Merge android-4.9.152 (fd37e28) into msm-4.9

* refs/heads/tmp-fd37e28:
  Linux 4.9.152
  nbd: Use set_blocksize() to set device blocksize
  nbd: set the logical and physical blocksize properly
  media: vb2: be sure to unlock mutex on errors
  mm, memcg: fix reclaim deadlock with writeback
  drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
  loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
  loop: Get rid of loop_index_mutex
  loop: Fold __loop_release into loop_release
  block/loop: Use global lock for ioctl() operation.
  tipc: fix uninit-value in tipc_nl_compat_doit
  tipc: fix uninit-value in tipc_nl_compat_name_table_dump
  tipc: fix uninit-value in tipc_nl_compat_link_set
  tipc: fix uninit-value in tipc_nl_compat_bearer_enable
  tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
  sctp: allocate sctp_sockaddr_entry with kzalloc
  blockdev: Fix livelocks on loop device
  selinux: fix GPF on invalid policy
  netfilter: ebtables: account ebt_table_info to kmemcg
  sunrpc: handle ENOMEM in rpcb_getport_async
  media: vb2: vb2_mmap: move lock up
  LSM: Check for NULL cred-security on free
  media: vivid: set min width/height to a value > 0
  media: vivid: fix error handling of kthread_run
  omap2fb: Fix stack memory disclosure
  Disable MSI also when pcie-octeon.pcie_disable on
  arm64: kaslr: ensure randomized quantities are clean to the PoC
  mfd: tps6586x: Handle interrupts on suspend
  mips: fix n32 compat_ipc_parse_version
  crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
  crypto: talitos - reorder code in talitos_edesc_alloc()
  scsi: sd: Fix cache_type_store()
  scsi: core: Synchronize request queue PM status only on successful resume
  Yama: Check for pid death before checking ancestry
  btrfs: wait on ordered extents on abort cleanup
  crypto: authenc - fix parsing key with misaligned rta_len
  crypto: authencesn - Avoid twice completion call in decrypt path
  crypto: caam - fix zero-length buffer DMA mapping
  ip: on queued skb use skb_header_pointer instead of pskb_may_pull
  bonding: update nest level on unlink
  packet: Do not leak dev refcounts on error exit
  net: bridge: fix a bug on using a neighbour cache entry without checking its state
  ipv6: fix kernel-infoleak in ipv6_local_error()
  arm64: Don't trap host pointer auth use to EL2
  arm64/kvm: consistently handle host HCR_EL2 flags
  scsi: target: iscsi: cxgbit: fix csk leak
  Revert "scsi: target: iscsi: cxgbit: fix csk leak"
  proc: Remove empty line in /proc/self/status
  media: em28xx: Fix misplaced reset of dev->v4l::field_count
  Revert "f2fs: do not recover from previous remained wrong dnodes"
  can: gw: ensure DLC boundaries after CAN frame modification
  tty: Don't hold ldisc lock in tty_reopen() if ldisc present
  tty: Simplify tty->count math in tty_reopen()
  tty: Hold tty_ldisc_lock() during tty_reopen()
  tty/ldsem: Wake up readers after timed out down_write()
  ANDROID: cuttlefish_defconfig: Enable vsock options
  ANDROID: mnt: Propagate remount correctly
  UPSTREAM: loop: drop caches if offset or block_size are changed
  UPSTREAM: crypto: adiantum - initialize crypto_spawn::inst
  UPSTREAM: crypto: adiantum - fix leaking reference to hash algorithm
  UPSTREAM: crypto: adiantum - adjust some comments to match latest paper
  UPSTREAM: crypto: adiantum - propagate CRYPTO_ALG_ASYNC flag to instance
  Linux 4.9.151
  sunrpc: use-after-free in svc_process_common()
  ext4: avoid kernel warning when writing the superblock to a dead device
  ext4: fix a potential fiemap/page fault deadlock w/ inline_data
  ext4: make sure enough credits are reserved for dioread_nolock writes
  rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
  i2c: dev: prevent adapter retries and timeout being set as minus value
  ACPI: power: Skip duplicate power resource references in _PRx
  mm: page_mapped: don't assume compound page is huge or THP
  slab: alien caches must not be initialized if the allocation of the alien cache failed
  USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
  USB: storage: add quirk for SMI SM3350
  USB: storage: don't insert sane sense for SPC3+ when bad sense specified
  usb: cdc-acm: send ZLP for Telit 3G Intel based modems
  cifs: Fix potential OOB access of lock element array
  CIFS: Do not hide EINTR after sending network packets
  ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
  ANDROID: cuttlefish: enable CONFIG_NET_CLS_BPF=y
  ANDROID: cuttlefish_defconfig: remove DM_VERITY_HASH_PREFETCH_MIN_SIZE
  Revert "ANDROID: dm verity: add minimum prefetch size"
  ANDROID: f2fs: Complement "android_fs" tracepoint of read path
  Linux 4.9.150
  bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
  drm/vc4: Set ->is_yuv to false when num_planes == 1
  power: supply: olpc_battery: correct the temperature units
  intel_th: msu: Fix an off-by-one in attribute store
  genwqe: Fix size check
  ceph: don't update importing cap's mseq when handing cap export
  iommu/vt-d: Handle domain agaw being less than iommu agaw
  rxe: fix error completion wr_id and qp_num
  9p/net: put a lower bound on msize
  powerpc/tm: Set MSR[TS] just prior to recheckpoint
  b43: Fix error in cordic routine
  gfs2: Fix loop in gfs2_rbm_find
  gfs2: Get rid of potential double-freeing in gfs2_create_inode
  dlm: memory leaks on error path in dlm_user_request()
  dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
  dlm: possible memory leak on error path in create_lkb()
  dlm: fixed memory leaks after failed ls_remove_names allocation
  ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
  ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
  ALSA: cs46xx: Potential NULL dereference in probe
  IB/hfi1: Incorrect sizing of sge for PIO will OOPs
  vhost/vsock: fix uninitialized vhost_vsock->guest_cid
  crypto: x86/chacha20 - avoid sleeping with preemption disabled
  MIPS: math-emu: Write-protect delay slot emulation pages
  sunrpc: use SVC_NET() in svcauth_gss_* functions
  sunrpc: fix cache_head leak due to queued request
  mm, devm_memremap_pages: kill mapping "System RAM" support
  mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
  hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
  fork: record start_time late
  libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
  scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
  serial/sunsu: fix refcount leak
  net: netxen: fix a missing check and an uninitialized use
  vxge: ensure data0 is initialized in when fetching firmware version information
  lan78xx: Resolve issue with changing MAC address
  SUNRPC: Fix a race with XPRT_CONNECTING
  net: hns: Add mac pcs config when enable|disable mac
  net: hns: Fix ntuple-filters status error.
  net: hns: Avoid net reset caused by pause frames storm
  net: hns: Free irq when exit from abnormal branch
  net: hns: Clean rx fbd when ae stopped.
  net: hns: Fixed bug that netdev was opened twice
  net: hns: Some registers use wrong address according to the datasheet.
  net: hns: All ports can not work when insmod hns ko after rmmod.
  net: hns: Incorrect offset address used for some registers.
  w90p910_ether: remove incorrect __init annotation
  drivers: net: xgene: Remove unnecessary forward declarations
  scsi: target: iscsi: cxgbit: add missing spin_lock_init()
  scsi: target: iscsi: cxgbit: fix csk leak
  bnx2x: Send update-svid ramrod with retry/poll flags enabled
  bnx2x: Remove configured vlans as part of unload sequence.
  bnx2x: Clear fip MAC when fcoe offload support is disabled
  netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
  Input: omap-keypad - fix idle configuration to not block SoC idle states
  scsi: bnx2fc: Fix NULL dereference in error handling
  netfilter: seqadj: re-load tcp header pointer after possible head reallocation
  xfrm: Fix bucket count reported to userspace
  checkstack.pl: fix for aarch64
  Input: restore EV_ABS ABS_RESERVED
  ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock
  ARM: imx: update the cpu power up timing setting on i.mx6sx
  powerpc: Fix COFF zImage booting on old powermacs
  pinctrl: meson: fix pull enable register calculation
  f2fs: don't access node/meta inode mapping after iput
  f2fs: wait on atomic writes to count F2FS_CP_WB_DATA
  f2fs: sanity check of xattr entry size
  f2fs: fix use-after-free issue when accessing sbi->stat_info
  f2fs: check PageWriteback flag for ordered case
  f2fs: fix validation of the block count in sanity_check_raw_super
  f2fs: fix missing unlock(sbi->gc_mutex)
  f2fs: clean up structure extent_node
  f2fs: fix block address for __check_sit_bitmap
  f2fs: fix sbi->extent_list corruption issue
  f2fs: clean up checkpoint flow
  f2fs: flush stale issued discard candidates
  f2fs: correct wrong spelling, issing_*
  f2fs: use kvmalloc, if kmalloc is failed
  f2fs: remove redundant comment of unused wio_mutex
  f2fs: fix to reorder set_page_dirty and wait_on_page_writeback
  f2fs: clear PG_writeback if IPU failed
  f2fs: add an ioctl() to explicitly trigger fsck later
  f2fs: avoid frequent costly fsck triggers
  f2fs: fix m_may_create to make OPU DIO write correctly
  f2fs: fix to update new block address correctly for OPU
  f2fs: adjust trace print in f2fs_get_victim() to cover all paths
  f2fs: fix to allow node segment for GC by ioctl path
  f2fs: make "f2fs_fault_name[]" const char *
  f2fs: read page index before freeing
  f2fs: fix wrong return value of f2fs_acl_create
  f2fs: avoid build warn of fall_through
  f2fs: fix race between write_checkpoint and write_begin
  f2fs: check memory boundary by insane namelen
  f2fs: only flush the single temp bio cache which owns the target page
  f2fs: fix out-place-update DIO write
  f2fs: fix to be aware discard/preflush/dio command in is_idle()
  f2fs: add to account direct IO
  f2fs: move dir data flush to write checkpoint process
  f2fs: change segment to section in f2fs_ioc_gc_range
  f2fs: export migration_granularity sysfs entry
  f2fs: support subsectional garbage collection
  f2fs: introduce __is_large_section() for cleanup
  f2fs: clean up f2fs_sb_has_##feature_name
  f2fs: remove codes of unused wio_mutex
  f2fs: fix count of seg_freed to make sec_freed correct
  f2fs: fix to account preflush command for noflush_merge mode
  f2fs: avoid GC causing encrypted file corrupted

Conflicts:
	drivers/scsi/scsi_pm.c

Change-Id: I69168f913289b706e43832f530213be0864986fa
Signed-off-by: jianzhou <[email protected]>

Documentation/ABI/testing/sysfs-fs-f2fs

@@ -92,6 +92,15 @@ Contact:	"Jaegeuk Kim" <[email protected]>
 Description:
 		 Controls the number of trials to find a victim segment.
 
+What:		/sys/fs/f2fs/<disk>/migration_granularity
+Date:		October 2018
+Contact:	"Chao Yu" <[email protected]>
+Description:
+		 Controls migration granularity of garbage collection on large
+		 section, it can let GC move partial segment{s} of one section
+		 in one GC cycle, so that dispersing heavy overhead GC to
+		 multiple lightweight one.
+
 What:		/sys/fs/f2fs/<disk>/dir_level
 Date:		March 2014
 Contact:	"Jaegeuk Kim" <[email protected]>

Makefile

@@ -1,6 +1,6 @@
 VERSION = 4
 PATCHLEVEL = 9
-SUBLEVEL = 149
+SUBLEVEL = 152
 EXTRAVERSION =
 NAME = Roaring Lionus
 

arch/arm/boot/dts/imx7d-nitrogen7.dts

@@ -117,13 +117,17 @@
 		compatible = "regulator-fixed";
 		regulator-min-microvolt = <3300000>;
 		regulator-max-microvolt = <3300000>;
-		clocks = <&clks IMX7D_CLKO2_ROOT_DIV>;
-		clock-names = "slow";
 		regulator-name = "reg_wlan";
 		startup-delay-us = <70000>;
 		gpio = <&gpio4 21 GPIO_ACTIVE_HIGH>;
 		enable-active-high;
 	};
+
+	usdhc2_pwrseq: usdhc2_pwrseq {
+		compatible = "mmc-pwrseq-simple";
+		clocks = <&clks IMX7D_CLKO2_ROOT_DIV>;
+		clock-names = "ext_clock";
+	};
 };
 
 &adc1 {
@@ -430,6 +434,7 @@
 	bus-width = <4>;
 	non-removable;
 	vmmc-supply = <&reg_wlan>;
+	mmc-pwrseq = <&usdhc2_pwrseq>;
 	cap-power-off-card;
 	keep-power-in-suspend;
 	status = "okay";

arch/arm/mach-imx/cpuidle-imx6sx.c

@@ -108,7 +108,7 @@ int __init imx6sx_cpuidle_init(void)
 	 * except for power up sw2iso which need to be
 	 * larger than LDO ramp up time.
 	 */
-	imx_gpc_set_arm_power_up_timing(2, 1);
+	imx_gpc_set_arm_power_up_timing(0xf, 1);
 	imx_gpc_set_arm_power_down_timing(1, 1);
 
 	return cpuidle_register(&imx6sx_cpuidle_driver, NULL);

arch/arm64/configs/cuttlefish_defconfig

@@ -179,9 +179,12 @@ CONFIG_L2TP=y
 CONFIG_NET_SCHED=y
 CONFIG_NET_SCH_HTB=y
 CONFIG_NET_CLS_U32=y
+CONFIG_NET_CLS_BPF=y
 CONFIG_NET_EMATCH=y
 CONFIG_NET_EMATCH_U32=y
 CONFIG_NET_CLS_ACT=y
+CONFIG_VSOCKETS=y
+CONFIG_VIRTIO_VSOCKETS=y
 CONFIG_CFG80211=y
 # CONFIG_CFG80211_DEFAULT_PS is not set
 CONFIG_MAC80211=y

arch/arm64/include/asm/kvm_arm.h

@@ -23,6 +23,8 @@
 #include <asm/types.h>
 
 /* Hyp Configuration Register (HCR) bits */
+#define HCR_API		(UL(1) << 41)
+#define HCR_APK		(UL(1) << 40)
 #define HCR_E2H		(UL(1) << 34)
 #define HCR_ID		(UL(1) << 33)
 #define HCR_CD		(UL(1) << 32)
@@ -82,6 +84,7 @@
 			 HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW)
 #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF)
 #define HCR_INT_OVERRIDE   (HCR_FMO | HCR_IMO)
+#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK)
 #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
 
 /* TCR_EL2 Registers bits */

arch/arm64/kernel/head.S

@@ -518,10 +518,9 @@ CPU_LE(	bic	x0, x0, #(3 << 24)	)	// Clear the EE and E0E bits for EL1
 #endif
 
 	/* Hyp configuration. */
-	mov	x0, #HCR_RW			// 64-bit EL1
+	mov_q	x0, HCR_HOST_NVHE_FLAGS
 	cbz	x2, set_hcr
-	orr	x0, x0, #HCR_TGE		// Enable Host Extensions
-	orr	x0, x0, #HCR_E2H
+	mov_q	x0, HCR_HOST_VHE_FLAGS
 set_hcr:
 	msr	hcr_el2, x0
 	isb

arch/arm64/kernel/kaslr.c

@@ -14,6 +14,7 @@
 #include <linux/sched.h>
 #include <linux/types.h>
 
+#include <asm/cacheflush.h>
 #include <asm/fixmap.h>
 #include <asm/kernel-pgtable.h>
 #include <asm/memory.h>
@@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *fdt)
 	return ret;
 }
 
-static __init const u8 *get_cmdline(void *fdt)
+static __init const u8 *kaslr_get_cmdline(void *fdt)
 {
 	static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE;
 
@@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys, u64 modulo_offset)
 	 * Check if 'nokaslr' appears on the command line, and
 	 * return 0 if that is the case.
 	 */
-	cmdline = get_cmdline(fdt);
+	cmdline = kaslr_get_cmdline(fdt);
 	str = strstr(cmdline, "nokaslr");
 	if (str == cmdline || (str > cmdline && *(str - 1) == ' '))
 		return 0;
@@ -178,5 +179,8 @@ u64 __init kaslr_early_init(u64 dt_phys, u64 modulo_offset)
 	module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21;
 	module_alloc_base &= PAGE_MASK;
 
+	__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));
+	__flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed));
+
 	return offset;
 }

arch/arm64/kvm/hyp/switch.c

@@ -112,7 +112,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
 
 static void __hyp_text __deactivate_traps_nvhe(void)
 {
-	write_sysreg(HCR_RW, hcr_el2);
+	write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2);
 	write_sysreg(CPTR_EL2_DEFAULT, cptr_el2);
 }
 

arch/mips/Kconfig

@@ -3135,6 +3135,7 @@ config MIPS32_O32
 config MIPS32_N32
 	bool "Kernel support for n32 binaries"
 	depends on 64BIT
+	select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
 	select COMPAT
 	select MIPS32_COMPAT
 	select SYSVIPC_COMPAT if SYSVIPC

arch/mips/kernel/vdso.c

@@ -111,8 +111,8 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
 
 	/* Map delay slot emulation page */
 	base = mmap_region(NULL, STACK_TOP, PAGE_SIZE,
-			   VM_READ|VM_WRITE|VM_EXEC|
-			   VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
+			   VM_READ | VM_EXEC |
+			   VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC,
 			   0);
 	if (IS_ERR_VALUE(base)) {
 		ret = base;

arch/mips/math-emu/dsemul.c

@@ -211,8 +211,9 @@ int mips_dsemul(struct pt_regs *regs, mips_instruction ir,
 {
 	int isa16 = get_isa16_mode(regs->cp0_epc);
 	mips_instruction break_math;
-	struct emuframe __user *fr;
-	int err, fr_idx;
+	unsigned long fr_uaddr;
+	struct emuframe fr;
+	int fr_idx, ret;
 
 	/* NOP is easy */
 	if (ir == 0)
@@ -247,27 +248,31 @@ int mips_dsemul(struct pt_regs *regs, mips_instruction ir,
 		fr_idx = alloc_emuframe();
 	if (fr_idx == BD_EMUFRAME_NONE)
 		return SIGBUS;
-	fr = &dsemul_page()[fr_idx];
 
 	/* Retrieve the appropriately encoded break instruction */
 	break_math = BREAK_MATH(isa16);
 
 	/* Write the instructions to the frame */
 	if (isa16) {
-		err = __put_user(ir >> 16,
-				 (u16 __user *)(&fr->emul));
-		err |= __put_user(ir & 0xffff,
-				  (u16 __user *)((long)(&fr->emul) + 2));
-		err |= __put_user(break_math >> 16,
-				  (u16 __user *)(&fr->badinst));
-		err |= __put_user(break_math & 0xffff,
-				  (u16 __user *)((long)(&fr->badinst) + 2));
+		union mips_instruction _emul = {
+			.halfword = { ir >> 16, ir }
+		};
+		union mips_instruction _badinst = {
+			.halfword = { break_math >> 16, break_math }
+		};
+
+		fr.emul = _emul.word;
+		fr.badinst = _badinst.word;
 	} else {
-		err = __put_user(ir, &fr->emul);
-		err |= __put_user(break_math, &fr->badinst);
+		fr.emul = ir;
+		fr.badinst = break_math;
 	}
 
-	if (unlikely(err)) {
+	/* Write the frame to user memory */
+	fr_uaddr = (unsigned long)&dsemul_page()[fr_idx];
+	ret = access_process_vm(current, fr_uaddr, &fr, sizeof(fr),
+				FOLL_FORCE | FOLL_WRITE);
+	if (unlikely(ret != sizeof(fr))) {
 		MIPS_FPU_EMU_INC_STATS(errors);
 		free_emuframe(fr_idx, current->mm);
 		return SIGBUS;
@@ -279,10 +284,7 @@ int mips_dsemul(struct pt_regs *regs, mips_instruction ir,
 	atomic_set(&current->thread.bd_emu_frame, fr_idx);
 
 	/* Change user register context to execute the frame */
-	regs->cp0_epc = (unsigned long)&fr->emul | isa16;
-
-	/* Ensure the icache observes our newly written frame */
-	flush_cache_sigtramp((unsigned long)&fr->emul);
+	regs->cp0_epc = fr_uaddr | isa16;
 
 	return 0;
 }

arch/mips/pci/msi-octeon.c

@@ -369,7 +369,9 @@ int __init octeon_msi_initialize(void)
 	int irq;
 	struct irq_chip *msi;
 
-	if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) {
+	if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_INVALID) {
+		return 0;
+	} else if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) {
 		msi_rcv_reg[0] = CVMX_PEXP_NPEI_MSI_RCV0;
 		msi_rcv_reg[1] = CVMX_PEXP_NPEI_MSI_RCV1;
 		msi_rcv_reg[2] = CVMX_PEXP_NPEI_MSI_RCV2;

arch/powerpc/boot/crt0.S

@@ -15,14 +15,16 @@
 RELA = 7
 RELACOUNT = 0x6ffffff9
 
-	.text
+	.data
 	/* A procedure descriptor used when booting this as a COFF file.
 	 * When making COFF, this comes first in the link and we're
 	 * linked at 0x500000.
 	 */
 	.globl	_zimage_start_opd
 _zimage_start_opd:
 	.long	0x500000, 0, 0, 0
+	.text
+	b	_zimage_start
 
 #ifdef __powerpc64__
 .balign 8

arch/powerpc/kernel/signal_32.c

@@ -866,7 +866,23 @@ static long restore_tm_user_regs(struct pt_regs *regs,
 	/* If TM bits are set to the reserved value, it's an invalid context */
 	if (MSR_TM_RESV(msr_hi))
 		return 1;
-	/* Pull in the MSR TM bits from the user context */
+
+	/*
+	 * Disabling preemption, since it is unsafe to be preempted
+	 * with MSR[TS] set without recheckpointing.
+	 */
+	preempt_disable();
+
+	/*
+	 * CAUTION:
+	 * After regs->MSR[TS] being updated, make sure that get_user(),
+	 * put_user() or similar functions are *not* called. These
+	 * functions can generate page faults which will cause the process
+	 * to be de-scheduled with MSR[TS] set but without calling
+	 * tm_recheckpoint(). This can cause a bug.
+	 *
+	 * Pull in the MSR TM bits from the user context
+	 */
 	regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr_hi & MSR_TS_MASK);
 	/* Now, recheckpoint.  This loads up all of the checkpointed (older)
 	 * registers, including FP and V[S]Rs.  After recheckpointing, the
@@ -891,6 +907,8 @@ static long restore_tm_user_regs(struct pt_regs *regs,
 	}
 #endif
 
+	preempt_enable();
+
 	return 0;
 }
 #endif

arch/powerpc/kernel/signal_64.c

@@ -452,20 +452,6 @@ static long restore_tm_sigcontexts(struct task_struct *tsk,
 	if (MSR_TM_RESV(msr))
 		return -EINVAL;
 
-	/* pull in MSR TS bits from user context */
-	regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK);
-
-	/*
-	 * Ensure that TM is enabled in regs->msr before we leave the signal
-	 * handler. It could be the case that (a) user disabled the TM bit
-	 * through the manipulation of the MSR bits in uc_mcontext or (b) the
-	 * TM bit was disabled because a sufficient number of context switches
-	 * happened whilst in the signal handler and load_tm overflowed,
-	 * disabling the TM bit. In either case we can end up with an illegal
-	 * TM state leading to a TM Bad Thing when we return to userspace.
-	 */
-	regs->msr |= MSR_TM;
-
 	/* pull in MSR LE from user context */
 	regs->msr = (regs->msr & ~MSR_LE) | (msr & MSR_LE);
 
@@ -557,6 +543,34 @@ static long restore_tm_sigcontexts(struct task_struct *tsk,
 	tm_enable();
 	/* Make sure the transaction is marked as failed */
 	tsk->thread.tm_texasr |= TEXASR_FS;
+
+	/*
+	 * Disabling preemption, since it is unsafe to be preempted
+	 * with MSR[TS] set without recheckpointing.
+	 */
+	preempt_disable();
+
+	/* pull in MSR TS bits from user context */
+	regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK);
+
+	/*
+	 * Ensure that TM is enabled in regs->msr before we leave the signal
+	 * handler. It could be the case that (a) user disabled the TM bit
+	 * through the manipulation of the MSR bits in uc_mcontext or (b) the
+	 * TM bit was disabled because a sufficient number of context switches
+	 * happened whilst in the signal handler and load_tm overflowed,
+	 * disabling the TM bit. In either case we can end up with an illegal
+	 * TM state leading to a TM Bad Thing when we return to userspace.
+	 *
+	 * CAUTION:
+	 * After regs->MSR[TS] being updated, make sure that get_user(),
+	 * put_user() or similar functions are *not* called. These
+	 * functions can generate page faults which will cause the process
+	 * to be de-scheduled with MSR[TS] set but without calling
+	 * tm_recheckpoint(). This can cause a bug.
+	 */
+	regs->msr |= MSR_TM;
+
 	/* This loads the checkpointed FP/VEC state, if used */
 	tm_recheckpoint(&tsk->thread, msr);
 
@@ -570,6 +584,8 @@ static long restore_tm_sigcontexts(struct task_struct *tsk,
 		regs->msr |= MSR_VEC;
 	}
 
+	preempt_enable();
+
 	return err;
 }
 #endif

arch/x86/configs/x86_64_cuttlefish_defconfig

@@ -192,9 +192,12 @@ CONFIG_IP6_NF_RAW=y
 CONFIG_NET_SCHED=y
 CONFIG_NET_SCH_HTB=y
 CONFIG_NET_CLS_U32=y
+CONFIG_NET_CLS_BPF=y
 CONFIG_NET_EMATCH=y
 CONFIG_NET_EMATCH_U32=y
 CONFIG_NET_CLS_ACT=y
+CONFIG_VSOCKETS=y
+CONFIG_VIRTIO_VSOCKETS=y
 CONFIG_CFG80211=y
 CONFIG_MAC80211=y
 CONFIG_RFKILL=y
@@ -225,7 +228,6 @@ CONFIG_DM_MIRROR=y
 CONFIG_DM_ZERO=y
 CONFIG_DM_UEVENT=y
 CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE=1
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_ANDROID_VERITY=y
 CONFIG_NETDEVICES=y

arch/x86/crypto/chacha20_glue.c

@@ -77,6 +77,7 @@ static int chacha20_simd(struct blkcipher_desc *desc, struct scatterlist *dst,
 
 	blkcipher_walk_init(&walk, dst, src, nbytes);
 	err = blkcipher_walk_virt_block(desc, &walk, CHACHA_BLOCK_SIZE);
+	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 
 	crypto_chacha_init(state, crypto_blkcipher_ctx(desc->tfm), walk.iv);