21 files changed, 309 insertions, 110 deletions

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 356a6c7cb52a..1903b8f3a705 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -448,7 +448,7 @@ static u64 __report_allowed;
 
 static void perf_duration_warn(struct irq_work *w)
 {
-        printk_ratelimited(KERN_WARNING
+        printk_ratelimited(KERN_INFO
                 "perf: interrupt took too long (%lld > %lld), lowering "
                 "kernel.perf_event_max_sample_rate to %d\n",
                 __report_avg, __report_allowed,
@@ -843,6 +843,32 @@ perf_cgroup_mark_enabled(struct perf_event *event,
                 }
         }
 }
+
+/*
+ * Update cpuctx->cgrp so that it is set when first cgroup event is added and
+ * cleared when last cgroup event is removed.
+ */
+static inline void
+list_update_cgroup_event(struct perf_event *event,
+                         struct perf_event_context *ctx, bool add)
+{
+        struct perf_cpu_context *cpuctx;
+
+        if (!is_cgroup_event(event))
+                return;
+
+        if (add && ctx->nr_cgroups++)
+                return;
+        else if (!add && --ctx->nr_cgroups)
+                return;
+        /*
+         * Because cgroup events are always per-cpu events,
+         * this will always be called from the right CPU.
+         */
+        cpuctx = __get_cpu_context(ctx);
+        cpuctx->cgrp = add ? event->cgrp : NULL;
+}
+
 #else /* !CONFIG_CGROUP_PERF */
 
 static inline bool
@@ -920,6 +946,13 @@ perf_cgroup_mark_enabled(struct perf_event *event,
                          struct perf_event_context *ctx)
 {
 }
+
+static inline void
+list_update_cgroup_event(struct perf_event *event,
+                         struct perf_event_context *ctx, bool add)
+{
+}
+
 #endif
 
 /*
@@ -1392,6 +1425,7 @@ ctx_group_list(struct perf_event *event, struct perf_event_context *ctx)
 static void
 list_add_event(struct perf_event *event, struct perf_event_context *ctx)
 {
+
         lockdep_assert_held(&ctx->lock);
 
         WARN_ON_ONCE(event->attach_state & PERF_ATTACH_CONTEXT);
@@ -1412,8 +1446,7 @@ list_add_event(struct perf_event *event, struct perf_event_context *ctx)
                 list_add_tail(&event->group_entry, list);
         }
 
-        if (is_cgroup_event(event))
-                ctx->nr_cgroups++;
+        list_update_cgroup_event(event, ctx, true);
 
         list_add_rcu(&event->event_entry, &ctx->event_list);
         ctx->nr_events++;
@@ -1581,8 +1614,6 @@ static void perf_group_attach(struct perf_event *event)
 static void
 list_del_event(struct perf_event *event, struct perf_event_context *ctx)
 {
-        struct perf_cpu_context *cpuctx;
-
         WARN_ON_ONCE(event->ctx != ctx);
         lockdep_assert_held(&ctx->lock);
 
@@ -1594,20 +1625,7 @@ list_del_event(struct perf_event *event, struct perf_event_context *ctx)
 
         event->attach_state &= ~PERF_ATTACH_CONTEXT;
 
-        if (is_cgroup_event(event)) {
-                ctx->nr_cgroups--;
-                /*
-                 * Because cgroup events are always per-cpu events, this will
-                 * always be called from the right CPU.
-                 */
-                cpuctx = __get_cpu_context(ctx);
-                /*
-                 * If there are no more cgroup events then clear cgrp to avoid
-                 * stale pointer in update_cgrp_time_from_cpuctx().
-                 */
-                if (!ctx->nr_cgroups)
-                        cpuctx->cgrp = NULL;
-        }
+        list_update_cgroup_event(event, ctx, false);
 
         ctx->nr_events--;
         if (event->attr.inherit_stat)
@@ -1716,8 +1734,8 @@ static inline int pmu_filter_match(struct perf_event *event)
 static inline int
 event_filter_match(struct perf_event *event)
 {
-        return (event->cpu == -1 || event->cpu == smp_processor_id())
-            && perf_cgroup_match(event) && pmu_filter_match(event);
+        return (event->cpu == -1 || event->cpu == smp_processor_id()) &&
+               perf_cgroup_match(event) && pmu_filter_match(event);
 }
 
 static void
@@ -1737,8 +1755,8 @@ event_sched_out(struct perf_event *event,
          * maintained, otherwise bogus information is return
          * via read() for time_enabled, time_running:
          */
-        if (event->state == PERF_EVENT_STATE_INACTIVE
-            && !event_filter_match(event)) {
+        if (event->state == PERF_EVENT_STATE_INACTIVE &&
+            !event_filter_match(event)) {
                 delta = tstamp - event->tstamp_stopped;
                 event->tstamp_running += delta;
                 event->tstamp_stopped = tstamp;
@@ -2236,10 +2254,15 @@ perf_install_in_context(struct perf_event_context *ctx,
 
         lockdep_assert_held(&ctx->mutex);
 
-        event->ctx = ctx;
         if (event->cpu != -1)
                 event->cpu = cpu;
 
+        /*
+         * Ensures that if we can observe event->ctx, both the event and ctx
+         * will be 'complete'. See perf_iterate_sb_cpu().
+         */
+        smp_store_release(&event->ctx, ctx);
+
         if (!task) {
                 cpu_function_call(cpu, __perf_install_in_context, event);
                 return;
@@ -5969,6 +5992,14 @@ static void perf_iterate_sb_cpu(perf_iterate_f output, void *data)
         struct perf_event *event;
 
         list_for_each_entry_rcu(event, &pel->list, sb_list) {
+                /*
+                 * Skip events that are not fully formed yet; ensure that
+                 * if we observe event->ctx, both event and ctx will be
+                 * complete enough. See perf_install_in_context().
+                 */
+                if (!smp_load_acquire(&event->ctx))
+                        continue;
+
                 if (event->state < PERF_EVENT_STATE_INACTIVE)
                         continue;
                 if (!event_filter_match(event))
diff --git a/kernel/futex.c b/kernel/futex.c
index 33664f70e2d2..46cb3a301bc1 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -179,7 +179,15 @@ int __read_mostly futex_cmpxchg_enabled;
  * Futex flags used to encode options to functions and preserve them across
  * restarts.
  */
-#define FLAGS_SHARED            0x01
+#ifdef CONFIG_MMU
+# define FLAGS_SHARED           0x01
+#else
+/*
+ * NOMMU does not have per process address space. Let the compiler optimize
+ * code away.
+ */
+# define FLAGS_SHARED           0x00
+#endif
 #define FLAGS_CLOCKRT           0x02
 #define FLAGS_HAS_TIMEOUT       0x04
 
@@ -405,6 +413,16 @@ static void get_futex_key_refs(union futex_key *key)
         if (!key->both.ptr)
                 return;
 
+        /*
+         * On MMU less systems futexes are always "private" as there is no per
+         * process address space. We need the smp wmb nevertheless - yes,
+         * arch/blackfin has MMU less SMP ...
+         */
+        if (!IS_ENABLED(CONFIG_MMU)) {
+                smp_mb(); /* explicit smp_mb(); (B) */
+                return;
+        }
+
         switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
         case FUT_OFF_INODE:
                 ihold(key->shared.inode); /* implies smp_mb(); (B) */
@@ -436,6 +454,9 @@ static void drop_futex_key_refs(union futex_key *key)
                 return;
         }
 
+        if (!IS_ENABLED(CONFIG_MMU))
+                return;
+
         switch (key->both.offset & (FUT_OFF_INODE|FUT_OFF_MMSHARED)) {
         case FUT_OFF_INODE:
                 iput(key->shared.inode);
diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
index 54999350162c..19e9dfbe97fa 100644
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -359,6 +359,17 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
                 else
                         dev_dbg(dev, "irq [%d-%d] for MSI\n",
                                 virq, virq + desc->nvec_used - 1);
+                /*
+                 * This flag is set by the PCI layer as we need to activate
+                 * the MSI entries before the PCI layer enables MSI in the
+                 * card. Otherwise the card latches a random msi message.
+                 */
+                if (info->flags & MSI_FLAG_ACTIVATE_EARLY) {
+                        struct irq_data *irq_data;
+
+                        irq_data = irq_domain_get_irq_data(domain, desc->irq);
+                        irq_domain_activate_irq(irq_data);
+                }
         }
 
         return 0;
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index 0dbea887d625..93ad6c1fb9b6 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -14,6 +14,7 @@
 #include <linux/err.h>
 #include <linux/static_key.h>
 #include <linux/jump_label_ratelimit.h>
+#include <linux/bug.h>
 
 #ifdef HAVE_JUMP_LABEL
 
@@ -56,6 +57,49 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop)
 
 static void jump_label_update(struct static_key *key);
 
+/*
+ * There are similar definitions for the !HAVE_JUMP_LABEL case in jump_label.h.
+ * The use of 'atomic_read()' requires atomic.h and its problematic for some
+ * kernel headers such as kernel.h and others. Since static_key_count() is not
+ * used in the branch statements as it is for the !HAVE_JUMP_LABEL case its ok
+ * to have it be a function here. Similarly, for 'static_key_enable()' and
+ * 'static_key_disable()', which require bug.h. This should allow jump_label.h
+ * to be included from most/all places for HAVE_JUMP_LABEL.
+ */
+int static_key_count(struct static_key *key)
+{
+        /*
+         * -1 means the first static_key_slow_inc() is in progress.
+         *  static_key_enabled() must return true, so return 1 here.
+         */
+        int n = atomic_read(&key->enabled);
+
+        return n >= 0 ? n : 1;
+}
+EXPORT_SYMBOL_GPL(static_key_count);
+
+void static_key_enable(struct static_key *key)
+{
+        int count = static_key_count(key);
+
+        WARN_ON_ONCE(count < 0 || count > 1);
+
+        if (!count)
+                static_key_slow_inc(key);
+}
+EXPORT_SYMBOL_GPL(static_key_enable);
+
+void static_key_disable(struct static_key *key)
+{
+        int count = static_key_count(key);
+
+        WARN_ON_ONCE(count < 0 || count > 1);
+
+        if (count)
+                static_key_slow_dec(key);
+}
+EXPORT_SYMBOL_GPL(static_key_disable);
+
 void static_key_slow_inc(struct static_key *key)
 {
         int v, v1;
@@ -235,6 +279,18 @@ void __init jump_label_init(void)
         struct static_key *key = NULL;
         struct jump_entry *iter;
 
+        /*
+         * Since we are initializing the static_key.enabled field with
+         * with the 'raw' int values (to avoid pulling in atomic.h) in
+         * jump_label.h, let's make sure that is safe. There are only two
+         * cases to check since we initialize to 0 or 1.
+         */
+        BUILD_BUG_ON((int)ATOMIC_INIT(0) != 0);
+        BUILD_BUG_ON((int)ATOMIC_INIT(1) != 1);
+
+        if (static_key_initialized)
+                return;
+
         jump_label_lock();
         jump_label_sort_entries(iter_start, iter_stop);
 
@@ -284,11 +340,14 @@ static int __jump_label_mod_text_reserved(void *start, void *end)
 {
         struct module *mod;
 
+        preempt_disable();
         mod = __module_text_address((unsigned long)start);
+        WARN_ON_ONCE(__module_text_address((unsigned long)end) != mod);
+        preempt_enable();
+
         if (!mod)
                 return 0;
 
-        WARN_ON_ONCE(__module_text_address((unsigned long)end) != mod);
 
         return __jump_label_text_reserved(mod->jump_entries,
                                 mod->jump_entries + mod->num_jump_entries,
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 5c2bc1052691..8bbe50704621 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -309,7 +309,7 @@ static int klp_write_object_relocations(struct module *pmod,
                         break;
         }
 
-        module_enable_ro(pmod);
+        module_enable_ro(pmod, true);
         return ret;
 }
 
diff --git a/kernel/locking/qspinlock_paravirt.h b/kernel/locking/qspinlock_paravirt.h
index 37649e69056c..8a99abf58080 100644
--- a/kernel/locking/qspinlock_paravirt.h
+++ b/kernel/locking/qspinlock_paravirt.h
@@ -450,7 +450,7 @@ pv_wait_head_or_lock(struct qspinlock *lock, struct mcs_spinlock *node)
                                 goto gotlock;
                         }
                 }
-                WRITE_ONCE(pn->state, vcpu_halted);
+                WRITE_ONCE(pn->state, vcpu_hashed);
                 qstat_inc(qstat_pv_wait_head, true);
                 qstat_inc(qstat_pv_wait_again, waitcnt);
                 pv_wait(&l->locked, _Q_SLOW_VAL);
diff --git a/kernel/locking/qspinlock_stat.h b/kernel/locking/qspinlock_stat.h
index 22e025309845..b9d031516254 100644
--- a/kernel/locking/qspinlock_stat.h
+++ b/kernel/locking/qspinlock_stat.h
@@ -153,7 +153,6 @@ static ssize_t qstat_read(struct file *file, char __user *user_buf,
                  */
                 if ((counter == qstat_pv_latency_kick) ||
                     (counter == qstat_pv_latency_wake)) {
-                        stat = 0;
                         if (kicks)
                                 stat = DIV_ROUND_CLOSEST_ULL(stat, kicks);
                 }
diff --git a/kernel/module.c b/kernel/module.c
index a0f48b8b00da..529efae9f481 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -265,7 +265,7 @@ static void module_assert_mutex_or_preempt(void)
         if (unlikely(!debug_locks))
                 return;
 
-        WARN_ON(!rcu_read_lock_sched_held() &&
+        WARN_ON_ONCE(!rcu_read_lock_sched_held() &&
                 !lockdep_is_held(&module_mutex));
 #endif
 }
@@ -337,7 +337,7 @@ static inline void add_taint_module(struct module *mod, unsigned flag,
  * A thread that wants to hold a reference to a module only while it
  * is running can call this to safely exit.  nfsd and lockd use this.
  */
-void __module_put_and_exit(struct module *mod, long code)
+void __noreturn __module_put_and_exit(struct module *mod, long code)
 {
         module_put(mod);
         do_exit(code);
@@ -1694,8 +1694,7 @@ static int module_add_modinfo_attrs(struct module *mod)
 
         temp_attr = mod->modinfo_attrs;
         for (i = 0; (attr = modinfo_attrs[i]) && !error; i++) {
-                if (!attr->test ||
-                    (attr->test && attr->test(mod))) {
+                if (!attr->test || attr->test(mod)) {
                         memcpy(temp_attr, attr, sizeof(*temp_attr));
                         sysfs_attr_init(&temp_attr->attr);
                         error = sysfs_create_file(&mod->mkobj.kobj,
@@ -1859,10 +1858,11 @@ static void mod_sysfs_teardown(struct module *mod)
  * from modification and any data from execution.
  *
  * General layout of module is:
- *          [text] [read-only-data] [writable data]
- * text_size -----^                ^               ^
- * ro_size ------------------------|               |
- * size -------------------------------------------|
+ *          [text] [read-only-data] [ro-after-init] [writable data]
+ * text_size -----^                ^               ^               ^
+ * ro_size ------------------------|               |               |
+ * ro_after_init_size -----------------------------|               |
+ * size -----------------------------------------------------------|
  *
  * These values are always page-aligned (as is base)
  */
@@ -1885,14 +1885,24 @@ static void frob_rodata(const struct module_layout *layout,
                    (layout->ro_size - layout->text_size) >> PAGE_SHIFT);
 }
 
+static void frob_ro_after_init(const struct module_layout *layout,
+                                int (*set_memory)(unsigned long start, int num_pages))
+{
+        BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
+        BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1));
+        BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1));
+        set_memory((unsigned long)layout->base + layout->ro_size,
+                   (layout->ro_after_init_size - layout->ro_size) >> PAGE_SHIFT);
+}
+
 static void frob_writable_data(const struct module_layout *layout,
                                int (*set_memory)(unsigned long start, int num_pages))
 {
         BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
-        BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1));
+        BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1));
         BUG_ON((unsigned long)layout->size & (PAGE_SIZE-1));
-        set_memory((unsigned long)layout->base + layout->ro_size,
-                   (layout->size - layout->ro_size) >> PAGE_SHIFT);
+        set_memory((unsigned long)layout->base + layout->ro_after_init_size,
+                   (layout->size - layout->ro_after_init_size) >> PAGE_SHIFT);
 }
 
 /* livepatching wants to disable read-only so it can frob module. */
@@ -1900,21 +1910,26 @@ void module_disable_ro(const struct module *mod)
 {
         frob_text(&mod->core_layout, set_memory_rw);
         frob_rodata(&mod->core_layout, set_memory_rw);
+        frob_ro_after_init(&mod->core_layout, set_memory_rw);
         frob_text(&mod->init_layout, set_memory_rw);
         frob_rodata(&mod->init_layout, set_memory_rw);
 }
 
-void module_enable_ro(const struct module *mod)
+void module_enable_ro(const struct module *mod, bool after_init)
 {
         frob_text(&mod->core_layout, set_memory_ro);
         frob_rodata(&mod->core_layout, set_memory_ro);
         frob_text(&mod->init_layout, set_memory_ro);
         frob_rodata(&mod->init_layout, set_memory_ro);
+
+        if (after_init)
+                frob_ro_after_init(&mod->core_layout, set_memory_ro);
 }
 
 static void module_enable_nx(const struct module *mod)
 {
         frob_rodata(&mod->core_layout, set_memory_nx);
+        frob_ro_after_init(&mod->core_layout, set_memory_nx);
         frob_writable_data(&mod->core_layout, set_memory_nx);
         frob_rodata(&mod->init_layout, set_memory_nx);
         frob_writable_data(&mod->init_layout, set_memory_nx);
@@ -1923,6 +1938,7 @@ static void module_enable_nx(const struct module *mod)
 static void module_disable_nx(const struct module *mod)
 {
         frob_rodata(&mod->core_layout, set_memory_x);
+        frob_ro_after_init(&mod->core_layout, set_memory_x);
         frob_writable_data(&mod->core_layout, set_memory_x);
         frob_rodata(&mod->init_layout, set_memory_x);
         frob_writable_data(&mod->init_layout, set_memory_x);
@@ -1965,6 +1981,8 @@ static void disable_ro_nx(const struct module_layout *layout)
         frob_text(layout, set_memory_rw);
         frob_rodata(layout, set_memory_rw);
         frob_rodata(layout, set_memory_x);
+        frob_ro_after_init(layout, set_memory_rw);
+        frob_ro_after_init(layout, set_memory_x);
         frob_writable_data(layout, set_memory_x);
 }
 
@@ -2307,6 +2325,7 @@ static void layout_sections(struct module *mod, struct load_info *info)
                  * finder in the two loops below */
                 { SHF_EXECINSTR | SHF_ALLOC, ARCH_SHF_SMALL },
                 { SHF_ALLOC, SHF_WRITE | ARCH_SHF_SMALL },
+                { SHF_RO_AFTER_INIT | SHF_ALLOC, ARCH_SHF_SMALL },
                 { SHF_WRITE | SHF_ALLOC, ARCH_SHF_SMALL },
                 { ARCH_SHF_SMALL | SHF_ALLOC, 0 }
         };
@@ -2338,7 +2357,11 @@ static void layout_sections(struct module *mod, struct load_info *info)
                         mod->core_layout.size = debug_align(mod->core_layout.size);
                         mod->core_layout.ro_size = mod->core_layout.size;
                         break;
-                case 3: /* whole core */
+                case 2: /* RO after init */
+                        mod->core_layout.size = debug_align(mod->core_layout.size);
+                        mod->core_layout.ro_after_init_size = mod->core_layout.size;
+                        break;
+                case 4: /* whole core */
                         mod->core_layout.size = debug_align(mod->core_layout.size);
                         break;
                 }
@@ -2368,7 +2391,14 @@ static void layout_sections(struct module *mod, struct load_info *info)
                         mod->init_layout.size = debug_align(mod->init_layout.size);
                         mod->init_layout.ro_size = mod->init_layout.size;
                         break;
-                case 3: /* whole init */
+                case 2:
+                        /*
+                         * RO after init doesn't apply to init_layout (only
+                         * core_layout), so it just takes the value of ro_size.
+                         */
+                        mod->init_layout.ro_after_init_size = mod->init_layout.ro_size;
+                        break;
+                case 4: /* whole init */
                         mod->init_layout.size = debug_align(mod->init_layout.size);
                         break;
                 }
@@ -2688,13 +2718,18 @@ static inline void kmemleak_load_module(const struct module *mod,
 #endif
 
 #ifdef CONFIG_MODULE_SIG
-static int module_sig_check(struct load_info *info)
+static int module_sig_check(struct load_info *info, int flags)
 {
         int err = -ENOKEY;
         const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
         const void *mod = info->hdr;
 
-        if (info->len > markerlen &&
+        /*
+         * Require flags == 0, as a module with version information
+         * removed is no longer the module that was signed
+         */
+        if (flags == 0 &&
+            info->len > markerlen &&
             memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
                 /* We truncate the module to discard the signature */
                 info->len -= markerlen;
@@ -2713,7 +2748,7 @@ static int module_sig_check(struct load_info *info)
         return err;
 }
 #else /* !CONFIG_MODULE_SIG */
-static int module_sig_check(struct load_info *info)
+static int module_sig_check(struct load_info *info, int flags)
 {
         return 0;
 }
@@ -2921,8 +2956,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
                 return -ENOEXEC;
         }
 
-        if (!get_modinfo(info, "intree"))
+        if (!get_modinfo(info, "intree")) {
+                if (!test_taint(TAINT_OOT_MODULE))
+                        pr_warn("%s: loading out-of-tree module taints kernel.\n",
+                                mod->name);
                 add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
+        }
 
         if (get_modinfo(info, "staging")) {
                 add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
@@ -3091,6 +3130,8 @@ static int move_module(struct module *mod, struct load_info *info)
 
 static int check_module_license_and_versions(struct module *mod)
 {
+        int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
+
         /*
          * ndiswrapper is under GPL by itself, but loads proprietary modules.
          * Don't use add_taint_module(), as it would prevent ndiswrapper from
@@ -3109,6 +3150,9 @@ static int check_module_license_and_versions(struct module *mod)
                 add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
                                  LOCKDEP_NOW_UNRELIABLE);
 
+        if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
+                pr_warn("%s: module license taints kernel.\n", mod->name);
+
 #ifdef CONFIG_MODVERSIONS
         if ((mod->num_syms && !mod->crcs)
             || (mod->num_gpl_syms && !mod->gpl_crcs)
@@ -3156,16 +3200,41 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr,
         return 0;
 }
 
+/* module_blacklist is a comma-separated list of module names */
+static char *module_blacklist;
+static bool blacklisted(char *module_name)
+{
+        const char *p;
+        size_t len;
+
+        if (!module_blacklist)
+                return false;
+
+        for (p = module_blacklist; *p; p += len) {
+                len = strcspn(p, ",");
+                if (strlen(module_name) == len && !memcmp(module_name, p, len))
+                        return true;
+                if (p[len] == ',')
+                        len++;
+        }
+        return false;
+}
+core_param(module_blacklist, module_blacklist, charp, 0400);
+
 static struct module *layout_and_allocate(struct load_info *info, int flags)
 {
         /* Module within temporary copy. */
         struct module *mod;
+        unsigned int ndx;
         int err;
 
         mod = setup_load_info(info, flags);
         if (IS_ERR(mod))
                 return mod;
 
+        if (blacklisted(mod->name))
+                return ERR_PTR(-EPERM);
+
         err = check_modinfo(mod, info, flags);
         if (err)
                 return ERR_PTR(err);
@@ -3179,6 +3248,15 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
         /* We will do a special allocation for per-cpu sections later. */
         info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC;
 
+        /*
+         * Mark ro_after_init section with SHF_RO_AFTER_INIT so that
+         * layout_sections() can put it in the right place.
+         * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set.
+         */
+        ndx = find_sec(info, ".data..ro_after_init");
+        if (ndx)
+                info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;
+
         /* Determine total sizes, and put offsets in sh_entsize.  For now
            this is done generically; there doesn't appear to be any
            special cases for the architectures. */
@@ -3345,12 +3423,14 @@ static noinline int do_init_module(struct module *mod)
         /* Switch to core kallsyms now init is done: kallsyms may be walking! */
         rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms);
 #endif
+        module_enable_ro(mod, true);
         mod_tree_remove_init(mod);
         disable_ro_nx(&mod->init_layout);
         module_arch_freeing_init(mod);
         mod->init_layout.base = NULL;
         mod->init_layout.size = 0;
         mod->init_layout.ro_size = 0;
+        mod->init_layout.ro_after_init_size = 0;
         mod->init_layout.text_size = 0;
         /*
          * We want to free module_init, but be aware that kallsyms may be
@@ -3442,8 +3522,7 @@ static int complete_formation(struct module *mod, struct load_info *info)
         /* This relies on module_mutex for list integrity. */
         module_bug_finalize(info->hdr, info->sechdrs, mod);
 
-        /* Set RO and NX regions */
-        module_enable_ro(mod);
+        module_enable_ro(mod, false);
         module_enable_nx(mod);
 
         /* Mark state as coming so strong_try_module_get() ignores us,
@@ -3499,7 +3578,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
         long err;
         char *after_dashes;
 
-        err = module_sig_check(info);
+        err = module_sig_check(info, flags);
         if (err)
                 goto free_copy;
 
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a881c6a7ba74..33c79b6105c5 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -300,12 +300,12 @@ static int create_image(int platform_mode)
         save_processor_state();
         trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, true);
         error = swsusp_arch_suspend();
+        /* Restore control flow magically appears here */
+        restore_processor_state();
         trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, false);
         if (error)
                 printk(KERN_ERR "PM: Error %d creating hibernation image\n",
                         error);
-        /* Restore control flow magically appears here */
-        restore_processor_state();
         if (!in_suspend)
                 events_check_enabled = false;
 
diff --git a/kernel/printk/internal.h b/kernel/printk/internal.h
index 5d4505f30083..7fd2838fa417 100644
--- a/kernel/printk/internal.h
+++ b/kernel/printk/internal.h
@@ -16,11 +16,9 @@
  */
 #include <linux/percpu.h>
 
-typedef __printf(2, 0) int (*printk_func_t)(int level, const char *fmt,
-                                            va_list args);
+typedef __printf(1, 0) int (*printk_func_t)(const char *fmt, va_list args);
 
-__printf(2, 0)
-int vprintk_default(int level, const char *fmt, va_list args);
+int __printf(1, 0) vprintk_default(const char *fmt, va_list args);
 
 #ifdef CONFIG_PRINTK_NMI
 
@@ -33,10 +31,9 @@ extern raw_spinlock_t logbuf_lock;
  * via per-CPU variable.
  */
 DECLARE_PER_CPU(printk_func_t, printk_func);
-__printf(2, 0)
-static inline int vprintk_func(int level, const char *fmt, va_list args)
+static inline __printf(1, 0) int vprintk_func(const char *fmt, va_list args)
 {
-        return this_cpu_read(printk_func)(level, fmt, args);
+        return this_cpu_read(printk_func)(fmt, args);
 }
 
 extern atomic_t nmi_message_lost;
@@ -47,10 +44,9 @@ static inline int get_nmi_message_lost(void)
 
 #else /* CONFIG_PRINTK_NMI */
 
-__printf(2, 0)
-static inline int vprintk_func(int level, const char *fmt, va_list args)
+static inline __printf(1, 0) int vprintk_func(const char *fmt, va_list args)
 {
-        return vprintk_default(level, fmt, args);
+        return vprintk_default(fmt, args);
 }
 
 static inline int get_nmi_message_lost(void)
diff --git a/kernel/printk/nmi.c b/kernel/printk/nmi.c
index bc3eeb1ae6da..b69eb8a2876f 100644
--- a/kernel/printk/nmi.c
+++ b/kernel/printk/nmi.c
@@ -58,7 +58,7 @@ static DEFINE_PER_CPU(struct nmi_seq_buf, nmi_print_seq);
  * one writer running. But the buffer might get flushed from another
  * CPU, so we need to be careful.
  */
-static int vprintk_nmi(int level, const char *fmt, va_list args)
+static int vprintk_nmi(const char *fmt, va_list args)
 {
         struct nmi_seq_buf *s = this_cpu_ptr(&nmi_print_seq);
         int add = 0;
@@ -79,16 +79,7 @@ again:
         if (!len)
                 smp_rmb();
 
-        if (level != LOGLEVEL_DEFAULT) {
-                add = snprintf(s->buffer + len, sizeof(s->buffer) - len,
-                                KERN_SOH "%c", '0' + level);
-                add += vsnprintf(s->buffer + len + add,
-                                 sizeof(s->buffer) - len - add,
-                                 fmt, args);
-        } else {
-                add = vsnprintf(s->buffer + len, sizeof(s->buffer) - len,
-                                fmt, args);
-        }
+        add = vsnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, args);
 
         /*
          * Do it once again if the buffer has been flushed in the meantime.
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index a5ef95ca18c9..eea6dbc2d8cf 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -1930,28 +1930,7 @@ asmlinkage int printk_emit(int facility, int level,
 }
 EXPORT_SYMBOL(printk_emit);
 
-#ifdef CONFIG_PRINTK
-#define define_pr_level(func, loglevel)                         \
-asmlinkage __visible void func(const char *fmt, ...)            \
-{                                                               \
-        va_list args;                                           \
-                                                                \
-        va_start(args, fmt);                                    \
-        vprintk_default(loglevel, fmt, args);                   \
-        va_end(args);                                           \
-}                                                               \
-EXPORT_SYMBOL(func)
-
-define_pr_level(__pr_emerg, LOGLEVEL_EMERG);
-define_pr_level(__pr_alert, LOGLEVEL_ALERT);
-define_pr_level(__pr_crit, LOGLEVEL_CRIT);
-define_pr_level(__pr_err, LOGLEVEL_ERR);
-define_pr_level(__pr_warn, LOGLEVEL_WARNING);
-define_pr_level(__pr_notice, LOGLEVEL_NOTICE);
-define_pr_level(__pr_info, LOGLEVEL_INFO);
-#endif
-
-int vprintk_default(int level, const char *fmt, va_list args)
+int vprintk_default(const char *fmt, va_list args)
 {
         int r;
 
@@ -1961,7 +1940,7 @@ int vprintk_default(int level, const char *fmt, va_list args)
                 return r;
         }
 #endif
-        r = vprintk_emit(0, level, NULL, 0, fmt, args);
+        r = vprintk_emit(0, LOGLEVEL_DEFAULT, NULL, 0, fmt, args);
 
         return r;
 }
@@ -1994,7 +1973,7 @@ asmlinkage __visible int printk(const char *fmt, ...)
         int r;
 
         va_start(args, fmt);
-        r = vprintk_func(LOGLEVEL_DEFAULT, fmt, args);
+        r = vprintk_func(fmt, args);
         va_end(args);
 
         return r;
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index d49bfa1e53e6..1d3b7665d0be 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -585,8 +585,8 @@ static int ptrace_setoptions(struct task_struct *child, unsigned long data)
                 return -EINVAL;
 
         if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
-                if (!config_enabled(CONFIG_CHECKPOINT_RESTORE) ||
-                    !config_enabled(CONFIG_SECCOMP))
+                if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) ||
+                    !IS_ENABLED(CONFIG_SECCOMP))
                         return -EINVAL;
 
                 if (!capable(CAP_SYS_ADMIN))
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 5c883fe8e440..2a906f20fba7 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -74,6 +74,7 @@
 #include <linux/context_tracking.h>
 #include <linux/compiler.h>
 #include <linux/frame.h>
+#include <linux/prefetch.h>
 
 #include <asm/switch_to.h>
 #include <asm/tlb.h>
@@ -2972,6 +2973,23 @@ EXPORT_PER_CPU_SYMBOL(kstat);
 EXPORT_PER_CPU_SYMBOL(kernel_cpustat);
 
 /*
+ * The function fair_sched_class.update_curr accesses the struct curr
+ * and its field curr->exec_start; when called from task_sched_runtime(),
+ * we observe a high rate of cache misses in practice.
+ * Prefetching this data results in improved performance.
+ */
+static inline void prefetch_curr_exec_start(struct task_struct *p)
+{
+#ifdef CONFIG_FAIR_GROUP_SCHED
+        struct sched_entity *curr = (&p->se)->cfs_rq->curr;
+#else
+        struct sched_entity *curr = (&task_rq(p)->cfs)->curr;
+#endif
+        prefetch(curr);
+        prefetch(&curr->exec_start);
+}
+
+/*
  * Return accounted runtime for the task.
  * In case the task is currently running, return the runtime plus current's
  * pending runtime that have not been accounted yet.
@@ -3005,6 +3023,7 @@ unsigned long long task_sched_runtime(struct task_struct *p)
          * thread, breaking clock_gettime().
          */
         if (task_current(rq, p) && task_on_rq_queued(p)) {
+                prefetch_curr_exec_start(p);
                 update_rq_clock(rq);
                 p->sched_class->update_curr(rq);
         }
diff --git a/kernel/sched/cpudeadline.c b/kernel/sched/cpudeadline.c
index 5be58820465c..d4184498c9f5 100644
--- a/kernel/sched/cpudeadline.c
+++ b/kernel/sched/cpudeadline.c
@@ -168,7 +168,7 @@ void cpudl_set(struct cpudl *cp, int cpu, u64 dl, int is_valid)
 
         if (old_idx == IDX_INVALID) {
                 cp->size++;
-                cp->elements[cp->size - 1].dl = 0;
+                cp->elements[cp->size - 1].dl = dl;
                 cp->elements[cp->size - 1].cpu = cpu;
                 cp->elements[cpu].idx = cp->size - 1;
                 cpudl_change_key(cp, cp->size - 1, dl);
diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c
index 1934f658c036..9858266fb0b3 100644
--- a/kernel/sched/cputime.c
+++ b/kernel/sched/cputime.c
@@ -508,13 +508,21 @@ void account_process_tick(struct task_struct *p, int user_tick)
  */
 void account_idle_ticks(unsigned long ticks)
 {
+        cputime_t cputime, steal;
 
         if (sched_clock_irqtime) {
                 irqtime_account_idle_ticks(ticks);
                 return;
         }
 
-        account_idle_time(jiffies_to_cputime(ticks));
+        cputime = jiffies_to_cputime(ticks);
+        steal = steal_account_process_time(cputime);
+
+        if (steal >= cputime)
+                return;
+
+        cputime -= steal;
+        account_idle_time(cputime);
 }
 
 /*
diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index fcb7f0217ff4..1ce8867283dc 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -658,8 +658,11 @@ static enum hrtimer_restart dl_task_timer(struct hrtimer *timer)
          *
          * XXX figure out if select_task_rq_dl() deals with offline cpus.
          */
-        if (unlikely(!rq->online))
+        if (unlikely(!rq->online)) {
+                lockdep_unpin_lock(&rq->lock, rf.cookie);
                 rq = dl_task_offline_migration(rq, p);
+                rf.cookie = lockdep_pin_lock(&rq->lock);
+        }
 
         /*
          * Queueing this task back might have overloaded rq, check if we need
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 4088eedea763..039de34f1521 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4269,7 +4269,7 @@ static void sync_throttle(struct task_group *tg, int cpu)
         pcfs_rq = tg->parent->cfs_rq[cpu];
 
         cfs_rq->throttle_count = pcfs_rq->throttle_count;
-        pcfs_rq->throttled_clock_task = rq_clock_task(cpu_rq(cpu));
+        cfs_rq->throttled_clock_task = rq_clock_task(cpu_rq(cpu));
 }
 
 /* conditionally throttle active cfs_rq's from put_prev_entity() */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 54d15eb2b701..ef6c6c3f9d8a 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -347,7 +347,7 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog)
 {
         struct seccomp_filter *sfilter;
         int ret;
-        const bool save_orig = config_enabled(CONFIG_CHECKPOINT_RESTORE);
+        const bool save_orig = IS_ENABLED(CONFIG_CHECKPOINT_RESTORE);
 
         if (fprog->len == 0 || fprog->len > BPF_MAXINSNS)
                 return ERR_PTR(-EINVAL);
@@ -542,7 +542,7 @@ void secure_computing_strict(int this_syscall)
 {
         int mode = current->seccomp.mode;
 
-        if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+        if (IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) &&
             unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
                 return;
 
@@ -655,7 +655,7 @@ int __secure_computing(const struct seccomp_data *sd)
         int mode = current->seccomp.mode;
         int this_syscall;
 
-        if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+        if (IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) &&
             unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
                 return 0;
 
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 555670a5143c..32bf6f75a8fe 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -1496,6 +1496,7 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
         struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
         u64 expires = KTIME_MAX;
         unsigned long nextevt;
+        bool is_max_delta;
 
         /*
          * Pretend that there is no timer pending if the cpu is offline.
@@ -1506,6 +1507,7 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
 
         spin_lock(&base->lock);
         nextevt = __next_timer_interrupt(base);
+        is_max_delta = (nextevt == base->clk + NEXT_TIMER_MAX_DELTA);
         base->next_expiry = nextevt;
         /*
          * We have a fresh next event. Check whether we can forward the base:
@@ -1519,7 +1521,8 @@ u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
                 expires = basem;
                 base->is_idle = false;
         } else {
-                expires = basem + (nextevt - basej) * TICK_NSEC;
+                if (!is_max_delta)
+                        expires = basem + (nextevt - basej) * TICK_NSEC;
                 /*
                  * If we expect to sleep more than a tick, mark the base idle:
                  */
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
index fb345cd11883..7598e6ca817a 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -776,7 +776,7 @@ static void blk_add_trace_bio(struct request_queue *q, struct bio *bio,
                 return;
 
         __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size,
-                        bio_op(bio), bio->bi_rw, what, error, 0, NULL);
+                        bio_op(bio), bio->bi_opf, what, error, 0, NULL);
 }
 
 static void blk_add_trace_bio_bounce(void *ignore,
@@ -881,7 +881,7 @@ static void blk_add_trace_split(void *ignore,
                 __be64 rpdu = cpu_to_be64(pdu);
 
                 __blk_add_trace(bt, bio->bi_iter.bi_sector,
-                                bio->bi_iter.bi_size, bio_op(bio), bio->bi_rw,
+                                bio->bi_iter.bi_size, bio_op(bio), bio->bi_opf,
                                 BLK_TA_SPLIT, bio->bi_error, sizeof(rpdu),
                                 &rpdu);
         }
@@ -915,7 +915,7 @@ static void blk_add_trace_bio_remap(void *ignore,
         r.sector_from = cpu_to_be64(from);
 
         __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size,
-                        bio_op(bio), bio->bi_rw, BLK_TA_REMAP, bio->bi_error,
+                        bio_op(bio), bio->bi_opf, BLK_TA_REMAP, bio->bi_error,
                         sizeof(r), &r);
 }