Magellan Linux

Contents of /trunk/kernel-magellan/patches-3.17/0101-3.17.2-all-fixes.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2513 - (show annotations) (download)
Fri Oct 31 08:20:11 2014 UTC (10 years ago) by niro
File size: 258129 byte(s)
-linux-3.17.2
1 diff --git a/Documentation/lzo.txt b/Documentation/lzo.txt
2 new file mode 100644
3 index 000000000000..ea45dd3901e3
4 --- /dev/null
5 +++ b/Documentation/lzo.txt
6 @@ -0,0 +1,164 @@
7 +
8 +LZO stream format as understood by Linux's LZO decompressor
9 +===========================================================
10 +
11 +Introduction
12 +
13 + This is not a specification. No specification seems to be publicly available
14 + for the LZO stream format. This document describes what input format the LZO
15 + decompressor as implemented in the Linux kernel understands. The file subject
16 + of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on
17 + the compressor nor on any other implementations though it seems likely that
18 + the format matches the standard one. The purpose of this document is to
19 + better understand what the code does in order to propose more efficient fixes
20 + for future bug reports.
21 +
22 +Description
23 +
24 + The stream is composed of a series of instructions, operands, and data. The
25 + instructions consist in a few bits representing an opcode, and bits forming
26 + the operands for the instruction, whose size and position depend on the
27 + opcode and on the number of literals copied by previous instruction. The
28 + operands are used to indicate :
29 +
30 + - a distance when copying data from the dictionary (past output buffer)
31 + - a length (number of bytes to copy from dictionary)
32 + - the number of literals to copy, which is retained in variable "state"
33 + as a piece of information for next instructions.
34 +
35 + Optionally depending on the opcode and operands, extra data may follow. These
36 + extra data can be a complement for the operand (eg: a length or a distance
37 + encoded on larger values), or a literal to be copied to the output buffer.
38 +
39 + The first byte of the block follows a different encoding from other bytes, it
40 + seems to be optimized for literal use only, since there is no dictionary yet
41 + prior to that byte.
42 +
43 + Lengths are always encoded on a variable size starting with a small number
44 + of bits in the operand. If the number of bits isn't enough to represent the
45 + length, up to 255 may be added in increments by consuming more bytes with a
46 + rate of at most 255 per extra byte (thus the compression ratio cannot exceed
47 + around 255:1). The variable length encoding using #bits is always the same :
48 +
49 + length = byte & ((1 << #bits) - 1)
50 + if (!length) {
51 + length = ((1 << #bits) - 1)
52 + length += 255*(number of zero bytes)
53 + length += first-non-zero-byte
54 + }
55 + length += constant (generally 2 or 3)
56 +
57 + For references to the dictionary, distances are relative to the output
58 + pointer. Distances are encoded using very few bits belonging to certain
59 + ranges, resulting in multiple copy instructions using different encodings.
60 + Certain encodings involve one extra byte, others involve two extra bytes
61 + forming a little-endian 16-bit quantity (marked LE16 below).
62 +
63 + After any instruction except the large literal copy, 0, 1, 2 or 3 literals
64 + are copied before starting the next instruction. The number of literals that
65 + were copied may change the meaning and behaviour of the next instruction. In
66 + practice, only one instruction needs to know whether 0, less than 4, or more
67 + literals were copied. This is the information stored in the <state> variable
68 + in this implementation. This number of immediate literals to be copied is
69 + generally encoded in the last two bits of the instruction but may also be
70 + taken from the last two bits of an extra operand (eg: distance).
71 +
72 + End of stream is declared when a block copy of distance 0 is seen. Only one
73 + instruction may encode this distance (0001HLLL), it takes one LE16 operand
74 + for the distance, thus requiring 3 bytes.
75 +
76 + IMPORTANT NOTE : in the code some length checks are missing because certain
77 + instructions are called under the assumption that a certain number of bytes
78 + follow because it has already been garanteed before parsing the instructions.
79 + They just have to "refill" this credit if they consume extra bytes. This is
80 + an implementation design choice independant on the algorithm or encoding.
81 +
82 +Byte sequences
83 +
84 + First byte encoding :
85 +
86 + 0..17 : follow regular instruction encoding, see below. It is worth
87 + noting that codes 16 and 17 will represent a block copy from
88 + the dictionary which is empty, and that they will always be
89 + invalid at this place.
90 +
91 + 18..21 : copy 0..3 literals
92 + state = (byte - 17) = 0..3 [ copy <state> literals ]
93 + skip byte
94 +
95 + 22..255 : copy literal string
96 + length = (byte - 17) = 4..238
97 + state = 4 [ don't copy extra literals ]
98 + skip byte
99 +
100 + Instruction encoding :
101 +
102 + 0 0 0 0 X X X X (0..15)
103 + Depends on the number of literals copied by the last instruction.
104 + If last instruction did not copy any literal (state == 0), this
105 + encoding will be a copy of 4 or more literal, and must be interpreted
106 + like this :
107 +
108 + 0 0 0 0 L L L L (0..15) : copy long literal string
109 + length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte)
110 + state = 4 (no extra literals are copied)
111 +
112 + If last instruction used to copy between 1 to 3 literals (encoded in
113 + the instruction's opcode or distance), the instruction is a copy of a
114 + 2-byte block from the dictionary within a 1kB distance. It is worth
115 + noting that this instruction provides little savings since it uses 2
116 + bytes to encode a copy of 2 other bytes but it encodes the number of
117 + following literals for free. It must be interpreted like this :
118 +
119 + 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance
120 + length = 2
121 + state = S (copy S literals after this block)
122 + Always followed by exactly one byte : H H H H H H H H
123 + distance = (H << 2) + D + 1
124 +
125 + If last instruction used to copy 4 or more literals (as detected by
126 + state == 4), the instruction becomes a copy of a 3-byte block from the
127 + dictionary from a 2..3kB distance, and must be interpreted like this :
128 +
129 + 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance
130 + length = 3
131 + state = S (copy S literals after this block)
132 + Always followed by exactly one byte : H H H H H H H H
133 + distance = (H << 2) + D + 2049
134 +
135 + 0 0 0 1 H L L L (16..31)
136 + Copy of a block within 16..48kB distance (preferably less than 10B)
137 + length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte)
138 + Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
139 + distance = 16384 + (H << 14) + D
140 + state = S (copy S literals after this block)
141 + End of stream is reached if distance == 16384
142 +
143 + 0 0 1 L L L L L (32..63)
144 + Copy of small block within 16kB distance (preferably less than 34B)
145 + length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte)
146 + Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
147 + distance = D + 1
148 + state = S (copy S literals after this block)
149 +
150 + 0 1 L D D D S S (64..127)
151 + Copy 3-4 bytes from block within 2kB distance
152 + state = S (copy S literals after this block)
153 + length = 3 + L
154 + Always followed by exactly one byte : H H H H H H H H
155 + distance = (H << 3) + D + 1
156 +
157 + 1 L L D D D S S (128..255)
158 + Copy 5-8 bytes from block within 2kB distance
159 + state = S (copy S literals after this block)
160 + length = 5 + L
161 + Always followed by exactly one byte : H H H H H H H H
162 + distance = (H << 3) + D + 1
163 +
164 +Authors
165 +
166 + This document was written by Willy Tarreau <w@1wt.eu> on 2014/07/19 during an
167 + analysis of the decompression code available in Linux 3.16-rc5. The code is
168 + tricky, it is possible that this document contains mistakes or that a few
169 + corner cases were overlooked. In any case, please report any doubt, fix, or
170 + proposed updates to the author(s) so that the document can be updated.
171 diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
172 index 290894176142..53838d9c6295 100644
173 --- a/Documentation/virtual/kvm/mmu.txt
174 +++ b/Documentation/virtual/kvm/mmu.txt
175 @@ -425,6 +425,20 @@ fault through the slow path.
176 Since only 19 bits are used to store generation-number on mmio spte, all
177 pages are zapped when there is an overflow.
178
179 +Unfortunately, a single memory access might access kvm_memslots(kvm) multiple
180 +times, the last one happening when the generation number is retrieved and
181 +stored into the MMIO spte. Thus, the MMIO spte might be created based on
182 +out-of-date information, but with an up-to-date generation number.
183 +
184 +To avoid this, the generation number is incremented again after synchronize_srcu
185 +returns; thus, the low bit of kvm_memslots(kvm)->generation is only 1 during a
186 +memslot update, while some SRCU readers might be using the old copy. We do not
187 +want to use an MMIO sptes created with an odd generation number, and we can do
188 +this without losing a bit in the MMIO spte. The low bit of the generation
189 +is not stored in MMIO spte, and presumed zero when it is extracted out of the
190 +spte. If KVM is unlucky and creates an MMIO spte while the low bit is 1,
191 +the next access to the spte will always be a cache miss.
192 +
193
194 Further reading
195 ===============
196 diff --git a/Makefile b/Makefile
197 index 46694098725d..390afde6538e 100644
198 --- a/Makefile
199 +++ b/Makefile
200 @@ -1,6 +1,6 @@
201 VERSION = 3
202 PATCHLEVEL = 17
203 -SUBLEVEL = 1
204 +SUBLEVEL = 2
205 EXTRAVERSION =
206 NAME = Shuffling Zombie Juror
207
208 diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
209 index b8c5cd3ddeb9..e6aa6e77a3ec 100644
210 --- a/arch/arm/boot/dts/Makefile
211 +++ b/arch/arm/boot/dts/Makefile
212 @@ -144,8 +144,8 @@ dtb-$(CONFIG_MACH_KIRKWOOD) += kirkwood-b3.dtb \
213 kirkwood-openrd-client.dtb \
214 kirkwood-openrd-ultimate.dtb \
215 kirkwood-rd88f6192.dtb \
216 - kirkwood-rd88f6281-a0.dtb \
217 - kirkwood-rd88f6281-a1.dtb \
218 + kirkwood-rd88f6281-z0.dtb \
219 + kirkwood-rd88f6281-a.dtb \
220 kirkwood-rs212.dtb \
221 kirkwood-rs409.dtb \
222 kirkwood-rs411.dtb \
223 diff --git a/arch/arm/boot/dts/armada-370-netgear-rn102.dts b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
224 index d6d572e5af32..285524fb915e 100644
225 --- a/arch/arm/boot/dts/armada-370-netgear-rn102.dts
226 +++ b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
227 @@ -143,6 +143,10 @@
228 marvell,nand-enable-arbiter;
229 nand-on-flash-bbt;
230
231 + /* Use Hardware BCH ECC */
232 + nand-ecc-strength = <4>;
233 + nand-ecc-step-size = <512>;
234 +
235 partition@0 {
236 label = "u-boot";
237 reg = <0x0000000 0x180000>; /* 1.5MB */
238 diff --git a/arch/arm/boot/dts/armada-370-netgear-rn104.dts b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
239 index c5fe8b5dcdc7..4ec1ce561d34 100644
240 --- a/arch/arm/boot/dts/armada-370-netgear-rn104.dts
241 +++ b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
242 @@ -145,6 +145,10 @@
243 marvell,nand-enable-arbiter;
244 nand-on-flash-bbt;
245
246 + /* Use Hardware BCH ECC */
247 + nand-ecc-strength = <4>;
248 + nand-ecc-step-size = <512>;
249 +
250 partition@0 {
251 label = "u-boot";
252 reg = <0x0000000 0x180000>; /* 1.5MB */
253 diff --git a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
254 index 0cf999abc4ed..c5ed85a70ed9 100644
255 --- a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
256 +++ b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
257 @@ -223,6 +223,10 @@
258 marvell,nand-enable-arbiter;
259 nand-on-flash-bbt;
260
261 + /* Use Hardware BCH ECC */
262 + nand-ecc-strength = <4>;
263 + nand-ecc-step-size = <512>;
264 +
265 partition@0 {
266 label = "u-boot";
267 reg = <0x0000000 0x180000>; /* 1.5MB */
268 diff --git a/arch/arm/boot/dts/at91sam9263.dtsi b/arch/arm/boot/dts/at91sam9263.dtsi
269 index bb23c2d33cf8..5e95a8053445 100644
270 --- a/arch/arm/boot/dts/at91sam9263.dtsi
271 +++ b/arch/arm/boot/dts/at91sam9263.dtsi
272 @@ -834,6 +834,7 @@
273 compatible = "atmel,hsmci";
274 reg = <0xfff80000 0x600>;
275 interrupts = <10 IRQ_TYPE_LEVEL_HIGH 0>;
276 + pinctrl-names = "default";
277 #address-cells = <1>;
278 #size-cells = <0>;
279 clocks = <&mci0_clk>;
280 @@ -845,6 +846,7 @@
281 compatible = "atmel,hsmci";
282 reg = <0xfff84000 0x600>;
283 interrupts = <11 IRQ_TYPE_LEVEL_HIGH 0>;
284 + pinctrl-names = "default";
285 #address-cells = <1>;
286 #size-cells = <0>;
287 clocks = <&mci1_clk>;
288 diff --git a/arch/arm/boot/dts/imx28-evk.dts b/arch/arm/boot/dts/imx28-evk.dts
289 index e4cc44c98585..41a983405e7d 100644
290 --- a/arch/arm/boot/dts/imx28-evk.dts
291 +++ b/arch/arm/boot/dts/imx28-evk.dts
292 @@ -193,7 +193,6 @@
293 i2c0: i2c@80058000 {
294 pinctrl-names = "default";
295 pinctrl-0 = <&i2c0_pins_a>;
296 - clock-frequency = <400000>;
297 status = "okay";
298
299 sgtl5000: codec@0a {
300 diff --git a/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts b/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
301 index 8f76d28759a3..f82827d6fcff 100644
302 --- a/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
303 +++ b/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
304 @@ -123,11 +123,11 @@
305
306 dsa@0 {
307 compatible = "marvell,dsa";
308 - #address-cells = <2>;
309 + #address-cells = <1>;
310 #size-cells = <0>;
311
312 - dsa,ethernet = <&eth0>;
313 - dsa,mii-bus = <&ethphy0>;
314 + dsa,ethernet = <&eth0port>;
315 + dsa,mii-bus = <&mdio>;
316
317 switch@0 {
318 #address-cells = <1>;
319 @@ -169,17 +169,13 @@
320
321 &mdio {
322 status = "okay";
323 -
324 - ethphy0: ethernet-phy@ff {
325 - reg = <0xff>; /* No phy attached */
326 - speed = <1000>;
327 - duplex = <1>;
328 - };
329 };
330
331 &eth0 {
332 status = "okay";
333 +
334 ethernet0-port@0 {
335 - phy-handle = <&ethphy0>;
336 + speed = <1000>;
337 + duplex = <1>;
338 };
339 };
340 diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts
341 new file mode 100644
342 index 000000000000..f2e08b3b33ea
343 --- /dev/null
344 +++ b/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts
345 @@ -0,0 +1,43 @@
346 +/*
347 + * Marvell RD88F6181 A Board descrition
348 + *
349 + * Andrew Lunn <andrew@lunn.ch>
350 + *
351 + * This file is licensed under the terms of the GNU General Public
352 + * License version 2. This program is licensed "as is" without any
353 + * warranty of any kind, whether express or implied.
354 + *
355 + * This file contains the definitions for the board with the A0 or
356 + * higher stepping of the SoC. The ethernet switch does not have a
357 + * "wan" port.
358 + */
359 +
360 +/dts-v1/;
361 +#include "kirkwood-rd88f6281.dtsi"
362 +
363 +/ {
364 + model = "Marvell RD88f6281 Reference design, with A0 or higher SoC";
365 + compatible = "marvell,rd88f6281-a", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
366 +
367 + dsa@0 {
368 + switch@0 {
369 + reg = <10 0>; /* MDIO address 10, switch 0 in tree */
370 + };
371 + };
372 +};
373 +
374 +&mdio {
375 + status = "okay";
376 +
377 + ethphy1: ethernet-phy@11 {
378 + reg = <11>;
379 + };
380 +};
381 +
382 +&eth1 {
383 + status = "okay";
384 +
385 + ethernet1-port@0 {
386 + phy-handle = <&ethphy1>;
387 + };
388 +};
389 diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts
390 deleted file mode 100644
391 index a803bbb70bc8..000000000000
392 --- a/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts
393 +++ /dev/null
394 @@ -1,26 +0,0 @@
395 -/*
396 - * Marvell RD88F6181 A0 Board descrition
397 - *
398 - * Andrew Lunn <andrew@lunn.ch>
399 - *
400 - * This file is licensed under the terms of the GNU General Public
401 - * License version 2. This program is licensed "as is" without any
402 - * warranty of any kind, whether express or implied.
403 - *
404 - * This file contains the definitions for the board with the A0 variant of
405 - * the SoC. The ethernet switch does not have a "wan" port.
406 - */
407 -
408 -/dts-v1/;
409 -#include "kirkwood-rd88f6281.dtsi"
410 -
411 -/ {
412 - model = "Marvell RD88f6281 Reference design, with A0 SoC";
413 - compatible = "marvell,rd88f6281-a0", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
414 -
415 - dsa@0 {
416 - switch@0 {
417 - reg = <10 0>; /* MDIO address 10, switch 0 in tree */
418 - };
419 - };
420 -};
421 \ No newline at end of file
422 diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts
423 deleted file mode 100644
424 index baeebbf1d8c7..000000000000
425 --- a/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts
426 +++ /dev/null
427 @@ -1,31 +0,0 @@
428 -/*
429 - * Marvell RD88F6181 A1 Board descrition
430 - *
431 - * Andrew Lunn <andrew@lunn.ch>
432 - *
433 - * This file is licensed under the terms of the GNU General Public
434 - * License version 2. This program is licensed "as is" without any
435 - * warranty of any kind, whether express or implied.
436 - *
437 - * This file contains the definitions for the board with the A1 variant of
438 - * the SoC. The ethernet switch has a "wan" port.
439 - */
440 -
441 -/dts-v1/;
442 -
443 -#include "kirkwood-rd88f6281.dtsi"
444 -
445 -/ {
446 - model = "Marvell RD88f6281 Reference design, with A1 SoC";
447 - compatible = "marvell,rd88f6281-a1", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
448 -
449 - dsa@0 {
450 - switch@0 {
451 - reg = <0 0>; /* MDIO address 0, switch 0 in tree */
452 - port@4 {
453 - reg = <4>;
454 - label = "wan";
455 - };
456 - };
457 - };
458 -};
459 \ No newline at end of file
460 diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts
461 new file mode 100644
462 index 000000000000..f4272b64ed7f
463 --- /dev/null
464 +++ b/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts
465 @@ -0,0 +1,35 @@
466 +/*
467 + * Marvell RD88F6181 Z0 stepping descrition
468 + *
469 + * Andrew Lunn <andrew@lunn.ch>
470 + *
471 + * This file is licensed under the terms of the GNU General Public
472 + * License version 2. This program is licensed "as is" without any
473 + * warranty of any kind, whether express or implied.
474 + *
475 + * This file contains the definitions for the board using the Z0
476 + * stepping of the SoC. The ethernet switch has a "wan" port.
477 +*/
478 +
479 +/dts-v1/;
480 +
481 +#include "kirkwood-rd88f6281.dtsi"
482 +
483 +/ {
484 + model = "Marvell RD88f6281 Reference design, with Z0 SoC";
485 + compatible = "marvell,rd88f6281-z0", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
486 +
487 + dsa@0 {
488 + switch@0 {
489 + reg = <0 0>; /* MDIO address 0, switch 0 in tree */
490 + port@4 {
491 + reg = <4>;
492 + label = "wan";
493 + };
494 + };
495 + };
496 +};
497 +
498 +&eth1 {
499 + status = "disabled";
500 +};
501 diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi b/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
502 index 26cf0e0ccefd..d195e884b3b5 100644
503 --- a/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
504 +++ b/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
505 @@ -37,7 +37,6 @@
506
507 ocp@f1000000 {
508 pinctrl: pin-controller@10000 {
509 - pinctrl-0 = <&pmx_sdio_cd>;
510 pinctrl-names = "default";
511
512 pmx_sdio_cd: pmx-sdio-cd {
513 @@ -69,8 +68,8 @@
514 #address-cells = <2>;
515 #size-cells = <0>;
516
517 - dsa,ethernet = <&eth0>;
518 - dsa,mii-bus = <&ethphy1>;
519 + dsa,ethernet = <&eth0port>;
520 + dsa,mii-bus = <&mdio>;
521
522 switch@0 {
523 #address-cells = <1>;
524 @@ -119,35 +118,19 @@
525 };
526
527 partition@300000 {
528 - label = "data";
529 + label = "rootfs";
530 reg = <0x0300000 0x500000>;
531 };
532 };
533
534 &mdio {
535 status = "okay";
536 -
537 - ethphy0: ethernet-phy@0 {
538 - reg = <0>;
539 - };
540 -
541 - ethphy1: ethernet-phy@ff {
542 - reg = <0xff>; /* No PHY attached */
543 - speed = <1000>;
544 - duple = <1>;
545 - };
546 };
547
548 &eth0 {
549 status = "okay";
550 ethernet0-port@0 {
551 - phy-handle = <&ethphy0>;
552 - };
553 -};
554 -
555 -&eth1 {
556 - status = "okay";
557 - ethernet1-port@0 {
558 - phy-handle = <&ethphy1>;
559 + speed = <1000>;
560 + duplex = <1>;
561 };
562 };
563 diff --git a/arch/arm/boot/dts/kirkwood.dtsi b/arch/arm/boot/dts/kirkwood.dtsi
564 index afc640cd80c5..464f09a1a4a5 100644
565 --- a/arch/arm/boot/dts/kirkwood.dtsi
566 +++ b/arch/arm/boot/dts/kirkwood.dtsi
567 @@ -309,7 +309,7 @@
568 marvell,tx-checksum-limit = <1600>;
569 status = "disabled";
570
571 - ethernet0-port@0 {
572 + eth0port: ethernet0-port@0 {
573 compatible = "marvell,kirkwood-eth-port";
574 reg = <0>;
575 interrupts = <11>;
576 @@ -342,7 +342,7 @@
577 pinctrl-names = "default";
578 status = "disabled";
579
580 - ethernet1-port@0 {
581 + eth1port: ethernet1-port@0 {
582 compatible = "marvell,kirkwood-eth-port";
583 reg = <0>;
584 interrupts = <15>;
585 diff --git a/arch/arm/boot/dts/sama5d3_can.dtsi b/arch/arm/boot/dts/sama5d3_can.dtsi
586 index a0775851cce5..eaf41451ad0c 100644
587 --- a/arch/arm/boot/dts/sama5d3_can.dtsi
588 +++ b/arch/arm/boot/dts/sama5d3_can.dtsi
589 @@ -40,7 +40,7 @@
590 atmel,clk-output-range = <0 66000000>;
591 };
592
593 - can1_clk: can0_clk {
594 + can1_clk: can1_clk {
595 #clock-cells = <0>;
596 reg = <41>;
597 atmel,clk-output-range = <0 66000000>;
598 diff --git a/arch/arm/mach-at91/clock.c b/arch/arm/mach-at91/clock.c
599 index 034529d801b2..d66f102c352a 100644
600 --- a/arch/arm/mach-at91/clock.c
601 +++ b/arch/arm/mach-at91/clock.c
602 @@ -962,6 +962,7 @@ static int __init at91_clock_reset(void)
603 }
604
605 at91_pmc_write(AT91_PMC_SCDR, scdr);
606 + at91_pmc_write(AT91_PMC_PCDR, pcdr);
607 if (cpu_is_sama5d3())
608 at91_pmc_write(AT91_PMC_PCDR1, pcdr1);
609
610 diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h
611 index 253e33bc94fb..56de5aadede2 100644
612 --- a/arch/arm64/include/asm/compat.h
613 +++ b/arch/arm64/include/asm/compat.h
614 @@ -37,8 +37,8 @@ typedef s32 compat_ssize_t;
615 typedef s32 compat_time_t;
616 typedef s32 compat_clock_t;
617 typedef s32 compat_pid_t;
618 -typedef u32 __compat_uid_t;
619 -typedef u32 __compat_gid_t;
620 +typedef u16 __compat_uid_t;
621 +typedef u16 __compat_gid_t;
622 typedef u16 __compat_uid16_t;
623 typedef u16 __compat_gid16_t;
624 typedef u32 __compat_uid32_t;
625 diff --git a/arch/arm64/include/asm/irq_work.h b/arch/arm64/include/asm/irq_work.h
626 index 8e24ef3f7c82..b4f6b19a8a68 100644
627 --- a/arch/arm64/include/asm/irq_work.h
628 +++ b/arch/arm64/include/asm/irq_work.h
629 @@ -1,6 +1,8 @@
630 #ifndef __ASM_IRQ_WORK_H
631 #define __ASM_IRQ_WORK_H
632
633 +#ifdef CONFIG_SMP
634 +
635 #include <asm/smp.h>
636
637 static inline bool arch_irq_work_has_interrupt(void)
638 @@ -8,4 +10,13 @@ static inline bool arch_irq_work_has_interrupt(void)
639 return !!__smp_cross_call;
640 }
641
642 +#else
643 +
644 +static inline bool arch_irq_work_has_interrupt(void)
645 +{
646 + return false;
647 +}
648 +
649 +#endif
650 +
651 #endif /* __ASM_IRQ_WORK_H */
652 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
653 index f0b5e5120a87..726b910fe6ec 100644
654 --- a/arch/arm64/kernel/entry.S
655 +++ b/arch/arm64/kernel/entry.S
656 @@ -324,7 +324,6 @@ el1_dbg:
657 mrs x0, far_el1
658 mov x2, sp // struct pt_regs
659 bl do_debug_exception
660 - enable_dbg
661 kernel_exit 1
662 el1_inv:
663 // TODO: add support for undefined instructions in kernel mode
664 diff --git a/arch/m68k/mm/hwtest.c b/arch/m68k/mm/hwtest.c
665 index 2c7dde3c6430..2a5259fd23eb 100644
666 --- a/arch/m68k/mm/hwtest.c
667 +++ b/arch/m68k/mm/hwtest.c
668 @@ -28,9 +28,11 @@
669 int hwreg_present( volatile void *regp )
670 {
671 int ret = 0;
672 + unsigned long flags;
673 long save_sp, save_vbr;
674 long tmp_vectors[3];
675
676 + local_irq_save(flags);
677 __asm__ __volatile__
678 ( "movec %/vbr,%2\n\t"
679 "movel #Lberr1,%4@(8)\n\t"
680 @@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
681 : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
682 : "a" (regp), "a" (tmp_vectors)
683 );
684 + local_irq_restore(flags);
685
686 return( ret );
687 }
688 @@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
689 int hwreg_write( volatile void *regp, unsigned short val )
690 {
691 int ret;
692 + unsigned long flags;
693 long save_sp, save_vbr;
694 long tmp_vectors[3];
695
696 + local_irq_save(flags);
697 __asm__ __volatile__
698 ( "movec %/vbr,%2\n\t"
699 "movel #Lberr2,%4@(8)\n\t"
700 @@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, unsigned short val )
701 : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
702 : "a" (regp), "a" (tmp_vectors), "g" (val)
703 );
704 + local_irq_restore(flags);
705
706 return( ret );
707 }
708 diff --git a/arch/powerpc/kernel/eeh_pe.c b/arch/powerpc/kernel/eeh_pe.c
709 index 00e3844525a6..eef08f0bca73 100644
710 --- a/arch/powerpc/kernel/eeh_pe.c
711 +++ b/arch/powerpc/kernel/eeh_pe.c
712 @@ -584,6 +584,8 @@ static void *__eeh_pe_state_clear(void *data, void *flag)
713 {
714 struct eeh_pe *pe = (struct eeh_pe *)data;
715 int state = *((int *)flag);
716 + struct eeh_dev *edev, *tmp;
717 + struct pci_dev *pdev;
718
719 /* Keep the state of permanently removed PE intact */
720 if ((pe->freeze_count > EEH_MAX_ALLOWED_FREEZES) &&
721 @@ -592,9 +594,22 @@ static void *__eeh_pe_state_clear(void *data, void *flag)
722
723 pe->state &= ~state;
724
725 - /* Clear check count since last isolation */
726 - if (state & EEH_PE_ISOLATED)
727 - pe->check_count = 0;
728 + /*
729 + * Special treatment on clearing isolated state. Clear
730 + * check count since last isolation and put all affected
731 + * devices to normal state.
732 + */
733 + if (!(state & EEH_PE_ISOLATED))
734 + return NULL;
735 +
736 + pe->check_count = 0;
737 + eeh_pe_for_each_dev(pe, edev, tmp) {
738 + pdev = eeh_dev_to_pci_dev(edev);
739 + if (!pdev)
740 + continue;
741 +
742 + pdev->error_state = pci_channel_io_normal;
743 + }
744
745 return NULL;
746 }
747 diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c
748 index a0738af4aba6..dc0e7744d2a8 100644
749 --- a/arch/powerpc/kernel/smp.c
750 +++ b/arch/powerpc/kernel/smp.c
751 @@ -379,8 +379,11 @@ void __init smp_prepare_cpus(unsigned int max_cpus)
752 /*
753 * numa_node_id() works after this.
754 */
755 - set_cpu_numa_node(cpu, numa_cpu_lookup_table[cpu]);
756 - set_cpu_numa_mem(cpu, local_memory_node(numa_cpu_lookup_table[cpu]));
757 + if (cpu_present(cpu)) {
758 + set_cpu_numa_node(cpu, numa_cpu_lookup_table[cpu]);
759 + set_cpu_numa_mem(cpu,
760 + local_memory_node(numa_cpu_lookup_table[cpu]));
761 + }
762 }
763
764 cpumask_set_cpu(boot_cpuid, cpu_sibling_mask(boot_cpuid));
765 @@ -728,6 +731,9 @@ void start_secondary(void *unused)
766 }
767 traverse_core_siblings(cpu, true);
768
769 + set_numa_node(numa_cpu_lookup_table[cpu]);
770 + set_numa_mem(local_memory_node(numa_cpu_lookup_table[cpu]));
771 +
772 smp_wmb();
773 notify_cpu_starting(cpu);
774 set_cpu_online(cpu, true);
775 diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
776 index d7737a542fd7..3a9061e9f5dd 100644
777 --- a/arch/powerpc/mm/numa.c
778 +++ b/arch/powerpc/mm/numa.c
779 @@ -1127,9 +1127,8 @@ void __init do_init_bootmem(void)
780 * even before we online them, so that we can use cpu_to_{node,mem}
781 * early in boot, cf. smp_prepare_cpus().
782 */
783 - for_each_possible_cpu(cpu) {
784 - cpu_numa_callback(&ppc64_numa_nb, CPU_UP_PREPARE,
785 - (void *)(unsigned long)cpu);
786 + for_each_present_cpu(cpu) {
787 + numa_setup_cpu((unsigned long)cpu);
788 }
789 }
790
791 diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
792 index 4642d6a4d356..de1ec54a2a57 100644
793 --- a/arch/powerpc/platforms/pseries/iommu.c
794 +++ b/arch/powerpc/platforms/pseries/iommu.c
795 @@ -329,16 +329,16 @@ struct direct_window {
796
797 /* Dynamic DMA Window support */
798 struct ddw_query_response {
799 - __be32 windows_available;
800 - __be32 largest_available_block;
801 - __be32 page_size;
802 - __be32 migration_capable;
803 + u32 windows_available;
804 + u32 largest_available_block;
805 + u32 page_size;
806 + u32 migration_capable;
807 };
808
809 struct ddw_create_response {
810 - __be32 liobn;
811 - __be32 addr_hi;
812 - __be32 addr_lo;
813 + u32 liobn;
814 + u32 addr_hi;
815 + u32 addr_lo;
816 };
817
818 static LIST_HEAD(direct_window_list);
819 @@ -725,16 +725,18 @@ static void remove_ddw(struct device_node *np, bool remove_prop)
820 {
821 struct dynamic_dma_window_prop *dwp;
822 struct property *win64;
823 - const u32 *ddw_avail;
824 + u32 ddw_avail[3];
825 u64 liobn;
826 - int len, ret = 0;
827 + int ret = 0;
828 +
829 + ret = of_property_read_u32_array(np, "ibm,ddw-applicable",
830 + &ddw_avail[0], 3);
831
832 - ddw_avail = of_get_property(np, "ibm,ddw-applicable", &len);
833 win64 = of_find_property(np, DIRECT64_PROPNAME, NULL);
834 if (!win64)
835 return;
836
837 - if (!ddw_avail || len < 3 * sizeof(u32) || win64->length < sizeof(*dwp))
838 + if (ret || win64->length < sizeof(*dwp))
839 goto delprop;
840
841 dwp = win64->value;
842 @@ -872,8 +874,9 @@ static int create_ddw(struct pci_dev *dev, const u32 *ddw_avail,
843
844 do {
845 /* extra outputs are LIOBN and dma-addr (hi, lo) */
846 - ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, cfg_addr,
847 - BUID_HI(buid), BUID_LO(buid), page_shift, window_shift);
848 + ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create,
849 + cfg_addr, BUID_HI(buid), BUID_LO(buid),
850 + page_shift, window_shift);
851 } while (rtas_busy_delay(ret));
852 dev_info(&dev->dev,
853 "ibm,create-pe-dma-window(%x) %x %x %x %x %x returned %d "
854 @@ -910,7 +913,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
855 int page_shift;
856 u64 dma_addr, max_addr;
857 struct device_node *dn;
858 - const u32 *uninitialized_var(ddw_avail);
859 + u32 ddw_avail[3];
860 struct direct_window *window;
861 struct property *win64;
862 struct dynamic_dma_window_prop *ddwprop;
863 @@ -942,8 +945,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
864 * for the given node in that order.
865 * the property is actually in the parent, not the PE
866 */
867 - ddw_avail = of_get_property(pdn, "ibm,ddw-applicable", &len);
868 - if (!ddw_avail || len < 3 * sizeof(u32))
869 + ret = of_property_read_u32_array(pdn, "ibm,ddw-applicable",
870 + &ddw_avail[0], 3);
871 + if (ret)
872 goto out_failed;
873
874 /*
875 @@ -966,11 +970,11 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
876 dev_dbg(&dev->dev, "no free dynamic windows");
877 goto out_failed;
878 }
879 - if (be32_to_cpu(query.page_size) & 4) {
880 + if (query.page_size & 4) {
881 page_shift = 24; /* 16MB */
882 - } else if (be32_to_cpu(query.page_size) & 2) {
883 + } else if (query.page_size & 2) {
884 page_shift = 16; /* 64kB */
885 - } else if (be32_to_cpu(query.page_size) & 1) {
886 + } else if (query.page_size & 1) {
887 page_shift = 12; /* 4kB */
888 } else {
889 dev_dbg(&dev->dev, "no supported direct page size in mask %x",
890 @@ -980,7 +984,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
891 /* verify the window * number of ptes will map the partition */
892 /* check largest block * page size > max memory hotplug addr */
893 max_addr = memory_hotplug_max();
894 - if (be32_to_cpu(query.largest_available_block) < (max_addr >> page_shift)) {
895 + if (query.largest_available_block < (max_addr >> page_shift)) {
896 dev_dbg(&dev->dev, "can't map partiton max 0x%llx with %u "
897 "%llu-sized pages\n", max_addr, query.largest_available_block,
898 1ULL << page_shift);
899 @@ -1006,8 +1010,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
900 if (ret != 0)
901 goto out_free_prop;
902
903 - ddwprop->liobn = create.liobn;
904 - ddwprop->dma_base = cpu_to_be64(of_read_number(&create.addr_hi, 2));
905 + ddwprop->liobn = cpu_to_be32(create.liobn);
906 + ddwprop->dma_base = cpu_to_be64(((u64)create.addr_hi << 32) |
907 + create.addr_lo);
908 ddwprop->tce_shift = cpu_to_be32(page_shift);
909 ddwprop->window_shift = cpu_to_be32(len);
910
911 @@ -1039,7 +1044,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
912 list_add(&window->list, &direct_window_list);
913 spin_unlock(&direct_window_list_lock);
914
915 - dma_addr = of_read_number(&create.addr_hi, 2);
916 + dma_addr = be64_to_cpu(ddwprop->dma_base);
917 goto out_unlock;
918
919 out_free_window:
920 diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
921 index f4c819bfc193..fe482ec99bae 100644
922 --- a/arch/s390/kvm/interrupt.c
923 +++ b/arch/s390/kvm/interrupt.c
924 @@ -85,6 +85,7 @@ static int __interrupt_is_deliverable(struct kvm_vcpu *vcpu,
925 return 0;
926 if (vcpu->arch.sie_block->gcr[0] & 0x2000ul)
927 return 1;
928 + return 0;
929 case KVM_S390_INT_EMERGENCY:
930 if (psw_extint_disabled(vcpu))
931 return 0;
932 diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
933 index a537816613f9..96ac69c5eba0 100644
934 --- a/arch/sparc/Kconfig
935 +++ b/arch/sparc/Kconfig
936 @@ -67,6 +67,7 @@ config SPARC64
937 select HAVE_SYSCALL_TRACEPOINTS
938 select HAVE_CONTEXT_TRACKING
939 select HAVE_DEBUG_KMEMLEAK
940 + select SPARSE_IRQ
941 select RTC_DRV_CMOS
942 select RTC_DRV_BQ4802
943 select RTC_DRV_SUN4V
944 diff --git a/arch/sparc/include/asm/hypervisor.h b/arch/sparc/include/asm/hypervisor.h
945 index 94b39caea3eb..4f6725ff4c33 100644
946 --- a/arch/sparc/include/asm/hypervisor.h
947 +++ b/arch/sparc/include/asm/hypervisor.h
948 @@ -2947,6 +2947,16 @@ unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
949 unsigned long reg_val);
950 #endif
951
952 +#define HV_FAST_T5_GET_PERFREG 0x1a8
953 +#define HV_FAST_T5_SET_PERFREG 0x1a9
954 +
955 +#ifndef __ASSEMBLY__
956 +unsigned long sun4v_t5_get_perfreg(unsigned long reg_num,
957 + unsigned long *reg_val);
958 +unsigned long sun4v_t5_set_perfreg(unsigned long reg_num,
959 + unsigned long reg_val);
960 +#endif
961 +
962 /* Function numbers for HV_CORE_TRAP. */
963 #define HV_CORE_SET_VER 0x00
964 #define HV_CORE_PUTCHAR 0x01
965 @@ -2978,6 +2988,7 @@ unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
966 #define HV_GRP_VF_CPU 0x0205
967 #define HV_GRP_KT_CPU 0x0209
968 #define HV_GRP_VT_CPU 0x020c
969 +#define HV_GRP_T5_CPU 0x0211
970 #define HV_GRP_DIAG 0x0300
971
972 #ifndef __ASSEMBLY__
973 diff --git a/arch/sparc/include/asm/irq_64.h b/arch/sparc/include/asm/irq_64.h
974 index 91d219381306..3f70f900e834 100644
975 --- a/arch/sparc/include/asm/irq_64.h
976 +++ b/arch/sparc/include/asm/irq_64.h
977 @@ -37,7 +37,7 @@
978 *
979 * ino_bucket->irq allocation is made during {sun4v_,}build_irq().
980 */
981 -#define NR_IRQS 255
982 +#define NR_IRQS (2048)
983
984 void irq_install_pre_handler(int irq,
985 void (*func)(unsigned int, void *, void *),
986 @@ -57,11 +57,8 @@ unsigned int sun4u_build_msi(u32 portid, unsigned int *irq_p,
987 unsigned long iclr_base);
988 void sun4u_destroy_msi(unsigned int irq);
989
990 -unsigned char irq_alloc(unsigned int dev_handle,
991 - unsigned int dev_ino);
992 -#ifdef CONFIG_PCI_MSI
993 +unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino);
994 void irq_free(unsigned int irq);
995 -#endif
996
997 void __init init_IRQ(void);
998 void fixup_irqs(void);
999 diff --git a/arch/sparc/include/asm/ldc.h b/arch/sparc/include/asm/ldc.h
1000 index c8c67f621f4f..58ab64de25d2 100644
1001 --- a/arch/sparc/include/asm/ldc.h
1002 +++ b/arch/sparc/include/asm/ldc.h
1003 @@ -53,13 +53,14 @@ struct ldc_channel;
1004 /* Allocate state for a channel. */
1005 struct ldc_channel *ldc_alloc(unsigned long id,
1006 const struct ldc_channel_config *cfgp,
1007 - void *event_arg);
1008 + void *event_arg,
1009 + const char *name);
1010
1011 /* Shut down and free state for a channel. */
1012 void ldc_free(struct ldc_channel *lp);
1013
1014 /* Register TX and RX queues of the link with the hypervisor. */
1015 -int ldc_bind(struct ldc_channel *lp, const char *name);
1016 +int ldc_bind(struct ldc_channel *lp);
1017
1018 /* For non-RAW protocols we need to complete a handshake before
1019 * communication can proceed. ldc_connect() does that, if the
1020 diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
1021 index f34682430fcf..2e3a4add8591 100644
1022 --- a/arch/sparc/include/asm/oplib_64.h
1023 +++ b/arch/sparc/include/asm/oplib_64.h
1024 @@ -62,7 +62,8 @@ struct linux_mem_p1275 {
1025 /* You must call prom_init() before using any of the library services,
1026 * preferably as early as possible. Pass it the romvec pointer.
1027 */
1028 -void prom_init(void *cif_handler, void *cif_stack);
1029 +void prom_init(void *cif_handler);
1030 +void prom_init_report(void);
1031
1032 /* Boot argument acquisition, returns the boot command line string. */
1033 char *prom_getbootargs(void);
1034 diff --git a/arch/sparc/include/asm/page_64.h b/arch/sparc/include/asm/page_64.h
1035 index bf109984a032..8c2a8c937540 100644
1036 --- a/arch/sparc/include/asm/page_64.h
1037 +++ b/arch/sparc/include/asm/page_64.h
1038 @@ -57,18 +57,21 @@ void copy_user_page(void *to, void *from, unsigned long vaddr, struct page *topa
1039 typedef struct { unsigned long pte; } pte_t;
1040 typedef struct { unsigned long iopte; } iopte_t;
1041 typedef struct { unsigned long pmd; } pmd_t;
1042 +typedef struct { unsigned long pud; } pud_t;
1043 typedef struct { unsigned long pgd; } pgd_t;
1044 typedef struct { unsigned long pgprot; } pgprot_t;
1045
1046 #define pte_val(x) ((x).pte)
1047 #define iopte_val(x) ((x).iopte)
1048 #define pmd_val(x) ((x).pmd)
1049 +#define pud_val(x) ((x).pud)
1050 #define pgd_val(x) ((x).pgd)
1051 #define pgprot_val(x) ((x).pgprot)
1052
1053 #define __pte(x) ((pte_t) { (x) } )
1054 #define __iopte(x) ((iopte_t) { (x) } )
1055 #define __pmd(x) ((pmd_t) { (x) } )
1056 +#define __pud(x) ((pud_t) { (x) } )
1057 #define __pgd(x) ((pgd_t) { (x) } )
1058 #define __pgprot(x) ((pgprot_t) { (x) } )
1059
1060 @@ -77,18 +80,21 @@ typedef struct { unsigned long pgprot; } pgprot_t;
1061 typedef unsigned long pte_t;
1062 typedef unsigned long iopte_t;
1063 typedef unsigned long pmd_t;
1064 +typedef unsigned long pud_t;
1065 typedef unsigned long pgd_t;
1066 typedef unsigned long pgprot_t;
1067
1068 #define pte_val(x) (x)
1069 #define iopte_val(x) (x)
1070 #define pmd_val(x) (x)
1071 +#define pud_val(x) (x)
1072 #define pgd_val(x) (x)
1073 #define pgprot_val(x) (x)
1074
1075 #define __pte(x) (x)
1076 #define __iopte(x) (x)
1077 #define __pmd(x) (x)
1078 +#define __pud(x) (x)
1079 #define __pgd(x) (x)
1080 #define __pgprot(x) (x)
1081
1082 @@ -96,21 +102,14 @@ typedef unsigned long pgprot_t;
1083
1084 typedef pte_t *pgtable_t;
1085
1086 -/* These two values define the virtual address space range in which we
1087 - * must forbid 64-bit user processes from making mappings. It used to
1088 - * represent precisely the virtual address space hole present in most
1089 - * early sparc64 chips including UltraSPARC-I. But now it also is
1090 - * further constrained by the limits of our page tables, which is
1091 - * 43-bits of virtual address.
1092 - */
1093 -#define SPARC64_VA_HOLE_TOP _AC(0xfffffc0000000000,UL)
1094 -#define SPARC64_VA_HOLE_BOTTOM _AC(0x0000040000000000,UL)
1095 +extern unsigned long sparc64_va_hole_top;
1096 +extern unsigned long sparc64_va_hole_bottom;
1097
1098 /* The next two defines specify the actual exclusion region we
1099 * enforce, wherein we use a 4GB red zone on each side of the VA hole.
1100 */
1101 -#define VA_EXCLUDE_START (SPARC64_VA_HOLE_BOTTOM - (1UL << 32UL))
1102 -#define VA_EXCLUDE_END (SPARC64_VA_HOLE_TOP + (1UL << 32UL))
1103 +#define VA_EXCLUDE_START (sparc64_va_hole_bottom - (1UL << 32UL))
1104 +#define VA_EXCLUDE_END (sparc64_va_hole_top + (1UL << 32UL))
1105
1106 #define TASK_UNMAPPED_BASE (test_thread_flag(TIF_32BIT) ? \
1107 _AC(0x0000000070000000,UL) : \
1108 @@ -118,20 +117,16 @@ typedef pte_t *pgtable_t;
1109
1110 #include <asm-generic/memory_model.h>
1111
1112 -#define PAGE_OFFSET_BY_BITS(X) (-(_AC(1,UL) << (X)))
1113 extern unsigned long PAGE_OFFSET;
1114
1115 #endif /* !(__ASSEMBLY__) */
1116
1117 -/* The maximum number of physical memory address bits we support, this
1118 - * is used to size various tables used to manage kernel TLB misses and
1119 - * also the sparsemem code.
1120 +/* The maximum number of physical memory address bits we support. The
1121 + * largest value we can support is whatever "KPGD_SHIFT + KPTE_BITS"
1122 + * evaluates to.
1123 */
1124 -#define MAX_PHYS_ADDRESS_BITS 47
1125 +#define MAX_PHYS_ADDRESS_BITS 53
1126
1127 -/* These two shift counts are used when indexing sparc64_valid_addr_bitmap
1128 - * and kpte_linear_bitmap.
1129 - */
1130 #define ILOG2_4MB 22
1131 #define ILOG2_256MB 28
1132
1133 diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
1134 index 39a7ac49b00c..5e3187185b4a 100644
1135 --- a/arch/sparc/include/asm/pgalloc_64.h
1136 +++ b/arch/sparc/include/asm/pgalloc_64.h
1137 @@ -15,6 +15,13 @@
1138
1139 extern struct kmem_cache *pgtable_cache;
1140
1141 +static inline void __pgd_populate(pgd_t *pgd, pud_t *pud)
1142 +{
1143 + pgd_set(pgd, pud);
1144 +}
1145 +
1146 +#define pgd_populate(MM, PGD, PUD) __pgd_populate(PGD, PUD)
1147 +
1148 static inline pgd_t *pgd_alloc(struct mm_struct *mm)
1149 {
1150 return kmem_cache_alloc(pgtable_cache, GFP_KERNEL);
1151 @@ -25,7 +32,23 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
1152 kmem_cache_free(pgtable_cache, pgd);
1153 }
1154
1155 -#define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
1156 +static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
1157 +{
1158 + pud_set(pud, pmd);
1159 +}
1160 +
1161 +#define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
1162 +
1163 +static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
1164 +{
1165 + return kmem_cache_alloc(pgtable_cache,
1166 + GFP_KERNEL|__GFP_REPEAT);
1167 +}
1168 +
1169 +static inline void pud_free(struct mm_struct *mm, pud_t *pud)
1170 +{
1171 + kmem_cache_free(pgtable_cache, pud);
1172 +}
1173
1174 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
1175 {
1176 @@ -91,4 +114,7 @@ static inline void __pte_free_tlb(struct mmu_gather *tlb, pte_t *pte,
1177 #define __pmd_free_tlb(tlb, pmd, addr) \
1178 pgtable_free_tlb(tlb, pmd, false)
1179
1180 +#define __pud_free_tlb(tlb, pud, addr) \
1181 + pgtable_free_tlb(tlb, pud, false)
1182 +
1183 #endif /* _SPARC64_PGALLOC_H */
1184 diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
1185 index 3770bf5c6e1b..bfeb626085ac 100644
1186 --- a/arch/sparc/include/asm/pgtable_64.h
1187 +++ b/arch/sparc/include/asm/pgtable_64.h
1188 @@ -20,8 +20,6 @@
1189 #include <asm/page.h>
1190 #include <asm/processor.h>
1191
1192 -#include <asm-generic/pgtable-nopud.h>
1193 -
1194 /* The kernel image occupies 0x4000000 to 0x6000000 (4MB --> 96MB).
1195 * The page copy blockops can use 0x6000000 to 0x8000000.
1196 * The 8K TSB is mapped in the 0x8000000 to 0x8400000 range.
1197 @@ -42,10 +40,7 @@
1198 #define LOW_OBP_ADDRESS _AC(0x00000000f0000000,UL)
1199 #define HI_OBP_ADDRESS _AC(0x0000000100000000,UL)
1200 #define VMALLOC_START _AC(0x0000000100000000,UL)
1201 -#define VMALLOC_END _AC(0x0000010000000000,UL)
1202 -#define VMEMMAP_BASE _AC(0x0000010000000000,UL)
1203 -
1204 -#define vmemmap ((struct page *)VMEMMAP_BASE)
1205 +#define VMEMMAP_BASE VMALLOC_END
1206
1207 /* PMD_SHIFT determines the size of the area a second-level page
1208 * table can map
1209 @@ -55,13 +50,25 @@
1210 #define PMD_MASK (~(PMD_SIZE-1))
1211 #define PMD_BITS (PAGE_SHIFT - 3)
1212
1213 -/* PGDIR_SHIFT determines what a third-level page table entry can map */
1214 -#define PGDIR_SHIFT (PAGE_SHIFT + (PAGE_SHIFT-3) + PMD_BITS)
1215 +/* PUD_SHIFT determines the size of the area a third-level page
1216 + * table can map
1217 + */
1218 +#define PUD_SHIFT (PMD_SHIFT + PMD_BITS)
1219 +#define PUD_SIZE (_AC(1,UL) << PUD_SHIFT)
1220 +#define PUD_MASK (~(PUD_SIZE-1))
1221 +#define PUD_BITS (PAGE_SHIFT - 3)
1222 +
1223 +/* PGDIR_SHIFT determines what a fourth-level page table entry can map */
1224 +#define PGDIR_SHIFT (PUD_SHIFT + PUD_BITS)
1225 #define PGDIR_SIZE (_AC(1,UL) << PGDIR_SHIFT)
1226 #define PGDIR_MASK (~(PGDIR_SIZE-1))
1227 #define PGDIR_BITS (PAGE_SHIFT - 3)
1228
1229 -#if (PGDIR_SHIFT + PGDIR_BITS) != 43
1230 +#if (MAX_PHYS_ADDRESS_BITS > PGDIR_SHIFT + PGDIR_BITS)
1231 +#error MAX_PHYS_ADDRESS_BITS exceeds what kernel page tables can support
1232 +#endif
1233 +
1234 +#if (PGDIR_SHIFT + PGDIR_BITS) != 53
1235 #error Page table parameters do not cover virtual address space properly.
1236 #endif
1237
1238 @@ -71,28 +78,18 @@
1239
1240 #ifndef __ASSEMBLY__
1241
1242 -#include <linux/sched.h>
1243 -
1244 -extern unsigned long sparc64_valid_addr_bitmap[];
1245 +extern unsigned long VMALLOC_END;
1246
1247 -/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
1248 -static inline bool __kern_addr_valid(unsigned long paddr)
1249 -{
1250 - if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
1251 - return false;
1252 - return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
1253 -}
1254 +#define vmemmap ((struct page *)VMEMMAP_BASE)
1255
1256 -static inline bool kern_addr_valid(unsigned long addr)
1257 -{
1258 - unsigned long paddr = __pa(addr);
1259 +#include <linux/sched.h>
1260
1261 - return __kern_addr_valid(paddr);
1262 -}
1263 +bool kern_addr_valid(unsigned long addr);
1264
1265 /* Entries per page directory level. */
1266 #define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3))
1267 #define PTRS_PER_PMD (1UL << PMD_BITS)
1268 +#define PTRS_PER_PUD (1UL << PUD_BITS)
1269 #define PTRS_PER_PGD (1UL << PGDIR_BITS)
1270
1271 /* Kernel has a separate 44bit address space. */
1272 @@ -101,6 +98,9 @@ static inline bool kern_addr_valid(unsigned long addr)
1273 #define pmd_ERROR(e) \
1274 pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \
1275 __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0))
1276 +#define pud_ERROR(e) \
1277 + pr_err("%s:%d: bad pud %p(%016lx) seen at (%pS)\n", \
1278 + __FILE__, __LINE__, &(e), pud_val(e), __builtin_return_address(0))
1279 #define pgd_ERROR(e) \
1280 pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \
1281 __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0))
1282 @@ -112,6 +112,7 @@ static inline bool kern_addr_valid(unsigned long addr)
1283 #define _PAGE_R _AC(0x8000000000000000,UL) /* Keep ref bit uptodate*/
1284 #define _PAGE_SPECIAL _AC(0x0200000000000000,UL) /* Special page */
1285 #define _PAGE_PMD_HUGE _AC(0x0100000000000000,UL) /* Huge page */
1286 +#define _PAGE_PUD_HUGE _PAGE_PMD_HUGE
1287
1288 /* Advertise support for _PAGE_SPECIAL */
1289 #define __HAVE_ARCH_PTE_SPECIAL
1290 @@ -658,26 +659,26 @@ static inline unsigned long pmd_large(pmd_t pmd)
1291 return pte_val(pte) & _PAGE_PMD_HUGE;
1292 }
1293
1294 -#ifdef CONFIG_TRANSPARENT_HUGEPAGE
1295 -static inline unsigned long pmd_young(pmd_t pmd)
1296 +static inline unsigned long pmd_pfn(pmd_t pmd)
1297 {
1298 pte_t pte = __pte(pmd_val(pmd));
1299
1300 - return pte_young(pte);
1301 + return pte_pfn(pte);
1302 }
1303
1304 -static inline unsigned long pmd_write(pmd_t pmd)
1305 +#ifdef CONFIG_TRANSPARENT_HUGEPAGE
1306 +static inline unsigned long pmd_young(pmd_t pmd)
1307 {
1308 pte_t pte = __pte(pmd_val(pmd));
1309
1310 - return pte_write(pte);
1311 + return pte_young(pte);
1312 }
1313
1314 -static inline unsigned long pmd_pfn(pmd_t pmd)
1315 +static inline unsigned long pmd_write(pmd_t pmd)
1316 {
1317 pte_t pte = __pte(pmd_val(pmd));
1318
1319 - return pte_pfn(pte);
1320 + return pte_write(pte);
1321 }
1322
1323 static inline unsigned long pmd_trans_huge(pmd_t pmd)
1324 @@ -771,13 +772,15 @@ static inline int pmd_present(pmd_t pmd)
1325 * the top bits outside of the range of any physical address size we
1326 * support are clear as well. We also validate the physical itself.
1327 */
1328 -#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \
1329 - !__kern_addr_valid(pmd_val(pmd)))
1330 +#define pmd_bad(pmd) (pmd_val(pmd) & ~PAGE_MASK)
1331
1332 #define pud_none(pud) (!pud_val(pud))
1333
1334 -#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \
1335 - !__kern_addr_valid(pud_val(pud)))
1336 +#define pud_bad(pud) (pud_val(pud) & ~PAGE_MASK)
1337 +
1338 +#define pgd_none(pgd) (!pgd_val(pgd))
1339 +
1340 +#define pgd_bad(pgd) (pgd_val(pgd) & ~PAGE_MASK)
1341
1342 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
1343 void set_pmd_at(struct mm_struct *mm, unsigned long addr,
1344 @@ -815,10 +818,31 @@ static inline unsigned long __pmd_page(pmd_t pmd)
1345 #define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL)
1346 #define pud_present(pud) (pud_val(pud) != 0U)
1347 #define pud_clear(pudp) (pud_val(*(pudp)) = 0UL)
1348 +#define pgd_page_vaddr(pgd) \
1349 + ((unsigned long) __va(pgd_val(pgd)))
1350 +#define pgd_present(pgd) (pgd_val(pgd) != 0U)
1351 +#define pgd_clear(pgdp) (pgd_val(*(pgd)) = 0UL)
1352 +
1353 +static inline unsigned long pud_large(pud_t pud)
1354 +{
1355 + pte_t pte = __pte(pud_val(pud));
1356 +
1357 + return pte_val(pte) & _PAGE_PMD_HUGE;
1358 +}
1359 +
1360 +static inline unsigned long pud_pfn(pud_t pud)
1361 +{
1362 + pte_t pte = __pte(pud_val(pud));
1363 +
1364 + return pte_pfn(pte);
1365 +}
1366
1367 /* Same in both SUN4V and SUN4U. */
1368 #define pte_none(pte) (!pte_val(pte))
1369
1370 +#define pgd_set(pgdp, pudp) \
1371 + (pgd_val(*(pgdp)) = (__pa((unsigned long) (pudp))))
1372 +
1373 /* to find an entry in a page-table-directory. */
1374 #define pgd_index(address) (((address) >> PGDIR_SHIFT) & (PTRS_PER_PGD - 1))
1375 #define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
1376 @@ -826,6 +850,11 @@ static inline unsigned long __pmd_page(pmd_t pmd)
1377 /* to find an entry in a kernel page-table-directory */
1378 #define pgd_offset_k(address) pgd_offset(&init_mm, address)
1379
1380 +/* Find an entry in the third-level page table.. */
1381 +#define pud_index(address) (((address) >> PUD_SHIFT) & (PTRS_PER_PUD - 1))
1382 +#define pud_offset(pgdp, address) \
1383 + ((pud_t *) pgd_page_vaddr(*(pgdp)) + pud_index(address))
1384 +
1385 /* Find an entry in the second-level page table.. */
1386 #define pmd_offset(pudp, address) \
1387 ((pmd_t *) pud_page_vaddr(*(pudp)) + \
1388 @@ -898,7 +927,6 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
1389 #endif
1390
1391 extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
1392 -extern pmd_t swapper_low_pmd_dir[PTRS_PER_PMD];
1393
1394 void paging_init(void);
1395 unsigned long find_ecache_flush_span(unsigned long size);
1396 diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
1397 index f5fffd84d0dd..29d64b1758ed 100644
1398 --- a/arch/sparc/include/asm/setup.h
1399 +++ b/arch/sparc/include/asm/setup.h
1400 @@ -48,6 +48,8 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int);
1401 #endif
1402
1403 #ifdef CONFIG_SPARC64
1404 +void __init start_early_boot(void);
1405 +
1406 /* unaligned_64.c */
1407 int handle_ldf_stq(u32 insn, struct pt_regs *regs);
1408 void handle_ld_nf(u32 insn, struct pt_regs *regs);
1409 diff --git a/arch/sparc/include/asm/spitfire.h b/arch/sparc/include/asm/spitfire.h
1410 index 3fc58691dbd0..56f933816144 100644
1411 --- a/arch/sparc/include/asm/spitfire.h
1412 +++ b/arch/sparc/include/asm/spitfire.h
1413 @@ -45,6 +45,8 @@
1414 #define SUN4V_CHIP_NIAGARA3 0x03
1415 #define SUN4V_CHIP_NIAGARA4 0x04
1416 #define SUN4V_CHIP_NIAGARA5 0x05
1417 +#define SUN4V_CHIP_SPARC_M6 0x06
1418 +#define SUN4V_CHIP_SPARC_M7 0x07
1419 #define SUN4V_CHIP_SPARC64X 0x8a
1420 #define SUN4V_CHIP_UNKNOWN 0xff
1421
1422 diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
1423 index a5f01ac6d0f1..cc6275c931a5 100644
1424 --- a/arch/sparc/include/asm/thread_info_64.h
1425 +++ b/arch/sparc/include/asm/thread_info_64.h
1426 @@ -63,7 +63,8 @@ struct thread_info {
1427 struct pt_regs *kern_una_regs;
1428 unsigned int kern_una_insn;
1429
1430 - unsigned long fpregs[0] __attribute__ ((aligned(64)));
1431 + unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
1432 + __attribute__ ((aligned(64)));
1433 };
1434
1435 #endif /* !(__ASSEMBLY__) */
1436 @@ -102,6 +103,7 @@ struct thread_info {
1437 #define FAULT_CODE_ITLB 0x04 /* Miss happened in I-TLB */
1438 #define FAULT_CODE_WINFIXUP 0x08 /* Miss happened during spill/fill */
1439 #define FAULT_CODE_BLKCOMMIT 0x10 /* Use blk-commit ASI in copy_page */
1440 +#define FAULT_CODE_BAD_RA 0x20 /* Bad RA for sun4v */
1441
1442 #if PAGE_SHIFT == 13
1443 #define THREAD_SIZE (2*PAGE_SIZE)
1444 diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
1445 index 90916f955cac..ecb49cfa3be9 100644
1446 --- a/arch/sparc/include/asm/tsb.h
1447 +++ b/arch/sparc/include/asm/tsb.h
1448 @@ -133,9 +133,24 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1449 sub TSB, 0x8, TSB; \
1450 TSB_STORE(TSB, TAG);
1451
1452 - /* Do a kernel page table walk. Leaves physical PTE pointer in
1453 - * REG1. Jumps to FAIL_LABEL on early page table walk termination.
1454 - * VADDR will not be clobbered, but REG2 will.
1455 + /* Do a kernel page table walk. Leaves valid PTE value in
1456 + * REG1. Jumps to FAIL_LABEL on early page table walk
1457 + * termination. VADDR will not be clobbered, but REG2 will.
1458 + *
1459 + * There are two masks we must apply to propagate bits from
1460 + * the virtual address into the PTE physical address field
1461 + * when dealing with huge pages. This is because the page
1462 + * table boundaries do not match the huge page size(s) the
1463 + * hardware supports.
1464 + *
1465 + * In these cases we propagate the bits that are below the
1466 + * page table level where we saw the huge page mapping, but
1467 + * are still within the relevant physical bits for the huge
1468 + * page size in question. So for PMD mappings (which fall on
1469 + * bit 23, for 8MB per PMD) we must propagate bit 22 for a
1470 + * 4MB huge page. For huge PUDs (which fall on bit 33, for
1471 + * 8GB per PUD), we have to accomodate 256MB and 2GB huge
1472 + * pages. So for those we propagate bits 32 to 28.
1473 */
1474 #define KERN_PGTABLE_WALK(VADDR, REG1, REG2, FAIL_LABEL) \
1475 sethi %hi(swapper_pg_dir), REG1; \
1476 @@ -145,15 +160,40 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1477 andn REG2, 0x7, REG2; \
1478 ldx [REG1 + REG2], REG1; \
1479 brz,pn REG1, FAIL_LABEL; \
1480 - sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1481 + sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1482 srlx REG2, 64 - PAGE_SHIFT, REG2; \
1483 andn REG2, 0x7, REG2; \
1484 ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1485 brz,pn REG1, FAIL_LABEL; \
1486 - sllx VADDR, 64 - PMD_SHIFT, REG2; \
1487 + sethi %uhi(_PAGE_PUD_HUGE), REG2; \
1488 + brz,pn REG1, FAIL_LABEL; \
1489 + sllx REG2, 32, REG2; \
1490 + andcc REG1, REG2, %g0; \
1491 + sethi %hi(0xf8000000), REG2; \
1492 + bne,pt %xcc, 697f; \
1493 + sllx REG2, 1, REG2; \
1494 + sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1495 srlx REG2, 64 - PAGE_SHIFT, REG2; \
1496 andn REG2, 0x7, REG2; \
1497 - add REG1, REG2, REG1;
1498 + ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1499 + sethi %uhi(_PAGE_PMD_HUGE), REG2; \
1500 + brz,pn REG1, FAIL_LABEL; \
1501 + sllx REG2, 32, REG2; \
1502 + andcc REG1, REG2, %g0; \
1503 + be,pn %xcc, 698f; \
1504 + sethi %hi(0x400000), REG2; \
1505 +697: brgez,pn REG1, FAIL_LABEL; \
1506 + andn REG1, REG2, REG1; \
1507 + and VADDR, REG2, REG2; \
1508 + ba,pt %xcc, 699f; \
1509 + or REG1, REG2, REG1; \
1510 +698: sllx VADDR, 64 - PMD_SHIFT, REG2; \
1511 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1512 + andn REG2, 0x7, REG2; \
1513 + ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1514 + brgez,pn REG1, FAIL_LABEL; \
1515 + nop; \
1516 +699:
1517
1518 /* PMD has been loaded into REG1, interpret the value, seeing
1519 * if it is a HUGE PMD or a normal one. If it is not valid
1520 @@ -198,6 +238,11 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1521 andn REG2, 0x7, REG2; \
1522 ldxa [PHYS_PGD + REG2] ASI_PHYS_USE_EC, REG1; \
1523 brz,pn REG1, FAIL_LABEL; \
1524 + sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1525 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1526 + andn REG2, 0x7, REG2; \
1527 + ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1528 + brz,pn REG1, FAIL_LABEL; \
1529 sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1530 srlx REG2, 64 - PAGE_SHIFT, REG2; \
1531 andn REG2, 0x7, REG2; \
1532 @@ -246,8 +291,6 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1533 (KERNEL_TSB_SIZE_BYTES / 16)
1534 #define KERNEL_TSB4M_NENTRIES 4096
1535
1536 -#define KTSB_PHYS_SHIFT 15
1537 -
1538 /* Do a kernel TSB lookup at tl>0 on VADDR+TAG, branch to OK_LABEL
1539 * on TSB hit. REG1, REG2, REG3, and REG4 are used as temporaries
1540 * and the found TTE will be left in REG1. REG3 and REG4 must
1541 @@ -256,17 +299,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1542 * VADDR and TAG will be preserved and not clobbered by this macro.
1543 */
1544 #define KERN_TSB_LOOKUP_TL1(VADDR, TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1545 -661: sethi %hi(swapper_tsb), REG1; \
1546 - or REG1, %lo(swapper_tsb), REG1; \
1547 +661: sethi %uhi(swapper_tsb), REG1; \
1548 + sethi %hi(swapper_tsb), REG2; \
1549 + or REG1, %ulo(swapper_tsb), REG1; \
1550 + or REG2, %lo(swapper_tsb), REG2; \
1551 .section .swapper_tsb_phys_patch, "ax"; \
1552 .word 661b; \
1553 .previous; \
1554 -661: nop; \
1555 - .section .tsb_ldquad_phys_patch, "ax"; \
1556 - .word 661b; \
1557 - sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1558 - sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1559 - .previous; \
1560 + sllx REG1, 32, REG1; \
1561 + or REG1, REG2, REG1; \
1562 srlx VADDR, PAGE_SHIFT, REG2; \
1563 and REG2, (KERNEL_TSB_NENTRIES - 1), REG2; \
1564 sllx REG2, 4, REG2; \
1565 @@ -281,17 +322,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1566 * we can make use of that for the index computation.
1567 */
1568 #define KERN_TSB4M_LOOKUP_TL1(TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1569 -661: sethi %hi(swapper_4m_tsb), REG1; \
1570 - or REG1, %lo(swapper_4m_tsb), REG1; \
1571 +661: sethi %uhi(swapper_4m_tsb), REG1; \
1572 + sethi %hi(swapper_4m_tsb), REG2; \
1573 + or REG1, %ulo(swapper_4m_tsb), REG1; \
1574 + or REG2, %lo(swapper_4m_tsb), REG2; \
1575 .section .swapper_4m_tsb_phys_patch, "ax"; \
1576 .word 661b; \
1577 .previous; \
1578 -661: nop; \
1579 - .section .tsb_ldquad_phys_patch, "ax"; \
1580 - .word 661b; \
1581 - sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1582 - sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1583 - .previous; \
1584 + sllx REG1, 32, REG1; \
1585 + or REG1, REG2, REG1; \
1586 and TAG, (KERNEL_TSB4M_NENTRIES - 1), REG2; \
1587 sllx REG2, 4, REG2; \
1588 add REG1, REG2, REG2; \
1589 diff --git a/arch/sparc/include/asm/visasm.h b/arch/sparc/include/asm/visasm.h
1590 index b26673759283..1f0aa2024e94 100644
1591 --- a/arch/sparc/include/asm/visasm.h
1592 +++ b/arch/sparc/include/asm/visasm.h
1593 @@ -39,6 +39,14 @@
1594 297: wr %o5, FPRS_FEF, %fprs; \
1595 298:
1596
1597 +#define VISEntryHalfFast(fail_label) \
1598 + rd %fprs, %o5; \
1599 + andcc %o5, FPRS_FEF, %g0; \
1600 + be,pt %icc, 297f; \
1601 + nop; \
1602 + ba,a,pt %xcc, fail_label; \
1603 +297: wr %o5, FPRS_FEF, %fprs;
1604 +
1605 #define VISExitHalf \
1606 wr %o5, 0, %fprs;
1607
1608 diff --git a/arch/sparc/kernel/cpu.c b/arch/sparc/kernel/cpu.c
1609 index 82a3a71c451e..dfad8b1aea9f 100644
1610 --- a/arch/sparc/kernel/cpu.c
1611 +++ b/arch/sparc/kernel/cpu.c
1612 @@ -494,6 +494,18 @@ static void __init sun4v_cpu_probe(void)
1613 sparc_pmu_type = "niagara5";
1614 break;
1615
1616 + case SUN4V_CHIP_SPARC_M6:
1617 + sparc_cpu_type = "SPARC-M6";
1618 + sparc_fpu_type = "SPARC-M6 integrated FPU";
1619 + sparc_pmu_type = "sparc-m6";
1620 + break;
1621 +
1622 + case SUN4V_CHIP_SPARC_M7:
1623 + sparc_cpu_type = "SPARC-M7";
1624 + sparc_fpu_type = "SPARC-M7 integrated FPU";
1625 + sparc_pmu_type = "sparc-m7";
1626 + break;
1627 +
1628 case SUN4V_CHIP_SPARC64X:
1629 sparc_cpu_type = "SPARC64-X";
1630 sparc_fpu_type = "SPARC64-X integrated FPU";
1631 diff --git a/arch/sparc/kernel/cpumap.c b/arch/sparc/kernel/cpumap.c
1632 index de1c844dfabc..e69ec0e3f155 100644
1633 --- a/arch/sparc/kernel/cpumap.c
1634 +++ b/arch/sparc/kernel/cpumap.c
1635 @@ -326,6 +326,8 @@ static int iterate_cpu(struct cpuinfo_tree *t, unsigned int root_index)
1636 case SUN4V_CHIP_NIAGARA3:
1637 case SUN4V_CHIP_NIAGARA4:
1638 case SUN4V_CHIP_NIAGARA5:
1639 + case SUN4V_CHIP_SPARC_M6:
1640 + case SUN4V_CHIP_SPARC_M7:
1641 case SUN4V_CHIP_SPARC64X:
1642 rover_inc_table = niagara_iterate_method;
1643 break;
1644 diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c
1645 index dff60abbea01..f87a55d77094 100644
1646 --- a/arch/sparc/kernel/ds.c
1647 +++ b/arch/sparc/kernel/ds.c
1648 @@ -1200,14 +1200,14 @@ static int ds_probe(struct vio_dev *vdev, const struct vio_device_id *id)
1649 ds_cfg.tx_irq = vdev->tx_irq;
1650 ds_cfg.rx_irq = vdev->rx_irq;
1651
1652 - lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp);
1653 + lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp, "DS");
1654 if (IS_ERR(lp)) {
1655 err = PTR_ERR(lp);
1656 goto out_free_ds_states;
1657 }
1658 dp->lp = lp;
1659
1660 - err = ldc_bind(lp, "DS");
1661 + err = ldc_bind(lp);
1662 if (err)
1663 goto out_free_ldc;
1664
1665 diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S
1666 index b2c2c5be281c..d668ca149e64 100644
1667 --- a/arch/sparc/kernel/dtlb_prot.S
1668 +++ b/arch/sparc/kernel/dtlb_prot.S
1669 @@ -24,11 +24,11 @@
1670 mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr
1671
1672 /* PROT ** ICACHE line 2: More real fault processing */
1673 + ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1674 bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup
1675 - ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1676 - ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1677 mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4
1678 - nop
1679 + ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1680 + nop
1681 nop
1682 nop
1683 nop
1684 diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
1685 index ebaba6167dd4..88d322b67fac 100644
1686 --- a/arch/sparc/kernel/entry.h
1687 +++ b/arch/sparc/kernel/entry.h
1688 @@ -65,13 +65,10 @@ struct pause_patch_entry {
1689 extern struct pause_patch_entry __pause_3insn_patch,
1690 __pause_3insn_patch_end;
1691
1692 -void __init per_cpu_patch(void);
1693 void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
1694 struct sun4v_1insn_patch_entry *);
1695 void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
1696 struct sun4v_2insn_patch_entry *);
1697 -void __init sun4v_patch(void);
1698 -void __init boot_cpu_id_too_large(int cpu);
1699 extern unsigned int dcache_parity_tl1_occurred;
1700 extern unsigned int icache_parity_tl1_occurred;
1701
1702 diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
1703 index 452f04fe8da6..3d61fcae7ee3 100644
1704 --- a/arch/sparc/kernel/head_64.S
1705 +++ b/arch/sparc/kernel/head_64.S
1706 @@ -427,6 +427,12 @@ sun4v_chip_type:
1707 cmp %g2, '5'
1708 be,pt %xcc, 5f
1709 mov SUN4V_CHIP_NIAGARA5, %g4
1710 + cmp %g2, '6'
1711 + be,pt %xcc, 5f
1712 + mov SUN4V_CHIP_SPARC_M6, %g4
1713 + cmp %g2, '7'
1714 + be,pt %xcc, 5f
1715 + mov SUN4V_CHIP_SPARC_M7, %g4
1716 ba,pt %xcc, 49f
1717 nop
1718
1719 @@ -585,6 +591,12 @@ niagara_tlb_fixup:
1720 cmp %g1, SUN4V_CHIP_NIAGARA5
1721 be,pt %xcc, niagara4_patch
1722 nop
1723 + cmp %g1, SUN4V_CHIP_SPARC_M6
1724 + be,pt %xcc, niagara4_patch
1725 + nop
1726 + cmp %g1, SUN4V_CHIP_SPARC_M7
1727 + be,pt %xcc, niagara4_patch
1728 + nop
1729
1730 call generic_patch_copyops
1731 nop
1732 @@ -660,14 +672,12 @@ tlb_fixup_done:
1733 sethi %hi(init_thread_union), %g6
1734 or %g6, %lo(init_thread_union), %g6
1735 ldx [%g6 + TI_TASK], %g4
1736 - mov %sp, %l6
1737
1738 wr %g0, ASI_P, %asi
1739 mov 1, %g1
1740 sllx %g1, THREAD_SHIFT, %g1
1741 sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
1742 add %g6, %g1, %sp
1743 - mov 0, %fp
1744
1745 /* Set per-cpu pointer initially to zero, this makes
1746 * the boot-cpu use the in-kernel-image per-cpu areas
1747 @@ -694,44 +704,14 @@ tlb_fixup_done:
1748 nop
1749 #endif
1750
1751 - mov %l6, %o1 ! OpenPROM stack
1752 call prom_init
1753 mov %l7, %o0 ! OpenPROM cif handler
1754
1755 - /* Initialize current_thread_info()->cpu as early as possible.
1756 - * In order to do that accurately we have to patch up the get_cpuid()
1757 - * assembler sequences. And that, in turn, requires that we know
1758 - * if we are on a Starfire box or not. While we're here, patch up
1759 - * the sun4v sequences as well.
1760 + /* To create a one-register-window buffer between the kernel's
1761 + * initial stack and the last stack frame we use from the firmware,
1762 + * do the rest of the boot from a C helper function.
1763 */
1764 - call check_if_starfire
1765 - nop
1766 - call per_cpu_patch
1767 - nop
1768 - call sun4v_patch
1769 - nop
1770 -
1771 -#ifdef CONFIG_SMP
1772 - call hard_smp_processor_id
1773 - nop
1774 - cmp %o0, NR_CPUS
1775 - blu,pt %xcc, 1f
1776 - nop
1777 - call boot_cpu_id_too_large
1778 - nop
1779 - /* Not reached... */
1780 -
1781 -1:
1782 -#else
1783 - mov 0, %o0
1784 -#endif
1785 - sth %o0, [%g6 + TI_CPU]
1786 -
1787 - call prom_init_report
1788 - nop
1789 -
1790 - /* Off we go.... */
1791 - call start_kernel
1792 + call start_early_boot
1793 nop
1794 /* Not reached... */
1795
1796 diff --git a/arch/sparc/kernel/hvapi.c b/arch/sparc/kernel/hvapi.c
1797 index c0a2de0fd624..5c55145bfbf0 100644
1798 --- a/arch/sparc/kernel/hvapi.c
1799 +++ b/arch/sparc/kernel/hvapi.c
1800 @@ -46,6 +46,7 @@ static struct api_info api_table[] = {
1801 { .group = HV_GRP_VF_CPU, },
1802 { .group = HV_GRP_KT_CPU, },
1803 { .group = HV_GRP_VT_CPU, },
1804 + { .group = HV_GRP_T5_CPU, },
1805 { .group = HV_GRP_DIAG, .flags = FLAG_PRE_API },
1806 };
1807
1808 diff --git a/arch/sparc/kernel/hvcalls.S b/arch/sparc/kernel/hvcalls.S
1809 index f3ab509b76a8..caedf8320416 100644
1810 --- a/arch/sparc/kernel/hvcalls.S
1811 +++ b/arch/sparc/kernel/hvcalls.S
1812 @@ -821,3 +821,19 @@ ENTRY(sun4v_vt_set_perfreg)
1813 retl
1814 nop
1815 ENDPROC(sun4v_vt_set_perfreg)
1816 +
1817 +ENTRY(sun4v_t5_get_perfreg)
1818 + mov %o1, %o4
1819 + mov HV_FAST_T5_GET_PERFREG, %o5
1820 + ta HV_FAST_TRAP
1821 + stx %o1, [%o4]
1822 + retl
1823 + nop
1824 +ENDPROC(sun4v_t5_get_perfreg)
1825 +
1826 +ENTRY(sun4v_t5_set_perfreg)
1827 + mov HV_FAST_T5_SET_PERFREG, %o5
1828 + ta HV_FAST_TRAP
1829 + retl
1830 + nop
1831 +ENDPROC(sun4v_t5_set_perfreg)
1832 diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
1833 index b7ddcdd1dea9..cdbfec299f2f 100644
1834 --- a/arch/sparc/kernel/hvtramp.S
1835 +++ b/arch/sparc/kernel/hvtramp.S
1836 @@ -109,7 +109,6 @@ hv_cpu_startup:
1837 sllx %g5, THREAD_SHIFT, %g5
1838 sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
1839 add %g6, %g5, %sp
1840 - mov 0, %fp
1841
1842 call init_irqwork_curcpu
1843 nop
1844 diff --git a/arch/sparc/kernel/ioport.c b/arch/sparc/kernel/ioport.c
1845 index 7f08ec8a7c68..28fed53b13a0 100644
1846 --- a/arch/sparc/kernel/ioport.c
1847 +++ b/arch/sparc/kernel/ioport.c
1848 @@ -278,7 +278,8 @@ static void *sbus_alloc_coherent(struct device *dev, size_t len,
1849 }
1850
1851 order = get_order(len_total);
1852 - if ((va = __get_free_pages(GFP_KERNEL|__GFP_COMP, order)) == 0)
1853 + va = __get_free_pages(gfp, order);
1854 + if (va == 0)
1855 goto err_nopages;
1856
1857 if ((res = kzalloc(sizeof(struct resource), GFP_KERNEL)) == NULL)
1858 @@ -443,7 +444,7 @@ static void *pci32_alloc_coherent(struct device *dev, size_t len,
1859 }
1860
1861 order = get_order(len_total);
1862 - va = (void *) __get_free_pages(GFP_KERNEL, order);
1863 + va = (void *) __get_free_pages(gfp, order);
1864 if (va == NULL) {
1865 printk("pci_alloc_consistent: no %ld pages\n", len_total>>PAGE_SHIFT);
1866 goto err_nopages;
1867 diff --git a/arch/sparc/kernel/irq_64.c b/arch/sparc/kernel/irq_64.c
1868 index 666193f4e8bb..4033c23bdfa6 100644
1869 --- a/arch/sparc/kernel/irq_64.c
1870 +++ b/arch/sparc/kernel/irq_64.c
1871 @@ -47,8 +47,6 @@
1872 #include "cpumap.h"
1873 #include "kstack.h"
1874
1875 -#define NUM_IVECS (IMAP_INR + 1)
1876 -
1877 struct ino_bucket *ivector_table;
1878 unsigned long ivector_table_pa;
1879
1880 @@ -107,55 +105,196 @@ static void bucket_set_irq(unsigned long bucket_pa, unsigned int irq)
1881
1882 #define irq_work_pa(__cpu) &(trap_block[(__cpu)].irq_worklist_pa)
1883
1884 -static struct {
1885 - unsigned int dev_handle;
1886 - unsigned int dev_ino;
1887 - unsigned int in_use;
1888 -} irq_table[NR_IRQS];
1889 -static DEFINE_SPINLOCK(irq_alloc_lock);
1890 +static unsigned long hvirq_major __initdata;
1891 +static int __init early_hvirq_major(char *p)
1892 +{
1893 + int rc = kstrtoul(p, 10, &hvirq_major);
1894 +
1895 + return rc;
1896 +}
1897 +early_param("hvirq", early_hvirq_major);
1898 +
1899 +static int hv_irq_version;
1900 +
1901 +/* Major version 2.0 of HV_GRP_INTR added support for the VIRQ cookie
1902 + * based interfaces, but:
1903 + *
1904 + * 1) Several OSs, Solaris and Linux included, use them even when only
1905 + * negotiating version 1.0 (or failing to negotiate at all). So the
1906 + * hypervisor has a workaround that provides the VIRQ interfaces even
1907 + * when only verion 1.0 of the API is in use.
1908 + *
1909 + * 2) Second, and more importantly, with major version 2.0 these VIRQ
1910 + * interfaces only were actually hooked up for LDC interrupts, even
1911 + * though the Hypervisor specification clearly stated:
1912 + *
1913 + * The new interrupt API functions will be available to a guest
1914 + * when it negotiates version 2.0 in the interrupt API group 0x2. When
1915 + * a guest negotiates version 2.0, all interrupt sources will only
1916 + * support using the cookie interface, and any attempt to use the
1917 + * version 1.0 interrupt APIs numbered 0xa0 to 0xa6 will result in the
1918 + * ENOTSUPPORTED error being returned.
1919 + *
1920 + * with an emphasis on "all interrupt sources".
1921 + *
1922 + * To correct this, major version 3.0 was created which does actually
1923 + * support VIRQs for all interrupt sources (not just LDC devices). So
1924 + * if we want to move completely over the cookie based VIRQs we must
1925 + * negotiate major version 3.0 or later of HV_GRP_INTR.
1926 + */
1927 +static bool sun4v_cookie_only_virqs(void)
1928 +{
1929 + if (hv_irq_version >= 3)
1930 + return true;
1931 + return false;
1932 +}
1933
1934 -unsigned char irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
1935 +static void __init irq_init_hv(void)
1936 {
1937 - unsigned long flags;
1938 - unsigned char ent;
1939 + unsigned long hv_error, major, minor = 0;
1940 +
1941 + if (tlb_type != hypervisor)
1942 + return;
1943
1944 - BUILD_BUG_ON(NR_IRQS >= 256);
1945 + if (hvirq_major)
1946 + major = hvirq_major;
1947 + else
1948 + major = 3;
1949
1950 - spin_lock_irqsave(&irq_alloc_lock, flags);
1951 + hv_error = sun4v_hvapi_register(HV_GRP_INTR, major, &minor);
1952 + if (!hv_error)
1953 + hv_irq_version = major;
1954 + else
1955 + hv_irq_version = 1;
1956
1957 - for (ent = 1; ent < NR_IRQS; ent++) {
1958 - if (!irq_table[ent].in_use)
1959 + pr_info("SUN4V: Using IRQ API major %d, cookie only virqs %s\n",
1960 + hv_irq_version,
1961 + sun4v_cookie_only_virqs() ? "enabled" : "disabled");
1962 +}
1963 +
1964 +/* This function is for the timer interrupt.*/
1965 +int __init arch_probe_nr_irqs(void)
1966 +{
1967 + return 1;
1968 +}
1969 +
1970 +#define DEFAULT_NUM_IVECS (0xfffU)
1971 +static unsigned int nr_ivec = DEFAULT_NUM_IVECS;
1972 +#define NUM_IVECS (nr_ivec)
1973 +
1974 +static unsigned int __init size_nr_ivec(void)
1975 +{
1976 + if (tlb_type == hypervisor) {
1977 + switch (sun4v_chip_type) {
1978 + /* Athena's devhandle|devino is large.*/
1979 + case SUN4V_CHIP_SPARC64X:
1980 + nr_ivec = 0xffff;
1981 break;
1982 + }
1983 }
1984 - if (ent >= NR_IRQS) {
1985 - printk(KERN_ERR "IRQ: Out of virtual IRQs.\n");
1986 - ent = 0;
1987 - } else {
1988 - irq_table[ent].dev_handle = dev_handle;
1989 - irq_table[ent].dev_ino = dev_ino;
1990 - irq_table[ent].in_use = 1;
1991 - }
1992 + return nr_ivec;
1993 +}
1994 +
1995 +struct irq_handler_data {
1996 + union {
1997 + struct {
1998 + unsigned int dev_handle;
1999 + unsigned int dev_ino;
2000 + };
2001 + unsigned long sysino;
2002 + };
2003 + struct ino_bucket bucket;
2004 + unsigned long iclr;
2005 + unsigned long imap;
2006 +};
2007 +
2008 +static inline unsigned int irq_data_to_handle(struct irq_data *data)
2009 +{
2010 + struct irq_handler_data *ihd = data->handler_data;
2011 +
2012 + return ihd->dev_handle;
2013 +}
2014 +
2015 +static inline unsigned int irq_data_to_ino(struct irq_data *data)
2016 +{
2017 + struct irq_handler_data *ihd = data->handler_data;
2018
2019 - spin_unlock_irqrestore(&irq_alloc_lock, flags);
2020 + return ihd->dev_ino;
2021 +}
2022 +
2023 +static inline unsigned long irq_data_to_sysino(struct irq_data *data)
2024 +{
2025 + struct irq_handler_data *ihd = data->handler_data;
2026
2027 - return ent;
2028 + return ihd->sysino;
2029 }
2030
2031 -#ifdef CONFIG_PCI_MSI
2032 void irq_free(unsigned int irq)
2033 {
2034 - unsigned long flags;
2035 + void *data = irq_get_handler_data(irq);
2036
2037 - if (irq >= NR_IRQS)
2038 - return;
2039 + kfree(data);
2040 + irq_set_handler_data(irq, NULL);
2041 + irq_free_descs(irq, 1);
2042 +}
2043
2044 - spin_lock_irqsave(&irq_alloc_lock, flags);
2045 +unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
2046 +{
2047 + int irq;
2048
2049 - irq_table[irq].in_use = 0;
2050 + irq = __irq_alloc_descs(-1, 1, 1, numa_node_id(), NULL);
2051 + if (irq <= 0)
2052 + goto out;
2053
2054 - spin_unlock_irqrestore(&irq_alloc_lock, flags);
2055 + return irq;
2056 +out:
2057 + return 0;
2058 +}
2059 +
2060 +static unsigned int cookie_exists(u32 devhandle, unsigned int devino)
2061 +{
2062 + unsigned long hv_err, cookie;
2063 + struct ino_bucket *bucket;
2064 + unsigned int irq = 0U;
2065 +
2066 + hv_err = sun4v_vintr_get_cookie(devhandle, devino, &cookie);
2067 + if (hv_err) {
2068 + pr_err("HV get cookie failed hv_err = %ld\n", hv_err);
2069 + goto out;
2070 + }
2071 +
2072 + if (cookie & ((1UL << 63UL))) {
2073 + cookie = ~cookie;
2074 + bucket = (struct ino_bucket *) __va(cookie);
2075 + irq = bucket->__irq;
2076 + }
2077 +out:
2078 + return irq;
2079 +}
2080 +
2081 +static unsigned int sysino_exists(u32 devhandle, unsigned int devino)
2082 +{
2083 + unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
2084 + struct ino_bucket *bucket;
2085 + unsigned int irq;
2086 +
2087 + bucket = &ivector_table[sysino];
2088 + irq = bucket_get_irq(__pa(bucket));
2089 +
2090 + return irq;
2091 +}
2092 +
2093 +void ack_bad_irq(unsigned int irq)
2094 +{
2095 + pr_crit("BAD IRQ ack %d\n", irq);
2096 +}
2097 +
2098 +void irq_install_pre_handler(int irq,
2099 + void (*func)(unsigned int, void *, void *),
2100 + void *arg1, void *arg2)
2101 +{
2102 + pr_warn("IRQ pre handler NOT supported.\n");
2103 }
2104 -#endif
2105
2106 /*
2107 * /proc/interrupts printing:
2108 @@ -206,15 +345,6 @@ static unsigned int sun4u_compute_tid(unsigned long imap, unsigned long cpuid)
2109 return tid;
2110 }
2111
2112 -struct irq_handler_data {
2113 - unsigned long iclr;
2114 - unsigned long imap;
2115 -
2116 - void (*pre_handler)(unsigned int, void *, void *);
2117 - void *arg1;
2118 - void *arg2;
2119 -};
2120 -
2121 #ifdef CONFIG_SMP
2122 static int irq_choose_cpu(unsigned int irq, const struct cpumask *affinity)
2123 {
2124 @@ -316,8 +446,8 @@ static void sun4u_irq_eoi(struct irq_data *data)
2125
2126 static void sun4v_irq_enable(struct irq_data *data)
2127 {
2128 - unsigned int ino = irq_table[data->irq].dev_ino;
2129 unsigned long cpuid = irq_choose_cpu(data->irq, data->affinity);
2130 + unsigned int ino = irq_data_to_sysino(data);
2131 int err;
2132
2133 err = sun4v_intr_settarget(ino, cpuid);
2134 @@ -337,8 +467,8 @@ static void sun4v_irq_enable(struct irq_data *data)
2135 static int sun4v_set_affinity(struct irq_data *data,
2136 const struct cpumask *mask, bool force)
2137 {
2138 - unsigned int ino = irq_table[data->irq].dev_ino;
2139 unsigned long cpuid = irq_choose_cpu(data->irq, mask);
2140 + unsigned int ino = irq_data_to_sysino(data);
2141 int err;
2142
2143 err = sun4v_intr_settarget(ino, cpuid);
2144 @@ -351,7 +481,7 @@ static int sun4v_set_affinity(struct irq_data *data,
2145
2146 static void sun4v_irq_disable(struct irq_data *data)
2147 {
2148 - unsigned int ino = irq_table[data->irq].dev_ino;
2149 + unsigned int ino = irq_data_to_sysino(data);
2150 int err;
2151
2152 err = sun4v_intr_setenabled(ino, HV_INTR_DISABLED);
2153 @@ -362,7 +492,7 @@ static void sun4v_irq_disable(struct irq_data *data)
2154
2155 static void sun4v_irq_eoi(struct irq_data *data)
2156 {
2157 - unsigned int ino = irq_table[data->irq].dev_ino;
2158 + unsigned int ino = irq_data_to_sysino(data);
2159 int err;
2160
2161 err = sun4v_intr_setstate(ino, HV_INTR_STATE_IDLE);
2162 @@ -373,14 +503,13 @@ static void sun4v_irq_eoi(struct irq_data *data)
2163
2164 static void sun4v_virq_enable(struct irq_data *data)
2165 {
2166 - unsigned long cpuid, dev_handle, dev_ino;
2167 + unsigned long dev_handle = irq_data_to_handle(data);
2168 + unsigned long dev_ino = irq_data_to_ino(data);
2169 + unsigned long cpuid;
2170 int err;
2171
2172 cpuid = irq_choose_cpu(data->irq, data->affinity);
2173
2174 - dev_handle = irq_table[data->irq].dev_handle;
2175 - dev_ino = irq_table[data->irq].dev_ino;
2176 -
2177 err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
2178 if (err != HV_EOK)
2179 printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
2180 @@ -403,14 +532,13 @@ static void sun4v_virq_enable(struct irq_data *data)
2181 static int sun4v_virt_set_affinity(struct irq_data *data,
2182 const struct cpumask *mask, bool force)
2183 {
2184 - unsigned long cpuid, dev_handle, dev_ino;
2185 + unsigned long dev_handle = irq_data_to_handle(data);
2186 + unsigned long dev_ino = irq_data_to_ino(data);
2187 + unsigned long cpuid;
2188 int err;
2189
2190 cpuid = irq_choose_cpu(data->irq, mask);
2191
2192 - dev_handle = irq_table[data->irq].dev_handle;
2193 - dev_ino = irq_table[data->irq].dev_ino;
2194 -
2195 err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
2196 if (err != HV_EOK)
2197 printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
2198 @@ -422,11 +550,10 @@ static int sun4v_virt_set_affinity(struct irq_data *data,
2199
2200 static void sun4v_virq_disable(struct irq_data *data)
2201 {
2202 - unsigned long dev_handle, dev_ino;
2203 + unsigned long dev_handle = irq_data_to_handle(data);
2204 + unsigned long dev_ino = irq_data_to_ino(data);
2205 int err;
2206
2207 - dev_handle = irq_table[data->irq].dev_handle;
2208 - dev_ino = irq_table[data->irq].dev_ino;
2209
2210 err = sun4v_vintr_set_valid(dev_handle, dev_ino,
2211 HV_INTR_DISABLED);
2212 @@ -438,12 +565,10 @@ static void sun4v_virq_disable(struct irq_data *data)
2213
2214 static void sun4v_virq_eoi(struct irq_data *data)
2215 {
2216 - unsigned long dev_handle, dev_ino;
2217 + unsigned long dev_handle = irq_data_to_handle(data);
2218 + unsigned long dev_ino = irq_data_to_ino(data);
2219 int err;
2220
2221 - dev_handle = irq_table[data->irq].dev_handle;
2222 - dev_ino = irq_table[data->irq].dev_ino;
2223 -
2224 err = sun4v_vintr_set_state(dev_handle, dev_ino,
2225 HV_INTR_STATE_IDLE);
2226 if (err != HV_EOK)
2227 @@ -479,31 +604,10 @@ static struct irq_chip sun4v_virq = {
2228 .flags = IRQCHIP_EOI_IF_HANDLED,
2229 };
2230
2231 -static void pre_flow_handler(struct irq_data *d)
2232 -{
2233 - struct irq_handler_data *handler_data = irq_data_get_irq_handler_data(d);
2234 - unsigned int ino = irq_table[d->irq].dev_ino;
2235 -
2236 - handler_data->pre_handler(ino, handler_data->arg1, handler_data->arg2);
2237 -}
2238 -
2239 -void irq_install_pre_handler(int irq,
2240 - void (*func)(unsigned int, void *, void *),
2241 - void *arg1, void *arg2)
2242 -{
2243 - struct irq_handler_data *handler_data = irq_get_handler_data(irq);
2244 -
2245 - handler_data->pre_handler = func;
2246 - handler_data->arg1 = arg1;
2247 - handler_data->arg2 = arg2;
2248 -
2249 - __irq_set_preflow_handler(irq, pre_flow_handler);
2250 -}
2251 -
2252 unsigned int build_irq(int inofixup, unsigned long iclr, unsigned long imap)
2253 {
2254 - struct ino_bucket *bucket;
2255 struct irq_handler_data *handler_data;
2256 + struct ino_bucket *bucket;
2257 unsigned int irq;
2258 int ino;
2259
2260 @@ -537,119 +641,166 @@ out:
2261 return irq;
2262 }
2263
2264 -static unsigned int sun4v_build_common(unsigned long sysino,
2265 - struct irq_chip *chip)
2266 +static unsigned int sun4v_build_common(u32 devhandle, unsigned int devino,
2267 + void (*handler_data_init)(struct irq_handler_data *data,
2268 + u32 devhandle, unsigned int devino),
2269 + struct irq_chip *chip)
2270 {
2271 - struct ino_bucket *bucket;
2272 - struct irq_handler_data *handler_data;
2273 + struct irq_handler_data *data;
2274 unsigned int irq;
2275
2276 - BUG_ON(tlb_type != hypervisor);
2277 + irq = irq_alloc(devhandle, devino);
2278 + if (!irq)
2279 + goto out;
2280
2281 - bucket = &ivector_table[sysino];
2282 - irq = bucket_get_irq(__pa(bucket));
2283 - if (!irq) {
2284 - irq = irq_alloc(0, sysino);
2285 - bucket_set_irq(__pa(bucket), irq);
2286 - irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq,
2287 - "IVEC");
2288 + data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2289 + if (unlikely(!data)) {
2290 + pr_err("IRQ handler data allocation failed.\n");
2291 + irq_free(irq);
2292 + irq = 0;
2293 + goto out;
2294 }
2295
2296 - handler_data = irq_get_handler_data(irq);
2297 - if (unlikely(handler_data))
2298 - goto out;
2299 + irq_set_handler_data(irq, data);
2300 + handler_data_init(data, devhandle, devino);
2301 + irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq, "IVEC");
2302 + data->imap = ~0UL;
2303 + data->iclr = ~0UL;
2304 +out:
2305 + return irq;
2306 +}
2307
2308 - handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2309 - if (unlikely(!handler_data)) {
2310 - prom_printf("IRQ: kzalloc(irq_handler_data) failed.\n");
2311 - prom_halt();
2312 - }
2313 - irq_set_handler_data(irq, handler_data);
2314 +static unsigned long cookie_assign(unsigned int irq, u32 devhandle,
2315 + unsigned int devino)
2316 +{
2317 + struct irq_handler_data *ihd = irq_get_handler_data(irq);
2318 + unsigned long hv_error, cookie;
2319
2320 - /* Catch accidental accesses to these things. IMAP/ICLR handling
2321 - * is done by hypervisor calls on sun4v platforms, not by direct
2322 - * register accesses.
2323 + /* handler_irq needs to find the irq. cookie is seen signed in
2324 + * sun4v_dev_mondo and treated as a non ivector_table delivery.
2325 */
2326 - handler_data->imap = ~0UL;
2327 - handler_data->iclr = ~0UL;
2328 + ihd->bucket.__irq = irq;
2329 + cookie = ~__pa(&ihd->bucket);
2330
2331 -out:
2332 - return irq;
2333 + hv_error = sun4v_vintr_set_cookie(devhandle, devino, cookie);
2334 + if (hv_error)
2335 + pr_err("HV vintr set cookie failed = %ld\n", hv_error);
2336 +
2337 + return hv_error;
2338 }
2339
2340 -unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
2341 +static void cookie_handler_data(struct irq_handler_data *data,
2342 + u32 devhandle, unsigned int devino)
2343 {
2344 - unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
2345 + data->dev_handle = devhandle;
2346 + data->dev_ino = devino;
2347 +}
2348
2349 - return sun4v_build_common(sysino, &sun4v_irq);
2350 +static unsigned int cookie_build_irq(u32 devhandle, unsigned int devino,
2351 + struct irq_chip *chip)
2352 +{
2353 + unsigned long hv_error;
2354 + unsigned int irq;
2355 +
2356 + irq = sun4v_build_common(devhandle, devino, cookie_handler_data, chip);
2357 +
2358 + hv_error = cookie_assign(irq, devhandle, devino);
2359 + if (hv_error) {
2360 + irq_free(irq);
2361 + irq = 0;
2362 + }
2363 +
2364 + return irq;
2365 }
2366
2367 -unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
2368 +static unsigned int sun4v_build_cookie(u32 devhandle, unsigned int devino)
2369 {
2370 - struct irq_handler_data *handler_data;
2371 - unsigned long hv_err, cookie;
2372 - struct ino_bucket *bucket;
2373 unsigned int irq;
2374
2375 - bucket = kzalloc(sizeof(struct ino_bucket), GFP_ATOMIC);
2376 - if (unlikely(!bucket))
2377 - return 0;
2378 + irq = cookie_exists(devhandle, devino);
2379 + if (irq)
2380 + goto out;
2381
2382 - /* The only reference we store to the IRQ bucket is
2383 - * by physical address which kmemleak can't see, tell
2384 - * it that this object explicitly is not a leak and
2385 - * should be scanned.
2386 - */
2387 - kmemleak_not_leak(bucket);
2388 + irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
2389
2390 - __flush_dcache_range((unsigned long) bucket,
2391 - ((unsigned long) bucket +
2392 - sizeof(struct ino_bucket)));
2393 +out:
2394 + return irq;
2395 +}
2396
2397 - irq = irq_alloc(devhandle, devino);
2398 +static void sysino_set_bucket(unsigned int irq)
2399 +{
2400 + struct irq_handler_data *ihd = irq_get_handler_data(irq);
2401 + struct ino_bucket *bucket;
2402 + unsigned long sysino;
2403 +
2404 + sysino = sun4v_devino_to_sysino(ihd->dev_handle, ihd->dev_ino);
2405 + BUG_ON(sysino >= nr_ivec);
2406 + bucket = &ivector_table[sysino];
2407 bucket_set_irq(__pa(bucket), irq);
2408 +}
2409
2410 - irq_set_chip_and_handler_name(irq, &sun4v_virq, handle_fasteoi_irq,
2411 - "IVEC");
2412 +static void sysino_handler_data(struct irq_handler_data *data,
2413 + u32 devhandle, unsigned int devino)
2414 +{
2415 + unsigned long sysino;
2416
2417 - handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2418 - if (unlikely(!handler_data))
2419 - return 0;
2420 + sysino = sun4v_devino_to_sysino(devhandle, devino);
2421 + data->sysino = sysino;
2422 +}
2423
2424 - /* In order to make the LDC channel startup sequence easier,
2425 - * especially wrt. locking, we do not let request_irq() enable
2426 - * the interrupt.
2427 - */
2428 - irq_set_status_flags(irq, IRQ_NOAUTOEN);
2429 - irq_set_handler_data(irq, handler_data);
2430 +static unsigned int sysino_build_irq(u32 devhandle, unsigned int devino,
2431 + struct irq_chip *chip)
2432 +{
2433 + unsigned int irq;
2434
2435 - /* Catch accidental accesses to these things. IMAP/ICLR handling
2436 - * is done by hypervisor calls on sun4v platforms, not by direct
2437 - * register accesses.
2438 - */
2439 - handler_data->imap = ~0UL;
2440 - handler_data->iclr = ~0UL;
2441 + irq = sun4v_build_common(devhandle, devino, sysino_handler_data, chip);
2442 + if (!irq)
2443 + goto out;
2444
2445 - cookie = ~__pa(bucket);
2446 - hv_err = sun4v_vintr_set_cookie(devhandle, devino, cookie);
2447 - if (hv_err) {
2448 - prom_printf("IRQ: Fatal, cannot set cookie for [%x:%x] "
2449 - "err=%lu\n", devhandle, devino, hv_err);
2450 - prom_halt();
2451 - }
2452 + sysino_set_bucket(irq);
2453 +out:
2454 + return irq;
2455 +}
2456
2457 +static int sun4v_build_sysino(u32 devhandle, unsigned int devino)
2458 +{
2459 + int irq;
2460 +
2461 + irq = sysino_exists(devhandle, devino);
2462 + if (irq)
2463 + goto out;
2464 +
2465 + irq = sysino_build_irq(devhandle, devino, &sun4v_irq);
2466 +out:
2467 return irq;
2468 }
2469
2470 -void ack_bad_irq(unsigned int irq)
2471 +unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
2472 {
2473 - unsigned int ino = irq_table[irq].dev_ino;
2474 + unsigned int irq;
2475
2476 - if (!ino)
2477 - ino = 0xdeadbeef;
2478 + if (sun4v_cookie_only_virqs())
2479 + irq = sun4v_build_cookie(devhandle, devino);
2480 + else
2481 + irq = sun4v_build_sysino(devhandle, devino);
2482
2483 - printk(KERN_CRIT "Unexpected IRQ from ino[%x] irq[%u]\n",
2484 - ino, irq);
2485 + return irq;
2486 +}
2487 +
2488 +unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
2489 +{
2490 + int irq;
2491 +
2492 + irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
2493 + if (!irq)
2494 + goto out;
2495 +
2496 + /* This is borrowed from the original function.
2497 + */
2498 + irq_set_status_flags(irq, IRQ_NOAUTOEN);
2499 +
2500 +out:
2501 + return irq;
2502 }
2503
2504 void *hardirq_stack[NR_CPUS];
2505 @@ -720,9 +871,12 @@ void fixup_irqs(void)
2506
2507 for (irq = 0; irq < NR_IRQS; irq++) {
2508 struct irq_desc *desc = irq_to_desc(irq);
2509 - struct irq_data *data = irq_desc_get_irq_data(desc);
2510 + struct irq_data *data;
2511 unsigned long flags;
2512
2513 + if (!desc)
2514 + continue;
2515 + data = irq_desc_get_irq_data(desc);
2516 raw_spin_lock_irqsave(&desc->lock, flags);
2517 if (desc->action && !irqd_is_per_cpu(data)) {
2518 if (data->chip->irq_set_affinity)
2519 @@ -922,16 +1076,22 @@ static struct irqaction timer_irq_action = {
2520 .name = "timer",
2521 };
2522
2523 -/* Only invoked on boot processor. */
2524 -void __init init_IRQ(void)
2525 +static void __init irq_ivector_init(void)
2526 {
2527 - unsigned long size;
2528 + unsigned long size, order;
2529 + unsigned int ivecs;
2530
2531 - map_prom_timers();
2532 - kill_prom_timer();
2533 + /* If we are doing cookie only VIRQs then we do not need the ivector
2534 + * table to process interrupts.
2535 + */
2536 + if (sun4v_cookie_only_virqs())
2537 + return;
2538
2539 - size = sizeof(struct ino_bucket) * NUM_IVECS;
2540 - ivector_table = kzalloc(size, GFP_KERNEL);
2541 + ivecs = size_nr_ivec();
2542 + size = sizeof(struct ino_bucket) * ivecs;
2543 + order = get_order(size);
2544 + ivector_table = (struct ino_bucket *)
2545 + __get_free_pages(GFP_KERNEL | __GFP_ZERO, order);
2546 if (!ivector_table) {
2547 prom_printf("Fatal error, cannot allocate ivector_table\n");
2548 prom_halt();
2549 @@ -940,6 +1100,15 @@ void __init init_IRQ(void)
2550 ((unsigned long) ivector_table) + size);
2551
2552 ivector_table_pa = __pa(ivector_table);
2553 +}
2554 +
2555 +/* Only invoked on boot processor.*/
2556 +void __init init_IRQ(void)
2557 +{
2558 + irq_init_hv();
2559 + irq_ivector_init();
2560 + map_prom_timers();
2561 + kill_prom_timer();
2562
2563 if (tlb_type == hypervisor)
2564 sun4v_init_mondo_queues();
2565 diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S
2566 index 605d49204580..ef0d8e9e1210 100644
2567 --- a/arch/sparc/kernel/ktlb.S
2568 +++ b/arch/sparc/kernel/ktlb.S
2569 @@ -47,14 +47,6 @@ kvmap_itlb_vmalloc_addr:
2570 KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_itlb_longpath)
2571
2572 TSB_LOCK_TAG(%g1, %g2, %g7)
2573 -
2574 - /* Load and check PTE. */
2575 - ldxa [%g5] ASI_PHYS_USE_EC, %g5
2576 - mov 1, %g7
2577 - sllx %g7, TSB_TAG_INVALID_BIT, %g7
2578 - brgez,a,pn %g5, kvmap_itlb_longpath
2579 - TSB_STORE(%g1, %g7)
2580 -
2581 TSB_WRITE(%g1, %g5, %g6)
2582
2583 /* fallthrough to TLB load */
2584 @@ -118,6 +110,12 @@ kvmap_dtlb_obp:
2585 ba,pt %xcc, kvmap_dtlb_load
2586 nop
2587
2588 +kvmap_linear_early:
2589 + sethi %hi(kern_linear_pte_xor), %g7
2590 + ldx [%g7 + %lo(kern_linear_pte_xor)], %g2
2591 + ba,pt %xcc, kvmap_dtlb_tsb4m_load
2592 + xor %g2, %g4, %g5
2593 +
2594 .align 32
2595 kvmap_dtlb_tsb4m_load:
2596 TSB_LOCK_TAG(%g1, %g2, %g7)
2597 @@ -146,105 +144,17 @@ kvmap_dtlb_4v:
2598 /* Correct TAG_TARGET is already in %g6, check 4mb TSB. */
2599 KERN_TSB4M_LOOKUP_TL1(%g6, %g5, %g1, %g2, %g3, kvmap_dtlb_load)
2600 #endif
2601 - /* TSB entry address left in %g1, lookup linear PTE.
2602 - * Must preserve %g1 and %g6 (TAG).
2603 - */
2604 -kvmap_dtlb_tsb4m_miss:
2605 - /* Clear the PAGE_OFFSET top virtual bits, shift
2606 - * down to get PFN, and make sure PFN is in range.
2607 - */
2608 -661: sllx %g4, 0, %g5
2609 - .section .page_offset_shift_patch, "ax"
2610 - .word 661b
2611 - .previous
2612 -
2613 - /* Check to see if we know about valid memory at the 4MB
2614 - * chunk this physical address will reside within.
2615 + /* Linear mapping TSB lookup failed. Fallthrough to kernel
2616 + * page table based lookup.
2617 */
2618 -661: srlx %g5, MAX_PHYS_ADDRESS_BITS, %g2
2619 - .section .page_offset_shift_patch, "ax"
2620 - .word 661b
2621 - .previous
2622 -
2623 - brnz,pn %g2, kvmap_dtlb_longpath
2624 - nop
2625 -
2626 - /* This unconditional branch and delay-slot nop gets patched
2627 - * by the sethi sequence once the bitmap is properly setup.
2628 - */
2629 - .globl valid_addr_bitmap_insn
2630 -valid_addr_bitmap_insn:
2631 - ba,pt %xcc, 2f
2632 - nop
2633 - .subsection 2
2634 - .globl valid_addr_bitmap_patch
2635 -valid_addr_bitmap_patch:
2636 - sethi %hi(sparc64_valid_addr_bitmap), %g7
2637 - or %g7, %lo(sparc64_valid_addr_bitmap), %g7
2638 - .previous
2639 -
2640 -661: srlx %g5, ILOG2_4MB, %g2
2641 - .section .page_offset_shift_patch, "ax"
2642 - .word 661b
2643 - .previous
2644 -
2645 - srlx %g2, 6, %g5
2646 - and %g2, 63, %g2
2647 - sllx %g5, 3, %g5
2648 - ldx [%g7 + %g5], %g5
2649 - mov 1, %g7
2650 - sllx %g7, %g2, %g7
2651 - andcc %g5, %g7, %g0
2652 - be,pn %xcc, kvmap_dtlb_longpath
2653 -
2654 -2: sethi %hi(kpte_linear_bitmap), %g2
2655 -
2656 - /* Get the 256MB physical address index. */
2657 -661: sllx %g4, 0, %g5
2658 - .section .page_offset_shift_patch, "ax"
2659 - .word 661b
2660 - .previous
2661 -
2662 - or %g2, %lo(kpte_linear_bitmap), %g2
2663 -
2664 -661: srlx %g5, ILOG2_256MB, %g5
2665 - .section .page_offset_shift_patch, "ax"
2666 - .word 661b
2667 - .previous
2668 -
2669 - and %g5, (32 - 1), %g7
2670 -
2671 - /* Divide by 32 to get the offset into the bitmask. */
2672 - srlx %g5, 5, %g5
2673 - add %g7, %g7, %g7
2674 - sllx %g5, 3, %g5
2675 -
2676 - /* kern_linear_pte_xor[(mask >> shift) & 3)] */
2677 - ldx [%g2 + %g5], %g2
2678 - srlx %g2, %g7, %g7
2679 - sethi %hi(kern_linear_pte_xor), %g5
2680 - and %g7, 3, %g7
2681 - or %g5, %lo(kern_linear_pte_xor), %g5
2682 - sllx %g7, 3, %g7
2683 - ldx [%g5 + %g7], %g2
2684 -
2685 .globl kvmap_linear_patch
2686 kvmap_linear_patch:
2687 - ba,pt %xcc, kvmap_dtlb_tsb4m_load
2688 - xor %g2, %g4, %g5
2689 + ba,a,pt %xcc, kvmap_linear_early
2690
2691 kvmap_dtlb_vmalloc_addr:
2692 KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2693
2694 TSB_LOCK_TAG(%g1, %g2, %g7)
2695 -
2696 - /* Load and check PTE. */
2697 - ldxa [%g5] ASI_PHYS_USE_EC, %g5
2698 - mov 1, %g7
2699 - sllx %g7, TSB_TAG_INVALID_BIT, %g7
2700 - brgez,a,pn %g5, kvmap_dtlb_longpath
2701 - TSB_STORE(%g1, %g7)
2702 -
2703 TSB_WRITE(%g1, %g5, %g6)
2704
2705 /* fallthrough to TLB load */
2706 @@ -276,13 +186,8 @@ kvmap_dtlb_load:
2707
2708 #ifdef CONFIG_SPARSEMEM_VMEMMAP
2709 kvmap_vmemmap:
2710 - sub %g4, %g5, %g5
2711 - srlx %g5, ILOG2_4MB, %g5
2712 - sethi %hi(vmemmap_table), %g1
2713 - sllx %g5, 3, %g5
2714 - or %g1, %lo(vmemmap_table), %g1
2715 - ba,pt %xcc, kvmap_dtlb_load
2716 - ldx [%g1 + %g5], %g5
2717 + KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2718 + ba,a,pt %xcc, kvmap_dtlb_load
2719 #endif
2720
2721 kvmap_dtlb_nonlinear:
2722 @@ -294,8 +199,8 @@ kvmap_dtlb_nonlinear:
2723
2724 #ifdef CONFIG_SPARSEMEM_VMEMMAP
2725 /* Do not use the TSB for vmemmap. */
2726 - mov (VMEMMAP_BASE >> 40), %g5
2727 - sllx %g5, 40, %g5
2728 + sethi %hi(VMEMMAP_BASE), %g5
2729 + ldx [%g5 + %lo(VMEMMAP_BASE)], %g5
2730 cmp %g4,%g5
2731 bgeu,pn %xcc, kvmap_vmemmap
2732 nop
2733 @@ -307,8 +212,8 @@ kvmap_dtlb_tsbmiss:
2734 sethi %hi(MODULES_VADDR), %g5
2735 cmp %g4, %g5
2736 blu,pn %xcc, kvmap_dtlb_longpath
2737 - mov (VMALLOC_END >> 40), %g5
2738 - sllx %g5, 40, %g5
2739 + sethi %hi(VMALLOC_END), %g5
2740 + ldx [%g5 + %lo(VMALLOC_END)], %g5
2741 cmp %g4, %g5
2742 bgeu,pn %xcc, kvmap_dtlb_longpath
2743 nop
2744 diff --git a/arch/sparc/kernel/ldc.c b/arch/sparc/kernel/ldc.c
2745 index 66dacd56bb10..27bb55485472 100644
2746 --- a/arch/sparc/kernel/ldc.c
2747 +++ b/arch/sparc/kernel/ldc.c
2748 @@ -1078,7 +1078,8 @@ static void ldc_iommu_release(struct ldc_channel *lp)
2749
2750 struct ldc_channel *ldc_alloc(unsigned long id,
2751 const struct ldc_channel_config *cfgp,
2752 - void *event_arg)
2753 + void *event_arg,
2754 + const char *name)
2755 {
2756 struct ldc_channel *lp;
2757 const struct ldc_mode_ops *mops;
2758 @@ -1093,6 +1094,8 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2759 err = -EINVAL;
2760 if (!cfgp)
2761 goto out_err;
2762 + if (!name)
2763 + goto out_err;
2764
2765 switch (cfgp->mode) {
2766 case LDC_MODE_RAW:
2767 @@ -1185,6 +1188,21 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2768
2769 INIT_HLIST_HEAD(&lp->mh_list);
2770
2771 + snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2772 + snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2773 +
2774 + err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2775 + lp->rx_irq_name, lp);
2776 + if (err)
2777 + goto out_free_txq;
2778 +
2779 + err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2780 + lp->tx_irq_name, lp);
2781 + if (err) {
2782 + free_irq(lp->cfg.rx_irq, lp);
2783 + goto out_free_txq;
2784 + }
2785 +
2786 return lp;
2787
2788 out_free_txq:
2789 @@ -1237,31 +1255,14 @@ EXPORT_SYMBOL(ldc_free);
2790 * state. This does not initiate a handshake, ldc_connect() does
2791 * that.
2792 */
2793 -int ldc_bind(struct ldc_channel *lp, const char *name)
2794 +int ldc_bind(struct ldc_channel *lp)
2795 {
2796 unsigned long hv_err, flags;
2797 int err = -EINVAL;
2798
2799 - if (!name ||
2800 - (lp->state != LDC_STATE_INIT))
2801 + if (lp->state != LDC_STATE_INIT)
2802 return -EINVAL;
2803
2804 - snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2805 - snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2806 -
2807 - err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2808 - lp->rx_irq_name, lp);
2809 - if (err)
2810 - return err;
2811 -
2812 - err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2813 - lp->tx_irq_name, lp);
2814 - if (err) {
2815 - free_irq(lp->cfg.rx_irq, lp);
2816 - return err;
2817 - }
2818 -
2819 -
2820 spin_lock_irqsave(&lp->lock, flags);
2821
2822 enable_irq(lp->cfg.rx_irq);
2823 diff --git a/arch/sparc/kernel/pcr.c b/arch/sparc/kernel/pcr.c
2824 index 269af58497aa..7e967c8018c8 100644
2825 --- a/arch/sparc/kernel/pcr.c
2826 +++ b/arch/sparc/kernel/pcr.c
2827 @@ -191,12 +191,41 @@ static const struct pcr_ops n4_pcr_ops = {
2828 .pcr_nmi_disable = PCR_N4_PICNPT,
2829 };
2830
2831 +static u64 n5_pcr_read(unsigned long reg_num)
2832 +{
2833 + unsigned long val;
2834 +
2835 + (void) sun4v_t5_get_perfreg(reg_num, &val);
2836 +
2837 + return val;
2838 +}
2839 +
2840 +static void n5_pcr_write(unsigned long reg_num, u64 val)
2841 +{
2842 + (void) sun4v_t5_set_perfreg(reg_num, val);
2843 +}
2844 +
2845 +static const struct pcr_ops n5_pcr_ops = {
2846 + .read_pcr = n5_pcr_read,
2847 + .write_pcr = n5_pcr_write,
2848 + .read_pic = n4_pic_read,
2849 + .write_pic = n4_pic_write,
2850 + .nmi_picl_value = n4_picl_value,
2851 + .pcr_nmi_enable = (PCR_N4_PICNPT | PCR_N4_STRACE |
2852 + PCR_N4_UTRACE | PCR_N4_TOE |
2853 + (26 << PCR_N4_SL_SHIFT)),
2854 + .pcr_nmi_disable = PCR_N4_PICNPT,
2855 +};
2856 +
2857 +
2858 static unsigned long perf_hsvc_group;
2859 static unsigned long perf_hsvc_major;
2860 static unsigned long perf_hsvc_minor;
2861
2862 static int __init register_perf_hsvc(void)
2863 {
2864 + unsigned long hverror;
2865 +
2866 if (tlb_type == hypervisor) {
2867 switch (sun4v_chip_type) {
2868 case SUN4V_CHIP_NIAGARA1:
2869 @@ -215,6 +244,10 @@ static int __init register_perf_hsvc(void)
2870 perf_hsvc_group = HV_GRP_VT_CPU;
2871 break;
2872
2873 + case SUN4V_CHIP_NIAGARA5:
2874 + perf_hsvc_group = HV_GRP_T5_CPU;
2875 + break;
2876 +
2877 default:
2878 return -ENODEV;
2879 }
2880 @@ -222,10 +255,12 @@ static int __init register_perf_hsvc(void)
2881
2882 perf_hsvc_major = 1;
2883 perf_hsvc_minor = 0;
2884 - if (sun4v_hvapi_register(perf_hsvc_group,
2885 - perf_hsvc_major,
2886 - &perf_hsvc_minor)) {
2887 - printk("perfmon: Could not register hvapi.\n");
2888 + hverror = sun4v_hvapi_register(perf_hsvc_group,
2889 + perf_hsvc_major,
2890 + &perf_hsvc_minor);
2891 + if (hverror) {
2892 + pr_err("perfmon: Could not register hvapi(0x%lx).\n",
2893 + hverror);
2894 return -ENODEV;
2895 }
2896 }
2897 @@ -254,6 +289,10 @@ static int __init setup_sun4v_pcr_ops(void)
2898 pcr_ops = &n4_pcr_ops;
2899 break;
2900
2901 + case SUN4V_CHIP_NIAGARA5:
2902 + pcr_ops = &n5_pcr_ops;
2903 + break;
2904 +
2905 default:
2906 ret = -ENODEV;
2907 break;
2908 diff --git a/arch/sparc/kernel/perf_event.c b/arch/sparc/kernel/perf_event.c
2909 index d35c490a91cb..c9759ad3f34a 100644
2910 --- a/arch/sparc/kernel/perf_event.c
2911 +++ b/arch/sparc/kernel/perf_event.c
2912 @@ -1662,7 +1662,8 @@ static bool __init supported_pmu(void)
2913 sparc_pmu = &niagara2_pmu;
2914 return true;
2915 }
2916 - if (!strcmp(sparc_pmu_type, "niagara4")) {
2917 + if (!strcmp(sparc_pmu_type, "niagara4") ||
2918 + !strcmp(sparc_pmu_type, "niagara5")) {
2919 sparc_pmu = &niagara4_pmu;
2920 return true;
2921 }
2922 diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
2923 index 3fdb455e3318..61a519808cb7 100644
2924 --- a/arch/sparc/kernel/setup_64.c
2925 +++ b/arch/sparc/kernel/setup_64.c
2926 @@ -30,6 +30,7 @@
2927 #include <linux/cpu.h>
2928 #include <linux/initrd.h>
2929 #include <linux/module.h>
2930 +#include <linux/start_kernel.h>
2931
2932 #include <asm/io.h>
2933 #include <asm/processor.h>
2934 @@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
2935
2936 static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
2937
2938 -void __init per_cpu_patch(void)
2939 +static void __init per_cpu_patch(void)
2940 {
2941 struct cpuid_patch_entry *p;
2942 unsigned long ver;
2943 @@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
2944 }
2945 }
2946
2947 -void __init sun4v_patch(void)
2948 +static void __init sun4v_patch(void)
2949 {
2950 extern void sun4v_hvapi_init(void);
2951
2952 @@ -335,14 +336,25 @@ static void __init pause_patch(void)
2953 }
2954 }
2955
2956 -#ifdef CONFIG_SMP
2957 -void __init boot_cpu_id_too_large(int cpu)
2958 +void __init start_early_boot(void)
2959 {
2960 - prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2961 - cpu, NR_CPUS);
2962 - prom_halt();
2963 + int cpu;
2964 +
2965 + check_if_starfire();
2966 + per_cpu_patch();
2967 + sun4v_patch();
2968 +
2969 + cpu = hard_smp_processor_id();
2970 + if (cpu >= NR_CPUS) {
2971 + prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2972 + cpu, NR_CPUS);
2973 + prom_halt();
2974 + }
2975 + current_thread_info()->cpu = cpu;
2976 +
2977 + prom_init_report();
2978 + start_kernel();
2979 }
2980 -#endif
2981
2982 /* On Ultra, we support all of the v8 capabilities. */
2983 unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
2984 @@ -500,12 +512,16 @@ static void __init init_sparc64_elf_hwcap(void)
2985 sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2986 sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2987 sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2988 + sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2989 + sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2990 sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2991 cap |= HWCAP_SPARC_BLKINIT;
2992 if (sun4v_chip_type == SUN4V_CHIP_NIAGARA2 ||
2993 sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2994 sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2995 sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2996 + sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2997 + sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2998 sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2999 cap |= HWCAP_SPARC_N2;
3000 }
3001 @@ -533,6 +549,8 @@ static void __init init_sparc64_elf_hwcap(void)
3002 sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3003 sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3004 sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3005 + sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3006 + sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3007 sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3008 cap |= (AV_SPARC_VIS | AV_SPARC_VIS2 |
3009 AV_SPARC_ASI_BLK_INIT |
3010 @@ -540,6 +558,8 @@ static void __init init_sparc64_elf_hwcap(void)
3011 if (sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3012 sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3013 sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3014 + sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3015 + sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3016 sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3017 cap |= (AV_SPARC_VIS3 | AV_SPARC_HPC |
3018 AV_SPARC_FMAF);
3019 diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
3020 index f7ba87543e5f..c9300bfaee5a 100644
3021 --- a/arch/sparc/kernel/smp_64.c
3022 +++ b/arch/sparc/kernel/smp_64.c
3023 @@ -1467,6 +1467,13 @@ static void __init pcpu_populate_pte(unsigned long addr)
3024 pud_t *pud;
3025 pmd_t *pmd;
3026
3027 + if (pgd_none(*pgd)) {
3028 + pud_t *new;
3029 +
3030 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3031 + pgd_populate(&init_mm, pgd, new);
3032 + }
3033 +
3034 pud = pud_offset(pgd, addr);
3035 if (pud_none(*pud)) {
3036 pmd_t *new;
3037 diff --git a/arch/sparc/kernel/sun4v_tlb_miss.S b/arch/sparc/kernel/sun4v_tlb_miss.S
3038 index e0c09bf85610..6179e19bc9b9 100644
3039 --- a/arch/sparc/kernel/sun4v_tlb_miss.S
3040 +++ b/arch/sparc/kernel/sun4v_tlb_miss.S
3041 @@ -195,6 +195,11 @@ sun4v_tsb_miss_common:
3042 ldx [%g2 + TRAP_PER_CPU_PGD_PADDR], %g7
3043
3044 sun4v_itlb_error:
3045 + rdpr %tl, %g1
3046 + cmp %g1, 1
3047 + ble,pt %icc, sun4v_bad_ra
3048 + or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_ITLB, %g1
3049 +
3050 sethi %hi(sun4v_err_itlb_vaddr), %g1
3051 stx %g4, [%g1 + %lo(sun4v_err_itlb_vaddr)]
3052 sethi %hi(sun4v_err_itlb_ctx), %g1
3053 @@ -206,15 +211,10 @@ sun4v_itlb_error:
3054 sethi %hi(sun4v_err_itlb_error), %g1
3055 stx %o0, [%g1 + %lo(sun4v_err_itlb_error)]
3056
3057 + sethi %hi(1f), %g7
3058 rdpr %tl, %g4
3059 - cmp %g4, 1
3060 - ble,pt %icc, 1f
3061 - sethi %hi(2f), %g7
3062 ba,pt %xcc, etraptl1
3063 - or %g7, %lo(2f), %g7
3064 -
3065 -1: ba,pt %xcc, etrap
3066 -2: or %g7, %lo(2b), %g7
3067 +1: or %g7, %lo(1f), %g7
3068 mov %l4, %o1
3069 call sun4v_itlb_error_report
3070 add %sp, PTREGS_OFF, %o0
3071 @@ -222,6 +222,11 @@ sun4v_itlb_error:
3072 /* NOTREACHED */
3073
3074 sun4v_dtlb_error:
3075 + rdpr %tl, %g1
3076 + cmp %g1, 1
3077 + ble,pt %icc, sun4v_bad_ra
3078 + or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_DTLB, %g1
3079 +
3080 sethi %hi(sun4v_err_dtlb_vaddr), %g1
3081 stx %g4, [%g1 + %lo(sun4v_err_dtlb_vaddr)]
3082 sethi %hi(sun4v_err_dtlb_ctx), %g1
3083 @@ -233,21 +238,23 @@ sun4v_dtlb_error:
3084 sethi %hi(sun4v_err_dtlb_error), %g1
3085 stx %o0, [%g1 + %lo(sun4v_err_dtlb_error)]
3086
3087 + sethi %hi(1f), %g7
3088 rdpr %tl, %g4
3089 - cmp %g4, 1
3090 - ble,pt %icc, 1f
3091 - sethi %hi(2f), %g7
3092 ba,pt %xcc, etraptl1
3093 - or %g7, %lo(2f), %g7
3094 -
3095 -1: ba,pt %xcc, etrap
3096 -2: or %g7, %lo(2b), %g7
3097 +1: or %g7, %lo(1f), %g7
3098 mov %l4, %o1
3099 call sun4v_dtlb_error_report
3100 add %sp, PTREGS_OFF, %o0
3101
3102 /* NOTREACHED */
3103
3104 +sun4v_bad_ra:
3105 + or %g0, %g4, %g5
3106 + ba,pt %xcc, sparc64_realfault_common
3107 + or %g1, %g0, %g4
3108 +
3109 + /* NOTREACHED */
3110 +
3111 /* Instruction Access Exception, tl0. */
3112 sun4v_iacc:
3113 ldxa [%g0] ASI_SCRATCHPAD, %g2
3114 diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
3115 index 737f8cbc7d56..88ede1d53b4c 100644
3116 --- a/arch/sparc/kernel/trampoline_64.S
3117 +++ b/arch/sparc/kernel/trampoline_64.S
3118 @@ -109,10 +109,13 @@ startup_continue:
3119 brnz,pn %g1, 1b
3120 nop
3121
3122 - sethi %hi(p1275buf), %g2
3123 - or %g2, %lo(p1275buf), %g2
3124 - ldx [%g2 + 0x10], %l2
3125 - add %l2, -(192 + 128), %sp
3126 + /* Get onto temporary stack which will be in the locked
3127 + * kernel image.
3128 + */
3129 + sethi %hi(tramp_stack), %g1
3130 + or %g1, %lo(tramp_stack), %g1
3131 + add %g1, TRAMP_STACK_SIZE, %g1
3132 + sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
3133 flushw
3134
3135 /* Setup the loop variables:
3136 @@ -394,7 +397,6 @@ after_lock_tlb:
3137 sllx %g5, THREAD_SHIFT, %g5
3138 sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
3139 add %g6, %g5, %sp
3140 - mov 0, %fp
3141
3142 rdpr %pstate, %o1
3143 or %o1, PSTATE_IE, %o1
3144 diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
3145 index fb6640ec8557..981a769b9558 100644
3146 --- a/arch/sparc/kernel/traps_64.c
3147 +++ b/arch/sparc/kernel/traps_64.c
3148 @@ -2104,6 +2104,11 @@ void sun4v_nonresum_overflow(struct pt_regs *regs)
3149 atomic_inc(&sun4v_nonresum_oflow_cnt);
3150 }
3151
3152 +static void sun4v_tlb_error(struct pt_regs *regs)
3153 +{
3154 + die_if_kernel("TLB/TSB error", regs);
3155 +}
3156 +
3157 unsigned long sun4v_err_itlb_vaddr;
3158 unsigned long sun4v_err_itlb_ctx;
3159 unsigned long sun4v_err_itlb_pte;
3160 @@ -2111,8 +2116,7 @@ unsigned long sun4v_err_itlb_error;
3161
3162 void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
3163 {
3164 - if (tl > 1)
3165 - dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3166 + dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3167
3168 printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
3169 regs->tpc, tl);
3170 @@ -2125,7 +2129,7 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
3171 sun4v_err_itlb_vaddr, sun4v_err_itlb_ctx,
3172 sun4v_err_itlb_pte, sun4v_err_itlb_error);
3173
3174 - prom_halt();
3175 + sun4v_tlb_error(regs);
3176 }
3177
3178 unsigned long sun4v_err_dtlb_vaddr;
3179 @@ -2135,8 +2139,7 @@ unsigned long sun4v_err_dtlb_error;
3180
3181 void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
3182 {
3183 - if (tl > 1)
3184 - dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3185 + dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3186
3187 printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
3188 regs->tpc, tl);
3189 @@ -2149,7 +2152,7 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
3190 sun4v_err_dtlb_vaddr, sun4v_err_dtlb_ctx,
3191 sun4v_err_dtlb_pte, sun4v_err_dtlb_error);
3192
3193 - prom_halt();
3194 + sun4v_tlb_error(regs);
3195 }
3196
3197 void hypervisor_tlbop_error(unsigned long err, unsigned long op)
3198 diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S
3199 index 14158d40ba76..be98685c14c6 100644
3200 --- a/arch/sparc/kernel/tsb.S
3201 +++ b/arch/sparc/kernel/tsb.S
3202 @@ -162,10 +162,10 @@ tsb_miss_page_table_walk_sun4v_fastpath:
3203 nop
3204 .previous
3205
3206 - rdpr %tl, %g3
3207 - cmp %g3, 1
3208 + rdpr %tl, %g7
3209 + cmp %g7, 1
3210 bne,pn %xcc, winfix_trampoline
3211 - nop
3212 + mov %g3, %g4
3213 ba,pt %xcc, etrap
3214 rd %pc, %g7
3215 call hugetlb_setup
3216 diff --git a/arch/sparc/kernel/viohs.c b/arch/sparc/kernel/viohs.c
3217 index f8e7dd53e1c7..9c5fbd0b8a04 100644
3218 --- a/arch/sparc/kernel/viohs.c
3219 +++ b/arch/sparc/kernel/viohs.c
3220 @@ -714,7 +714,7 @@ int vio_ldc_alloc(struct vio_driver_state *vio,
3221 cfg.tx_irq = vio->vdev->tx_irq;
3222 cfg.rx_irq = vio->vdev->rx_irq;
3223
3224 - lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg);
3225 + lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg, vio->name);
3226 if (IS_ERR(lp))
3227 return PTR_ERR(lp);
3228
3229 @@ -746,7 +746,7 @@ void vio_port_up(struct vio_driver_state *vio)
3230
3231 err = 0;
3232 if (state == LDC_STATE_INIT) {
3233 - err = ldc_bind(vio->lp, vio->name);
3234 + err = ldc_bind(vio->lp);
3235 if (err)
3236 printk(KERN_WARNING "%s: Port %lu bind failed, "
3237 "err=%d\n",
3238 diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
3239 index 932ff90fd760..09243057cb0b 100644
3240 --- a/arch/sparc/kernel/vmlinux.lds.S
3241 +++ b/arch/sparc/kernel/vmlinux.lds.S
3242 @@ -35,8 +35,9 @@ jiffies = jiffies_64;
3243
3244 SECTIONS
3245 {
3246 - /* swapper_low_pmd_dir is sparc64 only */
3247 - swapper_low_pmd_dir = 0x0000000000402000;
3248 +#ifdef CONFIG_SPARC64
3249 + swapper_pg_dir = 0x0000000000402000;
3250 +#endif
3251 . = INITIAL_ADDRESS;
3252 .text TEXTSTART :
3253 {
3254 @@ -122,11 +123,6 @@ SECTIONS
3255 *(.swapper_4m_tsb_phys_patch)
3256 __swapper_4m_tsb_phys_patch_end = .;
3257 }
3258 - .page_offset_shift_patch : {
3259 - __page_offset_shift_patch = .;
3260 - *(.page_offset_shift_patch)
3261 - __page_offset_shift_patch_end = .;
3262 - }
3263 .popc_3insn_patch : {
3264 __popc_3insn_patch = .;
3265 *(.popc_3insn_patch)
3266 diff --git a/arch/sparc/lib/NG4memcpy.S b/arch/sparc/lib/NG4memcpy.S
3267 index 9cf2ee01cee3..140527a20e7d 100644
3268 --- a/arch/sparc/lib/NG4memcpy.S
3269 +++ b/arch/sparc/lib/NG4memcpy.S
3270 @@ -41,6 +41,10 @@
3271 #endif
3272 #endif
3273
3274 +#if !defined(EX_LD) && !defined(EX_ST)
3275 +#define NON_USER_COPY
3276 +#endif
3277 +
3278 #ifndef EX_LD
3279 #define EX_LD(x) x
3280 #endif
3281 @@ -197,9 +201,13 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
3282 mov EX_RETVAL(%o3), %o0
3283
3284 .Llarge_src_unaligned:
3285 +#ifdef NON_USER_COPY
3286 + VISEntryHalfFast(.Lmedium_vis_entry_fail)
3287 +#else
3288 + VISEntryHalf
3289 +#endif
3290 andn %o2, 0x3f, %o4
3291 sub %o2, %o4, %o2
3292 - VISEntryHalf
3293 alignaddr %o1, %g0, %g1
3294 add %o1, %o4, %o1
3295 EX_LD(LOAD(ldd, %g1 + 0x00, %f0))
3296 @@ -240,6 +248,10 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
3297 nop
3298 ba,a,pt %icc, .Lmedium_unaligned
3299
3300 +#ifdef NON_USER_COPY
3301 +.Lmedium_vis_entry_fail:
3302 + or %o0, %o1, %g2
3303 +#endif
3304 .Lmedium:
3305 LOAD(prefetch, %o1 + 0x40, #n_reads_strong)
3306 andcc %g2, 0x7, %g0
3307 diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
3308 index 99c017be8719..f75e6906df14 100644
3309 --- a/arch/sparc/lib/memset.S
3310 +++ b/arch/sparc/lib/memset.S
3311 @@ -3,8 +3,9 @@
3312 * Copyright (C) 1996,1997 Jakub Jelinek (jj@sunsite.mff.cuni.cz)
3313 * Copyright (C) 1996 David S. Miller (davem@caip.rutgers.edu)
3314 *
3315 - * Returns 0, if ok, and number of bytes not yet set if exception
3316 - * occurs and we were called as clear_user.
3317 + * Calls to memset returns initial %o0. Calls to bzero returns 0, if ok, and
3318 + * number of bytes not yet set if exception occurs and we were called as
3319 + * clear_user.
3320 */
3321
3322 #include <asm/ptrace.h>
3323 @@ -65,6 +66,8 @@ __bzero_begin:
3324 .globl __memset_start, __memset_end
3325 __memset_start:
3326 memset:
3327 + mov %o0, %g1
3328 + mov 1, %g4
3329 and %o1, 0xff, %g3
3330 sll %g3, 8, %g2
3331 or %g3, %g2, %g3
3332 @@ -89,6 +92,7 @@ memset:
3333 sub %o0, %o2, %o0
3334
3335 __bzero:
3336 + clr %g4
3337 mov %g0, %g3
3338 1:
3339 cmp %o1, 7
3340 @@ -151,8 +155,8 @@ __bzero:
3341 bne,a 8f
3342 EX(stb %g3, [%o0], and %o1, 1)
3343 8:
3344 - retl
3345 - clr %o0
3346 + b 0f
3347 + nop
3348 7:
3349 be 13b
3350 orcc %o1, 0, %g0
3351 @@ -164,6 +168,12 @@ __bzero:
3352 bne 8b
3353 EX(stb %g3, [%o0 - 1], add %o1, 1)
3354 0:
3355 + andcc %g4, 1, %g0
3356 + be 5f
3357 + nop
3358 + retl
3359 + mov %g1, %o0
3360 +5:
3361 retl
3362 clr %o0
3363 __memset_end:
3364 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
3365 index 587cd0565128..18fcd7167095 100644
3366 --- a/arch/sparc/mm/fault_64.c
3367 +++ b/arch/sparc/mm/fault_64.c
3368 @@ -346,6 +346,9 @@ retry:
3369 down_read(&mm->mmap_sem);
3370 }
3371
3372 + if (fault_code & FAULT_CODE_BAD_RA)
3373 + goto do_sigbus;
3374 +
3375 vma = find_vma(mm, address);
3376 if (!vma)
3377 goto bad_area;
3378 diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
3379 index 1aed0432c64b..ae6ce383d4df 100644
3380 --- a/arch/sparc/mm/gup.c
3381 +++ b/arch/sparc/mm/gup.c
3382 @@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
3383 return 1;
3384 }
3385
3386 +int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
3387 + struct page **pages)
3388 +{
3389 + struct mm_struct *mm = current->mm;
3390 + unsigned long addr, len, end;
3391 + unsigned long next, flags;
3392 + pgd_t *pgdp;
3393 + int nr = 0;
3394 +
3395 + start &= PAGE_MASK;
3396 + addr = start;
3397 + len = (unsigned long) nr_pages << PAGE_SHIFT;
3398 + end = start + len;
3399 +
3400 + local_irq_save(flags);
3401 + pgdp = pgd_offset(mm, addr);
3402 + do {
3403 + pgd_t pgd = *pgdp;
3404 +
3405 + next = pgd_addr_end(addr, end);
3406 + if (pgd_none(pgd))
3407 + break;
3408 + if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
3409 + break;
3410 + } while (pgdp++, addr = next, addr != end);
3411 + local_irq_restore(flags);
3412 +
3413 + return nr;
3414 +}
3415 +
3416 int get_user_pages_fast(unsigned long start, int nr_pages, int write,
3417 struct page **pages)
3418 {
3419 diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
3420 index 98ac8e80adae..04bc826135b4 100644
3421 --- a/arch/sparc/mm/init_64.c
3422 +++ b/arch/sparc/mm/init_64.c
3423 @@ -75,7 +75,6 @@ unsigned long kern_linear_pte_xor[4] __read_mostly;
3424 * 'cpu' properties, but we need to have this table setup before the
3425 * MDESC is initialized.
3426 */
3427 -unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3428
3429 #ifndef CONFIG_DEBUG_PAGEALLOC
3430 /* A special kernel TSB for 4MB, 256MB, 2GB and 16GB linear mappings.
3431 @@ -84,10 +83,11 @@ unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3432 */
3433 extern struct tsb swapper_4m_tsb[KERNEL_TSB4M_NENTRIES];
3434 #endif
3435 +extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3436
3437 static unsigned long cpu_pgsz_mask;
3438
3439 -#define MAX_BANKS 32
3440 +#define MAX_BANKS 1024
3441
3442 static struct linux_prom64_registers pavail[MAX_BANKS];
3443 static int pavail_ents;
3444 @@ -165,10 +165,6 @@ static void __init read_obp_memory(const char *property,
3445 cmp_p64, NULL);
3446 }
3447
3448 -unsigned long sparc64_valid_addr_bitmap[VALID_ADDR_BITMAP_BYTES /
3449 - sizeof(unsigned long)];
3450 -EXPORT_SYMBOL(sparc64_valid_addr_bitmap);
3451 -
3452 /* Kernel physical address base and size in bytes. */
3453 unsigned long kern_base __read_mostly;
3454 unsigned long kern_size __read_mostly;
3455 @@ -840,7 +836,10 @@ static int find_node(unsigned long addr)
3456 if ((addr & p->mask) == p->val)
3457 return i;
3458 }
3459 - return -1;
3460 + /* The following condition has been observed on LDOM guests.*/
3461 + WARN_ONCE(1, "find_node: A physical address doesn't match a NUMA node"
3462 + " rule. Some physical memory will be owned by node 0.");
3463 + return 0;
3464 }
3465
3466 static u64 memblock_nid_range(u64 start, u64 end, int *nid)
3467 @@ -1366,9 +1365,144 @@ static unsigned long __init bootmem_init(unsigned long phys_base)
3468 static struct linux_prom64_registers pall[MAX_BANKS] __initdata;
3469 static int pall_ents __initdata;
3470
3471 -#ifdef CONFIG_DEBUG_PAGEALLOC
3472 +static unsigned long max_phys_bits = 40;
3473 +
3474 +bool kern_addr_valid(unsigned long addr)
3475 +{
3476 + pgd_t *pgd;
3477 + pud_t *pud;
3478 + pmd_t *pmd;
3479 + pte_t *pte;
3480 +
3481 + if ((long)addr < 0L) {
3482 + unsigned long pa = __pa(addr);
3483 +
3484 + if ((addr >> max_phys_bits) != 0UL)
3485 + return false;
3486 +
3487 + return pfn_valid(pa >> PAGE_SHIFT);
3488 + }
3489 +
3490 + if (addr >= (unsigned long) KERNBASE &&
3491 + addr < (unsigned long)&_end)
3492 + return true;
3493 +
3494 + pgd = pgd_offset_k(addr);
3495 + if (pgd_none(*pgd))
3496 + return 0;
3497 +
3498 + pud = pud_offset(pgd, addr);
3499 + if (pud_none(*pud))
3500 + return 0;
3501 +
3502 + if (pud_large(*pud))
3503 + return pfn_valid(pud_pfn(*pud));
3504 +
3505 + pmd = pmd_offset(pud, addr);
3506 + if (pmd_none(*pmd))
3507 + return 0;
3508 +
3509 + if (pmd_large(*pmd))
3510 + return pfn_valid(pmd_pfn(*pmd));
3511 +
3512 + pte = pte_offset_kernel(pmd, addr);
3513 + if (pte_none(*pte))
3514 + return 0;
3515 +
3516 + return pfn_valid(pte_pfn(*pte));
3517 +}
3518 +EXPORT_SYMBOL(kern_addr_valid);
3519 +
3520 +static unsigned long __ref kernel_map_hugepud(unsigned long vstart,
3521 + unsigned long vend,
3522 + pud_t *pud)
3523 +{
3524 + const unsigned long mask16gb = (1UL << 34) - 1UL;
3525 + u64 pte_val = vstart;
3526 +
3527 + /* Each PUD is 8GB */
3528 + if ((vstart & mask16gb) ||
3529 + (vend - vstart <= mask16gb)) {
3530 + pte_val ^= kern_linear_pte_xor[2];
3531 + pud_val(*pud) = pte_val | _PAGE_PUD_HUGE;
3532 +
3533 + return vstart + PUD_SIZE;
3534 + }
3535 +
3536 + pte_val ^= kern_linear_pte_xor[3];
3537 + pte_val |= _PAGE_PUD_HUGE;
3538 +
3539 + vend = vstart + mask16gb + 1UL;
3540 + while (vstart < vend) {
3541 + pud_val(*pud) = pte_val;
3542 +
3543 + pte_val += PUD_SIZE;
3544 + vstart += PUD_SIZE;
3545 + pud++;
3546 + }
3547 + return vstart;
3548 +}
3549 +
3550 +static bool kernel_can_map_hugepud(unsigned long vstart, unsigned long vend,
3551 + bool guard)
3552 +{
3553 + if (guard && !(vstart & ~PUD_MASK) && (vend - vstart) >= PUD_SIZE)
3554 + return true;
3555 +
3556 + return false;
3557 +}
3558 +
3559 +static unsigned long __ref kernel_map_hugepmd(unsigned long vstart,
3560 + unsigned long vend,
3561 + pmd_t *pmd)
3562 +{
3563 + const unsigned long mask256mb = (1UL << 28) - 1UL;
3564 + const unsigned long mask2gb = (1UL << 31) - 1UL;
3565 + u64 pte_val = vstart;
3566 +
3567 + /* Each PMD is 8MB */
3568 + if ((vstart & mask256mb) ||
3569 + (vend - vstart <= mask256mb)) {
3570 + pte_val ^= kern_linear_pte_xor[0];
3571 + pmd_val(*pmd) = pte_val | _PAGE_PMD_HUGE;
3572 +
3573 + return vstart + PMD_SIZE;
3574 + }
3575 +
3576 + if ((vstart & mask2gb) ||
3577 + (vend - vstart <= mask2gb)) {
3578 + pte_val ^= kern_linear_pte_xor[1];
3579 + pte_val |= _PAGE_PMD_HUGE;
3580 + vend = vstart + mask256mb + 1UL;
3581 + } else {
3582 + pte_val ^= kern_linear_pte_xor[2];
3583 + pte_val |= _PAGE_PMD_HUGE;
3584 + vend = vstart + mask2gb + 1UL;
3585 + }
3586 +
3587 + while (vstart < vend) {
3588 + pmd_val(*pmd) = pte_val;
3589 +
3590 + pte_val += PMD_SIZE;
3591 + vstart += PMD_SIZE;
3592 + pmd++;
3593 + }
3594 +
3595 + return vstart;
3596 +}
3597 +
3598 +static bool kernel_can_map_hugepmd(unsigned long vstart, unsigned long vend,
3599 + bool guard)
3600 +{
3601 + if (guard && !(vstart & ~PMD_MASK) && (vend - vstart) >= PMD_SIZE)
3602 + return true;
3603 +
3604 + return false;
3605 +}
3606 +
3607 static unsigned long __ref kernel_map_range(unsigned long pstart,
3608 - unsigned long pend, pgprot_t prot)
3609 + unsigned long pend, pgprot_t prot,
3610 + bool use_huge)
3611 {
3612 unsigned long vstart = PAGE_OFFSET + pstart;
3613 unsigned long vend = PAGE_OFFSET + pend;
3614 @@ -1387,19 +1521,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3615 pmd_t *pmd;
3616 pte_t *pte;
3617
3618 + if (pgd_none(*pgd)) {
3619 + pud_t *new;
3620 +
3621 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3622 + alloc_bytes += PAGE_SIZE;
3623 + pgd_populate(&init_mm, pgd, new);
3624 + }
3625 pud = pud_offset(pgd, vstart);
3626 if (pud_none(*pud)) {
3627 pmd_t *new;
3628
3629 + if (kernel_can_map_hugepud(vstart, vend, use_huge)) {
3630 + vstart = kernel_map_hugepud(vstart, vend, pud);
3631 + continue;
3632 + }
3633 new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3634 alloc_bytes += PAGE_SIZE;
3635 pud_populate(&init_mm, pud, new);
3636 }
3637
3638 pmd = pmd_offset(pud, vstart);
3639 - if (!pmd_present(*pmd)) {
3640 + if (pmd_none(*pmd)) {
3641 pte_t *new;
3642
3643 + if (kernel_can_map_hugepmd(vstart, vend, use_huge)) {
3644 + vstart = kernel_map_hugepmd(vstart, vend, pmd);
3645 + continue;
3646 + }
3647 new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3648 alloc_bytes += PAGE_SIZE;
3649 pmd_populate_kernel(&init_mm, pmd, new);
3650 @@ -1422,100 +1571,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3651 return alloc_bytes;
3652 }
3653
3654 -extern unsigned int kvmap_linear_patch[1];
3655 -#endif /* CONFIG_DEBUG_PAGEALLOC */
3656 -
3657 -static void __init kpte_set_val(unsigned long index, unsigned long val)
3658 +static void __init flush_all_kernel_tsbs(void)
3659 {
3660 - unsigned long *ptr = kpte_linear_bitmap;
3661 -
3662 - val <<= ((index % (BITS_PER_LONG / 2)) * 2);
3663 - ptr += (index / (BITS_PER_LONG / 2));
3664 -
3665 - *ptr |= val;
3666 -}
3667 -
3668 -static const unsigned long kpte_shift_min = 28; /* 256MB */
3669 -static const unsigned long kpte_shift_max = 34; /* 16GB */
3670 -static const unsigned long kpte_shift_incr = 3;
3671 -
3672 -static unsigned long kpte_mark_using_shift(unsigned long start, unsigned long end,
3673 - unsigned long shift)
3674 -{
3675 - unsigned long size = (1UL << shift);
3676 - unsigned long mask = (size - 1UL);
3677 - unsigned long remains = end - start;
3678 - unsigned long val;
3679 -
3680 - if (remains < size || (start & mask))
3681 - return start;
3682 -
3683 - /* VAL maps:
3684 - *
3685 - * shift 28 --> kern_linear_pte_xor index 1
3686 - * shift 31 --> kern_linear_pte_xor index 2
3687 - * shift 34 --> kern_linear_pte_xor index 3
3688 - */
3689 - val = ((shift - kpte_shift_min) / kpte_shift_incr) + 1;
3690 -
3691 - remains &= ~mask;
3692 - if (shift != kpte_shift_max)
3693 - remains = size;
3694 -
3695 - while (remains) {
3696 - unsigned long index = start >> kpte_shift_min;
3697 + int i;
3698
3699 - kpte_set_val(index, val);
3700 + for (i = 0; i < KERNEL_TSB_NENTRIES; i++) {
3701 + struct tsb *ent = &swapper_tsb[i];
3702
3703 - start += 1UL << kpte_shift_min;
3704 - remains -= 1UL << kpte_shift_min;
3705 + ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3706 }
3707 +#ifndef CONFIG_DEBUG_PAGEALLOC
3708 + for (i = 0; i < KERNEL_TSB4M_NENTRIES; i++) {
3709 + struct tsb *ent = &swapper_4m_tsb[i];
3710
3711 - return start;
3712 -}
3713 -
3714 -static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
3715 -{
3716 - unsigned long smallest_size, smallest_mask;
3717 - unsigned long s;
3718 -
3719 - smallest_size = (1UL << kpte_shift_min);
3720 - smallest_mask = (smallest_size - 1UL);
3721 -
3722 - while (start < end) {
3723 - unsigned long orig_start = start;
3724 -
3725 - for (s = kpte_shift_max; s >= kpte_shift_min; s -= kpte_shift_incr) {
3726 - start = kpte_mark_using_shift(start, end, s);
3727 -
3728 - if (start != orig_start)
3729 - break;
3730 - }
3731 -
3732 - if (start == orig_start)
3733 - start = (start + smallest_size) & ~smallest_mask;
3734 + ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3735 }
3736 +#endif
3737 }
3738
3739 -static void __init init_kpte_bitmap(void)
3740 -{
3741 - unsigned long i;
3742 -
3743 - for (i = 0; i < pall_ents; i++) {
3744 - unsigned long phys_start, phys_end;
3745 -
3746 - phys_start = pall[i].phys_addr;
3747 - phys_end = phys_start + pall[i].reg_size;
3748 -
3749 - mark_kpte_bitmap(phys_start, phys_end);
3750 - }
3751 -}
3752 +extern unsigned int kvmap_linear_patch[1];
3753
3754 static void __init kernel_physical_mapping_init(void)
3755 {
3756 -#ifdef CONFIG_DEBUG_PAGEALLOC
3757 unsigned long i, mem_alloced = 0UL;
3758 + bool use_huge = true;
3759
3760 +#ifdef CONFIG_DEBUG_PAGEALLOC
3761 + use_huge = false;
3762 +#endif
3763 for (i = 0; i < pall_ents; i++) {
3764 unsigned long phys_start, phys_end;
3765
3766 @@ -1523,7 +1606,7 @@ static void __init kernel_physical_mapping_init(void)
3767 phys_end = phys_start + pall[i].reg_size;
3768
3769 mem_alloced += kernel_map_range(phys_start, phys_end,
3770 - PAGE_KERNEL);
3771 + PAGE_KERNEL, use_huge);
3772 }
3773
3774 printk("Allocated %ld bytes for kernel page tables.\n",
3775 @@ -1532,8 +1615,9 @@ static void __init kernel_physical_mapping_init(void)
3776 kvmap_linear_patch[0] = 0x01000000; /* nop */
3777 flushi(&kvmap_linear_patch[0]);
3778
3779 + flush_all_kernel_tsbs();
3780 +
3781 __flush_tlb_all();
3782 -#endif
3783 }
3784
3785 #ifdef CONFIG_DEBUG_PAGEALLOC
3786 @@ -1543,7 +1627,7 @@ void kernel_map_pages(struct page *page, int numpages, int enable)
3787 unsigned long phys_end = phys_start + (numpages * PAGE_SIZE);
3788
3789 kernel_map_range(phys_start, phys_end,
3790 - (enable ? PAGE_KERNEL : __pgprot(0)));
3791 + (enable ? PAGE_KERNEL : __pgprot(0)), false);
3792
3793 flush_tsb_kernel_range(PAGE_OFFSET + phys_start,
3794 PAGE_OFFSET + phys_end);
3795 @@ -1571,76 +1655,56 @@ unsigned long __init find_ecache_flush_span(unsigned long size)
3796 unsigned long PAGE_OFFSET;
3797 EXPORT_SYMBOL(PAGE_OFFSET);
3798
3799 -static void __init page_offset_shift_patch_one(unsigned int *insn, unsigned long phys_bits)
3800 -{
3801 - unsigned long final_shift;
3802 - unsigned int val = *insn;
3803 - unsigned int cnt;
3804 -
3805 - /* We are patching in ilog2(max_supported_phys_address), and
3806 - * we are doing so in a manner similar to a relocation addend.
3807 - * That is, we are adding the shift value to whatever value
3808 - * is in the shift instruction count field already.
3809 - */
3810 - cnt = (val & 0x3f);
3811 - val &= ~0x3f;
3812 -
3813 - /* If we are trying to shift >= 64 bits, clear the destination
3814 - * register. This can happen when phys_bits ends up being equal
3815 - * to MAX_PHYS_ADDRESS_BITS.
3816 - */
3817 - final_shift = (cnt + (64 - phys_bits));
3818 - if (final_shift >= 64) {
3819 - unsigned int rd = (val >> 25) & 0x1f;
3820 -
3821 - val = 0x80100000 | (rd << 25);
3822 - } else {
3823 - val |= final_shift;
3824 - }
3825 - *insn = val;
3826 -
3827 - __asm__ __volatile__("flush %0"
3828 - : /* no outputs */
3829 - : "r" (insn));
3830 -}
3831 -
3832 -static void __init page_offset_shift_patch(unsigned long phys_bits)
3833 -{
3834 - extern unsigned int __page_offset_shift_patch;
3835 - extern unsigned int __page_offset_shift_patch_end;
3836 - unsigned int *p;
3837 -
3838 - p = &__page_offset_shift_patch;
3839 - while (p < &__page_offset_shift_patch_end) {
3840 - unsigned int *insn = (unsigned int *)(unsigned long)*p;
3841 +unsigned long VMALLOC_END = 0x0000010000000000UL;
3842 +EXPORT_SYMBOL(VMALLOC_END);
3843
3844 - page_offset_shift_patch_one(insn, phys_bits);
3845 -
3846 - p++;
3847 - }
3848 -}
3849 +unsigned long sparc64_va_hole_top = 0xfffff80000000000UL;
3850 +unsigned long sparc64_va_hole_bottom = 0x0000080000000000UL;
3851
3852 static void __init setup_page_offset(void)
3853 {
3854 - unsigned long max_phys_bits = 40;
3855 -
3856 if (tlb_type == cheetah || tlb_type == cheetah_plus) {
3857 + /* Cheetah/Panther support a full 64-bit virtual
3858 + * address, so we can use all that our page tables
3859 + * support.
3860 + */
3861 + sparc64_va_hole_top = 0xfff0000000000000UL;
3862 + sparc64_va_hole_bottom = 0x0010000000000000UL;
3863 +
3864 max_phys_bits = 42;
3865 } else if (tlb_type == hypervisor) {
3866 switch (sun4v_chip_type) {
3867 case SUN4V_CHIP_NIAGARA1:
3868 case SUN4V_CHIP_NIAGARA2:
3869 + /* T1 and T2 support 48-bit virtual addresses. */
3870 + sparc64_va_hole_top = 0xffff800000000000UL;
3871 + sparc64_va_hole_bottom = 0x0000800000000000UL;
3872 +
3873 max_phys_bits = 39;
3874 break;
3875 case SUN4V_CHIP_NIAGARA3:
3876 + /* T3 supports 48-bit virtual addresses. */
3877 + sparc64_va_hole_top = 0xffff800000000000UL;
3878 + sparc64_va_hole_bottom = 0x0000800000000000UL;
3879 +
3880 max_phys_bits = 43;
3881 break;
3882 case SUN4V_CHIP_NIAGARA4:
3883 case SUN4V_CHIP_NIAGARA5:
3884 case SUN4V_CHIP_SPARC64X:
3885 - default:
3886 + case SUN4V_CHIP_SPARC_M6:
3887 + /* T4 and later support 52-bit virtual addresses. */
3888 + sparc64_va_hole_top = 0xfff8000000000000UL;
3889 + sparc64_va_hole_bottom = 0x0008000000000000UL;
3890 max_phys_bits = 47;
3891 break;
3892 + case SUN4V_CHIP_SPARC_M7:
3893 + default:
3894 + /* M7 and later support 52-bit virtual addresses. */
3895 + sparc64_va_hole_top = 0xfff8000000000000UL;
3896 + sparc64_va_hole_bottom = 0x0008000000000000UL;
3897 + max_phys_bits = 49;
3898 + break;
3899 }
3900 }
3901
3902 @@ -1650,12 +1714,16 @@ static void __init setup_page_offset(void)
3903 prom_halt();
3904 }
3905
3906 - PAGE_OFFSET = PAGE_OFFSET_BY_BITS(max_phys_bits);
3907 + PAGE_OFFSET = sparc64_va_hole_top;
3908 + VMALLOC_END = ((sparc64_va_hole_bottom >> 1) +
3909 + (sparc64_va_hole_bottom >> 2));
3910
3911 - pr_info("PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3912 + pr_info("MM: PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3913 PAGE_OFFSET, max_phys_bits);
3914 -
3915 - page_offset_shift_patch(max_phys_bits);
3916 + pr_info("MM: VMALLOC [0x%016lx --> 0x%016lx]\n",
3917 + VMALLOC_START, VMALLOC_END);
3918 + pr_info("MM: VMEMMAP [0x%016lx --> 0x%016lx]\n",
3919 + VMEMMAP_BASE, VMEMMAP_BASE << 1);
3920 }
3921
3922 static void __init tsb_phys_patch(void)
3923 @@ -1700,21 +1768,42 @@ static void __init tsb_phys_patch(void)
3924 #define NUM_KTSB_DESCR 1
3925 #endif
3926 static struct hv_tsb_descr ktsb_descr[NUM_KTSB_DESCR];
3927 -extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3928 +
3929 +/* The swapper TSBs are loaded with a base sequence of:
3930 + *
3931 + * sethi %uhi(SYMBOL), REG1
3932 + * sethi %hi(SYMBOL), REG2
3933 + * or REG1, %ulo(SYMBOL), REG1
3934 + * or REG2, %lo(SYMBOL), REG2
3935 + * sllx REG1, 32, REG1
3936 + * or REG1, REG2, REG1
3937 + *
3938 + * When we use physical addressing for the TSB accesses, we patch the
3939 + * first four instructions in the above sequence.
3940 + */
3941
3942 static void patch_one_ktsb_phys(unsigned int *start, unsigned int *end, unsigned long pa)
3943 {
3944 - pa >>= KTSB_PHYS_SHIFT;
3945 + unsigned long high_bits, low_bits;
3946 +
3947 + high_bits = (pa >> 32) & 0xffffffff;
3948 + low_bits = (pa >> 0) & 0xffffffff;
3949
3950 while (start < end) {
3951 unsigned int *ia = (unsigned int *)(unsigned long)*start;
3952
3953 - ia[0] = (ia[0] & ~0x3fffff) | (pa >> 10);
3954 + ia[0] = (ia[0] & ~0x3fffff) | (high_bits >> 10);
3955 __asm__ __volatile__("flush %0" : : "r" (ia));
3956
3957 - ia[1] = (ia[1] & ~0x3ff) | (pa & 0x3ff);
3958 + ia[1] = (ia[1] & ~0x3fffff) | (low_bits >> 10);
3959 __asm__ __volatile__("flush %0" : : "r" (ia + 1));
3960
3961 + ia[2] = (ia[2] & ~0x1fff) | (high_bits & 0x3ff);
3962 + __asm__ __volatile__("flush %0" : : "r" (ia + 2));
3963 +
3964 + ia[3] = (ia[3] & ~0x1fff) | (low_bits & 0x3ff);
3965 + __asm__ __volatile__("flush %0" : : "r" (ia + 3));
3966 +
3967 start++;
3968 }
3969 }
3970 @@ -1853,7 +1942,6 @@ static void __init sun4v_linear_pte_xor_finalize(void)
3971 /* paging_init() sets up the page tables */
3972
3973 static unsigned long last_valid_pfn;
3974 -pgd_t swapper_pg_dir[PTRS_PER_PGD];
3975
3976 static void sun4u_pgprot_init(void);
3977 static void sun4v_pgprot_init(void);
3978 @@ -1956,16 +2044,10 @@ void __init paging_init(void)
3979 */
3980 init_mm.pgd += ((shift) / (sizeof(pgd_t)));
3981
3982 - memset(swapper_low_pmd_dir, 0, sizeof(swapper_low_pmd_dir));
3983 + memset(swapper_pg_dir, 0, sizeof(swapper_pg_dir));
3984
3985 - /* Now can init the kernel/bad page tables. */
3986 - pud_set(pud_offset(&swapper_pg_dir[0], 0),
3987 - swapper_low_pmd_dir + (shift / sizeof(pgd_t)));
3988 -
3989 inherit_prom_mappings();
3990
3991 - init_kpte_bitmap();
3992 -
3993 /* Ok, we can use our TLB miss and window trap handlers safely. */
3994 setup_tba();
3995
3996 @@ -2072,70 +2154,6 @@ int page_in_phys_avail(unsigned long paddr)
3997 return 0;
3998 }
3999
4000 -static struct linux_prom64_registers pavail_rescan[MAX_BANKS] __initdata;
4001 -static int pavail_rescan_ents __initdata;
4002 -
4003 -/* Certain OBP calls, such as fetching "available" properties, can
4004 - * claim physical memory. So, along with initializing the valid
4005 - * address bitmap, what we do here is refetch the physical available
4006 - * memory list again, and make sure it provides at least as much
4007 - * memory as 'pavail' does.
4008 - */
4009 -static void __init setup_valid_addr_bitmap_from_pavail(unsigned long *bitmap)
4010 -{
4011 - int i;
4012 -
4013 - read_obp_memory("available", &pavail_rescan[0], &pavail_rescan_ents);
4014 -
4015 - for (i = 0; i < pavail_ents; i++) {
4016 - unsigned long old_start, old_end;
4017 -
4018 - old_start = pavail[i].phys_addr;
4019 - old_end = old_start + pavail[i].reg_size;
4020 - while (old_start < old_end) {
4021 - int n;
4022 -
4023 - for (n = 0; n < pavail_rescan_ents; n++) {
4024 - unsigned long new_start, new_end;
4025 -
4026 - new_start = pavail_rescan[n].phys_addr;
4027 - new_end = new_start +
4028 - pavail_rescan[n].reg_size;
4029 -
4030 - if (new_start <= old_start &&
4031 - new_end >= (old_start + PAGE_SIZE)) {
4032 - set_bit(old_start >> ILOG2_4MB, bitmap);
4033 - goto do_next_page;
4034 - }
4035 - }
4036 -
4037 - prom_printf("mem_init: Lost memory in pavail\n");
4038 - prom_printf("mem_init: OLD start[%lx] size[%lx]\n",
4039 - pavail[i].phys_addr,
4040 - pavail[i].reg_size);
4041 - prom_printf("mem_init: NEW start[%lx] size[%lx]\n",
4042 - pavail_rescan[i].phys_addr,
4043 - pavail_rescan[i].reg_size);
4044 - prom_printf("mem_init: Cannot continue, aborting.\n");
4045 - prom_halt();
4046 -
4047 - do_next_page:
4048 - old_start += PAGE_SIZE;
4049 - }
4050 - }
4051 -}
4052 -
4053 -static void __init patch_tlb_miss_handler_bitmap(void)
4054 -{
4055 - extern unsigned int valid_addr_bitmap_insn[];
4056 - extern unsigned int valid_addr_bitmap_patch[];
4057 -
4058 - valid_addr_bitmap_insn[1] = valid_addr_bitmap_patch[1];
4059 - mb();
4060 - valid_addr_bitmap_insn[0] = valid_addr_bitmap_patch[0];
4061 - flushi(&valid_addr_bitmap_insn[0]);
4062 -}
4063 -
4064 static void __init register_page_bootmem_info(void)
4065 {
4066 #ifdef CONFIG_NEED_MULTIPLE_NODES
4067 @@ -2148,18 +2166,6 @@ static void __init register_page_bootmem_info(void)
4068 }
4069 void __init mem_init(void)
4070 {
4071 - unsigned long addr, last;
4072 -
4073 - addr = PAGE_OFFSET + kern_base;
4074 - last = PAGE_ALIGN(kern_size) + addr;
4075 - while (addr < last) {
4076 - set_bit(__pa(addr) >> ILOG2_4MB, sparc64_valid_addr_bitmap);
4077 - addr += PAGE_SIZE;
4078 - }
4079 -
4080 - setup_valid_addr_bitmap_from_pavail(sparc64_valid_addr_bitmap);
4081 - patch_tlb_miss_handler_bitmap();
4082 -
4083 high_memory = __va(last_valid_pfn << PAGE_SHIFT);
4084
4085 register_page_bootmem_info();
4086 @@ -2249,18 +2255,9 @@ unsigned long _PAGE_CACHE __read_mostly;
4087 EXPORT_SYMBOL(_PAGE_CACHE);
4088
4089 #ifdef CONFIG_SPARSEMEM_VMEMMAP
4090 -unsigned long vmemmap_table[VMEMMAP_SIZE];
4091 -
4092 -static long __meminitdata addr_start, addr_end;
4093 -static int __meminitdata node_start;
4094 -
4095 int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
4096 int node)
4097 {
4098 - unsigned long phys_start = (vstart - VMEMMAP_BASE);
4099 - unsigned long phys_end = (vend - VMEMMAP_BASE);
4100 - unsigned long addr = phys_start & VMEMMAP_CHUNK_MASK;
4101 - unsigned long end = VMEMMAP_ALIGN(phys_end);
4102 unsigned long pte_base;
4103
4104 pte_base = (_PAGE_VALID | _PAGE_SZ4MB_4U |
4105 @@ -2271,47 +2268,52 @@ int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
4106 _PAGE_CP_4V | _PAGE_CV_4V |
4107 _PAGE_P_4V | _PAGE_W_4V);
4108
4109 - for (; addr < end; addr += VMEMMAP_CHUNK) {
4110 - unsigned long *vmem_pp =
4111 - vmemmap_table + (addr >> VMEMMAP_CHUNK_SHIFT);
4112 - void *block;
4113 + pte_base |= _PAGE_PMD_HUGE;
4114
4115 - if (!(*vmem_pp & _PAGE_VALID)) {
4116 - block = vmemmap_alloc_block(1UL << ILOG2_4MB, node);
4117 - if (!block)
4118 + vstart = vstart & PMD_MASK;
4119 + vend = ALIGN(vend, PMD_SIZE);
4120 + for (; vstart < vend; vstart += PMD_SIZE) {
4121 + pgd_t *pgd = pgd_offset_k(vstart);
4122 + unsigned long pte;
4123 + pud_t *pud;
4124 + pmd_t *pmd;
4125 +
4126 + if (pgd_none(*pgd)) {
4127 + pud_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
4128 +
4129 + if (!new)
4130 return -ENOMEM;
4131 + pgd_populate(&init_mm, pgd, new);
4132 + }
4133
4134 - *vmem_pp = pte_base | __pa(block);
4135 + pud = pud_offset(pgd, vstart);
4136 + if (pud_none(*pud)) {
4137 + pmd_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
4138
4139 - /* check to see if we have contiguous blocks */
4140 - if (addr_end != addr || node_start != node) {
4141 - if (addr_start)
4142 - printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
4143 - addr_start, addr_end-1, node_start);
4144 - addr_start = addr;
4145 - node_start = node;
4146 - }
4147 - addr_end = addr + VMEMMAP_CHUNK;
4148 + if (!new)
4149 + return -ENOMEM;
4150 + pud_populate(&init_mm, pud, new);
4151 }
4152 - }
4153 - return 0;
4154 -}
4155
4156 -void __meminit vmemmap_populate_print_last(void)
4157 -{
4158 - if (addr_start) {
4159 - printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
4160 - addr_start, addr_end-1, node_start);
4161 - addr_start = 0;
4162 - addr_end = 0;
4163 - node_start = 0;
4164 + pmd = pmd_offset(pud, vstart);
4165 +
4166 + pte = pmd_val(*pmd);
4167 + if (!(pte & _PAGE_VALID)) {
4168 + void *block = vmemmap_alloc_block(PMD_SIZE, node);
4169 +
4170 + if (!block)
4171 + return -ENOMEM;
4172 +
4173 + pmd_val(*pmd) = pte_base | __pa(block);
4174 + }
4175 }
4176 +
4177 + return 0;
4178 }
4179
4180 void vmemmap_free(unsigned long start, unsigned long end)
4181 {
4182 }
4183 -
4184 #endif /* CONFIG_SPARSEMEM_VMEMMAP */
4185
4186 static void prot_init_common(unsigned long page_none,
4187 @@ -2787,8 +2789,8 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
4188 do_flush_tlb_kernel_range(start, LOW_OBP_ADDRESS);
4189 }
4190 if (end > HI_OBP_ADDRESS) {
4191 - flush_tsb_kernel_range(end, HI_OBP_ADDRESS);
4192 - do_flush_tlb_kernel_range(end, HI_OBP_ADDRESS);
4193 + flush_tsb_kernel_range(HI_OBP_ADDRESS, end);
4194 + do_flush_tlb_kernel_range(HI_OBP_ADDRESS, end);
4195 }
4196 } else {
4197 flush_tsb_kernel_range(start, end);
4198 diff --git a/arch/sparc/mm/init_64.h b/arch/sparc/mm/init_64.h
4199 index 0668b364f44d..a4c09603b05c 100644
4200 --- a/arch/sparc/mm/init_64.h
4201 +++ b/arch/sparc/mm/init_64.h
4202 @@ -8,15 +8,8 @@
4203 */
4204
4205 #define MAX_PHYS_ADDRESS (1UL << MAX_PHYS_ADDRESS_BITS)
4206 -#define KPTE_BITMAP_CHUNK_SZ (256UL * 1024UL * 1024UL)
4207 -#define KPTE_BITMAP_BYTES \
4208 - ((MAX_PHYS_ADDRESS / KPTE_BITMAP_CHUNK_SZ) / 4)
4209 -#define VALID_ADDR_BITMAP_CHUNK_SZ (4UL * 1024UL * 1024UL)
4210 -#define VALID_ADDR_BITMAP_BYTES \
4211 - ((MAX_PHYS_ADDRESS / VALID_ADDR_BITMAP_CHUNK_SZ) / 8)
4212
4213 extern unsigned long kern_linear_pte_xor[4];
4214 -extern unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
4215 extern unsigned int sparc64_highest_unlocked_tlb_ent;
4216 extern unsigned long sparc64_kern_pri_context;
4217 extern unsigned long sparc64_kern_pri_nuc_bits;
4218 @@ -38,15 +31,4 @@ extern unsigned long kern_locked_tte_data;
4219
4220 void prom_world(int enter);
4221
4222 -#ifdef CONFIG_SPARSEMEM_VMEMMAP
4223 -#define VMEMMAP_CHUNK_SHIFT 22
4224 -#define VMEMMAP_CHUNK (1UL << VMEMMAP_CHUNK_SHIFT)
4225 -#define VMEMMAP_CHUNK_MASK ~(VMEMMAP_CHUNK - 1UL)
4226 -#define VMEMMAP_ALIGN(x) (((x)+VMEMMAP_CHUNK-1UL)&VMEMMAP_CHUNK_MASK)
4227 -
4228 -#define VMEMMAP_SIZE ((((1UL << MAX_PHYSADDR_BITS) >> PAGE_SHIFT) * \
4229 - sizeof(struct page)) >> VMEMMAP_CHUNK_SHIFT)
4230 -extern unsigned long vmemmap_table[VMEMMAP_SIZE];
4231 -#endif
4232 -
4233 #endif /* _SPARC64_MM_INIT_H */
4234 diff --git a/arch/sparc/power/hibernate_asm.S b/arch/sparc/power/hibernate_asm.S
4235 index 79942166df84..d7d9017dcb15 100644
4236 --- a/arch/sparc/power/hibernate_asm.S
4237 +++ b/arch/sparc/power/hibernate_asm.S
4238 @@ -54,8 +54,8 @@ ENTRY(swsusp_arch_resume)
4239 nop
4240
4241 /* Write PAGE_OFFSET to %g7 */
4242 - sethi %uhi(PAGE_OFFSET), %g7
4243 - sllx %g7, 32, %g7
4244 + sethi %hi(PAGE_OFFSET), %g7
4245 + ldx [%g7 + %lo(PAGE_OFFSET)], %g7
4246
4247 setuw (PAGE_SIZE-8), %g3
4248
4249 diff --git a/arch/sparc/prom/bootstr_64.c b/arch/sparc/prom/bootstr_64.c
4250 index ab9ccc63b388..7149e77714a4 100644
4251 --- a/arch/sparc/prom/bootstr_64.c
4252 +++ b/arch/sparc/prom/bootstr_64.c
4253 @@ -14,7 +14,10 @@
4254 * the .bss section or it will break things.
4255 */
4256
4257 -#define BARG_LEN 256
4258 +/* We limit BARG_LEN to 1024 because this is the size of the
4259 + * 'barg_out' command line buffer in the SILO bootloader.
4260 + */
4261 +#define BARG_LEN 1024
4262 struct {
4263 int bootstr_len;
4264 int bootstr_valid;
4265 diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
4266 index 9c86b4b7d429..8050f381f518 100644
4267 --- a/arch/sparc/prom/cif.S
4268 +++ b/arch/sparc/prom/cif.S
4269 @@ -11,11 +11,10 @@
4270 .text
4271 .globl prom_cif_direct
4272 prom_cif_direct:
4273 + save %sp, -192, %sp
4274 sethi %hi(p1275buf), %o1
4275 or %o1, %lo(p1275buf), %o1
4276 - ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
4277 - save %o2, -192, %sp
4278 - ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
4279 + ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
4280 mov %g4, %l0
4281 mov %g5, %l1
4282 mov %g6, %l3
4283 diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
4284 index d95db755828f..110b0d78b864 100644
4285 --- a/arch/sparc/prom/init_64.c
4286 +++ b/arch/sparc/prom/init_64.c
4287 @@ -26,13 +26,13 @@ phandle prom_chosen_node;
4288 * It gets passed the pointer to the PROM vector.
4289 */
4290
4291 -extern void prom_cif_init(void *, void *);
4292 +extern void prom_cif_init(void *);
4293
4294 -void __init prom_init(void *cif_handler, void *cif_stack)
4295 +void __init prom_init(void *cif_handler)
4296 {
4297 phandle node;
4298
4299 - prom_cif_init(cif_handler, cif_stack);
4300 + prom_cif_init(cif_handler);
4301
4302 prom_chosen_node = prom_finddevice(prom_chosen_path);
4303 if (!prom_chosen_node || (s32)prom_chosen_node == -1)
4304 diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
4305 index e58b81726319..545d8bb79b65 100644
4306 --- a/arch/sparc/prom/p1275.c
4307 +++ b/arch/sparc/prom/p1275.c
4308 @@ -9,6 +9,7 @@
4309 #include <linux/smp.h>
4310 #include <linux/string.h>
4311 #include <linux/spinlock.h>
4312 +#include <linux/irqflags.h>
4313
4314 #include <asm/openprom.h>
4315 #include <asm/oplib.h>
4316 @@ -19,7 +20,6 @@
4317 struct {
4318 long prom_callback; /* 0x00 */
4319 void (*prom_cif_handler)(long *); /* 0x08 */
4320 - unsigned long prom_cif_stack; /* 0x10 */
4321 } p1275buf;
4322
4323 extern void prom_world(int);
4324 @@ -36,8 +36,8 @@ void p1275_cmd_direct(unsigned long *args)
4325 {
4326 unsigned long flags;
4327
4328 - raw_local_save_flags(flags);
4329 - raw_local_irq_restore((unsigned long)PIL_NMI);
4330 + local_save_flags(flags);
4331 + local_irq_restore((unsigned long)PIL_NMI);
4332 raw_spin_lock(&prom_entry_lock);
4333
4334 prom_world(1);
4335 @@ -45,11 +45,10 @@ void p1275_cmd_direct(unsigned long *args)
4336 prom_world(0);
4337
4338 raw_spin_unlock(&prom_entry_lock);
4339 - raw_local_irq_restore(flags);
4340 + local_irq_restore(flags);
4341 }
4342
4343 void prom_cif_init(void *cif_handler, void *cif_stack)
4344 {
4345 p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
4346 - p1275buf.prom_cif_stack = (unsigned long)cif_stack;
4347 }
4348 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
4349 index 7c492ed9087b..92d3486a6196 100644
4350 --- a/arch/x86/include/asm/kvm_host.h
4351 +++ b/arch/x86/include/asm/kvm_host.h
4352 @@ -481,6 +481,7 @@ struct kvm_vcpu_arch {
4353 u64 mmio_gva;
4354 unsigned access;
4355 gfn_t mmio_gfn;
4356 + u64 mmio_gen;
4357
4358 struct kvm_pmu pmu;
4359
4360 diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
4361 index 74e804ddc5c7..50ce7519ccef 100644
4362 --- a/arch/x86/kernel/cpu/intel.c
4363 +++ b/arch/x86/kernel/cpu/intel.c
4364 @@ -144,6 +144,21 @@ static void early_init_intel(struct cpuinfo_x86 *c)
4365 setup_clear_cpu_cap(X86_FEATURE_ERMS);
4366 }
4367 }
4368 +
4369 + /*
4370 + * Intel Quark Core DevMan_001.pdf section 6.4.11
4371 + * "The operating system also is required to invalidate (i.e., flush)
4372 + * the TLB when any changes are made to any of the page table entries.
4373 + * The operating system must reload CR3 to cause the TLB to be flushed"
4374 + *
4375 + * As a result cpu_has_pge() in arch/x86/include/asm/tlbflush.h should
4376 + * be false so that __flush_tlb_all() causes CR3 insted of CR4.PGE
4377 + * to be modified
4378 + */
4379 + if (c->x86 == 5 && c->x86_model == 9) {
4380 + pr_info("Disabling PGE capability bit\n");
4381 + setup_clear_cpu_cap(X86_FEATURE_PGE);
4382 + }
4383 }
4384
4385 #ifdef CONFIG_X86_32
4386 diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
4387 index 931467881da7..1cd2a5fbde07 100644
4388 --- a/arch/x86/kvm/mmu.c
4389 +++ b/arch/x86/kvm/mmu.c
4390 @@ -199,16 +199,20 @@ void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask)
4391 EXPORT_SYMBOL_GPL(kvm_mmu_set_mmio_spte_mask);
4392
4393 /*
4394 - * spte bits of bit 3 ~ bit 11 are used as low 9 bits of generation number,
4395 - * the bits of bits 52 ~ bit 61 are used as high 10 bits of generation
4396 - * number.
4397 + * the low bit of the generation number is always presumed to be zero.
4398 + * This disables mmio caching during memslot updates. The concept is
4399 + * similar to a seqcount but instead of retrying the access we just punt
4400 + * and ignore the cache.
4401 + *
4402 + * spte bits 3-11 are used as bits 1-9 of the generation number,
4403 + * the bits 52-61 are used as bits 10-19 of the generation number.
4404 */
4405 -#define MMIO_SPTE_GEN_LOW_SHIFT 3
4406 +#define MMIO_SPTE_GEN_LOW_SHIFT 2
4407 #define MMIO_SPTE_GEN_HIGH_SHIFT 52
4408
4409 -#define MMIO_GEN_SHIFT 19
4410 -#define MMIO_GEN_LOW_SHIFT 9
4411 -#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 1)
4412 +#define MMIO_GEN_SHIFT 20
4413 +#define MMIO_GEN_LOW_SHIFT 10
4414 +#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 2)
4415 #define MMIO_GEN_MASK ((1 << MMIO_GEN_SHIFT) - 1)
4416 #define MMIO_MAX_GEN ((1 << MMIO_GEN_SHIFT) - 1)
4417
4418 @@ -236,12 +240,7 @@ static unsigned int get_mmio_spte_generation(u64 spte)
4419
4420 static unsigned int kvm_current_mmio_generation(struct kvm *kvm)
4421 {
4422 - /*
4423 - * Init kvm generation close to MMIO_MAX_GEN to easily test the
4424 - * code of handling generation number wrap-around.
4425 - */
4426 - return (kvm_memslots(kvm)->generation +
4427 - MMIO_MAX_GEN - 150) & MMIO_GEN_MASK;
4428 + return kvm_memslots(kvm)->generation & MMIO_GEN_MASK;
4429 }
4430
4431 static void mark_mmio_spte(struct kvm *kvm, u64 *sptep, u64 gfn,
4432 @@ -3163,7 +3162,7 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
4433 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
4434 return;
4435
4436 - vcpu_clear_mmio_info(vcpu, ~0ul);
4437 + vcpu_clear_mmio_info(vcpu, MMIO_GVA_ANY);
4438 kvm_mmu_audit(vcpu, AUDIT_PRE_SYNC);
4439 if (vcpu->arch.mmu.root_level == PT64_ROOT_LEVEL) {
4440 hpa_t root = vcpu->arch.mmu.root_hpa;
4441 @@ -4433,7 +4432,7 @@ void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm)
4442 * The very rare case: if the generation-number is round,
4443 * zap all shadow pages.
4444 */
4445 - if (unlikely(kvm_current_mmio_generation(kvm) >= MMIO_MAX_GEN)) {
4446 + if (unlikely(kvm_current_mmio_generation(kvm) == 0)) {
4447 printk_ratelimited(KERN_INFO "kvm: zapping shadow pages for mmio generation wraparound\n");
4448 kvm_mmu_invalidate_zap_all_pages(kvm);
4449 }
4450 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
4451 index bfe11cf124a1..6a118fa378b5 100644
4452 --- a/arch/x86/kvm/vmx.c
4453 +++ b/arch/x86/kvm/vmx.c
4454 @@ -453,6 +453,7 @@ struct vcpu_vmx {
4455 int gs_ldt_reload_needed;
4456 int fs_reload_needed;
4457 u64 msr_host_bndcfgs;
4458 + unsigned long vmcs_host_cr4; /* May not match real cr4 */
4459 } host_state;
4460 struct {
4461 int vm86_active;
4462 @@ -4235,11 +4236,16 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
4463 u32 low32, high32;
4464 unsigned long tmpl;
4465 struct desc_ptr dt;
4466 + unsigned long cr4;
4467
4468 vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
4469 - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
4470 vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
4471
4472 + /* Save the most likely value for this task's CR4 in the VMCS. */
4473 + cr4 = read_cr4();
4474 + vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
4475 + vmx->host_state.vmcs_host_cr4 = cr4;
4476 +
4477 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
4478 #ifdef CONFIG_X86_64
4479 /*
4480 @@ -7376,7 +7382,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
4481 static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
4482 {
4483 struct vcpu_vmx *vmx = to_vmx(vcpu);
4484 - unsigned long debugctlmsr;
4485 + unsigned long debugctlmsr, cr4;
4486
4487 /* Record the guest's net vcpu time for enforced NMI injections. */
4488 if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
4489 @@ -7397,6 +7403,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
4490 if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
4491 vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
4492
4493 + cr4 = read_cr4();
4494 + if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
4495 + vmcs_writel(HOST_CR4, cr4);
4496 + vmx->host_state.vmcs_host_cr4 = cr4;
4497 + }
4498 +
4499 /* When single-stepping over STI and MOV SS, we must clear the
4500 * corresponding interruptibility bits in the guest state. Otherwise
4501 * vmentry fails as it then expects bit 14 (BS) in pending debug
4502 diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
4503 index 306a1b77581f..985fb2c006fa 100644
4504 --- a/arch/x86/kvm/x86.h
4505 +++ b/arch/x86/kvm/x86.h
4506 @@ -88,15 +88,23 @@ static inline void vcpu_cache_mmio_info(struct kvm_vcpu *vcpu,
4507 vcpu->arch.mmio_gva = gva & PAGE_MASK;
4508 vcpu->arch.access = access;
4509 vcpu->arch.mmio_gfn = gfn;
4510 + vcpu->arch.mmio_gen = kvm_memslots(vcpu->kvm)->generation;
4511 +}
4512 +
4513 +static inline bool vcpu_match_mmio_gen(struct kvm_vcpu *vcpu)
4514 +{
4515 + return vcpu->arch.mmio_gen == kvm_memslots(vcpu->kvm)->generation;
4516 }
4517
4518 /*
4519 - * Clear the mmio cache info for the given gva,
4520 - * specially, if gva is ~0ul, we clear all mmio cache info.
4521 + * Clear the mmio cache info for the given gva. If gva is MMIO_GVA_ANY, we
4522 + * clear all mmio cache info.
4523 */
4524 +#define MMIO_GVA_ANY (~(gva_t)0)
4525 +
4526 static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4527 {
4528 - if (gva != (~0ul) && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4529 + if (gva != MMIO_GVA_ANY && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4530 return;
4531
4532 vcpu->arch.mmio_gva = 0;
4533 @@ -104,7 +112,8 @@ static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4534
4535 static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4536 {
4537 - if (vcpu->arch.mmio_gva && vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4538 + if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gva &&
4539 + vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4540 return true;
4541
4542 return false;
4543 @@ -112,7 +121,8 @@ static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4544
4545 static inline bool vcpu_match_mmio_gpa(struct kvm_vcpu *vcpu, gpa_t gpa)
4546 {
4547 - if (vcpu->arch.mmio_gfn && vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4548 + if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gfn &&
4549 + vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4550 return true;
4551
4552 return false;
4553 diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
4554 index 3c562f5a60bb..e1bce26cd4f9 100644
4555 --- a/crypto/async_tx/async_xor.c
4556 +++ b/crypto/async_tx/async_xor.c
4557 @@ -78,8 +78,6 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4558 tx = dma->device_prep_dma_xor(chan, dma_dest, src_list,
4559 xor_src_cnt, unmap->len,
4560 dma_flags);
4561 - src_list[0] = tmp;
4562 -
4563
4564 if (unlikely(!tx))
4565 async_tx_quiesce(&submit->depend_tx);
4566 @@ -92,6 +90,7 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4567 xor_src_cnt, unmap->len,
4568 dma_flags);
4569 }
4570 + src_list[0] = tmp;
4571
4572 dma_set_unmap(tx, unmap);
4573 async_tx_submit(chan, tx, submit);
4574 diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
4575 index bf424305f3dc..3d785ebb48d3 100644
4576 --- a/drivers/base/firmware_class.c
4577 +++ b/drivers/base/firmware_class.c
4578 @@ -1105,6 +1105,9 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
4579 if (!firmware_p)
4580 return -EINVAL;
4581
4582 + if (!name || name[0] == '\0')
4583 + return -EINVAL;
4584 +
4585 ret = _request_firmware_prepare(&fw, name, device);
4586 if (ret <= 0) /* error or already assigned */
4587 goto out;
4588 diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
4589 index 0c94b661c16f..5799a0b9e6cc 100644
4590 --- a/drivers/base/regmap/regmap-debugfs.c
4591 +++ b/drivers/base/regmap/regmap-debugfs.c
4592 @@ -473,6 +473,7 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4593 {
4594 struct rb_node *next;
4595 struct regmap_range_node *range_node;
4596 + const char *devname = "dummy";
4597
4598 /* If we don't have the debugfs root yet, postpone init */
4599 if (!regmap_debugfs_root) {
4600 @@ -491,12 +492,15 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4601 INIT_LIST_HEAD(&map->debugfs_off_cache);
4602 mutex_init(&map->cache_lock);
4603
4604 + if (map->dev)
4605 + devname = dev_name(map->dev);
4606 +
4607 if (name) {
4608 map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
4609 - dev_name(map->dev), name);
4610 + devname, name);
4611 name = map->debugfs_name;
4612 } else {
4613 - name = dev_name(map->dev);
4614 + name = devname;
4615 }
4616
4617 map->debugfs = debugfs_create_dir(name, regmap_debugfs_root);
4618 diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
4619 index 1cf427bc0d4a..3a785a4f4ff6 100644
4620 --- a/drivers/base/regmap/regmap.c
4621 +++ b/drivers/base/regmap/regmap.c
4622 @@ -1408,7 +1408,7 @@ int _regmap_write(struct regmap *map, unsigned int reg,
4623 }
4624
4625 #ifdef LOG_DEVICE
4626 - if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4627 + if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4628 dev_info(map->dev, "%x <= %x\n", reg, val);
4629 #endif
4630
4631 @@ -1659,6 +1659,9 @@ out:
4632 } else {
4633 void *wval;
4634
4635 + if (!val_count)
4636 + return -EINVAL;
4637 +
4638 wval = kmemdup(val, val_count * val_bytes, GFP_KERNEL);
4639 if (!wval) {
4640 dev_err(map->dev, "Error in memory allocation\n");
4641 @@ -2058,7 +2061,7 @@ static int _regmap_read(struct regmap *map, unsigned int reg,
4642 ret = map->reg_read(context, reg, val);
4643 if (ret == 0) {
4644 #ifdef LOG_DEVICE
4645 - if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4646 + if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4647 dev_info(map->dev, "%x => %x\n", reg, *val);
4648 #endif
4649
4650 diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
4651 index 292c38e8aa17..f0ea79064d4f 100644
4652 --- a/drivers/bluetooth/btusb.c
4653 +++ b/drivers/bluetooth/btusb.c
4654 @@ -330,6 +330,9 @@ static void btusb_intr_complete(struct urb *urb)
4655 BT_ERR("%s corrupted event packet", hdev->name);
4656 hdev->stat.err_rx++;
4657 }
4658 + } else if (urb->status == -ENOENT) {
4659 + /* Avoid suspend failed when usb_kill_urb */
4660 + return;
4661 }
4662
4663 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
4664 @@ -418,6 +421,9 @@ static void btusb_bulk_complete(struct urb *urb)
4665 BT_ERR("%s corrupted ACL packet", hdev->name);
4666 hdev->stat.err_rx++;
4667 }
4668 + } else if (urb->status == -ENOENT) {
4669 + /* Avoid suspend failed when usb_kill_urb */
4670 + return;
4671 }
4672
4673 if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
4674 @@ -512,6 +518,9 @@ static void btusb_isoc_complete(struct urb *urb)
4675 hdev->stat.err_rx++;
4676 }
4677 }
4678 + } else if (urb->status == -ENOENT) {
4679 + /* Avoid suspend failed when usb_kill_urb */
4680 + return;
4681 }
4682
4683 if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
4684 diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
4685 index caacb422995d..a22838669b4e 100644
4686 --- a/drivers/bluetooth/hci_h5.c
4687 +++ b/drivers/bluetooth/hci_h5.c
4688 @@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
4689 break;
4690
4691 to_remove--;
4692 - seq = (seq - 1) % 8;
4693 + seq = (seq - 1) & 0x07;
4694 }
4695
4696 if (seq != h5->rx_ack)
4697 diff --git a/drivers/clk/qcom/gcc-ipq806x.c b/drivers/clk/qcom/gcc-ipq806x.c
4698 index 3b83b7dd78c7..5cd62a709ac7 100644
4699 --- a/drivers/clk/qcom/gcc-ipq806x.c
4700 +++ b/drivers/clk/qcom/gcc-ipq806x.c
4701 @@ -32,6 +32,33 @@
4702 #include "clk-branch.h"
4703 #include "reset.h"
4704
4705 +static struct clk_pll pll0 = {
4706 + .l_reg = 0x30c4,
4707 + .m_reg = 0x30c8,
4708 + .n_reg = 0x30cc,
4709 + .config_reg = 0x30d4,
4710 + .mode_reg = 0x30c0,
4711 + .status_reg = 0x30d8,
4712 + .status_bit = 16,
4713 + .clkr.hw.init = &(struct clk_init_data){
4714 + .name = "pll0",
4715 + .parent_names = (const char *[]){ "pxo" },
4716 + .num_parents = 1,
4717 + .ops = &clk_pll_ops,
4718 + },
4719 +};
4720 +
4721 +static struct clk_regmap pll0_vote = {
4722 + .enable_reg = 0x34c0,
4723 + .enable_mask = BIT(0),
4724 + .hw.init = &(struct clk_init_data){
4725 + .name = "pll0_vote",
4726 + .parent_names = (const char *[]){ "pll0" },
4727 + .num_parents = 1,
4728 + .ops = &clk_pll_vote_ops,
4729 + },
4730 +};
4731 +
4732 static struct clk_pll pll3 = {
4733 .l_reg = 0x3164,
4734 .m_reg = 0x3168,
4735 @@ -154,7 +181,7 @@ static const u8 gcc_pxo_pll8_pll0[] = {
4736 static const char *gcc_pxo_pll8_pll0_map[] = {
4737 "pxo",
4738 "pll8_vote",
4739 - "pll0",
4740 + "pll0_vote",
4741 };
4742
4743 static struct freq_tbl clk_tbl_gsbi_uart[] = {
4744 @@ -2133,6 +2160,8 @@ static struct clk_branch usb_fs1_h_clk = {
4745 };
4746
4747 static struct clk_regmap *gcc_ipq806x_clks[] = {
4748 + [PLL0] = &pll0.clkr,
4749 + [PLL0_VOTE] = &pll0_vote,
4750 [PLL3] = &pll3.clkr,
4751 [PLL8] = &pll8.clkr,
4752 [PLL8_VOTE] = &pll8_vote,
4753 diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
4754 index d5149aacd2fe..026484ade10d 100644
4755 --- a/drivers/dma/pl330.c
4756 +++ b/drivers/dma/pl330.c
4757 @@ -2755,8 +2755,10 @@ probe_err3:
4758 list_del(&pch->chan.device_node);
4759
4760 /* Flush the channel */
4761 - pl330_control(&pch->chan, DMA_TERMINATE_ALL, 0);
4762 - pl330_free_chan_resources(&pch->chan);
4763 + if (pch->thread) {
4764 + pl330_control(&pch->chan, DMA_TERMINATE_ALL, 0);
4765 + pl330_free_chan_resources(&pch->chan);
4766 + }
4767 }
4768 probe_err2:
4769 pl330_del(pl330);
4770 @@ -2782,8 +2784,10 @@ static int pl330_remove(struct amba_device *adev)
4771 list_del(&pch->chan.device_node);
4772
4773 /* Flush the channel */
4774 - pl330_control(&pch->chan, DMA_TERMINATE_ALL, 0);
4775 - pl330_free_chan_resources(&pch->chan);
4776 + if (pch->thread) {
4777 + pl330_control(&pch->chan, DMA_TERMINATE_ALL, 0);
4778 + pl330_free_chan_resources(&pch->chan);
4779 + }
4780 }
4781
4782 pl330_del(pl330);
4783 diff --git a/drivers/edac/mpc85xx_edac.c b/drivers/edac/mpc85xx_edac.c
4784 index f4aec2e6ef56..7d3742edbaa2 100644
4785 --- a/drivers/edac/mpc85xx_edac.c
4786 +++ b/drivers/edac/mpc85xx_edac.c
4787 @@ -633,7 +633,7 @@ static int mpc85xx_l2_err_probe(struct platform_device *op)
4788 if (edac_op_state == EDAC_OPSTATE_INT) {
4789 pdata->irq = irq_of_parse_and_map(op->dev.of_node, 0);
4790 res = devm_request_irq(&op->dev, pdata->irq,
4791 - mpc85xx_l2_isr, 0,
4792 + mpc85xx_l2_isr, IRQF_SHARED,
4793 "[EDAC] L2 err", edac_dev);
4794 if (res < 0) {
4795 printk(KERN_ERR
4796 diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
4797 index 8389e8109218..3cccff73b9b9 100644
4798 --- a/drivers/hid/hid-rmi.c
4799 +++ b/drivers/hid/hid-rmi.c
4800 @@ -320,10 +320,7 @@ static int rmi_f11_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4801 int offset;
4802 int i;
4803
4804 - if (size < hdata->f11.report_size)
4805 - return 0;
4806 -
4807 - if (!(irq & hdata->f11.irq_mask))
4808 + if (!(irq & hdata->f11.irq_mask) || size <= 0)
4809 return 0;
4810
4811 offset = (hdata->max_fingers >> 2) + 1;
4812 @@ -332,9 +329,19 @@ static int rmi_f11_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4813 int fs_bit_position = (i & 0x3) << 1;
4814 int finger_state = (data[fs_byte_position] >> fs_bit_position) &
4815 0x03;
4816 + int position = offset + 5 * i;
4817 +
4818 + if (position + 5 > size) {
4819 + /* partial report, go on with what we received */
4820 + printk_once(KERN_WARNING
4821 + "%s %s: Detected incomplete finger report. Finger reports may occasionally get dropped on this platform.\n",
4822 + dev_driver_string(&hdev->dev),
4823 + dev_name(&hdev->dev));
4824 + hid_dbg(hdev, "Incomplete finger report\n");
4825 + break;
4826 + }
4827
4828 - rmi_f11_process_touch(hdata, i, finger_state,
4829 - &data[offset + 5 * i]);
4830 + rmi_f11_process_touch(hdata, i, finger_state, &data[position]);
4831 }
4832 input_mt_sync_frame(hdata->input);
4833 input_sync(hdata->input);
4834 @@ -352,6 +359,11 @@ static int rmi_f30_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4835 if (!(irq & hdata->f30.irq_mask))
4836 return 0;
4837
4838 + if (size < (int)hdata->f30.report_size) {
4839 + hid_warn(hdev, "Click Button pressed, but the click data is missing\n");
4840 + return 0;
4841 + }
4842 +
4843 for (i = 0; i < hdata->gpio_led_count; i++) {
4844 if (test_bit(i, &hdata->button_mask)) {
4845 value = (data[i / 8] >> (i & 0x07)) & BIT(0);
4846 @@ -412,9 +424,29 @@ static int rmi_read_data_event(struct hid_device *hdev, u8 *data, int size)
4847 return 1;
4848 }
4849
4850 +static int rmi_check_sanity(struct hid_device *hdev, u8 *data, int size)
4851 +{
4852 + int valid_size = size;
4853 + /*
4854 + * On the Dell XPS 13 9333, the bus sometimes get confused and fills
4855 + * the report with a sentinel value "ff". Synaptics told us that such
4856 + * behavior does not comes from the touchpad itself, so we filter out
4857 + * such reports here.
4858 + */
4859 +
4860 + while ((data[valid_size - 1] == 0xff) && valid_size > 0)
4861 + valid_size--;
4862 +
4863 + return valid_size;
4864 +}
4865 +
4866 static int rmi_raw_event(struct hid_device *hdev,
4867 struct hid_report *report, u8 *data, int size)
4868 {
4869 + size = rmi_check_sanity(hdev, data, size);
4870 + if (size < 2)
4871 + return 0;
4872 +
4873 switch (data[0]) {
4874 case RMI_READ_DATA_REPORT_ID:
4875 return rmi_read_data_event(hdev, data, size);
4876 diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
4877 index f0db7eca9023..129fd330dd27 100644
4878 --- a/drivers/hid/wacom_sys.c
4879 +++ b/drivers/hid/wacom_sys.c
4880 @@ -23,13 +23,13 @@
4881 #define WAC_CMD_ICON_BT_XFER 0x26
4882 #define WAC_CMD_RETRIES 10
4883
4884 -static int wacom_get_report(struct hid_device *hdev, u8 type, u8 id,
4885 - void *buf, size_t size, unsigned int retries)
4886 +static int wacom_get_report(struct hid_device *hdev, u8 type, u8 *buf,
4887 + size_t size, unsigned int retries)
4888 {
4889 int retval;
4890
4891 do {
4892 - retval = hid_hw_raw_request(hdev, id, buf, size, type,
4893 + retval = hid_hw_raw_request(hdev, buf[0], buf, size, type,
4894 HID_REQ_GET_REPORT);
4895 } while ((retval == -ETIMEDOUT || retval == -EPIPE) && --retries);
4896
4897 @@ -106,12 +106,24 @@ static void wacom_feature_mapping(struct hid_device *hdev,
4898 {
4899 struct wacom *wacom = hid_get_drvdata(hdev);
4900 struct wacom_features *features = &wacom->wacom_wac.features;
4901 + u8 *data;
4902 + int ret;
4903
4904 switch (usage->hid) {
4905 case HID_DG_CONTACTMAX:
4906 /* leave touch_max as is if predefined */
4907 - if (!features->touch_max)
4908 - features->touch_max = field->value[0];
4909 + if (!features->touch_max) {
4910 + /* read manually */
4911 + data = kzalloc(2, GFP_KERNEL);
4912 + if (!data)
4913 + break;
4914 + data[0] = field->report->id;
4915 + ret = wacom_get_report(hdev, HID_FEATURE_REPORT,
4916 + data, 2, 0);
4917 + if (ret == 2)
4918 + features->touch_max = data[1];
4919 + kfree(data);
4920 + }
4921 break;
4922 }
4923 }
4924 @@ -255,7 +267,7 @@ static int wacom_set_device_mode(struct hid_device *hdev, int report_id,
4925 length, 1);
4926 if (error >= 0)
4927 error = wacom_get_report(hdev, HID_FEATURE_REPORT,
4928 - report_id, rep_data, length, 1);
4929 + rep_data, length, 1);
4930 } while ((error < 0 || rep_data[1] != mode) && limit++ < WAC_MSG_RETRIES);
4931
4932 kfree(rep_data);
4933 @@ -1245,6 +1257,8 @@ static int wacom_probe(struct hid_device *hdev,
4934 if (!id->driver_data)
4935 return -EINVAL;
4936
4937 + hdev->quirks |= HID_QUIRK_NO_INIT_REPORTS;
4938 +
4939 wacom = kzalloc(sizeof(struct wacom), GFP_KERNEL);
4940 if (!wacom)
4941 return -ENOMEM;
4942 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
4943 index 531a593912ec..19bad59073e6 100644
4944 --- a/drivers/hv/channel.c
4945 +++ b/drivers/hv/channel.c
4946 @@ -165,8 +165,10 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
4947 ret = vmbus_post_msg(open_msg,
4948 sizeof(struct vmbus_channel_open_channel));
4949
4950 - if (ret != 0)
4951 + if (ret != 0) {
4952 + err = ret;
4953 goto error1;
4954 + }
4955
4956 t = wait_for_completion_timeout(&open_info->waitevent, 5*HZ);
4957 if (t == 0) {
4958 @@ -363,7 +365,6 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4959 u32 next_gpadl_handle;
4960 unsigned long flags;
4961 int ret = 0;
4962 - int t;
4963
4964 next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
4965 atomic_inc(&vmbus_connection.next_gpadl_handle);
4966 @@ -410,9 +411,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4967
4968 }
4969 }
4970 - t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
4971 - BUG_ON(t == 0);
4972 -
4973 + wait_for_completion(&msginfo->waitevent);
4974
4975 /* At this point, we received the gpadl created msg */
4976 *gpadl_handle = gpadlmsg->gpadl;
4977 @@ -435,7 +434,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4978 struct vmbus_channel_gpadl_teardown *msg;
4979 struct vmbus_channel_msginfo *info;
4980 unsigned long flags;
4981 - int ret, t;
4982 + int ret;
4983
4984 info = kmalloc(sizeof(*info) +
4985 sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
4986 @@ -457,11 +456,12 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4987 ret = vmbus_post_msg(msg,
4988 sizeof(struct vmbus_channel_gpadl_teardown));
4989
4990 - BUG_ON(ret != 0);
4991 - t = wait_for_completion_timeout(&info->waitevent, 5*HZ);
4992 - BUG_ON(t == 0);
4993 + if (ret)
4994 + goto post_msg_err;
4995 +
4996 + wait_for_completion(&info->waitevent);
4997
4998 - /* Received a torndown response */
4999 +post_msg_err:
5000 spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
5001 list_del(&info->msglistentry);
5002 spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
5003 @@ -478,7 +478,7 @@ static void reset_channel_cb(void *arg)
5004 channel->onchannel_callback = NULL;
5005 }
5006
5007 -static void vmbus_close_internal(struct vmbus_channel *channel)
5008 +static int vmbus_close_internal(struct vmbus_channel *channel)
5009 {
5010 struct vmbus_channel_close_channel *msg;
5011 int ret;
5012 @@ -501,11 +501,28 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
5013
5014 ret = vmbus_post_msg(msg, sizeof(struct vmbus_channel_close_channel));
5015
5016 - BUG_ON(ret != 0);
5017 + if (ret) {
5018 + pr_err("Close failed: close post msg return is %d\n", ret);
5019 + /*
5020 + * If we failed to post the close msg,
5021 + * it is perhaps better to leak memory.
5022 + */
5023 + return ret;
5024 + }
5025 +
5026 /* Tear down the gpadl for the channel's ring buffer */
5027 - if (channel->ringbuffer_gpadlhandle)
5028 - vmbus_teardown_gpadl(channel,
5029 - channel->ringbuffer_gpadlhandle);
5030 + if (channel->ringbuffer_gpadlhandle) {
5031 + ret = vmbus_teardown_gpadl(channel,
5032 + channel->ringbuffer_gpadlhandle);
5033 + if (ret) {
5034 + pr_err("Close failed: teardown gpadl return %d\n", ret);
5035 + /*
5036 + * If we failed to teardown gpadl,
5037 + * it is perhaps better to leak memory.
5038 + */
5039 + return ret;
5040 + }
5041 + }
5042
5043 /* Cleanup the ring buffers for this channel */
5044 hv_ringbuffer_cleanup(&channel->outbound);
5045 @@ -514,7 +531,7 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
5046 free_pages((unsigned long)channel->ringbuffer_pages,
5047 get_order(channel->ringbuffer_pagecount * PAGE_SIZE));
5048
5049 -
5050 + return ret;
5051 }
5052
5053 /*
5054 diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
5055 index ae22e3c1fc4c..e206619b946e 100644
5056 --- a/drivers/hv/connection.c
5057 +++ b/drivers/hv/connection.c
5058 @@ -427,10 +427,21 @@ int vmbus_post_msg(void *buffer, size_t buflen)
5059 * insufficient resources. Retry the operation a couple of
5060 * times before giving up.
5061 */
5062 - while (retries < 3) {
5063 - ret = hv_post_message(conn_id, 1, buffer, buflen);
5064 - if (ret != HV_STATUS_INSUFFICIENT_BUFFERS)
5065 + while (retries < 10) {
5066 + ret = hv_post_message(conn_id, 1, buffer, buflen);
5067 +
5068 + switch (ret) {
5069 + case HV_STATUS_INSUFFICIENT_BUFFERS:
5070 + ret = -ENOMEM;
5071 + case -ENOMEM:
5072 + break;
5073 + case HV_STATUS_SUCCESS:
5074 return ret;
5075 + default:
5076 + pr_err("hv_post_msg() failed; error code:%d\n", ret);
5077 + return -EINVAL;
5078 + }
5079 +
5080 retries++;
5081 msleep(100);
5082 }
5083 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
5084 index edfc8488cb03..3e4235c7a47f 100644
5085 --- a/drivers/hv/hv.c
5086 +++ b/drivers/hv/hv.c
5087 @@ -138,6 +138,8 @@ int hv_init(void)
5088 memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
5089 memset(hv_context.synic_message_page, 0,
5090 sizeof(void *) * NR_CPUS);
5091 + memset(hv_context.post_msg_page, 0,
5092 + sizeof(void *) * NR_CPUS);
5093 memset(hv_context.vp_index, 0,
5094 sizeof(int) * NR_CPUS);
5095 memset(hv_context.event_dpc, 0,
5096 @@ -217,26 +219,18 @@ int hv_post_message(union hv_connection_id connection_id,
5097 enum hv_message_type message_type,
5098 void *payload, size_t payload_size)
5099 {
5100 - struct aligned_input {
5101 - u64 alignment8;
5102 - struct hv_input_post_message msg;
5103 - };
5104
5105 struct hv_input_post_message *aligned_msg;
5106 u16 status;
5107 - unsigned long addr;
5108
5109 if (payload_size > HV_MESSAGE_PAYLOAD_BYTE_COUNT)
5110 return -EMSGSIZE;
5111
5112 - addr = (unsigned long)kmalloc(sizeof(struct aligned_input), GFP_ATOMIC);
5113 - if (!addr)
5114 - return -ENOMEM;
5115 -
5116 aligned_msg = (struct hv_input_post_message *)
5117 - (ALIGN(addr, HV_HYPERCALL_PARAM_ALIGN));
5118 + hv_context.post_msg_page[get_cpu()];
5119
5120 aligned_msg->connectionid = connection_id;
5121 + aligned_msg->reserved = 0;
5122 aligned_msg->message_type = message_type;
5123 aligned_msg->payload_size = payload_size;
5124 memcpy((void *)aligned_msg->payload, payload, payload_size);
5125 @@ -244,8 +238,7 @@ int hv_post_message(union hv_connection_id connection_id,
5126 status = do_hypercall(HVCALL_POST_MESSAGE, aligned_msg, NULL)
5127 & 0xFFFF;
5128
5129 - kfree((void *)addr);
5130 -
5131 + put_cpu();
5132 return status;
5133 }
5134
5135 @@ -294,6 +287,14 @@ int hv_synic_alloc(void)
5136 pr_err("Unable to allocate SYNIC event page\n");
5137 goto err;
5138 }
5139 +
5140 + hv_context.post_msg_page[cpu] =
5141 + (void *)get_zeroed_page(GFP_ATOMIC);
5142 +
5143 + if (hv_context.post_msg_page[cpu] == NULL) {
5144 + pr_err("Unable to allocate post msg page\n");
5145 + goto err;
5146 + }
5147 }
5148
5149 return 0;
5150 @@ -308,6 +309,8 @@ static void hv_synic_free_cpu(int cpu)
5151 free_page((unsigned long)hv_context.synic_event_page[cpu]);
5152 if (hv_context.synic_message_page[cpu])
5153 free_page((unsigned long)hv_context.synic_message_page[cpu]);
5154 + if (hv_context.post_msg_page[cpu])
5155 + free_page((unsigned long)hv_context.post_msg_page[cpu]);
5156 }
5157
5158 void hv_synic_free(void)
5159 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
5160 index 22b750749a39..c386d8dc7223 100644
5161 --- a/drivers/hv/hyperv_vmbus.h
5162 +++ b/drivers/hv/hyperv_vmbus.h
5163 @@ -515,6 +515,10 @@ struct hv_context {
5164 * per-cpu list of the channels based on their CPU affinity.
5165 */
5166 struct list_head percpu_list[NR_CPUS];
5167 + /*
5168 + * buffer to post messages to the host.
5169 + */
5170 + void *post_msg_page[NR_CPUS];
5171 };
5172
5173 extern struct hv_context hv_context;
5174 diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c
5175 index 787933d43d32..613231c16194 100644
5176 --- a/drivers/message/fusion/mptspi.c
5177 +++ b/drivers/message/fusion/mptspi.c
5178 @@ -1419,6 +1419,11 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
5179 goto out_mptspi_probe;
5180 }
5181
5182 + /* VMWare emulation doesn't properly implement WRITE_SAME
5183 + */
5184 + if (pdev->subsystem_vendor == 0x15AD)
5185 + sh->no_write_same = 1;
5186 +
5187 spin_lock_irqsave(&ioc->FreeQlock, flags);
5188
5189 /* Attach the SCSI Host to the IOC structure
5190 diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
5191 index 0e993ef28b94..8fd9466266b6 100644
5192 --- a/drivers/misc/mei/bus.c
5193 +++ b/drivers/misc/mei/bus.c
5194 @@ -70,7 +70,7 @@ static int mei_cl_device_probe(struct device *dev)
5195
5196 dev_dbg(dev, "Device probe\n");
5197
5198 - strncpy(id.name, dev_name(dev), sizeof(id.name));
5199 + strlcpy(id.name, dev_name(dev), sizeof(id.name));
5200
5201 return driver->probe(device, &id);
5202 }
5203 diff --git a/drivers/net/wireless/ath/ath9k/ar5008_phy.c b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5204 index 00fb8badbacc..3b3e91057a4c 100644
5205 --- a/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5206 +++ b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5207 @@ -1004,9 +1004,11 @@ static bool ar5008_hw_ani_control_new(struct ath_hw *ah,
5208 case ATH9K_ANI_FIRSTEP_LEVEL:{
5209 u32 level = param;
5210
5211 - value = level;
5212 + value = level * 2;
5213 REG_RMW_FIELD(ah, AR_PHY_FIND_SIG,
5214 AR_PHY_FIND_SIG_FIRSTEP, value);
5215 + REG_RMW_FIELD(ah, AR_PHY_FIND_SIG_LOW,
5216 + AR_PHY_FIND_SIG_FIRSTEP_LOW, value);
5217
5218 if (level != aniState->firstepLevel) {
5219 ath_dbg(common, ANI,
5220 diff --git a/drivers/net/wireless/iwlwifi/mvm/constants.h b/drivers/net/wireless/iwlwifi/mvm/constants.h
5221 index ca79f7160573..72da88d879c7 100644
5222 --- a/drivers/net/wireless/iwlwifi/mvm/constants.h
5223 +++ b/drivers/net/wireless/iwlwifi/mvm/constants.h
5224 @@ -82,7 +82,7 @@
5225 #define IWL_MVM_BT_COEX_EN_RED_TXP_THRESH 62
5226 #define IWL_MVM_BT_COEX_DIS_RED_TXP_THRESH 65
5227 #define IWL_MVM_BT_COEX_SYNC2SCO 1
5228 -#define IWL_MVM_BT_COEX_CORUNNING 1
5229 +#define IWL_MVM_BT_COEX_CORUNNING 0
5230 #define IWL_MVM_BT_COEX_MPLUT 1
5231
5232 #endif /* __MVM_CONSTANTS_H */
5233 diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
5234 index 073a68b97a72..bc6a5db283f0 100644
5235 --- a/drivers/net/wireless/iwlwifi/pcie/drv.c
5236 +++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
5237 @@ -273,6 +273,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5238 {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
5239 {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
5240 {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
5241 + {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
5242 + {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
5243 {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
5244 {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
5245 {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
5246 @@ -316,6 +318,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5247 {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
5248 {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
5249 {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
5250 + {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
5251 + {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
5252 {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
5253 {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
5254 {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
5255 diff --git a/drivers/net/wireless/rt2x00/rt2800.h b/drivers/net/wireless/rt2x00/rt2800.h
5256 index a394a9a95919..7cf6081a05a1 100644
5257 --- a/drivers/net/wireless/rt2x00/rt2800.h
5258 +++ b/drivers/net/wireless/rt2x00/rt2800.h
5259 @@ -2039,7 +2039,7 @@ struct mac_iveiv_entry {
5260 * 2 - drop tx power by 12dBm,
5261 * 3 - increase tx power by 6dBm
5262 */
5263 -#define BBP1_TX_POWER_CTRL FIELD8(0x07)
5264 +#define BBP1_TX_POWER_CTRL FIELD8(0x03)
5265 #define BBP1_TX_ANTENNA FIELD8(0x18)
5266
5267 /*
5268 diff --git a/drivers/pci/host/pci-mvebu.c b/drivers/pci/host/pci-mvebu.c
5269 index a8c6f1a92e0f..b1315e197ffb 100644
5270 --- a/drivers/pci/host/pci-mvebu.c
5271 +++ b/drivers/pci/host/pci-mvebu.c
5272 @@ -873,7 +873,7 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
5273 rangesz = pna + na + ns;
5274 nranges = rlen / sizeof(__be32) / rangesz;
5275
5276 - for (i = 0; i < nranges; i++) {
5277 + for (i = 0; i < nranges; i++, range += rangesz) {
5278 u32 flags = of_read_number(range, 1);
5279 u32 slot = of_read_number(range + 1, 1);
5280 u64 cpuaddr = of_read_number(range + na, pna);
5281 @@ -883,14 +883,14 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
5282 rtype = IORESOURCE_IO;
5283 else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
5284 rtype = IORESOURCE_MEM;
5285 + else
5286 + continue;
5287
5288 if (slot == PCI_SLOT(devfn) && type == rtype) {
5289 *tgt = DT_CPUADDR_TO_TARGET(cpuaddr);
5290 *attr = DT_CPUADDR_TO_ATTR(cpuaddr);
5291 return 0;
5292 }
5293 -
5294 - range += rangesz;
5295 }
5296
5297 return -ENOENT;
5298 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
5299 index 9ff0a901ecf7..76ef7914c9aa 100644
5300 --- a/drivers/pci/pci-sysfs.c
5301 +++ b/drivers/pci/pci-sysfs.c
5302 @@ -177,7 +177,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
5303 {
5304 struct pci_dev *pci_dev = to_pci_dev(dev);
5305
5306 - return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
5307 + return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
5308 pci_dev->vendor, pci_dev->device,
5309 pci_dev->subsystem_vendor, pci_dev->subsystem_device,
5310 (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
5311 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
5312 index 80c2d014283d..feaa5c23e991 100644
5313 --- a/drivers/pci/quirks.c
5314 +++ b/drivers/pci/quirks.c
5315 @@ -24,6 +24,7 @@
5316 #include <linux/ioport.h>
5317 #include <linux/sched.h>
5318 #include <linux/ktime.h>
5319 +#include <linux/mm.h>
5320 #include <asm/dma.h> /* isa_dma_bridge_buggy */
5321 #include "pci.h"
5322
5323 @@ -287,6 +288,25 @@ static void quirk_citrine(struct pci_dev *dev)
5324 }
5325 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
5326
5327 +/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
5328 +static void quirk_extend_bar_to_page(struct pci_dev *dev)
5329 +{
5330 + int i;
5331 +
5332 + for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
5333 + struct resource *r = &dev->resource[i];
5334 +
5335 + if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
5336 + r->end = PAGE_SIZE - 1;
5337 + r->start = 0;
5338 + r->flags |= IORESOURCE_UNSET;
5339 + dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
5340 + i, r);
5341 + }
5342 + }
5343 +}
5344 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
5345 +
5346 /*
5347 * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
5348 * If it's needed, re-allocate the region.
5349 diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
5350 index 6373985ad3f7..0482235eee92 100644
5351 --- a/drivers/pci/setup-bus.c
5352 +++ b/drivers/pci/setup-bus.c
5353 @@ -1652,7 +1652,7 @@ void pci_assign_unassigned_bridge_resources(struct pci_dev *bridge)
5354 struct pci_dev_resource *fail_res;
5355 int retval;
5356 unsigned long type_mask = IORESOURCE_IO | IORESOURCE_MEM |
5357 - IORESOURCE_PREFETCH;
5358 + IORESOURCE_PREFETCH | IORESOURCE_MEM_64;
5359
5360 again:
5361 __pci_bus_size_bridges(parent, &add_list);
5362 diff --git a/drivers/regulator/ltc3589.c b/drivers/regulator/ltc3589.c
5363 index c756955bfcc5..0ce8e4e0fa73 100644
5364 --- a/drivers/regulator/ltc3589.c
5365 +++ b/drivers/regulator/ltc3589.c
5366 @@ -372,6 +372,7 @@ static bool ltc3589_volatile_reg(struct device *dev, unsigned int reg)
5367 switch (reg) {
5368 case LTC3589_IRQSTAT:
5369 case LTC3589_PGSTAT:
5370 + case LTC3589_VCCR:
5371 return true;
5372 }
5373 return false;
5374 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
5375 index b0e4a3eb33c7..5b2e76159b41 100644
5376 --- a/drivers/rtc/rtc-cmos.c
5377 +++ b/drivers/rtc/rtc-cmos.c
5378 @@ -856,7 +856,7 @@ static void __exit cmos_do_remove(struct device *dev)
5379 cmos->dev = NULL;
5380 }
5381
5382 -#ifdef CONFIG_PM_SLEEP
5383 +#ifdef CONFIG_PM
5384
5385 static int cmos_suspend(struct device *dev)
5386 {
5387 @@ -907,6 +907,8 @@ static inline int cmos_poweroff(struct device *dev)
5388 return cmos_suspend(dev);
5389 }
5390
5391 +#ifdef CONFIG_PM_SLEEP
5392 +
5393 static int cmos_resume(struct device *dev)
5394 {
5395 struct cmos_rtc *cmos = dev_get_drvdata(dev);
5396 @@ -954,6 +956,7 @@ static int cmos_resume(struct device *dev)
5397 return 0;
5398 }
5399
5400 +#endif
5401 #else
5402
5403 static inline int cmos_poweroff(struct device *dev)
5404 diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
5405 index 665afcb74a56..3f3544f62259 100644
5406 --- a/drivers/scsi/be2iscsi/be_mgmt.c
5407 +++ b/drivers/scsi/be2iscsi/be_mgmt.c
5408 @@ -943,17 +943,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
5409
5410 if (ip_action == IP_ACTION_ADD) {
5411 memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
5412 - ip_param->len);
5413 + sizeof(req->ip_params.ip_record.ip_addr.addr));
5414
5415 if (subnet_param)
5416 memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
5417 - subnet_param->value, subnet_param->len);
5418 + subnet_param->value,
5419 + sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
5420 } else {
5421 memcpy(req->ip_params.ip_record.ip_addr.addr,
5422 - if_info->ip_addr.addr, ip_param->len);
5423 + if_info->ip_addr.addr,
5424 + sizeof(req->ip_params.ip_record.ip_addr.addr));
5425
5426 memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
5427 - if_info->ip_addr.subnet_mask, ip_param->len);
5428 + if_info->ip_addr.subnet_mask,
5429 + sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
5430 }
5431
5432 rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
5433 @@ -981,7 +984,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
5434 req->action = gtway_action;
5435 req->ip_addr.ip_type = BE2_IPV4;
5436
5437 - memcpy(req->ip_addr.addr, gt_addr, param_len);
5438 + memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
5439
5440 return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
5441 }
5442 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
5443 index be9698d920c2..8252c0e6682c 100644
5444 --- a/drivers/scsi/qla2xxx/qla_os.c
5445 +++ b/drivers/scsi/qla2xxx/qla_os.c
5446 @@ -3119,10 +3119,8 @@ qla2x00_unmap_iobases(struct qla_hw_data *ha)
5447 }
5448
5449 static void
5450 -qla2x00_clear_drv_active(scsi_qla_host_t *vha)
5451 +qla2x00_clear_drv_active(struct qla_hw_data *ha)
5452 {
5453 - struct qla_hw_data *ha = vha->hw;
5454 -
5455 if (IS_QLA8044(ha)) {
5456 qla8044_idc_lock(ha);
5457 qla8044_clear_drv_active(ha);
5458 @@ -3193,7 +3191,7 @@ qla2x00_remove_one(struct pci_dev *pdev)
5459
5460 scsi_host_put(base_vha->host);
5461
5462 - qla2x00_clear_drv_active(base_vha);
5463 + qla2x00_clear_drv_active(ha);
5464
5465 qla2x00_unmap_iobases(ha);
5466
5467 diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
5468 index e632e14180cf..bcc449a0c3a7 100644
5469 --- a/drivers/scsi/qla2xxx/qla_target.c
5470 +++ b/drivers/scsi/qla2xxx/qla_target.c
5471 @@ -1431,12 +1431,10 @@ static inline void qlt_unmap_sg(struct scsi_qla_host *vha,
5472 static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
5473 uint32_t req_cnt)
5474 {
5475 - struct qla_hw_data *ha = vha->hw;
5476 - device_reg_t __iomem *reg = ha->iobase;
5477 uint32_t cnt;
5478
5479 if (vha->req->cnt < (req_cnt + 2)) {
5480 - cnt = (uint16_t)RD_REG_DWORD(&reg->isp24.req_q_out);
5481 + cnt = (uint16_t)RD_REG_DWORD(vha->req->req_q_out);
5482
5483 ql_dbg(ql_dbg_tgt, vha, 0xe00a,
5484 "Request ring circled: cnt=%d, vha->->ring_index=%d, "
5485 @@ -3277,6 +3275,7 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host *vha,
5486 return -ENOMEM;
5487
5488 memcpy(&op->atio, atio, sizeof(*atio));
5489 + op->vha = vha;
5490 INIT_WORK(&op->work, qlt_create_sess_from_atio);
5491 queue_work(qla_tgt_wq, &op->work);
5492 return 0;
5493 diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
5494 index 6d207afec8cb..a4c45ea8f688 100644
5495 --- a/drivers/spi/spi-dw-mid.c
5496 +++ b/drivers/spi/spi-dw-mid.c
5497 @@ -89,7 +89,13 @@ err_exit:
5498
5499 static void mid_spi_dma_exit(struct dw_spi *dws)
5500 {
5501 + if (!dws->dma_inited)
5502 + return;
5503 +
5504 + dmaengine_terminate_all(dws->txchan);
5505 dma_release_channel(dws->txchan);
5506 +
5507 + dmaengine_terminate_all(dws->rxchan);
5508 dma_release_channel(dws->rxchan);
5509 }
5510
5511 @@ -136,7 +142,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
5512 txconf.dst_addr = dws->dma_addr;
5513 txconf.dst_maxburst = LNW_DMA_MSIZE_16;
5514 txconf.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
5515 - txconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
5516 + txconf.dst_addr_width = dws->dma_width;
5517 txconf.device_fc = false;
5518
5519 txchan->device->device_control(txchan, DMA_SLAVE_CONFIG,
5520 @@ -159,7 +165,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
5521 rxconf.src_addr = dws->dma_addr;
5522 rxconf.src_maxburst = LNW_DMA_MSIZE_16;
5523 rxconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
5524 - rxconf.src_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
5525 + rxconf.src_addr_width = dws->dma_width;
5526 rxconf.device_fc = false;
5527
5528 rxchan->device->device_control(rxchan, DMA_SLAVE_CONFIG,
5529 diff --git a/drivers/spi/spi-rockchip.c b/drivers/spi/spi-rockchip.c
5530 index 3afc266b666d..f96ea8a38d64 100644
5531 --- a/drivers/spi/spi-rockchip.c
5532 +++ b/drivers/spi/spi-rockchip.c
5533 @@ -415,7 +415,7 @@ static void rockchip_spi_dma_txcb(void *data)
5534 spin_unlock_irqrestore(&rs->lock, flags);
5535 }
5536
5537 -static int rockchip_spi_dma_transfer(struct rockchip_spi *rs)
5538 +static void rockchip_spi_prepare_dma(struct rockchip_spi *rs)
5539 {
5540 unsigned long flags;
5541 struct dma_slave_config rxconf, txconf;
5542 @@ -474,8 +474,6 @@ static int rockchip_spi_dma_transfer(struct rockchip_spi *rs)
5543 dmaengine_submit(txdesc);
5544 dma_async_issue_pending(rs->dma_tx.ch);
5545 }
5546 -
5547 - return 1;
5548 }
5549
5550 static void rockchip_spi_config(struct rockchip_spi *rs)
5551 @@ -557,16 +555,17 @@ static int rockchip_spi_transfer_one(
5552 else if (rs->rx)
5553 rs->tmode = CR0_XFM_RO;
5554
5555 - if (master->can_dma && master->can_dma(master, spi, xfer))
5556 + /* we need prepare dma before spi was enabled */
5557 + if (master->can_dma && master->can_dma(master, spi, xfer)) {
5558 rs->use_dma = 1;
5559 - else
5560 + rockchip_spi_prepare_dma(rs);
5561 + } else {
5562 rs->use_dma = 0;
5563 + }
5564
5565 rockchip_spi_config(rs);
5566
5567 - if (rs->use_dma)
5568 - ret = rockchip_spi_dma_transfer(rs);
5569 - else
5570 + if (!rs->use_dma)
5571 ret = rockchip_spi_pio_transfer(rs);
5572
5573 return ret;
5574 diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c
5575 index d017cec8a34a..e454b7c2ecd9 100644
5576 --- a/drivers/tty/serial/omap-serial.c
5577 +++ b/drivers/tty/serial/omap-serial.c
5578 @@ -254,8 +254,16 @@ serial_omap_baud_is_mode16(struct uart_port *port, unsigned int baud)
5579 {
5580 unsigned int n13 = port->uartclk / (13 * baud);
5581 unsigned int n16 = port->uartclk / (16 * baud);
5582 - int baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
5583 - int baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
5584 + int baudAbsDiff13;
5585 + int baudAbsDiff16;
5586 +
5587 + if (n13 == 0)
5588 + n13 = 1;
5589 + if (n16 == 0)
5590 + n16 = 1;
5591 +
5592 + baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
5593 + baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
5594 if (baudAbsDiff13 < 0)
5595 baudAbsDiff13 = -baudAbsDiff13;
5596 if (baudAbsDiff16 < 0)
5597 diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
5598 index f7825332a325..9558da3f06a0 100644
5599 --- a/drivers/vfio/pci/vfio_pci.c
5600 +++ b/drivers/vfio/pci/vfio_pci.c
5601 @@ -876,15 +876,11 @@ static void vfio_pci_remove(struct pci_dev *pdev)
5602 {
5603 struct vfio_pci_device *vdev;
5604
5605 - mutex_lock(&driver_lock);
5606 -
5607 vdev = vfio_del_group_dev(&pdev->dev);
5608 if (vdev) {
5609 iommu_group_put(pdev->dev.iommu_group);
5610 kfree(vdev);
5611 }
5612 -
5613 - mutex_unlock(&driver_lock);
5614 }
5615
5616 static pci_ers_result_t vfio_pci_aer_err_detected(struct pci_dev *pdev,
5617 @@ -927,108 +923,90 @@ static struct pci_driver vfio_pci_driver = {
5618 .err_handler = &vfio_err_handlers,
5619 };
5620
5621 -/*
5622 - * Test whether a reset is necessary and possible. We mark devices as
5623 - * needs_reset when they are released, but don't have a function-local reset
5624 - * available. If any of these exist in the affected devices, we want to do
5625 - * a bus/slot reset. We also need all of the affected devices to be unused,
5626 - * so we abort if any device has a non-zero refcnt. driver_lock prevents a
5627 - * device from being opened during the scan or unbound from vfio-pci.
5628 - */
5629 -static int vfio_pci_test_bus_reset(struct pci_dev *pdev, void *data)
5630 -{
5631 - bool *needs_reset = data;
5632 - struct pci_driver *pci_drv = ACCESS_ONCE(pdev->driver);
5633 - int ret = -EBUSY;
5634 -
5635 - if (pci_drv == &vfio_pci_driver) {
5636 - struct vfio_device *device;
5637 - struct vfio_pci_device *vdev;
5638 -
5639 - device = vfio_device_get_from_dev(&pdev->dev);
5640 - if (!device)
5641 - return ret;
5642 -
5643 - vdev = vfio_device_data(device);
5644 - if (vdev) {
5645 - if (vdev->needs_reset)
5646 - *needs_reset = true;
5647 -
5648 - if (!vdev->refcnt)
5649 - ret = 0;
5650 - }
5651 -
5652 - vfio_device_put(device);
5653 - }
5654 -
5655 - /*
5656 - * TODO: vfio-core considers groups to be viable even if some devices
5657 - * are attached to known drivers, like pci-stub or pcieport. We can't
5658 - * freeze devices from being unbound to those drivers like we can
5659 - * here though, so it would be racy to test for them. We also can't
5660 - * use device_lock() to prevent changes as that would interfere with
5661 - * PCI-core taking device_lock during bus reset. For now, we require
5662 - * devices to be bound to vfio-pci to get a bus/slot reset on release.
5663 - */
5664 -
5665 - return ret;
5666 -}
5667 +struct vfio_devices {
5668 + struct vfio_device **devices;
5669 + int cur_index;
5670 + int max_index;
5671 +};
5672
5673 -/* Clear needs_reset on all affected devices after successful bus/slot reset */
5674 -static int vfio_pci_clear_needs_reset(struct pci_dev *pdev, void *data)
5675 +static int vfio_pci_get_devs(struct pci_dev *pdev, void *data)
5676 {
5677 + struct vfio_devices *devs = data;
5678 struct pci_driver *pci_drv = ACCESS_ONCE(pdev->driver);
5679
5680 - if (pci_drv == &vfio_pci_driver) {
5681 - struct vfio_device *device;
5682 - struct vfio_pci_device *vdev;
5683 + if (pci_drv != &vfio_pci_driver)
5684 + return -EBUSY;
5685
5686 - device = vfio_device_get_from_dev(&pdev->dev);
5687 - if (!device)
5688 - return 0;
5689 + if (devs->cur_index == devs->max_index)
5690 + return -ENOSPC;
5691
5692 - vdev = vfio_device_data(device);
5693 - if (vdev)
5694 - vdev->needs_reset = false;
5695 -
5696 - vfio_device_put(device);
5697 - }
5698 + devs->devices[devs->cur_index] = vfio_device_get_from_dev(&pdev->dev);
5699 + if (!devs->devices[devs->cur_index])
5700 + return -EINVAL;
5701
5702 + devs->cur_index++;
5703 return 0;
5704 }
5705
5706 /*
5707 * Attempt to do a bus/slot reset if there are devices affected by a reset for
5708 * this device that are needs_reset and all of the affected devices are unused
5709 - * (!refcnt). Callers of this function are required to hold driver_lock such
5710 - * that devices can not be unbound from vfio-pci or opened by a user while we
5711 - * test for and perform a bus/slot reset.
5712 + * (!refcnt). Callers are required to hold driver_lock when calling this to
5713 + * prevent device opens and concurrent bus reset attempts. We prevent device
5714 + * unbinds by acquiring and holding a reference to the vfio_device.
5715 + *
5716 + * NB: vfio-core considers a group to be viable even if some devices are
5717 + * bound to drivers like pci-stub or pcieport. Here we require all devices
5718 + * to be bound to vfio_pci since that's the only way we can be sure they
5719 + * stay put.
5720 */
5721 static void vfio_pci_try_bus_reset(struct vfio_pci_device *vdev)
5722 {
5723 + struct vfio_devices devs = { .cur_index = 0 };
5724 + int i = 0, ret = -EINVAL;
5725 bool needs_reset = false, slot = false;
5726 - int ret;
5727 + struct vfio_pci_device *tmp;
5728
5729 if (!pci_probe_reset_slot(vdev->pdev->slot))
5730 slot = true;
5731 else if (pci_probe_reset_bus(vdev->pdev->bus))
5732 return;
5733
5734 - if (vfio_pci_for_each_slot_or_bus(vdev->pdev,
5735 - vfio_pci_test_bus_reset,
5736 - &needs_reset, slot) || !needs_reset)
5737 + if (vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs,
5738 + &i, slot) || !i)
5739 return;
5740
5741 - if (slot)
5742 - ret = pci_try_reset_slot(vdev->pdev->slot);
5743 - else
5744 - ret = pci_try_reset_bus(vdev->pdev->bus);
5745 -
5746 - if (ret)
5747 + devs.max_index = i;
5748 + devs.devices = kcalloc(i, sizeof(struct vfio_device *), GFP_KERNEL);
5749 + if (!devs.devices)
5750 return;
5751
5752 - vfio_pci_for_each_slot_or_bus(vdev->pdev,
5753 - vfio_pci_clear_needs_reset, NULL, slot);
5754 + if (vfio_pci_for_each_slot_or_bus(vdev->pdev,
5755 + vfio_pci_get_devs, &devs, slot))
5756 + goto put_devs;
5757 +
5758 + for (i = 0; i < devs.cur_index; i++) {
5759 + tmp = vfio_device_data(devs.devices[i]);
5760 + if (tmp->needs_reset)
5761 + needs_reset = true;
5762 + if (tmp->refcnt)
5763 + goto put_devs;
5764 + }
5765 +
5766 + if (needs_reset)
5767 + ret = slot ? pci_try_reset_slot(vdev->pdev->slot) :
5768 + pci_try_reset_bus(vdev->pdev->bus);
5769 +
5770 +put_devs:
5771 + for (i = 0; i < devs.cur_index; i++) {
5772 + if (!ret) {
5773 + tmp = vfio_device_data(devs.devices[i]);
5774 + tmp->needs_reset = false;
5775 + }
5776 + vfio_device_put(devs.devices[i]);
5777 + }
5778 +
5779 + kfree(devs.devices);
5780 }
5781
5782 static void __exit vfio_pci_cleanup(void)
5783 diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
5784 index 25ebe8eecdb7..c3eb93fc9261 100644
5785 --- a/drivers/virtio/virtio_balloon.c
5786 +++ b/drivers/virtio/virtio_balloon.c
5787 @@ -163,8 +163,8 @@ static void release_pages_by_pfn(const u32 pfns[], unsigned int num)
5788 /* Find pfns pointing at start of each page, get pages and free them. */
5789 for (i = 0; i < num; i += VIRTIO_BALLOON_PAGES_PER_PAGE) {
5790 struct page *page = balloon_pfn_to_page(pfns[i]);
5791 - balloon_page_free(page);
5792 adjust_managed_page_count(page, 1);
5793 + put_page(page); /* balloon reference */
5794 }
5795 }
5796
5797 @@ -395,6 +395,8 @@ static int virtballoon_migratepage(struct address_space *mapping,
5798 if (!mutex_trylock(&vb->balloon_lock))
5799 return -EAGAIN;
5800
5801 + get_page(newpage); /* balloon reference */
5802 +
5803 /* balloon's page migration 1st step -- inflate "newpage" */
5804 spin_lock_irqsave(&vb_dev_info->pages_lock, flags);
5805 balloon_page_insert(newpage, mapping, &vb_dev_info->pages);
5806 @@ -404,12 +406,7 @@ static int virtballoon_migratepage(struct address_space *mapping,
5807 set_page_pfns(vb->pfns, newpage);
5808 tell_host(vb, vb->inflate_vq);
5809
5810 - /*
5811 - * balloon's page migration 2nd step -- deflate "page"
5812 - *
5813 - * It's safe to delete page->lru here because this page is at
5814 - * an isolated migration list, and this step is expected to happen here
5815 - */
5816 + /* balloon's page migration 2nd step -- deflate "page" */
5817 balloon_page_delete(page);
5818 vb->num_pfns = VIRTIO_BALLOON_PAGES_PER_PAGE;
5819 set_page_pfns(vb->pfns, page);
5820 @@ -417,7 +414,9 @@ static int virtballoon_migratepage(struct address_space *mapping,
5821
5822 mutex_unlock(&vb->balloon_lock);
5823
5824 - return MIGRATEPAGE_BALLOON_SUCCESS;
5825 + put_page(page); /* balloon reference */
5826 +
5827 + return MIGRATEPAGE_SUCCESS;
5828 }
5829
5830 /* define the balloon_mapping->a_ops callback to allow balloon page migration */
5831 diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
5832 index eea26e1b2fda..d738ff8ab81c 100644
5833 --- a/fs/btrfs/dev-replace.c
5834 +++ b/fs/btrfs/dev-replace.c
5835 @@ -567,6 +567,8 @@ static int btrfs_dev_replace_finishing(struct btrfs_fs_info *fs_info,
5836 btrfs_kobj_rm_device(fs_info, src_device);
5837 btrfs_kobj_add_device(fs_info, tgt_device);
5838
5839 + btrfs_dev_replace_unlock(dev_replace);
5840 +
5841 btrfs_rm_dev_replace_blocked(fs_info);
5842
5843 btrfs_rm_dev_replace_srcdev(fs_info, src_device);
5844 @@ -580,7 +582,6 @@ static int btrfs_dev_replace_finishing(struct btrfs_fs_info *fs_info,
5845 * superblock is scratched out so that it is no longer marked to
5846 * belong to this filesystem.
5847 */
5848 - btrfs_dev_replace_unlock(dev_replace);
5849 mutex_unlock(&root->fs_info->fs_devices->device_list_mutex);
5850 mutex_unlock(&root->fs_info->chunk_mutex);
5851
5852 diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
5853 index 3efe1c3877bf..98042c1a48b4 100644
5854 --- a/fs/btrfs/extent-tree.c
5855 +++ b/fs/btrfs/extent-tree.c
5856 @@ -4502,7 +4502,13 @@ again:
5857 space_info->flush = 1;
5858 } else if (!ret && space_info->flags & BTRFS_BLOCK_GROUP_METADATA) {
5859 used += orig_bytes;
5860 - if (need_do_async_reclaim(space_info, root->fs_info, used) &&
5861 + /*
5862 + * We will do the space reservation dance during log replay,
5863 + * which means we won't have fs_info->fs_root set, so don't do
5864 + * the async reclaim as we will panic.
5865 + */
5866 + if (!root->fs_info->log_root_recovering &&
5867 + need_do_async_reclaim(space_info, root->fs_info, used) &&
5868 !work_busy(&root->fs_info->async_reclaim_work))
5869 queue_work(system_unbound_wq,
5870 &root->fs_info->async_reclaim_work);
5871 diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
5872 index ff1cc0399b9a..68dd92cd7d54 100644
5873 --- a/fs/btrfs/file.c
5874 +++ b/fs/btrfs/file.c
5875 @@ -2621,23 +2621,28 @@ static int find_desired_extent(struct inode *inode, loff_t *offset, int whence)
5876 struct btrfs_root *root = BTRFS_I(inode)->root;
5877 struct extent_map *em = NULL;
5878 struct extent_state *cached_state = NULL;
5879 - u64 lockstart = *offset;
5880 - u64 lockend = i_size_read(inode);
5881 - u64 start = *offset;
5882 - u64 len = i_size_read(inode);
5883 + u64 lockstart;
5884 + u64 lockend;
5885 + u64 start;
5886 + u64 len;
5887 int ret = 0;
5888
5889 - lockend = max_t(u64, root->sectorsize, lockend);
5890 + if (inode->i_size == 0)
5891 + return -ENXIO;
5892 +
5893 + /*
5894 + * *offset can be negative, in this case we start finding DATA/HOLE from
5895 + * the very start of the file.
5896 + */
5897 + start = max_t(loff_t, 0, *offset);
5898 +
5899 + lockstart = round_down(start, root->sectorsize);
5900 + lockend = round_up(i_size_read(inode), root->sectorsize);
5901 if (lockend <= lockstart)
5902 lockend = lockstart + root->sectorsize;
5903 -
5904 lockend--;
5905 len = lockend - lockstart + 1;
5906
5907 - len = max_t(u64, len, root->sectorsize);
5908 - if (inode->i_size == 0)
5909 - return -ENXIO;
5910 -
5911 lock_extent_bits(&BTRFS_I(inode)->io_tree, lockstart, lockend, 0,
5912 &cached_state);
5913
5914 diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
5915 index 016c403bfe7e..886d8d42640d 100644
5916 --- a/fs/btrfs/inode.c
5917 +++ b/fs/btrfs/inode.c
5918 @@ -3662,7 +3662,8 @@ noinline int btrfs_update_inode(struct btrfs_trans_handle *trans,
5919 * without delay
5920 */
5921 if (!btrfs_is_free_space_inode(inode)
5922 - && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID) {
5923 + && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID
5924 + && !root->fs_info->log_root_recovering) {
5925 btrfs_update_root_times(trans, root);
5926
5927 ret = btrfs_delayed_update_inode(trans, root, inode);
5928 @@ -5202,42 +5203,6 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
5929 iput(inode);
5930 inode = ERR_PTR(ret);
5931 }
5932 - /*
5933 - * If orphan cleanup did remove any orphans, it means the tree
5934 - * was modified and therefore the commit root is not the same as
5935 - * the current root anymore. This is a problem, because send
5936 - * uses the commit root and therefore can see inode items that
5937 - * don't exist in the current root anymore, and for example make
5938 - * calls to btrfs_iget, which will do tree lookups based on the
5939 - * current root and not on the commit root. Those lookups will
5940 - * fail, returning a -ESTALE error, and making send fail with
5941 - * that error. So make sure a send does not see any orphans we
5942 - * have just removed, and that it will see the same inodes
5943 - * regardless of whether a transaction commit happened before
5944 - * it started (meaning that the commit root will be the same as
5945 - * the current root) or not.
5946 - */
5947 - if (sub_root->node != sub_root->commit_root) {
5948 - u64 sub_flags = btrfs_root_flags(&sub_root->root_item);
5949 -
5950 - if (sub_flags & BTRFS_ROOT_SUBVOL_RDONLY) {
5951 - struct extent_buffer *eb;
5952 -
5953 - /*
5954 - * Assert we can't have races between dentry
5955 - * lookup called through the snapshot creation
5956 - * ioctl and the VFS.
5957 - */
5958 - ASSERT(mutex_is_locked(&dir->i_mutex));
5959 -
5960 - down_write(&root->fs_info->commit_root_sem);
5961 - eb = sub_root->commit_root;
5962 - sub_root->commit_root =
5963 - btrfs_root_node(sub_root);
5964 - up_write(&root->fs_info->commit_root_sem);
5965 - free_extent_buffer(eb);
5966 - }
5967 - }
5968 }
5969
5970 return inode;
5971 @@ -6191,21 +6156,60 @@ out_fail_inode:
5972 goto out_fail;
5973 }
5974
5975 +/* Find next extent map of a given extent map, caller needs to ensure locks */
5976 +static struct extent_map *next_extent_map(struct extent_map *em)
5977 +{
5978 + struct rb_node *next;
5979 +
5980 + next = rb_next(&em->rb_node);
5981 + if (!next)
5982 + return NULL;
5983 + return container_of(next, struct extent_map, rb_node);
5984 +}
5985 +
5986 +static struct extent_map *prev_extent_map(struct extent_map *em)
5987 +{
5988 + struct rb_node *prev;
5989 +
5990 + prev = rb_prev(&em->rb_node);
5991 + if (!prev)
5992 + return NULL;
5993 + return container_of(prev, struct extent_map, rb_node);
5994 +}
5995 +
5996 /* helper for btfs_get_extent. Given an existing extent in the tree,
5997 + * the existing extent is the nearest extent to map_start,
5998 * and an extent that you want to insert, deal with overlap and insert
5999 - * the new extent into the tree.
6000 + * the best fitted new extent into the tree.
6001 */
6002 static int merge_extent_mapping(struct extent_map_tree *em_tree,
6003 struct extent_map *existing,
6004 struct extent_map *em,
6005 u64 map_start)
6006 {
6007 + struct extent_map *prev;
6008 + struct extent_map *next;
6009 + u64 start;
6010 + u64 end;
6011 u64 start_diff;
6012
6013 BUG_ON(map_start < em->start || map_start >= extent_map_end(em));
6014 - start_diff = map_start - em->start;
6015 - em->start = map_start;
6016 - em->len = existing->start - em->start;
6017 +
6018 + if (existing->start > map_start) {
6019 + next = existing;
6020 + prev = prev_extent_map(next);
6021 + } else {
6022 + prev = existing;
6023 + next = next_extent_map(prev);
6024 + }
6025 +
6026 + start = prev ? extent_map_end(prev) : em->start;
6027 + start = max_t(u64, start, em->start);
6028 + end = next ? next->start : extent_map_end(em);
6029 + end = min_t(u64, end, extent_map_end(em));
6030 + start_diff = start - em->start;
6031 + em->start = start;
6032 + em->len = end - start;
6033 if (em->block_start < EXTENT_MAP_LAST_BYTE &&
6034 !test_bit(EXTENT_FLAG_COMPRESSED, &em->flags)) {
6035 em->block_start += start_diff;
6036 @@ -6482,25 +6486,21 @@ insert:
6037
6038 ret = 0;
6039
6040 - existing = lookup_extent_mapping(em_tree, start, len);
6041 - if (existing && (existing->start > start ||
6042 - existing->start + existing->len <= start)) {
6043 + existing = search_extent_mapping(em_tree, start, len);
6044 + /*
6045 + * existing will always be non-NULL, since there must be
6046 + * extent causing the -EEXIST.
6047 + */
6048 + if (start >= extent_map_end(existing) ||
6049 + start <= existing->start) {
6050 + /*
6051 + * The existing extent map is the one nearest to
6052 + * the [start, start + len) range which overlaps
6053 + */
6054 + err = merge_extent_mapping(em_tree, existing,
6055 + em, start);
6056 free_extent_map(existing);
6057 - existing = NULL;
6058 - }
6059 - if (!existing) {
6060 - existing = lookup_extent_mapping(em_tree, em->start,
6061 - em->len);
6062 - if (existing) {
6063 - err = merge_extent_mapping(em_tree, existing,
6064 - em, start);
6065 - free_extent_map(existing);
6066 - if (err) {
6067 - free_extent_map(em);
6068 - em = NULL;
6069 - }
6070 - } else {
6071 - err = -EIO;
6072 + if (err) {
6073 free_extent_map(em);
6074 em = NULL;
6075 }
6076 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
6077 index 8a8e29878c34..b765d412cbb6 100644
6078 --- a/fs/btrfs/ioctl.c
6079 +++ b/fs/btrfs/ioctl.c
6080 @@ -332,6 +332,9 @@ static int btrfs_ioctl_setflags(struct file *file, void __user *arg)
6081 goto out_drop;
6082
6083 } else {
6084 + ret = btrfs_set_prop(inode, "btrfs.compression", NULL, 0, 0);
6085 + if (ret && ret != -ENODATA)
6086 + goto out_drop;
6087 ip->flags &= ~(BTRFS_INODE_COMPRESS | BTRFS_INODE_NOCOMPRESS);
6088 }
6089
6090 @@ -711,6 +714,39 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir,
6091 if (ret)
6092 goto fail;
6093
6094 + ret = btrfs_orphan_cleanup(pending_snapshot->snap);
6095 + if (ret)
6096 + goto fail;
6097 +
6098 + /*
6099 + * If orphan cleanup did remove any orphans, it means the tree was
6100 + * modified and therefore the commit root is not the same as the
6101 + * current root anymore. This is a problem, because send uses the
6102 + * commit root and therefore can see inode items that don't exist
6103 + * in the current root anymore, and for example make calls to
6104 + * btrfs_iget, which will do tree lookups based on the current root
6105 + * and not on the commit root. Those lookups will fail, returning a
6106 + * -ESTALE error, and making send fail with that error. So make sure
6107 + * a send does not see any orphans we have just removed, and that it
6108 + * will see the same inodes regardless of whether a transaction
6109 + * commit happened before it started (meaning that the commit root
6110 + * will be the same as the current root) or not.
6111 + */
6112 + if (readonly && pending_snapshot->snap->node !=
6113 + pending_snapshot->snap->commit_root) {
6114 + trans = btrfs_join_transaction(pending_snapshot->snap);
6115 + if (IS_ERR(trans) && PTR_ERR(trans) != -ENOENT) {
6116 + ret = PTR_ERR(trans);
6117 + goto fail;
6118 + }
6119 + if (!IS_ERR(trans)) {
6120 + ret = btrfs_commit_transaction(trans,
6121 + pending_snapshot->snap);
6122 + if (ret)
6123 + goto fail;
6124 + }
6125 + }
6126 +
6127 inode = btrfs_lookup_dentry(dentry->d_parent->d_inode, dentry);
6128 if (IS_ERR(inode)) {
6129 ret = PTR_ERR(inode);
6130 @@ -5283,6 +5319,12 @@ long btrfs_ioctl(struct file *file, unsigned int
6131 if (ret)
6132 return ret;
6133 ret = btrfs_sync_fs(file->f_dentry->d_sb, 1);
6134 + /*
6135 + * The transaction thread may want to do more work,
6136 + * namely it pokes the cleaner ktread that will start
6137 + * processing uncleaned subvols.
6138 + */
6139 + wake_up_process(root->fs_info->transaction_kthread);
6140 return ret;
6141 }
6142 case BTRFS_IOC_START_SYNC:
6143 diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
6144 index ded5c601d916..d094534c3b53 100644
6145 --- a/fs/btrfs/qgroup.c
6146 +++ b/fs/btrfs/qgroup.c
6147 @@ -551,9 +551,15 @@ static int add_qgroup_item(struct btrfs_trans_handle *trans,
6148 key.type = BTRFS_QGROUP_INFO_KEY;
6149 key.offset = qgroupid;
6150
6151 + /*
6152 + * Avoid a transaction abort by catching -EEXIST here. In that
6153 + * case, we proceed by re-initializing the existing structure
6154 + * on disk.
6155 + */
6156 +
6157 ret = btrfs_insert_empty_item(trans, quota_root, path, &key,
6158 sizeof(*qgroup_info));
6159 - if (ret)
6160 + if (ret && ret != -EEXIST)
6161 goto out;
6162
6163 leaf = path->nodes[0];
6164 @@ -572,7 +578,7 @@ static int add_qgroup_item(struct btrfs_trans_handle *trans,
6165 key.type = BTRFS_QGROUP_LIMIT_KEY;
6166 ret = btrfs_insert_empty_item(trans, quota_root, path, &key,
6167 sizeof(*qgroup_limit));
6168 - if (ret)
6169 + if (ret && ret != -EEXIST)
6170 goto out;
6171
6172 leaf = path->nodes[0];
6173 diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
6174 index 65245a07275b..56fe6ec409ac 100644
6175 --- a/fs/btrfs/relocation.c
6176 +++ b/fs/btrfs/relocation.c
6177 @@ -736,7 +736,8 @@ again:
6178 err = ret;
6179 goto out;
6180 }
6181 - BUG_ON(!ret || !path1->slots[0]);
6182 + ASSERT(ret);
6183 + ASSERT(path1->slots[0]);
6184
6185 path1->slots[0]--;
6186
6187 @@ -746,10 +747,10 @@ again:
6188 * the backref was added previously when processing
6189 * backref of type BTRFS_TREE_BLOCK_REF_KEY
6190 */
6191 - BUG_ON(!list_is_singular(&cur->upper));
6192 + ASSERT(list_is_singular(&cur->upper));
6193 edge = list_entry(cur->upper.next, struct backref_edge,
6194 list[LOWER]);
6195 - BUG_ON(!list_empty(&edge->list[UPPER]));
6196 + ASSERT(list_empty(&edge->list[UPPER]));
6197 exist = edge->node[UPPER];
6198 /*
6199 * add the upper level block to pending list if we need
6200 @@ -831,7 +832,7 @@ again:
6201 cur->cowonly = 1;
6202 }
6203 #else
6204 - BUG_ON(key.type == BTRFS_EXTENT_REF_V0_KEY);
6205 + ASSERT(key.type != BTRFS_EXTENT_REF_V0_KEY);
6206 if (key.type == BTRFS_SHARED_BLOCK_REF_KEY) {
6207 #endif
6208 if (key.objectid == key.offset) {
6209 @@ -840,7 +841,7 @@ again:
6210 * backref of this type.
6211 */
6212 root = find_reloc_root(rc, cur->bytenr);
6213 - BUG_ON(!root);
6214 + ASSERT(root);
6215 cur->root = root;
6216 break;
6217 }
6218 @@ -868,7 +869,7 @@ again:
6219 } else {
6220 upper = rb_entry(rb_node, struct backref_node,
6221 rb_node);
6222 - BUG_ON(!upper->checked);
6223 + ASSERT(upper->checked);
6224 INIT_LIST_HEAD(&edge->list[UPPER]);
6225 }
6226 list_add_tail(&edge->list[LOWER], &cur->upper);
6227 @@ -892,7 +893,7 @@ again:
6228
6229 if (btrfs_root_level(&root->root_item) == cur->level) {
6230 /* tree root */
6231 - BUG_ON(btrfs_root_bytenr(&root->root_item) !=
6232 + ASSERT(btrfs_root_bytenr(&root->root_item) ==
6233 cur->bytenr);
6234 if (should_ignore_root(root))
6235 list_add(&cur->list, &useless);
6236 @@ -927,7 +928,7 @@ again:
6237 need_check = true;
6238 for (; level < BTRFS_MAX_LEVEL; level++) {
6239 if (!path2->nodes[level]) {
6240 - BUG_ON(btrfs_root_bytenr(&root->root_item) !=
6241 + ASSERT(btrfs_root_bytenr(&root->root_item) ==
6242 lower->bytenr);
6243 if (should_ignore_root(root))
6244 list_add(&lower->list, &useless);
6245 @@ -977,12 +978,15 @@ again:
6246 need_check = false;
6247 list_add_tail(&edge->list[UPPER],
6248 &list);
6249 - } else
6250 + } else {
6251 + if (upper->checked)
6252 + need_check = true;
6253 INIT_LIST_HEAD(&edge->list[UPPER]);
6254 + }
6255 } else {
6256 upper = rb_entry(rb_node, struct backref_node,
6257 rb_node);
6258 - BUG_ON(!upper->checked);
6259 + ASSERT(upper->checked);
6260 INIT_LIST_HEAD(&edge->list[UPPER]);
6261 if (!upper->owner)
6262 upper->owner = btrfs_header_owner(eb);
6263 @@ -1026,7 +1030,7 @@ next:
6264 * everything goes well, connect backref nodes and insert backref nodes
6265 * into the cache.
6266 */
6267 - BUG_ON(!node->checked);
6268 + ASSERT(node->checked);
6269 cowonly = node->cowonly;
6270 if (!cowonly) {
6271 rb_node = tree_insert(&cache->rb_root, node->bytenr,
6272 @@ -1062,8 +1066,21 @@ next:
6273 continue;
6274 }
6275
6276 - BUG_ON(!upper->checked);
6277 - BUG_ON(cowonly != upper->cowonly);
6278 + if (!upper->checked) {
6279 + /*
6280 + * Still want to blow up for developers since this is a
6281 + * logic bug.
6282 + */
6283 + ASSERT(0);
6284 + err = -EINVAL;
6285 + goto out;
6286 + }
6287 + if (cowonly != upper->cowonly) {
6288 + ASSERT(0);
6289 + err = -EINVAL;
6290 + goto out;
6291 + }
6292 +
6293 if (!cowonly) {
6294 rb_node = tree_insert(&cache->rb_root, upper->bytenr,
6295 &upper->rb_node);
6296 @@ -1086,7 +1103,7 @@ next:
6297 while (!list_empty(&useless)) {
6298 upper = list_entry(useless.next, struct backref_node, list);
6299 list_del_init(&upper->list);
6300 - BUG_ON(!list_empty(&upper->upper));
6301 + ASSERT(list_empty(&upper->upper));
6302 if (upper == node)
6303 node = NULL;
6304 if (upper->lowest) {
6305 @@ -1119,29 +1136,45 @@ out:
6306 if (err) {
6307 while (!list_empty(&useless)) {
6308 lower = list_entry(useless.next,
6309 - struct backref_node, upper);
6310 - list_del_init(&lower->upper);
6311 + struct backref_node, list);
6312 + list_del_init(&lower->list);
6313 }
6314 - upper = node;
6315 - INIT_LIST_HEAD(&list);
6316 - while (upper) {
6317 - if (RB_EMPTY_NODE(&upper->rb_node)) {
6318 - list_splice_tail(&upper->upper, &list);
6319 - free_backref_node(cache, upper);
6320 - }
6321 -
6322 - if (list_empty(&list))
6323 - break;
6324 -
6325 - edge = list_entry(list.next, struct backref_edge,
6326 - list[LOWER]);
6327 + while (!list_empty(&list)) {
6328 + edge = list_first_entry(&list, struct backref_edge,
6329 + list[UPPER]);
6330 + list_del(&edge->list[UPPER]);
6331 list_del(&edge->list[LOWER]);
6332 + lower = edge->node[LOWER];
6333 upper = edge->node[UPPER];
6334 free_backref_edge(cache, edge);
6335 +
6336 + /*
6337 + * Lower is no longer linked to any upper backref nodes
6338 + * and isn't in the cache, we can free it ourselves.
6339 + */
6340 + if (list_empty(&lower->upper) &&
6341 + RB_EMPTY_NODE(&lower->rb_node))
6342 + list_add(&lower->list, &useless);
6343 +
6344 + if (!RB_EMPTY_NODE(&upper->rb_node))
6345 + continue;
6346 +
6347 + /* Add this guy's upper edges to the list to proces */
6348 + list_for_each_entry(edge, &upper->upper, list[LOWER])
6349 + list_add_tail(&edge->list[UPPER], &list);
6350 + if (list_empty(&upper->upper))
6351 + list_add(&upper->list, &useless);
6352 + }
6353 +
6354 + while (!list_empty(&useless)) {
6355 + lower = list_entry(useless.next,
6356 + struct backref_node, list);
6357 + list_del_init(&lower->list);
6358 + free_backref_node(cache, lower);
6359 }
6360 return ERR_PTR(err);
6361 }
6362 - BUG_ON(node && node->detached);
6363 + ASSERT(!node || !node->detached);
6364 return node;
6365 }
6366
6367 diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
6368 index d89c6d3542ca..98a25df1c430 100644
6369 --- a/fs/btrfs/transaction.c
6370 +++ b/fs/btrfs/transaction.c
6371 @@ -609,7 +609,6 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
6372 if (transid <= root->fs_info->last_trans_committed)
6373 goto out;
6374
6375 - ret = -EINVAL;
6376 /* find specified transaction */
6377 spin_lock(&root->fs_info->trans_lock);
6378 list_for_each_entry(t, &root->fs_info->trans_list, list) {
6379 @@ -625,9 +624,16 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
6380 }
6381 }
6382 spin_unlock(&root->fs_info->trans_lock);
6383 - /* The specified transaction doesn't exist */
6384 - if (!cur_trans)
6385 +
6386 + /*
6387 + * The specified transaction doesn't exist, or we
6388 + * raced with btrfs_commit_transaction
6389 + */
6390 + if (!cur_trans) {
6391 + if (transid > root->fs_info->last_trans_committed)
6392 + ret = -EINVAL;
6393 goto out;
6394 + }
6395 } else {
6396 /* find newest transaction that is committing | committed */
6397 spin_lock(&root->fs_info->trans_lock);
6398 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
6399 index d4a9431ec73c..57ee4c53b4f8 100644
6400 --- a/fs/ecryptfs/inode.c
6401 +++ b/fs/ecryptfs/inode.c
6402 @@ -1039,7 +1039,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
6403 }
6404
6405 rc = vfs_setxattr(lower_dentry, name, value, size, flags);
6406 - if (!rc)
6407 + if (!rc && dentry->d_inode)
6408 fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode);
6409 out:
6410 return rc;
6411 diff --git a/fs/namei.c b/fs/namei.c
6412 index a7b05bf82d31..3ddb044f3702 100644
6413 --- a/fs/namei.c
6414 +++ b/fs/namei.c
6415 @@ -3074,7 +3074,7 @@ opened:
6416 error = open_check_o_direct(file);
6417 if (error)
6418 goto exit_fput;
6419 - error = ima_file_check(file, op->acc_mode);
6420 + error = ima_file_check(file, op->acc_mode, *opened);
6421 if (error)
6422 goto exit_fput;
6423
6424 diff --git a/fs/namespace.c b/fs/namespace.c
6425 index ef42d9bee212..7f67b463a5b4 100644
6426 --- a/fs/namespace.c
6427 +++ b/fs/namespace.c
6428 @@ -1356,6 +1356,8 @@ static int do_umount(struct mount *mnt, int flags)
6429 * Special case for "unmounting" root ...
6430 * we just try to remount it readonly.
6431 */
6432 + if (!capable(CAP_SYS_ADMIN))
6433 + return -EPERM;
6434 down_write(&sb->s_umount);
6435 if (!(sb->s_flags & MS_RDONLY))
6436 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
6437 diff --git a/fs/nfs/client.c b/fs/nfs/client.c
6438 index 6a4f3666e273..94088517039f 100644
6439 --- a/fs/nfs/client.c
6440 +++ b/fs/nfs/client.c
6441 @@ -1318,7 +1318,7 @@ static int nfs_server_list_show(struct seq_file *m, void *v)
6442 */
6443 static int nfs_volume_list_open(struct inode *inode, struct file *file)
6444 {
6445 - return seq_open_net(inode, file, &nfs_server_list_ops,
6446 + return seq_open_net(inode, file, &nfs_volume_list_ops,
6447 sizeof(struct seq_net_private));
6448 }
6449
6450 diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
6451 index 90978075f730..f59713e091a8 100644
6452 --- a/fs/nfs/filelayout/filelayout.c
6453 +++ b/fs/nfs/filelayout/filelayout.c
6454 @@ -1031,7 +1031,7 @@ filelayout_clear_request_commit(struct nfs_page *req,
6455 }
6456 out:
6457 nfs_request_remove_commit_list(req, cinfo);
6458 - pnfs_put_lseg_async(freeme);
6459 + pnfs_put_lseg_locked(freeme);
6460 }
6461
6462 static void
6463 diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
6464 index 6ca0c8e7a945..0422d77b73c7 100644
6465 --- a/fs/nfs/nfs4proc.c
6466 +++ b/fs/nfs/nfs4proc.c
6467 @@ -7353,7 +7353,7 @@ static int nfs41_proc_async_sequence(struct nfs_client *clp, struct rpc_cred *cr
6468 int ret = 0;
6469
6470 if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0)
6471 - return 0;
6472 + return -EAGAIN;
6473 task = _nfs41_proc_sequence(clp, cred, false);
6474 if (IS_ERR(task))
6475 ret = PTR_ERR(task);
6476 diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c
6477 index 1720d32ffa54..e1ba58c3d1ad 100644
6478 --- a/fs/nfs/nfs4renewd.c
6479 +++ b/fs/nfs/nfs4renewd.c
6480 @@ -88,10 +88,18 @@ nfs4_renew_state(struct work_struct *work)
6481 }
6482 nfs_expire_all_delegations(clp);
6483 } else {
6484 + int ret;
6485 +
6486 /* Queue an asynchronous RENEW. */
6487 - ops->sched_state_renewal(clp, cred, renew_flags);
6488 + ret = ops->sched_state_renewal(clp, cred, renew_flags);
6489 put_rpccred(cred);
6490 - goto out_exp;
6491 + switch (ret) {
6492 + default:
6493 + goto out_exp;
6494 + case -EAGAIN:
6495 + case -ENOMEM:
6496 + break;
6497 + }
6498 }
6499 } else {
6500 dprintk("%s: failed to call renewd. Reason: lease not expired \n",
6501 diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
6502 index 22fe35104c0c..5194933ed419 100644
6503 --- a/fs/nfs/nfs4state.c
6504 +++ b/fs/nfs/nfs4state.c
6505 @@ -1705,7 +1705,8 @@ restart:
6506 if (status < 0) {
6507 set_bit(ops->owner_flag_bit, &sp->so_flags);
6508 nfs4_put_state_owner(sp);
6509 - return nfs4_recovery_handle_error(clp, status);
6510 + status = nfs4_recovery_handle_error(clp, status);
6511 + return (status != 0) ? status : -EAGAIN;
6512 }
6513
6514 nfs4_put_state_owner(sp);
6515 @@ -1714,7 +1715,7 @@ restart:
6516 spin_unlock(&clp->cl_lock);
6517 }
6518 rcu_read_unlock();
6519 - return status;
6520 + return 0;
6521 }
6522
6523 static int nfs4_check_lease(struct nfs_client *clp)
6524 @@ -1761,7 +1762,6 @@ static int nfs4_handle_reclaim_lease_error(struct nfs_client *clp, int status)
6525 break;
6526 case -NFS4ERR_STALE_CLIENTID:
6527 clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state);
6528 - nfs4_state_clear_reclaim_reboot(clp);
6529 nfs4_state_start_reclaim_reboot(clp);
6530 break;
6531 case -NFS4ERR_CLID_INUSE:
6532 @@ -2345,6 +2345,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
6533 status = nfs4_check_lease(clp);
6534 if (status < 0)
6535 goto out_error;
6536 + continue;
6537 }
6538
6539 if (test_and_clear_bit(NFS4CLNT_MOVED, &clp->cl_state)) {
6540 @@ -2366,14 +2367,11 @@ static void nfs4_state_manager(struct nfs_client *clp)
6541 section = "reclaim reboot";
6542 status = nfs4_do_reclaim(clp,
6543 clp->cl_mvops->reboot_recovery_ops);
6544 - if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
6545 - test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state))
6546 - continue;
6547 - nfs4_state_end_reclaim_reboot(clp);
6548 - if (test_bit(NFS4CLNT_RECLAIM_NOGRACE, &clp->cl_state))
6549 + if (status == -EAGAIN)
6550 continue;
6551 if (status < 0)
6552 goto out_error;
6553 + nfs4_state_end_reclaim_reboot(clp);
6554 }
6555
6556 /* Now recover expired state... */
6557 @@ -2381,9 +2379,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
6558 section = "reclaim nograce";
6559 status = nfs4_do_reclaim(clp,
6560 clp->cl_mvops->nograce_recovery_ops);
6561 - if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
6562 - test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state) ||
6563 - test_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
6564 + if (status == -EAGAIN)
6565 continue;
6566 if (status < 0)
6567 goto out_error;
6568 diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
6569 index be7cbce6e4c7..9229d4780f87 100644
6570 --- a/fs/nfs/pagelist.c
6571 +++ b/fs/nfs/pagelist.c
6572 @@ -518,7 +518,8 @@ EXPORT_SYMBOL_GPL(nfs_pgio_header_free);
6573 */
6574 void nfs_pgio_data_destroy(struct nfs_pgio_header *hdr)
6575 {
6576 - put_nfs_open_context(hdr->args.context);
6577 + if (hdr->args.context)
6578 + put_nfs_open_context(hdr->args.context);
6579 if (hdr->page_array.pagevec != hdr->page_array.page_array)
6580 kfree(hdr->page_array.pagevec);
6581 }
6582 @@ -743,12 +744,11 @@ int nfs_generic_pgio(struct nfs_pageio_descriptor *desc,
6583 nfs_list_remove_request(req);
6584 nfs_list_add_request(req, &hdr->pages);
6585
6586 - if (WARN_ON_ONCE(pageused >= pagecount))
6587 - return nfs_pgio_error(desc, hdr);
6588 -
6589 if (!last_page || last_page != req->wb_page) {
6590 - *pages++ = last_page = req->wb_page;
6591 pageused++;
6592 + if (pageused > pagecount)
6593 + break;
6594 + *pages++ = last_page = req->wb_page;
6595 }
6596 }
6597 if (WARN_ON_ONCE(pageused != pagecount))
6598 diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
6599 index a3851debf8a2..5480720bdc0f 100644
6600 --- a/fs/nfs/pnfs.c
6601 +++ b/fs/nfs/pnfs.c
6602 @@ -361,22 +361,43 @@ pnfs_put_lseg(struct pnfs_layout_segment *lseg)
6603 }
6604 EXPORT_SYMBOL_GPL(pnfs_put_lseg);
6605
6606 -static void pnfs_put_lseg_async_work(struct work_struct *work)
6607 +static void pnfs_free_lseg_async_work(struct work_struct *work)
6608 {
6609 struct pnfs_layout_segment *lseg;
6610 + struct pnfs_layout_hdr *lo;
6611
6612 lseg = container_of(work, struct pnfs_layout_segment, pls_work);
6613 + lo = lseg->pls_layout;
6614
6615 - pnfs_put_lseg(lseg);
6616 + pnfs_free_lseg(lseg);
6617 + pnfs_put_layout_hdr(lo);
6618 }
6619
6620 -void
6621 -pnfs_put_lseg_async(struct pnfs_layout_segment *lseg)
6622 +static void pnfs_free_lseg_async(struct pnfs_layout_segment *lseg)
6623 {
6624 - INIT_WORK(&lseg->pls_work, pnfs_put_lseg_async_work);
6625 + INIT_WORK(&lseg->pls_work, pnfs_free_lseg_async_work);
6626 schedule_work(&lseg->pls_work);
6627 }
6628 -EXPORT_SYMBOL_GPL(pnfs_put_lseg_async);
6629 +
6630 +void
6631 +pnfs_put_lseg_locked(struct pnfs_layout_segment *lseg)
6632 +{
6633 + if (!lseg)
6634 + return;
6635 +
6636 + assert_spin_locked(&lseg->pls_layout->plh_inode->i_lock);
6637 +
6638 + dprintk("%s: lseg %p ref %d valid %d\n", __func__, lseg,
6639 + atomic_read(&lseg->pls_refcount),
6640 + test_bit(NFS_LSEG_VALID, &lseg->pls_flags));
6641 + if (atomic_dec_and_test(&lseg->pls_refcount)) {
6642 + struct pnfs_layout_hdr *lo = lseg->pls_layout;
6643 + pnfs_get_layout_hdr(lo);
6644 + pnfs_layout_remove_lseg(lo, lseg);
6645 + pnfs_free_lseg_async(lseg);
6646 + }
6647 +}
6648 +EXPORT_SYMBOL_GPL(pnfs_put_lseg_locked);
6649
6650 static u64
6651 end_offset(u64 start, u64 len)
6652 diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h
6653 index aca3dff5dae6..bc2db1c2a5ee 100644
6654 --- a/fs/nfs/pnfs.h
6655 +++ b/fs/nfs/pnfs.h
6656 @@ -183,7 +183,7 @@ extern int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp);
6657 /* pnfs.c */
6658 void pnfs_get_layout_hdr(struct pnfs_layout_hdr *lo);
6659 void pnfs_put_lseg(struct pnfs_layout_segment *lseg);
6660 -void pnfs_put_lseg_async(struct pnfs_layout_segment *lseg);
6661 +void pnfs_put_lseg_locked(struct pnfs_layout_segment *lseg);
6662
6663 void set_pnfs_layoutdriver(struct nfs_server *, const struct nfs_fh *, u32);
6664 void unset_pnfs_layoutdriver(struct nfs_server *);
6665 @@ -422,10 +422,6 @@ static inline void pnfs_put_lseg(struct pnfs_layout_segment *lseg)
6666 {
6667 }
6668
6669 -static inline void pnfs_put_lseg_async(struct pnfs_layout_segment *lseg)
6670 -{
6671 -}
6672 -
6673 static inline int pnfs_return_layout(struct inode *ino)
6674 {
6675 return 0;
6676 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
6677 index b01f6e100ee8..353aac85a3e3 100644
6678 --- a/fs/nfsd/nfs4xdr.c
6679 +++ b/fs/nfsd/nfs4xdr.c
6680 @@ -1670,6 +1670,14 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
6681 readbytes += nfsd4_max_reply(argp->rqstp, op);
6682 } else
6683 max_reply += nfsd4_max_reply(argp->rqstp, op);
6684 + /*
6685 + * OP_LOCK may return a conflicting lock. (Special case
6686 + * because it will just skip encoding this if it runs
6687 + * out of xdr buffer space, and it is the only operation
6688 + * that behaves this way.)
6689 + */
6690 + if (op->opnum == OP_LOCK)
6691 + max_reply += NFS4_OPAQUE_LIMIT;
6692
6693 if (op->status) {
6694 argp->opcnt = i+1;
6695 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
6696 index f501a9b5c9df..6ab077bb897e 100644
6697 --- a/fs/nfsd/vfs.c
6698 +++ b/fs/nfsd/vfs.c
6699 @@ -708,7 +708,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
6700 host_err = PTR_ERR(*filp);
6701 *filp = NULL;
6702 } else {
6703 - host_err = ima_file_check(*filp, may_flags);
6704 + host_err = ima_file_check(*filp, may_flags, 0);
6705
6706 if (may_flags & NFSD_MAY_64BIT_COOKIE)
6707 (*filp)->f_mode |= FMODE_64BITHASH;
6708 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
6709 index b13992a41bd9..c991616acca9 100644
6710 --- a/fs/notify/fanotify/fanotify_user.c
6711 +++ b/fs/notify/fanotify/fanotify_user.c
6712 @@ -78,7 +78,7 @@ static int create_fd(struct fsnotify_group *group,
6713
6714 pr_debug("%s: group=%p event=%p\n", __func__, group, event);
6715
6716 - client_fd = get_unused_fd();
6717 + client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
6718 if (client_fd < 0)
6719 return client_fd;
6720
6721 diff --git a/fs/udf/inode.c b/fs/udf/inode.c
6722 index 08598843288f..c9b4df5810d5 100644
6723 --- a/fs/udf/inode.c
6724 +++ b/fs/udf/inode.c
6725 @@ -1277,7 +1277,7 @@ update_time:
6726 */
6727 #define UDF_MAX_ICB_NESTING 1024
6728
6729 -static int udf_read_inode(struct inode *inode)
6730 +static int udf_read_inode(struct inode *inode, bool hidden_inode)
6731 {
6732 struct buffer_head *bh = NULL;
6733 struct fileEntry *fe;
6734 @@ -1436,8 +1436,11 @@ reread:
6735
6736 link_count = le16_to_cpu(fe->fileLinkCount);
6737 if (!link_count) {
6738 - ret = -ESTALE;
6739 - goto out;
6740 + if (!hidden_inode) {
6741 + ret = -ESTALE;
6742 + goto out;
6743 + }
6744 + link_count = 1;
6745 }
6746 set_nlink(inode, link_count);
6747
6748 @@ -1826,7 +1829,8 @@ out:
6749 return err;
6750 }
6751
6752 -struct inode *udf_iget(struct super_block *sb, struct kernel_lb_addr *ino)
6753 +struct inode *__udf_iget(struct super_block *sb, struct kernel_lb_addr *ino,
6754 + bool hidden_inode)
6755 {
6756 unsigned long block = udf_get_lb_pblock(sb, ino, 0);
6757 struct inode *inode = iget_locked(sb, block);
6758 @@ -1839,7 +1843,7 @@ struct inode *udf_iget(struct super_block *sb, struct kernel_lb_addr *ino)
6759 return inode;
6760
6761 memcpy(&UDF_I(inode)->i_location, ino, sizeof(struct kernel_lb_addr));
6762 - err = udf_read_inode(inode);
6763 + err = udf_read_inode(inode, hidden_inode);
6764 if (err < 0) {
6765 iget_failed(inode);
6766 return ERR_PTR(err);
6767 diff --git a/fs/udf/super.c b/fs/udf/super.c
6768 index 5401fc33f5cc..e229315bbf7a 100644
6769 --- a/fs/udf/super.c
6770 +++ b/fs/udf/super.c
6771 @@ -959,7 +959,7 @@ struct inode *udf_find_metadata_inode_efe(struct super_block *sb,
6772 addr.logicalBlockNum = meta_file_loc;
6773 addr.partitionReferenceNum = partition_num;
6774
6775 - metadata_fe = udf_iget(sb, &addr);
6776 + metadata_fe = udf_iget_special(sb, &addr);
6777
6778 if (IS_ERR(metadata_fe)) {
6779 udf_warn(sb, "metadata inode efe not found\n");
6780 @@ -1020,7 +1020,7 @@ static int udf_load_metadata_files(struct super_block *sb, int partition)
6781 udf_debug("Bitmap file location: block = %d part = %d\n",
6782 addr.logicalBlockNum, addr.partitionReferenceNum);
6783
6784 - fe = udf_iget(sb, &addr);
6785 + fe = udf_iget_special(sb, &addr);
6786 if (IS_ERR(fe)) {
6787 if (sb->s_flags & MS_RDONLY)
6788 udf_warn(sb, "bitmap inode efe not found but it's ok since the disc is mounted read-only\n");
6789 @@ -1119,7 +1119,7 @@ static int udf_fill_partdesc_info(struct super_block *sb,
6790 };
6791 struct inode *inode;
6792
6793 - inode = udf_iget(sb, &loc);
6794 + inode = udf_iget_special(sb, &loc);
6795 if (IS_ERR(inode)) {
6796 udf_debug("cannot load unallocSpaceTable (part %d)\n",
6797 p_index);
6798 @@ -1154,7 +1154,7 @@ static int udf_fill_partdesc_info(struct super_block *sb,
6799 };
6800 struct inode *inode;
6801
6802 - inode = udf_iget(sb, &loc);
6803 + inode = udf_iget_special(sb, &loc);
6804 if (IS_ERR(inode)) {
6805 udf_debug("cannot load freedSpaceTable (part %d)\n",
6806 p_index);
6807 @@ -1198,7 +1198,7 @@ static void udf_find_vat_block(struct super_block *sb, int p_index,
6808 vat_block >= map->s_partition_root &&
6809 vat_block >= start_block - 3; vat_block--) {
6810 ino.logicalBlockNum = vat_block - map->s_partition_root;
6811 - inode = udf_iget(sb, &ino);
6812 + inode = udf_iget_special(sb, &ino);
6813 if (!IS_ERR(inode)) {
6814 sbi->s_vat_inode = inode;
6815 break;
6816 diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h
6817 index 742557be9936..1cc3c993ebd0 100644
6818 --- a/fs/udf/udfdecl.h
6819 +++ b/fs/udf/udfdecl.h
6820 @@ -138,7 +138,18 @@ extern int udf_write_fi(struct inode *inode, struct fileIdentDesc *,
6821 /* file.c */
6822 extern long udf_ioctl(struct file *, unsigned int, unsigned long);
6823 /* inode.c */
6824 -extern struct inode *udf_iget(struct super_block *, struct kernel_lb_addr *);
6825 +extern struct inode *__udf_iget(struct super_block *, struct kernel_lb_addr *,
6826 + bool hidden_inode);
6827 +static inline struct inode *udf_iget_special(struct super_block *sb,
6828 + struct kernel_lb_addr *ino)
6829 +{
6830 + return __udf_iget(sb, ino, true);
6831 +}
6832 +static inline struct inode *udf_iget(struct super_block *sb,
6833 + struct kernel_lb_addr *ino)
6834 +{
6835 + return __udf_iget(sb, ino, false);
6836 +}
6837 extern int udf_expand_file_adinicb(struct inode *);
6838 extern struct buffer_head *udf_expand_dir_adinicb(struct inode *, int *, int *);
6839 extern struct buffer_head *udf_bread(struct inode *, int, int, int *);
6840 diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
6841 index b984647c24db..2f502537a39c 100644
6842 --- a/fs/xfs/xfs_aops.c
6843 +++ b/fs/xfs/xfs_aops.c
6844 @@ -434,10 +434,22 @@ xfs_start_page_writeback(
6845 {
6846 ASSERT(PageLocked(page));
6847 ASSERT(!PageWriteback(page));
6848 - if (clear_dirty)
6849 +
6850 + /*
6851 + * if the page was not fully cleaned, we need to ensure that the higher
6852 + * layers come back to it correctly. That means we need to keep the page
6853 + * dirty, and for WB_SYNC_ALL writeback we need to ensure the
6854 + * PAGECACHE_TAG_TOWRITE index mark is not removed so another attempt to
6855 + * write this page in this writeback sweep will be made.
6856 + */
6857 + if (clear_dirty) {
6858 clear_page_dirty_for_io(page);
6859 - set_page_writeback(page);
6860 + set_page_writeback(page);
6861 + } else
6862 + set_page_writeback_keepwrite(page);
6863 +
6864 unlock_page(page);
6865 +
6866 /* If no buffers on the page are to be written, finish it here */
6867 if (!buffers)
6868 end_page_writeback(page);
6869 diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
6870 index f71be9c68017..f1deb961a296 100644
6871 --- a/fs/xfs/xfs_itable.c
6872 +++ b/fs/xfs/xfs_itable.c
6873 @@ -639,7 +639,8 @@ next_ag:
6874 xfs_buf_relse(agbp);
6875 agbp = NULL;
6876 agino = 0;
6877 - } while (++agno < mp->m_sb.sb_agcount);
6878 + agno++;
6879 + } while (agno < mp->m_sb.sb_agcount);
6880
6881 if (!error) {
6882 if (bufidx) {
6883 diff --git a/include/linux/balloon_compaction.h b/include/linux/balloon_compaction.h
6884 index 089743ade734..38aa07d5b81c 100644
6885 --- a/include/linux/balloon_compaction.h
6886 +++ b/include/linux/balloon_compaction.h
6887 @@ -27,10 +27,13 @@
6888 * counter raised only while it is under our special handling;
6889 *
6890 * iii. after the lockless scan step have selected a potential balloon page for
6891 - * isolation, re-test the page->mapping flags and the page ref counter
6892 + * isolation, re-test the PageBalloon mark and the PagePrivate flag
6893 * under the proper page lock, to ensure isolating a valid balloon page
6894 * (not yet isolated, nor under release procedure)
6895 *
6896 + * iv. isolation or dequeueing procedure must clear PagePrivate flag under
6897 + * page lock together with removing page from balloon device page list.
6898 + *
6899 * The functions provided by this interface are placed to help on coping with
6900 * the aforementioned balloon page corner case, as well as to ensure the simple
6901 * set of exposed rules are satisfied while we are dealing with balloon pages
6902 @@ -71,28 +74,6 @@ static inline void balloon_devinfo_free(struct balloon_dev_info *b_dev_info)
6903 kfree(b_dev_info);
6904 }
6905
6906 -/*
6907 - * balloon_page_free - release a balloon page back to the page free lists
6908 - * @page: ballooned page to be set free
6909 - *
6910 - * This function must be used to properly set free an isolated/dequeued balloon
6911 - * page at the end of a sucessful page migration, or at the balloon driver's
6912 - * page release procedure.
6913 - */
6914 -static inline void balloon_page_free(struct page *page)
6915 -{
6916 - /*
6917 - * Balloon pages always get an extra refcount before being isolated
6918 - * and before being dequeued to help on sorting out fortuite colisions
6919 - * between a thread attempting to isolate and another thread attempting
6920 - * to release the very same balloon page.
6921 - *
6922 - * Before we handle the page back to Buddy, lets drop its extra refcnt.
6923 - */
6924 - put_page(page);
6925 - __free_page(page);
6926 -}
6927 -
6928 #ifdef CONFIG_BALLOON_COMPACTION
6929 extern bool balloon_page_isolate(struct page *page);
6930 extern void balloon_page_putback(struct page *page);
6931 @@ -108,74 +89,33 @@ static inline void balloon_mapping_free(struct address_space *balloon_mapping)
6932 }
6933
6934 /*
6935 - * page_flags_cleared - helper to perform balloon @page ->flags tests.
6936 - *
6937 - * As balloon pages are obtained from buddy and we do not play with page->flags
6938 - * at driver level (exception made when we get the page lock for compaction),
6939 - * we can safely identify a ballooned page by checking if the
6940 - * PAGE_FLAGS_CHECK_AT_PREP page->flags are all cleared. This approach also
6941 - * helps us skip ballooned pages that are locked for compaction or release, thus
6942 - * mitigating their racy check at balloon_page_movable()
6943 - */
6944 -static inline bool page_flags_cleared(struct page *page)
6945 -{
6946 - return !(page->flags & PAGE_FLAGS_CHECK_AT_PREP);
6947 -}
6948 -
6949 -/*
6950 - * __is_movable_balloon_page - helper to perform @page mapping->flags tests
6951 + * __is_movable_balloon_page - helper to perform @page PageBalloon tests
6952 */
6953 static inline bool __is_movable_balloon_page(struct page *page)
6954 {
6955 - struct address_space *mapping = page->mapping;
6956 - return mapping_balloon(mapping);
6957 + return PageBalloon(page);
6958 }
6959
6960 /*
6961 - * balloon_page_movable - test page->mapping->flags to identify balloon pages
6962 - * that can be moved by compaction/migration.
6963 - *
6964 - * This function is used at core compaction's page isolation scheme, therefore
6965 - * most pages exposed to it are not enlisted as balloon pages and so, to avoid
6966 - * undesired side effects like racing against __free_pages(), we cannot afford
6967 - * holding the page locked while testing page->mapping->flags here.
6968 + * balloon_page_movable - test PageBalloon to identify balloon pages
6969 + * and PagePrivate to check that the page is not
6970 + * isolated and can be moved by compaction/migration.
6971 *
6972 * As we might return false positives in the case of a balloon page being just
6973 - * released under us, the page->mapping->flags need to be re-tested later,
6974 - * under the proper page lock, at the functions that will be coping with the
6975 - * balloon page case.
6976 + * released under us, this need to be re-tested later, under the page lock.
6977 */
6978 static inline bool balloon_page_movable(struct page *page)
6979 {
6980 - /*
6981 - * Before dereferencing and testing mapping->flags, let's make sure
6982 - * this is not a page that uses ->mapping in a different way
6983 - */
6984 - if (page_flags_cleared(page) && !page_mapped(page) &&
6985 - page_count(page) == 1)
6986 - return __is_movable_balloon_page(page);
6987 -
6988 - return false;
6989 + return PageBalloon(page) && PagePrivate(page);
6990 }
6991
6992 /*
6993 * isolated_balloon_page - identify an isolated balloon page on private
6994 * compaction/migration page lists.
6995 - *
6996 - * After a compaction thread isolates a balloon page for migration, it raises
6997 - * the page refcount to prevent concurrent compaction threads from re-isolating
6998 - * the same page. For that reason putback_movable_pages(), or other routines
6999 - * that need to identify isolated balloon pages on private pagelists, cannot
7000 - * rely on balloon_page_movable() to accomplish the task.
7001 */
7002 static inline bool isolated_balloon_page(struct page *page)
7003 {
7004 - /* Already isolated balloon pages, by default, have a raised refcount */
7005 - if (page_flags_cleared(page) && !page_mapped(page) &&
7006 - page_count(page) >= 2)
7007 - return __is_movable_balloon_page(page);
7008 -
7009 - return false;
7010 + return PageBalloon(page);
7011 }
7012
7013 /*
7014 @@ -192,6 +132,8 @@ static inline void balloon_page_insert(struct page *page,
7015 struct address_space *mapping,
7016 struct list_head *head)
7017 {
7018 + __SetPageBalloon(page);
7019 + SetPagePrivate(page);
7020 page->mapping = mapping;
7021 list_add(&page->lru, head);
7022 }
7023 @@ -206,8 +148,12 @@ static inline void balloon_page_insert(struct page *page,
7024 */
7025 static inline void balloon_page_delete(struct page *page)
7026 {
7027 + __ClearPageBalloon(page);
7028 page->mapping = NULL;
7029 - list_del(&page->lru);
7030 + if (PagePrivate(page)) {
7031 + ClearPagePrivate(page);
7032 + list_del(&page->lru);
7033 + }
7034 }
7035
7036 /*
7037 @@ -258,6 +204,11 @@ static inline void balloon_page_delete(struct page *page)
7038 list_del(&page->lru);
7039 }
7040
7041 +static inline bool __is_movable_balloon_page(struct page *page)
7042 +{
7043 + return false;
7044 +}
7045 +
7046 static inline bool balloon_page_movable(struct page *page)
7047 {
7048 return false;
7049 diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
7050 new file mode 100644
7051 index 000000000000..cdd1cc202d51
7052 --- /dev/null
7053 +++ b/include/linux/compiler-gcc5.h
7054 @@ -0,0 +1,66 @@
7055 +#ifndef __LINUX_COMPILER_H
7056 +#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
7057 +#endif
7058 +
7059 +#define __used __attribute__((__used__))
7060 +#define __must_check __attribute__((warn_unused_result))
7061 +#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
7062 +
7063 +/* Mark functions as cold. gcc will assume any path leading to a call
7064 + to them will be unlikely. This means a lot of manual unlikely()s
7065 + are unnecessary now for any paths leading to the usual suspects
7066 + like BUG(), printk(), panic() etc. [but let's keep them for now for
7067 + older compilers]
7068 +
7069 + Early snapshots of gcc 4.3 don't support this and we can't detect this
7070 + in the preprocessor, but we can live with this because they're unreleased.
7071 + Maketime probing would be overkill here.
7072 +
7073 + gcc also has a __attribute__((__hot__)) to move hot functions into
7074 + a special section, but I don't see any sense in this right now in
7075 + the kernel context */
7076 +#define __cold __attribute__((__cold__))
7077 +
7078 +#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
7079 +
7080 +#ifndef __CHECKER__
7081 +# define __compiletime_warning(message) __attribute__((warning(message)))
7082 +# define __compiletime_error(message) __attribute__((error(message)))
7083 +#endif /* __CHECKER__ */
7084 +
7085 +/*
7086 + * Mark a position in code as unreachable. This can be used to
7087 + * suppress control flow warnings after asm blocks that transfer
7088 + * control elsewhere.
7089 + *
7090 + * Early snapshots of gcc 4.5 don't support this and we can't detect
7091 + * this in the preprocessor, but we can live with this because they're
7092 + * unreleased. Really, we need to have autoconf for the kernel.
7093 + */
7094 +#define unreachable() __builtin_unreachable()
7095 +
7096 +/* Mark a function definition as prohibited from being cloned. */
7097 +#define __noclone __attribute__((__noclone__))
7098 +
7099 +/*
7100 + * Tell the optimizer that something else uses this function or variable.
7101 + */
7102 +#define __visible __attribute__((externally_visible))
7103 +
7104 +/*
7105 + * GCC 'asm goto' miscompiles certain code sequences:
7106 + *
7107 + * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
7108 + *
7109 + * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
7110 + * Fixed in GCC 4.8.2 and later versions.
7111 + *
7112 + * (asm goto is automatically volatile - the naming reflects this.)
7113 + */
7114 +#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
7115 +
7116 +#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
7117 +#define __HAVE_BUILTIN_BSWAP32__
7118 +#define __HAVE_BUILTIN_BSWAP64__
7119 +#define __HAVE_BUILTIN_BSWAP16__
7120 +#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
7121 diff --git a/include/linux/ima.h b/include/linux/ima.h
7122 index 7cf5e9b32550..120ccc53fcb7 100644
7123 --- a/include/linux/ima.h
7124 +++ b/include/linux/ima.h
7125 @@ -15,7 +15,7 @@ struct linux_binprm;
7126
7127 #ifdef CONFIG_IMA
7128 extern int ima_bprm_check(struct linux_binprm *bprm);
7129 -extern int ima_file_check(struct file *file, int mask);
7130 +extern int ima_file_check(struct file *file, int mask, int opened);
7131 extern void ima_file_free(struct file *file);
7132 extern int ima_file_mmap(struct file *file, unsigned long prot);
7133 extern int ima_module_check(struct file *file);
7134 @@ -27,7 +27,7 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
7135 return 0;
7136 }
7137
7138 -static inline int ima_file_check(struct file *file, int mask)
7139 +static inline int ima_file_check(struct file *file, int mask, int opened)
7140 {
7141 return 0;
7142 }
7143 diff --git a/include/linux/migrate.h b/include/linux/migrate.h
7144 index a2901c414664..b33347f4e4b7 100644
7145 --- a/include/linux/migrate.h
7146 +++ b/include/linux/migrate.h
7147 @@ -13,18 +13,9 @@ typedef void free_page_t(struct page *page, unsigned long private);
7148 * Return values from addresss_space_operations.migratepage():
7149 * - negative errno on page migration failure;
7150 * - zero on page migration success;
7151 - *
7152 - * The balloon page migration introduces this special case where a 'distinct'
7153 - * return code is used to flag a successful page migration to unmap_and_move().
7154 - * This approach is necessary because page migration can race against balloon
7155 - * deflation procedure, and for such case we could introduce a nasty page leak
7156 - * if a successfully migrated balloon page gets released concurrently with
7157 - * migration's unmap_and_move() wrap-up steps.
7158 */
7159 #define MIGRATEPAGE_SUCCESS 0
7160 -#define MIGRATEPAGE_BALLOON_SUCCESS 1 /* special ret code for balloon page
7161 - * sucessful migration case.
7162 - */
7163 +
7164 enum migrate_reason {
7165 MR_COMPACTION,
7166 MR_MEMORY_FAILURE,
7167 diff --git a/include/linux/mm.h b/include/linux/mm.h
7168 index 8981cc882ed2..16e6f1effef8 100644
7169 --- a/include/linux/mm.h
7170 +++ b/include/linux/mm.h
7171 @@ -553,6 +553,25 @@ static inline void __ClearPageBuddy(struct page *page)
7172 atomic_set(&page->_mapcount, -1);
7173 }
7174
7175 +#define PAGE_BALLOON_MAPCOUNT_VALUE (-256)
7176 +
7177 +static inline int PageBalloon(struct page *page)
7178 +{
7179 + return atomic_read(&page->_mapcount) == PAGE_BALLOON_MAPCOUNT_VALUE;
7180 +}
7181 +
7182 +static inline void __SetPageBalloon(struct page *page)
7183 +{
7184 + VM_BUG_ON_PAGE(atomic_read(&page->_mapcount) != -1, page);
7185 + atomic_set(&page->_mapcount, PAGE_BALLOON_MAPCOUNT_VALUE);
7186 +}
7187 +
7188 +static inline void __ClearPageBalloon(struct page *page)
7189 +{
7190 + VM_BUG_ON_PAGE(!PageBalloon(page), page);
7191 + atomic_set(&page->_mapcount, -1);
7192 +}
7193 +
7194 void put_page(struct page *page);
7195 void put_pages_list(struct list_head *pages);
7196
7197 diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
7198 index 6ed0bb73a864..4e82195b1695 100644
7199 --- a/include/linux/pci_ids.h
7200 +++ b/include/linux/pci_ids.h
7201 @@ -2557,6 +2557,7 @@
7202 #define PCI_DEVICE_ID_INTEL_MFD_EMMC0 0x0823
7203 #define PCI_DEVICE_ID_INTEL_MFD_EMMC1 0x0824
7204 #define PCI_DEVICE_ID_INTEL_MRST_SD2 0x084F
7205 +#define PCI_DEVICE_ID_INTEL_QUARK_X1000_ILB 0x095E
7206 #define PCI_DEVICE_ID_INTEL_I960 0x0960
7207 #define PCI_DEVICE_ID_INTEL_I960RM 0x0962
7208 #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB 0x0c60
7209 diff --git a/include/linux/sched.h b/include/linux/sched.h
7210 index b867a4dab38a..2b1d9e974382 100644
7211 --- a/include/linux/sched.h
7212 +++ b/include/linux/sched.h
7213 @@ -1934,11 +1934,13 @@ extern void thread_group_cputime_adjusted(struct task_struct *p, cputime_t *ut,
7214 #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
7215 #define used_math() tsk_used_math(current)
7216
7217 -/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
7218 +/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
7219 + * __GFP_FS is also cleared as it implies __GFP_IO.
7220 + */
7221 static inline gfp_t memalloc_noio_flags(gfp_t flags)
7222 {
7223 if (unlikely(current->flags & PF_MEMALLOC_NOIO))
7224 - flags &= ~__GFP_IO;
7225 + flags &= ~(__GFP_IO | __GFP_FS);
7226 return flags;
7227 }
7228
7229 diff --git a/include/uapi/linux/hyperv.h b/include/uapi/linux/hyperv.h
7230 index 78e4a86030dd..0a8e6badb29b 100644
7231 --- a/include/uapi/linux/hyperv.h
7232 +++ b/include/uapi/linux/hyperv.h
7233 @@ -137,7 +137,7 @@ struct hv_do_fcopy {
7234 __u64 offset;
7235 __u32 size;
7236 __u8 data[DATA_FRAGMENT];
7237 -};
7238 +} __attribute__((packed));
7239
7240 /*
7241 * An implementation of HyperV key value pair (KVP) functionality for Linux.
7242 diff --git a/kernel/futex.c b/kernel/futex.c
7243 index 815d7af2ffe8..f3a3a071283c 100644
7244 --- a/kernel/futex.c
7245 +++ b/kernel/futex.c
7246 @@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key)
7247 case FUT_OFF_MMSHARED:
7248 futex_get_mm(key); /* implies MB (B) */
7249 break;
7250 + default:
7251 + smp_mb(); /* explicit MB (B) */
7252 }
7253 }
7254
7255 diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
7256 index 8563081e8da3..a1c387f6afba 100644
7257 --- a/lib/lzo/lzo1x_decompress_safe.c
7258 +++ b/lib/lzo/lzo1x_decompress_safe.c
7259 @@ -19,31 +19,21 @@
7260 #include <linux/lzo.h>
7261 #include "lzodefs.h"
7262
7263 -#define HAVE_IP(t, x) \
7264 - (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
7265 - (((t + x) >= t) && ((t + x) >= x)))
7266 +#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
7267 +#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
7268 +#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
7269 +#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
7270 +#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
7271
7272 -#define HAVE_OP(t, x) \
7273 - (((size_t)(op_end - op) >= (size_t)(t + x)) && \
7274 - (((t + x) >= t) && ((t + x) >= x)))
7275 -
7276 -#define NEED_IP(t, x) \
7277 - do { \
7278 - if (!HAVE_IP(t, x)) \
7279 - goto input_overrun; \
7280 - } while (0)
7281 -
7282 -#define NEED_OP(t, x) \
7283 - do { \
7284 - if (!HAVE_OP(t, x)) \
7285 - goto output_overrun; \
7286 - } while (0)
7287 -
7288 -#define TEST_LB(m_pos) \
7289 - do { \
7290 - if ((m_pos) < out) \
7291 - goto lookbehind_overrun; \
7292 - } while (0)
7293 +/* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
7294 + * count without overflowing an integer. The multiply will overflow when
7295 + * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
7296 + * depending on the base count. Since the base count is taken from a u8
7297 + * and a few bits, it is safe to assume that it will always be lower than
7298 + * or equal to 2*255, thus we can always prevent any overflow by accepting
7299 + * two less 255 steps. See Documentation/lzo.txt for more information.
7300 + */
7301 +#define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
7302
7303 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
7304 unsigned char *out, size_t *out_len)
7305 @@ -75,17 +65,24 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
7306 if (t < 16) {
7307 if (likely(state == 0)) {
7308 if (unlikely(t == 0)) {
7309 + size_t offset;
7310 + const unsigned char *ip_last = ip;
7311 +
7312 while (unlikely(*ip == 0)) {
7313 - t += 255;
7314 ip++;
7315 - NEED_IP(1, 0);
7316 + NEED_IP(1);
7317 }
7318 - t += 15 + *ip++;
7319 + offset = ip - ip_last;
7320 + if (unlikely(offset > MAX_255_COUNT))
7321 + return LZO_E_ERROR;
7322 +
7323 + offset = (offset << 8) - offset;
7324 + t += offset + 15 + *ip++;
7325 }
7326 t += 3;
7327 copy_literal_run:
7328 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
7329 - if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
7330 + if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
7331 const unsigned char *ie = ip + t;
7332 unsigned char *oe = op + t;
7333 do {
7334 @@ -101,8 +98,8 @@ copy_literal_run:
7335 } else
7336 #endif
7337 {
7338 - NEED_OP(t, 0);
7339 - NEED_IP(t, 3);
7340 + NEED_OP(t);
7341 + NEED_IP(t + 3);
7342 do {
7343 *op++ = *ip++;
7344 } while (--t > 0);
7345 @@ -115,7 +112,7 @@ copy_literal_run:
7346 m_pos -= t >> 2;
7347 m_pos -= *ip++ << 2;
7348 TEST_LB(m_pos);
7349 - NEED_OP(2, 0);
7350 + NEED_OP(2);
7351 op[0] = m_pos[0];
7352 op[1] = m_pos[1];
7353 op += 2;
7354 @@ -136,13 +133,20 @@ copy_literal_run:
7355 } else if (t >= 32) {
7356 t = (t & 31) + (3 - 1);
7357 if (unlikely(t == 2)) {
7358 + size_t offset;
7359 + const unsigned char *ip_last = ip;
7360 +
7361 while (unlikely(*ip == 0)) {
7362 - t += 255;
7363 ip++;
7364 - NEED_IP(1, 0);
7365 + NEED_IP(1);
7366 }
7367 - t += 31 + *ip++;
7368 - NEED_IP(2, 0);
7369 + offset = ip - ip_last;
7370 + if (unlikely(offset > MAX_255_COUNT))
7371 + return LZO_E_ERROR;
7372 +
7373 + offset = (offset << 8) - offset;
7374 + t += offset + 31 + *ip++;
7375 + NEED_IP(2);
7376 }
7377 m_pos = op - 1;
7378 next = get_unaligned_le16(ip);
7379 @@ -154,13 +158,20 @@ copy_literal_run:
7380 m_pos -= (t & 8) << 11;
7381 t = (t & 7) + (3 - 1);
7382 if (unlikely(t == 2)) {
7383 + size_t offset;
7384 + const unsigned char *ip_last = ip;
7385 +
7386 while (unlikely(*ip == 0)) {
7387 - t += 255;
7388 ip++;
7389 - NEED_IP(1, 0);
7390 + NEED_IP(1);
7391 }
7392 - t += 7 + *ip++;
7393 - NEED_IP(2, 0);
7394 + offset = ip - ip_last;
7395 + if (unlikely(offset > MAX_255_COUNT))
7396 + return LZO_E_ERROR;
7397 +
7398 + offset = (offset << 8) - offset;
7399 + t += offset + 7 + *ip++;
7400 + NEED_IP(2);
7401 }
7402 next = get_unaligned_le16(ip);
7403 ip += 2;
7404 @@ -174,7 +185,7 @@ copy_literal_run:
7405 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
7406 if (op - m_pos >= 8) {
7407 unsigned char *oe = op + t;
7408 - if (likely(HAVE_OP(t, 15))) {
7409 + if (likely(HAVE_OP(t + 15))) {
7410 do {
7411 COPY8(op, m_pos);
7412 op += 8;
7413 @@ -184,7 +195,7 @@ copy_literal_run:
7414 m_pos += 8;
7415 } while (op < oe);
7416 op = oe;
7417 - if (HAVE_IP(6, 0)) {
7418 + if (HAVE_IP(6)) {
7419 state = next;
7420 COPY4(op, ip);
7421 op += next;
7422 @@ -192,7 +203,7 @@ copy_literal_run:
7423 continue;
7424 }
7425 } else {
7426 - NEED_OP(t, 0);
7427 + NEED_OP(t);
7428 do {
7429 *op++ = *m_pos++;
7430 } while (op < oe);
7431 @@ -201,7 +212,7 @@ copy_literal_run:
7432 #endif
7433 {
7434 unsigned char *oe = op + t;
7435 - NEED_OP(t, 0);
7436 + NEED_OP(t);
7437 op[0] = m_pos[0];
7438 op[1] = m_pos[1];
7439 op += 2;
7440 @@ -214,15 +225,15 @@ match_next:
7441 state = next;
7442 t = next;
7443 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
7444 - if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
7445 + if (likely(HAVE_IP(6) && HAVE_OP(4))) {
7446 COPY4(op, ip);
7447 op += t;
7448 ip += t;
7449 } else
7450 #endif
7451 {
7452 - NEED_IP(t, 3);
7453 - NEED_OP(t, 0);
7454 + NEED_IP(t + 3);
7455 + NEED_OP(t);
7456 while (t > 0) {
7457 *op++ = *ip++;
7458 t--;
7459 diff --git a/mm/balloon_compaction.c b/mm/balloon_compaction.c
7460 index 6e45a5074bf0..52abeeb3cb9d 100644
7461 --- a/mm/balloon_compaction.c
7462 +++ b/mm/balloon_compaction.c
7463 @@ -93,17 +93,12 @@ struct page *balloon_page_dequeue(struct balloon_dev_info *b_dev_info)
7464 * to be released by the balloon driver.
7465 */
7466 if (trylock_page(page)) {
7467 + if (!PagePrivate(page)) {
7468 + /* raced with isolation */
7469 + unlock_page(page);
7470 + continue;
7471 + }
7472 spin_lock_irqsave(&b_dev_info->pages_lock, flags);
7473 - /*
7474 - * Raise the page refcount here to prevent any wrong
7475 - * attempt to isolate this page, in case of coliding
7476 - * with balloon_page_isolate() just after we release
7477 - * the page lock.
7478 - *
7479 - * balloon_page_free() will take care of dropping
7480 - * this extra refcount later.
7481 - */
7482 - get_page(page);
7483 balloon_page_delete(page);
7484 spin_unlock_irqrestore(&b_dev_info->pages_lock, flags);
7485 unlock_page(page);
7486 @@ -187,7 +182,9 @@ static inline void __isolate_balloon_page(struct page *page)
7487 {
7488 struct balloon_dev_info *b_dev_info = page->mapping->private_data;
7489 unsigned long flags;
7490 +
7491 spin_lock_irqsave(&b_dev_info->pages_lock, flags);
7492 + ClearPagePrivate(page);
7493 list_del(&page->lru);
7494 b_dev_info->isolated_pages++;
7495 spin_unlock_irqrestore(&b_dev_info->pages_lock, flags);
7496 @@ -197,7 +194,9 @@ static inline void __putback_balloon_page(struct page *page)
7497 {
7498 struct balloon_dev_info *b_dev_info = page->mapping->private_data;
7499 unsigned long flags;
7500 +
7501 spin_lock_irqsave(&b_dev_info->pages_lock, flags);
7502 + SetPagePrivate(page);
7503 list_add(&page->lru, &b_dev_info->pages);
7504 b_dev_info->isolated_pages--;
7505 spin_unlock_irqrestore(&b_dev_info->pages_lock, flags);
7506 @@ -235,12 +234,11 @@ bool balloon_page_isolate(struct page *page)
7507 */
7508 if (likely(trylock_page(page))) {
7509 /*
7510 - * A ballooned page, by default, has just one refcount.
7511 + * A ballooned page, by default, has PagePrivate set.
7512 * Prevent concurrent compaction threads from isolating
7513 - * an already isolated balloon page by refcount check.
7514 + * an already isolated balloon page by clearing it.
7515 */
7516 - if (__is_movable_balloon_page(page) &&
7517 - page_count(page) == 2) {
7518 + if (balloon_page_movable(page)) {
7519 __isolate_balloon_page(page);
7520 unlock_page(page);
7521 return true;
7522 diff --git a/mm/cma.c b/mm/cma.c
7523 index c17751c0dcaf..0ab564623ea8 100644
7524 --- a/mm/cma.c
7525 +++ b/mm/cma.c
7526 @@ -57,7 +57,9 @@ unsigned long cma_get_size(struct cma *cma)
7527
7528 static unsigned long cma_bitmap_aligned_mask(struct cma *cma, int align_order)
7529 {
7530 - return (1UL << (align_order >> cma->order_per_bit)) - 1;
7531 + if (align_order <= cma->order_per_bit)
7532 + return 0;
7533 + return (1UL << (align_order - cma->order_per_bit)) - 1;
7534 }
7535
7536 static unsigned long cma_bitmap_maxno(struct cma *cma)
7537 diff --git a/mm/compaction.c b/mm/compaction.c
7538 index 21bf292b642a..0653f5f73bfa 100644
7539 --- a/mm/compaction.c
7540 +++ b/mm/compaction.c
7541 @@ -597,7 +597,7 @@ isolate_migratepages_range(struct zone *zone, struct compact_control *cc,
7542 */
7543 if (!PageLRU(page)) {
7544 if (unlikely(balloon_page_movable(page))) {
7545 - if (locked && balloon_page_isolate(page)) {
7546 + if (balloon_page_isolate(page)) {
7547 /* Successfully isolated */
7548 goto isolate_success;
7549 }
7550 diff --git a/mm/migrate.c b/mm/migrate.c
7551 index 2740360cd216..01439953abf5 100644
7552 --- a/mm/migrate.c
7553 +++ b/mm/migrate.c
7554 @@ -876,7 +876,7 @@ static int __unmap_and_move(struct page *page, struct page *newpage,
7555 }
7556 }
7557
7558 - if (unlikely(balloon_page_movable(page))) {
7559 + if (unlikely(isolated_balloon_page(page))) {
7560 /*
7561 * A ballooned page does not need any special attention from
7562 * physical to virtual reverse mapping procedures.
7563 @@ -955,17 +955,6 @@ static int unmap_and_move(new_page_t get_new_page, free_page_t put_new_page,
7564
7565 rc = __unmap_and_move(page, newpage, force, mode);
7566
7567 - if (unlikely(rc == MIGRATEPAGE_BALLOON_SUCCESS)) {
7568 - /*
7569 - * A ballooned page has been migrated already.
7570 - * Now, it's the time to wrap-up counters,
7571 - * handle the page back to Buddy and return.
7572 - */
7573 - dec_zone_page_state(page, NR_ISOLATED_ANON +
7574 - page_is_file_cache(page));
7575 - balloon_page_free(page);
7576 - return MIGRATEPAGE_SUCCESS;
7577 - }
7578 out:
7579 if (rc != -EAGAIN) {
7580 /*
7581 @@ -988,6 +977,9 @@ out:
7582 if (rc != MIGRATEPAGE_SUCCESS && put_new_page) {
7583 ClearPageSwapBacked(newpage);
7584 put_new_page(newpage, private);
7585 + } else if (unlikely(__is_movable_balloon_page(newpage))) {
7586 + /* drop our reference, page already in the balloon */
7587 + put_page(newpage);
7588 } else
7589 putback_lru_page(newpage);
7590
7591 diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
7592 index 206b65ccd5b8..075f20d050d6 100644
7593 --- a/net/bluetooth/6lowpan.c
7594 +++ b/net/bluetooth/6lowpan.c
7595 @@ -39,6 +39,7 @@ static struct dentry *lowpan_control_debugfs;
7596
7597 struct skb_cb {
7598 struct in6_addr addr;
7599 + struct in6_addr gw;
7600 struct l2cap_chan *chan;
7601 int status;
7602 };
7603 @@ -158,6 +159,54 @@ static inline struct lowpan_peer *peer_lookup_conn(struct lowpan_dev *dev,
7604 return NULL;
7605 }
7606
7607 +static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_dev *dev,
7608 + struct in6_addr *daddr,
7609 + struct sk_buff *skb)
7610 +{
7611 + struct lowpan_peer *peer, *tmp;
7612 + struct in6_addr *nexthop;
7613 + struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
7614 + int count = atomic_read(&dev->peer_count);
7615 +
7616 + BT_DBG("peers %d addr %pI6c rt %p", count, daddr, rt);
7617 +
7618 + /* If we have multiple 6lowpan peers, then check where we should
7619 + * send the packet. If only one peer exists, then we can send the
7620 + * packet right away.
7621 + */
7622 + if (count == 1)
7623 + return list_first_entry(&dev->peers, struct lowpan_peer,
7624 + list);
7625 +
7626 + if (!rt) {
7627 + nexthop = &lowpan_cb(skb)->gw;
7628 +
7629 + if (ipv6_addr_any(nexthop))
7630 + return NULL;
7631 + } else {
7632 + nexthop = rt6_nexthop(rt);
7633 +
7634 + /* We need to remember the address because it is needed
7635 + * by bt_xmit() when sending the packet. In bt_xmit(), the
7636 + * destination routing info is not set.
7637 + */
7638 + memcpy(&lowpan_cb(skb)->gw, nexthop, sizeof(struct in6_addr));
7639 + }
7640 +
7641 + BT_DBG("gw %pI6c", nexthop);
7642 +
7643 + list_for_each_entry_safe(peer, tmp, &dev->peers, list) {
7644 + BT_DBG("dst addr %pMR dst type %d ip %pI6c",
7645 + &peer->chan->dst, peer->chan->dst_type,
7646 + &peer->peer_addr);
7647 +
7648 + if (!ipv6_addr_cmp(&peer->peer_addr, nexthop))
7649 + return peer;
7650 + }
7651 +
7652 + return NULL;
7653 +}
7654 +
7655 static struct lowpan_peer *lookup_peer(struct l2cap_conn *conn)
7656 {
7657 struct lowpan_dev *entry, *tmp;
7658 @@ -415,8 +464,18 @@ static int header_create(struct sk_buff *skb, struct net_device *netdev,
7659 read_unlock_irqrestore(&devices_lock, flags);
7660
7661 if (!peer) {
7662 - BT_DBG("no such peer %pMR found", &addr);
7663 - return -ENOENT;
7664 + /* The packet might be sent to 6lowpan interface
7665 + * because of routing (either via default route
7666 + * or user set route) so get peer according to
7667 + * the destination address.
7668 + */
7669 + read_lock_irqsave(&devices_lock, flags);
7670 + peer = peer_lookup_dst(dev, &hdr->daddr, skb);
7671 + read_unlock_irqrestore(&devices_lock, flags);
7672 + if (!peer) {
7673 + BT_DBG("no such peer %pMR found", &addr);
7674 + return -ENOENT;
7675 + }
7676 }
7677
7678 daddr = peer->eui64_addr;
7679 @@ -520,6 +579,8 @@ static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev)
7680
7681 read_lock_irqsave(&devices_lock, flags);
7682 peer = peer_lookup_ba(dev, &addr, addr_type);
7683 + if (!peer)
7684 + peer = peer_lookup_dst(dev, &lowpan_cb(skb)->addr, skb);
7685 read_unlock_irqrestore(&devices_lock, flags);
7686
7687 BT_DBG("xmit %s to %pMR type %d IP %pI6c peer %p",
7688 @@ -671,6 +732,14 @@ static struct l2cap_chan *chan_open(struct l2cap_chan *pchan)
7689 return chan;
7690 }
7691
7692 +static void set_ip_addr_bits(u8 addr_type, u8 *addr)
7693 +{
7694 + if (addr_type == BDADDR_LE_PUBLIC)
7695 + *addr |= 0x02;
7696 + else
7697 + *addr &= ~0x02;
7698 +}
7699 +
7700 static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
7701 struct lowpan_dev *dev)
7702 {
7703 @@ -693,6 +762,11 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
7704 memcpy(&peer->eui64_addr, (u8 *)&peer->peer_addr.s6_addr + 8,
7705 EUI64_ADDR_LEN);
7706
7707 + /* IPv6 address needs to have the U/L bit set properly so toggle
7708 + * it back here.
7709 + */
7710 + set_ip_addr_bits(chan->dst_type, (u8 *)&peer->peer_addr.s6_addr + 8);
7711 +
7712 write_lock_irqsave(&devices_lock, flags);
7713 INIT_LIST_HEAD(&peer->list);
7714 peer_add(dev, peer);
7715 @@ -890,7 +964,7 @@ static void chan_resume_cb(struct l2cap_chan *chan)
7716
7717 static long chan_get_sndtimeo_cb(struct l2cap_chan *chan)
7718 {
7719 - return msecs_to_jiffies(1000);
7720 + return L2CAP_CONN_TIMEOUT;
7721 }
7722
7723 static const struct l2cap_ops bt_6lowpan_chan_ops = {
7724 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
7725 index 46547b920f88..14ca8ae7cfbe 100644
7726 --- a/net/bluetooth/l2cap_core.c
7727 +++ b/net/bluetooth/l2cap_core.c
7728 @@ -2418,12 +2418,8 @@ static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
7729
7730 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
7731
7732 - pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE;
7733 -
7734 - pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
7735 -
7736 sdu_len = len;
7737 - pdu_len -= L2CAP_SDULEN_SIZE;
7738 + pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
7739
7740 while (len > 0) {
7741 if (len <= pdu_len)
7742 diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
7743 index fd3294300803..7f0509e1d3bb 100644
7744 --- a/net/bluetooth/smp.c
7745 +++ b/net/bluetooth/smp.c
7746 @@ -442,8 +442,11 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
7747 }
7748
7749 /* Not Just Works/Confirm results in MITM Authentication */
7750 - if (method != JUST_CFM)
7751 + if (method != JUST_CFM) {
7752 set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
7753 + if (hcon->pending_sec_level < BT_SECURITY_HIGH)
7754 + hcon->pending_sec_level = BT_SECURITY_HIGH;
7755 + }
7756
7757 /* If both devices have Keyoard-Display I/O, the master
7758 * Confirms and the slave Enters the passkey.
7759 diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
7760 index 57da4bd7ba0c..0fb456c20eda 100644
7761 --- a/security/integrity/ima/ima.h
7762 +++ b/security/integrity/ima/ima.h
7763 @@ -177,7 +177,7 @@ void ima_delete_rules(void);
7764 int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
7765 struct file *file, const unsigned char *filename,
7766 struct evm_ima_xattr_data *xattr_value,
7767 - int xattr_len);
7768 + int xattr_len, int opened);
7769 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
7770 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
7771 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
7772 @@ -193,7 +193,7 @@ static inline int ima_appraise_measurement(int func,
7773 struct file *file,
7774 const unsigned char *filename,
7775 struct evm_ima_xattr_data *xattr_value,
7776 - int xattr_len)
7777 + int xattr_len, int opened)
7778 {
7779 return INTEGRITY_UNKNOWN;
7780 }
7781 diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
7782 index 86bfd5c5df85..225fd944a4ef 100644
7783 --- a/security/integrity/ima/ima_appraise.c
7784 +++ b/security/integrity/ima/ima_appraise.c
7785 @@ -183,7 +183,7 @@ int ima_read_xattr(struct dentry *dentry,
7786 int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
7787 struct file *file, const unsigned char *filename,
7788 struct evm_ima_xattr_data *xattr_value,
7789 - int xattr_len)
7790 + int xattr_len, int opened)
7791 {
7792 static const char op[] = "appraise_data";
7793 char *cause = "unknown";
7794 @@ -202,8 +202,11 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
7795 goto out;
7796
7797 cause = "missing-hash";
7798 - status =
7799 - (inode->i_size == 0) ? INTEGRITY_PASS : INTEGRITY_NOLABEL;
7800 + status = INTEGRITY_NOLABEL;
7801 + if (opened & FILE_CREATED) {
7802 + iint->flags |= IMA_NEW_FILE;
7803 + status = INTEGRITY_PASS;
7804 + }
7805 goto out;
7806 }
7807
7808 diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
7809 index 0bd732843fe7..f7aac3cf19ae 100644
7810 --- a/security/integrity/ima/ima_crypto.c
7811 +++ b/security/integrity/ima/ima_crypto.c
7812 @@ -80,19 +80,19 @@ static int ima_kernel_read(struct file *file, loff_t offset,
7813 {
7814 mm_segment_t old_fs;
7815 char __user *buf = addr;
7816 - ssize_t ret;
7817 + ssize_t ret = -EINVAL;
7818
7819 if (!(file->f_mode & FMODE_READ))
7820 return -EBADF;
7821 - if (!file->f_op->read && !file->f_op->aio_read)
7822 - return -EINVAL;
7823
7824 old_fs = get_fs();
7825 set_fs(get_ds());
7826 if (file->f_op->read)
7827 ret = file->f_op->read(file, buf, count, &offset);
7828 - else
7829 + else if (file->f_op->aio_read)
7830 ret = do_sync_read(file, buf, count, &offset);
7831 + else if (file->f_op->read_iter)
7832 + ret = new_sync_read(file, buf, count, &offset);
7833 set_fs(old_fs);
7834 return ret;
7835 }
7836 diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
7837 index 2917f980bf30..f82cf9b8e92b 100644
7838 --- a/security/integrity/ima/ima_main.c
7839 +++ b/security/integrity/ima/ima_main.c
7840 @@ -124,11 +124,13 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
7841 return;
7842
7843 mutex_lock(&inode->i_mutex);
7844 - if (atomic_read(&inode->i_writecount) == 1 &&
7845 - iint->version != inode->i_version) {
7846 - iint->flags &= ~IMA_DONE_MASK;
7847 - if (iint->flags & IMA_APPRAISE)
7848 - ima_update_xattr(iint, file);
7849 + if (atomic_read(&inode->i_writecount) == 1) {
7850 + if ((iint->version != inode->i_version) ||
7851 + (iint->flags & IMA_NEW_FILE)) {
7852 + iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
7853 + if (iint->flags & IMA_APPRAISE)
7854 + ima_update_xattr(iint, file);
7855 + }
7856 }
7857 mutex_unlock(&inode->i_mutex);
7858 }
7859 @@ -155,7 +157,7 @@ void ima_file_free(struct file *file)
7860 }
7861
7862 static int process_measurement(struct file *file, const char *filename,
7863 - int mask, int function)
7864 + int mask, int function, int opened)
7865 {
7866 struct inode *inode = file_inode(file);
7867 struct integrity_iint_cache *iint;
7868 @@ -224,7 +226,7 @@ static int process_measurement(struct file *file, const char *filename,
7869 xattr_value, xattr_len);
7870 if (action & IMA_APPRAISE_SUBMASK)
7871 rc = ima_appraise_measurement(_func, iint, file, pathname,
7872 - xattr_value, xattr_len);
7873 + xattr_value, xattr_len, opened);
7874 if (action & IMA_AUDIT)
7875 ima_audit_measurement(iint, pathname);
7876 kfree(pathbuf);
7877 @@ -253,7 +255,7 @@ out:
7878 int ima_file_mmap(struct file *file, unsigned long prot)
7879 {
7880 if (file && (prot & PROT_EXEC))
7881 - return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK);
7882 + return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK, 0);
7883 return 0;
7884 }
7885
7886 @@ -275,7 +277,7 @@ int ima_bprm_check(struct linux_binprm *bprm)
7887 return process_measurement(bprm->file,
7888 (strcmp(bprm->filename, bprm->interp) == 0) ?
7889 bprm->filename : bprm->interp,
7890 - MAY_EXEC, BPRM_CHECK);
7891 + MAY_EXEC, BPRM_CHECK, 0);
7892 }
7893
7894 /**
7895 @@ -288,12 +290,12 @@ int ima_bprm_check(struct linux_binprm *bprm)
7896 * On success return 0. On integrity appraisal error, assuming the file
7897 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
7898 */
7899 -int ima_file_check(struct file *file, int mask)
7900 +int ima_file_check(struct file *file, int mask, int opened)
7901 {
7902 ima_rdwr_violation_check(file);
7903 return process_measurement(file, NULL,
7904 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
7905 - FILE_CHECK);
7906 + FILE_CHECK, opened);
7907 }
7908 EXPORT_SYMBOL_GPL(ima_file_check);
7909
7910 @@ -316,7 +318,7 @@ int ima_module_check(struct file *file)
7911 #endif
7912 return 0; /* We rely on module signature checking */
7913 }
7914 - return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK);
7915 + return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK, 0);
7916 }
7917
7918 int ima_fw_from_file(struct file *file, char *buf, size_t size)
7919 @@ -327,7 +329,7 @@ int ima_fw_from_file(struct file *file, char *buf, size_t size)
7920 return -EACCES; /* INTEGRITY_UNKNOWN */
7921 return 0;
7922 }
7923 - return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK);
7924 + return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK, 0);
7925 }
7926
7927 static int __init init_ima(void)
7928 diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
7929 index 19b8e314ca96..904e68abd49e 100644
7930 --- a/security/integrity/integrity.h
7931 +++ b/security/integrity/integrity.h
7932 @@ -31,6 +31,7 @@
7933 #define IMA_DIGSIG 0x01000000
7934 #define IMA_DIGSIG_REQUIRED 0x02000000
7935 #define IMA_PERMIT_DIRECTIO 0x04000000
7936 +#define IMA_NEW_FILE 0x08000000
7937
7938 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
7939 IMA_APPRAISE_SUBMASK)
7940 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
7941 index 8cd2f930ad0b..a95356f45606 100644
7942 --- a/sound/core/pcm_native.c
7943 +++ b/sound/core/pcm_native.c
7944 @@ -3193,7 +3193,7 @@ static const struct vm_operations_struct snd_pcm_vm_ops_data_fault = {
7945
7946 #ifndef ARCH_HAS_DMA_MMAP_COHERENT
7947 /* This should be defined / handled globally! */
7948 -#ifdef CONFIG_ARM
7949 +#if defined(CONFIG_ARM) || defined(CONFIG_ARM64)
7950 #define ARCH_HAS_DMA_MMAP_COHERENT
7951 #endif
7952 #endif
7953 diff --git a/sound/firewire/bebob/bebob_terratec.c b/sound/firewire/bebob/bebob_terratec.c
7954 index eef8ea7d9b97..0e4c0bfc463b 100644
7955 --- a/sound/firewire/bebob/bebob_terratec.c
7956 +++ b/sound/firewire/bebob/bebob_terratec.c
7957 @@ -17,10 +17,10 @@ phase88_rack_clk_src_get(struct snd_bebob *bebob, unsigned int *id)
7958 unsigned int enable_ext, enable_word;
7959 int err;
7960
7961 - err = avc_audio_get_selector(bebob->unit, 0, 0, &enable_ext);
7962 + err = avc_audio_get_selector(bebob->unit, 0, 9, &enable_ext);
7963 if (err < 0)
7964 goto end;
7965 - err = avc_audio_get_selector(bebob->unit, 0, 0, &enable_word);
7966 + err = avc_audio_get_selector(bebob->unit, 0, 8, &enable_word);
7967 if (err < 0)
7968 goto end;
7969
7970 diff --git a/sound/pci/emu10k1/emu10k1_callback.c b/sound/pci/emu10k1/emu10k1_callback.c
7971 index 3f3ef38d9b6e..874cd76c7b7f 100644
7972 --- a/sound/pci/emu10k1/emu10k1_callback.c
7973 +++ b/sound/pci/emu10k1/emu10k1_callback.c
7974 @@ -85,6 +85,8 @@ snd_emu10k1_ops_setup(struct snd_emux *emux)
7975 * get more voice for pcm
7976 *
7977 * terminate most inactive voice and give it as a pcm voice.
7978 + *
7979 + * voice_lock is already held.
7980 */
7981 int
7982 snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
7983 @@ -92,12 +94,10 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
7984 struct snd_emux *emu;
7985 struct snd_emux_voice *vp;
7986 struct best_voice best[V_END];
7987 - unsigned long flags;
7988 int i;
7989
7990 emu = hw->synth;
7991
7992 - spin_lock_irqsave(&emu->voice_lock, flags);
7993 lookup_voices(emu, hw, best, 1); /* no OFF voices */
7994 for (i = 0; i < V_END; i++) {
7995 if (best[i].voice >= 0) {
7996 @@ -113,11 +113,9 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
7997 vp->emu->num_voices--;
7998 vp->ch = -1;
7999 vp->state = SNDRV_EMUX_ST_OFF;
8000 - spin_unlock_irqrestore(&emu->voice_lock, flags);
8001 return ch;
8002 }
8003 }
8004 - spin_unlock_irqrestore(&emu->voice_lock, flags);
8005
8006 /* not found */
8007 return -ENOMEM;
8008 diff --git a/sound/pci/hda/hda_local.h b/sound/pci/hda/hda_local.h
8009 index 364bb413e02a..bb989ab316e8 100644
8010 --- a/sound/pci/hda/hda_local.h
8011 +++ b/sound/pci/hda/hda_local.h
8012 @@ -425,7 +425,7 @@ struct snd_hda_pin_quirk {
8013 .subvendor = _subvendor,\
8014 .name = _name,\
8015 .value = _value,\
8016 - .pins = (const struct hda_pintbl[]) { _pins } \
8017 + .pins = (const struct hda_pintbl[]) { _pins, {0, 0}} \
8018 }
8019 #else
8020
8021 @@ -433,7 +433,7 @@ struct snd_hda_pin_quirk {
8022 { .codec = _codec,\
8023 .subvendor = _subvendor,\
8024 .value = _value,\
8025 - .pins = (const struct hda_pintbl[]) { _pins } \
8026 + .pins = (const struct hda_pintbl[]) { _pins, {0, 0}} \
8027 }
8028
8029 #endif
8030 diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
8031 index 99d7d7fecaad..c3658df2359c 100644
8032 --- a/sound/pci/hda/patch_hdmi.c
8033 +++ b/sound/pci/hda/patch_hdmi.c
8034 @@ -1577,19 +1577,22 @@ static bool hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll)
8035 }
8036 }
8037
8038 - if (pin_eld->eld_valid && !eld->eld_valid) {
8039 - update_eld = true;
8040 + if (pin_eld->eld_valid != eld->eld_valid)
8041 eld_changed = true;
8042 - }
8043 +
8044 + if (pin_eld->eld_valid && !eld->eld_valid)
8045 + update_eld = true;
8046 +
8047 if (update_eld) {
8048 bool old_eld_valid = pin_eld->eld_valid;
8049 pin_eld->eld_valid = eld->eld_valid;
8050 - eld_changed = pin_eld->eld_size != eld->eld_size ||
8051 + if (pin_eld->eld_size != eld->eld_size ||
8052 memcmp(pin_eld->eld_buffer, eld->eld_buffer,
8053 - eld->eld_size) != 0;
8054 - if (eld_changed)
8055 + eld->eld_size) != 0) {
8056 memcpy(pin_eld->eld_buffer, eld->eld_buffer,
8057 eld->eld_size);
8058 + eld_changed = true;
8059 + }
8060 pin_eld->eld_size = eld->eld_size;
8061 pin_eld->info = eld->info;
8062
8063 diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
8064 index 1ba22fb527c2..b7b293cc710e 100644
8065 --- a/sound/pci/hda/patch_realtek.c
8066 +++ b/sound/pci/hda/patch_realtek.c
8067 @@ -3125,6 +3125,9 @@ static void alc283_shutup(struct hda_codec *codec)
8068
8069 alc_write_coef_idx(codec, 0x43, 0x9004);
8070
8071 + /*depop hp during suspend*/
8072 + alc_write_coef_idx(codec, 0x06, 0x2100);
8073 +
8074 snd_hda_codec_write(codec, hp_pin, 0,
8075 AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
8076
8077 @@ -5783,9 +5786,9 @@ static void alc662_led_gpio1_mute_hook(void *private_data, int enabled)
8078 unsigned int oldval = spec->gpio_led;
8079
8080 if (enabled)
8081 - spec->gpio_led &= ~0x01;
8082 - else
8083 spec->gpio_led |= 0x01;
8084 + else
8085 + spec->gpio_led &= ~0x01;
8086 if (spec->gpio_led != oldval)
8087 snd_hda_codec_write(codec, 0x01, 0, AC_VERB_SET_GPIO_DATA,
8088 spec->gpio_led);
8089 diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
8090 index 223c47b33ba3..c657752a420c 100644
8091 --- a/sound/usb/quirks-table.h
8092 +++ b/sound/usb/quirks-table.h
8093 @@ -385,6 +385,36 @@ YAMAHA_DEVICE(0x105d, NULL),
8094 }
8095 },
8096 {
8097 + USB_DEVICE(0x0499, 0x1509),
8098 + .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
8099 + /* .vendor_name = "Yamaha", */
8100 + /* .product_name = "Steinberg UR22", */
8101 + .ifnum = QUIRK_ANY_INTERFACE,
8102 + .type = QUIRK_COMPOSITE,
8103 + .data = (const struct snd_usb_audio_quirk[]) {
8104 + {
8105 + .ifnum = 1,
8106 + .type = QUIRK_AUDIO_STANDARD_INTERFACE
8107 + },
8108 + {
8109 + .ifnum = 2,
8110 + .type = QUIRK_AUDIO_STANDARD_INTERFACE
8111 + },
8112 + {
8113 + .ifnum = 3,
8114 + .type = QUIRK_MIDI_YAMAHA
8115 + },
8116 + {
8117 + .ifnum = 4,
8118 + .type = QUIRK_IGNORE_INTERFACE
8119 + },
8120 + {
8121 + .ifnum = -1
8122 + }
8123 + }
8124 + }
8125 +},
8126 +{
8127 USB_DEVICE(0x0499, 0x150a),
8128 .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
8129 /* .vendor_name = "Yamaha", */
8130 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
8131 index 95519bc959ed..6a3f29bd43d7 100644
8132 --- a/virt/kvm/kvm_main.c
8133 +++ b/virt/kvm/kvm_main.c
8134 @@ -52,6 +52,7 @@
8135
8136 #include <asm/processor.h>
8137 #include <asm/io.h>
8138 +#include <asm/ioctl.h>
8139 #include <asm/uaccess.h>
8140 #include <asm/pgtable.h>
8141
8142 @@ -95,8 +96,6 @@ static int hardware_enable_all(void);
8143 static void hardware_disable_all(void);
8144
8145 static void kvm_io_bus_destroy(struct kvm_io_bus *bus);
8146 -static void update_memslots(struct kvm_memslots *slots,
8147 - struct kvm_memory_slot *new, u64 last_generation);
8148
8149 static void kvm_release_pfn_dirty(pfn_t pfn);
8150 static void mark_page_dirty_in_slot(struct kvm *kvm,
8151 @@ -476,6 +475,13 @@ static struct kvm *kvm_create_vm(unsigned long type)
8152 kvm->memslots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
8153 if (!kvm->memslots)
8154 goto out_err_no_srcu;
8155 +
8156 + /*
8157 + * Init kvm generation close to the maximum to easily test the
8158 + * code of handling generation number wrap-around.
8159 + */
8160 + kvm->memslots->generation = -150;
8161 +
8162 kvm_init_memslots_id(kvm);
8163 if (init_srcu_struct(&kvm->srcu))
8164 goto out_err_no_srcu;
8165 @@ -687,8 +693,7 @@ static void sort_memslots(struct kvm_memslots *slots)
8166 }
8167
8168 static void update_memslots(struct kvm_memslots *slots,
8169 - struct kvm_memory_slot *new,
8170 - u64 last_generation)
8171 + struct kvm_memory_slot *new)
8172 {
8173 if (new) {
8174 int id = new->id;
8175 @@ -699,8 +704,6 @@ static void update_memslots(struct kvm_memslots *slots,
8176 if (new->npages != npages)
8177 sort_memslots(slots);
8178 }
8179 -
8180 - slots->generation = last_generation + 1;
8181 }
8182
8183 static int check_memory_region_flags(struct kvm_userspace_memory_region *mem)
8184 @@ -722,10 +725,24 @@ static struct kvm_memslots *install_new_memslots(struct kvm *kvm,
8185 {
8186 struct kvm_memslots *old_memslots = kvm->memslots;
8187
8188 - update_memslots(slots, new, kvm->memslots->generation);
8189 + /*
8190 + * Set the low bit in the generation, which disables SPTE caching
8191 + * until the end of synchronize_srcu_expedited.
8192 + */
8193 + WARN_ON(old_memslots->generation & 1);
8194 + slots->generation = old_memslots->generation + 1;
8195 +
8196 + update_memslots(slots, new);
8197 rcu_assign_pointer(kvm->memslots, slots);
8198 synchronize_srcu_expedited(&kvm->srcu);
8199
8200 + /*
8201 + * Increment the new memslot generation a second time. This prevents
8202 + * vm exits that race with memslot updates from caching a memslot
8203 + * generation that will (potentially) be valid forever.
8204 + */
8205 + slots->generation++;
8206 +
8207 kvm_arch_memslots_updated(kvm);
8208
8209 return old_memslots;
8210 @@ -1975,6 +1992,9 @@ static long kvm_vcpu_ioctl(struct file *filp,
8211 if (vcpu->kvm->mm != current->mm)
8212 return -EIO;
8213
8214 + if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
8215 + return -EINVAL;
8216 +
8217 #if defined(CONFIG_S390) || defined(CONFIG_PPC) || defined(CONFIG_MIPS)
8218 /*
8219 * Special cases: vcpu ioctls that are asynchronous to vcpu execution,