Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/kernel-alx/patches-4.9/0192-4.9.93-all-fixes.patch

    Contents of /trunk/kernel-alx/patches-4.9/0192-4.9.93-all-fixes.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 3169 - (show annotations) (download)
    Wed Aug 8 14:17:25 2018 UTC (5 years, 8 months ago) by niro
    File size: 121072 byte(s) 
    -linux-4.9.93
    1 diff --git a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
    2 index caf297bee1fb..c28d4eb83b76 100644
    3 --- a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
    4 +++ b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
    5 @@ -35,6 +35,15 @@ Optional properties:
    6 - ti,palmas-enable-dvfs2: Enable DVFS2. Configure pins for DVFS2 mode.
    7 Selection primary or secondary function associated to GPADC_START
    8 and SYSEN2 pin/pad for DVFS2 interface
    9 +- ti,palmas-override-powerhold: This is applicable for PMICs for which
    10 + GPIO7 is configured in POWERHOLD mode which has higher priority
    11 + over DEV_ON bit and keeps the PMIC supplies on even after the DEV_ON
    12 + bit is turned off. This property enables driver to over ride the
    13 + POWERHOLD value to GPIO7 so as to turn off the PMIC in power off
    14 + scenarios. So for GPIO7 if ti,palmas-override-powerhold is set
    15 + then the GPIO_7 field should never be muxed to anything else.
    16 + It should be set to POWERHOLD by default and only in case of
    17 + power off scenarios the driver will over ride the mux value.
    18
    19 This binding uses the following generic properties as defined in
    20 pinctrl-bindings.txt:
    21 diff --git a/Makefile b/Makefile
    22 index 3ab3b8203bf6..f5cf4159fc20 100644
    23 --- a/Makefile
    24 +++ b/Makefile
    25 @@ -1,6 +1,6 @@
    26 VERSION = 4
    27 PATCHLEVEL = 9
    28 -SUBLEVEL = 92
    29 +SUBLEVEL = 93
    30 EXTRAVERSION =
    31 NAME = Roaring Lionus
    32
    33 diff --git a/arch/arm/boot/dts/am335x-pepper.dts b/arch/arm/boot/dts/am335x-pepper.dts
    34 index 42b62f54e4b7..30e2f8770aaf 100644
    35 --- a/arch/arm/boot/dts/am335x-pepper.dts
    36 +++ b/arch/arm/boot/dts/am335x-pepper.dts
    37 @@ -139,7 +139,7 @@
    38 &audio_codec {
    39 status = "okay";
    40
    41 - reset-gpios = <&gpio1 16 GPIO_ACTIVE_LOW>;
    42 + gpio-reset = <&gpio1 16 GPIO_ACTIVE_LOW>;
    43 AVDD-supply = <&ldo3_reg>;
    44 IOVDD-supply = <&ldo3_reg>;
    45 DRVDD-supply = <&ldo3_reg>;
    46 diff --git a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
    47 index 6df7829a2c15..78bee26361f1 100644
    48 --- a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
    49 +++ b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
    50 @@ -204,6 +204,7 @@
    51 interrupt-controller;
    52
    53 ti,system-power-controller;
    54 + ti,palmas-override-powerhold;
    55
    56 tps659038_pmic {
    57 compatible = "ti,tps659038-pmic";
    58 diff --git a/arch/arm/boot/dts/am57xx-idk-common.dtsi b/arch/arm/boot/dts/am57xx-idk-common.dtsi
    59 index db858fff4e18..1cc62727e43a 100644
    60 --- a/arch/arm/boot/dts/am57xx-idk-common.dtsi
    61 +++ b/arch/arm/boot/dts/am57xx-idk-common.dtsi
    62 @@ -57,6 +57,7 @@
    63 #interrupt-cells = <2>;
    64 interrupt-controller;
    65 ti,system-power-controller;
    66 + ti,palmas-override-powerhold;
    67
    68 tps659038_pmic {
    69 compatible = "ti,tps659038-pmic";
    70 diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts
    71 index 132f2be10889..56311fd34f81 100644
    72 --- a/arch/arm/boot/dts/dra7-evm.dts
    73 +++ b/arch/arm/boot/dts/dra7-evm.dts
    74 @@ -398,6 +398,8 @@
    75 tps659038: tps659038@58 {
    76 compatible = "ti,tps659038";
    77 reg = <0x58>;
    78 + ti,palmas-override-powerhold;
    79 + ti,system-power-controller;
    80
    81 tps659038_pmic {
    82 compatible = "ti,tps659038-pmic";
    83 diff --git a/arch/arm/boot/dts/omap3-n900.dts b/arch/arm/boot/dts/omap3-n900.dts
    84 index 6003b29c0fc0..4d448f145ed1 100644
    85 --- a/arch/arm/boot/dts/omap3-n900.dts
    86 +++ b/arch/arm/boot/dts/omap3-n900.dts
    87 @@ -510,7 +510,7 @@
    88 tlv320aic3x: tlv320aic3x@18 {
    89 compatible = "ti,tlv320aic3x";
    90 reg = <0x18>;
    91 - reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
    92 + gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
    93 ai3x-gpio-func = <
    94 0 /* AIC3X_GPIO1_FUNC_DISABLED */
    95 5 /* AIC3X_GPIO2_FUNC_DIGITAL_MIC_INPUT */
    96 @@ -527,7 +527,7 @@
    97 tlv320aic3x_aux: tlv320aic3x@19 {
    98 compatible = "ti,tlv320aic3x";
    99 reg = <0x19>;
    100 - reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
    101 + gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
    102
    103 AVDD-supply = <&vmmc2>;
    104 DRVDD-supply = <&vmmc2>;
    105 diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c
    106 index da0b33deba6d..5629d7580973 100644
    107 --- a/arch/arm/vfp/vfpmodule.c
    108 +++ b/arch/arm/vfp/vfpmodule.c
    109 @@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
    110 */
    111 static int vfp_dying_cpu(unsigned int cpu)
    112 {
    113 - vfp_force_reload(cpu, current_thread_info());
    114 + vfp_current_hw_state[cpu] = NULL;
    115 return 0;
    116 }
    117
    118 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
    119 index 7769c2e27788..c8471cf46cbb 100644
    120 --- a/arch/arm64/Kconfig
    121 +++ b/arch/arm64/Kconfig
    122 @@ -733,6 +733,18 @@ config FORCE_MAX_ZONEORDER
    123 However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
    124 4M allocations matching the default size used by generic code.
    125
    126 +config UNMAP_KERNEL_AT_EL0
    127 + bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
    128 + default y
    129 + help
    130 + Speculation attacks against some high-performance processors can
    131 + be used to bypass MMU permission checks and leak kernel data to
    132 + userspace. This can be defended against by unmapping the kernel
    133 + when running in userspace, mapping it back in on exception entry
    134 + via a trampoline page in the vector table.
    135 +
    136 + If unsure, say Y.
    137 +
    138 menuconfig ARMV8_DEPRECATED
    139 bool "Emulate deprecated/obsolete ARMv8 instructions"
    140 depends on COMPAT
    141 diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
    142 index 851290d2bfe3..7193bf97b8da 100644
    143 --- a/arch/arm64/include/asm/assembler.h
    144 +++ b/arch/arm64/include/asm/assembler.h
    145 @@ -413,4 +413,7 @@ alternative_endif
    146 movk \reg, :abs_g0_nc:\val
    147 .endm
    148
    149 + .macro pte_to_phys, phys, pte
    150 + and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT)
    151 + .endm
    152 #endif /* __ASM_ASSEMBLER_H */
    153 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
    154 index 87b446535185..7ddf233f05bd 100644
    155 --- a/arch/arm64/include/asm/cpucaps.h
    156 +++ b/arch/arm64/include/asm/cpucaps.h
    157 @@ -34,7 +34,8 @@
    158 #define ARM64_HAS_32BIT_EL0 13
    159 #define ARM64_HYP_OFFSET_LOW 14
    160 #define ARM64_MISMATCHED_CACHE_LINE_SIZE 15
    161 +#define ARM64_UNMAP_KERNEL_AT_EL0 16
    162
    163 -#define ARM64_NCAPS 16
    164 +#define ARM64_NCAPS 17
    165
    166 #endif /* __ASM_CPUCAPS_H */
    167 diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
    168 index 26a68ddb11c1..1d47930c30dc 100644
    169 --- a/arch/arm64/include/asm/cputype.h
    170 +++ b/arch/arm64/include/asm/cputype.h
    171 @@ -81,6 +81,7 @@
    172
    173 #define CAVIUM_CPU_PART_THUNDERX 0x0A1
    174 #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2
    175 +#define CAVIUM_CPU_PART_THUNDERX2 0x0AF
    176
    177 #define BRCM_CPU_PART_VULCAN 0x516
    178
    179 @@ -88,6 +89,8 @@
    180 #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)
    181 #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
    182 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
    183 +#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2)
    184 +#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN)
    185
    186 #ifndef __ASSEMBLY__
    187
    188 diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
    189 index caf86be815ba..d8e58051f32d 100644
    190 --- a/arch/arm64/include/asm/fixmap.h
    191 +++ b/arch/arm64/include/asm/fixmap.h
    192 @@ -51,6 +51,12 @@ enum fixed_addresses {
    193
    194 FIX_EARLYCON_MEM_BASE,
    195 FIX_TEXT_POKE0,
    196 +
    197 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    198 + FIX_ENTRY_TRAMP_DATA,
    199 + FIX_ENTRY_TRAMP_TEXT,
    200 +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
    201 +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
    202 __end_of_permanent_fixed_addresses,
    203
    204 /*
    205 diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
    206 index 53211a0acf0f..5e3faba689e0 100644
    207 --- a/arch/arm64/include/asm/memory.h
    208 +++ b/arch/arm64/include/asm/memory.h
    209 @@ -64,8 +64,10 @@
    210 * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area.
    211 */
    212 #define VA_BITS (CONFIG_ARM64_VA_BITS)
    213 -#define VA_START (UL(0xffffffffffffffff) << VA_BITS)
    214 -#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1))
    215 +#define VA_START (UL(0xffffffffffffffff) - \
    216 + (UL(1) << VA_BITS) + 1)
    217 +#define PAGE_OFFSET (UL(0xffffffffffffffff) - \
    218 + (UL(1) << (VA_BITS - 1)) + 1)
    219 #define KIMAGE_VADDR (MODULES_END)
    220 #define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
    221 #define MODULES_VADDR (VA_START + KASAN_SHADOW_SIZE)
    222 diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
    223 index 8d9fce037b2f..a813edf28737 100644
    224 --- a/arch/arm64/include/asm/mmu.h
    225 +++ b/arch/arm64/include/asm/mmu.h
    226 @@ -16,6 +16,10 @@
    227 #ifndef __ASM_MMU_H
    228 #define __ASM_MMU_H
    229
    230 +#define USER_ASID_FLAG (UL(1) << 48)
    231 +
    232 +#ifndef __ASSEMBLY__
    233 +
    234 typedef struct {
    235 atomic64_t id;
    236 void *vdso;
    237 @@ -28,6 +32,12 @@ typedef struct {
    238 */
    239 #define ASID(mm) ((mm)->context.id.counter & 0xffff)
    240
    241 +static inline bool arm64_kernel_unmapped_at_el0(void)
    242 +{
    243 + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) &&
    244 + cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0);
    245 +}
    246 +
    247 extern void paging_init(void);
    248 extern void bootmem_init(void);
    249 extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt);
    250 @@ -37,4 +47,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
    251 pgprot_t prot, bool allow_block_mappings);
    252 extern void *fixmap_remap_fdt(phys_addr_t dt_phys);
    253
    254 +#endif /* !__ASSEMBLY__ */
    255 #endif
    256 diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h
    257 index a50185375f09..b96c4799f881 100644
    258 --- a/arch/arm64/include/asm/mmu_context.h
    259 +++ b/arch/arm64/include/asm/mmu_context.h
    260 @@ -50,6 +50,13 @@ static inline void cpu_set_reserved_ttbr0(void)
    261 isb();
    262 }
    263
    264 +static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm)
    265 +{
    266 + BUG_ON(pgd == swapper_pg_dir);
    267 + cpu_set_reserved_ttbr0();
    268 + cpu_do_switch_mm(virt_to_phys(pgd),mm);
    269 +}
    270 +
    271 /*
    272 * TCR.T0SZ value to use when the ID map is active. Usually equals
    273 * TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in
    274 diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
    275 index eb0c2bd90de9..8df4cb6ac6f7 100644
    276 --- a/arch/arm64/include/asm/pgtable-hwdef.h
    277 +++ b/arch/arm64/include/asm/pgtable-hwdef.h
    278 @@ -272,6 +272,7 @@
    279 #define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT)
    280 #define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT)
    281
    282 +#define TCR_A1 (UL(1) << 22)
    283 #define TCR_ASID16 (UL(1) << 36)
    284 #define TCR_TBI0 (UL(1) << 37)
    285 #define TCR_HA (UL(1) << 39)
    286 diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
    287 index 2142c7726e76..f705d96a76f2 100644
    288 --- a/arch/arm64/include/asm/pgtable-prot.h
    289 +++ b/arch/arm64/include/asm/pgtable-prot.h
    290 @@ -34,8 +34,14 @@
    291
    292 #include <asm/pgtable-types.h>
    293
    294 -#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
    295 -#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
    296 +#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
    297 +#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
    298 +
    299 +#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0)
    300 +#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0)
    301 +
    302 +#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG)
    303 +#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG)
    304
    305 #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE))
    306 #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE))
    307 @@ -47,23 +53,24 @@
    308 #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
    309 #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
    310
    311 -#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
    312 +#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
    313 +#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT
    314
    315 -#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE)
    316 -#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
    317 -#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
    318 -#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
    319 -#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
    320 +#define PAGE_KERNEL __pgprot(PROT_NORMAL)
    321 +#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
    322 +#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
    323 +#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN)
    324 +#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT)
    325
    326 -#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
    327 -#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
    328 -#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
    329 +#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
    330 +#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
    331 +#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
    332 #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP)
    333
    334 -#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
    335 -#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
    336 +#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
    337 +#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
    338
    339 -#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_PXN | PTE_UXN)
    340 +#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_NG | PTE_PXN | PTE_UXN)
    341 #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
    342 #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
    343 #define PAGE_COPY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN)
    344 diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
    345 index 7acd3c5c7643..3a30a3994e4a 100644
    346 --- a/arch/arm64/include/asm/pgtable.h
    347 +++ b/arch/arm64/include/asm/pgtable.h
    348 @@ -692,6 +692,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
    349
    350 extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
    351 extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
    352 +extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
    353
    354 /*
    355 * Encode and decode a swap entry:
    356 diff --git a/arch/arm64/include/asm/proc-fns.h b/arch/arm64/include/asm/proc-fns.h
    357 index 14ad6e4e87d1..16cef2e8449e 100644
    358 --- a/arch/arm64/include/asm/proc-fns.h
    359 +++ b/arch/arm64/include/asm/proc-fns.h
    360 @@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr, u64 idmap_ttbr);
    361
    362 #include <asm/memory.h>
    363
    364 -#define cpu_switch_mm(pgd,mm) \
    365 -do { \
    366 - BUG_ON(pgd == swapper_pg_dir); \
    367 - cpu_do_switch_mm(virt_to_phys(pgd),mm); \
    368 -} while (0)
    369 -
    370 #endif /* __ASSEMBLY__ */
    371 #endif /* __KERNEL__ */
    372 #endif /* __ASM_PROCFNS_H */
    373 diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
    374 index 7393cc767edb..7cb7f7cdcfbc 100644
    375 --- a/arch/arm64/include/asm/sysreg.h
    376 +++ b/arch/arm64/include/asm/sysreg.h
    377 @@ -117,6 +117,7 @@
    378 #define ID_AA64ISAR0_AES_SHIFT 4
    379
    380 /* id_aa64pfr0 */
    381 +#define ID_AA64PFR0_CSV3_SHIFT 60
    382 #define ID_AA64PFR0_GIC_SHIFT 24
    383 #define ID_AA64PFR0_ASIMD_SHIFT 20
    384 #define ID_AA64PFR0_FP_SHIFT 16
    385 diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
    386 index deab52374119..ad6bd8b26ada 100644
    387 --- a/arch/arm64/include/asm/tlbflush.h
    388 +++ b/arch/arm64/include/asm/tlbflush.h
    389 @@ -23,6 +23,7 @@
    390
    391 #include <linux/sched.h>
    392 #include <asm/cputype.h>
    393 +#include <asm/mmu.h>
    394
    395 /*
    396 * Raw TLBI operations.
    397 @@ -42,6 +43,11 @@
    398
    399 #define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0)
    400
    401 +#define __tlbi_user(op, arg) do { \
    402 + if (arm64_kernel_unmapped_at_el0()) \
    403 + __tlbi(op, (arg) | USER_ASID_FLAG); \
    404 +} while (0)
    405 +
    406 /*
    407 * TLB Management
    408 * ==============
    409 @@ -103,6 +109,7 @@ static inline void flush_tlb_mm(struct mm_struct *mm)
    410
    411 dsb(ishst);
    412 __tlbi(aside1is, asid);
    413 + __tlbi_user(aside1is, asid);
    414 dsb(ish);
    415 }
    416
    417 @@ -113,6 +120,7 @@ static inline void flush_tlb_page(struct vm_area_struct *vma,
    418
    419 dsb(ishst);
    420 __tlbi(vale1is, addr);
    421 + __tlbi_user(vale1is, addr);
    422 dsb(ish);
    423 }
    424
    425 @@ -139,10 +147,13 @@ static inline void __flush_tlb_range(struct vm_area_struct *vma,
    426
    427 dsb(ishst);
    428 for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) {
    429 - if (last_level)
    430 + if (last_level) {
    431 __tlbi(vale1is, addr);
    432 - else
    433 + __tlbi_user(vale1is, addr);
    434 + } else {
    435 __tlbi(vae1is, addr);
    436 + __tlbi_user(vae1is, addr);
    437 + }
    438 }
    439 dsb(ish);
    440 }
    441 @@ -182,6 +193,7 @@ static inline void __flush_tlb_pgtable(struct mm_struct *mm,
    442 unsigned long addr = uaddr >> 12 | (ASID(mm) << 48);
    443
    444 __tlbi(vae1is, addr);
    445 + __tlbi_user(vae1is, addr);
    446 dsb(ish);
    447 }
    448
    449 diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
    450 index c58ddf8c4062..5f4bf3c6f016 100644
    451 --- a/arch/arm64/kernel/asm-offsets.c
    452 +++ b/arch/arm64/kernel/asm-offsets.c
    453 @@ -24,6 +24,7 @@
    454 #include <linux/kvm_host.h>
    455 #include <linux/suspend.h>
    456 #include <asm/cpufeature.h>
    457 +#include <asm/fixmap.h>
    458 #include <asm/thread_info.h>
    459 #include <asm/memory.h>
    460 #include <asm/smp_plat.h>
    461 @@ -144,11 +145,14 @@ int main(void)
    462 DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
    463 DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
    464 DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
    465 -
    466 BLANK();
    467 DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address));
    468 DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address));
    469 DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next));
    470 DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val));
    471 + BLANK();
    472 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    473 + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS);
    474 +#endif
    475 return 0;
    476 }
    477 diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S
    478 index 65f42d257414..f736a6f81ecd 100644
    479 --- a/arch/arm64/kernel/cpu-reset.S
    480 +++ b/arch/arm64/kernel/cpu-reset.S
    481 @@ -16,7 +16,7 @@
    482 #include <asm/virt.h>
    483
    484 .text
    485 -.pushsection .idmap.text, "ax"
    486 +.pushsection .idmap.text, "awx"
    487
    488 /*
    489 * __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for
    490 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
    491 index 3a129d48674e..5056fc597ae9 100644
    492 --- a/arch/arm64/kernel/cpufeature.c
    493 +++ b/arch/arm64/kernel/cpufeature.c
    494 @@ -93,7 +93,8 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
    495 };
    496
    497 static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
    498 - ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 32, 0),
    499 + ARM64_FTR_BITS(FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0),
    500 + ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 28, 0),
    501 ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 4, 0),
    502 ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0),
    503 S_ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI),
    504 @@ -746,6 +747,86 @@ static bool hyp_offset_low(const struct arm64_cpu_capabilities *entry,
    505 return idmap_addr > GENMASK(VA_BITS - 2, 0) && !is_kernel_in_hyp_mode();
    506 }
    507
    508 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    509 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
    510 +
    511 +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
    512 + int __unused)
    513 +{
    514 + char const *str = "command line option";
    515 + u64 pfr0 = read_system_reg(SYS_ID_AA64PFR0_EL1);
    516 +
    517 + /*
    518 + * For reasons that aren't entirely clear, enabling KPTI on Cavium
    519 + * ThunderX leads to apparent I-cache corruption of kernel text, which
    520 + * ends as well as you might imagine. Don't even try.
    521 + */
    522 + if (cpus_have_cap(ARM64_WORKAROUND_CAVIUM_27456)) {
    523 + str = "ARM64_WORKAROUND_CAVIUM_27456";
    524 + __kpti_forced = -1;
    525 + }
    526 +
    527 + /* Forced? */
    528 + if (__kpti_forced) {
    529 + pr_info_once("kernel page table isolation forced %s by %s\n",
    530 + __kpti_forced > 0 ? "ON" : "OFF", str);
    531 + return __kpti_forced > 0;
    532 + }
    533 +
    534 + /* Useful for KASLR robustness */
    535 + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
    536 + return true;
    537 +
    538 + /* Don't force KPTI for CPUs that are not vulnerable */
    539 + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
    540 + case MIDR_CAVIUM_THUNDERX2:
    541 + case MIDR_BRCM_VULCAN:
    542 + return false;
    543 + }
    544 +
    545 + /* Defer to CPU feature registers */
    546 + return !cpuid_feature_extract_unsigned_field(pfr0,
    547 + ID_AA64PFR0_CSV3_SHIFT);
    548 +}
    549 +
    550 +static int kpti_install_ng_mappings(void *__unused)
    551 +{
    552 + typedef void (kpti_remap_fn)(int, int, phys_addr_t);
    553 + extern kpti_remap_fn idmap_kpti_install_ng_mappings;
    554 + kpti_remap_fn *remap_fn;
    555 +
    556 + static bool kpti_applied = false;
    557 + int cpu = smp_processor_id();
    558 +
    559 + if (kpti_applied)
    560 + return 0;
    561 +
    562 + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
    563 +
    564 + cpu_install_idmap();
    565 + remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir));
    566 + cpu_uninstall_idmap();
    567 +
    568 + if (!cpu)
    569 + kpti_applied = true;
    570 +
    571 + return 0;
    572 +}
    573 +
    574 +static int __init parse_kpti(char *str)
    575 +{
    576 + bool enabled;
    577 + int ret = strtobool(str, &enabled);
    578 +
    579 + if (ret)
    580 + return ret;
    581 +
    582 + __kpti_forced = enabled ? 1 : -1;
    583 + return 0;
    584 +}
    585 +__setup("kpti=", parse_kpti);
    586 +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
    587 +
    588 static const struct arm64_cpu_capabilities arm64_features[] = {
    589 {
    590 .desc = "GIC system register CPU interface",
    591 @@ -829,6 +910,15 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
    592 .def_scope = SCOPE_SYSTEM,
    593 .matches = hyp_offset_low,
    594 },
    595 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    596 + {
    597 + .desc = "Kernel page table isolation (KPTI)",
    598 + .capability = ARM64_UNMAP_KERNEL_AT_EL0,
    599 + .def_scope = SCOPE_SYSTEM,
    600 + .matches = unmap_kernel_at_el0,
    601 + .enable = kpti_install_ng_mappings,
    602 + },
    603 +#endif
    604 {},
    605 };
    606
    607 @@ -922,6 +1012,26 @@ static void __init setup_elf_hwcaps(const struct arm64_cpu_capabilities *hwcaps)
    608 cap_set_elf_hwcap(hwcaps);
    609 }
    610
    611 +/*
    612 + * Check if the current CPU has a given feature capability.
    613 + * Should be called from non-preemptible context.
    614 + */
    615 +static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array,
    616 + unsigned int cap)
    617 +{
    618 + const struct arm64_cpu_capabilities *caps;
    619 +
    620 + if (WARN_ON(preemptible()))
    621 + return false;
    622 +
    623 + for (caps = cap_array; caps->desc; caps++)
    624 + if (caps->capability == cap &&
    625 + caps->matches &&
    626 + caps->matches(caps, SCOPE_LOCAL_CPU))
    627 + return true;
    628 + return false;
    629 +}
    630 +
    631 void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
    632 const char *info)
    633 {
    634 @@ -990,8 +1100,9 @@ verify_local_elf_hwcaps(const struct arm64_cpu_capabilities *caps)
    635 }
    636
    637 static void
    638 -verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
    639 +verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list)
    640 {
    641 + const struct arm64_cpu_capabilities *caps = caps_list;
    642 for (; caps->matches; caps++) {
    643 if (!cpus_have_cap(caps->capability))
    644 continue;
    645 @@ -999,7 +1110,7 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
    646 * If the new CPU misses an advertised feature, we cannot proceed
    647 * further, park the cpu.
    648 */
    649 - if (!caps->matches(caps, SCOPE_LOCAL_CPU)) {
    650 + if (!__this_cpu_has_cap(caps_list, caps->capability)) {
    651 pr_crit("CPU%d: missing feature: %s\n",
    652 smp_processor_id(), caps->desc);
    653 cpu_die_early();
    654 @@ -1052,22 +1163,12 @@ static void __init setup_feature_capabilities(void)
    655 enable_cpu_capabilities(arm64_features);
    656 }
    657
    658 -/*
    659 - * Check if the current CPU has a given feature capability.
    660 - * Should be called from non-preemptible context.
    661 - */
    662 +extern const struct arm64_cpu_capabilities arm64_errata[];
    663 +
    664 bool this_cpu_has_cap(unsigned int cap)
    665 {
    666 - const struct arm64_cpu_capabilities *caps;
    667 -
    668 - if (WARN_ON(preemptible()))
    669 - return false;
    670 -
    671 - for (caps = arm64_features; caps->desc; caps++)
    672 - if (caps->capability == cap && caps->matches)
    673 - return caps->matches(caps, SCOPE_LOCAL_CPU);
    674 -
    675 - return false;
    676 + return (__this_cpu_has_cap(arm64_features, cap) ||
    677 + __this_cpu_has_cap(arm64_errata, cap));
    678 }
    679
    680 void __init setup_cpu_features(void)
    681 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
    682 index b4c7db434654..8d1600b18562 100644
    683 --- a/arch/arm64/kernel/entry.S
    684 +++ b/arch/arm64/kernel/entry.S
    685 @@ -29,9 +29,11 @@
    686 #include <asm/esr.h>
    687 #include <asm/irq.h>
    688 #include <asm/memory.h>
    689 +#include <asm/mmu.h>
    690 #include <asm/thread_info.h>
    691 #include <asm/asm-uaccess.h>
    692 #include <asm/unistd.h>
    693 +#include <asm/kernel-pgtable.h>
    694
    695 /*
    696 * Context tracking subsystem. Used to instrument transitions
    697 @@ -68,8 +70,31 @@
    698 #define BAD_FIQ 2
    699 #define BAD_ERROR 3
    700
    701 - .macro kernel_entry, el, regsize = 64
    702 + .macro kernel_ventry, el, label, regsize = 64
    703 + .align 7
    704 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    705 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0
    706 + .if \el == 0
    707 + .if \regsize == 64
    708 + mrs x30, tpidrro_el0
    709 + msr tpidrro_el0, xzr
    710 + .else
    711 + mov x30, xzr
    712 + .endif
    713 + .endif
    714 +alternative_else_nop_endif
    715 +#endif
    716 +
    717 sub sp, sp, #S_FRAME_SIZE
    718 + b el\()\el\()_\label
    719 + .endm
    720 +
    721 + .macro tramp_alias, dst, sym
    722 + mov_q \dst, TRAMP_VALIAS
    723 + add \dst, \dst, #(\sym - .entry.tramp.text)
    724 + .endm
    725 +
    726 + .macro kernel_entry, el, regsize = 64
    727 .if \regsize == 32
    728 mov w0, w0 // zero upper 32 bits of x0
    729 .endif
    730 @@ -150,18 +175,20 @@
    731 ct_user_enter
    732 ldr x23, [sp, #S_SP] // load return stack pointer
    733 msr sp_el0, x23
    734 + tst x22, #PSR_MODE32_BIT // native task?
    735 + b.eq 3f
    736 +
    737 #ifdef CONFIG_ARM64_ERRATUM_845719
    738 alternative_if ARM64_WORKAROUND_845719
    739 - tbz x22, #4, 1f
    740 #ifdef CONFIG_PID_IN_CONTEXTIDR
    741 mrs x29, contextidr_el1
    742 msr contextidr_el1, x29
    743 #else
    744 msr contextidr_el1, xzr
    745 #endif
    746 -1:
    747 alternative_else_nop_endif
    748 #endif
    749 +3:
    750 .endif
    751 msr elr_el1, x21 // set up the return data
    752 msr spsr_el1, x22
    753 @@ -182,7 +209,21 @@ alternative_else_nop_endif
    754 ldp x28, x29, [sp, #16 * 14]
    755 ldr lr, [sp, #S_LR]
    756 add sp, sp, #S_FRAME_SIZE // restore sp
    757 - eret // return to kernel
    758 +
    759 + .if \el == 0
    760 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
    761 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    762 + bne 4f
    763 + msr far_el1, x30
    764 + tramp_alias x30, tramp_exit_native
    765 + br x30
    766 +4:
    767 + tramp_alias x30, tramp_exit_compat
    768 + br x30
    769 +#endif
    770 + .else
    771 + eret
    772 + .endif
    773 .endm
    774
    775 .macro get_thread_info, rd
    776 @@ -257,31 +298,31 @@ tsk .req x28 // current thread_info
    777
    778 .align 11
    779 ENTRY(vectors)
    780 - ventry el1_sync_invalid // Synchronous EL1t
    781 - ventry el1_irq_invalid // IRQ EL1t
    782 - ventry el1_fiq_invalid // FIQ EL1t
    783 - ventry el1_error_invalid // Error EL1t
    784 + kernel_ventry 1, sync_invalid // Synchronous EL1t
    785 + kernel_ventry 1, irq_invalid // IRQ EL1t
    786 + kernel_ventry 1, fiq_invalid // FIQ EL1t
    787 + kernel_ventry 1, error_invalid // Error EL1t
    788
    789 - ventry el1_sync // Synchronous EL1h
    790 - ventry el1_irq // IRQ EL1h
    791 - ventry el1_fiq_invalid // FIQ EL1h
    792 - ventry el1_error_invalid // Error EL1h
    793 + kernel_ventry 1, sync // Synchronous EL1h
    794 + kernel_ventry 1, irq // IRQ EL1h
    795 + kernel_ventry 1, fiq_invalid // FIQ EL1h
    796 + kernel_ventry 1, error_invalid // Error EL1h
    797
    798 - ventry el0_sync // Synchronous 64-bit EL0
    799 - ventry el0_irq // IRQ 64-bit EL0
    800 - ventry el0_fiq_invalid // FIQ 64-bit EL0
    801 - ventry el0_error_invalid // Error 64-bit EL0
    802 + kernel_ventry 0, sync // Synchronous 64-bit EL0
    803 + kernel_ventry 0, irq // IRQ 64-bit EL0
    804 + kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0
    805 + kernel_ventry 0, error_invalid // Error 64-bit EL0
    806
    807 #ifdef CONFIG_COMPAT
    808 - ventry el0_sync_compat // Synchronous 32-bit EL0
    809 - ventry el0_irq_compat // IRQ 32-bit EL0
    810 - ventry el0_fiq_invalid_compat // FIQ 32-bit EL0
    811 - ventry el0_error_invalid_compat // Error 32-bit EL0
    812 + kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0
    813 + kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0
    814 + kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0
    815 + kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0
    816 #else
    817 - ventry el0_sync_invalid // Synchronous 32-bit EL0
    818 - ventry el0_irq_invalid // IRQ 32-bit EL0
    819 - ventry el0_fiq_invalid // FIQ 32-bit EL0
    820 - ventry el0_error_invalid // Error 32-bit EL0
    821 + kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0
    822 + kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0
    823 + kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0
    824 + kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0
    825 #endif
    826 END(vectors)
    827
    828 @@ -801,6 +842,105 @@ __ni_sys_trace:
    829
    830 .popsection // .entry.text
    831
    832 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    833 +/*
    834 + * Exception vectors trampoline.
    835 + */
    836 + .pushsection ".entry.tramp.text", "ax"
    837 +
    838 + .macro tramp_map_kernel, tmp
    839 + mrs \tmp, ttbr1_el1
    840 + sub \tmp, \tmp, #SWAPPER_DIR_SIZE
    841 + bic \tmp, \tmp, #USER_ASID_FLAG
    842 + msr ttbr1_el1, \tmp
    843 + .endm
    844 +
    845 + .macro tramp_unmap_kernel, tmp
    846 + mrs \tmp, ttbr1_el1
    847 + add \tmp, \tmp, #SWAPPER_DIR_SIZE
    848 + orr \tmp, \tmp, #USER_ASID_FLAG
    849 + msr ttbr1_el1, \tmp
    850 + /*
    851 + * We avoid running the post_ttbr_update_workaround here because
    852 + * it's only needed by Cavium ThunderX, which requires KPTI to be
    853 + * disabled.
    854 + */
    855 + .endm
    856 +
    857 + .macro tramp_ventry, regsize = 64
    858 + .align 7
    859 +1:
    860 + .if \regsize == 64
    861 + msr tpidrro_el0, x30 // Restored in kernel_ventry
    862 + .endif
    863 + /*
    864 + * Defend against branch aliasing attacks by pushing a dummy
    865 + * entry onto the return stack and using a RET instruction to
    866 + * enter the full-fat kernel vectors.
    867 + */
    868 + bl 2f
    869 + b .
    870 +2:
    871 + tramp_map_kernel x30
    872 +#ifdef CONFIG_RANDOMIZE_BASE
    873 + adr x30, tramp_vectors + PAGE_SIZE
    874 + isb
    875 + ldr x30, [x30]
    876 +#else
    877 + ldr x30, =vectors
    878 +#endif
    879 + prfm plil1strm, [x30, #(1b - tramp_vectors)]
    880 + msr vbar_el1, x30
    881 + add x30, x30, #(1b - tramp_vectors)
    882 + isb
    883 + ret
    884 + .endm
    885 +
    886 + .macro tramp_exit, regsize = 64
    887 + adr x30, tramp_vectors
    888 + msr vbar_el1, x30
    889 + tramp_unmap_kernel x30
    890 + .if \regsize == 64
    891 + mrs x30, far_el1
    892 + .endif
    893 + eret
    894 + .endm
    895 +
    896 + .align 11
    897 +ENTRY(tramp_vectors)
    898 + .space 0x400
    899 +
    900 + tramp_ventry
    901 + tramp_ventry
    902 + tramp_ventry
    903 + tramp_ventry
    904 +
    905 + tramp_ventry 32
    906 + tramp_ventry 32
    907 + tramp_ventry 32
    908 + tramp_ventry 32
    909 +END(tramp_vectors)
    910 +
    911 +ENTRY(tramp_exit_native)
    912 + tramp_exit
    913 +END(tramp_exit_native)
    914 +
    915 +ENTRY(tramp_exit_compat)
    916 + tramp_exit 32
    917 +END(tramp_exit_compat)
    918 +
    919 + .ltorg
    920 + .popsection // .entry.tramp.text
    921 +#ifdef CONFIG_RANDOMIZE_BASE
    922 + .pushsection ".rodata", "a"
    923 + .align PAGE_SHIFT
    924 + .globl __entry_tramp_data_start
    925 +__entry_tramp_data_start:
    926 + .quad vectors
    927 + .popsection // .rodata
    928 +#endif /* CONFIG_RANDOMIZE_BASE */
    929 +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
    930 +
    931 /*
    932 * Special system call wrappers.
    933 */
    934 diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
    935 index 539bebc1222f..fa52817d84c5 100644
    936 --- a/arch/arm64/kernel/head.S
    937 +++ b/arch/arm64/kernel/head.S
    938 @@ -473,7 +473,7 @@ ENDPROC(__primary_switched)
    939 * end early head section, begin head code that is also used for
    940 * hotplug and needs to have the same protections as the text region
    941 */
    942 - .section ".idmap.text","ax"
    943 + .section ".idmap.text","awx"
    944
    945 ENTRY(kimage_vaddr)
    946 .quad _text - TEXT_OFFSET
    947 diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
    948 index 0e7394915c70..0972ce58316d 100644
    949 --- a/arch/arm64/kernel/process.c
    950 +++ b/arch/arm64/kernel/process.c
    951 @@ -306,17 +306,17 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start,
    952
    953 static void tls_thread_switch(struct task_struct *next)
    954 {
    955 - unsigned long tpidr, tpidrro;
    956 + unsigned long tpidr;
    957
    958 tpidr = read_sysreg(tpidr_el0);
    959 *task_user_tls(current) = tpidr;
    960
    961 - tpidr = *task_user_tls(next);
    962 - tpidrro = is_compat_thread(task_thread_info(next)) ?
    963 - next->thread.tp_value : 0;
    964 + if (is_compat_thread(task_thread_info(next)))
    965 + write_sysreg(next->thread.tp_value, tpidrro_el0);
    966 + else if (!arm64_kernel_unmapped_at_el0())
    967 + write_sysreg(0, tpidrro_el0);
    968
    969 - write_sysreg(tpidr, tpidr_el0);
    970 - write_sysreg(tpidrro, tpidrro_el0);
    971 + write_sysreg(*task_user_tls(next), tpidr_el0);
    972 }
    973
    974 /* Restore the UAO state depending on next's addr_limit */
    975 diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S
    976 index 1bec41b5fda3..0030d6964e65 100644
    977 --- a/arch/arm64/kernel/sleep.S
    978 +++ b/arch/arm64/kernel/sleep.S
    979 @@ -95,7 +95,7 @@ ENTRY(__cpu_suspend_enter)
    980 ret
    981 ENDPROC(__cpu_suspend_enter)
    982
    983 - .pushsection ".idmap.text", "ax"
    984 + .pushsection ".idmap.text", "awx"
    985 ENTRY(cpu_resume)
    986 bl el2_setup // if in EL2 drop to EL1 cleanly
    987 bl __cpu_setup
    988 diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
    989 index 1105aab1e6d6..6a584558b29d 100644
    990 --- a/arch/arm64/kernel/vmlinux.lds.S
    991 +++ b/arch/arm64/kernel/vmlinux.lds.S
    992 @@ -56,6 +56,17 @@ jiffies = jiffies_64;
    993 #define HIBERNATE_TEXT
    994 #endif
    995
    996 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    997 +#define TRAMP_TEXT \
    998 + . = ALIGN(PAGE_SIZE); \
    999 + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \
    1000 + *(.entry.tramp.text) \
    1001 + . = ALIGN(PAGE_SIZE); \
    1002 + VMLINUX_SYMBOL(__entry_tramp_text_end) = .;
    1003 +#else
    1004 +#define TRAMP_TEXT
    1005 +#endif
    1006 +
    1007 /*
    1008 * The size of the PE/COFF section that covers the kernel image, which
    1009 * runs from stext to _edata, must be a round multiple of the PE/COFF
    1010 @@ -128,6 +139,7 @@ SECTIONS
    1011 HYPERVISOR_TEXT
    1012 IDMAP_TEXT
    1013 HIBERNATE_TEXT
    1014 + TRAMP_TEXT
    1015 *(.fixup)
    1016 *(.gnu.warning)
    1017 . = ALIGN(16);
    1018 @@ -216,6 +228,11 @@ SECTIONS
    1019 swapper_pg_dir = .;
    1020 . += SWAPPER_DIR_SIZE;
    1021
    1022 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    1023 + tramp_pg_dir = .;
    1024 + . += PAGE_SIZE;
    1025 +#endif
    1026 +
    1027 _end = .;
    1028
    1029 STABS_DEBUG
    1030 @@ -235,7 +252,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
    1031 ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
    1032 <= SZ_4K, "Hibernate exit text too big or misaligned")
    1033 #endif
    1034 -
    1035 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    1036 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE,
    1037 + "Entry trampoline text too big")
    1038 +#endif
    1039 /*
    1040 * If padding is applied before .head.text, virt<->phys conversions will fail.
    1041 */
    1042 diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
    1043 index efcf1f7ef1e4..f00f5eeb556f 100644
    1044 --- a/arch/arm64/mm/context.c
    1045 +++ b/arch/arm64/mm/context.c
    1046 @@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending;
    1047
    1048 #define ASID_MASK (~GENMASK(asid_bits - 1, 0))
    1049 #define ASID_FIRST_VERSION (1UL << asid_bits)
    1050 -#define NUM_USER_ASIDS ASID_FIRST_VERSION
    1051 +
    1052 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    1053 +#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1)
    1054 +#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1)
    1055 +#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK)
    1056 +#else
    1057 +#define NUM_USER_ASIDS (ASID_FIRST_VERSION)
    1058 +#define asid2idx(asid) ((asid) & ~ASID_MASK)
    1059 +#define idx2asid(idx) asid2idx(idx)
    1060 +#endif
    1061
    1062 /* Get the ASIDBits supported by the current CPU */
    1063 static u32 get_cpu_asid_bits(void)
    1064 @@ -104,7 +113,7 @@ static void flush_context(unsigned int cpu)
    1065 */
    1066 if (asid == 0)
    1067 asid = per_cpu(reserved_asids, i);
    1068 - __set_bit(asid & ~ASID_MASK, asid_map);
    1069 + __set_bit(asid2idx(asid), asid_map);
    1070 per_cpu(reserved_asids, i) = asid;
    1071 }
    1072
    1073 @@ -159,16 +168,16 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
    1074 * We had a valid ASID in a previous life, so try to re-use
    1075 * it if possible.
    1076 */
    1077 - asid &= ~ASID_MASK;
    1078 - if (!__test_and_set_bit(asid, asid_map))
    1079 + if (!__test_and_set_bit(asid2idx(asid), asid_map))
    1080 return newasid;
    1081 }
    1082
    1083 /*
    1084 * Allocate a free ASID. If we can't find one, take a note of the
    1085 - * currently active ASIDs and mark the TLBs as requiring flushes.
    1086 - * We always count from ASID #1, as we use ASID #0 when setting a
    1087 - * reserved TTBR0 for the init_mm.
    1088 + * currently active ASIDs and mark the TLBs as requiring flushes. We
    1089 + * always count from ASID #2 (index 1), as we use ASID #0 when setting
    1090 + * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd
    1091 + * pairs.
    1092 */
    1093 asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
    1094 if (asid != NUM_USER_ASIDS)
    1095 @@ -185,7 +194,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
    1096 set_asid:
    1097 __set_bit(asid, asid_map);
    1098 cur_idx = asid;
    1099 - return asid | generation;
    1100 + return idx2asid(asid) | generation;
    1101 }
    1102
    1103 void check_and_switch_context(struct mm_struct *mm, unsigned int cpu)
    1104 diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
    1105 index 638f7f2bd79c..4cd4862845cd 100644
    1106 --- a/arch/arm64/mm/mmu.c
    1107 +++ b/arch/arm64/mm/mmu.c
    1108 @@ -419,6 +419,37 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
    1109 vm_area_add_early(vma);
    1110 }
    1111
    1112 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    1113 +static int __init map_entry_trampoline(void)
    1114 +{
    1115 + extern char __entry_tramp_text_start[];
    1116 +
    1117 + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
    1118 + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
    1119 +
    1120 + /* The trampoline is always mapped and can therefore be global */
    1121 + pgprot_val(prot) &= ~PTE_NG;
    1122 +
    1123 + /* Map only the text into the trampoline page table */
    1124 + memset(tramp_pg_dir, 0, PGD_SIZE);
    1125 + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
    1126 + prot, pgd_pgtable_alloc, 0);
    1127 +
    1128 + /* Map both the text and data into the kernel page table */
    1129 + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
    1130 + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
    1131 + extern char __entry_tramp_data_start[];
    1132 +
    1133 + __set_fixmap(FIX_ENTRY_TRAMP_DATA,
    1134 + __pa_symbol(__entry_tramp_data_start),
    1135 + PAGE_KERNEL_RO);
    1136 + }
    1137 +
    1138 + return 0;
    1139 +}
    1140 +core_initcall(map_entry_trampoline);
    1141 +#endif
    1142 +
    1143 /*
    1144 * Create fine-grained mappings for the kernel.
    1145 */
    1146 diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
    1147 index 352c73b6a59e..c07d9cc057e6 100644
    1148 --- a/arch/arm64/mm/proc.S
    1149 +++ b/arch/arm64/mm/proc.S
    1150 @@ -83,7 +83,7 @@ ENDPROC(cpu_do_suspend)
    1151 *
    1152 * x0: Address of context pointer
    1153 */
    1154 - .pushsection ".idmap.text", "ax"
    1155 + .pushsection ".idmap.text", "awx"
    1156 ENTRY(cpu_do_resume)
    1157 ldp x2, x3, [x0]
    1158 ldp x4, x5, [x0, #16]
    1159 @@ -132,9 +132,12 @@ ENDPROC(cpu_do_resume)
    1160 * - pgd_phys - physical address of new TTB
    1161 */
    1162 ENTRY(cpu_do_switch_mm)
    1163 + mrs x2, ttbr1_el1
    1164 mmid x1, x1 // get mm->context.id
    1165 - bfi x0, x1, #48, #16 // set the ASID
    1166 - msr ttbr0_el1, x0 // set TTBR0
    1167 + bfi x2, x1, #48, #16 // set the ASID
    1168 + msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set)
    1169 + isb
    1170 + msr ttbr0_el1, x0 // now update TTBR0
    1171 isb
    1172 alternative_if ARM64_WORKAROUND_CAVIUM_27456
    1173 ic iallu
    1174 @@ -144,7 +147,17 @@ alternative_else_nop_endif
    1175 ret
    1176 ENDPROC(cpu_do_switch_mm)
    1177
    1178 - .pushsection ".idmap.text", "ax"
    1179 + .pushsection ".idmap.text", "awx"
    1180 +
    1181 +.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
    1182 + adrp \tmp1, empty_zero_page
    1183 + msr ttbr1_el1, \tmp1
    1184 + isb
    1185 + tlbi vmalle1
    1186 + dsb nsh
    1187 + isb
    1188 +.endm
    1189 +
    1190 /*
    1191 * void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd)
    1192 *
    1193 @@ -155,13 +168,7 @@ ENTRY(idmap_cpu_replace_ttbr1)
    1194 mrs x2, daif
    1195 msr daifset, #0xf
    1196
    1197 - adrp x1, empty_zero_page
    1198 - msr ttbr1_el1, x1
    1199 - isb
    1200 -
    1201 - tlbi vmalle1
    1202 - dsb nsh
    1203 - isb
    1204 + __idmap_cpu_set_reserved_ttbr1 x1, x3
    1205
    1206 msr ttbr1_el1, x0
    1207 isb
    1208 @@ -172,13 +179,196 @@ ENTRY(idmap_cpu_replace_ttbr1)
    1209 ENDPROC(idmap_cpu_replace_ttbr1)
    1210 .popsection
    1211
    1212 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    1213 + .pushsection ".idmap.text", "awx"
    1214 +
    1215 + .macro __idmap_kpti_get_pgtable_ent, type
    1216 + dc cvac, cur_\()\type\()p // Ensure any existing dirty
    1217 + dmb sy // lines are written back before
    1218 + ldr \type, [cur_\()\type\()p] // loading the entry
    1219 + tbz \type, #0, next_\()\type // Skip invalid entries
    1220 + .endm
    1221 +
    1222 + .macro __idmap_kpti_put_pgtable_ent_ng, type
    1223 + orr \type, \type, #PTE_NG // Same bit for blocks and pages
    1224 + str \type, [cur_\()\type\()p] // Update the entry and ensure it
    1225 + dc civac, cur_\()\type\()p // is visible to all CPUs.
    1226 + .endm
    1227 +
    1228 +/*
    1229 + * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
    1230 + *
    1231 + * Called exactly once from stop_machine context by each CPU found during boot.
    1232 + */
    1233 +__idmap_kpti_flag:
    1234 + .long 1
    1235 +ENTRY(idmap_kpti_install_ng_mappings)
    1236 + cpu .req w0
    1237 + num_cpus .req w1
    1238 + swapper_pa .req x2
    1239 + swapper_ttb .req x3
    1240 + flag_ptr .req x4
    1241 + cur_pgdp .req x5
    1242 + end_pgdp .req x6
    1243 + pgd .req x7
    1244 + cur_pudp .req x8
    1245 + end_pudp .req x9
    1246 + pud .req x10
    1247 + cur_pmdp .req x11
    1248 + end_pmdp .req x12
    1249 + pmd .req x13
    1250 + cur_ptep .req x14
    1251 + end_ptep .req x15
    1252 + pte .req x16
    1253 +
    1254 + mrs swapper_ttb, ttbr1_el1
    1255 + adr flag_ptr, __idmap_kpti_flag
    1256 +
    1257 + cbnz cpu, __idmap_kpti_secondary
    1258 +
    1259 + /* We're the boot CPU. Wait for the others to catch up */
    1260 + sevl
    1261 +1: wfe
    1262 + ldaxr w18, [flag_ptr]
    1263 + eor w18, w18, num_cpus
    1264 + cbnz w18, 1b
    1265 +
    1266 + /* We need to walk swapper, so turn off the MMU. */
    1267 + mrs x18, sctlr_el1
    1268 + bic x18, x18, #SCTLR_ELx_M
    1269 + msr sctlr_el1, x18
    1270 + isb
    1271 +
    1272 + /* Everybody is enjoying the idmap, so we can rewrite swapper. */
    1273 + /* PGD */
    1274 + mov cur_pgdp, swapper_pa
    1275 + add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8)
    1276 +do_pgd: __idmap_kpti_get_pgtable_ent pgd
    1277 + tbnz pgd, #1, walk_puds
    1278 + __idmap_kpti_put_pgtable_ent_ng pgd
    1279 +next_pgd:
    1280 + add cur_pgdp, cur_pgdp, #8
    1281 + cmp cur_pgdp, end_pgdp
    1282 + b.ne do_pgd
    1283 +
    1284 + /* Publish the updated tables and nuke all the TLBs */
    1285 + dsb sy
    1286 + tlbi vmalle1is
    1287 + dsb ish
    1288 + isb
    1289 +
    1290 + /* We're done: fire up the MMU again */
    1291 + mrs x18, sctlr_el1
    1292 + orr x18, x18, #SCTLR_ELx_M
    1293 + msr sctlr_el1, x18
    1294 + isb
    1295 +
    1296 + /* Set the flag to zero to indicate that we're all done */
    1297 + str wzr, [flag_ptr]
    1298 + ret
    1299 +
    1300 + /* PUD */
    1301 +walk_puds:
    1302 + .if CONFIG_PGTABLE_LEVELS > 3
    1303 + pte_to_phys cur_pudp, pgd
    1304 + add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8)
    1305 +do_pud: __idmap_kpti_get_pgtable_ent pud
    1306 + tbnz pud, #1, walk_pmds
    1307 + __idmap_kpti_put_pgtable_ent_ng pud
    1308 +next_pud:
    1309 + add cur_pudp, cur_pudp, 8
    1310 + cmp cur_pudp, end_pudp
    1311 + b.ne do_pud
    1312 + b next_pgd
    1313 + .else /* CONFIG_PGTABLE_LEVELS <= 3 */
    1314 + mov pud, pgd
    1315 + b walk_pmds
    1316 +next_pud:
    1317 + b next_pgd
    1318 + .endif
    1319 +
    1320 + /* PMD */
    1321 +walk_pmds:
    1322 + .if CONFIG_PGTABLE_LEVELS > 2
    1323 + pte_to_phys cur_pmdp, pud
    1324 + add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8)
    1325 +do_pmd: __idmap_kpti_get_pgtable_ent pmd
    1326 + tbnz pmd, #1, walk_ptes
    1327 + __idmap_kpti_put_pgtable_ent_ng pmd
    1328 +next_pmd:
    1329 + add cur_pmdp, cur_pmdp, #8
    1330 + cmp cur_pmdp, end_pmdp
    1331 + b.ne do_pmd
    1332 + b next_pud
    1333 + .else /* CONFIG_PGTABLE_LEVELS <= 2 */
    1334 + mov pmd, pud
    1335 + b walk_ptes
    1336 +next_pmd:
    1337 + b next_pud
    1338 + .endif
    1339 +
    1340 + /* PTE */
    1341 +walk_ptes:
    1342 + pte_to_phys cur_ptep, pmd
    1343 + add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8)
    1344 +do_pte: __idmap_kpti_get_pgtable_ent pte
    1345 + __idmap_kpti_put_pgtable_ent_ng pte
    1346 +next_pte:
    1347 + add cur_ptep, cur_ptep, #8
    1348 + cmp cur_ptep, end_ptep
    1349 + b.ne do_pte
    1350 + b next_pmd
    1351 +
    1352 + /* Secondary CPUs end up here */
    1353 +__idmap_kpti_secondary:
    1354 + /* Uninstall swapper before surgery begins */
    1355 + __idmap_cpu_set_reserved_ttbr1 x18, x17
    1356 +
    1357 + /* Increment the flag to let the boot CPU we're ready */
    1358 +1: ldxr w18, [flag_ptr]
    1359 + add w18, w18, #1
    1360 + stxr w17, w18, [flag_ptr]
    1361 + cbnz w17, 1b
    1362 +
    1363 + /* Wait for the boot CPU to finish messing around with swapper */
    1364 + sevl
    1365 +1: wfe
    1366 + ldxr w18, [flag_ptr]
    1367 + cbnz w18, 1b
    1368 +
    1369 + /* All done, act like nothing happened */
    1370 + msr ttbr1_el1, swapper_ttb
    1371 + isb
    1372 + ret
    1373 +
    1374 + .unreq cpu
    1375 + .unreq num_cpus
    1376 + .unreq swapper_pa
    1377 + .unreq swapper_ttb
    1378 + .unreq flag_ptr
    1379 + .unreq cur_pgdp
    1380 + .unreq end_pgdp
    1381 + .unreq pgd
    1382 + .unreq cur_pudp
    1383 + .unreq end_pudp
    1384 + .unreq pud
    1385 + .unreq cur_pmdp
    1386 + .unreq end_pmdp
    1387 + .unreq pmd
    1388 + .unreq cur_ptep
    1389 + .unreq end_ptep
    1390 + .unreq pte
    1391 +ENDPROC(idmap_kpti_install_ng_mappings)
    1392 + .popsection
    1393 +#endif
    1394 +
    1395 /*
    1396 * __cpu_setup
    1397 *
    1398 * Initialise the processor for turning the MMU on. Return in x0 the
    1399 * value of the SCTLR_EL1 register.
    1400 */
    1401 - .pushsection ".idmap.text", "ax"
    1402 + .pushsection ".idmap.text", "awx"
    1403 ENTRY(__cpu_setup)
    1404 tlbi vmalle1 // Invalidate local TLB
    1405 dsb nsh
    1406 @@ -222,7 +412,7 @@ ENTRY(__cpu_setup)
    1407 * both user and kernel.
    1408 */
    1409 ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \
    1410 - TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0
    1411 + TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1
    1412 tcr_set_idmap_t0sz x10, x9
    1413
    1414 /*
    1415 diff --git a/arch/frv/include/asm/timex.h b/arch/frv/include/asm/timex.h
    1416 index a89bddefdacf..139093fab326 100644
    1417 --- a/arch/frv/include/asm/timex.h
    1418 +++ b/arch/frv/include/asm/timex.h
    1419 @@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void)
    1420 #define vxtime_lock() do {} while (0)
    1421 #define vxtime_unlock() do {} while (0)
    1422
    1423 +/* This attribute is used in include/linux/jiffies.h alongside with
    1424 + * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp
    1425 + * for frv does not contain another section specification.
    1426 + */
    1427 +#define __jiffy_arch_data __attribute__((__section__(".data")))
    1428 +
    1429 #endif
    1430
    1431 diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
    1432 index 7614d1dd2c0b..94b5dfb087e9 100644
    1433 --- a/arch/powerpc/kernel/exceptions-64s.S
    1434 +++ b/arch/powerpc/kernel/exceptions-64s.S
    1435 @@ -723,7 +723,7 @@ EXC_COMMON_BEGIN(bad_addr_slb)
    1436 ld r3, PACA_EXSLB+EX_DAR(r13)
    1437 std r3, _DAR(r1)
    1438 beq cr6, 2f
    1439 - li r10, 0x480 /* fix trap number for I-SLB miss */
    1440 + li r10, 0x481 /* fix trap number for I-SLB miss */
    1441 std r10, _TRAP(r1)
    1442 2: bl save_nvgprs
    1443 addi r3, r1, STACK_FRAME_OVERHEAD
    1444 diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
    1445 index 028a22bfa90c..ad713f741ca8 100644
    1446 --- a/arch/powerpc/kernel/irq.c
    1447 +++ b/arch/powerpc/kernel/irq.c
    1448 @@ -372,6 +372,14 @@ void force_external_irq_replay(void)
    1449 */
    1450 WARN_ON(!arch_irqs_disabled());
    1451
    1452 + /*
    1453 + * Interrupts must always be hard disabled before irq_happened is
    1454 + * modified (to prevent lost update in case of interrupt between
    1455 + * load and store).
    1456 + */
    1457 + __hard_irq_disable();
    1458 + local_paca->irq_happened |= PACA_IRQ_HARD_DIS;
    1459 +
    1460 /* Indicate in the PACA that we have an interrupt to replay */
    1461 local_paca->irq_happened |= PACA_IRQ_EE;
    1462 }
    1463 diff --git a/arch/x86/crypto/cast5_avx_glue.c b/arch/x86/crypto/cast5_avx_glue.c
    1464 index 8648158f3916..f8fe11d24cde 100644
    1465 --- a/arch/x86/crypto/cast5_avx_glue.c
    1466 +++ b/arch/x86/crypto/cast5_avx_glue.c
    1467 @@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
    1468 void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src);
    1469 int err;
    1470
    1471 - fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
    1472 -
    1473 err = blkcipher_walk_virt(desc, walk);
    1474 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
    1475
    1476 @@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
    1477
    1478 /* Process multi-block batch */
    1479 if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) {
    1480 + fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
    1481 do {
    1482 fn(ctx, wdst, wsrc);
    1483
    1484 diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
    1485 index b8d3f1b60331..91c48cdfe81f 100644
    1486 --- a/arch/x86/kernel/kprobes/core.c
    1487 +++ b/arch/x86/kernel/kprobes/core.c
    1488 @@ -51,6 +51,7 @@
    1489 #include <linux/ftrace.h>
    1490 #include <linux/frame.h>
    1491 #include <linux/kasan.h>
    1492 +#include <linux/moduleloader.h>
    1493
    1494 #include <asm/text-patching.h>
    1495 #include <asm/cacheflush.h>
    1496 @@ -405,6 +406,14 @@ int __copy_instruction(u8 *dest, u8 *src)
    1497 return length;
    1498 }
    1499
    1500 +/* Recover page to RW mode before releasing it */
    1501 +void free_insn_page(void *page)
    1502 +{
    1503 + set_memory_nx((unsigned long)page & PAGE_MASK, 1);
    1504 + set_memory_rw((unsigned long)page & PAGE_MASK, 1);
    1505 + module_memfree(page);
    1506 +}
    1507 +
    1508 static int arch_copy_kprobe(struct kprobe *p)
    1509 {
    1510 int ret;
    1511 diff --git a/block/bio.c b/block/bio.c
    1512 index 07f287b14cff..4f93345c6a82 100644
    1513 --- a/block/bio.c
    1514 +++ b/block/bio.c
    1515 @@ -42,9 +42,9 @@
    1516 * break badly! cannot be bigger than what you can fit into an
    1517 * unsigned short
    1518 */
    1519 -#define BV(x) { .nr_vecs = x, .name = "biovec-"__stringify(x) }
    1520 +#define BV(x, n) { .nr_vecs = x, .name = "biovec-"#n }
    1521 static struct biovec_slab bvec_slabs[BVEC_POOL_NR] __read_mostly = {
    1522 - BV(1), BV(4), BV(16), BV(64), BV(128), BV(BIO_MAX_PAGES),
    1523 + BV(1, 1), BV(4, 4), BV(16, 16), BV(64, 64), BV(128, 128), BV(BIO_MAX_PAGES, max),
    1524 };
    1525 #undef BV
    1526
    1527 diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c
    1528 index 5610cd537da7..7d8d50c11ce7 100644
    1529 --- a/block/partitions/msdos.c
    1530 +++ b/block/partitions/msdos.c
    1531 @@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_partitions *state,
    1532 continue;
    1533 bsd_start = le32_to_cpu(p->p_offset);
    1534 bsd_size = le32_to_cpu(p->p_size);
    1535 - if (memcmp(flavour, "bsd\0", 4) == 0)
    1536 + /* FreeBSD has relative offset if C partition offset is zero */
    1537 + if (memcmp(flavour, "bsd\0", 4) == 0 &&
    1538 + le32_to_cpu(l->d_partitions[2].p_offset) == 0)
    1539 bsd_start += offset;
    1540 if (offset == bsd_start && size == bsd_size)
    1541 /* full parent partition, we have it already */
    1542 diff --git a/crypto/ahash.c b/crypto/ahash.c
    1543 index 14402ef6d826..90d73a22f129 100644
    1544 --- a/crypto/ahash.c
    1545 +++ b/crypto/ahash.c
    1546 @@ -91,13 +91,14 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
    1547
    1548 if (nbytes && walk->offset & alignmask && !err) {
    1549 walk->offset = ALIGN(walk->offset, alignmask + 1);
    1550 - walk->data += walk->offset;
    1551 -
    1552 nbytes = min(nbytes,
    1553 ((unsigned int)(PAGE_SIZE)) - walk->offset);
    1554 walk->entrylen -= nbytes;
    1555
    1556 - return nbytes;
    1557 + if (nbytes) {
    1558 + walk->data += walk->offset;
    1559 + return nbytes;
    1560 + }
    1561 }
    1562
    1563 if (walk->flags & CRYPTO_ALG_ASYNC)
    1564 diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
    1565 index b86273fdf48e..3cfd879267b2 100644
    1566 --- a/drivers/block/mtip32xx/mtip32xx.c
    1567 +++ b/drivers/block/mtip32xx/mtip32xx.c
    1568 @@ -169,25 +169,6 @@ static bool mtip_check_surprise_removal(struct pci_dev *pdev)
    1569 return false; /* device present */
    1570 }
    1571
    1572 -/* we have to use runtime tag to setup command header */
    1573 -static void mtip_init_cmd_header(struct request *rq)
    1574 -{
    1575 - struct driver_data *dd = rq->q->queuedata;
    1576 - struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
    1577 - u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
    1578 -
    1579 - /* Point the command headers at the command tables. */
    1580 - cmd->command_header = dd->port->command_list +
    1581 - (sizeof(struct mtip_cmd_hdr) * rq->tag);
    1582 - cmd->command_header_dma = dd->port->command_list_dma +
    1583 - (sizeof(struct mtip_cmd_hdr) * rq->tag);
    1584 -
    1585 - if (host_cap_64)
    1586 - cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
    1587 -
    1588 - cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
    1589 -}
    1590 -
    1591 static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
    1592 {
    1593 struct request *rq;
    1594 @@ -199,9 +180,6 @@ static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
    1595 if (IS_ERR(rq))
    1596 return NULL;
    1597
    1598 - /* Internal cmd isn't submitted via .queue_rq */
    1599 - mtip_init_cmd_header(rq);
    1600 -
    1601 return blk_mq_rq_to_pdu(rq);
    1602 }
    1603
    1604 @@ -3833,8 +3811,6 @@ static int mtip_queue_rq(struct blk_mq_hw_ctx *hctx,
    1605 struct request *rq = bd->rq;
    1606 int ret;
    1607
    1608 - mtip_init_cmd_header(rq);
    1609 -
    1610 if (unlikely(mtip_check_unal_depth(hctx, rq)))
    1611 return BLK_MQ_RQ_QUEUE_BUSY;
    1612
    1613 @@ -3866,6 +3842,7 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
    1614 {
    1615 struct driver_data *dd = data;
    1616 struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
    1617 + u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
    1618
    1619 /*
    1620 * For flush requests, request_idx starts at the end of the
    1621 @@ -3882,6 +3859,17 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
    1622
    1623 memset(cmd->command, 0, CMD_DMA_ALLOC_SZ);
    1624
    1625 + /* Point the command headers at the command tables. */
    1626 + cmd->command_header = dd->port->command_list +
    1627 + (sizeof(struct mtip_cmd_hdr) * request_idx);
    1628 + cmd->command_header_dma = dd->port->command_list_dma +
    1629 + (sizeof(struct mtip_cmd_hdr) * request_idx);
    1630 +
    1631 + if (host_cap_64)
    1632 + cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
    1633 +
    1634 + cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
    1635 +
    1636 sg_init_table(cmd->sg, MTIP_MAX_SG);
    1637 return 0;
    1638 }
    1639 diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
    1640 index b0bb99a821bd..1b1dccd37fbd 100644
    1641 --- a/drivers/hid/hid-sony.c
    1642 +++ b/drivers/hid/hid-sony.c
    1643 @@ -1056,7 +1056,6 @@ struct sony_sc {
    1644 u8 battery_charging;
    1645 u8 battery_capacity;
    1646 u8 led_state[MAX_LEDS];
    1647 - u8 resume_led_state[MAX_LEDS];
    1648 u8 led_delay_on[MAX_LEDS];
    1649 u8 led_delay_off[MAX_LEDS];
    1650 u8 led_count;
    1651 @@ -1793,6 +1792,7 @@ static int sony_leds_init(struct sony_sc *sc)
    1652 led->name = name;
    1653 led->brightness = sc->led_state[n];
    1654 led->max_brightness = max_brightness[n];
    1655 + led->flags = LED_CORE_SUSPENDRESUME;
    1656 led->brightness_get = sony_led_get_brightness;
    1657 led->brightness_set = sony_led_set_brightness;
    1658
    1659 @@ -2509,47 +2509,32 @@ static void sony_remove(struct hid_device *hdev)
    1660
    1661 static int sony_suspend(struct hid_device *hdev, pm_message_t message)
    1662 {
    1663 - /*
    1664 - * On suspend save the current LED state,
    1665 - * stop running force-feedback and blank the LEDS.
    1666 - */
    1667 - if (SONY_LED_SUPPORT || SONY_FF_SUPPORT) {
    1668 - struct sony_sc *sc = hid_get_drvdata(hdev);
    1669 -
    1670 #ifdef CONFIG_SONY_FF
    1671 - sc->left = sc->right = 0;
    1672 -#endif
    1673
    1674 - memcpy(sc->resume_led_state, sc->led_state,
    1675 - sizeof(sc->resume_led_state));
    1676 - memset(sc->led_state, 0, sizeof(sc->led_state));
    1677 + /* On suspend stop any running force-feedback events */
    1678 + if (SONY_FF_SUPPORT) {
    1679 + struct sony_sc *sc = hid_get_drvdata(hdev);
    1680
    1681 + sc->left = sc->right = 0;
    1682 sony_send_output_report(sc);
    1683 }
    1684
    1685 +#endif
    1686 return 0;
    1687 }
    1688
    1689 static int sony_resume(struct hid_device *hdev)
    1690 {
    1691 - /* Restore the state of controller LEDs on resume */
    1692 - if (SONY_LED_SUPPORT) {
    1693 - struct sony_sc *sc = hid_get_drvdata(hdev);
    1694 -
    1695 - memcpy(sc->led_state, sc->resume_led_state,
    1696 - sizeof(sc->led_state));
    1697 -
    1698 - /*
    1699 - * The Sixaxis and navigation controllers on USB need to be
    1700 - * reinitialized on resume or they won't behave properly.
    1701 - */
    1702 - if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
    1703 - (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
    1704 - sixaxis_set_operational_usb(sc->hdev);
    1705 - sc->defer_initialization = 1;
    1706 - }
    1707 + struct sony_sc *sc = hid_get_drvdata(hdev);
    1708
    1709 - sony_set_leds(sc);
    1710 + /*
    1711 + * The Sixaxis and navigation controllers on USB need to be
    1712 + * reinitialized on resume or they won't behave properly.
    1713 + */
    1714 + if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
    1715 + (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
    1716 + sixaxis_set_operational_usb(sc->hdev);
    1717 + sc->defer_initialization = 1;
    1718 }
    1719
    1720 return 0;
    1721 diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
    1722 index fb4ce0394ac7..978b8d94f9a4 100644
    1723 --- a/drivers/infiniband/core/addr.c
    1724 +++ b/drivers/infiniband/core/addr.c
    1725 @@ -209,6 +209,22 @@ int rdma_addr_size(struct sockaddr *addr)
    1726 }
    1727 EXPORT_SYMBOL(rdma_addr_size);
    1728
    1729 +int rdma_addr_size_in6(struct sockaddr_in6 *addr)
    1730 +{
    1731 + int ret = rdma_addr_size((struct sockaddr *) addr);
    1732 +
    1733 + return ret <= sizeof(*addr) ? ret : 0;
    1734 +}
    1735 +EXPORT_SYMBOL(rdma_addr_size_in6);
    1736 +
    1737 +int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr)
    1738 +{
    1739 + int ret = rdma_addr_size((struct sockaddr *) addr);
    1740 +
    1741 + return ret <= sizeof(*addr) ? ret : 0;
    1742 +}
    1743 +EXPORT_SYMBOL(rdma_addr_size_kss);
    1744 +
    1745 static struct rdma_addr_client self;
    1746
    1747 void rdma_addr_register_client(struct rdma_addr_client *client)
    1748 diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
    1749 index 017a09ceba3f..4d732810f6fc 100644
    1750 --- a/drivers/infiniband/core/ucma.c
    1751 +++ b/drivers/infiniband/core/ucma.c
    1752 @@ -132,7 +132,7 @@ static inline struct ucma_context *_ucma_find_context(int id,
    1753 ctx = idr_find(&ctx_idr, id);
    1754 if (!ctx)
    1755 ctx = ERR_PTR(-ENOENT);
    1756 - else if (ctx->file != file)
    1757 + else if (ctx->file != file || !ctx->cm_id)
    1758 ctx = ERR_PTR(-EINVAL);
    1759 return ctx;
    1760 }
    1761 @@ -454,6 +454,7 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
    1762 struct rdma_ucm_create_id cmd;
    1763 struct rdma_ucm_create_id_resp resp;
    1764 struct ucma_context *ctx;
    1765 + struct rdma_cm_id *cm_id;
    1766 enum ib_qp_type qp_type;
    1767 int ret;
    1768
    1769 @@ -474,10 +475,10 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
    1770 return -ENOMEM;
    1771
    1772 ctx->uid = cmd.uid;
    1773 - ctx->cm_id = rdma_create_id(current->nsproxy->net_ns,
    1774 - ucma_event_handler, ctx, cmd.ps, qp_type);
    1775 - if (IS_ERR(ctx->cm_id)) {
    1776 - ret = PTR_ERR(ctx->cm_id);
    1777 + cm_id = rdma_create_id(current->nsproxy->net_ns,
    1778 + ucma_event_handler, ctx, cmd.ps, qp_type);
    1779 + if (IS_ERR(cm_id)) {
    1780 + ret = PTR_ERR(cm_id);
    1781 goto err1;
    1782 }
    1783
    1784 @@ -487,14 +488,19 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
    1785 ret = -EFAULT;
    1786 goto err2;
    1787 }
    1788 +
    1789 + ctx->cm_id = cm_id;
    1790 return 0;
    1791
    1792 err2:
    1793 - rdma_destroy_id(ctx->cm_id);
    1794 + rdma_destroy_id(cm_id);
    1795 err1:
    1796 mutex_lock(&mut);
    1797 idr_remove(&ctx_idr, ctx->id);
    1798 mutex_unlock(&mut);
    1799 + mutex_lock(&file->mut);
    1800 + list_del(&ctx->list);
    1801 + mutex_unlock(&file->mut);
    1802 kfree(ctx);
    1803 return ret;
    1804 }
    1805 @@ -624,6 +630,9 @@ static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf,
    1806 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1807 return -EFAULT;
    1808
    1809 + if (!rdma_addr_size_in6(&cmd.addr))
    1810 + return -EINVAL;
    1811 +
    1812 ctx = ucma_get_ctx(file, cmd.id);
    1813 if (IS_ERR(ctx))
    1814 return PTR_ERR(ctx);
    1815 @@ -637,22 +646,21 @@ static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf,
    1816 int in_len, int out_len)
    1817 {
    1818 struct rdma_ucm_bind cmd;
    1819 - struct sockaddr *addr;
    1820 struct ucma_context *ctx;
    1821 int ret;
    1822
    1823 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1824 return -EFAULT;
    1825
    1826 - addr = (struct sockaddr *) &cmd.addr;
    1827 - if (cmd.reserved || !cmd.addr_size || (cmd.addr_size != rdma_addr_size(addr)))
    1828 + if (cmd.reserved || !cmd.addr_size ||
    1829 + cmd.addr_size != rdma_addr_size_kss(&cmd.addr))
    1830 return -EINVAL;
    1831
    1832 ctx = ucma_get_ctx(file, cmd.id);
    1833 if (IS_ERR(ctx))
    1834 return PTR_ERR(ctx);
    1835
    1836 - ret = rdma_bind_addr(ctx->cm_id, addr);
    1837 + ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
    1838 ucma_put_ctx(ctx);
    1839 return ret;
    1840 }
    1841 @@ -668,13 +676,16 @@ static ssize_t ucma_resolve_ip(struct ucma_file *file,
    1842 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1843 return -EFAULT;
    1844
    1845 + if (!rdma_addr_size_in6(&cmd.src_addr) ||
    1846 + !rdma_addr_size_in6(&cmd.dst_addr))
    1847 + return -EINVAL;
    1848 +
    1849 ctx = ucma_get_ctx(file, cmd.id);
    1850 if (IS_ERR(ctx))
    1851 return PTR_ERR(ctx);
    1852
    1853 ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
    1854 - (struct sockaddr *) &cmd.dst_addr,
    1855 - cmd.timeout_ms);
    1856 + (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
    1857 ucma_put_ctx(ctx);
    1858 return ret;
    1859 }
    1860 @@ -684,24 +695,23 @@ static ssize_t ucma_resolve_addr(struct ucma_file *file,
    1861 int in_len, int out_len)
    1862 {
    1863 struct rdma_ucm_resolve_addr cmd;
    1864 - struct sockaddr *src, *dst;
    1865 struct ucma_context *ctx;
    1866 int ret;
    1867
    1868 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1869 return -EFAULT;
    1870
    1871 - src = (struct sockaddr *) &cmd.src_addr;
    1872 - dst = (struct sockaddr *) &cmd.dst_addr;
    1873 - if (cmd.reserved || (cmd.src_size && (cmd.src_size != rdma_addr_size(src))) ||
    1874 - !cmd.dst_size || (cmd.dst_size != rdma_addr_size(dst)))
    1875 + if (cmd.reserved ||
    1876 + (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) ||
    1877 + !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr)))
    1878 return -EINVAL;
    1879
    1880 ctx = ucma_get_ctx(file, cmd.id);
    1881 if (IS_ERR(ctx))
    1882 return PTR_ERR(ctx);
    1883
    1884 - ret = rdma_resolve_addr(ctx->cm_id, src, dst, cmd.timeout_ms);
    1885 + ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
    1886 + (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
    1887 ucma_put_ctx(ctx);
    1888 return ret;
    1889 }
    1890 @@ -1146,6 +1156,11 @@ static ssize_t ucma_init_qp_attr(struct ucma_file *file,
    1891 if (IS_ERR(ctx))
    1892 return PTR_ERR(ctx);
    1893
    1894 + if (!ctx->cm_id->device) {
    1895 + ret = -EINVAL;
    1896 + goto out;
    1897 + }
    1898 +
    1899 resp.qp_attr_mask = 0;
    1900 memset(&qp_attr, 0, sizeof qp_attr);
    1901 qp_attr.qp_state = cmd.qp_state;
    1902 @@ -1302,7 +1317,7 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
    1903 {
    1904 struct rdma_ucm_notify cmd;
    1905 struct ucma_context *ctx;
    1906 - int ret;
    1907 + int ret = -EINVAL;
    1908
    1909 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1910 return -EFAULT;
    1911 @@ -1311,7 +1326,9 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
    1912 if (IS_ERR(ctx))
    1913 return PTR_ERR(ctx);
    1914
    1915 - ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event);
    1916 + if (ctx->cm_id->device)
    1917 + ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
    1918 +
    1919 ucma_put_ctx(ctx);
    1920 return ret;
    1921 }
    1922 @@ -1397,7 +1414,7 @@ static ssize_t ucma_join_ip_multicast(struct ucma_file *file,
    1923 join_cmd.response = cmd.response;
    1924 join_cmd.uid = cmd.uid;
    1925 join_cmd.id = cmd.id;
    1926 - join_cmd.addr_size = rdma_addr_size((struct sockaddr *) &cmd.addr);
    1927 + join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr);
    1928 if (!join_cmd.addr_size)
    1929 return -EINVAL;
    1930
    1931 @@ -1416,7 +1433,7 @@ static ssize_t ucma_join_multicast(struct ucma_file *file,
    1932 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
    1933 return -EFAULT;
    1934
    1935 - if (!rdma_addr_size((struct sockaddr *)&cmd.addr))
    1936 + if (!rdma_addr_size_kss(&cmd.addr))
    1937 return -EINVAL;
    1938
    1939 return ucma_process_join(file, &cmd, out_len);
    1940 diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c
    1941 index af83d2e34913..a8a96def0ba2 100644
    1942 --- a/drivers/input/mouse/alps.c
    1943 +++ b/drivers/input/mouse/alps.c
    1944 @@ -2538,13 +2538,31 @@ static int alps_update_btn_info_ss4_v2(unsigned char otp[][4],
    1945 }
    1946
    1947 static int alps_update_dual_info_ss4_v2(unsigned char otp[][4],
    1948 - struct alps_data *priv)
    1949 + struct alps_data *priv,
    1950 + struct psmouse *psmouse)
    1951 {
    1952 bool is_dual = false;
    1953 + int reg_val = 0;
    1954 + struct ps2dev *ps2dev = &psmouse->ps2dev;
    1955
    1956 - if (IS_SS4PLUS_DEV(priv->dev_id))
    1957 + if (IS_SS4PLUS_DEV(priv->dev_id)) {
    1958 is_dual = (otp[0][0] >> 4) & 0x01;
    1959
    1960 + if (!is_dual) {
    1961 + /* For support TrackStick of Thinkpad L/E series */
    1962 + if (alps_exit_command_mode(psmouse) == 0 &&
    1963 + alps_enter_command_mode(psmouse) == 0) {
    1964 + reg_val = alps_command_mode_read_reg(psmouse,
    1965 + 0xD7);
    1966 + }
    1967 + alps_exit_command_mode(psmouse);
    1968 + ps2_command(ps2dev, NULL, PSMOUSE_CMD_ENABLE);
    1969 +
    1970 + if (reg_val == 0x0C || reg_val == 0x1D)
    1971 + is_dual = true;
    1972 + }
    1973 + }
    1974 +
    1975 if (is_dual)
    1976 priv->flags |= ALPS_DUALPOINT |
    1977 ALPS_DUALPOINT_WITH_PRESSURE;
    1978 @@ -2567,7 +2585,7 @@ static int alps_set_defaults_ss4_v2(struct psmouse *psmouse,
    1979
    1980 alps_update_btn_info_ss4_v2(otp, priv);
    1981
    1982 - alps_update_dual_info_ss4_v2(otp, priv);
    1983 + alps_update_dual_info_ss4_v2(otp, priv, psmouse);
    1984
    1985 return 0;
    1986 }
    1987 diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
    1988 index b604564dec5c..30328e57fdda 100644
    1989 --- a/drivers/input/mousedev.c
    1990 +++ b/drivers/input/mousedev.c
    1991 @@ -15,6 +15,7 @@
    1992 #define MOUSEDEV_MINORS 31
    1993 #define MOUSEDEV_MIX 63
    1994
    1995 +#include <linux/bitops.h>
    1996 #include <linux/sched.h>
    1997 #include <linux/slab.h>
    1998 #include <linux/poll.h>
    1999 @@ -103,7 +104,7 @@ struct mousedev_client {
    2000 spinlock_t packet_lock;
    2001 int pos_x, pos_y;
    2002
    2003 - signed char ps2[6];
    2004 + u8 ps2[6];
    2005 unsigned char ready, buffer, bufsiz;
    2006 unsigned char imexseq, impsseq;
    2007 enum mousedev_emul mode;
    2008 @@ -291,11 +292,10 @@ static void mousedev_notify_readers(struct mousedev *mousedev,
    2009 }
    2010
    2011 client->pos_x += packet->dx;
    2012 - client->pos_x = client->pos_x < 0 ?
    2013 - 0 : (client->pos_x >= xres ? xres : client->pos_x);
    2014 + client->pos_x = clamp_val(client->pos_x, 0, xres);
    2015 +
    2016 client->pos_y += packet->dy;
    2017 - client->pos_y = client->pos_y < 0 ?
    2018 - 0 : (client->pos_y >= yres ? yres : client->pos_y);
    2019 + client->pos_y = clamp_val(client->pos_y, 0, yres);
    2020
    2021 p->dx += packet->dx;
    2022 p->dy += packet->dy;
    2023 @@ -571,44 +571,50 @@ static int mousedev_open(struct inode *inode, struct file *file)
    2024 return error;
    2025 }
    2026
    2027 -static inline int mousedev_limit_delta(int delta, int limit)
    2028 -{
    2029 - return delta > limit ? limit : (delta < -limit ? -limit : delta);
    2030 -}
    2031 -
    2032 -static void mousedev_packet(struct mousedev_client *client,
    2033 - signed char *ps2_data)
    2034 +static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data)
    2035 {
    2036 struct mousedev_motion *p = &client->packets[client->tail];
    2037 + s8 dx, dy, dz;
    2038 +
    2039 + dx = clamp_val(p->dx, -127, 127);
    2040 + p->dx -= dx;
    2041 +
    2042 + dy = clamp_val(p->dy, -127, 127);
    2043 + p->dy -= dy;
    2044
    2045 - ps2_data[0] = 0x08 |
    2046 - ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07);
    2047 - ps2_data[1] = mousedev_limit_delta(p->dx, 127);
    2048 - ps2_data[2] = mousedev_limit_delta(p->dy, 127);
    2049 - p->dx -= ps2_data[1];
    2050 - p->dy -= ps2_data[2];
    2051 + ps2_data[0] = BIT(3);
    2052 + ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2);
    2053 + ps2_data[0] |= p->buttons & 0x07;
    2054 + ps2_data[1] = dx;
    2055 + ps2_data[2] = dy;
    2056
    2057 switch (client->mode) {
    2058 case MOUSEDEV_EMUL_EXPS:
    2059 - ps2_data[3] = mousedev_limit_delta(p->dz, 7);
    2060 - p->dz -= ps2_data[3];
    2061 - ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1);
    2062 + dz = clamp_val(p->dz, -7, 7);
    2063 + p->dz -= dz;
    2064 +
    2065 + ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1);
    2066 client->bufsiz = 4;
    2067 break;
    2068
    2069 case MOUSEDEV_EMUL_IMPS:
    2070 - ps2_data[0] |=
    2071 - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
    2072 - ps2_data[3] = mousedev_limit_delta(p->dz, 127);
    2073 - p->dz -= ps2_data[3];
    2074 + dz = clamp_val(p->dz, -127, 127);
    2075 + p->dz -= dz;
    2076 +
    2077 + ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
    2078 + ((p->buttons & 0x08) >> 1);
    2079 + ps2_data[3] = dz;
    2080 +
    2081 client->bufsiz = 4;
    2082 break;
    2083
    2084 case MOUSEDEV_EMUL_PS2:
    2085 default:
    2086 - ps2_data[0] |=
    2087 - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
    2088 p->dz = 0;
    2089 +
    2090 + ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
    2091 + ((p->buttons & 0x08) >> 1);
    2092 +
    2093 client->bufsiz = 3;
    2094 break;
    2095 }
    2096 @@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
    2097 {
    2098 struct mousedev_client *client = file->private_data;
    2099 struct mousedev *mousedev = client->mousedev;
    2100 - signed char data[sizeof(client->ps2)];
    2101 + u8 data[sizeof(client->ps2)];
    2102 int retval = 0;
    2103
    2104 if (!client->ready && !client->buffer && mousedev->exist &&
    2105 diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
    2106 index d1051e3ce819..e484ea2dc787 100644
    2107 --- a/drivers/input/serio/i8042-x86ia64io.h
    2108 +++ b/drivers/input/serio/i8042-x86ia64io.h
    2109 @@ -530,6 +530,20 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = {
    2110 { }
    2111 };
    2112
    2113 +static const struct dmi_system_id i8042_dmi_forcemux_table[] __initconst = {
    2114 + {
    2115 + /*
    2116 + * Sony Vaio VGN-CS series require MUX or the touch sensor
    2117 + * buttons will disturb touchpad operation
    2118 + */
    2119 + .matches = {
    2120 + DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
    2121 + DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"),
    2122 + },
    2123 + },
    2124 + { }
    2125 +};
    2126 +
    2127 /*
    2128 * On some Asus laptops, just running self tests cause problems.
    2129 */
    2130 @@ -692,6 +706,13 @@ static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
    2131 DMI_MATCH(DMI_PRODUCT_NAME, "20046"),
    2132 },
    2133 },
    2134 + {
    2135 + /* Lenovo ThinkPad L460 */
    2136 + .matches = {
    2137 + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
    2138 + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L460"),
    2139 + },
    2140 + },
    2141 {
    2142 /* Clevo P650RS, 650RP6, Sager NP8152-S, and others */
    2143 .matches = {
    2144 @@ -1223,6 +1244,9 @@ static int __init i8042_platform_init(void)
    2145 if (dmi_check_system(i8042_dmi_nomux_table))
    2146 i8042_nomux = true;
    2147
    2148 + if (dmi_check_system(i8042_dmi_forcemux_table))
    2149 + i8042_nomux = false;
    2150 +
    2151 if (dmi_check_system(i8042_dmi_notimeout_table))
    2152 i8042_notimeout = true;
    2153
    2154 diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
    2155 index a68c650aad11..b67414b5a64e 100644
    2156 --- a/drivers/md/dm-ioctl.c
    2157 +++ b/drivers/md/dm-ioctl.c
    2158 @@ -1777,12 +1777,12 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
    2159 cmd == DM_LIST_VERSIONS_CMD)
    2160 return 0;
    2161
    2162 - if ((cmd == DM_DEV_CREATE_CMD)) {
    2163 + if (cmd == DM_DEV_CREATE_CMD) {
    2164 if (!*param->name) {
    2165 DMWARN("name not supplied when creating device");
    2166 return -EINVAL;
    2167 }
    2168 - } else if ((*param->uuid && *param->name)) {
    2169 + } else if (*param->uuid && *param->name) {
    2170 DMWARN("only supply one of name or uuid, cmd(%u)", cmd);
    2171 return -EINVAL;
    2172 }
    2173 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
    2174 index 18a4271bf569..6a7b9b1dcfe3 100644
    2175 --- a/drivers/md/raid10.c
    2176 +++ b/drivers/md/raid10.c
    2177 @@ -3681,6 +3681,7 @@ static int raid10_run(struct mddev *mddev)
    2178
    2179 if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
    2180 discard_supported = true;
    2181 + first = 0;
    2182 }
    2183
    2184 if (mddev->queue) {
    2185 diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
    2186 index 0324633ede42..e56a49a5e8b1 100644
    2187 --- a/drivers/media/usb/usbtv/usbtv-core.c
    2188 +++ b/drivers/media/usb/usbtv/usbtv-core.c
    2189 @@ -109,6 +109,8 @@ static int usbtv_probe(struct usb_interface *intf,
    2190 return 0;
    2191
    2192 usbtv_audio_fail:
    2193 + /* we must not free at this point */
    2194 + usb_get_dev(usbtv->udev);
    2195 usbtv_video_free(usbtv);
    2196
    2197 usbtv_video_fail:
    2198 diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
    2199 index 41f318631c6d..60f5a8ded8dd 100644
    2200 --- a/drivers/misc/mei/main.c
    2201 +++ b/drivers/misc/mei/main.c
    2202 @@ -551,7 +551,6 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
    2203 break;
    2204
    2205 default:
    2206 - dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
    2207 rets = -ENOIOCTLCMD;
    2208 }
    2209
    2210 diff --git a/drivers/mtd/chips/jedec_probe.c b/drivers/mtd/chips/jedec_probe.c
    2211 index 7c0b27d132b1..b479bd81120b 100644
    2212 --- a/drivers/mtd/chips/jedec_probe.c
    2213 +++ b/drivers/mtd/chips/jedec_probe.c
    2214 @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct map_info *map, uint32_t base,
    2215 do {
    2216 uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi);
    2217 mask = (1 << (cfi->device_type * 8)) - 1;
    2218 + if (ofs >= map->size)
    2219 + return 0;
    2220 result = map_read(map, base + ofs);
    2221 bank++;
    2222 } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION);
    2223 diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
    2224 index 651f308cdc60..fca2e428cd86 100644
    2225 --- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
    2226 +++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
    2227 @@ -1680,6 +1680,30 @@ static void xgene_enet_napi_add(struct xgene_enet_pdata *pdata)
    2228 }
    2229 }
    2230
    2231 +#ifdef CONFIG_ACPI
    2232 +static const struct acpi_device_id xgene_enet_acpi_match[] = {
    2233 + { "APMC0D05", XGENE_ENET1},
    2234 + { "APMC0D30", XGENE_ENET1},
    2235 + { "APMC0D31", XGENE_ENET1},
    2236 + { "APMC0D3F", XGENE_ENET1},
    2237 + { "APMC0D26", XGENE_ENET2},
    2238 + { "APMC0D25", XGENE_ENET2},
    2239 + { }
    2240 +};
    2241 +MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
    2242 +#endif
    2243 +
    2244 +static const struct of_device_id xgene_enet_of_match[] = {
    2245 + {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
    2246 + {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
    2247 + {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
    2248 + {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
    2249 + {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
    2250 + {},
    2251 +};
    2252 +
    2253 +MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
    2254 +
    2255 static int xgene_enet_probe(struct platform_device *pdev)
    2256 {
    2257 struct net_device *ndev;
    2258 @@ -1826,32 +1850,6 @@ static void xgene_enet_shutdown(struct platform_device *pdev)
    2259 xgene_enet_remove(pdev);
    2260 }
    2261
    2262 -#ifdef CONFIG_ACPI
    2263 -static const struct acpi_device_id xgene_enet_acpi_match[] = {
    2264 - { "APMC0D05", XGENE_ENET1},
    2265 - { "APMC0D30", XGENE_ENET1},
    2266 - { "APMC0D31", XGENE_ENET1},
    2267 - { "APMC0D3F", XGENE_ENET1},
    2268 - { "APMC0D26", XGENE_ENET2},
    2269 - { "APMC0D25", XGENE_ENET2},
    2270 - { }
    2271 -};
    2272 -MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
    2273 -#endif
    2274 -
    2275 -#ifdef CONFIG_OF
    2276 -static const struct of_device_id xgene_enet_of_match[] = {
    2277 - {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
    2278 - {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
    2279 - {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
    2280 - {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
    2281 - {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
    2282 - {},
    2283 -};
    2284 -
    2285 -MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
    2286 -#endif
    2287 -
    2288 static struct platform_driver xgene_enet_driver = {
    2289 .driver = {
    2290 .name = "xgene-enet",
    2291 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
    2292 index 34b5e699a1d5..02a03bccde7b 100644
    2293 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
    2294 +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
    2295 @@ -671,7 +671,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data)
    2296
    2297 static int hns_gmac_get_sset_count(int stringset)
    2298 {
    2299 - if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
    2300 + if (stringset == ETH_SS_STATS)
    2301 return ARRAY_SIZE(g_gmac_stats_string);
    2302
    2303 return 0;
    2304 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
    2305 index 4ecb809785f9..6ea872287307 100644
    2306 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
    2307 +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
    2308 @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb)
    2309
    2310 int hns_ppe_get_sset_count(int stringset)
    2311 {
    2312 - if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
    2313 + if (stringset == ETH_SS_STATS)
    2314 return ETH_PPE_STATIC_NUM;
    2315 return 0;
    2316 }
    2317 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
    2318 index fbbbbffd58dc..f3be9ac47bfb 100644
    2319 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
    2320 +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
    2321 @@ -798,7 +798,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data)
    2322 */
    2323 int hns_rcb_get_ring_sset_count(int stringset)
    2324 {
    2325 - if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
    2326 + if (stringset == ETH_SS_STATS)
    2327 return HNS_RING_STATIC_REG_NUM;
    2328
    2329 return 0;
    2330 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
    2331 index 86a496d71995..6be0cae44e9b 100644
    2332 --- a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
    2333 +++ b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
    2334 @@ -1017,8 +1017,10 @@ int hns_get_sset_count(struct net_device *netdev, int stringset)
    2335 cnt--;
    2336
    2337 return cnt;
    2338 - } else {
    2339 + } else if (stringset == ETH_SS_STATS) {
    2340 return (HNS_NET_STATS_CNT + ops->get_sset_count(h, stringset));
    2341 + } else {
    2342 + return -EOPNOTSUPP;
    2343 }
    2344 }
    2345
    2346 diff --git a/drivers/net/phy/mdio-xgene.c b/drivers/net/phy/mdio-xgene.c
    2347 index 39be3b82608f..20fbcc9c4687 100644
    2348 --- a/drivers/net/phy/mdio-xgene.c
    2349 +++ b/drivers/net/phy/mdio-xgene.c
    2350 @@ -314,6 +314,30 @@ static acpi_status acpi_register_phy(acpi_handle handle, u32 lvl,
    2351 }
    2352 #endif
    2353
    2354 +static const struct of_device_id xgene_mdio_of_match[] = {
    2355 + {
    2356 + .compatible = "apm,xgene-mdio-rgmii",
    2357 + .data = (void *)XGENE_MDIO_RGMII
    2358 + },
    2359 + {
    2360 + .compatible = "apm,xgene-mdio-xfi",
    2361 + .data = (void *)XGENE_MDIO_XFI
    2362 + },
    2363 + {},
    2364 +};
    2365 +MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
    2366 +
    2367 +#ifdef CONFIG_ACPI
    2368 +static const struct acpi_device_id xgene_mdio_acpi_match[] = {
    2369 + { "APMC0D65", XGENE_MDIO_RGMII },
    2370 + { "APMC0D66", XGENE_MDIO_XFI },
    2371 + { }
    2372 +};
    2373 +
    2374 +MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
    2375 +#endif
    2376 +
    2377 +
    2378 static int xgene_mdio_probe(struct platform_device *pdev)
    2379 {
    2380 struct device *dev = &pdev->dev;
    2381 @@ -439,32 +463,6 @@ static int xgene_mdio_remove(struct platform_device *pdev)
    2382 return 0;
    2383 }
    2384
    2385 -#ifdef CONFIG_OF
    2386 -static const struct of_device_id xgene_mdio_of_match[] = {
    2387 - {
    2388 - .compatible = "apm,xgene-mdio-rgmii",
    2389 - .data = (void *)XGENE_MDIO_RGMII
    2390 - },
    2391 - {
    2392 - .compatible = "apm,xgene-mdio-xfi",
    2393 - .data = (void *)XGENE_MDIO_XFI
    2394 - },
    2395 - {},
    2396 -};
    2397 -
    2398 -MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
    2399 -#endif
    2400 -
    2401 -#ifdef CONFIG_ACPI
    2402 -static const struct acpi_device_id xgene_mdio_acpi_match[] = {
    2403 - { "APMC0D65", XGENE_MDIO_RGMII },
    2404 - { "APMC0D66", XGENE_MDIO_XFI },
    2405 - { }
    2406 -};
    2407 -
    2408 -MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
    2409 -#endif
    2410 -
    2411 static struct platform_driver xgene_mdio_driver = {
    2412 .driver = {
    2413 .name = "xgene-mdio",
    2414 diff --git a/drivers/net/phy/mdio-xgene.h b/drivers/net/phy/mdio-xgene.h
    2415 index 354241b53c1d..594a11d42401 100644
    2416 --- a/drivers/net/phy/mdio-xgene.h
    2417 +++ b/drivers/net/phy/mdio-xgene.h
    2418 @@ -132,10 +132,6 @@ static inline u64 xgene_enet_get_field_value(int pos, int len, u64 src)
    2419 #define GET_BIT(field, src) \
    2420 xgene_enet_get_field_value(field ## _POS, 1, src)
    2421
    2422 -static const struct of_device_id xgene_mdio_of_match[];
    2423 -#ifdef CONFIG_ACPI
    2424 -static const struct acpi_device_id xgene_mdio_acpi_match[];
    2425 -#endif
    2426 int xgene_mdio_rgmii_read(struct mii_bus *bus, int phy_id, int reg);
    2427 int xgene_mdio_rgmii_write(struct mii_bus *bus, int phy_id, int reg, u16 data);
    2428 struct phy_device *xgene_enet_phy_register(struct mii_bus *bus, int phy_addr);
    2429 diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c
    2430 index 78530d1714dc..bdce0679674c 100644
    2431 --- a/drivers/parport/parport_pc.c
    2432 +++ b/drivers/parport/parport_pc.c
    2433 @@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards {
    2434 netmos_9901,
    2435 netmos_9865,
    2436 quatech_sppxp100,
    2437 + wch_ch382l,
    2438 };
    2439
    2440
    2441 @@ -2708,6 +2709,7 @@ static struct parport_pc_pci {
    2442 /* netmos_9901 */ { 1, { { 0, -1 }, } },
    2443 /* netmos_9865 */ { 1, { { 0, -1 }, } },
    2444 /* quatech_sppxp100 */ { 1, { { 0, 1 }, } },
    2445 + /* wch_ch382l */ { 1, { { 2, -1 }, } },
    2446 };
    2447
    2448 static const struct pci_device_id parport_pc_pci_tbl[] = {
    2449 @@ -2797,6 +2799,8 @@ static const struct pci_device_id parport_pc_pci_tbl[] = {
    2450 /* Quatech SPPXP-100 Parallel port PCI ExpressCard */
    2451 { PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100,
    2452 PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 },
    2453 + /* WCH CH382L PCI-E single parallel port card */
    2454 + { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l },
    2455 { 0, } /* terminate list */
    2456 };
    2457 MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl);
    2458 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
    2459 index a98be6db7e93..56340abe4fc6 100644
    2460 --- a/drivers/pci/probe.c
    2461 +++ b/drivers/pci/probe.c
    2462 @@ -231,7 +231,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
    2463 res->flags |= IORESOURCE_ROM_ENABLE;
    2464 l64 = l & PCI_ROM_ADDRESS_MASK;
    2465 sz64 = sz & PCI_ROM_ADDRESS_MASK;
    2466 - mask64 = (u32)PCI_ROM_ADDRESS_MASK;
    2467 + mask64 = PCI_ROM_ADDRESS_MASK;
    2468 }
    2469
    2470 if (res->flags & IORESOURCE_MEM_64) {
    2471 diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c
    2472 index 4bc589ee78d0..85774b7a316a 100644
    2473 --- a/drivers/pci/setup-res.c
    2474 +++ b/drivers/pci/setup-res.c
    2475 @@ -63,7 +63,7 @@ static void pci_std_update_resource(struct pci_dev *dev, int resno)
    2476 mask = (u32)PCI_BASE_ADDRESS_IO_MASK;
    2477 new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK;
    2478 } else if (resno == PCI_ROM_RESOURCE) {
    2479 - mask = (u32)PCI_ROM_ADDRESS_MASK;
    2480 + mask = PCI_ROM_ADDRESS_MASK;
    2481 } else {
    2482 mask = (u32)PCI_BASE_ADDRESS_MEM_MASK;
    2483 new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK;
    2484 diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
    2485 index 8f4adc1d9588..cbc8e9388268 100644
    2486 --- a/drivers/scsi/virtio_scsi.c
    2487 +++ b/drivers/scsi/virtio_scsi.c
    2488 @@ -819,6 +819,7 @@ static struct scsi_host_template virtscsi_host_template_multi = {
    2489 .change_queue_depth = virtscsi_change_queue_depth,
    2490 .eh_abort_handler = virtscsi_abort,
    2491 .eh_device_reset_handler = virtscsi_device_reset,
    2492 + .slave_alloc = virtscsi_device_alloc,
    2493
    2494 .can_queue = 1024,
    2495 .dma_boundary = UINT_MAX,
    2496 diff --git a/drivers/spi/Kconfig b/drivers/spi/Kconfig
    2497 index 0e7415f6d093..b7995474148c 100644
    2498 --- a/drivers/spi/Kconfig
    2499 +++ b/drivers/spi/Kconfig
    2500 @@ -156,7 +156,6 @@ config SPI_BCM63XX_HSSPI
    2501 config SPI_BCM_QSPI
    2502 tristate "Broadcom BSPI and MSPI controller support"
    2503 depends on ARCH_BRCMSTB || ARCH_BCM || ARCH_BCM_IPROC || COMPILE_TEST
    2504 - depends on MTD_NORFLASH
    2505 default ARCH_BCM_IPROC
    2506 help
    2507 Enables support for the Broadcom SPI flash and MSPI controller.
    2508 diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c
    2509 index 02fb96797ac8..0d8f43a17edb 100644
    2510 --- a/drivers/spi/spi-davinci.c
    2511 +++ b/drivers/spi/spi-davinci.c
    2512 @@ -646,7 +646,7 @@ static int davinci_spi_bufs(struct spi_device *spi, struct spi_transfer *t)
    2513 buf = t->rx_buf;
    2514 t->rx_dma = dma_map_single(&spi->dev, buf,
    2515 t->len, DMA_FROM_DEVICE);
    2516 - if (dma_mapping_error(&spi->dev, !t->rx_dma)) {
    2517 + if (dma_mapping_error(&spi->dev, t->rx_dma)) {
    2518 ret = -EFAULT;
    2519 goto err_rx_map;
    2520 }
    2521 diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c
    2522 index a574885ffba9..18c5312f7886 100644
    2523 --- a/drivers/staging/comedi/drivers/ni_mio_common.c
    2524 +++ b/drivers/staging/comedi/drivers/ni_mio_common.c
    2525 @@ -1284,6 +1284,8 @@ static void ack_a_interrupt(struct comedi_device *dev, unsigned short a_status)
    2526 ack |= NISTC_INTA_ACK_AI_START;
    2527 if (a_status & NISTC_AI_STATUS1_STOP)
    2528 ack |= NISTC_INTA_ACK_AI_STOP;
    2529 + if (a_status & NISTC_AI_STATUS1_OVER)
    2530 + ack |= NISTC_INTA_ACK_AI_ERR;
    2531 if (ack)
    2532 ni_stc_writew(dev, ack, NISTC_INTA_ACK_REG);
    2533 }
    2534 diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
    2535 index 68c7bb0b7991..9e1ac58e269e 100644
    2536 --- a/drivers/tty/vt/vt.c
    2537 +++ b/drivers/tty/vt/vt.c
    2538 @@ -1354,6 +1354,11 @@ static void csi_m(struct vc_data *vc)
    2539 case 3:
    2540 vc->vc_italic = 1;
    2541 break;
    2542 + case 21:
    2543 + /*
    2544 + * No console drivers support double underline, so
    2545 + * convert it to a single underline.
    2546 + */
    2547 case 4:
    2548 vc->vc_underline = 1;
    2549 break;
    2550 @@ -1389,7 +1394,6 @@ static void csi_m(struct vc_data *vc)
    2551 vc->vc_disp_ctrl = 1;
    2552 vc->vc_toggle_meta = 1;
    2553 break;
    2554 - case 21:
    2555 case 22:
    2556 vc->vc_intensity = 1;
    2557 break;
    2558 diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
    2559 index dfc0566bb155..919a32153060 100644
    2560 --- a/drivers/usb/dwc2/hcd.c
    2561 +++ b/drivers/usb/dwc2/hcd.c
    2562 @@ -3220,7 +3220,6 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
    2563 dwc2_core_init(hsotg, false);
    2564 dwc2_enable_global_interrupts(hsotg);
    2565 spin_lock_irqsave(&hsotg->lock, flags);
    2566 - dwc2_hsotg_disconnect(hsotg);
    2567 dwc2_hsotg_core_init_disconnected(hsotg, false);
    2568 spin_unlock_irqrestore(&hsotg->lock, flags);
    2569 dwc2_hsotg_core_connect(hsotg);
    2570 @@ -3238,8 +3237,12 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
    2571 if (count > 250)
    2572 dev_err(hsotg->dev,
    2573 "Connection id status change timed out\n");
    2574 - hsotg->op_state = OTG_STATE_A_HOST;
    2575
    2576 + spin_lock_irqsave(&hsotg->lock, flags);
    2577 + dwc2_hsotg_disconnect(hsotg);
    2578 + spin_unlock_irqrestore(&hsotg->lock, flags);
    2579 +
    2580 + hsotg->op_state = OTG_STATE_A_HOST;
    2581 /* Initialize the Core for Host mode */
    2582 dwc2_core_init(hsotg, false);
    2583 dwc2_enable_global_interrupts(hsotg);
    2584 diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c
    2585 index e97539fc127e..7d658565b20f 100644
    2586 --- a/drivers/usb/gadget/udc/core.c
    2587 +++ b/drivers/usb/gadget/udc/core.c
    2588 @@ -139,10 +139,8 @@ int usb_ep_disable(struct usb_ep *ep)
    2589 goto out;
    2590
    2591 ret = ep->ops->disable(ep);
    2592 - if (ret) {
    2593 - ret = ret;
    2594 + if (ret)
    2595 goto out;
    2596 - }
    2597
    2598 ep->enabled = false;
    2599
    2600 diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
    2601 index 3178d8afb3e6..cab80acace4e 100644
    2602 --- a/drivers/usb/serial/cp210x.c
    2603 +++ b/drivers/usb/serial/cp210x.c
    2604 @@ -152,6 +152,7 @@ static const struct usb_device_id id_table[] = {
    2605 { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */
    2606 { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
    2607 { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */
    2608 + { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */
    2609 { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */
    2610 { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */
    2611 { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */
    2612 diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
    2613 index 0c743e4cca1e..71cbc6890ac4 100644
    2614 --- a/drivers/usb/serial/ftdi_sio.c
    2615 +++ b/drivers/usb/serial/ftdi_sio.c
    2616 @@ -773,6 +773,7 @@ static const struct usb_device_id id_table_combined[] = {
    2617 .driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk },
    2618 { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
    2619 { USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) },
    2620 + { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) },
    2621 { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) },
    2622 { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) },
    2623 { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) },
    2624 @@ -935,6 +936,7 @@ static const struct usb_device_id id_table_combined[] = {
    2625 { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
    2626 { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
    2627 { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) },
    2628 + { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) },
    2629 { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
    2630 { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
    2631 .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
    2632 diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
    2633 index 543d2801632b..76a10b222ff9 100644
    2634 --- a/drivers/usb/serial/ftdi_sio_ids.h
    2635 +++ b/drivers/usb/serial/ftdi_sio_ids.h
    2636 @@ -922,6 +922,9 @@
    2637 /*
    2638 * RT Systems programming cables for various ham radios
    2639 */
    2640 +/* This device uses the VID of FTDI */
    2641 +#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */
    2642 +
    2643 #define RTSYSTEMS_VID 0x2100 /* Vendor ID */
    2644 #define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */
    2645 #define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */
    2646 @@ -1440,6 +1443,12 @@
    2647 */
    2648 #define FTDI_CINTERION_MC55I_PID 0xA951
    2649
    2650 +/*
    2651 + * Product: FirmwareHubEmulator
    2652 + * Manufacturer: Harman Becker Automotive Systems
    2653 + */
    2654 +#define FTDI_FHE_PID 0xA9A0
    2655 +
    2656 /*
    2657 * Product: Comet Caller ID decoder
    2658 * Manufacturer: Crucible Technologies
    2659 diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
    2660 index 5539f0b95efa..52401732cddc 100644
    2661 --- a/fs/btrfs/tree-log.c
    2662 +++ b/fs/btrfs/tree-log.c
    2663 @@ -3664,7 +3664,7 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
    2664
    2665 src_offset = btrfs_item_ptr_offset(src, start_slot + i);
    2666
    2667 - if ((i == (nr - 1)))
    2668 + if (i == nr - 1)
    2669 last_key = ins_keys[i];
    2670
    2671 if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) {
    2672 diff --git a/fs/ceph/file.c b/fs/ceph/file.c
    2673 index ca3f630db90f..e7ddb23d9bb7 100644
    2674 --- a/fs/ceph/file.c
    2675 +++ b/fs/ceph/file.c
    2676 @@ -598,7 +598,8 @@ static ssize_t ceph_sync_read(struct kiocb *iocb, struct iov_iter *i,
    2677 struct ceph_aio_request {
    2678 struct kiocb *iocb;
    2679 size_t total_len;
    2680 - int write;
    2681 + bool write;
    2682 + bool should_dirty;
    2683 int error;
    2684 struct list_head osd_reqs;
    2685 unsigned num_reqs;
    2686 @@ -708,7 +709,7 @@ static void ceph_aio_complete_req(struct ceph_osd_request *req)
    2687 }
    2688 }
    2689
    2690 - ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write);
    2691 + ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty);
    2692 ceph_osdc_put_request(req);
    2693
    2694 if (rc < 0)
    2695 @@ -890,6 +891,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
    2696 size_t count = iov_iter_count(iter);
    2697 loff_t pos = iocb->ki_pos;
    2698 bool write = iov_iter_rw(iter) == WRITE;
    2699 + bool should_dirty = !write && iter_is_iovec(iter);
    2700
    2701 if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP)
    2702 return -EROFS;
    2703 @@ -954,6 +956,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
    2704 if (aio_req) {
    2705 aio_req->iocb = iocb;
    2706 aio_req->write = write;
    2707 + aio_req->should_dirty = should_dirty;
    2708 INIT_LIST_HEAD(&aio_req->osd_reqs);
    2709 if (write) {
    2710 aio_req->mtime = mtime;
    2711 @@ -1012,7 +1015,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
    2712 len = ret;
    2713 }
    2714
    2715 - ceph_put_page_vector(pages, num_pages, !write);
    2716 + ceph_put_page_vector(pages, num_pages, should_dirty);
    2717
    2718 ceph_osdc_put_request(req);
    2719 if (ret < 0)
    2720 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
    2721 index f2d7402abe02..93c8e4a4bbd3 100644
    2722 --- a/fs/compat_ioctl.c
    2723 +++ b/fs/compat_ioctl.c
    2724 @@ -833,7 +833,7 @@ static int compat_ioctl_preallocate(struct file *file,
    2725 */
    2726 #define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff)
    2727
    2728 -#define COMPATIBLE_IOCTL(cmd) XFORM(cmd),
    2729 +#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd),
    2730 /* ioctl should not be warned about even if it's not implemented.
    2731 Valid reasons to use this:
    2732 - It is implemented with ->compat_ioctl on some device, but programs
    2733 diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
    2734 index 2d65bbd6dbd1..18ba29ff1449 100644
    2735 --- a/include/linux/cpumask.h
    2736 +++ b/include/linux/cpumask.h
    2737 @@ -680,6 +680,11 @@ void alloc_bootmem_cpumask_var(cpumask_var_t *mask);
    2738 void free_cpumask_var(cpumask_var_t mask);
    2739 void free_bootmem_cpumask_var(cpumask_var_t mask);
    2740
    2741 +static inline bool cpumask_available(cpumask_var_t mask)
    2742 +{
    2743 + return mask != NULL;
    2744 +}
    2745 +
    2746 #else
    2747 typedef struct cpumask cpumask_var_t[1];
    2748
    2749 @@ -720,6 +725,11 @@ static inline void free_cpumask_var(cpumask_var_t mask)
    2750 static inline void free_bootmem_cpumask_var(cpumask_var_t mask)
    2751 {
    2752 }
    2753 +
    2754 +static inline bool cpumask_available(cpumask_var_t mask)
    2755 +{
    2756 + return true;
    2757 +}
    2758 #endif /* CONFIG_CPUMASK_OFFSTACK */
    2759
    2760 /* It's common to want to use cpu_all_mask in struct member initializers,
    2761 diff --git a/include/linux/init.h b/include/linux/init.h
    2762 index 683508f6bb4e..0cca4142987f 100644
    2763 --- a/include/linux/init.h
    2764 +++ b/include/linux/init.h
    2765 @@ -133,6 +133,9 @@ void prepare_namespace(void);
    2766 void __init load_default_modules(void);
    2767 int __init init_rootfs(void);
    2768
    2769 +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_SET_MODULE_RONX)
    2770 +extern bool rodata_enabled;
    2771 +#endif
    2772 #ifdef CONFIG_DEBUG_RODATA
    2773 void mark_rodata_ro(void);
    2774 #endif
    2775 diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
    2776 index 589d14e970ad..c2a0f0072274 100644
    2777 --- a/include/linux/jiffies.h
    2778 +++ b/include/linux/jiffies.h
    2779 @@ -1,6 +1,7 @@
    2780 #ifndef _LINUX_JIFFIES_H
    2781 #define _LINUX_JIFFIES_H
    2782
    2783 +#include <linux/cache.h>
    2784 #include <linux/math64.h>
    2785 #include <linux/kernel.h>
    2786 #include <linux/types.h>
    2787 @@ -63,19 +64,17 @@ extern int register_refined_jiffies(long clock_tick_rate);
    2788 /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */
    2789 #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ)
    2790
    2791 -/* some arch's have a small-data section that can be accessed register-relative
    2792 - * but that can only take up to, say, 4-byte variables. jiffies being part of
    2793 - * an 8-byte variable may not be correctly accessed unless we force the issue
    2794 - */
    2795 -#define __jiffy_data __attribute__((section(".data")))
    2796 +#ifndef __jiffy_arch_data
    2797 +#define __jiffy_arch_data
    2798 +#endif
    2799
    2800 /*
    2801 * The 64-bit value is not atomic - you MUST NOT read it
    2802 * without sampling the sequence number in jiffies_lock.
    2803 * get_jiffies_64() will do this for you as appropriate.
    2804 */
    2805 -extern u64 __jiffy_data jiffies_64;
    2806 -extern unsigned long volatile __jiffy_data jiffies;
    2807 +extern u64 __cacheline_aligned_in_smp jiffies_64;
    2808 +extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies;
    2809
    2810 #if (BITS_PER_LONG < 64)
    2811 u64 get_jiffies_64(void);
    2812 diff --git a/include/linux/llist.h b/include/linux/llist.h
    2813 index fd4ca0b4fe0f..ac6796138ba0 100644
    2814 --- a/include/linux/llist.h
    2815 +++ b/include/linux/llist.h
    2816 @@ -87,6 +87,23 @@ static inline void init_llist_head(struct llist_head *list)
    2817 #define llist_entry(ptr, type, member) \
    2818 container_of(ptr, type, member)
    2819
    2820 +/**
    2821 + * member_address_is_nonnull - check whether the member address is not NULL
    2822 + * @ptr: the object pointer (struct type * that contains the llist_node)
    2823 + * @member: the name of the llist_node within the struct.
    2824 + *
    2825 + * This macro is conceptually the same as
    2826 + * &ptr->member != NULL
    2827 + * but it works around the fact that compilers can decide that taking a member
    2828 + * address is never a NULL pointer.
    2829 + *
    2830 + * Real objects that start at a high address and have a member at NULL are
    2831 + * unlikely to exist, but such pointers may be returned e.g. by the
    2832 + * container_of() macro.
    2833 + */
    2834 +#define member_address_is_nonnull(ptr, member) \
    2835 + ((uintptr_t)(ptr) + offsetof(typeof(*(ptr)), member) != 0)
    2836 +
    2837 /**
    2838 * llist_for_each - iterate over some deleted entries of a lock-less list
    2839 * @pos: the &struct llist_node to use as a loop cursor
    2840 @@ -121,7 +138,7 @@ static inline void init_llist_head(struct llist_head *list)
    2841 */
    2842 #define llist_for_each_entry(pos, node, member) \
    2843 for ((pos) = llist_entry((node), typeof(*(pos)), member); \
    2844 - &(pos)->member != NULL; \
    2845 + member_address_is_nonnull(pos, member); \
    2846 (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
    2847
    2848 /**
    2849 @@ -143,7 +160,7 @@ static inline void init_llist_head(struct llist_head *list)
    2850 */
    2851 #define llist_for_each_entry_safe(pos, n, node, member) \
    2852 for (pos = llist_entry((node), typeof(*pos), member); \
    2853 - &pos->member != NULL && \
    2854 + member_address_is_nonnull(pos, member) && \
    2855 (n = llist_entry(pos->member.next, typeof(*n), member), true); \
    2856 pos = n)
    2857
    2858 diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
    2859 index 9bfeb88fb940..69111fa2e578 100644
    2860 --- a/include/linux/netfilter/x_tables.h
    2861 +++ b/include/linux/netfilter/x_tables.h
    2862 @@ -254,6 +254,8 @@ unsigned int *xt_alloc_entry_offsets(unsigned int size);
    2863 bool xt_find_jump_offset(const unsigned int *offsets,
    2864 unsigned int target, unsigned int size);
    2865
    2866 +int xt_check_proc_name(const char *name, unsigned int size);
    2867 +
    2868 int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,
    2869 bool inv_proto);
    2870 int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,
    2871 diff --git a/include/rdma/ib_addr.h b/include/rdma/ib_addr.h
    2872 index 818a38f99221..f888263fd757 100644
    2873 --- a/include/rdma/ib_addr.h
    2874 +++ b/include/rdma/ib_addr.h
    2875 @@ -129,6 +129,8 @@ int rdma_copy_addr(struct rdma_dev_addr *dev_addr, struct net_device *dev,
    2876 const unsigned char *dst_dev_addr);
    2877
    2878 int rdma_addr_size(struct sockaddr *addr);
    2879 +int rdma_addr_size_in6(struct sockaddr_in6 *addr);
    2880 +int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);
    2881
    2882 int rdma_addr_find_smac_by_sgid(union ib_gid *sgid, u8 *smac, u16 *vlan_id);
    2883 int rdma_addr_find_l2_eth_by_grh(const union ib_gid *sgid,
    2884 diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h
    2885 index e5a2e68b2236..ecc8e01c5616 100644
    2886 --- a/include/uapi/linux/pci_regs.h
    2887 +++ b/include/uapi/linux/pci_regs.h
    2888 @@ -106,7 +106,7 @@
    2889 #define PCI_SUBSYSTEM_ID 0x2e
    2890 #define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */
    2891 #define PCI_ROM_ADDRESS_ENABLE 0x01
    2892 -#define PCI_ROM_ADDRESS_MASK (~0x7ffUL)
    2893 +#define PCI_ROM_ADDRESS_MASK (~0x7ffU)
    2894
    2895 #define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */
    2896
    2897 diff --git a/init/main.c b/init/main.c
    2898 index 99f026565608..f22957afb37e 100644
    2899 --- a/init/main.c
    2900 +++ b/init/main.c
    2901 @@ -81,6 +81,7 @@
    2902 #include <linux/proc_ns.h>
    2903 #include <linux/io.h>
    2904 #include <linux/kaiser.h>
    2905 +#include <linux/cache.h>
    2906
    2907 #include <asm/io.h>
    2908 #include <asm/bugs.h>
    2909 @@ -914,14 +915,16 @@ static int try_to_run_init_process(const char *init_filename)
    2910
    2911 static noinline void __init kernel_init_freeable(void);
    2912
    2913 -#ifdef CONFIG_DEBUG_RODATA
    2914 -static bool rodata_enabled = true;
    2915 +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_SET_MODULE_RONX)
    2916 +bool rodata_enabled __ro_after_init = true;
    2917 static int __init set_debug_rodata(char *str)
    2918 {
    2919 return strtobool(str, &rodata_enabled);
    2920 }
    2921 __setup("rodata=", set_debug_rodata);
    2922 +#endif
    2923
    2924 +#ifdef CONFIG_DEBUG_RODATA
    2925 static void mark_readonly(void)
    2926 {
    2927 if (rodata_enabled)
    2928 diff --git a/ipc/shm.c b/ipc/shm.c
    2929 index e2072ae4f90e..de93d01bfce2 100644
    2930 --- a/ipc/shm.c
    2931 +++ b/ipc/shm.c
    2932 @@ -381,6 +381,17 @@ static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
    2933 return sfd->vm_ops->fault(vma, vmf);
    2934 }
    2935
    2936 +static int shm_split(struct vm_area_struct *vma, unsigned long addr)
    2937 +{
    2938 + struct file *file = vma->vm_file;
    2939 + struct shm_file_data *sfd = shm_file_data(file);
    2940 +
    2941 + if (sfd->vm_ops && sfd->vm_ops->split)
    2942 + return sfd->vm_ops->split(vma, addr);
    2943 +
    2944 + return 0;
    2945 +}
    2946 +
    2947 #ifdef CONFIG_NUMA
    2948 static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new)
    2949 {
    2950 @@ -503,6 +514,7 @@ static const struct vm_operations_struct shm_vm_ops = {
    2951 .open = shm_open, /* callback for a new vm-area open */
    2952 .close = shm_close, /* callback for when the vm-area is released */
    2953 .fault = shm_fault,
    2954 + .split = shm_split,
    2955 #if defined(CONFIG_NUMA)
    2956 .set_policy = shm_set_policy,
    2957 .get_policy = shm_get_policy,
    2958 diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
    2959 index 3f8cb1e14588..253ae2da13c3 100644
    2960 --- a/kernel/events/hw_breakpoint.c
    2961 +++ b/kernel/events/hw_breakpoint.c
    2962 @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_breakpoint);
    2963 * modify_user_hw_breakpoint - modify a user-space hardware breakpoint
    2964 * @bp: the breakpoint structure to modify
    2965 * @attr: new breakpoint attributes
    2966 - * @triggered: callback to trigger when we hit the breakpoint
    2967 - * @tsk: pointer to 'task_struct' of the process to which the address belongs
    2968 */
    2969 int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr)
    2970 {
    2971 - u64 old_addr = bp->attr.bp_addr;
    2972 - u64 old_len = bp->attr.bp_len;
    2973 - int old_type = bp->attr.bp_type;
    2974 - int err = 0;
    2975 -
    2976 /*
    2977 * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it
    2978 * will not be possible to raise IPIs that invoke __perf_event_disable.
    2979 @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att
    2980 bp->attr.bp_addr = attr->bp_addr;
    2981 bp->attr.bp_type = attr->bp_type;
    2982 bp->attr.bp_len = attr->bp_len;
    2983 + bp->attr.disabled = 1;
    2984
    2985 - if (attr->disabled)
    2986 - goto end;
    2987 -
    2988 - err = validate_hw_breakpoint(bp);
    2989 - if (!err)
    2990 - perf_event_enable(bp);
    2991 + if (!attr->disabled) {
    2992 + int err = validate_hw_breakpoint(bp);
    2993
    2994 - if (err) {
    2995 - bp->attr.bp_addr = old_addr;
    2996 - bp->attr.bp_type = old_type;
    2997 - bp->attr.bp_len = old_len;
    2998 - if (!bp->attr.disabled)
    2999 - perf_event_enable(bp);
    3000 + if (err)
    3001 + return err;
    3002
    3003 - return err;
    3004 + perf_event_enable(bp);
    3005 + bp->attr.disabled = 0;
    3006 }
    3007
    3008 -end:
    3009 - bp->attr.disabled = attr->disabled;
    3010 -
    3011 return 0;
    3012 }
    3013 EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint);
    3014 diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
    3015 index ea41820ab12e..5927da596d42 100644
    3016 --- a/kernel/irq/manage.c
    3017 +++ b/kernel/irq/manage.c
    3018 @@ -850,7 +850,7 @@ irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action)
    3019 * This code is triggered unconditionally. Check the affinity
    3020 * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out.
    3021 */
    3022 - if (desc->irq_common_data.affinity)
    3023 + if (cpumask_available(desc->irq_common_data.affinity))
    3024 cpumask_copy(mask, desc->irq_common_data.affinity);
    3025 else
    3026 valid = false;
    3027 diff --git a/kernel/kprobes.c b/kernel/kprobes.c
    3028 index a1a07cf1101f..69485183af79 100644
    3029 --- a/kernel/kprobes.c
    3030 +++ b/kernel/kprobes.c
    3031 @@ -125,7 +125,7 @@ static void *alloc_insn_page(void)
    3032 return module_alloc(PAGE_SIZE);
    3033 }
    3034
    3035 -static void free_insn_page(void *page)
    3036 +void __weak free_insn_page(void *page)
    3037 {
    3038 module_memfree(page);
    3039 }
    3040 diff --git a/kernel/module.c b/kernel/module.c
    3041 index 07bfb9971f2f..0651f2d25fc9 100644
    3042 --- a/kernel/module.c
    3043 +++ b/kernel/module.c
    3044 @@ -1911,6 +1911,9 @@ static void frob_writable_data(const struct module_layout *layout,
    3045 /* livepatching wants to disable read-only so it can frob module. */
    3046 void module_disable_ro(const struct module *mod)
    3047 {
    3048 + if (!rodata_enabled)
    3049 + return;
    3050 +
    3051 frob_text(&mod->core_layout, set_memory_rw);
    3052 frob_rodata(&mod->core_layout, set_memory_rw);
    3053 frob_ro_after_init(&mod->core_layout, set_memory_rw);
    3054 @@ -1920,6 +1923,9 @@ void module_disable_ro(const struct module *mod)
    3055
    3056 void module_enable_ro(const struct module *mod, bool after_init)
    3057 {
    3058 + if (!rodata_enabled)
    3059 + return;
    3060 +
    3061 frob_text(&mod->core_layout, set_memory_ro);
    3062 frob_rodata(&mod->core_layout, set_memory_ro);
    3063 frob_text(&mod->init_layout, set_memory_ro);
    3064 @@ -1952,6 +1958,9 @@ void set_all_modules_text_rw(void)
    3065 {
    3066 struct module *mod;
    3067
    3068 + if (!rodata_enabled)
    3069 + return;
    3070 +
    3071 mutex_lock(&module_mutex);
    3072 list_for_each_entry_rcu(mod, &modules, list) {
    3073 if (mod->state == MODULE_STATE_UNFORMED)
    3074 @@ -1968,6 +1977,9 @@ void set_all_modules_text_ro(void)
    3075 {
    3076 struct module *mod;
    3077
    3078 + if (!rodata_enabled)
    3079 + return;
    3080 +
    3081 mutex_lock(&module_mutex);
    3082 list_for_each_entry_rcu(mod, &modules, list) {
    3083 if (mod->state == MODULE_STATE_UNFORMED)
    3084 @@ -1981,10 +1993,12 @@ void set_all_modules_text_ro(void)
    3085
    3086 static void disable_ro_nx(const struct module_layout *layout)
    3087 {
    3088 - frob_text(layout, set_memory_rw);
    3089 - frob_rodata(layout, set_memory_rw);
    3090 + if (rodata_enabled) {
    3091 + frob_text(layout, set_memory_rw);
    3092 + frob_rodata(layout, set_memory_rw);
    3093 + frob_ro_after_init(layout, set_memory_rw);
    3094 + }
    3095 frob_rodata(layout, set_memory_x);
    3096 - frob_ro_after_init(layout, set_memory_rw);
    3097 frob_ro_after_init(layout, set_memory_x);
    3098 frob_writable_data(layout, set_memory_x);
    3099 }
    3100 diff --git a/mm/vmscan.c b/mm/vmscan.c
    3101 index cdd5c3b5c357..557ad1367595 100644
    3102 --- a/mm/vmscan.c
    3103 +++ b/mm/vmscan.c
    3104 @@ -2966,7 +2966,7 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
    3105 unsigned long nr_reclaimed;
    3106 struct scan_control sc = {
    3107 .nr_to_reclaim = SWAP_CLUSTER_MAX,
    3108 - .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
    3109 + .gfp_mask = memalloc_noio_flags(gfp_mask),
    3110 .reclaim_idx = gfp_zone(gfp_mask),
    3111 .order = order,
    3112 .nodemask = nodemask,
    3113 @@ -2981,12 +2981,12 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
    3114 * 1 is returned so that the page allocator does not OOM kill at this
    3115 * point.
    3116 */
    3117 - if (throttle_direct_reclaim(gfp_mask, zonelist, nodemask))
    3118 + if (throttle_direct_reclaim(sc.gfp_mask, zonelist, nodemask))
    3119 return 1;
    3120
    3121 trace_mm_vmscan_direct_reclaim_begin(order,
    3122 sc.may_writepage,
    3123 - gfp_mask,
    3124 + sc.gfp_mask,
    3125 sc.reclaim_idx);
    3126
    3127 nr_reclaimed = do_try_to_free_pages(zonelist, &sc);
    3128 @@ -3749,16 +3749,15 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
    3129 const unsigned long nr_pages = 1 << order;
    3130 struct task_struct *p = current;
    3131 struct reclaim_state reclaim_state;
    3132 - int classzone_idx = gfp_zone(gfp_mask);
    3133 struct scan_control sc = {
    3134 .nr_to_reclaim = max(nr_pages, SWAP_CLUSTER_MAX),
    3135 - .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
    3136 + .gfp_mask = memalloc_noio_flags(gfp_mask),
    3137 .order = order,
    3138 .priority = NODE_RECLAIM_PRIORITY,
    3139 .may_writepage = !!(node_reclaim_mode & RECLAIM_WRITE),
    3140 .may_unmap = !!(node_reclaim_mode & RECLAIM_UNMAP),
    3141 .may_swap = 1,
    3142 - .reclaim_idx = classzone_idx,
    3143 + .reclaim_idx = gfp_zone(gfp_mask),
    3144 };
    3145
    3146 cond_resched();
    3147 @@ -3768,7 +3767,7 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
    3148 * and RECLAIM_UNMAP.
    3149 */
    3150 p->flags |= PF_MEMALLOC | PF_SWAPWRITE;
    3151 - lockdep_set_current_reclaim_state(gfp_mask);
    3152 + lockdep_set_current_reclaim_state(sc.gfp_mask);
    3153 reclaim_state.reclaimed_slab = 0;
    3154 p->reclaim_state = &reclaim_state;
    3155
    3156 diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
    3157 index 658c900752c6..ead4d1baeaa6 100644
    3158 --- a/net/bluetooth/smp.c
    3159 +++ b/net/bluetooth/smp.c
    3160 @@ -2233,8 +2233,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
    3161 else
    3162 sec_level = authreq_to_seclevel(auth);
    3163
    3164 - if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
    3165 + if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
    3166 + /* If link is already encrypted with sufficient security we
    3167 + * still need refresh encryption as per Core Spec 5.0 Vol 3,
    3168 + * Part H 2.4.6
    3169 + */
    3170 + smp_ltk_encrypt(conn, hcon->sec_level);
    3171 return 0;
    3172 + }
    3173
    3174 if (sec_level > hcon->pending_sec_level)
    3175 hcon->pending_sec_level = sec_level;
    3176 diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
    3177 index 9637a681bdda..9adf16258cab 100644
    3178 --- a/net/bridge/netfilter/ebt_among.c
    3179 +++ b/net/bridge/netfilter/ebt_among.c
    3180 @@ -177,6 +177,28 @@ static bool poolsize_invalid(const struct ebt_mac_wormhash *w)
    3181 return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple));
    3182 }
    3183
    3184 +static bool wormhash_offset_invalid(int off, unsigned int len)
    3185 +{
    3186 + if (off == 0) /* not present */
    3187 + return false;
    3188 +
    3189 + if (off < (int)sizeof(struct ebt_among_info) ||
    3190 + off % __alignof__(struct ebt_mac_wormhash))
    3191 + return true;
    3192 +
    3193 + off += sizeof(struct ebt_mac_wormhash);
    3194 +
    3195 + return off > len;
    3196 +}
    3197 +
    3198 +static bool wormhash_sizes_valid(const struct ebt_mac_wormhash *wh, int a, int b)
    3199 +{
    3200 + if (a == 0)
    3201 + a = sizeof(struct ebt_among_info);
    3202 +
    3203 + return ebt_mac_wormhash_size(wh) + a == b;
    3204 +}
    3205 +
    3206 static int ebt_among_mt_check(const struct xt_mtchk_param *par)
    3207 {
    3208 const struct ebt_among_info *info = par->matchinfo;
    3209 @@ -189,6 +211,10 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
    3210 if (expected_length > em->match_size)
    3211 return -EINVAL;
    3212
    3213 + if (wormhash_offset_invalid(info->wh_dst_ofs, em->match_size) ||
    3214 + wormhash_offset_invalid(info->wh_src_ofs, em->match_size))
    3215 + return -EINVAL;
    3216 +
    3217 wh_dst = ebt_among_wh_dst(info);
    3218 if (poolsize_invalid(wh_dst))
    3219 return -EINVAL;
    3220 @@ -201,6 +227,14 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
    3221 if (poolsize_invalid(wh_src))
    3222 return -EINVAL;
    3223
    3224 + if (info->wh_src_ofs < info->wh_dst_ofs) {
    3225 + if (!wormhash_sizes_valid(wh_src, info->wh_src_ofs, info->wh_dst_ofs))
    3226 + return -EINVAL;
    3227 + } else {
    3228 + if (!wormhash_sizes_valid(wh_dst, info->wh_dst_ofs, info->wh_src_ofs))
    3229 + return -EINVAL;
    3230 + }
    3231 +
    3232 expected_length += ebt_mac_wormhash_size(wh_src);
    3233
    3234 if (em->match_size != EBT_ALIGN(expected_length)) {
    3235 diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
    3236 index 574f7ebba0b6..ac8342dcb55e 100644
    3237 --- a/net/ipv4/netfilter/nf_nat_h323.c
    3238 +++ b/net/ipv4/netfilter/nf_nat_h323.c
    3239 @@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
    3240 if (set_h245_addr(skb, protoff, data, dataoff, taddr,
    3241 &ct->tuplehash[!dir].tuple.dst.u3,
    3242 htons((port & htons(1)) ? nated_port + 1 :
    3243 - nated_port)) == 0) {
    3244 - /* Save ports */
    3245 - info->rtp_port[i][dir] = rtp_port;
    3246 - info->rtp_port[i][!dir] = htons(nated_port);
    3247 - } else {
    3248 + nated_port))) {
    3249 nf_ct_unexpect_related(rtp_exp);
    3250 nf_ct_unexpect_related(rtcp_exp);
    3251 return -1;
    3252 }
    3253
    3254 + /* Save ports */
    3255 + info->rtp_port[i][dir] = rtp_port;
    3256 + info->rtp_port[i][!dir] = htons(nated_port);
    3257 +
    3258 /* Success */
    3259 pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
    3260 &rtp_exp->tuple.src.u3.ip,
    3261 @@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
    3262 /* Modify signal */
    3263 if (set_h225_addr(skb, protoff, data, dataoff, taddr,
    3264 &ct->tuplehash[!dir].tuple.dst.u3,
    3265 - htons(nated_port)) == 0) {
    3266 - /* Save ports */
    3267 - info->sig_port[dir] = port;
    3268 - info->sig_port[!dir] = htons(nated_port);
    3269 - } else {
    3270 + htons(nated_port))) {
    3271 nf_ct_unexpect_related(exp);
    3272 return -1;
    3273 }
    3274
    3275 + /* Save ports */
    3276 + info->sig_port[dir] = port;
    3277 + info->sig_port[!dir] = htons(nated_port);
    3278 +
    3279 pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
    3280 &exp->tuple.src.u3.ip,
    3281 ntohs(exp->tuple.src.u.tcp.port),
    3282 @@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
    3283 /* Modify signal */
    3284 if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
    3285 &ct->tuplehash[!dir].tuple.dst.u3,
    3286 - htons(nated_port)) == 0) {
    3287 - /* Save ports */
    3288 - info->sig_port[dir] = port;
    3289 - info->sig_port[!dir] = htons(nated_port);
    3290 -
    3291 - /* Fix for Gnomemeeting */
    3292 - if (idx > 0 &&
    3293 - get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
    3294 - (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
    3295 - set_h225_addr(skb, protoff, data, 0, &taddr[0],
    3296 - &ct->tuplehash[!dir].tuple.dst.u3,
    3297 - info->sig_port[!dir]);
    3298 - }
    3299 - } else {
    3300 + htons(nated_port))) {
    3301 nf_ct_unexpect_related(exp);
    3302 return -1;
    3303 }
    3304
    3305 + /* Save ports */
    3306 + info->sig_port[dir] = port;
    3307 + info->sig_port[!dir] = htons(nated_port);
    3308 +
    3309 + /* Fix for Gnomemeeting */
    3310 + if (idx > 0 &&
    3311 + get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
    3312 + (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
    3313 + if (set_h225_addr(skb, protoff, data, 0, &taddr[0],
    3314 + &ct->tuplehash[!dir].tuple.dst.u3,
    3315 + info->sig_port[!dir])) {
    3316 + nf_ct_unexpect_related(exp);
    3317 + return -1;
    3318 + }
    3319 + }
    3320 +
    3321 /* Success */
    3322 pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
    3323 &exp->tuple.src.u3.ip,
    3324 @@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
    3325 }
    3326
    3327 /* Modify signal */
    3328 - if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
    3329 - &ct->tuplehash[!dir].tuple.dst.u3,
    3330 - htons(nated_port)) == 0) {
    3331 + if (set_h225_addr(skb, protoff, data, dataoff, taddr,
    3332 + &ct->tuplehash[!dir].tuple.dst.u3,
    3333 + htons(nated_port))) {
    3334 nf_ct_unexpect_related(exp);
    3335 return -1;
    3336 }
    3337 diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
    3338 index 345efeb887ef..912333586de6 100644
    3339 --- a/net/ipv6/ip6_vti.c
    3340 +++ b/net/ipv6/ip6_vti.c
    3341 @@ -625,7 +625,6 @@ static void vti6_link_config(struct ip6_tnl *t)
    3342 {
    3343 struct net_device *dev = t->dev;
    3344 struct __ip6_tnl_parm *p = &t->parms;
    3345 - struct net_device *tdev = NULL;
    3346
    3347 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
    3348 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
    3349 @@ -638,25 +637,6 @@ static void vti6_link_config(struct ip6_tnl *t)
    3350 dev->flags |= IFF_POINTOPOINT;
    3351 else
    3352 dev->flags &= ~IFF_POINTOPOINT;
    3353 -
    3354 - if (p->flags & IP6_TNL_F_CAP_XMIT) {
    3355 - int strict = (ipv6_addr_type(&p->raddr) &
    3356 - (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
    3357 - struct rt6_info *rt = rt6_lookup(t->net,
    3358 - &p->raddr, &p->laddr,
    3359 - p->link, strict);
    3360 -
    3361 - if (rt)
    3362 - tdev = rt->dst.dev;
    3363 - ip6_rt_put(rt);
    3364 - }
    3365 -
    3366 - if (!tdev && p->link)
    3367 - tdev = __dev_get_by_index(t->net, p->link);
    3368 -
    3369 - if (tdev)
    3370 - dev->mtu = max_t(int, tdev->mtu - dev->hard_header_len,
    3371 - IPV6_MIN_MTU);
    3372 }
    3373
    3374 /**
    3375 diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
    3376 index d31818e7d10c..a5acaf1efaab 100644
    3377 --- a/net/mac80211/ibss.c
    3378 +++ b/net/mac80211/ibss.c
    3379 @@ -427,7 +427,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
    3380 case NL80211_CHAN_WIDTH_5:
    3381 case NL80211_CHAN_WIDTH_10:
    3382 cfg80211_chandef_create(&chandef, cbss->channel,
    3383 - NL80211_CHAN_WIDTH_20_NOHT);
    3384 + NL80211_CHAN_NO_HT);
    3385 chandef.width = sdata->u.ibss.chandef.width;
    3386 break;
    3387 case NL80211_CHAN_WIDTH_80:
    3388 @@ -439,7 +439,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
    3389 default:
    3390 /* fall back to 20 MHz for unsupported modes */
    3391 cfg80211_chandef_create(&chandef, cbss->channel,
    3392 - NL80211_CHAN_WIDTH_20_NOHT);
    3393 + NL80211_CHAN_NO_HT);
    3394 break;
    3395 }
    3396
    3397 diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
    3398 index dbceb42c2a8e..e6096dfd0210 100644
    3399 --- a/net/mac80211/rate.c
    3400 +++ b/net/mac80211/rate.c
    3401 @@ -173,9 +173,11 @@ ieee80211_rate_control_ops_get(const char *name)
    3402 /* try default if specific alg requested but not found */
    3403 ops = ieee80211_try_rate_control_ops_get(ieee80211_default_rc_algo);
    3404
    3405 - /* try built-in one if specific alg requested but not found */
    3406 - if (!ops && strlen(CONFIG_MAC80211_RC_DEFAULT))
    3407 + /* Note: check for > 0 is intentional to avoid clang warning */
    3408 + if (!ops && (strlen(CONFIG_MAC80211_RC_DEFAULT) > 0))
    3409 + /* try built-in one if specific alg requested but not found */
    3410 ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT);
    3411 +
    3412 kernel_param_unlock(THIS_MODULE);
    3413
    3414 return ops;
    3415 diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
    3416 index d5caed5bcfb1..d49a4639465f 100644
    3417 --- a/net/netfilter/nf_conntrack_netlink.c
    3418 +++ b/net/netfilter/nf_conntrack_netlink.c
    3419 @@ -1008,9 +1008,8 @@ static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = {
    3420
    3421 static int
    3422 ctnetlink_parse_tuple(const struct nlattr * const cda[],
    3423 - struct nf_conntrack_tuple *tuple,
    3424 - enum ctattr_type type, u_int8_t l3num,
    3425 - struct nf_conntrack_zone *zone)
    3426 + struct nf_conntrack_tuple *tuple, u32 type,
    3427 + u_int8_t l3num, struct nf_conntrack_zone *zone)
    3428 {
    3429 struct nlattr *tb[CTA_TUPLE_MAX+1];
    3430 int err;
    3431 @@ -2409,7 +2408,7 @@ static struct nfnl_ct_hook ctnetlink_glue_hook = {
    3432
    3433 static int ctnetlink_exp_dump_tuple(struct sk_buff *skb,
    3434 const struct nf_conntrack_tuple *tuple,
    3435 - enum ctattr_expect type)
    3436 + u32 type)
    3437 {
    3438 struct nlattr *nest_parms;
    3439
    3440 diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
    3441 index 7ad1a863587a..59be89813a29 100644
    3442 --- a/net/netfilter/x_tables.c
    3443 +++ b/net/netfilter/x_tables.c
    3444 @@ -367,6 +367,36 @@ textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
    3445 return buf;
    3446 }
    3447
    3448 +/**
    3449 + * xt_check_proc_name - check that name is suitable for /proc file creation
    3450 + *
    3451 + * @name: file name candidate
    3452 + * @size: length of buffer
    3453 + *
    3454 + * some x_tables modules wish to create a file in /proc.
    3455 + * This function makes sure that the name is suitable for this
    3456 + * purpose, it checks that name is NUL terminated and isn't a 'special'
    3457 + * name, like "..".
    3458 + *
    3459 + * returns negative number on error or 0 if name is useable.
    3460 + */
    3461 +int xt_check_proc_name(const char *name, unsigned int size)
    3462 +{
    3463 + if (name[0] == '\0')
    3464 + return -EINVAL;
    3465 +
    3466 + if (strnlen(name, size) == size)
    3467 + return -ENAMETOOLONG;
    3468 +
    3469 + if (strcmp(name, ".") == 0 ||
    3470 + strcmp(name, "..") == 0 ||
    3471 + strchr(name, '/'))
    3472 + return -EINVAL;
    3473 +
    3474 + return 0;
    3475 +}
    3476 +EXPORT_SYMBOL(xt_check_proc_name);
    3477 +
    3478 int xt_check_match(struct xt_mtchk_param *par,
    3479 unsigned int size, u_int8_t proto, bool inv_proto)
    3480 {
    3481 diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
    3482 index b89b688e9d01..a1a29cdc58fc 100644
    3483 --- a/net/netfilter/xt_hashlimit.c
    3484 +++ b/net/netfilter/xt_hashlimit.c
    3485 @@ -794,8 +794,9 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
    3486 struct hashlimit_cfg2 cfg = {};
    3487 int ret;
    3488
    3489 - if (info->name[sizeof(info->name) - 1] != '\0')
    3490 - return -EINVAL;
    3491 + ret = xt_check_proc_name(info->name, sizeof(info->name));
    3492 + if (ret)
    3493 + return ret;
    3494
    3495 ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
    3496
    3497 @@ -809,9 +810,11 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
    3498 static int hashlimit_mt_check(const struct xt_mtchk_param *par)
    3499 {
    3500 struct xt_hashlimit_mtinfo2 *info = par->matchinfo;
    3501 + int ret;
    3502
    3503 - if (info->name[sizeof(info->name) - 1] != '\0')
    3504 - return -EINVAL;
    3505 + ret = xt_check_proc_name(info->name, sizeof(info->name));
    3506 + if (ret)
    3507 + return ret;
    3508
    3509 return hashlimit_mt_check_common(par, &info->hinfo, &info->cfg,
    3510 info->name, 2);
    3511 diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
    3512 index e3b7a09b103e..79d7ad621a80 100644
    3513 --- a/net/netfilter/xt_recent.c
    3514 +++ b/net/netfilter/xt_recent.c
    3515 @@ -361,9 +361,9 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
    3516 info->hit_count, XT_RECENT_MAX_NSTAMPS - 1);
    3517 return -EINVAL;
    3518 }
    3519 - if (info->name[0] == '\0' ||
    3520 - strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN)
    3521 - return -EINVAL;
    3522 + ret = xt_check_proc_name(info->name, sizeof(info->name));
    3523 + if (ret)
    3524 + return ret;
    3525
    3526 if (ip_pkt_list_tot && info->hit_count < ip_pkt_list_tot)
    3527 nstamp_mask = roundup_pow_of_two(ip_pkt_list_tot) - 1;
    3528 diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
    3529 index a89061d59c74..36280e114959 100644
    3530 --- a/net/wireless/nl80211.c
    3531 +++ b/net/wireless/nl80211.c
    3532 @@ -4081,7 +4081,7 @@ static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
    3533 struct nlattr *rate;
    3534 u32 bitrate;
    3535 u16 bitrate_compat;
    3536 - enum nl80211_attrs rate_flg;
    3537 + enum nl80211_rate_info rate_flg;
    3538
    3539 rate = nla_nest_start(msg, attr);
    3540 if (!rate)
    3541 diff --git a/net/wireless/util.c b/net/wireless/util.c
    3542 index c921c2eed15d..bb54d9db82df 100644
    3543 --- a/net/wireless/util.c
    3544 +++ b/net/wireless/util.c
    3545 @@ -663,7 +663,7 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
    3546 int offset, int len)
    3547 {
    3548 struct skb_shared_info *sh = skb_shinfo(skb);
    3549 - const skb_frag_t *frag = &sh->frags[-1];
    3550 + const skb_frag_t *frag = &sh->frags[0];
    3551 struct page *frag_page;
    3552 void *frag_ptr;
    3553 int frag_len, frag_size;
    3554 @@ -676,10 +676,10 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
    3555
    3556 while (offset >= frag_size) {
    3557 offset -= frag_size;
    3558 - frag++;
    3559 frag_page = skb_frag_page(frag);
    3560 frag_ptr = skb_frag_address(frag);
    3561 frag_size = skb_frag_size(frag);
    3562 + frag++;
    3563 }
    3564
    3565 frag_ptr += offset;
    3566 @@ -691,12 +691,12 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
    3567 len -= cur_len;
    3568
    3569 while (len > 0) {
    3570 - frag++;
    3571 frag_len = skb_frag_size(frag);
    3572 cur_len = min(len, frag_len);
    3573 __frame_add_frag(frame, skb_frag_page(frag),
    3574 skb_frag_address(frag), cur_len, frag_len);
    3575 len -= cur_len;
    3576 + frag++;
    3577 }
    3578 }
    3579
    3580 diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
    3581 index ccfdc7115a83..a00ec715aa46 100644
    3582 --- a/net/xfrm/xfrm_ipcomp.c
    3583 +++ b/net/xfrm/xfrm_ipcomp.c
    3584 @@ -283,7 +283,7 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
    3585 struct crypto_comp *tfm;
    3586
    3587 /* This can be any valid CPU ID so we don't need locking. */
    3588 - tfm = __this_cpu_read(*pos->tfms);
    3589 + tfm = this_cpu_read(*pos->tfms);
    3590
    3591 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
    3592 pos->users++;
    3593 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
    3594 index 13e0611a9085..fdb9742d934e 100644
    3595 --- a/net/xfrm/xfrm_state.c
    3596 +++ b/net/xfrm/xfrm_state.c
    3597 @@ -1883,6 +1883,11 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
    3598 struct xfrm_mgr *km;
    3599 struct xfrm_policy *pol = NULL;
    3600
    3601 +#ifdef CONFIG_COMPAT
    3602 + if (in_compat_syscall())
    3603 + return -EOPNOTSUPP;
    3604 +#endif
    3605 +
    3606 if (!optval && !optlen) {
    3607 xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
    3608 xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
    3609 diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
    3610 index 5d33967d9aa1..6a029358bfd1 100644
    3611 --- a/net/xfrm/xfrm_user.c
    3612 +++ b/net/xfrm/xfrm_user.c
    3613 @@ -121,22 +121,17 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
    3614 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
    3615 struct xfrm_replay_state_esn *rs;
    3616
    3617 - if (p->flags & XFRM_STATE_ESN) {
    3618 - if (!rt)
    3619 - return -EINVAL;
    3620 + if (!rt)
    3621 + return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0;
    3622
    3623 - rs = nla_data(rt);
    3624 + rs = nla_data(rt);
    3625
    3626 - if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
    3627 - return -EINVAL;
    3628 -
    3629 - if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
    3630 - nla_len(rt) != sizeof(*rs))
    3631 - return -EINVAL;
    3632 - }
    3633 + if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
    3634 + return -EINVAL;
    3635
    3636 - if (!rt)
    3637 - return 0;
    3638 + if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
    3639 + nla_len(rt) != sizeof(*rs))
    3640 + return -EINVAL;
    3641
    3642 /* As only ESP and AH support ESN feature. */
    3643 if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
    3644 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
    3645 index b8278f3af9da..17627d8d5a26 100644
    3646 --- a/security/selinux/hooks.c
    3647 +++ b/security/selinux/hooks.c
    3648 @@ -406,18 +406,6 @@ static void superblock_free_security(struct super_block *sb)
    3649 kfree(sbsec);
    3650 }
    3651
    3652 -/* The file system's label must be initialized prior to use. */
    3653 -
    3654 -static const char *labeling_behaviors[7] = {
    3655 - "uses xattr",
    3656 - "uses transition SIDs",
    3657 - "uses task SIDs",
    3658 - "uses genfs_contexts",
    3659 - "not configured for labeling",
    3660 - "uses mountpoint labeling",
    3661 - "uses native labeling",
    3662 -};
    3663 -
    3664 static inline int inode_doinit(struct inode *inode)
    3665 {
    3666 return inode_doinit_with_dentry(inode, NULL);
    3667 @@ -528,10 +516,6 @@ static int sb_finish_set_opts(struct super_block *sb)
    3668 }
    3669 }
    3670
    3671 - if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
    3672 - printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
    3673 - sb->s_id, sb->s_type->name);
    3674 -
    3675 sbsec->flags |= SE_SBINITIALIZED;
    3676 if (selinux_is_sblabel_mnt(sb))
    3677 sbsec->flags |= SBLABEL_MNT;
    3678 diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
    3679 index 73275a92f2e2..d656b7c98394 100644
    3680 --- a/security/selinux/ss/services.c
    3681 +++ b/security/selinux/ss/services.c
    3682 @@ -155,7 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
    3683 }
    3684
    3685 k = 0;
    3686 - while (p_in->perms && p_in->perms[k]) {
    3687 + while (p_in->perms[k]) {
    3688 /* An empty permission string skips ahead */
    3689 if (!*p_in->perms[k]) {
    3690 k++;
    3691 diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
    3692 index 3e7c3573871d..fa8741afadf5 100644
    3693 --- a/sound/core/oss/pcm_oss.c
    3694 +++ b/sound/core/oss/pcm_oss.c
    3695 @@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha
    3696 static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes)
    3697 {
    3698 size_t xfer = 0;
    3699 - ssize_t tmp;
    3700 + ssize_t tmp = 0;
    3701 struct snd_pcm_runtime *runtime = substream->runtime;
    3702
    3703 if (atomic_read(&substream->mmap_count))
    3704 @@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf,
    3705 static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes)
    3706 {
    3707 size_t xfer = 0;
    3708 - ssize_t tmp;
    3709 + ssize_t tmp = 0;
    3710 struct snd_pcm_runtime *runtime = substream->runtime;
    3711
    3712 if (atomic_read(&substream->mmap_count))
    3713 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
    3714 index 9d33c1e85c79..d503285867e7 100644
    3715 --- a/sound/core/pcm_native.c
    3716 +++ b/sound/core/pcm_native.c
    3717 @@ -3410,7 +3410,7 @@ int snd_pcm_lib_default_mmap(struct snd_pcm_substream *substream,
    3718 area,
    3719 substream->runtime->dma_area,
    3720 substream->runtime->dma_addr,
    3721 - area->vm_end - area->vm_start);
    3722 + substream->runtime->dma_bytes);
    3723 #endif /* CONFIG_X86 */
    3724 /* mmap with fault handler */
    3725 area->vm_ops = &snd_pcm_vm_ops_data_fault;
    3726 diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
    3727 index 1cd7f8b0bf77..45655b9108e8 100644
    3728 --- a/sound/usb/quirks.c
    3729 +++ b/sound/usb/quirks.c
    3730 @@ -1175,6 +1175,7 @@ static bool is_teac_dsd_dac(unsigned int id)
    3731 switch (id) {
    3732 case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */
    3733 case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */
    3734 + case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */
    3735 return true;
    3736 }
    3737 return false;