commit: c054eed8e07c74be300906a57710035d78899d71 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Tue Jul 17 16:18:10 2018 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Tue Jul 17 16:18:10 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c054eed8
Linux patch 4.17.7 0000_README | 4 + 1006_linux-4.17.7.patch | 4347 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 4351 insertions(+) diff --git a/0000_README b/0000_README index b414442..a165e9a 100644 --- a/0000_README +++ b/0000_README @@ -67,6 +67,10 @@ Patch: 1005_linux-4.17.6.patch From: http://www.kernel.org Desc: Linux 4.17.6 +Patch: 1006_linux-4.17.7.patch +From: http://www.kernel.org +Desc: Linux 4.17.7 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1006_linux-4.17.7.patch b/1006_linux-4.17.7.patch new file mode 100644 index 0000000..2f4965d --- /dev/null +++ b/1006_linux-4.17.7.patch @@ -0,0 +1,4347 @@ +diff --git a/Documentation/kbuild/kbuild.txt b/Documentation/kbuild/kbuild.txt +index 6c9c69ec3986..0fa16b461256 100644 +--- a/Documentation/kbuild/kbuild.txt ++++ b/Documentation/kbuild/kbuild.txt +@@ -148,15 +148,6 @@ stripped after they are installed. If INSTALL_MOD_STRIP is '1', then + the default option --strip-debug will be used. Otherwise, + INSTALL_MOD_STRIP value will be used as the options to the strip command. + +-INSTALL_FW_PATH +--------------------------------------------------- +-INSTALL_FW_PATH specifies where to install the firmware blobs. +-The default value is: +- +- $(INSTALL_MOD_PATH)/lib/firmware +- +-The value can be overridden in which case the default value is ignored. +- + INSTALL_HDR_PATH + -------------------------------------------------- + INSTALL_HDR_PATH specifies where to install user space headers when +diff --git a/Makefile b/Makefile +index 1a885c8f82ef..5c9f331f29c0 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 17 +-SUBLEVEL = 6 ++SUBLEVEL = 7 + EXTRAVERSION = + NAME = Merciless Moray + +diff --git a/arch/arm/boot/dts/armada-38x.dtsi b/arch/arm/boot/dts/armada-38x.dtsi +index 4cc09e43eea2..e8309ecc32b9 100644 +--- a/arch/arm/boot/dts/armada-38x.dtsi ++++ b/arch/arm/boot/dts/armada-38x.dtsi +@@ -547,7 +547,7 @@ + + thermal: thermal@e8078 { + compatible = "marvell,armada380-thermal"; +- reg = <0xe4078 0x4>, <0xe4074 0x4>; ++ reg = <0xe4078 0x4>, <0xe4070 0x8>; + status = "okay"; + }; + +diff --git a/arch/arm64/include/asm/simd.h b/arch/arm64/include/asm/simd.h +index fa8b3fe932e6..6495cc51246f 100644 +--- a/arch/arm64/include/asm/simd.h ++++ b/arch/arm64/include/asm/simd.h +@@ -29,20 +29,15 @@ DECLARE_PER_CPU(bool, kernel_neon_busy); + static __must_check inline bool may_use_simd(void) + { + /* +- * The raw_cpu_read() is racy if called with preemption enabled. +- * This is not a bug: kernel_neon_busy is only set when +- * preemption is disabled, so we cannot migrate to another CPU +- * while it is set, nor can we migrate to a CPU where it is set. +- * So, if we find it clear on some CPU then we're guaranteed to +- * find it clear on any CPU we could migrate to. +- * +- * If we are in between kernel_neon_begin()...kernel_neon_end(), +- * the flag will be set, but preemption is also disabled, so we +- * can't migrate to another CPU and spuriously see it become +- * false. ++ * kernel_neon_busy is only set while preemption is disabled, ++ * and is clear whenever preemption is enabled. Since ++ * this_cpu_read() is atomic w.r.t. preemption, kernel_neon_busy ++ * cannot change under our feet -- if it's set we cannot be ++ * migrated, and if it's clear we cannot be migrated to a CPU ++ * where it is set. + */ + return !in_irq() && !irqs_disabled() && !in_nmi() && +- !raw_cpu_read(kernel_neon_busy); ++ !this_cpu_read(kernel_neon_busy); + } + + #else /* ! CONFIG_KERNEL_MODE_NEON */ +diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c +index 3775a8d694fb..d4c59d9dca5b 100644 +--- a/arch/mips/kernel/process.c ++++ b/arch/mips/kernel/process.c +@@ -29,6 +29,7 @@ + #include <linux/kallsyms.h> + #include <linux/random.h> + #include <linux/prctl.h> ++#include <linux/nmi.h> + + #include <asm/asm.h> + #include <asm/bootinfo.h> +@@ -655,28 +656,42 @@ unsigned long arch_align_stack(unsigned long sp) + return sp & ALMASK; + } + +-static void arch_dump_stack(void *info) ++static DEFINE_PER_CPU(call_single_data_t, backtrace_csd); ++static struct cpumask backtrace_csd_busy; ++ ++static void handle_backtrace(void *info) + { +- struct pt_regs *regs; ++ nmi_cpu_backtrace(get_irq_regs()); ++ cpumask_clear_cpu(smp_processor_id(), &backtrace_csd_busy); ++} + +- regs = get_irq_regs(); ++static void raise_backtrace(cpumask_t *mask) ++{ ++ call_single_data_t *csd; ++ int cpu; + +- if (regs) +- show_regs(regs); ++ for_each_cpu(cpu, mask) { ++ /* ++ * If we previously sent an IPI to the target CPU & it hasn't ++ * cleared its bit in the busy cpumask then it didn't handle ++ * our previous IPI & it's not safe for us to reuse the ++ * call_single_data_t. ++ */ ++ if (cpumask_test_and_set_cpu(cpu, &backtrace_csd_busy)) { ++ pr_warn("Unable to send backtrace IPI to CPU%u - perhaps it hung?\n", ++ cpu); ++ continue; ++ } + +- dump_stack(); ++ csd = &per_cpu(backtrace_csd, cpu); ++ csd->func = handle_backtrace; ++ smp_call_function_single_async(cpu, csd); ++ } + } + + void arch_trigger_cpumask_backtrace(const cpumask_t *mask, bool exclude_self) + { +- long this_cpu = get_cpu(); +- +- if (cpumask_test_cpu(this_cpu, mask) && !exclude_self) +- dump_stack(); +- +- smp_call_function_many(mask, arch_dump_stack, NULL, 1); +- +- put_cpu(); ++ nmi_trigger_cpumask_backtrace(mask, exclude_self, raise_backtrace); + } + + int mips_get_process_fp_mode(struct task_struct *task) +diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c +index 967e9e4e795e..a91777630045 100644 +--- a/arch/mips/kernel/traps.c ++++ b/arch/mips/kernel/traps.c +@@ -351,6 +351,7 @@ static void __show_regs(const struct pt_regs *regs) + void show_regs(struct pt_regs *regs) + { + __show_regs((struct pt_regs *)regs); ++ dump_stack(); + } + + void show_registers(struct pt_regs *regs) +diff --git a/arch/mips/mm/ioremap.c b/arch/mips/mm/ioremap.c +index 1986e09fb457..1601d90b087b 100644 +--- a/arch/mips/mm/ioremap.c ++++ b/arch/mips/mm/ioremap.c +@@ -9,6 +9,7 @@ + #include <linux/export.h> + #include <asm/addrspace.h> + #include <asm/byteorder.h> ++#include <linux/ioport.h> + #include <linux/sched.h> + #include <linux/slab.h> + #include <linux/vmalloc.h> +@@ -98,6 +99,20 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, + return error; + } + ++static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, ++ void *arg) ++{ ++ unsigned long i; ++ ++ for (i = 0; i < nr_pages; i++) { ++ if (pfn_valid(start_pfn + i) && ++ !PageReserved(pfn_to_page(start_pfn + i))) ++ return 1; ++ } ++ ++ return 0; ++} ++ + /* + * Generic mapping function (not visible outside): + */ +@@ -116,8 +131,8 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, + + void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long flags) + { ++ unsigned long offset, pfn, last_pfn; + struct vm_struct * area; +- unsigned long offset; + phys_addr_t last_addr; + void * addr; + +@@ -137,18 +152,16 @@ void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long + return (void __iomem *) CKSEG1ADDR(phys_addr); + + /* +- * Don't allow anybody to remap normal RAM that we're using.. ++ * Don't allow anybody to remap RAM that may be allocated by the page ++ * allocator, since that could lead to races & data clobbering. + */ +- if (phys_addr < virt_to_phys(high_memory)) { +- char *t_addr, *t_end; +- struct page *page; +- +- t_addr = __va(phys_addr); +- t_end = t_addr + (size - 1); +- +- for(page = virt_to_page(t_addr); page <= virt_to_page(t_end); page++) +- if(!PageReserved(page)) +- return NULL; ++ pfn = PFN_DOWN(phys_addr); ++ last_pfn = PFN_DOWN(last_addr); ++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL, ++ __ioremap_check_ram) == 1) { ++ WARN_ONCE(1, "ioremap on RAM at %pa - %pa\n", ++ &phys_addr, &last_addr); ++ return NULL; + } + + /* +diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile +index 5f07333bb224..9c903a420cda 100644 +--- a/arch/x86/crypto/Makefile ++++ b/arch/x86/crypto/Makefile +@@ -15,7 +15,6 @@ obj-$(CONFIG_CRYPTO_GLUE_HELPER_X86) += glue_helper.o + + obj-$(CONFIG_CRYPTO_AES_586) += aes-i586.o + obj-$(CONFIG_CRYPTO_TWOFISH_586) += twofish-i586.o +-obj-$(CONFIG_CRYPTO_SALSA20_586) += salsa20-i586.o + obj-$(CONFIG_CRYPTO_SERPENT_SSE2_586) += serpent-sse2-i586.o + + obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o +@@ -24,7 +23,6 @@ obj-$(CONFIG_CRYPTO_CAMELLIA_X86_64) += camellia-x86_64.o + obj-$(CONFIG_CRYPTO_BLOWFISH_X86_64) += blowfish-x86_64.o + obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o + obj-$(CONFIG_CRYPTO_TWOFISH_X86_64_3WAY) += twofish-x86_64-3way.o +-obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o + obj-$(CONFIG_CRYPTO_CHACHA20_X86_64) += chacha20-x86_64.o + obj-$(CONFIG_CRYPTO_SERPENT_SSE2_X86_64) += serpent-sse2-x86_64.o + obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o +@@ -59,7 +57,6 @@ endif + + aes-i586-y := aes-i586-asm_32.o aes_glue.o + twofish-i586-y := twofish-i586-asm_32.o twofish_glue.o +-salsa20-i586-y := salsa20-i586-asm_32.o salsa20_glue.o + serpent-sse2-i586-y := serpent-sse2-i586-asm_32.o serpent_sse2_glue.o + + aes-x86_64-y := aes-x86_64-asm_64.o aes_glue.o +@@ -68,7 +65,6 @@ camellia-x86_64-y := camellia-x86_64-asm_64.o camellia_glue.o + blowfish-x86_64-y := blowfish-x86_64-asm_64.o blowfish_glue.o + twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o + twofish-x86_64-3way-y := twofish-x86_64-asm_64-3way.o twofish_glue_3way.o +-salsa20-x86_64-y := salsa20-x86_64-asm_64.o salsa20_glue.o + chacha20-x86_64-y := chacha20-ssse3-x86_64.o chacha20_glue.o + serpent-sse2-x86_64-y := serpent-sse2-x86_64-asm_64.o serpent_sse2_glue.o + +diff --git a/arch/x86/crypto/salsa20-i586-asm_32.S b/arch/x86/crypto/salsa20-i586-asm_32.S +deleted file mode 100644 +index 6014b7b9e52a..000000000000 +--- a/arch/x86/crypto/salsa20-i586-asm_32.S ++++ /dev/null +@@ -1,938 +0,0 @@ +-# Derived from: +-# salsa20_pm.s version 20051229 +-# D. J. Bernstein +-# Public domain. +- +-#include <linux/linkage.h> +- +-.text +- +-# enter salsa20_encrypt_bytes +-ENTRY(salsa20_encrypt_bytes) +- mov %esp,%eax +- and $31,%eax +- add $256,%eax +- sub %eax,%esp +- # eax_stack = eax +- movl %eax,80(%esp) +- # ebx_stack = ebx +- movl %ebx,84(%esp) +- # esi_stack = esi +- movl %esi,88(%esp) +- # edi_stack = edi +- movl %edi,92(%esp) +- # ebp_stack = ebp +- movl %ebp,96(%esp) +- # x = arg1 +- movl 4(%esp,%eax),%edx +- # m = arg2 +- movl 8(%esp,%eax),%esi +- # out = arg3 +- movl 12(%esp,%eax),%edi +- # bytes = arg4 +- movl 16(%esp,%eax),%ebx +- # bytes -= 0 +- sub $0,%ebx +- # goto done if unsigned<= +- jbe ._done +-._start: +- # in0 = *(uint32 *) (x + 0) +- movl 0(%edx),%eax +- # in1 = *(uint32 *) (x + 4) +- movl 4(%edx),%ecx +- # in2 = *(uint32 *) (x + 8) +- movl 8(%edx),%ebp +- # j0 = in0 +- movl %eax,164(%esp) +- # in3 = *(uint32 *) (x + 12) +- movl 12(%edx),%eax +- # j1 = in1 +- movl %ecx,168(%esp) +- # in4 = *(uint32 *) (x + 16) +- movl 16(%edx),%ecx +- # j2 = in2 +- movl %ebp,172(%esp) +- # in5 = *(uint32 *) (x + 20) +- movl 20(%edx),%ebp +- # j3 = in3 +- movl %eax,176(%esp) +- # in6 = *(uint32 *) (x + 24) +- movl 24(%edx),%eax +- # j4 = in4 +- movl %ecx,180(%esp) +- # in7 = *(uint32 *) (x + 28) +- movl 28(%edx),%ecx +- # j5 = in5 +- movl %ebp,184(%esp) +- # in8 = *(uint32 *) (x + 32) +- movl 32(%edx),%ebp +- # j6 = in6 +- movl %eax,188(%esp) +- # in9 = *(uint32 *) (x + 36) +- movl 36(%edx),%eax +- # j7 = in7 +- movl %ecx,192(%esp) +- # in10 = *(uint32 *) (x + 40) +- movl 40(%edx),%ecx +- # j8 = in8 +- movl %ebp,196(%esp) +- # in11 = *(uint32 *) (x + 44) +- movl 44(%edx),%ebp +- # j9 = in9 +- movl %eax,200(%esp) +- # in12 = *(uint32 *) (x + 48) +- movl 48(%edx),%eax +- # j10 = in10 +- movl %ecx,204(%esp) +- # in13 = *(uint32 *) (x + 52) +- movl 52(%edx),%ecx +- # j11 = in11 +- movl %ebp,208(%esp) +- # in14 = *(uint32 *) (x + 56) +- movl 56(%edx),%ebp +- # j12 = in12 +- movl %eax,212(%esp) +- # in15 = *(uint32 *) (x + 60) +- movl 60(%edx),%eax +- # j13 = in13 +- movl %ecx,216(%esp) +- # j14 = in14 +- movl %ebp,220(%esp) +- # j15 = in15 +- movl %eax,224(%esp) +- # x_backup = x +- movl %edx,64(%esp) +-._bytesatleast1: +- # bytes - 64 +- cmp $64,%ebx +- # goto nocopy if unsigned>= +- jae ._nocopy +- # ctarget = out +- movl %edi,228(%esp) +- # out = &tmp +- leal 0(%esp),%edi +- # i = bytes +- mov %ebx,%ecx +- # while (i) { *out++ = *m++; --i } +- rep movsb +- # out = &tmp +- leal 0(%esp),%edi +- # m = &tmp +- leal 0(%esp),%esi +-._nocopy: +- # out_backup = out +- movl %edi,72(%esp) +- # m_backup = m +- movl %esi,68(%esp) +- # bytes_backup = bytes +- movl %ebx,76(%esp) +- # in0 = j0 +- movl 164(%esp),%eax +- # in1 = j1 +- movl 168(%esp),%ecx +- # in2 = j2 +- movl 172(%esp),%edx +- # in3 = j3 +- movl 176(%esp),%ebx +- # x0 = in0 +- movl %eax,100(%esp) +- # x1 = in1 +- movl %ecx,104(%esp) +- # x2 = in2 +- movl %edx,108(%esp) +- # x3 = in3 +- movl %ebx,112(%esp) +- # in4 = j4 +- movl 180(%esp),%eax +- # in5 = j5 +- movl 184(%esp),%ecx +- # in6 = j6 +- movl 188(%esp),%edx +- # in7 = j7 +- movl 192(%esp),%ebx +- # x4 = in4 +- movl %eax,116(%esp) +- # x5 = in5 +- movl %ecx,120(%esp) +- # x6 = in6 +- movl %edx,124(%esp) +- # x7 = in7 +- movl %ebx,128(%esp) +- # in8 = j8 +- movl 196(%esp),%eax +- # in9 = j9 +- movl 200(%esp),%ecx +- # in10 = j10 +- movl 204(%esp),%edx +- # in11 = j11 +- movl 208(%esp),%ebx +- # x8 = in8 +- movl %eax,132(%esp) +- # x9 = in9 +- movl %ecx,136(%esp) +- # x10 = in10 +- movl %edx,140(%esp) +- # x11 = in11 +- movl %ebx,144(%esp) +- # in12 = j12 +- movl 212(%esp),%eax +- # in13 = j13 +- movl 216(%esp),%ecx +- # in14 = j14 +- movl 220(%esp),%edx +- # in15 = j15 +- movl 224(%esp),%ebx +- # x12 = in12 +- movl %eax,148(%esp) +- # x13 = in13 +- movl %ecx,152(%esp) +- # x14 = in14 +- movl %edx,156(%esp) +- # x15 = in15 +- movl %ebx,160(%esp) +- # i = 20 +- mov $20,%ebp +- # p = x0 +- movl 100(%esp),%eax +- # s = x5 +- movl 120(%esp),%ecx +- # t = x10 +- movl 140(%esp),%edx +- # w = x15 +- movl 160(%esp),%ebx +-._mainloop: +- # x0 = p +- movl %eax,100(%esp) +- # x10 = t +- movl %edx,140(%esp) +- # p += x12 +- addl 148(%esp),%eax +- # x5 = s +- movl %ecx,120(%esp) +- # t += x6 +- addl 124(%esp),%edx +- # x15 = w +- movl %ebx,160(%esp) +- # r = x1 +- movl 104(%esp),%esi +- # r += s +- add %ecx,%esi +- # v = x11 +- movl 144(%esp),%edi +- # v += w +- add %ebx,%edi +- # p <<<= 7 +- rol $7,%eax +- # p ^= x4 +- xorl 116(%esp),%eax +- # t <<<= 7 +- rol $7,%edx +- # t ^= x14 +- xorl 156(%esp),%edx +- # r <<<= 7 +- rol $7,%esi +- # r ^= x9 +- xorl 136(%esp),%esi +- # v <<<= 7 +- rol $7,%edi +- # v ^= x3 +- xorl 112(%esp),%edi +- # x4 = p +- movl %eax,116(%esp) +- # x14 = t +- movl %edx,156(%esp) +- # p += x0 +- addl 100(%esp),%eax +- # x9 = r +- movl %esi,136(%esp) +- # t += x10 +- addl 140(%esp),%edx +- # x3 = v +- movl %edi,112(%esp) +- # p <<<= 9 +- rol $9,%eax +- # p ^= x8 +- xorl 132(%esp),%eax +- # t <<<= 9 +- rol $9,%edx +- # t ^= x2 +- xorl 108(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 9 +- rol $9,%ecx +- # s ^= x13 +- xorl 152(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 9 +- rol $9,%ebx +- # w ^= x7 +- xorl 128(%esp),%ebx +- # x8 = p +- movl %eax,132(%esp) +- # x2 = t +- movl %edx,108(%esp) +- # p += x4 +- addl 116(%esp),%eax +- # x13 = s +- movl %ecx,152(%esp) +- # t += x14 +- addl 156(%esp),%edx +- # x7 = w +- movl %ebx,128(%esp) +- # p <<<= 13 +- rol $13,%eax +- # p ^= x12 +- xorl 148(%esp),%eax +- # t <<<= 13 +- rol $13,%edx +- # t ^= x6 +- xorl 124(%esp),%edx +- # r += s +- add %ecx,%esi +- # r <<<= 13 +- rol $13,%esi +- # r ^= x1 +- xorl 104(%esp),%esi +- # v += w +- add %ebx,%edi +- # v <<<= 13 +- rol $13,%edi +- # v ^= x11 +- xorl 144(%esp),%edi +- # x12 = p +- movl %eax,148(%esp) +- # x6 = t +- movl %edx,124(%esp) +- # p += x8 +- addl 132(%esp),%eax +- # x1 = r +- movl %esi,104(%esp) +- # t += x2 +- addl 108(%esp),%edx +- # x11 = v +- movl %edi,144(%esp) +- # p <<<= 18 +- rol $18,%eax +- # p ^= x0 +- xorl 100(%esp),%eax +- # t <<<= 18 +- rol $18,%edx +- # t ^= x10 +- xorl 140(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 18 +- rol $18,%ecx +- # s ^= x5 +- xorl 120(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 18 +- rol $18,%ebx +- # w ^= x15 +- xorl 160(%esp),%ebx +- # x0 = p +- movl %eax,100(%esp) +- # x10 = t +- movl %edx,140(%esp) +- # p += x3 +- addl 112(%esp),%eax +- # p <<<= 7 +- rol $7,%eax +- # x5 = s +- movl %ecx,120(%esp) +- # t += x9 +- addl 136(%esp),%edx +- # x15 = w +- movl %ebx,160(%esp) +- # r = x4 +- movl 116(%esp),%esi +- # r += s +- add %ecx,%esi +- # v = x14 +- movl 156(%esp),%edi +- # v += w +- add %ebx,%edi +- # p ^= x1 +- xorl 104(%esp),%eax +- # t <<<= 7 +- rol $7,%edx +- # t ^= x11 +- xorl 144(%esp),%edx +- # r <<<= 7 +- rol $7,%esi +- # r ^= x6 +- xorl 124(%esp),%esi +- # v <<<= 7 +- rol $7,%edi +- # v ^= x12 +- xorl 148(%esp),%edi +- # x1 = p +- movl %eax,104(%esp) +- # x11 = t +- movl %edx,144(%esp) +- # p += x0 +- addl 100(%esp),%eax +- # x6 = r +- movl %esi,124(%esp) +- # t += x10 +- addl 140(%esp),%edx +- # x12 = v +- movl %edi,148(%esp) +- # p <<<= 9 +- rol $9,%eax +- # p ^= x2 +- xorl 108(%esp),%eax +- # t <<<= 9 +- rol $9,%edx +- # t ^= x8 +- xorl 132(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 9 +- rol $9,%ecx +- # s ^= x7 +- xorl 128(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 9 +- rol $9,%ebx +- # w ^= x13 +- xorl 152(%esp),%ebx +- # x2 = p +- movl %eax,108(%esp) +- # x8 = t +- movl %edx,132(%esp) +- # p += x1 +- addl 104(%esp),%eax +- # x7 = s +- movl %ecx,128(%esp) +- # t += x11 +- addl 144(%esp),%edx +- # x13 = w +- movl %ebx,152(%esp) +- # p <<<= 13 +- rol $13,%eax +- # p ^= x3 +- xorl 112(%esp),%eax +- # t <<<= 13 +- rol $13,%edx +- # t ^= x9 +- xorl 136(%esp),%edx +- # r += s +- add %ecx,%esi +- # r <<<= 13 +- rol $13,%esi +- # r ^= x4 +- xorl 116(%esp),%esi +- # v += w +- add %ebx,%edi +- # v <<<= 13 +- rol $13,%edi +- # v ^= x14 +- xorl 156(%esp),%edi +- # x3 = p +- movl %eax,112(%esp) +- # x9 = t +- movl %edx,136(%esp) +- # p += x2 +- addl 108(%esp),%eax +- # x4 = r +- movl %esi,116(%esp) +- # t += x8 +- addl 132(%esp),%edx +- # x14 = v +- movl %edi,156(%esp) +- # p <<<= 18 +- rol $18,%eax +- # p ^= x0 +- xorl 100(%esp),%eax +- # t <<<= 18 +- rol $18,%edx +- # t ^= x10 +- xorl 140(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 18 +- rol $18,%ecx +- # s ^= x5 +- xorl 120(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 18 +- rol $18,%ebx +- # w ^= x15 +- xorl 160(%esp),%ebx +- # x0 = p +- movl %eax,100(%esp) +- # x10 = t +- movl %edx,140(%esp) +- # p += x12 +- addl 148(%esp),%eax +- # x5 = s +- movl %ecx,120(%esp) +- # t += x6 +- addl 124(%esp),%edx +- # x15 = w +- movl %ebx,160(%esp) +- # r = x1 +- movl 104(%esp),%esi +- # r += s +- add %ecx,%esi +- # v = x11 +- movl 144(%esp),%edi +- # v += w +- add %ebx,%edi +- # p <<<= 7 +- rol $7,%eax +- # p ^= x4 +- xorl 116(%esp),%eax +- # t <<<= 7 +- rol $7,%edx +- # t ^= x14 +- xorl 156(%esp),%edx +- # r <<<= 7 +- rol $7,%esi +- # r ^= x9 +- xorl 136(%esp),%esi +- # v <<<= 7 +- rol $7,%edi +- # v ^= x3 +- xorl 112(%esp),%edi +- # x4 = p +- movl %eax,116(%esp) +- # x14 = t +- movl %edx,156(%esp) +- # p += x0 +- addl 100(%esp),%eax +- # x9 = r +- movl %esi,136(%esp) +- # t += x10 +- addl 140(%esp),%edx +- # x3 = v +- movl %edi,112(%esp) +- # p <<<= 9 +- rol $9,%eax +- # p ^= x8 +- xorl 132(%esp),%eax +- # t <<<= 9 +- rol $9,%edx +- # t ^= x2 +- xorl 108(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 9 +- rol $9,%ecx +- # s ^= x13 +- xorl 152(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 9 +- rol $9,%ebx +- # w ^= x7 +- xorl 128(%esp),%ebx +- # x8 = p +- movl %eax,132(%esp) +- # x2 = t +- movl %edx,108(%esp) +- # p += x4 +- addl 116(%esp),%eax +- # x13 = s +- movl %ecx,152(%esp) +- # t += x14 +- addl 156(%esp),%edx +- # x7 = w +- movl %ebx,128(%esp) +- # p <<<= 13 +- rol $13,%eax +- # p ^= x12 +- xorl 148(%esp),%eax +- # t <<<= 13 +- rol $13,%edx +- # t ^= x6 +- xorl 124(%esp),%edx +- # r += s +- add %ecx,%esi +- # r <<<= 13 +- rol $13,%esi +- # r ^= x1 +- xorl 104(%esp),%esi +- # v += w +- add %ebx,%edi +- # v <<<= 13 +- rol $13,%edi +- # v ^= x11 +- xorl 144(%esp),%edi +- # x12 = p +- movl %eax,148(%esp) +- # x6 = t +- movl %edx,124(%esp) +- # p += x8 +- addl 132(%esp),%eax +- # x1 = r +- movl %esi,104(%esp) +- # t += x2 +- addl 108(%esp),%edx +- # x11 = v +- movl %edi,144(%esp) +- # p <<<= 18 +- rol $18,%eax +- # p ^= x0 +- xorl 100(%esp),%eax +- # t <<<= 18 +- rol $18,%edx +- # t ^= x10 +- xorl 140(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 18 +- rol $18,%ecx +- # s ^= x5 +- xorl 120(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 18 +- rol $18,%ebx +- # w ^= x15 +- xorl 160(%esp),%ebx +- # x0 = p +- movl %eax,100(%esp) +- # x10 = t +- movl %edx,140(%esp) +- # p += x3 +- addl 112(%esp),%eax +- # p <<<= 7 +- rol $7,%eax +- # x5 = s +- movl %ecx,120(%esp) +- # t += x9 +- addl 136(%esp),%edx +- # x15 = w +- movl %ebx,160(%esp) +- # r = x4 +- movl 116(%esp),%esi +- # r += s +- add %ecx,%esi +- # v = x14 +- movl 156(%esp),%edi +- # v += w +- add %ebx,%edi +- # p ^= x1 +- xorl 104(%esp),%eax +- # t <<<= 7 +- rol $7,%edx +- # t ^= x11 +- xorl 144(%esp),%edx +- # r <<<= 7 +- rol $7,%esi +- # r ^= x6 +- xorl 124(%esp),%esi +- # v <<<= 7 +- rol $7,%edi +- # v ^= x12 +- xorl 148(%esp),%edi +- # x1 = p +- movl %eax,104(%esp) +- # x11 = t +- movl %edx,144(%esp) +- # p += x0 +- addl 100(%esp),%eax +- # x6 = r +- movl %esi,124(%esp) +- # t += x10 +- addl 140(%esp),%edx +- # x12 = v +- movl %edi,148(%esp) +- # p <<<= 9 +- rol $9,%eax +- # p ^= x2 +- xorl 108(%esp),%eax +- # t <<<= 9 +- rol $9,%edx +- # t ^= x8 +- xorl 132(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 9 +- rol $9,%ecx +- # s ^= x7 +- xorl 128(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 9 +- rol $9,%ebx +- # w ^= x13 +- xorl 152(%esp),%ebx +- # x2 = p +- movl %eax,108(%esp) +- # x8 = t +- movl %edx,132(%esp) +- # p += x1 +- addl 104(%esp),%eax +- # x7 = s +- movl %ecx,128(%esp) +- # t += x11 +- addl 144(%esp),%edx +- # x13 = w +- movl %ebx,152(%esp) +- # p <<<= 13 +- rol $13,%eax +- # p ^= x3 +- xorl 112(%esp),%eax +- # t <<<= 13 +- rol $13,%edx +- # t ^= x9 +- xorl 136(%esp),%edx +- # r += s +- add %ecx,%esi +- # r <<<= 13 +- rol $13,%esi +- # r ^= x4 +- xorl 116(%esp),%esi +- # v += w +- add %ebx,%edi +- # v <<<= 13 +- rol $13,%edi +- # v ^= x14 +- xorl 156(%esp),%edi +- # x3 = p +- movl %eax,112(%esp) +- # x9 = t +- movl %edx,136(%esp) +- # p += x2 +- addl 108(%esp),%eax +- # x4 = r +- movl %esi,116(%esp) +- # t += x8 +- addl 132(%esp),%edx +- # x14 = v +- movl %edi,156(%esp) +- # p <<<= 18 +- rol $18,%eax +- # p ^= x0 +- xorl 100(%esp),%eax +- # t <<<= 18 +- rol $18,%edx +- # t ^= x10 +- xorl 140(%esp),%edx +- # s += r +- add %esi,%ecx +- # s <<<= 18 +- rol $18,%ecx +- # s ^= x5 +- xorl 120(%esp),%ecx +- # w += v +- add %edi,%ebx +- # w <<<= 18 +- rol $18,%ebx +- # w ^= x15 +- xorl 160(%esp),%ebx +- # i -= 4 +- sub $4,%ebp +- # goto mainloop if unsigned > +- ja ._mainloop +- # x0 = p +- movl %eax,100(%esp) +- # x5 = s +- movl %ecx,120(%esp) +- # x10 = t +- movl %edx,140(%esp) +- # x15 = w +- movl %ebx,160(%esp) +- # out = out_backup +- movl 72(%esp),%edi +- # m = m_backup +- movl 68(%esp),%esi +- # in0 = x0 +- movl 100(%esp),%eax +- # in1 = x1 +- movl 104(%esp),%ecx +- # in0 += j0 +- addl 164(%esp),%eax +- # in1 += j1 +- addl 168(%esp),%ecx +- # in0 ^= *(uint32 *) (m + 0) +- xorl 0(%esi),%eax +- # in1 ^= *(uint32 *) (m + 4) +- xorl 4(%esi),%ecx +- # *(uint32 *) (out + 0) = in0 +- movl %eax,0(%edi) +- # *(uint32 *) (out + 4) = in1 +- movl %ecx,4(%edi) +- # in2 = x2 +- movl 108(%esp),%eax +- # in3 = x3 +- movl 112(%esp),%ecx +- # in2 += j2 +- addl 172(%esp),%eax +- # in3 += j3 +- addl 176(%esp),%ecx +- # in2 ^= *(uint32 *) (m + 8) +- xorl 8(%esi),%eax +- # in3 ^= *(uint32 *) (m + 12) +- xorl 12(%esi),%ecx +- # *(uint32 *) (out + 8) = in2 +- movl %eax,8(%edi) +- # *(uint32 *) (out + 12) = in3 +- movl %ecx,12(%edi) +- # in4 = x4 +- movl 116(%esp),%eax +- # in5 = x5 +- movl 120(%esp),%ecx +- # in4 += j4 +- addl 180(%esp),%eax +- # in5 += j5 +- addl 184(%esp),%ecx +- # in4 ^= *(uint32 *) (m + 16) +- xorl 16(%esi),%eax +- # in5 ^= *(uint32 *) (m + 20) +- xorl 20(%esi),%ecx +- # *(uint32 *) (out + 16) = in4 +- movl %eax,16(%edi) +- # *(uint32 *) (out + 20) = in5 +- movl %ecx,20(%edi) +- # in6 = x6 +- movl 124(%esp),%eax +- # in7 = x7 +- movl 128(%esp),%ecx +- # in6 += j6 +- addl 188(%esp),%eax +- # in7 += j7 +- addl 192(%esp),%ecx +- # in6 ^= *(uint32 *) (m + 24) +- xorl 24(%esi),%eax +- # in7 ^= *(uint32 *) (m + 28) +- xorl 28(%esi),%ecx +- # *(uint32 *) (out + 24) = in6 +- movl %eax,24(%edi) +- # *(uint32 *) (out + 28) = in7 +- movl %ecx,28(%edi) +- # in8 = x8 +- movl 132(%esp),%eax +- # in9 = x9 +- movl 136(%esp),%ecx +- # in8 += j8 +- addl 196(%esp),%eax +- # in9 += j9 +- addl 200(%esp),%ecx +- # in8 ^= *(uint32 *) (m + 32) +- xorl 32(%esi),%eax +- # in9 ^= *(uint32 *) (m + 36) +- xorl 36(%esi),%ecx +- # *(uint32 *) (out + 32) = in8 +- movl %eax,32(%edi) +- # *(uint32 *) (out + 36) = in9 +- movl %ecx,36(%edi) +- # in10 = x10 +- movl 140(%esp),%eax +- # in11 = x11 +- movl 144(%esp),%ecx +- # in10 += j10 +- addl 204(%esp),%eax +- # in11 += j11 +- addl 208(%esp),%ecx +- # in10 ^= *(uint32 *) (m + 40) +- xorl 40(%esi),%eax +- # in11 ^= *(uint32 *) (m + 44) +- xorl 44(%esi),%ecx +- # *(uint32 *) (out + 40) = in10 +- movl %eax,40(%edi) +- # *(uint32 *) (out + 44) = in11 +- movl %ecx,44(%edi) +- # in12 = x12 +- movl 148(%esp),%eax +- # in13 = x13 +- movl 152(%esp),%ecx +- # in12 += j12 +- addl 212(%esp),%eax +- # in13 += j13 +- addl 216(%esp),%ecx +- # in12 ^= *(uint32 *) (m + 48) +- xorl 48(%esi),%eax +- # in13 ^= *(uint32 *) (m + 52) +- xorl 52(%esi),%ecx +- # *(uint32 *) (out + 48) = in12 +- movl %eax,48(%edi) +- # *(uint32 *) (out + 52) = in13 +- movl %ecx,52(%edi) +- # in14 = x14 +- movl 156(%esp),%eax +- # in15 = x15 +- movl 160(%esp),%ecx +- # in14 += j14 +- addl 220(%esp),%eax +- # in15 += j15 +- addl 224(%esp),%ecx +- # in14 ^= *(uint32 *) (m + 56) +- xorl 56(%esi),%eax +- # in15 ^= *(uint32 *) (m + 60) +- xorl 60(%esi),%ecx +- # *(uint32 *) (out + 56) = in14 +- movl %eax,56(%edi) +- # *(uint32 *) (out + 60) = in15 +- movl %ecx,60(%edi) +- # bytes = bytes_backup +- movl 76(%esp),%ebx +- # in8 = j8 +- movl 196(%esp),%eax +- # in9 = j9 +- movl 200(%esp),%ecx +- # in8 += 1 +- add $1,%eax +- # in9 += 0 + carry +- adc $0,%ecx +- # j8 = in8 +- movl %eax,196(%esp) +- # j9 = in9 +- movl %ecx,200(%esp) +- # bytes - 64 +- cmp $64,%ebx +- # goto bytesatleast65 if unsigned> +- ja ._bytesatleast65 +- # goto bytesatleast64 if unsigned>= +- jae ._bytesatleast64 +- # m = out +- mov %edi,%esi +- # out = ctarget +- movl 228(%esp),%edi +- # i = bytes +- mov %ebx,%ecx +- # while (i) { *out++ = *m++; --i } +- rep movsb +-._bytesatleast64: +- # x = x_backup +- movl 64(%esp),%eax +- # in8 = j8 +- movl 196(%esp),%ecx +- # in9 = j9 +- movl 200(%esp),%edx +- # *(uint32 *) (x + 32) = in8 +- movl %ecx,32(%eax) +- # *(uint32 *) (x + 36) = in9 +- movl %edx,36(%eax) +-._done: +- # eax = eax_stack +- movl 80(%esp),%eax +- # ebx = ebx_stack +- movl 84(%esp),%ebx +- # esi = esi_stack +- movl 88(%esp),%esi +- # edi = edi_stack +- movl 92(%esp),%edi +- # ebp = ebp_stack +- movl 96(%esp),%ebp +- # leave +- add %eax,%esp +- ret +-._bytesatleast65: +- # bytes -= 64 +- sub $64,%ebx +- # out += 64 +- add $64,%edi +- # m += 64 +- add $64,%esi +- # goto bytesatleast1 +- jmp ._bytesatleast1 +-ENDPROC(salsa20_encrypt_bytes) +diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S +deleted file mode 100644 +index 03a4918f41ee..000000000000 +--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S ++++ /dev/null +@@ -1,805 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#include <linux/linkage.h> +- +-# enter salsa20_encrypt_bytes +-ENTRY(salsa20_encrypt_bytes) +- mov %rsp,%r11 +- and $31,%r11 +- add $256,%r11 +- sub %r11,%rsp +- # x = arg1 +- mov %rdi,%r8 +- # m = arg2 +- mov %rsi,%rsi +- # out = arg3 +- mov %rdx,%rdi +- # bytes = arg4 +- mov %rcx,%rdx +- # unsigned>? bytes - 0 +- cmp $0,%rdx +- # comment:fp stack unchanged by jump +- # goto done if !unsigned> +- jbe ._done +- # comment:fp stack unchanged by fallthrough +-# start: +-._start: +- # r11_stack = r11 +- movq %r11,0(%rsp) +- # r12_stack = r12 +- movq %r12,8(%rsp) +- # r13_stack = r13 +- movq %r13,16(%rsp) +- # r14_stack = r14 +- movq %r14,24(%rsp) +- # r15_stack = r15 +- movq %r15,32(%rsp) +- # rbx_stack = rbx +- movq %rbx,40(%rsp) +- # rbp_stack = rbp +- movq %rbp,48(%rsp) +- # in0 = *(uint64 *) (x + 0) +- movq 0(%r8),%rcx +- # in2 = *(uint64 *) (x + 8) +- movq 8(%r8),%r9 +- # in4 = *(uint64 *) (x + 16) +- movq 16(%r8),%rax +- # in6 = *(uint64 *) (x + 24) +- movq 24(%r8),%r10 +- # in8 = *(uint64 *) (x + 32) +- movq 32(%r8),%r11 +- # in10 = *(uint64 *) (x + 40) +- movq 40(%r8),%r12 +- # in12 = *(uint64 *) (x + 48) +- movq 48(%r8),%r13 +- # in14 = *(uint64 *) (x + 56) +- movq 56(%r8),%r14 +- # j0 = in0 +- movq %rcx,56(%rsp) +- # j2 = in2 +- movq %r9,64(%rsp) +- # j4 = in4 +- movq %rax,72(%rsp) +- # j6 = in6 +- movq %r10,80(%rsp) +- # j8 = in8 +- movq %r11,88(%rsp) +- # j10 = in10 +- movq %r12,96(%rsp) +- # j12 = in12 +- movq %r13,104(%rsp) +- # j14 = in14 +- movq %r14,112(%rsp) +- # x_backup = x +- movq %r8,120(%rsp) +-# bytesatleast1: +-._bytesatleast1: +- # unsigned<? bytes - 64 +- cmp $64,%rdx +- # comment:fp stack unchanged by jump +- # goto nocopy if !unsigned< +- jae ._nocopy +- # ctarget = out +- movq %rdi,128(%rsp) +- # out = &tmp +- leaq 192(%rsp),%rdi +- # i = bytes +- mov %rdx,%rcx +- # while (i) { *out++ = *m++; --i } +- rep movsb +- # out = &tmp +- leaq 192(%rsp),%rdi +- # m = &tmp +- leaq 192(%rsp),%rsi +- # comment:fp stack unchanged by fallthrough +-# nocopy: +-._nocopy: +- # out_backup = out +- movq %rdi,136(%rsp) +- # m_backup = m +- movq %rsi,144(%rsp) +- # bytes_backup = bytes +- movq %rdx,152(%rsp) +- # x1 = j0 +- movq 56(%rsp),%rdi +- # x0 = x1 +- mov %rdi,%rdx +- # (uint64) x1 >>= 32 +- shr $32,%rdi +- # x3 = j2 +- movq 64(%rsp),%rsi +- # x2 = x3 +- mov %rsi,%rcx +- # (uint64) x3 >>= 32 +- shr $32,%rsi +- # x5 = j4 +- movq 72(%rsp),%r8 +- # x4 = x5 +- mov %r8,%r9 +- # (uint64) x5 >>= 32 +- shr $32,%r8 +- # x5_stack = x5 +- movq %r8,160(%rsp) +- # x7 = j6 +- movq 80(%rsp),%r8 +- # x6 = x7 +- mov %r8,%rax +- # (uint64) x7 >>= 32 +- shr $32,%r8 +- # x9 = j8 +- movq 88(%rsp),%r10 +- # x8 = x9 +- mov %r10,%r11 +- # (uint64) x9 >>= 32 +- shr $32,%r10 +- # x11 = j10 +- movq 96(%rsp),%r12 +- # x10 = x11 +- mov %r12,%r13 +- # x10_stack = x10 +- movq %r13,168(%rsp) +- # (uint64) x11 >>= 32 +- shr $32,%r12 +- # x13 = j12 +- movq 104(%rsp),%r13 +- # x12 = x13 +- mov %r13,%r14 +- # (uint64) x13 >>= 32 +- shr $32,%r13 +- # x15 = j14 +- movq 112(%rsp),%r15 +- # x14 = x15 +- mov %r15,%rbx +- # (uint64) x15 >>= 32 +- shr $32,%r15 +- # x15_stack = x15 +- movq %r15,176(%rsp) +- # i = 20 +- mov $20,%r15 +-# mainloop: +-._mainloop: +- # i_backup = i +- movq %r15,184(%rsp) +- # x5 = x5_stack +- movq 160(%rsp),%r15 +- # a = x12 + x0 +- lea (%r14,%rdx),%rbp +- # (uint32) a <<<= 7 +- rol $7,%ebp +- # x4 ^= a +- xor %rbp,%r9 +- # b = x1 + x5 +- lea (%rdi,%r15),%rbp +- # (uint32) b <<<= 7 +- rol $7,%ebp +- # x9 ^= b +- xor %rbp,%r10 +- # a = x0 + x4 +- lea (%rdx,%r9),%rbp +- # (uint32) a <<<= 9 +- rol $9,%ebp +- # x8 ^= a +- xor %rbp,%r11 +- # b = x5 + x9 +- lea (%r15,%r10),%rbp +- # (uint32) b <<<= 9 +- rol $9,%ebp +- # x13 ^= b +- xor %rbp,%r13 +- # a = x4 + x8 +- lea (%r9,%r11),%rbp +- # (uint32) a <<<= 13 +- rol $13,%ebp +- # x12 ^= a +- xor %rbp,%r14 +- # b = x9 + x13 +- lea (%r10,%r13),%rbp +- # (uint32) b <<<= 13 +- rol $13,%ebp +- # x1 ^= b +- xor %rbp,%rdi +- # a = x8 + x12 +- lea (%r11,%r14),%rbp +- # (uint32) a <<<= 18 +- rol $18,%ebp +- # x0 ^= a +- xor %rbp,%rdx +- # b = x13 + x1 +- lea (%r13,%rdi),%rbp +- # (uint32) b <<<= 18 +- rol $18,%ebp +- # x5 ^= b +- xor %rbp,%r15 +- # x10 = x10_stack +- movq 168(%rsp),%rbp +- # x5_stack = x5 +- movq %r15,160(%rsp) +- # c = x6 + x10 +- lea (%rax,%rbp),%r15 +- # (uint32) c <<<= 7 +- rol $7,%r15d +- # x14 ^= c +- xor %r15,%rbx +- # c = x10 + x14 +- lea (%rbp,%rbx),%r15 +- # (uint32) c <<<= 9 +- rol $9,%r15d +- # x2 ^= c +- xor %r15,%rcx +- # c = x14 + x2 +- lea (%rbx,%rcx),%r15 +- # (uint32) c <<<= 13 +- rol $13,%r15d +- # x6 ^= c +- xor %r15,%rax +- # c = x2 + x6 +- lea (%rcx,%rax),%r15 +- # (uint32) c <<<= 18 +- rol $18,%r15d +- # x10 ^= c +- xor %r15,%rbp +- # x15 = x15_stack +- movq 176(%rsp),%r15 +- # x10_stack = x10 +- movq %rbp,168(%rsp) +- # d = x11 + x15 +- lea (%r12,%r15),%rbp +- # (uint32) d <<<= 7 +- rol $7,%ebp +- # x3 ^= d +- xor %rbp,%rsi +- # d = x15 + x3 +- lea (%r15,%rsi),%rbp +- # (uint32) d <<<= 9 +- rol $9,%ebp +- # x7 ^= d +- xor %rbp,%r8 +- # d = x3 + x7 +- lea (%rsi,%r8),%rbp +- # (uint32) d <<<= 13 +- rol $13,%ebp +- # x11 ^= d +- xor %rbp,%r12 +- # d = x7 + x11 +- lea (%r8,%r12),%rbp +- # (uint32) d <<<= 18 +- rol $18,%ebp +- # x15 ^= d +- xor %rbp,%r15 +- # x15_stack = x15 +- movq %r15,176(%rsp) +- # x5 = x5_stack +- movq 160(%rsp),%r15 +- # a = x3 + x0 +- lea (%rsi,%rdx),%rbp +- # (uint32) a <<<= 7 +- rol $7,%ebp +- # x1 ^= a +- xor %rbp,%rdi +- # b = x4 + x5 +- lea (%r9,%r15),%rbp +- # (uint32) b <<<= 7 +- rol $7,%ebp +- # x6 ^= b +- xor %rbp,%rax +- # a = x0 + x1 +- lea (%rdx,%rdi),%rbp +- # (uint32) a <<<= 9 +- rol $9,%ebp +- # x2 ^= a +- xor %rbp,%rcx +- # b = x5 + x6 +- lea (%r15,%rax),%rbp +- # (uint32) b <<<= 9 +- rol $9,%ebp +- # x7 ^= b +- xor %rbp,%r8 +- # a = x1 + x2 +- lea (%rdi,%rcx),%rbp +- # (uint32) a <<<= 13 +- rol $13,%ebp +- # x3 ^= a +- xor %rbp,%rsi +- # b = x6 + x7 +- lea (%rax,%r8),%rbp +- # (uint32) b <<<= 13 +- rol $13,%ebp +- # x4 ^= b +- xor %rbp,%r9 +- # a = x2 + x3 +- lea (%rcx,%rsi),%rbp +- # (uint32) a <<<= 18 +- rol $18,%ebp +- # x0 ^= a +- xor %rbp,%rdx +- # b = x7 + x4 +- lea (%r8,%r9),%rbp +- # (uint32) b <<<= 18 +- rol $18,%ebp +- # x5 ^= b +- xor %rbp,%r15 +- # x10 = x10_stack +- movq 168(%rsp),%rbp +- # x5_stack = x5 +- movq %r15,160(%rsp) +- # c = x9 + x10 +- lea (%r10,%rbp),%r15 +- # (uint32) c <<<= 7 +- rol $7,%r15d +- # x11 ^= c +- xor %r15,%r12 +- # c = x10 + x11 +- lea (%rbp,%r12),%r15 +- # (uint32) c <<<= 9 +- rol $9,%r15d +- # x8 ^= c +- xor %r15,%r11 +- # c = x11 + x8 +- lea (%r12,%r11),%r15 +- # (uint32) c <<<= 13 +- rol $13,%r15d +- # x9 ^= c +- xor %r15,%r10 +- # c = x8 + x9 +- lea (%r11,%r10),%r15 +- # (uint32) c <<<= 18 +- rol $18,%r15d +- # x10 ^= c +- xor %r15,%rbp +- # x15 = x15_stack +- movq 176(%rsp),%r15 +- # x10_stack = x10 +- movq %rbp,168(%rsp) +- # d = x14 + x15 +- lea (%rbx,%r15),%rbp +- # (uint32) d <<<= 7 +- rol $7,%ebp +- # x12 ^= d +- xor %rbp,%r14 +- # d = x15 + x12 +- lea (%r15,%r14),%rbp +- # (uint32) d <<<= 9 +- rol $9,%ebp +- # x13 ^= d +- xor %rbp,%r13 +- # d = x12 + x13 +- lea (%r14,%r13),%rbp +- # (uint32) d <<<= 13 +- rol $13,%ebp +- # x14 ^= d +- xor %rbp,%rbx +- # d = x13 + x14 +- lea (%r13,%rbx),%rbp +- # (uint32) d <<<= 18 +- rol $18,%ebp +- # x15 ^= d +- xor %rbp,%r15 +- # x15_stack = x15 +- movq %r15,176(%rsp) +- # x5 = x5_stack +- movq 160(%rsp),%r15 +- # a = x12 + x0 +- lea (%r14,%rdx),%rbp +- # (uint32) a <<<= 7 +- rol $7,%ebp +- # x4 ^= a +- xor %rbp,%r9 +- # b = x1 + x5 +- lea (%rdi,%r15),%rbp +- # (uint32) b <<<= 7 +- rol $7,%ebp +- # x9 ^= b +- xor %rbp,%r10 +- # a = x0 + x4 +- lea (%rdx,%r9),%rbp +- # (uint32) a <<<= 9 +- rol $9,%ebp +- # x8 ^= a +- xor %rbp,%r11 +- # b = x5 + x9 +- lea (%r15,%r10),%rbp +- # (uint32) b <<<= 9 +- rol $9,%ebp +- # x13 ^= b +- xor %rbp,%r13 +- # a = x4 + x8 +- lea (%r9,%r11),%rbp +- # (uint32) a <<<= 13 +- rol $13,%ebp +- # x12 ^= a +- xor %rbp,%r14 +- # b = x9 + x13 +- lea (%r10,%r13),%rbp +- # (uint32) b <<<= 13 +- rol $13,%ebp +- # x1 ^= b +- xor %rbp,%rdi +- # a = x8 + x12 +- lea (%r11,%r14),%rbp +- # (uint32) a <<<= 18 +- rol $18,%ebp +- # x0 ^= a +- xor %rbp,%rdx +- # b = x13 + x1 +- lea (%r13,%rdi),%rbp +- # (uint32) b <<<= 18 +- rol $18,%ebp +- # x5 ^= b +- xor %rbp,%r15 +- # x10 = x10_stack +- movq 168(%rsp),%rbp +- # x5_stack = x5 +- movq %r15,160(%rsp) +- # c = x6 + x10 +- lea (%rax,%rbp),%r15 +- # (uint32) c <<<= 7 +- rol $7,%r15d +- # x14 ^= c +- xor %r15,%rbx +- # c = x10 + x14 +- lea (%rbp,%rbx),%r15 +- # (uint32) c <<<= 9 +- rol $9,%r15d +- # x2 ^= c +- xor %r15,%rcx +- # c = x14 + x2 +- lea (%rbx,%rcx),%r15 +- # (uint32) c <<<= 13 +- rol $13,%r15d +- # x6 ^= c +- xor %r15,%rax +- # c = x2 + x6 +- lea (%rcx,%rax),%r15 +- # (uint32) c <<<= 18 +- rol $18,%r15d +- # x10 ^= c +- xor %r15,%rbp +- # x15 = x15_stack +- movq 176(%rsp),%r15 +- # x10_stack = x10 +- movq %rbp,168(%rsp) +- # d = x11 + x15 +- lea (%r12,%r15),%rbp +- # (uint32) d <<<= 7 +- rol $7,%ebp +- # x3 ^= d +- xor %rbp,%rsi +- # d = x15 + x3 +- lea (%r15,%rsi),%rbp +- # (uint32) d <<<= 9 +- rol $9,%ebp +- # x7 ^= d +- xor %rbp,%r8 +- # d = x3 + x7 +- lea (%rsi,%r8),%rbp +- # (uint32) d <<<= 13 +- rol $13,%ebp +- # x11 ^= d +- xor %rbp,%r12 +- # d = x7 + x11 +- lea (%r8,%r12),%rbp +- # (uint32) d <<<= 18 +- rol $18,%ebp +- # x15 ^= d +- xor %rbp,%r15 +- # x15_stack = x15 +- movq %r15,176(%rsp) +- # x5 = x5_stack +- movq 160(%rsp),%r15 +- # a = x3 + x0 +- lea (%rsi,%rdx),%rbp +- # (uint32) a <<<= 7 +- rol $7,%ebp +- # x1 ^= a +- xor %rbp,%rdi +- # b = x4 + x5 +- lea (%r9,%r15),%rbp +- # (uint32) b <<<= 7 +- rol $7,%ebp +- # x6 ^= b +- xor %rbp,%rax +- # a = x0 + x1 +- lea (%rdx,%rdi),%rbp +- # (uint32) a <<<= 9 +- rol $9,%ebp +- # x2 ^= a +- xor %rbp,%rcx +- # b = x5 + x6 +- lea (%r15,%rax),%rbp +- # (uint32) b <<<= 9 +- rol $9,%ebp +- # x7 ^= b +- xor %rbp,%r8 +- # a = x1 + x2 +- lea (%rdi,%rcx),%rbp +- # (uint32) a <<<= 13 +- rol $13,%ebp +- # x3 ^= a +- xor %rbp,%rsi +- # b = x6 + x7 +- lea (%rax,%r8),%rbp +- # (uint32) b <<<= 13 +- rol $13,%ebp +- # x4 ^= b +- xor %rbp,%r9 +- # a = x2 + x3 +- lea (%rcx,%rsi),%rbp +- # (uint32) a <<<= 18 +- rol $18,%ebp +- # x0 ^= a +- xor %rbp,%rdx +- # b = x7 + x4 +- lea (%r8,%r9),%rbp +- # (uint32) b <<<= 18 +- rol $18,%ebp +- # x5 ^= b +- xor %rbp,%r15 +- # x10 = x10_stack +- movq 168(%rsp),%rbp +- # x5_stack = x5 +- movq %r15,160(%rsp) +- # c = x9 + x10 +- lea (%r10,%rbp),%r15 +- # (uint32) c <<<= 7 +- rol $7,%r15d +- # x11 ^= c +- xor %r15,%r12 +- # c = x10 + x11 +- lea (%rbp,%r12),%r15 +- # (uint32) c <<<= 9 +- rol $9,%r15d +- # x8 ^= c +- xor %r15,%r11 +- # c = x11 + x8 +- lea (%r12,%r11),%r15 +- # (uint32) c <<<= 13 +- rol $13,%r15d +- # x9 ^= c +- xor %r15,%r10 +- # c = x8 + x9 +- lea (%r11,%r10),%r15 +- # (uint32) c <<<= 18 +- rol $18,%r15d +- # x10 ^= c +- xor %r15,%rbp +- # x15 = x15_stack +- movq 176(%rsp),%r15 +- # x10_stack = x10 +- movq %rbp,168(%rsp) +- # d = x14 + x15 +- lea (%rbx,%r15),%rbp +- # (uint32) d <<<= 7 +- rol $7,%ebp +- # x12 ^= d +- xor %rbp,%r14 +- # d = x15 + x12 +- lea (%r15,%r14),%rbp +- # (uint32) d <<<= 9 +- rol $9,%ebp +- # x13 ^= d +- xor %rbp,%r13 +- # d = x12 + x13 +- lea (%r14,%r13),%rbp +- # (uint32) d <<<= 13 +- rol $13,%ebp +- # x14 ^= d +- xor %rbp,%rbx +- # d = x13 + x14 +- lea (%r13,%rbx),%rbp +- # (uint32) d <<<= 18 +- rol $18,%ebp +- # x15 ^= d +- xor %rbp,%r15 +- # x15_stack = x15 +- movq %r15,176(%rsp) +- # i = i_backup +- movq 184(%rsp),%r15 +- # unsigned>? i -= 4 +- sub $4,%r15 +- # comment:fp stack unchanged by jump +- # goto mainloop if unsigned> +- ja ._mainloop +- # (uint32) x2 += j2 +- addl 64(%rsp),%ecx +- # x3 <<= 32 +- shl $32,%rsi +- # x3 += j2 +- addq 64(%rsp),%rsi +- # (uint64) x3 >>= 32 +- shr $32,%rsi +- # x3 <<= 32 +- shl $32,%rsi +- # x2 += x3 +- add %rsi,%rcx +- # (uint32) x6 += j6 +- addl 80(%rsp),%eax +- # x7 <<= 32 +- shl $32,%r8 +- # x7 += j6 +- addq 80(%rsp),%r8 +- # (uint64) x7 >>= 32 +- shr $32,%r8 +- # x7 <<= 32 +- shl $32,%r8 +- # x6 += x7 +- add %r8,%rax +- # (uint32) x8 += j8 +- addl 88(%rsp),%r11d +- # x9 <<= 32 +- shl $32,%r10 +- # x9 += j8 +- addq 88(%rsp),%r10 +- # (uint64) x9 >>= 32 +- shr $32,%r10 +- # x9 <<= 32 +- shl $32,%r10 +- # x8 += x9 +- add %r10,%r11 +- # (uint32) x12 += j12 +- addl 104(%rsp),%r14d +- # x13 <<= 32 +- shl $32,%r13 +- # x13 += j12 +- addq 104(%rsp),%r13 +- # (uint64) x13 >>= 32 +- shr $32,%r13 +- # x13 <<= 32 +- shl $32,%r13 +- # x12 += x13 +- add %r13,%r14 +- # (uint32) x0 += j0 +- addl 56(%rsp),%edx +- # x1 <<= 32 +- shl $32,%rdi +- # x1 += j0 +- addq 56(%rsp),%rdi +- # (uint64) x1 >>= 32 +- shr $32,%rdi +- # x1 <<= 32 +- shl $32,%rdi +- # x0 += x1 +- add %rdi,%rdx +- # x5 = x5_stack +- movq 160(%rsp),%rdi +- # (uint32) x4 += j4 +- addl 72(%rsp),%r9d +- # x5 <<= 32 +- shl $32,%rdi +- # x5 += j4 +- addq 72(%rsp),%rdi +- # (uint64) x5 >>= 32 +- shr $32,%rdi +- # x5 <<= 32 +- shl $32,%rdi +- # x4 += x5 +- add %rdi,%r9 +- # x10 = x10_stack +- movq 168(%rsp),%r8 +- # (uint32) x10 += j10 +- addl 96(%rsp),%r8d +- # x11 <<= 32 +- shl $32,%r12 +- # x11 += j10 +- addq 96(%rsp),%r12 +- # (uint64) x11 >>= 32 +- shr $32,%r12 +- # x11 <<= 32 +- shl $32,%r12 +- # x10 += x11 +- add %r12,%r8 +- # x15 = x15_stack +- movq 176(%rsp),%rdi +- # (uint32) x14 += j14 +- addl 112(%rsp),%ebx +- # x15 <<= 32 +- shl $32,%rdi +- # x15 += j14 +- addq 112(%rsp),%rdi +- # (uint64) x15 >>= 32 +- shr $32,%rdi +- # x15 <<= 32 +- shl $32,%rdi +- # x14 += x15 +- add %rdi,%rbx +- # out = out_backup +- movq 136(%rsp),%rdi +- # m = m_backup +- movq 144(%rsp),%rsi +- # x0 ^= *(uint64 *) (m + 0) +- xorq 0(%rsi),%rdx +- # *(uint64 *) (out + 0) = x0 +- movq %rdx,0(%rdi) +- # x2 ^= *(uint64 *) (m + 8) +- xorq 8(%rsi),%rcx +- # *(uint64 *) (out + 8) = x2 +- movq %rcx,8(%rdi) +- # x4 ^= *(uint64 *) (m + 16) +- xorq 16(%rsi),%r9 +- # *(uint64 *) (out + 16) = x4 +- movq %r9,16(%rdi) +- # x6 ^= *(uint64 *) (m + 24) +- xorq 24(%rsi),%rax +- # *(uint64 *) (out + 24) = x6 +- movq %rax,24(%rdi) +- # x8 ^= *(uint64 *) (m + 32) +- xorq 32(%rsi),%r11 +- # *(uint64 *) (out + 32) = x8 +- movq %r11,32(%rdi) +- # x10 ^= *(uint64 *) (m + 40) +- xorq 40(%rsi),%r8 +- # *(uint64 *) (out + 40) = x10 +- movq %r8,40(%rdi) +- # x12 ^= *(uint64 *) (m + 48) +- xorq 48(%rsi),%r14 +- # *(uint64 *) (out + 48) = x12 +- movq %r14,48(%rdi) +- # x14 ^= *(uint64 *) (m + 56) +- xorq 56(%rsi),%rbx +- # *(uint64 *) (out + 56) = x14 +- movq %rbx,56(%rdi) +- # bytes = bytes_backup +- movq 152(%rsp),%rdx +- # in8 = j8 +- movq 88(%rsp),%rcx +- # in8 += 1 +- add $1,%rcx +- # j8 = in8 +- movq %rcx,88(%rsp) +- # unsigned>? unsigned<? bytes - 64 +- cmp $64,%rdx +- # comment:fp stack unchanged by jump +- # goto bytesatleast65 if unsigned> +- ja ._bytesatleast65 +- # comment:fp stack unchanged by jump +- # goto bytesatleast64 if !unsigned< +- jae ._bytesatleast64 +- # m = out +- mov %rdi,%rsi +- # out = ctarget +- movq 128(%rsp),%rdi +- # i = bytes +- mov %rdx,%rcx +- # while (i) { *out++ = *m++; --i } +- rep movsb +- # comment:fp stack unchanged by fallthrough +-# bytesatleast64: +-._bytesatleast64: +- # x = x_backup +- movq 120(%rsp),%rdi +- # in8 = j8 +- movq 88(%rsp),%rsi +- # *(uint64 *) (x + 32) = in8 +- movq %rsi,32(%rdi) +- # r11 = r11_stack +- movq 0(%rsp),%r11 +- # r12 = r12_stack +- movq 8(%rsp),%r12 +- # r13 = r13_stack +- movq 16(%rsp),%r13 +- # r14 = r14_stack +- movq 24(%rsp),%r14 +- # r15 = r15_stack +- movq 32(%rsp),%r15 +- # rbx = rbx_stack +- movq 40(%rsp),%rbx +- # rbp = rbp_stack +- movq 48(%rsp),%rbp +- # comment:fp stack unchanged by fallthrough +-# done: +-._done: +- # leave +- add %r11,%rsp +- mov %rdi,%rax +- mov %rsi,%rdx +- ret +-# bytesatleast65: +-._bytesatleast65: +- # bytes -= 64 +- sub $64,%rdx +- # out += 64 +- add $64,%rdi +- # m += 64 +- add $64,%rsi +- # comment:fp stack unchanged by jump +- # goto bytesatleast1 +- jmp ._bytesatleast1 +-ENDPROC(salsa20_encrypt_bytes) +diff --git a/arch/x86/crypto/salsa20_glue.c b/arch/x86/crypto/salsa20_glue.c +deleted file mode 100644 +index b07d7d959806..000000000000 +--- a/arch/x86/crypto/salsa20_glue.c ++++ /dev/null +@@ -1,91 +0,0 @@ +-/* +- * Glue code for optimized assembly version of Salsa20. +- * +- * Copyright (c) 2007 Tan Swee Heng <[email protected]> +- * +- * The assembly codes are public domain assembly codes written by Daniel. J. +- * Bernstein <[email protected]>. The codes are modified to include indentation +- * and to remove extraneous comments and functions that are not needed. +- * - i586 version, renamed as salsa20-i586-asm_32.S +- * available from <http://cr.yp.to/snuffle/salsa20/x86-pm/salsa20.s> +- * - x86-64 version, renamed as salsa20-x86_64-asm_64.S +- * available from <http://cr.yp.to/snuffle/salsa20/amd64-3/salsa20.s> +- * +- * Also modified to set up the initial state using the generic C code rather +- * than in assembly. +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the Free +- * Software Foundation; either version 2 of the License, or (at your option) +- * any later version. +- * +- */ +- +-#include <asm/unaligned.h> +-#include <crypto/internal/skcipher.h> +-#include <crypto/salsa20.h> +-#include <linux/module.h> +- +-asmlinkage void salsa20_encrypt_bytes(u32 state[16], const u8 *src, u8 *dst, +- u32 bytes); +- +-static int salsa20_asm_crypt(struct skcipher_request *req) +-{ +- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); +- const struct salsa20_ctx *ctx = crypto_skcipher_ctx(tfm); +- struct skcipher_walk walk; +- u32 state[16]; +- int err; +- +- err = skcipher_walk_virt(&walk, req, true); +- +- crypto_salsa20_init(state, ctx, walk.iv); +- +- while (walk.nbytes > 0) { +- unsigned int nbytes = walk.nbytes; +- +- if (nbytes < walk.total) +- nbytes = round_down(nbytes, walk.stride); +- +- salsa20_encrypt_bytes(state, walk.src.virt.addr, +- walk.dst.virt.addr, nbytes); +- err = skcipher_walk_done(&walk, walk.nbytes - nbytes); +- } +- +- return err; +-} +- +-static struct skcipher_alg alg = { +- .base.cra_name = "salsa20", +- .base.cra_driver_name = "salsa20-asm", +- .base.cra_priority = 200, +- .base.cra_blocksize = 1, +- .base.cra_ctxsize = sizeof(struct salsa20_ctx), +- .base.cra_module = THIS_MODULE, +- +- .min_keysize = SALSA20_MIN_KEY_SIZE, +- .max_keysize = SALSA20_MAX_KEY_SIZE, +- .ivsize = SALSA20_IV_SIZE, +- .chunksize = SALSA20_BLOCK_SIZE, +- .setkey = crypto_salsa20_setkey, +- .encrypt = salsa20_asm_crypt, +- .decrypt = salsa20_asm_crypt, +-}; +- +-static int __init init(void) +-{ +- return crypto_register_skcipher(&alg); +-} +- +-static void __exit fini(void) +-{ +- crypto_unregister_skcipher(&alg); +-} +- +-module_init(init); +-module_exit(fini); +- +-MODULE_LICENSE("GPL"); +-MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm (optimized assembly version)"); +-MODULE_ALIAS_CRYPTO("salsa20"); +-MODULE_ALIAS_CRYPTO("salsa20-asm"); +diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h +index 5db8b0b10766..7cc81c586d71 100644 +--- a/arch/x86/include/asm/vmx.h ++++ b/arch/x86/include/asm/vmx.h +@@ -114,6 +114,7 @@ + #define VMX_MISC_PREEMPTION_TIMER_RATE_MASK 0x0000001f + #define VMX_MISC_SAVE_EFER_LMA 0x00000020 + #define VMX_MISC_ACTIVITY_HLT 0x00000040 ++#define VMX_MISC_ZERO_LEN_INS 0x40000000 + + /* VMFUNC functions */ + #define VMX_VMFUNC_EPTP_SWITCHING 0x00000001 +@@ -349,11 +350,13 @@ enum vmcs_field { + #define VECTORING_INFO_VALID_MASK INTR_INFO_VALID_MASK + + #define INTR_TYPE_EXT_INTR (0 << 8) /* external interrupt */ ++#define INTR_TYPE_RESERVED (1 << 8) /* reserved */ + #define INTR_TYPE_NMI_INTR (2 << 8) /* NMI */ + #define INTR_TYPE_HARD_EXCEPTION (3 << 8) /* processor exception */ + #define INTR_TYPE_SOFT_INTR (4 << 8) /* software interrupt */ + #define INTR_TYPE_PRIV_SW_EXCEPTION (5 << 8) /* ICE breakpoint - undocumented */ + #define INTR_TYPE_SOFT_EXCEPTION (6 << 8) /* software exception */ ++#define INTR_TYPE_OTHER_EVENT (7 << 8) /* other event */ + + /* GUEST_INTERRUPTIBILITY_INFO flags. */ + #define GUEST_INTR_STATE_STI 0x00000001 +diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c +index c84bb5396958..442fae7b8b61 100644 +--- a/arch/x86/kernel/uprobes.c ++++ b/arch/x86/kernel/uprobes.c +@@ -293,7 +293,7 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool + insn_init(insn, auprobe->insn, sizeof(auprobe->insn), x86_64); + /* has the side-effect of processing the entire instruction */ + insn_get_length(insn); +- if (WARN_ON_ONCE(!insn_complete(insn))) ++ if (!insn_complete(insn)) + return -ENOEXEC; + + if (is_prefix_bad(insn)) +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 82f5e915e568..dd4366edc200 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -1510,6 +1510,17 @@ static inline unsigned nested_cpu_vmx_misc_cr3_count(struct kvm_vcpu *vcpu) + return vmx_misc_cr3_count(to_vmx(vcpu)->nested.msrs.misc_low); + } + ++static inline bool nested_cpu_has_zero_length_injection(struct kvm_vcpu *vcpu) ++{ ++ return to_vmx(vcpu)->nested.msrs.misc_low & VMX_MISC_ZERO_LEN_INS; ++} ++ ++static inline bool nested_cpu_supports_monitor_trap_flag(struct kvm_vcpu *vcpu) ++{ ++ return to_vmx(vcpu)->nested.msrs.procbased_ctls_high & ++ CPU_BASED_MONITOR_TRAP_FLAG; ++} ++ + static inline bool nested_cpu_has(struct vmcs12 *vmcs12, u32 bit) + { + return vmcs12->cpu_based_vm_exec_control & bit; +@@ -11364,6 +11375,62 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) + !nested_cr3_valid(vcpu, vmcs12->host_cr3)) + return VMXERR_ENTRY_INVALID_HOST_STATE_FIELD; + ++ /* ++ * From the Intel SDM, volume 3: ++ * Fields relevant to VM-entry event injection must be set properly. ++ * These fields are the VM-entry interruption-information field, the ++ * VM-entry exception error code, and the VM-entry instruction length. ++ */ ++ if (vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK) { ++ u32 intr_info = vmcs12->vm_entry_intr_info_field; ++ u8 vector = intr_info & INTR_INFO_VECTOR_MASK; ++ u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; ++ bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; ++ bool should_have_error_code; ++ bool urg = nested_cpu_has2(vmcs12, ++ SECONDARY_EXEC_UNRESTRICTED_GUEST); ++ bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; ++ ++ /* VM-entry interruption-info field: interruption type */ ++ if (intr_type == INTR_TYPE_RESERVED || ++ (intr_type == INTR_TYPE_OTHER_EVENT && ++ !nested_cpu_supports_monitor_trap_flag(vcpu))) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ ++ /* VM-entry interruption-info field: vector */ ++ if ((intr_type == INTR_TYPE_NMI_INTR && vector != NMI_VECTOR) || ++ (intr_type == INTR_TYPE_HARD_EXCEPTION && vector > 31) || ++ (intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ ++ /* VM-entry interruption-info field: deliver error code */ ++ should_have_error_code = ++ intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && ++ x86_exception_has_error_code(vector); ++ if (has_error_code != should_have_error_code) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ ++ /* VM-entry exception error code */ ++ if (has_error_code && ++ vmcs12->vm_entry_exception_error_code & GENMASK(31, 15)) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ ++ /* VM-entry interruption-info field: reserved bits */ ++ if (intr_info & INTR_INFO_RESVD_BITS_MASK) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ ++ /* VM-entry instruction length */ ++ switch (intr_type) { ++ case INTR_TYPE_SOFT_EXCEPTION: ++ case INTR_TYPE_SOFT_INTR: ++ case INTR_TYPE_PRIV_SW_EXCEPTION: ++ if ((vmcs12->vm_entry_instruction_len > 15) || ++ (vmcs12->vm_entry_instruction_len == 0 && ++ !nested_cpu_has_zero_length_injection(vcpu))) ++ return VMXERR_ENTRY_INVALID_CONTROL_FIELD; ++ } ++ } ++ + return 0; + } + +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h +index 331993c49dae..257f27620bc2 100644 +--- a/arch/x86/kvm/x86.h ++++ b/arch/x86/kvm/x86.h +@@ -110,6 +110,15 @@ static inline bool is_la57_mode(struct kvm_vcpu *vcpu) + #endif + } + ++static inline bool x86_exception_has_error_code(unsigned int vector) ++{ ++ static u32 exception_has_error_code = BIT(DF_VECTOR) | BIT(TS_VECTOR) | ++ BIT(NP_VECTOR) | BIT(SS_VECTOR) | BIT(GP_VECTOR) | ++ BIT(PF_VECTOR) | BIT(AC_VECTOR); ++ ++ return (1U << vector) & exception_has_error_code; ++} ++ + static inline bool mmu_is_nested(struct kvm_vcpu *vcpu) + { + return vcpu->arch.walk_mmu == &vcpu->arch.nested_mmu; +diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile +index 2e9ee023e6bc..81a8e33115ad 100644 +--- a/arch/x86/purgatory/Makefile ++++ b/arch/x86/purgatory/Makefile +@@ -6,7 +6,7 @@ purgatory-y := purgatory.o stack.o setup-x86_$(BITS).o sha256.o entry64.o string + targets += $(purgatory-y) + PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y)) + +-$(obj)/sha256.o: $(srctree)/lib/sha256.c ++$(obj)/sha256.o: $(srctree)/lib/sha256.c FORCE + $(call if_changed_rule,cc_o_c) + + LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib +diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c +index 357969a3697c..ce8f6a8d4ac9 100644 +--- a/arch/x86/xen/enlighten_pv.c ++++ b/arch/x86/xen/enlighten_pv.c +@@ -1206,12 +1206,20 @@ asmlinkage __visible void __init xen_start_kernel(void) + + xen_setup_features(); + +- xen_setup_machphys_mapping(); +- + /* Install Xen paravirt ops */ + pv_info = xen_info; + pv_init_ops.patch = paravirt_patch_default; + pv_cpu_ops = xen_cpu_ops; ++ xen_init_irq_ops(); ++ ++ /* ++ * Setup xen_vcpu early because it is needed for ++ * local_irq_disable(), irqs_disabled(), e.g. in printk(). ++ * ++ * Don't do the full vcpu_info placement stuff until we have ++ * the cpu_possible_mask and a non-dummy shared_info. ++ */ ++ xen_vcpu_info_reset(0); + + x86_platform.get_nmi_reason = xen_get_nmi_reason; + +@@ -1224,10 +1232,12 @@ asmlinkage __visible void __init xen_start_kernel(void) + * Set up some pagetable state before starting to set any ptes. + */ + ++ xen_setup_machphys_mapping(); + xen_init_mmu_ops(); + + /* Prevent unwanted bits from being set in PTEs. */ + __supported_pte_mask &= ~_PAGE_GLOBAL; ++ __default_kernel_pte_mask &= ~_PAGE_GLOBAL; + + /* + * Prevent page tables from being allocated in highmem, even +@@ -1248,20 +1258,9 @@ asmlinkage __visible void __init xen_start_kernel(void) + get_cpu_cap(&boot_cpu_data); + x86_configure_nx(); + +- xen_init_irq_ops(); +- + /* Let's presume PV guests always boot on vCPU with id 0. */ + per_cpu(xen_vcpu_id, 0) = 0; + +- /* +- * Setup xen_vcpu early because idt_setup_early_handler needs it for +- * local_irq_disable(), irqs_disabled(). +- * +- * Don't do the full vcpu_info placement stuff until we have +- * the cpu_possible_mask and a non-dummy shared_info. +- */ +- xen_vcpu_info_reset(0); +- + idt_setup_early_handler(); + + xen_init_capabilities(); +diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c +index 74179852e46c..7515a19fd324 100644 +--- a/arch/x86/xen/irq.c ++++ b/arch/x86/xen/irq.c +@@ -128,8 +128,6 @@ static const struct pv_irq_ops xen_irq_ops __initconst = { + + void __init xen_init_irq_ops(void) + { +- /* For PVH we use default pv_irq_ops settings. */ +- if (!xen_feature(XENFEAT_hvm_callback_vector)) +- pv_irq_ops = xen_irq_ops; ++ pv_irq_ops = xen_irq_ops; + x86_init.irqs.intr_init = xen_init_IRQ; + } +diff --git a/block/bsg.c b/block/bsg.c +index defa06c11858..7a54b645d469 100644 +--- a/block/bsg.c ++++ b/block/bsg.c +@@ -268,8 +268,6 @@ bsg_map_hdr(struct request_queue *q, struct sg_io_v4 *hdr, fmode_t mode) + } else if (hdr->din_xfer_len) { + ret = blk_rq_map_user(q, rq, NULL, uptr64(hdr->din_xferp), + hdr->din_xfer_len, GFP_KERNEL); +- } else { +- ret = blk_rq_map_user(q, rq, NULL, NULL, 0, GFP_KERNEL); + } + + if (ret) +diff --git a/crypto/Kconfig b/crypto/Kconfig +index 76e8c88c97b4..2f4d4f711950 100644 +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -1335,34 +1335,6 @@ config CRYPTO_SALSA20 + The Salsa20 stream cipher algorithm is designed by Daniel J. + Bernstein <[email protected]>. See <http://cr.yp.to/snuffle.html> + +-config CRYPTO_SALSA20_586 +- tristate "Salsa20 stream cipher algorithm (i586)" +- depends on (X86 || UML_X86) && !64BIT +- select CRYPTO_BLKCIPHER +- select CRYPTO_SALSA20 +- help +- Salsa20 stream cipher algorithm. +- +- Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT +- Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> +- +- The Salsa20 stream cipher algorithm is designed by Daniel J. +- Bernstein <[email protected]>. See <http://cr.yp.to/snuffle.html> +- +-config CRYPTO_SALSA20_X86_64 +- tristate "Salsa20 stream cipher algorithm (x86_64)" +- depends on (X86 || UML_X86) && 64BIT +- select CRYPTO_BLKCIPHER +- select CRYPTO_SALSA20 +- help +- Salsa20 stream cipher algorithm. +- +- Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT +- Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> +- +- The Salsa20 stream cipher algorithm is designed by Daniel J. +- Bernstein <[email protected]>. See <http://cr.yp.to/snuffle.html> +- + config CRYPTO_CHACHA20 + tristate "ChaCha20 cipher algorithm" + select CRYPTO_BLKCIPHER +diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c +index 264ec12c0b9c..7f6735d9003f 100644 +--- a/crypto/sha3_generic.c ++++ b/crypto/sha3_generic.c +@@ -152,7 +152,7 @@ static SHA3_INLINE void keccakf_round(u64 st[25]) + st[24] ^= bc[ 4]; + } + +-static void __optimize("O3") keccakf(u64 st[25]) ++static void keccakf(u64 st[25]) + { + int round; + +diff --git a/drivers/acpi/acpica/hwsleep.c b/drivers/acpi/acpica/hwsleep.c +index fc0c2e2328cd..fe9d46d81750 100644 +--- a/drivers/acpi/acpica/hwsleep.c ++++ b/drivers/acpi/acpica/hwsleep.c +@@ -51,16 +51,23 @@ acpi_status acpi_hw_legacy_sleep(u8 sleep_state) + return_ACPI_STATUS(status); + } + +- /* +- * 1) Disable all GPEs +- * 2) Enable all wakeup GPEs +- */ ++ /* Disable all GPEs */ + status = acpi_hw_disable_all_gpes(); + if (ACPI_FAILURE(status)) { + return_ACPI_STATUS(status); + } ++ /* ++ * If the target sleep state is S5, clear all GPEs and fixed events too ++ */ ++ if (sleep_state == ACPI_STATE_S5) { ++ status = acpi_hw_clear_acpi_status(); ++ if (ACPI_FAILURE(status)) { ++ return_ACPI_STATUS(status); ++ } ++ } + acpi_gbl_system_awake_and_running = FALSE; + ++ /* Enable all wakeup GPEs */ + status = acpi_hw_enable_all_wakeup_gpes(); + if (ACPI_FAILURE(status)) { + return_ACPI_STATUS(status); +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index e2235ed3e4be..964106d173bd 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -1272,7 +1272,7 @@ static ssize_t scrub_show(struct device *dev, + + mutex_lock(&acpi_desc->init_mutex); + rc = sprintf(buf, "%d%s", acpi_desc->scrub_count, +- work_busy(&acpi_desc->dwork.work) ++ acpi_desc->scrub_busy + && !acpi_desc->cancel ? "+\n" : "\n"); + mutex_unlock(&acpi_desc->init_mutex); + } +@@ -2949,6 +2949,32 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, + return 0; + } + ++static void __sched_ars(struct acpi_nfit_desc *acpi_desc, unsigned int tmo) ++{ ++ lockdep_assert_held(&acpi_desc->init_mutex); ++ ++ acpi_desc->scrub_busy = 1; ++ /* note this should only be set from within the workqueue */ ++ if (tmo) ++ acpi_desc->scrub_tmo = tmo; ++ queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); ++} ++ ++static void sched_ars(struct acpi_nfit_desc *acpi_desc) ++{ ++ __sched_ars(acpi_desc, 0); ++} ++ ++static void notify_ars_done(struct acpi_nfit_desc *acpi_desc) ++{ ++ lockdep_assert_held(&acpi_desc->init_mutex); ++ ++ acpi_desc->scrub_busy = 0; ++ acpi_desc->scrub_count++; ++ if (acpi_desc->scrub_count_state) ++ sysfs_notify_dirent(acpi_desc->scrub_count_state); ++} ++ + static void acpi_nfit_scrub(struct work_struct *work) + { + struct acpi_nfit_desc *acpi_desc; +@@ -2959,14 +2985,10 @@ static void acpi_nfit_scrub(struct work_struct *work) + mutex_lock(&acpi_desc->init_mutex); + query_rc = acpi_nfit_query_poison(acpi_desc); + tmo = __acpi_nfit_scrub(acpi_desc, query_rc); +- if (tmo) { +- queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); +- acpi_desc->scrub_tmo = tmo; +- } else { +- acpi_desc->scrub_count++; +- if (acpi_desc->scrub_count_state) +- sysfs_notify_dirent(acpi_desc->scrub_count_state); +- } ++ if (tmo) ++ __sched_ars(acpi_desc, tmo); ++ else ++ notify_ars_done(acpi_desc); + memset(acpi_desc->ars_status, 0, acpi_desc->max_ars); + mutex_unlock(&acpi_desc->init_mutex); + } +@@ -3047,7 +3069,7 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) + break; + } + +- queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); ++ sched_ars(acpi_desc); + return 0; + } + +@@ -3249,7 +3271,7 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) + } + } + if (scheduled) { +- queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); ++ sched_ars(acpi_desc); + dev_dbg(dev, "ars_scan triggered\n"); + } + mutex_unlock(&acpi_desc->init_mutex); +diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h +index 7d15856a739f..a97ff42fe311 100644 +--- a/drivers/acpi/nfit/nfit.h ++++ b/drivers/acpi/nfit/nfit.h +@@ -203,6 +203,7 @@ struct acpi_nfit_desc { + unsigned int max_ars; + unsigned int scrub_count; + unsigned int scrub_mode; ++ unsigned int scrub_busy:1; + unsigned int cancel:1; + unsigned long dimm_cmd_force_en; + unsigned long bus_cmd_force_en; +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c +index 738fb22978dd..b2b9eba1d214 100644 +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -400,6 +400,7 @@ static const struct pci_device_id ahci_pci_tbl[] = { + { PCI_VDEVICE(INTEL, 0x0f23), board_ahci_mobile }, /* Bay Trail AHCI */ + { PCI_VDEVICE(INTEL, 0x22a3), board_ahci_mobile }, /* Cherry Tr. AHCI */ + { PCI_VDEVICE(INTEL, 0x5ae3), board_ahci_mobile }, /* ApolloLake AHCI */ ++ { PCI_VDEVICE(INTEL, 0x34d3), board_ahci_mobile }, /* Ice Lake LP AHCI */ + + /* JMicron 360/1/3/5/6, match class to avoid IDE function */ + { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, +@@ -1280,6 +1281,59 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) + return strcmp(buf, dmi->driver_data) < 0; + } + ++static bool ahci_broken_lpm(struct pci_dev *pdev) ++{ ++ static const struct dmi_system_id sysids[] = { ++ /* Various Lenovo 50 series have LPM issues with older BIOSen */ ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad X250"), ++ }, ++ .driver_data = "20180406", /* 1.31 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L450"), ++ }, ++ .driver_data = "20180420", /* 1.28 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T450s"), ++ }, ++ .driver_data = "20180315", /* 1.33 */ ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W541"), ++ }, ++ /* ++ * Note date based on release notes, 2.35 has been ++ * reported to be good, but I've been unable to get ++ * a hold of the reporter to get the DMI BIOS date. ++ * TODO: fix this. ++ */ ++ .driver_data = "20180310", /* 2.35 */ ++ }, ++ { } /* terminate list */ ++ }; ++ const struct dmi_system_id *dmi = dmi_first_match(sysids); ++ int year, month, date; ++ char buf[9]; ++ ++ if (!dmi) ++ return false; ++ ++ dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); ++ snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); ++ ++ return strcmp(buf, dmi->driver_data) < 0; ++} ++ + static bool ahci_broken_online(struct pci_dev *pdev) + { + #define ENCODE_BUSDEVFN(bus, slot, func) \ +@@ -1694,6 +1748,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + "quirky BIOS, skipping spindown on poweroff\n"); + } + ++ if (ahci_broken_lpm(pdev)) { ++ pi.flags |= ATA_FLAG_NO_LPM; ++ dev_warn(&pdev->dev, ++ "BIOS update required for Link Power Management support\n"); ++ } ++ + if (ahci_broken_suspend(pdev)) { + hpriv->flags |= AHCI_HFLAG_NO_SUSPEND; + dev_warn(&pdev->dev, +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 9bfd2f7e4542..55cbaab4bc20 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -2502,6 +2502,9 @@ int ata_dev_configure(struct ata_device *dev) + (id[ATA_ID_SATA_CAPABILITY] & 0xe) == 0x2) + dev->horkage |= ATA_HORKAGE_NOLPM; + ++ if (ap->flags & ATA_FLAG_NO_LPM) ++ dev->horkage |= ATA_HORKAGE_NOLPM; ++ + if (dev->horkage & ATA_HORKAGE_NOLPM) { + ata_dev_warn(dev, "LPM support broken, forcing max_power\n"); + dev->link->ap->target_lpm_policy = ATA_LPM_MAX_POWER; +diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c +index 89a9d4a2efc8..c0ac1ea3e7a3 100644 +--- a/drivers/ata/libata-scsi.c ++++ b/drivers/ata/libata-scsi.c +@@ -3802,10 +3802,20 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc) + */ + goto invalid_param_len; + } +- if (block > dev->n_sectors) +- goto out_of_range; + + all = cdb[14] & 0x1; ++ if (all) { ++ /* ++ * Ignore the block address (zone ID) as defined by ZBC. ++ */ ++ block = 0; ++ } else if (block >= dev->n_sectors) { ++ /* ++ * Block must be a valid zone ID (a zone start LBA). ++ */ ++ fp = 2; ++ goto invalid_fld; ++ } + + if (ata_ncq_enabled(qc->dev) && + ata_fpdma_zac_mgmt_out_supported(qc->dev)) { +@@ -3834,10 +3844,6 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc) + invalid_fld: + ata_scsi_set_invalid_field(qc->dev, scmd, fp, 0xff); + return 1; +- out_of_range: +- /* "Logical Block Address out of range" */ +- ata_scsi_set_sense(qc->dev, scmd, ILLEGAL_REQUEST, 0x21, 0x00); +- return 1; + invalid_param_len: + /* "Parameter list length error" */ + ata_scsi_set_sense(qc->dev, scmd, ILLEGAL_REQUEST, 0x1a, 0x0); +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 55cf554bc914..1a2777bc5a57 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -644,6 +644,36 @@ static void loop_reread_partitions(struct loop_device *lo, + __func__, lo->lo_number, lo->lo_file_name, rc); + } + ++static inline int is_loop_device(struct file *file) ++{ ++ struct inode *i = file->f_mapping->host; ++ ++ return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; ++} ++ ++static int loop_validate_file(struct file *file, struct block_device *bdev) ++{ ++ struct inode *inode = file->f_mapping->host; ++ struct file *f = file; ++ ++ /* Avoid recursion */ ++ while (is_loop_device(f)) { ++ struct loop_device *l; ++ ++ if (f->f_mapping->host->i_bdev == bdev) ++ return -EBADF; ++ ++ l = f->f_mapping->host->i_bdev->bd_disk->private_data; ++ if (l->lo_state == Lo_unbound) { ++ return -EINVAL; ++ } ++ f = l->lo_backing_file; ++ } ++ if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) ++ return -EINVAL; ++ return 0; ++} ++ + /* + * loop_change_fd switched the backing store of a loopback device to + * a new file. This is useful for operating system installers to free up +@@ -673,14 +703,15 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, + if (!file) + goto out; + ++ error = loop_validate_file(file, bdev); ++ if (error) ++ goto out_putf; ++ + inode = file->f_mapping->host; + old_file = lo->lo_backing_file; + + error = -EINVAL; + +- if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) +- goto out_putf; +- + /* size of the new backing store needs to be the same */ + if (get_loop_size(lo, file) != get_loop_size(lo, old_file)) + goto out_putf; +@@ -706,13 +737,6 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, + return error; + } + +-static inline int is_loop_device(struct file *file) +-{ +- struct inode *i = file->f_mapping->host; +- +- return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; +-} +- + /* loop sysfs attributes */ + + static ssize_t loop_attr_show(struct device *dev, char *page, +@@ -809,16 +833,17 @@ static struct attribute_group loop_attribute_group = { + .attrs= loop_attrs, + }; + +-static int loop_sysfs_init(struct loop_device *lo) ++static void loop_sysfs_init(struct loop_device *lo) + { +- return sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj, +- &loop_attribute_group); ++ lo->sysfs_inited = !sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj, ++ &loop_attribute_group); + } + + static void loop_sysfs_exit(struct loop_device *lo) + { +- sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj, +- &loop_attribute_group); ++ if (lo->sysfs_inited) ++ sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj, ++ &loop_attribute_group); + } + + static void loop_config_discard(struct loop_device *lo) +@@ -877,7 +902,7 @@ static int loop_prepare_queue(struct loop_device *lo) + static int loop_set_fd(struct loop_device *lo, fmode_t mode, + struct block_device *bdev, unsigned int arg) + { +- struct file *file, *f; ++ struct file *file; + struct inode *inode; + struct address_space *mapping; + int lo_flags = 0; +@@ -896,29 +921,13 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, + if (lo->lo_state != Lo_unbound) + goto out_putf; + +- /* Avoid recursion */ +- f = file; +- while (is_loop_device(f)) { +- struct loop_device *l; +- +- if (f->f_mapping->host->i_bdev == bdev) +- goto out_putf; +- +- l = f->f_mapping->host->i_bdev->bd_disk->private_data; +- if (l->lo_state == Lo_unbound) { +- error = -EINVAL; +- goto out_putf; +- } +- f = l->lo_backing_file; +- } ++ error = loop_validate_file(file, bdev); ++ if (error) ++ goto out_putf; + + mapping = file->f_mapping; + inode = mapping->host; + +- error = -EINVAL; +- if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) +- goto out_putf; +- + if (!(file->f_mode & FMODE_WRITE) || !(mode & FMODE_WRITE) || + !file->f_op->write_iter) + lo_flags |= LO_FLAGS_READ_ONLY; +diff --git a/drivers/block/loop.h b/drivers/block/loop.h +index b78de9879f4f..4d42c7af7de7 100644 +--- a/drivers/block/loop.h ++++ b/drivers/block/loop.h +@@ -58,6 +58,7 @@ struct loop_device { + struct kthread_worker worker; + struct task_struct *worker_task; + bool use_dio; ++ bool sysfs_inited; + + struct request_queue *lo_queue; + struct blk_mq_tag_set tag_set; +diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c +index ab50090d066c..ff1a9ffbf17f 100644 +--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c ++++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c +@@ -693,8 +693,11 @@ static struct platform_driver etnaviv_platform_driver = { + }, + }; + ++static struct platform_device *etnaviv_drm; ++ + static int __init etnaviv_init(void) + { ++ struct platform_device *pdev; + int ret; + struct device_node *np; + +@@ -706,7 +709,7 @@ static int __init etnaviv_init(void) + + ret = platform_driver_register(&etnaviv_platform_driver); + if (ret != 0) +- platform_driver_unregister(&etnaviv_gpu_driver); ++ goto unregister_gpu_driver; + + /* + * If the DT contains at least one available GPU device, instantiate +@@ -715,20 +718,33 @@ static int __init etnaviv_init(void) + for_each_compatible_node(np, NULL, "vivante,gc") { + if (!of_device_is_available(np)) + continue; +- +- platform_device_register_simple("etnaviv", -1, NULL, 0); ++ pdev = platform_device_register_simple("etnaviv", -1, ++ NULL, 0); ++ if (IS_ERR(pdev)) { ++ ret = PTR_ERR(pdev); ++ of_node_put(np); ++ goto unregister_platform_driver; ++ } ++ etnaviv_drm = pdev; + of_node_put(np); + break; + } + ++ return 0; ++ ++unregister_platform_driver: ++ platform_driver_unregister(&etnaviv_platform_driver); ++unregister_gpu_driver: ++ platform_driver_unregister(&etnaviv_gpu_driver); + return ret; + } + module_init(etnaviv_init); + + static void __exit etnaviv_exit(void) + { +- platform_driver_unregister(&etnaviv_gpu_driver); ++ platform_device_unregister(etnaviv_drm); + platform_driver_unregister(&etnaviv_platform_driver); ++ platform_driver_unregister(&etnaviv_gpu_driver); + } + module_exit(etnaviv_exit); + +diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.h b/drivers/gpu/drm/etnaviv/etnaviv_gpu.h +index 3c3005501846..feb3c6fab382 100644 +--- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.h ++++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.h +@@ -142,6 +142,9 @@ struct etnaviv_gpu { + struct work_struct sync_point_work; + int sync_point_event; + ++ /* hang detection */ ++ u32 hangcheck_dma_addr; ++ + void __iomem *mmio; + int irq; + +diff --git a/drivers/gpu/drm/etnaviv/etnaviv_sched.c b/drivers/gpu/drm/etnaviv/etnaviv_sched.c +index 6cf0775dbcd7..506b05a67dfe 100644 +--- a/drivers/gpu/drm/etnaviv/etnaviv_sched.c ++++ b/drivers/gpu/drm/etnaviv/etnaviv_sched.c +@@ -21,6 +21,7 @@ + #include "etnaviv_gem.h" + #include "etnaviv_gpu.h" + #include "etnaviv_sched.h" ++#include "state.xml.h" + + static int etnaviv_job_hang_limit = 0; + module_param_named(job_hang_limit, etnaviv_job_hang_limit, int , 0444); +@@ -96,6 +97,29 @@ static void etnaviv_sched_timedout_job(struct drm_sched_job *sched_job) + { + struct etnaviv_gem_submit *submit = to_etnaviv_submit(sched_job); + struct etnaviv_gpu *gpu = submit->gpu; ++ u32 dma_addr; ++ int change; ++ ++ /* ++ * If the GPU managed to complete this jobs fence, the timout is ++ * spurious. Bail out. ++ */ ++ if (fence_completed(gpu, submit->out_fence->seqno)) ++ return; ++ ++ /* ++ * If the GPU is still making forward progress on the front-end (which ++ * should never loop) we shift out the timeout to give it a chance to ++ * finish the job. ++ */ ++ dma_addr = gpu_read(gpu, VIVS_FE_DMA_ADDRESS); ++ change = dma_addr - gpu->hangcheck_dma_addr; ++ if (change < 0 || change > 16) { ++ gpu->hangcheck_dma_addr = dma_addr; ++ schedule_delayed_work(&sched_job->work_tdr, ++ sched_job->sched->timeout); ++ return; ++ } + + /* block scheduler */ + kthread_park(gpu->sched.thread); +diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c +index 60292d243e24..ec2d11af6c78 100644 +--- a/drivers/i2c/busses/i2c-tegra.c ++++ b/drivers/i2c/busses/i2c-tegra.c +@@ -547,6 +547,14 @@ static int tegra_i2c_disable_packet_mode(struct tegra_i2c_dev *i2c_dev) + { + u32 cnfg; + ++ /* ++ * NACK interrupt is generated before the I2C controller generates ++ * the STOP condition on the bus. So wait for 2 clock periods ++ * before disabling the controller so that the STOP condition has ++ * been delivered properly. ++ */ ++ udelay(DIV_ROUND_UP(2 * 1000000, i2c_dev->bus_clk_rate)); ++ + cnfg = i2c_readl(i2c_dev, I2C_CNFG); + if (cnfg & I2C_CNFG_PACKET_MODE_EN) + i2c_writel(i2c_dev, cnfg & ~I2C_CNFG_PACKET_MODE_EN, I2C_CNFG); +@@ -708,15 +716,6 @@ static int tegra_i2c_xfer_msg(struct tegra_i2c_dev *i2c_dev, + if (likely(i2c_dev->msg_err == I2C_ERR_NONE)) + return 0; + +- /* +- * NACK interrupt is generated before the I2C controller generates +- * the STOP condition on the bus. So wait for 2 clock periods +- * before resetting the controller so that the STOP condition has +- * been delivered properly. +- */ +- if (i2c_dev->msg_err == I2C_ERR_NO_ACK) +- udelay(DIV_ROUND_UP(2 * 1000000, i2c_dev->bus_clk_rate)); +- + tegra_i2c_init(i2c_dev); + if (i2c_dev->msg_err == I2C_ERR_NO_ACK) { + if (msg->flags & I2C_M_IGNORE_NAK) +diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c +index 1ba40bb2b966..1b6e80123fba 100644 +--- a/drivers/i2c/i2c-core-base.c ++++ b/drivers/i2c/i2c-core-base.c +@@ -198,7 +198,16 @@ int i2c_generic_scl_recovery(struct i2c_adapter *adap) + + val = !val; + bri->set_scl(adap, val); +- ndelay(RECOVERY_NDELAY); ++ ++ /* ++ * If we can set SDA, we will always create STOP here to ensure ++ * the additional pulses will do no harm. This is achieved by ++ * letting SDA follow SCL half a cycle later. ++ */ ++ ndelay(RECOVERY_NDELAY / 2); ++ if (bri->set_sda) ++ bri->set_sda(adap, val); ++ ndelay(RECOVERY_NDELAY / 2); + } + + /* check if recovery actually succeeded */ +diff --git a/drivers/infiniband/Kconfig b/drivers/infiniband/Kconfig +index 2a972ed6851b..b03af54367c0 100644 +--- a/drivers/infiniband/Kconfig ++++ b/drivers/infiniband/Kconfig +@@ -35,6 +35,17 @@ config INFINIBAND_USER_ACCESS + libibverbs, libibcm and a hardware driver library from + rdma-core <https://github.com/linux-rdma/rdma-core>. + ++config INFINIBAND_USER_ACCESS_UCM ++ bool "Userspace CM (UCM, DEPRECATED)" ++ depends on BROKEN ++ depends on INFINIBAND_USER_ACCESS ++ help ++ The UCM module has known security flaws, which no one is ++ interested to fix. The user-space part of this code was ++ dropped from the upstream a long time ago. ++ ++ This option is DEPRECATED and planned to be removed. ++ + config INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI + bool "Allow experimental legacy verbs in new ioctl uAPI (EXPERIMENTAL)" + depends on INFINIBAND_USER_ACCESS +diff --git a/drivers/infiniband/core/Makefile b/drivers/infiniband/core/Makefile +index dda9e856e3fa..e1acbf5f87f1 100644 +--- a/drivers/infiniband/core/Makefile ++++ b/drivers/infiniband/core/Makefile +@@ -5,8 +5,8 @@ user_access-$(CONFIG_INFINIBAND_ADDR_TRANS) := rdma_ucm.o + obj-$(CONFIG_INFINIBAND) += ib_core.o ib_cm.o iw_cm.o \ + $(infiniband-y) + obj-$(CONFIG_INFINIBAND_USER_MAD) += ib_umad.o +-obj-$(CONFIG_INFINIBAND_USER_ACCESS) += ib_uverbs.o ib_ucm.o \ +- $(user_access-y) ++obj-$(CONFIG_INFINIBAND_USER_ACCESS) += ib_uverbs.o $(user_access-y) ++obj-$(CONFIG_INFINIBAND_USER_ACCESS_UCM) += ib_ucm.o $(user_access-y) + + ib_core-y := packer.o ud_header.o verbs.o cq.o rw.o sysfs.o \ + device.o fmr_pool.o cache.o netlink.o \ +diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c +index 1445918e3239..7b76e6f81aeb 100644 +--- a/drivers/infiniband/hw/cxgb4/mem.c ++++ b/drivers/infiniband/hw/cxgb4/mem.c +@@ -774,7 +774,7 @@ static int c4iw_set_page(struct ib_mr *ibmr, u64 addr) + { + struct c4iw_mr *mhp = to_c4iw_mr(ibmr); + +- if (unlikely(mhp->mpl_len == mhp->max_mpl_len)) ++ if (unlikely(mhp->mpl_len == mhp->attr.pbl_size)) + return -ENOMEM; + + mhp->mpl[mhp->mpl_len++] = addr; +diff --git a/drivers/infiniband/hw/hfi1/rc.c b/drivers/infiniband/hw/hfi1/rc.c +index da58046a02ea..295d3c40a994 100644 +--- a/drivers/infiniband/hw/hfi1/rc.c ++++ b/drivers/infiniband/hw/hfi1/rc.c +@@ -271,7 +271,7 @@ int hfi1_make_rc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) + + lockdep_assert_held(&qp->s_lock); + ps->s_txreq = get_txreq(ps->dev, qp); +- if (IS_ERR(ps->s_txreq)) ++ if (!ps->s_txreq) + goto bail_no_tx; + + if (priv->hdr_type == HFI1_PKT_TYPE_9B) { +diff --git a/drivers/infiniband/hw/hfi1/uc.c b/drivers/infiniband/hw/hfi1/uc.c +index 9d7a3110c14c..d140aaccdf14 100644 +--- a/drivers/infiniband/hw/hfi1/uc.c ++++ b/drivers/infiniband/hw/hfi1/uc.c +@@ -1,5 +1,5 @@ + /* +- * Copyright(c) 2015, 2016 Intel Corporation. ++ * Copyright(c) 2015 - 2018 Intel Corporation. + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. +@@ -72,7 +72,7 @@ int hfi1_make_uc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) + int middle = 0; + + ps->s_txreq = get_txreq(ps->dev, qp); +- if (IS_ERR(ps->s_txreq)) ++ if (!ps->s_txreq) + goto bail_no_tx; + + if (!(ib_rvt_state_ops[qp->state] & RVT_PROCESS_SEND_OK)) { +diff --git a/drivers/infiniband/hw/hfi1/ud.c b/drivers/infiniband/hw/hfi1/ud.c +index 69c17a5ef038..3ae10530f754 100644 +--- a/drivers/infiniband/hw/hfi1/ud.c ++++ b/drivers/infiniband/hw/hfi1/ud.c +@@ -1,5 +1,5 @@ + /* +- * Copyright(c) 2015, 2016 Intel Corporation. ++ * Copyright(c) 2015 - 2018 Intel Corporation. + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. +@@ -482,7 +482,7 @@ int hfi1_make_ud_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) + u32 lid; + + ps->s_txreq = get_txreq(ps->dev, qp); +- if (IS_ERR(ps->s_txreq)) ++ if (!ps->s_txreq) + goto bail_no_tx; + + if (!(ib_rvt_state_ops[qp->state] & RVT_PROCESS_NEXT_SEND_OK)) { +diff --git a/drivers/infiniband/hw/hfi1/verbs_txreq.c b/drivers/infiniband/hw/hfi1/verbs_txreq.c +index 873e48ea923f..c4ab2d5b4502 100644 +--- a/drivers/infiniband/hw/hfi1/verbs_txreq.c ++++ b/drivers/infiniband/hw/hfi1/verbs_txreq.c +@@ -1,5 +1,5 @@ + /* +- * Copyright(c) 2016 - 2017 Intel Corporation. ++ * Copyright(c) 2016 - 2018 Intel Corporation. + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. +@@ -94,7 +94,7 @@ struct verbs_txreq *__get_txreq(struct hfi1_ibdev *dev, + struct rvt_qp *qp) + __must_hold(&qp->s_lock) + { +- struct verbs_txreq *tx = ERR_PTR(-EBUSY); ++ struct verbs_txreq *tx = NULL; + + write_seqlock(&dev->txwait_lock); + if (ib_rvt_state_ops[qp->state] & RVT_PROCESS_RECV_OK) { +diff --git a/drivers/infiniband/hw/hfi1/verbs_txreq.h b/drivers/infiniband/hw/hfi1/verbs_txreq.h +index 729244c3086c..1c19bbc764b2 100644 +--- a/drivers/infiniband/hw/hfi1/verbs_txreq.h ++++ b/drivers/infiniband/hw/hfi1/verbs_txreq.h +@@ -1,5 +1,5 @@ + /* +- * Copyright(c) 2016 Intel Corporation. ++ * Copyright(c) 2016 - 2018 Intel Corporation. + * + * This file is provided under a dual BSD/GPLv2 license. When using or + * redistributing this file, you may do so under either license. +@@ -83,7 +83,7 @@ static inline struct verbs_txreq *get_txreq(struct hfi1_ibdev *dev, + if (unlikely(!tx)) { + /* call slow path to get the lock */ + tx = __get_txreq(dev, qp); +- if (IS_ERR(tx)) ++ if (!tx) + return tx; + } + tx->qp = qp; +diff --git a/drivers/misc/ibmasm/ibmasmfs.c b/drivers/misc/ibmasm/ibmasmfs.c +index e05c3245930a..fa840666bdd1 100644 +--- a/drivers/misc/ibmasm/ibmasmfs.c ++++ b/drivers/misc/ibmasm/ibmasmfs.c +@@ -507,35 +507,14 @@ static int remote_settings_file_close(struct inode *inode, struct file *file) + static ssize_t remote_settings_file_read(struct file *file, char __user *buf, size_t count, loff_t *offset) + { + void __iomem *address = (void __iomem *)file->private_data; +- unsigned char *page; +- int retval; + int len = 0; + unsigned int value; +- +- if (*offset < 0) +- return -EINVAL; +- if (count == 0 || count > 1024) +- return 0; +- if (*offset != 0) +- return 0; +- +- page = (unsigned char *)__get_free_page(GFP_KERNEL); +- if (!page) +- return -ENOMEM; ++ char lbuf[20]; + + value = readl(address); +- len = sprintf(page, "%d\n", value); +- +- if (copy_to_user(buf, page, len)) { +- retval = -EFAULT; +- goto exit; +- } +- *offset += len; +- retval = len; ++ len = snprintf(lbuf, sizeof(lbuf), "%d\n", value); + +-exit: +- free_page((unsigned long)page); +- return retval; ++ return simple_read_from_buffer(buf, count, offset, lbuf, len); + } + + static ssize_t remote_settings_file_write(struct file *file, const char __user *ubuff, size_t count, loff_t *offset) +diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c +index b0b8f18a85e3..6649f0d56d2f 100644 +--- a/drivers/misc/mei/interrupt.c ++++ b/drivers/misc/mei/interrupt.c +@@ -310,8 +310,11 @@ int mei_irq_read_handler(struct mei_device *dev, + if (&cl->link == &dev->file_list) { + /* A message for not connected fixed address clients + * should be silently discarded ++ * On power down client may be force cleaned, ++ * silently discard such messages + */ +- if (hdr_is_fixed(mei_hdr)) { ++ if (hdr_is_fixed(mei_hdr) || ++ dev->dev_state == MEI_DEV_POWER_DOWN) { + mei_irq_discard_msg(dev, mei_hdr); + ret = 0; + goto reset_slots; +diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c +index efd733472a35..56c6f79a5c5a 100644 +--- a/drivers/misc/vmw_balloon.c ++++ b/drivers/misc/vmw_balloon.c +@@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b, + unsigned int num_pages, bool is_2m_pages, unsigned int *target) + { + unsigned long status; +- unsigned long pfn = page_to_pfn(b->page); ++ unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); + + STATS_INC(b->stats.lock[is_2m_pages]); + +@@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b, + unsigned int num_pages, bool is_2m_pages, unsigned int *target) + { + unsigned long status; +- unsigned long pfn = page_to_pfn(b->page); ++ unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); + + STATS_INC(b->stats.unlock[is_2m_pages]); + +diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c +index 29a1afa81f66..3ee8f57fd612 100644 +--- a/drivers/mmc/host/dw_mmc.c ++++ b/drivers/mmc/host/dw_mmc.c +@@ -1065,8 +1065,8 @@ static void dw_mci_ctrl_thld(struct dw_mci *host, struct mmc_data *data) + * It's used when HS400 mode is enabled. + */ + if (data->flags & MMC_DATA_WRITE && +- !(host->timing != MMC_TIMING_MMC_HS400)) +- return; ++ host->timing != MMC_TIMING_MMC_HS400) ++ goto disable; + + if (data->flags & MMC_DATA_WRITE) + enable = SDMMC_CARD_WR_THR_EN; +@@ -1074,7 +1074,8 @@ static void dw_mci_ctrl_thld(struct dw_mci *host, struct mmc_data *data) + enable = SDMMC_CARD_RD_THR_EN; + + if (host->timing != MMC_TIMING_MMC_HS200 && +- host->timing != MMC_TIMING_UHS_SDR104) ++ host->timing != MMC_TIMING_UHS_SDR104 && ++ host->timing != MMC_TIMING_MMC_HS400) + goto disable; + + blksz_depth = blksz / (1 << host->data_shift); +diff --git a/drivers/mmc/host/renesas_sdhi_internal_dmac.c b/drivers/mmc/host/renesas_sdhi_internal_dmac.c +index eb027cdc8f24..8d19b5903fd1 100644 +--- a/drivers/mmc/host/renesas_sdhi_internal_dmac.c ++++ b/drivers/mmc/host/renesas_sdhi_internal_dmac.c +@@ -139,8 +139,7 @@ renesas_sdhi_internal_dmac_abort_dma(struct tmio_mmc_host *host) { + renesas_sdhi_internal_dmac_dm_write(host, DM_CM_RST, + RST_RESERVED_BITS | val); + +- if (host->data && host->data->flags & MMC_DATA_READ) +- clear_bit(SDHI_INTERNAL_DMAC_RX_IN_USE, &global_flags); ++ clear_bit(SDHI_INTERNAL_DMAC_RX_IN_USE, &global_flags); + + renesas_sdhi_internal_dmac_enable_dma(host, true); + } +diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c +index cd2b5f643a15..6891be4ff9f1 100644 +--- a/drivers/mmc/host/sdhci-esdhc-imx.c ++++ b/drivers/mmc/host/sdhci-esdhc-imx.c +@@ -306,6 +306,15 @@ static u32 esdhc_readl_le(struct sdhci_host *host, int reg) + + if (imx_data->socdata->flags & ESDHC_FLAG_HS400) + val |= SDHCI_SUPPORT_HS400; ++ ++ /* ++ * Do not advertise faster UHS modes if there are no ++ * pinctrl states for 100MHz/200MHz. ++ */ ++ if (IS_ERR_OR_NULL(imx_data->pins_100mhz) || ++ IS_ERR_OR_NULL(imx_data->pins_200mhz)) ++ val &= ~(SDHCI_SUPPORT_SDR50 | SDHCI_SUPPORT_DDR50 ++ | SDHCI_SUPPORT_SDR104 | SDHCI_SUPPORT_HS400); + } + } + +@@ -1136,18 +1145,6 @@ sdhci_esdhc_imx_probe_dt(struct platform_device *pdev, + ESDHC_PINCTRL_STATE_100MHZ); + imx_data->pins_200mhz = pinctrl_lookup_state(imx_data->pinctrl, + ESDHC_PINCTRL_STATE_200MHZ); +- if (IS_ERR(imx_data->pins_100mhz) || +- IS_ERR(imx_data->pins_200mhz)) { +- dev_warn(mmc_dev(host->mmc), +- "could not get ultra high speed state, work on normal mode\n"); +- /* +- * fall back to not supporting uhs by specifying no +- * 1.8v quirk +- */ +- host->quirks2 |= SDHCI_QUIRK2_NO_1_8_V; +- } +- } else { +- host->quirks2 |= SDHCI_QUIRK2_NO_1_8_V; + } + + /* call to generic mmc_of_parse to support additional capabilities */ +diff --git a/drivers/mtd/spi-nor/cadence-quadspi.c b/drivers/mtd/spi-nor/cadence-quadspi.c +index 5872f31eaa60..5cf9ef6cf259 100644 +--- a/drivers/mtd/spi-nor/cadence-quadspi.c ++++ b/drivers/mtd/spi-nor/cadence-quadspi.c +@@ -920,10 +920,12 @@ static ssize_t cqspi_write(struct spi_nor *nor, loff_t to, + if (ret) + return ret; + +- if (f_pdata->use_direct_mode) ++ if (f_pdata->use_direct_mode) { + memcpy_toio(cqspi->ahb_base + to, buf, len); +- else ++ ret = cqspi_wait_idle(cqspi); ++ } else { + ret = cqspi_indirect_write_execute(nor, to, buf, len); ++ } + if (ret) + return ret; + +diff --git a/drivers/staging/rtl8723bs/core/rtw_ap.c b/drivers/staging/rtl8723bs/core/rtw_ap.c +index 0b530ea7fd81..4b39b7ddf506 100644 +--- a/drivers/staging/rtl8723bs/core/rtw_ap.c ++++ b/drivers/staging/rtl8723bs/core/rtw_ap.c +@@ -1059,7 +1059,7 @@ int rtw_check_beacon_data(struct adapter *padapter, u8 *pbuf, int len) + return _FAIL; + + +- if (len > MAX_IE_SZ) ++ if (len < 0 || len > MAX_IE_SZ) + return _FAIL; + + pbss_network->IELength = len; +diff --git a/drivers/staging/rtlwifi/rtl8822be/hw.c b/drivers/staging/rtlwifi/rtl8822be/hw.c +index 74386003044f..c6db2bd20594 100644 +--- a/drivers/staging/rtlwifi/rtl8822be/hw.c ++++ b/drivers/staging/rtlwifi/rtl8822be/hw.c +@@ -814,7 +814,7 @@ static void _rtl8822be_enable_aspm_back_door(struct ieee80211_hw *hw) + return; + + pci_read_config_byte(rtlpci->pdev, 0x70f, &tmp); +- pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | BIT(7)); ++ pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | ASPM_L1_LATENCY << 3); + + pci_read_config_byte(rtlpci->pdev, 0x719, &tmp); + pci_write_config_byte(rtlpci->pdev, 0x719, tmp | BIT(3) | BIT(4)); +diff --git a/drivers/staging/rtlwifi/wifi.h b/drivers/staging/rtlwifi/wifi.h +index a23bb1719e35..0ab1e2d50535 100644 +--- a/drivers/staging/rtlwifi/wifi.h ++++ b/drivers/staging/rtlwifi/wifi.h +@@ -99,6 +99,7 @@ + #define RTL_USB_MAX_RX_COUNT 100 + #define QBSS_LOAD_SIZE 5 + #define MAX_WMMELE_LENGTH 64 ++#define ASPM_L1_LATENCY 7 + + #define TOTAL_CAM_ENTRY 32 + +diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c +index 6281266b8ec0..a923ebdeb73c 100644 +--- a/drivers/thunderbolt/domain.c ++++ b/drivers/thunderbolt/domain.c +@@ -213,6 +213,10 @@ static ssize_t boot_acl_store(struct device *dev, struct device_attribute *attr, + goto err_free_acl; + } + ret = tb->cm_ops->set_boot_acl(tb, acl, tb->nboot_acl); ++ if (!ret) { ++ /* Notify userspace about the change */ ++ kobject_uevent(&tb->dev.kobj, KOBJ_CHANGE); ++ } + mutex_unlock(&tb->lock); + + err_free_acl: +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index c55def2f1320..097057d2eacf 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -378,6 +378,10 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Corsair K70 RGB */ + { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT }, + ++ /* Corsair Strafe */ ++ { USB_DEVICE(0x1b1c, 0x1b15), .driver_info = USB_QUIRK_DELAY_INIT | ++ USB_QUIRK_DELAY_CTRL_MSG }, ++ + /* Corsair Strafe RGB */ + { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT | + USB_QUIRK_DELAY_CTRL_MSG }, +diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c +index 99e7547f234f..0b424a4b58ec 100644 +--- a/drivers/usb/host/xhci-mem.c ++++ b/drivers/usb/host/xhci-mem.c +@@ -591,7 +591,7 @@ struct xhci_ring *xhci_stream_id_to_ring( + if (!ep->stream_info) + return NULL; + +- if (stream_id > ep->stream_info->num_streams) ++ if (stream_id >= ep->stream_info->num_streams) + return NULL; + return ep->stream_info->stream_rings[stream_id]; + } +diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c +index 8abb6cbbd98a..3be40eaa1ac9 100644 +--- a/drivers/usb/misc/yurex.c ++++ b/drivers/usb/misc/yurex.c +@@ -396,8 +396,7 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, + loff_t *ppos) + { + struct usb_yurex *dev; +- int retval = 0; +- int bytes_read = 0; ++ int len = 0; + char in_buffer[20]; + unsigned long flags; + +@@ -405,26 +404,16 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, + + mutex_lock(&dev->io_mutex); + if (!dev->interface) { /* already disconnected */ +- retval = -ENODEV; +- goto exit; ++ mutex_unlock(&dev->io_mutex); ++ return -ENODEV; + } + + spin_lock_irqsave(&dev->lock, flags); +- bytes_read = snprintf(in_buffer, 20, "%lld\n", dev->bbu); ++ len = snprintf(in_buffer, 20, "%lld\n", dev->bbu); + spin_unlock_irqrestore(&dev->lock, flags); +- +- if (*ppos < bytes_read) { +- if (copy_to_user(buffer, in_buffer + *ppos, bytes_read - *ppos)) +- retval = -EFAULT; +- else { +- retval = bytes_read - *ppos; +- *ppos += bytes_read; +- } +- } +- +-exit: + mutex_unlock(&dev->io_mutex); +- return retval; ++ ++ return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); + } + + static ssize_t yurex_write(struct file *file, const char __user *user_buffer, +diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c +index bdd7a5ad3bf1..3bb1fff02bed 100644 +--- a/drivers/usb/serial/ch341.c ++++ b/drivers/usb/serial/ch341.c +@@ -128,7 +128,7 @@ static int ch341_control_in(struct usb_device *dev, + r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, + value, index, buf, bufsize, DEFAULT_TIMEOUT); +- if (r < bufsize) { ++ if (r < (int)bufsize) { + if (r >= 0) { + dev_err(&dev->dev, + "short control message received (%d < %u)\n", +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index ee0cc1d90b51..626a29d9aa58 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -149,6 +149,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ + { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ + { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ ++ { USB_DEVICE(0x10C4, 0x89FB) }, /* Qivicon ZigBee USB Radio Stick */ + { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ + { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ + { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ +diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c +index 5169624d8b11..38d43c4b7ce5 100644 +--- a/drivers/usb/serial/keyspan_pda.c ++++ b/drivers/usb/serial/keyspan_pda.c +@@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, + 3, /* get pins */ + USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, + 0, 0, data, 1, 2000); +- if (rc >= 0) ++ if (rc == 1) + *value = *data; ++ else if (rc >= 0) ++ rc = -EIO; + + kfree(data); + return rc; +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c +index fdceb46d9fc6..b580b4c7fa48 100644 +--- a/drivers/usb/serial/mos7840.c ++++ b/drivers/usb/serial/mos7840.c +@@ -468,6 +468,9 @@ static void mos7840_control_callback(struct urb *urb) + } + + dev_dbg(dev, "%s urb buffer size is %d\n", __func__, urb->actual_length); ++ if (urb->actual_length < 1) ++ goto out; ++ + dev_dbg(dev, "%s mos7840_port->MsrLsr is %d port %d\n", __func__, + mos7840_port->MsrLsr, mos7840_port->port_num); + data = urb->transfer_buffer; +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index 4ad6f669fe34..39d3a724a4b4 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -1259,9 +1259,8 @@ static int load_elf_library(struct file *file) + goto out_free_ph; + } + +- len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + +- ELF_MIN_ALIGN - 1); +- bss = eppnt->p_memsz + eppnt->p_vaddr; ++ len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr); ++ bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr); + if (bss > len) { + error = vm_brk(len, bss - len); + if (error) +diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h +index 1df7f10476d6..20149b8771d9 100644 +--- a/fs/f2fs/f2fs.h ++++ b/fs/f2fs/f2fs.h +@@ -1586,18 +1586,6 @@ static inline bool __exist_node_summaries(struct f2fs_sb_info *sbi) + is_set_ckpt_flags(sbi, CP_FASTBOOT_FLAG)); + } + +-/* +- * Check whether the given nid is within node id range. +- */ +-static inline int check_nid_range(struct f2fs_sb_info *sbi, nid_t nid) +-{ +- if (unlikely(nid < F2FS_ROOT_INO(sbi))) +- return -EINVAL; +- if (unlikely(nid >= NM_I(sbi)->max_nid)) +- return -EINVAL; +- return 0; +-} +- + /* + * Check whether the inode has blocks or not + */ +@@ -2720,6 +2708,7 @@ f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info, + struct dnode_of_data; + struct node_info; + ++int check_nid_range(struct f2fs_sb_info *sbi, nid_t nid); + bool available_free_memory(struct f2fs_sb_info *sbi, int type); + int need_dentry_mark(struct f2fs_sb_info *sbi, nid_t nid); + bool is_checkpointed_node(struct f2fs_sb_info *sbi, nid_t nid); +diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c +index f8ef04c9f69d..3d91bea4ec90 100644 +--- a/fs/f2fs/inode.c ++++ b/fs/f2fs/inode.c +@@ -185,6 +185,21 @@ void f2fs_inode_chksum_set(struct f2fs_sb_info *sbi, struct page *page) + ri->i_inode_checksum = cpu_to_le32(f2fs_inode_chksum(sbi, page)); + } + ++static bool sanity_check_inode(struct inode *inode) ++{ ++ struct f2fs_sb_info *sbi = F2FS_I_SB(inode); ++ ++ if (f2fs_sb_has_flexible_inline_xattr(sbi->sb) ++ && !f2fs_has_extra_attr(inode)) { ++ set_sbi_flag(sbi, SBI_NEED_FSCK); ++ f2fs_msg(sbi->sb, KERN_WARNING, ++ "%s: corrupted inode ino=%lx, run fsck to fix.", ++ __func__, inode->i_ino); ++ return false; ++ } ++ return true; ++} ++ + static int do_read_inode(struct inode *inode) + { + struct f2fs_sb_info *sbi = F2FS_I_SB(inode); +@@ -194,12 +209,8 @@ static int do_read_inode(struct inode *inode) + projid_t i_projid; + + /* Check if ino is within scope */ +- if (check_nid_range(sbi, inode->i_ino)) { +- f2fs_msg(inode->i_sb, KERN_ERR, "bad inode number: %lu", +- (unsigned long) inode->i_ino); +- WARN_ON(1); ++ if (check_nid_range(sbi, inode->i_ino)) + return -EINVAL; +- } + + node_page = get_node_page(sbi, inode->i_ino); + if (IS_ERR(node_page)) +@@ -239,7 +250,6 @@ static int do_read_inode(struct inode *inode) + le16_to_cpu(ri->i_extra_isize) : 0; + + if (f2fs_sb_has_flexible_inline_xattr(sbi->sb)) { +- f2fs_bug_on(sbi, !f2fs_has_extra_attr(inode)); + fi->i_inline_xattr_size = le16_to_cpu(ri->i_inline_xattr_size); + } else if (f2fs_has_inline_xattr(inode) || + f2fs_has_inline_dentry(inode)) { +@@ -317,6 +327,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) + ret = do_read_inode(inode); + if (ret) + goto bad_inode; ++ if (!sanity_check_inode(inode)) { ++ ret = -EINVAL; ++ goto bad_inode; ++ } + make_now: + if (ino == F2FS_NODE_INO(sbi)) { + inode->i_mapping->a_ops = &f2fs_node_aops; +@@ -588,8 +602,11 @@ void f2fs_evict_inode(struct inode *inode) + alloc_nid_failed(sbi, inode->i_ino); + clear_inode_flag(inode, FI_FREE_NID); + } else { +- f2fs_bug_on(sbi, err && +- !exist_written_data(sbi, inode->i_ino, ORPHAN_INO)); ++ /* ++ * If xattr nid is corrupted, we can reach out error condition, ++ * err & !exist_written_data(sbi, inode->i_ino, ORPHAN_INO)). ++ * In that case, check_nid_range() is enough to give a clue. ++ */ + } + out_clear: + fscrypt_put_encryption_info(inode); +diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c +index f202398e20ea..de48222f48e3 100644 +--- a/fs/f2fs/node.c ++++ b/fs/f2fs/node.c +@@ -29,6 +29,21 @@ static struct kmem_cache *nat_entry_slab; + static struct kmem_cache *free_nid_slab; + static struct kmem_cache *nat_entry_set_slab; + ++/* ++ * Check whether the given nid is within node id range. ++ */ ++int check_nid_range(struct f2fs_sb_info *sbi, nid_t nid) ++{ ++ if (unlikely(nid < F2FS_ROOT_INO(sbi) || nid >= NM_I(sbi)->max_nid)) { ++ set_sbi_flag(sbi, SBI_NEED_FSCK); ++ f2fs_msg(sbi->sb, KERN_WARNING, ++ "%s: out-of-range nid=%x, run fsck to fix.", ++ __func__, nid); ++ return -EINVAL; ++ } ++ return 0; ++} ++ + bool available_free_memory(struct f2fs_sb_info *sbi, int type) + { + struct f2fs_nm_info *nm_i = NM_I(sbi); +@@ -1158,7 +1173,8 @@ void ra_node_page(struct f2fs_sb_info *sbi, nid_t nid) + + if (!nid) + return; +- f2fs_bug_on(sbi, check_nid_range(sbi, nid)); ++ if (check_nid_range(sbi, nid)) ++ return; + + rcu_read_lock(); + apage = radix_tree_lookup(&NODE_MAPPING(sbi)->i_pages, nid); +@@ -1182,7 +1198,8 @@ static struct page *__get_node_page(struct f2fs_sb_info *sbi, pgoff_t nid, + + if (!nid) + return ERR_PTR(-ENOENT); +- f2fs_bug_on(sbi, check_nid_range(sbi, nid)); ++ if (check_nid_range(sbi, nid)) ++ return ERR_PTR(-EINVAL); + repeat: + page = f2fs_grab_cache_page(NODE_MAPPING(sbi), nid, false); + if (!page) +diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c +index be8d1b16b8d1..cffaf842f4e7 100644 +--- a/fs/f2fs/segment.c ++++ b/fs/f2fs/segment.c +@@ -3600,6 +3600,7 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) + unsigned int i, start, end; + unsigned int readed, start_blk = 0; + int err = 0; ++ block_t total_node_blocks = 0; + + do { + readed = ra_meta_pages(sbi, start_blk, BIO_MAX_PAGES, +@@ -3622,6 +3623,8 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) + if (err) + return err; + seg_info_from_raw_sit(se, &sit); ++ if (IS_NODESEG(se->type)) ++ total_node_blocks += se->valid_blocks; + + /* build discard map only one time */ + if (f2fs_discard_en(sbi)) { +@@ -3650,15 +3653,28 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) + unsigned int old_valid_blocks; + + start = le32_to_cpu(segno_in_journal(journal, i)); ++ if (start >= MAIN_SEGS(sbi)) { ++ f2fs_msg(sbi->sb, KERN_ERR, ++ "Wrong journal entry on segno %u", ++ start); ++ set_sbi_flag(sbi, SBI_NEED_FSCK); ++ err = -EINVAL; ++ break; ++ } ++ + se = &sit_i->sentries[start]; + sit = sit_in_journal(journal, i); + + old_valid_blocks = se->valid_blocks; ++ if (IS_NODESEG(se->type)) ++ total_node_blocks -= old_valid_blocks; + + err = check_block_count(sbi, start, &sit); + if (err) + break; + seg_info_from_raw_sit(se, &sit); ++ if (IS_NODESEG(se->type)) ++ total_node_blocks += se->valid_blocks; + + if (f2fs_discard_en(sbi)) { + if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) { +@@ -3677,6 +3693,15 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) + se->valid_blocks - old_valid_blocks; + } + up_read(&curseg->journal_rwsem); ++ ++ if (!err && total_node_blocks != valid_node_count(sbi)) { ++ f2fs_msg(sbi->sb, KERN_ERR, ++ "SIT is corrupted node# %u vs %u", ++ total_node_blocks, valid_node_count(sbi)); ++ set_sbi_flag(sbi, SBI_NEED_FSCK); ++ err = -EINVAL; ++ } ++ + return err; + } + +diff --git a/fs/inode.c b/fs/inode.c +index 3b55391072f3..6c6fef8c7c27 100644 +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -2013,8 +2013,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, + inode->i_uid = current_fsuid(); + if (dir && dir->i_mode & S_ISGID) { + inode->i_gid = dir->i_gid; ++ ++ /* Directories are special, and always inherit S_ISGID */ + if (S_ISDIR(mode)) + mode |= S_ISGID; ++ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && ++ !in_group_p(inode->i_gid) && ++ !capable_wrt_inode_uidgid(dir, CAP_FSETID)) ++ mode &= ~S_ISGID; + } else + inode->i_gid = current_fsgid(); + inode->i_mode = mode; +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index c486ad4b43f0..b0abfe02beab 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -831,7 +831,8 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) + SEQ_PUT_DEC(" kB\nSwap: ", mss->swap); + SEQ_PUT_DEC(" kB\nSwapPss: ", + mss->swap_pss >> PSS_SHIFT); +- SEQ_PUT_DEC(" kB\nLocked: ", mss->pss >> PSS_SHIFT); ++ SEQ_PUT_DEC(" kB\nLocked: ", ++ mss->pss_locked >> PSS_SHIFT); + seq_puts(m, " kB\n"); + } + if (!rollup_mode) { +diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c +index 367e9a0726e6..ead8c4842c29 100644 +--- a/fs/xfs/libxfs/xfs_ialloc_btree.c ++++ b/fs/xfs/libxfs/xfs_ialloc_btree.c +@@ -296,7 +296,7 @@ xfs_inobt_verify( + case cpu_to_be32(XFS_FIBT_MAGIC): + break; + default: +- return NULL; ++ return __this_address; + } + + /* level verification */ +diff --git a/include/linux/libata.h b/include/linux/libata.h +index 1795fecdea17..6fed495af95c 100644 +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -211,6 +211,7 @@ enum { + ATA_FLAG_SLAVE_POSS = (1 << 0), /* host supports slave dev */ + /* (doesn't imply presence) */ + ATA_FLAG_SATA = (1 << 1), ++ ATA_FLAG_NO_LPM = (1 << 2), /* host not happy with LPM */ + ATA_FLAG_NO_LOG_PAGE = (1 << 5), /* do not issue log page read */ + ATA_FLAG_NO_ATAPI = (1 << 6), /* No ATAPI support */ + ATA_FLAG_PIO_DMA = (1 << 7), /* PIO cmds via DMA */ +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c +index 1904e814f282..56212edd6f23 100644 +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -1610,6 +1610,30 @@ static int get_callee_stack_depth(struct bpf_verifier_env *env, + } + #endif + ++static int check_ctx_reg(struct bpf_verifier_env *env, ++ const struct bpf_reg_state *reg, int regno) ++{ ++ /* Access to ctx or passing it to a helper is only allowed in ++ * its original, unmodified form. ++ */ ++ ++ if (reg->off) { ++ verbose(env, "dereference of modified ctx ptr R%d off=%d disallowed\n", ++ regno, reg->off); ++ return -EACCES; ++ } ++ ++ if (!tnum_is_const(reg->var_off) || reg->var_off.value) { ++ char tn_buf[48]; ++ ++ tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); ++ verbose(env, "variable ctx access var_off=%s disallowed\n", tn_buf); ++ return -EACCES; ++ } ++ ++ return 0; ++} ++ + /* truncate register to smaller size (in bytes) + * must be called with size < BPF_REG_SIZE + */ +@@ -1679,24 +1703,11 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn + verbose(env, "R%d leaks addr into ctx\n", value_regno); + return -EACCES; + } +- /* ctx accesses must be at a fixed offset, so that we can +- * determine what type of data were returned. +- */ +- if (reg->off) { +- verbose(env, +- "dereference of modified ctx ptr R%d off=%d+%d, ctx+const is allowed, ctx+const+const is not\n", +- regno, reg->off, off - reg->off); +- return -EACCES; +- } +- if (!tnum_is_const(reg->var_off) || reg->var_off.value) { +- char tn_buf[48]; + +- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); +- verbose(env, +- "variable ctx access var_off=%s off=%d size=%d", +- tn_buf, off, size); +- return -EACCES; +- } ++ err = check_ctx_reg(env, reg, regno); ++ if (err < 0) ++ return err; ++ + err = check_ctx_access(env, insn_idx, off, size, t, ®_type); + if (!err && t == BPF_READ && value_regno >= 0) { + /* ctx access returns either a scalar, or a +@@ -1977,6 +1988,9 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, + expected_type = PTR_TO_CTX; + if (type != expected_type) + goto err_type; ++ err = check_ctx_reg(env, reg, regno); ++ if (err < 0) ++ return err; + } else if (arg_type_is_mem_ptr(arg_type)) { + expected_type = PTR_TO_STACK; + /* One exception here. In case function allows for NULL to be +diff --git a/kernel/power/user.c b/kernel/power/user.c +index 75c959de4b29..abd225550271 100644 +--- a/kernel/power/user.c ++++ b/kernel/power/user.c +@@ -186,6 +186,11 @@ static ssize_t snapshot_write(struct file *filp, const char __user *buf, + res = PAGE_SIZE - pg_offp; + } + ++ if (!data_of(data->handle)) { ++ res = -EINVAL; ++ goto unlock; ++ } ++ + res = simple_write_to_buffer(data_of(data->handle), res, &pg_offp, + buf, count); + if (res > 0) +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index bcd93031d042..4e67d0020337 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3363,8 +3363,8 @@ static void print_func_help_header(struct trace_buffer *buf, struct seq_file *m, + + print_event_info(buf, m); + +- seq_printf(m, "# TASK-PID CPU# %s TIMESTAMP FUNCTION\n", tgid ? "TGID " : ""); +- seq_printf(m, "# | | | %s | |\n", tgid ? " | " : ""); ++ seq_printf(m, "# TASK-PID %s CPU# TIMESTAMP FUNCTION\n", tgid ? "TGID " : ""); ++ seq_printf(m, "# | | %s | | |\n", tgid ? " | " : ""); + } + + static void print_func_help_header_irq(struct trace_buffer *buf, struct seq_file *m, +@@ -3384,9 +3384,9 @@ static void print_func_help_header_irq(struct trace_buffer *buf, struct seq_file + tgid ? tgid_space : space); + seq_printf(m, "# %s||| / delay\n", + tgid ? tgid_space : space); +- seq_printf(m, "# TASK-PID CPU#%s|||| TIMESTAMP FUNCTION\n", ++ seq_printf(m, "# TASK-PID %sCPU# |||| TIMESTAMP FUNCTION\n", + tgid ? " TGID " : space); +- seq_printf(m, "# | | | %s|||| | |\n", ++ seq_printf(m, "# | | %s | |||| | |\n", + tgid ? " | " : space); + } + +diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c +index 02aed76e0978..eebc7c92f6d0 100644 +--- a/kernel/trace/trace_kprobe.c ++++ b/kernel/trace/trace_kprobe.c +@@ -1451,8 +1451,10 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, + } + + ret = __register_trace_kprobe(tk); +- if (ret < 0) ++ if (ret < 0) { ++ kfree(tk->tp.call.print_fmt); + goto error; ++ } + + return &tk->tp.call; + error: +@@ -1472,6 +1474,8 @@ void destroy_local_trace_kprobe(struct trace_event_call *event_call) + } + + __unregister_trace_kprobe(tk); ++ ++ kfree(tk->tp.call.print_fmt); + free_trace_kprobe(tk); + } + #endif /* CONFIG_PERF_EVENTS */ +diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c +index 90db994ac900..1c8e30fda46a 100644 +--- a/kernel/trace/trace_output.c ++++ b/kernel/trace/trace_output.c +@@ -594,8 +594,7 @@ int trace_print_context(struct trace_iterator *iter) + + trace_find_cmdline(entry->pid, comm); + +- trace_seq_printf(s, "%16s-%-5d [%03d] ", +- comm, entry->pid, iter->cpu); ++ trace_seq_printf(s, "%16s-%-5d ", comm, entry->pid); + + if (tr->trace_flags & TRACE_ITER_RECORD_TGID) { + unsigned int tgid = trace_find_tgid(entry->pid); +@@ -606,6 +605,8 @@ int trace_print_context(struct trace_iterator *iter) + trace_seq_printf(s, "(%5d) ", tgid); + } + ++ trace_seq_printf(s, "[%03d] ", iter->cpu); ++ + if (tr->trace_flags & TRACE_ITER_IRQ_INFO) + trace_print_lat_fmt(s, entry); + +diff --git a/mm/gup.c b/mm/gup.c +index 3d8472d48a0b..e608e6650d60 100644 +--- a/mm/gup.c ++++ b/mm/gup.c +@@ -1222,8 +1222,6 @@ int __mm_populate(unsigned long start, unsigned long len, int ignore_errors) + int locked = 0; + long ret = 0; + +- VM_BUG_ON(start & ~PAGE_MASK); +- VM_BUG_ON(len != PAGE_ALIGN(len)); + end = start + len; + + for (nstart = start; nstart < end; nstart = nend) { +diff --git a/mm/mmap.c b/mm/mmap.c +index fc41c0543d7f..540cfab8c2c4 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -186,8 +186,8 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) + return next; + } + +-static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf); +- ++static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, ++ struct list_head *uf); + SYSCALL_DEFINE1(brk, unsigned long, brk) + { + unsigned long retval; +@@ -245,7 +245,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) + goto out; + + /* Ok, looks good - let it rip. */ +- if (do_brk(oldbrk, newbrk-oldbrk, &uf) < 0) ++ if (do_brk_flags(oldbrk, newbrk-oldbrk, 0, &uf) < 0) + goto out; + + set_brk: +@@ -2929,21 +2929,14 @@ static inline void verify_mm_writelocked(struct mm_struct *mm) + * anonymous maps. eventually we may be able to do some + * brk-specific accounting here. + */ +-static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, struct list_head *uf) ++static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long flags, struct list_head *uf) + { + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma, *prev; +- unsigned long len; + struct rb_node **rb_link, *rb_parent; + pgoff_t pgoff = addr >> PAGE_SHIFT; + int error; + +- len = PAGE_ALIGN(request); +- if (len < request) +- return -ENOMEM; +- if (!len) +- return 0; +- + /* Until we need other flags, refuse anything except VM_EXEC. */ + if ((flags & (~VM_EXEC)) != 0) + return -EINVAL; +@@ -3015,18 +3008,20 @@ static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long + return 0; + } + +-static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf) +-{ +- return do_brk_flags(addr, len, 0, uf); +-} +- +-int vm_brk_flags(unsigned long addr, unsigned long len, unsigned long flags) ++int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) + { + struct mm_struct *mm = current->mm; ++ unsigned long len; + int ret; + bool populate; + LIST_HEAD(uf); + ++ len = PAGE_ALIGN(request); ++ if (len < request) ++ return -ENOMEM; ++ if (!len) ++ return 0; ++ + if (down_write_killable(&mm->mmap_sem)) + return -EINTR; + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index d2d0eb9536a3..322cb12a142f 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6841,6 +6841,7 @@ void __init free_area_init_nodes(unsigned long *max_zone_pfn) + /* Initialise every node */ + mminit_verify_pageflags_layout(); + setup_nr_node_ids(); ++ zero_resv_unavail(); + for_each_online_node(nid) { + pg_data_t *pgdat = NODE_DATA(nid); + free_area_init_node(nid, NULL, +@@ -6851,7 +6852,6 @@ void __init free_area_init_nodes(unsigned long *max_zone_pfn) + node_set_state(nid, N_MEMORY); + check_for_memory(pgdat, nid); + } +- zero_resv_unavail(); + } + + static int __init cmdline_parse_core(char *p, unsigned long *core, +@@ -7027,9 +7027,9 @@ void __init set_dma_reserve(unsigned long new_dma_reserve) + + void __init free_area_init(unsigned long *zones_size) + { ++ zero_resv_unavail(); + free_area_init_node(0, zones_size, + __pa(PAGE_OFFSET) >> PAGE_SHIFT, NULL); +- zero_resv_unavail(); + } + + static int page_alloc_cpu_dead(unsigned int cpu) +diff --git a/mm/rmap.c b/mm/rmap.c +index 8d5337fed37b..09a799c9aebd 100644 +--- a/mm/rmap.c ++++ b/mm/rmap.c +@@ -64,6 +64,7 @@ + #include <linux/backing-dev.h> + #include <linux/page_idle.h> + #include <linux/memremap.h> ++#include <linux/userfaultfd_k.h> + + #include <asm/tlbflush.h> + +@@ -1481,11 +1482,16 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, + set_pte_at(mm, address, pvmw.pte, pteval); + } + +- } else if (pte_unused(pteval)) { ++ } else if (pte_unused(pteval) && !userfaultfd_armed(vma)) { + /* + * The guest indicated that the page content is of no + * interest anymore. Simply discard the pte, vmscan + * will take care of the rest. ++ * A future reference will then fault in a new zero ++ * page. When userfaultfd is active, we must not drop ++ * this page though, as its main user (postcopy ++ * migration) will not expect userfaults on already ++ * copied pages. + */ + dec_mm_counter(mm, mm_counter(page)); + /* We have to invalidate as we cleared the pte */ +diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c +index 6ba639f6c51d..499123afcab5 100644 +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -694,6 +694,8 @@ ebt_check_entry(struct ebt_entry *e, struct net *net, + } + i = 0; + ++ memset(&mtpar, 0, sizeof(mtpar)); ++ memset(&tgpar, 0, sizeof(tgpar)); + mtpar.net = tgpar.net = net; + mtpar.table = tgpar.table = name; + mtpar.entryinfo = tgpar.entryinfo = e; +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index e85f35b89c49..f6130704f052 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -531,6 +531,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, + return -ENOMEM; + + j = 0; ++ memset(&mtpar, 0, sizeof(mtpar)); + mtpar.net = net; + mtpar.table = name; + mtpar.entryinfo = &e->ip; +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 97f79dc943d7..685c2168f524 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -551,6 +551,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, + return -ENOMEM; + + j = 0; ++ memset(&mtpar, 0, sizeof(mtpar)); + mtpar.net = net; + mtpar.table = name; + mtpar.entryinfo = &e->ipv6; +diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c +index 74a04638ef03..93b3e4b86870 100644 +--- a/net/netfilter/nfnetlink_queue.c ++++ b/net/netfilter/nfnetlink_queue.c +@@ -1223,6 +1223,9 @@ static int nfqnl_recv_unsupp(struct net *net, struct sock *ctnl, + static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = { + [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) }, + [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) }, ++ [NFQA_CFG_QUEUE_MAXLEN] = { .type = NLA_U32 }, ++ [NFQA_CFG_MASK] = { .type = NLA_U32 }, ++ [NFQA_CFG_FLAGS] = { .type = NLA_U32 }, + }; + + static const struct nf_queue_handler nfqh = { +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c +index ed39a77f9253..76d82eebeef2 100644 +--- a/sound/pci/hda/patch_hdmi.c ++++ b/sound/pci/hda/patch_hdmi.c +@@ -33,6 +33,7 @@ + #include <linux/delay.h> + #include <linux/slab.h> + #include <linux/module.h> ++#include <linux/pm_runtime.h> + #include <sound/core.h> + #include <sound/jack.h> + #include <sound/asoundef.h> +@@ -764,8 +765,10 @@ static void check_presence_and_report(struct hda_codec *codec, hda_nid_t nid, + + if (pin_idx < 0) + return; ++ mutex_lock(&spec->pcm_lock); + if (hdmi_present_sense(get_pin(spec, pin_idx), 1)) + snd_hda_jack_report_sync(codec); ++ mutex_unlock(&spec->pcm_lock); + } + + static void jack_callback(struct hda_codec *codec, +@@ -1628,21 +1631,23 @@ static void sync_eld_via_acomp(struct hda_codec *codec, + static bool hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll) + { + struct hda_codec *codec = per_pin->codec; +- struct hdmi_spec *spec = codec->spec; + int ret; + + /* no temporary power up/down needed for component notifier */ +- if (!codec_has_acomp(codec)) +- snd_hda_power_up_pm(codec); ++ if (!codec_has_acomp(codec)) { ++ ret = snd_hda_power_up_pm(codec); ++ if (ret < 0 && pm_runtime_suspended(hda_codec_dev(codec))) { ++ snd_hda_power_down_pm(codec); ++ return false; ++ } ++ } + +- mutex_lock(&spec->pcm_lock); + if (codec_has_acomp(codec)) { + sync_eld_via_acomp(codec, per_pin); + ret = false; /* don't call snd_hda_jack_report_sync() */ + } else { + ret = hdmi_present_sense_via_verbs(per_pin, repoll); + } +- mutex_unlock(&spec->pcm_lock); + + if (!codec_has_acomp(codec)) + snd_hda_power_down_pm(codec); +@@ -1654,12 +1659,16 @@ static void hdmi_repoll_eld(struct work_struct *work) + { + struct hdmi_spec_per_pin *per_pin = + container_of(to_delayed_work(work), struct hdmi_spec_per_pin, work); ++ struct hda_codec *codec = per_pin->codec; ++ struct hdmi_spec *spec = codec->spec; + + if (per_pin->repoll_count++ > 6) + per_pin->repoll_count = 0; + ++ mutex_lock(&spec->pcm_lock); + if (hdmi_present_sense(per_pin, per_pin->repoll_count)) + snd_hda_jack_report_sync(per_pin->codec); ++ mutex_unlock(&spec->pcm_lock); + } + + static void intel_haswell_fixup_connect_list(struct hda_codec *codec, +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index cb9a977bf188..066efe783fe8 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6586,7 +6586,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), + SND_PCI_QUIRK(0x17aa, 0x312a, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), + SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), +- SND_PCI_QUIRK(0x17aa, 0x3136, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), + SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), + SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), + SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), +@@ -6770,6 +6769,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { + {0x1a, 0x02a11040}, + {0x1b, 0x01014020}, + {0x21, 0x0221101f}), ++ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, ++ {0x14, 0x90170110}, ++ {0x19, 0x02a11020}, ++ {0x1a, 0x02a11030}, ++ {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, + {0x12, 0x90a60140}, + {0x14, 0x90170110}, +diff --git a/tools/build/Build.include b/tools/build/Build.include +index a4bbb984941d..d9048f145f97 100644 +--- a/tools/build/Build.include ++++ b/tools/build/Build.include +@@ -63,8 +63,8 @@ dep-cmd = $(if $(wildcard $(fixdep)), + $(fixdep) $(depfile) $@ '$(make-cmd)' > $(dot-target).tmp; \ + rm -f $(depfile); \ + mv -f $(dot-target).tmp $(dot-target).cmd, \ +- printf '\# cannot find fixdep (%s)\n' $(fixdep) > $(dot-target).cmd; \ +- printf '\# using basic dep data\n\n' >> $(dot-target).cmd; \ ++ printf '$(pound) cannot find fixdep (%s)\n' $(fixdep) > $(dot-target).cmd; \ ++ printf '$(pound) using basic dep data\n\n' >> $(dot-target).cmd; \ + cat $(depfile) >> $(dot-target).cmd; \ + printf '\n%s\n' 'cmd_$@ := $(make-cmd)' >> $(dot-target).cmd) + +diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c +index fd7de7eb329e..30025d7e75e4 100644 +--- a/tools/testing/selftests/bpf/test_verifier.c ++++ b/tools/testing/selftests/bpf/test_verifier.c +@@ -8190,7 +8190,7 @@ static struct bpf_test tests[] = { + offsetof(struct __sk_buff, mark)), + BPF_EXIT_INSN(), + }, +- .errstr = "dereference of modified ctx ptr R1 off=68+8, ctx+const is allowed, ctx+const+const is not", ++ .errstr = "dereference of modified ctx ptr", + .result = REJECT, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + }, +@@ -11423,6 +11423,62 @@ static struct bpf_test tests[] = { + .errstr = "BPF_XADD stores into R2 packet", + .prog_type = BPF_PROG_TYPE_XDP, + }, ++ { ++ "pass unmodified ctx pointer to helper", ++ .insns = { ++ BPF_MOV64_IMM(BPF_REG_2, 0), ++ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, ++ BPF_FUNC_csum_update), ++ BPF_MOV64_IMM(BPF_REG_0, 0), ++ BPF_EXIT_INSN(), ++ }, ++ .prog_type = BPF_PROG_TYPE_SCHED_CLS, ++ .result = ACCEPT, ++ }, ++ { ++ "pass modified ctx pointer to helper, 1", ++ .insns = { ++ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612), ++ BPF_MOV64_IMM(BPF_REG_2, 0), ++ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, ++ BPF_FUNC_csum_update), ++ BPF_MOV64_IMM(BPF_REG_0, 0), ++ BPF_EXIT_INSN(), ++ }, ++ .prog_type = BPF_PROG_TYPE_SCHED_CLS, ++ .result = REJECT, ++ .errstr = "dereference of modified ctx ptr", ++ }, ++ { ++ "pass modified ctx pointer to helper, 2", ++ .insns = { ++ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612), ++ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, ++ BPF_FUNC_get_socket_cookie), ++ BPF_MOV64_IMM(BPF_REG_0, 0), ++ BPF_EXIT_INSN(), ++ }, ++ .result_unpriv = REJECT, ++ .result = REJECT, ++ .errstr_unpriv = "dereference of modified ctx ptr", ++ .errstr = "dereference of modified ctx ptr", ++ }, ++ { ++ "pass modified ctx pointer to helper, 3", ++ .insns = { ++ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 0), ++ BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 4), ++ BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_3), ++ BPF_MOV64_IMM(BPF_REG_2, 0), ++ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, ++ BPF_FUNC_csum_update), ++ BPF_MOV64_IMM(BPF_REG_0, 0), ++ BPF_EXIT_INSN(), ++ }, ++ .prog_type = BPF_PROG_TYPE_SCHED_CLS, ++ .result = REJECT, ++ .errstr = "variable ctx access var_off=(0x0; 0x4)", ++ }, + }; + + static int probe_filter_length(const struct bpf_insn *fp)
