commit: 77d4fcfb20c7e08977cb7915a70559b7cf2d29d1 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sat Sep 21 16:30:24 2019 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sat Sep 21 16:30:24 2019 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=77d4fcfb
Linux patch 4.14.146 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1145_linux-4.14.146.patch | 1614 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1618 insertions(+) diff --git a/0000_README b/0000_README index 38ce5d6..a4f3b29 100644 --- a/0000_README +++ b/0000_README @@ -623,6 +623,10 @@ Patch: 1144_linux-4.14.145.patch From: https://www.kernel.org Desc: Linux 4.14.145 +Patch: 1145_linux-4.14.146.patch +From: https://www.kernel.org +Desc: Linux 4.14.146 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1145_linux-4.14.146.patch b/1145_linux-4.14.146.patch new file mode 100644 index 0000000..3e02615 --- /dev/null +++ b/1145_linux-4.14.146.patch @@ -0,0 +1,1614 @@ +diff --git a/Makefile b/Makefile +index ce521c48b35e..ad923d5eae1e 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 14 +-SUBLEVEL = 145 ++SUBLEVEL = 146 + EXTRAVERSION = + NAME = Petit Gorille + +diff --git a/arch/arm/boot/dts/dra74x-mmc-iodelay.dtsi b/arch/arm/boot/dts/dra74x-mmc-iodelay.dtsi +index 28ebb4eb884a..214b9e6de2c3 100644 +--- a/arch/arm/boot/dts/dra74x-mmc-iodelay.dtsi ++++ b/arch/arm/boot/dts/dra74x-mmc-iodelay.dtsi +@@ -32,7 +32,7 @@ + * + * Datamanual Revisions: + * +- * AM572x Silicon Revision 2.0: SPRS953B, Revised November 2016 ++ * AM572x Silicon Revision 2.0: SPRS953F, Revised May 2019 + * AM572x Silicon Revision 1.1: SPRS915R, Revised November 2016 + * + */ +@@ -229,45 +229,45 @@ + + mmc3_pins_default: mmc3_pins_default { + pinctrl-single,pins = < +- DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ +- DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ +- DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ +- DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ +- DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ +- DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ ++ DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ ++ DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ ++ DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ ++ DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ ++ DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ ++ DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ + >; + }; + + mmc3_pins_hs: mmc3_pins_hs { + pinctrl-single,pins = < +- DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ +- DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ +- DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ +- DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ +- DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ +- DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ ++ DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ ++ DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ ++ DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ ++ DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ ++ DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ ++ DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ + >; + }; + + mmc3_pins_sdr12: mmc3_pins_sdr12 { + pinctrl-single,pins = < +- DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ +- DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ +- DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ +- DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ +- DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ +- DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ ++ DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ ++ DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ ++ DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ ++ DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ ++ DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ ++ DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ + >; + }; + + mmc3_pins_sdr25: mmc3_pins_sdr25 { + pinctrl-single,pins = < +- DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ +- DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ +- DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ +- DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ +- DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ +- DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ ++ DRA7XX_CORE_IOPAD(0x377c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_clk.mmc3_clk */ ++ DRA7XX_CORE_IOPAD(0x3780, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_cmd.mmc3_cmd */ ++ DRA7XX_CORE_IOPAD(0x3784, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat0.mmc3_dat0 */ ++ DRA7XX_CORE_IOPAD(0x3788, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat1.mmc3_dat1 */ ++ DRA7XX_CORE_IOPAD(0x378c, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat2.mmc3_dat2 */ ++ DRA7XX_CORE_IOPAD(0x3790, (PIN_INPUT_PULLUP | MODE_SELECT | MUX_MODE0)) /* mmc3_dat3.mmc3_dat3 */ + >; + }; + +diff --git a/arch/arm/mach-omap2/omap4-common.c b/arch/arm/mach-omap2/omap4-common.c +index cf65ab8bb004..e5dcbda20129 100644 +--- a/arch/arm/mach-omap2/omap4-common.c ++++ b/arch/arm/mach-omap2/omap4-common.c +@@ -131,6 +131,9 @@ static int __init omap4_sram_init(void) + struct device_node *np; + struct gen_pool *sram_pool; + ++ if (!soc_is_omap44xx() && !soc_is_omap54xx()) ++ return 0; ++ + np = of_find_compatible_node(NULL, NULL, "ti,omap4-mpu"); + if (!np) + pr_warn("%s:Unable to allocate sram needed to handle errata I688\n", +diff --git a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +index 2f4f7002f38d..87b0c38b7ca5 100644 +--- a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c ++++ b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +@@ -389,7 +389,8 @@ static struct omap_hwmod dra7xx_dcan2_hwmod = { + static struct omap_hwmod_class_sysconfig dra7xx_epwmss_sysc = { + .rev_offs = 0x0, + .sysc_offs = 0x4, +- .sysc_flags = SYSC_HAS_SIDLEMODE | SYSC_HAS_SOFTRESET, ++ .sysc_flags = SYSC_HAS_SIDLEMODE | SYSC_HAS_SOFTRESET | ++ SYSC_HAS_RESET_STATUS, + .idlemodes = (SIDLE_FORCE | SIDLE_NO | SIDLE_SMART), + .sysc_fields = &omap_hwmod_sysc_type2, + }; +diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c +index defb7fc26428..27a40101dd3a 100644 +--- a/arch/arm/mm/init.c ++++ b/arch/arm/mm/init.c +@@ -195,6 +195,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max_low, + #ifdef CONFIG_HAVE_ARCH_PFN_VALID + int pfn_valid(unsigned long pfn) + { ++ phys_addr_t addr = __pfn_to_phys(pfn); ++ ++ if (__phys_to_pfn(addr) != pfn) ++ return 0; ++ + return memblock_is_map_memory(__pfn_to_phys(pfn)); + } + EXPORT_SYMBOL(pfn_valid); +@@ -722,7 +727,8 @@ static void update_sections_early(struct section_perm perms[], int n) + if (t->flags & PF_KTHREAD) + continue; + for_each_thread(t, s) +- set_section_perms(perms, n, true, s->mm); ++ if (s->mm) ++ set_section_perms(perms, n, true, s->mm); + } + set_section_perms(perms, n, true, current->active_mm); + set_section_perms(perms, n, true, &init_mm); +diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c +index 17ae5c15a9e0..ba02305f121e 100644 +--- a/arch/powerpc/mm/pgtable-radix.c ++++ b/arch/powerpc/mm/pgtable-radix.c +@@ -442,14 +442,6 @@ void __init radix__early_init_devtree(void) + mmu_psize_defs[MMU_PAGE_64K].shift = 16; + mmu_psize_defs[MMU_PAGE_64K].ap = 0x5; + found: +-#ifdef CONFIG_SPARSEMEM_VMEMMAP +- if (mmu_psize_defs[MMU_PAGE_2M].shift) { +- /* +- * map vmemmap using 2M if available +- */ +- mmu_vmemmap_psize = MMU_PAGE_2M; +- } +-#endif /* CONFIG_SPARSEMEM_VMEMMAP */ + return; + } + +@@ -527,7 +519,13 @@ void __init radix__early_init_mmu(void) + + #ifdef CONFIG_SPARSEMEM_VMEMMAP + /* vmemmap mapping */ +- mmu_vmemmap_psize = mmu_virtual_psize; ++ if (mmu_psize_defs[MMU_PAGE_2M].shift) { ++ /* ++ * map vmemmap using 2M if available ++ */ ++ mmu_vmemmap_psize = MMU_PAGE_2M; ++ } else ++ mmu_vmemmap_psize = mmu_virtual_psize; + #endif + /* + * initialize page table size +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index bc9431aace05..b8bd84104843 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -882,7 +882,7 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + break; + case BPF_ALU64 | BPF_NEG: /* dst = -dst */ + /* lcgr %dst,%dst */ +- EMIT4(0xb9130000, dst_reg, dst_reg); ++ EMIT4(0xb9030000, dst_reg, dst_reg); + break; + /* + * BPF_FROM_BE/LE +@@ -1063,8 +1063,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + /* llgf %w1,map.max_entries(%b2) */ + EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, + offsetof(struct bpf_array, map.max_entries)); +- /* clgrj %b3,%w1,0xa,label0: if %b3 >= %w1 goto out */ +- EMIT6_PCREL_LABEL(0xec000000, 0x0065, BPF_REG_3, ++ /* clrj %b3,%w1,0xa,label0: if (u32)%b3 >= (u32)%w1 goto out */ ++ EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3, + REG_W1, 0, 0xa); + + /* +@@ -1090,8 +1090,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + * goto out; + */ + +- /* sllg %r1,%b3,3: %r1 = index * 8 */ +- EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, BPF_REG_3, REG_0, 3); ++ /* llgfr %r1,%b3: %r1 = (u32) index */ ++ EMIT4(0xb9160000, REG_1, BPF_REG_3); ++ /* sllg %r1,%r1,3: %r1 *= 8 */ ++ EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); + /* lg %r1,prog(%b2,%r1) */ + EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2, + REG_1, offsetof(struct bpf_array, ptrs)); +diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c +index 8c51844694e2..7a86fbc07ddc 100644 +--- a/arch/x86/events/amd/ibs.c ++++ b/arch/x86/events/amd/ibs.c +@@ -672,10 +672,17 @@ fail: + + throttle = perf_event_overflow(event, &data, ®s); + out: +- if (throttle) ++ if (throttle) { + perf_ibs_stop(event, 0); +- else +- perf_ibs_enable_event(perf_ibs, hwc, period >> 4); ++ } else { ++ period >>= 4; ++ ++ if ((ibs_caps & IBS_CAPS_RDWROPCNT) && ++ (*config & IBS_OP_CNT_CTL)) ++ period |= *config & IBS_OP_CUR_CNT_RAND; ++ ++ perf_ibs_enable_event(perf_ibs, hwc, period); ++ } + + perf_event_update_userpage(event); + +diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c +index d44bb077c6cf..4a60ed8c4413 100644 +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -3297,6 +3297,11 @@ static u64 bdw_limit_period(struct perf_event *event, u64 left) + return left; + } + ++static u64 nhm_limit_period(struct perf_event *event, u64 left) ++{ ++ return max(left, 32ULL); ++} ++ + PMU_FORMAT_ATTR(event, "config:0-7" ); + PMU_FORMAT_ATTR(umask, "config:8-15" ); + PMU_FORMAT_ATTR(edge, "config:18" ); +@@ -4092,6 +4097,7 @@ __init int intel_pmu_init(void) + x86_pmu.pebs_constraints = intel_nehalem_pebs_event_constraints; + x86_pmu.enable_all = intel_pmu_nhm_enable_all; + x86_pmu.extra_regs = intel_nehalem_extra_regs; ++ x86_pmu.limit_period = nhm_limit_period; + + x86_pmu.cpu_events = nhm_events_attrs; + +diff --git a/arch/x86/hyperv/mmu.c b/arch/x86/hyperv/mmu.c +index 56c9ebac946f..47718fff0b79 100644 +--- a/arch/x86/hyperv/mmu.c ++++ b/arch/x86/hyperv/mmu.c +@@ -57,12 +57,14 @@ static inline int fill_gva_list(u64 gva_list[], int offset, + * Lower 12 bits encode the number of additional + * pages to flush (in addition to the 'cur' page). + */ +- if (diff >= HV_TLB_FLUSH_UNIT) ++ if (diff >= HV_TLB_FLUSH_UNIT) { + gva_list[gva_n] |= ~PAGE_MASK; +- else if (diff) ++ cur += HV_TLB_FLUSH_UNIT; ++ } else if (diff) { + gva_list[gva_n] |= (diff - 1) >> PAGE_SHIFT; ++ cur = end; ++ } + +- cur += HV_TLB_FLUSH_UNIT; + gva_n++; + + } while (cur < end); +diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h +index 78241b736f2a..f6c4915a863e 100644 +--- a/arch/x86/include/asm/perf_event.h ++++ b/arch/x86/include/asm/perf_event.h +@@ -209,16 +209,20 @@ struct x86_pmu_capability { + #define IBSCTL_LVT_OFFSET_VALID (1ULL<<8) + #define IBSCTL_LVT_OFFSET_MASK 0x0F + +-/* ibs fetch bits/masks */ ++/* IBS fetch bits/masks */ + #define IBS_FETCH_RAND_EN (1ULL<<57) + #define IBS_FETCH_VAL (1ULL<<49) + #define IBS_FETCH_ENABLE (1ULL<<48) + #define IBS_FETCH_CNT 0xFFFF0000ULL + #define IBS_FETCH_MAX_CNT 0x0000FFFFULL + +-/* ibs op bits/masks */ +-/* lower 4 bits of the current count are ignored: */ +-#define IBS_OP_CUR_CNT (0xFFFF0ULL<<32) ++/* ++ * IBS op bits/masks ++ * The lower 7 bits of the current count are random bits ++ * preloaded by hardware and ignored in software ++ */ ++#define IBS_OP_CUR_CNT (0xFFF80ULL<<32) ++#define IBS_OP_CUR_CNT_RAND (0x0007FULL<<32) + #define IBS_OP_CNT_CTL (1ULL<<19) + #define IBS_OP_VAL (1ULL<<18) + #define IBS_OP_ENABLE (1ULL<<17) +diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h +index 4111edb3188e..971830341061 100644 +--- a/arch/x86/include/asm/uaccess.h ++++ b/arch/x86/include/asm/uaccess.h +@@ -451,8 +451,10 @@ do { \ + ({ \ + int __gu_err; \ + __inttype(*(ptr)) __gu_val; \ ++ __typeof__(ptr) __gu_ptr = (ptr); \ ++ __typeof__(size) __gu_size = (size); \ + __uaccess_begin_nospec(); \ +- __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ ++ __get_user_size(__gu_val, __gu_ptr, __gu_size, __gu_err, -EFAULT); \ + __uaccess_end(); \ + (x) = (__force __typeof__(*(ptr)))__gu_val; \ + __builtin_expect(__gu_err, 0); \ +diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c +index 96a8a68f9c79..566b7bc5deaa 100644 +--- a/arch/x86/kernel/apic/io_apic.c ++++ b/arch/x86/kernel/apic/io_apic.c +@@ -2342,7 +2342,13 @@ unsigned int arch_dynirq_lower_bound(unsigned int from) + * dmar_alloc_hwirq() may be called before setup_IO_APIC(), so use + * gsi_top if ioapic_dynirq_base hasn't been initialized yet. + */ +- return ioapic_initialized ? ioapic_dynirq_base : gsi_top; ++ if (!ioapic_initialized) ++ return gsi_top; ++ /* ++ * For DT enabled machines ioapic_dynirq_base is irrelevant and not ++ * updated. So simply return @from if ioapic_dynirq_base == 0. ++ */ ++ return ioapic_dynirq_base ? : from; + } + + #ifdef CONFIG_X86_32 +diff --git a/drivers/atm/Kconfig b/drivers/atm/Kconfig +index 2e2efa577437..8c37294f1d1e 100644 +--- a/drivers/atm/Kconfig ++++ b/drivers/atm/Kconfig +@@ -200,7 +200,7 @@ config ATM_NICSTAR_USE_SUNI + make the card work). + + config ATM_NICSTAR_USE_IDT77105 +- bool "Use IDT77015 PHY driver (25Mbps)" ++ bool "Use IDT77105 PHY driver (25Mbps)" + depends on ATM_NICSTAR + help + Support for the PHYsical layer chip in ForeRunner LE25 cards. In +diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c +index a9d1430fc5ee..5f1aa3197244 100644 +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -3786,7 +3786,7 @@ static int compat_getdrvprm(int drive, + v.native_format = UDP->native_format; + mutex_unlock(&floppy_mutex); + +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_params))) ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_params))) + return -EFAULT; + return 0; + } +@@ -3822,7 +3822,7 @@ static int compat_getdrvstat(int drive, bool poll, + v.bufblocks = UDRS->bufblocks; + mutex_unlock(&floppy_mutex); + +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) + return -EFAULT; + return 0; + Eintr: +diff --git a/drivers/dma/omap-dma.c b/drivers/dma/omap-dma.c +index 8c1665c8fe33..14b560facf77 100644 +--- a/drivers/dma/omap-dma.c ++++ b/drivers/dma/omap-dma.c +@@ -1534,8 +1534,10 @@ static int omap_dma_probe(struct platform_device *pdev) + + rc = devm_request_irq(&pdev->dev, irq, omap_dma_irq, + IRQF_SHARED, "omap-dma-engine", od); +- if (rc) ++ if (rc) { ++ omap_dma_free(od); + return rc; ++ } + } + + if (omap_dma_glbl_read(od, CAPS_0) & CAPS_0_SUPPORT_LL123) +diff --git a/drivers/dma/ti-dma-crossbar.c b/drivers/dma/ti-dma-crossbar.c +index 9272b173c746..6574cb5a12fe 100644 +--- a/drivers/dma/ti-dma-crossbar.c ++++ b/drivers/dma/ti-dma-crossbar.c +@@ -395,8 +395,10 @@ static int ti_dra7_xbar_probe(struct platform_device *pdev) + + ret = of_property_read_u32_array(node, pname, (u32 *)rsv_events, + nelm * 2); +- if (ret) ++ if (ret) { ++ kfree(rsv_events); + return ret; ++ } + + for (i = 0; i < nelm; i++) { + ti_dra7_xbar_reserve(rsv_events[i][0], rsv_events[i][1], +diff --git a/drivers/firmware/google/vpd.c b/drivers/firmware/google/vpd.c +index 9c0f7cf920af..5eb03a5d79dc 100644 +--- a/drivers/firmware/google/vpd.c ++++ b/drivers/firmware/google/vpd.c +@@ -100,8 +100,8 @@ static int vpd_section_check_key_name(const u8 *key, s32 key_len) + return VPD_OK; + } + +-static int vpd_section_attrib_add(const u8 *key, s32 key_len, +- const u8 *value, s32 value_len, ++static int vpd_section_attrib_add(const u8 *key, u32 key_len, ++ const u8 *value, u32 value_len, + void *arg) + { + int ret; +diff --git a/drivers/firmware/google/vpd_decode.c b/drivers/firmware/google/vpd_decode.c +index 943acaa8aa76..e75abe9fa122 100644 +--- a/drivers/firmware/google/vpd_decode.c ++++ b/drivers/firmware/google/vpd_decode.c +@@ -19,8 +19,8 @@ + + #include "vpd_decode.h" + +-static int vpd_decode_len(const s32 max_len, const u8 *in, +- s32 *length, s32 *decoded_len) ++static int vpd_decode_len(const u32 max_len, const u8 *in, ++ u32 *length, u32 *decoded_len) + { + u8 more; + int i = 0; +@@ -40,18 +40,39 @@ static int vpd_decode_len(const s32 max_len, const u8 *in, + } while (more); + + *decoded_len = i; ++ return VPD_OK; ++} ++ ++static int vpd_decode_entry(const u32 max_len, const u8 *input_buf, ++ u32 *_consumed, const u8 **entry, u32 *entry_len) ++{ ++ u32 decoded_len; ++ u32 consumed = *_consumed; ++ ++ if (vpd_decode_len(max_len - consumed, &input_buf[consumed], ++ entry_len, &decoded_len) != VPD_OK) ++ return VPD_FAIL; ++ if (max_len - consumed < decoded_len) ++ return VPD_FAIL; ++ ++ consumed += decoded_len; ++ *entry = input_buf + consumed; ++ ++ /* entry_len is untrusted data and must be checked again. */ ++ if (max_len - consumed < *entry_len) ++ return VPD_FAIL; + ++ consumed += decoded_len; ++ *_consumed = consumed; + return VPD_OK; + } + +-int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, ++int vpd_decode_string(const u32 max_len, const u8 *input_buf, u32 *consumed, + vpd_decode_callback callback, void *callback_arg) + { + int type; +- int res; +- s32 key_len; +- s32 value_len; +- s32 decoded_len; ++ u32 key_len; ++ u32 value_len; + const u8 *key; + const u8 *value; + +@@ -66,26 +87,14 @@ int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, + case VPD_TYPE_STRING: + (*consumed)++; + +- /* key */ +- res = vpd_decode_len(max_len - *consumed, &input_buf[*consumed], +- &key_len, &decoded_len); +- if (res != VPD_OK || *consumed + decoded_len >= max_len) ++ if (vpd_decode_entry(max_len, input_buf, consumed, &key, ++ &key_len) != VPD_OK) + return VPD_FAIL; + +- *consumed += decoded_len; +- key = &input_buf[*consumed]; +- *consumed += key_len; +- +- /* value */ +- res = vpd_decode_len(max_len - *consumed, &input_buf[*consumed], +- &value_len, &decoded_len); +- if (res != VPD_OK || *consumed + decoded_len > max_len) ++ if (vpd_decode_entry(max_len, input_buf, consumed, &value, ++ &value_len) != VPD_OK) + return VPD_FAIL; + +- *consumed += decoded_len; +- value = &input_buf[*consumed]; +- *consumed += value_len; +- + if (type == VPD_TYPE_STRING) + return callback(key, key_len, value, value_len, + callback_arg); +diff --git a/drivers/firmware/google/vpd_decode.h b/drivers/firmware/google/vpd_decode.h +index be3d62c5ca2f..e921456b8e78 100644 +--- a/drivers/firmware/google/vpd_decode.h ++++ b/drivers/firmware/google/vpd_decode.h +@@ -33,8 +33,8 @@ enum { + }; + + /* Callback for vpd_decode_string to invoke. */ +-typedef int vpd_decode_callback(const u8 *key, s32 key_len, +- const u8 *value, s32 value_len, ++typedef int vpd_decode_callback(const u8 *key, u32 key_len, ++ const u8 *value, u32 value_len, + void *arg); + + /* +@@ -52,7 +52,7 @@ typedef int vpd_decode_callback(const u8 *key, s32 key_len, + * If one entry is successfully decoded, sends it to callback and returns the + * result. + */ +-int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, ++int vpd_decode_string(const u32 max_len, const u8 *input_buf, u32 *consumed, + vpd_decode_callback callback, void *callback_arg); + + #endif /* __VPD_DECODE_H */ +diff --git a/drivers/fpga/altera-ps-spi.c b/drivers/fpga/altera-ps-spi.c +index 06d212a3d49d..19b1cf8a8252 100644 +--- a/drivers/fpga/altera-ps-spi.c ++++ b/drivers/fpga/altera-ps-spi.c +@@ -207,7 +207,7 @@ static int altera_ps_write_complete(struct fpga_manager *mgr, + return -EIO; + } + +- if (!IS_ERR(conf->confd)) { ++ if (conf->confd) { + if (!gpiod_get_raw_value_cansleep(conf->confd)) { + dev_err(&mgr->dev, "CONF_DONE is inactive!\n"); + return -EIO; +@@ -263,10 +263,13 @@ static int altera_ps_probe(struct spi_device *spi) + return PTR_ERR(conf->status); + } + +- conf->confd = devm_gpiod_get(&spi->dev, "confd", GPIOD_IN); ++ conf->confd = devm_gpiod_get_optional(&spi->dev, "confd", GPIOD_IN); + if (IS_ERR(conf->confd)) { +- dev_warn(&spi->dev, "Not using confd gpio: %ld\n", +- PTR_ERR(conf->confd)); ++ dev_err(&spi->dev, "Failed to get confd gpio: %ld\n", ++ PTR_ERR(conf->confd)); ++ return PTR_ERR(conf->confd); ++ } else if (!conf->confd) { ++ dev_warn(&spi->dev, "Not using confd gpio"); + } + + /* Register manager with unique name */ +diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c +index ee87f11e8cd5..c4d4464c7b21 100644 +--- a/drivers/hid/wacom_sys.c ++++ b/drivers/hid/wacom_sys.c +@@ -125,14 +125,16 @@ static void wacom_feature_mapping(struct hid_device *hdev, + /* leave touch_max as is if predefined */ + if (!features->touch_max) { + /* read manually */ +- data = kzalloc(2, GFP_KERNEL); ++ n = hid_report_len(field->report); ++ data = hid_alloc_report_buf(field->report, GFP_KERNEL); + if (!data) + break; + data[0] = field->report->id; + ret = wacom_get_report(hdev, HID_FEATURE_REPORT, +- data, 2, WAC_CMD_RETRIES); +- if (ret == 2) { +- features->touch_max = data[1]; ++ data, n, WAC_CMD_RETRIES); ++ if (ret == n) { ++ ret = hid_report_raw_event(hdev, ++ HID_FEATURE_REPORT, data, n, 0); + } else { + features->touch_max = 16; + hid_warn(hdev, "wacom_feature_mapping: " +diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c +index 2e593874f5e0..2e0c4df6ad08 100644 +--- a/drivers/hid/wacom_wac.c ++++ b/drivers/hid/wacom_wac.c +@@ -2428,6 +2428,7 @@ static void wacom_wac_finger_event(struct hid_device *hdev, + struct wacom *wacom = hid_get_drvdata(hdev); + struct wacom_wac *wacom_wac = &wacom->wacom_wac; + unsigned equivalent_usage = wacom_equivalent_usage(usage->hid); ++ struct wacom_features *features = &wacom->wacom_wac.features; + + switch (equivalent_usage) { + case HID_GD_X: +@@ -2448,6 +2449,9 @@ static void wacom_wac_finger_event(struct hid_device *hdev, + case HID_DG_TIPSWITCH: + wacom_wac->hid_data.tipswitch = value; + break; ++ case HID_DG_CONTACTMAX: ++ features->touch_max = value; ++ return; + } + + +diff --git a/drivers/i2c/busses/i2c-designware-slave.c b/drivers/i2c/busses/i2c-designware-slave.c +index ea9578ab19a1..fccf936f4b9b 100644 +--- a/drivers/i2c/busses/i2c-designware-slave.c ++++ b/drivers/i2c/busses/i2c-designware-slave.c +@@ -206,6 +206,7 @@ static int i2c_dw_unreg_slave(struct i2c_client *slave) + + dev->disable_int(dev); + dev->disable(dev); ++ synchronize_irq(dev->irq); + dev->slave = NULL; + pm_runtime_put(dev->dev); + +diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c +index ad89ba143a0e..73e5d485d849 100644 +--- a/drivers/input/mouse/elan_i2c_core.c ++++ b/drivers/input/mouse/elan_i2c_core.c +@@ -1274,7 +1274,7 @@ static const struct acpi_device_id elan_acpi_id[] = { + { "ELAN0618", 0 }, + { "ELAN0619", 0 }, + { "ELAN061A", 0 }, +- { "ELAN061B", 0 }, ++/* { "ELAN061B", 0 }, not working on the Lenovo Legion Y7000 */ + { "ELAN061C", 0 }, + { "ELAN061D", 0 }, + { "ELAN061E", 0 }, +diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c +index 684f7cdd814b..a1174e61daf4 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -1150,6 +1150,17 @@ static void amd_iommu_flush_tlb_all(struct amd_iommu *iommu) + iommu_completion_wait(iommu); + } + ++static void amd_iommu_flush_tlb_domid(struct amd_iommu *iommu, u32 dom_id) ++{ ++ struct iommu_cmd cmd; ++ ++ build_inv_iommu_pages(&cmd, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS, ++ dom_id, 1); ++ iommu_queue_command(iommu, &cmd); ++ ++ iommu_completion_wait(iommu); ++} ++ + static void amd_iommu_flush_all(struct amd_iommu *iommu) + { + struct iommu_cmd cmd; +@@ -1326,18 +1337,21 @@ static void domain_flush_devices(struct protection_domain *domain) + * another level increases the size of the address space by 9 bits to a size up + * to 64 bits. + */ +-static bool increase_address_space(struct protection_domain *domain, ++static void increase_address_space(struct protection_domain *domain, + gfp_t gfp) + { ++ unsigned long flags; + u64 *pte; + +- if (domain->mode == PAGE_MODE_6_LEVEL) ++ spin_lock_irqsave(&domain->lock, flags); ++ ++ if (WARN_ON_ONCE(domain->mode == PAGE_MODE_6_LEVEL)) + /* address space already 64 bit large */ +- return false; ++ goto out; + + pte = (void *)get_zeroed_page(gfp); + if (!pte) +- return false; ++ goto out; + + *pte = PM_LEVEL_PDE(domain->mode, + iommu_virt_to_phys(domain->pt_root)); +@@ -1345,7 +1359,10 @@ static bool increase_address_space(struct protection_domain *domain, + domain->mode += 1; + domain->updated = true; + +- return true; ++out: ++ spin_unlock_irqrestore(&domain->lock, flags); ++ ++ return; + } + + static u64 *alloc_pte(struct protection_domain *domain, +@@ -1835,6 +1852,7 @@ static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats) + { + u64 pte_root = 0; + u64 flags = 0; ++ u32 old_domid; + + if (domain->mode != PAGE_MODE_NONE) + pte_root = iommu_virt_to_phys(domain->pt_root); +@@ -1877,8 +1895,20 @@ static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats) + flags &= ~DEV_DOMID_MASK; + flags |= domain->id; + ++ old_domid = amd_iommu_dev_table[devid].data[1] & DEV_DOMID_MASK; + amd_iommu_dev_table[devid].data[1] = flags; + amd_iommu_dev_table[devid].data[0] = pte_root; ++ ++ /* ++ * A kdump kernel might be replacing a domain ID that was copied from ++ * the previous kernel--if so, it needs to flush the translation cache ++ * entries for the old domain ID that is being overwritten ++ */ ++ if (old_domid) { ++ struct amd_iommu *iommu = amd_iommu_rlookup_table[devid]; ++ ++ amd_iommu_flush_tlb_domid(iommu, old_domid); ++ } + } + + static void clear_dte_entry(u16 devid) +diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c +index 18d0f8f5283f..8d8e9f56a8be 100644 +--- a/drivers/media/usb/dvb-usb/technisat-usb2.c ++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c +@@ -607,10 +607,9 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a) + static int technisat_usb2_get_ir(struct dvb_usb_device *d) + { + struct technisat_usb2_state *state = d->priv; +- u8 *buf = state->buf; +- u8 *b; +- int ret; + struct ir_raw_event ev; ++ u8 *buf = state->buf; ++ int i, ret; + + buf[0] = GET_IR_DATA_VENDOR_REQUEST; + buf[1] = 0x08; +@@ -646,26 +645,25 @@ unlock: + return 0; /* no key pressed */ + + /* decoding */ +- b = buf+1; + + #if 0 + deb_rc("RC: %d ", ret); +- debug_dump(b, ret, deb_rc); ++ debug_dump(buf + 1, ret, deb_rc); + #endif + + ev.pulse = 0; +- while (1) { +- ev.pulse = !ev.pulse; +- ev.duration = (*b * FIRMWARE_CLOCK_DIVISOR * FIRMWARE_CLOCK_TICK) / 1000; +- ir_raw_event_store(d->rc_dev, &ev); +- +- b++; +- if (*b == 0xff) { ++ for (i = 1; i < ARRAY_SIZE(state->buf); i++) { ++ if (buf[i] == 0xff) { + ev.pulse = 0; + ev.duration = 888888*2; + ir_raw_event_store(d->rc_dev, &ev); + break; + } ++ ++ ev.pulse = !ev.pulse; ++ ev.duration = (buf[i] * FIRMWARE_CLOCK_DIVISOR * ++ FIRMWARE_CLOCK_TICK) / 1000; ++ ir_raw_event_store(d->rc_dev, &ev); + } + + ir_raw_event_handle(d->rc_dev); +diff --git a/drivers/media/usb/tm6000/tm6000-dvb.c b/drivers/media/usb/tm6000/tm6000-dvb.c +index 349f578273b6..9a2af71c2691 100644 +--- a/drivers/media/usb/tm6000/tm6000-dvb.c ++++ b/drivers/media/usb/tm6000/tm6000-dvb.c +@@ -105,6 +105,7 @@ static void tm6000_urb_received(struct urb *urb) + printk(KERN_ERR "tm6000: error %s\n", __func__); + kfree(urb->transfer_buffer); + usb_free_urb(urb); ++ dev->dvb->bulk_urb = NULL; + } + } + } +@@ -135,6 +136,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) + dvb->bulk_urb->transfer_buffer = kzalloc(size, GFP_KERNEL); + if (dvb->bulk_urb->transfer_buffer == NULL) { + usb_free_urb(dvb->bulk_urb); ++ dvb->bulk_urb = NULL; + printk(KERN_ERR "tm6000: couldn't allocate transfer buffer!\n"); + return -ENOMEM; + } +@@ -162,6 +164,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) + + kfree(dvb->bulk_urb->transfer_buffer); + usb_free_urb(dvb->bulk_urb); ++ dvb->bulk_urb = NULL; + return ret; + } + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-main.c b/drivers/net/ethernet/amd/xgbe/xgbe-main.c +index e31d9d1fb6a6..e4e632e025d3 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-main.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-main.c +@@ -487,13 +487,19 @@ static int __init xgbe_mod_init(void) + + ret = xgbe_platform_init(); + if (ret) +- return ret; ++ goto err_platform_init; + + ret = xgbe_pci_init(); + if (ret) +- return ret; ++ goto err_pci_init; + + return 0; ++ ++err_pci_init: ++ xgbe_platform_exit(); ++err_platform_init: ++ unregister_netdevice_notifier(&xgbe_netdev_notifier); ++ return ret; + } + + static void __exit xgbe_mod_exit(void) +diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c +index 7b239af6cc04..5046efdad539 100644 +--- a/drivers/net/ethernet/marvell/sky2.c ++++ b/drivers/net/ethernet/marvell/sky2.c +@@ -4954,6 +4954,13 @@ static const struct dmi_system_id msi_blacklist[] = { + DMI_MATCH(DMI_BOARD_NAME, "P6T"), + }, + }, ++ { ++ .ident = "ASUS P6X", ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "P6X"), ++ }, ++ }, + {} + }; + +diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c +index ecc2d4296526..557332f1f886 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_main.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_main.c +@@ -1081,7 +1081,7 @@ static int qed_slowpath_start(struct qed_dev *cdev, + &drv_version); + if (rc) { + DP_NOTICE(cdev, "Failed sending drv version command\n"); +- return rc; ++ goto err4; + } + } + +@@ -1089,6 +1089,8 @@ static int qed_slowpath_start(struct qed_dev *cdev, + + return 0; + ++err4: ++ qed_ll2_dealloc_if(cdev); + err3: + qed_hw_stop(cdev); + err2: +diff --git a/drivers/net/ethernet/seeq/sgiseeq.c b/drivers/net/ethernet/seeq/sgiseeq.c +index 84a42ed97601..49a18439bea2 100644 +--- a/drivers/net/ethernet/seeq/sgiseeq.c ++++ b/drivers/net/ethernet/seeq/sgiseeq.c +@@ -792,15 +792,16 @@ static int sgiseeq_probe(struct platform_device *pdev) + printk(KERN_ERR "Sgiseeq: Cannot register net device, " + "aborting.\n"); + err = -ENODEV; +- goto err_out_free_page; ++ goto err_out_free_attrs; + } + + printk(KERN_INFO "%s: %s %pM\n", dev->name, sgiseeqstr, dev->dev_addr); + + return 0; + +-err_out_free_page: +- free_page((unsigned long) sp->srings); ++err_out_free_attrs: ++ dma_free_attrs(&pdev->dev, sizeof(*sp->srings), sp->srings, ++ sp->srings_dma, DMA_ATTR_NON_CONSISTENT); + err_out_free_dev: + free_netdev(dev); + +diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c +index 66beff4d7646..455eec3c4694 100644 +--- a/drivers/net/usb/r8152.c ++++ b/drivers/net/usb/r8152.c +@@ -787,8 +787,11 @@ int get_registers(struct r8152 *tp, u16 value, u16 index, u16 size, void *data) + ret = usb_control_msg(tp->udev, usb_rcvctrlpipe(tp->udev, 0), + RTL8152_REQ_GET_REGS, RTL8152_REQT_READ, + value, index, tmp, size, 500); ++ if (ret < 0) ++ memset(data, 0xff, size); ++ else ++ memcpy(data, tmp, size); + +- memcpy(data, tmp, size); + kfree(tmp); + + return ret; +diff --git a/drivers/net/wireless/marvell/mwifiex/ie.c b/drivers/net/wireless/marvell/mwifiex/ie.c +index 32853496fe8c..853b59e19922 100644 +--- a/drivers/net/wireless/marvell/mwifiex/ie.c ++++ b/drivers/net/wireless/marvell/mwifiex/ie.c +@@ -241,6 +241,9 @@ static int mwifiex_update_vs_ie(const u8 *ies, int ies_len, + } + + vs_ie = (struct ieee_types_header *)vendor_ie; ++ if (le16_to_cpu(ie->ie_length) + vs_ie->len + 2 > ++ IEEE_MAX_IE_SIZE) ++ return -EINVAL; + memcpy(ie->ie_buffer + le16_to_cpu(ie->ie_length), + vs_ie, vs_ie->len + 2); + le16_unaligned_add_cpu(&ie->ie_length, vs_ie->len + 2); +diff --git a/drivers/net/wireless/marvell/mwifiex/uap_cmd.c b/drivers/net/wireless/marvell/mwifiex/uap_cmd.c +index 18f7d9bf30b2..0939a8c8f3ab 100644 +--- a/drivers/net/wireless/marvell/mwifiex/uap_cmd.c ++++ b/drivers/net/wireless/marvell/mwifiex/uap_cmd.c +@@ -265,6 +265,8 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, + + rate_ie = (void *)cfg80211_find_ie(WLAN_EID_SUPP_RATES, var_pos, len); + if (rate_ie) { ++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES) ++ return; + memcpy(bss_cfg->rates, rate_ie + 1, rate_ie->len); + rate_len = rate_ie->len; + } +@@ -272,8 +274,11 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, + rate_ie = (void *)cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, + params->beacon.tail, + params->beacon.tail_len); +- if (rate_ie) ++ if (rate_ie) { ++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES - rate_len) ++ return; + memcpy(bss_cfg->rates + rate_len, rate_ie + 1, rate_ie->len); ++ } + + return; + } +@@ -391,6 +396,8 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv, + params->beacon.tail_len); + if (vendor_ie) { + wmm_ie = vendor_ie; ++ if (*(wmm_ie + 1) > sizeof(struct mwifiex_types_wmm_info)) ++ return; + memcpy(&bss_cfg->wmm_info, wmm_ie + + sizeof(struct ieee_types_header), *(wmm_ie + 1)); + priv->wmm_enabled = 1; +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index 4af4e5c12d53..5cb3edae586f 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -908,7 +908,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, + __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); + } + if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { +- queue->rx.rsp_cons = ++cons; ++ queue->rx.rsp_cons = ++cons + skb_queue_len(list); + kfree_skb(nskb); + return ~0U; + } +diff --git a/drivers/pci/dwc/pcie-kirin.c b/drivers/pci/dwc/pcie-kirin.c +index efc317e7669d..03d88a1f1d4f 100644 +--- a/drivers/pci/dwc/pcie-kirin.c ++++ b/drivers/pci/dwc/pcie-kirin.c +@@ -449,8 +449,8 @@ static const struct dw_pcie_host_ops kirin_pcie_host_ops = { + .host_init = kirin_pcie_host_init, + }; + +-static int __init kirin_add_pcie_port(struct dw_pcie *pci, +- struct platform_device *pdev) ++static int kirin_add_pcie_port(struct dw_pcie *pci, ++ struct platform_device *pdev) + { + pci->pp.ops = &kirin_pcie_host_ops; + +diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c +index 54c34298a000..e8fe80312820 100644 +--- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c ++++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c +@@ -64,6 +64,7 @@ + USB2_OBINT_IDDIGCHG) + + /* VBCTRL */ ++#define USB2_VBCTRL_OCCLREN BIT(16) + #define USB2_VBCTRL_DRVVBUSSEL BIT(8) + + /* LINECTRL1 */ +@@ -278,6 +279,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) + u32 val; + + val = readl(usb2_base + USB2_VBCTRL); ++ val &= ~USB2_VBCTRL_OCCLREN; + writel(val | USB2_VBCTRL_DRVVBUSSEL, usb2_base + USB2_VBCTRL); + writel(USB2_OBINT_BITS, usb2_base + USB2_OBINTSTA); + val = readl(usb2_base + USB2_OBINTEN); +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c +index f747f1a1780c..9ee41ba0e55b 100644 +--- a/drivers/tty/serial/atmel_serial.c ++++ b/drivers/tty/serial/atmel_serial.c +@@ -1276,7 +1276,6 @@ atmel_handle_transmit(struct uart_port *port, unsigned int pending) + + atmel_port->hd_start_rx = false; + atmel_start_rx(port); +- return; + } + + atmel_tasklet_schedule(atmel_port, &atmel_port->tasklet_tx); +diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c +index e902494ebbd5..943619ebee38 100644 +--- a/drivers/tty/serial/sprd_serial.c ++++ b/drivers/tty/serial/sprd_serial.c +@@ -240,7 +240,7 @@ static inline void sprd_rx(struct uart_port *port) + + if (lsr & (SPRD_LSR_BI | SPRD_LSR_PE | + SPRD_LSR_FE | SPRD_LSR_OE)) +- if (handle_lsr_errors(port, &lsr, &flag)) ++ if (handle_lsr_errors(port, &flag, &lsr)) + continue; + if (uart_handle_sysrq_char(port, ch)) + continue; +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c +index f105a5f4927e..d03d0e46b121 100644 +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -925,7 +925,7 @@ int usb_get_bos_descriptor(struct usb_device *dev) + struct usb_bos_descriptor *bos; + struct usb_dev_cap_header *cap; + struct usb_ssp_cap_descriptor *ssp_cap; +- unsigned char *buffer; ++ unsigned char *buffer, *buffer0; + int length, total_len, num, i, ssac; + __u8 cap_type; + int ret; +@@ -970,10 +970,12 @@ int usb_get_bos_descriptor(struct usb_device *dev) + ret = -ENOMSG; + goto err; + } ++ ++ buffer0 = buffer; + total_len -= length; ++ buffer += length; + + for (i = 0; i < num; i++) { +- buffer += length; + cap = (struct usb_dev_cap_header *)buffer; + + if (total_len < sizeof(*cap) || total_len < cap->bLength) { +@@ -987,8 +989,6 @@ int usb_get_bos_descriptor(struct usb_device *dev) + break; + } + +- total_len -= length; +- + if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { + dev_warn(ddev, "descriptor type invalid, skip\n"); + continue; +@@ -1023,7 +1023,11 @@ int usb_get_bos_descriptor(struct usb_device *dev) + default: + break; + } ++ ++ total_len -= length; ++ buffer += length; + } ++ dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0); + + return 0; + +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index 469666df91da..8096cca87fe7 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -1116,6 +1116,17 @@ static int load_elf_binary(struct linux_binprm *bprm) + current->mm->start_stack = bprm->p; + + if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { ++ /* ++ * For architectures with ELF randomization, when executing ++ * a loader directly (i.e. no interpreter listed in ELF ++ * headers), move the brk area out of the mmap region ++ * (since it grows up, and may collide early with the stack ++ * growing down), and into the unused ELF_ET_DYN_BASE region. ++ */ ++ if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && !interpreter) ++ current->mm->brk = current->mm->start_brk = ++ ELF_ET_DYN_BASE; ++ + current->mm->brk = current->mm->start_brk = + arch_randomize_brk(current->mm); + #ifdef compat_brk_randomized +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index 57c62ff4e8d6..f523a9ca9574 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2542,6 +2542,7 @@ static int + cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) + { + int rc = 0; ++ int is_domain = 0; + const char *delim, *payload; + char *desc; + ssize_t len; +@@ -2589,6 +2590,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) + rc = PTR_ERR(key); + goto out_err; + } ++ is_domain = 1; + } + + down_read(&key->sem); +@@ -2646,6 +2648,26 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) + goto out_key_put; + } + ++ /* ++ * If we have a domain key then we must set the domainName in the ++ * for the request. ++ */ ++ if (is_domain && ses->domainName) { ++ vol->domainname = kstrndup(ses->domainName, ++ strlen(ses->domainName), ++ GFP_KERNEL); ++ if (!vol->domainname) { ++ cifs_dbg(FYI, "Unable to allocate %zd bytes for " ++ "domain\n", len); ++ rc = -ENOMEM; ++ kfree(vol->username); ++ vol->username = NULL; ++ kzfree(vol->password); ++ vol->password = NULL; ++ goto out_key_put; ++ } ++ } ++ + out_key_put: + up_read(&key->sem); + key_put(key); +diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c +index 85a6fdd76e20..50c181fa0025 100644 +--- a/fs/nfs/dir.c ++++ b/fs/nfs/dir.c +@@ -1470,7 +1470,7 @@ static int nfs_finish_open(struct nfs_open_context *ctx, + if (S_ISREG(file->f_path.dentry->d_inode->i_mode)) + nfs_file_set_open_context(file, ctx); + else +- err = -ESTALE; ++ err = -EOPENSTALE; + out: + return err; + } +diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c +index 2b3e0f1ca572..b8d316a338bc 100644 +--- a/fs/nfs/nfs4file.c ++++ b/fs/nfs/nfs4file.c +@@ -74,13 +74,13 @@ nfs4_file_open(struct inode *inode, struct file *filp) + if (IS_ERR(inode)) { + err = PTR_ERR(inode); + switch (err) { +- case -EPERM: +- case -EACCES: +- case -EDQUOT: +- case -ENOSPC: +- case -EROFS: +- goto out_put_ctx; + default: ++ goto out_put_ctx; ++ case -ENOENT: ++ case -ESTALE: ++ case -EISDIR: ++ case -ENOTDIR: ++ case -ELOOP: + goto out_drop; + } + } +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c +index 132e568524df..ceb6892d9bbd 100644 +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -566,7 +566,7 @@ static void nfs_pgio_rpcsetup(struct nfs_pgio_header *hdr, + } + + hdr->res.fattr = &hdr->fattr; +- hdr->res.count = count; ++ hdr->res.count = 0; + hdr->res.eof = 0; + hdr->res.verf = &hdr->verf; + nfs_fattr_init(&hdr->fattr); +diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c +index f7fd9192d4bc..eff93315572e 100644 +--- a/fs/nfs/proc.c ++++ b/fs/nfs/proc.c +@@ -589,7 +589,8 @@ static int nfs_read_done(struct rpc_task *task, struct nfs_pgio_header *hdr) + /* Emulate the eof flag, which isn't normally needed in NFSv2 + * as it is guaranteed to always return the file attributes + */ +- if (hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) ++ if ((hdr->res.count == 0 && hdr->args.count > 0) || ++ hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) + hdr->res.eof = 1; + } + return 0; +@@ -610,8 +611,10 @@ static int nfs_proc_pgio_rpc_prepare(struct rpc_task *task, + + static int nfs_write_done(struct rpc_task *task, struct nfs_pgio_header *hdr) + { +- if (task->tk_status >= 0) ++ if (task->tk_status >= 0) { ++ hdr->res.count = hdr->args.count; + nfs_writeback_update_inode(hdr); ++ } + return 0; + } + +diff --git a/include/uapi/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h +index 5c8a4d760ee3..b5123ab8d54a 100644 +--- a/include/uapi/linux/netfilter/xt_nfacct.h ++++ b/include/uapi/linux/netfilter/xt_nfacct.h +@@ -11,4 +11,9 @@ struct xt_nfacct_match_info { + struct nf_acct *nfacct; + }; + ++struct xt_nfacct_match_info_v1 { ++ char name[NFACCT_NAME_MAX]; ++ struct nf_acct *nfacct __attribute__((aligned(8))); ++}; ++ + #endif /* _XT_NFACCT_MATCH_H */ +diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c +index 127e7cfafa55..3e1b66366ac2 100644 +--- a/kernel/kallsyms.c ++++ b/kernel/kallsyms.c +@@ -296,8 +296,10 @@ int kallsyms_lookup_size_offset(unsigned long addr, unsigned long *symbolsize, + { + char namebuf[KSYM_NAME_LEN]; + +- if (is_ksym_addr(addr)) +- return !!get_symbol_pos(addr, symbolsize, offset); ++ if (is_ksym_addr(addr)) { ++ get_symbol_pos(addr, symbolsize, offset); ++ return 1; ++ } + return !!module_address_lookup(addr, symbolsize, offset, NULL, namebuf) || + !!__bpf_address_lookup(addr, symbolsize, offset, namebuf); + } +diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c +index 8be61734fc43..e07f636160b6 100644 +--- a/net/batman-adv/bat_v_ogm.c ++++ b/net/batman-adv/bat_v_ogm.c +@@ -642,17 +642,23 @@ batadv_v_ogm_process_per_outif(struct batadv_priv *bat_priv, + * batadv_v_ogm_aggr_packet - checks if there is another OGM aggregated + * @buff_pos: current position in the skb + * @packet_len: total length of the skb +- * @tvlv_len: tvlv length of the previously considered OGM ++ * @ogm2_packet: potential OGM2 in buffer + * + * Return: true if there is enough space for another OGM, false otherwise. + */ +-static bool batadv_v_ogm_aggr_packet(int buff_pos, int packet_len, +- __be16 tvlv_len) ++static bool ++batadv_v_ogm_aggr_packet(int buff_pos, int packet_len, ++ const struct batadv_ogm2_packet *ogm2_packet) + { + int next_buff_pos = 0; + +- next_buff_pos += buff_pos + BATADV_OGM2_HLEN; +- next_buff_pos += ntohs(tvlv_len); ++ /* check if there is enough space for the header */ ++ next_buff_pos += buff_pos + sizeof(*ogm2_packet); ++ if (next_buff_pos > packet_len) ++ return false; ++ ++ /* check if there is enough space for the optional TVLV */ ++ next_buff_pos += ntohs(ogm2_packet->tvlv_len); + + return (next_buff_pos <= packet_len) && + (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES); +@@ -829,7 +835,7 @@ int batadv_v_ogm_packet_recv(struct sk_buff *skb, + ogm_packet = (struct batadv_ogm2_packet *)skb->data; + + while (batadv_v_ogm_aggr_packet(ogm_offset, skb_headlen(skb), +- ogm_packet->tvlv_len)) { ++ ogm_packet)) { + batadv_v_ogm_process(skb, ogm_offset, if_incoming); + + ogm_offset += BATADV_OGM2_HLEN; +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c +index 5ce069ce2a97..c1f59a53f68f 100644 +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -922,10 +922,10 @@ static int tcp_send_mss(struct sock *sk, int *size_goal, int flags) + */ + static void tcp_remove_empty_skb(struct sock *sk, struct sk_buff *skb) + { +- if (skb && !skb->len) { ++ if (skb && !skb->len && ++ TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) { + tcp_unlink_write_queue(skb, sk); +- if (tcp_write_queue_empty(sk)) +- tcp_chrono_stop(sk, TCP_CHRONO_BUSY); ++ tcp_check_send_head(sk, skb); + sk_wmem_free_skb(sk, skb); + } + } +diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c +index f0e9a7511e1a..c236c7d1655d 100644 +--- a/net/netfilter/nf_conntrack_ftp.c ++++ b/net/netfilter/nf_conntrack_ftp.c +@@ -323,7 +323,7 @@ static int find_pattern(const char *data, size_t dlen, + i++; + } + +- pr_debug("Skipped up to `%c'!\n", skip); ++ pr_debug("Skipped up to 0x%hhx delimiter!\n", skip); + + *numoff = i; + *numlen = getnum(data + i, dlen - i, cmd, term, numoff); +diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c +index 6f92d25590a8..ea447b437f12 100644 +--- a/net/netfilter/xt_nfacct.c ++++ b/net/netfilter/xt_nfacct.c +@@ -55,25 +55,39 @@ nfacct_mt_destroy(const struct xt_mtdtor_param *par) + nfnl_acct_put(info->nfacct); + } + +-static struct xt_match nfacct_mt_reg __read_mostly = { +- .name = "nfacct", +- .family = NFPROTO_UNSPEC, +- .checkentry = nfacct_mt_checkentry, +- .match = nfacct_mt, +- .destroy = nfacct_mt_destroy, +- .matchsize = sizeof(struct xt_nfacct_match_info), +- .usersize = offsetof(struct xt_nfacct_match_info, nfacct), +- .me = THIS_MODULE, ++static struct xt_match nfacct_mt_reg[] __read_mostly = { ++ { ++ .name = "nfacct", ++ .revision = 0, ++ .family = NFPROTO_UNSPEC, ++ .checkentry = nfacct_mt_checkentry, ++ .match = nfacct_mt, ++ .destroy = nfacct_mt_destroy, ++ .matchsize = sizeof(struct xt_nfacct_match_info), ++ .usersize = offsetof(struct xt_nfacct_match_info, nfacct), ++ .me = THIS_MODULE, ++ }, ++ { ++ .name = "nfacct", ++ .revision = 1, ++ .family = NFPROTO_UNSPEC, ++ .checkentry = nfacct_mt_checkentry, ++ .match = nfacct_mt, ++ .destroy = nfacct_mt_destroy, ++ .matchsize = sizeof(struct xt_nfacct_match_info_v1), ++ .usersize = offsetof(struct xt_nfacct_match_info_v1, nfacct), ++ .me = THIS_MODULE, ++ }, + }; + + static int __init nfacct_mt_init(void) + { +- return xt_register_match(&nfacct_mt_reg); ++ return xt_register_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg)); + } + + static void __exit nfacct_mt_exit(void) + { +- xt_unregister_match(&nfacct_mt_reg); ++ xt_unregister_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg)); + } + + module_init(nfacct_mt_init); +diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c +index 79549baf5804..21b981abbacb 100644 +--- a/net/sched/sch_generic.c ++++ b/net/sched/sch_generic.c +@@ -703,7 +703,11 @@ static void qdisc_rcu_free(struct rcu_head *head) + + void qdisc_destroy(struct Qdisc *qdisc) + { +- const struct Qdisc_ops *ops = qdisc->ops; ++ const struct Qdisc_ops *ops; ++ ++ if (!qdisc) ++ return; ++ ops = qdisc->ops; + + if (qdisc->flags & TCQ_F_BUILTIN || + !refcount_dec_and_test(&qdisc->refcnt)) +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index c672a790df1c..f19d5a55f09e 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -9753,9 +9753,11 @@ static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev, + hyst = wdev->cqm_config->rssi_hyst; + n = wdev->cqm_config->n_rssi_thresholds; + +- for (i = 0; i < n; i++) ++ for (i = 0; i < n; i++) { ++ i = array_index_nospec(i, n); + if (last < wdev->cqm_config->rssi_thresholds[i]) + break; ++ } + + low_index = i - 1; + if (low_index >= 0) { +diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c +index 5e515791ccd1..1d34b2a5f485 100644 +--- a/security/keys/request_key_auth.c ++++ b/security/keys/request_key_auth.c +@@ -71,6 +71,9 @@ static void request_key_auth_describe(const struct key *key, + { + struct request_key_auth *rka = get_request_key_auth(key); + ++ if (!rka) ++ return; ++ + seq_puts(m, "key:"); + seq_puts(m, key->description); + if (key_is_positive(key)) +@@ -88,6 +91,9 @@ static long request_key_auth_read(const struct key *key, + size_t datalen; + long ret; + ++ if (!rka) ++ return -EKEYREVOKED; ++ + datalen = rka->callout_len; + ret = datalen; + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 3e5f8b3db272..19e345cf8193 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -4488,7 +4488,7 @@ int initialize_counters(int cpu_id) + + void allocate_output_buffer() + { +- output_buffer = calloc(1, (1 + topo.num_cpus) * 1024); ++ output_buffer = calloc(1, (1 + topo.num_cpus) * 2048); + outp = output_buffer; + if (outp == NULL) + err(-1, "calloc output buffer"); +diff --git a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c +index 65bbe627a425..2aba622d1c5a 100644 +--- a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c ++++ b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c +@@ -546,7 +546,7 @@ void cmdline(int argc, char **argv) + + progname = argv[0]; + +- while ((opt = getopt_long_only(argc, argv, "+a:c:dD:E:e:f:m:M:rt:u:vw", ++ while ((opt = getopt_long_only(argc, argv, "+a:c:dD:E:e:f:m:M:rt:u:vw:", + long_options, &option_index)) != -1) { + switch (opt) { + case 'a': +@@ -1260,6 +1260,15 @@ void probe_dev_msr(void) + if (system("/sbin/modprobe msr > /dev/null 2>&1")) + err(-5, "no /dev/cpu/0/msr, Try \"# modprobe msr\" "); + } ++ ++static void get_cpuid_or_exit(unsigned int leaf, ++ unsigned int *eax, unsigned int *ebx, ++ unsigned int *ecx, unsigned int *edx) ++{ ++ if (!__get_cpuid(leaf, eax, ebx, ecx, edx)) ++ errx(1, "Processor not supported\n"); ++} ++ + /* + * early_cpuid() + * initialize turbo_is_enabled, has_hwp, has_epb +@@ -1267,15 +1276,10 @@ void probe_dev_msr(void) + */ + void early_cpuid(void) + { +- unsigned int eax, ebx, ecx, edx, max_level; ++ unsigned int eax, ebx, ecx, edx; + unsigned int fms, family, model; + +- __get_cpuid(0, &max_level, &ebx, &ecx, &edx); +- +- if (max_level < 6) +- errx(1, "Processor not supported\n"); +- +- __get_cpuid(1, &fms, &ebx, &ecx, &edx); ++ get_cpuid_or_exit(1, &fms, &ebx, &ecx, &edx); + family = (fms >> 8) & 0xf; + model = (fms >> 4) & 0xf; + if (family == 6 || family == 0xf) +@@ -1289,7 +1293,7 @@ void early_cpuid(void) + bdx_highest_ratio = msr & 0xFF; + } + +- __get_cpuid(0x6, &eax, &ebx, &ecx, &edx); ++ get_cpuid_or_exit(0x6, &eax, &ebx, &ecx, &edx); + turbo_is_enabled = (eax >> 1) & 1; + has_hwp = (eax >> 7) & 1; + has_epb = (ecx >> 3) & 1; +@@ -1307,7 +1311,7 @@ void parse_cpuid(void) + + eax = ebx = ecx = edx = 0; + +- __get_cpuid(0, &max_level, &ebx, &ecx, &edx); ++ get_cpuid_or_exit(0, &max_level, &ebx, &ecx, &edx); + + if (ebx == 0x756e6547 && edx == 0x49656e69 && ecx == 0x6c65746e) + genuine_intel = 1; +@@ -1316,7 +1320,7 @@ void parse_cpuid(void) + fprintf(stderr, "CPUID(0): %.4s%.4s%.4s ", + (char *)&ebx, (char *)&edx, (char *)&ecx); + +- __get_cpuid(1, &fms, &ebx, &ecx, &edx); ++ get_cpuid_or_exit(1, &fms, &ebx, &ecx, &edx); + family = (fms >> 8) & 0xf; + model = (fms >> 4) & 0xf; + stepping = fms & 0xf; +@@ -1341,7 +1345,7 @@ void parse_cpuid(void) + errx(1, "CPUID: no MSR"); + + +- __get_cpuid(0x6, &eax, &ebx, &ecx, &edx); ++ get_cpuid_or_exit(0x6, &eax, &ebx, &ecx, &edx); + /* turbo_is_enabled already set */ + /* has_hwp already set */ + has_hwp_notify = eax & (1 << 8); +diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c +index 9e65feb6fa58..b9336693c87e 100644 +--- a/virt/kvm/coalesced_mmio.c ++++ b/virt/kvm/coalesced_mmio.c +@@ -40,7 +40,7 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, + return 1; + } + +-static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) ++static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev, u32 last) + { + struct kvm_coalesced_mmio_ring *ring; + unsigned avail; +@@ -52,7 +52,7 @@ static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) + * there is always one unused entry in the buffer + */ + ring = dev->kvm->coalesced_mmio_ring; +- avail = (ring->first - ring->last - 1) % KVM_COALESCED_MMIO_MAX; ++ avail = (ring->first - last - 1) % KVM_COALESCED_MMIO_MAX; + if (avail == 0) { + /* full */ + return 0; +@@ -67,24 +67,27 @@ static int coalesced_mmio_write(struct kvm_vcpu *vcpu, + { + struct kvm_coalesced_mmio_dev *dev = to_mmio(this); + struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring; ++ __u32 insert; + + if (!coalesced_mmio_in_range(dev, addr, len)) + return -EOPNOTSUPP; + + spin_lock(&dev->kvm->ring_lock); + +- if (!coalesced_mmio_has_room(dev)) { ++ insert = READ_ONCE(ring->last); ++ if (!coalesced_mmio_has_room(dev, insert) || ++ insert >= KVM_COALESCED_MMIO_MAX) { + spin_unlock(&dev->kvm->ring_lock); + return -EOPNOTSUPP; + } + + /* copy data in first free entry of the ring */ + +- ring->coalesced_mmio[ring->last].phys_addr = addr; +- ring->coalesced_mmio[ring->last].len = len; +- memcpy(ring->coalesced_mmio[ring->last].data, val, len); ++ ring->coalesced_mmio[insert].phys_addr = addr; ++ ring->coalesced_mmio[insert].len = len; ++ memcpy(ring->coalesced_mmio[insert].data, val, len); + smp_wmb(); +- ring->last = (ring->last + 1) % KVM_COALESCED_MMIO_MAX; ++ ring->last = (insert + 1) % KVM_COALESCED_MMIO_MAX; + spin_unlock(&dev->kvm->ring_lock); + return 0; + }