commit: 8bc0f0a9365ed33be2d79d652aa3d13faf58ff7f Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> AuthorDate: Tue Feb 23 14:30:48 2021 +0000 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> CommitDate: Tue Feb 23 14:31:04 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8bc0f0a9
Linux patch 4.19.177 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> 0000_README | 4 + 1176_linux-4.19.177.patch | 1506 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1510 insertions(+) diff --git a/0000_README b/0000_README index 4101b37..310ffed 100644 --- a/0000_README +++ b/0000_README @@ -743,6 +743,10 @@ Patch: 1175_linux-4.19.176.patch From: https://www.kernel.org Desc: Linux 4.19.176 +Patch: 1176_linux-4.19.177.patch +From: https://www.kernel.org +Desc: Linux 4.19.177 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1176_linux-4.19.177.patch b/1176_linux-4.19.177.patch new file mode 100644 index 0000000..6692875 --- /dev/null +++ b/1176_linux-4.19.177.patch @@ -0,0 +1,1506 @@ +diff --git a/Makefile b/Makefile +index 6bebe3b22b452..74b9258e7d2ce 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 19 +-SUBLEVEL = 176 ++SUBLEVEL = 177 + EXTRAVERSION = + NAME = "People's Front" + +diff --git a/arch/arm/boot/dts/lpc32xx.dtsi b/arch/arm/boot/dts/lpc32xx.dtsi +index 9ad3df11db0d8..abef034987a27 100644 +--- a/arch/arm/boot/dts/lpc32xx.dtsi ++++ b/arch/arm/boot/dts/lpc32xx.dtsi +@@ -323,9 +323,6 @@ + + clocks = <&xtal_32k>, <&xtal>; + clock-names = "xtal_32k", "xtal"; +- +- assigned-clocks = <&clk LPC32XX_CLK_HCLK_PLL>; +- assigned-clock-rates = <208000000>; + }; + }; + +diff --git a/arch/arm/include/asm/kexec-internal.h b/arch/arm/include/asm/kexec-internal.h +new file mode 100644 +index 0000000000000..ecc2322db7aa1 +--- /dev/null ++++ b/arch/arm/include/asm/kexec-internal.h +@@ -0,0 +1,12 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef _ARM_KEXEC_INTERNAL_H ++#define _ARM_KEXEC_INTERNAL_H ++ ++struct kexec_relocate_data { ++ unsigned long kexec_start_address; ++ unsigned long kexec_indirection_page; ++ unsigned long kexec_mach_type; ++ unsigned long kexec_r2; ++}; ++ ++#endif +diff --git a/arch/arm/kernel/asm-offsets.c b/arch/arm/kernel/asm-offsets.c +index 3968d6c22455b..ae85f67a63520 100644 +--- a/arch/arm/kernel/asm-offsets.c ++++ b/arch/arm/kernel/asm-offsets.c +@@ -18,6 +18,7 @@ + #include <linux/kvm_host.h> + #endif + #include <asm/cacheflush.h> ++#include <asm/kexec-internal.h> + #include <asm/glue-df.h> + #include <asm/glue-pf.h> + #include <asm/mach/arch.h> +@@ -189,5 +190,9 @@ int main(void) + DEFINE(MPU_RGN_PRBAR, offsetof(struct mpu_rgn, prbar)); + DEFINE(MPU_RGN_PRLAR, offsetof(struct mpu_rgn, prlar)); + #endif ++ DEFINE(KEXEC_START_ADDR, offsetof(struct kexec_relocate_data, kexec_start_address)); ++ DEFINE(KEXEC_INDIR_PAGE, offsetof(struct kexec_relocate_data, kexec_indirection_page)); ++ DEFINE(KEXEC_MACH_TYPE, offsetof(struct kexec_relocate_data, kexec_mach_type)); ++ DEFINE(KEXEC_R2, offsetof(struct kexec_relocate_data, kexec_r2)); + return 0; + } +diff --git a/arch/arm/kernel/machine_kexec.c b/arch/arm/kernel/machine_kexec.c +index 76300f3813e89..734adeb42df87 100644 +--- a/arch/arm/kernel/machine_kexec.c ++++ b/arch/arm/kernel/machine_kexec.c +@@ -15,6 +15,7 @@ + #include <asm/pgalloc.h> + #include <asm/mmu_context.h> + #include <asm/cacheflush.h> ++#include <asm/kexec-internal.h> + #include <asm/fncpy.h> + #include <asm/mach-types.h> + #include <asm/smp_plat.h> +@@ -24,11 +25,6 @@ + extern void relocate_new_kernel(void); + extern const unsigned int relocate_new_kernel_size; + +-extern unsigned long kexec_start_address; +-extern unsigned long kexec_indirection_page; +-extern unsigned long kexec_mach_type; +-extern unsigned long kexec_boot_atags; +- + static atomic_t waiting_for_crash_ipi; + + /* +@@ -161,6 +157,7 @@ void (*kexec_reinit)(void); + void machine_kexec(struct kimage *image) + { + unsigned long page_list, reboot_entry_phys; ++ struct kexec_relocate_data *data; + void (*reboot_entry)(void); + void *reboot_code_buffer; + +@@ -176,18 +173,17 @@ void machine_kexec(struct kimage *image) + + reboot_code_buffer = page_address(image->control_code_page); + +- /* Prepare parameters for reboot_code_buffer*/ +- set_kernel_text_rw(); +- kexec_start_address = image->start; +- kexec_indirection_page = page_list; +- kexec_mach_type = machine_arch_type; +- kexec_boot_atags = image->arch.kernel_r2; +- + /* copy our kernel relocation code to the control code page */ + reboot_entry = fncpy(reboot_code_buffer, + &relocate_new_kernel, + relocate_new_kernel_size); + ++ data = reboot_code_buffer + relocate_new_kernel_size; ++ data->kexec_start_address = image->start; ++ data->kexec_indirection_page = page_list; ++ data->kexec_mach_type = machine_arch_type; ++ data->kexec_r2 = image->arch.kernel_r2; ++ + /* get the identity mapping physical address for the reboot code */ + reboot_entry_phys = virt_to_idmap(reboot_entry); + +diff --git a/arch/arm/kernel/relocate_kernel.S b/arch/arm/kernel/relocate_kernel.S +index 7eaa2ae7aff58..5e15b5912cb05 100644 +--- a/arch/arm/kernel/relocate_kernel.S ++++ b/arch/arm/kernel/relocate_kernel.S +@@ -5,14 +5,16 @@ + + #include <linux/linkage.h> + #include <asm/assembler.h> ++#include <asm/asm-offsets.h> + #include <asm/kexec.h> + + .align 3 /* not needed for this code, but keeps fncpy() happy */ + + ENTRY(relocate_new_kernel) + +- ldr r0,kexec_indirection_page +- ldr r1,kexec_start_address ++ adr r7, relocate_new_kernel_end ++ ldr r0, [r7, #KEXEC_INDIR_PAGE] ++ ldr r1, [r7, #KEXEC_START_ADDR] + + /* + * If there is no indirection page (we are doing crashdumps) +@@ -57,34 +59,16 @@ ENTRY(relocate_new_kernel) + + 2: + /* Jump to relocated kernel */ +- mov lr,r1 +- mov r0,#0 +- ldr r1,kexec_mach_type +- ldr r2,kexec_boot_atags +- ARM( ret lr ) +- THUMB( bx lr ) +- +- .align +- +- .globl kexec_start_address +-kexec_start_address: +- .long 0x0 +- +- .globl kexec_indirection_page +-kexec_indirection_page: +- .long 0x0 +- +- .globl kexec_mach_type +-kexec_mach_type: +- .long 0x0 +- +- /* phy addr of the atags for the new kernel */ +- .globl kexec_boot_atags +-kexec_boot_atags: +- .long 0x0 ++ mov lr, r1 ++ mov r0, #0 ++ ldr r1, [r7, #KEXEC_MACH_TYPE] ++ ldr r2, [r7, #KEXEC_R2] ++ ARM( ret lr ) ++ THUMB( bx lr ) + + ENDPROC(relocate_new_kernel) + ++ .align 3 + relocate_new_kernel_end: + + .globl relocate_new_kernel_size +diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c +index b908382b69ff5..1c01358b9b6db 100644 +--- a/arch/arm/kernel/signal.c ++++ b/arch/arm/kernel/signal.c +@@ -697,18 +697,20 @@ struct page *get_signal_page(void) + + addr = page_address(page); + ++ /* Poison the entire page */ ++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1), ++ PAGE_SIZE / sizeof(u32)); ++ + /* Give the signal return code some randomness */ + offset = 0x200 + (get_random_int() & 0x7fc); + signal_return_offset = offset; + +- /* +- * Copy signal return handlers into the vector page, and +- * set sigreturn to be a pointer to these. +- */ ++ /* Copy signal return handlers into the page */ + memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); + +- ptr = (unsigned long)addr + offset; +- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); ++ /* Flush out all instructions in this page */ ++ ptr = (unsigned long)addr; ++ flush_icache_range(ptr, ptr + PAGE_SIZE); + + return page; + } +diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c +index 8aa901e20ca8e..dd946c77e8015 100644 +--- a/arch/arm/xen/enlighten.c ++++ b/arch/arm/xen/enlighten.c +@@ -404,8 +404,6 @@ static int __init xen_guest_init(void) + return -ENOMEM; + } + gnttab_init(); +- if (!xen_initial_domain()) +- xenbus_probe(); + + /* + * Making sure board specific code will not set up ops for +diff --git a/arch/arm/xen/p2m.c b/arch/arm/xen/p2m.c +index 0641ba54ab62a..ce538c51fa3fb 100644 +--- a/arch/arm/xen/p2m.c ++++ b/arch/arm/xen/p2m.c +@@ -93,8 +93,10 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops, + for (i = 0; i < count; i++) { + if (map_ops[i].status) + continue; +- set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, +- map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT); ++ if (unlikely(!set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, ++ map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT))) { ++ return -ENOMEM; ++ } + } + + return 0; +diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +index f4ee7c4f83b8b..b1c1a88a1c20c 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -198,6 +198,7 @@ + reg = <0x0 0xf8000000 0x0 0x2000000>, + <0x0 0xfd000000 0x0 0x1000000>; + reg-names = "axi-base", "apb-base"; ++ device_type = "pci"; + #address-cells = <3>; + #size-cells = <2>; + #interrupt-cells = <1>; +@@ -216,7 +217,6 @@ + <0 0 0 2 &pcie0_intc 1>, + <0 0 0 3 &pcie0_intc 2>, + <0 0 0 4 &pcie0_intc 3>; +- linux,pci-domain = <0>; + max-link-speed = <1>; + msi-map = <0x0 &its 0x0 0x1000>; + phys = <&pcie_phy 0>, <&pcie_phy 1>, +diff --git a/arch/h8300/kernel/asm-offsets.c b/arch/h8300/kernel/asm-offsets.c +index 85e60509f0a83..d4b53af657c84 100644 +--- a/arch/h8300/kernel/asm-offsets.c ++++ b/arch/h8300/kernel/asm-offsets.c +@@ -63,6 +63,9 @@ int main(void) + OFFSET(TI_FLAGS, thread_info, flags); + OFFSET(TI_CPU, thread_info, cpu); + OFFSET(TI_PRE, thread_info, preempt_count); ++#ifdef CONFIG_PREEMPTION ++ DEFINE(TI_PRE_COUNT, offsetof(struct thread_info, preempt_count)); ++#endif + + return 0; + } +diff --git a/arch/riscv/include/asm/page.h b/arch/riscv/include/asm/page.h +index 06cfbb3aacbb0..abc147aeff8b0 100644 +--- a/arch/riscv/include/asm/page.h ++++ b/arch/riscv/include/asm/page.h +@@ -115,7 +115,10 @@ extern unsigned long min_low_pfn; + + #endif /* __ASSEMBLY__ */ + +-#define virt_addr_valid(vaddr) (pfn_valid(virt_to_pfn(vaddr))) ++#define virt_addr_valid(vaddr) ({ \ ++ unsigned long _addr = (unsigned long)vaddr; \ ++ (unsigned long)(_addr) >= PAGE_OFFSET && pfn_valid(virt_to_pfn(_addr)); \ ++}) + + #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | \ + VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index 0303a243b634e..75200b421f29b 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -61,6 +61,9 @@ endif + KBUILD_CFLAGS += -mno-sse -mno-mmx -mno-sse2 -mno-3dnow + KBUILD_CFLAGS += $(call cc-option,-mno-avx,) + ++# Intel CET isn't enabled in the kernel ++KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) ++ + ifeq ($(CONFIG_X86_32),y) + BITS := 32 + UTS_MACHINE := i386 +@@ -132,9 +135,6 @@ else + KBUILD_CFLAGS += -mno-red-zone + KBUILD_CFLAGS += -mcmodel=kernel + +- # Intel CET isn't enabled in the kernel +- KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) +- + # -funit-at-a-time shrinks the kernel .text considerably + # unfortunately it makes reading oopses harder. + KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time) +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c +index b34d11f22213f..8cb9277aa6ff2 100644 +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -7097,7 +7097,6 @@ static int svm_register_enc_region(struct kvm *kvm, + region->uaddr = range->addr; + region->size = range->size; + +- mutex_lock(&kvm->lock); + list_add_tail(®ion->list, &sev->regions_list); + mutex_unlock(&kvm->lock); + +diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c +index 159a897151d64..e8ef994c7243c 100644 +--- a/arch/x86/xen/p2m.c ++++ b/arch/x86/xen/p2m.c +@@ -708,7 +708,8 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops, + unsigned long mfn, pfn; + + /* Do not add to override if the map failed. */ +- if (map_ops[i].status) ++ if (map_ops[i].status != GNTST_okay || ++ (kmap_ops && kmap_ops[i].status != GNTST_okay)) + continue; + + if (map_ops[i].flags & GNTMAP_contains_pte) { +@@ -746,17 +747,15 @@ int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops, + unsigned long mfn = __pfn_to_mfn(page_to_pfn(pages[i])); + unsigned long pfn = page_to_pfn(pages[i]); + +- if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT)) { ++ if (mfn != INVALID_P2M_ENTRY && (mfn & FOREIGN_FRAME_BIT)) ++ set_phys_to_machine(pfn, INVALID_P2M_ENTRY); ++ else + ret = -EINVAL; +- goto out; +- } +- +- set_phys_to_machine(pfn, INVALID_P2M_ENTRY); + } + if (kunmap_ops) + ret = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, +- kunmap_ops, count); +-out: ++ kunmap_ops, count) ?: ret; ++ + return ret; + } + EXPORT_SYMBOL_GPL(clear_foreign_p2m_mapping); +diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c +index b7ad8ac6bb41e..5198ed1b36690 100644 +--- a/block/bfq-iosched.c ++++ b/block/bfq-iosched.c +@@ -5280,13 +5280,13 @@ static unsigned int bfq_update_depths(struct bfq_data *bfqd, + * limit 'something'. + */ + /* no more than 50% of tags for async I/O */ +- bfqd->word_depths[0][0] = max(bt->sb.depth >> 1, 1U); ++ bfqd->word_depths[0][0] = max((1U << bt->sb.shift) >> 1, 1U); + /* + * no more than 75% of tags for sync writes (25% extra tags + * w.r.t. async I/O, to prevent async I/O from starving sync + * writes) + */ +- bfqd->word_depths[0][1] = max((bt->sb.depth * 3) >> 2, 1U); ++ bfqd->word_depths[0][1] = max(((1U << bt->sb.shift) * 3) >> 2, 1U); + + /* + * In-word depths in case some bfq_queue is being weight- +@@ -5296,9 +5296,9 @@ static unsigned int bfq_update_depths(struct bfq_data *bfqd, + * shortage. + */ + /* no more than ~18% of tags for async I/O */ +- bfqd->word_depths[1][0] = max((bt->sb.depth * 3) >> 4, 1U); ++ bfqd->word_depths[1][0] = max(((1U << bt->sb.shift) * 3) >> 4, 1U); + /* no more than ~37% of tags for sync writes (~20% extra tags) */ +- bfqd->word_depths[1][1] = max((bt->sb.depth * 6) >> 4, 1U); ++ bfqd->word_depths[1][1] = max(((1U << bt->sb.shift) * 6) >> 4, 1U); + + for (i = 0; i < 2; i++) + for (j = 0; j < 2; j++) +diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c +index b18f0162cb9c4..208f3eea3641f 100644 +--- a/drivers/block/xen-blkback/blkback.c ++++ b/drivers/block/xen-blkback/blkback.c +@@ -850,8 +850,11 @@ again: + pages[i]->page = persistent_gnt->page; + pages[i]->persistent_gnt = persistent_gnt; + } else { +- if (get_free_page(ring, &pages[i]->page)) +- goto out_of_memory; ++ if (get_free_page(ring, &pages[i]->page)) { ++ put_free_pages(ring, pages_to_gnt, segs_to_map); ++ ret = -ENOMEM; ++ goto out; ++ } + addr = vaddr(pages[i]->page); + pages_to_gnt[segs_to_map] = pages[i]->page; + pages[i]->persistent_gnt = NULL; +@@ -867,10 +870,8 @@ again: + break; + } + +- if (segs_to_map) { ++ if (segs_to_map) + ret = gnttab_map_refs(map, NULL, pages_to_gnt, segs_to_map); +- BUG_ON(ret); +- } + + /* + * Now swizzle the MFN in our domain with the MFN from the other domain +@@ -885,7 +886,7 @@ again: + pr_debug("invalid buffer -- could not remap it\n"); + put_free_pages(ring, &pages[seg_idx]->page, 1); + pages[seg_idx]->handle = BLKBACK_INVALID_HANDLE; +- ret |= 1; ++ ret |= !ret; + goto next; + } + pages[seg_idx]->handle = map[new_map_idx].handle; +@@ -937,17 +938,18 @@ next: + } + segs_to_map = 0; + last_map = map_until; +- if (map_until != num) ++ if (!ret && map_until != num) + goto again; + +- return ret; +- +-out_of_memory: +- pr_alert("%s: out of memory\n", __func__); +- put_free_pages(ring, pages_to_gnt, segs_to_map); +- for (i = last_map; i < num; i++) ++out: ++ for (i = last_map; i < num; i++) { ++ /* Don't zap current batch's valid persistent grants. */ ++ if(i >= last_map + segs_to_map) ++ pages[i]->persistent_gnt = NULL; + pages[i]->handle = BLKBACK_INVALID_HANDLE; +- return -ENOMEM; ++ } ++ ++ return ret; + } + + static int xen_blkbk_map_seg(struct pending_req *pending_req) +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +index 3b07a316680c2..62a2f0491117d 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -668,8 +668,8 @@ static void emulated_link_detect(struct dc_link *link) + link->type = dc_connection_none; + prev_sink = link->local_sink; + +- if (prev_sink != NULL) +- dc_sink_retain(prev_sink); ++ if (prev_sink) ++ dc_sink_release(prev_sink); + + switch (link->connector_signal) { + case SIGNAL_TYPE_HDMI_TYPE_A: { +@@ -4732,14 +4732,14 @@ static int dm_force_atomic_commit(struct drm_connector *connector) + + ret = PTR_ERR_OR_ZERO(conn_state); + if (ret) +- goto err; ++ goto out; + + /* Attach crtc to drm_atomic_state*/ + crtc_state = drm_atomic_get_crtc_state(state, &disconnected_acrtc->base); + + ret = PTR_ERR_OR_ZERO(crtc_state); + if (ret) +- goto err; ++ goto out; + + /* force a restore */ + crtc_state->mode_changed = true; +@@ -4749,17 +4749,15 @@ static int dm_force_atomic_commit(struct drm_connector *connector) + + ret = PTR_ERR_OR_ZERO(plane_state); + if (ret) +- goto err; +- ++ goto out; + + /* Call commit internally with the state we just constructed */ + ret = drm_atomic_commit(state); +- if (!ret) +- return 0; + +-err: +- DRM_ERROR("Restoring old state failed with %i\n", ret); ++out: + drm_atomic_state_put(state); ++ if (ret) ++ DRM_ERROR("Restoring old state failed with %i\n", ret); + + return ret; + } +diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c +index eb7e533b0dd47..6feafebf85feb 100644 +--- a/drivers/i2c/busses/i2c-stm32f7.c ++++ b/drivers/i2c/busses/i2c-stm32f7.c +@@ -49,6 +49,8 @@ + #define STM32F7_I2C_CR1_RXDMAEN BIT(15) + #define STM32F7_I2C_CR1_TXDMAEN BIT(14) + #define STM32F7_I2C_CR1_ANFOFF BIT(12) ++#define STM32F7_I2C_CR1_DNF_MASK GENMASK(11, 8) ++#define STM32F7_I2C_CR1_DNF(n) (((n) & 0xf) << 8) + #define STM32F7_I2C_CR1_ERRIE BIT(7) + #define STM32F7_I2C_CR1_TCIE BIT(6) + #define STM32F7_I2C_CR1_STOPIE BIT(5) +@@ -147,7 +149,7 @@ + #define STM32F7_I2C_MAX_SLAVE 0x2 + + #define STM32F7_I2C_DNF_DEFAULT 0 +-#define STM32F7_I2C_DNF_MAX 16 ++#define STM32F7_I2C_DNF_MAX 15 + + #define STM32F7_I2C_ANALOG_FILTER_ENABLE 1 + #define STM32F7_I2C_ANALOG_FILTER_DELAY_MIN 50 /* ns */ +@@ -645,6 +647,13 @@ static void stm32f7_i2c_hw_config(struct stm32f7_i2c_dev *i2c_dev) + else + stm32f7_i2c_set_bits(i2c_dev->base + STM32F7_I2C_CR1, + STM32F7_I2C_CR1_ANFOFF); ++ ++ /* Program the Digital Filter */ ++ stm32f7_i2c_clr_bits(i2c_dev->base + STM32F7_I2C_CR1, ++ STM32F7_I2C_CR1_DNF_MASK); ++ stm32f7_i2c_set_bits(i2c_dev->base + STM32F7_I2C_CR1, ++ STM32F7_I2C_CR1_DNF(i2c_dev->setup.dnf)); ++ + stm32f7_i2c_set_bits(i2c_dev->base + STM32F7_I2C_CR1, + STM32F7_I2C_CR1_PE); + } +diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +index d575dd9a329d9..16ab000454f91 100644 +--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +@@ -5182,12 +5182,19 @@ void hclge_reset_tqp(struct hnae3_handle *handle, u16 queue_id) + + void hclge_reset_vf_queue(struct hclge_vport *vport, u16 queue_id) + { ++ struct hnae3_handle *handle = &vport->nic; + struct hclge_dev *hdev = vport->back; + int reset_try_times = 0; + int reset_status; + u16 queue_gid; + int ret; + ++ if (queue_id >= handle->kinfo.num_tqps) { ++ dev_warn(&hdev->pdev->dev, "Invalid vf queue id(%u)\n", ++ queue_id); ++ return; ++ } ++ + queue_gid = hclge_covert_handle_qid_global(&vport->nic, queue_id); + + ret = hclge_send_reset_tqp_cmd(hdev, queue_gid, true); +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c +index 37c0bc699cd9c..cc1895a32b9d3 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c +@@ -314,7 +314,12 @@ static int tc_setup_cbs(struct stmmac_priv *priv, + + priv->plat->tx_queues_cfg[queue].mode_to_use = MTL_QUEUE_AVB; + } else if (!qopt->enable) { +- return stmmac_dma_qmode(priv, priv->ioaddr, queue, MTL_QUEUE_DCB); ++ ret = stmmac_dma_qmode(priv, priv->ioaddr, queue, ++ MTL_QUEUE_DCB); ++ if (ret) ++ return ret; ++ ++ priv->plat->tx_queues_cfg[queue].mode_to_use = MTL_QUEUE_DCB; + } + + /* Port Transmit Rate and Speed Divider */ +diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c +index cc6840377bc27..8ce6a167dd2cc 100644 +--- a/drivers/net/wireless/mediatek/mt76/dma.c ++++ b/drivers/net/wireless/mediatek/mt76/dma.c +@@ -393,15 +393,17 @@ static void + mt76_add_fragment(struct mt76_dev *dev, struct mt76_queue *q, void *data, + int len, bool more) + { +- struct page *page = virt_to_head_page(data); +- int offset = data - page_address(page); + struct sk_buff *skb = q->rx_head; + struct skb_shared_info *shinfo = skb_shinfo(skb); + + if (shinfo->nr_frags < ARRAY_SIZE(shinfo->frags)) { +- offset += q->buf_offset; ++ struct page *page = virt_to_head_page(data); ++ int offset = data - page_address(page) + q->buf_offset; ++ + skb_add_rx_frag(skb, shinfo->nr_frags, page, offset, len, + q->buf_size); ++ } else { ++ skb_free_frag(data); + } + + if (more) +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index f228298c3bd08..b29a1b279fff4 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -1326,13 +1326,11 @@ int xenvif_tx_action(struct xenvif_queue *queue, int budget) + return 0; + + gnttab_batch_copy(queue->tx_copy_ops, nr_cops); +- if (nr_mops != 0) { ++ if (nr_mops != 0) + ret = gnttab_map_refs(queue->tx_map_ops, + NULL, + queue->pages_to_map, + nr_mops); +- BUG_ON(ret); +- } + + work_done = xenvif_tx_submit(queue); + +diff --git a/drivers/net/xen-netback/rx.c b/drivers/net/xen-netback/rx.c +index 9b62f65b630e4..48e2006f96ce6 100644 +--- a/drivers/net/xen-netback/rx.c ++++ b/drivers/net/xen-netback/rx.c +@@ -38,10 +38,15 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue) + RING_IDX prod, cons; + struct sk_buff *skb; + int needed; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&queue->rx_queue.lock, flags); + + skb = skb_peek(&queue->rx_queue); +- if (!skb) ++ if (!skb) { ++ spin_unlock_irqrestore(&queue->rx_queue.lock, flags); + return false; ++ } + + needed = DIV_ROUND_UP(skb->len, XEN_PAGE_SIZE); + if (skb_is_gso(skb)) +@@ -49,6 +54,8 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue) + if (skb->sw_hash) + needed++; + ++ spin_unlock_irqrestore(&queue->rx_queue.lock, flags); ++ + do { + prod = queue->rx.sring->req_prod; + cons = queue->rx.req_cons; +diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c +index 952544ca0d84d..93fadd4abf14d 100644 +--- a/drivers/platform/x86/hp-wmi.c ++++ b/drivers/platform/x86/hp-wmi.c +@@ -45,6 +45,10 @@ MODULE_LICENSE("GPL"); + MODULE_ALIAS("wmi:95F24279-4D7B-4334-9387-ACCDC67EF61C"); + MODULE_ALIAS("wmi:5FB7F034-2C63-45e9-BE91-3D44E2C707E4"); + ++static int enable_tablet_mode_sw = -1; ++module_param(enable_tablet_mode_sw, int, 0444); ++MODULE_PARM_DESC(enable_tablet_mode_sw, "Enable SW_TABLET_MODE reporting (-1=auto, 0=no, 1=yes)"); ++ + #define HPWMI_EVENT_GUID "95F24279-4D7B-4334-9387-ACCDC67EF61C" + #define HPWMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4" + +@@ -656,10 +660,12 @@ static int __init hp_wmi_input_setup(void) + } + + /* Tablet mode */ +- val = hp_wmi_hw_state(HPWMI_TABLET_MASK); +- if (!(val < 0)) { +- __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); +- input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); ++ if (enable_tablet_mode_sw > 0) { ++ val = hp_wmi_hw_state(HPWMI_TABLET_MASK); ++ if (val >= 0) { ++ __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); ++ input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); ++ } + } + + err = sparse_keymap_setup(hp_wmi_input_dev, hp_wmi_keymap, NULL); +diff --git a/drivers/scsi/qla2xxx/qla_tmpl.c b/drivers/scsi/qla2xxx/qla_tmpl.c +index 0ccd06f11f123..de31362940973 100644 +--- a/drivers/scsi/qla2xxx/qla_tmpl.c ++++ b/drivers/scsi/qla2xxx/qla_tmpl.c +@@ -940,7 +940,8 @@ qla27xx_template_checksum(void *p, ulong size) + static inline int + qla27xx_verify_template_checksum(struct qla27xx_fwdt_template *tmp) + { +- return qla27xx_template_checksum(tmp, tmp->template_size) == 0; ++ return qla27xx_template_checksum(tmp, ++ le32_to_cpu(tmp->template_size)) == 0; + } + + static inline int +@@ -956,7 +957,7 @@ qla27xx_execute_fwdt_template(struct scsi_qla_host *vha) + ulong len; + + if (qla27xx_fwdt_template_valid(tmp)) { +- len = tmp->template_size; ++ len = le32_to_cpu(tmp->template_size); + tmp = memcpy(vha->hw->fw_dump, tmp, len); + ql27xx_edit_template(vha, tmp); + qla27xx_walk_template(vha, tmp, tmp, &len); +@@ -972,7 +973,7 @@ qla27xx_fwdt_calculate_dump_size(struct scsi_qla_host *vha) + ulong len = 0; + + if (qla27xx_fwdt_template_valid(tmp)) { +- len = tmp->template_size; ++ len = le32_to_cpu(tmp->template_size); + qla27xx_walk_template(vha, tmp, NULL, &len); + } + +@@ -984,7 +985,7 @@ qla27xx_fwdt_template_size(void *p) + { + struct qla27xx_fwdt_template *tmp = p; + +- return tmp->template_size; ++ return le32_to_cpu(tmp->template_size); + } + + ulong +diff --git a/drivers/scsi/qla2xxx/qla_tmpl.h b/drivers/scsi/qla2xxx/qla_tmpl.h +index 141c1c5e73f42..2d3e1a8349b3b 100644 +--- a/drivers/scsi/qla2xxx/qla_tmpl.h ++++ b/drivers/scsi/qla2xxx/qla_tmpl.h +@@ -13,7 +13,7 @@ + struct __packed qla27xx_fwdt_template { + uint32_t template_type; + uint32_t entry_offset; +- uint32_t template_size; ++ __le32 template_size; + uint32_t reserved_1; + + uint32_t entry_count; +diff --git a/drivers/usb/dwc3/ulpi.c b/drivers/usb/dwc3/ulpi.c +index bb8271531da70..ffe3440abb74c 100644 +--- a/drivers/usb/dwc3/ulpi.c ++++ b/drivers/usb/dwc3/ulpi.c +@@ -7,6 +7,8 @@ + * Author: Heikki Krogerus <[email protected]> + */ + ++#include <linux/delay.h> ++#include <linux/time64.h> + #include <linux/ulpi/regs.h> + + #include "core.h" +@@ -17,12 +19,22 @@ + DWC3_GUSB2PHYACC_ADDR(ULPI_ACCESS_EXTENDED) | \ + DWC3_GUSB2PHYACC_EXTEND_ADDR(a) : DWC3_GUSB2PHYACC_ADDR(a)) + +-static int dwc3_ulpi_busyloop(struct dwc3 *dwc) ++#define DWC3_ULPI_BASE_DELAY DIV_ROUND_UP(NSEC_PER_SEC, 60000000L) ++ ++static int dwc3_ulpi_busyloop(struct dwc3 *dwc, u8 addr, bool read) + { +- unsigned count = 1000; ++ unsigned long ns = 5L * DWC3_ULPI_BASE_DELAY; ++ unsigned int count = 1000; + u32 reg; + ++ if (addr >= ULPI_EXT_VENDOR_SPECIFIC) ++ ns += DWC3_ULPI_BASE_DELAY; ++ ++ if (read) ++ ns += DWC3_ULPI_BASE_DELAY; ++ + while (count--) { ++ ndelay(ns); + reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYACC(0)); + if (reg & DWC3_GUSB2PHYACC_DONE) + return 0; +@@ -47,7 +59,7 @@ static int dwc3_ulpi_read(struct device *dev, u8 addr) + reg = DWC3_GUSB2PHYACC_NEWREGREQ | DWC3_ULPI_ADDR(addr); + dwc3_writel(dwc->regs, DWC3_GUSB2PHYACC(0), reg); + +- ret = dwc3_ulpi_busyloop(dwc); ++ ret = dwc3_ulpi_busyloop(dwc, addr, true); + if (ret) + return ret; + +@@ -71,7 +83,7 @@ static int dwc3_ulpi_write(struct device *dev, u8 addr, u8 val) + reg |= DWC3_GUSB2PHYACC_WRITE | val; + dwc3_writel(dwc->regs, DWC3_GUSB2PHYACC(0), reg); + +- return dwc3_ulpi_busyloop(dwc); ++ return dwc3_ulpi_busyloop(dwc, addr, false); + } + + static const struct ulpi_ops dwc3_ulpi_ops = { +diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c +index 3cfbec482efb9..e519063e421e2 100644 +--- a/drivers/xen/gntdev.c ++++ b/drivers/xen/gntdev.c +@@ -323,44 +323,47 @@ int gntdev_map_grant_pages(struct gntdev_grant_map *map) + * to the kernel linear addresses of the struct pages. + * These ptes are completely different from the user ptes dealt + * with find_grant_ptes. ++ * Note that GNTMAP_device_map isn't needed here: The ++ * dev_bus_addr output field gets consumed only from ->map_ops, ++ * and by not requesting it when mapping we also avoid needing ++ * to mirror dev_bus_addr into ->unmap_ops (and holding an extra ++ * reference to the page in the hypervisor). + */ ++ unsigned int flags = (map->flags & ~GNTMAP_device_map) | ++ GNTMAP_host_map; ++ + for (i = 0; i < map->count; i++) { + unsigned long address = (unsigned long) + pfn_to_kaddr(page_to_pfn(map->pages[i])); + BUG_ON(PageHighMem(map->pages[i])); + +- gnttab_set_map_op(&map->kmap_ops[i], address, +- map->flags | GNTMAP_host_map, ++ gnttab_set_map_op(&map->kmap_ops[i], address, flags, + map->grants[i].ref, + map->grants[i].domid); + gnttab_set_unmap_op(&map->kunmap_ops[i], address, +- map->flags | GNTMAP_host_map, -1); ++ flags, -1); + } + } + + pr_debug("map %d+%d\n", map->index, map->count); + err = gnttab_map_refs(map->map_ops, use_ptemod ? map->kmap_ops : NULL, + map->pages, map->count); +- if (err) +- return err; + + for (i = 0; i < map->count; i++) { +- if (map->map_ops[i].status) { ++ if (map->map_ops[i].status == GNTST_okay) ++ map->unmap_ops[i].handle = map->map_ops[i].handle; ++ else if (!err) + err = -EINVAL; +- continue; +- } + +- map->unmap_ops[i].handle = map->map_ops[i].handle; +- if (use_ptemod) +- map->kunmap_ops[i].handle = map->kmap_ops[i].handle; +-#ifdef CONFIG_XEN_GRANT_DMA_ALLOC +- else if (map->dma_vaddr) { +- unsigned long bfn; ++ if (map->flags & GNTMAP_device_map) ++ map->unmap_ops[i].dev_bus_addr = map->map_ops[i].dev_bus_addr; + +- bfn = pfn_to_bfn(page_to_pfn(map->pages[i])); +- map->unmap_ops[i].dev_bus_addr = __pfn_to_phys(bfn); ++ if (use_ptemod) { ++ if (map->kmap_ops[i].status == GNTST_okay) ++ map->kunmap_ops[i].handle = map->kmap_ops[i].handle; ++ else if (!err) ++ err = -EINVAL; + } +-#endif + } + return err; + } +diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c +index 1abc0a55b8d9c..614d067ffe126 100644 +--- a/drivers/xen/xen-scsiback.c ++++ b/drivers/xen/xen-scsiback.c +@@ -422,12 +422,12 @@ static int scsiback_gnttab_data_map_batch(struct gnttab_map_grant_ref *map, + return 0; + + err = gnttab_map_refs(map, NULL, pg, cnt); +- BUG_ON(err); + for (i = 0; i < cnt; i++) { + if (unlikely(map[i].status != GNTST_okay)) { + pr_err("invalid buffer -- could not remap it\n"); + map[i].handle = SCSIBACK_INVALID_HANDLE; +- err = -ENOMEM; ++ if (!err) ++ err = -ENOMEM; + } else { + get_page(pg[i]); + } +diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h +index a9bb5f91082d3..88516a8a9f932 100644 +--- a/drivers/xen/xenbus/xenbus.h ++++ b/drivers/xen/xenbus/xenbus.h +@@ -115,7 +115,6 @@ int xenbus_probe_node(struct xen_bus_type *bus, + const char *type, + const char *nodename); + int xenbus_probe_devices(struct xen_bus_type *bus); +-void xenbus_probe(void); + + void xenbus_dev_changed(const char *node, struct xen_bus_type *bus); + +diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c +index 786494bb7f20b..652894d619677 100644 +--- a/drivers/xen/xenbus/xenbus_probe.c ++++ b/drivers/xen/xenbus/xenbus_probe.c +@@ -683,7 +683,7 @@ void unregister_xenstore_notifier(struct notifier_block *nb) + } + EXPORT_SYMBOL_GPL(unregister_xenstore_notifier); + +-void xenbus_probe(void) ++static void xenbus_probe(void) + { + xenstored_ready = 1; + +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index 6eb0b882ad231..e164f489d01d9 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -79,6 +79,14 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *new) + + if (ovl_is_private_xattr(name)) + continue; ++ ++ error = security_inode_copy_up_xattr(name); ++ if (error < 0 && error != -EOPNOTSUPP) ++ break; ++ if (error == 1) { ++ error = 0; ++ continue; /* Discard */ ++ } + retry: + size = vfs_getxattr(old, name, value, value_size); + if (size == -ERANGE) +@@ -102,13 +110,6 @@ retry: + goto retry; + } + +- error = security_inode_copy_up_xattr(name); +- if (error < 0 && error != -EOPNOTSUPP) +- break; +- if (error == 1) { +- error = 0; +- continue; /* Discard */ +- } + error = vfs_setxattr(new, name, value, size, 0); + if (error) + break; +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c +index 8b3c284ce92ea..08e60a6df77c3 100644 +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -340,7 +340,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, + goto out; + + if (!value && !upperdentry) { ++ old_cred = ovl_override_creds(dentry->d_sb); + err = vfs_getxattr(realdentry, name, NULL, 0); ++ revert_creds(old_cred); + if (err < 0) + goto out_drop_write; + } +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c +index 246623406db9f..f0dc432a3ceb3 100644 +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -82,7 +82,7 @@ static void ovl_dentry_release(struct dentry *dentry) + static struct dentry *ovl_d_real(struct dentry *dentry, + const struct inode *inode) + { +- struct dentry *real; ++ struct dentry *real = NULL, *lower; + + /* It's an overlay file */ + if (inode && d_inode(dentry) == inode) +@@ -101,9 +101,10 @@ static struct dentry *ovl_d_real(struct dentry *dentry, + if (real && !inode && ovl_has_upperdata(d_inode(dentry))) + return real; + +- real = ovl_dentry_lowerdata(dentry); +- if (!real) ++ lower = ovl_dentry_lowerdata(dentry); ++ if (!lower) + goto bug; ++ real = lower; + + /* Handle recursion */ + real = d_real(real, inode); +@@ -111,8 +112,10 @@ static struct dentry *ovl_d_real(struct dentry *dentry, + if (!inode || inode == d_inode(real)) + return real; + bug: +- WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, +- inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); ++ WARN(1, "%s(%pd4, %s:%lu): real dentry (%p/%lu) not found\n", ++ __func__, dentry, inode ? inode->i_sb->s_id : "NULL", ++ inode ? inode->i_ino : 0, real, ++ real && d_inode(real) ? d_inode(real)->i_ino : 0); + return dentry; + } + +diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h +index f65a924a75abd..e71c97c3c25ef 100644 +--- a/include/asm-generic/vmlinux.lds.h ++++ b/include/asm-generic/vmlinux.lds.h +@@ -363,7 +363,7 @@ + } \ + \ + /* Built-in firmware blobs */ \ +- .builtin_fw : AT(ADDR(.builtin_fw) - LOAD_OFFSET) { \ ++ .builtin_fw : AT(ADDR(.builtin_fw) - LOAD_OFFSET) ALIGN(8) { \ + __start_builtin_fw = .; \ + KEEP(*(.builtin_fw)) \ + __end_builtin_fw = .; \ +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h +index 4e14926433edb..9770e08c7e029 100644 +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -3966,6 +3966,7 @@ static inline void netif_tx_disable(struct net_device *dev) + + local_bh_disable(); + cpu = smp_processor_id(); ++ spin_lock(&dev->tx_global_lock); + for (i = 0; i < dev->num_tx_queues; i++) { + struct netdev_queue *txq = netdev_get_tx_queue(dev, i); + +@@ -3973,6 +3974,7 @@ static inline void netif_tx_disable(struct net_device *dev) + netif_tx_stop_queue(txq); + __netif_tx_unlock(txq); + } ++ spin_unlock(&dev->tx_global_lock); + local_bh_enable(); + } + +diff --git a/include/xen/grant_table.h b/include/xen/grant_table.h +index 9bc5bc07d4d3f..a9978350b45b0 100644 +--- a/include/xen/grant_table.h ++++ b/include/xen/grant_table.h +@@ -157,6 +157,7 @@ gnttab_set_map_op(struct gnttab_map_grant_ref *map, phys_addr_t addr, + map->flags = flags; + map->ref = ref; + map->dom = domid; ++ map->status = 1; /* arbitrary positive value */ + } + + static inline void +diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h +index fe9a9fa2ebc45..14d47ed4114fd 100644 +--- a/include/xen/xenbus.h ++++ b/include/xen/xenbus.h +@@ -187,8 +187,6 @@ void xs_suspend_cancel(void); + + struct work_struct; + +-void xenbus_probe(void); +- + #define XENBUS_IS_ERR_READ(str) ({ \ + if (!IS_ERR(str) && strlen(str) == 0) { \ + kfree(str); \ +diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c +index 55fff5e6d9831..a47d623f59fe7 100644 +--- a/kernel/bpf/stackmap.c ++++ b/kernel/bpf/stackmap.c +@@ -114,6 +114,8 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr) + + /* hash table size must be power of 2 */ + n_buckets = roundup_pow_of_two(attr->max_entries); ++ if (!n_buckets) ++ return ERR_PTR(-E2BIG); + + cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap); + if (cost >= U32_MAX - PAGE_SIZE) +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index d6f1e305bb3db..88a4f9e2d06c7 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2292,7 +2292,7 @@ trace_event_buffer_lock_reserve(struct ring_buffer **current_rb, + (entry = this_cpu_read(trace_buffered_event))) { + /* Try to use the per cpu buffer first */ + val = this_cpu_inc_return(trace_buffered_event_cnt); +- if (val == 1) { ++ if ((len < (PAGE_SIZE - sizeof(*entry))) && val == 1) { + trace_event_setup(entry, type, flags, pc); + entry->array[0] = len; + return entry; +diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c +index 0fc06a7da87fb..ea43be6b9cc3c 100644 +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -1113,7 +1113,8 @@ system_enable_read(struct file *filp, char __user *ubuf, size_t cnt, + mutex_lock(&event_mutex); + list_for_each_entry(file, &tr->events, list) { + call = file->event_call; +- if (!trace_event_name(call) || !call->class || !call->class->reg) ++ if ((call->flags & TRACE_EVENT_FL_IGNORE_ENABLE) || ++ !trace_event_name(call) || !call->class || !call->class->reg) + continue; + + if (system && strcmp(call->class->system, system->name) != 0) +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index ad1da6b2fb607..1dceda3c0e759 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1063,7 +1063,8 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, + * Let nf_ct_resolve_clash() deal with this later. + */ + if (nf_ct_tuple_equal(&ignored_conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple, +- &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple)) ++ &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple) && ++ nf_ct_zone_equal(ct, zone, IP_CT_DIR_ORIGINAL)) + continue; + + NF_CT_STAT_INC_ATOMIC(net, found); +diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c +index 890799c16aa41..b3957fe7eced2 100644 +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -360,7 +360,7 @@ static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, + return -1; + + tcph = (void *)(skb_network_header(skb) + thoff); +- inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); ++ inet_proto_csum_replace2(&tcph->check, skb, port, new_port, false); + + return 0; + } +@@ -377,7 +377,7 @@ static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, + udph = (void *)(skb_network_header(skb) + thoff); + if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { + inet_proto_csum_replace2(&udph->check, skb, port, +- new_port, true); ++ new_port, false); + if (!udph->check) + udph->check = CSUM_MANGLED_0; + } +diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c +index 570144507df11..cb58bc7ae30d3 100644 +--- a/net/netfilter/xt_recent.c ++++ b/net/netfilter/xt_recent.c +@@ -155,7 +155,8 @@ static void recent_entry_remove(struct recent_table *t, struct recent_entry *e) + /* + * Drop entries with timestamps older then 'time'. + */ +-static void recent_entry_reap(struct recent_table *t, unsigned long time) ++static void recent_entry_reap(struct recent_table *t, unsigned long time, ++ struct recent_entry *working, bool update) + { + struct recent_entry *e; + +@@ -164,6 +165,12 @@ static void recent_entry_reap(struct recent_table *t, unsigned long time) + */ + e = list_entry(t->lru_list.next, struct recent_entry, lru_list); + ++ /* ++ * Do not reap the entry which are going to be updated. ++ */ ++ if (e == working && update) ++ return; ++ + /* + * The last time stamp is the most recent. + */ +@@ -306,7 +313,8 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par) + + /* info->seconds must be non-zero */ + if (info->check_set & XT_RECENT_REAP) +- recent_entry_reap(t, time); ++ recent_entry_reap(t, time, e, ++ info->check_set & XT_RECENT_UPDATE && ret); + } + + if (info->check_set & XT_RECENT_SET || +diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c +index a05c5cb3429c0..69cf9cbbb05f6 100644 +--- a/net/qrtr/qrtr.c ++++ b/net/qrtr/qrtr.c +@@ -194,7 +194,7 @@ static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb, + hdr->src_port_id = cpu_to_le32(from->sq_port); + if (to->sq_port == QRTR_PORT_CTRL) { + hdr->dst_node_id = cpu_to_le32(node->nid); +- hdr->dst_port_id = cpu_to_le32(QRTR_NODE_BCAST); ++ hdr->dst_port_id = cpu_to_le32(QRTR_PORT_CTRL); + } else { + hdr->dst_node_id = cpu_to_le32(to->sq_node); + hdr->dst_port_id = cpu_to_le32(to->sq_port); +diff --git a/net/qrtr/tun.c b/net/qrtr/tun.c +index e35869e81766e..997af345ce374 100644 +--- a/net/qrtr/tun.c ++++ b/net/qrtr/tun.c +@@ -80,6 +80,12 @@ static ssize_t qrtr_tun_write_iter(struct kiocb *iocb, struct iov_iter *from) + ssize_t ret; + void *kbuf; + ++ if (!len) ++ return -EINVAL; ++ ++ if (len > KMALLOC_MAX_SIZE) ++ return -ENOMEM; ++ + kbuf = kzalloc(len, GFP_KERNEL); + if (!kbuf) + return -ENOMEM; +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index e1965d9cbcf82..9882cebfcad60 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -531,6 +531,9 @@ int rds_rdma_extra_size(struct rds_rdma_args *args, + if (args->nr_local == 0) + return -EINVAL; + ++ if (args->nr_local > UIO_MAXIOV) ++ return -EMSGSIZE; ++ + iov->iov = kcalloc(args->nr_local, + sizeof(struct rds_iovec), + GFP_KERNEL); +diff --git a/net/sctp/proc.c b/net/sctp/proc.c +index a644292f9fafd..84f79ac4b9842 100644 +--- a/net/sctp/proc.c ++++ b/net/sctp/proc.c +@@ -230,6 +230,12 @@ static void sctp_transport_seq_stop(struct seq_file *seq, void *v) + { + struct sctp_ht_iter *iter = seq->private; + ++ if (v && v != SEQ_START_TOKEN) { ++ struct sctp_transport *transport = v; ++ ++ sctp_transport_put(transport); ++ } ++ + sctp_transport_walk_stop(&iter->hti); + } + +@@ -237,6 +243,12 @@ static void *sctp_transport_seq_next(struct seq_file *seq, void *v, loff_t *pos) + { + struct sctp_ht_iter *iter = seq->private; + ++ if (v && v != SEQ_START_TOKEN) { ++ struct sctp_transport *transport = v; ++ ++ sctp_transport_put(transport); ++ } ++ + ++*pos; + + return sctp_transport_get_next(seq_file_net(seq), &iter->hti); +@@ -292,8 +304,6 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) + sk->sk_rcvbuf); + seq_printf(seq, "\n"); + +- sctp_transport_put(transport); +- + return 0; + } + +@@ -369,8 +379,6 @@ static int sctp_remaddr_seq_show(struct seq_file *seq, void *v) + seq_printf(seq, "\n"); + } + +- sctp_transport_put(transport); +- + return 0; + } + +diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c +index 02374459c4179..4b65db13e1bba 100644 +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -816,10 +816,12 @@ static int vsock_shutdown(struct socket *sock, int mode) + */ + + sk = sock->sk; ++ ++ lock_sock(sk); + if (sock->state == SS_UNCONNECTED) { + err = -ENOTCONN; + if (sk->sk_type == SOCK_STREAM) +- return err; ++ goto out; + } else { + sock->state = SS_DISCONNECTING; + err = 0; +@@ -828,10 +830,8 @@ static int vsock_shutdown(struct socket *sock, int mode) + /* Receive and send shutdowns are treated alike. */ + mode = mode & (RCV_SHUTDOWN | SEND_SHUTDOWN); + if (mode) { +- lock_sock(sk); + sk->sk_shutdown |= mode; + sk->sk_state_change(sk); +- release_sock(sk); + + if (sk->sk_type == SOCK_STREAM) { + sock_reset_flag(sk, SOCK_DONE); +@@ -839,6 +839,8 @@ static int vsock_shutdown(struct socket *sock, int mode) + } + } + ++out: ++ release_sock(sk); + return err; + } + +@@ -1107,7 +1109,6 @@ static void vsock_connect_timeout(struct work_struct *work) + { + struct sock *sk; + struct vsock_sock *vsk; +- int cancel = 0; + + vsk = container_of(work, struct vsock_sock, connect_work.work); + sk = sk_vsock(vsk); +@@ -1118,11 +1119,9 @@ static void vsock_connect_timeout(struct work_struct *work) + sk->sk_state = TCP_CLOSE; + sk->sk_err = ETIMEDOUT; + sk->sk_error_report(sk); +- cancel = 1; ++ vsock_transport_cancel_pkt(vsk); + } + release_sock(sk); +- if (cancel) +- vsock_transport_cancel_pkt(vsk); + + sock_put(sk); + } +diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c +index db6ca51228d2f..2bdf36845a5f3 100644 +--- a/net/vmw_vsock/hyperv_transport.c ++++ b/net/vmw_vsock/hyperv_transport.c +@@ -443,14 +443,10 @@ static void hvs_shutdown_lock_held(struct hvsock *hvs, int mode) + + static int hvs_shutdown(struct vsock_sock *vsk, int mode) + { +- struct sock *sk = sk_vsock(vsk); +- + if (!(mode & SEND_SHUTDOWN)) + return 0; + +- lock_sock(sk); + hvs_shutdown_lock_held(vsk->trans, mode); +- release_sock(sk); + return 0; + } + +diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c +index 5f8a72d34d313..cbb336f01cf2b 100644 +--- a/net/vmw_vsock/virtio_transport_common.c ++++ b/net/vmw_vsock/virtio_transport_common.c +@@ -1033,10 +1033,10 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, + + vsk = vsock_sk(sk); + +- space_available = virtio_transport_space_update(sk, pkt); +- + lock_sock(sk); + ++ space_available = virtio_transport_space_update(sk, pkt); ++ + /* Update CID in case it has changed after a transport reset event */ + vsk->local_addr.svm_cid = dst.svm_cid; + +diff --git a/security/commoncap.c b/security/commoncap.c +index f86557a8e43f6..a1dee0ab345a2 100644 +--- a/security/commoncap.c ++++ b/security/commoncap.c +@@ -377,10 +377,11 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + { + int size, ret; + kuid_t kroot; ++ u32 nsmagic, magic; + uid_t root, mappedroot; + char *tmpbuf = NULL; + struct vfs_cap_data *cap; +- struct vfs_ns_cap_data *nscap; ++ struct vfs_ns_cap_data *nscap = NULL; + struct dentry *dentry; + struct user_namespace *fs_ns; + +@@ -402,46 +403,61 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + fs_ns = inode->i_sb->s_user_ns; + cap = (struct vfs_cap_data *) tmpbuf; + if (is_v2header((size_t) ret, cap)) { +- /* If this is sizeof(vfs_cap_data) then we're ok with the +- * on-disk value, so return that. */ +- if (alloc) +- *buffer = tmpbuf; +- else +- kfree(tmpbuf); +- return ret; +- } else if (!is_v3header((size_t) ret, cap)) { +- kfree(tmpbuf); +- return -EINVAL; ++ root = 0; ++ } else if (is_v3header((size_t) ret, cap)) { ++ nscap = (struct vfs_ns_cap_data *) tmpbuf; ++ root = le32_to_cpu(nscap->rootid); ++ } else { ++ size = -EINVAL; ++ goto out_free; + } + +- nscap = (struct vfs_ns_cap_data *) tmpbuf; +- root = le32_to_cpu(nscap->rootid); + kroot = make_kuid(fs_ns, root); + + /* If the root kuid maps to a valid uid in current ns, then return + * this as a nscap. */ + mappedroot = from_kuid(current_user_ns(), kroot); + if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) { ++ size = sizeof(struct vfs_ns_cap_data); + if (alloc) { +- *buffer = tmpbuf; ++ if (!nscap) { ++ /* v2 -> v3 conversion */ ++ nscap = kzalloc(size, GFP_ATOMIC); ++ if (!nscap) { ++ size = -ENOMEM; ++ goto out_free; ++ } ++ nsmagic = VFS_CAP_REVISION_3; ++ magic = le32_to_cpu(cap->magic_etc); ++ if (magic & VFS_CAP_FLAGS_EFFECTIVE) ++ nsmagic |= VFS_CAP_FLAGS_EFFECTIVE; ++ memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); ++ nscap->magic_etc = cpu_to_le32(nsmagic); ++ } else { ++ /* use allocated v3 buffer */ ++ tmpbuf = NULL; ++ } + nscap->rootid = cpu_to_le32(mappedroot); +- } else +- kfree(tmpbuf); +- return size; ++ *buffer = nscap; ++ } ++ goto out_free; + } + + if (!rootid_owns_currentns(kroot)) { +- kfree(tmpbuf); +- return -EOPNOTSUPP; ++ size = -EOVERFLOW; ++ goto out_free; + } + + /* This comes from a parent namespace. Return as a v2 capability */ + size = sizeof(struct vfs_cap_data); + if (alloc) { +- *buffer = kmalloc(size, GFP_ATOMIC); +- if (*buffer) { +- struct vfs_cap_data *cap = *buffer; +- __le32 nsmagic, magic; ++ if (nscap) { ++ /* v3 -> v2 conversion */ ++ cap = kzalloc(size, GFP_ATOMIC); ++ if (!cap) { ++ size = -ENOMEM; ++ goto out_free; ++ } + magic = VFS_CAP_REVISION_2; + nsmagic = le32_to_cpu(nscap->magic_etc); + if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE) +@@ -449,9 +465,12 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32); + cap->magic_etc = cpu_to_le32(magic); + } else { +- size = -ENOMEM; ++ /* use unconverted v2 */ ++ tmpbuf = NULL; + } ++ *buffer = cap; + } ++out_free: + kfree(tmpbuf); + return size; + } +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c +index 9312c7e750ed3..1ecb27b3421a7 100644 +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -412,9 +412,8 @@ static int kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn, + */ + kvm->mmu_notifier_count++; + need_tlb_flush = kvm_unmap_hva_range(kvm, start, end, blockable); +- need_tlb_flush |= kvm->tlbs_dirty; + /* we've to flush the tlb before the pages can be freed */ +- if (need_tlb_flush) ++ if (need_tlb_flush || kvm->tlbs_dirty) + kvm_flush_remote_tlbs(kvm); + + spin_unlock(&kvm->mmu_lock);
