From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 403321382C5 for ; Thu, 22 Feb 2018 23:23:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 67139E0833; Thu, 22 Feb 2018 23:23:44 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1485BE0833 for ; Thu, 22 Feb 2018 23:23:44 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B3A94335C31 for ; Thu, 22 Feb 2018 23:23:42 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9E69C1A3 for ; Thu, 22 Feb 2018 23:23:35 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1519341805.d603d53d71f6a32e75ad20ea841b50b6b9c15bf7.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 0000_README 1020_linux-4.14.21.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: d603d53d71f6a32e75ad20ea841b50b6b9c15bf7 X-VCS-Branch: 4.14 Date: Thu, 22 Feb 2018 23:23:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5a54f825-8882-43d4-a6b7-28dfba7c05f4 X-Archives-Hash: c0c007adf95321ea74d265fb9cfe5ff1 commit: d603d53d71f6a32e75ad20ea841b50b6b9c15bf7 Author: Mike Pagano gentoo org> AuthorDate: Thu Feb 22 23:23:25 2018 +0000 Commit: Mike Pagano gentoo org> CommitDate: Thu Feb 22 23:23:25 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=d603d53d Linux patchj 4.14.21 0000_README | 4 + 1020_linux-4.14.21.patch | 11566 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 11570 insertions(+) diff --git a/0000_README b/0000_README index 7fd6d67..f9abc2d 100644 --- a/0000_README +++ b/0000_README @@ -123,6 +123,10 @@ Patch: 1019_linux-4.14.20.patch From: http://www.kernel.org Desc: Linux 4.14.20 +Patch: 1020_linux-4.14.21.patch +From: http://www.kernel.org +Desc: Linux 4.14.21 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1020_linux-4.14.21.patch b/1020_linux-4.14.21.patch new file mode 100644 index 0000000..f26afa9 --- /dev/null +++ b/1020_linux-4.14.21.patch @@ -0,0 +1,11566 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index c76afdcafbef..fb385af482ff 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1841,13 +1841,6 @@ + Built with CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y, + the default is off. + +- kmemcheck= [X86] Boot-time kmemcheck enable/disable/one-shot mode +- Valid arguments: 0, 1, 2 +- kmemcheck=0 (disabled) +- kmemcheck=1 (enabled) +- kmemcheck=2 (one-shot mode) +- Default: 2 (one-shot mode) +- + kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs. + Default is 0 (don't ignore, but inject #GP) + +diff --git a/Documentation/dev-tools/index.rst b/Documentation/dev-tools/index.rst +index a81787cd47d7..e313925fb0fa 100644 +--- a/Documentation/dev-tools/index.rst ++++ b/Documentation/dev-tools/index.rst +@@ -21,7 +21,6 @@ whole; patches welcome! + kasan + ubsan + kmemleak +- kmemcheck + gdb-kernel-debugging + kgdb + kselftest +diff --git a/Documentation/dev-tools/kmemcheck.rst b/Documentation/dev-tools/kmemcheck.rst +deleted file mode 100644 +index 7f3d1985de74..000000000000 +--- a/Documentation/dev-tools/kmemcheck.rst ++++ /dev/null +@@ -1,733 +0,0 @@ +-Getting started with kmemcheck +-============================== +- +-Vegard Nossum +- +- +-Introduction +------------- +- +-kmemcheck is a debugging feature for the Linux Kernel. More specifically, it +-is a dynamic checker that detects and warns about some uses of uninitialized +-memory. +- +-Userspace programmers might be familiar with Valgrind's memcheck. The main +-difference between memcheck and kmemcheck is that memcheck works for userspace +-programs only, and kmemcheck works for the kernel only. The implementations +-are of course vastly different. Because of this, kmemcheck is not as accurate +-as memcheck, but it turns out to be good enough in practice to discover real +-programmer errors that the compiler is not able to find through static +-analysis. +- +-Enabling kmemcheck on a kernel will probably slow it down to the extent that +-the machine will not be usable for normal workloads such as e.g. an +-interactive desktop. kmemcheck will also cause the kernel to use about twice +-as much memory as normal. For this reason, kmemcheck is strictly a debugging +-feature. +- +- +-Downloading +------------ +- +-As of version 2.6.31-rc1, kmemcheck is included in the mainline kernel. +- +- +-Configuring and compiling +-------------------------- +- +-kmemcheck only works for the x86 (both 32- and 64-bit) platform. A number of +-configuration variables must have specific settings in order for the kmemcheck +-menu to even appear in "menuconfig". These are: +- +-- ``CONFIG_CC_OPTIMIZE_FOR_SIZE=n`` +- This option is located under "General setup" / "Optimize for size". +- +- Without this, gcc will use certain optimizations that usually lead to +- false positive warnings from kmemcheck. An example of this is a 16-bit +- field in a struct, where gcc may load 32 bits, then discard the upper +- 16 bits. kmemcheck sees only the 32-bit load, and may trigger a +- warning for the upper 16 bits (if they're uninitialized). +- +-- ``CONFIG_SLAB=y`` or ``CONFIG_SLUB=y`` +- This option is located under "General setup" / "Choose SLAB +- allocator". +- +-- ``CONFIG_FUNCTION_TRACER=n`` +- This option is located under "Kernel hacking" / "Tracers" / "Kernel +- Function Tracer" +- +- When function tracing is compiled in, gcc emits a call to another +- function at the beginning of every function. This means that when the +- page fault handler is called, the ftrace framework will be called +- before kmemcheck has had a chance to handle the fault. If ftrace then +- modifies memory that was tracked by kmemcheck, the result is an +- endless recursive page fault. +- +-- ``CONFIG_DEBUG_PAGEALLOC=n`` +- This option is located under "Kernel hacking" / "Memory Debugging" +- / "Debug page memory allocations". +- +-In addition, I highly recommend turning on ``CONFIG_DEBUG_INFO=y``. This is also +-located under "Kernel hacking". With this, you will be able to get line number +-information from the kmemcheck warnings, which is extremely valuable in +-debugging a problem. This option is not mandatory, however, because it slows +-down the compilation process and produces a much bigger kernel image. +- +-Now the kmemcheck menu should be visible (under "Kernel hacking" / "Memory +-Debugging" / "kmemcheck: trap use of uninitialized memory"). Here follows +-a description of the kmemcheck configuration variables: +- +-- ``CONFIG_KMEMCHECK`` +- This must be enabled in order to use kmemcheck at all... +- +-- ``CONFIG_KMEMCHECK_``[``DISABLED`` | ``ENABLED`` | ``ONESHOT``]``_BY_DEFAULT`` +- This option controls the status of kmemcheck at boot-time. "Enabled" +- will enable kmemcheck right from the start, "disabled" will boot the +- kernel as normal (but with the kmemcheck code compiled in, so it can +- be enabled at run-time after the kernel has booted), and "one-shot" is +- a special mode which will turn kmemcheck off automatically after +- detecting the first use of uninitialized memory. +- +- If you are using kmemcheck to actively debug a problem, then you +- probably want to choose "enabled" here. +- +- The one-shot mode is mostly useful in automated test setups because it +- can prevent floods of warnings and increase the chances of the machine +- surviving in case something is really wrong. In other cases, the one- +- shot mode could actually be counter-productive because it would turn +- itself off at the very first error -- in the case of a false positive +- too -- and this would come in the way of debugging the specific +- problem you were interested in. +- +- If you would like to use your kernel as normal, but with a chance to +- enable kmemcheck in case of some problem, it might be a good idea to +- choose "disabled" here. When kmemcheck is disabled, most of the run- +- time overhead is not incurred, and the kernel will be almost as fast +- as normal. +- +-- ``CONFIG_KMEMCHECK_QUEUE_SIZE`` +- Select the maximum number of error reports to store in an internal +- (fixed-size) buffer. Since errors can occur virtually anywhere and in +- any context, we need a temporary storage area which is guaranteed not +- to generate any other page faults when accessed. The queue will be +- emptied as soon as a tasklet may be scheduled. If the queue is full, +- new error reports will be lost. +- +- The default value of 64 is probably fine. If some code produces more +- than 64 errors within an irqs-off section, then the code is likely to +- produce many, many more, too, and these additional reports seldom give +- any more information (the first report is usually the most valuable +- anyway). +- +- This number might have to be adjusted if you are not using serial +- console or similar to capture the kernel log. If you are using the +- "dmesg" command to save the log, then getting a lot of kmemcheck +- warnings might overflow the kernel log itself, and the earlier reports +- will get lost in that way instead. Try setting this to 10 or so on +- such a setup. +- +-- ``CONFIG_KMEMCHECK_SHADOW_COPY_SHIFT`` +- Select the number of shadow bytes to save along with each entry of the +- error-report queue. These bytes indicate what parts of an allocation +- are initialized, uninitialized, etc. and will be displayed when an +- error is detected to help the debugging of a particular problem. +- +- The number entered here is actually the logarithm of the number of +- bytes that will be saved. So if you pick for example 5 here, kmemcheck +- will save 2^5 = 32 bytes. +- +- The default value should be fine for debugging most problems. It also +- fits nicely within 80 columns. +- +-- ``CONFIG_KMEMCHECK_PARTIAL_OK`` +- This option (when enabled) works around certain GCC optimizations that +- produce 32-bit reads from 16-bit variables where the upper 16 bits are +- thrown away afterwards. +- +- The default value (enabled) is recommended. This may of course hide +- some real errors, but disabling it would probably produce a lot of +- false positives. +- +-- ``CONFIG_KMEMCHECK_BITOPS_OK`` +- This option silences warnings that would be generated for bit-field +- accesses where not all the bits are initialized at the same time. This +- may also hide some real bugs. +- +- This option is probably obsolete, or it should be replaced with +- the kmemcheck-/bitfield-annotations for the code in question. The +- default value is therefore fine. +- +-Now compile the kernel as usual. +- +- +-How to use +----------- +- +-Booting +-~~~~~~~ +- +-First some information about the command-line options. There is only one +-option specific to kmemcheck, and this is called "kmemcheck". It can be used +-to override the default mode as chosen by the ``CONFIG_KMEMCHECK_*_BY_DEFAULT`` +-option. Its possible settings are: +- +-- ``kmemcheck=0`` (disabled) +-- ``kmemcheck=1`` (enabled) +-- ``kmemcheck=2`` (one-shot mode) +- +-If SLUB debugging has been enabled in the kernel, it may take precedence over +-kmemcheck in such a way that the slab caches which are under SLUB debugging +-will not be tracked by kmemcheck. In order to ensure that this doesn't happen +-(even though it shouldn't by default), use SLUB's boot option ``slub_debug``, +-like this: ``slub_debug=-`` +- +-In fact, this option may also be used for fine-grained control over SLUB vs. +-kmemcheck. For example, if the command line includes +-``kmemcheck=1 slub_debug=,dentry``, then SLUB debugging will be used only +-for the "dentry" slab cache, and with kmemcheck tracking all the other +-caches. This is advanced usage, however, and is not generally recommended. +- +- +-Run-time enable/disable +-~~~~~~~~~~~~~~~~~~~~~~~ +- +-When the kernel has booted, it is possible to enable or disable kmemcheck at +-run-time. WARNING: This feature is still experimental and may cause false +-positive warnings to appear. Therefore, try not to use this. If you find that +-it doesn't work properly (e.g. you see an unreasonable amount of warnings), I +-will be happy to take bug reports. +- +-Use the file ``/proc/sys/kernel/kmemcheck`` for this purpose, e.g.:: +- +- $ echo 0 > /proc/sys/kernel/kmemcheck # disables kmemcheck +- +-The numbers are the same as for the ``kmemcheck=`` command-line option. +- +- +-Debugging +-~~~~~~~~~ +- +-A typical report will look something like this:: +- +- WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff88003e4a2024) +- 80000000000000000000000000000000000000000088ffff0000000000000000 +- i i i i u u u u i i i i i i i i u u u u u u u u u u u u u u u u +- ^ +- +- Pid: 1856, comm: ntpdate Not tainted 2.6.29-rc5 #264 945P-A +- RIP: 0010:[] [] __dequeue_signal+0xc8/0x190 +- RSP: 0018:ffff88003cdf7d98 EFLAGS: 00210002 +- RAX: 0000000000000030 RBX: ffff88003d4ea968 RCX: 0000000000000009 +- RDX: ffff88003e5d6018 RSI: ffff88003e5d6024 RDI: ffff88003cdf7e84 +- RBP: ffff88003cdf7db8 R08: ffff88003e5d6000 R09: 0000000000000000 +- R10: 0000000000000080 R11: 0000000000000000 R12: 000000000000000e +- R13: ffff88003cdf7e78 R14: ffff88003d530710 R15: ffff88003d5a98c8 +- FS: 0000000000000000(0000) GS:ffff880001982000(0063) knlGS:00000 +- CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 +- CR2: ffff88003f806ea0 CR3: 000000003c036000 CR4: 00000000000006a0 +- DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +- DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 +- [] dequeue_signal+0x8e/0x170 +- [] get_signal_to_deliver+0x98/0x390 +- [] do_notify_resume+0xad/0x7d0 +- [] int_signal+0x12/0x17 +- [] 0xffffffffffffffff +- +-The single most valuable information in this report is the RIP (or EIP on 32- +-bit) value. This will help us pinpoint exactly which instruction that caused +-the warning. +- +-If your kernel was compiled with ``CONFIG_DEBUG_INFO=y``, then all we have to do +-is give this address to the addr2line program, like this:: +- +- $ addr2line -e vmlinux -i ffffffff8104ede8 +- arch/x86/include/asm/string_64.h:12 +- include/asm-generic/siginfo.h:287 +- kernel/signal.c:380 +- kernel/signal.c:410 +- +-The "``-e vmlinux``" tells addr2line which file to look in. **IMPORTANT:** +-This must be the vmlinux of the kernel that produced the warning in the +-first place! If not, the line number information will almost certainly be +-wrong. +- +-The "``-i``" tells addr2line to also print the line numbers of inlined +-functions. In this case, the flag was very important, because otherwise, +-it would only have printed the first line, which is just a call to +-``memcpy()``, which could be called from a thousand places in the kernel, and +-is therefore not very useful. These inlined functions would not show up in +-the stack trace above, simply because the kernel doesn't load the extra +-debugging information. This technique can of course be used with ordinary +-kernel oopses as well. +- +-In this case, it's the caller of ``memcpy()`` that is interesting, and it can be +-found in ``include/asm-generic/siginfo.h``, line 287:: +- +- 281 static inline void copy_siginfo(struct siginfo *to, struct siginfo *from) +- 282 { +- 283 if (from->si_code < 0) +- 284 memcpy(to, from, sizeof(*to)); +- 285 else +- 286 /* _sigchld is currently the largest know union member */ +- 287 memcpy(to, from, __ARCH_SI_PREAMBLE_SIZE + sizeof(from->_sifields._sigchld)); +- 288 } +- +-Since this was a read (kmemcheck usually warns about reads only, though it can +-warn about writes to unallocated or freed memory as well), it was probably the +-"from" argument which contained some uninitialized bytes. Following the chain +-of calls, we move upwards to see where "from" was allocated or initialized, +-``kernel/signal.c``, line 380:: +- +- 359 static void collect_signal(int sig, struct sigpending *list, siginfo_t *info) +- 360 { +- ... +- 367 list_for_each_entry(q, &list->list, list) { +- 368 if (q->info.si_signo == sig) { +- 369 if (first) +- 370 goto still_pending; +- 371 first = q; +- ... +- 377 if (first) { +- 378 still_pending: +- 379 list_del_init(&first->list); +- 380 copy_siginfo(info, &first->info); +- 381 __sigqueue_free(first); +- ... +- 392 } +- 393 } +- +-Here, it is ``&first->info`` that is being passed on to ``copy_siginfo()``. The +-variable ``first`` was found on a list -- passed in as the second argument to +-``collect_signal()``. We continue our journey through the stack, to figure out +-where the item on "list" was allocated or initialized. We move to line 410:: +- +- 395 static int __dequeue_signal(struct sigpending *pending, sigset_t *mask, +- 396 siginfo_t *info) +- 397 { +- ... +- 410 collect_signal(sig, pending, info); +- ... +- 414 } +- +-Now we need to follow the ``pending`` pointer, since that is being passed on to +-``collect_signal()`` as ``list``. At this point, we've run out of lines from the +-"addr2line" output. Not to worry, we just paste the next addresses from the +-kmemcheck stack dump, i.e.:: +- +- [] dequeue_signal+0x8e/0x170 +- [] get_signal_to_deliver+0x98/0x390 +- [] do_notify_resume+0xad/0x7d0 +- [] int_signal+0x12/0x17 +- +- $ addr2line -e vmlinux -i ffffffff8104f04e ffffffff81050bd8 \ +- ffffffff8100b87d ffffffff8100c7b5 +- kernel/signal.c:446 +- kernel/signal.c:1806 +- arch/x86/kernel/signal.c:805 +- arch/x86/kernel/signal.c:871 +- arch/x86/kernel/entry_64.S:694 +- +-Remember that since these addresses were found on the stack and not as the +-RIP value, they actually point to the _next_ instruction (they are return +-addresses). This becomes obvious when we look at the code for line 446:: +- +- 422 int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) +- 423 { +- ... +- 431 signr = __dequeue_signal(&tsk->signal->shared_pending, +- 432 mask, info); +- 433 /* +- 434 * itimer signal ? +- 435 * +- 436 * itimers are process shared and we restart periodic +- 437 * itimers in the signal delivery path to prevent DoS +- 438 * attacks in the high resolution timer case. This is +- 439 * compliant with the old way of self restarting +- 440 * itimers, as the SIGALRM is a legacy signal and only +- 441 * queued once. Changing the restart behaviour to +- 442 * restart the timer in the signal dequeue path is +- 443 * reducing the timer noise on heavy loaded !highres +- 444 * systems too. +- 445 */ +- 446 if (unlikely(signr == SIGALRM)) { +- ... +- 489 } +- +-So instead of looking at 446, we should be looking at 431, which is the line +-that executes just before 446. Here we see that what we are looking for is +-``&tsk->signal->shared_pending``. +- +-Our next task is now to figure out which function that puts items on this +-``shared_pending`` list. A crude, but efficient tool, is ``git grep``:: +- +- $ git grep -n 'shared_pending' kernel/ +- ... +- kernel/signal.c:828: pending = group ? &t->signal->shared_pending : &t->pending; +- kernel/signal.c:1339: pending = group ? &t->signal->shared_pending : &t->pending; +- ... +- +-There were more results, but none of them were related to list operations, +-and these were the only assignments. We inspect the line numbers more closely +-and find that this is indeed where items are being added to the list:: +- +- 816 static int send_signal(int sig, struct siginfo *info, struct task_struct *t, +- 817 int group) +- 818 { +- ... +- 828 pending = group ? &t->signal->shared_pending : &t->pending; +- ... +- 851 q = __sigqueue_alloc(t, GFP_ATOMIC, (sig < SIGRTMIN && +- 852 (is_si_special(info) || +- 853 info->si_code >= 0))); +- 854 if (q) { +- 855 list_add_tail(&q->list, &pending->list); +- ... +- 890 } +- +-and:: +- +- 1309 int send_sigqueue(struct sigqueue *q, struct task_struct *t, int group) +- 1310 { +- .... +- 1339 pending = group ? &t->signal->shared_pending : &t->pending; +- 1340 list_add_tail(&q->list, &pending->list); +- .... +- 1347 } +- +-In the first case, the list element we are looking for, ``q``, is being +-returned from the function ``__sigqueue_alloc()``, which looks like an +-allocation function. Let's take a look at it:: +- +- 187 static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, +- 188 int override_rlimit) +- 189 { +- 190 struct sigqueue *q = NULL; +- 191 struct user_struct *user; +- 192 +- 193 /* +- 194 * We won't get problems with the target's UID changing under us +- 195 * because changing it requires RCU be used, and if t != current, the +- 196 * caller must be holding the RCU readlock (by way of a spinlock) and +- 197 * we use RCU protection here +- 198 */ +- 199 user = get_uid(__task_cred(t)->user); +- 200 atomic_inc(&user->sigpending); +- 201 if (override_rlimit || +- 202 atomic_read(&user->sigpending) <= +- 203 t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur) +- 204 q = kmem_cache_alloc(sigqueue_cachep, flags); +- 205 if (unlikely(q == NULL)) { +- 206 atomic_dec(&user->sigpending); +- 207 free_uid(user); +- 208 } else { +- 209 INIT_LIST_HEAD(&q->list); +- 210 q->flags = 0; +- 211 q->user = user; +- 212 } +- 213 +- 214 return q; +- 215 } +- +-We see that this function initializes ``q->list``, ``q->flags``, and +-``q->user``. It seems that now is the time to look at the definition of +-``struct sigqueue``, e.g.:: +- +- 14 struct sigqueue { +- 15 struct list_head list; +- 16 int flags; +- 17 siginfo_t info; +- 18 struct user_struct *user; +- 19 }; +- +-And, you might remember, it was a ``memcpy()`` on ``&first->info`` that +-caused the warning, so this makes perfect sense. It also seems reasonable +-to assume that it is the caller of ``__sigqueue_alloc()`` that has the +-responsibility of filling out (initializing) this member. +- +-But just which fields of the struct were uninitialized? Let's look at +-kmemcheck's report again:: +- +- WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff88003e4a2024) +- 80000000000000000000000000000000000000000088ffff0000000000000000 +- i i i i u u u u i i i i i i i i u u u u u u u u u u u u u u u u +- ^ +- +-These first two lines are the memory dump of the memory object itself, and +-the shadow bytemap, respectively. The memory object itself is in this case +-``&first->info``. Just beware that the start of this dump is NOT the start +-of the object itself! The position of the caret (^) corresponds with the +-address of the read (ffff88003e4a2024). +- +-The shadow bytemap dump legend is as follows: +- +-- i: initialized +-- u: uninitialized +-- a: unallocated (memory has been allocated by the slab layer, but has not +- yet been handed off to anybody) +-- f: freed (memory has been allocated by the slab layer, but has been freed +- by the previous owner) +- +-In order to figure out where (relative to the start of the object) the +-uninitialized memory was located, we have to look at the disassembly. For +-that, we'll need the RIP address again:: +- +- RIP: 0010:[] [] __dequeue_signal+0xc8/0x190 +- +- $ objdump -d --no-show-raw-insn vmlinux | grep -C 8 ffffffff8104ede8: +- ffffffff8104edc8: mov %r8,0x8(%r8) +- ffffffff8104edcc: test %r10d,%r10d +- ffffffff8104edcf: js ffffffff8104ee88 <__dequeue_signal+0x168> +- ffffffff8104edd5: mov %rax,%rdx +- ffffffff8104edd8: mov $0xc,%ecx +- ffffffff8104eddd: mov %r13,%rdi +- ffffffff8104ede0: mov $0x30,%eax +- ffffffff8104ede5: mov %rdx,%rsi +- ffffffff8104ede8: rep movsl %ds:(%rsi),%es:(%rdi) +- ffffffff8104edea: test $0x2,%al +- ffffffff8104edec: je ffffffff8104edf0 <__dequeue_signal+0xd0> +- ffffffff8104edee: movsw %ds:(%rsi),%es:(%rdi) +- ffffffff8104edf0: test $0x1,%al +- ffffffff8104edf2: je ffffffff8104edf5 <__dequeue_signal+0xd5> +- ffffffff8104edf4: movsb %ds:(%rsi),%es:(%rdi) +- ffffffff8104edf5: mov %r8,%rdi +- ffffffff8104edf8: callq ffffffff8104de60 <__sigqueue_free> +- +-As expected, it's the "``rep movsl``" instruction from the ``memcpy()`` +-that causes the warning. We know about ``REP MOVSL`` that it uses the register +-``RCX`` to count the number of remaining iterations. By taking a look at the +-register dump again (from the kmemcheck report), we can figure out how many +-bytes were left to copy:: +- +- RAX: 0000000000000030 RBX: ffff88003d4ea968 RCX: 0000000000000009 +- +-By looking at the disassembly, we also see that ``%ecx`` is being loaded +-with the value ``$0xc`` just before (ffffffff8104edd8), so we are very +-lucky. Keep in mind that this is the number of iterations, not bytes. And +-since this is a "long" operation, we need to multiply by 4 to get the +-number of bytes. So this means that the uninitialized value was encountered +-at 4 * (0xc - 0x9) = 12 bytes from the start of the object. +- +-We can now try to figure out which field of the "``struct siginfo``" that +-was not initialized. This is the beginning of the struct:: +- +- 40 typedef struct siginfo { +- 41 int si_signo; +- 42 int si_errno; +- 43 int si_code; +- 44 +- 45 union { +- .. +- 92 } _sifields; +- 93 } siginfo_t; +- +-On 64-bit, the int is 4 bytes long, so it must the union member that has +-not been initialized. We can verify this using gdb:: +- +- $ gdb vmlinux +- ... +- (gdb) p &((struct siginfo *) 0)->_sifields +- $1 = (union {...} *) 0x10 +- +-Actually, it seems that the union member is located at offset 0x10 -- which +-means that gcc has inserted 4 bytes of padding between the members ``si_code`` +-and ``_sifields``. We can now get a fuller picture of the memory dump:: +- +- _----------------------------=> si_code +- / _--------------------=> (padding) +- | / _------------=> _sifields(._kill._pid) +- | | / _----=> _sifields(._kill._uid) +- | | | / +- -------|-------|-------|-------| +- 80000000000000000000000000000000000000000088ffff0000000000000000 +- i i i i u u u u i i i i i i i i u u u u u u u u u u u u u u u u +- +-This allows us to realize another important fact: ``si_code`` contains the +-value 0x80. Remember that x86 is little endian, so the first 4 bytes +-"80000000" are really the number 0x00000080. With a bit of research, we +-find that this is actually the constant ``SI_KERNEL`` defined in +-``include/asm-generic/siginfo.h``:: +- +- 144 #define SI_KERNEL 0x80 /* sent by the kernel from somewhere */ +- +-This macro is used in exactly one place in the x86 kernel: In ``send_signal()`` +-in ``kernel/signal.c``:: +- +- 816 static int send_signal(int sig, struct siginfo *info, struct task_struct *t, +- 817 int group) +- 818 { +- ... +- 828 pending = group ? &t->signal->shared_pending : &t->pending; +- ... +- 851 q = __sigqueue_alloc(t, GFP_ATOMIC, (sig < SIGRTMIN && +- 852 (is_si_special(info) || +- 853 info->si_code >= 0))); +- 854 if (q) { +- 855 list_add_tail(&q->list, &pending->list); +- 856 switch ((unsigned long) info) { +- ... +- 865 case (unsigned long) SEND_SIG_PRIV: +- 866 q->info.si_signo = sig; +- 867 q->info.si_errno = 0; +- 868 q->info.si_code = SI_KERNEL; +- 869 q->info.si_pid = 0; +- 870 q->info.si_uid = 0; +- 871 break; +- ... +- 890 } +- +-Not only does this match with the ``.si_code`` member, it also matches the place +-we found earlier when looking for where siginfo_t objects are enqueued on the +-``shared_pending`` list. +- +-So to sum up: It seems that it is the padding introduced by the compiler +-between two struct fields that is uninitialized, and this gets reported when +-we do a ``memcpy()`` on the struct. This means that we have identified a false +-positive warning. +- +-Normally, kmemcheck will not report uninitialized accesses in ``memcpy()`` calls +-when both the source and destination addresses are tracked. (Instead, we copy +-the shadow bytemap as well). In this case, the destination address clearly +-was not tracked. We can dig a little deeper into the stack trace from above:: +- +- arch/x86/kernel/signal.c:805 +- arch/x86/kernel/signal.c:871 +- arch/x86/kernel/entry_64.S:694 +- +-And we clearly see that the destination siginfo object is located on the +-stack:: +- +- 782 static void do_signal(struct pt_regs *regs) +- 783 { +- 784 struct k_sigaction ka; +- 785 siginfo_t info; +- ... +- 804 signr = get_signal_to_deliver(&info, &ka, regs, NULL); +- ... +- 854 } +- +-And this ``&info`` is what eventually gets passed to ``copy_siginfo()`` as the +-destination argument. +- +-Now, even though we didn't find an actual error here, the example is still a +-good one, because it shows how one would go about to find out what the report +-was all about. +- +- +-Annotating false positives +-~~~~~~~~~~~~~~~~~~~~~~~~~~ +- +-There are a few different ways to make annotations in the source code that +-will keep kmemcheck from checking and reporting certain allocations. Here +-they are: +- +-- ``__GFP_NOTRACK_FALSE_POSITIVE`` +- This flag can be passed to ``kmalloc()`` or ``kmem_cache_alloc()`` +- (therefore also to other functions that end up calling one of +- these) to indicate that the allocation should not be tracked +- because it would lead to a false positive report. This is a "big +- hammer" way of silencing kmemcheck; after all, even if the false +- positive pertains to particular field in a struct, for example, we +- will now lose the ability to find (real) errors in other parts of +- the same struct. +- +- Example:: +- +- /* No warnings will ever trigger on accessing any part of x */ +- x = kmalloc(sizeof *x, GFP_KERNEL | __GFP_NOTRACK_FALSE_POSITIVE); +- +-- ``kmemcheck_bitfield_begin(name)``/``kmemcheck_bitfield_end(name)`` and +- ``kmemcheck_annotate_bitfield(ptr, name)`` +- The first two of these three macros can be used inside struct +- definitions to signal, respectively, the beginning and end of a +- bitfield. Additionally, this will assign the bitfield a name, which +- is given as an argument to the macros. +- +- Having used these markers, one can later use +- kmemcheck_annotate_bitfield() at the point of allocation, to indicate +- which parts of the allocation is part of a bitfield. +- +- Example:: +- +- struct foo { +- int x; +- +- kmemcheck_bitfield_begin(flags); +- int flag_a:1; +- int flag_b:1; +- kmemcheck_bitfield_end(flags); +- +- int y; +- }; +- +- struct foo *x = kmalloc(sizeof *x); +- +- /* No warnings will trigger on accessing the bitfield of x */ +- kmemcheck_annotate_bitfield(x, flags); +- +- Note that ``kmemcheck_annotate_bitfield()`` can be used even before the +- return value of ``kmalloc()`` is checked -- in other words, passing NULL +- as the first argument is legal (and will do nothing). +- +- +-Reporting errors +----------------- +- +-As we have seen, kmemcheck will produce false positive reports. Therefore, it +-is not very wise to blindly post kmemcheck warnings to mailing lists and +-maintainers. Instead, I encourage maintainers and developers to find errors +-in their own code. If you get a warning, you can try to work around it, try +-to figure out if it's a real error or not, or simply ignore it. Most +-developers know their own code and will quickly and efficiently determine the +-root cause of a kmemcheck report. This is therefore also the most efficient +-way to work with kmemcheck. +- +-That said, we (the kmemcheck maintainers) will always be on the lookout for +-false positives that we can annotate and silence. So whatever you find, +-please drop us a note privately! Kernel configs and steps to reproduce (if +-available) are of course a great help too. +- +-Happy hacking! +- +- +-Technical description +---------------------- +- +-kmemcheck works by marking memory pages non-present. This means that whenever +-somebody attempts to access the page, a page fault is generated. The page +-fault handler notices that the page was in fact only hidden, and so it calls +-on the kmemcheck code to make further investigations. +- +-When the investigations are completed, kmemcheck "shows" the page by marking +-it present (as it would be under normal circumstances). This way, the +-interrupted code can continue as usual. +- +-But after the instruction has been executed, we should hide the page again, so +-that we can catch the next access too! Now kmemcheck makes use of a debugging +-feature of the processor, namely single-stepping. When the processor has +-finished the one instruction that generated the memory access, a debug +-exception is raised. From here, we simply hide the page again and continue +-execution, this time with the single-stepping feature turned off. +- +-kmemcheck requires some assistance from the memory allocator in order to work. +-The memory allocator needs to +- +- 1. Tell kmemcheck about newly allocated pages and pages that are about to +- be freed. This allows kmemcheck to set up and tear down the shadow memory +- for the pages in question. The shadow memory stores the status of each +- byte in the allocation proper, e.g. whether it is initialized or +- uninitialized. +- +- 2. Tell kmemcheck which parts of memory should be marked uninitialized. +- There are actually a few more states, such as "not yet allocated" and +- "recently freed". +- +-If a slab cache is set up using the SLAB_NOTRACK flag, it will never return +-memory that can take page faults because of kmemcheck. +- +-If a slab cache is NOT set up using the SLAB_NOTRACK flag, callers can still +-request memory with the __GFP_NOTRACK or __GFP_NOTRACK_FALSE_POSITIVE flags. +-This does not prevent the page faults from occurring, however, but marks the +-object in question as being initialized so that no warnings will ever be +-produced for this object. +- +-Currently, the SLAB and SLUB allocators are supported by kmemcheck. +diff --git a/Documentation/devicetree/bindings/dma/snps-dma.txt b/Documentation/devicetree/bindings/dma/snps-dma.txt +index a122723907ac..99acc712f83a 100644 +--- a/Documentation/devicetree/bindings/dma/snps-dma.txt ++++ b/Documentation/devicetree/bindings/dma/snps-dma.txt +@@ -64,6 +64,6 @@ Example: + reg = <0xe0000000 0x1000>; + interrupts = <0 35 0x4>; + dmas = <&dmahost 12 0 1>, +- <&dmahost 13 0 1 0>; ++ <&dmahost 13 1 0>; + dma-names = "rx", "rx"; + }; +diff --git a/Documentation/filesystems/ext4.txt b/Documentation/filesystems/ext4.txt +index 5a8f7f4d2bca..7449893dc039 100644 +--- a/Documentation/filesystems/ext4.txt ++++ b/Documentation/filesystems/ext4.txt +@@ -233,7 +233,7 @@ data_err=ignore(*) Just print an error message if an error occurs + data_err=abort Abort the journal if an error occurs in a file + data buffer in ordered mode. + +-grpid Give objects the same group ID as their creator. ++grpid New objects have the group ID of their parent. + bsdgroups + + nogrpid (*) New objects have the group ID of their creator. +diff --git a/MAINTAINERS b/MAINTAINERS +index 2811a211632c..76ea063d8083 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -7670,16 +7670,6 @@ F: include/linux/kdb.h + F: include/linux/kgdb.h + F: kernel/debug/ + +-KMEMCHECK +-M: Vegard Nossum +-M: Pekka Enberg +-S: Maintained +-F: Documentation/dev-tools/kmemcheck.rst +-F: arch/x86/include/asm/kmemcheck.h +-F: arch/x86/mm/kmemcheck/ +-F: include/linux/kmemcheck.h +-F: mm/kmemcheck.c +- + KMEMLEAK + M: Catalin Marinas + S: Maintained +diff --git a/Makefile b/Makefile +index 33176140f133..68d70485b088 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 14 +-SUBLEVEL = 20 ++SUBLEVEL = 21 + EXTRAVERSION = + NAME = Petit Gorille + +diff --git a/arch/arm/boot/dts/arm-realview-eb-mp.dtsi b/arch/arm/boot/dts/arm-realview-eb-mp.dtsi +index 7b8d90b7aeea..29b636fce23f 100644 +--- a/arch/arm/boot/dts/arm-realview-eb-mp.dtsi ++++ b/arch/arm/boot/dts/arm-realview-eb-mp.dtsi +@@ -150,11 +150,6 @@ + interrupts = <0 8 IRQ_TYPE_LEVEL_HIGH>; + }; + +-&charlcd { +- interrupt-parent = <&intc>; +- interrupts = <0 IRQ_TYPE_LEVEL_HIGH>; +-}; +- + &serial0 { + interrupt-parent = <&intc>; + interrupts = <0 4 IRQ_TYPE_LEVEL_HIGH>; +diff --git a/arch/arm/boot/dts/exynos5410.dtsi b/arch/arm/boot/dts/exynos5410.dtsi +index 7eab4bc07cec..7628bbb02324 100644 +--- a/arch/arm/boot/dts/exynos5410.dtsi ++++ b/arch/arm/boot/dts/exynos5410.dtsi +@@ -333,7 +333,6 @@ + &rtc { + clocks = <&clock CLK_RTC>; + clock-names = "rtc"; +- interrupt-parent = <&pmu_system_controller>; + status = "disabled"; + }; + +diff --git a/arch/arm/boot/dts/lpc3250-ea3250.dts b/arch/arm/boot/dts/lpc3250-ea3250.dts +index 52b3ed10283a..e2bc731079be 100644 +--- a/arch/arm/boot/dts/lpc3250-ea3250.dts ++++ b/arch/arm/boot/dts/lpc3250-ea3250.dts +@@ -156,8 +156,8 @@ + uda1380: uda1380@18 { + compatible = "nxp,uda1380"; + reg = <0x18>; +- power-gpio = <&gpio 0x59 0>; +- reset-gpio = <&gpio 0x51 0>; ++ power-gpio = <&gpio 3 10 0>; ++ reset-gpio = <&gpio 3 2 0>; + dac-clk = "wspll"; + }; + +diff --git a/arch/arm/boot/dts/lpc3250-phy3250.dts b/arch/arm/boot/dts/lpc3250-phy3250.dts +index fd95e2b10357..b7bd3a110a8d 100644 +--- a/arch/arm/boot/dts/lpc3250-phy3250.dts ++++ b/arch/arm/boot/dts/lpc3250-phy3250.dts +@@ -81,8 +81,8 @@ + uda1380: uda1380@18 { + compatible = "nxp,uda1380"; + reg = <0x18>; +- power-gpio = <&gpio 0x59 0>; +- reset-gpio = <&gpio 0x51 0>; ++ power-gpio = <&gpio 3 10 0>; ++ reset-gpio = <&gpio 3 2 0>; + dac-clk = "wspll"; + }; + +diff --git a/arch/arm/boot/dts/mt2701.dtsi b/arch/arm/boot/dts/mt2701.dtsi +index afe12e5b51f9..f936000f0699 100644 +--- a/arch/arm/boot/dts/mt2701.dtsi ++++ b/arch/arm/boot/dts/mt2701.dtsi +@@ -593,6 +593,7 @@ + compatible = "mediatek,mt2701-hifsys", "syscon"; + reg = <0 0x1a000000 0 0x1000>; + #clock-cells = <1>; ++ #reset-cells = <1>; + }; + + usb0: usb@1a1c0000 { +@@ -677,6 +678,7 @@ + compatible = "mediatek,mt2701-ethsys", "syscon"; + reg = <0 0x1b000000 0 0x1000>; + #clock-cells = <1>; ++ #reset-cells = <1>; + }; + + eth: ethernet@1b100000 { +diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi +index ec8a07415cb3..36983a7d7cfd 100644 +--- a/arch/arm/boot/dts/mt7623.dtsi ++++ b/arch/arm/boot/dts/mt7623.dtsi +@@ -753,6 +753,7 @@ + "syscon"; + reg = <0 0x1b000000 0 0x1000>; + #clock-cells = <1>; ++ #reset-cells = <1>; + }; + + eth: ethernet@1b100000 { +diff --git a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts +index 688a86378cee..7bf5aa2237c9 100644 +--- a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts ++++ b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts +@@ -204,7 +204,7 @@ + bus-width = <4>; + max-frequency = <50000000>; + cap-sd-highspeed; +- cd-gpios = <&pio 261 0>; ++ cd-gpios = <&pio 261 GPIO_ACTIVE_LOW>; + vmmc-supply = <&mt6323_vmch_reg>; + vqmmc-supply = <&mt6323_vio18_reg>; + }; +diff --git a/arch/arm/boot/dts/s5pv210.dtsi b/arch/arm/boot/dts/s5pv210.dtsi +index 726c5d0dbd5b..b290a5abb901 100644 +--- a/arch/arm/boot/dts/s5pv210.dtsi ++++ b/arch/arm/boot/dts/s5pv210.dtsi +@@ -463,6 +463,7 @@ + compatible = "samsung,exynos4210-ohci"; + reg = <0xec300000 0x100>; + interrupts = <23>; ++ interrupt-parent = <&vic1>; + clocks = <&clocks CLK_USB_HOST>; + clock-names = "usbhost"; + #address-cells = <1>; +diff --git a/arch/arm/boot/dts/spear1310-evb.dts b/arch/arm/boot/dts/spear1310-evb.dts +index 84101e4eebbf..0f5f379323a8 100644 +--- a/arch/arm/boot/dts/spear1310-evb.dts ++++ b/arch/arm/boot/dts/spear1310-evb.dts +@@ -349,7 +349,7 @@ + spi0: spi@e0100000 { + status = "okay"; + num-cs = <3>; +- cs-gpios = <&gpio1 7 0>, <&spics 0>, <&spics 1>; ++ cs-gpios = <&gpio1 7 0>, <&spics 0 0>, <&spics 1 0>; + + stmpe610@0 { + compatible = "st,stmpe610"; +diff --git a/arch/arm/boot/dts/spear1340.dtsi b/arch/arm/boot/dts/spear1340.dtsi +index 5f347054527d..d4dbc4098653 100644 +--- a/arch/arm/boot/dts/spear1340.dtsi ++++ b/arch/arm/boot/dts/spear1340.dtsi +@@ -142,8 +142,8 @@ + reg = <0xb4100000 0x1000>; + interrupts = <0 105 0x4>; + status = "disabled"; +- dmas = <&dwdma0 0x600 0 0 1>, /* 0xC << 11 */ +- <&dwdma0 0x680 0 1 0>; /* 0xD << 7 */ ++ dmas = <&dwdma0 12 0 1>, ++ <&dwdma0 13 1 0>; + dma-names = "tx", "rx"; + }; + +diff --git a/arch/arm/boot/dts/spear13xx.dtsi b/arch/arm/boot/dts/spear13xx.dtsi +index 17ea0abcdbd7..086b4b333249 100644 +--- a/arch/arm/boot/dts/spear13xx.dtsi ++++ b/arch/arm/boot/dts/spear13xx.dtsi +@@ -100,7 +100,7 @@ + reg = <0xb2800000 0x1000>; + interrupts = <0 29 0x4>; + status = "disabled"; +- dmas = <&dwdma0 0 0 0 0>; ++ dmas = <&dwdma0 0 0 0>; + dma-names = "data"; + }; + +@@ -290,8 +290,8 @@ + #size-cells = <0>; + interrupts = <0 31 0x4>; + status = "disabled"; +- dmas = <&dwdma0 0x2000 0 0 0>, /* 0x4 << 11 */ +- <&dwdma0 0x0280 0 0 0>; /* 0x5 << 7 */ ++ dmas = <&dwdma0 4 0 0>, ++ <&dwdma0 5 0 0>; + dma-names = "tx", "rx"; + }; + +diff --git a/arch/arm/boot/dts/spear600.dtsi b/arch/arm/boot/dts/spear600.dtsi +index 6b32d20acc9f..00166eb9be86 100644 +--- a/arch/arm/boot/dts/spear600.dtsi ++++ b/arch/arm/boot/dts/spear600.dtsi +@@ -194,6 +194,7 @@ + rtc: rtc@fc900000 { + compatible = "st,spear600-rtc"; + reg = <0xfc900000 0x1000>; ++ interrupt-parent = <&vic0>; + interrupts = <10>; + status = "disabled"; + }; +diff --git a/arch/arm/boot/dts/ste-nomadik-stn8815.dtsi b/arch/arm/boot/dts/ste-nomadik-stn8815.dtsi +index 68aab50a73ab..733678b75b88 100644 +--- a/arch/arm/boot/dts/ste-nomadik-stn8815.dtsi ++++ b/arch/arm/boot/dts/ste-nomadik-stn8815.dtsi +@@ -750,6 +750,7 @@ + reg = <0x10120000 0x1000>; + interrupt-names = "combined"; + interrupts = <14>; ++ interrupt-parent = <&vica>; + clocks = <&clcdclk>, <&hclkclcd>; + clock-names = "clcdclk", "apb_pclk"; + status = "disabled"; +diff --git a/arch/arm/boot/dts/stih407.dtsi b/arch/arm/boot/dts/stih407.dtsi +index fa149837df14..11fdecd9312e 100644 +--- a/arch/arm/boot/dts/stih407.dtsi ++++ b/arch/arm/boot/dts/stih407.dtsi +@@ -8,6 +8,7 @@ + */ + #include "stih407-clock.dtsi" + #include "stih407-family.dtsi" ++#include + / { + soc { + sti-display-subsystem { +@@ -122,7 +123,7 @@ + <&clk_s_d2_quadfs 0>, + <&clk_s_d2_quadfs 1>; + +- hdmi,hpd-gpio = <&pio5 3>; ++ hdmi,hpd-gpio = <&pio5 3 GPIO_ACTIVE_LOW>; + reset-names = "hdmi"; + resets = <&softreset STIH407_HDMI_TX_PHY_SOFTRESET>; + ddc = <&hdmiddc>; +diff --git a/arch/arm/boot/dts/stih410.dtsi b/arch/arm/boot/dts/stih410.dtsi +index 21fe72b183d8..96eed0dc08b8 100644 +--- a/arch/arm/boot/dts/stih410.dtsi ++++ b/arch/arm/boot/dts/stih410.dtsi +@@ -9,6 +9,7 @@ + #include "stih410-clock.dtsi" + #include "stih407-family.dtsi" + #include "stih410-pinctrl.dtsi" ++#include + / { + aliases { + bdisp0 = &bdisp0; +@@ -213,7 +214,7 @@ + <&clk_s_d2_quadfs 0>, + <&clk_s_d2_quadfs 1>; + +- hdmi,hpd-gpio = <&pio5 3>; ++ hdmi,hpd-gpio = <&pio5 3 GPIO_ACTIVE_LOW>; + reset-names = "hdmi"; + resets = <&softreset STIH407_HDMI_TX_PHY_SOFTRESET>; + ddc = <&hdmiddc>; +diff --git a/arch/arm/include/asm/dma-iommu.h b/arch/arm/include/asm/dma-iommu.h +index 0722ec6be692..6821f1249300 100644 +--- a/arch/arm/include/asm/dma-iommu.h ++++ b/arch/arm/include/asm/dma-iommu.h +@@ -7,7 +7,6 @@ + #include + #include + #include +-#include + #include + + #define ARM_MAPPING_ERROR (~(dma_addr_t)0x0) +diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h +index b2902a5cd780..2d7344f0e208 100644 +--- a/arch/arm/include/asm/pgalloc.h ++++ b/arch/arm/include/asm/pgalloc.h +@@ -57,7 +57,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + extern pgd_t *pgd_alloc(struct mm_struct *mm); + extern void pgd_free(struct mm_struct *mm, pgd_t *pgd); + +-#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL | __GFP_ZERO) + + static inline void clean_pte_table(pte_t *pte) + { +diff --git a/arch/arm/mach-pxa/tosa-bt.c b/arch/arm/mach-pxa/tosa-bt.c +index 107f37210fb9..83606087edc7 100644 +--- a/arch/arm/mach-pxa/tosa-bt.c ++++ b/arch/arm/mach-pxa/tosa-bt.c +@@ -132,3 +132,7 @@ static struct platform_driver tosa_bt_driver = { + }, + }; + module_platform_driver(tosa_bt_driver); ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Dmitry Baryshkov"); ++MODULE_DESCRIPTION("Bluetooth built-in chip control"); +diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi +index dc3817593e14..61da6e65900b 100644 +--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi ++++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi +@@ -901,6 +901,7 @@ + "dsi_phy_regulator"; + + #clock-cells = <1>; ++ #phy-cells = <0>; + + clocks = <&gcc GCC_MDSS_AHB_CLK>; + clock-names = "iface_clk"; +@@ -1430,8 +1431,8 @@ + #address-cells = <1>; + #size-cells = <0>; + +- qcom,ipc-1 = <&apcs 0 13>; +- qcom,ipc-6 = <&apcs 0 19>; ++ qcom,ipc-1 = <&apcs 8 13>; ++ qcom,ipc-3 = <&apcs 8 19>; + + apps_smsm: apps@0 { + reg = <0>; +diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h +index d25f4f137c2a..5ca6a573a701 100644 +--- a/arch/arm64/include/asm/pgalloc.h ++++ b/arch/arm64/include/asm/pgalloc.h +@@ -26,7 +26,7 @@ + + #define check_pgt_cache() do { } while (0) + +-#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL | __GFP_ZERO) + #define PGD_SIZE (PTRS_PER_PGD * sizeof(pgd_t)) + + #if CONFIG_PGTABLE_LEVELS > 2 +diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c +index 07823595b7f0..52f15cd896e1 100644 +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -406,6 +406,15 @@ const struct arm64_cpu_capabilities arm64_errata[] = { + .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, + MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), + }, ++ { ++ .capability = ARM64_HARDEN_BRANCH_PREDICTOR, ++ MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR), ++ .enable = qcom_enable_link_stack_sanitization, ++ }, ++ { ++ .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, ++ MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR), ++ }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), +diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c +index 79364d3455c0..e08ae6b6b63e 100644 +--- a/arch/arm64/kvm/hyp/switch.c ++++ b/arch/arm64/kvm/hyp/switch.c +@@ -371,8 +371,10 @@ int __hyp_text __kvm_vcpu_run(struct kvm_vcpu *vcpu) + u32 midr = read_cpuid_id(); + + /* Apply BTAC predictors mitigation to all Falkor chips */ +- if ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1) ++ if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) || ++ ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) { + __qcom_hyp_sanitize_btac_predictors(); ++ } + } + + fp_enabled = __fpsimd_enabled(); +diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S +index 27058f3fd132..329a1c43365e 100644 +--- a/arch/arm64/mm/proc.S ++++ b/arch/arm64/mm/proc.S +@@ -190,7 +190,8 @@ ENDPROC(idmap_cpu_replace_ttbr1) + dc cvac, cur_\()\type\()p // Ensure any existing dirty + dmb sy // lines are written back before + ldr \type, [cur_\()\type\()p] // loading the entry +- tbz \type, #0, next_\()\type // Skip invalid entries ++ tbz \type, #0, skip_\()\type // Skip invalid and ++ tbnz \type, #11, skip_\()\type // non-global entries + .endm + + .macro __idmap_kpti_put_pgtable_ent_ng, type +@@ -249,8 +250,9 @@ ENTRY(idmap_kpti_install_ng_mappings) + add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8) + do_pgd: __idmap_kpti_get_pgtable_ent pgd + tbnz pgd, #1, walk_puds +- __idmap_kpti_put_pgtable_ent_ng pgd + next_pgd: ++ __idmap_kpti_put_pgtable_ent_ng pgd ++skip_pgd: + add cur_pgdp, cur_pgdp, #8 + cmp cur_pgdp, end_pgdp + b.ne do_pgd +@@ -278,8 +280,9 @@ walk_puds: + add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8) + do_pud: __idmap_kpti_get_pgtable_ent pud + tbnz pud, #1, walk_pmds +- __idmap_kpti_put_pgtable_ent_ng pud + next_pud: ++ __idmap_kpti_put_pgtable_ent_ng pud ++skip_pud: + add cur_pudp, cur_pudp, 8 + cmp cur_pudp, end_pudp + b.ne do_pud +@@ -298,8 +301,9 @@ walk_pmds: + add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8) + do_pmd: __idmap_kpti_get_pgtable_ent pmd + tbnz pmd, #1, walk_ptes +- __idmap_kpti_put_pgtable_ent_ng pmd + next_pmd: ++ __idmap_kpti_put_pgtable_ent_ng pmd ++skip_pmd: + add cur_pmdp, cur_pmdp, #8 + cmp cur_pmdp, end_pmdp + b.ne do_pmd +@@ -317,7 +321,7 @@ walk_ptes: + add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8) + do_pte: __idmap_kpti_get_pgtable_ent pte + __idmap_kpti_put_pgtable_ent_ng pte +-next_pte: ++skip_pte: + add cur_ptep, cur_ptep, #8 + cmp cur_ptep, end_ptep + b.ne do_pte +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig +index c3d798b44030..c82457b0e733 100644 +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -119,12 +119,12 @@ config MIPS_GENERIC + select SYS_SUPPORTS_MULTITHREADING + select SYS_SUPPORTS_RELOCATABLE + select SYS_SUPPORTS_SMARTMIPS +- select USB_EHCI_BIG_ENDIAN_DESC if BIG_ENDIAN +- select USB_EHCI_BIG_ENDIAN_MMIO if BIG_ENDIAN +- select USB_OHCI_BIG_ENDIAN_DESC if BIG_ENDIAN +- select USB_OHCI_BIG_ENDIAN_MMIO if BIG_ENDIAN +- select USB_UHCI_BIG_ENDIAN_DESC if BIG_ENDIAN +- select USB_UHCI_BIG_ENDIAN_MMIO if BIG_ENDIAN ++ select USB_EHCI_BIG_ENDIAN_DESC if CPU_BIG_ENDIAN ++ select USB_EHCI_BIG_ENDIAN_MMIO if CPU_BIG_ENDIAN ++ select USB_OHCI_BIG_ENDIAN_DESC if CPU_BIG_ENDIAN ++ select USB_OHCI_BIG_ENDIAN_MMIO if CPU_BIG_ENDIAN ++ select USB_UHCI_BIG_ENDIAN_DESC if CPU_BIG_ENDIAN ++ select USB_UHCI_BIG_ENDIAN_MMIO if CPU_BIG_ENDIAN + select USE_OF + help + Select this to build a kernel which aims to support multiple boards, +diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c +index fe3939726765..795caa763da3 100644 +--- a/arch/mips/kernel/setup.c ++++ b/arch/mips/kernel/setup.c +@@ -374,6 +374,7 @@ static void __init bootmem_init(void) + unsigned long reserved_end; + unsigned long mapstart = ~0UL; + unsigned long bootmap_size; ++ phys_addr_t ramstart = (phys_addr_t)ULLONG_MAX; + bool bootmap_valid = false; + int i; + +@@ -394,7 +395,8 @@ static void __init bootmem_init(void) + max_low_pfn = 0; + + /* +- * Find the highest page frame number we have available. ++ * Find the highest page frame number we have available ++ * and the lowest used RAM address + */ + for (i = 0; i < boot_mem_map.nr_map; i++) { + unsigned long start, end; +@@ -406,6 +408,8 @@ static void __init bootmem_init(void) + end = PFN_DOWN(boot_mem_map.map[i].addr + + boot_mem_map.map[i].size); + ++ ramstart = min(ramstart, boot_mem_map.map[i].addr); ++ + #ifndef CONFIG_HIGHMEM + /* + * Skip highmem here so we get an accurate max_low_pfn if low +@@ -435,6 +439,13 @@ static void __init bootmem_init(void) + mapstart = max(reserved_end, start); + } + ++ /* ++ * Reserve any memory between the start of RAM and PHYS_OFFSET ++ */ ++ if (ramstart > PHYS_OFFSET) ++ add_memory_region(PHYS_OFFSET, ramstart - PHYS_OFFSET, ++ BOOT_MEM_RESERVED); ++ + if (min_low_pfn >= max_low_pfn) + panic("Incorrect memory mapping !!!"); + if (min_low_pfn > ARCH_PFN_OFFSET) { +@@ -663,9 +674,6 @@ static int __init early_parse_mem(char *p) + + add_memory_region(start, size, BOOT_MEM_RAM); + +- if (start && start > PHYS_OFFSET) +- add_memory_region(PHYS_OFFSET, start - PHYS_OFFSET, +- BOOT_MEM_RESERVED); + return 0; + } + early_param("mem", early_parse_mem); +diff --git a/arch/openrisc/include/asm/dma-mapping.h b/arch/openrisc/include/asm/dma-mapping.h +index f41bd3cb76d9..e212a1f0b6d2 100644 +--- a/arch/openrisc/include/asm/dma-mapping.h ++++ b/arch/openrisc/include/asm/dma-mapping.h +@@ -23,7 +23,6 @@ + */ + + #include +-#include + #include + + extern const struct dma_map_ops or1k_dma_map_ops; +diff --git a/arch/powerpc/include/asm/pgalloc.h b/arch/powerpc/include/asm/pgalloc.h +index a14203c005f1..e11f03007b57 100644 +--- a/arch/powerpc/include/asm/pgalloc.h ++++ b/arch/powerpc/include/asm/pgalloc.h +@@ -18,7 +18,7 @@ static inline gfp_t pgtable_gfp_flags(struct mm_struct *mm, gfp_t gfp) + } + #endif /* MODULE */ + +-#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL | __GFP_ZERO) + + #ifdef CONFIG_PPC_BOOK3S + #include +diff --git a/arch/powerpc/include/asm/topology.h b/arch/powerpc/include/asm/topology.h +index 023ff9f17501..d5f2ee882f74 100644 +--- a/arch/powerpc/include/asm/topology.h ++++ b/arch/powerpc/include/asm/topology.h +@@ -44,6 +44,11 @@ extern int sysfs_add_device_to_node(struct device *dev, int nid); + extern void sysfs_remove_device_from_node(struct device *dev, int nid); + extern int numa_update_cpu_topology(bool cpus_locked); + ++static inline void update_numa_cpu_lookup_table(unsigned int cpu, int node) ++{ ++ numa_cpu_lookup_table[cpu] = node; ++} ++ + static inline int early_cpu_to_node(int cpu) + { + int nid; +diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S +index e9f72abc52b7..e91b40aa5417 100644 +--- a/arch/powerpc/kernel/exceptions-64s.S ++++ b/arch/powerpc/kernel/exceptions-64s.S +@@ -1617,7 +1617,7 @@ USE_TEXT_SECTION() + .balign IFETCH_ALIGN_BYTES + do_hash_page: + #ifdef CONFIG_PPC_STD_MMU_64 +- lis r0,DSISR_BAD_FAULT_64S@h ++ lis r0,(DSISR_BAD_FAULT_64S|DSISR_DABRMATCH)@h + ori r0,r0,DSISR_BAD_FAULT_64S@l + and. r0,r4,r0 /* weird error? */ + bne- handle_page_fault /* if not, try to insert a HPTE */ +diff --git a/arch/powerpc/kernel/head_32.S b/arch/powerpc/kernel/head_32.S +index 8c54166491e7..29b2fed93289 100644 +--- a/arch/powerpc/kernel/head_32.S ++++ b/arch/powerpc/kernel/head_32.S +@@ -388,7 +388,7 @@ DataAccess: + EXCEPTION_PROLOG + mfspr r10,SPRN_DSISR + stw r10,_DSISR(r11) +- andis. r0,r10,DSISR_BAD_FAULT_32S@h ++ andis. r0,r10,(DSISR_BAD_FAULT_32S|DSISR_DABRMATCH)@h + bne 1f /* if not, try to put a PTE */ + mfspr r4,SPRN_DAR /* into the hash table */ + rlwinm r3,r10,32-15,21,21 /* DSISR_STORE -> _PAGE_RW */ +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index a51df9ef529d..a81279249bfb 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -142,11 +142,6 @@ static void reset_numa_cpu_lookup_table(void) + numa_cpu_lookup_table[cpu] = -1; + } + +-static void update_numa_cpu_lookup_table(unsigned int cpu, int node) +-{ +- numa_cpu_lookup_table[cpu] = node; +-} +- + static void map_cpu_to_node(int cpu, int node) + { + update_numa_cpu_lookup_table(cpu, node); +diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c +index cfbbee941a76..17ae5c15a9e0 100644 +--- a/arch/powerpc/mm/pgtable-radix.c ++++ b/arch/powerpc/mm/pgtable-radix.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -671,6 +672,30 @@ static void free_pmd_table(pmd_t *pmd_start, pud_t *pud) + pud_clear(pud); + } + ++struct change_mapping_params { ++ pte_t *pte; ++ unsigned long start; ++ unsigned long end; ++ unsigned long aligned_start; ++ unsigned long aligned_end; ++}; ++ ++static int stop_machine_change_mapping(void *data) ++{ ++ struct change_mapping_params *params = ++ (struct change_mapping_params *)data; ++ ++ if (!data) ++ return -1; ++ ++ spin_unlock(&init_mm.page_table_lock); ++ pte_clear(&init_mm, params->aligned_start, params->pte); ++ create_physical_mapping(params->aligned_start, params->start); ++ create_physical_mapping(params->end, params->aligned_end); ++ spin_lock(&init_mm.page_table_lock); ++ return 0; ++} ++ + static void remove_pte_table(pte_t *pte_start, unsigned long addr, + unsigned long end) + { +@@ -699,6 +724,52 @@ static void remove_pte_table(pte_t *pte_start, unsigned long addr, + } + } + ++/* ++ * clear the pte and potentially split the mapping helper ++ */ ++static void split_kernel_mapping(unsigned long addr, unsigned long end, ++ unsigned long size, pte_t *pte) ++{ ++ unsigned long mask = ~(size - 1); ++ unsigned long aligned_start = addr & mask; ++ unsigned long aligned_end = addr + size; ++ struct change_mapping_params params; ++ bool split_region = false; ++ ++ if ((end - addr) < size) { ++ /* ++ * We're going to clear the PTE, but not flushed ++ * the mapping, time to remap and flush. The ++ * effects if visible outside the processor or ++ * if we are running in code close to the ++ * mapping we cleared, we are in trouble. ++ */ ++ if (overlaps_kernel_text(aligned_start, addr) || ++ overlaps_kernel_text(end, aligned_end)) { ++ /* ++ * Hack, just return, don't pte_clear ++ */ ++ WARN_ONCE(1, "Linear mapping %lx->%lx overlaps kernel " ++ "text, not splitting\n", addr, end); ++ return; ++ } ++ split_region = true; ++ } ++ ++ if (split_region) { ++ params.pte = pte; ++ params.start = addr; ++ params.end = end; ++ params.aligned_start = addr & ~(size - 1); ++ params.aligned_end = min_t(unsigned long, aligned_end, ++ (unsigned long)__va(memblock_end_of_DRAM())); ++ stop_machine(stop_machine_change_mapping, ¶ms, NULL); ++ return; ++ } ++ ++ pte_clear(&init_mm, addr, pte); ++} ++ + static void remove_pmd_table(pmd_t *pmd_start, unsigned long addr, + unsigned long end) + { +@@ -714,13 +785,7 @@ static void remove_pmd_table(pmd_t *pmd_start, unsigned long addr, + continue; + + if (pmd_huge(*pmd)) { +- if (!IS_ALIGNED(addr, PMD_SIZE) || +- !IS_ALIGNED(next, PMD_SIZE)) { +- WARN_ONCE(1, "%s: unaligned range\n", __func__); +- continue; +- } +- +- pte_clear(&init_mm, addr, (pte_t *)pmd); ++ split_kernel_mapping(addr, end, PMD_SIZE, (pte_t *)pmd); + continue; + } + +@@ -745,13 +810,7 @@ static void remove_pud_table(pud_t *pud_start, unsigned long addr, + continue; + + if (pud_huge(*pud)) { +- if (!IS_ALIGNED(addr, PUD_SIZE) || +- !IS_ALIGNED(next, PUD_SIZE)) { +- WARN_ONCE(1, "%s: unaligned range\n", __func__); +- continue; +- } +- +- pte_clear(&init_mm, addr, (pte_t *)pud); ++ split_kernel_mapping(addr, end, PUD_SIZE, (pte_t *)pud); + continue; + } + +@@ -777,13 +836,7 @@ static void remove_pagetable(unsigned long start, unsigned long end) + continue; + + if (pgd_huge(*pgd)) { +- if (!IS_ALIGNED(addr, PGDIR_SIZE) || +- !IS_ALIGNED(next, PGDIR_SIZE)) { +- WARN_ONCE(1, "%s: unaligned range\n", __func__); +- continue; +- } +- +- pte_clear(&init_mm, addr, (pte_t *)pgd); ++ split_kernel_mapping(addr, end, PGDIR_SIZE, (pte_t *)pgd); + continue; + } + +diff --git a/arch/powerpc/mm/pgtable_64.c b/arch/powerpc/mm/pgtable_64.c +index ac0717a90ca6..12f95b1f7d07 100644 +--- a/arch/powerpc/mm/pgtable_64.c ++++ b/arch/powerpc/mm/pgtable_64.c +@@ -483,6 +483,8 @@ void mmu_partition_table_set_entry(unsigned int lpid, unsigned long dw0, + if (old & PATB_HR) { + asm volatile(PPC_TLBIE_5(%0,%1,2,0,1) : : + "r" (TLBIEL_INVAL_SET_LPID), "r" (lpid)); ++ asm volatile(PPC_TLBIE_5(%0,%1,2,1,1) : : ++ "r" (TLBIEL_INVAL_SET_LPID), "r" (lpid)); + trace_tlbie(lpid, 0, TLBIEL_INVAL_SET_LPID, lpid, 2, 0, 1); + } else { + asm volatile(PPC_TLBIE_5(%0,%1,2,0,0) : : +diff --git a/arch/powerpc/mm/tlb-radix.c b/arch/powerpc/mm/tlb-radix.c +index d304028641a2..4b295cfd5f7e 100644 +--- a/arch/powerpc/mm/tlb-radix.c ++++ b/arch/powerpc/mm/tlb-radix.c +@@ -453,14 +453,12 @@ void radix__flush_tlb_all(void) + */ + asm volatile(PPC_TLBIE_5(%0, %4, %3, %2, %1) + : : "r"(rb), "i"(r), "i"(1), "i"(ric), "r"(rs) : "memory"); +- trace_tlbie(0, 0, rb, rs, ric, prs, r); + /* + * now flush host entires by passing PRS = 0 and LPID == 0 + */ + asm volatile(PPC_TLBIE_5(%0, %4, %3, %2, %1) + : : "r"(rb), "i"(r), "i"(prs), "i"(ric), "r"(0) : "memory"); + asm volatile("eieio; tlbsync; ptesync": : :"memory"); +- trace_tlbie(0, 0, rb, 0, ric, prs, r); + } + + void radix__flush_tlb_pte_p9_dd1(unsigned long old_pte, struct mm_struct *mm, +diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c b/arch/powerpc/platforms/pseries/hotplug-cpu.c +index fadb95efbb9e..b1ac8ac38434 100644 +--- a/arch/powerpc/platforms/pseries/hotplug-cpu.c ++++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #include "pseries.h" + #include "offline_states.h" +@@ -331,6 +332,7 @@ static void pseries_remove_processor(struct device_node *np) + BUG_ON(cpu_online(cpu)); + set_cpu_present(cpu, false); + set_hard_smp_processor_id(cpu, -1); ++ update_numa_cpu_lookup_table(cpu, -1); + break; + } + if (cpu >= nr_cpu_ids) +diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c +index d9c4c9366049..091f1d0d0af1 100644 +--- a/arch/powerpc/sysdev/xive/spapr.c ++++ b/arch/powerpc/sysdev/xive/spapr.c +@@ -356,7 +356,8 @@ static int xive_spapr_configure_queue(u32 target, struct xive_q *q, u8 prio, + + rc = plpar_int_get_queue_info(0, target, prio, &esn_page, &esn_size); + if (rc) { +- pr_err("Error %lld getting queue info prio %d\n", rc, prio); ++ pr_err("Error %lld getting queue info CPU %d prio %d\n", rc, ++ target, prio); + rc = -EIO; + goto fail; + } +@@ -370,7 +371,8 @@ static int xive_spapr_configure_queue(u32 target, struct xive_q *q, u8 prio, + /* Configure and enable the queue in HW */ + rc = plpar_int_set_queue_config(flags, target, prio, qpage_phys, order); + if (rc) { +- pr_err("Error %lld setting queue for prio %d\n", rc, prio); ++ pr_err("Error %lld setting queue for CPU %d prio %d\n", rc, ++ target, prio); + rc = -EIO; + } else { + q->qpage = qpage; +@@ -389,8 +391,8 @@ static int xive_spapr_setup_queue(unsigned int cpu, struct xive_cpu *xc, + if (IS_ERR(qpage)) + return PTR_ERR(qpage); + +- return xive_spapr_configure_queue(cpu, q, prio, qpage, +- xive_queue_shift); ++ return xive_spapr_configure_queue(get_hard_smp_processor_id(cpu), ++ q, prio, qpage, xive_queue_shift); + } + + static void xive_spapr_cleanup_queue(unsigned int cpu, struct xive_cpu *xc, +@@ -399,10 +401,12 @@ static void xive_spapr_cleanup_queue(unsigned int cpu, struct xive_cpu *xc, + struct xive_q *q = &xc->queue[prio]; + unsigned int alloc_order; + long rc; ++ int hw_cpu = get_hard_smp_processor_id(cpu); + +- rc = plpar_int_set_queue_config(0, cpu, prio, 0, 0); ++ rc = plpar_int_set_queue_config(0, hw_cpu, prio, 0, 0); + if (rc) +- pr_err("Error %ld setting queue for prio %d\n", rc, prio); ++ pr_err("Error %ld setting queue for CPU %d prio %d\n", rc, ++ hw_cpu, prio); + + alloc_order = xive_alloc_order(xive_queue_shift); + free_pages((unsigned long)q->qpage, alloc_order); +diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c +index 59eea9c65d3e..79b7a3438d54 100644 +--- a/arch/s390/kernel/compat_linux.c ++++ b/arch/s390/kernel/compat_linux.c +@@ -110,7 +110,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setregid16, u16, rgid, u16, egid) + + COMPAT_SYSCALL_DEFINE1(s390_setgid16, u16, gid) + { +- return sys_setgid((gid_t)gid); ++ return sys_setgid(low2highgid(gid)); + } + + COMPAT_SYSCALL_DEFINE2(s390_setreuid16, u16, ruid, u16, euid) +@@ -120,7 +120,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setreuid16, u16, ruid, u16, euid) + + COMPAT_SYSCALL_DEFINE1(s390_setuid16, u16, uid) + { +- return sys_setuid((uid_t)uid); ++ return sys_setuid(low2highuid(uid)); + } + + COMPAT_SYSCALL_DEFINE3(s390_setresuid16, u16, ruid, u16, euid, u16, suid) +@@ -173,12 +173,12 @@ COMPAT_SYSCALL_DEFINE3(s390_getresgid16, u16 __user *, rgidp, + + COMPAT_SYSCALL_DEFINE1(s390_setfsuid16, u16, uid) + { +- return sys_setfsuid((uid_t)uid); ++ return sys_setfsuid(low2highuid(uid)); + } + + COMPAT_SYSCALL_DEFINE1(s390_setfsgid16, u16, gid) + { +- return sys_setfsgid((gid_t)gid); ++ return sys_setfsgid(low2highgid(gid)); + } + + static int groups16_to_user(u16 __user *grouplist, struct group_info *group_info) +diff --git a/arch/sh/kernel/dwarf.c b/arch/sh/kernel/dwarf.c +index e1d751ae2498..1a2526676a87 100644 +--- a/arch/sh/kernel/dwarf.c ++++ b/arch/sh/kernel/dwarf.c +@@ -1172,11 +1172,11 @@ static int __init dwarf_unwinder_init(void) + + dwarf_frame_cachep = kmem_cache_create("dwarf_frames", + sizeof(struct dwarf_frame), 0, +- SLAB_PANIC | SLAB_HWCACHE_ALIGN | SLAB_NOTRACK, NULL); ++ SLAB_PANIC | SLAB_HWCACHE_ALIGN, NULL); + + dwarf_reg_cachep = kmem_cache_create("dwarf_regs", + sizeof(struct dwarf_reg), 0, +- SLAB_PANIC | SLAB_HWCACHE_ALIGN | SLAB_NOTRACK, NULL); ++ SLAB_PANIC | SLAB_HWCACHE_ALIGN, NULL); + + dwarf_frame_pool = mempool_create_slab_pool(DWARF_FRAME_MIN_REQ, + dwarf_frame_cachep); +diff --git a/arch/sh/kernel/process.c b/arch/sh/kernel/process.c +index b2d9963d5978..68b1a67533ce 100644 +--- a/arch/sh/kernel/process.c ++++ b/arch/sh/kernel/process.c +@@ -59,7 +59,7 @@ void arch_task_cache_init(void) + + task_xstate_cachep = kmem_cache_create("task_xstate", xstate_size, + __alignof__(union thread_xstate), +- SLAB_PANIC | SLAB_NOTRACK, NULL); ++ SLAB_PANIC, NULL); + } + + #ifdef CONFIG_SH_FPU_EMU +diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c +index a0cc1be767c8..984e9d65ea0d 100644 +--- a/arch/sparc/mm/init_64.c ++++ b/arch/sparc/mm/init_64.c +@@ -2934,7 +2934,7 @@ void __flush_tlb_all(void) + pte_t *pte_alloc_one_kernel(struct mm_struct *mm, + unsigned long address) + { +- struct page *page = alloc_page(GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO); ++ struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO); + pte_t *pte = NULL; + + if (page) +@@ -2946,7 +2946,7 @@ pte_t *pte_alloc_one_kernel(struct mm_struct *mm, + pgtable_t pte_alloc_one(struct mm_struct *mm, + unsigned long address) + { +- struct page *page = alloc_page(GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO); ++ struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!page) + return NULL; + if (!pgtable_page_ctor(page)) { +diff --git a/arch/unicore32/include/asm/pgalloc.h b/arch/unicore32/include/asm/pgalloc.h +index 26775793c204..f0fdb268f8f2 100644 +--- a/arch/unicore32/include/asm/pgalloc.h ++++ b/arch/unicore32/include/asm/pgalloc.h +@@ -28,7 +28,7 @@ extern void free_pgd_slow(struct mm_struct *mm, pgd_t *pgd); + #define pgd_alloc(mm) get_pgd_slow(mm) + #define pgd_free(mm, pgd) free_pgd_slow(mm, pgd) + +-#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL | __GFP_ZERO) + + /* + * Allocate one PTE table. +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 17de6acc0eab..559b37bf5a2e 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -111,7 +111,6 @@ config X86 + select HAVE_ARCH_JUMP_LABEL + select HAVE_ARCH_KASAN if X86_64 + select HAVE_ARCH_KGDB +- select HAVE_ARCH_KMEMCHECK + select HAVE_ARCH_MMAP_RND_BITS if MMU + select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT + select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT +@@ -1443,7 +1442,7 @@ config ARCH_DMA_ADDR_T_64BIT + + config X86_DIRECT_GBPAGES + def_bool y +- depends on X86_64 && !DEBUG_PAGEALLOC && !KMEMCHECK ++ depends on X86_64 && !DEBUG_PAGEALLOC + ---help--- + Certain kernel features effectively disable kernel + linear 1 GB mappings (even if the CPU otherwise +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index 504b1a4535ac..fad55160dcb9 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -158,11 +158,6 @@ ifdef CONFIG_X86_X32 + endif + export CONFIG_X86_X32_ABI + +-# Don't unroll struct assignments with kmemcheck enabled +-ifeq ($(CONFIG_KMEMCHECK),y) +- KBUILD_CFLAGS += $(call cc-option,-fno-builtin-memcpy) +-endif +- + # + # If the function graph tracer is used with mcount instead of fentry, + # '-maccumulate-outgoing-args' is needed to prevent a GCC bug +diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h +index 3f48f695d5e6..dce7092ab24a 100644 +--- a/arch/x86/entry/calling.h ++++ b/arch/x86/entry/calling.h +@@ -97,80 +97,69 @@ For 32-bit we have the following conventions - kernel is built with + + #define SIZEOF_PTREGS 21*8 + +- .macro ALLOC_PT_GPREGS_ON_STACK +- addq $-(15*8), %rsp +- .endm ++.macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax ++ /* ++ * Push registers and sanitize registers of values that a ++ * speculation attack might otherwise want to exploit. The ++ * lower registers are likely clobbered well before they ++ * could be put to use in a speculative execution gadget. ++ * Interleave XOR with PUSH for better uop scheduling: ++ */ ++ pushq %rdi /* pt_regs->di */ ++ pushq %rsi /* pt_regs->si */ ++ pushq \rdx /* pt_regs->dx */ ++ pushq %rcx /* pt_regs->cx */ ++ pushq \rax /* pt_regs->ax */ ++ pushq %r8 /* pt_regs->r8 */ ++ xorq %r8, %r8 /* nospec r8 */ ++ pushq %r9 /* pt_regs->r9 */ ++ xorq %r9, %r9 /* nospec r9 */ ++ pushq %r10 /* pt_regs->r10 */ ++ xorq %r10, %r10 /* nospec r10 */ ++ pushq %r11 /* pt_regs->r11 */ ++ xorq %r11, %r11 /* nospec r11*/ ++ pushq %rbx /* pt_regs->rbx */ ++ xorl %ebx, %ebx /* nospec rbx*/ ++ pushq %rbp /* pt_regs->rbp */ ++ xorl %ebp, %ebp /* nospec rbp*/ ++ pushq %r12 /* pt_regs->r12 */ ++ xorq %r12, %r12 /* nospec r12*/ ++ pushq %r13 /* pt_regs->r13 */ ++ xorq %r13, %r13 /* nospec r13*/ ++ pushq %r14 /* pt_regs->r14 */ ++ xorq %r14, %r14 /* nospec r14*/ ++ pushq %r15 /* pt_regs->r15 */ ++ xorq %r15, %r15 /* nospec r15*/ ++ UNWIND_HINT_REGS ++.endm + +- .macro SAVE_C_REGS_HELPER offset=0 rax=1 rcx=1 r8910=1 r11=1 +- .if \r11 +- movq %r11, 6*8+\offset(%rsp) +- .endif +- .if \r8910 +- movq %r10, 7*8+\offset(%rsp) +- movq %r9, 8*8+\offset(%rsp) +- movq %r8, 9*8+\offset(%rsp) +- .endif +- .if \rax +- movq %rax, 10*8+\offset(%rsp) +- .endif +- .if \rcx +- movq %rcx, 11*8+\offset(%rsp) +- .endif +- movq %rdx, 12*8+\offset(%rsp) +- movq %rsi, 13*8+\offset(%rsp) +- movq %rdi, 14*8+\offset(%rsp) +- UNWIND_HINT_REGS offset=\offset extra=0 +- .endm +- .macro SAVE_C_REGS offset=0 +- SAVE_C_REGS_HELPER \offset, 1, 1, 1, 1 +- .endm +- .macro SAVE_C_REGS_EXCEPT_RAX_RCX offset=0 +- SAVE_C_REGS_HELPER \offset, 0, 0, 1, 1 +- .endm +- .macro SAVE_C_REGS_EXCEPT_R891011 +- SAVE_C_REGS_HELPER 0, 1, 1, 0, 0 +- .endm +- .macro SAVE_C_REGS_EXCEPT_RCX_R891011 +- SAVE_C_REGS_HELPER 0, 1, 0, 0, 0 +- .endm +- .macro SAVE_C_REGS_EXCEPT_RAX_RCX_R11 +- SAVE_C_REGS_HELPER 0, 0, 0, 1, 0 +- .endm +- +- .macro SAVE_EXTRA_REGS offset=0 +- movq %r15, 0*8+\offset(%rsp) +- movq %r14, 1*8+\offset(%rsp) +- movq %r13, 2*8+\offset(%rsp) +- movq %r12, 3*8+\offset(%rsp) +- movq %rbp, 4*8+\offset(%rsp) +- movq %rbx, 5*8+\offset(%rsp) +- UNWIND_HINT_REGS offset=\offset +- .endm +- +- .macro POP_EXTRA_REGS ++.macro POP_REGS pop_rdi=1 skip_r11rcx=0 + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbp + popq %rbx +- .endm +- +- .macro POP_C_REGS ++ .if \skip_r11rcx ++ popq %rsi ++ .else + popq %r11 ++ .endif + popq %r10 + popq %r9 + popq %r8 + popq %rax ++ .if \skip_r11rcx ++ popq %rsi ++ .else + popq %rcx ++ .endif + popq %rdx + popq %rsi ++ .if \pop_rdi + popq %rdi +- .endm +- +- .macro icebp +- .byte 0xf1 +- .endm ++ .endif ++.endm + + /* + * This is a sneaky trick to help the unwinder find pt_regs on the stack. The +@@ -178,7 +167,7 @@ For 32-bit we have the following conventions - kernel is built with + * is just setting the LSB, which makes it an invalid stack address and is also + * a signal to the unwinder that it's a pt_regs pointer in disguise. + * +- * NOTE: This macro must be used *after* SAVE_EXTRA_REGS because it corrupts ++ * NOTE: This macro must be used *after* PUSH_AND_CLEAR_REGS because it corrupts + * the original rbp. + */ + .macro ENCODE_FRAME_POINTER ptregs_offset=0 +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index 16e2d72e79a0..68a2d76e4f8f 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -209,7 +209,7 @@ ENTRY(entry_SYSCALL_64) + + swapgs + /* +- * This path is not taken when PAGE_TABLE_ISOLATION is disabled so it ++ * This path is only taken when PAGE_TABLE_ISOLATION is disabled so it + * is not required to switch CR3. + */ + movq %rsp, PER_CPU_VAR(rsp_scratch) +@@ -223,22 +223,8 @@ ENTRY(entry_SYSCALL_64) + pushq %rcx /* pt_regs->ip */ + GLOBAL(entry_SYSCALL_64_after_hwframe) + pushq %rax /* pt_regs->orig_ax */ +- pushq %rdi /* pt_regs->di */ +- pushq %rsi /* pt_regs->si */ +- pushq %rdx /* pt_regs->dx */ +- pushq %rcx /* pt_regs->cx */ +- pushq $-ENOSYS /* pt_regs->ax */ +- pushq %r8 /* pt_regs->r8 */ +- pushq %r9 /* pt_regs->r9 */ +- pushq %r10 /* pt_regs->r10 */ +- pushq %r11 /* pt_regs->r11 */ +- pushq %rbx /* pt_regs->rbx */ +- pushq %rbp /* pt_regs->rbp */ +- pushq %r12 /* pt_regs->r12 */ +- pushq %r13 /* pt_regs->r13 */ +- pushq %r14 /* pt_regs->r14 */ +- pushq %r15 /* pt_regs->r15 */ +- UNWIND_HINT_REGS ++ ++ PUSH_AND_CLEAR_REGS rax=$-ENOSYS + + TRACE_IRQS_OFF + +@@ -317,15 +303,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) + syscall_return_via_sysret: + /* rcx and r11 are already restored (see code above) */ + UNWIND_HINT_EMPTY +- POP_EXTRA_REGS +- popq %rsi /* skip r11 */ +- popq %r10 +- popq %r9 +- popq %r8 +- popq %rax +- popq %rsi /* skip rcx */ +- popq %rdx +- popq %rsi ++ POP_REGS pop_rdi=0 skip_r11rcx=1 + + /* + * Now all regs are restored except RSP and RDI. +@@ -555,9 +533,7 @@ END(irq_entries_start) + call switch_to_thread_stack + 1: + +- ALLOC_PT_GPREGS_ON_STACK +- SAVE_C_REGS +- SAVE_EXTRA_REGS ++ PUSH_AND_CLEAR_REGS + ENCODE_FRAME_POINTER + + testb $3, CS(%rsp) +@@ -618,15 +594,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) + ud2 + 1: + #endif +- POP_EXTRA_REGS +- popq %r11 +- popq %r10 +- popq %r9 +- popq %r8 +- popq %rax +- popq %rcx +- popq %rdx +- popq %rsi ++ POP_REGS pop_rdi=0 + + /* + * The stack is now user RDI, orig_ax, RIP, CS, EFLAGS, RSP, SS. +@@ -684,8 +652,7 @@ GLOBAL(restore_regs_and_return_to_kernel) + ud2 + 1: + #endif +- POP_EXTRA_REGS +- POP_C_REGS ++ POP_REGS + addq $8, %rsp /* skip regs->orig_ax */ + INTERRUPT_RETURN + +@@ -900,7 +867,9 @@ ENTRY(\sym) + pushq $-1 /* ORIG_RAX: no syscall to restart */ + .endif + +- ALLOC_PT_GPREGS_ON_STACK ++ /* Save all registers in pt_regs */ ++ PUSH_AND_CLEAR_REGS ++ ENCODE_FRAME_POINTER + + .if \paranoid < 2 + testb $3, CS(%rsp) /* If coming from userspace, switch stacks */ +@@ -1111,9 +1080,7 @@ ENTRY(xen_failsafe_callback) + addq $0x30, %rsp + UNWIND_HINT_IRET_REGS + pushq $-1 /* orig_ax = -1 => not a system call */ +- ALLOC_PT_GPREGS_ON_STACK +- SAVE_C_REGS +- SAVE_EXTRA_REGS ++ PUSH_AND_CLEAR_REGS + ENCODE_FRAME_POINTER + jmp error_exit + END(xen_failsafe_callback) +@@ -1150,16 +1117,13 @@ idtentry machine_check do_mce has_error_code=0 paranoid=1 + #endif + + /* +- * Save all registers in pt_regs, and switch gs if needed. ++ * Switch gs if needed. + * Use slow, but surefire "are we in kernel?" check. + * Return: ebx=0: need swapgs on exit, ebx=1: otherwise + */ + ENTRY(paranoid_entry) + UNWIND_HINT_FUNC + cld +- SAVE_C_REGS 8 +- SAVE_EXTRA_REGS 8 +- ENCODE_FRAME_POINTER 8 + movl $1, %ebx + movl $MSR_GS_BASE, %ecx + rdmsr +@@ -1198,21 +1162,18 @@ ENTRY(paranoid_exit) + jmp .Lparanoid_exit_restore + .Lparanoid_exit_no_swapgs: + TRACE_IRQS_IRETQ_DEBUG ++ RESTORE_CR3 scratch_reg=%rbx save_reg=%r14 + .Lparanoid_exit_restore: + jmp restore_regs_and_return_to_kernel + END(paranoid_exit) + + /* +- * Save all registers in pt_regs, and switch gs if needed. ++ * Switch gs if needed. + * Return: EBX=0: came from user mode; EBX=1: otherwise + */ + ENTRY(error_entry) +- UNWIND_HINT_FUNC ++ UNWIND_HINT_REGS offset=8 + cld +- SAVE_C_REGS 8 +- SAVE_EXTRA_REGS 8 +- ENCODE_FRAME_POINTER 8 +- xorl %ebx, %ebx + testb $3, CS+8(%rsp) + jz .Lerror_kernelspace + +@@ -1393,22 +1354,7 @@ ENTRY(nmi) + pushq 1*8(%rdx) /* pt_regs->rip */ + UNWIND_HINT_IRET_REGS + pushq $-1 /* pt_regs->orig_ax */ +- pushq %rdi /* pt_regs->di */ +- pushq %rsi /* pt_regs->si */ +- pushq (%rdx) /* pt_regs->dx */ +- pushq %rcx /* pt_regs->cx */ +- pushq %rax /* pt_regs->ax */ +- pushq %r8 /* pt_regs->r8 */ +- pushq %r9 /* pt_regs->r9 */ +- pushq %r10 /* pt_regs->r10 */ +- pushq %r11 /* pt_regs->r11 */ +- pushq %rbx /* pt_regs->rbx */ +- pushq %rbp /* pt_regs->rbp */ +- pushq %r12 /* pt_regs->r12 */ +- pushq %r13 /* pt_regs->r13 */ +- pushq %r14 /* pt_regs->r14 */ +- pushq %r15 /* pt_regs->r15 */ +- UNWIND_HINT_REGS ++ PUSH_AND_CLEAR_REGS rdx=(%rdx) + ENCODE_FRAME_POINTER + + /* +@@ -1618,7 +1564,8 @@ end_repeat_nmi: + * frame to point back to repeat_nmi. + */ + pushq $-1 /* ORIG_RAX: no syscall to restart */ +- ALLOC_PT_GPREGS_ON_STACK ++ PUSH_AND_CLEAR_REGS ++ ENCODE_FRAME_POINTER + + /* + * Use paranoid_entry to handle SWAPGS, but no need to use paranoid_exit +@@ -1642,8 +1589,7 @@ end_repeat_nmi: + nmi_swapgs: + SWAPGS_UNSAFE_STACK + nmi_restore: +- POP_EXTRA_REGS +- POP_C_REGS ++ POP_REGS + + /* + * Skip orig_ax and the "outermost" frame to point RSP at the "iret" +diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S +index 98d5358e4041..fd65e016e413 100644 +--- a/arch/x86/entry/entry_64_compat.S ++++ b/arch/x86/entry/entry_64_compat.S +@@ -85,15 +85,25 @@ ENTRY(entry_SYSENTER_compat) + pushq %rcx /* pt_regs->cx */ + pushq $-ENOSYS /* pt_regs->ax */ + pushq $0 /* pt_regs->r8 = 0 */ ++ xorq %r8, %r8 /* nospec r8 */ + pushq $0 /* pt_regs->r9 = 0 */ ++ xorq %r9, %r9 /* nospec r9 */ + pushq $0 /* pt_regs->r10 = 0 */ ++ xorq %r10, %r10 /* nospec r10 */ + pushq $0 /* pt_regs->r11 = 0 */ ++ xorq %r11, %r11 /* nospec r11 */ + pushq %rbx /* pt_regs->rbx */ ++ xorl %ebx, %ebx /* nospec rbx */ + pushq %rbp /* pt_regs->rbp (will be overwritten) */ ++ xorl %ebp, %ebp /* nospec rbp */ + pushq $0 /* pt_regs->r12 = 0 */ ++ xorq %r12, %r12 /* nospec r12 */ + pushq $0 /* pt_regs->r13 = 0 */ ++ xorq %r13, %r13 /* nospec r13 */ + pushq $0 /* pt_regs->r14 = 0 */ ++ xorq %r14, %r14 /* nospec r14 */ + pushq $0 /* pt_regs->r15 = 0 */ ++ xorq %r15, %r15 /* nospec r15 */ + cld + + /* +@@ -214,15 +224,25 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) + pushq %rbp /* pt_regs->cx (stashed in bp) */ + pushq $-ENOSYS /* pt_regs->ax */ + pushq $0 /* pt_regs->r8 = 0 */ ++ xorq %r8, %r8 /* nospec r8 */ + pushq $0 /* pt_regs->r9 = 0 */ ++ xorq %r9, %r9 /* nospec r9 */ + pushq $0 /* pt_regs->r10 = 0 */ ++ xorq %r10, %r10 /* nospec r10 */ + pushq $0 /* pt_regs->r11 = 0 */ ++ xorq %r11, %r11 /* nospec r11 */ + pushq %rbx /* pt_regs->rbx */ ++ xorl %ebx, %ebx /* nospec rbx */ + pushq %rbp /* pt_regs->rbp (will be overwritten) */ ++ xorl %ebp, %ebp /* nospec rbp */ + pushq $0 /* pt_regs->r12 = 0 */ ++ xorq %r12, %r12 /* nospec r12 */ + pushq $0 /* pt_regs->r13 = 0 */ ++ xorq %r13, %r13 /* nospec r13 */ + pushq $0 /* pt_regs->r14 = 0 */ ++ xorq %r14, %r14 /* nospec r14 */ + pushq $0 /* pt_regs->r15 = 0 */ ++ xorq %r15, %r15 /* nospec r15 */ + + /* + * User mode is traced as though IRQs are on, and SYSENTER +@@ -338,15 +358,25 @@ ENTRY(entry_INT80_compat) + pushq %rcx /* pt_regs->cx */ + pushq $-ENOSYS /* pt_regs->ax */ + pushq $0 /* pt_regs->r8 = 0 */ ++ xorq %r8, %r8 /* nospec r8 */ + pushq $0 /* pt_regs->r9 = 0 */ ++ xorq %r9, %r9 /* nospec r9 */ + pushq $0 /* pt_regs->r10 = 0 */ ++ xorq %r10, %r10 /* nospec r10 */ + pushq $0 /* pt_regs->r11 = 0 */ ++ xorq %r11, %r11 /* nospec r11 */ + pushq %rbx /* pt_regs->rbx */ ++ xorl %ebx, %ebx /* nospec rbx */ + pushq %rbp /* pt_regs->rbp */ ++ xorl %ebp, %ebp /* nospec rbp */ + pushq %r12 /* pt_regs->r12 */ ++ xorq %r12, %r12 /* nospec r12 */ + pushq %r13 /* pt_regs->r13 */ ++ xorq %r13, %r13 /* nospec r13 */ + pushq %r14 /* pt_regs->r14 */ ++ xorq %r14, %r14 /* nospec r14 */ + pushq %r15 /* pt_regs->r15 */ ++ xorq %r15, %r15 /* nospec r15 */ + cld + + /* +diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c +index 09c26a4f139c..1c2558430cf0 100644 +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -3559,7 +3559,7 @@ static int intel_snb_pebs_broken(int cpu) + break; + + case INTEL_FAM6_SANDYBRIDGE_X: +- switch (cpu_data(cpu).x86_mask) { ++ switch (cpu_data(cpu).x86_stepping) { + case 6: rev = 0x618; break; + case 7: rev = 0x70c; break; + } +diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c +index ae64d0b69729..cf372b90557e 100644 +--- a/arch/x86/events/intel/lbr.c ++++ b/arch/x86/events/intel/lbr.c +@@ -1186,7 +1186,7 @@ void __init intel_pmu_lbr_init_atom(void) + * on PMU interrupt + */ + if (boot_cpu_data.x86_model == 28 +- && boot_cpu_data.x86_mask < 10) { ++ && boot_cpu_data.x86_stepping < 10) { + pr_cont("LBR disabled due to erratum"); + return; + } +diff --git a/arch/x86/events/intel/p6.c b/arch/x86/events/intel/p6.c +index a5604c352930..408879b0c0d4 100644 +--- a/arch/x86/events/intel/p6.c ++++ b/arch/x86/events/intel/p6.c +@@ -234,7 +234,7 @@ static __initconst const struct x86_pmu p6_pmu = { + + static __init void p6_pmu_rdpmc_quirk(void) + { +- if (boot_cpu_data.x86_mask < 9) { ++ if (boot_cpu_data.x86_stepping < 9) { + /* + * PPro erratum 26; fixed in stepping 9 and above. + */ +diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h +index 8d0ec9df1cbe..f077401869ee 100644 +--- a/arch/x86/include/asm/acpi.h ++++ b/arch/x86/include/asm/acpi.h +@@ -94,7 +94,7 @@ static inline unsigned int acpi_processor_cstate_check(unsigned int max_cstate) + if (boot_cpu_data.x86 == 0x0F && + boot_cpu_data.x86_vendor == X86_VENDOR_AMD && + boot_cpu_data.x86_model <= 0x05 && +- boot_cpu_data.x86_mask < 0x0A) ++ boot_cpu_data.x86_stepping < 0x0A) + return 1; + else if (boot_cpu_has(X86_BUG_AMD_APIC_C1E)) + return 1; +diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h +index 1e7c955b6303..4db77731e130 100644 +--- a/arch/x86/include/asm/barrier.h ++++ b/arch/x86/include/asm/barrier.h +@@ -40,7 +40,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + + asm ("cmp %1,%2; sbb %0,%0;" + :"=r" (mask) +- :"r"(size),"r" (index) ++ :"g"(size),"r" (index) + :"cc"); + return mask; + } +diff --git a/arch/x86/include/asm/bug.h b/arch/x86/include/asm/bug.h +index 34d99af43994..6804d6642767 100644 +--- a/arch/x86/include/asm/bug.h ++++ b/arch/x86/include/asm/bug.h +@@ -5,23 +5,20 @@ + #include + + /* +- * Since some emulators terminate on UD2, we cannot use it for WARN. +- * Since various instruction decoders disagree on the length of UD1, +- * we cannot use it either. So use UD0 for WARN. ++ * Despite that some emulators terminate on UD2, we use it for WARN(). + * +- * (binutils knows about "ud1" but {en,de}codes it as 2 bytes, whereas +- * our kernel decoder thinks it takes a ModRM byte, which seems consistent +- * with various things like the Intel SDM instruction encoding rules) ++ * Since various instruction decoders/specs disagree on the encoding of ++ * UD0/UD1. + */ + +-#define ASM_UD0 ".byte 0x0f, 0xff" ++#define ASM_UD0 ".byte 0x0f, 0xff" /* + ModRM (for Intel) */ + #define ASM_UD1 ".byte 0x0f, 0xb9" /* + ModRM */ + #define ASM_UD2 ".byte 0x0f, 0x0b" + + #define INSN_UD0 0xff0f + #define INSN_UD2 0x0b0f + +-#define LEN_UD0 2 ++#define LEN_UD2 2 + + #ifdef CONFIG_GENERIC_BUG + +@@ -77,7 +74,11 @@ do { \ + unreachable(); \ + } while (0) + +-#define __WARN_FLAGS(flags) _BUG_FLAGS(ASM_UD0, BUGFLAG_WARNING|(flags)) ++#define __WARN_FLAGS(flags) \ ++do { \ ++ _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags)); \ ++ annotate_reachable(); \ ++} while (0) + + #include + +diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h +index 836ca1178a6a..69f16f0729d0 100644 +--- a/arch/x86/include/asm/dma-mapping.h ++++ b/arch/x86/include/asm/dma-mapping.h +@@ -7,7 +7,6 @@ + * Documentation/DMA-API.txt for documentation. + */ + +-#include + #include + #include + #include +diff --git a/arch/x86/include/asm/kmemcheck.h b/arch/x86/include/asm/kmemcheck.h +deleted file mode 100644 +index 945a0337fbcf..000000000000 +--- a/arch/x86/include/asm/kmemcheck.h ++++ /dev/null +@@ -1,43 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ASM_X86_KMEMCHECK_H +-#define ASM_X86_KMEMCHECK_H +- +-#include +-#include +- +-#ifdef CONFIG_KMEMCHECK +-bool kmemcheck_active(struct pt_regs *regs); +- +-void kmemcheck_show(struct pt_regs *regs); +-void kmemcheck_hide(struct pt_regs *regs); +- +-bool kmemcheck_fault(struct pt_regs *regs, +- unsigned long address, unsigned long error_code); +-bool kmemcheck_trap(struct pt_regs *regs); +-#else +-static inline bool kmemcheck_active(struct pt_regs *regs) +-{ +- return false; +-} +- +-static inline void kmemcheck_show(struct pt_regs *regs) +-{ +-} +- +-static inline void kmemcheck_hide(struct pt_regs *regs) +-{ +-} +- +-static inline bool kmemcheck_fault(struct pt_regs *regs, +- unsigned long address, unsigned long error_code) +-{ +- return false; +-} +- +-static inline bool kmemcheck_trap(struct pt_regs *regs) +-{ +- return false; +-} +-#endif /* CONFIG_KMEMCHECK */ +- +-#endif +diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h +index 4d57894635f2..76b058533e47 100644 +--- a/arch/x86/include/asm/nospec-branch.h ++++ b/arch/x86/include/asm/nospec-branch.h +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + + #ifdef __ASSEMBLY__ + +@@ -164,10 +165,15 @@ static inline void vmexit_fill_RSB(void) + + static inline void indirect_branch_prediction_barrier(void) + { +- alternative_input("", +- "call __ibp_barrier", +- X86_FEATURE_USE_IBPB, +- ASM_NO_INPUT_CLOBBER("eax", "ecx", "edx", "memory")); ++ asm volatile(ALTERNATIVE("", ++ "movl %[msr], %%ecx\n\t" ++ "movl %[val], %%eax\n\t" ++ "movl $0, %%edx\n\t" ++ "wrmsr", ++ X86_FEATURE_USE_IBPB) ++ : : [msr] "i" (MSR_IA32_PRED_CMD), ++ [val] "i" (PRED_CMD_IBPB) ++ : "eax", "ecx", "edx", "memory"); + } + + #endif /* __ASSEMBLY__ */ +diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h +index 4baa6bceb232..d652a3808065 100644 +--- a/arch/x86/include/asm/page_64.h ++++ b/arch/x86/include/asm/page_64.h +@@ -52,10 +52,6 @@ static inline void clear_page(void *page) + + void copy_page(void *to, void *from); + +-#ifdef CONFIG_X86_MCE +-#define arch_unmap_kpfn arch_unmap_kpfn +-#endif +- + #endif /* !__ASSEMBLY__ */ + + #ifdef CONFIG_X86_VSYSCALL_EMULATION +diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h +index 892df375b615..554841fab717 100644 +--- a/arch/x86/include/asm/paravirt.h ++++ b/arch/x86/include/asm/paravirt.h +@@ -297,9 +297,9 @@ static inline void __flush_tlb_global(void) + { + PVOP_VCALL0(pv_mmu_ops.flush_tlb_kernel); + } +-static inline void __flush_tlb_single(unsigned long addr) ++static inline void __flush_tlb_one_user(unsigned long addr) + { +- PVOP_VCALL1(pv_mmu_ops.flush_tlb_single, addr); ++ PVOP_VCALL1(pv_mmu_ops.flush_tlb_one_user, addr); + } + + static inline void flush_tlb_others(const struct cpumask *cpumask, +diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h +index 6ec54d01972d..f624f1f10316 100644 +--- a/arch/x86/include/asm/paravirt_types.h ++++ b/arch/x86/include/asm/paravirt_types.h +@@ -217,7 +217,7 @@ struct pv_mmu_ops { + /* TLB operations */ + void (*flush_tlb_user)(void); + void (*flush_tlb_kernel)(void); +- void (*flush_tlb_single)(unsigned long addr); ++ void (*flush_tlb_one_user)(unsigned long addr); + void (*flush_tlb_others)(const struct cpumask *cpus, + const struct flush_tlb_info *info); + +diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h +index 211368922cad..8b8f1f14a0bf 100644 +--- a/arch/x86/include/asm/pgtable.h ++++ b/arch/x86/include/asm/pgtable.h +@@ -668,11 +668,6 @@ static inline bool pte_accessible(struct mm_struct *mm, pte_t a) + return false; + } + +-static inline int pte_hidden(pte_t pte) +-{ +- return pte_flags(pte) & _PAGE_HIDDEN; +-} +- + static inline int pmd_present(pmd_t pmd) + { + /* +diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h +index e67c0620aec2..e55466760ff8 100644 +--- a/arch/x86/include/asm/pgtable_32.h ++++ b/arch/x86/include/asm/pgtable_32.h +@@ -61,7 +61,7 @@ void paging_init(void); + #define kpte_clear_flush(ptep, vaddr) \ + do { \ + pte_clear(&init_mm, (vaddr), (ptep)); \ +- __flush_tlb_one((vaddr)); \ ++ __flush_tlb_one_kernel((vaddr)); \ + } while (0) + + #endif /* !__ASSEMBLY__ */ +diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h +index 9e9b05fc4860..3696398a9475 100644 +--- a/arch/x86/include/asm/pgtable_types.h ++++ b/arch/x86/include/asm/pgtable_types.h +@@ -32,7 +32,6 @@ + + #define _PAGE_BIT_SPECIAL _PAGE_BIT_SOFTW1 + #define _PAGE_BIT_CPA_TEST _PAGE_BIT_SOFTW1 +-#define _PAGE_BIT_HIDDEN _PAGE_BIT_SOFTW3 /* hidden by kmemcheck */ + #define _PAGE_BIT_SOFT_DIRTY _PAGE_BIT_SOFTW3 /* software dirty tracking */ + #define _PAGE_BIT_DEVMAP _PAGE_BIT_SOFTW4 + +@@ -79,18 +78,6 @@ + #define _PAGE_KNL_ERRATUM_MASK 0 + #endif + +-#ifdef CONFIG_KMEMCHECK +-#define _PAGE_HIDDEN (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN) +-#else +-#define _PAGE_HIDDEN (_AT(pteval_t, 0)) +-#endif +- +-/* +- * The same hidden bit is used by kmemcheck, but since kmemcheck +- * works on kernel pages while soft-dirty engine on user space, +- * they do not conflict with each other. +- */ +- + #ifdef CONFIG_MEM_SOFT_DIRTY + #define _PAGE_SOFT_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_SOFT_DIRTY) + #else +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h +index c57c6e77c29f..15fc074bd628 100644 +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -91,7 +91,7 @@ struct cpuinfo_x86 { + __u8 x86; /* CPU family */ + __u8 x86_vendor; /* CPU vendor */ + __u8 x86_model; +- __u8 x86_mask; ++ __u8 x86_stepping; + #ifdef CONFIG_X86_64 + /* Number of 4K pages in DTLB/ITLB combined(in pages): */ + int x86_tlbsize; +@@ -109,7 +109,7 @@ struct cpuinfo_x86 { + char x86_vendor_id[16]; + char x86_model_id[64]; + /* in KB - valid for CPUS which support this call: */ +- int x86_cache_size; ++ unsigned int x86_cache_size; + int x86_cache_alignment; /* In bytes */ + /* Cache QoS architectural values: */ + int x86_cache_max_rmid; /* max index */ +@@ -968,7 +968,4 @@ bool xen_set_default_idle(void); + + void stop_this_cpu(void *dummy); + void df_debug(struct pt_regs *regs, long error_code); +- +-void __ibp_barrier(void); +- + #endif /* _ASM_X86_PROCESSOR_H */ +diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string_32.h +index 076502241eae..55d392c6bd29 100644 +--- a/arch/x86/include/asm/string_32.h ++++ b/arch/x86/include/asm/string_32.h +@@ -179,8 +179,6 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len) + * No 3D Now! + */ + +-#ifndef CONFIG_KMEMCHECK +- + #if (__GNUC__ >= 4) + #define memcpy(t, f, n) __builtin_memcpy(t, f, n) + #else +@@ -189,13 +187,6 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len) + ? __constant_memcpy((t), (f), (n)) \ + : __memcpy((t), (f), (n))) + #endif +-#else +-/* +- * kmemcheck becomes very happy if we use the REP instructions unconditionally, +- * because it means that we know both memory operands in advance. +- */ +-#define memcpy(t, f, n) __memcpy((t), (f), (n)) +-#endif + + #endif + #endif /* !CONFIG_FORTIFY_SOURCE */ +diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h +index 0b1b4445f4c5..533f74c300c2 100644 +--- a/arch/x86/include/asm/string_64.h ++++ b/arch/x86/include/asm/string_64.h +@@ -33,7 +33,6 @@ extern void *memcpy(void *to, const void *from, size_t len); + extern void *__memcpy(void *to, const void *from, size_t len); + + #ifndef CONFIG_FORTIFY_SOURCE +-#ifndef CONFIG_KMEMCHECK + #if (__GNUC__ == 4 && __GNUC_MINOR__ < 3) || __GNUC__ < 4 + #define memcpy(dst, src, len) \ + ({ \ +@@ -46,13 +45,6 @@ extern void *__memcpy(void *to, const void *from, size_t len); + __ret; \ + }) + #endif +-#else +-/* +- * kmemcheck becomes very happy if we use the REP instructions unconditionally, +- * because it means that we know both memory operands in advance. +- */ +-#define memcpy(dst, src, len) __inline_memcpy((dst), (src), (len)) +-#endif + #endif /* !CONFIG_FORTIFY_SOURCE */ + + #define __HAVE_ARCH_MEMSET +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 4405c4b308e8..704f31315dde 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -140,7 +140,7 @@ static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid) + #else + #define __flush_tlb() __native_flush_tlb() + #define __flush_tlb_global() __native_flush_tlb_global() +-#define __flush_tlb_single(addr) __native_flush_tlb_single(addr) ++#define __flush_tlb_one_user(addr) __native_flush_tlb_one_user(addr) + #endif + + static inline bool tlb_defer_switch_to_init_mm(void) +@@ -397,7 +397,7 @@ static inline void __native_flush_tlb_global(void) + /* + * flush one page in the user mapping + */ +-static inline void __native_flush_tlb_single(unsigned long addr) ++static inline void __native_flush_tlb_one_user(unsigned long addr) + { + u32 loaded_mm_asid = this_cpu_read(cpu_tlbstate.loaded_mm_asid); + +@@ -434,18 +434,31 @@ static inline void __flush_tlb_all(void) + /* + * flush one page in the kernel mapping + */ +-static inline void __flush_tlb_one(unsigned long addr) ++static inline void __flush_tlb_one_kernel(unsigned long addr) + { + count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE); +- __flush_tlb_single(addr); ++ ++ /* ++ * If PTI is off, then __flush_tlb_one_user() is just INVLPG or its ++ * paravirt equivalent. Even with PCID, this is sufficient: we only ++ * use PCID if we also use global PTEs for the kernel mapping, and ++ * INVLPG flushes global translations across all address spaces. ++ * ++ * If PTI is on, then the kernel is mapped with non-global PTEs, and ++ * __flush_tlb_one_user() will flush the given address for the current ++ * kernel address space and for its usermode counterpart, but it does ++ * not flush it for other address spaces. ++ */ ++ __flush_tlb_one_user(addr); + + if (!static_cpu_has(X86_FEATURE_PTI)) + return; + + /* +- * __flush_tlb_single() will have cleared the TLB entry for this ASID, +- * but since kernel space is replicated across all, we must also +- * invalidate all others. ++ * See above. We need to propagate the flush to all other address ++ * spaces. In principle, we only need to propagate it to kernelmode ++ * address spaces, but the extra bookkeeping we would need is not ++ * worth it. + */ + invalidate_other_asid(); + } +diff --git a/arch/x86/include/asm/xor.h b/arch/x86/include/asm/xor.h +index 1f5c5161ead6..45c8605467f1 100644 +--- a/arch/x86/include/asm/xor.h ++++ b/arch/x86/include/asm/xor.h +@@ -1,7 +1,4 @@ +-#ifdef CONFIG_KMEMCHECK +-/* kmemcheck doesn't handle MMX/SSE/SSE2 instructions */ +-# include +-#elif !defined(_ASM_X86_XOR_H) ++#ifndef _ASM_X86_XOR_H + #define _ASM_X86_XOR_H + + /* +diff --git a/arch/x86/kernel/acpi/apei.c b/arch/x86/kernel/acpi/apei.c +index ea3046e0b0cf..28d70ac93faf 100644 +--- a/arch/x86/kernel/acpi/apei.c ++++ b/arch/x86/kernel/acpi/apei.c +@@ -55,5 +55,5 @@ void arch_apei_report_mem_error(int sev, struct cper_sec_mem_err *mem_err) + + void arch_apei_flush_tlb_one(unsigned long addr) + { +- __flush_tlb_one(addr); ++ __flush_tlb_one_kernel(addr); + } +diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c +index 6db28f17ff28..c88e0b127810 100644 +--- a/arch/x86/kernel/amd_nb.c ++++ b/arch/x86/kernel/amd_nb.c +@@ -235,7 +235,7 @@ int amd_cache_northbridges(void) + if (boot_cpu_data.x86 == 0x10 && + boot_cpu_data.x86_model >= 0x8 && + (boot_cpu_data.x86_model > 0x9 || +- boot_cpu_data.x86_mask >= 0x1)) ++ boot_cpu_data.x86_stepping >= 0x1)) + amd_northbridges.flags |= AMD_NB_L3_INDEX_DISABLE; + + if (boot_cpu_data.x86 == 0x15) +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c +index 89c7c8569e5e..5942aa5f569b 100644 +--- a/arch/x86/kernel/apic/apic.c ++++ b/arch/x86/kernel/apic/apic.c +@@ -553,7 +553,7 @@ static DEFINE_PER_CPU(struct clock_event_device, lapic_events); + + static u32 hsx_deadline_rev(void) + { +- switch (boot_cpu_data.x86_mask) { ++ switch (boot_cpu_data.x86_stepping) { + case 0x02: return 0x3a; /* EP */ + case 0x04: return 0x0f; /* EX */ + } +@@ -563,7 +563,7 @@ static u32 hsx_deadline_rev(void) + + static u32 bdx_deadline_rev(void) + { +- switch (boot_cpu_data.x86_mask) { ++ switch (boot_cpu_data.x86_stepping) { + case 0x02: return 0x00000011; + case 0x03: return 0x0700000e; + case 0x04: return 0x0f00000c; +@@ -575,7 +575,7 @@ static u32 bdx_deadline_rev(void) + + static u32 skx_deadline_rev(void) + { +- switch (boot_cpu_data.x86_mask) { ++ switch (boot_cpu_data.x86_stepping) { + case 0x03: return 0x01000136; + case 0x04: return 0x02000014; + } +diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c +index e4b0d92b3ae0..2a7fd56e67b3 100644 +--- a/arch/x86/kernel/apm_32.c ++++ b/arch/x86/kernel/apm_32.c +@@ -2389,6 +2389,7 @@ static int __init apm_init(void) + if (HZ != 100) + idle_period = (idle_period * HZ) / 100; + if (idle_threshold < 100) { ++ cpuidle_poll_state_init(&apm_idle_driver); + if (!cpuidle_register_driver(&apm_idle_driver)) + if (cpuidle_register_device(&apm_cpuidle_device)) + cpuidle_unregister_driver(&apm_idle_driver); +diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c +index fa1261eefa16..f91ba53e06c8 100644 +--- a/arch/x86/kernel/asm-offsets_32.c ++++ b/arch/x86/kernel/asm-offsets_32.c +@@ -18,7 +18,7 @@ void foo(void) + OFFSET(CPUINFO_x86, cpuinfo_x86, x86); + OFFSET(CPUINFO_x86_vendor, cpuinfo_x86, x86_vendor); + OFFSET(CPUINFO_x86_model, cpuinfo_x86, x86_model); +- OFFSET(CPUINFO_x86_mask, cpuinfo_x86, x86_mask); ++ OFFSET(CPUINFO_x86_stepping, cpuinfo_x86, x86_stepping); + OFFSET(CPUINFO_cpuid_level, cpuinfo_x86, cpuid_level); + OFFSET(CPUINFO_x86_capability, cpuinfo_x86, x86_capability); + OFFSET(CPUINFO_x86_vendor_id, cpuinfo_x86, x86_vendor_id); +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index ea831c858195..e7d5a7883632 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -119,7 +119,7 @@ static void init_amd_k6(struct cpuinfo_x86 *c) + return; + } + +- if (c->x86_model == 6 && c->x86_mask == 1) { ++ if (c->x86_model == 6 && c->x86_stepping == 1) { + const int K6_BUG_LOOP = 1000000; + int n; + void (*f_vide)(void); +@@ -149,7 +149,7 @@ static void init_amd_k6(struct cpuinfo_x86 *c) + + /* K6 with old style WHCR */ + if (c->x86_model < 8 || +- (c->x86_model == 8 && c->x86_mask < 8)) { ++ (c->x86_model == 8 && c->x86_stepping < 8)) { + /* We can only write allocate on the low 508Mb */ + if (mbytes > 508) + mbytes = 508; +@@ -168,7 +168,7 @@ static void init_amd_k6(struct cpuinfo_x86 *c) + return; + } + +- if ((c->x86_model == 8 && c->x86_mask > 7) || ++ if ((c->x86_model == 8 && c->x86_stepping > 7) || + c->x86_model == 9 || c->x86_model == 13) { + /* The more serious chips .. */ + +@@ -221,7 +221,7 @@ static void init_amd_k7(struct cpuinfo_x86 *c) + * are more robust with CLK_CTL set to 200xxxxx instead of 600xxxxx + * As per AMD technical note 27212 0.2 + */ +- if ((c->x86_model == 8 && c->x86_mask >= 1) || (c->x86_model > 8)) { ++ if ((c->x86_model == 8 && c->x86_stepping >= 1) || (c->x86_model > 8)) { + rdmsr(MSR_K7_CLK_CTL, l, h); + if ((l & 0xfff00000) != 0x20000000) { + pr_info("CPU: CLK_CTL MSR was %x. Reprogramming to %x\n", +@@ -241,12 +241,12 @@ static void init_amd_k7(struct cpuinfo_x86 *c) + * but they are not certified as MP capable. + */ + /* Athlon 660/661 is valid. */ +- if ((c->x86_model == 6) && ((c->x86_mask == 0) || +- (c->x86_mask == 1))) ++ if ((c->x86_model == 6) && ((c->x86_stepping == 0) || ++ (c->x86_stepping == 1))) + return; + + /* Duron 670 is valid */ +- if ((c->x86_model == 7) && (c->x86_mask == 0)) ++ if ((c->x86_model == 7) && (c->x86_stepping == 0)) + return; + + /* +@@ -256,8 +256,8 @@ static void init_amd_k7(struct cpuinfo_x86 *c) + * See http://www.heise.de/newsticker/data/jow-18.10.01-000 for + * more. + */ +- if (((c->x86_model == 6) && (c->x86_mask >= 2)) || +- ((c->x86_model == 7) && (c->x86_mask >= 1)) || ++ if (((c->x86_model == 6) && (c->x86_stepping >= 2)) || ++ ((c->x86_model == 7) && (c->x86_stepping >= 1)) || + (c->x86_model > 7)) + if (cpu_has(c, X86_FEATURE_MP)) + return; +@@ -583,7 +583,7 @@ static void early_init_amd(struct cpuinfo_x86 *c) + /* Set MTRR capability flag if appropriate */ + if (c->x86 == 5) + if (c->x86_model == 13 || c->x86_model == 9 || +- (c->x86_model == 8 && c->x86_mask >= 8)) ++ (c->x86_model == 8 && c->x86_stepping >= 8)) + set_cpu_cap(c, X86_FEATURE_K6_MTRR); + #endif + #if defined(CONFIG_X86_LOCAL_APIC) && defined(CONFIG_PCI) +@@ -769,7 +769,7 @@ static void init_amd_zn(struct cpuinfo_x86 *c) + * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects + * all up to and including B1. + */ +- if (c->x86_model <= 1 && c->x86_mask <= 1) ++ if (c->x86_model <= 1 && c->x86_stepping <= 1) + set_cpu_cap(c, X86_FEATURE_CPB); + } + +@@ -880,11 +880,11 @@ static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) + /* AMD errata T13 (order #21922) */ + if ((c->x86 == 6)) { + /* Duron Rev A0 */ +- if (c->x86_model == 3 && c->x86_mask == 0) ++ if (c->x86_model == 3 && c->x86_stepping == 0) + size = 64; + /* Tbird rev A1/A2 */ + if (c->x86_model == 4 && +- (c->x86_mask == 0 || c->x86_mask == 1)) ++ (c->x86_stepping == 0 || c->x86_stepping == 1)) + size = 256; + } + return size; +@@ -1021,7 +1021,7 @@ static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum) + } + + /* OSVW unavailable or ID unknown, match family-model-stepping range */ +- ms = (cpu->x86_model << 4) | cpu->x86_mask; ++ ms = (cpu->x86_model << 4) | cpu->x86_stepping; + while ((range = *erratum++)) + if ((cpu->x86 == AMD_MODEL_RANGE_FAMILY(range)) && + (ms >= AMD_MODEL_RANGE_START(range)) && +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 71949bf2de5a..d71c8b54b696 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -162,8 +162,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) + if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) + return SPECTRE_V2_CMD_NONE; + else { +- ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, +- sizeof(arg)); ++ ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); + if (ret < 0) + return SPECTRE_V2_CMD_AUTO; + +@@ -175,8 +174,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) + } + + if (i >= ARRAY_SIZE(mitigation_options)) { +- pr_err("unknown option (%s). Switching to AUTO select\n", +- mitigation_options[i].option); ++ pr_err("unknown option (%s). Switching to AUTO select\n", arg); + return SPECTRE_V2_CMD_AUTO; + } + } +@@ -185,8 +183,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) + cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || + cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) && + !IS_ENABLED(CONFIG_RETPOLINE)) { +- pr_err("%s selected but not compiled in. Switching to AUTO select\n", +- mitigation_options[i].option); ++ pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option); + return SPECTRE_V2_CMD_AUTO; + } + +@@ -256,14 +253,14 @@ static void __init spectre_v2_select_mitigation(void) + goto retpoline_auto; + break; + } +- pr_err("kernel not compiled with retpoline; no mitigation available!"); ++ pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!"); + return; + + retpoline_auto: + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { + retpoline_amd: + if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { +- pr_err("LFENCE not serializing. Switching to generic retpoline\n"); ++ pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); + goto retpoline_generic; + } + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : +@@ -281,7 +278,7 @@ static void __init spectre_v2_select_mitigation(void) + pr_info("%s\n", spectre_v2_strings[mode]); + + /* +- * If neither SMEP or KPTI are available, there is a risk of ++ * If neither SMEP nor PTI are available, there is a risk of + * hitting userspace addresses in the RSB after a context switch + * from a shallow call stack to a deeper one. To prevent this fill + * the entire RSB, even when using IBRS. +@@ -295,21 +292,20 @@ static void __init spectre_v2_select_mitigation(void) + if ((!boot_cpu_has(X86_FEATURE_PTI) && + !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); +- pr_info("Filling RSB on context switch\n"); ++ pr_info("Spectre v2 mitigation: Filling RSB on context switch\n"); + } + + /* Initialize Indirect Branch Prediction Barrier if supported */ + if (boot_cpu_has(X86_FEATURE_IBPB)) { + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); +- pr_info("Enabling Indirect Branch Prediction Barrier\n"); ++ pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); + } + } + + #undef pr_fmt + + #ifdef CONFIG_SYSFS +-ssize_t cpu_show_meltdown(struct device *dev, +- struct device_attribute *attr, char *buf) ++ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) + { + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + return sprintf(buf, "Not affected\n"); +@@ -318,16 +314,14 @@ ssize_t cpu_show_meltdown(struct device *dev, + return sprintf(buf, "Vulnerable\n"); + } + +-ssize_t cpu_show_spectre_v1(struct device *dev, +- struct device_attribute *attr, char *buf) ++ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) + { + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + } + +-ssize_t cpu_show_spectre_v2(struct device *dev, +- struct device_attribute *attr, char *buf) ++ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) + { + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + return sprintf(buf, "Not affected\n"); +@@ -337,9 +331,3 @@ ssize_t cpu_show_spectre_v2(struct device *dev, + spectre_v2_module_string()); + } + #endif +- +-void __ibp_barrier(void) +-{ +- __wrmsr(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, 0); +-} +-EXPORT_SYMBOL_GPL(__ibp_barrier); +diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c +index 68bc6d9b3132..595be776727d 100644 +--- a/arch/x86/kernel/cpu/centaur.c ++++ b/arch/x86/kernel/cpu/centaur.c +@@ -136,7 +136,7 @@ static void init_centaur(struct cpuinfo_x86 *c) + clear_cpu_cap(c, X86_FEATURE_TSC); + break; + case 8: +- switch (c->x86_mask) { ++ switch (c->x86_stepping) { + default: + name = "2"; + break; +@@ -211,7 +211,7 @@ centaur_size_cache(struct cpuinfo_x86 *c, unsigned int size) + * - Note, it seems this may only be in engineering samples. + */ + if ((c->x86 == 6) && (c->x86_model == 9) && +- (c->x86_mask == 1) && (size == 65)) ++ (c->x86_stepping == 1) && (size == 65)) + size -= 1; + return size; + } +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 92b66e21bae5..651b7afed4da 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -707,7 +707,7 @@ void cpu_detect(struct cpuinfo_x86 *c) + cpuid(0x00000001, &tfms, &misc, &junk, &cap0); + c->x86 = x86_family(tfms); + c->x86_model = x86_model(tfms); +- c->x86_mask = x86_stepping(tfms); ++ c->x86_stepping = x86_stepping(tfms); + + if (cap0 & (1<<19)) { + c->x86_clflush_size = ((misc >> 8) & 0xff) * 8; +@@ -1160,9 +1160,9 @@ static void identify_cpu(struct cpuinfo_x86 *c) + int i; + + c->loops_per_jiffy = loops_per_jiffy; +- c->x86_cache_size = -1; ++ c->x86_cache_size = 0; + c->x86_vendor = X86_VENDOR_UNKNOWN; +- c->x86_model = c->x86_mask = 0; /* So far unknown... */ ++ c->x86_model = c->x86_stepping = 0; /* So far unknown... */ + c->x86_vendor_id[0] = '\0'; /* Unset */ + c->x86_model_id[0] = '\0'; /* Unset */ + c->x86_max_cores = 1; +@@ -1353,8 +1353,8 @@ void print_cpu_info(struct cpuinfo_x86 *c) + + pr_cont(" (family: 0x%x, model: 0x%x", c->x86, c->x86_model); + +- if (c->x86_mask || c->cpuid_level >= 0) +- pr_cont(", stepping: 0x%x)\n", c->x86_mask); ++ if (c->x86_stepping || c->cpuid_level >= 0) ++ pr_cont(", stepping: 0x%x)\n", c->x86_stepping); + else + pr_cont(")\n"); + } +diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c +index 6b4bb335641f..8949b7ae6d92 100644 +--- a/arch/x86/kernel/cpu/cyrix.c ++++ b/arch/x86/kernel/cpu/cyrix.c +@@ -215,7 +215,7 @@ static void init_cyrix(struct cpuinfo_x86 *c) + + /* common case step number/rev -- exceptions handled below */ + c->x86_model = (dir1 >> 4) + 1; +- c->x86_mask = dir1 & 0xf; ++ c->x86_stepping = dir1 & 0xf; + + /* Now cook; the original recipe is by Channing Corn, from Cyrix. + * We do the same thing for each generation: we work out +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c +index 4cf4f8cbc69d..d19e903214b4 100644 +--- a/arch/x86/kernel/cpu/intel.c ++++ b/arch/x86/kernel/cpu/intel.c +@@ -116,14 +116,13 @@ struct sku_microcode { + u32 microcode; + }; + static const struct sku_microcode spectre_bad_microcodes[] = { +- { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0B, 0x84 }, +- { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0A, 0x84 }, +- { INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x84 }, +- { INTEL_FAM6_KABYLAKE_MOBILE, 0x0A, 0x84 }, +- { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x84 }, ++ { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0B, 0x80 }, ++ { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0A, 0x80 }, ++ { INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x80 }, ++ { INTEL_FAM6_KABYLAKE_MOBILE, 0x0A, 0x80 }, ++ { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 }, + { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, + { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, +- { INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0xc2 }, + { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, + { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, +@@ -136,8 +135,6 @@ static const struct sku_microcode spectre_bad_microcodes[] = { + { INTEL_FAM6_HASWELL_X, 0x02, 0x3b }, + { INTEL_FAM6_HASWELL_X, 0x04, 0x10 }, + { INTEL_FAM6_IVYBRIDGE_X, 0x04, 0x42a }, +- /* Updated in the 20180108 release; blacklist until we know otherwise */ +- { INTEL_FAM6_ATOM_GEMINI_LAKE, 0x01, 0x22 }, + /* Observed in the wild */ + { INTEL_FAM6_SANDYBRIDGE_X, 0x06, 0x61b }, + { INTEL_FAM6_SANDYBRIDGE_X, 0x07, 0x712 }, +@@ -149,7 +146,7 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) + + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { + if (c->x86_model == spectre_bad_microcodes[i].model && +- c->x86_mask == spectre_bad_microcodes[i].stepping) ++ c->x86_stepping == spectre_bad_microcodes[i].stepping) + return (c->microcode <= spectre_bad_microcodes[i].microcode); + } + return false; +@@ -196,7 +193,7 @@ static void early_init_intel(struct cpuinfo_x86 *c) + * need the microcode to have already been loaded... so if it is + * not, recommend a BIOS update and disable large pages. + */ +- if (c->x86 == 6 && c->x86_model == 0x1c && c->x86_mask <= 2 && ++ if (c->x86 == 6 && c->x86_model == 0x1c && c->x86_stepping <= 2 && + c->microcode < 0x20e) { + pr_warn("Atom PSE erratum detected, BIOS microcode update recommended\n"); + clear_cpu_cap(c, X86_FEATURE_PSE); +@@ -212,7 +209,7 @@ static void early_init_intel(struct cpuinfo_x86 *c) + + /* CPUID workaround for 0F33/0F34 CPU */ + if (c->x86 == 0xF && c->x86_model == 0x3 +- && (c->x86_mask == 0x3 || c->x86_mask == 0x4)) ++ && (c->x86_stepping == 0x3 || c->x86_stepping == 0x4)) + c->x86_phys_bits = 36; + + /* +@@ -253,21 +250,6 @@ static void early_init_intel(struct cpuinfo_x86 *c) + if (c->x86 == 6 && c->x86_model < 15) + clear_cpu_cap(c, X86_FEATURE_PAT); + +-#ifdef CONFIG_KMEMCHECK +- /* +- * P4s have a "fast strings" feature which causes single- +- * stepping REP instructions to only generate a #DB on +- * cache-line boundaries. +- * +- * Ingo Molnar reported a Pentium D (model 6) and a Xeon +- * (model 2) with the same problem. +- */ +- if (c->x86 == 15) +- if (msr_clear_bit(MSR_IA32_MISC_ENABLE, +- MSR_IA32_MISC_ENABLE_FAST_STRING_BIT) > 0) +- pr_info("kmemcheck: Disabling fast string operations\n"); +-#endif +- + /* + * If fast string is not enabled in IA32_MISC_ENABLE for any reason, + * clear the fast string and enhanced fast string CPU capabilities. +@@ -325,7 +307,7 @@ int ppro_with_ram_bug(void) + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 == 6 && + boot_cpu_data.x86_model == 1 && +- boot_cpu_data.x86_mask < 8) { ++ boot_cpu_data.x86_stepping < 8) { + pr_info("Pentium Pro with Errata#50 detected. Taking evasive action.\n"); + return 1; + } +@@ -342,7 +324,7 @@ static void intel_smp_check(struct cpuinfo_x86 *c) + * Mask B, Pentium, but not Pentium MMX + */ + if (c->x86 == 5 && +- c->x86_mask >= 1 && c->x86_mask <= 4 && ++ c->x86_stepping >= 1 && c->x86_stepping <= 4 && + c->x86_model <= 3) { + /* + * Remember we have B step Pentia with bugs +@@ -385,7 +367,7 @@ static void intel_workarounds(struct cpuinfo_x86 *c) + * SEP CPUID bug: Pentium Pro reports SEP but doesn't have it until + * model 3 mask 3 + */ +- if ((c->x86<<8 | c->x86_model<<4 | c->x86_mask) < 0x633) ++ if ((c->x86<<8 | c->x86_model<<4 | c->x86_stepping) < 0x633) + clear_cpu_cap(c, X86_FEATURE_SEP); + + /* +@@ -403,7 +385,7 @@ static void intel_workarounds(struct cpuinfo_x86 *c) + * P4 Xeon erratum 037 workaround. + * Hardware prefetcher may cause stale data to be loaded into the cache. + */ +- if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_mask == 1)) { ++ if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_stepping == 1)) { + if (msr_set_bit(MSR_IA32_MISC_ENABLE, + MSR_IA32_MISC_ENABLE_PREFETCH_DISABLE_BIT) > 0) { + pr_info("CPU: C0 stepping P4 Xeon detected.\n"); +@@ -418,7 +400,7 @@ static void intel_workarounds(struct cpuinfo_x86 *c) + * Specification Update"). + */ + if (boot_cpu_has(X86_FEATURE_APIC) && (c->x86<<8 | c->x86_model<<4) == 0x520 && +- (c->x86_mask < 0x6 || c->x86_mask == 0xb)) ++ (c->x86_stepping < 0x6 || c->x86_stepping == 0xb)) + set_cpu_bug(c, X86_BUG_11AP); + + +@@ -665,7 +647,7 @@ static void init_intel(struct cpuinfo_x86 *c) + case 6: + if (l2 == 128) + p = "Celeron (Mendocino)"; +- else if (c->x86_mask == 0 || c->x86_mask == 5) ++ else if (c->x86_stepping == 0 || c->x86_stepping == 5) + p = "Celeron-A"; + break; + +diff --git a/arch/x86/kernel/cpu/intel_rdt.c b/arch/x86/kernel/cpu/intel_rdt.c +index 99442370de40..18dd8f22e353 100644 +--- a/arch/x86/kernel/cpu/intel_rdt.c ++++ b/arch/x86/kernel/cpu/intel_rdt.c +@@ -771,7 +771,7 @@ static __init void rdt_quirks(void) + cache_alloc_hsw_probe(); + break; + case INTEL_FAM6_SKYLAKE_X: +- if (boot_cpu_data.x86_mask <= 4) ++ if (boot_cpu_data.x86_stepping <= 4) + set_rdt_options("!cmt,!mbmtotal,!mbmlocal,!l3cat"); + } + } +diff --git a/arch/x86/kernel/cpu/mcheck/mce-internal.h b/arch/x86/kernel/cpu/mcheck/mce-internal.h +index aa0d5df9dc60..e956eb267061 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce-internal.h ++++ b/arch/x86/kernel/cpu/mcheck/mce-internal.h +@@ -115,4 +115,19 @@ static inline void mce_unregister_injector_chain(struct notifier_block *nb) { } + + extern struct mca_config mca_cfg; + ++#ifndef CONFIG_X86_64 ++/* ++ * On 32-bit systems it would be difficult to safely unmap a poison page ++ * from the kernel 1:1 map because there are no non-canonical addresses that ++ * we can use to refer to the address without risking a speculative access. ++ * However, this isn't much of an issue because: ++ * 1) Few unmappable pages are in the 1:1 map. Most are in HIGHMEM which ++ * are only mapped into the kernel as needed ++ * 2) Few people would run a 32-bit kernel on a machine that supports ++ * recoverable errors because they have too much memory to boot 32-bit. ++ */ ++static inline void mce_unmap_kpfn(unsigned long pfn) {} ++#define mce_unmap_kpfn mce_unmap_kpfn ++#endif ++ + #endif /* __X86_MCE_INTERNAL_H__ */ +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index a9e898b71208..73237aa271ea 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -106,6 +106,10 @@ static struct irq_work mce_irq_work; + + static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs); + ++#ifndef mce_unmap_kpfn ++static void mce_unmap_kpfn(unsigned long pfn); ++#endif ++ + /* + * CPU/chipset specific EDAC code can register a notifier call here to print + * MCE errors in a human-readable form. +@@ -582,7 +586,8 @@ static int srao_decode_notifier(struct notifier_block *nb, unsigned long val, + + if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) { + pfn = mce->addr >> PAGE_SHIFT; +- memory_failure(pfn, MCE_VECTOR, 0); ++ if (memory_failure(pfn, MCE_VECTOR, 0)) ++ mce_unmap_kpfn(pfn); + } + + return NOTIFY_OK; +@@ -1049,12 +1054,13 @@ static int do_memory_failure(struct mce *m) + ret = memory_failure(m->addr >> PAGE_SHIFT, MCE_VECTOR, flags); + if (ret) + pr_err("Memory error not recovered"); ++ else ++ mce_unmap_kpfn(m->addr >> PAGE_SHIFT); + return ret; + } + +-#if defined(arch_unmap_kpfn) && defined(CONFIG_MEMORY_FAILURE) +- +-void arch_unmap_kpfn(unsigned long pfn) ++#ifndef mce_unmap_kpfn ++static void mce_unmap_kpfn(unsigned long pfn) + { + unsigned long decoy_addr; + +@@ -1065,7 +1071,7 @@ void arch_unmap_kpfn(unsigned long pfn) + * We would like to just call: + * set_memory_np((unsigned long)pfn_to_kaddr(pfn), 1); + * but doing that would radically increase the odds of a +- * speculative access to the posion page because we'd have ++ * speculative access to the poison page because we'd have + * the virtual address of the kernel 1:1 mapping sitting + * around in registers. + * Instead we get tricky. We create a non-canonical address +@@ -1090,7 +1096,6 @@ void arch_unmap_kpfn(unsigned long pfn) + + if (set_memory_np(decoy_addr, 1)) + pr_warn("Could not invalidate pfn=0x%lx from 1:1 map\n", pfn); +- + } + #endif + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index f7c55b0e753a..a15db2b4e0d6 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -921,7 +921,7 @@ static bool is_blacklisted(unsigned int cpu) + */ + if (c->x86 == 6 && + c->x86_model == INTEL_FAM6_BROADWELL_X && +- c->x86_mask == 0x01 && ++ c->x86_stepping == 0x01 && + llc_size_per_core > 2621440 && + c->microcode < 0x0b000021) { + pr_err_once("Erratum BDF90: late loading with revision < 0x0b000021 (0x%x) disabled.\n", c->microcode); +@@ -944,7 +944,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, + return UCODE_NFOUND; + + sprintf(name, "intel-ucode/%02x-%02x-%02x", +- c->x86, c->x86_model, c->x86_mask); ++ c->x86, c->x86_model, c->x86_stepping); + + if (request_firmware_direct(&firmware, name, device)) { + pr_debug("data file %s load failed\n", name); +@@ -982,7 +982,7 @@ static struct microcode_ops microcode_intel_ops = { + + static int __init calc_llc_size_per_core(struct cpuinfo_x86 *c) + { +- u64 llc_size = c->x86_cache_size * 1024; ++ u64 llc_size = c->x86_cache_size * 1024ULL; + + do_div(llc_size, c->x86_max_cores); + +diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c +index fdc55215d44d..e12ee86906c6 100644 +--- a/arch/x86/kernel/cpu/mtrr/generic.c ++++ b/arch/x86/kernel/cpu/mtrr/generic.c +@@ -859,7 +859,7 @@ int generic_validate_add_page(unsigned long base, unsigned long size, + */ + if (is_cpu(INTEL) && boot_cpu_data.x86 == 6 && + boot_cpu_data.x86_model == 1 && +- boot_cpu_data.x86_mask <= 7) { ++ boot_cpu_data.x86_stepping <= 7) { + if (base & ((1 << (22 - PAGE_SHIFT)) - 1)) { + pr_warn("mtrr: base(0x%lx000) is not 4 MiB aligned\n", base); + return -EINVAL; +diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c +index 40d5a8a75212..7468de429087 100644 +--- a/arch/x86/kernel/cpu/mtrr/main.c ++++ b/arch/x86/kernel/cpu/mtrr/main.c +@@ -711,8 +711,8 @@ void __init mtrr_bp_init(void) + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 == 0xF && + boot_cpu_data.x86_model == 0x3 && +- (boot_cpu_data.x86_mask == 0x3 || +- boot_cpu_data.x86_mask == 0x4)) ++ (boot_cpu_data.x86_stepping == 0x3 || ++ boot_cpu_data.x86_stepping == 0x4)) + phys_addr = 36; + + size_or_mask = SIZE_OR_MASK_BITS(phys_addr); +diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c +index e7ecedafa1c8..2c8522a39ed5 100644 +--- a/arch/x86/kernel/cpu/proc.c ++++ b/arch/x86/kernel/cpu/proc.c +@@ -72,8 +72,8 @@ static int show_cpuinfo(struct seq_file *m, void *v) + c->x86_model, + c->x86_model_id[0] ? c->x86_model_id : "unknown"); + +- if (c->x86_mask || c->cpuid_level >= 0) +- seq_printf(m, "stepping\t: %d\n", c->x86_mask); ++ if (c->x86_stepping || c->cpuid_level >= 0) ++ seq_printf(m, "stepping\t: %d\n", c->x86_stepping); + else + seq_puts(m, "stepping\t: unknown\n"); + if (c->microcode) +@@ -91,8 +91,8 @@ static int show_cpuinfo(struct seq_file *m, void *v) + } + + /* Cache size */ +- if (c->x86_cache_size >= 0) +- seq_printf(m, "cache size\t: %d KB\n", c->x86_cache_size); ++ if (c->x86_cache_size) ++ seq_printf(m, "cache size\t: %u KB\n", c->x86_cache_size); + + show_cpuinfo_core(m, c, cpu); + show_cpuinfo_misc(m, c); +diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c +index 1e82f787c160..c87560e1e3ef 100644 +--- a/arch/x86/kernel/early-quirks.c ++++ b/arch/x86/kernel/early-quirks.c +@@ -527,6 +527,7 @@ static const struct pci_device_id intel_early_ids[] __initconst = { + INTEL_SKL_IDS(&gen9_early_ops), + INTEL_BXT_IDS(&gen9_early_ops), + INTEL_KBL_IDS(&gen9_early_ops), ++ INTEL_CFL_IDS(&gen9_early_ops), + INTEL_GLK_IDS(&gen9_early_ops), + INTEL_CNL_IDS(&gen9_early_ops), + }; +diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c +index 9c4e7ba6870c..cbded50ee601 100644 +--- a/arch/x86/kernel/espfix_64.c ++++ b/arch/x86/kernel/espfix_64.c +@@ -57,7 +57,7 @@ + # error "Need more virtual address space for the ESPFIX hack" + #endif + +-#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL | __GFP_ZERO) + + /* This contains the *bottom* address of the espfix stack */ + DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack); +diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S +index c29020907886..b59e4fb40fd9 100644 +--- a/arch/x86/kernel/head_32.S ++++ b/arch/x86/kernel/head_32.S +@@ -37,7 +37,7 @@ + #define X86 new_cpu_data+CPUINFO_x86 + #define X86_VENDOR new_cpu_data+CPUINFO_x86_vendor + #define X86_MODEL new_cpu_data+CPUINFO_x86_model +-#define X86_MASK new_cpu_data+CPUINFO_x86_mask ++#define X86_STEPPING new_cpu_data+CPUINFO_x86_stepping + #define X86_HARD_MATH new_cpu_data+CPUINFO_hard_math + #define X86_CPUID new_cpu_data+CPUINFO_cpuid_level + #define X86_CAPABILITY new_cpu_data+CPUINFO_x86_capability +@@ -332,7 +332,7 @@ ENTRY(startup_32_smp) + shrb $4,%al + movb %al,X86_MODEL + andb $0x0f,%cl # mask mask revision +- movb %cl,X86_MASK ++ movb %cl,X86_STEPPING + movl %edx,X86_CAPABILITY + + .Lis486: +diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c +index 3a4b12809ab5..bc6bc6689e68 100644 +--- a/arch/x86/kernel/mpparse.c ++++ b/arch/x86/kernel/mpparse.c +@@ -407,7 +407,7 @@ static inline void __init construct_default_ISA_mptable(int mpc_default_type) + processor.apicver = mpc_default_type > 4 ? 0x10 : 0x01; + processor.cpuflag = CPU_ENABLED; + processor.cpufeature = (boot_cpu_data.x86 << 8) | +- (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_mask; ++ (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_stepping; + processor.featureflag = boot_cpu_data.x86_capability[CPUID_1_EDX]; + processor.reserved[0] = 0; + processor.reserved[1] = 0; +diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c +index 19a3e8f961c7..e1df9ef5d78c 100644 +--- a/arch/x86/kernel/paravirt.c ++++ b/arch/x86/kernel/paravirt.c +@@ -190,9 +190,9 @@ static void native_flush_tlb_global(void) + __native_flush_tlb_global(); + } + +-static void native_flush_tlb_single(unsigned long addr) ++static void native_flush_tlb_one_user(unsigned long addr) + { +- __native_flush_tlb_single(addr); ++ __native_flush_tlb_one_user(addr); + } + + struct static_key paravirt_steal_enabled; +@@ -391,7 +391,7 @@ struct pv_mmu_ops pv_mmu_ops __ro_after_init = { + + .flush_tlb_user = native_flush_tlb, + .flush_tlb_kernel = native_flush_tlb_global, +- .flush_tlb_single = native_flush_tlb_single, ++ .flush_tlb_one_user = native_flush_tlb_one_user, + .flush_tlb_others = native_flush_tlb_others, + + .pgd_alloc = __paravirt_pgd_alloc, +diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S +index 307d3bac5f04..11eda21eb697 100644 +--- a/arch/x86/kernel/relocate_kernel_64.S ++++ b/arch/x86/kernel/relocate_kernel_64.S +@@ -68,6 +68,9 @@ relocate_kernel: + movq %cr4, %rax + movq %rax, CR4(%r11) + ++ /* Save CR4. Required to enable the right paging mode later. */ ++ movq %rax, %r13 ++ + /* zero out flags, and disable interrupts */ + pushq $0 + popfq +@@ -126,8 +129,13 @@ identity_mapped: + /* + * Set cr4 to a known state: + * - physical address extension enabled ++ * - 5-level paging, if it was enabled before + */ + movl $X86_CR4_PAE, %eax ++ testq $X86_CR4_LA57, %r13 ++ jz 1f ++ orl $X86_CR4_LA57, %eax ++1: + movq %rax, %cr4 + + jmp 1f +diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c +index b33e860d32fe..a66428dc92ae 100644 +--- a/arch/x86/kernel/traps.c ++++ b/arch/x86/kernel/traps.c +@@ -42,7 +42,6 @@ + #include + #endif + +-#include + #include + #include + #include +@@ -181,7 +180,7 @@ int fixup_bug(struct pt_regs *regs, int trapnr) + break; + + case BUG_TRAP_TYPE_WARN: +- regs->ip += LEN_UD0; ++ regs->ip += LEN_UD2; + return 1; + } + +@@ -764,10 +763,6 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) + if (!dr6 && user_mode(regs)) + user_icebp = 1; + +- /* Catch kmemcheck conditions! */ +- if ((dr6 & DR_STEP) && kmemcheck_trap(regs)) +- goto exit; +- + /* Store the virtualized DR6 value */ + tsk->thread.debugreg6 = dr6; + +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c +index beb7f8795bc1..ca000fc644bc 100644 +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -5063,7 +5063,7 @@ void kvm_mmu_uninit_vm(struct kvm *kvm) + typedef bool (*slot_level_handler) (struct kvm *kvm, struct kvm_rmap_head *rmap_head); + + /* The caller should hold mmu-lock before calling this function. */ +-static bool ++static __always_inline bool + slot_handle_level_range(struct kvm *kvm, struct kvm_memory_slot *memslot, + slot_level_handler fn, int start_level, int end_level, + gfn_t start_gfn, gfn_t end_gfn, bool lock_flush_tlb) +@@ -5093,7 +5093,7 @@ slot_handle_level_range(struct kvm *kvm, struct kvm_memory_slot *memslot, + return flush; + } + +-static bool ++static __always_inline bool + slot_handle_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + slot_level_handler fn, int start_level, int end_level, + bool lock_flush_tlb) +@@ -5104,7 +5104,7 @@ slot_handle_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + lock_flush_tlb); + } + +-static bool ++static __always_inline bool + slot_handle_all_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + slot_level_handler fn, bool lock_flush_tlb) + { +@@ -5112,7 +5112,7 @@ slot_handle_all_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + PT_MAX_HUGEPAGE_LEVEL, lock_flush_tlb); + } + +-static bool ++static __always_inline bool + slot_handle_large_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + slot_level_handler fn, bool lock_flush_tlb) + { +@@ -5120,7 +5120,7 @@ slot_handle_large_level(struct kvm *kvm, struct kvm_memory_slot *memslot, + PT_MAX_HUGEPAGE_LEVEL, lock_flush_tlb); + } + +-static bool ++static __always_inline bool + slot_handle_leaf(struct kvm *kvm, struct kvm_memory_slot *memslot, + slot_level_handler fn, bool lock_flush_tlb) + { +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 0ea909ca45c2..dd35c6c50516 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -10127,7 +10127,8 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu, + if (cpu_has_vmx_msr_bitmap() && + nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS) && + nested_vmx_merge_msr_bitmap(vcpu, vmcs12)) +- ; ++ vmcs_set_bits(CPU_BASED_VM_EXEC_CONTROL, ++ CPU_BASED_USE_MSR_BITMAPS); + else + vmcs_clear_bits(CPU_BASED_VM_EXEC_CONTROL, + CPU_BASED_USE_MSR_BITMAPS); +@@ -10216,8 +10217,8 @@ static inline bool nested_vmx_merge_msr_bitmap(struct kvm_vcpu *vcpu, + * updated to reflect this when L1 (or its L2s) actually write to + * the MSR. + */ +- bool pred_cmd = msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD); +- bool spec_ctrl = msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL); ++ bool pred_cmd = !msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD); ++ bool spec_ctrl = !msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL); + + if (!nested_cpu_has_virt_x2apic_mode(vmcs12) && + !pred_cmd && !spec_ctrl) +diff --git a/arch/x86/lib/cpu.c b/arch/x86/lib/cpu.c +index d6f848d1211d..2dd1fe13a37b 100644 +--- a/arch/x86/lib/cpu.c ++++ b/arch/x86/lib/cpu.c +@@ -18,7 +18,7 @@ unsigned int x86_model(unsigned int sig) + { + unsigned int fam, model; + +- fam = x86_family(sig); ++ fam = x86_family(sig); + + model = (sig >> 4) & 0xf; + +diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile +index 52906808e277..27e9e90a8d35 100644 +--- a/arch/x86/mm/Makefile ++++ b/arch/x86/mm/Makefile +@@ -29,8 +29,6 @@ obj-$(CONFIG_X86_PTDUMP) += debug_pagetables.o + + obj-$(CONFIG_HIGHMEM) += highmem_32.o + +-obj-$(CONFIG_KMEMCHECK) += kmemcheck/ +- + KASAN_SANITIZE_kasan_init_$(BITS).o := n + obj-$(CONFIG_KASAN) += kasan_init_$(BITS).o + +diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c +index b264b590eeec..9150fe2c9b26 100644 +--- a/arch/x86/mm/fault.c ++++ b/arch/x86/mm/fault.c +@@ -20,7 +20,6 @@ + #include /* boot_cpu_has, ... */ + #include /* dotraplinkage, ... */ + #include /* pgd_*(), ... */ +-#include /* kmemcheck_*(), ... */ + #include /* VSYSCALL_ADDR */ + #include /* emulate_vsyscall */ + #include /* struct vm86 */ +@@ -1257,8 +1256,6 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, + * Detect and handle instructions that would cause a page fault for + * both a tracked kernel page and a userspace page. + */ +- if (kmemcheck_active(regs)) +- kmemcheck_hide(regs); + prefetchw(&mm->mmap_sem); + + if (unlikely(kmmio_fault(regs, address))) +@@ -1281,9 +1278,6 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, + if (!(error_code & (X86_PF_RSVD | X86_PF_USER | X86_PF_PROT))) { + if (vmalloc_fault(address) >= 0) + return; +- +- if (kmemcheck_fault(regs, address, error_code)) +- return; + } + + /* Can handle a stale RO->RW TLB: */ +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c +index 6b462a472a7b..82f5252c723a 100644 +--- a/arch/x86/mm/init.c ++++ b/arch/x86/mm/init.c +@@ -93,8 +93,7 @@ __ref void *alloc_low_pages(unsigned int num) + unsigned int order; + + order = get_order((unsigned long)num << PAGE_SHIFT); +- return (void *)__get_free_pages(GFP_ATOMIC | __GFP_NOTRACK | +- __GFP_ZERO, order); ++ return (void *)__get_free_pages(GFP_ATOMIC | __GFP_ZERO, order); + } + + if ((pgt_buf_end + num) > pgt_buf_top || !can_use_brk_pgt) { +@@ -171,12 +170,11 @@ static void enable_global_pages(void) + static void __init probe_page_size_mask(void) + { + /* +- * For CONFIG_KMEMCHECK or pagealloc debugging, identity mapping will +- * use small pages. ++ * For pagealloc debugging, identity mapping will use small pages. + * This will simplify cpa(), which otherwise needs to support splitting + * large pages into small in interrupt context, etc. + */ +- if (boot_cpu_has(X86_FEATURE_PSE) && !debug_pagealloc_enabled() && !IS_ENABLED(CONFIG_KMEMCHECK)) ++ if (boot_cpu_has(X86_FEATURE_PSE) && !debug_pagealloc_enabled()) + page_size_mask |= 1 << PG_LEVEL_2M; + else + direct_gbpages = 0; +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index adcea90a2046..fe85d1204db8 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c +@@ -184,7 +184,7 @@ static __ref void *spp_getpage(void) + void *ptr; + + if (after_bootmem) +- ptr = (void *) get_zeroed_page(GFP_ATOMIC | __GFP_NOTRACK); ++ ptr = (void *) get_zeroed_page(GFP_ATOMIC); + else + ptr = alloc_bootmem_pages(PAGE_SIZE); + +@@ -256,7 +256,7 @@ static void __set_pte_vaddr(pud_t *pud, unsigned long vaddr, pte_t new_pte) + * It's enough to flush this one mapping. + * (PGE mappings get flushed as well) + */ +- __flush_tlb_one(vaddr); ++ __flush_tlb_one_kernel(vaddr); + } + + void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte) +diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c +index 34f0e1847dd6..bb120e59c597 100644 +--- a/arch/x86/mm/ioremap.c ++++ b/arch/x86/mm/ioremap.c +@@ -749,5 +749,5 @@ void __init __early_set_fixmap(enum fixed_addresses idx, + set_pte(pte, pfn_pte(phys >> PAGE_SHIFT, flags)); + else + pte_clear(&init_mm, addr, pte); +- __flush_tlb_one(addr); ++ __flush_tlb_one_kernel(addr); + } +diff --git a/arch/x86/mm/kmemcheck/Makefile b/arch/x86/mm/kmemcheck/Makefile +deleted file mode 100644 +index 520b3bce4095..000000000000 +--- a/arch/x86/mm/kmemcheck/Makefile ++++ /dev/null +@@ -1 +0,0 @@ +-obj-y := error.o kmemcheck.o opcode.o pte.o selftest.o shadow.o +diff --git a/arch/x86/mm/kmemcheck/error.c b/arch/x86/mm/kmemcheck/error.c +deleted file mode 100644 +index 872ec4159a68..000000000000 +--- a/arch/x86/mm/kmemcheck/error.c ++++ /dev/null +@@ -1,228 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "error.h" +-#include "shadow.h" +- +-enum kmemcheck_error_type { +- KMEMCHECK_ERROR_INVALID_ACCESS, +- KMEMCHECK_ERROR_BUG, +-}; +- +-#define SHADOW_COPY_SIZE (1 << CONFIG_KMEMCHECK_SHADOW_COPY_SHIFT) +- +-struct kmemcheck_error { +- enum kmemcheck_error_type type; +- +- union { +- /* KMEMCHECK_ERROR_INVALID_ACCESS */ +- struct { +- /* Kind of access that caused the error */ +- enum kmemcheck_shadow state; +- /* Address and size of the erroneous read */ +- unsigned long address; +- unsigned int size; +- }; +- }; +- +- struct pt_regs regs; +- struct stack_trace trace; +- unsigned long trace_entries[32]; +- +- /* We compress it to a char. */ +- unsigned char shadow_copy[SHADOW_COPY_SIZE]; +- unsigned char memory_copy[SHADOW_COPY_SIZE]; +-}; +- +-/* +- * Create a ring queue of errors to output. We can't call printk() directly +- * from the kmemcheck traps, since this may call the console drivers and +- * result in a recursive fault. +- */ +-static struct kmemcheck_error error_fifo[CONFIG_KMEMCHECK_QUEUE_SIZE]; +-static unsigned int error_count; +-static unsigned int error_rd; +-static unsigned int error_wr; +-static unsigned int error_missed_count; +- +-static struct kmemcheck_error *error_next_wr(void) +-{ +- struct kmemcheck_error *e; +- +- if (error_count == ARRAY_SIZE(error_fifo)) { +- ++error_missed_count; +- return NULL; +- } +- +- e = &error_fifo[error_wr]; +- if (++error_wr == ARRAY_SIZE(error_fifo)) +- error_wr = 0; +- ++error_count; +- return e; +-} +- +-static struct kmemcheck_error *error_next_rd(void) +-{ +- struct kmemcheck_error *e; +- +- if (error_count == 0) +- return NULL; +- +- e = &error_fifo[error_rd]; +- if (++error_rd == ARRAY_SIZE(error_fifo)) +- error_rd = 0; +- --error_count; +- return e; +-} +- +-void kmemcheck_error_recall(void) +-{ +- static const char *desc[] = { +- [KMEMCHECK_SHADOW_UNALLOCATED] = "unallocated", +- [KMEMCHECK_SHADOW_UNINITIALIZED] = "uninitialized", +- [KMEMCHECK_SHADOW_INITIALIZED] = "initialized", +- [KMEMCHECK_SHADOW_FREED] = "freed", +- }; +- +- static const char short_desc[] = { +- [KMEMCHECK_SHADOW_UNALLOCATED] = 'a', +- [KMEMCHECK_SHADOW_UNINITIALIZED] = 'u', +- [KMEMCHECK_SHADOW_INITIALIZED] = 'i', +- [KMEMCHECK_SHADOW_FREED] = 'f', +- }; +- +- struct kmemcheck_error *e; +- unsigned int i; +- +- e = error_next_rd(); +- if (!e) +- return; +- +- switch (e->type) { +- case KMEMCHECK_ERROR_INVALID_ACCESS: +- printk(KERN_WARNING "WARNING: kmemcheck: Caught %d-bit read from %s memory (%p)\n", +- 8 * e->size, e->state < ARRAY_SIZE(desc) ? +- desc[e->state] : "(invalid shadow state)", +- (void *) e->address); +- +- printk(KERN_WARNING); +- for (i = 0; i < SHADOW_COPY_SIZE; ++i) +- printk(KERN_CONT "%02x", e->memory_copy[i]); +- printk(KERN_CONT "\n"); +- +- printk(KERN_WARNING); +- for (i = 0; i < SHADOW_COPY_SIZE; ++i) { +- if (e->shadow_copy[i] < ARRAY_SIZE(short_desc)) +- printk(KERN_CONT " %c", short_desc[e->shadow_copy[i]]); +- else +- printk(KERN_CONT " ?"); +- } +- printk(KERN_CONT "\n"); +- printk(KERN_WARNING "%*c\n", 2 + 2 +- * (int) (e->address & (SHADOW_COPY_SIZE - 1)), '^'); +- break; +- case KMEMCHECK_ERROR_BUG: +- printk(KERN_EMERG "ERROR: kmemcheck: Fatal error\n"); +- break; +- } +- +- __show_regs(&e->regs, 1); +- print_stack_trace(&e->trace, 0); +-} +- +-static void do_wakeup(unsigned long data) +-{ +- while (error_count > 0) +- kmemcheck_error_recall(); +- +- if (error_missed_count > 0) { +- printk(KERN_WARNING "kmemcheck: Lost %d error reports because " +- "the queue was too small\n", error_missed_count); +- error_missed_count = 0; +- } +-} +- +-static DECLARE_TASKLET(kmemcheck_tasklet, &do_wakeup, 0); +- +-/* +- * Save the context of an error report. +- */ +-void kmemcheck_error_save(enum kmemcheck_shadow state, +- unsigned long address, unsigned int size, struct pt_regs *regs) +-{ +- static unsigned long prev_ip; +- +- struct kmemcheck_error *e; +- void *shadow_copy; +- void *memory_copy; +- +- /* Don't report several adjacent errors from the same EIP. */ +- if (regs->ip == prev_ip) +- return; +- prev_ip = regs->ip; +- +- e = error_next_wr(); +- if (!e) +- return; +- +- e->type = KMEMCHECK_ERROR_INVALID_ACCESS; +- +- e->state = state; +- e->address = address; +- e->size = size; +- +- /* Save regs */ +- memcpy(&e->regs, regs, sizeof(*regs)); +- +- /* Save stack trace */ +- e->trace.nr_entries = 0; +- e->trace.entries = e->trace_entries; +- e->trace.max_entries = ARRAY_SIZE(e->trace_entries); +- e->trace.skip = 0; +- save_stack_trace_regs(regs, &e->trace); +- +- /* Round address down to nearest 16 bytes */ +- shadow_copy = kmemcheck_shadow_lookup(address +- & ~(SHADOW_COPY_SIZE - 1)); +- BUG_ON(!shadow_copy); +- +- memcpy(e->shadow_copy, shadow_copy, SHADOW_COPY_SIZE); +- +- kmemcheck_show_addr(address); +- memory_copy = (void *) (address & ~(SHADOW_COPY_SIZE - 1)); +- memcpy(e->memory_copy, memory_copy, SHADOW_COPY_SIZE); +- kmemcheck_hide_addr(address); +- +- tasklet_hi_schedule_first(&kmemcheck_tasklet); +-} +- +-/* +- * Save the context of a kmemcheck bug. +- */ +-void kmemcheck_error_save_bug(struct pt_regs *regs) +-{ +- struct kmemcheck_error *e; +- +- e = error_next_wr(); +- if (!e) +- return; +- +- e->type = KMEMCHECK_ERROR_BUG; +- +- memcpy(&e->regs, regs, sizeof(*regs)); +- +- e->trace.nr_entries = 0; +- e->trace.entries = e->trace_entries; +- e->trace.max_entries = ARRAY_SIZE(e->trace_entries); +- e->trace.skip = 1; +- save_stack_trace(&e->trace); +- +- tasklet_hi_schedule_first(&kmemcheck_tasklet); +-} +diff --git a/arch/x86/mm/kmemcheck/error.h b/arch/x86/mm/kmemcheck/error.h +deleted file mode 100644 +index 39f80d7a874d..000000000000 +--- a/arch/x86/mm/kmemcheck/error.h ++++ /dev/null +@@ -1,16 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ARCH__X86__MM__KMEMCHECK__ERROR_H +-#define ARCH__X86__MM__KMEMCHECK__ERROR_H +- +-#include +- +-#include "shadow.h" +- +-void kmemcheck_error_save(enum kmemcheck_shadow state, +- unsigned long address, unsigned int size, struct pt_regs *regs); +- +-void kmemcheck_error_save_bug(struct pt_regs *regs); +- +-void kmemcheck_error_recall(void); +- +-#endif +diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c +deleted file mode 100644 +index 4515bae36bbe..000000000000 +--- a/arch/x86/mm/kmemcheck/kmemcheck.c ++++ /dev/null +@@ -1,658 +0,0 @@ +-/** +- * kmemcheck - a heavyweight memory checker for the linux kernel +- * Copyright (C) 2007, 2008 Vegard Nossum +- * (With a lot of help from Ingo Molnar and Pekka Enberg.) +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License (version 2) as +- * published by the Free Software Foundation. +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +- +-#include "error.h" +-#include "opcode.h" +-#include "pte.h" +-#include "selftest.h" +-#include "shadow.h" +- +- +-#ifdef CONFIG_KMEMCHECK_DISABLED_BY_DEFAULT +-# define KMEMCHECK_ENABLED 0 +-#endif +- +-#ifdef CONFIG_KMEMCHECK_ENABLED_BY_DEFAULT +-# define KMEMCHECK_ENABLED 1 +-#endif +- +-#ifdef CONFIG_KMEMCHECK_ONESHOT_BY_DEFAULT +-# define KMEMCHECK_ENABLED 2 +-#endif +- +-int kmemcheck_enabled = KMEMCHECK_ENABLED; +- +-int __init kmemcheck_init(void) +-{ +-#ifdef CONFIG_SMP +- /* +- * Limit SMP to use a single CPU. We rely on the fact that this code +- * runs before SMP is set up. +- */ +- if (setup_max_cpus > 1) { +- printk(KERN_INFO +- "kmemcheck: Limiting number of CPUs to 1.\n"); +- setup_max_cpus = 1; +- } +-#endif +- +- if (!kmemcheck_selftest()) { +- printk(KERN_INFO "kmemcheck: self-tests failed; disabling\n"); +- kmemcheck_enabled = 0; +- return -EINVAL; +- } +- +- printk(KERN_INFO "kmemcheck: Initialized\n"); +- return 0; +-} +- +-early_initcall(kmemcheck_init); +- +-/* +- * We need to parse the kmemcheck= option before any memory is allocated. +- */ +-static int __init param_kmemcheck(char *str) +-{ +- int val; +- int ret; +- +- if (!str) +- return -EINVAL; +- +- ret = kstrtoint(str, 0, &val); +- if (ret) +- return ret; +- kmemcheck_enabled = val; +- return 0; +-} +- +-early_param("kmemcheck", param_kmemcheck); +- +-int kmemcheck_show_addr(unsigned long address) +-{ +- pte_t *pte; +- +- pte = kmemcheck_pte_lookup(address); +- if (!pte) +- return 0; +- +- set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); +- __flush_tlb_one(address); +- return 1; +-} +- +-int kmemcheck_hide_addr(unsigned long address) +-{ +- pte_t *pte; +- +- pte = kmemcheck_pte_lookup(address); +- if (!pte) +- return 0; +- +- set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT)); +- __flush_tlb_one(address); +- return 1; +-} +- +-struct kmemcheck_context { +- bool busy; +- int balance; +- +- /* +- * There can be at most two memory operands to an instruction, but +- * each address can cross a page boundary -- so we may need up to +- * four addresses that must be hidden/revealed for each fault. +- */ +- unsigned long addr[4]; +- unsigned long n_addrs; +- unsigned long flags; +- +- /* Data size of the instruction that caused a fault. */ +- unsigned int size; +-}; +- +-static DEFINE_PER_CPU(struct kmemcheck_context, kmemcheck_context); +- +-bool kmemcheck_active(struct pt_regs *regs) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- +- return data->balance > 0; +-} +- +-/* Save an address that needs to be shown/hidden */ +-static void kmemcheck_save_addr(unsigned long addr) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- +- BUG_ON(data->n_addrs >= ARRAY_SIZE(data->addr)); +- data->addr[data->n_addrs++] = addr; +-} +- +-static unsigned int kmemcheck_show_all(void) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- unsigned int i; +- unsigned int n; +- +- n = 0; +- for (i = 0; i < data->n_addrs; ++i) +- n += kmemcheck_show_addr(data->addr[i]); +- +- return n; +-} +- +-static unsigned int kmemcheck_hide_all(void) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- unsigned int i; +- unsigned int n; +- +- n = 0; +- for (i = 0; i < data->n_addrs; ++i) +- n += kmemcheck_hide_addr(data->addr[i]); +- +- return n; +-} +- +-/* +- * Called from the #PF handler. +- */ +-void kmemcheck_show(struct pt_regs *regs) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- +- BUG_ON(!irqs_disabled()); +- +- if (unlikely(data->balance != 0)) { +- kmemcheck_show_all(); +- kmemcheck_error_save_bug(regs); +- data->balance = 0; +- return; +- } +- +- /* +- * None of the addresses actually belonged to kmemcheck. Note that +- * this is not an error. +- */ +- if (kmemcheck_show_all() == 0) +- return; +- +- ++data->balance; +- +- /* +- * The IF needs to be cleared as well, so that the faulting +- * instruction can run "uninterrupted". Otherwise, we might take +- * an interrupt and start executing that before we've had a chance +- * to hide the page again. +- * +- * NOTE: In the rare case of multiple faults, we must not override +- * the original flags: +- */ +- if (!(regs->flags & X86_EFLAGS_TF)) +- data->flags = regs->flags; +- +- regs->flags |= X86_EFLAGS_TF; +- regs->flags &= ~X86_EFLAGS_IF; +-} +- +-/* +- * Called from the #DB handler. +- */ +-void kmemcheck_hide(struct pt_regs *regs) +-{ +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- int n; +- +- BUG_ON(!irqs_disabled()); +- +- if (unlikely(data->balance != 1)) { +- kmemcheck_show_all(); +- kmemcheck_error_save_bug(regs); +- data->n_addrs = 0; +- data->balance = 0; +- +- if (!(data->flags & X86_EFLAGS_TF)) +- regs->flags &= ~X86_EFLAGS_TF; +- if (data->flags & X86_EFLAGS_IF) +- regs->flags |= X86_EFLAGS_IF; +- return; +- } +- +- if (kmemcheck_enabled) +- n = kmemcheck_hide_all(); +- else +- n = kmemcheck_show_all(); +- +- if (n == 0) +- return; +- +- --data->balance; +- +- data->n_addrs = 0; +- +- if (!(data->flags & X86_EFLAGS_TF)) +- regs->flags &= ~X86_EFLAGS_TF; +- if (data->flags & X86_EFLAGS_IF) +- regs->flags |= X86_EFLAGS_IF; +-} +- +-void kmemcheck_show_pages(struct page *p, unsigned int n) +-{ +- unsigned int i; +- +- for (i = 0; i < n; ++i) { +- unsigned long address; +- pte_t *pte; +- unsigned int level; +- +- address = (unsigned long) page_address(&p[i]); +- pte = lookup_address(address, &level); +- BUG_ON(!pte); +- BUG_ON(level != PG_LEVEL_4K); +- +- set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); +- set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_HIDDEN)); +- __flush_tlb_one(address); +- } +-} +- +-bool kmemcheck_page_is_tracked(struct page *p) +-{ +- /* This will also check the "hidden" flag of the PTE. */ +- return kmemcheck_pte_lookup((unsigned long) page_address(p)); +-} +- +-void kmemcheck_hide_pages(struct page *p, unsigned int n) +-{ +- unsigned int i; +- +- for (i = 0; i < n; ++i) { +- unsigned long address; +- pte_t *pte; +- unsigned int level; +- +- address = (unsigned long) page_address(&p[i]); +- pte = lookup_address(address, &level); +- BUG_ON(!pte); +- BUG_ON(level != PG_LEVEL_4K); +- +- set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT)); +- set_pte(pte, __pte(pte_val(*pte) | _PAGE_HIDDEN)); +- __flush_tlb_one(address); +- } +-} +- +-/* Access may NOT cross page boundary */ +-static void kmemcheck_read_strict(struct pt_regs *regs, +- unsigned long addr, unsigned int size) +-{ +- void *shadow; +- enum kmemcheck_shadow status; +- +- shadow = kmemcheck_shadow_lookup(addr); +- if (!shadow) +- return; +- +- kmemcheck_save_addr(addr); +- status = kmemcheck_shadow_test(shadow, size); +- if (status == KMEMCHECK_SHADOW_INITIALIZED) +- return; +- +- if (kmemcheck_enabled) +- kmemcheck_error_save(status, addr, size, regs); +- +- if (kmemcheck_enabled == 2) +- kmemcheck_enabled = 0; +- +- /* Don't warn about it again. */ +- kmemcheck_shadow_set(shadow, size); +-} +- +-bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size) +-{ +- enum kmemcheck_shadow status; +- void *shadow; +- +- shadow = kmemcheck_shadow_lookup(addr); +- if (!shadow) +- return true; +- +- status = kmemcheck_shadow_test_all(shadow, size); +- +- return status == KMEMCHECK_SHADOW_INITIALIZED; +-} +- +-/* Access may cross page boundary */ +-static void kmemcheck_read(struct pt_regs *regs, +- unsigned long addr, unsigned int size) +-{ +- unsigned long page = addr & PAGE_MASK; +- unsigned long next_addr = addr + size - 1; +- unsigned long next_page = next_addr & PAGE_MASK; +- +- if (likely(page == next_page)) { +- kmemcheck_read_strict(regs, addr, size); +- return; +- } +- +- /* +- * What we do is basically to split the access across the +- * two pages and handle each part separately. Yes, this means +- * that we may now see reads that are 3 + 5 bytes, for +- * example (and if both are uninitialized, there will be two +- * reports), but it makes the code a lot simpler. +- */ +- kmemcheck_read_strict(regs, addr, next_page - addr); +- kmemcheck_read_strict(regs, next_page, next_addr - next_page); +-} +- +-static void kmemcheck_write_strict(struct pt_regs *regs, +- unsigned long addr, unsigned int size) +-{ +- void *shadow; +- +- shadow = kmemcheck_shadow_lookup(addr); +- if (!shadow) +- return; +- +- kmemcheck_save_addr(addr); +- kmemcheck_shadow_set(shadow, size); +-} +- +-static void kmemcheck_write(struct pt_regs *regs, +- unsigned long addr, unsigned int size) +-{ +- unsigned long page = addr & PAGE_MASK; +- unsigned long next_addr = addr + size - 1; +- unsigned long next_page = next_addr & PAGE_MASK; +- +- if (likely(page == next_page)) { +- kmemcheck_write_strict(regs, addr, size); +- return; +- } +- +- /* See comment in kmemcheck_read(). */ +- kmemcheck_write_strict(regs, addr, next_page - addr); +- kmemcheck_write_strict(regs, next_page, next_addr - next_page); +-} +- +-/* +- * Copying is hard. We have two addresses, each of which may be split across +- * a page (and each page will have different shadow addresses). +- */ +-static void kmemcheck_copy(struct pt_regs *regs, +- unsigned long src_addr, unsigned long dst_addr, unsigned int size) +-{ +- uint8_t shadow[8]; +- enum kmemcheck_shadow status; +- +- unsigned long page; +- unsigned long next_addr; +- unsigned long next_page; +- +- uint8_t *x; +- unsigned int i; +- unsigned int n; +- +- BUG_ON(size > sizeof(shadow)); +- +- page = src_addr & PAGE_MASK; +- next_addr = src_addr + size - 1; +- next_page = next_addr & PAGE_MASK; +- +- if (likely(page == next_page)) { +- /* Same page */ +- x = kmemcheck_shadow_lookup(src_addr); +- if (x) { +- kmemcheck_save_addr(src_addr); +- for (i = 0; i < size; ++i) +- shadow[i] = x[i]; +- } else { +- for (i = 0; i < size; ++i) +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- } else { +- n = next_page - src_addr; +- BUG_ON(n > sizeof(shadow)); +- +- /* First page */ +- x = kmemcheck_shadow_lookup(src_addr); +- if (x) { +- kmemcheck_save_addr(src_addr); +- for (i = 0; i < n; ++i) +- shadow[i] = x[i]; +- } else { +- /* Not tracked */ +- for (i = 0; i < n; ++i) +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- +- /* Second page */ +- x = kmemcheck_shadow_lookup(next_page); +- if (x) { +- kmemcheck_save_addr(next_page); +- for (i = n; i < size; ++i) +- shadow[i] = x[i - n]; +- } else { +- /* Not tracked */ +- for (i = n; i < size; ++i) +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- } +- +- page = dst_addr & PAGE_MASK; +- next_addr = dst_addr + size - 1; +- next_page = next_addr & PAGE_MASK; +- +- if (likely(page == next_page)) { +- /* Same page */ +- x = kmemcheck_shadow_lookup(dst_addr); +- if (x) { +- kmemcheck_save_addr(dst_addr); +- for (i = 0; i < size; ++i) { +- x[i] = shadow[i]; +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- } +- } else { +- n = next_page - dst_addr; +- BUG_ON(n > sizeof(shadow)); +- +- /* First page */ +- x = kmemcheck_shadow_lookup(dst_addr); +- if (x) { +- kmemcheck_save_addr(dst_addr); +- for (i = 0; i < n; ++i) { +- x[i] = shadow[i]; +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- } +- +- /* Second page */ +- x = kmemcheck_shadow_lookup(next_page); +- if (x) { +- kmemcheck_save_addr(next_page); +- for (i = n; i < size; ++i) { +- x[i - n] = shadow[i]; +- shadow[i] = KMEMCHECK_SHADOW_INITIALIZED; +- } +- } +- } +- +- status = kmemcheck_shadow_test(shadow, size); +- if (status == KMEMCHECK_SHADOW_INITIALIZED) +- return; +- +- if (kmemcheck_enabled) +- kmemcheck_error_save(status, src_addr, size, regs); +- +- if (kmemcheck_enabled == 2) +- kmemcheck_enabled = 0; +-} +- +-enum kmemcheck_method { +- KMEMCHECK_READ, +- KMEMCHECK_WRITE, +-}; +- +-static void kmemcheck_access(struct pt_regs *regs, +- unsigned long fallback_address, enum kmemcheck_method fallback_method) +-{ +- const uint8_t *insn; +- const uint8_t *insn_primary; +- unsigned int size; +- +- struct kmemcheck_context *data = this_cpu_ptr(&kmemcheck_context); +- +- /* Recursive fault -- ouch. */ +- if (data->busy) { +- kmemcheck_show_addr(fallback_address); +- kmemcheck_error_save_bug(regs); +- return; +- } +- +- data->busy = true; +- +- insn = (const uint8_t *) regs->ip; +- insn_primary = kmemcheck_opcode_get_primary(insn); +- +- kmemcheck_opcode_decode(insn, &size); +- +- switch (insn_primary[0]) { +-#ifdef CONFIG_KMEMCHECK_BITOPS_OK +- /* AND, OR, XOR */ +- /* +- * Unfortunately, these instructions have to be excluded from +- * our regular checking since they access only some (and not +- * all) bits. This clears out "bogus" bitfield-access warnings. +- */ +- case 0x80: +- case 0x81: +- case 0x82: +- case 0x83: +- switch ((insn_primary[1] >> 3) & 7) { +- /* OR */ +- case 1: +- /* AND */ +- case 4: +- /* XOR */ +- case 6: +- kmemcheck_write(regs, fallback_address, size); +- goto out; +- +- /* ADD */ +- case 0: +- /* ADC */ +- case 2: +- /* SBB */ +- case 3: +- /* SUB */ +- case 5: +- /* CMP */ +- case 7: +- break; +- } +- break; +-#endif +- +- /* MOVS, MOVSB, MOVSW, MOVSD */ +- case 0xa4: +- case 0xa5: +- /* +- * These instructions are special because they take two +- * addresses, but we only get one page fault. +- */ +- kmemcheck_copy(regs, regs->si, regs->di, size); +- goto out; +- +- /* CMPS, CMPSB, CMPSW, CMPSD */ +- case 0xa6: +- case 0xa7: +- kmemcheck_read(regs, regs->si, size); +- kmemcheck_read(regs, regs->di, size); +- goto out; +- } +- +- /* +- * If the opcode isn't special in any way, we use the data from the +- * page fault handler to determine the address and type of memory +- * access. +- */ +- switch (fallback_method) { +- case KMEMCHECK_READ: +- kmemcheck_read(regs, fallback_address, size); +- goto out; +- case KMEMCHECK_WRITE: +- kmemcheck_write(regs, fallback_address, size); +- goto out; +- } +- +-out: +- data->busy = false; +-} +- +-bool kmemcheck_fault(struct pt_regs *regs, unsigned long address, +- unsigned long error_code) +-{ +- pte_t *pte; +- +- /* +- * XXX: Is it safe to assume that memory accesses from virtual 86 +- * mode or non-kernel code segments will _never_ access kernel +- * memory (e.g. tracked pages)? For now, we need this to avoid +- * invoking kmemcheck for PnP BIOS calls. +- */ +- if (regs->flags & X86_VM_MASK) +- return false; +- if (regs->cs != __KERNEL_CS) +- return false; +- +- pte = kmemcheck_pte_lookup(address); +- if (!pte) +- return false; +- +- WARN_ON_ONCE(in_nmi()); +- +- if (error_code & 2) +- kmemcheck_access(regs, address, KMEMCHECK_WRITE); +- else +- kmemcheck_access(regs, address, KMEMCHECK_READ); +- +- kmemcheck_show(regs); +- return true; +-} +- +-bool kmemcheck_trap(struct pt_regs *regs) +-{ +- if (!kmemcheck_active(regs)) +- return false; +- +- /* We're done. */ +- kmemcheck_hide(regs); +- return true; +-} +diff --git a/arch/x86/mm/kmemcheck/opcode.c b/arch/x86/mm/kmemcheck/opcode.c +deleted file mode 100644 +index df8109ddf7fe..000000000000 +--- a/arch/x86/mm/kmemcheck/opcode.c ++++ /dev/null +@@ -1,107 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include +- +-#include "opcode.h" +- +-static bool opcode_is_prefix(uint8_t b) +-{ +- return +- /* Group 1 */ +- b == 0xf0 || b == 0xf2 || b == 0xf3 +- /* Group 2 */ +- || b == 0x2e || b == 0x36 || b == 0x3e || b == 0x26 +- || b == 0x64 || b == 0x65 +- /* Group 3 */ +- || b == 0x66 +- /* Group 4 */ +- || b == 0x67; +-} +- +-#ifdef CONFIG_X86_64 +-static bool opcode_is_rex_prefix(uint8_t b) +-{ +- return (b & 0xf0) == 0x40; +-} +-#else +-static bool opcode_is_rex_prefix(uint8_t b) +-{ +- return false; +-} +-#endif +- +-#define REX_W (1 << 3) +- +-/* +- * This is a VERY crude opcode decoder. We only need to find the size of the +- * load/store that caused our #PF and this should work for all the opcodes +- * that we care about. Moreover, the ones who invented this instruction set +- * should be shot. +- */ +-void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size) +-{ +- /* Default operand size */ +- int operand_size_override = 4; +- +- /* prefixes */ +- for (; opcode_is_prefix(*op); ++op) { +- if (*op == 0x66) +- operand_size_override = 2; +- } +- +- /* REX prefix */ +- if (opcode_is_rex_prefix(*op)) { +- uint8_t rex = *op; +- +- ++op; +- if (rex & REX_W) { +- switch (*op) { +- case 0x63: +- *size = 4; +- return; +- case 0x0f: +- ++op; +- +- switch (*op) { +- case 0xb6: +- case 0xbe: +- *size = 1; +- return; +- case 0xb7: +- case 0xbf: +- *size = 2; +- return; +- } +- +- break; +- } +- +- *size = 8; +- return; +- } +- } +- +- /* escape opcode */ +- if (*op == 0x0f) { +- ++op; +- +- /* +- * This is move with zero-extend and sign-extend, respectively; +- * we don't have to think about 0xb6/0xbe, because this is +- * already handled in the conditional below. +- */ +- if (*op == 0xb7 || *op == 0xbf) +- operand_size_override = 2; +- } +- +- *size = (*op & 1) ? operand_size_override : 1; +-} +- +-const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op) +-{ +- /* skip prefixes */ +- while (opcode_is_prefix(*op)) +- ++op; +- if (opcode_is_rex_prefix(*op)) +- ++op; +- return op; +-} +diff --git a/arch/x86/mm/kmemcheck/opcode.h b/arch/x86/mm/kmemcheck/opcode.h +deleted file mode 100644 +index 51a1ce94c24a..000000000000 +--- a/arch/x86/mm/kmemcheck/opcode.h ++++ /dev/null +@@ -1,10 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ARCH__X86__MM__KMEMCHECK__OPCODE_H +-#define ARCH__X86__MM__KMEMCHECK__OPCODE_H +- +-#include +- +-void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size); +-const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op); +- +-#endif +diff --git a/arch/x86/mm/kmemcheck/pte.c b/arch/x86/mm/kmemcheck/pte.c +deleted file mode 100644 +index 8a03be90272a..000000000000 +--- a/arch/x86/mm/kmemcheck/pte.c ++++ /dev/null +@@ -1,23 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include +- +-#include +- +-#include "pte.h" +- +-pte_t *kmemcheck_pte_lookup(unsigned long address) +-{ +- pte_t *pte; +- unsigned int level; +- +- pte = lookup_address(address, &level); +- if (!pte) +- return NULL; +- if (level != PG_LEVEL_4K) +- return NULL; +- if (!pte_hidden(*pte)) +- return NULL; +- +- return pte; +-} +- +diff --git a/arch/x86/mm/kmemcheck/pte.h b/arch/x86/mm/kmemcheck/pte.h +deleted file mode 100644 +index b595612382c2..000000000000 +--- a/arch/x86/mm/kmemcheck/pte.h ++++ /dev/null +@@ -1,11 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ARCH__X86__MM__KMEMCHECK__PTE_H +-#define ARCH__X86__MM__KMEMCHECK__PTE_H +- +-#include +- +-#include +- +-pte_t *kmemcheck_pte_lookup(unsigned long address); +- +-#endif +diff --git a/arch/x86/mm/kmemcheck/selftest.c b/arch/x86/mm/kmemcheck/selftest.c +deleted file mode 100644 +index 7ce0be1f99eb..000000000000 +--- a/arch/x86/mm/kmemcheck/selftest.c ++++ /dev/null +@@ -1,71 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include +-#include +- +-#include "opcode.h" +-#include "selftest.h" +- +-struct selftest_opcode { +- unsigned int expected_size; +- const uint8_t *insn; +- const char *desc; +-}; +- +-static const struct selftest_opcode selftest_opcodes[] = { +- /* REP MOVS */ +- {1, "\xf3\xa4", "rep movsb , "}, +- {4, "\xf3\xa5", "rep movsl , "}, +- +- /* MOVZX / MOVZXD */ +- {1, "\x66\x0f\xb6\x51\xf8", "movzwq , "}, +- {1, "\x0f\xb6\x51\xf8", "movzwq , "}, +- +- /* MOVSX / MOVSXD */ +- {1, "\x66\x0f\xbe\x51\xf8", "movswq , "}, +- {1, "\x0f\xbe\x51\xf8", "movswq , "}, +- +-#ifdef CONFIG_X86_64 +- /* MOVZX / MOVZXD */ +- {1, "\x49\x0f\xb6\x51\xf8", "movzbq , "}, +- {2, "\x49\x0f\xb7\x51\xf8", "movzbq , "}, +- +- /* MOVSX / MOVSXD */ +- {1, "\x49\x0f\xbe\x51\xf8", "movsbq , "}, +- {2, "\x49\x0f\xbf\x51\xf8", "movsbq , "}, +- {4, "\x49\x63\x51\xf8", "movslq , "}, +-#endif +-}; +- +-static bool selftest_opcode_one(const struct selftest_opcode *op) +-{ +- unsigned size; +- +- kmemcheck_opcode_decode(op->insn, &size); +- +- if (size == op->expected_size) +- return true; +- +- printk(KERN_WARNING "kmemcheck: opcode %s: expected size %d, got %d\n", +- op->desc, op->expected_size, size); +- return false; +-} +- +-static bool selftest_opcodes_all(void) +-{ +- bool pass = true; +- unsigned int i; +- +- for (i = 0; i < ARRAY_SIZE(selftest_opcodes); ++i) +- pass = pass && selftest_opcode_one(&selftest_opcodes[i]); +- +- return pass; +-} +- +-bool kmemcheck_selftest(void) +-{ +- bool pass = true; +- +- pass = pass && selftest_opcodes_all(); +- +- return pass; +-} +diff --git a/arch/x86/mm/kmemcheck/selftest.h b/arch/x86/mm/kmemcheck/selftest.h +deleted file mode 100644 +index 8d759aae453d..000000000000 +--- a/arch/x86/mm/kmemcheck/selftest.h ++++ /dev/null +@@ -1,7 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ARCH_X86_MM_KMEMCHECK_SELFTEST_H +-#define ARCH_X86_MM_KMEMCHECK_SELFTEST_H +- +-bool kmemcheck_selftest(void); +- +-#endif +diff --git a/arch/x86/mm/kmemcheck/shadow.c b/arch/x86/mm/kmemcheck/shadow.c +deleted file mode 100644 +index c2638a7d2c10..000000000000 +--- a/arch/x86/mm/kmemcheck/shadow.c ++++ /dev/null +@@ -1,173 +0,0 @@ +-#include +-#include +-#include +- +-#include +-#include +- +-#include "pte.h" +-#include "shadow.h" +- +-/* +- * Return the shadow address for the given address. Returns NULL if the +- * address is not tracked. +- * +- * We need to be extremely careful not to follow any invalid pointers, +- * because this function can be called for *any* possible address. +- */ +-void *kmemcheck_shadow_lookup(unsigned long address) +-{ +- pte_t *pte; +- struct page *page; +- +- if (!virt_addr_valid(address)) +- return NULL; +- +- pte = kmemcheck_pte_lookup(address); +- if (!pte) +- return NULL; +- +- page = virt_to_page(address); +- if (!page->shadow) +- return NULL; +- return page->shadow + (address & (PAGE_SIZE - 1)); +-} +- +-static void mark_shadow(void *address, unsigned int n, +- enum kmemcheck_shadow status) +-{ +- unsigned long addr = (unsigned long) address; +- unsigned long last_addr = addr + n - 1; +- unsigned long page = addr & PAGE_MASK; +- unsigned long last_page = last_addr & PAGE_MASK; +- unsigned int first_n; +- void *shadow; +- +- /* If the memory range crosses a page boundary, stop there. */ +- if (page == last_page) +- first_n = n; +- else +- first_n = page + PAGE_SIZE - addr; +- +- shadow = kmemcheck_shadow_lookup(addr); +- if (shadow) +- memset(shadow, status, first_n); +- +- addr += first_n; +- n -= first_n; +- +- /* Do full-page memset()s. */ +- while (n >= PAGE_SIZE) { +- shadow = kmemcheck_shadow_lookup(addr); +- if (shadow) +- memset(shadow, status, PAGE_SIZE); +- +- addr += PAGE_SIZE; +- n -= PAGE_SIZE; +- } +- +- /* Do the remaining page, if any. */ +- if (n > 0) { +- shadow = kmemcheck_shadow_lookup(addr); +- if (shadow) +- memset(shadow, status, n); +- } +-} +- +-void kmemcheck_mark_unallocated(void *address, unsigned int n) +-{ +- mark_shadow(address, n, KMEMCHECK_SHADOW_UNALLOCATED); +-} +- +-void kmemcheck_mark_uninitialized(void *address, unsigned int n) +-{ +- mark_shadow(address, n, KMEMCHECK_SHADOW_UNINITIALIZED); +-} +- +-/* +- * Fill the shadow memory of the given address such that the memory at that +- * address is marked as being initialized. +- */ +-void kmemcheck_mark_initialized(void *address, unsigned int n) +-{ +- mark_shadow(address, n, KMEMCHECK_SHADOW_INITIALIZED); +-} +-EXPORT_SYMBOL_GPL(kmemcheck_mark_initialized); +- +-void kmemcheck_mark_freed(void *address, unsigned int n) +-{ +- mark_shadow(address, n, KMEMCHECK_SHADOW_FREED); +-} +- +-void kmemcheck_mark_unallocated_pages(struct page *p, unsigned int n) +-{ +- unsigned int i; +- +- for (i = 0; i < n; ++i) +- kmemcheck_mark_unallocated(page_address(&p[i]), PAGE_SIZE); +-} +- +-void kmemcheck_mark_uninitialized_pages(struct page *p, unsigned int n) +-{ +- unsigned int i; +- +- for (i = 0; i < n; ++i) +- kmemcheck_mark_uninitialized(page_address(&p[i]), PAGE_SIZE); +-} +- +-void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n) +-{ +- unsigned int i; +- +- for (i = 0; i < n; ++i) +- kmemcheck_mark_initialized(page_address(&p[i]), PAGE_SIZE); +-} +- +-enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size) +-{ +-#ifdef CONFIG_KMEMCHECK_PARTIAL_OK +- uint8_t *x; +- unsigned int i; +- +- x = shadow; +- +- /* +- * Make sure _some_ bytes are initialized. Gcc frequently generates +- * code to access neighboring bytes. +- */ +- for (i = 0; i < size; ++i) { +- if (x[i] == KMEMCHECK_SHADOW_INITIALIZED) +- return x[i]; +- } +- +- return x[0]; +-#else +- return kmemcheck_shadow_test_all(shadow, size); +-#endif +-} +- +-enum kmemcheck_shadow kmemcheck_shadow_test_all(void *shadow, unsigned int size) +-{ +- uint8_t *x; +- unsigned int i; +- +- x = shadow; +- +- /* All bytes must be initialized. */ +- for (i = 0; i < size; ++i) { +- if (x[i] != KMEMCHECK_SHADOW_INITIALIZED) +- return x[i]; +- } +- +- return x[0]; +-} +- +-void kmemcheck_shadow_set(void *shadow, unsigned int size) +-{ +- uint8_t *x; +- unsigned int i; +- +- x = shadow; +- for (i = 0; i < size; ++i) +- x[i] = KMEMCHECK_SHADOW_INITIALIZED; +-} +diff --git a/arch/x86/mm/kmemcheck/shadow.h b/arch/x86/mm/kmemcheck/shadow.h +deleted file mode 100644 +index 49768dc18664..000000000000 +--- a/arch/x86/mm/kmemcheck/shadow.h ++++ /dev/null +@@ -1,19 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef ARCH__X86__MM__KMEMCHECK__SHADOW_H +-#define ARCH__X86__MM__KMEMCHECK__SHADOW_H +- +-enum kmemcheck_shadow { +- KMEMCHECK_SHADOW_UNALLOCATED, +- KMEMCHECK_SHADOW_UNINITIALIZED, +- KMEMCHECK_SHADOW_INITIALIZED, +- KMEMCHECK_SHADOW_FREED, +-}; +- +-void *kmemcheck_shadow_lookup(unsigned long address); +- +-enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size); +-enum kmemcheck_shadow kmemcheck_shadow_test_all(void *shadow, +- unsigned int size); +-void kmemcheck_shadow_set(void *shadow, unsigned int size); +- +-#endif +diff --git a/arch/x86/mm/kmmio.c b/arch/x86/mm/kmmio.c +index c21c2ed04612..aa44c3aa4cd5 100644 +--- a/arch/x86/mm/kmmio.c ++++ b/arch/x86/mm/kmmio.c +@@ -168,7 +168,7 @@ static int clear_page_presence(struct kmmio_fault_page *f, bool clear) + return -1; + } + +- __flush_tlb_one(f->addr); ++ __flush_tlb_one_kernel(f->addr); + return 0; + } + +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c +index dfb7d657cf43..3ed9a08885c5 100644 +--- a/arch/x86/mm/pageattr.c ++++ b/arch/x86/mm/pageattr.c +@@ -753,7 +753,7 @@ static int split_large_page(struct cpa_data *cpa, pte_t *kpte, + + if (!debug_pagealloc_enabled()) + spin_unlock(&cpa_lock); +- base = alloc_pages(GFP_KERNEL | __GFP_NOTRACK, 0); ++ base = alloc_pages(GFP_KERNEL, 0); + if (!debug_pagealloc_enabled()) + spin_lock(&cpa_lock); + if (!base) +@@ -904,7 +904,7 @@ static void unmap_pud_range(p4d_t *p4d, unsigned long start, unsigned long end) + + static int alloc_pte_page(pmd_t *pmd) + { +- pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK); ++ pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL); + if (!pte) + return -1; + +@@ -914,7 +914,7 @@ static int alloc_pte_page(pmd_t *pmd) + + static int alloc_pmd_page(pud_t *pud) + { +- pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK); ++ pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL); + if (!pmd) + return -1; + +@@ -1120,7 +1120,7 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr) + pgd_entry = cpa->pgd + pgd_index(addr); + + if (pgd_none(*pgd_entry)) { +- p4d = (p4d_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK); ++ p4d = (p4d_t *)get_zeroed_page(GFP_KERNEL); + if (!p4d) + return -1; + +@@ -1132,7 +1132,7 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr) + */ + p4d = p4d_offset(pgd_entry, addr); + if (p4d_none(*p4d)) { +- pud = (pud_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK); ++ pud = (pud_t *)get_zeroed_page(GFP_KERNEL); + if (!pud) + return -1; + +diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c +index 9b7bcbd33cc2..004abf9ebf12 100644 +--- a/arch/x86/mm/pgtable.c ++++ b/arch/x86/mm/pgtable.c +@@ -7,7 +7,7 @@ + #include + #include + +-#define PGALLOC_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | __GFP_ZERO) ++#define PGALLOC_GFP (GFP_KERNEL_ACCOUNT | __GFP_ZERO) + + #ifdef CONFIG_HIGHPTE + #define PGALLOC_USER_GFP __GFP_HIGHMEM +diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c +index c3c5274410a9..9bb7f0ab9fe6 100644 +--- a/arch/x86/mm/pgtable_32.c ++++ b/arch/x86/mm/pgtable_32.c +@@ -63,7 +63,7 @@ void set_pte_vaddr(unsigned long vaddr, pte_t pteval) + * It's enough to flush this one mapping. + * (PGE mappings get flushed as well) + */ +- __flush_tlb_one(vaddr); ++ __flush_tlb_one_kernel(vaddr); + } + + unsigned long __FIXADDR_TOP = 0xfffff000; +diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c +index 012d02624848..0c936435ea93 100644 +--- a/arch/x86/mm/tlb.c ++++ b/arch/x86/mm/tlb.c +@@ -492,7 +492,7 @@ static void flush_tlb_func_common(const struct flush_tlb_info *f, + * flush that changes context.tlb_gen from 2 to 3. If they get + * processed on this CPU in reverse order, we'll see + * local_tlb_gen == 1, mm_tlb_gen == 3, and end != TLB_FLUSH_ALL. +- * If we were to use __flush_tlb_single() and set local_tlb_gen to ++ * If we were to use __flush_tlb_one_user() and set local_tlb_gen to + * 3, we'd be break the invariant: we'd update local_tlb_gen above + * 1 without the full flush that's needed for tlb_gen 2. + * +@@ -513,7 +513,7 @@ static void flush_tlb_func_common(const struct flush_tlb_info *f, + + addr = f->start; + while (addr < f->end) { +- __flush_tlb_single(addr); ++ __flush_tlb_one_user(addr); + addr += PAGE_SIZE; + } + if (local) +@@ -660,7 +660,7 @@ static void do_kernel_range_flush(void *info) + + /* flush range by one by one 'invlpg' */ + for (addr = f->start; addr < f->end; addr += PAGE_SIZE) +- __flush_tlb_one(addr); ++ __flush_tlb_one_kernel(addr); + } + + void flush_tlb_kernel_range(unsigned long start, unsigned long end) +diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c +index 61975b6bcb1a..ad5d9538f0f9 100644 +--- a/arch/x86/platform/efi/efi_64.c ++++ b/arch/x86/platform/efi/efi_64.c +@@ -211,7 +211,7 @@ int __init efi_alloc_page_tables(void) + if (efi_enabled(EFI_OLD_MEMMAP)) + return 0; + +- gfp_mask = GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO; ++ gfp_mask = GFP_KERNEL | __GFP_ZERO; + efi_pgd = (pgd_t *)__get_free_pages(gfp_mask, PGD_ALLOCATION_ORDER); + if (!efi_pgd) + return -ENOMEM; +diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c +index 8538a6723171..7d5d53f36a7a 100644 +--- a/arch/x86/platform/uv/tlb_uv.c ++++ b/arch/x86/platform/uv/tlb_uv.c +@@ -299,7 +299,7 @@ static void bau_process_message(struct msg_desc *mdp, struct bau_control *bcp, + local_flush_tlb(); + stat->d_alltlb++; + } else { +- __flush_tlb_single(msg->address); ++ __flush_tlb_one_user(msg->address); + stat->d_onetlb++; + } + stat->d_requestee++; +diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c +index a0e2b8c6e5c7..d0b943a6b117 100644 +--- a/arch/x86/xen/mmu_pv.c ++++ b/arch/x86/xen/mmu_pv.c +@@ -1300,12 +1300,12 @@ static void xen_flush_tlb(void) + preempt_enable(); + } + +-static void xen_flush_tlb_single(unsigned long addr) ++static void xen_flush_tlb_one_user(unsigned long addr) + { + struct mmuext_op *op; + struct multicall_space mcs; + +- trace_xen_mmu_flush_tlb_single(addr); ++ trace_xen_mmu_flush_tlb_one_user(addr); + + preempt_disable(); + +@@ -2360,7 +2360,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { + + .flush_tlb_user = xen_flush_tlb, + .flush_tlb_kernel = xen_flush_tlb, +- .flush_tlb_single = xen_flush_tlb_single, ++ .flush_tlb_one_user = xen_flush_tlb_one_user, + .flush_tlb_others = xen_flush_tlb_others, + + .pgd_alloc = xen_pgd_alloc, +diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c +index 6083ba462f35..15812e553b95 100644 +--- a/arch/x86/xen/p2m.c ++++ b/arch/x86/xen/p2m.c +@@ -694,6 +694,9 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops, + int i, ret = 0; + pte_t *pte; + ++ if (xen_feature(XENFEAT_auto_translated_physmap)) ++ return 0; ++ + if (kmap_ops) { + ret = HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, + kmap_ops, count); +@@ -736,6 +739,9 @@ int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops, + { + int i, ret = 0; + ++ if (xen_feature(XENFEAT_auto_translated_physmap)) ++ return 0; ++ + for (i = 0; i < count; i++) { + unsigned long mfn = __pfn_to_mfn(page_to_pfn(pages[i])); + unsigned long pfn = page_to_pfn(pages[i]); +diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S +index 497cc55a0c16..96f26e026783 100644 +--- a/arch/x86/xen/xen-head.S ++++ b/arch/x86/xen/xen-head.S +@@ -9,7 +9,9 @@ + + #include + #include ++#include + #include ++#include + #include + + #include +@@ -35,6 +37,20 @@ ENTRY(startup_xen) + mov %_ASM_SI, xen_start_info + mov $init_thread_union+THREAD_SIZE, %_ASM_SP + ++#ifdef CONFIG_X86_64 ++ /* Set up %gs. ++ * ++ * The base of %gs always points to the bottom of the irqstack ++ * union. If the stack protector canary is enabled, it is ++ * located at %gs:40. Note that, on SMP, the boot cpu uses ++ * init data section till per cpu areas are set up. ++ */ ++ movl $MSR_GS_BASE,%ecx ++ movq $INIT_PER_CPU_VAR(irq_stack_union),%rax ++ cdq ++ wrmsr ++#endif ++ + jmp xen_start_kernel + END(startup_xen) + __FINIT +diff --git a/block/blk-wbt.c b/block/blk-wbt.c +index e59d59c11ebb..5c105514bca7 100644 +--- a/block/blk-wbt.c ++++ b/block/blk-wbt.c +@@ -698,7 +698,15 @@ u64 wbt_default_latency_nsec(struct request_queue *q) + + static int wbt_data_dir(const struct request *rq) + { +- return rq_data_dir(rq); ++ const int op = req_op(rq); ++ ++ if (op == REQ_OP_READ) ++ return READ; ++ else if (op == REQ_OP_WRITE || op == REQ_OP_FLUSH) ++ return WRITE; ++ ++ /* don't account */ ++ return -1; + } + + int wbt_init(struct request_queue *q) +diff --git a/crypto/xor.c b/crypto/xor.c +index 263af9fb45ea..bce9fe7af40a 100644 +--- a/crypto/xor.c ++++ b/crypto/xor.c +@@ -122,12 +122,7 @@ calibrate_xor_blocks(void) + goto out; + } + +- /* +- * Note: Since the memory is not actually used for _anything_ but to +- * test the XOR speed, we don't really want kmemcheck to warn about +- * reading uninitialized bytes here. +- */ +- b1 = (void *) __get_free_pages(GFP_KERNEL | __GFP_NOTRACK, 2); ++ b1 = (void *) __get_free_pages(GFP_KERNEL, 2); + if (!b1) { + printk(KERN_WARNING "xor: Yikes! No memory available.\n"); + return -ENOMEM; +diff --git a/drivers/base/core.c b/drivers/base/core.c +index 12ebd055724c..c8501cdb95f4 100644 +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -313,6 +313,9 @@ static void __device_link_del(struct device_link *link) + dev_info(link->consumer, "Dropping the link to %s\n", + dev_name(link->supplier)); + ++ if (link->flags & DL_FLAG_PM_RUNTIME) ++ pm_runtime_drop_link(link->consumer); ++ + list_del(&link->s_node); + list_del(&link->c_node); + device_link_free(link); +diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c +index 609227211295..fe4fd8aee19f 100644 +--- a/drivers/block/rbd.c ++++ b/drivers/block/rbd.c +@@ -124,11 +124,13 @@ static int atomic_dec_return_safe(atomic_t *v) + #define RBD_FEATURE_STRIPINGV2 (1ULL<<1) + #define RBD_FEATURE_EXCLUSIVE_LOCK (1ULL<<2) + #define RBD_FEATURE_DATA_POOL (1ULL<<7) ++#define RBD_FEATURE_OPERATIONS (1ULL<<8) + + #define RBD_FEATURES_ALL (RBD_FEATURE_LAYERING | \ + RBD_FEATURE_STRIPINGV2 | \ + RBD_FEATURE_EXCLUSIVE_LOCK | \ +- RBD_FEATURE_DATA_POOL) ++ RBD_FEATURE_DATA_POOL | \ ++ RBD_FEATURE_OPERATIONS) + + /* Features supported by this (client software) implementation. */ + +diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig +index 98a60db8e5d1..b33c8d6eb8c7 100644 +--- a/drivers/bluetooth/Kconfig ++++ b/drivers/bluetooth/Kconfig +@@ -66,6 +66,7 @@ config BT_HCIBTSDIO + + config BT_HCIUART + tristate "HCI UART driver" ++ depends on SERIAL_DEV_BUS || !SERIAL_DEV_BUS + depends on TTY + help + Bluetooth HCI UART driver. +@@ -80,7 +81,6 @@ config BT_HCIUART + config BT_HCIUART_SERDEV + bool + depends on SERIAL_DEV_BUS && BT_HCIUART +- depends on SERIAL_DEV_BUS=y || SERIAL_DEV_BUS=BT_HCIUART + default y + + config BT_HCIUART_H4 +diff --git a/drivers/char/hw_random/via-rng.c b/drivers/char/hw_random/via-rng.c +index d1f5bb534e0e..6e9df558325b 100644 +--- a/drivers/char/hw_random/via-rng.c ++++ b/drivers/char/hw_random/via-rng.c +@@ -162,7 +162,7 @@ static int via_rng_init(struct hwrng *rng) + /* Enable secondary noise source on CPUs where it is present. */ + + /* Nehemiah stepping 8 and higher */ +- if ((c->x86_model == 9) && (c->x86_mask > 7)) ++ if ((c->x86_model == 9) && (c->x86_stepping > 7)) + lo |= VIA_NOISESRC2; + + /* Esther */ +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 8ad92707e45f..ea0115cf5fc0 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -259,7 +259,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c +index 3a2ca0f79daf..d0c34df0529c 100644 +--- a/drivers/cpufreq/acpi-cpufreq.c ++++ b/drivers/cpufreq/acpi-cpufreq.c +@@ -629,7 +629,7 @@ static int acpi_cpufreq_blacklist(struct cpuinfo_x86 *c) + if (c->x86_vendor == X86_VENDOR_INTEL) { + if ((c->x86 == 15) && + (c->x86_model == 6) && +- (c->x86_mask == 8)) { ++ (c->x86_stepping == 8)) { + pr_info("Intel(R) Xeon(R) 7100 Errata AL30, processors may lock up on frequency changes: disabling acpi-cpufreq\n"); + return -ENODEV; + } +diff --git a/drivers/cpufreq/longhaul.c b/drivers/cpufreq/longhaul.c +index c46a12df40dd..d5e27bc7585a 100644 +--- a/drivers/cpufreq/longhaul.c ++++ b/drivers/cpufreq/longhaul.c +@@ -775,7 +775,7 @@ static int longhaul_cpu_init(struct cpufreq_policy *policy) + break; + + case 7: +- switch (c->x86_mask) { ++ switch (c->x86_stepping) { + case 0: + longhaul_version = TYPE_LONGHAUL_V1; + cpu_model = CPU_SAMUEL2; +@@ -787,7 +787,7 @@ static int longhaul_cpu_init(struct cpufreq_policy *policy) + break; + case 1 ... 15: + longhaul_version = TYPE_LONGHAUL_V2; +- if (c->x86_mask < 8) { ++ if (c->x86_stepping < 8) { + cpu_model = CPU_SAMUEL2; + cpuname = "C3 'Samuel 2' [C5B]"; + } else { +@@ -814,7 +814,7 @@ static int longhaul_cpu_init(struct cpufreq_policy *policy) + numscales = 32; + memcpy(mults, nehemiah_mults, sizeof(nehemiah_mults)); + memcpy(eblcr, nehemiah_eblcr, sizeof(nehemiah_eblcr)); +- switch (c->x86_mask) { ++ switch (c->x86_stepping) { + case 0 ... 1: + cpu_model = CPU_NEHEMIAH; + cpuname = "C3 'Nehemiah A' [C5XLOE]"; +diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c +index fd77812313f3..a25741b1281b 100644 +--- a/drivers/cpufreq/p4-clockmod.c ++++ b/drivers/cpufreq/p4-clockmod.c +@@ -168,7 +168,7 @@ static int cpufreq_p4_cpu_init(struct cpufreq_policy *policy) + #endif + + /* Errata workaround */ +- cpuid = (c->x86 << 8) | (c->x86_model << 4) | c->x86_mask; ++ cpuid = (c->x86 << 8) | (c->x86_model << 4) | c->x86_stepping; + switch (cpuid) { + case 0x0f07: + case 0x0f0a: +diff --git a/drivers/cpufreq/powernow-k7.c b/drivers/cpufreq/powernow-k7.c +index 80ac313e6c59..302e9ce793a0 100644 +--- a/drivers/cpufreq/powernow-k7.c ++++ b/drivers/cpufreq/powernow-k7.c +@@ -131,7 +131,7 @@ static int check_powernow(void) + return 0; + } + +- if ((c->x86_model == 6) && (c->x86_mask == 0)) { ++ if ((c->x86_model == 6) && (c->x86_stepping == 0)) { + pr_info("K7 660[A0] core detected, enabling errata workarounds\n"); + have_a0 = 1; + } +diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c +index 3ff5160451b4..7e1e5bbcf430 100644 +--- a/drivers/cpufreq/powernv-cpufreq.c ++++ b/drivers/cpufreq/powernv-cpufreq.c +@@ -287,9 +287,9 @@ static int init_powernv_pstates(void) + + if (id == pstate_max) + powernv_pstate_info.max = i; +- else if (id == pstate_nominal) ++ if (id == pstate_nominal) + powernv_pstate_info.nominal = i; +- else if (id == pstate_min) ++ if (id == pstate_min) + powernv_pstate_info.min = i; + + if (powernv_pstate_info.wof_enabled && id == pstate_turbo) { +diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c +index 41bc5397f4bb..4fa5adf16c70 100644 +--- a/drivers/cpufreq/speedstep-centrino.c ++++ b/drivers/cpufreq/speedstep-centrino.c +@@ -37,7 +37,7 @@ struct cpu_id + { + __u8 x86; /* CPU family */ + __u8 x86_model; /* model */ +- __u8 x86_mask; /* stepping */ ++ __u8 x86_stepping; /* stepping */ + }; + + enum { +@@ -277,7 +277,7 @@ static int centrino_verify_cpu_id(const struct cpuinfo_x86 *c, + { + if ((c->x86 == x->x86) && + (c->x86_model == x->x86_model) && +- (c->x86_mask == x->x86_mask)) ++ (c->x86_stepping == x->x86_stepping)) + return 1; + return 0; + } +diff --git a/drivers/cpufreq/speedstep-lib.c b/drivers/cpufreq/speedstep-lib.c +index ccab452a4ef5..dd7bb00991f4 100644 +--- a/drivers/cpufreq/speedstep-lib.c ++++ b/drivers/cpufreq/speedstep-lib.c +@@ -272,9 +272,9 @@ unsigned int speedstep_detect_processor(void) + ebx = cpuid_ebx(0x00000001); + ebx &= 0x000000FF; + +- pr_debug("ebx value is %x, x86_mask is %x\n", ebx, c->x86_mask); ++ pr_debug("ebx value is %x, x86_stepping is %x\n", ebx, c->x86_stepping); + +- switch (c->x86_mask) { ++ switch (c->x86_stepping) { + case 4: + /* + * B-stepping [M-P4-M] +@@ -361,7 +361,7 @@ unsigned int speedstep_detect_processor(void) + msr_lo, msr_hi); + if ((msr_hi & (1<<18)) && + (relaxed_check ? 1 : (msr_hi & (3<<24)))) { +- if (c->x86_mask == 0x01) { ++ if (c->x86_stepping == 0x01) { + pr_debug("early PIII version\n"); + return SPEEDSTEP_CPU_PIII_C_EARLY; + } else +diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c +index b3869748cc6b..c939f18f70cc 100644 +--- a/drivers/crypto/padlock-aes.c ++++ b/drivers/crypto/padlock-aes.c +@@ -512,7 +512,7 @@ static int __init padlock_init(void) + + printk(KERN_NOTICE PFX "Using VIA PadLock ACE for AES algorithm.\n"); + +- if (c->x86 == 6 && c->x86_model == 15 && c->x86_mask == 2) { ++ if (c->x86 == 6 && c->x86_model == 15 && c->x86_stepping == 2) { + ecb_fetch_blocks = MAX_ECB_FETCH_BLOCKS; + cbc_fetch_blocks = MAX_CBC_FETCH_BLOCKS; + printk(KERN_NOTICE PFX "VIA Nano stepping 2 detected: enabling workaround.\n"); +diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-prng.c b/drivers/crypto/sunxi-ss/sun4i-ss-prng.c +index 0d01d1624252..63d636424161 100644 +--- a/drivers/crypto/sunxi-ss/sun4i-ss-prng.c ++++ b/drivers/crypto/sunxi-ss/sun4i-ss-prng.c +@@ -28,7 +28,7 @@ int sun4i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src, + algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng); + ss = algt->ss; + +- spin_lock(&ss->slock); ++ spin_lock_bh(&ss->slock); + + writel(mode, ss->base + SS_CTL); + +@@ -51,6 +51,6 @@ int sun4i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src, + } + + writel(0, ss->base + SS_CTL); +- spin_unlock(&ss->slock); +- return dlen; ++ spin_unlock_bh(&ss->slock); ++ return 0; + } +diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c +index a1c4ee818614..202476fbbc4c 100644 +--- a/drivers/devfreq/devfreq.c ++++ b/drivers/devfreq/devfreq.c +@@ -676,7 +676,7 @@ struct devfreq *devm_devfreq_add_device(struct device *dev, + devfreq = devfreq_add_device(dev, profile, governor_name, data); + if (IS_ERR(devfreq)) { + devres_free(ptr); +- return ERR_PTR(-ENOMEM); ++ return devfreq; + } + + *ptr = devfreq; +diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c +index b44d9d7db347..012fa3d1f407 100644 +--- a/drivers/dma-buf/reservation.c ++++ b/drivers/dma-buf/reservation.c +@@ -455,13 +455,15 @@ long reservation_object_wait_timeout_rcu(struct reservation_object *obj, + unsigned long timeout) + { + struct dma_fence *fence; +- unsigned seq, shared_count, i = 0; ++ unsigned seq, shared_count; + long ret = timeout ? timeout : 1; ++ int i; + + retry: + shared_count = 0; + seq = read_seqcount_begin(&obj->seq); + rcu_read_lock(); ++ i = -1; + + fence = rcu_dereference(obj->fence_excl); + if (fence && !test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags)) { +@@ -477,14 +479,14 @@ long reservation_object_wait_timeout_rcu(struct reservation_object *obj, + fence = NULL; + } + +- if (!fence && wait_all) { ++ if (wait_all) { + struct reservation_object_list *fobj = + rcu_dereference(obj->fence); + + if (fobj) + shared_count = fobj->shared_count; + +- for (i = 0; i < shared_count; ++i) { ++ for (i = 0; !fence && i < shared_count; ++i) { + struct dma_fence *lfence = rcu_dereference(fobj->shared[i]); + + if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c +index ac2f30295efe..59ce32e405ac 100644 +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -3147,7 +3147,7 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt) + struct amd64_family_type *fam_type = NULL; + + pvt->ext_model = boot_cpu_data.x86_model >> 4; +- pvt->stepping = boot_cpu_data.x86_mask; ++ pvt->stepping = boot_cpu_data.x86_stepping; + pvt->model = boot_cpu_data.x86_model; + pvt->fam = boot_cpu_data.x86; + +diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.h b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.h +index 262c8ded87c0..dafc9c4b1e6f 100644 +--- a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.h ++++ b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.h +@@ -40,7 +40,7 @@ struct smu_table_entry { + uint32_t table_addr_high; + uint32_t table_addr_low; + uint8_t *table; +- uint32_t handle; ++ unsigned long handle; + }; + + struct smu_table_array { +diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c +index 6f3849ec0c1d..e9f1e6fe7b94 100644 +--- a/drivers/gpu/drm/ast/ast_mode.c ++++ b/drivers/gpu/drm/ast/ast_mode.c +@@ -644,6 +644,7 @@ static void ast_crtc_commit(struct drm_crtc *crtc) + { + struct ast_private *ast = crtc->dev->dev_private; + ast_set_index_reg_mask(ast, AST_IO_SEQ_PORT, 0x1, 0xdf, 0); ++ ast_crtc_load_lut(crtc); + } + + +diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h +index 18d9da53282b..3f818412765c 100644 +--- a/drivers/gpu/drm/i915/i915_drv.h ++++ b/drivers/gpu/drm/i915/i915_drv.h +@@ -842,6 +842,7 @@ struct intel_device_info { + u8 gen; + u16 gen_mask; + enum intel_platform platform; ++ u8 gt; /* GT number, 0 if undefined */ + u8 ring_mask; /* Rings supported by the HW */ + u8 num_rings; + #define DEFINE_FLAG(name) u8 name:1 +diff --git a/drivers/gpu/drm/i915/i915_pci.c b/drivers/gpu/drm/i915/i915_pci.c +index 09d97e0990b7..2985f1e418ad 100644 +--- a/drivers/gpu/drm/i915/i915_pci.c ++++ b/drivers/gpu/drm/i915/i915_pci.c +@@ -224,15 +224,34 @@ static const struct intel_device_info intel_ironlake_m_info = { + GEN_DEFAULT_PIPEOFFSETS, \ + CURSOR_OFFSETS + +-static const struct intel_device_info intel_sandybridge_d_info = { +- GEN6_FEATURES, +- .platform = INTEL_SANDYBRIDGE, ++#define SNB_D_PLATFORM \ ++ GEN6_FEATURES, \ ++ .platform = INTEL_SANDYBRIDGE ++ ++static const struct intel_device_info intel_sandybridge_d_gt1_info = { ++ SNB_D_PLATFORM, ++ .gt = 1, + }; + +-static const struct intel_device_info intel_sandybridge_m_info = { +- GEN6_FEATURES, +- .platform = INTEL_SANDYBRIDGE, +- .is_mobile = 1, ++static const struct intel_device_info intel_sandybridge_d_gt2_info = { ++ SNB_D_PLATFORM, ++ .gt = 2, ++}; ++ ++#define SNB_M_PLATFORM \ ++ GEN6_FEATURES, \ ++ .platform = INTEL_SANDYBRIDGE, \ ++ .is_mobile = 1 ++ ++ ++static const struct intel_device_info intel_sandybridge_m_gt1_info = { ++ SNB_M_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_sandybridge_m_gt2_info = { ++ SNB_M_PLATFORM, ++ .gt = 2, + }; + + #define GEN7_FEATURES \ +@@ -249,22 +268,41 @@ static const struct intel_device_info intel_sandybridge_m_info = { + GEN_DEFAULT_PIPEOFFSETS, \ + IVB_CURSOR_OFFSETS + +-static const struct intel_device_info intel_ivybridge_d_info = { +- GEN7_FEATURES, +- .platform = INTEL_IVYBRIDGE, +- .has_l3_dpf = 1, ++#define IVB_D_PLATFORM \ ++ GEN7_FEATURES, \ ++ .platform = INTEL_IVYBRIDGE, \ ++ .has_l3_dpf = 1 ++ ++static const struct intel_device_info intel_ivybridge_d_gt1_info = { ++ IVB_D_PLATFORM, ++ .gt = 1, + }; + +-static const struct intel_device_info intel_ivybridge_m_info = { +- GEN7_FEATURES, +- .platform = INTEL_IVYBRIDGE, +- .is_mobile = 1, +- .has_l3_dpf = 1, ++static const struct intel_device_info intel_ivybridge_d_gt2_info = { ++ IVB_D_PLATFORM, ++ .gt = 2, ++}; ++ ++#define IVB_M_PLATFORM \ ++ GEN7_FEATURES, \ ++ .platform = INTEL_IVYBRIDGE, \ ++ .is_mobile = 1, \ ++ .has_l3_dpf = 1 ++ ++static const struct intel_device_info intel_ivybridge_m_gt1_info = { ++ IVB_M_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_ivybridge_m_gt2_info = { ++ IVB_M_PLATFORM, ++ .gt = 2, + }; + + static const struct intel_device_info intel_ivybridge_q_info = { + GEN7_FEATURES, + .platform = INTEL_IVYBRIDGE, ++ .gt = 2, + .num_pipes = 0, /* legal, last one wins */ + .has_l3_dpf = 1, + }; +@@ -299,10 +337,24 @@ static const struct intel_device_info intel_valleyview_info = { + .has_rc6p = 0 /* RC6p removed-by HSW */, \ + .has_runtime_pm = 1 + +-static const struct intel_device_info intel_haswell_info = { +- HSW_FEATURES, +- .platform = INTEL_HASWELL, +- .has_l3_dpf = 1, ++#define HSW_PLATFORM \ ++ HSW_FEATURES, \ ++ .platform = INTEL_HASWELL, \ ++ .has_l3_dpf = 1 ++ ++static const struct intel_device_info intel_haswell_gt1_info = { ++ HSW_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_haswell_gt2_info = { ++ HSW_PLATFORM, ++ .gt = 2, ++}; ++ ++static const struct intel_device_info intel_haswell_gt3_info = { ++ HSW_PLATFORM, ++ .gt = 3, + }; + + #define BDW_FEATURES \ +@@ -318,12 +370,27 @@ static const struct intel_device_info intel_haswell_info = { + .gen = 8, \ + .platform = INTEL_BROADWELL + +-static const struct intel_device_info intel_broadwell_info = { ++static const struct intel_device_info intel_broadwell_gt1_info = { ++ BDW_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_broadwell_gt2_info = { + BDW_PLATFORM, ++ .gt = 2, ++}; ++ ++static const struct intel_device_info intel_broadwell_rsvd_info = { ++ BDW_PLATFORM, ++ .gt = 3, ++ /* According to the device ID those devices are GT3, they were ++ * previously treated as not GT3, keep it like that. ++ */ + }; + + static const struct intel_device_info intel_broadwell_gt3_info = { + BDW_PLATFORM, ++ .gt = 3, + .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, + }; + +@@ -358,13 +425,29 @@ static const struct intel_device_info intel_cherryview_info = { + .has_guc = 1, \ + .ddb_size = 896 + +-static const struct intel_device_info intel_skylake_info = { ++static const struct intel_device_info intel_skylake_gt1_info = { + SKL_PLATFORM, ++ .gt = 1, + }; + +-static const struct intel_device_info intel_skylake_gt3_info = { ++static const struct intel_device_info intel_skylake_gt2_info = { + SKL_PLATFORM, +- .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, ++ .gt = 2, ++}; ++ ++#define SKL_GT3_PLUS_PLATFORM \ ++ SKL_PLATFORM, \ ++ .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING ++ ++ ++static const struct intel_device_info intel_skylake_gt3_info = { ++ SKL_GT3_PLUS_PLATFORM, ++ .gt = 3, ++}; ++ ++static const struct intel_device_info intel_skylake_gt4_info = { ++ SKL_GT3_PLUS_PLATFORM, ++ .gt = 4, + }; + + #define GEN9_LP_FEATURES \ +@@ -416,12 +499,19 @@ static const struct intel_device_info intel_geminilake_info = { + .has_guc = 1, \ + .ddb_size = 896 + +-static const struct intel_device_info intel_kabylake_info = { ++static const struct intel_device_info intel_kabylake_gt1_info = { + KBL_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_kabylake_gt2_info = { ++ KBL_PLATFORM, ++ .gt = 2, + }; + + static const struct intel_device_info intel_kabylake_gt3_info = { + KBL_PLATFORM, ++ .gt = 3, + .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, + }; + +@@ -434,20 +524,28 @@ static const struct intel_device_info intel_kabylake_gt3_info = { + .has_guc = 1, \ + .ddb_size = 896 + +-static const struct intel_device_info intel_coffeelake_info = { ++static const struct intel_device_info intel_coffeelake_gt1_info = { ++ CFL_PLATFORM, ++ .gt = 1, ++}; ++ ++static const struct intel_device_info intel_coffeelake_gt2_info = { + CFL_PLATFORM, ++ .gt = 2, + }; + + static const struct intel_device_info intel_coffeelake_gt3_info = { + CFL_PLATFORM, ++ .gt = 3, + .ring_mask = RENDER_RING | BSD_RING | BLT_RING | VEBOX_RING | BSD2_RING, + }; + +-static const struct intel_device_info intel_cannonlake_info = { ++static const struct intel_device_info intel_cannonlake_gt2_info = { + BDW_FEATURES, + .is_alpha_support = 1, + .platform = INTEL_CANNONLAKE, + .gen = 10, ++ .gt = 2, + .ddb_size = 1024, + .has_csr = 1, + .color = { .degamma_lut_size = 0, .gamma_lut_size = 1024 } +@@ -476,31 +574,40 @@ static const struct pci_device_id pciidlist[] = { + INTEL_PINEVIEW_IDS(&intel_pineview_info), + INTEL_IRONLAKE_D_IDS(&intel_ironlake_d_info), + INTEL_IRONLAKE_M_IDS(&intel_ironlake_m_info), +- INTEL_SNB_D_IDS(&intel_sandybridge_d_info), +- INTEL_SNB_M_IDS(&intel_sandybridge_m_info), ++ INTEL_SNB_D_GT1_IDS(&intel_sandybridge_d_gt1_info), ++ INTEL_SNB_D_GT2_IDS(&intel_sandybridge_d_gt2_info), ++ INTEL_SNB_M_GT1_IDS(&intel_sandybridge_m_gt1_info), ++ INTEL_SNB_M_GT2_IDS(&intel_sandybridge_m_gt2_info), + INTEL_IVB_Q_IDS(&intel_ivybridge_q_info), /* must be first IVB */ +- INTEL_IVB_M_IDS(&intel_ivybridge_m_info), +- INTEL_IVB_D_IDS(&intel_ivybridge_d_info), +- INTEL_HSW_IDS(&intel_haswell_info), ++ INTEL_IVB_M_GT1_IDS(&intel_ivybridge_m_gt1_info), ++ INTEL_IVB_M_GT2_IDS(&intel_ivybridge_m_gt2_info), ++ INTEL_IVB_D_GT1_IDS(&intel_ivybridge_d_gt1_info), ++ INTEL_IVB_D_GT2_IDS(&intel_ivybridge_d_gt2_info), ++ INTEL_HSW_GT1_IDS(&intel_haswell_gt1_info), ++ INTEL_HSW_GT2_IDS(&intel_haswell_gt2_info), ++ INTEL_HSW_GT3_IDS(&intel_haswell_gt3_info), + INTEL_VLV_IDS(&intel_valleyview_info), +- INTEL_BDW_GT12_IDS(&intel_broadwell_info), ++ INTEL_BDW_GT1_IDS(&intel_broadwell_gt1_info), ++ INTEL_BDW_GT2_IDS(&intel_broadwell_gt2_info), + INTEL_BDW_GT3_IDS(&intel_broadwell_gt3_info), +- INTEL_BDW_RSVD_IDS(&intel_broadwell_info), ++ INTEL_BDW_RSVD_IDS(&intel_broadwell_rsvd_info), + INTEL_CHV_IDS(&intel_cherryview_info), +- INTEL_SKL_GT1_IDS(&intel_skylake_info), +- INTEL_SKL_GT2_IDS(&intel_skylake_info), ++ INTEL_SKL_GT1_IDS(&intel_skylake_gt1_info), ++ INTEL_SKL_GT2_IDS(&intel_skylake_gt2_info), + INTEL_SKL_GT3_IDS(&intel_skylake_gt3_info), +- INTEL_SKL_GT4_IDS(&intel_skylake_gt3_info), ++ INTEL_SKL_GT4_IDS(&intel_skylake_gt4_info), + INTEL_BXT_IDS(&intel_broxton_info), + INTEL_GLK_IDS(&intel_geminilake_info), +- INTEL_KBL_GT1_IDS(&intel_kabylake_info), +- INTEL_KBL_GT2_IDS(&intel_kabylake_info), ++ INTEL_KBL_GT1_IDS(&intel_kabylake_gt1_info), ++ INTEL_KBL_GT2_IDS(&intel_kabylake_gt2_info), + INTEL_KBL_GT3_IDS(&intel_kabylake_gt3_info), + INTEL_KBL_GT4_IDS(&intel_kabylake_gt3_info), +- INTEL_CFL_S_IDS(&intel_coffeelake_info), +- INTEL_CFL_H_IDS(&intel_coffeelake_info), +- INTEL_CFL_U_IDS(&intel_coffeelake_gt3_info), +- INTEL_CNL_IDS(&intel_cannonlake_info), ++ INTEL_CFL_S_GT1_IDS(&intel_coffeelake_gt1_info), ++ INTEL_CFL_S_GT2_IDS(&intel_coffeelake_gt2_info), ++ INTEL_CFL_H_GT2_IDS(&intel_coffeelake_gt2_info), ++ INTEL_CFL_U_GT3_IDS(&intel_coffeelake_gt3_info), ++ INTEL_CNL_U_GT2_IDS(&intel_cannonlake_gt2_info), ++ INTEL_CNL_Y_GT2_IDS(&intel_cannonlake_gt2_info), + {0, 0, 0} + }; + MODULE_DEVICE_TABLE(pci, pciidlist); +diff --git a/drivers/gpu/drm/qxl/qxl_cmd.c b/drivers/gpu/drm/qxl/qxl_cmd.c +index 74fc9362ecf9..3eb920851141 100644 +--- a/drivers/gpu/drm/qxl/qxl_cmd.c ++++ b/drivers/gpu/drm/qxl/qxl_cmd.c +@@ -388,7 +388,11 @@ void qxl_io_create_primary(struct qxl_device *qdev, + create->width = bo->surf.width; + create->height = bo->surf.height; + create->stride = bo->surf.stride; +- create->mem = qxl_bo_physical_address(qdev, bo, offset); ++ if (bo->shadow) { ++ create->mem = qxl_bo_physical_address(qdev, bo->shadow, offset); ++ } else { ++ create->mem = qxl_bo_physical_address(qdev, bo, offset); ++ } + + QXL_INFO(qdev, "%s: mem = %llx, from %p\n", __func__, create->mem, + bo->kptr); +diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c +index afbf50d0c08f..9a9214ae0fb5 100644 +--- a/drivers/gpu/drm/qxl/qxl_display.c ++++ b/drivers/gpu/drm/qxl/qxl_display.c +@@ -289,6 +289,7 @@ static void qxl_crtc_destroy(struct drm_crtc *crtc) + { + struct qxl_crtc *qxl_crtc = to_qxl_crtc(crtc); + ++ qxl_bo_unref(&qxl_crtc->cursor_bo); + drm_crtc_cleanup(crtc); + kfree(qxl_crtc); + } +@@ -305,7 +306,9 @@ static const struct drm_crtc_funcs qxl_crtc_funcs = { + void qxl_user_framebuffer_destroy(struct drm_framebuffer *fb) + { + struct qxl_framebuffer *qxl_fb = to_qxl_framebuffer(fb); ++ struct qxl_bo *bo = gem_to_qxl_bo(qxl_fb->obj); + ++ WARN_ON(bo->shadow); + drm_gem_object_unreference_unlocked(qxl_fb->obj); + drm_framebuffer_cleanup(fb); + kfree(qxl_fb); +@@ -493,6 +496,53 @@ static int qxl_primary_atomic_check(struct drm_plane *plane, + return 0; + } + ++static int qxl_primary_apply_cursor(struct drm_plane *plane) ++{ ++ struct drm_device *dev = plane->dev; ++ struct qxl_device *qdev = dev->dev_private; ++ struct drm_framebuffer *fb = plane->state->fb; ++ struct qxl_crtc *qcrtc = to_qxl_crtc(plane->state->crtc); ++ struct qxl_cursor_cmd *cmd; ++ struct qxl_release *release; ++ int ret = 0; ++ ++ if (!qcrtc->cursor_bo) ++ return 0; ++ ++ ret = qxl_alloc_release_reserved(qdev, sizeof(*cmd), ++ QXL_RELEASE_CURSOR_CMD, ++ &release, NULL); ++ if (ret) ++ return ret; ++ ++ ret = qxl_release_list_add(release, qcrtc->cursor_bo); ++ if (ret) ++ goto out_free_release; ++ ++ ret = qxl_release_reserve_list(release, false); ++ if (ret) ++ goto out_free_release; ++ ++ cmd = (struct qxl_cursor_cmd *)qxl_release_map(qdev, release); ++ cmd->type = QXL_CURSOR_SET; ++ cmd->u.set.position.x = plane->state->crtc_x + fb->hot_x; ++ cmd->u.set.position.y = plane->state->crtc_y + fb->hot_y; ++ ++ cmd->u.set.shape = qxl_bo_physical_address(qdev, qcrtc->cursor_bo, 0); ++ ++ cmd->u.set.visible = 1; ++ qxl_release_unmap(qdev, release, &cmd->release_info); ++ ++ qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); ++ qxl_release_fence_buffer_objects(release); ++ ++ return ret; ++ ++out_free_release: ++ qxl_release_free(qdev, release); ++ return ret; ++} ++ + static void qxl_primary_atomic_update(struct drm_plane *plane, + struct drm_plane_state *old_state) + { +@@ -508,6 +558,8 @@ static void qxl_primary_atomic_update(struct drm_plane *plane, + .x2 = qfb->base.width, + .y2 = qfb->base.height + }; ++ int ret; ++ bool same_shadow = false; + + if (old_state->fb) { + qfb_old = to_qxl_framebuffer(old_state->fb); +@@ -519,15 +571,28 @@ static void qxl_primary_atomic_update(struct drm_plane *plane, + if (bo == bo_old) + return; + ++ if (bo_old && bo_old->shadow && bo->shadow && ++ bo_old->shadow == bo->shadow) { ++ same_shadow = true; ++ } ++ + if (bo_old && bo_old->is_primary) { +- qxl_io_destroy_primary(qdev); ++ if (!same_shadow) ++ qxl_io_destroy_primary(qdev); + bo_old->is_primary = false; ++ ++ ret = qxl_primary_apply_cursor(plane); ++ if (ret) ++ DRM_ERROR( ++ "could not set cursor after creating primary"); + } + + if (!bo->is_primary) { +- qxl_io_create_primary(qdev, 0, bo); ++ if (!same_shadow) ++ qxl_io_create_primary(qdev, 0, bo); + bo->is_primary = true; + } ++ + qxl_draw_dirty_fb(qdev, qfb, bo, 0, 0, &norect, 1, 1); + } + +@@ -560,11 +625,12 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane, + struct drm_device *dev = plane->dev; + struct qxl_device *qdev = dev->dev_private; + struct drm_framebuffer *fb = plane->state->fb; ++ struct qxl_crtc *qcrtc = to_qxl_crtc(plane->state->crtc); + struct qxl_release *release; + struct qxl_cursor_cmd *cmd; + struct qxl_cursor *cursor; + struct drm_gem_object *obj; +- struct qxl_bo *cursor_bo, *user_bo = NULL; ++ struct qxl_bo *cursor_bo = NULL, *user_bo = NULL; + int ret; + void *user_ptr; + int size = 64*64*4; +@@ -617,6 +683,10 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane, + cmd->u.set.shape = qxl_bo_physical_address(qdev, + cursor_bo, 0); + cmd->type = QXL_CURSOR_SET; ++ ++ qxl_bo_unref(&qcrtc->cursor_bo); ++ qcrtc->cursor_bo = cursor_bo; ++ cursor_bo = NULL; + } else { + + ret = qxl_release_reserve_list(release, true); +@@ -634,6 +704,8 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane, + qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); + qxl_release_fence_buffer_objects(release); + ++ qxl_bo_unref(&cursor_bo); ++ + return; + + out_backoff: +@@ -679,8 +751,9 @@ static void qxl_cursor_atomic_disable(struct drm_plane *plane, + static int qxl_plane_prepare_fb(struct drm_plane *plane, + struct drm_plane_state *new_state) + { ++ struct qxl_device *qdev = plane->dev->dev_private; + struct drm_gem_object *obj; +- struct qxl_bo *user_bo; ++ struct qxl_bo *user_bo, *old_bo = NULL; + int ret; + + if (!new_state->fb) +@@ -689,6 +762,32 @@ static int qxl_plane_prepare_fb(struct drm_plane *plane, + obj = to_qxl_framebuffer(new_state->fb)->obj; + user_bo = gem_to_qxl_bo(obj); + ++ if (plane->type == DRM_PLANE_TYPE_PRIMARY && ++ user_bo->is_dumb && !user_bo->shadow) { ++ if (plane->state->fb) { ++ obj = to_qxl_framebuffer(plane->state->fb)->obj; ++ old_bo = gem_to_qxl_bo(obj); ++ } ++ if (old_bo && old_bo->shadow && ++ user_bo->gem_base.size == old_bo->gem_base.size && ++ plane->state->crtc == new_state->crtc && ++ plane->state->crtc_w == new_state->crtc_w && ++ plane->state->crtc_h == new_state->crtc_h && ++ plane->state->src_x == new_state->src_x && ++ plane->state->src_y == new_state->src_y && ++ plane->state->src_w == new_state->src_w && ++ plane->state->src_h == new_state->src_h && ++ plane->state->rotation == new_state->rotation && ++ plane->state->zpos == new_state->zpos) { ++ drm_gem_object_get(&old_bo->shadow->gem_base); ++ user_bo->shadow = old_bo->shadow; ++ } else { ++ qxl_bo_create(qdev, user_bo->gem_base.size, ++ true, true, QXL_GEM_DOMAIN_VRAM, NULL, ++ &user_bo->shadow); ++ } ++ } ++ + ret = qxl_bo_pin(user_bo, QXL_GEM_DOMAIN_CPU, NULL); + if (ret) + return ret; +@@ -713,6 +812,11 @@ static void qxl_plane_cleanup_fb(struct drm_plane *plane, + obj = to_qxl_framebuffer(old_state->fb)->obj; + user_bo = gem_to_qxl_bo(obj); + qxl_bo_unpin(user_bo); ++ ++ if (user_bo->shadow && !user_bo->is_primary) { ++ drm_gem_object_put_unlocked(&user_bo->shadow->gem_base); ++ user_bo->shadow = NULL; ++ } + } + + static const uint32_t qxl_cursor_plane_formats[] = { +diff --git a/drivers/gpu/drm/qxl/qxl_drv.h b/drivers/gpu/drm/qxl/qxl_drv.h +index 3397a1907336..c0a927efa653 100644 +--- a/drivers/gpu/drm/qxl/qxl_drv.h ++++ b/drivers/gpu/drm/qxl/qxl_drv.h +@@ -113,6 +113,8 @@ struct qxl_bo { + /* Constant after initialization */ + struct drm_gem_object gem_base; + bool is_primary; /* is this now a primary surface */ ++ bool is_dumb; ++ struct qxl_bo *shadow; + bool hw_surf_alloc; + struct qxl_surface surf; + uint32_t surface_id; +@@ -133,6 +135,8 @@ struct qxl_bo_list { + struct qxl_crtc { + struct drm_crtc base; + int index; ++ ++ struct qxl_bo *cursor_bo; + }; + + struct qxl_output { +diff --git a/drivers/gpu/drm/qxl/qxl_dumb.c b/drivers/gpu/drm/qxl/qxl_dumb.c +index 5e65d5d2d937..11085ab01374 100644 +--- a/drivers/gpu/drm/qxl/qxl_dumb.c ++++ b/drivers/gpu/drm/qxl/qxl_dumb.c +@@ -63,6 +63,7 @@ int qxl_mode_dumb_create(struct drm_file *file_priv, + &handle); + if (r) + return r; ++ qobj->is_dumb = true; + args->pitch = pitch; + args->handle = handle; + return 0; +diff --git a/drivers/gpu/drm/radeon/radeon_uvd.c b/drivers/gpu/drm/radeon/radeon_uvd.c +index d34d1cf33895..95f4db70dd22 100644 +--- a/drivers/gpu/drm/radeon/radeon_uvd.c ++++ b/drivers/gpu/drm/radeon/radeon_uvd.c +@@ -995,7 +995,7 @@ int radeon_uvd_calc_upll_dividers(struct radeon_device *rdev, + /* calc dclk divider with current vco freq */ + dclk_div = radeon_uvd_calc_upll_post_div(vco_freq, dclk, + pd_min, pd_even); +- if (vclk_div > pd_max) ++ if (dclk_div > pd_max) + break; /* vco is too big, it has to stop */ + + /* calc score with current vco freq */ +diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c +index ee3e74266a13..97a0a639dad9 100644 +--- a/drivers/gpu/drm/radeon/si_dpm.c ++++ b/drivers/gpu/drm/radeon/si_dpm.c +@@ -2984,6 +2984,11 @@ static void si_apply_state_adjust_rules(struct radeon_device *rdev, + (rdev->pdev->device == 0x6667)) { + max_sclk = 75000; + } ++ if ((rdev->pdev->revision == 0xC3) || ++ (rdev->pdev->device == 0x6665)) { ++ max_sclk = 60000; ++ max_mclk = 80000; ++ } + } else if (rdev->family == CHIP_OLAND) { + if ((rdev->pdev->revision == 0xC7) || + (rdev->pdev->revision == 0x80) || +diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c +index c088703777e2..68eed684dff5 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo.c ++++ b/drivers/gpu/drm/ttm/ttm_bo.c +@@ -175,7 +175,8 @@ void ttm_bo_add_to_lru(struct ttm_buffer_object *bo) + list_add_tail(&bo->lru, &man->lru[bo->priority]); + kref_get(&bo->list_kref); + +- if (bo->ttm && !(bo->ttm->page_flags & TTM_PAGE_FLAG_SG)) { ++ if (bo->ttm && !(bo->ttm->page_flags & ++ (TTM_PAGE_FLAG_SG | TTM_PAGE_FLAG_SWAPPED))) { + list_add_tail(&bo->swap, + &bo->glob->swap_lru[bo->priority]); + kref_get(&bo->list_kref); +diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c +index c8ebb757e36b..b17d0d38f290 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c ++++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c +@@ -299,7 +299,7 @@ static void ttm_bo_vm_close(struct vm_area_struct *vma) + + static int ttm_bo_vm_access_kmap(struct ttm_buffer_object *bo, + unsigned long offset, +- void *buf, int len, int write) ++ uint8_t *buf, int len, int write) + { + unsigned long page = offset >> PAGE_SHIFT; + unsigned long bytes_left = len; +@@ -328,6 +328,7 @@ static int ttm_bo_vm_access_kmap(struct ttm_buffer_object *bo, + ttm_bo_kunmap(&map); + + page++; ++ buf += bytes; + bytes_left -= bytes; + offset = 0; + } while (bytes_left); +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index c13a4fd86b3c..a42744c7665b 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -268,13 +268,13 @@ static int adjust_tjmax(struct cpuinfo_x86 *c, u32 id, struct device *dev) + for (i = 0; i < ARRAY_SIZE(tjmax_model_table); i++) { + const struct tjmax_model *tm = &tjmax_model_table[i]; + if (c->x86_model == tm->model && +- (tm->mask == ANY || c->x86_mask == tm->mask)) ++ (tm->mask == ANY || c->x86_stepping == tm->mask)) + return tm->tjmax; + } + + /* Early chips have no MSR for TjMax */ + +- if (c->x86_model == 0xf && c->x86_mask < 4) ++ if (c->x86_model == 0xf && c->x86_stepping < 4) + usemsr_ee = 0; + + if (c->x86_model > 0xe && usemsr_ee) { +@@ -425,7 +425,7 @@ static int chk_ucode_version(unsigned int cpu) + * Readings might stop update when processor visited too deep sleep, + * fixed for stepping D0 (6EC). + */ +- if (c->x86_model == 0xe && c->x86_mask < 0xc && c->microcode < 0x39) { ++ if (c->x86_model == 0xe && c->x86_stepping < 0xc && c->microcode < 0x39) { + pr_err("Errata AE18 not fixed, update BIOS or microcode of the CPU!\n"); + return -ENODEV; + } +diff --git a/drivers/hwmon/hwmon-vid.c b/drivers/hwmon/hwmon-vid.c +index ef91b8a67549..84e91286fc4f 100644 +--- a/drivers/hwmon/hwmon-vid.c ++++ b/drivers/hwmon/hwmon-vid.c +@@ -293,7 +293,7 @@ u8 vid_which_vrm(void) + if (c->x86 < 6) /* Any CPU with family lower than 6 */ + return 0; /* doesn't have VID */ + +- vrm_ret = find_vrm(c->x86, c->x86_model, c->x86_mask, c->x86_vendor); ++ vrm_ret = find_vrm(c->x86, c->x86_model, c->x86_stepping, c->x86_vendor); + if (vrm_ret == 134) + vrm_ret = get_via_model_d_vrm(); + if (vrm_ret == 0) +diff --git a/drivers/hwmon/k10temp.c b/drivers/hwmon/k10temp.c +index ce3b91f22e30..5c740996aa62 100644 +--- a/drivers/hwmon/k10temp.c ++++ b/drivers/hwmon/k10temp.c +@@ -179,7 +179,7 @@ static bool has_erratum_319(struct pci_dev *pdev) + * and AM3 formats, but that's the best we can do. + */ + return boot_cpu_data.x86_model < 4 || +- (boot_cpu_data.x86_model == 4 && boot_cpu_data.x86_mask <= 2); ++ (boot_cpu_data.x86_model == 4 && boot_cpu_data.x86_stepping <= 2); + } + + static int k10temp_probe(struct pci_dev *pdev, +diff --git a/drivers/hwmon/k8temp.c b/drivers/hwmon/k8temp.c +index 5a632bcf869b..e59f9113fb93 100644 +--- a/drivers/hwmon/k8temp.c ++++ b/drivers/hwmon/k8temp.c +@@ -187,7 +187,7 @@ static int k8temp_probe(struct pci_dev *pdev, + return -ENOMEM; + + model = boot_cpu_data.x86_model; +- stepping = boot_cpu_data.x86_mask; ++ stepping = boot_cpu_data.x86_stepping; + + /* feature available since SH-C0, exclude older revisions */ + if ((model == 4 && stepping == 0) || +diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c +index 84fc32a2c8b3..ebfdb5503701 100644 +--- a/drivers/infiniband/core/device.c ++++ b/drivers/infiniband/core/device.c +@@ -446,7 +446,6 @@ int ib_register_device(struct ib_device *device, + struct ib_udata uhw = {.outlen = 0, .inlen = 0}; + struct device *parent = device->dev.parent; + +- WARN_ON_ONCE(!parent); + WARN_ON_ONCE(device->dma_device); + if (device->dev.dma_ops) { + /* +@@ -455,16 +454,25 @@ int ib_register_device(struct ib_device *device, + * into device->dev. + */ + device->dma_device = &device->dev; +- if (!device->dev.dma_mask) +- device->dev.dma_mask = parent->dma_mask; +- if (!device->dev.coherent_dma_mask) +- device->dev.coherent_dma_mask = +- parent->coherent_dma_mask; ++ if (!device->dev.dma_mask) { ++ if (parent) ++ device->dev.dma_mask = parent->dma_mask; ++ else ++ WARN_ON_ONCE(true); ++ } ++ if (!device->dev.coherent_dma_mask) { ++ if (parent) ++ device->dev.coherent_dma_mask = ++ parent->coherent_dma_mask; ++ else ++ WARN_ON_ONCE(true); ++ } + } else { + /* + * The caller did not provide custom DMA operations. Use the + * DMA mapping operations of the parent device. + */ ++ WARN_ON_ONCE(!parent); + device->dma_device = parent; + } + +diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c +index abc5ab581f82..0a1e96c25ca3 100644 +--- a/drivers/infiniband/core/sysfs.c ++++ b/drivers/infiniband/core/sysfs.c +@@ -1262,7 +1262,6 @@ int ib_device_register_sysfs(struct ib_device *device, + int ret; + int i; + +- WARN_ON_ONCE(!device->dev.parent); + ret = dev_set_name(class_dev, "%s", device->name); + if (ret) + return ret; +diff --git a/drivers/infiniband/core/user_mad.c b/drivers/infiniband/core/user_mad.c +index 603acaf91828..6511cb21f6e2 100644 +--- a/drivers/infiniband/core/user_mad.c ++++ b/drivers/infiniband/core/user_mad.c +@@ -500,7 +500,7 @@ static ssize_t ib_umad_write(struct file *filp, const char __user *buf, + } + + memset(&ah_attr, 0, sizeof ah_attr); +- ah_attr.type = rdma_ah_find_type(file->port->ib_dev, ++ ah_attr.type = rdma_ah_find_type(agent->device, + file->port->port_num); + rdma_ah_set_dlid(&ah_attr, be16_to_cpu(packet->mad.hdr.lid)); + rdma_ah_set_sl(&ah_attr, packet->mad.hdr.sl); +diff --git a/drivers/infiniband/core/uverbs_std_types.c b/drivers/infiniband/core/uverbs_std_types.c +index 0a98579700ec..5f9321eda1b7 100644 +--- a/drivers/infiniband/core/uverbs_std_types.c ++++ b/drivers/infiniband/core/uverbs_std_types.c +@@ -315,7 +315,7 @@ static int uverbs_create_cq_handler(struct ib_device *ib_dev, + cq->uobject = &obj->uobject; + cq->comp_handler = ib_uverbs_comp_handler; + cq->event_handler = ib_uverbs_cq_event_handler; +- cq->cq_context = &ev_file->ev_queue; ++ cq->cq_context = ev_file ? &ev_file->ev_queue : NULL; + obj->uobject.object = cq; + obj->uobject.user_handle = user_handle; + atomic_set(&cq->usecnt, 0); +diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c +index c636842c5be0..8c681a36e6c7 100644 +--- a/drivers/infiniband/hw/mlx4/main.c ++++ b/drivers/infiniband/hw/mlx4/main.c +@@ -2972,9 +2972,8 @@ static void *mlx4_ib_add(struct mlx4_dev *dev) + kfree(ibdev->ib_uc_qpns_bitmap); + + err_steer_qp_release: +- if (ibdev->steering_support == MLX4_STEERING_MODE_DEVICE_MANAGED) +- mlx4_qp_release_range(dev, ibdev->steer_qpn_base, +- ibdev->steer_qpn_count); ++ mlx4_qp_release_range(dev, ibdev->steer_qpn_base, ++ ibdev->steer_qpn_count); + err_counter: + for (i = 0; i < ibdev->num_ports; ++i) + mlx4_ib_delete_counters_table(ibdev, &ibdev->counters_table[i]); +@@ -3079,11 +3078,9 @@ static void mlx4_ib_remove(struct mlx4_dev *dev, void *ibdev_ptr) + ibdev->iboe.nb.notifier_call = NULL; + } + +- if (ibdev->steering_support == MLX4_STEERING_MODE_DEVICE_MANAGED) { +- mlx4_qp_release_range(dev, ibdev->steer_qpn_base, +- ibdev->steer_qpn_count); +- kfree(ibdev->ib_uc_qpns_bitmap); +- } ++ mlx4_qp_release_range(dev, ibdev->steer_qpn_base, ++ ibdev->steer_qpn_count); ++ kfree(ibdev->ib_uc_qpns_bitmap); + + iounmap(ibdev->uar_map); + for (p = 0; p < ibdev->num_ports; ++p) +diff --git a/drivers/infiniband/hw/qib/qib_rc.c b/drivers/infiniband/hw/qib/qib_rc.c +index e9a91736b12d..d80b61a71eb8 100644 +--- a/drivers/infiniband/hw/qib/qib_rc.c ++++ b/drivers/infiniband/hw/qib/qib_rc.c +@@ -434,13 +434,13 @@ int qib_make_rc_req(struct rvt_qp *qp, unsigned long *flags) + qp->s_state = OP(COMPARE_SWAP); + put_ib_ateth_swap(wqe->atomic_wr.swap, + &ohdr->u.atomic_eth); +- put_ib_ateth_swap(wqe->atomic_wr.compare_add, +- &ohdr->u.atomic_eth); ++ put_ib_ateth_compare(wqe->atomic_wr.compare_add, ++ &ohdr->u.atomic_eth); + } else { + qp->s_state = OP(FETCH_ADD); + put_ib_ateth_swap(wqe->atomic_wr.compare_add, + &ohdr->u.atomic_eth); +- put_ib_ateth_swap(0, &ohdr->u.atomic_eth); ++ put_ib_ateth_compare(0, &ohdr->u.atomic_eth); + } + put_ib_ateth_vaddr(wqe->atomic_wr.remote_addr, + &ohdr->u.atomic_eth); +diff --git a/drivers/infiniband/sw/rxe/rxe_loc.h b/drivers/infiniband/sw/rxe/rxe_loc.h +index 77b3ed0df936..7f945f65d8cd 100644 +--- a/drivers/infiniband/sw/rxe/rxe_loc.h ++++ b/drivers/infiniband/sw/rxe/rxe_loc.h +@@ -237,7 +237,6 @@ int rxe_srq_from_attr(struct rxe_dev *rxe, struct rxe_srq *srq, + + void rxe_release(struct kref *kref); + +-void rxe_drain_req_pkts(struct rxe_qp *qp, bool notify); + int rxe_completer(void *arg); + int rxe_requester(void *arg); + int rxe_responder(void *arg); +diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c +index 00bda9380a2e..aeea994b04c4 100644 +--- a/drivers/infiniband/sw/rxe/rxe_qp.c ++++ b/drivers/infiniband/sw/rxe/rxe_qp.c +@@ -824,9 +824,9 @@ void rxe_qp_destroy(struct rxe_qp *qp) + } + + /* called when the last reference to the qp is dropped */ +-void rxe_qp_cleanup(struct rxe_pool_entry *arg) ++static void rxe_qp_do_cleanup(struct work_struct *work) + { +- struct rxe_qp *qp = container_of(arg, typeof(*qp), pelem); ++ struct rxe_qp *qp = container_of(work, typeof(*qp), cleanup_work.work); + + rxe_drop_all_mcast_groups(qp); + +@@ -859,3 +859,11 @@ void rxe_qp_cleanup(struct rxe_pool_entry *arg) + kernel_sock_shutdown(qp->sk, SHUT_RDWR); + sock_release(qp->sk); + } ++ ++/* called when the last reference to the qp is dropped */ ++void rxe_qp_cleanup(struct rxe_pool_entry *arg) ++{ ++ struct rxe_qp *qp = container_of(arg, typeof(*qp), pelem); ++ ++ execute_in_process_context(rxe_qp_do_cleanup, &qp->cleanup_work); ++} +diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c +index d84222f9d5d2..44b838ec9420 100644 +--- a/drivers/infiniband/sw/rxe/rxe_req.c ++++ b/drivers/infiniband/sw/rxe/rxe_req.c +@@ -594,15 +594,8 @@ int rxe_requester(void *arg) + rxe_add_ref(qp); + + next_wqe: +- if (unlikely(!qp->valid)) { +- rxe_drain_req_pkts(qp, true); ++ if (unlikely(!qp->valid || qp->req.state == QP_STATE_ERROR)) + goto exit; +- } +- +- if (unlikely(qp->req.state == QP_STATE_ERROR)) { +- rxe_drain_req_pkts(qp, true); +- goto exit; +- } + + if (unlikely(qp->req.state == QP_STATE_RESET)) { + qp->req.wqe_index = consumer_index(qp->sq.queue); +diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c +index 4240866a5331..01f926fd9029 100644 +--- a/drivers/infiniband/sw/rxe/rxe_resp.c ++++ b/drivers/infiniband/sw/rxe/rxe_resp.c +@@ -1210,7 +1210,7 @@ static enum resp_states do_class_d1e_error(struct rxe_qp *qp) + } + } + +-void rxe_drain_req_pkts(struct rxe_qp *qp, bool notify) ++static void rxe_drain_req_pkts(struct rxe_qp *qp, bool notify) + { + struct sk_buff *skb; + +diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.c b/drivers/infiniband/sw/rxe/rxe_verbs.c +index 0b362f49a10a..afbf701dc9a7 100644 +--- a/drivers/infiniband/sw/rxe/rxe_verbs.c ++++ b/drivers/infiniband/sw/rxe/rxe_verbs.c +@@ -813,6 +813,8 @@ static int rxe_post_send_kernel(struct rxe_qp *qp, struct ib_send_wr *wr, + (queue_count(qp->sq.queue) > 1); + + rxe_run_task(&qp->req.task, must_sched); ++ if (unlikely(qp->req.state == QP_STATE_ERROR)) ++ rxe_run_task(&qp->comp.task, 1); + + return err; + } +diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.h b/drivers/infiniband/sw/rxe/rxe_verbs.h +index 0c2dbe45c729..1019f5e7dbdd 100644 +--- a/drivers/infiniband/sw/rxe/rxe_verbs.h ++++ b/drivers/infiniband/sw/rxe/rxe_verbs.h +@@ -35,6 +35,7 @@ + #define RXE_VERBS_H + + #include ++#include + #include + #include "rxe_pool.h" + #include "rxe_task.h" +@@ -281,6 +282,8 @@ struct rxe_qp { + struct timer_list rnr_nak_timer; + + spinlock_t state_lock; /* guard requester and completer */ ++ ++ struct execute_work cleanup_work; + }; + + enum rxe_mem_state { +diff --git a/drivers/md/dm.c b/drivers/md/dm.c +index 804419635cc7..1dfc855ac708 100644 +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -815,7 +815,8 @@ static void dec_pending(struct dm_io *io, blk_status_t error) + queue_io(md, bio); + } else { + /* done with normal IO or empty flush */ +- bio->bi_status = io_error; ++ if (io_error) ++ bio->bi_status = io_error; + bio_endio(bio); + } + } +diff --git a/drivers/media/tuners/r820t.c b/drivers/media/tuners/r820t.c +index ba80376a3b86..d097eb04a0e9 100644 +--- a/drivers/media/tuners/r820t.c ++++ b/drivers/media/tuners/r820t.c +@@ -396,9 +396,11 @@ static int r820t_write(struct r820t_priv *priv, u8 reg, const u8 *val, + return 0; + } + +-static int r820t_write_reg(struct r820t_priv *priv, u8 reg, u8 val) ++static inline int r820t_write_reg(struct r820t_priv *priv, u8 reg, u8 val) + { +- return r820t_write(priv, reg, &val, 1); ++ u8 tmp = val; /* work around GCC PR81715 with asan-stack=1 */ ++ ++ return r820t_write(priv, reg, &tmp, 1); + } + + static int r820t_read_cache_reg(struct r820t_priv *priv, int reg) +@@ -411,17 +413,18 @@ static int r820t_read_cache_reg(struct r820t_priv *priv, int reg) + return -EINVAL; + } + +-static int r820t_write_reg_mask(struct r820t_priv *priv, u8 reg, u8 val, ++static inline int r820t_write_reg_mask(struct r820t_priv *priv, u8 reg, u8 val, + u8 bit_mask) + { ++ u8 tmp = val; + int rc = r820t_read_cache_reg(priv, reg); + + if (rc < 0) + return rc; + +- val = (rc & ~bit_mask) | (val & bit_mask); ++ tmp = (rc & ~bit_mask) | (tmp & bit_mask); + +- return r820t_write(priv, reg, &val, 1); ++ return r820t_write(priv, reg, &tmp, 1); + } + + static int r820t_read(struct r820t_priv *priv, u8 reg, u8 *val, int len) +diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c +index 1922cb8f6b88..1c5b7aec13d4 100644 +--- a/drivers/misc/c2port/core.c ++++ b/drivers/misc/c2port/core.c +@@ -15,7 +15,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -904,7 +903,6 @@ struct c2port_device *c2port_device_register(char *name, + return ERR_PTR(-EINVAL); + + c2dev = kmalloc(sizeof(struct c2port_device), GFP_KERNEL); +- kmemcheck_annotate_bitfield(c2dev, flags); + if (unlikely(!c2dev)) + return ERR_PTR(-ENOMEM); + +diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c +index 229dc18f0581..768972af8b85 100644 +--- a/drivers/mmc/host/bcm2835.c ++++ b/drivers/mmc/host/bcm2835.c +@@ -1265,7 +1265,8 @@ static int bcm2835_add_host(struct bcm2835_host *host) + char pio_limit_string[20]; + int ret; + +- mmc->f_max = host->max_clk; ++ if (!mmc->f_max || mmc->f_max > host->max_clk) ++ mmc->f_max = host->max_clk; + mmc->f_min = host->max_clk / SDCDIV_MAX_CDIV; + + mmc->max_busy_timeout = ~0 / (mmc->f_max / 1000); +diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c +index 85745ef179e2..08a55c2e96e1 100644 +--- a/drivers/mmc/host/meson-gx-mmc.c ++++ b/drivers/mmc/host/meson-gx-mmc.c +@@ -716,22 +716,6 @@ static int meson_mmc_clk_phase_tuning(struct mmc_host *mmc, u32 opcode, + static int meson_mmc_execute_tuning(struct mmc_host *mmc, u32 opcode) + { + struct meson_host *host = mmc_priv(mmc); +- int ret; +- +- /* +- * If this is the initial tuning, try to get a sane Rx starting +- * phase before doing the actual tuning. +- */ +- if (!mmc->doing_retune) { +- ret = meson_mmc_clk_phase_tuning(mmc, opcode, host->rx_clk); +- +- if (ret) +- return ret; +- } +- +- ret = meson_mmc_clk_phase_tuning(mmc, opcode, host->tx_clk); +- if (ret) +- return ret; + + return meson_mmc_clk_phase_tuning(mmc, opcode, host->rx_clk); + } +@@ -762,9 +746,8 @@ static void meson_mmc_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) + if (!IS_ERR(mmc->supply.vmmc)) + mmc_regulator_set_ocr(mmc, mmc->supply.vmmc, ios->vdd); + +- /* Reset phases */ ++ /* Reset rx phase */ + clk_set_phase(host->rx_clk, 0); +- clk_set_phase(host->tx_clk, 270); + + break; + +diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c +index d96a057a7db8..4ffa6b173a21 100644 +--- a/drivers/mmc/host/sdhci-of-esdhc.c ++++ b/drivers/mmc/host/sdhci-of-esdhc.c +@@ -458,6 +458,33 @@ static unsigned int esdhc_of_get_min_clock(struct sdhci_host *host) + return clock / 256 / 16; + } + ++static void esdhc_clock_enable(struct sdhci_host *host, bool enable) ++{ ++ u32 val; ++ ktime_t timeout; ++ ++ val = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); ++ ++ if (enable) ++ val |= ESDHC_CLOCK_SDCLKEN; ++ else ++ val &= ~ESDHC_CLOCK_SDCLKEN; ++ ++ sdhci_writel(host, val, ESDHC_SYSTEM_CONTROL); ++ ++ /* Wait max 20 ms */ ++ timeout = ktime_add_ms(ktime_get(), 20); ++ val = ESDHC_CLOCK_STABLE; ++ while (!(sdhci_readl(host, ESDHC_PRSSTAT) & val)) { ++ if (ktime_after(ktime_get(), timeout)) { ++ pr_err("%s: Internal clock never stabilised.\n", ++ mmc_hostname(host->mmc)); ++ break; ++ } ++ udelay(10); ++ } ++} ++ + static void esdhc_of_set_clock(struct sdhci_host *host, unsigned int clock) + { + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); +@@ -469,8 +496,10 @@ static void esdhc_of_set_clock(struct sdhci_host *host, unsigned int clock) + + host->mmc->actual_clock = 0; + +- if (clock == 0) ++ if (clock == 0) { ++ esdhc_clock_enable(host, false); + return; ++ } + + /* Workaround to start pre_div at 2 for VNN < VENDOR_V_23 */ + if (esdhc->vendor_ver < VENDOR_V_23) +@@ -558,39 +587,20 @@ static void esdhc_pltfm_set_bus_width(struct sdhci_host *host, int width) + sdhci_writel(host, ctrl, ESDHC_PROCTL); + } + +-static void esdhc_clock_enable(struct sdhci_host *host, bool enable) ++static void esdhc_reset(struct sdhci_host *host, u8 mask) + { + u32 val; +- ktime_t timeout; +- +- val = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); + +- if (enable) +- val |= ESDHC_CLOCK_SDCLKEN; +- else +- val &= ~ESDHC_CLOCK_SDCLKEN; +- +- sdhci_writel(host, val, ESDHC_SYSTEM_CONTROL); +- +- /* Wait max 20 ms */ +- timeout = ktime_add_ms(ktime_get(), 20); +- val = ESDHC_CLOCK_STABLE; +- while (!(sdhci_readl(host, ESDHC_PRSSTAT) & val)) { +- if (ktime_after(ktime_get(), timeout)) { +- pr_err("%s: Internal clock never stabilised.\n", +- mmc_hostname(host->mmc)); +- break; +- } +- udelay(10); +- } +-} +- +-static void esdhc_reset(struct sdhci_host *host, u8 mask) +-{ + sdhci_reset(host, mask); + + sdhci_writel(host, host->ier, SDHCI_INT_ENABLE); + sdhci_writel(host, host->ier, SDHCI_SIGNAL_ENABLE); ++ ++ if (mask & SDHCI_RESET_ALL) { ++ val = sdhci_readl(host, ESDHC_TBCTL); ++ val &= ~ESDHC_TB_EN; ++ sdhci_writel(host, val, ESDHC_TBCTL); ++ } + } + + /* The SCFG, Supplemental Configuration Unit, provides SoC specific +diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c +index 6152e83ff935..90cc1977b792 100644 +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -502,8 +503,35 @@ static int sdhci_pre_dma_transfer(struct sdhci_host *host, + if (data->host_cookie == COOKIE_PRE_MAPPED) + return data->sg_count; + +- sg_count = dma_map_sg(mmc_dev(host->mmc), data->sg, data->sg_len, +- mmc_get_dma_dir(data)); ++ /* Bounce write requests to the bounce buffer */ ++ if (host->bounce_buffer) { ++ unsigned int length = data->blksz * data->blocks; ++ ++ if (length > host->bounce_buffer_size) { ++ pr_err("%s: asked for transfer of %u bytes exceeds bounce buffer %u bytes\n", ++ mmc_hostname(host->mmc), length, ++ host->bounce_buffer_size); ++ return -EIO; ++ } ++ if (mmc_get_dma_dir(data) == DMA_TO_DEVICE) { ++ /* Copy the data to the bounce buffer */ ++ sg_copy_to_buffer(data->sg, data->sg_len, ++ host->bounce_buffer, ++ length); ++ } ++ /* Switch ownership to the DMA */ ++ dma_sync_single_for_device(host->mmc->parent, ++ host->bounce_addr, ++ host->bounce_buffer_size, ++ mmc_get_dma_dir(data)); ++ /* Just a dummy value */ ++ sg_count = 1; ++ } else { ++ /* Just access the data directly from memory */ ++ sg_count = dma_map_sg(mmc_dev(host->mmc), ++ data->sg, data->sg_len, ++ mmc_get_dma_dir(data)); ++ } + + if (sg_count == 0) + return -ENOSPC; +@@ -673,6 +701,14 @@ static void sdhci_adma_table_post(struct sdhci_host *host, + } + } + ++static u32 sdhci_sdma_address(struct sdhci_host *host) ++{ ++ if (host->bounce_buffer) ++ return host->bounce_addr; ++ else ++ return sg_dma_address(host->data->sg); ++} ++ + static u8 sdhci_calc_timeout(struct sdhci_host *host, struct mmc_command *cmd) + { + u8 count; +@@ -858,8 +894,8 @@ static void sdhci_prepare_data(struct sdhci_host *host, struct mmc_command *cmd) + SDHCI_ADMA_ADDRESS_HI); + } else { + WARN_ON(sg_cnt != 1); +- sdhci_writel(host, sg_dma_address(data->sg), +- SDHCI_DMA_ADDRESS); ++ sdhci_writel(host, sdhci_sdma_address(host), ++ SDHCI_DMA_ADDRESS); + } + } + +@@ -2248,7 +2284,12 @@ static void sdhci_pre_req(struct mmc_host *mmc, struct mmc_request *mrq) + + mrq->data->host_cookie = COOKIE_UNMAPPED; + +- if (host->flags & SDHCI_REQ_USE_DMA) ++ /* ++ * No pre-mapping in the pre hook if we're using the bounce buffer, ++ * for that we would need two bounce buffers since one buffer is ++ * in flight when this is getting called. ++ */ ++ if (host->flags & SDHCI_REQ_USE_DMA && !host->bounce_buffer) + sdhci_pre_dma_transfer(host, mrq->data, COOKIE_PRE_MAPPED); + } + +@@ -2352,8 +2393,45 @@ static bool sdhci_request_done(struct sdhci_host *host) + struct mmc_data *data = mrq->data; + + if (data && data->host_cookie == COOKIE_MAPPED) { +- dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, +- mmc_get_dma_dir(data)); ++ if (host->bounce_buffer) { ++ /* ++ * On reads, copy the bounced data into the ++ * sglist ++ */ ++ if (mmc_get_dma_dir(data) == DMA_FROM_DEVICE) { ++ unsigned int length = data->bytes_xfered; ++ ++ if (length > host->bounce_buffer_size) { ++ pr_err("%s: bounce buffer is %u bytes but DMA claims to have transferred %u bytes\n", ++ mmc_hostname(host->mmc), ++ host->bounce_buffer_size, ++ data->bytes_xfered); ++ /* Cap it down and continue */ ++ length = host->bounce_buffer_size; ++ } ++ dma_sync_single_for_cpu( ++ host->mmc->parent, ++ host->bounce_addr, ++ host->bounce_buffer_size, ++ DMA_FROM_DEVICE); ++ sg_copy_from_buffer(data->sg, ++ data->sg_len, ++ host->bounce_buffer, ++ length); ++ } else { ++ /* No copying, just switch ownership */ ++ dma_sync_single_for_cpu( ++ host->mmc->parent, ++ host->bounce_addr, ++ host->bounce_buffer_size, ++ mmc_get_dma_dir(data)); ++ } ++ } else { ++ /* Unmap the raw data */ ++ dma_unmap_sg(mmc_dev(host->mmc), data->sg, ++ data->sg_len, ++ mmc_get_dma_dir(data)); ++ } + data->host_cookie = COOKIE_UNMAPPED; + } + } +@@ -2636,7 +2714,8 @@ static void sdhci_data_irq(struct sdhci_host *host, u32 intmask) + */ + if (intmask & SDHCI_INT_DMA_END) { + u32 dmastart, dmanow; +- dmastart = sg_dma_address(host->data->sg); ++ ++ dmastart = sdhci_sdma_address(host); + dmanow = dmastart + host->data->bytes_xfered; + /* + * Force update to the next DMA block boundary. +@@ -3217,6 +3296,68 @@ void __sdhci_read_caps(struct sdhci_host *host, u16 *ver, u32 *caps, u32 *caps1) + } + EXPORT_SYMBOL_GPL(__sdhci_read_caps); + ++static int sdhci_allocate_bounce_buffer(struct sdhci_host *host) ++{ ++ struct mmc_host *mmc = host->mmc; ++ unsigned int max_blocks; ++ unsigned int bounce_size; ++ int ret; ++ ++ /* ++ * Cap the bounce buffer at 64KB. Using a bigger bounce buffer ++ * has diminishing returns, this is probably because SD/MMC ++ * cards are usually optimized to handle this size of requests. ++ */ ++ bounce_size = SZ_64K; ++ /* ++ * Adjust downwards to maximum request size if this is less ++ * than our segment size, else hammer down the maximum ++ * request size to the maximum buffer size. ++ */ ++ if (mmc->max_req_size < bounce_size) ++ bounce_size = mmc->max_req_size; ++ max_blocks = bounce_size / 512; ++ ++ /* ++ * When we just support one segment, we can get significant ++ * speedups by the help of a bounce buffer to group scattered ++ * reads/writes together. ++ */ ++ host->bounce_buffer = devm_kmalloc(mmc->parent, ++ bounce_size, ++ GFP_KERNEL); ++ if (!host->bounce_buffer) { ++ pr_err("%s: failed to allocate %u bytes for bounce buffer, falling back to single segments\n", ++ mmc_hostname(mmc), ++ bounce_size); ++ /* ++ * Exiting with zero here makes sure we proceed with ++ * mmc->max_segs == 1. ++ */ ++ return 0; ++ } ++ ++ host->bounce_addr = dma_map_single(mmc->parent, ++ host->bounce_buffer, ++ bounce_size, ++ DMA_BIDIRECTIONAL); ++ ret = dma_mapping_error(mmc->parent, host->bounce_addr); ++ if (ret) ++ /* Again fall back to max_segs == 1 */ ++ return 0; ++ host->bounce_buffer_size = bounce_size; ++ ++ /* Lie about this since we're bouncing */ ++ mmc->max_segs = max_blocks; ++ mmc->max_seg_size = bounce_size; ++ mmc->max_req_size = bounce_size; ++ ++ pr_info("%s bounce up to %u segments into one, max segment size %u bytes\n", ++ mmc_hostname(mmc), max_blocks, bounce_size); ++ ++ return 0; ++} ++ + int sdhci_setup_host(struct sdhci_host *host) + { + struct mmc_host *mmc; +@@ -3713,6 +3854,13 @@ int sdhci_setup_host(struct sdhci_host *host) + */ + mmc->max_blk_count = (host->quirks & SDHCI_QUIRK_NO_MULTIBLOCK) ? 1 : 65535; + ++ if (mmc->max_segs == 1) { ++ /* This may alter mmc->*_blk_* parameters */ ++ ret = sdhci_allocate_bounce_buffer(host); ++ if (ret) ++ return ret; ++ } ++ + return 0; + + unreg: +diff --git a/drivers/mmc/host/sdhci.h b/drivers/mmc/host/sdhci.h +index 54bc444c317f..1d7d61e25dbf 100644 +--- a/drivers/mmc/host/sdhci.h ++++ b/drivers/mmc/host/sdhci.h +@@ -440,6 +440,9 @@ struct sdhci_host { + + int irq; /* Device IRQ */ + void __iomem *ioaddr; /* Mapped address */ ++ char *bounce_buffer; /* For packing SDMA reads/writes */ ++ dma_addr_t bounce_addr; ++ unsigned int bounce_buffer_size; + + const struct sdhci_ops *ops; /* Low level hw interface */ + +diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c +index 8037d4b48a05..e2583a539b41 100644 +--- a/drivers/mtd/nand/vf610_nfc.c ++++ b/drivers/mtd/nand/vf610_nfc.c +@@ -752,10 +752,8 @@ static int vf610_nfc_probe(struct platform_device *pdev) + if (mtd->oobsize > 64) + mtd->oobsize = 64; + +- /* +- * mtd->ecclayout is not specified here because we're using the +- * default large page ECC layout defined in NAND core. +- */ ++ /* Use default large page ECC layout defined in NAND core */ ++ mtd_set_ooblayout(mtd, &nand_ooblayout_lp_ops); + if (chip->ecc.strength == 32) { + nfc->ecc_mode = ECC_60_BYTE; + chip->ecc.bytes = 60; +diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c +index 1dd3a1264a53..06f3fe429d82 100644 +--- a/drivers/net/ethernet/marvell/mvpp2.c ++++ b/drivers/net/ethernet/marvell/mvpp2.c +@@ -6888,6 +6888,7 @@ static void mvpp2_set_rx_mode(struct net_device *dev) + int id = port->id; + bool allmulti = dev->flags & IFF_ALLMULTI; + ++retry: + mvpp2_prs_mac_promisc_set(priv, id, dev->flags & IFF_PROMISC); + mvpp2_prs_mac_multi_set(priv, id, MVPP2_PE_MAC_MC_ALL, allmulti); + mvpp2_prs_mac_multi_set(priv, id, MVPP2_PE_MAC_MC_IP6, allmulti); +@@ -6895,9 +6896,13 @@ static void mvpp2_set_rx_mode(struct net_device *dev) + /* Remove all port->id's mcast enries */ + mvpp2_prs_mcast_del_all(priv, id); + +- if (allmulti && !netdev_mc_empty(dev)) { +- netdev_for_each_mc_addr(ha, dev) +- mvpp2_prs_mac_da_accept(priv, id, ha->addr, true); ++ if (!allmulti) { ++ netdev_for_each_mc_addr(ha, dev) { ++ if (mvpp2_prs_mac_da_accept(priv, id, ha->addr, true)) { ++ allmulti = true; ++ goto retry; ++ } ++ } + } + } + +diff --git a/drivers/net/ethernet/mellanox/mlx4/qp.c b/drivers/net/ethernet/mellanox/mlx4/qp.c +index 728a2fb1f5c0..22a3bfe1ed8f 100644 +--- a/drivers/net/ethernet/mellanox/mlx4/qp.c ++++ b/drivers/net/ethernet/mellanox/mlx4/qp.c +@@ -287,6 +287,9 @@ void mlx4_qp_release_range(struct mlx4_dev *dev, int base_qpn, int cnt) + u64 in_param = 0; + int err; + ++ if (!cnt) ++ return; ++ + if (mlx4_is_mfunc(dev)) { + set_param_l(&in_param, base_qpn); + set_param_h(&in_param, cnt); +diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c +index cd314946452c..9511f5fe62f4 100644 +--- a/drivers/net/wireless/marvell/mwifiex/pcie.c ++++ b/drivers/net/wireless/marvell/mwifiex/pcie.c +@@ -2781,7 +2781,10 @@ static void mwifiex_pcie_card_reset_work(struct mwifiex_adapter *adapter) + { + struct pcie_service_card *card = adapter->card; + +- pci_reset_function(card->dev); ++ /* We can't afford to wait here; remove() might be waiting on us. If we ++ * can't grab the device lock, maybe we'll get another chance later. ++ */ ++ pci_try_reset_function(card->dev); + } + + static void mwifiex_pcie_work(struct work_struct *work) +diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/hw.c +index 9ac1511de7ba..b82e5b363c05 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/hw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/hw.c +@@ -1122,7 +1122,7 @@ static u8 _rtl8821ae_dbi_read(struct rtl_priv *rtlpriv, u16 addr) + } + if (0 == tmp) { + read_addr = REG_DBI_RDATA + addr % 4; +- ret = rtl_read_word(rtlpriv, read_addr); ++ ret = rtl_read_byte(rtlpriv, read_addr); + } + return ret; + } +@@ -1164,7 +1164,8 @@ static void _rtl8821ae_enable_aspm_back_door(struct ieee80211_hw *hw) + } + + tmp = _rtl8821ae_dbi_read(rtlpriv, 0x70f); +- _rtl8821ae_dbi_write(rtlpriv, 0x70f, tmp | BIT(7)); ++ _rtl8821ae_dbi_write(rtlpriv, 0x70f, tmp | BIT(7) | ++ ASPM_L1_LATENCY << 3); + + tmp = _rtl8821ae_dbi_read(rtlpriv, 0x719); + _rtl8821ae_dbi_write(rtlpriv, 0x719, tmp | BIT(3) | BIT(4)); +diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h +index 1ab1024330fb..25c4e3e55921 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h ++++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h +@@ -99,6 +99,7 @@ + #define RTL_USB_MAX_RX_COUNT 100 + #define QBSS_LOAD_SIZE 5 + #define MAX_WMMELE_LENGTH 64 ++#define ASPM_L1_LATENCY 7 + + #define TOTAL_CAM_ENTRY 32 + +diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c +index 5bee3af47588..39405598b22d 100644 +--- a/drivers/pci/dwc/pci-keystone.c ++++ b/drivers/pci/dwc/pci-keystone.c +@@ -178,7 +178,7 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, + } + + /* interrupt controller is in a child node */ +- *np_temp = of_find_node_by_name(np_pcie, controller); ++ *np_temp = of_get_child_by_name(np_pcie, controller); + if (!(*np_temp)) { + dev_err(dev, "Node for %s is absent\n", controller); + return -EINVAL; +@@ -187,6 +187,7 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, + temp = of_irq_count(*np_temp); + if (!temp) { + dev_err(dev, "No IRQ entries in %s\n", controller); ++ of_node_put(*np_temp); + return -EINVAL; + } + +@@ -204,6 +205,8 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, + break; + } + ++ of_node_put(*np_temp); ++ + if (temp) { + *num_irqs = temp; + return 0; +diff --git a/drivers/pci/host/pcie-iproc-platform.c b/drivers/pci/host/pcie-iproc-platform.c +index a5073a921a04..32228d41f746 100644 +--- a/drivers/pci/host/pcie-iproc-platform.c ++++ b/drivers/pci/host/pcie-iproc-platform.c +@@ -92,6 +92,13 @@ static int iproc_pcie_pltfm_probe(struct platform_device *pdev) + pcie->need_ob_cfg = true; + } + ++ /* ++ * DT nodes are not used by all platforms that use the iProc PCIe ++ * core driver. For platforms that require explict inbound mapping ++ * configuration, "dma-ranges" would have been present in DT ++ */ ++ pcie->need_ib_cfg = of_property_read_bool(np, "dma-ranges"); ++ + /* PHY use is optional */ + pcie->phy = devm_phy_get(dev, "pcie-phy"); + if (IS_ERR(pcie->phy)) { +diff --git a/drivers/pci/host/pcie-iproc.c b/drivers/pci/host/pcie-iproc.c +index 3a8b9d20ee57..c0ecc9f35667 100644 +--- a/drivers/pci/host/pcie-iproc.c ++++ b/drivers/pci/host/pcie-iproc.c +@@ -1396,9 +1396,11 @@ int iproc_pcie_setup(struct iproc_pcie *pcie, struct list_head *res) + } + } + +- ret = iproc_pcie_map_dma_ranges(pcie); +- if (ret && ret != -ENOENT) +- goto err_power_off_phy; ++ if (pcie->need_ib_cfg) { ++ ret = iproc_pcie_map_dma_ranges(pcie); ++ if (ret && ret != -ENOENT) ++ goto err_power_off_phy; ++ } + + #ifdef CONFIG_ARM + pcie->sysdata.private_data = pcie; +diff --git a/drivers/pci/host/pcie-iproc.h b/drivers/pci/host/pcie-iproc.h +index a6b55cec9a66..4ac6282f2bfd 100644 +--- a/drivers/pci/host/pcie-iproc.h ++++ b/drivers/pci/host/pcie-iproc.h +@@ -74,6 +74,7 @@ struct iproc_msi; + * @ob: outbound mapping related parameters + * @ob_map: outbound mapping related parameters specific to the controller + * ++ * @need_ib_cfg: indicates SW needs to configure the inbound mapping window + * @ib: inbound mapping related parameters + * @ib_map: outbound mapping region related parameters + * +@@ -101,6 +102,7 @@ struct iproc_pcie { + struct iproc_pcie_ob ob; + const struct iproc_pcie_ob_map *ob_map; + ++ bool need_ib_cfg; + struct iproc_pcie_ib ib; + const struct iproc_pcie_ib_map *ib_map; + +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index f66f9375177c..4c3feb96f391 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -1636,8 +1636,8 @@ static void quirk_pcie_mch(struct pci_dev *pdev) + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_E7520_MCH, quirk_pcie_mch); + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_E7320_MCH, quirk_pcie_mch); + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_E7525_MCH, quirk_pcie_mch); +-DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_HUAWEI, 0x1610, quirk_pcie_mch); + ++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_HUAWEI, 0x1610, PCI_CLASS_BRIDGE_PCI, 8, quirk_pcie_mch); + + /* + * It's possible for the MSI to get corrupted if shpc and acpi +diff --git a/drivers/platform/x86/apple-gmux.c b/drivers/platform/x86/apple-gmux.c +index 623d322447a2..7c4eb86c851e 100644 +--- a/drivers/platform/x86/apple-gmux.c ++++ b/drivers/platform/x86/apple-gmux.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -54,7 +53,6 @@ struct apple_gmux_data { + bool indexed; + struct mutex index_lock; + +- struct pci_dev *pdev; + struct backlight_device *bdev; + + /* switcheroo data */ +@@ -599,23 +597,6 @@ static int gmux_resume(struct device *dev) + return 0; + } + +-static struct pci_dev *gmux_get_io_pdev(void) +-{ +- struct pci_dev *pdev = NULL; +- +- while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_VGA << 8, pdev))) { +- u16 cmd; +- +- pci_read_config_word(pdev, PCI_COMMAND, &cmd); +- if (!(cmd & PCI_COMMAND_IO)) +- continue; +- +- return pdev; +- } +- +- return NULL; +-} +- + static int is_thunderbolt(struct device *dev, void *data) + { + return to_pci_dev(dev)->is_thunderbolt; +@@ -631,7 +612,6 @@ static int gmux_probe(struct pnp_dev *pnp, const struct pnp_device_id *id) + int ret = -ENXIO; + acpi_status status; + unsigned long long gpe; +- struct pci_dev *pdev = NULL; + + if (apple_gmux_data) + return -EBUSY; +@@ -682,7 +662,7 @@ static int gmux_probe(struct pnp_dev *pnp, const struct pnp_device_id *id) + ver_minor = (version >> 16) & 0xff; + ver_release = (version >> 8) & 0xff; + } else { +- pr_info("gmux device not present or IO disabled\n"); ++ pr_info("gmux device not present\n"); + ret = -ENODEV; + goto err_release; + } +@@ -690,23 +670,6 @@ static int gmux_probe(struct pnp_dev *pnp, const struct pnp_device_id *id) + pr_info("Found gmux version %d.%d.%d [%s]\n", ver_major, ver_minor, + ver_release, (gmux_data->indexed ? "indexed" : "classic")); + +- /* +- * Apple systems with gmux are EFI based and normally don't use +- * VGA. In addition changing IO+MEM ownership between IGP and dGPU +- * disables IO/MEM used for backlight control on some systems. +- * Lock IO+MEM to GPU with active IO to prevent switch. +- */ +- pdev = gmux_get_io_pdev(); +- if (pdev && vga_tryget(pdev, +- VGA_RSRC_NORMAL_IO | VGA_RSRC_NORMAL_MEM)) { +- pr_err("IO+MEM vgaarb-locking for PCI:%s failed\n", +- pci_name(pdev)); +- ret = -EBUSY; +- goto err_release; +- } else if (pdev) +- pr_info("locked IO for PCI:%s\n", pci_name(pdev)); +- gmux_data->pdev = pdev; +- + memset(&props, 0, sizeof(props)); + props.type = BACKLIGHT_PLATFORM; + props.max_brightness = gmux_read32(gmux_data, GMUX_PORT_MAX_BRIGHTNESS); +@@ -822,10 +785,6 @@ static int gmux_probe(struct pnp_dev *pnp, const struct pnp_device_id *id) + err_notify: + backlight_device_unregister(bdev); + err_release: +- if (gmux_data->pdev) +- vga_put(gmux_data->pdev, +- VGA_RSRC_NORMAL_IO | VGA_RSRC_NORMAL_MEM); +- pci_dev_put(pdev); + release_region(gmux_data->iostart, gmux_data->iolen); + err_free: + kfree(gmux_data); +@@ -845,11 +804,6 @@ static void gmux_remove(struct pnp_dev *pnp) + &gmux_notify_handler); + } + +- if (gmux_data->pdev) { +- vga_put(gmux_data->pdev, +- VGA_RSRC_NORMAL_IO | VGA_RSRC_NORMAL_MEM); +- pci_dev_put(gmux_data->pdev); +- } + backlight_device_unregister(gmux_data->bdev); + + release_region(gmux_data->iostart, gmux_data->iolen); +diff --git a/drivers/rtc/rtc-opal.c b/drivers/rtc/rtc-opal.c +index e2a946c0e667..304e891e35fc 100644 +--- a/drivers/rtc/rtc-opal.c ++++ b/drivers/rtc/rtc-opal.c +@@ -58,6 +58,7 @@ static void tm_to_opal(struct rtc_time *tm, u32 *y_m_d, u64 *h_m_s_ms) + static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm) + { + long rc = OPAL_BUSY; ++ int retries = 10; + u32 y_m_d; + u64 h_m_s_ms; + __be32 __y_m_d; +@@ -67,8 +68,11 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm) + rc = opal_rtc_read(&__y_m_d, &__h_m_s_ms); + if (rc == OPAL_BUSY_EVENT) + opal_poll_events(NULL); +- else ++ else if (retries-- && (rc == OPAL_HARDWARE ++ || rc == OPAL_INTERNAL_ERROR)) + msleep(10); ++ else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT) ++ break; + } + + if (rc != OPAL_SUCCESS) +@@ -84,6 +88,7 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm) + static int opal_set_rtc_time(struct device *dev, struct rtc_time *tm) + { + long rc = OPAL_BUSY; ++ int retries = 10; + u32 y_m_d = 0; + u64 h_m_s_ms = 0; + +@@ -92,8 +97,11 @@ static int opal_set_rtc_time(struct device *dev, struct rtc_time *tm) + rc = opal_rtc_write(y_m_d, h_m_s_ms); + if (rc == OPAL_BUSY_EVENT) + opal_poll_events(NULL); +- else ++ else if (retries-- && (rc == OPAL_HARDWARE ++ || rc == OPAL_INTERNAL_ERROR)) + msleep(10); ++ else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT) ++ break; + } + + return rc == OPAL_SUCCESS ? 0 : -EIO; +diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c +index f796bd61f3f0..40406c162d0d 100644 +--- a/drivers/scsi/scsi_sysfs.c ++++ b/drivers/scsi/scsi_sysfs.c +@@ -1383,7 +1383,10 @@ static void __scsi_remove_target(struct scsi_target *starget) + * check. + */ + if (sdev->channel != starget->channel || +- sdev->id != starget->id || ++ sdev->id != starget->id) ++ continue; ++ if (sdev->sdev_state == SDEV_DEL || ++ sdev->sdev_state == SDEV_CANCEL || + !get_device(&sdev->sdev_gendev)) + continue; + spin_unlock_irqrestore(shost->host_lock, flags); +diff --git a/drivers/scsi/smartpqi/Makefile b/drivers/scsi/smartpqi/Makefile +index 0f42a225a664..e6b779930230 100644 +--- a/drivers/scsi/smartpqi/Makefile ++++ b/drivers/scsi/smartpqi/Makefile +@@ -1,3 +1,3 @@ + ccflags-y += -I. +-obj-m += smartpqi.o ++obj-$(CONFIG_SCSI_SMARTPQI) += smartpqi.o + smartpqi-objs := smartpqi_init.o smartpqi_sis.o smartpqi_sas_transport.o +diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c +index f9bc8ec6fb6b..9518ffd8b8ba 100644 +--- a/drivers/target/iscsi/iscsi_target_auth.c ++++ b/drivers/target/iscsi/iscsi_target_auth.c +@@ -421,7 +421,8 @@ static int chap_server_compute_md5( + auth_ret = 0; + out: + kzfree(desc); +- crypto_free_shash(tfm); ++ if (tfm) ++ crypto_free_shash(tfm); + kfree(challenge); + kfree(challenge_binhex); + return auth_ret; +diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c +index 7a6751fecd32..87248a2512e5 100644 +--- a/drivers/target/iscsi/iscsi_target_nego.c ++++ b/drivers/target/iscsi/iscsi_target_nego.c +@@ -432,6 +432,9 @@ static void iscsi_target_sk_data_ready(struct sock *sk) + if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) { + write_unlock_bh(&sk->sk_callback_lock); + pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn); ++ if (iscsi_target_sk_data_ready == conn->orig_data_ready) ++ return; ++ conn->orig_data_ready(sk); + return; + } + +diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig +index 939a63bca82f..72eb3e41e3b6 100644 +--- a/drivers/usb/Kconfig ++++ b/drivers/usb/Kconfig +@@ -19,6 +19,14 @@ config USB_EHCI_BIG_ENDIAN_MMIO + config USB_EHCI_BIG_ENDIAN_DESC + bool + ++config USB_UHCI_BIG_ENDIAN_MMIO ++ bool ++ default y if SPARC_LEON ++ ++config USB_UHCI_BIG_ENDIAN_DESC ++ bool ++ default y if SPARC_LEON ++ + menuconfig USB_SUPPORT + bool "USB support" + depends on HAS_IOMEM +diff --git a/drivers/usb/host/Kconfig b/drivers/usb/host/Kconfig +index fa5692dec832..92b19721b595 100644 +--- a/drivers/usb/host/Kconfig ++++ b/drivers/usb/host/Kconfig +@@ -637,14 +637,6 @@ config USB_UHCI_ASPEED + bool + default y if ARCH_ASPEED + +-config USB_UHCI_BIG_ENDIAN_MMIO +- bool +- default y if SPARC_LEON +- +-config USB_UHCI_BIG_ENDIAN_DESC +- bool +- default y if SPARC_LEON +- + config USB_FHCI_HCD + tristate "Freescale QE USB Host Controller support" + depends on OF_GPIO && QE_GPIO && QUICC_ENGINE +diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c +index 9269d5685239..b90ef96e43d6 100644 +--- a/drivers/video/console/dummycon.c ++++ b/drivers/video/console/dummycon.c +@@ -67,7 +67,6 @@ const struct consw dummy_con = { + .con_switch = DUMMY, + .con_blank = DUMMY, + .con_font_set = DUMMY, +- .con_font_get = DUMMY, + .con_font_default = DUMMY, + .con_font_copy = DUMMY, + }; +diff --git a/drivers/video/fbdev/atmel_lcdfb.c b/drivers/video/fbdev/atmel_lcdfb.c +index e06358da4b99..3dee267d7c75 100644 +--- a/drivers/video/fbdev/atmel_lcdfb.c ++++ b/drivers/video/fbdev/atmel_lcdfb.c +@@ -1119,7 +1119,7 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo) + goto put_display_node; + } + +- timings_np = of_find_node_by_name(display_np, "display-timings"); ++ timings_np = of_get_child_by_name(display_np, "display-timings"); + if (!timings_np) { + dev_err(dev, "failed to find display-timings node\n"); + ret = -ENODEV; +@@ -1140,6 +1140,12 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo) + fb_add_videomode(&fb_vm, &info->modelist); + } + ++ /* ++ * FIXME: Make sure we are not referencing any fields in display_np ++ * and timings_np and drop our references to them before returning to ++ * avoid leaking the nodes on probe deferral and driver unbind. ++ */ ++ + return 0; + + put_timings_node: +diff --git a/drivers/video/fbdev/geode/video_gx.c b/drivers/video/fbdev/geode/video_gx.c +index 6082f653c68a..67773e8bbb95 100644 +--- a/drivers/video/fbdev/geode/video_gx.c ++++ b/drivers/video/fbdev/geode/video_gx.c +@@ -127,7 +127,7 @@ void gx_set_dclk_frequency(struct fb_info *info) + int timeout = 1000; + + /* Rev. 1 Geode GXs use a 14 MHz reference clock instead of 48 MHz. */ +- if (cpu_data(0).x86_mask == 1) { ++ if (cpu_data(0).x86_stepping == 1) { + pll_table = gx_pll_table_14MHz; + pll_table_len = ARRAY_SIZE(gx_pll_table_14MHz); + } else { +diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h +index 149c5e7efc89..092981171df1 100644 +--- a/drivers/xen/xenbus/xenbus.h ++++ b/drivers/xen/xenbus/xenbus.h +@@ -76,6 +76,7 @@ struct xb_req_data { + struct list_head list; + wait_queue_head_t wq; + struct xsd_sockmsg msg; ++ uint32_t caller_req_id; + enum xsd_sockmsg_type type; + char *body; + const struct kvec *vec; +diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c +index 5b081a01779d..d239fc3c5e3d 100644 +--- a/drivers/xen/xenbus/xenbus_comms.c ++++ b/drivers/xen/xenbus/xenbus_comms.c +@@ -309,6 +309,7 @@ static int process_msg(void) + goto out; + + if (req->state == xb_req_state_wait_reply) { ++ req->msg.req_id = req->caller_req_id; + req->msg.type = state.msg.type; + req->msg.len = state.msg.len; + req->body = state.body; +diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c +index 3e59590c7254..3f3b29398ab8 100644 +--- a/drivers/xen/xenbus/xenbus_xs.c ++++ b/drivers/xen/xenbus/xenbus_xs.c +@@ -227,6 +227,8 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg) + req->state = xb_req_state_queued; + init_waitqueue_head(&req->wq); + ++ /* Save the caller req_id and restore it later in the reply */ ++ req->caller_req_id = req->msg.req_id; + req->msg.req_id = xs_request_enter(req); + + mutex_lock(&xb_write_mutex); +@@ -310,6 +312,7 @@ static void *xs_talkv(struct xenbus_transaction t, + req->num_vecs = num_vecs; + req->cb = xs_wake_up; + ++ msg.req_id = 0; + msg.tx_id = t.id; + msg.type = type; + msg.len = 0; +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 5eaedff28a32..1ae61f82e54b 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -1330,8 +1330,11 @@ static noinline int run_delalloc_nocow(struct inode *inode, + leaf = path->nodes[0]; + if (path->slots[0] >= btrfs_header_nritems(leaf)) { + ret = btrfs_next_leaf(root, path); +- if (ret < 0) ++ if (ret < 0) { ++ if (cow_start != (u64)-1) ++ cur_offset = cow_start; + goto error; ++ } + if (ret > 0) + break; + leaf = path->nodes[0]; +@@ -3368,6 +3371,11 @@ int btrfs_orphan_add(struct btrfs_trans_handle *trans, + ret = btrfs_orphan_reserve_metadata(trans, inode); + ASSERT(!ret); + if (ret) { ++ /* ++ * dec doesn't need spin_lock as ->orphan_block_rsv ++ * would be released only if ->orphan_inodes is ++ * zero. ++ */ + atomic_dec(&root->orphan_inodes); + clear_bit(BTRFS_INODE_ORPHAN_META_RESERVED, + &inode->runtime_flags); +@@ -3382,12 +3390,17 @@ int btrfs_orphan_add(struct btrfs_trans_handle *trans, + if (insert >= 1) { + ret = btrfs_insert_orphan_item(trans, root, btrfs_ino(inode)); + if (ret) { +- atomic_dec(&root->orphan_inodes); + if (reserve) { + clear_bit(BTRFS_INODE_ORPHAN_META_RESERVED, + &inode->runtime_flags); + btrfs_orphan_release_metadata(inode); + } ++ /* ++ * btrfs_orphan_commit_root may race with us and set ++ * ->orphan_block_rsv to zero, in order to avoid that, ++ * decrease ->orphan_inodes after everything is done. ++ */ ++ atomic_dec(&root->orphan_inodes); + if (ret != -EEXIST) { + clear_bit(BTRFS_INODE_HAS_ORPHAN_ITEM, + &inode->runtime_flags); +@@ -3419,28 +3432,26 @@ static int btrfs_orphan_del(struct btrfs_trans_handle *trans, + { + struct btrfs_root *root = inode->root; + int delete_item = 0; +- int release_rsv = 0; + int ret = 0; + +- spin_lock(&root->orphan_lock); + if (test_and_clear_bit(BTRFS_INODE_HAS_ORPHAN_ITEM, + &inode->runtime_flags)) + delete_item = 1; + ++ if (delete_item && trans) ++ ret = btrfs_del_orphan_item(trans, root, btrfs_ino(inode)); ++ + if (test_and_clear_bit(BTRFS_INODE_ORPHAN_META_RESERVED, + &inode->runtime_flags)) +- release_rsv = 1; +- spin_unlock(&root->orphan_lock); ++ btrfs_orphan_release_metadata(inode); + +- if (delete_item) { ++ /* ++ * btrfs_orphan_commit_root may race with us and set ->orphan_block_rsv ++ * to zero, in order to avoid that, decrease ->orphan_inodes after ++ * everything is done. ++ */ ++ if (delete_item) + atomic_dec(&root->orphan_inodes); +- if (trans) +- ret = btrfs_del_orphan_item(trans, root, +- btrfs_ino(inode)); +- } +- +- if (release_rsv) +- btrfs_orphan_release_metadata(inode); + + return ret; + } +@@ -5315,7 +5326,7 @@ void btrfs_evict_inode(struct inode *inode) + trace_btrfs_inode_evict(inode); + + if (!root) { +- kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode)); ++ clear_inode(inode); + return; + } + +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c +index d3002842d7f6..b6dfe7af7a1f 100644 +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -28,6 +28,7 @@ + #include "hash.h" + #include "compression.h" + #include "qgroup.h" ++#include "inode-map.h" + + /* magic values for the inode_only field in btrfs_log_inode: + * +@@ -2494,6 +2495,9 @@ static noinline int walk_down_log_tree(struct btrfs_trans_handle *trans, + clean_tree_block(fs_info, next); + btrfs_wait_tree_block_writeback(next); + btrfs_tree_unlock(next); ++ } else { ++ if (test_and_clear_bit(EXTENT_BUFFER_DIRTY, &next->bflags)) ++ clear_extent_buffer_dirty(next); + } + + WARN_ON(root_owner != +@@ -2574,6 +2578,9 @@ static noinline int walk_up_log_tree(struct btrfs_trans_handle *trans, + clean_tree_block(fs_info, next); + btrfs_wait_tree_block_writeback(next); + btrfs_tree_unlock(next); ++ } else { ++ if (test_and_clear_bit(EXTENT_BUFFER_DIRTY, &next->bflags)) ++ clear_extent_buffer_dirty(next); + } + + WARN_ON(root_owner != BTRFS_TREE_LOG_OBJECTID); +@@ -2652,6 +2659,9 @@ static int walk_log_tree(struct btrfs_trans_handle *trans, + clean_tree_block(fs_info, next); + btrfs_wait_tree_block_writeback(next); + btrfs_tree_unlock(next); ++ } else { ++ if (test_and_clear_bit(EXTENT_BUFFER_DIRTY, &next->bflags)) ++ clear_extent_buffer_dirty(next); + } + + WARN_ON(log->root_key.objectid != +@@ -3038,13 +3048,14 @@ static void free_log_tree(struct btrfs_trans_handle *trans, + + while (1) { + ret = find_first_extent_bit(&log->dirty_log_pages, +- 0, &start, &end, EXTENT_DIRTY | EXTENT_NEW, ++ 0, &start, &end, ++ EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT, + NULL); + if (ret) + break; + + clear_extent_bits(&log->dirty_log_pages, start, end, +- EXTENT_DIRTY | EXTENT_NEW); ++ EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + } + + /* +@@ -5705,6 +5716,23 @@ int btrfs_recover_log_trees(struct btrfs_root *log_root_tree) + path); + } + ++ if (!ret && wc.stage == LOG_WALK_REPLAY_ALL) { ++ struct btrfs_root *root = wc.replay_dest; ++ ++ btrfs_release_path(path); ++ ++ /* ++ * We have just replayed everything, and the highest ++ * objectid of fs roots probably has changed in case ++ * some inode_item's got replayed. ++ * ++ * root->objectid_mutex is not acquired as log replay ++ * could only happen during mount. ++ */ ++ ret = btrfs_find_highest_objectid(root, ++ &root->highest_objectid); ++ } ++ + key.offset = found_key.offset - 1; + wc.replay_dest->log_root = NULL; + free_extent_buffer(log->node); +diff --git a/fs/dcache.c b/fs/dcache.c +index 34c852af215c..b8d999a5768b 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -2705,8 +2705,6 @@ static void swap_names(struct dentry *dentry, struct dentry *target) + */ + unsigned int i; + BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); +- kmemcheck_mark_initialized(dentry->d_iname, DNAME_INLINE_LEN); +- kmemcheck_mark_initialized(target->d_iname, DNAME_INLINE_LEN); + for (i = 0; i < DNAME_INLINE_LEN / sizeof(long); i++) { + swap(((long *) &dentry->d_iname)[i], + ((long *) &target->d_iname)[i]); +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index ea2ccc524bd9..0b9f3f284799 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3724,10 +3724,18 @@ static ssize_t ext4_direct_IO_write(struct kiocb *iocb, struct iov_iter *iter) + /* Credits for sb + inode write */ + handle = ext4_journal_start(inode, EXT4_HT_INODE, 2); + if (IS_ERR(handle)) { +- /* This is really bad luck. We've written the data +- * but cannot extend i_size. Bail out and pretend +- * the write failed... */ +- ret = PTR_ERR(handle); ++ /* ++ * We wrote the data but cannot extend ++ * i_size. Bail out. In async io case, we do ++ * not return error here because we have ++ * already submmitted the corresponding ++ * bio. Returning error here makes the caller ++ * think that this IO is done and failed ++ * resulting in race with bio's completion ++ * handler. ++ */ ++ if (!ret) ++ ret = PTR_ERR(handle); + if (inode->i_nlink) + ext4_orphan_del(NULL, inode); + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index f29351c66610..16d247f056e2 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -742,6 +742,7 @@ __acquires(bitlock) + } + + ext4_unlock_group(sb, grp); ++ ext4_commit_super(sb, 1); + ext4_handle_error(sb); + /* + * We only get here in the ERRORS_RO case; relocking the group +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c +index 8b08044b3120..c0681814c379 100644 +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -495,8 +495,10 @@ void jbd2_journal_free_reserved(handle_t *handle) + EXPORT_SYMBOL(jbd2_journal_free_reserved); + + /** +- * int jbd2_journal_start_reserved(handle_t *handle) - start reserved handle ++ * int jbd2_journal_start_reserved() - start reserved handle + * @handle: handle to start ++ * @type: for handle statistics ++ * @line_no: for handle statistics + * + * Start handle that has been previously reserved with jbd2_journal_reserve(). + * This attaches @handle to the running transaction (or creates one if there's +@@ -626,6 +628,7 @@ int jbd2_journal_extend(handle_t *handle, int nblocks) + * int jbd2_journal_restart() - restart a handle . + * @handle: handle to restart + * @nblocks: nr credits requested ++ * @gfp_mask: memory allocation flags (for start_this_handle) + * + * Restart a handle for a multi-transaction filesystem + * operation. +diff --git a/fs/mbcache.c b/fs/mbcache.c +index d818fd236787..49c5b25bfa8c 100644 +--- a/fs/mbcache.c ++++ b/fs/mbcache.c +@@ -94,6 +94,7 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key, + entry->e_key = key; + entry->e_value = value; + entry->e_reusable = reusable; ++ entry->e_referenced = 0; + head = mb_cache_entry_head(cache, key); + hlist_bl_lock(head); + hlist_bl_for_each_entry(dup, dup_node, head, e_hash_list) { +diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c +index 4689940a953c..5193218f5889 100644 +--- a/fs/ocfs2/dlmglue.c ++++ b/fs/ocfs2/dlmglue.c +@@ -2486,6 +2486,15 @@ int ocfs2_inode_lock_with_page(struct inode *inode, + ret = ocfs2_inode_lock_full(inode, ret_bh, ex, OCFS2_LOCK_NONBLOCK); + if (ret == -EAGAIN) { + unlock_page(page); ++ /* ++ * If we can't get inode lock immediately, we should not return ++ * directly here, since this will lead to a softlockup problem. ++ * The method is to get a blocking lock and immediately unlock ++ * before returning, this can avoid CPU resource waste due to ++ * lots of retries, and benefits fairness in getting lock. ++ */ ++ if (ocfs2_inode_lock(inode, ret_bh, ex) == 0) ++ ocfs2_inode_unlock(inode, ex); + ret = AOP_TRUNCATED_PAGE; + } + +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c +index 321511ed8c42..d60900b615f9 100644 +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -579,6 +579,16 @@ static int ovl_inode_set(struct inode *inode, void *data) + static bool ovl_verify_inode(struct inode *inode, struct dentry *lowerdentry, + struct dentry *upperdentry) + { ++ if (S_ISDIR(inode->i_mode)) { ++ /* Real lower dir moved to upper layer under us? */ ++ if (!lowerdentry && ovl_inode_lower(inode)) ++ return false; ++ ++ /* Lookup of an uncovered redirect origin? */ ++ if (!upperdentry && ovl_inode_upper(inode)) ++ return false; ++ } ++ + /* + * Allow non-NULL lower inode in ovl_inode even if lowerdentry is NULL. + * This happens when finding a copied up overlay inode for a renamed +@@ -606,6 +616,8 @@ struct inode *ovl_get_inode(struct dentry *dentry, struct dentry *upperdentry, + struct inode *inode; + /* Already indexed or could be indexed on copy up? */ + bool indexed = (index || (ovl_indexdir(dentry->d_sb) && !upperdentry)); ++ struct dentry *origin = indexed ? lowerdentry : NULL; ++ bool is_dir; + + if (WARN_ON(upperdentry && indexed && !lowerdentry)) + return ERR_PTR(-EIO); +@@ -614,15 +626,19 @@ struct inode *ovl_get_inode(struct dentry *dentry, struct dentry *upperdentry, + realinode = d_inode(lowerdentry); + + /* +- * Copy up origin (lower) may exist for non-indexed upper, but we must +- * not use lower as hash key in that case. +- * Hash inodes that are or could be indexed by origin inode and +- * non-indexed upper inodes that could be hard linked by upper inode. ++ * Copy up origin (lower) may exist for non-indexed non-dir upper, but ++ * we must not use lower as hash key in that case. ++ * Hash non-dir that is or could be indexed by origin inode. ++ * Hash dir that is or could be merged by origin inode. ++ * Hash pure upper and non-indexed non-dir by upper inode. + */ +- if (!S_ISDIR(realinode->i_mode) && (upperdentry || indexed)) { +- struct inode *key = d_inode(indexed ? lowerdentry : +- upperdentry); +- unsigned int nlink; ++ is_dir = S_ISDIR(realinode->i_mode); ++ if (is_dir) ++ origin = lowerdentry; ++ ++ if (upperdentry || origin) { ++ struct inode *key = d_inode(origin ?: upperdentry); ++ unsigned int nlink = is_dir ? 1 : realinode->i_nlink; + + inode = iget5_locked(dentry->d_sb, (unsigned long) key, + ovl_inode_test, ovl_inode_set, key); +@@ -643,8 +659,9 @@ struct inode *ovl_get_inode(struct dentry *dentry, struct dentry *upperdentry, + goto out; + } + +- nlink = ovl_get_nlink(lowerdentry, upperdentry, +- realinode->i_nlink); ++ /* Recalculate nlink for non-dir due to indexing */ ++ if (!is_dir) ++ nlink = ovl_get_nlink(lowerdentry, upperdentry, nlink); + set_nlink(inode, nlink); + } else { + inode = new_inode(dentry->d_sb); +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c +index f5738e96a052..b8f8d666e8d4 100644 +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -200,6 +200,7 @@ static void ovl_destroy_inode(struct inode *inode) + struct ovl_inode *oi = OVL_I(inode); + + dput(oi->__upperdentry); ++ iput(oi->lower); + kfree(oi->redirect); + ovl_dir_cache_free(inode); + mutex_destroy(&oi->lock); +diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c +index b9b239fa5cfd..f60ce2e04df0 100644 +--- a/fs/overlayfs/util.c ++++ b/fs/overlayfs/util.c +@@ -253,7 +253,7 @@ void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, + if (upperdentry) + OVL_I(inode)->__upperdentry = upperdentry; + if (lowerdentry) +- OVL_I(inode)->lower = d_inode(lowerdentry); ++ OVL_I(inode)->lower = igrab(d_inode(lowerdentry)); + + ovl_copyattr(d_inode(upperdentry ?: lowerdentry), inode); + } +@@ -269,7 +269,7 @@ void ovl_inode_update(struct inode *inode, struct dentry *upperdentry) + */ + smp_wmb(); + OVL_I(inode)->__upperdentry = upperdentry; +- if (!S_ISDIR(upperinode->i_mode) && inode_unhashed(inode)) { ++ if (inode_unhashed(inode)) { + inode->i_private = upperinode; + __insert_inode_hash(inode, (unsigned long) upperinode); + } +diff --git a/fs/seq_file.c b/fs/seq_file.c +index 4be761c1a03d..eea09f6d8830 100644 +--- a/fs/seq_file.c ++++ b/fs/seq_file.c +@@ -181,8 +181,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) + * if request is to read from zero offset, reset iterator to first + * record as it might have been already advanced by previous requests + */ +- if (*ppos == 0) ++ if (*ppos == 0) { + m->index = 0; ++ m->version = 0; ++ m->count = 0; ++ } + + /* Don't assume *ppos is where we left it */ + if (unlikely(*ppos != m->read_pos)) { +diff --git a/include/drm/i915_pciids.h b/include/drm/i915_pciids.h +index 34c8f5600ce0..c65e4489006d 100644 +--- a/include/drm/i915_pciids.h ++++ b/include/drm/i915_pciids.h +@@ -118,92 +118,125 @@ + #define INTEL_IRONLAKE_M_IDS(info) \ + INTEL_VGA_DEVICE(0x0046, info) + +-#define INTEL_SNB_D_IDS(info) \ ++#define INTEL_SNB_D_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x0102, info), \ +- INTEL_VGA_DEVICE(0x0112, info), \ +- INTEL_VGA_DEVICE(0x0122, info), \ + INTEL_VGA_DEVICE(0x010A, info) + +-#define INTEL_SNB_M_IDS(info) \ +- INTEL_VGA_DEVICE(0x0106, info), \ ++#define INTEL_SNB_D_GT2_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0112, info), \ ++ INTEL_VGA_DEVICE(0x0122, info) ++ ++#define INTEL_SNB_D_IDS(info) \ ++ INTEL_SNB_D_GT1_IDS(info), \ ++ INTEL_SNB_D_GT2_IDS(info) ++ ++#define INTEL_SNB_M_GT1_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0106, info) ++ ++#define INTEL_SNB_M_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x0116, info), \ + INTEL_VGA_DEVICE(0x0126, info) + ++#define INTEL_SNB_M_IDS(info) \ ++ INTEL_SNB_M_GT1_IDS(info), \ ++ INTEL_SNB_M_GT2_IDS(info) ++ ++#define INTEL_IVB_M_GT1_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0156, info) /* GT1 mobile */ ++ ++#define INTEL_IVB_M_GT2_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0166, info) /* GT2 mobile */ ++ + #define INTEL_IVB_M_IDS(info) \ +- INTEL_VGA_DEVICE(0x0156, info), /* GT1 mobile */ \ +- INTEL_VGA_DEVICE(0x0166, info) /* GT2 mobile */ ++ INTEL_IVB_M_GT1_IDS(info), \ ++ INTEL_IVB_M_GT2_IDS(info) + +-#define INTEL_IVB_D_IDS(info) \ ++#define INTEL_IVB_D_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x0152, info), /* GT1 desktop */ \ ++ INTEL_VGA_DEVICE(0x015a, info) /* GT1 server */ ++ ++#define INTEL_IVB_D_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x0162, info), /* GT2 desktop */ \ +- INTEL_VGA_DEVICE(0x015a, info), /* GT1 server */ \ + INTEL_VGA_DEVICE(0x016a, info) /* GT2 server */ + ++#define INTEL_IVB_D_IDS(info) \ ++ INTEL_IVB_D_GT1_IDS(info), \ ++ INTEL_IVB_D_GT2_IDS(info) ++ + #define INTEL_IVB_Q_IDS(info) \ + INTEL_QUANTA_VGA_DEVICE(info) /* Quanta transcode */ + +-#define INTEL_HSW_IDS(info) \ ++#define INTEL_HSW_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x0402, info), /* GT1 desktop */ \ +- INTEL_VGA_DEVICE(0x0412, info), /* GT2 desktop */ \ +- INTEL_VGA_DEVICE(0x0422, info), /* GT3 desktop */ \ + INTEL_VGA_DEVICE(0x040a, info), /* GT1 server */ \ +- INTEL_VGA_DEVICE(0x041a, info), /* GT2 server */ \ +- INTEL_VGA_DEVICE(0x042a, info), /* GT3 server */ \ + INTEL_VGA_DEVICE(0x040B, info), /* GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x041B, info), /* GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x042B, info), /* GT3 reserved */ \ + INTEL_VGA_DEVICE(0x040E, info), /* GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x041E, info), /* GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x042E, info), /* GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0C02, info), /* SDV GT1 desktop */ \ +- INTEL_VGA_DEVICE(0x0C12, info), /* SDV GT2 desktop */ \ +- INTEL_VGA_DEVICE(0x0C22, info), /* SDV GT3 desktop */ \ + INTEL_VGA_DEVICE(0x0C0A, info), /* SDV GT1 server */ \ +- INTEL_VGA_DEVICE(0x0C1A, info), /* SDV GT2 server */ \ +- INTEL_VGA_DEVICE(0x0C2A, info), /* SDV GT3 server */ \ + INTEL_VGA_DEVICE(0x0C0B, info), /* SDV GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x0C1B, info), /* SDV GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x0C2B, info), /* SDV GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0C0E, info), /* SDV GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x0C1E, info), /* SDV GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x0C2E, info), /* SDV GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0A02, info), /* ULT GT1 desktop */ \ +- INTEL_VGA_DEVICE(0x0A12, info), /* ULT GT2 desktop */ \ +- INTEL_VGA_DEVICE(0x0A22, info), /* ULT GT3 desktop */ \ + INTEL_VGA_DEVICE(0x0A0A, info), /* ULT GT1 server */ \ +- INTEL_VGA_DEVICE(0x0A1A, info), /* ULT GT2 server */ \ +- INTEL_VGA_DEVICE(0x0A2A, info), /* ULT GT3 server */ \ + INTEL_VGA_DEVICE(0x0A0B, info), /* ULT GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x0A1B, info), /* ULT GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x0A2B, info), /* ULT GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0D02, info), /* CRW GT1 desktop */ \ +- INTEL_VGA_DEVICE(0x0D12, info), /* CRW GT2 desktop */ \ +- INTEL_VGA_DEVICE(0x0D22, info), /* CRW GT3 desktop */ \ + INTEL_VGA_DEVICE(0x0D0A, info), /* CRW GT1 server */ \ +- INTEL_VGA_DEVICE(0x0D1A, info), /* CRW GT2 server */ \ +- INTEL_VGA_DEVICE(0x0D2A, info), /* CRW GT3 server */ \ + INTEL_VGA_DEVICE(0x0D0B, info), /* CRW GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x0D1B, info), /* CRW GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x0D2B, info), /* CRW GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0D0E, info), /* CRW GT1 reserved */ \ +- INTEL_VGA_DEVICE(0x0D1E, info), /* CRW GT2 reserved */ \ +- INTEL_VGA_DEVICE(0x0D2E, info), /* CRW GT3 reserved */ \ + INTEL_VGA_DEVICE(0x0406, info), /* GT1 mobile */ \ ++ INTEL_VGA_DEVICE(0x0C06, info), /* SDV GT1 mobile */ \ ++ INTEL_VGA_DEVICE(0x0A06, info), /* ULT GT1 mobile */ \ ++ INTEL_VGA_DEVICE(0x0A0E, info), /* ULX GT1 mobile */ \ ++ INTEL_VGA_DEVICE(0x0D06, info) /* CRW GT1 mobile */ ++ ++#define INTEL_HSW_GT2_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0412, info), /* GT2 desktop */ \ ++ INTEL_VGA_DEVICE(0x041a, info), /* GT2 server */ \ ++ INTEL_VGA_DEVICE(0x041B, info), /* GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x041E, info), /* GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x0C12, info), /* SDV GT2 desktop */ \ ++ INTEL_VGA_DEVICE(0x0C1A, info), /* SDV GT2 server */ \ ++ INTEL_VGA_DEVICE(0x0C1B, info), /* SDV GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x0C1E, info), /* SDV GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x0A12, info), /* ULT GT2 desktop */ \ ++ INTEL_VGA_DEVICE(0x0A1A, info), /* ULT GT2 server */ \ ++ INTEL_VGA_DEVICE(0x0A1B, info), /* ULT GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x0D12, info), /* CRW GT2 desktop */ \ ++ INTEL_VGA_DEVICE(0x0D1A, info), /* CRW GT2 server */ \ ++ INTEL_VGA_DEVICE(0x0D1B, info), /* CRW GT2 reserved */ \ ++ INTEL_VGA_DEVICE(0x0D1E, info), /* CRW GT2 reserved */ \ + INTEL_VGA_DEVICE(0x0416, info), /* GT2 mobile */ \ + INTEL_VGA_DEVICE(0x0426, info), /* GT2 mobile */ \ +- INTEL_VGA_DEVICE(0x0C06, info), /* SDV GT1 mobile */ \ + INTEL_VGA_DEVICE(0x0C16, info), /* SDV GT2 mobile */ \ +- INTEL_VGA_DEVICE(0x0C26, info), /* SDV GT3 mobile */ \ +- INTEL_VGA_DEVICE(0x0A06, info), /* ULT GT1 mobile */ \ + INTEL_VGA_DEVICE(0x0A16, info), /* ULT GT2 mobile */ \ +- INTEL_VGA_DEVICE(0x0A26, info), /* ULT GT3 mobile */ \ +- INTEL_VGA_DEVICE(0x0A0E, info), /* ULX GT1 mobile */ \ + INTEL_VGA_DEVICE(0x0A1E, info), /* ULX GT2 mobile */ \ ++ INTEL_VGA_DEVICE(0x0D16, info) /* CRW GT2 mobile */ ++ ++#define INTEL_HSW_GT3_IDS(info) \ ++ INTEL_VGA_DEVICE(0x0422, info), /* GT3 desktop */ \ ++ INTEL_VGA_DEVICE(0x042a, info), /* GT3 server */ \ ++ INTEL_VGA_DEVICE(0x042B, info), /* GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x042E, info), /* GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0C22, info), /* SDV GT3 desktop */ \ ++ INTEL_VGA_DEVICE(0x0C2A, info), /* SDV GT3 server */ \ ++ INTEL_VGA_DEVICE(0x0C2B, info), /* SDV GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0C2E, info), /* SDV GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0A22, info), /* ULT GT3 desktop */ \ ++ INTEL_VGA_DEVICE(0x0A2A, info), /* ULT GT3 server */ \ ++ INTEL_VGA_DEVICE(0x0A2B, info), /* ULT GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0D22, info), /* CRW GT3 desktop */ \ ++ INTEL_VGA_DEVICE(0x0D2A, info), /* CRW GT3 server */ \ ++ INTEL_VGA_DEVICE(0x0D2B, info), /* CRW GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0D2E, info), /* CRW GT3 reserved */ \ ++ INTEL_VGA_DEVICE(0x0C26, info), /* SDV GT3 mobile */ \ ++ INTEL_VGA_DEVICE(0x0A26, info), /* ULT GT3 mobile */ \ + INTEL_VGA_DEVICE(0x0A2E, info), /* ULT GT3 reserved */ \ +- INTEL_VGA_DEVICE(0x0D06, info), /* CRW GT1 mobile */ \ +- INTEL_VGA_DEVICE(0x0D16, info), /* CRW GT2 mobile */ \ + INTEL_VGA_DEVICE(0x0D26, info) /* CRW GT3 mobile */ + ++#define INTEL_HSW_IDS(info) \ ++ INTEL_HSW_GT1_IDS(info), \ ++ INTEL_HSW_GT2_IDS(info), \ ++ INTEL_HSW_GT3_IDS(info) ++ + #define INTEL_VLV_IDS(info) \ + INTEL_VGA_DEVICE(0x0f30, info), \ + INTEL_VGA_DEVICE(0x0f31, info), \ +@@ -212,17 +245,19 @@ + INTEL_VGA_DEVICE(0x0157, info), \ + INTEL_VGA_DEVICE(0x0155, info) + +-#define INTEL_BDW_GT12_IDS(info) \ ++#define INTEL_BDW_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x1602, info), /* GT1 ULT */ \ + INTEL_VGA_DEVICE(0x1606, info), /* GT1 ULT */ \ + INTEL_VGA_DEVICE(0x160B, info), /* GT1 Iris */ \ + INTEL_VGA_DEVICE(0x160E, info), /* GT1 ULX */ \ +- INTEL_VGA_DEVICE(0x1612, info), /* GT2 Halo */ \ ++ INTEL_VGA_DEVICE(0x160A, info), /* GT1 Server */ \ ++ INTEL_VGA_DEVICE(0x160D, info) /* GT1 Workstation */ ++ ++#define INTEL_BDW_GT2_IDS(info) \ ++ INTEL_VGA_DEVICE(0x1612, info), /* GT2 Halo */ \ + INTEL_VGA_DEVICE(0x1616, info), /* GT2 ULT */ \ + INTEL_VGA_DEVICE(0x161B, info), /* GT2 ULT */ \ +- INTEL_VGA_DEVICE(0x161E, info), /* GT2 ULX */ \ +- INTEL_VGA_DEVICE(0x160A, info), /* GT1 Server */ \ +- INTEL_VGA_DEVICE(0x160D, info), /* GT1 Workstation */ \ ++ INTEL_VGA_DEVICE(0x161E, info), /* GT2 ULX */ \ + INTEL_VGA_DEVICE(0x161A, info), /* GT2 Server */ \ + INTEL_VGA_DEVICE(0x161D, info) /* GT2 Workstation */ + +@@ -243,7 +278,8 @@ + INTEL_VGA_DEVICE(0x163D, info) /* Workstation */ + + #define INTEL_BDW_IDS(info) \ +- INTEL_BDW_GT12_IDS(info), \ ++ INTEL_BDW_GT1_IDS(info), \ ++ INTEL_BDW_GT2_IDS(info), \ + INTEL_BDW_GT3_IDS(info), \ + INTEL_BDW_RSVD_IDS(info) + +@@ -303,7 +339,6 @@ + #define INTEL_KBL_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x5913, info), /* ULT GT1.5 */ \ + INTEL_VGA_DEVICE(0x5915, info), /* ULX GT1.5 */ \ +- INTEL_VGA_DEVICE(0x5917, info), /* DT GT1.5 */ \ + INTEL_VGA_DEVICE(0x5906, info), /* ULT GT1 */ \ + INTEL_VGA_DEVICE(0x590E, info), /* ULX GT1 */ \ + INTEL_VGA_DEVICE(0x5902, info), /* DT GT1 */ \ +@@ -313,6 +348,7 @@ + + #define INTEL_KBL_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x5916, info), /* ULT GT2 */ \ ++ INTEL_VGA_DEVICE(0x5917, info), /* Mobile GT2 */ \ + INTEL_VGA_DEVICE(0x5921, info), /* ULT GT2F */ \ + INTEL_VGA_DEVICE(0x591E, info), /* ULX GT2 */ \ + INTEL_VGA_DEVICE(0x5912, info), /* DT GT2 */ \ +@@ -335,25 +371,33 @@ + INTEL_KBL_GT4_IDS(info) + + /* CFL S */ +-#define INTEL_CFL_S_IDS(info) \ ++#define INTEL_CFL_S_GT1_IDS(info) \ + INTEL_VGA_DEVICE(0x3E90, info), /* SRV GT1 */ \ +- INTEL_VGA_DEVICE(0x3E93, info), /* SRV GT1 */ \ ++ INTEL_VGA_DEVICE(0x3E93, info) /* SRV GT1 */ ++ ++#define INTEL_CFL_S_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x3E91, info), /* SRV GT2 */ \ + INTEL_VGA_DEVICE(0x3E92, info), /* SRV GT2 */ \ + INTEL_VGA_DEVICE(0x3E96, info) /* SRV GT2 */ + + /* CFL H */ +-#define INTEL_CFL_H_IDS(info) \ ++#define INTEL_CFL_H_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x3E9B, info), /* Halo GT2 */ \ + INTEL_VGA_DEVICE(0x3E94, info) /* Halo GT2 */ + + /* CFL U */ +-#define INTEL_CFL_U_IDS(info) \ ++#define INTEL_CFL_U_GT3_IDS(info) \ + INTEL_VGA_DEVICE(0x3EA6, info), /* ULT GT3 */ \ + INTEL_VGA_DEVICE(0x3EA7, info), /* ULT GT3 */ \ + INTEL_VGA_DEVICE(0x3EA8, info), /* ULT GT3 */ \ + INTEL_VGA_DEVICE(0x3EA5, info) /* ULT GT3 */ + ++#define INTEL_CFL_IDS(info) \ ++ INTEL_CFL_S_GT1_IDS(info), \ ++ INTEL_CFL_S_GT2_IDS(info), \ ++ INTEL_CFL_H_GT2_IDS(info), \ ++ INTEL_CFL_U_GT3_IDS(info) ++ + /* CNL U 2+2 */ + #define INTEL_CNL_U_GT2_IDS(info) \ + INTEL_VGA_DEVICE(0x5A52, info), \ +diff --git a/include/linux/c2port.h b/include/linux/c2port.h +index 4efabcb51347..f2736348ca26 100644 +--- a/include/linux/c2port.h ++++ b/include/linux/c2port.h +@@ -9,8 +9,6 @@ + * the Free Software Foundation + */ + +-#include +- + #define C2PORT_NAME_LEN 32 + + struct device; +@@ -22,10 +20,8 @@ struct device; + /* Main struct */ + struct c2port_ops; + struct c2port_device { +- kmemcheck_bitfield_begin(flags); + unsigned int access:1; + unsigned int flash_access:1; +- kmemcheck_bitfield_end(flags); + + int id; + char name[C2PORT_NAME_LEN]; +diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h +index 2272ded07496..bf09213895f7 100644 +--- a/include/linux/compiler-gcc.h ++++ b/include/linux/compiler-gcc.h +@@ -167,8 +167,6 @@ + + #if GCC_VERSION >= 40100 + # define __compiletime_object_size(obj) __builtin_object_size(obj, 0) +- +-#define __nostackprotector __attribute__((__optimize__("no-stack-protector"))) + #endif + + #if GCC_VERSION >= 40300 +@@ -196,6 +194,11 @@ + #endif /* __CHECKER__ */ + #endif /* GCC_VERSION >= 40300 */ + ++#if GCC_VERSION >= 40400 ++#define __optimize(level) __attribute__((__optimize__(level))) ++#define __nostackprotector __optimize("no-stack-protector") ++#endif /* GCC_VERSION >= 40400 */ ++ + #if GCC_VERSION >= 40500 + + #ifndef __CHECKER__ +diff --git a/include/linux/compiler.h b/include/linux/compiler.h +index fab5dc250c61..e8c9cd18bb05 100644 +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -266,6 +266,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s + + #endif /* __ASSEMBLY__ */ + ++#ifndef __optimize ++# define __optimize(level) ++#endif ++ + /* Compile time object size, -1 for unknown */ + #ifndef __compiletime_object_size + # define __compiletime_object_size(obj) -1 +diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h +index 8f7788d23b57..a6989e02d0a0 100644 +--- a/include/linux/cpuidle.h ++++ b/include/linux/cpuidle.h +@@ -225,7 +225,7 @@ static inline void cpuidle_coupled_parallel_barrier(struct cpuidle_device *dev, + } + #endif + +-#ifdef CONFIG_ARCH_HAS_CPU_RELAX ++#if defined(CONFIG_CPU_IDLE) && defined(CONFIG_ARCH_HAS_CPU_RELAX) + void cpuidle_poll_state_init(struct cpuidle_driver *drv); + #else + static inline void cpuidle_poll_state_init(struct cpuidle_driver *drv) {} +diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h +index 46930f82a988..7bf3b99e6fbb 100644 +--- a/include/linux/dma-mapping.h ++++ b/include/linux/dma-mapping.h +@@ -9,7 +9,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -230,7 +229,6 @@ static inline dma_addr_t dma_map_single_attrs(struct device *dev, void *ptr, + const struct dma_map_ops *ops = get_dma_ops(dev); + dma_addr_t addr; + +- kmemcheck_mark_initialized(ptr, size); + BUG_ON(!valid_dma_direction(dir)); + addr = ops->map_page(dev, virt_to_page(ptr), + offset_in_page(ptr), size, +@@ -263,11 +261,8 @@ static inline int dma_map_sg_attrs(struct device *dev, struct scatterlist *sg, + unsigned long attrs) + { + const struct dma_map_ops *ops = get_dma_ops(dev); +- int i, ents; +- struct scatterlist *s; ++ int ents; + +- for_each_sg(sg, s, nents, i) +- kmemcheck_mark_initialized(sg_virt(s), s->length); + BUG_ON(!valid_dma_direction(dir)); + ents = ops->map_sg(dev, sg, nents, dir, attrs); + BUG_ON(ents < 0); +@@ -297,7 +292,6 @@ static inline dma_addr_t dma_map_page_attrs(struct device *dev, + const struct dma_map_ops *ops = get_dma_ops(dev); + dma_addr_t addr; + +- kmemcheck_mark_initialized(page_address(page) + offset, size); + BUG_ON(!valid_dma_direction(dir)); + addr = ops->map_page(dev, page, offset, size, dir, attrs); + debug_dma_map_page(dev, page, offset, size, dir, addr, false); +diff --git a/include/linux/filter.h b/include/linux/filter.h +index 48ec57e70f9f..42197b16dd78 100644 +--- a/include/linux/filter.h ++++ b/include/linux/filter.h +@@ -454,13 +454,11 @@ struct bpf_binary_header { + + struct bpf_prog { + u16 pages; /* Number of allocated pages */ +- kmemcheck_bitfield_begin(meta); + u16 jited:1, /* Is our filter JIT'ed? */ + locked:1, /* Program image locked? */ + gpl_compatible:1, /* Is filter GPL compatible? */ + cb_access:1, /* Is control block accessed? */ + dst_needed:1; /* Do we need dst entry? */ +- kmemcheck_bitfield_end(meta); + enum bpf_prog_type type; /* Type of BPF program */ + u32 len; /* Number of filter blocks */ + u32 jited_len; /* Size of jited insns in bytes */ +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index 710143741eb5..b041f94678de 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -37,7 +37,6 @@ struct vm_area_struct; + #define ___GFP_THISNODE 0x40000u + #define ___GFP_ATOMIC 0x80000u + #define ___GFP_ACCOUNT 0x100000u +-#define ___GFP_NOTRACK 0x200000u + #define ___GFP_DIRECT_RECLAIM 0x400000u + #define ___GFP_WRITE 0x800000u + #define ___GFP_KSWAPD_RECLAIM 0x1000000u +@@ -201,19 +200,11 @@ struct vm_area_struct; + * __GFP_COMP address compound page metadata. + * + * __GFP_ZERO returns a zeroed page on success. +- * +- * __GFP_NOTRACK avoids tracking with kmemcheck. +- * +- * __GFP_NOTRACK_FALSE_POSITIVE is an alias of __GFP_NOTRACK. It's a means of +- * distinguishing in the source between false positives and allocations that +- * cannot be supported (e.g. page tables). + */ + #define __GFP_COLD ((__force gfp_t)___GFP_COLD) + #define __GFP_NOWARN ((__force gfp_t)___GFP_NOWARN) + #define __GFP_COMP ((__force gfp_t)___GFP_COMP) + #define __GFP_ZERO ((__force gfp_t)___GFP_ZERO) +-#define __GFP_NOTRACK ((__force gfp_t)___GFP_NOTRACK) +-#define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK) + + /* Disable lockdep for GFP context tracking */ + #define __GFP_NOLOCKDEP ((__force gfp_t)___GFP_NOLOCKDEP) +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index baeb872283d9..69c238210325 100644 +--- a/include/linux/interrupt.h ++++ b/include/linux/interrupt.h +@@ -594,21 +594,6 @@ static inline void tasklet_hi_schedule(struct tasklet_struct *t) + __tasklet_hi_schedule(t); + } + +-extern void __tasklet_hi_schedule_first(struct tasklet_struct *t); +- +-/* +- * This version avoids touching any other tasklets. Needed for kmemcheck +- * in order not to take any page faults while enqueueing this tasklet; +- * consider VERY carefully whether you really need this or +- * tasklet_hi_schedule()... +- */ +-static inline void tasklet_hi_schedule_first(struct tasklet_struct *t) +-{ +- if (!test_and_set_bit(TASKLET_STATE_SCHED, &t->state)) +- __tasklet_hi_schedule_first(t); +-} +- +- + static inline void tasklet_disable_nosync(struct tasklet_struct *t) + { + atomic_inc(&t->count); +diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h +index 606b6bce3a5b..29290bfb94a8 100644 +--- a/include/linux/jbd2.h ++++ b/include/linux/jbd2.h +@@ -418,26 +418,41 @@ static inline void jbd_unlock_bh_journal_head(struct buffer_head *bh) + #define JI_WAIT_DATA (1 << __JI_WAIT_DATA) + + /** +- * struct jbd_inode is the structure linking inodes in ordered mode +- * present in a transaction so that we can sync them during commit. ++ * struct jbd_inode - The jbd_inode type is the structure linking inodes in ++ * ordered mode present in a transaction so that we can sync them during commit. + */ + struct jbd2_inode { +- /* Which transaction does this inode belong to? Either the running +- * transaction or the committing one. [j_list_lock] */ ++ /** ++ * @i_transaction: ++ * ++ * Which transaction does this inode belong to? Either the running ++ * transaction or the committing one. [j_list_lock] ++ */ + transaction_t *i_transaction; + +- /* Pointer to the running transaction modifying inode's data in case +- * there is already a committing transaction touching it. [j_list_lock] */ ++ /** ++ * @i_next_transaction: ++ * ++ * Pointer to the running transaction modifying inode's data in case ++ * there is already a committing transaction touching it. [j_list_lock] ++ */ + transaction_t *i_next_transaction; + +- /* List of inodes in the i_transaction [j_list_lock] */ ++ /** ++ * @i_list: List of inodes in the i_transaction [j_list_lock] ++ */ + struct list_head i_list; + +- /* VFS inode this inode belongs to [constant during the lifetime +- * of the structure] */ ++ /** ++ * @i_vfs_inode: ++ * ++ * VFS inode this inode belongs to [constant for lifetime of structure] ++ */ + struct inode *i_vfs_inode; + +- /* Flags of inode [j_list_lock] */ ++ /** ++ * @i_flags: Flags of inode [j_list_lock] ++ */ + unsigned long i_flags; + }; + +@@ -447,12 +462,20 @@ struct jbd2_revoke_table_s; + * struct handle_s - The handle_s type is the concrete type associated with + * handle_t. + * @h_transaction: Which compound transaction is this update a part of? ++ * @h_journal: Which journal handle belongs to - used iff h_reserved set. ++ * @h_rsv_handle: Handle reserved for finishing the logical operation. + * @h_buffer_credits: Number of remaining buffers we are allowed to dirty. +- * @h_ref: Reference count on this handle +- * @h_err: Field for caller's use to track errors through large fs operations +- * @h_sync: flag for sync-on-close +- * @h_jdata: flag to force data journaling +- * @h_aborted: flag indicating fatal error on handle ++ * @h_ref: Reference count on this handle. ++ * @h_err: Field for caller's use to track errors through large fs operations. ++ * @h_sync: Flag for sync-on-close. ++ * @h_jdata: Flag to force data journaling. ++ * @h_reserved: Flag for handle for reserved credits. ++ * @h_aborted: Flag indicating fatal error on handle. ++ * @h_type: For handle statistics. ++ * @h_line_no: For handle statistics. ++ * @h_start_jiffies: Handle Start time. ++ * @h_requested_credits: Holds @h_buffer_credits after handle is started. ++ * @saved_alloc_context: Saved context while transaction is open. + **/ + + /* Docbook can't yet cope with the bit fields, but will leave the documentation +@@ -462,32 +485,23 @@ struct jbd2_revoke_table_s; + struct jbd2_journal_handle + { + union { +- /* Which compound transaction is this update a part of? */ + transaction_t *h_transaction; + /* Which journal handle belongs to - used iff h_reserved set */ + journal_t *h_journal; + }; + +- /* Handle reserved for finishing the logical operation */ + handle_t *h_rsv_handle; +- +- /* Number of remaining buffers we are allowed to dirty: */ + int h_buffer_credits; +- +- /* Reference count on this handle */ + int h_ref; +- +- /* Field for caller's use to track errors through large fs */ +- /* operations */ + int h_err; + + /* Flags [no locking] */ +- unsigned int h_sync: 1; /* sync-on-close */ +- unsigned int h_jdata: 1; /* force data journaling */ +- unsigned int h_reserved: 1; /* handle with reserved credits */ +- unsigned int h_aborted: 1; /* fatal error on handle */ +- unsigned int h_type: 8; /* for handle statistics */ +- unsigned int h_line_no: 16; /* for handle statistics */ ++ unsigned int h_sync: 1; ++ unsigned int h_jdata: 1; ++ unsigned int h_reserved: 1; ++ unsigned int h_aborted: 1; ++ unsigned int h_type: 8; ++ unsigned int h_line_no: 16; + + unsigned long h_start_jiffies; + unsigned int h_requested_credits; +@@ -729,228 +743,253 @@ jbd2_time_diff(unsigned long start, unsigned long end) + /** + * struct journal_s - The journal_s type is the concrete type associated with + * journal_t. +- * @j_flags: General journaling state flags +- * @j_errno: Is there an outstanding uncleared error on the journal (from a +- * prior abort)? +- * @j_sb_buffer: First part of superblock buffer +- * @j_superblock: Second part of superblock buffer +- * @j_format_version: Version of the superblock format +- * @j_state_lock: Protect the various scalars in the journal +- * @j_barrier_count: Number of processes waiting to create a barrier lock +- * @j_barrier: The barrier lock itself +- * @j_running_transaction: The current running transaction.. +- * @j_committing_transaction: the transaction we are pushing to disk +- * @j_checkpoint_transactions: a linked circular list of all transactions +- * waiting for checkpointing +- * @j_wait_transaction_locked: Wait queue for waiting for a locked transaction +- * to start committing, or for a barrier lock to be released +- * @j_wait_done_commit: Wait queue for waiting for commit to complete +- * @j_wait_commit: Wait queue to trigger commit +- * @j_wait_updates: Wait queue to wait for updates to complete +- * @j_wait_reserved: Wait queue to wait for reserved buffer credits to drop +- * @j_checkpoint_mutex: Mutex for locking against concurrent checkpoints +- * @j_head: Journal head - identifies the first unused block in the journal +- * @j_tail: Journal tail - identifies the oldest still-used block in the +- * journal. +- * @j_free: Journal free - how many free blocks are there in the journal? +- * @j_first: The block number of the first usable block +- * @j_last: The block number one beyond the last usable block +- * @j_dev: Device where we store the journal +- * @j_blocksize: blocksize for the location where we store the journal. +- * @j_blk_offset: starting block offset for into the device where we store the +- * journal +- * @j_fs_dev: Device which holds the client fs. For internal journal this will +- * be equal to j_dev +- * @j_reserved_credits: Number of buffers reserved from the running transaction +- * @j_maxlen: Total maximum capacity of the journal region on disk. +- * @j_list_lock: Protects the buffer lists and internal buffer state. +- * @j_inode: Optional inode where we store the journal. If present, all journal +- * block numbers are mapped into this inode via bmap(). +- * @j_tail_sequence: Sequence number of the oldest transaction in the log +- * @j_transaction_sequence: Sequence number of the next transaction to grant +- * @j_commit_sequence: Sequence number of the most recently committed +- * transaction +- * @j_commit_request: Sequence number of the most recent transaction wanting +- * commit +- * @j_uuid: Uuid of client object. +- * @j_task: Pointer to the current commit thread for this journal +- * @j_max_transaction_buffers: Maximum number of metadata buffers to allow in a +- * single compound commit transaction +- * @j_commit_interval: What is the maximum transaction lifetime before we begin +- * a commit? +- * @j_commit_timer: The timer used to wakeup the commit thread +- * @j_revoke_lock: Protect the revoke table +- * @j_revoke: The revoke table - maintains the list of revoked blocks in the +- * current transaction. +- * @j_revoke_table: alternate revoke tables for j_revoke +- * @j_wbuf: array of buffer_heads for jbd2_journal_commit_transaction +- * @j_wbufsize: maximum number of buffer_heads allowed in j_wbuf, the +- * number that will fit in j_blocksize +- * @j_last_sync_writer: most recent pid which did a synchronous write +- * @j_history_lock: Protect the transactions statistics history +- * @j_proc_entry: procfs entry for the jbd statistics directory +- * @j_stats: Overall statistics +- * @j_private: An opaque pointer to fs-private information. +- * @j_trans_commit_map: Lockdep entity to track transaction commit dependencies + */ +- + struct journal_s + { +- /* General journaling state flags [j_state_lock] */ ++ /** ++ * @j_flags: General journaling state flags [j_state_lock] ++ */ + unsigned long j_flags; + +- /* ++ /** ++ * @j_errno: ++ * + * Is there an outstanding uncleared error on the journal (from a prior + * abort)? [j_state_lock] + */ + int j_errno; + +- /* The superblock buffer */ ++ /** ++ * @j_sb_buffer: The first part of the superblock buffer. ++ */ + struct buffer_head *j_sb_buffer; ++ ++ /** ++ * @j_superblock: The second part of the superblock buffer. ++ */ + journal_superblock_t *j_superblock; + +- /* Version of the superblock format */ ++ /** ++ * @j_format_version: Version of the superblock format. ++ */ + int j_format_version; + +- /* +- * Protect the various scalars in the journal ++ /** ++ * @j_state_lock: Protect the various scalars in the journal. + */ + rwlock_t j_state_lock; + +- /* ++ /** ++ * @j_barrier_count: ++ * + * Number of processes waiting to create a barrier lock [j_state_lock] + */ + int j_barrier_count; + +- /* The barrier lock itself */ ++ /** ++ * @j_barrier: The barrier lock itself. ++ */ + struct mutex j_barrier; + +- /* ++ /** ++ * @j_running_transaction: ++ * + * Transactions: The current running transaction... + * [j_state_lock] [caller holding open handle] + */ + transaction_t *j_running_transaction; + +- /* ++ /** ++ * @j_committing_transaction: ++ * + * the transaction we are pushing to disk + * [j_state_lock] [caller holding open handle] + */ + transaction_t *j_committing_transaction; + +- /* ++ /** ++ * @j_checkpoint_transactions: ++ * + * ... and a linked circular list of all transactions waiting for + * checkpointing. [j_list_lock] + */ + transaction_t *j_checkpoint_transactions; + +- /* ++ /** ++ * @j_wait_transaction_locked: ++ * + * Wait queue for waiting for a locked transaction to start committing, +- * or for a barrier lock to be released ++ * or for a barrier lock to be released. + */ + wait_queue_head_t j_wait_transaction_locked; + +- /* Wait queue for waiting for commit to complete */ ++ /** ++ * @j_wait_done_commit: Wait queue for waiting for commit to complete. ++ */ + wait_queue_head_t j_wait_done_commit; + +- /* Wait queue to trigger commit */ ++ /** ++ * @j_wait_commit: Wait queue to trigger commit. ++ */ + wait_queue_head_t j_wait_commit; + +- /* Wait queue to wait for updates to complete */ ++ /** ++ * @j_wait_updates: Wait queue to wait for updates to complete. ++ */ + wait_queue_head_t j_wait_updates; + +- /* Wait queue to wait for reserved buffer credits to drop */ ++ /** ++ * @j_wait_reserved: ++ * ++ * Wait queue to wait for reserved buffer credits to drop. ++ */ + wait_queue_head_t j_wait_reserved; + +- /* Semaphore for locking against concurrent checkpoints */ ++ /** ++ * @j_checkpoint_mutex: ++ * ++ * Semaphore for locking against concurrent checkpoints. ++ */ + struct mutex j_checkpoint_mutex; + +- /* ++ /** ++ * @j_chkpt_bhs: ++ * + * List of buffer heads used by the checkpoint routine. This + * was moved from jbd2_log_do_checkpoint() to reduce stack + * usage. Access to this array is controlled by the +- * j_checkpoint_mutex. [j_checkpoint_mutex] ++ * @j_checkpoint_mutex. [j_checkpoint_mutex] + */ + struct buffer_head *j_chkpt_bhs[JBD2_NR_BATCH]; +- +- /* ++ ++ /** ++ * @j_head: ++ * + * Journal head: identifies the first unused block in the journal. + * [j_state_lock] + */ + unsigned long j_head; + +- /* ++ /** ++ * @j_tail: ++ * + * Journal tail: identifies the oldest still-used block in the journal. + * [j_state_lock] + */ + unsigned long j_tail; + +- /* ++ /** ++ * @j_free: ++ * + * Journal free: how many free blocks are there in the journal? + * [j_state_lock] + */ + unsigned long j_free; + +- /* +- * Journal start and end: the block numbers of the first usable block +- * and one beyond the last usable block in the journal. [j_state_lock] ++ /** ++ * @j_first: ++ * ++ * The block number of the first usable block in the journal ++ * [j_state_lock]. + */ + unsigned long j_first; ++ ++ /** ++ * @j_last: ++ * ++ * The block number one beyond the last usable block in the journal ++ * [j_state_lock]. ++ */ + unsigned long j_last; + +- /* +- * Device, blocksize and starting block offset for the location where we +- * store the journal. ++ /** ++ * @j_dev: Device where we store the journal. + */ + struct block_device *j_dev; ++ ++ /** ++ * @j_blocksize: Block size for the location where we store the journal. ++ */ + int j_blocksize; ++ ++ /** ++ * @j_blk_offset: ++ * ++ * Starting block offset into the device where we store the journal. ++ */ + unsigned long long j_blk_offset; ++ ++ /** ++ * @j_devname: Journal device name. ++ */ + char j_devname[BDEVNAME_SIZE+24]; + +- /* ++ /** ++ * @j_fs_dev: ++ * + * Device which holds the client fs. For internal journal this will be + * equal to j_dev. + */ + struct block_device *j_fs_dev; + +- /* Total maximum capacity of the journal region on disk. */ ++ /** ++ * @j_maxlen: Total maximum capacity of the journal region on disk. ++ */ + unsigned int j_maxlen; + +- /* Number of buffers reserved from the running transaction */ ++ /** ++ * @j_reserved_credits: ++ * ++ * Number of buffers reserved from the running transaction. ++ */ + atomic_t j_reserved_credits; + +- /* +- * Protects the buffer lists and internal buffer state. ++ /** ++ * @j_list_lock: Protects the buffer lists and internal buffer state. + */ + spinlock_t j_list_lock; + +- /* Optional inode where we store the journal. If present, all */ +- /* journal block numbers are mapped into this inode via */ +- /* bmap(). */ ++ /** ++ * @j_inode: ++ * ++ * Optional inode where we store the journal. If present, all ++ * journal block numbers are mapped into this inode via bmap(). ++ */ + struct inode *j_inode; + +- /* ++ /** ++ * @j_tail_sequence: ++ * + * Sequence number of the oldest transaction in the log [j_state_lock] + */ + tid_t j_tail_sequence; + +- /* ++ /** ++ * @j_transaction_sequence: ++ * + * Sequence number of the next transaction to grant [j_state_lock] + */ + tid_t j_transaction_sequence; + +- /* ++ /** ++ * @j_commit_sequence: ++ * + * Sequence number of the most recently committed transaction + * [j_state_lock]. + */ + tid_t j_commit_sequence; + +- /* ++ /** ++ * @j_commit_request: ++ * + * Sequence number of the most recent transaction wanting commit + * [j_state_lock] + */ + tid_t j_commit_request; + +- /* ++ /** ++ * @j_uuid: ++ * + * Journal uuid: identifies the object (filesystem, LVM volume etc) + * backed by this journal. This will eventually be replaced by an array + * of uuids, allowing us to index multiple devices within a single +@@ -958,85 +997,151 @@ struct journal_s + */ + __u8 j_uuid[16]; + +- /* Pointer to the current commit thread for this journal */ ++ /** ++ * @j_task: Pointer to the current commit thread for this journal. ++ */ + struct task_struct *j_task; + +- /* ++ /** ++ * @j_max_transaction_buffers: ++ * + * Maximum number of metadata buffers to allow in a single compound +- * commit transaction ++ * commit transaction. + */ + int j_max_transaction_buffers; + +- /* ++ /** ++ * @j_commit_interval: ++ * + * What is the maximum transaction lifetime before we begin a commit? + */ + unsigned long j_commit_interval; + +- /* The timer used to wakeup the commit thread: */ ++ /** ++ * @j_commit_timer: The timer used to wakeup the commit thread. ++ */ + struct timer_list j_commit_timer; + +- /* +- * The revoke table: maintains the list of revoked blocks in the +- * current transaction. [j_revoke_lock] ++ /** ++ * @j_revoke_lock: Protect the revoke table. + */ + spinlock_t j_revoke_lock; ++ ++ /** ++ * @j_revoke: ++ * ++ * The revoke table - maintains the list of revoked blocks in the ++ * current transaction. ++ */ + struct jbd2_revoke_table_s *j_revoke; ++ ++ /** ++ * @j_revoke_table: Alternate revoke tables for j_revoke. ++ */ + struct jbd2_revoke_table_s *j_revoke_table[2]; + +- /* +- * array of bhs for jbd2_journal_commit_transaction ++ /** ++ * @j_wbuf: Array of bhs for jbd2_journal_commit_transaction. + */ + struct buffer_head **j_wbuf; ++ ++ /** ++ * @j_wbufsize: ++ * ++ * Size of @j_wbuf array. ++ */ + int j_wbufsize; + +- /* +- * this is the pid of hte last person to run a synchronous operation +- * through the journal ++ /** ++ * @j_last_sync_writer: ++ * ++ * The pid of the last person to run a synchronous operation ++ * through the journal. + */ + pid_t j_last_sync_writer; + +- /* +- * the average amount of time in nanoseconds it takes to commit a ++ /** ++ * @j_average_commit_time: ++ * ++ * The average amount of time in nanoseconds it takes to commit a + * transaction to disk. [j_state_lock] + */ + u64 j_average_commit_time; + +- /* +- * minimum and maximum times that we should wait for +- * additional filesystem operations to get batched into a +- * synchronous handle in microseconds ++ /** ++ * @j_min_batch_time: ++ * ++ * Minimum time that we should wait for additional filesystem operations ++ * to get batched into a synchronous handle in microseconds. + */ + u32 j_min_batch_time; ++ ++ /** ++ * @j_max_batch_time: ++ * ++ * Maximum time that we should wait for additional filesystem operations ++ * to get batched into a synchronous handle in microseconds. ++ */ + u32 j_max_batch_time; + +- /* This function is called when a transaction is closed */ ++ /** ++ * @j_commit_callback: ++ * ++ * This function is called when a transaction is closed. ++ */ + void (*j_commit_callback)(journal_t *, + transaction_t *); + + /* + * Journal statistics + */ ++ ++ /** ++ * @j_history_lock: Protect the transactions statistics history. ++ */ + spinlock_t j_history_lock; ++ ++ /** ++ * @j_proc_entry: procfs entry for the jbd statistics directory. ++ */ + struct proc_dir_entry *j_proc_entry; ++ ++ /** ++ * @j_stats: Overall statistics. ++ */ + struct transaction_stats_s j_stats; + +- /* Failed journal commit ID */ ++ /** ++ * @j_failed_commit: Failed journal commit ID. ++ */ + unsigned int j_failed_commit; + +- /* ++ /** ++ * @j_private: ++ * + * An opaque pointer to fs-private information. ext3 puts its +- * superblock pointer here ++ * superblock pointer here. + */ + void *j_private; + +- /* Reference to checksum algorithm driver via cryptoapi */ ++ /** ++ * @j_chksum_driver: ++ * ++ * Reference to checksum algorithm driver via cryptoapi. ++ */ + struct crypto_shash *j_chksum_driver; + +- /* Precomputed journal UUID checksum for seeding other checksums */ ++ /** ++ * @j_csum_seed: ++ * ++ * Precomputed journal UUID checksum for seeding other checksums. ++ */ + __u32 j_csum_seed; + + #ifdef CONFIG_DEBUG_LOCK_ALLOC +- /* ++ /** ++ * @j_trans_commit_map: ++ * + * Lockdep entity to track transaction commit dependencies. Handles + * hold this "lock" for read, when we wait for commit, we acquire the + * "lock" for writing. This matches the properties of jbd2 journalling +diff --git a/include/linux/kmemcheck.h b/include/linux/kmemcheck.h +deleted file mode 100644 +index 7b1d7bead7d9..000000000000 +--- a/include/linux/kmemcheck.h ++++ /dev/null +@@ -1,172 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef LINUX_KMEMCHECK_H +-#define LINUX_KMEMCHECK_H +- +-#include +-#include +- +-#ifdef CONFIG_KMEMCHECK +-extern int kmemcheck_enabled; +- +-/* The slab-related functions. */ +-void kmemcheck_alloc_shadow(struct page *page, int order, gfp_t flags, int node); +-void kmemcheck_free_shadow(struct page *page, int order); +-void kmemcheck_slab_alloc(struct kmem_cache *s, gfp_t gfpflags, void *object, +- size_t size); +-void kmemcheck_slab_free(struct kmem_cache *s, void *object, size_t size); +- +-void kmemcheck_pagealloc_alloc(struct page *p, unsigned int order, +- gfp_t gfpflags); +- +-void kmemcheck_show_pages(struct page *p, unsigned int n); +-void kmemcheck_hide_pages(struct page *p, unsigned int n); +- +-bool kmemcheck_page_is_tracked(struct page *p); +- +-void kmemcheck_mark_unallocated(void *address, unsigned int n); +-void kmemcheck_mark_uninitialized(void *address, unsigned int n); +-void kmemcheck_mark_initialized(void *address, unsigned int n); +-void kmemcheck_mark_freed(void *address, unsigned int n); +- +-void kmemcheck_mark_unallocated_pages(struct page *p, unsigned int n); +-void kmemcheck_mark_uninitialized_pages(struct page *p, unsigned int n); +-void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n); +- +-int kmemcheck_show_addr(unsigned long address); +-int kmemcheck_hide_addr(unsigned long address); +- +-bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size); +- +-/* +- * Bitfield annotations +- * +- * How to use: If you have a struct using bitfields, for example +- * +- * struct a { +- * int x:8, y:8; +- * }; +- * +- * then this should be rewritten as +- * +- * struct a { +- * kmemcheck_bitfield_begin(flags); +- * int x:8, y:8; +- * kmemcheck_bitfield_end(flags); +- * }; +- * +- * Now the "flags_begin" and "flags_end" members may be used to refer to the +- * beginning and end, respectively, of the bitfield (and things like +- * &x.flags_begin is allowed). As soon as the struct is allocated, the bit- +- * fields should be annotated: +- * +- * struct a *a = kmalloc(sizeof(struct a), GFP_KERNEL); +- * kmemcheck_annotate_bitfield(a, flags); +- */ +-#define kmemcheck_bitfield_begin(name) \ +- int name##_begin[0]; +- +-#define kmemcheck_bitfield_end(name) \ +- int name##_end[0]; +- +-#define kmemcheck_annotate_bitfield(ptr, name) \ +- do { \ +- int _n; \ +- \ +- if (!ptr) \ +- break; \ +- \ +- _n = (long) &((ptr)->name##_end) \ +- - (long) &((ptr)->name##_begin); \ +- BUILD_BUG_ON(_n < 0); \ +- \ +- kmemcheck_mark_initialized(&((ptr)->name##_begin), _n); \ +- } while (0) +- +-#define kmemcheck_annotate_variable(var) \ +- do { \ +- kmemcheck_mark_initialized(&(var), sizeof(var)); \ +- } while (0) \ +- +-#else +-#define kmemcheck_enabled 0 +- +-static inline void +-kmemcheck_alloc_shadow(struct page *page, int order, gfp_t flags, int node) +-{ +-} +- +-static inline void +-kmemcheck_free_shadow(struct page *page, int order) +-{ +-} +- +-static inline void +-kmemcheck_slab_alloc(struct kmem_cache *s, gfp_t gfpflags, void *object, +- size_t size) +-{ +-} +- +-static inline void kmemcheck_slab_free(struct kmem_cache *s, void *object, +- size_t size) +-{ +-} +- +-static inline void kmemcheck_pagealloc_alloc(struct page *p, +- unsigned int order, gfp_t gfpflags) +-{ +-} +- +-static inline bool kmemcheck_page_is_tracked(struct page *p) +-{ +- return false; +-} +- +-static inline void kmemcheck_mark_unallocated(void *address, unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_uninitialized(void *address, unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_initialized(void *address, unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_freed(void *address, unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_unallocated_pages(struct page *p, +- unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_uninitialized_pages(struct page *p, +- unsigned int n) +-{ +-} +- +-static inline void kmemcheck_mark_initialized_pages(struct page *p, +- unsigned int n) +-{ +-} +- +-static inline bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size) +-{ +- return true; +-} +- +-#define kmemcheck_bitfield_begin(name) +-#define kmemcheck_bitfield_end(name) +-#define kmemcheck_annotate_bitfield(ptr, name) \ +- do { \ +- } while (0) +- +-#define kmemcheck_annotate_variable(var) \ +- do { \ +- } while (0) +- +-#endif /* CONFIG_KMEMCHECK */ +- +-#endif /* LINUX_KMEMCHECK_H */ +diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h +index a13525daf09b..ae15864c8708 100644 +--- a/include/linux/mlx5/driver.h ++++ b/include/linux/mlx5/driver.h +@@ -1201,7 +1201,7 @@ mlx5_get_vector_affinity(struct mlx5_core_dev *dev, int vector) + int eqn; + int err; + +- err = mlx5_vector2eqn(dev, vector, &eqn, &irq); ++ err = mlx5_vector2eqn(dev, MLX5_EQ_VEC_COMP_BASE + vector, &eqn, &irq); + if (err) + return NULL; + +diff --git a/include/linux/mm_inline.h b/include/linux/mm_inline.h +index c30b32e3c862..10191c28fc04 100644 +--- a/include/linux/mm_inline.h ++++ b/include/linux/mm_inline.h +@@ -127,10 +127,4 @@ static __always_inline enum lru_list page_lru(struct page *page) + + #define lru_to_page(head) (list_entry((head)->prev, struct page, lru)) + +-#ifdef arch_unmap_kpfn +-extern void arch_unmap_kpfn(unsigned long pfn); +-#else +-static __always_inline void arch_unmap_kpfn(unsigned long pfn) { } +-#endif +- + #endif +diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h +index c85f11dafd56..9f0bb908e2b5 100644 +--- a/include/linux/mm_types.h ++++ b/include/linux/mm_types.h +@@ -207,14 +207,6 @@ struct page { + not kmapped, ie. highmem) */ + #endif /* WANT_PAGE_VIRTUAL */ + +-#ifdef CONFIG_KMEMCHECK +- /* +- * kmemcheck wants to track the status of each byte in a page; this +- * is a pointer to such a status block. NULL if not tracked. +- */ +- void *shadow; +-#endif +- + #ifdef LAST_CPUPID_NOT_IN_PAGE_FLAGS + int _last_cpupid; + #endif +diff --git a/include/linux/net.h b/include/linux/net.h +index d97d80d7fdf8..caeb159abda5 100644 +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -22,7 +22,6 @@ + #include + #include + #include /* For O_CLOEXEC and O_NONBLOCK */ +-#include + #include + #include + #include +@@ -111,9 +110,7 @@ struct socket_wq { + struct socket { + socket_state state; + +- kmemcheck_bitfield_begin(type); + short type; +- kmemcheck_bitfield_end(type); + + unsigned long flags; + +diff --git a/include/linux/nospec.h b/include/linux/nospec.h +index b99bced39ac2..fbc98e2c8228 100644 +--- a/include/linux/nospec.h ++++ b/include/linux/nospec.h +@@ -19,20 +19,6 @@ + static inline unsigned long array_index_mask_nospec(unsigned long index, + unsigned long size) + { +- /* +- * Warn developers about inappropriate array_index_nospec() usage. +- * +- * Even if the CPU speculates past the WARN_ONCE branch, the +- * sign bit of @index is taken into account when generating the +- * mask. +- * +- * This warning is compiled out when the compiler can infer that +- * @index and @size are less than LONG_MAX. +- */ +- if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, +- "array_index_nospec() limited to range of [0, LONG_MAX]\n")) +- return 0; +- + /* + * Always calculate and emit the mask even if the compiler + * thinks the mask is not needed. The compiler does not take +@@ -43,6 +29,26 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + } + #endif + ++/* ++ * Warn developers about inappropriate array_index_nospec() usage. ++ * ++ * Even if the CPU speculates past the WARN_ONCE branch, the ++ * sign bit of @index is taken into account when generating the ++ * mask. ++ * ++ * This warning is compiled out when the compiler can infer that ++ * @index and @size are less than LONG_MAX. ++ */ ++#define array_index_mask_nospec_check(index, size) \ ++({ \ ++ if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, \ ++ "array_index_nospec() limited to range of [0, LONG_MAX]\n")) \ ++ _mask = 0; \ ++ else \ ++ _mask = array_index_mask_nospec(index, size); \ ++ _mask; \ ++}) ++ + /* + * array_index_nospec - sanitize an array index after a bounds check + * +@@ -61,7 +67,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + ({ \ + typeof(index) _i = (index); \ + typeof(size) _s = (size); \ +- unsigned long _mask = array_index_mask_nospec(_i, _s); \ ++ unsigned long _mask = array_index_mask_nospec_check(_i, _s); \ + \ + BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \ + BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \ +diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h +index fa6ace66fea5..289e4d54e3e0 100644 +--- a/include/linux/ring_buffer.h ++++ b/include/linux/ring_buffer.h +@@ -2,7 +2,6 @@ + #ifndef _LINUX_RING_BUFFER_H + #define _LINUX_RING_BUFFER_H + +-#include + #include + #include + #include +@@ -14,9 +13,7 @@ struct ring_buffer_iter; + * Don't refer to this struct directly, use functions below. + */ + struct ring_buffer_event { +- kmemcheck_bitfield_begin(bitfield); + u32 type_len:5, time_delta:27; +- kmemcheck_bitfield_end(bitfield); + + u32 array[]; + }; +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index 051e0939ec19..be45224b01d7 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -15,7 +15,6 @@ + #define _LINUX_SKBUFF_H + + #include +-#include + #include + #include + #include +@@ -706,7 +705,6 @@ struct sk_buff { + /* Following fields are _not_ copied in __copy_skb_header() + * Note that queue_mapping is here mostly to fill a hole. + */ +- kmemcheck_bitfield_begin(flags1); + __u16 queue_mapping; + + /* if you move cloned around you also must adapt those constants */ +@@ -725,7 +723,6 @@ struct sk_buff { + head_frag:1, + xmit_more:1, + __unused:1; /* one bit hole */ +- kmemcheck_bitfield_end(flags1); + + /* fields enclosed in headers_start/headers_end are copied + * using a single memcpy() in __copy_skb_header() +diff --git a/include/linux/slab.h b/include/linux/slab.h +index af5aa65c7c18..ae5ed6492d54 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -78,12 +78,6 @@ + + #define SLAB_NOLEAKTRACE 0x00800000UL /* Avoid kmemleak tracing */ + +-/* Don't track use of uninitialized memory */ +-#ifdef CONFIG_KMEMCHECK +-# define SLAB_NOTRACK 0x01000000UL +-#else +-# define SLAB_NOTRACK 0x00000000UL +-#endif + #ifdef CONFIG_FAILSLAB + # define SLAB_FAILSLAB 0x02000000UL /* Fault injection mark */ + #else +diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h +index 4bcdf00c110f..34f053a150a9 100644 +--- a/include/linux/thread_info.h ++++ b/include/linux/thread_info.h +@@ -44,10 +44,9 @@ enum { + #endif + + #if IS_ENABLED(CONFIG_DEBUG_STACK_USAGE) || IS_ENABLED(CONFIG_DEBUG_KMEMLEAK) +-# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK | \ +- __GFP_ZERO) ++# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_ZERO) + #else +-# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT | __GFP_NOTRACK) ++# define THREADINFO_GFP (GFP_KERNEL_ACCOUNT) + #endif + + /* +diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h +index db8162dd8c0b..8e51b4a69088 100644 +--- a/include/net/inet_sock.h ++++ b/include/net/inet_sock.h +@@ -17,7 +17,6 @@ + #define _INET_SOCK_H + + #include +-#include + #include + #include + #include +@@ -84,7 +83,6 @@ struct inet_request_sock { + #define ireq_state req.__req_common.skc_state + #define ireq_family req.__req_common.skc_family + +- kmemcheck_bitfield_begin(flags); + u16 snd_wscale : 4, + rcv_wscale : 4, + tstamp_ok : 1, +@@ -93,7 +91,6 @@ struct inet_request_sock { + ecn_ok : 1, + acked : 1, + no_srccheck: 1; +- kmemcheck_bitfield_end(flags); + u32 ir_mark; + union { + struct ip_options_rcu __rcu *ireq_opt; +diff --git a/include/net/inet_timewait_sock.h b/include/net/inet_timewait_sock.h +index 6a75d67a30fd..1356fa6a7566 100644 +--- a/include/net/inet_timewait_sock.h ++++ b/include/net/inet_timewait_sock.h +@@ -15,8 +15,6 @@ + #ifndef _INET_TIMEWAIT_SOCK_ + #define _INET_TIMEWAIT_SOCK_ + +- +-#include + #include + #include + #include +@@ -69,14 +67,12 @@ struct inet_timewait_sock { + /* Socket demultiplex comparisons on incoming packets. */ + /* these three are in inet_sock */ + __be16 tw_sport; +- kmemcheck_bitfield_begin(flags); + /* And these are ours. */ + unsigned int tw_kill : 1, + tw_transparent : 1, + tw_flowlabel : 20, + tw_pad : 2, /* 2 bits hole */ + tw_tos : 8; +- kmemcheck_bitfield_end(flags); + struct timer_list tw_timer; + struct inet_bind_bucket *tw_tb; + }; +diff --git a/include/net/sock.h b/include/net/sock.h +index 006580155a87..9bd5d68076d9 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -436,7 +436,6 @@ struct sock { + #define SK_FL_TYPE_MASK 0xffff0000 + #endif + +- kmemcheck_bitfield_begin(flags); + unsigned int sk_padding : 1, + sk_kern_sock : 1, + sk_no_check_tx : 1, +@@ -445,8 +444,6 @@ struct sock { + sk_protocol : 8, + sk_type : 16; + #define SK_PROTOCOL_MAX U8_MAX +- kmemcheck_bitfield_end(flags); +- + u16 sk_gso_max_segs; + unsigned long sk_lingertime; + struct proto *sk_prot_creator; +diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h +index e8608b2dc844..6533aa64f009 100644 +--- a/include/rdma/ib_verbs.h ++++ b/include/rdma/ib_verbs.h +@@ -971,9 +971,9 @@ struct ib_wc { + u32 invalidate_rkey; + } ex; + u32 src_qp; ++ u32 slid; + int wc_flags; + u16 pkey_index; +- u32 slid; + u8 sl; + u8 dlid_path_bits; + u8 port_num; /* valid only for DR SMPs on switches */ +diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h +index 648cbf603736..72162f3a03fa 100644 +--- a/include/trace/events/mmflags.h ++++ b/include/trace/events/mmflags.h +@@ -46,7 +46,6 @@ + {(unsigned long)__GFP_RECLAIMABLE, "__GFP_RECLAIMABLE"}, \ + {(unsigned long)__GFP_MOVABLE, "__GFP_MOVABLE"}, \ + {(unsigned long)__GFP_ACCOUNT, "__GFP_ACCOUNT"}, \ +- {(unsigned long)__GFP_NOTRACK, "__GFP_NOTRACK"}, \ + {(unsigned long)__GFP_WRITE, "__GFP_WRITE"}, \ + {(unsigned long)__GFP_RECLAIM, "__GFP_RECLAIM"}, \ + {(unsigned long)__GFP_DIRECT_RECLAIM, "__GFP_DIRECT_RECLAIM"},\ +diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h +index a7c8b452aab9..d791863b62fc 100644 +--- a/include/trace/events/xen.h ++++ b/include/trace/events/xen.h +@@ -365,7 +365,7 @@ TRACE_EVENT(xen_mmu_flush_tlb, + TP_printk("%s", "") + ); + +-TRACE_EVENT(xen_mmu_flush_tlb_single, ++TRACE_EVENT(xen_mmu_flush_tlb_one_user, + TP_PROTO(unsigned long addr), + TP_ARGS(addr), + TP_STRUCT__entry( +diff --git a/init/do_mounts.c b/init/do_mounts.c +index f6d4dd764a52..7cf4f6dafd5f 100644 +--- a/init/do_mounts.c ++++ b/init/do_mounts.c +@@ -380,8 +380,7 @@ static int __init do_mount_root(char *name, char *fs, int flags, void *data) + + void __init mount_block_root(char *name, int flags) + { +- struct page *page = alloc_page(GFP_KERNEL | +- __GFP_NOTRACK_FALSE_POSITIVE); ++ struct page *page = alloc_page(GFP_KERNEL); + char *fs_names = page_address(page); + char *p; + #ifdef CONFIG_BLOCK +diff --git a/init/main.c b/init/main.c +index b32ec72cdf3d..2d355a61dfc5 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -69,7 +69,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index 2246115365d9..d203a5d6b726 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -85,8 +85,6 @@ struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags) + if (fp == NULL) + return NULL; + +- kmemcheck_annotate_bitfield(fp, meta); +- + aux = kzalloc(sizeof(*aux), GFP_KERNEL | gfp_extra_flags); + if (aux == NULL) { + vfree(fp); +@@ -127,8 +125,6 @@ struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, + if (fp == NULL) { + __bpf_prog_uncharge(fp_old->aux->user, delta); + } else { +- kmemcheck_annotate_bitfield(fp, meta); +- + memcpy(fp, fp_old, fp_old->pages * PAGE_SIZE); + fp->pages = pages; + fp->aux->prog = fp; +@@ -662,8 +658,6 @@ static struct bpf_prog *bpf_prog_clone_create(struct bpf_prog *fp_other, + + fp = __vmalloc(fp_other->pages * PAGE_SIZE, gfp_flags, PAGE_KERNEL); + if (fp != NULL) { +- kmemcheck_annotate_bitfield(fp, meta); +- + /* aux->prog still points to the fp_other one, so + * when promoting the clone to the real program, + * this still needs to be adapted. +diff --git a/kernel/fork.c b/kernel/fork.c +index 500ce64517d9..98c91bd341b4 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -469,7 +469,7 @@ void __init fork_init(void) + /* create a slab on which task_structs can be allocated */ + task_struct_cachep = kmem_cache_create("task_struct", + arch_task_struct_size, align, +- SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, NULL); ++ SLAB_PANIC|SLAB_ACCOUNT, NULL); + #endif + + /* do the arch specific task caches init */ +@@ -2208,18 +2208,18 @@ void __init proc_caches_init(void) + sighand_cachep = kmem_cache_create("sighand_cache", + sizeof(struct sighand_struct), 0, + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_TYPESAFE_BY_RCU| +- SLAB_NOTRACK|SLAB_ACCOUNT, sighand_ctor); ++ SLAB_ACCOUNT, sighand_ctor); + signal_cachep = kmem_cache_create("signal_cache", + sizeof(struct signal_struct), 0, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, + NULL); + files_cachep = kmem_cache_create("files_cache", + sizeof(struct files_struct), 0, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, + NULL); + fs_cachep = kmem_cache_create("fs_cache", + sizeof(struct fs_struct), 0, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, + NULL); + /* + * FIXME! The "sizeof(struct mm_struct)" currently includes the +@@ -2230,7 +2230,7 @@ void __init proc_caches_init(void) + */ + mm_cachep = kmem_cache_create("mm_struct", + sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, + NULL); + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT); + mmap_init(); +diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c +index e36e652d996f..4d362d3e4571 100644 +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -47,7 +47,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -3225,8 +3224,6 @@ static void __lockdep_init_map(struct lockdep_map *lock, const char *name, + { + int i; + +- kmemcheck_mark_initialized(lock, sizeof(*lock)); +- + for (i = 0; i < NR_LOCKDEP_CACHING_CLASSES; i++) + lock->class_cache[i] = NULL; + +diff --git a/kernel/memremap.c b/kernel/memremap.c +index 403ab9cdb949..4712ce646e04 100644 +--- a/kernel/memremap.c ++++ b/kernel/memremap.c +@@ -301,7 +301,8 @@ static void devm_memremap_pages_release(struct device *dev, void *data) + + /* pages are dead and unused, undo the arch mapping */ + align_start = res->start & ~(SECTION_SIZE - 1); +- align_size = ALIGN(resource_size(res), SECTION_SIZE); ++ align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE) ++ - align_start; + + mem_hotplug_begin(); + arch_remove_memory(align_start, align_size); +diff --git a/kernel/signal.c b/kernel/signal.c +index 1facff1dbbae..6895f6bb98a7 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1038,8 +1038,7 @@ static int __send_signal(int sig, struct siginfo *info, struct task_struct *t, + else + override_rlimit = 0; + +- q = __sigqueue_alloc(sig, t, GFP_ATOMIC | __GFP_NOTRACK_FALSE_POSITIVE, +- override_rlimit); ++ q = __sigqueue_alloc(sig, t, GFP_ATOMIC, override_rlimit); + if (q) { + list_add_tail(&q->list, &pending->list); + switch ((unsigned long) info) { +diff --git a/kernel/softirq.c b/kernel/softirq.c +index 4e09821f9d9e..e89c3b0cff6d 100644 +--- a/kernel/softirq.c ++++ b/kernel/softirq.c +@@ -486,16 +486,6 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) + } + EXPORT_SYMBOL(__tasklet_hi_schedule); + +-void __tasklet_hi_schedule_first(struct tasklet_struct *t) +-{ +- BUG_ON(!irqs_disabled()); +- +- t->next = __this_cpu_read(tasklet_hi_vec.head); +- __this_cpu_write(tasklet_hi_vec.head, t); +- __raise_softirq_irqoff(HI_SOFTIRQ); +-} +-EXPORT_SYMBOL(__tasklet_hi_schedule_first); +- + static __latent_entropy void tasklet_action(struct softirq_action *a) + { + struct tasklet_struct *list; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 56aca862c4f5..069550540a39 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -30,7 +30,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -1173,15 +1172,6 @@ static struct ctl_table kern_table[] = { + .extra1 = &zero, + .extra2 = &one_thousand, + }, +-#endif +-#ifdef CONFIG_KMEMCHECK +- { +- .procname = "kmemcheck", +- .data = &kmemcheck_enabled, +- .maxlen = sizeof(int), +- .mode = 0644, +- .proc_handler = proc_dointvec, +- }, + #endif + { + .procname = "panic_on_warn", +diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig +index 434c840e2d82..4ad6f6ca18c1 100644 +--- a/kernel/trace/Kconfig ++++ b/kernel/trace/Kconfig +@@ -343,7 +343,7 @@ config PROFILE_ANNOTATED_BRANCHES + on if you need to profile the system's use of these macros. + + config PROFILE_ALL_BRANCHES +- bool "Profile all if conditionals" ++ bool "Profile all if conditionals" if !FORTIFY_SOURCE + select TRACE_BRANCH_PROFILING + help + This tracer profiles all branch conditions. Every if () +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 0476a9372014..39c221454186 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -13,7 +13,6 @@ + #include + #include + #include /* for self test */ +-#include + #include + #include + #include +@@ -2059,7 +2058,6 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, + } + + event = __rb_page_index(tail_page, tail); +- kmemcheck_annotate_bitfield(event, bitfield); + + /* account for padding bytes */ + local_add(BUF_PAGE_SIZE - tail, &cpu_buffer->entries_bytes); +@@ -2690,7 +2688,6 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, + /* We reserved something on the buffer */ + + event = __rb_page_index(tail_page, tail); +- kmemcheck_annotate_bitfield(event, bitfield); + rb_update_event(cpu_buffer, event, info); + + local_inc(&tail_page->entries); +diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c +index 61e7f0678d33..a764aec3c9a1 100644 +--- a/kernel/trace/trace_events_filter.c ++++ b/kernel/trace/trace_events_filter.c +@@ -400,7 +400,6 @@ enum regex_type filter_parse_regex(char *buff, int len, char **search, int *not) + for (i = 0; i < len; i++) { + if (buff[i] == '*') { + if (!i) { +- *search = buff + 1; + type = MATCH_END_ONLY; + } else if (i == len - 1) { + if (type == MATCH_END_ONLY) +@@ -410,14 +409,14 @@ enum regex_type filter_parse_regex(char *buff, int len, char **search, int *not) + buff[i] = 0; + break; + } else { /* pattern continues, use full glob */ +- type = MATCH_GLOB; +- break; ++ return MATCH_GLOB; + } + } else if (strchr("[?\\", buff[i])) { +- type = MATCH_GLOB; +- break; ++ return MATCH_GLOB; + } + } ++ if (buff[0] == '*') ++ *search = buff + 1; + + return type; + } +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 00cb02daeddd..62d0e25c054c 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -504,7 +504,7 @@ config DEBUG_OBJECTS_ENABLE_DEFAULT + + config DEBUG_SLAB + bool "Debug slab memory allocations" +- depends on DEBUG_KERNEL && SLAB && !KMEMCHECK ++ depends on DEBUG_KERNEL && SLAB + help + Say Y here to have the kernel do limited verification on memory + allocation as well as poisoning memory on free to catch use of freed +@@ -516,7 +516,7 @@ config DEBUG_SLAB_LEAK + + config SLUB_DEBUG_ON + bool "SLUB debugging on by default" +- depends on SLUB && SLUB_DEBUG && !KMEMCHECK ++ depends on SLUB && SLUB_DEBUG + default n + help + Boot with debugging on by default. SLUB boots by default with +@@ -730,8 +730,6 @@ config DEBUG_STACKOVERFLOW + + If in doubt, say "N". + +-source "lib/Kconfig.kmemcheck" +- + source "lib/Kconfig.kasan" + + endmenu # "Memory Debugging" +diff --git a/lib/Kconfig.kmemcheck b/lib/Kconfig.kmemcheck +deleted file mode 100644 +index 846e039a86b4..000000000000 +--- a/lib/Kconfig.kmemcheck ++++ /dev/null +@@ -1,94 +0,0 @@ +-config HAVE_ARCH_KMEMCHECK +- bool +- +-if HAVE_ARCH_KMEMCHECK +- +-menuconfig KMEMCHECK +- bool "kmemcheck: trap use of uninitialized memory" +- depends on DEBUG_KERNEL +- depends on !X86_USE_3DNOW +- depends on SLUB || SLAB +- depends on !CC_OPTIMIZE_FOR_SIZE +- depends on !FUNCTION_TRACER +- select FRAME_POINTER +- select STACKTRACE +- default n +- help +- This option enables tracing of dynamically allocated kernel memory +- to see if memory is used before it has been given an initial value. +- Be aware that this requires half of your memory for bookkeeping and +- will insert extra code at *every* read and write to tracked memory +- thus slow down the kernel code (but user code is unaffected). +- +- The kernel may be started with kmemcheck=0 or kmemcheck=1 to disable +- or enable kmemcheck at boot-time. If the kernel is started with +- kmemcheck=0, the large memory and CPU overhead is not incurred. +- +-choice +- prompt "kmemcheck: default mode at boot" +- depends on KMEMCHECK +- default KMEMCHECK_ONESHOT_BY_DEFAULT +- help +- This option controls the default behaviour of kmemcheck when the +- kernel boots and no kmemcheck= parameter is given. +- +-config KMEMCHECK_DISABLED_BY_DEFAULT +- bool "disabled" +- depends on KMEMCHECK +- +-config KMEMCHECK_ENABLED_BY_DEFAULT +- bool "enabled" +- depends on KMEMCHECK +- +-config KMEMCHECK_ONESHOT_BY_DEFAULT +- bool "one-shot" +- depends on KMEMCHECK +- help +- In one-shot mode, only the first error detected is reported before +- kmemcheck is disabled. +- +-endchoice +- +-config KMEMCHECK_QUEUE_SIZE +- int "kmemcheck: error queue size" +- depends on KMEMCHECK +- default 64 +- help +- Select the maximum number of errors to store in the queue. Since +- errors can occur virtually anywhere and in any context, we need a +- temporary storage area which is guarantueed not to generate any +- other faults. The queue will be emptied as soon as a tasklet may +- be scheduled. If the queue is full, new error reports will be +- lost. +- +-config KMEMCHECK_SHADOW_COPY_SHIFT +- int "kmemcheck: shadow copy size (5 => 32 bytes, 6 => 64 bytes)" +- depends on KMEMCHECK +- range 2 8 +- default 5 +- help +- Select the number of shadow bytes to save along with each entry of +- the queue. These bytes indicate what parts of an allocation are +- initialized, uninitialized, etc. and will be displayed when an +- error is detected to help the debugging of a particular problem. +- +-config KMEMCHECK_PARTIAL_OK +- bool "kmemcheck: allow partially uninitialized memory" +- depends on KMEMCHECK +- default y +- help +- This option works around certain GCC optimizations that produce +- 32-bit reads from 16-bit variables where the upper 16 bits are +- thrown away afterwards. This may of course also hide some real +- bugs. +- +-config KMEMCHECK_BITOPS_OK +- bool "kmemcheck: allow bit-field manipulation" +- depends on KMEMCHECK +- default n +- help +- This option silences warnings that would be generated for bit-field +- accesses where not all the bits are initialized at the same time. +- This may also hide some real bugs. +- +-endif +diff --git a/lib/swiotlb.c b/lib/swiotlb.c +index 8c6c83ef57a4..20df2fd9b150 100644 +--- a/lib/swiotlb.c ++++ b/lib/swiotlb.c +@@ -585,7 +585,7 @@ phys_addr_t swiotlb_tbl_map_single(struct device *hwdev, + + not_found: + spin_unlock_irqrestore(&io_tlb_lock, flags); +- if (printk_ratelimit()) ++ if (!(attrs & DMA_ATTR_NO_WARN) && printk_ratelimit()) + dev_warn(hwdev, "swiotlb buffer is full (sz: %zd bytes)\n", size); + return SWIOTLB_MAP_ERROR; + found: +@@ -712,6 +712,7 @@ void * + swiotlb_alloc_coherent(struct device *hwdev, size_t size, + dma_addr_t *dma_handle, gfp_t flags) + { ++ bool warn = !(flags & __GFP_NOWARN); + dma_addr_t dev_addr; + void *ret; + int order = get_order(size); +@@ -737,8 +738,8 @@ swiotlb_alloc_coherent(struct device *hwdev, size_t size, + * GFP_DMA memory; fall back on map_single(), which + * will grab memory from the lowest available address range. + */ +- phys_addr_t paddr = map_single(hwdev, 0, size, +- DMA_FROM_DEVICE, 0); ++ phys_addr_t paddr = map_single(hwdev, 0, size, DMA_FROM_DEVICE, ++ warn ? 0 : DMA_ATTR_NO_WARN); + if (paddr == SWIOTLB_MAP_ERROR) + goto err_warn; + +@@ -768,9 +769,11 @@ swiotlb_alloc_coherent(struct device *hwdev, size_t size, + return ret; + + err_warn: +- pr_warn("swiotlb: coherent allocation failed for device %s size=%zu\n", +- dev_name(hwdev), size); +- dump_stack(); ++ if (warn && printk_ratelimit()) { ++ pr_warn("swiotlb: coherent allocation failed for device %s size=%zu\n", ++ dev_name(hwdev), size); ++ dump_stack(); ++ } + + return NULL; + } +diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug +index 5b0adf1435de..e5e606ee5f71 100644 +--- a/mm/Kconfig.debug ++++ b/mm/Kconfig.debug +@@ -11,7 +11,6 @@ config DEBUG_PAGEALLOC + bool "Debug page memory allocations" + depends on DEBUG_KERNEL + depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC +- depends on !KMEMCHECK + select PAGE_EXTENSION + select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC + ---help--- +diff --git a/mm/Makefile b/mm/Makefile +index 4659b93cba43..e7ebd176fb93 100644 +--- a/mm/Makefile ++++ b/mm/Makefile +@@ -17,7 +17,6 @@ KCOV_INSTRUMENT_slub.o := n + KCOV_INSTRUMENT_page_alloc.o := n + KCOV_INSTRUMENT_debug-pagealloc.o := n + KCOV_INSTRUMENT_kmemleak.o := n +-KCOV_INSTRUMENT_kmemcheck.o := n + KCOV_INSTRUMENT_memcontrol.o := n + KCOV_INSTRUMENT_mmzone.o := n + KCOV_INSTRUMENT_vmstat.o := n +@@ -70,7 +69,6 @@ obj-$(CONFIG_KSM) += ksm.o + obj-$(CONFIG_PAGE_POISONING) += page_poison.o + obj-$(CONFIG_SLAB) += slab.o + obj-$(CONFIG_SLUB) += slub.o +-obj-$(CONFIG_KMEMCHECK) += kmemcheck.o + obj-$(CONFIG_KASAN) += kasan/ + obj-$(CONFIG_FAILSLAB) += failslab.o + obj-$(CONFIG_MEMORY_HOTPLUG) += memory_hotplug.o +diff --git a/mm/kmemcheck.c b/mm/kmemcheck.c +deleted file mode 100644 +index 800d64b854ea..000000000000 +--- a/mm/kmemcheck.c ++++ /dev/null +@@ -1,126 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include +-#include +-#include +-#include +-#include "slab.h" +-#include +- +-void kmemcheck_alloc_shadow(struct page *page, int order, gfp_t flags, int node) +-{ +- struct page *shadow; +- int pages; +- int i; +- +- pages = 1 << order; +- +- /* +- * With kmemcheck enabled, we need to allocate a memory area for the +- * shadow bits as well. +- */ +- shadow = alloc_pages_node(node, flags | __GFP_NOTRACK, order); +- if (!shadow) { +- if (printk_ratelimit()) +- pr_err("kmemcheck: failed to allocate shadow bitmap\n"); +- return; +- } +- +- for(i = 0; i < pages; ++i) +- page[i].shadow = page_address(&shadow[i]); +- +- /* +- * Mark it as non-present for the MMU so that our accesses to +- * this memory will trigger a page fault and let us analyze +- * the memory accesses. +- */ +- kmemcheck_hide_pages(page, pages); +-} +- +-void kmemcheck_free_shadow(struct page *page, int order) +-{ +- struct page *shadow; +- int pages; +- int i; +- +- if (!kmemcheck_page_is_tracked(page)) +- return; +- +- pages = 1 << order; +- +- kmemcheck_show_pages(page, pages); +- +- shadow = virt_to_page(page[0].shadow); +- +- for(i = 0; i < pages; ++i) +- page[i].shadow = NULL; +- +- __free_pages(shadow, order); +-} +- +-void kmemcheck_slab_alloc(struct kmem_cache *s, gfp_t gfpflags, void *object, +- size_t size) +-{ +- if (unlikely(!object)) /* Skip object if allocation failed */ +- return; +- +- /* +- * Has already been memset(), which initializes the shadow for us +- * as well. +- */ +- if (gfpflags & __GFP_ZERO) +- return; +- +- /* No need to initialize the shadow of a non-tracked slab. */ +- if (s->flags & SLAB_NOTRACK) +- return; +- +- if (!kmemcheck_enabled || gfpflags & __GFP_NOTRACK) { +- /* +- * Allow notracked objects to be allocated from +- * tracked caches. Note however that these objects +- * will still get page faults on access, they just +- * won't ever be flagged as uninitialized. If page +- * faults are not acceptable, the slab cache itself +- * should be marked NOTRACK. +- */ +- kmemcheck_mark_initialized(object, size); +- } else if (!s->ctor) { +- /* +- * New objects should be marked uninitialized before +- * they're returned to the called. +- */ +- kmemcheck_mark_uninitialized(object, size); +- } +-} +- +-void kmemcheck_slab_free(struct kmem_cache *s, void *object, size_t size) +-{ +- /* TODO: RCU freeing is unsupported for now; hide false positives. */ +- if (!s->ctor && !(s->flags & SLAB_TYPESAFE_BY_RCU)) +- kmemcheck_mark_freed(object, size); +-} +- +-void kmemcheck_pagealloc_alloc(struct page *page, unsigned int order, +- gfp_t gfpflags) +-{ +- int pages; +- +- if (gfpflags & (__GFP_HIGHMEM | __GFP_NOTRACK)) +- return; +- +- pages = 1 << order; +- +- /* +- * NOTE: We choose to track GFP_ZERO pages too; in fact, they +- * can become uninitialized by copying uninitialized memory +- * into them. +- */ +- +- /* XXX: Can use zone->node for node? */ +- kmemcheck_alloc_shadow(page, order, gfpflags, -1); +- +- if (gfpflags & __GFP_ZERO) +- kmemcheck_mark_initialized_pages(page, pages); +- else +- kmemcheck_mark_uninitialized_pages(page, pages); +-} +diff --git a/mm/kmemleak.c b/mm/kmemleak.c +index a1ba553816eb..bd1374f402cd 100644 +--- a/mm/kmemleak.c ++++ b/mm/kmemleak.c +@@ -110,7 +110,6 @@ + #include + + #include +-#include + #include + #include + +@@ -1238,9 +1237,6 @@ static bool update_checksum(struct kmemleak_object *object) + { + u32 old_csum = object->checksum; + +- if (!kmemcheck_is_obj_initialized(object->pointer, object->size)) +- return false; +- + kasan_disable_current(); + object->checksum = crc32(0, (void *)object->pointer, object->size); + kasan_enable_current(); +@@ -1314,11 +1310,6 @@ static void scan_block(void *_start, void *_end, + if (scan_should_stop()) + break; + +- /* don't scan uninitialized memory */ +- if (!kmemcheck_is_obj_initialized((unsigned long)ptr, +- BYTES_PER_POINTER)) +- continue; +- + kasan_disable_current(); + pointer = *ptr; + kasan_enable_current(); +diff --git a/mm/memory-failure.c b/mm/memory-failure.c +index 88366626c0b7..1cd3b3569af8 100644 +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1146,8 +1146,6 @@ int memory_failure(unsigned long pfn, int trapno, int flags) + return 0; + } + +- arch_unmap_kpfn(pfn); +- + orig_head = hpage = compound_head(p); + num_poisoned_pages_inc(); + +diff --git a/mm/memory.c b/mm/memory.c +index a728bed16c20..fc7779165dcf 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -81,7 +81,7 @@ + + #include "internal.h" + +-#ifdef LAST_CPUPID_NOT_IN_PAGE_FLAGS ++#if defined(LAST_CPUPID_NOT_IN_PAGE_FLAGS) && !defined(CONFIG_COMPILE_TEST) + #warning Unfortunate NUMA and NUMA Balancing config, growing page-frame for last_cpupid. + #endif + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 2de080003693..6627caeeaf82 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -1022,7 +1021,6 @@ static __always_inline bool free_pages_prepare(struct page *page, + VM_BUG_ON_PAGE(PageTail(page), page); + + trace_mm_page_free(page, order); +- kmemcheck_free_shadow(page, order); + + /* + * Check tail pages before head page information is cleared to +@@ -2674,15 +2672,6 @@ void split_page(struct page *page, unsigned int order) + VM_BUG_ON_PAGE(PageCompound(page), page); + VM_BUG_ON_PAGE(!page_count(page), page); + +-#ifdef CONFIG_KMEMCHECK +- /* +- * Split shadow pages too, because free(page[0]) would +- * otherwise free the whole shadow. +- */ +- if (kmemcheck_page_is_tracked(page)) +- split_page(virt_to_page(page[0].shadow), order); +-#endif +- + for (i = 1; i < (1 << order); i++) + set_page_refcounted(page + i); + split_page_owner(page, order); +@@ -4228,9 +4217,6 @@ __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order, int preferred_nid, + page = NULL; + } + +- if (kmemcheck_enabled && page) +- kmemcheck_pagealloc_alloc(page, order, gfp_mask); +- + trace_mm_page_alloc(page, order, alloc_mask, ac.migratetype); + + return page; +diff --git a/mm/slab.c b/mm/slab.c +index b7095884fd93..966839a1ac2c 100644 +--- a/mm/slab.c ++++ b/mm/slab.c +@@ -114,7 +114,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -1413,7 +1412,7 @@ static struct page *kmem_getpages(struct kmem_cache *cachep, gfp_t flags, + if (cachep->flags & SLAB_RECLAIM_ACCOUNT) + flags |= __GFP_RECLAIMABLE; + +- page = __alloc_pages_node(nodeid, flags | __GFP_NOTRACK, cachep->gfporder); ++ page = __alloc_pages_node(nodeid, flags, cachep->gfporder); + if (!page) { + slab_out_of_memory(cachep, flags, nodeid); + return NULL; +@@ -1435,15 +1434,6 @@ static struct page *kmem_getpages(struct kmem_cache *cachep, gfp_t flags, + if (sk_memalloc_socks() && page_is_pfmemalloc(page)) + SetPageSlabPfmemalloc(page); + +- if (kmemcheck_enabled && !(cachep->flags & SLAB_NOTRACK)) { +- kmemcheck_alloc_shadow(page, cachep->gfporder, flags, nodeid); +- +- if (cachep->ctor) +- kmemcheck_mark_uninitialized_pages(page, nr_pages); +- else +- kmemcheck_mark_unallocated_pages(page, nr_pages); +- } +- + return page; + } + +@@ -1455,8 +1445,6 @@ static void kmem_freepages(struct kmem_cache *cachep, struct page *page) + int order = cachep->gfporder; + unsigned long nr_freed = (1 << order); + +- kmemcheck_free_shadow(page, order); +- + if (cachep->flags & SLAB_RECLAIM_ACCOUNT) + mod_lruvec_page_state(page, NR_SLAB_RECLAIMABLE, -nr_freed); + else +@@ -3516,8 +3504,6 @@ void ___cache_free(struct kmem_cache *cachep, void *objp, + kmemleak_free_recursive(objp, cachep->flags); + objp = cache_free_debugcheck(cachep, objp, caller); + +- kmemcheck_slab_free(cachep, objp, cachep->object_size); +- + /* + * Skip calling cache_free_alien() when the platform is not numa. + * This will avoid cache misses that happen while accessing slabp (which +diff --git a/mm/slab.h b/mm/slab.h +index 86d7c7d860f9..485d9fbb8802 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -40,7 +40,6 @@ struct kmem_cache { + + #include + #include +-#include + #include + #include + #include +@@ -142,10 +141,10 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size, + #if defined(CONFIG_SLAB) + #define SLAB_CACHE_FLAGS (SLAB_MEM_SPREAD | SLAB_NOLEAKTRACE | \ + SLAB_RECLAIM_ACCOUNT | SLAB_TEMPORARY | \ +- SLAB_NOTRACK | SLAB_ACCOUNT) ++ SLAB_ACCOUNT) + #elif defined(CONFIG_SLUB) + #define SLAB_CACHE_FLAGS (SLAB_NOLEAKTRACE | SLAB_RECLAIM_ACCOUNT | \ +- SLAB_TEMPORARY | SLAB_NOTRACK | SLAB_ACCOUNT) ++ SLAB_TEMPORARY | SLAB_ACCOUNT) + #else + #define SLAB_CACHE_FLAGS (0) + #endif +@@ -164,7 +163,6 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size, + SLAB_NOLEAKTRACE | \ + SLAB_RECLAIM_ACCOUNT | \ + SLAB_TEMPORARY | \ +- SLAB_NOTRACK | \ + SLAB_ACCOUNT) + + int __kmem_cache_shutdown(struct kmem_cache *); +@@ -439,7 +437,6 @@ static inline void slab_post_alloc_hook(struct kmem_cache *s, gfp_t flags, + for (i = 0; i < size; i++) { + void *object = p[i]; + +- kmemcheck_slab_alloc(s, flags, object, slab_ksize(s)); + kmemleak_alloc_recursive(object, s->object_size, 1, + s->flags, flags); + kasan_slab_alloc(s, object, flags); +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 0d7fe71ff5e4..65212caa1f2a 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -44,7 +44,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, + SLAB_FAILSLAB | SLAB_KASAN) + + #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ +- SLAB_NOTRACK | SLAB_ACCOUNT) ++ SLAB_ACCOUNT) + + /* + * Merge control. If this is set then no merging of slab caches will occur. +diff --git a/mm/slub.c b/mm/slub.c +index 8e1c027a30f4..41c01690d116 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -22,7 +22,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -1370,12 +1369,11 @@ static inline void *slab_free_hook(struct kmem_cache *s, void *x) + * So in order to make the debug calls that expect irqs to be + * disabled we need to disable interrupts temporarily. + */ +-#if defined(CONFIG_KMEMCHECK) || defined(CONFIG_LOCKDEP) ++#ifdef CONFIG_LOCKDEP + { + unsigned long flags; + + local_irq_save(flags); +- kmemcheck_slab_free(s, x, s->object_size); + debug_check_no_locks_freed(x, s->object_size); + local_irq_restore(flags); + } +@@ -1399,8 +1397,7 @@ static inline void slab_free_freelist_hook(struct kmem_cache *s, + * Compiler cannot detect this function can be removed if slab_free_hook() + * evaluates to nothing. Thus, catch all relevant config debug options here. + */ +-#if defined(CONFIG_KMEMCHECK) || \ +- defined(CONFIG_LOCKDEP) || \ ++#if defined(CONFIG_LOCKDEP) || \ + defined(CONFIG_DEBUG_KMEMLEAK) || \ + defined(CONFIG_DEBUG_OBJECTS_FREE) || \ + defined(CONFIG_KASAN) +@@ -1436,8 +1433,6 @@ static inline struct page *alloc_slab_page(struct kmem_cache *s, + struct page *page; + int order = oo_order(oo); + +- flags |= __GFP_NOTRACK; +- + if (node == NUMA_NO_NODE) + page = alloc_pages(flags, order); + else +@@ -1596,22 +1591,6 @@ static struct page *allocate_slab(struct kmem_cache *s, gfp_t flags, int node) + stat(s, ORDER_FALLBACK); + } + +- if (kmemcheck_enabled && +- !(s->flags & (SLAB_NOTRACK | DEBUG_DEFAULT_FLAGS))) { +- int pages = 1 << oo_order(oo); +- +- kmemcheck_alloc_shadow(page, oo_order(oo), alloc_gfp, node); +- +- /* +- * Objects from caches that have a constructor don't get +- * cleared when they're allocated, so we need to do it here. +- */ +- if (s->ctor) +- kmemcheck_mark_uninitialized_pages(page, pages); +- else +- kmemcheck_mark_unallocated_pages(page, pages); +- } +- + page->objects = oo_objects(oo); + + order = compound_order(page); +@@ -1687,8 +1666,6 @@ static void __free_slab(struct kmem_cache *s, struct page *page) + check_object(s, page, p, SLUB_RED_INACTIVE); + } + +- kmemcheck_free_shadow(page, compound_order(page)); +- + mod_lruvec_page_state(page, + (s->flags & SLAB_RECLAIM_ACCOUNT) ? + NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE, +@@ -3792,7 +3769,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node) + struct page *page; + void *ptr = NULL; + +- flags |= __GFP_COMP | __GFP_NOTRACK; ++ flags |= __GFP_COMP; + page = alloc_pages_node(node, flags, get_order(size)); + if (page) + ptr = page_address(page); +@@ -5655,8 +5632,6 @@ static char *create_unique_id(struct kmem_cache *s) + *p++ = 'a'; + if (s->flags & SLAB_CONSISTENCY_CHECKS) + *p++ = 'F'; +- if (!(s->flags & SLAB_NOTRACK)) +- *p++ = 't'; + if (s->flags & SLAB_ACCOUNT) + *p++ = 'A'; + if (p != name + 1) +diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c +index f3a4efcf1456..3aa5a93ad107 100644 +--- a/net/9p/trans_virtio.c ++++ b/net/9p/trans_virtio.c +@@ -160,7 +160,8 @@ static void req_done(struct virtqueue *vq) + spin_unlock_irqrestore(&chan->lock, flags); + /* Wakeup if anyone waiting for VirtIO ring space. */ + wake_up(chan->vc_wq); +- p9_client_cb(chan->client, req, REQ_STATUS_RCVD); ++ if (len) ++ p9_client_cb(chan->client, req, REQ_STATUS_RCVD); + } + } + +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index 15fa5baa8fae..cc811add68c6 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -41,7 +41,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -234,14 +233,12 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, + shinfo = skb_shinfo(skb); + memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); + atomic_set(&shinfo->dataref, 1); +- kmemcheck_annotate_variable(shinfo->destructor_arg); + + if (flags & SKB_ALLOC_FCLONE) { + struct sk_buff_fclones *fclones; + + fclones = container_of(skb, struct sk_buff_fclones, skb1); + +- kmemcheck_annotate_bitfield(&fclones->skb2, flags1); + skb->fclone = SKB_FCLONE_ORIG; + refcount_set(&fclones->fclone_ref, 1); + +@@ -301,7 +298,6 @@ struct sk_buff *__build_skb(void *data, unsigned int frag_size) + shinfo = skb_shinfo(skb); + memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); + atomic_set(&shinfo->dataref, 1); +- kmemcheck_annotate_variable(shinfo->destructor_arg); + + return skb; + } +@@ -1284,7 +1280,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask) + if (!n) + return NULL; + +- kmemcheck_annotate_bitfield(n, flags1); + n->fclone = SKB_FCLONE_UNAVAILABLE; + } + +diff --git a/net/core/sock.c b/net/core/sock.c +index beb1e299fed3..ec6eb546b228 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -1469,8 +1469,6 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority, + sk = kmalloc(prot->obj_size, priority); + + if (sk != NULL) { +- kmemcheck_annotate_bitfield(sk, flags); +- + if (security_sk_alloc(sk, family, priority)) + goto out_free; + +diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c +index 5b039159e67a..d451b9f19b59 100644 +--- a/net/ipv4/inet_timewait_sock.c ++++ b/net/ipv4/inet_timewait_sock.c +@@ -9,7 +9,6 @@ + */ + + #include +-#include + #include + #include + #include +@@ -167,8 +166,6 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, + if (tw) { + const struct inet_sock *inet = inet_sk(sk); + +- kmemcheck_annotate_bitfield(tw, flags); +- + tw->tw_dr = dr; + /* Give us an identity. */ + tw->tw_daddr = inet->inet_daddr; +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index ff48ac654e5a..d9d215e27b8a 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -6204,7 +6204,6 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops, + if (req) { + struct inet_request_sock *ireq = inet_rsk(req); + +- kmemcheck_annotate_bitfield(ireq, flags); + ireq->ireq_opt = NULL; + #if IS_ENABLED(CONFIG_IPV6) + ireq->pktopts = NULL; +diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c +index c5b9ce41d66f..aee385eb72e7 100644 +--- a/net/mpls/af_mpls.c ++++ b/net/mpls/af_mpls.c +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -904,24 +905,27 @@ static int mpls_nh_build_multi(struct mpls_route_config *cfg, + return err; + } + +-static bool mpls_label_ok(struct net *net, unsigned int index, ++static bool mpls_label_ok(struct net *net, unsigned int *index, + struct netlink_ext_ack *extack) + { ++ bool is_ok = true; ++ + /* Reserved labels may not be set */ +- if (index < MPLS_LABEL_FIRST_UNRESERVED) { ++ if (*index < MPLS_LABEL_FIRST_UNRESERVED) { + NL_SET_ERR_MSG(extack, + "Invalid label - must be MPLS_LABEL_FIRST_UNRESERVED or higher"); +- return false; ++ is_ok = false; + } + + /* The full 20 bit range may not be supported. */ +- if (index >= net->mpls.platform_labels) { ++ if (is_ok && *index >= net->mpls.platform_labels) { + NL_SET_ERR_MSG(extack, + "Label >= configured maximum in platform_labels"); +- return false; ++ is_ok = false; + } + +- return true; ++ *index = array_index_nospec(*index, net->mpls.platform_labels); ++ return is_ok; + } + + static int mpls_route_add(struct mpls_route_config *cfg, +@@ -944,7 +948,7 @@ static int mpls_route_add(struct mpls_route_config *cfg, + index = find_free_label(net); + } + +- if (!mpls_label_ok(net, index, extack)) ++ if (!mpls_label_ok(net, &index, extack)) + goto errout; + + /* Append makes no sense with mpls */ +@@ -1021,7 +1025,7 @@ static int mpls_route_del(struct mpls_route_config *cfg, + + index = cfg->rc_label; + +- if (!mpls_label_ok(net, index, extack)) ++ if (!mpls_label_ok(net, &index, extack)) + goto errout; + + mpls_route_update(net, index, NULL, &cfg->rc_nlinfo); +@@ -1779,7 +1783,7 @@ static int rtm_to_route_config(struct sk_buff *skb, + goto errout; + + if (!mpls_label_ok(cfg->rc_nlinfo.nl_net, +- cfg->rc_label, extack)) ++ &cfg->rc_label, extack)) + goto errout; + break; + } +@@ -2106,7 +2110,7 @@ static int mpls_getroute(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, + goto errout; + } + +- if (!mpls_label_ok(net, in_label, extack)) { ++ if (!mpls_label_ok(net, &in_label, extack)) { + err = -EINVAL; + goto errout; + } +diff --git a/net/socket.c b/net/socket.c +index d894c7c5fa54..43d2f17f5eea 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -568,7 +568,6 @@ struct socket *sock_alloc(void) + + sock = SOCKET_I(inode); + +- kmemcheck_annotate_bitfield(sock, type); + inode->i_ino = get_next_ino(); + inode->i_mode = S_IFSOCK | S_IRWXUGO; + inode->i_uid = current_fsuid(); +diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c +index f1889f4d4803..491ae9fc561f 100644 +--- a/net/sunrpc/xprtrdma/rpc_rdma.c ++++ b/net/sunrpc/xprtrdma/rpc_rdma.c +@@ -142,7 +142,7 @@ static bool rpcrdma_args_inline(struct rpcrdma_xprt *r_xprt, + if (xdr->page_len) { + remaining = xdr->page_len; + offset = offset_in_page(xdr->page_base); +- count = 0; ++ count = RPCRDMA_MIN_SEND_SGES; + while (remaining) { + remaining -= min_t(unsigned int, + PAGE_SIZE - offset, remaining); +diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c +index 11a1fbf7e59e..9e8e1de19b2e 100644 +--- a/net/sunrpc/xprtrdma/verbs.c ++++ b/net/sunrpc/xprtrdma/verbs.c +@@ -523,7 +523,7 @@ rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia, + pr_warn("rpcrdma: HCA provides only %d send SGEs\n", max_sge); + return -ENOMEM; + } +- ia->ri_max_send_sges = max_sge - RPCRDMA_MIN_SEND_SGES; ++ ia->ri_max_send_sges = max_sge; + + if (ia->ri_device->attrs.max_qp_wr <= RPCRDMA_BACKWARD_WRS) { + dprintk("RPC: %s: insufficient wqe's available\n", +@@ -1331,6 +1331,9 @@ __rpcrdma_dma_map_regbuf(struct rpcrdma_ia *ia, struct rpcrdma_regbuf *rb) + static void + rpcrdma_dma_unmap_regbuf(struct rpcrdma_regbuf *rb) + { ++ if (!rb) ++ return; ++ + if (!rpcrdma_regbuf_is_mapped(rb)) + return; + +@@ -1346,9 +1349,6 @@ rpcrdma_dma_unmap_regbuf(struct rpcrdma_regbuf *rb) + void + rpcrdma_free_regbuf(struct rpcrdma_regbuf *rb) + { +- if (!rb) +- return; +- + rpcrdma_dma_unmap_regbuf(rb); + kfree(rb); + } +diff --git a/scripts/kernel-doc b/scripts/kernel-doc +index 9d3eafea58f0..8323ff9dec71 100755 +--- a/scripts/kernel-doc ++++ b/scripts/kernel-doc +@@ -2182,8 +2182,6 @@ sub dump_struct($$) { + # strip comments: + $members =~ s/\/\*.*?\*\///gos; + $nested =~ s/\/\*.*?\*\///gos; +- # strip kmemcheck_bitfield_{begin,end}.*; +- $members =~ s/kmemcheck_bitfield_.*?;//gos; + # strip attributes + $members =~ s/__attribute__\s*\(\([a-z,_\*\s\(\)]*\)\)//i; + $members =~ s/__aligned\s*\([^;]*\)//gos; +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c +index ac30fc1ab98b..dea11d1babf5 100644 +--- a/sound/core/seq/seq_clientmgr.c ++++ b/sound/core/seq/seq_clientmgr.c +@@ -999,7 +999,7 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf, + { + struct snd_seq_client *client = file->private_data; + int written = 0, len; +- int err = -EINVAL; ++ int err; + struct snd_seq_event event; + + if (!(snd_seq_file_flags(file) & SNDRV_SEQ_LFLG_OUTPUT)) +@@ -1014,11 +1014,15 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf, + + /* allocate the pool now if the pool is not allocated yet */ + if (client->pool->size > 0 && !snd_seq_write_pool_allocated(client)) { +- if (snd_seq_pool_init(client->pool) < 0) ++ mutex_lock(&client->ioctl_mutex); ++ err = snd_seq_pool_init(client->pool); ++ mutex_unlock(&client->ioctl_mutex); ++ if (err < 0) + return -ENOMEM; + } + + /* only process whole events */ ++ err = -EINVAL; + while (count >= sizeof(struct snd_seq_event)) { + /* Read in the event header from the user */ + len = sizeof(event); +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index b2d039537d5e..b7acffdf16a4 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -3355,6 +3355,19 @@ static void alc269_fixup_pincfg_no_hp_to_lineout(struct hda_codec *codec, + spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP; + } + ++static void alc269_fixup_pincfg_U7x7_headset_mic(struct hda_codec *codec, ++ const struct hda_fixup *fix, ++ int action) ++{ ++ unsigned int cfg_headphone = snd_hda_codec_get_pincfg(codec, 0x21); ++ unsigned int cfg_headset_mic = snd_hda_codec_get_pincfg(codec, 0x19); ++ ++ if (cfg_headphone && cfg_headset_mic == 0x411111f0) ++ snd_hda_codec_set_pincfg(codec, 0x19, ++ (cfg_headphone & ~AC_DEFCFG_DEVICE) | ++ (AC_JACK_MIC_IN << AC_DEFCFG_DEVICE_SHIFT)); ++} ++ + static void alc269_fixup_hweq(struct hda_codec *codec, + const struct hda_fixup *fix, int action) + { +@@ -4827,6 +4840,28 @@ static void alc_fixup_tpt440_dock(struct hda_codec *codec, + } + } + ++static void alc_fixup_tpt470_dock(struct hda_codec *codec, ++ const struct hda_fixup *fix, int action) ++{ ++ static const struct hda_pintbl pincfgs[] = { ++ { 0x17, 0x21211010 }, /* dock headphone */ ++ { 0x19, 0x21a11010 }, /* dock mic */ ++ { } ++ }; ++ struct alc_spec *spec = codec->spec; ++ ++ if (action == HDA_FIXUP_ACT_PRE_PROBE) { ++ spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP; ++ /* Enable DOCK device */ ++ snd_hda_codec_write(codec, 0x17, 0, ++ AC_VERB_SET_CONFIG_DEFAULT_BYTES_3, 0); ++ /* Enable DOCK device */ ++ snd_hda_codec_write(codec, 0x19, 0, ++ AC_VERB_SET_CONFIG_DEFAULT_BYTES_3, 0); ++ snd_hda_apply_pincfgs(codec, pincfgs); ++ } ++} ++ + static void alc_shutup_dell_xps13(struct hda_codec *codec) + { + struct alc_spec *spec = codec->spec; +@@ -5206,6 +5241,7 @@ enum { + ALC269_FIXUP_LIFEBOOK_EXTMIC, + ALC269_FIXUP_LIFEBOOK_HP_PIN, + ALC269_FIXUP_LIFEBOOK_NO_HP_TO_LINEOUT, ++ ALC255_FIXUP_LIFEBOOK_U7x7_HEADSET_MIC, + ALC269_FIXUP_AMIC, + ALC269_FIXUP_DMIC, + ALC269VB_FIXUP_AMIC, +@@ -5301,6 +5337,7 @@ enum { + ALC700_FIXUP_INTEL_REFERENCE, + ALC274_FIXUP_DELL_BIND_DACS, + ALC274_FIXUP_DELL_AIO_LINEOUT_VERB, ++ ALC298_FIXUP_TPT470_DOCK, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -5411,6 +5448,10 @@ static const struct hda_fixup alc269_fixups[] = { + .type = HDA_FIXUP_FUNC, + .v.func = alc269_fixup_pincfg_no_hp_to_lineout, + }, ++ [ALC255_FIXUP_LIFEBOOK_U7x7_HEADSET_MIC] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = alc269_fixup_pincfg_U7x7_headset_mic, ++ }, + [ALC269_FIXUP_AMIC] = { + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { +@@ -6126,6 +6167,12 @@ static const struct hda_fixup alc269_fixups[] = { + .chained = true, + .chain_id = ALC274_FIXUP_DELL_BIND_DACS + }, ++ [ALC298_FIXUP_TPT470_DOCK] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = alc_fixup_tpt470_dock, ++ .chained = true, ++ .chain_id = ALC293_FIXUP_LENOVO_SPK_NOISE ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -6176,6 +6223,8 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME), + SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER), + SND_PCI_QUIRK(0x1028, 0x082a, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), ++ SND_PCI_QUIRK(0x1028, 0x084b, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB), ++ SND_PCI_QUIRK(0x1028, 0x084e, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB), + SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), +@@ -6277,6 +6326,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x10cf, 0x159f, "Lifebook E780", ALC269_FIXUP_LIFEBOOK_NO_HP_TO_LINEOUT), + SND_PCI_QUIRK(0x10cf, 0x15dc, "Lifebook T731", ALC269_FIXUP_LIFEBOOK_HP_PIN), + SND_PCI_QUIRK(0x10cf, 0x1757, "Lifebook E752", ALC269_FIXUP_LIFEBOOK_HP_PIN), ++ SND_PCI_QUIRK(0x10cf, 0x1629, "Lifebook U7x7", ALC255_FIXUP_LIFEBOOK_U7x7_HEADSET_MIC), + SND_PCI_QUIRK(0x10cf, 0x1845, "Lifebook U904", ALC269_FIXUP_LIFEBOOK_EXTMIC), + SND_PCI_QUIRK(0x10ec, 0x10f2, "Intel Reference board", ALC700_FIXUP_INTEL_REFERENCE), + SND_PCI_QUIRK(0x144d, 0xc109, "Samsung Ativ book 9 (NP900X3G)", ALC269_FIXUP_INV_DMIC), +@@ -6305,8 +6355,16 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x17aa, 0x2218, "Thinkpad X1 Carbon 2nd", ALC292_FIXUP_TPT440_DOCK), + SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK), + SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x222d, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x222e, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), + SND_PCI_QUIRK(0x17aa, 0x2231, "Thinkpad T560", ALC292_FIXUP_TPT460), + SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC292_FIXUP_TPT460), ++ SND_PCI_QUIRK(0x17aa, 0x2245, "Thinkpad T470", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x2246, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x2247, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x224b, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x224c, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x224d, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), + SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), + SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), + SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), +@@ -6327,7 +6385,12 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x17aa, 0x5050, "Thinkpad T560p", ALC292_FIXUP_TPT460), + SND_PCI_QUIRK(0x17aa, 0x5051, "Thinkpad L460", ALC292_FIXUP_TPT460), + SND_PCI_QUIRK(0x17aa, 0x5053, "Thinkpad T460", ALC292_FIXUP_TPT460), ++ SND_PCI_QUIRK(0x17aa, 0x505d, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x505f, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x5062, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), + SND_PCI_QUIRK(0x17aa, 0x5109, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST), ++ SND_PCI_QUIRK(0x17aa, 0x511e, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), ++ SND_PCI_QUIRK(0x17aa, 0x511f, "Thinkpad", ALC298_FIXUP_TPT470_DOCK), + SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K), + SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD), + SND_PCI_QUIRK(0x1b7d, 0xa831, "Ordissimo EVE2 ", ALC269VB_FIXUP_ORDISSIMO_EVE2), /* Also known as Malata PC-B1303 */ +@@ -6584,6 +6647,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { + {0x12, 0xb7a60130}, + {0x14, 0x90170110}, + {0x21, 0x02211020}), ++ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, ++ {0x12, 0x90a60130}, ++ {0x14, 0x90170110}, ++ {0x14, 0x01011020}, ++ {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, + ALC256_STANDARD_PINS), + SND_HDA_PIN_QUIRK(0x10ec0256, 0x1043, "ASUS", ALC256_FIXUP_ASUS_MIC, +@@ -6653,6 +6721,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { + {0x12, 0x90a60120}, + {0x14, 0x90170110}, + {0x21, 0x0321101f}), ++ SND_HDA_PIN_QUIRK(0x10ec0289, 0x1028, "Dell", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE, ++ {0x12, 0xb7a60130}, ++ {0x14, 0x90170110}, ++ {0x21, 0x04211020}), + SND_HDA_PIN_QUIRK(0x10ec0290, 0x103c, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1, + ALC290_STANDARD_PINS, + {0x15, 0x04211040}, +diff --git a/sound/soc/intel/common/sst-match-acpi.c b/sound/soc/intel/common/sst-match-acpi.c +index 56d26f36a3cb..b4a929562218 100644 +--- a/sound/soc/intel/common/sst-match-acpi.c ++++ b/sound/soc/intel/common/sst-match-acpi.c +@@ -83,11 +83,9 @@ struct sst_acpi_mach *sst_acpi_find_machine(struct sst_acpi_mach *machines) + + for (mach = machines; mach->id[0]; mach++) { + if (sst_acpi_check_hid(mach->id) == true) { +- if (mach->machine_quirk == NULL) +- return mach; +- +- if (mach->machine_quirk(mach) != NULL) +- return mach; ++ if (mach->machine_quirk) ++ mach = mach->machine_quirk(mach); ++ return mach; + } + } + return NULL; +diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c +index 75bce127d768..89efec891e68 100644 +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -347,17 +347,20 @@ static int get_ctl_value_v2(struct usb_mixer_elem_info *cval, int request, + int validx, int *value_ret) + { + struct snd_usb_audio *chip = cval->head.mixer->chip; +- unsigned char buf[4 + 3 * sizeof(__u32)]; /* enough space for one range */ ++ /* enough space for one range */ ++ unsigned char buf[sizeof(__u16) + 3 * sizeof(__u32)]; + unsigned char *val; +- int idx = 0, ret, size; ++ int idx = 0, ret, val_size, size; + __u8 bRequest; + ++ val_size = uac2_ctl_value_size(cval->val_type); ++ + if (request == UAC_GET_CUR) { + bRequest = UAC2_CS_CUR; +- size = uac2_ctl_value_size(cval->val_type); ++ size = val_size; + } else { + bRequest = UAC2_CS_RANGE; +- size = sizeof(buf); ++ size = sizeof(__u16) + 3 * val_size; + } + + memset(buf, 0, sizeof(buf)); +@@ -390,16 +393,17 @@ static int get_ctl_value_v2(struct usb_mixer_elem_info *cval, int request, + val = buf + sizeof(__u16); + break; + case UAC_GET_MAX: +- val = buf + sizeof(__u16) * 2; ++ val = buf + sizeof(__u16) + val_size; + break; + case UAC_GET_RES: +- val = buf + sizeof(__u16) * 3; ++ val = buf + sizeof(__u16) + val_size * 2; + break; + default: + return -EINVAL; + } + +- *value_ret = convert_signed_value(cval, snd_usb_combine_bytes(val, sizeof(__u16))); ++ *value_ret = convert_signed_value(cval, ++ snd_usb_combine_bytes(val, val_size)); + + return 0; + } +diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c +index b9c9a19f9588..3cbfae6604f9 100644 +--- a/sound/usb/pcm.c ++++ b/sound/usb/pcm.c +@@ -352,6 +352,15 @@ static int set_sync_ep_implicit_fb_quirk(struct snd_usb_substream *subs, + ep = 0x86; + iface = usb_ifnum_to_if(dev, 2); + ++ if (!iface || iface->num_altsetting == 0) ++ return -EINVAL; ++ ++ alts = &iface->altsetting[1]; ++ goto add_sync_ep; ++ case USB_ID(0x1397, 0x0002): ++ ep = 0x81; ++ iface = usb_ifnum_to_if(dev, 1); ++ + if (!iface || iface->num_altsetting == 0) + return -EINVAL; + +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c +index 8d7db7cd4f88..ed56cd307059 100644 +--- a/sound/usb/quirks.c ++++ b/sound/usb/quirks.c +@@ -1369,8 +1369,11 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip, + return SNDRV_PCM_FMTBIT_DSD_U32_BE; + break; + +- /* Amanero Combo384 USB interface with native DSD support */ +- case USB_ID(0x16d0, 0x071a): ++ /* Amanero Combo384 USB based DACs with native DSD support */ ++ case USB_ID(0x16d0, 0x071a): /* Amanero - Combo384 */ ++ case USB_ID(0x2ab6, 0x0004): /* T+A DAC8DSD-V2.0, MP1000E-V2.0, MP2000R-V2.0, MP2500R-V2.0, MP3100HV-V2.0 */ ++ case USB_ID(0x2ab6, 0x0005): /* T+A USB HD Audio 1 */ ++ case USB_ID(0x2ab6, 0x0006): /* T+A USB HD Audio 2 */ + if (fp->altsetting == 2) { + switch (le16_to_cpu(chip->dev->descriptor.bcdDevice)) { + case 0x199: +diff --git a/tools/include/linux/kmemcheck.h b/tools/include/linux/kmemcheck.h +deleted file mode 100644 +index 2bccd2c7b897..000000000000 +--- a/tools/include/linux/kmemcheck.h ++++ /dev/null +@@ -1,9 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef _LIBLOCKDEP_LINUX_KMEMCHECK_H_ +-#define _LIBLOCKDEP_LINUX_KMEMCHECK_H_ +- +-static inline void kmemcheck_mark_initialized(void *address, unsigned int n) +-{ +-} +- +-#endif +diff --git a/tools/objtool/check.c b/tools/objtool/check.c +index 2e458eb45586..c7fb5c2392ee 100644 +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -1935,13 +1935,19 @@ static bool ignore_unreachable_insn(struct instruction *insn) + if (is_kasan_insn(insn) || is_ubsan_insn(insn)) + return true; + +- if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) { +- insn = insn->jump_dest; +- continue; ++ if (insn->type == INSN_JUMP_UNCONDITIONAL) { ++ if (insn->jump_dest && ++ insn->jump_dest->func == insn->func) { ++ insn = insn->jump_dest; ++ continue; ++ } ++ ++ break; + } + + if (insn->offset + insn->len >= insn->func->offset + insn->func->len) + break; ++ + insn = list_next_entry(insn, list); + } + +diff --git a/tools/perf/builtin-kmem.c b/tools/perf/builtin-kmem.c +index 35d4b9c9a9e8..9e693ce4b73b 100644 +--- a/tools/perf/builtin-kmem.c ++++ b/tools/perf/builtin-kmem.c +@@ -655,7 +655,6 @@ static const struct { + { "__GFP_RECLAIMABLE", "RC" }, + { "__GFP_MOVABLE", "M" }, + { "__GFP_ACCOUNT", "AC" }, +- { "__GFP_NOTRACK", "NT" }, + { "__GFP_WRITE", "WR" }, + { "__GFP_RECLAIM", "R" }, + { "__GFP_DIRECT_RECLAIM", "DR" }, +diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c +index 24dbf634e2dd..0b457e8e0f0c 100644 +--- a/tools/testing/selftests/seccomp/seccomp_bpf.c ++++ b/tools/testing/selftests/seccomp/seccomp_bpf.c +@@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, + + if (nr == __NR_getpid) + change_syscall(_metadata, tracee, __NR_getppid); +- if (nr == __NR_open) ++ if (nr == __NR_openat) + change_syscall(_metadata, tracee, -1); + } + +@@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped) + true); + + /* Tracer should skip the open syscall, resulting in EPERM. */ +- EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); ++ EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat)); + } + + TEST_F(TRACE_syscall, syscall_allowed) +diff --git a/tools/testing/selftests/vm/compaction_test.c b/tools/testing/selftests/vm/compaction_test.c +index a65b016d4c13..1097f04e4d80 100644 +--- a/tools/testing/selftests/vm/compaction_test.c ++++ b/tools/testing/selftests/vm/compaction_test.c +@@ -137,6 +137,8 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) + printf("No of huge pages allocated = %d\n", + (atoi(nr_hugepages))); + ++ lseek(fd, 0, SEEK_SET); ++ + if (write(fd, initial_nr_hugepages, strlen(initial_nr_hugepages)) + != strlen(initial_nr_hugepages)) { + perror("Failed to write value to /proc/sys/vm/nr_hugepages\n"); +diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile +index 91fbfa8fdc15..aa6e2d7f6a1f 100644 +--- a/tools/testing/selftests/x86/Makefile ++++ b/tools/testing/selftests/x86/Makefile +@@ -5,16 +5,26 @@ include ../lib.mk + + .PHONY: all all_32 all_64 warn_32bit_failure clean + +-TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt ptrace_syscall test_mremap_vdso \ +- check_initial_reg_state sigreturn ldt_gdt iopl mpx-mini-test ioperm \ ++UNAME_M := $(shell uname -m) ++CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32) ++CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c) ++ ++TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \ ++ check_initial_reg_state sigreturn iopl mpx-mini-test ioperm \ + protection_keys test_vdso test_vsyscall + TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault test_syscall_vdso unwind_vdso \ + test_FCMOV test_FCOMI test_FISTTP \ + vdso_restorer + TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip ++# Some selftests require 32bit support enabled also on 64bit systems ++TARGETS_C_32BIT_NEEDED := ldt_gdt ptrace_syscall + +-TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY) ++TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY) $(TARGETS_C_32BIT_NEEDED) + TARGETS_C_64BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_64BIT_ONLY) ++ifeq ($(CAN_BUILD_I386)$(CAN_BUILD_X86_64),11) ++TARGETS_C_64BIT_ALL += $(TARGETS_C_32BIT_NEEDED) ++endif ++ + BINARIES_32 := $(TARGETS_C_32BIT_ALL:%=%_32) + BINARIES_64 := $(TARGETS_C_64BIT_ALL:%=%_64) + +@@ -23,18 +33,16 @@ BINARIES_64 := $(patsubst %,$(OUTPUT)/%,$(BINARIES_64)) + + CFLAGS := -O2 -g -std=gnu99 -pthread -Wall -no-pie + +-UNAME_M := $(shell uname -m) +-CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32) +-CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c) +- + ifeq ($(CAN_BUILD_I386),1) + all: all_32 + TEST_PROGS += $(BINARIES_32) ++EXTRA_CFLAGS += -DCAN_BUILD_32 + endif + + ifeq ($(CAN_BUILD_X86_64),1) + all: all_64 + TEST_PROGS += $(BINARIES_64) ++EXTRA_CFLAGS += -DCAN_BUILD_64 + endif + + all_32: $(BINARIES_32) +diff --git a/tools/testing/selftests/x86/mpx-mini-test.c b/tools/testing/selftests/x86/mpx-mini-test.c +index ec0f6b45ce8b..9c0325e1ea68 100644 +--- a/tools/testing/selftests/x86/mpx-mini-test.c ++++ b/tools/testing/selftests/x86/mpx-mini-test.c +@@ -315,11 +315,39 @@ static inline void *__si_bounds_upper(siginfo_t *si) + return si->si_upper; + } + #else ++ ++/* ++ * This deals with old version of _sigfault in some distros: ++ * ++ ++old _sigfault: ++ struct { ++ void *si_addr; ++ } _sigfault; ++ ++new _sigfault: ++ struct { ++ void __user *_addr; ++ int _trapno; ++ short _addr_lsb; ++ union { ++ struct { ++ void __user *_lower; ++ void __user *_upper; ++ } _addr_bnd; ++ __u32 _pkey; ++ }; ++ } _sigfault; ++ * ++ */ ++ + static inline void **__si_bounds_hack(siginfo_t *si) + { + void *sigfault = &si->_sifields._sigfault; + void *end_sigfault = sigfault + sizeof(si->_sifields._sigfault); +- void **__si_lower = end_sigfault; ++ int *trapno = (int*)end_sigfault; ++ /* skip _trapno and _addr_lsb */ ++ void **__si_lower = (void**)(trapno + 2); + + return __si_lower; + } +@@ -331,7 +359,7 @@ static inline void *__si_bounds_lower(siginfo_t *si) + + static inline void *__si_bounds_upper(siginfo_t *si) + { +- return (*__si_bounds_hack(si)) + sizeof(void *); ++ return *(__si_bounds_hack(si) + 1); + } + #endif + +diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c +index 7a1cc0e56d2d..6cbb83b47150 100644 +--- a/tools/testing/selftests/x86/protection_keys.c ++++ b/tools/testing/selftests/x86/protection_keys.c +@@ -393,34 +393,6 @@ pid_t fork_lazy_child(void) + return forkret; + } + +-void davecmp(void *_a, void *_b, int len) +-{ +- int i; +- unsigned long *a = _a; +- unsigned long *b = _b; +- +- for (i = 0; i < len / sizeof(*a); i++) { +- if (a[i] == b[i]) +- continue; +- +- dprintf3("[%3d]: a: %016lx b: %016lx\n", i, a[i], b[i]); +- } +-} +- +-void dumpit(char *f) +-{ +- int fd = open(f, O_RDONLY); +- char buf[100]; +- int nr_read; +- +- dprintf2("maps fd: %d\n", fd); +- do { +- nr_read = read(fd, &buf[0], sizeof(buf)); +- write(1, buf, nr_read); +- } while (nr_read > 0); +- close(fd); +-} +- + #define PKEY_DISABLE_ACCESS 0x1 + #define PKEY_DISABLE_WRITE 0x2 + +diff --git a/tools/testing/selftests/x86/single_step_syscall.c b/tools/testing/selftests/x86/single_step_syscall.c +index a48da95c18fd..ddfdd635de16 100644 +--- a/tools/testing/selftests/x86/single_step_syscall.c ++++ b/tools/testing/selftests/x86/single_step_syscall.c +@@ -119,7 +119,9 @@ static void check_result(void) + + int main() + { ++#ifdef CAN_BUILD_32 + int tmp; ++#endif + + sethandler(SIGTRAP, sigtrap, 0); + +@@ -139,12 +141,13 @@ int main() + : : "c" (post_nop) : "r11"); + check_result(); + #endif +- ++#ifdef CAN_BUILD_32 + printf("[RUN]\tSet TF and check int80\n"); + set_eflags(get_eflags() | X86_EFLAGS_TF); + asm volatile ("int $0x80" : "=a" (tmp) : "a" (SYS_getpid) + : INT80_CLOBBERS); + check_result(); ++#endif + + /* + * This test is particularly interesting if fast syscalls use +diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing/selftests/x86/test_mremap_vdso.c +index bf0d687c7db7..64f11c8d9b76 100644 +--- a/tools/testing/selftests/x86/test_mremap_vdso.c ++++ b/tools/testing/selftests/x86/test_mremap_vdso.c +@@ -90,8 +90,12 @@ int main(int argc, char **argv, char **envp) + vdso_size += PAGE_SIZE; + } + ++#ifdef __i386__ + /* Glibc is likely to explode now - exit with raw syscall */ + asm volatile ("int $0x80" : : "a" (__NR_exit), "b" (!!ret)); ++#else /* __x86_64__ */ ++ syscall(SYS_exit, ret); ++#endif + } else { + int status; + +diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c +index 29973cde06d3..235259011704 100644 +--- a/tools/testing/selftests/x86/test_vdso.c ++++ b/tools/testing/selftests/x86/test_vdso.c +@@ -26,20 +26,59 @@ + # endif + #endif + ++/* max length of lines in /proc/self/maps - anything longer is skipped here */ ++#define MAPS_LINE_LEN 128 ++ + int nerrs = 0; + ++typedef long (*getcpu_t)(unsigned *, unsigned *, void *); ++ ++getcpu_t vgetcpu; ++getcpu_t vdso_getcpu; ++ ++static void *vsyscall_getcpu(void) ++{ + #ifdef __x86_64__ +-# define VSYS(x) (x) ++ FILE *maps; ++ char line[MAPS_LINE_LEN]; ++ bool found = false; ++ ++ maps = fopen("/proc/self/maps", "r"); ++ if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */ ++ return NULL; ++ ++ while (fgets(line, MAPS_LINE_LEN, maps)) { ++ char r, x; ++ void *start, *end; ++ char name[MAPS_LINE_LEN]; ++ ++ /* sscanf() is safe here as strlen(name) >= strlen(line) */ ++ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", ++ &start, &end, &r, &x, name) != 5) ++ continue; ++ ++ if (strcmp(name, "[vsyscall]")) ++ continue; ++ ++ /* assume entries are OK, as we test vDSO here not vsyscall */ ++ found = true; ++ break; ++ } ++ ++ fclose(maps); ++ ++ if (!found) { ++ printf("Warning: failed to find vsyscall getcpu\n"); ++ return NULL; ++ } ++ return (void *) (0xffffffffff600800); + #else +-# define VSYS(x) 0 ++ return NULL; + #endif ++} + +-typedef long (*getcpu_t)(unsigned *, unsigned *, void *); +- +-const getcpu_t vgetcpu = (getcpu_t)VSYS(0xffffffffff600800); +-getcpu_t vdso_getcpu; + +-void fill_function_pointers() ++static void fill_function_pointers() + { + void *vdso = dlopen("linux-vdso.so.1", + RTLD_LAZY | RTLD_LOCAL | RTLD_NOLOAD); +@@ -54,6 +93,8 @@ void fill_function_pointers() + vdso_getcpu = (getcpu_t)dlsym(vdso, "__vdso_getcpu"); + if (!vdso_getcpu) + printf("Warning: failed to find getcpu in vDSO\n"); ++ ++ vgetcpu = (getcpu_t) vsyscall_getcpu(); + } + + static long sys_getcpu(unsigned * cpu, unsigned * node, +diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c +index 6e0bd52ad53d..003b6c55b10e 100644 +--- a/tools/testing/selftests/x86/test_vsyscall.c ++++ b/tools/testing/selftests/x86/test_vsyscall.c +@@ -33,6 +33,9 @@ + # endif + #endif + ++/* max length of lines in /proc/self/maps - anything longer is skipped here */ ++#define MAPS_LINE_LEN 128 ++ + static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), + int flags) + { +@@ -98,7 +101,7 @@ static int init_vsys(void) + #ifdef __x86_64__ + int nerrs = 0; + FILE *maps; +- char line[128]; ++ char line[MAPS_LINE_LEN]; + bool found = false; + + maps = fopen("/proc/self/maps", "r"); +@@ -108,10 +111,12 @@ static int init_vsys(void) + return 0; + } + +- while (fgets(line, sizeof(line), maps)) { ++ while (fgets(line, MAPS_LINE_LEN, maps)) { + char r, x; + void *start, *end; +- char name[128]; ++ char name[MAPS_LINE_LEN]; ++ ++ /* sscanf() is safe here as strlen(name) >= strlen(line) */ + if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", + &start, &end, &r, &x, name) != 5) + continue;