summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-03-21 11:56:03 -0400
committerAnthony G. Basile <blueness@gentoo.org>2015-03-21 11:56:03 -0400
commit11eefb7b86f45b78b1b60c22fcafb340ced8550f (patch)
treeea09e6dd8803fd8d447babbd6154ecf9c94e391a
parentGrsec/PaX: 3.1-{3.2.68,3.14.35,3.19.1}-201503122205 (diff)
downloadhardened-patchset-11eefb7b86f45b78b1b60c22fcafb340ced8550f.tar.gz
hardened-patchset-11eefb7b86f45b78b1b60c22fcafb340ced8550f.tar.bz2
hardened-patchset-11eefb7b86f45b78b1b60c22fcafb340ced8550f.zip
Grsec/PaX: 3.1-{3.2.68,3.14.36,3.19.2}-20150320190320150320
-rw-r--r--3.14.35/1034_linux-3.14.35.patch2036
-rw-r--r--3.14.36/0000_README (renamed from 3.14.35/0000_README)6
-rw-r--r--3.14.36/4420_grsecurity-3.1-3.14.36-201503182218.patch (renamed from 3.14.35/4420_grsecurity-3.1-3.14.35-201503092203.patch)949
-rw-r--r--3.14.36/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.35/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.14.36/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.35/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.14.36/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.35/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.14.36/4435_grsec-mute-warnings.patch (renamed from 3.14.35/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.14.36/4440_grsec-remove-protected-paths.patch (renamed from 3.14.35/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.14.36/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.35/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.14.36/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.35/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.14.36/4470_disable-compat_vdso.patch (renamed from 3.14.35/4470_disable-compat_vdso.patch)0
-rw-r--r--3.14.36/4475_emutramp_default_on.patch (renamed from 3.14.35/4475_emutramp_default_on.patch)0
-rw-r--r--3.19.1/1000_linux-3.19.1.patch7185
-rw-r--r--3.19.2/0000_README (renamed from 3.19.1/0000_README)6
-rw-r--r--3.19.2/4420_grsecurity-3.1-3.19.2-201503201903.patch (renamed from 3.19.1/4420_grsecurity-3.1-3.19.1-201503122205.patch)1049
-rw-r--r--3.19.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.19.1/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.19.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.19.1/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.19.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.19.1/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.19.2/4435_grsec-mute-warnings.patch (renamed from 3.19.1/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.19.2/4440_grsec-remove-protected-paths.patch (renamed from 3.19.1/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.19.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.19.1/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.19.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.19.1/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.19.2/4470_disable-compat_vdso.patch (renamed from 3.19.1/4470_disable-compat_vdso.patch)0
-rw-r--r--3.19.2/4475_emutramp_default_on.patch (renamed from 3.19.1/4475_emutramp_default_on.patch)0
-rw-r--r--3.2.68/0000_README2
-rw-r--r--3.2.68/4420_grsecurity-3.1-3.2.68-201503182213.patch (renamed from 3.2.68/4420_grsecurity-3.1-3.2.68-201503092202.patch)364
26 files changed, 1368 insertions, 10229 deletions
diff --git a/3.14.35/1034_linux-3.14.35.patch b/3.14.35/1034_linux-3.14.35.patch
deleted file mode 100644
index 668231d..0000000
--- a/3.14.35/1034_linux-3.14.35.patch
+++ /dev/null
@@ -1,2036 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 5443481..9720e86 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 14
--SUBLEVEL = 34
-+SUBLEVEL = 35
- EXTRAVERSION =
- NAME = Remembering Coco
-
-diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h
-index 6b0b7f7e..7670f33 100644
---- a/arch/arc/include/asm/pgtable.h
-+++ b/arch/arc/include/asm/pgtable.h
-@@ -259,7 +259,8 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep)
- #define pmd_clear(xp) do { pmd_val(*(xp)) = 0; } while (0)
-
- #define pte_page(x) (mem_map + \
-- (unsigned long)(((pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT)))
-+ (unsigned long)(((pte_val(x) - CONFIG_LINUX_LINK_BASE) >> \
-+ PAGE_SHIFT)))
-
- #define mk_pte(page, pgprot) \
- ({ \
-diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
-index 2e7d932..b3eff40 100644
---- a/arch/arm/boot/dts/am335x-bone-common.dtsi
-+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
-@@ -197,6 +197,7 @@
-
- usb@47401000 {
- status = "okay";
-+ dr_mode = "peripheral";
- };
-
- usb@47401800 {
-diff --git a/arch/arm/boot/dts/tegra20.dtsi b/arch/arm/boot/dts/tegra20.dtsi
-index 48d2a7f..ce978bc 100644
---- a/arch/arm/boot/dts/tegra20.dtsi
-+++ b/arch/arm/boot/dts/tegra20.dtsi
-@@ -76,9 +76,9 @@
- reset-names = "2d";
- };
-
-- gr3d@54140000 {
-+ gr3d@54180000 {
- compatible = "nvidia,tegra20-gr3d";
-- reg = <0x54140000 0x00040000>;
-+ reg = <0x54180000 0x00040000>;
- clocks = <&tegra_car TEGRA20_CLK_GR3D>;
- resets = <&tegra_car 24>;
- reset-names = "3d";
-@@ -138,9 +138,9 @@
- status = "disabled";
- };
-
-- dsi@542c0000 {
-+ dsi@54300000 {
- compatible = "nvidia,tegra20-dsi";
-- reg = <0x542c0000 0x00040000>;
-+ reg = <0x54300000 0x00040000>;
- clocks = <&tegra_car TEGRA20_CLK_DSI>;
- resets = <&tegra_car 48>;
- reset-names = "dsi";
-diff --git a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-index 2e35ff9..d3ac4c6 100644
---- a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-+++ b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-@@ -1669,7 +1669,7 @@ static struct omap_hwmod dra7xx_uart3_hwmod = {
- .class = &dra7xx_uart_hwmod_class,
- .clkdm_name = "l4per_clkdm",
- .main_clk = "uart3_gfclk_mux",
-- .flags = HWMOD_SWSUP_SIDLE_ACT,
-+ .flags = HWMOD_SWSUP_SIDLE_ACT | DEBUG_OMAP4UART3_FLAGS,
- .prcm = {
- .omap4 = {
- .clkctrl_offs = DRA7XX_CM_L4PER_UART3_CLKCTRL_OFFSET,
-diff --git a/arch/arm/mach-pxa/corgi.c b/arch/arm/mach-pxa/corgi.c
-index f162f1b..82fd9dd 100644
---- a/arch/arm/mach-pxa/corgi.c
-+++ b/arch/arm/mach-pxa/corgi.c
-@@ -26,6 +26,7 @@
- #include <linux/i2c.h>
- #include <linux/i2c/pxa-i2c.h>
- #include <linux/io.h>
-+#include <linux/regulator/machine.h>
- #include <linux/spi/spi.h>
- #include <linux/spi/ads7846.h>
- #include <linux/spi/corgi_lcd.h>
-@@ -711,6 +712,8 @@ static void __init corgi_init(void)
- sharpsl_nand_partitions[1].size = 53 * 1024 * 1024;
-
- platform_add_devices(devices, ARRAY_SIZE(devices));
-+
-+ regulator_has_full_constraints();
- }
-
- static void __init fixup_corgi(struct tag *tags, char **cmdline,
-diff --git a/arch/arm/mach-pxa/hx4700.c b/arch/arm/mach-pxa/hx4700.c
-index a7c30eb..007fd8a 100644
---- a/arch/arm/mach-pxa/hx4700.c
-+++ b/arch/arm/mach-pxa/hx4700.c
-@@ -892,6 +892,8 @@ static void __init hx4700_init(void)
- mdelay(10);
- gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1);
- mdelay(10);
-+
-+ regulator_has_full_constraints();
- }
-
- MACHINE_START(H4700, "HP iPAQ HX4700")
-diff --git a/arch/arm/mach-pxa/poodle.c b/arch/arm/mach-pxa/poodle.c
-index aedf053..b4fff29 100644
---- a/arch/arm/mach-pxa/poodle.c
-+++ b/arch/arm/mach-pxa/poodle.c
-@@ -25,6 +25,7 @@
- #include <linux/gpio.h>
- #include <linux/i2c.h>
- #include <linux/i2c/pxa-i2c.h>
-+#include <linux/regulator/machine.h>
- #include <linux/spi/spi.h>
- #include <linux/spi/ads7846.h>
- #include <linux/spi/pxa2xx_spi.h>
-@@ -454,6 +455,7 @@ static void __init poodle_init(void)
- pxa_set_i2c_info(NULL);
- i2c_register_board_info(0, ARRAY_AND_SIZE(poodle_i2c_devices));
- poodle_init_spi();
-+ regulator_has_full_constraints();
- }
-
- static void __init fixup_poodle(struct tag *tags, char **cmdline,
-diff --git a/arch/arm/mach-sa1100/pm.c b/arch/arm/mach-sa1100/pm.c
-index 6645d1e..34853d5 100644
---- a/arch/arm/mach-sa1100/pm.c
-+++ b/arch/arm/mach-sa1100/pm.c
-@@ -81,6 +81,7 @@ static int sa11x0_pm_enter(suspend_state_t state)
- /*
- * Ensure not to come back here if it wasn't intended
- */
-+ RCSR = RCSR_SMR;
- PSPR = 0;
-
- /*
-diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c
-index b3fc9f5..7ed72dc 100644
---- a/arch/arm64/kernel/signal32.c
-+++ b/arch/arm64/kernel/signal32.c
-@@ -151,8 +151,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
- case __SI_TIMER:
- err |= __put_user(from->si_tid, &to->si_tid);
- err |= __put_user(from->si_overrun, &to->si_overrun);
-- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr,
-- &to->si_ptr);
-+ err |= __put_user(from->si_int, &to->si_int);
- break;
- case __SI_POLL:
- err |= __put_user(from->si_band, &to->si_band);
-@@ -181,7 +180,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
- case __SI_MESGQ: /* But this is */
- err |= __put_user(from->si_pid, &to->si_pid);
- err |= __put_user(from->si_uid, &to->si_uid);
-- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr);
-+ err |= __put_user(from->si_int, &to->si_int);
- break;
- default: /* this is just in case for now ... */
- err |= __put_user(from->si_pid, &to->si_pid);
-diff --git a/arch/metag/include/asm/processor.h b/arch/metag/include/asm/processor.h
-index a8a3747..eb2005b 100644
---- a/arch/metag/include/asm/processor.h
-+++ b/arch/metag/include/asm/processor.h
-@@ -149,8 +149,8 @@ extern void exit_thread(void);
-
- unsigned long get_wchan(struct task_struct *p);
-
--#define KSTK_EIP(tsk) ((tsk)->thread.kernel_context->CurrPC)
--#define KSTK_ESP(tsk) ((tsk)->thread.kernel_context->AX[0].U0)
-+#define KSTK_EIP(tsk) (task_pt_regs(tsk)->ctx.CurrPC)
-+#define KSTK_ESP(tsk) (task_pt_regs(tsk)->ctx.AX[0].U0)
-
- #define user_stack_pointer(regs) ((regs)->ctx.AX[0].U0)
-
-diff --git a/arch/mips/kernel/mips_ksyms.c b/arch/mips/kernel/mips_ksyms.c
-index 6e58e97..cedeb56 100644
---- a/arch/mips/kernel/mips_ksyms.c
-+++ b/arch/mips/kernel/mips_ksyms.c
-@@ -14,6 +14,7 @@
- #include <linux/mm.h>
- #include <asm/uaccess.h>
- #include <asm/ftrace.h>
-+#include <asm/fpu.h>
-
- extern void *__bzero(void *__s, size_t __count);
- extern long __strncpy_from_user_nocheck_asm(char *__to,
-@@ -26,6 +27,13 @@ extern long __strnlen_user_nocheck_asm(const char *s);
- extern long __strnlen_user_asm(const char *s);
-
- /*
-+ * Core architecture code
-+ */
-+#ifdef CONFIG_CPU_R4K_FPU
-+EXPORT_SYMBOL_GPL(_save_fp);
-+#endif
-+
-+/*
- * String functions
- */
- EXPORT_SYMBOL(memset);
-diff --git a/arch/mips/kvm/kvm_locore.S b/arch/mips/kvm/kvm_locore.S
-index bbace09..03a2db5 100644
---- a/arch/mips/kvm/kvm_locore.S
-+++ b/arch/mips/kvm/kvm_locore.S
-@@ -428,7 +428,7 @@ __kvm_mips_return_to_guest:
- /* Setup status register for running guest in UM */
- .set at
- or v1, v1, (ST0_EXL | KSU_USER | ST0_IE)
-- and v1, v1, ~ST0_CU0
-+ and v1, v1, ~(ST0_CU0 | ST0_MX)
- .set noat
- mtc0 v1, CP0_STATUS
- ehb
-diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c
-index 3e0ff8d..897c605 100644
---- a/arch/mips/kvm/kvm_mips.c
-+++ b/arch/mips/kvm/kvm_mips.c
-@@ -15,6 +15,7 @@
- #include <linux/vmalloc.h>
- #include <linux/fs.h>
- #include <linux/bootmem.h>
-+#include <asm/fpu.h>
- #include <asm/page.h>
- #include <asm/cacheflush.h>
- #include <asm/mmu_context.h>
-@@ -418,11 +419,13 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
- vcpu->mmio_needed = 0;
- }
-
-+ lose_fpu(1);
-+
-+ local_irq_disable();
- /* Check if we have any exceptions/interrupts pending */
- kvm_mips_deliver_interrupts(vcpu,
- kvm_read_c0_guest_cause(vcpu->arch.cop0));
-
-- local_irq_disable();
- kvm_guest_enter();
-
- r = __kvm_mips_vcpu_run(run, vcpu);
-@@ -1021,9 +1024,6 @@ void kvm_mips_set_c0_status(void)
- {
- uint32_t status = read_c0_status();
-
-- if (cpu_has_fpu)
-- status |= (ST0_CU1);
--
- if (cpu_has_dsp)
- status |= (ST0_MX);
-
-diff --git a/arch/powerpc/sysdev/axonram.c b/arch/powerpc/sysdev/axonram.c
-index 47b6b9f..830edc8 100644
---- a/arch/powerpc/sysdev/axonram.c
-+++ b/arch/powerpc/sysdev/axonram.c
-@@ -156,7 +156,7 @@ axon_ram_direct_access(struct block_device *device, sector_t sector,
- }
-
- *kaddr = (void *)(bank->ph_addr + offset);
-- *pfn = virt_to_phys(kaddr) >> PAGE_SHIFT;
-+ *pfn = virt_to_phys(*kaddr) >> PAGE_SHIFT;
-
- return 0;
- }
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index fab97ad..1777f89 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -1207,21 +1207,22 @@ void kvm_track_tsc_matching(struct kvm_vcpu *vcpu)
- {
- #ifdef CONFIG_X86_64
- bool vcpus_matched;
-- bool do_request = false;
- struct kvm_arch *ka = &vcpu->kvm->arch;
- struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
-
- vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 ==
- atomic_read(&vcpu->kvm->online_vcpus));
-
-- if (vcpus_matched && gtod->clock.vclock_mode == VCLOCK_TSC)
-- if (!ka->use_master_clock)
-- do_request = 1;
--
-- if (!vcpus_matched && ka->use_master_clock)
-- do_request = 1;
--
-- if (do_request)
-+ /*
-+ * Once the masterclock is enabled, always perform request in
-+ * order to update it.
-+ *
-+ * In order to enable masterclock, the host clocksource must be TSC
-+ * and the vcpus need to have matched TSCs. When that happens,
-+ * perform request to enable masterclock.
-+ */
-+ if (ka->use_master_clock ||
-+ (gtod->clock.vclock_mode == VCLOCK_TSC && vcpus_matched))
- kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
-
- trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc,
-diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index 207d9aef..448ee89 100644
---- a/arch/x86/mm/gup.c
-+++ b/arch/x86/mm/gup.c
-@@ -172,7 +172,7 @@ static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
- */
- if (pmd_none(pmd) || pmd_trans_splitting(pmd))
- return 0;
-- if (unlikely(pmd_large(pmd))) {
-+ if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) {
- /*
- * NUMA hinting faults need to be handled in the GUP
- * slowpath for accounting purposes and so that they
-diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 8b977eb..006cc91 100644
---- a/arch/x86/mm/hugetlbpage.c
-+++ b/arch/x86/mm/hugetlbpage.c
-@@ -66,9 +66,15 @@ follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
- return ERR_PTR(-EINVAL);
- }
-
-+/*
-+ * pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal
-+ * hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry.
-+ * Otherwise, returns 0.
-+ */
- int pmd_huge(pmd_t pmd)
- {
-- return !!(pmd_val(pmd) & _PAGE_PSE);
-+ return !pmd_none(pmd) &&
-+ (pmd_val(pmd) & (_PAGE_PRESENT|_PAGE_PSE)) != _PAGE_PRESENT;
- }
-
- int pud_huge(pud_t pud)
-diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index 25e7e13..3601ff2 100644
---- a/arch/x86/mm/mmap.c
-+++ b/arch/x86/mm/mmap.c
-@@ -35,12 +35,12 @@ struct __read_mostly va_alignment va_align = {
- .flags = -1,
- };
-
--static unsigned int stack_maxrandom_size(void)
-+static unsigned long stack_maxrandom_size(void)
- {
-- unsigned int max = 0;
-+ unsigned long max = 0;
- if ((current->flags & PF_RANDOMIZE) &&
- !(current->personality & ADDR_NO_RANDOMIZE)) {
-- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
-+ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT;
- }
-
- return max;
-diff --git a/block/blk-throttle.c b/block/blk-throttle.c
-index 1474c3a..1599878 100644
---- a/block/blk-throttle.c
-+++ b/block/blk-throttle.c
-@@ -1292,6 +1292,9 @@ static u64 tg_prfill_cpu_rwstat(struct seq_file *sf,
- struct blkg_rwstat rwstat = { }, tmp;
- int i, cpu;
-
-+ if (tg->stats_cpu == NULL)
-+ return 0;
-+
- for_each_possible_cpu(cpu) {
- struct tg_stats_cpu *sc = per_cpu_ptr(tg->stats_cpu, cpu);
-
-diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
-index 91c25f26..d9bba99 100644
---- a/block/cfq-iosched.c
-+++ b/block/cfq-iosched.c
-@@ -3585,6 +3585,11 @@ retry:
-
- blkcg = bio_blkcg(bio);
- cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
-+ if (!cfqg) {
-+ cfqq = &cfqd->oom_cfqq;
-+ goto out;
-+ }
-+
- cfqq = cic_to_cfqq(cic, is_sync);
-
- /*
-@@ -3621,7 +3626,7 @@ retry:
- } else
- cfqq = &cfqd->oom_cfqq;
- }
--
-+out:
- if (new_cfqq)
- kmem_cache_free(cfq_pool, new_cfqq);
-
-@@ -3651,12 +3656,17 @@ static struct cfq_queue *
- cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic,
- struct bio *bio, gfp_t gfp_mask)
- {
-- const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
-- const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
-+ int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
-+ int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
- struct cfq_queue **async_cfqq = NULL;
- struct cfq_queue *cfqq = NULL;
-
- if (!is_sync) {
-+ if (!ioprio_valid(cic->ioprio)) {
-+ struct task_struct *tsk = current;
-+ ioprio = task_nice_ioprio(tsk);
-+ ioprio_class = task_nice_ioclass(tsk);
-+ }
- async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio);
- cfqq = *async_cfqq;
- }
-diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
-index b11949c..f667e37 100644
---- a/drivers/bluetooth/ath3k.c
-+++ b/drivers/bluetooth/ath3k.c
-@@ -157,6 +157,8 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
- #define USB_REQ_DFU_DNLOAD 1
- #define BULK_SIZE 4096
- #define FW_HDR_SIZE 20
-+#define TIMEGAP_USEC_MIN 50
-+#define TIMEGAP_USEC_MAX 100
-
- static int ath3k_load_firmware(struct usb_device *udev,
- const struct firmware *firmware)
-@@ -187,6 +189,9 @@ static int ath3k_load_firmware(struct usb_device *udev,
- count -= 20;
-
- while (count) {
-+ /* workaround the compatibility issue with xHCI controller*/
-+ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
-+
- size = min_t(uint, count, BULK_SIZE);
- pipe = usb_sndbulkpipe(udev, 0x02);
- memcpy(send_buf, firmware->data + sent, size);
-@@ -283,6 +288,9 @@ static int ath3k_load_fwfile(struct usb_device *udev,
- count -= size;
-
- while (count) {
-+ /* workaround the compatibility issue with xHCI controller*/
-+ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
-+
- size = min_t(uint, count, BULK_SIZE);
- pipe = usb_sndbulkpipe(udev, 0x02);
-
-diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
-index 6af1700..cfb9089 100644
---- a/drivers/char/tpm/tpm-interface.c
-+++ b/drivers/char/tpm/tpm-interface.c
-@@ -1122,7 +1122,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev,
-
- /* Make chip available */
- spin_lock(&driver_lock);
-- list_add_rcu(&chip->list, &tpm_chip_list);
-+ list_add_tail_rcu(&chip->list, &tpm_chip_list);
- spin_unlock(&driver_lock);
-
- return chip;
-diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c
-index 7727292..503a85a 100644
---- a/drivers/char/tpm/tpm_i2c_atmel.c
-+++ b/drivers/char/tpm/tpm_i2c_atmel.c
-@@ -168,6 +168,10 @@ static int i2c_atmel_probe(struct i2c_client *client,
-
- chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
- GFP_KERNEL);
-+ if (!chip->vendor.priv) {
-+ rc = -ENOMEM;
-+ goto out_err;
-+ }
-
- /* Default timeouts */
- chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
-diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c
-index 7b158ef..23c7b13 100644
---- a/drivers/char/tpm/tpm_i2c_nuvoton.c
-+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
-@@ -538,6 +538,11 @@ static int i2c_nuvoton_probe(struct i2c_client *client,
-
- chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
- GFP_KERNEL);
-+ if (!chip->vendor.priv) {
-+ rc = -ENOMEM;
-+ goto out_err;
-+ }
-+
- init_waitqueue_head(&chip->vendor.read_queue);
- init_waitqueue_head(&chip->vendor.int_queue);
-
-diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c
-index be9af2e..576d111 100644
---- a/drivers/char/tpm/tpm_i2c_stm_st33.c
-+++ b/drivers/char/tpm/tpm_i2c_stm_st33.c
-@@ -488,7 +488,7 @@ static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf,
- if (burstcnt < 0)
- return burstcnt;
- size = min_t(int, len - i - 1, burstcnt);
-- ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size);
-+ ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + i, size);
- if (ret < 0)
- goto out_err;
-
-diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
-index af74c57..eff9d58 100644
---- a/drivers/char/tpm/tpm_ibmvtpm.c
-+++ b/drivers/char/tpm/tpm_ibmvtpm.c
-@@ -148,7 +148,8 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
- crq.len = (u16)count;
- crq.data = ibmvtpm->rtce_dma_handle;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, word[0], word[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(word[0]),
-+ cpu_to_be64(word[1]));
- if (rc != H_SUCCESS) {
- dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc);
- rc = 0;
-@@ -186,7 +187,8 @@ static int ibmvtpm_crq_get_rtce_size(struct ibmvtpm_dev *ibmvtpm)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_GET_RTCE_BUFFER_SIZE;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "ibmvtpm_crq_get_rtce_size failed rc=%d\n", rc);
-@@ -212,7 +214,8 @@ static int ibmvtpm_crq_get_version(struct ibmvtpm_dev *ibmvtpm)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_GET_VERSION;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "ibmvtpm_crq_get_version failed rc=%d\n", rc);
-@@ -307,6 +310,14 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev)
- static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
- {
- struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev);
-+
-+ /* ibmvtpm initializes at probe time, so the data we are
-+ * asking for may not be set yet. Estimate that 4K required
-+ * for TCE-mapped buffer in addition to CRQ.
-+ */
-+ if (!ibmvtpm)
-+ return CRQ_RES_BUF_SIZE + PAGE_SIZE;
-+
- return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
- }
-
-@@ -327,7 +338,8 @@ static int tpm_ibmvtpm_suspend(struct device *dev)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_PREPARE_TO_SUSPEND;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "tpm_ibmvtpm_suspend failed rc=%d\n", rc);
-@@ -472,11 +484,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
- case IBMVTPM_VALID_CMD:
- switch (crq->msg) {
- case VTPM_GET_RTCE_BUFFER_SIZE_RES:
-- if (crq->len <= 0) {
-+ if (be16_to_cpu(crq->len) <= 0) {
- dev_err(ibmvtpm->dev, "Invalid rtce size\n");
- return;
- }
-- ibmvtpm->rtce_size = crq->len;
-+ ibmvtpm->rtce_size = be16_to_cpu(crq->len);
- ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size,
- GFP_KERNEL);
- if (!ibmvtpm->rtce_buf) {
-@@ -497,11 +509,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
-
- return;
- case VTPM_GET_VERSION_RES:
-- ibmvtpm->vtpm_version = crq->data;
-+ ibmvtpm->vtpm_version = be32_to_cpu(crq->data);
- return;
- case VTPM_TPM_COMMAND_RES:
- /* len of the data in rtce buffer */
-- ibmvtpm->res_len = crq->len;
-+ ibmvtpm->res_len = be16_to_cpu(crq->len);
- wake_up_interruptible(&ibmvtpm->wq);
- return;
- default:
-diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
-index 2c46734..51350cd 100644
---- a/drivers/char/tpm/tpm_tis.c
-+++ b/drivers/char/tpm/tpm_tis.c
-@@ -75,6 +75,10 @@ enum tis_defaults {
- #define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
- #define TPM_RID(l) (0x0F04 | ((l) << 12))
-
-+struct priv_data {
-+ bool irq_tested;
-+};
-+
- static LIST_HEAD(tis_chips);
- static DEFINE_MUTEX(tis_lock);
-
-@@ -338,12 +342,27 @@ out_err:
- return rc;
- }
-
-+static void disable_interrupts(struct tpm_chip *chip)
-+{
-+ u32 intmask;
-+
-+ intmask =
-+ ioread32(chip->vendor.iobase +
-+ TPM_INT_ENABLE(chip->vendor.locality));
-+ intmask &= ~TPM_GLOBAL_INT_ENABLE;
-+ iowrite32(intmask,
-+ chip->vendor.iobase +
-+ TPM_INT_ENABLE(chip->vendor.locality));
-+ free_irq(chip->vendor.irq, chip);
-+ chip->vendor.irq = 0;
-+}
-+
- /*
- * If interrupts are used (signaled by an irq set in the vendor structure)
- * tpm.c can skip polling for the data to be available as the interrupt is
- * waited for here
- */
--static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
-+static int tpm_tis_send_main(struct tpm_chip *chip, u8 *buf, size_t len)
- {
- int rc;
- u32 ordinal;
-@@ -373,6 +392,30 @@ out_err:
- return rc;
- }
-
-+static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
-+{
-+ int rc, irq;
-+ struct priv_data *priv = chip->vendor.priv;
-+
-+ if (!chip->vendor.irq || priv->irq_tested)
-+ return tpm_tis_send_main(chip, buf, len);
-+
-+ /* Verify receipt of the expected IRQ */
-+ irq = chip->vendor.irq;
-+ chip->vendor.irq = 0;
-+ rc = tpm_tis_send_main(chip, buf, len);
-+ chip->vendor.irq = irq;
-+ if (!priv->irq_tested)
-+ msleep(1);
-+ if (!priv->irq_tested) {
-+ disable_interrupts(chip);
-+ dev_err(chip->dev,
-+ FW_BUG "TPM interrupt not working, polling instead\n");
-+ }
-+ priv->irq_tested = true;
-+ return rc;
-+}
-+
- struct tis_vendor_timeout_override {
- u32 did_vid;
- unsigned long timeout_us[4];
-@@ -505,6 +548,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id)
- if (interrupt == 0)
- return IRQ_NONE;
-
-+ ((struct priv_data *)chip->vendor.priv)->irq_tested = true;
- if (interrupt & TPM_INTF_DATA_AVAIL_INT)
- wake_up_interruptible(&chip->vendor.read_queue);
- if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
-@@ -534,9 +578,14 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- u32 vendor, intfcaps, intmask;
- int rc, i, irq_s, irq_e, probe;
- struct tpm_chip *chip;
-+ struct priv_data *priv;
-
-+ priv = devm_kzalloc(dev, sizeof(struct priv_data), GFP_KERNEL);
-+ if (priv == NULL)
-+ return -ENOMEM;
- if (!(chip = tpm_register_hardware(dev, &tpm_tis)))
- return -ENODEV;
-+ chip->vendor.priv = priv;
-
- chip->vendor.iobase = ioremap(start, len);
- if (!chip->vendor.iobase) {
-@@ -605,19 +654,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
- dev_dbg(dev, "\tData Avail Int Support\n");
-
-- /* get the timeouts before testing for irqs */
-- if (tpm_get_timeouts(chip)) {
-- dev_err(dev, "Could not get TPM timeouts and durations\n");
-- rc = -ENODEV;
-- goto out_err;
-- }
--
-- if (tpm_do_selftest(chip)) {
-- dev_err(dev, "TPM self test failed\n");
-- rc = -ENODEV;
-- goto out_err;
-- }
--
- /* INTERRUPT Setup */
- init_waitqueue_head(&chip->vendor.read_queue);
- init_waitqueue_head(&chip->vendor.int_queue);
-@@ -719,6 +755,18 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- }
- }
-
-+ if (tpm_get_timeouts(chip)) {
-+ dev_err(dev, "Could not get TPM timeouts and durations\n");
-+ rc = -ENODEV;
-+ goto out_err;
-+ }
-+
-+ if (tpm_do_selftest(chip)) {
-+ dev_err(dev, "TPM self test failed\n");
-+ rc = -ENODEV;
-+ goto out_err;
-+ }
-+
- INIT_LIST_HEAD(&chip->vendor.list);
- mutex_lock(&tis_lock);
- list_add(&chip->vendor.list, &tis_chips);
-diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 4854f81..ef3b8ad 100644
---- a/drivers/cpufreq/cpufreq.c
-+++ b/drivers/cpufreq/cpufreq.c
-@@ -1365,9 +1365,10 @@ static int __cpufreq_remove_dev_finish(struct device *dev,
- unsigned long flags;
- struct cpufreq_policy *policy;
-
-- read_lock_irqsave(&cpufreq_driver_lock, flags);
-+ write_lock_irqsave(&cpufreq_driver_lock, flags);
- policy = per_cpu(cpufreq_cpu_data, cpu);
-- read_unlock_irqrestore(&cpufreq_driver_lock, flags);
-+ per_cpu(cpufreq_cpu_data, cpu) = NULL;
-+ write_unlock_irqrestore(&cpufreq_driver_lock, flags);
-
- if (!policy) {
- pr_debug("%s: No cpu_data found\n", __func__);
-@@ -1422,7 +1423,6 @@ static int __cpufreq_remove_dev_finish(struct device *dev,
- }
- }
-
-- per_cpu(cpufreq_cpu_data, cpu) = NULL;
- return 0;
- }
-
-diff --git a/drivers/cpufreq/s3c2416-cpufreq.c b/drivers/cpufreq/s3c2416-cpufreq.c
-index 826b8be..82cef00 100644
---- a/drivers/cpufreq/s3c2416-cpufreq.c
-+++ b/drivers/cpufreq/s3c2416-cpufreq.c
-@@ -263,7 +263,7 @@ out:
- }
-
- #ifdef CONFIG_ARM_S3C2416_CPUFREQ_VCORESCALE
--static void __init s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq)
-+static void s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq)
- {
- int count, v, i, found;
- struct cpufreq_frequency_table *freq;
-@@ -335,7 +335,7 @@ static struct notifier_block s3c2416_cpufreq_reboot_notifier = {
- .notifier_call = s3c2416_cpufreq_reboot_notifier_evt,
- };
-
--static int __init s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy)
-+static int s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy)
- {
- struct s3c2416_data *s3c_freq = &s3c2416_cpufreq;
- struct cpufreq_frequency_table *freq;
-diff --git a/drivers/cpufreq/s3c24xx-cpufreq.c b/drivers/cpufreq/s3c24xx-cpufreq.c
-index 2506974..0eb5b40 100644
---- a/drivers/cpufreq/s3c24xx-cpufreq.c
-+++ b/drivers/cpufreq/s3c24xx-cpufreq.c
-@@ -454,7 +454,7 @@ static struct cpufreq_driver s3c24xx_driver = {
- };
-
-
--int __init s3c_cpufreq_register(struct s3c_cpufreq_info *info)
-+int s3c_cpufreq_register(struct s3c_cpufreq_info *info)
- {
- if (!info || !info->name) {
- printk(KERN_ERR "%s: failed to pass valid information\n",
-diff --git a/drivers/cpufreq/speedstep-lib.c b/drivers/cpufreq/speedstep-lib.c
-index 7047821..4ab7a21 100644
---- a/drivers/cpufreq/speedstep-lib.c
-+++ b/drivers/cpufreq/speedstep-lib.c
-@@ -400,6 +400,7 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor,
-
- pr_debug("previous speed is %u\n", prev_speed);
-
-+ preempt_disable();
- local_irq_save(flags);
-
- /* switch to low state */
-@@ -464,6 +465,8 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor,
-
- out:
- local_irq_restore(flags);
-+ preempt_enable();
-+
- return ret;
- }
- EXPORT_SYMBOL_GPL(speedstep_get_freqs);
-diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c
-index 998c17b..b52d8af 100644
---- a/drivers/cpufreq/speedstep-smi.c
-+++ b/drivers/cpufreq/speedstep-smi.c
-@@ -156,6 +156,7 @@ static void speedstep_set_state(unsigned int state)
- return;
-
- /* Disable IRQs */
-+ preempt_disable();
- local_irq_save(flags);
-
- command = (smi_sig & 0xffffff00) | (smi_cmd & 0xff);
-@@ -166,9 +167,19 @@ static void speedstep_set_state(unsigned int state)
-
- do {
- if (retry) {
-+ /*
-+ * We need to enable interrupts, otherwise the blockage
-+ * won't resolve.
-+ *
-+ * We disable preemption so that other processes don't
-+ * run. If other processes were running, they could
-+ * submit more DMA requests, making the blockage worse.
-+ */
- pr_debug("retry %u, previous result %u, waiting...\n",
- retry, result);
-+ local_irq_enable();
- mdelay(retry * 50);
-+ local_irq_disable();
- }
- retry++;
- __asm__ __volatile__(
-@@ -185,6 +196,7 @@ static void speedstep_set_state(unsigned int state)
-
- /* enable IRQs */
- local_irq_restore(flags);
-+ preempt_enable();
-
- if (new_state == state)
- pr_debug("change to %u MHz succeeded after %u tries "
-diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
-index 98e14ee..278603c 100644
---- a/drivers/edac/amd64_edac.c
-+++ b/drivers/edac/amd64_edac.c
-@@ -2006,14 +2006,20 @@ static void __log_bus_error(struct mem_ctl_info *mci, struct err_info *err,
-
- static inline void decode_bus_error(int node_id, struct mce *m)
- {
-- struct mem_ctl_info *mci = mcis[node_id];
-- struct amd64_pvt *pvt = mci->pvt_info;
-+ struct mem_ctl_info *mci;
-+ struct amd64_pvt *pvt;
- u8 ecc_type = (m->status >> 45) & 0x3;
- u8 xec = XEC(m->status, 0x1f);
- u16 ec = EC(m->status);
- u64 sys_addr;
- struct err_info err;
-
-+ mci = edac_mc_find(node_id);
-+ if (!mci)
-+ return;
-+
-+ pvt = mci->pvt_info;
-+
- /* Bail out early if this was an 'observed' error */
- if (PP(ec) == NBSL_PP_OBS)
- return;
-diff --git a/drivers/gpio/gpio-tps65912.c b/drivers/gpio/gpio-tps65912.c
-index 59ee486..6005d26 100644
---- a/drivers/gpio/gpio-tps65912.c
-+++ b/drivers/gpio/gpio-tps65912.c
-@@ -26,9 +26,12 @@ struct tps65912_gpio_data {
- struct gpio_chip gpio_chip;
- };
-
-+#define to_tgd(gc) container_of(gc, struct tps65912_gpio_data, gpio_chip)
-+
- static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
- int val;
-
- val = tps65912_reg_read(tps65912, TPS65912_GPIO1 + offset);
-@@ -42,7 +45,8 @@ static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset)
- static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset,
- int value)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- if (value)
- tps65912_set_bits(tps65912, TPS65912_GPIO1 + offset,
-@@ -55,7 +59,8 @@ static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset,
- static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset,
- int value)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- /* Set the initial value */
- tps65912_gpio_set(gc, offset, value);
-@@ -66,7 +71,8 @@ static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset,
-
- static int tps65912_gpio_input(struct gpio_chip *gc, unsigned offset)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- return tps65912_clear_bits(tps65912, TPS65912_GPIO1 + offset,
- GPIO_CFG_MASK);
-diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c
-index 74ed17d..d26028c 100644
---- a/drivers/gpio/gpiolib-of.c
-+++ b/drivers/gpio/gpiolib-of.c
-@@ -45,12 +45,13 @@ static int of_gpiochip_find_and_xlate(struct gpio_chip *gc, void *data)
-
- ret = gc->of_xlate(gc, &gg_data->gpiospec, gg_data->flags);
- if (ret < 0) {
-- /* We've found the gpio chip, but the translation failed.
-- * Return true to stop looking and return the translation
-- * error via out_gpio
-+ /* We've found a gpio chip, but the translation failed.
-+ * Store translation error in out_gpio.
-+ * Return false to keep looking, as more than one gpio chip
-+ * could be registered per of-node.
- */
- gg_data->out_gpio = ERR_PTR(ret);
-- return true;
-+ return false;
- }
-
- gg_data->out_gpio = gpio_to_desc(ret + gc->base);
-diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
-index 6e5d8fe..17be889 100644
---- a/drivers/hid/i2c-hid/i2c-hid.c
-+++ b/drivers/hid/i2c-hid/i2c-hid.c
-@@ -356,7 +356,10 @@ static int i2c_hid_hwreset(struct i2c_client *client)
- static void i2c_hid_get_input(struct i2c_hid *ihid)
- {
- int ret, ret_size;
-- int size = ihid->bufsize;
-+ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
-+
-+ if (size > ihid->bufsize)
-+ size = ihid->bufsize;
-
- ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
- if (ret != size) {
-diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 55de4f6..b96ee9d 100644
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -561,7 +561,7 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect
- if (test_bit(WriteMostly, &rdev->flags)) {
- /* Don't balance among write-mostly, just
- * use the first as a last resort */
-- if (best_disk < 0) {
-+ if (best_dist_disk < 0) {
- if (is_badblock(rdev, this_sector, sectors,
- &first_bad, &bad_sectors)) {
- if (first_bad < this_sector)
-@@ -570,7 +570,8 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect
- best_good_sectors = first_bad - this_sector;
- } else
- best_good_sectors = sectors;
-- best_disk = disk;
-+ best_dist_disk = disk;
-+ best_pending_disk = disk;
- }
- continue;
- }
-diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 175584a..3545faf 100644
---- a/drivers/md/raid5.c
-+++ b/drivers/md/raid5.c
-@@ -3071,7 +3071,8 @@ static void handle_stripe_dirtying(struct r5conf *conf,
- * generate correct data from the parity.
- */
- if (conf->max_degraded == 2 ||
-- (recovery_cp < MaxSector && sh->sector >= recovery_cp)) {
-+ (recovery_cp < MaxSector && sh->sector >= recovery_cp &&
-+ s->failed == 0)) {
- /* Calculate the real rcw later - for now make it
- * look like rcw is cheaper
- */
-diff --git a/drivers/media/usb/dvb-usb-v2/lmedm04.c b/drivers/media/usb/dvb-usb-v2/lmedm04.c
-index f674dc0..d2a4e6d 100644
---- a/drivers/media/usb/dvb-usb-v2/lmedm04.c
-+++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c
-@@ -350,6 +350,7 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap)
- {
- struct dvb_usb_device *d = adap_to_d(adap);
- struct lme2510_state *lme_int = adap_to_priv(adap);
-+ struct usb_host_endpoint *ep;
-
- lme_int->lme_urb = usb_alloc_urb(0, GFP_ATOMIC);
-
-@@ -371,6 +372,12 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap)
- adap,
- 8);
-
-+ /* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */
-+ ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe);
-+
-+ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK)
-+ lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa),
-+
- lme_int->lme_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
-
- usb_submit_urb(lme_int->lme_urb, GFP_ATOMIC);
-diff --git a/drivers/media/usb/em28xx/em28xx-audio.c b/drivers/media/usb/em28xx/em28xx-audio.c
-index dfdfa77..c39f7d3 100644
---- a/drivers/media/usb/em28xx/em28xx-audio.c
-+++ b/drivers/media/usb/em28xx/em28xx-audio.c
-@@ -814,7 +814,7 @@ static int em28xx_audio_urb_init(struct em28xx *dev)
- if (urb_size > ep_size * npackets)
- npackets = DIV_ROUND_UP(urb_size, ep_size);
-
-- em28xx_info("Number of URBs: %d, with %d packets and %d size",
-+ em28xx_info("Number of URBs: %d, with %d packets and %d size\n",
- num_urb, npackets, urb_size);
-
- /* Estimate the bytes per period */
-@@ -974,7 +974,7 @@ static int em28xx_audio_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing audio extension");
-+ em28xx_info("Closing audio extension\n");
-
- if (dev->adev.sndcard) {
- snd_card_disconnect(dev->adev.sndcard);
-diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
-index 1373cfa..ec2ebe9 100644
---- a/drivers/media/usb/em28xx/em28xx-dvb.c
-+++ b/drivers/media/usb/em28xx/em28xx-dvb.c
-@@ -1468,7 +1468,7 @@ static int em28xx_dvb_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing DVB extension");
-+ em28xx_info("Closing DVB extension\n");
-
- if (dev->dvb) {
- struct em28xx_dvb *dvb = dev->dvb;
-diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c
-index 18f65d8..dd59c00 100644
---- a/drivers/media/usb/em28xx/em28xx-input.c
-+++ b/drivers/media/usb/em28xx/em28xx-input.c
-@@ -810,7 +810,7 @@ static int em28xx_ir_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing input extension");
-+ em28xx_info("Closing input extension\n");
-
- em28xx_shutdown_buttons(dev);
-
-diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c
-index e24ee08..0e8d085 100644
---- a/drivers/media/usb/em28xx/em28xx-video.c
-+++ b/drivers/media/usb/em28xx/em28xx-video.c
-@@ -1900,7 +1900,7 @@ static int em28xx_v4l2_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing video extension");
-+ em28xx_info("Closing video extension\n");
-
- mutex_lock(&dev->lock);
-
-diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
-index 793dacd..561c6b4 100644
---- a/drivers/mmc/host/sdhci-pxav3.c
-+++ b/drivers/mmc/host/sdhci-pxav3.c
-@@ -201,8 +201,8 @@ static struct sdhci_pxa_platdata *pxav3_get_mmc_pdata(struct device *dev)
- if (!pdata)
- return NULL;
-
-- of_property_read_u32(np, "mrvl,clk-delay-cycles", &clk_delay_cycles);
-- if (clk_delay_cycles > 0)
-+ if (!of_property_read_u32(np, "mrvl,clk-delay-cycles",
-+ &clk_delay_cycles))
- pdata->clk_delay_cycles = clk_delay_cycles;
-
- return pdata;
-diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-index d06414e..a041746 100644
---- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-@@ -410,9 +410,6 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac,
- mvmvif->uploaded = false;
- mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT;
-
-- /* does this make sense at all? */
-- mvmvif->color++;
--
- spin_lock_bh(&mvm->time_event_lock);
- iwl_mvm_te_clear_data(mvm, &mvmvif->time_event_data);
- spin_unlock_bh(&mvm->time_event_lock);
-@@ -597,7 +594,7 @@ static int iwl_mvm_mac_add_interface(struct ieee80211_hw *hw,
-
- ret = iwl_mvm_mac_ctxt_add(mvm, vif);
- if (ret)
-- goto out_release;
-+ goto out_remove_mac;
-
- iwl_mvm_power_disable(mvm, vif);
-
-diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c
-index 76ee486..4efcb28 100644
---- a/drivers/net/wireless/iwlwifi/mvm/tx.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
-@@ -835,6 +835,11 @@ int iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
- sta_id = ba_notif->sta_id;
- tid = ba_notif->tid;
-
-+ if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT ||
-+ tid >= IWL_MAX_TID_COUNT,
-+ "sta_id %d tid %d", sta_id, tid))
-+ return 0;
-+
- rcu_read_lock();
-
- sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
-diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c
-index 3d54900..52427fb 100644
---- a/drivers/net/wireless/iwlwifi/pcie/tx.c
-+++ b/drivers/net/wireless/iwlwifi/pcie/tx.c
-@@ -729,7 +729,12 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans)
- iwl_write_direct32(trans, FH_KW_MEM_ADDR_REG,
- trans_pcie->kw.dma >> 4);
-
-- iwl_pcie_tx_start(trans, trans_pcie->scd_base_addr);
-+ /*
-+ * Send 0 as the scd_base_addr since the device may have be reset
-+ * while we were in WoWLAN in which case SCD_SRAM_BASE_ADDR will
-+ * contain garbage.
-+ */
-+ iwl_pcie_tx_start(trans, 0);
- }
-
- /*
-diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
-index 25f0bc6..7f41551 100644
---- a/drivers/pci/pci-driver.c
-+++ b/drivers/pci/pci-driver.c
-@@ -1324,7 +1324,7 @@ static int pci_uevent(struct device *dev, struct kobj_uevent_env *env)
- if (add_uevent_var(env, "PCI_SLOT_NAME=%s", pci_name(pdev)))
- return -ENOMEM;
-
-- if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x",
-+ if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X",
- pdev->vendor, pdev->device,
- pdev->subsystem_vendor, pdev->subsystem_device,
- (u8)(pdev->class >> 16), (u8)(pdev->class >> 8),
-diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
-index 5d59572..5510c88 100644
---- a/drivers/pci/rom.c
-+++ b/drivers/pci/rom.c
-@@ -69,6 +69,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
- {
- void __iomem *image;
- int last_image;
-+ unsigned length;
-
- image = rom;
- do {
-@@ -91,9 +92,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
- if (readb(pds + 3) != 'R')
- break;
- last_image = readb(pds + 21) & 0x80;
-- /* this length is reliable */
-- image += readw(pds + 16) * 512;
-- } while (!last_image);
-+ length = readw(pds + 16);
-+ image += length * 512;
-+ } while (length && !last_image);
-
- /* never return a size larger than the PCI resource window */
- /* there are known ROMs that get the size wrong */
-diff --git a/drivers/power/88pm860x_charger.c b/drivers/power/88pm860x_charger.c
-index de029bb..5ccca87 100644
---- a/drivers/power/88pm860x_charger.c
-+++ b/drivers/power/88pm860x_charger.c
-@@ -711,6 +711,7 @@ static int pm860x_charger_probe(struct platform_device *pdev)
- return 0;
-
- out_irq:
-+ power_supply_unregister(&info->usb);
- while (--i >= 0)
- free_irq(info->irq[i], info);
- out:
-diff --git a/drivers/power/bq24190_charger.c b/drivers/power/bq24190_charger.c
-index ad3ff8f..e4c95e1 100644
---- a/drivers/power/bq24190_charger.c
-+++ b/drivers/power/bq24190_charger.c
-@@ -929,7 +929,7 @@ static void bq24190_charger_init(struct power_supply *charger)
- charger->properties = bq24190_charger_properties;
- charger->num_properties = ARRAY_SIZE(bq24190_charger_properties);
- charger->supplied_to = bq24190_charger_supplied_to;
-- charger->num_supplies = ARRAY_SIZE(bq24190_charger_supplied_to);
-+ charger->num_supplicants = ARRAY_SIZE(bq24190_charger_supplied_to);
- charger->get_property = bq24190_charger_get_property;
- charger->set_property = bq24190_charger_set_property;
- charger->property_is_writeable = bq24190_charger_property_is_writeable;
-diff --git a/drivers/power/gpio-charger.c b/drivers/power/gpio-charger.c
-index a0024b2..86e03c6 100644
---- a/drivers/power/gpio-charger.c
-+++ b/drivers/power/gpio-charger.c
-@@ -168,7 +168,7 @@ static int gpio_charger_suspend(struct device *dev)
-
- if (device_may_wakeup(dev))
- gpio_charger->wakeup_enabled =
-- enable_irq_wake(gpio_charger->irq);
-+ !enable_irq_wake(gpio_charger->irq);
-
- return 0;
- }
-@@ -178,7 +178,7 @@ static int gpio_charger_resume(struct device *dev)
- struct platform_device *pdev = to_platform_device(dev);
- struct gpio_charger *gpio_charger = platform_get_drvdata(pdev);
-
-- if (gpio_charger->wakeup_enabled)
-+ if (device_may_wakeup(dev) && gpio_charger->wakeup_enabled)
- disable_irq_wake(gpio_charger->irq);
- power_supply_changed(&gpio_charger->charger);
-
-diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
-index f655592..a1f04e3 100644
---- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
-+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
-@@ -92,6 +92,8 @@ megasas_enable_intr_fusion(struct megasas_instance *instance)
- {
- struct megasas_register_set __iomem *regs;
- regs = instance->reg_set;
-+
-+ instance->mask_interrupts = 0;
- /* For Thunderbolt/Invader also clear intr on enable */
- writel(~0, &regs->outbound_intr_status);
- readl(&regs->outbound_intr_status);
-@@ -100,7 +102,6 @@ megasas_enable_intr_fusion(struct megasas_instance *instance)
-
- /* Dummy readl to force pci flush */
- readl(&regs->outbound_intr_mask);
-- instance->mask_interrupts = 0;
- }
-
- /**
-diff --git a/drivers/target/iscsi/iscsi_target_tq.c b/drivers/target/iscsi/iscsi_target_tq.c
-index 601e9cc..bb2890e 100644
---- a/drivers/target/iscsi/iscsi_target_tq.c
-+++ b/drivers/target/iscsi/iscsi_target_tq.c
-@@ -24,36 +24,22 @@
- #include "iscsi_target_tq.h"
- #include "iscsi_target.h"
-
--static LIST_HEAD(active_ts_list);
- static LIST_HEAD(inactive_ts_list);
--static DEFINE_SPINLOCK(active_ts_lock);
- static DEFINE_SPINLOCK(inactive_ts_lock);
- static DEFINE_SPINLOCK(ts_bitmap_lock);
-
--static void iscsi_add_ts_to_active_list(struct iscsi_thread_set *ts)
--{
-- spin_lock(&active_ts_lock);
-- list_add_tail(&ts->ts_list, &active_ts_list);
-- iscsit_global->active_ts++;
-- spin_unlock(&active_ts_lock);
--}
--
- static void iscsi_add_ts_to_inactive_list(struct iscsi_thread_set *ts)
- {
-+ if (!list_empty(&ts->ts_list)) {
-+ WARN_ON(1);
-+ return;
-+ }
- spin_lock(&inactive_ts_lock);
- list_add_tail(&ts->ts_list, &inactive_ts_list);
- iscsit_global->inactive_ts++;
- spin_unlock(&inactive_ts_lock);
- }
-
--static void iscsi_del_ts_from_active_list(struct iscsi_thread_set *ts)
--{
-- spin_lock(&active_ts_lock);
-- list_del(&ts->ts_list);
-- iscsit_global->active_ts--;
-- spin_unlock(&active_ts_lock);
--}
--
- static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void)
- {
- struct iscsi_thread_set *ts;
-@@ -66,7 +52,7 @@ static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void)
-
- ts = list_first_entry(&inactive_ts_list, struct iscsi_thread_set, ts_list);
-
-- list_del(&ts->ts_list);
-+ list_del_init(&ts->ts_list);
- iscsit_global->inactive_ts--;
- spin_unlock(&inactive_ts_lock);
-
-@@ -204,8 +190,6 @@ static void iscsi_deallocate_extra_thread_sets(void)
-
- void iscsi_activate_thread_set(struct iscsi_conn *conn, struct iscsi_thread_set *ts)
- {
-- iscsi_add_ts_to_active_list(ts);
--
- spin_lock_bh(&ts->ts_state_lock);
- conn->thread_set = ts;
- ts->conn = conn;
-@@ -397,7 +381,6 @@ struct iscsi_conn *iscsi_rx_thread_pre_handler(struct iscsi_thread_set *ts)
-
- if (ts->delay_inactive && (--ts->thread_count == 0)) {
- spin_unlock_bh(&ts->ts_state_lock);
-- iscsi_del_ts_from_active_list(ts);
-
- if (!iscsit_global->in_shutdown)
- iscsi_deallocate_extra_thread_sets();
-@@ -452,7 +435,6 @@ struct iscsi_conn *iscsi_tx_thread_pre_handler(struct iscsi_thread_set *ts)
-
- if (ts->delay_inactive && (--ts->thread_count == 0)) {
- spin_unlock_bh(&ts->ts_state_lock);
-- iscsi_del_ts_from_active_list(ts);
-
- if (!iscsit_global->in_shutdown)
- iscsi_deallocate_extra_thread_sets();
-diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 25c9bc7..e49616e 100644
---- a/drivers/tty/pty.c
-+++ b/drivers/tty/pty.c
-@@ -209,6 +209,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
- unsigned long flags;
- struct pid *pgrp;
-
-+ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
-+ return -EINVAL;
-+
- if (tty->link) {
- spin_lock_irqsave(&tty->link->ctrl_lock, flags);
- pgrp = get_pid(tty->link->pgrp);
-diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
-index ce352b8..0d3e6cb 100644
---- a/drivers/tty/serial/atmel_serial.c
-+++ b/drivers/tty/serial/atmel_serial.c
-@@ -2392,7 +2392,7 @@ static int atmel_serial_probe(struct platform_device *pdev)
-
- ret = atmel_init_port(port, pdev);
- if (ret)
-- goto err;
-+ goto err_clear_bit;
-
- if (!atmel_use_pdc_rx(&port->uart)) {
- ret = -ENOMEM;
-@@ -2441,6 +2441,8 @@ err_alloc_ring:
- clk_put(port->clk);
- port->clk = NULL;
- }
-+err_clear_bit:
-+ clear_bit(port->uart.line, atmel_ports_in_use);
- err:
- return ret;
- }
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index 23b5d32..693091a 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -498,6 +498,7 @@ void invert_screen(struct vc_data *vc, int offset, int count, int viewed)
- #endif
- if (DO_UPDATE(vc))
- do_update_region(vc, (unsigned long) p, count);
-+ notify_update(vc);
- }
-
- /* used by selection: complement pointer position */
-@@ -514,6 +515,7 @@ void complement_pos(struct vc_data *vc, int offset)
- scr_writew(old, screenpos(vc, old_offset, 1));
- if (DO_UPDATE(vc))
- vc->vc_sw->con_putc(vc, old, oldy, oldx);
-+ notify_update(vc);
- }
-
- old_offset = offset;
-@@ -531,8 +533,8 @@ void complement_pos(struct vc_data *vc, int offset)
- oldy = (offset >> 1) / vc->vc_cols;
- vc->vc_sw->con_putc(vc, new, oldy, oldx);
- }
-+ notify_update(vc);
- }
--
- }
-
- static void insert_char(struct vc_data *vc, unsigned int nr)
-diff --git a/drivers/usb/core/buffer.c b/drivers/usb/core/buffer.c
-index 684ef70..506b969 100644
---- a/drivers/usb/core/buffer.c
-+++ b/drivers/usb/core/buffer.c
-@@ -22,17 +22,25 @@
- */
-
- /* FIXME tune these based on pool statistics ... */
--static const size_t pool_max[HCD_BUFFER_POOLS] = {
-- /* platforms without dma-friendly caches might need to
-- * prevent cacheline sharing...
-- */
-- 32,
-- 128,
-- 512,
-- PAGE_SIZE / 2
-- /* bigger --> allocate pages */
-+static size_t pool_max[HCD_BUFFER_POOLS] = {
-+ 32, 128, 512, 2048,
- };
-
-+void __init usb_init_pool_max(void)
-+{
-+ /*
-+ * The pool_max values must never be smaller than
-+ * ARCH_KMALLOC_MINALIGN.
-+ */
-+ if (ARCH_KMALLOC_MINALIGN <= 32)
-+ ; /* Original value is okay */
-+ else if (ARCH_KMALLOC_MINALIGN <= 64)
-+ pool_max[0] = 64;
-+ else if (ARCH_KMALLOC_MINALIGN <= 128)
-+ pool_max[0] = 0; /* Don't use this pool */
-+ else
-+ BUILD_BUG(); /* We don't allow this */
-+}
-
- /* SETUP primitives */
-
-diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index ef6ec13b..ee6c556 100644
---- a/drivers/usb/core/hcd.c
-+++ b/drivers/usb/core/hcd.c
-@@ -1617,6 +1617,7 @@ static int unlink1(struct usb_hcd *hcd, struct urb *urb, int status)
- int usb_hcd_unlink_urb (struct urb *urb, int status)
- {
- struct usb_hcd *hcd;
-+ struct usb_device *udev = urb->dev;
- int retval = -EIDRM;
- unsigned long flags;
-
-@@ -1628,20 +1629,19 @@ int usb_hcd_unlink_urb (struct urb *urb, int status)
- spin_lock_irqsave(&hcd_urb_unlink_lock, flags);
- if (atomic_read(&urb->use_count) > 0) {
- retval = 0;
-- usb_get_dev(urb->dev);
-+ usb_get_dev(udev);
- }
- spin_unlock_irqrestore(&hcd_urb_unlink_lock, flags);
- if (retval == 0) {
- hcd = bus_to_hcd(urb->dev->bus);
- retval = unlink1(hcd, urb, status);
-- usb_put_dev(urb->dev);
-+ if (retval == 0)
-+ retval = -EINPROGRESS;
-+ else if (retval != -EIDRM && retval != -EBUSY)
-+ dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n",
-+ urb, retval);
-+ usb_put_dev(udev);
- }
--
-- if (retval == 0)
-- retval = -EINPROGRESS;
-- else if (retval != -EIDRM && retval != -EBUSY)
-- dev_dbg(&urb->dev->dev, "hcd_unlink_urb %p fail %d\n",
-- urb, retval);
- return retval;
- }
-
-diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
-index 4d11449..a922730 100644
---- a/drivers/usb/core/usb.c
-+++ b/drivers/usb/core/usb.c
-@@ -1050,6 +1050,7 @@ static int __init usb_init(void)
- pr_info("%s: USB support disabled\n", usbcore_name);
- return 0;
- }
-+ usb_init_pool_max();
-
- retval = usb_debugfs_init();
- if (retval)
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index 9e8708c..a2d0409 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -56,6 +56,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */
- { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
- { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
-+ { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */
- { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
- { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */
- { USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */
-diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
-index 602913d..edfd797 100644
---- a/drivers/xen/manage.c
-+++ b/drivers/xen/manage.c
-@@ -113,10 +113,16 @@ static void do_suspend(void)
-
- err = freeze_processes();
- if (err) {
-- pr_err("%s: freeze failed %d\n", __func__, err);
-+ pr_err("%s: freeze processes failed %d\n", __func__, err);
- goto out;
- }
-
-+ err = freeze_kernel_threads();
-+ if (err) {
-+ pr_err("%s: freeze kernel threads failed %d\n", __func__, err);
-+ goto out_thaw;
-+ }
-+
- err = dpm_suspend_start(PMSG_FREEZE);
- if (err) {
- pr_err("%s: dpm_suspend_start %d\n", __func__, err);
-diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 67be295..f4d7b2f 100644
---- a/fs/binfmt_elf.c
-+++ b/fs/binfmt_elf.c
-@@ -549,11 +549,12 @@ out:
-
- static unsigned long randomize_stack_top(unsigned long stack_top)
- {
-- unsigned int random_variable = 0;
-+ unsigned long random_variable = 0;
-
- if ((current->flags & PF_RANDOMIZE) &&
- !(current->personality & ADDR_NO_RANDOMIZE)) {
-- random_variable = get_random_int() & STACK_RND_MASK;
-+ random_variable = (unsigned long) get_random_int();
-+ random_variable &= STACK_RND_MASK;
- random_variable <<= PAGE_SHIFT;
- }
- #ifdef CONFIG_STACK_GROWSUP
-diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index cbd3a7d..93de3ba 100644
---- a/fs/btrfs/ctree.c
-+++ b/fs/btrfs/ctree.c
-@@ -2655,32 +2655,23 @@ static int key_search(struct extent_buffer *b, struct btrfs_key *key,
- return 0;
- }
-
--int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *found_path,
-+int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *path,
- u64 iobjectid, u64 ioff, u8 key_type,
- struct btrfs_key *found_key)
- {
- int ret;
- struct btrfs_key key;
- struct extent_buffer *eb;
-- struct btrfs_path *path;
-+
-+ ASSERT(path);
-
- key.type = key_type;
- key.objectid = iobjectid;
- key.offset = ioff;
-
-- if (found_path == NULL) {
-- path = btrfs_alloc_path();
-- if (!path)
-- return -ENOMEM;
-- } else
-- path = found_path;
--
- ret = btrfs_search_slot(NULL, fs_root, &key, path, 0, 0);
-- if ((ret < 0) || (found_key == NULL)) {
-- if (path != found_path)
-- btrfs_free_path(path);
-+ if ((ret < 0) || (found_key == NULL))
- return ret;
-- }
-
- eb = path->nodes[0];
- if (ret && path->slots[0] >= btrfs_header_nritems(eb)) {
-diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
-index 0db8ded..f48d5fc 100644
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -1560,6 +1560,7 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info,
- bool check_ref)
- {
- struct btrfs_root *root;
-+ struct btrfs_path *path;
- int ret;
-
- if (location->objectid == BTRFS_ROOT_TREE_OBJECTID)
-@@ -1599,8 +1600,14 @@ again:
- if (ret)
- goto fail;
-
-- ret = btrfs_find_item(fs_info->tree_root, NULL, BTRFS_ORPHAN_OBJECTID,
-+ path = btrfs_alloc_path();
-+ if (!path) {
-+ ret = -ENOMEM;
-+ goto fail;
-+ }
-+ ret = btrfs_find_item(fs_info->tree_root, path, BTRFS_ORPHAN_OBJECTID,
- location->objectid, BTRFS_ORPHAN_ITEM_KEY, NULL);
-+ btrfs_free_path(path);
- if (ret < 0)
- goto fail;
- if (ret == 0)
-@@ -2411,7 +2418,7 @@ int open_ctree(struct super_block *sb,
- features |= BTRFS_FEATURE_INCOMPAT_COMPRESS_LZO;
-
- if (features & BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA)
-- printk(KERN_ERR "BTRFS: has skinny extents\n");
-+ printk(KERN_INFO "BTRFS: has skinny extents\n");
-
- /*
- * flag our filesystem as having big metadata blocks if
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index 39d83da..aeb57b98 100644
---- a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -1238,10 +1238,19 @@ static int insert_orphan_item(struct btrfs_trans_handle *trans,
- struct btrfs_root *root, u64 offset)
- {
- int ret;
-- ret = btrfs_find_item(root, NULL, BTRFS_ORPHAN_OBJECTID,
-+ struct btrfs_path *path;
-+
-+ path = btrfs_alloc_path();
-+ if (!path)
-+ return -ENOMEM;
-+
-+ ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID,
- offset, BTRFS_ORPHAN_ITEM_KEY, NULL);
- if (ret > 0)
- ret = btrfs_insert_orphan_item(trans, root, offset);
-+
-+ btrfs_free_path(path);
-+
- return ret;
- }
-
-diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
-index 7654e87..9ad5ba4 100644
---- a/fs/jffs2/scan.c
-+++ b/fs/jffs2/scan.c
-@@ -510,6 +510,10 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
- sumlen = c->sector_size - je32_to_cpu(sm->offset);
- sumptr = buf + buf_size - sumlen;
-
-+ /* sm->offset maybe wrong but MAGIC maybe right */
-+ if (sumlen > c->sector_size)
-+ goto full_scan;
-+
- /* Now, make sure the summary itself is available */
- if (sumlen > buf_size) {
- /* Need to kmalloc for this. */
-@@ -544,6 +548,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
- }
- }
-
-+full_scan:
- buf_ofs = jeb->offset;
-
- if (!buf_size) {
-diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
-index 073b4cf..0a2016b 100644
---- a/fs/nfs/callback.c
-+++ b/fs/nfs/callback.c
-@@ -128,22 +128,24 @@ nfs41_callback_svc(void *vrqstp)
- if (try_to_freeze())
- continue;
-
-- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
-+ prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE);
- spin_lock_bh(&serv->sv_cb_lock);
- if (!list_empty(&serv->sv_cb_list)) {
- req = list_first_entry(&serv->sv_cb_list,
- struct rpc_rqst, rq_bc_list);
- list_del(&req->rq_bc_list);
- spin_unlock_bh(&serv->sv_cb_lock);
-+ finish_wait(&serv->sv_cb_waitq, &wq);
- dprintk("Invoking bc_svc_process()\n");
- error = bc_svc_process(serv, req, rqstp);
- dprintk("bc_svc_process() returned w/ error code= %d\n",
- error);
- } else {
- spin_unlock_bh(&serv->sv_cb_lock);
-- schedule();
-+ /* schedule_timeout to game the hung task watchdog */
-+ schedule_timeout(60 * HZ);
-+ finish_wait(&serv->sv_cb_waitq, &wq);
- }
-- finish_wait(&serv->sv_cb_waitq, &wq);
- }
- return 0;
- }
-diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index f4ccfe6..02f8d09 100644
---- a/fs/nfs/callback_xdr.c
-+++ b/fs/nfs/callback_xdr.c
-@@ -464,8 +464,10 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
-
- for (i = 0; i < args->csa_nrclists; i++) {
- status = decode_rc_list(xdr, &args->csa_rclists[i]);
-- if (status)
-+ if (status) {
-+ args->csa_nrclists = i;
- goto out_free;
-+ }
- }
- }
- status = 0;
-diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
-index 3314911..645f180 100644
---- a/fs/xfs/xfs_buf_item.c
-+++ b/fs/xfs/xfs_buf_item.c
-@@ -319,6 +319,10 @@ xfs_buf_item_format(
- ASSERT(atomic_read(&bip->bli_refcount) > 0);
- ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
- (bip->bli_flags & XFS_BLI_STALE));
-+ ASSERT((bip->bli_flags & XFS_BLI_STALE) ||
-+ (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF
-+ && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF));
-+
-
- /*
- * If it is an inode buffer, transfer the in-memory state to the
-diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
-index 3a137e9..5d90b8d 100644
---- a/fs/xfs/xfs_inode.c
-+++ b/fs/xfs/xfs_inode.c
-@@ -1946,6 +1946,7 @@ xfs_iunlink(
- agi->agi_unlinked[bucket_index] = cpu_to_be32(agino);
- offset = offsetof(xfs_agi_t, agi_unlinked) +
- (sizeof(xfs_agino_t) * bucket_index);
-+ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
- xfs_trans_log_buf(tp, agibp, offset,
- (offset + sizeof(xfs_agino_t) - 1));
- return 0;
-@@ -2037,6 +2038,7 @@ xfs_iunlink_remove(
- agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino);
- offset = offsetof(xfs_agi_t, agi_unlinked) +
- (sizeof(xfs_agino_t) * bucket_index);
-+ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
- xfs_trans_log_buf(tp, agibp, offset,
- (offset + sizeof(xfs_agino_t) - 1));
- } else {
-diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
-index 6d7d1de..1b271f5 100644
---- a/fs/xfs/xfs_qm.c
-+++ b/fs/xfs/xfs_qm.c
-@@ -1108,6 +1108,11 @@ xfs_qm_reset_dqcounts(
- */
- xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR,
- "xfs_quotacheck");
-+ /*
-+ * Reset type in case we are reusing group quota file for
-+ * project quotas or vice versa
-+ */
-+ ddq->d_flags = type;
- ddq->d_bcount = 0;
- ddq->d_icount = 0;
- ddq->d_rtbcount = 0;
-diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c
-index c812c5c..b626f3d 100644
---- a/fs/xfs/xfs_trans.c
-+++ b/fs/xfs/xfs_trans.c
-@@ -474,6 +474,7 @@ xfs_trans_apply_sb_deltas(
- whole = 1;
- }
-
-+ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
- if (whole)
- /*
- * Log the whole thing, the fields are noncontiguous.
-diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
-index 1c804b0..7ee1774 100644
---- a/include/linux/fsnotify.h
-+++ b/include/linux/fsnotify.h
-@@ -101,8 +101,10 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
- new_dir_mask |= FS_ISDIR;
- }
-
-- fsnotify(old_dir, old_dir_mask, old_dir, FSNOTIFY_EVENT_INODE, old_name, fs_cookie);
-- fsnotify(new_dir, new_dir_mask, new_dir, FSNOTIFY_EVENT_INODE, new_name, fs_cookie);
-+ fsnotify(old_dir, old_dir_mask, source, FSNOTIFY_EVENT_INODE, old_name,
-+ fs_cookie);
-+ fsnotify(new_dir, new_dir_mask, source, FSNOTIFY_EVENT_INODE, new_name,
-+ fs_cookie);
-
- if (target)
- fsnotify_link_count(target);
-diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h
-index efe8d8a..e34bce3 100644
---- a/include/linux/usb/hcd.h
-+++ b/include/linux/usb/hcd.h
-@@ -447,6 +447,7 @@ extern const struct dev_pm_ops usb_hcd_pci_pm_ops;
- #endif /* CONFIG_PCI */
-
- /* pci-ish (pdev null is ok) buffer alloc/mapping support */
-+void usb_init_pool_max(void);
- int hcd_buffer_create(struct usb_hcd *hcd);
- void hcd_buffer_destroy(struct usb_hcd *hcd);
-
-diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 0b097c8..449518e 100644
---- a/kernel/debug/kdb/kdb_main.c
-+++ b/kernel/debug/kdb/kdb_main.c
-@@ -2535,7 +2535,7 @@ static int kdb_summary(int argc, const char **argv)
- #define K(x) ((x) << (PAGE_SHIFT - 10))
- kdb_printf("\nMemTotal: %8lu kB\nMemFree: %8lu kB\n"
- "Buffers: %8lu kB\n",
-- val.totalram, val.freeram, val.bufferram);
-+ K(val.totalram), K(val.freeram), K(val.bufferram));
- return 0;
- }
-
-diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
-index 28db9be..6211d5d 100644
---- a/kernel/time/ntp.c
-+++ b/kernel/time/ntp.c
-@@ -631,10 +631,14 @@ int ntp_validate_timex(struct timex *txc)
- if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
- return -EPERM;
-
-- if (txc->modes & ADJ_FREQUENCY) {
-- if (LONG_MIN / PPM_SCALE > txc->freq)
-+ /*
-+ * Check for potential multiplication overflows that can
-+ * only happen on 64-bit systems:
-+ */
-+ if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) {
-+ if (LLONG_MIN / PPM_SCALE > txc->freq)
- return -EINVAL;
-- if (LONG_MAX / PPM_SCALE < txc->freq)
-+ if (LLONG_MAX / PPM_SCALE < txc->freq)
- return -EINVAL;
- }
-
-diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 7113672..813b021 100644
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -4694,7 +4694,7 @@ tracing_mark_write(struct file *filp, const char __user *ubuf,
- *fpos += written;
-
- out_unlock:
-- for (i = 0; i < nr_pages; i++){
-+ for (i = nr_pages - 1; i >= 0; i--) {
- kunmap_atomic(map_page[i]);
- put_page(pages[i]);
- }
-diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 67d0c17..472259b 100644
---- a/mm/hugetlb.c
-+++ b/mm/hugetlb.c
-@@ -3456,6 +3456,8 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- {
- struct page *page;
-
-+ if (!pmd_present(*pmd))
-+ return NULL;
- page = pte_page(*(pte_t *)pmd);
- if (page)
- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
-diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
-index 0676f2b..45f077c 100644
---- a/net/ceph/osd_client.c
-+++ b/net/ceph/osd_client.c
-@@ -977,12 +977,24 @@ static void put_osd(struct ceph_osd *osd)
- */
- static void __remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
- {
-- dout("__remove_osd %p\n", osd);
-- BUG_ON(!list_empty(&osd->o_requests));
-- rb_erase(&osd->o_node, &osdc->osds);
-+ dout("%s %p osd%d\n", __func__, osd, osd->o_osd);
-+ WARN_ON(!list_empty(&osd->o_requests));
-+ WARN_ON(!list_empty(&osd->o_linger_requests));
-+
- list_del_init(&osd->o_osd_lru);
-- ceph_con_close(&osd->o_con);
-- put_osd(osd);
-+ rb_erase(&osd->o_node, &osdc->osds);
-+ RB_CLEAR_NODE(&osd->o_node);
-+}
-+
-+static void remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
-+{
-+ dout("%s %p osd%d\n", __func__, osd, osd->o_osd);
-+
-+ if (!RB_EMPTY_NODE(&osd->o_node)) {
-+ ceph_con_close(&osd->o_con);
-+ __remove_osd(osdc, osd);
-+ put_osd(osd);
-+ }
- }
-
- static void remove_all_osds(struct ceph_osd_client *osdc)
-@@ -992,7 +1004,7 @@ static void remove_all_osds(struct ceph_osd_client *osdc)
- while (!RB_EMPTY_ROOT(&osdc->osds)) {
- struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds),
- struct ceph_osd, o_node);
-- __remove_osd(osdc, osd);
-+ remove_osd(osdc, osd);
- }
- mutex_unlock(&osdc->request_mutex);
- }
-@@ -1022,7 +1034,7 @@ static void remove_old_osds(struct ceph_osd_client *osdc)
- list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) {
- if (time_before(jiffies, osd->lru_ttl))
- break;
-- __remove_osd(osdc, osd);
-+ remove_osd(osdc, osd);
- }
- mutex_unlock(&osdc->request_mutex);
- }
-@@ -1037,8 +1049,7 @@ static int __reset_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
- dout("__reset_osd %p osd%d\n", osd, osd->o_osd);
- if (list_empty(&osd->o_requests) &&
- list_empty(&osd->o_linger_requests)) {
-- __remove_osd(osdc, osd);
--
-+ remove_osd(osdc, osd);
- return -ENODEV;
- }
-
-@@ -1840,6 +1851,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc)
- {
- struct rb_node *p, *n;
-
-+ dout("%s %p\n", __func__, osdc);
- for (p = rb_first(&osdc->osds); p; p = n) {
- struct ceph_osd *osd = rb_entry(p, struct ceph_osd, o_node);
-
-diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c
-index 56cc891..d99c8d3 100644
---- a/sound/pci/riptide/riptide.c
-+++ b/sound/pci/riptide/riptide.c
-@@ -2032,32 +2032,43 @@ snd_riptide_joystick_probe(struct pci_dev *pci, const struct pci_device_id *id)
- {
- static int dev;
- struct gameport *gameport;
-+ int ret;
-
- if (dev >= SNDRV_CARDS)
- return -ENODEV;
-+
- if (!enable[dev]) {
-- dev++;
-- return -ENOENT;
-+ ret = -ENOENT;
-+ goto inc_dev;
- }
-
-- if (!joystick_port[dev++])
-- return 0;
-+ if (!joystick_port[dev]) {
-+ ret = 0;
-+ goto inc_dev;
-+ }
-
- gameport = gameport_allocate_port();
-- if (!gameport)
-- return -ENOMEM;
-+ if (!gameport) {
-+ ret = -ENOMEM;
-+ goto inc_dev;
-+ }
- if (!request_region(joystick_port[dev], 8, "Riptide gameport")) {
- snd_printk(KERN_WARNING
- "Riptide: cannot grab gameport 0x%x\n",
- joystick_port[dev]);
- gameport_free_port(gameport);
-- return -EBUSY;
-+ ret = -EBUSY;
-+ goto inc_dev;
- }
-
- gameport->io = joystick_port[dev];
- gameport_register_port(gameport);
- pci_set_drvdata(pci, gameport);
-- return 0;
-+
-+ ret = 0;
-+inc_dev:
-+ dev++;
-+ return ret;
- }
-
- static void snd_riptide_joystick_remove(struct pci_dev *pci)
-diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
-index e98dc00..2116750 100644
---- a/sound/pci/rme9652/hdspm.c
-+++ b/sound/pci/rme9652/hdspm.c
-@@ -6102,6 +6102,9 @@ static int snd_hdspm_playback_open(struct snd_pcm_substream *substream)
- snd_pcm_hw_constraint_minmax(runtime,
- SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
- 64, 8192);
-+ snd_pcm_hw_constraint_minmax(runtime,
-+ SNDRV_PCM_HW_PARAM_PERIODS,
-+ 2, 2);
- break;
- }
-
-@@ -6176,6 +6179,9 @@ static int snd_hdspm_capture_open(struct snd_pcm_substream *substream)
- snd_pcm_hw_constraint_minmax(runtime,
- SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
- 64, 8192);
-+ snd_pcm_hw_constraint_minmax(runtime,
-+ SNDRV_PCM_HW_PARAM_PERIODS,
-+ 2, 2);
- break;
- }
-
diff --git a/3.14.35/0000_README b/3.14.36/0000_README
index f876e1c..ea2152e 100644
--- a/3.14.35/0000_README
+++ b/3.14.36/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1034_linux-3.14.35.patch
-From: http://www.kernel.org
-Desc: Linux 3.14.35
-
-Patch: 4420_grsecurity-3.1-3.14.35-201503092203.patch
+Patch: 4420_grsecurity-3.1-3.14.36-201503182218.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.35/4420_grsecurity-3.1-3.14.35-201503092203.patch b/3.14.36/4420_grsecurity-3.1-3.14.36-201503182218.patch
index 6e35a88..28c0f41 100644
--- a/3.14.35/4420_grsecurity-3.1-3.14.35-201503092203.patch
+++ b/3.14.36/4420_grsecurity-3.1-3.14.36-201503182218.patch
@@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 9720e86..98643f8 100644
+index 4e6537b..ce0ac5f 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -23088,7 +23088,7 @@ index c5a9cb9..b6a5426 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 02553d6..ff1450f4 100644
+index 06469ee..ff1450f4 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -60,6 +60,8 @@
@@ -23758,7 +23758,7 @@ index 02553d6..ff1450f4 100644
.popsection
/*
-@@ -539,25 +1008,26 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1008,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23766,19 +23766,9 @@ index 02553d6..ff1450f4 100644
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
jz 1f
-- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-- jnz int_ret_from_sys_call
--
-- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
-- jmp ret_from_sys_call # go to the SYSRET fastpath
-+ /*
-+ * By the time we get here, we have no idea whether our pt_regs,
-+ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
-+ * the slow path, or one of the ia32entry paths.
-+ * Use int_ret_from_sys_call to return, since it can safely handle
-+ * all of the above.
-+ */
-+ jmp int_ret_from_sys_call
+ /*
+@@ -552,15 +1021,13 @@ ENTRY(ret_from_fork)
+ jmp int_ret_from_sys_call
1:
- subq $REST_SKIP, %rsp # leave space for volatiles
@@ -23794,7 +23784,7 @@ index 02553d6..ff1450f4 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -594,7 +1064,7 @@ END(ret_from_fork)
+@@ -597,7 +1064,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23803,7 +23793,7 @@ index 02553d6..ff1450f4 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -607,16 +1077,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -610,16 +1077,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23829,7 +23819,7 @@ index 02553d6..ff1450f4 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,10 +1117,13 @@ sysret_check:
+@@ -643,10 +1117,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23844,7 +23834,7 @@ index 02553d6..ff1450f4 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -702,6 +1182,9 @@ auditsys:
+@@ -705,6 +1182,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -23854,7 +23844,7 @@ index 02553d6..ff1450f4 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -723,7 +1206,7 @@ sysret_audit:
+@@ -726,7 +1206,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -23863,7 +23853,7 @@ index 02553d6..ff1450f4 100644
jz auditsys
#endif
SAVE_REST
-@@ -731,12 +1214,15 @@ tracesys:
+@@ -734,12 +1214,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -23880,7 +23870,7 @@ index 02553d6..ff1450f4 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -766,7 +1252,9 @@ GLOBAL(int_with_check)
+@@ -769,7 +1252,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23891,7 +23881,7 @@ index 02553d6..ff1450f4 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -812,7 +1300,7 @@ int_restore_rest:
+@@ -815,7 +1300,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23900,7 +23890,7 @@ index 02553d6..ff1450f4 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -825,9 +1313,10 @@ ENTRY(stub_\func)
+@@ -828,9 +1313,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23913,7 +23903,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro FIXED_FRAME label,func
-@@ -837,9 +1326,10 @@ ENTRY(\label)
+@@ -840,9 +1326,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23925,7 +23915,7 @@ index 02553d6..ff1450f4 100644
.endm
FORK_LIKE clone
-@@ -847,19 +1337,6 @@ END(\label)
+@@ -850,19 +1337,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23945,7 +23935,7 @@ index 02553d6..ff1450f4 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -871,7 +1348,7 @@ ENTRY(stub_execve)
+@@ -874,7 +1348,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23954,7 +23944,7 @@ index 02553d6..ff1450f4 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -888,7 +1365,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -891,7 +1365,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23963,7 +23953,7 @@ index 02553d6..ff1450f4 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -902,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -905,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23972,7 +23962,7 @@ index 02553d6..ff1450f4 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -916,7 +1393,7 @@ ENTRY(stub_x32_execve)
+@@ -919,7 +1393,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23981,7 +23971,7 @@ index 02553d6..ff1450f4 100644
#endif
-@@ -953,7 +1430,7 @@ vector=vector+1
+@@ -956,7 +1430,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23990,7 +23980,7 @@ index 02553d6..ff1450f4 100644
.previous
END(interrupt)
-@@ -970,8 +1447,8 @@ END(interrupt)
+@@ -973,8 +1447,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -24001,7 +23991,7 @@ index 02553d6..ff1450f4 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -998,14 +1475,14 @@ ret_from_intr:
+@@ -1001,14 +1475,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -24020,7 +24010,7 @@ index 02553d6..ff1450f4 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1027,12 +1504,35 @@ retint_swapgs: /* return to user-space */
+@@ -1030,12 +1504,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -24056,7 +24046,7 @@ index 02553d6..ff1450f4 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1070,15 +1570,15 @@ native_irq_return_ldt:
+@@ -1073,15 +1570,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
@@ -24077,7 +24067,7 @@ index 02553d6..ff1450f4 100644
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -1132,7 +1632,7 @@ ENTRY(retint_kernel)
+@@ -1135,7 +1632,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
@@ -24086,7 +24076,7 @@ index 02553d6..ff1450f4 100644
/*
* End of kprobes section
-@@ -1151,7 +1651,7 @@ ENTRY(\sym)
+@@ -1154,7 +1651,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -24095,7 +24085,7 @@ index 02553d6..ff1450f4 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1239,7 +1739,7 @@ ENTRY(\sym)
+@@ -1242,7 +1739,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24104,7 +24094,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1257,10 +1757,10 @@ ENTRY(\sym)
+@@ -1260,10 +1757,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24117,7 +24107,7 @@ index 02553d6..ff1450f4 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1273,12 +1773,18 @@ ENTRY(\sym)
+@@ -1276,12 +1773,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -24137,7 +24127,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro errorentry sym do_sym
-@@ -1296,7 +1802,7 @@ ENTRY(\sym)
+@@ -1299,7 +1802,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24146,7 +24136,7 @@ index 02553d6..ff1450f4 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1327,7 +1833,7 @@ ENTRY(\sym)
+@@ -1330,7 +1833,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24155,7 +24145,7 @@ index 02553d6..ff1450f4 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1357,9 +1863,10 @@ gs_change:
+@@ -1360,9 +1863,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24167,7 +24157,7 @@ index 02553d6..ff1450f4 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1387,9 +1894,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1390,9 +1894,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24179,7 +24169,7 @@ index 02553d6..ff1450f4 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1427,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1430,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24188,7 +24178,7 @@ index 02553d6..ff1450f4 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1486,7 +1994,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1489,7 +1994,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24197,7 +24187,7 @@ index 02553d6..ff1450f4 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1538,18 +2046,33 @@ ENTRY(paranoid_exit)
+@@ -1541,18 +2046,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24233,7 +24223,7 @@ index 02553d6..ff1450f4 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1578,7 +2101,7 @@ paranoid_schedule:
+@@ -1581,7 +2101,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24242,7 +24232,7 @@ index 02553d6..ff1450f4 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1605,12 +2128,23 @@ ENTRY(error_entry)
+@@ -1608,12 +2128,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -24267,7 +24257,7 @@ index 02553d6..ff1450f4 100644
ret
/*
-@@ -1644,7 +2178,7 @@ error_bad_iret:
+@@ -1647,7 +2178,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
@@ -24276,7 +24266,7 @@ index 02553d6..ff1450f4 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1655,7 +2189,7 @@ ENTRY(error_exit)
+@@ -1658,7 +2189,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24285,7 +24275,7 @@ index 02553d6..ff1450f4 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1664,7 +2198,7 @@ ENTRY(error_exit)
+@@ -1667,7 +2198,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24294,7 +24284,7 @@ index 02553d6..ff1450f4 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1722,9 +2256,11 @@ ENTRY(nmi)
+@@ -1725,9 +2256,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24307,7 +24297,7 @@ index 02553d6..ff1450f4 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1758,8 +2294,7 @@ nested_nmi:
+@@ -1761,8 +2294,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24317,7 +24307,7 @@ index 02553d6..ff1450f4 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1777,6 +2312,7 @@ nested_nmi_out:
+@@ -1780,6 +2312,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24325,7 +24315,7 @@ index 02553d6..ff1450f4 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1873,13 +2409,13 @@ end_repeat_nmi:
+@@ -1876,13 +2409,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24341,7 +24331,7 @@ index 02553d6..ff1450f4 100644
DEFAULT_FRAME 0
/*
-@@ -1889,9 +2425,9 @@ end_repeat_nmi:
+@@ -1892,9 +2425,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24353,7 +24343,7 @@ index 02553d6..ff1450f4 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1900,31 +2436,36 @@ end_repeat_nmi:
+@@ -1903,31 +2436,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -28713,7 +28703,7 @@ index c697625..a032162 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 38d3751..497a96f 100644
+index 09651d4..cdb8f22 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2258,7 +2258,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
@@ -43382,6 +43372,25 @@ index 9f5ad7c..588cd84 100644
wake_up_process(pool->thread);
}
}
+diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
+index a841123..055ebeb 100644
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
+ if (dmasync)
+ dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+
++ /*
++ * If the combination of the addr and size requested for this memory
++ * region causes an integer overflow, return error.
++ */
++ if ((PAGE_ALIGN(addr + size) <= size) ||
++ (PAGE_ALIGN(addr + size) <= addr))
++ return ERR_PTR(-EINVAL);
++
+ if (!can_do_mlock())
+ return ERR_PTR(-EPERM);
+
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index 41b1195..27971a0 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
@@ -44069,7 +44078,7 @@ index eb62461..2b7fc71 100644
/* Blow away the connection if it exists. */
diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h
-index 1946101..09766d2 100644
+index 675d3c7..65d72bc 100644
--- a/drivers/infiniband/hw/qib/qib.h
+++ b/drivers/infiniband/hw/qib/qib.h
@@ -52,6 +52,7 @@
@@ -44733,7 +44742,7 @@ index e2d4e58..40cd045 100644
/* error message helper function */
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
-index 53d487f..cae33fe 100644
+index 53d487f..b4987ea 100644
--- a/drivers/isdn/icn/icn.c
+++ b/drivers/isdn/icn/icn.c
@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card)
@@ -44777,6 +44786,15 @@ index 53d487f..cae33fe 100644
i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
}
break;
+@@ -1610,7 +1609,7 @@ icn_setup(char *line)
+ if (ints[0] > 1)
+ membase = (unsigned long)ints[2];
+ if (str && *str) {
+- strcpy(sid, str);
++ strlcpy(sid, str, sizeof(sid));
+ icn_id = sid;
+ if ((p = strchr(sid, ','))) {
+ *p++ = 0;
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index a4f05c5..1433bc5 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -45007,7 +45025,7 @@ index 5152142..623d141 100644
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 7dfdb5c..4caada6 100644
+index 089d627..ef7352e 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -45064,7 +45082,7 @@ index 7dfdb5c..4caada6 100644
m = NULL;
if (likely(m))
-@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -936,7 +936,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
@@ -45073,7 +45091,7 @@ index 7dfdb5c..4caada6 100644
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1342,7 +1342,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
@@ -45193,7 +45211,7 @@ index e9d33ad..dae9880d 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 65ee3a0..1852af9 100644
+index 1582c3da..2a5ea0b 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -187,9 +187,9 @@ struct mapped_device {
@@ -45228,7 +45246,7 @@ index 65ee3a0..1852af9 100644
wake_up(&md->eventq);
}
-@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2740,18 +2740,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -48382,7 +48400,7 @@ index fbf7dcd..ad71499 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 07c942b..747b848 100644
+index e8c21f9..747b848 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev)
@@ -48394,33 +48412,7 @@ index 07c942b..747b848 100644
.kind = "macvtap",
.setup = macvtap_setup,
.newlink = macvtap_newlink,
-@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb,
- } /* else everything is zero */
- }
-
-+/* Neighbour code has some assumptions on HH_DATA_MOD alignment */
-+#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN)
-+
- /* Get packet from user space buffer */
- static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- const struct iovec *iv, unsigned long total_len,
- size_t count, int noblock)
- {
-- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN);
-+ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE);
- struct sk_buff *skb;
- struct macvlan_dev *vlan;
- unsigned long len = total_len;
-@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- linear = vnet_hdr.hdr_len;
- }
-
-- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen,
-+ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen,
- linear, noblock, &err);
- if (!skb)
- goto err;
-@@ -1023,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1026,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
}
ret = 0;
@@ -48429,7 +48421,7 @@ index 07c942b..747b848 100644
put_user(q->flags, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1193,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1196,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -48518,10 +48510,10 @@ index 1252d9c..80e660b 100644
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index 32efe83..cef96b8 100644
+index c28e2da..f58845e 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2098,7 +2098,7 @@ static unsigned int team_get_num_rx_queues(void)
+@@ -2096,7 +2096,7 @@ static unsigned int team_get_num_rx_queues(void)
return TEAM_DEFAULT_NUM_RX_QUEUES;
}
@@ -48530,7 +48522,7 @@ index 32efe83..cef96b8 100644
.kind = DRV_NAME,
.priv_size = sizeof(struct team),
.setup = team_setup,
-@@ -2886,7 +2886,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2884,7 +2884,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -51960,7 +51952,7 @@ index e8abb73..faa6fbe 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index df5e961..df6b97f 100644
+index eb81c98..e6716ae 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -52533,6 +52525,122 @@ index dc23395..cf7e9b1 100644
struct io_req {
struct list_head list;
+diff --git a/drivers/staging/rts5139/rts51x_transport.c b/drivers/staging/rts5139/rts51x_transport.c
+index c172f4a..ad5aeb6 100644
+--- a/drivers/staging/rts5139/rts51x_transport.c
++++ b/drivers/staging/rts5139/rts51x_transport.c
+@@ -339,11 +339,18 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+ void *data, u16 size, int timeout)
+ {
+ struct rts51x_usb *rts51x = chip->usb;
++ void *buf = kmalloc(size, GFP_KERNEL);
+ int result;
++ int ret;
++
++ if (buf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
+
+ RTS51X_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
+ __func__, request, requesttype, value, index, size);
+
++ memcpy(buf, data, size);
++
+ /* fill in the devrequest structure */
+ rts51x->cr->bRequestType = requesttype;
+ rts51x->cr->bRequest = request;
+@@ -353,12 +360,17 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+
+ /* fill and submit the URB */
+ usb_fill_control_urb(rts51x->current_urb, rts51x->pusb_dev, pipe,
+- (unsigned char *)rts51x->cr, data, size,
++ (unsigned char *)rts51x->cr, buf, size,
+ urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, rts51x->current_urb, timeout);
+
+- return interpret_urb_result(chip, pipe, size, result,
++ ret = interpret_urb_result(chip, pipe, size, result,
+ rts51x->current_urb->actual_length);
++ memcpy(data, buf, size);
++
++ kfree(buf);
++
++ return ret;
+ }
+
+ static int rts51x_clear_halt(struct rts51x_chip *chip, unsigned int pipe)
+@@ -535,17 +547,30 @@ static int rts51x_bulk_transfer_buf(struct rts51x_chip *chip,
+ unsigned int *act_len, int timeout)
+ {
+ int result;
++ int ret;
++ void *newbuf = kmalloc(length, GFP_KERNEL);
++
++ if (newbuf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ memcpy(newbuf, buf, length);
+
+ /* fill and submit the URB */
+ usb_fill_bulk_urb(chip->usb->current_urb, chip->usb->pusb_dev, pipe,
+- buf, length, urb_done_completion, NULL);
++ newbuf, length, urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, chip->usb->current_urb, timeout);
+
+ /* store the actual length of the data transferred */
+ if (act_len)
+ *act_len = chip->usb->current_urb->actual_length;
+- return interpret_urb_result(chip, pipe, length, result,
++ ret = interpret_urb_result(chip, pipe, length, result,
+ chip->usb->current_urb->actual_length);
++
++ memcpy(buf, newbuf, length);
++
++ kfree(newbuf);
++
++ return ret;
+ }
+
+ int rts51x_transfer_data(struct rts51x_chip *chip, unsigned int pipe,
+@@ -624,11 +649,19 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status)
+ unsigned int pipe = RCV_INTR_PIPE(chip);
+ struct usb_host_endpoint *ep;
+ struct completion urb_done;
++ u16 *buf_status;
+ int result;
++ int ret;
+
+ if (!status)
+ TRACE_RET(chip, STATUS_ERROR);
+
++ buf_status = kmalloc(sizeof(*status), GFP_KERNEL);
++ if (buf_status == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ *buf_status = *status;
++
+ /* set up data structures for the wakeup system */
+ init_completion(&urb_done);
+
+@@ -638,12 +671,17 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status)
+ /* Set interval to 10 here to match the endpoint descriptor,
+ * the polling interval is controlled by the polling thread */
+ usb_fill_int_urb(chip->usb->intr_urb, chip->usb->pusb_dev, pipe,
+- status, 2, urb_done_completion, &urb_done, 10);
++ buf_status, 2, urb_done_completion, &urb_done, 10);
+
+ result = rts51x_msg_common(chip, chip->usb->intr_urb, 100);
+
+- return interpret_urb_result(chip, pipe, 2, result,
++ ret = interpret_urb_result(chip, pipe, 2, result,
+ chip->usb->intr_urb->actual_length);
++ *status = *buf_status;
++
++ kfree(buf_status);
++
++ return ret;
+ }
+
+ u8 media_not_present[] = {
diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c
index 1f5088b..0e59820 100644
--- a/drivers/staging/sbe-2t3e3/netdev.c
@@ -53914,20 +54022,9 @@ index ce396ec..04a37be 100644
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 25d0741..f36ed8a 100644
+index 39988fa..f36ed8a 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -996,8 +996,8 @@ EXPORT_SYMBOL(start_tty);
- /* We limit tty time update visibility to every 8 seconds or so. */
- static void tty_update_time(struct timespec *time)
- {
-- unsigned long sec = get_seconds() & ~7;
-- if ((long)(sec - time->tv_sec) > 0)
-+ unsigned long sec = get_seconds();
-+ if (abs(sec - time->tv_sec) & ~7)
- time->tv_sec = sec;
- }
-
@@ -3480,7 +3480,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
@@ -53937,31 +54034,6 @@ index 25d0741..f36ed8a 100644
}
/*
-diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c
-index 6fd60fe..22da05d 100644
---- a/drivers/tty/tty_ioctl.c
-+++ b/drivers/tty/tty_ioctl.c
-@@ -217,11 +217,17 @@ void tty_wait_until_sent(struct tty_struct *tty, long timeout)
- #endif
- if (!timeout)
- timeout = MAX_SCHEDULE_TIMEOUT;
-+
- if (wait_event_interruptible_timeout(tty->write_wait,
-- !tty_chars_in_buffer(tty), timeout) >= 0) {
-- if (tty->ops->wait_until_sent)
-- tty->ops->wait_until_sent(tty, timeout);
-+ !tty_chars_in_buffer(tty), timeout) < 0) {
-+ return;
- }
-+
-+ if (timeout == MAX_SCHEDULE_TIMEOUT)
-+ timeout = 0;
-+
-+ if (tty->ops->wait_until_sent)
-+ tty->ops->wait_until_sent(tty, timeout);
- }
- EXPORT_SYMBOL(tty_wait_until_sent);
-
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index 2d822aa..a566234 100644
--- a/drivers/tty/tty_ldisc.c
@@ -54348,7 +54420,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 9ca7716..a2ccc2e 100644
+index 45b7b96..e016243 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -54753,29 +54825,6 @@ index 29fa1c3..a57b08e 100644
struct usb_serial_port *port = info->port;
struct usb_serial *serial;
int retval = -ENODEV;
-diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
-index b63ce02..d6a1979 100644
---- a/drivers/usb/serial/generic.c
-+++ b/drivers/usb/serial/generic.c
-@@ -258,7 +258,8 @@ void usb_serial_generic_wait_until_sent(struct tty_struct *tty, long timeout)
- * character or at least one jiffy.
- */
- period = max_t(unsigned long, (10 * HZ / bps), 1);
-- period = min_t(unsigned long, period, timeout);
-+ if (timeout)
-+ period = min_t(unsigned long, period, timeout);
-
- dev_dbg(&port->dev, "%s - timeout = %u ms, period = %u ms\n",
- __func__, jiffies_to_msecs(timeout),
-@@ -268,7 +269,7 @@ void usb_serial_generic_wait_until_sent(struct tty_struct *tty, long timeout)
- schedule_timeout_interruptible(period);
- if (signal_pending(current))
- break;
-- if (time_after(jiffies, expire))
-+ if (timeout && time_after(jiffies, expire))
- break;
- }
- }
diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h
index 75f70f0..d467e1a 100644
--- a/drivers/usb/storage/usb.h
@@ -58459,34 +58508,19 @@ index 6530ced..4a827e2 100644
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
-index 3182c0e..23b078e 100644
+index e3399dc..23b078e 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
-@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
- */
- static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
- {
-- struct autofs_dev_ioctl tmp;
-+ struct autofs_dev_ioctl tmp, *res;
-
- if (copy_from_user(&tmp, in, sizeof(tmp)))
- return ERR_PTR(-EFAULT);
-@@ -103,7 +103,14 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
+@@ -103,6 +103,9 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
if (tmp.size < sizeof(tmp))
return ERR_PTR(-EINVAL);
-- return memdup_user(in, tmp.size);
+ if (tmp.size > (PATH_MAX + sizeof(tmp)))
+ return ERR_PTR(-ENAMETOOLONG);
+
-+ res = memdup_user(in, tmp.size);
-+ if (!IS_ERR(res))
-+ res->size = tmp.size;
-+
-+ return res;
- }
-
- static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
+ res = memdup_user(in, tmp.size);
+ if (!IS_ERR(res))
+ res->size = tmp.size;
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 116fd38..c04182da 100644
--- a/fs/autofs4/waitq.c
@@ -59778,19 +59812,6 @@ index ff286f3..8153a14 100644
.name = "features",
.attrs = attrs,
};
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index aeb57b98..a7f32bf 100644
---- a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -979,7 +979,7 @@ again:
- base = btrfs_item_ptr_offset(leaf, path->slots[0]);
-
- while (cur_offset < item_size) {
-- extref = (struct btrfs_inode_extref *)base + cur_offset;
-+ extref = (struct btrfs_inode_extref *)(base + cur_offset);
-
- victim_name_len = btrfs_inode_extref_name_len(leaf, extref);
-
diff --git a/fs/buffer.c b/fs/buffer.c
index eef21c6..10a8304 100644
--- a/fs/buffer.c
@@ -61045,30 +61066,10 @@ index 4366127..b8c2cf9 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 1576195..5bf8b25 100644
+index 1ff8fe5..5bf8b25 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
-@@ -245,10 +245,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root)
- return 0;
- }
-
-+static void debugfs_evict_inode(struct inode *inode)
-+{
-+ truncate_inode_pages(&inode->i_data, 0);
-+ clear_inode(inode);
-+ if (S_ISLNK(inode->i_mode))
-+ kfree(inode->i_private);
-+}
-+
- static const struct super_operations debugfs_super_operations = {
- .statfs = simple_statfs,
- .remount_fs = debugfs_remount,
- .show_options = debugfs_show_options,
-+ .evict_inode = debugfs_evict_inode,
- };
-
- static int debug_fill_super(struct super_block *sb, void *data, int silent)
-@@ -415,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
+@@ -424,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
*/
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
{
@@ -61080,38 +61081,6 @@ index 1576195..5bf8b25 100644
parent, NULL, NULL);
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
-@@ -465,23 +478,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent)
- int ret = 0;
-
- if (debugfs_positive(dentry)) {
-- if (dentry->d_inode) {
-- dget(dentry);
-- switch (dentry->d_inode->i_mode & S_IFMT) {
-- case S_IFDIR:
-- ret = simple_rmdir(parent->d_inode, dentry);
-- break;
-- case S_IFLNK:
-- kfree(dentry->d_inode->i_private);
-- /* fall through */
-- default:
-- simple_unlink(parent->d_inode, dentry);
-- break;
-- }
-- if (!ret)
-- d_delete(dentry);
-- dput(dentry);
-- }
-+ dget(dentry);
-+ if (S_ISDIR(dentry->d_inode->i_mode))
-+ ret = simple_rmdir(parent->d_inode, dentry);
-+ else
-+ simple_unlink(parent->d_inode, dentry);
-+ if (!ret)
-+ d_delete(dentry);
-+ dput(dentry);
- }
- return ret;
- }
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index a85ceb7..5097313b 100644
--- a/fs/ecryptfs/inode.c
@@ -62275,6 +62244,48 @@ index 1268a1b..adf949f 100644
__ext4_warning(sb, function, line,
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
+index 2400ad1..0bc93ab 100644
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -400,7 +400,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+
+ ext4_debug("mark blocks [%llu/%u] used\n", block, count);
+ for (count2 = count; count > 0; count -= count2, block += count2) {
+- ext4_fsblk_t start;
++ ext4_fsblk_t start, diff;
+ struct buffer_head *bh;
+ ext4_group_t group;
+ int err;
+@@ -409,10 +409,6 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ start = ext4_group_first_block_no(sb, group);
+ group -= flex_gd->groups[0].group;
+
+- count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start);
+- if (count2 > count)
+- count2 = count;
+-
+ if (flex_gd->bg_flags[group] & EXT4_BG_BLOCK_UNINIT) {
+ BUG_ON(flex_gd->count > 1);
+ continue;
+@@ -429,9 +425,15 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ err = ext4_journal_get_write_access(handle, bh);
+ if (err)
+ return err;
++
++ diff = block - start;
++ count2 = EXT4_BLOCKS_PER_GROUP(sb) - diff;
++ if (count2 > count)
++ count2 = count;
++
+ ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block,
+- block - start, count2);
+- ext4_set_bits(bh->b_data, block - start, count2);
++ diff, count2);
++ ext4_set_bits(bh->b_data, diff, count2);
+
+ err = ext4_handle_dirty_metadata(handle, NULL, bh);
+ if (unlikely(err))
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 9fb3e6c..9a82508 100644
--- a/fs/ext4/super.c
@@ -66743,10 +66754,10 @@ index 985ea88..d118a0a 100644
}
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
-index b7f268e..3bea6b7 100644
+index 2e2d9d5..0ac3d4e 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
-@@ -23,6 +23,7 @@
+@@ -22,6 +22,7 @@
#include <linux/bitops.h>
#include <linux/spinlock.h>
#include <linux/completion.h>
@@ -66754,7 +66765,7 @@ index b7f268e..3bea6b7 100644
#include <asm/uaccess.h>
#include "internal.h"
-@@ -207,6 +208,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
+@@ -195,6 +196,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
return proc_lookup_de(PDE(dir), dir, dentry);
}
@@ -66770,7 +66781,7 @@ index b7f268e..3bea6b7 100644
/*
* This returns non-zero if at EOF, so that the /proc
* root directory can use this and check if it should
-@@ -264,6 +274,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
+@@ -252,6 +262,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
return proc_readdir_de(PDE(inode), file, ctx);
}
@@ -66787,7 +66798,7 @@ index b7f268e..3bea6b7 100644
/*
* These are the generic /proc directory operations. They
* use the in-memory "struct proc_dir_entry" tree to parse
-@@ -275,6 +295,12 @@ static const struct file_operations proc_dir_operations = {
+@@ -263,6 +283,12 @@ static const struct file_operations proc_dir_operations = {
.iterate = proc_readdir,
};
@@ -66800,7 +66811,7 @@ index b7f268e..3bea6b7 100644
/*
* proc directories can do almost nothing..
*/
-@@ -284,6 +310,12 @@ static const struct inode_operations proc_dir_inode_operations = {
+@@ -272,6 +298,12 @@ static const struct inode_operations proc_dir_inode_operations = {
.setattr = proc_notify_change,
};
@@ -66813,7 +66824,7 @@ index b7f268e..3bea6b7 100644
static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp)
{
struct proc_dir_entry *tmp;
-@@ -294,8 +326,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
+@@ -282,8 +314,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
return ret;
if (S_ISDIR(dp->mode)) {
@@ -66829,7 +66840,7 @@ index b7f268e..3bea6b7 100644
dir->nlink++;
} else if (S_ISLNK(dp->mode)) {
dp->proc_iops = &proc_link_inode_operations;
-@@ -407,6 +444,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
+@@ -395,6 +432,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
}
EXPORT_SYMBOL_GPL(proc_mkdir_data);
@@ -66857,7 +66868,7 @@ index b7f268e..3bea6b7 100644
struct proc_dir_entry *proc_mkdir_mode(const char *name, umode_t mode,
struct proc_dir_entry *parent)
{
-@@ -421,6 +479,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
+@@ -409,6 +467,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
}
EXPORT_SYMBOL(proc_mkdir);
@@ -66872,13 +66883,13 @@ index b7f268e..3bea6b7 100644
struct proc_dir_entry *parent,
const struct file_operations *proc_fops,
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 124fc43..8afbb02 100644
+index 2f2815f..07fa320 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -23,11 +23,17 @@
- #include <linux/slab.h>
+@@ -24,11 +24,17 @@
#include <linux/mount.h>
#include <linux/magic.h>
+ #include <linux/namei.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -66893,7 +66904,7 @@ index 124fc43..8afbb02 100644
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -55,6 +61,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -56,6 +62,13 @@ static void proc_evict_inode(struct inode *inode)
ns = PROC_I(inode)->ns.ns;
if (ns_ops && ns)
ns_ops->put(ns);
@@ -66907,7 +66918,7 @@ index 124fc43..8afbb02 100644
}
static struct kmem_cache * proc_inode_cachep;
-@@ -413,7 +426,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -434,7 +447,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -66920,7 +66931,7 @@ index 124fc43..8afbb02 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 651d09a..6a4b495 100644
+index 8b8ca1d..d15474f 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -46,9 +46,10 @@ struct proc_dir_entry {
@@ -88370,7 +88381,7 @@ index 9a00147..d814573 100644
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 1772fad..282e3e2 100644
+index 34932540..8d54ec7 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -754,7 +754,7 @@ struct se_device {
@@ -88764,7 +88775,7 @@ index 30f5362..8ed8ac9 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 8b9521a..8a3cc34 100644
+index 8b9521a..8a3cc34d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -96858,7 +96869,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 472259b..7a58e99 100644
+index c3e8660..3499fac 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -96905,7 +96916,7 @@ index 472259b..7a58e99 100644
if (ret)
goto out;
-@@ -2629,6 +2633,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2630,6 +2634,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -96933,7 +96944,7 @@ index 472259b..7a58e99 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2745,6 +2770,11 @@ retry_avoidcopy:
+@@ -2746,6 +2771,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -96945,7 +96956,7 @@ index 472259b..7a58e99 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2909,6 +2939,10 @@ retry:
+@@ -2910,6 +2940,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -96956,7 +96967,7 @@ index 472259b..7a58e99 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
-@@ -2939,6 +2973,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2940,6 +2974,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -96967,7 +96978,7 @@ index 472259b..7a58e99 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2952,6 +2990,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2953,6 +2991,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -97270,7 +97281,7 @@ index a98c7fc..393f8f1 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 7f30bea..67cb92b 100644
+index 102af09..4118c57 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -98155,7 +98166,7 @@ index b1eb536..091d154 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 085bcd8..916b1d4 100644
+index d4c97ba..916b1d4 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -37,6 +37,7 @@
@@ -98220,24 +98231,6 @@ index 085bcd8..916b1d4 100644
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
-@@ -129,7 +150,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- vm_acct_memory(pages);
-
-@@ -193,7 +214,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
@@ -99766,7 +99759,7 @@ index 05f1180..c3cde48 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 3ee4f74..d79b8e2 100644
+index 76b3f90..d79b8e2 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
@@ -99801,24 +99794,6 @@ index 3ee4f74..d79b8e2 100644
*region = *vma->vm_region;
new->vm_region = region;
-@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- vm_acct_memory(pages);
-
-@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
}
EXPORT_SYMBOL(generic_file_remap_pages);
@@ -99864,7 +99839,7 @@ index 9f45f87..749bfd8 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index ea41913..d1a474f 100644
+index 0479732..4c6aee3 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -99960,7 +99935,7 @@ index ea41913..d1a474f 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1948,7 +1988,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -1946,7 +1986,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -99969,7 +99944,7 @@ index ea41913..d1a474f 100644
zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
} while (zone++ != preferred_zone);
}
-@@ -5711,7 +5751,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -5709,7 +5749,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -99978,7 +99953,7 @@ index ea41913..d1a474f 100644
setup_zone_migrate_reserve(zone);
spin_unlock_irqrestore(&zone->lock, flags);
-@@ -6652,4 +6692,4 @@ void dump_page(struct page *page, char *reason)
+@@ -6650,4 +6690,4 @@ void dump_page(struct page *page, char *reason)
{
dump_page_badflags(page, reason, 0);
}
@@ -102626,7 +102601,7 @@ index 2e87eec..6301eb0 100644
switch (ss->ss_family) {
diff --git a/net/compat.c b/net/compat.c
-index cbc1a2a..ab7644e 100644
+index 275af79..859a46f 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
@@ -102756,7 +102731,7 @@ index cbc1a2a..ab7644e 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -804,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -795,7 +795,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -102779,7 +102754,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 4ed77d7..e1ef1c9 100644
+index f6d8d7f..846845c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -103182,7 +103157,7 @@ index 723fa7d..81bd037 100644
iph->ttl = 64;
iph->protocol = IPPROTO_UDP;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
-index fdac61c..e5e5b46 100644
+index ca68d32..236499d 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -3719,7 +3719,7 @@ static int __net_init pg_net_init(struct net *net)
@@ -103195,7 +103170,7 @@ index fdac61c..e5e5b46 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index a6613ff..810aa44 100644
+index 8aadd6a..adf3f59 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -103233,7 +103208,7 @@ index a6613ff..810aa44 100644
}
EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
-@@ -2010,6 +2013,10 @@ replay:
+@@ -2006,6 +2009,10 @@ replay:
if (IS_ERR(dest_net))
return PTR_ERR(dest_net);
@@ -103244,7 +103219,7 @@ index a6613ff..810aa44 100644
dev = rtnl_create_link(dest_net, ifname, ops, tb);
if (IS_ERR(dev)) {
err = PTR_ERR(dev);
-@@ -2689,6 +2696,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -2693,6 +2700,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
if (br_spec) {
nla_for_each_nested(attr, br_spec, rem) {
if (nla_type(attr) == IFLA_BRIDGE_FLAGS) {
@@ -103254,7 +103229,7 @@ index a6613ff..810aa44 100644
have_flags = true;
flags = nla_get_u16(attr);
break;
-@@ -2759,6 +2769,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -2763,6 +2773,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
if (br_spec) {
nla_for_each_nested(attr, br_spec, rem) {
if (nla_type(attr) == IFLA_BRIDGE_FLAGS) {
@@ -103559,10 +103534,19 @@ index c38e7a2..773e3d7 100644
}
EXPORT_SYMBOL_GPL(sock_diag_unregister);
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
-index cf9cd13..8b56af3 100644
+index cf9cd13..26d07e0 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
-@@ -32,7 +32,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+@@ -25,6 +25,8 @@
+ static int zero = 0;
+ static int one = 1;
+ static int ushort_max = USHRT_MAX;
++static int min_sndbuf = SOCK_MIN_SNDBUF;
++static int min_rcvbuf = SOCK_MIN_RCVBUF;
+
+ #ifdef CONFIG_RPS
+ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+@@ -32,7 +34,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
{
unsigned int orig_size, size;
int ret, i;
@@ -103571,7 +103555,7 @@ index cf9cd13..8b56af3 100644
.data = &size,
.maxlen = sizeof(size),
.mode = table->mode
-@@ -200,7 +200,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
+@@ -200,7 +202,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
char id[IFNAMSIZ];
@@ -103580,7 +103564,43 @@ index cf9cd13..8b56af3 100644
.data = id,
.maxlen = IFNAMSIZ,
};
-@@ -379,13 +379,12 @@ static struct ctl_table netns_core_table[] = {
+@@ -223,7 +225,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_max",
+@@ -231,7 +233,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "wmem_default",
+@@ -239,7 +241,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_default",
+@@ -247,7 +249,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "dev_weight",
+@@ -379,13 +381,12 @@ static struct ctl_table netns_core_table[] = {
static __net_init int sysctl_core_net_init(struct net *net)
{
@@ -103596,7 +103616,7 @@ index cf9cd13..8b56af3 100644
if (tbl == NULL)
goto err_dup;
-@@ -395,17 +394,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
+@@ -395,17 +396,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
if (net->user_ns != &init_user_ns) {
tbl[0].procname = NULL;
}
@@ -103618,7 +103638,7 @@ index cf9cd13..8b56af3 100644
err_dup:
return -ENOMEM;
}
-@@ -420,7 +418,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+@@ -420,7 +420,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
kfree(tbl);
}
@@ -103911,6 +103931,42 @@ index 0d1e2cb..4501a2c 100644
EXPORT_SYMBOL(sysctl_local_reserved_ports);
void inet_get_local_port_range(struct net *net, int *low, int *high)
+diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
+index e34dccb..4eeba4e 100644
+--- a/net/ipv4/inet_diag.c
++++ b/net/ipv4/inet_diag.c
+@@ -71,6 +71,20 @@ static inline void inet_diag_unlock_handler(
+ mutex_unlock(&inet_diag_table_mutex);
+ }
+
++static size_t inet_sk_attr_size(void)
++{
++ return nla_total_size(sizeof(struct tcp_info))
++ + nla_total_size(1) /* INET_DIAG_SHUTDOWN */
++ + nla_total_size(1) /* INET_DIAG_TOS */
++ + nla_total_size(1) /* INET_DIAG_TCLASS */
++ + nla_total_size(sizeof(struct inet_diag_meminfo))
++ + nla_total_size(sizeof(struct inet_diag_msg))
++ + nla_total_size(SK_MEMINFO_VARS * sizeof(u32))
++ + nla_total_size(TCP_CA_NAME_MAX)
++ + nla_total_size(sizeof(struct tcpvegas_info))
++ + 64;
++}
++
+ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
+ struct sk_buff *skb, struct inet_diag_req_v2 *req,
+ struct user_namespace *user_ns,
+@@ -324,9 +338,7 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_s
+ if (err)
+ goto out;
+
+- rep = nlmsg_new(sizeof(struct inet_diag_msg) +
+- sizeof(struct inet_diag_meminfo) +
+- sizeof(struct tcp_info) + 64, GFP_KERNEL);
++ rep = nlmsg_new(inet_sk_attr_size(), GFP_KERNEL);
+ if (!rep) {
+ err = -ENOMEM;
+ goto out;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 8b9cf27..9c17cab 100644
--- a/net/ipv4/inet_hashtables.c
@@ -103955,7 +104011,7 @@ index bf2cb4a..d83ba8a 100644
p->rate_tokens = 0;
/* 60*HZ is arbitrary, but chosen enough high so that the first
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index c10a3ce..dd71f84 100644
+index 9ff497d..877a388 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -283,7 +283,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
@@ -103967,7 +104023,7 @@ index c10a3ce..dd71f84 100644
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
-@@ -760,12 +760,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -763,12 +763,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
static int __net_init ip4_frags_ns_ctl_register(struct net *net)
{
@@ -103982,7 +104038,7 @@ index c10a3ce..dd71f84 100644
if (table == NULL)
goto err_alloc;
-@@ -776,9 +775,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -779,9 +778,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -103995,7 +104051,7 @@ index c10a3ce..dd71f84 100644
if (hdr == NULL)
goto err_reg;
-@@ -786,8 +786,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -789,8 +789,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
return 0;
err_reg:
@@ -104271,7 +104327,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 04ce671..f13b8c2 100644
+index b94002a..f13b8c2 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -104283,38 +104339,20 @@ index 04ce671..f13b8c2 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk)
+@@ -259,10 +259,9 @@ int ping_init_sock(struct sock *sk)
kgid_t low, high;
int ret = 0;
-+ if (sk->sk_family == AF_INET6)
+-#if IS_ENABLED(CONFIG_IPV6)
+ if (sk->sk_family == AF_INET6)
+- inet6_sk(sk)->ipv6only = 1;
+-#endif
+ sk->sk_ipv6only = 1;
+
inet_get_ping_group_range_net(net, &low, &high);
if (gid_lte(low, group) && gid_lte(group, high))
return 0;
-@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- if (addr_len < sizeof(*addr))
- return -EINVAL;
-
-+ if (addr->sin_family != AF_INET &&
-+ !(addr->sin_family == AF_UNSPEC &&
-+ addr->sin_addr.s_addr == htonl(INADDR_ANY)))
-+ return -EAFNOSUPPORT;
-+
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
- sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
-
-@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- return -EINVAL;
-
- if (addr->sin6_family != AF_INET6)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
-
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
- sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
-@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -359,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -104323,7 +104361,7 @@ index 04ce671..f13b8c2 100644
scoped);
rcu_read_unlock();
-@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -567,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -104332,7 +104370,7 @@ index 04ce671..f13b8c2 100644
#endif
}
-@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -585,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -104341,16 +104379,7 @@ index 04ce671..f13b8c2 100644
info, (u8 *)icmph);
#endif
}
-@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
- if (msg->msg_namelen < sizeof(*usin))
- return -EINVAL;
- if (usin->sin_family != AF_INET)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
- daddr = usin->sin_addr.s_addr;
- /* no remote port */
- } else {
-@@ -860,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -869,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
return ip_recv_error(sk, msg, len, addr_len);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -104359,7 +104388,7 @@ index 04ce671..f13b8c2 100644
addr_len);
#endif
}
-@@ -918,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -927,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -104372,7 +104401,7 @@ index 04ce671..f13b8c2 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1116,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1125,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -105479,23 +105508,10 @@ index 767ab8d..c5ec70a 100644
return -ENOMEM;
}
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
-index bda7429..5b5bbe3 100644
+index 4611995..5b5bbe3 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
-@@ -103,9 +103,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
-
- if (msg->msg_name) {
- DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name);
-- if (msg->msg_namelen < sizeof(struct sockaddr_in6) ||
-- u->sin6_family != AF_INET6) {
-+ if (msg->msg_namelen < sizeof(*u))
- return -EINVAL;
-+ if (u->sin6_family != AF_INET6) {
-+ return -EAFNOSUPPORT;
- }
- if (sk->sk_bound_dev_if &&
- sk->sk_bound_dev_if != u->sin6_scope_id) {
-@@ -246,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = {
+@@ -247,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = {
};
#endif
@@ -105520,7 +105536,7 @@ index bda7429..5b5bbe3 100644
int __init pingv6_init(void)
{
#ifdef CONFIG_PROC_FS
-@@ -253,13 +272,7 @@ int __init pingv6_init(void)
+@@ -254,13 +272,7 @@ int __init pingv6_init(void)
if (ret)
return ret;
#endif
@@ -105535,7 +105551,7 @@ index bda7429..5b5bbe3 100644
return inet6_register_protosw(&pingv6_protosw);
}
-@@ -268,14 +281,9 @@ int __init pingv6_init(void)
+@@ -269,14 +281,9 @@ int __init pingv6_init(void)
*/
void pingv6_exit(void)
{
@@ -105682,7 +105698,7 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 6f1b850..50e95c7 100644
+index 3809ca2..fdda6b4 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2970,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = {
@@ -105999,7 +106015,7 @@ index e15c16a..7cf07aa 100644
if (!ipx_proc_dir)
goto out;
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index 2ba8b97..6d33010 100644
+index fdcb968..2b6cc59 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -317,11 +317,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
@@ -106055,7 +106071,7 @@ index 2ba8b97..6d33010 100644
/* Not really used by us, but lets do it anyway */
self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -987,7 +987,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
+@@ -989,7 +989,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
tty_kref_put(port->tty);
}
port->tty = NULL;
@@ -106064,7 +106080,7 @@ index 2ba8b97..6d33010 100644
spin_unlock_irqrestore(&port->lock, flags);
wake_up_interruptible(&port->open_wait);
-@@ -1344,7 +1344,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
+@@ -1346,7 +1346,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
seq_putc(m, '\n');
seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
@@ -106383,18 +106399,6 @@ index 6ff1346..936ca9a 100644
return -EFAULT;
return p;
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index e5a7ac2..dca076f 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -562,6 +562,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
- if (tx->sdata->control_port_no_encrypt)
- info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
- info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
-+ info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
- }
-
- return TX_CONTINUE;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 6427625..afa5a5a 100644
--- a/net/mac80211/util.c
@@ -107260,6 +107264,94 @@ index a91e1db..cf3053f 100644
#else
ic->i_ack_next = 0;
#endif
+diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c
+index a817705..dba8d08 100644
+--- a/net/rds/iw_rdma.c
++++ b/net/rds/iw_rdma.c
+@@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
+ int *unpinned);
+ static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
+
+-static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id)
++static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst,
++ struct rds_iw_device **rds_iwdev,
++ struct rdma_cm_id **cm_id)
+ {
+ struct rds_iw_device *iwdev;
+ struct rds_iw_cm_id *i_cm_id;
+@@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ src_addr->sin_port,
+ dst_addr->sin_addr.s_addr,
+ dst_addr->sin_port,
+- rs->rs_bound_addr,
+- rs->rs_bound_port,
+- rs->rs_conn_addr,
+- rs->rs_conn_port);
++ src->sin_addr.s_addr,
++ src->sin_port,
++ dst->sin_addr.s_addr,
++ dst->sin_port);
+ #ifdef WORKING_TUPLE_DETECTION
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr &&
+- src_addr->sin_port == rs->rs_bound_port &&
+- dst_addr->sin_addr.s_addr == rs->rs_conn_addr &&
+- dst_addr->sin_port == rs->rs_conn_port) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr &&
++ src_addr->sin_port == src->sin_port &&
++ dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr &&
++ dst_addr->sin_port == dst->sin_port) {
+ #else
+ /* FIXME - needs to compare the local and remote
+ * ipaddr/port tuple, but the ipaddr is the only
+@@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ * zero'ed. It doesn't appear to be properly populated
+ * during connection setup...
+ */
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) {
+ #endif
+ spin_unlock_irq(&iwdev->spinlock);
+ *rds_iwdev = iwdev;
+@@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i
+ {
+ struct sockaddr_in *src_addr, *dst_addr;
+ struct rds_iw_device *rds_iwdev_old;
+- struct rds_sock rs;
+ struct rdma_cm_id *pcm_id;
+ int rc;
+
+ src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr;
+ dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr;
+
+- rs.rs_bound_addr = src_addr->sin_addr.s_addr;
+- rs.rs_bound_port = src_addr->sin_port;
+- rs.rs_conn_addr = dst_addr->sin_addr.s_addr;
+- rs.rs_conn_port = dst_addr->sin_port;
+-
+- rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id);
++ rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id);
+ if (rc)
+ rds_iw_remove_cm_id(rds_iwdev, cm_id);
+
+@@ -598,9 +594,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents,
+ struct rds_iw_device *rds_iwdev;
+ struct rds_iw_mr *ibmr = NULL;
+ struct rdma_cm_id *cm_id;
++ struct sockaddr_in src = {
++ .sin_addr.s_addr = rs->rs_bound_addr,
++ .sin_port = rs->rs_bound_port,
++ };
++ struct sockaddr_in dst = {
++ .sin_addr.s_addr = rs->rs_conn_addr,
++ .sin_port = rs->rs_conn_port,
++ };
+ int ret;
+
+- ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id);
++ ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id);
+ if (ret || !cm_id) {
+ ret = -ENODEV;
+ goto out;
diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c
index 4503335..db566b4 100644
--- a/net/rds/iw_recv.c
@@ -108299,18 +108391,9 @@ index 0f73f45..a96aa52 100644
/* make a copy for the caller */
*handle = ctxh;
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
-index ae333c1..1dca80d 100644
+index 0adc66c..1dca80d 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
-@@ -920,7 +920,7 @@ static unsigned int cache_poll(struct file *filp, poll_table *wait,
- poll_wait(filp, &queue_wait, wait);
-
- /* alway allow write */
-- mask = POLL_OUT | POLLWRNORM;
-+ mask = POLLOUT | POLLWRNORM;
-
- if (!rp)
- return mask;
@@ -1609,7 +1609,7 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net)
struct sunrpc_net *sn;
@@ -108632,7 +108715,7 @@ index 6424372..afd36e9 100644
sub->evt.event = htohl(event, sub->swap);
sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 94404f1..5782191 100644
+index 94404f1..5c1346e 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -791,6 +791,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -108681,7 +108764,24 @@ index 94404f1..5782191 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2344,9 +2363,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2243,11 +2262,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
+ writable = unix_writable(sk);
+ other = unix_peer_get(sk);
+ if (other) {
+- if (unix_peer(other) != sk) {
++ unix_state_lock(other);
++ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) {
++ unix_state_unlock(other);
+ sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
+ if (unix_recvq_full(other))
+ writable = 0;
+- }
++ } else
++ unix_state_unlock(other);
+ sock_put(other);
+ }
+
+@@ -2344,9 +2366,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -108696,7 +108796,7 @@ index 94404f1..5782191 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2373,8 +2396,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2373,8 +2399,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -111478,10 +111578,10 @@ index c4ac3c1..5266261 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 566b0f6..636730b 100644
+index ee24057..3114985 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -2811,11 +2811,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -2813,11 +2813,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
@@ -113059,7 +113159,7 @@ index 0000000..3b5af59
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..de1d984
+index 0000000..cd95c07
--- /dev/null
+++ b/tools/gcc/gcc-common.h
@@ -0,0 +1,375 @@
@@ -113283,7 +113383,7 @@ index 0000000..de1d984
+
+#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0)
+
-+static inline bool gimple_clobber_p(gimple s)
++static inline bool gimple_clobber_p(gimple s __unused)
+{
+ return false;
+}
@@ -119906,10 +120006,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..3d3508d
+index 0000000..f084dc7
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,6042 @@
+@@ -0,0 +1,6045 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -124402,6 +124502,7 @@ index 0000000..3d3508d
+joydev_handle_JSIOCSAXMAP_48898 joydev_handle_JSIOCSAXMAP 3 48898 NULL
+xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL
+msg_hdr_sz_48908 msg_hdr_sz 0 48908 NULL
++rts51x_ctrl_transfer_48914 rts51x_ctrl_transfer 8 48914 NULL
+sep_crypto_dma_48937 sep_crypto_dma 0 48937 NULL
+si5351_write_parameters_48940 si5351_write_parameters 2 48940 NULL
+event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL
@@ -124544,6 +124645,7 @@ index 0000000..3d3508d
+lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL
+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 NULL
+tpm_read_50344 tpm_read 3 50344 NULL
++rts51x_bulk_transfer_buf_50352 rts51x_bulk_transfer_buf 4 50352 NULL
+isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL
+iwl_dbgfs_echo_test_write_50362 iwl_dbgfs_echo_test_write 3 50362 NULL
+xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL
@@ -125412,6 +125514,7 @@ index 0000000..3d3508d
+journal_init_dev_59384 journal_init_dev 5 59384 NULL
+__net_get_random_once_59389 __net_get_random_once 2 59389 NULL
+isku_sysfs_read_keys_function_59412 isku_sysfs_read_keys_function 6 59412 NULL
++rts51x_transfer_data_59416 rts51x_transfer_data 4 59416 NULL
+pci_ctrl_read_59424 pci_ctrl_read 0 59424 NULL
+vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL
+SyS_sched_setaffinity_59442 SyS_sched_setaffinity 2 59442 NULL
diff --git a/3.14.35/4425_grsec_remove_EI_PAX.patch b/3.14.36/4425_grsec_remove_EI_PAX.patch
index 86e242a..86e242a 100644
--- a/3.14.35/4425_grsec_remove_EI_PAX.patch
+++ b/3.14.36/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.35/4427_force_XATTR_PAX_tmpfs.patch b/3.14.36/4427_force_XATTR_PAX_tmpfs.patch
index 4c236cc..4c236cc 100644
--- a/3.14.35/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.14.36/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.35/4430_grsec-remove-localversion-grsec.patch b/3.14.36/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.14.35/4430_grsec-remove-localversion-grsec.patch
+++ b/3.14.36/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.35/4435_grsec-mute-warnings.patch b/3.14.36/4435_grsec-mute-warnings.patch
index 392cefb..392cefb 100644
--- a/3.14.35/4435_grsec-mute-warnings.patch
+++ b/3.14.36/4435_grsec-mute-warnings.patch
diff --git a/3.14.35/4440_grsec-remove-protected-paths.patch b/3.14.36/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.14.35/4440_grsec-remove-protected-paths.patch
+++ b/3.14.36/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.35/4450_grsec-kconfig-default-gids.patch b/3.14.36/4450_grsec-kconfig-default-gids.patch
index 8c878fc..8c878fc 100644
--- a/3.14.35/4450_grsec-kconfig-default-gids.patch
+++ b/3.14.36/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.35/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.36/4465_selinux-avc_audit-log-curr_ip.patch
index bba906e..bba906e 100644
--- a/3.14.35/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.14.36/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.35/4470_disable-compat_vdso.patch b/3.14.36/4470_disable-compat_vdso.patch
index 3b3953b..3b3953b 100644
--- a/3.14.35/4470_disable-compat_vdso.patch
+++ b/3.14.36/4470_disable-compat_vdso.patch
diff --git a/3.14.35/4475_emutramp_default_on.patch b/3.14.36/4475_emutramp_default_on.patch
index ad4967a..ad4967a 100644
--- a/3.14.35/4475_emutramp_default_on.patch
+++ b/3.14.36/4475_emutramp_default_on.patch
diff --git a/3.19.1/1000_linux-3.19.1.patch b/3.19.1/1000_linux-3.19.1.patch
deleted file mode 100644
index 0d6158e..0000000
--- a/3.19.1/1000_linux-3.19.1.patch
+++ /dev/null
@@ -1,7185 +0,0 @@
-diff --git a/Makefile b/Makefile
-index b15036b..688777b 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 19
--SUBLEVEL = 0
-+SUBLEVEL = 1
- EXTRAVERSION =
- NAME = Diseased Newt
-
-diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h
-index 6b0b7f7e..7670f33 100644
---- a/arch/arc/include/asm/pgtable.h
-+++ b/arch/arc/include/asm/pgtable.h
-@@ -259,7 +259,8 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep)
- #define pmd_clear(xp) do { pmd_val(*(xp)) = 0; } while (0)
-
- #define pte_page(x) (mem_map + \
-- (unsigned long)(((pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT)))
-+ (unsigned long)(((pte_val(x) - CONFIG_LINUX_LINK_BASE) >> \
-+ PAGE_SHIFT)))
-
- #define mk_pte(page, pgprot) \
- ({ \
-diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi
-index 6cc25ed..2c6248d 100644
---- a/arch/arm/boot/dts/am335x-bone-common.dtsi
-+++ b/arch/arm/boot/dts/am335x-bone-common.dtsi
-@@ -195,6 +195,7 @@
-
- &usb0 {
- status = "okay";
-+ dr_mode = "peripheral";
- };
-
- &usb1 {
-diff --git a/arch/arm/boot/dts/bcm63138.dtsi b/arch/arm/boot/dts/bcm63138.dtsi
-index d2d8e94..f46329c 100644
---- a/arch/arm/boot/dts/bcm63138.dtsi
-+++ b/arch/arm/boot/dts/bcm63138.dtsi
-@@ -66,8 +66,9 @@
- reg = <0x1d000 0x1000>;
- cache-unified;
- cache-level = <2>;
-- cache-sets = <16>;
-- cache-size = <0x80000>;
-+ cache-size = <524288>;
-+ cache-sets = <1024>;
-+ cache-line-size = <32>;
- interrupts = <GIC_PPI 0 IRQ_TYPE_LEVEL_HIGH>;
- };
-
-diff --git a/arch/arm/boot/dts/tegra20.dtsi b/arch/arm/boot/dts/tegra20.dtsi
-index 8acf5d8..f76fe94 100644
---- a/arch/arm/boot/dts/tegra20.dtsi
-+++ b/arch/arm/boot/dts/tegra20.dtsi
-@@ -68,9 +68,9 @@
- reset-names = "2d";
- };
-
-- gr3d@54140000 {
-+ gr3d@54180000 {
- compatible = "nvidia,tegra20-gr3d";
-- reg = <0x54140000 0x00040000>;
-+ reg = <0x54180000 0x00040000>;
- clocks = <&tegra_car TEGRA20_CLK_GR3D>;
- resets = <&tegra_car 24>;
- reset-names = "3d";
-@@ -130,9 +130,9 @@
- status = "disabled";
- };
-
-- dsi@542c0000 {
-+ dsi@54300000 {
- compatible = "nvidia,tegra20-dsi";
-- reg = <0x542c0000 0x00040000>;
-+ reg = <0x54300000 0x00040000>;
- clocks = <&tegra_car TEGRA20_CLK_DSI>;
- resets = <&tegra_car 48>;
- reset-names = "dsi";
-diff --git a/arch/arm/mach-bcm/Kconfig b/arch/arm/mach-bcm/Kconfig
-index aaeec78..8b11f44 100644
---- a/arch/arm/mach-bcm/Kconfig
-+++ b/arch/arm/mach-bcm/Kconfig
-@@ -68,7 +68,7 @@ config ARCH_BCM_MOBILE
- This enables support for systems based on Broadcom mobile SoCs.
-
- config ARCH_BCM_281XX
-- bool "Broadcom BCM281XX SoC family"
-+ bool "Broadcom BCM281XX SoC family" if ARCH_MULTI_V7
- select ARCH_BCM_MOBILE
- select HAVE_SMP
- help
-@@ -77,7 +77,7 @@ config ARCH_BCM_281XX
- variants.
-
- config ARCH_BCM_21664
-- bool "Broadcom BCM21664 SoC family"
-+ bool "Broadcom BCM21664 SoC family" if ARCH_MULTI_V7
- select ARCH_BCM_MOBILE
- select HAVE_SMP
- help
-diff --git a/arch/arm/mach-bcm/platsmp-brcmstb.c b/arch/arm/mach-bcm/platsmp-brcmstb.c
-index 31c87a2..e209e6f 100644
---- a/arch/arm/mach-bcm/platsmp-brcmstb.c
-+++ b/arch/arm/mach-bcm/platsmp-brcmstb.c
-@@ -17,6 +17,7 @@
- #include <linux/errno.h>
- #include <linux/init.h>
- #include <linux/io.h>
-+#include <linux/jiffies.h>
- #include <linux/of_address.h>
- #include <linux/of_platform.h>
- #include <linux/printk.h>
-@@ -94,10 +95,35 @@ static u32 pwr_ctrl_rd(u32 cpu)
- return readl_relaxed(base);
- }
-
--static void pwr_ctrl_wr(u32 cpu, u32 val)
-+static void pwr_ctrl_set(unsigned int cpu, u32 val, u32 mask)
- {
- void __iomem *base = pwr_ctrl_get_base(cpu);
-- writel(val, base);
-+ writel((readl(base) & mask) | val, base);
-+}
-+
-+static void pwr_ctrl_clr(unsigned int cpu, u32 val, u32 mask)
-+{
-+ void __iomem *base = pwr_ctrl_get_base(cpu);
-+ writel((readl(base) & mask) & ~val, base);
-+}
-+
-+#define POLL_TMOUT_MS 500
-+static int pwr_ctrl_wait_tmout(unsigned int cpu, u32 set, u32 mask)
-+{
-+ const unsigned long timeo = jiffies + msecs_to_jiffies(POLL_TMOUT_MS);
-+ u32 tmp;
-+
-+ do {
-+ tmp = pwr_ctrl_rd(cpu) & mask;
-+ if (!set == !tmp)
-+ return 0;
-+ } while (time_before(jiffies, timeo));
-+
-+ tmp = pwr_ctrl_rd(cpu) & mask;
-+ if (!set == !tmp)
-+ return 0;
-+
-+ return -ETIMEDOUT;
- }
-
- static void cpu_rst_cfg_set(u32 cpu, int set)
-@@ -139,15 +165,22 @@ static void brcmstb_cpu_power_on(u32 cpu)
- * The secondary cores power was cut, so we must go through
- * power-on initialization.
- */
-- u32 tmp;
-+ pwr_ctrl_set(cpu, ZONE_MAN_ISO_CNTL_MASK, 0xffffff00);
-+ pwr_ctrl_set(cpu, ZONE_MANUAL_CONTROL_MASK, -1);
-+ pwr_ctrl_set(cpu, ZONE_RESERVED_1_MASK, -1);
-
-- /* Request zone power up */
-- pwr_ctrl_wr(cpu, ZONE_PWR_UP_REQ_MASK);
-+ pwr_ctrl_set(cpu, ZONE_MAN_MEM_PWR_MASK, -1);
-
-- /* Wait for the power up FSM to complete */
-- do {
-- tmp = pwr_ctrl_rd(cpu);
-- } while (!(tmp & ZONE_PWR_ON_STATE_MASK));
-+ if (pwr_ctrl_wait_tmout(cpu, 1, ZONE_MEM_PWR_STATE_MASK))
-+ panic("ZONE_MEM_PWR_STATE_MASK set timeout");
-+
-+ pwr_ctrl_set(cpu, ZONE_MAN_CLKEN_MASK, -1);
-+
-+ if (pwr_ctrl_wait_tmout(cpu, 1, ZONE_DPG_PWR_STATE_MASK))
-+ panic("ZONE_DPG_PWR_STATE_MASK set timeout");
-+
-+ pwr_ctrl_clr(cpu, ZONE_MAN_ISO_CNTL_MASK, -1);
-+ pwr_ctrl_set(cpu, ZONE_MAN_RESET_CNTL_MASK, -1);
- }
-
- static int brcmstb_cpu_get_power_state(u32 cpu)
-@@ -174,25 +207,33 @@ static void brcmstb_cpu_die(u32 cpu)
-
- static int brcmstb_cpu_kill(u32 cpu)
- {
-- u32 tmp;
-+ /*
-+ * Ordinarily, the hardware forbids power-down of CPU0 (which is good
-+ * because it is the boot CPU), but this is not true when using BPCM
-+ * manual mode. Consequently, we must avoid turning off CPU0 here to
-+ * ensure that TI2C master reset will work.
-+ */
-+ if (cpu == 0) {
-+ pr_warn("SMP: refusing to power off CPU0\n");
-+ return 1;
-+ }
-
- while (per_cpu_sw_state_rd(cpu))
- ;
-
-- /* Program zone reset */
-- pwr_ctrl_wr(cpu, ZONE_RESET_STATE_MASK | ZONE_BLK_RST_ASSERT_MASK |
-- ZONE_PWR_DN_REQ_MASK);
-+ pwr_ctrl_set(cpu, ZONE_MANUAL_CONTROL_MASK, -1);
-+ pwr_ctrl_clr(cpu, ZONE_MAN_RESET_CNTL_MASK, -1);
-+ pwr_ctrl_clr(cpu, ZONE_MAN_CLKEN_MASK, -1);
-+ pwr_ctrl_set(cpu, ZONE_MAN_ISO_CNTL_MASK, -1);
-+ pwr_ctrl_clr(cpu, ZONE_MAN_MEM_PWR_MASK, -1);
-
-- /* Verify zone reset */
-- tmp = pwr_ctrl_rd(cpu);
-- if (!(tmp & ZONE_RESET_STATE_MASK))
-- pr_err("%s: Zone reset bit for CPU %d not asserted!\n",
-- __func__, cpu);
-+ if (pwr_ctrl_wait_tmout(cpu, 0, ZONE_MEM_PWR_STATE_MASK))
-+ panic("ZONE_MEM_PWR_STATE_MASK clear timeout");
-
-- /* Wait for power down */
-- do {
-- tmp = pwr_ctrl_rd(cpu);
-- } while (!(tmp & ZONE_PWR_OFF_STATE_MASK));
-+ pwr_ctrl_clr(cpu, ZONE_RESERVED_1_MASK, -1);
-+
-+ if (pwr_ctrl_wait_tmout(cpu, 0, ZONE_DPG_PWR_STATE_MASK))
-+ panic("ZONE_DPG_PWR_STATE_MASK clear timeout");
-
- /* Flush pipeline before resetting CPU */
- mb();
-diff --git a/arch/arm/mach-mvebu/system-controller.c b/arch/arm/mach-mvebu/system-controller.c
-index a068cb5..c6c132a 100644
---- a/arch/arm/mach-mvebu/system-controller.c
-+++ b/arch/arm/mach-mvebu/system-controller.c
-@@ -126,7 +126,7 @@ int mvebu_system_controller_get_soc_id(u32 *dev, u32 *rev)
- return -ENODEV;
- }
-
--#ifdef CONFIG_SMP
-+#if defined(CONFIG_SMP) && defined(CONFIG_MACH_MVEBU_V7)
- void mvebu_armada375_smp_wa_init(void)
- {
- u32 dev, rev;
-diff --git a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-index ffd6604..b6ea88f 100644
---- a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-+++ b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c
-@@ -2017,7 +2017,7 @@ static struct omap_hwmod dra7xx_uart3_hwmod = {
- .class = &dra7xx_uart_hwmod_class,
- .clkdm_name = "l4per_clkdm",
- .main_clk = "uart3_gfclk_mux",
-- .flags = HWMOD_SWSUP_SIDLE_ACT,
-+ .flags = HWMOD_SWSUP_SIDLE_ACT | DEBUG_OMAP4UART3_FLAGS,
- .prcm = {
- .omap4 = {
- .clkctrl_offs = DRA7XX_CM_L4PER_UART3_CLKCTRL_OFFSET,
-diff --git a/arch/arm/mach-pxa/corgi.c b/arch/arm/mach-pxa/corgi.c
-index 06022b2..89f790d 100644
---- a/arch/arm/mach-pxa/corgi.c
-+++ b/arch/arm/mach-pxa/corgi.c
-@@ -26,6 +26,7 @@
- #include <linux/i2c.h>
- #include <linux/i2c/pxa-i2c.h>
- #include <linux/io.h>
-+#include <linux/regulator/machine.h>
- #include <linux/spi/spi.h>
- #include <linux/spi/ads7846.h>
- #include <linux/spi/corgi_lcd.h>
-@@ -752,6 +753,8 @@ static void __init corgi_init(void)
- sharpsl_nand_partitions[1].size = 53 * 1024 * 1024;
-
- platform_add_devices(devices, ARRAY_SIZE(devices));
-+
-+ regulator_has_full_constraints();
- }
-
- static void __init fixup_corgi(struct tag *tags, char **cmdline)
-diff --git a/arch/arm/mach-pxa/hx4700.c b/arch/arm/mach-pxa/hx4700.c
-index c66ad4e..5fb41ad 100644
---- a/arch/arm/mach-pxa/hx4700.c
-+++ b/arch/arm/mach-pxa/hx4700.c
-@@ -893,6 +893,8 @@ static void __init hx4700_init(void)
- mdelay(10);
- gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1);
- mdelay(10);
-+
-+ regulator_has_full_constraints();
- }
-
- MACHINE_START(H4700, "HP iPAQ HX4700")
-diff --git a/arch/arm/mach-pxa/poodle.c b/arch/arm/mach-pxa/poodle.c
-index 29019be..195b112 100644
---- a/arch/arm/mach-pxa/poodle.c
-+++ b/arch/arm/mach-pxa/poodle.c
-@@ -25,6 +25,7 @@
- #include <linux/gpio.h>
- #include <linux/i2c.h>
- #include <linux/i2c/pxa-i2c.h>
-+#include <linux/regulator/machine.h>
- #include <linux/spi/spi.h>
- #include <linux/spi/ads7846.h>
- #include <linux/spi/pxa2xx_spi.h>
-@@ -455,6 +456,7 @@ static void __init poodle_init(void)
- pxa_set_i2c_info(NULL);
- i2c_register_board_info(0, ARRAY_AND_SIZE(poodle_i2c_devices));
- poodle_init_spi();
-+ regulator_has_full_constraints();
- }
-
- static void __init fixup_poodle(struct tag *tags, char **cmdline)
-diff --git a/arch/arm/mach-pxa/spitz.c b/arch/arm/mach-pxa/spitz.c
-index 962a7f3..f4e2e27 100644
---- a/arch/arm/mach-pxa/spitz.c
-+++ b/arch/arm/mach-pxa/spitz.c
-@@ -979,6 +979,8 @@ static void __init spitz_init(void)
- spitz_nand_init();
- spitz_i2c_init();
- spitz_audio_init();
-+
-+ regulator_has_full_constraints();
- }
-
- static void __init spitz_fixup(struct tag *tags, char **cmdline)
-diff --git a/arch/arm/mach-sa1100/pm.c b/arch/arm/mach-sa1100/pm.c
-index 6645d1e..34853d5 100644
---- a/arch/arm/mach-sa1100/pm.c
-+++ b/arch/arm/mach-sa1100/pm.c
-@@ -81,6 +81,7 @@ static int sa11x0_pm_enter(suspend_state_t state)
- /*
- * Ensure not to come back here if it wasn't intended
- */
-+ RCSR = RCSR_SMR;
- PSPR = 0;
-
- /*
-diff --git a/arch/arm/mach-vexpress/Kconfig b/arch/arm/mach-vexpress/Kconfig
-index d6b16d9..3c2509b 100644
---- a/arch/arm/mach-vexpress/Kconfig
-+++ b/arch/arm/mach-vexpress/Kconfig
-@@ -73,6 +73,7 @@ config ARCH_VEXPRESS_TC2_PM
- depends on MCPM
- select ARM_CCI
- select ARCH_VEXPRESS_SPC
-+ select ARM_CPU_SUSPEND
- help
- Support for CPU and cluster power management on Versatile Express
- with a TC2 (A15x2 A7x3) big.LITTLE core tile.
-diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c
-index 5a1ba6e..6ae9340 100644
---- a/arch/arm64/kernel/signal32.c
-+++ b/arch/arm64/kernel/signal32.c
-@@ -154,8 +154,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
- case __SI_TIMER:
- err |= __put_user(from->si_tid, &to->si_tid);
- err |= __put_user(from->si_overrun, &to->si_overrun);
-- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr,
-- &to->si_ptr);
-+ err |= __put_user(from->si_int, &to->si_int);
- break;
- case __SI_POLL:
- err |= __put_user(from->si_band, &to->si_band);
-@@ -184,7 +183,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
- case __SI_MESGQ: /* But this is */
- err |= __put_user(from->si_pid, &to->si_pid);
- err |= __put_user(from->si_uid, &to->si_uid);
-- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr);
-+ err |= __put_user(from->si_int, &to->si_int);
- break;
- case __SI_SYS:
- err |= __put_user((compat_uptr_t)(unsigned long)
-diff --git a/arch/metag/include/asm/processor.h b/arch/metag/include/asm/processor.h
-index 881071c..13272fd 100644
---- a/arch/metag/include/asm/processor.h
-+++ b/arch/metag/include/asm/processor.h
-@@ -149,8 +149,8 @@ extern void exit_thread(void);
-
- unsigned long get_wchan(struct task_struct *p);
-
--#define KSTK_EIP(tsk) ((tsk)->thread.kernel_context->CurrPC)
--#define KSTK_ESP(tsk) ((tsk)->thread.kernel_context->AX[0].U0)
-+#define KSTK_EIP(tsk) (task_pt_regs(tsk)->ctx.CurrPC)
-+#define KSTK_ESP(tsk) (task_pt_regs(tsk)->ctx.AX[0].U0)
-
- #define user_stack_pointer(regs) ((regs)->ctx.AX[0].U0)
-
-diff --git a/arch/mips/alchemy/common/clock.c b/arch/mips/alchemy/common/clock.c
-index 48a9dfc..c4d21ce 100644
---- a/arch/mips/alchemy/common/clock.c
-+++ b/arch/mips/alchemy/common/clock.c
-@@ -127,6 +127,8 @@ static unsigned long alchemy_clk_cpu_recalc(struct clk_hw *hw,
- t = 396000000;
- else {
- t = alchemy_rdsys(AU1000_SYS_CPUPLL) & 0x7f;
-+ if (alchemy_get_cputype() < ALCHEMY_CPU_AU1300)
-+ t &= 0x3f;
- t *= parent_rate;
- }
-
-diff --git a/arch/mips/include/asm/asmmacro.h b/arch/mips/include/asm/asmmacro.h
-index 6caf876..71fef0a 100644
---- a/arch/mips/include/asm/asmmacro.h
-+++ b/arch/mips/include/asm/asmmacro.h
-@@ -304,7 +304,7 @@
- .set push
- .set noat
- SET_HARDFLOAT
-- add $1, \base, \off
-+ addu $1, \base, \off
- .word LDD_MSA_INSN | (\wd << 6)
- .set pop
- .endm
-@@ -313,7 +313,7 @@
- .set push
- .set noat
- SET_HARDFLOAT
-- add $1, \base, \off
-+ addu $1, \base, \off
- .word STD_MSA_INSN | (\wd << 6)
- .set pop
- .endm
-diff --git a/arch/mips/include/asm/cpu-info.h b/arch/mips/include/asm/cpu-info.h
-index a6c9ccb..c3f4f2d 100644
---- a/arch/mips/include/asm/cpu-info.h
-+++ b/arch/mips/include/asm/cpu-info.h
-@@ -84,6 +84,11 @@ struct cpuinfo_mips {
- * (shifted by _CACHE_SHIFT)
- */
- unsigned int writecombine;
-+ /*
-+ * Simple counter to prevent enabling HTW in nested
-+ * htw_start/htw_stop calls
-+ */
-+ unsigned int htw_seq;
- } __attribute__((aligned(SMP_CACHE_BYTES)));
-
- extern struct cpuinfo_mips cpu_data[];
-diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h
-index 2f82568..bc01579 100644
---- a/arch/mips/include/asm/mmu_context.h
-+++ b/arch/mips/include/asm/mmu_context.h
-@@ -25,7 +25,6 @@ do { \
- if (cpu_has_htw) { \
- write_c0_pwbase(pgd); \
- back_to_back_c0_hazard(); \
-- htw_reset(); \
- } \
- } while (0)
-
-@@ -142,6 +141,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- unsigned long flags;
- local_irq_save(flags);
-
-+ htw_stop();
- /* Check if our ASID is of an older version and thus invalid */
- if ((cpu_context(cpu, next) ^ asid_cache(cpu)) & ASID_VERSION_MASK)
- get_new_mmu_context(next, cpu);
-@@ -154,6 +154,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
- */
- cpumask_clear_cpu(cpu, mm_cpumask(prev));
- cpumask_set_cpu(cpu, mm_cpumask(next));
-+ htw_start();
-
- local_irq_restore(flags);
- }
-@@ -180,6 +181,7 @@ activate_mm(struct mm_struct *prev, struct mm_struct *next)
-
- local_irq_save(flags);
-
-+ htw_stop();
- /* Unconditionally get a new ASID. */
- get_new_mmu_context(next, cpu);
-
-@@ -189,6 +191,7 @@ activate_mm(struct mm_struct *prev, struct mm_struct *next)
- /* mark mmu ownership change */
- cpumask_clear_cpu(cpu, mm_cpumask(prev));
- cpumask_set_cpu(cpu, mm_cpumask(next));
-+ htw_start();
-
- local_irq_restore(flags);
- }
-@@ -203,6 +206,7 @@ drop_mmu_context(struct mm_struct *mm, unsigned cpu)
- unsigned long flags;
-
- local_irq_save(flags);
-+ htw_stop();
-
- if (cpumask_test_cpu(cpu, mm_cpumask(mm))) {
- get_new_mmu_context(mm, cpu);
-@@ -211,6 +215,7 @@ drop_mmu_context(struct mm_struct *mm, unsigned cpu)
- /* will get a new context next time */
- cpu_context(cpu, mm) = 0;
- }
-+ htw_start();
- local_irq_restore(flags);
- }
-
-diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h
-index 62a6ba3..845016d 100644
---- a/arch/mips/include/asm/pgtable.h
-+++ b/arch/mips/include/asm/pgtable.h
-@@ -99,29 +99,35 @@ extern void paging_init(void);
-
- #define htw_stop() \
- do { \
-- if (cpu_has_htw) \
-- write_c0_pwctl(read_c0_pwctl() & \
-- ~(1 << MIPS_PWCTL_PWEN_SHIFT)); \
-+ unsigned long flags; \
-+ \
-+ if (cpu_has_htw) { \
-+ local_irq_save(flags); \
-+ if(!raw_current_cpu_data.htw_seq++) { \
-+ write_c0_pwctl(read_c0_pwctl() & \
-+ ~(1 << MIPS_PWCTL_PWEN_SHIFT)); \
-+ back_to_back_c0_hazard(); \
-+ } \
-+ local_irq_restore(flags); \
-+ } \
- } while(0)
-
- #define htw_start() \
- do { \
-- if (cpu_has_htw) \
-- write_c0_pwctl(read_c0_pwctl() | \
-- (1 << MIPS_PWCTL_PWEN_SHIFT)); \
--} while(0)
--
--
--#define htw_reset() \
--do { \
-+ unsigned long flags; \
-+ \
- if (cpu_has_htw) { \
-- htw_stop(); \
-- back_to_back_c0_hazard(); \
-- htw_start(); \
-- back_to_back_c0_hazard(); \
-+ local_irq_save(flags); \
-+ if (!--raw_current_cpu_data.htw_seq) { \
-+ write_c0_pwctl(read_c0_pwctl() | \
-+ (1 << MIPS_PWCTL_PWEN_SHIFT)); \
-+ back_to_back_c0_hazard(); \
-+ } \
-+ local_irq_restore(flags); \
- } \
- } while(0)
-
-+
- extern void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep,
- pte_t pteval);
-
-@@ -153,12 +159,13 @@ static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *pt
- {
- pte_t null = __pte(0);
-
-+ htw_stop();
- /* Preserve global status for the pair */
- if (ptep_buddy(ptep)->pte_low & _PAGE_GLOBAL)
- null.pte_low = null.pte_high = _PAGE_GLOBAL;
-
- set_pte_at(mm, addr, ptep, null);
-- htw_reset();
-+ htw_start();
- }
- #else
-
-@@ -188,6 +195,7 @@ static inline void set_pte(pte_t *ptep, pte_t pteval)
-
- static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
- {
-+ htw_stop();
- #if !defined(CONFIG_CPU_R3000) && !defined(CONFIG_CPU_TX39XX)
- /* Preserve global status for the pair */
- if (pte_val(*ptep_buddy(ptep)) & _PAGE_GLOBAL)
-@@ -195,7 +203,7 @@ static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *pt
- else
- #endif
- set_pte_at(mm, addr, ptep, __pte(0));
-- htw_reset();
-+ htw_start();
- }
- #endif
-
-diff --git a/arch/mips/kernel/cps-vec.S b/arch/mips/kernel/cps-vec.S
-index 0384b05..55b759a 100644
---- a/arch/mips/kernel/cps-vec.S
-+++ b/arch/mips/kernel/cps-vec.S
-@@ -99,11 +99,11 @@ not_nmi:
- xori t2, t1, 0x7
- beqz t2, 1f
- li t3, 32
-- addi t1, t1, 1
-+ addiu t1, t1, 1
- sllv t1, t3, t1
- 1: /* At this point t1 == I-cache sets per way */
- _EXT t2, v0, MIPS_CONF1_IA_SHF, MIPS_CONF1_IA_SZ
-- addi t2, t2, 1
-+ addiu t2, t2, 1
- mul t1, t1, t0
- mul t1, t1, t2
-
-@@ -126,11 +126,11 @@ icache_done:
- xori t2, t1, 0x7
- beqz t2, 1f
- li t3, 32
-- addi t1, t1, 1
-+ addiu t1, t1, 1
- sllv t1, t3, t1
- 1: /* At this point t1 == D-cache sets per way */
- _EXT t2, v0, MIPS_CONF1_DA_SHF, MIPS_CONF1_DA_SZ
-- addi t2, t2, 1
-+ addiu t2, t2, 1
- mul t1, t1, t0
- mul t1, t1, t2
-
-@@ -250,7 +250,7 @@ LEAF(mips_cps_core_init)
- mfc0 t0, CP0_MVPCONF0
- srl t0, t0, MVPCONF0_PVPE_SHIFT
- andi t0, t0, (MVPCONF0_PVPE >> MVPCONF0_PVPE_SHIFT)
-- addi t7, t0, 1
-+ addiu t7, t0, 1
-
- /* If there's only 1, we're done */
- beqz t0, 2f
-@@ -280,7 +280,7 @@ LEAF(mips_cps_core_init)
- mttc0 t0, CP0_TCHALT
-
- /* Next VPE */
-- addi t5, t5, 1
-+ addiu t5, t5, 1
- slt t0, t5, t7
- bnez t0, 1b
- nop
-@@ -317,7 +317,7 @@ LEAF(mips_cps_boot_vpes)
- mfc0 t1, CP0_MVPCONF0
- srl t1, t1, MVPCONF0_PVPE_SHIFT
- andi t1, t1, MVPCONF0_PVPE >> MVPCONF0_PVPE_SHIFT
-- addi t1, t1, 1
-+ addiu t1, t1, 1
-
- /* Calculate a mask for the VPE ID from EBase.CPUNum */
- clz t1, t1
-@@ -424,7 +424,7 @@ LEAF(mips_cps_boot_vpes)
-
- /* Next VPE */
- 2: srl t6, t6, 1
-- addi t5, t5, 1
-+ addiu t5, t5, 1
- bnez t6, 1b
- nop
-
-diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
-index 5342674..228ae86 100644
---- a/arch/mips/kernel/cpu-probe.c
-+++ b/arch/mips/kernel/cpu-probe.c
-@@ -424,8 +424,10 @@ static inline unsigned int decode_config3(struct cpuinfo_mips *c)
- if (config3 & MIPS_CONF3_MSA)
- c->ases |= MIPS_ASE_MSA;
- /* Only tested on 32-bit cores */
-- if ((config3 & MIPS_CONF3_PW) && config_enabled(CONFIG_32BIT))
-+ if ((config3 & MIPS_CONF3_PW) && config_enabled(CONFIG_32BIT)) {
-+ c->htw_seq = 0;
- c->options |= MIPS_CPU_HTW;
-+ }
-
- return config3 & MIPS_CONF_M;
- }
-diff --git a/arch/mips/kernel/mips_ksyms.c b/arch/mips/kernel/mips_ksyms.c
-index 17eaf0c..1a73c6c 100644
---- a/arch/mips/kernel/mips_ksyms.c
-+++ b/arch/mips/kernel/mips_ksyms.c
-@@ -14,6 +14,8 @@
- #include <linux/mm.h>
- #include <asm/uaccess.h>
- #include <asm/ftrace.h>
-+#include <asm/fpu.h>
-+#include <asm/msa.h>
-
- extern void *__bzero(void *__s, size_t __count);
- extern long __strncpy_from_kernel_nocheck_asm(char *__to,
-@@ -32,6 +34,14 @@ extern long __strnlen_user_nocheck_asm(const char *s);
- extern long __strnlen_user_asm(const char *s);
-
- /*
-+ * Core architecture code
-+ */
-+EXPORT_SYMBOL_GPL(_save_fp);
-+#ifdef CONFIG_CPU_HAS_MSA
-+EXPORT_SYMBOL_GPL(_save_msa);
-+#endif
-+
-+/*
- * String functions
- */
- EXPORT_SYMBOL(memset);
-diff --git a/arch/mips/kvm/locore.S b/arch/mips/kvm/locore.S
-index d7279c0..4a68b17 100644
---- a/arch/mips/kvm/locore.S
-+++ b/arch/mips/kvm/locore.S
-@@ -434,7 +434,7 @@ __kvm_mips_return_to_guest:
- /* Setup status register for running guest in UM */
- .set at
- or v1, v1, (ST0_EXL | KSU_USER | ST0_IE)
-- and v1, v1, ~ST0_CU0
-+ and v1, v1, ~(ST0_CU0 | ST0_MX)
- .set noat
- mtc0 v1, CP0_STATUS
- ehb
-diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
-index e3b21e5..270bbd4 100644
---- a/arch/mips/kvm/mips.c
-+++ b/arch/mips/kvm/mips.c
-@@ -15,9 +15,11 @@
- #include <linux/vmalloc.h>
- #include <linux/fs.h>
- #include <linux/bootmem.h>
-+#include <asm/fpu.h>
- #include <asm/page.h>
- #include <asm/cacheflush.h>
- #include <asm/mmu_context.h>
-+#include <asm/pgtable.h>
-
- #include <linux/kvm_host.h>
-
-@@ -378,6 +380,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
- vcpu->mmio_needed = 0;
- }
-
-+ lose_fpu(1);
-+
- local_irq_disable();
- /* Check if we have any exceptions/interrupts pending */
- kvm_mips_deliver_interrupts(vcpu,
-@@ -385,8 +389,14 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
-
- kvm_guest_enter();
-
-+ /* Disable hardware page table walking while in guest */
-+ htw_stop();
-+
- r = __kvm_mips_vcpu_run(run, vcpu);
-
-+ /* Re-enable HTW before enabling interrupts */
-+ htw_start();
-+
- kvm_guest_exit();
- local_irq_enable();
-
-@@ -980,9 +990,6 @@ static void kvm_mips_set_c0_status(void)
- {
- uint32_t status = read_c0_status();
-
-- if (cpu_has_fpu)
-- status |= (ST0_CU1);
--
- if (cpu_has_dsp)
- status |= (ST0_MX);
-
-@@ -1002,6 +1009,9 @@ int kvm_mips_handle_exit(struct kvm_run *run, struct kvm_vcpu *vcpu)
- enum emulation_result er = EMULATE_DONE;
- int ret = RESUME_GUEST;
-
-+ /* re-enable HTW before enabling interrupts */
-+ htw_start();
-+
- /* Set a default exit reason */
- run->exit_reason = KVM_EXIT_UNKNOWN;
- run->ready_for_interrupt_injection = 1;
-@@ -1136,6 +1146,9 @@ skip_emul:
- }
- }
-
-+ /* Disable HTW before returning to guest or host */
-+ htw_stop();
-+
- return ret;
- }
-
-diff --git a/arch/powerpc/kvm/book3s_hv_rm_xics.c b/arch/powerpc/kvm/book3s_hv_rm_xics.c
-index 7b066f6..7c22997 100644
---- a/arch/powerpc/kvm/book3s_hv_rm_xics.c
-+++ b/arch/powerpc/kvm/book3s_hv_rm_xics.c
-@@ -152,7 +152,7 @@ static void icp_rm_down_cppr(struct kvmppc_xics *xics, struct kvmppc_icp *icp,
- * in virtual mode.
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- /* Down_CPPR */
- new_state.cppr = new_cppr;
-@@ -211,7 +211,7 @@ unsigned long kvmppc_rm_h_xirr(struct kvm_vcpu *vcpu)
- * pending priority
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- xirr = old_state.xisr | (((u32)old_state.cppr) << 24);
- if (!old_state.xisr)
-@@ -277,7 +277,7 @@ int kvmppc_rm_h_ipi(struct kvm_vcpu *vcpu, unsigned long server,
- * whenever the MFRR is made less favored.
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- /* Set_MFRR */
- new_state.mfrr = mfrr;
-@@ -352,7 +352,7 @@ int kvmppc_rm_h_cppr(struct kvm_vcpu *vcpu, unsigned long cppr)
- icp_rm_clr_vcpu_irq(icp->vcpu);
-
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- reject = 0;
- new_state.cppr = cppr;
-diff --git a/arch/powerpc/kvm/book3s_xics.c b/arch/powerpc/kvm/book3s_xics.c
-index 807351f..a4a8d9f 100644
---- a/arch/powerpc/kvm/book3s_xics.c
-+++ b/arch/powerpc/kvm/book3s_xics.c
-@@ -327,7 +327,7 @@ static bool icp_try_to_deliver(struct kvmppc_icp *icp, u32 irq, u8 priority,
- icp->server_num);
-
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- *reject = 0;
-
-@@ -512,7 +512,7 @@ static void icp_down_cppr(struct kvmppc_xics *xics, struct kvmppc_icp *icp,
- * in virtual mode.
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- /* Down_CPPR */
- new_state.cppr = new_cppr;
-@@ -567,7 +567,7 @@ static noinline unsigned long kvmppc_h_xirr(struct kvm_vcpu *vcpu)
- * pending priority
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- xirr = old_state.xisr | (((u32)old_state.cppr) << 24);
- if (!old_state.xisr)
-@@ -634,7 +634,7 @@ static noinline int kvmppc_h_ipi(struct kvm_vcpu *vcpu, unsigned long server,
- * whenever the MFRR is made less favored.
- */
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- /* Set_MFRR */
- new_state.mfrr = mfrr;
-@@ -679,7 +679,7 @@ static int kvmppc_h_ipoll(struct kvm_vcpu *vcpu, unsigned long server)
- if (!icp)
- return H_PARAMETER;
- }
-- state = ACCESS_ONCE(icp->state);
-+ state = READ_ONCE(icp->state);
- kvmppc_set_gpr(vcpu, 4, ((u32)state.cppr << 24) | state.xisr);
- kvmppc_set_gpr(vcpu, 5, state.mfrr);
- return H_SUCCESS;
-@@ -721,7 +721,7 @@ static noinline void kvmppc_h_cppr(struct kvm_vcpu *vcpu, unsigned long cppr)
- BOOK3S_INTERRUPT_EXTERNAL_LEVEL);
-
- do {
-- old_state = new_state = ACCESS_ONCE(icp->state);
-+ old_state = new_state = READ_ONCE(icp->state);
-
- reject = 0;
- new_state.cppr = cppr;
-@@ -885,7 +885,7 @@ static int xics_debug_show(struct seq_file *m, void *private)
- if (!icp)
- continue;
-
-- state.raw = ACCESS_ONCE(icp->state.raw);
-+ state.raw = READ_ONCE(icp->state.raw);
- seq_printf(m, "cpu server %#lx XIRR:%#x PPRI:%#x CPPR:%#x MFRR:%#x OUT:%d NR:%d\n",
- icp->server_num, state.xisr,
- state.pending_pri, state.cppr, state.mfrr,
-@@ -1082,7 +1082,7 @@ int kvmppc_xics_set_icp(struct kvm_vcpu *vcpu, u64 icpval)
- * the ICS states before the ICP states.
- */
- do {
-- old_state = ACCESS_ONCE(icp->state);
-+ old_state = READ_ONCE(icp->state);
-
- if (new_state.mfrr <= old_state.mfrr) {
- resend = false;
-diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c
-index 5ff4e07..620d0ec 100644
---- a/arch/powerpc/mm/hugetlbpage.c
-+++ b/arch/powerpc/mm/hugetlbpage.c
-@@ -978,7 +978,7 @@ pte_t *find_linux_pte_or_hugepte(pgd_t *pgdir, unsigned long ea, unsigned *shift
- */
- pdshift = PUD_SHIFT;
- pudp = pud_offset(&pgd, ea);
-- pud = ACCESS_ONCE(*pudp);
-+ pud = READ_ONCE(*pudp);
-
- if (pud_none(pud))
- return NULL;
-@@ -990,7 +990,7 @@ pte_t *find_linux_pte_or_hugepte(pgd_t *pgdir, unsigned long ea, unsigned *shift
- else {
- pdshift = PMD_SHIFT;
- pmdp = pmd_offset(&pud, ea);
-- pmd = ACCESS_ONCE(*pmdp);
-+ pmd = READ_ONCE(*pmdp);
- /*
- * A hugepage collapse is captured by pmd_none, because
- * it mark the pmd none and do a hpte invalidate.
-diff --git a/arch/powerpc/sysdev/axonram.c b/arch/powerpc/sysdev/axonram.c
-index f532c92..367533b 100644
---- a/arch/powerpc/sysdev/axonram.c
-+++ b/arch/powerpc/sysdev/axonram.c
-@@ -156,7 +156,7 @@ axon_ram_direct_access(struct block_device *device, sector_t sector,
- }
-
- *kaddr = (void *)(bank->ph_addr + offset);
-- *pfn = virt_to_phys(kaddr) >> PAGE_SHIFT;
-+ *pfn = virt_to_phys(*kaddr) >> PAGE_SHIFT;
-
- return 0;
- }
-diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
-index f00f31e..f512cff 100644
---- a/arch/s390/kvm/interrupt.c
-+++ b/arch/s390/kvm/interrupt.c
-@@ -820,7 +820,7 @@ no_timer:
- __unset_cpu_idle(vcpu);
- vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
-
-- hrtimer_try_to_cancel(&vcpu->arch.ckc_timer);
-+ hrtimer_cancel(&vcpu->arch.ckc_timer);
- return 0;
- }
-
-@@ -840,10 +840,20 @@ void kvm_s390_vcpu_wakeup(struct kvm_vcpu *vcpu)
- enum hrtimer_restart kvm_s390_idle_wakeup(struct hrtimer *timer)
- {
- struct kvm_vcpu *vcpu;
-+ u64 now, sltime;
-
- vcpu = container_of(timer, struct kvm_vcpu, arch.ckc_timer);
-- kvm_s390_vcpu_wakeup(vcpu);
-+ now = get_tod_clock_fast() + vcpu->arch.sie_block->epoch;
-+ sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now);
-
-+ /*
-+ * If the monotonic clock runs faster than the tod clock we might be
-+ * woken up too early and have to go back to sleep to avoid deadlocks.
-+ */
-+ if (vcpu->arch.sie_block->ckc > now &&
-+ hrtimer_forward_now(timer, ns_to_ktime(sltime)))
-+ return HRTIMER_RESTART;
-+ kvm_s390_vcpu_wakeup(vcpu);
- return HRTIMER_NORESTART;
- }
-
-@@ -1187,6 +1197,8 @@ static int __inject_vm(struct kvm *kvm, struct kvm_s390_interrupt_info *inti)
- list_add_tail(&inti->list, &iter->list);
- }
- atomic_set(&fi->active, 1);
-+ if (atomic_read(&kvm->online_vcpus) == 0)
-+ goto unlock_fi;
- sigcpu = find_first_bit(fi->idle_mask, KVM_MAX_VCPUS);
- if (sigcpu == KVM_MAX_VCPUS) {
- do {
-@@ -1221,6 +1233,7 @@ int kvm_s390_inject_vm(struct kvm *kvm,
- struct kvm_s390_interrupt *s390int)
- {
- struct kvm_s390_interrupt_info *inti;
-+ int rc;
-
- inti = kzalloc(sizeof(*inti), GFP_KERNEL);
- if (!inti)
-@@ -1268,7 +1281,10 @@ int kvm_s390_inject_vm(struct kvm *kvm,
- trace_kvm_s390_inject_vm(s390int->type, s390int->parm, s390int->parm64,
- 2);
-
-- return __inject_vm(kvm, inti);
-+ rc = __inject_vm(kvm, inti);
-+ if (rc)
-+ kfree(inti);
-+ return rc;
- }
-
- void kvm_s390_reinject_io_int(struct kvm *kvm,
-diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
-index 3e09801..9af01dc 100644
---- a/arch/s390/kvm/kvm-s390.c
-+++ b/arch/s390/kvm/kvm-s390.c
-@@ -670,7 +670,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
- if (rc)
- return rc;
- }
-- hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_REALTIME, HRTIMER_MODE_ABS);
-+ hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
- vcpu->arch.ckc_timer.function = kvm_s390_idle_wakeup;
- get_cpu_id(&vcpu->arch.cpu_id);
- vcpu->arch.cpu_id.version = 0xff;
-diff --git a/arch/sh/mm/gup.c b/arch/sh/mm/gup.c
-index 37458f3..e113bb4 100644
---- a/arch/sh/mm/gup.c
-+++ b/arch/sh/mm/gup.c
-@@ -17,7 +17,7 @@
- static inline pte_t gup_get_pte(pte_t *ptep)
- {
- #ifndef CONFIG_X2TLB
-- return ACCESS_ONCE(*ptep);
-+ return READ_ONCE(*ptep);
- #else
- /*
- * With get_user_pages_fast, we walk down the pagetables without
-diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index ad754b4..8bd44e8 100644
---- a/arch/x86/boot/compressed/Makefile
-+++ b/arch/x86/boot/compressed/Makefile
-@@ -49,6 +49,7 @@ $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone
-
- vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \
- $(objtree)/drivers/firmware/efi/libstub/lib.a
-+vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
-
- $(obj)/vmlinux: $(vmlinux-objs-y) FORCE
- $(call if_changed,ld)
-diff --git a/arch/x86/boot/compressed/efi_stub_64.S b/arch/x86/boot/compressed/efi_stub_64.S
-index 7ff3632..99494df 100644
---- a/arch/x86/boot/compressed/efi_stub_64.S
-+++ b/arch/x86/boot/compressed/efi_stub_64.S
-@@ -3,28 +3,3 @@
- #include <asm/processor-flags.h>
-
- #include "../../platform/efi/efi_stub_64.S"
--
--#ifdef CONFIG_EFI_MIXED
-- .code64
-- .text
--ENTRY(efi64_thunk)
-- push %rbp
-- push %rbx
--
-- subq $16, %rsp
-- leaq efi_exit32(%rip), %rax
-- movl %eax, 8(%rsp)
-- leaq efi_gdt64(%rip), %rax
-- movl %eax, 4(%rsp)
-- movl %eax, 2(%rax) /* Fixup the gdt base address */
-- leaq efi32_boot_gdt(%rip), %rax
-- movl %eax, (%rsp)
--
-- call __efi64_thunk
--
-- addq $16, %rsp
-- pop %rbx
-- pop %rbp
-- ret
--ENDPROC(efi64_thunk)
--#endif /* CONFIG_EFI_MIXED */
-diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S
-new file mode 100644
-index 0000000..630384a
---- /dev/null
-+++ b/arch/x86/boot/compressed/efi_thunk_64.S
-@@ -0,0 +1,196 @@
-+/*
-+ * Copyright (C) 2014, 2015 Intel Corporation; author Matt Fleming
-+ *
-+ * Early support for invoking 32-bit EFI services from a 64-bit kernel.
-+ *
-+ * Because this thunking occurs before ExitBootServices() we have to
-+ * restore the firmware's 32-bit GDT before we make EFI serivce calls,
-+ * since the firmware's 32-bit IDT is still currently installed and it
-+ * needs to be able to service interrupts.
-+ *
-+ * On the plus side, we don't have to worry about mangling 64-bit
-+ * addresses into 32-bits because we're executing with an identify
-+ * mapped pagetable and haven't transitioned to 64-bit virtual addresses
-+ * yet.
-+ */
-+
-+#include <linux/linkage.h>
-+#include <asm/msr.h>
-+#include <asm/page_types.h>
-+#include <asm/processor-flags.h>
-+#include <asm/segment.h>
-+
-+ .code64
-+ .text
-+ENTRY(efi64_thunk)
-+ push %rbp
-+ push %rbx
-+
-+ subq $8, %rsp
-+ leaq efi_exit32(%rip), %rax
-+ movl %eax, 4(%rsp)
-+ leaq efi_gdt64(%rip), %rax
-+ movl %eax, (%rsp)
-+ movl %eax, 2(%rax) /* Fixup the gdt base address */
-+
-+ movl %ds, %eax
-+ push %rax
-+ movl %es, %eax
-+ push %rax
-+ movl %ss, %eax
-+ push %rax
-+
-+ /*
-+ * Convert x86-64 ABI params to i386 ABI
-+ */
-+ subq $32, %rsp
-+ movl %esi, 0x0(%rsp)
-+ movl %edx, 0x4(%rsp)
-+ movl %ecx, 0x8(%rsp)
-+ movq %r8, %rsi
-+ movl %esi, 0xc(%rsp)
-+ movq %r9, %rsi
-+ movl %esi, 0x10(%rsp)
-+
-+ sgdt save_gdt(%rip)
-+
-+ leaq 1f(%rip), %rbx
-+ movq %rbx, func_rt_ptr(%rip)
-+
-+ /*
-+ * Switch to gdt with 32-bit segments. This is the firmware GDT
-+ * that was installed when the kernel started executing. This
-+ * pointer was saved at the EFI stub entry point in head_64.S.
-+ */
-+ leaq efi32_boot_gdt(%rip), %rax
-+ lgdt (%rax)
-+
-+ pushq $__KERNEL_CS
-+ leaq efi_enter32(%rip), %rax
-+ pushq %rax
-+ lretq
-+
-+1: addq $32, %rsp
-+
-+ lgdt save_gdt(%rip)
-+
-+ pop %rbx
-+ movl %ebx, %ss
-+ pop %rbx
-+ movl %ebx, %es
-+ pop %rbx
-+ movl %ebx, %ds
-+
-+ /*
-+ * Convert 32-bit status code into 64-bit.
-+ */
-+ test %rax, %rax
-+ jz 1f
-+ movl %eax, %ecx
-+ andl $0x0fffffff, %ecx
-+ andl $0xf0000000, %eax
-+ shl $32, %rax
-+ or %rcx, %rax
-+1:
-+ addq $8, %rsp
-+ pop %rbx
-+ pop %rbp
-+ ret
-+ENDPROC(efi64_thunk)
-+
-+ENTRY(efi_exit32)
-+ movq func_rt_ptr(%rip), %rax
-+ push %rax
-+ mov %rdi, %rax
-+ ret
-+ENDPROC(efi_exit32)
-+
-+ .code32
-+/*
-+ * EFI service pointer must be in %edi.
-+ *
-+ * The stack should represent the 32-bit calling convention.
-+ */
-+ENTRY(efi_enter32)
-+ movl $__KERNEL_DS, %eax
-+ movl %eax, %ds
-+ movl %eax, %es
-+ movl %eax, %ss
-+
-+ /* Reload pgtables */
-+ movl %cr3, %eax
-+ movl %eax, %cr3
-+
-+ /* Disable paging */
-+ movl %cr0, %eax
-+ btrl $X86_CR0_PG_BIT, %eax
-+ movl %eax, %cr0
-+
-+ /* Disable long mode via EFER */
-+ movl $MSR_EFER, %ecx
-+ rdmsr
-+ btrl $_EFER_LME, %eax
-+ wrmsr
-+
-+ call *%edi
-+
-+ /* We must preserve return value */
-+ movl %eax, %edi
-+
-+ /*
-+ * Some firmware will return with interrupts enabled. Be sure to
-+ * disable them before we switch GDTs.
-+ */
-+ cli
-+
-+ movl 56(%esp), %eax
-+ movl %eax, 2(%eax)
-+ lgdtl (%eax)
-+
-+ movl %cr4, %eax
-+ btsl $(X86_CR4_PAE_BIT), %eax
-+ movl %eax, %cr4
-+
-+ movl %cr3, %eax
-+ movl %eax, %cr3
-+
-+ movl $MSR_EFER, %ecx
-+ rdmsr
-+ btsl $_EFER_LME, %eax
-+ wrmsr
-+
-+ xorl %eax, %eax
-+ lldt %ax
-+
-+ movl 60(%esp), %eax
-+ pushl $__KERNEL_CS
-+ pushl %eax
-+
-+ /* Enable paging */
-+ movl %cr0, %eax
-+ btsl $X86_CR0_PG_BIT, %eax
-+ movl %eax, %cr0
-+ lret
-+ENDPROC(efi_enter32)
-+
-+ .data
-+ .balign 8
-+ .global efi32_boot_gdt
-+efi32_boot_gdt: .word 0
-+ .quad 0
-+
-+save_gdt: .word 0
-+ .quad 0
-+func_rt_ptr: .quad 0
-+
-+ .global efi_gdt64
-+efi_gdt64:
-+ .word efi_gdt64_end - efi_gdt64
-+ .long 0 /* Filled out by user */
-+ .word 0
-+ .quad 0x0000000000000000 /* NULL descriptor */
-+ .quad 0x00af9a000000ffff /* __KERNEL_CS */
-+ .quad 0x00cf92000000ffff /* __KERNEL_DS */
-+ .quad 0x0080890000000000 /* TS descriptor */
-+ .quad 0x0000000000000000 /* TS continued */
-+efi_gdt64_end:
-diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h
-index 625660f..cf87de3 100644
---- a/arch/x86/include/asm/spinlock.h
-+++ b/arch/x86/include/asm/spinlock.h
-@@ -46,7 +46,7 @@ static __always_inline bool static_key_false(struct static_key *key);
-
- static inline void __ticket_enter_slowpath(arch_spinlock_t *lock)
- {
-- set_bit(0, (volatile unsigned long *)&lock->tickets.tail);
-+ set_bit(0, (volatile unsigned long *)&lock->tickets.head);
- }
-
- #else /* !CONFIG_PARAVIRT_SPINLOCKS */
-@@ -60,10 +60,30 @@ static inline void __ticket_unlock_kick(arch_spinlock_t *lock,
- }
-
- #endif /* CONFIG_PARAVIRT_SPINLOCKS */
-+static inline int __tickets_equal(__ticket_t one, __ticket_t two)
-+{
-+ return !((one ^ two) & ~TICKET_SLOWPATH_FLAG);
-+}
-+
-+static inline void __ticket_check_and_clear_slowpath(arch_spinlock_t *lock,
-+ __ticket_t head)
-+{
-+ if (head & TICKET_SLOWPATH_FLAG) {
-+ arch_spinlock_t old, new;
-+
-+ old.tickets.head = head;
-+ new.tickets.head = head & ~TICKET_SLOWPATH_FLAG;
-+ old.tickets.tail = new.tickets.head + TICKET_LOCK_INC;
-+ new.tickets.tail = old.tickets.tail;
-+
-+ /* try to clear slowpath flag when there are no contenders */
-+ cmpxchg(&lock->head_tail, old.head_tail, new.head_tail);
-+ }
-+}
-
- static __always_inline int arch_spin_value_unlocked(arch_spinlock_t lock)
- {
-- return lock.tickets.head == lock.tickets.tail;
-+ return __tickets_equal(lock.tickets.head, lock.tickets.tail);
- }
-
- /*
-@@ -87,18 +107,21 @@ static __always_inline void arch_spin_lock(arch_spinlock_t *lock)
- if (likely(inc.head == inc.tail))
- goto out;
-
-- inc.tail &= ~TICKET_SLOWPATH_FLAG;
- for (;;) {
- unsigned count = SPIN_THRESHOLD;
-
- do {
-- if (READ_ONCE(lock->tickets.head) == inc.tail)
-- goto out;
-+ inc.head = READ_ONCE(lock->tickets.head);
-+ if (__tickets_equal(inc.head, inc.tail))
-+ goto clear_slowpath;
- cpu_relax();
- } while (--count);
- __ticket_lock_spinning(lock, inc.tail);
- }
--out: barrier(); /* make sure nothing creeps before the lock is taken */
-+clear_slowpath:
-+ __ticket_check_and_clear_slowpath(lock, inc.head);
-+out:
-+ barrier(); /* make sure nothing creeps before the lock is taken */
- }
-
- static __always_inline int arch_spin_trylock(arch_spinlock_t *lock)
-@@ -106,56 +129,30 @@ static __always_inline int arch_spin_trylock(arch_spinlock_t *lock)
- arch_spinlock_t old, new;
-
- old.tickets = READ_ONCE(lock->tickets);
-- if (old.tickets.head != (old.tickets.tail & ~TICKET_SLOWPATH_FLAG))
-+ if (!__tickets_equal(old.tickets.head, old.tickets.tail))
- return 0;
-
- new.head_tail = old.head_tail + (TICKET_LOCK_INC << TICKET_SHIFT);
-+ new.head_tail &= ~TICKET_SLOWPATH_FLAG;
-
- /* cmpxchg is a full barrier, so nothing can move before it */
- return cmpxchg(&lock->head_tail, old.head_tail, new.head_tail) == old.head_tail;
- }
-
--static inline void __ticket_unlock_slowpath(arch_spinlock_t *lock,
-- arch_spinlock_t old)
--{
-- arch_spinlock_t new;
--
-- BUILD_BUG_ON(((__ticket_t)NR_CPUS) != NR_CPUS);
--
-- /* Perform the unlock on the "before" copy */
-- old.tickets.head += TICKET_LOCK_INC;
--
-- /* Clear the slowpath flag */
-- new.head_tail = old.head_tail & ~(TICKET_SLOWPATH_FLAG << TICKET_SHIFT);
--
-- /*
-- * If the lock is uncontended, clear the flag - use cmpxchg in
-- * case it changes behind our back though.
-- */
-- if (new.tickets.head != new.tickets.tail ||
-- cmpxchg(&lock->head_tail, old.head_tail,
-- new.head_tail) != old.head_tail) {
-- /*
-- * Lock still has someone queued for it, so wake up an
-- * appropriate waiter.
-- */
-- __ticket_unlock_kick(lock, old.tickets.head);
-- }
--}
--
- static __always_inline void arch_spin_unlock(arch_spinlock_t *lock)
- {
- if (TICKET_SLOWPATH_FLAG &&
-- static_key_false(&paravirt_ticketlocks_enabled)) {
-- arch_spinlock_t prev;
-+ static_key_false(&paravirt_ticketlocks_enabled)) {
-+ __ticket_t head;
-
-- prev = *lock;
-- add_smp(&lock->tickets.head, TICKET_LOCK_INC);
-+ BUILD_BUG_ON(((__ticket_t)NR_CPUS) != NR_CPUS);
-
-- /* add_smp() is a full mb() */
-+ head = xadd(&lock->tickets.head, TICKET_LOCK_INC);
-
-- if (unlikely(lock->tickets.tail & TICKET_SLOWPATH_FLAG))
-- __ticket_unlock_slowpath(lock, prev);
-+ if (unlikely(head & TICKET_SLOWPATH_FLAG)) {
-+ head &= ~TICKET_SLOWPATH_FLAG;
-+ __ticket_unlock_kick(lock, (head + TICKET_LOCK_INC));
-+ }
- } else
- __add(&lock->tickets.head, TICKET_LOCK_INC, UNLOCK_LOCK_PREFIX);
- }
-@@ -164,14 +161,15 @@ static inline int arch_spin_is_locked(arch_spinlock_t *lock)
- {
- struct __raw_tickets tmp = READ_ONCE(lock->tickets);
-
-- return tmp.tail != tmp.head;
-+ return !__tickets_equal(tmp.tail, tmp.head);
- }
-
- static inline int arch_spin_is_contended(arch_spinlock_t *lock)
- {
- struct __raw_tickets tmp = READ_ONCE(lock->tickets);
-
-- return (__ticket_t)(tmp.tail - tmp.head) > TICKET_LOCK_INC;
-+ tmp.head &= ~TICKET_SLOWPATH_FLAG;
-+ return (tmp.tail - tmp.head) > TICKET_LOCK_INC;
- }
- #define arch_spin_is_contended arch_spin_is_contended
-
-@@ -183,16 +181,16 @@ static __always_inline void arch_spin_lock_flags(arch_spinlock_t *lock,
-
- static inline void arch_spin_unlock_wait(arch_spinlock_t *lock)
- {
-- __ticket_t head = ACCESS_ONCE(lock->tickets.head);
-+ __ticket_t head = READ_ONCE(lock->tickets.head);
-
- for (;;) {
-- struct __raw_tickets tmp = ACCESS_ONCE(lock->tickets);
-+ struct __raw_tickets tmp = READ_ONCE(lock->tickets);
- /*
- * We need to check "unlocked" in a loop, tmp.head == head
- * can be false positive because of overflow.
- */
-- if (tmp.head == (tmp.tail & ~TICKET_SLOWPATH_FLAG) ||
-- tmp.head != head)
-+ if (__tickets_equal(tmp.head, tmp.tail) ||
-+ !__tickets_equal(tmp.head, head))
- break;
-
- cpu_relax();
-diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index b9e30da..b5ddc96 100644
---- a/arch/x86/kernel/acpi/boot.c
-+++ b/arch/x86/kernel/acpi/boot.c
-@@ -613,6 +613,11 @@ int acpi_gsi_to_irq(u32 gsi, unsigned int *irqp)
- {
- int rc, irq, trigger, polarity;
-
-+ if (acpi_irq_model == ACPI_IRQ_MODEL_PIC) {
-+ *irqp = gsi;
-+ return 0;
-+ }
-+
- rc = acpi_get_override_irq(gsi, &trigger, &polarity);
- if (rc == 0) {
- trigger = trigger ? ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE;
-diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index 94f6434..e354cc6 100644
---- a/arch/x86/kernel/kvm.c
-+++ b/arch/x86/kernel/kvm.c
-@@ -609,7 +609,7 @@ static inline void check_zero(void)
- u8 ret;
- u8 old;
-
-- old = ACCESS_ONCE(zero_stats);
-+ old = READ_ONCE(zero_stats);
- if (unlikely(old)) {
- ret = cmpxchg(&zero_stats, old, 0);
- /* This ensures only one fellow resets the stat */
-@@ -727,6 +727,7 @@ __visible void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
- int cpu;
- u64 start;
- unsigned long flags;
-+ __ticket_t head;
-
- if (in_nmi())
- return;
-@@ -768,11 +769,15 @@ __visible void kvm_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
- */
- __ticket_enter_slowpath(lock);
-
-+ /* make sure enter_slowpath, which is atomic does not cross the read */
-+ smp_mb__after_atomic();
-+
- /*
- * check again make sure it didn't become free while
- * we weren't looking.
- */
-- if (ACCESS_ONCE(lock->tickets.head) == want) {
-+ head = READ_ONCE(lock->tickets.head);
-+ if (__tickets_equal(head, want)) {
- add_stats(TAKEN_SLOW_PICKUP, 1);
- goto out;
- }
-@@ -803,8 +808,8 @@ static void kvm_unlock_kick(struct arch_spinlock *lock, __ticket_t ticket)
- add_stats(RELEASED_SLOW, 1);
- for_each_cpu(cpu, &waiting_cpus) {
- const struct kvm_lock_waiting *w = &per_cpu(klock_waiting, cpu);
-- if (ACCESS_ONCE(w->lock) == lock &&
-- ACCESS_ONCE(w->want) == ticket) {
-+ if (READ_ONCE(w->lock) == lock &&
-+ READ_ONCE(w->want) == ticket) {
- add_stats(RELEASED_SLOW_KICKED, 1);
- kvm_kick_cpu(cpu);
- break;
-diff --git a/arch/x86/kernel/pmc_atom.c b/arch/x86/kernel/pmc_atom.c
-index 0ee5025e..8bb9a61 100644
---- a/arch/x86/kernel/pmc_atom.c
-+++ b/arch/x86/kernel/pmc_atom.c
-@@ -217,6 +217,8 @@ static int pmc_dbgfs_register(struct pmc_dev *pmc, struct pci_dev *pdev)
- if (!dir)
- return -ENOMEM;
-
-+ pmc->dbgfs_dir = dir;
-+
- f = debugfs_create_file("dev_state", S_IFREG | S_IRUGO,
- dir, pmc, &pmc_dev_state_ops);
- if (!f) {
-@@ -229,7 +231,7 @@ static int pmc_dbgfs_register(struct pmc_dev *pmc, struct pci_dev *pdev)
- dev_err(&pdev->dev, "sleep_state register failed\n");
- goto err;
- }
-- pmc->dbgfs_dir = dir;
-+
- return 0;
- err:
- pmc_dbgfs_unregister(pmc);
-diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index d754782..224b142 100644
---- a/arch/x86/mm/gup.c
-+++ b/arch/x86/mm/gup.c
-@@ -172,7 +172,7 @@ static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
- */
- if (pmd_none(pmd) || pmd_trans_splitting(pmd))
- return 0;
-- if (unlikely(pmd_large(pmd))) {
-+ if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) {
- /*
- * NUMA hinting faults need to be handled in the GUP
- * slowpath for accounting purposes and so that they
-diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 8b977eb..006cc91 100644
---- a/arch/x86/mm/hugetlbpage.c
-+++ b/arch/x86/mm/hugetlbpage.c
-@@ -66,9 +66,15 @@ follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
- return ERR_PTR(-EINVAL);
- }
-
-+/*
-+ * pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal
-+ * hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry.
-+ * Otherwise, returns 0.
-+ */
- int pmd_huge(pmd_t pmd)
- {
-- return !!(pmd_val(pmd) & _PAGE_PSE);
-+ return !pmd_none(pmd) &&
-+ (pmd_val(pmd) & (_PAGE_PRESENT|_PAGE_PSE)) != _PAGE_PRESENT;
- }
-
- int pud_huge(pud_t pud)
-diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index 919b912..df4552b 100644
---- a/arch/x86/mm/mmap.c
-+++ b/arch/x86/mm/mmap.c
-@@ -35,12 +35,12 @@ struct va_alignment __read_mostly va_align = {
- .flags = -1,
- };
-
--static unsigned int stack_maxrandom_size(void)
-+static unsigned long stack_maxrandom_size(void)
- {
-- unsigned int max = 0;
-+ unsigned long max = 0;
- if ((current->flags & PF_RANDOMIZE) &&
- !(current->personality & ADDR_NO_RANDOMIZE)) {
-- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
-+ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT;
- }
-
- return max;
-diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
-index 5fcda72..86d0f9e 100644
---- a/arch/x86/platform/efi/efi_stub_64.S
-+++ b/arch/x86/platform/efi/efi_stub_64.S
-@@ -91,167 +91,6 @@ ENTRY(efi_call)
- ret
- ENDPROC(efi_call)
-
--#ifdef CONFIG_EFI_MIXED
--
--/*
-- * We run this function from the 1:1 mapping.
-- *
-- * This function must be invoked with a 1:1 mapped stack.
-- */
--ENTRY(__efi64_thunk)
-- movl %ds, %eax
-- push %rax
-- movl %es, %eax
-- push %rax
-- movl %ss, %eax
-- push %rax
--
-- subq $32, %rsp
-- movl %esi, 0x0(%rsp)
-- movl %edx, 0x4(%rsp)
-- movl %ecx, 0x8(%rsp)
-- movq %r8, %rsi
-- movl %esi, 0xc(%rsp)
-- movq %r9, %rsi
-- movl %esi, 0x10(%rsp)
--
-- sgdt save_gdt(%rip)
--
-- leaq 1f(%rip), %rbx
-- movq %rbx, func_rt_ptr(%rip)
--
-- /* Switch to gdt with 32-bit segments */
-- movl 64(%rsp), %eax
-- lgdt (%rax)
--
-- leaq efi_enter32(%rip), %rax
-- pushq $__KERNEL_CS
-- pushq %rax
-- lretq
--
--1: addq $32, %rsp
--
-- lgdt save_gdt(%rip)
--
-- pop %rbx
-- movl %ebx, %ss
-- pop %rbx
-- movl %ebx, %es
-- pop %rbx
-- movl %ebx, %ds
--
-- /*
-- * Convert 32-bit status code into 64-bit.
-- */
-- test %rax, %rax
-- jz 1f
-- movl %eax, %ecx
-- andl $0x0fffffff, %ecx
-- andl $0xf0000000, %eax
-- shl $32, %rax
-- or %rcx, %rax
--1:
-- ret
--ENDPROC(__efi64_thunk)
--
--ENTRY(efi_exit32)
-- movq func_rt_ptr(%rip), %rax
-- push %rax
-- mov %rdi, %rax
-- ret
--ENDPROC(efi_exit32)
--
-- .code32
--/*
-- * EFI service pointer must be in %edi.
-- *
-- * The stack should represent the 32-bit calling convention.
-- */
--ENTRY(efi_enter32)
-- movl $__KERNEL_DS, %eax
-- movl %eax, %ds
-- movl %eax, %es
-- movl %eax, %ss
--
-- /* Reload pgtables */
-- movl %cr3, %eax
-- movl %eax, %cr3
--
-- /* Disable paging */
-- movl %cr0, %eax
-- btrl $X86_CR0_PG_BIT, %eax
-- movl %eax, %cr0
--
-- /* Disable long mode via EFER */
-- movl $MSR_EFER, %ecx
-- rdmsr
-- btrl $_EFER_LME, %eax
-- wrmsr
--
-- call *%edi
--
-- /* We must preserve return value */
-- movl %eax, %edi
--
-- /*
-- * Some firmware will return with interrupts enabled. Be sure to
-- * disable them before we switch GDTs.
-- */
-- cli
--
-- movl 68(%esp), %eax
-- movl %eax, 2(%eax)
-- lgdtl (%eax)
--
-- movl %cr4, %eax
-- btsl $(X86_CR4_PAE_BIT), %eax
-- movl %eax, %cr4
--
-- movl %cr3, %eax
-- movl %eax, %cr3
--
-- movl $MSR_EFER, %ecx
-- rdmsr
-- btsl $_EFER_LME, %eax
-- wrmsr
--
-- xorl %eax, %eax
-- lldt %ax
--
-- movl 72(%esp), %eax
-- pushl $__KERNEL_CS
-- pushl %eax
--
-- /* Enable paging */
-- movl %cr0, %eax
-- btsl $X86_CR0_PG_BIT, %eax
-- movl %eax, %cr0
-- lret
--ENDPROC(efi_enter32)
--
-- .data
-- .balign 8
-- .global efi32_boot_gdt
--efi32_boot_gdt: .word 0
-- .quad 0
--
--save_gdt: .word 0
-- .quad 0
--func_rt_ptr: .quad 0
--
-- .global efi_gdt64
--efi_gdt64:
-- .word efi_gdt64_end - efi_gdt64
-- .long 0 /* Filled out by user */
-- .word 0
-- .quad 0x0000000000000000 /* NULL descriptor */
-- .quad 0x00af9a000000ffff /* __KERNEL_CS */
-- .quad 0x00cf92000000ffff /* __KERNEL_DS */
-- .quad 0x0080890000000000 /* TS descriptor */
-- .quad 0x0000000000000000 /* TS continued */
--efi_gdt64_end:
--#endif /* CONFIG_EFI_MIXED */
--
- .data
- ENTRY(efi_scratch)
- .fill 3,8,0
-diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S
-index 8806fa7..ff85d28 100644
---- a/arch/x86/platform/efi/efi_thunk_64.S
-+++ b/arch/x86/platform/efi/efi_thunk_64.S
-@@ -1,9 +1,26 @@
- /*
- * Copyright (C) 2014 Intel Corporation; author Matt Fleming
-+ *
-+ * Support for invoking 32-bit EFI runtime services from a 64-bit
-+ * kernel.
-+ *
-+ * The below thunking functions are only used after ExitBootServices()
-+ * has been called. This simplifies things considerably as compared with
-+ * the early EFI thunking because we can leave all the kernel state
-+ * intact (GDT, IDT, etc) and simply invoke the the 32-bit EFI runtime
-+ * services from __KERNEL32_CS. This means we can continue to service
-+ * interrupts across an EFI mixed mode call.
-+ *
-+ * We do however, need to handle the fact that we're running in a full
-+ * 64-bit virtual address space. Things like the stack and instruction
-+ * addresses need to be accessible by the 32-bit firmware, so we rely on
-+ * using the identity mappings in the EFI page table to access the stack
-+ * and kernel text (see efi_setup_page_tables()).
- */
-
- #include <linux/linkage.h>
- #include <asm/page_types.h>
-+#include <asm/segment.h>
-
- .text
- .code64
-@@ -33,14 +50,6 @@ ENTRY(efi64_thunk)
- leaq efi_exit32(%rip), %rbx
- subq %rax, %rbx
- movl %ebx, 8(%rsp)
-- leaq efi_gdt64(%rip), %rbx
-- subq %rax, %rbx
-- movl %ebx, 2(%ebx)
-- movl %ebx, 4(%rsp)
-- leaq efi_gdt32(%rip), %rbx
-- subq %rax, %rbx
-- movl %ebx, 2(%ebx)
-- movl %ebx, (%rsp)
-
- leaq __efi64_thunk(%rip), %rbx
- subq %rax, %rbx
-@@ -52,14 +61,92 @@ ENTRY(efi64_thunk)
- retq
- ENDPROC(efi64_thunk)
-
-- .data
--efi_gdt32:
-- .word efi_gdt32_end - efi_gdt32
-- .long 0 /* Filled out above */
-- .word 0
-- .quad 0x0000000000000000 /* NULL descriptor */
-- .quad 0x00cf9a000000ffff /* __KERNEL_CS */
-- .quad 0x00cf93000000ffff /* __KERNEL_DS */
--efi_gdt32_end:
-+/*
-+ * We run this function from the 1:1 mapping.
-+ *
-+ * This function must be invoked with a 1:1 mapped stack.
-+ */
-+ENTRY(__efi64_thunk)
-+ movl %ds, %eax
-+ push %rax
-+ movl %es, %eax
-+ push %rax
-+ movl %ss, %eax
-+ push %rax
-+
-+ subq $32, %rsp
-+ movl %esi, 0x0(%rsp)
-+ movl %edx, 0x4(%rsp)
-+ movl %ecx, 0x8(%rsp)
-+ movq %r8, %rsi
-+ movl %esi, 0xc(%rsp)
-+ movq %r9, %rsi
-+ movl %esi, 0x10(%rsp)
-+
-+ leaq 1f(%rip), %rbx
-+ movq %rbx, func_rt_ptr(%rip)
-+
-+ /* Switch to 32-bit descriptor */
-+ pushq $__KERNEL32_CS
-+ leaq efi_enter32(%rip), %rax
-+ pushq %rax
-+ lretq
-+
-+1: addq $32, %rsp
-+
-+ pop %rbx
-+ movl %ebx, %ss
-+ pop %rbx
-+ movl %ebx, %es
-+ pop %rbx
-+ movl %ebx, %ds
-
-+ /*
-+ * Convert 32-bit status code into 64-bit.
-+ */
-+ test %rax, %rax
-+ jz 1f
-+ movl %eax, %ecx
-+ andl $0x0fffffff, %ecx
-+ andl $0xf0000000, %eax
-+ shl $32, %rax
-+ or %rcx, %rax
-+1:
-+ ret
-+ENDPROC(__efi64_thunk)
-+
-+ENTRY(efi_exit32)
-+ movq func_rt_ptr(%rip), %rax
-+ push %rax
-+ mov %rdi, %rax
-+ ret
-+ENDPROC(efi_exit32)
-+
-+ .code32
-+/*
-+ * EFI service pointer must be in %edi.
-+ *
-+ * The stack should represent the 32-bit calling convention.
-+ */
-+ENTRY(efi_enter32)
-+ movl $__KERNEL_DS, %eax
-+ movl %eax, %ds
-+ movl %eax, %es
-+ movl %eax, %ss
-+
-+ call *%edi
-+
-+ /* We must preserve return value */
-+ movl %eax, %edi
-+
-+ movl 72(%esp), %eax
-+ pushl $__KERNEL_CS
-+ pushl %eax
-+
-+ lret
-+ENDPROC(efi_enter32)
-+
-+ .data
-+ .balign 8
-+func_rt_ptr: .quad 0
- efi_saved_sp: .quad 0
-diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
-index 70fb507..376a0a9 100644
---- a/arch/x86/xen/p2m.c
-+++ b/arch/x86/xen/p2m.c
-@@ -554,7 +554,7 @@ static bool alloc_p2m(unsigned long pfn)
- mid_mfn = NULL;
- }
-
-- p2m_pfn = pte_pfn(ACCESS_ONCE(*ptep));
-+ p2m_pfn = pte_pfn(READ_ONCE(*ptep));
- if (p2m_pfn == PFN_DOWN(__pa(p2m_identity)) ||
- p2m_pfn == PFN_DOWN(__pa(p2m_missing))) {
- /* p2m leaf page is missing */
-diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
-index 23b45eb..956374c 100644
---- a/arch/x86/xen/spinlock.c
-+++ b/arch/x86/xen/spinlock.c
-@@ -41,7 +41,7 @@ static u8 zero_stats;
- static inline void check_zero(void)
- {
- u8 ret;
-- u8 old = ACCESS_ONCE(zero_stats);
-+ u8 old = READ_ONCE(zero_stats);
- if (unlikely(old)) {
- ret = cmpxchg(&zero_stats, old, 0);
- /* This ensures only one fellow resets the stat */
-@@ -112,6 +112,7 @@ __visible void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
- struct xen_lock_waiting *w = this_cpu_ptr(&lock_waiting);
- int cpu = smp_processor_id();
- u64 start;
-+ __ticket_t head;
- unsigned long flags;
-
- /* If kicker interrupts not initialized yet, just spin */
-@@ -159,11 +160,15 @@ __visible void xen_lock_spinning(struct arch_spinlock *lock, __ticket_t want)
- */
- __ticket_enter_slowpath(lock);
-
-+ /* make sure enter_slowpath, which is atomic does not cross the read */
-+ smp_mb__after_atomic();
-+
- /*
- * check again make sure it didn't become free while
- * we weren't looking
- */
-- if (ACCESS_ONCE(lock->tickets.head) == want) {
-+ head = READ_ONCE(lock->tickets.head);
-+ if (__tickets_equal(head, want)) {
- add_stats(TAKEN_SLOW_PICKUP, 1);
- goto out;
- }
-@@ -204,8 +209,8 @@ static void xen_unlock_kick(struct arch_spinlock *lock, __ticket_t next)
- const struct xen_lock_waiting *w = &per_cpu(lock_waiting, cpu);
-
- /* Make sure we read lock before want */
-- if (ACCESS_ONCE(w->lock) == lock &&
-- ACCESS_ONCE(w->want) == next) {
-+ if (READ_ONCE(w->lock) == lock &&
-+ READ_ONCE(w->want) == next) {
- add_stats(RELEASED_SLOW_KICKED, 1);
- xen_send_IPI_one(cpu, XEN_SPIN_UNLOCK_VECTOR);
- break;
-diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c
-index 60c9d4a..3a415ec 100644
---- a/block/blk-mq-tag.c
-+++ b/block/blk-mq-tag.c
-@@ -509,6 +509,7 @@ static int bt_alloc(struct blk_mq_bitmap_tags *bt, unsigned int depth,
- bt->bs = kzalloc(BT_WAIT_QUEUES * sizeof(*bt->bs), GFP_KERNEL);
- if (!bt->bs) {
- kfree(bt->map);
-+ bt->map = NULL;
- return -ENOMEM;
- }
-
-diff --git a/block/blk-throttle.c b/block/blk-throttle.c
-index 9273d09..5b9c6d5 100644
---- a/block/blk-throttle.c
-+++ b/block/blk-throttle.c
-@@ -1292,6 +1292,9 @@ static u64 tg_prfill_cpu_rwstat(struct seq_file *sf,
- struct blkg_rwstat rwstat = { }, tmp;
- int i, cpu;
-
-+ if (tg->stats_cpu == NULL)
-+ return 0;
-+
- for_each_possible_cpu(cpu) {
- struct tg_stats_cpu *sc = per_cpu_ptr(tg->stats_cpu, cpu);
-
-diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
-index 6f2751d..5da8e6e 100644
---- a/block/cfq-iosched.c
-+++ b/block/cfq-iosched.c
-@@ -3590,6 +3590,11 @@ retry:
-
- blkcg = bio_blkcg(bio);
- cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
-+ if (!cfqg) {
-+ cfqq = &cfqd->oom_cfqq;
-+ goto out;
-+ }
-+
- cfqq = cic_to_cfqq(cic, is_sync);
-
- /*
-@@ -3626,7 +3631,7 @@ retry:
- } else
- cfqq = &cfqd->oom_cfqq;
- }
--
-+out:
- if (new_cfqq)
- kmem_cache_free(cfq_pool, new_cfqq);
-
-@@ -3656,12 +3661,17 @@ static struct cfq_queue *
- cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic,
- struct bio *bio, gfp_t gfp_mask)
- {
-- const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
-- const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
-+ int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
-+ int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
- struct cfq_queue **async_cfqq = NULL;
- struct cfq_queue *cfqq = NULL;
-
- if (!is_sync) {
-+ if (!ioprio_valid(cic->ioprio)) {
-+ struct task_struct *tsk = current;
-+ ioprio = task_nice_ioprio(tsk);
-+ ioprio_class = task_nice_ioclass(tsk);
-+ }
- async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio);
- cfqq = *async_cfqq;
- }
-diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
-index e75737f..7d5880d 100644
---- a/drivers/acpi/acpi_lpss.c
-+++ b/drivers/acpi/acpi_lpss.c
-@@ -105,7 +105,7 @@ static void lpss_uart_setup(struct lpss_private_data *pdata)
- }
- }
-
--static void byt_i2c_setup(struct lpss_private_data *pdata)
-+static void lpss_deassert_reset(struct lpss_private_data *pdata)
- {
- unsigned int offset;
- u32 val;
-@@ -114,9 +114,18 @@ static void byt_i2c_setup(struct lpss_private_data *pdata)
- val = readl(pdata->mmio_base + offset);
- val |= LPSS_RESETS_RESET_APB | LPSS_RESETS_RESET_FUNC;
- writel(val, pdata->mmio_base + offset);
-+}
-+
-+#define LPSS_I2C_ENABLE 0x6c
-+
-+static void byt_i2c_setup(struct lpss_private_data *pdata)
-+{
-+ lpss_deassert_reset(pdata);
-
- if (readl(pdata->mmio_base + pdata->dev_desc->prv_offset))
- pdata->fixed_clk_rate = 133000000;
-+
-+ writel(0, pdata->mmio_base + LPSS_I2C_ENABLE);
- }
-
- static struct lpss_device_desc lpt_dev_desc = {
-@@ -166,6 +175,12 @@ static struct lpss_device_desc byt_i2c_dev_desc = {
- .setup = byt_i2c_setup,
- };
-
-+static struct lpss_device_desc bsw_spi_dev_desc = {
-+ .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_SAVE_CTX,
-+ .prv_offset = 0x400,
-+ .setup = lpss_deassert_reset,
-+};
-+
- #else
-
- #define LPSS_ADDR(desc) (0UL)
-@@ -198,7 +213,7 @@ static const struct acpi_device_id acpi_lpss_device_ids[] = {
- /* Braswell LPSS devices */
- { "80862288", LPSS_ADDR(byt_pwm_dev_desc) },
- { "8086228A", LPSS_ADDR(byt_uart_dev_desc) },
-- { "8086228E", LPSS_ADDR(byt_spi_dev_desc) },
-+ { "8086228E", LPSS_ADDR(bsw_spi_dev_desc) },
- { "808622C1", LPSS_ADDR(byt_i2c_dev_desc) },
-
- { "INT3430", LPSS_ADDR(lpt_dev_desc) },
-diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
-index 1ee27ac..de4c849 100644
---- a/drivers/bluetooth/ath3k.c
-+++ b/drivers/bluetooth/ath3k.c
-@@ -108,6 +108,7 @@ static const struct usb_device_id ath3k_table[] = {
- { USB_DEVICE(0x13d3, 0x3393) },
- { USB_DEVICE(0x13d3, 0x3402) },
- { USB_DEVICE(0x13d3, 0x3408) },
-+ { USB_DEVICE(0x13d3, 0x3423) },
- { USB_DEVICE(0x13d3, 0x3432) },
-
- /* Atheros AR5BBU12 with sflash firmware */
-@@ -162,6 +163,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
- { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
-+ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
-
- /* Atheros AR5BBU22 with sflash firmware */
-@@ -174,6 +176,8 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
- #define USB_REQ_DFU_DNLOAD 1
- #define BULK_SIZE 4096
- #define FW_HDR_SIZE 20
-+#define TIMEGAP_USEC_MIN 50
-+#define TIMEGAP_USEC_MAX 100
-
- static int ath3k_load_firmware(struct usb_device *udev,
- const struct firmware *firmware)
-@@ -205,6 +209,9 @@ static int ath3k_load_firmware(struct usb_device *udev,
- pipe = usb_sndbulkpipe(udev, 0x02);
-
- while (count) {
-+ /* workaround the compatibility issue with xHCI controller*/
-+ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
-+
- size = min_t(uint, count, BULK_SIZE);
- memcpy(send_buf, firmware->data + sent, size);
-
-@@ -302,6 +309,9 @@ static int ath3k_load_fwfile(struct usb_device *udev,
- pipe = usb_sndbulkpipe(udev, 0x02);
-
- while (count) {
-+ /* workaround the compatibility issue with xHCI controller*/
-+ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
-+
- size = min_t(uint, count, BULK_SIZE);
- memcpy(send_buf, firmware->data + sent, size);
-
-diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
-index 19cf2cf..c91ec52 100644
---- a/drivers/bluetooth/btusb.c
-+++ b/drivers/bluetooth/btusb.c
-@@ -109,16 +109,24 @@ static const struct usb_device_id btusb_table[] = {
- { USB_DEVICE(0x13d3, 0x3404),
- .driver_info = BTUSB_BCM_PATCHRAM },
-
-+ /* Broadcom BCM20702B0 (Dynex/Insignia) */
-+ { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
-+
- /* Foxconn - Hon Hai */
- { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01),
- .driver_info = BTUSB_BCM_PATCHRAM },
-
-+ /* Lite-On Technology - Broadcom based */
-+ { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01),
-+ .driver_info = BTUSB_BCM_PATCHRAM },
-+
- /* Broadcom devices with vendor specific id */
- { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
- .driver_info = BTUSB_BCM_PATCHRAM },
-
- /* ASUSTek Computer - Broadcom based */
-- { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) },
-+ { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01),
-+ .driver_info = BTUSB_BCM_PATCHRAM },
-
- /* Belkin F8065bf - Broadcom based */
- { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
-@@ -188,6 +196,7 @@ static const struct usb_device_id blacklist_table[] = {
- { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
-+ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
- { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
-
- /* Atheros AR5BBU12 with sflash firmware */
-diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 04645c0..9cd6968 100644
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -569,19 +569,19 @@ static void fast_mix(struct fast_pool *f)
- __u32 c = f->pool[2], d = f->pool[3];
-
- a += b; c += d;
-- b = rol32(a, 6); d = rol32(c, 27);
-+ b = rol32(b, 6); d = rol32(d, 27);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 16); d = rol32(c, 14);
-+ b = rol32(b, 16); d = rol32(d, 14);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 6); d = rol32(c, 27);
-+ b = rol32(b, 6); d = rol32(d, 27);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 16); d = rol32(c, 14);
-+ b = rol32(b, 16); d = rol32(d, 14);
- d ^= a; b ^= c;
-
- f->pool[0] = a; f->pool[1] = b;
-diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
-index 6af1700..cfb9089 100644
---- a/drivers/char/tpm/tpm-interface.c
-+++ b/drivers/char/tpm/tpm-interface.c
-@@ -1122,7 +1122,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev,
-
- /* Make chip available */
- spin_lock(&driver_lock);
-- list_add_rcu(&chip->list, &tpm_chip_list);
-+ list_add_tail_rcu(&chip->list, &tpm_chip_list);
- spin_unlock(&driver_lock);
-
- return chip;
-diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c
-index 7727292..503a85a 100644
---- a/drivers/char/tpm/tpm_i2c_atmel.c
-+++ b/drivers/char/tpm/tpm_i2c_atmel.c
-@@ -168,6 +168,10 @@ static int i2c_atmel_probe(struct i2c_client *client,
-
- chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
- GFP_KERNEL);
-+ if (!chip->vendor.priv) {
-+ rc = -ENOMEM;
-+ goto out_err;
-+ }
-
- /* Default timeouts */
- chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
-diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c
-index 7b158ef..23c7b13 100644
---- a/drivers/char/tpm/tpm_i2c_nuvoton.c
-+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
-@@ -538,6 +538,11 @@ static int i2c_nuvoton_probe(struct i2c_client *client,
-
- chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
- GFP_KERNEL);
-+ if (!chip->vendor.priv) {
-+ rc = -ENOMEM;
-+ goto out_err;
-+ }
-+
- init_waitqueue_head(&chip->vendor.read_queue);
- init_waitqueue_head(&chip->vendor.int_queue);
-
-diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c
-index 4669e37..7d1c540 100644
---- a/drivers/char/tpm/tpm_i2c_stm_st33.c
-+++ b/drivers/char/tpm/tpm_i2c_stm_st33.c
-@@ -487,7 +487,7 @@ static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf,
- if (burstcnt < 0)
- return burstcnt;
- size = min_t(int, len - i - 1, burstcnt);
-- ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size);
-+ ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + i, size);
- if (ret < 0)
- goto out_err;
-
-diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
-index af74c57..eff9d58 100644
---- a/drivers/char/tpm/tpm_ibmvtpm.c
-+++ b/drivers/char/tpm/tpm_ibmvtpm.c
-@@ -148,7 +148,8 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
- crq.len = (u16)count;
- crq.data = ibmvtpm->rtce_dma_handle;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, word[0], word[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(word[0]),
-+ cpu_to_be64(word[1]));
- if (rc != H_SUCCESS) {
- dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc);
- rc = 0;
-@@ -186,7 +187,8 @@ static int ibmvtpm_crq_get_rtce_size(struct ibmvtpm_dev *ibmvtpm)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_GET_RTCE_BUFFER_SIZE;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "ibmvtpm_crq_get_rtce_size failed rc=%d\n", rc);
-@@ -212,7 +214,8 @@ static int ibmvtpm_crq_get_version(struct ibmvtpm_dev *ibmvtpm)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_GET_VERSION;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "ibmvtpm_crq_get_version failed rc=%d\n", rc);
-@@ -307,6 +310,14 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev)
- static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
- {
- struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev);
-+
-+ /* ibmvtpm initializes at probe time, so the data we are
-+ * asking for may not be set yet. Estimate that 4K required
-+ * for TCE-mapped buffer in addition to CRQ.
-+ */
-+ if (!ibmvtpm)
-+ return CRQ_RES_BUF_SIZE + PAGE_SIZE;
-+
- return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
- }
-
-@@ -327,7 +338,8 @@ static int tpm_ibmvtpm_suspend(struct device *dev)
- crq.valid = (u8)IBMVTPM_VALID_CMD;
- crq.msg = (u8)VTPM_PREPARE_TO_SUSPEND;
-
-- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
-+ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
-+ cpu_to_be64(buf[1]));
- if (rc != H_SUCCESS)
- dev_err(ibmvtpm->dev,
- "tpm_ibmvtpm_suspend failed rc=%d\n", rc);
-@@ -472,11 +484,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
- case IBMVTPM_VALID_CMD:
- switch (crq->msg) {
- case VTPM_GET_RTCE_BUFFER_SIZE_RES:
-- if (crq->len <= 0) {
-+ if (be16_to_cpu(crq->len) <= 0) {
- dev_err(ibmvtpm->dev, "Invalid rtce size\n");
- return;
- }
-- ibmvtpm->rtce_size = crq->len;
-+ ibmvtpm->rtce_size = be16_to_cpu(crq->len);
- ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size,
- GFP_KERNEL);
- if (!ibmvtpm->rtce_buf) {
-@@ -497,11 +509,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
-
- return;
- case VTPM_GET_VERSION_RES:
-- ibmvtpm->vtpm_version = crq->data;
-+ ibmvtpm->vtpm_version = be32_to_cpu(crq->data);
- return;
- case VTPM_TPM_COMMAND_RES:
- /* len of the data in rtce buffer */
-- ibmvtpm->res_len = crq->len;
-+ ibmvtpm->res_len = be16_to_cpu(crq->len);
- wake_up_interruptible(&ibmvtpm->wq);
- return;
- default:
-diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
-index 6f19854..ccb140d 100644
---- a/drivers/char/tpm/tpm_tis.c
-+++ b/drivers/char/tpm/tpm_tis.c
-@@ -75,6 +75,10 @@ enum tis_defaults {
- #define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
- #define TPM_RID(l) (0x0F04 | ((l) << 12))
-
-+struct priv_data {
-+ bool irq_tested;
-+};
-+
- static LIST_HEAD(tis_chips);
- static DEFINE_MUTEX(tis_lock);
-
-@@ -338,12 +342,27 @@ out_err:
- return rc;
- }
-
-+static void disable_interrupts(struct tpm_chip *chip)
-+{
-+ u32 intmask;
-+
-+ intmask =
-+ ioread32(chip->vendor.iobase +
-+ TPM_INT_ENABLE(chip->vendor.locality));
-+ intmask &= ~TPM_GLOBAL_INT_ENABLE;
-+ iowrite32(intmask,
-+ chip->vendor.iobase +
-+ TPM_INT_ENABLE(chip->vendor.locality));
-+ free_irq(chip->vendor.irq, chip);
-+ chip->vendor.irq = 0;
-+}
-+
- /*
- * If interrupts are used (signaled by an irq set in the vendor structure)
- * tpm.c can skip polling for the data to be available as the interrupt is
- * waited for here
- */
--static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
-+static int tpm_tis_send_main(struct tpm_chip *chip, u8 *buf, size_t len)
- {
- int rc;
- u32 ordinal;
-@@ -373,6 +392,30 @@ out_err:
- return rc;
- }
-
-+static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
-+{
-+ int rc, irq;
-+ struct priv_data *priv = chip->vendor.priv;
-+
-+ if (!chip->vendor.irq || priv->irq_tested)
-+ return tpm_tis_send_main(chip, buf, len);
-+
-+ /* Verify receipt of the expected IRQ */
-+ irq = chip->vendor.irq;
-+ chip->vendor.irq = 0;
-+ rc = tpm_tis_send_main(chip, buf, len);
-+ chip->vendor.irq = irq;
-+ if (!priv->irq_tested)
-+ msleep(1);
-+ if (!priv->irq_tested) {
-+ disable_interrupts(chip);
-+ dev_err(chip->dev,
-+ FW_BUG "TPM interrupt not working, polling instead\n");
-+ }
-+ priv->irq_tested = true;
-+ return rc;
-+}
-+
- struct tis_vendor_timeout_override {
- u32 did_vid;
- unsigned long timeout_us[4];
-@@ -505,6 +548,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id)
- if (interrupt == 0)
- return IRQ_NONE;
-
-+ ((struct priv_data *)chip->vendor.priv)->irq_tested = true;
- if (interrupt & TPM_INTF_DATA_AVAIL_INT)
- wake_up_interruptible(&chip->vendor.read_queue);
- if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
-@@ -534,9 +578,14 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- u32 vendor, intfcaps, intmask;
- int rc, i, irq_s, irq_e, probe;
- struct tpm_chip *chip;
-+ struct priv_data *priv;
-
-+ priv = devm_kzalloc(dev, sizeof(struct priv_data), GFP_KERNEL);
-+ if (priv == NULL)
-+ return -ENOMEM;
- if (!(chip = tpm_register_hardware(dev, &tpm_tis)))
- return -ENODEV;
-+ chip->vendor.priv = priv;
-
- chip->vendor.iobase = ioremap(start, len);
- if (!chip->vendor.iobase) {
-@@ -605,19 +654,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
- dev_dbg(dev, "\tData Avail Int Support\n");
-
-- /* get the timeouts before testing for irqs */
-- if (tpm_get_timeouts(chip)) {
-- dev_err(dev, "Could not get TPM timeouts and durations\n");
-- rc = -ENODEV;
-- goto out_err;
-- }
--
-- if (tpm_do_selftest(chip)) {
-- dev_err(dev, "TPM self test failed\n");
-- rc = -ENODEV;
-- goto out_err;
-- }
--
- /* INTERRUPT Setup */
- init_waitqueue_head(&chip->vendor.read_queue);
- init_waitqueue_head(&chip->vendor.int_queue);
-@@ -719,6 +755,18 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
- }
- }
-
-+ if (tpm_get_timeouts(chip)) {
-+ dev_err(dev, "Could not get TPM timeouts and durations\n");
-+ rc = -ENODEV;
-+ goto out_err;
-+ }
-+
-+ if (tpm_do_selftest(chip)) {
-+ dev_err(dev, "TPM self test failed\n");
-+ rc = -ENODEV;
-+ goto out_err;
-+ }
-+
- INIT_LIST_HEAD(&chip->vendor.list);
- mutex_lock(&tis_lock);
- list_add(&chip->vendor.list, &tis_chips);
-diff --git a/drivers/clocksource/mtk_timer.c b/drivers/clocksource/mtk_timer.c
-index 32a3d25..68ab423 100644
---- a/drivers/clocksource/mtk_timer.c
-+++ b/drivers/clocksource/mtk_timer.c
-@@ -224,6 +224,8 @@ static void __init mtk_timer_init(struct device_node *node)
- }
- rate = clk_get_rate(clk);
-
-+ mtk_timer_global_reset(evt);
-+
- if (request_irq(evt->dev.irq, mtk_timer_interrupt,
- IRQF_TIMER | IRQF_IRQPOLL, "mtk_timer", evt)) {
- pr_warn("failed to setup irq %d\n", evt->dev.irq);
-@@ -232,8 +234,6 @@ static void __init mtk_timer_init(struct device_node *node)
-
- evt->ticks_per_jiffy = DIV_ROUND_UP(rate, HZ);
-
-- mtk_timer_global_reset(evt);
--
- /* Configure clock source */
- mtk_timer_setup(evt, GPT_CLK_SRC, TIMER_CTRL_OP_FREERUN);
- clocksource_mmio_init(evt->gpt_base + TIMER_CNT_REG(GPT_CLK_SRC),
-@@ -241,10 +241,11 @@ static void __init mtk_timer_init(struct device_node *node)
-
- /* Configure clock event */
- mtk_timer_setup(evt, GPT_CLK_EVT, TIMER_CTRL_OP_REPEAT);
-- mtk_timer_enable_irq(evt, GPT_CLK_EVT);
--
- clockevents_config_and_register(&evt->dev, rate, 0x3,
- 0xffffffff);
-+
-+ mtk_timer_enable_irq(evt, GPT_CLK_EVT);
-+
- return;
-
- err_clk_disable:
-diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 46bed4f..7030c40 100644
---- a/drivers/cpufreq/cpufreq.c
-+++ b/drivers/cpufreq/cpufreq.c
-@@ -1416,9 +1416,10 @@ static int __cpufreq_remove_dev_finish(struct device *dev,
- unsigned long flags;
- struct cpufreq_policy *policy;
-
-- read_lock_irqsave(&cpufreq_driver_lock, flags);
-+ write_lock_irqsave(&cpufreq_driver_lock, flags);
- policy = per_cpu(cpufreq_cpu_data, cpu);
-- read_unlock_irqrestore(&cpufreq_driver_lock, flags);
-+ per_cpu(cpufreq_cpu_data, cpu) = NULL;
-+ write_unlock_irqrestore(&cpufreq_driver_lock, flags);
-
- if (!policy) {
- pr_debug("%s: No cpu_data found\n", __func__);
-@@ -1473,7 +1474,6 @@ static int __cpufreq_remove_dev_finish(struct device *dev,
- }
- }
-
-- per_cpu(cpufreq_cpu_data, cpu) = NULL;
- return 0;
- }
-
-diff --git a/drivers/cpufreq/s3c2416-cpufreq.c b/drivers/cpufreq/s3c2416-cpufreq.c
-index 2fd53ea..d6d4257 100644
---- a/drivers/cpufreq/s3c2416-cpufreq.c
-+++ b/drivers/cpufreq/s3c2416-cpufreq.c
-@@ -263,7 +263,7 @@ out:
- }
-
- #ifdef CONFIG_ARM_S3C2416_CPUFREQ_VCORESCALE
--static void __init s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq)
-+static void s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq)
- {
- int count, v, i, found;
- struct cpufreq_frequency_table *pos;
-@@ -333,7 +333,7 @@ static struct notifier_block s3c2416_cpufreq_reboot_notifier = {
- .notifier_call = s3c2416_cpufreq_reboot_notifier_evt,
- };
-
--static int __init s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy)
-+static int s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy)
- {
- struct s3c2416_data *s3c_freq = &s3c2416_cpufreq;
- struct cpufreq_frequency_table *pos;
-diff --git a/drivers/cpufreq/s3c24xx-cpufreq.c b/drivers/cpufreq/s3c24xx-cpufreq.c
-index d00f1ce..733aa51 100644
---- a/drivers/cpufreq/s3c24xx-cpufreq.c
-+++ b/drivers/cpufreq/s3c24xx-cpufreq.c
-@@ -144,11 +144,6 @@ static void s3c_cpufreq_setfvco(struct s3c_cpufreq_config *cfg)
- (cfg->info->set_fvco)(cfg);
- }
-
--static inline void s3c_cpufreq_resume_clocks(void)
--{
-- cpu_cur.info->resume_clocks();
--}
--
- static inline void s3c_cpufreq_updateclk(struct clk *clk,
- unsigned int freq)
- {
-@@ -417,9 +412,6 @@ static int s3c_cpufreq_resume(struct cpufreq_policy *policy)
-
- last_target = ~0; /* invalidate last_target setting */
-
-- /* first, find out what speed we resumed at. */
-- s3c_cpufreq_resume_clocks();
--
- /* whilst we will be called later on, we try and re-set the
- * cpu frequencies as soon as possible so that we do not end
- * up resuming devices and then immediately having to re-set
-@@ -454,7 +446,7 @@ static struct cpufreq_driver s3c24xx_driver = {
- };
-
-
--int __init s3c_cpufreq_register(struct s3c_cpufreq_info *info)
-+int s3c_cpufreq_register(struct s3c_cpufreq_info *info)
- {
- if (!info || !info->name) {
- printk(KERN_ERR "%s: failed to pass valid information\n",
-diff --git a/drivers/cpufreq/speedstep-lib.c b/drivers/cpufreq/speedstep-lib.c
-index 7047821..4ab7a21 100644
---- a/drivers/cpufreq/speedstep-lib.c
-+++ b/drivers/cpufreq/speedstep-lib.c
-@@ -400,6 +400,7 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor,
-
- pr_debug("previous speed is %u\n", prev_speed);
-
-+ preempt_disable();
- local_irq_save(flags);
-
- /* switch to low state */
-@@ -464,6 +465,8 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor,
-
- out:
- local_irq_restore(flags);
-+ preempt_enable();
-+
- return ret;
- }
- EXPORT_SYMBOL_GPL(speedstep_get_freqs);
-diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c
-index 5fc96d5..819229e 100644
---- a/drivers/cpufreq/speedstep-smi.c
-+++ b/drivers/cpufreq/speedstep-smi.c
-@@ -156,6 +156,7 @@ static void speedstep_set_state(unsigned int state)
- return;
-
- /* Disable IRQs */
-+ preempt_disable();
- local_irq_save(flags);
-
- command = (smi_sig & 0xffffff00) | (smi_cmd & 0xff);
-@@ -166,9 +167,19 @@ static void speedstep_set_state(unsigned int state)
-
- do {
- if (retry) {
-+ /*
-+ * We need to enable interrupts, otherwise the blockage
-+ * won't resolve.
-+ *
-+ * We disable preemption so that other processes don't
-+ * run. If other processes were running, they could
-+ * submit more DMA requests, making the blockage worse.
-+ */
- pr_debug("retry %u, previous result %u, waiting...\n",
- retry, result);
-+ local_irq_enable();
- mdelay(retry * 50);
-+ local_irq_disable();
- }
- retry++;
- __asm__ __volatile__(
-@@ -185,6 +196,7 @@ static void speedstep_set_state(unsigned int state)
-
- /* enable IRQs */
- local_irq_restore(flags);
-+ preempt_enable();
-
- if (new_state == state)
- pr_debug("change to %u MHz succeeded after %u tries "
-diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
-index 17638d7..5907c17 100644
---- a/drivers/edac/amd64_edac.c
-+++ b/drivers/edac/amd64_edac.c
-@@ -2174,14 +2174,20 @@ static void __log_bus_error(struct mem_ctl_info *mci, struct err_info *err,
-
- static inline void decode_bus_error(int node_id, struct mce *m)
- {
-- struct mem_ctl_info *mci = mcis[node_id];
-- struct amd64_pvt *pvt = mci->pvt_info;
-+ struct mem_ctl_info *mci;
-+ struct amd64_pvt *pvt;
- u8 ecc_type = (m->status >> 45) & 0x3;
- u8 xec = XEC(m->status, 0x1f);
- u16 ec = EC(m->status);
- u64 sys_addr;
- struct err_info err;
-
-+ mci = edac_mc_find(node_id);
-+ if (!mci)
-+ return;
-+
-+ pvt = mci->pvt_info;
-+
- /* Bail out early if this was an 'observed' error */
- if (PP(ec) == NBSL_PP_OBS)
- return;
-diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
-index 63aa673..1acf57b 100644
---- a/drivers/edac/sb_edac.c
-+++ b/drivers/edac/sb_edac.c
-@@ -2447,7 +2447,7 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id)
- rc = sbridge_get_all_devices(&num_mc, pci_dev_descr_ibridge_table);
- type = IVY_BRIDGE;
- break;
-- case PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_TA:
-+ case PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_HA0:
- rc = sbridge_get_all_devices(&num_mc, pci_dev_descr_sbridge_table);
- type = SANDY_BRIDGE;
- break;
-@@ -2460,8 +2460,11 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id)
- type = BROADWELL;
- break;
- }
-- if (unlikely(rc < 0))
-+ if (unlikely(rc < 0)) {
-+ edac_dbg(0, "couldn't get all devices for 0x%x\n", pdev->device);
- goto fail0;
-+ }
-+
- mc = 0;
-
- list_for_each_entry(sbridge_dev, &sbridge_edac_list, list) {
-@@ -2474,7 +2477,7 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id)
- goto fail1;
- }
-
-- sbridge_printk(KERN_INFO, "Driver loaded.\n");
-+ sbridge_printk(KERN_INFO, "%s\n", SBRIDGE_REVISION);
-
- mutex_unlock(&sbridge_edac_lock);
- return 0;
-diff --git a/drivers/gpio/gpio-tps65912.c b/drivers/gpio/gpio-tps65912.c
-index 472fb5b..9cdbc0c 100644
---- a/drivers/gpio/gpio-tps65912.c
-+++ b/drivers/gpio/gpio-tps65912.c
-@@ -26,9 +26,12 @@ struct tps65912_gpio_data {
- struct gpio_chip gpio_chip;
- };
-
-+#define to_tgd(gc) container_of(gc, struct tps65912_gpio_data, gpio_chip)
-+
- static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
- int val;
-
- val = tps65912_reg_read(tps65912, TPS65912_GPIO1 + offset);
-@@ -42,7 +45,8 @@ static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset)
- static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset,
- int value)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- if (value)
- tps65912_set_bits(tps65912, TPS65912_GPIO1 + offset,
-@@ -55,7 +59,8 @@ static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset,
- static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset,
- int value)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- /* Set the initial value */
- tps65912_gpio_set(gc, offset, value);
-@@ -66,7 +71,8 @@ static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset,
-
- static int tps65912_gpio_input(struct gpio_chip *gc, unsigned offset)
- {
-- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
-+ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
-+ struct tps65912 *tps65912 = tps65912_gpio->tps65912;
-
- return tps65912_clear_bits(tps65912, TPS65912_GPIO1 + offset,
- GPIO_CFG_MASK);
-diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c
-index 08261f2..26645a8 100644
---- a/drivers/gpio/gpiolib-of.c
-+++ b/drivers/gpio/gpiolib-of.c
-@@ -46,12 +46,13 @@ static int of_gpiochip_find_and_xlate(struct gpio_chip *gc, void *data)
-
- ret = gc->of_xlate(gc, &gg_data->gpiospec, gg_data->flags);
- if (ret < 0) {
-- /* We've found the gpio chip, but the translation failed.
-- * Return true to stop looking and return the translation
-- * error via out_gpio
-+ /* We've found a gpio chip, but the translation failed.
-+ * Store translation error in out_gpio.
-+ * Return false to keep looking, as more than one gpio chip
-+ * could be registered per of-node.
- */
- gg_data->out_gpio = ERR_PTR(ret);
-- return true;
-+ return false;
- }
-
- gg_data->out_gpio = gpiochip_get_desc(gc, ret);
-diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
-index d43e967..5e72fc2 100644
---- a/drivers/hid/i2c-hid/i2c-hid.c
-+++ b/drivers/hid/i2c-hid/i2c-hid.c
-@@ -370,7 +370,10 @@ static int i2c_hid_hwreset(struct i2c_client *client)
- static void i2c_hid_get_input(struct i2c_hid *ihid)
- {
- int ret, ret_size;
-- int size = ihid->bufsize;
-+ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
-+
-+ if (size > ihid->bufsize)
-+ size = ihid->bufsize;
-
- ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
- if (ret != size) {
-diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 40b35be..2f2f38f 100644
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -560,7 +560,7 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect
- if (test_bit(WriteMostly, &rdev->flags)) {
- /* Don't balance among write-mostly, just
- * use the first as a last resort */
-- if (best_disk < 0) {
-+ if (best_dist_disk < 0) {
- if (is_badblock(rdev, this_sector, sectors,
- &first_bad, &bad_sectors)) {
- if (first_bad < this_sector)
-@@ -569,7 +569,8 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect
- best_good_sectors = first_bad - this_sector;
- } else
- best_good_sectors = sectors;
-- best_disk = disk;
-+ best_dist_disk = disk;
-+ best_pending_disk = disk;
- }
- continue;
- }
-diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index b98765f..8577cc7 100644
---- a/drivers/md/raid5.c
-+++ b/drivers/md/raid5.c
-@@ -3102,7 +3102,8 @@ static void handle_stripe_dirtying(struct r5conf *conf,
- * generate correct data from the parity.
- */
- if (conf->max_degraded == 2 ||
-- (recovery_cp < MaxSector && sh->sector >= recovery_cp)) {
-+ (recovery_cp < MaxSector && sh->sector >= recovery_cp &&
-+ s->failed == 0)) {
- /* Calculate the real rcw later - for now make it
- * look like rcw is cheaper
- */
-diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c
-index ce9ab44..acf0fc3 100644
---- a/drivers/media/dvb-frontends/si2168.c
-+++ b/drivers/media/dvb-frontends/si2168.c
-@@ -635,6 +635,8 @@ static const struct dvb_frontend_ops si2168_ops = {
- .delsys = {SYS_DVBT, SYS_DVBT2, SYS_DVBC_ANNEX_A},
- .info = {
- .name = "Silicon Labs Si2168",
-+ .symbol_rate_min = 1000000,
-+ .symbol_rate_max = 7200000,
- .caps = FE_CAN_FEC_1_2 |
- FE_CAN_FEC_2_3 |
- FE_CAN_FEC_3_4 |
-diff --git a/drivers/media/platform/Kconfig b/drivers/media/platform/Kconfig
-index 765bffb..6a1334b 100644
---- a/drivers/media/platform/Kconfig
-+++ b/drivers/media/platform/Kconfig
-@@ -56,10 +56,8 @@ config VIDEO_VIU
-
- config VIDEO_TIMBERDALE
- tristate "Support for timberdale Video In/LogiWIN"
-- depends on VIDEO_V4L2 && I2C && DMADEVICES
-- depends on MFD_TIMBERDALE || COMPILE_TEST
-- select DMA_ENGINE
-- select TIMB_DMA
-+ depends on VIDEO_V4L2 && I2C
-+ depends on (MFD_TIMBERDALE && TIMB_DMA) || COMPILE_TEST
- select VIDEO_ADV7180
- select VIDEOBUF_DMA_CONTIG
- ---help---
-diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
-index 86ffcd5..f8c5e47 100644
---- a/drivers/media/rc/rc-main.c
-+++ b/drivers/media/rc/rc-main.c
-@@ -1021,16 +1021,16 @@ static ssize_t store_protocols(struct device *device,
- goto out;
- }
-
-- if (new_protocols == old_protocols) {
-- rc = len;
-- goto out;
-+ if (new_protocols != old_protocols) {
-+ *current_protocols = new_protocols;
-+ IR_dprintk(1, "Protocols changed to 0x%llx\n",
-+ (long long)new_protocols);
- }
-
-- *current_protocols = new_protocols;
-- IR_dprintk(1, "Protocols changed to 0x%llx\n", (long long)new_protocols);
--
- /*
-- * If the protocol is changed the filter needs updating.
-+ * If a protocol change was attempted the filter may need updating, even
-+ * if the actual protocol mask hasn't changed (since the driver may have
-+ * cleared the filter).
- * Try setting the same filter with the new protocol (if any).
- * Fall back to clearing the filter.
- */
-diff --git a/drivers/media/usb/dvb-usb-v2/lmedm04.c b/drivers/media/usb/dvb-usb-v2/lmedm04.c
-index 994de53..15db9f6 100644
---- a/drivers/media/usb/dvb-usb-v2/lmedm04.c
-+++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c
-@@ -344,15 +344,17 @@ static void lme2510_int_response(struct urb *lme_urb)
-
- usb_submit_urb(lme_urb, GFP_ATOMIC);
-
-- /* interrupt urb is due every 48 msecs while streaming
-- * add 12msecs for system lag */
-- st->int_urb_due = jiffies + msecs_to_jiffies(60);
-+ /* Interrupt urb is due every 48 msecs while streaming the buffer
-+ * stores up to 4 periods if missed. Allow 200 msec for next interrupt.
-+ */
-+ st->int_urb_due = jiffies + msecs_to_jiffies(200);
- }
-
- static int lme2510_int_read(struct dvb_usb_adapter *adap)
- {
- struct dvb_usb_device *d = adap_to_d(adap);
- struct lme2510_state *lme_int = adap_to_priv(adap);
-+ struct usb_host_endpoint *ep;
-
- lme_int->lme_urb = usb_alloc_urb(0, GFP_ATOMIC);
-
-@@ -374,6 +376,12 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap)
- adap,
- 8);
-
-+ /* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */
-+ ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe);
-+
-+ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK)
-+ lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa),
-+
- lme_int->lme_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
-
- usb_submit_urb(lme_int->lme_urb, GFP_ATOMIC);
-diff --git a/drivers/media/usb/em28xx/em28xx-audio.c b/drivers/media/usb/em28xx/em28xx-audio.c
-index 44ae1e0..49a5f95 100644
---- a/drivers/media/usb/em28xx/em28xx-audio.c
-+++ b/drivers/media/usb/em28xx/em28xx-audio.c
-@@ -820,7 +820,7 @@ static int em28xx_audio_urb_init(struct em28xx *dev)
- if (urb_size > ep_size * npackets)
- npackets = DIV_ROUND_UP(urb_size, ep_size);
-
-- em28xx_info("Number of URBs: %d, with %d packets and %d size",
-+ em28xx_info("Number of URBs: %d, with %d packets and %d size\n",
- num_urb, npackets, urb_size);
-
- /* Estimate the bytes per period */
-@@ -981,7 +981,7 @@ static int em28xx_audio_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing audio extension");
-+ em28xx_info("Closing audio extension\n");
-
- if (dev->adev.sndcard) {
- snd_card_disconnect(dev->adev.sndcard);
-@@ -1005,7 +1005,7 @@ static int em28xx_audio_suspend(struct em28xx *dev)
- if (dev->usb_audio_type != EM28XX_USB_AUDIO_VENDOR)
- return 0;
-
-- em28xx_info("Suspending audio extension");
-+ em28xx_info("Suspending audio extension\n");
- em28xx_deinit_isoc_audio(dev);
- atomic_set(&dev->adev.stream_started, 0);
- return 0;
-@@ -1019,7 +1019,7 @@ static int em28xx_audio_resume(struct em28xx *dev)
- if (dev->usb_audio_type != EM28XX_USB_AUDIO_VENDOR)
- return 0;
-
-- em28xx_info("Resuming audio extension");
-+ em28xx_info("Resuming audio extension\n");
- /* Nothing to do other than schedule_work() ?? */
- schedule_work(&dev->adev.wq_trigger);
- return 0;
-diff --git a/drivers/media/usb/em28xx/em28xx-core.c b/drivers/media/usb/em28xx/em28xx-core.c
-index 86461a7..3745607 100644
---- a/drivers/media/usb/em28xx/em28xx-core.c
-+++ b/drivers/media/usb/em28xx/em28xx-core.c
-@@ -1125,7 +1125,7 @@ int em28xx_suspend_extension(struct em28xx *dev)
- {
- const struct em28xx_ops *ops = NULL;
-
-- em28xx_info("Suspending extensions");
-+ em28xx_info("Suspending extensions\n");
- mutex_lock(&em28xx_devlist_mutex);
- list_for_each_entry(ops, &em28xx_extension_devlist, next) {
- if (ops->suspend)
-@@ -1139,7 +1139,7 @@ int em28xx_resume_extension(struct em28xx *dev)
- {
- const struct em28xx_ops *ops = NULL;
-
-- em28xx_info("Resuming extensions");
-+ em28xx_info("Resuming extensions\n");
- mutex_lock(&em28xx_devlist_mutex);
- list_for_each_entry(ops, &em28xx_extension_devlist, next) {
- if (ops->resume)
-diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
-index 9877b69..aee70d4 100644
---- a/drivers/media/usb/em28xx/em28xx-dvb.c
-+++ b/drivers/media/usb/em28xx/em28xx-dvb.c
-@@ -1724,7 +1724,7 @@ static int em28xx_dvb_fini(struct em28xx *dev)
- if (!dev->dvb)
- return 0;
-
-- em28xx_info("Closing DVB extension");
-+ em28xx_info("Closing DVB extension\n");
-
- dvb = dev->dvb;
- client = dvb->i2c_client_tuner;
-@@ -1775,17 +1775,17 @@ static int em28xx_dvb_suspend(struct em28xx *dev)
- if (!dev->board.has_dvb)
- return 0;
-
-- em28xx_info("Suspending DVB extension");
-+ em28xx_info("Suspending DVB extension\n");
- if (dev->dvb) {
- struct em28xx_dvb *dvb = dev->dvb;
-
- if (dvb->fe[0]) {
- ret = dvb_frontend_suspend(dvb->fe[0]);
-- em28xx_info("fe0 suspend %d", ret);
-+ em28xx_info("fe0 suspend %d\n", ret);
- }
- if (dvb->fe[1]) {
- dvb_frontend_suspend(dvb->fe[1]);
-- em28xx_info("fe1 suspend %d", ret);
-+ em28xx_info("fe1 suspend %d\n", ret);
- }
- }
-
-@@ -1802,18 +1802,18 @@ static int em28xx_dvb_resume(struct em28xx *dev)
- if (!dev->board.has_dvb)
- return 0;
-
-- em28xx_info("Resuming DVB extension");
-+ em28xx_info("Resuming DVB extension\n");
- if (dev->dvb) {
- struct em28xx_dvb *dvb = dev->dvb;
-
- if (dvb->fe[0]) {
- ret = dvb_frontend_resume(dvb->fe[0]);
-- em28xx_info("fe0 resume %d", ret);
-+ em28xx_info("fe0 resume %d\n", ret);
- }
-
- if (dvb->fe[1]) {
- ret = dvb_frontend_resume(dvb->fe[1]);
-- em28xx_info("fe1 resume %d", ret);
-+ em28xx_info("fe1 resume %d\n", ret);
- }
- }
-
-diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c
-index d8dc03a..4007356 100644
---- a/drivers/media/usb/em28xx/em28xx-input.c
-+++ b/drivers/media/usb/em28xx/em28xx-input.c
-@@ -654,8 +654,6 @@ next_button:
- if (dev->num_button_polling_addresses) {
- memset(dev->button_polling_last_values, 0,
- EM28XX_NUM_BUTTON_ADDRESSES_MAX);
-- INIT_DELAYED_WORK(&dev->buttons_query_work,
-- em28xx_query_buttons);
- schedule_delayed_work(&dev->buttons_query_work,
- msecs_to_jiffies(dev->button_polling_interval));
- }
-@@ -689,6 +687,7 @@ static int em28xx_ir_init(struct em28xx *dev)
- }
-
- kref_get(&dev->ref);
-+ INIT_DELAYED_WORK(&dev->buttons_query_work, em28xx_query_buttons);
-
- if (dev->board.buttons)
- em28xx_init_buttons(dev);
-@@ -833,7 +832,7 @@ static int em28xx_ir_fini(struct em28xx *dev)
- return 0;
- }
-
-- em28xx_info("Closing input extension");
-+ em28xx_info("Closing input extension\n");
-
- em28xx_shutdown_buttons(dev);
-
-@@ -862,7 +861,7 @@ static int em28xx_ir_suspend(struct em28xx *dev)
- if (dev->is_audio_only)
- return 0;
-
-- em28xx_info("Suspending input extension");
-+ em28xx_info("Suspending input extension\n");
- if (ir)
- cancel_delayed_work_sync(&ir->work);
- cancel_delayed_work_sync(&dev->buttons_query_work);
-@@ -879,7 +878,7 @@ static int em28xx_ir_resume(struct em28xx *dev)
- if (dev->is_audio_only)
- return 0;
-
-- em28xx_info("Resuming input extension");
-+ em28xx_info("Resuming input extension\n");
- /* if suspend calls ir_raw_event_unregister(), the should call
- ir_raw_event_register() */
- if (ir)
-diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c
-index cf7f58b..f220c1f37 100644
---- a/drivers/media/usb/em28xx/em28xx-video.c
-+++ b/drivers/media/usb/em28xx/em28xx-video.c
-@@ -1958,7 +1958,7 @@ static int em28xx_v4l2_fini(struct em28xx *dev)
- if (v4l2 == NULL)
- return 0;
-
-- em28xx_info("Closing video extension");
-+ em28xx_info("Closing video extension\n");
-
- mutex_lock(&dev->lock);
-
-@@ -2007,7 +2007,7 @@ static int em28xx_v4l2_suspend(struct em28xx *dev)
- if (!dev->has_video)
- return 0;
-
-- em28xx_info("Suspending video extension");
-+ em28xx_info("Suspending video extension\n");
- em28xx_stop_urbs(dev);
- return 0;
- }
-@@ -2020,7 +2020,7 @@ static int em28xx_v4l2_resume(struct em28xx *dev)
- if (!dev->has_video)
- return 0;
-
-- em28xx_info("Resuming video extension");
-+ em28xx_info("Resuming video extension\n");
- /* what do we do here */
- return 0;
- }
-diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c
-index 06ff0a2..f8fd503 100644
---- a/drivers/misc/mei/hw-me.c
-+++ b/drivers/misc/mei/hw-me.c
-@@ -242,7 +242,7 @@ static int mei_me_hw_reset(struct mei_device *dev, bool intr_enable)
- if ((hcsr & H_RST) == H_RST) {
- dev_warn(dev->dev, "H_RST is set = 0x%08X", hcsr);
- hcsr &= ~H_RST;
-- mei_me_reg_write(hw, H_CSR, hcsr);
-+ mei_hcsr_set(hw, hcsr);
- hcsr = mei_hcsr_read(hw);
- }
-
-@@ -335,6 +335,7 @@ static int mei_me_hw_ready_wait(struct mei_device *dev)
- return -ETIME;
- }
-
-+ mei_me_hw_reset_release(dev);
- dev->recvd_hw_ready = false;
- return 0;
- }
-@@ -731,9 +732,7 @@ irqreturn_t mei_me_irq_thread_handler(int irq, void *dev_id)
- /* check if we need to start the dev */
- if (!mei_host_is_ready(dev)) {
- if (mei_hw_is_ready(dev)) {
-- mei_me_hw_reset_release(dev);
- dev_dbg(dev->dev, "we need to start the dev.\n");
--
- dev->recvd_hw_ready = true;
- wake_up(&dev->wait_hw_ready);
- } else {
-diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
-index ca3424e..e187f70 100644
---- a/drivers/mmc/host/sdhci-pxav3.c
-+++ b/drivers/mmc/host/sdhci-pxav3.c
-@@ -118,6 +118,38 @@ static int mv_conf_mbus_windows(struct platform_device *pdev,
- return 0;
- }
-
-+static int armada_38x_quirks(struct platform_device *pdev,
-+ struct sdhci_host *host)
-+{
-+ struct device_node *np = pdev->dev.of_node;
-+
-+ host->quirks |= SDHCI_QUIRK_MISSING_CAPS;
-+ /*
-+ * According to erratum 'FE-2946959' both SDR50 and DDR50
-+ * modes require specific clock adjustments in SDIO3
-+ * Configuration register, if the adjustment is not done,
-+ * remove them from the capabilities.
-+ */
-+ host->caps1 = sdhci_readl(host, SDHCI_CAPABILITIES_1);
-+ host->caps1 &= ~(SDHCI_SUPPORT_SDR50 | SDHCI_SUPPORT_DDR50);
-+
-+ /*
-+ * According to erratum 'ERR-7878951' Armada 38x SDHCI
-+ * controller has different capabilities than the ones shown
-+ * in its registers
-+ */
-+ host->caps = sdhci_readl(host, SDHCI_CAPABILITIES);
-+ if (of_property_read_bool(np, "no-1-8-v")) {
-+ host->caps &= ~SDHCI_CAN_VDD_180;
-+ host->mmc->caps &= ~MMC_CAP_1_8V_DDR;
-+ } else {
-+ host->caps &= ~SDHCI_CAN_VDD_330;
-+ }
-+ host->caps1 &= ~(SDHCI_SUPPORT_SDR104 | SDHCI_USE_SDR50_TUNING);
-+
-+ return 0;
-+}
-+
- static void pxav3_reset(struct sdhci_host *host, u8 mask)
- {
- struct platform_device *pdev = to_platform_device(mmc_dev(host->mmc));
-@@ -268,8 +300,8 @@ static struct sdhci_pxa_platdata *pxav3_get_mmc_pdata(struct device *dev)
- if (!pdata)
- return NULL;
-
-- of_property_read_u32(np, "mrvl,clk-delay-cycles", &clk_delay_cycles);
-- if (clk_delay_cycles > 0)
-+ if (!of_property_read_u32(np, "mrvl,clk-delay-cycles",
-+ &clk_delay_cycles))
- pdata->clk_delay_cycles = clk_delay_cycles;
-
- return pdata;
-@@ -318,15 +350,18 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
- if (!IS_ERR(pxa->clk_core))
- clk_prepare_enable(pxa->clk_core);
-
-+ /* enable 1/8V DDR capable */
-+ host->mmc->caps |= MMC_CAP_1_8V_DDR;
-+
- if (of_device_is_compatible(np, "marvell,armada-380-sdhci")) {
-+ ret = armada_38x_quirks(pdev, host);
-+ if (ret < 0)
-+ goto err_clk_get;
- ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info());
- if (ret < 0)
- goto err_mbus_win;
- }
-
-- /* enable 1/8V DDR capable */
-- host->mmc->caps |= MMC_CAP_1_8V_DDR;
--
- match = of_match_device(of_match_ptr(sdhci_pxav3_of_match), &pdev->dev);
- if (match) {
- ret = mmc_of_parse(host->mmc);
-@@ -365,10 +400,11 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
- }
- }
-
-- pm_runtime_enable(&pdev->dev);
-- pm_runtime_get_sync(&pdev->dev);
-+ pm_runtime_get_noresume(&pdev->dev);
-+ pm_runtime_set_active(&pdev->dev);
- pm_runtime_set_autosuspend_delay(&pdev->dev, PXAV3_RPM_DELAY_MS);
- pm_runtime_use_autosuspend(&pdev->dev);
-+ pm_runtime_enable(&pdev->dev);
- pm_suspend_ignore_children(&pdev->dev, 1);
-
- ret = sdhci_add_host(host);
-@@ -391,8 +427,8 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
- return 0;
-
- err_add_host:
-- pm_runtime_put_sync(&pdev->dev);
- pm_runtime_disable(&pdev->dev);
-+ pm_runtime_put_noidle(&pdev->dev);
- err_of_parse:
- err_cd_req:
- err_mbus_win:
-@@ -457,11 +493,11 @@ static int sdhci_pxav3_runtime_suspend(struct device *dev)
- struct sdhci_host *host = dev_get_drvdata(dev);
- struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
- struct sdhci_pxa *pxa = pltfm_host->priv;
-- unsigned long flags;
-+ int ret;
-
-- spin_lock_irqsave(&host->lock, flags);
-- host->runtime_suspended = true;
-- spin_unlock_irqrestore(&host->lock, flags);
-+ ret = sdhci_runtime_suspend_host(host);
-+ if (ret)
-+ return ret;
-
- clk_disable_unprepare(pxa->clk_io);
- if (!IS_ERR(pxa->clk_core))
-@@ -475,17 +511,12 @@ static int sdhci_pxav3_runtime_resume(struct device *dev)
- struct sdhci_host *host = dev_get_drvdata(dev);
- struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
- struct sdhci_pxa *pxa = pltfm_host->priv;
-- unsigned long flags;
-
- clk_prepare_enable(pxa->clk_io);
- if (!IS_ERR(pxa->clk_core))
- clk_prepare_enable(pxa->clk_core);
-
-- spin_lock_irqsave(&host->lock, flags);
-- host->runtime_suspended = false;
-- spin_unlock_irqrestore(&host->lock, flags);
--
-- return 0;
-+ return sdhci_runtime_resume_host(host);
- }
- #endif
-
-diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-index 2091558..a704be0 100644
---- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
-@@ -707,9 +707,6 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac,
- mvmvif->uploaded = false;
- mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT;
-
-- /* does this make sense at all? */
-- mvmvif->color++;
--
- spin_lock_bh(&mvm->time_event_lock);
- iwl_mvm_te_clear_data(mvm, &mvmvif->time_event_data);
- spin_unlock_bh(&mvm->time_event_lock);
-@@ -1146,7 +1143,7 @@ static int iwl_mvm_mac_add_interface(struct ieee80211_hw *hw,
-
- ret = iwl_mvm_power_update_mac(mvm);
- if (ret)
-- goto out_release;
-+ goto out_remove_mac;
-
- /* beacon filtering */
- ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0);
-diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c
-index c59d075..650a5f0 100644
---- a/drivers/net/wireless/iwlwifi/mvm/tx.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
-@@ -930,6 +930,11 @@ int iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb,
- sta_id = ba_notif->sta_id;
- tid = ba_notif->tid;
-
-+ if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT ||
-+ tid >= IWL_MAX_TID_COUNT,
-+ "sta_id %d tid %d", sta_id, tid))
-+ return 0;
-+
- rcu_read_lock();
-
- sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);
-diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c
-index 8a6c7a0..76709f9 100644
---- a/drivers/net/wireless/iwlwifi/pcie/tx.c
-+++ b/drivers/net/wireless/iwlwifi/pcie/tx.c
-@@ -722,7 +722,12 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans)
- iwl_write_direct32(trans, FH_KW_MEM_ADDR_REG,
- trans_pcie->kw.dma >> 4);
-
-- iwl_pcie_tx_start(trans, trans_pcie->scd_base_addr);
-+ /*
-+ * Send 0 as the scd_base_addr since the device may have be reset
-+ * while we were in WoWLAN in which case SCD_SRAM_BASE_ADDR will
-+ * contain garbage.
-+ */
-+ iwl_pcie_tx_start(trans, 0);
- }
-
- /*
-diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c
-index c70efb9..e25faac 100644
---- a/drivers/net/wireless/rtlwifi/pci.c
-+++ b/drivers/net/wireless/rtlwifi/pci.c
-@@ -816,11 +816,8 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
-
- /* get a new skb - if fail, old one will be reused */
- new_skb = dev_alloc_skb(rtlpci->rxbuffersize);
-- if (unlikely(!new_skb)) {
-- pr_err("Allocation of new skb failed in %s\n",
-- __func__);
-+ if (unlikely(!new_skb))
- goto no_new;
-- }
- if (rtlpriv->use_new_trx_flow) {
- buffer_desc =
- &rtlpci->rx_ring[rxring_idx].buffer_desc
-diff --git a/drivers/net/wireless/rtlwifi/pci.h b/drivers/net/wireless/rtlwifi/pci.h
-index 5e83230..d4567d1 100644
---- a/drivers/net/wireless/rtlwifi/pci.h
-+++ b/drivers/net/wireless/rtlwifi/pci.h
-@@ -325,4 +325,11 @@ static inline void pci_write32_async(struct rtl_priv *rtlpriv,
- writel(val, (u8 __iomem *) rtlpriv->io.pci_mem_start + addr);
- }
-
-+static inline u16 calc_fifo_space(u16 rp, u16 wp)
-+{
-+ if (rp <= wp)
-+ return RTL_PCI_MAX_RX_COUNT - 1 + rp - wp;
-+ return rp - wp - 1;
-+}
-+
- #endif
-diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c
-index 45c128b..c5d4b80 100644
---- a/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c
-@@ -666,7 +666,6 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
- struct sk_buff *skb = NULL;
-
- u32 totalpacketlen;
-- bool rtstatus;
- u8 u1rsvdpageloc[5] = { 0 };
- bool b_dlok = false;
-
-@@ -728,10 +727,7 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
- memcpy((u8 *)skb_put(skb, totalpacketlen),
- &reserved_page_packet, totalpacketlen);
-
-- rtstatus = rtl_cmd_send_packet(hw, skb);
--
-- if (rtstatus)
-- b_dlok = true;
-+ b_dlok = true;
-
- if (b_dlok) {
- RT_TRACE(rtlpriv, COMP_POWER, DBG_LOUD ,
-diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c
-index 1a87edc..b461b31 100644
---- a/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c
-@@ -85,29 +85,6 @@ static void _rtl92ee_enable_bcn_sub_func(struct ieee80211_hw *hw)
- _rtl92ee_set_bcn_ctrl_reg(hw, 0, BIT(1));
- }
-
--static void _rtl92ee_return_beacon_queue_skb(struct ieee80211_hw *hw)
--{
-- struct rtl_priv *rtlpriv = rtl_priv(hw);
-- struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
-- struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[BEACON_QUEUE];
-- unsigned long flags;
--
-- spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags);
-- while (skb_queue_len(&ring->queue)) {
-- struct rtl_tx_buffer_desc *entry =
-- &ring->buffer_desc[ring->idx];
-- struct sk_buff *skb = __skb_dequeue(&ring->queue);
--
-- pci_unmap_single(rtlpci->pdev,
-- rtlpriv->cfg->ops->get_desc(
-- (u8 *)entry, true, HW_DESC_TXBUFF_ADDR),
-- skb->len, PCI_DMA_TODEVICE);
-- kfree_skb(skb);
-- ring->idx = (ring->idx + 1) % ring->entries;
-- }
-- spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock, flags);
--}
--
- static void _rtl92ee_disable_bcn_sub_func(struct ieee80211_hw *hw)
- {
- _rtl92ee_set_bcn_ctrl_reg(hw, BIT(1), 0);
-@@ -403,9 +380,6 @@ static void _rtl92ee_download_rsvd_page(struct ieee80211_hw *hw)
- rtl_write_byte(rtlpriv, REG_DWBCN0_CTRL + 2,
- bcnvalid_reg | BIT(0));
-
-- /* Return Beacon TCB */
-- _rtl92ee_return_beacon_queue_skb(hw);
--
- /* download rsvd page */
- rtl92ee_set_fw_rsvdpagepkt(hw, false);
-
-@@ -1163,6 +1137,139 @@ void rtl92ee_enable_hw_security_config(struct ieee80211_hw *hw)
- rtlpriv->cfg->ops->set_hw_reg(hw, HW_VAR_WPA_CONFIG, &sec_reg_value);
- }
-
-+static bool _rtl8192ee_check_pcie_dma_hang(struct rtl_priv *rtlpriv)
-+{
-+ u8 tmp;
-+
-+ /* write reg 0x350 Bit[26]=1. Enable debug port. */
-+ tmp = rtl_read_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3);
-+ if (!(tmp & BIT(2))) {
-+ rtl_write_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3,
-+ tmp | BIT(2));
-+ mdelay(100); /* Suggested by DD Justin_tsai. */
-+ }
-+
-+ /* read reg 0x350 Bit[25] if 1 : RX hang
-+ * read reg 0x350 Bit[24] if 1 : TX hang
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3);
-+ if ((tmp & BIT(0)) || (tmp & BIT(1))) {
-+ RT_TRACE(rtlpriv, COMP_INIT, DBG_LOUD,
-+ "CheckPcieDMAHang8192EE(): true!!\n");
-+ return true;
-+ }
-+ return false;
-+}
-+
-+static void _rtl8192ee_reset_pcie_interface_dma(struct rtl_priv *rtlpriv,
-+ bool mac_power_on)
-+{
-+ u8 tmp;
-+ bool release_mac_rx_pause;
-+ u8 backup_pcie_dma_pause;
-+
-+ RT_TRACE(rtlpriv, COMP_INIT, DBG_LOUD,
-+ "ResetPcieInterfaceDMA8192EE()\n");
-+
-+ /* Revise Note: Follow the document "PCIe RX DMA Hang Reset Flow_v03"
-+ * released by SD1 Alan.
-+ */
-+
-+ /* 1. disable register write lock
-+ * write 0x1C bit[1:0] = 2'h0
-+ * write 0xCC bit[2] = 1'b1
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_RSV_CTRL);
-+ tmp &= ~(BIT(1) | BIT(0));
-+ rtl_write_byte(rtlpriv, REG_RSV_CTRL, tmp);
-+ tmp = rtl_read_byte(rtlpriv, REG_PMC_DBG_CTRL2);
-+ tmp |= BIT(2);
-+ rtl_write_byte(rtlpriv, REG_PMC_DBG_CTRL2, tmp);
-+
-+ /* 2. Check and pause TRX DMA
-+ * write 0x284 bit[18] = 1'b1
-+ * write 0x301 = 0xFF
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_RXDMA_CONTROL);
-+ if (tmp & BIT(2)) {
-+ /* Already pause before the function for another reason. */
-+ release_mac_rx_pause = false;
-+ } else {
-+ rtl_write_byte(rtlpriv, REG_RXDMA_CONTROL, (tmp | BIT(2)));
-+ release_mac_rx_pause = true;
-+ }
-+
-+ backup_pcie_dma_pause = rtl_read_byte(rtlpriv, REG_PCIE_CTRL_REG + 1);
-+ if (backup_pcie_dma_pause != 0xFF)
-+ rtl_write_byte(rtlpriv, REG_PCIE_CTRL_REG + 1, 0xFF);
-+
-+ if (mac_power_on) {
-+ /* 3. reset TRX function
-+ * write 0x100 = 0x00
-+ */
-+ rtl_write_byte(rtlpriv, REG_CR, 0);
-+ }
-+
-+ /* 4. Reset PCIe DMA
-+ * write 0x003 bit[0] = 0
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_SYS_FUNC_EN + 1);
-+ tmp &= ~(BIT(0));
-+ rtl_write_byte(rtlpriv, REG_SYS_FUNC_EN + 1, tmp);
-+
-+ /* 5. Enable PCIe DMA
-+ * write 0x003 bit[0] = 1
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_SYS_FUNC_EN + 1);
-+ tmp |= BIT(0);
-+ rtl_write_byte(rtlpriv, REG_SYS_FUNC_EN + 1, tmp);
-+
-+ if (mac_power_on) {
-+ /* 6. enable TRX function
-+ * write 0x100 = 0xFF
-+ */
-+ rtl_write_byte(rtlpriv, REG_CR, 0xFF);
-+
-+ /* We should init LLT & RQPN and
-+ * prepare Tx/Rx descrptor address later
-+ * because MAC function is reset.
-+ */
-+ }
-+
-+ /* 7. Restore PCIe autoload down bit
-+ * write 0xF8 bit[17] = 1'b1
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_MAC_PHY_CTRL_NORMAL + 2);
-+ tmp |= BIT(1);
-+ rtl_write_byte(rtlpriv, REG_MAC_PHY_CTRL_NORMAL + 2, tmp);
-+
-+ /* In MAC power on state, BB and RF maybe in ON state,
-+ * if we release TRx DMA here
-+ * it will cause packets to be started to Tx/Rx,
-+ * so we release Tx/Rx DMA later.
-+ */
-+ if (!mac_power_on) {
-+ /* 8. release TRX DMA
-+ * write 0x284 bit[18] = 1'b0
-+ * write 0x301 = 0x00
-+ */
-+ if (release_mac_rx_pause) {
-+ tmp = rtl_read_byte(rtlpriv, REG_RXDMA_CONTROL);
-+ rtl_write_byte(rtlpriv, REG_RXDMA_CONTROL,
-+ (tmp & (~BIT(2))));
-+ }
-+ rtl_write_byte(rtlpriv, REG_PCIE_CTRL_REG + 1,
-+ backup_pcie_dma_pause);
-+ }
-+
-+ /* 9. lock system register
-+ * write 0xCC bit[2] = 1'b0
-+ */
-+ tmp = rtl_read_byte(rtlpriv, REG_PMC_DBG_CTRL2);
-+ tmp &= ~(BIT(2));
-+ rtl_write_byte(rtlpriv, REG_PMC_DBG_CTRL2, tmp);
-+}
-+
- int rtl92ee_hw_init(struct ieee80211_hw *hw)
- {
- struct rtl_priv *rtlpriv = rtl_priv(hw);
-@@ -1188,6 +1295,13 @@ int rtl92ee_hw_init(struct ieee80211_hw *hw)
- rtlhal->fw_ps_state = FW_PS_STATE_ALL_ON_92E;
- }
-
-+ if (_rtl8192ee_check_pcie_dma_hang(rtlpriv)) {
-+ RT_TRACE(rtlpriv, COMP_INIT, DBG_DMESG, "92ee dma hang!\n");
-+ _rtl8192ee_reset_pcie_interface_dma(rtlpriv,
-+ rtlhal->mac_func_enable);
-+ rtlhal->mac_func_enable = false;
-+ }
-+
- rtstatus = _rtl92ee_init_mac(hw);
-
- rtl_write_byte(rtlpriv, 0x577, 0x03);
-diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h b/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h
-index 3f2a959..1eaa1fa 100644
---- a/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h
-+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h
-@@ -77,9 +77,11 @@
- #define REG_HIMRE 0x00B8
- #define REG_HISRE 0x00BC
-
-+#define REG_PMC_DBG_CTRL2 0x00CC
- #define REG_EFUSE_ACCESS 0x00CF
- #define REG_HPON_FSM 0x00EC
- #define REG_SYS_CFG1 0x00F0
-+#define REG_MAC_PHY_CTRL_NORMAL 0x00F8
- #define REG_SYS_CFG2 0x00FC
-
- #define REG_CR 0x0100
-diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
-index 2fcbef1..0069004 100644
---- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
-@@ -512,6 +512,10 @@ bool rtl92ee_rx_query_desc(struct ieee80211_hw *hw,
- struct ieee80211_hdr *hdr;
- u32 phystatus = GET_RX_DESC_PHYST(pdesc);
-
-+ if (GET_RX_STATUS_DESC_RPT_SEL(pdesc) == 0)
-+ status->packet_report_type = NORMAL_RX;
-+ else
-+ status->packet_report_type = C2H_PACKET;
- status->length = (u16)GET_RX_DESC_PKT_LEN(pdesc);
- status->rx_drvinfo_size = (u8)GET_RX_DESC_DRV_INFO_SIZE(pdesc) *
- RX_DRV_INFO_SIZE_UNIT;
-@@ -654,14 +658,7 @@ u16 rtl92ee_rx_desc_buff_remained_cnt(struct ieee80211_hw *hw, u8 queue_index)
- if (!start_rx)
- return 0;
-
-- if ((last_read_point > (RX_DESC_NUM_92E / 2)) &&
-- (read_point <= (RX_DESC_NUM_92E / 2))) {
-- remind_cnt = RX_DESC_NUM_92E - write_point;
-- } else {
-- remind_cnt = (read_point >= write_point) ?
-- (read_point - write_point) :
-- (RX_DESC_NUM_92E - write_point + read_point);
-- }
-+ remind_cnt = calc_fifo_space(read_point, write_point);
-
- if (remind_cnt == 0)
- return 0;
-@@ -1207,8 +1204,7 @@ bool rtl92ee_is_tx_desc_closed(struct ieee80211_hw *hw, u8 hw_queue, u16 index)
- static u8 stop_report_cnt;
- struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue];
-
-- /*checking Read/Write Point each interrupt wastes CPU */
-- if (stop_report_cnt > 15 || !rtlpriv->link_info.busytraffic) {
-+ {
- u16 point_diff = 0;
- u16 cur_tx_rp, cur_tx_wp;
- u32 tmpu32 = 0;
-diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
-index 6f9be1c..8effef9 100644
---- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
-+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
-@@ -542,6 +542,8 @@
- LE_BITS_TO_4BYTE(__pdesc+8, 12, 4)
- #define GET_RX_DESC_RX_IS_QOS(__pdesc) \
- LE_BITS_TO_4BYTE(__pdesc+8, 16, 1)
-+#define GET_RX_STATUS_DESC_RPT_SEL(__pdesc) \
-+ LE_BITS_TO_4BYTE(__pdesc+8, 28, 1)
-
- #define GET_RX_DESC_RXMCS(__pdesc) \
- LE_BITS_TO_4BYTE(__pdesc+12, 0, 7)
-diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
-index 887e6bd..09a66ba 100644
---- a/drivers/pci/pci-driver.c
-+++ b/drivers/pci/pci-driver.c
-@@ -1383,7 +1383,7 @@ static int pci_uevent(struct device *dev, struct kobj_uevent_env *env)
- if (add_uevent_var(env, "PCI_SLOT_NAME=%s", pci_name(pdev)))
- return -ENOMEM;
-
-- if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x",
-+ if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X",
- pdev->vendor, pdev->device,
- pdev->subsystem_vendor, pdev->subsystem_device,
- (u8)(pdev->class >> 16), (u8)(pdev->class >> 8),
-diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
-index f955edb..eb0ad53 100644
---- a/drivers/pci/rom.c
-+++ b/drivers/pci/rom.c
-@@ -71,6 +71,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
- {
- void __iomem *image;
- int last_image;
-+ unsigned length;
-
- image = rom;
- do {
-@@ -93,9 +94,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
- if (readb(pds + 3) != 'R')
- break;
- last_image = readb(pds + 21) & 0x80;
-- /* this length is reliable */
-- image += readw(pds + 16) * 512;
-- } while (!last_image);
-+ length = readw(pds + 16);
-+ image += length * 512;
-+ } while (length && !last_image);
-
- /* never return a size larger than the PCI resource window */
- /* there are known ROMs that get the size wrong */
-diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c
-index ff765d8..ce364a4 100644
---- a/drivers/platform/x86/samsung-laptop.c
-+++ b/drivers/platform/x86/samsung-laptop.c
-@@ -353,6 +353,7 @@ struct samsung_quirks {
- bool broken_acpi_video;
- bool four_kbd_backlight_levels;
- bool enable_kbd_backlight;
-+ bool use_native_backlight;
- };
-
- static struct samsung_quirks samsung_unknown = {};
-@@ -361,6 +362,10 @@ static struct samsung_quirks samsung_broken_acpi_video = {
- .broken_acpi_video = true,
- };
-
-+static struct samsung_quirks samsung_use_native_backlight = {
-+ .use_native_backlight = true,
-+};
-+
- static struct samsung_quirks samsung_np740u3e = {
- .four_kbd_backlight_levels = true,
- .enable_kbd_backlight = true,
-@@ -1507,7 +1512,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = {
- DMI_MATCH(DMI_PRODUCT_NAME, "N150P"),
- DMI_MATCH(DMI_BOARD_NAME, "N150P"),
- },
-- .driver_data = &samsung_broken_acpi_video,
-+ .driver_data = &samsung_use_native_backlight,
- },
- {
- .callback = samsung_dmi_matched,
-@@ -1517,7 +1522,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = {
- DMI_MATCH(DMI_PRODUCT_NAME, "N145P/N250P/N260P"),
- DMI_MATCH(DMI_BOARD_NAME, "N145P/N250P/N260P"),
- },
-- .driver_data = &samsung_broken_acpi_video,
-+ .driver_data = &samsung_use_native_backlight,
- },
- {
- .callback = samsung_dmi_matched,
-@@ -1557,7 +1562,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = {
- DMI_MATCH(DMI_PRODUCT_NAME, "N250P"),
- DMI_MATCH(DMI_BOARD_NAME, "N250P"),
- },
-- .driver_data = &samsung_broken_acpi_video,
-+ .driver_data = &samsung_use_native_backlight,
- },
- {
- .callback = samsung_dmi_matched,
-@@ -1616,6 +1621,15 @@ static int __init samsung_init(void)
- pr_info("Disabling ACPI video driver\n");
- acpi_video_unregister();
- }
-+
-+ if (samsung->quirks->use_native_backlight) {
-+ pr_info("Using native backlight driver\n");
-+ /* Tell acpi-video to not handle the backlight */
-+ acpi_video_dmi_promote_vendor();
-+ acpi_video_unregister();
-+ /* And also do not handle it ourselves */
-+ samsung->handle_backlight = false;
-+ }
- #endif
-
- ret = samsung_platform_init(samsung);
-diff --git a/drivers/power/88pm860x_charger.c b/drivers/power/88pm860x_charger.c
-index 650930e..734ec4a 100644
---- a/drivers/power/88pm860x_charger.c
-+++ b/drivers/power/88pm860x_charger.c
-@@ -711,6 +711,7 @@ static int pm860x_charger_probe(struct platform_device *pdev)
- return 0;
-
- out_irq:
-+ power_supply_unregister(&info->usb);
- while (--i >= 0)
- free_irq(info->irq[i], info);
- out:
-diff --git a/drivers/power/bq24190_charger.c b/drivers/power/bq24190_charger.c
-index ad3ff8f..e4c95e1 100644
---- a/drivers/power/bq24190_charger.c
-+++ b/drivers/power/bq24190_charger.c
-@@ -929,7 +929,7 @@ static void bq24190_charger_init(struct power_supply *charger)
- charger->properties = bq24190_charger_properties;
- charger->num_properties = ARRAY_SIZE(bq24190_charger_properties);
- charger->supplied_to = bq24190_charger_supplied_to;
-- charger->num_supplies = ARRAY_SIZE(bq24190_charger_supplied_to);
-+ charger->num_supplicants = ARRAY_SIZE(bq24190_charger_supplied_to);
- charger->get_property = bq24190_charger_get_property;
- charger->set_property = bq24190_charger_set_property;
- charger->property_is_writeable = bq24190_charger_property_is_writeable;
-diff --git a/drivers/power/gpio-charger.c b/drivers/power/gpio-charger.c
-index aef74bd..b7424c8 100644
---- a/drivers/power/gpio-charger.c
-+++ b/drivers/power/gpio-charger.c
-@@ -229,7 +229,7 @@ static int gpio_charger_suspend(struct device *dev)
-
- if (device_may_wakeup(dev))
- gpio_charger->wakeup_enabled =
-- enable_irq_wake(gpio_charger->irq);
-+ !enable_irq_wake(gpio_charger->irq);
-
- return 0;
- }
-@@ -239,7 +239,7 @@ static int gpio_charger_resume(struct device *dev)
- struct platform_device *pdev = to_platform_device(dev);
- struct gpio_charger *gpio_charger = platform_get_drvdata(pdev);
-
-- if (gpio_charger->wakeup_enabled)
-+ if (device_may_wakeup(dev) && gpio_charger->wakeup_enabled)
- disable_irq_wake(gpio_charger->irq);
- power_supply_changed(&gpio_charger->charger);
-
-diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
-index ff283d2..d63f041 100644
---- a/drivers/scsi/megaraid/megaraid_sas_base.c
-+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
-@@ -1689,22 +1689,66 @@ static int megasas_slave_alloc(struct scsi_device *sdev)
- return 0;
- }
-
-+/*
-+* megasas_complete_outstanding_ioctls - Complete outstanding ioctls after a
-+* kill adapter
-+* @instance: Adapter soft state
-+*
-+*/
-+void megasas_complete_outstanding_ioctls(struct megasas_instance *instance)
-+{
-+ int i;
-+ struct megasas_cmd *cmd_mfi;
-+ struct megasas_cmd_fusion *cmd_fusion;
-+ struct fusion_context *fusion = instance->ctrl_context;
-+
-+ /* Find all outstanding ioctls */
-+ if (fusion) {
-+ for (i = 0; i < instance->max_fw_cmds; i++) {
-+ cmd_fusion = fusion->cmd_list[i];
-+ if (cmd_fusion->sync_cmd_idx != (u32)ULONG_MAX) {
-+ cmd_mfi = instance->cmd_list[cmd_fusion->sync_cmd_idx];
-+ if (cmd_mfi->sync_cmd &&
-+ cmd_mfi->frame->hdr.cmd != MFI_CMD_ABORT)
-+ megasas_complete_cmd(instance,
-+ cmd_mfi, DID_OK);
-+ }
-+ }
-+ } else {
-+ for (i = 0; i < instance->max_fw_cmds; i++) {
-+ cmd_mfi = instance->cmd_list[i];
-+ if (cmd_mfi->sync_cmd && cmd_mfi->frame->hdr.cmd !=
-+ MFI_CMD_ABORT)
-+ megasas_complete_cmd(instance, cmd_mfi, DID_OK);
-+ }
-+ }
-+}
-+
-+
- void megaraid_sas_kill_hba(struct megasas_instance *instance)
- {
-+ /* Set critical error to block I/O & ioctls in case caller didn't */
-+ instance->adprecovery = MEGASAS_HW_CRITICAL_ERROR;
-+ /* Wait 1 second to ensure IO or ioctls in build have posted */
-+ msleep(1000);
- if ((instance->pdev->device == PCI_DEVICE_ID_LSI_SAS0073SKINNY) ||
-- (instance->pdev->device == PCI_DEVICE_ID_LSI_SAS0071SKINNY) ||
-- (instance->pdev->device == PCI_DEVICE_ID_LSI_FUSION) ||
-- (instance->pdev->device == PCI_DEVICE_ID_LSI_PLASMA) ||
-- (instance->pdev->device == PCI_DEVICE_ID_LSI_INVADER) ||
-- (instance->pdev->device == PCI_DEVICE_ID_LSI_FURY)) {
-- writel(MFI_STOP_ADP, &instance->reg_set->doorbell);
-+ (instance->pdev->device == PCI_DEVICE_ID_LSI_SAS0071SKINNY) ||
-+ (instance->pdev->device == PCI_DEVICE_ID_LSI_FUSION) ||
-+ (instance->pdev->device == PCI_DEVICE_ID_LSI_PLASMA) ||
-+ (instance->pdev->device == PCI_DEVICE_ID_LSI_INVADER) ||
-+ (instance->pdev->device == PCI_DEVICE_ID_LSI_FURY)) {
-+ writel(MFI_STOP_ADP,
-+ &instance->reg_set->doorbell);
- /* Flush */
- readl(&instance->reg_set->doorbell);
- if (instance->mpio && instance->requestorId)
- memset(instance->ld_ids, 0xff, MEGASAS_MAX_LD_IDS);
- } else {
-- writel(MFI_STOP_ADP, &instance->reg_set->inbound_doorbell);
-+ writel(MFI_STOP_ADP,
-+ &instance->reg_set->inbound_doorbell);
- }
-+ /* Complete outstanding ioctls when adapter is killed */
-+ megasas_complete_outstanding_ioctls(instance);
- }
-
- /**
-@@ -3028,10 +3072,9 @@ megasas_issue_pending_cmds_again(struct megasas_instance *instance)
- "was tried multiple times during reset."
- "Shutting down the HBA\n",
- cmd, cmd->scmd, cmd->sync_cmd);
-+ instance->instancet->disable_intr(instance);
-+ atomic_set(&instance->fw_reset_no_pci_access, 1);
- megaraid_sas_kill_hba(instance);
--
-- instance->adprecovery =
-- MEGASAS_HW_CRITICAL_ERROR;
- return;
- }
- }
-@@ -3165,8 +3208,8 @@ process_fw_state_change_wq(struct work_struct *work)
- if (megasas_transition_to_ready(instance, 1)) {
- printk(KERN_NOTICE "megaraid_sas:adapter not ready\n");
-
-+ atomic_set(&instance->fw_reset_no_pci_access, 1);
- megaraid_sas_kill_hba(instance);
-- instance->adprecovery = MEGASAS_HW_CRITICAL_ERROR;
- return ;
- }
-
-@@ -3547,7 +3590,6 @@ static int megasas_create_frame_pool(struct megasas_instance *instance)
- int i;
- u32 max_cmd;
- u32 sge_sz;
-- u32 sgl_sz;
- u32 total_sz;
- u32 frame_count;
- struct megasas_cmd *cmd;
-@@ -3566,24 +3608,23 @@ static int megasas_create_frame_pool(struct megasas_instance *instance)
- }
-
- /*
-- * Calculated the number of 64byte frames required for SGL
-- */
-- sgl_sz = sge_sz * instance->max_num_sge;
-- frame_count = (sgl_sz + MEGAMFI_FRAME_SIZE - 1) / MEGAMFI_FRAME_SIZE;
-- frame_count = 15;
--
-- /*
-- * We need one extra frame for the MFI command
-+ * For MFI controllers.
-+ * max_num_sge = 60
-+ * max_sge_sz = 16 byte (sizeof megasas_sge_skinny)
-+ * Total 960 byte (15 MFI frame of 64 byte)
-+ *
-+ * Fusion adapter require only 3 extra frame.
-+ * max_num_sge = 16 (defined as MAX_IOCTL_SGE)
-+ * max_sge_sz = 12 byte (sizeof megasas_sge64)
-+ * Total 192 byte (3 MFI frame of 64 byte)
- */
-- frame_count++;
--
-+ frame_count = instance->ctrl_context ? (3 + 1) : (15 + 1);
- total_sz = MEGAMFI_FRAME_SIZE * frame_count;
- /*
- * Use DMA pool facility provided by PCI layer
- */
- instance->frame_dma_pool = pci_pool_create("megasas frame pool",
-- instance->pdev, total_sz, 64,
-- 0);
-+ instance->pdev, total_sz, 256, 0);
-
- if (!instance->frame_dma_pool) {
- printk(KERN_DEBUG "megasas: failed to setup frame pool\n");
-diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
-index 460c6a3..4f72287 100644
---- a/drivers/scsi/megaraid/megaraid_sas_fp.c
-+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
-@@ -172,6 +172,7 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance)
- struct MR_FW_RAID_MAP_ALL *fw_map_old = NULL;
- struct MR_FW_RAID_MAP *pFwRaidMap = NULL;
- int i;
-+ u16 ld_count;
-
-
- struct MR_DRV_RAID_MAP_ALL *drv_map =
-@@ -191,9 +192,10 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance)
- fw_map_old = (struct MR_FW_RAID_MAP_ALL *)
- fusion->ld_map[(instance->map_id & 1)];
- pFwRaidMap = &fw_map_old->raidMap;
-+ ld_count = (u16)le32_to_cpu(pFwRaidMap->ldCount);
-
- #if VD_EXT_DEBUG
-- for (i = 0; i < le16_to_cpu(pFwRaidMap->ldCount); i++) {
-+ for (i = 0; i < ld_count; i++) {
- dev_dbg(&instance->pdev->dev, "(%d) :Index 0x%x "
- "Target Id 0x%x Seq Num 0x%x Size 0/%llx\n",
- instance->unique_id, i,
-@@ -205,12 +207,15 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance)
-
- memset(drv_map, 0, fusion->drv_map_sz);
- pDrvRaidMap->totalSize = pFwRaidMap->totalSize;
-- pDrvRaidMap->ldCount = (__le16)pFwRaidMap->ldCount;
-+ pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count);
- pDrvRaidMap->fpPdIoTimeoutSec = pFwRaidMap->fpPdIoTimeoutSec;
- for (i = 0; i < MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS; i++)
- pDrvRaidMap->ldTgtIdToLd[i] =
- (u8)pFwRaidMap->ldTgtIdToLd[i];
-- for (i = 0; i < le16_to_cpu(pDrvRaidMap->ldCount); i++) {
-+ for (i = (MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS);
-+ i < MAX_LOGICAL_DRIVES_EXT; i++)
-+ pDrvRaidMap->ldTgtIdToLd[i] = 0xff;
-+ for (i = 0; i < ld_count; i++) {
- pDrvRaidMap->ldSpanMap[i] = pFwRaidMap->ldSpanMap[i];
- #if VD_EXT_DEBUG
- dev_dbg(&instance->pdev->dev,
-@@ -252,7 +257,7 @@ u8 MR_ValidateMapInfo(struct megasas_instance *instance)
- struct LD_LOAD_BALANCE_INFO *lbInfo;
- PLD_SPAN_INFO ldSpanInfo;
- struct MR_LD_RAID *raid;
-- int ldCount, num_lds;
-+ u16 ldCount, num_lds;
- u16 ld;
- u32 expected_size;
-
-@@ -356,7 +361,7 @@ static int getSpanInfo(struct MR_DRV_RAID_MAP_ALL *map,
-
- for (ldCount = 0; ldCount < MAX_LOGICAL_DRIVES_EXT; ldCount++) {
- ld = MR_TargetIdToLdGet(ldCount, map);
-- if (ld >= MAX_LOGICAL_DRIVES_EXT)
-+ if (ld >= (MAX_LOGICAL_DRIVES_EXT - 1))
- continue;
- raid = MR_LdRaidGet(ld, map);
- dev_dbg(&instance->pdev->dev, "LD %x: span_depth=%x\n",
-@@ -1157,7 +1162,7 @@ void mr_update_span_set(struct MR_DRV_RAID_MAP_ALL *map,
-
- for (ldCount = 0; ldCount < MAX_LOGICAL_DRIVES_EXT; ldCount++) {
- ld = MR_TargetIdToLdGet(ldCount, map);
-- if (ld >= MAX_LOGICAL_DRIVES_EXT)
-+ if (ld >= (MAX_LOGICAL_DRIVES_EXT - 1))
- continue;
- raid = MR_LdRaidGet(ld, map);
- for (element = 0; element < MAX_QUAD_DEPTH; element++) {
-diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
-index 71557f6..0764d20 100644
---- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
-+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
-@@ -103,6 +103,8 @@ megasas_enable_intr_fusion(struct megasas_instance *instance)
- {
- struct megasas_register_set __iomem *regs;
- regs = instance->reg_set;
-+
-+ instance->mask_interrupts = 0;
- /* For Thunderbolt/Invader also clear intr on enable */
- writel(~0, &regs->outbound_intr_status);
- readl(&regs->outbound_intr_status);
-@@ -111,7 +113,6 @@ megasas_enable_intr_fusion(struct megasas_instance *instance)
-
- /* Dummy readl to force pci flush */
- readl(&regs->outbound_intr_mask);
-- instance->mask_interrupts = 0;
- }
-
- /**
-@@ -698,12 +699,11 @@ megasas_ioc_init_fusion(struct megasas_instance *instance)
- cpu_to_le32(lower_32_bits(ioc_init_handle));
- init_frame->data_xfer_len = cpu_to_le32(sizeof(struct MPI2_IOC_INIT_REQUEST));
-
-- req_desc.Words = 0;
-+ req_desc.u.low = cpu_to_le32(lower_32_bits(cmd->frame_phys_addr));
-+ req_desc.u.high = cpu_to_le32(upper_32_bits(cmd->frame_phys_addr));
- req_desc.MFAIo.RequestFlags =
- (MEGASAS_REQ_DESCRIPT_FLAGS_MFA <<
-- MEGASAS_REQ_DESCRIPT_FLAGS_TYPE_SHIFT);
-- cpu_to_le32s((u32 *)&req_desc.MFAIo);
-- req_desc.Words |= cpu_to_le64(cmd->frame_phys_addr);
-+ MEGASAS_REQ_DESCRIPT_FLAGS_TYPE_SHIFT);
-
- /*
- * disable the intr before firing the init frame
-@@ -1717,9 +1717,19 @@ megasas_build_dcdb_fusion(struct megasas_instance *instance,
- if (scmd->device->channel < MEGASAS_MAX_PD_CHANNELS)
- goto NonFastPath;
-
-+ /*
-+ * For older firmware, Driver should not access ldTgtIdToLd
-+ * beyond index 127 and for Extended VD firmware, ldTgtIdToLd
-+ * should not go beyond 255.
-+ */
-+
-+ if ((!fusion->fast_path_io) ||
-+ (device_id >= instance->fw_supported_vd_count))
-+ goto NonFastPath;
-+
- ld = MR_TargetIdToLdGet(device_id, local_map_ptr);
-- if ((ld >= instance->fw_supported_vd_count) ||
-- (!fusion->fast_path_io))
-+
-+ if (ld >= instance->fw_supported_vd_count)
- goto NonFastPath;
-
- raid = MR_LdRaidGet(ld, local_map_ptr);
-@@ -2612,7 +2622,6 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int iotimeout)
- instance->host->host_no);
- megaraid_sas_kill_hba(instance);
- instance->skip_heartbeat_timer_del = 1;
-- instance->adprecovery = MEGASAS_HW_CRITICAL_ERROR;
- retval = FAILED;
- goto out;
- }
-@@ -2808,8 +2817,6 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int iotimeout)
- dev_info(&instance->pdev->dev,
- "Failed from %s %d\n",
- __func__, __LINE__);
-- instance->adprecovery =
-- MEGASAS_HW_CRITICAL_ERROR;
- megaraid_sas_kill_hba(instance);
- retval = FAILED;
- }
-@@ -2858,7 +2865,6 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int iotimeout)
- "adapter scsi%d.\n", instance->host->host_no);
- megaraid_sas_kill_hba(instance);
- instance->skip_heartbeat_timer_del = 1;
-- instance->adprecovery = MEGASAS_HW_CRITICAL_ERROR;
- retval = FAILED;
- } else {
- /* For VF: Restart HB timer if we didn't OCR */
-diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
-index 5ab7dae..56e6db2 100644
---- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
-+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
-@@ -306,14 +306,9 @@ struct MPI2_RAID_SCSI_IO_REQUEST {
- * MPT RAID MFA IO Descriptor.
- */
- struct MEGASAS_RAID_MFA_IO_REQUEST_DESCRIPTOR {
--#if defined(__BIG_ENDIAN_BITFIELD)
-- u32 MessageAddress1:24; /* bits 31:8*/
-- u32 RequestFlags:8;
--#else
- u32 RequestFlags:8;
-- u32 MessageAddress1:24; /* bits 31:8*/
--#endif
-- u32 MessageAddress2; /* bits 61:32 */
-+ u32 MessageAddress1:24;
-+ u32 MessageAddress2;
- };
-
- /* Default Request Descriptor */
-diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index b14f64c..763bffe 100644
---- a/drivers/scsi/sg.c
-+++ b/drivers/scsi/sg.c
-@@ -1350,6 +1350,17 @@ sg_rq_end_io(struct request *rq, int uptodate)
- }
- /* Rely on write phase to clean out srp status values, so no "else" */
-
-+ /*
-+ * Free the request as soon as it is complete so that its resources
-+ * can be reused without waiting for userspace to read() the
-+ * result. But keep the associated bio (if any) around until
-+ * blk_rq_unmap_user() can be called from user context.
-+ */
-+ srp->rq = NULL;
-+ if (rq->cmd != rq->__cmd)
-+ kfree(rq->cmd);
-+ __blk_put_request(rq->q, rq);
-+
- write_lock_irqsave(&sfp->rq_list_lock, iflags);
- if (unlikely(srp->orphan)) {
- if (sfp->keep_orphan)
-@@ -1684,7 +1695,22 @@ sg_start_req(Sg_request *srp, unsigned char *cmd)
- return -ENOMEM;
- }
-
-- rq = blk_get_request(q, rw, GFP_ATOMIC);
-+ /*
-+ * NOTE
-+ *
-+ * With scsi-mq enabled, there are a fixed number of preallocated
-+ * requests equal in number to shost->can_queue. If all of the
-+ * preallocated requests are already in use, then using GFP_ATOMIC with
-+ * blk_get_request() will return -EWOULDBLOCK, whereas using GFP_KERNEL
-+ * will cause blk_get_request() to sleep until an active command
-+ * completes, freeing up a request. Neither option is ideal, but
-+ * GFP_KERNEL is the better choice to prevent userspace from getting an
-+ * unexpected EWOULDBLOCK.
-+ *
-+ * With scsi-mq disabled, blk_get_request() with GFP_KERNEL usually
-+ * does not sleep except under memory pressure.
-+ */
-+ rq = blk_get_request(q, rw, GFP_KERNEL);
- if (IS_ERR(rq)) {
- kfree(long_cmdp);
- return PTR_ERR(rq);
-@@ -1777,10 +1803,10 @@ sg_finish_rem_req(Sg_request *srp)
- SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
- "sg_finish_rem_req: res_used=%d\n",
- (int) srp->res_used));
-- if (srp->rq) {
-- if (srp->bio)
-- ret = blk_rq_unmap_user(srp->bio);
-+ if (srp->bio)
-+ ret = blk_rq_unmap_user(srp->bio);
-
-+ if (srp->rq) {
- if (srp->rq->cmd != srp->rq->__cmd)
- kfree(srp->rq->cmd);
- blk_put_request(srp->rq);
-diff --git a/drivers/target/iscsi/iscsi_target_tq.c b/drivers/target/iscsi/iscsi_target_tq.c
-index 601e9cc..bb2890e 100644
---- a/drivers/target/iscsi/iscsi_target_tq.c
-+++ b/drivers/target/iscsi/iscsi_target_tq.c
-@@ -24,36 +24,22 @@
- #include "iscsi_target_tq.h"
- #include "iscsi_target.h"
-
--static LIST_HEAD(active_ts_list);
- static LIST_HEAD(inactive_ts_list);
--static DEFINE_SPINLOCK(active_ts_lock);
- static DEFINE_SPINLOCK(inactive_ts_lock);
- static DEFINE_SPINLOCK(ts_bitmap_lock);
-
--static void iscsi_add_ts_to_active_list(struct iscsi_thread_set *ts)
--{
-- spin_lock(&active_ts_lock);
-- list_add_tail(&ts->ts_list, &active_ts_list);
-- iscsit_global->active_ts++;
-- spin_unlock(&active_ts_lock);
--}
--
- static void iscsi_add_ts_to_inactive_list(struct iscsi_thread_set *ts)
- {
-+ if (!list_empty(&ts->ts_list)) {
-+ WARN_ON(1);
-+ return;
-+ }
- spin_lock(&inactive_ts_lock);
- list_add_tail(&ts->ts_list, &inactive_ts_list);
- iscsit_global->inactive_ts++;
- spin_unlock(&inactive_ts_lock);
- }
-
--static void iscsi_del_ts_from_active_list(struct iscsi_thread_set *ts)
--{
-- spin_lock(&active_ts_lock);
-- list_del(&ts->ts_list);
-- iscsit_global->active_ts--;
-- spin_unlock(&active_ts_lock);
--}
--
- static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void)
- {
- struct iscsi_thread_set *ts;
-@@ -66,7 +52,7 @@ static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void)
-
- ts = list_first_entry(&inactive_ts_list, struct iscsi_thread_set, ts_list);
-
-- list_del(&ts->ts_list);
-+ list_del_init(&ts->ts_list);
- iscsit_global->inactive_ts--;
- spin_unlock(&inactive_ts_lock);
-
-@@ -204,8 +190,6 @@ static void iscsi_deallocate_extra_thread_sets(void)
-
- void iscsi_activate_thread_set(struct iscsi_conn *conn, struct iscsi_thread_set *ts)
- {
-- iscsi_add_ts_to_active_list(ts);
--
- spin_lock_bh(&ts->ts_state_lock);
- conn->thread_set = ts;
- ts->conn = conn;
-@@ -397,7 +381,6 @@ struct iscsi_conn *iscsi_rx_thread_pre_handler(struct iscsi_thread_set *ts)
-
- if (ts->delay_inactive && (--ts->thread_count == 0)) {
- spin_unlock_bh(&ts->ts_state_lock);
-- iscsi_del_ts_from_active_list(ts);
-
- if (!iscsit_global->in_shutdown)
- iscsi_deallocate_extra_thread_sets();
-@@ -452,7 +435,6 @@ struct iscsi_conn *iscsi_tx_thread_pre_handler(struct iscsi_thread_set *ts)
-
- if (ts->delay_inactive && (--ts->thread_count == 0)) {
- spin_unlock_bh(&ts->ts_state_lock);
-- iscsi_del_ts_from_active_list(ts);
-
- if (!iscsit_global->in_shutdown)
- iscsi_deallocate_extra_thread_sets();
-diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index a9d256d..6e1f150 100644
---- a/drivers/tty/pty.c
-+++ b/drivers/tty/pty.c
-@@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
- {
- struct pid *pgrp;
-
-+ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
-+ return -EINVAL;
-+
- if (tty->link) {
- pgrp = tty_get_pgrp(tty->link);
- if (pgrp)
-diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
-index 4d848a2..92a8b26 100644
---- a/drivers/tty/serial/atmel_serial.c
-+++ b/drivers/tty/serial/atmel_serial.c
-@@ -794,7 +794,7 @@ static void atmel_tx_dma(struct uart_port *port)
- return;
- }
-
-- dma_sync_sg_for_device(port->dev, sg, 1, DMA_MEM_TO_DEV);
-+ dma_sync_sg_for_device(port->dev, sg, 1, DMA_TO_DEVICE);
-
- atmel_port->desc_tx = desc;
- desc->callback = atmel_complete_tx_dma;
-@@ -927,7 +927,7 @@ static void atmel_rx_from_dma(struct uart_port *port)
- dma_sync_sg_for_cpu(port->dev,
- &atmel_port->sg_rx,
- 1,
-- DMA_DEV_TO_MEM);
-+ DMA_FROM_DEVICE);
-
- /*
- * ring->head points to the end of data already written by the DMA.
-@@ -974,7 +974,7 @@ static void atmel_rx_from_dma(struct uart_port *port)
- dma_sync_sg_for_device(port->dev,
- &atmel_port->sg_rx,
- 1,
-- DMA_DEV_TO_MEM);
-+ DMA_FROM_DEVICE);
-
- /*
- * Drop the lock here since it might end up calling
-@@ -2565,7 +2565,7 @@ static int atmel_serial_probe(struct platform_device *pdev)
-
- ret = atmel_init_port(port, pdev);
- if (ret)
-- goto err;
-+ goto err_clear_bit;
-
- if (!atmel_use_pdc_rx(&port->uart)) {
- ret = -ENOMEM;
-@@ -2596,6 +2596,12 @@ static int atmel_serial_probe(struct platform_device *pdev)
- device_init_wakeup(&pdev->dev, 1);
- platform_set_drvdata(pdev, port);
-
-+ /*
-+ * The peripheral clock has been disabled by atmel_init_port():
-+ * enable it before accessing I/O registers
-+ */
-+ clk_prepare_enable(port->clk);
-+
- if (rs485_enabled) {
- UART_PUT_MR(&port->uart, ATMEL_US_USMODE_NORMAL);
- UART_PUT_CR(&port->uart, ATMEL_US_RTSEN);
-@@ -2606,6 +2612,12 @@ static int atmel_serial_probe(struct platform_device *pdev)
- */
- atmel_get_ip_name(&port->uart);
-
-+ /*
-+ * The peripheral clock can now safely be disabled till the port
-+ * is used
-+ */
-+ clk_disable_unprepare(port->clk);
-+
- return 0;
-
- err_add_port:
-@@ -2616,6 +2628,8 @@ err_alloc_ring:
- clk_put(port->clk);
- port->clk = NULL;
- }
-+err_clear_bit:
-+ clear_bit(port->uart.line, atmel_ports_in_use);
- err:
- return ret;
- }
-diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
-index e7cde3a..e95c497 100644
---- a/drivers/tty/serial/fsl_lpuart.c
-+++ b/drivers/tty/serial/fsl_lpuart.c
-@@ -506,9 +506,6 @@ static inline void lpuart_prepare_rx(struct lpuart_port *sport)
-
- spin_lock_irqsave(&sport->port.lock, flags);
-
-- init_timer(&sport->lpuart_timer);
-- sport->lpuart_timer.function = lpuart_timer_func;
-- sport->lpuart_timer.data = (unsigned long)sport;
- sport->lpuart_timer.expires = jiffies + sport->dma_rx_timeout;
- add_timer(&sport->lpuart_timer);
-
-@@ -758,18 +755,18 @@ out:
- static irqreturn_t lpuart_int(int irq, void *dev_id)
- {
- struct lpuart_port *sport = dev_id;
-- unsigned char sts;
-+ unsigned char sts, crdma;
-
- sts = readb(sport->port.membase + UARTSR1);
-+ crdma = readb(sport->port.membase + UARTCR5);
-
-- if (sts & UARTSR1_RDRF) {
-+ if (sts & UARTSR1_RDRF && !(crdma & UARTCR5_RDMAS)) {
- if (sport->lpuart_dma_use)
- lpuart_prepare_rx(sport);
- else
- lpuart_rxint(irq, dev_id);
- }
-- if (sts & UARTSR1_TDRE &&
-- !(readb(sport->port.membase + UARTCR5) & UARTCR5_TDMAS)) {
-+ if (sts & UARTSR1_TDRE && !(crdma & UARTCR5_TDMAS)) {
- if (sport->lpuart_dma_use)
- lpuart_pio_tx(sport);
- else
-@@ -1106,7 +1103,10 @@ static int lpuart_startup(struct uart_port *port)
- sport->lpuart_dma_use = false;
- } else {
- sport->lpuart_dma_use = true;
-+ setup_timer(&sport->lpuart_timer, lpuart_timer_func,
-+ (unsigned long)sport);
- temp = readb(port->membase + UARTCR5);
-+ temp &= ~UARTCR5_RDMAS;
- writeb(temp | UARTCR5_TDMAS, port->membase + UARTCR5);
- }
-
-@@ -1180,6 +1180,8 @@ static void lpuart_shutdown(struct uart_port *port)
- devm_free_irq(port->dev, port->irq, sport);
-
- if (sport->lpuart_dma_use) {
-+ del_timer_sync(&sport->lpuart_timer);
-+
- lpuart_dma_tx_free(port);
- lpuart_dma_rx_free(port);
- }
-diff --git a/drivers/tty/tty_mutex.c b/drivers/tty/tty_mutex.c
-index 4486741..a872389 100644
---- a/drivers/tty/tty_mutex.c
-+++ b/drivers/tty/tty_mutex.c
-@@ -46,12 +46,8 @@ EXPORT_SYMBOL(tty_unlock);
-
- void __lockfunc tty_lock_slave(struct tty_struct *tty)
- {
-- if (tty && tty != tty->link) {
-- WARN_ON(!mutex_is_locked(&tty->link->legacy_mutex) ||
-- !tty->driver->type == TTY_DRIVER_TYPE_PTY ||
-- !tty->driver->type == PTY_TYPE_SLAVE);
-+ if (tty && tty != tty->link)
- tty_lock(tty);
-- }
- }
-
- void __lockfunc tty_unlock_slave(struct tty_struct *tty)
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index f3fbbbc..42d8f17 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -500,6 +500,7 @@ void invert_screen(struct vc_data *vc, int offset, int count, int viewed)
- #endif
- if (DO_UPDATE(vc))
- do_update_region(vc, (unsigned long) p, count);
-+ notify_update(vc);
- }
-
- /* used by selection: complement pointer position */
-@@ -516,6 +517,7 @@ void complement_pos(struct vc_data *vc, int offset)
- scr_writew(old, screenpos(vc, old_offset, 1));
- if (DO_UPDATE(vc))
- vc->vc_sw->con_putc(vc, old, oldy, oldx);
-+ notify_update(vc);
- }
-
- old_offset = offset;
-@@ -533,8 +535,8 @@ void complement_pos(struct vc_data *vc, int offset)
- oldy = (offset >> 1) / vc->vc_cols;
- vc->vc_sw->con_putc(vc, new, oldy, oldx);
- }
-+ notify_update(vc);
- }
--
- }
-
- static void insert_char(struct vc_data *vc, unsigned int nr)
-diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
-index 546a17e8..a417b73 100644
---- a/drivers/usb/class/cdc-acm.c
-+++ b/drivers/usb/class/cdc-acm.c
-@@ -1091,6 +1091,7 @@ static int acm_probe(struct usb_interface *intf,
- unsigned long quirks;
- int num_rx_buf;
- int i;
-+ unsigned int elength = 0;
- int combined_interfaces = 0;
- struct device *tty_dev;
- int rv = -ENOMEM;
-@@ -1136,9 +1137,12 @@ static int acm_probe(struct usb_interface *intf,
- dev_err(&intf->dev, "skipping garbage\n");
- goto next_desc;
- }
-+ elength = buffer[0];
-
- switch (buffer[2]) {
- case USB_CDC_UNION_TYPE: /* we've found it */
-+ if (elength < sizeof(struct usb_cdc_union_desc))
-+ goto next_desc;
- if (union_header) {
- dev_err(&intf->dev, "More than one "
- "union descriptor, skipping ...\n");
-@@ -1147,29 +1151,36 @@ static int acm_probe(struct usb_interface *intf,
- union_header = (struct usb_cdc_union_desc *)buffer;
- break;
- case USB_CDC_COUNTRY_TYPE: /* export through sysfs*/
-+ if (elength < sizeof(struct usb_cdc_country_functional_desc))
-+ goto next_desc;
- cfd = (struct usb_cdc_country_functional_desc *)buffer;
- break;
- case USB_CDC_HEADER_TYPE: /* maybe check version */
- break; /* for now we ignore it */
- case USB_CDC_ACM_TYPE:
-+ if (elength < 4)
-+ goto next_desc;
- ac_management_function = buffer[3];
- break;
- case USB_CDC_CALL_MANAGEMENT_TYPE:
-+ if (elength < 5)
-+ goto next_desc;
- call_management_function = buffer[3];
- call_interface_num = buffer[4];
- break;
- default:
-- /* there are LOTS more CDC descriptors that
-+ /*
-+ * there are LOTS more CDC descriptors that
- * could legitimately be found here.
- */
- dev_dbg(&intf->dev, "Ignoring descriptor: "
-- "type %02x, length %d\n",
-- buffer[2], buffer[0]);
-+ "type %02x, length %ud\n",
-+ buffer[2], elength);
- break;
- }
- next_desc:
-- buflen -= buffer[0];
-- buffer += buffer[0];
-+ buflen -= elength;
-+ buffer += elength;
- }
-
- if (!union_header) {
-diff --git a/drivers/usb/core/buffer.c b/drivers/usb/core/buffer.c
-index 684ef70..506b969 100644
---- a/drivers/usb/core/buffer.c
-+++ b/drivers/usb/core/buffer.c
-@@ -22,17 +22,25 @@
- */
-
- /* FIXME tune these based on pool statistics ... */
--static const size_t pool_max[HCD_BUFFER_POOLS] = {
-- /* platforms without dma-friendly caches might need to
-- * prevent cacheline sharing...
-- */
-- 32,
-- 128,
-- 512,
-- PAGE_SIZE / 2
-- /* bigger --> allocate pages */
-+static size_t pool_max[HCD_BUFFER_POOLS] = {
-+ 32, 128, 512, 2048,
- };
-
-+void __init usb_init_pool_max(void)
-+{
-+ /*
-+ * The pool_max values must never be smaller than
-+ * ARCH_KMALLOC_MINALIGN.
-+ */
-+ if (ARCH_KMALLOC_MINALIGN <= 32)
-+ ; /* Original value is okay */
-+ else if (ARCH_KMALLOC_MINALIGN <= 64)
-+ pool_max[0] = 64;
-+ else if (ARCH_KMALLOC_MINALIGN <= 128)
-+ pool_max[0] = 0; /* Don't use this pool */
-+ else
-+ BUILD_BUG(); /* We don't allow this */
-+}
-
- /* SETUP primitives */
-
-diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
-index 874dec3..818369a 100644
---- a/drivers/usb/core/driver.c
-+++ b/drivers/usb/core/driver.c
-@@ -275,21 +275,6 @@ static int usb_unbind_device(struct device *dev)
- return 0;
- }
-
--/*
-- * Cancel any pending scheduled resets
-- *
-- * [see usb_queue_reset_device()]
-- *
-- * Called after unconfiguring / when releasing interfaces. See
-- * comments in __usb_queue_reset_device() regarding
-- * udev->reset_running.
-- */
--static void usb_cancel_queued_reset(struct usb_interface *iface)
--{
-- if (iface->reset_running == 0)
-- cancel_work_sync(&iface->reset_ws);
--}
--
- /* called from driver core with dev locked */
- static int usb_probe_interface(struct device *dev)
- {
-@@ -380,7 +365,6 @@ static int usb_probe_interface(struct device *dev)
- usb_set_intfdata(intf, NULL);
- intf->needs_remote_wakeup = 0;
- intf->condition = USB_INTERFACE_UNBOUND;
-- usb_cancel_queued_reset(intf);
-
- /* If the LPM disable succeeded, balance the ref counts. */
- if (!lpm_disable_error)
-@@ -425,7 +409,6 @@ static int usb_unbind_interface(struct device *dev)
- usb_disable_interface(udev, intf, false);
-
- driver->disconnect(intf);
-- usb_cancel_queued_reset(intf);
-
- /* Free streams */
- for (i = 0, j = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) {
-@@ -1797,6 +1780,18 @@ static int autosuspend_check(struct usb_device *udev)
- dev_dbg(&udev->dev, "remote wakeup needed for autosuspend\n");
- return -EOPNOTSUPP;
- }
-+
-+ /*
-+ * If the device is a direct child of the root hub and the HCD
-+ * doesn't handle wakeup requests, don't allow autosuspend when
-+ * wakeup is needed.
-+ */
-+ if (w && udev->parent == udev->bus->root_hub &&
-+ bus_to_hcd(udev->bus)->cant_recv_wakeups) {
-+ dev_dbg(&udev->dev, "HCD doesn't handle wakeup requests\n");
-+ return -EOPNOTSUPP;
-+ }
-+
- udev->do_remote_wakeup = w;
- return 0;
- }
-diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 11cee55..45a915c 100644
---- a/drivers/usb/core/hcd.c
-+++ b/drivers/usb/core/hcd.c
-@@ -1618,6 +1618,7 @@ static int unlink1(struct usb_hcd *hcd, struct urb *urb, int status)
- int usb_hcd_unlink_urb (struct urb *urb, int status)
- {
- struct usb_hcd *hcd;
-+ struct usb_device *udev = urb->dev;
- int retval = -EIDRM;
- unsigned long flags;
-
-@@ -1629,20 +1630,19 @@ int usb_hcd_unlink_urb (struct urb *urb, int status)
- spin_lock_irqsave(&hcd_urb_unlink_lock, flags);
- if (atomic_read(&urb->use_count) > 0) {
- retval = 0;
-- usb_get_dev(urb->dev);
-+ usb_get_dev(udev);
- }
- spin_unlock_irqrestore(&hcd_urb_unlink_lock, flags);
- if (retval == 0) {
- hcd = bus_to_hcd(urb->dev->bus);
- retval = unlink1(hcd, urb, status);
-- usb_put_dev(urb->dev);
-+ if (retval == 0)
-+ retval = -EINPROGRESS;
-+ else if (retval != -EIDRM && retval != -EBUSY)
-+ dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n",
-+ urb, retval);
-+ usb_put_dev(udev);
- }
--
-- if (retval == 0)
-- retval = -EINPROGRESS;
-- else if (retval != -EIDRM && retval != -EBUSY)
-- dev_dbg(&urb->dev->dev, "hcd_unlink_urb %p fail %d\n",
-- urb, retval);
- return retval;
- }
-
-diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index aeb50bb..b4bfa3a 100644
---- a/drivers/usb/core/hub.c
-+++ b/drivers/usb/core/hub.c
-@@ -5589,26 +5589,19 @@ EXPORT_SYMBOL_GPL(usb_reset_device);
- * possible; depending on how the driver attached to each interface
- * handles ->pre_reset(), the second reset might happen or not.
- *
-- * - If a driver is unbound and it had a pending reset, the reset will
-- * be cancelled.
-+ * - If the reset is delayed so long that the interface is unbound from
-+ * its driver, the reset will be skipped.
- *
-- * - This function can be called during .probe() or .disconnect()
-- * times. On return from .disconnect(), any pending resets will be
-- * cancelled.
-- *
-- * There is no no need to lock/unlock the @reset_ws as schedule_work()
-- * does its own.
-- *
-- * NOTE: We don't do any reference count tracking because it is not
-- * needed. The lifecycle of the work_struct is tied to the
-- * usb_interface. Before destroying the interface we cancel the
-- * work_struct, so the fact that work_struct is queued and or
-- * running means the interface (and thus, the device) exist and
-- * are referenced.
-+ * - This function can be called during .probe(). It can also be called
-+ * during .disconnect(), but doing so is pointless because the reset
-+ * will not occur. If you really want to reset the device during
-+ * .disconnect(), call usb_reset_device() directly -- but watch out
-+ * for nested unbinding issues!
- */
- void usb_queue_reset_device(struct usb_interface *iface)
- {
-- schedule_work(&iface->reset_ws);
-+ if (schedule_work(&iface->reset_ws))
-+ usb_get_intf(iface);
- }
- EXPORT_SYMBOL_GPL(usb_queue_reset_device);
-
-diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
-index f7b7713..f368d20 100644
---- a/drivers/usb/core/message.c
-+++ b/drivers/usb/core/message.c
-@@ -1551,6 +1551,7 @@ static void usb_release_interface(struct device *dev)
- altsetting_to_usb_interface_cache(intf->altsetting);
-
- kref_put(&intfc->ref, usb_release_interface_cache);
-+ usb_put_dev(interface_to_usbdev(intf));
- kfree(intf);
- }
-
-@@ -1626,24 +1627,6 @@ static struct usb_interface_assoc_descriptor *find_iad(struct usb_device *dev,
-
- /*
- * Internal function to queue a device reset
-- *
-- * This is initialized into the workstruct in 'struct
-- * usb_device->reset_ws' that is launched by
-- * message.c:usb_set_configuration() when initializing each 'struct
-- * usb_interface'.
-- *
-- * It is safe to get the USB device without reference counts because
-- * the life cycle of @iface is bound to the life cycle of @udev. Then,
-- * this function will be ran only if @iface is alive (and before
-- * freeing it any scheduled instances of it will have been cancelled).
-- *
-- * We need to set a flag (usb_dev->reset_running) because when we call
-- * the reset, the interfaces might be unbound. The current interface
-- * cannot try to remove the queued work as it would cause a deadlock
-- * (you cannot remove your work from within your executing
-- * workqueue). This flag lets it know, so that
-- * usb_cancel_queued_reset() doesn't try to do it.
-- *
- * See usb_queue_reset_device() for more details
- */
- static void __usb_queue_reset_device(struct work_struct *ws)
-@@ -1655,11 +1638,10 @@ static void __usb_queue_reset_device(struct work_struct *ws)
-
- rc = usb_lock_device_for_reset(udev, iface);
- if (rc >= 0) {
-- iface->reset_running = 1;
- usb_reset_device(udev);
-- iface->reset_running = 0;
- usb_unlock_device(udev);
- }
-+ usb_put_intf(iface); /* Undo _get_ in usb_queue_reset_device() */
- }
-
-
-@@ -1854,6 +1836,7 @@ free_interfaces:
- dev_set_name(&intf->dev, "%d-%s:%d.%d",
- dev->bus->busnum, dev->devpath,
- configuration, alt->desc.bInterfaceNumber);
-+ usb_get_dev(dev);
- }
- kfree(new_interfaces);
-
-diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
-index 2a92b97..b1fb9ae 100644
---- a/drivers/usb/core/usb.c
-+++ b/drivers/usb/core/usb.c
-@@ -1049,6 +1049,7 @@ static int __init usb_init(void)
- pr_info("%s: USB support disabled\n", usbcore_name);
- return 0;
- }
-+ usb_init_pool_max();
-
- retval = usb_debugfs_init();
- if (retval)
-diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
-index 8f65ab3..4efd3bd 100644
---- a/drivers/usb/dwc3/gadget.c
-+++ b/drivers/usb/dwc3/gadget.c
-@@ -2043,6 +2043,7 @@ static void dwc3_resume_gadget(struct dwc3 *dwc)
- if (dwc->gadget_driver && dwc->gadget_driver->resume) {
- spin_unlock(&dwc->lock);
- dwc->gadget_driver->resume(&dwc->gadget);
-+ spin_lock(&dwc->lock);
- }
- }
-
-diff --git a/drivers/usb/host/isp1760-hcd.c b/drivers/usb/host/isp1760-hcd.c
-index 395649f..c83ac89 100644
---- a/drivers/usb/host/isp1760-hcd.c
-+++ b/drivers/usb/host/isp1760-hcd.c
-@@ -2247,6 +2247,9 @@ struct usb_hcd *isp1760_register(phys_addr_t res_start, resource_size_t res_len,
- hcd->rsrc_start = res_start;
- hcd->rsrc_len = res_len;
-
-+ /* This driver doesn't support wakeup requests */
-+ hcd->cant_recv_wakeups = 1;
-+
- ret = usb_add_hcd(hcd, irq, irqflags);
- if (ret)
- goto err_unmap;
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index f4c56fc..f40c856 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -56,6 +56,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */
- { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
- { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
-+ { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */
- { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
- { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */
- { USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */
-diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
-index f8bb36f..bf19407 100644
---- a/drivers/xen/manage.c
-+++ b/drivers/xen/manage.c
-@@ -105,10 +105,16 @@ static void do_suspend(void)
-
- err = freeze_processes();
- if (err) {
-- pr_err("%s: freeze failed %d\n", __func__, err);
-+ pr_err("%s: freeze processes failed %d\n", __func__, err);
- goto out;
- }
-
-+ err = freeze_kernel_threads();
-+ if (err) {
-+ pr_err("%s: freeze kernel threads failed %d\n", __func__, err);
-+ goto out_thaw;
-+ }
-+
- err = dpm_suspend_start(PMSG_FREEZE);
- if (err) {
- pr_err("%s: dpm_suspend_start %d\n", __func__, err);
-diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c
-index e999496e..8e38499 100644
---- a/drivers/xen/xen-scsiback.c
-+++ b/drivers/xen/xen-scsiback.c
-@@ -708,12 +708,11 @@ static int prepare_pending_reqs(struct vscsibk_info *info,
- static int scsiback_do_cmd_fn(struct vscsibk_info *info)
- {
- struct vscsiif_back_ring *ring = &info->ring;
-- struct vscsiif_request *ring_req;
-+ struct vscsiif_request ring_req;
- struct vscsibk_pend *pending_req;
- RING_IDX rc, rp;
- int err, more_to_do;
- uint32_t result;
-- uint8_t act;
-
- rc = ring->req_cons;
- rp = ring->sring->req_prod;
-@@ -734,11 +733,10 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
- if (!pending_req)
- return 1;
-
-- ring_req = RING_GET_REQUEST(ring, rc);
-+ ring_req = *RING_GET_REQUEST(ring, rc);
- ring->req_cons = ++rc;
-
-- act = ring_req->act;
-- err = prepare_pending_reqs(info, ring_req, pending_req);
-+ err = prepare_pending_reqs(info, &ring_req, pending_req);
- if (err) {
- switch (err) {
- case -ENODEV:
-@@ -754,9 +752,9 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
- return 1;
- }
-
-- switch (act) {
-+ switch (ring_req.act) {
- case VSCSIIF_ACT_SCSI_CDB:
-- if (scsiback_gnttab_data_map(ring_req, pending_req)) {
-+ if (scsiback_gnttab_data_map(&ring_req, pending_req)) {
- scsiback_fast_flush_area(pending_req);
- scsiback_do_resp_with_sense(NULL,
- DRIVER_ERROR << 24, 0, pending_req);
-@@ -767,7 +765,7 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
- break;
- case VSCSIIF_ACT_SCSI_ABORT:
- scsiback_device_action(pending_req, TMR_ABORT_TASK,
-- ring_req->ref_rqid);
-+ ring_req.ref_rqid);
- break;
- case VSCSIIF_ACT_SCSI_RESET:
- scsiback_device_action(pending_req, TMR_LUN_RESET, 0);
-diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 02b1691..995986b 100644
---- a/fs/binfmt_elf.c
-+++ b/fs/binfmt_elf.c
-@@ -645,11 +645,12 @@ out:
-
- static unsigned long randomize_stack_top(unsigned long stack_top)
- {
-- unsigned int random_variable = 0;
-+ unsigned long random_variable = 0;
-
- if ((current->flags & PF_RANDOMIZE) &&
- !(current->personality & ADDR_NO_RANDOMIZE)) {
-- random_variable = get_random_int() & STACK_RND_MASK;
-+ random_variable = (unsigned long) get_random_int();
-+ random_variable &= STACK_RND_MASK;
- random_variable <<= PAGE_SHIFT;
- }
- #ifdef CONFIG_STACK_GROWSUP
-diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index 14a72ed..f54511d 100644
---- a/fs/btrfs/ctree.c
-+++ b/fs/btrfs/ctree.c
-@@ -2609,32 +2609,23 @@ static int key_search(struct extent_buffer *b, struct btrfs_key *key,
- return 0;
- }
-
--int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *found_path,
-+int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *path,
- u64 iobjectid, u64 ioff, u8 key_type,
- struct btrfs_key *found_key)
- {
- int ret;
- struct btrfs_key key;
- struct extent_buffer *eb;
-- struct btrfs_path *path;
-+
-+ ASSERT(path);
-
- key.type = key_type;
- key.objectid = iobjectid;
- key.offset = ioff;
-
-- if (found_path == NULL) {
-- path = btrfs_alloc_path();
-- if (!path)
-- return -ENOMEM;
-- } else
-- path = found_path;
--
- ret = btrfs_search_slot(NULL, fs_root, &key, path, 0, 0);
-- if ((ret < 0) || (found_key == NULL)) {
-- if (path != found_path)
-- btrfs_free_path(path);
-+ if ((ret < 0) || (found_key == NULL))
- return ret;
-- }
-
- eb = path->nodes[0];
- if (ret && path->slots[0] >= btrfs_header_nritems(eb)) {
-diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
-index 8c63419..6f46c9b 100644
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -1630,6 +1630,7 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info,
- bool check_ref)
- {
- struct btrfs_root *root;
-+ struct btrfs_path *path;
- int ret;
-
- if (location->objectid == BTRFS_ROOT_TREE_OBJECTID)
-@@ -1669,8 +1670,14 @@ again:
- if (ret)
- goto fail;
-
-- ret = btrfs_find_item(fs_info->tree_root, NULL, BTRFS_ORPHAN_OBJECTID,
-+ path = btrfs_alloc_path();
-+ if (!path) {
-+ ret = -ENOMEM;
-+ goto fail;
-+ }
-+ ret = btrfs_find_item(fs_info->tree_root, path, BTRFS_ORPHAN_OBJECTID,
- location->objectid, BTRFS_ORPHAN_ITEM_KEY, NULL);
-+ btrfs_free_path(path);
- if (ret < 0)
- goto fail;
- if (ret == 0)
-@@ -2498,7 +2505,7 @@ int open_ctree(struct super_block *sb,
- features |= BTRFS_FEATURE_INCOMPAT_COMPRESS_LZO;
-
- if (features & BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA)
-- printk(KERN_ERR "BTRFS: has skinny extents\n");
-+ printk(KERN_INFO "BTRFS: has skinny extents\n");
-
- /*
- * flag our filesystem as having big metadata blocks if
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index 1a9585d..f78e9dc 100644
---- a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -488,8 +488,20 @@ insert:
- src_item = (struct btrfs_inode_item *)src_ptr;
- dst_item = (struct btrfs_inode_item *)dst_ptr;
-
-- if (btrfs_inode_generation(eb, src_item) == 0)
-+ if (btrfs_inode_generation(eb, src_item) == 0) {
-+ struct extent_buffer *dst_eb = path->nodes[0];
-+
-+ if (S_ISREG(btrfs_inode_mode(eb, src_item)) &&
-+ S_ISREG(btrfs_inode_mode(dst_eb, dst_item))) {
-+ struct btrfs_map_token token;
-+ u64 ino_size = btrfs_inode_size(eb, src_item);
-+
-+ btrfs_init_map_token(&token);
-+ btrfs_set_token_inode_size(dst_eb, dst_item,
-+ ino_size, &token);
-+ }
- goto no_copy;
-+ }
-
- if (overwrite_root &&
- S_ISDIR(btrfs_inode_mode(eb, src_item)) &&
-@@ -1257,10 +1269,19 @@ static int insert_orphan_item(struct btrfs_trans_handle *trans,
- struct btrfs_root *root, u64 offset)
- {
- int ret;
-- ret = btrfs_find_item(root, NULL, BTRFS_ORPHAN_OBJECTID,
-+ struct btrfs_path *path;
-+
-+ path = btrfs_alloc_path();
-+ if (!path)
-+ return -ENOMEM;
-+
-+ ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID,
- offset, BTRFS_ORPHAN_ITEM_KEY, NULL);
- if (ret > 0)
- ret = btrfs_insert_orphan_item(trans, root, offset);
-+
-+ btrfs_free_path(path);
-+
- return ret;
- }
-
-@@ -3219,7 +3240,8 @@ static int drop_objectid_items(struct btrfs_trans_handle *trans,
- static void fill_inode_item(struct btrfs_trans_handle *trans,
- struct extent_buffer *leaf,
- struct btrfs_inode_item *item,
-- struct inode *inode, int log_inode_only)
-+ struct inode *inode, int log_inode_only,
-+ u64 logged_isize)
- {
- struct btrfs_map_token token;
-
-@@ -3232,7 +3254,7 @@ static void fill_inode_item(struct btrfs_trans_handle *trans,
- * to say 'update this inode with these values'
- */
- btrfs_set_token_inode_generation(leaf, item, 0, &token);
-- btrfs_set_token_inode_size(leaf, item, 0, &token);
-+ btrfs_set_token_inode_size(leaf, item, logged_isize, &token);
- } else {
- btrfs_set_token_inode_generation(leaf, item,
- BTRFS_I(inode)->generation,
-@@ -3284,7 +3306,7 @@ static int log_inode_item(struct btrfs_trans_handle *trans,
- return ret;
- inode_item = btrfs_item_ptr(path->nodes[0], path->slots[0],
- struct btrfs_inode_item);
-- fill_inode_item(trans, path->nodes[0], inode_item, inode, 0);
-+ fill_inode_item(trans, path->nodes[0], inode_item, inode, 0, 0);
- btrfs_release_path(path);
- return 0;
- }
-@@ -3293,7 +3315,8 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
- struct inode *inode,
- struct btrfs_path *dst_path,
- struct btrfs_path *src_path, u64 *last_extent,
-- int start_slot, int nr, int inode_only)
-+ int start_slot, int nr, int inode_only,
-+ u64 logged_isize)
- {
- unsigned long src_offset;
- unsigned long dst_offset;
-@@ -3350,7 +3373,8 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
- dst_path->slots[0],
- struct btrfs_inode_item);
- fill_inode_item(trans, dst_path->nodes[0], inode_item,
-- inode, inode_only == LOG_INODE_EXISTS);
-+ inode, inode_only == LOG_INODE_EXISTS,
-+ logged_isize);
- } else {
- copy_extent_buffer(dst_path->nodes[0], src, dst_offset,
- src_offset, ins_sizes[i]);
-@@ -3902,6 +3926,33 @@ process:
- return ret;
- }
-
-+static int logged_inode_size(struct btrfs_root *log, struct inode *inode,
-+ struct btrfs_path *path, u64 *size_ret)
-+{
-+ struct btrfs_key key;
-+ int ret;
-+
-+ key.objectid = btrfs_ino(inode);
-+ key.type = BTRFS_INODE_ITEM_KEY;
-+ key.offset = 0;
-+
-+ ret = btrfs_search_slot(NULL, log, &key, path, 0, 0);
-+ if (ret < 0) {
-+ return ret;
-+ } else if (ret > 0) {
-+ *size_ret = i_size_read(inode);
-+ } else {
-+ struct btrfs_inode_item *item;
-+
-+ item = btrfs_item_ptr(path->nodes[0], path->slots[0],
-+ struct btrfs_inode_item);
-+ *size_ret = btrfs_inode_size(path->nodes[0], item);
-+ }
-+
-+ btrfs_release_path(path);
-+ return 0;
-+}
-+
- /* log a single inode in the tree log.
- * At least one parent directory for this inode must exist in the tree
- * or be logged already.
-@@ -3939,6 +3990,7 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans,
- bool fast_search = false;
- u64 ino = btrfs_ino(inode);
- struct extent_map_tree *em_tree = &BTRFS_I(inode)->extent_tree;
-+ u64 logged_isize = 0;
-
- path = btrfs_alloc_path();
- if (!path)
-@@ -3992,6 +4044,25 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans,
- max_key_type = BTRFS_XATTR_ITEM_KEY;
- ret = drop_objectid_items(trans, log, path, ino, max_key_type);
- } else {
-+ if (inode_only == LOG_INODE_EXISTS) {
-+ /*
-+ * Make sure the new inode item we write to the log has
-+ * the same isize as the current one (if it exists).
-+ * This is necessary to prevent data loss after log
-+ * replay, and also to prevent doing a wrong expanding
-+ * truncate - for e.g. create file, write 4K into offset
-+ * 0, fsync, write 4K into offset 4096, add hard link,
-+ * fsync some other file (to sync log), power fail - if
-+ * we use the inode's current i_size, after log replay
-+ * we get a 8Kb file, with the last 4Kb extent as a hole
-+ * (zeroes), as if an expanding truncate happened,
-+ * instead of getting a file of 4Kb only.
-+ */
-+ err = logged_inode_size(log, inode, path,
-+ &logged_isize);
-+ if (err)
-+ goto out_unlock;
-+ }
- if (test_and_clear_bit(BTRFS_INODE_NEEDS_FULL_SYNC,
- &BTRFS_I(inode)->runtime_flags)) {
- clear_bit(BTRFS_INODE_COPY_EVERYTHING,
-@@ -4047,7 +4118,8 @@ again:
- }
-
- ret = copy_items(trans, inode, dst_path, path, &last_extent,
-- ins_start_slot, ins_nr, inode_only);
-+ ins_start_slot, ins_nr, inode_only,
-+ logged_isize);
- if (ret < 0) {
- err = ret;
- goto out_unlock;
-@@ -4071,7 +4143,7 @@ next_slot:
- if (ins_nr) {
- ret = copy_items(trans, inode, dst_path, path,
- &last_extent, ins_start_slot,
-- ins_nr, inode_only);
-+ ins_nr, inode_only, logged_isize);
- if (ret < 0) {
- err = ret;
- goto out_unlock;
-@@ -4092,7 +4164,8 @@ next_slot:
- }
- if (ins_nr) {
- ret = copy_items(trans, inode, dst_path, path, &last_extent,
-- ins_start_slot, ins_nr, inode_only);
-+ ins_start_slot, ins_nr, inode_only,
-+ logged_isize);
- if (ret < 0) {
- err = ret;
- goto out_unlock;
-diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 74c5f53..fc29b2c 100644
---- a/fs/ext4/super.c
-+++ b/fs/ext4/super.c
-@@ -4864,9 +4864,8 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data)
- if ((old_opts.s_mount_opt & EXT4_MOUNT_JOURNAL_CHECKSUM) ^
- test_opt(sb, JOURNAL_CHECKSUM)) {
- ext4_msg(sb, KERN_ERR, "changing journal_checksum "
-- "during remount not supported");
-- err = -EINVAL;
-- goto restore_opts;
-+ "during remount not supported; ignoring");
-+ sbi->s_mount_opt ^= EXT4_MOUNT_JOURNAL_CHECKSUM;
- }
-
- if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) {
-diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
-index 7654e87..9ad5ba4 100644
---- a/fs/jffs2/scan.c
-+++ b/fs/jffs2/scan.c
-@@ -510,6 +510,10 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
- sumlen = c->sector_size - je32_to_cpu(sm->offset);
- sumptr = buf + buf_size - sumlen;
-
-+ /* sm->offset maybe wrong but MAGIC maybe right */
-+ if (sumlen > c->sector_size)
-+ goto full_scan;
-+
- /* Now, make sure the summary itself is available */
- if (sumlen > buf_size) {
- /* Need to kmalloc for this. */
-@@ -544,6 +548,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
- }
- }
-
-+full_scan:
- buf_ofs = jeb->offset;
-
- if (!buf_size) {
-diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
-index 1cc6ec5..47a32b6 100644
---- a/fs/lockd/mon.c
-+++ b/fs/lockd/mon.c
-@@ -65,7 +65,7 @@ static inline struct sockaddr *nsm_addr(const struct nsm_handle *nsm)
- return (struct sockaddr *)&nsm->sm_addr;
- }
-
--static struct rpc_clnt *nsm_create(struct net *net)
-+static struct rpc_clnt *nsm_create(struct net *net, const char *nodename)
- {
- struct sockaddr_in sin = {
- .sin_family = AF_INET,
-@@ -77,6 +77,7 @@ static struct rpc_clnt *nsm_create(struct net *net)
- .address = (struct sockaddr *)&sin,
- .addrsize = sizeof(sin),
- .servername = "rpc.statd",
-+ .nodename = nodename,
- .program = &nsm_program,
- .version = NSM_VERSION,
- .authflavor = RPC_AUTH_NULL,
-@@ -102,7 +103,7 @@ out:
- return clnt;
- }
-
--static struct rpc_clnt *nsm_client_get(struct net *net)
-+static struct rpc_clnt *nsm_client_get(struct net *net, const char *nodename)
- {
- struct rpc_clnt *clnt, *new;
- struct lockd_net *ln = net_generic(net, lockd_net_id);
-@@ -111,7 +112,7 @@ static struct rpc_clnt *nsm_client_get(struct net *net)
- if (clnt != NULL)
- goto out;
-
-- clnt = new = nsm_create(net);
-+ clnt = new = nsm_create(net, nodename);
- if (IS_ERR(clnt))
- goto out;
-
-@@ -190,19 +191,23 @@ int nsm_monitor(const struct nlm_host *host)
- struct nsm_res res;
- int status;
- struct rpc_clnt *clnt;
-+ const char *nodename = NULL;
-
- dprintk("lockd: nsm_monitor(%s)\n", nsm->sm_name);
-
- if (nsm->sm_monitored)
- return 0;
-
-+ if (host->h_rpcclnt)
-+ nodename = host->h_rpcclnt->cl_nodename;
-+
- /*
- * Choose whether to record the caller_name or IP address of
- * this peer in the local rpc.statd's database.
- */
- nsm->sm_mon_name = nsm_use_hostnames ? nsm->sm_name : nsm->sm_addrbuf;
-
-- clnt = nsm_client_get(host->net);
-+ clnt = nsm_client_get(host->net, nodename);
- if (IS_ERR(clnt)) {
- status = PTR_ERR(clnt);
- dprintk("lockd: failed to create NSM upcall transport, "
-diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
-index b8fb3a4..351be920 100644
---- a/fs/nfs/callback.c
-+++ b/fs/nfs/callback.c
-@@ -128,22 +128,24 @@ nfs41_callback_svc(void *vrqstp)
- if (try_to_freeze())
- continue;
-
-- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
-+ prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE);
- spin_lock_bh(&serv->sv_cb_lock);
- if (!list_empty(&serv->sv_cb_list)) {
- req = list_first_entry(&serv->sv_cb_list,
- struct rpc_rqst, rq_bc_list);
- list_del(&req->rq_bc_list);
- spin_unlock_bh(&serv->sv_cb_lock);
-+ finish_wait(&serv->sv_cb_waitq, &wq);
- dprintk("Invoking bc_svc_process()\n");
- error = bc_svc_process(serv, req, rqstp);
- dprintk("bc_svc_process() returned w/ error code= %d\n",
- error);
- } else {
- spin_unlock_bh(&serv->sv_cb_lock);
-- schedule();
-+ /* schedule_timeout to game the hung task watchdog */
-+ schedule_timeout(60 * HZ);
-+ finish_wait(&serv->sv_cb_waitq, &wq);
- }
-- finish_wait(&serv->sv_cb_waitq, &wq);
- }
- return 0;
- }
-diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index f4ccfe6..02f8d09 100644
---- a/fs/nfs/callback_xdr.c
-+++ b/fs/nfs/callback_xdr.c
-@@ -464,8 +464,10 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
-
- for (i = 0; i < args->csa_nrclists; i++) {
- status = decode_rc_list(xdr, &args->csa_rclists[i]);
-- if (status)
-+ if (status) {
-+ args->csa_nrclists = i;
- goto out_free;
-+ }
- }
- }
- status = 0;
-diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
-index 294692f..a094b0c 100644
---- a/fs/nfs/direct.c
-+++ b/fs/nfs/direct.c
-@@ -242,7 +242,7 @@ static void nfs_direct_release_pages(struct page **pages, unsigned int npages)
- void nfs_init_cinfo_from_dreq(struct nfs_commit_info *cinfo,
- struct nfs_direct_req *dreq)
- {
-- cinfo->lock = &dreq->lock;
-+ cinfo->lock = &dreq->inode->i_lock;
- cinfo->mds = &dreq->mds_cinfo;
- cinfo->ds = &dreq->ds_cinfo;
- cinfo->dreq = dreq;
-diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
-index b6f34bf..b84efe4 100644
---- a/fs/nfs/internal.h
-+++ b/fs/nfs/internal.h
-@@ -375,7 +375,7 @@ extern struct rpc_stat nfs_rpcstat;
-
- extern int __init register_nfs_fs(void);
- extern void __exit unregister_nfs_fs(void);
--extern void nfs_sb_active(struct super_block *sb);
-+extern bool nfs_sb_active(struct super_block *sb);
- extern void nfs_sb_deactive(struct super_block *sb);
-
- /* namespace.c */
-@@ -493,6 +493,26 @@ extern int nfs41_walk_client_list(struct nfs_client *clp,
- struct nfs_client **result,
- struct rpc_cred *cred);
-
-+static inline struct inode *nfs_igrab_and_active(struct inode *inode)
-+{
-+ inode = igrab(inode);
-+ if (inode != NULL && !nfs_sb_active(inode->i_sb)) {
-+ iput(inode);
-+ inode = NULL;
-+ }
-+ return inode;
-+}
-+
-+static inline void nfs_iput_and_deactive(struct inode *inode)
-+{
-+ if (inode != NULL) {
-+ struct super_block *sb = inode->i_sb;
-+
-+ iput(inode);
-+ nfs_sb_deactive(sb);
-+ }
-+}
-+
- /*
- * Determine the device name as a string
- */
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index c347705..89f6827 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -5137,9 +5137,13 @@ static void nfs4_delegreturn_done(struct rpc_task *task, void *calldata)
- static void nfs4_delegreturn_release(void *calldata)
- {
- struct nfs4_delegreturndata *data = calldata;
-+ struct inode *inode = data->inode;
-
-- if (data->roc)
-- pnfs_roc_release(data->inode);
-+ if (inode) {
-+ if (data->roc)
-+ pnfs_roc_release(inode);
-+ nfs_iput_and_deactive(inode);
-+ }
- kfree(calldata);
- }
-
-@@ -5196,9 +5200,9 @@ static int _nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, co
- nfs_fattr_init(data->res.fattr);
- data->timestamp = jiffies;
- data->rpc_status = 0;
-- data->inode = inode;
-- data->roc = list_empty(&NFS_I(inode)->open_files) ?
-- pnfs_roc(inode) : false;
-+ data->inode = nfs_igrab_and_active(inode);
-+ if (data->inode)
-+ data->roc = nfs4_roc(inode);
-
- task_setup_data.callback_data = data;
- msg.rpc_argp = &data->args;
-diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
-index 0a5dda4..883ee88 100644
---- a/fs/nfs/pnfs.c
-+++ b/fs/nfs/pnfs.c
-@@ -1445,19 +1445,19 @@ pnfs_generic_pg_init_read(struct nfs_pageio_descriptor *pgio, struct nfs_page *r
- {
- u64 rd_size = req->wb_bytes;
-
-- WARN_ON_ONCE(pgio->pg_lseg != NULL);
--
-- if (pgio->pg_dreq == NULL)
-- rd_size = i_size_read(pgio->pg_inode) - req_offset(req);
-- else
-- rd_size = nfs_dreq_bytes_left(pgio->pg_dreq);
--
-- pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
-- req->wb_context,
-- req_offset(req),
-- rd_size,
-- IOMODE_READ,
-- GFP_KERNEL);
-+ if (pgio->pg_lseg == NULL) {
-+ if (pgio->pg_dreq == NULL)
-+ rd_size = i_size_read(pgio->pg_inode) - req_offset(req);
-+ else
-+ rd_size = nfs_dreq_bytes_left(pgio->pg_dreq);
-+
-+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
-+ req->wb_context,
-+ req_offset(req),
-+ rd_size,
-+ IOMODE_READ,
-+ GFP_KERNEL);
-+ }
- /* If no lseg, fall back to read through mds */
- if (pgio->pg_lseg == NULL)
- nfs_pageio_reset_read_mds(pgio);
-@@ -1469,14 +1469,13 @@ void
- pnfs_generic_pg_init_write(struct nfs_pageio_descriptor *pgio,
- struct nfs_page *req, u64 wb_size)
- {
-- WARN_ON_ONCE(pgio->pg_lseg != NULL);
--
-- pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
-- req->wb_context,
-- req_offset(req),
-- wb_size,
-- IOMODE_RW,
-- GFP_NOFS);
-+ if (pgio->pg_lseg == NULL)
-+ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode,
-+ req->wb_context,
-+ req_offset(req),
-+ wb_size,
-+ IOMODE_RW,
-+ GFP_NOFS);
- /* If no lseg, fall back to write through mds */
- if (pgio->pg_lseg == NULL)
- nfs_pageio_reset_write_mds(pgio);
-diff --git a/fs/nfs/super.c b/fs/nfs/super.c
-index 31a11b0..368d939 100644
---- a/fs/nfs/super.c
-+++ b/fs/nfs/super.c
-@@ -405,12 +405,15 @@ void __exit unregister_nfs_fs(void)
- unregister_filesystem(&nfs_fs_type);
- }
-
--void nfs_sb_active(struct super_block *sb)
-+bool nfs_sb_active(struct super_block *sb)
- {
- struct nfs_server *server = NFS_SB(sb);
-
-- if (atomic_inc_return(&server->active) == 1)
-- atomic_inc(&sb->s_active);
-+ if (!atomic_inc_not_zero(&sb->s_active))
-+ return false;
-+ if (atomic_inc_return(&server->active) != 1)
-+ atomic_dec(&sb->s_active);
-+ return true;
- }
- EXPORT_SYMBOL_GPL(nfs_sb_active);
-
-diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
-index 10b6539..465223b 100644
---- a/fs/ocfs2/quota_local.c
-+++ b/fs/ocfs2/quota_local.c
-@@ -701,8 +701,8 @@ static int ocfs2_local_read_info(struct super_block *sb, int type)
- /* We don't need the lock and we have to acquire quota file locks
- * which will later depend on this lock */
- mutex_unlock(&sb_dqopt(sb)->dqio_mutex);
-- info->dqi_maxblimit = 0x7fffffffffffffffLL;
-- info->dqi_maxilimit = 0x7fffffffffffffffLL;
-+ info->dqi_max_spc_limit = 0x7fffffffffffffffLL;
-+ info->dqi_max_ino_limit = 0x7fffffffffffffffLL;
- oinfo = kmalloc(sizeof(struct ocfs2_mem_dqinfo), GFP_NOFS);
- if (!oinfo) {
- mlog(ML_ERROR, "failed to allocate memory for ocfs2 quota"
-diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 246eae8..88f9b83 100644
---- a/fs/proc/task_mmu.c
-+++ b/fs/proc/task_mmu.c
-@@ -1069,7 +1069,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
- struct vm_area_struct *vma;
- struct pagemapread *pm = walk->private;
- spinlock_t *ptl;
-- pte_t *pte;
-+ pte_t *pte, *orig_pte;
- int err = 0;
-
- /* find the first VMA at or above 'addr' */
-@@ -1130,15 +1130,19 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
- BUG_ON(is_vm_hugetlb_page(vma));
-
- /* Addresses in the VMA. */
-- for (; addr < min(end, vma->vm_end); addr += PAGE_SIZE) {
-+ orig_pte = pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
-+ for (; addr < min(end, vma->vm_end); pte++, addr += PAGE_SIZE) {
- pagemap_entry_t pme;
-- pte = pte_offset_map(pmd, addr);
-+
- pte_to_pagemap_entry(&pme, pm, vma, addr, *pte);
-- pte_unmap(pte);
- err = add_to_pagemap(addr, &pme, pm);
- if (err)
-- return err;
-+ break;
- }
-+ pte_unmap_unlock(orig_pte, ptl);
-+
-+ if (err)
-+ return err;
-
- if (addr == end)
- break;
-diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
-index 69df5b2..ca035a2 100644
---- a/fs/quota/dquot.c
-+++ b/fs/quota/dquot.c
-@@ -2385,16 +2385,6 @@ out:
- }
- EXPORT_SYMBOL(dquot_quota_on_mount);
-
--static inline qsize_t qbtos(qsize_t blocks)
--{
-- return blocks << QIF_DQBLKSIZE_BITS;
--}
--
--static inline qsize_t stoqb(qsize_t space)
--{
-- return (space + QIF_DQBLKSIZE - 1) >> QIF_DQBLKSIZE_BITS;
--}
--
- /* Generic routine for getting common part of quota structure */
- static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)
- {
-@@ -2444,13 +2434,13 @@ static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)
- return -EINVAL;
-
- if (((di->d_fieldmask & QC_SPC_SOFT) &&
-- stoqb(di->d_spc_softlimit) > dqi->dqi_maxblimit) ||
-+ di->d_spc_softlimit > dqi->dqi_max_spc_limit) ||
- ((di->d_fieldmask & QC_SPC_HARD) &&
-- stoqb(di->d_spc_hardlimit) > dqi->dqi_maxblimit) ||
-+ di->d_spc_hardlimit > dqi->dqi_max_spc_limit) ||
- ((di->d_fieldmask & QC_INO_SOFT) &&
-- (di->d_ino_softlimit > dqi->dqi_maxilimit)) ||
-+ (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) ||
- ((di->d_fieldmask & QC_INO_HARD) &&
-- (di->d_ino_hardlimit > dqi->dqi_maxilimit)))
-+ (di->d_ino_hardlimit > dqi->dqi_max_ino_limit)))
- return -ERANGE;
-
- spin_lock(&dq_data_lock);
-diff --git a/fs/quota/quota_v1.c b/fs/quota/quota_v1.c
-index 469c684..8fe79be 100644
---- a/fs/quota/quota_v1.c
-+++ b/fs/quota/quota_v1.c
-@@ -169,8 +169,8 @@ static int v1_read_file_info(struct super_block *sb, int type)
- }
- ret = 0;
- /* limits are stored as unsigned 32-bit data */
-- dqopt->info[type].dqi_maxblimit = 0xffffffff;
-- dqopt->info[type].dqi_maxilimit = 0xffffffff;
-+ dqopt->info[type].dqi_max_spc_limit = 0xffffffffULL << QUOTABLOCK_BITS;
-+ dqopt->info[type].dqi_max_ino_limit = 0xffffffff;
- dqopt->info[type].dqi_igrace =
- dqblk.dqb_itime ? dqblk.dqb_itime : MAX_IQ_TIME;
- dqopt->info[type].dqi_bgrace =
-diff --git a/fs/quota/quota_v2.c b/fs/quota/quota_v2.c
-index 02751ec..d1a8054 100644
---- a/fs/quota/quota_v2.c
-+++ b/fs/quota/quota_v2.c
-@@ -117,12 +117,12 @@ static int v2_read_file_info(struct super_block *sb, int type)
- qinfo = info->dqi_priv;
- if (version == 0) {
- /* limits are stored as unsigned 32-bit data */
-- info->dqi_maxblimit = 0xffffffff;
-- info->dqi_maxilimit = 0xffffffff;
-+ info->dqi_max_spc_limit = 0xffffffffULL << QUOTABLOCK_BITS;
-+ info->dqi_max_ino_limit = 0xffffffff;
- } else {
-- /* used space is stored as unsigned 64-bit value */
-- info->dqi_maxblimit = 0xffffffffffffffffULL; /* 2^64-1 */
-- info->dqi_maxilimit = 0xffffffffffffffffULL;
-+ /* used space is stored as unsigned 64-bit value in bytes */
-+ info->dqi_max_spc_limit = 0xffffffffffffffffULL; /* 2^64-1 */
-+ info->dqi_max_ino_limit = 0xffffffffffffffffULL;
- }
- info->dqi_bgrace = le32_to_cpu(dinfo.dqi_bgrace);
- info->dqi_igrace = le32_to_cpu(dinfo.dqi_igrace);
-diff --git a/fs/udf/inode.c b/fs/udf/inode.c
-index 5bc71d9..7b72b7d 100644
---- a/fs/udf/inode.c
-+++ b/fs/udf/inode.c
-@@ -1288,6 +1288,7 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode)
- struct kernel_lb_addr *iloc = &iinfo->i_location;
- unsigned int link_count;
- unsigned int indirections = 0;
-+ int bs = inode->i_sb->s_blocksize;
- int ret = -EIO;
-
- reread:
-@@ -1374,38 +1375,35 @@ reread:
- if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_EFE)) {
- iinfo->i_efe = 1;
- iinfo->i_use = 0;
-- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize -
-+ ret = udf_alloc_i_data(inode, bs -
- sizeof(struct extendedFileEntry));
- if (ret)
- goto out;
- memcpy(iinfo->i_ext.i_data,
- bh->b_data + sizeof(struct extendedFileEntry),
-- inode->i_sb->s_blocksize -
-- sizeof(struct extendedFileEntry));
-+ bs - sizeof(struct extendedFileEntry));
- } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_FE)) {
- iinfo->i_efe = 0;
- iinfo->i_use = 0;
-- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize -
-- sizeof(struct fileEntry));
-+ ret = udf_alloc_i_data(inode, bs - sizeof(struct fileEntry));
- if (ret)
- goto out;
- memcpy(iinfo->i_ext.i_data,
- bh->b_data + sizeof(struct fileEntry),
-- inode->i_sb->s_blocksize - sizeof(struct fileEntry));
-+ bs - sizeof(struct fileEntry));
- } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_USE)) {
- iinfo->i_efe = 0;
- iinfo->i_use = 1;
- iinfo->i_lenAlloc = le32_to_cpu(
- ((struct unallocSpaceEntry *)bh->b_data)->
- lengthAllocDescs);
-- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize -
-+ ret = udf_alloc_i_data(inode, bs -
- sizeof(struct unallocSpaceEntry));
- if (ret)
- goto out;
- memcpy(iinfo->i_ext.i_data,
- bh->b_data + sizeof(struct unallocSpaceEntry),
-- inode->i_sb->s_blocksize -
-- sizeof(struct unallocSpaceEntry));
-+ bs - sizeof(struct unallocSpaceEntry));
- return 0;
- }
-
-@@ -1489,6 +1487,15 @@ reread:
- }
- inode->i_generation = iinfo->i_unique;
-
-+ /*
-+ * Sanity check length of allocation descriptors and extended attrs to
-+ * avoid integer overflows
-+ */
-+ if (iinfo->i_lenEAttr > bs || iinfo->i_lenAlloc > bs)
-+ goto out;
-+ /* Now do exact checks */
-+ if (udf_file_entry_alloc_offset(inode) + iinfo->i_lenAlloc > bs)
-+ goto out;
- /* Sanity checks for files in ICB so that we don't get confused later */
- if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
- /*
-@@ -1498,8 +1505,7 @@ reread:
- if (iinfo->i_lenAlloc != inode->i_size)
- goto out;
- /* File in ICB has to fit in there... */
-- if (inode->i_size > inode->i_sb->s_blocksize -
-- udf_file_entry_alloc_offset(inode))
-+ if (inode->i_size > bs - udf_file_entry_alloc_offset(inode))
- goto out;
- }
-
-diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
-index b5eb474..4e20fe7 100644
---- a/fs/xfs/libxfs/xfs_bmap.c
-+++ b/fs/xfs/libxfs/xfs_bmap.c
-@@ -973,7 +973,11 @@ xfs_bmap_local_to_extents(
- *firstblock = args.fsbno;
- bp = xfs_btree_get_bufl(args.mp, tp, args.fsbno, 0);
-
-- /* initialise the block and copy the data */
-+ /*
-+ * Initialise the block and copy the data
-+ *
-+ * Note: init_fn must set the buffer log item type correctly!
-+ */
- init_fn(tp, bp, ip, ifp);
-
- /* account for the change in fork size and log everything */
-diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
-index c80c523..e7e26bd 100644
---- a/fs/xfs/libxfs/xfs_symlink_remote.c
-+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
-@@ -178,6 +178,8 @@ xfs_symlink_local_to_remote(
- struct xfs_mount *mp = ip->i_mount;
- char *buf;
-
-+ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SYMLINK_BUF);
-+
- if (!xfs_sb_version_hascrc(&mp->m_sb)) {
- bp->b_ops = NULL;
- memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes);
-diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
-index 3f9bd58..744352b 100644
---- a/fs/xfs/xfs_buf_item.c
-+++ b/fs/xfs/xfs_buf_item.c
-@@ -319,6 +319,10 @@ xfs_buf_item_format(
- ASSERT(atomic_read(&bip->bli_refcount) > 0);
- ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
- (bip->bli_flags & XFS_BLI_STALE));
-+ ASSERT((bip->bli_flags & XFS_BLI_STALE) ||
-+ (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF
-+ && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF));
-+
-
- /*
- * If it is an inode buffer, transfer the in-memory state to the
-diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
-index 41f804e..d745e1a 100644
---- a/fs/xfs/xfs_inode.c
-+++ b/fs/xfs/xfs_inode.c
-@@ -1995,6 +1995,7 @@ xfs_iunlink(
- agi->agi_unlinked[bucket_index] = cpu_to_be32(agino);
- offset = offsetof(xfs_agi_t, agi_unlinked) +
- (sizeof(xfs_agino_t) * bucket_index);
-+ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
- xfs_trans_log_buf(tp, agibp, offset,
- (offset + sizeof(xfs_agino_t) - 1));
- return 0;
-@@ -2086,6 +2087,7 @@ xfs_iunlink_remove(
- agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino);
- offset = offsetof(xfs_agi_t, agi_unlinked) +
- (sizeof(xfs_agino_t) * bucket_index);
-+ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
- xfs_trans_log_buf(tp, agibp, offset,
- (offset + sizeof(xfs_agino_t) - 1));
- } else {
-diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
-index 79fb19d..79a62bb 100644
---- a/fs/xfs/xfs_qm.c
-+++ b/fs/xfs/xfs_qm.c
-@@ -842,6 +842,11 @@ xfs_qm_reset_dqcounts(
- */
- xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR,
- "xfs_quotacheck");
-+ /*
-+ * Reset type in case we are reusing group quota file for
-+ * project quotas or vice versa
-+ */
-+ ddq->d_flags = type;
- ddq->d_bcount = 0;
- ddq->d_icount = 0;
- ddq->d_rtbcount = 0;
-diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c
-index fa3135b..eb90cd5 100644
---- a/fs/xfs/xfs_trans.c
-+++ b/fs/xfs/xfs_trans.c
-@@ -472,6 +472,7 @@ xfs_trans_apply_sb_deltas(
- whole = 1;
- }
-
-+ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
- if (whole)
- /*
- * Log the whole thing, the fields are noncontiguous.
-diff --git a/fs/xfs/xfs_trans_buf.c b/fs/xfs/xfs_trans_buf.c
-index 0a4d4ab..7579841 100644
---- a/fs/xfs/xfs_trans_buf.c
-+++ b/fs/xfs/xfs_trans_buf.c
-@@ -327,9 +327,10 @@ xfs_trans_read_buf_map(
- return -EIO;
- }
-
-- if (tp)
-+ if (tp) {
- _xfs_trans_bjoin(tp, bp, 1);
-- trace_xfs_trans_read_buf(bp->b_fspriv);
-+ trace_xfs_trans_read_buf(bp->b_fspriv);
-+ }
- *bpp = bp;
- return 0;
-
-diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 33063f8..fa6a314 100644
---- a/include/linux/compiler.h
-+++ b/include/linux/compiler.h
-@@ -198,7 +198,7 @@ static __always_inline void data_access_exceeds_word_size(void)
- {
- }
-
--static __always_inline void __read_once_size(volatile void *p, void *res, int size)
-+static __always_inline void __read_once_size(const volatile void *p, void *res, int size)
- {
- switch (size) {
- case 1: *(__u8 *)res = *(volatile __u8 *)p; break;
-@@ -255,10 +255,10 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
- */
-
- #define READ_ONCE(x) \
-- ({ typeof(x) __val; __read_once_size(&x, &__val, sizeof(__val)); __val; })
-+ ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; })
-
- #define WRITE_ONCE(x, val) \
-- ({ typeof(x) __val; __val = val; __write_once_size(&x, &__val, sizeof(__val)); __val; })
-+ ({ typeof(x) __val = (val); __write_once_size(&(x), &__val, sizeof(__val)); __val; })
-
- #endif /* __KERNEL__ */
-
-@@ -447,12 +447,23 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
- * to make the compiler aware of ordering is to put the two invocations of
- * ACCESS_ONCE() in different C statements.
- *
-- * This macro does absolutely -nothing- to prevent the CPU from reordering,
-- * merging, or refetching absolutely anything at any time. Its main intended
-- * use is to mediate communication between process-level code and irq/NMI
-- * handlers, all running on the same CPU.
-+ * ACCESS_ONCE will only work on scalar types. For union types, ACCESS_ONCE
-+ * on a union member will work as long as the size of the member matches the
-+ * size of the union and the size is smaller than word size.
-+ *
-+ * The major use cases of ACCESS_ONCE used to be (1) Mediating communication
-+ * between process-level code and irq/NMI handlers, all running on the same CPU,
-+ * and (2) Ensuring that the compiler does not fold, spindle, or otherwise
-+ * mutilate accesses that either do not require ordering or that interact
-+ * with an explicit memory barrier or atomic instruction that provides the
-+ * required ordering.
-+ *
-+ * If possible use READ_ONCE/ASSIGN_ONCE instead.
- */
--#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
-+#define __ACCESS_ONCE(x) ({ \
-+ __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
-+ (volatile typeof(x) *)&(x); })
-+#define ACCESS_ONCE(x) (*__ACCESS_ONCE(x))
-
- /* Ignore/forbid kprobes attach on very low level functions marked by this attribute: */
- #ifdef CONFIG_KPROBES
-diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
-index 1c804b0..7ee1774 100644
---- a/include/linux/fsnotify.h
-+++ b/include/linux/fsnotify.h
-@@ -101,8 +101,10 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
- new_dir_mask |= FS_ISDIR;
- }
-
-- fsnotify(old_dir, old_dir_mask, old_dir, FSNOTIFY_EVENT_INODE, old_name, fs_cookie);
-- fsnotify(new_dir, new_dir_mask, new_dir, FSNOTIFY_EVENT_INODE, new_name, fs_cookie);
-+ fsnotify(old_dir, old_dir_mask, source, FSNOTIFY_EVENT_INODE, old_name,
-+ fs_cookie);
-+ fsnotify(new_dir, new_dir_mask, source, FSNOTIFY_EVENT_INODE, new_name,
-+ fs_cookie);
-
- if (target)
- fsnotify_link_count(target);
-diff --git a/include/linux/kdb.h b/include/linux/kdb.h
-index 75ae2e2..a19bcf9 100644
---- a/include/linux/kdb.h
-+++ b/include/linux/kdb.h
-@@ -156,8 +156,14 @@ typedef enum {
- KDB_REASON_SYSTEM_NMI, /* In NMI due to SYSTEM cmd; regs valid */
- } kdb_reason_t;
-
-+enum kdb_msgsrc {
-+ KDB_MSGSRC_INTERNAL, /* direct call to kdb_printf() */
-+ KDB_MSGSRC_PRINTK, /* trapped from printk() */
-+};
-+
- extern int kdb_trap_printk;
--extern __printf(1, 0) int vkdb_printf(const char *fmt, va_list args);
-+extern __printf(2, 0) int vkdb_printf(enum kdb_msgsrc src, const char *fmt,
-+ va_list args);
- extern __printf(1, 2) int kdb_printf(const char *, ...);
- typedef __printf(1, 2) int (*kdb_printf_t)(const char *, ...);
-
-diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
-index 467c84e..06ebfa1 100644
---- a/include/linux/nfs_xdr.h
-+++ b/include/linux/nfs_xdr.h
-@@ -1342,7 +1342,7 @@ struct nfs_commit_completion_ops {
- };
-
- struct nfs_commit_info {
-- spinlock_t *lock;
-+ spinlock_t *lock; /* inode->i_lock */
- struct nfs_mds_commit_info *mds;
- struct pnfs_ds_commit_info *ds;
- struct nfs_direct_req *dreq; /* O_DIRECT request */
-diff --git a/include/linux/quota.h b/include/linux/quota.h
-index 097d7eb2..b86df49 100644
---- a/include/linux/quota.h
-+++ b/include/linux/quota.h
-@@ -216,8 +216,8 @@ struct mem_dqinfo {
- unsigned long dqi_flags;
- unsigned int dqi_bgrace;
- unsigned int dqi_igrace;
-- qsize_t dqi_maxblimit;
-- qsize_t dqi_maxilimit;
-+ qsize_t dqi_max_spc_limit;
-+ qsize_t dqi_max_ino_limit;
- void *dqi_priv;
- };
-
-diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index d86acc6..598ba80 100644
---- a/include/linux/sunrpc/clnt.h
-+++ b/include/linux/sunrpc/clnt.h
-@@ -57,7 +57,7 @@ struct rpc_clnt {
- const struct rpc_timeout *cl_timeout; /* Timeout strategy */
-
- int cl_nodelen; /* nodename length */
-- char cl_nodename[UNX_MAXNODENAME];
-+ char cl_nodename[UNX_MAXNODENAME+1];
- struct rpc_pipe_dir_head cl_pipedir_objects;
- struct rpc_clnt * cl_parent; /* Points to parent of clones */
- struct rpc_rtt cl_rtt_default;
-@@ -112,6 +112,7 @@ struct rpc_create_args {
- struct sockaddr *saddress;
- const struct rpc_timeout *timeout;
- const char *servername;
-+ const char *nodename;
- const struct rpc_program *program;
- u32 prognumber; /* overrides program->number */
- u32 version;
-diff --git a/include/linux/usb.h b/include/linux/usb.h
-index f89c24a..058a769 100644
---- a/include/linux/usb.h
-+++ b/include/linux/usb.h
-@@ -127,10 +127,6 @@ enum usb_interface_condition {
- * to the sysfs representation for that device.
- * @pm_usage_cnt: PM usage counter for this interface
- * @reset_ws: Used for scheduling resets from atomic context.
-- * @reset_running: set to 1 if the interface is currently running a
-- * queued reset so that usb_cancel_queued_reset() doesn't try to
-- * remove from the workqueue when running inside the worker
-- * thread. See __usb_queue_reset_device().
- * @resetting_device: USB core reset the device, so use alt setting 0 as
- * current; needs bandwidth alloc after reset.
- *
-@@ -181,7 +177,6 @@ struct usb_interface {
- unsigned needs_remote_wakeup:1; /* driver requires remote wakeup */
- unsigned needs_altsetting0:1; /* switch to altsetting 0 is pending */
- unsigned needs_binding:1; /* needs delayed unbind/rebind */
-- unsigned reset_running:1;
- unsigned resetting_device:1; /* true: bandwidth alloc after reset */
-
- struct device dev; /* interface specific device info */
-diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h
-index 086bf13..68b1e83 100644
---- a/include/linux/usb/hcd.h
-+++ b/include/linux/usb/hcd.h
-@@ -146,6 +146,8 @@ struct usb_hcd {
- unsigned amd_resume_bug:1; /* AMD remote wakeup quirk */
- unsigned can_do_streams:1; /* HC supports streams */
- unsigned tpl_support:1; /* OTG & EH TPL support */
-+ unsigned cant_recv_wakeups:1;
-+ /* wakeup requests from downstream aren't received */
-
- unsigned int irq; /* irq allocated */
- void __iomem *regs; /* device memory/io */
-@@ -453,6 +455,7 @@ extern const struct dev_pm_ops usb_hcd_pci_pm_ops;
- #endif /* CONFIG_PCI */
-
- /* pci-ish (pdev null is ok) buffer alloc/mapping support */
-+void usb_init_pool_max(void);
- int hcd_buffer_create(struct usb_hcd *hcd);
- void hcd_buffer_destroy(struct usb_hcd *hcd);
-
-diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
-index a6fd939..3ebb168 100644
---- a/include/net/cipso_ipv4.h
-+++ b/include/net/cipso_ipv4.h
-@@ -121,13 +121,6 @@ extern int cipso_v4_rbm_strictvalid;
- #endif
-
- /*
-- * Helper Functions
-- */
--
--#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
--#define CIPSO_V4_OPTPTR(x) (skb_network_header(x) + IPCB(x)->opt.cipso)
--
--/*
- * DOI List Functions
- */
-
-@@ -190,7 +183,7 @@ static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
-
- #ifdef CONFIG_NETLABEL
- void cipso_v4_cache_invalidate(void);
--int cipso_v4_cache_add(const struct sk_buff *skb,
-+int cipso_v4_cache_add(const unsigned char *cipso_ptr,
- const struct netlbl_lsm_secattr *secattr);
- #else
- static inline void cipso_v4_cache_invalidate(void)
-@@ -198,7 +191,7 @@ static inline void cipso_v4_cache_invalidate(void)
- return;
- }
-
--static inline int cipso_v4_cache_add(const struct sk_buff *skb,
-+static inline int cipso_v4_cache_add(const unsigned char *cipso_ptr,
- const struct netlbl_lsm_secattr *secattr)
- {
- return 0;
-@@ -211,6 +204,8 @@ static inline int cipso_v4_cache_add(const struct sk_buff *skb,
-
- #ifdef CONFIG_NETLABEL
- void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
-+int cipso_v4_getattr(const unsigned char *cipso,
-+ struct netlbl_lsm_secattr *secattr);
- int cipso_v4_sock_setattr(struct sock *sk,
- const struct cipso_v4_doi *doi_def,
- const struct netlbl_lsm_secattr *secattr);
-@@ -226,6 +221,7 @@ int cipso_v4_skbuff_setattr(struct sk_buff *skb,
- int cipso_v4_skbuff_delattr(struct sk_buff *skb);
- int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
- struct netlbl_lsm_secattr *secattr);
-+unsigned char *cipso_v4_optptr(const struct sk_buff *skb);
- int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option);
- #else
- static inline void cipso_v4_error(struct sk_buff *skb,
-@@ -235,6 +231,12 @@ static inline void cipso_v4_error(struct sk_buff *skb,
- return;
- }
-
-+static inline int cipso_v4_getattr(const unsigned char *cipso,
-+ struct netlbl_lsm_secattr *secattr)
-+{
-+ return -ENOSYS;
-+}
-+
- static inline int cipso_v4_sock_setattr(struct sock *sk,
- const struct cipso_v4_doi *doi_def,
- const struct netlbl_lsm_secattr *secattr)
-@@ -282,6 +284,11 @@ static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
- return -ENOSYS;
- }
-
-+static inline unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
-+{
-+ return NULL;
-+}
-+
- static inline int cipso_v4_validate(const struct sk_buff *skb,
- unsigned char **option)
- {
-diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
-index 07ce18c..ac5c0f9 100644
---- a/kernel/debug/debug_core.c
-+++ b/kernel/debug/debug_core.c
-@@ -604,7 +604,7 @@ return_normal:
- online_cpus)
- cpu_relax();
- if (!time_left)
-- pr_crit("KGDB: Timed out waiting for secondary CPUs.\n");
-+ pr_crit("Timed out waiting for secondary CPUs.\n");
-
- /*
- * At this point the primary processor is completely
-diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
-index 7c70812..a550afb 100644
---- a/kernel/debug/kdb/kdb_io.c
-+++ b/kernel/debug/kdb/kdb_io.c
-@@ -548,7 +548,7 @@ static int kdb_search_string(char *searched, char *searchfor)
- return 0;
- }
-
--int vkdb_printf(const char *fmt, va_list ap)
-+int vkdb_printf(enum kdb_msgsrc src, const char *fmt, va_list ap)
- {
- int diag;
- int linecount;
-@@ -691,19 +691,20 @@ kdb_printit:
- * Write to all consoles.
- */
- retlen = strlen(kdb_buffer);
-+ cp = (char *) printk_skip_level(kdb_buffer);
- if (!dbg_kdb_mode && kgdb_connected) {
-- gdbstub_msg_write(kdb_buffer, retlen);
-+ gdbstub_msg_write(cp, retlen - (cp - kdb_buffer));
- } else {
- if (dbg_io_ops && !dbg_io_ops->is_console) {
-- len = retlen;
-- cp = kdb_buffer;
-+ len = retlen - (cp - kdb_buffer);
-+ cp2 = cp;
- while (len--) {
-- dbg_io_ops->write_char(*cp);
-- cp++;
-+ dbg_io_ops->write_char(*cp2);
-+ cp2++;
- }
- }
- while (c) {
-- c->write(c, kdb_buffer, retlen);
-+ c->write(c, cp, retlen - (cp - kdb_buffer));
- touch_nmi_watchdog();
- c = c->next;
- }
-@@ -711,7 +712,10 @@ kdb_printit:
- if (logging) {
- saved_loglevel = console_loglevel;
- console_loglevel = CONSOLE_LOGLEVEL_SILENT;
-- printk(KERN_INFO "%s", kdb_buffer);
-+ if (printk_get_level(kdb_buffer) || src == KDB_MSGSRC_PRINTK)
-+ printk("%s", kdb_buffer);
-+ else
-+ pr_info("%s", kdb_buffer);
- }
-
- if (KDB_STATE(PAGER)) {
-@@ -844,7 +848,7 @@ int kdb_printf(const char *fmt, ...)
- int r;
-
- va_start(ap, fmt);
-- r = vkdb_printf(fmt, ap);
-+ r = vkdb_printf(KDB_MSGSRC_INTERNAL, fmt, ap);
- va_end(ap);
-
- return r;
-diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 7b40c5f..60f6bb8 100644
---- a/kernel/debug/kdb/kdb_main.c
-+++ b/kernel/debug/kdb/kdb_main.c
-@@ -2256,7 +2256,7 @@ static int kdb_cpu(int argc, const char **argv)
- /*
- * Validate cpunum
- */
-- if ((cpunum > NR_CPUS) || !kgdb_info[cpunum].enter_kgdb)
-+ if ((cpunum >= CONFIG_NR_CPUS) || !kgdb_info[cpunum].enter_kgdb)
- return KDB_BADCPUNUM;
-
- dbg_switch_cpu = cpunum;
-@@ -2583,7 +2583,7 @@ static int kdb_summary(int argc, const char **argv)
- #define K(x) ((x) << (PAGE_SHIFT - 10))
- kdb_printf("\nMemTotal: %8lu kB\nMemFree: %8lu kB\n"
- "Buffers: %8lu kB\n",
-- val.totalram, val.freeram, val.bufferram);
-+ K(val.totalram), K(val.freeram), K(val.bufferram));
- return 0;
- }
-
-diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 02d6b6d..fae29e3 100644
---- a/kernel/printk/printk.c
-+++ b/kernel/printk/printk.c
-@@ -1811,7 +1811,7 @@ int vprintk_default(const char *fmt, va_list args)
-
- #ifdef CONFIG_KGDB_KDB
- if (unlikely(kdb_trap_printk)) {
-- r = vkdb_printf(fmt, args);
-+ r = vkdb_printf(KDB_MSGSRC_PRINTK, fmt, args);
- return r;
- }
- #endif
-diff --git a/kernel/softirq.c b/kernel/softirq.c
-index 501baa9..c497fcd 100644
---- a/kernel/softirq.c
-+++ b/kernel/softirq.c
-@@ -656,9 +656,13 @@ static void run_ksoftirqd(unsigned int cpu)
- * in the task stack here.
- */
- __do_softirq();
-- rcu_note_context_switch();
- local_irq_enable();
- cond_resched();
-+
-+ preempt_disable();
-+ rcu_note_context_switch();
-+ preempt_enable();
-+
- return;
- }
- local_irq_enable();
-diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
-index 28bf91c..85fb3d6 100644
---- a/kernel/time/ntp.c
-+++ b/kernel/time/ntp.c
-@@ -633,10 +633,14 @@ int ntp_validate_timex(struct timex *txc)
- if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
- return -EPERM;
-
-- if (txc->modes & ADJ_FREQUENCY) {
-- if (LONG_MIN / PPM_SCALE > txc->freq)
-+ /*
-+ * Check for potential multiplication overflows that can
-+ * only happen on 64-bit systems:
-+ */
-+ if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) {
-+ if (LLONG_MIN / PPM_SCALE > txc->freq)
- return -EINVAL;
-- if (LONG_MAX / PPM_SCALE < txc->freq)
-+ if (LLONG_MAX / PPM_SCALE < txc->freq)
- return -EINVAL;
- }
-
-diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index 7a4104c..d2e151c 100644
---- a/kernel/trace/ring_buffer.c
-+++ b/kernel/trace/ring_buffer.c
-@@ -447,7 +447,10 @@ int ring_buffer_print_page_header(struct trace_seq *s)
- struct rb_irq_work {
- struct irq_work work;
- wait_queue_head_t waiters;
-+ wait_queue_head_t full_waiters;
- bool waiters_pending;
-+ bool full_waiters_pending;
-+ bool wakeup_full;
- };
-
- /*
-@@ -529,6 +532,10 @@ static void rb_wake_up_waiters(struct irq_work *work)
- struct rb_irq_work *rbwork = container_of(work, struct rb_irq_work, work);
-
- wake_up_all(&rbwork->waiters);
-+ if (rbwork->wakeup_full) {
-+ rbwork->wakeup_full = false;
-+ wake_up_all(&rbwork->full_waiters);
-+ }
- }
-
- /**
-@@ -553,9 +560,11 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full)
- * data in any cpu buffer, or a specific buffer, put the
- * caller on the appropriate wait queue.
- */
-- if (cpu == RING_BUFFER_ALL_CPUS)
-+ if (cpu == RING_BUFFER_ALL_CPUS) {
- work = &buffer->irq_work;
-- else {
-+ /* Full only makes sense on per cpu reads */
-+ full = false;
-+ } else {
- if (!cpumask_test_cpu(cpu, buffer->cpumask))
- return -ENODEV;
- cpu_buffer = buffer->buffers[cpu];
-@@ -564,7 +573,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full)
-
-
- while (true) {
-- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE);
-+ if (full)
-+ prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE);
-+ else
-+ prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE);
-
- /*
- * The events can happen in critical sections where
-@@ -586,7 +598,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full)
- * that is necessary is that the wake up happens after
- * a task has been queued. It's OK for spurious wake ups.
- */
-- work->waiters_pending = true;
-+ if (full)
-+ work->full_waiters_pending = true;
-+ else
-+ work->waiters_pending = true;
-
- if (signal_pending(current)) {
- ret = -EINTR;
-@@ -615,7 +630,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full)
- schedule();
- }
-
-- finish_wait(&work->waiters, &wait);
-+ if (full)
-+ finish_wait(&work->full_waiters, &wait);
-+ else
-+ finish_wait(&work->waiters, &wait);
-
- return ret;
- }
-@@ -1230,6 +1248,7 @@ rb_allocate_cpu_buffer(struct ring_buffer *buffer, int nr_pages, int cpu)
- init_completion(&cpu_buffer->update_done);
- init_irq_work(&cpu_buffer->irq_work.work, rb_wake_up_waiters);
- init_waitqueue_head(&cpu_buffer->irq_work.waiters);
-+ init_waitqueue_head(&cpu_buffer->irq_work.full_waiters);
-
- bpage = kzalloc_node(ALIGN(sizeof(*bpage), cache_line_size()),
- GFP_KERNEL, cpu_to_node(cpu));
-@@ -2801,6 +2820,8 @@ static void rb_commit(struct ring_buffer_per_cpu *cpu_buffer,
- static __always_inline void
- rb_wakeups(struct ring_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer)
- {
-+ bool pagebusy;
-+
- if (buffer->irq_work.waiters_pending) {
- buffer->irq_work.waiters_pending = false;
- /* irq_work_queue() supplies it's own memory barriers */
-@@ -2812,6 +2833,15 @@ rb_wakeups(struct ring_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer)
- /* irq_work_queue() supplies it's own memory barriers */
- irq_work_queue(&cpu_buffer->irq_work.work);
- }
-+
-+ pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page;
-+
-+ if (!pagebusy && cpu_buffer->irq_work.full_waiters_pending) {
-+ cpu_buffer->irq_work.wakeup_full = true;
-+ cpu_buffer->irq_work.full_waiters_pending = false;
-+ /* irq_work_queue() supplies it's own memory barriers */
-+ irq_work_queue(&cpu_buffer->irq_work.work);
-+ }
- }
-
- /**
-diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 4a9079b..361a827 100644
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -4942,7 +4942,7 @@ tracing_mark_write(struct file *filp, const char __user *ubuf,
- *fpos += written;
-
- out_unlock:
-- for (i = 0; i < nr_pages; i++){
-+ for (i = nr_pages - 1; i >= 0; i--) {
- kunmap_atomic(map_page[i]);
- put_page(pages[i]);
- }
-diff --git a/mm/gup.c b/mm/gup.c
-index 8dd50ce..9b2afbf 100644
---- a/mm/gup.c
-+++ b/mm/gup.c
-@@ -926,7 +926,7 @@ static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
-
- pmdp = pmd_offset(&pud, addr);
- do {
-- pmd_t pmd = ACCESS_ONCE(*pmdp);
-+ pmd_t pmd = READ_ONCE(*pmdp);
-
- next = pmd_addr_end(addr, end);
- if (pmd_none(pmd) || pmd_trans_splitting(pmd))
-diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 85032de..c49586f 100644
---- a/mm/hugetlb.c
-+++ b/mm/hugetlb.c
-@@ -3666,6 +3666,8 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- {
- struct page *page;
-
-+ if (!pmd_present(*pmd))
-+ return NULL;
- page = pte_page(*(pte_t *)pmd);
- if (page)
- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
-diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
-index 693ce8b..1775dbf 100644
---- a/net/bluetooth/mgmt.c
-+++ b/net/bluetooth/mgmt.c
-@@ -7066,7 +7066,8 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
- * However when using service discovery, the value 127 will be
- * returned when the RSSI is not available.
- */
-- if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
-+ if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
-+ link_type == ACL_LINK)
- rssi = 0;
-
- bacpy(&ev->addr.bdaddr, bdaddr);
-diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
-index b67749b..757ae32 100644
---- a/net/bluetooth/smp.c
-+++ b/net/bluetooth/smp.c
-@@ -2303,8 +2303,12 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
- * implementations are not known of and in order to not over
- * complicate our implementation, simply pretend that we never
- * received an IRK for such a device.
-+ *
-+ * The Identity Address must also be a Static Random or Public
-+ * Address, which hci_is_identity_address() checks for.
- */
-- if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
-+ if (!bacmp(&info->bdaddr, BDADDR_ANY) ||
-+ !hci_is_identity_address(&info->bdaddr, info->addr_type)) {
- BT_ERR("Ignoring IRK with no identity address");
- goto distribute;
- }
-diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
-index 53299c7..f693a2f 100644
---- a/net/ceph/osd_client.c
-+++ b/net/ceph/osd_client.c
-@@ -1048,14 +1048,24 @@ static void put_osd(struct ceph_osd *osd)
- */
- static void __remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
- {
-- dout("__remove_osd %p\n", osd);
-+ dout("%s %p osd%d\n", __func__, osd, osd->o_osd);
- WARN_ON(!list_empty(&osd->o_requests));
- WARN_ON(!list_empty(&osd->o_linger_requests));
-
-- rb_erase(&osd->o_node, &osdc->osds);
- list_del_init(&osd->o_osd_lru);
-- ceph_con_close(&osd->o_con);
-- put_osd(osd);
-+ rb_erase(&osd->o_node, &osdc->osds);
-+ RB_CLEAR_NODE(&osd->o_node);
-+}
-+
-+static void remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
-+{
-+ dout("%s %p osd%d\n", __func__, osd, osd->o_osd);
-+
-+ if (!RB_EMPTY_NODE(&osd->o_node)) {
-+ ceph_con_close(&osd->o_con);
-+ __remove_osd(osdc, osd);
-+ put_osd(osd);
-+ }
- }
-
- static void remove_all_osds(struct ceph_osd_client *osdc)
-@@ -1065,7 +1075,7 @@ static void remove_all_osds(struct ceph_osd_client *osdc)
- while (!RB_EMPTY_ROOT(&osdc->osds)) {
- struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds),
- struct ceph_osd, o_node);
-- __remove_osd(osdc, osd);
-+ remove_osd(osdc, osd);
- }
- mutex_unlock(&osdc->request_mutex);
- }
-@@ -1106,7 +1116,7 @@ static void remove_old_osds(struct ceph_osd_client *osdc)
- list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) {
- if (time_before(jiffies, osd->lru_ttl))
- break;
-- __remove_osd(osdc, osd);
-+ remove_osd(osdc, osd);
- }
- mutex_unlock(&osdc->request_mutex);
- }
-@@ -1121,8 +1131,7 @@ static int __reset_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
- dout("__reset_osd %p osd%d\n", osd, osd->o_osd);
- if (list_empty(&osd->o_requests) &&
- list_empty(&osd->o_linger_requests)) {
-- __remove_osd(osdc, osd);
--
-+ remove_osd(osdc, osd);
- return -ENODEV;
- }
-
-@@ -1926,6 +1935,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc)
- {
- struct rb_node *p, *n;
-
-+ dout("%s %p\n", __func__, osdc);
- for (p = rb_first(&osdc->osds); p; p = n) {
- struct ceph_osd *osd = rb_entry(p, struct ceph_osd, o_node);
-
-diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
-index 5160c71..e361ea6 100644
---- a/net/ipv4/cipso_ipv4.c
-+++ b/net/ipv4/cipso_ipv4.c
-@@ -378,20 +378,18 @@ static int cipso_v4_cache_check(const unsigned char *key,
- * negative values on failure.
- *
- */
--int cipso_v4_cache_add(const struct sk_buff *skb,
-+int cipso_v4_cache_add(const unsigned char *cipso_ptr,
- const struct netlbl_lsm_secattr *secattr)
- {
- int ret_val = -EPERM;
- u32 bkt;
- struct cipso_v4_map_cache_entry *entry = NULL;
- struct cipso_v4_map_cache_entry *old_entry = NULL;
-- unsigned char *cipso_ptr;
- u32 cipso_ptr_len;
-
- if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0)
- return 0;
-
-- cipso_ptr = CIPSO_V4_OPTPTR(skb);
- cipso_ptr_len = cipso_ptr[1];
-
- entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
-@@ -1579,6 +1577,33 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def,
- }
-
- /**
-+ * cipso_v4_optptr - Find the CIPSO option in the packet
-+ * @skb: the packet
-+ *
-+ * Description:
-+ * Parse the packet's IP header looking for a CIPSO option. Returns a pointer
-+ * to the start of the CIPSO option on success, NULL if one if not found.
-+ *
-+ */
-+unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
-+{
-+ const struct iphdr *iph = ip_hdr(skb);
-+ unsigned char *optptr = (unsigned char *)&(ip_hdr(skb)[1]);
-+ int optlen;
-+ int taglen;
-+
-+ for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {
-+ if (optptr[0] == IPOPT_CIPSO)
-+ return optptr;
-+ taglen = optptr[1];
-+ optlen -= taglen;
-+ optptr += taglen;
-+ }
-+
-+ return NULL;
-+}
-+
-+/**
- * cipso_v4_validate - Validate a CIPSO option
- * @option: the start of the option, on error it is set to point to the error
- *
-@@ -2119,8 +2144,8 @@ void cipso_v4_req_delattr(struct request_sock *req)
- * on success and negative values on failure.
- *
- */
--static int cipso_v4_getattr(const unsigned char *cipso,
-- struct netlbl_lsm_secattr *secattr)
-+int cipso_v4_getattr(const unsigned char *cipso,
-+ struct netlbl_lsm_secattr *secattr)
- {
- int ret_val = -ENOMSG;
- u32 doi;
-@@ -2305,22 +2330,6 @@ int cipso_v4_skbuff_delattr(struct sk_buff *skb)
- return 0;
- }
-
--/**
-- * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option
-- * @skb: the packet
-- * @secattr: the security attributes
-- *
-- * Description:
-- * Parse the given packet's CIPSO option and return the security attributes.
-- * Returns zero on success and negative values on failure.
-- *
-- */
--int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
-- struct netlbl_lsm_secattr *secattr)
--{
-- return cipso_v4_getattr(CIPSO_V4_OPTPTR(skb), secattr);
--}
--
- /*
- * Setup Functions
- */
-diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
-index a845cd4..28cddc8 100644
---- a/net/netlabel/netlabel_kapi.c
-+++ b/net/netlabel/netlabel_kapi.c
-@@ -1065,10 +1065,12 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb,
- u16 family,
- struct netlbl_lsm_secattr *secattr)
- {
-+ unsigned char *ptr;
-+
- switch (family) {
- case AF_INET:
-- if (CIPSO_V4_OPTEXIST(skb) &&
-- cipso_v4_skbuff_getattr(skb, secattr) == 0)
-+ ptr = cipso_v4_optptr(skb);
-+ if (ptr && cipso_v4_getattr(ptr, secattr) == 0)
- return 0;
- break;
- #if IS_ENABLED(CONFIG_IPV6)
-@@ -1094,7 +1096,7 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb,
- */
- void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway)
- {
-- if (CIPSO_V4_OPTEXIST(skb))
-+ if (cipso_v4_optptr(skb))
- cipso_v4_error(skb, error, gateway);
- }
-
-@@ -1126,11 +1128,14 @@ void netlbl_cache_invalidate(void)
- int netlbl_cache_add(const struct sk_buff *skb,
- const struct netlbl_lsm_secattr *secattr)
- {
-+ unsigned char *ptr;
-+
- if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0)
- return -ENOMSG;
-
-- if (CIPSO_V4_OPTEXIST(skb))
-- return cipso_v4_cache_add(skb, secattr);
-+ ptr = cipso_v4_optptr(skb);
-+ if (ptr)
-+ return cipso_v4_cache_add(ptr, secattr);
-
- return -ENOMSG;
- }
-diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 05da12a..3f5d4d4 100644
---- a/net/sunrpc/clnt.c
-+++ b/net/sunrpc/clnt.c
-@@ -286,10 +286,8 @@ static struct rpc_xprt *rpc_clnt_set_transport(struct rpc_clnt *clnt,
-
- static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename)
- {
-- clnt->cl_nodelen = strlen(nodename);
-- if (clnt->cl_nodelen > UNX_MAXNODENAME)
-- clnt->cl_nodelen = UNX_MAXNODENAME;
-- memcpy(clnt->cl_nodename, nodename, clnt->cl_nodelen);
-+ clnt->cl_nodelen = strlcpy(clnt->cl_nodename,
-+ nodename, sizeof(clnt->cl_nodename));
- }
-
- static int rpc_client_register(struct rpc_clnt *clnt,
-@@ -365,6 +363,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
- const struct rpc_version *version;
- struct rpc_clnt *clnt = NULL;
- const struct rpc_timeout *timeout;
-+ const char *nodename = args->nodename;
- int err;
-
- /* sanity check the name before trying to print it */
-@@ -420,8 +419,10 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
-
- atomic_set(&clnt->cl_count, 1);
-
-+ if (nodename == NULL)
-+ nodename = utsname()->nodename;
- /* save the nodename */
-- rpc_clnt_set_nodename(clnt, utsname()->nodename);
-+ rpc_clnt_set_nodename(clnt, nodename);
-
- err = rpc_client_register(clnt, args->authflavor, args->client_name);
- if (err)
-@@ -576,6 +577,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
- if (xprt == NULL)
- goto out_err;
- args->servername = xprt->servername;
-+ args->nodename = clnt->cl_nodename;
-
- new = rpc_new_client(args, xprt, clnt);
- if (IS_ERR(new)) {
-diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
-index 0520201..cf5770d 100644
---- a/net/sunrpc/rpcb_clnt.c
-+++ b/net/sunrpc/rpcb_clnt.c
-@@ -355,7 +355,8 @@ out:
- return result;
- }
-
--static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname,
-+static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
-+ const char *hostname,
- struct sockaddr *srvaddr, size_t salen,
- int proto, u32 version)
- {
-@@ -365,6 +366,7 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname,
- .address = srvaddr,
- .addrsize = salen,
- .servername = hostname,
-+ .nodename = nodename,
- .program = &rpcb_program,
- .version = version,
- .authflavor = RPC_AUTH_UNIX,
-@@ -740,7 +742,9 @@ void rpcb_getport_async(struct rpc_task *task)
- dprintk("RPC: %5u %s: trying rpcbind version %u\n",
- task->tk_pid, __func__, bind_version);
-
-- rpcb_clnt = rpcb_create(xprt->xprt_net, xprt->servername, sap, salen,
-+ rpcb_clnt = rpcb_create(xprt->xprt_net,
-+ clnt->cl_nodename,
-+ xprt->servername, sap, salen,
- xprt->prot, bind_version);
- if (IS_ERR(rpcb_clnt)) {
- status = PTR_ERR(rpcb_clnt);
-diff --git a/security/smack/smack.h b/security/smack/smack.h
-index b828a37..b48359c 100644
---- a/security/smack/smack.h
-+++ b/security/smack/smack.h
-@@ -298,6 +298,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp)
- return tsp->smk_task;
- }
-
-+static inline struct smack_known *smk_of_task_struct(const struct task_struct *t)
-+{
-+ struct smack_known *skp;
-+
-+ rcu_read_lock();
-+ skp = smk_of_task(__task_cred(t)->security);
-+ rcu_read_unlock();
-+ return skp;
-+}
-+
- /*
- * Present a pointer to the forked smack label entry in an task blob.
- */
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index f1b17a4..a717877 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -43,8 +43,6 @@
- #include <linux/binfmts.h>
- #include "smack.h"
-
--#define task_security(task) (task_cred_xxx((task), security))
--
- #define TRANS_TRUE "TRUE"
- #define TRANS_TRUE_SIZE 4
-
-@@ -120,7 +118,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp,
- static int smk_bu_task(struct task_struct *otp, int mode, int rc)
- {
- struct task_smack *tsp = current_security();
-- struct task_smack *otsp = task_security(otp);
-+ struct smack_known *smk_task = smk_of_task_struct(otp);
- char acc[SMK_NUM_ACCESS_TYPE + 1];
-
- if (rc <= 0)
-@@ -128,7 +126,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc)
-
- smk_bu_mode(mode, acc);
- pr_info("Smack Bringup: (%s %s %s) %s to %s\n",
-- tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc,
-+ tsp->smk_task->smk_known, smk_task->smk_known, acc,
- current->comm, otp->comm);
- return 0;
- }
-@@ -345,7 +343,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
- saip = &ad;
- }
-
-- tsp = task_security(tracer);
-+ rcu_read_lock();
-+ tsp = __task_cred(tracer)->security;
- tracer_known = smk_of_task(tsp);
-
- if ((mode & PTRACE_MODE_ATTACH) &&
-@@ -365,11 +364,14 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
- tracee_known->smk_known,
- 0, rc, saip);
-
-+ rcu_read_unlock();
- return rc;
- }
-
- /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
- rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
-+
-+ rcu_read_unlock();
- return rc;
- }
-
-@@ -396,7 +398,7 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
- if (rc != 0)
- return rc;
-
-- skp = smk_of_task(task_security(ctp));
-+ skp = smk_of_task_struct(ctp);
-
- rc = smk_ptrace_rule_check(current, skp, mode, __func__);
- return rc;
-@@ -1826,7 +1828,7 @@ static int smk_curacc_on_task(struct task_struct *p, int access,
- const char *caller)
- {
- struct smk_audit_info ad;
-- struct smack_known *skp = smk_of_task(task_security(p));
-+ struct smack_known *skp = smk_of_task_struct(p);
- int rc;
-
- smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
-@@ -1879,7 +1881,7 @@ static int smack_task_getsid(struct task_struct *p)
- */
- static void smack_task_getsecid(struct task_struct *p, u32 *secid)
- {
-- struct smack_known *skp = smk_of_task(task_security(p));
-+ struct smack_known *skp = smk_of_task_struct(p);
-
- *secid = skp->smk_secid;
- }
-@@ -1986,7 +1988,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
- {
- struct smk_audit_info ad;
- struct smack_known *skp;
-- struct smack_known *tkp = smk_of_task(task_security(p));
-+ struct smack_known *tkp = smk_of_task_struct(p);
- int rc;
-
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
-@@ -2040,7 +2042,7 @@ static int smack_task_wait(struct task_struct *p)
- static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
- {
- struct inode_smack *isp = inode->i_security;
-- struct smack_known *skp = smk_of_task(task_security(p));
-+ struct smack_known *skp = smk_of_task_struct(p);
-
- isp->smk_inode = skp;
- }
-@@ -3200,7 +3202,7 @@ unlockandout:
- */
- static int smack_getprocattr(struct task_struct *p, char *name, char **value)
- {
-- struct smack_known *skp = smk_of_task(task_security(p));
-+ struct smack_known *skp = smk_of_task_struct(p);
- char *cp;
- int slen;
-
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index 65f1f4e..0c993f7 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -4844,6 +4844,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
- SND_PCI_QUIRK(0x103c, 0x18e6, "HP", ALC269_FIXUP_HP_GPIO_LED),
- SND_PCI_QUIRK(0x103c, 0x218b, "HP", ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED),
- /* ALC282 */
-+ SND_PCI_QUIRK(0x103c, 0x21f9, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x2210, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x2214, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x2236, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
-diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
-index 605d140..6d36c5b 100644
---- a/sound/pci/hda/patch_sigmatel.c
-+++ b/sound/pci/hda/patch_sigmatel.c
-@@ -99,6 +99,7 @@ enum {
- STAC_HP_ENVY_BASS,
- STAC_HP_BNB13_EQ,
- STAC_HP_ENVY_TS_BASS,
-+ STAC_92HD83XXX_GPIO10_EAPD,
- STAC_92HD83XXX_MODELS
- };
-
-@@ -2141,6 +2142,19 @@ static void stac92hd83xxx_fixup_headset_jack(struct hda_codec *codec,
- spec->headset_jack = 1;
- }
-
-+static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec,
-+ const struct hda_fixup *fix,
-+ int action)
-+{
-+ struct sigmatel_spec *spec = codec->spec;
-+
-+ if (action != HDA_FIXUP_ACT_PRE_PROBE)
-+ return;
-+ spec->eapd_mask = spec->gpio_mask = spec->gpio_dir =
-+ spec->gpio_data = 0x10;
-+ spec->eapd_switch = 0;
-+}
-+
- static const struct hda_verb hp_bnb13_eq_verbs[] = {
- /* 44.1KHz base */
- { 0x22, 0x7A6, 0x3E },
-@@ -2656,6 +2670,10 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = {
- {}
- },
- },
-+ [STAC_92HD83XXX_GPIO10_EAPD] = {
-+ .type = HDA_FIXUP_FUNC,
-+ .v.func = stac92hd83xxx_fixup_gpio10_eapd,
-+ },
- };
-
- static const struct hda_model_fixup stac92hd83xxx_models[] = {
-@@ -2861,6 +2879,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = {
- SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x148a,
- "HP Mini", STAC_92HD83XXX_HP_LED),
- SND_PCI_QUIRK_VENDOR(PCI_VENDOR_ID_HP, "HP", STAC_92HD83XXX_HP),
-+ SND_PCI_QUIRK(PCI_VENDOR_ID_TOSHIBA, 0xfa91,
-+ "Toshiba Satellite S50D", STAC_92HD83XXX_GPIO10_EAPD),
- {} /* terminator */
- };
-
-diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c
-index 6abc2ac..e768572 100644
---- a/sound/pci/riptide/riptide.c
-+++ b/sound/pci/riptide/riptide.c
-@@ -2030,32 +2030,43 @@ snd_riptide_joystick_probe(struct pci_dev *pci, const struct pci_device_id *id)
- {
- static int dev;
- struct gameport *gameport;
-+ int ret;
-
- if (dev >= SNDRV_CARDS)
- return -ENODEV;
-+
- if (!enable[dev]) {
-- dev++;
-- return -ENOENT;
-+ ret = -ENOENT;
-+ goto inc_dev;
- }
-
-- if (!joystick_port[dev++])
-- return 0;
-+ if (!joystick_port[dev]) {
-+ ret = 0;
-+ goto inc_dev;
-+ }
-
- gameport = gameport_allocate_port();
-- if (!gameport)
-- return -ENOMEM;
-+ if (!gameport) {
-+ ret = -ENOMEM;
-+ goto inc_dev;
-+ }
- if (!request_region(joystick_port[dev], 8, "Riptide gameport")) {
- snd_printk(KERN_WARNING
- "Riptide: cannot grab gameport 0x%x\n",
- joystick_port[dev]);
- gameport_free_port(gameport);
-- return -EBUSY;
-+ ret = -EBUSY;
-+ goto inc_dev;
- }
-
- gameport->io = joystick_port[dev];
- gameport_register_port(gameport);
- pci_set_drvdata(pci, gameport);
-- return 0;
-+
-+ ret = 0;
-+inc_dev:
-+ dev++;
-+ return ret;
- }
-
- static void snd_riptide_joystick_remove(struct pci_dev *pci)
-diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
-index 3342705..13bc201 100644
---- a/sound/pci/rme9652/hdspm.c
-+++ b/sound/pci/rme9652/hdspm.c
-@@ -6086,6 +6086,9 @@ static int snd_hdspm_playback_open(struct snd_pcm_substream *substream)
- snd_pcm_hw_constraint_minmax(runtime,
- SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
- 64, 8192);
-+ snd_pcm_hw_constraint_minmax(runtime,
-+ SNDRV_PCM_HW_PARAM_PERIODS,
-+ 2, 2);
- break;
- }
-
-@@ -6160,6 +6163,9 @@ static int snd_hdspm_capture_open(struct snd_pcm_substream *substream)
- snd_pcm_hw_constraint_minmax(runtime,
- SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
- 64, 8192);
-+ snd_pcm_hw_constraint_minmax(runtime,
-+ SNDRV_PCM_HW_PARAM_PERIODS,
-+ 2, 2);
- break;
- }
-
-diff --git a/sound/soc/codecs/Kconfig b/sound/soc/codecs/Kconfig
-index 8349f98..ef2c70e 100644
---- a/sound/soc/codecs/Kconfig
-+++ b/sound/soc/codecs/Kconfig
-@@ -525,7 +525,7 @@ config SND_SOC_RT5677
-
- config SND_SOC_RT5677_SPI
- tristate
-- default SND_SOC_RT5677
-+ default SND_SOC_RT5677 && SPI
-
- #Freescale sgtl5000 codec
- config SND_SOC_SGTL5000
-diff --git a/sound/soc/codecs/rt5670.c b/sound/soc/codecs/rt5670.c
-index 8a0833d..1e574c8 100644
---- a/sound/soc/codecs/rt5670.c
-+++ b/sound/soc/codecs/rt5670.c
-@@ -2522,6 +2522,7 @@ static struct snd_soc_codec_driver soc_codec_dev_rt5670 = {
- static const struct regmap_config rt5670_regmap = {
- .reg_bits = 8,
- .val_bits = 16,
-+ .use_single_rw = true,
- .max_register = RT5670_VENDOR_ID2 + 1 + (ARRAY_SIZE(rt5670_ranges) *
- RT5670_PR_SPACING),
- .volatile_reg = rt5670_volatile_register,
-diff --git a/sound/soc/codecs/rt5677.c b/sound/soc/codecs/rt5677.c
-index 918ada9..cc90988 100644
---- a/sound/soc/codecs/rt5677.c
-+++ b/sound/soc/codecs/rt5677.c
-@@ -702,6 +702,9 @@ static int rt5677_set_dsp_vad(struct snd_soc_codec *codec, bool on)
- static bool activity;
- int ret;
-
-+ if (!IS_ENABLED(CONFIG_SND_SOC_RT5677_SPI))
-+ return -ENXIO;
-+
- if (on && !activity) {
- activity = true;
-
-diff --git a/sound/soc/davinci/Kconfig b/sound/soc/davinci/Kconfig
-index 8e948c6..2b81ca4 100644
---- a/sound/soc/davinci/Kconfig
-+++ b/sound/soc/davinci/Kconfig
-@@ -58,13 +58,12 @@ choice
- depends on MACH_DAVINCI_DM365_EVM
-
- config SND_DM365_AIC3X_CODEC
-- bool "Audio Codec - AIC3101"
-+ tristate "Audio Codec - AIC3101"
- help
- Say Y if you want to add support for AIC3101 audio codec
-
- config SND_DM365_VOICE_CODEC
- tristate "Voice Codec - CQ93VC"
-- depends on SND_DAVINCI_SOC
- select MFD_DAVINCI_VOICECODEC
- select SND_DAVINCI_SOC_VCIF
- select SND_SOC_CQ0093VC
-diff --git a/sound/soc/intel/sst/sst.h b/sound/soc/intel/sst/sst.h
-index 7f4bbfc..562bc48 100644
---- a/sound/soc/intel/sst/sst.h
-+++ b/sound/soc/intel/sst/sst.h
-@@ -58,6 +58,7 @@ enum sst_algo_ops {
- #define SST_BLOCK_TIMEOUT 1000
-
- #define FW_SIGNATURE_SIZE 4
-+#define FW_NAME_SIZE 32
-
- /* stream states */
- enum sst_stream_states {
-@@ -426,7 +427,7 @@ struct intel_sst_drv {
- * Holder for firmware name. Due to async call it needs to be
- * persistent till worker thread gets called
- */
-- char firmware_name[20];
-+ char firmware_name[FW_NAME_SIZE];
- };
-
- /* misc definitions */
-diff --git a/sound/soc/intel/sst/sst_acpi.c b/sound/soc/intel/sst/sst_acpi.c
-index b336013..51f83ba 100644
---- a/sound/soc/intel/sst/sst_acpi.c
-+++ b/sound/soc/intel/sst/sst_acpi.c
-@@ -47,7 +47,7 @@ struct sst_machines {
- char board[32];
- char machine[32];
- void (*machine_quirk)(void);
-- char firmware[32];
-+ char firmware[FW_NAME_SIZE];
- struct sst_platform_info *pdata;
-
- };
-diff --git a/sound/soc/pxa/mioa701_wm9713.c b/sound/soc/pxa/mioa701_wm9713.c
-index 396dbd5..a9615a57 100644
---- a/sound/soc/pxa/mioa701_wm9713.c
-+++ b/sound/soc/pxa/mioa701_wm9713.c
-@@ -81,7 +81,7 @@ static int rear_amp_power(struct snd_soc_codec *codec, int power)
- static int rear_amp_event(struct snd_soc_dapm_widget *widget,
- struct snd_kcontrol *kctl, int event)
- {
-- struct snd_soc_codec *codec = widget->codec;
-+ struct snd_soc_codec *codec = widget->dapm->card->rtd[0].codec;
-
- return rear_amp_power(codec, SND_SOC_DAPM_EVENT_ON(event));
- }
-diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
-index a739841..a0795ba 100644
---- a/sound/usb/quirks.c
-+++ b/sound/usb/quirks.c
-@@ -1122,6 +1122,7 @@ int snd_usb_select_mode_quirk(struct snd_usb_substream *subs,
- int err;
-
- switch (subs->stream->chip->usb_id) {
-+ case USB_ID(0x154e, 0x1003): /* Denon DA-300USB */
- case USB_ID(0x154e, 0x3005): /* Marantz HD-DAC1 */
- case USB_ID(0x154e, 0x3006): /* Marantz SA-14S1 */
-
-@@ -1201,6 +1202,7 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
- (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) {
-
- switch (le16_to_cpu(dev->descriptor.idProduct)) {
-+ case 0x1003: /* Denon DA300-USB */
- case 0x3005: /* Marantz HD-DAC1 */
- case 0x3006: /* Marantz SA-14S1 */
- mdelay(20);
-@@ -1262,6 +1264,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
-
- /* Denon/Marantz devices with USB DAC functionality */
- switch (chip->usb_id) {
-+ case USB_ID(0x154e, 0x1003): /* Denon DA300-USB */
- case USB_ID(0x154e, 0x3005): /* Marantz HD-DAC1 */
- case USB_ID(0x154e, 0x3006): /* Marantz SA-14S1 */
- if (fp->altsetting == 2)
-diff --git a/tools/perf/util/cloexec.c b/tools/perf/util/cloexec.c
-index 47b78b3..6da965b 100644
---- a/tools/perf/util/cloexec.c
-+++ b/tools/perf/util/cloexec.c
-@@ -25,6 +25,10 @@ static int perf_flag_probe(void)
- if (cpu < 0)
- cpu = 0;
-
-+ /*
-+ * Using -1 for the pid is a workaround to avoid gratuitous jump label
-+ * changes.
-+ */
- while (1) {
- /* check cloexec flag */
- fd = sys_perf_event_open(&attr, pid, cpu, -1,
-@@ -47,16 +51,24 @@ static int perf_flag_probe(void)
- err, strerror_r(err, sbuf, sizeof(sbuf)));
-
- /* not supported, confirm error related to PERF_FLAG_FD_CLOEXEC */
-- fd = sys_perf_event_open(&attr, pid, cpu, -1, 0);
-+ while (1) {
-+ fd = sys_perf_event_open(&attr, pid, cpu, -1, 0);
-+ if (fd < 0 && pid == -1 && errno == EACCES) {
-+ pid = 0;
-+ continue;
-+ }
-+ break;
-+ }
- err = errno;
-
-+ if (fd >= 0)
-+ close(fd);
-+
- if (WARN_ONCE(fd < 0 && err != EBUSY,
- "perf_event_open(..., 0) failed unexpectedly with error %d (%s)\n",
- err, strerror_r(err, sbuf, sizeof(sbuf))))
- return -1;
-
-- close(fd);
--
- return 0;
- }
-
diff --git a/3.19.1/0000_README b/3.19.2/0000_README
index fa067a7..91abd27 100644
--- a/3.19.1/0000_README
+++ b/3.19.2/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1000_linux-3.19.1.patch
-From: http://www.kernel.org
-Desc: Linux 3.14.35
-
-Patch: 4420_grsecurity-3.1-3.19.1-201503122205.patch
+Patch: 4420_grsecurity-3.1-3.19.2-201503201903.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.19.1/4420_grsecurity-3.1-3.19.1-201503122205.patch b/3.19.2/4420_grsecurity-3.1-3.19.2-201503201903.patch
index fd20fa4..585a368 100644
--- a/3.19.1/4420_grsecurity-3.1-3.19.1-201503122205.patch
+++ b/3.19.2/4420_grsecurity-3.1-3.19.2-201503201903.patch
@@ -370,7 +370,7 @@ index 176d4fe..17ceefa 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 688777b..2821d8c 100644
+index e49665a..7c65470 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -20493,10 +20493,10 @@ index 5eea099..ff7ef8d 100644
unsigned long mfn;
diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h
-index 5fa9770..2b49d6c 100644
+index c9a6d68..cb57f42 100644
--- a/arch/x86/include/asm/xsave.h
+++ b/arch/x86/include/asm/xsave.h
-@@ -229,12 +229,16 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+@@ -223,12 +223,16 @@ static inline int xsave_user(struct xsave_struct __user *buf)
if (unlikely(err))
return -EFAULT;
@@ -20514,7 +20514,7 @@ index 5fa9770..2b49d6c 100644
return err;
}
-@@ -244,16 +248,20 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+@@ -238,16 +242,20 @@ static inline int xsave_user(struct xsave_struct __user *buf)
static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask)
{
int err = 0;
@@ -23068,7 +23068,7 @@ index 000d419..8f66802 100644
#endif
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 9ebaf63..c786610 100644
+index 4ee9a23..c786610 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -23663,7 +23663,7 @@ index 9ebaf63..c786610 100644
/*
* A newly forked process directly context switches into this address.
-@@ -331,25 +793,26 @@ ENTRY(ret_from_fork)
+@@ -331,7 +793,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23671,19 +23671,9 @@ index 9ebaf63..c786610 100644
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
jz 1f
-- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-- jnz int_ret_from_sys_call
--
-- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
-- jmp ret_from_sys_call # go to the SYSRET fastpath
-+ /*
-+ * By the time we get here, we have no idea whether our pt_regs,
-+ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
-+ * the slow path, or one of the ia32entry paths.
-+ * Use int_ret_from_sys_call to return, since it can safely handle
-+ * all of the above.
-+ */
-+ jmp int_ret_from_sys_call
+ /*
+@@ -344,15 +806,13 @@ ENTRY(ret_from_fork)
+ jmp int_ret_from_sys_call
1:
- subq $REST_SKIP, %rsp # leave space for volatiles
@@ -23699,7 +23689,7 @@ index 9ebaf63..c786610 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -386,7 +849,7 @@ END(ret_from_fork)
+@@ -389,7 +849,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23708,7 +23698,7 @@ index 9ebaf63..c786610 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -399,16 +862,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -402,16 +862,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23734,7 +23724,7 @@ index 9ebaf63..c786610 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -432,10 +902,13 @@ sysret_check:
+@@ -435,10 +902,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23749,7 +23739,7 @@ index 9ebaf63..c786610 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -494,12 +967,15 @@ sysret_audit:
+@@ -497,12 +967,15 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
@@ -23767,7 +23757,7 @@ index 9ebaf63..c786610 100644
jmp system_call_fastpath /* and return to the fast path */
tracesys_phase2:
-@@ -510,12 +986,14 @@ tracesys_phase2:
+@@ -513,12 +986,14 @@ tracesys_phase2:
movq %rax,%rdx
call syscall_trace_enter_phase2
@@ -23783,7 +23773,7 @@ index 9ebaf63..c786610 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -545,7 +1023,9 @@ GLOBAL(int_with_check)
+@@ -548,7 +1023,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23794,7 +23784,7 @@ index 9ebaf63..c786610 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -591,7 +1071,7 @@ int_restore_rest:
+@@ -594,7 +1071,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23803,7 +23793,7 @@ index 9ebaf63..c786610 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -604,9 +1084,10 @@ ENTRY(stub_\func)
+@@ -607,9 +1084,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23816,7 +23806,7 @@ index 9ebaf63..c786610 100644
.endm
.macro FIXED_FRAME label,func
-@@ -616,9 +1097,10 @@ ENTRY(\label)
+@@ -619,9 +1097,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23828,7 +23818,7 @@ index 9ebaf63..c786610 100644
.endm
FORK_LIKE clone
-@@ -626,19 +1108,6 @@ END(\label)
+@@ -629,19 +1108,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23848,7 +23838,7 @@ index 9ebaf63..c786610 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -650,7 +1119,7 @@ ENTRY(stub_execve)
+@@ -653,7 +1119,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23857,7 +23847,7 @@ index 9ebaf63..c786610 100644
ENTRY(stub_execveat)
CFI_STARTPROC
-@@ -664,7 +1133,7 @@ ENTRY(stub_execveat)
+@@ -667,7 +1133,7 @@ ENTRY(stub_execveat)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23866,7 +23856,7 @@ index 9ebaf63..c786610 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -681,7 +1150,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -684,7 +1150,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23875,7 +23865,7 @@ index 9ebaf63..c786610 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -695,7 +1164,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -698,7 +1164,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23884,7 +23874,7 @@ index 9ebaf63..c786610 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -760,7 +1229,7 @@ vector=vector+1
+@@ -763,7 +1229,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23893,7 +23883,7 @@ index 9ebaf63..c786610 100644
.previous
END(interrupt)
-@@ -777,8 +1246,8 @@ END(interrupt)
+@@ -780,8 +1246,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -23904,7 +23894,7 @@ index 9ebaf63..c786610 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -801,14 +1270,14 @@ ret_from_intr:
+@@ -804,14 +1270,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -23923,7 +23913,7 @@ index 9ebaf63..c786610 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -830,12 +1299,35 @@ retint_swapgs: /* return to user-space */
+@@ -833,12 +1299,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23959,7 +23949,7 @@ index 9ebaf63..c786610 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -873,15 +1365,15 @@ native_irq_return_ldt:
+@@ -876,15 +1365,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
@@ -23980,7 +23970,7 @@ index 9ebaf63..c786610 100644
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -935,7 +1427,7 @@ ENTRY(retint_kernel)
+@@ -938,7 +1427,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
@@ -23989,7 +23979,7 @@ index 9ebaf63..c786610 100644
/*
* APIC interrupts.
-@@ -949,7 +1441,7 @@ ENTRY(\sym)
+@@ -952,7 +1441,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -23998,7 +23988,7 @@ index 9ebaf63..c786610 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1022,7 +1514,7 @@ apicinterrupt IRQ_WORK_VECTOR \
+@@ -1025,7 +1514,7 @@ apicinterrupt IRQ_WORK_VECTOR \
/*
* Exception entry points.
*/
@@ -24007,7 +23997,7 @@ index 9ebaf63..c786610 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -1073,6 +1565,12 @@ ENTRY(\sym)
+@@ -1076,6 +1565,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
@@ -24020,7 +24010,7 @@ index 9ebaf63..c786610 100644
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist)
.endif
-@@ -1089,7 +1587,7 @@ ENTRY(\sym)
+@@ -1092,7 +1587,7 @@ ENTRY(\sym)
.endif
CFI_ENDPROC
@@ -24029,7 +24019,7 @@ index 9ebaf63..c786610 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1130,9 +1628,10 @@ gs_change:
+@@ -1133,9 +1628,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24041,7 +24031,7 @@ index 9ebaf63..c786610 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1160,9 +1659,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1163,9 +1659,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24053,7 +24043,7 @@ index 9ebaf63..c786610 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -1200,7 +1700,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1203,7 +1700,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24062,7 +24052,7 @@ index 9ebaf63..c786610 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1259,7 +1759,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1262,7 +1759,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24071,7 +24061,7 @@ index 9ebaf63..c786610 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1306,18 +1806,33 @@ ENTRY(paranoid_exit)
+@@ -1309,18 +1806,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24107,7 +24097,7 @@ index 9ebaf63..c786610 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1346,7 +1861,7 @@ paranoid_schedule:
+@@ -1349,7 +1861,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24116,7 +24106,7 @@ index 9ebaf63..c786610 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1373,12 +1888,23 @@ ENTRY(error_entry)
+@@ -1376,12 +1888,23 @@ ENTRY(error_entry)
movq %r14, R14+8(%rsp)
movq %r15, R15+8(%rsp)
xorl %ebx,%ebx
@@ -24141,7 +24131,7 @@ index 9ebaf63..c786610 100644
ret
/*
-@@ -1413,7 +1939,7 @@ error_bad_iret:
+@@ -1416,7 +1939,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
@@ -24150,7 +24140,7 @@ index 9ebaf63..c786610 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1424,7 +1950,7 @@ ENTRY(error_exit)
+@@ -1427,7 +1950,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24159,7 +24149,7 @@ index 9ebaf63..c786610 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1433,7 +1959,7 @@ ENTRY(error_exit)
+@@ -1436,7 +1959,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24168,7 +24158,7 @@ index 9ebaf63..c786610 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1491,9 +2017,11 @@ ENTRY(nmi)
+@@ -1494,9 +2017,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24181,7 +24171,7 @@ index 9ebaf63..c786610 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1527,8 +2055,7 @@ nested_nmi:
+@@ -1530,8 +2055,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24191,7 +24181,7 @@ index 9ebaf63..c786610 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1546,6 +2073,7 @@ nested_nmi_out:
+@@ -1549,6 +2073,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24199,7 +24189,7 @@ index 9ebaf63..c786610 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1642,13 +2170,13 @@ end_repeat_nmi:
+@@ -1645,13 +2170,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24215,7 +24205,7 @@ index 9ebaf63..c786610 100644
DEFAULT_FRAME 0
/*
-@@ -1658,9 +2186,9 @@ end_repeat_nmi:
+@@ -1661,9 +2186,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24227,7 +24217,7 @@ index 9ebaf63..c786610 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1669,29 +2197,34 @@ end_repeat_nmi:
+@@ -1672,29 +2197,34 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -28669,7 +28659,7 @@ index 8a80737..bac4961 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index de12c1d..4031e2a 100644
+index b24c2d8..e1e4e25 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3503,7 +3503,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
@@ -40029,10 +40019,10 @@ index 94a58a0..f5eba42 100644
container_of(_dev_attr, struct dmi_device_attribute, dev_attr)
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index c5f7b4e..74bc7c9 100644
+index 69fac06..820f0c9a 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
-@@ -900,7 +900,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
+@@ -901,7 +901,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
if (buf == NULL)
return -1;
@@ -40532,7 +40522,7 @@ index 176de63..1ef9ac7 100644
return ret;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index e7a16f1..e0d82e8 100644
+index 30d4eb3..92f2dc8 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12935,13 +12935,13 @@ struct intel_quirk {
@@ -42525,6 +42515,25 @@ index 9f5ad7c..588cd84 100644
wake_up_process(pool->thread);
}
}
+diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
+index aec7a6a..8c014b5 100644
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -99,6 +99,14 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
+ if (dmasync)
+ dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+
++ /*
++ * If the combination of the addr and size requested for this memory
++ * region causes an integer overflow, return error.
++ */
++ if ((PAGE_ALIGN(addr + size) <= size) ||
++ (PAGE_ALIGN(addr + size) <= addr))
++ return ERR_PTR(-EINVAL);
++
+ if (!can_do_mlock())
+ return ERR_PTR(-EPERM);
+
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index cb43c22..2e12dd7 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
@@ -43177,7 +43186,7 @@ index c0d0296..3185f57 100644
/* Blow away the connection if it exists. */
diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h
-index c00ae09..04e91be 100644
+index b218254..1d1aa3c 100644
--- a/drivers/infiniband/hw/qib/qib.h
+++ b/drivers/infiniband/hw/qib/qib.h
@@ -52,6 +52,7 @@
@@ -43854,7 +43863,7 @@ index e2d4e58..40cd045 100644
/* error message helper function */
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
-index 6a7447c..cae33fe 100644
+index 6a7447c..b4987ea 100644
--- a/drivers/isdn/icn/icn.c
+++ b/drivers/isdn/icn/icn.c
@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card)
@@ -43866,6 +43875,15 @@ index 6a7447c..cae33fe 100644
return -EFAULT;
} else
memcpy(msg, buf, count);
+@@ -1609,7 +1609,7 @@ icn_setup(char *line)
+ if (ints[0] > 1)
+ membase = (unsigned long)ints[2];
+ if (str && *str) {
+- strcpy(sid, str);
++ strlcpy(sid, str, sizeof(sid));
+ icn_id = sid;
+ if ((p = strchr(sid, ','))) {
+ *p++ = 0;
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index 87f7dff..7300125 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -44096,7 +44114,7 @@ index 73f791b..8c5d3ac 100644
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 7dfdb5c..4caada6 100644
+index 089d627..ef7352e 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -44153,7 +44171,7 @@ index 7dfdb5c..4caada6 100644
m = NULL;
if (likely(m))
-@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -936,7 +936,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
@@ -44162,7 +44180,7 @@ index 7dfdb5c..4caada6 100644
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1342,7 +1342,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
@@ -44273,7 +44291,7 @@ index 43adbb8..7b34305 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 2caf5b3..104f98f 100644
+index 64b10e0..07db8f4 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -185,9 +185,9 @@ struct mapped_device {
@@ -44308,7 +44326,7 @@ index 2caf5b3..104f98f 100644
wake_up(&md->eventq);
}
-@@ -3041,18 +3041,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -3034,18 +3034,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -46927,10 +46945,32 @@ index 98d73aa..63ef9da 100644
Say Y here if you want to support for Freescale FlexCAN.
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
-index 847c1f8..69a0df3 100644
+index 847c1f8..3bed607 100644
--- a/drivers/net/can/dev.c
+++ b/drivers/net/can/dev.c
-@@ -950,7 +950,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
+@@ -578,6 +578,10 @@ struct sk_buff *alloc_can_skb(struct net_device *dev, struct can_frame **cf)
+ skb->pkt_type = PACKET_BROADCAST;
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+
++ skb_reset_mac_header(skb);
++ skb_reset_network_header(skb);
++ skb_reset_transport_header(skb);
++
+ can_skb_reserve(skb);
+ can_skb_prv(skb)->ifindex = dev->ifindex;
+
+@@ -602,6 +606,10 @@ struct sk_buff *alloc_canfd_skb(struct net_device *dev,
+ skb->pkt_type = PACKET_BROADCAST;
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+
++ skb_reset_mac_header(skb);
++ skb_reset_network_header(skb);
++ skb_reset_transport_header(skb);
++
+ can_skb_reserve(skb);
+ can_skb_prv(skb)->ifindex = dev->ifindex;
+
+@@ -950,7 +958,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
return -EOPNOTSUPP;
}
@@ -47990,7 +48030,7 @@ index c9f57fb..208bdc1 100644
u32 entry_offset, dump, no_entries, buf_offset = 0;
int i, k, ops_cnt, ops_index, dump_size = 0;
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 14a1c5c..38a141d 100644
+index 2e2cf80..ebc796d 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -788,22 +788,22 @@ struct rtl8169_private {
@@ -48142,7 +48182,7 @@ index 612e073..a9f5eda 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 919f4fc..012f6dd 100644
+index 4d050ee..012f6dd 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -436,7 +436,7 @@ static void macvtap_setup(struct net_device *dev)
@@ -48154,32 +48194,7 @@ index 919f4fc..012f6dd 100644
.kind = "macvtap",
.setup = macvtap_setup,
.newlink = macvtap_newlink,
-@@ -654,11 +654,14 @@ static void macvtap_skb_to_vnet_hdr(struct macvtap_queue *q,
- } /* else everything is zero */
- }
-
-+/* Neighbour code has some assumptions on HH_DATA_MOD alignment */
-+#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN)
-+
- /* Get packet from user space buffer */
- static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- struct iov_iter *from, int noblock)
- {
-- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN);
-+ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE);
- struct sk_buff *skb;
- struct macvlan_dev *vlan;
- unsigned long total_len = iov_iter_count(from);
-@@ -722,7 +725,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- linear = macvtap16_to_cpu(q, vnet_hdr.hdr_len);
- }
-
-- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen,
-+ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen,
- linear, noblock, &err);
- if (!skb)
- goto err;
-@@ -1030,7 +1033,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1033,7 +1033,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
ret = 0;
u = q->flags;
@@ -48188,7 +48203,7 @@ index 919f4fc..012f6dd 100644
put_user(u, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1214,7 +1217,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1217,7 +1217,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -48277,10 +48292,10 @@ index 079f7ad..b2a2bfa7 100644
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index f7ff493..153e0198 100644
+index 2c087ef..4859007 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2105,7 +2105,7 @@ static unsigned int team_get_num_rx_queues(void)
+@@ -2103,7 +2103,7 @@ static unsigned int team_get_num_rx_queues(void)
return TEAM_DEFAULT_NUM_RX_QUEUES;
}
@@ -48289,7 +48304,7 @@ index f7ff493..153e0198 100644
.kind = DRV_NAME,
.priv_size = sizeof(struct team),
.setup = team_setup,
-@@ -2895,7 +2895,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2893,7 +2893,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -51710,7 +51725,7 @@ index 05ea0d4..5af8049 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 763bffe..e0eacf4 100644
+index dbf8e77..0d565c7 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1098,7 +1098,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -53506,20 +53521,9 @@ index 42bad18..447d7a2 100644
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 51f066a..a7f6e86 100644
+index 2bb4dfc..a7f6e86 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -1028,8 +1028,8 @@ EXPORT_SYMBOL(start_tty);
- /* We limit tty time update visibility to every 8 seconds or so. */
- static void tty_update_time(struct timespec *time)
- {
-- unsigned long sec = get_seconds() & ~7;
-- if ((long)(sec - time->tv_sec) > 0)
-+ unsigned long sec = get_seconds();
-+ if (abs(sec - time->tv_sec) & ~7)
- time->tv_sec = sec;
- }
-
@@ -3503,7 +3503,7 @@ EXPORT_SYMBOL(tty_devnum);
void tty_default_fops(struct file_operations *fops)
@@ -53529,31 +53533,6 @@ index 51f066a..a7f6e86 100644
}
/*
-diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c
-index 1787fa4..552076b 100644
---- a/drivers/tty/tty_ioctl.c
-+++ b/drivers/tty/tty_ioctl.c
-@@ -217,11 +217,17 @@ void tty_wait_until_sent(struct tty_struct *tty, long timeout)
- #endif
- if (!timeout)
- timeout = MAX_SCHEDULE_TIMEOUT;
-+
- if (wait_event_interruptible_timeout(tty->write_wait,
-- !tty_chars_in_buffer(tty), timeout) >= 0) {
-- if (tty->ops->wait_until_sent)
-- tty->ops->wait_until_sent(tty, timeout);
-+ !tty_chars_in_buffer(tty), timeout) < 0) {
-+ return;
- }
-+
-+ if (timeout == MAX_SCHEDULE_TIMEOUT)
-+ timeout = 0;
-+
-+ if (tty->ops->wait_until_sent)
-+ tty->ops->wait_until_sent(tty, timeout);
- }
- EXPORT_SYMBOL(tty_wait_until_sent);
-
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index 3737f55..7cef448 100644
--- a/drivers/tty/tty_ldisc.c
@@ -53931,7 +53910,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 0b59731..46ee7d1 100644
+index e500243..401300f 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -54336,29 +54315,6 @@ index 29fa1c3..a57b08e 100644
struct usb_serial_port *port = info->port;
struct usb_serial *serial;
int retval = -ENODEV;
-diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
-index ccf1df7..54e170d 100644
---- a/drivers/usb/serial/generic.c
-+++ b/drivers/usb/serial/generic.c
-@@ -258,7 +258,8 @@ void usb_serial_generic_wait_until_sent(struct tty_struct *tty, long timeout)
- * character or at least one jiffy.
- */
- period = max_t(unsigned long, (10 * HZ / bps), 1);
-- period = min_t(unsigned long, period, timeout);
-+ if (timeout)
-+ period = min_t(unsigned long, period, timeout);
-
- dev_dbg(&port->dev, "%s - timeout = %u ms, period = %u ms\n",
- __func__, jiffies_to_msecs(timeout),
-@@ -268,7 +269,7 @@ void usb_serial_generic_wait_until_sent(struct tty_struct *tty, long timeout)
- schedule_timeout_interruptible(period);
- if (signal_pending(current))
- break;
-- if (time_after(jiffies, expire))
-+ if (timeout && time_after(jiffies, expire))
- break;
- }
- }
diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h
index 307e339..6aa97cb 100644
--- a/drivers/usb/storage/usb.h
@@ -58089,32 +58045,6 @@ index 6530ced..4a827e2 100644
if (limit != RLIM_INFINITY && offset > limit)
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
-diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
-index aaf96cb..ac7d921 100644
---- a/fs/autofs4/dev-ioctl.c
-+++ b/fs/autofs4/dev-ioctl.c
-@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
- */
- static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
- {
-- struct autofs_dev_ioctl tmp;
-+ struct autofs_dev_ioctl tmp, *res;
-
- if (copy_from_user(&tmp, in, sizeof(tmp)))
- return ERR_PTR(-EFAULT);
-@@ -106,7 +106,11 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
- if (tmp.size > (PATH_MAX + sizeof(tmp)))
- return ERR_PTR(-ENAMETOOLONG);
-
-- return memdup_user(in, tmp.size);
-+ res = memdup_user(in, tmp.size);
-+ if (!IS_ERR(res))
-+ res->size = tmp.size;
-+
-+ return res;
- }
-
- static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 116fd38..c04182da 100644
--- a/fs/autofs4/waitq.c
@@ -59350,19 +59280,6 @@ index 2299bfd..4098e72 100644
__btrfs_remove_free_space_cache(cache->free_space_ctl);
return 0;
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index f78e9dc..069ab24 100644
---- a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -1010,7 +1010,7 @@ again:
- base = btrfs_item_ptr_offset(leaf, path->slots[0]);
-
- while (cur_offset < item_size) {
-- extref = (struct btrfs_inode_extref *)base + cur_offset;
-+ extref = (struct btrfs_inode_extref *)(base + cur_offset);
-
- victim_name_len = btrfs_inode_extref_name_len(leaf, extref);
-
diff --git a/fs/btrfs/tree-log.h b/fs/btrfs/tree-log.h
index 154990c..d0cf699 100644
--- a/fs/btrfs/tree-log.h
@@ -60578,30 +60495,10 @@ index e368d4f..b40ba59 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 05f2960..780f4f8 100644
+index 6f0ce53..780f4f8 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
-@@ -246,10 +246,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root)
- return 0;
- }
-
-+static void debugfs_evict_inode(struct inode *inode)
-+{
-+ truncate_inode_pages_final(&inode->i_data);
-+ clear_inode(inode);
-+ if (S_ISLNK(inode->i_mode))
-+ kfree(inode->i_private);
-+}
-+
- static const struct super_operations debugfs_super_operations = {
- .statfs = simple_statfs,
- .remount_fs = debugfs_remount,
- .show_options = debugfs_show_options,
-+ .evict_inode = debugfs_evict_inode,
- };
-
- static int debug_fill_super(struct super_block *sb, void *data, int silent)
-@@ -416,7 +425,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
+@@ -425,7 +425,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
*/
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
{
@@ -60613,38 +60510,6 @@ index 05f2960..780f4f8 100644
parent, NULL, NULL);
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
-@@ -466,23 +479,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent)
- int ret = 0;
-
- if (debugfs_positive(dentry)) {
-- if (dentry->d_inode) {
-- dget(dentry);
-- switch (dentry->d_inode->i_mode & S_IFMT) {
-- case S_IFDIR:
-- ret = simple_rmdir(parent->d_inode, dentry);
-- break;
-- case S_IFLNK:
-- kfree(dentry->d_inode->i_private);
-- /* fall through */
-- default:
-- simple_unlink(parent->d_inode, dentry);
-- break;
-- }
-- if (!ret)
-- d_delete(dentry);
-- dput(dentry);
-- }
-+ dget(dentry);
-+ if (S_ISDIR(dentry->d_inode->i_mode))
-+ ret = simple_rmdir(parent->d_inode, dentry);
-+ else
-+ simple_unlink(parent->d_inode, dentry);
-+ if (!ret)
-+ d_delete(dentry);
-+ dput(dentry);
- }
- return ret;
- }
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 1686dc2..9611c50 100644
--- a/fs/ecryptfs/inode.c
@@ -61798,6 +61663,48 @@ index 8313ca3..8a37d08 100644
__ext4_warning(sb, function, line,
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
+index 8a8ec62..1b02de5 100644
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -413,7 +413,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+
+ ext4_debug("mark blocks [%llu/%u] used\n", block, count);
+ for (count2 = count; count > 0; count -= count2, block += count2) {
+- ext4_fsblk_t start;
++ ext4_fsblk_t start, diff;
+ struct buffer_head *bh;
+ ext4_group_t group;
+ int err;
+@@ -422,10 +422,6 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ start = ext4_group_first_block_no(sb, group);
+ group -= flex_gd->groups[0].group;
+
+- count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start);
+- if (count2 > count)
+- count2 = count;
+-
+ if (flex_gd->bg_flags[group] & EXT4_BG_BLOCK_UNINIT) {
+ BUG_ON(flex_gd->count > 1);
+ continue;
+@@ -443,9 +439,15 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ err = ext4_journal_get_write_access(handle, bh);
+ if (err)
+ return err;
++
++ diff = block - start;
++ count2 = EXT4_BLOCKS_PER_GROUP(sb) - diff;
++ if (count2 > count)
++ count2 = count;
++
+ ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block,
+- block - start, count2);
+- ext4_set_bits(bh->b_data, block - start, count2);
++ diff, count2);
++ ext4_set_bits(bh->b_data, diff, count2);
+
+ err = ext4_handle_dirty_metadata(handle, NULL, bh);
+ if (unlikely(err))
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index fc29b2c..6c8b255 100644
--- a/fs/ext4/super.c
@@ -66120,10 +66027,10 @@ index 8e5ad83..1f07a8c 100644
}
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
-index 7fea132..2923577 100644
+index b502bba..849e216 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
-@@ -23,6 +23,7 @@
+@@ -22,6 +22,7 @@
#include <linux/bitops.h>
#include <linux/spinlock.h>
#include <linux/completion.h>
@@ -66131,7 +66038,7 @@ index 7fea132..2923577 100644
#include <asm/uaccess.h>
#include "internal.h"
-@@ -265,6 +266,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
+@@ -253,6 +254,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
return proc_lookup_de(PDE(dir), dir, dentry);
}
@@ -66147,7 +66054,7 @@ index 7fea132..2923577 100644
/*
* This returns non-zero if at EOF, so that the /proc
* root directory can use this and check if it should
-@@ -322,6 +332,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
+@@ -310,6 +320,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
return proc_readdir_de(PDE(inode), file, ctx);
}
@@ -66164,7 +66071,7 @@ index 7fea132..2923577 100644
/*
* These are the generic /proc directory operations. They
* use the in-memory "struct proc_dir_entry" tree to parse
-@@ -333,6 +353,12 @@ static const struct file_operations proc_dir_operations = {
+@@ -321,6 +341,12 @@ static const struct file_operations proc_dir_operations = {
.iterate = proc_readdir,
};
@@ -66177,7 +66084,7 @@ index 7fea132..2923577 100644
/*
* proc directories can do almost nothing..
*/
-@@ -342,6 +368,12 @@ static const struct inode_operations proc_dir_inode_operations = {
+@@ -330,6 +356,12 @@ static const struct inode_operations proc_dir_inode_operations = {
.setattr = proc_notify_change,
};
@@ -66190,7 +66097,7 @@ index 7fea132..2923577 100644
static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp)
{
int ret;
-@@ -351,8 +383,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
+@@ -339,8 +371,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
return ret;
if (S_ISDIR(dp->mode)) {
@@ -66206,7 +66113,7 @@ index 7fea132..2923577 100644
dir->nlink++;
} else if (S_ISLNK(dp->mode)) {
dp->proc_iops = &proc_link_inode_operations;
-@@ -465,6 +502,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
+@@ -453,6 +490,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
}
EXPORT_SYMBOL_GPL(proc_mkdir_data);
@@ -66234,7 +66141,7 @@ index 7fea132..2923577 100644
struct proc_dir_entry *proc_mkdir_mode(const char *name, umode_t mode,
struct proc_dir_entry *parent)
{
-@@ -479,6 +537,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
+@@ -467,6 +525,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
}
EXPORT_SYMBOL(proc_mkdir);
@@ -66249,13 +66156,13 @@ index 7fea132..2923577 100644
struct proc_dir_entry *parent,
const struct file_operations *proc_fops,
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 8420a2f..7b98f00 100644
+index 3b0f838..a0e0f63e 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -23,11 +23,17 @@
- #include <linux/slab.h>
+@@ -24,11 +24,17 @@
#include <linux/mount.h>
#include <linux/magic.h>
+ #include <linux/namei.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -66270,7 +66177,7 @@ index 8420a2f..7b98f00 100644
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -48,6 +54,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inode *inode)
RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL);
sysctl_head_put(head);
}
@@ -66284,7 +66191,7 @@ index 8420a2f..7b98f00 100644
}
static struct kmem_cache * proc_inode_cachep;
-@@ -405,7 +418,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -426,7 +439,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -66297,7 +66204,7 @@ index 8420a2f..7b98f00 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 6fcdba5..d08b8f1 100644
+index c835b94..c9e01a3 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -47,9 +47,10 @@ struct proc_dir_entry {
@@ -76782,10 +76689,10 @@ index 0000000..946f750
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..14638ff
+index 0000000..fb7531e
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,188 @@
+@@ -0,0 +1,189 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -76921,7 +76828,8 @@ index 0000000..14638ff
+ "CAP_MAC_ADMIN",
+ "CAP_SYSLOG",
+ "CAP_WAKE_ALARM",
-+ "CAP_BLOCK_SUSPEND"
++ "CAP_BLOCK_SUSPEND",
++ "CAP_AUDIT_READ"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
@@ -80020,7 +79928,7 @@ index 7adbb65..2a1eb1f 100644
/**
* drm_connector_helper_funcs - helper operations for connectors
diff --git a/include/drm/i915_pciids.h b/include/drm/i915_pciids.h
-index 180ad0e..53cdacf 100644
+index d016dc5..3951fe0 100644
--- a/include/drm/i915_pciids.h
+++ b/include/drm/i915_pciids.h
@@ -37,7 +37,7 @@
@@ -86982,7 +86890,7 @@ index ac8b333..59c3692 100644
struct snd_soc_dai_link_component {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 4a8795a..53d8119 100644
+index 672150b..9d4bec4 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -767,7 +767,7 @@ struct se_device {
@@ -92577,7 +92485,7 @@ index 0bcebff..e7cd5b2 100644
}
__initcall(ioresources_init);
diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
-index 8a2e230..6020954 100644
+index eae160d..c9aa22e 100644
--- a/kernel/sched/auto_group.c
+++ b/kernel/sched/auto_group.c
@@ -11,7 +11,7 @@
@@ -92630,10 +92538,10 @@ index 607f852..486bc87 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 5eab11d..537f3b6 100644
+index 44dfc8b..56d160d 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
-@@ -1897,7 +1897,7 @@ void set_numabalancing_state(bool enabled)
+@@ -1902,7 +1902,7 @@ void set_numabalancing_state(bool enabled)
int sysctl_numa_balancing(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -92642,7 +92550,7 @@ index 5eab11d..537f3b6 100644
int err;
int state = numabalancing_enabled;
-@@ -2347,8 +2347,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2352,8 +2352,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
next->active_mm = oldmm;
atomic_inc(&oldmm->mm_count);
enter_lazy_tlb(oldmm, next);
@@ -92654,7 +92562,7 @@ index 5eab11d..537f3b6 100644
if (!prev->mm) {
prev->active_mm = NULL;
-@@ -3147,6 +3149,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3152,6 +3154,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = nice_to_rlimit(nice);
@@ -92663,7 +92571,7 @@ index 5eab11d..537f3b6 100644
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -3173,7 +3177,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3178,7 +3182,8 @@ SYSCALL_DEFINE1(nice, int, increment)
nice = task_nice(current) + increment;
nice = clamp_val(nice, MIN_NICE, MAX_NICE);
@@ -92673,7 +92581,7 @@ index 5eab11d..537f3b6 100644
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3468,6 +3473,7 @@ recheck:
+@@ -3473,6 +3478,7 @@ recheck:
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
@@ -92681,7 +92589,7 @@ index 5eab11d..537f3b6 100644
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4968,6 +4974,7 @@ void idle_task_exit(void)
+@@ -4973,6 +4979,7 @@ void idle_task_exit(void)
if (mm != &init_mm) {
switch_mm(mm, &init_mm, current);
@@ -92689,7 +92597,7 @@ index 5eab11d..537f3b6 100644
finish_arch_post_lock_switch();
}
mmdrop(mm);
-@@ -5063,7 +5070,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -5068,7 +5075,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -92698,7 +92606,7 @@ index 5eab11d..537f3b6 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -5080,17 +5087,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -5085,17 +5092,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -92720,7 +92628,7 @@ index 5eab11d..537f3b6 100644
/*
* In the intermediate directories, both the child directory and
-@@ -5098,22 +5105,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -5103,22 +5110,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -92752,7 +92660,7 @@ index 5eab11d..537f3b6 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -5133,7 +5143,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5138,7 +5148,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -92761,7 +92669,7 @@ index 5eab11d..537f3b6 100644
if (table == NULL)
return NULL;
-@@ -5171,9 +5181,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5176,9 +5186,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -92773,7 +92681,7 @@ index 5eab11d..537f3b6 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5200,11 +5210,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5205,11 +5215,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -92788,7 +92696,7 @@ index 5eab11d..537f3b6 100644
if (entry == NULL)
return;
-@@ -5227,8 +5239,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5232,8 +5244,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -93255,7 +93163,7 @@ index ea9c881..2194af5 100644
if (!retval) {
if (old_rlim)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 137c7f6..eab3b1a 100644
+index 88ea2d6..88acc77 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -94,7 +94,6 @@
@@ -93412,7 +93320,7 @@ index 137c7f6..eab3b1a 100644
},
{
.procname = "perf_event_mlock_kb",
-@@ -1343,6 +1384,13 @@ static struct ctl_table vm_table[] = {
+@@ -1340,6 +1381,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
@@ -93426,7 +93334,7 @@ index 137c7f6..eab3b1a 100644
#else
{
.procname = "nr_trim_pages",
-@@ -1825,6 +1873,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -1822,6 +1870,16 @@ int proc_dostring(struct ctl_table *table, int write,
(char __user *)buffer, lenp, ppos);
}
@@ -93443,7 +93351,7 @@ index 137c7f6..eab3b1a 100644
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -1930,6 +1988,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -1927,6 +1985,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
@@ -93452,7 +93360,7 @@ index 137c7f6..eab3b1a 100644
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -2107,7 +2167,7 @@ int proc_dointvec(struct ctl_table *table, int write,
+@@ -2104,7 +2164,7 @@ int proc_dointvec(struct ctl_table *table, int write,
static int proc_taint(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -93461,7 +93369,7 @@ index 137c7f6..eab3b1a 100644
unsigned long tmptaint = get_taint();
int err;
-@@ -2135,7 +2195,6 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -2132,7 +2192,6 @@ static int proc_taint(struct ctl_table *table, int write,
return err;
}
@@ -93469,7 +93377,7 @@ index 137c7f6..eab3b1a 100644
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2144,7 +2203,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
+@@ -2141,7 +2200,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
@@ -93477,7 +93385,7 @@ index 137c7f6..eab3b1a 100644
struct do_proc_dointvec_minmax_conv_param {
int *min;
-@@ -2704,6 +2762,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2701,6 +2759,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
@@ -93490,7 +93398,7 @@ index 137c7f6..eab3b1a 100644
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2760,5 +2824,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -2757,5 +2821,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
@@ -95564,7 +95472,7 @@ index 123bcd3..0de52ba 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index c49586f..41e5fd9 100644
+index 267e419..394bed9 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -95611,7 +95519,7 @@ index c49586f..41e5fd9 100644
if (ret)
goto out;
-@@ -2797,6 +2801,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2798,6 +2802,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
i_mmap_unlock_write(mapping);
}
@@ -95639,7 +95547,7 @@ index c49586f..41e5fd9 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2909,6 +2934,11 @@ retry_avoidcopy:
+@@ -2910,6 +2935,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -95651,7 +95559,7 @@ index c49586f..41e5fd9 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -3069,6 +3099,10 @@ retry:
+@@ -3070,6 +3100,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -95662,9 +95570,9 @@ index c49586f..41e5fd9 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
-@@ -3135,6 +3169,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
- struct hstate *h = hstate_vma(vma);
+@@ -3137,6 +3171,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
struct address_space *mapping;
+ int need_wait_lock = 0;
+#ifdef CONFIG_PAX_SEGMEXEC
+ struct vm_area_struct *vma_m;
@@ -95673,7 +95581,7 @@ index c49586f..41e5fd9 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -3148,6 +3186,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3150,6 +3188,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -95846,7 +95754,7 @@ index a271adc..831d82f 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index feb803b..d382029 100644
+index 20c29dd..22bd8e2 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -95952,7 +95860,7 @@ index feb803b..d382029 100644
return 0;
}
-@@ -1661,7 +1661,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1659,7 +1659,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -95961,7 +95869,7 @@ index feb803b..d382029 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1731,11 +1731,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1729,11 +1729,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -95976,7 +95884,7 @@ index feb803b..d382029 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 2c3536c..e800104 100644
+index 6aa7822..3c76005 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -414,6 +414,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -96799,7 +96707,7 @@ index 73cf098..ab547c7 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 7f684d5..bb9333f 100644
+index e5cc3ca..bb9333f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -41,6 +41,7 @@
@@ -96864,24 +96772,6 @@ index 7f684d5..bb9333f 100644
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
-@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) <
- -(s64)vm_committed_as_batch * num_online_cpus(),
-@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
@@ -98409,7 +98299,7 @@ index 17fa018..6f7892b 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 28bd8c4..98a6fe3 100644
+index ae5baae..cbb2ed5 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -71,7 +71,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
@@ -98436,7 +98326,7 @@ index 28bd8c4..98a6fe3 100644
* expand a stack to a given address
* - not supported under NOMMU conditions
*/
-@@ -1562,6 +1552,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1560,6 +1550,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
/* most fields are the same, copy all, and then fixup */
*new = *vma;
@@ -98444,25 +98334,7 @@ index 28bd8c4..98a6fe3 100644
*region = *vma->vm_region;
new->vm_region = region;
-@@ -1895,7 +1886,7 @@ EXPORT_SYMBOL(unmap_mapping_range);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- vm_acct_memory(pages);
-
-@@ -1959,7 +1950,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
-@@ -1992,8 +1983,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
+@@ -1990,8 +1981,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
}
EXPORT_SYMBOL(generic_file_remap_pages);
@@ -98473,7 +98345,7 @@ index 28bd8c4..98a6fe3 100644
{
struct vm_area_struct *vma;
-@@ -2034,8 +2025,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -2032,8 +2023,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -98484,7 +98356,7 @@ index 28bd8c4..98a6fe3 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -2044,7 +2035,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -2042,7 +2033,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Access another process' address space.
* - source/target buffer must be kernel space
*/
@@ -98507,7 +98379,7 @@ index 6f43352..e44bf41 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 8e20f9c..e235009 100644
+index 8bbef06..a8d1989 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -60,6 +60,7 @@
@@ -98612,7 +98484,7 @@ index 8e20f9c..e235009 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1702,7 +1742,7 @@ again:
+@@ -1700,7 +1740,7 @@ again:
}
__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
@@ -98621,7 +98493,7 @@ index 8e20f9c..e235009 100644
!test_bit(ZONE_FAIR_DEPLETED, &zone->flags))
set_bit(ZONE_FAIR_DEPLETED, &zone->flags);
-@@ -2023,7 +2063,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -2021,7 +2061,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -98630,24 +98502,7 @@ index 8e20f9c..e235009 100644
clear_bit(ZONE_FAIR_DEPLETED, &zone->flags);
} while (zone++ != preferred_zone);
}
-@@ -2382,8 +2422,15 @@ __alloc_pages_may_oom(gfp_t gfp_mask, unsigned int order,
- if (high_zoneidx < ZONE_NORMAL)
- goto out;
- /* The OOM killer does not compensate for light reclaim */
-- if (!(gfp_mask & __GFP_FS))
-+ if (!(gfp_mask & __GFP_FS)) {
-+ /*
-+ * XXX: Page reclaim didn't yield anything,
-+ * and the OOM killer can't be invoked, but
-+ * keep looping as per should_alloc_retry().
-+ */
-+ *did_some_progress = 1;
- goto out;
-+ }
- /*
- * GFP_THISNODE contains __GFP_NORETRY and we never hit this.
- * Sanity check for bare calls of __GFP_THISNODE, not real OOM.
-@@ -5776,7 +5823,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -5781,7 +5821,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -100508,7 +100363,7 @@ index 39c3388..7d976d4 100644
if (v->nr_pages)
seq_printf(m, " pages=%d", v->nr_pages);
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index 1284f89..2e895e31 100644
+index cdac773..7dd324e 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -24,6 +24,7 @@
@@ -101261,10 +101116,20 @@ index 67a4a36..8d28068 100644
.priv_size = sizeof(struct chnl_net),
.setup = ipcaif_net_setup,
diff --git a/net/can/af_can.c b/net/can/af_can.c
-index 66e0804..da61b8f 100644
+index 66e0804..93bcf05 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
-@@ -881,7 +881,7 @@ static const struct net_proto_family can_family_ops = {
+@@ -259,6 +259,9 @@ int can_send(struct sk_buff *skb, int loop)
+ goto inval_skb;
+ }
+
++ skb->ip_summed = CHECKSUM_UNNECESSARY;
++
++ skb_reset_mac_header(skb);
+ skb_reset_network_header(skb);
+ skb_reset_transport_header(skb);
+
+@@ -881,7 +884,7 @@ static const struct net_proto_family can_family_ops = {
};
/* notifier block for netdevice event */
@@ -101353,7 +101218,7 @@ index 33a2f20..371bd09 100644
switch (ss->ss_family) {
diff --git a/net/compat.c b/net/compat.c
-index 3236b41..7d8687f 100644
+index 94d3d5e..2bd2649 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -93,20 +93,20 @@ ssize_t get_compat_msghdr(struct msghdr *kmsg,
@@ -101452,7 +101317,7 @@ index 3236b41..7d8687f 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -777,7 +777,7 @@ COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
+@@ -768,7 +768,7 @@ COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -101475,7 +101340,7 @@ index df493d6..1145766 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 7fe8292..133045e 100644
+index 4ff46f8..e877e78 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1680,14 +1680,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -101606,7 +101471,7 @@ index ec9baea..dd6195d 100644
fp->len = fprog->len;
/* Since unattached filters are not copied back to user
diff --git a/net/core/flow.c b/net/core/flow.c
-index a0348fd..340f65d 100644
+index 1033725..340f65d 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -65,7 +65,7 @@ static void flow_cache_new_hashrnd(unsigned long arg)
@@ -101636,15 +101501,6 @@ index a0348fd..340f65d 100644
if (!IS_ERR(flo))
fle->object = flo;
else
-@@ -379,7 +379,7 @@ done:
- static void flow_cache_flush_task(struct work_struct *work)
- {
- struct netns_xfrm *xfrm = container_of(work, struct netns_xfrm,
-- flow_cache_gc_work);
-+ flow_cache_flush_work);
- struct net *net = container_of(xfrm, struct net, xfrm);
-
- flow_cache_flush(net);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 8d614c9..55752ea 100644
--- a/net/core/neighbour.c
@@ -101794,10 +101650,10 @@ index e0ad5d1..04fa7f7 100644
iph->ttl = 64;
iph->protocol = IPPROTO_UDP;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
-index da934fc..d82fded 100644
+index 352d183..1bddfaf 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
-@@ -3752,7 +3752,7 @@ static int __net_init pg_net_init(struct net *net)
+@@ -3755,7 +3755,7 @@ static int __net_init pg_net_init(struct net *net)
pn->net = net;
INIT_LIST_HEAD(&pn->pktgen_threads);
pn->pktgen_exiting = false;
@@ -101807,7 +101663,7 @@ index da934fc..d82fded 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 446cbaf..255153c 100644
+index 76ec6c5..9cfb81c 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -60,7 +60,7 @@ struct rtnl_link {
@@ -101854,7 +101710,7 @@ index 446cbaf..255153c 100644
goto nla_put_failure;
if (1) {
-@@ -2102,6 +2105,10 @@ replay:
+@@ -2094,6 +2097,10 @@ replay:
if (IS_ERR(dest_net))
return PTR_ERR(dest_net);
@@ -101906,7 +101762,7 @@ index 3b6899b..cf36238 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 395c15b..7f39726 100644
+index 62c67be..01893a0a 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2123,7 +2123,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -102130,10 +101986,19 @@ index ad704c7..ca48aff 100644
}
EXPORT_SYMBOL_GPL(sock_diag_unregister);
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
-index 31baba2..c71485b 100644
+index 31baba2..754e2e5 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
-@@ -34,7 +34,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+@@ -25,6 +25,8 @@
+ static int zero = 0;
+ static int one = 1;
+ static int ushort_max = USHRT_MAX;
++static int min_sndbuf = SOCK_MIN_SNDBUF;
++static int min_rcvbuf = SOCK_MIN_RCVBUF;
+
+ static int net_msg_warn; /* Unused, but still a sysctl */
+
+@@ -34,7 +36,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
{
unsigned int orig_size, size;
int ret, i;
@@ -102142,7 +102007,7 @@ index 31baba2..c71485b 100644
.data = &size,
.maxlen = sizeof(size),
.mode = table->mode
-@@ -202,7 +202,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
+@@ -202,7 +204,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
char id[IFNAMSIZ];
@@ -102151,7 +102016,7 @@ index 31baba2..c71485b 100644
.data = id,
.maxlen = IFNAMSIZ,
};
-@@ -220,7 +220,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
+@@ -220,7 +222,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
static int proc_do_rss_key(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -102160,7 +102025,43 @@ index 31baba2..c71485b 100644
char buf[NETDEV_RSS_KEY_LEN * 3];
snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
-@@ -284,7 +284,7 @@ static struct ctl_table net_core_table[] = {
+@@ -237,7 +239,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_max",
+@@ -245,7 +247,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "wmem_default",
+@@ -253,7 +255,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_default",
+@@ -261,7 +263,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "dev_weight",
+@@ -284,7 +286,7 @@ static struct ctl_table net_core_table[] = {
.mode = 0444,
.proc_handler = proc_do_rss_key,
},
@@ -102169,7 +102070,7 @@ index 31baba2..c71485b 100644
{
.procname = "bpf_jit_enable",
.data = &bpf_jit_enable,
-@@ -400,13 +400,12 @@ static struct ctl_table netns_core_table[] = {
+@@ -400,13 +402,12 @@ static struct ctl_table netns_core_table[] = {
static __net_init int sysctl_core_net_init(struct net *net)
{
@@ -102185,7 +102086,7 @@ index 31baba2..c71485b 100644
if (tbl == NULL)
goto err_dup;
-@@ -416,17 +415,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
+@@ -416,17 +417,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
if (net->user_ns != &init_user_ns) {
tbl[0].procname = NULL;
}
@@ -102207,7 +102108,7 @@ index 31baba2..c71485b 100644
err_dup:
return -ENOMEM;
}
-@@ -441,7 +439,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+@@ -441,7 +441,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
kfree(tbl);
}
@@ -102478,6 +102379,42 @@ index f99f41b..1879da9 100644
return nh->nh_saddr;
}
+diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
+index e34dccb..4eeba4e 100644
+--- a/net/ipv4/inet_diag.c
++++ b/net/ipv4/inet_diag.c
+@@ -71,6 +71,20 @@ static inline void inet_diag_unlock_handler(
+ mutex_unlock(&inet_diag_table_mutex);
+ }
+
++static size_t inet_sk_attr_size(void)
++{
++ return nla_total_size(sizeof(struct tcp_info))
++ + nla_total_size(1) /* INET_DIAG_SHUTDOWN */
++ + nla_total_size(1) /* INET_DIAG_TOS */
++ + nla_total_size(1) /* INET_DIAG_TCLASS */
++ + nla_total_size(sizeof(struct inet_diag_meminfo))
++ + nla_total_size(sizeof(struct inet_diag_msg))
++ + nla_total_size(SK_MEMINFO_VARS * sizeof(u32))
++ + nla_total_size(TCP_CA_NAME_MAX)
++ + nla_total_size(sizeof(struct tcpvegas_info))
++ + 64;
++}
++
+ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
+ struct sk_buff *skb, struct inet_diag_req_v2 *req,
+ struct user_namespace *user_ns,
+@@ -324,9 +338,7 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_s
+ if (err)
+ goto out;
+
+- rep = nlmsg_new(sizeof(struct inet_diag_msg) +
+- sizeof(struct inet_diag_meminfo) +
+- sizeof(struct tcp_info) + 64, GFP_KERNEL);
++ rep = nlmsg_new(inet_sk_attr_size(), GFP_KERNEL);
+ if (!rep) {
+ err = -ENOMEM;
+ goto out;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 9111a4e..3576905 100644
--- a/net/ipv4/inet_hashtables.c
@@ -102522,7 +102459,7 @@ index 241afd7..31b95d5 100644
p->rate_tokens = 0;
/* 60*HZ is arbitrary, but chosen enough high so that the first
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index e5b6d0d..187c8b0 100644
+index 145a50c..5dd8cc5 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -268,7 +268,7 @@ static int ip_frag_too_far(struct ipq *qp)
@@ -102534,7 +102471,7 @@ index e5b6d0d..187c8b0 100644
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
-@@ -745,12 +745,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -748,12 +748,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
static int __net_init ip4_frags_ns_ctl_register(struct net *net)
{
@@ -102549,7 +102486,7 @@ index e5b6d0d..187c8b0 100644
if (table == NULL)
goto err_alloc;
-@@ -764,9 +763,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -767,9 +766,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -102562,7 +102499,7 @@ index e5b6d0d..187c8b0 100644
if (hdr == NULL)
goto err_reg;
-@@ -774,8 +774,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -777,8 +777,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
return 0;
err_reg:
@@ -102838,7 +102775,7 @@ index e90f83a..3e6acca 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 2a3720f..d32b565 100644
+index 0ae28f5..d32b565 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -102850,38 +102787,7 @@ index 2a3720f..d32b565 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk)
- kgid_t low, high;
- int ret = 0;
-
-+ if (sk->sk_family == AF_INET6)
-+ sk->sk_ipv6only = 1;
-+
- inet_get_ping_group_range_net(net, &low, &high);
- if (gid_lte(low, group) && gid_lte(group, high))
- return 0;
-@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- if (addr_len < sizeof(*addr))
- return -EINVAL;
-
-+ if (addr->sin_family != AF_INET &&
-+ !(addr->sin_family == AF_UNSPEC &&
-+ addr->sin_addr.s_addr == htonl(INADDR_ANY)))
-+ return -EAFNOSUPPORT;
-+
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
- sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
-
-@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- return -EINVAL;
-
- if (addr->sin6_family != AF_INET6)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
-
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
- sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
-@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -358,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -102890,7 +102796,7 @@ index 2a3720f..d32b565 100644
scoped);
rcu_read_unlock();
-@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -566,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -102899,7 +102805,7 @@ index 2a3720f..d32b565 100644
#endif
}
-@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -584,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -102908,16 +102814,7 @@ index 2a3720f..d32b565 100644
info, (u8 *)icmph);
#endif
}
-@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
- if (msg->msg_namelen < sizeof(*usin))
- return -EINVAL;
- if (usin->sin_family != AF_INET)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
- daddr = usin->sin_addr.s_addr;
- /* no remote port */
- } else {
-@@ -911,10 +919,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -919,10 +919,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -102930,7 +102827,7 @@ index 2a3720f..d32b565 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1109,7 +1117,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1117,7 +1117,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -103548,7 +103445,7 @@ index 6156f68..d6ab46d 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index f7c8bbe..534fa31 100644
+index dac9419..534fa31 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
@@ -103621,30 +103518,7 @@ index f7c8bbe..534fa31 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4572,6 +4579,22 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
- return 0;
- }
-
-+static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
-+ [IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 },
-+ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) },
-+};
-+
-+static int inet6_validate_link_af(const struct net_device *dev,
-+ const struct nlattr *nla)
-+{
-+ struct nlattr *tb[IFLA_INET6_MAX + 1];
-+
-+ if (dev && !__in6_dev_get(dev))
-+ return -EAFNOSUPPORT;
-+
-+ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy);
-+}
-+
- static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
- {
- int err = -EINVAL;
-@@ -4824,7 +4847,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4840,7 +4847,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
rt_genid_bump_ipv6(net);
break;
}
@@ -103653,7 +103527,7 @@ index f7c8bbe..534fa31 100644
}
static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
-@@ -4844,7 +4867,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4860,7 +4867,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -103662,7 +103536,7 @@ index f7c8bbe..534fa31 100644
int ret;
/*
-@@ -4929,7 +4952,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4945,7 +4952,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -103671,14 +103545,6 @@ index f7c8bbe..534fa31 100644
int ret;
/*
-@@ -5393,6 +5416,7 @@ static struct rtnl_af_ops inet6_ops = {
- .family = AF_INET6,
- .fill_link_af = inet6_fill_link_af,
- .get_link_af_size = inet6_get_link_af_size,
-+ .validate_link_af = inet6_validate_link_af,
- .set_link_af = inet6_set_link_af,
- };
-
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e8c4400..a4cd5da 100644
--- a/net/ipv6/af_inet6.c
@@ -103923,23 +103789,10 @@ index 6f187c8..34b367f 100644
return -ENOMEM;
}
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
-index 2d31483..47aba96 100644
+index fe7e3e4..47aba96 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
-@@ -102,9 +102,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
-
- if (msg->msg_name) {
- DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name);
-- if (msg->msg_namelen < sizeof(struct sockaddr_in6) ||
-- u->sin6_family != AF_INET6) {
-+ if (msg->msg_namelen < sizeof(*u))
- return -EINVAL;
-+ if (u->sin6_family != AF_INET6) {
-+ return -EAFNOSUPPORT;
- }
- if (sk->sk_bound_dev_if &&
- sk->sk_bound_dev_if != u->sin6_scope_id) {
-@@ -241,6 +242,24 @@ static struct pernet_operations ping_v6_net_ops = {
+@@ -242,6 +242,24 @@ static struct pernet_operations ping_v6_net_ops = {
};
#endif
@@ -103964,7 +103817,7 @@ index 2d31483..47aba96 100644
int __init pingv6_init(void)
{
#ifdef CONFIG_PROC_FS
-@@ -248,13 +267,7 @@ int __init pingv6_init(void)
+@@ -249,13 +267,7 @@ int __init pingv6_init(void)
if (ret)
return ret;
#endif
@@ -103979,7 +103832,7 @@ index 2d31483..47aba96 100644
return inet6_register_protosw(&pingv6_protosw);
}
-@@ -263,14 +276,9 @@ int __init pingv6_init(void)
+@@ -264,14 +276,9 @@ int __init pingv6_init(void)
*/
void pingv6_exit(void)
{
@@ -104126,7 +103979,7 @@ index d7d70e6..bd5e9fc 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 49596535..663a24a 100644
+index 1528d84..f393960 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2978,7 +2978,7 @@ struct ctl_table ipv6_route_table_template[] = {
@@ -104351,7 +104204,7 @@ index c1d247e..9e5949d 100644
if (!ipx_proc_dir)
goto out;
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index 40695b9..c1f2cef 100644
+index 4efe486..dee966e 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -310,10 +310,10 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
@@ -104406,7 +104259,7 @@ index 40695b9..c1f2cef 100644
/* Not really used by us, but lets do it anyway */
self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -959,7 +959,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
+@@ -961,7 +961,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
tty_kref_put(port->tty);
}
port->tty = NULL;
@@ -104415,7 +104268,7 @@ index 40695b9..c1f2cef 100644
spin_unlock_irqrestore(&port->lock, flags);
wake_up_interruptible(&port->open_wait);
-@@ -1306,7 +1306,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
+@@ -1308,7 +1308,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
seq_putc(m, '\n');
seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
@@ -104760,18 +104613,6 @@ index d53355b..21f583a 100644
return -EBUSY;
if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index 058686a..097821b 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -566,6 +566,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
- if (tx->sdata->control_port_no_encrypt)
- info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
- info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
-+ info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
- }
-
- return TX_CONTINUE;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 974ebe7..57bcd3c 100644
--- a/net/mac80211/util.c
@@ -105296,10 +105137,10 @@ index 1786968..1ec6dac 100644
remove_proc_entry("ipt_hashlimit", net->proc_net);
return -ENOMEM;
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
-index 30dbe34..9d0ad70 100644
+index a9faae8..1ea30e0 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
-@@ -643,7 +643,7 @@ static int __net_init recent_proc_net_init(struct net *net)
+@@ -615,7 +615,7 @@ static int __net_init recent_proc_net_init(struct net *net)
{
struct recent_net *recent_net = recent_pernet(net);
@@ -105421,7 +105262,7 @@ index 2034c6d..1a24f03 100644
}
diff --git a/net/openvswitch/vport.h b/net/openvswitch/vport.h
-index 99c8e71..0028a24 100644
+index 8a057d7..b5710c8 100644
--- a/net/openvswitch/vport.h
+++ b/net/openvswitch/vport.h
@@ -71,10 +71,10 @@ int ovs_vport_get_egress_tun_info(struct vport *vport, struct sk_buff *skb,
@@ -105650,6 +105491,94 @@ index a91e1db..cf3053f 100644
#else
ic->i_ack_next = 0;
#endif
+diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c
+index a817705..dba8d08 100644
+--- a/net/rds/iw_rdma.c
++++ b/net/rds/iw_rdma.c
+@@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
+ int *unpinned);
+ static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
+
+-static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id)
++static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst,
++ struct rds_iw_device **rds_iwdev,
++ struct rdma_cm_id **cm_id)
+ {
+ struct rds_iw_device *iwdev;
+ struct rds_iw_cm_id *i_cm_id;
+@@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ src_addr->sin_port,
+ dst_addr->sin_addr.s_addr,
+ dst_addr->sin_port,
+- rs->rs_bound_addr,
+- rs->rs_bound_port,
+- rs->rs_conn_addr,
+- rs->rs_conn_port);
++ src->sin_addr.s_addr,
++ src->sin_port,
++ dst->sin_addr.s_addr,
++ dst->sin_port);
+ #ifdef WORKING_TUPLE_DETECTION
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr &&
+- src_addr->sin_port == rs->rs_bound_port &&
+- dst_addr->sin_addr.s_addr == rs->rs_conn_addr &&
+- dst_addr->sin_port == rs->rs_conn_port) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr &&
++ src_addr->sin_port == src->sin_port &&
++ dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr &&
++ dst_addr->sin_port == dst->sin_port) {
+ #else
+ /* FIXME - needs to compare the local and remote
+ * ipaddr/port tuple, but the ipaddr is the only
+@@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ * zero'ed. It doesn't appear to be properly populated
+ * during connection setup...
+ */
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) {
+ #endif
+ spin_unlock_irq(&iwdev->spinlock);
+ *rds_iwdev = iwdev;
+@@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i
+ {
+ struct sockaddr_in *src_addr, *dst_addr;
+ struct rds_iw_device *rds_iwdev_old;
+- struct rds_sock rs;
+ struct rdma_cm_id *pcm_id;
+ int rc;
+
+ src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr;
+ dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr;
+
+- rs.rs_bound_addr = src_addr->sin_addr.s_addr;
+- rs.rs_bound_port = src_addr->sin_port;
+- rs.rs_conn_addr = dst_addr->sin_addr.s_addr;
+- rs.rs_conn_port = dst_addr->sin_port;
+-
+- rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id);
++ rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id);
+ if (rc)
+ rds_iw_remove_cm_id(rds_iwdev, cm_id);
+
+@@ -598,9 +594,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents,
+ struct rds_iw_device *rds_iwdev;
+ struct rds_iw_mr *ibmr = NULL;
+ struct rdma_cm_id *cm_id;
++ struct sockaddr_in src = {
++ .sin_addr.s_addr = rs->rs_bound_addr,
++ .sin_port = rs->rs_bound_port,
++ };
++ struct sockaddr_in dst = {
++ .sin_addr.s_addr = rs->rs_conn_addr,
++ .sin_port = rs->rs_conn_port,
++ };
+ int ret;
+
+- ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id);
++ ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id);
+ if (ret || !cm_id) {
+ ret = -ENODEV;
+ goto out;
diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c
index a66d179..cf1e258 100644
--- a/net/rds/iw_recv.c
@@ -106217,7 +106146,7 @@ index 2e9ada1..40f425d 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index 418795c..c860724 100644
+index 418795c..c33fa46 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -89,6 +89,7 @@
@@ -106391,7 +106320,16 @@ index 418795c..c860724 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned int, flags, struct sockaddr __user *, addr,
int, addr_len)
-@@ -1817,7 +1882,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+@@ -1765,6 +1830,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
+
+ if (len > INT_MAX)
+ len = INT_MAX;
++ if (unlikely(!access_ok(VERIFY_READ, buff, len)))
++ return -EFAULT;
+ sock = sockfd_lookup_light(fd, &err, &fput_needed);
+ if (!sock)
+ goto out;
+@@ -1817,12 +1884,14 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
struct socket *sock;
struct iovec iov;
struct msghdr msg;
@@ -106400,7 +106338,14 @@ index 418795c..c860724 100644
int err, err2;
int fput_needed;
-@@ -2065,7 +2130,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
+ if (size > INT_MAX)
+ size = INT_MAX;
++ if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size)))
++ return -EFAULT;
+ sock = sockfd_lookup_light(fd, &err, &fput_needed);
+ if (!sock)
+ goto out;
+@@ -2065,7 +2134,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -106409,7 +106354,7 @@ index 418795c..c860724 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2216,7 +2281,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
+@@ -2216,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
ssize_t err;
/* kernel mode address */
@@ -106418,7 +106363,7 @@ index 418795c..c860724 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2862,7 +2927,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2862,7 +2931,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
ifr = compat_alloc_user_space(buf_size);
rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
@@ -106427,7 +106372,7 @@ index 418795c..c860724 100644
return -EFAULT;
if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2973,7 +3038,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2973,7 +3042,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -106436,7 +106381,7 @@ index 418795c..c860724 100644
set_fs(old_fs);
return err;
-@@ -3066,7 +3131,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3066,7 +3135,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -106445,7 +106390,7 @@ index 418795c..c860724 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3150,7 +3215,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3150,7 +3219,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -106454,7 +106399,7 @@ index 418795c..c860724 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3377,8 +3442,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3377,8 +3446,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -106465,7 +106410,7 @@ index 418795c..c860724 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3398,7 +3463,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3398,7 +3467,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -106497,18 +106442,9 @@ index 224a82f..7a42b51 100644
/* make a copy for the caller */
*handle = ctxh;
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
-index 33fb105..567a54c 100644
+index 5199bb1..567a54c 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
-@@ -921,7 +921,7 @@ static unsigned int cache_poll(struct file *filp, poll_table *wait,
- poll_wait(filp, &queue_wait, wait);
-
- /* alway allow write */
-- mask = POLL_OUT | POLLWRNORM;
-+ mask = POLLOUT | POLLWRNORM;
-
- if (!rp)
- return mask;
@@ -1595,7 +1595,7 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net)
struct sunrpc_net *sn;
@@ -109688,10 +109624,10 @@ index 2d957ba..fda022c 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 095d957..0659fdf 100644
+index 64d9863..969034b 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -2954,11 +2954,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -2956,11 +2956,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
@@ -109913,10 +109849,10 @@ index 464385a..46ab3f6 100644
struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
};
diff --git a/sound/firewire/amdtp.c b/sound/firewire/amdtp.c
-index 0d58018..6acc136 100644
+index 911341b..bd18b63 100644
--- a/sound/firewire/amdtp.c
+++ b/sound/firewire/amdtp.c
-@@ -574,7 +574,7 @@ static void update_pcm_pointers(struct amdtp_stream *s,
+@@ -573,7 +573,7 @@ static void update_pcm_pointers(struct amdtp_stream *s,
ptr = s->pcm_buffer_pointer + frames;
if (ptr >= pcm->runtime->buffer_size)
ptr -= pcm->runtime->buffer_size;
@@ -109925,7 +109861,7 @@ index 0d58018..6acc136 100644
s->pcm_period_pointer += frames;
if (s->pcm_period_pointer >= pcm->runtime->period_size) {
-@@ -1014,7 +1014,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer);
+@@ -1013,7 +1013,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer);
*/
void amdtp_stream_update(struct amdtp_stream *s)
{
@@ -116221,10 +116157,10 @@ index 0000000..b8e7188
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..045070e
+index 0000000..d9762e1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,27707 @@
+@@ -0,0 +1,27710 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL nohasharray
+iwl_set_tx_power_1 iwl_set_tx_power 0 1 &intel_fake_agp_alloc_by_type_1
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
@@ -123734,6 +123670,7 @@ index 0000000..045070e
+copy_out_args_17816 copy_out_args 0 17816 NULL
+generic_validate_add_page_17818 generic_validate_add_page 0 17818 NULL
+_snd_pcm_lib_alloc_vmalloc_buffer_17820 _snd_pcm_lib_alloc_vmalloc_buffer 2 17820 NULL
++gnet_stats_copy_app_17821 gnet_stats_copy_app 3 17821 NULL
+regmap_i2c_gather_write_17823 regmap_i2c_gather_write 0 17823 NULL
+jme_request_irq_17824 jme_request_irq 0 17824 NULL
+velocity_init_td_ring_17825 velocity_init_td_ring 0 17825 NULL
@@ -128249,6 +128186,7 @@ index 0000000..045070e
+adp5520_bl_office_max_store_28316 adp5520_bl_office_max_store 4-0 28316 NULL
+snd_pcm_oss_read_28317 snd_pcm_oss_read 3-0 28317 NULL nohasharray
+il4965_show_temperature_28317 il4965_show_temperature 0 28317 &snd_pcm_oss_read_28317
++generic_access_phys_28318 generic_access_phys 4-2 28318 NULL
+fc2580_set_params_28319 fc2580_set_params 0 28319 NULL
+filldir64_28323 filldir64 3 28323 NULL
+card_send_command_28325 card_send_command 0 28325 NULL nohasharray
@@ -131630,7 +131568,8 @@ index 0000000..045070e
+v9fs_xattr_set_36173 v9fs_xattr_set 0 36173 &snd_rme96_playback_trigger_36173
+xilly_get_dma_buffers_36174 xilly_get_dma_buffers 4 36174 NULL
+try_or_set_cluster_36176 try_or_set_cluster 0 36176 NULL nohasharray
-+__sync_dirty_buffer_36176 __sync_dirty_buffer 0 36176 &try_or_set_cluster_36176
++__sync_dirty_buffer_36176 __sync_dirty_buffer 0 36176 &try_or_set_cluster_36176 nohasharray
++SyS_kexec_load_36176 SyS_kexec_load 2 36176 &__sync_dirty_buffer_36176
+mcp251x_hw_reset_36177 mcp251x_hw_reset 0 36177 NULL
+modify_device_36179 modify_device 0 36179 NULL
+dummy_validate_stream_36185 dummy_validate_stream 0 36185 NULL
diff --git a/3.19.1/4425_grsec_remove_EI_PAX.patch b/3.19.2/4425_grsec_remove_EI_PAX.patch
index 86e242a..86e242a 100644
--- a/3.19.1/4425_grsec_remove_EI_PAX.patch
+++ b/3.19.2/4425_grsec_remove_EI_PAX.patch
diff --git a/3.19.1/4427_force_XATTR_PAX_tmpfs.patch b/3.19.2/4427_force_XATTR_PAX_tmpfs.patch
index 22c9273..22c9273 100644
--- a/3.19.1/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.19.2/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.19.1/4430_grsec-remove-localversion-grsec.patch b/3.19.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.19.1/4430_grsec-remove-localversion-grsec.patch
+++ b/3.19.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.19.1/4435_grsec-mute-warnings.patch b/3.19.2/4435_grsec-mute-warnings.patch
index 0585e08..0585e08 100644
--- a/3.19.1/4435_grsec-mute-warnings.patch
+++ b/3.19.2/4435_grsec-mute-warnings.patch
diff --git a/3.19.1/4440_grsec-remove-protected-paths.patch b/3.19.2/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.19.1/4440_grsec-remove-protected-paths.patch
+++ b/3.19.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.19.1/4450_grsec-kconfig-default-gids.patch b/3.19.2/4450_grsec-kconfig-default-gids.patch
index 5c025da..5c025da 100644
--- a/3.19.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.19.2/4450_grsec-kconfig-default-gids.patch
diff --git a/3.19.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.19.2/4465_selinux-avc_audit-log-curr_ip.patch
index ba89596..ba89596 100644
--- a/3.19.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.19.2/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.19.1/4470_disable-compat_vdso.patch b/3.19.2/4470_disable-compat_vdso.patch
index 2192180..2192180 100644
--- a/3.19.1/4470_disable-compat_vdso.patch
+++ b/3.19.2/4470_disable-compat_vdso.patch
diff --git a/3.19.1/4475_emutramp_default_on.patch b/3.19.2/4475_emutramp_default_on.patch
index ad4967a..ad4967a 100644
--- a/3.19.1/4475_emutramp_default_on.patch
+++ b/3.19.2/4475_emutramp_default_on.patch
diff --git a/3.2.68/0000_README b/3.2.68/0000_README
index 43d09c0..78cb951 100644
--- a/3.2.68/0000_README
+++ b/3.2.68/0000_README
@@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch
From: http://www.kernel.org
Desc: Linux 3.2.68
-Patch: 4420_grsecurity-3.1-3.2.68-201503092202.patch
+Patch: 4420_grsecurity-3.1-3.2.68-201503182213.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201503092202.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201503182213.patch
index 0f1e8f1..ae778bb 100644
--- a/3.2.68/4420_grsecurity-3.1-3.2.68-201503092202.patch
+++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201503182213.patch
@@ -38666,7 +38666,7 @@ index 61274bf..72cb4a2 100644
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index a0b69ae..98ea0f3 100644
+index a0b69ae0..98ea0f3 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
@@ -41170,6 +41170,25 @@ index 176c8f9..2627b62 100644
wake_up_process(pool->thread);
}
}
+diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
+index a841123..055ebeb 100644
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
+ if (dmasync)
+ dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+
++ /*
++ * If the combination of the addr and size requested for this memory
++ * region causes an integer overflow, return error.
++ */
++ if ((PAGE_ALIGN(addr + size) <= size) ||
++ (PAGE_ALIGN(addr + size) <= addr))
++ return ERR_PTR(-EINVAL);
++
+ if (!can_do_mlock())
+ return ERR_PTR(-EPERM);
+
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index 40c8353..946b0e4 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
@@ -42469,7 +42488,7 @@ index fd10d7c..1eaf1f4 100644
/* error message helper function */
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
-index 1f355bb..43f1fea 100644
+index 1f355bb..3efedbb 100644
--- a/drivers/isdn/icn/icn.c
+++ b/drivers/isdn/icn/icn.c
@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char * buf, int len, int user, icn_card * card)
@@ -42481,6 +42500,15 @@ index 1f355bb..43f1fea 100644
return -EFAULT;
} else
memcpy(msg, buf, count);
+@@ -1611,7 +1611,7 @@ icn_setup(char *line)
+ if (ints[0] > 1)
+ membase = (unsigned long)ints[2];
+ if (str && *str) {
+- strcpy(sid, str);
++ strlcpy(sid, str, sizeof(sid));
+ icn_id = sid;
+ if ((p = strchr(sid, ','))) {
+ *p++ = 0;
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index 4d395de..c504763 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -50652,6 +50680,122 @@ index 86308a0..feaa925 100644
struct io_req {
struct list_head list;
+diff --git a/drivers/staging/rts5139/rts51x_transport.c b/drivers/staging/rts5139/rts51x_transport.c
+index e11467a..c9dac26 100644
+--- a/drivers/staging/rts5139/rts51x_transport.c
++++ b/drivers/staging/rts5139/rts51x_transport.c
+@@ -337,11 +337,18 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+ void *data, u16 size, int timeout)
+ {
+ struct rts51x_usb *rts51x = chip->usb;
++ void *buf = kmalloc(size, GFP_KERNEL);
+ int result;
++ int ret;
++
++ if (buf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
+
+ RTS51X_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
+ __func__, request, requesttype, value, index, size);
+
++ memcpy(buf, data, size);
++
+ /* fill in the devrequest structure */
+ rts51x->cr->bRequestType = requesttype;
+ rts51x->cr->bRequest = request;
+@@ -351,12 +358,17 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+
+ /* fill and submit the URB */
+ usb_fill_control_urb(rts51x->current_urb, rts51x->pusb_dev, pipe,
+- (unsigned char *)rts51x->cr, data, size,
++ (unsigned char *)rts51x->cr, buf, size,
+ urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, rts51x->current_urb, timeout);
+
+- return interpret_urb_result(chip, pipe, size, result,
++ ret = interpret_urb_result(chip, pipe, size, result,
+ rts51x->current_urb->actual_length);
++ memcpy(data, buf, size);
++
++ kfree(buf);
++
++ return ret;
+ }
+
+ int rts51x_clear_halt(struct rts51x_chip *chip, unsigned int pipe)
+@@ -794,17 +806,30 @@ int rts51x_bulk_transfer_buf(struct rts51x_chip *chip, unsigned int pipe,
+ unsigned int *act_len, int timeout)
+ {
+ int result;
++ int ret;
++ void *newbuf = kmalloc(length, GFP_KERNEL);
++
++ if (newbuf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ memcpy(newbuf, buf, length);
+
+ /* fill and submit the URB */
+ usb_fill_bulk_urb(chip->usb->current_urb, chip->usb->pusb_dev, pipe,
+- buf, length, urb_done_completion, NULL);
++ newbuf, length, urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, chip->usb->current_urb, timeout);
+
+ /* store the actual length of the data transferred */
+ if (act_len)
+ *act_len = chip->usb->current_urb->actual_length;
+- return interpret_urb_result(chip, pipe, length, result,
++ ret = interpret_urb_result(chip, pipe, length, result,
+ chip->usb->current_urb->actual_length);
++
++ memcpy(buf, newbuf, length);
++
++ kfree(newbuf);
++
++ return ret;
+ }
+
+ int rts51x_transfer_data(struct rts51x_chip *chip, unsigned int pipe,
+@@ -888,11 +913,19 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 * status)
+ unsigned int pipe = RCV_INTR_PIPE(chip);
+ struct usb_host_endpoint *ep;
+ struct completion urb_done;
++ u16 *buf_status;
+ int result;
++ int ret;
+
+ if (!status)
+ TRACE_RET(chip, STATUS_ERROR);
+
++ buf_status = kmalloc(sizeof(*status), GFP_KERNEL);
++ if (buf_status == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ *buf_status = *status;
++
+ /* set up data structures for the wakeup system */
+ init_completion(&urb_done);
+
+@@ -902,12 +935,17 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 * status)
+ /* We set interval to 1 here, so the polling interval is controlled
+ * by our polling thread */
+ usb_fill_int_urb(chip->usb->intr_urb, chip->usb->pusb_dev, pipe,
+- status, 2, urb_done_completion, &urb_done, 1);
++ buf_status, 2, urb_done_completion, &urb_done, 1);
+
+ result = rts51x_msg_common(chip, chip->usb->intr_urb, 50);
+
+- return interpret_urb_result(chip, pipe, 2, result,
++ ret = interpret_urb_result(chip, pipe, 2, result,
+ chip->usb->intr_urb->actual_length);
++ *status = *buf_status;
++
++ kfree(buf_status);
++
++ return ret;
+ }
+
+ u8 media_not_present[] = {
diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c
index c7b5e8b..783d6cbe 100644
--- a/drivers/staging/sbe-2t3e3/netdev.c
@@ -104056,10 +104200,19 @@ index e093528..3966d08 100644
.exit = proto_exit_net,
};
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
-index f0bdd36..957fc06 100644
+index f0bdd36..5345e58 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
-@@ -28,7 +28,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write,
+@@ -21,6 +21,8 @@
+
+ static int zero = 0;
+ static int ushort_max = USHRT_MAX;
++static int min_sndbuf = SOCK_MIN_SNDBUF;
++static int min_rcvbuf = SOCK_MIN_RCVBUF;
+
+ #ifdef CONFIG_RPS
+ static int rps_sock_flow_sysctl(ctl_table *table, int write,
+@@ -28,7 +30,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write,
{
unsigned int orig_size, size;
int ret, i;
@@ -104068,7 +104221,44 @@ index f0bdd36..957fc06 100644
.data = &size,
.maxlen = sizeof(size),
.mode = table->mode
-@@ -210,29 +210,27 @@ __net_initdata struct ctl_path net_core_path[] = {
+@@ -89,28 +91,32 @@ static struct ctl_table net_core_table[] = {
+ .data = &sysctl_wmem_max,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+- .proc_handler = proc_dointvec
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_max",
+ .data = &sysctl_rmem_max,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+- .proc_handler = proc_dointvec
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "wmem_default",
+ .data = &sysctl_wmem_default,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+- .proc_handler = proc_dointvec
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_default",
+ .data = &sysctl_rmem_default,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+- .proc_handler = proc_dointvec
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "dev_weight",
+@@ -210,29 +216,27 @@ __net_initdata struct ctl_path net_core_path[] = {
static __net_init int sysctl_core_net_init(struct net *net)
{
@@ -104104,7 +104294,7 @@ index f0bdd36..957fc06 100644
err_dup:
return -ENOMEM;
}
-@@ -247,7 +245,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+@@ -247,7 +251,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
kfree(tbl);
}
@@ -104468,10 +104658,30 @@ index 907ef2c..eba7111 100644
void inet_get_local_port_range(int *low, int *high)
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
-index 6be5e8e..22df23e 100644
+index 6be5e8e..daa1ffb 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
-@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk,
+@@ -71,6 +71,19 @@ static inline void inet_diag_unlock_handler(
+ mutex_unlock(&inet_diag_table_mutex);
+ }
+
++static size_t inet_sk_attr_size(void)
++{
++ return nla_total_size(sizeof(struct tcp_info))
++ + nla_total_size(1) /* INET_DIAG_SHUTDOWN */
++ + nla_total_size(1) /* INET_DIAG_TOS */
++ + nla_total_size(1) /* INET_DIAG_TCLASS */
++ + nla_total_size(sizeof(struct inet_diag_meminfo))
++ + nla_total_size(sizeof(struct inet_diag_msg))
++ + nla_total_size(TCP_CA_NAME_MAX)
++ + nla_total_size(sizeof(struct tcpvegas_info))
++ + 64;
++}
++
+ static int inet_csk_diag_fill(struct sock *sk,
+ struct sk_buff *skb,
+ int ext, u32 pid, u32 seq, u16 nlmsg_flags,
+@@ -114,8 +127,14 @@ static int inet_csk_diag_fill(struct sock *sk,
r->idiag_retrans = 0;
r->id.idiag_if = sk->sk_bound_dev_if;
@@ -104486,7 +104696,7 @@ index 6be5e8e..22df23e 100644
r->id.idiag_sport = inet->inet_sport;
r->id.idiag_dport = inet->inet_dport;
-@@ -215,8 +221,14 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
+@@ -215,8 +234,14 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
r->idiag_retrans = 0;
r->id.idiag_if = tw->tw_bound_dev_if;
@@ -104501,7 +104711,7 @@ index 6be5e8e..22df23e 100644
r->id.idiag_sport = tw->tw_sport;
r->id.idiag_dport = tw->tw_dport;
-@@ -305,12 +317,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
+@@ -305,18 +330,17 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
if (sk == NULL)
goto unlock;
@@ -104515,8 +104725,15 @@ index 6be5e8e..22df23e 100644
+#endif
err = -ENOMEM;
- rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
-@@ -600,8 +614,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
+- rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
+- sizeof(struct inet_diag_meminfo) +
+- handler->idiag_info_size + 64)),
+- GFP_KERNEL);
++ rep = alloc_skb(inet_sk_attr_size(), GFP_KERNEL);
+ if (!rep)
+ goto out;
+
+@@ -600,8 +624,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
r->idiag_retrans = req->retrans;
r->id.idiag_if = sk->sk_bound_dev_if;
@@ -108192,6 +108409,94 @@ index 9556d28..f046d0e 100644
#else
ic->i_ack_next = 0;
#endif
+diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c
+index 4e1de17..83725f3 100644
+--- a/net/rds/iw_rdma.c
++++ b/net/rds/iw_rdma.c
+@@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
+ int *unpinned);
+ static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
+
+-static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id)
++static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst,
++ struct rds_iw_device **rds_iwdev,
++ struct rdma_cm_id **cm_id)
+ {
+ struct rds_iw_device *iwdev;
+ struct rds_iw_cm_id *i_cm_id;
+@@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ src_addr->sin_port,
+ dst_addr->sin_addr.s_addr,
+ dst_addr->sin_port,
+- rs->rs_bound_addr,
+- rs->rs_bound_port,
+- rs->rs_conn_addr,
+- rs->rs_conn_port);
++ src->sin_addr.s_addr,
++ src->sin_port,
++ dst->sin_addr.s_addr,
++ dst->sin_port);
+ #ifdef WORKING_TUPLE_DETECTION
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr &&
+- src_addr->sin_port == rs->rs_bound_port &&
+- dst_addr->sin_addr.s_addr == rs->rs_conn_addr &&
+- dst_addr->sin_port == rs->rs_conn_port) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr &&
++ src_addr->sin_port == src->sin_port &&
++ dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr &&
++ dst_addr->sin_port == dst->sin_port) {
+ #else
+ /* FIXME - needs to compare the local and remote
+ * ipaddr/port tuple, but the ipaddr is the only
+@@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ * zero'ed. It doesn't appear to be properly populated
+ * during connection setup...
+ */
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) {
+ #endif
+ spin_unlock_irq(&iwdev->spinlock);
+ *rds_iwdev = iwdev;
+@@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i
+ {
+ struct sockaddr_in *src_addr, *dst_addr;
+ struct rds_iw_device *rds_iwdev_old;
+- struct rds_sock rs;
+ struct rdma_cm_id *pcm_id;
+ int rc;
+
+ src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr;
+ dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr;
+
+- rs.rs_bound_addr = src_addr->sin_addr.s_addr;
+- rs.rs_bound_port = src_addr->sin_port;
+- rs.rs_conn_addr = dst_addr->sin_addr.s_addr;
+- rs.rs_conn_port = dst_addr->sin_port;
+-
+- rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id);
++ rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id);
+ if (rc)
+ rds_iw_remove_cm_id(rds_iwdev, cm_id);
+
+@@ -611,9 +607,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents,
+ struct rds_iw_device *rds_iwdev;
+ struct rds_iw_mr *ibmr = NULL;
+ struct rdma_cm_id *cm_id;
++ struct sockaddr_in src = {
++ .sin_addr.s_addr = rs->rs_bound_addr,
++ .sin_port = rs->rs_bound_port,
++ };
++ struct sockaddr_in dst = {
++ .sin_addr.s_addr = rs->rs_conn_addr,
++ .sin_port = rs->rs_conn_port,
++ };
+ int ret;
+
+- ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id);
++ ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id);
+ if (ret || !cm_id) {
+ ret = -ENODEV;
+ goto out;
diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c
index 5e57347..3916042 100644
--- a/net/rds/iw_recv.c
@@ -110052,7 +110357,7 @@ index 1983717..4d6102c 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 8705ee3..fb87ef6 100644
+index 8705ee3..c66fcaa 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -768,6 +768,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -110101,7 +110406,24 @@ index 8705ee3..fb87ef6 100644
mutex_unlock(&path.dentry->d_inode->i_mutex);
dput(path.dentry);
path.dentry = dentry;
-@@ -2276,9 +2296,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2180,11 +2200,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
+ writable = unix_writable(sk);
+ other = unix_peer_get(sk);
+ if (other) {
+- if (unix_peer(other) != sk) {
++ unix_state_lock(other);
++ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) {
++ unix_state_unlock(other);
+ sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
+ if (unix_recvq_full(other))
+ writable = 0;
+- }
++ } else
++ unix_state_unlock(other);
+ sock_put(other);
+ }
+
+@@ -2276,9 +2299,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -110116,7 +110438,7 @@ index 8705ee3..fb87ef6 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2305,8 +2329,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2305,8 +2332,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -115555,7 +115877,7 @@ index 0000000..3b5af59
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..de1d984
+index 0000000..cd95c07
--- /dev/null
+++ b/tools/gcc/gcc-common.h
@@ -0,0 +1,375 @@
@@ -115779,7 +116101,7 @@ index 0000000..de1d984
+
+#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0)
+
-+static inline bool gimple_clobber_p(gimple s)
++static inline bool gimple_clobber_p(gimple s __unused)
+{
+ return false;
+}
@@ -122402,10 +122724,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..b45b095
+index 0000000..0d53d19
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5117 @@
+@@ -0,0 +1,5121 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -122822,6 +123144,7 @@ index 0000000..b45b095
+inw_5558 inw 0 5558 NULL
+fir16_create_5574 fir16_create 3 5574 NULL
+bioset_create_5580 bioset_create 1 5580 NULL
++inet_sk_attr_size_5584 inet_sk_attr_size 0 5584 NULL
+do_msgrcv_5590 do_msgrcv 4 5590 NULL
+hidp_output_raw_report_5629 hidp_output_raw_report 3 5629 NULL
+parse_arg_5657 parse_arg 2 5657 NULL
@@ -126221,6 +126544,7 @@ index 0000000..b45b095
+mac_drv_rx_init_48898 mac_drv_rx_init 2 48898 &joydev_handle_JSIOCSAXMAP_48898
+xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL
+msg_hdr_sz_48908 msg_hdr_sz 0 48908 NULL
++rts51x_ctrl_transfer_48914 rts51x_ctrl_transfer 8 48914 NULL
+lpfc_sli4_get_els_iocb_cnt_48926 lpfc_sli4_get_els_iocb_cnt 0 48926 NULL
+event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL
+_alloc_set_attr_list_48991 _alloc_set_attr_list 4 48991 NULL
@@ -126339,6 +126663,7 @@ index 0000000..b45b095
+ocfs2_block_to_cluster_group_50337 ocfs2_block_to_cluster_group 2 50337 NULL nohasharray
+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 3-0 50337 &ocfs2_block_to_cluster_group_50337
+tpm_read_50344 tpm_read 3 50344 NULL
++rts51x_bulk_transfer_buf_50352 rts51x_bulk_transfer_buf 4 50352 NULL
+isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL
+unpack_u16_chunk_50357 unpack_u16_chunk 0 50357 NULL
+iwl_dbgfs_echo_test_write_50362 iwl_dbgfs_echo_test_write 3 50362 NULL
@@ -127058,6 +127383,7 @@ index 0000000..b45b095
+pvr2_debugifc_print_info_59380 pvr2_debugifc_print_info 3 59380 NULL
+journal_init_dev_59384 journal_init_dev 5 59384 NULL
+fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL
++rts51x_transfer_data_59416 rts51x_transfer_data 4 59416 NULL
+pci_ctrl_read_59424 pci_ctrl_read 0 59424 NULL
+vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL
+squashfs_read_data_59440 squashfs_read_data 6 59440 NULL