From 257f9c5d5274af2fdcbefb953d451bff7bdf7f3b Mon Sep 17 00:00:00 2001
From: Mike Pagano <mpagano@gentoo.org>
Date: Sat, 3 Feb 2018 16:23:13 -0500
Subject: Linux patch 4.4.115

---
 0000_README              |    4 +
 1114_linux-4.4.115.patch | 1942 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 1946 insertions(+)
 create mode 100644 1114_linux-4.4.115.patch

diff --git a/0000_README b/0000_README
index 918bb76b..60d9f403 100644
--- a/0000_README
+++ b/0000_README
@@ -499,6 +499,10 @@ Patch:  1113_linux-4.4.114.patch
 From:   http://www.kernel.org
 Desc:   Linux 4.4.114
 
+Patch:  1114_linux-4.4.115.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.4.115
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.
diff --git a/1114_linux-4.4.115.patch b/1114_linux-4.4.115.patch
new file mode 100644
index 00000000..998f0624
--- /dev/null
+++ b/1114_linux-4.4.115.patch
@@ -0,0 +1,1942 @@
+diff --git a/Makefile b/Makefile
+index 153440b1bbb0..9c60120dd9fd 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 4
+-SUBLEVEL = 114
++SUBLEVEL = 115
+ EXTRAVERSION =
+ NAME = Blurry Fish Butt
+ 
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 14cdc6dea493..83af36d9439f 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -54,6 +54,7 @@ config ARM64
+ 	select HAVE_ARCH_SECCOMP_FILTER
+ 	select HAVE_ARCH_TRACEHOOK
+ 	select HAVE_BPF_JIT
++	select HAVE_EBPF_JIT
+ 	select HAVE_C_RECORDMCOUNT
+ 	select HAVE_CC_STACKPROTECTOR
+ 	select HAVE_CMPXCHG_DOUBLE
+diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
+index 5ad7b721b769..2ee95ece0498 100644
+--- a/arch/s390/Kconfig
++++ b/arch/s390/Kconfig
+@@ -123,6 +123,7 @@ config S390
+ 	select HAVE_ARCH_TRACEHOOK
+ 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ 	select HAVE_BPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
++	select HAVE_EBPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
+ 	select HAVE_CMPXCHG_DOUBLE
+ 	select HAVE_CMPXCHG_LOCAL
+ 	select HAVE_DEBUG_KMEMLEAK
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 75d0053b495a..2db93042f2f3 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -88,6 +88,7 @@ config X86
+ 	select HAVE_ARCH_TRACEHOOK
+ 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ 	select HAVE_BPF_JIT			if X86_64
++	select HAVE_EBPF_JIT			if X86_64
+ 	select HAVE_CC_STACKPROTECTOR
+ 	select HAVE_CMPXCHG_DOUBLE
+ 	select HAVE_CMPXCHG_LOCAL
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 3633ad6145c5..c18806b5db2a 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -965,7 +965,7 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
+ 
+ 	if (sg_is_last(req->src) &&
+ 	    req->src->offset + req->src->length <= PAGE_SIZE &&
+-	    sg_is_last(req->dst) &&
++	    sg_is_last(req->dst) && req->dst->length &&
+ 	    req->dst->offset + req->dst->length <= PAGE_SIZE) {
+ 		one_entry_in_sg = 1;
+ 		scatterwalk_start(&src_sg_walk, req->src);
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index 9d2abb2a41d2..74fda1a453bd 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -998,7 +998,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
+ static inline int emulate_instruction(struct kvm_vcpu *vcpu,
+ 			int emulation_type)
+ {
+-	return x86_emulate_instruction(vcpu, 0, emulation_type, NULL, 0);
++	return x86_emulate_instruction(vcpu, 0,
++			emulation_type | EMULTYPE_NO_REEXECUTE, NULL, 0);
+ }
+ 
+ void kvm_enable_efer_bits(u64);
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_bts.c b/arch/x86/kernel/cpu/perf_event_intel_bts.c
+index 2cad71d1b14c..5af11c46d0b9 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_bts.c
++++ b/arch/x86/kernel/cpu/perf_event_intel_bts.c
+@@ -22,6 +22,7 @@
+ #include <linux/debugfs.h>
+ #include <linux/device.h>
+ #include <linux/coredump.h>
++#include <linux/kaiser.h>
+ 
+ #include <asm-generic/sizes.h>
+ #include <asm/perf_event.h>
+@@ -67,6 +68,23 @@ static size_t buf_size(struct page *page)
+ 	return 1 << (PAGE_SHIFT + page_private(page));
+ }
+ 
++static void bts_buffer_free_aux(void *data)
++{
++#ifdef CONFIG_PAGE_TABLE_ISOLATION
++	struct bts_buffer *buf = data;
++	int nbuf;
++
++	for (nbuf = 0; nbuf < buf->nr_bufs; nbuf++) {
++		struct page *page = buf->buf[nbuf].page;
++		void *kaddr = page_address(page);
++		size_t page_size = buf_size(page);
++
++		kaiser_remove_mapping((unsigned long)kaddr, page_size);
++	}
++#endif
++	kfree(data);
++}
++
+ static void *
+ bts_buffer_setup_aux(int cpu, void **pages, int nr_pages, bool overwrite)
+ {
+@@ -103,29 +121,33 @@ bts_buffer_setup_aux(int cpu, void **pages, int nr_pages, bool overwrite)
+ 	buf->real_size = size - size % BTS_RECORD_SIZE;
+ 
+ 	for (pg = 0, nbuf = 0, offset = 0, pad = 0; nbuf < buf->nr_bufs; nbuf++) {
+-		unsigned int __nr_pages;
++		void *kaddr = pages[pg];
++		size_t page_size;
++
++		page = virt_to_page(kaddr);
++		page_size = buf_size(page);
++
++		if (kaiser_add_mapping((unsigned long)kaddr,
++					page_size, __PAGE_KERNEL) < 0) {
++			buf->nr_bufs = nbuf;
++			bts_buffer_free_aux(buf);
++			return NULL;
++		}
+ 
+-		page = virt_to_page(pages[pg]);
+-		__nr_pages = PagePrivate(page) ? 1 << page_private(page) : 1;
+ 		buf->buf[nbuf].page = page;
+ 		buf->buf[nbuf].offset = offset;
+ 		buf->buf[nbuf].displacement = (pad ? BTS_RECORD_SIZE - pad : 0);
+-		buf->buf[nbuf].size = buf_size(page) - buf->buf[nbuf].displacement;
++		buf->buf[nbuf].size = page_size - buf->buf[nbuf].displacement;
+ 		pad = buf->buf[nbuf].size % BTS_RECORD_SIZE;
+ 		buf->buf[nbuf].size -= pad;
+ 
+-		pg += __nr_pages;
+-		offset += __nr_pages << PAGE_SHIFT;
++		pg += page_size >> PAGE_SHIFT;
++		offset += page_size;
+ 	}
+ 
+ 	return buf;
+ }
+ 
+-static void bts_buffer_free_aux(void *data)
+-{
+-	kfree(data);
+-}
+-
+ static unsigned long bts_buffer_offset(struct bts_buffer *buf, unsigned int idx)
+ {
+ 	return buf->buf[idx].offset + buf->buf[idx].displacement;
+diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
+index 91a4496db434..c77ab1f51fbe 100644
+--- a/arch/x86/kernel/tboot.c
++++ b/arch/x86/kernel/tboot.c
+@@ -140,6 +140,16 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn,
+ 		return -1;
+ 	set_pte_at(&tboot_mm, vaddr, pte, pfn_pte(pfn, prot));
+ 	pte_unmap(pte);
++
++	/*
++	 * PTI poisons low addresses in the kernel page tables in the
++	 * name of making them unusable for userspace.  To execute
++	 * code at such a low address, the poison must be cleared.
++	 *
++	 * Note: 'pgd' actually gets set in pud_alloc().
++	 */
++	pgd->pgd &= ~_PAGE_NX;
++
+ 	return 0;
+ }
+ 
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index 00045499f6c2..e4eb1d2bf849 100644
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -4978,6 +4978,8 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
+ 	bool op_prefix = false;
+ 	bool has_seg_override = false;
+ 	struct opcode opcode;
++	u16 dummy;
++	struct desc_struct desc;
+ 
+ 	ctxt->memop.type = OP_NONE;
+ 	ctxt->memopp = NULL;
+@@ -4996,6 +4998,11 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
+ 	switch (mode) {
+ 	case X86EMUL_MODE_REAL:
+ 	case X86EMUL_MODE_VM86:
++		def_op_bytes = def_ad_bytes = 2;
++		ctxt->ops->get_segment(ctxt, &dummy, &desc, NULL, VCPU_SREG_CS);
++		if (desc.d)
++			def_op_bytes = def_ad_bytes = 4;
++		break;
+ 	case X86EMUL_MODE_PROT16:
+ 		def_op_bytes = def_ad_bytes = 2;
+ 		break;
+diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
+index 3aab53f8cad2..d380111351c0 100644
+--- a/arch/x86/kvm/ioapic.c
++++ b/arch/x86/kvm/ioapic.c
+@@ -247,8 +247,7 @@ void kvm_ioapic_scan_entry(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
+ 		    index == RTC_GSI) {
+ 			if (kvm_apic_match_dest(vcpu, NULL, 0,
+ 			             e->fields.dest_id, e->fields.dest_mode) ||
+-			    (e->fields.trig_mode == IOAPIC_EDGE_TRIG &&
+-			     kvm_apic_pending_eoi(vcpu, e->fields.vector)))
++			    kvm_apic_pending_eoi(vcpu, e->fields.vector))
+ 				__set_bit(e->fields.vector,
+ 					(unsigned long *)eoi_exit_bitmap);
+ 		}
+@@ -269,6 +268,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
+ {
+ 	unsigned index;
+ 	bool mask_before, mask_after;
++	int old_remote_irr, old_delivery_status;
+ 	union kvm_ioapic_redirect_entry *e;
+ 
+ 	switch (ioapic->ioregsel) {
+@@ -291,14 +291,28 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
+ 			return;
+ 		e = &ioapic->redirtbl[index];
+ 		mask_before = e->fields.mask;
++		/* Preserve read-only fields */
++		old_remote_irr = e->fields.remote_irr;
++		old_delivery_status = e->fields.delivery_status;
+ 		if (ioapic->ioregsel & 1) {
+ 			e->bits &= 0xffffffff;
+ 			e->bits |= (u64) val << 32;
+ 		} else {
+ 			e->bits &= ~0xffffffffULL;
+ 			e->bits |= (u32) val;
+-			e->fields.remote_irr = 0;
+ 		}
++		e->fields.remote_irr = old_remote_irr;
++		e->fields.delivery_status = old_delivery_status;
++
++		/*
++		 * Some OSes (Linux, Xen) assume that Remote IRR bit will
++		 * be cleared by IOAPIC hardware when the entry is configured
++		 * as edge-triggered. This behavior is used to simulate an
++		 * explicit EOI on IOAPICs that don't have the EOI register.
++		 */
++		if (e->fields.trig_mode == IOAPIC_EDGE_TRIG)
++			e->fields.remote_irr = 0;
++
+ 		mask_after = e->fields.mask;
+ 		if (mask_before != mask_after)
+ 			kvm_fire_mask_notifiers(ioapic->kvm, KVM_IRQCHIP_IOAPIC, index, mask_after);
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 75d60e40c389..f8d785aa2e96 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -4954,7 +4954,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
+ 		vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
+ 	}
+ 
+-	vmcs_writel(GUEST_RFLAGS, 0x02);
++	kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
+ 	kvm_rip_write(vcpu, 0xfff0);
+ 
+ 	vmcs_writel(GUEST_GDTR_BASE, 0);
+@@ -6023,7 +6023,7 @@ static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
+ 		if (test_bit(KVM_REQ_EVENT, &vcpu->requests))
+ 			return 1;
+ 
+-		err = emulate_instruction(vcpu, EMULTYPE_NO_REEXECUTE);
++		err = emulate_instruction(vcpu, 0);
+ 
+ 		if (err == EMULATE_USER_EXIT) {
+ 			++vcpu->stat.mmio_exits;
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index f973cfa8ff4f..3900d34980de 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -5153,7 +5153,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)
+ 		vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ 		vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+ 		vcpu->run->internal.ndata = 0;
+-		r = EMULATE_FAIL;
++		r = EMULATE_USER_EXIT;
+ 	}
+ 	kvm_queue_exception(vcpu, UD_VECTOR);
+ 
+diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
+index 75991979f667..33c42b826791 100644
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -266,10 +266,10 @@ static void emit_bpf_tail_call(u8 **pprog)
+ 	/* if (index >= array->map.max_entries)
+ 	 *   goto out;
+ 	 */
+-	EMIT4(0x48, 0x8B, 0x46,                   /* mov rax, qword ptr [rsi + 16] */
++	EMIT2(0x89, 0xD2);                        /* mov edx, edx */
++	EMIT3(0x39, 0x56,                         /* cmp dword ptr [rsi + 16], edx */
+ 	      offsetof(struct bpf_array, map.max_entries));
+-	EMIT3(0x48, 0x39, 0xD0);                  /* cmp rax, rdx */
+-#define OFFSET1 47 /* number of bytes to jump */
++#define OFFSET1 43 /* number of bytes to jump */
+ 	EMIT2(X86_JBE, OFFSET1);                  /* jbe out */
+ 	label1 = cnt;
+ 
+@@ -278,21 +278,20 @@ static void emit_bpf_tail_call(u8 **pprog)
+ 	 */
+ 	EMIT2_off32(0x8B, 0x85, -STACKSIZE + 36); /* mov eax, dword ptr [rbp - 516] */
+ 	EMIT3(0x83, 0xF8, MAX_TAIL_CALL_CNT);     /* cmp eax, MAX_TAIL_CALL_CNT */
+-#define OFFSET2 36
++#define OFFSET2 32
+ 	EMIT2(X86_JA, OFFSET2);                   /* ja out */
+ 	label2 = cnt;
+ 	EMIT3(0x83, 0xC0, 0x01);                  /* add eax, 1 */
+ 	EMIT2_off32(0x89, 0x85, -STACKSIZE + 36); /* mov dword ptr [rbp - 516], eax */
+ 
+ 	/* prog = array->ptrs[index]; */
+-	EMIT4_off32(0x48, 0x8D, 0x84, 0xD6,       /* lea rax, [rsi + rdx * 8 + offsetof(...)] */
++	EMIT4_off32(0x48, 0x8B, 0x84, 0xD6,       /* mov rax, [rsi + rdx * 8 + offsetof(...)] */
+ 		    offsetof(struct bpf_array, ptrs));
+-	EMIT3(0x48, 0x8B, 0x00);                  /* mov rax, qword ptr [rax] */
+ 
+ 	/* if (prog == NULL)
+ 	 *   goto out;
+ 	 */
+-	EMIT4(0x48, 0x83, 0xF8, 0x00);            /* cmp rax, 0 */
++	EMIT3(0x48, 0x85, 0xC0);		  /* test rax,rax */
+ #define OFFSET3 10
+ 	EMIT2(X86_JE, OFFSET3);                   /* je out */
+ 	label3 = cnt;
+diff --git a/crypto/af_alg.c b/crypto/af_alg.c
+index f5e18c2a4852..ca50eeb13097 100644
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -149,7 +149,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent);
+ 
+ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ {
+-	const u32 forbidden = CRYPTO_ALG_INTERNAL;
++	const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY;
+ 	struct sock *sk = sock->sk;
+ 	struct alg_sock *ask = alg_sk(sk);
+ 	struct sockaddr_alg *sa = (void *)uaddr;
+@@ -157,6 +157,10 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ 	void *private;
+ 	int err;
+ 
++	/* If caller uses non-allowed flag, return error. */
++	if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
++		return -EINVAL;
++
+ 	if (sock->state == SS_CONNECTED)
+ 		return -EINVAL;
+ 
+@@ -175,9 +179,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ 	if (IS_ERR(type))
+ 		return PTR_ERR(type);
+ 
+-	private = type->bind(sa->salg_name,
+-			     sa->salg_feat & ~forbidden,
+-			     sa->salg_mask & ~forbidden);
++	private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
+ 	if (IS_ERR(private)) {
+ 		module_put(type->owner);
+ 		return PTR_ERR(private);
+diff --git a/drivers/acpi/device_sysfs.c b/drivers/acpi/device_sysfs.c
+index b9afb47db7ed..1521d9a41d25 100644
+--- a/drivers/acpi/device_sysfs.c
++++ b/drivers/acpi/device_sysfs.c
+@@ -146,6 +146,10 @@ static int create_pnp_modalias(struct acpi_device *acpi_dev, char *modalias,
+ 	int count;
+ 	struct acpi_hardware_id *id;
+ 
++	/* Avoid unnecessarily loading modules for non present devices. */
++	if (!acpi_device_is_present(acpi_dev))
++		return 0;
++
+ 	/*
+ 	 * Since we skip ACPI_DT_NAMESPACE_HID from the modalias below, 0 should
+ 	 * be returned if ACPI_DT_NAMESPACE_HID is the only ACPI/PNP ID in the
+diff --git a/drivers/block/loop.c b/drivers/block/loop.c
+index cec36d5c24f5..1c36de9719e5 100644
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1569,9 +1569,8 @@ out:
+ 	return err;
+ }
+ 
+-static void lo_release(struct gendisk *disk, fmode_t mode)
++static void __lo_release(struct loop_device *lo)
+ {
+-	struct loop_device *lo = disk->private_data;
+ 	int err;
+ 
+ 	if (atomic_dec_return(&lo->lo_refcnt))
+@@ -1597,6 +1596,13 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
+ 	mutex_unlock(&lo->lo_ctl_mutex);
+ }
+ 
++static void lo_release(struct gendisk *disk, fmode_t mode)
++{
++	mutex_lock(&loop_index_mutex);
++	__lo_release(disk->private_data);
++	mutex_unlock(&loop_index_mutex);
++}
++
+ static const struct block_device_operations lo_fops = {
+ 	.owner =	THIS_MODULE,
+ 	.open =		lo_open,
+diff --git a/drivers/cpufreq/Kconfig b/drivers/cpufreq/Kconfig
+index 659879a56dba..949610360b14 100644
+--- a/drivers/cpufreq/Kconfig
++++ b/drivers/cpufreq/Kconfig
+@@ -236,6 +236,7 @@ endif
+ if MIPS
+ config LOONGSON2_CPUFREQ
+ 	tristate "Loongson2 CPUFreq Driver"
++	depends on LEMOTE_MACH2F
+ 	help
+ 	  This option adds a CPUFreq driver for loongson processors which
+ 	  support software configurable cpu frequency.
+@@ -248,6 +249,7 @@ config LOONGSON2_CPUFREQ
+ 
+ config LOONGSON1_CPUFREQ
+ 	tristate "Loongson1 CPUFreq Driver"
++	depends on LOONGSON1_LS1B
+ 	help
+ 	  This option adds a CPUFreq driver for loongson1 processors which
+ 	  support software configurable cpu frequency.
+diff --git a/drivers/gpio/gpio-ath79.c b/drivers/gpio/gpio-ath79.c
+index 5eaea8b812cf..089a78983b39 100644
+--- a/drivers/gpio/gpio-ath79.c
++++ b/drivers/gpio/gpio-ath79.c
+@@ -203,3 +203,6 @@ static struct platform_driver ath79_gpio_driver = {
+ };
+ 
+ module_platform_driver(ath79_gpio_driver);
++
++MODULE_DESCRIPTION("Atheros AR71XX/AR724X/AR913X GPIO API support");
++MODULE_LICENSE("GPL v2");
+diff --git a/drivers/gpio/gpio-iop.c b/drivers/gpio/gpio-iop.c
+index 2ed0237a8baf..304e68633d29 100644
+--- a/drivers/gpio/gpio-iop.c
++++ b/drivers/gpio/gpio-iop.c
+@@ -129,3 +129,7 @@ static int __init iop3xx_gpio_init(void)
+ 	return platform_driver_register(&iop3xx_gpio_driver);
+ }
+ arch_initcall(iop3xx_gpio_init);
++
++MODULE_DESCRIPTION("GPIO handling for Intel IOP3xx processors");
++MODULE_AUTHOR("Lennert Buytenhek <buytenh@wantstofly.org>");
++MODULE_LICENSE("GPL");
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
+index 0e1376317683..b233cf8436b0 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
+@@ -367,29 +367,50 @@ static int kgd_hqd_sdma_load(struct kgd_dev *kgd, void *mqd)
+ {
+ 	struct amdgpu_device *adev = get_amdgpu_device(kgd);
+ 	struct cik_sdma_rlc_registers *m;
++	unsigned long end_jiffies;
+ 	uint32_t sdma_base_addr;
++	uint32_t data;
+ 
+ 	m = get_sdma_mqd(mqd);
+ 	sdma_base_addr = get_sdma_base_addr(m);
+ 
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_VIRTUAL_ADDR,
+-			m->sdma_rlc_virtual_addr);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
++		m->sdma_rlc_rb_cntl & (~SDMA0_RLC0_RB_CNTL__RB_ENABLE_MASK));
+ 
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE,
+-			m->sdma_rlc_rb_base);
++	end_jiffies = msecs_to_jiffies(2000) + jiffies;
++	while (true) {
++		data = RREG32(sdma_base_addr + mmSDMA0_RLC0_CONTEXT_STATUS);
++		if (data & SDMA0_RLC0_CONTEXT_STATUS__IDLE_MASK)
++			break;
++		if (time_after(jiffies, end_jiffies))
++			return -ETIME;
++		usleep_range(500, 1000);
++	}
++	if (m->sdma_engine_id) {
++		data = RREG32(mmSDMA1_GFX_CONTEXT_CNTL);
++		data = REG_SET_FIELD(data, SDMA1_GFX_CONTEXT_CNTL,
++				RESUME_CTX, 0);
++		WREG32(mmSDMA1_GFX_CONTEXT_CNTL, data);
++	} else {
++		data = RREG32(mmSDMA0_GFX_CONTEXT_CNTL);
++		data = REG_SET_FIELD(data, SDMA0_GFX_CONTEXT_CNTL,
++				RESUME_CTX, 0);
++		WREG32(mmSDMA0_GFX_CONTEXT_CNTL, data);
++	}
+ 
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL,
++				m->sdma_rlc_doorbell);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR, 0);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_WPTR, 0);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_VIRTUAL_ADDR,
++				m->sdma_rlc_virtual_addr);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE, m->sdma_rlc_rb_base);
+ 	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE_HI,
+ 			m->sdma_rlc_rb_base_hi);
+-
+ 	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR_ADDR_LO,
+ 			m->sdma_rlc_rb_rptr_addr_lo);
+-
+ 	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR_ADDR_HI,
+ 			m->sdma_rlc_rb_rptr_addr_hi);
+-
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL,
+-			m->sdma_rlc_doorbell);
+-
+ 	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
+ 			m->sdma_rlc_rb_cntl);
+ 
+@@ -492,9 +513,9 @@ static int kgd_hqd_sdma_destroy(struct kgd_dev *kgd, void *mqd,
+ 	}
+ 
+ 	WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL, 0);
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR, 0);
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_WPTR, 0);
+-	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE, 0);
++	WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
++		RREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL) |
++		SDMA0_RLC0_RB_CNTL__RB_ENABLE_MASK);
+ 
+ 	return 0;
+ }
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
+index d83de985e88c..8577a563600f 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
+@@ -215,8 +215,8 @@ static int update_mqd_sdma(struct mqd_manager *mm, void *mqd,
+ 	BUG_ON(!mm || !mqd || !q);
+ 
+ 	m = get_sdma_mqd(mqd);
+-	m->sdma_rlc_rb_cntl = ffs(q->queue_size / sizeof(unsigned int)) <<
+-			SDMA0_RLC0_RB_CNTL__RB_SIZE__SHIFT |
++	m->sdma_rlc_rb_cntl = (ffs(q->queue_size / sizeof(unsigned int)) - 1)
++			<< SDMA0_RLC0_RB_CNTL__RB_SIZE__SHIFT |
+ 			q->vmid << SDMA0_RLC0_RB_CNTL__RB_VMID__SHIFT |
+ 			1 << SDMA0_RLC0_RB_CNTL__RPTR_WRITEBACK_ENABLE__SHIFT |
+ 			6 << SDMA0_RLC0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT;
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
+index 7b69070f7ecc..aa41b840048f 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
+@@ -205,6 +205,24 @@ int pqm_create_queue(struct process_queue_manager *pqm,
+ 
+ 	switch (type) {
+ 	case KFD_QUEUE_TYPE_SDMA:
++		if (dev->dqm->queue_count >=
++			CIK_SDMA_QUEUES_PER_ENGINE * CIK_SDMA_ENGINE_NUM) {
++			pr_err("Over-subscription is not allowed for SDMA.\n");
++			retval = -EPERM;
++			goto err_create_queue;
++		}
++
++		retval = create_cp_queue(pqm, dev, &q, properties, f, *qid);
++		if (retval != 0)
++			goto err_create_queue;
++		pqn->q = q;
++		pqn->kq = NULL;
++		retval = dev->dqm->ops.create_queue(dev->dqm, q, &pdd->qpd,
++						&q->properties.vmid);
++		pr_debug("DQM returned %d for create_queue\n", retval);
++		print_queue(q);
++		break;
++
+ 	case KFD_QUEUE_TYPE_COMPUTE:
+ 		/* check if there is over subscription */
+ 		if ((sched_policy == KFD_SCHED_POLICY_HWS_NO_OVERSUBSCRIPTION) &&
+diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
+index 7841970de48d..f516b5891932 100644
+--- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
++++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
+@@ -611,7 +611,8 @@ static int omap_dmm_probe(struct platform_device *dev)
+ 		match = of_match_node(dmm_of_match, dev->dev.of_node);
+ 		if (!match) {
+ 			dev_err(&dev->dev, "failed to find matching device node\n");
+-			return -ENODEV;
++			ret = -ENODEV;
++			goto fail;
+ 		}
+ 
+ 		omap_dmm->plat_data = match->data;
+diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
+index ba59eaef2e07..d013acf3f83a 100644
+--- a/drivers/hwmon/pmbus/pmbus_core.c
++++ b/drivers/hwmon/pmbus/pmbus_core.c
+@@ -20,6 +20,7 @@
+  */
+ 
+ #include <linux/kernel.h>
++#include <linux/math64.h>
+ #include <linux/module.h>
+ #include <linux/init.h>
+ #include <linux/err.h>
+@@ -476,8 +477,8 @@ static long pmbus_reg2data_linear(struct pmbus_data *data,
+ static long pmbus_reg2data_direct(struct pmbus_data *data,
+ 				  struct pmbus_sensor *sensor)
+ {
+-	long val = (s16) sensor->data;
+-	long m, b, R;
++	s64 b, val = (s16)sensor->data;
++	s32 m, R;
+ 
+ 	m = data->info->m[sensor->class];
+ 	b = data->info->b[sensor->class];
+@@ -505,11 +506,12 @@ static long pmbus_reg2data_direct(struct pmbus_data *data,
+ 		R--;
+ 	}
+ 	while (R < 0) {
+-		val = DIV_ROUND_CLOSEST(val, 10);
++		val = div_s64(val + 5LL, 10L);  /* round closest */
+ 		R++;
+ 	}
+ 
+-	return (val - b) / m;
++	val = div_s64(val - b, m);
++	return clamp_val(val, LONG_MIN, LONG_MAX);
+ }
+ 
+ /*
+@@ -629,7 +631,8 @@ static u16 pmbus_data2reg_linear(struct pmbus_data *data,
+ static u16 pmbus_data2reg_direct(struct pmbus_data *data,
+ 				 struct pmbus_sensor *sensor, long val)
+ {
+-	long m, b, R;
++	s64 b, val64 = val;
++	s32 m, R;
+ 
+ 	m = data->info->m[sensor->class];
+ 	b = data->info->b[sensor->class];
+@@ -646,18 +649,18 @@ static u16 pmbus_data2reg_direct(struct pmbus_data *data,
+ 		R -= 3;		/* Adjust R and b for data in milli-units */
+ 		b *= 1000;
+ 	}
+-	val = val * m + b;
++	val64 = val64 * m + b;
+ 
+ 	while (R > 0) {
+-		val *= 10;
++		val64 *= 10;
+ 		R--;
+ 	}
+ 	while (R < 0) {
+-		val = DIV_ROUND_CLOSEST(val, 10);
++		val64 = div_s64(val64 + 5LL, 10L);  /* round closest */
+ 		R++;
+ 	}
+ 
+-	return val;
++	return (u16)clamp_val(val64, S16_MIN, S16_MAX);
+ }
+ 
+ static u16 pmbus_data2reg_vid(struct pmbus_data *data,
+diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
+index 5b815e64c1c9..a5a6909280fe 100644
+--- a/drivers/md/bcache/btree.c
++++ b/drivers/md/bcache/btree.c
+@@ -808,7 +808,10 @@ int bch_btree_cache_alloc(struct cache_set *c)
+ 	c->shrink.scan_objects = bch_mca_scan;
+ 	c->shrink.seeks = 4;
+ 	c->shrink.batch = c->btree_pages * 2;
+-	register_shrinker(&c->shrink);
++
++	if (register_shrinker(&c->shrink))
++		pr_warn("bcache: %s: could not register shrinker",
++				__func__);
+ 
+ 	return 0;
+ }
+diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
+index 29428bef272c..3bbc77aa6a33 100644
+--- a/drivers/media/usb/usbtv/usbtv-core.c
++++ b/drivers/media/usb/usbtv/usbtv-core.c
+@@ -127,6 +127,7 @@ static void usbtv_disconnect(struct usb_interface *intf)
+ 
+ static struct usb_device_id usbtv_id_table[] = {
+ 	{ USB_DEVICE(0x1b71, 0x3002) },
++	{ USB_DEVICE(0x1f71, 0x3301) },
+ 	{}
+ };
+ MODULE_DEVICE_TABLE(usb, usbtv_id_table);
+diff --git a/drivers/mtd/nand/denali_pci.c b/drivers/mtd/nand/denali_pci.c
+index de31514df282..d38527e0a2f2 100644
+--- a/drivers/mtd/nand/denali_pci.c
++++ b/drivers/mtd/nand/denali_pci.c
+@@ -119,3 +119,7 @@ static struct pci_driver denali_pci_driver = {
+ };
+ 
+ module_pci_driver(denali_pci_driver);
++
++MODULE_DESCRIPTION("PCI driver for Denali NAND controller");
++MODULE_AUTHOR("Intel Corporation and its suppliers");
++MODULE_LICENSE("GPL v2");
+diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
+index 53803fd6350c..02b23f6277fb 100644
+--- a/drivers/net/ethernet/intel/igb/igb_main.c
++++ b/drivers/net/ethernet/intel/igb/igb_main.c
+@@ -3174,7 +3174,7 @@ static int __igb_close(struct net_device *netdev, bool suspending)
+ 
+ static int igb_close(struct net_device *netdev)
+ {
+-	if (netif_device_present(netdev))
++	if (netif_device_present(netdev) || netdev->dismantle)
+ 		return __igb_close(netdev, false);
+ 	return 0;
+ }
+diff --git a/drivers/net/ethernet/xilinx/Kconfig b/drivers/net/ethernet/xilinx/Kconfig
+index 4f5c024c6192..5d5c0c433f3e 100644
+--- a/drivers/net/ethernet/xilinx/Kconfig
++++ b/drivers/net/ethernet/xilinx/Kconfig
+@@ -34,6 +34,7 @@ config XILINX_AXI_EMAC
+ config XILINX_LL_TEMAC
+ 	tristate "Xilinx LL TEMAC (LocalLink Tri-mode Ethernet MAC) driver"
+ 	depends on (PPC || MICROBLAZE)
++	depends on !64BIT || BROKEN
+ 	select PHYLIB
+ 	---help---
+ 	  This driver supports the Xilinx 10/100/1000 LocalLink TEMAC
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
+index fd221cc4cb79..eb7a9e62371c 100644
+--- a/drivers/net/xen-netfront.c
++++ b/drivers/net/xen-netfront.c
+@@ -86,6 +86,8 @@ struct netfront_cb {
+ /* IRQ name is queue name with "-tx" or "-rx" appended */
+ #define IRQ_NAME_SIZE (QUEUE_NAME_SIZE + 3)
+ 
++static DECLARE_WAIT_QUEUE_HEAD(module_unload_q);
++
+ struct netfront_stats {
+ 	u64			packets;
+ 	u64			bytes;
+@@ -2037,10 +2039,12 @@ static void netback_changed(struct xenbus_device *dev,
+ 		break;
+ 
+ 	case XenbusStateClosed:
++		wake_up_all(&module_unload_q);
+ 		if (dev->state == XenbusStateClosed)
+ 			break;
+ 		/* Missed the backend's CLOSING state -- fallthrough */
+ 	case XenbusStateClosing:
++		wake_up_all(&module_unload_q);
+ 		xenbus_frontend_closed(dev);
+ 		break;
+ 	}
+@@ -2146,6 +2150,20 @@ static int xennet_remove(struct xenbus_device *dev)
+ 
+ 	dev_dbg(&dev->dev, "%s\n", dev->nodename);
+ 
++	if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) {
++		xenbus_switch_state(dev, XenbusStateClosing);
++		wait_event(module_unload_q,
++			   xenbus_read_driver_state(dev->otherend) ==
++			   XenbusStateClosing);
++
++		xenbus_switch_state(dev, XenbusStateClosed);
++		wait_event(module_unload_q,
++			   xenbus_read_driver_state(dev->otherend) ==
++			   XenbusStateClosed ||
++			   xenbus_read_driver_state(dev->otherend) ==
++			   XenbusStateUnknown);
++	}
++
+ 	xennet_disconnect_backend(info);
+ 
+ 	unregister_netdev(info->netdev);
+diff --git a/drivers/power/reset/zx-reboot.c b/drivers/power/reset/zx-reboot.c
+index a5b009673d0e..5eb719e73e9e 100644
+--- a/drivers/power/reset/zx-reboot.c
++++ b/drivers/power/reset/zx-reboot.c
+@@ -78,3 +78,7 @@ static struct platform_driver zx_reboot_driver = {
+ 	},
+ };
+ module_platform_driver(zx_reboot_driver);
++
++MODULE_DESCRIPTION("ZTE SoCs reset driver");
++MODULE_AUTHOR("Jun Nie <jun.nie@linaro.org>");
++MODULE_LICENSE("GPL v2");
+diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
+index 8c758c36fc70..766a9176b4ad 100644
+--- a/drivers/scsi/aacraid/commsup.c
++++ b/drivers/scsi/aacraid/commsup.c
+@@ -1363,13 +1363,13 @@ static int _aac_reset_adapter(struct aac_dev *aac, int forced)
+ 	 * will ensure that i/o is queisced and the card is flushed in that
+ 	 * case.
+ 	 */
++	aac_free_irq(aac);
+ 	aac_fib_map_free(aac);
+ 	pci_free_consistent(aac->pdev, aac->comm_size, aac->comm_addr, aac->comm_phys);
+ 	aac->comm_addr = NULL;
+ 	aac->comm_phys = 0;
+ 	kfree(aac->queues);
+ 	aac->queues = NULL;
+-	aac_free_irq(aac);
+ 	kfree(aac->fsa_dev);
+ 	aac->fsa_dev = NULL;
+ 	quirks = aac_get_driver_ident(index)->quirks;
+diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
+index 0c2482ec7d21..096c867069e9 100644
+--- a/drivers/scsi/ufs/ufshcd.c
++++ b/drivers/scsi/ufs/ufshcd.c
+@@ -4392,12 +4392,15 @@ static int ufshcd_config_vreg(struct device *dev,
+ 		struct ufs_vreg *vreg, bool on)
+ {
+ 	int ret = 0;
+-	struct regulator *reg = vreg->reg;
+-	const char *name = vreg->name;
++	struct regulator *reg;
++	const char *name;
+ 	int min_uV, uA_load;
+ 
+ 	BUG_ON(!vreg);
+ 
++	reg = vreg->reg;
++	name = vreg->name;
++
+ 	if (regulator_count_voltages(reg) > 0) {
+ 		min_uV = on ? vreg->min_uV : 0;
+ 		ret = regulator_set_voltage(reg, min_uV, vreg->max_uV);
+diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
+index 0e5723ab47f0..d17ec6775718 100644
+--- a/drivers/spi/spi-imx.c
++++ b/drivers/spi/spi-imx.c
+@@ -1228,12 +1228,23 @@ static int spi_imx_remove(struct platform_device *pdev)
+ {
+ 	struct spi_master *master = platform_get_drvdata(pdev);
+ 	struct spi_imx_data *spi_imx = spi_master_get_devdata(master);
++	int ret;
+ 
+ 	spi_bitbang_stop(&spi_imx->bitbang);
+ 
++	ret = clk_enable(spi_imx->clk_per);
++	if (ret)
++		return ret;
++
++	ret = clk_enable(spi_imx->clk_ipg);
++	if (ret) {
++		clk_disable(spi_imx->clk_per);
++		return ret;
++	}
++
+ 	writel(0, spi_imx->base + MXC_CSPICTRL);
+-	clk_unprepare(spi_imx->clk_ipg);
+-	clk_unprepare(spi_imx->clk_per);
++	clk_disable_unprepare(spi_imx->clk_ipg);
++	clk_disable_unprepare(spi_imx->clk_per);
+ 	spi_imx_sdma_exit(spi_imx);
+ 	spi_master_put(master);
+ 
+diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+index a076ede50b22..ec90f2781085 100644
+--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
++++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+@@ -1399,19 +1399,13 @@ static int rtw_wx_get_essid(struct net_device *dev,
+ 	if ((check_fwstate(pmlmepriv, _FW_LINKED)) ||
+ 	    (check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE))) {
+ 		len = pcur_bss->Ssid.SsidLength;
+-
+-		wrqu->essid.length = len;
+-
+ 		memcpy(extra, pcur_bss->Ssid.Ssid, len);
+-
+-		wrqu->essid.flags = 1;
+ 	} else {
+-		ret = -1;
+-		goto exit;
++		len = 0;
++		*extra = 0;
+ 	}
+-
+-exit:
+-
++	wrqu->essid.length = len;
++	wrqu->essid.flags = 1;
+ 
+ 	return ret;
+ }
+diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c
+index 016e4be05cec..98176d12b3e1 100644
+--- a/drivers/tty/serial/imx.c
++++ b/drivers/tty/serial/imx.c
+@@ -2057,12 +2057,14 @@ static void serial_imx_enable_wakeup(struct imx_port *sport, bool on)
+ 		val &= ~UCR3_AWAKEN;
+ 	writel(val, sport->port.membase + UCR3);
+ 
+-	val = readl(sport->port.membase + UCR1);
+-	if (on)
+-		val |= UCR1_RTSDEN;
+-	else
+-		val &= ~UCR1_RTSDEN;
+-	writel(val, sport->port.membase + UCR1);
++	if (sport->have_rtscts) {
++		val = readl(sport->port.membase + UCR1);
++		if (on)
++			val |= UCR1_RTSDEN;
++		else
++			val &= ~UCR1_RTSDEN;
++		writel(val, sport->port.membase + UCR1);
++	}
+ }
+ 
+ static int imx_serial_port_suspend_noirq(struct device *dev)
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
+index 3f6bb3fff890..edd8ef4ee502 100644
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -377,7 +377,7 @@ static int acm_submit_read_urb(struct acm *acm, int index, gfp_t mem_flags)
+ 
+ 	res = usb_submit_urb(acm->read_urbs[index], mem_flags);
+ 	if (res) {
+-		if (res != -EPERM) {
++		if (res != -EPERM && res != -ENODEV) {
+ 			dev_err(&acm->data->dev,
+ 					"%s - usb_submit_urb failed: %d\n",
+ 					__func__, res);
+@@ -1695,6 +1695,9 @@ static const struct usb_device_id acm_ids[] = {
+ 	{ USB_DEVICE(0x0ace, 0x1611), /* ZyDAS 56K USB MODEM - new version */
+ 	.driver_info = SINGLE_RX_URB, /* firmware bug */
+ 	},
++	{ USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */
++	.driver_info = SINGLE_RX_URB,
++	},
+ 	{ USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */
+ 	.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
+ 	},
+diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
+index d186d0282a38..f70dd3dd4393 100644
+--- a/drivers/usb/gadget/composite.c
++++ b/drivers/usb/gadget/composite.c
+@@ -104,7 +104,6 @@ int config_ep_by_speed(struct usb_gadget *g,
+ 			struct usb_function *f,
+ 			struct usb_ep *_ep)
+ {
+-	struct usb_composite_dev	*cdev = get_gadget_data(g);
+ 	struct usb_endpoint_descriptor *chosen_desc = NULL;
+ 	struct usb_descriptor_header **speed_desc = NULL;
+ 
+@@ -176,8 +175,12 @@ ep_found:
+ 			_ep->maxburst = comp_desc->bMaxBurst + 1;
+ 			break;
+ 		default:
+-			if (comp_desc->bMaxBurst != 0)
++			if (comp_desc->bMaxBurst != 0) {
++				struct usb_composite_dev *cdev;
++
++				cdev = get_gadget_data(g);
+ 				ERROR(cdev, "ep0 bMaxBurst must be 0\n");
++			}
+ 			_ep->maxburst = 1;
+ 			break;
+ 		}
+diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
+index 39bb65265bff..eb298daf49c7 100644
+--- a/drivers/usb/gadget/function/f_fs.c
++++ b/drivers/usb/gadget/function/f_fs.c
+@@ -3490,7 +3490,8 @@ static void ffs_closed(struct ffs_data *ffs)
+ 	ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
+ 	ffs_dev_unlock();
+ 
+-	unregister_gadget_item(ci);
++	if (test_bit(FFS_FL_BOUND, &ffs->flags))
++		unregister_gadget_item(ci);
+ 	return;
+ done:
+ 	ffs_dev_unlock();
+diff --git a/drivers/usb/serial/Kconfig b/drivers/usb/serial/Kconfig
+index 56ecb8b5115d..584ae8cbaf1c 100644
+--- a/drivers/usb/serial/Kconfig
++++ b/drivers/usb/serial/Kconfig
+@@ -63,6 +63,7 @@ config USB_SERIAL_SIMPLE
+ 		- Google USB serial devices
+ 		- HP4x calculators
+ 		- a number of Motorola phones
++		- Motorola Tetra devices
+ 		- Novatel Wireless GPS receivers
+ 		- Siemens USB/MPI adapter.
+ 		- ViVOtech ViVOpay USB device.
+diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
+index 749e1b674145..6947985ccfb0 100644
+--- a/drivers/usb/serial/io_edgeport.c
++++ b/drivers/usb/serial/io_edgeport.c
+@@ -2219,7 +2219,6 @@ static int write_cmd_usb(struct edgeport_port *edge_port,
+ 		/* something went wrong */
+ 		dev_err(dev, "%s - usb_submit_urb(write command) failed, status = %d\n",
+ 			__func__, status);
+-		usb_kill_urb(urb);
+ 		usb_free_urb(urb);
+ 		atomic_dec(&CmdUrbs);
+ 		return status;
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
+index a818c43a02ec..1799aa058a5b 100644
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -383,6 +383,9 @@ static void option_instat_callback(struct urb *urb);
+ #define FOUR_G_SYSTEMS_PRODUCT_W14		0x9603
+ #define FOUR_G_SYSTEMS_PRODUCT_W100		0x9b01
+ 
++/* Fujisoft products */
++#define FUJISOFT_PRODUCT_FS040U			0x9b02
++
+ /* iBall 3.5G connect wireless modem */
+ #define IBALL_3_5G_CONNECT			0x9605
+ 
+@@ -1897,6 +1900,8 @@ static const struct usb_device_id option_ids[] = {
+ 	{ USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100),
+ 	  .driver_info = (kernel_ulong_t)&four_g_w100_blacklist
+ 	},
++	{USB_DEVICE(LONGCHEER_VENDOR_ID, FUJISOFT_PRODUCT_FS040U),
++	 .driver_info = (kernel_ulong_t)&net_intf3_blacklist},
+ 	{ USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, SPEEDUP_PRODUCT_SU9800, 0xff) },
+ 	{ USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, 0x9801, 0xff),
+ 	  .driver_info = (kernel_ulong_t)&net_intf3_blacklist },
+diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c
+index a51b28379850..3da25ad267a2 100644
+--- a/drivers/usb/serial/pl2303.c
++++ b/drivers/usb/serial/pl2303.c
+@@ -39,6 +39,7 @@ static const struct usb_device_id id_table[] = {
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ2) },
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_DCU11) },
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ3) },
++	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_CHILITAG) },
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_PHAROS) },
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_ALDIGA) },
+ 	{ USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_MMX) },
+diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h
+index 3b5a15d1dc0d..123289085ee2 100644
+--- a/drivers/usb/serial/pl2303.h
++++ b/drivers/usb/serial/pl2303.h
+@@ -17,6 +17,7 @@
+ #define PL2303_PRODUCT_ID_DCU11		0x1234
+ #define PL2303_PRODUCT_ID_PHAROS	0xaaa0
+ #define PL2303_PRODUCT_ID_RSAQ3		0xaaa2
++#define PL2303_PRODUCT_ID_CHILITAG	0xaaa8
+ #define PL2303_PRODUCT_ID_ALDIGA	0x0611
+ #define PL2303_PRODUCT_ID_MMX		0x0612
+ #define PL2303_PRODUCT_ID_GPRS		0x0609
+diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c
+index e98b6e57b703..6aa7ff2c1cf7 100644
+--- a/drivers/usb/serial/usb-serial-simple.c
++++ b/drivers/usb/serial/usb-serial-simple.c
+@@ -80,6 +80,11 @@ DEVICE(vivopay, VIVOPAY_IDS);
+ 	{ USB_DEVICE(0x22b8, 0x2c64) }	/* Motorola V950 phone */
+ DEVICE(moto_modem, MOTO_IDS);
+ 
++/* Motorola Tetra driver */
++#define MOTOROLA_TETRA_IDS()			\
++	{ USB_DEVICE(0x0cad, 0x9011) }	/* Motorola Solutions TETRA PEI */
++DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS);
++
+ /* Novatel Wireless GPS driver */
+ #define NOVATEL_IDS()			\
+ 	{ USB_DEVICE(0x09d7, 0x0100) }	/* NovAtel FlexPack GPS */
+@@ -110,6 +115,7 @@ static struct usb_serial_driver * const serial_drivers[] = {
+ 	&google_device,
+ 	&vivopay_device,
+ 	&moto_modem_device,
++	&motorola_tetra_device,
+ 	&novatel_gps_device,
+ 	&hp4x_device,
+ 	&suunto_device,
+@@ -125,6 +131,7 @@ static const struct usb_device_id id_table[] = {
+ 	GOOGLE_IDS(),
+ 	VIVOPAY_IDS(),
+ 	MOTO_IDS(),
++	MOTOROLA_TETRA_IDS(),
+ 	NOVATEL_IDS(),
+ 	HP4X_IDS(),
+ 	SUUNTO_IDS(),
+diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
+index f952635ebe5f..de7214ae4fed 100644
+--- a/drivers/usb/storage/uas.c
++++ b/drivers/usb/storage/uas.c
+@@ -1052,20 +1052,19 @@ static int uas_post_reset(struct usb_interface *intf)
+ 		return 0;
+ 
+ 	err = uas_configure_endpoints(devinfo);
+-	if (err) {
++	if (err && err != ENODEV)
+ 		shost_printk(KERN_ERR, shost,
+ 			     "%s: alloc streams error %d after reset",
+ 			     __func__, err);
+-		return 1;
+-	}
+ 
++	/* we must unblock the host in every case lest we deadlock */
+ 	spin_lock_irqsave(shost->host_lock, flags);
+ 	scsi_report_bus_reset(shost, 0);
+ 	spin_unlock_irqrestore(shost->host_lock, flags);
+ 
+ 	scsi_unblock_requests(shost);
+ 
+-	return 0;
++	return err ? 1 : 0;
+ }
+ 
+ static int uas_suspend(struct usb_interface *intf, pm_message_t message)
+diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
+index cfe99bec49de..45934deacfd7 100644
+--- a/fs/btrfs/free-space-cache.c
++++ b/fs/btrfs/free-space-cache.c
+@@ -1258,7 +1258,7 @@ static int __btrfs_write_out_cache(struct btrfs_root *root, struct inode *inode,
+ 	/* Lock all pages first so we can lock the extent safely. */
+ 	ret = io_ctl_prepare_pages(io_ctl, inode, 0);
+ 	if (ret)
+-		goto out;
++		goto out_unlock;
+ 
+ 	lock_extent_bits(&BTRFS_I(inode)->io_tree, 0, i_size_read(inode) - 1,
+ 			 0, &cached_state);
+@@ -1351,6 +1351,7 @@ out_nospc_locked:
+ out_nospc:
+ 	cleanup_write_cache_enospc(inode, io_ctl, &cached_state, &bitmap_list);
+ 
++out_unlock:
+ 	if (block_group && (block_group->flags & BTRFS_BLOCK_GROUP_DATA))
+ 		up_write(&block_group->data_rwsem);
+ 
+diff --git a/fs/nfs_common/grace.c b/fs/nfs_common/grace.c
+index fd8c9a5bcac4..77d136ac8909 100644
+--- a/fs/nfs_common/grace.c
++++ b/fs/nfs_common/grace.c
+@@ -30,7 +30,11 @@ locks_start_grace(struct net *net, struct lock_manager *lm)
+ 	struct list_head *grace_list = net_generic(net, grace_net_id);
+ 
+ 	spin_lock(&grace_lock);
+-	list_add(&lm->list, grace_list);
++	if (list_empty(&lm->list))
++		list_add(&lm->list, grace_list);
++	else
++		WARN(1, "double list_add attempt detected in net %x %s\n",
++		     net->ns.inum, (net == &init_net) ? "(init_net)" : "");
+ 	spin_unlock(&grace_lock);
+ }
+ EXPORT_SYMBOL_GPL(locks_start_grace);
+@@ -104,7 +108,9 @@ grace_exit_net(struct net *net)
+ {
+ 	struct list_head *grace_list = net_generic(net, grace_net_id);
+ 
+-	BUG_ON(!list_empty(grace_list));
++	WARN_ONCE(!list_empty(grace_list),
++		  "net %x %s: grace_list is not empty\n",
++		  net->ns.inum, __func__);
+ }
+ 
+ static struct pernet_operations grace_net_ops = {
+diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
+index 11c67e8b939d..ba27a5ff8677 100644
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -63,12 +63,16 @@ static const stateid_t zero_stateid = {
+ static const stateid_t currentstateid = {
+ 	.si_generation = 1,
+ };
++static const stateid_t close_stateid = {
++	.si_generation = 0xffffffffU,
++};
+ 
+ static u64 current_sessionid = 1;
+ 
+ #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
+ #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
+ #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
++#define CLOSE_STATEID(stateid)  (!memcmp((stateid), &close_stateid, sizeof(stateid_t)))
+ 
+ /* forward declarations */
+ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
+@@ -4701,7 +4705,8 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
+ 	struct nfs4_stid *s;
+ 	__be32 status = nfserr_bad_stateid;
+ 
+-	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
++	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
++		CLOSE_STATEID(stateid))
+ 		return status;
+ 	/* Client debugging aid. */
+ 	if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
+@@ -4759,7 +4764,8 @@ nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate,
+ 	else if (typemask & NFS4_DELEG_STID)
+ 		typemask |= NFS4_REVOKED_DELEG_STID;
+ 
+-	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
++	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
++		CLOSE_STATEID(stateid))
+ 		return nfserr_bad_stateid;
+ 	status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn);
+ 	if (status == nfserr_stale_clientid) {
+@@ -5011,15 +5017,9 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
+ 	status = nfsd4_check_seqid(cstate, sop, seqid);
+ 	if (status)
+ 		return status;
+-	if (stp->st_stid.sc_type == NFS4_CLOSED_STID
+-		|| stp->st_stid.sc_type == NFS4_REVOKED_DELEG_STID)
+-		/*
+-		 * "Closed" stateid's exist *only* to return
+-		 * nfserr_replay_me from the previous step, and
+-		 * revoked delegations are kept only for free_stateid.
+-		 */
+-		return nfserr_bad_stateid;
+-	mutex_lock(&stp->st_mutex);
++	status = nfsd4_lock_ol_stateid(stp);
++	if (status != nfs_ok)
++		return status;
+ 	status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
+ 	if (status == nfs_ok)
+ 		status = nfs4_check_fh(current_fh, &stp->st_stid);
+@@ -5243,6 +5243,11 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
+ 	nfsd4_close_open_stateid(stp);
+ 	mutex_unlock(&stp->st_mutex);
+ 
++	/* See RFC5661 sectionm 18.2.4 */
++	if (stp->st_stid.sc_client->cl_minorversion)
++		memcpy(&close->cl_stateid, &close_stateid,
++				sizeof(close->cl_stateid));
++
+ 	/* put reference from nfs4_preprocess_seqid_op */
+ 	nfs4_put_stid(&stp->st_stid);
+ out:
+@@ -6787,6 +6792,10 @@ static int nfs4_state_create_net(struct net *net)
+ 		INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]);
+ 	nn->conf_name_tree = RB_ROOT;
+ 	nn->unconf_name_tree = RB_ROOT;
++	nn->boot_time = get_seconds();
++	nn->grace_ended = false;
++	nn->nfsd4_manager.block_opens = true;
++	INIT_LIST_HEAD(&nn->nfsd4_manager.list);
+ 	INIT_LIST_HEAD(&nn->client_lru);
+ 	INIT_LIST_HEAD(&nn->close_lru);
+ 	INIT_LIST_HEAD(&nn->del_recall_lru);
+@@ -6841,9 +6850,6 @@ nfs4_state_start_net(struct net *net)
+ 	ret = nfs4_state_create_net(net);
+ 	if (ret)
+ 		return ret;
+-	nn->boot_time = get_seconds();
+-	nn->grace_ended = false;
+-	nn->nfsd4_manager.block_opens = true;
+ 	locks_start_grace(net, &nn->nfsd4_manager);
+ 	nfsd4_client_tracking_init(net);
+ 	printk(KERN_INFO "NFSD: starting %ld-second grace period (net %p)\n",
+diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
+index 353ff31dcee1..1cb1d02c5937 100644
+--- a/fs/quota/dquot.c
++++ b/fs/quota/dquot.c
+@@ -2919,7 +2919,8 @@ static int __init dquot_init(void)
+ 	pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
+ 		" %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
+ 
+-	register_shrinker(&dqcache_shrinker);
++	if (register_shrinker(&dqcache_shrinker))
++		panic("Cannot register dquot shrinker");
+ 
+ 	return 0;
+ }
+diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
+index a9063ac50c4e..da72090b9ce7 100644
+--- a/fs/xfs/xfs_aops.c
++++ b/fs/xfs/xfs_aops.c
+@@ -310,7 +310,7 @@ xfs_map_blocks(
+ 	       (ip->i_df.if_flags & XFS_IFEXTENTS));
+ 	ASSERT(offset <= mp->m_super->s_maxbytes);
+ 
+-	if (offset + count > mp->m_super->s_maxbytes)
++	if ((xfs_ufsize_t)offset + count > mp->m_super->s_maxbytes)
+ 		count = mp->m_super->s_maxbytes - offset;
+ 	end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + count);
+ 	offset_fsb = XFS_B_TO_FSBT(mp, offset);
+@@ -1360,7 +1360,7 @@ xfs_map_trim_size(
+ 	if (mapping_size > size)
+ 		mapping_size = size;
+ 	if (offset < i_size_read(inode) &&
+-	    offset + mapping_size >= i_size_read(inode)) {
++	    (xfs_ufsize_t)offset + mapping_size >= i_size_read(inode)) {
+ 		/* limit mapping to block that spans EOF */
+ 		mapping_size = roundup_64(i_size_read(inode) - offset,
+ 					  i_blocksize(inode));
+@@ -1416,7 +1416,7 @@ __xfs_get_blocks(
+ 	}
+ 
+ 	ASSERT(offset <= mp->m_super->s_maxbytes);
+-	if (offset + size > mp->m_super->s_maxbytes)
++	if ((xfs_ufsize_t)offset + size > mp->m_super->s_maxbytes)
+ 		size = mp->m_super->s_maxbytes - offset;
+ 	end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + size);
+ 	offset_fsb = XFS_B_TO_FSBT(mp, offset);
+diff --git a/include/linux/bpf.h b/include/linux/bpf.h
+index f2157159b26f..132585a7fbd8 100644
+--- a/include/linux/bpf.h
++++ b/include/linux/bpf.h
+@@ -31,17 +31,25 @@ struct bpf_map_ops {
+ };
+ 
+ struct bpf_map {
+-	atomic_t refcnt;
++	/* 1st cacheline with read-mostly members of which some
++	 * are also accessed in fast-path (e.g. ops, max_entries).
++	 */
++	const struct bpf_map_ops *ops ____cacheline_aligned;
+ 	enum bpf_map_type map_type;
+ 	u32 key_size;
+ 	u32 value_size;
+ 	u32 max_entries;
+ 	u32 pages;
+ 	bool unpriv_array;
+-	struct user_struct *user;
+-	const struct bpf_map_ops *ops;
+-	struct work_struct work;
++	/* 7 bytes hole */
++
++	/* 2nd cacheline with misc members to avoid false sharing
++	 * particularly with refcounting.
++	 */
++	struct user_struct *user ____cacheline_aligned;
++	atomic_t refcnt;
+ 	atomic_t usercnt;
++	struct work_struct work;
+ };
+ 
+ struct bpf_map_type_list {
+diff --git a/init/Kconfig b/init/Kconfig
+index 235c7a2c0d20..ef2f97dc6010 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1556,6 +1556,13 @@ config BPF_SYSCALL
+ 	  Enable the bpf() system call that allows to manipulate eBPF
+ 	  programs and maps via file descriptors.
+ 
++config BPF_JIT_ALWAYS_ON
++	bool "Permanently enable BPF JIT and remove BPF interpreter"
++	depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
++	help
++	  Enables BPF JIT and removes BPF interpreter to avoid
++	  speculative execution of BPF instructions by the interpreter
++
+ config SHMEM
+ 	bool "Use full shmem filesystem" if EXPERT
+ 	default y
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
+index 3fd76cf0c21e..eb52d11fdaa7 100644
+--- a/kernel/bpf/core.c
++++ b/kernel/bpf/core.c
+@@ -256,6 +256,7 @@ noinline u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
+ }
+ EXPORT_SYMBOL_GPL(__bpf_call_base);
+ 
++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
+ /**
+  *	__bpf_prog_run - run eBPF program on a given context
+  *	@ctx: is the data we are operating on
+@@ -443,7 +444,7 @@ select_insn:
+ 		DST = tmp;
+ 		CONT;
+ 	ALU_MOD_X:
+-		if (unlikely(SRC == 0))
++		if (unlikely((u32)SRC == 0))
+ 			return 0;
+ 		tmp = (u32) DST;
+ 		DST = do_div(tmp, (u32) SRC);
+@@ -462,7 +463,7 @@ select_insn:
+ 		DST = div64_u64(DST, SRC);
+ 		CONT;
+ 	ALU_DIV_X:
+-		if (unlikely(SRC == 0))
++		if (unlikely((u32)SRC == 0))
+ 			return 0;
+ 		tmp = (u32) DST;
+ 		do_div(tmp, (u32) SRC);
+@@ -517,7 +518,7 @@ select_insn:
+ 		struct bpf_map *map = (struct bpf_map *) (unsigned long) BPF_R2;
+ 		struct bpf_array *array = container_of(map, struct bpf_array, map);
+ 		struct bpf_prog *prog;
+-		u64 index = BPF_R3;
++		u32 index = BPF_R3;
+ 
+ 		if (unlikely(index >= array->map.max_entries))
+ 			goto out;
+@@ -725,6 +726,13 @@ load_byte:
+ 		return 0;
+ }
+ 
++#else
++static unsigned int __bpf_prog_ret0(void *ctx, const struct bpf_insn *insn)
++{
++	return 0;
++}
++#endif
++
+ bool bpf_prog_array_compatible(struct bpf_array *array,
+ 			       const struct bpf_prog *fp)
+ {
+@@ -771,9 +779,23 @@ static int bpf_check_tail_call(const struct bpf_prog *fp)
+  */
+ int bpf_prog_select_runtime(struct bpf_prog *fp)
+ {
++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
+ 	fp->bpf_func = (void *) __bpf_prog_run;
+-
++#else
++	fp->bpf_func = (void *) __bpf_prog_ret0;
++#endif
++
++	/* eBPF JITs can rewrite the program in case constant
++	 * blinding is active. However, in case of error during
++	 * blinding, bpf_int_jit_compile() must always return a
++	 * valid program, which in this case would simply not
++	 * be JITed, but falls back to the interpreter.
++	 */
+ 	bpf_int_jit_compile(fp);
++#ifdef CONFIG_BPF_JIT_ALWAYS_ON
++	if (!fp->jited)
++		return -ENOTSUPP;
++#endif
+ 	bpf_prog_lock_ro(fp);
+ 
+ 	/* The tail call compatibility check can only be done at
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index 014c2d759916..c14003840bc5 100644
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -191,6 +191,7 @@ struct bpf_insn_aux_data {
+ 		enum bpf_reg_type ptr_type;	/* pointer type for load/store insns */
+ 		struct bpf_map *map_ptr;	/* pointer for call insn into lookup_elem */
+ 	};
++	bool seen; /* this insn was processed by the verifier */
+ };
+ 
+ #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
+@@ -682,6 +683,13 @@ static bool is_pointer_value(struct verifier_env *env, int regno)
+ 	}
+ }
+ 
++static bool is_ctx_reg(struct verifier_env *env, int regno)
++{
++	const struct reg_state *reg = &env->cur_state.regs[regno];
++
++	return reg->type == PTR_TO_CTX;
++}
++
+ /* check whether memory at (regno + off) is accessible for t = (read | write)
+  * if t==write, value_regno is a register which value is stored into memory
+  * if t==read, value_regno is a register which will receive the value from memory
+@@ -778,6 +786,12 @@ static int check_xadd(struct verifier_env *env, struct bpf_insn *insn)
+ 		return -EACCES;
+ 	}
+ 
++	if (is_ctx_reg(env, insn->dst_reg)) {
++		verbose("BPF_XADD stores into R%d context is not allowed\n",
++			insn->dst_reg);
++		return -EACCES;
++	}
++
+ 	/* check whether atomic_add can read the memory */
+ 	err = check_mem_access(env, insn->dst_reg, insn->off,
+ 			       BPF_SIZE(insn->code), BPF_READ, -1);
+@@ -1164,6 +1178,11 @@ static int check_alu_op(struct verifier_env *env, struct bpf_insn *insn)
+ 			return -EINVAL;
+ 		}
+ 
++		if (opcode == BPF_ARSH && BPF_CLASS(insn->code) != BPF_ALU64) {
++			verbose("BPF_ARSH not supported for 32 bit ALU\n");
++			return -EINVAL;
++		}
++
+ 		if ((opcode == BPF_LSH || opcode == BPF_RSH ||
+ 		     opcode == BPF_ARSH) && BPF_SRC(insn->code) == BPF_K) {
+ 			int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32;
+@@ -1793,6 +1812,7 @@ static int do_check(struct verifier_env *env)
+ 			print_bpf_insn(env, insn);
+ 		}
+ 
++		env->insn_aux_data[insn_idx].seen = true;
+ 		if (class == BPF_ALU || class == BPF_ALU64) {
+ 			err = check_alu_op(env, insn);
+ 			if (err)
+@@ -1902,6 +1922,12 @@ static int do_check(struct verifier_env *env)
+ 			if (err)
+ 				return err;
+ 
++			if (is_ctx_reg(env, insn->dst_reg)) {
++				verbose("BPF_ST stores into R%d context is not allowed\n",
++					insn->dst_reg);
++				return -EACCES;
++			}
++
+ 			/* check that memory (dst_reg + off) is writeable */
+ 			err = check_mem_access(env, insn->dst_reg, insn->off,
+ 					       BPF_SIZE(insn->code), BPF_WRITE,
+@@ -1988,6 +2014,7 @@ process_bpf_exit:
+ 					return err;
+ 
+ 				insn_idx++;
++				env->insn_aux_data[insn_idx].seen = true;
+ 			} else {
+ 				verbose("invalid BPF_LD mode\n");
+ 				return -EINVAL;
+@@ -2125,6 +2152,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
+ 				u32 off, u32 cnt)
+ {
+ 	struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
++	int i;
+ 
+ 	if (cnt == 1)
+ 		return 0;
+@@ -2134,6 +2162,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
+ 	memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
+ 	memcpy(new_data + off + cnt - 1, old_data + off,
+ 	       sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
++	for (i = off; i < off + cnt - 1; i++)
++		new_data[i].seen = true;
+ 	env->insn_aux_data = new_data;
+ 	vfree(old_data);
+ 	return 0;
+@@ -2152,6 +2182,25 @@ static struct bpf_prog *bpf_patch_insn_data(struct verifier_env *env, u32 off,
+ 	return new_prog;
+ }
+ 
++/* The verifier does more data flow analysis than llvm and will not explore
++ * branches that are dead at run time. Malicious programs can have dead code
++ * too. Therefore replace all dead at-run-time code with nops.
++ */
++static void sanitize_dead_code(struct verifier_env *env)
++{
++	struct bpf_insn_aux_data *aux_data = env->insn_aux_data;
++	struct bpf_insn nop = BPF_MOV64_REG(BPF_REG_0, BPF_REG_0);
++	struct bpf_insn *insn = env->prog->insnsi;
++	const int insn_cnt = env->prog->len;
++	int i;
++
++	for (i = 0; i < insn_cnt; i++) {
++		if (aux_data[i].seen)
++			continue;
++		memcpy(insn + i, &nop, sizeof(nop));
++	}
++}
++
+ /* convert load instructions that access fields of 'struct __sk_buff'
+  * into sequence of instructions that access fields of 'struct sk_buff'
+  */
+@@ -2218,6 +2267,24 @@ static int fixup_bpf_calls(struct verifier_env *env)
+ 	int i, cnt, delta = 0;
+ 
+ 	for (i = 0; i < insn_cnt; i++, insn++) {
++		if (insn->code == (BPF_ALU | BPF_MOD | BPF_X) ||
++		    insn->code == (BPF_ALU | BPF_DIV | BPF_X)) {
++			/* due to JIT bugs clear upper 32-bits of src register
++			 * before div/mod operation
++			 */
++			insn_buf[0] = BPF_MOV32_REG(insn->src_reg, insn->src_reg);
++			insn_buf[1] = *insn;
++			cnt = 2;
++			new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
++			if (!new_prog)
++				return -ENOMEM;
++
++			delta    += cnt - 1;
++			env->prog = prog = new_prog;
++			insn      = new_prog->insnsi + i + delta;
++			continue;
++		}
++
+ 		if (insn->code != (BPF_JMP | BPF_CALL))
+ 			continue;
+ 
+@@ -2370,6 +2437,9 @@ skip_full_check:
+ 	while (pop_stack(env, NULL) >= 0);
+ 	free_states(env);
+ 
++	if (ret == 0)
++		sanitize_dead_code(env);
++
+ 	if (ret == 0)
+ 		/* program is valid, convert *(u32*)(ctx + off) accesses */
+ 		ret = convert_ctx_accesses(env);
+diff --git a/lib/test_bpf.c b/lib/test_bpf.c
+index 7e26aea3e404..b7908d949a5f 100644
+--- a/lib/test_bpf.c
++++ b/lib/test_bpf.c
+@@ -5304,9 +5304,8 @@ static struct bpf_prog *generate_filter(int which, int *err)
+ 				return NULL;
+ 			}
+ 		}
+-		/* We don't expect to fail. */
+ 		if (*err) {
+-			pr_cont("FAIL to attach err=%d len=%d\n",
++			pr_cont("FAIL to prog_create err=%d len=%d\n",
+ 				*err, fprog.len);
+ 			return NULL;
+ 		}
+@@ -5325,7 +5324,11 @@ static struct bpf_prog *generate_filter(int which, int *err)
+ 		fp->type = BPF_PROG_TYPE_SOCKET_FILTER;
+ 		memcpy(fp->insnsi, fptr, fp->len * sizeof(struct bpf_insn));
+ 
+-		bpf_prog_select_runtime(fp);
++		*err = bpf_prog_select_runtime(fp);
++		if (*err) {
++			pr_cont("FAIL to select_runtime err=%d\n", *err);
++			return NULL;
++		}
+ 		break;
+ 	}
+ 
+@@ -5511,8 +5514,8 @@ static __init int test_bpf(void)
+ 				pass_cnt++;
+ 				continue;
+ 			}
+-
+-			return err;
++			err_cnt++;
++			continue;
+ 		}
+ 
+ 		pr_cont("jited:%u ", fp->jited);
+diff --git a/mm/kmemleak.c b/mm/kmemleak.c
+index 19423a45d7d7..1914ab9009d9 100644
+--- a/mm/kmemleak.c
++++ b/mm/kmemleak.c
+@@ -1394,6 +1394,8 @@ static void kmemleak_scan(void)
+ 			if (page_count(page) == 0)
+ 				continue;
+ 			scan_block(page, page + 1, NULL);
++			if (!(pfn % (MAX_SCAN_SIZE / sizeof(*page))))
++				cond_resched();
+ 		}
+ 	}
+ 	put_online_mems();
+diff --git a/net/Kconfig b/net/Kconfig
+index 127da94ae25e..6d94140beacc 100644
+--- a/net/Kconfig
++++ b/net/Kconfig
+@@ -388,3 +388,6 @@ endif   # if NET
+ # Used by archs to tell that they support BPF_JIT
+ config HAVE_BPF_JIT
+ 	bool
++
++config HAVE_EBPF_JIT
++	bool
+diff --git a/net/core/filter.c b/net/core/filter.c
+index e94355452166..1a9ded6af138 100644
+--- a/net/core/filter.c
++++ b/net/core/filter.c
+@@ -430,6 +430,10 @@ do_pass:
+ 			    convert_bpf_extensions(fp, &insn))
+ 				break;
+ 
++			if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) ||
++			    fp->code == (BPF_ALU | BPF_MOD | BPF_X))
++				*insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X);
++
+ 			*insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k);
+ 			break;
+ 
+@@ -984,7 +988,9 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
+ 		 */
+ 		goto out_err_free;
+ 
+-	bpf_prog_select_runtime(fp);
++	err = bpf_prog_select_runtime(fp);
++	if (err)
++		goto out_err_free;
+ 
+ 	kfree(old_prog);
+ 	return fp;
+diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
+index f5ef2115871f..6578a0a2f708 100644
+--- a/net/core/sysctl_net_core.c
++++ b/net/core/sysctl_net_core.c
+@@ -292,7 +292,13 @@ static struct ctl_table net_core_table[] = {
+ 		.data		= &bpf_jit_enable,
+ 		.maxlen		= sizeof(int),
+ 		.mode		= 0644,
++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
+ 		.proc_handler	= proc_dointvec
++#else
++		.proc_handler	= proc_dointvec_minmax,
++		.extra1		= &one,
++		.extra2		= &one,
++#endif
+ 	},
+ #endif
+ 	{
+diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
+index c6be0b4f4058..e68a409fc351 100644
+--- a/net/mac80211/mesh_hwmp.c
++++ b/net/mac80211/mesh_hwmp.c
+@@ -776,7 +776,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 	struct mesh_path *mpath;
+ 	u8 ttl, flags, hopcount;
+ 	const u8 *orig_addr;
+-	u32 orig_sn, metric, metric_txsta, interval;
++	u32 orig_sn, new_metric, orig_metric, last_hop_metric, interval;
+ 	bool root_is_gate;
+ 
+ 	ttl = rann->rann_ttl;
+@@ -787,7 +787,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 	interval = le32_to_cpu(rann->rann_interval);
+ 	hopcount = rann->rann_hopcount;
+ 	hopcount++;
+-	metric = le32_to_cpu(rann->rann_metric);
++	orig_metric = le32_to_cpu(rann->rann_metric);
+ 
+ 	/*  Ignore our own RANNs */
+ 	if (ether_addr_equal(orig_addr, sdata->vif.addr))
+@@ -804,7 +804,10 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 		return;
+ 	}
+ 
+-	metric_txsta = airtime_link_metric_get(local, sta);
++	last_hop_metric = airtime_link_metric_get(local, sta);
++	new_metric = orig_metric + last_hop_metric;
++	if (new_metric < orig_metric)
++		new_metric = MAX_METRIC;
+ 
+ 	mpath = mesh_path_lookup(sdata, orig_addr);
+ 	if (!mpath) {
+@@ -817,7 +820,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 	}
+ 
+ 	if (!(SN_LT(mpath->sn, orig_sn)) &&
+-	    !(mpath->sn == orig_sn && metric < mpath->rann_metric)) {
++	    !(mpath->sn == orig_sn && new_metric < mpath->rann_metric)) {
+ 		rcu_read_unlock();
+ 		return;
+ 	}
+@@ -835,7 +838,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 	}
+ 
+ 	mpath->sn = orig_sn;
+-	mpath->rann_metric = metric + metric_txsta;
++	mpath->rann_metric = new_metric;
+ 	mpath->is_root = true;
+ 	/* Recording RANNs sender address to send individually
+ 	 * addressed PREQs destined for root mesh STA */
+@@ -855,7 +858,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
+ 		mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
+ 				       orig_sn, 0, NULL, 0, broadcast_addr,
+ 				       hopcount, ttl, interval,
+-				       metric + metric_txsta, 0, sdata);
++				       new_metric, 0, sdata);
+ 	}
+ 
+ 	rcu_read_unlock();
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
+index d26b28def310..21e4d339217e 100644
+--- a/net/openvswitch/flow_netlink.c
++++ b/net/openvswitch/flow_netlink.c
+@@ -1672,14 +1672,11 @@ int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
+ 
+ #define MAX_ACTIONS_BUFSIZE	(32 * 1024)
+ 
+-static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log)
++static struct sw_flow_actions *nla_alloc_flow_actions(int size)
+ {
+ 	struct sw_flow_actions *sfa;
+ 
+-	if (size > MAX_ACTIONS_BUFSIZE) {
+-		OVS_NLERR(log, "Flow action size %u bytes exceeds max", size);
+-		return ERR_PTR(-EINVAL);
+-	}
++	WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
+ 
+ 	sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
+ 	if (!sfa)
+@@ -1752,12 +1749,15 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
+ 	new_acts_size = ksize(*sfa) * 2;
+ 
+ 	if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
+-		if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
++		if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
++			OVS_NLERR(log, "Flow action size exceeds max %u",
++				  MAX_ACTIONS_BUFSIZE);
+ 			return ERR_PTR(-EMSGSIZE);
++		}
+ 		new_acts_size = MAX_ACTIONS_BUFSIZE;
+ 	}
+ 
+-	acts = nla_alloc_flow_actions(new_acts_size, log);
++	acts = nla_alloc_flow_actions(new_acts_size);
+ 	if (IS_ERR(acts))
+ 		return (void *)acts;
+ 
+@@ -2369,7 +2369,7 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+ {
+ 	int err;
+ 
+-	*sfa = nla_alloc_flow_actions(nla_len(attr), log);
++	*sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
+ 	if (IS_ERR(*sfa))
+ 		return PTR_ERR(*sfa);
+ 
+diff --git a/net/socket.c b/net/socket.c
+index 2cf4f25f5c2b..5b31e5baf3b5 100644
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -2534,6 +2534,15 @@ out_fs:
+ 
+ core_initcall(sock_init);	/* early initcall */
+ 
++static int __init jit_init(void)
++{
++#ifdef CONFIG_BPF_JIT_ALWAYS_ON
++	bpf_jit_enable = 1;
++#endif
++	return 0;
++}
++pure_initcall(jit_init);
++
+ #ifdef CONFIG_PROC_FS
+ void socket_seq_show(struct seq_file *seq)
+ {
+diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
+index 27b6f55fa43a..728d65fbab0c 100644
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -2360,6 +2360,7 @@ static void xs_tcp_setup_socket(struct work_struct *work)
+ 	case -ECONNREFUSED:
+ 	case -ECONNRESET:
+ 	case -ENETUNREACH:
++	case -EHOSTUNREACH:
+ 	case -EADDRINUSE:
+ 	case -ENOBUFS:
+ 		/* retry with existing socket, after a delay */
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index 4b56c3b6c25f..3f370eb494d1 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -4032,6 +4032,8 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
+ 	struct lsm_network_audit net = {0,};
+ 	u32 tsid = task_sid(task);
+ 
++	if (!sksec)
++		return -EFAULT;
+ 	if (sksec->sid == SECINITSID_KERNEL)
+ 		return 0;
+ 
+diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
+index b36de76f24e2..7bb9fe7a2c8e 100644
+--- a/sound/core/seq/seq_clientmgr.c
++++ b/sound/core/seq/seq_clientmgr.c
+@@ -236,6 +236,7 @@ static struct snd_seq_client *seq_create_client1(int client_index, int poolsize)
+ 	rwlock_init(&client->ports_lock);
+ 	mutex_init(&client->ports_mutex);
+ 	INIT_LIST_HEAD(&client->ports_list_head);
++	mutex_init(&client->ioctl_mutex);
+ 
+ 	/* find free slot in the client table */
+ 	spin_lock_irqsave(&clients_lock, flags);
+@@ -2195,6 +2196,7 @@ static int snd_seq_do_ioctl(struct snd_seq_client *client, unsigned int cmd,
+ 			    void __user *arg)
+ {
+ 	struct seq_ioctl_table *p;
++	int ret;
+ 
+ 	switch (cmd) {
+ 	case SNDRV_SEQ_IOCTL_PVERSION:
+@@ -2208,8 +2210,12 @@ static int snd_seq_do_ioctl(struct snd_seq_client *client, unsigned int cmd,
+ 	if (! arg)
+ 		return -EFAULT;
+ 	for (p = ioctl_tables; p->cmd; p++) {
+-		if (p->cmd == cmd)
+-			return p->func(client, arg);
++		if (p->cmd == cmd) {
++			mutex_lock(&client->ioctl_mutex);
++			ret = p->func(client, arg);
++			mutex_unlock(&client->ioctl_mutex);
++			return ret;
++		}
+ 	}
+ 	pr_debug("ALSA: seq unknown ioctl() 0x%x (type='%c', number=0x%02x)\n",
+ 		   cmd, _IOC_TYPE(cmd), _IOC_NR(cmd));
+diff --git a/sound/core/seq/seq_clientmgr.h b/sound/core/seq/seq_clientmgr.h
+index 20f0a725ec7d..91f8f165bfdc 100644
+--- a/sound/core/seq/seq_clientmgr.h
++++ b/sound/core/seq/seq_clientmgr.h
+@@ -59,6 +59,7 @@ struct snd_seq_client {
+ 	struct list_head ports_list_head;
+ 	rwlock_t ports_lock;
+ 	struct mutex ports_mutex;
++	struct mutex ioctl_mutex;
+ 	int convert32;		/* convert 32->64bit */
+ 
+ 	/* output pool */
+diff --git a/tools/usb/usbip/src/usbip_bind.c b/tools/usb/usbip/src/usbip_bind.c
+index fa46141ae68b..e121cfb1746a 100644
+--- a/tools/usb/usbip/src/usbip_bind.c
++++ b/tools/usb/usbip/src/usbip_bind.c
+@@ -144,6 +144,7 @@ static int bind_device(char *busid)
+ 	int rc;
+ 	struct udev *udev;
+ 	struct udev_device *dev;
++	const char *devpath;
+ 
+ 	/* Check whether the device with this bus ID exists. */
+ 	udev = udev_new();
+@@ -152,8 +153,16 @@ static int bind_device(char *busid)
+ 		err("device with the specified bus ID does not exist");
+ 		return -1;
+ 	}
++	devpath = udev_device_get_devpath(dev);
+ 	udev_unref(udev);
+ 
++	/* If the device is already attached to vhci_hcd - bail out */
++	if (strstr(devpath, USBIP_VHCI_DRV_NAME)) {
++		err("bind loop detected: device: %s is attached to %s\n",
++		    devpath, USBIP_VHCI_DRV_NAME);
++		return -1;
++	}
++
+ 	rc = unbind_other(busid);
+ 	if (rc == UNBIND_ST_FAILED) {
+ 		err("could not unbind driver from device on busid %s", busid);
+diff --git a/tools/usb/usbip/src/usbip_list.c b/tools/usb/usbip/src/usbip_list.c
+index d5ce34a410e7..ac6081c3db82 100644
+--- a/tools/usb/usbip/src/usbip_list.c
++++ b/tools/usb/usbip/src/usbip_list.c
+@@ -180,6 +180,7 @@ static int list_devices(bool parsable)
+ 	const char *busid;
+ 	char product_name[128];
+ 	int ret = -1;
++	const char *devpath;
+ 
+ 	/* Create libudev context. */
+ 	udev = udev_new();
+@@ -202,6 +203,14 @@ static int list_devices(bool parsable)
+ 		path = udev_list_entry_get_name(dev_list_entry);
+ 		dev = udev_device_new_from_syspath(udev, path);
+ 
++		/* Ignore devices attached to vhci_hcd */
++		devpath = udev_device_get_devpath(dev);
++		if (strstr(devpath, USBIP_VHCI_DRV_NAME)) {
++			dbg("Skip the device %s already attached to %s\n",
++			    devpath, USBIP_VHCI_DRV_NAME);
++			continue;
++		}
++
+ 		/* Get device information. */
+ 		idVendor = udev_device_get_sysattr_value(dev, "idVendor");
+ 		idProduct = udev_device_get_sysattr_value(dev, "idProduct");
-- 
cgit v1.2.3-65-gdbad