commit: 14ad41e6b9c92b48862f10f8bcc83ecce990a26e Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Thu Apr 19 10:43:08 2018 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Thu Apr 19 10:43:08 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=14ad41e6
Linux patch 4.14.35 0000_README | 4 + 1034_linux-4.14.35.patch | 1801 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1805 insertions(+) diff --git a/0000_README b/0000_README index 1342bb8..423395e 100644 --- a/0000_README +++ b/0000_README @@ -179,6 +179,10 @@ Patch: 1033_linux-4.14.34.patch From: http://www.kernel.org Desc: Linux 4.14.34 +Patch: 1034_linux-4.14.35.patch +From: http://www.kernel.org +Desc: Linux 4.14.35 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1034_linux-4.14.35.patch b/1034_linux-4.14.35.patch new file mode 100644 index 0000000..5d53122 --- /dev/null +++ b/1034_linux-4.14.35.patch @@ -0,0 +1,1801 @@ +diff --git a/Makefile b/Makefile +index a6906dfb112e..995666d5e57b 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 14 +-SUBLEVEL = 34 ++SUBLEVEL = 35 + EXTRAVERSION = + NAME = Petit Gorille + +diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c +index d8f77358e2ba..513826a43efd 100644 +--- a/arch/parisc/kernel/drivers.c ++++ b/arch/parisc/kernel/drivers.c +@@ -651,6 +651,10 @@ static int match_pci_device(struct device *dev, int index, + (modpath->mod == PCI_FUNC(devfn))); + } + ++ /* index might be out of bounds for bc[] */ ++ if (index >= 6) ++ return 0; ++ + id = PCI_SLOT(pdev->devfn) | (PCI_FUNC(pdev->devfn) << 5); + return (modpath->bc[index] == id); + } +diff --git a/arch/parisc/kernel/hpmc.S b/arch/parisc/kernel/hpmc.S +index 8d072c44f300..781c3b9a3e46 100644 +--- a/arch/parisc/kernel/hpmc.S ++++ b/arch/parisc/kernel/hpmc.S +@@ -84,6 +84,7 @@ END(hpmc_pim_data) + .text + + .import intr_save, code ++ .align 16 + ENTRY_CFI(os_hpmc) + .os_hpmc: + +@@ -300,12 +301,15 @@ os_hpmc_6: + + b . + nop ++ .align 16 /* make function length multiple of 16 bytes */ + ENDPROC_CFI(os_hpmc) + .os_hpmc_end: + + + __INITRODATA ++.globl os_hpmc_size + .align 4 +- .export os_hpmc_size ++ .type os_hpmc_size, @object ++ .size os_hpmc_size, 4 + os_hpmc_size: + .word .os_hpmc_end-.os_hpmc +diff --git a/arch/powerpc/kvm/book3s_hv_rm_mmu.c b/arch/powerpc/kvm/book3s_hv_rm_mmu.c +index 4efe364f1188..4962d537c186 100644 +--- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c ++++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c +@@ -447,8 +447,6 @@ static void do_tlbies(struct kvm *kvm, unsigned long *rbvalues, + for (i = 0; i < npages; ++i) { + asm volatile(PPC_TLBIE_5(%0,%1,0,0,0) : : + "r" (rbvalues[i]), "r" (kvm->arch.lpid)); +- trace_tlbie(kvm->arch.lpid, 0, rbvalues[i], +- kvm->arch.lpid, 0, 0, 0); + } + asm volatile("eieio; tlbsync; ptesync" : : : "memory"); + kvm->arch.tlbie_lock = 0; +@@ -458,8 +456,6 @@ static void do_tlbies(struct kvm *kvm, unsigned long *rbvalues, + for (i = 0; i < npages; ++i) { + asm volatile(PPC_TLBIEL(%0,%1,0,0,0) : : + "r" (rbvalues[i]), "r" (0)); +- trace_tlbie(kvm->arch.lpid, 1, rbvalues[i], +- 0, 0, 0, 0); + } + asm volatile("ptesync" : : : "memory"); + } +diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c +index 8e622bb52f7a..d1a0e2c521d7 100644 +--- a/arch/s390/kernel/ipl.c ++++ b/arch/s390/kernel/ipl.c +@@ -799,6 +799,7 @@ static ssize_t reipl_generic_loadparm_store(struct ipl_parameter_block *ipb, + /* copy and convert to ebcdic */ + memcpy(ipb->hdr.loadparm, buf, lp_len); + ASCEBC(ipb->hdr.loadparm, LOADPARM_LEN); ++ ipb->hdr.flags |= DIAG308_FLAGS_LP_VALID; + return len; + } + +diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h +index b1e8d8db921f..340070415c2c 100644 +--- a/arch/x86/include/asm/mce.h ++++ b/arch/x86/include/asm/mce.h +@@ -346,6 +346,7 @@ enum smca_bank_types { + SMCA_IF, /* Instruction Fetch */ + SMCA_L2_CACHE, /* L2 Cache */ + SMCA_DE, /* Decoder Unit */ ++ SMCA_RESERVED, /* Reserved */ + SMCA_EX, /* Execution Unit */ + SMCA_FP, /* Floating Point */ + SMCA_L3_CACHE, /* L3 Cache */ +@@ -376,6 +377,7 @@ struct smca_bank { + extern struct smca_bank smca_banks[MAX_NR_BANKS]; + + extern const char *smca_get_long_name(enum smca_bank_types t); ++extern bool amd_mce_is_memory_error(struct mce *m); + + extern int mce_threshold_create_device(unsigned int cpu); + extern int mce_threshold_remove_device(unsigned int cpu); +@@ -384,6 +386,7 @@ extern int mce_threshold_remove_device(unsigned int cpu); + + static inline int mce_threshold_create_device(unsigned int cpu) { return 0; }; + static inline int mce_threshold_remove_device(unsigned int cpu) { return 0; }; ++static inline bool amd_mce_is_memory_error(struct mce *m) { return false; }; + + #endif + +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index e13d652fc30a..28d27de08545 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -512,10 +512,8 @@ static int mce_usable_address(struct mce *m) + bool mce_is_memory_error(struct mce *m) + { + if (m->cpuvendor == X86_VENDOR_AMD) { +- /* ErrCodeExt[20:16] */ +- u8 xec = (m->status >> 16) & 0x1f; ++ return amd_mce_is_memory_error(m); + +- return (xec == 0x0 || xec == 0x8); + } else if (m->cpuvendor == X86_VENDOR_INTEL) { + /* + * Intel SDM Volume 3B - 15.9.2 Compound Error Codes +diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c +index 486f640b02ef..259c75d7a2a0 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -82,6 +82,7 @@ static struct smca_bank_name smca_names[] = { + [SMCA_IF] = { "insn_fetch", "Instruction Fetch Unit" }, + [SMCA_L2_CACHE] = { "l2_cache", "L2 Cache" }, + [SMCA_DE] = { "decode_unit", "Decode Unit" }, ++ [SMCA_RESERVED] = { "reserved", "Reserved" }, + [SMCA_EX] = { "execution_unit", "Execution Unit" }, + [SMCA_FP] = { "floating_point", "Floating Point Unit" }, + [SMCA_L3_CACHE] = { "l3_cache", "L3 Cache" }, +@@ -110,9 +111,26 @@ const char *smca_get_long_name(enum smca_bank_types t) + } + EXPORT_SYMBOL_GPL(smca_get_long_name); + ++static enum smca_bank_types smca_get_bank_type(unsigned int bank) ++{ ++ struct smca_bank *b; ++ ++ if (bank >= MAX_NR_BANKS) ++ return N_SMCA_BANK_TYPES; ++ ++ b = &smca_banks[bank]; ++ if (!b->hwid) ++ return N_SMCA_BANK_TYPES; ++ ++ return b->hwid->bank_type; ++} ++ + static struct smca_hwid smca_hwid_mcatypes[] = { + /* { bank_type, hwid_mcatype, xec_bitmap } */ + ++ /* Reserved type */ ++ { SMCA_RESERVED, HWID_MCATYPE(0x00, 0x0), 0x0 }, ++ + /* ZN Core (HWID=0xB0) MCA types */ + { SMCA_LS, HWID_MCATYPE(0xB0, 0x0), 0x1FFFEF }, + { SMCA_IF, HWID_MCATYPE(0xB0, 0x1), 0x3FFF }, +@@ -416,7 +434,25 @@ static u32 get_block_address(unsigned int cpu, u32 current_addr, u32 low, u32 hi + { + u32 addr = 0, offset = 0; + ++ if ((bank >= mca_cfg.banks) || (block >= NR_BLOCKS)) ++ return addr; ++ ++ /* Get address from already initialized block. */ ++ if (per_cpu(threshold_banks, cpu)) { ++ struct threshold_bank *bankp = per_cpu(threshold_banks, cpu)[bank]; ++ ++ if (bankp && bankp->blocks) { ++ struct threshold_block *blockp = &bankp->blocks[block]; ++ ++ if (blockp) ++ return blockp->address; ++ } ++ } ++ + if (mce_flags.smca) { ++ if (smca_get_bank_type(bank) == SMCA_RESERVED) ++ return addr; ++ + if (!block) { + addr = MSR_AMD64_SMCA_MCx_MISC(bank); + } else { +@@ -738,6 +774,17 @@ int umc_normaddr_to_sysaddr(u64 norm_addr, u16 nid, u8 umc, u64 *sys_addr) + } + EXPORT_SYMBOL_GPL(umc_normaddr_to_sysaddr); + ++bool amd_mce_is_memory_error(struct mce *m) ++{ ++ /* ErrCodeExt[20:16] */ ++ u8 xec = (m->status >> 16) & 0x1f; ++ ++ if (mce_flags.smca) ++ return smca_get_bank_type(m->bank) == SMCA_UMC && xec == 0x0; ++ ++ return m->bank == 4 && xec == 0x8; ++} ++ + static void __log_error(unsigned int bank, u64 status, u64 addr, u64 misc) + { + struct mce m; +@@ -1036,7 +1083,7 @@ static struct kobj_type threshold_ktype = { + + static const char *get_name(unsigned int bank, struct threshold_block *b) + { +- unsigned int bank_type; ++ enum smca_bank_types bank_type; + + if (!mce_flags.smca) { + if (b && bank == 4) +@@ -1045,11 +1092,10 @@ static const char *get_name(unsigned int bank, struct threshold_block *b) + return th_names[bank]; + } + +- if (!smca_banks[bank].hwid) ++ bank_type = smca_get_bank_type(bank); ++ if (bank_type >= N_SMCA_BANK_TYPES) + return NULL; + +- bank_type = smca_banks[bank].hwid->bank_type; +- + if (b && bank_type == SMCA_UMC) { + if (b->block < ARRAY_SIZE(smca_umc_block_names)) + return smca_umc_block_names[b->block]; +diff --git a/block/blk-mq-cpumap.c b/block/blk-mq-cpumap.c +index 9f8cffc8a701..3eb169f15842 100644 +--- a/block/blk-mq-cpumap.c ++++ b/block/blk-mq-cpumap.c +@@ -16,11 +16,6 @@ + + static int cpu_to_queue_index(unsigned int nr_queues, const int cpu) + { +- /* +- * Non present CPU will be mapped to queue index 0. +- */ +- if (!cpu_present(cpu)) +- return 0; + return cpu % nr_queues; + } + +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index f14b4326e855..67a860790560 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -2748,15 +2748,21 @@ static void acpi_nfit_scrub(struct work_struct *work) + static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) + { + struct nfit_spa *nfit_spa; +- int rc; + +- list_for_each_entry(nfit_spa, &acpi_desc->spas, list) +- if (nfit_spa_type(nfit_spa->spa) == NFIT_SPA_DCR) { +- /* BLK regions don't need to wait for ars results */ +- rc = acpi_nfit_register_region(acpi_desc, nfit_spa); +- if (rc) +- return rc; +- } ++ list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { ++ int rc, type = nfit_spa_type(nfit_spa->spa); ++ ++ /* PMEM and VMEM will be registered by the ARS workqueue */ ++ if (type == NFIT_SPA_PM || type == NFIT_SPA_VOLATILE) ++ continue; ++ /* BLK apertures belong to BLK region registration below */ ++ if (type == NFIT_SPA_BDW) ++ continue; ++ /* BLK regions don't need to wait for ARS results */ ++ rc = acpi_nfit_register_region(acpi_desc, nfit_spa); ++ if (rc) ++ return rc; ++ } + + acpi_desc->ars_start_flags = 0; + if (!acpi_desc->cancel) +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 19858a146f30..754852156622 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -1098,11 +1098,15 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) + if (info->lo_encrypt_type) { + unsigned int type = info->lo_encrypt_type; + +- if (type >= MAX_LO_CRYPT) +- return -EINVAL; ++ if (type >= MAX_LO_CRYPT) { ++ err = -EINVAL; ++ goto exit; ++ } + xfer = xfer_funcs[type]; +- if (xfer == NULL) +- return -EINVAL; ++ if (xfer == NULL) { ++ err = -EINVAL; ++ goto exit; ++ } + } else + xfer = NULL; + +diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c +index 73d2d88ddc03..32527bdf4b50 100644 +--- a/drivers/bluetooth/hci_bcm.c ++++ b/drivers/bluetooth/hci_bcm.c +@@ -694,22 +694,6 @@ static const struct acpi_gpio_mapping acpi_bcm_int_first_gpios[] = { + #ifdef CONFIG_ACPI + /* IRQ polarity of some chipsets are not defined correctly in ACPI table. */ + static const struct dmi_system_id bcm_active_low_irq_dmi_table[] = { +- { +- .ident = "Asus T100TA", +- .matches = { +- DMI_EXACT_MATCH(DMI_SYS_VENDOR, +- "ASUSTeK COMPUTER INC."), +- DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), +- }, +- }, +- { +- .ident = "Asus T100CHI", +- .matches = { +- DMI_EXACT_MATCH(DMI_SYS_VENDOR, +- "ASUSTeK COMPUTER INC."), +- DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100CHI"), +- }, +- }, + { /* Handle ThinkPad 8 tablets with BCM2E55 chipset ACPI ID */ + .ident = "Lenovo ThinkPad 8", + .matches = { +@@ -730,7 +714,9 @@ static int bcm_resource(struct acpi_resource *ares, void *data) + switch (ares->type) { + case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: + irq = &ares->data.extended_irq; +- dev->irq_active_low = irq->polarity == ACPI_ACTIVE_LOW; ++ if (irq->polarity != ACPI_ACTIVE_LOW) ++ dev_info(&dev->pdev->dev, "ACPI Interrupt resource is active-high, this is usually wrong, treating the IRQ as active-low\n"); ++ dev->irq_active_low = true; + break; + + case ACPI_RESOURCE_TYPE_GPIO: +diff --git a/drivers/edac/mce_amd.c b/drivers/edac/mce_amd.c +index a11a671c7a38..2ab4d61ee47e 100644 +--- a/drivers/edac/mce_amd.c ++++ b/drivers/edac/mce_amd.c +@@ -854,21 +854,24 @@ static void decode_mc6_mce(struct mce *m) + static void decode_smca_error(struct mce *m) + { + struct smca_hwid *hwid; +- unsigned int bank_type; ++ enum smca_bank_types bank_type; + const char *ip_name; + u8 xec = XEC(m->status, xec_mask); + + if (m->bank >= ARRAY_SIZE(smca_banks)) + return; + +- if (x86_family(m->cpuid) >= 0x17 && m->bank == 4) +- pr_emerg(HW_ERR "Bank 4 is reserved on Fam17h.\n"); +- + hwid = smca_banks[m->bank].hwid; + if (!hwid) + return; + + bank_type = hwid->bank_type; ++ ++ if (bank_type == SMCA_RESERVED) { ++ pr_emerg(HW_ERR "Bank %d is reserved.\n", m->bank); ++ return; ++ } ++ + ip_name = smca_get_long_name(bank_type); + + pr_emerg(HW_ERR "%s Extended Error Code: %d\n", ip_name, xec); +diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c +index baadb706c276..b19a54dd18de 100644 +--- a/drivers/gpu/drm/radeon/radeon_object.c ++++ b/drivers/gpu/drm/radeon/radeon_object.c +@@ -240,9 +240,10 @@ int radeon_bo_create(struct radeon_device *rdev, + * may be slow + * See https://bugs.freedesktop.org/show_bug.cgi?id=88758 + */ +- ++#ifndef CONFIG_COMPILE_TEST + #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance \ + thanks to write-combining ++#endif + + if (bo->flags & RADEON_GEM_GTT_WC) + DRM_INFO_ONCE("Please enable CONFIG_MTRR and CONFIG_X86_PAT for " +diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c +index 65c6d6bdce4c..1939c0ca3741 100644 +--- a/drivers/hv/channel_mgmt.c ++++ b/drivers/hv/channel_mgmt.c +@@ -71,7 +71,7 @@ static const struct vmbus_device vmbus_devs[] = { + /* PCIE */ + { .dev_type = HV_PCIE, + HV_PCIE_GUID, +- .perf_device = true, ++ .perf_device = false, + }, + + /* Synthetic Frame Buffer */ +diff --git a/drivers/hwmon/ina2xx.c b/drivers/hwmon/ina2xx.c +index e362a932fe8c..e9e6aeabbf84 100644 +--- a/drivers/hwmon/ina2xx.c ++++ b/drivers/hwmon/ina2xx.c +@@ -454,6 +454,7 @@ static int ina2xx_probe(struct i2c_client *client, + + /* set the device type */ + data->config = &ina2xx_config[chip]; ++ mutex_init(&data->config_lock); + + if (of_property_read_u32(dev->of_node, "shunt-resistor", &val) < 0) { + struct ina2xx_platform_data *pdata = dev_get_platdata(dev); +@@ -480,8 +481,6 @@ static int ina2xx_probe(struct i2c_client *client, + return -ENODEV; + } + +- mutex_init(&data->config_lock); +- + data->groups[group++] = &ina2xx_group; + if (id->driver_data == ina226) + data->groups[group++] = &ina226_group; +diff --git a/drivers/media/platform/vsp1/vsp1_dl.c b/drivers/media/platform/vsp1/vsp1_dl.c +index 8b5cbb6b7a70..e5d8d99e124c 100644 +--- a/drivers/media/platform/vsp1/vsp1_dl.c ++++ b/drivers/media/platform/vsp1/vsp1_dl.c +@@ -508,7 +508,8 @@ static bool vsp1_dl_list_hw_update_pending(struct vsp1_dl_manager *dlm) + return !!(vsp1_read(vsp1, VI6_DL_BODY_SIZE) + & VI6_DL_BODY_SIZE_UPD); + else +- return !!(vsp1_read(vsp1, VI6_CMD(dlm->index) & VI6_CMD_UPDHDR)); ++ return !!(vsp1_read(vsp1, VI6_CMD(dlm->index)) ++ & VI6_CMD_UPDHDR); + } + + static void vsp1_dl_list_hw_enqueue(struct vsp1_dl_list *dl) +diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +index cbeea8343a5c..6730fd08ef03 100644 +--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c ++++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +@@ -101,7 +101,7 @@ static int get_v4l2_window32(struct v4l2_window __user *kp, + static int put_v4l2_window32(struct v4l2_window __user *kp, + struct v4l2_window32 __user *up) + { +- struct v4l2_clip __user *kclips = kp->clips; ++ struct v4l2_clip __user *kclips; + struct v4l2_clip32 __user *uclips; + compat_caddr_t p; + u32 clipcount; +@@ -116,6 +116,8 @@ static int put_v4l2_window32(struct v4l2_window __user *kp, + if (!clipcount) + return 0; + ++ if (get_user(kclips, &kp->clips)) ++ return -EFAULT; + if (get_user(p, &up->clips)) + return -EFAULT; + uclips = compat_ptr(p); +diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c +index 5782733959f0..f4e93f5fc204 100644 +--- a/drivers/net/slip/slhc.c ++++ b/drivers/net/slip/slhc.c +@@ -509,6 +509,10 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) + if(x < 0 || x > comp->rslot_limit) + goto bad; + ++ /* Check if the cstate is initialized */ ++ if (!comp->rstate[x].initialized) ++ goto bad; ++ + comp->flags &=~ SLF_TOSS; + comp->recv_current = x; + } else { +@@ -673,6 +677,7 @@ slhc_remember(struct slcompress *comp, unsigned char *icp, int isize) + if (cs->cs_tcp.doff > 5) + memcpy(cs->cs_tcpopt, icp + ihl*4 + sizeof(struct tcphdr), (cs->cs_tcp.doff - 5) * 4); + cs->cs_hsize = ihl*2 + cs->cs_tcp.doff*2; ++ cs->initialized = true; + /* Put headers back on packet + * Neither header checksum is recalculated + */ +diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c +index 05dca3e5c93d..178b956501a7 100644 +--- a/drivers/net/usb/cdc_ether.c ++++ b/drivers/net/usb/cdc_ether.c +@@ -895,6 +895,12 @@ static const struct usb_device_id products[] = { + USB_CDC_SUBCLASS_ETHERNET, + USB_CDC_PROTO_NONE), + .driver_info = (unsigned long)&wwan_info, ++}, { ++ /* Cinterion AHS3 modem by GEMALTO */ ++ USB_DEVICE_AND_INTERFACE_INFO(0x1e2d, 0x0055, USB_CLASS_COMM, ++ USB_CDC_SUBCLASS_ETHERNET, ++ USB_CDC_PROTO_NONE), ++ .driver_info = (unsigned long)&wwan_info, + }, { + USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ETHERNET, + USB_CDC_PROTO_NONE), +diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c +index 89d82c4ee8df..1fb464837b3e 100644 +--- a/drivers/net/usb/lan78xx.c ++++ b/drivers/net/usb/lan78xx.c +@@ -928,7 +928,8 @@ static int lan78xx_read_otp(struct lan78xx_net *dev, u32 offset, + offset += 0x100; + else + ret = -EINVAL; +- ret = lan78xx_read_raw_otp(dev, offset, length, data); ++ if (!ret) ++ ret = lan78xx_read_raw_otp(dev, offset, length, data); + } + + return ret; +diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c +index 396bf05c6bf6..d8b041f48ca8 100644 +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -2892,6 +2892,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) + struct ath_txq *txq; + int tidno; + ++ rcu_read_lock(); ++ + for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { + tid = ath_node_to_tid(an, tidno); + txq = tid->txq; +@@ -2909,6 +2911,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) + if (!an->sta) + break; /* just one multicast ath_atx_tid */ + } ++ ++ rcu_read_unlock(); + } + + #ifdef CONFIG_ATH9K_TX99 +diff --git a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c +index 121b94f09714..9a1d15b3ce45 100644 +--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c ++++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c +@@ -1450,6 +1450,7 @@ static int rtl8187_probe(struct usb_interface *intf, + goto err_free_dev; + } + mutex_init(&priv->io_mutex); ++ mutex_init(&priv->conf_mutex); + + SET_IEEE80211_DEV(dev, &intf->dev); + usb_set_intfdata(intf, dev); +@@ -1625,7 +1626,6 @@ static int rtl8187_probe(struct usb_interface *intf, + printk(KERN_ERR "rtl8187: Cannot register device\n"); + goto err_free_dmabuf; + } +- mutex_init(&priv->conf_mutex); + skb_queue_head_init(&priv->b_tx_status.queue); + + wiphy_info(dev->wiphy, "hwaddr %pM, %s V%d + %s, rfkill mask %d\n", +diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c +index 04dac6a42c9f..73b724143be0 100644 +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -457,7 +457,6 @@ struct hv_pcibus_device { + spinlock_t device_list_lock; /* Protect lists below */ + void __iomem *cfg_addr; + +- struct semaphore enum_sem; + struct list_head resources_for_children; + + struct list_head children; +@@ -471,6 +470,8 @@ struct hv_pcibus_device { + struct retarget_msi_interrupt retarget_msi_interrupt_params; + + spinlock_t retarget_msi_interrupt_lock; ++ ++ struct workqueue_struct *wq; + }; + + /* +@@ -1604,12 +1605,8 @@ static struct hv_pci_dev *get_pcichild_wslot(struct hv_pcibus_device *hbus, + * It must also treat the omission of a previously observed device as + * notification that the device no longer exists. + * +- * Note that this function is a work item, and it may not be +- * invoked in the order that it was queued. Back to back +- * updates of the list of present devices may involve queuing +- * multiple work items, and this one may run before ones that +- * were sent later. As such, this function only does something +- * if is the last one in the queue. ++ * Note that this function is serialized with hv_eject_device_work(), ++ * because both are pushed to the ordered workqueue hbus->wq. + */ + static void pci_devices_present_work(struct work_struct *work) + { +@@ -1630,11 +1627,6 @@ static void pci_devices_present_work(struct work_struct *work) + + INIT_LIST_HEAD(&removed); + +- if (down_interruptible(&hbus->enum_sem)) { +- put_hvpcibus(hbus); +- return; +- } +- + /* Pull this off the queue and process it if it was the last one. */ + spin_lock_irqsave(&hbus->device_list_lock, flags); + while (!list_empty(&hbus->dr_list)) { +@@ -1651,7 +1643,6 @@ static void pci_devices_present_work(struct work_struct *work) + spin_unlock_irqrestore(&hbus->device_list_lock, flags); + + if (!dr) { +- up(&hbus->enum_sem); + put_hvpcibus(hbus); + return; + } +@@ -1738,7 +1729,6 @@ static void pci_devices_present_work(struct work_struct *work) + break; + } + +- up(&hbus->enum_sem); + put_hvpcibus(hbus); + kfree(dr); + } +@@ -1784,7 +1774,7 @@ static void hv_pci_devices_present(struct hv_pcibus_device *hbus, + spin_unlock_irqrestore(&hbus->device_list_lock, flags); + + get_hvpcibus(hbus); +- schedule_work(&dr_wrk->wrk); ++ queue_work(hbus->wq, &dr_wrk->wrk); + } + + /** +@@ -1862,7 +1852,7 @@ static void hv_pci_eject_device(struct hv_pci_dev *hpdev) + get_pcichild(hpdev, hv_pcidev_ref_pnp); + INIT_WORK(&hpdev->wrk, hv_eject_device_work); + get_hvpcibus(hpdev->hbus); +- schedule_work(&hpdev->wrk); ++ queue_work(hpdev->hbus->wq, &hpdev->wrk); + } + + /** +@@ -2475,13 +2465,18 @@ static int hv_pci_probe(struct hv_device *hdev, + spin_lock_init(&hbus->config_lock); + spin_lock_init(&hbus->device_list_lock); + spin_lock_init(&hbus->retarget_msi_interrupt_lock); +- sema_init(&hbus->enum_sem, 1); + init_completion(&hbus->remove_event); ++ hbus->wq = alloc_ordered_workqueue("hv_pci_%x", 0, ++ hbus->sysdata.domain); ++ if (!hbus->wq) { ++ ret = -ENOMEM; ++ goto free_bus; ++ } + + ret = vmbus_open(hdev->channel, pci_ring_size, pci_ring_size, NULL, 0, + hv_pci_onchannelcallback, hbus); + if (ret) +- goto free_bus; ++ goto destroy_wq; + + hv_set_drvdata(hdev, hbus); + +@@ -2550,6 +2545,8 @@ static int hv_pci_probe(struct hv_device *hdev, + hv_free_config_window(hbus); + close: + vmbus_close(hdev->channel); ++destroy_wq: ++ destroy_workqueue(hbus->wq); + free_bus: + free_page((unsigned long)hbus); + return ret; +@@ -2629,6 +2626,7 @@ static int hv_pci_remove(struct hv_device *hdev) + irq_domain_free_fwnode(hbus->sysdata.fwnode); + put_hvpcibus(hbus); + wait_for_completion(&hbus->remove_event); ++ destroy_workqueue(hbus->wq); + free_page((unsigned long)hbus); + return 0; + } +diff --git a/drivers/s390/cio/qdio_main.c b/drivers/s390/cio/qdio_main.c +index a4ad39ba3873..8941e7caaf4d 100644 +--- a/drivers/s390/cio/qdio_main.c ++++ b/drivers/s390/cio/qdio_main.c +@@ -126,7 +126,7 @@ static inline int qdio_check_ccq(struct qdio_q *q, unsigned int ccq) + static int qdio_do_eqbs(struct qdio_q *q, unsigned char *state, + int start, int count, int auto_ack) + { +- int rc, tmp_count = count, tmp_start = start, nr = q->nr, retried = 0; ++ int rc, tmp_count = count, tmp_start = start, nr = q->nr; + unsigned int ccq = 0; + + qperf_inc(q, eqbs); +@@ -149,14 +149,7 @@ static int qdio_do_eqbs(struct qdio_q *q, unsigned char *state, + qperf_inc(q, eqbs_partial); + DBF_DEV_EVENT(DBF_WARN, q->irq_ptr, "EQBS part:%02x", + tmp_count); +- /* +- * Retry once, if that fails bail out and process the +- * extracted buffers before trying again. +- */ +- if (!retried++) +- goto again; +- else +- return count - tmp_count; ++ return count - tmp_count; + } + + DBF_ERROR("%4x EQBS ERROR", SCH_NO(q)); +@@ -212,7 +205,10 @@ static int qdio_do_sqbs(struct qdio_q *q, unsigned char state, int start, + return 0; + } + +-/* returns number of examined buffers and their common state in *state */ ++/* ++ * Returns number of examined buffers and their common state in *state. ++ * Requested number of buffers-to-examine must be > 0. ++ */ + static inline int get_buf_states(struct qdio_q *q, unsigned int bufnr, + unsigned char *state, unsigned int count, + int auto_ack, int merge_pending) +@@ -223,17 +219,23 @@ static inline int get_buf_states(struct qdio_q *q, unsigned int bufnr, + if (is_qebsm(q)) + return qdio_do_eqbs(q, state, bufnr, count, auto_ack); + +- for (i = 0; i < count; i++) { +- if (!__state) { +- __state = q->slsb.val[bufnr]; +- if (merge_pending && __state == SLSB_P_OUTPUT_PENDING) +- __state = SLSB_P_OUTPUT_EMPTY; +- } else if (merge_pending) { +- if ((q->slsb.val[bufnr] & __state) != __state) +- break; +- } else if (q->slsb.val[bufnr] != __state) +- break; ++ /* get initial state: */ ++ __state = q->slsb.val[bufnr]; ++ if (merge_pending && __state == SLSB_P_OUTPUT_PENDING) ++ __state = SLSB_P_OUTPUT_EMPTY; ++ ++ for (i = 1; i < count; i++) { + bufnr = next_buf(bufnr); ++ ++ /* merge PENDING into EMPTY: */ ++ if (merge_pending && ++ q->slsb.val[bufnr] == SLSB_P_OUTPUT_PENDING && ++ __state == SLSB_P_OUTPUT_EMPTY) ++ continue; ++ ++ /* stop if next state differs from initial state: */ ++ if (q->slsb.val[bufnr] != __state) ++ break; + } + *state = __state; + return i; +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 1e17175692d3..8e7c0626f8b5 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -459,9 +459,6 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, + + static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) + { +- if (!ha->req_q_map) +- return; +- + if (IS_QLAFX00(ha)) { + if (req && req->ring_fx00) + dma_free_coherent(&ha->pdev->dev, +@@ -472,17 +469,14 @@ static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) + (req->length + 1) * sizeof(request_t), + req->ring, req->dma); + +- if (req) { ++ if (req) + kfree(req->outstanding_cmds); +- kfree(req); +- } ++ ++ kfree(req); + } + + static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) + { +- if (!ha->rsp_q_map) +- return; +- + if (IS_QLAFX00(ha)) { + if (rsp && rsp->ring) + dma_free_coherent(&ha->pdev->dev, +@@ -493,8 +487,7 @@ static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) + (rsp->length + 1) * sizeof(response_t), + rsp->ring, rsp->dma); + } +- if (rsp) +- kfree(rsp); ++ kfree(rsp); + } + + static void qla2x00_free_queues(struct qla_hw_data *ha) +@@ -3075,7 +3068,8 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) + goto probe_failed; + + /* Alloc arrays of request and response ring ptrs */ +- if (qla2x00_alloc_queues(ha, req, rsp)) { ++ ret = qla2x00_alloc_queues(ha, req, rsp); ++ if (ret) { + ql_log(ql_log_fatal, base_vha, 0x003d, + "Failed to allocate memory for queue pointers..." + "aborting.\n"); +@@ -3368,8 +3362,15 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) + } + + qla2x00_free_device(base_vha); +- + scsi_host_put(base_vha->host); ++ /* ++ * Need to NULL out local req/rsp after ++ * qla2x00_free_device => qla2x00_free_queues frees ++ * what these are pointing to. Or else we'll ++ * fall over below in qla2x00_free_req/rsp_que. ++ */ ++ req = NULL; ++ rsp = NULL; + + probe_hw_failed: + qla2x00_mem_free(ha); +@@ -4062,6 +4063,7 @@ qla2x00_mem_alloc(struct qla_hw_data *ha, uint16_t req_len, uint16_t rsp_len, + (*rsp)->dma = 0; + fail_rsp_ring: + kfree(*rsp); ++ *rsp = NULL; + fail_rsp: + dma_free_coherent(&ha->pdev->dev, ((*req)->length + 1) * + sizeof(request_t), (*req)->ring, (*req)->dma); +@@ -4069,6 +4071,7 @@ qla2x00_mem_alloc(struct qla_hw_data *ha, uint16_t req_len, uint16_t rsp_len, + (*req)->dma = 0; + fail_req_ring: + kfree(*req); ++ *req = NULL; + fail_req: + dma_free_coherent(&ha->pdev->dev, sizeof(struct ct_sns_pkt), + ha->ct_sns, ha->ct_sns_dma); +@@ -4436,16 +4439,11 @@ qla2x00_mem_free(struct qla_hw_data *ha) + dma_free_coherent(&ha->pdev->dev, ha->init_cb_size, + ha->init_cb, ha->init_cb_dma); + +- if (ha->optrom_buffer) +- vfree(ha->optrom_buffer); +- if (ha->nvram) +- kfree(ha->nvram); +- if (ha->npiv_info) +- kfree(ha->npiv_info); +- if (ha->swl) +- kfree(ha->swl); +- if (ha->loop_id_map) +- kfree(ha->loop_id_map); ++ vfree(ha->optrom_buffer); ++ kfree(ha->nvram); ++ kfree(ha->npiv_info); ++ kfree(ha->swl); ++ kfree(ha->loop_id_map); + + ha->srb_mempool = NULL; + ha->ctx_mempool = NULL; +diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c +index c692e0b13242..8e3ca4400766 100644 +--- a/drivers/vhost/vhost.c ++++ b/drivers/vhost/vhost.c +@@ -756,7 +756,7 @@ static int vhost_copy_to_user(struct vhost_virtqueue *vq, void __user *to, + struct iov_iter t; + void __user *uaddr = vhost_vq_meta_fetch(vq, + (u64)(uintptr_t)to, size, +- VHOST_ADDR_DESC); ++ VHOST_ADDR_USED); + + if (uaddr) + return __copy_to_user(uaddr, from, size); +@@ -1252,10 +1252,12 @@ static int vq_log_access_ok(struct vhost_virtqueue *vq, + /* Caller should have vq mutex and device mutex */ + int vhost_vq_access_ok(struct vhost_virtqueue *vq) + { +- int ret = vq_log_access_ok(vq, vq->log_base); ++ if (!vq_log_access_ok(vq, vq->log_base)) ++ return 0; + +- if (ret || vq->iotlb) +- return ret; ++ /* Access validation occurs at prefetch time with IOTLB */ ++ if (vq->iotlb) ++ return 1; + + return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used); + } +diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c +index f3b089b7c0b6..d2edbc79384a 100644 +--- a/drivers/xen/xenbus/xenbus_dev_frontend.c ++++ b/drivers/xen/xenbus/xenbus_dev_frontend.c +@@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req) + if (WARN_ON(rc)) + goto out; + } +- } else if (req->msg.type == XS_TRANSACTION_END) { ++ } else if (req->type == XS_TRANSACTION_END) { + trans = xenbus_get_transaction(u, req->msg.tx_id); + if (WARN_ON(!trans)) + goto out; +diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c +index bfe6a8ccc3a0..d5021ba69e7a 100644 +--- a/fs/f2fs/gc.c ++++ b/fs/f2fs/gc.c +@@ -191,8 +191,9 @@ static void select_policy(struct f2fs_sb_info *sbi, int gc_type, + if (gc_type != FG_GC && p->max_search > sbi->max_victim_search) + p->max_search = sbi->max_victim_search; + +- /* let's select beginning hot/small space first */ +- if (type == CURSEG_HOT_DATA || IS_NODESEG(type)) ++ /* let's select beginning hot/small space first in no_heap mode*/ ++ if (test_opt(sbi, NOHEAP) && ++ (type == CURSEG_HOT_DATA || IS_NODESEG(type))) + p->offset = 0; + else + p->offset = SIT_I(sbi)->last_victim[p->gc_mode]; +diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c +index c695ff462ee6..271516db8939 100644 +--- a/fs/f2fs/segment.c ++++ b/fs/f2fs/segment.c +@@ -1992,7 +1992,8 @@ static unsigned int __get_next_segno(struct f2fs_sb_info *sbi, int type) + if (sbi->segs_per_sec != 1) + return CURSEG_I(sbi, type)->segno; + +- if (type == CURSEG_HOT_DATA || IS_NODESEG(type)) ++ if (test_opt(sbi, NOHEAP) && ++ (type == CURSEG_HOT_DATA || IS_NODESEG(type))) + return 0; + + if (SIT_I(sbi)->last_victim[ALLOC_NEXT]) +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c +index 3b293d0d1785..2a6ed036d207 100644 +--- a/fs/hugetlbfs/inode.c ++++ b/fs/hugetlbfs/inode.c +@@ -148,10 +148,14 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) + + /* + * page based offset in vm_pgoff could be sufficiently large to +- * overflow a (l)off_t when converted to byte offset. ++ * overflow a loff_t when converted to byte offset. This can ++ * only happen on architectures where sizeof(loff_t) == ++ * sizeof(unsigned long). So, only check in those instances. + */ +- if (vma->vm_pgoff & PGOFF_LOFFT_MAX) +- return -EINVAL; ++ if (sizeof(unsigned long) == sizeof(loff_t)) { ++ if (vma->vm_pgoff & PGOFF_LOFFT_MAX) ++ return -EINVAL; ++ } + + /* must be huge page aligned */ + if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) +diff --git a/fs/namei.c b/fs/namei.c +index f839b0750ca3..0b46b858cd42 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -222,9 +222,10 @@ getname_kernel(const char * filename) + if (len <= EMBEDDED_NAME_MAX) { + result->name = (char *)result->iname; + } else if (len <= PATH_MAX) { ++ const size_t size = offsetof(struct filename, iname[1]); + struct filename *tmp; + +- tmp = kmalloc(sizeof(*tmp), GFP_KERNEL); ++ tmp = kmalloc(size, GFP_KERNEL); + if (unlikely(!tmp)) { + __putname(result); + return ERR_PTR(-ENOMEM); +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index 8ce60986fb75..5b6ff168d11a 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -32,6 +32,7 @@ + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ ++#include <linux/fs_struct.h> + #include <linux/file.h> + #include <linux/falloc.h> + #include <linux/slab.h> +@@ -252,11 +253,13 @@ do_open_lookup(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, stru + * Note: create modes (UNCHECKED,GUARDED...) are the same + * in NFSv4 as in v3 except EXCLUSIVE4_1. + */ ++ current->fs->umask = open->op_umask; + status = do_nfsd_create(rqstp, current_fh, open->op_fname.data, + open->op_fname.len, &open->op_iattr, + *resfh, open->op_createmode, + (u32 *)open->op_verf.data, + &open->op_truncate, &open->op_created); ++ current->fs->umask = 0; + + if (!status && open->op_label.len) + nfsd4_security_inode_setsecctx(*resfh, &open->op_label, open->op_bmval); +@@ -608,6 +611,7 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + if (status) + return status; + ++ current->fs->umask = create->cr_umask; + switch (create->cr_type) { + case NF4LNK: + status = nfsd_symlink(rqstp, &cstate->current_fh, +@@ -616,20 +620,22 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + break; + + case NF4BLK: ++ status = nfserr_inval; + rdev = MKDEV(create->cr_specdata1, create->cr_specdata2); + if (MAJOR(rdev) != create->cr_specdata1 || + MINOR(rdev) != create->cr_specdata2) +- return nfserr_inval; ++ goto out_umask; + status = nfsd_create(rqstp, &cstate->current_fh, + create->cr_name, create->cr_namelen, + &create->cr_iattr, S_IFBLK, rdev, &resfh); + break; + + case NF4CHR: ++ status = nfserr_inval; + rdev = MKDEV(create->cr_specdata1, create->cr_specdata2); + if (MAJOR(rdev) != create->cr_specdata1 || + MINOR(rdev) != create->cr_specdata2) +- return nfserr_inval; ++ goto out_umask; + status = nfsd_create(rqstp, &cstate->current_fh, + create->cr_name, create->cr_namelen, + &create->cr_iattr,S_IFCHR, rdev, &resfh); +@@ -673,6 +679,8 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + fh_dup2(&cstate->current_fh, &resfh); + out: + fh_put(&resfh); ++out_umask: ++ current->fs->umask = 0; + return status; + } + +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index 2c61c6b8ae09..df2b8849a63b 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -33,7 +33,6 @@ + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +-#include <linux/fs_struct.h> + #include <linux/file.h> + #include <linux/slab.h> + #include <linux/namei.h> +@@ -683,7 +682,7 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create + + status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr, + &create->cr_acl, &create->cr_label, +- ¤t->fs->umask); ++ &create->cr_umask); + if (status) + goto out; + +@@ -928,7 +927,6 @@ nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open) + case NFS4_OPEN_NOCREATE: + break; + case NFS4_OPEN_CREATE: +- current->fs->umask = 0; + READ_BUF(4); + open->op_createmode = be32_to_cpup(p++); + switch (open->op_createmode) { +@@ -936,7 +934,7 @@ nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open) + case NFS4_CREATE_GUARDED: + status = nfsd4_decode_fattr(argp, open->op_bmval, + &open->op_iattr, &open->op_acl, &open->op_label, +- ¤t->fs->umask); ++ &open->op_umask); + if (status) + goto out; + break; +@@ -951,7 +949,7 @@ nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open) + COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE); + status = nfsd4_decode_fattr(argp, open->op_bmval, + &open->op_iattr, &open->op_acl, &open->op_label, +- ¤t->fs->umask); ++ &open->op_umask); + if (status) + goto out; + break; +diff --git a/fs/nfsd/xdr4.h b/fs/nfsd/xdr4.h +index 1e4edbf70052..aa4375eac475 100644 +--- a/fs/nfsd/xdr4.h ++++ b/fs/nfsd/xdr4.h +@@ -118,6 +118,7 @@ struct nfsd4_create { + } u; + u32 cr_bmval[3]; /* request */ + struct iattr cr_iattr; /* request */ ++ int cr_umask; /* request */ + struct nfsd4_change_info cr_cinfo; /* response */ + struct nfs4_acl *cr_acl; + struct xdr_netobj cr_label; +@@ -228,6 +229,7 @@ struct nfsd4_open { + u32 op_why_no_deleg; /* response - DELEG_NONE_EXT only */ + u32 op_create; /* request */ + u32 op_createmode; /* request */ ++ int op_umask; /* request */ + u32 op_bmval[3]; /* request */ + struct iattr op_iattr; /* UNCHECKED4, GUARDED4, EXCLUSIVE4_1 */ + nfs4_verifier op_verf __attribute__((aligned(32))); +diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c +index 4bb7e4f53ea6..8a10506db993 100644 +--- a/fs/overlayfs/namei.c ++++ b/fs/overlayfs/namei.c +@@ -56,6 +56,15 @@ static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, + if (s == next) + goto invalid; + } ++ /* ++ * One of the ancestor path elements in an absolute path ++ * lookup in ovl_lookup_layer() could have been opaque and ++ * that will stop further lookup in lower layers (d->stop=true) ++ * But we have found an absolute redirect in decendant path ++ * element and that should force continue lookup in lower ++ * layers (reset d->stop). ++ */ ++ d->stop = false; + } else { + if (strchr(buf, '/') != NULL) + goto invalid; +diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h +index 95ccc1eef558..b619a190ff12 100644 +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -895,7 +895,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, + u16 conn_timeout); + struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + u8 dst_type, u8 sec_level, u16 conn_timeout, +- u8 role); ++ u8 role, bdaddr_t *direct_rpa); + struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, + u8 sec_level, u8 auth_type); + struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, +diff --git a/include/net/slhc_vj.h b/include/net/slhc_vj.h +index 8716d5942b65..8fcf8908a694 100644 +--- a/include/net/slhc_vj.h ++++ b/include/net/slhc_vj.h +@@ -127,6 +127,7 @@ typedef __u32 int32; + */ + struct cstate { + byte_t cs_this; /* connection id number (xmit) */ ++ bool initialized; /* true if initialized */ + struct cstate *next; /* next in ring (xmit) */ + struct iphdr cs_ip; /* ip/tcp hdr from most recent packet */ + struct tcphdr cs_tcp; +diff --git a/kernel/events/core.c b/kernel/events/core.c +index cecd72eb09b8..e9b0beca830f 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -4199,6 +4199,9 @@ static void _free_event(struct perf_event *event) + if (event->ctx) + put_ctx(event->ctx); + ++ if (event->hw.target) ++ put_task_struct(event->hw.target); ++ + exclusive_event_destroy(event); + module_put(event->pmu->module); + +@@ -9508,6 +9511,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, + * and we cannot use the ctx information because we need the + * pmu before we get a ctx. + */ ++ get_task_struct(task); + event->hw.target = task; + } + +@@ -9623,6 +9627,8 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, + perf_detach_cgroup(event); + if (event->ns) + put_pid_ns(event->ns); ++ if (event->hw.target) ++ put_task_struct(event->hw.target); + kfree(event); + + return ERR_PTR(err); +diff --git a/lib/bitmap.c b/lib/bitmap.c +index c82c61b66e16..2a9373ef4054 100644 +--- a/lib/bitmap.c ++++ b/lib/bitmap.c +@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, + /* if no digit is after '-', it's wrong*/ + if (at_start && in_range) + return -EINVAL; +- if (!(a <= b) || !(used_size <= group_size)) ++ if (!(a <= b) || group_size == 0 || !(used_size <= group_size)) + return -EINVAL; + if (b >= nmaskbits) + return -ERANGE; +diff --git a/lib/test_bitmap.c b/lib/test_bitmap.c +index aa1f2669bdd5..0ddf293cfac3 100644 +--- a/lib/test_bitmap.c ++++ b/lib/test_bitmap.c +@@ -218,6 +218,10 @@ static const struct test_bitmap_parselist parselist_tests[] __initconst = { + {-EINVAL, "-1", NULL, 8, 0}, + {-EINVAL, "-0", NULL, 8, 0}, + {-EINVAL, "10-1", NULL, 8, 0}, ++ {-EINVAL, "0-31:", NULL, 8, 0}, ++ {-EINVAL, "0-31:0", NULL, 8, 0}, ++ {-EINVAL, "0-31:0/0", NULL, 8, 0}, ++ {-EINVAL, "0-31:1/0", NULL, 8, 0}, + {-EINVAL, "0-31:10/1", NULL, 8, 0}, + }; + +diff --git a/mm/gup.c b/mm/gup.c +index e0d82b6706d7..8fc23a60487d 100644 +--- a/mm/gup.c ++++ b/mm/gup.c +@@ -1816,9 +1816,12 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, + len = (unsigned long) nr_pages << PAGE_SHIFT; + end = start + len; + ++ if (nr_pages <= 0) ++ return 0; ++ + if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ, + (void __user *)start, len))) +- return 0; ++ return -EFAULT; + + if (gup_fast_permitted(start, nr_pages, write)) { + local_irq_disable(); +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c +index dc59eae54717..cc061495f653 100644 +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) + } + + static void hci_req_add_le_create_conn(struct hci_request *req, +- struct hci_conn *conn) ++ struct hci_conn *conn, ++ bdaddr_t *direct_rpa) + { + struct hci_cp_le_create_conn cp; + struct hci_dev *hdev = conn->hdev; + u8 own_addr_type; + +- /* Update random address, but set require_privacy to false so +- * that we never connect with an non-resolvable address. ++ /* If direct address was provided we use it instead of current ++ * address. + */ +- if (hci_update_random_address(req, false, conn_use_rpa(conn), +- &own_addr_type)) +- return; ++ if (direct_rpa) { ++ if (bacmp(&req->hdev->random_addr, direct_rpa)) ++ hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, ++ direct_rpa); ++ ++ /* direct address is always RPA */ ++ own_addr_type = ADDR_LE_DEV_RANDOM; ++ } else { ++ /* Update random address, but set require_privacy to false so ++ * that we never connect with an non-resolvable address. ++ */ ++ if (hci_update_random_address(req, false, conn_use_rpa(conn), ++ &own_addr_type)) ++ return; ++ } + + memset(&cp, 0, sizeof(cp)); + +@@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, + + struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + u8 dst_type, u8 sec_level, u16 conn_timeout, +- u8 role) ++ u8 role, bdaddr_t *direct_rpa) + { + struct hci_conn_params *params; + struct hci_conn *conn; +@@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, + hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); + } + +- hci_req_add_le_create_conn(&req, conn); ++ hci_req_add_le_create_conn(&req, conn, direct_rpa); + + create_conn: + err = hci_req_run(&req, create_le_conn_complete); +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index 0b4dba08a14e..01f211e31f47 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -4646,7 +4646,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, + /* This function requires the caller holds hdev->lock */ + static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, + bdaddr_t *addr, +- u8 addr_type, u8 adv_type) ++ u8 addr_type, u8 adv_type, ++ bdaddr_t *direct_rpa) + { + struct hci_conn *conn; + struct hci_conn_params *params; +@@ -4697,7 +4698,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, + } + + conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, +- HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); ++ HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, ++ direct_rpa); + if (!IS_ERR(conn)) { + /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned + * by higher layer that tried to connect, if no then +@@ -4807,8 +4809,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, + bdaddr_type = irk->addr_type; + } + +- /* Check if we have been requested to connect to this device */ +- conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); ++ /* Check if we have been requested to connect to this device. ++ * ++ * direct_addr is set only for directed advertising reports (it is NULL ++ * for advertising reports) and is already verified to be RPA above. ++ */ ++ conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, ++ direct_addr); + if (conn && type == LE_ADV_IND) { + /* Store report for later inclusion by + * mgmt_device_connected +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c +index fc6615d59165..9b7907ebfa01 100644 +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, + hcon = hci_connect_le(hdev, dst, dst_type, + chan->sec_level, + HCI_LE_CONN_TIMEOUT, +- HCI_ROLE_SLAVE); ++ HCI_ROLE_SLAVE, NULL); + else + hcon = hci_connect_le_scan(hdev, dst, dst_type, + chan->sec_level, +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c +index cf84f7b37cd9..9d2ce1459cec 100644 +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -2055,6 +2055,7 @@ ip_set_net_exit(struct net *net) + + inst->is_deleted = true; /* flag for ip_set_nfnl_put */ + ++ nfnl_lock(NFNL_SUBSYS_IPSET); + for (i = 0; i < inst->ip_set_max; i++) { + set = ip_set(inst, i); + if (set) { +@@ -2062,6 +2063,7 @@ ip_set_net_exit(struct net *net) + ip_set_destroy_set(set); + } + } ++ nfnl_unlock(NFNL_SUBSYS_IPSET); + kfree(rcu_dereference_protected(inst->ip_set_list, 1)); + } + +diff --git a/net/rds/send.c b/net/rds/send.c +index f72466c63f0c..23f2d81e7967 100644 +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2006 Oracle. All rights reserved. ++ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. + * + * This software is available to you under a choice of one of two + * licenses. You may choose to be licensed under the terms of the GNU +@@ -986,10 +986,15 @@ static int rds_send_mprds_hash(struct rds_sock *rs, struct rds_connection *conn) + if (conn->c_npaths == 0 && hash != 0) { + rds_send_ping(conn, 0); + +- if (conn->c_npaths == 0) { +- wait_event_interruptible(conn->c_hs_waitq, +- (conn->c_npaths != 0)); +- } ++ /* The underlying connection is not up yet. Need to wait ++ * until it is up to be sure that the non-zero c_path can be ++ * used. But if we are interrupted, we have to use the zero ++ * c_path in case the connection ends up being non-MP capable. ++ */ ++ if (conn->c_npaths == 0) ++ if (wait_event_interruptible(conn->c_hs_waitq, ++ conn->c_npaths != 0)) ++ hash = 0; + if (conn->c_npaths == 1) + hash = 0; + } +diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c +index 12649c9fedab..8654494b4d0a 100644 +--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c ++++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c +@@ -237,9 +237,6 @@ make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen, + + ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + +- err = crypto_ahash_init(req); +- if (err) +- goto out; + err = crypto_ahash_setkey(hmac_md5, cksumkey, kctx->gk5e->keylength); + if (err) + goto out; +diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c +index caaf51dda648..0e03377bb83e 100644 +--- a/security/apparmor/apparmorfs.c ++++ b/security/apparmor/apparmorfs.c +@@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v) + static int seq_ns_name_show(struct seq_file *seq, void *v) + { + struct aa_label *label = begin_current_label_crit_section(); +- +- seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label), +- labels_ns(label), true)); ++ seq_printf(seq, "%s\n", labels_ns(label)->base.name); + end_current_label_crit_section(label); + + return 0; +diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h +index 4ac095118717..2ebc00a579fd 100644 +--- a/security/apparmor/include/audit.h ++++ b/security/apparmor/include/audit.h +@@ -126,6 +126,10 @@ struct apparmor_audit_data { + const char *target; + kuid_t ouid; + } fs; ++ struct { ++ int rlim; ++ unsigned long max; ++ } rlim; + int signal; + }; + }; +@@ -134,10 +138,6 @@ struct apparmor_audit_data { + const char *ns; + long pos; + } iface; +- struct { +- int rlim; +- unsigned long max; +- } rlim; + struct { + const char *src_name; + const char *type; +diff --git a/security/apparmor/include/sig_names.h b/security/apparmor/include/sig_names.h +index 92e62fe95292..5ca47c50dfa7 100644 +--- a/security/apparmor/include/sig_names.h ++++ b/security/apparmor/include/sig_names.h +@@ -2,6 +2,8 @@ + + #define SIGUNKNOWN 0 + #define MAXMAPPED_SIG 35 ++#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1) ++ + /* provide a mapping of arch signal to internal signal # for mediation + * those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO + * map to the same entry those that may/or may not get a separate entry +@@ -56,7 +58,7 @@ static const int sig_map[MAXMAPPED_SIG] = { + }; + + /* this table is ordered post sig_map[sig] mapping */ +-static const char *const sig_names[MAXMAPPED_SIG + 1] = { ++static const char *const sig_names[MAXMAPPED_SIGNAME] = { + "unknown", + "hup", + "int", +diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c +index b40678f3c1d5..586facd35f7c 100644 +--- a/security/apparmor/ipc.c ++++ b/security/apparmor/ipc.c +@@ -174,7 +174,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va) + audit_signal_mask(ab, aad(sa)->denied); + } + } +- if (aad(sa)->signal < MAXMAPPED_SIG) ++ if (aad(sa)->signal < MAXMAPPED_SIGNAME) + audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]); + else + audit_log_format(ab, " signal=rtmin+%d", +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +index aa1593ce551d..f9157aed1289 100644 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1378,6 +1378,7 @@ static int intel_pt_overflow(struct intel_pt_decoder *decoder) + intel_pt_clear_tx_flags(decoder); + decoder->have_tma = false; + decoder->cbr = 0; ++ decoder->timestamp_insn_cnt = 0; + decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC; + decoder->overflow = true; + return -EOVERFLOW; +@@ -1616,6 +1617,7 @@ static int intel_pt_walk_fup_tip(struct intel_pt_decoder *decoder) + case INTEL_PT_PWRX: + intel_pt_log("ERROR: Missing TIP after FUP\n"); + decoder->pkt_state = INTEL_PT_STATE_ERR3; ++ decoder->pkt_step = 0; + return -ENOENT; + + case INTEL_PT_OVF: +@@ -2390,14 +2392,6 @@ const struct intel_pt_state *intel_pt_decode(struct intel_pt_decoder *decoder) + return &decoder->state; + } + +-static bool intel_pt_at_psb(unsigned char *buf, size_t len) +-{ +- if (len < INTEL_PT_PSB_LEN) +- return false; +- return memmem(buf, INTEL_PT_PSB_LEN, INTEL_PT_PSB_STR, +- INTEL_PT_PSB_LEN); +-} +- + /** + * intel_pt_next_psb - move buffer pointer to the start of the next PSB packet. + * @buf: pointer to buffer pointer +@@ -2486,6 +2480,7 @@ static unsigned char *intel_pt_last_psb(unsigned char *buf, size_t len) + * @buf: buffer + * @len: size of buffer + * @tsc: TSC value returned ++ * @rem: returns remaining size when TSC is found + * + * Find a TSC packet in @buf and return the TSC value. This function assumes + * that @buf starts at a PSB and that PSB+ will contain TSC and so stops if a +@@ -2493,7 +2488,8 @@ static unsigned char *intel_pt_last_psb(unsigned char *buf, size_t len) + * + * Return: %true if TSC is found, false otherwise. + */ +-static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc) ++static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc, ++ size_t *rem) + { + struct intel_pt_pkt packet; + int ret; +@@ -2504,6 +2500,7 @@ static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc) + return false; + if (packet.type == INTEL_PT_TSC) { + *tsc = packet.payload; ++ *rem = len; + return true; + } + if (packet.type == INTEL_PT_PSBEND) +@@ -2554,6 +2551,8 @@ static int intel_pt_tsc_cmp(uint64_t tsc1, uint64_t tsc2) + * @len_a: size of first buffer + * @buf_b: second buffer + * @len_b: size of second buffer ++ * @consecutive: returns true if there is data in buf_b that is consecutive ++ * to buf_a + * + * If the trace contains TSC we can look at the last TSC of @buf_a and the + * first TSC of @buf_b in order to determine if the buffers overlap, and then +@@ -2566,33 +2565,41 @@ static int intel_pt_tsc_cmp(uint64_t tsc1, uint64_t tsc2) + static unsigned char *intel_pt_find_overlap_tsc(unsigned char *buf_a, + size_t len_a, + unsigned char *buf_b, +- size_t len_b) ++ size_t len_b, bool *consecutive) + { + uint64_t tsc_a, tsc_b; + unsigned char *p; +- size_t len; ++ size_t len, rem_a, rem_b; + + p = intel_pt_last_psb(buf_a, len_a); + if (!p) + return buf_b; /* No PSB in buf_a => no overlap */ + + len = len_a - (p - buf_a); +- if (!intel_pt_next_tsc(p, len, &tsc_a)) { ++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a)) { + /* The last PSB+ in buf_a is incomplete, so go back one more */ + len_a -= len; + p = intel_pt_last_psb(buf_a, len_a); + if (!p) + return buf_b; /* No full PSB+ => assume no overlap */ + len = len_a - (p - buf_a); +- if (!intel_pt_next_tsc(p, len, &tsc_a)) ++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a)) + return buf_b; /* No TSC in buf_a => assume no overlap */ + } + + while (1) { + /* Ignore PSB+ with no TSC */ +- if (intel_pt_next_tsc(buf_b, len_b, &tsc_b) && +- intel_pt_tsc_cmp(tsc_a, tsc_b) < 0) +- return buf_b; /* tsc_a < tsc_b => no overlap */ ++ if (intel_pt_next_tsc(buf_b, len_b, &tsc_b, &rem_b)) { ++ int cmp = intel_pt_tsc_cmp(tsc_a, tsc_b); ++ ++ /* Same TSC, so buffers are consecutive */ ++ if (!cmp && rem_b >= rem_a) { ++ *consecutive = true; ++ return buf_b + len_b - (rem_b - rem_a); ++ } ++ if (cmp < 0) ++ return buf_b; /* tsc_a < tsc_b => no overlap */ ++ } + + if (!intel_pt_step_psb(&buf_b, &len_b)) + return buf_b + len_b; /* No PSB in buf_b => no data */ +@@ -2606,6 +2613,8 @@ static unsigned char *intel_pt_find_overlap_tsc(unsigned char *buf_a, + * @buf_b: second buffer + * @len_b: size of second buffer + * @have_tsc: can use TSC packets to detect overlap ++ * @consecutive: returns true if there is data in buf_b that is consecutive ++ * to buf_a + * + * When trace samples or snapshots are recorded there is the possibility that + * the data overlaps. Note that, for the purposes of decoding, data is only +@@ -2616,7 +2625,7 @@ static unsigned char *intel_pt_find_overlap_tsc(unsigned char *buf_a, + */ + unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + unsigned char *buf_b, size_t len_b, +- bool have_tsc) ++ bool have_tsc, bool *consecutive) + { + unsigned char *found; + +@@ -2628,7 +2637,8 @@ unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + return buf_b; /* No overlap */ + + if (have_tsc) { +- found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b); ++ found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b, ++ consecutive); + if (found) + return found; + } +@@ -2643,28 +2653,16 @@ unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + } + + /* Now len_b >= len_a */ +- if (len_b > len_a) { +- /* The leftover buffer 'b' must start at a PSB */ +- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) { +- if (!intel_pt_step_psb(&buf_a, &len_a)) +- return buf_b; /* No overlap */ +- } +- } +- + while (1) { + /* Potential overlap so check the bytes */ + found = memmem(buf_a, len_a, buf_b, len_a); +- if (found) ++ if (found) { ++ *consecutive = true; + return buf_b + len_a; ++ } + + /* Try again at next PSB in buffer 'a' */ + if (!intel_pt_step_psb(&buf_a, &len_a)) + return buf_b; /* No overlap */ +- +- /* The leftover buffer 'b' must start at a PSB */ +- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) { +- if (!intel_pt_step_psb(&buf_a, &len_a)) +- return buf_b; /* No overlap */ +- } + } + } +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h +index 921b22e8ca0e..fc1752d50019 100644 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h +@@ -117,7 +117,7 @@ const struct intel_pt_state *intel_pt_decode(struct intel_pt_decoder *decoder); + + unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + unsigned char *buf_b, size_t len_b, +- bool have_tsc); ++ bool have_tsc, bool *consecutive); + + int intel_pt__strerror(int code, char *buf, size_t buflen); + +diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c +index b58f9fd1e2ee..d9573c1fa555 100644 +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -145,6 +145,7 @@ struct intel_pt_queue { + bool stop; + bool step_through_buffers; + bool use_buffer_pid_tid; ++ bool sync_switch; + pid_t pid, tid; + int cpu; + int switch_state; +@@ -209,14 +210,17 @@ static void intel_pt_dump_event(struct intel_pt *pt, unsigned char *buf, + static int intel_pt_do_fix_overlap(struct intel_pt *pt, struct auxtrace_buffer *a, + struct auxtrace_buffer *b) + { ++ bool consecutive = false; + void *start; + + start = intel_pt_find_overlap(a->data, a->size, b->data, b->size, +- pt->have_tsc); ++ pt->have_tsc, &consecutive); + if (!start) + return -EINVAL; + b->use_size = b->data + b->size - start; + b->use_data = start; ++ if (b->use_size && consecutive) ++ b->consecutive = true; + return 0; + } + +@@ -962,10 +966,12 @@ static int intel_pt_setup_queue(struct intel_pt *pt, + if (pt->timeless_decoding || !pt->have_sched_switch) + ptq->use_buffer_pid_tid = true; + } ++ ++ ptq->sync_switch = pt->sync_switch; + } + + if (!ptq->on_heap && +- (!pt->sync_switch || ++ (!ptq->sync_switch || + ptq->switch_state != INTEL_PT_SS_EXPECTING_SWITCH_EVENT)) { + const struct intel_pt_state *state; + int ret; +@@ -1549,7 +1555,7 @@ static int intel_pt_sample(struct intel_pt_queue *ptq) + if (pt->synth_opts.last_branch) + intel_pt_update_last_branch_rb(ptq); + +- if (!pt->sync_switch) ++ if (!ptq->sync_switch) + return 0; + + if (intel_pt_is_switch_ip(ptq, state->to_ip)) { +@@ -1630,6 +1636,21 @@ static u64 intel_pt_switch_ip(struct intel_pt *pt, u64 *ptss_ip) + return switch_ip; + } + ++static void intel_pt_enable_sync_switch(struct intel_pt *pt) ++{ ++ unsigned int i; ++ ++ pt->sync_switch = true; ++ ++ for (i = 0; i < pt->queues.nr_queues; i++) { ++ struct auxtrace_queue *queue = &pt->queues.queue_array[i]; ++ struct intel_pt_queue *ptq = queue->priv; ++ ++ if (ptq) ++ ptq->sync_switch = true; ++ } ++} ++ + static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp) + { + const struct intel_pt_state *state = ptq->state; +@@ -1646,7 +1667,7 @@ static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp) + if (pt->switch_ip) { + intel_pt_log("switch_ip: %"PRIx64" ptss_ip: %"PRIx64"\n", + pt->switch_ip, pt->ptss_ip); +- pt->sync_switch = true; ++ intel_pt_enable_sync_switch(pt); + } + } + } +@@ -1662,9 +1683,9 @@ static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp) + if (state->err) { + if (state->err == INTEL_PT_ERR_NODATA) + return 1; +- if (pt->sync_switch && ++ if (ptq->sync_switch && + state->from_ip >= pt->kernel_start) { +- pt->sync_switch = false; ++ ptq->sync_switch = false; + intel_pt_next_tid(pt, ptq); + } + if (pt->synth_opts.errors) { +@@ -1690,7 +1711,7 @@ static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp) + state->timestamp, state->est_timestamp); + ptq->timestamp = state->est_timestamp; + /* Use estimated TSC in unknown switch state */ +- } else if (pt->sync_switch && ++ } else if (ptq->sync_switch && + ptq->switch_state == INTEL_PT_SS_UNKNOWN && + intel_pt_is_switch_ip(ptq, state->to_ip) && + ptq->next_tid == -1) { +@@ -1837,7 +1858,7 @@ static int intel_pt_sync_switch(struct intel_pt *pt, int cpu, pid_t tid, + return 1; + + ptq = intel_pt_cpu_to_ptq(pt, cpu); +- if (!ptq) ++ if (!ptq || !ptq->sync_switch) + return 1; + + switch (ptq->switch_state) {