Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/3.14.49/1047_linux-3.14.48.patch
diff options
context:
space:
mode:
Diffstat (limited to '3.14.49/1047_linux-3.14.48.patch')
-rw-r--r--3.14.49/1047_linux-3.14.48.patch1019
1 files changed, 1019 insertions, 0 deletions
diff --git a/3.14.49/1047_linux-3.14.48.patch b/3.14.49/1047_linux-3.14.48.patch
new file mode 100644
index 0000000..3a7169d
--- /dev/null
+++ b/3.14.49/1047_linux-3.14.48.patch
@@ -0,0 +1,1019 @@
+diff --git a/Makefile b/Makefile
+index f9041e6..25393e8 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 14
+-SUBLEVEL = 47
++SUBLEVEL = 48
+ EXTRAVERSION =
+ NAME = Remembering Coco
+
+diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
+index 9f79231..7d35af3 100644
+--- a/arch/arm/include/asm/kvm_mmu.h
++++ b/arch/arm/include/asm/kvm_mmu.h
+@@ -117,13 +117,14 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
+ (__boundary - 1 < (end) - 1)? __boundary: (end); \
+ })
+
++#define kvm_pgd_index(addr) pgd_index(addr)
++
+ static inline bool kvm_page_empty(void *ptr)
+ {
+ struct page *ptr_page = virt_to_page(ptr);
+ return page_count(ptr_page) == 1;
+ }
+
+-
+ #define kvm_pte_table_empty(ptep) kvm_page_empty(ptep)
+ #define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp)
+ #define kvm_pud_table_empty(pudp) (0)
+diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
+index 2e74a61..f6a52a2 100644
+--- a/arch/arm/kvm/arm.c
++++ b/arch/arm/kvm/arm.c
+@@ -441,6 +441,7 @@ static void update_vttbr(struct kvm *kvm)
+
+ static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
+ {
++ struct kvm *kvm = vcpu->kvm;
+ int ret;
+
+ if (likely(vcpu->arch.has_run_once))
+@@ -452,12 +453,20 @@ static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
+ * Initialize the VGIC before running a vcpu the first time on
+ * this VM.
+ */
+- if (unlikely(!vgic_initialized(vcpu->kvm))) {
+- ret = kvm_vgic_init(vcpu->kvm);
++ if (unlikely(!vgic_initialized(kvm))) {
++ ret = kvm_vgic_init(kvm);
+ if (ret)
+ return ret;
+ }
+
++ /*
++ * Enable the arch timers only if we have an in-kernel VGIC
++ * and it has been properly initialized, since we cannot handle
++ * interrupts from the virtual timer with a userspace gic.
++ */
++ if (irqchip_in_kernel(kvm) && vgic_initialized(kvm))
++ kvm_timer_enable(kvm);
++
+ return 0;
+ }
+
+diff --git a/arch/arm/kvm/interrupts.S b/arch/arm/kvm/interrupts.S
+index 0d68d40..a1467e7 100644
+--- a/arch/arm/kvm/interrupts.S
++++ b/arch/arm/kvm/interrupts.S
+@@ -159,13 +159,9 @@ __kvm_vcpu_return:
+ @ Don't trap coprocessor accesses for host kernel
+ set_hstr vmexit
+ set_hdcr vmexit
+- set_hcptr vmexit, (HCPTR_TTA | HCPTR_TCP(10) | HCPTR_TCP(11))
++ set_hcptr vmexit, (HCPTR_TTA | HCPTR_TCP(10) | HCPTR_TCP(11)), after_vfp_restore
+
+ #ifdef CONFIG_VFPv3
+- @ Save floating point registers we if let guest use them.
+- tst r2, #(HCPTR_TCP(10) | HCPTR_TCP(11))
+- bne after_vfp_restore
+-
+ @ Switch VFP/NEON hardware state to the host's
+ add r7, vcpu, #VCPU_VFP_GUEST
+ store_vfp_state r7
+@@ -177,6 +173,8 @@ after_vfp_restore:
+ @ Restore FPEXC_EN which we clobbered on entry
+ pop {r2}
+ VFPFMXR FPEXC, r2
++#else
++after_vfp_restore:
+ #endif
+
+ @ Reset Hyp-role
+@@ -467,7 +465,7 @@ switch_to_guest_vfp:
+ push {r3-r7}
+
+ @ NEON/VFP used. Turn on VFP access.
+- set_hcptr vmexit, (HCPTR_TCP(10) | HCPTR_TCP(11))
++ set_hcptr vmtrap, (HCPTR_TCP(10) | HCPTR_TCP(11))
+
+ @ Switch VFP/NEON hardware state to the guest's
+ add r7, r0, #VCPU_VFP_HOST
+diff --git a/arch/arm/kvm/interrupts_head.S b/arch/arm/kvm/interrupts_head.S
+index 76af9302..2973b2d 100644
+--- a/arch/arm/kvm/interrupts_head.S
++++ b/arch/arm/kvm/interrupts_head.S
+@@ -578,8 +578,13 @@ vcpu .req r0 @ vcpu pointer always in r0
+ .endm
+
+ /* Configures the HCPTR (Hyp Coprocessor Trap Register) on entry/return
+- * (hardware reset value is 0). Keep previous value in r2. */
+-.macro set_hcptr operation, mask
++ * (hardware reset value is 0). Keep previous value in r2.
++ * An ISB is emited on vmexit/vmtrap, but executed on vmexit only if
++ * VFP wasn't already enabled (always executed on vmtrap).
++ * If a label is specified with vmexit, it is branched to if VFP wasn't
++ * enabled.
++ */
++.macro set_hcptr operation, mask, label = none
+ mrc p15, 4, r2, c1, c1, 2
+ ldr r3, =\mask
+ .if \operation == vmentry
+@@ -588,6 +593,17 @@ vcpu .req r0 @ vcpu pointer always in r0
+ bic r3, r2, r3 @ Don't trap defined coproc-accesses
+ .endif
+ mcr p15, 4, r3, c1, c1, 2
++ .if \operation != vmentry
++ .if \operation == vmexit
++ tst r2, #(HCPTR_TCP(10) | HCPTR_TCP(11))
++ beq 1f
++ .endif
++ isb
++ .if \label != none
++ b \label
++ .endif
++1:
++ .endif
+ .endm
+
+ /* Configures the HDCR (Hyp Debug Configuration Register) on entry/return
+diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
+index 524b4b5..c612e37 100644
+--- a/arch/arm/kvm/mmu.c
++++ b/arch/arm/kvm/mmu.c
+@@ -194,7 +194,7 @@ static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
+ phys_addr_t addr = start, end = start + size;
+ phys_addr_t next;
+
+- pgd = pgdp + pgd_index(addr);
++ pgd = pgdp + kvm_pgd_index(addr);
+ do {
+ next = kvm_pgd_addr_end(addr, end);
+ if (!pgd_none(*pgd))
+@@ -264,7 +264,7 @@ static void stage2_flush_memslot(struct kvm *kvm,
+ phys_addr_t next;
+ pgd_t *pgd;
+
+- pgd = kvm->arch.pgd + pgd_index(addr);
++ pgd = kvm->arch.pgd + kvm_pgd_index(addr);
+ do {
+ next = kvm_pgd_addr_end(addr, end);
+ stage2_flush_puds(kvm, pgd, addr, next);
+@@ -649,7 +649,7 @@ static pmd_t *stage2_get_pmd(struct kvm *kvm, struct kvm_mmu_memory_cache *cache
+ pud_t *pud;
+ pmd_t *pmd;
+
+- pgd = kvm->arch.pgd + pgd_index(addr);
++ pgd = kvm->arch.pgd + kvm_pgd_index(addr);
+ pud = pud_offset(pgd, addr);
+ if (pud_none(*pud)) {
+ if (!cache)
+diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
+index 681cb90..91f33c2 100644
+--- a/arch/arm64/include/asm/kvm_emulate.h
++++ b/arch/arm64/include/asm/kvm_emulate.h
+@@ -41,6 +41,8 @@ void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
+ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
+ {
+ vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
++ if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features))
++ vcpu->arch.hcr_el2 &= ~HCR_RW;
+ }
+
+ static inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu)
+diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
+index 0d51874..15a8a86 100644
+--- a/arch/arm64/include/asm/kvm_mmu.h
++++ b/arch/arm64/include/asm/kvm_mmu.h
+@@ -69,6 +69,8 @@
+ #define PTRS_PER_S2_PGD (1 << (KVM_PHYS_SHIFT - PGDIR_SHIFT))
+ #define S2_PGD_ORDER get_order(PTRS_PER_S2_PGD * sizeof(pgd_t))
+
++#define kvm_pgd_index(addr) (((addr) >> PGDIR_SHIFT) & (PTRS_PER_S2_PGD - 1))
++
+ int create_hyp_mappings(void *from, void *to);
+ int create_hyp_io_mappings(void *from, void *to, phys_addr_t);
+ void free_boot_hyp_pgd(void);
+diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S
+index 5dfc8331..3aaf3bc 100644
+--- a/arch/arm64/kvm/hyp.S
++++ b/arch/arm64/kvm/hyp.S
+@@ -629,6 +629,7 @@ ENTRY(__kvm_tlb_flush_vmid_ipa)
+ * Instead, we invalidate Stage-2 for this IPA, and the
+ * whole of Stage-1. Weep...
+ */
++ lsr x1, x1, #12
+ tlbi ipas2e1is, x1
+ /*
+ * We have to ensure completion of the invalidation at Stage-2,
+diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
+index 70a7816..0b43265 100644
+--- a/arch/arm64/kvm/reset.c
++++ b/arch/arm64/kvm/reset.c
+@@ -90,7 +90,6 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
+ if (!cpu_has_32bit_el1())
+ return -EINVAL;
+ cpu_reset = &default_regs_reset32;
+- vcpu->arch.hcr_el2 &= ~HCR_RW;
+ } else {
+ cpu_reset = &default_regs_reset;
+ }
+diff --git a/arch/mips/include/asm/mach-generic/spaces.h b/arch/mips/include/asm/mach-generic/spaces.h
+index 9488fa5..afc96ec 100644
+--- a/arch/mips/include/asm/mach-generic/spaces.h
++++ b/arch/mips/include/asm/mach-generic/spaces.h
+@@ -94,7 +94,11 @@
+ #endif
+
+ #ifndef FIXADDR_TOP
++#ifdef CONFIG_KVM_GUEST
++#define FIXADDR_TOP ((unsigned long)(long)(int)0x7ffe0000)
++#else
+ #define FIXADDR_TOP ((unsigned long)(long)(int)0xfffe0000)
+ #endif
++#endif
+
+ #endif /* __ASM_MACH_GENERIC_SPACES_H */
+diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
+index 38265dc..65dfbd0 100644
+--- a/arch/powerpc/perf/core-book3s.c
++++ b/arch/powerpc/perf/core-book3s.c
+@@ -124,7 +124,16 @@ static inline void power_pmu_bhrb_read(struct cpu_hw_events *cpuhw) {}
+
+ static bool regs_use_siar(struct pt_regs *regs)
+ {
+- return !!regs->result;
++ /*
++ * When we take a performance monitor exception the regs are setup
++ * using perf_read_regs() which overloads some fields, in particular
++ * regs->result to tell us whether to use SIAR.
++ *
++ * However if the regs are from another exception, eg. a syscall, then
++ * they have not been setup using perf_read_regs() and so regs->result
++ * is something random.
++ */
++ return ((TRAP(regs) == 0xf00) && regs->result);
+ }
+
+ /*
+diff --git a/arch/sparc/kernel/ldc.c b/arch/sparc/kernel/ldc.c
+index 27bb554..7ef2862 100644
+--- a/arch/sparc/kernel/ldc.c
++++ b/arch/sparc/kernel/ldc.c
+@@ -2307,7 +2307,7 @@ void *ldc_alloc_exp_dring(struct ldc_channel *lp, unsigned int len,
+ if (len & (8UL - 1))
+ return ERR_PTR(-EINVAL);
+
+- buf = kzalloc(len, GFP_KERNEL);
++ buf = kzalloc(len, GFP_ATOMIC);
+ if (!buf)
+ return ERR_PTR(-ENOMEM);
+
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 5dab54a..96e743a 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -2440,9 +2440,19 @@ config X86_DMA_REMAP
+ depends on STA2X11
+
+ config IOSF_MBI
+- tristate
+- default m
++ tristate "Intel System On Chip IOSF Sideband support"
+ depends on PCI
++ ---help---
++ Enables sideband access to mailbox registers on SoC's. The sideband is
++ available on the following platforms. This list is not meant to be
++ exclusive.
++ - BayTrail
++ - Cherryview
++ - Braswell
++ - Quark
++
++ You should say Y if you are running a kernel on one of these
++ platforms.
+
+ source "net/Kconfig"
+
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index e9dc029..ac03bd7 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -571,7 +571,7 @@ struct kvm_arch {
+ struct kvm_pic *vpic;
+ struct kvm_ioapic *vioapic;
+ struct kvm_pit *vpit;
+- int vapics_in_nmi_mode;
++ atomic_t vapics_in_nmi_mode;
+ struct mutex apic_map_lock;
+ struct kvm_apic_map *apic_map;
+
+diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
+index 298781d..1406ffd 100644
+--- a/arch/x86/kvm/i8254.c
++++ b/arch/x86/kvm/i8254.c
+@@ -305,7 +305,7 @@ static void pit_do_work(struct kthread_work *work)
+ * LVT0 to NMI delivery. Other PIC interrupts are just sent to
+ * VCPU0, and only if its LVT0 is in EXTINT mode.
+ */
+- if (kvm->arch.vapics_in_nmi_mode > 0)
++ if (atomic_read(&kvm->arch.vapics_in_nmi_mode) > 0)
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ kvm_apic_nmi_wd_deliver(vcpu);
+ }
+diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
+index 453e5fb..6456734 100644
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -1109,10 +1109,10 @@ static void apic_manage_nmi_watchdog(struct kvm_lapic *apic, u32 lvt0_val)
+ if (!nmi_wd_enabled) {
+ apic_debug("Receive NMI setting on APIC_LVT0 "
+ "for cpu %d\n", apic->vcpu->vcpu_id);
+- apic->vcpu->kvm->arch.vapics_in_nmi_mode++;
++ atomic_inc(&apic->vcpu->kvm->arch.vapics_in_nmi_mode);
+ }
+ } else if (nmi_wd_enabled)
+- apic->vcpu->kvm->arch.vapics_in_nmi_mode--;
++ atomic_dec(&apic->vcpu->kvm->arch.vapics_in_nmi_mode);
+ }
+
+ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
+diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c
+index 4f25ec0..bf00138 100644
+--- a/arch/x86/pci/acpi.c
++++ b/arch/x86/pci/acpi.c
+@@ -84,6 +84,17 @@ static const struct dmi_system_id pci_crs_quirks[] __initconst = {
+ DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies, LTD"),
+ },
+ },
++ /* https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/931368 */
++ /* https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1033299 */
++ {
++ .callback = set_use_crs,
++ .ident = "Foxconn K8M890-8237A",
++ .matches = {
++ DMI_MATCH(DMI_BOARD_VENDOR, "Foxconn"),
++ DMI_MATCH(DMI_BOARD_NAME, "K8M890-8237A"),
++ DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies, LTD"),
++ },
++ },
+
+ /* Now for the blacklist.. */
+
+@@ -124,8 +135,10 @@ void __init pci_acpi_crs_quirks(void)
+ {
+ int year;
+
+- if (dmi_get_date(DMI_BIOS_DATE, &year, NULL, NULL) && year < 2008)
+- pci_use_crs = false;
++ if (dmi_get_date(DMI_BIOS_DATE, &year, NULL, NULL) && year < 2008) {
++ if (iomem_resource.end <= 0xffffffff)
++ pci_use_crs = false;
++ }
+
+ dmi_check_system(pci_crs_quirks);
+
+diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
+index 533a509..fbc693b 100644
+--- a/drivers/cpufreq/intel_pstate.c
++++ b/drivers/cpufreq/intel_pstate.c
+@@ -417,7 +417,7 @@ static void byt_set_pstate(struct cpudata *cpudata, int pstate)
+
+ val |= vid;
+
+- wrmsrl(MSR_IA32_PERF_CTL, val);
++ wrmsrl_on_cpu(cpudata->cpu, MSR_IA32_PERF_CTL, val);
+ }
+
+ #define BYT_BCLK_FREQS 5
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
+index 5967667..1f35487 100644
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -927,7 +927,8 @@ static int sg_to_link_tbl(struct scatterlist *sg, int sg_count,
+ sg_count--;
+ link_tbl_ptr--;
+ }
+- be16_add_cpu(&link_tbl_ptr->len, cryptlen);
++ link_tbl_ptr->len = cpu_to_be16(be16_to_cpu(link_tbl_ptr->len)
++ + cryptlen);
+
+ /* tag end of link table */
+ link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
+@@ -2563,6 +2564,7 @@ static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev,
+ break;
+ default:
+ dev_err(dev, "unknown algorithm type %d\n", t_alg->algt.type);
++ kfree(t_alg);
+ return ERR_PTR(-EINVAL);
+ }
+
+diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
+index 9cbef59..9359740 100644
+--- a/drivers/iommu/amd_iommu.c
++++ b/drivers/iommu/amd_iommu.c
+@@ -1922,9 +1922,15 @@ static void free_pt_##LVL (unsigned long __pt) \
+ pt = (u64 *)__pt; \
+ \
+ for (i = 0; i < 512; ++i) { \
++ /* PTE present? */ \
+ if (!IOMMU_PTE_PRESENT(pt[i])) \
+ continue; \
+ \
++ /* Large PTE? */ \
++ if (PM_PTE_LEVEL(pt[i]) == 0 || \
++ PM_PTE_LEVEL(pt[i]) == 7) \
++ continue; \
++ \
+ p = (unsigned long)IOMMU_PTE_PAGE(pt[i]); \
+ FN(p); \
+ } \
+diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
+index 25f7419..62c3fb9 100644
+--- a/drivers/net/phy/phy_device.c
++++ b/drivers/net/phy/phy_device.c
+@@ -765,10 +765,11 @@ static int genphy_config_advert(struct phy_device *phydev)
+ if (phydev->supported & (SUPPORTED_1000baseT_Half |
+ SUPPORTED_1000baseT_Full)) {
+ adv |= ethtool_adv_to_mii_ctrl1000_t(advertise);
+- if (adv != oldadv)
+- changed = 1;
+ }
+
++ if (adv != oldadv)
++ changed = 1;
++
+ err = phy_write(phydev, MII_CTRL1000, adv);
+ if (err < 0)
+ return err;
+diff --git a/fs/dcache.c b/fs/dcache.c
+index 1d7e8a3..aa24f7d 100644
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -2905,17 +2905,6 @@ restart:
+ vfsmnt = &mnt->mnt;
+ continue;
+ }
+- /*
+- * Filesystems needing to implement special "root names"
+- * should do so with ->d_dname()
+- */
+- if (IS_ROOT(dentry) &&
+- (dentry->d_name.len != 1 ||
+- dentry->d_name.name[0] != '/')) {
+- WARN(1, "Root dentry has weird name <%.*s>\n",
+- (int) dentry->d_name.len,
+- dentry->d_name.name);
+- }
+ if (!error)
+ error = is_mounted(vfsmnt) ? 1 : 2;
+ break;
+diff --git a/fs/inode.c b/fs/inode.c
+index e846a32..644875b 100644
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1631,8 +1631,8 @@ int file_remove_suid(struct file *file)
+ error = security_inode_killpriv(dentry);
+ if (!error && killsuid)
+ error = __remove_suid(dentry, killsuid);
+- if (!error && (inode->i_sb->s_flags & MS_NOSEC))
+- inode->i_flags |= S_NOSEC;
++ if (!error)
++ inode_has_no_xattr(inode);
+
+ return error;
+ }
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 2faa7ea..fc99d18 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -3031,11 +3031,15 @@ bool fs_fully_visible(struct file_system_type *type)
+ if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
+ continue;
+
+- /* This mount is not fully visible if there are any child mounts
+- * that cover anything except for empty directories.
++ /* This mount is not fully visible if there are any
++ * locked child mounts that cover anything except for
++ * empty directories.
+ */
+ list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
+ struct inode *inode = child->mnt_mountpoint->d_inode;
++ /* Only worry about locked mounts */
++ if (!(mnt->mnt.mnt_flags & MNT_LOCKED))
++ continue;
+ if (!S_ISDIR(inode->i_mode))
+ goto next;
+ if (inode->i_nlink > 2)
+diff --git a/include/kvm/arm_arch_timer.h b/include/kvm/arm_arch_timer.h
+index 6d9aedd..327b155 100644
+--- a/include/kvm/arm_arch_timer.h
++++ b/include/kvm/arm_arch_timer.h
+@@ -60,7 +60,8 @@ struct arch_timer_cpu {
+
+ #ifdef CONFIG_KVM_ARM_TIMER
+ int kvm_timer_hyp_init(void);
+-int kvm_timer_init(struct kvm *kvm);
++void kvm_timer_enable(struct kvm *kvm);
++void kvm_timer_init(struct kvm *kvm);
+ void kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu,
+ const struct kvm_irq_level *irq);
+ void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu);
+@@ -73,11 +74,8 @@ static inline int kvm_timer_hyp_init(void)
+ return 0;
+ };
+
+-static inline int kvm_timer_init(struct kvm *kvm)
+-{
+- return 0;
+-}
+-
++static inline void kvm_timer_enable(struct kvm *kvm) {}
++static inline void kvm_timer_init(struct kvm *kvm) {}
+ static inline void kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu,
+ const struct kvm_irq_level *irq) {}
+ static inline void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu) {}
+diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h
+index 3573a81..8ba379f 100644
+--- a/include/net/netns/sctp.h
++++ b/include/net/netns/sctp.h
+@@ -31,6 +31,7 @@ struct netns_sctp {
+ struct list_head addr_waitq;
+ struct timer_list addr_wq_timer;
+ struct list_head auto_asconf_splist;
++ /* Lock that protects both addr_waitq and auto_asconf_splist */
+ spinlock_t addr_wq_lock;
+
+ /* Lock that protects the local_addr_list writers */
+diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
+index 0dfcc92..2c2d388 100644
+--- a/include/net/sctp/structs.h
++++ b/include/net/sctp/structs.h
+@@ -219,6 +219,10 @@ struct sctp_sock {
+ atomic_t pd_mode;
+ /* Receive to here while partial delivery is in effect. */
+ struct sk_buff_head pd_lobby;
++
++ /* These must be the last fields, as they will skipped on copies,
++ * like on accept and peeloff operations
++ */
+ struct list_head auto_asconf_list;
+ int do_auto_asconf;
+ };
+diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
+index a9a4a1b..8d423bc 100644
+--- a/net/bridge/br_ioctl.c
++++ b/net/bridge/br_ioctl.c
+@@ -247,9 +247,7 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+ if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
+
+- spin_lock_bh(&br->lock);
+ br_stp_set_bridge_priority(br, args[1]);
+- spin_unlock_bh(&br->lock);
+ return 0;
+
+ case BRCTL_SET_PORT_PRIORITY:
+diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
+index 11a2e6c..7bbc8fe 100644
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1086,6 +1086,9 @@ static void br_multicast_add_router(struct net_bridge *br,
+ struct net_bridge_port *p;
+ struct hlist_node *slot = NULL;
+
++ if (!hlist_unhashed(&port->rlist))
++ return;
++
+ hlist_for_each_entry(p, &br->router_list, rlist) {
+ if ((unsigned long) port >= (unsigned long) p)
+ break;
+@@ -1113,12 +1116,8 @@ static void br_multicast_mark_router(struct net_bridge *br,
+ if (port->multicast_router != 1)
+ return;
+
+- if (!hlist_unhashed(&port->rlist))
+- goto timer;
+-
+ br_multicast_add_router(br, port);
+
+-timer:
+ mod_timer(&port->multicast_router_timer,
+ now + br->multicast_querier_interval);
+ }
+diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
+index 189ba1e..9a0005a 100644
+--- a/net/bridge/br_stp_if.c
++++ b/net/bridge/br_stp_if.c
+@@ -243,12 +243,13 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
+ return true;
+ }
+
+-/* called under bridge lock */
++/* Acquires and releases bridge lock */
+ void br_stp_set_bridge_priority(struct net_bridge *br, u16 newprio)
+ {
+ struct net_bridge_port *p;
+ int wasroot;
+
++ spin_lock_bh(&br->lock);
+ wasroot = br_is_root_bridge(br);
+
+ list_for_each_entry(p, &br->port_list, list) {
+@@ -266,6 +267,7 @@ void br_stp_set_bridge_priority(struct net_bridge *br, u16 newprio)
+ br_port_state_selection(br);
+ if (br_is_root_bridge(br) && !wasroot)
+ br_become_root_bridge(br);
++ spin_unlock_bh(&br->lock);
+ }
+
+ /* called under bridge lock */
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index 7d95f69..0f062c6 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -976,6 +976,8 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
+ rc = 0;
+ if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
+ goto out_unlock_bh;
++ if (neigh->dead)
++ goto out_dead;
+
+ if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
+ if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
+@@ -1032,6 +1034,13 @@ out_unlock_bh:
+ write_unlock(&neigh->lock);
+ local_bh_enable();
+ return rc;
++
++out_dead:
++ if (neigh->nud_state & NUD_STALE)
++ goto out_unlock_bh;
++ write_unlock_bh(&neigh->lock);
++ kfree_skb(skb);
++ return 1;
+ }
+ EXPORT_SYMBOL(__neigh_event_send);
+
+@@ -1095,6 +1104,8 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
+ if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
+ (old & (NUD_NOARP | NUD_PERMANENT)))
+ goto out;
++ if (neigh->dead)
++ goto out;
+
+ if (!(new & NUD_VALID)) {
+ neigh_del_timer(neigh);
+@@ -1244,6 +1255,8 @@ EXPORT_SYMBOL(neigh_update);
+ */
+ void __neigh_set_probe_once(struct neighbour *neigh)
+ {
++ if (neigh->dead)
++ return;
+ neigh->updated = jiffies;
+ if (!(neigh->nud_state & NUD_FAILED))
+ return;
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c
+index 69ec61a..8207f8d 100644
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -368,9 +368,11 @@ refill:
+ for (order = NETDEV_FRAG_PAGE_MAX_ORDER; ;) {
+ gfp_t gfp = gfp_mask;
+
+- if (order)
++ if (order) {
+ gfp |= __GFP_COMP | __GFP_NOWARN |
+ __GFP_NOMEMALLOC;
++ gfp &= ~__GFP_WAIT;
++ }
+ nc->frag.page = alloc_pages(gfp, order);
+ if (likely(nc->frag.page))
+ break;
+diff --git a/net/core/sock.c b/net/core/sock.c
+index 650dd58..8ebfa52 100644
+--- a/net/core/sock.c
++++ b/net/core/sock.c
+@@ -1914,8 +1914,10 @@ bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t prio)
+ do {
+ gfp_t gfp = prio;
+
+- if (order)
++ if (order) {
+ gfp |= __GFP_COMP | __GFP_NOWARN | __GFP_NORETRY;
++ gfp &= ~__GFP_WAIT;
++ }
+ pfrag->page = alloc_pages(gfp, order);
+ if (likely(pfrag->page)) {
+ pfrag->offset = 0;
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
+index 07bd8ed..951fe55 100644
+--- a/net/ipv4/af_inet.c
++++ b/net/ipv4/af_inet.c
+@@ -228,6 +228,8 @@ int inet_listen(struct socket *sock, int backlog)
+ err = 0;
+ if (err)
+ goto out;
++
++ tcp_fastopen_init_key_once(true);
+ }
+ err = inet_csk_listen_start(sk, backlog);
+ if (err)
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
+index 29d240b..dc45221 100644
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -2684,10 +2684,13 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
+
+ case TCP_FASTOPEN:
+ if (val >= 0 && ((1 << sk->sk_state) & (TCPF_CLOSE |
+- TCPF_LISTEN)))
++ TCPF_LISTEN))) {
++ tcp_fastopen_init_key_once(true);
++
+ err = fastopen_init_queue(sk, val);
+- else
++ } else {
+ err = -EINVAL;
++ }
+ break;
+ case TCP_TIMESTAMP:
+ if (!tp->repair)
+diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
+index f195d93..ee6518d 100644
+--- a/net/ipv4/tcp_fastopen.c
++++ b/net/ipv4/tcp_fastopen.c
+@@ -84,8 +84,6 @@ void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
+ __be32 path[4] = { src, dst, 0, 0 };
+ struct tcp_fastopen_context *ctx;
+
+- tcp_fastopen_init_key_once(true);
+-
+ rcu_read_lock();
+ ctx = rcu_dereference(tcp_fastopen_ctx);
+ if (ctx) {
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
+index 48b1817..84a60b8 100644
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -1264,16 +1264,6 @@ static void packet_sock_destruct(struct sock *sk)
+ sk_refcnt_debug_dec(sk);
+ }
+
+-static int fanout_rr_next(struct packet_fanout *f, unsigned int num)
+-{
+- int x = atomic_read(&f->rr_cur) + 1;
+-
+- if (x >= num)
+- x = 0;
+-
+- return x;
+-}
+-
+ static unsigned int fanout_demux_hash(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+@@ -1285,13 +1275,9 @@ static unsigned int fanout_demux_lb(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+ {
+- int cur, old;
++ unsigned int val = atomic_inc_return(&f->rr_cur);
+
+- cur = atomic_read(&f->rr_cur);
+- while ((old = atomic_cmpxchg(&f->rr_cur, cur,
+- fanout_rr_next(f, num))) != cur)
+- cur = old;
+- return cur;
++ return val % num;
+ }
+
+ static unsigned int fanout_demux_cpu(struct packet_fanout *f,
+@@ -1345,7 +1331,7 @@ static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
+ struct packet_type *pt, struct net_device *orig_dev)
+ {
+ struct packet_fanout *f = pt->af_packet_priv;
+- unsigned int num = f->num_members;
++ unsigned int num = ACCESS_ONCE(f->num_members);
+ struct packet_sock *po;
+ unsigned int idx;
+
+diff --git a/net/sctp/output.c b/net/sctp/output.c
+index 740ca5f..e39e6d5 100644
+--- a/net/sctp/output.c
++++ b/net/sctp/output.c
+@@ -599,7 +599,9 @@ out:
+ return err;
+ no_route:
+ kfree_skb(nskb);
+- IP_INC_STATS(sock_net(asoc->base.sk), IPSTATS_MIB_OUTNOROUTES);
++
++ if (asoc)
++ IP_INC_STATS(sock_net(asoc->base.sk), IPSTATS_MIB_OUTNOROUTES);
+
+ /* FIXME: Returning the 'err' will effect all the associations
+ * associated with a socket, although only one of the paths of the
+diff --git a/net/sctp/socket.c b/net/sctp/socket.c
+index 604a6ac..f940fdc 100644
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -1532,8 +1532,10 @@ static void sctp_close(struct sock *sk, long timeout)
+
+ /* Supposedly, no process has access to the socket, but
+ * the net layers still may.
++ * Also, sctp_destroy_sock() needs to be called with addr_wq_lock
++ * held and that should be grabbed before socket lock.
+ */
+- local_bh_disable();
++ spin_lock_bh(&net->sctp.addr_wq_lock);
+ bh_lock_sock(sk);
+
+ /* Hold the sock, since sk_common_release() will put sock_put()
+@@ -1543,7 +1545,7 @@ static void sctp_close(struct sock *sk, long timeout)
+ sk_common_release(sk);
+
+ bh_unlock_sock(sk);
+- local_bh_enable();
++ spin_unlock_bh(&net->sctp.addr_wq_lock);
+
+ sock_put(sk);
+
+@@ -3511,6 +3513,7 @@ static int sctp_setsockopt_auto_asconf(struct sock *sk, char __user *optval,
+ if ((val && sp->do_auto_asconf) || (!val && !sp->do_auto_asconf))
+ return 0;
+
++ spin_lock_bh(&sock_net(sk)->sctp.addr_wq_lock);
+ if (val == 0 && sp->do_auto_asconf) {
+ list_del(&sp->auto_asconf_list);
+ sp->do_auto_asconf = 0;
+@@ -3519,6 +3522,7 @@ static int sctp_setsockopt_auto_asconf(struct sock *sk, char __user *optval,
+ &sock_net(sk)->sctp.auto_asconf_splist);
+ sp->do_auto_asconf = 1;
+ }
++ spin_unlock_bh(&sock_net(sk)->sctp.addr_wq_lock);
+ return 0;
+ }
+
+@@ -4009,18 +4013,28 @@ static int sctp_init_sock(struct sock *sk)
+ local_bh_disable();
+ percpu_counter_inc(&sctp_sockets_allocated);
+ sock_prot_inuse_add(net, sk->sk_prot, 1);
++
++ /* Nothing can fail after this block, otherwise
++ * sctp_destroy_sock() will be called without addr_wq_lock held
++ */
+ if (net->sctp.default_auto_asconf) {
++ spin_lock(&sock_net(sk)->sctp.addr_wq_lock);
+ list_add_tail(&sp->auto_asconf_list,
+ &net->sctp.auto_asconf_splist);
+ sp->do_auto_asconf = 1;
+- } else
++ spin_unlock(&sock_net(sk)->sctp.addr_wq_lock);
++ } else {
+ sp->do_auto_asconf = 0;
++ }
++
+ local_bh_enable();
+
+ return 0;
+ }
+
+-/* Cleanup any SCTP per socket resources. */
++/* Cleanup any SCTP per socket resources. Must be called with
++ * sock_net(sk)->sctp.addr_wq_lock held if sp->do_auto_asconf is true
++ */
+ static void sctp_destroy_sock(struct sock *sk)
+ {
+ struct sctp_sock *sp;
+@@ -6973,6 +6987,19 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
+ newinet->mc_list = NULL;
+ }
+
++static inline void sctp_copy_descendant(struct sock *sk_to,
++ const struct sock *sk_from)
++{
++ int ancestor_size = sizeof(struct inet_sock) +
++ sizeof(struct sctp_sock) -
++ offsetof(struct sctp_sock, auto_asconf_list);
++
++ if (sk_from->sk_family == PF_INET6)
++ ancestor_size += sizeof(struct ipv6_pinfo);
++
++ __inet_sk_copy_descendant(sk_to, sk_from, ancestor_size);
++}
++
+ /* Populate the fields of the newsk from the oldsk and migrate the assoc
+ * and its messages to the newsk.
+ */
+@@ -6987,7 +7014,6 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
+ struct sk_buff *skb, *tmp;
+ struct sctp_ulpevent *event;
+ struct sctp_bind_hashbucket *head;
+- struct list_head tmplist;
+
+ /* Migrate socket buffer sizes and all the socket level options to the
+ * new socket.
+@@ -6995,12 +7021,7 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
+ newsk->sk_sndbuf = oldsk->sk_sndbuf;
+ newsk->sk_rcvbuf = oldsk->sk_rcvbuf;
+ /* Brute force copy old sctp opt. */
+- if (oldsp->do_auto_asconf) {
+- memcpy(&tmplist, &newsp->auto_asconf_list, sizeof(tmplist));
+- inet_sk_copy_descendant(newsk, oldsk);
+- memcpy(&newsp->auto_asconf_list, &tmplist, sizeof(tmplist));
+- } else
+- inet_sk_copy_descendant(newsk, oldsk);
++ sctp_copy_descendant(newsk, oldsk);
+
+ /* Restore the ep value that was overwritten with the above structure
+ * copy.
+diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c
+index 5081e80..c6fe405 100644
+--- a/virt/kvm/arm/arch_timer.c
++++ b/virt/kvm/arm/arch_timer.c
+@@ -61,12 +61,14 @@ static void timer_disarm(struct arch_timer_cpu *timer)
+
+ static void kvm_timer_inject_irq(struct kvm_vcpu *vcpu)
+ {
++ int ret;
+ struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu;
+
+ timer->cntv_ctl |= ARCH_TIMER_CTRL_IT_MASK;
+- kvm_vgic_inject_irq(vcpu->kvm, vcpu->vcpu_id,
+- timer->irq->irq,
+- timer->irq->level);
++ ret = kvm_vgic_inject_irq(vcpu->kvm, vcpu->vcpu_id,
++ timer->irq->irq,
++ timer->irq->level);
++ WARN_ON(ret);
+ }
+
+ static irqreturn_t kvm_arch_timer_handler(int irq, void *dev_id)
+@@ -307,12 +309,24 @@ void kvm_timer_vcpu_terminate(struct kvm_vcpu *vcpu)
+ timer_disarm(timer);
+ }
+
+-int kvm_timer_init(struct kvm *kvm)
++void kvm_timer_enable(struct kvm *kvm)
+ {
+- if (timecounter && wqueue) {
+- kvm->arch.timer.cntvoff = kvm_phys_timer_read();
++ if (kvm->arch.timer.enabled)
++ return;
++
++ /*
++ * There is a potential race here between VCPUs starting for the first
++ * time, which may be enabling the timer multiple times. That doesn't
++ * hurt though, because we're just setting a variable to the same
++ * variable that it already was. The important thing is that all
++ * VCPUs have the enabled variable set, before entering the guest, if
++ * the arch timers are enabled.
++ */
++ if (timecounter && wqueue)
+ kvm->arch.timer.enabled = 1;
+- }
++}
+
+- return 0;
++void kvm_timer_init(struct kvm *kvm)
++{
++ kvm->arch.timer.cntvoff = kvm_phys_timer_read();
+ }
+diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
+index c324a52..152ec76 100644
+--- a/virt/kvm/arm/vgic.c
++++ b/virt/kvm/arm/vgic.c
+@@ -1042,6 +1042,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
+ lr, irq, vgic_cpu->vgic_lr[lr]);
+ BUG_ON(!test_bit(lr, vgic_cpu->lr_used));
+ vgic_cpu->vgic_lr[lr] |= GICH_LR_PENDING_BIT;
++ __clear_bit(lr, (unsigned long *)vgic_cpu->vgic_elrsr);
+ return true;
+ }
+
+@@ -1055,6 +1056,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
+ vgic_cpu->vgic_lr[lr] = MK_LR_PEND(sgi_source_id, irq);
+ vgic_cpu->vgic_irq_lr_map[irq] = lr;
+ set_bit(lr, vgic_cpu->lr_used);
++ __clear_bit(lr, (unsigned long *)vgic_cpu->vgic_elrsr);
+
+ if (!vgic_irq_is_edge(vcpu, irq))
+ vgic_cpu->vgic_lr[lr] |= GICH_LR_EOI;
+@@ -1209,6 +1211,14 @@ static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
+ if (vgic_cpu->vgic_misr & GICH_MISR_U)
+ vgic_cpu->vgic_hcr &= ~GICH_HCR_UIE;
+
++ /*
++ * In the next iterations of the vcpu loop, if we sync the vgic state
++ * after flushing it, but before entering the guest (this happens for
++ * pending signals and vmid rollovers), then make sure we don't pick
++ * up any old maintenance interrupts here.
++ */
++ memset(vgic_cpu->vgic_eisr, 0, sizeof(vgic_cpu->vgic_eisr[0]) * 2);
++
+ return level_pending;
+ }
+