
+@@ -352,8 +352,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
!cpu_has(cpu, X86_FEATURE_EST))
return -ENODEV;
@@ -44279,7 +44365,7 @@ index b40d9c8..dcbcd94 100644
struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev);
diff --git a/drivers/crypto/qat/qat_common/adf_sriov.c b/drivers/crypto/qat/qat_common/adf_sriov.c
-index 38a0415..fc27277 100644
+index 4a526e2..6b28829 100644
--- a/drivers/crypto/qat/qat_common/adf_sriov.c
+++ b/drivers/crypto/qat/qat_common/adf_sriov.c
@@ -93,7 +93,7 @@ static void adf_iov_send_resp(struct work_struct *work)
@@ -44301,11 +44387,11 @@ index 38a0415..fc27277 100644
mutex_init(&vf_info->pf2vf_lock);
ratelimit_state_init(&vf_info->vf2pf_ratelimit,
diff --git a/drivers/crypto/qat/qat_common/adf_vf_isr.c b/drivers/crypto/qat/qat_common/adf_vf_isr.c
-index 09427b3..50f7306 100644
+index aa689ca..5cd8360 100644
--- a/drivers/crypto/qat/qat_common/adf_vf_isr.c
+++ b/drivers/crypto/qat/qat_common/adf_vf_isr.c
-@@ -90,9 +90,9 @@ static void adf_disable_msi(struct adf_accel_dev *accel_dev)
- pci_disable_msi(pdev);
+@@ -112,9 +112,9 @@ static void adf_dev_stop_async(struct work_struct *work)
+ kfree(stop_data);
}
-static void adf_pf2vf_bh_handler(void *data)
@@ -44316,7 +44402,7 @@ index 09427b3..50f7306 100644
struct adf_hw_device_data *hw_data = accel_dev->hw_device;
struct adf_bar *pmisc =
&GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)];
-@@ -143,7 +143,7 @@ err:
+@@ -183,7 +183,7 @@ err:
static int adf_setup_pf2vf_bh(struct adf_accel_dev *accel_dev)
{
tasklet_init(&accel_dev->vf.pf2vf_bh_tasklet,
@@ -44326,10 +44412,10 @@ index 09427b3..50f7306 100644
mutex_init(&accel_dev->vf.vf2pf_lock);
return 0;
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
-index 984c5e9..c873659 100644
+index e92418f..8ba37fb 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
-@@ -717,7 +717,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
+@@ -800,7 +800,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
goto err_out;
}
@@ -44338,7 +44424,7 @@ index 984c5e9..c873659 100644
list_for_each_entry(devfreq, &devfreq_list, node) {
int ret = 0;
-@@ -805,7 +805,7 @@ int devfreq_remove_governor(struct devfreq_governor *governor)
+@@ -888,7 +888,7 @@ int devfreq_remove_governor(struct devfreq_governor *governor)
}
}
@@ -44347,11 +44433,24 @@ index 984c5e9..c873659 100644
err_out:
mutex_unlock(&devfreq_list_lock);
+diff --git a/drivers/devfreq/governor_passive.c b/drivers/devfreq/governor_passive.c
+index 9ef46e2..775fc75 100644
+--- a/drivers/devfreq/governor_passive.c
++++ b/drivers/devfreq/governor_passive.c
+@@ -151,7 +151,7 @@ static int devfreq_passive_event_handler(struct devfreq *devfreq,
+ struct devfreq_passive_data *p_data
+ = (struct devfreq_passive_data *)devfreq->data;
+ struct devfreq *parent = (struct devfreq *)p_data->parent;
+- struct notifier_block *nb = &p_data->nb;
++ notifier_block_no_const *nb = &p_data->nb;
+ int ret = 0;
+
+ if (!parent)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
-index 4a2c07e..8f4b1cc 100644
+index 6355ab3..0f2a459 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
-@@ -880,10 +880,9 @@ static int dma_buf_describe(struct seq_file *s)
+@@ -881,10 +881,9 @@ static int dma_buf_describe(struct seq_file *s)
static int dma_buf_show(struct seq_file *s, void *unused)
{
@@ -44364,6 +44463,19 @@ index 4a2c07e..8f4b1cc 100644
}
static int dma_buf_debug_open(struct inode *inode, struct file *file)
+diff --git a/drivers/dma/qcom/hidma.c b/drivers/dma/qcom/hidma.c
+index 41b5c6d..644f4ea 100644
+--- a/drivers/dma/qcom/hidma.c
++++ b/drivers/dma/qcom/hidma.c
+@@ -547,7 +547,7 @@ static ssize_t hidma_show_values(struct device *dev,
+ static int hidma_create_sysfs_entry(struct hidma_dev *dev, char *name,
+ int mode)
+ {
+- struct device_attribute *attrs;
++ device_attribute_no_const *attrs;
+ char *name_copy;
+
+ attrs = devm_kmalloc(dev->ddev.dev, sizeof(struct device_attribute),
diff --git a/drivers/dma/qcom/hidma_mgmt_sys.c b/drivers/dma/qcom/hidma_mgmt_sys.c
index d61f106..a23baa3 100644
--- a/drivers/dma/qcom/hidma_mgmt_sys.c
@@ -44435,7 +44547,7 @@ index 93da1a4..5e2c149 100644
goto err_out;
diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
-index 26e65ab..9a1e25d 100644
+index 10c305b..4e92041 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -50,7 +50,7 @@ int edac_mc_get_poll_msec(void)
@@ -44803,10 +44915,10 @@ index d425374..1da1716 100644
EXPORT_SYMBOL_GPL(cper_next_record_id);
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
-index 3a69ed5..0cfea9c6 100644
+index 05509f3..498c7ec 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
-@@ -176,15 +176,17 @@ static struct attribute_group efi_subsys_attr_group = {
+@@ -177,15 +177,17 @@ static struct attribute_group efi_subsys_attr_group = {
};
static struct efivars generic_efivars;
@@ -44831,7 +44943,7 @@ index 3a69ed5..0cfea9c6 100644
return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
}
diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
-index 096adcb..0235592 100644
+index 116b244..b16d9f2 100644
--- a/drivers/firmware/efi/efivars.c
+++ b/drivers/firmware/efi/efivars.c
@@ -583,7 +583,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
@@ -44843,6 +44955,19 @@ index 096adcb..0235592 100644
int error;
/* new_var */
+diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
+index c069451..fca41b6 100644
+--- a/drivers/firmware/efi/libstub/Makefile
++++ b/drivers/firmware/efi/libstub/Makefile
+@@ -20,6 +20,8 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
+ $(call cc-option,-ffreestanding) \
+ $(call cc-option,-fno-stack-protector)
+
++KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
++
+ GCOV_PROFILE := n
+ KASAN_SANITIZE := n
+ UBSAN_SANITIZE := n
diff --git a/drivers/firmware/efi/runtime-map.c b/drivers/firmware/efi/runtime-map.c
index 5c55227..97f4978 100644
--- a/drivers/firmware/efi/runtime-map.c
@@ -44908,7 +45033,7 @@ index 5de3ed2..d839c56 100644
.sysfs_ops = &memmap_attr_ops,
.default_attrs = def_attrs,
diff --git a/drivers/firmware/psci.c b/drivers/firmware/psci.c
-index b5d0580..893aa47 100644
+index 03e0458..4a13085 100644
--- a/drivers/firmware/psci.c
+++ b/drivers/firmware/psci.c
@@ -58,7 +58,7 @@ bool psci_tos_resident_on(int cpu)
@@ -44996,10 +45121,10 @@ index 425501c..cad19ba 100644
if (devtype->gpio_dir_out)
gc->direction_output = devtype->gpio_dir_out;
diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
-index 551dfa9..fc6ca83 100644
+index b98ede7..c83e860 100644
--- a/drivers/gpio/gpio-omap.c
+++ b/drivers/gpio/gpio-omap.c
-@@ -1068,7 +1068,7 @@ static void omap_gpio_mod_init(struct gpio_bank *bank)
+@@ -1029,7 +1029,7 @@ static void omap_gpio_mod_init(struct gpio_bank *bank)
writel_relaxed(0, base + bank->regs->ctrl);
}
@@ -45008,7 +45133,7 @@ index 551dfa9..fc6ca83 100644
{
static int gpio;
int irq_base = 0;
-@@ -1158,7 +1158,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
+@@ -1119,7 +1119,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
const struct omap_gpio_platform_data *pdata;
struct resource *res;
struct gpio_bank *bank;
@@ -45018,10 +45143,10 @@ index 551dfa9..fc6ca83 100644
match = of_match_device(of_match_ptr(omap_gpio_match), dev);
diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
-index 4d9a315c..b1fed42 100644
+index 681c93f..143a923 100644
--- a/drivers/gpio/gpio-rcar.c
+++ b/drivers/gpio/gpio-rcar.c
-@@ -369,7 +369,7 @@ static int gpio_rcar_probe(struct platform_device *pdev)
+@@ -388,7 +388,7 @@ static int gpio_rcar_probe(struct platform_device *pdev)
struct gpio_rcar_priv *p;
struct resource *io, *irq;
struct gpio_chip *gpio_chip;
@@ -45044,10 +45169,10 @@ index ac8deb0..f3caa10 100644
return -EINVAL;
}
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
-index 996a733..742b84f 100644
+index be74bd3..76e7fc2 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
-@@ -1031,8 +1031,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
+@@ -1059,8 +1059,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
}
if (gpiochip->irqchip) {
@@ -45060,7 +45185,7 @@ index 996a733..742b84f 100644
gpiochip->irqchip = NULL;
}
}
-@@ -1109,8 +1111,10 @@ int _gpiochip_irqchip_add(struct gpio_chip *gpiochip,
+@@ -1137,8 +1139,10 @@ int _gpiochip_irqchip_add(struct gpio_chip *gpiochip,
*/
if (!irqchip->irq_request_resources &&
!irqchip->irq_release_resources) {
@@ -45074,10 +45199,10 @@ index 996a733..742b84f 100644
/*
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-index 1bcbade..c8d5713 100644
+index e055d5be..45982ec 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-@@ -1709,7 +1709,7 @@ void amdgpu_debugfs_cleanup(struct drm_minor *minor);
+@@ -1771,7 +1771,7 @@ void amdgpu_debugfs_cleanup(struct drm_minor *minor);
* amdgpu smumgr functions
*/
struct amdgpu_smumgr_funcs {
@@ -45086,15 +45211,6 @@ index 1bcbade..c8d5713 100644
int (*request_smu_load_fw)(struct amdgpu_device *adev);
int (*request_smu_specific_fw)(struct amdgpu_device *adev, uint32_t fwtype);
};
-@@ -2339,7 +2339,7 @@ static inline void amdgpu_unregister_atpx_handler(void) {}
- * KMS
- */
- extern const struct drm_ioctl_desc amdgpu_ioctls_kms[];
--extern int amdgpu_max_kms_ioctl;
-+extern const int amdgpu_max_kms_ioctl;
-
- int amdgpu_driver_load_kms(struct drm_device *dev, unsigned long flags);
- int amdgpu_driver_unload_kms(struct drm_device *dev);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
index 35a1248..fd2510a 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
@@ -45109,10 +45225,10 @@ index 35a1248..fd2510a 100644
if (amdgpu_atpx_priv.dhandle == ACPI_HANDLE(&pdev->dev))
return VGA_SWITCHEROO_IGD;
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-index 3e21732..21fc524 100644
+index cf6f49f..dffb8ab 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-@@ -1076,49 +1076,49 @@ int amdgpu_cgs_call_acpi_method(void *cgs_device,
+@@ -1105,50 +1105,50 @@ int amdgpu_cgs_call_acpi_method(struct cgs_device *cgs_device,
}
static const struct cgs_ops amdgpu_cgs_ops = {
@@ -45147,6 +45263,7 @@ index 3e21732..21fc524 100644
- amdgpu_cgs_pm_query_clock_limits,
- amdgpu_cgs_set_camera_voltages,
- amdgpu_cgs_get_firmware_info,
+- amdgpu_cgs_rel_firmware,
- amdgpu_cgs_set_powergating_state,
- amdgpu_cgs_set_clockgating_state,
- amdgpu_cgs_get_active_displays_info,
@@ -45184,6 +45301,7 @@ index 3e21732..21fc524 100644
+ .pm_query_clock_limits = amdgpu_cgs_pm_query_clock_limits,
+ .set_camera_voltages = amdgpu_cgs_set_camera_voltages,
+ .get_firmware_info = amdgpu_cgs_get_firmware_info,
++ .rel_firmware = amdgpu_cgs_rel_firmware,
+ .set_powergating_state = amdgpu_cgs_set_powergating_state,
+ .set_clockgating_state = amdgpu_cgs_set_clockgating_state,
+ .get_active_displays_info = amdgpu_cgs_get_active_displays_info,
@@ -45201,9 +45319,9 @@ index 3e21732..21fc524 100644
+ .irq_put = amdgpu_cgs_irq_put
};
- void *amdgpu_cgs_create_device(struct amdgpu_device *adev)
+ struct cgs_device *amdgpu_cgs_create_device(struct amdgpu_device *adev)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
-index 7ef2c13..dff07e5 100644
+index cb07da4..e7cd288 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -701,7 +701,7 @@ static int amdgpu_connector_lvds_get_modes(struct drm_connector *connector)
@@ -45243,7 +45361,7 @@ index 7ef2c13..dff07e5 100644
{
struct amdgpu_connector *amdgpu_connector = to_amdgpu_connector(connector);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-index 2139da7..222ef8b 100644
+index 6e92008..6051afc 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -1054,7 +1054,7 @@ static bool amdgpu_switcheroo_can_switch(struct pci_dev *pdev)
@@ -45256,10 +45374,10 @@ index 2139da7..222ef8b 100644
static const struct vga_switcheroo_client_ops amdgpu_switcheroo_ops = {
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
-index f1e17d6..e7d750a 100644
+index f888c01..7cf5bfe 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
-@@ -491,7 +491,7 @@ static struct drm_driver kms_driver = {
+@@ -515,7 +515,7 @@ static struct drm_driver kms_driver = {
.driver_features =
DRIVER_USE_AGP |
DRIVER_HAVE_IRQ | DRIVER_IRQ_SHARED | DRIVER_GEM |
@@ -45268,7 +45386,7 @@ index f1e17d6..e7d750a 100644
.dev_priv_size = 0,
.load = amdgpu_driver_load_kms,
.open = amdgpu_driver_open_kms,
-@@ -542,9 +542,6 @@ static struct drm_driver kms_driver = {
+@@ -566,9 +566,6 @@ static struct drm_driver kms_driver = {
.patchlevel = KMS_DRIVER_PATCHLEVEL,
};
@@ -45278,9 +45396,9 @@ index f1e17d6..e7d750a 100644
static struct pci_driver amdgpu_kms_pci_driver = {
.name = DRIVER_NAME,
.id_table = pciidlist,
-@@ -563,20 +560,21 @@ static int __init amdgpu_init(void)
+@@ -588,19 +585,20 @@ static int __init amdgpu_init(void)
+ return -EINVAL;
}
- #endif
DRM_INFO("amdgpu kernel modesetting enabled.\n");
- driver = &kms_driver;
- pdriver = &amdgpu_kms_pci_driver;
@@ -45292,7 +45410,6 @@ index f1e17d6..e7d750a 100644
+ pax_close_kernel();
+
amdgpu_register_atpx_handler();
-
/* let modprobe override vga console setting */
- return drm_pci_init(driver, pdriver);
+ return drm_pci_init(&kms_driver, &amdgpu_kms_pci_driver);
@@ -45305,17 +45422,43 @@ index f1e17d6..e7d750a 100644
+ drm_pci_exit(&kms_driver, &amdgpu_kms_pci_driver);
amdgpu_unregister_atpx_handler();
amdgpu_sync_fini();
+ amdgpu_fence_slab_fini();
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
+index 870f949..4a61ca8 100644<