diff options
Diffstat (limited to '4.7.4/1003_linux-4.7.4.patch')
-rw-r--r-- | 4.7.4/1003_linux-4.7.4.patch | 2424 |
1 files changed, 0 insertions, 2424 deletions
diff --git a/4.7.4/1003_linux-4.7.4.patch b/4.7.4/1003_linux-4.7.4.patch deleted file mode 100644 index af6c1d4..0000000 --- a/4.7.4/1003_linux-4.7.4.patch +++ /dev/null @@ -1,2424 +0,0 @@ -diff --git a/Makefile b/Makefile -index 4afff18..ec3bd11 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 7 --SUBLEVEL = 3 -+SUBLEVEL = 4 - EXTRAVERSION = - NAME = Psychotic Stoned Sheep - -diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 60078a6..b15e1c1 100644 ---- a/arch/x86/kernel/apic/apic.c -+++ b/arch/x86/kernel/apic/apic.c -@@ -1597,6 +1597,9 @@ void __init enable_IR_x2apic(void) - unsigned long flags; - int ret, ir_stat; - -+ if (skip_ioapic_setup) -+ return; -+ - ir_stat = irq_remapping_prepare(); - if (ir_stat < 0 && !x2apic_supported()) - return; -diff --git a/block/blk-core.c b/block/blk-core.c -index 2475b1c7..b993f88 100644 ---- a/block/blk-core.c -+++ b/block/blk-core.c -@@ -515,7 +515,9 @@ EXPORT_SYMBOL_GPL(blk_queue_bypass_end); - - void blk_set_queue_dying(struct request_queue *q) - { -- queue_flag_set_unlocked(QUEUE_FLAG_DYING, q); -+ spin_lock_irq(q->queue_lock); -+ queue_flag_set(QUEUE_FLAG_DYING, q); -+ spin_unlock_irq(q->queue_lock); - - if (q->mq_ops) - blk_mq_wake_waiters(q); -diff --git a/block/blk-merge.c b/block/blk-merge.c -index 2613531..bea9344 100644 ---- a/block/blk-merge.c -+++ b/block/blk-merge.c -@@ -94,9 +94,31 @@ static struct bio *blk_bio_segment_split(struct request_queue *q, - bool do_split = true; - struct bio *new = NULL; - const unsigned max_sectors = get_max_io_size(q, bio); -+ unsigned bvecs = 0; - - bio_for_each_segment(bv, bio, iter) { - /* -+ * With arbitrary bio size, the incoming bio may be very -+ * big. We have to split the bio into small bios so that -+ * each holds at most BIO_MAX_PAGES bvecs because -+ * bio_clone() can fail to allocate big bvecs. -+ * -+ * It should have been better to apply the limit per -+ * request queue in which bio_clone() is involved, -+ * instead of globally. The biggest blocker is the -+ * bio_clone() in bio bounce. -+ * -+ * If bio is splitted by this reason, we should have -+ * allowed to continue bios merging, but don't do -+ * that now for making the change simple. -+ * -+ * TODO: deal with bio bounce's bio_clone() gracefully -+ * and convert the global limit into per-queue limit. -+ */ -+ if (bvecs++ >= BIO_MAX_PAGES) -+ goto split; -+ -+ /* - * If the queue doesn't support SG gaps and adding this - * offset would create a gap, disallow it. - */ -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c -index 84708a5..b206115 100644 ---- a/drivers/block/floppy.c -+++ b/drivers/block/floppy.c -@@ -3663,11 +3663,6 @@ static int floppy_open(struct block_device *bdev, fmode_t mode) - - opened_bdev[drive] = bdev; - -- if (!(mode & (FMODE_READ|FMODE_WRITE))) { -- res = -EINVAL; -- goto out; -- } -- - res = -ENXIO; - - if (!floppy_track_buffer) { -@@ -3711,20 +3706,21 @@ static int floppy_open(struct block_device *bdev, fmode_t mode) - if (UFDCS->rawcmd == 1) - UFDCS->rawcmd = 2; - -- UDRS->last_checked = 0; -- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); -- check_disk_change(bdev); -- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) -- goto out; -- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) -- goto out; -- -- res = -EROFS; -- -- if ((mode & FMODE_WRITE) && -- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) -- goto out; -- -+ if (!(mode & FMODE_NDELAY)) { -+ if (mode & (FMODE_READ|FMODE_WRITE)) { -+ UDRS->last_checked = 0; -+ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); -+ check_disk_change(bdev); -+ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) -+ goto out; -+ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) -+ goto out; -+ } -+ res = -EROFS; -+ if ((mode & FMODE_WRITE) && -+ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) -+ goto out; -+ } - mutex_unlock(&open_lock); - mutex_unlock(&floppy_mutex); - return 0; -diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c b/drivers/cpufreq/cpufreq-dt-platdev.c -index 0bb44d5..2ee40fd 100644 ---- a/drivers/cpufreq/cpufreq-dt-platdev.c -+++ b/drivers/cpufreq/cpufreq-dt-platdev.c -@@ -74,6 +74,8 @@ static const struct of_device_id machines[] __initconst = { - { .compatible = "ti,omap5", }, - - { .compatible = "xlnx,zynq-7000", }, -+ -+ { } - }; - - static int __init cpufreq_dt_platdev_init(void) -diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c -index 6dc5971..b304421 100644 ---- a/drivers/crypto/caam/caamalg.c -+++ b/drivers/crypto/caam/caamalg.c -@@ -556,7 +556,10 @@ skip_enc: - - /* Read and write assoclen bytes */ - append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ); -- append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); -+ if (alg->caam.geniv) -+ append_math_add_imm_u32(desc, VARSEQOUTLEN, REG3, IMM, ivsize); -+ else -+ append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); - - /* Skip assoc data */ - append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); -@@ -565,6 +568,14 @@ skip_enc: - append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS2 | FIFOLD_TYPE_MSG | - KEY_VLF); - -+ if (alg->caam.geniv) { -+ append_seq_load(desc, ivsize, LDST_CLASS_1_CCB | -+ LDST_SRCDST_BYTE_CONTEXT | -+ (ctx1_iv_off << LDST_OFFSET_SHIFT)); -+ append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO | -+ (ctx1_iv_off << MOVE_OFFSET_SHIFT) | ivsize); -+ } -+ - /* Load Counter into CONTEXT1 reg */ - if (is_rfc3686) - append_load_imm_u32(desc, be32_to_cpu(1), LDST_IMM | -@@ -2150,7 +2161,7 @@ static void init_authenc_job(struct aead_request *req, - - init_aead_job(req, edesc, all_contig, encrypt); - -- if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt))) -+ if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv)) - append_load_as_imm(desc, req->iv, ivsize, - LDST_CLASS_1_CCB | - LDST_SRCDST_BYTE_CONTEXT | -@@ -2537,20 +2548,6 @@ static int aead_decrypt(struct aead_request *req) - return ret; - } - --static int aead_givdecrypt(struct aead_request *req) --{ -- struct crypto_aead *aead = crypto_aead_reqtfm(req); -- unsigned int ivsize = crypto_aead_ivsize(aead); -- -- if (req->cryptlen < ivsize) -- return -EINVAL; -- -- req->cryptlen -= ivsize; -- req->assoclen += ivsize; -- -- return aead_decrypt(req); --} -- - /* - * allocate and map the ablkcipher extended descriptor for ablkcipher - */ -@@ -3210,7 +3207,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = MD5_DIGEST_SIZE, - }, -@@ -3256,7 +3253,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = SHA1_DIGEST_SIZE, - }, -@@ -3302,7 +3299,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = SHA224_DIGEST_SIZE, - }, -@@ -3348,7 +3345,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = SHA256_DIGEST_SIZE, - }, -@@ -3394,7 +3391,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = SHA384_DIGEST_SIZE, - }, -@@ -3440,7 +3437,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = AES_BLOCK_SIZE, - .maxauthsize = SHA512_DIGEST_SIZE, - }, -@@ -3486,7 +3483,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = MD5_DIGEST_SIZE, - }, -@@ -3534,7 +3531,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = SHA1_DIGEST_SIZE, - }, -@@ -3582,7 +3579,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = SHA224_DIGEST_SIZE, - }, -@@ -3630,7 +3627,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = SHA256_DIGEST_SIZE, - }, -@@ -3678,7 +3675,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = SHA384_DIGEST_SIZE, - }, -@@ -3726,7 +3723,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES3_EDE_BLOCK_SIZE, - .maxauthsize = SHA512_DIGEST_SIZE, - }, -@@ -3772,7 +3769,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = MD5_DIGEST_SIZE, - }, -@@ -3818,7 +3815,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = SHA1_DIGEST_SIZE, - }, -@@ -3864,7 +3861,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = SHA224_DIGEST_SIZE, - }, -@@ -3910,7 +3907,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = SHA256_DIGEST_SIZE, - }, -@@ -3956,7 +3953,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = SHA384_DIGEST_SIZE, - }, -@@ -4002,7 +3999,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = DES_BLOCK_SIZE, - .maxauthsize = SHA512_DIGEST_SIZE, - }, -@@ -4051,7 +4048,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = MD5_DIGEST_SIZE, - }, -@@ -4102,7 +4099,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = SHA1_DIGEST_SIZE, - }, -@@ -4153,7 +4150,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = SHA224_DIGEST_SIZE, - }, -@@ -4204,7 +4201,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = SHA256_DIGEST_SIZE, - }, -@@ -4255,7 +4252,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = SHA384_DIGEST_SIZE, - }, -@@ -4306,7 +4303,7 @@ static struct caam_aead_alg driver_aeads[] = { - .setkey = aead_setkey, - .setauthsize = aead_setauthsize, - .encrypt = aead_encrypt, -- .decrypt = aead_givdecrypt, -+ .decrypt = aead_decrypt, - .ivsize = CTR_RFC3686_IV_SIZE, - .maxauthsize = SHA512_DIGEST_SIZE, - }, -diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c -index 9bb99e2..79a05a3 100644 ---- a/drivers/gpu/drm/drm_atomic.c -+++ b/drivers/gpu/drm/drm_atomic.c -@@ -465,7 +465,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc, - val, - -1, - &replaced); -- state->color_mgmt_changed = replaced; -+ state->color_mgmt_changed |= replaced; - return ret; - } else if (property == config->ctm_property) { - ret = drm_atomic_replace_property_blob_from_id(crtc, -@@ -473,7 +473,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc, - val, - sizeof(struct drm_color_ctm), - &replaced); -- state->color_mgmt_changed = replaced; -+ state->color_mgmt_changed |= replaced; - return ret; - } else if (property == config->gamma_lut_property) { - ret = drm_atomic_replace_property_blob_from_id(crtc, -@@ -481,7 +481,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc, - val, - -1, - &replaced); -- state->color_mgmt_changed = replaced; -+ state->color_mgmt_changed |= replaced; - return ret; - } else if (crtc->funcs->atomic_set_property) - return crtc->funcs->atomic_set_property(crtc, state, property, val); -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 0e3cc66..a5cae1b 100644 ---- a/drivers/gpu/drm/drm_crtc.c -+++ b/drivers/gpu/drm/drm_crtc.c -@@ -5312,6 +5312,9 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev, - struct drm_pending_vblank_event *e = NULL; - int ret = -EINVAL; - -+ if (!drm_core_check_feature(dev, DRIVER_MODESET)) -+ return -EINVAL; -+ - if (page_flip->flags & ~DRM_MODE_PAGE_FLIP_FLAGS || - page_flip->reserved != 0) - return -EINVAL; -diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c -index eb4bb8b..eb515f0 100644 ---- a/drivers/gpu/drm/msm/msm_gem_submit.c -+++ b/drivers/gpu/drm/msm/msm_gem_submit.c -@@ -62,6 +62,14 @@ void msm_gem_submit_free(struct msm_gem_submit *submit) - kfree(submit); - } - -+static inline unsigned long __must_check -+copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) -+{ -+ if (access_ok(VERIFY_READ, from, n)) -+ return __copy_from_user_inatomic(to, from, n); -+ return -EFAULT; -+} -+ - static int submit_lookup_objects(struct msm_gem_submit *submit, - struct drm_msm_gem_submit *args, struct drm_file *file) - { -@@ -69,6 +77,7 @@ static int submit_lookup_objects(struct msm_gem_submit *submit, - int ret = 0; - - spin_lock(&file->table_lock); -+ pagefault_disable(); - - for (i = 0; i < args->nr_bos; i++) { - struct drm_msm_gem_submit_bo submit_bo; -@@ -82,10 +91,15 @@ static int submit_lookup_objects(struct msm_gem_submit *submit, - */ - submit->bos[i].flags = 0; - -- ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo)); -- if (ret) { -- ret = -EFAULT; -- goto out_unlock; -+ ret = copy_from_user_inatomic(&submit_bo, userptr, sizeof(submit_bo)); -+ if (unlikely(ret)) { -+ pagefault_enable(); -+ spin_unlock(&file->table_lock); -+ ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo)); -+ if (ret) -+ goto out; -+ spin_lock(&file->table_lock); -+ pagefault_disable(); - } - - if (submit_bo.flags & ~MSM_SUBMIT_BO_FLAGS) { -@@ -125,9 +139,12 @@ static int submit_lookup_objects(struct msm_gem_submit *submit, - } - - out_unlock: -- submit->nr_bos = i; -+ pagefault_enable(); - spin_unlock(&file->table_lock); - -+out: -+ submit->nr_bos = i; -+ - return ret; - } - -diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c -index 259cd6e..17e3454 100644 ---- a/drivers/gpu/drm/radeon/atombios_crtc.c -+++ b/drivers/gpu/drm/radeon/atombios_crtc.c -@@ -627,7 +627,9 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc, - if (radeon_crtc->ss.refdiv) { - radeon_crtc->pll_flags |= RADEON_PLL_USE_REF_DIV; - radeon_crtc->pll_reference_div = radeon_crtc->ss.refdiv; -- if (rdev->family >= CHIP_RV770) -+ if (ASIC_IS_AVIVO(rdev) && -+ rdev->family != CHIP_RS780 && -+ rdev->family != CHIP_RS880) - radeon_crtc->pll_flags |= RADEON_PLL_USE_FRAC_FB_DIV; - } - } -diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 590b037..0ab76dd 100644 ---- a/drivers/gpu/drm/radeon/radeon_ttm.c -+++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -263,8 +263,8 @@ static int radeon_move_blit(struct ttm_buffer_object *bo, - - rdev = radeon_get_rdev(bo->bdev); - ridx = radeon_copy_ring_index(rdev); -- old_start = old_mem->start << PAGE_SHIFT; -- new_start = new_mem->start << PAGE_SHIFT; -+ old_start = (u64)old_mem->start << PAGE_SHIFT; -+ new_start = (u64)new_mem->start << PAGE_SHIFT; - - switch (old_mem->mem_type) { - case TTM_PL_VRAM: -diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h -index 37cac59..2e24616 100644 ---- a/drivers/gpu/drm/vc4/vc4_drv.h -+++ b/drivers/gpu/drm/vc4/vc4_drv.h -@@ -321,6 +321,15 @@ vc4_first_render_job(struct vc4_dev *vc4) - struct vc4_exec_info, head); - } - -+static inline struct vc4_exec_info * -+vc4_last_render_job(struct vc4_dev *vc4) -+{ -+ if (list_empty(&vc4->render_job_list)) -+ return NULL; -+ return list_last_entry(&vc4->render_job_list, -+ struct vc4_exec_info, head); -+} -+ - /** - * struct vc4_texture_sample_info - saves the offsets into the UBO for texture - * setup parameters. -diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c -index 46899d6..78ab08e 100644 ---- a/drivers/gpu/drm/vc4/vc4_gem.c -+++ b/drivers/gpu/drm/vc4/vc4_gem.c -@@ -574,8 +574,8 @@ vc4_cl_lookup_bos(struct drm_device *dev, - spin_unlock(&file_priv->table_lock); - - fail: -- kfree(handles); -- return 0; -+ drm_free_large(handles); -+ return ret; - } - - static int -diff --git a/drivers/gpu/drm/vc4/vc4_irq.c b/drivers/gpu/drm/vc4/vc4_irq.c -index b0104a34..094bc6a 100644 ---- a/drivers/gpu/drm/vc4/vc4_irq.c -+++ b/drivers/gpu/drm/vc4/vc4_irq.c -@@ -83,8 +83,10 @@ vc4_overflow_mem_work(struct work_struct *work) - - spin_lock_irqsave(&vc4->job_lock, irqflags); - current_exec = vc4_first_bin_job(vc4); -+ if (!current_exec) -+ current_exec = vc4_last_render_job(vc4); - if (current_exec) { -- vc4->overflow_mem->seqno = vc4->finished_seqno + 1; -+ vc4->overflow_mem->seqno = current_exec->seqno; - list_add_tail(&vc4->overflow_mem->unref_head, - ¤t_exec->unref_list); - vc4->overflow_mem = NULL; -diff --git a/drivers/irqchip/irq-mips-gic.c b/drivers/irqchip/irq-mips-gic.c -index 70ed1d0..d3ef0fc 100644 ---- a/drivers/irqchip/irq-mips-gic.c -+++ b/drivers/irqchip/irq-mips-gic.c -@@ -713,9 +713,6 @@ static int gic_shared_irq_domain_map(struct irq_domain *d, unsigned int virq, - unsigned long flags; - int i; - -- irq_set_chip_and_handler(virq, &gic_level_irq_controller, -- handle_level_irq); -- - spin_lock_irqsave(&gic_lock, flags); - gic_map_to_pin(intr, gic_cpu_pin); - gic_map_to_vpe(intr, mips_cm_vp_id(vpe)); -@@ -732,6 +729,10 @@ static int gic_irq_domain_map(struct irq_domain *d, unsigned int virq, - { - if (GIC_HWIRQ_TO_LOCAL(hw) < GIC_NUM_LOCAL_INTRS) - return gic_local_irq_domain_map(d, virq, hw); -+ -+ irq_set_chip_and_handler(virq, &gic_level_irq_controller, -+ handle_level_irq); -+ - return gic_shared_irq_domain_map(d, virq, hw, 0); - } - -@@ -771,11 +772,13 @@ static int gic_irq_domain_alloc(struct irq_domain *d, unsigned int virq, - hwirq = GIC_SHARED_TO_HWIRQ(base_hwirq + i); - - ret = irq_domain_set_hwirq_and_chip(d, virq + i, hwirq, -- &gic_edge_irq_controller, -+ &gic_level_irq_controller, - NULL); - if (ret) - goto error; - -+ irq_set_handler(virq + i, handle_level_irq); -+ - ret = gic_shared_irq_domain_map(d, virq + i, hwirq, cpu); - if (ret) - goto error; -@@ -890,10 +893,17 @@ void gic_dev_domain_free(struct irq_domain *d, unsigned int virq, - return; - } - -+static void gic_dev_domain_activate(struct irq_domain *domain, -+ struct irq_data *d) -+{ -+ gic_shared_irq_domain_map(domain, d->irq, d->hwirq, 0); -+} -+ - static struct irq_domain_ops gic_dev_domain_ops = { - .xlate = gic_dev_domain_xlate, - .alloc = gic_dev_domain_alloc, - .free = gic_dev_domain_free, -+ .activate = gic_dev_domain_activate, - }; - - static int gic_ipi_domain_xlate(struct irq_domain *d, struct device_node *ctrlr, -diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c -index f5dbb4e..5d3b231 100644 ---- a/drivers/md/bcache/super.c -+++ b/drivers/md/bcache/super.c -@@ -1818,7 +1818,7 @@ static int cache_alloc(struct cache_sb *sb, struct cache *ca) - free = roundup_pow_of_two(ca->sb.nbuckets) >> 10; - - if (!init_fifo(&ca->free[RESERVE_BTREE], 8, GFP_KERNEL) || -- !init_fifo(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) || -+ !init_fifo_exact(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) || - !init_fifo(&ca->free[RESERVE_MOVINGGC], free, GFP_KERNEL) || - !init_fifo(&ca->free[RESERVE_NONE], free, GFP_KERNEL) || - !init_fifo(&ca->free_inc, free << 2, GFP_KERNEL) || -diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c -index e2fb44c..dc3a854 100644 ---- a/drivers/misc/mei/hw-me.c -+++ b/drivers/misc/mei/hw-me.c -@@ -1263,8 +1263,14 @@ static bool mei_me_fw_type_nm(struct pci_dev *pdev) - static bool mei_me_fw_type_sps(struct pci_dev *pdev) - { - u32 reg; -- /* Read ME FW Status check for SPS Firmware */ -- pci_read_config_dword(pdev, PCI_CFG_HFS_1, ®); -+ unsigned int devfn; -+ -+ /* -+ * Read ME FW Status register to check for SPS Firmware -+ * The SPS FW is only signaled in pci function 0 -+ */ -+ devfn = PCI_DEVFN(PCI_SLOT(pdev->devfn), 0); -+ pci_bus_read_config_dword(pdev->bus, devfn, PCI_CFG_HFS_1, ®); - trace_mei_pci_cfg_read(&pdev->dev, "PCI_CFG_HFS_1", PCI_CFG_HFS_1, reg); - /* if bits [19:16] = 15, running SPS Firmware */ - return (reg & 0xf0000) == 0xf0000; -diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c -index 64e64da..71cea9b 100644 ---- a/drivers/misc/mei/pci-me.c -+++ b/drivers/misc/mei/pci-me.c -@@ -85,8 +85,8 @@ static const struct pci_device_id mei_me_pci_tbl[] = { - - {MEI_PCI_DEVICE(MEI_DEV_ID_SPT, mei_me_pch8_cfg)}, - {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_2, mei_me_pch8_cfg)}, -- {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H, mei_me_pch8_cfg)}, -- {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H_2, mei_me_pch8_cfg)}, -+ {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H, mei_me_pch8_sps_cfg)}, -+ {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H_2, mei_me_pch8_sps_cfg)}, - - {MEI_PCI_DEVICE(MEI_DEV_ID_BXT_M, mei_me_pch8_cfg)}, - {MEI_PCI_DEVICE(MEI_DEV_ID_APL_I, mei_me_pch8_cfg)}, -diff --git a/drivers/scsi/constants.c b/drivers/scsi/constants.c -index 83458f7..6dc96c8 100644 ---- a/drivers/scsi/constants.c -+++ b/drivers/scsi/constants.c -@@ -361,8 +361,9 @@ static const char * const snstext[] = { - - /* Get sense key string or NULL if not available */ - const char * --scsi_sense_key_string(unsigned char key) { -- if (key <= 0xE) -+scsi_sense_key_string(unsigned char key) -+{ -+ if (key < ARRAY_SIZE(snstext)) - return snstext[key]; - return NULL; - } -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 0a4d54a..591e520 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -1196,6 +1196,8 @@ static int acm_probe(struct usb_interface *intf, - } - - if (!buflen) { -+ if (!intf->cur_altsetting || !intf->cur_altsetting->endpoint) -+ return -EINVAL; - if (intf->cur_altsetting->endpoint && - intf->cur_altsetting->endpoint->extralen && - intf->cur_altsetting->endpoint->extra) { -@@ -1276,6 +1278,8 @@ next_desc: - data_interface = usb_ifnum_to_if(usb_dev, (data_interface_num = call_interface_num)); - control_interface = intf; - } else { -+ if (!intf->cur_altsetting) -+ return -ENODEV; - if (intf->cur_altsetting->desc.bNumEndpoints != 3) { - dev_dbg(&intf->dev,"No union descriptor, giving up\n"); - return -ENODEV; -@@ -1305,15 +1309,22 @@ next_desc: - combined_interfaces = 1; - /* a popular other OS doesn't use it */ - quirks |= NO_CAP_LINE; -+ if (!data_interface->cur_altsetting) -+ return -EINVAL; - if (data_interface->cur_altsetting->desc.bNumEndpoints != 3) { - dev_err(&intf->dev, "This needs exactly 3 endpoints\n"); - return -EINVAL; - } - look_for_collapsed_interface: -+ if (!data_interface->cur_altsetting) -+ return -EINVAL; - for (i = 0; i < 3; i++) { - struct usb_endpoint_descriptor *ep; - ep = &data_interface->cur_altsetting->endpoint[i].desc; - -+ if (!ep) -+ return -ENODEV; -+ - if (usb_endpoint_is_int_in(ep)) - epctrl = ep; - else if (usb_endpoint_is_bulk_out(ep)) -@@ -1332,8 +1343,12 @@ look_for_collapsed_interface: - skip_normal_probe: - - /*workaround for switched interfaces */ -+ if (!data_interface->cur_altsetting) -+ return -EINVAL; - if (data_interface->cur_altsetting->desc.bInterfaceClass - != CDC_DATA_INTERFACE_TYPE) { -+ if (!control_interface->cur_altsetting) -+ return -EINVAL; - if (control_interface->cur_altsetting->desc.bInterfaceClass - == CDC_DATA_INTERFACE_TYPE) { - dev_dbg(&intf->dev, -@@ -1356,6 +1371,7 @@ skip_normal_probe: - - - if (data_interface->cur_altsetting->desc.bNumEndpoints < 2 || -+ !control_interface->cur_altsetting || - control_interface->cur_altsetting->desc.bNumEndpoints == 0) - return -EINVAL; - -@@ -1363,6 +1379,8 @@ skip_normal_probe: - epread = &data_interface->cur_altsetting->endpoint[0].desc; - epwrite = &data_interface->cur_altsetting->endpoint[1].desc; - -+ if (!epctrl || !epread || !epwrite) -+ return -ENODEV; - - /* workaround for switched endpoints */ - if (!usb_endpoint_dir_in(epread)) { -diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c -index 9d6320e..6e29d05 100644 ---- a/drivers/vhost/scsi.c -+++ b/drivers/vhost/scsi.c -@@ -88,7 +88,7 @@ struct vhost_scsi_cmd { - struct scatterlist *tvc_prot_sgl; - struct page **tvc_upages; - /* Pointer to response header iovec */ -- struct iovec *tvc_resp_iov; -+ struct iovec tvc_resp_iov; - /* Pointer to vhost_scsi for our device */ - struct vhost_scsi *tvc_vhost; - /* Pointer to vhost_virtqueue for the cmd */ -@@ -547,7 +547,7 @@ static void vhost_scsi_complete_cmd_work(struct vhost_work *work) - memcpy(v_rsp.sense, cmd->tvc_sense_buf, - se_cmd->scsi_sense_length); - -- iov_iter_init(&iov_iter, READ, cmd->tvc_resp_iov, -+ iov_iter_init(&iov_iter, READ, &cmd->tvc_resp_iov, - cmd->tvc_in_iovs, sizeof(v_rsp)); - ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter); - if (likely(ret == sizeof(v_rsp))) { -@@ -1044,7 +1044,7 @@ vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq) - } - cmd->tvc_vhost = vs; - cmd->tvc_vq = vq; -- cmd->tvc_resp_iov = &vq->iov[out]; -+ cmd->tvc_resp_iov = vq->iov[out]; - cmd->tvc_in_iovs = in; - - pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n", -diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c -index 7487971..c1010f01 100644 ---- a/drivers/xen/xenbus/xenbus_dev_frontend.c -+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c -@@ -316,7 +316,7 @@ static int xenbus_write_transaction(unsigned msg_type, - rc = -ENOMEM; - goto out; - } -- } else { -+ } else if (msg_type == XS_TRANSACTION_END) { - list_for_each_entry(trans, &u->transactions, list) - if (trans->handle.id == u->u.msg.tx_id) - break; -diff --git a/fs/block_dev.c b/fs/block_dev.c -index 71ccab1..b1495fa 100644 ---- a/fs/block_dev.c -+++ b/fs/block_dev.c -@@ -659,7 +659,7 @@ static struct dentry *bd_mount(struct file_system_type *fs_type, - { - struct dentry *dent; - dent = mount_pseudo(fs_type, "bdev:", &bdev_sops, NULL, BDEVFS_MAGIC); -- if (dent) -+ if (!IS_ERR(dent)) - dent->d_sb->s_iflags |= SB_I_CGROUPWB; - return dent; - } -diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c -index 0f9961e..f96547f 100644 ---- a/fs/crypto/policy.c -+++ b/fs/crypto/policy.c -@@ -95,10 +95,15 @@ static int create_encryption_context_from_policy(struct inode *inode, - int fscrypt_process_policy(struct inode *inode, - const struct fscrypt_policy *policy) - { -+ if (!inode_owner_or_capable(inode)) -+ return -EACCES; -+ - if (policy->version != 0) - return -EINVAL; - - if (!inode_has_encryption_context(inode)) { -+ if (!S_ISDIR(inode->i_mode)) -+ return -EINVAL; - if (!inode->i_sb->s_cop->empty_dir) - return -EOPNOTSUPP; - if (!inode->i_sb->s_cop->empty_dir(inode)) -diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c -index ad05069..8a9feb3 100644 ---- a/fs/ext4/crypto_policy.c -+++ b/fs/ext4/crypto_policy.c -@@ -102,6 +102,9 @@ static int ext4_create_encryption_context_from_policy( - int ext4_process_policy(const struct ext4_encryption_policy *policy, - struct inode *inode) - { -+ if (!inode_owner_or_capable(inode)) -+ return -EACCES; -+ - if (policy->version != 0) - return -EINVAL; - -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index b747ec0..ea628af 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -51,25 +51,31 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw, - struct ext4_inode_info *ei) - { - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); -- __u16 csum_lo; -- __u16 csum_hi = 0; - __u32 csum; -+ __u16 dummy_csum = 0; -+ int offset = offsetof(struct ext4_inode, i_checksum_lo); -+ unsigned int csum_size = sizeof(dummy_csum); - -- csum_lo = le16_to_cpu(raw->i_checksum_lo); -- raw->i_checksum_lo = 0; -- if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && -- EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) { -- csum_hi = le16_to_cpu(raw->i_checksum_hi); -- raw->i_checksum_hi = 0; -- } -+ csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw, offset); -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, csum_size); -+ offset += csum_size; -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset, -+ EXT4_GOOD_OLD_INODE_SIZE - offset); - -- csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw, -- EXT4_INODE_SIZE(inode->i_sb)); -- -- raw->i_checksum_lo = cpu_to_le16(csum_lo); -- if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && -- EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) -- raw->i_checksum_hi = cpu_to_le16(csum_hi); -+ if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { -+ offset = offsetof(struct ext4_inode, i_checksum_hi); -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw + -+ EXT4_GOOD_OLD_INODE_SIZE, -+ offset - EXT4_GOOD_OLD_INODE_SIZE); -+ if (EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) { -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, -+ csum_size); -+ offset += csum_size; -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset, -+ EXT4_INODE_SIZE(inode->i_sb) - -+ offset); -+ } -+ } - - return csum; - } -@@ -5460,8 +5466,6 @@ int ext4_mark_inode_dirty(handle_t *handle, struct inode *inode) - sbi->s_want_extra_isize, - iloc, handle); - if (ret) { -- ext4_set_inode_state(inode, -- EXT4_STATE_NO_EXPAND); - if (mnt_count != - le16_to_cpu(sbi->s_es->s_mnt_count)) { - ext4_warning(inode->i_sb, -diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c -index ec4c399..5bb46b6 100644 ---- a/fs/ext4/namei.c -+++ b/fs/ext4/namei.c -@@ -420,15 +420,14 @@ static __le32 ext4_dx_csum(struct inode *inode, struct ext4_dir_entry *dirent, - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); - struct ext4_inode_info *ei = EXT4_I(inode); - __u32 csum; -- __le32 save_csum; - int size; -+ __u32 dummy_csum = 0; -+ int offset = offsetof(struct dx_tail, dt_checksum); - - size = count_offset + (count * sizeof(struct dx_entry)); -- save_csum = t->dt_checksum; -- t->dt_checksum = 0; - csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)dirent, size); -- csum = ext4_chksum(sbi, csum, (__u8 *)t, sizeof(struct dx_tail)); -- t->dt_checksum = save_csum; -+ csum = ext4_chksum(sbi, csum, (__u8 *)t, offset); -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum)); - - return cpu_to_le32(csum); - } -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 639bd756..d4505f8 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -2068,23 +2068,25 @@ failed: - static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group, - struct ext4_group_desc *gdp) - { -- int offset; -+ int offset = offsetof(struct ext4_group_desc, bg_checksum); - __u16 crc = 0; - __le32 le_group = cpu_to_le32(block_group); - struct ext4_sb_info *sbi = EXT4_SB(sb); - - if (ext4_has_metadata_csum(sbi->s_sb)) { - /* Use new metadata_csum algorithm */ -- __le16 save_csum; - __u32 csum32; -+ __u16 dummy_csum = 0; - -- save_csum = gdp->bg_checksum; -- gdp->bg_checksum = 0; - csum32 = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&le_group, - sizeof(le_group)); -- csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp, -- sbi->s_desc_size); -- gdp->bg_checksum = save_csum; -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp, offset); -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)&dummy_csum, -+ sizeof(dummy_csum)); -+ offset += sizeof(dummy_csum); -+ if (offset < sbi->s_desc_size) -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp + offset, -+ sbi->s_desc_size - offset); - - crc = csum32 & 0xFFFF; - goto out; -@@ -2094,8 +2096,6 @@ static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group, - if (!ext4_has_feature_gdt_csum(sb)) - return 0; - -- offset = offsetof(struct ext4_group_desc, bg_checksum); -- - crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid)); - crc = crc16(crc, (__u8 *)&le_group, sizeof(le_group)); - crc = crc16(crc, (__u8 *)gdp, offset); -@@ -2131,6 +2131,7 @@ void ext4_group_desc_csum_set(struct super_block *sb, __u32 block_group, - - /* Called at mount-time, super-block is locked */ - static int ext4_check_descriptors(struct super_block *sb, -+ ext4_fsblk_t sb_block, - ext4_group_t *first_not_zeroed) - { - struct ext4_sb_info *sbi = EXT4_SB(sb); -@@ -2161,6 +2162,11 @@ static int ext4_check_descriptors(struct super_block *sb, - grp = i; - - block_bitmap = ext4_block_bitmap(sb, gdp); -+ if (block_bitmap == sb_block) { -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " -+ "Block bitmap for group %u overlaps " -+ "superblock", i); -+ } - if (block_bitmap < first_block || block_bitmap > last_block) { - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " - "Block bitmap for group %u not in group " -@@ -2168,6 +2174,11 @@ static int ext4_check_descriptors(struct super_block *sb, - return 0; - } - inode_bitmap = ext4_inode_bitmap(sb, gdp); -+ if (inode_bitmap == sb_block) { -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " -+ "Inode bitmap for group %u overlaps " -+ "superblock", i); -+ } - if (inode_bitmap < first_block || inode_bitmap > last_block) { - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " - "Inode bitmap for group %u not in group " -@@ -2175,6 +2186,11 @@ static int ext4_check_descriptors(struct super_block *sb, - return 0; - } - inode_table = ext4_inode_table(sb, gdp); -+ if (inode_table == sb_block) { -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " -+ "Inode table for group %u overlaps " -+ "superblock", i); -+ } - if (inode_table < first_block || - inode_table + sbi->s_itb_per_group - 1 > last_block) { - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " -@@ -3677,7 +3693,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - goto failed_mount2; - } - } -- if (!ext4_check_descriptors(sb, &first_not_zeroed)) { -+ if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) { - ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); - ret = -EFSCORRUPTED; - goto failed_mount2; -diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index e79bd32..2eb935c 100644 ---- a/fs/ext4/xattr.c -+++ b/fs/ext4/xattr.c -@@ -121,17 +121,18 @@ static __le32 ext4_xattr_block_csum(struct inode *inode, - { - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); - __u32 csum; -- __le32 save_csum; - __le64 dsk_block_nr = cpu_to_le64(block_nr); -+ __u32 dummy_csum = 0; -+ int offset = offsetof(struct ext4_xattr_header, h_checksum); - -- save_csum = hdr->h_checksum; -- hdr->h_checksum = 0; - csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&dsk_block_nr, - sizeof(dsk_block_nr)); -- csum = ext4_chksum(sbi, csum, (__u8 *)hdr, -- EXT4_BLOCK_SIZE(inode->i_sb)); -+ csum = ext4_chksum(sbi, csum, (__u8 *)hdr, offset); -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum)); -+ offset += sizeof(dummy_csum); -+ csum = ext4_chksum(sbi, csum, (__u8 *)hdr + offset, -+ EXT4_BLOCK_SIZE(inode->i_sb) - offset); - -- hdr->h_checksum = save_csum; - return cpu_to_le32(csum); - } - -@@ -1352,15 +1353,19 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize, - size_t min_offs, free; - int total_ino; - void *base, *start, *end; -- int extra_isize = 0, error = 0, tried_min_extra_isize = 0; -+ int error = 0, tried_min_extra_isize = 0; - int s_min_extra_isize = le16_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_min_extra_isize); -+ int isize_diff; /* How much do we need to grow i_extra_isize */ - - down_write(&EXT4_I(inode)->xattr_sem); -+ /* -+ * Set EXT4_STATE_NO_EXPAND to avoid recursion when marking inode dirty -+ */ -+ ext4_set_inode_state(inode, EXT4_STATE_NO_EXPAND); - retry: -- if (EXT4_I(inode)->i_extra_isize >= new_extra_isize) { -- up_write(&EXT4_I(inode)->xattr_sem); -- return 0; -- } -+ isize_diff = new_extra_isize - EXT4_I(inode)->i_extra_isize; -+ if (EXT4_I(inode)->i_extra_isize >= new_extra_isize) -+ goto out; - - header = IHDR(inode, raw_inode); - entry = IFIRST(header); -@@ -1381,7 +1386,7 @@ retry: - goto cleanup; - - free = ext4_xattr_free_space(last, &min_offs, base, &total_ino); -- if (free >= new_extra_isize) { -+ if (free >= isize_diff) { - entry = IFIRST(header); - ext4_xattr_shift_entries(entry, EXT4_I(inode)->i_extra_isize - - new_extra_isize, (void *)raw_inode + -@@ -1389,8 +1394,7 @@ retry: - (void *)header, total_ino, - inode->i_sb->s_blocksize); - EXT4_I(inode)->i_extra_isize = new_extra_isize; -- error = 0; -- goto cleanup; -+ goto out; - } - - /* -@@ -1413,7 +1417,7 @@ retry: - end = bh->b_data + bh->b_size; - min_offs = end - base; - free = ext4_xattr_free_space(first, &min_offs, base, NULL); -- if (free < new_extra_isize) { -+ if (free < isize_diff) { - if (!tried_min_extra_isize && s_min_extra_isize) { - tried_min_extra_isize++; - new_extra_isize = s_min_extra_isize; -@@ -1427,7 +1431,7 @@ retry: - free = inode->i_sb->s_blocksize; - } - -- while (new_extra_isize > 0) { -+ while (isize_diff > 0) { - size_t offs, size, entry_size; - struct ext4_xattr_entry *small_entry = NULL; - struct ext4_xattr_info i = { -@@ -1458,7 +1462,7 @@ retry: - EXT4_XATTR_SIZE(le32_to_cpu(last->e_value_size)) + - EXT4_XATTR_LEN(last->e_name_len); - if (total_size <= free && total_size < min_total_size) { -- if (total_size < new_extra_isize) { -+ if (total_size < isize_diff) { - small_entry = last; - } else { - entry = last; -@@ -1513,22 +1517,22 @@ retry: - error = ext4_xattr_ibody_set(handle, inode, &i, is); - if (error) - goto cleanup; -+ total_ino -= entry_size; - - entry = IFIRST(header); -- if (entry_size + EXT4_XATTR_SIZE(size) >= new_extra_isize) -- shift_bytes = new_extra_isize; -+ if (entry_size + EXT4_XATTR_SIZE(size) >= isize_diff) -+ shift_bytes = isize_diff; - else -- shift_bytes = entry_size + size; -+ shift_bytes = entry_size + EXT4_XATTR_SIZE(size); - /* Adjust the offsets and shift the remaining entries ahead */ -- ext4_xattr_shift_entries(entry, EXT4_I(inode)->i_extra_isize - -- shift_bytes, (void *)raw_inode + -- EXT4_GOOD_OLD_INODE_SIZE + extra_isize + shift_bytes, -- (void *)header, total_ino - entry_size, -- inode->i_sb->s_blocksize); -+ ext4_xattr_shift_entries(entry, -shift_bytes, -+ (void *)raw_inode + EXT4_GOOD_OLD_INODE_SIZE + -+ EXT4_I(inode)->i_extra_isize + shift_bytes, -+ (void *)header, total_ino, inode->i_sb->s_blocksize); - -- extra_isize += shift_bytes; -- new_extra_isize -= shift_bytes; -- EXT4_I(inode)->i_extra_isize = extra_isize; -+ isize_diff -= shift_bytes; -+ EXT4_I(inode)->i_extra_isize += shift_bytes; -+ header = IHDR(inode, raw_inode); - - i.name = b_entry_name; - i.value = buffer; -@@ -1550,6 +1554,8 @@ retry: - kfree(bs); - } - brelse(bh); -+out: -+ ext4_clear_inode_state(inode, EXT4_STATE_NO_EXPAND); - up_write(&EXT4_I(inode)->xattr_sem); - return 0; - -@@ -1561,6 +1567,10 @@ cleanup: - kfree(is); - kfree(bs); - brelse(bh); -+ /* -+ * We deliberately leave EXT4_STATE_NO_EXPAND set here since inode -+ * size expansion failed. -+ */ - up_write(&EXT4_I(inode)->xattr_sem); - return error; - } -diff --git a/fs/namei.c b/fs/namei.c -index 70580ab..9281b2b 100644 ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -901,6 +901,7 @@ static inline int may_follow_link(struct nameidata *nd) - { - const struct inode *inode; - const struct inode *parent; -+ kuid_t puid; - - if (!sysctl_protected_symlinks) - return 0; -@@ -916,7 +917,8 @@ static inline int may_follow_link(struct nameidata *nd) - return 0; - - /* Allowed if parent directory and link owner match. */ -- if (uid_eq(parent->i_uid, inode->i_uid)) -+ puid = parent->i_uid; -+ if (uid_valid(puid) && uid_eq(puid, inode->i_uid)) - return 0; - - if (nd->flags & LOOKUP_RCU) -diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c -index 80aa6f1..4133aa7 100644 ---- a/fs/overlayfs/copy_up.c -+++ b/fs/overlayfs/copy_up.c -@@ -80,6 +80,8 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *new) - } - - for (name = buf; name < (buf + list_size); name += strlen(name) + 1) { -+ if (ovl_is_private_xattr(name)) -+ continue; - retry: - size = vfs_getxattr(old, name, value, value_size); - if (size == -ERANGE) -diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c -index d1cdc60..ac98a71 100644 ---- a/fs/overlayfs/inode.c -+++ b/fs/overlayfs/inode.c -@@ -231,7 +231,7 @@ static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz) - } - - --static bool ovl_is_private_xattr(const char *name) -+bool ovl_is_private_xattr(const char *name) - { - return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0; - } -@@ -279,24 +279,27 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) - { - struct dentry *realdentry = ovl_dentry_real(dentry); - ssize_t res; -- int off; -+ size_t len; -+ char *s; - - res = vfs_listxattr(realdentry, list, size); - if (res <= 0 || size == 0) - return res; - - /* filter out private xattrs */ -- for (off = 0; off < res;) { -- char *s = list + off; -- size_t slen = strlen(s) + 1; -+ for (s = list, len = res; len;) { -+ size_t slen = strnlen(s, len) + 1; - -- BUG_ON(off + slen > res); -+ /* underlying fs providing us with an broken xattr list? */ -+ if (WARN_ON(slen > len)) -+ return -EIO; - -+ len -= slen; - if (ovl_is_private_xattr(s)) { - res -= slen; -- memmove(s, s + slen, res - off); -+ memmove(s, s + slen, len); - } else { -- off += slen; -+ s += slen; - } - } - -diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h -index cfbca53..d8ddc31 100644 ---- a/fs/overlayfs/overlayfs.h -+++ b/fs/overlayfs/overlayfs.h -@@ -168,6 +168,8 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list); - void ovl_cleanup_whiteouts(struct dentry *upper, struct list_head *list); - void ovl_cache_free(struct list_head *list); - int ovl_check_d_type_supported(struct path *realpath); -+void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt, -+ struct dentry *dentry, int level); - - /* inode.c */ - int ovl_setattr(struct dentry *dentry, struct iattr *attr); -@@ -180,6 +182,7 @@ ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode, - ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size); - int ovl_removexattr(struct dentry *dentry, const char *name); - struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags); -+bool ovl_is_private_xattr(const char *name); - - struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, - struct ovl_entry *oe); -diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c -index cf37fc7..f241b4e 100644 ---- a/fs/overlayfs/readdir.c -+++ b/fs/overlayfs/readdir.c -@@ -248,7 +248,7 @@ static inline int ovl_dir_read(struct path *realpath, - err = rdd->err; - } while (!err && rdd->count); - -- if (!err && rdd->first_maybe_whiteout) -+ if (!err && rdd->first_maybe_whiteout && rdd->dentry) - err = ovl_check_whiteouts(realpath->dentry, rdd); - - fput(realfile); -@@ -606,3 +606,64 @@ int ovl_check_d_type_supported(struct path *realpath) - - return rdd.d_type_supported; - } -+ -+static void ovl_workdir_cleanup_recurse(struct path *path, int level) -+{ -+ int err; -+ struct inode *dir = path->dentry->d_inode; -+ LIST_HEAD(list); -+ struct ovl_cache_entry *p; -+ struct ovl_readdir_data rdd = { -+ .ctx.actor = ovl_fill_merge, -+ .dentry = NULL, -+ .list = &list, -+ .root = RB_ROOT, -+ .is_lowest = false, -+ }; -+ -+ err = ovl_dir_read(path, &rdd); -+ if (err) -+ goto out; -+ -+ inode_lock_nested(dir, I_MUTEX_PARENT); -+ list_for_each_entry(p, &list, l_node) { -+ struct dentry *dentry; -+ -+ if (p->name[0] == '.') { -+ if (p->len == 1) -+ continue; -+ if (p->len == 2 && p->name[1] == '.') -+ continue; -+ } -+ dentry = lookup_one_len(p->name, path->dentry, p->len); -+ if (IS_ERR(dentry)) -+ continue; -+ if (dentry->d_inode) -+ ovl_workdir_cleanup(dir, path->mnt, dentry, level); -+ dput(dentry); -+ } -+ inode_unlock(dir); -+out: -+ ovl_cache_free(&list); -+} -+ -+void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt, -+ struct dentry *dentry, int level) -+{ -+ int err; -+ -+ if (!d_is_dir(dentry) || level > 1) { -+ ovl_cleanup(dir, dentry); -+ return; -+ } -+ -+ err = ovl_do_rmdir(dir, dentry); -+ if (err) { -+ struct path path = { .mnt = mnt, .dentry = dentry }; -+ -+ inode_unlock(dir); -+ ovl_workdir_cleanup_recurse(&path, level + 1); -+ inode_lock_nested(dir, I_MUTEX_PARENT); -+ ovl_cleanup(dir, dentry); -+ } -+} -diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index 6db75cb..86f2025 100644 ---- a/fs/overlayfs/super.c -+++ b/fs/overlayfs/super.c -@@ -798,6 +798,10 @@ retry: - struct kstat stat = { - .mode = S_IFDIR | 0, - }; -+ struct iattr attr = { -+ .ia_valid = ATTR_MODE, -+ .ia_mode = stat.mode, -+ }; - - if (work->d_inode) { - err = -EEXIST; -@@ -805,7 +809,7 @@ retry: - goto out_dput; - - retried = true; -- ovl_cleanup(dir, work); -+ ovl_workdir_cleanup(dir, mnt, work, 0); - dput(work); - goto retry; - } -@@ -813,6 +817,21 @@ retry: - err = ovl_create_real(dir, work, &stat, NULL, NULL, true); - if (err) - goto out_dput; -+ -+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT); -+ if (err && err != -ENODATA && err != -EOPNOTSUPP) -+ goto out_dput; -+ -+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS); -+ if (err && err != -ENODATA && err != -EOPNOTSUPP) -+ goto out_dput; -+ -+ /* Clear any inherited mode bits */ -+ inode_lock(work->d_inode); -+ err = notify_change(work, &attr, NULL); -+ inode_unlock(work->d_inode); -+ if (err) -+ goto out_dput; - } - out_unlock: - inode_unlock(dir); -diff --git a/fs/ubifs/tnc_commit.c b/fs/ubifs/tnc_commit.c -index b45345d..51157da 100644 ---- a/fs/ubifs/tnc_commit.c -+++ b/fs/ubifs/tnc_commit.c -@@ -370,7 +370,7 @@ static int layout_in_gaps(struct ubifs_info *c, int cnt) - - p = c->gap_lebs; - do { -- ubifs_assert(p < c->gap_lebs + sizeof(int) * c->lst.idx_lebs); -+ ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs); - written = layout_leb_in_gaps(c, p); - if (written < 0) { - err = written; -diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c -index b5fc279..c63710f 100644 ---- a/fs/ubifs/xattr.c -+++ b/fs/ubifs/xattr.c -@@ -575,7 +575,8 @@ static int ubifs_xattr_get(const struct xattr_handler *handler, - dbg_gen("xattr '%s', ino %lu ('%pd'), buf size %zd", name, - inode->i_ino, dentry, size); - -- return __ubifs_getxattr(inode, name, buffer, size); -+ name = xattr_full_name(handler, name); -+ return __ubifs_getxattr(inode, name, buffer, size); - } - - static int ubifs_xattr_set(const struct xattr_handler *handler, -@@ -586,6 +587,8 @@ static int ubifs_xattr_set(const struct xattr_handler *handler, - dbg_gen("xattr '%s', host ino %lu ('%pd'), size %zd", - name, inode->i_ino, dentry, size); - -+ name = xattr_full_name(handler, name); -+ - if (value) - return __ubifs_setxattr(inode, name, value, size, flags); - else -diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c -index 12ca867..85bdf3d 100644 ---- a/fs/xfs/libxfs/xfs_sb.c -+++ b/fs/xfs/libxfs/xfs_sb.c -@@ -581,7 +581,8 @@ xfs_sb_verify( - * Only check the in progress field for the primary superblock as - * mkfs.xfs doesn't clear it from secondary superblocks. - */ -- return xfs_mount_validate_sb(mp, &sb, bp->b_bn == XFS_SB_DADDR, -+ return xfs_mount_validate_sb(mp, &sb, -+ bp->b_maps[0].bm_bn == XFS_SB_DADDR, - check_version); - } - -diff --git a/include/linux/capability.h b/include/linux/capability.h -index 00690ff..5f3c63d 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -206,6 +206,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, - struct user_namespace *ns, int cap); - extern bool capable(int cap); - extern bool ns_capable(struct user_namespace *ns, int cap); -+extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); - #else - static inline bool has_capability(struct task_struct *t, int cap) - { -@@ -233,6 +234,10 @@ static inline bool ns_capable(struct user_namespace *ns, int cap) - { - return true; - } -+static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap) -+{ -+ return true; -+} - #endif /* CONFIG_MULTIUSER */ - extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); - extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); -diff --git a/kernel/capability.c b/kernel/capability.c -index 45432b5..00411c8 100644 ---- a/kernel/capability.c -+++ b/kernel/capability.c -@@ -361,6 +361,24 @@ bool has_capability_noaudit(struct task_struct *t, int cap) - return has_ns_capability_noaudit(t, &init_user_ns, cap); - } - -+static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit) -+{ -+ int capable; -+ -+ if (unlikely(!cap_valid(cap))) { -+ pr_crit("capable() called with invalid cap=%u\n", cap); -+ BUG(); -+ } -+ -+ capable = audit ? security_capable(current_cred(), ns, cap) : -+ security_capable_noaudit(current_cred(), ns, cap); -+ if (capable == 0) { -+ current->flags |= PF_SUPERPRIV; -+ return true; -+ } -+ return false; -+} -+ - /** - * ns_capable - Determine if the current task has a superior capability in effect - * @ns: The usernamespace we want the capability in -@@ -374,19 +392,27 @@ bool has_capability_noaudit(struct task_struct *t, int cap) - */ - bool ns_capable(struct user_namespace *ns, int cap) - { -- if (unlikely(!cap_valid(cap))) { -- pr_crit("capable() called with invalid cap=%u\n", cap); -- BUG(); -- } -- -- if (security_capable(current_cred(), ns, cap) == 0) { -- current->flags |= PF_SUPERPRIV; -- return true; -- } -- return false; -+ return ns_capable_common(ns, cap, true); - } - EXPORT_SYMBOL(ns_capable); - -+/** -+ * ns_capable_noaudit - Determine if the current task has a superior capability -+ * (unaudited) in effect -+ * @ns: The usernamespace we want the capability in -+ * @cap: The capability to be tested for -+ * -+ * Return true if the current task has the given superior capability currently -+ * available for use, false if not. -+ * -+ * This sets PF_SUPERPRIV on the task if the capability is available on the -+ * assumption that it's about to be used. -+ */ -+bool ns_capable_noaudit(struct user_namespace *ns, int cap) -+{ -+ return ns_capable_common(ns, cap, false); -+} -+EXPORT_SYMBOL(ns_capable_noaudit); - - /** - * capable - Determine if the current task has a superior capability in effect -diff --git a/kernel/cred.c b/kernel/cred.c -index 0c0cd8a..5f264fb 100644 ---- a/kernel/cred.c -+++ b/kernel/cred.c -@@ -689,6 +689,8 @@ EXPORT_SYMBOL(set_security_override_from_ctx); - */ - int set_create_files_as(struct cred *new, struct inode *inode) - { -+ if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid)) -+ return -EINVAL; - new->fsuid = inode->i_uid; - new->fsgid = inode->i_gid; - return security_kernel_create_files_as(new, inode); -diff --git a/kernel/fork.c b/kernel/fork.c -index 4a7ec0c..aea4f4d 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -1406,7 +1406,6 @@ static struct task_struct *copy_process(unsigned long clone_flags, - p->real_start_time = ktime_get_boot_ns(); - p->io_context = NULL; - p->audit_context = NULL; -- threadgroup_change_begin(current); - cgroup_fork(p); - #ifdef CONFIG_NUMA - p->mempolicy = mpol_dup(p->mempolicy); -@@ -1558,6 +1557,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, - INIT_LIST_HEAD(&p->thread_group); - p->task_works = NULL; - -+ threadgroup_change_begin(current); - /* - * Ensure that the cgroup subsystem policies allow the new process to be - * forked. It should be noted the the new process's css_set can be changed -@@ -1658,6 +1658,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, - bad_fork_cancel_cgroup: - cgroup_cancel_fork(p); - bad_fork_free_pid: -+ threadgroup_change_end(current); - if (pid != &init_struct_pid) - free_pid(pid); - bad_fork_cleanup_thread: -@@ -1690,7 +1691,6 @@ bad_fork_cleanup_policy: - mpol_put(p->mempolicy); - bad_fork_cleanup_threadgroup_lock: - #endif -- threadgroup_change_end(current); - delayacct_tsk_free(p); - bad_fork_cleanup_count: - atomic_dec(&p->cred->user->processes); -diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 479d25c..b6c3945 100644 ---- a/kernel/time/timekeeping.c -+++ b/kernel/time/timekeeping.c -@@ -401,7 +401,10 @@ static __always_inline u64 __ktime_get_fast_ns(struct tk_fast *tkf) - do { - seq = raw_read_seqcount_latch(&tkf->seq); - tkr = tkf->base + (seq & 0x01); -- now = ktime_to_ns(tkr->base) + timekeeping_get_ns(tkr); -+ now = ktime_to_ns(tkr->base); -+ -+ now += clocksource_delta(tkr->read(tkr->clock), -+ tkr->cycle_last, tkr->mask); - } while (read_seqcount_retry(&tkf->seq, seq)); - - return now; -diff --git a/kernel/time/timekeeping_debug.c b/kernel/time/timekeeping_debug.c -index f6bd652..107310a 100644 ---- a/kernel/time/timekeeping_debug.c -+++ b/kernel/time/timekeeping_debug.c -@@ -23,7 +23,9 @@ - - #include "timekeeping_internal.h" - --static unsigned int sleep_time_bin[32] = {0}; -+#define NUM_BINS 32 -+ -+static unsigned int sleep_time_bin[NUM_BINS] = {0}; - - static int tk_debug_show_sleep_time(struct seq_file *s, void *data) - { -@@ -69,6 +71,9 @@ late_initcall(tk_debug_sleep_time_init); - - void tk_debug_account_sleep_time(struct timespec64 *t) - { -- sleep_time_bin[fls(t->tv_sec)]++; -+ /* Cap bin index so we don't overflow the array */ -+ int bin = min(fls(t->tv_sec), NUM_BINS-1); -+ -+ sleep_time_bin[bin]++; - } - -diff --git a/net/sunrpc/xprtrdma/frwr_ops.c b/net/sunrpc/xprtrdma/frwr_ops.c -index c094754..f02ab80 100644 ---- a/net/sunrpc/xprtrdma/frwr_ops.c -+++ b/net/sunrpc/xprtrdma/frwr_ops.c -@@ -125,17 +125,16 @@ __frwr_reset_mr(struct rpcrdma_ia *ia, struct rpcrdma_mw *r) - } - - static void --__frwr_reset_and_unmap(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mw *mw) -+__frwr_reset_and_unmap(struct rpcrdma_mw *mw) - { -+ struct rpcrdma_xprt *r_xprt = mw->mw_xprt; - struct rpcrdma_ia *ia = &r_xprt->rx_ia; -- struct rpcrdma_frmr *f = &mw->frmr; - int rc; - - rc = __frwr_reset_mr(ia, mw); -- ib_dma_unmap_sg(ia->ri_device, f->fr_sg, f->fr_nents, f->fr_dir); -+ ib_dma_unmap_sg(ia->ri_device, mw->mw_sg, mw->mw_nents, mw->mw_dir); - if (rc) - return; -- - rpcrdma_put_mw(r_xprt, mw); - } - -@@ -152,8 +151,7 @@ __frwr_recovery_worker(struct work_struct *work) - struct rpcrdma_mw *r = container_of(work, struct rpcrdma_mw, - mw_work); - -- __frwr_reset_and_unmap(r->mw_xprt, r); -- return; -+ __frwr_reset_and_unmap(r); - } - - /* A broken MR was discovered in a context that can't sleep. -@@ -167,8 +165,7 @@ __frwr_queue_recovery(struct rpcrdma_mw *r) - } - - static int --__frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, struct ib_device *device, -- unsigned int depth) -+__frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, unsigned int depth) - { - struct rpcrdma_frmr *f = &r->frmr; - int rc; -@@ -177,11 +174,11 @@ __frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, struct ib_device *device, - if (IS_ERR(f->fr_mr)) - goto out_mr_err; - -- f->fr_sg = kcalloc(depth, sizeof(*f->fr_sg), GFP_KERNEL); -- if (!f->fr_sg) -+ r->mw_sg = kcalloc(depth, sizeof(*r->mw_sg), GFP_KERNEL); -+ if (!r->mw_sg) - goto out_list_err; - -- sg_init_table(f->fr_sg, depth); -+ sg_init_table(r->mw_sg, depth); - - init_completion(&f->fr_linv_done); - -@@ -210,7 +207,7 @@ __frwr_release(struct rpcrdma_mw *r) - if (rc) - dprintk("RPC: %s: ib_dereg_mr status %i\n", - __func__, rc); -- kfree(r->frmr.fr_sg); -+ kfree(r->mw_sg); - } - - static int -@@ -350,7 +347,6 @@ static int - frwr_op_init(struct rpcrdma_xprt *r_xprt) - { - struct rpcrdma_buffer *buf = &r_xprt->rx_buf; -- struct ib_device *device = r_xprt->rx_ia.ri_device; - unsigned int depth = r_xprt->rx_ia.ri_max_frmr_depth; - struct ib_pd *pd = r_xprt->rx_ia.ri_pd; - int i; -@@ -372,7 +368,7 @@ frwr_op_init(struct rpcrdma_xprt *r_xprt) - if (!r) - return -ENOMEM; - -- rc = __frwr_init(r, pd, device, depth); -+ rc = __frwr_init(r, pd, depth); - if (rc) { - kfree(r); - return rc; -@@ -386,7 +382,7 @@ frwr_op_init(struct rpcrdma_xprt *r_xprt) - return 0; - } - --/* Post a FAST_REG Work Request to register a memory region -+/* Post a REG_MR Work Request to register a memory region - * for remote access via RDMA READ or RDMA WRITE. - */ - static int -@@ -394,8 +390,6 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg, - int nsegs, bool writing) - { - struct rpcrdma_ia *ia = &r_xprt->rx_ia; -- struct ib_device *device = ia->ri_device; -- enum dma_data_direction direction = rpcrdma_data_dir(writing); - struct rpcrdma_mr_seg *seg1 = seg; - struct rpcrdma_mw *mw; - struct rpcrdma_frmr *frmr; -@@ -421,15 +415,14 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg, - - if (nsegs > ia->ri_max_frmr_depth) - nsegs = ia->ri_max_frmr_depth; -- - for (i = 0; i < nsegs;) { - if (seg->mr_page) -- sg_set_page(&frmr->fr_sg[i], -+ sg_set_page(&mw->mw_sg[i], - seg->mr_page, - seg->mr_len, - offset_in_page(seg->mr_offset)); - else -- sg_set_buf(&frmr->fr_sg[i], seg->mr_offset, -+ sg_set_buf(&mw->mw_sg[i], seg->mr_offset, - seg->mr_len); - - ++seg; -@@ -440,26 +433,20 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg, - offset_in_page((seg-1)->mr_offset + (seg-1)->mr_len)) - break; - } -- frmr->fr_nents = i; -- frmr->fr_dir = direction; -- -- dma_nents = ib_dma_map_sg(device, frmr->fr_sg, frmr->fr_nents, direction); -- if (!dma_nents) { -- pr_err("RPC: %s: failed to dma map sg %p sg_nents %u\n", -- __func__, frmr->fr_sg, frmr->fr_nents); -- return -ENOMEM; -- } -+ mw->mw_nents = i; -+ mw->mw_dir = rpcrdma_data_dir(writing); - -- n = ib_map_mr_sg(mr, frmr->fr_sg, frmr->fr_nents, NULL, PAGE_SIZE); -- if (unlikely(n != frmr->fr_nents)) { -- pr_err("RPC: %s: failed to map mr %p (%u/%u)\n", -- __func__, frmr->fr_mr, n, frmr->fr_nents); -- rc = n < 0 ? n : -EINVAL; -- goto out_senderr; -- } -+ dma_nents = ib_dma_map_sg(ia->ri_device, -+ mw->mw_sg, mw->mw_nents, mw->mw_dir); -+ if (!dma_nents) -+ goto out_dmamap_err; -+ -+ n = ib_map_mr_sg(mr, mw->mw_sg, mw->mw_nents, NULL, PAGE_SIZE); -+ if (unlikely(n != mw->mw_nents)) -+ goto out_mapmr_err; - - dprintk("RPC: %s: Using frmr %p to map %u segments (%u bytes)\n", -- __func__, mw, frmr->fr_nents, mr->length); -+ __func__, mw, mw->mw_nents, mr->length); - - key = (u8)(mr->rkey & 0x000000FF); - ib_update_fast_reg_key(mr, ++key); -@@ -484,13 +471,25 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg, - seg1->rl_mw = mw; - seg1->mr_rkey = mr->rkey; - seg1->mr_base = mr->iova; -- seg1->mr_nsegs = frmr->fr_nents; -+ seg1->mr_nsegs = mw->mw_nents; - seg1->mr_len = mr->length; - -- return frmr->fr_nents; -+ return mw->mw_nents; -+ -+out_dmamap_err: -+ pr_err("rpcrdma: failed to dma map sg %p sg_nents %u\n", -+ mw->mw_sg, mw->mw_nents); -+ return -ENOMEM; -+ -+out_mapmr_err: -+ pr_err("rpcrdma: failed to map mr %p (%u/%u)\n", -+ frmr->fr_mr, n, mw->mw_nents); -+ rc = n < 0 ? n : -EIO; -+ __frwr_queue_recovery(mw); -+ return rc; - - out_senderr: -- dprintk("RPC: %s: ib_post_send status %i\n", __func__, rc); -+ pr_err("rpcrdma: ib_post_send status %i\n", rc); - __frwr_queue_recovery(mw); - return rc; - } -@@ -582,8 +581,8 @@ unmap: - mw = seg->rl_mw; - seg->rl_mw = NULL; - -- ib_dma_unmap_sg(ia->ri_device, f->fr_sg, f->fr_nents, -- f->fr_dir); -+ ib_dma_unmap_sg(ia->ri_device, -+ mw->mw_sg, mw->mw_nents, mw->mw_dir); - rpcrdma_put_mw(r_xprt, mw); - - i += seg->mr_nsegs; -@@ -630,7 +629,7 @@ frwr_op_unmap_safe(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req, - mw = seg->rl_mw; - - if (sync) -- __frwr_reset_and_unmap(r_xprt, mw); -+ __frwr_reset_and_unmap(mw); - else - __frwr_queue_recovery(mw); - -diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h b/net/sunrpc/xprtrdma/xprt_rdma.h -index 95cdc66..c53abd1 100644 ---- a/net/sunrpc/xprtrdma/xprt_rdma.h -+++ b/net/sunrpc/xprtrdma/xprt_rdma.h -@@ -221,9 +221,6 @@ enum rpcrdma_frmr_state { - }; - - struct rpcrdma_frmr { -- struct scatterlist *fr_sg; -- int fr_nents; -- enum dma_data_direction fr_dir; - struct ib_mr *fr_mr; - struct ib_cqe fr_cqe; - enum rpcrdma_frmr_state fr_state; -@@ -240,13 +237,16 @@ struct rpcrdma_fmr { - }; - - struct rpcrdma_mw { -+ struct list_head mw_list; -+ struct scatterlist *mw_sg; -+ int mw_nents; -+ enum dma_data_direction mw_dir; - union { - struct rpcrdma_fmr fmr; - struct rpcrdma_frmr frmr; - }; - struct work_struct mw_work; - struct rpcrdma_xprt *mw_xprt; -- struct list_head mw_list; - struct list_head mw_all; - }; - -diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index ed98c1f..46a71c7 100644 ---- a/net/sysctl_net.c -+++ b/net/sysctl_net.c -@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head, - kgid_t root_gid = make_kgid(net->user_ns, 0); - - /* Allow network administrator to have same access as root. */ -- if (ns_capable(net->user_ns, CAP_NET_ADMIN) || -+ if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN) || - uid_eq(root_uid, current_euid())) { - int mode = (table->mode >> 6) & 7; - return (mode << 6) | (mode << 3) | mode; -diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c -index 705c287..7347fcc 100644 ---- a/security/apparmor/policy.c -+++ b/security/apparmor/policy.c -@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name) - struct aa_profile *profile; - - rcu_read_lock(); -- profile = aa_get_profile(__find_child(&parent->base.profiles, name)); -+ do { -+ profile = __find_child(&parent->base.profiles, name); -+ } while (profile && !aa_get_profile_not0(profile)); - rcu_read_unlock(); - - /* refcount released by caller */ -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c -index 795437b..b450a27 100644 ---- a/sound/core/rawmidi.c -+++ b/sound/core/rawmidi.c -@@ -1633,11 +1633,13 @@ static int snd_rawmidi_dev_register(struct snd_device *device) - return -EBUSY; - } - list_add_tail(&rmidi->list, &snd_rawmidi_devices); -+ mutex_unlock(®ister_mutex); - err = snd_register_device(SNDRV_DEVICE_TYPE_RAWMIDI, - rmidi->card, rmidi->device, - &snd_rawmidi_f_ops, rmidi, &rmidi->dev); - if (err < 0) { - rmidi_err(rmidi, "unable to register\n"); -+ mutex_lock(®ister_mutex); - list_del(&rmidi->list); - mutex_unlock(®ister_mutex); - return err; -@@ -1645,6 +1647,7 @@ static int snd_rawmidi_dev_register(struct snd_device *device) - if (rmidi->ops && rmidi->ops->dev_register && - (err = rmidi->ops->dev_register(rmidi)) < 0) { - snd_unregister_device(&rmidi->dev); -+ mutex_lock(®ister_mutex); - list_del(&rmidi->list); - mutex_unlock(®ister_mutex); - return err; -@@ -1677,7 +1680,6 @@ static int snd_rawmidi_dev_register(struct snd_device *device) - } - } - #endif /* CONFIG_SND_OSSEMUL */ -- mutex_unlock(®ister_mutex); - sprintf(name, "midi%d", rmidi->device); - entry = snd_info_create_card_entry(rmidi->card, name, rmidi->card->proc_root); - if (entry) { -diff --git a/sound/core/timer.c b/sound/core/timer.c -index 9a6157e..fc144f4 100644 ---- a/sound/core/timer.c -+++ b/sound/core/timer.c -@@ -35,6 +35,9 @@ - #include <sound/initval.h> - #include <linux/kmod.h> - -+/* internal flags */ -+#define SNDRV_TIMER_IFLG_PAUSED 0x00010000 -+ - #if IS_ENABLED(CONFIG_SND_HRTIMER) - #define DEFAULT_TIMER_LIMIT 4 - #else -@@ -294,8 +297,21 @@ int snd_timer_open(struct snd_timer_instance **ti, - get_device(&timer->card->card_dev); - timeri->slave_class = tid->dev_sclass; - timeri->slave_id = slave_id; -- if (list_empty(&timer->open_list_head) && timer->hw.open) -- timer->hw.open(timer); -+ -+ if (list_empty(&timer->open_list_head) && timer->hw.open) { -+ int err = timer->hw.open(timer); -+ if (err) { -+ kfree(timeri->owner); -+ kfree(timeri); -+ -+ if (timer->card) -+ put_device(&timer->card->card_dev); -+ module_put(timer->module); -+ mutex_unlock(®ister_mutex); -+ return err; -+ } -+ } -+ - list_add_tail(&timeri->open_list, &timer->open_list_head); - snd_timer_check_master(timeri); - mutex_unlock(®ister_mutex); -@@ -526,6 +542,10 @@ static int snd_timer_stop1(struct snd_timer_instance *timeri, bool stop) - } - } - timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START); -+ if (stop) -+ timeri->flags &= ~SNDRV_TIMER_IFLG_PAUSED; -+ else -+ timeri->flags |= SNDRV_TIMER_IFLG_PAUSED; - snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP : - SNDRV_TIMER_EVENT_CONTINUE); - unlock: -@@ -587,6 +607,10 @@ int snd_timer_stop(struct snd_timer_instance *timeri) - */ - int snd_timer_continue(struct snd_timer_instance *timeri) - { -+ /* timer can continue only after pause */ -+ if (!(timeri->flags & SNDRV_TIMER_IFLG_PAUSED)) -+ return -EINVAL; -+ - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) - return snd_timer_start_slave(timeri, false); - else -@@ -813,6 +837,7 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid, - timer->tmr_subdevice = tid->subdevice; - if (id) - strlcpy(timer->id, id, sizeof(timer->id)); -+ timer->sticks = 1; - INIT_LIST_HEAD(&timer->device_list); - INIT_LIST_HEAD(&timer->open_list_head); - INIT_LIST_HEAD(&timer->active_list_head); -@@ -1817,6 +1842,9 @@ static int snd_timer_user_continue(struct file *file) - tu = file->private_data; - if (!tu->timeri) - return -EBADFD; -+ /* start timer instead of continue if it's not used before */ -+ if (!(tu->timeri->flags & SNDRV_TIMER_IFLG_PAUSED)) -+ return snd_timer_user_start(file); - tu->timeri->lost = 0; - return (err = snd_timer_continue(tu->timeri)) < 0 ? err : 0; - } -@@ -1958,6 +1986,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, - tu->qused--; - spin_unlock_irq(&tu->qlock); - -+ mutex_lock(&tu->ioctl_lock); - if (tu->tread) { - if (copy_to_user(buffer, &tu->tqueue[qhead], - sizeof(struct snd_timer_tread))) -@@ -1967,6 +1996,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, - sizeof(struct snd_timer_read))) - err = -EFAULT; - } -+ mutex_unlock(&tu->ioctl_lock); - - spin_lock_irq(&tu->qlock); - if (err < 0) -diff --git a/sound/firewire/fireworks/fireworks.h b/sound/firewire/fireworks/fireworks.h -index 03ed352..d73c12b 100644 ---- a/sound/firewire/fireworks/fireworks.h -+++ b/sound/firewire/fireworks/fireworks.h -@@ -108,7 +108,6 @@ struct snd_efw { - u8 *resp_buf; - u8 *pull_ptr; - u8 *push_ptr; -- unsigned int resp_queues; - }; - - int snd_efw_transaction_cmd(struct fw_unit *unit, -diff --git a/sound/firewire/fireworks/fireworks_hwdep.c b/sound/firewire/fireworks/fireworks_hwdep.c -index 33df865..2e1d9a2 100644 ---- a/sound/firewire/fireworks/fireworks_hwdep.c -+++ b/sound/firewire/fireworks/fireworks_hwdep.c -@@ -25,6 +25,7 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained, - { - unsigned int length, till_end, type; - struct snd_efw_transaction *t; -+ u8 *pull_ptr; - long count = 0; - - if (remained < sizeof(type) + sizeof(struct snd_efw_transaction)) -@@ -38,8 +39,17 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained, - buf += sizeof(type); - - /* write into buffer as many responses as possible */ -- while (efw->resp_queues > 0) { -- t = (struct snd_efw_transaction *)(efw->pull_ptr); -+ spin_lock_irq(&efw->lock); -+ -+ /* -+ * When another task reaches here during this task's access to user -+ * space, it picks up current position in buffer and can read the same -+ * series of responses. -+ */ -+ pull_ptr = efw->pull_ptr; -+ -+ while (efw->push_ptr != pull_ptr) { -+ t = (struct snd_efw_transaction *)(pull_ptr); - length = be32_to_cpu(t->length) * sizeof(__be32); - - /* confirm enough space for this response */ -@@ -49,26 +59,39 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained, - /* copy from ring buffer to user buffer */ - while (length > 0) { - till_end = snd_efw_resp_buf_size - -- (unsigned int)(efw->pull_ptr - efw->resp_buf); -+ (unsigned int)(pull_ptr - efw->resp_buf); - till_end = min_t(unsigned int, length, till_end); - -- if (copy_to_user(buf, efw->pull_ptr, till_end)) -+ spin_unlock_irq(&efw->lock); -+ -+ if (copy_to_user(buf, pull_ptr, till_end)) - return -EFAULT; - -- efw->pull_ptr += till_end; -- if (efw->pull_ptr >= efw->resp_buf + -- snd_efw_resp_buf_size) -- efw->pull_ptr -= snd_efw_resp_buf_size; -+ spin_lock_irq(&efw->lock); -+ -+ pull_ptr += till_end; -+ if (pull_ptr >= efw->resp_buf + snd_efw_resp_buf_size) -+ pull_ptr -= snd_efw_resp_buf_size; - - length -= till_end; - buf += till_end; - count += till_end; - remained -= till_end; - } -- -- efw->resp_queues--; - } - -+ /* -+ * All of tasks can read from the buffer nearly simultaneously, but the -+ * last position for each task is different depending on the length of -+ * given buffer. Here, for simplicity, a position of buffer is set by -+ * the latest task. It's better for a listening application to allow one -+ * thread to read from the buffer. Unless, each task can read different -+ * sequence of responses depending on variation of buffer length. -+ */ -+ efw->pull_ptr = pull_ptr; -+ -+ spin_unlock_irq(&efw->lock); -+ - return count; - } - -@@ -76,14 +99,17 @@ static long - hwdep_read_locked(struct snd_efw *efw, char __user *buf, long count, - loff_t *offset) - { -- union snd_firewire_event event; -+ union snd_firewire_event event = { -+ .lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS, -+ }; - -- memset(&event, 0, sizeof(event)); -+ spin_lock_irq(&efw->lock); - -- event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS; - event.lock_status.status = (efw->dev_lock_count > 0); - efw->dev_lock_changed = false; - -+ spin_unlock_irq(&efw->lock); -+ - count = min_t(long, count, sizeof(event.lock_status)); - - if (copy_to_user(buf, &event, count)) -@@ -98,10 +124,15 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, - { - struct snd_efw *efw = hwdep->private_data; - DEFINE_WAIT(wait); -+ bool dev_lock_changed; -+ bool queued; - - spin_lock_irq(&efw->lock); - -- while ((!efw->dev_lock_changed) && (efw->resp_queues == 0)) { -+ dev_lock_changed = efw->dev_lock_changed; -+ queued = efw->push_ptr != efw->pull_ptr; -+ -+ while (!dev_lock_changed && !queued) { - prepare_to_wait(&efw->hwdep_wait, &wait, TASK_INTERRUPTIBLE); - spin_unlock_irq(&efw->lock); - schedule(); -@@ -109,15 +140,17 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, - if (signal_pending(current)) - return -ERESTARTSYS; - spin_lock_irq(&efw->lock); -+ dev_lock_changed = efw->dev_lock_changed; -+ queued = efw->push_ptr != efw->pull_ptr; - } - -- if (efw->dev_lock_changed) -+ spin_unlock_irq(&efw->lock); -+ -+ if (dev_lock_changed) - count = hwdep_read_locked(efw, buf, count, offset); -- else if (efw->resp_queues > 0) -+ else if (queued) - count = hwdep_read_resp_buf(efw, buf, count, offset); - -- spin_unlock_irq(&efw->lock); -- - return count; - } - -@@ -160,7 +193,7 @@ hwdep_poll(struct snd_hwdep *hwdep, struct file *file, poll_table *wait) - poll_wait(file, &efw->hwdep_wait, wait); - - spin_lock_irq(&efw->lock); -- if (efw->dev_lock_changed || (efw->resp_queues > 0)) -+ if (efw->dev_lock_changed || efw->pull_ptr != efw->push_ptr) - events = POLLIN | POLLRDNORM; - else - events = 0; -diff --git a/sound/firewire/fireworks/fireworks_proc.c b/sound/firewire/fireworks/fireworks_proc.c -index 0639dcb..beb0a0f 100644 ---- a/sound/firewire/fireworks/fireworks_proc.c -+++ b/sound/firewire/fireworks/fireworks_proc.c -@@ -188,8 +188,8 @@ proc_read_queues_state(struct snd_info_entry *entry, - else - consumed = (unsigned int)(efw->push_ptr - efw->pull_ptr); - -- snd_iprintf(buffer, "%d %d/%d\n", -- efw->resp_queues, consumed, snd_efw_resp_buf_size); -+ snd_iprintf(buffer, "%d/%d\n", -+ consumed, snd_efw_resp_buf_size); - } - - static void -diff --git a/sound/firewire/fireworks/fireworks_transaction.c b/sound/firewire/fireworks/fireworks_transaction.c -index f550808..36a08ba 100644 ---- a/sound/firewire/fireworks/fireworks_transaction.c -+++ b/sound/firewire/fireworks/fireworks_transaction.c -@@ -121,11 +121,11 @@ copy_resp_to_buf(struct snd_efw *efw, void *data, size_t length, int *rcode) - size_t capacity, till_end; - struct snd_efw_transaction *t; - -- spin_lock_irq(&efw->lock); -- - t = (struct snd_efw_transaction *)data; - length = min_t(size_t, be32_to_cpu(t->length) * sizeof(u32), length); - -+ spin_lock_irq(&efw->lock); -+ - if (efw->push_ptr < efw->pull_ptr) - capacity = (unsigned int)(efw->pull_ptr - efw->push_ptr); - else -@@ -155,7 +155,6 @@ copy_resp_to_buf(struct snd_efw *efw, void *data, size_t length, int *rcode) - } - - /* for hwdep */ -- efw->resp_queues++; - wake_up(&efw->hwdep_wait); - - *rcode = RCODE_COMPLETE; -diff --git a/sound/firewire/tascam/tascam-hwdep.c b/sound/firewire/tascam/tascam-hwdep.c -index 131267c..106406c 100644 ---- a/sound/firewire/tascam/tascam-hwdep.c -+++ b/sound/firewire/tascam/tascam-hwdep.c -@@ -16,31 +16,14 @@ - - #include "tascam.h" - --static long hwdep_read_locked(struct snd_tscm *tscm, char __user *buf, -- long count) --{ -- union snd_firewire_event event; -- -- memset(&event, 0, sizeof(event)); -- -- event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS; -- event.lock_status.status = (tscm->dev_lock_count > 0); -- tscm->dev_lock_changed = false; -- -- count = min_t(long, count, sizeof(event.lock_status)); -- -- if (copy_to_user(buf, &event, count)) -- return -EFAULT; -- -- return count; --} -- - static long hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, - loff_t *offset) - { - struct snd_tscm *tscm = hwdep->private_data; - DEFINE_WAIT(wait); -- union snd_firewire_event event; -+ union snd_firewire_event event = { -+ .lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS, -+ }; - - spin_lock_irq(&tscm->lock); - -@@ -54,10 +37,16 @@ static long hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, - spin_lock_irq(&tscm->lock); - } - -- memset(&event, 0, sizeof(event)); -- count = hwdep_read_locked(tscm, buf, count); -+ event.lock_status.status = (tscm->dev_lock_count > 0); -+ tscm->dev_lock_changed = false; -+ - spin_unlock_irq(&tscm->lock); - -+ count = min_t(long, count, sizeof(event.lock_status)); -+ -+ if (copy_to_user(buf, &event, count)) -+ return -EFAULT; -+ - return count; - } - -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index f25479b..eaee626 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -4840,6 +4840,7 @@ enum { - ALC221_FIXUP_HP_FRONT_MIC, - ALC292_FIXUP_TPT460, - ALC298_FIXUP_SPK_VOLUME, -+ ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER, - }; - - static const struct hda_fixup alc269_fixups[] = { -@@ -5501,6 +5502,15 @@ static const struct hda_fixup alc269_fixups[] = { - .chained = true, - .chain_id = ALC298_FIXUP_DELL1_MIC_NO_PRESENCE, - }, -+ [ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER] = { -+ .type = HDA_FIXUP_PINS, -+ .v.pins = (const struct hda_pintbl[]) { -+ { 0x1b, 0x90170151 }, -+ { } -+ }, -+ .chained = true, -+ .chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE -+ }, - }; - - static const struct snd_pci_quirk alc269_fixup_tbl[] = { -@@ -5545,6 +5555,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { - SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK), - SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK), - SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13 9350", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), -+ SND_PCI_QUIRK(0x1028, 0x0706, "Dell Inspiron 7559", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER), - SND_PCI_QUIRK(0x1028, 0x0725, "Dell Inspiron 3162", ALC255_FIXUP_DELL_SPK_NOISE), - SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), - SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME), -@@ -5879,6 +5890,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { - {0x12, 0x90a60170}, - {0x14, 0x90170120}, - {0x21, 0x02211030}), -+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell Inspiron 5468", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, -+ {0x12, 0x90a60180}, -+ {0x14, 0x90170120}, -+ {0x21, 0x02211030}), - SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, - ALC256_STANDARD_PINS), - SND_HDA_PIN_QUIRK(0x10ec0280, 0x103c, "HP", ALC280_FIXUP_HP_GPIO4, -diff --git a/sound/soc/atmel/atmel_ssc_dai.c b/sound/soc/atmel/atmel_ssc_dai.c -index 1267e1a..633d54ca 100644 ---- a/sound/soc/atmel/atmel_ssc_dai.c -+++ b/sound/soc/atmel/atmel_ssc_dai.c -@@ -299,8 +299,9 @@ static int atmel_ssc_startup(struct snd_pcm_substream *substream, - clk_enable(ssc_p->ssc->clk); - ssc_p->mck_rate = clk_get_rate(ssc_p->ssc->clk); - -- /* Reset the SSC to keep it at a clean status */ -- ssc_writel(ssc_p->ssc->regs, CR, SSC_BIT(CR_SWRST)); -+ /* Reset the SSC unless initialized to keep it in a clean state */ -+ if (!ssc_p->initialized) -+ ssc_writel(ssc_p->ssc->regs, CR, SSC_BIT(CR_SWRST)); - - if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { - dir = 0; -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index 6cf1f35..152292e 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -1141,6 +1141,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip) - case USB_ID(0x0556, 0x0014): /* Phoenix Audio TMX320VC */ - case USB_ID(0x05A3, 0x9420): /* ELP HD USB Camera */ - case USB_ID(0x074D, 0x3553): /* Outlaw RR2150 (Micronas UAC3553B) */ -+ case USB_ID(0x1901, 0x0191): /* GE B850V3 CP2114 audio interface */ - case USB_ID(0x1de7, 0x0013): /* Phoenix Audio MT202exe */ - case USB_ID(0x1de7, 0x0014): /* Phoenix Audio TMX320 */ - case USB_ID(0x1de7, 0x0114): /* Phoenix Audio MT202pcs */ |