aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/ABI/testing/sysfs-block-rssd21
-rw-r--r--Documentation/device-mapper/verity.txt131
-rw-r--r--Documentation/devicetree/bindings/input/fsl-mma8450.txt1
-rw-r--r--Documentation/devicetree/bindings/mfd/mc13xxx.txt4
-rw-r--r--Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt4
-rw-r--r--Documentation/devicetree/bindings/net/fsl-fec.txt2
-rw-r--r--Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt4
-rw-r--r--Documentation/devicetree/bindings/vendor-prefixes.txt1
-rw-r--r--Documentation/prctl/no_new_privs.txt50
-rw-r--r--Documentation/virtual/kvm/api.txt17
-rw-r--r--MAINTAINERS4
-rw-r--r--arch/arm/kernel/vmlinux.lds.S2
-rw-r--r--arch/arm/mm/mmu.c74
-rw-r--r--arch/powerpc/kvm/book3s_hv_rmhandlers.S2
-rw-r--r--arch/powerpc/xmon/xmon.c2
-rw-r--r--arch/x86/kvm/mmu.c3
-rw-r--r--block/blk-cgroup.c9
-rw-r--r--block/blk-core.c25
-rw-r--r--block/blk-timeout.c41
-rw-r--r--block/cfq-iosched.c30
-rw-r--r--block/scsi_ioctl.c5
-rw-r--r--drivers/block/drbd/drbd_bitmap.c11
-rw-r--r--drivers/block/drbd/drbd_req.c66
-rw-r--r--drivers/block/floppy.c1
-rw-r--r--drivers/block/mtip32xx/mtip32xx.c166
-rw-r--r--drivers/block/mtip32xx/mtip32xx.h5
-rw-r--r--drivers/block/umem.c40
-rw-r--r--drivers/block/xen-blkback/common.h2
-rw-r--r--drivers/block/xen-blkfront.c58
-rw-r--r--drivers/clk/clk.c28
-rw-r--r--drivers/gpu/drm/drm_edid.c27
-rw-r--r--drivers/gpu/drm/i915/i915_dma.c37
-rw-r--r--drivers/gpu/drm/radeon/radeon_gart.c13
-rw-r--r--drivers/gpu/drm/radeon/radeon_gem.c10
-rw-r--r--drivers/gpu/drm/radeon/si.c4
-rw-r--r--drivers/leds/ledtrig-heartbeat.c16
-rw-r--r--drivers/md/dm-thin.c7
-rw-r--r--drivers/md/md.c8
-rw-r--r--drivers/md/multipath.c3
-rw-r--r--drivers/md/persistent-data/dm-space-map-checker.c54
-rw-r--r--drivers/md/persistent-data/dm-space-map-disk.c11
-rw-r--r--drivers/md/persistent-data/dm-transaction-manager.c11
-rw-r--r--drivers/md/raid1.c13
-rw-r--r--drivers/md/raid10.c26
-rw-r--r--drivers/md/raid5.c67
-rw-r--r--drivers/net/ethernet/freescale/gianfar.c10
-rw-r--r--drivers/net/ethernet/intel/e1000e/defines.h1
-rw-r--r--drivers/net/ethernet/intel/e1000e/netdev.c75
-rw-r--r--drivers/net/ethernet/intel/igbvf/ethtool.c29
-rw-r--r--drivers/net/ethernet/ti/davinci_cpdma.c1
-rw-r--r--drivers/net/usb/qmi_wwan.c4
-rw-r--r--drivers/net/wireless/ath/ath.h1
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.c2
-rw-r--r--drivers/net/wireless/ath/ath9k/recv.c7
-rw-r--r--drivers/net/wireless/ath/key.c4
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-mac80211.c12
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.c5
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.h7
-rw-r--r--drivers/net/wireless/mwifiex/ie.c1
-rw-r--r--drivers/net/wireless/mwifiex/sdio.c6
-rw-r--r--drivers/net/wireless/mwifiex/sta_event.c9
-rw-r--r--drivers/net/wireless/mwifiex/usb.c28
-rw-r--r--drivers/net/wireless/mwifiex/wmm.c3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192cu/sw.c3
-rw-r--r--drivers/net/wireless/ti/wlcore/Kconfig1
-rw-r--r--drivers/of/base.c30
-rw-r--r--drivers/of/platform.c1
-rw-r--r--fs/btrfs/backref.c15
-rw-r--r--fs/btrfs/ctree.c60
-rw-r--r--fs/btrfs/disk-io.c34
-rw-r--r--fs/btrfs/extent-tree.c11
-rw-r--r--fs/btrfs/extent_io.c14
-rw-r--r--fs/btrfs/file.c13
-rw-r--r--fs/btrfs/free-space-cache.c145
-rw-r--r--fs/btrfs/inode.c57
-rw-r--r--fs/btrfs/ioctl.h2
-rw-r--r--fs/btrfs/super.c4
-rw-r--r--fs/btrfs/tree-log.c6
-rw-r--r--fs/btrfs/volumes.c95
-rw-r--r--fs/btrfs/volumes.h3
-rw-r--r--fs/splice.c35
-rw-r--r--include/linux/blkdev.h1
-rw-r--r--include/linux/kvm_host.h4
-rw-r--r--include/linux/splice.h8
-rw-r--r--include/net/sctp/structs.h4
-rw-r--r--include/net/sctp/tsnmap.h3
-rw-r--r--kernel/relay.c5
-rw-r--r--kernel/trace/trace.c6
-rw-r--r--mm/shmem.c3
-rw-r--r--net/core/dev.c4
-rw-r--r--net/core/skbuff.c1
-rw-r--r--net/mac80211/mlme.c13
-rw-r--r--net/mac80211/rx.c5
-rw-r--r--net/netfilter/ipset/ip_set_core.c12
-rw-r--r--net/netfilter/ipset/ip_set_hash_netiface.c32
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c14
-rw-r--r--net/netfilter/nfnetlink.c4
-rw-r--r--net/nfc/nci/ntf.c10
-rw-r--r--net/nfc/rawsock.c5
-rw-r--r--net/sctp/associola.c1
-rw-r--r--net/sctp/output.c5
-rw-r--r--net/sctp/sm_make_chunk.c16
-rw-r--r--net/sctp/sm_sideeffect.c2
-rw-r--r--net/sctp/transport.c2
-rw-r--r--net/sctp/tsnmap.c6
-rw-r--r--net/sctp/ulpevent.c3
-rw-r--r--net/sctp/ulpqueue.c2
-rw-r--r--security/security.c1
-rw-r--r--sound/pci/hda/patch_realtek.c28
-rw-r--r--sound/soc/codecs/tlv320aic3x.c4
-rw-r--r--sound/soc/codecs/tlv320aic3x.h1
-rw-r--r--sound/soc/codecs/wm2200.c1
-rw-r--r--virt/kvm/eventfd.c23
-rw-r--r--virt/kvm/kvm_main.c3
114 files changed, 1305 insertions, 777 deletions
diff --git a/Documentation/ABI/testing/sysfs-block-rssd b/Documentation/ABI/testing/sysfs-block-rssd
index 679ce3543122..beef30c046b0 100644
--- a/Documentation/ABI/testing/sysfs-block-rssd
+++ b/Documentation/ABI/testing/sysfs-block-rssd
@@ -1,26 +1,5 @@
1What: /sys/block/rssd*/registers
2Date: March 2012
3KernelVersion: 3.3
4Contact: Asai Thambi S P <asamymuthupa@micron.com>
5Description: This is a read-only file. Dumps below driver information and
6 hardware registers.
7 - S ACTive
8 - Command Issue
9 - Completed
10 - PORT IRQ STAT
11 - HOST IRQ STAT
12 - Allocated
13 - Commands in Q
14
15What: /sys/block/rssd*/status 1What: /sys/block/rssd*/status
16Date: April 2012 2Date: April 2012
17KernelVersion: 3.4 3KernelVersion: 3.4
18Contact: Asai Thambi S P <asamymuthupa@micron.com> 4Contact: Asai Thambi S P <asamymuthupa@micron.com>
19Description: This is a read-only file. Indicates the status of the device. 5Description: This is a read-only file. Indicates the status of the device.
20
21What: /sys/block/rssd*/flags
22Date: May 2012
23KernelVersion: 3.5
24Contact: Asai Thambi S P <asamymuthupa@micron.com>
25Description: This is a read-only file. Dumps the flags in port and driver
26 data structure
diff --git a/Documentation/device-mapper/verity.txt b/Documentation/device-mapper/verity.txt
index 32e48797a14f..9884681535ee 100644
--- a/Documentation/device-mapper/verity.txt
+++ b/Documentation/device-mapper/verity.txt
@@ -7,39 +7,39 @@ This target is read-only.
7 7
8Construction Parameters 8Construction Parameters
9======================= 9=======================
10 <version> <dev> <hash_dev> <hash_start> 10 <version> <dev> <hash_dev>
11 <data_block_size> <hash_block_size> 11 <data_block_size> <hash_block_size>
12 <num_data_blocks> <hash_start_block> 12 <num_data_blocks> <hash_start_block>
13 <algorithm> <digest> <salt> 13 <algorithm> <digest> <salt>
14 14
15<version> 15<version>
16 This is the version number of the on-disk format. 16 This is the type of the on-disk hash format.
17 17
18 0 is the original format used in the Chromium OS. 18 0 is the original format used in the Chromium OS.
19 The salt is appended when hashing, digests are stored continuously and 19 The salt is appended when hashing, digests are stored continuously and
20 the rest of the block is padded with zeros. 20 the rest of the block is padded with zeros.
21 21
22 1 is the current format that should be used for new devices. 22 1 is the current format that should be used for new devices.
23 The salt is prepended when hashing and each digest is 23 The salt is prepended when hashing and each digest is
24 padded with zeros to the power of two. 24 padded with zeros to the power of two.
25 25
26<dev> 26<dev>
27 This is the device containing the data the integrity of which needs to be 27 This is the device containing data, the integrity of which needs to be
28 checked. It may be specified as a path, like /dev/sdaX, or a device number, 28 checked. It may be specified as a path, like /dev/sdaX, or a device number,
29 <major>:<minor>. 29 <major>:<minor>.
30 30
31<hash_dev> 31<hash_dev>
32 This is the device that that supplies the hash tree data. It may be 32 This is the device that supplies the hash tree data. It may be
33 specified similarly to the device path and may be the same device. If the 33 specified similarly to the device path and may be the same device. If the
34 same device is used, the hash_start should be outside of the dm-verity 34 same device is used, the hash_start should be outside the configured
35 configured device size. 35 dm-verity device.
36 36
37<data_block_size> 37<data_block_size>
38 The block size on a data device. Each block corresponds to one digest on 38 The block size on a data device in bytes.
39 the hash device. 39 Each block corresponds to one digest on the hash device.
40 40
41<hash_block_size> 41<hash_block_size>
42 The size of a hash block. 42 The size of a hash block in bytes.
43 43
44<num_data_blocks> 44<num_data_blocks>
45 The number of data blocks on the data device. Additional blocks are 45 The number of data blocks on the data device. Additional blocks are
@@ -65,7 +65,7 @@ Construction Parameters
65Theory of operation 65Theory of operation
66=================== 66===================
67 67
68dm-verity is meant to be setup as part of a verified boot path. This 68dm-verity is meant to be set up as part of a verified boot path. This
69may be anything ranging from a boot using tboot or trustedgrub to just 69may be anything ranging from a boot using tboot or trustedgrub to just
70booting from a known-good device (like a USB drive or CD). 70booting from a known-good device (like a USB drive or CD).
71 71
@@ -73,20 +73,20 @@ When a dm-verity device is configured, it is expected that the caller
73has been authenticated in some way (cryptographic signatures, etc). 73has been authenticated in some way (cryptographic signatures, etc).
74After instantiation, all hashes will be verified on-demand during 74After instantiation, all hashes will be verified on-demand during
75disk access. If they cannot be verified up to the root node of the 75disk access. If they cannot be verified up to the root node of the
76tree, the root hash, then the I/O will fail. This should identify 76tree, the root hash, then the I/O will fail. This should detect
77tampering with any data on the device and the hash data. 77tampering with any data on the device and the hash data.
78 78
79Cryptographic hashes are used to assert the integrity of the device on a 79Cryptographic hashes are used to assert the integrity of the device on a
80per-block basis. This allows for a lightweight hash computation on first read 80per-block basis. This allows for a lightweight hash computation on first read
81into the page cache. Block hashes are stored linearly-aligned to the nearest 81into the page cache. Block hashes are stored linearly, aligned to the nearest
82block the size of a page. 82block size.
83 83
84Hash Tree 84Hash Tree
85--------- 85---------
86 86
87Each node in the tree is a cryptographic hash. If it is a leaf node, the hash 87Each node in the tree is a cryptographic hash. If it is a leaf node, the hash
88is of some block data on disk. If it is an intermediary node, then the hash is 88of some data block on disk is calculated. If it is an intermediary node,
89of a number of child nodes. 89the hash of a number of child nodes is calculated.
90 90
91Each entry in the tree is a collection of neighboring nodes that fit in one 91Each entry in the tree is a collection of neighboring nodes that fit in one
92block. The number is determined based on block_size and the size of the 92block. The number is determined based on block_size and the size of the
@@ -110,63 +110,23 @@ alg = sha256, num_blocks = 32768, block_size = 4096
110On-disk format 110On-disk format
111============== 111==============
112 112
113Below is the recommended on-disk format. The verity kernel code does not 113The verity kernel code does not read the verity metadata on-disk header.
114read the on-disk header. It only reads the hash blocks which directly 114It only reads the hash blocks which directly follow the header.
115follow the header. It is expected that a user-space tool will verify the 115It is expected that a user-space tool will verify the integrity of the
116integrity of the verity_header and then call dmsetup with the correct 116verity header.
117parameters. Alternatively, the header can be omitted and the dmsetup
118parameters can be passed via the kernel command-line in a rooted chain
119of trust where the command-line is verified.
120 117
121The on-disk format is especially useful in cases where the hash blocks 118Alternatively, the header can be omitted and the dmsetup parameters can
122are on a separate partition. The magic number allows easy identification 119be passed via the kernel command-line in a rooted chain of trust where
123of the partition contents. Alternatively, the hash blocks can be stored 120the command-line is verified.
124in the same partition as the data to be verified. In such a configuration
125the filesystem on the partition would be sized a little smaller than
126the full-partition, leaving room for the hash blocks.
127
128struct superblock {
129 uint8_t signature[8]
130 "verity\0\0";
131
132 uint8_t version;
133 1 - current format
134
135 uint8_t data_block_bits;
136 log2(data block size)
137
138 uint8_t hash_block_bits;
139 log2(hash block size)
140
141 uint8_t pad1[1];
142 zero padding
143
144 uint16_t salt_size;
145 big-endian salt size
146
147 uint8_t pad2[2];
148 zero padding
149
150 uint32_t data_blocks_hi;
151 big-endian high 32 bits of the 64-bit number of data blocks
152
153 uint32_t data_blocks_lo;
154 big-endian low 32 bits of the 64-bit number of data blocks
155
156 uint8_t algorithm[16];
157 cryptographic algorithm
158
159 uint8_t salt[384];
160 salt (the salt size is specified above)
161
162 uint8_t pad3[88];
163 zero padding to 512-byte boundary
164}
165 121
166Directly following the header (and with sector number padded to the next hash 122Directly following the header (and with sector number padded to the next hash
167block boundary) are the hash blocks which are stored a depth at a time 123block boundary) are the hash blocks which are stored a depth at a time
168(starting from the root), sorted in order of increasing index. 124(starting from the root), sorted in order of increasing index.
169 125
126The full specification of kernel parameters and on-disk metadata format
127is available at the cryptsetup project's wiki page
128 http://code.google.com/p/cryptsetup/wiki/DMVerity
129
170Status 130Status
171====== 131======
172V (for Valid) is returned if every check performed so far was valid. 132V (for Valid) is returned if every check performed so far was valid.
@@ -174,21 +134,22 @@ If any check failed, C (for Corruption) is returned.
174 134
175Example 135Example
176======= 136=======
177 137Set up a device:
178Setup a device: 138 # dmsetup create vroot --readonly --table \
179 dmsetup create vroot --table \ 139 "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
180 "0 2097152 "\
181 "verity 1 /dev/sda1 /dev/sda2 4096 4096 2097152 1 "\
182 "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\ 140 "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
183 "1234000000000000000000000000000000000000000000000000000000000000" 141 "1234000000000000000000000000000000000000000000000000000000000000"
184 142
185A command line tool veritysetup is available to compute or verify 143A command line tool veritysetup is available to compute or verify
186the hash tree or activate the kernel driver. This is available from 144the hash tree or activate the kernel device. This is available from
187the LVM2 upstream repository and may be supplied as a package called 145the cryptsetup upstream repository http://code.google.com/p/cryptsetup/
188device-mapper-verity-tools: 146(as a libcryptsetup extension).
189 git://sources.redhat.com/git/lvm2 147
190 http://sourceware.org/git/?p=lvm2.git 148Create hash on the device:
191 http://sourceware.org/cgi-bin/cvsweb.cgi/LVM2/verity?cvsroot=lvm2 149 # veritysetup format /dev/sda1 /dev/sda2
192 150 ...
193veritysetup -a vroot /dev/sda1 /dev/sda2 \ 151 Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
194 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 152
153Activate the device:
154 # veritysetup create vroot /dev/sda1 /dev/sda2 \
155 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
diff --git a/Documentation/devicetree/bindings/input/fsl-mma8450.txt b/Documentation/devicetree/bindings/input/fsl-mma8450.txt
index a00c94ccbdee..0b96e5737d3a 100644
--- a/Documentation/devicetree/bindings/input/fsl-mma8450.txt
+++ b/Documentation/devicetree/bindings/input/fsl-mma8450.txt
@@ -2,6 +2,7 @@
2 2
3Required properties: 3Required properties:
4- compatible : "fsl,mma8450". 4- compatible : "fsl,mma8450".
5- reg: the I2C address of MMA8450
5 6
6Example: 7Example:
7 8
diff --git a/Documentation/devicetree/bindings/mfd/mc13xxx.txt b/Documentation/devicetree/bindings/mfd/mc13xxx.txt
index 19f6af47a792..baf07987ae68 100644
--- a/Documentation/devicetree/bindings/mfd/mc13xxx.txt
+++ b/Documentation/devicetree/bindings/mfd/mc13xxx.txt
@@ -46,8 +46,8 @@ Examples:
46 46
47ecspi@70010000 { /* ECSPI1 */ 47ecspi@70010000 { /* ECSPI1 */
48 fsl,spi-num-chipselects = <2>; 48 fsl,spi-num-chipselects = <2>;
49 cs-gpios = <&gpio3 24 0>, /* GPIO4_24 */ 49 cs-gpios = <&gpio4 24 0>, /* GPIO4_24 */
50 <&gpio3 25 0>; /* GPIO4_25 */ 50 <&gpio4 25 0>; /* GPIO4_25 */
51 status = "okay"; 51 status = "okay";
52 52
53 pmic: mc13892@0 { 53 pmic: mc13892@0 {
diff --git a/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt b/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
index c7e404b3ef05..fea541ee8b34 100644
--- a/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
+++ b/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
@@ -29,6 +29,6 @@ esdhc@70008000 {
29 compatible = "fsl,imx51-esdhc"; 29 compatible = "fsl,imx51-esdhc";
30 reg = <0x70008000 0x4000>; 30 reg = <0x70008000 0x4000>;
31 interrupts = <2>; 31 interrupts = <2>;
32 cd-gpios = <&gpio0 6 0>; /* GPIO1_6 */ 32 cd-gpios = <&gpio1 6 0>; /* GPIO1_6 */
33 wp-gpios = <&gpio0 5 0>; /* GPIO1_5 */ 33 wp-gpios = <&gpio1 5 0>; /* GPIO1_5 */
34}; 34};
diff --git a/Documentation/devicetree/bindings/net/fsl-fec.txt b/Documentation/devicetree/bindings/net/fsl-fec.txt
index 7ab9e1a2d8be..4616fc28ee86 100644
--- a/Documentation/devicetree/bindings/net/fsl-fec.txt
+++ b/Documentation/devicetree/bindings/net/fsl-fec.txt
@@ -19,6 +19,6 @@ ethernet@83fec000 {
19 reg = <0x83fec000 0x4000>; 19 reg = <0x83fec000 0x4000>;
20 interrupts = <87>; 20 interrupts = <87>;
21 phy-mode = "mii"; 21 phy-mode = "mii";
22 phy-reset-gpios = <&gpio1 14 0>; /* GPIO2_14 */ 22 phy-reset-gpios = <&gpio2 14 0>; /* GPIO2_14 */
23 local-mac-address = [00 04 9F 01 1B B9]; 23 local-mac-address = [00 04 9F 01 1B B9];
24}; 24};
diff --git a/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt b/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
index 9841057d112b..4256a6df9b79 100644
--- a/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
+++ b/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
@@ -17,6 +17,6 @@ ecspi@70010000 {
17 reg = <0x70010000 0x4000>; 17 reg = <0x70010000 0x4000>;
18 interrupts = <36>; 18 interrupts = <36>;
19 fsl,spi-num-chipselects = <2>; 19 fsl,spi-num-chipselects = <2>;
20 cs-gpios = <&gpio3 24 0>, /* GPIO4_24 */ 20 cs-gpios = <&gpio3 24 0>, /* GPIO3_24 */
21 <&gpio3 25 0>; /* GPIO4_25 */ 21 <&gpio3 25 0>; /* GPIO3_25 */
22}; 22};
diff --git a/Documentation/devicetree/bindings/vendor-prefixes.txt b/Documentation/devicetree/bindings/vendor-prefixes.txt
index 6eab91747a86..db4d3af3643c 100644
--- a/Documentation/devicetree/bindings/vendor-prefixes.txt
+++ b/Documentation/devicetree/bindings/vendor-prefixes.txt
@@ -3,6 +3,7 @@ Device tree binding vendor prefix registry. Keep list in alphabetical order.
3This isn't an exhaustive list, but you should add new prefixes to it before 3This isn't an exhaustive list, but you should add new prefixes to it before
4using them to avoid name-space collisions. 4using them to avoid name-space collisions.
5 5
6ad Avionic Design GmbH
6adi Analog Devices, Inc. 7adi Analog Devices, Inc.
7amcc Applied Micro Circuits Corporation (APM, formally AMCC) 8amcc Applied Micro Circuits Corporation (APM, formally AMCC)
8apm Applied Micro Circuits Corporation (APM) 9apm Applied Micro Circuits Corporation (APM)
diff --git a/Documentation/prctl/no_new_privs.txt b/Documentation/prctl/no_new_privs.txt
new file mode 100644
index 000000000000..cb705ec69abe
--- /dev/null
+++ b/Documentation/prctl/no_new_privs.txt
@@ -0,0 +1,50 @@
1The execve system call can grant a newly-started program privileges that
2its parent did not have. The most obvious examples are setuid/setgid
3programs and file capabilities. To prevent the parent program from
4gaining these privileges as well, the kernel and user code must be
5careful to prevent the parent from doing anything that could subvert the
6child. For example:
7
8 - The dynamic loader handles LD_* environment variables differently if
9 a program is setuid.
10
11 - chroot is disallowed to unprivileged processes, since it would allow
12 /etc/passwd to be replaced from the point of view of a process that
13 inherited chroot.
14
15 - The exec code has special handling for ptrace.
16
17These are all ad-hoc fixes. The no_new_privs bit (since Linux 3.5) is a
18new, generic mechanism to make it safe for a process to modify its
19execution environment in a manner that persists across execve. Any task
20can set no_new_privs. Once the bit is set, it is inherited across fork,
21clone, and execve and cannot be unset. With no_new_privs set, execve
22promises not to grant the privilege to do anything that could not have
23been done without the execve call. For example, the setuid and setgid
24bits will no longer change the uid or gid; file capabilities will not
25add to the permitted set, and LSMs will not relax constraints after
26execve.
27
28Note that no_new_privs does not prevent privilege changes that do not
29involve execve. An appropriately privileged task can still call
30setuid(2) and receive SCM_RIGHTS datagrams.
31
32There are two main use cases for no_new_privs so far:
33
34 - Filters installed for the seccomp mode 2 sandbox persist across
35 execve and can change the behavior of newly-executed programs.
36 Unprivileged users are therefore only allowed to install such filters
37 if no_new_privs is set.
38
39 - By itself, no_new_privs can be used to reduce the attack surface
40 available to an unprivileged user. If everything running with a
41 given uid has no_new_privs set, then that uid will be unable to
42 escalate its privileges by directly attacking setuid, setgid, and
43 fcap-using binaries; it will need to compromise something without the
44 no_new_privs bit set first.
45
46In the future, other potentially dangerous kernel features could become
47available to unprivileged tasks if no_new_privs is set. In principle,
48several options to unshare(2) and clone(2) would be safe when
49no_new_privs is set, and no_new_privs + chroot is considerable less
50dangerous than chroot by itself.
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 930126698a0f..2c9948379469 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -1930,6 +1930,23 @@ The "pte_enc" field provides a value that can OR'ed into the hash
1930PTE's RPN field (ie, it needs to be shifted left by 12 to OR it 1930PTE's RPN field (ie, it needs to be shifted left by 12 to OR it
1931into the hash PTE second double word). 1931into the hash PTE second double word).
1932 1932
19334.75 KVM_IRQFD
1934
1935Capability: KVM_CAP_IRQFD
1936Architectures: x86
1937Type: vm ioctl
1938Parameters: struct kvm_irqfd (in)
1939Returns: 0 on success, -1 on error
1940
1941Allows setting an eventfd to directly trigger a guest interrupt.
1942kvm_irqfd.fd specifies the file descriptor to use as the eventfd and
1943kvm_irqfd.gsi specifies the irqchip pin toggled by this event. When
1944an event is tiggered on the eventfd, an interrupt is injected into
1945the guest using the specified gsi pin. The irqfd is removed using
1946the KVM_IRQFD_FLAG_DEASSIGN flag, specifying both kvm_irqfd.fd
1947and kvm_irqfd.gsi.
1948
1949
19335. The kvm_run structure 19505. The kvm_run structure
1934------------------------ 1951------------------------
1935 1952
diff --git a/MAINTAINERS b/MAINTAINERS
index eb22272b2116..03df1d15ebf3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4654,8 +4654,8 @@ L: netfilter@vger.kernel.org
4654L: coreteam@netfilter.org 4654L: coreteam@netfilter.org
4655W: http://www.netfilter.org/ 4655W: http://www.netfilter.org/
4656W: http://www.iptables.org/ 4656W: http://www.iptables.org/
4657T: git git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-2.6.git 4657T: git git://1984.lsi.us.es/nf
4658T: git git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next-2.6.git 4658T: git git://1984.lsi.us.es/nf-next
4659S: Supported 4659S: Supported
4660F: include/linux/netfilter* 4660F: include/linux/netfilter*
4661F: include/linux/netfilter/ 4661F: include/linux/netfilter/
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 43a31fb06318..36ff15bbfdd4 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -183,7 +183,9 @@ SECTIONS
183 } 183 }
184#endif 184#endif
185 185
186#ifdef CONFIG_SMP
186 PERCPU_SECTION(L1_CACHE_BYTES) 187 PERCPU_SECTION(L1_CACHE_BYTES)
188#endif
187 189
188#ifdef CONFIG_XIP_KERNEL 190#ifdef CONFIG_XIP_KERNEL
189 __data_loc = ALIGN(4); /* location in binary */ 191 __data_loc = ALIGN(4); /* location in binary */
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
index e5dad60b558b..cf4528d51774 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -791,6 +791,79 @@ void __init iotable_init(struct map_desc *io_desc, int nr)
791 } 791 }
792} 792}
793 793
794#ifndef CONFIG_ARM_LPAE
795
796/*
797 * The Linux PMD is made of two consecutive section entries covering 2MB
798 * (see definition in include/asm/pgtable-2level.h). However a call to
799 * create_mapping() may optimize static mappings by using individual
800 * 1MB section mappings. This leaves the actual PMD potentially half
801 * initialized if the top or bottom section entry isn't used, leaving it
802 * open to problems if a subsequent ioremap() or vmalloc() tries to use
803 * the virtual space left free by that unused section entry.
804 *
805 * Let's avoid the issue by inserting dummy vm entries covering the unused
806 * PMD halves once the static mappings are in place.
807 */
808
809static void __init pmd_empty_section_gap(unsigned long addr)
810{
811 struct vm_struct *vm;
812
813 vm = early_alloc_aligned(sizeof(*vm), __alignof__(*vm));
814 vm->addr = (void *)addr;
815 vm->size = SECTION_SIZE;
816 vm->flags = VM_IOREMAP | VM_ARM_STATIC_MAPPING;
817 vm->caller = pmd_empty_section_gap;
818 vm_area_add_early(vm);
819}
820
821static void __init fill_pmd_gaps(void)
822{
823 struct vm_struct *vm;
824 unsigned long addr, next = 0;
825 pmd_t *pmd;
826
827 /* we're still single threaded hence no lock needed here */
828 for (vm = vmlist; vm; vm = vm->next) {
829 if (!(vm->flags & VM_ARM_STATIC_MAPPING))
830 continue;
831 addr = (unsigned long)vm->addr;
832 if (addr < next)
833 continue;
834
835 /*
836 * Check if this vm starts on an odd section boundary.
837 * If so and the first section entry for this PMD is free
838 * then we block the corresponding virtual address.
839 */
840 if ((addr & ~PMD_MASK) == SECTION_SIZE) {
841 pmd = pmd_off_k(addr);
842 if (pmd_none(*pmd))
843 pmd_empty_section_gap(addr & PMD_MASK);
844 }
845
846 /*
847 * Then check if this vm ends on an odd section boundary.
848 * If so and the second section entry for this PMD is empty
849 * then we block the corresponding virtual address.
850 */
851 addr += vm->size;
852 if ((addr & ~PMD_MASK) == SECTION_SIZE) {
853 pmd = pmd_off_k(addr) + 1;
854 if (pmd_none(*pmd))
855 pmd_empty_section_gap(addr);
856 }
857
858 /* no need to look at any vm entry until we hit the next PMD */
859 next = (addr + PMD_SIZE - 1) & PMD_MASK;
860 }
861}
862
863#else
864#define fill_pmd_gaps() do { } while (0)
865#endif
866
794static void * __initdata vmalloc_min = 867static void * __initdata vmalloc_min =
795 (void *)(VMALLOC_END - (240 << 20) - VMALLOC_OFFSET); 868 (void *)(VMALLOC_END - (240 << 20) - VMALLOC_OFFSET);
796 869
@@ -1072,6 +1145,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
1072 */ 1145 */
1073 if (mdesc->map_io) 1146 if (mdesc->map_io)
1074 mdesc->map_io(); 1147 mdesc->map_io();
1148 fill_pmd_gaps();
1075 1149
1076 /* 1150 /*
1077 * Finally flush the caches and tlb to ensure that we're in a 1151 * Finally flush the caches and tlb to ensure that we're in a
diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
index a84aafce2a12..a1044f43becd 100644
--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
@@ -810,7 +810,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_201)
810 lwz r3,VCORE_NAPPING_THREADS(r5) 810 lwz r3,VCORE_NAPPING_THREADS(r5)
811 lwz r4,VCPU_PTID(r9) 811 lwz r4,VCPU_PTID(r9)
812 li r0,1 812 li r0,1
813 sldi r0,r0,r4 813 sld r0,r0,r4
814 andc. r3,r3,r0 /* no sense IPI'ing ourselves */ 814 andc. r3,r3,r0 /* no sense IPI'ing ourselves */
815 beq 43f 815 beq 43f
816 mulli r4,r4,PACA_SIZE /* get paca for thread 0 */ 816 mulli r4,r4,PACA_SIZE /* get paca for thread 0 */
diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
index 0f3ab06d2222..eab3492a45c5 100644
--- a/arch/powerpc/xmon/xmon.c
+++ b/arch/powerpc/xmon/xmon.c
@@ -971,7 +971,7 @@ static int cpu_cmd(void)
971 /* print cpus waiting or in xmon */ 971 /* print cpus waiting or in xmon */
972 printf("cpus stopped:"); 972 printf("cpus stopped:");
973 count = 0; 973 count = 0;
974 for (cpu = 0; cpu < NR_CPUS; ++cpu) { 974 for_each_possible_cpu(cpu) {
975 if (cpumask_test_cpu(cpu, &cpus_in_xmon)) { 975 if (cpumask_test_cpu(cpu, &cpus_in_xmon)) {
976 if (count == 0) 976 if (count == 0)
977 printf(" %x", cpu); 977 printf(" %x", cpu);
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index be3cea4407ff..57e168e27b5b 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3934,6 +3934,9 @@ static void kvm_mmu_remove_some_alloc_mmu_pages(struct kvm *kvm,
3934{ 3934{
3935 struct kvm_mmu_page *page; 3935 struct kvm_mmu_page *page;
3936 3936
3937 if (list_empty(&kvm->arch.active_mmu_pages))
3938 return;
3939
3937 page = container_of(kvm->arch.active_mmu_pages.prev, 3940 page = container_of(kvm->arch.active_mmu_pages.prev,
3938 struct kvm_mmu_page, link); 3941 struct kvm_mmu_page, link);
3939 kvm_mmu_prepare_zap_page(kvm, page, invalid_list); 3942 kvm_mmu_prepare_zap_page(kvm, page, invalid_list);
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
index 02cf6335e9bd..e7dee617358e 100644
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -125,12 +125,8 @@ static struct blkcg_gq *blkg_alloc(struct blkcg *blkcg, struct request_queue *q)
125 125
126 blkg->pd[i] = pd; 126 blkg->pd[i] = pd;
127 pd->blkg = blkg; 127 pd->blkg = blkg;
128 }
129
130 /* invoke per-policy init */
131 for (i = 0; i < BLKCG_MAX_POLS; i++) {
132 struct blkcg_policy *pol = blkcg_policy[i];
133 128
129 /* invoke per-policy init */
134 if (blkcg_policy_enabled(blkg->q, pol)) 130 if (blkcg_policy_enabled(blkg->q, pol))
135 pol->pd_init_fn(blkg); 131 pol->pd_init_fn(blkg);
136 } 132 }
@@ -245,10 +241,9 @@ EXPORT_SYMBOL_GPL(blkg_lookup_create);
245 241
246static void blkg_destroy(struct blkcg_gq *blkg) 242static void blkg_destroy(struct blkcg_gq *blkg)
247{ 243{
248 struct request_queue *q = blkg->q;
249 struct blkcg *blkcg = blkg->blkcg; 244 struct blkcg *blkcg = blkg->blkcg;
250 245
251 lockdep_assert_held(q->queue_lock); 246 lockdep_assert_held(blkg->q->queue_lock);
252 lockdep_assert_held(&blkcg->lock); 247 lockdep_assert_held(&blkcg->lock);
253 248
254 /* Something wrong if we are trying to remove same group twice */ 249 /* Something wrong if we are trying to remove same group twice */
diff --git a/block/blk-core.c b/block/blk-core.c
index 3c923a7aeb56..93eb3e4f88ce 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -361,9 +361,10 @@ EXPORT_SYMBOL(blk_put_queue);
361 */ 361 */
362void blk_drain_queue(struct request_queue *q, bool drain_all) 362void blk_drain_queue(struct request_queue *q, bool drain_all)
363{ 363{
364 int i;
365
364 while (true) { 366 while (true) {
365 bool drain = false; 367 bool drain = false;
366 int i;
367 368
368 spin_lock_irq(q->queue_lock); 369 spin_lock_irq(q->queue_lock);
369 370
@@ -408,6 +409,18 @@ void blk_drain_queue(struct request_queue *q, bool drain_all)
408 break; 409 break;
409 msleep(10); 410 msleep(10);
410 } 411 }
412
413 /*
414 * With queue marked dead, any woken up waiter will fail the
415 * allocation path, so the wakeup chaining is lost and we're
416 * left with hung waiters. We need to wake up those waiters.
417 */
418 if (q->request_fn) {
419 spin_lock_irq(q->queue_lock);
420 for (i = 0; i < ARRAY_SIZE(q->rq.wait); i++)
421 wake_up_all(&q->rq.wait[i]);
422 spin_unlock_irq(q->queue_lock);
423 }
411} 424}
412 425
413/** 426/**
@@ -467,7 +480,6 @@ void blk_cleanup_queue(struct request_queue *q)
467 /* mark @q DEAD, no new request or merges will be allowed afterwards */ 480 /* mark @q DEAD, no new request or merges will be allowed afterwards */
468 mutex_lock(&q->sysfs_lock); 481 mutex_lock(&q->sysfs_lock);
469 queue_flag_set_unlocked(QUEUE_FLAG_DEAD, q); 482 queue_flag_set_unlocked(QUEUE_FLAG_DEAD, q);
470
471 spin_lock_irq(lock); 483 spin_lock_irq(lock);
472 484
473 /* 485 /*
@@ -485,10 +497,6 @@ void blk_cleanup_queue(struct request_queue *q)
485 queue_flag_set(QUEUE_FLAG_NOMERGES, q); 497 queue_flag_set(QUEUE_FLAG_NOMERGES, q);
486 queue_flag_set(QUEUE_FLAG_NOXMERGES, q); 498 queue_flag_set(QUEUE_FLAG_NOXMERGES, q);
487 queue_flag_set(QUEUE_FLAG_DEAD, q); 499 queue_flag_set(QUEUE_FLAG_DEAD, q);
488
489 if (q->queue_lock != &q->__queue_lock)
490 q->queue_lock = &q->__queue_lock;
491
492 spin_unlock_irq(lock); 500 spin_unlock_irq(lock);
493 mutex_unlock(&q->sysfs_lock); 501 mutex_unlock(&q->sysfs_lock);
494 502
@@ -499,6 +507,11 @@ void blk_cleanup_queue(struct request_queue *q)
499 del_timer_sync(&q->backing_dev_info.laptop_mode_wb_timer); 507 del_timer_sync(&q->backing_dev_info.laptop_mode_wb_timer);
500 blk_sync_queue(q); 508 blk_sync_queue(q);
501 509
510 spin_lock_irq(lock);
511 if (q->queue_lock != &q->__queue_lock)
512 q->queue_lock = &q->__queue_lock;
513 spin_unlock_irq(lock);
514
502 /* @q is and will stay empty, shutdown and put */ 515 /* @q is and will stay empty, shutdown and put */
503 blk_put_queue(q); 516 blk_put_queue(q);
504} 517}
diff --git a/block/blk-timeout.c b/block/blk-timeout.c
index 780354888958..6e4744cbfb56 100644
--- a/block/blk-timeout.c
+++ b/block/blk-timeout.c
@@ -197,44 +197,3 @@ void blk_add_timer(struct request *req)
197 mod_timer(&q->timeout, expiry); 197 mod_timer(&q->timeout, expiry);
198} 198}
199 199
200/**
201 * blk_abort_queue -- Abort all request on given queue
202 * @queue: pointer to queue
203 *
204 */
205void blk_abort_queue(struct request_queue *q)
206{
207 unsigned long flags;
208 struct request *rq, *tmp;
209 LIST_HEAD(list);
210
211 /*
212 * Not a request based block device, nothing to abort
213 */
214 if (!q->request_fn)
215 return;
216
217 spin_lock_irqsave(q->queue_lock, flags);
218
219 elv_abort_queue(q);
220
221 /*
222 * Splice entries to local list, to avoid deadlocking if entries
223 * get readded to the timeout list by error handling
224 */
225 list_splice_init(&q->timeout_list, &list);
226
227 list_for_each_entry_safe(rq, tmp, &list, timeout_list)
228 blk_abort_request(rq);
229
230 /*
231 * Occasionally, blk_abort_request() will return without
232 * deleting the element from the list. Make sure we add those back
233 * instead of leaving them on the local stack list.
234 */
235 list_splice(&list, &q->timeout_list);
236
237 spin_unlock_irqrestore(q->queue_lock, flags);
238
239}
240EXPORT_SYMBOL_GPL(blk_abort_queue);
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 673c977cc2bf..fb52df9744f5 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -17,8 +17,6 @@
17#include "blk.h" 17#include "blk.h"
18#include "blk-cgroup.h" 18#include "blk-cgroup.h"
19 19
20static struct blkcg_policy blkcg_policy_cfq __maybe_unused;
21
22/* 20/*
23 * tunables 21 * tunables
24 */ 22 */
@@ -418,11 +416,6 @@ static inline struct cfq_group *pd_to_cfqg(struct blkg_policy_data *pd)
418 return pd ? container_of(pd, struct cfq_group, pd) : NULL; 416 return pd ? container_of(pd, struct cfq_group, pd) : NULL;
419} 417}
420 418
421static inline struct cfq_group *blkg_to_cfqg(struct blkcg_gq *blkg)
422{
423 return pd_to_cfqg(blkg_to_pd(blkg, &blkcg_policy_cfq));
424}
425
426static inline struct blkcg_gq *cfqg_to_blkg(struct cfq_group *cfqg) 419static inline struct blkcg_gq *cfqg_to_blkg(struct cfq_group *cfqg)
427{ 420{
428 return pd_to_blkg(&cfqg->pd); 421 return pd_to_blkg(&cfqg->pd);
@@ -572,6 +565,13 @@ static inline void cfqg_stats_update_avg_queue_size(struct cfq_group *cfqg) { }
572 565
573#ifdef CONFIG_CFQ_GROUP_IOSCHED 566#ifdef CONFIG_CFQ_GROUP_IOSCHED
574 567
568static struct blkcg_policy blkcg_policy_cfq;
569
570static inline struct cfq_group *blkg_to_cfqg(struct blkcg_gq *blkg)
571{
572 return pd_to_cfqg(blkg_to_pd(blkg, &blkcg_policy_cfq));
573}
574
575static inline void cfqg_get(struct cfq_group *cfqg) 575static inline void cfqg_get(struct cfq_group *cfqg)
576{ 576{
577 return blkg_get(cfqg_to_blkg(cfqg)); 577 return blkg_get(cfqg_to_blkg(cfqg));
@@ -3951,10 +3951,11 @@ static void cfq_exit_queue(struct elevator_queue *e)
3951 3951
3952 cfq_shutdown_timer_wq(cfqd); 3952 cfq_shutdown_timer_wq(cfqd);
3953 3953
3954#ifndef CONFIG_CFQ_GROUP_IOSCHED 3954#ifdef CONFIG_CFQ_GROUP_IOSCHED
3955 blkcg_deactivate_policy(q, &blkcg_policy_cfq);
3956#else
3955 kfree(cfqd->root_group); 3957 kfree(cfqd->root_group);
3956#endif 3958#endif
3957 blkcg_deactivate_policy(q, &blkcg_policy_cfq);
3958 kfree(cfqd); 3959 kfree(cfqd);
3959} 3960}
3960 3961
@@ -4194,14 +4195,15 @@ static int __init cfq_init(void)
4194#ifdef CONFIG_CFQ_GROUP_IOSCHED 4195#ifdef CONFIG_CFQ_GROUP_IOSCHED
4195 if (!cfq_group_idle) 4196 if (!cfq_group_idle)
4196 cfq_group_idle = 1; 4197 cfq_group_idle = 1;
4197#else
4198 cfq_group_idle = 0;
4199#endif
4200 4198
4201 ret = blkcg_policy_register(&blkcg_policy_cfq); 4199 ret = blkcg_policy_register(&blkcg_policy_cfq);
4202 if (ret) 4200 if (ret)
4203 return ret; 4201 return ret;
4202#else
4203 cfq_group_idle = 0;
4204#endif
4204 4205
4206 ret = -ENOMEM;
4205 cfq_pool = KMEM_CACHE(cfq_queue, 0); 4207 cfq_pool = KMEM_CACHE(cfq_queue, 0);
4206 if (!cfq_pool) 4208 if (!cfq_pool)
4207 goto err_pol_unreg; 4209 goto err_pol_unreg;
@@ -4215,13 +4217,17 @@ static int __init cfq_init(void)
4215err_free_pool: 4217err_free_pool:
4216 kmem_cache_destroy(cfq_pool); 4218 kmem_cache_destroy(cfq_pool);
4217err_pol_unreg: 4219err_pol_unreg:
4220#ifdef CONFIG_CFQ_GROUP_IOSCHED
4218 blkcg_policy_unregister(&blkcg_policy_cfq); 4221 blkcg_policy_unregister(&blkcg_policy_cfq);
4222#endif
4219 return ret; 4223 return ret;
4220} 4224}
4221 4225
4222static void __exit cfq_exit(void) 4226static void __exit cfq_exit(void)
4223{ 4227{
4228#ifdef CONFIG_CFQ_GROUP_IOSCHED
4224 blkcg_policy_unregister(&blkcg_policy_cfq); 4229 blkcg_policy_unregister(&blkcg_policy_cfq);
4230#endif
4225 elv_unregister(&iosched_cfq); 4231 elv_unregister(&iosched_cfq);
4226 kmem_cache_destroy(cfq_pool); 4232 kmem_cache_destroy(cfq_pool);
4227} 4233}
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 260fa80ef575..9a87daa6f4fb 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -721,11 +721,14 @@ int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
721 break; 721 break;
722 } 722 }
723 723
724 if (capable(CAP_SYS_RAWIO))
725 return 0;
726
724 /* In particular, rule out all resets and host-specific ioctls. */ 727 /* In particular, rule out all resets and host-specific ioctls. */
725 printk_ratelimited(KERN_WARNING 728 printk_ratelimited(KERN_WARNING
726 "%s: sending ioctl %x to a partition!\n", current->comm, cmd); 729 "%s: sending ioctl %x to a partition!\n", current->comm, cmd);
727 730
728 return capable(CAP_SYS_RAWIO) ? 0 : -ENOIOCTLCMD; 731 return -ENOIOCTLCMD;
729} 732}
730EXPORT_SYMBOL(scsi_verify_blk_ioctl); 733EXPORT_SYMBOL(scsi_verify_blk_ioctl);
731 734
diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c
index b5c5ff53cb57..fcb956bb4b4c 100644
--- a/drivers/block/drbd/drbd_bitmap.c
+++ b/drivers/block/drbd/drbd_bitmap.c
@@ -1475,10 +1475,17 @@ void _drbd_bm_set_bits(struct drbd_conf *mdev, const unsigned long s, const unsi
1475 first_word = 0; 1475 first_word = 0;
1476 spin_lock_irq(&b->bm_lock); 1476 spin_lock_irq(&b->bm_lock);
1477 } 1477 }
1478
1479 /* last page (respectively only page, for first page == last page) */ 1478 /* last page (respectively only page, for first page == last page) */
1480 last_word = MLPP(el >> LN2_BPL); 1479 last_word = MLPP(el >> LN2_BPL);
1481 bm_set_full_words_within_one_page(mdev->bitmap, last_page, first_word, last_word); 1480
1481 /* consider bitmap->bm_bits = 32768, bitmap->bm_number_of_pages = 1. (or multiples).
1482 * ==> e = 32767, el = 32768, last_page = 2,
1483 * and now last_word = 0.
1484 * We do not want to touch last_page in this case,
1485 * as we did not allocate it, it is not present in bitmap->bm_pages.
1486 */
1487 if (last_word)
1488 bm_set_full_words_within_one_page(mdev->bitmap, last_page, first_word, last_word);
1482 1489
1483 /* possibly trailing bits. 1490 /* possibly trailing bits.
1484 * example: (e & 63) == 63, el will be e+1. 1491 * example: (e & 63) == 63, el will be e+1.
diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c
index 9c5c84946b05..8e93a6ac9bb6 100644
--- a/drivers/block/drbd/drbd_req.c
+++ b/drivers/block/drbd/drbd_req.c
@@ -472,12 +472,17 @@ int __req_mod(struct drbd_request *req, enum drbd_req_event what,
472 req->rq_state |= RQ_LOCAL_COMPLETED; 472 req->rq_state |= RQ_LOCAL_COMPLETED;
473 req->rq_state &= ~RQ_LOCAL_PENDING; 473 req->rq_state &= ~RQ_LOCAL_PENDING;
474 474
475 D_ASSERT(!(req->rq_state & RQ_NET_MASK)); 475 if (req->rq_state & RQ_LOCAL_ABORTED) {
476 _req_may_be_done(req, m);
477 break;
478 }
476 479
477 __drbd_chk_io_error(mdev, false); 480 __drbd_chk_io_error(mdev, false);
478 481
479 goto_queue_for_net_read: 482 goto_queue_for_net_read:
480 483
484 D_ASSERT(!(req->rq_state & RQ_NET_MASK));
485
481 /* no point in retrying if there is no good remote data, 486 /* no point in retrying if there is no good remote data,
482 * or we have no connection. */ 487 * or we have no connection. */
483 if (mdev->state.pdsk != D_UP_TO_DATE) { 488 if (mdev->state.pdsk != D_UP_TO_DATE) {
@@ -765,6 +770,40 @@ static int drbd_may_do_local_read(struct drbd_conf *mdev, sector_t sector, int s
765 return 0 == drbd_bm_count_bits(mdev, sbnr, ebnr); 770 return 0 == drbd_bm_count_bits(mdev, sbnr, ebnr);
766} 771}
767 772
773static void maybe_pull_ahead(struct drbd_conf *mdev)
774{
775 int congested = 0;
776
777 /* If I don't even have good local storage, we can not reasonably try
778 * to pull ahead of the peer. We also need the local reference to make
779 * sure mdev->act_log is there.
780 * Note: caller has to make sure that net_conf is there.
781 */
782 if (!get_ldev_if_state(mdev, D_UP_TO_DATE))
783 return;
784
785 if (mdev->net_conf->cong_fill &&
786 atomic_read(&mdev->ap_in_flight) >= mdev->net_conf->cong_fill) {
787 dev_info(DEV, "Congestion-fill threshold reached\n");
788 congested = 1;
789 }
790
791 if (mdev->act_log->used >= mdev->net_conf->cong_extents) {
792 dev_info(DEV, "Congestion-extents threshold reached\n");
793 congested = 1;
794 }
795
796 if (congested) {
797 queue_barrier(mdev); /* last barrier, after mirrored writes */
798
799 if (mdev->net_conf->on_congestion == OC_PULL_AHEAD)
800 _drbd_set_state(_NS(mdev, conn, C_AHEAD), 0, NULL);
801 else /*mdev->net_conf->on_congestion == OC_DISCONNECT */
802 _drbd_set_state(_NS(mdev, conn, C_DISCONNECTING), 0, NULL);
803 }
804 put_ldev(mdev);
805}
806
768static int drbd_make_request_common(struct drbd_conf *mdev, struct bio *bio, unsigned long start_time) 807static int drbd_make_request_common(struct drbd_conf *mdev, struct bio *bio, unsigned long start_time)
769{ 808{
770 const int rw = bio_rw(bio); 809 const int rw = bio_rw(bio);
@@ -972,29 +1011,8 @@ allocate_barrier:
972 _req_mod(req, queue_for_send_oos); 1011 _req_mod(req, queue_for_send_oos);
973 1012
974 if (remote && 1013 if (remote &&
975 mdev->net_conf->on_congestion != OC_BLOCK && mdev->agreed_pro_version >= 96) { 1014 mdev->net_conf->on_congestion != OC_BLOCK && mdev->agreed_pro_version >= 96)
976 int congested = 0; 1015 maybe_pull_ahead(mdev);
977
978 if (mdev->net_conf->cong_fill &&
979 atomic_read(&mdev->ap_in_flight) >= mdev->net_conf->cong_fill) {
980 dev_info(DEV, "Congestion-fill threshold reached\n");
981 congested = 1;
982 }
983
984 if (mdev->act_log->used >= mdev->net_conf->cong_extents) {
985 dev_info(DEV, "Congestion-extents threshold reached\n");
986 congested = 1;
987 }
988
989 if (congested) {
990 queue_barrier(mdev); /* last barrier, after mirrored writes */
991
992 if (mdev->net_conf->on_congestion == OC_PULL_AHEAD)
993 _drbd_set_state(_NS(mdev, conn, C_AHEAD), 0, NULL);
994 else /*mdev->net_conf->on_congestion == OC_DISCONNECT */
995 _drbd_set_state(_NS(mdev, conn, C_DISCONNECTING), 0, NULL);
996 }
997 }
998 1016
999 spin_unlock_irq(&mdev->req_lock); 1017 spin_unlock_irq(&mdev->req_lock);
1000 kfree(b); /* if someone else has beaten us to it... */ 1018 kfree(b); /* if someone else has beaten us to it... */
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index cce7df367b79..553f43a90953 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -671,6 +671,7 @@ static void __reschedule_timeout(int drive, const char *message)
671 671
672 if (drive == current_reqD) 672 if (drive == current_reqD)
673 drive = current_drive; 673 drive = current_drive;
674 __cancel_delayed_work(&fd_timeout);
674 675
675 if (drive < 0 || drive >= N_DRIVE) { 676 if (drive < 0 || drive >= N_DRIVE) {
676 delay = 20UL * HZ; 677 delay = 20UL * HZ;
diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index 264bc77dcb91..a8fddeb3d638 100644
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -37,6 +37,7 @@
37#include <linux/kthread.h> 37#include <linux/kthread.h>
38#include <../drivers/ata/ahci.h> 38#include <../drivers/ata/ahci.h>
39#include <linux/export.h> 39#include <linux/export.h>
40#include <linux/debugfs.h>
40#include "mtip32xx.h" 41#include "mtip32xx.h"
41 42
42#define HW_CMD_SLOT_SZ (MTIP_MAX_COMMAND_SLOTS * 32) 43#define HW_CMD_SLOT_SZ (MTIP_MAX_COMMAND_SLOTS * 32)
@@ -85,6 +86,7 @@ static int instance;
85 * allocated in mtip_init(). 86 * allocated in mtip_init().
86 */ 87 */
87static int mtip_major; 88static int mtip_major;
89static struct dentry *dfs_parent;
88 90
89static DEFINE_SPINLOCK(rssd_index_lock); 91static DEFINE_SPINLOCK(rssd_index_lock);
90static DEFINE_IDA(rssd_index_ida); 92static DEFINE_IDA(rssd_index_ida);
@@ -2546,7 +2548,7 @@ static struct scatterlist *mtip_hw_get_scatterlist(struct driver_data *dd,
2546} 2548}
2547 2549
2548/* 2550/*
2549 * Sysfs register/status dump. 2551 * Sysfs status dump.
2550 * 2552 *
2551 * @dev Pointer to the device structure, passed by the kernrel. 2553 * @dev Pointer to the device structure, passed by the kernrel.
2552 * @attr Pointer to the device_attribute structure passed by the kernel. 2554 * @attr Pointer to the device_attribute structure passed by the kernel.
@@ -2555,45 +2557,68 @@ static struct scatterlist *mtip_hw_get_scatterlist(struct driver_data *dd,
2555 * return value 2557 * return value
2556 * The size, in bytes, of the data copied into buf. 2558 * The size, in bytes, of the data copied into buf.
2557 */ 2559 */
2558static ssize_t mtip_hw_show_registers(struct device *dev, 2560static ssize_t mtip_hw_show_status(struct device *dev,
2559 struct device_attribute *attr, 2561 struct device_attribute *attr,
2560 char *buf) 2562 char *buf)
2561{ 2563{
2562 u32 group_allocated;
2563 struct driver_data *dd = dev_to_disk(dev)->private_data; 2564 struct driver_data *dd = dev_to_disk(dev)->private_data;
2564 int size = 0; 2565 int size = 0;
2566
2567 if (test_bit(MTIP_DDF_OVER_TEMP_BIT, &dd->dd_flag))
2568 size += sprintf(buf, "%s", "thermal_shutdown\n");
2569 else if (test_bit(MTIP_DDF_WRITE_PROTECT_BIT, &dd->dd_flag))
2570 size += sprintf(buf, "%s", "write_protect\n");
2571 else
2572 size += sprintf(buf, "%s", "online\n");
2573
2574 return size;
2575}
2576
2577static DEVICE_ATTR(status, S_IRUGO, mtip_hw_show_status, NULL);
2578
2579static ssize_t mtip_hw_read_registers(struct file *f, char __user *ubuf,
2580 size_t len, loff_t *offset)
2581{
2582 struct driver_data *dd = (struct driver_data *)f->private_data;
2583 char buf[MTIP_DFS_MAX_BUF_SIZE];
2584 u32 group_allocated;
2585 int size = *offset;
2565 int n; 2586 int n;
2566 2587
2567 size += sprintf(&buf[size], "Hardware\n--------\n"); 2588 if (!len || size)
2568 size += sprintf(&buf[size], "S ACTive : [ 0x"); 2589 return 0;
2590
2591 if (size < 0)
2592 return -EINVAL;
2593
2594 size += sprintf(&buf[size], "H/ S ACTive : [ 0x");
2569 2595
2570 for (n = dd->slot_groups-1; n >= 0; n--) 2596 for (n = dd->slot_groups-1; n >= 0; n--)
2571 size += sprintf(&buf[size], "%08X ", 2597 size += sprintf(&buf[size], "%08X ",
2572 readl(dd->port->s_active[n])); 2598 readl(dd->port->s_active[n]));
2573 2599
2574 size += sprintf(&buf[size], "]\n"); 2600 size += sprintf(&buf[size], "]\n");
2575 size += sprintf(&buf[size], "Command Issue : [ 0x"); 2601 size += sprintf(&buf[size], "H/ Command Issue : [ 0x");
2576 2602
2577 for (n = dd->slot_groups-1; n >= 0; n--) 2603 for (n = dd->slot_groups-1; n >= 0; n--)
2578 size += sprintf(&buf[size], "%08X ", 2604 size += sprintf(&buf[size], "%08X ",
2579 readl(dd->port->cmd_issue[n])); 2605 readl(dd->port->cmd_issue[n]));
2580 2606
2581 size += sprintf(&buf[size], "]\n"); 2607 size += sprintf(&buf[size], "]\n");
2582 size += sprintf(&buf[size], "Completed : [ 0x"); 2608 size += sprintf(&buf[size], "H/ Completed : [ 0x");
2583 2609
2584 for (n = dd->slot_groups-1; n >= 0; n--) 2610 for (n = dd->slot_groups-1; n >= 0; n--)
2585 size += sprintf(&buf[size], "%08X ", 2611 size += sprintf(&buf[size], "%08X ",
2586 readl(dd->port->completed[n])); 2612 readl(dd->port->completed[n]));
2587 2613
2588 size += sprintf(&buf[size], "]\n"); 2614 size += sprintf(&buf[size], "]\n");
2589 size += sprintf(&buf[size], "PORT IRQ STAT : [ 0x%08X ]\n", 2615 size += sprintf(&buf[size], "H/ PORT IRQ STAT : [ 0x%08X ]\n",
2590 readl(dd->port->mmio + PORT_IRQ_STAT)); 2616 readl(dd->port->mmio + PORT_IRQ_STAT));
2591 size += sprintf(&buf[size], "HOST IRQ STAT : [ 0x%08X ]\n", 2617 size += sprintf(&buf[size], "H/ HOST IRQ STAT : [ 0x%08X ]\n",
2592 readl(dd->mmio + HOST_IRQ_STAT)); 2618 readl(dd->mmio + HOST_IRQ_STAT));
2593 size += sprintf(&buf[size], "\n"); 2619 size += sprintf(&buf[size], "\n");
2594 2620
2595 size += sprintf(&buf[size], "Local\n-----\n"); 2621 size += sprintf(&buf[size], "L/ Allocated : [ 0x");
2596 size += sprintf(&buf[size], "Allocated : [ 0x");
2597 2622
2598 for (n = dd->slot_groups-1; n >= 0; n--) { 2623 for (n = dd->slot_groups-1; n >= 0; n--) {
2599 if (sizeof(long) > sizeof(u32)) 2624 if (sizeof(long) > sizeof(u32))
@@ -2605,7 +2630,7 @@ static ssize_t mtip_hw_show_registers(struct device *dev,
2605 } 2630 }
2606 size += sprintf(&buf[size], "]\n"); 2631 size += sprintf(&buf[size], "]\n");
2607 2632
2608 size += sprintf(&buf[size], "Commands in Q: [ 0x"); 2633 size += sprintf(&buf[size], "L/ Commands in Q : [ 0x");
2609 2634
2610 for (n = dd->slot_groups-1; n >= 0; n--) { 2635 for (n = dd->slot_groups-1; n >= 0; n--) {
2611 if (sizeof(long) > sizeof(u32)) 2636 if (sizeof(long) > sizeof(u32))
@@ -2617,44 +2642,53 @@ static ssize_t mtip_hw_show_registers(struct device *dev,
2617 } 2642 }
2618 size += sprintf(&buf[size], "]\n"); 2643 size += sprintf(&buf[size], "]\n");
2619 2644
2620 return size; 2645 *offset = size <= len ? size : len;
2646 size = copy_to_user(ubuf, buf, *offset);
2647 if (size)
2648 return -EFAULT;
2649
2650 return *offset;
2621} 2651}
2622 2652
2623static ssize_t mtip_hw_show_status(struct device *dev, 2653static ssize_t mtip_hw_read_flags(struct file *f, char __user *ubuf,
2624 struct device_attribute *attr, 2654 size_t len, loff_t *offset)
2625 char *buf)
2626{ 2655{
2627 struct driver_data *dd = dev_to_disk(dev)->private_data; 2656 struct driver_data *dd = (struct driver_data *)f->private_data;
2628 int size = 0; 2657 char buf[MTIP_DFS_MAX_BUF_SIZE];
2658 int size = *offset;
2629 2659
2630 if (test_bit(MTIP_DDF_OVER_TEMP_BIT, &dd->dd_flag)) 2660 if (!len || size)
2631 size += sprintf(buf, "%s", "thermal_shutdown\n"); 2661 return 0;
2632 else if (test_bit(MTIP_DDF_WRITE_PROTECT_BIT, &dd->dd_flag))
2633 size += sprintf(buf, "%s", "write_protect\n");
2634 else
2635 size += sprintf(buf, "%s", "online\n");
2636
2637 return size;
2638}
2639 2662
2640static ssize_t mtip_hw_show_flags(struct device *dev, 2663 if (size < 0)
2641 struct device_attribute *attr, 2664 return -EINVAL;
2642 char *buf)
2643{
2644 struct driver_data *dd = dev_to_disk(dev)->private_data;
2645 int size = 0;
2646 2665
2647 size += sprintf(&buf[size], "Flag in port struct : [ %08lX ]\n", 2666 size += sprintf(&buf[size], "Flag-port : [ %08lX ]\n",
2648 dd->port->flags); 2667 dd->port->flags);
2649 size += sprintf(&buf[size], "Flag in dd struct : [ %08lX ]\n", 2668 size += sprintf(&buf[size], "Flag-dd : [ %08lX ]\n",
2650 dd->dd_flag); 2669 dd->dd_flag);
2651 2670
2652 return size; 2671 *offset = size <= len ? size : len;
2672 size = copy_to_user(ubuf, buf, *offset);
2673 if (size)
2674 return -EFAULT;
2675
2676 return *offset;
2653} 2677}
2654 2678
2655static DEVICE_ATTR(registers, S_IRUGO, mtip_hw_show_registers, NULL); 2679static const struct file_operations mtip_regs_fops = {
2656static DEVICE_ATTR(status, S_IRUGO, mtip_hw_show_status, NULL); 2680 .owner = THIS_MODULE,
2657static DEVICE_ATTR(flags, S_IRUGO, mtip_hw_show_flags, NULL); 2681 .open = simple_open,
2682 .read = mtip_hw_read_registers,
2683 .llseek = no_llseek,
2684};
2685
2686static const struct file_operations mtip_flags_fops = {
2687 .owner = THIS_MODULE,
2688 .open = simple_open,
2689 .read = mtip_hw_read_flags,
2690 .llseek = no_llseek,
2691};
2658 2692
2659/* 2693/*
2660 * Create the sysfs related attributes. 2694 * Create the sysfs related attributes.
@@ -2671,15 +2705,9 @@ static int mtip_hw_sysfs_init(struct driver_data *dd, struct kobject *kobj)
2671 if (!kobj || !dd) 2705 if (!kobj || !dd)
2672 return -EINVAL; 2706 return -EINVAL;
2673 2707
2674 if (sysfs_create_file(kobj, &dev_attr_registers.attr))
2675 dev_warn(&dd->pdev->dev,
2676 "Error creating 'registers' sysfs entry\n");
2677 if (sysfs_create_file(kobj, &dev_attr_status.attr)) 2708 if (sysfs_create_file(kobj, &dev_attr_status.attr))
2678 dev_warn(&dd->pdev->dev, 2709 dev_warn(&dd->pdev->dev,
2679 "Error creating 'status' sysfs entry\n"); 2710 "Error creating 'status' sysfs entry\n");
2680 if (sysfs_create_file(kobj, &dev_attr_flags.attr))
2681 dev_warn(&dd->pdev->dev,
2682 "Error creating 'flags' sysfs entry\n");
2683 return 0; 2711 return 0;
2684} 2712}
2685 2713
@@ -2698,13 +2726,39 @@ static int mtip_hw_sysfs_exit(struct driver_data *dd, struct kobject *kobj)
2698 if (!kobj || !dd) 2726 if (!kobj || !dd)
2699 return -EINVAL; 2727 return -EINVAL;
2700 2728
2701 sysfs_remove_file(kobj, &dev_attr_registers.attr);
2702 sysfs_remove_file(kobj, &dev_attr_status.attr); 2729 sysfs_remove_file(kobj, &dev_attr_status.attr);
2703 sysfs_remove_file(kobj, &dev_attr_flags.attr);
2704 2730
2705 return 0; 2731 return 0;
2706} 2732}
2707 2733
2734static int mtip_hw_debugfs_init(struct driver_data *dd)
2735{
2736 if (!dfs_parent)
2737 return -1;
2738
2739 dd->dfs_node = debugfs_create_dir(dd->disk->disk_name, dfs_parent);
2740 if (IS_ERR_OR_NULL(dd->dfs_node)) {
2741 dev_warn(&dd->pdev->dev,
2742 "Error creating node %s under debugfs\n",
2743 dd->disk->disk_name);
2744 dd->dfs_node = NULL;
2745 return -1;
2746 }
2747
2748 debugfs_create_file("flags", S_IRUGO, dd->dfs_node, dd,
2749 &mtip_flags_fops);
2750 debugfs_create_file("registers", S_IRUGO, dd->dfs_node, dd,
2751 &mtip_regs_fops);
2752
2753 return 0;
2754}
2755
2756static void mtip_hw_debugfs_exit(struct driver_data *dd)
2757{
2758 debugfs_remove_recursive(dd->dfs_node);
2759}
2760
2761
2708/* 2762/*
2709 * Perform any init/resume time hardware setup 2763 * Perform any init/resume time hardware setup
2710 * 2764 *
@@ -3730,6 +3784,7 @@ skip_create_disk:
3730 mtip_hw_sysfs_init(dd, kobj); 3784 mtip_hw_sysfs_init(dd, kobj);
3731 kobject_put(kobj); 3785 kobject_put(kobj);
3732 } 3786 }
3787 mtip_hw_debugfs_init(dd);
3733 3788
3734 if (dd->mtip_svc_handler) { 3789 if (dd->mtip_svc_handler) {
3735 set_bit(MTIP_DDF_INIT_DONE_BIT, &dd->dd_flag); 3790 set_bit(MTIP_DDF_INIT_DONE_BIT, &dd->dd_flag);
@@ -3755,6 +3810,8 @@ start_service_thread:
3755 return rv; 3810 return rv;
3756 3811
3757kthread_run_error: 3812kthread_run_error:
3813 mtip_hw_debugfs_exit(dd);
3814
3758 /* Delete our gendisk. This also removes the device from /dev */ 3815 /* Delete our gendisk. This also removes the device from /dev */
3759 del_gendisk(dd->disk); 3816 del_gendisk(dd->disk);
3760 3817
@@ -3805,6 +3862,7 @@ static int mtip_block_remove(struct driver_data *dd)
3805 kobject_put(kobj); 3862 kobject_put(kobj);
3806 } 3863 }
3807 } 3864 }
3865 mtip_hw_debugfs_exit(dd);
3808 3866
3809 /* 3867 /*
3810 * Delete our gendisk structure. This also removes the device 3868 * Delete our gendisk structure. This also removes the device
@@ -4152,10 +4210,20 @@ static int __init mtip_init(void)
4152 } 4210 }
4153 mtip_major = error; 4211 mtip_major = error;
4154 4212
4213 if (!dfs_parent) {
4214 dfs_parent = debugfs_create_dir("rssd", NULL);
4215 if (IS_ERR_OR_NULL(dfs_parent)) {
4216 printk(KERN_WARNING "Error creating debugfs parent\n");
4217 dfs_parent = NULL;
4218 }
4219 }
4220
4155 /* Register our PCI operations. */ 4221 /* Register our PCI operations. */
4156 error = pci_register_driver(&mtip_pci_driver); 4222 error = pci_register_driver(&mtip_pci_driver);
4157 if (error) 4223 if (error) {
4224 debugfs_remove(dfs_parent);
4158 unregister_blkdev(mtip_major, MTIP_DRV_NAME); 4225 unregister_blkdev(mtip_major, MTIP_DRV_NAME);
4226 }
4159 4227
4160 return error; 4228 return error;
4161} 4229}
@@ -4172,6 +4240,8 @@ static int __init mtip_init(void)
4172 */ 4240 */
4173static void __exit mtip_exit(void) 4241static void __exit mtip_exit(void)
4174{ 4242{
4243 debugfs_remove_recursive(dfs_parent);
4244
4175 /* Release the allocated major block device number. */ 4245 /* Release the allocated major block device number. */
4176 unregister_blkdev(mtip_major, MTIP_DRV_NAME); 4246 unregister_blkdev(mtip_major, MTIP_DRV_NAME);
4177 4247
diff --git a/drivers/block/mtip32xx/mtip32xx.h b/drivers/block/mtip32xx/mtip32xx.h
index b2c88da26b2a..f51fc23d17bb 100644
--- a/drivers/block/mtip32xx/mtip32xx.h
+++ b/drivers/block/mtip32xx/mtip32xx.h
@@ -26,7 +26,6 @@
26#include <linux/ata.h> 26#include <linux/ata.h>
27#include <linux/interrupt.h> 27#include <linux/interrupt.h>
28#include <linux/genhd.h> 28#include <linux/genhd.h>
29#include <linux/version.h>
30 29
31/* Offset of Subsystem Device ID in pci confoguration space */ 30/* Offset of Subsystem Device ID in pci confoguration space */
32#define PCI_SUBSYSTEM_DEVICEID 0x2E 31#define PCI_SUBSYSTEM_DEVICEID 0x2E
@@ -111,6 +110,8 @@
111 #define dbg_printk(format, arg...) 110 #define dbg_printk(format, arg...)
112#endif 111#endif
113 112
113#define MTIP_DFS_MAX_BUF_SIZE 1024
114
114#define __force_bit2int (unsigned int __force) 115#define __force_bit2int (unsigned int __force)
115 116
116enum { 117enum {
@@ -447,6 +448,8 @@ struct driver_data {
447 unsigned long dd_flag; /* NOTE: use atomic bit operations on this */ 448 unsigned long dd_flag; /* NOTE: use atomic bit operations on this */
448 449
449 struct task_struct *mtip_svc_handler; /* task_struct of svc thd */ 450 struct task_struct *mtip_svc_handler; /* task_struct of svc thd */
451
452 struct dentry *dfs_node;
450}; 453};
451 454
452#endif 455#endif
diff --git a/drivers/block/umem.c b/drivers/block/umem.c
index aa2712060bfb..9a72277a31df 100644
--- a/drivers/block/umem.c
+++ b/drivers/block/umem.c
@@ -513,6 +513,44 @@ static void process_page(unsigned long data)
513 } 513 }
514} 514}
515 515
516struct mm_plug_cb {
517 struct blk_plug_cb cb;
518 struct cardinfo *card;
519};
520
521static void mm_unplug(struct blk_plug_cb *cb)
522{
523 struct mm_plug_cb *mmcb = container_of(cb, struct mm_plug_cb, cb);
524
525 spin_lock_irq(&mmcb->card->lock);
526 activate(mmcb->card);
527 spin_unlock_irq(&mmcb->card->lock);
528 kfree(mmcb);
529}
530
531static int mm_check_plugged(struct cardinfo *card)
532{
533 struct blk_plug *plug = current->plug;
534 struct mm_plug_cb *mmcb;
535
536 if (!plug)
537 return 0;
538
539 list_for_each_entry(mmcb, &plug->cb_list, cb.list) {
540 if (mmcb->cb.callback == mm_unplug && mmcb->card == card)
541 return 1;
542 }
543 /* Not currently on the callback list */
544 mmcb = kmalloc(sizeof(*mmcb), GFP_ATOMIC);
545 if (!mmcb)
546 return 0;
547
548 mmcb->card = card;
549 mmcb->cb.callback = mm_unplug;
550 list_add(&mmcb->cb.list, &plug->cb_list);
551 return 1;
552}
553
516static void mm_make_request(struct request_queue *q, struct bio *bio) 554static void mm_make_request(struct request_queue *q, struct bio *bio)
517{ 555{
518 struct cardinfo *card = q->queuedata; 556 struct cardinfo *card = q->queuedata;
@@ -523,6 +561,8 @@ static void mm_make_request(struct request_queue *q, struct bio *bio)
523 *card->biotail = bio; 561 *card->biotail = bio;
524 bio->bi_next = NULL; 562 bio->bi_next = NULL;
525 card->biotail = &bio->bi_next; 563 card->biotail = &bio->bi_next;
564 if (bio->bi_rw & REQ_SYNC || !mm_check_plugged(card))
565 activate(card);
526 spin_unlock_irq(&card->lock); 566 spin_unlock_irq(&card->lock);
527 567
528 return; 568 return;
diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h
index 773cf27dc23f..9ad3b5ec1dc1 100644
--- a/drivers/block/xen-blkback/common.h
+++ b/drivers/block/xen-blkback/common.h
@@ -257,6 +257,7 @@ static inline void blkif_get_x86_32_req(struct blkif_request *dst,
257 break; 257 break;
258 case BLKIF_OP_DISCARD: 258 case BLKIF_OP_DISCARD:
259 dst->u.discard.flag = src->u.discard.flag; 259 dst->u.discard.flag = src->u.discard.flag;
260 dst->u.discard.id = src->u.discard.id;
260 dst->u.discard.sector_number = src->u.discard.sector_number; 261 dst->u.discard.sector_number = src->u.discard.sector_number;
261 dst->u.discard.nr_sectors = src->u.discard.nr_sectors; 262 dst->u.discard.nr_sectors = src->u.discard.nr_sectors;
262 break; 263 break;
@@ -287,6 +288,7 @@ static inline void blkif_get_x86_64_req(struct blkif_request *dst,
287 break; 288 break;
288 case BLKIF_OP_DISCARD: 289 case BLKIF_OP_DISCARD:
289 dst->u.discard.flag = src->u.discard.flag; 290 dst->u.discard.flag = src->u.discard.flag;
291 dst->u.discard.id = src->u.discard.id;
290 dst->u.discard.sector_number = src->u.discard.sector_number; 292 dst->u.discard.sector_number = src->u.discard.sector_number;
291 dst->u.discard.nr_sectors = src->u.discard.nr_sectors; 293 dst->u.discard.nr_sectors = src->u.discard.nr_sectors;
292 break; 294 break;
diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
index 60eed4bdd2e4..e4fb3374dcd2 100644
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -141,14 +141,36 @@ static int get_id_from_freelist(struct blkfront_info *info)
141 return free; 141 return free;
142} 142}
143 143
144static void add_id_to_freelist(struct blkfront_info *info, 144static int add_id_to_freelist(struct blkfront_info *info,
145 unsigned long id) 145 unsigned long id)
146{ 146{
147 if (info->shadow[id].req.u.rw.id != id)
148 return -EINVAL;
149 if (info->shadow[id].request == NULL)
150 return -EINVAL;
147 info->shadow[id].req.u.rw.id = info->shadow_free; 151 info->shadow[id].req.u.rw.id = info->shadow_free;
148 info->shadow[id].request = NULL; 152 info->shadow[id].request = NULL;
149 info->shadow_free = id; 153 info->shadow_free = id;
154 return 0;
150} 155}
151 156
157static const char *op_name(int op)
158{
159 static const char *const names[] = {
160 [BLKIF_OP_READ] = "read",
161 [BLKIF_OP_WRITE] = "write",
162 [BLKIF_OP_WRITE_BARRIER] = "barrier",
163 [BLKIF_OP_FLUSH_DISKCACHE] = "flush",
164 [BLKIF_OP_DISCARD] = "discard" };
165
166 if (op < 0 || op >= ARRAY_SIZE(names))
167 return "unknown";
168
169 if (!names[op])
170 return "reserved";
171
172 return names[op];
173}
152static int xlbd_reserve_minors(unsigned int minor, unsigned int nr) 174static int xlbd_reserve_minors(unsigned int minor, unsigned int nr)
153{ 175{
154 unsigned int end = minor + nr; 176 unsigned int end = minor + nr;
@@ -746,20 +768,36 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id)
746 768
747 bret = RING_GET_RESPONSE(&info->ring, i); 769 bret = RING_GET_RESPONSE(&info->ring, i);
748 id = bret->id; 770 id = bret->id;
771 /*
772 * The backend has messed up and given us an id that we would
773 * never have given to it (we stamp it up to BLK_RING_SIZE -
774 * look in get_id_from_freelist.
775 */
776 if (id >= BLK_RING_SIZE) {
777 WARN(1, "%s: response to %s has incorrect id (%ld)\n",
778 info->gd->disk_name, op_name(bret->operation), id);
779 /* We can't safely get the 'struct request' as
780 * the id is busted. */
781 continue;
782 }
749 req = info->shadow[id].request; 783 req = info->shadow[id].request;
750 784
751 if (bret->operation != BLKIF_OP_DISCARD) 785 if (bret->operation != BLKIF_OP_DISCARD)
752 blkif_completion(&info->shadow[id]); 786 blkif_completion(&info->shadow[id]);
753 787
754 add_id_to_freelist(info, id); 788 if (add_id_to_freelist(info, id)) {
789 WARN(1, "%s: response to %s (id %ld) couldn't be recycled!\n",
790 info->gd->disk_name, op_name(bret->operation), id);
791 continue;
792 }
755 793
756 error = (bret->status == BLKIF_RSP_OKAY) ? 0 : -EIO; 794 error = (bret->status == BLKIF_RSP_OKAY) ? 0 : -EIO;
757 switch (bret->operation) { 795 switch (bret->operation) {
758 case BLKIF_OP_DISCARD: 796 case BLKIF_OP_DISCARD:
759 if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) { 797 if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) {
760 struct request_queue *rq = info->rq; 798 struct request_queue *rq = info->rq;
761 printk(KERN_WARNING "blkfront: %s: discard op failed\n", 799 printk(KERN_WARNING "blkfront: %s: %s op failed\n",
762 info->gd->disk_name); 800 info->gd->disk_name, op_name(bret->operation));
763 error = -EOPNOTSUPP; 801 error = -EOPNOTSUPP;
764 info->feature_discard = 0; 802 info->feature_discard = 0;
765 info->feature_secdiscard = 0; 803 info->feature_secdiscard = 0;
@@ -771,18 +809,14 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id)
771 case BLKIF_OP_FLUSH_DISKCACHE: 809 case BLKIF_OP_FLUSH_DISKCACHE:
772 case BLKIF_OP_WRITE_BARRIER: 810 case BLKIF_OP_WRITE_BARRIER:
773 if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) { 811 if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) {
774 printk(KERN_WARNING "blkfront: %s: write %s op failed\n", 812 printk(KERN_WARNING "blkfront: %s: %s op failed\n",
775 info->flush_op == BLKIF_OP_WRITE_BARRIER ? 813 info->gd->disk_name, op_name(bret->operation));
776 "barrier" : "flush disk cache",
777 info->gd->disk_name);
778 error = -EOPNOTSUPP; 814 error = -EOPNOTSUPP;
779 } 815 }
780 if (unlikely(bret->status == BLKIF_RSP_ERROR && 816 if (unlikely(bret->status == BLKIF_RSP_ERROR &&
781 info->shadow[id].req.u.rw.nr_segments == 0)) { 817 info->shadow[id].req.u.rw.nr_segments == 0)) {
782 printk(KERN_WARNING "blkfront: %s: empty write %s op failed\n", 818 printk(KERN_WARNING "blkfront: %s: empty %s op failed\n",
783 info->flush_op == BLKIF_OP_WRITE_BARRIER ? 819 info->gd->disk_name, op_name(bret->operation));
784 "barrier" : "flush disk cache",
785 info->gd->disk_name);
786 error = -EOPNOTSUPP; 820 error = -EOPNOTSUPP;
787 } 821 }
788 if (unlikely(error)) { 822 if (unlikely(error)) {
diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
index dcbe05616090..9a1eb0cfa95f 100644
--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -1067,26 +1067,24 @@ static int __clk_set_parent(struct clk *clk, struct clk *parent)
1067 1067
1068 old_parent = clk->parent; 1068 old_parent = clk->parent;
1069 1069
1070 /* find index of new parent clock using cached parent ptrs */ 1070 if (!clk->parents)
1071 if (clk->parents)
1072 for (i = 0; i < clk->num_parents; i++)
1073 if (clk->parents[i] == parent)
1074 break;
1075 else
1076 clk->parents = kzalloc((sizeof(struct clk*) * clk->num_parents), 1071 clk->parents = kzalloc((sizeof(struct clk*) * clk->num_parents),
1077 GFP_KERNEL); 1072 GFP_KERNEL);
1078 1073
1079 /* 1074 /*
1080 * find index of new parent clock using string name comparison 1075 * find index of new parent clock using cached parent ptrs,
1081 * also try to cache the parent to avoid future calls to __clk_lookup 1076 * or if not yet cached, use string name comparison and cache
1077 * them now to avoid future calls to __clk_lookup.
1082 */ 1078 */
1083 if (i == clk->num_parents) 1079 for (i = 0; i < clk->num_parents; i++) {
1084 for (i = 0; i < clk->num_parents; i++) 1080 if (clk->parents && clk->parents[i] == parent)
1085 if (!strcmp(clk->parent_names[i], parent->name)) { 1081 break;
1086 if (clk->parents) 1082 else if (!strcmp(clk->parent_names[i], parent->name)) {
1087 clk->parents[i] = __clk_lookup(parent->name); 1083 if (clk->parents)
1088 break; 1084 clk->parents[i] = __clk_lookup(parent->name);
1089 } 1085 break;
1086 }
1087 }
1090 1088
1091 if (i == clk->num_parents) { 1089 if (i == clk->num_parents) {
1092 pr_debug("%s: clock %s is not a possible parent of clock %s\n", 1090 pr_debug("%s: clock %s is not a possible parent of clock %s\n",
diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
index 5873e481e5d2..a8743c399e83 100644
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -1039,6 +1039,24 @@ mode_in_range(const struct drm_display_mode *mode, struct edid *edid,
1039 return true; 1039 return true;
1040} 1040}
1041 1041
1042static bool valid_inferred_mode(const struct drm_connector *connector,
1043 const struct drm_display_mode *mode)
1044{
1045 struct drm_display_mode *m;
1046 bool ok = false;
1047
1048 list_for_each_entry(m, &connector->probed_modes, head) {
1049 if (mode->hdisplay == m->hdisplay &&
1050 mode->vdisplay == m->vdisplay &&
1051 drm_mode_vrefresh(mode) == drm_mode_vrefresh(m))
1052 return false; /* duplicated */
1053 if (mode->hdisplay <= m->hdisplay &&
1054 mode->vdisplay <= m->vdisplay)
1055 ok = true;
1056 }
1057 return ok;
1058}
1059
1042static int 1060static int
1043drm_dmt_modes_for_range(struct drm_connector *connector, struct edid *edid, 1061drm_dmt_modes_for_range(struct drm_connector *connector, struct edid *edid,
1044 struct detailed_timing *timing) 1062 struct detailed_timing *timing)
@@ -1048,7 +1066,8 @@ drm_dmt_modes_for_range(struct drm_connector *connector, struct edid *edid,
1048 struct drm_device *dev = connector->dev; 1066 struct drm_device *dev = connector->dev;
1049 1067
1050 for (i = 0; i < drm_num_dmt_modes; i++) { 1068 for (i = 0; i < drm_num_dmt_modes; i++) {
1051 if (mode_in_range(drm_dmt_modes + i, edid, timing)) { 1069 if (mode_in_range(drm_dmt_modes + i, edid, timing) &&
1070 valid_inferred_mode(connector, drm_dmt_modes + i)) {
1052 newmode = drm_mode_duplicate(dev, &drm_dmt_modes[i]); 1071 newmode = drm_mode_duplicate(dev, &drm_dmt_modes[i]);
1053 if (newmode) { 1072 if (newmode) {
1054 drm_mode_probed_add(connector, newmode); 1073 drm_mode_probed_add(connector, newmode);
@@ -1088,7 +1107,8 @@ drm_gtf_modes_for_range(struct drm_connector *connector, struct edid *edid,
1088 return modes; 1107 return modes;
1089 1108
1090 fixup_mode_1366x768(newmode); 1109 fixup_mode_1366x768(newmode);
1091 if (!mode_in_range(newmode, edid, timing)) { 1110 if (!mode_in_range(newmode, edid, timing) ||
1111 !valid_inferred_mode(connector, newmode)) {
1092 drm_mode_destroy(dev, newmode); 1112 drm_mode_destroy(dev, newmode);
1093 continue; 1113 continue;
1094 } 1114 }
@@ -1116,7 +1136,8 @@ drm_cvt_modes_for_range(struct drm_connector *connector, struct edid *edid,
1116 return modes; 1136 return modes;
1117 1137
1118 fixup_mode_1366x768(newmode); 1138 fixup_mode_1366x768(newmode);
1119 if (!mode_in_range(newmode, edid, timing)) { 1139 if (!mode_in_range(newmode, edid, timing) ||
1140 !valid_inferred_mode(connector, newmode)) {
1120 drm_mode_destroy(dev, newmode); 1141 drm_mode_destroy(dev, newmode);
1121 continue; 1142 continue;
1122 } 1143 }
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
index f94792626b94..36822b924eb1 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -1401,6 +1401,27 @@ i915_mtrr_setup(struct drm_i915_private *dev_priv, unsigned long base,
1401 } 1401 }
1402} 1402}
1403 1403
1404static void i915_kick_out_firmware_fb(struct drm_i915_private *dev_priv)
1405{
1406 struct apertures_struct *ap;
1407 struct pci_dev *pdev = dev_priv->dev->pdev;
1408 bool primary;
1409
1410 ap = alloc_apertures(1);
1411 if (!ap)
1412 return;
1413
1414 ap->ranges[0].base = dev_priv->dev->agp->base;
1415 ap->ranges[0].size =
1416 dev_priv->mm.gtt->gtt_mappable_entries << PAGE_SHIFT;
1417 primary =
1418 pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW;
1419
1420 remove_conflicting_framebuffers(ap, "inteldrmfb", primary);
1421
1422 kfree(ap);
1423}
1424
1404/** 1425/**
1405 * i915_driver_load - setup chip and create an initial config 1426 * i915_driver_load - setup chip and create an initial config
1406 * @dev: DRM device 1427 * @dev: DRM device
@@ -1446,6 +1467,15 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
1446 goto free_priv; 1467 goto free_priv;
1447 } 1468 }
1448 1469
1470 dev_priv->mm.gtt = intel_gtt_get();
1471 if (!dev_priv->mm.gtt) {
1472 DRM_ERROR("Failed to initialize GTT\n");
1473 ret = -ENODEV;
1474 goto put_bridge;
1475 }
1476
1477 i915_kick_out_firmware_fb(dev_priv);
1478
1449 pci_set_master(dev->pdev); 1479 pci_set_master(dev->pdev);
1450 1480
1451 /* overlay on gen2 is broken and can't address above 1G */ 1481 /* overlay on gen2 is broken and can't address above 1G */
@@ -1471,13 +1501,6 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
1471 goto put_bridge; 1501 goto put_bridge;
1472 } 1502 }
1473 1503
1474 dev_priv->mm.gtt = intel_gtt_get();
1475 if (!dev_priv->mm.gtt) {
1476 DRM_ERROR("Failed to initialize GTT\n");
1477 ret = -ENODEV;
1478 goto out_rmmap;
1479 }
1480
1481 aperture_size = dev_priv->mm.gtt->gtt_mappable_entries << PAGE_SHIFT; 1504 aperture_size = dev_priv->mm.gtt->gtt_mappable_entries << PAGE_SHIFT;
1482 1505
1483 dev_priv->mm.gtt_mapping = 1506 dev_priv->mm.gtt_mapping =
diff --git a/drivers/gpu/drm/radeon/radeon_gart.c b/drivers/gpu/drm/radeon/radeon_gart.c
index 59d44937dd9f..84b648a7ddd8 100644
--- a/drivers/gpu/drm/radeon/radeon_gart.c
+++ b/drivers/gpu/drm/radeon/radeon_gart.c
@@ -289,8 +289,9 @@ int radeon_vm_manager_init(struct radeon_device *rdev)
289 rdev->vm_manager.enabled = false; 289 rdev->vm_manager.enabled = false;
290 290
291 /* mark first vm as always in use, it's the system one */ 291 /* mark first vm as always in use, it's the system one */
292 /* allocate enough for 2 full VM pts */
292 r = radeon_sa_bo_manager_init(rdev, &rdev->vm_manager.sa_manager, 293 r = radeon_sa_bo_manager_init(rdev, &rdev->vm_manager.sa_manager,
293 rdev->vm_manager.max_pfn * 8, 294 rdev->vm_manager.max_pfn * 8 * 2,
294 RADEON_GEM_DOMAIN_VRAM); 295 RADEON_GEM_DOMAIN_VRAM);
295 if (r) { 296 if (r) {
296 dev_err(rdev->dev, "failed to allocate vm bo (%dKB)\n", 297 dev_err(rdev->dev, "failed to allocate vm bo (%dKB)\n",
@@ -633,7 +634,15 @@ int radeon_vm_init(struct radeon_device *rdev, struct radeon_vm *vm)
633 mutex_init(&vm->mutex); 634 mutex_init(&vm->mutex);
634 INIT_LIST_HEAD(&vm->list); 635 INIT_LIST_HEAD(&vm->list);
635 INIT_LIST_HEAD(&vm->va); 636 INIT_LIST_HEAD(&vm->va);
636 vm->last_pfn = 0; 637 /* SI requires equal sized PTs for all VMs, so always set
638 * last_pfn to max_pfn. cayman allows variable sized
639 * pts so we can grow then as needed. Once we switch
640 * to two level pts we can unify this again.
641 */
642 if (rdev->family >= CHIP_TAHITI)
643 vm->last_pfn = rdev->vm_manager.max_pfn;
644 else
645 vm->last_pfn = 0;
637 /* map the ib pool buffer at 0 in virtual address space, set 646 /* map the ib pool buffer at 0 in virtual address space, set
638 * read only 647 * read only
639 */ 648 */
diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
index f28bd4b7ef98..21ec9f5653ce 100644
--- a/drivers/gpu/drm/radeon/radeon_gem.c
+++ b/drivers/gpu/drm/radeon/radeon_gem.c
@@ -292,6 +292,7 @@ int radeon_gem_mmap_ioctl(struct drm_device *dev, void *data,
292int radeon_gem_busy_ioctl(struct drm_device *dev, void *data, 292int radeon_gem_busy_ioctl(struct drm_device *dev, void *data,
293 struct drm_file *filp) 293 struct drm_file *filp)
294{ 294{
295 struct radeon_device *rdev = dev->dev_private;
295 struct drm_radeon_gem_busy *args = data; 296 struct drm_radeon_gem_busy *args = data;
296 struct drm_gem_object *gobj; 297 struct drm_gem_object *gobj;
297 struct radeon_bo *robj; 298 struct radeon_bo *robj;
@@ -317,13 +318,14 @@ int radeon_gem_busy_ioctl(struct drm_device *dev, void *data,
317 break; 318 break;
318 } 319 }
319 drm_gem_object_unreference_unlocked(gobj); 320 drm_gem_object_unreference_unlocked(gobj);
320 r = radeon_gem_handle_lockup(robj->rdev, r); 321 r = radeon_gem_handle_lockup(rdev, r);
321 return r; 322 return r;
322} 323}
323 324
324int radeon_gem_wait_idle_ioctl(struct drm_device *dev, void *data, 325int radeon_gem_wait_idle_ioctl(struct drm_device *dev, void *data,
325 struct drm_file *filp) 326 struct drm_file *filp)
326{ 327{
328 struct radeon_device *rdev = dev->dev_private;
327 struct drm_radeon_gem_wait_idle *args = data; 329 struct drm_radeon_gem_wait_idle *args = data;
328 struct drm_gem_object *gobj; 330 struct drm_gem_object *gobj;
329 struct radeon_bo *robj; 331 struct radeon_bo *robj;
@@ -336,10 +338,10 @@ int radeon_gem_wait_idle_ioctl(struct drm_device *dev, void *data,
336 robj = gem_to_radeon_bo(gobj); 338 robj = gem_to_radeon_bo(gobj);
337 r = radeon_bo_wait(robj, NULL, false); 339 r = radeon_bo_wait(robj, NULL, false);
338 /* callback hw specific functions if any */ 340 /* callback hw specific functions if any */
339 if (robj->rdev->asic->ioctl_wait_idle) 341 if (rdev->asic->ioctl_wait_idle)
340 robj->rdev->asic->ioctl_wait_idle(robj->rdev, robj); 342 robj->rdev->asic->ioctl_wait_idle(rdev, robj);
341 drm_gem_object_unreference_unlocked(gobj); 343 drm_gem_object_unreference_unlocked(gobj);
342 r = radeon_gem_handle_lockup(robj->rdev, r); 344 r = radeon_gem_handle_lockup(rdev, r);
343 return r; 345 return r;
344} 346}
345 347
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index c7b61f16ecfd..0b0279291a73 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -2365,12 +2365,12 @@ int si_pcie_gart_enable(struct radeon_device *rdev)
2365 WREG32(0x15DC, 0); 2365 WREG32(0x15DC, 0);
2366 2366
2367 /* empty context1-15 */ 2367 /* empty context1-15 */
2368 /* FIXME start with 1G, once using 2 level pt switch to full 2368 /* FIXME start with 4G, once using 2 level pt switch to full
2369 * vm size space 2369 * vm size space
2370 */ 2370 */
2371 /* set vm size, must be a multiple of 4 */ 2371 /* set vm size, must be a multiple of 4 */
2372 WREG32(VM_CONTEXT1_PAGE_TABLE_START_ADDR, 0); 2372 WREG32(VM_CONTEXT1_PAGE_TABLE_START_ADDR, 0);
2373 WREG32(VM_CONTEXT1_PAGE_TABLE_END_ADDR, (1 << 30) / RADEON_GPU_PAGE_SIZE); 2373 WREG32(VM_CONTEXT1_PAGE_TABLE_END_ADDR, rdev->vm_manager.max_pfn);
2374 for (i = 1; i < 16; i++) { 2374 for (i = 1; i < 16; i++) {
2375 if (i < 8) 2375 if (i < 8)
2376 WREG32(VM_CONTEXT0_PAGE_TABLE_BASE_ADDR + (i << 2), 2376 WREG32(VM_CONTEXT0_PAGE_TABLE_BASE_ADDR + (i << 2),
diff --git a/drivers/leds/ledtrig-heartbeat.c b/drivers/leds/ledtrig-heartbeat.c
index 41dc76db4311..a019fbb70880 100644
--- a/drivers/leds/ledtrig-heartbeat.c
+++ b/drivers/leds/ledtrig-heartbeat.c
@@ -21,6 +21,8 @@
21#include <linux/reboot.h> 21#include <linux/reboot.h>
22#include "leds.h" 22#include "leds.h"
23 23
24static int panic_heartbeats;
25
24struct heartbeat_trig_data { 26struct heartbeat_trig_data {
25 unsigned int phase; 27 unsigned int phase;
26 unsigned int period; 28 unsigned int period;
@@ -34,6 +36,11 @@ static void led_heartbeat_function(unsigned long data)
34 unsigned long brightness = LED_OFF; 36 unsigned long brightness = LED_OFF;
35 unsigned long delay = 0; 37 unsigned long delay = 0;
36 38
39 if (unlikely(panic_heartbeats)) {
40 led_set_brightness(led_cdev, LED_OFF);
41 return;
42 }
43
37 /* acts like an actual heart beat -- ie thump-thump-pause... */ 44 /* acts like an actual heart beat -- ie thump-thump-pause... */
38 switch (heartbeat_data->phase) { 45 switch (heartbeat_data->phase) {
39 case 0: 46 case 0:
@@ -111,12 +118,19 @@ static int heartbeat_reboot_notifier(struct notifier_block *nb,
111 return NOTIFY_DONE; 118 return NOTIFY_DONE;
112} 119}
113 120
121static int heartbeat_panic_notifier(struct notifier_block *nb,
122 unsigned long code, void *unused)
123{
124 panic_heartbeats = 1;
125 return NOTIFY_DONE;
126}
127
114static struct notifier_block heartbeat_reboot_nb = { 128static struct notifier_block heartbeat_reboot_nb = {
115 .notifier_call = heartbeat_reboot_notifier, 129 .notifier_call = heartbeat_reboot_notifier,
116}; 130};
117 131
118static struct notifier_block heartbeat_panic_nb = { 132static struct notifier_block heartbeat_panic_nb = {
119 .notifier_call = heartbeat_reboot_notifier, 133 .notifier_call = heartbeat_panic_notifier,
120}; 134};
121 135
122static int __init heartbeat_trig_init(void) 136static int __init heartbeat_trig_init(void)
diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
index 37fdaf81bd1f..ce59824fb414 100644
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -2292,6 +2292,13 @@ static int process_reserve_metadata_snap_mesg(unsigned argc, char **argv, struct
2292 if (r) 2292 if (r)
2293 return r; 2293 return r;
2294 2294
2295 r = dm_pool_commit_metadata(pool->pmd);
2296 if (r) {
2297 DMERR("%s: dm_pool_commit_metadata() failed, error = %d",
2298 __func__, r);
2299 return r;
2300 }
2301
2295 r = dm_pool_reserve_metadata_snap(pool->pmd); 2302 r = dm_pool_reserve_metadata_snap(pool->pmd);
2296 if (r) 2303 if (r)
2297 DMWARN("reserve_metadata_snap message failed."); 2304 DMWARN("reserve_metadata_snap message failed.");
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 1c2f9048e1ae..a4c219e3c859 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5784,8 +5784,7 @@ static int add_new_disk(struct mddev * mddev, mdu_disk_info_t *info)
5784 super_types[mddev->major_version]. 5784 super_types[mddev->major_version].
5785 validate_super(mddev, rdev); 5785 validate_super(mddev, rdev);
5786 if ((info->state & (1<<MD_DISK_SYNC)) && 5786 if ((info->state & (1<<MD_DISK_SYNC)) &&
5787 (!test_bit(In_sync, &rdev->flags) || 5787 rdev->raid_disk != info->raid_disk) {
5788 rdev->raid_disk != info->raid_disk)) {
5789 /* This was a hot-add request, but events doesn't 5788 /* This was a hot-add request, but events doesn't
5790 * match, so reject it. 5789 * match, so reject it.
5791 */ 5790 */
@@ -6751,7 +6750,7 @@ struct md_thread *md_register_thread(void (*run) (struct mddev *), struct mddev
6751 thread->tsk = kthread_run(md_thread, thread, 6750 thread->tsk = kthread_run(md_thread, thread,
6752 "%s_%s", 6751 "%s_%s",
6753 mdname(thread->mddev), 6752 mdname(thread->mddev),
6754 name ?: mddev->pers->name); 6753 name);
6755 if (IS_ERR(thread->tsk)) { 6754 if (IS_ERR(thread->tsk)) {
6756 kfree(thread); 6755 kfree(thread);
6757 return NULL; 6756 return NULL;
@@ -7298,6 +7297,7 @@ void md_do_sync(struct mddev *mddev)
7298 int skipped = 0; 7297 int skipped = 0;
7299 struct md_rdev *rdev; 7298 struct md_rdev *rdev;
7300 char *desc; 7299 char *desc;
7300 struct blk_plug plug;
7301 7301
7302 /* just incase thread restarts... */ 7302 /* just incase thread restarts... */
7303 if (test_bit(MD_RECOVERY_DONE, &mddev->recovery)) 7303 if (test_bit(MD_RECOVERY_DONE, &mddev->recovery))
@@ -7447,6 +7447,7 @@ void md_do_sync(struct mddev *mddev)
7447 } 7447 }
7448 mddev->curr_resync_completed = j; 7448 mddev->curr_resync_completed = j;
7449 7449
7450 blk_start_plug(&plug);
7450 while (j < max_sectors) { 7451 while (j < max_sectors) {
7451 sector_t sectors; 7452 sector_t sectors;
7452 7453
@@ -7552,6 +7553,7 @@ void md_do_sync(struct mddev *mddev)
7552 * this also signals 'finished resyncing' to md_stop 7553 * this also signals 'finished resyncing' to md_stop
7553 */ 7554 */
7554 out: 7555 out:
7556 blk_finish_plug(&plug);
7555 wait_event(mddev->recovery_wait, !atomic_read(&mddev->recovery_active)); 7557 wait_event(mddev->recovery_wait, !atomic_read(&mddev->recovery_active));
7556 7558
7557 /* tell personality that we are finished */ 7559 /* tell personality that we are finished */
diff --git a/drivers/md/multipath.c b/drivers/md/multipath.c
index 9339e67fcc79..61a1833ebaf3 100644
--- a/drivers/md/multipath.c
+++ b/drivers/md/multipath.c
@@ -474,7 +474,8 @@ static int multipath_run (struct mddev *mddev)
474 } 474 }
475 475
476 { 476 {
477 mddev->thread = md_register_thread(multipathd, mddev, NULL); 477 mddev->thread = md_register_thread(multipathd, mddev,
478 "multipath");
478 if (!mddev->thread) { 479 if (!mddev->thread) {
479 printk(KERN_ERR "multipath: couldn't allocate thread" 480 printk(KERN_ERR "multipath: couldn't allocate thread"
480 " for %s\n", mdname(mddev)); 481 " for %s\n", mdname(mddev));
diff --git a/drivers/md/persistent-data/dm-space-map-checker.c b/drivers/md/persistent-data/dm-space-map-checker.c
index 50ed53bf4aa2..fc90c11620ad 100644
--- a/drivers/md/persistent-data/dm-space-map-checker.c
+++ b/drivers/md/persistent-data/dm-space-map-checker.c
@@ -8,6 +8,7 @@
8 8
9#include <linux/device-mapper.h> 9#include <linux/device-mapper.h>
10#include <linux/export.h> 10#include <linux/export.h>
11#include <linux/vmalloc.h>
11 12
12#ifdef CONFIG_DM_DEBUG_SPACE_MAPS 13#ifdef CONFIG_DM_DEBUG_SPACE_MAPS
13 14
@@ -89,13 +90,23 @@ static int ca_create(struct count_array *ca, struct dm_space_map *sm)
89 90
90 ca->nr = nr_blocks; 91 ca->nr = nr_blocks;
91 ca->nr_free = nr_blocks; 92 ca->nr_free = nr_blocks;
92 ca->counts = kzalloc(sizeof(*ca->counts) * nr_blocks, GFP_KERNEL); 93
93 if (!ca->counts) 94 if (!nr_blocks)
94 return -ENOMEM; 95 ca->counts = NULL;
96 else {
97 ca->counts = vzalloc(sizeof(*ca->counts) * nr_blocks);
98 if (!ca->counts)
99 return -ENOMEM;
100 }
95 101
96 return 0; 102 return 0;
97} 103}
98 104
105static void ca_destroy(struct count_array *ca)
106{
107 vfree(ca->counts);
108}
109
99static int ca_load(struct count_array *ca, struct dm_space_map *sm) 110static int ca_load(struct count_array *ca, struct dm_space_map *sm)
100{ 111{
101 int r; 112 int r;
@@ -126,12 +137,14 @@ static int ca_load(struct count_array *ca, struct dm_space_map *sm)
126static int ca_extend(struct count_array *ca, dm_block_t extra_blocks) 137static int ca_extend(struct count_array *ca, dm_block_t extra_blocks)
127{ 138{
128 dm_block_t nr_blocks = ca->nr + extra_blocks; 139 dm_block_t nr_blocks = ca->nr + extra_blocks;
129 uint32_t *counts = kzalloc(sizeof(*counts) * nr_blocks, GFP_KERNEL); 140 uint32_t *counts = vzalloc(sizeof(*counts) * nr_blocks);
130 if (!counts) 141 if (!counts)
131 return -ENOMEM; 142 return -ENOMEM;
132 143
133 memcpy(counts, ca->counts, sizeof(*counts) * ca->nr); 144 if (ca->counts) {
134 kfree(ca->counts); 145 memcpy(counts, ca->counts, sizeof(*counts) * ca->nr);
146 ca_destroy(ca);
147 }
135 ca->nr = nr_blocks; 148 ca->nr = nr_blocks;
136 ca->nr_free += extra_blocks; 149 ca->nr_free += extra_blocks;
137 ca->counts = counts; 150 ca->counts = counts;
@@ -151,11 +164,6 @@ static int ca_commit(struct count_array *old, struct count_array *new)
151 return 0; 164 return 0;
152} 165}
153 166
154static void ca_destroy(struct count_array *ca)
155{
156 kfree(ca->counts);
157}
158
159/*----------------------------------------------------------------*/ 167/*----------------------------------------------------------------*/
160 168
161struct sm_checker { 169struct sm_checker {
@@ -343,25 +351,25 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
343 int r; 351 int r;
344 struct sm_checker *smc; 352 struct sm_checker *smc;
345 353
346 if (!sm) 354 if (IS_ERR_OR_NULL(sm))
347 return NULL; 355 return ERR_PTR(-EINVAL);
348 356
349 smc = kmalloc(sizeof(*smc), GFP_KERNEL); 357 smc = kmalloc(sizeof(*smc), GFP_KERNEL);
350 if (!smc) 358 if (!smc)
351 return NULL; 359 return ERR_PTR(-ENOMEM);
352 360
353 memcpy(&smc->sm, &ops_, sizeof(smc->sm)); 361 memcpy(&smc->sm, &ops_, sizeof(smc->sm));
354 r = ca_create(&smc->old_counts, sm); 362 r = ca_create(&smc->old_counts, sm);
355 if (r) { 363 if (r) {
356 kfree(smc); 364 kfree(smc);
357 return NULL; 365 return ERR_PTR(r);
358 } 366 }
359 367
360 r = ca_create(&smc->counts, sm); 368 r = ca_create(&smc->counts, sm);
361 if (r) { 369 if (r) {
362 ca_destroy(&smc->old_counts); 370 ca_destroy(&smc->old_counts);
363 kfree(smc); 371 kfree(smc);
364 return NULL; 372 return ERR_PTR(r);
365 } 373 }
366 374
367 smc->real_sm = sm; 375 smc->real_sm = sm;
@@ -371,7 +379,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
371 ca_destroy(&smc->counts); 379 ca_destroy(&smc->counts);
372 ca_destroy(&smc->old_counts); 380 ca_destroy(&smc->old_counts);
373 kfree(smc); 381 kfree(smc);
374 return NULL; 382 return ERR_PTR(r);
375 } 383 }
376 384
377 r = ca_commit(&smc->old_counts, &smc->counts); 385 r = ca_commit(&smc->old_counts, &smc->counts);
@@ -379,7 +387,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
379 ca_destroy(&smc->counts); 387 ca_destroy(&smc->counts);
380 ca_destroy(&smc->old_counts); 388 ca_destroy(&smc->old_counts);
381 kfree(smc); 389 kfree(smc);
382 return NULL; 390 return ERR_PTR(r);
383 } 391 }
384 392
385 return &smc->sm; 393 return &smc->sm;
@@ -391,25 +399,25 @@ struct dm_space_map *dm_sm_checker_create_fresh(struct dm_space_map *sm)
391 int r; 399 int r;
392 struct sm_checker *smc; 400 struct sm_checker *smc;
393 401
394 if (!sm) 402 if (IS_ERR_OR_NULL(sm))
395 return NULL; 403 return ERR_PTR(-EINVAL);
396 404
397 smc = kmalloc(sizeof(*smc), GFP_KERNEL); 405 smc = kmalloc(sizeof(*smc), GFP_KERNEL);
398 if (!smc) 406 if (!smc)
399 return NULL; 407 return ERR_PTR(-ENOMEM);
400 408
401 memcpy(&smc->sm, &ops_, sizeof(smc->sm)); 409 memcpy(&smc->sm, &ops_, sizeof(smc->sm));
402 r = ca_create(&smc->old_counts, sm); 410 r = ca_create(&smc->old_counts, sm);
403 if (r) { 411 if (r) {
404 kfree(smc); 412 kfree(smc);
405 return NULL; 413 return ERR_PTR(r);
406 } 414 }
407 415
408 r = ca_create(&smc->counts, sm); 416 r = ca_create(&smc->counts, sm);
409 if (r) { 417 if (r) {
410 ca_destroy(&smc->old_counts); 418 ca_destroy(&smc->old_counts);
411 kfree(smc); 419 kfree(smc);
412 return NULL; 420 return ERR_PTR(r);
413 } 421 }
414 422
415 smc->real_sm = sm; 423 smc->real_sm = sm;
diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c
index fc469ba9f627..3d0ed5332883 100644
--- a/drivers/md/persistent-data/dm-space-map-disk.c
+++ b/drivers/md/persistent-data/dm-space-map-disk.c
@@ -290,7 +290,16 @@ struct dm_space_map *dm_sm_disk_create(struct dm_transaction_manager *tm,
290 dm_block_t nr_blocks) 290 dm_block_t nr_blocks)
291{ 291{
292 struct dm_space_map *sm = dm_sm_disk_create_real(tm, nr_blocks); 292 struct dm_space_map *sm = dm_sm_disk_create_real(tm, nr_blocks);
293 return dm_sm_checker_create_fresh(sm); 293 struct dm_space_map *smc;
294
295 if (IS_ERR_OR_NULL(sm))
296 return sm;
297
298 smc = dm_sm_checker_create_fresh(sm);
299 if (IS_ERR(smc))
300 dm_sm_destroy(sm);
301
302 return smc;
294} 303}
295EXPORT_SYMBOL_GPL(dm_sm_disk_create); 304EXPORT_SYMBOL_GPL(dm_sm_disk_create);
296 305
diff --git a/drivers/md/persistent-data/dm-transaction-manager.c b/drivers/md/persistent-data/dm-transaction-manager.c
index 400fe144c0cd..e5604b32d91f 100644
--- a/drivers/md/persistent-data/dm-transaction-manager.c
+++ b/drivers/md/persistent-data/dm-transaction-manager.c
@@ -138,6 +138,9 @@ EXPORT_SYMBOL_GPL(dm_tm_create_non_blocking_clone);
138 138
139void dm_tm_destroy(struct dm_transaction_manager *tm) 139void dm_tm_destroy(struct dm_transaction_manager *tm)
140{ 140{
141 if (!tm->is_clone)
142 wipe_shadow_table(tm);
143
141 kfree(tm); 144 kfree(tm);
142} 145}
143EXPORT_SYMBOL_GPL(dm_tm_destroy); 146EXPORT_SYMBOL_GPL(dm_tm_destroy);
@@ -344,8 +347,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
344 } 347 }
345 348
346 *sm = dm_sm_checker_create(inner); 349 *sm = dm_sm_checker_create(inner);
347 if (!*sm) 350 if (IS_ERR(*sm)) {
351 r = PTR_ERR(*sm);
348 goto bad2; 352 goto bad2;
353 }
349 354
350 } else { 355 } else {
351 r = dm_bm_write_lock(dm_tm_get_bm(*tm), sb_location, 356 r = dm_bm_write_lock(dm_tm_get_bm(*tm), sb_location,
@@ -364,8 +369,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
364 } 369 }
365 370
366 *sm = dm_sm_checker_create(inner); 371 *sm = dm_sm_checker_create(inner);
367 if (!*sm) 372 if (IS_ERR(*sm)) {
373 r = PTR_ERR(*sm);
368 goto bad2; 374 goto bad2;
375 }
369 } 376 }
370 377
371 return 0; 378 return 0;
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index a9c7981ddd24..8c2754f835ef 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -517,8 +517,8 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect
517 int bad_sectors; 517 int bad_sectors;
518 518
519 int disk = start_disk + i; 519 int disk = start_disk + i;
520 if (disk >= conf->raid_disks) 520 if (disk >= conf->raid_disks * 2)
521 disk -= conf->raid_disks; 521 disk -= conf->raid_disks * 2;
522 522
523 rdev = rcu_dereference(conf->mirrors[disk].rdev); 523 rdev = rcu_dereference(conf->mirrors[disk].rdev);
524 if (r1_bio->bios[disk] == IO_BLOCKED 524 if (r1_bio->bios[disk] == IO_BLOCKED
@@ -883,7 +883,6 @@ static void make_request(struct mddev *mddev, struct bio * bio)
883 const unsigned long do_sync = (bio->bi_rw & REQ_SYNC); 883 const unsigned long do_sync = (bio->bi_rw & REQ_SYNC);
884 const unsigned long do_flush_fua = (bio->bi_rw & (REQ_FLUSH | REQ_FUA)); 884 const unsigned long do_flush_fua = (bio->bi_rw & (REQ_FLUSH | REQ_FUA));
885 struct md_rdev *blocked_rdev; 885 struct md_rdev *blocked_rdev;
886 int plugged;
887 int first_clone; 886 int first_clone;
888 int sectors_handled; 887 int sectors_handled;
889 int max_sectors; 888 int max_sectors;
@@ -1034,7 +1033,6 @@ read_again:
1034 * the bad blocks. Each set of writes gets it's own r1bio 1033 * the bad blocks. Each set of writes gets it's own r1bio
1035 * with a set of bios attached. 1034 * with a set of bios attached.
1036 */ 1035 */
1037 plugged = mddev_check_plugged(mddev);
1038 1036
1039 disks = conf->raid_disks * 2; 1037 disks = conf->raid_disks * 2;
1040 retry_write: 1038 retry_write:
@@ -1191,6 +1189,8 @@ read_again:
1191 bio_list_add(&conf->pending_bio_list, mbio); 1189 bio_list_add(&conf->pending_bio_list, mbio);
1192 conf->pending_count++; 1190 conf->pending_count++;
1193 spin_unlock_irqrestore(&conf->device_lock, flags); 1191 spin_unlock_irqrestore(&conf->device_lock, flags);
1192 if (!mddev_check_plugged(mddev))
1193 md_wakeup_thread(mddev->thread);
1194 } 1194 }
1195 /* Mustn't call r1_bio_write_done before this next test, 1195 /* Mustn't call r1_bio_write_done before this next test,
1196 * as it could result in the bio being freed. 1196 * as it could result in the bio being freed.
@@ -1213,9 +1213,6 @@ read_again:
1213 1213
1214 /* In case raid1d snuck in to freeze_array */ 1214 /* In case raid1d snuck in to freeze_array */
1215 wake_up(&conf->wait_barrier); 1215 wake_up(&conf->wait_barrier);
1216
1217 if (do_sync || !bitmap || !plugged)
1218 md_wakeup_thread(mddev->thread);
1219} 1216}
1220 1217
1221static void status(struct seq_file *seq, struct mddev *mddev) 1218static void status(struct seq_file *seq, struct mddev *mddev)
@@ -2621,7 +2618,7 @@ static struct r1conf *setup_conf(struct mddev *mddev)
2621 goto abort; 2618 goto abort;
2622 } 2619 }
2623 err = -ENOMEM; 2620 err = -ENOMEM;
2624 conf->thread = md_register_thread(raid1d, mddev, NULL); 2621 conf->thread = md_register_thread(raid1d, mddev, "raid1");
2625 if (!conf->thread) { 2622 if (!conf->thread) {
2626 printk(KERN_ERR 2623 printk(KERN_ERR
2627 "md/raid1:%s: couldn't allocate thread\n", 2624 "md/raid1:%s: couldn't allocate thread\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 99ae6068e456..8da6282254c3 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1039,7 +1039,6 @@ static void make_request(struct mddev *mddev, struct bio * bio)
1039 const unsigned long do_fua = (bio->bi_rw & REQ_FUA); 1039 const unsigned long do_fua = (bio->bi_rw & REQ_FUA);
1040 unsigned long flags; 1040 unsigned long flags;
1041 struct md_rdev *blocked_rdev; 1041 struct md_rdev *blocked_rdev;
1042 int plugged;
1043 int sectors_handled; 1042 int sectors_handled;
1044 int max_sectors; 1043 int max_sectors;
1045 int sectors; 1044 int sectors;
@@ -1239,7 +1238,6 @@ read_again:
1239 * of r10_bios is recored in bio->bi_phys_segments just as with 1238 * of r10_bios is recored in bio->bi_phys_segments just as with
1240 * the read case. 1239 * the read case.
1241 */ 1240 */
1242 plugged = mddev_check_plugged(mddev);
1243 1241
1244 r10_bio->read_slot = -1; /* make sure repl_bio gets freed */ 1242 r10_bio->read_slot = -1; /* make sure repl_bio gets freed */
1245 raid10_find_phys(conf, r10_bio); 1243 raid10_find_phys(conf, r10_bio);
@@ -1396,6 +1394,8 @@ retry_write:
1396 bio_list_add(&conf->pending_bio_list, mbio); 1394 bio_list_add(&conf->pending_bio_list, mbio);
1397 conf->pending_count++; 1395 conf->pending_count++;
1398 spin_unlock_irqrestore(&conf->device_lock, flags); 1396 spin_unlock_irqrestore(&conf->device_lock, flags);
1397 if (!mddev_check_plugged(mddev))
1398 md_wakeup_thread(mddev->thread);
1399 1399
1400 if (!r10_bio->devs[i].repl_bio) 1400 if (!r10_bio->devs[i].repl_bio)
1401 continue; 1401 continue;
@@ -1423,6 +1423,8 @@ retry_write:
1423 bio_list_add(&conf->pending_bio_list, mbio); 1423 bio_list_add(&conf->pending_bio_list, mbio);
1424 conf->pending_count++; 1424 conf->pending_count++;
1425 spin_unlock_irqrestore(&conf->device_lock, flags); 1425 spin_unlock_irqrestore(&conf->device_lock, flags);
1426 if (!mddev_check_plugged(mddev))
1427 md_wakeup_thread(mddev->thread);
1426 } 1428 }
1427 1429
1428 /* Don't remove the bias on 'remaining' (one_write_done) until 1430 /* Don't remove the bias on 'remaining' (one_write_done) until
@@ -1448,9 +1450,6 @@ retry_write:
1448 1450
1449 /* In case raid10d snuck in to freeze_array */ 1451 /* In case raid10d snuck in to freeze_array */
1450 wake_up(&conf->wait_barrier); 1452 wake_up(&conf->wait_barrier);
1451
1452 if (do_sync || !mddev->bitmap || !plugged)
1453 md_wakeup_thread(mddev->thread);
1454} 1453}
1455 1454
1456static void status(struct seq_file *seq, struct mddev *mddev) 1455static void status(struct seq_file *seq, struct mddev *mddev)
@@ -2310,7 +2309,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
2310 if (r10_sync_page_io(rdev, 2309 if (r10_sync_page_io(rdev,
2311 r10_bio->devs[sl].addr + 2310 r10_bio->devs[sl].addr +
2312 sect, 2311 sect,
2313 s<<9, conf->tmppage, WRITE) 2312 s, conf->tmppage, WRITE)
2314 == 0) { 2313 == 0) {
2315 /* Well, this device is dead */ 2314 /* Well, this device is dead */
2316 printk(KERN_NOTICE 2315 printk(KERN_NOTICE
@@ -2349,7 +2348,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
2349 switch (r10_sync_page_io(rdev, 2348 switch (r10_sync_page_io(rdev,
2350 r10_bio->devs[sl].addr + 2349 r10_bio->devs[sl].addr +
2351 sect, 2350 sect,
2352 s<<9, conf->tmppage, 2351 s, conf->tmppage,
2353 READ)) { 2352 READ)) {
2354 case 0: 2353 case 0:
2355 /* Well, this device is dead */ 2354 /* Well, this device is dead */
@@ -2512,7 +2511,7 @@ read_more:
2512 slot = r10_bio->read_slot; 2511 slot = r10_bio->read_slot;
2513 printk_ratelimited( 2512 printk_ratelimited(
2514 KERN_ERR 2513 KERN_ERR
2515 "md/raid10:%s: %s: redirecting" 2514 "md/raid10:%s: %s: redirecting "
2516 "sector %llu to another mirror\n", 2515 "sector %llu to another mirror\n",
2517 mdname(mddev), 2516 mdname(mddev),
2518 bdevname(rdev->bdev, b), 2517 bdevname(rdev->bdev, b),
@@ -2661,7 +2660,8 @@ static void raid10d(struct mddev *mddev)
2661 blk_start_plug(&plug); 2660 blk_start_plug(&plug);
2662 for (;;) { 2661 for (;;) {
2663 2662
2664 flush_pending_writes(conf); 2663 if (atomic_read(&mddev->plug_cnt) == 0)
2664 flush_pending_writes(conf);
2665 2665
2666 spin_lock_irqsave(&conf->device_lock, flags); 2666 spin_lock_irqsave(&conf->device_lock, flags);
2667 if (list_empty(head)) { 2667 if (list_empty(head)) {
@@ -2890,6 +2890,12 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
2890 /* want to reconstruct this device */ 2890 /* want to reconstruct this device */
2891 rb2 = r10_bio; 2891 rb2 = r10_bio;
2892 sect = raid10_find_virt(conf, sector_nr, i); 2892 sect = raid10_find_virt(conf, sector_nr, i);
2893 if (sect >= mddev->resync_max_sectors) {
2894 /* last stripe is not complete - don't
2895 * try to recover this sector.
2896 */
2897 continue;
2898 }
2893 /* Unless we are doing a full sync, or a replacement 2899 /* Unless we are doing a full sync, or a replacement
2894 * we only need to recover the block if it is set in 2900 * we only need to recover the block if it is set in
2895 * the bitmap 2901 * the bitmap
@@ -3421,7 +3427,7 @@ static struct r10conf *setup_conf(struct mddev *mddev)
3421 spin_lock_init(&conf->resync_lock); 3427 spin_lock_init(&conf->resync_lock);
3422 init_waitqueue_head(&conf->wait_barrier); 3428 init_waitqueue_head(&conf->wait_barrier);
3423 3429
3424 conf->thread = md_register_thread(raid10d, mddev, NULL); 3430 conf->thread = md_register_thread(raid10d, mddev, "raid10");
3425 if (!conf->thread) 3431 if (!conf->thread)
3426 goto out; 3432 goto out;
3427 3433
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index d26767246d26..04348d76bb30 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -196,12 +196,14 @@ static void __release_stripe(struct r5conf *conf, struct stripe_head *sh)
196 BUG_ON(!list_empty(&sh->lru)); 196 BUG_ON(!list_empty(&sh->lru));
197 BUG_ON(atomic_read(&conf->active_stripes)==0); 197 BUG_ON(atomic_read(&conf->active_stripes)==0);
198 if (test_bit(STRIPE_HANDLE, &sh->state)) { 198 if (test_bit(STRIPE_HANDLE, &sh->state)) {
199 if (test_bit(STRIPE_DELAYED, &sh->state)) 199 if (test_bit(STRIPE_DELAYED, &sh->state) &&
200 !test_bit(STRIPE_PREREAD_ACTIVE, &sh->state))
200 list_add_tail(&sh->lru, &conf->delayed_list); 201 list_add_tail(&sh->lru, &conf->delayed_list);
201 else if (test_bit(STRIPE_BIT_DELAY, &sh->state) && 202 else if (test_bit(STRIPE_BIT_DELAY, &sh->state) &&
202 sh->bm_seq - conf->seq_write > 0) 203 sh->bm_seq - conf->seq_write > 0)
203 list_add_tail(&sh->lru, &conf->bitmap_list); 204 list_add_tail(&sh->lru, &conf->bitmap_list);
204 else { 205 else {
206 clear_bit(STRIPE_DELAYED, &sh->state);
205 clear_bit(STRIPE_BIT_DELAY, &sh->state); 207 clear_bit(STRIPE_BIT_DELAY, &sh->state);
206 list_add_tail(&sh->lru, &conf->handle_list); 208 list_add_tail(&sh->lru, &conf->handle_list);
207 } 209 }
@@ -606,6 +608,12 @@ static void ops_run_io(struct stripe_head *sh, struct stripe_head_state *s)
606 * a chance*/ 608 * a chance*/
607 md_check_recovery(conf->mddev); 609 md_check_recovery(conf->mddev);
608 } 610 }
611 /*
612 * Because md_wait_for_blocked_rdev
613 * will dec nr_pending, we must
614 * increment it first.
615 */
616 atomic_inc(&rdev->nr_pending);
609 md_wait_for_blocked_rdev(rdev, conf->mddev); 617 md_wait_for_blocked_rdev(rdev, conf->mddev);
610 } else { 618 } else {
611 /* Acknowledged bad block - skip the write */ 619 /* Acknowledged bad block - skip the write */
@@ -1737,6 +1745,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
1737 } else { 1745 } else {
1738 const char *bdn = bdevname(rdev->bdev, b); 1746 const char *bdn = bdevname(rdev->bdev, b);
1739 int retry = 0; 1747 int retry = 0;
1748 int set_bad = 0;
1740 1749
1741 clear_bit(R5_UPTODATE, &sh->dev[i].flags); 1750 clear_bit(R5_UPTODATE, &sh->dev[i].flags);
1742 atomic_inc(&rdev->read_errors); 1751 atomic_inc(&rdev->read_errors);
@@ -1748,7 +1757,8 @@ static void raid5_end_read_request(struct bio * bi, int error)
1748 mdname(conf->mddev), 1757 mdname(conf->mddev),
1749 (unsigned long long)s, 1758 (unsigned long long)s,
1750 bdn); 1759 bdn);
1751 else if (conf->mddev->degraded >= conf->max_degraded) 1760 else if (conf->mddev->degraded >= conf->max_degraded) {
1761 set_bad = 1;
1752 printk_ratelimited( 1762 printk_ratelimited(
1753 KERN_WARNING 1763 KERN_WARNING
1754 "md/raid:%s: read error not correctable " 1764 "md/raid:%s: read error not correctable "
@@ -1756,8 +1766,9 @@ static void raid5_end_read_request(struct bio * bi, int error)
1756 mdname(conf->mddev), 1766 mdname(conf->mddev),
1757 (unsigned long long)s, 1767 (unsigned long long)s,
1758 bdn); 1768 bdn);
1759 else if (test_bit(R5_ReWrite, &sh->dev[i].flags)) 1769 } else if (test_bit(R5_ReWrite, &sh->dev[i].flags)) {
1760 /* Oh, no!!! */ 1770 /* Oh, no!!! */
1771 set_bad = 1;
1761 printk_ratelimited( 1772 printk_ratelimited(
1762 KERN_WARNING 1773 KERN_WARNING
1763 "md/raid:%s: read error NOT corrected!! " 1774 "md/raid:%s: read error NOT corrected!! "
@@ -1765,7 +1776,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
1765 mdname(conf->mddev), 1776 mdname(conf->mddev),
1766 (unsigned long long)s, 1777 (unsigned long long)s,
1767 bdn); 1778 bdn);
1768 else if (atomic_read(&rdev->read_errors) 1779 } else if (atomic_read(&rdev->read_errors)
1769 > conf->max_nr_stripes) 1780 > conf->max_nr_stripes)
1770 printk(KERN_WARNING 1781 printk(KERN_WARNING
1771 "md/raid:%s: Too many read errors, failing device %s.\n", 1782 "md/raid:%s: Too many read errors, failing device %s.\n",
@@ -1777,7 +1788,11 @@ static void raid5_end_read_request(struct bio * bi, int error)
1777 else { 1788 else {
1778 clear_bit(R5_ReadError, &sh->dev[i].flags); 1789 clear_bit(R5_ReadError, &sh->dev[i].flags);
1779 clear_bit(R5_ReWrite, &sh->dev[i].flags); 1790 clear_bit(R5_ReWrite, &sh->dev[i].flags);
1780 md_error(conf->mddev, rdev); 1791 if (!(set_bad
1792 && test_bit(In_sync, &rdev->flags)
1793 && rdev_set_badblocks(
1794 rdev, sh->sector, STRIPE_SECTORS, 0)))
1795 md_error(conf->mddev, rdev);
1781 } 1796 }
1782 } 1797 }
1783 rdev_dec_pending(rdev, conf->mddev); 1798 rdev_dec_pending(rdev, conf->mddev);
@@ -3582,8 +3597,18 @@ static void handle_stripe(struct stripe_head *sh)
3582 3597
3583finish: 3598finish:
3584 /* wait for this device to become unblocked */ 3599 /* wait for this device to become unblocked */
3585 if (conf->mddev->external && unlikely(s.blocked_rdev)) 3600 if (unlikely(s.blocked_rdev)) {
3586 md_wait_for_blocked_rdev(s.blocked_rdev, conf->mddev); 3601 if (conf->mddev->external)
3602 md_wait_for_blocked_rdev(s.blocked_rdev,
3603 conf->mddev);
3604 else
3605 /* Internal metadata will immediately
3606 * be written by raid5d, so we don't
3607 * need to wait here.
3608 */
3609 rdev_dec_pending(s.blocked_rdev,
3610 conf->mddev);
3611 }
3587 3612
3588 if (s.handle_bad_blocks) 3613 if (s.handle_bad_blocks)
3589 for (i = disks; i--; ) { 3614 for (i = disks; i--; ) {
@@ -3881,8 +3906,6 @@ static int chunk_aligned_read(struct mddev *mddev, struct bio * raid_bio)
3881 raid_bio->bi_next = (void*)rdev; 3906 raid_bio->bi_next = (void*)rdev;
3882 align_bi->bi_bdev = rdev->bdev; 3907 align_bi->bi_bdev = rdev->bdev;
3883 align_bi->bi_flags &= ~(1 << BIO_SEG_VALID); 3908 align_bi->bi_flags &= ~(1 << BIO_SEG_VALID);
3884 /* No reshape active, so we can trust rdev->data_offset */
3885 align_bi->bi_sector += rdev->data_offset;
3886 3909
3887 if (!bio_fits_rdev(align_bi) || 3910 if (!bio_fits_rdev(align_bi) ||
3888 is_badblock(rdev, align_bi->bi_sector, align_bi->bi_size>>9, 3911 is_badblock(rdev, align_bi->bi_sector, align_bi->bi_size>>9,
@@ -3893,6 +3916,9 @@ static int chunk_aligned_read(struct mddev *mddev, struct bio * raid_bio)
3893 return 0; 3916 return 0;
3894 } 3917 }
3895 3918
3919 /* No reshape active, so we can trust rdev->data_offset */
3920 align_bi->bi_sector += rdev->data_offset;
3921
3896 spin_lock_irq(&conf->device_lock); 3922 spin_lock_irq(&conf->device_lock);
3897 wait_event_lock_irq(conf->wait_for_stripe, 3923 wait_event_lock_irq(conf->wait_for_stripe,
3898 conf->quiesce == 0, 3924 conf->quiesce == 0,
@@ -3971,7 +3997,6 @@ static void make_request(struct mddev *mddev, struct bio * bi)
3971 struct stripe_head *sh; 3997 struct stripe_head *sh;
3972 const int rw = bio_data_dir(bi); 3998 const int rw = bio_data_dir(bi);
3973 int remaining; 3999 int remaining;
3974 int plugged;
3975 4000
3976 if (unlikely(bi->bi_rw & REQ_FLUSH)) { 4001 if (unlikely(bi->bi_rw & REQ_FLUSH)) {
3977 md_flush_request(mddev, bi); 4002 md_flush_request(mddev, bi);
@@ -3990,7 +4015,6 @@ static void make_request(struct mddev *mddev, struct bio * bi)
3990 bi->bi_next = NULL; 4015 bi->bi_next = NULL;
3991 bi->bi_phys_segments = 1; /* over-loaded to count active stripes */ 4016 bi->bi_phys_segments = 1; /* over-loaded to count active stripes */
3992 4017
3993 plugged = mddev_check_plugged(mddev);
3994 for (;logical_sector < last_sector; logical_sector += STRIPE_SECTORS) { 4018 for (;logical_sector < last_sector; logical_sector += STRIPE_SECTORS) {
3995 DEFINE_WAIT(w); 4019 DEFINE_WAIT(w);
3996 int previous; 4020 int previous;
@@ -4092,6 +4116,7 @@ static void make_request(struct mddev *mddev, struct bio * bi)
4092 if ((bi->bi_rw & REQ_SYNC) && 4116 if ((bi->bi_rw & REQ_SYNC) &&
4093 !test_and_set_bit(STRIPE_PREREAD_ACTIVE, &sh->state)) 4117 !test_and_set_bit(STRIPE_PREREAD_ACTIVE, &sh->state))
4094 atomic_inc(&conf->preread_active_stripes); 4118 atomic_inc(&conf->preread_active_stripes);
4119 mddev_check_plugged(mddev);
4095 release_stripe(sh); 4120 release_stripe(sh);
4096 } else { 4121 } else {
4097 /* cannot get stripe for read-ahead, just give-up */ 4122 /* cannot get stripe for read-ahead, just give-up */
@@ -4099,10 +4124,7 @@ static void make_request(struct mddev *mddev, struct bio * bi)
4099 finish_wait(&conf->wait_for_overlap, &w); 4124 finish_wait(&conf->wait_for_overlap, &w);
4100 break; 4125 break;
4101 } 4126 }
4102
4103 } 4127 }
4104 if (!plugged)
4105 md_wakeup_thread(mddev->thread);
4106 4128
4107 spin_lock_irq(&conf->device_lock); 4129 spin_lock_irq(&conf->device_lock);
4108 remaining = raid5_dec_bi_phys_segments(bi); 4130 remaining = raid5_dec_bi_phys_segments(bi);
@@ -4823,6 +4845,7 @@ static struct r5conf *setup_conf(struct mddev *mddev)
4823 int raid_disk, memory, max_disks; 4845 int raid_disk, memory, max_disks;
4824 struct md_rdev *rdev; 4846 struct md_rdev *rdev;
4825 struct disk_info *disk; 4847 struct disk_info *disk;
4848 char pers_name[6];
4826 4849
4827 if (mddev->new_level != 5 4850 if (mddev->new_level != 5
4828 && mddev->new_level != 4 4851 && mddev->new_level != 4
@@ -4946,7 +4969,8 @@ static struct r5conf *setup_conf(struct mddev *mddev)
4946 printk(KERN_INFO "md/raid:%s: allocated %dkB\n", 4969 printk(KERN_INFO "md/raid:%s: allocated %dkB\n",
4947 mdname(mddev), memory); 4970 mdname(mddev), memory);
4948 4971
4949 conf->thread = md_register_thread(raid5d, mddev, NULL); 4972 sprintf(pers_name, "raid%d", mddev->new_level);
4973 conf->thread = md_register_thread(raid5d, mddev, pers_name);
4950 if (!conf->thread) { 4974 if (!conf->thread) {
4951 printk(KERN_ERR 4975 printk(KERN_ERR
4952 "md/raid:%s: couldn't allocate thread.\n", 4976 "md/raid:%s: couldn't allocate thread.\n",
@@ -5465,10 +5489,9 @@ static int raid5_add_disk(struct mddev *mddev, struct md_rdev *rdev)
5465 if (rdev->saved_raid_disk >= 0 && 5489 if (rdev->saved_raid_disk >= 0 &&
5466 rdev->saved_raid_disk >= first && 5490 rdev->saved_raid_disk >= first &&
5467 conf->disks[rdev->saved_raid_disk].rdev == NULL) 5491 conf->disks[rdev->saved_raid_disk].rdev == NULL)
5468 disk = rdev->saved_raid_disk; 5492 first = rdev->saved_raid_disk;
5469 else 5493
5470 disk = first; 5494 for (disk = first; disk <= last; disk++) {
5471 for ( ; disk <= last ; disk++) {
5472 p = conf->disks + disk; 5495 p = conf->disks + disk;
5473 if (p->rdev == NULL) { 5496 if (p->rdev == NULL) {
5474 clear_bit(In_sync, &rdev->flags); 5497 clear_bit(In_sync, &rdev->flags);
@@ -5477,8 +5500,11 @@ static int raid5_add_disk(struct mddev *mddev, struct md_rdev *rdev)
5477 if (rdev->saved_raid_disk != disk) 5500 if (rdev->saved_raid_disk != disk)
5478 conf->fullsync = 1; 5501 conf->fullsync = 1;
5479 rcu_assign_pointer(p->rdev, rdev); 5502 rcu_assign_pointer(p->rdev, rdev);
5480 break; 5503 goto out;
5481 } 5504 }
5505 }
5506 for (disk = first; disk <= last; disk++) {
5507 p = conf->disks + disk;
5482 if (test_bit(WantReplacement, &p->rdev->flags) && 5508 if (test_bit(WantReplacement, &p->rdev->flags) &&
5483 p->replacement == NULL) { 5509 p->replacement == NULL) {
5484 clear_bit(In_sync, &rdev->flags); 5510 clear_bit(In_sync, &rdev->flags);
@@ -5490,6 +5516,7 @@ static int raid5_add_disk(struct mddev *mddev, struct md_rdev *rdev)
5490 break; 5516 break;
5491 } 5517 }
5492 } 5518 }
5519out:
5493 print_raid5_conf(conf); 5520 print_raid5_conf(conf);
5494 return err; 5521 return err;
5495} 5522}
diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
index 0741aded9eb0..f2db8fca46a1 100644
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -1804,18 +1804,16 @@ void gfar_configure_coalescing(struct gfar_private *priv,
1804 if (priv->mode == MQ_MG_MODE) { 1804 if (priv->mode == MQ_MG_MODE) {
1805 baddr = &regs->txic0; 1805 baddr = &regs->txic0;
1806 for_each_set_bit(i, &tx_mask, priv->num_tx_queues) { 1806 for_each_set_bit(i, &tx_mask, priv->num_tx_queues) {
1807 if (likely(priv->tx_queue[i]->txcoalescing)) { 1807 gfar_write(baddr + i, 0);
1808 gfar_write(baddr + i, 0); 1808 if (likely(priv->tx_queue[i]->txcoalescing))
1809 gfar_write(baddr + i, priv->tx_queue[i]->txic); 1809 gfar_write(baddr + i, priv->tx_queue[i]->txic);
1810 }
1811 } 1810 }
1812 1811
1813 baddr = &regs->rxic0; 1812 baddr = &regs->rxic0;
1814 for_each_set_bit(i, &rx_mask, priv->num_rx_queues) { 1813 for_each_set_bit(i, &rx_mask, priv->num_rx_queues) {
1815 if (likely(priv->rx_queue[i]->rxcoalescing)) { 1814 gfar_write(baddr + i, 0);
1816 gfar_write(baddr + i, 0); 1815 if (likely(priv->rx_queue[i]->rxcoalescing))
1817 gfar_write(baddr + i, priv->rx_queue[i]->rxic); 1816 gfar_write(baddr + i, priv->rx_queue[i]->rxic);
1818 }
1819 } 1817 }
1820 } 1818 }
1821} 1819}
diff --git a/drivers/net/ethernet/intel/e1000e/defines.h b/drivers/net/ethernet/intel/e1000e/defines.h
index 351a4097b2ba..76edbc1be33b 100644
--- a/drivers/net/ethernet/intel/e1000e/defines.h
+++ b/drivers/net/ethernet/intel/e1000e/defines.h
@@ -103,6 +103,7 @@
103#define E1000_RXD_ERR_SEQ 0x04 /* Sequence Error */ 103#define E1000_RXD_ERR_SEQ 0x04 /* Sequence Error */
104#define E1000_RXD_ERR_CXE 0x10 /* Carrier Extension Error */ 104#define E1000_RXD_ERR_CXE 0x10 /* Carrier Extension Error */
105#define E1000_RXD_ERR_TCPE 0x20 /* TCP/UDP Checksum Error */ 105#define E1000_RXD_ERR_TCPE 0x20 /* TCP/UDP Checksum Error */
106#define E1000_RXD_ERR_IPE 0x40 /* IP Checksum Error */
106#define E1000_RXD_ERR_RXE 0x80 /* Rx Data Error */ 107#define E1000_RXD_ERR_RXE 0x80 /* Rx Data Error */
107#define E1000_RXD_SPC_VLAN_MASK 0x0FFF /* VLAN ID is in lower 12 bits */ 108#define E1000_RXD_SPC_VLAN_MASK 0x0FFF /* VLAN ID is in lower 12 bits */
108 109
diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
index 31d37a2b5ba8..623e30b9964d 100644
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -496,7 +496,7 @@ static void e1000_receive_skb(struct e1000_adapter *adapter,
496 * @sk_buff: socket buffer with received data 496 * @sk_buff: socket buffer with received data
497 **/ 497 **/
498static void e1000_rx_checksum(struct e1000_adapter *adapter, u32 status_err, 498static void e1000_rx_checksum(struct e1000_adapter *adapter, u32 status_err,
499 __le16 csum, struct sk_buff *skb) 499 struct sk_buff *skb)
500{ 500{
501 u16 status = (u16)status_err; 501 u16 status = (u16)status_err;
502 u8 errors = (u8)(status_err >> 24); 502 u8 errors = (u8)(status_err >> 24);
@@ -511,8 +511,8 @@ static void e1000_rx_checksum(struct e1000_adapter *adapter, u32 status_err,
511 if (status & E1000_RXD_STAT_IXSM) 511 if (status & E1000_RXD_STAT_IXSM)
512 return; 512 return;
513 513
514 /* TCP/UDP checksum error bit is set */ 514 /* TCP/UDP checksum error bit or IP checksum error bit is set */
515 if (errors & E1000_RXD_ERR_TCPE) { 515 if (errors & (E1000_RXD_ERR_TCPE | E1000_RXD_ERR_IPE)) {
516 /* let the stack verify checksum errors */ 516 /* let the stack verify checksum errors */
517 adapter->hw_csum_err++; 517 adapter->hw_csum_err++;
518 return; 518 return;
@@ -523,19 +523,7 @@ static void e1000_rx_checksum(struct e1000_adapter *adapter, u32 status_err,
523 return; 523 return;
524 524
525 /* It must be a TCP or UDP packet with a valid checksum */ 525 /* It must be a TCP or UDP packet with a valid checksum */
526 if (status & E1000_RXD_STAT_TCPCS) { 526 skb->ip_summed = CHECKSUM_UNNECESSARY;
527 /* TCP checksum is good */
528 skb->ip_summed = CHECKSUM_UNNECESSARY;
529 } else {
530 /*
531 * IP fragment with UDP payload
532 * Hardware complements the payload checksum, so we undo it
533 * and then put the value in host order for further stack use.
534 */
535 __sum16 sum = (__force __sum16)swab16((__force u16)csum);
536 skb->csum = csum_unfold(~sum);
537 skb->ip_summed = CHECKSUM_COMPLETE;
538 }
539 adapter->hw_csum_good++; 527 adapter->hw_csum_good++;
540} 528}
541 529
@@ -954,8 +942,7 @@ static bool e1000_clean_rx_irq(struct e1000_ring *rx_ring, int *work_done,
954 skb_put(skb, length); 942 skb_put(skb, length);
955 943
956 /* Receive Checksum Offload */ 944 /* Receive Checksum Offload */
957 e1000_rx_checksum(adapter, staterr, 945 e1000_rx_checksum(adapter, staterr, skb);
958 rx_desc->wb.lower.hi_dword.csum_ip.csum, skb);
959 946
960 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 947 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb);
961 948
@@ -1341,8 +1328,7 @@ copydone:
1341 total_rx_bytes += skb->len; 1328 total_rx_bytes += skb->len;
1342 total_rx_packets++; 1329 total_rx_packets++;
1343 1330
1344 e1000_rx_checksum(adapter, staterr, 1331 e1000_rx_checksum(adapter, staterr, skb);
1345 rx_desc->wb.lower.hi_dword.csum_ip.csum, skb);
1346 1332
1347 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 1333 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb);
1348 1334
@@ -1512,9 +1498,8 @@ static bool e1000_clean_jumbo_rx_irq(struct e1000_ring *rx_ring, int *work_done,
1512 } 1498 }
1513 } 1499 }
1514 1500
1515 /* Receive Checksum Offload XXX recompute due to CRC strip? */ 1501 /* Receive Checksum Offload */
1516 e1000_rx_checksum(adapter, staterr, 1502 e1000_rx_checksum(adapter, staterr, skb);
1517 rx_desc->wb.lower.hi_dword.csum_ip.csum, skb);
1518 1503
1519 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 1504 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb);
1520 1505
@@ -3098,19 +3083,10 @@ static void e1000_configure_rx(struct e1000_adapter *adapter)
3098 3083
3099 /* Enable Receive Checksum Offload for TCP and UDP */ 3084 /* Enable Receive Checksum Offload for TCP and UDP */
3100 rxcsum = er32(RXCSUM); 3085 rxcsum = er32(RXCSUM);
3101 if (adapter->netdev->features & NETIF_F_RXCSUM) { 3086 if (adapter->netdev->features & NETIF_F_RXCSUM)
3102 rxcsum |= E1000_RXCSUM_TUOFL; 3087 rxcsum |= E1000_RXCSUM_TUOFL;
3103 3088 else
3104 /*
3105 * IPv4 payload checksum for UDP fragments must be
3106 * used in conjunction with packet-split.
3107 */
3108 if (adapter->rx_ps_pages)
3109 rxcsum |= E1000_RXCSUM_IPPCSE;
3110 } else {
3111 rxcsum &= ~E1000_RXCSUM_TUOFL; 3089 rxcsum &= ~E1000_RXCSUM_TUOFL;
3112 /* no need to clear IPPCSE as it defaults to 0 */
3113 }
3114 ew32(RXCSUM, rxcsum); 3090 ew32(RXCSUM, rxcsum);
3115 3091
3116 if (adapter->hw.mac.type == e1000_pch2lan) { 3092 if (adapter->hw.mac.type == e1000_pch2lan) {
@@ -5241,22 +5217,10 @@ static int e1000_change_mtu(struct net_device *netdev, int new_mtu)
5241 int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; 5217 int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN;
5242 5218
5243 /* Jumbo frame support */ 5219 /* Jumbo frame support */
5244 if (max_frame > ETH_FRAME_LEN + ETH_FCS_LEN) { 5220 if ((max_frame > ETH_FRAME_LEN + ETH_FCS_LEN) &&
5245 if (!(adapter->flags & FLAG_HAS_JUMBO_FRAMES)) { 5221 !(adapter->flags & FLAG_HAS_JUMBO_FRAMES)) {
5246 e_err("Jumbo Frames not supported.\n"); 5222 e_err("Jumbo Frames not supported.\n");
5247 return -EINVAL; 5223 return -EINVAL;
5248 }
5249
5250 /*
5251 * IP payload checksum (enabled with jumbos/packet-split when
5252 * Rx checksum is enabled) and generation of RSS hash is
5253 * mutually exclusive in the hardware.
5254 */
5255 if ((netdev->features & NETIF_F_RXCSUM) &&
5256 (netdev->features & NETIF_F_RXHASH)) {
5257 e_err("Jumbo frames cannot be enabled when both receive checksum offload and receive hashing are enabled. Disable one of the receive offload features before enabling jumbos.\n");
5258 return -EINVAL;
5259 }
5260 } 5224 }
5261 5225
5262 /* Supported frame sizes */ 5226 /* Supported frame sizes */
@@ -6030,17 +5994,6 @@ static int e1000_set_features(struct net_device *netdev,
6030 NETIF_F_RXALL))) 5994 NETIF_F_RXALL)))
6031 return 0; 5995 return 0;
6032 5996
6033 /*
6034 * IP payload checksum (enabled with jumbos/packet-split when Rx
6035 * checksum is enabled) and generation of RSS hash is mutually
6036 * exclusive in the hardware.
6037 */
6038 if (adapter->rx_ps_pages &&
6039 (features & NETIF_F_RXCSUM) && (features & NETIF_F_RXHASH)) {
6040 e_err("Enabling both receive checksum offload and receive hashing is not possible with jumbo frames. Disable jumbos or enable only one of the receive offload features.\n");
6041 return -EINVAL;
6042 }
6043
6044 if (changed & NETIF_F_RXFCS) { 5997 if (changed & NETIF_F_RXFCS) {
6045 if (features & NETIF_F_RXFCS) { 5998 if (features & NETIF_F_RXFCS) {
6046 adapter->flags2 &= ~FLAG2_CRC_STRIPPING; 5999 adapter->flags2 &= ~FLAG2_CRC_STRIPPING;
diff --git a/drivers/net/ethernet/intel/igbvf/ethtool.c b/drivers/net/ethernet/intel/igbvf/ethtool.c
index 8ce67064b9c5..90eef07943f4 100644
--- a/drivers/net/ethernet/intel/igbvf/ethtool.c
+++ b/drivers/net/ethernet/intel/igbvf/ethtool.c
@@ -357,21 +357,28 @@ static int igbvf_set_coalesce(struct net_device *netdev,
357 struct igbvf_adapter *adapter = netdev_priv(netdev); 357 struct igbvf_adapter *adapter = netdev_priv(netdev);
358 struct e1000_hw *hw = &adapter->hw; 358 struct e1000_hw *hw = &adapter->hw;
359 359
360 if ((ec->rx_coalesce_usecs > IGBVF_MAX_ITR_USECS) || 360 if ((ec->rx_coalesce_usecs >= IGBVF_MIN_ITR_USECS) &&
361 ((ec->rx_coalesce_usecs > 3) && 361 (ec->rx_coalesce_usecs <= IGBVF_MAX_ITR_USECS)) {
362 (ec->rx_coalesce_usecs < IGBVF_MIN_ITR_USECS)) || 362 adapter->current_itr = ec->rx_coalesce_usecs << 2;
363 (ec->rx_coalesce_usecs == 2)) 363 adapter->requested_itr = 1000000000 /
364 return -EINVAL; 364 (adapter->current_itr * 256);
365 365 } else if ((ec->rx_coalesce_usecs == 3) ||
366 /* convert to rate of irq's per second */ 366 (ec->rx_coalesce_usecs == 2)) {
367 if (ec->rx_coalesce_usecs && ec->rx_coalesce_usecs <= 3) {
368 adapter->current_itr = IGBVF_START_ITR; 367 adapter->current_itr = IGBVF_START_ITR;
369 adapter->requested_itr = ec->rx_coalesce_usecs; 368 adapter->requested_itr = ec->rx_coalesce_usecs;
370 } else { 369 } else if (ec->rx_coalesce_usecs == 0) {
371 adapter->current_itr = ec->rx_coalesce_usecs << 2; 370 /*
371 * The user's desire is to turn off interrupt throttling
372 * altogether, but due to HW limitations, we can't do that.
373 * Instead we set a very small value in EITR, which would
374 * allow ~967k interrupts per second, but allow the adapter's
375 * internal clocking to still function properly.
376 */
377 adapter->current_itr = 4;
372 adapter->requested_itr = 1000000000 / 378 adapter->requested_itr = 1000000000 /
373 (adapter->current_itr * 256); 379 (adapter->current_itr * 256);
374 } 380 } else
381 return -EINVAL;
375 382
376 writel(adapter->current_itr, 383 writel(adapter->current_itr,
377 hw->hw_addr + adapter->rx_ring->itr_register); 384 hw->hw_addr + adapter->rx_ring->itr_register);
diff --git a/drivers/net/ethernet/ti/davinci_cpdma.c b/drivers/net/ethernet/ti/davinci_cpdma.c
index d614c374ed9d..3b5c4571b55e 100644
--- a/drivers/net/ethernet/ti/davinci_cpdma.c
+++ b/drivers/net/ethernet/ti/davinci_cpdma.c
@@ -15,6 +15,7 @@
15#include <linux/kernel.h> 15#include <linux/kernel.h>
16#include <linux/spinlock.h> 16#include <linux/spinlock.h>
17#include <linux/device.h> 17#include <linux/device.h>
18#include <linux/module.h>
18#include <linux/slab.h> 19#include <linux/slab.h>
19#include <linux/err.h> 20#include <linux/err.h>
20#include <linux/dma-mapping.h> 21#include <linux/dma-mapping.h>
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 3767a1225860..b01960fcfbc9 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -197,6 +197,10 @@ err:
197static int qmi_wwan_cdc_wdm_manage_power(struct usb_interface *intf, int on) 197static int qmi_wwan_cdc_wdm_manage_power(struct usb_interface *intf, int on)
198{ 198{
199 struct usbnet *dev = usb_get_intfdata(intf); 199 struct usbnet *dev = usb_get_intfdata(intf);
200
201 /* can be called while disconnecting */
202 if (!dev)
203 return 0;
200 return qmi_wwan_manage_power(dev, on); 204 return qmi_wwan_manage_power(dev, on);
201} 205}
202 206
diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h
index c54b7d37bff1..420d69b2674c 100644
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -143,6 +143,7 @@ struct ath_common {
143 u32 keymax; 143 u32 keymax;
144 DECLARE_BITMAP(keymap, ATH_KEYMAX); 144 DECLARE_BITMAP(keymap, ATH_KEYMAX);
145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX); 145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX);
146 DECLARE_BITMAP(ccmp_keymap, ATH_KEYMAX);
146 enum ath_crypt_caps crypt_caps; 147 enum ath_crypt_caps crypt_caps;
147 148
148 unsigned int clockrate; 149 unsigned int clockrate;
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index 1c68e564f503..995ca8e1302e 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -622,7 +622,7 @@ static int __ath9k_hw_init(struct ath_hw *ah)
622 622
623 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) { 623 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) {
624 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI || 624 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI ||
625 ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) && 625 ((AR_SREV_9160(ah) || AR_SREV_9280(ah) || AR_SREV_9287(ah)) &&
626 !ah->is_pciexpress)) { 626 !ah->is_pciexpress)) {
627 ah->config.serialize_regmode = 627 ah->config.serialize_regmode =
628 SER_REG_MODE_ON; 628 SER_REG_MODE_ON;
diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
index e1fcc68124dc..0735aeb3b26c 100644
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -695,9 +695,9 @@ static bool ath_edma_get_buffers(struct ath_softc *sc,
695 __skb_unlink(skb, &rx_edma->rx_fifo); 695 __skb_unlink(skb, &rx_edma->rx_fifo);
696 list_add_tail(&bf->list, &sc->rx.rxbuf); 696 list_add_tail(&bf->list, &sc->rx.rxbuf);
697 ath_rx_edma_buf_link(sc, qtype); 697 ath_rx_edma_buf_link(sc, qtype);
698 } else {
699 bf = NULL;
700 } 698 }
699
700 bf = NULL;
701 } 701 }
702 702
703 *dest = bf; 703 *dest = bf;
@@ -822,7 +822,8 @@ static bool ath9k_rx_accept(struct ath_common *common,
822 * descriptor does contain a valid key index. This has been observed 822 * descriptor does contain a valid key index. This has been observed
823 * mostly with CCMP encryption. 823 * mostly with CCMP encryption.
824 */ 824 */
825 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID) 825 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID ||
826 !test_bit(rx_stats->rs_keyix, common->ccmp_keymap))
826 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; 827 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS;
827 828
828 if (!rx_stats->rs_datalen) { 829 if (!rx_stats->rs_datalen) {
diff --git a/drivers/net/wireless/ath/key.c b/drivers/net/wireless/ath/key.c
index 0e81904956cf..5c54aa43ca2d 100644
--- a/drivers/net/wireless/ath/key.c
+++ b/drivers/net/wireless/ath/key.c
@@ -556,6 +556,9 @@ int ath_key_config(struct ath_common *common,
556 return -EIO; 556 return -EIO;
557 557
558 set_bit(idx, common->keymap); 558 set_bit(idx, common->keymap);
559 if (key->cipher == WLAN_CIPHER_SUITE_CCMP)
560 set_bit(idx, common->ccmp_keymap);
561
559 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) { 562 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
560 set_bit(idx + 64, common->keymap); 563 set_bit(idx + 64, common->keymap);
561 set_bit(idx, common->tkip_keymap); 564 set_bit(idx, common->tkip_keymap);
@@ -582,6 +585,7 @@ void ath_key_delete(struct ath_common *common, struct ieee80211_key_conf *key)
582 return; 585 return;
583 586
584 clear_bit(key->hw_key_idx, common->keymap); 587 clear_bit(key->hw_key_idx, common->keymap);
588 clear_bit(key->hw_key_idx, common->ccmp_keymap);
585 if (key->cipher != WLAN_CIPHER_SUITE_TKIP) 589 if (key->cipher != WLAN_CIPHER_SUITE_TKIP)
586 return; 590 return;
587 591
diff --git a/drivers/net/wireless/iwlwifi/iwl-mac80211.c b/drivers/net/wireless/iwlwifi/iwl-mac80211.c
index 3ee23134c02b..013680332f07 100644
--- a/drivers/net/wireless/iwlwifi/iwl-mac80211.c
+++ b/drivers/net/wireless/iwlwifi/iwl-mac80211.c
@@ -796,6 +796,18 @@ int iwlagn_mac_sta_state(struct ieee80211_hw *hw,
796 switch (op) { 796 switch (op) {
797 case ADD: 797 case ADD:
798 ret = iwlagn_mac_sta_add(hw, vif, sta); 798 ret = iwlagn_mac_sta_add(hw, vif, sta);
799 if (ret)
800 break;
801 /*
802 * Clear the in-progress flag, the AP station entry was added
803 * but we'll initialize LQ only when we've associated (which
804 * would also clear the in-progress flag). This is necessary
805 * in case we never initialize LQ because association fails.
806 */
807 spin_lock_bh(&priv->sta_lock);
808 priv->stations[iwl_sta_id(sta)].used &=
809 ~IWL_STA_UCODE_INPROGRESS;
810 spin_unlock_bh(&priv->sta_lock);
799 break; 811 break;
800 case REMOVE: 812 case REMOVE:
801 ret = iwlagn_mac_sta_remove(hw, vif, sta); 813 ret = iwlagn_mac_sta_remove(hw, vif, sta);
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.c b/drivers/net/wireless/mwifiex/11n_rxreorder.c
index 9c44088054dd..900ee129e825 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.c
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.c
@@ -256,7 +256,8 @@ mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
256 else 256 else
257 last_seq = priv->rx_seq[tid]; 257 last_seq = priv->rx_seq[tid];
258 258
259 if (last_seq >= new_node->start_win) 259 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
260 last_seq >= new_node->start_win)
260 new_node->start_win = last_seq + 1; 261 new_node->start_win = last_seq + 1;
261 262
262 new_node->win_size = win_size; 263 new_node->win_size = win_size;
@@ -596,5 +597,5 @@ void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv)
596 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 597 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags);
597 598
598 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 599 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
599 memset(priv->rx_seq, 0, sizeof(priv->rx_seq)); 600 mwifiex_reset_11n_rx_seq_num(priv);
600} 601}
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.h b/drivers/net/wireless/mwifiex/11n_rxreorder.h
index f1bffebabc60..6c9815a0f5d8 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.h
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.h
@@ -37,6 +37,13 @@
37 37
38#define ADDBA_RSP_STATUS_ACCEPT 0 38#define ADDBA_RSP_STATUS_ACCEPT 0
39 39
40#define MWIFIEX_DEF_11N_RX_SEQ_NUM 0xffff
41
42static inline void mwifiex_reset_11n_rx_seq_num(struct mwifiex_private *priv)
43{
44 memset(priv->rx_seq, 0xff, sizeof(priv->rx_seq));
45}
46
40int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *, 47int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *,
41 u16 seqNum, 48 u16 seqNum,
42 u16 tid, u8 *ta, 49 u16 tid, u8 *ta,
diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c
index ceb82cd749cc..383820a52beb 100644
--- a/drivers/net/wireless/mwifiex/ie.c
+++ b/drivers/net/wireless/mwifiex/ie.c
@@ -213,6 +213,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
213 /* save assoc resp ie index after auto-indexing */ 213 /* save assoc resp ie index after auto-indexing */
214 *assoc_idx = *((u16 *)pos); 214 *assoc_idx = *((u16 *)pos);
215 215
216 kfree(ap_custom_ie);
216 return ret; 217 return ret;
217} 218}
218 219
diff --git a/drivers/net/wireless/mwifiex/sdio.c b/drivers/net/wireless/mwifiex/sdio.c
index e0377473282f..fc8a9bfa1248 100644
--- a/drivers/net/wireless/mwifiex/sdio.c
+++ b/drivers/net/wireless/mwifiex/sdio.c
@@ -978,10 +978,10 @@ static int mwifiex_decode_rx_packet(struct mwifiex_adapter *adapter,
978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n"); 978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n");
979 adapter->event_cause = *(u32 *) skb->data; 979 adapter->event_cause = *(u32 *) skb->data;
980 980
981 skb_pull(skb, MWIFIEX_EVENT_HEADER_LEN);
982
983 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE)) 981 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE))
984 memcpy(adapter->event_body, skb->data, skb->len); 982 memcpy(adapter->event_body,
983 skb->data + MWIFIEX_EVENT_HEADER_LEN,
984 skb->len);
985 985
986 /* event cause has been saved to adapter->event_cause */ 986 /* event cause has been saved to adapter->event_cause */
987 adapter->event_received = true; 987 adapter->event_received = true;
diff --git a/drivers/net/wireless/mwifiex/sta_event.c b/drivers/net/wireless/mwifiex/sta_event.c
index 4ace5a3dcd23..11e731f3581c 100644
--- a/drivers/net/wireless/mwifiex/sta_event.c
+++ b/drivers/net/wireless/mwifiex/sta_event.c
@@ -406,9 +406,9 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
406 break; 406 break;
407 407
408 case EVENT_UAP_STA_ASSOC: 408 case EVENT_UAP_STA_ASSOC:
409 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER);
410 memset(&sinfo, 0, sizeof(sinfo)); 409 memset(&sinfo, 0, sizeof(sinfo));
411 event = (struct mwifiex_assoc_event *)adapter->event_skb->data; 410 event = (struct mwifiex_assoc_event *)
411 (adapter->event_body + MWIFIEX_UAP_EVENT_EXTRA_HEADER);
412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) { 412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) {
413 len = -1; 413 len = -1;
414 414
@@ -433,9 +433,8 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
433 GFP_KERNEL); 433 GFP_KERNEL);
434 break; 434 break;
435 case EVENT_UAP_STA_DEAUTH: 435 case EVENT_UAP_STA_DEAUTH:
436 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER); 436 cfg80211_del_sta(priv->netdev, adapter->event_body +
437 cfg80211_del_sta(priv->netdev, adapter->event_skb->data, 437 MWIFIEX_UAP_EVENT_EXTRA_HEADER, GFP_KERNEL);
438 GFP_KERNEL);
439 break; 438 break;
440 case EVENT_UAP_BSS_IDLE: 439 case EVENT_UAP_BSS_IDLE:
441 priv->media_connected = false; 440 priv->media_connected = false;
diff --git a/drivers/net/wireless/mwifiex/usb.c b/drivers/net/wireless/mwifiex/usb.c
index 49ebf20c56eb..22a5916564b8 100644
--- a/drivers/net/wireless/mwifiex/usb.c
+++ b/drivers/net/wireless/mwifiex/usb.c
@@ -49,6 +49,7 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
49 struct device *dev = adapter->dev; 49 struct device *dev = adapter->dev;
50 u32 recv_type; 50 u32 recv_type;
51 __le32 tmp; 51 __le32 tmp;
52 int ret;
52 53
53 if (adapter->hs_activated) 54 if (adapter->hs_activated)
54 mwifiex_process_hs_config(adapter); 55 mwifiex_process_hs_config(adapter);
@@ -69,16 +70,19 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
69 case MWIFIEX_USB_TYPE_CMD: 70 case MWIFIEX_USB_TYPE_CMD:
70 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) { 71 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) {
71 dev_err(dev, "CMD: skb->len too large\n"); 72 dev_err(dev, "CMD: skb->len too large\n");
72 return -1; 73 ret = -1;
74 goto exit_restore_skb;
73 } else if (!adapter->curr_cmd) { 75 } else if (!adapter->curr_cmd) {
74 dev_dbg(dev, "CMD: no curr_cmd\n"); 76 dev_dbg(dev, "CMD: no curr_cmd\n");
75 if (adapter->ps_state == PS_STATE_SLEEP_CFM) { 77 if (adapter->ps_state == PS_STATE_SLEEP_CFM) {
76 mwifiex_process_sleep_confirm_resp( 78 mwifiex_process_sleep_confirm_resp(
77 adapter, skb->data, 79 adapter, skb->data,
78 skb->len); 80 skb->len);
79 return 0; 81 ret = 0;
82 goto exit_restore_skb;
80 } 83 }
81 return -1; 84 ret = -1;
85 goto exit_restore_skb;
82 } 86 }
83 87
84 adapter->curr_cmd->resp_skb = skb; 88 adapter->curr_cmd->resp_skb = skb;
@@ -87,20 +91,22 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
87 case MWIFIEX_USB_TYPE_EVENT: 91 case MWIFIEX_USB_TYPE_EVENT:
88 if (skb->len < sizeof(u32)) { 92 if (skb->len < sizeof(u32)) {
89 dev_err(dev, "EVENT: skb->len too small\n"); 93 dev_err(dev, "EVENT: skb->len too small\n");
90 return -1; 94 ret = -1;
95 goto exit_restore_skb;
91 } 96 }
92 skb_copy_from_linear_data(skb, &tmp, sizeof(u32)); 97 skb_copy_from_linear_data(skb, &tmp, sizeof(u32));
93 adapter->event_cause = le32_to_cpu(tmp); 98 adapter->event_cause = le32_to_cpu(tmp);
94 skb_pull(skb, sizeof(u32));
95 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause); 99 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause);
96 100
97 if (skb->len > MAX_EVENT_SIZE) { 101 if (skb->len > MAX_EVENT_SIZE) {
98 dev_err(dev, "EVENT: event body too large\n"); 102 dev_err(dev, "EVENT: event body too large\n");
99 return -1; 103 ret = -1;
104 goto exit_restore_skb;
100 } 105 }
101 106
102 skb_copy_from_linear_data(skb, adapter->event_body, 107 memcpy(adapter->event_body, skb->data +
103 skb->len); 108 MWIFIEX_EVENT_HEADER_LEN, skb->len);
109
104 adapter->event_received = true; 110 adapter->event_received = true;
105 adapter->event_skb = skb; 111 adapter->event_skb = skb;
106 break; 112 break;
@@ -124,6 +130,12 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
124 } 130 }
125 131
126 return -EINPROGRESS; 132 return -EINPROGRESS;
133
134exit_restore_skb:
135 /* The buffer will be reused for further cmds/events */
136 skb_push(skb, INTF_HEADER_LEN);
137
138 return ret;
127} 139}
128 140
129static void mwifiex_usb_rx_complete(struct urb *urb) 141static void mwifiex_usb_rx_complete(struct urb *urb)
diff --git a/drivers/net/wireless/mwifiex/wmm.c b/drivers/net/wireless/mwifiex/wmm.c
index f3fc65515857..3fa4d4176993 100644
--- a/drivers/net/wireless/mwifiex/wmm.c
+++ b/drivers/net/wireless/mwifiex/wmm.c
@@ -404,6 +404,8 @@ mwifiex_wmm_init(struct mwifiex_adapter *adapter)
404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE; 404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE;
405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE; 405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE;
406 406
407 mwifiex_reset_11n_rx_seq_num(priv);
408
407 atomic_set(&priv->wmm.tx_pkts_queued, 0); 409 atomic_set(&priv->wmm.tx_pkts_queued, 0);
408 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID); 410 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
409 } 411 }
@@ -1221,6 +1223,7 @@ mwifiex_dequeue_tx_packet(struct mwifiex_adapter *adapter)
1221 1223
1222 if (!ptr->is_11n_enabled || 1224 if (!ptr->is_11n_enabled ||
1223 mwifiex_is_ba_stream_setup(priv, ptr, tid) || 1225 mwifiex_is_ba_stream_setup(priv, ptr, tid) ||
1226 priv->wps.session_enable ||
1224 ((priv->sec_info.wpa_enabled || 1227 ((priv->sec_info.wpa_enabled ||
1225 priv->sec_info.wpa2_enabled) && 1228 priv->sec_info.wpa2_enabled) &&
1226 !priv->wpa_is_gtk_set)) { 1229 !priv->wpa_is_gtk_set)) {
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index d228358e6a40..9970c2b1b199 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -301,9 +301,11 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/ 301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/
302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/ 302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/
303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/ 303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/
304 {RTL_USB_DEVICE(0x0bda, 0x5088, rtl92cu_hal_cfg)}, /*Thinkware-CC&C*/
304 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 305 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
305 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 306 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
306 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/ 307 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/
308 {RTL_USB_DEVICE(0x4856, 0x0091, rtl92cu_hal_cfg)}, /*NetweeN - Feixun*/
307 /* HP - Lite-On ,8188CUS Slim Combo */ 309 /* HP - Lite-On ,8188CUS Slim Combo */
308 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)}, 310 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)},
309 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */ 311 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */
@@ -346,6 +348,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
346 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/ 348 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/
347 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/ 349 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/
348 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/ 350 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/
351 {RTL_USB_DEVICE(0x0bda, 0x8186, rtl92cu_hal_cfg)}, /*Realtek 92CE-VAU*/
349 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/ 352 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/
350 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/ 353 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/
351 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/ 354 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/
diff --git a/drivers/net/wireless/ti/wlcore/Kconfig b/drivers/net/wireless/ti/wlcore/Kconfig
index 54156b0b5c2d..d7b907e67170 100644
--- a/drivers/net/wireless/ti/wlcore/Kconfig
+++ b/drivers/net/wireless/ti/wlcore/Kconfig
@@ -1,7 +1,6 @@
1config WLCORE 1config WLCORE
2 tristate "TI wlcore support" 2 tristate "TI wlcore support"
3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211 3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211
4 depends on INET
5 select FW_LOADER 4 select FW_LOADER
6 ---help--- 5 ---help---
7 This module contains the main code for TI WLAN chips. It abstracts 6 This module contains the main code for TI WLAN chips. It abstracts
diff --git a/drivers/of/base.c b/drivers/of/base.c
index d9bfd49b1935..eada3f4ef801 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -511,6 +511,22 @@ out:
511} 511}
512EXPORT_SYMBOL(of_find_node_with_property); 512EXPORT_SYMBOL(of_find_node_with_property);
513 513
514static const struct of_device_id *of_match_compat(const struct of_device_id *matches,
515 const char *compat)
516{
517 while (matches->name[0] || matches->type[0] || matches->compatible[0]) {
518 const char *cp = matches->compatible;
519 int len = strlen(cp);
520
521 if (len > 0 && of_compat_cmp(compat, cp, len) == 0)
522 return matches;
523
524 matches++;
525 }
526
527 return NULL;
528}
529
514/** 530/**
515 * of_match_node - Tell if an device_node has a matching of_match structure 531 * of_match_node - Tell if an device_node has a matching of_match structure
516 * @matches: array of of device match structures to search in 532 * @matches: array of of device match structures to search in
@@ -521,9 +537,18 @@ EXPORT_SYMBOL(of_find_node_with_property);
521const struct of_device_id *of_match_node(const struct of_device_id *matches, 537const struct of_device_id *of_match_node(const struct of_device_id *matches,
522 const struct device_node *node) 538 const struct device_node *node)
523{ 539{
540 struct property *prop;
541 const char *cp;
542
524 if (!matches) 543 if (!matches)
525 return NULL; 544 return NULL;
526 545
546 of_property_for_each_string(node, "compatible", prop, cp) {
547 const struct of_device_id *match = of_match_compat(matches, cp);
548 if (match)
549 return match;
550 }
551
527 while (matches->name[0] || matches->type[0] || matches->compatible[0]) { 552 while (matches->name[0] || matches->type[0] || matches->compatible[0]) {
528 int match = 1; 553 int match = 1;
529 if (matches->name[0]) 554 if (matches->name[0])
@@ -532,10 +557,7 @@ const struct of_device_id *of_match_node(const struct of_device_id *matches,
532 if (matches->type[0]) 557 if (matches->type[0])
533 match &= node->type 558 match &= node->type
534 && !strcmp(matches->type, node->type); 559 && !strcmp(matches->type, node->type);
535 if (matches->compatible[0]) 560 if (match && !matches->compatible[0])
536 match &= of_device_is_compatible(node,
537 matches->compatible);
538 if (match)
539 return matches; 561 return matches;
540 matches++; 562 matches++;
541 } 563 }
diff --git a/drivers/of/platform.c b/drivers/of/platform.c
index 343ad29e211c..3132ea068d95 100644
--- a/drivers/of/platform.c
+++ b/drivers/of/platform.c
@@ -462,4 +462,5 @@ int of_platform_populate(struct device_node *root,
462 of_node_put(root); 462 of_node_put(root);
463 return rc; 463 return rc;
464} 464}
465EXPORT_SYMBOL_GPL(of_platform_populate);
465#endif /* CONFIG_OF_ADDRESS */ 466#endif /* CONFIG_OF_ADDRESS */
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 7301cdb4b2cb..a383c18e74e8 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -301,10 +301,14 @@ static int __resolve_indirect_ref(struct btrfs_fs_info *fs_info,
301 goto out; 301 goto out;
302 302
303 eb = path->nodes[level]; 303 eb = path->nodes[level];
304 if (!eb) { 304 while (!eb) {
305 WARN_ON(1); 305 if (!level) {
306 ret = 1; 306 WARN_ON(1);
307 goto out; 307 ret = 1;
308 goto out;
309 }
310 level--;
311 eb = path->nodes[level];
308 } 312 }
309 313
310 ret = add_all_parents(root, path, parents, level, &ref->key_for_search, 314 ret = add_all_parents(root, path, parents, level, &ref->key_for_search,
@@ -835,6 +839,7 @@ again:
835 } 839 }
836 ret = __add_delayed_refs(head, delayed_ref_seq, 840 ret = __add_delayed_refs(head, delayed_ref_seq,
837 &prefs_delayed); 841 &prefs_delayed);
842 mutex_unlock(&head->mutex);
838 if (ret) { 843 if (ret) {
839 spin_unlock(&delayed_refs->lock); 844 spin_unlock(&delayed_refs->lock);
840 goto out; 845 goto out;
@@ -928,8 +933,6 @@ again:
928 } 933 }
929 934
930out: 935out:
931 if (head)
932 mutex_unlock(&head->mutex);
933 btrfs_free_path(path); 936 btrfs_free_path(path);
934 while (!list_empty(&prefs)) { 937 while (!list_empty(&prefs)) {
935 ref = list_first_entry(&prefs, struct __prelim_ref, list); 938 ref = list_first_entry(&prefs, struct __prelim_ref, list);
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 15cbc2bf4ff0..8206b3900587 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1024,11 +1024,18 @@ __tree_mod_log_oldest_root(struct btrfs_fs_info *fs_info,
1024 if (!looped && !tm) 1024 if (!looped && !tm)
1025 return 0; 1025 return 0;
1026 /* 1026 /*
1027 * we must have key remove operations in the log before the 1027 * if there are no tree operation for the oldest root, we simply
1028 * replace operation. 1028 * return it. this should only happen if that (old) root is at
1029 * level 0.
1029 */ 1030 */
1030 BUG_ON(!tm); 1031 if (!tm)
1032 break;
1031 1033
1034 /*
1035 * if there's an operation that's not a root replacement, we
1036 * found the oldest version of our root. normally, we'll find a
1037 * MOD_LOG_KEY_REMOVE_WHILE_FREEING operation here.
1038 */
1032 if (tm->op != MOD_LOG_ROOT_REPLACE) 1039 if (tm->op != MOD_LOG_ROOT_REPLACE)
1033 break; 1040 break;
1034 1041
@@ -1087,11 +1094,7 @@ __tree_mod_log_rewind(struct extent_buffer *eb, u64 time_seq,
1087 tm->generation); 1094 tm->generation);
1088 break; 1095 break;
1089 case MOD_LOG_KEY_ADD: 1096 case MOD_LOG_KEY_ADD:
1090 if (tm->slot != n - 1) { 1097 /* if a move operation is needed it's in the log */
1091 o_dst = btrfs_node_key_ptr_offset(tm->slot);
1092 o_src = btrfs_node_key_ptr_offset(tm->slot + 1);
1093 memmove_extent_buffer(eb, o_dst, o_src, p_size);
1094 }
1095 n--; 1098 n--;
1096 break; 1099 break;
1097 case MOD_LOG_MOVE_KEYS: 1100 case MOD_LOG_MOVE_KEYS:
@@ -1192,16 +1195,8 @@ get_old_root(struct btrfs_root *root, u64 time_seq)
1192 } 1195 }
1193 1196
1194 tm = tree_mod_log_search(root->fs_info, logical, time_seq); 1197 tm = tree_mod_log_search(root->fs_info, logical, time_seq);
1195 /*
1196 * there was an item in the log when __tree_mod_log_oldest_root
1197 * returned. this one must not go away, because the time_seq passed to
1198 * us must be blocking its removal.
1199 */
1200 BUG_ON(!tm);
1201
1202 if (old_root) 1198 if (old_root)
1203 eb = alloc_dummy_extent_buffer(tm->index << PAGE_CACHE_SHIFT, 1199 eb = alloc_dummy_extent_buffer(logical, root->nodesize);
1204 root->nodesize);
1205 else 1200 else
1206 eb = btrfs_clone_extent_buffer(root->node); 1201 eb = btrfs_clone_extent_buffer(root->node);
1207 btrfs_tree_read_unlock(root->node); 1202 btrfs_tree_read_unlock(root->node);
@@ -1216,7 +1211,10 @@ get_old_root(struct btrfs_root *root, u64 time_seq)
1216 btrfs_set_header_level(eb, old_root->level); 1211 btrfs_set_header_level(eb, old_root->level);
1217 btrfs_set_header_generation(eb, old_generation); 1212 btrfs_set_header_generation(eb, old_generation);
1218 } 1213 }
1219 __tree_mod_log_rewind(eb, time_seq, tm); 1214 if (tm)
1215 __tree_mod_log_rewind(eb, time_seq, tm);
1216 else
1217 WARN_ON(btrfs_header_level(eb) != 0);
1220 extent_buffer_get(eb); 1218 extent_buffer_get(eb);
1221 1219
1222 return eb; 1220 return eb;
@@ -2995,7 +2993,7 @@ static noinline int insert_new_root(struct btrfs_trans_handle *trans,
2995static void insert_ptr(struct btrfs_trans_handle *trans, 2993static void insert_ptr(struct btrfs_trans_handle *trans,
2996 struct btrfs_root *root, struct btrfs_path *path, 2994 struct btrfs_root *root, struct btrfs_path *path,
2997 struct btrfs_disk_key *key, u64 bytenr, 2995 struct btrfs_disk_key *key, u64 bytenr,
2998 int slot, int level, int tree_mod_log) 2996 int slot, int level)
2999{ 2997{
3000 struct extent_buffer *lower; 2998 struct extent_buffer *lower;
3001 int nritems; 2999 int nritems;
@@ -3008,7 +3006,7 @@ static void insert_ptr(struct btrfs_trans_handle *trans,
3008 BUG_ON(slot > nritems); 3006 BUG_ON(slot > nritems);
3009 BUG_ON(nritems == BTRFS_NODEPTRS_PER_BLOCK(root)); 3007 BUG_ON(nritems == BTRFS_NODEPTRS_PER_BLOCK(root));
3010 if (slot != nritems) { 3008 if (slot != nritems) {
3011 if (tree_mod_log && level) 3009 if (level)
3012 tree_mod_log_eb_move(root->fs_info, lower, slot + 1, 3010 tree_mod_log_eb_move(root->fs_info, lower, slot + 1,
3013 slot, nritems - slot); 3011 slot, nritems - slot);
3014 memmove_extent_buffer(lower, 3012 memmove_extent_buffer(lower,
@@ -3016,7 +3014,7 @@ static void insert_ptr(struct btrfs_trans_handle *trans,
3016 btrfs_node_key_ptr_offset(slot), 3014 btrfs_node_key_ptr_offset(slot),
3017 (nritems - slot) * sizeof(struct btrfs_key_ptr)); 3015 (nritems - slot) * sizeof(struct btrfs_key_ptr));
3018 } 3016 }
3019 if (tree_mod_log && level) { 3017 if (level) {
3020 ret = tree_mod_log_insert_key(root->fs_info, lower, slot, 3018 ret = tree_mod_log_insert_key(root->fs_info, lower, slot,
3021 MOD_LOG_KEY_ADD); 3019 MOD_LOG_KEY_ADD);
3022 BUG_ON(ret < 0); 3020 BUG_ON(ret < 0);
@@ -3104,7 +3102,7 @@ static noinline int split_node(struct btrfs_trans_handle *trans,
3104 btrfs_mark_buffer_dirty(split); 3102 btrfs_mark_buffer_dirty(split);
3105 3103
3106 insert_ptr(trans, root, path, &disk_key, split->start, 3104 insert_ptr(trans, root, path, &disk_key, split->start,
3107 path->slots[level + 1] + 1, level + 1, 1); 3105 path->slots[level + 1] + 1, level + 1);
3108 3106
3109 if (path->slots[level] >= mid) { 3107 if (path->slots[level] >= mid) {
3110 path->slots[level] -= mid; 3108 path->slots[level] -= mid;
@@ -3641,7 +3639,7 @@ static noinline void copy_for_split(struct btrfs_trans_handle *trans,
3641 btrfs_set_header_nritems(l, mid); 3639 btrfs_set_header_nritems(l, mid);
3642 btrfs_item_key(right, &disk_key, 0); 3640 btrfs_item_key(right, &disk_key, 0);
3643 insert_ptr(trans, root, path, &disk_key, right->start, 3641 insert_ptr(trans, root, path, &disk_key, right->start,
3644 path->slots[1] + 1, 1, 0); 3642 path->slots[1] + 1, 1);
3645 3643
3646 btrfs_mark_buffer_dirty(right); 3644 btrfs_mark_buffer_dirty(right);
3647 btrfs_mark_buffer_dirty(l); 3645 btrfs_mark_buffer_dirty(l);
@@ -3848,7 +3846,7 @@ again:
3848 if (mid <= slot) { 3846 if (mid <= slot) {
3849 btrfs_set_header_nritems(right, 0); 3847 btrfs_set_header_nritems(right, 0);
3850 insert_ptr(trans, root, path, &disk_key, right->start, 3848 insert_ptr(trans, root, path, &disk_key, right->start,
3851 path->slots[1] + 1, 1, 0); 3849 path->slots[1] + 1, 1);
3852 btrfs_tree_unlock(path->nodes[0]); 3850 btrfs_tree_unlock(path->nodes[0]);
3853 free_extent_buffer(path->nodes[0]); 3851 free_extent_buffer(path->nodes[0]);
3854 path->nodes[0] = right; 3852 path->nodes[0] = right;
@@ -3857,7 +3855,7 @@ again:
3857 } else { 3855 } else {
3858 btrfs_set_header_nritems(right, 0); 3856 btrfs_set_header_nritems(right, 0);
3859 insert_ptr(trans, root, path, &disk_key, right->start, 3857 insert_ptr(trans, root, path, &disk_key, right->start,
3860 path->slots[1], 1, 0); 3858 path->slots[1], 1);
3861 btrfs_tree_unlock(path->nodes[0]); 3859 btrfs_tree_unlock(path->nodes[0]);
3862 free_extent_buffer(path->nodes[0]); 3860 free_extent_buffer(path->nodes[0]);
3863 path->nodes[0] = right; 3861 path->nodes[0] = right;
@@ -5121,6 +5119,18 @@ again:
5121 5119
5122 if (!path->skip_locking) { 5120 if (!path->skip_locking) {
5123 ret = btrfs_try_tree_read_lock(next); 5121 ret = btrfs_try_tree_read_lock(next);
5122 if (!ret && time_seq) {
5123 /*
5124 * If we don't get the lock, we may be racing
5125 * with push_leaf_left, holding that lock while
5126 * itself waiting for the leaf we've currently
5127 * locked. To solve this situation, we give up
5128 * on our lock and cycle.
5129 */
5130 btrfs_release_path(path);
5131 cond_resched();
5132 goto again;
5133 }
5124 if (!ret) { 5134 if (!ret) {
5125 btrfs_set_path_blocking(path); 5135 btrfs_set_path_blocking(path);
5126 btrfs_tree_read_lock(next); 5136 btrfs_tree_read_lock(next);
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 7b845ff4af99..2936ca49b3b4 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2354,12 +2354,17 @@ retry_root_backup:
2354 BTRFS_CSUM_TREE_OBJECTID, csum_root); 2354 BTRFS_CSUM_TREE_OBJECTID, csum_root);
2355 if (ret) 2355 if (ret)
2356 goto recovery_tree_root; 2356 goto recovery_tree_root;
2357
2358 csum_root->track_dirty = 1; 2357 csum_root->track_dirty = 1;
2359 2358
2360 fs_info->generation = generation; 2359 fs_info->generation = generation;
2361 fs_info->last_trans_committed = generation; 2360 fs_info->last_trans_committed = generation;
2362 2361
2362 ret = btrfs_recover_balance(fs_info);
2363 if (ret) {
2364 printk(KERN_WARNING "btrfs: failed to recover balance\n");
2365 goto fail_block_groups;
2366 }
2367
2363 ret = btrfs_init_dev_stats(fs_info); 2368 ret = btrfs_init_dev_stats(fs_info);
2364 if (ret) { 2369 if (ret) {
2365 printk(KERN_ERR "btrfs: failed to init dev_stats: %d\n", 2370 printk(KERN_ERR "btrfs: failed to init dev_stats: %d\n",
@@ -2485,20 +2490,23 @@ retry_root_backup:
2485 goto fail_trans_kthread; 2490 goto fail_trans_kthread;
2486 } 2491 }
2487 2492
2488 if (!(sb->s_flags & MS_RDONLY)) { 2493 if (sb->s_flags & MS_RDONLY)
2489 down_read(&fs_info->cleanup_work_sem); 2494 return 0;
2490 err = btrfs_orphan_cleanup(fs_info->fs_root);
2491 if (!err)
2492 err = btrfs_orphan_cleanup(fs_info->tree_root);
2493 up_read(&fs_info->cleanup_work_sem);
2494 2495
2495 if (!err) 2496 down_read(&fs_info->cleanup_work_sem);
2496 err = btrfs_recover_balance(fs_info->tree_root); 2497 if ((ret = btrfs_orphan_cleanup(fs_info->fs_root)) ||
2498 (ret = btrfs_orphan_cleanup(fs_info->tree_root))) {
2499 up_read(&fs_info->cleanup_work_sem);
2500 close_ctree(tree_root);
2501 return ret;
2502 }
2503 up_read(&fs_info->cleanup_work_sem);
2497 2504
2498 if (err) { 2505 ret = btrfs_resume_balance_async(fs_info);
2499 close_ctree(tree_root); 2506 if (ret) {
2500 return err; 2507 printk(KERN_WARNING "btrfs: failed to resume balance\n");
2501 } 2508 close_ctree(tree_root);
2509 return ret;
2502 } 2510 }
2503 2511
2504 return 0; 2512 return 0;
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index 4b5a1e1bdefb..6e1d36702ff7 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -2347,12 +2347,10 @@ next:
2347 return count; 2347 return count;
2348} 2348}
2349 2349
2350
2351static void wait_for_more_refs(struct btrfs_delayed_ref_root *delayed_refs, 2350static void wait_for_more_refs(struct btrfs_delayed_ref_root *delayed_refs,
2352 unsigned long num_refs) 2351 unsigned long num_refs,
2352 struct list_head *first_seq)
2353{ 2353{
2354 struct list_head *first_seq = delayed_refs->seq_head.next;
2355
2356 spin_unlock(&delayed_refs->lock); 2354 spin_unlock(&delayed_refs->lock);
2357 pr_debug("waiting for more refs (num %ld, first %p)\n", 2355 pr_debug("waiting for more refs (num %ld, first %p)\n",
2358 num_refs, first_seq); 2356 num_refs, first_seq);
@@ -2381,6 +2379,7 @@ int btrfs_run_delayed_refs(struct btrfs_trans_handle *trans,
2381 struct btrfs_delayed_ref_root *delayed_refs; 2379 struct btrfs_delayed_ref_root *delayed_refs;
2382 struct btrfs_delayed_ref_node *ref; 2380 struct btrfs_delayed_ref_node *ref;
2383 struct list_head cluster; 2381 struct list_head cluster;
2382 struct list_head *first_seq = NULL;
2384 int ret; 2383 int ret;
2385 u64 delayed_start; 2384 u64 delayed_start;
2386 int run_all = count == (unsigned long)-1; 2385 int run_all = count == (unsigned long)-1;
@@ -2436,8 +2435,10 @@ again:
2436 */ 2435 */
2437 consider_waiting = 1; 2436 consider_waiting = 1;
2438 num_refs = delayed_refs->num_entries; 2437 num_refs = delayed_refs->num_entries;
2438 first_seq = root->fs_info->tree_mod_seq_list.next;
2439 } else { 2439 } else {
2440 wait_for_more_refs(delayed_refs, num_refs); 2440 wait_for_more_refs(delayed_refs,
2441 num_refs, first_seq);
2441 /* 2442 /*
2442 * after waiting, things have changed. we 2443 * after waiting, things have changed. we
2443 * dropped the lock and someone else might have 2444 * dropped the lock and someone else might have
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index aaa12c1eb348..01c21b6c6d43 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3324,6 +3324,7 @@ static int extent_write_cache_pages(struct extent_io_tree *tree,
3324 writepage_t writepage, void *data, 3324 writepage_t writepage, void *data,
3325 void (*flush_fn)(void *)) 3325 void (*flush_fn)(void *))
3326{ 3326{
3327 struct inode *inode = mapping->host;
3327 int ret = 0; 3328 int ret = 0;
3328 int done = 0; 3329 int done = 0;
3329 int nr_to_write_done = 0; 3330 int nr_to_write_done = 0;
@@ -3334,6 +3335,18 @@ static int extent_write_cache_pages(struct extent_io_tree *tree,
3334 int scanned = 0; 3335 int scanned = 0;
3335 int tag; 3336 int tag;
3336 3337
3338 /*
3339 * We have to hold onto the inode so that ordered extents can do their
3340 * work when the IO finishes. The alternative to this is failing to add
3341 * an ordered extent if the igrab() fails there and that is a huge pain
3342 * to deal with, so instead just hold onto the inode throughout the
3343 * writepages operation. If it fails here we are freeing up the inode
3344 * anyway and we'd rather not waste our time writing out stuff that is
3345 * going to be truncated anyway.
3346 */
3347 if (!igrab(inode))
3348 return 0;
3349
3337 pagevec_init(&pvec, 0); 3350 pagevec_init(&pvec, 0);
3338 if (wbc->range_cyclic) { 3351 if (wbc->range_cyclic) {
3339 index = mapping->writeback_index; /* Start from prev offset */ 3352 index = mapping->writeback_index; /* Start from prev offset */
@@ -3428,6 +3441,7 @@ retry:
3428 index = 0; 3441 index = 0;
3429 goto retry; 3442 goto retry;
3430 } 3443 }
3444 btrfs_add_delayed_iput(inode);
3431 return ret; 3445 return ret;
3432} 3446}
3433 3447
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 70dc8ca73e25..9aa01ec2138d 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1334,7 +1334,6 @@ static ssize_t __btrfs_direct_write(struct kiocb *iocb,
1334 loff_t *ppos, size_t count, size_t ocount) 1334 loff_t *ppos, size_t count, size_t ocount)
1335{ 1335{
1336 struct file *file = iocb->ki_filp; 1336 struct file *file = iocb->ki_filp;
1337 struct inode *inode = fdentry(file)->d_inode;
1338 struct iov_iter i; 1337 struct iov_iter i;
1339 ssize_t written; 1338 ssize_t written;
1340 ssize_t written_buffered; 1339 ssize_t written_buffered;
@@ -1344,18 +1343,6 @@ static ssize_t __btrfs_direct_write(struct kiocb *iocb,
1344 written = generic_file_direct_write(iocb, iov, &nr_segs, pos, ppos, 1343 written = generic_file_direct_write(iocb, iov, &nr_segs, pos, ppos,
1345 count, ocount); 1344 count, ocount);
1346 1345
1347 /*
1348 * the generic O_DIRECT will update in-memory i_size after the
1349 * DIOs are done. But our endio handlers that update the on
1350 * disk i_size never update past the in memory i_size. So we
1351 * need one more update here to catch any additions to the
1352 * file
1353 */
1354 if (inode->i_size != BTRFS_I(inode)->disk_i_size) {
1355 btrfs_ordered_update_i_size(inode, inode->i_size, NULL);
1356 mark_inode_dirty(inode);
1357 }
1358
1359 if (written < 0 || written == count) 1346 if (written < 0 || written == count)
1360 return written; 1347 return written;
1361 1348
diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
index 81296c57405a..6c4e2baa9290 100644
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -1543,29 +1543,26 @@ again:
1543 end = bitmap_info->offset + (u64)(BITS_PER_BITMAP * ctl->unit) - 1; 1543 end = bitmap_info->offset + (u64)(BITS_PER_BITMAP * ctl->unit) - 1;
1544 1544
1545 /* 1545 /*
1546 * XXX - this can go away after a few releases. 1546 * We need to search for bits in this bitmap. We could only cover some
1547 * 1547 * of the extent in this bitmap thanks to how we add space, so we need
1548 * since the only user of btrfs_remove_free_space is the tree logging 1548 * to search for as much as it as we can and clear that amount, and then
1549 * stuff, and the only way to test that is under crash conditions, we 1549 * go searching for the next bit.
1550 * want to have this debug stuff here just in case somethings not
1551 * working. Search the bitmap for the space we are trying to use to
1552 * make sure its actually there. If its not there then we need to stop
1553 * because something has gone wrong.
1554 */ 1550 */
1555 search_start = *offset; 1551 search_start = *offset;
1556 search_bytes = *bytes; 1552 search_bytes = ctl->unit;
1557 search_bytes = min(search_bytes, end - search_start + 1); 1553 search_bytes = min(search_bytes, end - search_start + 1);
1558 ret = search_bitmap(ctl, bitmap_info, &search_start, &search_bytes); 1554 ret = search_bitmap(ctl, bitmap_info, &search_start, &search_bytes);
1559 BUG_ON(ret < 0 || search_start != *offset); 1555 BUG_ON(ret < 0 || search_start != *offset);
1560 1556
1561 if (*offset > bitmap_info->offset && *offset + *bytes > end) { 1557 /* We may have found more bits than what we need */
1562 bitmap_clear_bits(ctl, bitmap_info, *offset, end - *offset + 1); 1558 search_bytes = min(search_bytes, *bytes);
1563 *bytes -= end - *offset + 1; 1559
1564 *offset = end + 1; 1560 /* Cannot clear past the end of the bitmap */
1565 } else if (*offset >= bitmap_info->offset && *offset + *bytes <= end) { 1561 search_bytes = min(search_bytes, end - search_start + 1);
1566 bitmap_clear_bits(ctl, bitmap_info, *offset, *bytes); 1562
1567 *bytes = 0; 1563 bitmap_clear_bits(ctl, bitmap_info, search_start, search_bytes);
1568 } 1564 *offset += search_bytes;
1565 *bytes -= search_bytes;
1569 1566
1570 if (*bytes) { 1567 if (*bytes) {
1571 struct rb_node *next = rb_next(&bitmap_info->offset_index); 1568 struct rb_node *next = rb_next(&bitmap_info->offset_index);
@@ -1596,7 +1593,7 @@ again:
1596 * everything over again. 1593 * everything over again.
1597 */ 1594 */
1598 search_start = *offset; 1595 search_start = *offset;
1599 search_bytes = *bytes; 1596 search_bytes = ctl->unit;
1600 ret = search_bitmap(ctl, bitmap_info, &search_start, 1597 ret = search_bitmap(ctl, bitmap_info, &search_start,
1601 &search_bytes); 1598 &search_bytes);
1602 if (ret < 0 || search_start != *offset) 1599 if (ret < 0 || search_start != *offset)
@@ -1879,12 +1876,14 @@ int btrfs_remove_free_space(struct btrfs_block_group_cache *block_group,
1879{ 1876{
1880 struct btrfs_free_space_ctl *ctl = block_group->free_space_ctl; 1877 struct btrfs_free_space_ctl *ctl = block_group->free_space_ctl;
1881 struct btrfs_free_space *info; 1878 struct btrfs_free_space *info;
1882 struct btrfs_free_space *next_info = NULL;
1883 int ret = 0; 1879 int ret = 0;
1884 1880
1885 spin_lock(&ctl->tree_lock); 1881 spin_lock(&ctl->tree_lock);
1886 1882
1887again: 1883again:
1884 if (!bytes)
1885 goto out_lock;
1886
1888 info = tree_search_offset(ctl, offset, 0, 0); 1887 info = tree_search_offset(ctl, offset, 0, 0);
1889 if (!info) { 1888 if (!info) {
1890 /* 1889 /*
@@ -1905,88 +1904,48 @@ again:
1905 } 1904 }
1906 } 1905 }
1907 1906
1908 if (info->bytes < bytes && rb_next(&info->offset_index)) { 1907 if (!info->bitmap) {
1909 u64 end;
1910 next_info = rb_entry(rb_next(&info->offset_index),
1911 struct btrfs_free_space,
1912 offset_index);
1913
1914 if (next_info->bitmap)
1915 end = next_info->offset +
1916 BITS_PER_BITMAP * ctl->unit - 1;
1917 else
1918 end = next_info->offset + next_info->bytes;
1919
1920 if (next_info->bytes < bytes ||
1921 next_info->offset > offset || offset > end) {
1922 printk(KERN_CRIT "Found free space at %llu, size %llu,"
1923 " trying to use %llu\n",
1924 (unsigned long long)info->offset,
1925 (unsigned long long)info->bytes,
1926 (unsigned long long)bytes);
1927 WARN_ON(1);
1928 ret = -EINVAL;
1929 goto out_lock;
1930 }
1931
1932 info = next_info;
1933 }
1934
1935 if (info->bytes == bytes) {
1936 unlink_free_space(ctl, info); 1908 unlink_free_space(ctl, info);
1937 if (info->bitmap) { 1909 if (offset == info->offset) {
1938 kfree(info->bitmap); 1910 u64 to_free = min(bytes, info->bytes);
1939 ctl->total_bitmaps--; 1911
1940 } 1912 info->bytes -= to_free;
1941 kmem_cache_free(btrfs_free_space_cachep, info); 1913 info->offset += to_free;
1942 ret = 0; 1914 if (info->bytes) {
1943 goto out_lock; 1915 ret = link_free_space(ctl, info);
1944 } 1916 WARN_ON(ret);
1945 1917 } else {
1946 if (!info->bitmap && info->offset == offset) { 1918 kmem_cache_free(btrfs_free_space_cachep, info);
1947 unlink_free_space(ctl, info); 1919 }
1948 info->offset += bytes;
1949 info->bytes -= bytes;
1950 ret = link_free_space(ctl, info);
1951 WARN_ON(ret);
1952 goto out_lock;
1953 }
1954 1920
1955 if (!info->bitmap && info->offset <= offset && 1921 offset += to_free;
1956 info->offset + info->bytes >= offset + bytes) { 1922 bytes -= to_free;
1957 u64 old_start = info->offset; 1923 goto again;
1958 /* 1924 } else {
1959 * we're freeing space in the middle of the info, 1925 u64 old_end = info->bytes + info->offset;
1960 * this can happen during tree log replay
1961 *
1962 * first unlink the old info and then
1963 * insert it again after the hole we're creating
1964 */
1965 unlink_free_space(ctl, info);
1966 if (offset + bytes < info->offset + info->bytes) {
1967 u64 old_end = info->offset + info->bytes;
1968 1926
1969 info->offset = offset + bytes; 1927 info->bytes = offset - info->offset;
1970 info->bytes = old_end - info->offset;
1971 ret = link_free_space(ctl, info); 1928 ret = link_free_space(ctl, info);
1972 WARN_ON(ret); 1929 WARN_ON(ret);
1973 if (ret) 1930 if (ret)
1974 goto out_lock; 1931 goto out_lock;
1975 } else {
1976 /* the hole we're creating ends at the end
1977 * of the info struct, just free the info
1978 */
1979 kmem_cache_free(btrfs_free_space_cachep, info);
1980 }
1981 spin_unlock(&ctl->tree_lock);
1982 1932
1983 /* step two, insert a new info struct to cover 1933 /* Not enough bytes in this entry to satisfy us */
1984 * anything before the hole 1934 if (old_end < offset + bytes) {
1985 */ 1935 bytes -= old_end - offset;
1986 ret = btrfs_add_free_space(block_group, old_start, 1936 offset = old_end;
1987 offset - old_start); 1937 goto again;
1988 WARN_ON(ret); /* -ENOMEM */ 1938 } else if (old_end == offset + bytes) {
1989 goto out; 1939 /* all done */
1940 goto out_lock;
1941 }
1942 spin_unlock(&ctl->tree_lock);
1943
1944 ret = btrfs_add_free_space(block_group, offset + bytes,
1945 old_end - (offset + bytes));
1946 WARN_ON(ret);
1947 goto out;
1948 }
1990 } 1949 }
1991 1950
1992 ret = remove_from_bitmap(ctl, info, &offset, &bytes); 1951 ret = remove_from_bitmap(ctl, info, &offset, &bytes);
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d8bb0dbc4941..a7d1921ac76b 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3754,7 +3754,7 @@ void btrfs_evict_inode(struct inode *inode)
3754 btrfs_wait_ordered_range(inode, 0, (u64)-1); 3754 btrfs_wait_ordered_range(inode, 0, (u64)-1);
3755 3755
3756 if (root->fs_info->log_root_recovering) { 3756 if (root->fs_info->log_root_recovering) {
3757 BUG_ON(!test_bit(BTRFS_INODE_HAS_ORPHAN_ITEM, 3757 BUG_ON(test_bit(BTRFS_INODE_HAS_ORPHAN_ITEM,
3758 &BTRFS_I(inode)->runtime_flags)); 3758 &BTRFS_I(inode)->runtime_flags));
3759 goto no_delete; 3759 goto no_delete;
3760 } 3760 }
@@ -5876,8 +5876,17 @@ map:
5876 bh_result->b_size = len; 5876 bh_result->b_size = len;
5877 bh_result->b_bdev = em->bdev; 5877 bh_result->b_bdev = em->bdev;
5878 set_buffer_mapped(bh_result); 5878 set_buffer_mapped(bh_result);
5879 if (create && !test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) 5879 if (create) {
5880 set_buffer_new(bh_result); 5880 if (!test_bit(EXTENT_FLAG_PREALLOC, &em->flags))
5881 set_buffer_new(bh_result);
5882
5883 /*
5884 * Need to update the i_size under the extent lock so buffered
5885 * readers will get the updated i_size when we unlock.
5886 */
5887 if (start + len > i_size_read(inode))
5888 i_size_write(inode, start + len);
5889 }
5881 5890
5882 free_extent_map(em); 5891 free_extent_map(em);
5883 5892
@@ -6360,12 +6369,48 @@ static ssize_t btrfs_direct_IO(int rw, struct kiocb *iocb,
6360 */ 6369 */
6361 ordered = btrfs_lookup_ordered_range(inode, lockstart, 6370 ordered = btrfs_lookup_ordered_range(inode, lockstart,
6362 lockend - lockstart + 1); 6371 lockend - lockstart + 1);
6363 if (!ordered) 6372
6373 /*
6374 * We need to make sure there are no buffered pages in this
6375 * range either, we could have raced between the invalidate in
6376 * generic_file_direct_write and locking the extent. The
6377 * invalidate needs to happen so that reads after a write do not
6378 * get stale data.
6379 */
6380 if (!ordered && (!writing ||
6381 !test_range_bit(&BTRFS_I(inode)->io_tree,
6382 lockstart, lockend, EXTENT_UPTODATE, 0,
6383 cached_state)))
6364 break; 6384 break;
6385
6365 unlock_extent_cached(&BTRFS_I(inode)->io_tree, lockstart, lockend, 6386 unlock_extent_cached(&BTRFS_I(inode)->io_tree, lockstart, lockend,
6366 &cached_state, GFP_NOFS); 6387 &cached_state, GFP_NOFS);
6367 btrfs_start_ordered_extent(inode, ordered, 1); 6388
6368 btrfs_put_ordered_extent(ordered); 6389 if (ordered) {
6390 btrfs_start_ordered_extent(inode, ordered, 1);
6391 btrfs_put_ordered_extent(ordered);
6392 } else {
6393 /* Screw you mmap */
6394 ret = filemap_write_and_wait_range(file->f_mapping,
6395 lockstart,
6396 lockend);
6397 if (ret)
6398 goto out;
6399
6400 /*
6401 * If we found a page that couldn't be invalidated just
6402 * fall back to buffered.
6403 */
6404 ret = invalidate_inode_pages2_range(file->f_mapping,
6405 lockstart >> PAGE_CACHE_SHIFT,
6406 lockend >> PAGE_CACHE_SHIFT);
6407 if (ret) {
6408 if (ret == -EBUSY)
6409 ret = 0;
6410 goto out;
6411 }
6412 }
6413
6369 cond_resched(); 6414 cond_resched();
6370 } 6415 }
6371 6416
diff --git a/fs/btrfs/ioctl.h b/fs/btrfs/ioctl.h
index 497c530724cf..e440aa653c30 100644
--- a/fs/btrfs/ioctl.h
+++ b/fs/btrfs/ioctl.h
@@ -339,7 +339,7 @@ struct btrfs_ioctl_get_dev_stats {
339#define BTRFS_IOC_WAIT_SYNC _IOW(BTRFS_IOCTL_MAGIC, 22, __u64) 339#define BTRFS_IOC_WAIT_SYNC _IOW(BTRFS_IOCTL_MAGIC, 22, __u64)
340#define BTRFS_IOC_SNAP_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 23, \ 340#define BTRFS_IOC_SNAP_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 23, \
341 struct btrfs_ioctl_vol_args_v2) 341 struct btrfs_ioctl_vol_args_v2)
342#define BTRFS_IOC_SUBVOL_GETFLAGS _IOW(BTRFS_IOCTL_MAGIC, 25, __u64) 342#define BTRFS_IOC_SUBVOL_GETFLAGS _IOR(BTRFS_IOCTL_MAGIC, 25, __u64)
343#define BTRFS_IOC_SUBVOL_SETFLAGS _IOW(BTRFS_IOCTL_MAGIC, 26, __u64) 343#define BTRFS_IOC_SUBVOL_SETFLAGS _IOW(BTRFS_IOCTL_MAGIC, 26, __u64)
344#define BTRFS_IOC_SCRUB _IOWR(BTRFS_IOCTL_MAGIC, 27, \ 344#define BTRFS_IOC_SCRUB _IOWR(BTRFS_IOCTL_MAGIC, 27, \
345 struct btrfs_ioctl_scrub_args) 345 struct btrfs_ioctl_scrub_args)
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 0eb9a4da069e..e23991574fdf 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1187,6 +1187,10 @@ static int btrfs_remount(struct super_block *sb, int *flags, char *data)
1187 if (ret) 1187 if (ret)
1188 goto restore; 1188 goto restore;
1189 1189
1190 ret = btrfs_resume_balance_async(fs_info);
1191 if (ret)
1192 goto restore;
1193
1190 sb->s_flags &= ~MS_RDONLY; 1194 sb->s_flags &= ~MS_RDONLY;
1191 } 1195 }
1192 1196
diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 2017d0ff511c..8abeae4224f9 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -690,6 +690,8 @@ static noinline int drop_one_dir_item(struct btrfs_trans_handle *trans,
690 kfree(name); 690 kfree(name);
691 691
692 iput(inode); 692 iput(inode);
693
694 btrfs_run_delayed_items(trans, root);
693 return ret; 695 return ret;
694} 696}
695 697
@@ -895,6 +897,7 @@ again:
895 ret = btrfs_unlink_inode(trans, root, dir, 897 ret = btrfs_unlink_inode(trans, root, dir,
896 inode, victim_name, 898 inode, victim_name,
897 victim_name_len); 899 victim_name_len);
900 btrfs_run_delayed_items(trans, root);
898 } 901 }
899 kfree(victim_name); 902 kfree(victim_name);
900 ptr = (unsigned long)(victim_ref + 1) + victim_name_len; 903 ptr = (unsigned long)(victim_ref + 1) + victim_name_len;
@@ -1475,6 +1478,9 @@ again:
1475 ret = btrfs_unlink_inode(trans, root, dir, inode, 1478 ret = btrfs_unlink_inode(trans, root, dir, inode,
1476 name, name_len); 1479 name, name_len);
1477 BUG_ON(ret); 1480 BUG_ON(ret);
1481
1482 btrfs_run_delayed_items(trans, root);
1483
1478 kfree(name); 1484 kfree(name);
1479 iput(inode); 1485 iput(inode);
1480 1486
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 8a3d2594b807..ecaad40e7ef4 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -2845,31 +2845,48 @@ out:
2845 2845
2846static int balance_kthread(void *data) 2846static int balance_kthread(void *data)
2847{ 2847{
2848 struct btrfs_balance_control *bctl = 2848 struct btrfs_fs_info *fs_info = data;
2849 (struct btrfs_balance_control *)data;
2850 struct btrfs_fs_info *fs_info = bctl->fs_info;
2851 int ret = 0; 2849 int ret = 0;
2852 2850
2853 mutex_lock(&fs_info->volume_mutex); 2851 mutex_lock(&fs_info->volume_mutex);
2854 mutex_lock(&fs_info->balance_mutex); 2852 mutex_lock(&fs_info->balance_mutex);
2855 2853
2856 set_balance_control(bctl); 2854 if (fs_info->balance_ctl) {
2857
2858 if (btrfs_test_opt(fs_info->tree_root, SKIP_BALANCE)) {
2859 printk(KERN_INFO "btrfs: force skipping balance\n");
2860 } else {
2861 printk(KERN_INFO "btrfs: continuing balance\n"); 2855 printk(KERN_INFO "btrfs: continuing balance\n");
2862 ret = btrfs_balance(bctl, NULL); 2856 ret = btrfs_balance(fs_info->balance_ctl, NULL);
2863 } 2857 }
2864 2858
2865 mutex_unlock(&fs_info->balance_mutex); 2859 mutex_unlock(&fs_info->balance_mutex);
2866 mutex_unlock(&fs_info->volume_mutex); 2860 mutex_unlock(&fs_info->volume_mutex);
2861
2867 return ret; 2862 return ret;
2868} 2863}
2869 2864
2870int btrfs_recover_balance(struct btrfs_root *tree_root) 2865int btrfs_resume_balance_async(struct btrfs_fs_info *fs_info)
2871{ 2866{
2872 struct task_struct *tsk; 2867 struct task_struct *tsk;
2868
2869 spin_lock(&fs_info->balance_lock);
2870 if (!fs_info->balance_ctl) {
2871 spin_unlock(&fs_info->balance_lock);
2872 return 0;
2873 }
2874 spin_unlock(&fs_info->balance_lock);
2875
2876 if (btrfs_test_opt(fs_info->tree_root, SKIP_BALANCE)) {
2877 printk(KERN_INFO "btrfs: force skipping balance\n");
2878 return 0;
2879 }
2880
2881 tsk = kthread_run(balance_kthread, fs_info, "btrfs-balance");
2882 if (IS_ERR(tsk))
2883 return PTR_ERR(tsk);
2884
2885 return 0;
2886}
2887
2888int btrfs_recover_balance(struct btrfs_fs_info *fs_info)
2889{
2873 struct btrfs_balance_control *bctl; 2890 struct btrfs_balance_control *bctl;
2874 struct btrfs_balance_item *item; 2891 struct btrfs_balance_item *item;
2875 struct btrfs_disk_balance_args disk_bargs; 2892 struct btrfs_disk_balance_args disk_bargs;
@@ -2882,29 +2899,30 @@ int btrfs_recover_balance(struct btrfs_root *tree_root)
2882 if (!path) 2899 if (!path)
2883 return -ENOMEM; 2900 return -ENOMEM;
2884 2901
2885 bctl = kzalloc(sizeof(*bctl), GFP_NOFS);
2886 if (!bctl) {
2887 ret = -ENOMEM;
2888 goto out;
2889 }
2890
2891 key.objectid = BTRFS_BALANCE_OBJECTID; 2902 key.objectid = BTRFS_BALANCE_OBJECTID;
2892 key.type = BTRFS_BALANCE_ITEM_KEY; 2903 key.type = BTRFS_BALANCE_ITEM_KEY;
2893 key.offset = 0; 2904 key.offset = 0;
2894 2905
2895 ret = btrfs_search_slot(NULL, tree_root, &key, path, 0, 0); 2906 ret = btrfs_search_slot(NULL, fs_info->tree_root, &key, path, 0, 0);
2896 if (ret < 0) 2907 if (ret < 0)
2897 goto out_bctl; 2908 goto out;
2898 if (ret > 0) { /* ret = -ENOENT; */ 2909 if (ret > 0) { /* ret = -ENOENT; */
2899 ret = 0; 2910 ret = 0;
2900 goto out_bctl; 2911 goto out;
2912 }
2913
2914 bctl = kzalloc(sizeof(*bctl), GFP_NOFS);
2915 if (!bctl) {
2916 ret = -ENOMEM;
2917 goto out;
2901 } 2918 }
2902 2919
2903 leaf = path->nodes[0]; 2920 leaf = path->nodes[0];
2904 item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_balance_item); 2921 item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_balance_item);
2905 2922
2906 bctl->fs_info = tree_root->fs_info; 2923 bctl->fs_info = fs_info;
2907 bctl->flags = btrfs_balance_flags(leaf, item) | BTRFS_BALANCE_RESUME; 2924 bctl->flags = btrfs_balance_flags(leaf, item);
2925 bctl->flags |= BTRFS_BALANCE_RESUME;
2908 2926
2909 btrfs_balance_data(leaf, item, &disk_bargs); 2927 btrfs_balance_data(leaf, item, &disk_bargs);
2910 btrfs_disk_balance_args_to_cpu(&bctl->data, &disk_bargs); 2928 btrfs_disk_balance_args_to_cpu(&bctl->data, &disk_bargs);
@@ -2913,14 +2931,13 @@ int btrfs_recover_balance(struct btrfs_root *tree_root)
2913 btrfs_balance_sys(leaf, item, &disk_bargs); 2931 btrfs_balance_sys(leaf, item, &disk_bargs);
2914 btrfs_disk_balance_args_to_cpu(&bctl->sys, &disk_bargs); 2932 btrfs_disk_balance_args_to_cpu(&bctl->sys, &disk_bargs);
2915 2933
2916 tsk = kthread_run(balance_kthread, bctl, "btrfs-balance"); 2934 mutex_lock(&fs_info->volume_mutex);
2917 if (IS_ERR(tsk)) 2935 mutex_lock(&fs_info->balance_mutex);
2918 ret = PTR_ERR(tsk);
2919 else
2920 goto out;
2921 2936
2922out_bctl: 2937 set_balance_control(bctl);
2923 kfree(bctl); 2938
2939 mutex_unlock(&fs_info->balance_mutex);
2940 mutex_unlock(&fs_info->volume_mutex);
2924out: 2941out:
2925 btrfs_free_path(path); 2942 btrfs_free_path(path);
2926 return ret; 2943 return ret;
@@ -4061,16 +4078,18 @@ static void btrfs_end_bio(struct bio *bio, int err)
4061 4078
4062 BUG_ON(stripe_index >= bbio->num_stripes); 4079 BUG_ON(stripe_index >= bbio->num_stripes);
4063 dev = bbio->stripes[stripe_index].dev; 4080 dev = bbio->stripes[stripe_index].dev;
4064 if (bio->bi_rw & WRITE) 4081 if (dev->bdev) {
4065 btrfs_dev_stat_inc(dev, 4082 if (bio->bi_rw & WRITE)
4066 BTRFS_DEV_STAT_WRITE_ERRS); 4083 btrfs_dev_stat_inc(dev,
4067 else 4084 BTRFS_DEV_STAT_WRITE_ERRS);
4068 btrfs_dev_stat_inc(dev, 4085 else
4069 BTRFS_DEV_STAT_READ_ERRS); 4086 btrfs_dev_stat_inc(dev,
4070 if ((bio->bi_rw & WRITE_FLUSH) == WRITE_FLUSH) 4087 BTRFS_DEV_STAT_READ_ERRS);
4071 btrfs_dev_stat_inc(dev, 4088 if ((bio->bi_rw & WRITE_FLUSH) == WRITE_FLUSH)
4072 BTRFS_DEV_STAT_FLUSH_ERRS); 4089 btrfs_dev_stat_inc(dev,
4073 btrfs_dev_stat_print_on_error(dev); 4090 BTRFS_DEV_STAT_FLUSH_ERRS);
4091 btrfs_dev_stat_print_on_error(dev);
4092 }
4074 } 4093 }
4075 } 4094 }
4076 4095
diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
index 74366f27a76b..95f6637614db 100644
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -281,7 +281,8 @@ int btrfs_shrink_device(struct btrfs_device *device, u64 new_size);
281int btrfs_init_new_device(struct btrfs_root *root, char *path); 281int btrfs_init_new_device(struct btrfs_root *root, char *path);
282int btrfs_balance(struct btrfs_balance_control *bctl, 282int btrfs_balance(struct btrfs_balance_control *bctl,
283 struct btrfs_ioctl_balance_args *bargs); 283 struct btrfs_ioctl_balance_args *bargs);
284int btrfs_recover_balance(struct btrfs_root *tree_root); 284int btrfs_resume_balance_async(struct btrfs_fs_info *fs_info);
285int btrfs_recover_balance(struct btrfs_fs_info *fs_info);
285int btrfs_pause_balance(struct btrfs_fs_info *fs_info); 286int btrfs_pause_balance(struct btrfs_fs_info *fs_info);
286int btrfs_cancel_balance(struct btrfs_fs_info *fs_info); 287int btrfs_cancel_balance(struct btrfs_fs_info *fs_info);
287int btrfs_chunk_readonly(struct btrfs_root *root, u64 chunk_offset); 288int btrfs_chunk_readonly(struct btrfs_root *root, u64 chunk_offset);
diff --git a/fs/splice.c b/fs/splice.c
index c9f1318a3b82..7bf08fa22ec9 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -273,13 +273,16 @@ void spd_release_page(struct splice_pipe_desc *spd, unsigned int i)
273 * Check if we need to grow the arrays holding pages and partial page 273 * Check if we need to grow the arrays holding pages and partial page
274 * descriptions. 274 * descriptions.
275 */ 275 */
276int splice_grow_spd(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd) 276int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
277{ 277{
278 if (pipe->buffers <= PIPE_DEF_BUFFERS) 278 unsigned int buffers = ACCESS_ONCE(pipe->buffers);
279
280 spd->nr_pages_max = buffers;
281 if (buffers <= PIPE_DEF_BUFFERS)
279 return 0; 282 return 0;
280 283
281 spd->pages = kmalloc(pipe->buffers * sizeof(struct page *), GFP_KERNEL); 284 spd->pages = kmalloc(buffers * sizeof(struct page *), GFP_KERNEL);
282 spd->partial = kmalloc(pipe->buffers * sizeof(struct partial_page), GFP_KERNEL); 285 spd->partial = kmalloc(buffers * sizeof(struct partial_page), GFP_KERNEL);
283 286
284 if (spd->pages && spd->partial) 287 if (spd->pages && spd->partial)
285 return 0; 288 return 0;
@@ -289,10 +292,9 @@ int splice_grow_spd(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
289 return -ENOMEM; 292 return -ENOMEM;
290} 293}
291 294
292void splice_shrink_spd(struct pipe_inode_info *pipe, 295void splice_shrink_spd(struct splice_pipe_desc *spd)
293 struct splice_pipe_desc *spd)
294{ 296{
295 if (pipe->buffers <= PIPE_DEF_BUFFERS) 297 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
296 return; 298 return;
297 299
298 kfree(spd->pages); 300 kfree(spd->pages);
@@ -315,6 +317,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
315 struct splice_pipe_desc spd = { 317 struct splice_pipe_desc spd = {
316 .pages = pages, 318 .pages = pages,
317 .partial = partial, 319 .partial = partial,
320 .nr_pages_max = PIPE_DEF_BUFFERS,
318 .flags = flags, 321 .flags = flags,
319 .ops = &page_cache_pipe_buf_ops, 322 .ops = &page_cache_pipe_buf_ops,
320 .spd_release = spd_release_page, 323 .spd_release = spd_release_page,
@@ -326,7 +329,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
326 index = *ppos >> PAGE_CACHE_SHIFT; 329 index = *ppos >> PAGE_CACHE_SHIFT;
327 loff = *ppos & ~PAGE_CACHE_MASK; 330 loff = *ppos & ~PAGE_CACHE_MASK;
328 req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; 331 req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
329 nr_pages = min(req_pages, pipe->buffers); 332 nr_pages = min(req_pages, spd.nr_pages_max);
330 333
331 /* 334 /*
332 * Lookup the (hopefully) full range of pages we need. 335 * Lookup the (hopefully) full range of pages we need.
@@ -497,7 +500,7 @@ fill_it:
497 if (spd.nr_pages) 500 if (spd.nr_pages)
498 error = splice_to_pipe(pipe, &spd); 501 error = splice_to_pipe(pipe, &spd);
499 502
500 splice_shrink_spd(pipe, &spd); 503 splice_shrink_spd(&spd);
501 return error; 504 return error;
502} 505}
503 506
@@ -598,6 +601,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
598 struct splice_pipe_desc spd = { 601 struct splice_pipe_desc spd = {
599 .pages = pages, 602 .pages = pages,
600 .partial = partial, 603 .partial = partial,
604 .nr_pages_max = PIPE_DEF_BUFFERS,
601 .flags = flags, 605 .flags = flags,
602 .ops = &default_pipe_buf_ops, 606 .ops = &default_pipe_buf_ops,
603 .spd_release = spd_release_page, 607 .spd_release = spd_release_page,
@@ -608,8 +612,8 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
608 612
609 res = -ENOMEM; 613 res = -ENOMEM;
610 vec = __vec; 614 vec = __vec;
611 if (pipe->buffers > PIPE_DEF_BUFFERS) { 615 if (spd.nr_pages_max > PIPE_DEF_BUFFERS) {
612 vec = kmalloc(pipe->buffers * sizeof(struct iovec), GFP_KERNEL); 616 vec = kmalloc(spd.nr_pages_max * sizeof(struct iovec), GFP_KERNEL);
613 if (!vec) 617 if (!vec)
614 goto shrink_ret; 618 goto shrink_ret;
615 } 619 }
@@ -617,7 +621,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
617 offset = *ppos & ~PAGE_CACHE_MASK; 621 offset = *ppos & ~PAGE_CACHE_MASK;
618 nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; 622 nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
619 623
620 for (i = 0; i < nr_pages && i < pipe->buffers && len; i++) { 624 for (i = 0; i < nr_pages && i < spd.nr_pages_max && len; i++) {
621 struct page *page; 625 struct page *page;
622 626
623 page = alloc_page(GFP_USER); 627 page = alloc_page(GFP_USER);
@@ -665,7 +669,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
665shrink_ret: 669shrink_ret:
666 if (vec != __vec) 670 if (vec != __vec)
667 kfree(vec); 671 kfree(vec);
668 splice_shrink_spd(pipe, &spd); 672 splice_shrink_spd(&spd);
669 return res; 673 return res;
670 674
671err: 675err:
@@ -1614,6 +1618,7 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov,
1614 struct splice_pipe_desc spd = { 1618 struct splice_pipe_desc spd = {
1615 .pages = pages, 1619 .pages = pages,
1616 .partial = partial, 1620 .partial = partial,
1621 .nr_pages_max = PIPE_DEF_BUFFERS,
1617 .flags = flags, 1622 .flags = flags,
1618 .ops = &user_page_pipe_buf_ops, 1623 .ops = &user_page_pipe_buf_ops,
1619 .spd_release = spd_release_page, 1624 .spd_release = spd_release_page,
@@ -1629,13 +1634,13 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov,
1629 1634
1630 spd.nr_pages = get_iovec_page_array(iov, nr_segs, spd.pages, 1635 spd.nr_pages = get_iovec_page_array(iov, nr_segs, spd.pages,
1631 spd.partial, false, 1636 spd.partial, false,
1632 pipe->buffers); 1637 spd.nr_pages_max);
1633 if (spd.nr_pages <= 0) 1638 if (spd.nr_pages <= 0)
1634 ret = spd.nr_pages; 1639 ret = spd.nr_pages;
1635 else 1640 else
1636 ret = splice_to_pipe(pipe, &spd); 1641 ret = splice_to_pipe(pipe, &spd);
1637 1642
1638 splice_shrink_spd(pipe, &spd); 1643 splice_shrink_spd(&spd);
1639 return ret; 1644 return ret;
1640} 1645}
1641 1646
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index ba43f408baa3..07954b05b86c 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -827,7 +827,6 @@ extern bool __blk_end_request_err(struct request *rq, int error);
827extern void blk_complete_request(struct request *); 827extern void blk_complete_request(struct request *);
828extern void __blk_complete_request(struct request *); 828extern void __blk_complete_request(struct request *);
829extern void blk_abort_request(struct request *); 829extern void blk_abort_request(struct request *);
830extern void blk_abort_queue(struct request_queue *);
831extern void blk_unprep_request(struct request *); 830extern void blk_unprep_request(struct request *);
832 831
833/* 832/*
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c4464356b35b..96c158a37d3e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -815,7 +815,7 @@ static inline void kvm_free_irq_routing(struct kvm *kvm) {}
815#ifdef CONFIG_HAVE_KVM_EVENTFD 815#ifdef CONFIG_HAVE_KVM_EVENTFD
816 816
817void kvm_eventfd_init(struct kvm *kvm); 817void kvm_eventfd_init(struct kvm *kvm);
818int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags); 818int kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args);
819void kvm_irqfd_release(struct kvm *kvm); 819void kvm_irqfd_release(struct kvm *kvm);
820void kvm_irq_routing_update(struct kvm *, struct kvm_irq_routing_table *); 820void kvm_irq_routing_update(struct kvm *, struct kvm_irq_routing_table *);
821int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args); 821int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args);
@@ -824,7 +824,7 @@ int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args);
824 824
825static inline void kvm_eventfd_init(struct kvm *kvm) {} 825static inline void kvm_eventfd_init(struct kvm *kvm) {}
826 826
827static inline int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags) 827static inline int kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args)
828{ 828{
829 return -EINVAL; 829 return -EINVAL;
830} 830}
diff --git a/include/linux/splice.h b/include/linux/splice.h
index 26e5b613deda..09a545a7dfa3 100644
--- a/include/linux/splice.h
+++ b/include/linux/splice.h
@@ -51,7 +51,8 @@ struct partial_page {
51struct splice_pipe_desc { 51struct splice_pipe_desc {
52 struct page **pages; /* page map */ 52 struct page **pages; /* page map */
53 struct partial_page *partial; /* pages[] may not be contig */ 53 struct partial_page *partial; /* pages[] may not be contig */
54 int nr_pages; /* number of pages in map */ 54 int nr_pages; /* number of populated pages in map */
55 unsigned int nr_pages_max; /* pages[] & partial[] arrays size */
55 unsigned int flags; /* splice flags */ 56 unsigned int flags; /* splice flags */
56 const struct pipe_buf_operations *ops;/* ops associated with output pipe */ 57 const struct pipe_buf_operations *ops;/* ops associated with output pipe */
57 void (*spd_release)(struct splice_pipe_desc *, unsigned int); 58 void (*spd_release)(struct splice_pipe_desc *, unsigned int);
@@ -85,9 +86,8 @@ extern ssize_t splice_direct_to_actor(struct file *, struct splice_desc *,
85/* 86/*
86 * for dynamic pipe sizing 87 * for dynamic pipe sizing
87 */ 88 */
88extern int splice_grow_spd(struct pipe_inode_info *, struct splice_pipe_desc *); 89extern int splice_grow_spd(const struct pipe_inode_info *, struct splice_pipe_desc *);
89extern void splice_shrink_spd(struct pipe_inode_info *, 90extern void splice_shrink_spd(struct splice_pipe_desc *);
90 struct splice_pipe_desc *);
91extern void spd_release_page(struct splice_pipe_desc *, unsigned int); 91extern void spd_release_page(struct splice_pipe_desc *, unsigned int);
92 92
93extern const struct pipe_buf_operations page_cache_pipe_buf_ops; 93extern const struct pipe_buf_operations page_cache_pipe_buf_ops;
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index e4652fe58958..fecdf31816f2 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -912,6 +912,9 @@ struct sctp_transport {
912 /* Is this structure kfree()able? */ 912 /* Is this structure kfree()able? */
913 malloced:1; 913 malloced:1;
914 914
915 /* Has this transport moved the ctsn since we last sacked */
916 __u32 sack_generation;
917
915 struct flowi fl; 918 struct flowi fl;
916 919
917 /* This is the peer's IP address and port. */ 920 /* This is the peer's IP address and port. */
@@ -1584,6 +1587,7 @@ struct sctp_association {
1584 */ 1587 */
1585 __u8 sack_needed; /* Do we need to sack the peer? */ 1588 __u8 sack_needed; /* Do we need to sack the peer? */
1586 __u32 sack_cnt; 1589 __u32 sack_cnt;
1590 __u32 sack_generation;
1587 1591
1588 /* These are capabilities which our peer advertised. */ 1592 /* These are capabilities which our peer advertised. */
1589 __u8 ecn_capable:1, /* Can peer do ECN? */ 1593 __u8 ecn_capable:1, /* Can peer do ECN? */
diff --git a/include/net/sctp/tsnmap.h b/include/net/sctp/tsnmap.h
index e7728bc14ccf..2c5d2b4d5d1e 100644
--- a/include/net/sctp/tsnmap.h
+++ b/include/net/sctp/tsnmap.h
@@ -117,7 +117,8 @@ void sctp_tsnmap_free(struct sctp_tsnmap *map);
117int sctp_tsnmap_check(const struct sctp_tsnmap *, __u32 tsn); 117int sctp_tsnmap_check(const struct sctp_tsnmap *, __u32 tsn);
118 118
119/* Mark this TSN as seen. */ 119/* Mark this TSN as seen. */
120int sctp_tsnmap_mark(struct sctp_tsnmap *, __u32 tsn); 120int sctp_tsnmap_mark(struct sctp_tsnmap *, __u32 tsn,
121 struct sctp_transport *trans);
121 122
122/* Mark this TSN and all lower as seen. */ 123/* Mark this TSN and all lower as seen. */
123void sctp_tsnmap_skip(struct sctp_tsnmap *map, __u32 tsn); 124void sctp_tsnmap_skip(struct sctp_tsnmap *map, __u32 tsn);
diff --git a/kernel/relay.c b/kernel/relay.c
index ab56a1764d4d..e8cd2027abbd 100644
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -1235,6 +1235,7 @@ static ssize_t subbuf_splice_actor(struct file *in,
1235 struct splice_pipe_desc spd = { 1235 struct splice_pipe_desc spd = {
1236 .pages = pages, 1236 .pages = pages,
1237 .nr_pages = 0, 1237 .nr_pages = 0,
1238 .nr_pages_max = PIPE_DEF_BUFFERS,
1238 .partial = partial, 1239 .partial = partial,
1239 .flags = flags, 1240 .flags = flags,
1240 .ops = &relay_pipe_buf_ops, 1241 .ops = &relay_pipe_buf_ops,
@@ -1302,8 +1303,8 @@ static ssize_t subbuf_splice_actor(struct file *in,
1302 ret += padding; 1303 ret += padding;
1303 1304
1304out: 1305out:
1305 splice_shrink_spd(pipe, &spd); 1306 splice_shrink_spd(&spd);
1306 return ret; 1307 return ret;
1307} 1308}
1308 1309
1309static ssize_t relay_file_splice_read(struct file *in, 1310static ssize_t relay_file_splice_read(struct file *in,
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 49249c28690d..a7fa0702be1c 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -3609,6 +3609,7 @@ static ssize_t tracing_splice_read_pipe(struct file *filp,
3609 .pages = pages_def, 3609 .pages = pages_def,
3610 .partial = partial_def, 3610 .partial = partial_def,
3611 .nr_pages = 0, /* This gets updated below. */ 3611 .nr_pages = 0, /* This gets updated below. */
3612 .nr_pages_max = PIPE_DEF_BUFFERS,
3612 .flags = flags, 3613 .flags = flags,
3613 .ops = &tracing_pipe_buf_ops, 3614 .ops = &tracing_pipe_buf_ops,
3614 .spd_release = tracing_spd_release_pipe, 3615 .spd_release = tracing_spd_release_pipe,
@@ -3680,7 +3681,7 @@ static ssize_t tracing_splice_read_pipe(struct file *filp,
3680 3681
3681 ret = splice_to_pipe(pipe, &spd); 3682 ret = splice_to_pipe(pipe, &spd);
3682out: 3683out:
3683 splice_shrink_spd(pipe, &spd); 3684 splice_shrink_spd(&spd);
3684 return ret; 3685 return ret;
3685 3686
3686out_err: 3687out_err:
@@ -4231,6 +4232,7 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
4231 struct splice_pipe_desc spd = { 4232 struct splice_pipe_desc spd = {
4232 .pages = pages_def, 4233 .pages = pages_def,
4233 .partial = partial_def, 4234 .partial = partial_def,
4235 .nr_pages_max = PIPE_DEF_BUFFERS,
4234 .flags = flags, 4236 .flags = flags,
4235 .ops = &buffer_pipe_buf_ops, 4237 .ops = &buffer_pipe_buf_ops,
4236 .spd_release = buffer_spd_release, 4238 .spd_release = buffer_spd_release,
@@ -4318,7 +4320,7 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
4318 } 4320 }
4319 4321
4320 ret = splice_to_pipe(pipe, &spd); 4322 ret = splice_to_pipe(pipe, &spd);
4321 splice_shrink_spd(pipe, &spd); 4323 splice_shrink_spd(&spd);
4322out: 4324out:
4323 return ret; 4325 return ret;
4324} 4326}
diff --git a/mm/shmem.c b/mm/shmem.c
index a15a466d0d1d..4ce02e0673db 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1594,6 +1594,7 @@ static ssize_t shmem_file_splice_read(struct file *in, loff_t *ppos,
1594 struct splice_pipe_desc spd = { 1594 struct splice_pipe_desc spd = {
1595 .pages = pages, 1595 .pages = pages,
1596 .partial = partial, 1596 .partial = partial,
1597 .nr_pages_max = PIPE_DEF_BUFFERS,
1597 .flags = flags, 1598 .flags = flags,
1598 .ops = &page_cache_pipe_buf_ops, 1599 .ops = &page_cache_pipe_buf_ops,
1599 .spd_release = spd_release_page, 1600 .spd_release = spd_release_page,
@@ -1682,7 +1683,7 @@ static ssize_t shmem_file_splice_read(struct file *in, loff_t *ppos,
1682 if (spd.nr_pages) 1683 if (spd.nr_pages)
1683 error = splice_to_pipe(pipe, &spd); 1684 error = splice_to_pipe(pipe, &spd);
1684 1685
1685 splice_shrink_spd(pipe, &spd); 1686 splice_shrink_spd(&spd);
1686 1687
1687 if (error > 0) { 1688 if (error > 0) {
1688 *ppos += error; 1689 *ppos += error;
diff --git a/net/core/dev.c b/net/core/dev.c
index 6df214041a5e..84f01ba81a34 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1136,8 +1136,8 @@ void dev_load(struct net *net, const char *name)
1136 no_module = request_module("netdev-%s", name); 1136 no_module = request_module("netdev-%s", name);
1137 if (no_module && capable(CAP_SYS_MODULE)) { 1137 if (no_module && capable(CAP_SYS_MODULE)) {
1138 if (!request_module("%s", name)) 1138 if (!request_module("%s", name))
1139 pr_err("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", 1139 pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n",
1140 name); 1140 name);
1141 } 1141 }
1142} 1142}
1143EXPORT_SYMBOL(dev_load); 1143EXPORT_SYMBOL(dev_load);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index d78671e9d545..46a3d23d259e 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1755,6 +1755,7 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
1755 struct splice_pipe_desc spd = { 1755 struct splice_pipe_desc spd = {
1756 .pages = pages, 1756 .pages = pages,
1757 .partial = partial, 1757 .partial = partial,
1758 .nr_pages_max = MAX_SKB_FRAGS,
1758 .flags = flags, 1759 .flags = flags,
1759 .ops = &sock_pipe_buf_ops, 1760 .ops = &sock_pipe_buf_ops,
1760 .spd_release = sock_spd_release, 1761 .spd_release = sock_spd_release,
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 66e4fcdd1c6b..a4bb856de08f 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1342,7 +1342,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1342 struct ieee80211_local *local = sdata->local; 1342 struct ieee80211_local *local = sdata->local;
1343 struct sta_info *sta; 1343 struct sta_info *sta;
1344 u32 changed = 0; 1344 u32 changed = 0;
1345 u8 bssid[ETH_ALEN];
1346 1345
1347 ASSERT_MGD_MTX(ifmgd); 1346 ASSERT_MGD_MTX(ifmgd);
1348 1347
@@ -1354,10 +1353,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1354 1353
1355 ieee80211_stop_poll(sdata); 1354 ieee80211_stop_poll(sdata);
1356 1355
1357 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1358
1359 ifmgd->associated = NULL; 1356 ifmgd->associated = NULL;
1360 memset(ifmgd->bssid, 0, ETH_ALEN);
1361 1357
1362 /* 1358 /*
1363 * we need to commit the associated = NULL change because the 1359 * we need to commit the associated = NULL change because the
@@ -1377,7 +1373,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1377 netif_carrier_off(sdata->dev); 1373 netif_carrier_off(sdata->dev);
1378 1374
1379 mutex_lock(&local->sta_mtx); 1375 mutex_lock(&local->sta_mtx);
1380 sta = sta_info_get(sdata, bssid); 1376 sta = sta_info_get(sdata, ifmgd->bssid);
1381 if (sta) { 1377 if (sta) {
1382 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1378 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1383 ieee80211_sta_tear_down_BA_sessions(sta, tx); 1379 ieee80211_sta_tear_down_BA_sessions(sta, tx);
@@ -1386,13 +1382,16 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1386 1382
1387 /* deauthenticate/disassociate now */ 1383 /* deauthenticate/disassociate now */
1388 if (tx || frame_buf) 1384 if (tx || frame_buf)
1389 ieee80211_send_deauth_disassoc(sdata, bssid, stype, reason, 1385 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1390 tx, frame_buf); 1386 reason, tx, frame_buf);
1391 1387
1392 /* flush out frame */ 1388 /* flush out frame */
1393 if (tx) 1389 if (tx)
1394 drv_flush(local, false); 1390 drv_flush(local, false);
1395 1391
1392 /* clear bssid only after building the needed mgmt frames */
1393 memset(ifmgd->bssid, 0, ETH_ALEN);
1394
1396 /* remove AP and TDLS peers */ 1395 /* remove AP and TDLS peers */
1397 sta_info_flush(local, sdata); 1396 sta_info_flush(local, sdata);
1398 1397
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7bcecf73aafb..965e6ec0adb6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2455,7 +2455,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2455 * frames that we didn't handle, including returning unknown 2455 * frames that we didn't handle, including returning unknown
2456 * ones. For all other modes we will return them to the sender, 2456 * ones. For all other modes we will return them to the sender,
2457 * setting the 0x80 bit in the action category, as required by 2457 * setting the 0x80 bit in the action category, as required by
2458 * 802.11-2007 7.3.1.11. 2458 * 802.11-2012 9.24.4.
2459 * Newer versions of hostapd shall also use the management frame 2459 * Newer versions of hostapd shall also use the management frame
2460 * registration mechanisms, but older ones still use cooked 2460 * registration mechanisms, but older ones still use cooked
2461 * monitor interfaces so push all frames there. 2461 * monitor interfaces so push all frames there.
@@ -2465,6 +2465,9 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2465 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) 2465 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2466 return RX_DROP_MONITOR; 2466 return RX_DROP_MONITOR;
2467 2467
2468 if (is_multicast_ether_addr(mgmt->da))
2469 return RX_DROP_MONITOR;
2470
2468 /* do not return rejected action frames */ 2471 /* do not return rejected action frames */
2469 if (mgmt->u.action.category & 0x80) 2472 if (mgmt->u.action.category & 0x80)
2470 return RX_DROP_UNUSABLE; 2473 return RX_DROP_UNUSABLE;
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 819c342f5b30..9730882697aa 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -640,6 +640,14 @@ find_free_id(const char *name, ip_set_id_t *index, struct ip_set **set)
640} 640}
641 641
642static int 642static int
643ip_set_none(struct sock *ctnl, struct sk_buff *skb,
644 const struct nlmsghdr *nlh,
645 const struct nlattr * const attr[])
646{
647 return -EOPNOTSUPP;
648}
649
650static int
643ip_set_create(struct sock *ctnl, struct sk_buff *skb, 651ip_set_create(struct sock *ctnl, struct sk_buff *skb,
644 const struct nlmsghdr *nlh, 652 const struct nlmsghdr *nlh,
645 const struct nlattr * const attr[]) 653 const struct nlattr * const attr[])
@@ -1539,6 +1547,10 @@ nlmsg_failure:
1539} 1547}
1540 1548
1541static const struct nfnl_callback ip_set_netlink_subsys_cb[IPSET_MSG_MAX] = { 1549static const struct nfnl_callback ip_set_netlink_subsys_cb[IPSET_MSG_MAX] = {
1550 [IPSET_CMD_NONE] = {
1551 .call = ip_set_none,
1552 .attr_count = IPSET_ATTR_CMD_MAX,
1553 },
1542 [IPSET_CMD_CREATE] = { 1554 [IPSET_CMD_CREATE] = {
1543 .call = ip_set_create, 1555 .call = ip_set_create,
1544 .attr_count = IPSET_ATTR_CMD_MAX, 1556 .attr_count = IPSET_ATTR_CMD_MAX,
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index ee863943c826..d5d3607ae7bc 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -38,30 +38,6 @@ struct iface_node {
38 38
39#define iface_data(n) (rb_entry(n, struct iface_node, node)->iface) 39#define iface_data(n) (rb_entry(n, struct iface_node, node)->iface)
40 40
41static inline long
42ifname_compare(const char *_a, const char *_b)
43{
44 const long *a = (const long *)_a;
45 const long *b = (const long *)_b;
46
47 BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
48 if (a[0] != b[0])
49 return a[0] - b[0];
50 if (IFNAMSIZ > sizeof(long)) {
51 if (a[1] != b[1])
52 return a[1] - b[1];
53 }
54 if (IFNAMSIZ > 2 * sizeof(long)) {
55 if (a[2] != b[2])
56 return a[2] - b[2];
57 }
58 if (IFNAMSIZ > 3 * sizeof(long)) {
59 if (a[3] != b[3])
60 return a[3] - b[3];
61 }
62 return 0;
63}
64
65static void 41static void
66rbtree_destroy(struct rb_root *root) 42rbtree_destroy(struct rb_root *root)
67{ 43{
@@ -99,7 +75,7 @@ iface_test(struct rb_root *root, const char **iface)
99 75
100 while (n) { 76 while (n) {
101 const char *d = iface_data(n); 77 const char *d = iface_data(n);
102 long res = ifname_compare(*iface, d); 78 int res = strcmp(*iface, d);
103 79
104 if (res < 0) 80 if (res < 0)
105 n = n->rb_left; 81 n = n->rb_left;
@@ -121,7 +97,7 @@ iface_add(struct rb_root *root, const char **iface)
121 97
122 while (*n) { 98 while (*n) {
123 char *ifname = iface_data(*n); 99 char *ifname = iface_data(*n);
124 long res = ifname_compare(*iface, ifname); 100 int res = strcmp(*iface, ifname);
125 101
126 p = *n; 102 p = *n;
127 if (res < 0) 103 if (res < 0)
@@ -366,7 +342,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
366 struct hash_netiface4_elem data = { .cidr = HOST_MASK }; 342 struct hash_netiface4_elem data = { .cidr = HOST_MASK };
367 u32 ip = 0, ip_to, last; 343 u32 ip = 0, ip_to, last;
368 u32 timeout = h->timeout; 344 u32 timeout = h->timeout;
369 char iface[IFNAMSIZ] = {}; 345 char iface[IFNAMSIZ];
370 int ret; 346 int ret;
371 347
372 if (unlikely(!tb[IPSET_ATTR_IP] || 348 if (unlikely(!tb[IPSET_ATTR_IP] ||
@@ -663,7 +639,7 @@ hash_netiface6_uadt(struct ip_set *set, struct nlattr *tb[],
663 ipset_adtfn adtfn = set->variant->adt[adt]; 639 ipset_adtfn adtfn = set->variant->adt[adt];
664 struct hash_netiface6_elem data = { .cidr = HOST_MASK }; 640 struct hash_netiface6_elem data = { .cidr = HOST_MASK };
665 u32 timeout = h->timeout; 641 u32 timeout = h->timeout;
666 char iface[IFNAMSIZ] = {}; 642 char iface[IFNAMSIZ];
667 int ret; 643 int ret;
668 644
669 if (unlikely(!tb[IPSET_ATTR_IP] || 645 if (unlikely(!tb[IPSET_ATTR_IP] ||
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index dd811b8dd97c..d43e3c122f7b 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -76,19 +76,19 @@ static void __ip_vs_del_service(struct ip_vs_service *svc);
76 76
77#ifdef CONFIG_IP_VS_IPV6 77#ifdef CONFIG_IP_VS_IPV6
78/* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */ 78/* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */
79static int __ip_vs_addr_is_local_v6(struct net *net, 79static bool __ip_vs_addr_is_local_v6(struct net *net,
80 const struct in6_addr *addr) 80 const struct in6_addr *addr)
81{ 81{
82 struct rt6_info *rt;
83 struct flowi6 fl6 = { 82 struct flowi6 fl6 = {
84 .daddr = *addr, 83 .daddr = *addr,
85 }; 84 };
85 struct dst_entry *dst = ip6_route_output(net, NULL, &fl6);
86 bool is_local;
86 87
87 rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6); 88 is_local = !dst->error && dst->dev && (dst->dev->flags & IFF_LOOPBACK);
88 if (rt && rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK))
89 return 1;
90 89
91 return 0; 90 dst_release(dst);
91 return is_local;
92} 92}
93#endif 93#endif
94 94
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 3e797d1fcb94..791d56bbd74a 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -169,8 +169,10 @@ replay:
169 169
170 err = nla_parse(cda, ss->cb[cb_id].attr_count, 170 err = nla_parse(cda, ss->cb[cb_id].attr_count,
171 attr, attrlen, ss->cb[cb_id].policy); 171 attr, attrlen, ss->cb[cb_id].policy);
172 if (err < 0) 172 if (err < 0) {
173 rcu_read_unlock();
173 return err; 174 return err;
175 }
174 176
175 if (nc->call_rcu) { 177 if (nc->call_rcu) {
176 err = nc->call_rcu(net->nfnl, skb, nlh, 178 err = nc->call_rcu(net->nfnl, skb, nlh,
diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index cb2646179e5f..2ab196a9f228 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
@@ -106,7 +106,7 @@ static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); 106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data));
107 data += 2; 107 data += 2;
108 108
109 nfca_poll->nfcid1_len = *data++; 109 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE);
110 110
111 pr_debug("sens_res 0x%x, nfcid1_len %d\n", 111 pr_debug("sens_res 0x%x, nfcid1_len %d\n",
112 nfca_poll->sens_res, nfca_poll->nfcid1_len); 112 nfca_poll->sens_res, nfca_poll->nfcid1_len);
@@ -130,7 +130,7 @@ static __u8 *nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev,
130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll, 130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll,
131 __u8 *data) 131 __u8 *data)
132{ 132{
133 nfcb_poll->sensb_res_len = *data++; 133 nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE);
134 134
135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); 135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len);
136 136
@@ -145,7 +145,7 @@ static __u8 *nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev,
145 __u8 *data) 145 __u8 *data)
146{ 146{
147 nfcf_poll->bit_rate = *data++; 147 nfcf_poll->bit_rate = *data++;
148 nfcf_poll->sensf_res_len = *data++; 148 nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE);
149 149
150 pr_debug("bit_rate %d, sensf_res_len %d\n", 150 pr_debug("bit_rate %d, sensf_res_len %d\n",
151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); 151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len);
@@ -331,7 +331,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
331 switch (ntf->activation_rf_tech_and_mode) { 331 switch (ntf->activation_rf_tech_and_mode) {
332 case NCI_NFC_A_PASSIVE_POLL_MODE: 332 case NCI_NFC_A_PASSIVE_POLL_MODE:
333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; 333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep;
334 nfca_poll->rats_res_len = *data++; 334 nfca_poll->rats_res_len = min_t(__u8, *data++, 20);
335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len); 335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len);
336 if (nfca_poll->rats_res_len > 0) { 336 if (nfca_poll->rats_res_len > 0) {
337 memcpy(nfca_poll->rats_res, 337 memcpy(nfca_poll->rats_res,
@@ -341,7 +341,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
341 341
342 case NCI_NFC_B_PASSIVE_POLL_MODE: 342 case NCI_NFC_B_PASSIVE_POLL_MODE:
343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; 343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep;
344 nfcb_poll->attrib_res_len = *data++; 344 nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50);
345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len); 345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len);
346 if (nfcb_poll->attrib_res_len > 0) { 346 if (nfcb_poll->attrib_res_len > 0) {
347 memcpy(nfcb_poll->attrib_res, 347 memcpy(nfcb_poll->attrib_res,
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index ec1134c9e07f..8b8a6a2b2bad 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -54,7 +54,10 @@ static int rawsock_release(struct socket *sock)
54{ 54{
55 struct sock *sk = sock->sk; 55 struct sock *sk = sock->sk;
56 56
57 pr_debug("sock=%p\n", sock); 57 pr_debug("sock=%p sk=%p\n", sock, sk);
58
59 if (!sk)
60 return 0;
58 61
59 sock_orphan(sk); 62 sock_orphan(sk);
60 sock_put(sk); 63 sock_put(sk);
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 5bc9ab161b37..b16517ee1aaf 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -271,6 +271,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
271 */ 271 */
272 asoc->peer.sack_needed = 1; 272 asoc->peer.sack_needed = 1;
273 asoc->peer.sack_cnt = 0; 273 asoc->peer.sack_cnt = 0;
274 asoc->peer.sack_generation = 1;
274 275
275 /* Assume that the peer will tell us if he recognizes ASCONF 276 /* Assume that the peer will tell us if he recognizes ASCONF
276 * as part of INIT exchange. 277 * as part of INIT exchange.
diff --git a/net/sctp/output.c b/net/sctp/output.c
index f1b7d4bb591e..6ae47acaaec6 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -248,6 +248,11 @@ static sctp_xmit_t sctp_packet_bundle_sack(struct sctp_packet *pkt,
248 /* If the SACK timer is running, we have a pending SACK */ 248 /* If the SACK timer is running, we have a pending SACK */
249 if (timer_pending(timer)) { 249 if (timer_pending(timer)) {
250 struct sctp_chunk *sack; 250 struct sctp_chunk *sack;
251
252 if (pkt->transport->sack_generation !=
253 pkt->transport->asoc->peer.sack_generation)
254 return retval;
255
251 asoc->a_rwnd = asoc->rwnd; 256 asoc->a_rwnd = asoc->rwnd;
252 sack = sctp_make_sack(asoc); 257 sack = sctp_make_sack(asoc);
253 if (sack) { 258 if (sack) {
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index a85eeeb55dd0..b6de71efb140 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -734,8 +734,10 @@ struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
734 int len; 734 int len;
735 __u32 ctsn; 735 __u32 ctsn;
736 __u16 num_gabs, num_dup_tsns; 736 __u16 num_gabs, num_dup_tsns;
737 struct sctp_association *aptr = (struct sctp_association *)asoc;
737 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 738 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
738 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 739 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
740 struct sctp_transport *trans;
739 741
740 memset(gabs, 0, sizeof(gabs)); 742 memset(gabs, 0, sizeof(gabs));
741 ctsn = sctp_tsnmap_get_ctsn(map); 743 ctsn = sctp_tsnmap_get_ctsn(map);
@@ -805,6 +807,20 @@ struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
805 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 807 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
806 sctp_tsnmap_get_dups(map)); 808 sctp_tsnmap_get_dups(map));
807 809
810 /* Once we have a sack generated, check to see what our sack
811 * generation is, if its 0, reset the transports to 0, and reset
812 * the association generation to 1
813 *
814 * The idea is that zero is never used as a valid generation for the
815 * association so no transport will match after a wrap event like this,
816 * Until the next sack
817 */
818 if (++aptr->peer.sack_generation == 0) {
819 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
820 transports)
821 trans->sack_generation = 0;
822 aptr->peer.sack_generation = 1;
823 }
808nodata: 824nodata:
809 return retval; 825 return retval;
810} 826}
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index c96d1a81cf42..8716da1a8592 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1268,7 +1268,7 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1268 case SCTP_CMD_REPORT_TSN: 1268 case SCTP_CMD_REPORT_TSN:
1269 /* Record the arrival of a TSN. */ 1269 /* Record the arrival of a TSN. */
1270 error = sctp_tsnmap_mark(&asoc->peer.tsn_map, 1270 error = sctp_tsnmap_mark(&asoc->peer.tsn_map,
1271 cmd->obj.u32); 1271 cmd->obj.u32, NULL);
1272 break; 1272 break;
1273 1273
1274 case SCTP_CMD_REPORT_FWDTSN: 1274 case SCTP_CMD_REPORT_FWDTSN:
diff --git a/net/sctp/transport.c b/net/sctp/transport.c
index b026ba0c6992..1dcceb6e0ce6 100644
--- a/net/sctp/transport.c
+++ b/net/sctp/transport.c
@@ -68,6 +68,8 @@ static struct sctp_transport *sctp_transport_init(struct sctp_transport *peer,
68 peer->af_specific = sctp_get_af_specific(addr->sa.sa_family); 68 peer->af_specific = sctp_get_af_specific(addr->sa.sa_family);
69 memset(&peer->saddr, 0, sizeof(union sctp_addr)); 69 memset(&peer->saddr, 0, sizeof(union sctp_addr));
70 70
71 peer->sack_generation = 0;
72
71 /* From 6.3.1 RTO Calculation: 73 /* From 6.3.1 RTO Calculation:
72 * 74 *
73 * C1) Until an RTT measurement has been made for a packet sent to the 75 * C1) Until an RTT measurement has been made for a packet sent to the
diff --git a/net/sctp/tsnmap.c b/net/sctp/tsnmap.c
index f1e40cebc981..b5fb7c409023 100644
--- a/net/sctp/tsnmap.c
+++ b/net/sctp/tsnmap.c
@@ -114,7 +114,8 @@ int sctp_tsnmap_check(const struct sctp_tsnmap *map, __u32 tsn)
114 114
115 115
116/* Mark this TSN as seen. */ 116/* Mark this TSN as seen. */
117int sctp_tsnmap_mark(struct sctp_tsnmap *map, __u32 tsn) 117int sctp_tsnmap_mark(struct sctp_tsnmap *map, __u32 tsn,
118 struct sctp_transport *trans)
118{ 119{
119 u16 gap; 120 u16 gap;
120 121
@@ -133,6 +134,9 @@ int sctp_tsnmap_mark(struct sctp_tsnmap *map, __u32 tsn)
133 */ 134 */
134 map->max_tsn_seen++; 135 map->max_tsn_seen++;
135 map->cumulative_tsn_ack_point++; 136 map->cumulative_tsn_ack_point++;
137 if (trans)
138 trans->sack_generation =
139 trans->asoc->peer.sack_generation;
136 map->base_tsn++; 140 map->base_tsn++;
137 } else { 141 } else {
138 /* Either we already have a gap, or about to record a gap, so 142 /* Either we already have a gap, or about to record a gap, so
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index 8a84017834c2..33d894776192 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -715,7 +715,8 @@ struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
715 * can mark it as received so the tsn_map is updated correctly. 715 * can mark it as received so the tsn_map is updated correctly.
716 */ 716 */
717 if (sctp_tsnmap_mark(&asoc->peer.tsn_map, 717 if (sctp_tsnmap_mark(&asoc->peer.tsn_map,
718 ntohl(chunk->subh.data_hdr->tsn))) 718 ntohl(chunk->subh.data_hdr->tsn),
719 chunk->transport))
719 goto fail_mark; 720 goto fail_mark;
720 721
721 /* First calculate the padding, so we don't inadvertently 722 /* First calculate the padding, so we don't inadvertently
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index f2d1de7f2ffb..f5a6a4f4faf7 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -1051,7 +1051,7 @@ void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
1051 if (chunk && (freed >= needed)) { 1051 if (chunk && (freed >= needed)) {
1052 __u32 tsn; 1052 __u32 tsn;
1053 tsn = ntohl(chunk->subh.data_hdr->tsn); 1053 tsn = ntohl(chunk->subh.data_hdr->tsn);
1054 sctp_tsnmap_mark(&asoc->peer.tsn_map, tsn); 1054 sctp_tsnmap_mark(&asoc->peer.tsn_map, tsn, chunk->transport);
1055 sctp_ulpq_tail_data(ulpq, chunk, gfp); 1055 sctp_ulpq_tail_data(ulpq, chunk, gfp);
1056 1056
1057 sctp_ulpq_partial_delivery(ulpq, chunk, gfp); 1057 sctp_ulpq_partial_delivery(ulpq, chunk, gfp);
diff --git a/security/security.c b/security/security.c
index 3efc9b12aef4..860aeb349cb3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,6 +23,7 @@
23#include <linux/mman.h> 23#include <linux/mman.h>
24#include <linux/mount.h> 24#include <linux/mount.h>
25#include <linux/personality.h> 25#include <linux/personality.h>
26#include <linux/backing-dev.h>
26#include <net/flow.h> 27#include <net/flow.h>
27 28
28#define MAX_LSM_EVM_XATTR 2 29#define MAX_LSM_EVM_XATTR 2
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 5ccf10a4d593..aa4c25e0f327 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6688,6 +6688,31 @@ static const struct alc_model_fixup alc662_fixup_models[] = {
6688 {} 6688 {}
6689}; 6689};
6690 6690
6691static void alc662_fill_coef(struct hda_codec *codec)
6692{
6693 int val, coef;
6694
6695 coef = alc_get_coef0(codec);
6696
6697 switch (codec->vendor_id) {
6698 case 0x10ec0662:
6699 if ((coef & 0x00f0) == 0x0030) {
6700 val = alc_read_coef_idx(codec, 0x4); /* EAPD Ctrl */
6701 alc_write_coef_idx(codec, 0x4, val & ~(1<<10));
6702 }
6703 break;
6704 case 0x10ec0272:
6705 case 0x10ec0273:
6706 case 0x10ec0663:
6707 case 0x10ec0665:
6708 case 0x10ec0670:
6709 case 0x10ec0671:
6710 case 0x10ec0672:
6711 val = alc_read_coef_idx(codec, 0xd); /* EAPD Ctrl */
6712 alc_write_coef_idx(codec, 0xd, val | (1<<14));
6713 break;
6714 }
6715}
6691 6716
6692/* 6717/*
6693 */ 6718 */
@@ -6707,6 +6732,9 @@ static int patch_alc662(struct hda_codec *codec)
6707 6732
6708 alc_fix_pll_init(codec, 0x20, 0x04, 15); 6733 alc_fix_pll_init(codec, 0x20, 0x04, 15);
6709 6734
6735 spec->init_hook = alc662_fill_coef;
6736 alc662_fill_coef(codec);
6737
6710 alc_pick_fixup(codec, alc662_fixup_models, 6738 alc_pick_fixup(codec, alc662_fixup_models,
6711 alc662_fixup_tbl, alc662_fixups); 6739 alc662_fixup_tbl, alc662_fixups);
6712 alc_apply_fixup(codec, ALC_FIXUP_ACT_PRE_PROBE); 6740 alc_apply_fixup(codec, ALC_FIXUP_ACT_PRE_PROBE);
diff --git a/sound/soc/codecs/tlv320aic3x.c b/sound/soc/codecs/tlv320aic3x.c
index 64d2a4fa34b2..e9b62b5ea637 100644
--- a/sound/soc/codecs/tlv320aic3x.c
+++ b/sound/soc/codecs/tlv320aic3x.c
@@ -935,9 +935,7 @@ static int aic3x_hw_params(struct snd_pcm_substream *substream,
935 } 935 }
936 936
937found: 937found:
938 data = snd_soc_read(codec, AIC3X_PLL_PROGA_REG); 938 snd_soc_update_bits(codec, AIC3X_PLL_PROGA_REG, PLLP_MASK, pll_p);
939 snd_soc_write(codec, AIC3X_PLL_PROGA_REG,
940 data | (pll_p << PLLP_SHIFT));
941 snd_soc_write(codec, AIC3X_OVRF_STATUS_AND_PLLR_REG, 939 snd_soc_write(codec, AIC3X_OVRF_STATUS_AND_PLLR_REG,
942 pll_r << PLLR_SHIFT); 940 pll_r << PLLR_SHIFT);
943 snd_soc_write(codec, AIC3X_PLL_PROGB_REG, pll_j << PLLJ_SHIFT); 941 snd_soc_write(codec, AIC3X_PLL_PROGB_REG, pll_j << PLLJ_SHIFT);
diff --git a/sound/soc/codecs/tlv320aic3x.h b/sound/soc/codecs/tlv320aic3x.h
index 6f097fb60683..08c7f6685ff0 100644
--- a/sound/soc/codecs/tlv320aic3x.h
+++ b/sound/soc/codecs/tlv320aic3x.h
@@ -166,6 +166,7 @@
166 166
167/* PLL registers bitfields */ 167/* PLL registers bitfields */
168#define PLLP_SHIFT 0 168#define PLLP_SHIFT 0
169#define PLLP_MASK 7
169#define PLLQ_SHIFT 3 170#define PLLQ_SHIFT 3
170#define PLLR_SHIFT 0 171#define PLLR_SHIFT 0
171#define PLLJ_SHIFT 2 172#define PLLJ_SHIFT 2
diff --git a/sound/soc/codecs/wm2200.c b/sound/soc/codecs/wm2200.c
index acbdc5fde923..32682c1b7cde 100644
--- a/sound/soc/codecs/wm2200.c
+++ b/sound/soc/codecs/wm2200.c
@@ -1491,6 +1491,7 @@ static int wm2200_bclk_rates_dat[WM2200_NUM_BCLK_RATES] = {
1491 1491
1492static int wm2200_bclk_rates_cd[WM2200_NUM_BCLK_RATES] = { 1492static int wm2200_bclk_rates_cd[WM2200_NUM_BCLK_RATES] = {
1493 5644800, 1493 5644800,
1494 3763200,
1494 2882400, 1495 2882400,
1495 1881600, 1496 1881600,
1496 1411200, 1497 1411200,
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index f59c1e8de7a2..7d7e2aaffece 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -198,7 +198,7 @@ static void irqfd_update(struct kvm *kvm, struct _irqfd *irqfd,
198} 198}
199 199
200static int 200static int
201kvm_irqfd_assign(struct kvm *kvm, int fd, int gsi) 201kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args)
202{ 202{
203 struct kvm_irq_routing_table *irq_rt; 203 struct kvm_irq_routing_table *irq_rt;
204 struct _irqfd *irqfd, *tmp; 204 struct _irqfd *irqfd, *tmp;
@@ -212,12 +212,12 @@ kvm_irqfd_assign(struct kvm *kvm, int fd, int gsi)
212 return -ENOMEM; 212 return -ENOMEM;
213 213
214 irqfd->kvm = kvm; 214 irqfd->kvm = kvm;
215 irqfd->gsi = gsi; 215 irqfd->gsi = args->gsi;
216 INIT_LIST_HEAD(&irqfd->list); 216 INIT_LIST_HEAD(&irqfd->list);
217 INIT_WORK(&irqfd->inject, irqfd_inject); 217 INIT_WORK(&irqfd->inject, irqfd_inject);
218 INIT_WORK(&irqfd->shutdown, irqfd_shutdown); 218 INIT_WORK(&irqfd->shutdown, irqfd_shutdown);
219 219
220 file = eventfd_fget(fd); 220 file = eventfd_fget(args->fd);
221 if (IS_ERR(file)) { 221 if (IS_ERR(file)) {
222 ret = PTR_ERR(file); 222 ret = PTR_ERR(file);
223 goto fail; 223 goto fail;
@@ -298,19 +298,19 @@ kvm_eventfd_init(struct kvm *kvm)
298 * shutdown any irqfd's that match fd+gsi 298 * shutdown any irqfd's that match fd+gsi
299 */ 299 */
300static int 300static int
301kvm_irqfd_deassign(struct kvm *kvm, int fd, int gsi) 301kvm_irqfd_deassign(struct kvm *kvm, struct kvm_irqfd *args)
302{ 302{
303 struct _irqfd *irqfd, *tmp; 303 struct _irqfd *irqfd, *tmp;
304 struct eventfd_ctx *eventfd; 304 struct eventfd_ctx *eventfd;
305 305
306 eventfd = eventfd_ctx_fdget(fd); 306 eventfd = eventfd_ctx_fdget(args->fd);
307 if (IS_ERR(eventfd)) 307 if (IS_ERR(eventfd))
308 return PTR_ERR(eventfd); 308 return PTR_ERR(eventfd);
309 309
310 spin_lock_irq(&kvm->irqfds.lock); 310 spin_lock_irq(&kvm->irqfds.lock);
311 311
312 list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list) { 312 list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list) {
313 if (irqfd->eventfd == eventfd && irqfd->gsi == gsi) { 313 if (irqfd->eventfd == eventfd && irqfd->gsi == args->gsi) {
314 /* 314 /*
315 * This rcu_assign_pointer is needed for when 315 * This rcu_assign_pointer is needed for when
316 * another thread calls kvm_irq_routing_update before 316 * another thread calls kvm_irq_routing_update before
@@ -338,12 +338,15 @@ kvm_irqfd_deassign(struct kvm *kvm, int fd, int gsi)
338} 338}
339 339
340int 340int
341kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags) 341kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args)
342{ 342{
343 if (flags & KVM_IRQFD_FLAG_DEASSIGN) 343 if (args->flags & ~KVM_IRQFD_FLAG_DEASSIGN)
344 return kvm_irqfd_deassign(kvm, fd, gsi); 344 return -EINVAL;
345
346 if (args->flags & KVM_IRQFD_FLAG_DEASSIGN)
347 return kvm_irqfd_deassign(kvm, args);
345 348
346 return kvm_irqfd_assign(kvm, fd, gsi); 349 return kvm_irqfd_assign(kvm, args);
347} 350}
348 351
349/* 352/*
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 7e140683ff14..44ee7124b16d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2047,7 +2047,7 @@ static long kvm_vm_ioctl(struct file *filp,
2047 r = -EFAULT; 2047 r = -EFAULT;
2048 if (copy_from_user(&data, argp, sizeof data)) 2048 if (copy_from_user(&data, argp, sizeof data))
2049 goto out; 2049 goto out;
2050 r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags); 2050 r = kvm_irqfd(kvm, &data);
2051 break; 2051 break;
2052 } 2052 }
2053 case KVM_IOEVENTFD: { 2053 case KVM_IOEVENTFD: {
@@ -2845,6 +2845,7 @@ void kvm_exit(void)
2845 kvm_arch_hardware_unsetup(); 2845 kvm_arch_hardware_unsetup();
2846 kvm_arch_exit(); 2846 kvm_arch_exit();
2847 free_cpumask_var(cpus_hardware_enabled); 2847 free_cpumask_var(cpus_hardware_enabled);
2848 __free_page(fault_page);
2848 __free_page(hwpoison_page); 2849 __free_page(hwpoison_page);
2849 __free_page(bad_page); 2850 __free_page(bad_page);
2850} 2851}