commit: e93d442a28ca72142597d07fb94bdd65b8b97dcd Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Wed Jun 16 12:21:23 2021 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Wed Jun 16 12:21:23 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e93d442a
Linux patch 4.14.237 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1236_linux-4.14.237.patch | 1250 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1254 insertions(+) diff --git a/0000_README b/0000_README index 1cbc4b5..165f37f 100644 --- a/0000_README +++ b/0000_README @@ -987,6 +987,10 @@ Patch: 1235_linux-4.14.236.patch From: https://www.kernel.org Desc: Linux 4.14.236 +Patch: 1236_linux-4.14.237.patch +From: https://www.kernel.org +Desc: Linux 4.14.237 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1236_linux-4.14.237.patch b/1236_linux-4.14.237.patch new file mode 100644 index 0000000..1eaee7c --- /dev/null +++ b/1236_linux-4.14.237.patch @@ -0,0 +1,1250 @@ +diff --git a/Makefile b/Makefile +index 3d162ef034d41..bc9833fdca1ae 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 14 +-SUBLEVEL = 236 ++SUBLEVEL = 237 + EXTRAVERSION = + NAME = Petit Gorille + +diff --git a/arch/mips/lib/mips-atomic.c b/arch/mips/lib/mips-atomic.c +index 5530070e0d05d..57497a26e79cb 100644 +--- a/arch/mips/lib/mips-atomic.c ++++ b/arch/mips/lib/mips-atomic.c +@@ -37,7 +37,7 @@ + */ + notrace void arch_local_irq_disable(void) + { +- preempt_disable(); ++ preempt_disable_notrace(); + + __asm__ __volatile__( + " .set push \n" +@@ -53,7 +53,7 @@ notrace void arch_local_irq_disable(void) + : /* no inputs */ + : "memory"); + +- preempt_enable(); ++ preempt_enable_notrace(); + } + EXPORT_SYMBOL(arch_local_irq_disable); + +@@ -61,7 +61,7 @@ notrace unsigned long arch_local_irq_save(void) + { + unsigned long flags; + +- preempt_disable(); ++ preempt_disable_notrace(); + + __asm__ __volatile__( + " .set push \n" +@@ -78,7 +78,7 @@ notrace unsigned long arch_local_irq_save(void) + : /* no inputs */ + : "memory"); + +- preempt_enable(); ++ preempt_enable_notrace(); + + return flags; + } +@@ -88,7 +88,7 @@ notrace void arch_local_irq_restore(unsigned long flags) + { + unsigned long __tmp1; + +- preempt_disable(); ++ preempt_disable_notrace(); + + __asm__ __volatile__( + " .set push \n" +@@ -106,7 +106,7 @@ notrace void arch_local_irq_restore(unsigned long flags) + : "0" (flags) + : "memory"); + +- preempt_enable(); ++ preempt_enable_notrace(); + } + EXPORT_SYMBOL(arch_local_irq_restore); + +diff --git a/arch/powerpc/boot/dts/fsl/p1010si-post.dtsi b/arch/powerpc/boot/dts/fsl/p1010si-post.dtsi +index af12ead88c5f0..404f570ebe238 100644 +--- a/arch/powerpc/boot/dts/fsl/p1010si-post.dtsi ++++ b/arch/powerpc/boot/dts/fsl/p1010si-post.dtsi +@@ -122,7 +122,15 @@ + }; + + /include/ "pq3-i2c-0.dtsi" ++ i2c@3000 { ++ fsl,i2c-erratum-a004447; ++ }; ++ + /include/ "pq3-i2c-1.dtsi" ++ i2c@3100 { ++ fsl,i2c-erratum-a004447; ++ }; ++ + /include/ "pq3-duart-0.dtsi" + /include/ "pq3-espi-0.dtsi" + spi0: spi@7000 { +diff --git a/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi b/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi +index 51e975d7631aa..8921f17fca42e 100644 +--- a/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi ++++ b/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi +@@ -389,7 +389,23 @@ + }; + + /include/ "qoriq-i2c-0.dtsi" ++ i2c@118000 { ++ fsl,i2c-erratum-a004447; ++ }; ++ ++ i2c@118100 { ++ fsl,i2c-erratum-a004447; ++ }; ++ + /include/ "qoriq-i2c-1.dtsi" ++ i2c@119000 { ++ fsl,i2c-erratum-a004447; ++ }; ++ ++ i2c@119100 { ++ fsl,i2c-erratum-a004447; ++ }; ++ + /include/ "qoriq-duart-0.dtsi" + /include/ "qoriq-duart-1.dtsi" + /include/ "qoriq-gpio-0.dtsi" +diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c +index fe85d041d0baa..baa9617446b91 100644 +--- a/drivers/gpu/drm/drm_auth.c ++++ b/drivers/gpu/drm/drm_auth.c +@@ -244,9 +244,10 @@ int drm_master_open(struct drm_file *file_priv) + void drm_master_release(struct drm_file *file_priv) + { + struct drm_device *dev = file_priv->minor->dev; +- struct drm_master *master = file_priv->master; ++ struct drm_master *master; + + mutex_lock(&dev->master_mutex); ++ master = file_priv->master; + if (file_priv->magic) + idr_remove(&file_priv->master->magic_map, file_priv->magic); + +diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c +index 53f319369de5f..60fc06234d736 100644 +--- a/drivers/gpu/drm/drm_ioctl.c ++++ b/drivers/gpu/drm/drm_ioctl.c +@@ -112,17 +112,18 @@ int drm_getunique(struct drm_device *dev, void *data, + struct drm_file *file_priv) + { + struct drm_unique *u = data; +- struct drm_master *master = file_priv->master; ++ struct drm_master *master; + +- mutex_lock(&master->dev->master_mutex); ++ mutex_lock(&dev->master_mutex); ++ master = file_priv->master; + if (u->unique_len >= master->unique_len) { + if (copy_to_user(u->unique, master->unique, master->unique_len)) { +- mutex_unlock(&master->dev->master_mutex); ++ mutex_unlock(&dev->master_mutex); + return -EFAULT; + } + } + u->unique_len = master->unique_len; +- mutex_unlock(&master->dev->master_mutex); ++ mutex_unlock(&dev->master_mutex); + + return 0; + } +diff --git a/drivers/i2c/busses/i2c-mpc.c b/drivers/i2c/busses/i2c-mpc.c +index 96caf378b1dc0..7db5554d2b4e7 100644 +--- a/drivers/i2c/busses/i2c-mpc.c ++++ b/drivers/i2c/busses/i2c-mpc.c +@@ -23,6 +23,7 @@ + + #include <linux/clk.h> + #include <linux/io.h> ++#include <linux/iopoll.h> + #include <linux/fsl_devices.h> + #include <linux/i2c.h> + #include <linux/interrupt.h> +@@ -49,6 +50,7 @@ + #define CCR_MTX 0x10 + #define CCR_TXAK 0x08 + #define CCR_RSTA 0x04 ++#define CCR_RSVD 0x02 + + #define CSR_MCF 0x80 + #define CSR_MAAS 0x40 +@@ -70,6 +72,7 @@ struct mpc_i2c { + u8 fdr, dfsrr; + #endif + struct clk *clk_per; ++ bool has_errata_A004447; + }; + + struct mpc_i2c_divider { +@@ -178,6 +181,75 @@ static int i2c_wait(struct mpc_i2c *i2c, unsigned timeout, int writing) + return 0; + } + ++static int i2c_mpc_wait_sr(struct mpc_i2c *i2c, int mask) ++{ ++ void __iomem *addr = i2c->base + MPC_I2C_SR; ++ u8 val; ++ ++ return readb_poll_timeout(addr, val, val & mask, 0, 100); ++} ++ ++/* ++ * Workaround for Erratum A004447. From the P2040CE Rev Q ++ * ++ * 1. Set up the frequency divider and sampling rate. ++ * 2. I2CCR - a0h ++ * 3. Poll for I2CSR[MBB] to get set. ++ * 4. If I2CSR[MAL] is set (an indication that SDA is stuck low), then go to ++ * step 5. If MAL is not set, then go to step 13. ++ * 5. I2CCR - 00h ++ * 6. I2CCR - 22h ++ * 7. I2CCR - a2h ++ * 8. Poll for I2CSR[MBB] to get set. ++ * 9. Issue read to I2CDR. ++ * 10. Poll for I2CSR[MIF] to be set. ++ * 11. I2CCR - 82h ++ * 12. Workaround complete. Skip the next steps. ++ * 13. Issue read to I2CDR. ++ * 14. Poll for I2CSR[MIF] to be set. ++ * 15. I2CCR - 80h ++ */ ++static void mpc_i2c_fixup_A004447(struct mpc_i2c *i2c) ++{ ++ int ret; ++ u32 val; ++ ++ writeccr(i2c, CCR_MEN | CCR_MSTA); ++ ret = i2c_mpc_wait_sr(i2c, CSR_MBB); ++ if (ret) { ++ dev_err(i2c->dev, "timeout waiting for CSR_MBB\n"); ++ return; ++ } ++ ++ val = readb(i2c->base + MPC_I2C_SR); ++ ++ if (val & CSR_MAL) { ++ writeccr(i2c, 0x00); ++ writeccr(i2c, CCR_MSTA | CCR_RSVD); ++ writeccr(i2c, CCR_MEN | CCR_MSTA | CCR_RSVD); ++ ret = i2c_mpc_wait_sr(i2c, CSR_MBB); ++ if (ret) { ++ dev_err(i2c->dev, "timeout waiting for CSR_MBB\n"); ++ return; ++ } ++ val = readb(i2c->base + MPC_I2C_DR); ++ ret = i2c_mpc_wait_sr(i2c, CSR_MIF); ++ if (ret) { ++ dev_err(i2c->dev, "timeout waiting for CSR_MIF\n"); ++ return; ++ } ++ writeccr(i2c, CCR_MEN | CCR_RSVD); ++ } else { ++ val = readb(i2c->base + MPC_I2C_DR); ++ ret = i2c_mpc_wait_sr(i2c, CSR_MIF); ++ if (ret) { ++ dev_err(i2c->dev, "timeout waiting for CSR_MIF\n"); ++ return; ++ } ++ writeccr(i2c, CCR_MEN); ++ } ++} ++ + #if defined(CONFIG_PPC_MPC52xx) || defined(CONFIG_PPC_MPC512x) + static const struct mpc_i2c_divider mpc_i2c_dividers_52xx[] = { + {20, 0x20}, {22, 0x21}, {24, 0x22}, {26, 0x23}, +@@ -581,7 +653,7 @@ static int mpc_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num) + if ((status & (CSR_MCF | CSR_MBB | CSR_RXAK)) != 0) { + writeb(status & ~CSR_MAL, + i2c->base + MPC_I2C_SR); +- mpc_i2c_fixup(i2c); ++ i2c_recover_bus(&i2c->adap); + } + return -EIO; + } +@@ -617,7 +689,7 @@ static int mpc_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num) + if ((status & (CSR_MCF | CSR_MBB | CSR_RXAK)) != 0) { + writeb(status & ~CSR_MAL, + i2c->base + MPC_I2C_SR); +- mpc_i2c_fixup(i2c); ++ i2c_recover_bus(&i2c->adap); + } + return -EIO; + } +@@ -632,6 +704,18 @@ static u32 mpc_functionality(struct i2c_adapter *adap) + | I2C_FUNC_SMBUS_READ_BLOCK_DATA | I2C_FUNC_SMBUS_BLOCK_PROC_CALL; + } + ++static int fsl_i2c_bus_recovery(struct i2c_adapter *adap) ++{ ++ struct mpc_i2c *i2c = i2c_get_adapdata(adap); ++ ++ if (i2c->has_errata_A004447) ++ mpc_i2c_fixup_A004447(i2c); ++ else ++ mpc_i2c_fixup(i2c); ++ ++ return 0; ++} ++ + static const struct i2c_algorithm mpc_algo = { + .master_xfer = mpc_xfer, + .functionality = mpc_functionality, +@@ -643,6 +727,10 @@ static struct i2c_adapter mpc_ops = { + .timeout = HZ, + }; + ++static struct i2c_bus_recovery_info fsl_i2c_recovery_info = { ++ .recover_bus = fsl_i2c_bus_recovery, ++}; ++ + static const struct of_device_id mpc_i2c_of_match[]; + static int fsl_i2c_probe(struct platform_device *op) + { +@@ -727,6 +815,8 @@ static int fsl_i2c_probe(struct platform_device *op) + dev_info(i2c->dev, "timeout %u us\n", mpc_ops.timeout * 1000000 / HZ); + + platform_set_drvdata(op, i2c); ++ if (of_property_read_bool(op->dev.of_node, "fsl,i2c-erratum-a004447")) ++ i2c->has_errata_A004447 = true; + + i2c->adap = mpc_ops; + of_address_to_resource(op->dev.of_node, 0, &res); +@@ -735,6 +825,7 @@ static int fsl_i2c_probe(struct platform_device *op) + i2c_set_adapdata(&i2c->adap, i2c); + i2c->adap.dev.parent = &op->dev; + i2c->adap.dev.of_node = of_node_get(op->dev.of_node); ++ i2c->adap.bus_recovery_info = &fsl_i2c_recovery_info; + + result = i2c_add_adapter(&i2c->adap); + if (result < 0) +diff --git a/drivers/isdn/hardware/mISDN/netjet.c b/drivers/isdn/hardware/mISDN/netjet.c +index 6a6d848bd18ee..79f9925da76c0 100644 +--- a/drivers/isdn/hardware/mISDN/netjet.c ++++ b/drivers/isdn/hardware/mISDN/netjet.c +@@ -1114,7 +1114,6 @@ nj_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + card->typ = NETJET_S_TJ300; + + card->base = pci_resource_start(pdev, 0); +- card->irq = pdev->irq; + pci_set_drvdata(pdev, card); + err = setup_instance(card); + if (err) +diff --git a/drivers/net/appletalk/cops.c b/drivers/net/appletalk/cops.c +index 486e1e6997fc8..dde0cda3f696d 100644 +--- a/drivers/net/appletalk/cops.c ++++ b/drivers/net/appletalk/cops.c +@@ -324,6 +324,8 @@ static int __init cops_probe1(struct net_device *dev, int ioaddr) + break; + } + ++ dev->base_addr = ioaddr; ++ + /* Reserve any actual interrupt. */ + if (dev->irq) { + retval = request_irq(dev->irq, cops_interrupt, 0, dev->name, dev); +@@ -331,8 +333,6 @@ static int __init cops_probe1(struct net_device *dev, int ioaddr) + goto err_out; + } + +- dev->base_addr = ioaddr; +- + lp = netdev_priv(dev); + spin_lock_init(&lp->lock); + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 1250983616efd..340e7bf6463ec 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1295,6 +1295,7 @@ static struct slave *bond_alloc_slave(struct bonding *bond, + + slave->bond = bond; + slave->dev = slave_dev; ++ INIT_DELAYED_WORK(&slave->notify_work, bond_netdev_notify_work); + + if (bond_kobj_init(slave)) + return NULL; +@@ -1307,7 +1308,6 @@ static struct slave *bond_alloc_slave(struct bonding *bond, + return NULL; + } + } +- INIT_DELAYED_WORK(&slave->notify_work, bond_netdev_notify_work); + + return slave; + } +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +index 1977e0c552dff..e4d1aaf838a43 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +@@ -1242,8 +1242,10 @@ int bnx2x_iov_init_one(struct bnx2x *bp, int int_mode_param, + goto failed; + + /* SR-IOV capability was enabled but there are no VFs*/ +- if (iov->total == 0) ++ if (iov->total == 0) { ++ err = -EINVAL; + goto failed; ++ } + + iov->nr_virtfn = min_t(u16, iov->total, num_vfs_param); + +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c +index 4d2a996ba4460..b07ea8a26c20a 100644 +--- a/drivers/net/ethernet/cadence/macb_main.c ++++ b/drivers/net/ethernet/cadence/macb_main.c +@@ -2330,6 +2330,9 @@ static struct net_device_stats *gem_get_stats(struct macb *bp) + struct gem_stats *hwstat = &bp->hw_stats.gem; + struct net_device_stats *nstat = &bp->dev->stats; + ++ if (!netif_running(bp->dev)) ++ return nstat; ++ + gem_update_stats(bp); + + nstat->rx_errors = (hwstat->rx_frame_check_sequence_errors + +diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c b/drivers/net/ethernet/qlogic/qla3xxx.c +index cc53ee26bd3e0..a8bb061e1a8a4 100644 +--- a/drivers/net/ethernet/qlogic/qla3xxx.c ++++ b/drivers/net/ethernet/qlogic/qla3xxx.c +@@ -115,7 +115,7 @@ static int ql_sem_spinlock(struct ql3_adapter *qdev, + value = readl(&port_regs->CommonRegs.semaphoreReg); + if ((value & (sem_mask >> 16)) == sem_bits) + return 0; +- ssleep(1); ++ mdelay(1000); + } while (--seconds); + return -1; + } +diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c +index c545fb1f82bd8..5fc7b6c1a4420 100644 +--- a/drivers/net/phy/mdio_bus.c ++++ b/drivers/net/phy/mdio_bus.c +@@ -412,7 +412,8 @@ void mdiobus_unregister(struct mii_bus *bus) + struct mdio_device *mdiodev; + int i; + +- BUG_ON(bus->state != MDIOBUS_REGISTERED); ++ if (WARN_ON_ONCE(bus->state != MDIOBUS_REGISTERED)) ++ return; + bus->state = MDIOBUS_UNREGISTERED; + + for (i = 0; i < PHY_MAX_ADDR; i++) { +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index 2c4439f3e12e6..ce5162ef92165 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -1081,6 +1081,12 @@ static int set_machine_constraints(struct regulator_dev *rdev) + * and we have control then make sure it is enabled. + */ + if (rdev->constraints->always_on || rdev->constraints->boot_on) { ++ /* If we want to enable this regulator, make sure that we know ++ * the supplying regulator. ++ */ ++ if (rdev->supply_name && !rdev->supply) ++ return -EPROBE_DEFER; ++ + ret = _regulator_do_enable(rdev); + if (ret < 0 && ret != -EINVAL) { + rdev_err(rdev, "failed to enable\n"); +diff --git a/drivers/regulator/max77620-regulator.c b/drivers/regulator/max77620-regulator.c +index cd93cf53e23c0..28baeac3a5a45 100644 +--- a/drivers/regulator/max77620-regulator.c ++++ b/drivers/regulator/max77620-regulator.c +@@ -792,6 +792,13 @@ static int max77620_regulator_probe(struct platform_device *pdev) + config.dev = dev; + config.driver_data = pmic; + ++ /* ++ * Set of_node_reuse flag to prevent driver core from attempting to ++ * claim any pinmux resources already claimed by the parent device. ++ * Otherwise PMIC driver will fail to re-probe. ++ */ ++ device_set_of_node_from_dev(&pdev->dev, pdev->dev.parent); ++ + for (id = 0; id < MAX77620_NUM_REGS; id++) { + struct regulator_dev *rdev; + struct regulator_desc *rdesc; +diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c +index ef22b275d0505..5788a2ce35718 100644 +--- a/drivers/scsi/hosts.c ++++ b/drivers/scsi/hosts.c +@@ -256,12 +256,11 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, + + device_enable_async_suspend(&shost->shost_dev); + ++ get_device(&shost->shost_gendev); + error = device_add(&shost->shost_dev); + if (error) + goto out_del_gendev; + +- get_device(&shost->shost_gendev); +- + if (shost->transportt->host_size) { + shost->shost_data = kzalloc(shost->transportt->host_size, + GFP_KERNEL); +@@ -298,6 +297,11 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, + out_del_dev: + device_del(&shost->shost_dev); + out_del_gendev: ++ /* ++ * Host state is SHOST_RUNNING so we have to explicitly release ++ * ->shost_dev. ++ */ ++ put_device(&shost->shost_dev); + device_del(&shost->shost_gendev); + out_disable_runtime_pm: + device_disable_async_suspend(&shost->shost_gendev); +@@ -351,7 +355,7 @@ static void scsi_host_dev_release(struct device *dev) + + ida_simple_remove(&host_index_ida, shost->host_no); + +- if (parent) ++ if (shost->shost_state != SHOST_CREATED) + put_device(parent); + kfree(shost); + } +@@ -404,8 +408,10 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) + mutex_init(&shost->scan_mutex); + + index = ida_simple_get(&host_index_ida, 0, 0, GFP_KERNEL); +- if (index < 0) +- goto fail_kfree; ++ if (index < 0) { ++ kfree(shost); ++ return NULL; ++ } + shost->host_no = index; + + shost->dma_channel = 0xff; +@@ -493,7 +499,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) + shost_printk(KERN_WARNING, shost, + "error handler thread failed to spawn, error = %ld\n", + PTR_ERR(shost->ehandler)); +- goto fail_index_remove; ++ goto fail; + } + + shost->tmf_work_q = alloc_workqueue("scsi_tmf_%d", +@@ -502,17 +508,18 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) + if (!shost->tmf_work_q) { + shost_printk(KERN_WARNING, shost, + "failed to create tmf workq\n"); +- goto fail_kthread; ++ goto fail; + } + scsi_proc_hostdir_add(shost->hostt); + return shost; ++ fail: ++ /* ++ * Host state is still SHOST_CREATED and that is enough to release ++ * ->shost_gendev. scsi_host_dev_release() will free ++ * dev_name(&shost->shost_dev). ++ */ ++ put_device(&shost->shost_gendev); + +- fail_kthread: +- kthread_stop(shost->ehandler); +- fail_index_remove: +- ida_simple_remove(&host_index_ida, shost->host_no); +- fail_kfree: +- kfree(shost); + return NULL; + } + EXPORT_SYMBOL(scsi_host_alloc); +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c +index 21011c5fddebe..bd8f9b03386ad 100644 +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -1517,10 +1517,12 @@ void qlt_stop_phase2(struct qla_tgt *tgt) + return; + } + ++ mutex_lock(&tgt->ha->optrom_mutex); + mutex_lock(&vha->vha_tgt.tgt_mutex); + tgt->tgt_stop = 0; + tgt->tgt_stopped = 1; + mutex_unlock(&vha->vha_tgt.tgt_mutex); ++ mutex_unlock(&tgt->ha->optrom_mutex); + + ql_dbg(ql_dbg_tgt_mgt, vha, 0xf00c, "Stop of tgt %p finished\n", + tgt); +diff --git a/drivers/scsi/vmw_pvscsi.c b/drivers/scsi/vmw_pvscsi.c +index 64eb8ffb2ddfa..2c707b5c7b0b7 100644 +--- a/drivers/scsi/vmw_pvscsi.c ++++ b/drivers/scsi/vmw_pvscsi.c +@@ -574,7 +574,13 @@ static void pvscsi_complete_request(struct pvscsi_adapter *adapter, + case BTSTAT_SUCCESS: + case BTSTAT_LINKED_COMMAND_COMPLETED: + case BTSTAT_LINKED_COMMAND_COMPLETED_WITH_FLAG: +- /* If everything went fine, let's move on.. */ ++ /* ++ * Commands like INQUIRY may transfer less data than ++ * requested by the initiator via bufflen. Set residual ++ * count to make upper layer aware of the actual amount ++ * of data returned. ++ */ ++ scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen); + cmd->result = (DID_OK << 16); + break; + +diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c +index 83852f323c5e2..fd6b56a6b5e42 100644 +--- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c ++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c +@@ -2432,7 +2432,7 @@ void rtw_cfg80211_indicate_sta_assoc(struct adapter *padapter, u8 *pmgmt_frame, + DBG_871X(FUNC_ADPT_FMT"\n", FUNC_ADPT_ARG(padapter)); + + { +- struct station_info sinfo; ++ struct station_info sinfo = {}; + u8 ie_offset; + if (GetFrameSubType(pmgmt_frame) == WIFI_ASSOCREQ) + ie_offset = _ASOCREQ_IE_OFFSET_; +diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c +index f0d37a2fb66b5..17bc5b958ea01 100644 +--- a/drivers/usb/dwc3/ep0.c ++++ b/drivers/usb/dwc3/ep0.c +@@ -302,6 +302,9 @@ static struct dwc3_ep *dwc3_wIndex_to_dep(struct dwc3 *dwc, __le16 wIndex_le) + epnum |= 1; + + dep = dwc->eps[epnum]; ++ if (dep == NULL) ++ return NULL; ++ + if (dep->flags & DWC3_EP_ENABLED) + return dep; + +diff --git a/drivers/usb/gadget/config.c b/drivers/usb/gadget/config.c +index 9b9d31eb6037f..2695a4db38292 100644 +--- a/drivers/usb/gadget/config.c ++++ b/drivers/usb/gadget/config.c +@@ -168,6 +168,14 @@ int usb_assign_descriptors(struct usb_function *f, + { + struct usb_gadget *g = f->config->cdev->gadget; + ++ /* super-speed-plus descriptor falls back to super-speed one, ++ * if such a descriptor was provided, thus avoiding a NULL ++ * pointer dereference if a 5gbps capable gadget is used with ++ * a 10gbps capable config (device port + cable + host port) ++ */ ++ if (!ssp) ++ ssp = ss; ++ + if (fs) { + f->fs_descriptors = usb_copy_descriptors(fs); + if (!f->fs_descriptors) +diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c +index 8e3e443827854..5bd80cb3635ce 100644 +--- a/drivers/usb/gadget/function/f_ecm.c ++++ b/drivers/usb/gadget/function/f_ecm.c +@@ -793,7 +793,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) + fs_ecm_notify_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, +- ecm_ss_function, NULL); ++ ecm_ss_function, ecm_ss_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c +index 007ec6e4a5d42..5abc27f12a418 100644 +--- a/drivers/usb/gadget/function/f_eem.c ++++ b/drivers/usb/gadget/function/f_eem.c +@@ -309,7 +309,7 @@ static int eem_bind(struct usb_configuration *c, struct usb_function *f) + eem_ss_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, eem_fs_function, eem_hs_function, +- eem_ss_function, NULL); ++ eem_ss_function, eem_ss_function); + if (status) + goto fail; + +@@ -502,7 +502,7 @@ static int eem_unwrap(struct gether *port, + skb2 = skb_clone(skb, GFP_ATOMIC); + if (unlikely(!skb2)) { + DBG(cdev, "unable to unframe EEM packet\n"); +- continue; ++ goto next; + } + skb_trim(skb2, len - ETH_FCS_LEN); + +@@ -513,7 +513,7 @@ static int eem_unwrap(struct gether *port, + if (unlikely(!skb3)) { + DBG(cdev, "unable to realign EEM packet\n"); + dev_kfree_skb_any(skb2); +- continue; ++ goto next; + } + dev_kfree_skb_any(skb2); + skb_queue_tail(list, skb3); +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c +index 7c775dc43df55..458c5dc296ac9 100644 +--- a/drivers/usb/gadget/function/f_fs.c ++++ b/drivers/usb/gadget/function/f_fs.c +@@ -3459,6 +3459,9 @@ static void ffs_func_unbind(struct usb_configuration *c, + ffs->func = NULL; + } + ++ /* Drain any pending AIO completions */ ++ drain_workqueue(ffs->io_completion_wq); ++ + if (!--opts->refcnt) + functionfs_unbind(ffs); + +diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c +index 63f6e344d5b01..77d1183775efc 100644 +--- a/drivers/usb/gadget/function/f_hid.c ++++ b/drivers/usb/gadget/function/f_hid.c +@@ -812,7 +812,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) + hidg_fs_out_ep_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, hidg_fs_descriptors, +- hidg_hs_descriptors, hidg_ss_descriptors, NULL); ++ hidg_hs_descriptors, hidg_ss_descriptors, ++ hidg_ss_descriptors); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_loopback.c b/drivers/usb/gadget/function/f_loopback.c +index e70093835e14a..8c1810d655983 100644 +--- a/drivers/usb/gadget/function/f_loopback.c ++++ b/drivers/usb/gadget/function/f_loopback.c +@@ -211,7 +211,7 @@ autoconf_fail: + ss_loop_sink_desc.bEndpointAddress = fs_loop_sink_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_loopback_descs, hs_loopback_descs, +- ss_loopback_descs, NULL); ++ ss_loopback_descs, ss_loopback_descs); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c +index 61c0bc7c985f4..4af9f577ae439 100644 +--- a/drivers/usb/gadget/function/f_ncm.c ++++ b/drivers/usb/gadget/function/f_ncm.c +@@ -589,7 +589,7 @@ static void ncm_do_notify(struct f_ncm *ncm) + data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); + data[1] = data[0]; + +- DBG(cdev, "notify speed %d\n", ncm_bitrate(cdev->gadget)); ++ DBG(cdev, "notify speed %u\n", ncm_bitrate(cdev->gadget)); + ncm->notify_state = NCM_NOTIFY_CONNECT; + break; + } +diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c +index fd2409d102d0e..4e0afeabe8b8b 100644 +--- a/drivers/usb/gadget/function/f_printer.c ++++ b/drivers/usb/gadget/function/f_printer.c +@@ -1067,7 +1067,8 @@ autoconf_fail: + ss_ep_out_desc.bEndpointAddress = fs_ep_out_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_printer_function, +- hs_printer_function, ss_printer_function, NULL); ++ hs_printer_function, ss_printer_function, ++ ss_printer_function); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c +index b35c1d27dc52b..2a43c6395098f 100644 +--- a/drivers/usb/gadget/function/f_rndis.c ++++ b/drivers/usb/gadget/function/f_rndis.c +@@ -793,7 +793,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) + ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, +- eth_ss_function, NULL); ++ eth_ss_function, eth_ss_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_serial.c b/drivers/usb/gadget/function/f_serial.c +index cb00ada21d9c2..e1efb69c80bad 100644 +--- a/drivers/usb/gadget/function/f_serial.c ++++ b/drivers/usb/gadget/function/f_serial.c +@@ -236,7 +236,7 @@ static int gser_bind(struct usb_configuration *c, struct usb_function *f) + gser_ss_out_desc.bEndpointAddress = gser_fs_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, gser_fs_function, gser_hs_function, +- gser_ss_function, NULL); ++ gser_ss_function, gser_ss_function); + if (status) + goto fail; + dev_dbg(&cdev->gadget->dev, "generic ttyGS%d: %s speed IN/%s OUT/%s\n", +diff --git a/drivers/usb/gadget/function/f_sourcesink.c b/drivers/usb/gadget/function/f_sourcesink.c +index 6e9d958004a0d..1c5745f7abea1 100644 +--- a/drivers/usb/gadget/function/f_sourcesink.c ++++ b/drivers/usb/gadget/function/f_sourcesink.c +@@ -435,7 +435,8 @@ no_iso: + ss_iso_sink_desc.bEndpointAddress = fs_iso_sink_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, fs_source_sink_descs, +- hs_source_sink_descs, ss_source_sink_descs, NULL); ++ hs_source_sink_descs, ss_source_sink_descs, ++ ss_source_sink_descs); + if (ret) + return ret; + +diff --git a/drivers/usb/gadget/function/f_subset.c b/drivers/usb/gadget/function/f_subset.c +index 434b983f3b4c2..055bd0706cdd0 100644 +--- a/drivers/usb/gadget/function/f_subset.c ++++ b/drivers/usb/gadget/function/f_subset.c +@@ -362,7 +362,7 @@ geth_bind(struct usb_configuration *c, struct usb_function *f) + fs_subset_out_desc.bEndpointAddress; + + status = usb_assign_descriptors(f, fs_eth_function, hs_eth_function, +- ss_eth_function, NULL); ++ ss_eth_function, ss_eth_function); + if (status) + goto fail; + +diff --git a/drivers/usb/gadget/function/f_tcm.c b/drivers/usb/gadget/function/f_tcm.c +index c41d09166a1d6..864ed249ff8cf 100644 +--- a/drivers/usb/gadget/function/f_tcm.c ++++ b/drivers/usb/gadget/function/f_tcm.c +@@ -2071,7 +2071,8 @@ static int tcm_bind(struct usb_configuration *c, struct usb_function *f) + uasp_fs_cmd_desc.bEndpointAddress = uasp_ss_cmd_desc.bEndpointAddress; + + ret = usb_assign_descriptors(f, uasp_fs_function_desc, +- uasp_hs_function_desc, uasp_ss_function_desc, NULL); ++ uasp_hs_function_desc, uasp_ss_function_desc, ++ uasp_ss_function_desc); + if (ret) + goto ep_fail; + +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index cf179366455e3..1196b0dcf8280 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -606,6 +606,7 @@ static const struct usb_device_id id_table_combined[] = { + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, + { USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLX_PLUS_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_NT_ORION_IO_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_NT_ORIONMX_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_SYNAPSE_SS200_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX2_PID) }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index d854e04a4286e..add602bebd820 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -581,6 +581,7 @@ + #define FTDI_NT_ORIONLXM_PID 0x7c90 /* OrionLXm Substation Automation Platform */ + #define FTDI_NT_ORIONLX_PLUS_PID 0x7c91 /* OrionLX+ Substation Automation Platform */ + #define FTDI_NT_ORION_IO_PID 0x7c92 /* Orion I/O */ ++#define FTDI_NT_ORIONMX_PID 0x7c93 /* OrionMX */ + + /* + * Synapse Wireless product ids (FTDI_VID) +diff --git a/drivers/usb/serial/omninet.c b/drivers/usb/serial/omninet.c +index efcd7feed6f4d..56826ea5e3d1a 100644 +--- a/drivers/usb/serial/omninet.c ++++ b/drivers/usb/serial/omninet.c +@@ -29,6 +29,7 @@ + + #define ZYXEL_VENDOR_ID 0x0586 + #define ZYXEL_OMNINET_ID 0x1000 ++#define ZYXEL_OMNI_56K_PLUS_ID 0x1500 + /* This one seems to be a re-branded ZyXEL device */ + #define BT_IGNITIONPRO_ID 0x2000 + +@@ -43,6 +44,7 @@ static int omninet_port_remove(struct usb_serial_port *port); + + static const struct usb_device_id id_table[] = { + { USB_DEVICE(ZYXEL_VENDOR_ID, ZYXEL_OMNINET_ID) }, ++ { USB_DEVICE(ZYXEL_VENDOR_ID, ZYXEL_OMNI_56K_PLUS_ID) }, + { USB_DEVICE(ZYXEL_VENDOR_ID, BT_IGNITIONPRO_ID) }, + { } /* Terminating entry */ + }; +diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c +index f16e0b8c1ed42..636b315eaca9f 100644 +--- a/drivers/usb/serial/quatech2.c ++++ b/drivers/usb/serial/quatech2.c +@@ -420,7 +420,7 @@ static void qt2_close(struct usb_serial_port *port) + + /* flush the port transmit buffer */ + i = usb_control_msg(serial->dev, +- usb_rcvctrlpipe(serial->dev, 0), ++ usb_sndctrlpipe(serial->dev, 0), + QT2_FLUSH_DEVICE, 0x40, 1, + port_priv->device_port, NULL, 0, QT2_USB_TIMEOUT); + +@@ -430,7 +430,7 @@ static void qt2_close(struct usb_serial_port *port) + + /* flush the port receive buffer */ + i = usb_control_msg(serial->dev, +- usb_rcvctrlpipe(serial->dev, 0), ++ usb_sndctrlpipe(serial->dev, 0), + QT2_FLUSH_DEVICE, 0x40, 0, + port_priv->device_port, NULL, 0, QT2_USB_TIMEOUT); + +@@ -696,7 +696,7 @@ static int qt2_attach(struct usb_serial *serial) + int status; + + /* power on unit */ +- status = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), ++ status = usb_control_msg(serial->dev, usb_sndctrlpipe(serial->dev, 0), + 0xc2, 0x40, 0x8000, 0, NULL, 0, + QT2_USB_TIMEOUT); + if (status < 0) { +diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c +index 251f5d66651eb..51f2be9811452 100644 +--- a/drivers/usb/typec/ucsi/ucsi.c ++++ b/drivers/usb/typec/ucsi/ucsi.c +@@ -724,6 +724,7 @@ err_unregister: + } + + err_reset: ++ memset(&ucsi->cap, 0, sizeof(ucsi->cap)); + ucsi_reset_ppm(ucsi); + err: + mutex_unlock(&ucsi->ppm_lock); +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index 725544ec9c842..dd2504322a87a 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1100,7 +1100,7 @@ int btrfs_mark_extent_written(struct btrfs_trans_handle *trans, + int del_nr = 0; + int del_slot = 0; + int recow; +- int ret; ++ int ret = 0; + u64 ino = btrfs_ino(inode); + + path = btrfs_alloc_path(); +@@ -1320,7 +1320,7 @@ again: + } + out: + btrfs_free_path(path); +- return 0; ++ return ret; + } + + /* +diff --git a/fs/nfs/client.c b/fs/nfs/client.c +index 9e7d49fac4e35..1f74893b2b0c2 100644 +--- a/fs/nfs/client.c ++++ b/fs/nfs/client.c +@@ -406,7 +406,7 @@ struct nfs_client *nfs_get_client(const struct nfs_client_initdata *cl_init) + + if (cl_init->hostname == NULL) { + WARN_ON(1); +- return NULL; ++ return ERR_PTR(-EINVAL); + } + + /* see if the client already exists */ +diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c +index 0924b68b56574..3c8dfab8e958e 100644 +--- a/fs/nfs/nfs4client.c ++++ b/fs/nfs/nfs4client.c +@@ -417,8 +417,8 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, + */ + nfs_mark_client_ready(clp, -EPERM); + } +- nfs_put_client(clp); + clear_bit(NFS_CS_TSM_POSSIBLE, &clp->cl_flags); ++ nfs_put_client(clp); + return old; + + error: +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index e053fd7f83d81..ae19ead908d5f 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5294,6 +5294,14 @@ static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen + do { + err = __nfs4_proc_set_acl(inode, buf, buflen); + trace_nfs4_set_acl(inode, err); ++ if (err == -NFS4ERR_BADOWNER || err == -NFS4ERR_BADNAME) { ++ /* ++ * no need to retry since the kernel ++ * isn't involved in encoding the ACEs. ++ */ ++ err = -EINVAL; ++ break; ++ } + err = nfs4_handle_exception(NFS_SERVER(inode), err, + &exception); + } while (exception.retry); +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 75bc3405c2f7e..005d4cb2347ef 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -2528,6 +2528,13 @@ out: + } + + #ifdef CONFIG_SECURITY ++static int proc_pid_attr_open(struct inode *inode, struct file *file) ++{ ++ file->private_data = NULL; ++ __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS); ++ return 0; ++} ++ + static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, + size_t count, loff_t *ppos) + { +@@ -2558,7 +2565,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, + struct task_struct *task = get_proc_task(inode); + + /* A task may only write when it was the opener. */ +- if (file->f_cred != current_real_cred()) ++ if (file->private_data != current->mm) + return -EPERM; + + length = -ESRCH; +@@ -2601,9 +2608,11 @@ out_no_task: + } + + static const struct file_operations proc_pid_attr_operations = { ++ .open = proc_pid_attr_open, + .read = proc_pid_attr_read, + .write = proc_pid_attr_write, + .llseek = generic_file_llseek, ++ .release = mem_release, + }; + + static const struct pid_entry attr_dir_stuff[] = { +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h +index 2e06ca46f07c6..d5e38ebcfa476 100644 +--- a/include/linux/kvm_host.h ++++ b/include/linux/kvm_host.h +@@ -963,7 +963,15 @@ __gfn_to_memslot(struct kvm_memslots *slots, gfn_t gfn) + static inline unsigned long + __gfn_to_hva_memslot(struct kvm_memory_slot *slot, gfn_t gfn) + { +- return slot->userspace_addr + (gfn - slot->base_gfn) * PAGE_SIZE; ++ /* ++ * The index was checked originally in search_memslots. To avoid ++ * that a malicious guest builds a Spectre gadget out of e.g. page ++ * table walks, do not let the processor speculate loads outside ++ * the guest's registered memslots. ++ */ ++ unsigned long offset = gfn - slot->base_gfn; ++ offset = array_index_nospec(offset, slot->npages); ++ return slot->userspace_addr + offset * PAGE_SIZE; + } + + static inline int memslot_id(struct kvm *kvm, gfn_t gfn) +diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c +index 545f29c5268d7..5602bd81caa90 100644 +--- a/kernel/cgroup/cgroup-v1.c ++++ b/kernel/cgroup/cgroup-v1.c +@@ -861,6 +861,10 @@ static int cgroup1_rename(struct kernfs_node *kn, struct kernfs_node *new_parent + struct cgroup *cgrp = kn->priv; + int ret; + ++ /* do not accept '\n' to prevent making /proc/<pid>/cgroup unparsable */ ++ if (strchr(new_name_str, '\n')) ++ return -EINVAL; ++ + if (kernfs_type(kn) != KERNFS_DIR) + return -ENOTDIR; + if (kn->parent != new_parent) +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index ada060e628ce3..99783685f3d90 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -5219,8 +5219,6 @@ int __init cgroup_init_early(void) + return 0; + } + +-static u16 cgroup_disable_mask __initdata; +- + /** + * cgroup_init - cgroup initialization + * +@@ -5278,12 +5276,8 @@ int __init cgroup_init(void) + * disabled flag and cftype registration needs kmalloc, + * both of which aren't available during early_init. + */ +- if (cgroup_disable_mask & (1 << ssid)) { +- static_branch_disable(cgroup_subsys_enabled_key[ssid]); +- printk(KERN_INFO "Disabling %s control group subsystem\n", +- ss->name); ++ if (!cgroup_ssid_enabled(ssid)) + continue; +- } + + if (cgroup1_ssid_disabled(ssid)) + printk(KERN_INFO "Disabling %s control group subsystem in v1 mounts\n", +@@ -5642,7 +5636,10 @@ static int __init cgroup_disable(char *str) + if (strcmp(token, ss->name) && + strcmp(token, ss->legacy_name)) + continue; +- cgroup_disable_mask |= 1 << i; ++ ++ static_branch_disable(cgroup_subsys_enabled_key[i]); ++ pr_info("Disabling %s control group subsystem\n", ++ ss->name); + } + } + return 1; +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 75cf23232a92f..1aa094c5dedb4 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -3918,7 +3918,9 @@ find_get_context(struct pmu *pmu, struct task_struct *task, + cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu); + ctx = &cpuctx->ctx; + get_ctx(ctx); ++ raw_spin_lock_irqsave(&ctx->lock, flags); + ++ctx->pin_count; ++ raw_spin_unlock_irqrestore(&ctx->lock, flags); + + return ctx; + } +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c +index fceda199dc8ba..50c03c430f1a1 100644 +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -2042,12 +2042,18 @@ static int ftrace_hash_ipmodify_update(struct ftrace_ops *ops, + + static void print_ip_ins(const char *fmt, const unsigned char *p) + { ++ char ins[MCOUNT_INSN_SIZE]; + int i; + ++ if (probe_kernel_read(ins, p, MCOUNT_INSN_SIZE)) { ++ printk(KERN_CONT "%s[FAULT] %px\n", fmt, p); ++ return; ++ } ++ + printk(KERN_CONT "%s", fmt); + + for (i = 0; i < MCOUNT_INSN_SIZE; i++) +- printk(KERN_CONT "%s%02x", i ? ":" : "", p[i]); ++ printk(KERN_CONT "%s%02x", i ? ":" : "", ins[i]); + } + + enum ftrace_bug_type ftrace_bug_type; +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index b4b596845b4e6..42531ee852ffb 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2274,7 +2274,7 @@ trace_event_buffer_lock_reserve(struct ring_buffer **current_rb, + (entry = this_cpu_read(trace_buffered_event))) { + /* Try to use the per cpu buffer first */ + val = this_cpu_inc_return(trace_buffered_event_cnt); +- if ((len < (PAGE_SIZE - sizeof(*entry))) && val == 1) { ++ if ((len < (PAGE_SIZE - sizeof(*entry) - sizeof(entry->array[0]))) && val == 1) { + trace_event_setup(entry, type, flags, pc); + entry->array[0] = len; + return entry; +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index bc32ed4a4cf32..58e7eefe4dbff 100644 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -49,6 +49,7 @@ + #include <linux/moduleparam.h> + #include <linux/uaccess.h> + #include <linux/nmi.h> ++#include <linux/kvm_para.h> + + #include "workqueue_internal.h" + +@@ -5465,6 +5466,7 @@ static void wq_watchdog_timer_fn(unsigned long data) + { + unsigned long thresh = READ_ONCE(wq_watchdog_thresh) * HZ; + bool lockup_detected = false; ++ unsigned long now = jiffies; + struct worker_pool *pool; + int pi; + +@@ -5479,6 +5481,12 @@ static void wq_watchdog_timer_fn(unsigned long data) + if (list_empty(&pool->worklist)) + continue; + ++ /* ++ * If a virtual machine is stopped by the host it can look to ++ * the watchdog like a stall. ++ */ ++ kvm_check_and_clear_guest_paused(); ++ + /* get the latest of pool and touched timestamps */ + pool_ts = READ_ONCE(pool->watchdog_ts); + touched = READ_ONCE(wq_watchdog_touched); +@@ -5497,12 +5505,12 @@ static void wq_watchdog_timer_fn(unsigned long data) + } + + /* did we stall? */ +- if (time_after(jiffies, ts + thresh)) { ++ if (time_after(now, ts + thresh)) { + lockup_detected = true; + pr_emerg("BUG: workqueue lockup - pool"); + pr_cont_pool_info(pool); + pr_cont(" stuck for %us!\n", +- jiffies_to_msecs(jiffies - pool_ts) / 1000); ++ jiffies_to_msecs(now - pool_ts) / 1000); + } + } + +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index 3e4e075592722..140bec3568ec2 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -429,11 +429,13 @@ void netlink_table_ungrab(void) + static inline void + netlink_lock_table(void) + { ++ unsigned long flags; ++ + /* read_lock() synchronizes us to netlink_table_grab */ + +- read_lock(&nl_table_lock); ++ read_lock_irqsave(&nl_table_lock, flags); + atomic_inc(&nl_table_users); +- read_unlock(&nl_table_lock); ++ read_unlock_irqrestore(&nl_table_lock, flags); + } + + static inline void +diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c +index 57a07ab80d924..bdc72737fe240 100644 +--- a/net/nfc/rawsock.c ++++ b/net/nfc/rawsock.c +@@ -345,7 +345,7 @@ static int rawsock_create(struct net *net, struct socket *sock, + return -ESOCKTNOSUPPORT; + + if (sock->type == SOCK_RAW) { +- if (!capable(CAP_NET_RAW)) ++ if (!ns_capable(net->user_ns, CAP_NET_RAW)) + return -EPERM; + sock->ops = &rawsock_raw_ops; + } else { +diff --git a/sound/soc/codecs/sti-sas.c b/sound/soc/codecs/sti-sas.c +index 62c618765224b..730dd453a7448 100644 +--- a/sound/soc/codecs/sti-sas.c ++++ b/sound/soc/codecs/sti-sas.c +@@ -407,6 +407,7 @@ static const struct of_device_id sti_sas_dev_match[] = { + }, + {}, + }; ++MODULE_DEVICE_TABLE(of, sti_sas_dev_match); + + static int sti_sas_driver_probe(struct platform_device *pdev) + { +diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c +index decd5d147e816..735dc862c7f8c 100644 +--- a/tools/perf/util/session.c ++++ b/tools/perf/util/session.c +@@ -1475,6 +1475,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset, + if (event->header.size < hdr_sz || event->header.size > buf_sz) + return -1; + ++ buf += hdr_sz; + rest = event->header.size - hdr_sz; + + if (readn(fd, buf, rest) != (ssize_t)rest)