summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--4.7.7/1006_linux-4.7.7.patch3811
-rw-r--r--4.7.8/0000_README (renamed from 4.7.7/0000_README)6
-rw-r--r--4.7.8/1007_linux-4.7.8.patch1626
-rw-r--r--4.7.8/4420_grsecurity-3.1-4.7.8-201610161720.patch (renamed from 4.7.7/4420_grsecurity-3.1-4.7.7-201610101902.patch)375
-rw-r--r--4.7.8/4425_grsec_remove_EI_PAX.patch (renamed from 4.7.7/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.7.8/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.7.7/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--4.7.8/4430_grsec-remove-localversion-grsec.patch (renamed from 4.7.7/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.7.8/4435_grsec-mute-warnings.patch (renamed from 4.7.7/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.7.8/4440_grsec-remove-protected-paths.patch (renamed from 4.7.7/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.7.8/4450_grsec-kconfig-default-gids.patch (renamed from 4.7.7/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--4.7.8/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.7.7/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.7.8/4470_disable-compat_vdso.patch (renamed from 4.7.7/4470_disable-compat_vdso.patch)0
-rw-r--r--4.7.8/4475_emutramp_default_on.patch (renamed from 4.7.7/4475_emutramp_default_on.patch)0
13 files changed, 1890 insertions, 3928 deletions
diff --git a/4.7.7/1006_linux-4.7.7.patch b/4.7.7/1006_linux-4.7.7.patch
deleted file mode 100644
index 07e2684..0000000
--- a/4.7.7/1006_linux-4.7.7.patch
+++ /dev/null
@@ -1,3811 +0,0 @@
-diff --git a/Documentation/devicetree/bindings/regulator/qcom,spmi-regulator.txt b/Documentation/devicetree/bindings/regulator/qcom,spmi-regulator.txt
-index 46c6f3e..0fa3b0f 100644
---- a/Documentation/devicetree/bindings/regulator/qcom,spmi-regulator.txt
-+++ b/Documentation/devicetree/bindings/regulator/qcom,spmi-regulator.txt
-@@ -113,9 +113,9 @@ pm8916:
- l14, l15, l16, l17, l18
-
- pm8941:
-- s1, s2, s3, l1, l2, l3, l4, l5, l6, l7, l8, l9, l10, l11, l12, l13, l14,
-- l15, l16, l17, l18, l19, l20, l21, l22, l23, l24, lvs1, lvs2, lvs3,
-- mvs1, mvs2
-+ s1, s2, s3, s4, l1, l2, l3, l4, l5, l6, l7, l8, l9, l10, l11, l12, l13,
-+ l14, l15, l16, l17, l18, l19, l20, l21, l22, l23, l24, lvs1, lvs2, lvs3,
-+ 5vs1, 5vs2
-
- pm8994:
- s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, l1, l2, l3, l4, l5,
-diff --git a/Documentation/pinctrl.txt b/Documentation/pinctrl.txt
-index 4976389e..dd15a69 100644
---- a/Documentation/pinctrl.txt
-+++ b/Documentation/pinctrl.txt
-@@ -831,7 +831,7 @@ separate memory range only intended for GPIO driving, and the register
- range dealing with pin config and pin multiplexing get placed into a
- different memory range and a separate section of the data sheet.
-
--A flag "strict" in struct pinctrl_desc is available to check and deny
-+A flag "strict" in struct pinmux_ops is available to check and deny
- simultaneous access to the same pin from GPIO and pin multiplexing
- consumers on hardware of this type. The pinctrl driver should set this flag
- accordingly.
-diff --git a/Makefile b/Makefile
-index 48b0120..320a930 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 4
- PATCHLEVEL = 7
--SUBLEVEL = 6
-+SUBLEVEL = 7
- EXTRAVERSION =
- NAME = Psychotic Stoned Sheep
-
-diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
-index af11c2f..fc6d541 100644
---- a/arch/arm/boot/compressed/head.S
-+++ b/arch/arm/boot/compressed/head.S
-@@ -779,7 +779,7 @@ __armv7_mmu_cache_on:
- orrne r0, r0, #1 @ MMU enabled
- movne r1, #0xfffffffd @ domain 0 = client
- bic r6, r6, #1 << 31 @ 32-bit translation system
-- bic r6, r6, #3 << 0 @ use only ttbr0
-+ bic r6, r6, #(7 << 0) | (1 << 4) @ use only ttbr0
- mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer
- mcrne p15, 0, r1, c3, c0, 0 @ load domain access control
- mcrne p15, 0, r6, c2, c0, 2 @ load ttb control
-diff --git a/arch/arm/boot/dts/imx6sx-sabreauto.dts b/arch/arm/boot/dts/imx6sx-sabreauto.dts
-index 96ea936..240a286 100644
---- a/arch/arm/boot/dts/imx6sx-sabreauto.dts
-+++ b/arch/arm/boot/dts/imx6sx-sabreauto.dts
-@@ -64,7 +64,7 @@
- cd-gpios = <&gpio7 11 GPIO_ACTIVE_LOW>;
- no-1-8-v;
- keep-power-in-suspend;
-- enable-sdio-wakup;
-+ wakeup-source;
- status = "okay";
- };
-
-diff --git a/arch/arm/boot/dts/sun5i-a13.dtsi b/arch/arm/boot/dts/sun5i-a13.dtsi
-index 263d46d..2d78eee 100644
---- a/arch/arm/boot/dts/sun5i-a13.dtsi
-+++ b/arch/arm/boot/dts/sun5i-a13.dtsi
-@@ -84,7 +84,7 @@
- trips {
- cpu_alert0: cpu_alert0 {
- /* milliCelsius */
-- temperature = <850000>;
-+ temperature = <85000>;
- hysteresis = <2000>;
- type = "passive";
- };
-diff --git a/arch/arm/common/sa1111.c b/arch/arm/common/sa1111.c
-index fb0a0a4..0e43718 100644
---- a/arch/arm/common/sa1111.c
-+++ b/arch/arm/common/sa1111.c
-@@ -869,9 +869,9 @@ struct sa1111_save_data {
-
- #ifdef CONFIG_PM
-
--static int sa1111_suspend(struct platform_device *dev, pm_message_t state)
-+static int sa1111_suspend_noirq(struct device *dev)
- {
-- struct sa1111 *sachip = platform_get_drvdata(dev);
-+ struct sa1111 *sachip = dev_get_drvdata(dev);
- struct sa1111_save_data *save;
- unsigned long flags;
- unsigned int val;
-@@ -934,9 +934,9 @@ static int sa1111_suspend(struct platform_device *dev, pm_message_t state)
- * restored by their respective drivers, and must be called
- * via LDM after this function.
- */
--static int sa1111_resume(struct platform_device *dev)
-+static int sa1111_resume_noirq(struct device *dev)
- {
-- struct sa1111 *sachip = platform_get_drvdata(dev);
-+ struct sa1111 *sachip = dev_get_drvdata(dev);
- struct sa1111_save_data *save;
- unsigned long flags, id;
- void __iomem *base;
-@@ -952,7 +952,7 @@ static int sa1111_resume(struct platform_device *dev)
- id = sa1111_readl(sachip->base + SA1111_SKID);
- if ((id & SKID_ID_MASK) != SKID_SA1111_ID) {
- __sa1111_remove(sachip);
-- platform_set_drvdata(dev, NULL);
-+ dev_set_drvdata(dev, NULL);
- kfree(save);
- return 0;
- }
-@@ -1003,8 +1003,8 @@ static int sa1111_resume(struct platform_device *dev)
- }
-
- #else
--#define sa1111_suspend NULL
--#define sa1111_resume NULL
-+#define sa1111_suspend_noirq NULL
-+#define sa1111_resume_noirq NULL
- #endif
-
- static int sa1111_probe(struct platform_device *pdev)
-@@ -1038,6 +1038,11 @@ static int sa1111_remove(struct platform_device *pdev)
- return 0;
- }
-
-+static struct dev_pm_ops sa1111_pm_ops = {
-+ .suspend_noirq = sa1111_suspend_noirq,
-+ .resume_noirq = sa1111_resume_noirq,
-+};
-+
- /*
- * Not sure if this should be on the system bus or not yet.
- * We really want some way to register a system device at
-@@ -1050,10 +1055,9 @@ static int sa1111_remove(struct platform_device *pdev)
- static struct platform_driver sa1111_device_driver = {
- .probe = sa1111_probe,
- .remove = sa1111_remove,
-- .suspend = sa1111_suspend,
-- .resume = sa1111_resume,
- .driver = {
- .name = "sa1111",
-+ .pm = &sa1111_pm_ops,
- },
- };
-
-diff --git a/arch/arm/include/asm/dma-mapping.h b/arch/arm/include/asm/dma-mapping.h
-index a83570f..8ec98fc 100644
---- a/arch/arm/include/asm/dma-mapping.h
-+++ b/arch/arm/include/asm/dma-mapping.h
-@@ -112,7 +112,7 @@ static inline dma_addr_t virt_to_dma(struct device *dev, void *addr)
- /* The ARM override for dma_max_pfn() */
- static inline unsigned long dma_max_pfn(struct device *dev)
- {
-- return PHYS_PFN_OFFSET + dma_to_pfn(dev, *dev->dma_mask);
-+ return dma_to_pfn(dev, *dev->dma_mask);
- }
- #define dma_max_pfn(dev) dma_max_pfn(dev)
-
-diff --git a/arch/arm/kernel/devtree.c b/arch/arm/kernel/devtree.c
-index 2e26016..5204978 100644
---- a/arch/arm/kernel/devtree.c
-+++ b/arch/arm/kernel/devtree.c
-@@ -87,6 +87,8 @@ void __init arm_dt_init_cpu_maps(void)
- return;
-
- for_each_child_of_node(cpus, cpu) {
-+ const __be32 *cell;
-+ int prop_bytes;
- u32 hwid;
-
- if (of_node_cmp(cpu->type, "cpu"))
-@@ -98,7 +100,8 @@ void __init arm_dt_init_cpu_maps(void)
- * properties is considered invalid to build the
- * cpu_logical_map.
- */
-- if (of_property_read_u32(cpu, "reg", &hwid)) {
-+ cell = of_get_property(cpu, "reg", &prop_bytes);
-+ if (!cell || prop_bytes < sizeof(*cell)) {
- pr_debug(" * %s missing reg property\n",
- cpu->full_name);
- of_node_put(cpu);
-@@ -106,10 +109,15 @@ void __init arm_dt_init_cpu_maps(void)
- }
-
- /*
-- * 8 MSBs must be set to 0 in the DT since the reg property
-+ * Bits n:24 must be set to 0 in the DT since the reg property
- * defines the MPIDR[23:0].
- */
-- if (hwid & ~MPIDR_HWID_BITMASK) {
-+ do {
-+ hwid = be32_to_cpu(*cell++);
-+ prop_bytes -= sizeof(*cell);
-+ } while (!hwid && prop_bytes > 0);
-+
-+ if (prop_bytes || (hwid & ~MPIDR_HWID_BITMASK)) {
- of_node_put(cpu);
- return;
- }
-diff --git a/arch/arm/mach-sa1100/clock.c b/arch/arm/mach-sa1100/clock.c
-index cbf53bb..0db4689 100644
---- a/arch/arm/mach-sa1100/clock.c
-+++ b/arch/arm/mach-sa1100/clock.c
-@@ -125,6 +125,8 @@ static unsigned long clk_36864_get_rate(struct clk *clk)
- }
-
- static struct clkops clk_36864_ops = {
-+ .enable = clk_cpu_enable,
-+ .disable = clk_cpu_disable,
- .get_rate = clk_36864_get_rate,
- };
-
-@@ -140,9 +142,8 @@ static struct clk_lookup sa11xx_clkregs[] = {
- CLKDEV_INIT(NULL, "OSTIMER0", &clk_36864),
- };
-
--static int __init sa11xx_clk_init(void)
-+int __init sa11xx_clk_init(void)
- {
- clkdev_add_table(sa11xx_clkregs, ARRAY_SIZE(sa11xx_clkregs));
- return 0;
- }
--core_initcall(sa11xx_clk_init);
-diff --git a/arch/arm/mach-sa1100/generic.c b/arch/arm/mach-sa1100/generic.c
-index 345e63f..3e09bed 100644
---- a/arch/arm/mach-sa1100/generic.c
-+++ b/arch/arm/mach-sa1100/generic.c
-@@ -34,6 +34,7 @@
-
- #include <mach/hardware.h>
- #include <mach/irqs.h>
-+#include <mach/reset.h>
-
- #include "generic.h"
- #include <clocksource/pxa.h>
-@@ -95,6 +96,8 @@ static void sa1100_power_off(void)
-
- void sa11x0_restart(enum reboot_mode mode, const char *cmd)
- {
-+ clear_reset_status(RESET_STATUS_ALL);
-+
- if (mode == REBOOT_SOFT) {
- /* Jump into ROM at address 0 */
- soft_restart(0);
-@@ -388,6 +391,7 @@ void __init sa1100_init_irq(void)
- sa11x0_init_irq_nodt(IRQ_GPIO0_SC, irq_resource.start);
-
- sa1100_init_gpio();
-+ sa11xx_clk_init();
- }
-
- /*
-diff --git a/arch/arm/mach-sa1100/generic.h b/arch/arm/mach-sa1100/generic.h
-index 0d92e11..68199b603 100644
---- a/arch/arm/mach-sa1100/generic.h
-+++ b/arch/arm/mach-sa1100/generic.h
-@@ -44,3 +44,5 @@ int sa11x0_pm_init(void);
- #else
- static inline int sa11x0_pm_init(void) { return 0; }
- #endif
-+
-+int sa11xx_clk_init(void);
-diff --git a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
-index 62437b5..73e3adb 100644
---- a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
-+++ b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
-@@ -41,39 +41,26 @@
-
- #define REGULATOR_IRQ_MASK BIT(2) /* IRQ2, active low */
-
--static void __iomem *irqc;
--
--static const u8 da9063_mask_regs[] = {
-- DA9063_REG_IRQ_MASK_A,
-- DA9063_REG_IRQ_MASK_B,
-- DA9063_REG_IRQ_MASK_C,
-- DA9063_REG_IRQ_MASK_D,
--};
--
--/* DA9210 System Control and Event Registers */
-+/* start of DA9210 System Control and Event Registers */
- #define DA9210_REG_MASK_A 0x54
--#define DA9210_REG_MASK_B 0x55
--
--static const u8 da9210_mask_regs[] = {
-- DA9210_REG_MASK_A,
-- DA9210_REG_MASK_B,
--};
--
--static void da9xxx_mask_irqs(struct i2c_client *client, const u8 regs[],
-- unsigned int nregs)
--{
-- unsigned int i;
-
-- dev_info(&client->dev, "Masking %s interrupt sources\n", client->name);
-+static void __iomem *irqc;
-
-- for (i = 0; i < nregs; i++) {
-- int error = i2c_smbus_write_byte_data(client, regs[i], ~0);
-- if (error) {
-- dev_err(&client->dev, "i2c error %d\n", error);
-- return;
-- }
-- }
--}
-+/* first byte sets the memory pointer, following are consecutive reg values */
-+static u8 da9063_irq_clr[] = { DA9063_REG_IRQ_MASK_A, 0xff, 0xff, 0xff, 0xff };
-+static u8 da9210_irq_clr[] = { DA9210_REG_MASK_A, 0xff, 0xff };
-+
-+static struct i2c_msg da9xxx_msgs[2] = {
-+ {
-+ .addr = 0x58,
-+ .len = ARRAY_SIZE(da9063_irq_clr),
-+ .buf = da9063_irq_clr,
-+ }, {
-+ .addr = 0x68,
-+ .len = ARRAY_SIZE(da9210_irq_clr),
-+ .buf = da9210_irq_clr,
-+ },
-+};
-
- static int regulator_quirk_notify(struct notifier_block *nb,
- unsigned long action, void *data)
-@@ -93,12 +80,15 @@ static int regulator_quirk_notify(struct notifier_block *nb,
- client = to_i2c_client(dev);
- dev_dbg(dev, "Detected %s\n", client->name);
-
-- if ((client->addr == 0x58 && !strcmp(client->name, "da9063")))
-- da9xxx_mask_irqs(client, da9063_mask_regs,
-- ARRAY_SIZE(da9063_mask_regs));
-- else if (client->addr == 0x68 && !strcmp(client->name, "da9210"))
-- da9xxx_mask_irqs(client, da9210_mask_regs,
-- ARRAY_SIZE(da9210_mask_regs));
-+ if ((client->addr == 0x58 && !strcmp(client->name, "da9063")) ||
-+ (client->addr == 0x68 && !strcmp(client->name, "da9210"))) {
-+ int ret;
-+
-+ dev_info(&client->dev, "clearing da9063/da9210 interrupts\n");
-+ ret = i2c_transfer(client->adapter, da9xxx_msgs, ARRAY_SIZE(da9xxx_msgs));
-+ if (ret != ARRAY_SIZE(da9xxx_msgs))
-+ dev_err(&client->dev, "i2c error %d\n", ret);
-+ }
-
- mon = ioread32(irqc + IRQC_MONITOR);
- if (mon & REGULATOR_IRQ_MASK)
-diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
-index 0800d23..b463607 100644
---- a/arch/arm64/kernel/debug-monitors.c
-+++ b/arch/arm64/kernel/debug-monitors.c
-@@ -417,8 +417,10 @@ int kernel_active_single_step(void)
- /* ptrace API */
- void user_enable_single_step(struct task_struct *task)
- {
-- set_ti_thread_flag(task_thread_info(task), TIF_SINGLESTEP);
-- set_regs_spsr_ss(task_pt_regs(task));
-+ struct thread_info *ti = task_thread_info(task);
-+
-+ if (!test_and_set_ti_thread_flag(ti, TIF_SINGLESTEP))
-+ set_regs_spsr_ss(task_pt_regs(task));
- }
-
- void user_disable_single_step(struct task_struct *task)
-diff --git a/arch/avr32/mach-at32ap/pio.c b/arch/avr32/mach-at32ap/pio.c
-index 83c2a00..13d3fc4 100644
---- a/arch/avr32/mach-at32ap/pio.c
-+++ b/arch/avr32/mach-at32ap/pio.c
-@@ -435,7 +435,7 @@ void __init at32_init_pio(struct platform_device *pdev)
- struct resource *regs;
- struct pio_device *pio;
-
-- if (pdev->id > MAX_NR_PIO_DEVICES) {
-+ if (pdev->id >= MAX_NR_PIO_DEVICES) {
- dev_err(&pdev->dev, "only %d PIO devices supported\n",
- MAX_NR_PIO_DEVICES);
- return;
-diff --git a/arch/mips/include/asm/uprobes.h b/arch/mips/include/asm/uprobes.h
-index 34c325c..70a4a2f 100644
---- a/arch/mips/include/asm/uprobes.h
-+++ b/arch/mips/include/asm/uprobes.h
-@@ -36,7 +36,6 @@ struct arch_uprobe {
- unsigned long resume_epc;
- u32 insn[2];
- u32 ixol[2];
-- union mips_instruction orig_inst[MAX_UINSN_BYTES / 4];
- };
-
- struct arch_uprobe_task {
-diff --git a/arch/mips/kernel/uprobes.c b/arch/mips/kernel/uprobes.c
-index 8452d93..4e7b89f 100644
---- a/arch/mips/kernel/uprobes.c
-+++ b/arch/mips/kernel/uprobes.c
-@@ -157,7 +157,6 @@ bool is_trap_insn(uprobe_opcode_t *insn)
- int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs)
- {
- struct uprobe_task *utask = current->utask;
-- union mips_instruction insn;
-
- /*
- * Now find the EPC where to resume after the breakpoint has been
-@@ -168,10 +167,10 @@ int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs)
- unsigned long epc;
-
- epc = regs->cp0_epc;
-- __compute_return_epc_for_insn(regs, insn);
-+ __compute_return_epc_for_insn(regs,
-+ (union mips_instruction) aup->insn[0]);
- aup->resume_epc = regs->cp0_epc;
- }
--
- utask->autask.saved_trap_nr = current->thread.trap_nr;
- current->thread.trap_nr = UPROBE_TRAP_NR;
- regs->cp0_epc = current->utask->xol_vaddr;
-@@ -257,7 +256,7 @@ unsigned long arch_uretprobe_hijack_return_addr(
- ra = regs->regs[31];
-
- /* Replace the return address with the trampoline address */
-- regs->regs[31] = ra;
-+ regs->regs[31] = trampoline_vaddr;
-
- return ra;
- }
-@@ -280,24 +279,6 @@ int __weak set_swbp(struct arch_uprobe *auprobe, struct mm_struct *mm,
- return uprobe_write_opcode(mm, vaddr, UPROBE_SWBP_INSN);
- }
-
--/**
-- * set_orig_insn - Restore the original instruction.
-- * @mm: the probed process address space.
-- * @auprobe: arch specific probepoint information.
-- * @vaddr: the virtual address to insert the opcode.
-- *
-- * For mm @mm, restore the original opcode (opcode) at @vaddr.
-- * Return 0 (success) or a negative errno.
-- *
-- * This overrides the weak version in kernel/events/uprobes.c.
-- */
--int set_orig_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
-- unsigned long vaddr)
--{
-- return uprobe_write_opcode(mm, vaddr,
-- *(uprobe_opcode_t *)&auprobe->orig_inst[0].word);
--}
--
- void __weak arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
- void *src, unsigned long len)
- {
-diff --git a/arch/mips/mti-malta/malta-setup.c b/arch/mips/mti-malta/malta-setup.c
-index 33d5ff5..18b37a5 100644
---- a/arch/mips/mti-malta/malta-setup.c
-+++ b/arch/mips/mti-malta/malta-setup.c
-@@ -39,6 +39,9 @@
- #include <linux/console.h>
- #endif
-
-+#define ROCIT_CONFIG_GEN0 0x1f403000
-+#define ROCIT_CONFIG_GEN0_PCI_IOCU BIT(7)
-+
- extern void malta_be_init(void);
- extern int malta_be_handler(struct pt_regs *regs, int is_fixup);
-
-@@ -107,6 +110,8 @@ static void __init fd_activate(void)
- static int __init plat_enable_iocoherency(void)
- {
- int supported = 0;
-+ u32 cfg;
-+
- if (mips_revision_sconid == MIPS_REVISION_SCON_BONITO) {
- if (BONITO_PCICACHECTRL & BONITO_PCICACHECTRL_CPUCOH_PRES) {
- BONITO_PCICACHECTRL |= BONITO_PCICACHECTRL_CPUCOH_EN;
-@@ -129,7 +134,8 @@ static int __init plat_enable_iocoherency(void)
- } else if (mips_cm_numiocu() != 0) {
- /* Nothing special needs to be done to enable coherency */
- pr_info("CMP IOCU detected\n");
-- if ((*(unsigned int *)0xbf403000 & 0x81) != 0x81) {
-+ cfg = __raw_readl((u32 *)CKSEG1ADDR(ROCIT_CONFIG_GEN0));
-+ if (!(cfg & ROCIT_CONFIG_GEN0_PCI_IOCU)) {
- pr_crit("IOCU OPERATION DISABLED BY SWITCH - DEFAULTING TO SW IO COHERENCY\n");
- return 0;
- }
-diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
-index 6ee4b72..e97925f 100644
---- a/arch/powerpc/kernel/prom_init.c
-+++ b/arch/powerpc/kernel/prom_init.c
-@@ -695,7 +695,7 @@ unsigned char ibm_architecture_vec[] = {
- OV4_MIN_ENT_CAP, /* minimum VP entitled capacity */
-
- /* option vector 5: PAPR/OF options */
-- VECTOR_LENGTH(18), /* length */
-+ VECTOR_LENGTH(21), /* length */
- 0, /* don't ignore, don't halt */
- OV5_FEAT(OV5_LPAR) | OV5_FEAT(OV5_SPLPAR) | OV5_FEAT(OV5_LARGE_PAGES) |
- OV5_FEAT(OV5_DRCONF_MEMORY) | OV5_FEAT(OV5_DONATE_DEDICATE_CPU) |
-@@ -726,8 +726,11 @@ unsigned char ibm_architecture_vec[] = {
- 0,
- 0,
- OV5_FEAT(OV5_PFO_HW_RNG) | OV5_FEAT(OV5_PFO_HW_ENCR) |
-- OV5_FEAT(OV5_PFO_HW_842),
-- OV5_FEAT(OV5_SUB_PROCESSORS),
-+ OV5_FEAT(OV5_PFO_HW_842), /* Byte 17 */
-+ 0, /* Byte 18 */
-+ 0, /* Byte 19 */
-+ 0, /* Byte 20 */
-+ OV5_FEAT(OV5_SUB_PROCESSORS), /* Byte 21 */
-
- /* option vector 6: IBM PAPR hints */
- VECTOR_LENGTH(3), /* length */
-diff --git a/arch/tile/include/asm/elf.h b/arch/tile/include/asm/elf.h
-index c505d77..e9d54a0 100644
---- a/arch/tile/include/asm/elf.h
-+++ b/arch/tile/include/asm/elf.h
-@@ -129,6 +129,7 @@ extern int dump_task_regs(struct task_struct *, elf_gregset_t *);
- struct linux_binprm;
- extern int arch_setup_additional_pages(struct linux_binprm *bprm,
- int executable_stack);
-+/* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
- #define ARCH_DLINFO \
- do { \
- NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_BASE); \
-diff --git a/arch/tile/include/uapi/asm/auxvec.h b/arch/tile/include/uapi/asm/auxvec.h
-index c93e927..f497123 100644
---- a/arch/tile/include/uapi/asm/auxvec.h
-+++ b/arch/tile/include/uapi/asm/auxvec.h
-@@ -18,4 +18,6 @@
- /* The vDSO location. */
- #define AT_SYSINFO_EHDR 33
-
-+#define AT_VECTOR_SIZE_ARCH 1 /* entries in ARCH_DLINFO */
-+
- #endif /* _ASM_TILE_AUXVEC_H */
-diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 6fa8594..dee8a70 100644
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -81,7 +81,7 @@ DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate);
- /* Initialize cr4 shadow for this CPU. */
- static inline void cr4_init_shadow(void)
- {
-- this_cpu_write(cpu_tlbstate.cr4, __read_cr4());
-+ this_cpu_write(cpu_tlbstate.cr4, __read_cr4_safe());
- }
-
- /* Set in this cpu's CR4. */
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 0fe6953..41f3f7d 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -804,21 +804,20 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
- identify_cpu_without_cpuid(c);
-
- /* cyrix could have cpuid enabled via c_identify()*/
-- if (!have_cpuid_p())
-- return;
-+ if (have_cpuid_p()) {
-+ cpu_detect(c);
-+ get_cpu_vendor(c);
-+ get_cpu_cap(c);
-
-- cpu_detect(c);
-- get_cpu_vendor(c);
-- get_cpu_cap(c);
--
-- if (this_cpu->c_early_init)
-- this_cpu->c_early_init(c);
-+ if (this_cpu->c_early_init)
-+ this_cpu->c_early_init(c);
-
-- c->cpu_index = 0;
-- filter_cpuid_features(c, false);
-+ c->cpu_index = 0;
-+ filter_cpuid_features(c, false);
-
-- if (this_cpu->c_bsp_init)
-- this_cpu->c_bsp_init(c);
-+ if (this_cpu->c_bsp_init)
-+ this_cpu->c_bsp_init(c);
-+ }
-
- setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- fpu__init_system(c);
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 8326d68..9ed64d2 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -409,6 +409,7 @@ struct nested_vmx {
- struct list_head vmcs02_pool;
- int vmcs02_num;
- u64 vmcs01_tsc_offset;
-+ bool change_vmcs01_virtual_x2apic_mode;
- /* L2 must run next, and mustn't decide to exit to L1. */
- bool nested_run_pending;
- /*
-@@ -8284,6 +8285,12 @@ static void vmx_set_virtual_x2apic_mode(struct kvm_vcpu *vcpu, bool set)
- {
- u32 sec_exec_control;
-
-+ /* Postpone execution until vmcs01 is the current VMCS. */
-+ if (is_guest_mode(vcpu)) {
-+ to_vmx(vcpu)->nested.change_vmcs01_virtual_x2apic_mode = true;
-+ return;
-+ }
-+
- /*
- * There is not point to enable virtualize x2apic without enable
- * apicv
-@@ -10601,6 +10608,12 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
- /* Update TSC_OFFSET if TSC was changed while L2 ran */
- vmcs_write64(TSC_OFFSET, vmx->nested.vmcs01_tsc_offset);
-
-+ if (vmx->nested.change_vmcs01_virtual_x2apic_mode) {
-+ vmx->nested.change_vmcs01_virtual_x2apic_mode = false;
-+ vmx_set_virtual_x2apic_mode(vcpu,
-+ vcpu->arch.apic_base & X2APIC_ENABLE);
-+ }
-+
- /* This is needed for same reason as it was needed in prepare_vmcs02 */
- vmx->host_rsp = 0;
-
-diff --git a/block/blk-mq.c b/block/blk-mq.c
-index f9b9049..27dafb3 100644
---- a/block/blk-mq.c
-+++ b/block/blk-mq.c
-@@ -784,7 +784,7 @@ static void __blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx)
- switch (ret) {
- case BLK_MQ_RQ_QUEUE_OK:
- queued++;
-- continue;
-+ break;
- case BLK_MQ_RQ_QUEUE_BUSY:
- list_add(&rq->queuelist, &rq_list);
- __blk_mq_requeue_request(rq);
-diff --git a/drivers/base/regmap/regcache-rbtree.c b/drivers/base/regmap/regcache-rbtree.c
-index aa56af8..b11af3f 100644
---- a/drivers/base/regmap/regcache-rbtree.c
-+++ b/drivers/base/regmap/regcache-rbtree.c
-@@ -404,6 +404,7 @@ static int regcache_rbtree_write(struct regmap *map, unsigned int reg,
- unsigned int new_base_reg, new_top_reg;
- unsigned int min, max;
- unsigned int max_dist;
-+ unsigned int dist, best_dist = UINT_MAX;
-
- max_dist = map->reg_stride * sizeof(*rbnode_tmp) /
- map->cache_word_size;
-@@ -423,24 +424,41 @@ static int regcache_rbtree_write(struct regmap *map, unsigned int reg,
- &base_reg, &top_reg);
-
- if (base_reg <= max && top_reg >= min) {
-- new_base_reg = min(reg, base_reg);
-- new_top_reg = max(reg, top_reg);
-- } else {
-- if (max < base_reg)
-- node = node->rb_left;
-+ if (reg < base_reg)
-+ dist = base_reg - reg;
-+ else if (reg > top_reg)
-+ dist = reg - top_reg;
- else
-- node = node->rb_right;
--
-- continue;
-+ dist = 0;
-+ if (dist < best_dist) {
-+ rbnode = rbnode_tmp;
-+ best_dist = dist;
-+ new_base_reg = min(reg, base_reg);
-+ new_top_reg = max(reg, top_reg);
-+ }
- }
-
-- ret = regcache_rbtree_insert_to_block(map, rbnode_tmp,
-+ /*
-+ * Keep looking, we want to choose the closest block,
-+ * otherwise we might end up creating overlapping
-+ * blocks, which breaks the rbtree.
-+ */
-+ if (reg < base_reg)
-+ node = node->rb_left;
-+ else if (reg > top_reg)
-+ node = node->rb_right;
-+ else
-+ break;
-+ }
-+
-+ if (rbnode) {
-+ ret = regcache_rbtree_insert_to_block(map, rbnode,
- new_base_reg,
- new_top_reg, reg,
- value);
- if (ret)
- return ret;
-- rbtree_ctx->cached_rbnode = rbnode_tmp;
-+ rbtree_ctx->cached_rbnode = rbnode;
- return 0;
- }
-
-diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
-index 8a1432e..01d4be2 100644
---- a/drivers/char/hw_random/omap-rng.c
-+++ b/drivers/char/hw_random/omap-rng.c
-@@ -384,7 +384,12 @@ static int omap_rng_probe(struct platform_device *pdev)
- }
-
- pm_runtime_enable(&pdev->dev);
-- pm_runtime_get_sync(&pdev->dev);
-+ ret = pm_runtime_get_sync(&pdev->dev);
-+ if (ret) {
-+ dev_err(&pdev->dev, "Failed to runtime_get device: %d\n", ret);
-+ pm_runtime_put_noidle(&pdev->dev);
-+ goto err_ioremap;
-+ }
-
- ret = (dev->of_node) ? of_get_omap_rng_device_details(priv, pdev) :
- get_omap_rng_device_details(priv);
-@@ -435,8 +440,15 @@ static int __maybe_unused omap_rng_suspend(struct device *dev)
- static int __maybe_unused omap_rng_resume(struct device *dev)
- {
- struct omap_rng_dev *priv = dev_get_drvdata(dev);
-+ int ret;
-+
-+ ret = pm_runtime_get_sync(dev);
-+ if (ret) {
-+ dev_err(dev, "Failed to runtime_get device: %d\n", ret);
-+ pm_runtime_put_noidle(dev);
-+ return ret;
-+ }
-
-- pm_runtime_get_sync(dev);
- priv->pdata->init(priv);
-
- return 0;
-diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
-index b28e4da..ca2d238 100644
---- a/drivers/char/tpm/tpm2-cmd.c
-+++ b/drivers/char/tpm/tpm2-cmd.c
-@@ -703,7 +703,7 @@ ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
-
- rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), desc);
- if (!rc)
-- *value = cmd.params.get_tpm_pt_out.value;
-+ *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value);
-
- return rc;
- }
-diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
-index e9fd1d8..0f7ec0d 100644
---- a/drivers/char/tpm/tpm_crb.c
-+++ b/drivers/char/tpm/tpm_crb.c
-@@ -77,7 +77,6 @@ enum crb_flags {
-
- struct crb_priv {
- unsigned int flags;
-- struct resource res;
- void __iomem *iobase;
- struct crb_control_area __iomem *cca;
- u8 __iomem *cmd;
-@@ -224,19 +223,19 @@ static int crb_init(struct acpi_device *device, struct crb_priv *priv)
-
- static int crb_check_resource(struct acpi_resource *ares, void *data)
- {
-- struct crb_priv *priv = data;
-+ struct resource *io_res = data;
- struct resource res;
-
- if (acpi_dev_resource_memory(ares, &res)) {
-- priv->res = res;
-- priv->res.name = NULL;
-+ *io_res = res;
-+ io_res->name = NULL;
- }
-
- return 1;
- }
-
- static void __iomem *crb_map_res(struct device *dev, struct crb_priv *priv,
-- u64 start, u32 size)
-+ struct resource *io_res, u64 start, u32 size)
- {
- struct resource new_res = {
- .start = start,
-@@ -248,51 +247,72 @@ static void __iomem *crb_map_res(struct device *dev, struct crb_priv *priv,
- if (start != new_res.start)
- return (void __iomem *) ERR_PTR(-EINVAL);
-
-- if (!resource_contains(&priv->res, &new_res))
-+ if (!resource_contains(io_res, &new_res))
- return devm_ioremap_resource(dev, &new_res);
-
-- return priv->iobase + (new_res.start - priv->res.start);
-+ return priv->iobase + (new_res.start - io_res->start);
- }
-
- static int crb_map_io(struct acpi_device *device, struct crb_priv *priv,
- struct acpi_table_tpm2 *buf)
- {
- struct list_head resources;
-+ struct resource io_res;
- struct device *dev = &device->dev;
-- u64 pa;
-+ u64 cmd_pa;
-+ u32 cmd_size;
-+ u64 rsp_pa;
-+ u32 rsp_size;
- int ret;
-
- INIT_LIST_HEAD(&resources);
- ret = acpi_dev_get_resources(device, &resources, crb_check_resource,
-- priv);
-+ &io_res);
- if (ret < 0)
- return ret;
- acpi_dev_free_resource_list(&resources);
-
-- if (resource_type(&priv->res) != IORESOURCE_MEM) {
-+ if (resource_type(&io_res) != IORESOURCE_MEM) {
- dev_err(dev,
- FW_BUG "TPM2 ACPI table does not define a memory resource\n");
- return -EINVAL;
- }
-
-- priv->iobase = devm_ioremap_resource(dev, &priv->res);
-+ priv->iobase = devm_ioremap_resource(dev, &io_res);
- if (IS_ERR(priv->iobase))
- return PTR_ERR(priv->iobase);
-
-- priv->cca = crb_map_res(dev, priv, buf->control_address, 0x1000);
-+ priv->cca = crb_map_res(dev, priv, &io_res, buf->control_address,
-+ sizeof(struct crb_control_area));
- if (IS_ERR(priv->cca))
- return PTR_ERR(priv->cca);
-
-- pa = ((u64) ioread32(&priv->cca->cmd_pa_high) << 32) |
-- (u64) ioread32(&priv->cca->cmd_pa_low);
-- priv->cmd = crb_map_res(dev, priv, pa, ioread32(&priv->cca->cmd_size));
-+ cmd_pa = ((u64) ioread32(&priv->cca->cmd_pa_high) << 32) |
-+ (u64) ioread32(&priv->cca->cmd_pa_low);
-+ cmd_size = ioread32(&priv->cca->cmd_size);
-+ priv->cmd = crb_map_res(dev, priv, &io_res, cmd_pa, cmd_size);
- if (IS_ERR(priv->cmd))
- return PTR_ERR(priv->cmd);
-
-- memcpy_fromio(&pa, &priv->cca->rsp_pa, 8);
-- pa = le64_to_cpu(pa);
-- priv->rsp = crb_map_res(dev, priv, pa, ioread32(&priv->cca->rsp_size));
-- return PTR_ERR_OR_ZERO(priv->rsp);
-+ memcpy_fromio(&rsp_pa, &priv->cca->rsp_pa, 8);
-+ rsp_pa = le64_to_cpu(rsp_pa);
-+ rsp_size = ioread32(&priv->cca->rsp_size);
-+
-+ if (cmd_pa != rsp_pa) {
-+ priv->rsp = crb_map_res(dev, priv, &io_res, rsp_pa, rsp_size);
-+ return PTR_ERR_OR_ZERO(priv->rsp);
-+ }
-+
-+ /* According to the PTP specification, overlapping command and response
-+ * buffer sizes must be identical.
-+ */
-+ if (cmd_size != rsp_size) {
-+ dev_err(dev, FW_BUG "overlapping command and response buffer sizes are not identical");
-+ return -EINVAL;
-+ }
-+
-+ priv->rsp = priv->cmd;
-+ return 0;
- }
-
- static int crb_acpi_add(struct acpi_device *device)
-diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
-index 75bd662..de9a3d75 100644
---- a/drivers/dma/at_xdmac.c
-+++ b/drivers/dma/at_xdmac.c
-@@ -1195,8 +1195,8 @@ static struct at_xdmac_desc *at_xdmac_memset_create_desc(struct dma_chan *chan,
- desc->lld.mbr_cfg = chan_cc;
-
- dev_dbg(chan2dev(chan),
-- "%s: lld: mbr_da=%pad, mbr_ds=%pad, mbr_ubc=0x%08x, mbr_cfg=0x%08x\n",
-- __func__, &desc->lld.mbr_da, &desc->lld.mbr_ds, desc->lld.mbr_ubc,
-+ "%s: lld: mbr_da=%pad, mbr_ds=0x%08x, mbr_ubc=0x%08x, mbr_cfg=0x%08x\n",
-+ __func__, &desc->lld.mbr_da, desc->lld.mbr_ds, desc->lld.mbr_ubc,
- desc->lld.mbr_cfg);
-
- return desc;
-@@ -2067,7 +2067,7 @@ err_dma_unregister:
- err_clk_disable:
- clk_disable_unprepare(atxdmac->clk);
- err_free_irq:
-- free_irq(atxdmac->irq, atxdmac->dma.dev);
-+ free_irq(atxdmac->irq, atxdmac);
- return ret;
- }
-
-@@ -2081,7 +2081,7 @@ static int at_xdmac_remove(struct platform_device *pdev)
- dma_async_device_unregister(&atxdmac->dma);
- clk_disable_unprepare(atxdmac->clk);
-
-- free_irq(atxdmac->irq, atxdmac->dma.dev);
-+ free_irq(atxdmac->irq, atxdmac);
-
- for (i = 0; i < atxdmac->dma.chancnt; i++) {
- struct at_xdmac_chan *atchan = &atxdmac->chan[i];
-diff --git a/drivers/dma/bcm2835-dma.c b/drivers/dma/bcm2835-dma.c
-index 6149b27..c8dd5b0 100644
---- a/drivers/dma/bcm2835-dma.c
-+++ b/drivers/dma/bcm2835-dma.c
-@@ -393,11 +393,12 @@ static void bcm2835_dma_fill_cb_chain_with_sg(
- unsigned int sg_len)
- {
- struct bcm2835_chan *c = to_bcm2835_dma_chan(chan);
-- size_t max_len = bcm2835_dma_max_frame_length(c);
-- unsigned int i, len;
-+ size_t len, max_len;
-+ unsigned int i;
- dma_addr_t addr;
- struct scatterlist *sgent;
-
-+ max_len = bcm2835_dma_max_frame_length(c);
- for_each_sg(sgl, sgent, sg_len, i) {
- for (addr = sg_dma_address(sgent), len = sg_dma_len(sgent);
- len > 0;
-diff --git a/drivers/gpio/gpio-sa1100.c b/drivers/gpio/gpio-sa1100.c
-index 0c99e8f..8d8ee0e 100644
---- a/drivers/gpio/gpio-sa1100.c
-+++ b/drivers/gpio/gpio-sa1100.c
-@@ -155,7 +155,7 @@ static int sa1100_gpio_irqdomain_map(struct irq_domain *d,
- {
- irq_set_chip_and_handler(irq, &sa1100_gpio_irq_chip,
- handle_edge_irq);
-- irq_set_noprobe(irq);
-+ irq_set_probe(irq);
-
- return 0;
- }
-diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/fifo/dmanv04.c b/drivers/gpu/drm/nouveau/nvkm/engine/fifo/dmanv04.c
-index edec30f..0a7b6ed 100644
---- a/drivers/gpu/drm/nouveau/nvkm/engine/fifo/dmanv04.c
-+++ b/drivers/gpu/drm/nouveau/nvkm/engine/fifo/dmanv04.c
-@@ -37,7 +37,10 @@ nv04_fifo_dma_object_dtor(struct nvkm_fifo_chan *base, int cookie)
- {
- struct nv04_fifo_chan *chan = nv04_fifo_chan(base);
- struct nvkm_instmem *imem = chan->fifo->base.engine.subdev.device->imem;
-+
-+ mutex_lock(&chan->fifo->base.engine.subdev.mutex);
- nvkm_ramht_remove(imem->ramht, cookie);
-+ mutex_unlock(&chan->fifo->base.engine.subdev.mutex);
- }
-
- static int
-diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
-index e6abc09..1f78ec2 100644
---- a/drivers/gpu/drm/radeon/si_dpm.c
-+++ b/drivers/gpu/drm/radeon/si_dpm.c
-@@ -3015,6 +3015,12 @@ static void si_apply_state_adjust_rules(struct radeon_device *rdev,
- if (rdev->pdev->device == 0x6811 &&
- rdev->pdev->revision == 0x81)
- max_mclk = 120000;
-+ /* limit sclk/mclk on Jet parts for stability */
-+ if (rdev->pdev->device == 0x6665 &&
-+ rdev->pdev->revision == 0xc3) {
-+ max_sclk = 75000;
-+ max_mclk = 80000;
-+ }
-
- if (rps->vce_active) {
- rps->evclk = rdev->pm.dpm.vce_states[rdev->pm.dpm.vce_level].evclk;
-diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
-index d5df555..cc2daba 100644
---- a/drivers/gpu/drm/udl/udl_fb.c
-+++ b/drivers/gpu/drm/udl/udl_fb.c
-@@ -122,7 +122,7 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y,
- return 0;
- cmd = urb->transfer_buffer;
-
-- for (i = y; i < height ; i++) {
-+ for (i = y; i < y + height ; i++) {
- const int line_offset = fb->base.pitches[0] * i;
- const int byte_offset = line_offset + (x * bpp);
- const int dev_byte_offset = (fb->base.width * bpp * i) + (x * bpp);
-diff --git a/drivers/hwmon/adt7411.c b/drivers/hwmon/adt7411.c
-index 827c037..a7f8869 100644
---- a/drivers/hwmon/adt7411.c
-+++ b/drivers/hwmon/adt7411.c
-@@ -30,6 +30,7 @@
-
- #define ADT7411_REG_CFG1 0x18
- #define ADT7411_CFG1_START_MONITOR (1 << 0)
-+#define ADT7411_CFG1_RESERVED_BIT3 (1 << 3)
-
- #define ADT7411_REG_CFG2 0x19
- #define ADT7411_CFG2_DISABLE_AVG (1 << 5)
-@@ -296,8 +297,10 @@ static int adt7411_probe(struct i2c_client *client,
- mutex_init(&data->device_lock);
- mutex_init(&data->update_lock);
-
-+ /* According to the datasheet, we must only write 1 to bit 3 */
- ret = adt7411_modify_bit(client, ADT7411_REG_CFG1,
-- ADT7411_CFG1_START_MONITOR, 1);
-+ ADT7411_CFG1_RESERVED_BIT3
-+ | ADT7411_CFG1_START_MONITOR, 1);
- if (ret < 0)
- return ret;
-
-diff --git a/drivers/i2c/muxes/i2c-demux-pinctrl.c b/drivers/i2c/muxes/i2c-demux-pinctrl.c
-index 215ac87..e999125 100644
---- a/drivers/i2c/muxes/i2c-demux-pinctrl.c
-+++ b/drivers/i2c/muxes/i2c-demux-pinctrl.c
-@@ -37,8 +37,6 @@ struct i2c_demux_pinctrl_priv {
- struct i2c_demux_pinctrl_chan chan[];
- };
-
--static struct property status_okay = { .name = "status", .length = 3, .value = "ok" };
--
- static int i2c_demux_master_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[], int num)
- {
- struct i2c_demux_pinctrl_priv *priv = adap->algo_data;
-@@ -192,6 +190,7 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
- {
- struct device_node *np = pdev->dev.of_node;
- struct i2c_demux_pinctrl_priv *priv;
-+ struct property *props;
- int num_chan, i, j, err;
-
- num_chan = of_count_phandle_with_args(np, "i2c-parent", NULL);
-@@ -202,7 +201,10 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
-
- priv = devm_kzalloc(&pdev->dev, sizeof(*priv)
- + num_chan * sizeof(struct i2c_demux_pinctrl_chan), GFP_KERNEL);
-- if (!priv)
-+
-+ props = devm_kcalloc(&pdev->dev, num_chan, sizeof(*props), GFP_KERNEL);
-+
-+ if (!priv || !props)
- return -ENOMEM;
-
- err = of_property_read_string(np, "i2c-bus-name", &priv->bus_name);
-@@ -220,8 +222,12 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
- }
- priv->chan[i].parent_np = adap_np;
-
-+ props[i].name = devm_kstrdup(&pdev->dev, "status", GFP_KERNEL);
-+ props[i].value = devm_kstrdup(&pdev->dev, "ok", GFP_KERNEL);
-+ props[i].length = 3;
-+
- of_changeset_init(&priv->chan[i].chgset);
-- of_changeset_update_property(&priv->chan[i].chgset, adap_np, &status_okay);
-+ of_changeset_update_property(&priv->chan[i].chgset, adap_np, &props[i]);
- }
-
- priv->num_chan = num_chan;
-diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
-index ad1b1ad..8b5abc4 100644
---- a/drivers/infiniband/core/cma.c
-+++ b/drivers/infiniband/core/cma.c
-@@ -2452,18 +2452,24 @@ static int cma_resolve_iboe_route(struct rdma_id_private *id_priv)
-
- if (addr->dev_addr.bound_dev_if) {
- ndev = dev_get_by_index(&init_net, addr->dev_addr.bound_dev_if);
-- if (!ndev)
-- return -ENODEV;
-+ if (!ndev) {
-+ ret = -ENODEV;
-+ goto err2;
-+ }
-
- if (ndev->flags & IFF_LOOPBACK) {
- dev_put(ndev);
-- if (!id_priv->id.device->get_netdev)
-- return -EOPNOTSUPP;
-+ if (!id_priv->id.device->get_netdev) {
-+ ret = -EOPNOTSUPP;
-+ goto err2;
-+ }
-
- ndev = id_priv->id.device->get_netdev(id_priv->id.device,
- id_priv->id.port_num);
-- if (!ndev)
-- return -ENODEV;
-+ if (!ndev) {
-+ ret = -ENODEV;
-+ goto err2;
-+ }
- }
-
- route->path_rec->net = &init_net;
-diff --git a/drivers/infiniband/core/multicast.c b/drivers/infiniband/core/multicast.c
-index a83ec28..365cb53 100644
---- a/drivers/infiniband/core/multicast.c
-+++ b/drivers/infiniband/core/multicast.c
-@@ -118,7 +118,6 @@ struct mcast_group {
- atomic_t refcount;
- enum mcast_group_state state;
- struct ib_sa_query *query;
-- int query_id;
- u16 pkey_index;
- u8 leave_state;
- int retries;
-@@ -352,11 +351,7 @@ static int send_join(struct mcast_group *group, struct mcast_member *member)
- member->multicast.comp_mask,
- 3000, GFP_KERNEL, join_handler, group,
- &group->query);
-- if (ret >= 0) {
-- group->query_id = ret;
-- ret = 0;
-- }
-- return ret;
-+ return (ret > 0) ? 0 : ret;
- }
-
- static int send_leave(struct mcast_group *group, u8 leave_state)
-@@ -376,11 +371,7 @@ static int send_leave(struct mcast_group *group, u8 leave_state)
- IB_SA_MCMEMBER_REC_JOIN_STATE,
- 3000, GFP_KERNEL, leave_handler,
- group, &group->query);
-- if (ret >= 0) {
-- group->query_id = ret;
-- ret = 0;
-- }
-- return ret;
-+ return (ret > 0) ? 0 : ret;
- }
-
- static void join_group(struct mcast_group *group, struct mcast_member *member,
-diff --git a/drivers/infiniband/hw/i40iw/i40iw.h b/drivers/infiniband/hw/i40iw/i40iw.h
-index b738acd..8ec09e4 100644
---- a/drivers/infiniband/hw/i40iw/i40iw.h
-+++ b/drivers/infiniband/hw/i40iw/i40iw.h
-@@ -232,7 +232,7 @@ struct i40iw_device {
- struct i40e_client *client;
- struct i40iw_hw hw;
- struct i40iw_cm_core cm_core;
-- unsigned long *mem_resources;
-+ u8 *mem_resources;
- unsigned long *allocated_qps;
- unsigned long *allocated_cqs;
- unsigned long *allocated_mrs;
-@@ -435,8 +435,8 @@ static inline int i40iw_alloc_resource(struct i40iw_device *iwdev,
- *next = resource_num + 1;
- if (*next == max_resources)
- *next = 0;
-- spin_unlock_irqrestore(&iwdev->resource_lock, flags);
- *req_resource_num = resource_num;
-+ spin_unlock_irqrestore(&iwdev->resource_lock, flags);
-
- return 0;
- }
-diff --git a/drivers/infiniband/hw/i40iw/i40iw_cm.c b/drivers/infiniband/hw/i40iw/i40iw_cm.c
-index d2fa725..406a345 100644
---- a/drivers/infiniband/hw/i40iw/i40iw_cm.c
-+++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c
-@@ -535,8 +535,8 @@ static struct i40iw_puda_buf *i40iw_form_cm_frame(struct i40iw_cm_node *cm_node,
- buf += hdr_len;
- }
-
-- if (pd_len)
-- memcpy(buf, pdata->addr, pd_len);
-+ if (pdata && pdata->addr)
-+ memcpy(buf, pdata->addr, pdata->size);
-
- atomic_set(&sqbuf->refcount, 1);
-
-@@ -3347,26 +3347,6 @@ int i40iw_cm_disconn(struct i40iw_qp *iwqp)
- }
-
- /**
-- * i40iw_loopback_nop - Send a nop
-- * @qp: associated hw qp
-- */
--static void i40iw_loopback_nop(struct i40iw_sc_qp *qp)
--{
-- u64 *wqe;
-- u64 header;
--
-- wqe = qp->qp_uk.sq_base->elem;
-- set_64bit_val(wqe, 0, 0);
-- set_64bit_val(wqe, 8, 0);
-- set_64bit_val(wqe, 16, 0);
--
-- header = LS_64(I40IWQP_OP_NOP, I40IWQPSQ_OPCODE) |
-- LS_64(0, I40IWQPSQ_SIGCOMPL) |
-- LS_64(qp->qp_uk.swqe_polarity, I40IWQPSQ_VALID);
-- set_64bit_val(wqe, 24, header);
--}
--
--/**
- * i40iw_qp_disconnect - free qp and close cm
- * @iwqp: associate qp for the connection
- */
-@@ -3638,7 +3618,7 @@ int i40iw_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
- } else {
- if (iwqp->page)
- iwqp->sc_qp.qp_uk.sq_base = kmap(iwqp->page);
-- i40iw_loopback_nop(&iwqp->sc_qp);
-+ dev->iw_priv_qp_ops->qp_send_lsmm(&iwqp->sc_qp, NULL, 0, 0);
- }
-
- if (iwqp->page)
-diff --git a/drivers/infiniband/hw/i40iw/i40iw_hw.c b/drivers/infiniband/hw/i40iw/i40iw_hw.c
-index 3ee0cad..0c92a40 100644
---- a/drivers/infiniband/hw/i40iw/i40iw_hw.c
-+++ b/drivers/infiniband/hw/i40iw/i40iw_hw.c
-@@ -265,6 +265,7 @@ void i40iw_next_iw_state(struct i40iw_qp *iwqp,
- info.dont_send_fin = false;
- if (iwqp->sc_qp.term_flags && (state == I40IW_QP_STATE_ERROR))
- info.reset_tcp_conn = true;
-+ iwqp->hw_iwarp_state = state;
- i40iw_hw_modify_qp(iwqp->iwdev, iwqp, &info, 0);
- }
-
-diff --git a/drivers/infiniband/hw/i40iw/i40iw_main.c b/drivers/infiniband/hw/i40iw/i40iw_main.c
-index 6e90813..445e230 100644
---- a/drivers/infiniband/hw/i40iw/i40iw_main.c
-+++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
-@@ -100,7 +100,7 @@ static struct notifier_block i40iw_net_notifier = {
- .notifier_call = i40iw_net_event
- };
-
--static int i40iw_notifiers_registered;
-+static atomic_t i40iw_notifiers_registered;
-
- /**
- * i40iw_find_i40e_handler - find a handler given a client info
-@@ -1342,12 +1342,11 @@ exit:
- */
- static void i40iw_register_notifiers(void)
- {
-- if (!i40iw_notifiers_registered) {
-+ if (atomic_inc_return(&i40iw_notifiers_registered) == 1) {
- register_inetaddr_notifier(&i40iw_inetaddr_notifier);
- register_inet6addr_notifier(&i40iw_inetaddr6_notifier);
- register_netevent_notifier(&i40iw_net_notifier);
- }
-- i40iw_notifiers_registered++;
- }
-
- /**
-@@ -1429,8 +1428,7 @@ static void i40iw_deinit_device(struct i40iw_device *iwdev, bool reset, bool del
- i40iw_del_macip_entry(iwdev, (u8)iwdev->mac_ip_table_idx);
- /* fallthrough */
- case INET_NOTIFIER:
-- if (i40iw_notifiers_registered > 0) {
-- i40iw_notifiers_registered--;
-+ if (!atomic_dec_return(&i40iw_notifiers_registered)) {
- unregister_netevent_notifier(&i40iw_net_notifier);
- unregister_inetaddr_notifier(&i40iw_inetaddr_notifier);
- unregister_inet6addr_notifier(&i40iw_inetaddr6_notifier);
-@@ -1558,6 +1556,10 @@ static int i40iw_open(struct i40e_info *ldev, struct i40e_client *client)
- enum i40iw_status_code status;
- struct i40iw_handler *hdl;
-
-+ hdl = i40iw_find_netdev(ldev->netdev);
-+ if (hdl)
-+ return 0;
-+
- hdl = kzalloc(sizeof(*hdl), GFP_KERNEL);
- if (!hdl)
- return -ENOMEM;
-diff --git a/drivers/infiniband/hw/i40iw/i40iw_utils.c b/drivers/infiniband/hw/i40iw/i40iw_utils.c
-index 0e8db0a..6fd043b 100644
---- a/drivers/infiniband/hw/i40iw/i40iw_utils.c
-+++ b/drivers/infiniband/hw/i40iw/i40iw_utils.c
-@@ -673,8 +673,11 @@ enum i40iw_status_code i40iw_free_virt_mem(struct i40iw_hw *hw,
- {
- if (!mem)
- return I40IW_ERR_PARAM;
-+ /*
-+ * mem->va points to the parent of mem, so both mem and mem->va
-+ * can not be touched once mem->va is freed
-+ */
- kfree(mem->va);
-- mem->va = NULL;
- return 0;
- }
-
-diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
-index 283b64c..f24bfbd 100644
---- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
-+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
-@@ -794,7 +794,6 @@ static struct ib_qp *i40iw_create_qp(struct ib_pd *ibpd,
- return &iwqp->ibqp;
- error:
- i40iw_free_qp_resources(iwdev, iwqp, qp_num);
-- kfree(mem);
- return ERR_PTR(err_code);
- }
-
-@@ -1925,8 +1924,7 @@ static int i40iw_dereg_mr(struct ib_mr *ib_mr)
- }
- if (iwpbl->pbl_allocated)
- i40iw_free_pble(iwdev->pble_rsrc, palloc);
-- kfree(iwpbl->iwmr);
-- iwpbl->iwmr = NULL;
-+ kfree(iwmr);
- return 0;
- }
-
-diff --git a/drivers/infiniband/hw/mlx4/mad.c b/drivers/infiniband/hw/mlx4/mad.c
-index 9c2e53d..0f21c3a 100644
---- a/drivers/infiniband/hw/mlx4/mad.c
-+++ b/drivers/infiniband/hw/mlx4/mad.c
-@@ -1128,6 +1128,27 @@ void handle_port_mgmt_change_event(struct work_struct *work)
-
- /* Generate GUID changed event */
- if (changed_attr & MLX4_EQ_PORT_INFO_GID_PFX_CHANGE_MASK) {
-+ if (mlx4_is_master(dev->dev)) {
-+ union ib_gid gid;
-+ int err = 0;
-+
-+ if (!eqe->event.port_mgmt_change.params.port_info.gid_prefix)
-+ err = __mlx4_ib_query_gid(&dev->ib_dev, port, 0, &gid, 1);
-+ else
-+ gid.global.subnet_prefix =
-+ eqe->event.port_mgmt_change.params.port_info.gid_prefix;
-+ if (err) {
-+ pr_warn("Could not change QP1 subnet prefix for port %d: query_gid error (%d)\n",
-+ port, err);
-+ } else {
-+ pr_debug("Changing QP1 subnet prefix for port %d. old=0x%llx. new=0x%llx\n",
-+ port,
-+ (u64)atomic64_read(&dev->sriov.demux[port - 1].subnet_prefix),
-+ be64_to_cpu(gid.global.subnet_prefix));
-+ atomic64_set(&dev->sriov.demux[port - 1].subnet_prefix,
-+ be64_to_cpu(gid.global.subnet_prefix));
-+ }
-+ }
- mlx4_ib_dispatch_event(dev, port, IB_EVENT_GID_CHANGE);
- /*if master, notify all slaves*/
- if (mlx4_is_master(dev->dev))
-@@ -2202,6 +2223,8 @@ int mlx4_ib_init_sriov(struct mlx4_ib_dev *dev)
- if (err)
- goto demux_err;
- dev->sriov.demux[i].guid_cache[0] = gid.global.interface_id;
-+ atomic64_set(&dev->sriov.demux[i].subnet_prefix,
-+ be64_to_cpu(gid.global.subnet_prefix));
- err = alloc_pv_object(dev, mlx4_master_func_num(dev->dev), i + 1,
- &dev->sriov.sqps[i]);
- if (err)
-diff --git a/drivers/infiniband/hw/mlx4/mcg.c b/drivers/infiniband/hw/mlx4/mcg.c
-index 8f7ad07..097bfcc 100644
---- a/drivers/infiniband/hw/mlx4/mcg.c
-+++ b/drivers/infiniband/hw/mlx4/mcg.c
-@@ -489,7 +489,7 @@ static u8 get_leave_state(struct mcast_group *group)
- if (!group->members[i])
- leave_state |= (1 << i);
-
-- return leave_state & (group->rec.scope_join_state & 7);
-+ return leave_state & (group->rec.scope_join_state & 0xf);
- }
-
- static int join_group(struct mcast_group *group, int slave, u8 join_mask)
-@@ -564,8 +564,8 @@ static void mlx4_ib_mcg_timeout_handler(struct work_struct *work)
- } else
- mcg_warn_group(group, "DRIVER BUG\n");
- } else if (group->state == MCAST_LEAVE_SENT) {
-- if (group->rec.scope_join_state & 7)
-- group->rec.scope_join_state &= 0xf8;
-+ if (group->rec.scope_join_state & 0xf)
-+ group->rec.scope_join_state &= 0xf0;
- group->state = MCAST_IDLE;
- mutex_unlock(&group->lock);
- if (release_group(group, 1))
-@@ -605,7 +605,7 @@ static int handle_leave_req(struct mcast_group *group, u8 leave_mask,
- static int handle_join_req(struct mcast_group *group, u8 join_mask,
- struct mcast_req *req)
- {
-- u8 group_join_state = group->rec.scope_join_state & 7;
-+ u8 group_join_state = group->rec.scope_join_state & 0xf;
- int ref = 0;
- u16 status;
- struct ib_sa_mcmember_data *sa_data = (struct ib_sa_mcmember_data *)req->sa_mad.data;
-@@ -690,8 +690,8 @@ static void mlx4_ib_mcg_work_handler(struct work_struct *work)
- u8 cur_join_state;
-
- resp_join_state = ((struct ib_sa_mcmember_data *)
-- group->response_sa_mad.data)->scope_join_state & 7;
-- cur_join_state = group->rec.scope_join_state & 7;
-+ group->response_sa_mad.data)->scope_join_state & 0xf;
-+ cur_join_state = group->rec.scope_join_state & 0xf;
-
- if (method == IB_MGMT_METHOD_GET_RESP) {
- /* successfull join */
-@@ -710,7 +710,7 @@ process_requests:
- req = list_first_entry(&group->pending_list, struct mcast_req,
- group_list);
- sa_data = (struct ib_sa_mcmember_data *)req->sa_mad.data;
-- req_join_state = sa_data->scope_join_state & 0x7;
-+ req_join_state = sa_data->scope_join_state & 0xf;
-
- /* For a leave request, we will immediately answer the VF, and
- * update our internal counters. The actual leave will be sent
-diff --git a/drivers/infiniband/hw/mlx4/mlx4_ib.h b/drivers/infiniband/hw/mlx4/mlx4_ib.h
-index 29acda2..d4ca381 100644
---- a/drivers/infiniband/hw/mlx4/mlx4_ib.h
-+++ b/drivers/infiniband/hw/mlx4/mlx4_ib.h
-@@ -448,7 +448,7 @@ struct mlx4_ib_demux_ctx {
- struct workqueue_struct *wq;
- struct workqueue_struct *ud_wq;
- spinlock_t ud_lock;
-- __be64 subnet_prefix;
-+ atomic64_t subnet_prefix;
- __be64 guid_cache[128];
- struct mlx4_ib_dev *dev;
- /* the following lock protects both mcg_table and mcg_mgid0_list */
-diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c
-index 8db8405..d995222 100644
---- a/drivers/infiniband/hw/mlx4/qp.c
-+++ b/drivers/infiniband/hw/mlx4/qp.c
-@@ -2492,24 +2492,27 @@ static int build_mlx_header(struct mlx4_ib_sqp *sqp, struct ib_ud_wr *wr,
- sqp->ud_header.grh.flow_label =
- ah->av.ib.sl_tclass_flowlabel & cpu_to_be32(0xfffff);
- sqp->ud_header.grh.hop_limit = ah->av.ib.hop_limit;
-- if (is_eth)
-+ if (is_eth) {
- memcpy(sqp->ud_header.grh.source_gid.raw, sgid.raw, 16);
-- else {
-- if (mlx4_is_mfunc(to_mdev(ib_dev)->dev)) {
-- /* When multi-function is enabled, the ib_core gid
-- * indexes don't necessarily match the hw ones, so
-- * we must use our own cache */
-- sqp->ud_header.grh.source_gid.global.subnet_prefix =
-- to_mdev(ib_dev)->sriov.demux[sqp->qp.port - 1].
-- subnet_prefix;
-- sqp->ud_header.grh.source_gid.global.interface_id =
-- to_mdev(ib_dev)->sriov.demux[sqp->qp.port - 1].
-- guid_cache[ah->av.ib.gid_index];
-- } else
-- ib_get_cached_gid(ib_dev,
-- be32_to_cpu(ah->av.ib.port_pd) >> 24,
-- ah->av.ib.gid_index,
-- &sqp->ud_header.grh.source_gid, NULL);
-+ } else {
-+ if (mlx4_is_mfunc(to_mdev(ib_dev)->dev)) {
-+ /* When multi-function is enabled, the ib_core gid
-+ * indexes don't necessarily match the hw ones, so
-+ * we must use our own cache
-+ */
-+ sqp->ud_header.grh.source_gid.global.subnet_prefix =
-+ cpu_to_be64(atomic64_read(&(to_mdev(ib_dev)->sriov.
-+ demux[sqp->qp.port - 1].
-+ subnet_prefix)));
-+ sqp->ud_header.grh.source_gid.global.interface_id =
-+ to_mdev(ib_dev)->sriov.demux[sqp->qp.port - 1].
-+ guid_cache[ah->av.ib.gid_index];
-+ } else {
-+ ib_get_cached_gid(ib_dev,
-+ be32_to_cpu(ah->av.ib.port_pd) >> 24,
-+ ah->av.ib.gid_index,
-+ &sqp->ud_header.grh.source_gid, NULL);
-+ }
- }
- memcpy(sqp->ud_header.grh.destination_gid.raw,
- ah->av.ib.dgid, 16);
-diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
-index b48ad85..c90f575 100644
---- a/drivers/infiniband/hw/mlx5/main.c
-+++ b/drivers/infiniband/hw/mlx5/main.c
-@@ -287,7 +287,9 @@ __be16 mlx5_get_roce_udp_sport(struct mlx5_ib_dev *dev, u8 port_num,
-
- static int mlx5_use_mad_ifc(struct mlx5_ib_dev *dev)
- {
-- return !MLX5_CAP_GEN(dev->mdev, ib_virt);
-+ if (MLX5_CAP_GEN(dev->mdev, port_type) == MLX5_CAP_PORT_TYPE_IB)
-+ return !MLX5_CAP_GEN(dev->mdev, ib_virt);
-+ return 0;
- }
-
- enum {
-@@ -1275,6 +1277,13 @@ static int parse_flow_attr(u32 *match_c, u32 *match_v,
- dmac_47_16),
- ib_spec->eth.val.dst_mac);
-
-+ ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, outer_headers_c,
-+ smac_47_16),
-+ ib_spec->eth.mask.src_mac);
-+ ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, outer_headers_v,
-+ smac_47_16),
-+ ib_spec->eth.val.src_mac);
-+
- if (ib_spec->eth.mask.vlan_tag) {
- MLX5_SET(fte_match_set_lyr_2_4, outer_headers_c,
- vlan_tag, 1);
-diff --git a/drivers/infiniband/ulp/ipoib/ipoib.h b/drivers/infiniband/ulp/ipoib/ipoib.h
-index 4f7d9b4..9dbfcc0 100644
---- a/drivers/infiniband/ulp/ipoib/ipoib.h
-+++ b/drivers/infiniband/ulp/ipoib/ipoib.h
-@@ -478,6 +478,7 @@ void ipoib_send(struct net_device *dev, struct sk_buff *skb,
- struct ipoib_ah *address, u32 qpn);
- void ipoib_reap_ah(struct work_struct *work);
-
-+struct ipoib_path *__path_find(struct net_device *dev, void *gid);
- void ipoib_mark_paths_invalid(struct net_device *dev);
- void ipoib_flush_paths(struct net_device *dev);
- int ipoib_check_sm_sendonly_fullmember_support(struct ipoib_dev_priv *priv);
-diff --git a/drivers/infiniband/ulp/ipoib/ipoib_cm.c b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
-index 951d9ab..4ad297d 100644
---- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c
-+++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
-@@ -1318,6 +1318,8 @@ void ipoib_cm_destroy_tx(struct ipoib_cm_tx *tx)
- }
- }
-
-+#define QPN_AND_OPTIONS_OFFSET 4
-+
- static void ipoib_cm_tx_start(struct work_struct *work)
- {
- struct ipoib_dev_priv *priv = container_of(work, struct ipoib_dev_priv,
-@@ -1326,6 +1328,7 @@ static void ipoib_cm_tx_start(struct work_struct *work)
- struct ipoib_neigh *neigh;
- struct ipoib_cm_tx *p;
- unsigned long flags;
-+ struct ipoib_path *path;
- int ret;
-
- struct ib_sa_path_rec pathrec;
-@@ -1338,7 +1341,19 @@ static void ipoib_cm_tx_start(struct work_struct *work)
- p = list_entry(priv->cm.start_list.next, typeof(*p), list);
- list_del_init(&p->list);
- neigh = p->neigh;
-+
- qpn = IPOIB_QPN(neigh->daddr);
-+ /*
-+ * As long as the search is with these 2 locks,
-+ * path existence indicates its validity.
-+ */
-+ path = __path_find(dev, neigh->daddr + QPN_AND_OPTIONS_OFFSET);
-+ if (!path) {
-+ pr_info("%s ignore not valid path %pI6\n",
-+ __func__,
-+ neigh->daddr + QPN_AND_OPTIONS_OFFSET);
-+ goto free_neigh;
-+ }
- memcpy(&pathrec, &p->path->pathrec, sizeof pathrec);
-
- spin_unlock_irqrestore(&priv->lock, flags);
-@@ -1350,6 +1365,7 @@ static void ipoib_cm_tx_start(struct work_struct *work)
- spin_lock_irqsave(&priv->lock, flags);
-
- if (ret) {
-+free_neigh:
- neigh = p->neigh;
- if (neigh) {
- neigh->cm = NULL;
-diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
-index dc6d241..be11d5d 100644
---- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
-+++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
-@@ -1161,8 +1161,17 @@ static void __ipoib_ib_dev_flush(struct ipoib_dev_priv *priv,
- }
-
- if (level == IPOIB_FLUSH_LIGHT) {
-+ int oper_up;
- ipoib_mark_paths_invalid(dev);
-+ /* Set IPoIB operation as down to prevent races between:
-+ * the flush flow which leaves MCG and on the fly joins
-+ * which can happen during that time. mcast restart task
-+ * should deal with join requests we missed.
-+ */
-+ oper_up = test_and_clear_bit(IPOIB_FLAG_OPER_UP, &priv->flags);
- ipoib_mcast_dev_flush(dev);
-+ if (oper_up)
-+ set_bit(IPOIB_FLAG_OPER_UP, &priv->flags);
- ipoib_flush_ah(dev);
- }
-
-diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
-index 5f58c41..ddebda5 100644
---- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
-+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
-@@ -485,7 +485,7 @@ int ipoib_set_mode(struct net_device *dev, const char *buf)
- return -EINVAL;
- }
-
--static struct ipoib_path *__path_find(struct net_device *dev, void *gid)
-+struct ipoib_path *__path_find(struct net_device *dev, void *gid)
- {
- struct ipoib_dev_priv *priv = netdev_priv(dev);
- struct rb_node *n = priv->path_tree.rb_node;
-diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
-index 2c5ba0e..53891c3 100644
---- a/drivers/irqchip/irq-gic-v3.c
-+++ b/drivers/irqchip/irq-gic-v3.c
-@@ -558,7 +558,7 @@ static struct notifier_block gic_cpu_notifier = {
- static u16 gic_compute_target_list(int *base_cpu, const struct cpumask *mask,
- unsigned long cluster_id)
- {
-- int cpu = *base_cpu;
-+ int next_cpu, cpu = *base_cpu;
- unsigned long mpidr = cpu_logical_map(cpu);
- u16 tlist = 0;
-
-@@ -572,9 +572,10 @@ static u16 gic_compute_target_list(int *base_cpu, const struct cpumask *mask,
-
- tlist |= 1 << (mpidr & 0xf);
-
-- cpu = cpumask_next(cpu, mask);
-- if (cpu >= nr_cpu_ids)
-+ next_cpu = cpumask_next(cpu, mask);
-+ if (next_cpu >= nr_cpu_ids)
- goto out;
-+ cpu = next_cpu;
-
- mpidr = cpu_logical_map(cpu);
-
-diff --git a/drivers/mailbox/mailbox-test.c b/drivers/mailbox/mailbox-test.c
-index 58d0472..9ca96e9 100644
---- a/drivers/mailbox/mailbox-test.c
-+++ b/drivers/mailbox/mailbox-test.c
-@@ -133,6 +133,7 @@ static ssize_t mbox_test_message_write(struct file *filp,
- out:
- kfree(tdev->signal);
- kfree(tdev->message);
-+ tdev->signal = NULL;
-
- return ret < 0 ? ret : count;
- }
-diff --git a/drivers/md/dm-log-writes.c b/drivers/md/dm-log-writes.c
-index d8f8cc8..dd23075 100644
---- a/drivers/md/dm-log-writes.c
-+++ b/drivers/md/dm-log-writes.c
-@@ -259,7 +259,7 @@ static int log_one_block(struct log_writes_c *lc,
- sector++;
-
- atomic_inc(&lc->io_blocks);
-- bio = bio_alloc(GFP_KERNEL, block->vec_cnt);
-+ bio = bio_alloc(GFP_KERNEL, min(block->vec_cnt, BIO_MAX_PAGES));
- if (!bio) {
- DMERR("Couldn't alloc log bio");
- goto error;
-@@ -280,7 +280,7 @@ static int log_one_block(struct log_writes_c *lc,
- if (ret != block->vecs[i].bv_len) {
- atomic_inc(&lc->io_blocks);
- submit_bio(WRITE, bio);
-- bio = bio_alloc(GFP_KERNEL, block->vec_cnt - i);
-+ bio = bio_alloc(GFP_KERNEL, min(block->vec_cnt - i, BIO_MAX_PAGES));
- if (!bio) {
- DMERR("Couldn't alloc log bio");
- goto error;
-diff --git a/drivers/media/platform/vsp1/vsp1_pipe.c b/drivers/media/platform/vsp1/vsp1_pipe.c
-index 4f3b4a1..3c8f40b 100644
---- a/drivers/media/platform/vsp1/vsp1_pipe.c
-+++ b/drivers/media/platform/vsp1/vsp1_pipe.c
-@@ -172,13 +172,17 @@ void vsp1_pipeline_reset(struct vsp1_pipeline *pipe)
- bru->inputs[i].rpf = NULL;
- }
-
-- for (i = 0; i < pipe->num_inputs; ++i) {
-- pipe->inputs[i]->pipe = NULL;
-- pipe->inputs[i] = NULL;
-+ for (i = 0; i < ARRAY_SIZE(pipe->inputs); ++i) {
-+ if (pipe->inputs[i]) {
-+ pipe->inputs[i]->pipe = NULL;
-+ pipe->inputs[i] = NULL;
-+ }
- }
-
-- pipe->output->pipe = NULL;
-- pipe->output = NULL;
-+ if (pipe->output) {
-+ pipe->output->pipe = NULL;
-+ pipe->output = NULL;
-+ }
-
- INIT_LIST_HEAD(&pipe->entities);
- pipe->state = VSP1_PIPELINE_STOPPED;
-diff --git a/drivers/media/usb/em28xx/em28xx-i2c.c b/drivers/media/usb/em28xx/em28xx-i2c.c
-index a19b5c8..1a9e1e5 100644
---- a/drivers/media/usb/em28xx/em28xx-i2c.c
-+++ b/drivers/media/usb/em28xx/em28xx-i2c.c
-@@ -507,9 +507,8 @@ static int em28xx_i2c_xfer(struct i2c_adapter *i2c_adap,
- if (dev->disconnected)
- return -ENODEV;
-
-- rc = rt_mutex_trylock(&dev->i2c_bus_lock);
-- if (rc < 0)
-- return rc;
-+ if (!rt_mutex_trylock(&dev->i2c_bus_lock))
-+ return -EAGAIN;
-
- /* Switch I2C bus if needed */
- if (bus != dev->cur_i2c_bus &&
-diff --git a/drivers/media/usb/gspca/cpia1.c b/drivers/media/usb/gspca/cpia1.c
-index f23df4a9..52b88e9 100644
---- a/drivers/media/usb/gspca/cpia1.c
-+++ b/drivers/media/usb/gspca/cpia1.c
-@@ -1624,7 +1624,7 @@ static int sd_start(struct gspca_dev *gspca_dev)
-
- static void sd_stopN(struct gspca_dev *gspca_dev)
- {
-- struct sd *sd = (struct sd *) gspca_dev;
-+ struct sd *sd __maybe_unused = (struct sd *) gspca_dev;
-
- command_pause(gspca_dev);
-
-diff --git a/drivers/media/usb/gspca/konica.c b/drivers/media/usb/gspca/konica.c
-index 39c96bb..0712b1b 100644
---- a/drivers/media/usb/gspca/konica.c
-+++ b/drivers/media/usb/gspca/konica.c
-@@ -243,7 +243,7 @@ static int sd_start(struct gspca_dev *gspca_dev)
-
- static void sd_stopN(struct gspca_dev *gspca_dev)
- {
-- struct sd *sd = (struct sd *) gspca_dev;
-+ struct sd *sd __maybe_unused = (struct sd *) gspca_dev;
-
- konica_stream_off(gspca_dev);
- #if IS_ENABLED(CONFIG_INPUT)
-diff --git a/drivers/media/usb/gspca/t613.c b/drivers/media/usb/gspca/t613.c
-index e2cc4e5..bb52fc1 100644
---- a/drivers/media/usb/gspca/t613.c
-+++ b/drivers/media/usb/gspca/t613.c
-@@ -837,7 +837,7 @@ static void sd_pkt_scan(struct gspca_dev *gspca_dev,
- u8 *data, /* isoc packet */
- int len) /* iso packet length */
- {
-- struct sd *sd = (struct sd *) gspca_dev;
-+ struct sd *sd __maybe_unused = (struct sd *) gspca_dev;
- int pkt_type;
-
- if (data[0] == 0x5a) {
-diff --git a/drivers/misc/cxl/guest.c b/drivers/misc/cxl/guest.c
-index bc8d0b9..df65193 100644
---- a/drivers/misc/cxl/guest.c
-+++ b/drivers/misc/cxl/guest.c
-@@ -1052,16 +1052,18 @@ static void free_adapter(struct cxl *adapter)
- struct irq_avail *cur;
- int i;
-
-- if (adapter->guest->irq_avail) {
-- for (i = 0; i < adapter->guest->irq_nranges; i++) {
-- cur = &adapter->guest->irq_avail[i];
-- kfree(cur->bitmap);
-+ if (adapter->guest) {
-+ if (adapter->guest->irq_avail) {
-+ for (i = 0; i < adapter->guest->irq_nranges; i++) {
-+ cur = &adapter->guest->irq_avail[i];
-+ kfree(cur->bitmap);
-+ }
-+ kfree(adapter->guest->irq_avail);
- }
-- kfree(adapter->guest->irq_avail);
-+ kfree(adapter->guest->status);
-+ kfree(adapter->guest);
- }
-- kfree(adapter->guest->status);
- cxl_remove_adapter_nr(adapter);
-- kfree(adapter->guest);
- kfree(adapter);
- }
-
-diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c
-index bcc0de4..bd11998 100644
---- a/drivers/mmc/host/sdhci-tegra.c
-+++ b/drivers/mmc/host/sdhci-tegra.c
-@@ -148,28 +148,37 @@ static void tegra_sdhci_reset(struct sdhci_host *host, u8 mask)
- return;
-
- misc_ctrl = sdhci_readl(host, SDHCI_TEGRA_VENDOR_MISC_CTRL);
-- /* Erratum: Enable SDHCI spec v3.00 support */
-- if (soc_data->nvquirks & NVQUIRK_ENABLE_SDHCI_SPEC_300)
-- misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDHCI_SPEC_300;
-- /* Advertise UHS modes as supported by host */
-- if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR50)
-- misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR50;
-- else
-- misc_ctrl &= ~SDHCI_MISC_CTRL_ENABLE_SDR50;
-- if (soc_data->nvquirks & NVQUIRK_ENABLE_DDR50)
-- misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_DDR50;
-- else
-- misc_ctrl &= ~SDHCI_MISC_CTRL_ENABLE_DDR50;
-- if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR104)
-- misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR104;
-- else
-- misc_ctrl &= ~SDHCI_MISC_CTRL_ENABLE_SDR104;
-- sdhci_writel(host, misc_ctrl, SDHCI_TEGRA_VENDOR_MISC_CTRL);
--
- clk_ctrl = sdhci_readl(host, SDHCI_TEGRA_VENDOR_CLOCK_CTRL);
-+
-+ misc_ctrl &= ~(SDHCI_MISC_CTRL_ENABLE_SDHCI_SPEC_300 |
-+ SDHCI_MISC_CTRL_ENABLE_SDR50 |
-+ SDHCI_MISC_CTRL_ENABLE_DDR50 |
-+ SDHCI_MISC_CTRL_ENABLE_SDR104);
-+
- clk_ctrl &= ~SDHCI_CLOCK_CTRL_SPI_MODE_CLKEN_OVERRIDE;
-- if (soc_data->nvquirks & SDHCI_MISC_CTRL_ENABLE_SDR50)
-- clk_ctrl |= SDHCI_CLOCK_CTRL_SDR50_TUNING_OVERRIDE;
-+
-+ /*
-+ * If the board does not define a regulator for the SDHCI
-+ * IO voltage, then don't advertise support for UHS modes
-+ * even if the device supports it because the IO voltage
-+ * cannot be configured.
-+ */
-+ if (!IS_ERR(host->mmc->supply.vqmmc)) {
-+ /* Erratum: Enable SDHCI spec v3.00 support */
-+ if (soc_data->nvquirks & NVQUIRK_ENABLE_SDHCI_SPEC_300)
-+ misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDHCI_SPEC_300;
-+ /* Advertise UHS modes as supported by host */
-+ if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR50)
-+ misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR50;
-+ if (soc_data->nvquirks & NVQUIRK_ENABLE_DDR50)
-+ misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_DDR50;
-+ if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR104)
-+ misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR104;
-+ if (soc_data->nvquirks & SDHCI_MISC_CTRL_ENABLE_SDR50)
-+ clk_ctrl |= SDHCI_CLOCK_CTRL_SDR50_TUNING_OVERRIDE;
-+ }
-+
-+ sdhci_writel(host, misc_ctrl, SDHCI_TEGRA_VENDOR_MISC_CTRL);
- sdhci_writel(host, clk_ctrl, SDHCI_TEGRA_VENDOR_CLOCK_CTRL);
-
- if (soc_data->nvquirks & NVQUIRK_HAS_PADCALIB)
-diff --git a/drivers/mtd/nand/davinci_nand.c b/drivers/mtd/nand/davinci_nand.c
-index cc07ba0..27fa8b8 100644
---- a/drivers/mtd/nand/davinci_nand.c
-+++ b/drivers/mtd/nand/davinci_nand.c
-@@ -240,6 +240,9 @@ static void nand_davinci_hwctl_4bit(struct mtd_info *mtd, int mode)
- unsigned long flags;
- u32 val;
-
-+ /* Reset ECC hardware */
-+ davinci_nand_readl(info, NAND_4BIT_ECC1_OFFSET);
-+
- spin_lock_irqsave(&davinci_nand_lock, flags);
-
- /* Start 4-bit ECC calculation for read/write */
-diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
-index ad535a8..eab1327 100644
---- a/drivers/net/can/dev.c
-+++ b/drivers/net/can/dev.c
-@@ -21,6 +21,7 @@
- #include <linux/slab.h>
- #include <linux/netdevice.h>
- #include <linux/if_arp.h>
-+#include <linux/workqueue.h>
- #include <linux/can.h>
- #include <linux/can/dev.h>
- #include <linux/can/skb.h>
-@@ -471,9 +472,8 @@ EXPORT_SYMBOL_GPL(can_free_echo_skb);
- /*
- * CAN device restart for bus-off recovery
- */
--static void can_restart(unsigned long data)
-+static void can_restart(struct net_device *dev)
- {
-- struct net_device *dev = (struct net_device *)data;
- struct can_priv *priv = netdev_priv(dev);
- struct net_device_stats *stats = &dev->stats;
- struct sk_buff *skb;
-@@ -513,6 +513,14 @@ restart:
- netdev_err(dev, "Error %d during restart", err);
- }
-
-+static void can_restart_work(struct work_struct *work)
-+{
-+ struct delayed_work *dwork = to_delayed_work(work);
-+ struct can_priv *priv = container_of(dwork, struct can_priv, restart_work);
-+
-+ can_restart(priv->dev);
-+}
-+
- int can_restart_now(struct net_device *dev)
- {
- struct can_priv *priv = netdev_priv(dev);
-@@ -526,8 +534,8 @@ int can_restart_now(struct net_device *dev)
- if (priv->state != CAN_STATE_BUS_OFF)
- return -EBUSY;
-
-- /* Runs as soon as possible in the timer context */
-- mod_timer(&priv->restart_timer, jiffies);
-+ cancel_delayed_work_sync(&priv->restart_work);
-+ can_restart(dev);
-
- return 0;
- }
-@@ -548,8 +556,8 @@ void can_bus_off(struct net_device *dev)
- netif_carrier_off(dev);
-
- if (priv->restart_ms)
-- mod_timer(&priv->restart_timer,
-- jiffies + (priv->restart_ms * HZ) / 1000);
-+ schedule_delayed_work(&priv->restart_work,
-+ msecs_to_jiffies(priv->restart_ms));
- }
- EXPORT_SYMBOL_GPL(can_bus_off);
-
-@@ -658,6 +666,7 @@ struct net_device *alloc_candev(int sizeof_priv, unsigned int echo_skb_max)
- return NULL;
-
- priv = netdev_priv(dev);
-+ priv->dev = dev;
-
- if (echo_skb_max) {
- priv->echo_skb_max = echo_skb_max;
-@@ -667,7 +676,7 @@ struct net_device *alloc_candev(int sizeof_priv, unsigned int echo_skb_max)
-
- priv->state = CAN_STATE_STOPPED;
-
-- init_timer(&priv->restart_timer);
-+ INIT_DELAYED_WORK(&priv->restart_work, can_restart_work);
-
- return dev;
- }
-@@ -748,8 +757,6 @@ int open_candev(struct net_device *dev)
- if (!netif_carrier_ok(dev))
- netif_carrier_on(dev);
-
-- setup_timer(&priv->restart_timer, can_restart, (unsigned long)dev);
--
- return 0;
- }
- EXPORT_SYMBOL_GPL(open_candev);
-@@ -764,7 +771,7 @@ void close_candev(struct net_device *dev)
- {
- struct can_priv *priv = netdev_priv(dev);
-
-- del_timer_sync(&priv->restart_timer);
-+ cancel_delayed_work_sync(&priv->restart_work);
- can_flush_echo_skb(dev);
- }
- EXPORT_SYMBOL_GPL(close_candev);
-diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c b/drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c
-index 9c0d875..9b51954 100644
---- a/drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c
-+++ b/drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c
-@@ -983,9 +983,10 @@ void fm10k_write_reta(struct fm10k_intfc *interface, const u32 *indir)
- /* generate a new table if we weren't given one */
- for (j = 0; j < 4; j++) {
- if (indir)
-- n = indir[i + j];
-+ n = indir[4 * i + j];
- else
-- n = ethtool_rxfh_indir_default(i + j, rss_i);
-+ n = ethtool_rxfh_indir_default(4 * i + j,
-+ rss_i);
-
- table[j] = n;
- }
-diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c b/drivers/net/ethernet/intel/i40e/i40e_common.c
-index 422b41d..d5cb570 100644
---- a/drivers/net/ethernet/intel/i40e/i40e_common.c
-+++ b/drivers/net/ethernet/intel/i40e/i40e_common.c
-@@ -297,13 +297,15 @@ void i40e_debug_aq(struct i40e_hw *hw, enum i40e_debug_mask mask, void *desc,
- void *buffer, u16 buf_len)
- {
- struct i40e_aq_desc *aq_desc = (struct i40e_aq_desc *)desc;
-- u16 len = le16_to_cpu(aq_desc->datalen);
-+ u16 len;
- u8 *buf = (u8 *)buffer;
- u16 i = 0;
-
- if ((!(mask & hw->debug_mask)) || (desc == NULL))
- return;
-
-+ len = le16_to_cpu(aq_desc->datalen);
-+
- i40e_debug(hw, mask,
- "AQ CMD: opcode 0x%04X, flags 0x%04X, datalen 0x%04X, retval 0x%04X\n",
- le16_to_cpu(aq_desc->opcode),
-diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
-index 813cdd2..d3f8b9f 100644
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1524,7 +1524,7 @@ static void ath10k_htt_rx_h_filter(struct ath10k *ar,
- static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt)
- {
- struct ath10k *ar = htt->ar;
-- static struct ieee80211_rx_status rx_status;
-+ struct ieee80211_rx_status *rx_status = &htt->rx_status;
- struct sk_buff_head amsdu;
- int ret;
-
-@@ -1548,11 +1548,11 @@ static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt)
- return ret;
- }
-
-- ath10k_htt_rx_h_ppdu(ar, &amsdu, &rx_status, 0xffff);
-+ ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff);
- ath10k_htt_rx_h_unchain(ar, &amsdu, ret > 0);
-- ath10k_htt_rx_h_filter(ar, &amsdu, &rx_status);
-- ath10k_htt_rx_h_mpdu(ar, &amsdu, &rx_status);
-- ath10k_htt_rx_h_deliver(ar, &amsdu, &rx_status);
-+ ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
-+ ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status);
-+ ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
-
- return 0;
- }
-diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
-index dec1a31..e2083f4 100644
---- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
-@@ -4176,7 +4176,7 @@ static void ath9k_hw_ar9300_set_board_values(struct ath_hw *ah,
- if (!AR_SREV_9330(ah) && !AR_SREV_9340(ah) && !AR_SREV_9531(ah))
- ar9003_hw_internal_regulator_apply(ah);
- ar9003_hw_apply_tuning_caps(ah);
-- ar9003_hw_apply_minccapwr_thresh(ah, chan);
-+ ar9003_hw_apply_minccapwr_thresh(ah, is2ghz);
- ar9003_hw_txend_to_xpa_off_apply(ah, is2ghz);
- ar9003_hw_thermometer_apply(ah);
- ar9003_hw_thermo_cal_apply(ah);
-diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
-index c7550da..570c80a 100644
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
-@@ -722,8 +722,10 @@ int brcmf_sdiod_recv_chain(struct brcmf_sdio_dev *sdiodev,
- return -ENOMEM;
- err = brcmf_sdiod_buffrw(sdiodev, SDIO_FUNC_2, false, addr,
- glom_skb);
-- if (err)
-+ if (err) {
-+ brcmu_pkt_buf_free_skb(glom_skb);
- goto done;
-+ }
-
- skb_queue_walk(pktq, skb) {
- memcpy(skb->data, glom_skb->data, skb->len);
-diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c
-index 796f5f9..b7df576 100644
---- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c
-@@ -1079,8 +1079,10 @@ bool dma_rxfill(struct dma_pub *pub)
-
- pa = dma_map_single(di->dmadev, p->data, di->rxbufsize,
- DMA_FROM_DEVICE);
-- if (dma_mapping_error(di->dmadev, pa))
-+ if (dma_mapping_error(di->dmadev, pa)) {
-+ brcmu_pkt_buf_free_skb(p);
- return false;
-+ }
-
- /* save the free packet pointer */
- di->rxp[rxout] = p;
-diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/stf.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/stf.c
-index dd91627..0ab865d 100644
---- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/stf.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/stf.c
-@@ -87,7 +87,7 @@ void
- brcms_c_stf_ss_algo_channel_get(struct brcms_c_info *wlc, u16 *ss_algo_channel,
- u16 chanspec)
- {
-- struct tx_power power;
-+ struct tx_power power = { };
- u8 siso_mcs_id, cdd_mcs_id, stbc_mcs_id;
-
- /* Clear previous settings */
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c
-index e1b6b2c..46b52bf 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c
-@@ -288,7 +288,8 @@ static void iwl_mvm_dump_fifos(struct iwl_mvm *mvm,
- fifo_hdr->fifo_num = cpu_to_le32(i);
-
- /* Mark the number of TXF we're pulling now */
-- iwl_trans_write_prph(mvm->trans, TXF_CPU2_NUM, i);
-+ iwl_trans_write_prph(mvm->trans, TXF_CPU2_NUM, i +
-+ ARRAY_SIZE(mvm->shared_mem_cfg.txfifo_size));
-
- fifo_hdr->available_bytes =
- cpu_to_le32(iwl_trans_read_prph(mvm->trans,
-@@ -959,5 +960,6 @@ int iwl_mvm_start_fw_dbg_conf(struct iwl_mvm *mvm, u8 conf_id)
- }
-
- mvm->fw_dbg_conf = conf_id;
-- return ret;
-+
-+ return 0;
- }
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
-index 7057f35..fb71cf6 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
-@@ -139,17 +139,21 @@ void iwl_free_fw_paging(struct iwl_mvm *mvm)
- return;
-
- for (i = 0; i < NUM_OF_FW_PAGING_BLOCKS; i++) {
-- if (!mvm->fw_paging_db[i].fw_paging_block) {
-+ struct iwl_fw_paging *paging = &mvm->fw_paging_db[i];
-+
-+ if (!paging->fw_paging_block) {
- IWL_DEBUG_FW(mvm,
- "Paging: block %d already freed, continue to next page\n",
- i);
-
- continue;
- }
-+ dma_unmap_page(mvm->trans->dev, paging->fw_paging_phys,
-+ paging->fw_paging_size, DMA_BIDIRECTIONAL);
-
-- __free_pages(mvm->fw_paging_db[i].fw_paging_block,
-- get_order(mvm->fw_paging_db[i].fw_paging_size));
-- mvm->fw_paging_db[i].fw_paging_block = NULL;
-+ __free_pages(paging->fw_paging_block,
-+ get_order(paging->fw_paging_size));
-+ paging->fw_paging_block = NULL;
- }
- kfree(mvm->trans->paging_download_buf);
- mvm->trans->paging_download_buf = NULL;
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c
-index 25a9840..0551a4b 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c
-@@ -667,8 +667,7 @@ iwl_mvm_update_mcc(struct iwl_mvm *mvm, const char *alpha2,
- .mcc = cpu_to_le16(alpha2[0] << 8 | alpha2[1]),
- .source_id = (u8)src_id,
- };
-- struct iwl_mcc_update_resp *mcc_resp, *resp_cp = NULL;
-- struct iwl_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
-+ struct iwl_mcc_update_resp *resp_cp;
- struct iwl_rx_packet *pkt;
- struct iwl_host_cmd cmd = {
- .id = MCC_UPDATE_CMD,
-@@ -701,34 +700,36 @@ iwl_mvm_update_mcc(struct iwl_mvm *mvm, const char *alpha2,
-
- /* Extract MCC response */
- if (resp_v2) {
-- mcc_resp = (void *)pkt->data;
-+ struct iwl_mcc_update_resp *mcc_resp = (void *)pkt->data;
-+
- n_channels = __le32_to_cpu(mcc_resp->n_channels);
-+ resp_len = sizeof(struct iwl_mcc_update_resp) +
-+ n_channels * sizeof(__le32);
-+ resp_cp = kmemdup(mcc_resp, resp_len, GFP_KERNEL);
- } else {
-- mcc_resp_v1 = (void *)pkt->data;
-+ struct iwl_mcc_update_resp_v1 *mcc_resp_v1 = (void *)pkt->data;
-+
- n_channels = __le32_to_cpu(mcc_resp_v1->n_channels);
-+ resp_len = sizeof(struct iwl_mcc_update_resp) +
-+ n_channels * sizeof(__le32);
-+ resp_cp = kzalloc(resp_len, GFP_KERNEL);
-+
-+ if (resp_cp) {
-+ resp_cp->status = mcc_resp_v1->status;
-+ resp_cp->mcc = mcc_resp_v1->mcc;
-+ resp_cp->cap = mcc_resp_v1->cap;
-+ resp_cp->source_id = mcc_resp_v1->source_id;
-+ resp_cp->n_channels = mcc_resp_v1->n_channels;
-+ memcpy(resp_cp->channels, mcc_resp_v1->channels,
-+ n_channels * sizeof(__le32));
-+ }
- }
-
-- resp_len = sizeof(struct iwl_mcc_update_resp) + n_channels *
-- sizeof(__le32);
--
-- resp_cp = kzalloc(resp_len, GFP_KERNEL);
- if (!resp_cp) {
- ret = -ENOMEM;
- goto exit;
- }
-
-- if (resp_v2) {
-- memcpy(resp_cp, mcc_resp, resp_len);
-- } else {
-- resp_cp->status = mcc_resp_v1->status;
-- resp_cp->mcc = mcc_resp_v1->mcc;
-- resp_cp->cap = mcc_resp_v1->cap;
-- resp_cp->source_id = mcc_resp_v1->source_id;
-- resp_cp->n_channels = mcc_resp_v1->n_channels;
-- memcpy(resp_cp->channels, mcc_resp_v1->channels,
-- n_channels * sizeof(__le32));
-- }
--
- status = le32_to_cpu(resp_cp->status);
-
- mcc = le16_to_cpu(resp_cp->mcc);
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sf.c b/drivers/net/wireless/intel/iwlwifi/mvm/sf.c
-index 443a428..101fb04 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/sf.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sf.c
-@@ -215,7 +215,7 @@ static int iwl_mvm_sf_config(struct iwl_mvm *mvm, u8 sta_id,
- enum iwl_sf_state new_state)
- {
- struct iwl_sf_cfg_cmd sf_cmd = {
-- .state = cpu_to_le32(SF_FULL_ON),
-+ .state = cpu_to_le32(new_state),
- };
- struct ieee80211_sta *sta;
- int ret = 0;
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
-index b23ab4a..1822ad3 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
-@@ -1374,11 +1374,12 @@ int iwl_mvm_sta_rx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
- */
- WARN_ON(rcu_access_pointer(mvm->baid_map[baid]));
- rcu_assign_pointer(mvm->baid_map[baid], baid_data);
-- } else if (mvm->rx_ba_sessions > 0) {
-+ } else {
- u8 baid = mvm_sta->tid_to_baid[tid];
-
-- /* check that restart flow didn't zero the counter */
-- mvm->rx_ba_sessions--;
-+ if (mvm->rx_ba_sessions > 0)
-+ /* check that restart flow didn't zero the counter */
-+ mvm->rx_ba_sessions--;
- if (!iwl_mvm_has_new_rx_api(mvm))
- return 0;
-
-diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
-index b92b75f..6b8d9a5 100644
---- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
-@@ -138,28 +138,19 @@ static void iwl_mvm_tx_csum(struct iwl_mvm *mvm, struct sk_buff *skb,
-
- protocol = ipv6h->nexthdr;
- while (protocol != NEXTHDR_NONE && ipv6_ext_hdr(protocol)) {
-+ struct ipv6_opt_hdr *hp;
-+
- /* only supported extension headers */
- if (protocol != NEXTHDR_ROUTING &&
- protocol != NEXTHDR_HOP &&
-- protocol != NEXTHDR_DEST &&
-- protocol != NEXTHDR_FRAGMENT) {
-+ protocol != NEXTHDR_DEST) {
- skb_checksum_help(skb);
- return;
- }
-
-- if (protocol == NEXTHDR_FRAGMENT) {
-- struct frag_hdr *hp =
-- OPT_HDR(struct frag_hdr, skb, off);
--
-- protocol = hp->nexthdr;
-- off += sizeof(struct frag_hdr);
-- } else {
-- struct ipv6_opt_hdr *hp =
-- OPT_HDR(struct ipv6_opt_hdr, skb, off);
--
-- protocol = hp->nexthdr;
-- off += ipv6_optlen(hp);
-- }
-+ hp = OPT_HDR(struct ipv6_opt_hdr, skb, off);
-+ protocol = hp->nexthdr;
-+ off += ipv6_optlen(hp);
- }
- /* if we get here - protocol now should be TCP/UDP */
- #endif
-@@ -1312,7 +1303,15 @@ static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm,
- bool send_eosp_ndp = false;
-
- spin_lock_bh(&mvmsta->lock);
-- txq_agg = (mvmsta->tid_data[tid].state == IWL_AGG_ON);
-+ if (iwl_mvm_is_dqa_supported(mvm)) {
-+ enum iwl_mvm_agg_state state;
-+
-+ state = mvmsta->tid_data[tid].state;
-+ txq_agg = (state == IWL_AGG_ON ||
-+ state == IWL_EMPTYING_HW_QUEUE_DELBA);
-+ } else {
-+ txq_agg = txq_id >= mvm->first_agg_queue;
-+ }
-
- if (!is_ndp) {
- tid_data->next_reclaimed = next_reclaimed;
-diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
-index d6beac9..dec63a0 100644
---- a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
-+++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
-@@ -1595,9 +1595,9 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
-
- /* start the TFD with the scratchbuf */
- scratch_size = min_t(int, copy_size, IWL_HCMD_SCRATCHBUF_SIZE);
-- memcpy(&txq->scratchbufs[q->write_ptr], &out_cmd->hdr, scratch_size);
-+ memcpy(&txq->scratchbufs[idx], &out_cmd->hdr, scratch_size);
- iwl_pcie_txq_build_tfd(trans, txq,
-- iwl_pcie_get_scratchbuf_dma(txq, q->write_ptr),
-+ iwl_pcie_get_scratchbuf_dma(txq, idx),
- scratch_size, true);
-
- /* map first command fragment, if any remains */
-diff --git a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
-index 666e91a..bf5660e 100644
---- a/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
-+++ b/drivers/net/wireless/marvell/mwifiex/uap_txrx.c
-@@ -272,7 +272,7 @@ int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
- int mwifiex_uap_recv_packet(struct mwifiex_private *priv,
- struct sk_buff *skb)
- {
-- struct mwifiex_adapter *adapter = adapter;
-+ struct mwifiex_adapter *adapter = priv->adapter;
- struct mwifiex_sta_node *src_node;
- struct ethhdr *p_ethhdr;
- struct sk_buff *skb_uap;
-diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
-index e44a7a2..1642742 100644
---- a/drivers/nfc/fdp/fdp.c
-+++ b/drivers/nfc/fdp/fdp.c
-@@ -353,7 +353,7 @@ static int fdp_nci_patch_otp(struct nci_dev *ndev)
- {
- struct fdp_nci_info *info = nci_get_drvdata(ndev);
- struct device *dev = &info->phy->i2c_dev->dev;
-- u8 conn_id;
-+ int conn_id;
- int r = 0;
-
- if (info->otp_version >= info->otp_patch_version)
-@@ -424,7 +424,7 @@ static int fdp_nci_patch_ram(struct nci_dev *ndev)
- {
- struct fdp_nci_info *info = nci_get_drvdata(ndev);
- struct device *dev = &info->phy->i2c_dev->dev;
-- u8 conn_id;
-+ int conn_id;
- int r = 0;
-
- if (info->ram_version >= info->ram_patch_version)
-diff --git a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
-index 489ea10..69b5e81 100644
---- a/drivers/pcmcia/ds.c
-+++ b/drivers/pcmcia/ds.c
-@@ -977,7 +977,7 @@ static int pcmcia_bus_uevent(struct device *dev, struct kobj_uevent_env *env)
-
- /************************ runtime PM support ***************************/
-
--static int pcmcia_dev_suspend(struct device *dev, pm_message_t state);
-+static int pcmcia_dev_suspend(struct device *dev);
- static int pcmcia_dev_resume(struct device *dev);
-
- static int runtime_suspend(struct device *dev)
-@@ -985,7 +985,7 @@ static int runtime_suspend(struct device *dev)
- int rc;
-
- device_lock(dev);
-- rc = pcmcia_dev_suspend(dev, PMSG_SUSPEND);
-+ rc = pcmcia_dev_suspend(dev);
- device_unlock(dev);
- return rc;
- }
-@@ -1135,7 +1135,7 @@ ATTRIBUTE_GROUPS(pcmcia_dev);
-
- /* PM support, also needed for reset */
-
--static int pcmcia_dev_suspend(struct device *dev, pm_message_t state)
-+static int pcmcia_dev_suspend(struct device *dev)
- {
- struct pcmcia_device *p_dev = to_pcmcia_dev(dev);
- struct pcmcia_driver *p_drv = NULL;
-@@ -1410,6 +1410,9 @@ static struct class_interface pcmcia_bus_interface __refdata = {
- .remove_dev = &pcmcia_bus_remove_socket,
- };
-
-+static const struct dev_pm_ops pcmcia_bus_pm_ops = {
-+ SET_SYSTEM_SLEEP_PM_OPS(pcmcia_dev_suspend, pcmcia_dev_resume)
-+};
-
- struct bus_type pcmcia_bus_type = {
- .name = "pcmcia",
-@@ -1418,8 +1421,7 @@ struct bus_type pcmcia_bus_type = {
- .dev_groups = pcmcia_dev_groups,
- .probe = pcmcia_device_probe,
- .remove = pcmcia_device_remove,
-- .suspend = pcmcia_dev_suspend,
-- .resume = pcmcia_dev_resume,
-+ .pm = &pcmcia_bus_pm_ops,
- };
-
-
-diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c
-index 140436a..5824045 100644
---- a/drivers/perf/arm_pmu.c
-+++ b/drivers/perf/arm_pmu.c
-@@ -921,6 +921,7 @@ static int of_pmu_irq_cfg(struct arm_pmu *pmu)
- if (i > 0 && spi != using_spi) {
- pr_err("PPI/SPI IRQ type mismatch for %s!\n",
- dn->name);
-+ of_node_put(dn);
- kfree(irqs);
- return -EINVAL;
- }
-diff --git a/drivers/pinctrl/uniphier/pinctrl-uniphier-core.c b/drivers/pinctrl/uniphier/pinctrl-uniphier-core.c
-index 9674009..5d08de0 100644
---- a/drivers/pinctrl/uniphier/pinctrl-uniphier-core.c
-+++ b/drivers/pinctrl/uniphier/pinctrl-uniphier-core.c
-@@ -73,6 +73,12 @@ static void uniphier_pctl_pin_dbg_show(struct pinctrl_dev *pctldev,
- case UNIPHIER_PIN_PULL_DOWN:
- pull_dir = "DOWN";
- break;
-+ case UNIPHIER_PIN_PULL_UP_FIXED:
-+ pull_dir = "UP(FIXED)";
-+ break;
-+ case UNIPHIER_PIN_PULL_DOWN_FIXED:
-+ pull_dir = "DOWN(FIXED)";
-+ break;
- case UNIPHIER_PIN_PULL_NONE:
- pull_dir = "NONE";
- break;
-diff --git a/drivers/regulator/pwm-regulator.c b/drivers/regulator/pwm-regulator.c
-index fafa348..36e0c93 100644
---- a/drivers/regulator/pwm-regulator.c
-+++ b/drivers/regulator/pwm-regulator.c
-@@ -132,6 +132,7 @@ static int pwm_regulator_set_voltage(struct regulator_dev *rdev,
- unsigned int duty_pulse;
- u64 req_period;
- u32 rem;
-+ int old_uV = pwm_regulator_get_voltage(rdev);
- int ret;
-
- pwm_get_args(drvdata->pwm, &pargs);
-@@ -166,8 +167,12 @@ static int pwm_regulator_set_voltage(struct regulator_dev *rdev,
- }
- drvdata->volt_uV = min_uV;
-
-- /* Delay required by PWM regulator to settle to the new voltage */
-- usleep_range(ramp_delay, ramp_delay + 1000);
-+ if ((ramp_delay == 0) || !pwm_regulator_is_enabled(rdev))
-+ return 0;
-+
-+ /* Ramp delay is in uV/uS. Adjust to uS and delay */
-+ ramp_delay = DIV_ROUND_UP(abs(min_uV - old_uV), ramp_delay);
-+ usleep_range(ramp_delay, ramp_delay + DIV_ROUND_UP(ramp_delay, 10));
-
- return 0;
- }
-diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
-index 6c7fe477..891ae44 100644
---- a/drivers/regulator/qcom_smd-regulator.c
-+++ b/drivers/regulator/qcom_smd-regulator.c
-@@ -178,20 +178,21 @@ static const struct regulator_desc pma8084_hfsmps = {
- static const struct regulator_desc pma8084_ftsmps = {
- .linear_ranges = (struct regulator_linear_range[]) {
- REGULATOR_LINEAR_RANGE(350000, 0, 184, 5000),
-- REGULATOR_LINEAR_RANGE(700000, 185, 339, 10000),
-+ REGULATOR_LINEAR_RANGE(1280000, 185, 261, 10000),
- },
- .n_linear_ranges = 2,
-- .n_voltages = 340,
-+ .n_voltages = 262,
- .ops = &rpm_smps_ldo_ops,
- };
-
- static const struct regulator_desc pma8084_pldo = {
- .linear_ranges = (struct regulator_linear_range[]) {
-- REGULATOR_LINEAR_RANGE(750000, 0, 30, 25000),
-- REGULATOR_LINEAR_RANGE(1500000, 31, 99, 50000),
-+ REGULATOR_LINEAR_RANGE( 750000, 0, 63, 12500),
-+ REGULATOR_LINEAR_RANGE(1550000, 64, 126, 25000),
-+ REGULATOR_LINEAR_RANGE(3100000, 127, 163, 50000),
- },
-- .n_linear_ranges = 2,
-- .n_voltages = 100,
-+ .n_linear_ranges = 3,
-+ .n_voltages = 164,
- .ops = &rpm_smps_ldo_ops,
- };
-
-@@ -221,29 +222,30 @@ static const struct regulator_desc pm8x41_hfsmps = {
- static const struct regulator_desc pm8841_ftsmps = {
- .linear_ranges = (struct regulator_linear_range[]) {
- REGULATOR_LINEAR_RANGE(350000, 0, 184, 5000),
-- REGULATOR_LINEAR_RANGE(700000, 185, 339, 10000),
-+ REGULATOR_LINEAR_RANGE(1280000, 185, 261, 10000),
- },
- .n_linear_ranges = 2,
-- .n_voltages = 340,
-+ .n_voltages = 262,
- .ops = &rpm_smps_ldo_ops,
- };
-
- static const struct regulator_desc pm8941_boost = {
- .linear_ranges = (struct regulator_linear_range[]) {
-- REGULATOR_LINEAR_RANGE(4000000, 0, 15, 100000),
-+ REGULATOR_LINEAR_RANGE(4000000, 0, 30, 50000),
- },
- .n_linear_ranges = 1,
-- .n_voltages = 16,
-+ .n_voltages = 31,
- .ops = &rpm_smps_ldo_ops,
- };
-
- static const struct regulator_desc pm8941_pldo = {
- .linear_ranges = (struct regulator_linear_range[]) {
-- REGULATOR_LINEAR_RANGE( 750000, 0, 30, 25000),
-- REGULATOR_LINEAR_RANGE(1500000, 31, 99, 50000),
-+ REGULATOR_LINEAR_RANGE( 750000, 0, 63, 12500),
-+ REGULATOR_LINEAR_RANGE(1550000, 64, 126, 25000),
-+ REGULATOR_LINEAR_RANGE(3100000, 127, 163, 50000),
- },
-- .n_linear_ranges = 2,
-- .n_voltages = 100,
-+ .n_linear_ranges = 3,
-+ .n_voltages = 164,
- .ops = &rpm_smps_ldo_ops,
- };
-
-diff --git a/drivers/regulator/qcom_spmi-regulator.c b/drivers/regulator/qcom_spmi-regulator.c
-index 84cce21..16c5f84 100644
---- a/drivers/regulator/qcom_spmi-regulator.c
-+++ b/drivers/regulator/qcom_spmi-regulator.c
-@@ -1085,6 +1085,8 @@ static struct regulator_ops spmi_vs_ops = {
- .set_pull_down = spmi_regulator_common_set_pull_down,
- .set_soft_start = spmi_regulator_common_set_soft_start,
- .set_over_current_protection = spmi_regulator_vs_ocp,
-+ .set_mode = spmi_regulator_common_set_mode,
-+ .get_mode = spmi_regulator_common_get_mode,
- };
-
- static struct regulator_ops spmi_boost_ops = {
-@@ -1496,6 +1498,7 @@ static const struct spmi_regulator_data pm8941_regulators[] = {
- { "s1", 0x1400, "vdd_s1", },
- { "s2", 0x1700, "vdd_s2", },
- { "s3", 0x1a00, "vdd_s3", },
-+ { "s4", 0xa000, },
- { "l1", 0x4000, "vdd_l1_l3", },
- { "l2", 0x4100, "vdd_l2_lvs_1_2_3", },
- { "l3", 0x4200, "vdd_l1_l3", },
-@@ -1523,8 +1526,8 @@ static const struct spmi_regulator_data pm8941_regulators[] = {
- { "lvs1", 0x8000, "vdd_l2_lvs_1_2_3", },
- { "lvs2", 0x8100, "vdd_l2_lvs_1_2_3", },
- { "lvs3", 0x8200, "vdd_l2_lvs_1_2_3", },
-- { "mvs1", 0x8300, "vin_5vs", },
-- { "mvs2", 0x8400, "vin_5vs", },
-+ { "5vs1", 0x8300, "vin_5vs", "ocp-5vs1", },
-+ { "5vs2", 0x8400, "vin_5vs", "ocp-5vs2", },
- { }
- };
-
-diff --git a/drivers/scsi/fnic/fnic_fcs.c b/drivers/scsi/fnic/fnic_fcs.c
-index 67669a9..f3a3331 100644
---- a/drivers/scsi/fnic/fnic_fcs.c
-+++ b/drivers/scsi/fnic/fnic_fcs.c
-@@ -954,8 +954,8 @@ int fnic_alloc_rq_frame(struct vnic_rq *rq)
- skb_put(skb, len);
- pa = pci_map_single(fnic->pdev, skb->data, len, PCI_DMA_FROMDEVICE);
-
-- r = pci_dma_mapping_error(fnic->pdev, pa);
-- if (r) {
-+ if (pci_dma_mapping_error(fnic->pdev, pa)) {
-+ r = -ENOMEM;
- printk(KERN_ERR "PCI mapping failed with error %d\n", r);
- goto free_skb;
- }
-@@ -1093,8 +1093,8 @@ static int fnic_send_frame(struct fnic *fnic, struct fc_frame *fp)
-
- pa = pci_map_single(fnic->pdev, eth_hdr, tot_len, PCI_DMA_TODEVICE);
-
-- ret = pci_dma_mapping_error(fnic->pdev, pa);
-- if (ret) {
-+ if (pci_dma_mapping_error(fnic->pdev, pa)) {
-+ ret = -ENOMEM;
- printk(KERN_ERR "DMA map failed with error %d\n", ret);
- goto free_skb_on_err;
- }
-diff --git a/drivers/scsi/qla2xxx/qla_fw.h b/drivers/scsi/qla2xxx/qla_fw.h
-index 4c0f3a7..8a2368b 100644
---- a/drivers/scsi/qla2xxx/qla_fw.h
-+++ b/drivers/scsi/qla2xxx/qla_fw.h
-@@ -1288,7 +1288,7 @@ struct vp_rpt_id_entry_24xx {
-
- uint8_t vp_idx_map[16];
-
-- uint8_t reserved_4[28];
-+ uint8_t reserved_4[24];
- uint16_t bbcr;
- uint8_t reserved_5[6];
- };
-diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
-index 53ef1cb..1d82053 100644
---- a/drivers/scsi/ses.c
-+++ b/drivers/scsi/ses.c
-@@ -587,7 +587,7 @@ static void ses_match_to_enclosure(struct enclosure_device *edev,
-
- ses_enclosure_data_process(edev, to_scsi_device(edev->edev.parent), 0);
-
-- if (is_sas_attached(sdev))
-+ if (scsi_is_sas_rphy(&sdev->sdev_gendev))
- efd.addr = sas_get_address(sdev);
-
- if (efd.addr) {
-diff --git a/drivers/spi/spi-sh-msiof.c b/drivers/spi/spi-sh-msiof.c
-index a7934ab..d22de4c 100644
---- a/drivers/spi/spi-sh-msiof.c
-+++ b/drivers/spi/spi-sh-msiof.c
-@@ -263,6 +263,9 @@ static void sh_msiof_spi_set_clk_regs(struct sh_msiof_spi_priv *p,
-
- for (k = 0; k < ARRAY_SIZE(sh_msiof_spi_div_table); k++) {
- brps = DIV_ROUND_UP(div, sh_msiof_spi_div_table[k].div);
-+ /* SCR_BRDV_DIV_1 is valid only if BRPS is x 1/1 or x 1/2 */
-+ if (sh_msiof_spi_div_table[k].div == 1 && brps > 2)
-+ continue;
- if (brps <= 32) /* max of brdv is 32 */
- break;
- }
-diff --git a/drivers/staging/comedi/drivers/adv_pci1760.c b/drivers/staging/comedi/drivers/adv_pci1760.c
-index d7dd1e5..9f525ff 100644
---- a/drivers/staging/comedi/drivers/adv_pci1760.c
-+++ b/drivers/staging/comedi/drivers/adv_pci1760.c
-@@ -196,6 +196,7 @@ static int pci1760_pwm_ns_to_div(unsigned int flags, unsigned int ns)
- break;
- case CMDF_ROUND_DOWN:
- divisor = ns / PCI1760_PWM_TIMEBASE;
-+ break;
- default:
- return -EINVAL;
- }
-diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
-index 0c1a77c..4c281df 100644
---- a/drivers/staging/fbtft/fbtft-core.c
-+++ b/drivers/staging/fbtft/fbtft-core.c
-@@ -391,11 +391,11 @@ static void fbtft_update_display(struct fbtft_par *par, unsigned start_line,
-
- if (unlikely(timeit)) {
- ts_end = ktime_get();
-- if (ktime_to_ns(par->update_time))
-+ if (!ktime_to_ns(par->update_time))
- par->update_time = ts_start;
-
-- par->update_time = ts_start;
- fps = ktime_us_delta(ts_start, par->update_time);
-+ par->update_time = ts_start;
- fps = fps ? 1000000 / fps : 0;
-
- throughput = ktime_us_delta(ts_end, ts_start);
-diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c
-index 917a55c..ffe9f88 100644
---- a/drivers/usb/class/usbtmc.c
-+++ b/drivers/usb/class/usbtmc.c
-@@ -141,6 +141,7 @@ static void usbtmc_delete(struct kref *kref)
- struct usbtmc_device_data *data = to_usbtmc_data(kref);
-
- usb_put_dev(data->usb_dev);
-+ kfree(data);
- }
-
- static int usbtmc_open(struct inode *inode, struct file *filp)
-@@ -1379,7 +1380,7 @@ static int usbtmc_probe(struct usb_interface *intf,
-
- dev_dbg(&intf->dev, "%s called\n", __func__);
-
-- data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
-+ data = kmalloc(sizeof(*data), GFP_KERNEL);
- if (!data)
- return -ENOMEM;
-
-diff --git a/drivers/usb/gadget/udc/fsl_qe_udc.c b/drivers/usb/gadget/udc/fsl_qe_udc.c
-index cf8819a..8bb011e 100644
---- a/drivers/usb/gadget/udc/fsl_qe_udc.c
-+++ b/drivers/usb/gadget/udc/fsl_qe_udc.c
-@@ -1878,11 +1878,8 @@ static int qe_get_frame(struct usb_gadget *gadget)
-
- tmp = in_be16(&udc->usb_param->frame_n);
- if (tmp & 0x8000)
-- tmp = tmp & 0x07ff;
-- else
-- tmp = -EINVAL;
--
-- return (int)tmp;
-+ return tmp & 0x07ff;
-+ return -EINVAL;
- }
-
- static int fsl_qe_start(struct usb_gadget *gadget,
-diff --git a/drivers/usb/misc/legousbtower.c b/drivers/usb/misc/legousbtower.c
-index 7771be3..4dd531a 100644
---- a/drivers/usb/misc/legousbtower.c
-+++ b/drivers/usb/misc/legousbtower.c
-@@ -898,24 +898,6 @@ static int tower_probe (struct usb_interface *interface, const struct usb_device
- dev->interrupt_in_interval = interrupt_in_interval ? interrupt_in_interval : dev->interrupt_in_endpoint->bInterval;
- dev->interrupt_out_interval = interrupt_out_interval ? interrupt_out_interval : dev->interrupt_out_endpoint->bInterval;
-
-- /* we can register the device now, as it is ready */
-- usb_set_intfdata (interface, dev);
--
-- retval = usb_register_dev (interface, &tower_class);
--
-- if (retval) {
-- /* something prevented us from registering this driver */
-- dev_err(idev, "Not able to get a minor for this device.\n");
-- usb_set_intfdata (interface, NULL);
-- goto error;
-- }
-- dev->minor = interface->minor;
--
-- /* let the user know what node this device is now attached to */
-- dev_info(&interface->dev, "LEGO USB Tower #%d now attached to major "
-- "%d minor %d\n", (dev->minor - LEGO_USB_TOWER_MINOR_BASE),
-- USB_MAJOR, dev->minor);
--
- /* get the firmware version and log it */
- result = usb_control_msg (udev,
- usb_rcvctrlpipe(udev, 0),
-@@ -936,6 +918,23 @@ static int tower_probe (struct usb_interface *interface, const struct usb_device
- get_version_reply.minor,
- le16_to_cpu(get_version_reply.build_no));
-
-+ /* we can register the device now, as it is ready */
-+ usb_set_intfdata (interface, dev);
-+
-+ retval = usb_register_dev (interface, &tower_class);
-+
-+ if (retval) {
-+ /* something prevented us from registering this driver */
-+ dev_err(idev, "Not able to get a minor for this device.\n");
-+ usb_set_intfdata (interface, NULL);
-+ goto error;
-+ }
-+ dev->minor = interface->minor;
-+
-+ /* let the user know what node this device is now attached to */
-+ dev_info(&interface->dev, "LEGO USB Tower #%d now attached to major "
-+ "%d minor %d\n", (dev->minor - LEGO_USB_TOWER_MINOR_BASE),
-+ USB_MAJOR, dev->minor);
-
- exit:
- return retval;
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index 96a7078..7e91ee2 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -118,6 +118,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x10C4, 0x8411) }, /* Kyocera GPS Module */
- { USB_DEVICE(0x10C4, 0x8418) }, /* IRZ Automation Teleport SG-10 GSM/GPRS Modem */
- { USB_DEVICE(0x10C4, 0x846E) }, /* BEI USB Sensor Interface (VCP) */
-+ { USB_DEVICE(0x10C4, 0x8470) }, /* Juniper Networks BX Series System Console */
- { USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */
- { USB_DEVICE(0x10C4, 0x84B6) }, /* Starizona Hyperion */
- { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */
-diff --git a/drivers/usb/usbip/vudc_rx.c b/drivers/usb/usbip/vudc_rx.c
-index 344bd94..e429b59 100644
---- a/drivers/usb/usbip/vudc_rx.c
-+++ b/drivers/usb/usbip/vudc_rx.c
-@@ -142,7 +142,7 @@ static int v_recv_cmd_submit(struct vudc *udc,
- urb_p->urb->status = -EINPROGRESS;
-
- /* FIXME: more pipe setup to please usbip_common */
-- urb_p->urb->pipe &= ~(11 << 30);
-+ urb_p->urb->pipe &= ~(3 << 30);
- switch (urb_p->ep->type) {
- case USB_ENDPOINT_XFER_BULK:
- urb_p->urb->pipe |= (PIPE_BULK << 30);
-diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
-index 3595cff..cff8a65 100644
---- a/drivers/watchdog/watchdog_dev.c
-+++ b/drivers/watchdog/watchdog_dev.c
-@@ -258,10 +258,12 @@ static int watchdog_stop(struct watchdog_device *wdd)
- return -EBUSY;
- }
-
-- if (wdd->ops->stop)
-+ if (wdd->ops->stop) {
-+ clear_bit(WDOG_HW_RUNNING, &wdd->status);
- err = wdd->ops->stop(wdd);
-- else
-+ } else {
- set_bit(WDOG_HW_RUNNING, &wdd->status);
-+ }
-
- if (err == 0) {
- clear_bit(WDOG_ACTIVE, &wdd->status);
-diff --git a/fs/aio.c b/fs/aio.c
-index fb8e45b..4fe81d1 100644
---- a/fs/aio.c
-+++ b/fs/aio.c
-@@ -239,7 +239,12 @@ static struct dentry *aio_mount(struct file_system_type *fs_type,
- static const struct dentry_operations ops = {
- .d_dname = simple_dname,
- };
-- return mount_pseudo(fs_type, "aio:", NULL, &ops, AIO_RING_MAGIC);
-+ struct dentry *root = mount_pseudo(fs_type, "aio:", NULL, &ops,
-+ AIO_RING_MAGIC);
-+
-+ if (!IS_ERR(root))
-+ root->d_sb->s_iflags |= SB_I_NOEXEC;
-+ return root;
- }
-
- /* aio_setup
-diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 6e0fedf..cf22f1e 100644
---- a/fs/ceph/dir.c
-+++ b/fs/ceph/dir.c
-@@ -597,7 +597,7 @@ static bool need_reset_readdir(struct ceph_file_info *fi, loff_t new_pos)
- if (is_hash_order(new_pos)) {
- /* no need to reset last_name for a forward seek when
- * dentries are sotred in hash order */
-- } else if (fi->frag |= fpos_frag(new_pos)) {
-+ } else if (fi->frag != fpos_frag(new_pos)) {
- return true;
- }
- rinfo = fi->last_readdir ? &fi->last_readdir->r_reply_info : NULL;
-diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index d81f96a..656f68f 100644
---- a/fs/nfs/callback_xdr.c
-+++ b/fs/nfs/callback_xdr.c
-@@ -925,7 +925,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
- if (hdr_arg.minorversion == 0) {
- cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident);
- if (!cps.clp || !check_gss_callback_principal(cps.clp, rqstp))
-- return rpc_drop_reply;
-+ goto out_invalidcred;
- }
-
- cps.minorversion = hdr_arg.minorversion;
-@@ -953,6 +953,10 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
- nfs_put_client(cps.clp);
- dprintk("%s: done, status = %u\n", __func__, ntohl(status));
- return rpc_success;
-+
-+out_invalidcred:
-+ pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n");
-+ return rpc_autherr_badcred;
- }
-
- /*
-diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
-index aa59757..b4c1407 100644
---- a/fs/nfs/filelayout/filelayout.c
-+++ b/fs/nfs/filelayout/filelayout.c
-@@ -375,8 +375,7 @@ static int filelayout_commit_done_cb(struct rpc_task *task,
- return -EAGAIN;
- }
-
-- if (data->verf.committed == NFS_UNSTABLE)
-- pnfs_set_layoutcommit(data->inode, data->lseg, data->lwb);
-+ pnfs_set_layoutcommit(data->inode, data->lseg, data->lwb);
-
- return 0;
- }
-diff --git a/fs/nfs/flexfilelayout/flexfilelayout.c b/fs/nfs/flexfilelayout/flexfilelayout.c
-index 6da14ae..1c15966 100644
---- a/fs/nfs/flexfilelayout/flexfilelayout.c
-+++ b/fs/nfs/flexfilelayout/flexfilelayout.c
-@@ -37,6 +37,7 @@ ff_layout_alloc_layout_hdr(struct inode *inode, gfp_t gfp_flags)
- if (ffl) {
- INIT_LIST_HEAD(&ffl->error_list);
- INIT_LIST_HEAD(&ffl->mirrors);
-+ ffl->last_report_time = ktime_get();
- return &ffl->generic_hdr;
- } else
- return NULL;
-@@ -640,19 +641,18 @@ nfs4_ff_layoutstat_start_io(struct nfs4_ff_layout_mirror *mirror,
- {
- static const ktime_t notime = {0};
- s64 report_interval = FF_LAYOUTSTATS_REPORT_INTERVAL;
-+ struct nfs4_flexfile_layout *ffl = FF_LAYOUT_FROM_HDR(mirror->layout);
-
- nfs4_ff_start_busy_timer(&layoutstat->busy_timer, now);
- if (ktime_equal(mirror->start_time, notime))
- mirror->start_time = now;
-- if (ktime_equal(mirror->last_report_time, notime))
-- mirror->last_report_time = now;
- if (mirror->report_interval != 0)
- report_interval = (s64)mirror->report_interval * 1000LL;
- else if (layoutstats_timer != 0)
- report_interval = (s64)layoutstats_timer * 1000LL;
-- if (ktime_to_ms(ktime_sub(now, mirror->last_report_time)) >=
-+ if (ktime_to_ms(ktime_sub(now, ffl->last_report_time)) >=
- report_interval) {
-- mirror->last_report_time = now;
-+ ffl->last_report_time = now;
- return true;
- }
-
-@@ -1529,8 +1529,7 @@ static int ff_layout_commit_done_cb(struct rpc_task *task,
- return -EAGAIN;
- }
-
-- if (data->verf.committed == NFS_UNSTABLE
-- && ff_layout_need_layoutcommit(data->lseg))
-+ if (ff_layout_need_layoutcommit(data->lseg))
- pnfs_set_layoutcommit(data->inode, data->lseg, data->lwb);
-
- return 0;
-diff --git a/fs/nfs/flexfilelayout/flexfilelayout.h b/fs/nfs/flexfilelayout/flexfilelayout.h
-index 1bcdb15..3ee0c9f 100644
---- a/fs/nfs/flexfilelayout/flexfilelayout.h
-+++ b/fs/nfs/flexfilelayout/flexfilelayout.h
-@@ -84,7 +84,6 @@ struct nfs4_ff_layout_mirror {
- struct nfs4_ff_layoutstat read_stat;
- struct nfs4_ff_layoutstat write_stat;
- ktime_t start_time;
-- ktime_t last_report_time;
- u32 report_interval;
- };
-
-@@ -101,6 +100,7 @@ struct nfs4_flexfile_layout {
- struct pnfs_ds_commit_info commit_info;
- struct list_head mirrors;
- struct list_head error_list; /* nfs4_ff_layout_ds_err */
-+ ktime_t last_report_time; /* Layoutstat report times */
- };
-
- static inline struct nfs4_flexfile_layout *
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index e2320c6..00fd0c7 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -4393,7 +4393,8 @@ static void nfs4_proc_read_setup(struct nfs_pgio_header *hdr,
- struct rpc_message *msg)
- {
- hdr->timestamp = jiffies;
-- hdr->pgio_done_cb = nfs4_read_done_cb;
-+ if (!hdr->pgio_done_cb)
-+ hdr->pgio_done_cb = nfs4_read_done_cb;
- msg->rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_READ];
- nfs4_init_sequence(&hdr->args.seq_args, &hdr->res.seq_res, 0);
- }
-diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
-index 45d6110..ec9ddef 100644
---- a/fs/pstore/inode.c
-+++ b/fs/pstore/inode.c
-@@ -178,7 +178,6 @@ static loff_t pstore_file_llseek(struct file *file, loff_t off, int whence)
- }
-
- static const struct file_operations pstore_file_operations = {
-- .owner = THIS_MODULE,
- .open = pstore_file_open,
- .read = pstore_file_read,
- .llseek = pstore_file_llseek,
-diff --git a/include/linux/can/dev.h b/include/linux/can/dev.h
-index 5261751..5f527094 100644
---- a/include/linux/can/dev.h
-+++ b/include/linux/can/dev.h
-@@ -32,6 +32,7 @@ enum can_mode {
- * CAN common private data
- */
- struct can_priv {
-+ struct net_device *dev;
- struct can_device_stats can_stats;
-
- struct can_bittiming bittiming, data_bittiming;
-@@ -47,7 +48,7 @@ struct can_priv {
- u32 ctrlmode_static; /* static enabled options for driver/hardware */
-
- int restart_ms;
-- struct timer_list restart_timer;
-+ struct delayed_work restart_work;
-
- int (*do_set_bittiming)(struct net_device *dev);
- int (*do_set_data_bittiming)(struct net_device *dev);
-diff --git a/include/linux/nvmem-consumer.h b/include/linux/nvmem-consumer.h
-index 9bb77d3..c2256d7 100644
---- a/include/linux/nvmem-consumer.h
-+++ b/include/linux/nvmem-consumer.h
-@@ -74,7 +74,7 @@ static inline void nvmem_cell_put(struct nvmem_cell *cell)
- {
- }
-
--static inline char *nvmem_cell_read(struct nvmem_cell *cell, size_t *len)
-+static inline void *nvmem_cell_read(struct nvmem_cell *cell, size_t *len)
- {
- return ERR_PTR(-ENOSYS);
- }
-diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
-index d1faa01..b71b258 100644
---- a/include/linux/slub_def.h
-+++ b/include/linux/slub_def.h
-@@ -114,15 +114,17 @@ static inline void sysfs_slab_remove(struct kmem_cache *s)
- void object_err(struct kmem_cache *s, struct page *page,
- u8 *object, char *reason);
-
-+void *fixup_red_left(struct kmem_cache *s, void *p);
-+
- static inline void *nearest_obj(struct kmem_cache *cache, struct page *page,
- void *x) {
- void *object = x - (x - page_address(page)) % cache->size;
- void *last_object = page_address(page) +
- (page->objects - 1) * cache->size;
-- if (unlikely(object > last_object))
-- return last_object;
-- else
-- return object;
-+ void *result = (unlikely(object > last_object)) ? last_object : object;
-+
-+ result = fixup_red_left(cache, result);
-+ return result;
- }
-
- #endif /* _LINUX_SLUB_DEF_H */
-diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
-index fa7bc29..ef17db6c 100644
---- a/include/linux/sysctl.h
-+++ b/include/linux/sysctl.h
-@@ -41,6 +41,8 @@ extern int proc_dostring(struct ctl_table *, int,
- void __user *, size_t *, loff_t *);
- extern int proc_dointvec(struct ctl_table *, int,
- void __user *, size_t *, loff_t *);
-+extern int proc_douintvec(struct ctl_table *, int,
-+ void __user *, size_t *, loff_t *);
- extern int proc_dointvec_minmax(struct ctl_table *, int,
- void __user *, size_t *, loff_t *);
- extern int proc_dointvec_jiffies(struct ctl_table *, int,
-diff --git a/include/scsi/scsi_transport_sas.h b/include/scsi/scsi_transport_sas.h
-index 13c0b2b..31ae074 100644
---- a/include/scsi/scsi_transport_sas.h
-+++ b/include/scsi/scsi_transport_sas.h
-@@ -15,8 +15,14 @@ static inline int is_sas_attached(struct scsi_device *sdev)
- {
- return 0;
- }
-+
-+static inline int scsi_is_sas_rphy(const struct device *sdev)
-+{
-+ return 0;
-+}
- #else
- extern int is_sas_attached(struct scsi_device *sdev);
-+extern int scsi_is_sas_rphy(const struct device *);
- #endif
-
- static inline int sas_protocol_ata(enum sas_protocol proto)
-@@ -202,7 +208,6 @@ extern int sas_rphy_add(struct sas_rphy *);
- extern void sas_rphy_remove(struct sas_rphy *);
- extern void sas_rphy_delete(struct sas_rphy *);
- extern void sas_rphy_unlink(struct sas_rphy *);
--extern int scsi_is_sas_rphy(const struct device *);
-
- struct sas_port *sas_port_alloc(struct device *, int);
- struct sas_port *sas_port_alloc_num(struct device *);
-diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 129a7ca..b1e0cbb 100644
---- a/kernel/cgroup.c
-+++ b/kernel/cgroup.c
-@@ -3452,9 +3452,28 @@ static ssize_t cgroup_subtree_control_write(struct kernfs_open_file *of,
- * Except for the root, subtree_control must be zero for a cgroup
- * with tasks so that child cgroups don't compete against tasks.
- */
-- if (enable && cgroup_parent(cgrp) && !list_empty(&cgrp->cset_links)) {
-- ret = -EBUSY;
-- goto out_unlock;
-+ if (enable && cgroup_parent(cgrp)) {
-+ struct cgrp_cset_link *link;
-+
-+ /*
-+ * Because namespaces pin csets too, @cgrp->cset_links
-+ * might not be empty even when @cgrp is empty. Walk and
-+ * verify each cset.
-+ */
-+ spin_lock_irq(&css_set_lock);
-+
-+ ret = 0;
-+ list_for_each_entry(link, &cgrp->cset_links, cset_link) {
-+ if (css_set_populated(link->cset)) {
-+ ret = -EBUSY;
-+ break;
-+ }
-+ }
-+
-+ spin_unlock_irq(&css_set_lock);
-+
-+ if (ret)
-+ goto out_unlock;
- }
-
- /* save and update control masks and prepare csses */
-@@ -3905,7 +3924,9 @@ void cgroup_file_notify(struct cgroup_file *cfile)
- * cgroup_task_count - count the number of tasks in a cgroup.
- * @cgrp: the cgroup in question
- *
-- * Return the number of tasks in the cgroup.
-+ * Return the number of tasks in the cgroup. The returned number can be
-+ * higher than the actual number of tasks due to css_set references from
-+ * namespace roots and temporary usages.
- */
- static int cgroup_task_count(const struct cgroup *cgrp)
- {
-diff --git a/kernel/cpuset.c b/kernel/cpuset.c
-index 40b6ed5..8cee962 100644
---- a/kernel/cpuset.c
-+++ b/kernel/cpuset.c
-@@ -325,8 +325,7 @@ static struct file_system_type cpuset_fs_type = {
- /*
- * Return in pmask the portion of a cpusets's cpus_allowed that
- * are online. If none are online, walk up the cpuset hierarchy
-- * until we find one that does have some online cpus. The top
-- * cpuset always has some cpus online.
-+ * until we find one that does have some online cpus.
- *
- * One way or another, we guarantee to return some non-empty subset
- * of cpu_online_mask.
-@@ -335,8 +334,20 @@ static struct file_system_type cpuset_fs_type = {
- */
- static void guarantee_online_cpus(struct cpuset *cs, struct cpumask *pmask)
- {
-- while (!cpumask_intersects(cs->effective_cpus, cpu_online_mask))
-+ while (!cpumask_intersects(cs->effective_cpus, cpu_online_mask)) {
- cs = parent_cs(cs);
-+ if (unlikely(!cs)) {
-+ /*
-+ * The top cpuset doesn't have any online cpu as a
-+ * consequence of a race between cpuset_hotplug_work
-+ * and cpu hotplug notifier. But we know the top
-+ * cpuset's effective_cpus is on its way to to be
-+ * identical to cpu_online_mask.
-+ */
-+ cpumask_copy(pmask, cpu_online_mask);
-+ return;
-+ }
-+ }
- cpumask_and(pmask, cs->effective_cpus, cpu_online_mask);
- }
-
-diff --git a/kernel/events/core.c b/kernel/events/core.c
-index e68c0a7..31c1520 100644
---- a/kernel/events/core.c
-+++ b/kernel/events/core.c
-@@ -6064,7 +6064,7 @@ static int __perf_pmu_output_stop(void *info)
- {
- struct perf_event *event = info;
- struct pmu *pmu = event->pmu;
-- struct perf_cpu_context *cpuctx = get_cpu_ptr(pmu->pmu_cpu_context);
-+ struct perf_cpu_context *cpuctx = this_cpu_ptr(pmu->pmu_cpu_context);
- struct remote_output ro = {
- .rb = event->rb,
- };
-diff --git a/kernel/fork.c b/kernel/fork.c
-index 74fd390..d6404ed 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -938,14 +938,12 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
- deactivate_mm(tsk, mm);
-
- /*
-- * If we're exiting normally, clear a user-space tid field if
-- * requested. We leave this alone when dying by signal, to leave
-- * the value intact in a core dump, and to save the unnecessary
-- * trouble, say, a killed vfork parent shouldn't touch this mm.
-- * Userland only wants this done for a sys_exit.
-+ * Signal userspace if we're not exiting with a core dump
-+ * because we want to leave the value intact for debugging
-+ * purposes.
- */
- if (tsk->clear_child_tid) {
-- if (!(tsk->flags & PF_SIGNALED) &&
-+ if (!(tsk->signal->flags & SIGNAL_GROUP_COREDUMP) &&
- atomic_read(&mm->mm_users) > 1) {
- /*
- * We don't check the error code - if userspace has
-diff --git a/kernel/printk/braille.c b/kernel/printk/braille.c
-index 276762f..d5760c4 100644
---- a/kernel/printk/braille.c
-+++ b/kernel/printk/braille.c
-@@ -9,10 +9,10 @@
-
- char *_braille_console_setup(char **str, char **brl_options)
- {
-- if (!memcmp(*str, "brl,", 4)) {
-+ if (!strncmp(*str, "brl,", 4)) {
- *brl_options = "";
- *str += 4;
-- } else if (!memcmp(str, "brl=", 4)) {
-+ } else if (!strncmp(*str, "brl=", 4)) {
- *brl_options = *str + 4;
- *str = strchr(*brl_options, ',');
- if (!*str)
-diff --git a/kernel/rcu/rcuperf.c b/kernel/rcu/rcuperf.c
-index 3cee0d8..8ce4eec 100644
---- a/kernel/rcu/rcuperf.c
-+++ b/kernel/rcu/rcuperf.c
-@@ -58,7 +58,7 @@ MODULE_AUTHOR("Paul E. McKenney <paulmck@linux.vnet.ibm.com>");
- #define VERBOSE_PERFOUT_ERRSTRING(s) \
- do { if (verbose) pr_alert("%s" PERF_FLAG "!!! %s\n", perf_type, s); } while (0)
-
--torture_param(bool, gp_exp, true, "Use expedited GP wait primitives");
-+torture_param(bool, gp_exp, false, "Use expedited GP wait primitives");
- torture_param(int, holdoff, 10, "Holdoff time before test start (s)");
- torture_param(int, nreaders, -1, "Number of RCU reader threads");
- torture_param(int, nwriters, -1, "Number of RCU updater threads");
-@@ -363,8 +363,6 @@ rcu_perf_writer(void *arg)
- u64 *wdpp = writer_durations[me];
-
- VERBOSE_PERFOUT_STRING("rcu_perf_writer task started");
-- WARN_ON(rcu_gp_is_expedited() && !rcu_gp_is_normal() && !gp_exp);
-- WARN_ON(rcu_gp_is_normal() && gp_exp);
- WARN_ON(!wdpp);
- set_cpus_allowed_ptr(current, cpumask_of(me % nr_cpu_ids));
- sp.sched_priority = 1;
-@@ -631,6 +629,16 @@ rcu_perf_init(void)
- firsterr = -ENOMEM;
- goto unwind;
- }
-+ if (rcu_gp_is_expedited() && !rcu_gp_is_normal() && !gp_exp) {
-+ VERBOSE_PERFOUT_ERRSTRING("All grace periods expedited, no normal ones to measure!");
-+ firsterr = -EINVAL;
-+ goto unwind;
-+ }
-+ if (rcu_gp_is_normal() && gp_exp) {
-+ VERBOSE_PERFOUT_ERRSTRING("All grace periods normal, no expedited ones to measure!");
-+ firsterr = -EINVAL;
-+ goto unwind;
-+ }
- for (i = 0; i < nrealwriters; i++) {
- writer_durations[i] =
- kcalloc(MAX_MEAS, sizeof(*writer_durations[i]),
-diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 38eacc3..e1422c1 100644
---- a/kernel/sched/core.c
-+++ b/kernel/sched/core.c
-@@ -7255,7 +7255,6 @@ static void sched_rq_cpu_starting(unsigned int cpu)
- struct rq *rq = cpu_rq(cpu);
-
- rq->calc_load_update = calc_load_update;
-- account_reset_rq(rq);
- update_max_interval();
- }
-
-diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
-index 898c0d2..b4f3edf 100644
---- a/kernel/sched/sched.h
-+++ b/kernel/sched/sched.h
-@@ -1809,16 +1809,3 @@ static inline void cpufreq_trigger_update(u64 time) {}
- #else /* arch_scale_freq_capacity */
- #define arch_scale_freq_invariant() (false)
- #endif
--
--static inline void account_reset_rq(struct rq *rq)
--{
--#ifdef CONFIG_IRQ_TIME_ACCOUNTING
-- rq->prev_irq_time = 0;
--#endif
--#ifdef CONFIG_PARAVIRT
-- rq->prev_steal_time = 0;
--#endif
--#ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING
-- rq->prev_steal_time_rq = 0;
--#endif
--}
-diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 87b2fc3..b58e447 100644
---- a/kernel/sysctl.c
-+++ b/kernel/sysctl.c
-@@ -2122,6 +2122,21 @@ static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
- return 0;
- }
-
-+static int do_proc_douintvec_conv(bool *negp, unsigned long *lvalp,
-+ int *valp,
-+ int write, void *data)
-+{
-+ if (write) {
-+ if (*negp)
-+ return -EINVAL;
-+ *valp = *lvalp;
-+ } else {
-+ unsigned int val = *valp;
-+ *lvalp = (unsigned long)val;
-+ }
-+ return 0;
-+}
-+
- static const char proc_wspace_sep[] = { ' ', '\t', '\n' };
-
- static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
-@@ -2241,8 +2256,27 @@ static int do_proc_dointvec(struct ctl_table *table, int write,
- int proc_dointvec(struct ctl_table *table, int write,
- void __user *buffer, size_t *lenp, loff_t *ppos)
- {
-- return do_proc_dointvec(table,write,buffer,lenp,ppos,
-- NULL,NULL);
-+ return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL);
-+}
-+
-+/**
-+ * proc_douintvec - read a vector of unsigned integers
-+ * @table: the sysctl table
-+ * @write: %TRUE if this is a write to the sysctl file
-+ * @buffer: the user buffer
-+ * @lenp: the size of the user buffer
-+ * @ppos: file position
-+ *
-+ * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer
-+ * values from/to the user buffer, treated as an ASCII string.
-+ *
-+ * Returns 0 on success.
-+ */
-+int proc_douintvec(struct ctl_table *table, int write,
-+ void __user *buffer, size_t *lenp, loff_t *ppos)
-+{
-+ return do_proc_dointvec(table, write, buffer, lenp, ppos,
-+ do_proc_douintvec_conv, NULL);
- }
-
- /*
-@@ -2840,6 +2874,12 @@ int proc_dointvec(struct ctl_table *table, int write,
- return -ENOSYS;
- }
-
-+int proc_douintvec(struct ctl_table *table, int write,
-+ void __user *buffer, size_t *lenp, loff_t *ppos)
-+{
-+ return -ENOSYS;
-+}
-+
- int proc_dointvec_minmax(struct ctl_table *table, int write,
- void __user *buffer, size_t *lenp, loff_t *ppos)
- {
-@@ -2885,6 +2925,7 @@ int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write,
- * exception granted :-)
- */
- EXPORT_SYMBOL(proc_dointvec);
-+EXPORT_SYMBOL(proc_douintvec);
- EXPORT_SYMBOL(proc_dointvec_jiffies);
- EXPORT_SYMBOL(proc_dointvec_minmax);
- EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
-diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig
-index fafeaf8..f4b86e8 100644
---- a/kernel/trace/Kconfig
-+++ b/kernel/trace/Kconfig
-@@ -542,6 +542,7 @@ config HIST_TRIGGERS
- bool "Histogram triggers"
- depends on ARCH_HAVE_NMI_SAFE_CMPXCHG
- select TRACING_MAP
-+ select TRACING
- default n
- help
- Hist triggers allow one or more arbitrary trace event fields
-diff --git a/lib/test_hash.c b/lib/test_hash.c
-index c9549c8..a06ac37 100644
---- a/lib/test_hash.c
-+++ b/lib/test_hash.c
-@@ -143,7 +143,7 @@ static int __init
- test_hash_init(void)
- {
- char buf[SIZE+1];
-- u32 string_or = 0, hash_or[2][33] = { 0 };
-+ u32 string_or = 0, hash_or[2][33] = { { 0, } };
- unsigned tests = 0;
- unsigned long long h64 = 0;
- int i, j;
-@@ -219,21 +219,27 @@ test_hash_init(void)
- }
-
- /* Issue notices about skipped tests. */
--#ifndef HAVE_ARCH__HASH_32
-- pr_info("__hash_32() has no arch implementation to test.");
--#elif HAVE_ARCH__HASH_32 != 1
-+#ifdef HAVE_ARCH__HASH_32
-+#if HAVE_ARCH__HASH_32 != 1
- pr_info("__hash_32() is arch-specific; not compared to generic.");
- #endif
--#ifndef HAVE_ARCH_HASH_32
-- pr_info("hash_32() has no arch implementation to test.");
--#elif HAVE_ARCH_HASH_32 != 1
-+#else
-+ pr_info("__hash_32() has no arch implementation to test.");
-+#endif
-+#ifdef HAVE_ARCH_HASH_32
-+#if HAVE_ARCH_HASH_32 != 1
- pr_info("hash_32() is arch-specific; not compared to generic.");
- #endif
--#ifndef HAVE_ARCH_HASH_64
-- pr_info("hash_64() has no arch implementation to test.");
--#elif HAVE_ARCH_HASH_64 != 1
-+#else
-+ pr_info("hash_32() has no arch implementation to test.");
-+#endif
-+#ifdef HAVE_ARCH_HASH_64
-+#if HAVE_ARCH_HASH_64 != 1
- pr_info("hash_64() is arch-specific; not compared to generic.");
- #endif
-+#else
-+ pr_info("hash_64() has no arch implementation to test.");
-+#endif
-
- pr_notice("%u tests passed.", tests);
-
-diff --git a/mm/ksm.c b/mm/ksm.c
-index 4786b41..443bac3 100644
---- a/mm/ksm.c
-+++ b/mm/ksm.c
-@@ -283,7 +283,8 @@ static inline struct rmap_item *alloc_rmap_item(void)
- {
- struct rmap_item *rmap_item;
-
-- rmap_item = kmem_cache_zalloc(rmap_item_cache, GFP_KERNEL);
-+ rmap_item = kmem_cache_zalloc(rmap_item_cache, GFP_KERNEL |
-+ __GFP_NORETRY | __GFP_NOWARN);
- if (rmap_item)
- ksm_rmap_items++;
- return rmap_item;
-diff --git a/mm/slub.c b/mm/slub.c
-index 7a6d268..b94fb36 100644
---- a/mm/slub.c
-+++ b/mm/slub.c
-@@ -124,7 +124,7 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
- #endif
- }
-
--static inline void *fixup_red_left(struct kmem_cache *s, void *p)
-+inline void *fixup_red_left(struct kmem_cache *s, void *p)
- {
- if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
- p += s->red_left_pad;
-diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
-index df42eb1..63762b3 100644
---- a/net/batman-adv/bat_v_elp.c
-+++ b/net/batman-adv/bat_v_elp.c
-@@ -334,7 +334,7 @@ int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface)
- goto out;
-
- skb_reserve(hard_iface->bat_v.elp_skb, ETH_HLEN + NET_IP_ALIGN);
-- elp_buff = skb_push(hard_iface->bat_v.elp_skb, BATADV_ELP_HLEN);
-+ elp_buff = skb_put(hard_iface->bat_v.elp_skb, BATADV_ELP_HLEN);
- elp_packet = (struct batadv_elp_packet *)elp_buff;
- memset(elp_packet, 0, BATADV_ELP_HLEN);
-
-diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
-index ab8c4f9..1da7bfc 100644
---- a/net/batman-adv/originator.c
-+++ b/net/batman-adv/originator.c
-@@ -251,10 +251,8 @@ static void batadv_neigh_node_release(struct kref *ref)
- struct hlist_node *node_tmp;
- struct batadv_neigh_node *neigh_node;
- struct batadv_neigh_ifinfo *neigh_ifinfo;
-- struct batadv_algo_ops *bao;
-
- neigh_node = container_of(ref, struct batadv_neigh_node, refcount);
-- bao = neigh_node->orig_node->bat_priv->bat_algo_ops;
-
- hlist_for_each_entry_safe(neigh_ifinfo, node_tmp,
- &neigh_node->ifinfo_list, list) {
-@@ -263,9 +261,6 @@ static void batadv_neigh_node_release(struct kref *ref)
-
- batadv_hardif_neigh_put(neigh_node->hardif_neigh);
-
-- if (bao->bat_neigh_free)
-- bao->bat_neigh_free(neigh_node);
--
- batadv_hardif_put(neigh_node->if_incoming);
-
- kfree_rcu(neigh_node, rcu);
-diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
-index bfac086..69d425d 100644
---- a/net/batman-adv/routing.c
-+++ b/net/batman-adv/routing.c
-@@ -456,6 +456,29 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
- }
-
- /**
-+ * batadv_last_bonding_get - Get last_bonding_candidate of orig_node
-+ * @orig_node: originator node whose last bonding candidate should be retrieved
-+ *
-+ * Return: last bonding candidate of router or NULL if not found
-+ *
-+ * The object is returned with refcounter increased by 1.
-+ */
-+static struct batadv_orig_ifinfo *
-+batadv_last_bonding_get(struct batadv_orig_node *orig_node)
-+{
-+ struct batadv_orig_ifinfo *last_bonding_candidate;
-+
-+ spin_lock_bh(&orig_node->neigh_list_lock);
-+ last_bonding_candidate = orig_node->last_bonding_candidate;
-+
-+ if (last_bonding_candidate)
-+ kref_get(&last_bonding_candidate->refcount);
-+ spin_unlock_bh(&orig_node->neigh_list_lock);
-+
-+ return last_bonding_candidate;
-+}
-+
-+/**
- * batadv_last_bonding_replace - Replace last_bonding_candidate of orig_node
- * @orig_node: originator node whose bonding candidates should be replaced
- * @new_candidate: new bonding candidate or NULL
-@@ -525,7 +548,7 @@ batadv_find_router(struct batadv_priv *bat_priv,
- * router - obviously there are no other candidates.
- */
- rcu_read_lock();
-- last_candidate = orig_node->last_bonding_candidate;
-+ last_candidate = batadv_last_bonding_get(orig_node);
- if (last_candidate)
- last_cand_router = rcu_dereference(last_candidate->router);
-
-@@ -617,6 +640,9 @@ next:
- batadv_orig_ifinfo_put(next_candidate);
- }
-
-+ if (last_candidate)
-+ batadv_orig_ifinfo_put(last_candidate);
-+
- return router;
- }
-
-diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index 74d865a..40aed16 100644
---- a/net/batman-adv/types.h
-+++ b/net/batman-adv/types.h
-@@ -1284,8 +1284,6 @@ struct batadv_forw_packet {
- * better than neigh2 for their respective outgoing interface from the metric
- * prospective
- * @bat_neigh_print: print the single hop neighbor list (optional)
-- * @bat_neigh_free: free the resources allocated by the routing algorithm for a
-- * neigh_node object
- * @bat_orig_print: print the originator table (optional)
- * @bat_orig_free: free the resources allocated by the routing algorithm for an
- * orig_node object
-@@ -1316,7 +1314,6 @@ struct batadv_algo_ops {
- struct batadv_neigh_node *neigh2,
- struct batadv_hard_iface *if_outgoing2);
- void (*bat_neigh_print)(struct batadv_priv *priv, struct seq_file *seq);
-- void (*bat_neigh_free)(struct batadv_neigh_node *neigh);
- /* orig_node handling API */
- void (*bat_orig_print)(struct batadv_priv *priv, struct seq_file *seq,
- struct batadv_hard_iface *hard_iface);
-diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index eb4f5f2..106643e 100644
---- a/net/bluetooth/l2cap_core.c
-+++ b/net/bluetooth/l2cap_core.c
-@@ -32,6 +32,7 @@
-
- #include <linux/debugfs.h>
- #include <linux/crc16.h>
-+#include <linux/filter.h>
-
- #include <net/bluetooth/bluetooth.h>
- #include <net/bluetooth/hci_core.h>
-@@ -5835,6 +5836,9 @@ static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
- if (chan->sdu)
- break;
-
-+ if (!pskb_may_pull(skb, L2CAP_SDULEN_SIZE))
-+ break;
-+
- chan->sdu_len = get_unaligned_le16(skb->data);
- skb_pull(skb, L2CAP_SDULEN_SIZE);
-
-@@ -6610,6 +6614,10 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
- goto drop;
- }
-
-+ if ((chan->mode == L2CAP_MODE_ERTM ||
-+ chan->mode == L2CAP_MODE_STREAMING) && sk_filter(chan->data, skb))
-+ goto drop;
-+
- if (!control->sframe) {
- int err;
-
-diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
-index 1842141..a8ba752 100644
---- a/net/bluetooth/l2cap_sock.c
-+++ b/net/bluetooth/l2cap_sock.c
-@@ -1019,7 +1019,7 @@ static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
- goto done;
-
- if (pi->rx_busy_skb) {
-- if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
-+ if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
- pi->rx_busy_skb = NULL;
- else
- goto done;
-@@ -1270,7 +1270,17 @@ static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
- goto done;
- }
-
-- err = sock_queue_rcv_skb(sk, skb);
-+ if (chan->mode != L2CAP_MODE_ERTM &&
-+ chan->mode != L2CAP_MODE_STREAMING) {
-+ /* Even if no filter is attached, we could potentially
-+ * get errors from security modules, etc.
-+ */
-+ err = sk_filter(sk, skb);
-+ if (err)
-+ goto done;
-+ }
-+
-+ err = __sock_queue_rcv_skb(sk, skb);
-
- /* For ERTM, handle one skb that doesn't fit into the recv
- * buffer. This is important to do because the data frames
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index 8bad2ad..5f0ed8c 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -1330,8 +1330,12 @@ out:
- spin_unlock_bh(&txqi->queue.lock);
-
- if (skb && skb_has_frag_list(skb) &&
-- !ieee80211_hw_check(&local->hw, TX_FRAG_LIST))
-- skb_linearize(skb);
-+ !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
-+ if (skb_linearize(skb)) {
-+ ieee80211_free_txskb(&local->hw, skb);
-+ return NULL;
-+ }
-+ }
-
- return skb;
- }
-diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 2808d55..0294ada 100644
---- a/net/sunrpc/clnt.c
-+++ b/net/sunrpc/clnt.c
-@@ -453,7 +453,7 @@ static struct rpc_clnt *rpc_create_xprt(struct rpc_create_args *args,
- struct rpc_xprt_switch *xps;
-
- if (args->bc_xprt && args->bc_xprt->xpt_bc_xps) {
-- WARN_ON(args->protocol != XPRT_TRANSPORT_BC_TCP);
-+ WARN_ON_ONCE(!(args->protocol & XPRT_TRANSPORT_BC));
- xps = args->bc_xprt->xpt_bc_xps;
- xprt_switch_get(xps);
- } else {
-@@ -520,7 +520,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
- char servername[48];
-
- if (args->bc_xprt) {
-- WARN_ON(args->protocol != XPRT_TRANSPORT_BC_TCP);
-+ WARN_ON_ONCE(!(args->protocol & XPRT_TRANSPORT_BC));
- xprt = args->bc_xprt->xpt_bc_xprt;
- if (xprt) {
- xprt_get(xprt);
-diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index cc98528..c5b0cb4 100644
---- a/net/sunrpc/svc.c
-+++ b/net/sunrpc/svc.c
-@@ -1188,11 +1188,17 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
- *statp = procp->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp);
-
- /* Encode reply */
-- if (test_bit(RQ_DROPME, &rqstp->rq_flags)) {
-+ if (*statp == rpc_drop_reply ||
-+ test_bit(RQ_DROPME, &rqstp->rq_flags)) {
- if (procp->pc_release)
- procp->pc_release(rqstp, NULL, rqstp->rq_resp);
- goto dropit;
- }
-+ if (*statp == rpc_autherr_badcred) {
-+ if (procp->pc_release)
-+ procp->pc_release(rqstp, NULL, rqstp->rq_resp);
-+ goto err_bad_auth;
-+ }
- if (*statp == rpc_success &&
- (xdr = procp->pc_encode) &&
- !xdr(rqstp, resv->iov_base+resv->iov_len, rqstp->rq_resp)) {
-diff --git a/net/sunrpc/xprtrdma/fmr_ops.c b/net/sunrpc/xprtrdma/fmr_ops.c
-index 6326ebe..c748ff6 100644
---- a/net/sunrpc/xprtrdma/fmr_ops.c
-+++ b/net/sunrpc/xprtrdma/fmr_ops.c
-@@ -63,9 +63,12 @@ static int
- __fmr_unmap(struct rpcrdma_mw *mw)
- {
- LIST_HEAD(l);
-+ int rc;
-
- list_add(&mw->fmr.fmr->list, &l);
-- return ib_unmap_fmr(&l);
-+ rc = ib_unmap_fmr(&l);
-+ list_del_init(&mw->fmr.fmr->list);
-+ return rc;
- }
-
- /* Deferred reset of a single FMR. Generate a fresh rkey by
-@@ -267,7 +270,7 @@ fmr_op_unmap_sync(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
- seg = &req->rl_segments[i];
- mw = seg->rl_mw;
-
-- list_add(&mw->fmr.fmr->list, &unmap_list);
-+ list_add_tail(&mw->fmr.fmr->list, &unmap_list);
-
- i += seg->mr_nsegs;
- }
-@@ -280,7 +283,9 @@ fmr_op_unmap_sync(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
- */
- for (i = 0, nchunks = req->rl_nchunks; nchunks; nchunks--) {
- seg = &req->rl_segments[i];
-+ mw = seg->rl_mw;
-
-+ list_del_init(&mw->fmr.fmr->list);
- __fmr_dma_unmap(r_xprt, seg);
- rpcrdma_put_mw(r_xprt, seg->rl_mw);
-
-diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
-index 42396a7..a68f031 100644
---- a/scripts/recordmcount.c
-+++ b/scripts/recordmcount.c
-@@ -363,6 +363,7 @@ is_mcounted_section_name(char const *const txtname)
- strcmp(".sched.text", txtname) == 0 ||
- strcmp(".spinlock.text", txtname) == 0 ||
- strcmp(".irqentry.text", txtname) == 0 ||
-+ strcmp(".softirqentry.text", txtname) == 0 ||
- strcmp(".kprobes.text", txtname) == 0 ||
- strcmp(".text.unlikely", txtname) == 0;
- }
-diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl
-index 96e2486..2d48011 100755
---- a/scripts/recordmcount.pl
-+++ b/scripts/recordmcount.pl
-@@ -134,6 +134,7 @@ my %text_sections = (
- ".sched.text" => 1,
- ".spinlock.text" => 1,
- ".irqentry.text" => 1,
-+ ".softirqentry.text" => 1,
- ".kprobes.text" => 1,
- ".text.unlikely" => 1,
- );
-diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
-index 56fefbd..ed62748 100644
---- a/sound/pci/hda/patch_conexant.c
-+++ b/sound/pci/hda/patch_conexant.c
-@@ -261,6 +261,7 @@ enum {
- CXT_FIXUP_HP_530,
- CXT_FIXUP_CAP_MIX_AMP_5047,
- CXT_FIXUP_MUTE_LED_EAPD,
-+ CXT_FIXUP_HP_SPECTRE,
- };
-
- /* for hda_fixup_thinkpad_acpi() */
-@@ -765,6 +766,14 @@ static const struct hda_fixup cxt_fixups[] = {
- .type = HDA_FIXUP_FUNC,
- .v.func = cxt_fixup_mute_led_eapd,
- },
-+ [CXT_FIXUP_HP_SPECTRE] = {
-+ .type = HDA_FIXUP_PINS,
-+ .v.pins = (const struct hda_pintbl[]) {
-+ /* enable NID 0x1d for the speaker on top */
-+ { 0x1d, 0x91170111 },
-+ { }
-+ }
-+ },
- };
-
- static const struct snd_pci_quirk cxt5045_fixups[] = {
-@@ -814,6 +823,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = {
- SND_PCI_QUIRK(0x1025, 0x0543, "Acer Aspire One 522", CXT_FIXUP_STEREO_DMIC),
- SND_PCI_QUIRK(0x1025, 0x054c, "Acer Aspire 3830TG", CXT_FIXUP_ASPIRE_DMIC),
- SND_PCI_QUIRK(0x1025, 0x054f, "Acer Aspire 4830T", CXT_FIXUP_ASPIRE_DMIC),
-+ SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
- SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
- SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO),
- SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410),
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index eaee626..b1fa50a 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -5790,6 +5790,13 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
- {0x14, 0x90170110}, \
- {0x15, 0x0221401f}
-
-+#define ALC295_STANDARD_PINS \
-+ {0x12, 0xb7a60130}, \
-+ {0x14, 0x90170110}, \
-+ {0x17, 0x21014020}, \
-+ {0x18, 0x21a19030}, \
-+ {0x21, 0x04211020}
-+
- #define ALC298_STANDARD_PINS \
- {0x12, 0x90a60130}, \
- {0x21, 0x03211020}
-@@ -5830,6 +5837,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
- {0x14, 0x90170120},
- {0x21, 0x02211030}),
- SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ {0x14, 0x90170110},
-+ {0x1b, 0x02011020},
-+ {0x21, 0x0221101f}),
-+ SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
- {0x14, 0x90170130},
- {0x1b, 0x01014020},
- {0x21, 0x0221103f}),
-@@ -5895,6 +5906,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
- {0x14, 0x90170120},
- {0x21, 0x02211030}),
- SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ {0x12, 0xb7a60130},
-+ {0x14, 0x90170110},
-+ {0x21, 0x02211020}),
-+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC256_STANDARD_PINS),
- SND_HDA_PIN_QUIRK(0x10ec0280, 0x103c, "HP", ALC280_FIXUP_HP_GPIO4,
- {0x12, 0x90a60130},
-@@ -6005,6 +6020,8 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
- SND_HDA_PIN_QUIRK(0x10ec0293, 0x1028, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC292_STANDARD_PINS,
- {0x13, 0x90a60140}),
-+ SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC295_STANDARD_PINS),
- SND_HDA_PIN_QUIRK(0x10ec0298, 0x1028, "Dell", ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
- ALC298_STANDARD_PINS,
- {0x17, 0x90170110}),
-diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c
-index 06d8c26..d5a0327 100644
---- a/sound/soc/intel/skylake/skl.c
-+++ b/sound/soc/intel/skylake/skl.c
-@@ -659,8 +659,10 @@ static int skl_probe(struct pci_dev *pci,
-
- skl->nhlt = skl_nhlt_init(bus->dev);
-
-- if (skl->nhlt == NULL)
-+ if (skl->nhlt == NULL) {
-+ err = -ENODEV;
- goto out_free;
-+ }
-
- skl_nhlt_update_topology_bin(skl);
-
-diff --git a/sound/soc/omap/omap-mcpdm.c b/sound/soc/omap/omap-mcpdm.c
-index b837265..8d0d45d 100644
---- a/sound/soc/omap/omap-mcpdm.c
-+++ b/sound/soc/omap/omap-mcpdm.c
-@@ -390,8 +390,8 @@ static int omap_mcpdm_probe(struct snd_soc_dai *dai)
- pm_runtime_get_sync(mcpdm->dev);
- omap_mcpdm_write(mcpdm, MCPDM_REG_CTRL, 0x00);
-
-- ret = devm_request_irq(mcpdm->dev, mcpdm->irq, omap_mcpdm_irq_handler,
-- 0, "McPDM", (void *)mcpdm);
-+ ret = request_irq(mcpdm->irq, omap_mcpdm_irq_handler, 0, "McPDM",
-+ (void *)mcpdm);
-
- pm_runtime_put_sync(mcpdm->dev);
-
-@@ -416,6 +416,7 @@ static int omap_mcpdm_remove(struct snd_soc_dai *dai)
- {
- struct omap_mcpdm *mcpdm = snd_soc_dai_get_drvdata(dai);
-
-+ free_irq(mcpdm->irq, (void *)mcpdm);
- pm_runtime_disable(mcpdm->dev);
-
- return 0;
diff --git a/4.7.7/0000_README b/4.7.8/0000_README
index 4e38593..de4b64f 100644
--- a/4.7.7/0000_README
+++ b/4.7.8/0000_README
@@ -2,11 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1006_linux-4.7.7.patch
+Patch: 1007_linux-4.7.8.patch
From: http://www.kernel.org
-Desc: Linux 4.7.7
+Desc: Linux 4.7.8
-Patch: 4420_grsecurity-3.1-4.7.7-201610101902.patch
+Patch: 4420_grsecurity-3.1-4.7.8-201610161720.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.7.8/1007_linux-4.7.8.patch b/4.7.8/1007_linux-4.7.8.patch
new file mode 100644
index 0000000..dd5c7d8
--- /dev/null
+++ b/4.7.8/1007_linux-4.7.8.patch
@@ -0,0 +1,1626 @@
+diff --git a/Documentation/virtual/kvm/devices/vcpu.txt b/Documentation/virtual/kvm/devices/vcpu.txt
+index c041658..02f5068 100644
+--- a/Documentation/virtual/kvm/devices/vcpu.txt
++++ b/Documentation/virtual/kvm/devices/vcpu.txt
+@@ -30,4 +30,6 @@ Returns: -ENODEV: PMUv3 not supported
+ attribute
+ -EBUSY: PMUv3 already initialized
+
+-Request the initialization of the PMUv3.
++Request the initialization of the PMUv3. This must be done after creating the
++in-kernel irqchip. Creating a PMU with a userspace irqchip is currently not
++supported.
+diff --git a/Makefile b/Makefile
+index 320a930..4e17baa 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 7
+-SUBLEVEL = 7
++SUBLEVEL = 8
+ EXTRAVERSION =
+ NAME = Psychotic Stoned Sheep
+
+diff --git a/arch/arm/boot/dts/armada-390.dtsi b/arch/arm/boot/dts/armada-390.dtsi
+index 094e39c..6cd18d8 100644
+--- a/arch/arm/boot/dts/armada-390.dtsi
++++ b/arch/arm/boot/dts/armada-390.dtsi
+@@ -47,6 +47,8 @@
+ #include "armada-39x.dtsi"
+
+ / {
++ compatible = "marvell,armada390";
++
+ soc {
+ internal-regs {
+ pinctrl@18000 {
+@@ -54,4 +56,5 @@
+ reg = <0x18000 0x20>;
+ };
+ };
++ };
+ };
+diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi
+index df96ccd..779f844 100644
+--- a/arch/arm/boot/dts/qcom-apq8064.dtsi
++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi
+@@ -5,6 +5,7 @@
+ #include <dt-bindings/reset/qcom,gcc-msm8960.h>
+ #include <dt-bindings/clock/qcom,mmcc-msm8960.h>
+ #include <dt-bindings/soc/qcom,gsbi.h>
++#include <dt-bindings/interrupt-controller/irq.h>
+ #include <dt-bindings/interrupt-controller/arm-gic.h>
+ / {
+ model = "Qualcomm APQ8064";
+@@ -552,22 +553,50 @@
+ compatible = "qcom,pm8921-gpio",
+ "qcom,ssbi-gpio";
+ reg = <0x150>;
+- interrupts = <192 1>, <193 1>, <194 1>,
+- <195 1>, <196 1>, <197 1>,
+- <198 1>, <199 1>, <200 1>,
+- <201 1>, <202 1>, <203 1>,
+- <204 1>, <205 1>, <206 1>,
+- <207 1>, <208 1>, <209 1>,
+- <210 1>, <211 1>, <212 1>,
+- <213 1>, <214 1>, <215 1>,
+- <216 1>, <217 1>, <218 1>,
+- <219 1>, <220 1>, <221 1>,
+- <222 1>, <223 1>, <224 1>,
+- <225 1>, <226 1>, <227 1>,
+- <228 1>, <229 1>, <230 1>,
+- <231 1>, <232 1>, <233 1>,
+- <234 1>, <235 1>;
+-
++ interrupts = <192 IRQ_TYPE_NONE>,
++ <193 IRQ_TYPE_NONE>,
++ <194 IRQ_TYPE_NONE>,
++ <195 IRQ_TYPE_NONE>,
++ <196 IRQ_TYPE_NONE>,
++ <197 IRQ_TYPE_NONE>,
++ <198 IRQ_TYPE_NONE>,
++ <199 IRQ_TYPE_NONE>,
++ <200 IRQ_TYPE_NONE>,
++ <201 IRQ_TYPE_NONE>,
++ <202 IRQ_TYPE_NONE>,
++ <203 IRQ_TYPE_NONE>,
++ <204 IRQ_TYPE_NONE>,
++ <205 IRQ_TYPE_NONE>,
++ <206 IRQ_TYPE_NONE>,
++ <207 IRQ_TYPE_NONE>,
++ <208 IRQ_TYPE_NONE>,
++ <209 IRQ_TYPE_NONE>,
++ <210 IRQ_TYPE_NONE>,
++ <211 IRQ_TYPE_NONE>,
++ <212 IRQ_TYPE_NONE>,
++ <213 IRQ_TYPE_NONE>,
++ <214 IRQ_TYPE_NONE>,
++ <215 IRQ_TYPE_NONE>,
++ <216 IRQ_TYPE_NONE>,
++ <217 IRQ_TYPE_NONE>,
++ <218 IRQ_TYPE_NONE>,
++ <219 IRQ_TYPE_NONE>,
++ <220 IRQ_TYPE_NONE>,
++ <221 IRQ_TYPE_NONE>,
++ <222 IRQ_TYPE_NONE>,
++ <223 IRQ_TYPE_NONE>,
++ <224 IRQ_TYPE_NONE>,
++ <225 IRQ_TYPE_NONE>,
++ <226 IRQ_TYPE_NONE>,
++ <227 IRQ_TYPE_NONE>,
++ <228 IRQ_TYPE_NONE>,
++ <229 IRQ_TYPE_NONE>,
++ <230 IRQ_TYPE_NONE>,
++ <231 IRQ_TYPE_NONE>,
++ <232 IRQ_TYPE_NONE>,
++ <233 IRQ_TYPE_NONE>,
++ <234 IRQ_TYPE_NONE>,
++ <235 IRQ_TYPE_NONE>;
+ gpio-controller;
+ #gpio-cells = <2>;
+
+@@ -580,9 +609,18 @@
+ gpio-controller;
+ #gpio-cells = <2>;
+ interrupts =
+- <128 1>, <129 1>, <130 1>, <131 1>,
+- <132 1>, <133 1>, <134 1>, <135 1>,
+- <136 1>, <137 1>, <138 1>, <139 1>;
++ <128 IRQ_TYPE_NONE>,
++ <129 IRQ_TYPE_NONE>,
++ <130 IRQ_TYPE_NONE>,
++ <131 IRQ_TYPE_NONE>,
++ <132 IRQ_TYPE_NONE>,
++ <133 IRQ_TYPE_NONE>,
++ <134 IRQ_TYPE_NONE>,
++ <135 IRQ_TYPE_NONE>,
++ <136 IRQ_TYPE_NONE>,
++ <137 IRQ_TYPE_NONE>,
++ <138 IRQ_TYPE_NONE>,
++ <139 IRQ_TYPE_NONE>;
+ };
+
+ rtc@11d {
+diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
+index d9751a4..d34fd72 100644
+--- a/arch/arm64/kernel/stacktrace.c
++++ b/arch/arm64/kernel/stacktrace.c
+@@ -43,6 +43,9 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
+ unsigned long fp = frame->fp;
+ unsigned long irq_stack_ptr;
+
++ if (!tsk)
++ tsk = current;
++
+ /*
+ * Switching between stacks is valid when tracing current and in
+ * non-preemptible context.
+@@ -67,7 +70,7 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
+ frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 8));
+
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER
+- if (tsk && tsk->ret_stack &&
++ if (tsk->ret_stack &&
+ (frame->pc == (unsigned long)return_to_handler)) {
+ /*
+ * This is a case where function graph tracer has
+diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
+index 2a43012..f014df9 100644
+--- a/arch/arm64/kernel/traps.c
++++ b/arch/arm64/kernel/traps.c
+@@ -149,6 +149,11 @@ static void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk)
+ unsigned long irq_stack_ptr;
+ int skip;
+
++ pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
++
++ if (!tsk)
++ tsk = current;
++
+ /*
+ * Switching between stacks is valid when tracing current and in
+ * non-preemptible context.
+@@ -158,11 +163,6 @@ static void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk)
+ else
+ irq_stack_ptr = 0;
+
+- pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
+-
+- if (!tsk)
+- tsk = current;
+-
+ if (tsk == current) {
+ frame.fp = (unsigned long)__builtin_frame_address(0);
+ frame.sp = current_stack_pointer;
+diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
+index 2b42a74..efa592f 100644
+--- a/arch/mips/kvm/emulate.c
++++ b/arch/mips/kvm/emulate.c
+@@ -807,6 +807,47 @@ enum emulation_result kvm_mips_emul_tlbr(struct kvm_vcpu *vcpu)
+ return EMULATE_FAIL;
+ }
+
++/**
++ * kvm_mips_invalidate_guest_tlb() - Indicates a change in guest MMU map.
++ * @vcpu: VCPU with changed mappings.
++ * @tlb: TLB entry being removed.
++ *
++ * This is called to indicate a single change in guest MMU mappings, so that we
++ * can arrange TLB flushes on this and other CPUs.
++ */
++static void kvm_mips_invalidate_guest_tlb(struct kvm_vcpu *vcpu,
++ struct kvm_mips_tlb *tlb)
++{
++ int cpu, i;
++ bool user;
++
++ /* No need to flush for entries which are already invalid */
++ if (!((tlb->tlb_lo[0] | tlb->tlb_lo[1]) & ENTRYLO_V))
++ return;
++ /* User address space doesn't need flushing for KSeg2/3 changes */
++ user = tlb->tlb_hi < KVM_GUEST_KSEG0;
++
++ preempt_disable();
++
++ /*
++ * Probe the shadow host TLB for the entry being overwritten, if one
++ * matches, invalidate it
++ */
++ kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi);
++
++ /* Invalidate the whole ASID on other CPUs */
++ cpu = smp_processor_id();
++ for_each_possible_cpu(i) {
++ if (i == cpu)
++ continue;
++ if (user)
++ vcpu->arch.guest_user_asid[i] = 0;
++ vcpu->arch.guest_kernel_asid[i] = 0;
++ }
++
++ preempt_enable();
++}
++
+ /* Write Guest TLB Entry @ Index */
+ enum emulation_result kvm_mips_emul_tlbwi(struct kvm_vcpu *vcpu)
+ {
+@@ -826,11 +867,8 @@ enum emulation_result kvm_mips_emul_tlbwi(struct kvm_vcpu *vcpu)
+ }
+
+ tlb = &vcpu->arch.guest_tlb[index];
+- /*
+- * Probe the shadow host TLB for the entry being overwritten, if one
+- * matches, invalidate it
+- */
+- kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi);
++
++ kvm_mips_invalidate_guest_tlb(vcpu, tlb);
+
+ tlb->tlb_mask = kvm_read_c0_guest_pagemask(cop0);
+ tlb->tlb_hi = kvm_read_c0_guest_entryhi(cop0);
+@@ -859,11 +897,7 @@ enum emulation_result kvm_mips_emul_tlbwr(struct kvm_vcpu *vcpu)
+
+ tlb = &vcpu->arch.guest_tlb[index];
+
+- /*
+- * Probe the shadow host TLB for the entry being overwritten, if one
+- * matches, invalidate it
+- */
+- kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi);
++ kvm_mips_invalidate_guest_tlb(vcpu, tlb);
+
+ tlb->tlb_mask = kvm_read_c0_guest_pagemask(cop0);
+ tlb->tlb_hi = kvm_read_c0_guest_entryhi(cop0);
+@@ -982,6 +1016,7 @@ enum emulation_result kvm_mips_emulate_CP0(uint32_t inst, uint32_t *opc,
+ int32_t rt, rd, copz, sel, co_bit, op;
+ uint32_t pc = vcpu->arch.pc;
+ unsigned long curr_pc;
++ int cpu, i;
+
+ /*
+ * Update PC and hold onto current PC in case there is
+@@ -1089,8 +1124,16 @@ enum emulation_result kvm_mips_emulate_CP0(uint32_t inst, uint32_t *opc,
+ vcpu->arch.gprs[rt]
+ & KVM_ENTRYHI_ASID);
+
++ preempt_disable();
+ /* Blow away the shadow host TLBs */
+ kvm_mips_flush_host_tlb(1);
++ cpu = smp_processor_id();
++ for_each_possible_cpu(i)
++ if (i != cpu) {
++ vcpu->arch.guest_user_asid[i] = 0;
++ vcpu->arch.guest_kernel_asid[i] = 0;
++ }
++ preempt_enable();
+ }
+ kvm_write_c0_guest_entryhi(cop0,
+ vcpu->arch.gprs[rt]);
+diff --git a/arch/powerpc/include/asm/pci-bridge.h b/arch/powerpc/include/asm/pci-bridge.h
+index 467c0b0..9e9d38a 100644
+--- a/arch/powerpc/include/asm/pci-bridge.h
++++ b/arch/powerpc/include/asm/pci-bridge.h
+@@ -299,6 +299,7 @@ extern void pci_process_bridge_OF_ranges(struct pci_controller *hose,
+ /* Allocate & free a PCI host bridge structure */
+ extern struct pci_controller *pcibios_alloc_controller(struct device_node *dev);
+ extern void pcibios_free_controller(struct pci_controller *phb);
++extern void pcibios_free_controller_deferred(struct pci_host_bridge *bridge);
+
+ #ifdef CONFIG_PCI
+ extern int pcibios_vaddr_is_ioport(void __iomem *address);
+diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
+index a0948f4..145e5b7 100644
+--- a/arch/powerpc/include/asm/reg.h
++++ b/arch/powerpc/include/asm/reg.h
+@@ -718,6 +718,7 @@
+ #define MMCR0_FCHV 0x00000001UL /* freeze conditions in hypervisor mode */
+ #define SPRN_MMCR1 798
+ #define SPRN_MMCR2 785
++#define SPRN_UMMCR2 769
+ #define SPRN_MMCRA 0x312
+ #define MMCRA_SDSYNC 0x80000000UL /* SDAR synced with SIAR */
+ #define MMCRA_SDAR_DCACHE_MISS 0x40000000UL
+diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
+index 0f7a60f..14af45c 100644
+--- a/arch/powerpc/kernel/pci-common.c
++++ b/arch/powerpc/kernel/pci-common.c
+@@ -103,6 +103,42 @@ void pcibios_free_controller(struct pci_controller *phb)
+ EXPORT_SYMBOL_GPL(pcibios_free_controller);
+
+ /*
++ * This function is used to call pcibios_free_controller()
++ * in a deferred manner: a callback from the PCI subsystem.
++ *
++ * _*DO NOT*_ call pcibios_free_controller() explicitly if
++ * this is used (or it may access an invalid *phb pointer).
++ *
++ * The callback occurs when all references to the root bus
++ * are dropped (e.g., child buses/devices and their users).
++ *
++ * It's called as .release_fn() of 'struct pci_host_bridge'
++ * which is associated with the 'struct pci_controller.bus'
++ * (root bus) - it expects .release_data to hold a pointer
++ * to 'struct pci_controller'.
++ *
++ * In order to use it, register .release_fn()/release_data
++ * like this:
++ *
++ * pci_set_host_bridge_release(bridge,
++ * pcibios_free_controller_deferred
++ * (void *) phb);
++ *
++ * e.g. in the pcibios_root_bridge_prepare() callback from
++ * pci_create_root_bus().
++ */
++void pcibios_free_controller_deferred(struct pci_host_bridge *bridge)
++{
++ struct pci_controller *phb = (struct pci_controller *)
++ bridge->release_data;
++
++ pr_debug("domain %d, dynamic %d\n", phb->global_number, phb->is_dynamic);
++
++ pcibios_free_controller(phb);
++}
++EXPORT_SYMBOL_GPL(pcibios_free_controller_deferred);
++
++/*
+ * The function is used to return the minimal alignment
+ * for memory or I/O windows of the associated P2P bridge.
+ * By default, 4KiB alignment for I/O windows and 1MiB for
+diff --git a/arch/powerpc/kvm/book3s_emulate.c b/arch/powerpc/kvm/book3s_emulate.c
+index 2afdb9c..729f8fa 100644
+--- a/arch/powerpc/kvm/book3s_emulate.c
++++ b/arch/powerpc/kvm/book3s_emulate.c
+@@ -498,6 +498,7 @@ int kvmppc_core_emulate_mtspr_pr(struct kvm_vcpu *vcpu, int sprn, ulong spr_val)
+ case SPRN_MMCR0:
+ case SPRN_MMCR1:
+ case SPRN_MMCR2:
++ case SPRN_UMMCR2:
+ #endif
+ break;
+ unprivileged:
+@@ -640,6 +641,7 @@ int kvmppc_core_emulate_mfspr_pr(struct kvm_vcpu *vcpu, int sprn, ulong *spr_val
+ case SPRN_MMCR0:
+ case SPRN_MMCR1:
+ case SPRN_MMCR2:
++ case SPRN_UMMCR2:
+ case SPRN_TIR:
+ #endif
+ *spr_val = 0;
+diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c
+index 4afae69..eb283c5 100644
+--- a/arch/powerpc/kvm/booke.c
++++ b/arch/powerpc/kvm/booke.c
+@@ -2038,7 +2038,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+ if (type == KVMPPC_DEBUG_NONE)
+ continue;
+
+- if (type & !(KVMPPC_DEBUG_WATCH_READ |
++ if (type & ~(KVMPPC_DEBUG_WATCH_READ |
+ KVMPPC_DEBUG_WATCH_WRITE |
+ KVMPPC_DEBUG_BREAKPOINT))
+ return -EINVAL;
+diff --git a/arch/powerpc/platforms/pseries/pci.c b/arch/powerpc/platforms/pseries/pci.c
+index fe16a50..09eba5a 100644
+--- a/arch/powerpc/platforms/pseries/pci.c
++++ b/arch/powerpc/platforms/pseries/pci.c
+@@ -119,6 +119,10 @@ int pseries_root_bridge_prepare(struct pci_host_bridge *bridge)
+
+ bus = bridge->bus;
+
++ /* Rely on the pcibios_free_controller_deferred() callback. */
++ pci_set_host_bridge_release(bridge, pcibios_free_controller_deferred,
++ (void *) pci_bus_to_host(bus));
++
+ dn = pcibios_get_phb_of_node(bus);
+ if (!dn)
+ return 0;
+diff --git a/arch/powerpc/platforms/pseries/pci_dlpar.c b/arch/powerpc/platforms/pseries/pci_dlpar.c
+index 906dbaa..547fd13 100644
+--- a/arch/powerpc/platforms/pseries/pci_dlpar.c
++++ b/arch/powerpc/platforms/pseries/pci_dlpar.c
+@@ -106,8 +106,11 @@ int remove_phb_dynamic(struct pci_controller *phb)
+ release_resource(res);
+ }
+
+- /* Free pci_controller data structure */
+- pcibios_free_controller(phb);
++ /*
++ * The pci_controller data structure is freed by
++ * the pcibios_free_controller_deferred() callback;
++ * see pseries_root_bridge_prepare().
++ */
+
+ return 0;
+ }
+diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h
+index 38951b0..993a072 100644
+--- a/arch/x86/include/asm/fpu/xstate.h
++++ b/arch/x86/include/asm/fpu/xstate.h
+@@ -24,11 +24,12 @@
+ XFEATURE_MASK_YMM | \
+ XFEATURE_MASK_OPMASK | \
+ XFEATURE_MASK_ZMM_Hi256 | \
+- XFEATURE_MASK_Hi16_ZMM | \
+- XFEATURE_MASK_PKRU)
++ XFEATURE_MASK_Hi16_ZMM)
+
+ /* Supported features which require eager state saving */
+-#define XFEATURE_MASK_EAGER (XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR)
++#define XFEATURE_MASK_EAGER (XFEATURE_MASK_BNDREGS | \
++ XFEATURE_MASK_BNDCSR | \
++ XFEATURE_MASK_PKRU)
+
+ /* All currently supported features */
+ #define XCNTXT_MASK (XFEATURE_MASK_LAZY | XFEATURE_MASK_EAGER)
+diff --git a/arch/x86/include/asm/mpspec.h b/arch/x86/include/asm/mpspec.h
+index b07233b..c2f94dc 100644
+--- a/arch/x86/include/asm/mpspec.h
++++ b/arch/x86/include/asm/mpspec.h
+@@ -6,7 +6,6 @@
+ #include <asm/x86_init.h>
+ #include <asm/apicdef.h>
+
+-extern int apic_version[];
+ extern int pic_mode;
+
+ #ifdef CONFIG_X86_32
+@@ -40,6 +39,7 @@ extern int mp_bus_id_to_type[MAX_MP_BUSSES];
+ extern DECLARE_BITMAP(mp_bus_not_pci, MAX_MP_BUSSES);
+
+ extern unsigned int boot_cpu_physical_apicid;
++extern u8 boot_cpu_apic_version;
+ extern unsigned long mp_lapic_addr;
+
+ #ifdef CONFIG_X86_LOCAL_APIC
+diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
+index 9414f84..8e6e8bc 100644
+--- a/arch/x86/kernel/acpi/boot.c
++++ b/arch/x86/kernel/acpi/boot.c
+@@ -180,7 +180,7 @@ static int acpi_register_lapic(int id, u8 enabled)
+ }
+
+ if (boot_cpu_physical_apicid != -1U)
+- ver = apic_version[boot_cpu_physical_apicid];
++ ver = boot_cpu_apic_version;
+
+ return generic_processor_info(id, ver);
+ }
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
+index b15e1c1..cc7bc8b 100644
+--- a/arch/x86/kernel/apic/apic.c
++++ b/arch/x86/kernel/apic/apic.c
+@@ -64,6 +64,8 @@ unsigned disabled_cpus;
+ unsigned int boot_cpu_physical_apicid = -1U;
+ EXPORT_SYMBOL_GPL(boot_cpu_physical_apicid);
+
++u8 boot_cpu_apic_version;
++
+ /*
+ * The highest APIC ID seen during enumeration.
+ */
+@@ -1790,8 +1792,7 @@ void __init init_apic_mappings(void)
+ * since smp_sanity_check is prepared for such a case
+ * and disable smp mode
+ */
+- apic_version[new_apicid] =
+- GET_APIC_VERSION(apic_read(APIC_LVR));
++ boot_cpu_apic_version = GET_APIC_VERSION(apic_read(APIC_LVR));
+ }
+ }
+
+@@ -1806,13 +1807,10 @@ void __init register_lapic_address(unsigned long address)
+ }
+ if (boot_cpu_physical_apicid == -1U) {
+ boot_cpu_physical_apicid = read_apic_id();
+- apic_version[boot_cpu_physical_apicid] =
+- GET_APIC_VERSION(apic_read(APIC_LVR));
++ boot_cpu_apic_version = GET_APIC_VERSION(apic_read(APIC_LVR));
+ }
+ }
+
+-int apic_version[MAX_LOCAL_APIC];
+-
+ /*
+ * Local APIC interrupts
+ */
+@@ -2102,11 +2100,10 @@ int generic_processor_info(int apicid, int version)
+ cpu, apicid);
+ version = 0x10;
+ }
+- apic_version[apicid] = version;
+
+- if (version != apic_version[boot_cpu_physical_apicid]) {
++ if (version != boot_cpu_apic_version) {
+ pr_warning("BIOS bug: APIC version mismatch, boot CPU: %x, CPU %d: version %x\n",
+- apic_version[boot_cpu_physical_apicid], cpu, version);
++ boot_cpu_apic_version, cpu, version);
+ }
+
+ physid_set(apicid, phys_cpu_present_map);
+@@ -2249,7 +2246,7 @@ int __init APIC_init_uniprocessor(void)
+ * Complain if the BIOS pretends there is one.
+ */
+ if (!boot_cpu_has(X86_FEATURE_APIC) &&
+- APIC_INTEGRATED(apic_version[boot_cpu_physical_apicid])) {
++ APIC_INTEGRATED(boot_cpu_apic_version)) {
+ pr_err("BIOS bug, local APIC 0x%x not detected!...\n",
+ boot_cpu_physical_apicid);
+ return -1;
+diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
+index 446702e..fbfb244 100644
+--- a/arch/x86/kernel/apic/io_apic.c
++++ b/arch/x86/kernel/apic/io_apic.c
+@@ -1592,7 +1592,7 @@ void __init setup_ioapic_ids_from_mpc(void)
+ * no meaning without the serial APIC bus.
+ */
+ if (!(boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
+- || APIC_XAPIC(apic_version[boot_cpu_physical_apicid]))
++ || APIC_XAPIC(boot_cpu_apic_version))
+ return;
+ setup_ioapic_ids_from_mpc_nocheck();
+ }
+@@ -2422,7 +2422,7 @@ static int io_apic_get_unique_id(int ioapic, int apic_id)
+ static u8 io_apic_unique_id(int idx, u8 id)
+ {
+ if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
+- !APIC_XAPIC(apic_version[boot_cpu_physical_apicid]))
++ !APIC_XAPIC(boot_cpu_apic_version))
+ return io_apic_get_unique_id(idx, id);
+ else
+ return id;
+diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
+index f316e34..49da80cf 100644
+--- a/arch/x86/kernel/apic/probe_32.c
++++ b/arch/x86/kernel/apic/probe_32.c
+@@ -153,7 +153,7 @@ early_param("apic", parse_apic);
+
+ void __init default_setup_apic_routing(void)
+ {
+- int version = apic_version[boot_cpu_physical_apicid];
++ int version = boot_cpu_apic_version;
+
+ if (num_possible_cpus() > 8) {
+ switch (boot_cpu_data.x86_vendor) {
+diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
+index a5e400a..84eced5 100644
+--- a/arch/x86/kernel/apic/vector.c
++++ b/arch/x86/kernel/apic/vector.c
+@@ -661,11 +661,28 @@ void irq_complete_move(struct irq_cfg *cfg)
+ */
+ void irq_force_complete_move(struct irq_desc *desc)
+ {
+- struct irq_data *irqdata = irq_desc_get_irq_data(desc);
+- struct apic_chip_data *data = apic_chip_data(irqdata);
+- struct irq_cfg *cfg = data ? &data->cfg : NULL;
++ struct irq_data *irqdata;
++ struct apic_chip_data *data;
++ struct irq_cfg *cfg;
+ unsigned int cpu;
+
++ /*
++ * The function is called for all descriptors regardless of which
++ * irqdomain they belong to. For example if an IRQ is provided by
++ * an irq_chip as part of a GPIO driver, the chip data for that
++ * descriptor is specific to the irq_chip in question.
++ *
++ * Check first that the chip_data is what we expect
++ * (apic_chip_data) before touching it any further.
++ */
++ irqdata = irq_domain_get_irq_data(x86_vector_domain,
++ irq_desc_get_irq(desc));
++ if (!irqdata)
++ return;
++
++ data = apic_chip_data(irqdata);
++ cfg = data ? &data->cfg : NULL;
++
+ if (!cfg)
+ return;
+
+diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
+index 621b501..8a90f15 100644
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -348,7 +348,7 @@ int __init sanitize_e820_map(struct e820entry *biosmap, int max_nr_map,
+ * continue building up new bios map based on this
+ * information
+ */
+- if (current_type != last_type || current_type == E820_PRAM) {
++ if (current_type != last_type) {
+ if (last_type != 0) {
+ new_bios[new_bios_entry].size =
+ change_point[chgidx]->addr - last_addr;
+@@ -754,7 +754,7 @@ u64 __init early_reserve_e820(u64 size, u64 align)
+ /*
+ * Find the highest page frame number we have available
+ */
+-static unsigned long __init e820_end_pfn(unsigned long limit_pfn)
++static unsigned long __init e820_end_pfn(unsigned long limit_pfn, unsigned type)
+ {
+ int i;
+ unsigned long last_pfn = 0;
+@@ -765,11 +765,7 @@ static unsigned long __init e820_end_pfn(unsigned long limit_pfn)
+ unsigned long start_pfn;
+ unsigned long end_pfn;
+
+- /*
+- * Persistent memory is accounted as ram for purposes of
+- * establishing max_pfn and mem_map.
+- */
+- if (ei->type != E820_RAM && ei->type != E820_PRAM)
++ if (ei->type != type)
+ continue;
+
+ start_pfn = ei->addr >> PAGE_SHIFT;
+@@ -794,12 +790,12 @@ static unsigned long __init e820_end_pfn(unsigned long limit_pfn)
+ }
+ unsigned long __init e820_end_of_ram_pfn(void)
+ {
+- return e820_end_pfn(MAX_ARCH_PFN);
++ return e820_end_pfn(MAX_ARCH_PFN, E820_RAM);
+ }
+
+ unsigned long __init e820_end_of_low_ram_pfn(void)
+ {
+- return e820_end_pfn(1UL << (32-PAGE_SHIFT));
++ return e820_end_pfn(1UL << (32 - PAGE_SHIFT), E820_RAM);
+ }
+
+ static void early_panic(char *msg)
+diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
+index 6e789ca..5dc86d2 100644
+--- a/arch/x86/kernel/process_64.c
++++ b/arch/x86/kernel/process_64.c
+@@ -110,12 +110,13 @@ void __show_regs(struct pt_regs *regs, int all)
+ get_debugreg(d7, 7);
+
+ /* Only print out debug registers if they are in their non-default state. */
+- if ((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) &&
+- (d6 == DR6_RESERVED) && (d7 == 0x400))
+- return;
+-
+- printk(KERN_DEFAULT "DR0: %016lx DR1: %016lx DR2: %016lx\n", d0, d1, d2);
+- printk(KERN_DEFAULT "DR3: %016lx DR6: %016lx DR7: %016lx\n", d3, d6, d7);
++ if (!((d0 == 0) && (d1 == 0) && (d2 == 0) && (d3 == 0) &&
++ (d6 == DR6_RESERVED) && (d7 == 0x400))) {
++ printk(KERN_DEFAULT "DR0: %016lx DR1: %016lx DR2: %016lx\n",
++ d0, d1, d2);
++ printk(KERN_DEFAULT "DR3: %016lx DR6: %016lx DR7: %016lx\n",
++ d3, d6, d7);
++ }
+
+ if (boot_cpu_has(X86_FEATURE_OSPKE))
+ printk(KERN_DEFAULT "PKRU: %08x\n", read_pkru());
+diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
+index 600edd2..67ed18e 100644
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -173,8 +173,8 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
+ return sp;
+
+ prev_esp = (u32 *)(context);
+- if (prev_esp)
+- return (unsigned long)prev_esp;
++ if (*prev_esp)
++ return (unsigned long)*prev_esp;
+
+ return (unsigned long)regs;
+ }
+diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
+index fafe8b9..694c529 100644
+--- a/arch/x86/kernel/smpboot.c
++++ b/arch/x86/kernel/smpboot.c
+@@ -676,7 +676,7 @@ wakeup_secondary_cpu_via_nmi(int apicid, unsigned long start_eip)
+ * Give the other CPU some time to accept the IPI.
+ */
+ udelay(200);
+- if (APIC_INTEGRATED(apic_version[boot_cpu_physical_apicid])) {
++ if (APIC_INTEGRATED(boot_cpu_apic_version)) {
+ maxlvt = lapic_get_maxlvt();
+ if (maxlvt > 3) /* Due to the Pentium erratum 3AP. */
+ apic_write(APIC_ESR, 0);
+@@ -703,7 +703,7 @@ wakeup_secondary_cpu_via_init(int phys_apicid, unsigned long start_eip)
+ /*
+ * Be paranoid about clearing APIC errors.
+ */
+- if (APIC_INTEGRATED(apic_version[phys_apicid])) {
++ if (APIC_INTEGRATED(boot_cpu_apic_version)) {
+ if (maxlvt > 3) /* Due to the Pentium erratum 3AP. */
+ apic_write(APIC_ESR, 0);
+ apic_read(APIC_ESR);
+@@ -742,7 +742,7 @@ wakeup_secondary_cpu_via_init(int phys_apicid, unsigned long start_eip)
+ * Determine this based on the APIC version.
+ * If we don't have an integrated APIC, don't send the STARTUP IPIs.
+ */
+- if (APIC_INTEGRATED(apic_version[phys_apicid]))
++ if (APIC_INTEGRATED(boot_cpu_apic_version))
+ num_starts = 2;
+ else
+ num_starts = 0;
+@@ -980,7 +980,7 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+ /*
+ * Be paranoid about clearing APIC errors.
+ */
+- if (APIC_INTEGRATED(apic_version[boot_cpu_physical_apicid])) {
++ if (APIC_INTEGRATED(boot_cpu_apic_version)) {
+ apic_write(APIC_ESR, 0);
+ apic_read(APIC_ESR);
+ }
+@@ -1235,7 +1235,7 @@ static int __init smp_sanity_check(unsigned max_cpus)
+ /*
+ * If we couldn't find a local APIC, then get out of here now!
+ */
+- if (APIC_INTEGRATED(apic_version[boot_cpu_physical_apicid]) &&
++ if (APIC_INTEGRATED(boot_cpu_apic_version) &&
+ !boot_cpu_has(X86_FEATURE_APIC)) {
+ if (!disable_apic) {
+ pr_err("BIOS bug, local APIC #%d not detected!...\n",
+@@ -1393,9 +1393,21 @@ __init void prefill_possible_map(void)
+ {
+ int i, possible;
+
+- /* no processor from mptable or madt */
+- if (!num_processors)
+- num_processors = 1;
++ /* No boot processor was found in mptable or ACPI MADT */
++ if (!num_processors) {
++ int apicid = boot_cpu_physical_apicid;
++ int cpu = hard_smp_processor_id();
++
++ pr_warn("Boot CPU (id %d) not listed by BIOS\n", cpu);
++
++ /* Make sure boot cpu is enumerated */
++ if (apic->cpu_present_to_apicid(0) == BAD_APICID &&
++ apic->apic_id_valid(apicid))
++ generic_processor_info(apicid, boot_cpu_apic_version);
++
++ if (!num_processors)
++ num_processors = 1;
++ }
+
+ i = setup_max_cpus ?: 1;
+ if (setup_possible_cpus == -1) {
+diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
+index 719cf29..40c3aab9 100644
+--- a/arch/x86/xen/smp.c
++++ b/arch/x86/xen/smp.c
+@@ -87,6 +87,12 @@ static void cpu_bringup(void)
+ cpu_data(cpu).x86_max_cores = 1;
+ set_cpu_sibling_map(cpu);
+
++ /*
++ * identify_cpu() may have set logical_pkg_id to -1 due
++ * to incorrect phys_proc_id. Let's re-comupte it.
++ */
++ topology_update_package_map(apic->cpu_present_to_apicid(cpu), cpu);
++
+ xen_setup_cpu_clockevents();
+
+ notify_cpu_starting(cpu);
+diff --git a/drivers/char/tpm/tpm-dev.c b/drivers/char/tpm/tpm-dev.c
+index de0337e..4f3137d 100644
+--- a/drivers/char/tpm/tpm-dev.c
++++ b/drivers/char/tpm/tpm-dev.c
+@@ -139,7 +139,7 @@ static ssize_t tpm_write(struct file *file, const char __user *buf,
+
+ /* atomic tpm command send and result receive */
+ out_size = tpm_transmit(priv->chip, priv->data_buffer,
+- sizeof(priv->data_buffer));
++ sizeof(priv->data_buffer), 0);
+ if (out_size < 0) {
+ mutex_unlock(&priv->buffer_mutex);
+ return out_size;
+diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
+index e2fa89c..9ba86eb3 100644
+--- a/drivers/char/tpm/tpm-interface.c
++++ b/drivers/char/tpm/tpm-interface.c
+@@ -330,8 +330,8 @@ EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
+ /*
+ * Internal kernel interface to transmit TPM commands
+ */
+-ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+- size_t bufsiz)
++ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, size_t bufsiz,
++ unsigned int flags)
+ {
+ ssize_t rc;
+ u32 count, ordinal;
+@@ -350,7 +350,8 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+ return -E2BIG;
+ }
+
+- mutex_lock(&chip->tpm_mutex);
++ if (!(flags & TPM_TRANSMIT_UNLOCKED))
++ mutex_lock(&chip->tpm_mutex);
+
+ rc = chip->ops->send(chip, (u8 *) buf, count);
+ if (rc < 0) {
+@@ -393,20 +394,21 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+ dev_err(chip->pdev,
+ "tpm_transmit: tpm_recv: error %zd\n", rc);
+ out:
+- mutex_unlock(&chip->tpm_mutex);
++ if (!(flags & TPM_TRANSMIT_UNLOCKED))
++ mutex_unlock(&chip->tpm_mutex);
+ return rc;
+ }
+
+ #define TPM_DIGEST_SIZE 20
+ #define TPM_RET_CODE_IDX 6
+
+-ssize_t tpm_transmit_cmd(struct tpm_chip *chip, void *cmd,
+- int len, const char *desc)
++ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd,
++ int len, unsigned int flags, const char *desc)
+ {
+- struct tpm_output_header *header;
++ const struct tpm_output_header *header;
+ int err;
+
+- len = tpm_transmit(chip, (u8 *) cmd, len);
++ len = tpm_transmit(chip, (const u8 *)cmd, len, flags);
+ if (len < 0)
+ return len;
+ else if (len < TPM_HEADER_SIZE)
+@@ -454,7 +456,8 @@ ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap,
+ tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
+ tpm_cmd.params.getcap_in.subcap = subcap_id;
+ }
+- rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc);
++ rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 0,
++ desc);
+ if (!rc)
+ *cap = tpm_cmd.params.getcap_out.cap;
+ return rc;
+@@ -470,7 +473,7 @@ void tpm_gen_interrupt(struct tpm_chip *chip)
+ tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
+ tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
+
+- rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 0,
+ "attempting to determine the timeouts");
+ }
+ EXPORT_SYMBOL_GPL(tpm_gen_interrupt);
+@@ -491,7 +494,7 @@ static int tpm_startup(struct tpm_chip *chip, __be16 startup_type)
+ start_cmd.header.in = tpm_startup_header;
+
+ start_cmd.params.startup_in.startup_type = startup_type;
+- return tpm_transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE,
++ return tpm_transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE, 0,
+ "attempting to start the TPM");
+ }
+
+@@ -522,7 +525,8 @@ int tpm_get_timeouts(struct tpm_chip *chip)
+ tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
+ tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
+ tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
+- rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL);
++ rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 0,
++ NULL);
+
+ if (rc == TPM_ERR_INVALID_POSTINIT) {
+ /* The TPM is not started, we are the first to talk to it.
+@@ -536,7 +540,7 @@ int tpm_get_timeouts(struct tpm_chip *chip)
+ tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
+ tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
+ rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
+- NULL);
++ 0, NULL);
+ }
+ if (rc) {
+ dev_err(chip->pdev,
+@@ -597,7 +601,7 @@ int tpm_get_timeouts(struct tpm_chip *chip)
+ tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
+ tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION;
+
+- rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 0,
+ "attempting to determine the durations");
+ if (rc)
+ return rc;
+@@ -653,7 +657,7 @@ static int tpm_continue_selftest(struct tpm_chip *chip)
+ struct tpm_cmd_t cmd;
+
+ cmd.header.in = continue_selftest_header;
+- rc = tpm_transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 0,
+ "continue selftest");
+ return rc;
+ }
+@@ -673,7 +677,7 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
+
+ cmd.header.in = pcrread_header;
+ cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx);
+- rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, 0,
+ "attempting to read a pcr value");
+
+ if (rc == 0)
+@@ -771,7 +775,7 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
+ cmd.header.in = pcrextend_header;
+ cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
+ memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE);
+- rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 0,
+ "attempting extend a PCR value");
+
+ tpm_chip_put(chip);
+@@ -810,7 +814,7 @@ int tpm_do_selftest(struct tpm_chip *chip)
+ /* Attempt to read a PCR value */
+ cmd.header.in = pcrread_header;
+ cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0);
+- rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE);
++ rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE, 0);
+ /* Some buggy TPMs will not respond to tpm_tis_ready() for
+ * around 300ms while the self test is ongoing, keep trying
+ * until the self test duration expires. */
+@@ -851,7 +855,7 @@ int tpm_send(u32 chip_num, void *cmd, size_t buflen)
+ if (chip == NULL)
+ return -ENODEV;
+
+- rc = tpm_transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd");
++ rc = tpm_transmit_cmd(chip, cmd, buflen, 0, "attempting tpm_cmd");
+
+ tpm_chip_put(chip);
+ return rc;
+@@ -953,14 +957,15 @@ int tpm_pm_suspend(struct device *dev)
+ cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr);
+ memcpy(cmd.params.pcrextend_in.hash, dummy_hash,
+ TPM_DIGEST_SIZE);
+- rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
++ rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 0,
+ "extending dummy pcr before suspend");
+ }
+
+ /* now do the actual savestate */
+ for (try = 0; try < TPM_RETRY; try++) {
+ cmd.header.in = savestate_header;
+- rc = tpm_transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL);
++ rc = tpm_transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, 0,
++ NULL);
+
+ /*
+ * If the TPM indicates that it is too busy to respond to
+@@ -1044,8 +1049,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
+ tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes);
+
+ err = tpm_transmit_cmd(chip, &tpm_cmd,
+- TPM_GETRANDOM_RESULT_SIZE + num_bytes,
+- "attempting get random");
++ TPM_GETRANDOM_RESULT_SIZE + num_bytes,
++ 0, "attempting get random");
+ if (err)
+ break;
+
+diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
+index ee66fd4..f880856 100644
+--- a/drivers/char/tpm/tpm-sysfs.c
++++ b/drivers/char/tpm/tpm-sysfs.c
+@@ -39,7 +39,7 @@ static ssize_t pubek_show(struct device *dev, struct device_attribute *attr,
+ struct tpm_chip *chip = dev_get_drvdata(dev);
+
+ tpm_cmd.header.in = tpm_readpubek_header;
+- err = tpm_transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
++ err = tpm_transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, 0,
+ "attempting to read the PUBEK");
+ if (err)
+ goto out;
+diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
+index 28b477e..f475b74 100644
+--- a/drivers/char/tpm/tpm.h
++++ b/drivers/char/tpm/tpm.h
+@@ -494,11 +494,15 @@ extern struct class *tpm_class;
+ extern dev_t tpm_devt;
+ extern const struct file_operations tpm_fops;
+
++enum tpm_transmit_flags {
++ TPM_TRANSMIT_UNLOCKED = BIT(0),
++};
++
++ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, size_t bufsiz,
++ unsigned int flags);
++ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *cmd, int len,
++ unsigned int flags, const char *desc);
+ ssize_t tpm_getcap(struct device *, __be32, cap_t *, const char *);
+-ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+- size_t bufsiz);
+-ssize_t tpm_transmit_cmd(struct tpm_chip *chip, void *cmd, int len,
+- const char *desc);
+ extern int tpm_get_timeouts(struct tpm_chip *);
+ extern void tpm_gen_interrupt(struct tpm_chip *);
+ extern int tpm_do_selftest(struct tpm_chip *);
+diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
+index ca2d238..19f14dc 100644
+--- a/drivers/char/tpm/tpm2-cmd.c
++++ b/drivers/char/tpm/tpm2-cmd.c
+@@ -282,7 +282,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
+ sizeof(cmd.params.pcrread_in.pcr_select));
+ cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
+
+- rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
++ rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+ "attempting to read a pcr value");
+ if (rc == 0) {
+ buf = cmd.params.pcrread_out.digest;
+@@ -330,7 +330,7 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
+ cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
+ memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
+
+- rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
++ rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+ "attempting extend a PCR value");
+
+ return rc;
+@@ -376,7 +376,7 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
+ cmd.header.in = tpm2_getrandom_header;
+ cmd.params.getrandom_in.size = cpu_to_be16(num_bytes);
+
+- err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
++ err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+ "attempting get random");
+ if (err)
+ break;
+@@ -434,12 +434,12 @@ static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
+ }
+
+ /**
+- * tpm2_seal_trusted() - seal a trusted key
+- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
+- * @options: authentication values and other options
++ * tpm2_seal_trusted() - seal the payload of a trusted key
++ * @chip_num: TPM chip to use
+ * @payload: the key data in clear and encrypted form
++ * @options: authentication values and other options
+ *
+- * Returns < 0 on error and 0 on success.
++ * Return: < 0 on error and 0 on success.
+ */
+ int tpm2_seal_trusted(struct tpm_chip *chip,
+ struct trusted_key_payload *payload,
+@@ -512,7 +512,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
+ goto out;
+ }
+
+- rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "sealing data");
++ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, "sealing data");
+ if (rc)
+ goto out;
+
+@@ -538,10 +538,18 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
+ return rc;
+ }
+
+-static int tpm2_load(struct tpm_chip *chip,
+- struct trusted_key_payload *payload,
+- struct trusted_key_options *options,
+- u32 *blob_handle)
++/**
++ * tpm2_load_cmd() - execute a TPM2_Load command
++ * @chip_num: TPM chip to use
++ * @payload: the key data in clear and encrypted form
++ * @options: authentication values and other options
++ *
++ * Return: same as with tpm_transmit_cmd
++ */
++static int tpm2_load_cmd(struct tpm_chip *chip,
++ struct trusted_key_payload *payload,
++ struct trusted_key_options *options,
++ u32 *blob_handle, unsigned int flags)
+ {
+ struct tpm_buf buf;
+ unsigned int private_len;
+@@ -576,7 +584,7 @@ static int tpm2_load(struct tpm_chip *chip,
+ goto out;
+ }
+
+- rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "loading blob");
++ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "loading blob");
+ if (!rc)
+ *blob_handle = be32_to_cpup(
+ (__be32 *) &buf.data[TPM_HEADER_SIZE]);
+@@ -590,7 +598,16 @@ static int tpm2_load(struct tpm_chip *chip,
+ return rc;
+ }
+
+-static void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
++/**
++ * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command
++ * @chip_num: TPM chip to use
++ * @payload: the key data in clear and encrypted form
++ * @options: authentication values and other options
++ *
++ * Return: same as with tpm_transmit_cmd
++ */
++static void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,
++ unsigned int flags)
+ {
+ struct tpm_buf buf;
+ int rc;
+@@ -604,7 +621,8 @@ static void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
+
+ tpm_buf_append_u32(&buf, handle);
+
+- rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "flushing context");
++ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags,
++ "flushing context");
+ if (rc)
+ dev_warn(chip->pdev, "0x%08x was not flushed, rc=%d\n", handle,
+ rc);
+@@ -612,10 +630,18 @@ static void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
+ tpm_buf_destroy(&buf);
+ }
+
+-static int tpm2_unseal(struct tpm_chip *chip,
+- struct trusted_key_payload *payload,
+- struct trusted_key_options *options,
+- u32 blob_handle)
++/**
++ * tpm2_unseal_cmd() - execute a TPM2_Unload command
++ * @chip_num: TPM chip to use
++ * @payload: the key data in clear and encrypted form
++ * @options: authentication values and other options
++ *
++ * Return: same as with tpm_transmit_cmd
++ */
++static int tpm2_unseal_cmd(struct tpm_chip *chip,
++ struct trusted_key_payload *payload,
++ struct trusted_key_options *options,
++ u32 blob_handle, unsigned int flags)
+ {
+ struct tpm_buf buf;
+ u16 data_len;
+@@ -635,7 +661,7 @@ static int tpm2_unseal(struct tpm_chip *chip,
+ options->blobauth /* hmac */,
+ TPM_DIGEST_SIZE);
+
+- rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "unsealing");
++ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "unsealing");
+ if (rc > 0)
+ rc = -EPERM;
+
+@@ -654,12 +680,12 @@ static int tpm2_unseal(struct tpm_chip *chip,
+ }
+
+ /**
+- * tpm_unseal_trusted() - unseal a trusted key
+- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
+- * @options: authentication values and other options
++ * tpm_unseal_trusted() - unseal the payload of a trusted key
++ * @chip_num: TPM chip to use
+ * @payload: the key data in clear and encrypted form
++ * @options: authentication values and other options
+ *
+- * Returns < 0 on error and 0 on success.
++ * Return: < 0 on error and 0 on success.
+ */
+ int tpm2_unseal_trusted(struct tpm_chip *chip,
+ struct trusted_key_payload *payload,
+@@ -668,14 +694,17 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
+ u32 blob_handle;
+ int rc;
+
+- rc = tpm2_load(chip, payload, options, &blob_handle);
++ mutex_lock(&chip->tpm_mutex);
++ rc = tpm2_load_cmd(chip, payload, options, &blob_handle,
++ TPM_TRANSMIT_UNLOCKED);
+ if (rc)
+- return rc;
+-
+- rc = tpm2_unseal(chip, payload, options, blob_handle);
+-
+- tpm2_flush_context(chip, blob_handle);
++ goto out;
+
++ rc = tpm2_unseal_cmd(chip, payload, options, blob_handle,
++ TPM_TRANSMIT_UNLOCKED);
++ tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED);
++out:
++ mutex_unlock(&chip->tpm_mutex);
+ return rc;
+ }
+
+@@ -701,7 +730,7 @@ ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
+ cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id);
+ cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
+
+- rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), desc);
++ rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, desc);
+ if (!rc)
+ *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value);
+
+@@ -735,7 +764,7 @@ int tpm2_startup(struct tpm_chip *chip, u16 startup_type)
+ cmd.header.in = tpm2_startup_header;
+
+ cmd.params.startup_in.startup_type = cpu_to_be16(startup_type);
+- return tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
++ return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+ "attempting to start the TPM");
+ }
+ EXPORT_SYMBOL_GPL(tpm2_startup);
+@@ -764,7 +793,7 @@ void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
+ cmd.header.in = tpm2_shutdown_header;
+ cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type);
+
+- rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), "stopping the TPM");
++ rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, "stopping the TPM");
+
+ /* In places where shutdown command is sent there's no much we can do
+ * except print the error code on a system failure.
+@@ -830,7 +859,7 @@ static int tpm2_start_selftest(struct tpm_chip *chip, bool full)
+ cmd.header.in = tpm2_selftest_header;
+ cmd.params.selftest_in.full_test = full;
+
+- rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE,
++ rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 0,
+ "continue selftest");
+
+ /* At least some prototype chips seem to give RC_TESTING error
+@@ -882,7 +911,7 @@ int tpm2_do_selftest(struct tpm_chip *chip)
+ cmd.params.pcrread_in.pcr_select[1] = 0x00;
+ cmd.params.pcrread_in.pcr_select[2] = 0x00;
+
+- rc = tpm_transmit_cmd(chip, (u8 *) &cmd, sizeof(cmd), NULL);
++ rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, NULL);
+ if (rc < 0)
+ break;
+
+@@ -931,7 +960,7 @@ int tpm2_probe(struct tpm_chip *chip)
+ cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100);
+ cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
+
+- rc = tpm_transmit(chip, (const char *) &cmd, sizeof(cmd));
++ rc = tpm_transmit(chip, (const u8 *)&cmd, sizeof(cmd), 0);
+ if (rc < 0)
+ return rc;
+ else if (rc < TPM_HEADER_SIZE)
+diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
+index 0f7ec0d..ee300bd 100644
+--- a/drivers/char/tpm/tpm_crb.c
++++ b/drivers/char/tpm/tpm_crb.c
+@@ -142,6 +142,11 @@ static int crb_send(struct tpm_chip *chip, u8 *buf, size_t len)
+ struct crb_priv *priv = chip->vendor.priv;
+ int rc = 0;
+
++ /* Zero the cancel register so that the next command will not get
++ * canceled.
++ */
++ iowrite32(0, &priv->cca->cancel);
++
+ if (len > ioread32(&priv->cca->cmd_size)) {
+ dev_err(&chip->dev,
+ "invalid command count value %x %zx\n",
+@@ -175,8 +180,6 @@ static void crb_cancel(struct tpm_chip *chip)
+
+ if ((priv->flags & CRB_FL_ACPI_START) && crb_do_acpi_start(chip))
+ dev_err(&chip->dev, "ACPI Start failed\n");
+-
+- iowrite32(0, &priv->cca->cancel);
+ }
+
+ static bool crb_req_canceled(struct tpm_chip *chip, u8 status)
+diff --git a/drivers/cpuidle/cpuidle-arm.c b/drivers/cpuidle/cpuidle-arm.c
+index e342565e..1855b9e 100644
+--- a/drivers/cpuidle/cpuidle-arm.c
++++ b/drivers/cpuidle/cpuidle-arm.c
+@@ -135,6 +135,7 @@ static int __init arm_idle_init(void)
+ dev = kzalloc(sizeof(*dev), GFP_KERNEL);
+ if (!dev) {
+ pr_err("Failed to allocate cpuidle device\n");
++ ret = -ENOMEM;
+ goto out_fail;
+ }
+ dev->cpu = cpu;
+diff --git a/drivers/mfd/Kconfig b/drivers/mfd/Kconfig
+index 1bcf601..26c084d 100644
+--- a/drivers/mfd/Kconfig
++++ b/drivers/mfd/Kconfig
+@@ -1535,6 +1535,7 @@ config MFD_WM8350
+ config MFD_WM8350_I2C
+ bool "Wolfson Microelectronics WM8350 with I2C"
+ select MFD_WM8350
++ select REGMAP_I2C
+ depends on I2C=y
+ help
+ The WM8350 is an integrated audio and power management
+diff --git a/drivers/mfd/atmel-hlcdc.c b/drivers/mfd/atmel-hlcdc.c
+index eca7ea6..4b15b08 100644
+--- a/drivers/mfd/atmel-hlcdc.c
++++ b/drivers/mfd/atmel-hlcdc.c
+@@ -50,8 +50,9 @@ static int regmap_atmel_hlcdc_reg_write(void *context, unsigned int reg,
+ if (reg <= ATMEL_HLCDC_DIS) {
+ u32 status;
+
+- readl_poll_timeout(hregmap->regs + ATMEL_HLCDC_SR, status,
+- !(status & ATMEL_HLCDC_SIP), 1, 100);
++ readl_poll_timeout_atomic(hregmap->regs + ATMEL_HLCDC_SR,
++ status, !(status & ATMEL_HLCDC_SIP),
++ 1, 100);
+ }
+
+ writel(val, hregmap->regs + reg);
+diff --git a/drivers/mfd/rtsx_usb.c b/drivers/mfd/rtsx_usb.c
+index dbd907d..691dab7 100644
+--- a/drivers/mfd/rtsx_usb.c
++++ b/drivers/mfd/rtsx_usb.c
+@@ -46,9 +46,6 @@ static void rtsx_usb_sg_timed_out(unsigned long data)
+
+ dev_dbg(&ucr->pusb_intf->dev, "%s: sg transfer timed out", __func__);
+ usb_sg_cancel(&ucr->current_sg);
+-
+- /* we know the cancellation is caused by time-out */
+- ucr->current_sg.status = -ETIMEDOUT;
+ }
+
+ static int rtsx_usb_bulk_transfer_sglist(struct rtsx_ucr *ucr,
+@@ -67,12 +64,15 @@ static int rtsx_usb_bulk_transfer_sglist(struct rtsx_ucr *ucr,
+ ucr->sg_timer.expires = jiffies + msecs_to_jiffies(timeout);
+ add_timer(&ucr->sg_timer);
+ usb_sg_wait(&ucr->current_sg);
+- del_timer_sync(&ucr->sg_timer);
++ if (!del_timer_sync(&ucr->sg_timer))
++ ret = -ETIMEDOUT;
++ else
++ ret = ucr->current_sg.status;
+
+ if (act_len)
+ *act_len = ucr->current_sg.bytes;
+
+- return ucr->current_sg.status;
++ return ret;
+ }
+
+ int rtsx_usb_transfer_data(struct rtsx_ucr *ucr, unsigned int pipe,
+diff --git a/drivers/misc/cxl/vphb.c b/drivers/misc/cxl/vphb.c
+index cdc7723..bec6c22 100644
+--- a/drivers/misc/cxl/vphb.c
++++ b/drivers/misc/cxl/vphb.c
+@@ -243,6 +243,11 @@ int cxl_pci_vphb_add(struct cxl_afu *afu)
+ if (phb->bus == NULL)
+ return -ENXIO;
+
++ /* Set release hook on root bus */
++ pci_set_host_bridge_release(to_pci_host_bridge(phb->bus->bridge),
++ pcibios_free_controller_deferred,
++ (void *) phb);
++
+ /* Claim resources. This might need some rework as well depending
+ * whether we are doing probe-only or not, like assigning unassigned
+ * resources etc...
+@@ -269,7 +274,10 @@ void cxl_pci_vphb_remove(struct cxl_afu *afu)
+ afu->phb = NULL;
+
+ pci_remove_root_bus(phb->bus);
+- pcibios_free_controller(phb);
++ /*
++ * We don't free phb here - that's handled by
++ * pcibios_free_controller_deferred()
++ */
+ }
+
+ bool cxl_pci_is_vphb_device(struct pci_dev *dev)
+diff --git a/drivers/pci/host-bridge.c b/drivers/pci/host-bridge.c
+index 5f4a2e0..add6623 100644
+--- a/drivers/pci/host-bridge.c
++++ b/drivers/pci/host-bridge.c
+@@ -44,6 +44,7 @@ void pci_set_host_bridge_release(struct pci_host_bridge *bridge,
+ bridge->release_fn = release_fn;
+ bridge->release_data = release_data;
+ }
++EXPORT_SYMBOL_GPL(pci_set_host_bridge_release);
+
+ void pcibios_resource_to_bus(struct pci_bus *bus, struct pci_bus_region *region,
+ struct resource *res)
+diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
+index 05a5300..b16813c 100644
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -363,7 +363,8 @@ static int dwc3_send_clear_stall_ep_cmd(struct dwc3_ep *dep)
+ * IN transfers due to a mishandled error condition. Synopsys
+ * STAR 9000614252.
+ */
+- if (dep->direction && (dwc->revision >= DWC3_REVISION_260A))
++ if (dep->direction && (dwc->revision >= DWC3_REVISION_260A) &&
++ (dwc->gadget.speed >= USB_SPEED_SUPER))
+ cmd |= DWC3_DEPCMD_CLEARPENDIN;
+
+ memset(&params, 0, sizeof(params));
+diff --git a/include/linux/mfd/88pm80x.h b/include/linux/mfd/88pm80x.h
+index d409ceb..c118a7e 100644
+--- a/include/linux/mfd/88pm80x.h
++++ b/include/linux/mfd/88pm80x.h
+@@ -350,7 +350,7 @@ static inline int pm80x_dev_suspend(struct device *dev)
+ int irq = platform_get_irq(pdev, 0);
+
+ if (device_may_wakeup(dev))
+- set_bit((1 << irq), &chip->wu_flag);
++ set_bit(irq, &chip->wu_flag);
+
+ return 0;
+ }
+@@ -362,7 +362,7 @@ static inline int pm80x_dev_resume(struct device *dev)
+ int irq = platform_get_irq(pdev, 0);
+
+ if (device_may_wakeup(dev))
+- clear_bit((1 << irq), &chip->wu_flag);
++ clear_bit(irq, &chip->wu_flag);
+
+ return 0;
+ }
+diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
+index b6c3945..1b72b17 100644
+--- a/kernel/time/timekeeping.c
++++ b/kernel/time/timekeeping.c
+@@ -403,8 +403,11 @@ static __always_inline u64 __ktime_get_fast_ns(struct tk_fast *tkf)
+ tkr = tkf->base + (seq & 0x01);
+ now = ktime_to_ns(tkr->base);
+
+- now += clocksource_delta(tkr->read(tkr->clock),
+- tkr->cycle_last, tkr->mask);
++ now += timekeeping_delta_to_ns(tkr,
++ clocksource_delta(
++ tkr->read(tkr->clock),
++ tkr->cycle_last,
++ tkr->mask));
+ } while (read_seqcount_retry(&tkf->seq, seq));
+
+ return now;
+diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
+index 1bcbc12..b5b932c 100644
+--- a/security/integrity/ima/ima_appraise.c
++++ b/security/integrity/ima/ima_appraise.c
+@@ -190,7 +190,7 @@ int ima_appraise_measurement(enum ima_hooks func,
+ {
+ static const char op[] = "appraise_data";
+ char *cause = "unknown";
+- struct dentry *dentry = file->f_path.dentry;
++ struct dentry *dentry = file_dentry(file);
+ struct inode *inode = d_backing_inode(dentry);
+ enum integrity_status status = INTEGRITY_UNKNOWN;
+ int rc = xattr_len, hash_start = 0;
+@@ -295,7 +295,7 @@ int ima_appraise_measurement(enum ima_hooks func,
+ */
+ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
+ {
+- struct dentry *dentry = file->f_path.dentry;
++ struct dentry *dentry = file_dentry(file);
+ int rc = 0;
+
+ /* do not collect and update hash for digital signatures */
+diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
+index 68b26c3..60ac3ae 100644
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -222,7 +222,7 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
+ if ((action & IMA_APPRAISE_SUBMASK) ||
+ strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
+ /* read 'security.ima' */
+- xattr_len = ima_read_xattr(file->f_path.dentry, &xattr_value);
++ xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
+
+ hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
+
+diff --git a/sound/pci/ali5451/ali5451.c b/sound/pci/ali5451/ali5451.c
+index 36470af..92b819e 100644
+--- a/sound/pci/ali5451/ali5451.c
++++ b/sound/pci/ali5451/ali5451.c
+@@ -1408,6 +1408,7 @@ snd_ali_playback_pointer(struct snd_pcm_substream *substream)
+ spin_unlock(&codec->reg_lock);
+ dev_dbg(codec->card->dev, "playback pointer returned cso=%xh.\n", cso);
+
++ cso %= runtime->buffer_size;
+ return cso;
+ }
+
+@@ -1428,6 +1429,7 @@ static snd_pcm_uframes_t snd_ali_pointer(struct snd_pcm_substream *substream)
+ cso = inw(ALI_REG(codec, ALI_CSO_ALPHA_FMS + 2));
+ spin_unlock(&codec->reg_lock);
+
++ cso %= runtime->buffer_size;
+ return cso;
+ }
+
+diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
+index 81b7da8..183311c 100644
+--- a/sound/usb/line6/driver.c
++++ b/sound/usb/line6/driver.c
+@@ -29,7 +29,7 @@
+ /*
+ This is Line 6's MIDI manufacturer ID.
+ */
+-const unsigned char line6_midi_id[] = {
++const unsigned char line6_midi_id[3] = {
+ 0x00, 0x01, 0x0c
+ };
+ EXPORT_SYMBOL_GPL(line6_midi_id);
+diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
+index f6c3bf7..04991b0 100644
+--- a/sound/usb/mixer_quirks.c
++++ b/sound/usb/mixer_quirks.c
+@@ -1831,6 +1831,7 @@ void snd_usb_mixer_rc_memory_change(struct usb_mixer_interface *mixer,
+ }
+
+ static void snd_dragonfly_quirk_db_scale(struct usb_mixer_interface *mixer,
++ struct usb_mixer_elem_info *cval,
+ struct snd_kcontrol *kctl)
+ {
+ /* Approximation using 10 ranges based on output measurement on hw v1.2.
+@@ -1848,10 +1849,19 @@ static void snd_dragonfly_quirk_db_scale(struct usb_mixer_interface *mixer,
+ 41, 50, TLV_DB_MINMAX_ITEM(-441, 0),
+ );
+
+- usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk\n");
+- kctl->tlv.p = scale;
+- kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
+- kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
++ if (cval->min == 0 && cval->max == 50) {
++ usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk (0-50 variant)\n");
++ kctl->tlv.p = scale;
++ kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
++ kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
++
++ } else if (cval->min == 0 && cval->max <= 1000) {
++ /* Some other clearly broken DragonFly variant.
++ * At least a 0..53 variant (hw v1.0) exists.
++ */
++ usb_audio_info(mixer->chip, "ignoring too narrow dB range on a DragonFly device");
++ kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
++ }
+ }
+
+ void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
+@@ -1860,8 +1870,8 @@ void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
+ {
+ switch (mixer->chip->usb_id) {
+ case USB_ID(0x21b4, 0x0081): /* AudioQuest DragonFly */
+- if (unitid == 7 && cval->min == 0 && cval->max == 50)
+- snd_dragonfly_quirk_db_scale(mixer, kctl);
++ if (unitid == 7 && cval->control == UAC_FU_VOLUME)
++ snd_dragonfly_quirk_db_scale(mixer, cval, kctl);
+ break;
+ }
+ }
+diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c
+index a027569..6e9c40e 100644
+--- a/virt/kvm/arm/pmu.c
++++ b/virt/kvm/arm/pmu.c
+@@ -423,6 +423,14 @@ static int kvm_arm_pmu_v3_init(struct kvm_vcpu *vcpu)
+ if (!kvm_arm_support_pmu_v3())
+ return -ENODEV;
+
++ /*
++ * We currently require an in-kernel VGIC to use the PMU emulation,
++ * because we do not support forwarding PMU overflow interrupts to
++ * userspace yet.
++ */
++ if (!irqchip_in_kernel(vcpu->kvm) || !vgic_initialized(vcpu->kvm))
++ return -ENODEV;
++
+ if (!test_bit(KVM_ARM_VCPU_PMU_V3, vcpu->arch.features) ||
+ !kvm_arm_pmu_irq_initialized(vcpu))
+ return -ENXIO;
+diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c
+index 69b61ab..7ea7911 100644
+--- a/virt/kvm/arm/vgic/vgic.c
++++ b/virt/kvm/arm/vgic/vgic.c
+@@ -553,6 +553,9 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu)
+ /* Sync back the hardware VGIC state into our emulation after a guest's run. */
+ void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
+ {
++ if (unlikely(!vgic_initialized(vcpu->kvm)))
++ return;
++
+ vgic_process_maintenance_interrupt(vcpu);
+ vgic_fold_lr_state(vcpu);
+ vgic_prune_ap_list(vcpu);
+@@ -561,6 +564,9 @@ void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
+ /* Flush our emulation state into the GIC hardware before entering the guest. */
+ void kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu)
+ {
++ if (unlikely(!vgic_initialized(vcpu->kvm)))
++ return;
++
+ spin_lock(&vcpu->arch.vgic_cpu.ap_list_lock);
+ vgic_flush_lr_state(vcpu);
+ spin_unlock(&vcpu->arch.vgic_cpu.ap_list_lock);
diff --git a/4.7.7/4420_grsecurity-3.1-4.7.7-201610101902.patch b/4.7.8/4420_grsecurity-3.1-4.7.8-201610161720.patch
index a850d0e..8bfeed3 100644
--- a/4.7.7/4420_grsecurity-3.1-4.7.7-201610101902.patch
+++ b/4.7.8/4420_grsecurity-3.1-4.7.8-201610161720.patch
@@ -425,7 +425,7 @@ index a3683ce..5ec8bf4 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 320a930..a552059 100644
+index 4e17baa..27b3224 100644
--- a/Makefile
+++ b/Makefile
@@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -5065,10 +5065,10 @@ index 6cd2612..56d72e5c 100644
/* Disable interrupts first */
local_irq_disable();
diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
-index d9751a4..aeda309 100644
+index d34fd72..8b6faee 100644
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
-@@ -92,8 +92,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
+@@ -95,8 +95,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
struct pt_regs *irq_args;
unsigned long orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);
@@ -5080,7 +5080,7 @@ index d9751a4..aeda309 100644
/* orig_sp is the saved pt_regs, find the elr */
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
-index 2a43012..3409956 100644
+index f014df9..c4892f7 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -420,7 +420,7 @@ asmlinkage long do_ni_syscall(struct pt_regs *regs)
@@ -8810,7 +8810,7 @@ index 2eeaf80..c75d4fb 100644
#define PAGE_KERNEL_RO __pgprot(_PAGE_BASE | _PAGE_KERNEL_RO)
#define PAGE_KERNEL_ROX __pgprot(_PAGE_BASE | _PAGE_KERNEL_ROX)
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index a0948f4..ddcf6be 100644
+index 145e5b7..b559373 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -261,6 +261,7 @@
@@ -17158,7 +17158,7 @@ index 983e5d3..d660273 100644
+ENDPROC(async_page_fault)
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
-index 9ee0da1..2421755 100644
+index 9ee0da1..2e3dd57 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -36,6 +36,8 @@
@@ -17624,7 +17624,27 @@ index 9ee0da1..2421755 100644
RESTORE_EXTRA_REGS
TRACE_IRQS_IRETQ /* we're about to change IF */
-@@ -322,7 +731,7 @@ syscall_return_via_sysret:
+@@ -272,13 +681,12 @@ return_from_SYSCALL_64:
+ .error "virtual address width changed -- SYSRET checks need update"
+ .endif
+
+- /* Change top 16 bits to be the sign-extension of 47th bit */
+- shl $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
+- sar $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
+-
+- /* If this changed %rcx, it was not canonical */
+- cmpq %rcx, %r11
+- jne opportunistic_sysret_failed
++ /*
++ * If the top 17 bits are not 0 then RIP isn't a userland address,
++ * it may not even be canonical, fall back to iret
++ */
++ shr $(__VIRTUAL_MASK_SHIFT), %r11
++ jnz opportunistic_sysret_failed
+
+ cmpq $__USER_CS, CS(%rsp) /* CS must match SYSRET */
+ jne opportunistic_sysret_failed
+@@ -322,7 +730,7 @@ syscall_return_via_sysret:
opportunistic_sysret_failed:
SWAPGS
jmp restore_c_regs_and_iret
@@ -17633,7 +17653,7 @@ index 9ee0da1..2421755 100644
ENTRY(stub_ptregs_64)
/*
-@@ -349,13 +758,13 @@ ENTRY(stub_ptregs_64)
+@@ -349,13 +757,13 @@ ENTRY(stub_ptregs_64)
1:
/* Called from C */
jmp *%rax /* called from C */
@@ -17649,7 +17669,7 @@ index 9ee0da1..2421755 100644
.endm
/* Instantiate ptregs_stub for each ptregs-using syscall */
-@@ -397,10 +806,12 @@ ENTRY(ret_from_fork)
+@@ -397,10 +805,12 @@ ENTRY(ret_from_fork)
1:
movq %rsp, %rdi
call syscall_return_slowpath /* returns with IRQs disabled */
@@ -17663,7 +17683,7 @@ index 9ee0da1..2421755 100644
/*
* Build the entry stubs with some assembler magic.
-@@ -415,7 +826,7 @@ ENTRY(irq_entries_start)
+@@ -415,7 +825,7 @@ ENTRY(irq_entries_start)
jmp common_interrupt
.align 8
.endr
@@ -17672,7 +17692,7 @@ index 9ee0da1..2421755 100644
/*
* Interrupt entry/exit.
-@@ -441,6 +852,12 @@ END(irq_entries_start)
+@@ -441,6 +851,12 @@ END(irq_entries_start)
*/
SWAPGS
@@ -17685,7 +17705,7 @@ index 9ee0da1..2421755 100644
/*
* We need to tell lockdep that IRQs are off. We can't do this until
* we fix gsbase, and we should do it before enter_from_user_mode
-@@ -453,7 +870,9 @@ END(irq_entries_start)
+@@ -453,7 +869,9 @@ END(irq_entries_start)
CALL_enter_from_user_mode
@@ -17696,7 +17716,7 @@ index 9ee0da1..2421755 100644
/*
* Save previous stack pointer, optionally switch to interrupt stack.
* irq_count is used to check if a CPU is already on an interrupt stack
-@@ -465,6 +884,7 @@ END(irq_entries_start)
+@@ -465,6 +883,7 @@ END(irq_entries_start)
incl PER_CPU_VAR(irq_count)
cmovzq PER_CPU_VAR(irq_stack_ptr), %rsp
pushq %rdi
@@ -17704,7 +17724,7 @@ index 9ee0da1..2421755 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
-@@ -496,6 +916,8 @@ ret_from_intr:
+@@ -496,6 +915,8 @@ ret_from_intr:
GLOBAL(retint_user)
mov %rsp,%rdi
call prepare_exit_to_usermode
@@ -17713,7 +17733,7 @@ index 9ee0da1..2421755 100644
TRACE_IRQS_IRETQ
SWAPGS
jmp restore_regs_and_iret
-@@ -513,6 +935,21 @@ retint_kernel:
+@@ -513,6 +934,21 @@ retint_kernel:
jmp 0b
1:
#endif
@@ -17735,7 +17755,7 @@ index 9ee0da1..2421755 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -556,15 +993,15 @@ native_irq_return_ldt:
+@@ -556,15 +992,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr), %rdi
movq %rax, (0*8)(%rdi) /* RAX */
@@ -17756,7 +17776,7 @@ index 9ee0da1..2421755 100644
movq %rax, (4*8)(%rdi)
andl $0xffff0000, %eax
popq %rdi
-@@ -574,7 +1011,7 @@ native_irq_return_ldt:
+@@ -574,7 +1010,7 @@ native_irq_return_ldt:
popq %rax
jmp native_irq_return_iret
#endif
@@ -17765,7 +17785,7 @@ index 9ee0da1..2421755 100644
/*
* APIC interrupts.
-@@ -586,7 +1023,7 @@ ENTRY(\sym)
+@@ -586,7 +1022,7 @@ ENTRY(\sym)
.Lcommon_\sym:
interrupt \do_sym
jmp ret_from_intr
@@ -17774,7 +17794,7 @@ index 9ee0da1..2421755 100644
.endm
#ifdef CONFIG_TRACING
-@@ -651,7 +1088,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
+@@ -651,7 +1087,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
/*
* Exception entry points.
*/
@@ -17783,7 +17803,7 @@ index 9ee0da1..2421755 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -698,6 +1135,12 @@ ENTRY(\sym)
+@@ -698,6 +1134,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
@@ -17796,7 +17816,7 @@ index 9ee0da1..2421755 100644
subq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
.endif
-@@ -741,7 +1184,7 @@ ENTRY(\sym)
+@@ -741,7 +1183,7 @@ ENTRY(\sym)
jmp error_exit /* %ebx: no swapgs flag */
.endif
@@ -17805,7 +17825,7 @@ index 9ee0da1..2421755 100644
.endm
#ifdef CONFIG_TRACING
-@@ -783,8 +1226,9 @@ ENTRY(native_load_gs_index)
+@@ -783,8 +1225,9 @@ ENTRY(native_load_gs_index)
2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE
SWAPGS
popfq
@@ -17816,7 +17836,7 @@ index 9ee0da1..2421755 100644
_ASM_EXTABLE(.Lgs_change, bad_gs)
.section .fixup, "ax"
-@@ -812,8 +1256,9 @@ ENTRY(do_softirq_own_stack)
+@@ -812,8 +1255,9 @@ ENTRY(do_softirq_own_stack)
call __do_softirq
leaveq
decl PER_CPU_VAR(irq_count)
@@ -17827,7 +17847,7 @@ index 9ee0da1..2421755 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -849,7 +1294,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
+@@ -849,7 +1293,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
call xen_maybe_preempt_hcall
#endif
jmp error_exit
@@ -17836,7 +17856,7 @@ index 9ee0da1..2421755 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -894,7 +1339,7 @@ ENTRY(xen_failsafe_callback)
+@@ -894,7 +1338,7 @@ ENTRY(xen_failsafe_callback)
SAVE_C_REGS
SAVE_EXTRA_REGS
jmp error_exit
@@ -17845,7 +17865,7 @@ index 9ee0da1..2421755 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -906,7 +1351,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
+@@ -906,7 +1350,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
hyperv_callback_vector hyperv_vector_handler
#endif /* CONFIG_HYPERV */
@@ -17854,7 +17874,7 @@ index 9ee0da1..2421755 100644
idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
idtentry stack_segment do_stack_segment has_error_code=1
-@@ -943,8 +1388,34 @@ ENTRY(paranoid_entry)
+@@ -943,8 +1387,34 @@ ENTRY(paranoid_entry)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx, %ebx
@@ -17891,7 +17911,7 @@ index 9ee0da1..2421755 100644
/*
* "Paranoid" exit path from exception stack. This is invoked
-@@ -961,19 +1432,26 @@ END(paranoid_entry)
+@@ -961,19 +1431,26 @@ END(paranoid_entry)
ENTRY(paranoid_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -17920,7 +17940,7 @@ index 9ee0da1..2421755 100644
/*
* Save all registers in pt_regs, and switch gs if needed.
-@@ -987,13 +1465,18 @@ ENTRY(error_entry)
+@@ -987,13 +1464,18 @@ ENTRY(error_entry)
testb $3, CS+8(%rsp)
jz .Lerror_kernelspace
@@ -17940,7 +17960,7 @@ index 9ee0da1..2421755 100644
.Lerror_entry_from_usermode_after_swapgs:
/*
* We need to tell lockdep that IRQs are off. We can't do this until
-@@ -1002,10 +1485,12 @@ ENTRY(error_entry)
+@@ -1002,10 +1484,12 @@ ENTRY(error_entry)
*/
TRACE_IRQS_OFF
CALL_enter_from_user_mode
@@ -17953,7 +17973,7 @@ index 9ee0da1..2421755 100644
ret
/*
-@@ -1023,14 +1508,16 @@ ENTRY(error_entry)
+@@ -1023,14 +1507,16 @@ ENTRY(error_entry)
cmpq %rax, RIP+8(%rsp)
je .Lbstep_iret
cmpq $.Lgs_change, RIP+8(%rsp)
@@ -17972,7 +17992,7 @@ index 9ee0da1..2421755 100644
.Lbstep_iret:
/* Fix truncated RIP */
-@@ -1044,6 +1531,12 @@ ENTRY(error_entry)
+@@ -1044,6 +1530,12 @@ ENTRY(error_entry)
*/
SWAPGS
@@ -17985,7 +18005,7 @@ index 9ee0da1..2421755 100644
/*
* Pretend that the exception came from user mode: set up pt_regs
* as if we faulted immediately after IRET and clear EBX so that
-@@ -1054,11 +1547,11 @@ ENTRY(error_entry)
+@@ -1054,11 +1546,11 @@ ENTRY(error_entry)
mov %rax, %rsp
decl %ebx
jmp .Lerror_entry_from_usermode_after_swapgs
@@ -17999,7 +18019,7 @@ index 9ee0da1..2421755 100644
* 1: already in kernel mode, don't need SWAPGS
* 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode
*/
-@@ -1066,10 +1559,10 @@ ENTRY(error_exit)
+@@ -1066,10 +1558,10 @@ ENTRY(error_exit)
movl %ebx, %eax
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -18012,7 +18032,7 @@ index 9ee0da1..2421755 100644
/* Runs on exception stack */
ENTRY(nmi)
-@@ -1123,6 +1616,8 @@ ENTRY(nmi)
+@@ -1123,6 +1615,8 @@ ENTRY(nmi)
* other IST entries.
*/
@@ -18021,7 +18041,7 @@ index 9ee0da1..2421755 100644
/* Use %rdx as our temp variable throughout */
pushq %rdx
-@@ -1166,6 +1661,12 @@ ENTRY(nmi)
+@@ -1166,6 +1660,12 @@ ENTRY(nmi)
pushq %r14 /* pt_regs->r14 */
pushq %r15 /* pt_regs->r15 */
@@ -18034,7 +18054,7 @@ index 9ee0da1..2421755 100644
/*
* At this point we no longer need to worry about stack damage
* due to nesting -- we're on the normal thread stack and we're
-@@ -1176,12 +1677,19 @@ ENTRY(nmi)
+@@ -1176,12 +1676,19 @@ ENTRY(nmi)
movq $-1, %rsi
call do_nmi
@@ -18054,7 +18074,7 @@ index 9ee0da1..2421755 100644
jmp restore_c_regs_and_iret
.Lnmi_from_kernel:
-@@ -1303,6 +1811,7 @@ nested_nmi_out:
+@@ -1303,6 +1810,7 @@ nested_nmi_out:
popq %rdx
/* We are returning to kernel mode, so this cannot result in a fault. */
@@ -18062,7 +18082,7 @@ index 9ee0da1..2421755 100644
INTERRUPT_RETURN
first_nmi:
-@@ -1331,7 +1840,7 @@ first_nmi:
+@@ -1331,7 +1839,7 @@ first_nmi:
pushq %rsp /* RSP (minus 8 because of the previous push) */
addq $8, (%rsp) /* Fix up RSP */
pushfq /* RFLAGS */
@@ -18071,7 +18091,7 @@ index 9ee0da1..2421755 100644
pushq $1f /* RIP */
INTERRUPT_RETURN /* continues at repeat_nmi below */
1:
-@@ -1376,20 +1885,22 @@ end_repeat_nmi:
+@@ -1376,20 +1884,22 @@ end_repeat_nmi:
ALLOC_PT_GPREGS_ON_STACK
/*
@@ -18097,7 +18117,7 @@ index 9ee0da1..2421755 100644
jnz nmi_restore
nmi_swapgs:
SWAPGS_UNSAFE_STACK
-@@ -1400,6 +1911,8 @@ nmi_restore:
+@@ -1400,6 +1910,8 @@ nmi_restore:
/* Point RSP at the "iret" frame. */
REMOVE_PT_GPREGS_FROM_STACK 6*8
@@ -18106,7 +18126,7 @@ index 9ee0da1..2421755 100644
/*
* Clear "NMI executing". Set DF first so that we can easily
* distinguish the remaining code between here and IRET from
-@@ -1417,9 +1930,9 @@ nmi_restore:
+@@ -1417,9 +1929,9 @@ nmi_restore:
* mode, so this cannot result in a fault.
*/
INTERRUPT_RETURN
@@ -19761,16 +19781,20 @@ index 3e86742..1b19554 100644
* @v: pointer to type int
*
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
-index a984111..7a258c7 100644
+index a984111..e08276c 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
-@@ -11,6 +11,14 @@ typedef struct {
- u64 __aligned(8) counter;
+@@ -8,9 +8,17 @@
+ /* An 64bit atomic type */
+
+ typedef struct {
+- u64 __aligned(8) counter;
++ s64 __aligned(8) counter;
} atomic64_t;
+#ifdef CONFIG_PAX_REFCOUNT
+typedef struct {
-+ u64 __aligned(8) counter;
++ s64 __aligned(8) counter;
+} atomic64_unchecked_t;
+#else
+typedef atomic64_t atomic64_unchecked_t;
@@ -25178,7 +25202,7 @@ index 0503f5b..f00b6e8 100644
obj-$(CONFIG_X86_64) += mcount_64.o
obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index 9414f84..724b296 100644
+index 8e6e8bc..0b4f76f 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -1349,7 +1349,7 @@ static void __init acpi_reduced_hw_init(void)
@@ -25490,10 +25514,10 @@ index 5cb272a..2bcff83 100644
bp_int3_handler = handler;
bp_int3_addr = (u8 *)addr + sizeof(int3);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index b15e1c1..42cf1f5 100644
+index cc7bc8b..7b5e6a7 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
-@@ -177,7 +177,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
+@@ -179,7 +179,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
/*
* Debug level, exported for io_apic.c
*/
@@ -25502,7 +25526,7 @@ index b15e1c1..42cf1f5 100644
int pic_mode;
-@@ -1881,7 +1881,7 @@ static void __smp_error_interrupt(struct pt_regs *regs)
+@@ -1879,7 +1879,7 @@ static void __smp_error_interrupt(struct pt_regs *regs)
apic_write(APIC_ESR, 0);
v = apic_read(APIC_ESR);
ack_APIC_irq();
@@ -25569,7 +25593,7 @@ index cf9bd89..75fcb85 100644
.name = "bigsmp",
.probe = probe_bigsmp,
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index 446702e..ed37083 100644
+index fbfb244..a5266c0 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1682,7 +1682,7 @@ static unsigned int startup_ioapic_irq(struct irq_data *data)
@@ -25631,7 +25655,7 @@ index ade2532..5fc7f4f9 100644
.irq_unmask = hpet_msi_unmask,
.irq_mask = hpet_msi_mask,
diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
-index f316e34..48c21c5 100644
+index 49da80cf..02565a9 100644
--- a/arch/x86/kernel/apic/probe_32.c
+++ b/arch/x86/kernel/apic/probe_32.c
@@ -72,7 +72,7 @@ static int probe_default(void)
@@ -25653,7 +25677,7 @@ index f316e34..48c21c5 100644
static int cmdline_apic __initdata;
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
-index a5e400a..d070a03 100644
+index 84eced5..7e23073 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -37,6 +37,7 @@ static struct irq_chip lapic_controller;
@@ -26889,10 +26913,10 @@ index d558a8a..c30e5a9 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
-index 621b501..9e7da88 100644
+index 8a90f15..de6e2f8 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
-@@ -804,8 +804,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
static void early_panic(char *msg)
{
@@ -30156,10 +30180,10 @@ index 9f95091..6885108 100644
return prev_p;
}
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 6e789ca..7c4bae4 100644
+index 5dc86d2..3099034 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
-@@ -143,9 +143,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+@@ -144,9 +144,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
@@ -30171,7 +30195,7 @@ index 6e789ca..7c4bae4 100644
set_tsk_thread_flag(p, TIF_FORK);
p->thread.io_bitmap_ptr = NULL;
-@@ -155,6 +156,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+@@ -156,6 +157,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
p->thread.fsbase = p->thread.fsindex ? 0 : me->thread.fsbase;
savesegment(es, p->thread.es);
savesegment(ds, p->thread.ds);
@@ -30180,7 +30204,7 @@ index 6e789ca..7c4bae4 100644
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
if (unlikely(p->flags & PF_KTHREAD)) {
-@@ -262,7 +265,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -263,7 +266,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct fpu *prev_fpu = &prev->fpu;
struct fpu *next_fpu = &next->fpu;
int cpu = smp_processor_id();
@@ -30189,7 +30213,7 @@ index 6e789ca..7c4bae4 100644
unsigned prev_fsindex, prev_gsindex;
fpu_switch_t fpu_switch;
-@@ -313,6 +316,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -314,6 +317,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
if (unlikely(next->ds | prev->ds))
loadsegment(ds, next->ds);
@@ -30200,7 +30224,7 @@ index 6e789ca..7c4bae4 100644
/*
* Switch FS and GS.
*
-@@ -422,10 +429,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -423,10 +430,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
* Switch the PDA and FPU contexts.
*/
this_cpu_write(current_task, next_p);
@@ -30215,10 +30239,10 @@ index 6e789ca..7c4bae4 100644
* Now maybe reload the debug registers and handle I/O bitmaps
*/
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 600edd2..d514c66 100644
+index 67ed18e..748ef59 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
-@@ -169,10 +169,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
+@@ -169,7 +169,7 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
unsigned long sp = (unsigned long)&regs->sp;
u32 *prev_esp;
@@ -30226,11 +30250,7 @@ index 600edd2..d514c66 100644
+ if (context == ((sp + 8) & ~(THREAD_SIZE - 1)))
return sp;
-- prev_esp = (u32 *)(context);
-+ prev_esp = *(u32 **)(context);
- if (prev_esp)
- return (unsigned long)prev_esp;
-
+ prev_esp = (u32 *)(context);
@@ -411,6 +411,20 @@ static int putreg(struct task_struct *child,
if (child->thread.gsbase != value)
return do_arch_prctl(child, ARCH_SET_GS, value);
@@ -30743,7 +30763,7 @@ index 658777c..6285f88 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index fafe8b9..d6ee9af 100644
+index 694c529..70796b5 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -221,14 +221,17 @@ static void notrace start_secondary(void *unused)
@@ -39644,10 +39664,10 @@ index 9466354..b33bb13 100644
}
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 719cf29..8a13fd8 100644
+index 40c3aab9..8d796b1 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
-@@ -306,17 +306,13 @@ static void __init xen_smp_prepare_boot_cpu(void)
+@@ -312,17 +312,13 @@ static void __init xen_smp_prepare_boot_cpu(void)
if (xen_pv_domain()) {
if (!xen_feature(XENFEAT_writable_page_tables))
@@ -39667,7 +39687,7 @@ index 719cf29..8a13fd8 100644
#endif
xen_filter_cpu_maps();
-@@ -399,7 +395,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+@@ -405,7 +401,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
#ifdef CONFIG_X86_32
/* Note: PVH is not yet supported on x86_32. */
ctxt->user_regs.fs = __KERNEL_PERCPU;
@@ -39676,7 +39696,7 @@ index 719cf29..8a13fd8 100644
#endif
memset(&ctxt->fpu_ctxt, 0, sizeof(ctxt->fpu_ctxt));
-@@ -407,8 +403,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+@@ -413,8 +409,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
ctxt->user_regs.eip = (unsigned long)cpu_bringup_and_idle;
ctxt->flags = VGCF_IN_KERNEL;
ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */
@@ -39687,7 +39707,7 @@ index 719cf29..8a13fd8 100644
ctxt->user_regs.ss = __KERNEL_DS;
xen_copy_trap_info(ctxt->trap_ctxt);
-@@ -749,7 +745,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
+@@ -755,7 +751,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
void __init xen_smp_init(void)
{
@@ -39784,7 +39804,7 @@ index 2f33760..835e50a 100644
#define XCHAL_ICACHE_SIZE 8192 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 8192 /* D-cache size in bytes or 0 */
diff --git a/block/bio.c b/block/bio.c
-index 4623869..7acfd5c 100644
+index 4623869..74c7286 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1142,7 +1142,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
@@ -39805,6 +39825,15 @@ index 4623869..7acfd5c 100644
return ERR_PTR(-EINVAL);
nr_pages += end - start;
+@@ -1777,7 +1777,7 @@ EXPORT_SYMBOL(bio_endio);
+ * to @bio's bi_io_vec; it is the caller's responsibility to ensure that
+ * @bio is not freed before the split.
+ */
+-struct bio *bio_split(struct bio *bio, int sectors,
++struct bio *bio_split(struct bio *bio, unsigned int sectors,
+ gfp_t gfp, struct bio_set *bs)
+ {
+ struct bio *split = NULL;
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
index 66e6f1a..8fb30f4 100644
--- a/block/blk-cgroup.c
@@ -42323,7 +42352,7 @@ index a7b4679..d302490 100644
static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
-index 5fb7718..b4b79fb 100644
+index 5fb7718..b4b79fb1 100644
--- a/drivers/base/power/wakeup.c
+++ b/drivers/base/power/wakeup.c
@@ -36,14 +36,14 @@ static bool pm_abort_suspend __read_mostly;
@@ -56688,7 +56717,7 @@ index c7c8cde..913b672 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index c7de2a5..b476a79 100644
+index c7de2a5..3a2fe4b 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1068,7 +1068,7 @@ static void __make_request(struct mddev *mddev, struct bio *bio)
@@ -56700,6 +56729,15 @@ index c7de2a5..b476a79 100644
int max_sectors;
int sectors;
+@@ -1446,7 +1446,7 @@ static void raid10_make_request(struct mddev *mddev, struct bio *bio)
+ {
+ struct r10conf *conf = mddev->private;
+ sector_t chunk_mask = (conf->geo.chunk_mask & conf->prev.chunk_mask);
+- int chunk_sects = chunk_mask + 1;
++ sector_t chunk_sects = chunk_mask + 1;
+
+ struct bio *split;
+
@@ -1829,7 +1829,7 @@ static void end_sync_read(struct bio *bio)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
@@ -56768,6 +56806,24 @@ index c7de2a5..b476a79 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -3153,6 +3153,7 @@ static sector_t raid10_sync_request(struct mddev *mddev, sector_t sector_nr,
+ } else {
+ /* resync. Schedule a read for every block at this virt offset */
+ int count = 0;
++ sector_t sectors;
+
+ bitmap_cond_end_sync(mddev->bitmap, sector_nr, 0);
+
+@@ -3178,7 +3179,8 @@ static sector_t raid10_sync_request(struct mddev *mddev, sector_t sector_nr,
+ r10_bio->sector = sector_nr;
+ set_bit(R10BIO_IsSync, &r10_bio->state);
+ raid10_find_phys(conf, r10_bio);
+- r10_bio->sectors = (sector_nr | chunk_mask) - sector_nr + 1;
++ sectors = (sector_nr | chunk_mask) - sector_nr + 1;
++ r10_bio->sectors = sectors;
+
+ for (i = 0; i < conf->copies; i++) {
+ int d = r10_bio->devs[i].devnum;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 8959e6d..b90f4e1 100644
--- a/drivers/md/raid5.c
@@ -80032,6 +80088,19 @@ index 5b5462e..fac23a0 100644
out += sprintf(out, "%s", dev_name(&vdev->udev->dev));
} else {
+diff --git a/drivers/usb/usbip/vudc_rx.c b/drivers/usb/usbip/vudc_rx.c
+index e429b59..e0840c6 100644
+--- a/drivers/usb/usbip/vudc_rx.c
++++ b/drivers/usb/usbip/vudc_rx.c
+@@ -142,7 +142,7 @@ static int v_recv_cmd_submit(struct vudc *udc,
+ urb_p->urb->status = -EINPROGRESS;
+
+ /* FIXME: more pipe setup to please usbip_common */
+- urb_p->urb->pipe &= ~(3 << 30);
++ urb_p->urb->pipe &= ~(3U << 30);
+ switch (urb_p->ep->type) {
+ case USB_ENDPOINT_XFER_BULK:
+ urb_p->urb->pipe |= (PIPE_BULK << 30);
diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h
index edc7267..9f65ce2 100644
--- a/drivers/usb/wusbcore/wa-hc.h
@@ -99743,7 +99812,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 887c1c9..ee86e3c 100644
+index 887c1c9..c633c80 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -57,8 +57,20 @@
@@ -100261,7 +100330,7 @@ index 887c1c9..ee86e3c 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1862,3 +2043,315 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1862,3 +2043,322 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -100460,8 +100529,13 @@ index 887c1c9..ee86e3c 100644
+#endif
+}
+
++static DEFINE_RATELIMIT_STATE(usercopy_ratelimit, 15 * HZ, 3);
++
+static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type)
+{
++ if (!__ratelimit(&usercopy_ratelimit))
++ goto kill;
++
+ if (current->signal->curr_ip)
+ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ &current->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
@@ -100469,6 +100543,8 @@ index 887c1c9..ee86e3c 100644
+ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
+ dump_stack();
++
++kill:
+ gr_handle_kernel_exploit();
+ do_group_exit(SIGKILL);
+}
@@ -115377,7 +115453,7 @@ index a352d57..cb94a5c 100644
}
fs_initcall(proc_interrupts_init);
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
-index a939f5e..0de6e70 100644
+index a939f5e..1749d06 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -316,7 +316,7 @@ static char *storenote(struct memelfnote *men, char *bufp)
@@ -115389,7 +115465,15 @@ index a939f5e..0de6e70 100644
{
struct elf_prstatus prstatus; /* NT_PRSTATUS */
struct elf_prpsinfo prpsinfo; /* NT_PRPSINFO */
-@@ -483,9 +483,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -430,6 +430,7 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
+ static ssize_t
+ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+ {
++ char *buf = file->private_data;
+ ssize_t acc = 0;
+ size_t size, tsz;
+ size_t elf_buflen;
+@@ -483,9 +484,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
* the addresses in the elf_phdr on our list.
*/
start = kc_offset_to_vaddr(*fpos - elf_buflen);
@@ -115402,40 +115486,57 @@ index a939f5e..0de6e70 100644
while (buflen) {
struct kcore_list *m;
-@@ -515,19 +516,20 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -500,34 +502,29 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+ if (clear_user(buffer, tsz))
+ return -EFAULT;
+ } else if (is_vmalloc_or_module_addr((void *)start)) {
+- char * elf_buf;
+-
+- elf_buf = kzalloc(tsz, GFP_KERNEL);
+- if (!elf_buf)
+- return -ENOMEM;
+- vread(elf_buf, (char *)start, tsz);
++ vread(buf, (char *)start, tsz);
+ /* we have to zero-fill user buffer even if no read */
+- if (copy_to_user(buffer, elf_buf, tsz)) {
+- kfree(elf_buf);
++ if (copy_to_user(buffer, buf, tsz))
+ return -EFAULT;
+- }
+- kfree(elf_buf);
} else {
if (kern_addr_valid(start)) {
unsigned long n;
-+ char *elf_buf;
+ mm_segment_t oldfs;
- n = copy_to_user(buffer, (char *)start, tsz);
-- /*
+ /*
- * We cannot distinguish between fault on source
- * and fault on destination. When this happens
- * we clear too and hope it will trigger the
- * EFAULT again.
-- */
++ * Using bounce buffer to bypass the
++ * hardened user copy kernel text checks.
+ */
- if (n) {
- if (clear_user(buffer + tsz - n,
- n))
- return -EFAULT;
- }
-+ elf_buf = kzalloc(tsz, GFP_KERNEL);
-+ if (!elf_buf)
-+ return -ENOMEM;
+ oldfs = get_fs();
+ set_fs(KERNEL_DS);
-+ n = __copy_from_user(elf_buf, (const void __user *)start, tsz);
++ n = __copy_from_user(buf, (const void __user *)start, tsz);
+ set_fs(oldfs);
-+ n = copy_to_user(buffer, elf_buf, tsz);
-+ kfree(elf_buf);
++ if (n)
++ n = clear_user(buffer, tsz);
++ else
++ n = copy_to_user(buffer, buf, tsz);
+ if (n)
+ return -EFAULT;
} else {
if (clear_user(buffer, tsz))
return -EFAULT;
-@@ -547,6 +549,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -547,8 +544,16 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
static int open_kcore(struct inode *inode, struct file *filp)
{
@@ -115444,8 +115545,32 @@ index a939f5e..0de6e70 100644
+#endif
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
++
++ filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL|GFP_USERCOPY);
++ if (!filp->private_data)
++ return -ENOMEM;
++
if (kcore_need_update)
-@@ -580,7 +585,7 @@ static int __meminit kcore_callback(struct notifier_block *self,
+ kcore_update_ram();
+ if (i_size_read(inode) != proc_root_kcore->size) {
+@@ -559,10 +564,16 @@ static int open_kcore(struct inode *inode, struct file *filp)
+ return 0;
+ }
+
++static int release_kcore(struct inode *inode, struct file *file)
++{
++ kfree(file->private_data);
++ return 0;
++}
+
+ static const struct file_operations proc_kcore_operations = {
+ .read = read_kcore,
+ .open = open_kcore,
++ .release = release_kcore,
+ .llseek = default_llseek,
+ };
+
+@@ -580,7 +591,7 @@ static int __meminit kcore_callback(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -117052,7 +117177,7 @@ index 6c21228..9afd5fe 100644
if (sbi->s_bytesex == BYTESEX_PDP)
return PDP_swab((__force __u32)n);
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
-index 4a0e48f..d3e1fbf 100644
+index 4a0e48f92..d3e1fbf 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -53,7 +53,7 @@ static const struct file_operations tracefs_file_operations = {
@@ -130054,6 +130179,28 @@ index 314b3ca..81ca9c4 100644
extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
+diff --git a/include/linux/bio.h b/include/linux/bio.h
+index 75fadd2..28398b2 100644
+--- a/include/linux/bio.h
++++ b/include/linux/bio.h
+@@ -405,7 +405,7 @@ static inline void bip_set_seed(struct bio_integrity_payload *bip,
+ #endif /* CONFIG_BLK_DEV_INTEGRITY */
+
+ extern void bio_trim(struct bio *bio, int offset, int size);
+-extern struct bio *bio_split(struct bio *bio, int sectors,
++extern struct bio *bio_split(struct bio *bio, unsigned int sectors,
+ gfp_t gfp, struct bio_set *bs);
+
+ /**
+@@ -418,7 +418,7 @@ extern struct bio *bio_split(struct bio *bio, int sectors,
+ * Returns a bio representing the next @sectors of @bio - if the bio is smaller
+ * than @sectors, returns the original bio unchanged.
+ */
+-static inline struct bio *bio_next_split(struct bio *bio, int sectors,
++static inline struct bio *bio_next_split(struct bio *bio, unsigned int sectors,
+ gfp_t gfp, struct bio_set *bs)
+ {
+ if (sectors >= bio_sectors(bio))
diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h
index e9b0b9a..4fc3241 100644
--- a/include/linux/bitmap.h
@@ -146232,7 +146379,7 @@ index 667b933..1668952 100644
update_vsyscall_tz();
if (firsttime) {
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index b6c3945..373f21e 100644
+index 1b72b17..5083d44 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
@@ -146243,7 +146390,7 @@ index b6c3945..373f21e 100644
#include <linux/syscore_ops.h>
#include <linux/clocksource.h>
#include <linux/jiffies.h>
-@@ -1167,6 +1168,8 @@ int do_settimeofday64(const struct timespec64 *ts)
+@@ -1170,6 +1171,8 @@ int do_settimeofday64(const struct timespec64 *ts)
if (!timespec64_valid_strict(ts))
return -EINVAL;
@@ -172991,10 +173138,10 @@ index 0000000..4363d14
+clean-files += *.so
diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable.data b/scripts/gcc-plugins/size_overflow_plugin/disable.data
new file mode 100644
-index 0000000..88f524c
+index 0000000..2554418
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/disable.data
-@@ -0,0 +1,12453 @@
+@@ -0,0 +1,12463 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -184820,7 +184967,8 @@ index 0000000..88f524c
+disable_so_decrypt_crypto_aead_62305 decrypt crypto_aead 0 62305 NULL
+disable_so_paddr_mmd_fw_ldst_mdio_62306 paddr_mmd fw_ldst_mdio 0 62306 NULL
+disable_so_start_address___osdv1_cdb_addr_len_62309 start_address __osdv1_cdb_addr_len 0 62309 NULL
-+disable_so_freq_as10x_tune_args_62312 freq as10x_tune_args 0 62312 NULL
++disable_so_freq_as10x_tune_args_62312 freq as10x_tune_args 0 62312 NULL nohasharray
++e_rtt_min_westwood_62312 rtt_min westwood 0 62312 &disable_so_freq_as10x_tune_args_62312
+disable_so_timestamp_low_rtl_stats_62314 timestamp_low rtl_stats 0 62314 NULL
+disable_so_uid_fuse_in_header_62319 uid fuse_in_header 0 62319 NULL
+disable_so_bfa_fcs_rport_del_timeout_vardecl_bfa_fcs_rport_c_62320 bfa_fcs_rport_del_timeout vardecl_bfa_fcs_rport.c 0 62320 NULL nohasharray
@@ -185448,6 +185596,15 @@ index 0000000..88f524c
+e_tcp_cwnd_bictcp_64346 tcp_cwnd bictcp 0 64346 NULL
+e_bic_origin_point_bictcp_64414 bic_origin_point bictcp 0 64414 NULL
+e_srtt_us_tcp_sock_62907 srtt_us tcp_sock 0 62907 NULL
++e_tcp_rtt_estimator_fndecl_7853 tcp_rtt_estimator fndecl 2 7853 NULL
++e_tcp_ack_update_rtt_fndecl_26581 tcp_ack_update_rtt fndecl 4-3 26581 NULL
++e_rtt_westwood_52592 rtt westwood 0 52592 NULL
++e_minRTT_vegas_62707 minRTT vegas 0 62707 NULL
++e_tcp_westwood_bw_rttmin_fndecl_63713 tcp_westwood_bw_rttmin fndecl 0 63713 NULL
++e_cube_rtt_scale_vardecl_tcp_cubic_c_2638 cube_rtt_scale vardecl_tcp_cubic.c 0 2638 NULL
++e_rtt0_vardecl_tcp_hybla_c_51134 rtt0 vardecl_tcp_hybla.c 0 51134 NULL
++e_rtt_win_sx_westwood_41723 rtt_win_sx westwood 0 41723 NULL
++e_baseRTT_vegas_18174 baseRTT vegas 0 18174 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_aux.data b/scripts/gcc-plugins/size_overflow_plugin/e_aux.data
new file mode 100644
index 0000000..74e91b2
@@ -185553,10 +185710,10 @@ index 0000000..74e91b2
+enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
new file mode 100644
-index 0000000..2813470
+index 0000000..6006250
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
-@@ -0,0 +1,18898 @@
+@@ -0,0 +1,18888 @@
+e_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+e_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL
+e_char2uni_nls_table_12 char2uni nls_table 0 12 NULL
@@ -186302,7 +186459,6 @@ index 0000000..2813470
+e_total_vm_mm_struct_2630 total_vm mm_struct 0 2630 &e_snd_soc_params_to_frame_size_fndecl_2630
+e_radeon_vram_location_fndecl_2634 radeon_vram_location fndecl 3 2634 NULL
+e_bop_lookup_contig_nilfs_bmap_operations_2637 bop_lookup_contig nilfs_bmap_operations 0 2637 NULL
-+e_cube_rtt_scale_vardecl_tcp_cubic_c_2638 cube_rtt_scale vardecl_tcp_cubic.c 0 2638 NULL
+e_regmap_spi_gather_write_fndecl_2639 regmap_spi_gather_write fndecl 3-5 2639 NULL
+e_rx_bufshift_rtl_stats_2641 rx_bufshift rtl_stats 0 2641 NULL
+e_sys_read_fndecl_2644 sys_read fndecl 3 2644 NULL
@@ -187807,7 +187963,6 @@ index 0000000..2813470
+e_nonstatic_find_mem_region_fndecl_7838 nonstatic_find_mem_region fndecl 1-2 7838 NULL
+e_sys_truncate_fndecl_7846 sys_truncate fndecl 2 7846 NULL
+e_SYSC_pread64_fndecl_7850 SYSC_pread64 fndecl 3 7850 NULL
-+e_tcp_rtt_estimator_fndecl_7853 tcp_rtt_estimator fndecl 2 7853 NULL
+e_pcf2123_write_fndecl_7856 pcf2123_write fndecl 3 7856 NULL
+e_sl_datalen_nfsd4_slot_7859 sl_datalen nfsd4_slot 0 7859 NULL
+e_wqe_shift_mlx4_ib_wq_7860 wqe_shift mlx4_ib_wq 0 7860 NULL
@@ -190803,7 +190958,6 @@ index 0000000..2813470
+e_cxgbi_ppm_ppods_reserve_fndecl_18157 cxgbi_ppm_ppods_reserve fndecl 0-2 18157 NULL
+e_qlcnic_enable_msix_fndecl_18171 qlcnic_enable_msix fndecl 2 18171 NULL
+e_iscsi_sw_tcp_pdu_init_fndecl_18173 iscsi_sw_tcp_pdu_init fndecl 3-2 18173 NULL
-+e_baseRTT_vegas_18174 baseRTT vegas 0 18174 NULL
+e_num_gpu_pages_radeon_gart_18177 num_gpu_pages radeon_gart 0 18177 NULL
+e_ide_read_error_fndecl_18180 ide_read_error fndecl 0 18180 NULL nohasharray
+e_ocfs2_test_suballoc_bit_fndecl_18180 ocfs2_test_suballoc_bit fndecl 6-5-4 18180 &e_ide_read_error_fndecl_18180 nohasharray
@@ -193268,7 +193422,6 @@ index 0000000..2813470
+e_ra_tid_iwl_mvm_tx_resp_26576 ra_tid iwl_mvm_tx_resp 0 26576 NULL
+e_sd_log_flush_head_gfs2_sbd_26577 sd_log_flush_head gfs2_sbd 0 26577 NULL
+e_smbios_entry_point_size_vardecl_dmi_scan_c_26579 smbios_entry_point_size vardecl_dmi_scan.c 0 26579 NULL
-+e_tcp_ack_update_rtt_fndecl_26581 tcp_ack_update_rtt fndecl 4-3 26581 NULL
+e_layout_mdp_superblock_1_26582 layout mdp_superblock_1 0 26582 NULL
+e_read_tree_block_fndecl_26587 read_tree_block fndecl 2 26587 NULL nohasharray
+e_initial_ssthresh_vardecl_tcp_cubic_c_26587 initial_ssthresh vardecl_tcp_cubic.c 0 26587 &e_read_tree_block_fndecl_26587
@@ -197622,7 +197775,6 @@ index 0000000..2813470
+e_l_curr_block_xlog_41718 l_curr_block xlog 0 41718 NULL
+e_strstart_deflate_state_41719 strstart deflate_state 0 41719 NULL
+e_hlen_ip_tunnel_41720 hlen ip_tunnel 0 41720 NULL
-+e_rtt_win_sx_westwood_41723 rtt_win_sx westwood 0 41723 NULL
+e_dax_zero_page_range_fndecl_41725 dax_zero_page_range fndecl 0-2-3 41725 NULL
+e_width_tw68_dev_41726 width tw68_dev 0 41726 NULL
+e_pci_enable_msi_range_fndecl_41728 pci_enable_msi_range fndecl 3 41728 NULL
@@ -200351,7 +200503,6 @@ index 0000000..2813470
+e_new_read_fndecl_51123 new_read fndecl 2 51123 NULL
+e_igb_pci_enable_sriov_fndecl_51131 igb_pci_enable_sriov fndecl 2 51131 NULL
+e_max_write_sge_ib_qp_51132 max_write_sge ib_qp 0 51132 NULL
-+e_rtt0_vardecl_tcp_hybla_c_51134 rtt0 vardecl_tcp_hybla.c 0 51134 NULL
+e_wqe_cnt_mlx4_ib_wq_51135 wqe_cnt mlx4_ib_wq 0 51135 NULL
+e_cachelsz_ath_common_51138 cachelsz ath_common 0 51138 NULL
+e_length_sky2_status_le_51139 length sky2_status_le 0 51139 NULL
@@ -200768,7 +200919,6 @@ index 0000000..2813470
+e_end_logsuper_52574 end logsuper 0 52574 NULL
+e_amdgpu_ttm_tt_set_userptr_fndecl_52575 amdgpu_ttm_tt_set_userptr fndecl 2 52575 NULL
+e_btrfs_extent_data_ref_root_fndecl_52585 btrfs_extent_data_ref_root fndecl 0 52585 NULL
-+e_rtt_westwood_52592 rtt westwood 0 52592 NULL
+e___mincore_unmapped_range_fndecl_52595 __mincore_unmapped_range fndecl 1 52595 NULL
+e_xfs_shift_file_space_fndecl_52596 xfs_shift_file_space fndecl 2-3 52596 NULL
+e___allocate_data_block_fndecl_52597 __allocate_data_block fndecl 0 52597 NULL
@@ -203522,8 +203672,7 @@ index 0000000..2813470
+e_rtl2832_sdr_convert_stream_fndecl_62308 rtl2832_sdr_convert_stream fndecl 0-4 62308 NULL
+e_ircomm_tty_connect_confirm_fndecl_62310 ircomm_tty_connect_confirm fndecl 4 62310 NULL nohasharray
+e_iov_data_count_iscsi_cmd_62310 iov_data_count iscsi_cmd 0 62310 &e_ircomm_tty_connect_confirm_fndecl_62310
-+e_map_extent_mft_record_fndecl_62312 map_extent_mft_record fndecl 2 62312 NULL nohasharray
-+e_rtt_min_westwood_62312 rtt_min westwood 0 62312 &e_map_extent_mft_record_fndecl_62312
++e_map_extent_mft_record_fndecl_62312 map_extent_mft_record fndecl 2 62312 NULL
+e_ss_channels_snd_rme9652_62315 ss_channels snd_rme9652 0 62315 NULL
+e_ext2_new_block_fndecl_62326 ext2_new_block fndecl 2-0 62326 NULL
+e_tcp_vegas_cong_avoid_fndecl_62332 tcp_vegas_cong_avoid fndecl 3 62332 NULL
@@ -203630,7 +203779,6 @@ index 0000000..2813470
+e_num_vsis_i40e_hw_capabilities_62685 num_vsis i40e_hw_capabilities 0 62685 NULL
+e_start_ttm_mem_reg_62688 start ttm_mem_reg 0 62688 NULL
+e_vmemdup_fndecl_62706 vmemdup fndecl 2 62706 NULL
-+e_minRTT_vegas_62707 minRTT vegas 0 62707 NULL
+e_line6_midibuf_bytes_free_fndecl_62709 line6_midibuf_bytes_free fndecl 0 62709 NULL
+e_curwidth_usb_usbvision_62710 curwidth usb_usbvision 0 62710 NULL
+e_mtu_ring_info_62721 mtu ring_info 0 62721 NULL
@@ -203938,8 +204086,7 @@ index 0000000..2813470
+e_owner_snd_ctl_elem_info_63711 owner snd_ctl_elem_info 0 63711 NULL
+e_index_dtsplit_63712 index dtsplit 0 63712 NULL nohasharray
+e_xfs_alloc_compute_aligned_fndecl_63712 xfs_alloc_compute_aligned fndecl 3-2 63712 &e_index_dtsplit_63712
-+e_kernel_recvmsg_fndecl_63713 kernel_recvmsg fndecl 0-5-4 63713 NULL nohasharray
-+e_tcp_westwood_bw_rttmin_fndecl_63713 tcp_westwood_bw_rttmin fndecl 0 63713 &e_kernel_recvmsg_fndecl_63713
++e_kernel_recvmsg_fndecl_63713 kernel_recvmsg fndecl 0-5-4 63713 NULL
+e_omfs_readpages_fndecl_63721 omfs_readpages fndecl 4 63721 NULL
+e_dccp_v6_init_sequence_fndecl_63732 dccp_v6_init_sequence fndecl 0 63732 NULL
+e_osd_vis_h_yuv_playback_info_63734 osd_vis_h yuv_playback_info 0 63734 NULL
@@ -220110,7 +220257,7 @@ index a020920..55579f6 100644
diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
-index 81b7da8..bb2676f 100644
+index 183311c..760f13f 100644
--- a/sound/usb/line6/driver.c
+++ b/sound/usb/line6/driver.c
@@ -307,7 +307,7 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
diff --git a/4.7.7/4425_grsec_remove_EI_PAX.patch b/4.7.8/4425_grsec_remove_EI_PAX.patch
index ba92792..ba92792 100644
--- a/4.7.7/4425_grsec_remove_EI_PAX.patch
+++ b/4.7.8/4425_grsec_remove_EI_PAX.patch
diff --git a/4.7.7/4427_force_XATTR_PAX_tmpfs.patch b/4.7.8/4427_force_XATTR_PAX_tmpfs.patch
index b4714fc..b4714fc 100644
--- a/4.7.7/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.7.8/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.7.7/4430_grsec-remove-localversion-grsec.patch b/4.7.8/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.7.7/4430_grsec-remove-localversion-grsec.patch
+++ b/4.7.8/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.7.7/4435_grsec-mute-warnings.patch b/4.7.8/4435_grsec-mute-warnings.patch
index 8929222..8929222 100644
--- a/4.7.7/4435_grsec-mute-warnings.patch
+++ b/4.7.8/4435_grsec-mute-warnings.patch
diff --git a/4.7.7/4440_grsec-remove-protected-paths.patch b/4.7.8/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.7.7/4440_grsec-remove-protected-paths.patch
+++ b/4.7.8/4440_grsec-remove-protected-paths.patch
diff --git a/4.7.7/4450_grsec-kconfig-default-gids.patch b/4.7.8/4450_grsec-kconfig-default-gids.patch
index e892c8a..e892c8a 100644
--- a/4.7.7/4450_grsec-kconfig-default-gids.patch
+++ b/4.7.8/4450_grsec-kconfig-default-gids.patch
diff --git a/4.7.7/4465_selinux-avc_audit-log-curr_ip.patch b/4.7.8/4465_selinux-avc_audit-log-curr_ip.patch
index 7248385..7248385 100644
--- a/4.7.7/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.7.8/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.7.7/4470_disable-compat_vdso.patch b/4.7.8/4470_disable-compat_vdso.patch
index 0f82d7e..0f82d7e 100644
--- a/4.7.7/4470_disable-compat_vdso.patch
+++ b/4.7.8/4470_disable-compat_vdso.patch
diff --git a/4.7.7/4475_emutramp_default_on.patch b/4.7.8/4475_emutramp_default_on.patch
index 2db58ab..2db58ab 100644
--- a/4.7.7/4475_emutramp_default_on.patch
+++ b/4.7.8/4475_emutramp_default_on.patch