diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-03-10 12:48:27 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-03-10 12:48:27 -0400 |
| commit | 9eef19a7507c231b5a48f19c4c2cd281c9c53a64 (patch) | |
| tree | 5b0f8bb7dee30d348d05108fdd0fbaebf69a33ed | |
| parent | Grsec/PaX: 3.1-{3.2.67,3.14.34,3.18.8}-201502271843 (diff) | |
| download | hardened-patchset-9eef19a7507c231b5a48f19c4c2cd281c9c53a64.tar.gz hardened-patchset-9eef19a7507c231b5a48f19c4c2cd281c9c53a64.tar.bz2 hardened-patchset-9eef19a7507c231b5a48f19c4c2cd281c9c53a64.zip | |
Grsec/PaX: 3.1-{3.2.68,3.14.35,3.18.9}-201503071142
| -rw-r--r-- | 3.14.35/0000_README (renamed from 3.14.34/0000_README) | 6 | ||||
| -rw-r--r-- | 3.14.35/1034_linux-3.14.35.patch | 2036 | ||||
| -rw-r--r-- | 3.14.35/4420_grsecurity-3.1-3.14.35-201503071140.patch (renamed from 3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch) | 580 | ||||
| -rw-r--r-- | 3.14.35/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.34/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.34/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.34/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4435_grsec-mute-warnings.patch (renamed from 3.14.34/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4440_grsec-remove-protected-paths.patch (renamed from 3.14.34/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.34/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.34/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4470_disable-compat_vdso.patch (renamed from 3.14.34/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.35/4475_emutramp_default_on.patch (renamed from 3.14.34/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/0000_README (renamed from 3.18.8/0000_README) | 6 | ||||
| -rw-r--r-- | 3.18.9/1008_linux-3.18.9.patch | 6044 | ||||
| -rw-r--r-- | 3.18.9/4420_grsecurity-3.1-3.18.9-201503071142.patch (renamed from 3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch) | 535 | ||||
| -rw-r--r-- | 3.18.9/4425_grsec_remove_EI_PAX.patch (renamed from 3.18.8/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.18.8/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4430_grsec-remove-localversion-grsec.patch (renamed from 3.18.8/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4435_grsec-mute-warnings.patch (renamed from 3.18.8/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4440_grsec-remove-protected-paths.patch (renamed from 3.18.8/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4450_grsec-kconfig-default-gids.patch (renamed from 3.18.8/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.18.8/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4470_disable-compat_vdso.patch (renamed from 3.18.8/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.18.9/4475_emutramp_default_on.patch (renamed from 3.18.8/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/0000_README (renamed from 3.2.67/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.68/1021_linux-3.2.22.patch (renamed from 3.2.67/1021_linux-3.2.22.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1022_linux-3.2.23.patch (renamed from 3.2.67/1022_linux-3.2.23.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1023_linux-3.2.24.patch (renamed from 3.2.67/1023_linux-3.2.24.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1024_linux-3.2.25.patch (renamed from 3.2.67/1024_linux-3.2.25.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1025_linux-3.2.26.patch (renamed from 3.2.67/1025_linux-3.2.26.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1026_linux-3.2.27.patch (renamed from 3.2.67/1026_linux-3.2.27.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1027_linux-3.2.28.patch (renamed from 3.2.67/1027_linux-3.2.28.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1028_linux-3.2.29.patch (renamed from 3.2.67/1028_linux-3.2.29.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1029_linux-3.2.30.patch (renamed from 3.2.67/1029_linux-3.2.30.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1030_linux-3.2.31.patch (renamed from 3.2.67/1030_linux-3.2.31.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1031_linux-3.2.32.patch (renamed from 3.2.67/1031_linux-3.2.32.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1032_linux-3.2.33.patch (renamed from 3.2.67/1032_linux-3.2.33.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1033_linux-3.2.34.patch (renamed from 3.2.67/1033_linux-3.2.34.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1034_linux-3.2.35.patch (renamed from 3.2.67/1034_linux-3.2.35.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1035_linux-3.2.36.patch (renamed from 3.2.67/1035_linux-3.2.36.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1036_linux-3.2.37.patch (renamed from 3.2.67/1036_linux-3.2.37.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1037_linux-3.2.38.patch (renamed from 3.2.67/1037_linux-3.2.38.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1038_linux-3.2.39.patch (renamed from 3.2.67/1038_linux-3.2.39.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1039_linux-3.2.40.patch (renamed from 3.2.67/1039_linux-3.2.40.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1040_linux-3.2.41.patch (renamed from 3.2.67/1040_linux-3.2.41.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1041_linux-3.2.42.patch (renamed from 3.2.67/1041_linux-3.2.42.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1042_linux-3.2.43.patch (renamed from 3.2.67/1042_linux-3.2.43.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1043_linux-3.2.44.patch (renamed from 3.2.67/1043_linux-3.2.44.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1044_linux-3.2.45.patch (renamed from 3.2.67/1044_linux-3.2.45.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1045_linux-3.2.46.patch (renamed from 3.2.67/1045_linux-3.2.46.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1046_linux-3.2.47.patch (renamed from 3.2.67/1046_linux-3.2.47.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1047_linux-3.2.48.patch (renamed from 3.2.67/1047_linux-3.2.48.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1048_linux-3.2.49.patch (renamed from 3.2.67/1048_linux-3.2.49.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1049_linux-3.2.50.patch (renamed from 3.2.67/1049_linux-3.2.50.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1050_linux-3.2.51.patch (renamed from 3.2.67/1050_linux-3.2.51.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1051_linux-3.2.52.patch (renamed from 3.2.67/1051_linux-3.2.52.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1052_linux-3.2.53.patch (renamed from 3.2.67/1052_linux-3.2.53.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1053_linux-3.2.54.patch (renamed from 3.2.67/1053_linux-3.2.54.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1054_linux-3.2.55.patch (renamed from 3.2.67/1054_linux-3.2.55.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1055_linux-3.2.56.patch (renamed from 3.2.67/1055_linux-3.2.56.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1056_linux-3.2.57.patch (renamed from 3.2.67/1056_linux-3.2.57.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1057_linux-3.2.58.patch (renamed from 3.2.67/1057_linux-3.2.58.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1058_linux-3.2.59.patch (renamed from 3.2.67/1058_linux-3.2.59.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1059_linux-3.2.60.patch (renamed from 3.2.67/1059_linux-3.2.60.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1060_linux-3.2.61.patch (renamed from 3.2.67/1060_linux-3.2.61.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1061_linux-3.2.62.patch (renamed from 3.2.67/1061_linux-3.2.62.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1062_linux-3.2.63.patch (renamed from 3.2.67/1062_linux-3.2.63.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1063_linux-3.2.64.patch (renamed from 3.2.67/1063_linux-3.2.64.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1064_linux-3.2.65.patch (renamed from 3.2.67/1064_linux-3.2.65.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1065_linux-3.2.66.patch (renamed from 3.2.67/1065_linux-3.2.66.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1066_linux-3.2.67.patch (renamed from 3.2.67/1066_linux-3.2.67.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/1067_linux-3.2.68.patch | 0 | ||||
| -rw-r--r-- | 3.2.68/4420_grsecurity-3.1-3.2.68-201503071137.patch (renamed from 3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch) | 202 | ||||
| -rw-r--r-- | 3.2.68/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.67/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.2.67/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.67/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4435_grsec-mute-warnings.patch (renamed from 3.2.67/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4440_grsec-remove-protected-paths.patch (renamed from 3.2.67/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.67/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.67/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4470_disable-compat_vdso.patch (renamed from 3.2.67/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.2.68/4475_emutramp_default_on.patch (renamed from 3.2.67/4475_emutramp_default_on.patch) | 0 |
82 files changed, 9011 insertions, 404 deletions
diff --git a/3.14.34/0000_README b/3.14.35/0000_README index a144723..8a45ea6 100644 --- a/3.14.34/0000_README +++ b/3.14.35/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.14.34-201502271838.patch +Patch: 1034_linux-3.14.35.patch +From: http://www.kernel.org +Desc: Linux 3.14.35 + +Patch: 4420_grsecurity-3.1-3.14.35-201503071140.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.35/1034_linux-3.14.35.patch b/3.14.35/1034_linux-3.14.35.patch new file mode 100644 index 0000000..668231d --- /dev/null +++ b/3.14.35/1034_linux-3.14.35.patch @@ -0,0 +1,2036 @@ +diff --git a/Makefile b/Makefile +index 5443481..9720e86 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 14 +-SUBLEVEL = 34 ++SUBLEVEL = 35 + EXTRAVERSION = + NAME = Remembering Coco + +diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h +index 6b0b7f7e..7670f33 100644 +--- a/arch/arc/include/asm/pgtable.h ++++ b/arch/arc/include/asm/pgtable.h +@@ -259,7 +259,8 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep) + #define pmd_clear(xp) do { pmd_val(*(xp)) = 0; } while (0) + + #define pte_page(x) (mem_map + \ +- (unsigned long)(((pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT))) ++ (unsigned long)(((pte_val(x) - CONFIG_LINUX_LINK_BASE) >> \ ++ PAGE_SHIFT))) + + #define mk_pte(page, pgprot) \ + ({ \ +diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi +index 2e7d932..b3eff40 100644 +--- a/arch/arm/boot/dts/am335x-bone-common.dtsi ++++ b/arch/arm/boot/dts/am335x-bone-common.dtsi +@@ -197,6 +197,7 @@ + + usb@47401000 { + status = "okay"; ++ dr_mode = "peripheral"; + }; + + usb@47401800 { +diff --git a/arch/arm/boot/dts/tegra20.dtsi b/arch/arm/boot/dts/tegra20.dtsi +index 48d2a7f..ce978bc 100644 +--- a/arch/arm/boot/dts/tegra20.dtsi ++++ b/arch/arm/boot/dts/tegra20.dtsi +@@ -76,9 +76,9 @@ + reset-names = "2d"; + }; + +- gr3d@54140000 { ++ gr3d@54180000 { + compatible = "nvidia,tegra20-gr3d"; +- reg = <0x54140000 0x00040000>; ++ reg = <0x54180000 0x00040000>; + clocks = <&tegra_car TEGRA20_CLK_GR3D>; + resets = <&tegra_car 24>; + reset-names = "3d"; +@@ -138,9 +138,9 @@ + status = "disabled"; + }; + +- dsi@542c0000 { ++ dsi@54300000 { + compatible = "nvidia,tegra20-dsi"; +- reg = <0x542c0000 0x00040000>; ++ reg = <0x54300000 0x00040000>; + clocks = <&tegra_car TEGRA20_CLK_DSI>; + resets = <&tegra_car 48>; + reset-names = "dsi"; +diff --git a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +index 2e35ff9..d3ac4c6 100644 +--- a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c ++++ b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +@@ -1669,7 +1669,7 @@ static struct omap_hwmod dra7xx_uart3_hwmod = { + .class = &dra7xx_uart_hwmod_class, + .clkdm_name = "l4per_clkdm", + .main_clk = "uart3_gfclk_mux", +- .flags = HWMOD_SWSUP_SIDLE_ACT, ++ .flags = HWMOD_SWSUP_SIDLE_ACT | DEBUG_OMAP4UART3_FLAGS, + .prcm = { + .omap4 = { + .clkctrl_offs = DRA7XX_CM_L4PER_UART3_CLKCTRL_OFFSET, +diff --git a/arch/arm/mach-pxa/corgi.c b/arch/arm/mach-pxa/corgi.c +index f162f1b..82fd9dd 100644 +--- a/arch/arm/mach-pxa/corgi.c ++++ b/arch/arm/mach-pxa/corgi.c +@@ -26,6 +26,7 @@ + #include <linux/i2c.h> + #include <linux/i2c/pxa-i2c.h> + #include <linux/io.h> ++#include <linux/regulator/machine.h> + #include <linux/spi/spi.h> + #include <linux/spi/ads7846.h> + #include <linux/spi/corgi_lcd.h> +@@ -711,6 +712,8 @@ static void __init corgi_init(void) + sharpsl_nand_partitions[1].size = 53 * 1024 * 1024; + + platform_add_devices(devices, ARRAY_SIZE(devices)); ++ ++ regulator_has_full_constraints(); + } + + static void __init fixup_corgi(struct tag *tags, char **cmdline, +diff --git a/arch/arm/mach-pxa/hx4700.c b/arch/arm/mach-pxa/hx4700.c +index a7c30eb..007fd8a 100644 +--- a/arch/arm/mach-pxa/hx4700.c ++++ b/arch/arm/mach-pxa/hx4700.c +@@ -892,6 +892,8 @@ static void __init hx4700_init(void) + mdelay(10); + gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1); + mdelay(10); ++ ++ regulator_has_full_constraints(); + } + + MACHINE_START(H4700, "HP iPAQ HX4700") +diff --git a/arch/arm/mach-pxa/poodle.c b/arch/arm/mach-pxa/poodle.c +index aedf053..b4fff29 100644 +--- a/arch/arm/mach-pxa/poodle.c ++++ b/arch/arm/mach-pxa/poodle.c +@@ -25,6 +25,7 @@ + #include <linux/gpio.h> + #include <linux/i2c.h> + #include <linux/i2c/pxa-i2c.h> ++#include <linux/regulator/machine.h> + #include <linux/spi/spi.h> + #include <linux/spi/ads7846.h> + #include <linux/spi/pxa2xx_spi.h> +@@ -454,6 +455,7 @@ static void __init poodle_init(void) + pxa_set_i2c_info(NULL); + i2c_register_board_info(0, ARRAY_AND_SIZE(poodle_i2c_devices)); + poodle_init_spi(); ++ regulator_has_full_constraints(); + } + + static void __init fixup_poodle(struct tag *tags, char **cmdline, +diff --git a/arch/arm/mach-sa1100/pm.c b/arch/arm/mach-sa1100/pm.c +index 6645d1e..34853d5 100644 +--- a/arch/arm/mach-sa1100/pm.c ++++ b/arch/arm/mach-sa1100/pm.c +@@ -81,6 +81,7 @@ static int sa11x0_pm_enter(suspend_state_t state) + /* + * Ensure not to come back here if it wasn't intended + */ ++ RCSR = RCSR_SMR; + PSPR = 0; + + /* +diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c +index b3fc9f5..7ed72dc 100644 +--- a/arch/arm64/kernel/signal32.c ++++ b/arch/arm64/kernel/signal32.c +@@ -151,8 +151,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) + case __SI_TIMER: + err |= __put_user(from->si_tid, &to->si_tid); + err |= __put_user(from->si_overrun, &to->si_overrun); +- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, +- &to->si_ptr); ++ err |= __put_user(from->si_int, &to->si_int); + break; + case __SI_POLL: + err |= __put_user(from->si_band, &to->si_band); +@@ -181,7 +180,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) + case __SI_MESGQ: /* But this is */ + err |= __put_user(from->si_pid, &to->si_pid); + err |= __put_user(from->si_uid, &to->si_uid); +- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr); ++ err |= __put_user(from->si_int, &to->si_int); + break; + default: /* this is just in case for now ... */ + err |= __put_user(from->si_pid, &to->si_pid); +diff --git a/arch/metag/include/asm/processor.h b/arch/metag/include/asm/processor.h +index a8a3747..eb2005b 100644 +--- a/arch/metag/include/asm/processor.h ++++ b/arch/metag/include/asm/processor.h +@@ -149,8 +149,8 @@ extern void exit_thread(void); + + unsigned long get_wchan(struct task_struct *p); + +-#define KSTK_EIP(tsk) ((tsk)->thread.kernel_context->CurrPC) +-#define KSTK_ESP(tsk) ((tsk)->thread.kernel_context->AX[0].U0) ++#define KSTK_EIP(tsk) (task_pt_regs(tsk)->ctx.CurrPC) ++#define KSTK_ESP(tsk) (task_pt_regs(tsk)->ctx.AX[0].U0) + + #define user_stack_pointer(regs) ((regs)->ctx.AX[0].U0) + +diff --git a/arch/mips/kernel/mips_ksyms.c b/arch/mips/kernel/mips_ksyms.c +index 6e58e97..cedeb56 100644 +--- a/arch/mips/kernel/mips_ksyms.c ++++ b/arch/mips/kernel/mips_ksyms.c +@@ -14,6 +14,7 @@ + #include <linux/mm.h> + #include <asm/uaccess.h> + #include <asm/ftrace.h> ++#include <asm/fpu.h> + + extern void *__bzero(void *__s, size_t __count); + extern long __strncpy_from_user_nocheck_asm(char *__to, +@@ -26,6 +27,13 @@ extern long __strnlen_user_nocheck_asm(const char *s); + extern long __strnlen_user_asm(const char *s); + + /* ++ * Core architecture code ++ */ ++#ifdef CONFIG_CPU_R4K_FPU ++EXPORT_SYMBOL_GPL(_save_fp); ++#endif ++ ++/* + * String functions + */ + EXPORT_SYMBOL(memset); +diff --git a/arch/mips/kvm/kvm_locore.S b/arch/mips/kvm/kvm_locore.S +index bbace09..03a2db5 100644 +--- a/arch/mips/kvm/kvm_locore.S ++++ b/arch/mips/kvm/kvm_locore.S +@@ -428,7 +428,7 @@ __kvm_mips_return_to_guest: + /* Setup status register for running guest in UM */ + .set at + or v1, v1, (ST0_EXL | KSU_USER | ST0_IE) +- and v1, v1, ~ST0_CU0 ++ and v1, v1, ~(ST0_CU0 | ST0_MX) + .set noat + mtc0 v1, CP0_STATUS + ehb +diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c +index 3e0ff8d..897c605 100644 +--- a/arch/mips/kvm/kvm_mips.c ++++ b/arch/mips/kvm/kvm_mips.c +@@ -15,6 +15,7 @@ + #include <linux/vmalloc.h> + #include <linux/fs.h> + #include <linux/bootmem.h> ++#include <asm/fpu.h> + #include <asm/page.h> + #include <asm/cacheflush.h> + #include <asm/mmu_context.h> +@@ -418,11 +419,13 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run) + vcpu->mmio_needed = 0; + } + ++ lose_fpu(1); ++ ++ local_irq_disable(); + /* Check if we have any exceptions/interrupts pending */ + kvm_mips_deliver_interrupts(vcpu, + kvm_read_c0_guest_cause(vcpu->arch.cop0)); + +- local_irq_disable(); + kvm_guest_enter(); + + r = __kvm_mips_vcpu_run(run, vcpu); +@@ -1021,9 +1024,6 @@ void kvm_mips_set_c0_status(void) + { + uint32_t status = read_c0_status(); + +- if (cpu_has_fpu) +- status |= (ST0_CU1); +- + if (cpu_has_dsp) + status |= (ST0_MX); + +diff --git a/arch/powerpc/sysdev/axonram.c b/arch/powerpc/sysdev/axonram.c +index 47b6b9f..830edc8 100644 +--- a/arch/powerpc/sysdev/axonram.c ++++ b/arch/powerpc/sysdev/axonram.c +@@ -156,7 +156,7 @@ axon_ram_direct_access(struct block_device *device, sector_t sector, + } + + *kaddr = (void *)(bank->ph_addr + offset); +- *pfn = virt_to_phys(kaddr) >> PAGE_SHIFT; ++ *pfn = virt_to_phys(*kaddr) >> PAGE_SHIFT; + + return 0; + } +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index fab97ad..1777f89 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1207,21 +1207,22 @@ void kvm_track_tsc_matching(struct kvm_vcpu *vcpu) + { + #ifdef CONFIG_X86_64 + bool vcpus_matched; +- bool do_request = false; + struct kvm_arch *ka = &vcpu->kvm->arch; + struct pvclock_gtod_data *gtod = &pvclock_gtod_data; + + vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 == + atomic_read(&vcpu->kvm->online_vcpus)); + +- if (vcpus_matched && gtod->clock.vclock_mode == VCLOCK_TSC) +- if (!ka->use_master_clock) +- do_request = 1; +- +- if (!vcpus_matched && ka->use_master_clock) +- do_request = 1; +- +- if (do_request) ++ /* ++ * Once the masterclock is enabled, always perform request in ++ * order to update it. ++ * ++ * In order to enable masterclock, the host clocksource must be TSC ++ * and the vcpus need to have matched TSCs. When that happens, ++ * perform request to enable masterclock. ++ */ ++ if (ka->use_master_clock || ++ (gtod->clock.vclock_mode == VCLOCK_TSC && vcpus_matched)) + kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu); + + trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc, +diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c +index 207d9aef..448ee89 100644 +--- a/arch/x86/mm/gup.c ++++ b/arch/x86/mm/gup.c +@@ -172,7 +172,7 @@ static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end, + */ + if (pmd_none(pmd) || pmd_trans_splitting(pmd)) + return 0; +- if (unlikely(pmd_large(pmd))) { ++ if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) { + /* + * NUMA hinting faults need to be handled in the GUP + * slowpath for accounting purposes and so that they +diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c +index 8b977eb..006cc91 100644 +--- a/arch/x86/mm/hugetlbpage.c ++++ b/arch/x86/mm/hugetlbpage.c +@@ -66,9 +66,15 @@ follow_huge_addr(struct mm_struct *mm, unsigned long address, int write) + return ERR_PTR(-EINVAL); + } + ++/* ++ * pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal ++ * hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry. ++ * Otherwise, returns 0. ++ */ + int pmd_huge(pmd_t pmd) + { +- return !!(pmd_val(pmd) & _PAGE_PSE); ++ return !pmd_none(pmd) && ++ (pmd_val(pmd) & (_PAGE_PRESENT|_PAGE_PSE)) != _PAGE_PRESENT; + } + + int pud_huge(pud_t pud) +diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c +index 25e7e13..3601ff2 100644 +--- a/arch/x86/mm/mmap.c ++++ b/arch/x86/mm/mmap.c +@@ -35,12 +35,12 @@ struct __read_mostly va_alignment va_align = { + .flags = -1, + }; + +-static unsigned int stack_maxrandom_size(void) ++static unsigned long stack_maxrandom_size(void) + { +- unsigned int max = 0; ++ unsigned long max = 0; + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) { +- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; ++ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT; + } + + return max; +diff --git a/block/blk-throttle.c b/block/blk-throttle.c +index 1474c3a..1599878 100644 +--- a/block/blk-throttle.c ++++ b/block/blk-throttle.c +@@ -1292,6 +1292,9 @@ static u64 tg_prfill_cpu_rwstat(struct seq_file *sf, + struct blkg_rwstat rwstat = { }, tmp; + int i, cpu; + ++ if (tg->stats_cpu == NULL) ++ return 0; ++ + for_each_possible_cpu(cpu) { + struct tg_stats_cpu *sc = per_cpu_ptr(tg->stats_cpu, cpu); + +diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c +index 91c25f26..d9bba99 100644 +--- a/block/cfq-iosched.c ++++ b/block/cfq-iosched.c +@@ -3585,6 +3585,11 @@ retry: + + blkcg = bio_blkcg(bio); + cfqg = cfq_lookup_create_cfqg(cfqd, blkcg); ++ if (!cfqg) { ++ cfqq = &cfqd->oom_cfqq; ++ goto out; ++ } ++ + cfqq = cic_to_cfqq(cic, is_sync); + + /* +@@ -3621,7 +3626,7 @@ retry: + } else + cfqq = &cfqd->oom_cfqq; + } +- ++out: + if (new_cfqq) + kmem_cache_free(cfq_pool, new_cfqq); + +@@ -3651,12 +3656,17 @@ static struct cfq_queue * + cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic, + struct bio *bio, gfp_t gfp_mask) + { +- const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio); +- const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio); ++ int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio); ++ int ioprio = IOPRIO_PRIO_DATA(cic->ioprio); + struct cfq_queue **async_cfqq = NULL; + struct cfq_queue *cfqq = NULL; + + if (!is_sync) { ++ if (!ioprio_valid(cic->ioprio)) { ++ struct task_struct *tsk = current; ++ ioprio = task_nice_ioprio(tsk); ++ ioprio_class = task_nice_ioclass(tsk); ++ } + async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio); + cfqq = *async_cfqq; + } +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c +index b11949c..f667e37 100644 +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -157,6 +157,8 @@ static const struct usb_device_id ath3k_blist_tbl[] = { + #define USB_REQ_DFU_DNLOAD 1 + #define BULK_SIZE 4096 + #define FW_HDR_SIZE 20 ++#define TIMEGAP_USEC_MIN 50 ++#define TIMEGAP_USEC_MAX 100 + + static int ath3k_load_firmware(struct usb_device *udev, + const struct firmware *firmware) +@@ -187,6 +189,9 @@ static int ath3k_load_firmware(struct usb_device *udev, + count -= 20; + + while (count) { ++ /* workaround the compatibility issue with xHCI controller*/ ++ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX); ++ + size = min_t(uint, count, BULK_SIZE); + pipe = usb_sndbulkpipe(udev, 0x02); + memcpy(send_buf, firmware->data + sent, size); +@@ -283,6 +288,9 @@ static int ath3k_load_fwfile(struct usb_device *udev, + count -= size; + + while (count) { ++ /* workaround the compatibility issue with xHCI controller*/ ++ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX); ++ + size = min_t(uint, count, BULK_SIZE); + pipe = usb_sndbulkpipe(udev, 0x02); + +diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c +index 6af1700..cfb9089 100644 +--- a/drivers/char/tpm/tpm-interface.c ++++ b/drivers/char/tpm/tpm-interface.c +@@ -1122,7 +1122,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, + + /* Make chip available */ + spin_lock(&driver_lock); +- list_add_rcu(&chip->list, &tpm_chip_list); ++ list_add_tail_rcu(&chip->list, &tpm_chip_list); + spin_unlock(&driver_lock); + + return chip; +diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c +index 7727292..503a85a 100644 +--- a/drivers/char/tpm/tpm_i2c_atmel.c ++++ b/drivers/char/tpm/tpm_i2c_atmel.c +@@ -168,6 +168,10 @@ static int i2c_atmel_probe(struct i2c_client *client, + + chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data), + GFP_KERNEL); ++ if (!chip->vendor.priv) { ++ rc = -ENOMEM; ++ goto out_err; ++ } + + /* Default timeouts */ + chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT); +diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c +index 7b158ef..23c7b13 100644 +--- a/drivers/char/tpm/tpm_i2c_nuvoton.c ++++ b/drivers/char/tpm/tpm_i2c_nuvoton.c +@@ -538,6 +538,11 @@ static int i2c_nuvoton_probe(struct i2c_client *client, + + chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data), + GFP_KERNEL); ++ if (!chip->vendor.priv) { ++ rc = -ENOMEM; ++ goto out_err; ++ } ++ + init_waitqueue_head(&chip->vendor.read_queue); + init_waitqueue_head(&chip->vendor.int_queue); + +diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c +index be9af2e..576d111 100644 +--- a/drivers/char/tpm/tpm_i2c_stm_st33.c ++++ b/drivers/char/tpm/tpm_i2c_stm_st33.c +@@ -488,7 +488,7 @@ static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf, + if (burstcnt < 0) + return burstcnt; + size = min_t(int, len - i - 1, burstcnt); +- ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size); ++ ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + i, size); + if (ret < 0) + goto out_err; + +diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c +index af74c57..eff9d58 100644 +--- a/drivers/char/tpm/tpm_ibmvtpm.c ++++ b/drivers/char/tpm/tpm_ibmvtpm.c +@@ -148,7 +148,8 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count) + crq.len = (u16)count; + crq.data = ibmvtpm->rtce_dma_handle; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, word[0], word[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(word[0]), ++ cpu_to_be64(word[1])); + if (rc != H_SUCCESS) { + dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc); + rc = 0; +@@ -186,7 +187,8 @@ static int ibmvtpm_crq_get_rtce_size(struct ibmvtpm_dev *ibmvtpm) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_GET_RTCE_BUFFER_SIZE; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "ibmvtpm_crq_get_rtce_size failed rc=%d\n", rc); +@@ -212,7 +214,8 @@ static int ibmvtpm_crq_get_version(struct ibmvtpm_dev *ibmvtpm) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_GET_VERSION; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "ibmvtpm_crq_get_version failed rc=%d\n", rc); +@@ -307,6 +310,14 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev) + static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev) + { + struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev); ++ ++ /* ibmvtpm initializes at probe time, so the data we are ++ * asking for may not be set yet. Estimate that 4K required ++ * for TCE-mapped buffer in addition to CRQ. ++ */ ++ if (!ibmvtpm) ++ return CRQ_RES_BUF_SIZE + PAGE_SIZE; ++ + return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size; + } + +@@ -327,7 +338,8 @@ static int tpm_ibmvtpm_suspend(struct device *dev) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_PREPARE_TO_SUSPEND; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "tpm_ibmvtpm_suspend failed rc=%d\n", rc); +@@ -472,11 +484,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq, + case IBMVTPM_VALID_CMD: + switch (crq->msg) { + case VTPM_GET_RTCE_BUFFER_SIZE_RES: +- if (crq->len <= 0) { ++ if (be16_to_cpu(crq->len) <= 0) { + dev_err(ibmvtpm->dev, "Invalid rtce size\n"); + return; + } +- ibmvtpm->rtce_size = crq->len; ++ ibmvtpm->rtce_size = be16_to_cpu(crq->len); + ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size, + GFP_KERNEL); + if (!ibmvtpm->rtce_buf) { +@@ -497,11 +509,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq, + + return; + case VTPM_GET_VERSION_RES: +- ibmvtpm->vtpm_version = crq->data; ++ ibmvtpm->vtpm_version = be32_to_cpu(crq->data); + return; + case VTPM_TPM_COMMAND_RES: + /* len of the data in rtce buffer */ +- ibmvtpm->res_len = crq->len; ++ ibmvtpm->res_len = be16_to_cpu(crq->len); + wake_up_interruptible(&ibmvtpm->wq); + return; + default: +diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c +index 2c46734..51350cd 100644 +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -75,6 +75,10 @@ enum tis_defaults { + #define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) + #define TPM_RID(l) (0x0F04 | ((l) << 12)) + ++struct priv_data { ++ bool irq_tested; ++}; ++ + static LIST_HEAD(tis_chips); + static DEFINE_MUTEX(tis_lock); + +@@ -338,12 +342,27 @@ out_err: + return rc; + } + ++static void disable_interrupts(struct tpm_chip *chip) ++{ ++ u32 intmask; ++ ++ intmask = ++ ioread32(chip->vendor.iobase + ++ TPM_INT_ENABLE(chip->vendor.locality)); ++ intmask &= ~TPM_GLOBAL_INT_ENABLE; ++ iowrite32(intmask, ++ chip->vendor.iobase + ++ TPM_INT_ENABLE(chip->vendor.locality)); ++ free_irq(chip->vendor.irq, chip); ++ chip->vendor.irq = 0; ++} ++ + /* + * If interrupts are used (signaled by an irq set in the vendor structure) + * tpm.c can skip polling for the data to be available as the interrupt is + * waited for here + */ +-static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) ++static int tpm_tis_send_main(struct tpm_chip *chip, u8 *buf, size_t len) + { + int rc; + u32 ordinal; +@@ -373,6 +392,30 @@ out_err: + return rc; + } + ++static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) ++{ ++ int rc, irq; ++ struct priv_data *priv = chip->vendor.priv; ++ ++ if (!chip->vendor.irq || priv->irq_tested) ++ return tpm_tis_send_main(chip, buf, len); ++ ++ /* Verify receipt of the expected IRQ */ ++ irq = chip->vendor.irq; ++ chip->vendor.irq = 0; ++ rc = tpm_tis_send_main(chip, buf, len); ++ chip->vendor.irq = irq; ++ if (!priv->irq_tested) ++ msleep(1); ++ if (!priv->irq_tested) { ++ disable_interrupts(chip); ++ dev_err(chip->dev, ++ FW_BUG "TPM interrupt not working, polling instead\n"); ++ } ++ priv->irq_tested = true; ++ return rc; ++} ++ + struct tis_vendor_timeout_override { + u32 did_vid; + unsigned long timeout_us[4]; +@@ -505,6 +548,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id) + if (interrupt == 0) + return IRQ_NONE; + ++ ((struct priv_data *)chip->vendor.priv)->irq_tested = true; + if (interrupt & TPM_INTF_DATA_AVAIL_INT) + wake_up_interruptible(&chip->vendor.read_queue); + if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT) +@@ -534,9 +578,14 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + u32 vendor, intfcaps, intmask; + int rc, i, irq_s, irq_e, probe; + struct tpm_chip *chip; ++ struct priv_data *priv; + ++ priv = devm_kzalloc(dev, sizeof(struct priv_data), GFP_KERNEL); ++ if (priv == NULL) ++ return -ENOMEM; + if (!(chip = tpm_register_hardware(dev, &tpm_tis))) + return -ENODEV; ++ chip->vendor.priv = priv; + + chip->vendor.iobase = ioremap(start, len); + if (!chip->vendor.iobase) { +@@ -605,19 +654,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + if (intfcaps & TPM_INTF_DATA_AVAIL_INT) + dev_dbg(dev, "\tData Avail Int Support\n"); + +- /* get the timeouts before testing for irqs */ +- if (tpm_get_timeouts(chip)) { +- dev_err(dev, "Could not get TPM timeouts and durations\n"); +- rc = -ENODEV; +- goto out_err; +- } +- +- if (tpm_do_selftest(chip)) { +- dev_err(dev, "TPM self test failed\n"); +- rc = -ENODEV; +- goto out_err; +- } +- + /* INTERRUPT Setup */ + init_waitqueue_head(&chip->vendor.read_queue); + init_waitqueue_head(&chip->vendor.int_queue); +@@ -719,6 +755,18 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + } + } + ++ if (tpm_get_timeouts(chip)) { ++ dev_err(dev, "Could not get TPM timeouts and durations\n"); ++ rc = -ENODEV; ++ goto out_err; ++ } ++ ++ if (tpm_do_selftest(chip)) { ++ dev_err(dev, "TPM self test failed\n"); ++ rc = -ENODEV; ++ goto out_err; ++ } ++ + INIT_LIST_HEAD(&chip->vendor.list); + mutex_lock(&tis_lock); + list_add(&chip->vendor.list, &tis_chips); +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 4854f81..ef3b8ad 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1365,9 +1365,10 @@ static int __cpufreq_remove_dev_finish(struct device *dev, + unsigned long flags; + struct cpufreq_policy *policy; + +- read_lock_irqsave(&cpufreq_driver_lock, flags); ++ write_lock_irqsave(&cpufreq_driver_lock, flags); + policy = per_cpu(cpufreq_cpu_data, cpu); +- read_unlock_irqrestore(&cpufreq_driver_lock, flags); ++ per_cpu(cpufreq_cpu_data, cpu) = NULL; ++ write_unlock_irqrestore(&cpufreq_driver_lock, flags); + + if (!policy) { + pr_debug("%s: No cpu_data found\n", __func__); +@@ -1422,7 +1423,6 @@ static int __cpufreq_remove_dev_finish(struct device *dev, + } + } + +- per_cpu(cpufreq_cpu_data, cpu) = NULL; + return 0; + } + +diff --git a/drivers/cpufreq/s3c2416-cpufreq.c b/drivers/cpufreq/s3c2416-cpufreq.c +index 826b8be..82cef00 100644 +--- a/drivers/cpufreq/s3c2416-cpufreq.c ++++ b/drivers/cpufreq/s3c2416-cpufreq.c +@@ -263,7 +263,7 @@ out: + } + + #ifdef CONFIG_ARM_S3C2416_CPUFREQ_VCORESCALE +-static void __init s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq) ++static void s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq) + { + int count, v, i, found; + struct cpufreq_frequency_table *freq; +@@ -335,7 +335,7 @@ static struct notifier_block s3c2416_cpufreq_reboot_notifier = { + .notifier_call = s3c2416_cpufreq_reboot_notifier_evt, + }; + +-static int __init s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy) ++static int s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy) + { + struct s3c2416_data *s3c_freq = &s3c2416_cpufreq; + struct cpufreq_frequency_table *freq; +diff --git a/drivers/cpufreq/s3c24xx-cpufreq.c b/drivers/cpufreq/s3c24xx-cpufreq.c +index 2506974..0eb5b40 100644 +--- a/drivers/cpufreq/s3c24xx-cpufreq.c ++++ b/drivers/cpufreq/s3c24xx-cpufreq.c +@@ -454,7 +454,7 @@ static struct cpufreq_driver s3c24xx_driver = { + }; + + +-int __init s3c_cpufreq_register(struct s3c_cpufreq_info *info) ++int s3c_cpufreq_register(struct s3c_cpufreq_info *info) + { + if (!info || !info->name) { + printk(KERN_ERR "%s: failed to pass valid information\n", +diff --git a/drivers/cpufreq/speedstep-lib.c b/drivers/cpufreq/speedstep-lib.c +index 7047821..4ab7a21 100644 +--- a/drivers/cpufreq/speedstep-lib.c ++++ b/drivers/cpufreq/speedstep-lib.c +@@ -400,6 +400,7 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor, + + pr_debug("previous speed is %u\n", prev_speed); + ++ preempt_disable(); + local_irq_save(flags); + + /* switch to low state */ +@@ -464,6 +465,8 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor, + + out: + local_irq_restore(flags); ++ preempt_enable(); ++ + return ret; + } + EXPORT_SYMBOL_GPL(speedstep_get_freqs); +diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c +index 998c17b..b52d8af 100644 +--- a/drivers/cpufreq/speedstep-smi.c ++++ b/drivers/cpufreq/speedstep-smi.c +@@ -156,6 +156,7 @@ static void speedstep_set_state(unsigned int state) + return; + + /* Disable IRQs */ ++ preempt_disable(); + local_irq_save(flags); + + command = (smi_sig & 0xffffff00) | (smi_cmd & 0xff); +@@ -166,9 +167,19 @@ static void speedstep_set_state(unsigned int state) + + do { + if (retry) { ++ /* ++ * We need to enable interrupts, otherwise the blockage ++ * won't resolve. ++ * ++ * We disable preemption so that other processes don't ++ * run. If other processes were running, they could ++ * submit more DMA requests, making the blockage worse. ++ */ + pr_debug("retry %u, previous result %u, waiting...\n", + retry, result); ++ local_irq_enable(); + mdelay(retry * 50); ++ local_irq_disable(); + } + retry++; + __asm__ __volatile__( +@@ -185,6 +196,7 @@ static void speedstep_set_state(unsigned int state) + + /* enable IRQs */ + local_irq_restore(flags); ++ preempt_enable(); + + if (new_state == state) + pr_debug("change to %u MHz succeeded after %u tries " +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c +index 98e14ee..278603c 100644 +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -2006,14 +2006,20 @@ static void __log_bus_error(struct mem_ctl_info *mci, struct err_info *err, + + static inline void decode_bus_error(int node_id, struct mce *m) + { +- struct mem_ctl_info *mci = mcis[node_id]; +- struct amd64_pvt *pvt = mci->pvt_info; ++ struct mem_ctl_info *mci; ++ struct amd64_pvt *pvt; + u8 ecc_type = (m->status >> 45) & 0x3; + u8 xec = XEC(m->status, 0x1f); + u16 ec = EC(m->status); + u64 sys_addr; + struct err_info err; + ++ mci = edac_mc_find(node_id); ++ if (!mci) ++ return; ++ ++ pvt = mci->pvt_info; ++ + /* Bail out early if this was an 'observed' error */ + if (PP(ec) == NBSL_PP_OBS) + return; +diff --git a/drivers/gpio/gpio-tps65912.c b/drivers/gpio/gpio-tps65912.c +index 59ee486..6005d26 100644 +--- a/drivers/gpio/gpio-tps65912.c ++++ b/drivers/gpio/gpio-tps65912.c +@@ -26,9 +26,12 @@ struct tps65912_gpio_data { + struct gpio_chip gpio_chip; + }; + ++#define to_tgd(gc) container_of(gc, struct tps65912_gpio_data, gpio_chip) ++ + static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + int val; + + val = tps65912_reg_read(tps65912, TPS65912_GPIO1 + offset); +@@ -42,7 +45,8 @@ static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset) + static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset, + int value) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + if (value) + tps65912_set_bits(tps65912, TPS65912_GPIO1 + offset, +@@ -55,7 +59,8 @@ static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset, + static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset, + int value) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + /* Set the initial value */ + tps65912_gpio_set(gc, offset, value); +@@ -66,7 +71,8 @@ static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset, + + static int tps65912_gpio_input(struct gpio_chip *gc, unsigned offset) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + return tps65912_clear_bits(tps65912, TPS65912_GPIO1 + offset, + GPIO_CFG_MASK); +diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c +index 74ed17d..d26028c 100644 +--- a/drivers/gpio/gpiolib-of.c ++++ b/drivers/gpio/gpiolib-of.c +@@ -45,12 +45,13 @@ static int of_gpiochip_find_and_xlate(struct gpio_chip *gc, void *data) + + ret = gc->of_xlate(gc, &gg_data->gpiospec, gg_data->flags); + if (ret < 0) { +- /* We've found the gpio chip, but the translation failed. +- * Return true to stop looking and return the translation +- * error via out_gpio ++ /* We've found a gpio chip, but the translation failed. ++ * Store translation error in out_gpio. ++ * Return false to keep looking, as more than one gpio chip ++ * could be registered per of-node. + */ + gg_data->out_gpio = ERR_PTR(ret); +- return true; ++ return false; + } + + gg_data->out_gpio = gpio_to_desc(ret + gc->base); +diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c +index 6e5d8fe..17be889 100644 +--- a/drivers/hid/i2c-hid/i2c-hid.c ++++ b/drivers/hid/i2c-hid/i2c-hid.c +@@ -356,7 +356,10 @@ static int i2c_hid_hwreset(struct i2c_client *client) + static void i2c_hid_get_input(struct i2c_hid *ihid) + { + int ret, ret_size; +- int size = ihid->bufsize; ++ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength); ++ ++ if (size > ihid->bufsize) ++ size = ihid->bufsize; + + ret = i2c_master_recv(ihid->client, ihid->inbuf, size); + if (ret != size) { +diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c +index 55de4f6..b96ee9d 100644 +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -561,7 +561,7 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect + if (test_bit(WriteMostly, &rdev->flags)) { + /* Don't balance among write-mostly, just + * use the first as a last resort */ +- if (best_disk < 0) { ++ if (best_dist_disk < 0) { + if (is_badblock(rdev, this_sector, sectors, + &first_bad, &bad_sectors)) { + if (first_bad < this_sector) +@@ -570,7 +570,8 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect + best_good_sectors = first_bad - this_sector; + } else + best_good_sectors = sectors; +- best_disk = disk; ++ best_dist_disk = disk; ++ best_pending_disk = disk; + } + continue; + } +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index 175584a..3545faf 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3071,7 +3071,8 @@ static void handle_stripe_dirtying(struct r5conf *conf, + * generate correct data from the parity. + */ + if (conf->max_degraded == 2 || +- (recovery_cp < MaxSector && sh->sector >= recovery_cp)) { ++ (recovery_cp < MaxSector && sh->sector >= recovery_cp && ++ s->failed == 0)) { + /* Calculate the real rcw later - for now make it + * look like rcw is cheaper + */ +diff --git a/drivers/media/usb/dvb-usb-v2/lmedm04.c b/drivers/media/usb/dvb-usb-v2/lmedm04.c +index f674dc0..d2a4e6d 100644 +--- a/drivers/media/usb/dvb-usb-v2/lmedm04.c ++++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c +@@ -350,6 +350,7 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap) + { + struct dvb_usb_device *d = adap_to_d(adap); + struct lme2510_state *lme_int = adap_to_priv(adap); ++ struct usb_host_endpoint *ep; + + lme_int->lme_urb = usb_alloc_urb(0, GFP_ATOMIC); + +@@ -371,6 +372,12 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap) + adap, + 8); + ++ /* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */ ++ ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe); ++ ++ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK) ++ lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa), ++ + lme_int->lme_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; + + usb_submit_urb(lme_int->lme_urb, GFP_ATOMIC); +diff --git a/drivers/media/usb/em28xx/em28xx-audio.c b/drivers/media/usb/em28xx/em28xx-audio.c +index dfdfa77..c39f7d3 100644 +--- a/drivers/media/usb/em28xx/em28xx-audio.c ++++ b/drivers/media/usb/em28xx/em28xx-audio.c +@@ -814,7 +814,7 @@ static int em28xx_audio_urb_init(struct em28xx *dev) + if (urb_size > ep_size * npackets) + npackets = DIV_ROUND_UP(urb_size, ep_size); + +- em28xx_info("Number of URBs: %d, with %d packets and %d size", ++ em28xx_info("Number of URBs: %d, with %d packets and %d size\n", + num_urb, npackets, urb_size); + + /* Estimate the bytes per period */ +@@ -974,7 +974,7 @@ static int em28xx_audio_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing audio extension"); ++ em28xx_info("Closing audio extension\n"); + + if (dev->adev.sndcard) { + snd_card_disconnect(dev->adev.sndcard); +diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c +index 1373cfa..ec2ebe9 100644 +--- a/drivers/media/usb/em28xx/em28xx-dvb.c ++++ b/drivers/media/usb/em28xx/em28xx-dvb.c +@@ -1468,7 +1468,7 @@ static int em28xx_dvb_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing DVB extension"); ++ em28xx_info("Closing DVB extension\n"); + + if (dev->dvb) { + struct em28xx_dvb *dvb = dev->dvb; +diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c +index 18f65d8..dd59c00 100644 +--- a/drivers/media/usb/em28xx/em28xx-input.c ++++ b/drivers/media/usb/em28xx/em28xx-input.c +@@ -810,7 +810,7 @@ static int em28xx_ir_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing input extension"); ++ em28xx_info("Closing input extension\n"); + + em28xx_shutdown_buttons(dev); + +diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c +index e24ee08..0e8d085 100644 +--- a/drivers/media/usb/em28xx/em28xx-video.c ++++ b/drivers/media/usb/em28xx/em28xx-video.c +@@ -1900,7 +1900,7 @@ static int em28xx_v4l2_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing video extension"); ++ em28xx_info("Closing video extension\n"); + + mutex_lock(&dev->lock); + +diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c +index 793dacd..561c6b4 100644 +--- a/drivers/mmc/host/sdhci-pxav3.c ++++ b/drivers/mmc/host/sdhci-pxav3.c +@@ -201,8 +201,8 @@ static struct sdhci_pxa_platdata *pxav3_get_mmc_pdata(struct device *dev) + if (!pdata) + return NULL; + +- of_property_read_u32(np, "mrvl,clk-delay-cycles", &clk_delay_cycles); +- if (clk_delay_cycles > 0) ++ if (!of_property_read_u32(np, "mrvl,clk-delay-cycles", ++ &clk_delay_cycles)) + pdata->clk_delay_cycles = clk_delay_cycles; + + return pdata; +diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +index d06414e..a041746 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c ++++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +@@ -410,9 +410,6 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac, + mvmvif->uploaded = false; + mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT; + +- /* does this make sense at all? */ +- mvmvif->color++; +- + spin_lock_bh(&mvm->time_event_lock); + iwl_mvm_te_clear_data(mvm, &mvmvif->time_event_data); + spin_unlock_bh(&mvm->time_event_lock); +@@ -597,7 +594,7 @@ static int iwl_mvm_mac_add_interface(struct ieee80211_hw *hw, + + ret = iwl_mvm_mac_ctxt_add(mvm, vif); + if (ret) +- goto out_release; ++ goto out_remove_mac; + + iwl_mvm_power_disable(mvm, vif); + +diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c +index 76ee486..4efcb28 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/tx.c ++++ b/drivers/net/wireless/iwlwifi/mvm/tx.c +@@ -835,6 +835,11 @@ int iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb, + sta_id = ba_notif->sta_id; + tid = ba_notif->tid; + ++ if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT || ++ tid >= IWL_MAX_TID_COUNT, ++ "sta_id %d tid %d", sta_id, tid)) ++ return 0; ++ + rcu_read_lock(); + + sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); +diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c +index 3d54900..52427fb 100644 +--- a/drivers/net/wireless/iwlwifi/pcie/tx.c ++++ b/drivers/net/wireless/iwlwifi/pcie/tx.c +@@ -729,7 +729,12 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans) + iwl_write_direct32(trans, FH_KW_MEM_ADDR_REG, + trans_pcie->kw.dma >> 4); + +- iwl_pcie_tx_start(trans, trans_pcie->scd_base_addr); ++ /* ++ * Send 0 as the scd_base_addr since the device may have be reset ++ * while we were in WoWLAN in which case SCD_SRAM_BASE_ADDR will ++ * contain garbage. ++ */ ++ iwl_pcie_tx_start(trans, 0); + } + + /* +diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c +index 25f0bc6..7f41551 100644 +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -1324,7 +1324,7 @@ static int pci_uevent(struct device *dev, struct kobj_uevent_env *env) + if (add_uevent_var(env, "PCI_SLOT_NAME=%s", pci_name(pdev))) + return -ENOMEM; + +- if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x", ++ if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X", + pdev->vendor, pdev->device, + pdev->subsystem_vendor, pdev->subsystem_device, + (u8)(pdev->class >> 16), (u8)(pdev->class >> 8), +diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c +index 5d59572..5510c88 100644 +--- a/drivers/pci/rom.c ++++ b/drivers/pci/rom.c +@@ -69,6 +69,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) + { + void __iomem *image; + int last_image; ++ unsigned length; + + image = rom; + do { +@@ -91,9 +92,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) + if (readb(pds + 3) != 'R') + break; + last_image = readb(pds + 21) & 0x80; +- /* this length is reliable */ +- image += readw(pds + 16) * 512; +- } while (!last_image); ++ length = readw(pds + 16); ++ image += length * 512; ++ } while (length && !last_image); + + /* never return a size larger than the PCI resource window */ + /* there are known ROMs that get the size wrong */ +diff --git a/drivers/power/88pm860x_charger.c b/drivers/power/88pm860x_charger.c +index de029bb..5ccca87 100644 +--- a/drivers/power/88pm860x_charger.c ++++ b/drivers/power/88pm860x_charger.c +@@ -711,6 +711,7 @@ static int pm860x_charger_probe(struct platform_device *pdev) + return 0; + + out_irq: ++ power_supply_unregister(&info->usb); + while (--i >= 0) + free_irq(info->irq[i], info); + out: +diff --git a/drivers/power/bq24190_charger.c b/drivers/power/bq24190_charger.c +index ad3ff8f..e4c95e1 100644 +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -929,7 +929,7 @@ static void bq24190_charger_init(struct power_supply *charger) + charger->properties = bq24190_charger_properties; + charger->num_properties = ARRAY_SIZE(bq24190_charger_properties); + charger->supplied_to = bq24190_charger_supplied_to; +- charger->num_supplies = ARRAY_SIZE(bq24190_charger_supplied_to); ++ charger->num_supplicants = ARRAY_SIZE(bq24190_charger_supplied_to); + charger->get_property = bq24190_charger_get_property; + charger->set_property = bq24190_charger_set_property; + charger->property_is_writeable = bq24190_charger_property_is_writeable; +diff --git a/drivers/power/gpio-charger.c b/drivers/power/gpio-charger.c +index a0024b2..86e03c6 100644 +--- a/drivers/power/gpio-charger.c ++++ b/drivers/power/gpio-charger.c +@@ -168,7 +168,7 @@ static int gpio_charger_suspend(struct device *dev) + + if (device_may_wakeup(dev)) + gpio_charger->wakeup_enabled = +- enable_irq_wake(gpio_charger->irq); ++ !enable_irq_wake(gpio_charger->irq); + + return 0; + } +@@ -178,7 +178,7 @@ static int gpio_charger_resume(struct device *dev) + struct platform_device *pdev = to_platform_device(dev); + struct gpio_charger *gpio_charger = platform_get_drvdata(pdev); + +- if (gpio_charger->wakeup_enabled) ++ if (device_may_wakeup(dev) && gpio_charger->wakeup_enabled) + disable_irq_wake(gpio_charger->irq); + power_supply_changed(&gpio_charger->charger); + +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c +index f655592..a1f04e3 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c +@@ -92,6 +92,8 @@ megasas_enable_intr_fusion(struct megasas_instance *instance) + { + struct megasas_register_set __iomem *regs; + regs = instance->reg_set; ++ ++ instance->mask_interrupts = 0; + /* For Thunderbolt/Invader also clear intr on enable */ + writel(~0, ®s->outbound_intr_status); + readl(®s->outbound_intr_status); +@@ -100,7 +102,6 @@ megasas_enable_intr_fusion(struct megasas_instance *instance) + + /* Dummy readl to force pci flush */ + readl(®s->outbound_intr_mask); +- instance->mask_interrupts = 0; + } + + /** +diff --git a/drivers/target/iscsi/iscsi_target_tq.c b/drivers/target/iscsi/iscsi_target_tq.c +index 601e9cc..bb2890e 100644 +--- a/drivers/target/iscsi/iscsi_target_tq.c ++++ b/drivers/target/iscsi/iscsi_target_tq.c +@@ -24,36 +24,22 @@ + #include "iscsi_target_tq.h" + #include "iscsi_target.h" + +-static LIST_HEAD(active_ts_list); + static LIST_HEAD(inactive_ts_list); +-static DEFINE_SPINLOCK(active_ts_lock); + static DEFINE_SPINLOCK(inactive_ts_lock); + static DEFINE_SPINLOCK(ts_bitmap_lock); + +-static void iscsi_add_ts_to_active_list(struct iscsi_thread_set *ts) +-{ +- spin_lock(&active_ts_lock); +- list_add_tail(&ts->ts_list, &active_ts_list); +- iscsit_global->active_ts++; +- spin_unlock(&active_ts_lock); +-} +- + static void iscsi_add_ts_to_inactive_list(struct iscsi_thread_set *ts) + { ++ if (!list_empty(&ts->ts_list)) { ++ WARN_ON(1); ++ return; ++ } + spin_lock(&inactive_ts_lock); + list_add_tail(&ts->ts_list, &inactive_ts_list); + iscsit_global->inactive_ts++; + spin_unlock(&inactive_ts_lock); + } + +-static void iscsi_del_ts_from_active_list(struct iscsi_thread_set *ts) +-{ +- spin_lock(&active_ts_lock); +- list_del(&ts->ts_list); +- iscsit_global->active_ts--; +- spin_unlock(&active_ts_lock); +-} +- + static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void) + { + struct iscsi_thread_set *ts; +@@ -66,7 +52,7 @@ static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void) + + ts = list_first_entry(&inactive_ts_list, struct iscsi_thread_set, ts_list); + +- list_del(&ts->ts_list); ++ list_del_init(&ts->ts_list); + iscsit_global->inactive_ts--; + spin_unlock(&inactive_ts_lock); + +@@ -204,8 +190,6 @@ static void iscsi_deallocate_extra_thread_sets(void) + + void iscsi_activate_thread_set(struct iscsi_conn *conn, struct iscsi_thread_set *ts) + { +- iscsi_add_ts_to_active_list(ts); +- + spin_lock_bh(&ts->ts_state_lock); + conn->thread_set = ts; + ts->conn = conn; +@@ -397,7 +381,6 @@ struct iscsi_conn *iscsi_rx_thread_pre_handler(struct iscsi_thread_set *ts) + + if (ts->delay_inactive && (--ts->thread_count == 0)) { + spin_unlock_bh(&ts->ts_state_lock); +- iscsi_del_ts_from_active_list(ts); + + if (!iscsit_global->in_shutdown) + iscsi_deallocate_extra_thread_sets(); +@@ -452,7 +435,6 @@ struct iscsi_conn *iscsi_tx_thread_pre_handler(struct iscsi_thread_set *ts) + + if (ts->delay_inactive && (--ts->thread_count == 0)) { + spin_unlock_bh(&ts->ts_state_lock); +- iscsi_del_ts_from_active_list(ts); + + if (!iscsit_global->in_shutdown) + iscsi_deallocate_extra_thread_sets(); +diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c +index 25c9bc7..e49616e 100644 +--- a/drivers/tty/pty.c ++++ b/drivers/tty/pty.c +@@ -209,6 +209,9 @@ static int pty_signal(struct tty_struct *tty, int sig) + unsigned long flags; + struct pid *pgrp; + ++ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP) ++ return -EINVAL; ++ + if (tty->link) { + spin_lock_irqsave(&tty->link->ctrl_lock, flags); + pgrp = get_pid(tty->link->pgrp); +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c +index ce352b8..0d3e6cb 100644 +--- a/drivers/tty/serial/atmel_serial.c ++++ b/drivers/tty/serial/atmel_serial.c +@@ -2392,7 +2392,7 @@ static int atmel_serial_probe(struct platform_device *pdev) + + ret = atmel_init_port(port, pdev); + if (ret) +- goto err; ++ goto err_clear_bit; + + if (!atmel_use_pdc_rx(&port->uart)) { + ret = -ENOMEM; +@@ -2441,6 +2441,8 @@ err_alloc_ring: + clk_put(port->clk); + port->clk = NULL; + } ++err_clear_bit: ++ clear_bit(port->uart.line, atmel_ports_in_use); + err: + return ret; + } +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c +index 23b5d32..693091a 100644 +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -498,6 +498,7 @@ void invert_screen(struct vc_data *vc, int offset, int count, int viewed) + #endif + if (DO_UPDATE(vc)) + do_update_region(vc, (unsigned long) p, count); ++ notify_update(vc); + } + + /* used by selection: complement pointer position */ +@@ -514,6 +515,7 @@ void complement_pos(struct vc_data *vc, int offset) + scr_writew(old, screenpos(vc, old_offset, 1)); + if (DO_UPDATE(vc)) + vc->vc_sw->con_putc(vc, old, oldy, oldx); ++ notify_update(vc); + } + + old_offset = offset; +@@ -531,8 +533,8 @@ void complement_pos(struct vc_data *vc, int offset) + oldy = (offset >> 1) / vc->vc_cols; + vc->vc_sw->con_putc(vc, new, oldy, oldx); + } ++ notify_update(vc); + } +- + } + + static void insert_char(struct vc_data *vc, unsigned int nr) +diff --git a/drivers/usb/core/buffer.c b/drivers/usb/core/buffer.c +index 684ef70..506b969 100644 +--- a/drivers/usb/core/buffer.c ++++ b/drivers/usb/core/buffer.c +@@ -22,17 +22,25 @@ + */ + + /* FIXME tune these based on pool statistics ... */ +-static const size_t pool_max[HCD_BUFFER_POOLS] = { +- /* platforms without dma-friendly caches might need to +- * prevent cacheline sharing... +- */ +- 32, +- 128, +- 512, +- PAGE_SIZE / 2 +- /* bigger --> allocate pages */ ++static size_t pool_max[HCD_BUFFER_POOLS] = { ++ 32, 128, 512, 2048, + }; + ++void __init usb_init_pool_max(void) ++{ ++ /* ++ * The pool_max values must never be smaller than ++ * ARCH_KMALLOC_MINALIGN. ++ */ ++ if (ARCH_KMALLOC_MINALIGN <= 32) ++ ; /* Original value is okay */ ++ else if (ARCH_KMALLOC_MINALIGN <= 64) ++ pool_max[0] = 64; ++ else if (ARCH_KMALLOC_MINALIGN <= 128) ++ pool_max[0] = 0; /* Don't use this pool */ ++ else ++ BUILD_BUG(); /* We don't allow this */ ++} + + /* SETUP primitives */ + +diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c +index ef6ec13b..ee6c556 100644 +--- a/drivers/usb/core/hcd.c ++++ b/drivers/usb/core/hcd.c +@@ -1617,6 +1617,7 @@ static int unlink1(struct usb_hcd *hcd, struct urb *urb, int status) + int usb_hcd_unlink_urb (struct urb *urb, int status) + { + struct usb_hcd *hcd; ++ struct usb_device *udev = urb->dev; + int retval = -EIDRM; + unsigned long flags; + +@@ -1628,20 +1629,19 @@ int usb_hcd_unlink_urb (struct urb *urb, int status) + spin_lock_irqsave(&hcd_urb_unlink_lock, flags); + if (atomic_read(&urb->use_count) > 0) { + retval = 0; +- usb_get_dev(urb->dev); ++ usb_get_dev(udev); + } + spin_unlock_irqrestore(&hcd_urb_unlink_lock, flags); + if (retval == 0) { + hcd = bus_to_hcd(urb->dev->bus); + retval = unlink1(hcd, urb, status); +- usb_put_dev(urb->dev); ++ if (retval == 0) ++ retval = -EINPROGRESS; ++ else if (retval != -EIDRM && retval != -EBUSY) ++ dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n", ++ urb, retval); ++ usb_put_dev(udev); + } +- +- if (retval == 0) +- retval = -EINPROGRESS; +- else if (retval != -EIDRM && retval != -EBUSY) +- dev_dbg(&urb->dev->dev, "hcd_unlink_urb %p fail %d\n", +- urb, retval); + return retval; + } + +diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c +index 4d11449..a922730 100644 +--- a/drivers/usb/core/usb.c ++++ b/drivers/usb/core/usb.c +@@ -1050,6 +1050,7 @@ static int __init usb_init(void) + pr_info("%s: USB support disabled\n", usbcore_name); + return 0; + } ++ usb_init_pool_max(); + + retval = usb_debugfs_init(); + if (retval) +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index 9e8708c..a2d0409 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -56,6 +56,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */ + { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */ + { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */ ++ { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */ + { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */ + { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */ + { USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */ +diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c +index 602913d..edfd797 100644 +--- a/drivers/xen/manage.c ++++ b/drivers/xen/manage.c +@@ -113,10 +113,16 @@ static void do_suspend(void) + + err = freeze_processes(); + if (err) { +- pr_err("%s: freeze failed %d\n", __func__, err); ++ pr_err("%s: freeze processes failed %d\n", __func__, err); + goto out; + } + ++ err = freeze_kernel_threads(); ++ if (err) { ++ pr_err("%s: freeze kernel threads failed %d\n", __func__, err); ++ goto out_thaw; ++ } ++ + err = dpm_suspend_start(PMSG_FREEZE); + if (err) { + pr_err("%s: dpm_suspend_start %d\n", __func__, err); +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index 67be295..f4d7b2f 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -549,11 +549,12 @@ out: + + static unsigned long randomize_stack_top(unsigned long stack_top) + { +- unsigned int random_variable = 0; ++ unsigned long random_variable = 0; + + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) { +- random_variable = get_random_int() & STACK_RND_MASK; ++ random_variable = (unsigned long) get_random_int(); ++ random_variable &= STACK_RND_MASK; + random_variable <<= PAGE_SHIFT; + } + #ifdef CONFIG_STACK_GROWSUP +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c +index cbd3a7d..93de3ba 100644 +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -2655,32 +2655,23 @@ static int key_search(struct extent_buffer *b, struct btrfs_key *key, + return 0; + } + +-int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *found_path, ++int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *path, + u64 iobjectid, u64 ioff, u8 key_type, + struct btrfs_key *found_key) + { + int ret; + struct btrfs_key key; + struct extent_buffer *eb; +- struct btrfs_path *path; ++ ++ ASSERT(path); + + key.type = key_type; + key.objectid = iobjectid; + key.offset = ioff; + +- if (found_path == NULL) { +- path = btrfs_alloc_path(); +- if (!path) +- return -ENOMEM; +- } else +- path = found_path; +- + ret = btrfs_search_slot(NULL, fs_root, &key, path, 0, 0); +- if ((ret < 0) || (found_key == NULL)) { +- if (path != found_path) +- btrfs_free_path(path); ++ if ((ret < 0) || (found_key == NULL)) + return ret; +- } + + eb = path->nodes[0]; + if (ret && path->slots[0] >= btrfs_header_nritems(eb)) { +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 0db8ded..f48d5fc 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -1560,6 +1560,7 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, + bool check_ref) + { + struct btrfs_root *root; ++ struct btrfs_path *path; + int ret; + + if (location->objectid == BTRFS_ROOT_TREE_OBJECTID) +@@ -1599,8 +1600,14 @@ again: + if (ret) + goto fail; + +- ret = btrfs_find_item(fs_info->tree_root, NULL, BTRFS_ORPHAN_OBJECTID, ++ path = btrfs_alloc_path(); ++ if (!path) { ++ ret = -ENOMEM; ++ goto fail; ++ } ++ ret = btrfs_find_item(fs_info->tree_root, path, BTRFS_ORPHAN_OBJECTID, + location->objectid, BTRFS_ORPHAN_ITEM_KEY, NULL); ++ btrfs_free_path(path); + if (ret < 0) + goto fail; + if (ret == 0) +@@ -2411,7 +2418,7 @@ int open_ctree(struct super_block *sb, + features |= BTRFS_FEATURE_INCOMPAT_COMPRESS_LZO; + + if (features & BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA) +- printk(KERN_ERR "BTRFS: has skinny extents\n"); ++ printk(KERN_INFO "BTRFS: has skinny extents\n"); + + /* + * flag our filesystem as having big metadata blocks if +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c +index 39d83da..aeb57b98 100644 +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -1238,10 +1238,19 @@ static int insert_orphan_item(struct btrfs_trans_handle *trans, + struct btrfs_root *root, u64 offset) + { + int ret; +- ret = btrfs_find_item(root, NULL, BTRFS_ORPHAN_OBJECTID, ++ struct btrfs_path *path; ++ ++ path = btrfs_alloc_path(); ++ if (!path) ++ return -ENOMEM; ++ ++ ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID, + offset, BTRFS_ORPHAN_ITEM_KEY, NULL); + if (ret > 0) + ret = btrfs_insert_orphan_item(trans, root, offset); ++ ++ btrfs_free_path(path); ++ + return ret; + } + +diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c +index 7654e87..9ad5ba4 100644 +--- a/fs/jffs2/scan.c ++++ b/fs/jffs2/scan.c +@@ -510,6 +510,10 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo + sumlen = c->sector_size - je32_to_cpu(sm->offset); + sumptr = buf + buf_size - sumlen; + ++ /* sm->offset maybe wrong but MAGIC maybe right */ ++ if (sumlen > c->sector_size) ++ goto full_scan; ++ + /* Now, make sure the summary itself is available */ + if (sumlen > buf_size) { + /* Need to kmalloc for this. */ +@@ -544,6 +548,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo + } + } + ++full_scan: + buf_ofs = jeb->offset; + + if (!buf_size) { +diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c +index 073b4cf..0a2016b 100644 +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -128,22 +128,24 @@ nfs41_callback_svc(void *vrqstp) + if (try_to_freeze()) + continue; + +- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); ++ prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE); + spin_lock_bh(&serv->sv_cb_lock); + if (!list_empty(&serv->sv_cb_list)) { + req = list_first_entry(&serv->sv_cb_list, + struct rpc_rqst, rq_bc_list); + list_del(&req->rq_bc_list); + spin_unlock_bh(&serv->sv_cb_lock); ++ finish_wait(&serv->sv_cb_waitq, &wq); + dprintk("Invoking bc_svc_process()\n"); + error = bc_svc_process(serv, req, rqstp); + dprintk("bc_svc_process() returned w/ error code= %d\n", + error); + } else { + spin_unlock_bh(&serv->sv_cb_lock); +- schedule(); ++ /* schedule_timeout to game the hung task watchdog */ ++ schedule_timeout(60 * HZ); ++ finish_wait(&serv->sv_cb_waitq, &wq); + } +- finish_wait(&serv->sv_cb_waitq, &wq); + } + return 0; + } +diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c +index f4ccfe6..02f8d09 100644 +--- a/fs/nfs/callback_xdr.c ++++ b/fs/nfs/callback_xdr.c +@@ -464,8 +464,10 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp, + + for (i = 0; i < args->csa_nrclists; i++) { + status = decode_rc_list(xdr, &args->csa_rclists[i]); +- if (status) ++ if (status) { ++ args->csa_nrclists = i; + goto out_free; ++ } + } + } + status = 0; +diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c +index 3314911..645f180 100644 +--- a/fs/xfs/xfs_buf_item.c ++++ b/fs/xfs/xfs_buf_item.c +@@ -319,6 +319,10 @@ xfs_buf_item_format( + ASSERT(atomic_read(&bip->bli_refcount) > 0); + ASSERT((bip->bli_flags & XFS_BLI_LOGGED) || + (bip->bli_flags & XFS_BLI_STALE)); ++ ASSERT((bip->bli_flags & XFS_BLI_STALE) || ++ (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF ++ && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF)); ++ + + /* + * If it is an inode buffer, transfer the in-memory state to the +diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c +index 3a137e9..5d90b8d 100644 +--- a/fs/xfs/xfs_inode.c ++++ b/fs/xfs/xfs_inode.c +@@ -1946,6 +1946,7 @@ xfs_iunlink( + agi->agi_unlinked[bucket_index] = cpu_to_be32(agino); + offset = offsetof(xfs_agi_t, agi_unlinked) + + (sizeof(xfs_agino_t) * bucket_index); ++ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF); + xfs_trans_log_buf(tp, agibp, offset, + (offset + sizeof(xfs_agino_t) - 1)); + return 0; +@@ -2037,6 +2038,7 @@ xfs_iunlink_remove( + agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino); + offset = offsetof(xfs_agi_t, agi_unlinked) + + (sizeof(xfs_agino_t) * bucket_index); ++ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF); + xfs_trans_log_buf(tp, agibp, offset, + (offset + sizeof(xfs_agino_t) - 1)); + } else { +diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c +index 6d7d1de..1b271f5 100644 +--- a/fs/xfs/xfs_qm.c ++++ b/fs/xfs/xfs_qm.c +@@ -1108,6 +1108,11 @@ xfs_qm_reset_dqcounts( + */ + xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR, + "xfs_quotacheck"); ++ /* ++ * Reset type in case we are reusing group quota file for ++ * project quotas or vice versa ++ */ ++ ddq->d_flags = type; + ddq->d_bcount = 0; + ddq->d_icount = 0; + ddq->d_rtbcount = 0; +diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c +index c812c5c..b626f3d 100644 +--- a/fs/xfs/xfs_trans.c ++++ b/fs/xfs/xfs_trans.c +@@ -474,6 +474,7 @@ xfs_trans_apply_sb_deltas( + whole = 1; + } + ++ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF); + if (whole) + /* + * Log the whole thing, the fields are noncontiguous. +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index 1c804b0..7ee1774 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -101,8 +101,10 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, + new_dir_mask |= FS_ISDIR; + } + +- fsnotify(old_dir, old_dir_mask, old_dir, FSNOTIFY_EVENT_INODE, old_name, fs_cookie); +- fsnotify(new_dir, new_dir_mask, new_dir, FSNOTIFY_EVENT_INODE, new_name, fs_cookie); ++ fsnotify(old_dir, old_dir_mask, source, FSNOTIFY_EVENT_INODE, old_name, ++ fs_cookie); ++ fsnotify(new_dir, new_dir_mask, source, FSNOTIFY_EVENT_INODE, new_name, ++ fs_cookie); + + if (target) + fsnotify_link_count(target); +diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h +index efe8d8a..e34bce3 100644 +--- a/include/linux/usb/hcd.h ++++ b/include/linux/usb/hcd.h +@@ -447,6 +447,7 @@ extern const struct dev_pm_ops usb_hcd_pci_pm_ops; + #endif /* CONFIG_PCI */ + + /* pci-ish (pdev null is ok) buffer alloc/mapping support */ ++void usb_init_pool_max(void); + int hcd_buffer_create(struct usb_hcd *hcd); + void hcd_buffer_destroy(struct usb_hcd *hcd); + +diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c +index 0b097c8..449518e 100644 +--- a/kernel/debug/kdb/kdb_main.c ++++ b/kernel/debug/kdb/kdb_main.c +@@ -2535,7 +2535,7 @@ static int kdb_summary(int argc, const char **argv) + #define K(x) ((x) << (PAGE_SHIFT - 10)) + kdb_printf("\nMemTotal: %8lu kB\nMemFree: %8lu kB\n" + "Buffers: %8lu kB\n", +- val.totalram, val.freeram, val.bufferram); ++ K(val.totalram), K(val.freeram), K(val.bufferram)); + return 0; + } + +diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c +index 28db9be..6211d5d 100644 +--- a/kernel/time/ntp.c ++++ b/kernel/time/ntp.c +@@ -631,10 +631,14 @@ int ntp_validate_timex(struct timex *txc) + if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) + return -EPERM; + +- if (txc->modes & ADJ_FREQUENCY) { +- if (LONG_MIN / PPM_SCALE > txc->freq) ++ /* ++ * Check for potential multiplication overflows that can ++ * only happen on 64-bit systems: ++ */ ++ if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) { ++ if (LLONG_MIN / PPM_SCALE > txc->freq) + return -EINVAL; +- if (LONG_MAX / PPM_SCALE < txc->freq) ++ if (LLONG_MAX / PPM_SCALE < txc->freq) + return -EINVAL; + } + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 7113672..813b021 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -4694,7 +4694,7 @@ tracing_mark_write(struct file *filp, const char __user *ubuf, + *fpos += written; + + out_unlock: +- for (i = 0; i < nr_pages; i++){ ++ for (i = nr_pages - 1; i >= 0; i--) { + kunmap_atomic(map_page[i]); + put_page(pages[i]); + } +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index 67d0c17..472259b 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -3456,6 +3456,8 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address, + { + struct page *page; + ++ if (!pmd_present(*pmd)) ++ return NULL; + page = pte_page(*(pte_t *)pmd); + if (page) + page += ((address & ~PMD_MASK) >> PAGE_SHIFT); +diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c +index 0676f2b..45f077c 100644 +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -977,12 +977,24 @@ static void put_osd(struct ceph_osd *osd) + */ + static void __remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) + { +- dout("__remove_osd %p\n", osd); +- BUG_ON(!list_empty(&osd->o_requests)); +- rb_erase(&osd->o_node, &osdc->osds); ++ dout("%s %p osd%d\n", __func__, osd, osd->o_osd); ++ WARN_ON(!list_empty(&osd->o_requests)); ++ WARN_ON(!list_empty(&osd->o_linger_requests)); ++ + list_del_init(&osd->o_osd_lru); +- ceph_con_close(&osd->o_con); +- put_osd(osd); ++ rb_erase(&osd->o_node, &osdc->osds); ++ RB_CLEAR_NODE(&osd->o_node); ++} ++ ++static void remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) ++{ ++ dout("%s %p osd%d\n", __func__, osd, osd->o_osd); ++ ++ if (!RB_EMPTY_NODE(&osd->o_node)) { ++ ceph_con_close(&osd->o_con); ++ __remove_osd(osdc, osd); ++ put_osd(osd); ++ } + } + + static void remove_all_osds(struct ceph_osd_client *osdc) +@@ -992,7 +1004,7 @@ static void remove_all_osds(struct ceph_osd_client *osdc) + while (!RB_EMPTY_ROOT(&osdc->osds)) { + struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds), + struct ceph_osd, o_node); +- __remove_osd(osdc, osd); ++ remove_osd(osdc, osd); + } + mutex_unlock(&osdc->request_mutex); + } +@@ -1022,7 +1034,7 @@ static void remove_old_osds(struct ceph_osd_client *osdc) + list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) { + if (time_before(jiffies, osd->lru_ttl)) + break; +- __remove_osd(osdc, osd); ++ remove_osd(osdc, osd); + } + mutex_unlock(&osdc->request_mutex); + } +@@ -1037,8 +1049,7 @@ static int __reset_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) + dout("__reset_osd %p osd%d\n", osd, osd->o_osd); + if (list_empty(&osd->o_requests) && + list_empty(&osd->o_linger_requests)) { +- __remove_osd(osdc, osd); +- ++ remove_osd(osdc, osd); + return -ENODEV; + } + +@@ -1840,6 +1851,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc) + { + struct rb_node *p, *n; + ++ dout("%s %p\n", __func__, osdc); + for (p = rb_first(&osdc->osds); p; p = n) { + struct ceph_osd *osd = rb_entry(p, struct ceph_osd, o_node); + +diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c +index 56cc891..d99c8d3 100644 +--- a/sound/pci/riptide/riptide.c ++++ b/sound/pci/riptide/riptide.c +@@ -2032,32 +2032,43 @@ snd_riptide_joystick_probe(struct pci_dev *pci, const struct pci_device_id *id) + { + static int dev; + struct gameport *gameport; ++ int ret; + + if (dev >= SNDRV_CARDS) + return -ENODEV; ++ + if (!enable[dev]) { +- dev++; +- return -ENOENT; ++ ret = -ENOENT; ++ goto inc_dev; + } + +- if (!joystick_port[dev++]) +- return 0; ++ if (!joystick_port[dev]) { ++ ret = 0; ++ goto inc_dev; ++ } + + gameport = gameport_allocate_port(); +- if (!gameport) +- return -ENOMEM; ++ if (!gameport) { ++ ret = -ENOMEM; ++ goto inc_dev; ++ } + if (!request_region(joystick_port[dev], 8, "Riptide gameport")) { + snd_printk(KERN_WARNING + "Riptide: cannot grab gameport 0x%x\n", + joystick_port[dev]); + gameport_free_port(gameport); +- return -EBUSY; ++ ret = -EBUSY; ++ goto inc_dev; + } + + gameport->io = joystick_port[dev]; + gameport_register_port(gameport); + pci_set_drvdata(pci, gameport); +- return 0; ++ ++ ret = 0; ++inc_dev: ++ dev++; ++ return ret; + } + + static void snd_riptide_joystick_remove(struct pci_dev *pci) +diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c +index e98dc00..2116750 100644 +--- a/sound/pci/rme9652/hdspm.c ++++ b/sound/pci/rme9652/hdspm.c +@@ -6102,6 +6102,9 @@ static int snd_hdspm_playback_open(struct snd_pcm_substream *substream) + snd_pcm_hw_constraint_minmax(runtime, + SNDRV_PCM_HW_PARAM_PERIOD_SIZE, + 64, 8192); ++ snd_pcm_hw_constraint_minmax(runtime, ++ SNDRV_PCM_HW_PARAM_PERIODS, ++ 2, 2); + break; + } + +@@ -6176,6 +6179,9 @@ static int snd_hdspm_capture_open(struct snd_pcm_substream *substream) + snd_pcm_hw_constraint_minmax(runtime, + SNDRV_PCM_HW_PARAM_PERIOD_SIZE, + 64, 8192); ++ snd_pcm_hw_constraint_minmax(runtime, ++ SNDRV_PCM_HW_PARAM_PERIODS, ++ 2, 2); + break; + } + diff --git a/3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch b/3.14.35/4420_grsecurity-3.1-3.14.35-201503071140.patch index 40b1302..4cf9495 100644 --- a/3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch +++ b/3.14.35/4420_grsecurity-3.1-3.14.35-201503071140.patch @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5443481..47e9927 100644 +index 9720e86..98643f8 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1637,7 +1637,7 @@ index df2fbba..63fe3e1 100644 #include <asm-generic/cmpxchg-local.h> diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h -index 6ddbe44..b5e38b1 100644 +index 6ddbe44..b5e38b1a 100644 --- a/arch/arm/include/asm/domain.h +++ b/arch/arm/include/asm/domain.h @@ -48,18 +48,37 @@ @@ -5565,7 +5565,7 @@ index 25c3502..560dae7 100644 down_write(¤t->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h -index 40b3ee9..8c2c112 100644 +index 40b3ee98..8c2c112 100644 --- a/arch/m32r/include/asm/cache.h +++ b/arch/m32r/include/asm/cache.h @@ -1,8 +1,10 @@ @@ -7197,10 +7197,10 @@ index 81e6ae0..6ab6e79 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c -index 3e0ff8d..9eafbf0b 100644 +index 897c605..c421760 100644 --- a/arch/mips/kvm/kvm_mips.c +++ b/arch/mips/kvm/kvm_mips.c -@@ -832,7 +832,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) +@@ -835,7 +835,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) return r; } @@ -8571,10 +8571,22 @@ index 9485b43..3bd3c16 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile -index fcc9a89..07be2bb 100644 +index fcc9a89..10f8e7e 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile -@@ -26,6 +26,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog +@@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC + CFLAGS_btext.o += -fPIC + endif + ++CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++ + ifdef CONFIG_FUNCTION_TRACER + # Do not trace early boot code + CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog +@@ -26,6 +31,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog endif @@ -23076,7 +23088,7 @@ index c5a9cb9..b6a5426 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 02553d6..81f4dc7 100644 +index 02553d6..ff1450f4 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -60,6 +60,8 @@ @@ -23746,7 +23758,7 @@ index 02553d6..81f4dc7 100644 .popsection /* -@@ -539,7 +1008,7 @@ ENTRY(ret_from_fork) +@@ -539,25 +1008,26 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23754,9 +23766,19 @@ index 02553d6..81f4dc7 100644 + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? jz 1f - testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -549,15 +1018,13 @@ ENTRY(ret_from_fork) - jmp ret_from_sys_call # go to the SYSRET fastpath +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call 1: - subq $REST_SKIP, %rsp # leave space for volatiles @@ -23772,7 +23794,7 @@ index 02553d6..81f4dc7 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -594,7 +1061,7 @@ END(ret_from_fork) +@@ -594,7 +1064,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23781,7 +23803,7 @@ index 02553d6..81f4dc7 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -607,16 +1074,23 @@ GLOBAL(system_call_after_swapgs) +@@ -607,16 +1077,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23807,7 +23829,7 @@ index 02553d6..81f4dc7 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,10 +1114,13 @@ sysret_check: +@@ -640,10 +1117,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23822,7 +23844,7 @@ index 02553d6..81f4dc7 100644 /* * sysretq will re-enable interrupts: */ -@@ -702,6 +1179,9 @@ auditsys: +@@ -702,6 +1182,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -23832,7 +23854,7 @@ index 02553d6..81f4dc7 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -723,7 +1203,7 @@ sysret_audit: +@@ -723,7 +1206,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -23841,7 +23863,7 @@ index 02553d6..81f4dc7 100644 jz auditsys #endif SAVE_REST -@@ -731,12 +1211,15 @@ tracesys: +@@ -731,12 +1214,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -23858,7 +23880,7 @@ index 02553d6..81f4dc7 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -766,7 +1249,9 @@ GLOBAL(int_with_check) +@@ -766,7 +1252,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23869,7 +23891,7 @@ index 02553d6..81f4dc7 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -812,7 +1297,7 @@ int_restore_rest: +@@ -812,7 +1300,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23878,7 +23900,7 @@ index 02553d6..81f4dc7 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -825,9 +1310,10 @@ ENTRY(stub_\func) +@@ -825,9 +1313,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23891,7 +23913,7 @@ index 02553d6..81f4dc7 100644 .endm .macro FIXED_FRAME label,func -@@ -837,9 +1323,10 @@ ENTRY(\label) +@@ -837,9 +1326,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23903,7 +23925,7 @@ index 02553d6..81f4dc7 100644 .endm FORK_LIKE clone -@@ -847,19 +1334,6 @@ END(\label) +@@ -847,19 +1337,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23923,7 +23945,7 @@ index 02553d6..81f4dc7 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -871,7 +1345,7 @@ ENTRY(stub_execve) +@@ -871,7 +1348,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23932,7 +23954,7 @@ index 02553d6..81f4dc7 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -888,7 +1362,7 @@ ENTRY(stub_rt_sigreturn) +@@ -888,7 +1365,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23941,7 +23963,7 @@ index 02553d6..81f4dc7 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -902,7 +1376,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -902,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23950,7 +23972,7 @@ index 02553d6..81f4dc7 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -916,7 +1390,7 @@ ENTRY(stub_x32_execve) +@@ -916,7 +1393,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23959,7 +23981,7 @@ index 02553d6..81f4dc7 100644 #endif -@@ -953,7 +1427,7 @@ vector=vector+1 +@@ -953,7 +1430,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23968,7 +23990,7 @@ index 02553d6..81f4dc7 100644 .previous END(interrupt) -@@ -970,8 +1444,8 @@ END(interrupt) +@@ -970,8 +1447,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -23979,7 +24001,7 @@ index 02553d6..81f4dc7 100644 SAVE_ARGS_IRQ call \func .endm -@@ -998,14 +1472,14 @@ ret_from_intr: +@@ -998,14 +1475,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -23998,7 +24020,7 @@ index 02553d6..81f4dc7 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1027,12 +1501,35 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1504,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24034,7 +24056,7 @@ index 02553d6..81f4dc7 100644 /* * The iretq could re-enable interrupts: */ -@@ -1070,15 +1567,15 @@ native_irq_return_ldt: +@@ -1070,15 +1570,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -24055,7 +24077,7 @@ index 02553d6..81f4dc7 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -1132,7 +1629,7 @@ ENTRY(retint_kernel) +@@ -1132,7 +1632,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -24064,7 +24086,7 @@ index 02553d6..81f4dc7 100644 /* * End of kprobes section -@@ -1151,7 +1648,7 @@ ENTRY(\sym) +@@ -1151,7 +1651,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24073,7 +24095,7 @@ index 02553d6..81f4dc7 100644 .endm #ifdef CONFIG_TRACING -@@ -1239,7 +1736,7 @@ ENTRY(\sym) +@@ -1239,7 +1739,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24082,7 +24104,7 @@ index 02553d6..81f4dc7 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1257,10 +1754,10 @@ ENTRY(\sym) +@@ -1257,10 +1757,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24095,7 +24117,7 @@ index 02553d6..81f4dc7 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1273,12 +1770,18 @@ ENTRY(\sym) +@@ -1273,12 +1773,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24115,7 +24137,7 @@ index 02553d6..81f4dc7 100644 .endm .macro errorentry sym do_sym -@@ -1296,7 +1799,7 @@ ENTRY(\sym) +@@ -1296,7 +1802,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24124,7 +24146,7 @@ index 02553d6..81f4dc7 100644 .endm #ifdef CONFIG_TRACING -@@ -1327,7 +1830,7 @@ ENTRY(\sym) +@@ -1327,7 +1833,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24133,7 +24155,7 @@ index 02553d6..81f4dc7 100644 .endm zeroentry divide_error do_divide_error -@@ -1357,9 +1860,10 @@ gs_change: +@@ -1357,9 +1863,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24145,7 +24167,7 @@ index 02553d6..81f4dc7 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1387,9 +1891,10 @@ ENTRY(do_softirq_own_stack) +@@ -1387,9 +1894,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24157,7 +24179,7 @@ index 02553d6..81f4dc7 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1427,7 +1932,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1427,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24166,7 +24188,7 @@ index 02553d6..81f4dc7 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1486,7 +1991,7 @@ ENTRY(xen_failsafe_callback) +@@ -1486,7 +1994,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24175,7 +24197,7 @@ index 02553d6..81f4dc7 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1538,18 +2043,33 @@ ENTRY(paranoid_exit) +@@ -1538,18 +2046,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24211,7 +24233,7 @@ index 02553d6..81f4dc7 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1578,7 +2098,7 @@ paranoid_schedule: +@@ -1578,7 +2101,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24220,7 +24242,7 @@ index 02553d6..81f4dc7 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1605,12 +2125,23 @@ ENTRY(error_entry) +@@ -1605,12 +2128,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24245,7 +24267,7 @@ index 02553d6..81f4dc7 100644 ret /* -@@ -1644,7 +2175,7 @@ error_bad_iret: +@@ -1644,7 +2178,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -24254,7 +24276,7 @@ index 02553d6..81f4dc7 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1655,7 +2186,7 @@ ENTRY(error_exit) +@@ -1655,7 +2189,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24263,7 +24285,7 @@ index 02553d6..81f4dc7 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1664,7 +2195,7 @@ ENTRY(error_exit) +@@ -1664,7 +2198,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24272,7 +24294,7 @@ index 02553d6..81f4dc7 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1722,9 +2253,11 @@ ENTRY(nmi) +@@ -1722,9 +2256,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24285,7 +24307,7 @@ index 02553d6..81f4dc7 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1758,8 +2291,7 @@ nested_nmi: +@@ -1758,8 +2294,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24295,7 +24317,7 @@ index 02553d6..81f4dc7 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1777,6 +2309,7 @@ nested_nmi_out: +@@ -1777,6 +2312,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24303,7 +24325,7 @@ index 02553d6..81f4dc7 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1873,13 +2406,13 @@ end_repeat_nmi: +@@ -1873,13 +2409,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24319,7 +24341,7 @@ index 02553d6..81f4dc7 100644 DEFAULT_FRAME 0 /* -@@ -1889,9 +2422,9 @@ end_repeat_nmi: +@@ -1889,9 +2425,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24331,7 +24353,7 @@ index 02553d6..81f4dc7 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1900,31 +2433,36 @@ end_repeat_nmi: +@@ -1900,31 +2436,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28990,7 +29012,7 @@ index 80c22a3..ec2028e 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index fab97ad..bb69607 100644 +index 1777f89..3f70a2c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -688,6 +688,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); @@ -29002,7 +29024,7 @@ index fab97ad..bb69607 100644 if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) { kvm_mmu_sync_roots(vcpu); kvm_mmu_flush_tlb(vcpu); -@@ -1806,8 +1808,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1807,8 +1809,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -29013,7 +29035,7 @@ index fab97ad..bb69607 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2718,6 +2720,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2719,6 +2721,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -29022,7 +29044,7 @@ index fab97ad..bb69607 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5532,7 +5536,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5533,7 +5537,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -32640,7 +32662,7 @@ index a10c8c7..35a5abb 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index 207d9aef..69030980 100644 +index 448ee89..88fe381 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c @@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, @@ -32680,10 +32702,10 @@ index 4500142..53a363c 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8b977eb..4732c33 100644 +index 006cc91..bf05a83 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -80,23 +80,24 @@ int pud_huge(pud_t pud) +@@ -86,23 +86,24 @@ int pud_huge(pud_t pud) #ifdef CONFIG_HUGETLB_PAGE static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, unsigned long addr, unsigned long len, @@ -32711,7 +32733,7 @@ index 8b977eb..4732c33 100644 { struct hstate *h = hstate_file(file); struct vm_unmapped_area_info info; -@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -114,6 +115,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, info.high_limit = current->mm->mmap_base; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -32719,7 +32741,7 @@ index 8b977eb..4732c33 100644 addr = vm_unmapped_area(&info); /* -@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -126,6 +128,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -32732,7 +32754,7 @@ index 8b977eb..4732c33 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -140,10 +148,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -32754,7 +32776,7 @@ index 8b977eb..4732c33 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -152,19 +170,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -33487,10 +33509,10 @@ index d87dd6d..bf3fa66 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 25e7e13..1964579 100644 +index 3601ff2..b5ba6f7 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c -@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) +@@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void) * Leave an at least ~128 MB hole with possible stack randomization. */ #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) @@ -39955,7 +39977,7 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 4854f81..d9178cb 100644 +index ef3b8ad..728edfa 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -1985,7 +1985,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) @@ -45417,10 +45439,10 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 55de4f6..b1c57fe 100644 +index b96ee9d..1d38b21 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1936,7 +1936,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1937,7 +1937,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -45429,7 +45451,7 @@ index 55de4f6..b1c57fe 100644 } sectors -= s; sect += s; -@@ -2170,7 +2170,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2171,7 +2171,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, !test_bit(Faulty, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -45502,7 +45524,7 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 175584a..1561092 100644 +index 3545faf..2977207 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1711,6 +1711,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -48363,7 +48385,7 @@ index fbf7dcd..ad71499 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 07c942b..bce8b8a 100644 +index 07c942b..747b848 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) @@ -48375,7 +48397,33 @@ index 07c942b..bce8b8a 100644 .kind = "macvtap", .setup = macvtap_setup, .newlink = macvtap_newlink, -@@ -1023,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, + } /* else everything is zero */ + } + ++/* Neighbour code has some assumptions on HH_DATA_MOD alignment */ ++#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN) ++ + /* Get packet from user space buffer */ + static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + const struct iovec *iv, unsigned long total_len, + size_t count, int noblock) + { +- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN); ++ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE); + struct sk_buff *skb; + struct macvlan_dev *vlan; + unsigned long len = total_len; +@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + linear = vnet_hdr.hdr_len; + } + +- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen, ++ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen, + linear, noblock, &err); + if (!skb) + goto err; +@@ -1023,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -48384,7 +48432,7 @@ index 07c942b..bce8b8a 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1193,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1193,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -53158,10 +53206,10 @@ index 850e232..59a0ccd 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 25c9bc7..24077b7 100644 +index e49616e..d23c58d 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -790,8 +790,10 @@ static void __init unix98_pty_init(void) +@@ -793,8 +793,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -54276,7 +54324,7 @@ index 9ca7716..a2ccc2e 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index ef6ec13b..5c6e68e 100644 +index ee6c556..001eb9e 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -54365,7 +54413,7 @@ index 1236c60..d47a51c 100644 static DEVICE_ATTR_RO(urbnum); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index 4d11449..f4ccabf 100644 +index a922730..4ae8e1c 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -433,7 +433,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, @@ -58501,7 +58549,7 @@ index ca0ba15..0fa3257 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 67be295..83e2f86 100644 +index f4d7b2f..97fd3fc 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -59018,7 +59066,7 @@ index 67be295..83e2f86 100644 * libraries. There is no binary dependent code anywhere else. @@ -551,6 +912,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { - unsigned int random_variable = 0; + unsigned long random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK + if (current->mm->pax_flags & MF_PAX_RANDMMAP) @@ -59027,8 +59075,8 @@ index 67be295..83e2f86 100644 + if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { - random_variable = get_random_int() & STACK_RND_MASK; -@@ -569,7 +935,7 @@ static int load_elf_binary(struct linux_binprm *bprm) + random_variable = (unsigned long) get_random_int(); +@@ -570,7 +936,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -59037,7 +59085,7 @@ index 67be295..83e2f86 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -579,12 +945,12 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -580,12 +946,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -59051,7 +59099,7 @@ index 67be295..83e2f86 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -720,11 +1086,82 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -721,11 +1087,82 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -59135,7 +59183,7 @@ index 67be295..83e2f86 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -814,6 +1251,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -815,6 +1252,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -59156,7 +59204,7 @@ index 67be295..83e2f86 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -846,9 +1297,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -847,9 +1298,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -59169,7 +59217,7 @@ index 67be295..83e2f86 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -887,17 +1338,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -888,17 +1339,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -59221,7 +59269,7 @@ index 67be295..83e2f86 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1119,7 +1598,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1120,7 +1599,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -59230,7 +59278,7 @@ index 67be295..83e2f86 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1157,7 +1636,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1158,7 +1637,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -59239,7 +59287,7 @@ index 67be295..83e2f86 100644 goto whole; /* -@@ -1364,9 +1843,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1365,9 +1844,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -59251,7 +59299,7 @@ index 67be295..83e2f86 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1375,7 +1854,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1376,7 +1855,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -59260,7 +59308,7 @@ index 67be295..83e2f86 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -1999,14 +2478,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2000,14 +2479,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -59277,7 +59325,7 @@ index 67be295..83e2f86 100644 return size; } -@@ -2097,7 +2576,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2098,7 +2577,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -59286,7 +59334,7 @@ index 67be295..83e2f86 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2125,7 +2604,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2126,7 +2605,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -59295,7 +59343,7 @@ index 67be295..83e2f86 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2158,7 +2637,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2159,7 +2638,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -59304,7 +59352,7 @@ index 67be295..83e2f86 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2199,6 +2678,167 @@ out: +@@ -2200,6 +2679,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -59517,7 +59565,7 @@ index 1e86823..8e34695 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index cbd3a7d6f..c6a2881 100644 +index 93de3ba..0e1cf23 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -65018,7 +65066,7 @@ index 039f380..4239636 100644 get_mnt_ns(mnt_ns); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c -index f4ccfe6..a5cf064 100644 +index 02f8d09..a5c25d1 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -51,7 +51,7 @@ struct callback_op { @@ -82305,10 +82353,10 @@ index 115bb81..e7b812b 100644 /* * fscache cached network filesystem type diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index 1c804b0..1432c2b 100644 +index 7ee1774..72505b8 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h -@@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file) +@@ -197,6 +197,9 @@ static inline void fsnotify_access(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_ACCESS; @@ -82318,7 +82366,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -213,6 +216,9 @@ static inline void fsnotify_modify(struct file *file) +@@ -215,6 +218,9 @@ static inline void fsnotify_modify(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_MODIFY; @@ -82328,7 +82376,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -315,7 +321,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) +@@ -317,7 +323,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) */ static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name) { @@ -83974,6 +84022,41 @@ index 35e7eca..6afb7ad 100644 extern struct ipc_namespace init_ipc_ns; extern atomic_t nr_ipc_ns; +diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h +index 2faef33..33dc081 100644 +--- a/include/linux/ipv6.h ++++ b/include/linux/ipv6.h +@@ -193,7 +193,7 @@ struct ipv6_pinfo { + sndflow:1, + repflow:1, + pmtudisc:3, +- ipv6only:1, ++ padding:1, /* 1 bit hole */ + srcprefs:3, /* 001: prefer temporary address + * 010: prefer public address + * 100: prefer care-of address +@@ -282,8 +282,8 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to, + __inet_sk_copy_descendant(sk_to, sk_from, ancestor_size); + } + +-#define __ipv6_only_sock(sk) (inet6_sk(sk)->ipv6only) +-#define ipv6_only_sock(sk) ((sk)->sk_family == PF_INET6 && __ipv6_only_sock(sk)) ++#define __ipv6_only_sock(sk) (sk->sk_ipv6only) ++#define ipv6_only_sock(sk) (__ipv6_only_sock(sk)) + #define ipv6_sk_rxinfo(sk) ((sk)->sk_family == PF_INET6 && \ + inet6_sk(sk)->rxopt.bits.rxinfo) + +@@ -296,8 +296,8 @@ static inline const struct in6_addr *inet6_rcv_saddr(const struct sock *sk) + + static inline int inet_v6_ipv6only(const struct sock *sk) + { +- return likely(sk->sk_state != TCP_TIME_WAIT) ? +- ipv6_only_sock(sk) : inet_twsk(sk)->tw_ipv6only; ++ /* ipv6only field is at same position for timewait and other sockets */ ++ return ipv6_only_sock(sk); + } + #else + #define __ipv6_only_sock(sk) 0 diff --git a/include/linux/irq.h b/include/linux/irq.h index ef1ac9f..e1db06c 100644 --- a/include/linux/irq.h @@ -87393,6 +87476,27 @@ index cf92728..9236ee6 100644 /** inet_connection_sock - INET connection oriented sock * +diff --git a/include/net/inet_timewait_sock.h b/include/net/inet_timewait_sock.h +index 61474ea..6c56603 100644 +--- a/include/net/inet_timewait_sock.h ++++ b/include/net/inet_timewait_sock.h +@@ -108,6 +108,7 @@ struct inet_timewait_sock { + #define tw_family __tw_common.skc_family + #define tw_state __tw_common.skc_state + #define tw_reuse __tw_common.skc_reuse ++#define tw_ipv6only __tw_common.skc_ipv6only + #define tw_bound_dev_if __tw_common.skc_bound_dev_if + #define tw_node __tw_common.skc_nulls_node + #define tw_bind_node __tw_common.skc_bind_node +@@ -131,7 +132,7 @@ struct inet_timewait_sock { + __be16 tw_sport; + kmemcheck_bitfield_begin(flags); + /* And these are ours. */ +- unsigned int tw_ipv6only : 1, ++ unsigned int tw_pad0 : 1, /* 1 bit hole */ + tw_transparent : 1, + tw_flowlabel : 20, + tw_pad : 2, /* 2 bits hole */ diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 823ec7b..44c938c 100644 --- a/include/net/inetpeer.h @@ -87878,10 +87982,28 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index f66b2b1..5233aa0 100644 +index f66b2b1..b05a13e 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -348,7 +348,7 @@ struct sock { +@@ -181,7 +181,8 @@ struct sock_common { + unsigned short skc_family; + volatile unsigned char skc_state; + unsigned char skc_reuse:4; +- unsigned char skc_reuseport:4; ++ unsigned char skc_reuseport:1; ++ unsigned char skc_ipv6only:1; + int skc_bound_dev_if; + union { + struct hlist_node skc_bind_node; +@@ -316,6 +317,7 @@ struct sock { + #define sk_state __sk_common.skc_state + #define sk_reuse __sk_common.skc_reuse + #define sk_reuseport __sk_common.skc_reuseport ++#define sk_ipv6only __sk_common.skc_ipv6only + #define sk_bound_dev_if __sk_common.skc_bound_dev_if + #define sk_bind_node __sk_common.skc_bind_node + #define sk_prot __sk_common.skc_prot +@@ -348,7 +350,7 @@ struct sock { unsigned int sk_napi_id; unsigned int sk_ll_usec; #endif @@ -87890,7 +88012,7 @@ index f66b2b1..5233aa0 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1035,7 +1035,7 @@ struct proto { +@@ -1035,7 +1037,7 @@ struct proto { void (*destroy_cgroup)(struct mem_cgroup *memcg); struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); #endif @@ -87899,7 +88021,7 @@ index f66b2b1..5233aa0 100644 /* * Bits in struct cg_proto.flags -@@ -1222,7 +1222,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) +@@ -1222,7 +1224,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -87908,7 +88030,7 @@ index f66b2b1..5233aa0 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1367,7 +1367,7 @@ struct sock_iocb { +@@ -1367,7 +1369,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -87917,7 +88039,7 @@ index f66b2b1..5233aa0 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1829,7 +1829,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1829,7 +1831,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -87926,7 +88048,7 @@ index f66b2b1..5233aa0 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2091,7 +2091,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2091,7 +2093,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -89951,7 +90073,7 @@ index 8865cae..3530a18 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 0b097c8..11dd5c5 100644 +index 449518e..2658dd6 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1977,7 +1977,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -90221,10 +90343,17 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index e2c6853..9a6397e 100644 +index e2c6853..d5a5c13 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -182,6 +182,48 @@ void thread_info_cache_init(void) +@@ -176,12 +176,54 @@ static void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, 0, NULL); ++ THREAD_SIZE, SLAB_USERCOPY, NULL); + BUG_ON(thread_info_cache == NULL); + } # endif #endif @@ -95253,7 +95382,7 @@ index 774a080..7fa60b1 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 7113672..e8a9c80 100644 +index 813b021..cdd1400 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3412,7 +3412,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -96595,7 +96724,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 67d0c17..b22c193 100644 +index 472259b..7a58e99 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -102157,6 +102286,19 @@ index f9c0980a..fcbbfeb 100644 tty_port_close(&dev->port, tty, filp); } +diff --git a/net/bridge/br.c b/net/bridge/br.c +index 19311aa..339d794 100644 +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -49,6 +49,8 @@ static int __init br_init(void) + { + int err; + ++ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb)); ++ + err = stp_proto_register(&br_stp_proto); + if (err < 0) { + pr_err("bridge: can't register sap for STP\n"); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index e8844d9..df3afa0 100644 --- a/net/bridge/br_netlink.c @@ -102919,7 +103061,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index a6613ff..b258926 100644 +index a6613ff..810aa44 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -102957,7 +103099,18 @@ index a6613ff..b258926 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -2689,6 +2692,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2010,6 +2013,10 @@ replay: + if (IS_ERR(dest_net)) + return PTR_ERR(dest_net); + ++ err = -EPERM; ++ if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN)) ++ goto out; ++ + dev = rtnl_create_link(dest_net, ifname, ops, tb); + if (IS_ERR(dev)) { + err = PTR_ERR(dev); +@@ -2689,6 +2696,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -102967,7 +103120,7 @@ index a6613ff..b258926 100644 have_flags = true; flags = nla_get_u16(attr); break; -@@ -2759,6 +2765,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2759,6 +2769,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -103340,6 +103493,23 @@ index cf9cd13..8b56af3 100644 .init = sysctl_core_net_init, .exit = sysctl_core_net_exit, }; +diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c +index 9e2f78b..c18aad6 100644 +--- a/net/dccp/minisocks.c ++++ b/net/dccp/minisocks.c +@@ -55,11 +55,9 @@ void dccp_time_wait(struct sock *sk, int state, int timeo) + const int rto = (icsk->icsk_rto << 2) - (icsk->icsk_rto >> 1); + #if IS_ENABLED(CONFIG_IPV6) + if (tw->tw_family == PF_INET6) { +- const struct ipv6_pinfo *np = inet6_sk(sk); +- + tw->tw_v6_daddr = sk->sk_v6_daddr; + tw->tw_v6_rcv_saddr = sk->sk_v6_rcv_saddr; +- tw->tw_ipv6only = np->ipv6only; ++ tw->tw_ipv6only = sk->sk_ipv6only; + } + #endif + /* Linkage updates. */ diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index 4c04848..f575934 100644 --- a/net/decnet/af_decnet.c @@ -103967,7 +104137,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 04ce671..d0a62e6 100644 +index 04ce671..f13b8c2 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103979,7 +104149,38 @@ index 04ce671..d0a62e6 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk) + kgid_t low, high; + int ret = 0; + ++ if (sk->sk_family == AF_INET6) ++ sk->sk_ipv6only = 1; ++ + inet_get_ping_group_range_net(net, &low, &high); + if (gid_lte(low, group) && gid_lte(group, high)) + return 0; +@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + if (addr_len < sizeof(*addr)) + return -EINVAL; + ++ if (addr->sin_family != AF_INET && ++ !(addr->sin_family == AF_UNSPEC && ++ addr->sin_addr.s_addr == htonl(INADDR_ANY))) ++ return -EAFNOSUPPORT; ++ + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n", + sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port)); + +@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + return -EINVAL; + + if (addr->sin6_family != AF_INET6) +- return -EINVAL; ++ return -EAFNOSUPPORT; + + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n", + sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port)); +@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -103988,7 +104189,7 @@ index 04ce671..d0a62e6 100644 scoped); rcu_read_unlock(); -@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -103997,7 +104198,7 @@ index 04ce671..d0a62e6 100644 #endif } -@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -104006,7 +104207,16 @@ index 04ce671..d0a62e6 100644 info, (u8 *)icmph); #endif } -@@ -860,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m + if (msg->msg_namelen < sizeof(*usin)) + return -EINVAL; + if (usin->sin_family != AF_INET) +- return -EINVAL; ++ return -EAFNOSUPPORT; + daddr = usin->sin_addr.s_addr; + /* no remote port */ + } else { +@@ -860,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, return ip_recv_error(sk, msg, len, addr_len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -104015,7 +104225,7 @@ index 04ce671..d0a62e6 100644 addr_len); #endif } -@@ -918,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -918,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -104028,7 +104238,7 @@ index 04ce671..d0a62e6 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1116,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1116,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -104441,7 +104651,7 @@ index b7effad..70ddfe0 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 7a436c5..1b05c59 100644 +index 7a436c5..84279ef 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -104455,6 +104665,15 @@ index 7a436c5..1b05c59 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); +@@ -298,7 +302,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo) + tw->tw_v6_rcv_saddr = sk->sk_v6_rcv_saddr; + tw->tw_tclass = np->tclass; + tw->tw_flowlabel = np->flow_label >> 12; +- tw->tw_ipv6only = np->ipv6only; ++ tw->tw_ipv6only = sk->sk_ipv6only; + } + #endif + @@ -709,7 +713,10 @@ embryonic_reset: * avoid becoming vulnerable to outside attack aiming at * resetting legit local connections. @@ -104826,9 +105045,36 @@ index 3f0ec06..230c2c5 100644 }; diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c -index d935889..2f64330 100644 +index d935889..d0f3a63 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c +@@ -200,7 +200,7 @@ lookup_protocol: + np->mcast_hops = IPV6_DEFAULT_MCASTHOPS; + np->mc_loop = 1; + np->pmtudisc = IPV6_PMTUDISC_WANT; +- np->ipv6only = net->ipv6.sysctl.bindv6only; ++ sk->sk_ipv6only = net->ipv6.sysctl.bindv6only; + + /* Init the ipv4 part of the socket since we can have sockets + * using v6 API for ipv4. +@@ -297,7 +297,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) + /* Binding to v4-mapped address on a v6-only socket + * makes no sense + */ +- if (np->ipv6only) { ++ if (sk->sk_ipv6only) { + err = -EINVAL; + goto out; + } +@@ -374,7 +374,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) + if (addr_type != IPV6_ADDR_ANY) { + sk->sk_userlocks |= SOCK_BINDADDR_LOCK; + if (addr_type != IPV6_ADDR_MAPPED) +- np->ipv6only = 1; ++ sk->sk_ipv6only = 1; + } + if (snum) + sk->sk_userlocks |= SOCK_BINDPORT_LOCK; @@ -776,7 +776,7 @@ static int __net_init inet6_net_init(struct net *net) net->ipv6.sysctl.bindv6only = 0; net->ipv6.sysctl.icmpv6_time = 1*HZ; @@ -104977,9 +105223,18 @@ index 28456c9..13a4115 100644 .maxtype = IFLA_VTI_MAX, .policy = vti6_policy, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index 0a00f44..bec42b2 100644 +index 0a00f44..123e322 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c +@@ -235,7 +235,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, + if (optlen < sizeof(int) || + inet_sk(sk)->inet_num) + goto e_inval; +- np->ipv6only = valbool; ++ sk->sk_ipv6only = valbool; + retv = 0; + break; + @@ -991,7 +991,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -104989,6 +105244,15 @@ index 0a00f44..bec42b2 100644 msg.msg_controllen = len; msg.msg_flags = flags; +@@ -1058,7 +1058,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, + } + + case IPV6_V6ONLY: +- val = np->ipv6only; ++ val = sk->sk_ipv6only; + break; + + case IPV6_RECVPKTINFO: diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index e080fbb..412b3cf 100644 --- a/net/ipv6/netfilter/ip6_tables.c @@ -105081,10 +105345,23 @@ index 767ab8d..c5ec70a 100644 return -ENOMEM; } diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c -index bda7429..469b26b 100644 +index bda7429..5b5bbe3 100644 --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c -@@ -246,6 +246,24 @@ static struct pernet_operations ping_v6_net_ops = { +@@ -103,9 +103,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + + if (msg->msg_name) { + DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name); +- if (msg->msg_namelen < sizeof(struct sockaddr_in6) || +- u->sin6_family != AF_INET6) { ++ if (msg->msg_namelen < sizeof(*u)) + return -EINVAL; ++ if (u->sin6_family != AF_INET6) { ++ return -EAFNOSUPPORT; + } + if (sk->sk_bound_dev_if && + sk->sk_bound_dev_if != u->sin6_scope_id) { +@@ -246,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = { }; #endif @@ -105109,7 +105386,7 @@ index bda7429..469b26b 100644 int __init pingv6_init(void) { #ifdef CONFIG_PROC_FS -@@ -253,13 +271,7 @@ int __init pingv6_init(void) +@@ -253,13 +272,7 @@ int __init pingv6_init(void) if (ret) return ret; #endif @@ -105124,7 +105401,7 @@ index bda7429..469b26b 100644 return inet6_register_protosw(&pingv6_protosw); } -@@ -268,14 +280,9 @@ int __init pingv6_init(void) +@@ -268,14 +281,9 @@ int __init pingv6_init(void) */ void pingv6_exit(void) { @@ -105401,10 +105678,10 @@ index a4f890d..5db3708 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 20b63d2..31a777d 100644 +index 20b63d2..babfcb8 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c -@@ -76,6 +76,10 @@ static unsigned int udp6_ehashfn(struct net *net, +@@ -76,10 +76,13 @@ static unsigned int udp6_ehashfn(struct net *net, udp_ipv6_hash_secret + net_hash_mix(net)); } @@ -105415,7 +105692,20 @@ index 20b63d2..31a777d 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk2_rcv_saddr6 = inet6_rcv_saddr(sk2); -@@ -435,7 +439,7 @@ try_again: +- int sk_ipv6only = ipv6_only_sock(sk); + int sk2_ipv6only = inet_v6_ipv6only(sk2); + int addr_type = ipv6_addr_type(&sk->sk_v6_rcv_saddr); + int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED; +@@ -95,7 +98,7 @@ int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) + return 1; + + if (addr_type == IPV6_ADDR_ANY && +- !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED)) ++ !(ipv6_only_sock(sk) && addr_type2 == IPV6_ADDR_MAPPED)) + return 1; + + if (sk2_rcv_saddr6 && +@@ -435,7 +438,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { @@ -105424,7 +105714,7 @@ index 20b63d2..31a777d 100644 if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, -@@ -690,7 +694,7 @@ csum_error: +@@ -690,7 +693,7 @@ csum_error: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); drop: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -105433,7 +105723,7 @@ index 20b63d2..31a777d 100644 kfree_skb(skb); return -1; } -@@ -747,7 +751,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -747,7 +750,7 @@ static void flush_stack(struct sock **stack, unsigned int count, if (likely(skb1 == NULL)) skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -105442,7 +105732,7 @@ index 20b63d2..31a777d 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -886,6 +890,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -886,6 +889,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -105959,6 +106249,18 @@ index 6ff1346..936ca9a 100644 return -EFAULT; return p; +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index e5a7ac2..dca076f 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -562,6 +562,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx) + if (tx->sdata->control_port_no_encrypt) + info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; + info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; ++ info->flags |= IEEE80211_TX_CTL_USE_MINRATE; + } + + return TX_CONTINUE; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 6427625..afa5a5a 100644 --- a/net/mac80211/util.c diff --git a/3.14.34/4425_grsec_remove_EI_PAX.patch b/3.14.35/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.14.34/4425_grsec_remove_EI_PAX.patch +++ b/3.14.35/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.34/4427_force_XATTR_PAX_tmpfs.patch b/3.14.35/4427_force_XATTR_PAX_tmpfs.patch index 4c236cc..4c236cc 100644 --- a/3.14.34/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.35/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.34/4430_grsec-remove-localversion-grsec.patch b/3.14.35/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.34/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.35/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.34/4435_grsec-mute-warnings.patch b/3.14.35/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.34/4435_grsec-mute-warnings.patch +++ b/3.14.35/4435_grsec-mute-warnings.patch diff --git a/3.14.34/4440_grsec-remove-protected-paths.patch b/3.14.35/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.34/4440_grsec-remove-protected-paths.patch +++ b/3.14.35/4440_grsec-remove-protected-paths.patch diff --git a/3.14.34/4450_grsec-kconfig-default-gids.patch b/3.14.35/4450_grsec-kconfig-default-gids.patch index 8c878fc..8c878fc 100644 --- a/3.14.34/4450_grsec-kconfig-default-gids.patch +++ b/3.14.35/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.34/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.35/4465_selinux-avc_audit-log-curr_ip.patch index bba906e..bba906e 100644 --- a/3.14.34/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.35/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.34/4470_disable-compat_vdso.patch b/3.14.35/4470_disable-compat_vdso.patch index 3b3953b..3b3953b 100644 --- a/3.14.34/4470_disable-compat_vdso.patch +++ b/3.14.35/4470_disable-compat_vdso.patch diff --git a/3.14.34/4475_emutramp_default_on.patch b/3.14.35/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.14.34/4475_emutramp_default_on.patch +++ b/3.14.35/4475_emutramp_default_on.patch diff --git a/3.18.8/0000_README b/3.18.9/0000_README index eca6688..099e6de 100644 --- a/3.18.8/0000_README +++ b/3.18.9/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.18.8-201502271843.patch +Patch: 1008_linux-3.18.9.patch +From: http://www.kernel.org +Desc: Linux 3.18.9 + +Patch: 4420_grsecurity-3.1-3.18.9-201503071142.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.18.9/1008_linux-3.18.9.patch b/3.18.9/1008_linux-3.18.9.patch new file mode 100644 index 0000000..a840bda --- /dev/null +++ b/3.18.9/1008_linux-3.18.9.patch @@ -0,0 +1,6044 @@ +diff --git a/Makefile b/Makefile +index 0b3f8a1..62b3338 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 18 +-SUBLEVEL = 8 ++SUBLEVEL = 9 + EXTRAVERSION = + NAME = Diseased Newt + +diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h +index 6b0b7f7e..7670f33 100644 +--- a/arch/arc/include/asm/pgtable.h ++++ b/arch/arc/include/asm/pgtable.h +@@ -259,7 +259,8 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep) + #define pmd_clear(xp) do { pmd_val(*(xp)) = 0; } while (0) + + #define pte_page(x) (mem_map + \ +- (unsigned long)(((pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT))) ++ (unsigned long)(((pte_val(x) - CONFIG_LINUX_LINK_BASE) >> \ ++ PAGE_SHIFT))) + + #define mk_pte(page, pgprot) \ + ({ \ +diff --git a/arch/arm/boot/dts/am335x-bone-common.dtsi b/arch/arm/boot/dts/am335x-bone-common.dtsi +index 6cc25ed..2c6248d 100644 +--- a/arch/arm/boot/dts/am335x-bone-common.dtsi ++++ b/arch/arm/boot/dts/am335x-bone-common.dtsi +@@ -195,6 +195,7 @@ + + &usb0 { + status = "okay"; ++ dr_mode = "peripheral"; + }; + + &usb1 { +diff --git a/arch/arm/boot/dts/bcm63138.dtsi b/arch/arm/boot/dts/bcm63138.dtsi +index f3bb2dd..c97844c 100644 +--- a/arch/arm/boot/dts/bcm63138.dtsi ++++ b/arch/arm/boot/dts/bcm63138.dtsi +@@ -66,8 +66,9 @@ + reg = <0x1d000 0x1000>; + cache-unified; + cache-level = <2>; +- cache-sets = <16>; +- cache-size = <0x80000>; ++ cache-size = <524288>; ++ cache-sets = <1024>; ++ cache-line-size = <32>; + interrupts = <GIC_PPI 0 IRQ_TYPE_LEVEL_HIGH>; + }; + +diff --git a/arch/arm/boot/dts/tegra20.dtsi b/arch/arm/boot/dts/tegra20.dtsi +index 8acf5d8..f76fe94 100644 +--- a/arch/arm/boot/dts/tegra20.dtsi ++++ b/arch/arm/boot/dts/tegra20.dtsi +@@ -68,9 +68,9 @@ + reset-names = "2d"; + }; + +- gr3d@54140000 { ++ gr3d@54180000 { + compatible = "nvidia,tegra20-gr3d"; +- reg = <0x54140000 0x00040000>; ++ reg = <0x54180000 0x00040000>; + clocks = <&tegra_car TEGRA20_CLK_GR3D>; + resets = <&tegra_car 24>; + reset-names = "3d"; +@@ -130,9 +130,9 @@ + status = "disabled"; + }; + +- dsi@542c0000 { ++ dsi@54300000 { + compatible = "nvidia,tegra20-dsi"; +- reg = <0x542c0000 0x00040000>; ++ reg = <0x54300000 0x00040000>; + clocks = <&tegra_car TEGRA20_CLK_DSI>; + resets = <&tegra_car 48>; + reset-names = "dsi"; +diff --git a/arch/arm/mach-mvebu/system-controller.c b/arch/arm/mach-mvebu/system-controller.c +index a068cb5..c6c132a 100644 +--- a/arch/arm/mach-mvebu/system-controller.c ++++ b/arch/arm/mach-mvebu/system-controller.c +@@ -126,7 +126,7 @@ int mvebu_system_controller_get_soc_id(u32 *dev, u32 *rev) + return -ENODEV; + } + +-#ifdef CONFIG_SMP ++#if defined(CONFIG_SMP) && defined(CONFIG_MACH_MVEBU_V7) + void mvebu_armada375_smp_wa_init(void) + { + u32 dev, rev; +diff --git a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +index 5684f11..4e9d2a9 100644 +--- a/arch/arm/mach-omap2/omap_hwmod_7xx_data.c ++++ b/arch/arm/mach-omap2/omap_hwmod_7xx_data.c +@@ -2017,7 +2017,7 @@ static struct omap_hwmod dra7xx_uart3_hwmod = { + .class = &dra7xx_uart_hwmod_class, + .clkdm_name = "l4per_clkdm", + .main_clk = "uart3_gfclk_mux", +- .flags = HWMOD_SWSUP_SIDLE_ACT, ++ .flags = HWMOD_SWSUP_SIDLE_ACT | DEBUG_OMAP4UART3_FLAGS, + .prcm = { + .omap4 = { + .clkctrl_offs = DRA7XX_CM_L4PER_UART3_CLKCTRL_OFFSET, +diff --git a/arch/arm/mach-pxa/corgi.c b/arch/arm/mach-pxa/corgi.c +index 06022b2..89f790d 100644 +--- a/arch/arm/mach-pxa/corgi.c ++++ b/arch/arm/mach-pxa/corgi.c +@@ -26,6 +26,7 @@ + #include <linux/i2c.h> + #include <linux/i2c/pxa-i2c.h> + #include <linux/io.h> ++#include <linux/regulator/machine.h> + #include <linux/spi/spi.h> + #include <linux/spi/ads7846.h> + #include <linux/spi/corgi_lcd.h> +@@ -752,6 +753,8 @@ static void __init corgi_init(void) + sharpsl_nand_partitions[1].size = 53 * 1024 * 1024; + + platform_add_devices(devices, ARRAY_SIZE(devices)); ++ ++ regulator_has_full_constraints(); + } + + static void __init fixup_corgi(struct tag *tags, char **cmdline) +diff --git a/arch/arm/mach-pxa/hx4700.c b/arch/arm/mach-pxa/hx4700.c +index c66ad4e..5fb41ad 100644 +--- a/arch/arm/mach-pxa/hx4700.c ++++ b/arch/arm/mach-pxa/hx4700.c +@@ -893,6 +893,8 @@ static void __init hx4700_init(void) + mdelay(10); + gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1); + mdelay(10); ++ ++ regulator_has_full_constraints(); + } + + MACHINE_START(H4700, "HP iPAQ HX4700") +diff --git a/arch/arm/mach-pxa/poodle.c b/arch/arm/mach-pxa/poodle.c +index 1319916..e81d216 100644 +--- a/arch/arm/mach-pxa/poodle.c ++++ b/arch/arm/mach-pxa/poodle.c +@@ -25,6 +25,7 @@ + #include <linux/gpio.h> + #include <linux/i2c.h> + #include <linux/i2c/pxa-i2c.h> ++#include <linux/regulator/machine.h> + #include <linux/spi/spi.h> + #include <linux/spi/ads7846.h> + #include <linux/spi/pxa2xx_spi.h> +@@ -455,6 +456,7 @@ static void __init poodle_init(void) + pxa_set_i2c_info(NULL); + i2c_register_board_info(0, ARRAY_AND_SIZE(poodle_i2c_devices)); + poodle_init_spi(); ++ regulator_has_full_constraints(); + } + + static void __init fixup_poodle(struct tag *tags, char **cmdline) +diff --git a/arch/arm/mach-sa1100/pm.c b/arch/arm/mach-sa1100/pm.c +index 6645d1e..34853d5 100644 +--- a/arch/arm/mach-sa1100/pm.c ++++ b/arch/arm/mach-sa1100/pm.c +@@ -81,6 +81,7 @@ static int sa11x0_pm_enter(suspend_state_t state) + /* + * Ensure not to come back here if it wasn't intended + */ ++ RCSR = RCSR_SMR; + PSPR = 0; + + /* +diff --git a/arch/arm/mach-vexpress/Kconfig b/arch/arm/mach-vexpress/Kconfig +index b2cfba16c..1886513 100644 +--- a/arch/arm/mach-vexpress/Kconfig ++++ b/arch/arm/mach-vexpress/Kconfig +@@ -75,6 +75,7 @@ config ARCH_VEXPRESS_TC2_PM + depends on MCPM + select ARM_CCI + select ARCH_VEXPRESS_SPC ++ select ARM_CPU_SUSPEND + help + Support for CPU and cluster power management on Versatile Express + with a TC2 (A15x2 A7x3) big.LITTLE core tile. +diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c +index 1b9ad02..76920d4 100644 +--- a/arch/arm64/kernel/signal32.c ++++ b/arch/arm64/kernel/signal32.c +@@ -154,8 +154,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) + case __SI_TIMER: + err |= __put_user(from->si_tid, &to->si_tid); + err |= __put_user(from->si_overrun, &to->si_overrun); +- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, +- &to->si_ptr); ++ err |= __put_user(from->si_int, &to->si_int); + break; + case __SI_POLL: + err |= __put_user(from->si_band, &to->si_band); +@@ -184,7 +183,7 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) + case __SI_MESGQ: /* But this is */ + err |= __put_user(from->si_pid, &to->si_pid); + err |= __put_user(from->si_uid, &to->si_uid); +- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr); ++ err |= __put_user(from->si_int, &to->si_int); + break; + default: /* this is just in case for now ... */ + err |= __put_user(from->si_pid, &to->si_pid); +diff --git a/arch/metag/include/asm/processor.h b/arch/metag/include/asm/processor.h +index 881071c..13272fd 100644 +--- a/arch/metag/include/asm/processor.h ++++ b/arch/metag/include/asm/processor.h +@@ -149,8 +149,8 @@ extern void exit_thread(void); + + unsigned long get_wchan(struct task_struct *p); + +-#define KSTK_EIP(tsk) ((tsk)->thread.kernel_context->CurrPC) +-#define KSTK_ESP(tsk) ((tsk)->thread.kernel_context->AX[0].U0) ++#define KSTK_EIP(tsk) (task_pt_regs(tsk)->ctx.CurrPC) ++#define KSTK_ESP(tsk) (task_pt_regs(tsk)->ctx.AX[0].U0) + + #define user_stack_pointer(regs) ((regs)->ctx.AX[0].U0) + +diff --git a/arch/mips/alchemy/common/clock.c b/arch/mips/alchemy/common/clock.c +index d7557cd..3fff11e 100644 +--- a/arch/mips/alchemy/common/clock.c ++++ b/arch/mips/alchemy/common/clock.c +@@ -128,6 +128,8 @@ static unsigned long alchemy_clk_cpu_recalc(struct clk_hw *hw, + t = 396000000; + else { + t = alchemy_rdsys(AU1000_SYS_CPUPLL) & 0x7f; ++ if (alchemy_get_cputype() < ALCHEMY_CPU_AU1300) ++ t &= 0x3f; + t *= parent_rate; + } + +diff --git a/arch/mips/include/asm/asmmacro.h b/arch/mips/include/asm/asmmacro.h +index 6caf876..71fef0a 100644 +--- a/arch/mips/include/asm/asmmacro.h ++++ b/arch/mips/include/asm/asmmacro.h +@@ -304,7 +304,7 @@ + .set push + .set noat + SET_HARDFLOAT +- add $1, \base, \off ++ addu $1, \base, \off + .word LDD_MSA_INSN | (\wd << 6) + .set pop + .endm +@@ -313,7 +313,7 @@ + .set push + .set noat + SET_HARDFLOAT +- add $1, \base, \off ++ addu $1, \base, \off + .word STD_MSA_INSN | (\wd << 6) + .set pop + .endm +diff --git a/arch/mips/include/asm/cpu-info.h b/arch/mips/include/asm/cpu-info.h +index a6c9ccb..c3f4f2d 100644 +--- a/arch/mips/include/asm/cpu-info.h ++++ b/arch/mips/include/asm/cpu-info.h +@@ -84,6 +84,11 @@ struct cpuinfo_mips { + * (shifted by _CACHE_SHIFT) + */ + unsigned int writecombine; ++ /* ++ * Simple counter to prevent enabling HTW in nested ++ * htw_start/htw_stop calls ++ */ ++ unsigned int htw_seq; + } __attribute__((aligned(SMP_CACHE_BYTES))); + + extern struct cpuinfo_mips cpu_data[]; +diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h +index 2f82568..bc01579 100644 +--- a/arch/mips/include/asm/mmu_context.h ++++ b/arch/mips/include/asm/mmu_context.h +@@ -25,7 +25,6 @@ do { \ + if (cpu_has_htw) { \ + write_c0_pwbase(pgd); \ + back_to_back_c0_hazard(); \ +- htw_reset(); \ + } \ + } while (0) + +@@ -142,6 +141,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, + unsigned long flags; + local_irq_save(flags); + ++ htw_stop(); + /* Check if our ASID is of an older version and thus invalid */ + if ((cpu_context(cpu, next) ^ asid_cache(cpu)) & ASID_VERSION_MASK) + get_new_mmu_context(next, cpu); +@@ -154,6 +154,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, + */ + cpumask_clear_cpu(cpu, mm_cpumask(prev)); + cpumask_set_cpu(cpu, mm_cpumask(next)); ++ htw_start(); + + local_irq_restore(flags); + } +@@ -180,6 +181,7 @@ activate_mm(struct mm_struct *prev, struct mm_struct *next) + + local_irq_save(flags); + ++ htw_stop(); + /* Unconditionally get a new ASID. */ + get_new_mmu_context(next, cpu); + +@@ -189,6 +191,7 @@ activate_mm(struct mm_struct *prev, struct mm_struct *next) + /* mark mmu ownership change */ + cpumask_clear_cpu(cpu, mm_cpumask(prev)); + cpumask_set_cpu(cpu, mm_cpumask(next)); ++ htw_start(); + + local_irq_restore(flags); + } +@@ -203,6 +206,7 @@ drop_mmu_context(struct mm_struct *mm, unsigned cpu) + unsigned long flags; + + local_irq_save(flags); ++ htw_stop(); + + if (cpumask_test_cpu(cpu, mm_cpumask(mm))) { + get_new_mmu_context(mm, cpu); +@@ -211,6 +215,7 @@ drop_mmu_context(struct mm_struct *mm, unsigned cpu) + /* will get a new context next time */ + cpu_context(cpu, mm) = 0; + } ++ htw_start(); + local_irq_restore(flags); + } + +diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h +index d6d1928..bc3fc4f 100644 +--- a/arch/mips/include/asm/pgtable.h ++++ b/arch/mips/include/asm/pgtable.h +@@ -99,29 +99,35 @@ extern void paging_init(void); + + #define htw_stop() \ + do { \ +- if (cpu_has_htw) \ +- write_c0_pwctl(read_c0_pwctl() & \ +- ~(1 << MIPS_PWCTL_PWEN_SHIFT)); \ ++ unsigned long flags; \ ++ \ ++ if (cpu_has_htw) { \ ++ local_irq_save(flags); \ ++ if(!raw_current_cpu_data.htw_seq++) { \ ++ write_c0_pwctl(read_c0_pwctl() & \ ++ ~(1 << MIPS_PWCTL_PWEN_SHIFT)); \ ++ back_to_back_c0_hazard(); \ ++ } \ ++ local_irq_restore(flags); \ ++ } \ + } while(0) + + #define htw_start() \ + do { \ +- if (cpu_has_htw) \ +- write_c0_pwctl(read_c0_pwctl() | \ +- (1 << MIPS_PWCTL_PWEN_SHIFT)); \ +-} while(0) +- +- +-#define htw_reset() \ +-do { \ ++ unsigned long flags; \ ++ \ + if (cpu_has_htw) { \ +- htw_stop(); \ +- back_to_back_c0_hazard(); \ +- htw_start(); \ +- back_to_back_c0_hazard(); \ ++ local_irq_save(flags); \ ++ if (!--raw_current_cpu_data.htw_seq) { \ ++ write_c0_pwctl(read_c0_pwctl() | \ ++ (1 << MIPS_PWCTL_PWEN_SHIFT)); \ ++ back_to_back_c0_hazard(); \ ++ } \ ++ local_irq_restore(flags); \ + } \ + } while(0) + ++ + extern void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, + pte_t pteval); + +@@ -153,12 +159,13 @@ static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *pt + { + pte_t null = __pte(0); + ++ htw_stop(); + /* Preserve global status for the pair */ + if (ptep_buddy(ptep)->pte_low & _PAGE_GLOBAL) + null.pte_low = null.pte_high = _PAGE_GLOBAL; + + set_pte_at(mm, addr, ptep, null); +- htw_reset(); ++ htw_start(); + } + #else + +@@ -188,6 +195,7 @@ static inline void set_pte(pte_t *ptep, pte_t pteval) + + static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) + { ++ htw_stop(); + #if !defined(CONFIG_CPU_R3000) && !defined(CONFIG_CPU_TX39XX) + /* Preserve global status for the pair */ + if (pte_val(*ptep_buddy(ptep)) & _PAGE_GLOBAL) +@@ -195,7 +203,7 @@ static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *pt + else + #endif + set_pte_at(mm, addr, ptep, __pte(0)); +- htw_reset(); ++ htw_start(); + } + #endif + +diff --git a/arch/mips/kernel/cps-vec.S b/arch/mips/kernel/cps-vec.S +index 0384b05..55b759a 100644 +--- a/arch/mips/kernel/cps-vec.S ++++ b/arch/mips/kernel/cps-vec.S +@@ -99,11 +99,11 @@ not_nmi: + xori t2, t1, 0x7 + beqz t2, 1f + li t3, 32 +- addi t1, t1, 1 ++ addiu t1, t1, 1 + sllv t1, t3, t1 + 1: /* At this point t1 == I-cache sets per way */ + _EXT t2, v0, MIPS_CONF1_IA_SHF, MIPS_CONF1_IA_SZ +- addi t2, t2, 1 ++ addiu t2, t2, 1 + mul t1, t1, t0 + mul t1, t1, t2 + +@@ -126,11 +126,11 @@ icache_done: + xori t2, t1, 0x7 + beqz t2, 1f + li t3, 32 +- addi t1, t1, 1 ++ addiu t1, t1, 1 + sllv t1, t3, t1 + 1: /* At this point t1 == D-cache sets per way */ + _EXT t2, v0, MIPS_CONF1_DA_SHF, MIPS_CONF1_DA_SZ +- addi t2, t2, 1 ++ addiu t2, t2, 1 + mul t1, t1, t0 + mul t1, t1, t2 + +@@ -250,7 +250,7 @@ LEAF(mips_cps_core_init) + mfc0 t0, CP0_MVPCONF0 + srl t0, t0, MVPCONF0_PVPE_SHIFT + andi t0, t0, (MVPCONF0_PVPE >> MVPCONF0_PVPE_SHIFT) +- addi t7, t0, 1 ++ addiu t7, t0, 1 + + /* If there's only 1, we're done */ + beqz t0, 2f +@@ -280,7 +280,7 @@ LEAF(mips_cps_core_init) + mttc0 t0, CP0_TCHALT + + /* Next VPE */ +- addi t5, t5, 1 ++ addiu t5, t5, 1 + slt t0, t5, t7 + bnez t0, 1b + nop +@@ -317,7 +317,7 @@ LEAF(mips_cps_boot_vpes) + mfc0 t1, CP0_MVPCONF0 + srl t1, t1, MVPCONF0_PVPE_SHIFT + andi t1, t1, MVPCONF0_PVPE >> MVPCONF0_PVPE_SHIFT +- addi t1, t1, 1 ++ addiu t1, t1, 1 + + /* Calculate a mask for the VPE ID from EBase.CPUNum */ + clz t1, t1 +@@ -424,7 +424,7 @@ LEAF(mips_cps_boot_vpes) + + /* Next VPE */ + 2: srl t6, t6, 1 +- addi t5, t5, 1 ++ addiu t5, t5, 1 + bnez t6, 1b + nop + +diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c +index dc49cf3..5d6e59f 100644 +--- a/arch/mips/kernel/cpu-probe.c ++++ b/arch/mips/kernel/cpu-probe.c +@@ -367,8 +367,10 @@ static inline unsigned int decode_config3(struct cpuinfo_mips *c) + if (config3 & MIPS_CONF3_MSA) + c->ases |= MIPS_ASE_MSA; + /* Only tested on 32-bit cores */ +- if ((config3 & MIPS_CONF3_PW) && config_enabled(CONFIG_32BIT)) ++ if ((config3 & MIPS_CONF3_PW) && config_enabled(CONFIG_32BIT)) { ++ c->htw_seq = 0; + c->options |= MIPS_CPU_HTW; ++ } + + return config3 & MIPS_CONF_M; + } +diff --git a/arch/mips/kernel/mips_ksyms.c b/arch/mips/kernel/mips_ksyms.c +index 2607c3a..1b2452e 100644 +--- a/arch/mips/kernel/mips_ksyms.c ++++ b/arch/mips/kernel/mips_ksyms.c +@@ -14,6 +14,8 @@ + #include <linux/mm.h> + #include <asm/uaccess.h> + #include <asm/ftrace.h> ++#include <asm/fpu.h> ++#include <asm/msa.h> + + extern void *__bzero(void *__s, size_t __count); + extern long __strncpy_from_kernel_nocheck_asm(char *__to, +@@ -34,6 +36,14 @@ extern long __strnlen_user_nocheck_asm(const char *s); + extern long __strnlen_user_asm(const char *s); + + /* ++ * Core architecture code ++ */ ++EXPORT_SYMBOL_GPL(_save_fp); ++#ifdef CONFIG_CPU_HAS_MSA ++EXPORT_SYMBOL_GPL(_save_msa); ++#endif ++ ++/* + * String functions + */ + EXPORT_SYMBOL(memset); +diff --git a/arch/mips/kvm/locore.S b/arch/mips/kvm/locore.S +index d7279c0..4a68b17 100644 +--- a/arch/mips/kvm/locore.S ++++ b/arch/mips/kvm/locore.S +@@ -434,7 +434,7 @@ __kvm_mips_return_to_guest: + /* Setup status register for running guest in UM */ + .set at + or v1, v1, (ST0_EXL | KSU_USER | ST0_IE) +- and v1, v1, ~ST0_CU0 ++ and v1, v1, ~(ST0_CU0 | ST0_MX) + .set noat + mtc0 v1, CP0_STATUS + ehb +diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c +index e3b21e5..270bbd4 100644 +--- a/arch/mips/kvm/mips.c ++++ b/arch/mips/kvm/mips.c +@@ -15,9 +15,11 @@ + #include <linux/vmalloc.h> + #include <linux/fs.h> + #include <linux/bootmem.h> ++#include <asm/fpu.h> + #include <asm/page.h> + #include <asm/cacheflush.h> + #include <asm/mmu_context.h> ++#include <asm/pgtable.h> + + #include <linux/kvm_host.h> + +@@ -378,6 +380,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run) + vcpu->mmio_needed = 0; + } + ++ lose_fpu(1); ++ + local_irq_disable(); + /* Check if we have any exceptions/interrupts pending */ + kvm_mips_deliver_interrupts(vcpu, +@@ -385,8 +389,14 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run) + + kvm_guest_enter(); + ++ /* Disable hardware page table walking while in guest */ ++ htw_stop(); ++ + r = __kvm_mips_vcpu_run(run, vcpu); + ++ /* Re-enable HTW before enabling interrupts */ ++ htw_start(); ++ + kvm_guest_exit(); + local_irq_enable(); + +@@ -980,9 +990,6 @@ static void kvm_mips_set_c0_status(void) + { + uint32_t status = read_c0_status(); + +- if (cpu_has_fpu) +- status |= (ST0_CU1); +- + if (cpu_has_dsp) + status |= (ST0_MX); + +@@ -1002,6 +1009,9 @@ int kvm_mips_handle_exit(struct kvm_run *run, struct kvm_vcpu *vcpu) + enum emulation_result er = EMULATE_DONE; + int ret = RESUME_GUEST; + ++ /* re-enable HTW before enabling interrupts */ ++ htw_start(); ++ + /* Set a default exit reason */ + run->exit_reason = KVM_EXIT_UNKNOWN; + run->ready_for_interrupt_injection = 1; +@@ -1136,6 +1146,9 @@ skip_emul: + } + } + ++ /* Disable HTW before returning to guest or host */ ++ htw_stop(); ++ + return ret; + } + +diff --git a/arch/powerpc/sysdev/axonram.c b/arch/powerpc/sysdev/axonram.c +index ad56edc..e8bb33b 100644 +--- a/arch/powerpc/sysdev/axonram.c ++++ b/arch/powerpc/sysdev/axonram.c +@@ -156,7 +156,7 @@ axon_ram_direct_access(struct block_device *device, sector_t sector, + } + + *kaddr = (void *)(bank->ph_addr + offset); +- *pfn = virt_to_phys(kaddr) >> PAGE_SHIFT; ++ *pfn = virt_to_phys(*kaddr) >> PAGE_SHIFT; + + return 0; + } +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c +index 4fc3fed..29e2e5a 100644 +--- a/arch/s390/kvm/interrupt.c ++++ b/arch/s390/kvm/interrupt.c +@@ -613,7 +613,7 @@ no_timer: + __unset_cpu_idle(vcpu); + vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); + +- hrtimer_try_to_cancel(&vcpu->arch.ckc_timer); ++ hrtimer_cancel(&vcpu->arch.ckc_timer); + return 0; + } + +@@ -633,10 +633,20 @@ void kvm_s390_vcpu_wakeup(struct kvm_vcpu *vcpu) + enum hrtimer_restart kvm_s390_idle_wakeup(struct hrtimer *timer) + { + struct kvm_vcpu *vcpu; ++ u64 now, sltime; + + vcpu = container_of(timer, struct kvm_vcpu, arch.ckc_timer); +- kvm_s390_vcpu_wakeup(vcpu); ++ now = get_tod_clock_fast() + vcpu->arch.sie_block->epoch; ++ sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now); + ++ /* ++ * If the monotonic clock runs faster than the tod clock we might be ++ * woken up too early and have to go back to sleep to avoid deadlocks. ++ */ ++ if (vcpu->arch.sie_block->ckc > now && ++ hrtimer_forward_now(timer, ns_to_ktime(sltime))) ++ return HRTIMER_RESTART; ++ kvm_s390_vcpu_wakeup(vcpu); + return HRTIMER_NORESTART; + } + +@@ -840,6 +850,8 @@ static int __inject_vm(struct kvm *kvm, struct kvm_s390_interrupt_info *inti) + list_add_tail(&inti->list, &iter->list); + } + atomic_set(&fi->active, 1); ++ if (atomic_read(&kvm->online_vcpus) == 0) ++ goto unlock_fi; + sigcpu = find_first_bit(fi->idle_mask, KVM_MAX_VCPUS); + if (sigcpu == KVM_MAX_VCPUS) { + do { +@@ -864,6 +876,7 @@ int kvm_s390_inject_vm(struct kvm *kvm, + struct kvm_s390_interrupt *s390int) + { + struct kvm_s390_interrupt_info *inti; ++ int rc; + + inti = kzalloc(sizeof(*inti), GFP_KERNEL); + if (!inti) +@@ -911,7 +924,10 @@ int kvm_s390_inject_vm(struct kvm *kvm, + trace_kvm_s390_inject_vm(s390int->type, s390int->parm, s390int->parm64, + 2); + +- return __inject_vm(kvm, inti); ++ rc = __inject_vm(kvm, inti); ++ if (rc) ++ kfree(inti); ++ return rc; + } + + void kvm_s390_reinject_io_int(struct kvm *kvm, +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c +index 55aade4..ced09d8 100644 +--- a/arch/s390/kvm/kvm-s390.c ++++ b/arch/s390/kvm/kvm-s390.c +@@ -662,7 +662,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) + if (rc) + return rc; + } +- hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_REALTIME, HRTIMER_MODE_ABS); ++ hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + vcpu->arch.ckc_timer.function = kvm_s390_idle_wakeup; + get_cpu_id(&vcpu->arch.cpu_id); + vcpu->arch.cpu_id.version = 0xff; +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile +index 6a1a845..30c0acf 100644 +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -36,6 +36,7 @@ vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/aslr.o + $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone + + vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o ++vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o + + $(obj)/vmlinux: $(vmlinux-objs-y) FORCE + $(call if_changed,ld) +diff --git a/arch/x86/boot/compressed/efi_stub_64.S b/arch/x86/boot/compressed/efi_stub_64.S +index 7ff3632..99494df 100644 +--- a/arch/x86/boot/compressed/efi_stub_64.S ++++ b/arch/x86/boot/compressed/efi_stub_64.S +@@ -3,28 +3,3 @@ + #include <asm/processor-flags.h> + + #include "../../platform/efi/efi_stub_64.S" +- +-#ifdef CONFIG_EFI_MIXED +- .code64 +- .text +-ENTRY(efi64_thunk) +- push %rbp +- push %rbx +- +- subq $16, %rsp +- leaq efi_exit32(%rip), %rax +- movl %eax, 8(%rsp) +- leaq efi_gdt64(%rip), %rax +- movl %eax, 4(%rsp) +- movl %eax, 2(%rax) /* Fixup the gdt base address */ +- leaq efi32_boot_gdt(%rip), %rax +- movl %eax, (%rsp) +- +- call __efi64_thunk +- +- addq $16, %rsp +- pop %rbx +- pop %rbp +- ret +-ENDPROC(efi64_thunk) +-#endif /* CONFIG_EFI_MIXED */ +diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S +new file mode 100644 +index 0000000..630384a +--- /dev/null ++++ b/arch/x86/boot/compressed/efi_thunk_64.S +@@ -0,0 +1,196 @@ ++/* ++ * Copyright (C) 2014, 2015 Intel Corporation; author Matt Fleming ++ * ++ * Early support for invoking 32-bit EFI services from a 64-bit kernel. ++ * ++ * Because this thunking occurs before ExitBootServices() we have to ++ * restore the firmware's 32-bit GDT before we make EFI serivce calls, ++ * since the firmware's 32-bit IDT is still currently installed and it ++ * needs to be able to service interrupts. ++ * ++ * On the plus side, we don't have to worry about mangling 64-bit ++ * addresses into 32-bits because we're executing with an identify ++ * mapped pagetable and haven't transitioned to 64-bit virtual addresses ++ * yet. ++ */ ++ ++#include <linux/linkage.h> ++#include <asm/msr.h> ++#include <asm/page_types.h> ++#include <asm/processor-flags.h> ++#include <asm/segment.h> ++ ++ .code64 ++ .text ++ENTRY(efi64_thunk) ++ push %rbp ++ push %rbx ++ ++ subq $8, %rsp ++ leaq efi_exit32(%rip), %rax ++ movl %eax, 4(%rsp) ++ leaq efi_gdt64(%rip), %rax ++ movl %eax, (%rsp) ++ movl %eax, 2(%rax) /* Fixup the gdt base address */ ++ ++ movl %ds, %eax ++ push %rax ++ movl %es, %eax ++ push %rax ++ movl %ss, %eax ++ push %rax ++ ++ /* ++ * Convert x86-64 ABI params to i386 ABI ++ */ ++ subq $32, %rsp ++ movl %esi, 0x0(%rsp) ++ movl %edx, 0x4(%rsp) ++ movl %ecx, 0x8(%rsp) ++ movq %r8, %rsi ++ movl %esi, 0xc(%rsp) ++ movq %r9, %rsi ++ movl %esi, 0x10(%rsp) ++ ++ sgdt save_gdt(%rip) ++ ++ leaq 1f(%rip), %rbx ++ movq %rbx, func_rt_ptr(%rip) ++ ++ /* ++ * Switch to gdt with 32-bit segments. This is the firmware GDT ++ * that was installed when the kernel started executing. This ++ * pointer was saved at the EFI stub entry point in head_64.S. ++ */ ++ leaq efi32_boot_gdt(%rip), %rax ++ lgdt (%rax) ++ ++ pushq $__KERNEL_CS ++ leaq efi_enter32(%rip), %rax ++ pushq %rax ++ lretq ++ ++1: addq $32, %rsp ++ ++ lgdt save_gdt(%rip) ++ ++ pop %rbx ++ movl %ebx, %ss ++ pop %rbx ++ movl %ebx, %es ++ pop %rbx ++ movl %ebx, %ds ++ ++ /* ++ * Convert 32-bit status code into 64-bit. ++ */ ++ test %rax, %rax ++ jz 1f ++ movl %eax, %ecx ++ andl $0x0fffffff, %ecx ++ andl $0xf0000000, %eax ++ shl $32, %rax ++ or %rcx, %rax ++1: ++ addq $8, %rsp ++ pop %rbx ++ pop %rbp ++ ret ++ENDPROC(efi64_thunk) ++ ++ENTRY(efi_exit32) ++ movq func_rt_ptr(%rip), %rax ++ push %rax ++ mov %rdi, %rax ++ ret ++ENDPROC(efi_exit32) ++ ++ .code32 ++/* ++ * EFI service pointer must be in %edi. ++ * ++ * The stack should represent the 32-bit calling convention. ++ */ ++ENTRY(efi_enter32) ++ movl $__KERNEL_DS, %eax ++ movl %eax, %ds ++ movl %eax, %es ++ movl %eax, %ss ++ ++ /* Reload pgtables */ ++ movl %cr3, %eax ++ movl %eax, %cr3 ++ ++ /* Disable paging */ ++ movl %cr0, %eax ++ btrl $X86_CR0_PG_BIT, %eax ++ movl %eax, %cr0 ++ ++ /* Disable long mode via EFER */ ++ movl $MSR_EFER, %ecx ++ rdmsr ++ btrl $_EFER_LME, %eax ++ wrmsr ++ ++ call *%edi ++ ++ /* We must preserve return value */ ++ movl %eax, %edi ++ ++ /* ++ * Some firmware will return with interrupts enabled. Be sure to ++ * disable them before we switch GDTs. ++ */ ++ cli ++ ++ movl 56(%esp), %eax ++ movl %eax, 2(%eax) ++ lgdtl (%eax) ++ ++ movl %cr4, %eax ++ btsl $(X86_CR4_PAE_BIT), %eax ++ movl %eax, %cr4 ++ ++ movl %cr3, %eax ++ movl %eax, %cr3 ++ ++ movl $MSR_EFER, %ecx ++ rdmsr ++ btsl $_EFER_LME, %eax ++ wrmsr ++ ++ xorl %eax, %eax ++ lldt %ax ++ ++ movl 60(%esp), %eax ++ pushl $__KERNEL_CS ++ pushl %eax ++ ++ /* Enable paging */ ++ movl %cr0, %eax ++ btsl $X86_CR0_PG_BIT, %eax ++ movl %eax, %cr0 ++ lret ++ENDPROC(efi_enter32) ++ ++ .data ++ .balign 8 ++ .global efi32_boot_gdt ++efi32_boot_gdt: .word 0 ++ .quad 0 ++ ++save_gdt: .word 0 ++ .quad 0 ++func_rt_ptr: .quad 0 ++ ++ .global efi_gdt64 ++efi_gdt64: ++ .word efi_gdt64_end - efi_gdt64 ++ .long 0 /* Filled out by user */ ++ .word 0 ++ .quad 0x0000000000000000 /* NULL descriptor */ ++ .quad 0x00af9a000000ffff /* __KERNEL_CS */ ++ .quad 0x00cf92000000ffff /* __KERNEL_DS */ ++ .quad 0x0080890000000000 /* TS descriptor */ ++ .quad 0x0000000000000000 /* TS continued */ ++efi_gdt64_end: +diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c +index a142e77..a3eadfd 100644 +--- a/arch/x86/kernel/acpi/boot.c ++++ b/arch/x86/kernel/acpi/boot.c +@@ -604,18 +604,24 @@ void __init acpi_pic_sci_set_trigger(unsigned int irq, u16 trigger) + + int acpi_gsi_to_irq(u32 gsi, unsigned int *irqp) + { +- int irq; ++ int rc, irq, trigger, polarity; + + if (acpi_irq_model == ACPI_IRQ_MODEL_PIC) { + *irqp = gsi; +- } else { +- irq = mp_map_gsi_to_irq(gsi, +- IOAPIC_MAP_ALLOC | IOAPIC_MAP_CHECK); +- if (irq < 0) +- return -1; +- *irqp = irq; ++ return 0; + } +- return 0; ++ ++ rc = acpi_get_override_irq(gsi, &trigger, &polarity); ++ if (rc == 0) { ++ trigger = trigger ? ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE; ++ polarity = polarity ? ACPI_ACTIVE_LOW : ACPI_ACTIVE_HIGH; ++ irq = acpi_register_gsi(NULL, gsi, trigger, polarity); ++ if (irq >= 0) { ++ *irqp = irq; ++ return 0; ++ } ++ } ++ return -1; + } + EXPORT_SYMBOL_GPL(acpi_gsi_to_irq); + +diff --git a/arch/x86/kernel/pmc_atom.c b/arch/x86/kernel/pmc_atom.c +index 0ee5025e..8bb9a61 100644 +--- a/arch/x86/kernel/pmc_atom.c ++++ b/arch/x86/kernel/pmc_atom.c +@@ -217,6 +217,8 @@ static int pmc_dbgfs_register(struct pmc_dev *pmc, struct pci_dev *pdev) + if (!dir) + return -ENOMEM; + ++ pmc->dbgfs_dir = dir; ++ + f = debugfs_create_file("dev_state", S_IFREG | S_IRUGO, + dir, pmc, &pmc_dev_state_ops); + if (!f) { +@@ -229,7 +231,7 @@ static int pmc_dbgfs_register(struct pmc_dev *pmc, struct pci_dev *pdev) + dev_err(&pdev->dev, "sleep_state register failed\n"); + goto err; + } +- pmc->dbgfs_dir = dir; ++ + return 0; + err: + pmc_dbgfs_unregister(pmc); +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 506488c..8b92cf4 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1237,21 +1237,22 @@ void kvm_track_tsc_matching(struct kvm_vcpu *vcpu) + { + #ifdef CONFIG_X86_64 + bool vcpus_matched; +- bool do_request = false; + struct kvm_arch *ka = &vcpu->kvm->arch; + struct pvclock_gtod_data *gtod = &pvclock_gtod_data; + + vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 == + atomic_read(&vcpu->kvm->online_vcpus)); + +- if (vcpus_matched && gtod->clock.vclock_mode == VCLOCK_TSC) +- if (!ka->use_master_clock) +- do_request = 1; +- +- if (!vcpus_matched && ka->use_master_clock) +- do_request = 1; +- +- if (do_request) ++ /* ++ * Once the masterclock is enabled, always perform request in ++ * order to update it. ++ * ++ * In order to enable masterclock, the host clocksource must be TSC ++ * and the vcpus need to have matched TSCs. When that happens, ++ * perform request to enable masterclock. ++ */ ++ if (ka->use_master_clock || ++ (gtod->clock.vclock_mode == VCLOCK_TSC && vcpus_matched)) + kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu); + + trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc, +diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c +index 207d9aef..448ee89 100644 +--- a/arch/x86/mm/gup.c ++++ b/arch/x86/mm/gup.c +@@ -172,7 +172,7 @@ static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end, + */ + if (pmd_none(pmd) || pmd_trans_splitting(pmd)) + return 0; +- if (unlikely(pmd_large(pmd))) { ++ if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) { + /* + * NUMA hinting faults need to be handled in the GUP + * slowpath for accounting purposes and so that they +diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c +index 8b977eb..006cc91 100644 +--- a/arch/x86/mm/hugetlbpage.c ++++ b/arch/x86/mm/hugetlbpage.c +@@ -66,9 +66,15 @@ follow_huge_addr(struct mm_struct *mm, unsigned long address, int write) + return ERR_PTR(-EINVAL); + } + ++/* ++ * pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal ++ * hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry. ++ * Otherwise, returns 0. ++ */ + int pmd_huge(pmd_t pmd) + { +- return !!(pmd_val(pmd) & _PAGE_PSE); ++ return !pmd_none(pmd) && ++ (pmd_val(pmd) & (_PAGE_PRESENT|_PAGE_PSE)) != _PAGE_PRESENT; + } + + int pud_huge(pud_t pud) +diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c +index 919b912..df4552b 100644 +--- a/arch/x86/mm/mmap.c ++++ b/arch/x86/mm/mmap.c +@@ -35,12 +35,12 @@ struct va_alignment __read_mostly va_align = { + .flags = -1, + }; + +-static unsigned int stack_maxrandom_size(void) ++static unsigned long stack_maxrandom_size(void) + { +- unsigned int max = 0; ++ unsigned long max = 0; + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) { +- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; ++ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT; + } + + return max; +diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c +index 093f5f4..6b3cf7c 100644 +--- a/arch/x86/pci/xen.c ++++ b/arch/x86/pci/xen.c +@@ -452,52 +452,6 @@ int __init pci_xen_hvm_init(void) + } + + #ifdef CONFIG_XEN_DOM0 +-static __init void xen_setup_acpi_sci(void) +-{ +- int rc; +- int trigger, polarity; +- int gsi = acpi_sci_override_gsi; +- int irq = -1; +- int gsi_override = -1; +- +- if (!gsi) +- return; +- +- rc = acpi_get_override_irq(gsi, &trigger, &polarity); +- if (rc) { +- printk(KERN_WARNING "xen: acpi_get_override_irq failed for acpi" +- " sci, rc=%d\n", rc); +- return; +- } +- trigger = trigger ? ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE; +- polarity = polarity ? ACPI_ACTIVE_LOW : ACPI_ACTIVE_HIGH; +- +- printk(KERN_INFO "xen: sci override: global_irq=%d trigger=%d " +- "polarity=%d\n", gsi, trigger, polarity); +- +- /* Before we bind the GSI to a Linux IRQ, check whether +- * we need to override it with bus_irq (IRQ) value. Usually for +- * IRQs below IRQ_LEGACY_IRQ this holds IRQ == GSI, as so: +- * ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level) +- * but there are oddballs where the IRQ != GSI: +- * ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 20 low level) +- * which ends up being: gsi_to_irq[9] == 20 +- * (which is what acpi_gsi_to_irq ends up calling when starting the +- * the ACPI interpreter and keels over since IRQ 9 has not been +- * setup as we had setup IRQ 20 for it). +- */ +- if (acpi_gsi_to_irq(gsi, &irq) == 0) { +- /* Use the provided value if it's valid. */ +- if (irq >= 0) +- gsi_override = irq; +- } +- +- gsi = xen_register_gsi(gsi, gsi_override, trigger, polarity); +- printk(KERN_INFO "xen: acpi sci %d\n", gsi); +- +- return; +-} +- + int __init pci_xen_initial_domain(void) + { + int irq; +@@ -509,7 +463,6 @@ int __init pci_xen_initial_domain(void) + x86_msi.msi_mask_irq = xen_nop_msi_mask_irq; + x86_msi.msix_mask_irq = xen_nop_msix_mask_irq; + #endif +- xen_setup_acpi_sci(); + __acpi_register_gsi = acpi_register_gsi_xen; + /* Pre-allocate legacy irqs */ + for (irq = 0; irq < nr_legacy_irqs(); irq++) { +diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S +index 5fcda72..86d0f9e 100644 +--- a/arch/x86/platform/efi/efi_stub_64.S ++++ b/arch/x86/platform/efi/efi_stub_64.S +@@ -91,167 +91,6 @@ ENTRY(efi_call) + ret + ENDPROC(efi_call) + +-#ifdef CONFIG_EFI_MIXED +- +-/* +- * We run this function from the 1:1 mapping. +- * +- * This function must be invoked with a 1:1 mapped stack. +- */ +-ENTRY(__efi64_thunk) +- movl %ds, %eax +- push %rax +- movl %es, %eax +- push %rax +- movl %ss, %eax +- push %rax +- +- subq $32, %rsp +- movl %esi, 0x0(%rsp) +- movl %edx, 0x4(%rsp) +- movl %ecx, 0x8(%rsp) +- movq %r8, %rsi +- movl %esi, 0xc(%rsp) +- movq %r9, %rsi +- movl %esi, 0x10(%rsp) +- +- sgdt save_gdt(%rip) +- +- leaq 1f(%rip), %rbx +- movq %rbx, func_rt_ptr(%rip) +- +- /* Switch to gdt with 32-bit segments */ +- movl 64(%rsp), %eax +- lgdt (%rax) +- +- leaq efi_enter32(%rip), %rax +- pushq $__KERNEL_CS +- pushq %rax +- lretq +- +-1: addq $32, %rsp +- +- lgdt save_gdt(%rip) +- +- pop %rbx +- movl %ebx, %ss +- pop %rbx +- movl %ebx, %es +- pop %rbx +- movl %ebx, %ds +- +- /* +- * Convert 32-bit status code into 64-bit. +- */ +- test %rax, %rax +- jz 1f +- movl %eax, %ecx +- andl $0x0fffffff, %ecx +- andl $0xf0000000, %eax +- shl $32, %rax +- or %rcx, %rax +-1: +- ret +-ENDPROC(__efi64_thunk) +- +-ENTRY(efi_exit32) +- movq func_rt_ptr(%rip), %rax +- push %rax +- mov %rdi, %rax +- ret +-ENDPROC(efi_exit32) +- +- .code32 +-/* +- * EFI service pointer must be in %edi. +- * +- * The stack should represent the 32-bit calling convention. +- */ +-ENTRY(efi_enter32) +- movl $__KERNEL_DS, %eax +- movl %eax, %ds +- movl %eax, %es +- movl %eax, %ss +- +- /* Reload pgtables */ +- movl %cr3, %eax +- movl %eax, %cr3 +- +- /* Disable paging */ +- movl %cr0, %eax +- btrl $X86_CR0_PG_BIT, %eax +- movl %eax, %cr0 +- +- /* Disable long mode via EFER */ +- movl $MSR_EFER, %ecx +- rdmsr +- btrl $_EFER_LME, %eax +- wrmsr +- +- call *%edi +- +- /* We must preserve return value */ +- movl %eax, %edi +- +- /* +- * Some firmware will return with interrupts enabled. Be sure to +- * disable them before we switch GDTs. +- */ +- cli +- +- movl 68(%esp), %eax +- movl %eax, 2(%eax) +- lgdtl (%eax) +- +- movl %cr4, %eax +- btsl $(X86_CR4_PAE_BIT), %eax +- movl %eax, %cr4 +- +- movl %cr3, %eax +- movl %eax, %cr3 +- +- movl $MSR_EFER, %ecx +- rdmsr +- btsl $_EFER_LME, %eax +- wrmsr +- +- xorl %eax, %eax +- lldt %ax +- +- movl 72(%esp), %eax +- pushl $__KERNEL_CS +- pushl %eax +- +- /* Enable paging */ +- movl %cr0, %eax +- btsl $X86_CR0_PG_BIT, %eax +- movl %eax, %cr0 +- lret +-ENDPROC(efi_enter32) +- +- .data +- .balign 8 +- .global efi32_boot_gdt +-efi32_boot_gdt: .word 0 +- .quad 0 +- +-save_gdt: .word 0 +- .quad 0 +-func_rt_ptr: .quad 0 +- +- .global efi_gdt64 +-efi_gdt64: +- .word efi_gdt64_end - efi_gdt64 +- .long 0 /* Filled out by user */ +- .word 0 +- .quad 0x0000000000000000 /* NULL descriptor */ +- .quad 0x00af9a000000ffff /* __KERNEL_CS */ +- .quad 0x00cf92000000ffff /* __KERNEL_DS */ +- .quad 0x0080890000000000 /* TS descriptor */ +- .quad 0x0000000000000000 /* TS continued */ +-efi_gdt64_end: +-#endif /* CONFIG_EFI_MIXED */ +- + .data + ENTRY(efi_scratch) + .fill 3,8,0 +diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S +index 8806fa7..ff85d28 100644 +--- a/arch/x86/platform/efi/efi_thunk_64.S ++++ b/arch/x86/platform/efi/efi_thunk_64.S +@@ -1,9 +1,26 @@ + /* + * Copyright (C) 2014 Intel Corporation; author Matt Fleming ++ * ++ * Support for invoking 32-bit EFI runtime services from a 64-bit ++ * kernel. ++ * ++ * The below thunking functions are only used after ExitBootServices() ++ * has been called. This simplifies things considerably as compared with ++ * the early EFI thunking because we can leave all the kernel state ++ * intact (GDT, IDT, etc) and simply invoke the the 32-bit EFI runtime ++ * services from __KERNEL32_CS. This means we can continue to service ++ * interrupts across an EFI mixed mode call. ++ * ++ * We do however, need to handle the fact that we're running in a full ++ * 64-bit virtual address space. Things like the stack and instruction ++ * addresses need to be accessible by the 32-bit firmware, so we rely on ++ * using the identity mappings in the EFI page table to access the stack ++ * and kernel text (see efi_setup_page_tables()). + */ + + #include <linux/linkage.h> + #include <asm/page_types.h> ++#include <asm/segment.h> + + .text + .code64 +@@ -33,14 +50,6 @@ ENTRY(efi64_thunk) + leaq efi_exit32(%rip), %rbx + subq %rax, %rbx + movl %ebx, 8(%rsp) +- leaq efi_gdt64(%rip), %rbx +- subq %rax, %rbx +- movl %ebx, 2(%ebx) +- movl %ebx, 4(%rsp) +- leaq efi_gdt32(%rip), %rbx +- subq %rax, %rbx +- movl %ebx, 2(%ebx) +- movl %ebx, (%rsp) + + leaq __efi64_thunk(%rip), %rbx + subq %rax, %rbx +@@ -52,14 +61,92 @@ ENTRY(efi64_thunk) + retq + ENDPROC(efi64_thunk) + +- .data +-efi_gdt32: +- .word efi_gdt32_end - efi_gdt32 +- .long 0 /* Filled out above */ +- .word 0 +- .quad 0x0000000000000000 /* NULL descriptor */ +- .quad 0x00cf9a000000ffff /* __KERNEL_CS */ +- .quad 0x00cf93000000ffff /* __KERNEL_DS */ +-efi_gdt32_end: ++/* ++ * We run this function from the 1:1 mapping. ++ * ++ * This function must be invoked with a 1:1 mapped stack. ++ */ ++ENTRY(__efi64_thunk) ++ movl %ds, %eax ++ push %rax ++ movl %es, %eax ++ push %rax ++ movl %ss, %eax ++ push %rax ++ ++ subq $32, %rsp ++ movl %esi, 0x0(%rsp) ++ movl %edx, 0x4(%rsp) ++ movl %ecx, 0x8(%rsp) ++ movq %r8, %rsi ++ movl %esi, 0xc(%rsp) ++ movq %r9, %rsi ++ movl %esi, 0x10(%rsp) ++ ++ leaq 1f(%rip), %rbx ++ movq %rbx, func_rt_ptr(%rip) ++ ++ /* Switch to 32-bit descriptor */ ++ pushq $__KERNEL32_CS ++ leaq efi_enter32(%rip), %rax ++ pushq %rax ++ lretq ++ ++1: addq $32, %rsp ++ ++ pop %rbx ++ movl %ebx, %ss ++ pop %rbx ++ movl %ebx, %es ++ pop %rbx ++ movl %ebx, %ds + ++ /* ++ * Convert 32-bit status code into 64-bit. ++ */ ++ test %rax, %rax ++ jz 1f ++ movl %eax, %ecx ++ andl $0x0fffffff, %ecx ++ andl $0xf0000000, %eax ++ shl $32, %rax ++ or %rcx, %rax ++1: ++ ret ++ENDPROC(__efi64_thunk) ++ ++ENTRY(efi_exit32) ++ movq func_rt_ptr(%rip), %rax ++ push %rax ++ mov %rdi, %rax ++ ret ++ENDPROC(efi_exit32) ++ ++ .code32 ++/* ++ * EFI service pointer must be in %edi. ++ * ++ * The stack should represent the 32-bit calling convention. ++ */ ++ENTRY(efi_enter32) ++ movl $__KERNEL_DS, %eax ++ movl %eax, %ds ++ movl %eax, %es ++ movl %eax, %ss ++ ++ call *%edi ++ ++ /* We must preserve return value */ ++ movl %eax, %edi ++ ++ movl 72(%esp), %eax ++ pushl $__KERNEL_CS ++ pushl %eax ++ ++ lret ++ENDPROC(efi_enter32) ++ ++ .data ++ .balign 8 ++func_rt_ptr: .quad 0 + efi_saved_sp: .quad 0 +diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c +index ff18dab..702ae29 100644 +--- a/block/blk-mq-tag.c ++++ b/block/blk-mq-tag.c +@@ -500,6 +500,7 @@ static int bt_alloc(struct blk_mq_bitmap_tags *bt, unsigned int depth, + bt->bs = kzalloc(BT_WAIT_QUEUES * sizeof(*bt->bs), GFP_KERNEL); + if (!bt->bs) { + kfree(bt->map); ++ bt->map = NULL; + return -ENOMEM; + } + +diff --git a/block/blk-throttle.c b/block/blk-throttle.c +index 9273d09..5b9c6d5 100644 +--- a/block/blk-throttle.c ++++ b/block/blk-throttle.c +@@ -1292,6 +1292,9 @@ static u64 tg_prfill_cpu_rwstat(struct seq_file *sf, + struct blkg_rwstat rwstat = { }, tmp; + int i, cpu; + ++ if (tg->stats_cpu == NULL) ++ return 0; ++ + for_each_possible_cpu(cpu) { + struct tg_stats_cpu *sc = per_cpu_ptr(tg->stats_cpu, cpu); + +diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c +index 6f2751d..5da8e6e 100644 +--- a/block/cfq-iosched.c ++++ b/block/cfq-iosched.c +@@ -3590,6 +3590,11 @@ retry: + + blkcg = bio_blkcg(bio); + cfqg = cfq_lookup_create_cfqg(cfqd, blkcg); ++ if (!cfqg) { ++ cfqq = &cfqd->oom_cfqq; ++ goto out; ++ } ++ + cfqq = cic_to_cfqq(cic, is_sync); + + /* +@@ -3626,7 +3631,7 @@ retry: + } else + cfqq = &cfqd->oom_cfqq; + } +- ++out: + if (new_cfqq) + kmem_cache_free(cfq_pool, new_cfqq); + +@@ -3656,12 +3661,17 @@ static struct cfq_queue * + cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic, + struct bio *bio, gfp_t gfp_mask) + { +- const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio); +- const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio); ++ int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio); ++ int ioprio = IOPRIO_PRIO_DATA(cic->ioprio); + struct cfq_queue **async_cfqq = NULL; + struct cfq_queue *cfqq = NULL; + + if (!is_sync) { ++ if (!ioprio_valid(cic->ioprio)) { ++ struct task_struct *tsk = current; ++ ioprio = task_nice_ioprio(tsk); ++ ioprio_class = task_nice_ioclass(tsk); ++ } + async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio); + cfqq = *async_cfqq; + } +diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c +index 93d1606..41e9c19 100644 +--- a/drivers/acpi/acpi_lpss.c ++++ b/drivers/acpi/acpi_lpss.c +@@ -105,7 +105,7 @@ static void lpss_uart_setup(struct lpss_private_data *pdata) + } + } + +-static void byt_i2c_setup(struct lpss_private_data *pdata) ++static void lpss_deassert_reset(struct lpss_private_data *pdata) + { + unsigned int offset; + u32 val; +@@ -114,9 +114,18 @@ static void byt_i2c_setup(struct lpss_private_data *pdata) + val = readl(pdata->mmio_base + offset); + val |= LPSS_RESETS_RESET_APB | LPSS_RESETS_RESET_FUNC; + writel(val, pdata->mmio_base + offset); ++} ++ ++#define LPSS_I2C_ENABLE 0x6c ++ ++static void byt_i2c_setup(struct lpss_private_data *pdata) ++{ ++ lpss_deassert_reset(pdata); + + if (readl(pdata->mmio_base + pdata->dev_desc->prv_offset)) + pdata->fixed_clk_rate = 133000000; ++ ++ writel(0, pdata->mmio_base + LPSS_I2C_ENABLE); + } + + static struct lpss_device_desc lpt_dev_desc = { +@@ -166,6 +175,12 @@ static struct lpss_device_desc byt_i2c_dev_desc = { + .setup = byt_i2c_setup, + }; + ++static struct lpss_device_desc bsw_spi_dev_desc = { ++ .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_SAVE_CTX, ++ .prv_offset = 0x400, ++ .setup = lpss_deassert_reset, ++}; ++ + #else + + #define LPSS_ADDR(desc) (0UL) +@@ -198,7 +213,7 @@ static const struct acpi_device_id acpi_lpss_device_ids[] = { + /* Braswell LPSS devices */ + { "80862288", LPSS_ADDR(byt_pwm_dev_desc) }, + { "8086228A", LPSS_ADDR(byt_uart_dev_desc) }, +- { "8086228E", LPSS_ADDR(byt_spi_dev_desc) }, ++ { "8086228E", LPSS_ADDR(bsw_spi_dev_desc) }, + { "808622C1", LPSS_ADDR(byt_i2c_dev_desc) }, + + { "INT3430", LPSS_ADDR(lpt_dev_desc) }, +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c +index 086240c..fe1678c 100644 +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -106,6 +106,7 @@ static const struct usb_device_id ath3k_table[] = { + { USB_DEVICE(0x13d3, 0x3393) }, + { USB_DEVICE(0x13d3, 0x3402) }, + { USB_DEVICE(0x13d3, 0x3408) }, ++ { USB_DEVICE(0x13d3, 0x3423) }, + { USB_DEVICE(0x13d3, 0x3432) }, + + /* Atheros AR5BBU12 with sflash firmware */ +@@ -158,6 +159,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { + { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU22 with sflash firmware */ +@@ -170,6 +172,8 @@ static const struct usb_device_id ath3k_blist_tbl[] = { + #define USB_REQ_DFU_DNLOAD 1 + #define BULK_SIZE 4096 + #define FW_HDR_SIZE 20 ++#define TIMEGAP_USEC_MIN 50 ++#define TIMEGAP_USEC_MAX 100 + + static int ath3k_load_firmware(struct usb_device *udev, + const struct firmware *firmware) +@@ -201,6 +205,9 @@ static int ath3k_load_firmware(struct usb_device *udev, + pipe = usb_sndbulkpipe(udev, 0x02); + + while (count) { ++ /* workaround the compatibility issue with xHCI controller*/ ++ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX); ++ + size = min_t(uint, count, BULK_SIZE); + memcpy(send_buf, firmware->data + sent, size); + +@@ -298,6 +305,9 @@ static int ath3k_load_fwfile(struct usb_device *udev, + pipe = usb_sndbulkpipe(udev, 0x02); + + while (count) { ++ /* workaround the compatibility issue with xHCI controller*/ ++ usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX); ++ + size = min_t(uint, count, BULK_SIZE); + memcpy(send_buf, firmware->data + sent, size); + +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index 091c813..f0e2f72 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -107,15 +107,23 @@ static const struct usb_device_id btusb_table[] = { + { USB_DEVICE(0x0b05, 0x17cb) }, + { USB_DEVICE(0x413c, 0x8197) }, + ++ /* Broadcom BCM20702B0 (Dynex/Insignia) */ ++ { USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM }, ++ + /* Foxconn - Hon Hai */ + { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, + ++ /* Lite-On Technology - Broadcom based */ ++ { USB_VENDOR_AND_INTERFACE_INFO(0x04ca, 0xff, 0x01, 0x01), ++ .driver_info = BTUSB_BCM_PATCHRAM }, ++ + /* Broadcom devices with vendor specific id */ + { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), + .driver_info = BTUSB_BCM_PATCHRAM }, + + /* ASUSTek Computer - Broadcom based */ +- { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01), ++ .driver_info = BTUSB_BCM_PATCHRAM }, + + /* Belkin F8065bf - Broadcom based */ + { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, +@@ -183,6 +191,7 @@ static const struct usb_device_id blacklist_table[] = { + { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU12 with sflash firmware */ +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 04645c0..9cd6968 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -569,19 +569,19 @@ static void fast_mix(struct fast_pool *f) + __u32 c = f->pool[2], d = f->pool[3]; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + f->pool[0] = a; f->pool[1] = b; +diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c +index 6af1700..cfb9089 100644 +--- a/drivers/char/tpm/tpm-interface.c ++++ b/drivers/char/tpm/tpm-interface.c +@@ -1122,7 +1122,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, + + /* Make chip available */ + spin_lock(&driver_lock); +- list_add_rcu(&chip->list, &tpm_chip_list); ++ list_add_tail_rcu(&chip->list, &tpm_chip_list); + spin_unlock(&driver_lock); + + return chip; +diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c +index 7727292..503a85a 100644 +--- a/drivers/char/tpm/tpm_i2c_atmel.c ++++ b/drivers/char/tpm/tpm_i2c_atmel.c +@@ -168,6 +168,10 @@ static int i2c_atmel_probe(struct i2c_client *client, + + chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data), + GFP_KERNEL); ++ if (!chip->vendor.priv) { ++ rc = -ENOMEM; ++ goto out_err; ++ } + + /* Default timeouts */ + chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT); +diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c +index 7b158ef..23c7b13 100644 +--- a/drivers/char/tpm/tpm_i2c_nuvoton.c ++++ b/drivers/char/tpm/tpm_i2c_nuvoton.c +@@ -538,6 +538,11 @@ static int i2c_nuvoton_probe(struct i2c_client *client, + + chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data), + GFP_KERNEL); ++ if (!chip->vendor.priv) { ++ rc = -ENOMEM; ++ goto out_err; ++ } ++ + init_waitqueue_head(&chip->vendor.read_queue); + init_waitqueue_head(&chip->vendor.int_queue); + +diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c +index 4669e37..7d1c540 100644 +--- a/drivers/char/tpm/tpm_i2c_stm_st33.c ++++ b/drivers/char/tpm/tpm_i2c_stm_st33.c +@@ -487,7 +487,7 @@ static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf, + if (burstcnt < 0) + return burstcnt; + size = min_t(int, len - i - 1, burstcnt); +- ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size); ++ ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + i, size); + if (ret < 0) + goto out_err; + +diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c +index af74c57..eff9d58 100644 +--- a/drivers/char/tpm/tpm_ibmvtpm.c ++++ b/drivers/char/tpm/tpm_ibmvtpm.c +@@ -148,7 +148,8 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count) + crq.len = (u16)count; + crq.data = ibmvtpm->rtce_dma_handle; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, word[0], word[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(word[0]), ++ cpu_to_be64(word[1])); + if (rc != H_SUCCESS) { + dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc); + rc = 0; +@@ -186,7 +187,8 @@ static int ibmvtpm_crq_get_rtce_size(struct ibmvtpm_dev *ibmvtpm) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_GET_RTCE_BUFFER_SIZE; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "ibmvtpm_crq_get_rtce_size failed rc=%d\n", rc); +@@ -212,7 +214,8 @@ static int ibmvtpm_crq_get_version(struct ibmvtpm_dev *ibmvtpm) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_GET_VERSION; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "ibmvtpm_crq_get_version failed rc=%d\n", rc); +@@ -307,6 +310,14 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev) + static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev) + { + struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev); ++ ++ /* ibmvtpm initializes at probe time, so the data we are ++ * asking for may not be set yet. Estimate that 4K required ++ * for TCE-mapped buffer in addition to CRQ. ++ */ ++ if (!ibmvtpm) ++ return CRQ_RES_BUF_SIZE + PAGE_SIZE; ++ + return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size; + } + +@@ -327,7 +338,8 @@ static int tpm_ibmvtpm_suspend(struct device *dev) + crq.valid = (u8)IBMVTPM_VALID_CMD; + crq.msg = (u8)VTPM_PREPARE_TO_SUSPEND; + +- rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]); ++ rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]), ++ cpu_to_be64(buf[1])); + if (rc != H_SUCCESS) + dev_err(ibmvtpm->dev, + "tpm_ibmvtpm_suspend failed rc=%d\n", rc); +@@ -472,11 +484,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq, + case IBMVTPM_VALID_CMD: + switch (crq->msg) { + case VTPM_GET_RTCE_BUFFER_SIZE_RES: +- if (crq->len <= 0) { ++ if (be16_to_cpu(crq->len) <= 0) { + dev_err(ibmvtpm->dev, "Invalid rtce size\n"); + return; + } +- ibmvtpm->rtce_size = crq->len; ++ ibmvtpm->rtce_size = be16_to_cpu(crq->len); + ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size, + GFP_KERNEL); + if (!ibmvtpm->rtce_buf) { +@@ -497,11 +509,11 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq, + + return; + case VTPM_GET_VERSION_RES: +- ibmvtpm->vtpm_version = crq->data; ++ ibmvtpm->vtpm_version = be32_to_cpu(crq->data); + return; + case VTPM_TPM_COMMAND_RES: + /* len of the data in rtce buffer */ +- ibmvtpm->res_len = crq->len; ++ ibmvtpm->res_len = be16_to_cpu(crq->len); + wake_up_interruptible(&ibmvtpm->wq); + return; + default: +diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c +index 2c46734..51350cd 100644 +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -75,6 +75,10 @@ enum tis_defaults { + #define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) + #define TPM_RID(l) (0x0F04 | ((l) << 12)) + ++struct priv_data { ++ bool irq_tested; ++}; ++ + static LIST_HEAD(tis_chips); + static DEFINE_MUTEX(tis_lock); + +@@ -338,12 +342,27 @@ out_err: + return rc; + } + ++static void disable_interrupts(struct tpm_chip *chip) ++{ ++ u32 intmask; ++ ++ intmask = ++ ioread32(chip->vendor.iobase + ++ TPM_INT_ENABLE(chip->vendor.locality)); ++ intmask &= ~TPM_GLOBAL_INT_ENABLE; ++ iowrite32(intmask, ++ chip->vendor.iobase + ++ TPM_INT_ENABLE(chip->vendor.locality)); ++ free_irq(chip->vendor.irq, chip); ++ chip->vendor.irq = 0; ++} ++ + /* + * If interrupts are used (signaled by an irq set in the vendor structure) + * tpm.c can skip polling for the data to be available as the interrupt is + * waited for here + */ +-static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) ++static int tpm_tis_send_main(struct tpm_chip *chip, u8 *buf, size_t len) + { + int rc; + u32 ordinal; +@@ -373,6 +392,30 @@ out_err: + return rc; + } + ++static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) ++{ ++ int rc, irq; ++ struct priv_data *priv = chip->vendor.priv; ++ ++ if (!chip->vendor.irq || priv->irq_tested) ++ return tpm_tis_send_main(chip, buf, len); ++ ++ /* Verify receipt of the expected IRQ */ ++ irq = chip->vendor.irq; ++ chip->vendor.irq = 0; ++ rc = tpm_tis_send_main(chip, buf, len); ++ chip->vendor.irq = irq; ++ if (!priv->irq_tested) ++ msleep(1); ++ if (!priv->irq_tested) { ++ disable_interrupts(chip); ++ dev_err(chip->dev, ++ FW_BUG "TPM interrupt not working, polling instead\n"); ++ } ++ priv->irq_tested = true; ++ return rc; ++} ++ + struct tis_vendor_timeout_override { + u32 did_vid; + unsigned long timeout_us[4]; +@@ -505,6 +548,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id) + if (interrupt == 0) + return IRQ_NONE; + ++ ((struct priv_data *)chip->vendor.priv)->irq_tested = true; + if (interrupt & TPM_INTF_DATA_AVAIL_INT) + wake_up_interruptible(&chip->vendor.read_queue); + if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT) +@@ -534,9 +578,14 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + u32 vendor, intfcaps, intmask; + int rc, i, irq_s, irq_e, probe; + struct tpm_chip *chip; ++ struct priv_data *priv; + ++ priv = devm_kzalloc(dev, sizeof(struct priv_data), GFP_KERNEL); ++ if (priv == NULL) ++ return -ENOMEM; + if (!(chip = tpm_register_hardware(dev, &tpm_tis))) + return -ENODEV; ++ chip->vendor.priv = priv; + + chip->vendor.iobase = ioremap(start, len); + if (!chip->vendor.iobase) { +@@ -605,19 +654,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + if (intfcaps & TPM_INTF_DATA_AVAIL_INT) + dev_dbg(dev, "\tData Avail Int Support\n"); + +- /* get the timeouts before testing for irqs */ +- if (tpm_get_timeouts(chip)) { +- dev_err(dev, "Could not get TPM timeouts and durations\n"); +- rc = -ENODEV; +- goto out_err; +- } +- +- if (tpm_do_selftest(chip)) { +- dev_err(dev, "TPM self test failed\n"); +- rc = -ENODEV; +- goto out_err; +- } +- + /* INTERRUPT Setup */ + init_waitqueue_head(&chip->vendor.read_queue); + init_waitqueue_head(&chip->vendor.int_queue); +@@ -719,6 +755,18 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, + } + } + ++ if (tpm_get_timeouts(chip)) { ++ dev_err(dev, "Could not get TPM timeouts and durations\n"); ++ rc = -ENODEV; ++ goto out_err; ++ } ++ ++ if (tpm_do_selftest(chip)) { ++ dev_err(dev, "TPM self test failed\n"); ++ rc = -ENODEV; ++ goto out_err; ++ } ++ + INIT_LIST_HEAD(&chip->vendor.list); + mutex_lock(&tis_lock); + list_add(&chip->vendor.list, &tis_chips); +diff --git a/drivers/clocksource/mtk_timer.c b/drivers/clocksource/mtk_timer.c +index 32a3d25..68ab423 100644 +--- a/drivers/clocksource/mtk_timer.c ++++ b/drivers/clocksource/mtk_timer.c +@@ -224,6 +224,8 @@ static void __init mtk_timer_init(struct device_node *node) + } + rate = clk_get_rate(clk); + ++ mtk_timer_global_reset(evt); ++ + if (request_irq(evt->dev.irq, mtk_timer_interrupt, + IRQF_TIMER | IRQF_IRQPOLL, "mtk_timer", evt)) { + pr_warn("failed to setup irq %d\n", evt->dev.irq); +@@ -232,8 +234,6 @@ static void __init mtk_timer_init(struct device_node *node) + + evt->ticks_per_jiffy = DIV_ROUND_UP(rate, HZ); + +- mtk_timer_global_reset(evt); +- + /* Configure clock source */ + mtk_timer_setup(evt, GPT_CLK_SRC, TIMER_CTRL_OP_FREERUN); + clocksource_mmio_init(evt->gpt_base + TIMER_CNT_REG(GPT_CLK_SRC), +@@ -241,10 +241,11 @@ static void __init mtk_timer_init(struct device_node *node) + + /* Configure clock event */ + mtk_timer_setup(evt, GPT_CLK_EVT, TIMER_CTRL_OP_REPEAT); +- mtk_timer_enable_irq(evt, GPT_CLK_EVT); +- + clockevents_config_and_register(&evt->dev, rate, 0x3, + 0xffffffff); ++ ++ mtk_timer_enable_irq(evt, GPT_CLK_EVT); ++ + return; + + err_clk_disable: +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 4473eba..e3bf702 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1409,9 +1409,10 @@ static int __cpufreq_remove_dev_finish(struct device *dev, + unsigned long flags; + struct cpufreq_policy *policy; + +- read_lock_irqsave(&cpufreq_driver_lock, flags); ++ write_lock_irqsave(&cpufreq_driver_lock, flags); + policy = per_cpu(cpufreq_cpu_data, cpu); +- read_unlock_irqrestore(&cpufreq_driver_lock, flags); ++ per_cpu(cpufreq_cpu_data, cpu) = NULL; ++ write_unlock_irqrestore(&cpufreq_driver_lock, flags); + + if (!policy) { + pr_debug("%s: No cpu_data found\n", __func__); +@@ -1466,7 +1467,6 @@ static int __cpufreq_remove_dev_finish(struct device *dev, + } + } + +- per_cpu(cpufreq_cpu_data, cpu) = NULL; + return 0; + } + +diff --git a/drivers/cpufreq/s3c2416-cpufreq.c b/drivers/cpufreq/s3c2416-cpufreq.c +index 2fd53ea..d6d4257 100644 +--- a/drivers/cpufreq/s3c2416-cpufreq.c ++++ b/drivers/cpufreq/s3c2416-cpufreq.c +@@ -263,7 +263,7 @@ out: + } + + #ifdef CONFIG_ARM_S3C2416_CPUFREQ_VCORESCALE +-static void __init s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq) ++static void s3c2416_cpufreq_cfg_regulator(struct s3c2416_data *s3c_freq) + { + int count, v, i, found; + struct cpufreq_frequency_table *pos; +@@ -333,7 +333,7 @@ static struct notifier_block s3c2416_cpufreq_reboot_notifier = { + .notifier_call = s3c2416_cpufreq_reboot_notifier_evt, + }; + +-static int __init s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy) ++static int s3c2416_cpufreq_driver_init(struct cpufreq_policy *policy) + { + struct s3c2416_data *s3c_freq = &s3c2416_cpufreq; + struct cpufreq_frequency_table *pos; +diff --git a/drivers/cpufreq/s3c24xx-cpufreq.c b/drivers/cpufreq/s3c24xx-cpufreq.c +index d00f1ce..733aa51 100644 +--- a/drivers/cpufreq/s3c24xx-cpufreq.c ++++ b/drivers/cpufreq/s3c24xx-cpufreq.c +@@ -144,11 +144,6 @@ static void s3c_cpufreq_setfvco(struct s3c_cpufreq_config *cfg) + (cfg->info->set_fvco)(cfg); + } + +-static inline void s3c_cpufreq_resume_clocks(void) +-{ +- cpu_cur.info->resume_clocks(); +-} +- + static inline void s3c_cpufreq_updateclk(struct clk *clk, + unsigned int freq) + { +@@ -417,9 +412,6 @@ static int s3c_cpufreq_resume(struct cpufreq_policy *policy) + + last_target = ~0; /* invalidate last_target setting */ + +- /* first, find out what speed we resumed at. */ +- s3c_cpufreq_resume_clocks(); +- + /* whilst we will be called later on, we try and re-set the + * cpu frequencies as soon as possible so that we do not end + * up resuming devices and then immediately having to re-set +@@ -454,7 +446,7 @@ static struct cpufreq_driver s3c24xx_driver = { + }; + + +-int __init s3c_cpufreq_register(struct s3c_cpufreq_info *info) ++int s3c_cpufreq_register(struct s3c_cpufreq_info *info) + { + if (!info || !info->name) { + printk(KERN_ERR "%s: failed to pass valid information\n", +diff --git a/drivers/cpufreq/speedstep-lib.c b/drivers/cpufreq/speedstep-lib.c +index 7047821..4ab7a21 100644 +--- a/drivers/cpufreq/speedstep-lib.c ++++ b/drivers/cpufreq/speedstep-lib.c +@@ -400,6 +400,7 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor, + + pr_debug("previous speed is %u\n", prev_speed); + ++ preempt_disable(); + local_irq_save(flags); + + /* switch to low state */ +@@ -464,6 +465,8 @@ unsigned int speedstep_get_freqs(enum speedstep_processor processor, + + out: + local_irq_restore(flags); ++ preempt_enable(); ++ + return ret; + } + EXPORT_SYMBOL_GPL(speedstep_get_freqs); +diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c +index 5fc96d5..819229e 100644 +--- a/drivers/cpufreq/speedstep-smi.c ++++ b/drivers/cpufreq/speedstep-smi.c +@@ -156,6 +156,7 @@ static void speedstep_set_state(unsigned int state) + return; + + /* Disable IRQs */ ++ preempt_disable(); + local_irq_save(flags); + + command = (smi_sig & 0xffffff00) | (smi_cmd & 0xff); +@@ -166,9 +167,19 @@ static void speedstep_set_state(unsigned int state) + + do { + if (retry) { ++ /* ++ * We need to enable interrupts, otherwise the blockage ++ * won't resolve. ++ * ++ * We disable preemption so that other processes don't ++ * run. If other processes were running, they could ++ * submit more DMA requests, making the blockage worse. ++ */ + pr_debug("retry %u, previous result %u, waiting...\n", + retry, result); ++ local_irq_enable(); + mdelay(retry * 50); ++ local_irq_disable(); + } + retry++; + __asm__ __volatile__( +@@ -185,6 +196,7 @@ static void speedstep_set_state(unsigned int state) + + /* enable IRQs */ + local_irq_restore(flags); ++ preempt_enable(); + + if (new_state == state) + pr_debug("change to %u MHz succeeded after %u tries " +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c +index bbd6514..c7236ba 100644 +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -2039,14 +2039,20 @@ static void __log_bus_error(struct mem_ctl_info *mci, struct err_info *err, + + static inline void decode_bus_error(int node_id, struct mce *m) + { +- struct mem_ctl_info *mci = mcis[node_id]; +- struct amd64_pvt *pvt = mci->pvt_info; ++ struct mem_ctl_info *mci; ++ struct amd64_pvt *pvt; + u8 ecc_type = (m->status >> 45) & 0x3; + u8 xec = XEC(m->status, 0x1f); + u16 ec = EC(m->status); + u64 sys_addr; + struct err_info err; + ++ mci = edac_mc_find(node_id); ++ if (!mci) ++ return; ++ ++ pvt = mci->pvt_info; ++ + /* Bail out early if this was an 'observed' error */ + if (PP(ec) == NBSL_PP_OBS) + return; +diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c +index e9bb1af..3cdaac8 100644 +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -2297,7 +2297,7 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id) + rc = sbridge_get_all_devices(&num_mc, pci_dev_descr_ibridge_table); + type = IVY_BRIDGE; + break; +- case PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_TA: ++ case PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_HA0: + rc = sbridge_get_all_devices(&num_mc, pci_dev_descr_sbridge_table); + type = SANDY_BRIDGE; + break; +@@ -2306,8 +2306,11 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id) + type = HASWELL; + break; + } +- if (unlikely(rc < 0)) ++ if (unlikely(rc < 0)) { ++ edac_dbg(0, "couldn't get all devices for 0x%x\n", pdev->device); + goto fail0; ++ } ++ + mc = 0; + + list_for_each_entry(sbridge_dev, &sbridge_edac_list, list) { +@@ -2320,7 +2323,7 @@ static int sbridge_probe(struct pci_dev *pdev, const struct pci_device_id *id) + goto fail1; + } + +- sbridge_printk(KERN_INFO, "Driver loaded.\n"); ++ sbridge_printk(KERN_INFO, "%s\n", SBRIDGE_REVISION); + + mutex_unlock(&sbridge_edac_lock); + return 0; +diff --git a/drivers/gpio/gpio-tps65912.c b/drivers/gpio/gpio-tps65912.c +index 22052d8..a8c7830 100644 +--- a/drivers/gpio/gpio-tps65912.c ++++ b/drivers/gpio/gpio-tps65912.c +@@ -26,9 +26,12 @@ struct tps65912_gpio_data { + struct gpio_chip gpio_chip; + }; + ++#define to_tgd(gc) container_of(gc, struct tps65912_gpio_data, gpio_chip) ++ + static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + int val; + + val = tps65912_reg_read(tps65912, TPS65912_GPIO1 + offset); +@@ -42,7 +45,8 @@ static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset) + static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset, + int value) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + if (value) + tps65912_set_bits(tps65912, TPS65912_GPIO1 + offset, +@@ -55,7 +59,8 @@ static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset, + static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset, + int value) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + /* Set the initial value */ + tps65912_gpio_set(gc, offset, value); +@@ -66,7 +71,8 @@ static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset, + + static int tps65912_gpio_input(struct gpio_chip *gc, unsigned offset) + { +- struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio); ++ struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc); ++ struct tps65912 *tps65912 = tps65912_gpio->tps65912; + + return tps65912_clear_bits(tps65912, TPS65912_GPIO1 + offset, + GPIO_CFG_MASK); +diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c +index 08261f2..26645a8 100644 +--- a/drivers/gpio/gpiolib-of.c ++++ b/drivers/gpio/gpiolib-of.c +@@ -46,12 +46,13 @@ static int of_gpiochip_find_and_xlate(struct gpio_chip *gc, void *data) + + ret = gc->of_xlate(gc, &gg_data->gpiospec, gg_data->flags); + if (ret < 0) { +- /* We've found the gpio chip, but the translation failed. +- * Return true to stop looking and return the translation +- * error via out_gpio ++ /* We've found a gpio chip, but the translation failed. ++ * Store translation error in out_gpio. ++ * Return false to keep looking, as more than one gpio chip ++ * could be registered per of-node. + */ + gg_data->out_gpio = ERR_PTR(ret); +- return true; ++ return false; + } + + gg_data->out_gpio = gpiochip_get_desc(gc, ret); +diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c +index 80e33e0..6d7c9c5 100644 +--- a/drivers/hid/i2c-hid/i2c-hid.c ++++ b/drivers/hid/i2c-hid/i2c-hid.c +@@ -370,7 +370,10 @@ static int i2c_hid_hwreset(struct i2c_client *client) + static void i2c_hid_get_input(struct i2c_hid *ihid) + { + int ret, ret_size; +- int size = ihid->bufsize; ++ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength); ++ ++ if (size > ihid->bufsize) ++ size = ihid->bufsize; + + ret = i2c_master_recv(ihid->client, ihid->inbuf, size); + if (ret != size) { +diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c +index 40b35be..2f2f38f 100644 +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -560,7 +560,7 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect + if (test_bit(WriteMostly, &rdev->flags)) { + /* Don't balance among write-mostly, just + * use the first as a last resort */ +- if (best_disk < 0) { ++ if (best_dist_disk < 0) { + if (is_badblock(rdev, this_sector, sectors, + &first_bad, &bad_sectors)) { + if (first_bad < this_sector) +@@ -569,7 +569,8 @@ static int read_balance(struct r1conf *conf, struct r1bio *r1_bio, int *max_sect + best_good_sectors = first_bad - this_sector; + } else + best_good_sectors = sectors; +- best_disk = disk; ++ best_dist_disk = disk; ++ best_pending_disk = disk; + } + continue; + } +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index b98765f..8577cc7 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3102,7 +3102,8 @@ static void handle_stripe_dirtying(struct r5conf *conf, + * generate correct data from the parity. + */ + if (conf->max_degraded == 2 || +- (recovery_cp < MaxSector && sh->sector >= recovery_cp)) { ++ (recovery_cp < MaxSector && sh->sector >= recovery_cp && ++ s->failed == 0)) { + /* Calculate the real rcw later - for now make it + * look like rcw is cheaper + */ +diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c +index 1cd93be..64a759c 100644 +--- a/drivers/media/dvb-frontends/si2168.c ++++ b/drivers/media/dvb-frontends/si2168.c +@@ -605,6 +605,8 @@ static const struct dvb_frontend_ops si2168_ops = { + .delsys = {SYS_DVBT, SYS_DVBT2, SYS_DVBC_ANNEX_A}, + .info = { + .name = "Silicon Labs Si2168", ++ .symbol_rate_min = 1000000, ++ .symbol_rate_max = 7200000, + .caps = FE_CAN_FEC_1_2 | + FE_CAN_FEC_2_3 | + FE_CAN_FEC_3_4 | +diff --git a/drivers/media/platform/Kconfig b/drivers/media/platform/Kconfig +index 3aac88f..7362772 100644 +--- a/drivers/media/platform/Kconfig ++++ b/drivers/media/platform/Kconfig +@@ -56,10 +56,8 @@ config VIDEO_VIU + + config VIDEO_TIMBERDALE + tristate "Support for timberdale Video In/LogiWIN" +- depends on VIDEO_V4L2 && I2C && DMADEVICES +- depends on MFD_TIMBERDALE || COMPILE_TEST +- select DMA_ENGINE +- select TIMB_DMA ++ depends on VIDEO_V4L2 && I2C ++ depends on (MFD_TIMBERDALE && TIMB_DMA) || COMPILE_TEST + select VIDEO_ADV7180 + select VIDEOBUF_DMA_CONTIG + ---help--- +diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c +index 8d3b74c..fc369b03 100644 +--- a/drivers/media/rc/rc-main.c ++++ b/drivers/media/rc/rc-main.c +@@ -1021,16 +1021,16 @@ static ssize_t store_protocols(struct device *device, + goto out; + } + +- if (new_protocols == old_protocols) { +- rc = len; +- goto out; ++ if (new_protocols != old_protocols) { ++ *current_protocols = new_protocols; ++ IR_dprintk(1, "Protocols changed to 0x%llx\n", ++ (long long)new_protocols); + } + +- *current_protocols = new_protocols; +- IR_dprintk(1, "Protocols changed to 0x%llx\n", (long long)new_protocols); +- + /* +- * If the protocol is changed the filter needs updating. ++ * If a protocol change was attempted the filter may need updating, even ++ * if the actual protocol mask hasn't changed (since the driver may have ++ * cleared the filter). + * Try setting the same filter with the new protocol (if any). + * Fall back to clearing the filter. + */ +diff --git a/drivers/media/usb/dvb-usb-v2/lmedm04.c b/drivers/media/usb/dvb-usb-v2/lmedm04.c +index 9f2c545..2273ce7 100644 +--- a/drivers/media/usb/dvb-usb-v2/lmedm04.c ++++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c +@@ -344,15 +344,17 @@ static void lme2510_int_response(struct urb *lme_urb) + + usb_submit_urb(lme_urb, GFP_ATOMIC); + +- /* interrupt urb is due every 48 msecs while streaming +- * add 12msecs for system lag */ +- st->int_urb_due = jiffies + msecs_to_jiffies(60); ++ /* Interrupt urb is due every 48 msecs while streaming the buffer ++ * stores up to 4 periods if missed. Allow 200 msec for next interrupt. ++ */ ++ st->int_urb_due = jiffies + msecs_to_jiffies(200); + } + + static int lme2510_int_read(struct dvb_usb_adapter *adap) + { + struct dvb_usb_device *d = adap_to_d(adap); + struct lme2510_state *lme_int = adap_to_priv(adap); ++ struct usb_host_endpoint *ep; + + lme_int->lme_urb = usb_alloc_urb(0, GFP_ATOMIC); + +@@ -374,6 +376,12 @@ static int lme2510_int_read(struct dvb_usb_adapter *adap) + adap, + 8); + ++ /* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */ ++ ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe); ++ ++ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK) ++ lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa), ++ + lme_int->lme_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; + + usb_submit_urb(lme_int->lme_urb, GFP_ATOMIC); +diff --git a/drivers/media/usb/em28xx/em28xx-audio.c b/drivers/media/usb/em28xx/em28xx-audio.c +index 957c7ae..1ead904 100644 +--- a/drivers/media/usb/em28xx/em28xx-audio.c ++++ b/drivers/media/usb/em28xx/em28xx-audio.c +@@ -821,7 +821,7 @@ static int em28xx_audio_urb_init(struct em28xx *dev) + if (urb_size > ep_size * npackets) + npackets = DIV_ROUND_UP(urb_size, ep_size); + +- em28xx_info("Number of URBs: %d, with %d packets and %d size", ++ em28xx_info("Number of URBs: %d, with %d packets and %d size\n", + num_urb, npackets, urb_size); + + /* Estimate the bytes per period */ +@@ -982,7 +982,7 @@ static int em28xx_audio_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing audio extension"); ++ em28xx_info("Closing audio extension\n"); + + if (dev->adev.sndcard) { + snd_card_disconnect(dev->adev.sndcard); +@@ -1006,7 +1006,7 @@ static int em28xx_audio_suspend(struct em28xx *dev) + if (dev->usb_audio_type != EM28XX_USB_AUDIO_VENDOR) + return 0; + +- em28xx_info("Suspending audio extension"); ++ em28xx_info("Suspending audio extension\n"); + em28xx_deinit_isoc_audio(dev); + atomic_set(&dev->adev.stream_started, 0); + return 0; +@@ -1020,7 +1020,7 @@ static int em28xx_audio_resume(struct em28xx *dev) + if (dev->usb_audio_type != EM28XX_USB_AUDIO_VENDOR) + return 0; + +- em28xx_info("Resuming audio extension"); ++ em28xx_info("Resuming audio extension\n"); + /* Nothing to do other than schedule_work() ?? */ + schedule_work(&dev->adev.wq_trigger); + return 0; +diff --git a/drivers/media/usb/em28xx/em28xx-core.c b/drivers/media/usb/em28xx/em28xx-core.c +index 901cf2b..84dd4ae 100644 +--- a/drivers/media/usb/em28xx/em28xx-core.c ++++ b/drivers/media/usb/em28xx/em28xx-core.c +@@ -1122,7 +1122,7 @@ int em28xx_suspend_extension(struct em28xx *dev) + { + const struct em28xx_ops *ops = NULL; + +- em28xx_info("Suspending extensions"); ++ em28xx_info("Suspending extensions\n"); + mutex_lock(&em28xx_devlist_mutex); + list_for_each_entry(ops, &em28xx_extension_devlist, next) { + if (ops->suspend) +@@ -1136,7 +1136,7 @@ int em28xx_resume_extension(struct em28xx *dev) + { + const struct em28xx_ops *ops = NULL; + +- em28xx_info("Resuming extensions"); ++ em28xx_info("Resuming extensions\n"); + mutex_lock(&em28xx_devlist_mutex); + list_for_each_entry(ops, &em28xx_extension_devlist, next) { + if (ops->resume) +diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c +index 9682c52..41a6864 100644 +--- a/drivers/media/usb/em28xx/em28xx-dvb.c ++++ b/drivers/media/usb/em28xx/em28xx-dvb.c +@@ -1667,7 +1667,7 @@ static int em28xx_dvb_fini(struct em28xx *dev) + if (!dev->dvb) + return 0; + +- em28xx_info("Closing DVB extension"); ++ em28xx_info("Closing DVB extension\n"); + + dvb = dev->dvb; + client = dvb->i2c_client_tuner; +@@ -1718,17 +1718,17 @@ static int em28xx_dvb_suspend(struct em28xx *dev) + if (!dev->board.has_dvb) + return 0; + +- em28xx_info("Suspending DVB extension"); ++ em28xx_info("Suspending DVB extension\n"); + if (dev->dvb) { + struct em28xx_dvb *dvb = dev->dvb; + + if (dvb->fe[0]) { + ret = dvb_frontend_suspend(dvb->fe[0]); +- em28xx_info("fe0 suspend %d", ret); ++ em28xx_info("fe0 suspend %d\n", ret); + } + if (dvb->fe[1]) { + dvb_frontend_suspend(dvb->fe[1]); +- em28xx_info("fe1 suspend %d", ret); ++ em28xx_info("fe1 suspend %d\n", ret); + } + } + +@@ -1745,18 +1745,18 @@ static int em28xx_dvb_resume(struct em28xx *dev) + if (!dev->board.has_dvb) + return 0; + +- em28xx_info("Resuming DVB extension"); ++ em28xx_info("Resuming DVB extension\n"); + if (dev->dvb) { + struct em28xx_dvb *dvb = dev->dvb; + + if (dvb->fe[0]) { + ret = dvb_frontend_resume(dvb->fe[0]); +- em28xx_info("fe0 resume %d", ret); ++ em28xx_info("fe0 resume %d\n", ret); + } + + if (dvb->fe[1]) { + ret = dvb_frontend_resume(dvb->fe[1]); +- em28xx_info("fe1 resume %d", ret); ++ em28xx_info("fe1 resume %d\n", ret); + } + } + +diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c +index 23f8f6a..b31e275 100644 +--- a/drivers/media/usb/em28xx/em28xx-input.c ++++ b/drivers/media/usb/em28xx/em28xx-input.c +@@ -833,7 +833,7 @@ static int em28xx_ir_fini(struct em28xx *dev) + return 0; + } + +- em28xx_info("Closing input extension"); ++ em28xx_info("Closing input extension\n"); + + em28xx_shutdown_buttons(dev); + +@@ -863,7 +863,7 @@ static int em28xx_ir_suspend(struct em28xx *dev) + if (dev->is_audio_only) + return 0; + +- em28xx_info("Suspending input extension"); ++ em28xx_info("Suspending input extension\n"); + if (ir) + cancel_delayed_work_sync(&ir->work); + cancel_delayed_work_sync(&dev->buttons_query_work); +@@ -880,7 +880,7 @@ static int em28xx_ir_resume(struct em28xx *dev) + if (dev->is_audio_only) + return 0; + +- em28xx_info("Resuming input extension"); ++ em28xx_info("Resuming input extension\n"); + /* if suspend calls ir_raw_event_unregister(), the should call + ir_raw_event_register() */ + if (ir) +diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c +index 03d5ece..e0f4be8 100644 +--- a/drivers/media/usb/em28xx/em28xx-video.c ++++ b/drivers/media/usb/em28xx/em28xx-video.c +@@ -1956,7 +1956,7 @@ static int em28xx_v4l2_fini(struct em28xx *dev) + if (v4l2 == NULL) + return 0; + +- em28xx_info("Closing video extension"); ++ em28xx_info("Closing video extension\n"); + + mutex_lock(&dev->lock); + +@@ -2005,7 +2005,7 @@ static int em28xx_v4l2_suspend(struct em28xx *dev) + if (!dev->has_video) + return 0; + +- em28xx_info("Suspending video extension"); ++ em28xx_info("Suspending video extension\n"); + em28xx_stop_urbs(dev); + return 0; + } +@@ -2018,7 +2018,7 @@ static int em28xx_v4l2_resume(struct em28xx *dev) + if (!dev->has_video) + return 0; + +- em28xx_info("Resuming video extension"); ++ em28xx_info("Resuming video extension\n"); + /* what do we do here */ + return 0; + } +diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c +index 432aec8..350a28a 100644 +--- a/drivers/misc/mei/hw-me.c ++++ b/drivers/misc/mei/hw-me.c +@@ -242,7 +242,7 @@ static int mei_me_hw_reset(struct mei_device *dev, bool intr_enable) + if ((hcsr & H_RST) == H_RST) { + dev_warn(dev->dev, "H_RST is set = 0x%08X", hcsr); + hcsr &= ~H_RST; +- mei_me_reg_write(hw, H_CSR, hcsr); ++ mei_hcsr_set(hw, hcsr); + hcsr = mei_hcsr_read(hw); + } + +@@ -335,6 +335,7 @@ static int mei_me_hw_ready_wait(struct mei_device *dev) + return -ETIME; + } + ++ mei_me_hw_reset_release(dev); + dev->recvd_hw_ready = false; + return 0; + } +@@ -729,9 +730,7 @@ irqreturn_t mei_me_irq_thread_handler(int irq, void *dev_id) + /* check if we need to start the dev */ + if (!mei_host_is_ready(dev)) { + if (mei_hw_is_ready(dev)) { +- mei_me_hw_reset_release(dev); + dev_dbg(dev->dev, "we need to start the dev.\n"); +- + dev->recvd_hw_ready = true; + wake_up(&dev->wait_hw_ready); + } else { +diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c +index 5036d7d..38251da 100644 +--- a/drivers/mmc/host/sdhci-pxav3.c ++++ b/drivers/mmc/host/sdhci-pxav3.c +@@ -112,6 +112,38 @@ static int mv_conf_mbus_windows(struct platform_device *pdev, + return 0; + } + ++static int armada_38x_quirks(struct platform_device *pdev, ++ struct sdhci_host *host) ++{ ++ struct device_node *np = pdev->dev.of_node; ++ ++ host->quirks |= SDHCI_QUIRK_MISSING_CAPS; ++ /* ++ * According to erratum 'FE-2946959' both SDR50 and DDR50 ++ * modes require specific clock adjustments in SDIO3 ++ * Configuration register, if the adjustment is not done, ++ * remove them from the capabilities. ++ */ ++ host->caps1 = sdhci_readl(host, SDHCI_CAPABILITIES_1); ++ host->caps1 &= ~(SDHCI_SUPPORT_SDR50 | SDHCI_SUPPORT_DDR50); ++ ++ /* ++ * According to erratum 'ERR-7878951' Armada 38x SDHCI ++ * controller has different capabilities than the ones shown ++ * in its registers ++ */ ++ host->caps = sdhci_readl(host, SDHCI_CAPABILITIES); ++ if (of_property_read_bool(np, "no-1-8-v")) { ++ host->caps &= ~SDHCI_CAN_VDD_180; ++ host->mmc->caps &= ~MMC_CAP_1_8V_DDR; ++ } else { ++ host->caps &= ~SDHCI_CAN_VDD_330; ++ } ++ host->caps1 &= ~(SDHCI_SUPPORT_SDR104 | SDHCI_USE_SDR50_TUNING); ++ ++ return 0; ++} ++ + static void pxav3_reset(struct sdhci_host *host, u8 mask) + { + struct platform_device *pdev = to_platform_device(mmc_dev(host->mmc)); +@@ -261,8 +293,8 @@ static struct sdhci_pxa_platdata *pxav3_get_mmc_pdata(struct device *dev) + if (!pdata) + return NULL; + +- of_property_read_u32(np, "mrvl,clk-delay-cycles", &clk_delay_cycles); +- if (clk_delay_cycles > 0) ++ if (!of_property_read_u32(np, "mrvl,clk-delay-cycles", ++ &clk_delay_cycles)) + pdata->clk_delay_cycles = clk_delay_cycles; + + return pdata; +@@ -295,7 +327,13 @@ static int sdhci_pxav3_probe(struct platform_device *pdev) + if (IS_ERR(host)) + return PTR_ERR(host); + ++ /* enable 1/8V DDR capable */ ++ host->mmc->caps |= MMC_CAP_1_8V_DDR; ++ + if (of_device_is_compatible(np, "marvell,armada-380-sdhci")) { ++ ret = armada_38x_quirks(pdev, host); ++ if (ret < 0) ++ goto err_clk_get; + ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info()); + if (ret < 0) + goto err_mbus_win; +@@ -314,9 +352,6 @@ static int sdhci_pxav3_probe(struct platform_device *pdev) + pltfm_host->clk = clk; + clk_prepare_enable(clk); + +- /* enable 1/8V DDR capable */ +- host->mmc->caps |= MMC_CAP_1_8V_DDR; +- + match = of_match_device(of_match_ptr(sdhci_pxav3_of_match), &pdev->dev); + if (match) { + ret = mmc_of_parse(host->mmc); +@@ -355,10 +390,11 @@ static int sdhci_pxav3_probe(struct platform_device *pdev) + } + } + +- pm_runtime_enable(&pdev->dev); +- pm_runtime_get_sync(&pdev->dev); ++ pm_runtime_get_noresume(&pdev->dev); ++ pm_runtime_set_active(&pdev->dev); + pm_runtime_set_autosuspend_delay(&pdev->dev, PXAV3_RPM_DELAY_MS); + pm_runtime_use_autosuspend(&pdev->dev); ++ pm_runtime_enable(&pdev->dev); + pm_suspend_ignore_children(&pdev->dev, 1); + + ret = sdhci_add_host(host); +@@ -381,8 +417,8 @@ static int sdhci_pxav3_probe(struct platform_device *pdev) + return 0; + + err_add_host: +- pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); ++ pm_runtime_put_noidle(&pdev->dev); + err_of_parse: + err_cd_req: + clk_disable_unprepare(clk); +diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +index b6d2683..f71c22f 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c ++++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +@@ -668,9 +668,6 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac, + mvmvif->uploaded = false; + mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT; + +- /* does this make sense at all? */ +- mvmvif->color++; +- + spin_lock_bh(&mvm->time_event_lock); + iwl_mvm_te_clear_data(mvm, &mvmvif->time_event_data); + spin_unlock_bh(&mvm->time_event_lock); +@@ -1014,7 +1011,7 @@ static int iwl_mvm_mac_add_interface(struct ieee80211_hw *hw, + + ret = iwl_mvm_power_update_mac(mvm); + if (ret) +- goto out_release; ++ goto out_remove_mac; + + /* beacon filtering */ + ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0); +diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c +index c6a517c..5928c9d 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/tx.c ++++ b/drivers/net/wireless/iwlwifi/mvm/tx.c +@@ -902,6 +902,11 @@ int iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb, + sta_id = ba_notif->sta_id; + tid = ba_notif->tid; + ++ if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT || ++ tid >= IWL_MAX_TID_COUNT, ++ "sta_id %d tid %d", sta_id, tid)) ++ return 0; ++ + rcu_read_lock(); + + sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); +diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c +index eb8e298..62ea2b5 100644 +--- a/drivers/net/wireless/iwlwifi/pcie/tx.c ++++ b/drivers/net/wireless/iwlwifi/pcie/tx.c +@@ -722,7 +722,12 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans) + iwl_write_direct32(trans, FH_KW_MEM_ADDR_REG, + trans_pcie->kw.dma >> 4); + +- iwl_pcie_tx_start(trans, trans_pcie->scd_base_addr); ++ /* ++ * Send 0 as the scd_base_addr since the device may have be reset ++ * while we were in WoWLAN in which case SCD_SRAM_BASE_ADDR will ++ * contain garbage. ++ */ ++ iwl_pcie_tx_start(trans, 0); + } + + /* +diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c +index c70efb9..e25faac 100644 +--- a/drivers/net/wireless/rtlwifi/pci.c ++++ b/drivers/net/wireless/rtlwifi/pci.c +@@ -816,11 +816,8 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw) + + /* get a new skb - if fail, old one will be reused */ + new_skb = dev_alloc_skb(rtlpci->rxbuffersize); +- if (unlikely(!new_skb)) { +- pr_err("Allocation of new skb failed in %s\n", +- __func__); ++ if (unlikely(!new_skb)) + goto no_new; +- } + if (rtlpriv->use_new_trx_flow) { + buffer_desc = + &rtlpci->rx_ring[rxring_idx].buffer_desc +diff --git a/drivers/net/wireless/rtlwifi/pci.h b/drivers/net/wireless/rtlwifi/pci.h +index 5e83230..d4567d1 100644 +--- a/drivers/net/wireless/rtlwifi/pci.h ++++ b/drivers/net/wireless/rtlwifi/pci.h +@@ -325,4 +325,11 @@ static inline void pci_write32_async(struct rtl_priv *rtlpriv, + writel(val, (u8 __iomem *) rtlpriv->io.pci_mem_start + addr); + } + ++static inline u16 calc_fifo_space(u16 rp, u16 wp) ++{ ++ if (rp <= wp) ++ return RTL_PCI_MAX_RX_COUNT - 1 + rp - wp; ++ return rp - wp - 1; ++} ++ + #endif +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c +index 45c128b..c5d4b80 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/fw.c +@@ -666,7 +666,6 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) + struct sk_buff *skb = NULL; + + u32 totalpacketlen; +- bool rtstatus; + u8 u1rsvdpageloc[5] = { 0 }; + bool b_dlok = false; + +@@ -728,10 +727,7 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) + memcpy((u8 *)skb_put(skb, totalpacketlen), + &reserved_page_packet, totalpacketlen); + +- rtstatus = rtl_cmd_send_packet(hw, skb); +- +- if (rtstatus) +- b_dlok = true; ++ b_dlok = true; + + if (b_dlok) { + RT_TRACE(rtlpriv, COMP_POWER, DBG_LOUD , +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c +index 1a87edc..b461b31 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/hw.c +@@ -85,29 +85,6 @@ static void _rtl92ee_enable_bcn_sub_func(struct ieee80211_hw *hw) + _rtl92ee_set_bcn_ctrl_reg(hw, 0, BIT(1)); + } + +-static void _rtl92ee_return_beacon_queue_skb(struct ieee80211_hw *hw) +-{ +- struct rtl_priv *rtlpriv = rtl_priv(hw); +- struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); +- struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[BEACON_QUEUE]; +- unsigned long flags; +- +- spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags); +- while (skb_queue_len(&ring->queue)) { +- struct rtl_tx_buffer_desc *entry = +- &ring->buffer_desc[ring->idx]; +- struct sk_buff *skb = __skb_dequeue(&ring->queue); +- +- pci_unmap_single(rtlpci->pdev, +- rtlpriv->cfg->ops->get_desc( +- (u8 *)entry, true, HW_DESC_TXBUFF_ADDR), +- skb->len, PCI_DMA_TODEVICE); +- kfree_skb(skb); +- ring->idx = (ring->idx + 1) % ring->entries; +- } +- spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock, flags); +-} +- + static void _rtl92ee_disable_bcn_sub_func(struct ieee80211_hw *hw) + { + _rtl92ee_set_bcn_ctrl_reg(hw, BIT(1), 0); +@@ -403,9 +380,6 @@ static void _rtl92ee_download_rsvd_page(struct ieee80211_hw *hw) + rtl_write_byte(rtlpriv, REG_DWBCN0_CTRL + 2, + bcnvalid_reg | BIT(0)); + +- /* Return Beacon TCB */ +- _rtl92ee_return_beacon_queue_skb(hw); +- + /* download rsvd page */ + rtl92ee_set_fw_rsvdpagepkt(hw, false); + +@@ -1163,6 +1137,139 @@ void rtl92ee_enable_hw_security_config(struct ieee80211_hw *hw) + rtlpriv->cfg->ops->set_hw_reg(hw, HW_VAR_WPA_CONFIG, &sec_reg_value); + } + ++static bool _rtl8192ee_check_pcie_dma_hang(struct rtl_priv *rtlpriv) ++{ ++ u8 tmp; ++ ++ /* write reg 0x350 Bit[26]=1. Enable debug port. */ ++ tmp = rtl_read_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3); ++ if (!(tmp & BIT(2))) { ++ rtl_write_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3, ++ tmp | BIT(2)); ++ mdelay(100); /* Suggested by DD Justin_tsai. */ ++ } ++ ++ /* read reg 0x350 Bit[25] if 1 : RX hang ++ * read reg 0x350 Bit[24] if 1 : TX hang ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_BACKDOOR_DBI_DATA + 3); ++ if ((tmp & BIT(0)) || (tmp & BIT(1))) { ++ RT_TRACE(rtlpriv, COMP_INIT, DBG_LOUD, ++ "CheckPcieDMAHang8192EE(): true!!\n"); ++ return true; ++ } ++ return false; ++} ++ ++static void _rtl8192ee_reset_pcie_interface_dma(struct rtl_priv *rtlpriv, ++ bool mac_power_on) ++{ ++ u8 tmp; ++ bool release_mac_rx_pause; ++ u8 backup_pcie_dma_pause; ++ ++ RT_TRACE(rtlpriv, COMP_INIT, DBG_LOUD, ++ "ResetPcieInterfaceDMA8192EE()\n"); ++ ++ /* Revise Note: Follow the document "PCIe RX DMA Hang Reset Flow_v03" ++ * released by SD1 Alan. ++ */ ++ ++ /* 1. disable register write lock ++ * write 0x1C bit[1:0] = 2'h0 ++ * write 0xCC bit[2] = 1'b1 ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_RSV_CTRL); ++ tmp &= ~(BIT(1) | BIT(0)); ++ rtl_write_byte(rtlpriv, REG_RSV_CTRL, tmp); ++ tmp = rtl_read_byte(rtlpriv, REG_PMC_DBG_CTRL2); ++ tmp |= BIT(2); ++ rtl_write_byte(rtlpriv, REG_PMC_DBG_CTRL2, tmp); ++ ++ /* 2. Check and pause TRX DMA ++ * write 0x284 bit[18] = 1'b1 ++ * write 0x301 = 0xFF ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_RXDMA_CONTROL); ++ if (tmp & BIT(2)) { ++ /* Already pause before the function for another reason. */ ++ release_mac_rx_pause = false; ++ } else { ++ rtl_write_byte(rtlpriv, REG_RXDMA_CONTROL, (tmp | BIT(2))); ++ release_mac_rx_pause = true; ++ } ++ ++ backup_pcie_dma_pause = rtl_read_byte(rtlpriv, REG_PCIE_CTRL_REG + 1); ++ if (backup_pcie_dma_pause != 0xFF) ++ rtl_write_byte(rtlpriv, REG_PCIE_CTRL_REG + 1, 0xFF); ++ ++ if (mac_power_on) { ++ /* 3. reset TRX function ++ * write 0x100 = 0x00 ++ */ ++ rtl_write_byte(rtlpriv, REG_CR, 0); ++ } ++ ++ /* 4. Reset PCIe DMA ++ * write 0x003 bit[0] = 0 ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_SYS_FUNC_EN + 1); ++ tmp &= ~(BIT(0)); ++ rtl_write_byte(rtlpriv, REG_SYS_FUNC_EN + 1, tmp); ++ ++ /* 5. Enable PCIe DMA ++ * write 0x003 bit[0] = 1 ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_SYS_FUNC_EN + 1); ++ tmp |= BIT(0); ++ rtl_write_byte(rtlpriv, REG_SYS_FUNC_EN + 1, tmp); ++ ++ if (mac_power_on) { ++ /* 6. enable TRX function ++ * write 0x100 = 0xFF ++ */ ++ rtl_write_byte(rtlpriv, REG_CR, 0xFF); ++ ++ /* We should init LLT & RQPN and ++ * prepare Tx/Rx descrptor address later ++ * because MAC function is reset. ++ */ ++ } ++ ++ /* 7. Restore PCIe autoload down bit ++ * write 0xF8 bit[17] = 1'b1 ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_MAC_PHY_CTRL_NORMAL + 2); ++ tmp |= BIT(1); ++ rtl_write_byte(rtlpriv, REG_MAC_PHY_CTRL_NORMAL + 2, tmp); ++ ++ /* In MAC power on state, BB and RF maybe in ON state, ++ * if we release TRx DMA here ++ * it will cause packets to be started to Tx/Rx, ++ * so we release Tx/Rx DMA later. ++ */ ++ if (!mac_power_on) { ++ /* 8. release TRX DMA ++ * write 0x284 bit[18] = 1'b0 ++ * write 0x301 = 0x00 ++ */ ++ if (release_mac_rx_pause) { ++ tmp = rtl_read_byte(rtlpriv, REG_RXDMA_CONTROL); ++ rtl_write_byte(rtlpriv, REG_RXDMA_CONTROL, ++ (tmp & (~BIT(2)))); ++ } ++ rtl_write_byte(rtlpriv, REG_PCIE_CTRL_REG + 1, ++ backup_pcie_dma_pause); ++ } ++ ++ /* 9. lock system register ++ * write 0xCC bit[2] = 1'b0 ++ */ ++ tmp = rtl_read_byte(rtlpriv, REG_PMC_DBG_CTRL2); ++ tmp &= ~(BIT(2)); ++ rtl_write_byte(rtlpriv, REG_PMC_DBG_CTRL2, tmp); ++} ++ + int rtl92ee_hw_init(struct ieee80211_hw *hw) + { + struct rtl_priv *rtlpriv = rtl_priv(hw); +@@ -1188,6 +1295,13 @@ int rtl92ee_hw_init(struct ieee80211_hw *hw) + rtlhal->fw_ps_state = FW_PS_STATE_ALL_ON_92E; + } + ++ if (_rtl8192ee_check_pcie_dma_hang(rtlpriv)) { ++ RT_TRACE(rtlpriv, COMP_INIT, DBG_DMESG, "92ee dma hang!\n"); ++ _rtl8192ee_reset_pcie_interface_dma(rtlpriv, ++ rtlhal->mac_func_enable); ++ rtlhal->mac_func_enable = false; ++ } ++ + rtstatus = _rtl92ee_init_mac(hw); + + rtl_write_byte(rtlpriv, 0x577, 0x03); +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h b/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h +index 3f2a959..1eaa1fa 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/reg.h +@@ -77,9 +77,11 @@ + #define REG_HIMRE 0x00B8 + #define REG_HISRE 0x00BC + ++#define REG_PMC_DBG_CTRL2 0x00CC + #define REG_EFUSE_ACCESS 0x00CF + #define REG_HPON_FSM 0x00EC + #define REG_SYS_CFG1 0x00F0 ++#define REG_MAC_PHY_CTRL_NORMAL 0x00F8 + #define REG_SYS_CFG2 0x00FC + + #define REG_CR 0x0100 +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c +index 2fcbef1..0069004 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c +@@ -512,6 +512,10 @@ bool rtl92ee_rx_query_desc(struct ieee80211_hw *hw, + struct ieee80211_hdr *hdr; + u32 phystatus = GET_RX_DESC_PHYST(pdesc); + ++ if (GET_RX_STATUS_DESC_RPT_SEL(pdesc) == 0) ++ status->packet_report_type = NORMAL_RX; ++ else ++ status->packet_report_type = C2H_PACKET; + status->length = (u16)GET_RX_DESC_PKT_LEN(pdesc); + status->rx_drvinfo_size = (u8)GET_RX_DESC_DRV_INFO_SIZE(pdesc) * + RX_DRV_INFO_SIZE_UNIT; +@@ -654,14 +658,7 @@ u16 rtl92ee_rx_desc_buff_remained_cnt(struct ieee80211_hw *hw, u8 queue_index) + if (!start_rx) + return 0; + +- if ((last_read_point > (RX_DESC_NUM_92E / 2)) && +- (read_point <= (RX_DESC_NUM_92E / 2))) { +- remind_cnt = RX_DESC_NUM_92E - write_point; +- } else { +- remind_cnt = (read_point >= write_point) ? +- (read_point - write_point) : +- (RX_DESC_NUM_92E - write_point + read_point); +- } ++ remind_cnt = calc_fifo_space(read_point, write_point); + + if (remind_cnt == 0) + return 0; +@@ -1207,8 +1204,7 @@ bool rtl92ee_is_tx_desc_closed(struct ieee80211_hw *hw, u8 hw_queue, u16 index) + static u8 stop_report_cnt; + struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue]; + +- /*checking Read/Write Point each interrupt wastes CPU */ +- if (stop_report_cnt > 15 || !rtlpriv->link_info.busytraffic) { ++ { + u16 point_diff = 0; + u16 cur_tx_rp, cur_tx_wp; + u32 tmpu32 = 0; +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h +index 6f9be1c..8effef9 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h +@@ -542,6 +542,8 @@ + LE_BITS_TO_4BYTE(__pdesc+8, 12, 4) + #define GET_RX_DESC_RX_IS_QOS(__pdesc) \ + LE_BITS_TO_4BYTE(__pdesc+8, 16, 1) ++#define GET_RX_STATUS_DESC_RPT_SEL(__pdesc) \ ++ LE_BITS_TO_4BYTE(__pdesc+8, 28, 1) + + #define GET_RX_DESC_RXMCS(__pdesc) \ + LE_BITS_TO_4BYTE(__pdesc+12, 0, 7) +diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c +index 2b3c894..b720e78 100644 +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -1389,7 +1389,7 @@ static int pci_uevent(struct device *dev, struct kobj_uevent_env *env) + if (add_uevent_var(env, "PCI_SLOT_NAME=%s", pci_name(pdev))) + return -ENOMEM; + +- if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x", ++ if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X", + pdev->vendor, pdev->device, + pdev->subsystem_vendor, pdev->subsystem_device, + (u8)(pdev->class >> 16), (u8)(pdev->class >> 8), +diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c +index f955edb..eb0ad53 100644 +--- a/drivers/pci/rom.c ++++ b/drivers/pci/rom.c +@@ -71,6 +71,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) + { + void __iomem *image; + int last_image; ++ unsigned length; + + image = rom; + do { +@@ -93,9 +94,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) + if (readb(pds + 3) != 'R') + break; + last_image = readb(pds + 21) & 0x80; +- /* this length is reliable */ +- image += readw(pds + 16) * 512; +- } while (!last_image); ++ length = readw(pds + 16); ++ image += length * 512; ++ } while (length && !last_image); + + /* never return a size larger than the PCI resource window */ + /* there are known ROMs that get the size wrong */ +diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c +index ff765d8..ce364a4 100644 +--- a/drivers/platform/x86/samsung-laptop.c ++++ b/drivers/platform/x86/samsung-laptop.c +@@ -353,6 +353,7 @@ struct samsung_quirks { + bool broken_acpi_video; + bool four_kbd_backlight_levels; + bool enable_kbd_backlight; ++ bool use_native_backlight; + }; + + static struct samsung_quirks samsung_unknown = {}; +@@ -361,6 +362,10 @@ static struct samsung_quirks samsung_broken_acpi_video = { + .broken_acpi_video = true, + }; + ++static struct samsung_quirks samsung_use_native_backlight = { ++ .use_native_backlight = true, ++}; ++ + static struct samsung_quirks samsung_np740u3e = { + .four_kbd_backlight_levels = true, + .enable_kbd_backlight = true, +@@ -1507,7 +1512,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "N150P"), + DMI_MATCH(DMI_BOARD_NAME, "N150P"), + }, +- .driver_data = &samsung_broken_acpi_video, ++ .driver_data = &samsung_use_native_backlight, + }, + { + .callback = samsung_dmi_matched, +@@ -1517,7 +1522,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "N145P/N250P/N260P"), + DMI_MATCH(DMI_BOARD_NAME, "N145P/N250P/N260P"), + }, +- .driver_data = &samsung_broken_acpi_video, ++ .driver_data = &samsung_use_native_backlight, + }, + { + .callback = samsung_dmi_matched, +@@ -1557,7 +1562,7 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "N250P"), + DMI_MATCH(DMI_BOARD_NAME, "N250P"), + }, +- .driver_data = &samsung_broken_acpi_video, ++ .driver_data = &samsung_use_native_backlight, + }, + { + .callback = samsung_dmi_matched, +@@ -1616,6 +1621,15 @@ static int __init samsung_init(void) + pr_info("Disabling ACPI video driver\n"); + acpi_video_unregister(); + } ++ ++ if (samsung->quirks->use_native_backlight) { ++ pr_info("Using native backlight driver\n"); ++ /* Tell acpi-video to not handle the backlight */ ++ acpi_video_dmi_promote_vendor(); ++ acpi_video_unregister(); ++ /* And also do not handle it ourselves */ ++ samsung->handle_backlight = false; ++ } + #endif + + ret = samsung_platform_init(samsung); +diff --git a/drivers/power/88pm860x_charger.c b/drivers/power/88pm860x_charger.c +index de029bb..5ccca87 100644 +--- a/drivers/power/88pm860x_charger.c ++++ b/drivers/power/88pm860x_charger.c +@@ -711,6 +711,7 @@ static int pm860x_charger_probe(struct platform_device *pdev) + return 0; + + out_irq: ++ power_supply_unregister(&info->usb); + while (--i >= 0) + free_irq(info->irq[i], info); + out: +diff --git a/drivers/power/bq24190_charger.c b/drivers/power/bq24190_charger.c +index ad3ff8f..e4c95e1 100644 +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -929,7 +929,7 @@ static void bq24190_charger_init(struct power_supply *charger) + charger->properties = bq24190_charger_properties; + charger->num_properties = ARRAY_SIZE(bq24190_charger_properties); + charger->supplied_to = bq24190_charger_supplied_to; +- charger->num_supplies = ARRAY_SIZE(bq24190_charger_supplied_to); ++ charger->num_supplicants = ARRAY_SIZE(bq24190_charger_supplied_to); + charger->get_property = bq24190_charger_get_property; + charger->set_property = bq24190_charger_set_property; + charger->property_is_writeable = bq24190_charger_property_is_writeable; +diff --git a/drivers/power/gpio-charger.c b/drivers/power/gpio-charger.c +index 7536933..e5deb11 100644 +--- a/drivers/power/gpio-charger.c ++++ b/drivers/power/gpio-charger.c +@@ -168,7 +168,7 @@ static int gpio_charger_suspend(struct device *dev) + + if (device_may_wakeup(dev)) + gpio_charger->wakeup_enabled = +- enable_irq_wake(gpio_charger->irq); ++ !enable_irq_wake(gpio_charger->irq); + + return 0; + } +@@ -178,7 +178,7 @@ static int gpio_charger_resume(struct device *dev) + struct platform_device *pdev = to_platform_device(dev); + struct gpio_charger *gpio_charger = platform_get_drvdata(pdev); + +- if (gpio_charger->wakeup_enabled) ++ if (device_may_wakeup(dev) && gpio_charger->wakeup_enabled) + disable_irq_wake(gpio_charger->irq); + power_supply_changed(&gpio_charger->charger); + +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index 5e881e5..6e50380 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -3556,7 +3556,6 @@ static int megasas_create_frame_pool(struct megasas_instance *instance) + int i; + u32 max_cmd; + u32 sge_sz; +- u32 sgl_sz; + u32 total_sz; + u32 frame_count; + struct megasas_cmd *cmd; +@@ -3575,24 +3574,23 @@ static int megasas_create_frame_pool(struct megasas_instance *instance) + } + + /* +- * Calculated the number of 64byte frames required for SGL +- */ +- sgl_sz = sge_sz * instance->max_num_sge; +- frame_count = (sgl_sz + MEGAMFI_FRAME_SIZE - 1) / MEGAMFI_FRAME_SIZE; +- frame_count = 15; +- +- /* +- * We need one extra frame for the MFI command ++ * For MFI controllers. ++ * max_num_sge = 60 ++ * max_sge_sz = 16 byte (sizeof megasas_sge_skinny) ++ * Total 960 byte (15 MFI frame of 64 byte) ++ * ++ * Fusion adapter require only 3 extra frame. ++ * max_num_sge = 16 (defined as MAX_IOCTL_SGE) ++ * max_sge_sz = 12 byte (sizeof megasas_sge64) ++ * Total 192 byte (3 MFI frame of 64 byte) + */ +- frame_count++; +- ++ frame_count = instance->ctrl_context ? (3 + 1) : (15 + 1); + total_sz = MEGAMFI_FRAME_SIZE * frame_count; + /* + * Use DMA pool facility provided by PCI layer + */ + instance->frame_dma_pool = pci_pool_create("megasas frame pool", +- instance->pdev, total_sz, 64, +- 0); ++ instance->pdev, total_sz, 256, 0); + + if (!instance->frame_dma_pool) { + printk(KERN_DEBUG "megasas: failed to setup frame pool\n"); +diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c +index 0f66d0e..7d2d424 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_fp.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fp.c +@@ -170,6 +170,7 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance) + struct MR_FW_RAID_MAP_ALL *fw_map_old = NULL; + struct MR_FW_RAID_MAP *pFwRaidMap = NULL; + int i; ++ u16 ld_count; + + + struct MR_DRV_RAID_MAP_ALL *drv_map = +@@ -189,9 +190,10 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance) + fw_map_old = (struct MR_FW_RAID_MAP_ALL *) + fusion->ld_map[(instance->map_id & 1)]; + pFwRaidMap = &fw_map_old->raidMap; ++ ld_count = (u16)le32_to_cpu(pFwRaidMap->ldCount); + + #if VD_EXT_DEBUG +- for (i = 0; i < le16_to_cpu(pFwRaidMap->ldCount); i++) { ++ for (i = 0; i < ld_count; i++) { + dev_dbg(&instance->pdev->dev, "(%d) :Index 0x%x " + "Target Id 0x%x Seq Num 0x%x Size 0/%llx\n", + instance->unique_id, i, +@@ -203,12 +205,15 @@ void MR_PopulateDrvRaidMap(struct megasas_instance *instance) + + memset(drv_map, 0, fusion->drv_map_sz); + pDrvRaidMap->totalSize = pFwRaidMap->totalSize; +- pDrvRaidMap->ldCount = (__le16)pFwRaidMap->ldCount; ++ pDrvRaidMap->ldCount = (__le16)cpu_to_le16(ld_count); + pDrvRaidMap->fpPdIoTimeoutSec = pFwRaidMap->fpPdIoTimeoutSec; + for (i = 0; i < MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS; i++) + pDrvRaidMap->ldTgtIdToLd[i] = + (u8)pFwRaidMap->ldTgtIdToLd[i]; +- for (i = 0; i < le16_to_cpu(pDrvRaidMap->ldCount); i++) { ++ for (i = (MAX_RAIDMAP_LOGICAL_DRIVES + MAX_RAIDMAP_VIEWS); ++ i < MAX_LOGICAL_DRIVES_EXT; i++) ++ pDrvRaidMap->ldTgtIdToLd[i] = 0xff; ++ for (i = 0; i < ld_count; i++) { + pDrvRaidMap->ldSpanMap[i] = pFwRaidMap->ldSpanMap[i]; + #if VD_EXT_DEBUG + dev_dbg(&instance->pdev->dev, +@@ -250,7 +255,7 @@ u8 MR_ValidateMapInfo(struct megasas_instance *instance) + struct LD_LOAD_BALANCE_INFO *lbInfo; + PLD_SPAN_INFO ldSpanInfo; + struct MR_LD_RAID *raid; +- int ldCount, num_lds; ++ u16 ldCount, num_lds; + u16 ld; + u32 expected_size; + +@@ -354,7 +359,7 @@ static int getSpanInfo(struct MR_DRV_RAID_MAP_ALL *map, + + for (ldCount = 0; ldCount < MAX_LOGICAL_DRIVES_EXT; ldCount++) { + ld = MR_TargetIdToLdGet(ldCount, map); +- if (ld >= MAX_LOGICAL_DRIVES_EXT) ++ if (ld >= (MAX_LOGICAL_DRIVES_EXT - 1)) + continue; + raid = MR_LdRaidGet(ld, map); + dev_dbg(&instance->pdev->dev, "LD %x: span_depth=%x\n", +@@ -1155,7 +1160,7 @@ void mr_update_span_set(struct MR_DRV_RAID_MAP_ALL *map, + + for (ldCount = 0; ldCount < MAX_LOGICAL_DRIVES_EXT; ldCount++) { + ld = MR_TargetIdToLdGet(ldCount, map); +- if (ld >= MAX_LOGICAL_DRIVES_EXT) ++ if (ld >= (MAX_LOGICAL_DRIVES_EXT - 1)) + continue; + raid = MR_LdRaidGet(ld, map); + for (element = 0; element < MAX_QUAD_DEPTH; element++) { +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c +index 9d9c27c..5543956 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c +@@ -101,6 +101,8 @@ megasas_enable_intr_fusion(struct megasas_instance *instance) + { + struct megasas_register_set __iomem *regs; + regs = instance->reg_set; ++ ++ instance->mask_interrupts = 0; + /* For Thunderbolt/Invader also clear intr on enable */ + writel(~0, ®s->outbound_intr_status); + readl(®s->outbound_intr_status); +@@ -109,7 +111,6 @@ megasas_enable_intr_fusion(struct megasas_instance *instance) + + /* Dummy readl to force pci flush */ + readl(®s->outbound_intr_mask); +- instance->mask_interrupts = 0; + } + + /** +@@ -696,12 +697,11 @@ megasas_ioc_init_fusion(struct megasas_instance *instance) + cpu_to_le32(lower_32_bits(ioc_init_handle)); + init_frame->data_xfer_len = cpu_to_le32(sizeof(struct MPI2_IOC_INIT_REQUEST)); + +- req_desc.Words = 0; ++ req_desc.u.low = cpu_to_le32(lower_32_bits(cmd->frame_phys_addr)); ++ req_desc.u.high = cpu_to_le32(upper_32_bits(cmd->frame_phys_addr)); + req_desc.MFAIo.RequestFlags = + (MEGASAS_REQ_DESCRIPT_FLAGS_MFA << +- MEGASAS_REQ_DESCRIPT_FLAGS_TYPE_SHIFT); +- cpu_to_le32s((u32 *)&req_desc.MFAIo); +- req_desc.Words |= cpu_to_le64(cmd->frame_phys_addr); ++ MEGASAS_REQ_DESCRIPT_FLAGS_TYPE_SHIFT); + + /* + * disable the intr before firing the init frame +@@ -1753,9 +1753,19 @@ megasas_build_dcdb_fusion(struct megasas_instance *instance, + if (scmd->device->channel < MEGASAS_MAX_PD_CHANNELS) + goto NonFastPath; + ++ /* ++ * For older firmware, Driver should not access ldTgtIdToLd ++ * beyond index 127 and for Extended VD firmware, ldTgtIdToLd ++ * should not go beyond 255. ++ */ ++ ++ if ((!fusion->fast_path_io) || ++ (device_id >= instance->fw_supported_vd_count)) ++ goto NonFastPath; ++ + ld = MR_TargetIdToLdGet(device_id, local_map_ptr); +- if ((ld >= instance->fw_supported_vd_count) || +- (!fusion->fast_path_io)) ++ ++ if (ld >= instance->fw_supported_vd_count) + goto NonFastPath; + + raid = MR_LdRaidGet(ld, local_map_ptr); +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h +index 0d183d5..a7f216f 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h +@@ -304,14 +304,9 @@ struct MPI2_RAID_SCSI_IO_REQUEST { + * MPT RAID MFA IO Descriptor. + */ + struct MEGASAS_RAID_MFA_IO_REQUEST_DESCRIPTOR { +-#if defined(__BIG_ENDIAN_BITFIELD) +- u32 MessageAddress1:24; /* bits 31:8*/ +- u32 RequestFlags:8; +-#else + u32 RequestFlags:8; +- u32 MessageAddress1:24; /* bits 31:8*/ +-#endif +- u32 MessageAddress2; /* bits 61:32 */ ++ u32 MessageAddress1:24; ++ u32 MessageAddress2; + }; + + /* Default Request Descriptor */ +diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c +index 6035444..843594c 100644 +--- a/drivers/scsi/sg.c ++++ b/drivers/scsi/sg.c +@@ -1376,6 +1376,17 @@ sg_rq_end_io(struct request *rq, int uptodate) + } + /* Rely on write phase to clean out srp status values, so no "else" */ + ++ /* ++ * Free the request as soon as it is complete so that its resources ++ * can be reused without waiting for userspace to read() the ++ * result. But keep the associated bio (if any) around until ++ * blk_rq_unmap_user() can be called from user context. ++ */ ++ srp->rq = NULL; ++ if (rq->cmd != rq->__cmd) ++ kfree(rq->cmd); ++ __blk_put_request(rq->q, rq); ++ + write_lock_irqsave(&sfp->rq_list_lock, iflags); + if (unlikely(srp->orphan)) { + if (sfp->keep_orphan) +@@ -1710,7 +1721,22 @@ sg_start_req(Sg_request *srp, unsigned char *cmd) + return -ENOMEM; + } + +- rq = blk_get_request(q, rw, GFP_ATOMIC); ++ /* ++ * NOTE ++ * ++ * With scsi-mq enabled, there are a fixed number of preallocated ++ * requests equal in number to shost->can_queue. If all of the ++ * preallocated requests are already in use, then using GFP_ATOMIC with ++ * blk_get_request() will return -EWOULDBLOCK, whereas using GFP_KERNEL ++ * will cause blk_get_request() to sleep until an active command ++ * completes, freeing up a request. Neither option is ideal, but ++ * GFP_KERNEL is the better choice to prevent userspace from getting an ++ * unexpected EWOULDBLOCK. ++ * ++ * With scsi-mq disabled, blk_get_request() with GFP_KERNEL usually ++ * does not sleep except under memory pressure. ++ */ ++ rq = blk_get_request(q, rw, GFP_KERNEL); + if (IS_ERR(rq)) { + kfree(long_cmdp); + return PTR_ERR(rq); +@@ -1803,10 +1829,10 @@ sg_finish_rem_req(Sg_request *srp) + SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, + "sg_finish_rem_req: res_used=%d\n", + (int) srp->res_used)); +- if (srp->rq) { +- if (srp->bio) +- ret = blk_rq_unmap_user(srp->bio); ++ if (srp->bio) ++ ret = blk_rq_unmap_user(srp->bio); + ++ if (srp->rq) { + if (srp->rq->cmd != srp->rq->__cmd) + kfree(srp->rq->cmd); + blk_put_request(srp->rq); +diff --git a/drivers/target/iscsi/iscsi_target_tq.c b/drivers/target/iscsi/iscsi_target_tq.c +index 601e9cc..bb2890e 100644 +--- a/drivers/target/iscsi/iscsi_target_tq.c ++++ b/drivers/target/iscsi/iscsi_target_tq.c +@@ -24,36 +24,22 @@ + #include "iscsi_target_tq.h" + #include "iscsi_target.h" + +-static LIST_HEAD(active_ts_list); + static LIST_HEAD(inactive_ts_list); +-static DEFINE_SPINLOCK(active_ts_lock); + static DEFINE_SPINLOCK(inactive_ts_lock); + static DEFINE_SPINLOCK(ts_bitmap_lock); + +-static void iscsi_add_ts_to_active_list(struct iscsi_thread_set *ts) +-{ +- spin_lock(&active_ts_lock); +- list_add_tail(&ts->ts_list, &active_ts_list); +- iscsit_global->active_ts++; +- spin_unlock(&active_ts_lock); +-} +- + static void iscsi_add_ts_to_inactive_list(struct iscsi_thread_set *ts) + { ++ if (!list_empty(&ts->ts_list)) { ++ WARN_ON(1); ++ return; ++ } + spin_lock(&inactive_ts_lock); + list_add_tail(&ts->ts_list, &inactive_ts_list); + iscsit_global->inactive_ts++; + spin_unlock(&inactive_ts_lock); + } + +-static void iscsi_del_ts_from_active_list(struct iscsi_thread_set *ts) +-{ +- spin_lock(&active_ts_lock); +- list_del(&ts->ts_list); +- iscsit_global->active_ts--; +- spin_unlock(&active_ts_lock); +-} +- + static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void) + { + struct iscsi_thread_set *ts; +@@ -66,7 +52,7 @@ static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void) + + ts = list_first_entry(&inactive_ts_list, struct iscsi_thread_set, ts_list); + +- list_del(&ts->ts_list); ++ list_del_init(&ts->ts_list); + iscsit_global->inactive_ts--; + spin_unlock(&inactive_ts_lock); + +@@ -204,8 +190,6 @@ static void iscsi_deallocate_extra_thread_sets(void) + + void iscsi_activate_thread_set(struct iscsi_conn *conn, struct iscsi_thread_set *ts) + { +- iscsi_add_ts_to_active_list(ts); +- + spin_lock_bh(&ts->ts_state_lock); + conn->thread_set = ts; + ts->conn = conn; +@@ -397,7 +381,6 @@ struct iscsi_conn *iscsi_rx_thread_pre_handler(struct iscsi_thread_set *ts) + + if (ts->delay_inactive && (--ts->thread_count == 0)) { + spin_unlock_bh(&ts->ts_state_lock); +- iscsi_del_ts_from_active_list(ts); + + if (!iscsit_global->in_shutdown) + iscsi_deallocate_extra_thread_sets(); +@@ -452,7 +435,6 @@ struct iscsi_conn *iscsi_tx_thread_pre_handler(struct iscsi_thread_set *ts) + + if (ts->delay_inactive && (--ts->thread_count == 0)) { + spin_unlock_bh(&ts->ts_state_lock); +- iscsi_del_ts_from_active_list(ts); + + if (!iscsit_global->in_shutdown) + iscsi_deallocate_extra_thread_sets(); +diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c +index 7c4447a..082304d 100644 +--- a/drivers/tty/pty.c ++++ b/drivers/tty/pty.c +@@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig) + unsigned long flags; + struct pid *pgrp; + ++ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP) ++ return -EINVAL; ++ + if (tty->link) { + spin_lock_irqsave(&tty->link->ctrl_lock, flags); + pgrp = get_pid(tty->link->pgrp); +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c +index edde3ec..6ee5c6c 100644 +--- a/drivers/tty/serial/atmel_serial.c ++++ b/drivers/tty/serial/atmel_serial.c +@@ -2577,7 +2577,7 @@ static int atmel_serial_probe(struct platform_device *pdev) + + ret = atmel_init_port(port, pdev); + if (ret) +- goto err; ++ goto err_clear_bit; + + if (!atmel_use_pdc_rx(&port->uart)) { + ret = -ENOMEM; +@@ -2626,6 +2626,8 @@ err_alloc_ring: + clk_put(port->clk); + port->clk = NULL; + } ++err_clear_bit: ++ clear_bit(port->uart.line, atmel_ports_in_use); + err: + return ret; + } +diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c +index 6dd53af..eb9bc7e 100644 +--- a/drivers/tty/serial/fsl_lpuart.c ++++ b/drivers/tty/serial/fsl_lpuart.c +@@ -506,9 +506,6 @@ static inline void lpuart_prepare_rx(struct lpuart_port *sport) + + spin_lock_irqsave(&sport->port.lock, flags); + +- init_timer(&sport->lpuart_timer); +- sport->lpuart_timer.function = lpuart_timer_func; +- sport->lpuart_timer.data = (unsigned long)sport; + sport->lpuart_timer.expires = jiffies + sport->dma_rx_timeout; + add_timer(&sport->lpuart_timer); + +@@ -758,18 +755,18 @@ out: + static irqreturn_t lpuart_int(int irq, void *dev_id) + { + struct lpuart_port *sport = dev_id; +- unsigned char sts; ++ unsigned char sts, crdma; + + sts = readb(sport->port.membase + UARTSR1); ++ crdma = readb(sport->port.membase + UARTCR5); + +- if (sts & UARTSR1_RDRF) { ++ if (sts & UARTSR1_RDRF && !(crdma & UARTCR5_RDMAS)) { + if (sport->lpuart_dma_use) + lpuart_prepare_rx(sport); + else + lpuart_rxint(irq, dev_id); + } +- if (sts & UARTSR1_TDRE && +- !(readb(sport->port.membase + UARTCR5) & UARTCR5_TDMAS)) { ++ if (sts & UARTSR1_TDRE && !(crdma & UARTCR5_TDMAS)) { + if (sport->lpuart_dma_use) + lpuart_pio_tx(sport); + else +@@ -1106,7 +1103,10 @@ static int lpuart_startup(struct uart_port *port) + sport->lpuart_dma_use = false; + } else { + sport->lpuart_dma_use = true; ++ setup_timer(&sport->lpuart_timer, lpuart_timer_func, ++ (unsigned long)sport); + temp = readb(port->membase + UARTCR5); ++ temp &= ~UARTCR5_RDMAS; + writeb(temp | UARTCR5_TDMAS, port->membase + UARTCR5); + } + +@@ -1180,6 +1180,8 @@ static void lpuart_shutdown(struct uart_port *port) + devm_free_irq(port->dev, port->irq, sport); + + if (sport->lpuart_dma_use) { ++ del_timer_sync(&sport->lpuart_timer); ++ + lpuart_dma_tx_free(port); + lpuart_dma_rx_free(port); + } +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c +index b33b00b..53c25bc 100644 +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -498,6 +498,7 @@ void invert_screen(struct vc_data *vc, int offset, int count, int viewed) + #endif + if (DO_UPDATE(vc)) + do_update_region(vc, (unsigned long) p, count); ++ notify_update(vc); + } + + /* used by selection: complement pointer position */ +@@ -514,6 +515,7 @@ void complement_pos(struct vc_data *vc, int offset) + scr_writew(old, screenpos(vc, old_offset, 1)); + if (DO_UPDATE(vc)) + vc->vc_sw->con_putc(vc, old, oldy, oldx); ++ notify_update(vc); + } + + old_offset = offset; +@@ -531,8 +533,8 @@ void complement_pos(struct vc_data *vc, int offset) + oldy = (offset >> 1) / vc->vc_cols; + vc->vc_sw->con_putc(vc, new, oldy, oldx); + } ++ notify_update(vc); + } +- + } + + static void insert_char(struct vc_data *vc, unsigned int nr) +diff --git a/drivers/usb/core/buffer.c b/drivers/usb/core/buffer.c +index 684ef70..506b969 100644 +--- a/drivers/usb/core/buffer.c ++++ b/drivers/usb/core/buffer.c +@@ -22,17 +22,25 @@ + */ + + /* FIXME tune these based on pool statistics ... */ +-static const size_t pool_max[HCD_BUFFER_POOLS] = { +- /* platforms without dma-friendly caches might need to +- * prevent cacheline sharing... +- */ +- 32, +- 128, +- 512, +- PAGE_SIZE / 2 +- /* bigger --> allocate pages */ ++static size_t pool_max[HCD_BUFFER_POOLS] = { ++ 32, 128, 512, 2048, + }; + ++void __init usb_init_pool_max(void) ++{ ++ /* ++ * The pool_max values must never be smaller than ++ * ARCH_KMALLOC_MINALIGN. ++ */ ++ if (ARCH_KMALLOC_MINALIGN <= 32) ++ ; /* Original value is okay */ ++ else if (ARCH_KMALLOC_MINALIGN <= 64) ++ pool_max[0] = 64; ++ else if (ARCH_KMALLOC_MINALIGN <= 128) ++ pool_max[0] = 0; /* Don't use this pool */ ++ else ++ BUILD_BUG(); /* We don't allow this */ ++} + + /* SETUP primitives */ + +diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c +index 9bffd26..d7a6d8b 100644 +--- a/drivers/usb/core/driver.c ++++ b/drivers/usb/core/driver.c +@@ -275,21 +275,6 @@ static int usb_unbind_device(struct device *dev) + return 0; + } + +-/* +- * Cancel any pending scheduled resets +- * +- * [see usb_queue_reset_device()] +- * +- * Called after unconfiguring / when releasing interfaces. See +- * comments in __usb_queue_reset_device() regarding +- * udev->reset_running. +- */ +-static void usb_cancel_queued_reset(struct usb_interface *iface) +-{ +- if (iface->reset_running == 0) +- cancel_work_sync(&iface->reset_ws); +-} +- + /* called from driver core with dev locked */ + static int usb_probe_interface(struct device *dev) + { +@@ -380,7 +365,6 @@ static int usb_probe_interface(struct device *dev) + usb_set_intfdata(intf, NULL); + intf->needs_remote_wakeup = 0; + intf->condition = USB_INTERFACE_UNBOUND; +- usb_cancel_queued_reset(intf); + + /* If the LPM disable succeeded, balance the ref counts. */ + if (!lpm_disable_error) +@@ -425,7 +409,6 @@ static int usb_unbind_interface(struct device *dev) + usb_disable_interface(udev, intf, false); + + driver->disconnect(intf); +- usb_cancel_queued_reset(intf); + + /* Free streams */ + for (i = 0, j = 0; i < intf->cur_altsetting->desc.bNumEndpoints; i++) { +@@ -1801,6 +1784,18 @@ static int autosuspend_check(struct usb_device *udev) + dev_dbg(&udev->dev, "remote wakeup needed for autosuspend\n"); + return -EOPNOTSUPP; + } ++ ++ /* ++ * If the device is a direct child of the root hub and the HCD ++ * doesn't handle wakeup requests, don't allow autosuspend when ++ * wakeup is needed. ++ */ ++ if (w && udev->parent == udev->bus->root_hub && ++ bus_to_hcd(udev->bus)->cant_recv_wakeups) { ++ dev_dbg(&udev->dev, "HCD doesn't handle wakeup requests\n"); ++ return -EOPNOTSUPP; ++ } ++ + udev->do_remote_wakeup = w; + return 0; + } +diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c +index a6efb41..0009fc8 100644 +--- a/drivers/usb/core/hcd.c ++++ b/drivers/usb/core/hcd.c +@@ -1618,6 +1618,7 @@ static int unlink1(struct usb_hcd *hcd, struct urb *urb, int status) + int usb_hcd_unlink_urb (struct urb *urb, int status) + { + struct usb_hcd *hcd; ++ struct usb_device *udev = urb->dev; + int retval = -EIDRM; + unsigned long flags; + +@@ -1629,20 +1630,19 @@ int usb_hcd_unlink_urb (struct urb *urb, int status) + spin_lock_irqsave(&hcd_urb_unlink_lock, flags); + if (atomic_read(&urb->use_count) > 0) { + retval = 0; +- usb_get_dev(urb->dev); ++ usb_get_dev(udev); + } + spin_unlock_irqrestore(&hcd_urb_unlink_lock, flags); + if (retval == 0) { + hcd = bus_to_hcd(urb->dev->bus); + retval = unlink1(hcd, urb, status); +- usb_put_dev(urb->dev); ++ if (retval == 0) ++ retval = -EINPROGRESS; ++ else if (retval != -EIDRM && retval != -EBUSY) ++ dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n", ++ urb, retval); ++ usb_put_dev(udev); + } +- +- if (retval == 0) +- retval = -EINPROGRESS; +- else if (retval != -EIDRM && retval != -EBUSY) +- dev_dbg(&urb->dev->dev, "hcd_unlink_urb %p fail %d\n", +- urb, retval); + return retval; + } + +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index b649fef..2246954 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -5591,26 +5591,19 @@ EXPORT_SYMBOL_GPL(usb_reset_device); + * possible; depending on how the driver attached to each interface + * handles ->pre_reset(), the second reset might happen or not. + * +- * - If a driver is unbound and it had a pending reset, the reset will +- * be cancelled. ++ * - If the reset is delayed so long that the interface is unbound from ++ * its driver, the reset will be skipped. + * +- * - This function can be called during .probe() or .disconnect() +- * times. On return from .disconnect(), any pending resets will be +- * cancelled. +- * +- * There is no no need to lock/unlock the @reset_ws as schedule_work() +- * does its own. +- * +- * NOTE: We don't do any reference count tracking because it is not +- * needed. The lifecycle of the work_struct is tied to the +- * usb_interface. Before destroying the interface we cancel the +- * work_struct, so the fact that work_struct is queued and or +- * running means the interface (and thus, the device) exist and +- * are referenced. ++ * - This function can be called during .probe(). It can also be called ++ * during .disconnect(), but doing so is pointless because the reset ++ * will not occur. If you really want to reset the device during ++ * .disconnect(), call usb_reset_device() directly -- but watch out ++ * for nested unbinding issues! + */ + void usb_queue_reset_device(struct usb_interface *iface) + { +- schedule_work(&iface->reset_ws); ++ if (schedule_work(&iface->reset_ws)) ++ usb_get_intf(iface); + } + EXPORT_SYMBOL_GPL(usb_queue_reset_device); + +diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c +index f7b7713..f368d20 100644 +--- a/drivers/usb/core/message.c ++++ b/drivers/usb/core/message.c +@@ -1551,6 +1551,7 @@ static void usb_release_interface(struct device *dev) + altsetting_to_usb_interface_cache(intf->altsetting); + + kref_put(&intfc->ref, usb_release_interface_cache); ++ usb_put_dev(interface_to_usbdev(intf)); + kfree(intf); + } + +@@ -1626,24 +1627,6 @@ static struct usb_interface_assoc_descriptor *find_iad(struct usb_device *dev, + + /* + * Internal function to queue a device reset +- * +- * This is initialized into the workstruct in 'struct +- * usb_device->reset_ws' that is launched by +- * message.c:usb_set_configuration() when initializing each 'struct +- * usb_interface'. +- * +- * It is safe to get the USB device without reference counts because +- * the life cycle of @iface is bound to the life cycle of @udev. Then, +- * this function will be ran only if @iface is alive (and before +- * freeing it any scheduled instances of it will have been cancelled). +- * +- * We need to set a flag (usb_dev->reset_running) because when we call +- * the reset, the interfaces might be unbound. The current interface +- * cannot try to remove the queued work as it would cause a deadlock +- * (you cannot remove your work from within your executing +- * workqueue). This flag lets it know, so that +- * usb_cancel_queued_reset() doesn't try to do it. +- * + * See usb_queue_reset_device() for more details + */ + static void __usb_queue_reset_device(struct work_struct *ws) +@@ -1655,11 +1638,10 @@ static void __usb_queue_reset_device(struct work_struct *ws) + + rc = usb_lock_device_for_reset(udev, iface); + if (rc >= 0) { +- iface->reset_running = 1; + usb_reset_device(udev); +- iface->reset_running = 0; + usb_unlock_device(udev); + } ++ usb_put_intf(iface); /* Undo _get_ in usb_queue_reset_device() */ + } + + +@@ -1854,6 +1836,7 @@ free_interfaces: + dev_set_name(&intf->dev, "%d-%s:%d.%d", + dev->bus->busnum, dev->devpath, + configuration, alt->desc.bInterfaceNumber); ++ usb_get_dev(dev); + } + kfree(new_interfaces); + +diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c +index 2dd2362..29ee936 100644 +--- a/drivers/usb/core/usb.c ++++ b/drivers/usb/core/usb.c +@@ -1051,6 +1051,7 @@ static int __init usb_init(void) + pr_info("%s: USB support disabled\n", usbcore_name); + return 0; + } ++ usb_init_pool_max(); + + retval = usb_debugfs_init(); + if (retval) +diff --git a/drivers/usb/host/isp1760-hcd.c b/drivers/usb/host/isp1760-hcd.c +index e752c30..d2a8565 100644 +--- a/drivers/usb/host/isp1760-hcd.c ++++ b/drivers/usb/host/isp1760-hcd.c +@@ -2247,6 +2247,9 @@ struct usb_hcd *isp1760_register(phys_addr_t res_start, resource_size_t res_len, + hcd->rsrc_start = res_start; + hcd->rsrc_len = res_len; + ++ /* This driver doesn't support wakeup requests */ ++ hcd->cant_recv_wakeups = 1; ++ + ret = usb_add_hcd(hcd, irq, irqflags); + if (ret) + goto err_unmap; +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index f4c56fc..f40c856 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -56,6 +56,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */ + { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */ + { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */ ++ { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */ + { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */ + { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */ + { USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */ +diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c +index f8bb36f..bf19407 100644 +--- a/drivers/xen/manage.c ++++ b/drivers/xen/manage.c +@@ -105,10 +105,16 @@ static void do_suspend(void) + + err = freeze_processes(); + if (err) { +- pr_err("%s: freeze failed %d\n", __func__, err); ++ pr_err("%s: freeze processes failed %d\n", __func__, err); + goto out; + } + ++ err = freeze_kernel_threads(); ++ if (err) { ++ pr_err("%s: freeze kernel threads failed %d\n", __func__, err); ++ goto out_thaw; ++ } ++ + err = dpm_suspend_start(PMSG_FREEZE); + if (err) { + pr_err("%s: dpm_suspend_start %d\n", __func__, err); +diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c +index 3e32146..d30c6b2 100644 +--- a/drivers/xen/xen-scsiback.c ++++ b/drivers/xen/xen-scsiback.c +@@ -712,12 +712,11 @@ static int prepare_pending_reqs(struct vscsibk_info *info, + static int scsiback_do_cmd_fn(struct vscsibk_info *info) + { + struct vscsiif_back_ring *ring = &info->ring; +- struct vscsiif_request *ring_req; ++ struct vscsiif_request ring_req; + struct vscsibk_pend *pending_req; + RING_IDX rc, rp; + int err, more_to_do; + uint32_t result; +- uint8_t act; + + rc = ring->req_cons; + rp = ring->sring->req_prod; +@@ -738,11 +737,10 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info) + if (!pending_req) + return 1; + +- ring_req = RING_GET_REQUEST(ring, rc); ++ ring_req = *RING_GET_REQUEST(ring, rc); + ring->req_cons = ++rc; + +- act = ring_req->act; +- err = prepare_pending_reqs(info, ring_req, pending_req); ++ err = prepare_pending_reqs(info, &ring_req, pending_req); + if (err) { + switch (err) { + case -ENODEV: +@@ -758,9 +756,9 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info) + return 1; + } + +- switch (act) { ++ switch (ring_req.act) { + case VSCSIIF_ACT_SCSI_CDB: +- if (scsiback_gnttab_data_map(ring_req, pending_req)) { ++ if (scsiback_gnttab_data_map(&ring_req, pending_req)) { + scsiback_fast_flush_area(pending_req); + scsiback_do_resp_with_sense(NULL, + DRIVER_ERROR << 24, 0, pending_req); +@@ -771,7 +769,7 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info) + break; + case VSCSIIF_ACT_SCSI_ABORT: + scsiback_device_action(pending_req, TMR_ABORT_TASK, +- ring_req->ref_rqid); ++ ring_req.ref_rqid); + break; + case VSCSIIF_ACT_SCSI_RESET: + scsiback_device_action(pending_req, TMR_LUN_RESET, 0); +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index d8fc060..e1efcaa 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -554,11 +554,12 @@ out: + + static unsigned long randomize_stack_top(unsigned long stack_top) + { +- unsigned int random_variable = 0; ++ unsigned long random_variable = 0; + + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) { +- random_variable = get_random_int() & STACK_RND_MASK; ++ random_variable = (unsigned long) get_random_int(); ++ random_variable &= STACK_RND_MASK; + random_variable <<= PAGE_SHIFT; + } + #ifdef CONFIG_STACK_GROWSUP +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c +index 150822e..c81ce0c 100644 +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -2609,32 +2609,23 @@ static int key_search(struct extent_buffer *b, struct btrfs_key *key, + return 0; + } + +-int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *found_path, ++int btrfs_find_item(struct btrfs_root *fs_root, struct btrfs_path *path, + u64 iobjectid, u64 ioff, u8 key_type, + struct btrfs_key *found_key) + { + int ret; + struct btrfs_key key; + struct extent_buffer *eb; +- struct btrfs_path *path; ++ ++ ASSERT(path); + + key.type = key_type; + key.objectid = iobjectid; + key.offset = ioff; + +- if (found_path == NULL) { +- path = btrfs_alloc_path(); +- if (!path) +- return -ENOMEM; +- } else +- path = found_path; +- + ret = btrfs_search_slot(NULL, fs_root, &key, path, 0, 0); +- if ((ret < 0) || (found_key == NULL)) { +- if (path != found_path) +- btrfs_free_path(path); ++ if ((ret < 0) || (found_key == NULL)) + return ret; +- } + + eb = path->nodes[0]; + if (ret && path->slots[0] >= btrfs_header_nritems(eb)) { +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 9767673..b170983 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -1630,6 +1630,7 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, + bool check_ref) + { + struct btrfs_root *root; ++ struct btrfs_path *path; + int ret; + + if (location->objectid == BTRFS_ROOT_TREE_OBJECTID) +@@ -1669,8 +1670,14 @@ again: + if (ret) + goto fail; + +- ret = btrfs_find_item(fs_info->tree_root, NULL, BTRFS_ORPHAN_OBJECTID, ++ path = btrfs_alloc_path(); ++ if (!path) { ++ ret = -ENOMEM; ++ goto fail; ++ } ++ ret = btrfs_find_item(fs_info->tree_root, path, BTRFS_ORPHAN_OBJECTID, + location->objectid, BTRFS_ORPHAN_ITEM_KEY, NULL); ++ btrfs_free_path(path); + if (ret < 0) + goto fail; + if (ret == 0) +@@ -2496,7 +2503,7 @@ int open_ctree(struct super_block *sb, + features |= BTRFS_FEATURE_INCOMPAT_COMPRESS_LZO; + + if (features & BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA) +- printk(KERN_ERR "BTRFS: has skinny extents\n"); ++ printk(KERN_INFO "BTRFS: has skinny extents\n"); + + /* + * flag our filesystem as having big metadata blocks if +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c +index 7d96cc9..ee1c604 100644 +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -488,8 +488,20 @@ insert: + src_item = (struct btrfs_inode_item *)src_ptr; + dst_item = (struct btrfs_inode_item *)dst_ptr; + +- if (btrfs_inode_generation(eb, src_item) == 0) ++ if (btrfs_inode_generation(eb, src_item) == 0) { ++ struct extent_buffer *dst_eb = path->nodes[0]; ++ ++ if (S_ISREG(btrfs_inode_mode(eb, src_item)) && ++ S_ISREG(btrfs_inode_mode(dst_eb, dst_item))) { ++ struct btrfs_map_token token; ++ u64 ino_size = btrfs_inode_size(eb, src_item); ++ ++ btrfs_init_map_token(&token); ++ btrfs_set_token_inode_size(dst_eb, dst_item, ++ ino_size, &token); ++ } + goto no_copy; ++ } + + if (overwrite_root && + S_ISDIR(btrfs_inode_mode(eb, src_item)) && +@@ -1257,10 +1269,19 @@ static int insert_orphan_item(struct btrfs_trans_handle *trans, + struct btrfs_root *root, u64 offset) + { + int ret; +- ret = btrfs_find_item(root, NULL, BTRFS_ORPHAN_OBJECTID, ++ struct btrfs_path *path; ++ ++ path = btrfs_alloc_path(); ++ if (!path) ++ return -ENOMEM; ++ ++ ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID, + offset, BTRFS_ORPHAN_ITEM_KEY, NULL); + if (ret > 0) + ret = btrfs_insert_orphan_item(trans, root, offset); ++ ++ btrfs_free_path(path); ++ + return ret; + } + +@@ -3209,7 +3230,8 @@ static int drop_objectid_items(struct btrfs_trans_handle *trans, + static void fill_inode_item(struct btrfs_trans_handle *trans, + struct extent_buffer *leaf, + struct btrfs_inode_item *item, +- struct inode *inode, int log_inode_only) ++ struct inode *inode, int log_inode_only, ++ u64 logged_isize) + { + struct btrfs_map_token token; + +@@ -3222,7 +3244,7 @@ static void fill_inode_item(struct btrfs_trans_handle *trans, + * to say 'update this inode with these values' + */ + btrfs_set_token_inode_generation(leaf, item, 0, &token); +- btrfs_set_token_inode_size(leaf, item, 0, &token); ++ btrfs_set_token_inode_size(leaf, item, logged_isize, &token); + } else { + btrfs_set_token_inode_generation(leaf, item, + BTRFS_I(inode)->generation, +@@ -3274,7 +3296,7 @@ static int log_inode_item(struct btrfs_trans_handle *trans, + return ret; + inode_item = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_inode_item); +- fill_inode_item(trans, path->nodes[0], inode_item, inode, 0); ++ fill_inode_item(trans, path->nodes[0], inode_item, inode, 0, 0); + btrfs_release_path(path); + return 0; + } +@@ -3283,7 +3305,8 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, + struct inode *inode, + struct btrfs_path *dst_path, + struct btrfs_path *src_path, u64 *last_extent, +- int start_slot, int nr, int inode_only) ++ int start_slot, int nr, int inode_only, ++ u64 logged_isize) + { + unsigned long src_offset; + unsigned long dst_offset; +@@ -3340,7 +3363,8 @@ static noinline int copy_items(struct btrfs_trans_handle *trans, + dst_path->slots[0], + struct btrfs_inode_item); + fill_inode_item(trans, dst_path->nodes[0], inode_item, +- inode, inode_only == LOG_INODE_EXISTS); ++ inode, inode_only == LOG_INODE_EXISTS, ++ logged_isize); + } else { + copy_extent_buffer(dst_path->nodes[0], src, dst_offset, + src_offset, ins_sizes[i]); +@@ -3886,6 +3910,33 @@ process: + return ret; + } + ++static int logged_inode_size(struct btrfs_root *log, struct inode *inode, ++ struct btrfs_path *path, u64 *size_ret) ++{ ++ struct btrfs_key key; ++ int ret; ++ ++ key.objectid = btrfs_ino(inode); ++ key.type = BTRFS_INODE_ITEM_KEY; ++ key.offset = 0; ++ ++ ret = btrfs_search_slot(NULL, log, &key, path, 0, 0); ++ if (ret < 0) { ++ return ret; ++ } else if (ret > 0) { ++ *size_ret = i_size_read(inode); ++ } else { ++ struct btrfs_inode_item *item; ++ ++ item = btrfs_item_ptr(path->nodes[0], path->slots[0], ++ struct btrfs_inode_item); ++ *size_ret = btrfs_inode_size(path->nodes[0], item); ++ } ++ ++ btrfs_release_path(path); ++ return 0; ++} ++ + /* log a single inode in the tree log. + * At least one parent directory for this inode must exist in the tree + * or be logged already. +@@ -3923,6 +3974,7 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, + bool fast_search = false; + u64 ino = btrfs_ino(inode); + struct extent_map_tree *em_tree = &BTRFS_I(inode)->extent_tree; ++ u64 logged_isize = 0; + + path = btrfs_alloc_path(); + if (!path) +@@ -3976,6 +4028,25 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, + max_key_type = BTRFS_XATTR_ITEM_KEY; + ret = drop_objectid_items(trans, log, path, ino, max_key_type); + } else { ++ if (inode_only == LOG_INODE_EXISTS) { ++ /* ++ * Make sure the new inode item we write to the log has ++ * the same isize as the current one (if it exists). ++ * This is necessary to prevent data loss after log ++ * replay, and also to prevent doing a wrong expanding ++ * truncate - for e.g. create file, write 4K into offset ++ * 0, fsync, write 4K into offset 4096, add hard link, ++ * fsync some other file (to sync log), power fail - if ++ * we use the inode's current i_size, after log replay ++ * we get a 8Kb file, with the last 4Kb extent as a hole ++ * (zeroes), as if an expanding truncate happened, ++ * instead of getting a file of 4Kb only. ++ */ ++ err = logged_inode_size(log, inode, path, ++ &logged_isize); ++ if (err) ++ goto out_unlock; ++ } + if (test_and_clear_bit(BTRFS_INODE_NEEDS_FULL_SYNC, + &BTRFS_I(inode)->runtime_flags)) { + clear_bit(BTRFS_INODE_COPY_EVERYTHING, +@@ -4031,7 +4102,8 @@ again: + } + + ret = copy_items(trans, inode, dst_path, path, &last_extent, +- ins_start_slot, ins_nr, inode_only); ++ ins_start_slot, ins_nr, inode_only, ++ logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; +@@ -4055,7 +4127,7 @@ next_slot: + if (ins_nr) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, ins_start_slot, +- ins_nr, inode_only); ++ ins_nr, inode_only, logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; +@@ -4076,7 +4148,8 @@ next_slot: + } + if (ins_nr) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, +- ins_start_slot, ins_nr, inode_only); ++ ins_start_slot, ins_nr, inode_only, ++ logged_isize); + if (ret < 0) { + err = ret; + goto out_unlock; +diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c +index 7654e87..9ad5ba4 100644 +--- a/fs/jffs2/scan.c ++++ b/fs/jffs2/scan.c +@@ -510,6 +510,10 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo + sumlen = c->sector_size - je32_to_cpu(sm->offset); + sumptr = buf + buf_size - sumlen; + ++ /* sm->offset maybe wrong but MAGIC maybe right */ ++ if (sumlen > c->sector_size) ++ goto full_scan; ++ + /* Now, make sure the summary itself is available */ + if (sumlen > buf_size) { + /* Need to kmalloc for this. */ +@@ -544,6 +548,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo + } + } + ++full_scan: + buf_ofs = jeb->offset; + + if (!buf_size) { +diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c +index 9106f42..67bdc0b 100644 +--- a/fs/lockd/mon.c ++++ b/fs/lockd/mon.c +@@ -65,7 +65,7 @@ static inline struct sockaddr *nsm_addr(const struct nsm_handle *nsm) + return (struct sockaddr *)&nsm->sm_addr; + } + +-static struct rpc_clnt *nsm_create(struct net *net) ++static struct rpc_clnt *nsm_create(struct net *net, const char *nodename) + { + struct sockaddr_in sin = { + .sin_family = AF_INET, +@@ -77,6 +77,7 @@ static struct rpc_clnt *nsm_create(struct net *net) + .address = (struct sockaddr *)&sin, + .addrsize = sizeof(sin), + .servername = "rpc.statd", ++ .nodename = nodename, + .program = &nsm_program, + .version = NSM_VERSION, + .authflavor = RPC_AUTH_NULL, +@@ -102,7 +103,7 @@ out: + return clnt; + } + +-static struct rpc_clnt *nsm_client_get(struct net *net) ++static struct rpc_clnt *nsm_client_get(struct net *net, const char *nodename) + { + struct rpc_clnt *clnt, *new; + struct lockd_net *ln = net_generic(net, lockd_net_id); +@@ -111,7 +112,7 @@ static struct rpc_clnt *nsm_client_get(struct net *net) + if (clnt != NULL) + goto out; + +- clnt = new = nsm_create(net); ++ clnt = new = nsm_create(net, nodename); + if (IS_ERR(clnt)) + goto out; + +@@ -190,19 +191,23 @@ int nsm_monitor(const struct nlm_host *host) + struct nsm_res res; + int status; + struct rpc_clnt *clnt; ++ const char *nodename = NULL; + + dprintk("lockd: nsm_monitor(%s)\n", nsm->sm_name); + + if (nsm->sm_monitored) + return 0; + ++ if (host->h_rpcclnt) ++ nodename = host->h_rpcclnt->cl_nodename; ++ + /* + * Choose whether to record the caller_name or IP address of + * this peer in the local rpc.statd's database. + */ + nsm->sm_mon_name = nsm_use_hostnames ? nsm->sm_name : nsm->sm_addrbuf; + +- clnt = nsm_client_get(host->net); ++ clnt = nsm_client_get(host->net, nodename); + if (IS_ERR(clnt)) { + status = PTR_ERR(clnt); + dprintk("lockd: failed to create NSM upcall transport, " +diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c +index b8fb3a4..351be920 100644 +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -128,22 +128,24 @@ nfs41_callback_svc(void *vrqstp) + if (try_to_freeze()) + continue; + +- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); ++ prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE); + spin_lock_bh(&serv->sv_cb_lock); + if (!list_empty(&serv->sv_cb_list)) { + req = list_first_entry(&serv->sv_cb_list, + struct rpc_rqst, rq_bc_list); + list_del(&req->rq_bc_list); + spin_unlock_bh(&serv->sv_cb_lock); ++ finish_wait(&serv->sv_cb_waitq, &wq); + dprintk("Invoking bc_svc_process()\n"); + error = bc_svc_process(serv, req, rqstp); + dprintk("bc_svc_process() returned w/ error code= %d\n", + error); + } else { + spin_unlock_bh(&serv->sv_cb_lock); +- schedule(); ++ /* schedule_timeout to game the hung task watchdog */ ++ schedule_timeout(60 * HZ); ++ finish_wait(&serv->sv_cb_waitq, &wq); + } +- finish_wait(&serv->sv_cb_waitq, &wq); + } + return 0; + } +diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c +index f4ccfe6..02f8d09 100644 +--- a/fs/nfs/callback_xdr.c ++++ b/fs/nfs/callback_xdr.c +@@ -464,8 +464,10 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp, + + for (i = 0; i < args->csa_nrclists; i++) { + status = decode_rc_list(xdr, &args->csa_rclists[i]); +- if (status) ++ if (status) { ++ args->csa_nrclists = i; + goto out_free; ++ } + } + } + status = 0; +diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c +index 294692f..a094b0c 100644 +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -242,7 +242,7 @@ static void nfs_direct_release_pages(struct page **pages, unsigned int npages) + void nfs_init_cinfo_from_dreq(struct nfs_commit_info *cinfo, + struct nfs_direct_req *dreq) + { +- cinfo->lock = &dreq->lock; ++ cinfo->lock = &dreq->inode->i_lock; + cinfo->mds = &dreq->mds_cinfo; + cinfo->ds = &dreq->ds_cinfo; + cinfo->dreq = dreq; +diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h +index efaa31c..e1acc1c 100644 +--- a/fs/nfs/internal.h ++++ b/fs/nfs/internal.h +@@ -377,7 +377,7 @@ extern struct rpc_stat nfs_rpcstat; + + extern int __init register_nfs_fs(void); + extern void __exit unregister_nfs_fs(void); +-extern void nfs_sb_active(struct super_block *sb); ++extern bool nfs_sb_active(struct super_block *sb); + extern void nfs_sb_deactive(struct super_block *sb); + + /* namespace.c */ +@@ -495,6 +495,26 @@ extern int nfs41_walk_client_list(struct nfs_client *clp, + struct nfs_client **result, + struct rpc_cred *cred); + ++static inline struct inode *nfs_igrab_and_active(struct inode *inode) ++{ ++ inode = igrab(inode); ++ if (inode != NULL && !nfs_sb_active(inode->i_sb)) { ++ iput(inode); ++ inode = NULL; ++ } ++ return inode; ++} ++ ++static inline void nfs_iput_and_deactive(struct inode *inode) ++{ ++ if (inode != NULL) { ++ struct super_block *sb = inode->i_sb; ++ ++ iput(inode); ++ nfs_sb_deactive(sb); ++ } ++} ++ + /* + * Determine the device name as a string + */ +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 83f3a7d..cd61707 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5130,9 +5130,13 @@ static void nfs4_delegreturn_done(struct rpc_task *task, void *calldata) + static void nfs4_delegreturn_release(void *calldata) + { + struct nfs4_delegreturndata *data = calldata; ++ struct inode *inode = data->inode; + +- if (data->roc) +- pnfs_roc_release(data->inode); ++ if (inode) { ++ if (data->roc) ++ pnfs_roc_release(inode); ++ nfs_iput_and_deactive(inode); ++ } + kfree(calldata); + } + +@@ -5189,9 +5193,9 @@ static int _nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, co + nfs_fattr_init(data->res.fattr); + data->timestamp = jiffies; + data->rpc_status = 0; +- data->inode = inode; +- data->roc = list_empty(&NFS_I(inode)->open_files) ? +- pnfs_roc(inode) : false; ++ data->inode = nfs_igrab_and_active(inode); ++ if (data->inode) ++ data->roc = nfs4_roc(inode); + + task_setup_data.callback_data = data; + msg.rpc_argp = &data->args; +diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c +index 0a5dda4..883ee88 100644 +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -1445,19 +1445,19 @@ pnfs_generic_pg_init_read(struct nfs_pageio_descriptor *pgio, struct nfs_page *r + { + u64 rd_size = req->wb_bytes; + +- WARN_ON_ONCE(pgio->pg_lseg != NULL); +- +- if (pgio->pg_dreq == NULL) +- rd_size = i_size_read(pgio->pg_inode) - req_offset(req); +- else +- rd_size = nfs_dreq_bytes_left(pgio->pg_dreq); +- +- pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, +- req->wb_context, +- req_offset(req), +- rd_size, +- IOMODE_READ, +- GFP_KERNEL); ++ if (pgio->pg_lseg == NULL) { ++ if (pgio->pg_dreq == NULL) ++ rd_size = i_size_read(pgio->pg_inode) - req_offset(req); ++ else ++ rd_size = nfs_dreq_bytes_left(pgio->pg_dreq); ++ ++ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, ++ req->wb_context, ++ req_offset(req), ++ rd_size, ++ IOMODE_READ, ++ GFP_KERNEL); ++ } + /* If no lseg, fall back to read through mds */ + if (pgio->pg_lseg == NULL) + nfs_pageio_reset_read_mds(pgio); +@@ -1469,14 +1469,13 @@ void + pnfs_generic_pg_init_write(struct nfs_pageio_descriptor *pgio, + struct nfs_page *req, u64 wb_size) + { +- WARN_ON_ONCE(pgio->pg_lseg != NULL); +- +- pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, +- req->wb_context, +- req_offset(req), +- wb_size, +- IOMODE_RW, +- GFP_NOFS); ++ if (pgio->pg_lseg == NULL) ++ pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, ++ req->wb_context, ++ req_offset(req), ++ wb_size, ++ IOMODE_RW, ++ GFP_NOFS); + /* If no lseg, fall back to write through mds */ + if (pgio->pg_lseg == NULL) + nfs_pageio_reset_write_mds(pgio); +diff --git a/fs/nfs/super.c b/fs/nfs/super.c +index 31a11b0..368d939 100644 +--- a/fs/nfs/super.c ++++ b/fs/nfs/super.c +@@ -405,12 +405,15 @@ void __exit unregister_nfs_fs(void) + unregister_filesystem(&nfs_fs_type); + } + +-void nfs_sb_active(struct super_block *sb) ++bool nfs_sb_active(struct super_block *sb) + { + struct nfs_server *server = NFS_SB(sb); + +- if (atomic_inc_return(&server->active) == 1) +- atomic_inc(&sb->s_active); ++ if (!atomic_inc_not_zero(&sb->s_active)) ++ return false; ++ if (atomic_inc_return(&server->active) != 1) ++ atomic_dec(&sb->s_active); ++ return true; + } + EXPORT_SYMBOL_GPL(nfs_sb_active); + +diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c +index 10b6539..465223b 100644 +--- a/fs/ocfs2/quota_local.c ++++ b/fs/ocfs2/quota_local.c +@@ -701,8 +701,8 @@ static int ocfs2_local_read_info(struct super_block *sb, int type) + /* We don't need the lock and we have to acquire quota file locks + * which will later depend on this lock */ + mutex_unlock(&sb_dqopt(sb)->dqio_mutex); +- info->dqi_maxblimit = 0x7fffffffffffffffLL; +- info->dqi_maxilimit = 0x7fffffffffffffffLL; ++ info->dqi_max_spc_limit = 0x7fffffffffffffffLL; ++ info->dqi_max_ino_limit = 0x7fffffffffffffffLL; + oinfo = kmalloc(sizeof(struct ocfs2_mem_dqinfo), GFP_NOFS); + if (!oinfo) { + mlog(ML_ERROR, "failed to allocate memory for ocfs2 quota" +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index 4e0388c..e8972bc 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -1034,7 +1034,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, + struct vm_area_struct *vma; + struct pagemapread *pm = walk->private; + spinlock_t *ptl; +- pte_t *pte; ++ pte_t *pte, *orig_pte; + int err = 0; + + /* find the first VMA at or above 'addr' */ +@@ -1095,15 +1095,19 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, + BUG_ON(is_vm_hugetlb_page(vma)); + + /* Addresses in the VMA. */ +- for (; addr < min(end, vma->vm_end); addr += PAGE_SIZE) { ++ orig_pte = pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl); ++ for (; addr < min(end, vma->vm_end); pte++, addr += PAGE_SIZE) { + pagemap_entry_t pme; +- pte = pte_offset_map(pmd, addr); ++ + pte_to_pagemap_entry(&pme, pm, vma, addr, *pte); +- pte_unmap(pte); + err = add_to_pagemap(addr, &pme, pm); + if (err) +- return err; ++ break; + } ++ pte_unmap_unlock(orig_pte, ptl); ++ ++ if (err) ++ return err; + + if (addr == end) + break; +diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c +index 9340228..05fea2a 100644 +--- a/fs/quota/dquot.c ++++ b/fs/quota/dquot.c +@@ -2380,16 +2380,6 @@ out: + } + EXPORT_SYMBOL(dquot_quota_on_mount); + +-static inline qsize_t qbtos(qsize_t blocks) +-{ +- return blocks << QIF_DQBLKSIZE_BITS; +-} +- +-static inline qsize_t stoqb(qsize_t space) +-{ +- return (space + QIF_DQBLKSIZE - 1) >> QIF_DQBLKSIZE_BITS; +-} +- + /* Generic routine for getting common part of quota structure */ + static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) + { +@@ -2439,13 +2429,13 @@ static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) + return -EINVAL; + + if (((di->d_fieldmask & QC_SPC_SOFT) && +- stoqb(di->d_spc_softlimit) > dqi->dqi_maxblimit) || ++ di->d_spc_softlimit > dqi->dqi_max_spc_limit) || + ((di->d_fieldmask & QC_SPC_HARD) && +- stoqb(di->d_spc_hardlimit) > dqi->dqi_maxblimit) || ++ di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || + ((di->d_fieldmask & QC_INO_SOFT) && +- (di->d_ino_softlimit > dqi->dqi_maxilimit)) || ++ (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || + ((di->d_fieldmask & QC_INO_HARD) && +- (di->d_ino_hardlimit > dqi->dqi_maxilimit))) ++ (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) + return -ERANGE; + + spin_lock(&dq_data_lock); +diff --git a/fs/quota/quota_v1.c b/fs/quota/quota_v1.c +index 469c684..8fe79be 100644 +--- a/fs/quota/quota_v1.c ++++ b/fs/quota/quota_v1.c +@@ -169,8 +169,8 @@ static int v1_read_file_info(struct super_block *sb, int type) + } + ret = 0; + /* limits are stored as unsigned 32-bit data */ +- dqopt->info[type].dqi_maxblimit = 0xffffffff; +- dqopt->info[type].dqi_maxilimit = 0xffffffff; ++ dqopt->info[type].dqi_max_spc_limit = 0xffffffffULL << QUOTABLOCK_BITS; ++ dqopt->info[type].dqi_max_ino_limit = 0xffffffff; + dqopt->info[type].dqi_igrace = + dqblk.dqb_itime ? dqblk.dqb_itime : MAX_IQ_TIME; + dqopt->info[type].dqi_bgrace = +diff --git a/fs/quota/quota_v2.c b/fs/quota/quota_v2.c +index 02751ec..d1a8054 100644 +--- a/fs/quota/quota_v2.c ++++ b/fs/quota/quota_v2.c +@@ -117,12 +117,12 @@ static int v2_read_file_info(struct super_block *sb, int type) + qinfo = info->dqi_priv; + if (version == 0) { + /* limits are stored as unsigned 32-bit data */ +- info->dqi_maxblimit = 0xffffffff; +- info->dqi_maxilimit = 0xffffffff; ++ info->dqi_max_spc_limit = 0xffffffffULL << QUOTABLOCK_BITS; ++ info->dqi_max_ino_limit = 0xffffffff; + } else { +- /* used space is stored as unsigned 64-bit value */ +- info->dqi_maxblimit = 0xffffffffffffffffULL; /* 2^64-1 */ +- info->dqi_maxilimit = 0xffffffffffffffffULL; ++ /* used space is stored as unsigned 64-bit value in bytes */ ++ info->dqi_max_spc_limit = 0xffffffffffffffffULL; /* 2^64-1 */ ++ info->dqi_max_ino_limit = 0xffffffffffffffffULL; + } + info->dqi_bgrace = le32_to_cpu(dinfo.dqi_bgrace); + info->dqi_igrace = le32_to_cpu(dinfo.dqi_igrace); +diff --git a/fs/udf/inode.c b/fs/udf/inode.c +index 5bc71d9..7b72b7d 100644 +--- a/fs/udf/inode.c ++++ b/fs/udf/inode.c +@@ -1288,6 +1288,7 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode) + struct kernel_lb_addr *iloc = &iinfo->i_location; + unsigned int link_count; + unsigned int indirections = 0; ++ int bs = inode->i_sb->s_blocksize; + int ret = -EIO; + + reread: +@@ -1374,38 +1375,35 @@ reread: + if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_EFE)) { + iinfo->i_efe = 1; + iinfo->i_use = 0; +- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize - ++ ret = udf_alloc_i_data(inode, bs - + sizeof(struct extendedFileEntry)); + if (ret) + goto out; + memcpy(iinfo->i_ext.i_data, + bh->b_data + sizeof(struct extendedFileEntry), +- inode->i_sb->s_blocksize - +- sizeof(struct extendedFileEntry)); ++ bs - sizeof(struct extendedFileEntry)); + } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_FE)) { + iinfo->i_efe = 0; + iinfo->i_use = 0; +- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize - +- sizeof(struct fileEntry)); ++ ret = udf_alloc_i_data(inode, bs - sizeof(struct fileEntry)); + if (ret) + goto out; + memcpy(iinfo->i_ext.i_data, + bh->b_data + sizeof(struct fileEntry), +- inode->i_sb->s_blocksize - sizeof(struct fileEntry)); ++ bs - sizeof(struct fileEntry)); + } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_USE)) { + iinfo->i_efe = 0; + iinfo->i_use = 1; + iinfo->i_lenAlloc = le32_to_cpu( + ((struct unallocSpaceEntry *)bh->b_data)-> + lengthAllocDescs); +- ret = udf_alloc_i_data(inode, inode->i_sb->s_blocksize - ++ ret = udf_alloc_i_data(inode, bs - + sizeof(struct unallocSpaceEntry)); + if (ret) + goto out; + memcpy(iinfo->i_ext.i_data, + bh->b_data + sizeof(struct unallocSpaceEntry), +- inode->i_sb->s_blocksize - +- sizeof(struct unallocSpaceEntry)); ++ bs - sizeof(struct unallocSpaceEntry)); + return 0; + } + +@@ -1489,6 +1487,15 @@ reread: + } + inode->i_generation = iinfo->i_unique; + ++ /* ++ * Sanity check length of allocation descriptors and extended attrs to ++ * avoid integer overflows ++ */ ++ if (iinfo->i_lenEAttr > bs || iinfo->i_lenAlloc > bs) ++ goto out; ++ /* Now do exact checks */ ++ if (udf_file_entry_alloc_offset(inode) + iinfo->i_lenAlloc > bs) ++ goto out; + /* Sanity checks for files in ICB so that we don't get confused later */ + if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { + /* +@@ -1498,8 +1505,7 @@ reread: + if (iinfo->i_lenAlloc != inode->i_size) + goto out; + /* File in ICB has to fit in there... */ +- if (inode->i_size > inode->i_sb->s_blocksize - +- udf_file_entry_alloc_offset(inode)) ++ if (inode->i_size > bs - udf_file_entry_alloc_offset(inode)) + goto out; + } + +diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c +index 79c9819..661666e 100644 +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c +@@ -976,7 +976,11 @@ xfs_bmap_local_to_extents( + *firstblock = args.fsbno; + bp = xfs_btree_get_bufl(args.mp, tp, args.fsbno, 0); + +- /* initialise the block and copy the data */ ++ /* ++ * Initialise the block and copy the data ++ * ++ * Note: init_fn must set the buffer log item type correctly! ++ */ + init_fn(tp, bp, ip, ifp); + + /* account for the change in fork size and log everything */ +diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c +index 5782f03..a7dce9a 100644 +--- a/fs/xfs/libxfs/xfs_symlink_remote.c ++++ b/fs/xfs/libxfs/xfs_symlink_remote.c +@@ -180,6 +180,8 @@ xfs_symlink_local_to_remote( + struct xfs_mount *mp = ip->i_mount; + char *buf; + ++ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SYMLINK_BUF); ++ + if (!xfs_sb_version_hascrc(&mp->m_sb)) { + bp->b_ops = NULL; + memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes); +diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c +index f159695..1a6c9b9 100644 +--- a/fs/xfs/xfs_buf_item.c ++++ b/fs/xfs/xfs_buf_item.c +@@ -319,6 +319,10 @@ xfs_buf_item_format( + ASSERT(atomic_read(&bip->bli_refcount) > 0); + ASSERT((bip->bli_flags & XFS_BLI_LOGGED) || + (bip->bli_flags & XFS_BLI_STALE)); ++ ASSERT((bip->bli_flags & XFS_BLI_STALE) || ++ (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF ++ && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF)); ++ + + /* + * If it is an inode buffer, transfer the in-memory state to the +diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c +index 8ed049d..3cc309a 100644 +--- a/fs/xfs/xfs_inode.c ++++ b/fs/xfs/xfs_inode.c +@@ -2000,6 +2000,7 @@ xfs_iunlink( + agi->agi_unlinked[bucket_index] = cpu_to_be32(agino); + offset = offsetof(xfs_agi_t, agi_unlinked) + + (sizeof(xfs_agino_t) * bucket_index); ++ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF); + xfs_trans_log_buf(tp, agibp, offset, + (offset + sizeof(xfs_agino_t) - 1)); + return 0; +@@ -2091,6 +2092,7 @@ xfs_iunlink_remove( + agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino); + offset = offsetof(xfs_agi_t, agi_unlinked) + + (sizeof(xfs_agino_t) * bucket_index); ++ xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF); + xfs_trans_log_buf(tp, agibp, offset, + (offset + sizeof(xfs_agino_t) - 1)); + } else { +diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c +index d68f230..cf2bc2d 100644 +--- a/fs/xfs/xfs_qm.c ++++ b/fs/xfs/xfs_qm.c +@@ -844,6 +844,11 @@ xfs_qm_reset_dqcounts( + */ + xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR, + "xfs_quotacheck"); ++ /* ++ * Reset type in case we are reusing group quota file for ++ * project quotas or vice versa ++ */ ++ ddq->d_flags = type; + ddq->d_bcount = 0; + ddq->d_icount = 0; + ddq->d_rtbcount = 0; +diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c +index 30e8e34..32dfdb5 100644 +--- a/fs/xfs/xfs_trans.c ++++ b/fs/xfs/xfs_trans.c +@@ -474,6 +474,7 @@ xfs_trans_apply_sb_deltas( + whole = 1; + } + ++ xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF); + if (whole) + /* + * Log the whole thing, the fields are noncontiguous. +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index 1c804b0..7ee1774 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -101,8 +101,10 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, + new_dir_mask |= FS_ISDIR; + } + +- fsnotify(old_dir, old_dir_mask, old_dir, FSNOTIFY_EVENT_INODE, old_name, fs_cookie); +- fsnotify(new_dir, new_dir_mask, new_dir, FSNOTIFY_EVENT_INODE, new_name, fs_cookie); ++ fsnotify(old_dir, old_dir_mask, source, FSNOTIFY_EVENT_INODE, old_name, ++ fs_cookie); ++ fsnotify(new_dir, new_dir_mask, source, FSNOTIFY_EVENT_INODE, new_name, ++ fs_cookie); + + if (target) + fsnotify_link_count(target); +diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h +index 47ebb4f..d77a08d 100644 +--- a/include/linux/nfs_xdr.h ++++ b/include/linux/nfs_xdr.h +@@ -1328,7 +1328,7 @@ struct nfs_commit_completion_ops { + }; + + struct nfs_commit_info { +- spinlock_t *lock; ++ spinlock_t *lock; /* inode->i_lock */ + struct nfs_mds_commit_info *mds; + struct pnfs_ds_commit_info *ds; + struct nfs_direct_req *dreq; /* O_DIRECT request */ +diff --git a/include/linux/quota.h b/include/linux/quota.h +index 224fb81..8b0877f 100644 +--- a/include/linux/quota.h ++++ b/include/linux/quota.h +@@ -211,8 +211,8 @@ struct mem_dqinfo { + unsigned long dqi_flags; + unsigned int dqi_bgrace; + unsigned int dqi_igrace; +- qsize_t dqi_maxblimit; +- qsize_t dqi_maxilimit; ++ qsize_t dqi_max_spc_limit; ++ qsize_t dqi_max_ino_limit; + void *dqi_priv; + }; + +diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h +index 70736b9..b363a0f 100644 +--- a/include/linux/sunrpc/clnt.h ++++ b/include/linux/sunrpc/clnt.h +@@ -57,7 +57,7 @@ struct rpc_clnt { + const struct rpc_timeout *cl_timeout; /* Timeout strategy */ + + int cl_nodelen; /* nodename length */ +- char cl_nodename[UNX_MAXNODENAME]; ++ char cl_nodename[UNX_MAXNODENAME+1]; + struct rpc_pipe_dir_head cl_pipedir_objects; + struct rpc_clnt * cl_parent; /* Points to parent of clones */ + struct rpc_rtt cl_rtt_default; +@@ -109,6 +109,7 @@ struct rpc_create_args { + struct sockaddr *saddress; + const struct rpc_timeout *timeout; + const char *servername; ++ const char *nodename; + const struct rpc_program *program; + u32 prognumber; /* overrides program->number */ + u32 version; +diff --git a/include/linux/usb.h b/include/linux/usb.h +index 447a7e2..3827bff 100644 +--- a/include/linux/usb.h ++++ b/include/linux/usb.h +@@ -127,10 +127,6 @@ enum usb_interface_condition { + * to the sysfs representation for that device. + * @pm_usage_cnt: PM usage counter for this interface + * @reset_ws: Used for scheduling resets from atomic context. +- * @reset_running: set to 1 if the interface is currently running a +- * queued reset so that usb_cancel_queued_reset() doesn't try to +- * remove from the workqueue when running inside the worker +- * thread. See __usb_queue_reset_device(). + * @resetting_device: USB core reset the device, so use alt setting 0 as + * current; needs bandwidth alloc after reset. + * +@@ -181,7 +177,6 @@ struct usb_interface { + unsigned needs_remote_wakeup:1; /* driver requires remote wakeup */ + unsigned needs_altsetting0:1; /* switch to altsetting 0 is pending */ + unsigned needs_binding:1; /* needs delayed unbind/rebind */ +- unsigned reset_running:1; + unsigned resetting_device:1; /* true: bandwidth alloc after reset */ + + struct device dev; /* interface specific device info */ +diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h +index cd96a2b..2f48e17 100644 +--- a/include/linux/usb/hcd.h ++++ b/include/linux/usb/hcd.h +@@ -146,6 +146,8 @@ struct usb_hcd { + unsigned amd_resume_bug:1; /* AMD remote wakeup quirk */ + unsigned can_do_streams:1; /* HC supports streams */ + unsigned tpl_support:1; /* OTG & EH TPL support */ ++ unsigned cant_recv_wakeups:1; ++ /* wakeup requests from downstream aren't received */ + + unsigned int irq; /* irq allocated */ + void __iomem *regs; /* device memory/io */ +@@ -450,6 +452,7 @@ extern const struct dev_pm_ops usb_hcd_pci_pm_ops; + #endif /* CONFIG_PCI */ + + /* pci-ish (pdev null is ok) buffer alloc/mapping support */ ++void usb_init_pool_max(void); + int hcd_buffer_create(struct usb_hcd *hcd); + void hcd_buffer_destroy(struct usb_hcd *hcd); + +diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h +index a6fd939..3ebb168 100644 +--- a/include/net/cipso_ipv4.h ++++ b/include/net/cipso_ipv4.h +@@ -121,13 +121,6 @@ extern int cipso_v4_rbm_strictvalid; + #endif + + /* +- * Helper Functions +- */ +- +-#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0) +-#define CIPSO_V4_OPTPTR(x) (skb_network_header(x) + IPCB(x)->opt.cipso) +- +-/* + * DOI List Functions + */ + +@@ -190,7 +183,7 @@ static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def, + + #ifdef CONFIG_NETLABEL + void cipso_v4_cache_invalidate(void); +-int cipso_v4_cache_add(const struct sk_buff *skb, ++int cipso_v4_cache_add(const unsigned char *cipso_ptr, + const struct netlbl_lsm_secattr *secattr); + #else + static inline void cipso_v4_cache_invalidate(void) +@@ -198,7 +191,7 @@ static inline void cipso_v4_cache_invalidate(void) + return; + } + +-static inline int cipso_v4_cache_add(const struct sk_buff *skb, ++static inline int cipso_v4_cache_add(const unsigned char *cipso_ptr, + const struct netlbl_lsm_secattr *secattr) + { + return 0; +@@ -211,6 +204,8 @@ static inline int cipso_v4_cache_add(const struct sk_buff *skb, + + #ifdef CONFIG_NETLABEL + void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway); ++int cipso_v4_getattr(const unsigned char *cipso, ++ struct netlbl_lsm_secattr *secattr); + int cipso_v4_sock_setattr(struct sock *sk, + const struct cipso_v4_doi *doi_def, + const struct netlbl_lsm_secattr *secattr); +@@ -226,6 +221,7 @@ int cipso_v4_skbuff_setattr(struct sk_buff *skb, + int cipso_v4_skbuff_delattr(struct sk_buff *skb); + int cipso_v4_skbuff_getattr(const struct sk_buff *skb, + struct netlbl_lsm_secattr *secattr); ++unsigned char *cipso_v4_optptr(const struct sk_buff *skb); + int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option); + #else + static inline void cipso_v4_error(struct sk_buff *skb, +@@ -235,6 +231,12 @@ static inline void cipso_v4_error(struct sk_buff *skb, + return; + } + ++static inline int cipso_v4_getattr(const unsigned char *cipso, ++ struct netlbl_lsm_secattr *secattr) ++{ ++ return -ENOSYS; ++} ++ + static inline int cipso_v4_sock_setattr(struct sock *sk, + const struct cipso_v4_doi *doi_def, + const struct netlbl_lsm_secattr *secattr) +@@ -282,6 +284,11 @@ static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb, + return -ENOSYS; + } + ++static inline unsigned char *cipso_v4_optptr(const struct sk_buff *skb) ++{ ++ return NULL; ++} ++ + static inline int cipso_v4_validate(const struct sk_buff *skb, + unsigned char **option) + { +diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c +index 379650b..6ffdc96 100644 +--- a/kernel/debug/kdb/kdb_main.c ++++ b/kernel/debug/kdb/kdb_main.c +@@ -2535,7 +2535,7 @@ static int kdb_summary(int argc, const char **argv) + #define K(x) ((x) << (PAGE_SHIFT - 10)) + kdb_printf("\nMemTotal: %8lu kB\nMemFree: %8lu kB\n" + "Buffers: %8lu kB\n", +- val.totalram, val.freeram, val.bufferram); ++ K(val.totalram), K(val.freeram), K(val.bufferram)); + return 0; + } + +diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c +index 28bf91c..85fb3d6 100644 +--- a/kernel/time/ntp.c ++++ b/kernel/time/ntp.c +@@ -633,10 +633,14 @@ int ntp_validate_timex(struct timex *txc) + if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) + return -EPERM; + +- if (txc->modes & ADJ_FREQUENCY) { +- if (LONG_MIN / PPM_SCALE > txc->freq) ++ /* ++ * Check for potential multiplication overflows that can ++ * only happen on 64-bit systems: ++ */ ++ if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) { ++ if (LLONG_MIN / PPM_SCALE > txc->freq) + return -EINVAL; +- if (LONG_MAX / PPM_SCALE < txc->freq) ++ if (LLONG_MAX / PPM_SCALE < txc->freq) + return -EINVAL; + } + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index a56e07c..f4fbbfc 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -450,7 +450,10 @@ int ring_buffer_print_page_header(struct trace_seq *s) + struct rb_irq_work { + struct irq_work work; + wait_queue_head_t waiters; ++ wait_queue_head_t full_waiters; + bool waiters_pending; ++ bool full_waiters_pending; ++ bool wakeup_full; + }; + + /* +@@ -532,6 +535,10 @@ static void rb_wake_up_waiters(struct irq_work *work) + struct rb_irq_work *rbwork = container_of(work, struct rb_irq_work, work); + + wake_up_all(&rbwork->waiters); ++ if (rbwork->wakeup_full) { ++ rbwork->wakeup_full = false; ++ wake_up_all(&rbwork->full_waiters); ++ } + } + + /** +@@ -556,9 +563,11 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full) + * data in any cpu buffer, or a specific buffer, put the + * caller on the appropriate wait queue. + */ +- if (cpu == RING_BUFFER_ALL_CPUS) ++ if (cpu == RING_BUFFER_ALL_CPUS) { + work = &buffer->irq_work; +- else { ++ /* Full only makes sense on per cpu reads */ ++ full = false; ++ } else { + if (!cpumask_test_cpu(cpu, buffer->cpumask)) + return -ENODEV; + cpu_buffer = buffer->buffers[cpu]; +@@ -567,7 +576,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full) + + + while (true) { +- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE); ++ if (full) ++ prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE); ++ else ++ prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE); + + /* + * The events can happen in critical sections where +@@ -589,7 +601,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full) + * that is necessary is that the wake up happens after + * a task has been queued. It's OK for spurious wake ups. + */ +- work->waiters_pending = true; ++ if (full) ++ work->full_waiters_pending = true; ++ else ++ work->waiters_pending = true; + + if (signal_pending(current)) { + ret = -EINTR; +@@ -618,7 +633,10 @@ int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full) + schedule(); + } + +- finish_wait(&work->waiters, &wait); ++ if (full) ++ finish_wait(&work->full_waiters, &wait); ++ else ++ finish_wait(&work->waiters, &wait); + + return ret; + } +@@ -1233,6 +1251,7 @@ rb_allocate_cpu_buffer(struct ring_buffer *buffer, int nr_pages, int cpu) + init_completion(&cpu_buffer->update_done); + init_irq_work(&cpu_buffer->irq_work.work, rb_wake_up_waiters); + init_waitqueue_head(&cpu_buffer->irq_work.waiters); ++ init_waitqueue_head(&cpu_buffer->irq_work.full_waiters); + + bpage = kzalloc_node(ALIGN(sizeof(*bpage), cache_line_size()), + GFP_KERNEL, cpu_to_node(cpu)); +@@ -2804,6 +2823,8 @@ static void rb_commit(struct ring_buffer_per_cpu *cpu_buffer, + static __always_inline void + rb_wakeups(struct ring_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer) + { ++ bool pagebusy; ++ + if (buffer->irq_work.waiters_pending) { + buffer->irq_work.waiters_pending = false; + /* irq_work_queue() supplies it's own memory barriers */ +@@ -2815,6 +2836,15 @@ rb_wakeups(struct ring_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer) + /* irq_work_queue() supplies it's own memory barriers */ + irq_work_queue(&cpu_buffer->irq_work.work); + } ++ ++ pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page; ++ ++ if (!pagebusy && cpu_buffer->irq_work.full_waiters_pending) { ++ cpu_buffer->irq_work.wakeup_full = true; ++ cpu_buffer->irq_work.full_waiters_pending = false; ++ /* irq_work_queue() supplies it's own memory barriers */ ++ irq_work_queue(&cpu_buffer->irq_work.work); ++ } + } + + /** +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 426962b..72c7134 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -4916,7 +4916,7 @@ tracing_mark_write(struct file *filp, const char __user *ubuf, + *fpos += written; + + out_unlock: +- for (i = 0; i < nr_pages; i++){ ++ for (i = nr_pages - 1; i >= 0; i--) { + kunmap_atomic(map_page[i]); + put_page(pages[i]); + } +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index 9fd7227..f08fec7 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -3659,6 +3659,8 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address, + { + struct page *page; + ++ if (!pmd_present(*pmd)) ++ return NULL; + page = pte_page(*(pte_t *)pmd); + if (page) + page += ((address & ~PMD_MASK) >> PAGE_SHIFT); +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c +index f09b6b6..9ebc394 100644 +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -1392,8 +1392,12 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, + * implementations are not known of and in order to not over + * complicate our implementation, simply pretend that we never + * received an IRK for such a device. ++ * ++ * The Identity Address must also be a Static Random or Public ++ * Address, which hci_is_identity_address() checks for. + */ +- if (!bacmp(&info->bdaddr, BDADDR_ANY)) { ++ if (!bacmp(&info->bdaddr, BDADDR_ANY) || ++ !hci_is_identity_address(&info->bdaddr, info->addr_type)) { + BT_ERR("Ignoring IRK with no identity address"); + goto distribute; + } +diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c +index 6f16428..b0cf1f2 100644 +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -1006,14 +1006,24 @@ static void put_osd(struct ceph_osd *osd) + */ + static void __remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) + { +- dout("__remove_osd %p\n", osd); ++ dout("%s %p osd%d\n", __func__, osd, osd->o_osd); + WARN_ON(!list_empty(&osd->o_requests)); + WARN_ON(!list_empty(&osd->o_linger_requests)); + +- rb_erase(&osd->o_node, &osdc->osds); + list_del_init(&osd->o_osd_lru); +- ceph_con_close(&osd->o_con); +- put_osd(osd); ++ rb_erase(&osd->o_node, &osdc->osds); ++ RB_CLEAR_NODE(&osd->o_node); ++} ++ ++static void remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) ++{ ++ dout("%s %p osd%d\n", __func__, osd, osd->o_osd); ++ ++ if (!RB_EMPTY_NODE(&osd->o_node)) { ++ ceph_con_close(&osd->o_con); ++ __remove_osd(osdc, osd); ++ put_osd(osd); ++ } + } + + static void remove_all_osds(struct ceph_osd_client *osdc) +@@ -1023,7 +1033,7 @@ static void remove_all_osds(struct ceph_osd_client *osdc) + while (!RB_EMPTY_ROOT(&osdc->osds)) { + struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds), + struct ceph_osd, o_node); +- __remove_osd(osdc, osd); ++ remove_osd(osdc, osd); + } + mutex_unlock(&osdc->request_mutex); + } +@@ -1064,7 +1074,7 @@ static void remove_old_osds(struct ceph_osd_client *osdc) + list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) { + if (time_before(jiffies, osd->lru_ttl)) + break; +- __remove_osd(osdc, osd); ++ remove_osd(osdc, osd); + } + mutex_unlock(&osdc->request_mutex); + } +@@ -1079,8 +1089,7 @@ static int __reset_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) + dout("__reset_osd %p osd%d\n", osd, osd->o_osd); + if (list_empty(&osd->o_requests) && + list_empty(&osd->o_linger_requests)) { +- __remove_osd(osdc, osd); +- ++ remove_osd(osdc, osd); + return -ENODEV; + } + +@@ -1884,6 +1893,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc) + { + struct rb_node *p, *n; + ++ dout("%s %p\n", __func__, osdc); + for (p = rb_first(&osdc->osds); p; p = n) { + struct ceph_osd *osd = rb_entry(p, struct ceph_osd, o_node); + +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c +index 4715f25..bc7c966 100644 +--- a/net/ipv4/cipso_ipv4.c ++++ b/net/ipv4/cipso_ipv4.c +@@ -376,20 +376,18 @@ static int cipso_v4_cache_check(const unsigned char *key, + * negative values on failure. + * + */ +-int cipso_v4_cache_add(const struct sk_buff *skb, ++int cipso_v4_cache_add(const unsigned char *cipso_ptr, + const struct netlbl_lsm_secattr *secattr) + { + int ret_val = -EPERM; + u32 bkt; + struct cipso_v4_map_cache_entry *entry = NULL; + struct cipso_v4_map_cache_entry *old_entry = NULL; +- unsigned char *cipso_ptr; + u32 cipso_ptr_len; + + if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0) + return 0; + +- cipso_ptr = CIPSO_V4_OPTPTR(skb); + cipso_ptr_len = cipso_ptr[1]; + + entry = kzalloc(sizeof(*entry), GFP_ATOMIC); +@@ -1577,6 +1575,33 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, + } + + /** ++ * cipso_v4_optptr - Find the CIPSO option in the packet ++ * @skb: the packet ++ * ++ * Description: ++ * Parse the packet's IP header looking for a CIPSO option. Returns a pointer ++ * to the start of the CIPSO option on success, NULL if one if not found. ++ * ++ */ ++unsigned char *cipso_v4_optptr(const struct sk_buff *skb) ++{ ++ const struct iphdr *iph = ip_hdr(skb); ++ unsigned char *optptr = (unsigned char *)&(ip_hdr(skb)[1]); ++ int optlen; ++ int taglen; ++ ++ for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { ++ if (optptr[0] == IPOPT_CIPSO) ++ return optptr; ++ taglen = optptr[1]; ++ optlen -= taglen; ++ optptr += taglen; ++ } ++ ++ return NULL; ++} ++ ++/** + * cipso_v4_validate - Validate a CIPSO option + * @option: the start of the option, on error it is set to point to the error + * +@@ -2117,8 +2142,8 @@ void cipso_v4_req_delattr(struct request_sock *req) + * on success and negative values on failure. + * + */ +-static int cipso_v4_getattr(const unsigned char *cipso, +- struct netlbl_lsm_secattr *secattr) ++int cipso_v4_getattr(const unsigned char *cipso, ++ struct netlbl_lsm_secattr *secattr) + { + int ret_val = -ENOMSG; + u32 doi; +@@ -2303,22 +2328,6 @@ int cipso_v4_skbuff_delattr(struct sk_buff *skb) + return 0; + } + +-/** +- * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option +- * @skb: the packet +- * @secattr: the security attributes +- * +- * Description: +- * Parse the given packet's CIPSO option and return the security attributes. +- * Returns zero on success and negative values on failure. +- * +- */ +-int cipso_v4_skbuff_getattr(const struct sk_buff *skb, +- struct netlbl_lsm_secattr *secattr) +-{ +- return cipso_v4_getattr(CIPSO_V4_OPTPTR(skb), secattr); +-} +- + /* + * Setup Functions + */ +diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c +index a845cd4..28cddc8 100644 +--- a/net/netlabel/netlabel_kapi.c ++++ b/net/netlabel/netlabel_kapi.c +@@ -1065,10 +1065,12 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb, + u16 family, + struct netlbl_lsm_secattr *secattr) + { ++ unsigned char *ptr; ++ + switch (family) { + case AF_INET: +- if (CIPSO_V4_OPTEXIST(skb) && +- cipso_v4_skbuff_getattr(skb, secattr) == 0) ++ ptr = cipso_v4_optptr(skb); ++ if (ptr && cipso_v4_getattr(ptr, secattr) == 0) + return 0; + break; + #if IS_ENABLED(CONFIG_IPV6) +@@ -1094,7 +1096,7 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb, + */ + void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway) + { +- if (CIPSO_V4_OPTEXIST(skb)) ++ if (cipso_v4_optptr(skb)) + cipso_v4_error(skb, error, gateway); + } + +@@ -1126,11 +1128,14 @@ void netlbl_cache_invalidate(void) + int netlbl_cache_add(const struct sk_buff *skb, + const struct netlbl_lsm_secattr *secattr) + { ++ unsigned char *ptr; ++ + if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0) + return -ENOMSG; + +- if (CIPSO_V4_OPTEXIST(skb)) +- return cipso_v4_cache_add(skb, secattr); ++ ptr = cipso_v4_optptr(skb); ++ if (ptr) ++ return cipso_v4_cache_add(ptr, secattr); + + return -ENOMSG; + } +diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c +index 9acd6ce..ae46f01 100644 +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -286,10 +286,8 @@ static struct rpc_xprt *rpc_clnt_set_transport(struct rpc_clnt *clnt, + + static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename) + { +- clnt->cl_nodelen = strlen(nodename); +- if (clnt->cl_nodelen > UNX_MAXNODENAME) +- clnt->cl_nodelen = UNX_MAXNODENAME; +- memcpy(clnt->cl_nodename, nodename, clnt->cl_nodelen); ++ clnt->cl_nodelen = strlcpy(clnt->cl_nodename, ++ nodename, sizeof(clnt->cl_nodename)); + } + + static int rpc_client_register(struct rpc_clnt *clnt, +@@ -360,6 +358,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, + const struct rpc_version *version; + struct rpc_clnt *clnt = NULL; + const struct rpc_timeout *timeout; ++ const char *nodename = args->nodename; + int err; + + /* sanity check the name before trying to print it */ +@@ -415,8 +414,10 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, + + atomic_set(&clnt->cl_count, 1); + ++ if (nodename == NULL) ++ nodename = utsname()->nodename; + /* save the nodename */ +- rpc_clnt_set_nodename(clnt, utsname()->nodename); ++ rpc_clnt_set_nodename(clnt, nodename); + + err = rpc_client_register(clnt, args->authflavor, args->client_name); + if (err) +@@ -571,6 +572,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args, + if (xprt == NULL) + goto out_err; + args->servername = xprt->servername; ++ args->nodename = clnt->cl_nodename; + + new = rpc_new_client(args, xprt, clnt); + if (IS_ERR(new)) { +diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c +index 1891a10..74b75c3 100644 +--- a/net/sunrpc/rpcb_clnt.c ++++ b/net/sunrpc/rpcb_clnt.c +@@ -355,7 +355,8 @@ out: + return result; + } + +-static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname, ++static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename, ++ const char *hostname, + struct sockaddr *srvaddr, size_t salen, + int proto, u32 version) + { +@@ -365,6 +366,7 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname, + .address = srvaddr, + .addrsize = salen, + .servername = hostname, ++ .nodename = nodename, + .program = &rpcb_program, + .version = version, + .authflavor = RPC_AUTH_UNIX, +@@ -740,7 +742,9 @@ void rpcb_getport_async(struct rpc_task *task) + dprintk("RPC: %5u %s: trying rpcbind version %u\n", + task->tk_pid, __func__, bind_version); + +- rpcb_clnt = rpcb_create(xprt->xprt_net, xprt->servername, sap, salen, ++ rpcb_clnt = rpcb_create(xprt->xprt_net, ++ clnt->cl_nodename, ++ xprt->servername, sap, salen, + xprt->prot, bind_version); + if (IS_ERR(rpcb_clnt)) { + status = PTR_ERR(rpcb_clnt); +diff --git a/security/smack/smack.h b/security/smack/smack.h +index b828a37..b48359c 100644 +--- a/security/smack/smack.h ++++ b/security/smack/smack.h +@@ -298,6 +298,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) + return tsp->smk_task; + } + ++static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) ++{ ++ struct smack_known *skp; ++ ++ rcu_read_lock(); ++ skp = smk_of_task(__task_cred(t)->security); ++ rcu_read_unlock(); ++ return skp; ++} ++ + /* + * Present a pointer to the forked smack label entry in an task blob. + */ +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index d515ec2..9d3c64a 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -43,8 +43,6 @@ + #include <linux/binfmts.h> + #include "smack.h" + +-#define task_security(task) (task_cred_xxx((task), security)) +- + #define TRANS_TRUE "TRUE" + #define TRANS_TRUE_SIZE 4 + +@@ -119,7 +117,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, + static int smk_bu_task(struct task_struct *otp, int mode, int rc) + { + struct task_smack *tsp = current_security(); +- struct task_smack *otsp = task_security(otp); ++ struct smack_known *smk_task = smk_of_task_struct(otp); + char acc[SMK_NUM_ACCESS_TYPE + 1]; + + if (rc <= 0) +@@ -127,7 +125,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) + + smk_bu_mode(mode, acc); + pr_info("Smack Bringup: (%s %s %s) %s to %s\n", +- tsp->smk_task->smk_known, otsp->smk_task->smk_known, acc, ++ tsp->smk_task->smk_known, smk_task->smk_known, acc, + current->comm, otp->comm); + return 0; + } +@@ -344,7 +342,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, + saip = &ad; + } + +- tsp = task_security(tracer); ++ rcu_read_lock(); ++ tsp = __task_cred(tracer)->security; + tracer_known = smk_of_task(tsp); + + if ((mode & PTRACE_MODE_ATTACH) && +@@ -364,11 +363,14 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, + tracee_known->smk_known, + 0, rc, saip); + ++ rcu_read_unlock(); + return rc; + } + + /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */ + rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip); ++ ++ rcu_read_unlock(); + return rc; + } + +@@ -395,7 +397,7 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) + if (rc != 0) + return rc; + +- skp = smk_of_task(task_security(ctp)); ++ skp = smk_of_task_struct(ctp); + + rc = smk_ptrace_rule_check(current, skp, mode, __func__); + return rc; +@@ -1825,7 +1827,7 @@ static int smk_curacc_on_task(struct task_struct *p, int access, + const char *caller) + { + struct smk_audit_info ad; +- struct smack_known *skp = smk_of_task(task_security(p)); ++ struct smack_known *skp = smk_of_task_struct(p); + int rc; + + smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); +@@ -1878,7 +1880,7 @@ static int smack_task_getsid(struct task_struct *p) + */ + static void smack_task_getsecid(struct task_struct *p, u32 *secid) + { +- struct smack_known *skp = smk_of_task(task_security(p)); ++ struct smack_known *skp = smk_of_task_struct(p); + + *secid = skp->smk_secid; + } +@@ -1985,7 +1987,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + { + struct smk_audit_info ad; + struct smack_known *skp; +- struct smack_known *tkp = smk_of_task(task_security(p)); ++ struct smack_known *tkp = smk_of_task_struct(p); + int rc; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); +@@ -2039,7 +2041,7 @@ static int smack_task_wait(struct task_struct *p) + static void smack_task_to_inode(struct task_struct *p, struct inode *inode) + { + struct inode_smack *isp = inode->i_security; +- struct smack_known *skp = smk_of_task(task_security(p)); ++ struct smack_known *skp = smk_of_task_struct(p); + + isp->smk_inode = skp; + } +@@ -3199,7 +3201,7 @@ unlockandout: + */ + static int smack_getprocattr(struct task_struct *p, char *name, char **value) + { +- struct smack_known *skp = smk_of_task(task_security(p)); ++ struct smack_known *skp = smk_of_task_struct(p); + char *cp; + int slen; + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index c879c37..50762cf 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -4805,6 +4805,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x18e6, "HP", ALC269_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x218b, "HP", ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED), + /* ALC282 */ ++ SND_PCI_QUIRK(0x103c, 0x21f9, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), + SND_PCI_QUIRK(0x103c, 0x2210, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), + SND_PCI_QUIRK(0x103c, 0x2214, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), + SND_PCI_QUIRK(0x103c, 0x2236, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED), +diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c +index 605d140..6d36c5b 100644 +--- a/sound/pci/hda/patch_sigmatel.c ++++ b/sound/pci/hda/patch_sigmatel.c +@@ -99,6 +99,7 @@ enum { + STAC_HP_ENVY_BASS, + STAC_HP_BNB13_EQ, + STAC_HP_ENVY_TS_BASS, ++ STAC_92HD83XXX_GPIO10_EAPD, + STAC_92HD83XXX_MODELS + }; + +@@ -2141,6 +2142,19 @@ static void stac92hd83xxx_fixup_headset_jack(struct hda_codec *codec, + spec->headset_jack = 1; + } + ++static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec, ++ const struct hda_fixup *fix, ++ int action) ++{ ++ struct sigmatel_spec *spec = codec->spec; ++ ++ if (action != HDA_FIXUP_ACT_PRE_PROBE) ++ return; ++ spec->eapd_mask = spec->gpio_mask = spec->gpio_dir = ++ spec->gpio_data = 0x10; ++ spec->eapd_switch = 0; ++} ++ + static const struct hda_verb hp_bnb13_eq_verbs[] = { + /* 44.1KHz base */ + { 0x22, 0x7A6, 0x3E }, +@@ -2656,6 +2670,10 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = { + {} + }, + }, ++ [STAC_92HD83XXX_GPIO10_EAPD] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = stac92hd83xxx_fixup_gpio10_eapd, ++ }, + }; + + static const struct hda_model_fixup stac92hd83xxx_models[] = { +@@ -2861,6 +2879,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = { + SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x148a, + "HP Mini", STAC_92HD83XXX_HP_LED), + SND_PCI_QUIRK_VENDOR(PCI_VENDOR_ID_HP, "HP", STAC_92HD83XXX_HP), ++ SND_PCI_QUIRK(PCI_VENDOR_ID_TOSHIBA, 0xfa91, ++ "Toshiba Satellite S50D", STAC_92HD83XXX_GPIO10_EAPD), + {} /* terminator */ + }; + +diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c +index 6abc2ac..e768572 100644 +--- a/sound/pci/riptide/riptide.c ++++ b/sound/pci/riptide/riptide.c +@@ -2030,32 +2030,43 @@ snd_riptide_joystick_probe(struct pci_dev *pci, const struct pci_device_id *id) + { + static int dev; + struct gameport *gameport; ++ int ret; + + if (dev >= SNDRV_CARDS) + return -ENODEV; ++ + if (!enable[dev]) { +- dev++; +- return -ENOENT; ++ ret = -ENOENT; ++ goto inc_dev; + } + +- if (!joystick_port[dev++]) +- return 0; ++ if (!joystick_port[dev]) { ++ ret = 0; ++ goto inc_dev; ++ } + + gameport = gameport_allocate_port(); +- if (!gameport) +- return -ENOMEM; ++ if (!gameport) { ++ ret = -ENOMEM; ++ goto inc_dev; ++ } + if (!request_region(joystick_port[dev], 8, "Riptide gameport")) { + snd_printk(KERN_WARNING + "Riptide: cannot grab gameport 0x%x\n", + joystick_port[dev]); + gameport_free_port(gameport); +- return -EBUSY; ++ ret = -EBUSY; ++ goto inc_dev; + } + + gameport->io = joystick_port[dev]; + gameport_register_port(gameport); + pci_set_drvdata(pci, gameport); +- return 0; ++ ++ ret = 0; ++inc_dev: ++ dev++; ++ return ret; + } + + static void snd_riptide_joystick_remove(struct pci_dev *pci) +diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c +index 52d86af..fcf91ee 100644 +--- a/sound/pci/rme9652/hdspm.c ++++ b/sound/pci/rme9652/hdspm.c +@@ -6114,6 +6114,9 @@ static int snd_hdspm_playback_open(struct snd_pcm_substream *substream) + snd_pcm_hw_constraint_minmax(runtime, + SNDRV_PCM_HW_PARAM_PERIOD_SIZE, + 64, 8192); ++ snd_pcm_hw_constraint_minmax(runtime, ++ SNDRV_PCM_HW_PARAM_PERIODS, ++ 2, 2); + break; + } + +@@ -6188,6 +6191,9 @@ static int snd_hdspm_capture_open(struct snd_pcm_substream *substream) + snd_pcm_hw_constraint_minmax(runtime, + SNDRV_PCM_HW_PARAM_PERIOD_SIZE, + 64, 8192); ++ snd_pcm_hw_constraint_minmax(runtime, ++ SNDRV_PCM_HW_PARAM_PERIODS, ++ 2, 2); + break; + } + +diff --git a/sound/soc/codecs/rt5670.c b/sound/soc/codecs/rt5670.c +index 9bd8b4f..7134f9e 100644 +--- a/sound/soc/codecs/rt5670.c ++++ b/sound/soc/codecs/rt5670.c +@@ -2439,6 +2439,7 @@ static struct snd_soc_codec_driver soc_codec_dev_rt5670 = { + static const struct regmap_config rt5670_regmap = { + .reg_bits = 8, + .val_bits = 16, ++ .use_single_rw = true, + .max_register = RT5670_VENDOR_ID2 + 1 + (ARRAY_SIZE(rt5670_ranges) * + RT5670_PR_SPACING), + .volatile_reg = rt5670_volatile_register, +diff --git a/sound/soc/davinci/Kconfig b/sound/soc/davinci/Kconfig +index 8e948c6..2b81ca4 100644 +--- a/sound/soc/davinci/Kconfig ++++ b/sound/soc/davinci/Kconfig +@@ -58,13 +58,12 @@ choice + depends on MACH_DAVINCI_DM365_EVM + + config SND_DM365_AIC3X_CODEC +- bool "Audio Codec - AIC3101" ++ tristate "Audio Codec - AIC3101" + help + Say Y if you want to add support for AIC3101 audio codec + + config SND_DM365_VOICE_CODEC + tristate "Voice Codec - CQ93VC" +- depends on SND_DAVINCI_SOC + select MFD_DAVINCI_VOICECODEC + select SND_DAVINCI_SOC_VCIF + select SND_SOC_CQ0093VC +diff --git a/sound/soc/pxa/mioa701_wm9713.c b/sound/soc/pxa/mioa701_wm9713.c +index 595eee3..a08a877 100644 +--- a/sound/soc/pxa/mioa701_wm9713.c ++++ b/sound/soc/pxa/mioa701_wm9713.c +@@ -81,7 +81,7 @@ static int rear_amp_power(struct snd_soc_codec *codec, int power) + static int rear_amp_event(struct snd_soc_dapm_widget *widget, + struct snd_kcontrol *kctl, int event) + { +- struct snd_soc_codec *codec = widget->codec; ++ struct snd_soc_codec *codec = widget->dapm->card->rtd[0].codec; + + return rear_amp_power(codec, SND_SOC_DAPM_EVENT_ON(event)); + } +diff --git a/tools/perf/util/cloexec.c b/tools/perf/util/cloexec.c +index 47b78b3..6da965b 100644 +--- a/tools/perf/util/cloexec.c ++++ b/tools/perf/util/cloexec.c +@@ -25,6 +25,10 @@ static int perf_flag_probe(void) + if (cpu < 0) + cpu = 0; + ++ /* ++ * Using -1 for the pid is a workaround to avoid gratuitous jump label ++ * changes. ++ */ + while (1) { + /* check cloexec flag */ + fd = sys_perf_event_open(&attr, pid, cpu, -1, +@@ -47,16 +51,24 @@ static int perf_flag_probe(void) + err, strerror_r(err, sbuf, sizeof(sbuf))); + + /* not supported, confirm error related to PERF_FLAG_FD_CLOEXEC */ +- fd = sys_perf_event_open(&attr, pid, cpu, -1, 0); ++ while (1) { ++ fd = sys_perf_event_open(&attr, pid, cpu, -1, 0); ++ if (fd < 0 && pid == -1 && errno == EACCES) { ++ pid = 0; ++ continue; ++ } ++ break; ++ } + err = errno; + ++ if (fd >= 0) ++ close(fd); ++ + if (WARN_ONCE(fd < 0 && err != EBUSY, + "perf_event_open(..., 0) failed unexpectedly with error %d (%s)\n", + err, strerror_r(err, sbuf, sizeof(sbuf)))) + return -1; + +- close(fd); +- + return 0; + } + diff --git a/3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch b/3.18.9/4420_grsecurity-3.1-3.18.9-201503071142.patch index 70b99d6..dfa314e 100644 --- a/3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch +++ b/3.18.9/4420_grsecurity-3.1-3.18.9-201503071142.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 0b3f8a1..2b1f2b6 100644 +index 62b3338..fba6407 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1614,7 +1614,7 @@ index abb2c37..96db950 100644 #include <asm-generic/cmpxchg-local.h> diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h -index 6ddbe44..b5e38b1 100644 +index 6ddbe44..b5e38b1a 100644 --- a/arch/arm/include/asm/domain.h +++ b/arch/arm/include/asm/domain.h @@ -48,18 +48,37 @@ @@ -5605,7 +5605,7 @@ index 6b33457..88b5124 100644 return 0; } diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h -index 40b3ee9..8c2c112 100644 +index 40b3ee98..8c2c112 100644 --- a/arch/m32r/include/asm/cache.h +++ b/arch/m32r/include/asm/cache.h @@ -1,8 +1,10 @@ @@ -6340,7 +6340,7 @@ index b4db69f..8f3b093 100644 #define SMP_CACHE_SHIFT L1_CACHE_SHIFT #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h -index 1d38fe0..9beabc9 100644 +index 1d38fe0..9beabc9d 100644 --- a/arch/mips/include/asm/elf.h +++ b/arch/mips/include/asm/elf.h @@ -381,13 +381,16 @@ extern const char *__elf_platform; @@ -6510,7 +6510,7 @@ index b336037..5b874cc 100644 /* diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h -index d6d1928..ce4f822 100644 +index bc3fc4f..e2483f0 100644 --- a/arch/mips/include/asm/pgtable.h +++ b/arch/mips/include/asm/pgtable.h @@ -20,6 +20,9 @@ @@ -6869,10 +6869,10 @@ index d255a2a..916271c 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c -index e3b21e5..ea5ff7c 100644 +index 270bbd4..c01932a 100644 --- a/arch/mips/kvm/mips.c +++ b/arch/mips/kvm/mips.c -@@ -805,7 +805,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) +@@ -815,7 +815,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) return r; } @@ -8825,10 +8825,22 @@ index 9485b43..3bd3c16 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile -index 502cf69..822e63b 100644 +index 502cf69..53936a1 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile -@@ -27,6 +27,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog +@@ -15,6 +15,11 @@ CFLAGS_prom_init.o += -fPIC + CFLAGS_btext.o += -fPIC + endif + ++CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++ + ifdef CONFIG_FUNCTION_TRACER + # Do not trace early boot code + CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog +@@ -27,6 +32,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog endif @@ -12770,7 +12782,7 @@ index bd49ec6..94c7f58 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 6a1a845..0ad2dae 100644 +index 30c0acf..48c3a77 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -12825,6 +12837,21 @@ index a53440e..c3dbf1e 100644 ENDPROC(efi_call_phys) .previous +diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S +index 630384a..278e788 100644 +--- a/arch/x86/boot/compressed/efi_thunk_64.S ++++ b/arch/x86/boot/compressed/efi_thunk_64.S +@@ -189,8 +189,8 @@ efi_gdt64: + .long 0 /* Filled out by user */ + .word 0 + .quad 0x0000000000000000 /* NULL descriptor */ +- .quad 0x00af9a000000ffff /* __KERNEL_CS */ +- .quad 0x00cf92000000ffff /* __KERNEL_DS */ ++ .quad 0x00af9b000000ffff /* __KERNEL_CS */ ++ .quad 0x00cf93000000ffff /* __KERNEL_DS */ + .quad 0x0080890000000000 /* TS descriptor */ + .quad 0x0000000000000000 /* TS continued */ + efi_gdt64_end: diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 1d7fbbc..36ecd58 100644 --- a/arch/x86/boot/compressed/head_32.S @@ -20591,10 +20618,10 @@ index 8f1e774..9b4c381 100644 obj-$(CONFIG_X86_64) += mcount_64.o obj-y += syscall_$(BITS).o vsyscall_gtod.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index a142e77..6222cdd 100644 +index a3eadfd..56fdd27 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c -@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) +@@ -1282,7 +1282,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) * If your system is blacklisted here, but you find that acpi=force * works for you, please contact linux-acpi@vger.kernel.org */ @@ -20603,7 +20630,7 @@ index a142e77..6222cdd 100644 /* * Boxes that need ACPI disabled */ -@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { +@@ -1357,7 +1357,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { }; /* second table for DMI checks that should run after early-quirks */ @@ -23079,7 +23106,7 @@ index 344b63f..55adf14 100644 #endif diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c0226ab..0d1dc48 100644 +index c0226ab..386eb53 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -23674,7 +23701,7 @@ index c0226ab..0d1dc48 100644 /* * A newly forked process directly context switches into this address. -@@ -331,7 +793,7 @@ ENTRY(ret_from_fork) +@@ -331,25 +793,26 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23682,9 +23709,19 @@ index c0226ab..0d1dc48 100644 + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? jz 1f - testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -341,15 +803,13 @@ ENTRY(ret_from_fork) - jmp ret_from_sys_call # go to the SYSRET fastpath +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call 1: - subq $REST_SKIP, %rsp # leave space for volatiles @@ -23700,7 +23737,7 @@ index c0226ab..0d1dc48 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -386,7 +846,7 @@ END(ret_from_fork) +@@ -386,7 +849,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23709,7 +23746,7 @@ index c0226ab..0d1dc48 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs) +@@ -399,16 +862,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23735,7 +23772,7 @@ index c0226ab..0d1dc48 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -432,10 +899,13 @@ sysret_check: +@@ -432,10 +902,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23750,7 +23787,7 @@ index c0226ab..0d1dc48 100644 /* * sysretq will re-enable interrupts: */ -@@ -494,12 +964,15 @@ sysret_audit: +@@ -494,12 +967,15 @@ sysret_audit: /* Do syscall tracing */ tracesys: @@ -23768,7 +23805,7 @@ index c0226ab..0d1dc48 100644 jmp system_call_fastpath /* and return to the fast path */ tracesys_phase2: -@@ -510,12 +983,14 @@ tracesys_phase2: +@@ -510,12 +986,14 @@ tracesys_phase2: movq %rax,%rdx call syscall_trace_enter_phase2 @@ -23784,7 +23821,7 @@ index c0226ab..0d1dc48 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -545,7 +1020,9 @@ GLOBAL(int_with_check) +@@ -545,7 +1023,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23795,7 +23832,7 @@ index c0226ab..0d1dc48 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -591,7 +1068,7 @@ int_restore_rest: +@@ -591,7 +1071,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23804,7 +23841,7 @@ index c0226ab..0d1dc48 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -604,9 +1081,10 @@ ENTRY(stub_\func) +@@ -604,9 +1084,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23817,7 +23854,7 @@ index c0226ab..0d1dc48 100644 .endm .macro FIXED_FRAME label,func -@@ -616,9 +1094,10 @@ ENTRY(\label) +@@ -616,9 +1097,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23829,7 +23866,7 @@ index c0226ab..0d1dc48 100644 .endm FORK_LIKE clone -@@ -626,19 +1105,6 @@ END(\label) +@@ -626,19 +1108,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23849,7 +23886,7 @@ index c0226ab..0d1dc48 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -650,7 +1116,7 @@ ENTRY(stub_execve) +@@ -650,7 +1119,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23858,7 +23895,7 @@ index c0226ab..0d1dc48 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn) +@@ -667,7 +1136,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23867,7 +23904,7 @@ index c0226ab..0d1dc48 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -681,7 +1150,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23876,7 +23913,7 @@ index c0226ab..0d1dc48 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve) +@@ -695,7 +1164,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23885,7 +23922,7 @@ index c0226ab..0d1dc48 100644 #endif -@@ -732,7 +1198,7 @@ vector=vector+1 +@@ -732,7 +1201,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23894,7 +23931,7 @@ index c0226ab..0d1dc48 100644 .previous END(interrupt) -@@ -749,8 +1215,8 @@ END(interrupt) +@@ -749,8 +1218,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -23905,7 +23942,7 @@ index c0226ab..0d1dc48 100644 SAVE_ARGS_IRQ call \func .endm -@@ -773,14 +1239,14 @@ ret_from_intr: +@@ -773,14 +1242,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -23924,7 +23961,7 @@ index c0226ab..0d1dc48 100644 je retint_kernel /* Interrupt came from user space */ -@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */ +@@ -802,12 +1271,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23960,7 +23997,7 @@ index c0226ab..0d1dc48 100644 /* * The iretq could re-enable interrupts: */ -@@ -845,15 +1334,15 @@ native_irq_return_ldt: +@@ -845,15 +1337,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -23981,7 +24018,7 @@ index c0226ab..0d1dc48 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -907,7 +1396,7 @@ ENTRY(retint_kernel) +@@ -907,7 +1399,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -23990,7 +24027,7 @@ index c0226ab..0d1dc48 100644 /* * APIC interrupts. -@@ -921,7 +1410,7 @@ ENTRY(\sym) +@@ -921,7 +1413,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23999,7 +24036,7 @@ index c0226ab..0d1dc48 100644 .endm #ifdef CONFIG_TRACING -@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \ +@@ -994,7 +1486,7 @@ apicinterrupt IRQ_WORK_VECTOR \ /* * Exception entry points. */ @@ -24008,7 +24045,7 @@ index c0226ab..0d1dc48 100644 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 ENTRY(\sym) -@@ -1045,6 +1534,12 @@ ENTRY(\sym) +@@ -1045,6 +1537,12 @@ ENTRY(\sym) .endif .if \shift_ist != -1 @@ -24021,7 +24058,7 @@ index c0226ab..0d1dc48 100644 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist) .endif -@@ -1061,7 +1556,7 @@ ENTRY(\sym) +@@ -1061,7 +1559,7 @@ ENTRY(\sym) .endif CFI_ENDPROC @@ -24030,7 +24067,7 @@ index c0226ab..0d1dc48 100644 .endm #ifdef CONFIG_TRACING -@@ -1102,9 +1597,10 @@ gs_change: +@@ -1102,9 +1600,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24042,7 +24079,7 @@ index c0226ab..0d1dc48 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack) +@@ -1132,9 +1631,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24054,7 +24091,7 @@ index c0226ab..0d1dc48 100644 #ifdef CONFIG_XEN idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0 -@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1172,7 +1672,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24063,7 +24100,7 @@ index c0226ab..0d1dc48 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback) +@@ -1231,7 +1731,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24072,7 +24109,7 @@ index c0226ab..0d1dc48 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit) +@@ -1278,18 +1778,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24108,7 +24145,7 @@ index c0226ab..0d1dc48 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1318,7 +1830,7 @@ paranoid_schedule: +@@ -1318,7 +1833,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24117,7 +24154,7 @@ index c0226ab..0d1dc48 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1345,12 +1857,23 @@ ENTRY(error_entry) +@@ -1345,12 +1860,23 @@ ENTRY(error_entry) movq %r14, R14+8(%rsp) movq %r15, R15+8(%rsp) xorl %ebx,%ebx @@ -24142,7 +24179,7 @@ index c0226ab..0d1dc48 100644 ret /* -@@ -1385,7 +1908,7 @@ error_bad_iret: +@@ -1385,7 +1911,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -24151,7 +24188,7 @@ index c0226ab..0d1dc48 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1396,7 +1919,7 @@ ENTRY(error_exit) +@@ -1396,7 +1922,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24160,7 +24197,7 @@ index c0226ab..0d1dc48 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1405,7 +1928,7 @@ ENTRY(error_exit) +@@ -1405,7 +1931,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24169,7 +24206,7 @@ index c0226ab..0d1dc48 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1463,9 +1986,11 @@ ENTRY(nmi) +@@ -1463,9 +1989,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24182,7 +24219,7 @@ index c0226ab..0d1dc48 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1499,8 +2024,7 @@ nested_nmi: +@@ -1499,8 +2027,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24192,7 +24229,7 @@ index c0226ab..0d1dc48 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1518,6 +2042,7 @@ nested_nmi_out: +@@ -1518,6 +2045,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24200,7 +24237,7 @@ index c0226ab..0d1dc48 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1614,13 +2139,13 @@ end_repeat_nmi: +@@ -1614,13 +2142,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24216,7 +24253,7 @@ index c0226ab..0d1dc48 100644 DEFAULT_FRAME 0 /* -@@ -1630,9 +2155,9 @@ end_repeat_nmi: +@@ -1630,9 +2158,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24228,7 +24265,7 @@ index c0226ab..0d1dc48 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1641,29 +2166,34 @@ end_repeat_nmi: +@@ -1641,29 +2169,34 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28902,7 +28939,7 @@ index ed70394..c629a68 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 506488c..f8df17e 100644 +index 8b92cf4..ee50439 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -732,6 +732,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); @@ -28914,7 +28951,7 @@ index 506488c..f8df17e 100644 if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) { kvm_mmu_sync_roots(vcpu); kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -@@ -1878,8 +1880,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1879,8 +1881,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -28925,7 +28962,7 @@ index 506488c..f8df17e 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2806,6 +2808,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2807,6 +2809,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -28934,7 +28971,7 @@ index 506488c..f8df17e 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5743,7 +5747,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5744,7 +5748,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -32499,7 +32536,7 @@ index 4d8ee82..ffc1011 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index 207d9aef..69030980 100644 +index 448ee89..88fe381 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c @@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, @@ -32539,10 +32576,10 @@ index 4500142..53a363c 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8b977eb..4732c33 100644 +index 006cc91..bf05a83 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -80,23 +80,24 @@ int pud_huge(pud_t pud) +@@ -86,23 +86,24 @@ int pud_huge(pud_t pud) #ifdef CONFIG_HUGETLB_PAGE static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, unsigned long addr, unsigned long len, @@ -32570,7 +32607,7 @@ index 8b977eb..4732c33 100644 { struct hstate *h = hstate_file(file); struct vm_unmapped_area_info info; -@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -114,6 +115,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, info.high_limit = current->mm->mmap_base; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -32578,7 +32615,7 @@ index 8b977eb..4732c33 100644 addr = vm_unmapped_area(&info); /* -@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -126,6 +128,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -32591,7 +32628,7 @@ index 8b977eb..4732c33 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -140,10 +148,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -32613,7 +32650,7 @@ index 8b977eb..4732c33 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -152,19 +170,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -33345,10 +33382,10 @@ index b4f2e7e..96c9c3e 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 919b912..9267313 100644 +index df4552b..12c129c 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c -@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) +@@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void) * Leave an at least ~128 MB hole with possible stack randomization. */ #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) @@ -34949,7 +34986,7 @@ index 040192b..7d3300f 100644 .long 0 efi_rt_function_ptr: diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S -index 5fcda72..cd4dc41 100644 +index 86d0f9e..6d499f4 100644 --- a/arch/x86/platform/efi/efi_stub_64.S +++ b/arch/x86/platform/efi/efi_stub_64.S @@ -11,6 +11,7 @@ @@ -34968,17 +35005,6 @@ index 5fcda72..cd4dc41 100644 ret ENDPROC(efi_call) -@@ -245,8 +247,8 @@ efi_gdt64: - .long 0 /* Filled out by user */ - .word 0 - .quad 0x0000000000000000 /* NULL descriptor */ -- .quad 0x00af9a000000ffff /* __KERNEL_CS */ -- .quad 0x00cf92000000ffff /* __KERNEL_DS */ -+ .quad 0x00af9b000000ffff /* __KERNEL_CS */ -+ .quad 0x00cf93000000ffff /* __KERNEL_DS */ - .quad 0x0080890000000000 /* TS descriptor */ - .quad 0x0000000000000000 /* TS continued */ - efi_gdt64_end: diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c index 1bbedc4..eb795b5 100644 --- a/arch/x86/platform/intel-mid/intel-mid.c @@ -38948,7 +38974,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 04645c0..6416f00 100644 +index 9cd6968..6416f00 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -38974,30 +39000,6 @@ index 04645c0..6416f00 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], -@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f) - __u32 c = f->pool[2], d = f->pool[3]; - - a += b; c += d; -- b = rol32(a, 6); d = rol32(c, 27); -+ b = rol32(b, 6); d = rol32(d, 27); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 16); d = rol32(c, 14); -+ b = rol32(b, 16); d = rol32(d, 14); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 6); d = rol32(c, 27); -+ b = rol32(b, 6); d = rol32(d, 27); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 16); d = rol32(c, 14); -+ b = rol32(b, 16); d = rol32(d, 14); - d ^= a; b ^= c; - - f->pool[0] = a; f->pool[1] = b; @@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ @@ -39287,7 +39289,7 @@ index f657c57..31d97ae 100644 ret = cpufreq_register_driver(&dt_cpufreq_driver); if (ret) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 4473eba..a4c9dc2 100644 +index e3bf702..4dbf06c 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -2122,7 +2122,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) @@ -44876,10 +44878,10 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 40b35be..a327e11 100644 +index 2f2f38f..f6a8ebe 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1932,7 +1932,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -44888,7 +44890,7 @@ index 40b35be..a327e11 100644 } sectors -= s; sect += s; -@@ -2164,7 +2164,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, !test_bit(Faulty, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -44961,7 +44963,7 @@ index 32e282f..5cec803 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index b98765f..09e86d5 100644 +index 8577cc7..e80e05d 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -48537,7 +48539,7 @@ index bfb0b6e..5c396ce 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 880cc09..6a68ba6 100644 +index 880cc09..764aee1 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) @@ -48549,7 +48551,33 @@ index 880cc09..6a68ba6 100644 .kind = "macvtap", .setup = macvtap_setup, .newlink = macvtap_newlink, -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, + } /* else everything is zero */ + } + ++/* Neighbour code has some assumptions on HH_DATA_MOD alignment */ ++#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN) ++ + /* Get packet from user space buffer */ + static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + const struct iovec *iv, unsigned long total_len, + size_t count, int noblock) + { +- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN); ++ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE); + struct sk_buff *skb; + struct macvlan_dev *vlan; + unsigned long len = total_len; +@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + linear = vnet_hdr.hdr_len; + } + +- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen, ++ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen, + linear, noblock, &err); + if (!skb) + goto err; +@@ -1020,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -48558,7 +48586,7 @@ index 880cc09..6a68ba6 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1190,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -52059,7 +52087,7 @@ index dd8c8d6..4cdf6a1 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 6035444..c82edd4 100644 +index 843594c..b1dc3b2 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1138,7 +1138,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -53179,10 +53207,10 @@ index 47ca0f3..3c0b803 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 7c4447a..70fbc1e 100644 +index 082304d..d8360ec 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -830,8 +830,10 @@ static void __init unix98_pty_init(void) +@@ -833,8 +833,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -54299,7 +54327,7 @@ index 0b59731..46ee7d1 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index a6efb41..6f72549b 100644 +index 0009fc8..483f7e5 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1551,7 +1551,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -54321,7 +54349,7 @@ index a6efb41..6f72549b 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index b649fef..c7107a0 100644 +index 2246954..d75b0b1 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -26,6 +26,7 @@ @@ -54344,7 +54372,7 @@ index b649fef..c7107a0 100644 unit_load = 150; else diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index f7b7713..23d07ec 100644 +index f368d20..0c30ac5 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -128,7 +128,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev, @@ -54388,7 +54416,7 @@ index 1236c60..d47a51c 100644 static DEVICE_ATTR_RO(urbnum); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index 2dd2362..1135437 100644 +index 29ee936..55e3f99 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -433,7 +433,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, @@ -58550,7 +58578,7 @@ index 929dec0..84bd914 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index d8fc060..cbd44d5 100644 +index e1efcaa..ff55158 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -59067,7 +59095,7 @@ index d8fc060..cbd44d5 100644 * libraries. There is no binary dependent code anywhere else. @@ -556,6 +917,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { - unsigned int random_variable = 0; + unsigned long random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK + if (current->mm->pax_flags & MF_PAX_RANDMMAP) @@ -59076,8 +59104,8 @@ index d8fc060..cbd44d5 100644 + if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { - random_variable = get_random_int() & STACK_RND_MASK; -@@ -574,7 +940,7 @@ static int load_elf_binary(struct linux_binprm *bprm) + random_variable = (unsigned long) get_random_int(); +@@ -575,7 +941,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -59086,7 +59114,7 @@ index d8fc060..cbd44d5 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -589,6 +955,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -590,6 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm) struct elfhdr elf_ex; struct elfhdr interp_elf_ex; } *loc; @@ -59094,7 +59122,7 @@ index d8fc060..cbd44d5 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -726,6 +1093,77 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -727,6 +1094,77 @@ static int load_elf_binary(struct linux_binprm *bprm) /* Do this immediately, since STACK_TOP as used in setup_arg_pages may depend on the personality. */ SET_PERSONALITY(loc->elf_ex); @@ -59172,7 +59200,7 @@ index d8fc060..cbd44d5 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -811,6 +1249,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -812,6 +1250,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -59193,7 +59221,7 @@ index d8fc060..cbd44d5 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -842,9 +1294,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -843,9 +1295,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -59206,7 +59234,7 @@ index d8fc060..cbd44d5 100644 /* set_brk can never work. Avoid overflows. */ retval = -EINVAL; goto out_free_dentry; -@@ -880,16 +1332,43 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -881,16 +1333,43 @@ static int load_elf_binary(struct linux_binprm *bprm) if (retval) goto out_free_dentry; if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -59255,7 +59283,7 @@ index d8fc060..cbd44d5 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1115,7 +1594,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1116,7 +1595,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -59264,7 +59292,7 @@ index d8fc060..cbd44d5 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1153,7 +1632,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1154,7 +1633,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -59273,7 +59301,7 @@ index d8fc060..cbd44d5 100644 goto whole; /* -@@ -1360,9 +1839,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1361,9 +1840,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -59285,7 +59313,7 @@ index d8fc060..cbd44d5 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1371,7 +1850,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1372,7 +1851,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -59294,7 +59322,7 @@ index d8fc060..cbd44d5 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -1995,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1996,14 +2475,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -59311,7 +59339,7 @@ index d8fc060..cbd44d5 100644 return size; } -@@ -2093,7 +2572,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2094,7 +2573,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -59320,7 +59348,7 @@ index d8fc060..cbd44d5 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2121,7 +2600,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2122,7 +2601,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -59329,7 +59357,7 @@ index d8fc060..cbd44d5 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2154,7 +2633,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2155,7 +2634,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -59338,7 +59366,7 @@ index d8fc060..cbd44d5 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2195,6 +2674,167 @@ out: +@@ -2196,6 +2675,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -59520,7 +59548,7 @@ index 1d9c9f3..2905786 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 150822e..75bb326 100644 +index c81ce0c..0d23e5c 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1173,9 +1173,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -64884,7 +64912,7 @@ index bbde147..f4deeba 100644 get_mnt_ns(mnt_ns); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c -index f4ccfe6..a5cf064 100644 +index 02f8d09..a5c25d1 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -51,7 +51,7 @@ struct callback_op { @@ -67147,7 +67175,7 @@ index 510413eb..34d9a8c 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 4e0388c..fc6a0e1 100644 +index e8972bc..64ee778 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -13,12 +13,19 @@ @@ -67313,7 +67341,7 @@ index 4e0388c..fc6a0e1 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1447,6 +1497,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1451,6 +1501,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -67327,7 +67355,7 @@ index 4e0388c..fc6a0e1 100644 if (!mm) return 0; -@@ -1468,11 +1525,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1472,11 +1529,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy); } @@ -68255,7 +68283,7 @@ index 64e83ef..b6be154 100644 } fdput(f); diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c -index 79c9819..22226b4 100644 +index 661666e..e1c7ec2 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -583,7 +583,7 @@ xfs_bmap_validate_ret( @@ -81386,10 +81414,10 @@ index 115bb81..e7b812b 100644 /* * fscache cached network filesystem type diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index 1c804b0..1432c2b 100644 +index 7ee1774..72505b8 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h -@@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file) +@@ -197,6 +197,9 @@ static inline void fsnotify_access(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_ACCESS; @@ -81399,7 +81427,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -213,6 +216,9 @@ static inline void fsnotify_modify(struct file *file) +@@ -215,6 +218,9 @@ static inline void fsnotify_modify(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_MODIFY; @@ -81409,7 +81437,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -315,7 +321,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) +@@ -317,7 +323,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) */ static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name) { @@ -84643,7 +84671,7 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; diff --git a/include/linux/quota.h b/include/linux/quota.h -index 224fb81..9d85c41 100644 +index 8b0877f..b1071c5 100644 --- a/include/linux/quota.h +++ b/include/linux/quota.h @@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */ @@ -85628,7 +85656,7 @@ index 07d8e53..dc934c9 100644 #endif /* _LINUX_SUNRPC_ADDR_H */ diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 70736b9..37f33db 100644 +index b363a0f..f09861d 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -97,7 +97,7 @@ struct rpc_procinfo { @@ -86060,10 +86088,10 @@ index 99c1b4d..562e6f3 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 447a7e2..9cea7e9 100644 +index 3827bff..f1730fc 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -571,7 +571,7 @@ struct usb_device { +@@ -566,7 +566,7 @@ struct usb_device { int maxchild; u32 quirks; @@ -86072,7 +86100,7 @@ index 447a7e2..9cea7e9 100644 unsigned long active_duration; -@@ -1655,7 +1655,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, +@@ -1650,7 +1650,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, extern int usb_control_msg(struct usb_device *dev, unsigned int pipe, __u8 request, __u8 requesttype, __u16 value, __u16 index, @@ -88987,7 +89015,7 @@ index 1adf62b..7736e06 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 379650b..30c5180 100644 +index 6ffdc96..af24441 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1977,7 +1977,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -89248,10 +89276,17 @@ index 2116aac..d95df2a 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 9b7d746..5b898ab 100644 +index 9b7d746..6083ebb 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -183,6 +183,48 @@ void thread_info_cache_init(void) +@@ -177,12 +177,54 @@ static void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, 0, NULL); ++ THREAD_SIZE, SLAB_USERCOPY, NULL); + BUG_ON(thread_info_cache == NULL); + } # endif #endif @@ -94206,7 +94241,7 @@ index 124e2c7..762ca29 100644 /* make curr_ret_stack visible before we add the ret_stack */ smp_wmb(); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index a56e07c..d46f0ba 100644 +index f4fbbfc..ebb5622 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -94221,7 +94256,7 @@ index a56e07c..d46f0ba 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu { +@@ -476,8 +476,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; @@ -94232,7 +94267,7 @@ index a56e07c..d46f0ba 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1050,8 +1050,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -94243,7 +94278,7 @@ index a56e07c..d46f0ba 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1079,8 +1079,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -94254,7 +94289,7 @@ index a56e07c..d46f0ba 100644 /* * No need to worry about races with clearing out the commit. -@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1448,12 +1448,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -94269,7 +94304,7 @@ index a56e07c..d46f0ba 100644 } static int -@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1548,7 +1548,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -94278,7 +94313,7 @@ index a56e07c..d46f0ba 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2110,7 +2110,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -94287,7 +94322,7 @@ index a56e07c..d46f0ba 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -94296,7 +94331,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2295,7 +2295,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -94305,7 +94340,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2307,7 +2307,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -94314,7 +94349,7 @@ index a56e07c..d46f0ba 100644 } /* -@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2333,7 +2333,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -94323,7 +94358,7 @@ index a56e07c..d46f0ba 100644 goto out_reset; } -@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2389,7 +2389,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -94332,7 +94367,7 @@ index a56e07c..d46f0ba 100644 goto out_reset; } } -@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2437,7 +2437,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -94341,7 +94376,7 @@ index a56e07c..d46f0ba 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2461,7 +2461,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -94350,7 +94385,7 @@ index a56e07c..d46f0ba 100644 /* * If this is the first commit on the page, then update -@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2494,7 +2494,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -94359,7 +94394,7 @@ index a56e07c..d46f0ba 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2504,7 +2504,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -94368,7 +94403,7 @@ index a56e07c..d46f0ba 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2907,7 +2907,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -94377,7 +94412,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2919,7 +2919,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -94386,7 +94421,7 @@ index a56e07c..d46f0ba 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3173,7 +3173,7 @@ static inline unsigned long +@@ -3203,7 +3203,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -94395,7 +94430,7 @@ index a56e07c..d46f0ba 100644 } /** -@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3292,7 +3292,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94404,7 +94439,7 @@ index a56e07c..d46f0ba 100644 return ret; } -@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3315,7 +3315,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94413,7 +94448,7 @@ index a56e07c..d46f0ba 100644 return ret; } -@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3400,7 +3400,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -94422,7 +94457,7 @@ index a56e07c..d46f0ba 100644 } return overruns; -@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3571,8 +3571,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -94433,7 +94468,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3606,7 +3606,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -94442,7 +94477,7 @@ index a56e07c..d46f0ba 100644 /* * Here's the tricky part. -@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4178,8 +4178,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -94453,7 +94488,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4189,14 +4189,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -94472,7 +94507,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4601,8 +4601,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -94484,7 +94519,7 @@ index a56e07c..d46f0ba 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 426962b..e8e2d9a 100644 +index 72c7134..581f360 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -95786,7 +95821,7 @@ index 123bcd3..0de52ba 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 9fd7227..5628939 100644 +index f08fec7..8742ef8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -101330,6 +101365,19 @@ index 8e385a0..a5bdd8e 100644 tty_port_close(&dev->port, tty, filp); } +diff --git a/net/bridge/br.c b/net/bridge/br.c +index 44425af..4ee730e 100644 +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -147,6 +147,8 @@ static int __init br_init(void) + { + int err; + ++ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb)); ++ + err = stp_proto_register(&br_stp_proto); + if (err < 0) { + pr_err("bridge: can't register sap for STP\n"); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index e5ec470..cbfabd1 100644 --- a/net/bridge/br_netlink.c @@ -102057,7 +102105,7 @@ index 443256b..bbff424 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index ca82629..66264f7 100644 +index ca82629..f168c36 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -102104,6 +102152,17 @@ index ca82629..66264f7 100644 goto nla_put_failure; if (1) { +@@ -2077,6 +2080,10 @@ replay: + if (IS_ERR(dest_net)) + return PTR_ERR(dest_net); + ++ err = -EPERM; ++ if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN)) ++ goto out; ++ + dev = rtnl_create_link(dest_net, ifname, name_assign_type, ops, tb); + if (IS_ERR(dev)) { + err = PTR_ERR(dev); diff --git a/net/core/scm.c b/net/core/scm.c index b442e7e..6f5b5a2 100644 --- a/net/core/scm.c @@ -103051,7 +103110,7 @@ index e90f83a..3e6acca 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 5638b17..22c8e65 100644 +index 5638b17..dec7fa3 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103063,7 +103122,38 @@ index 5638b17..22c8e65 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk) + kgid_t low, high; + int ret = 0; + ++ if (sk->sk_family == AF_INET6) ++ sk->sk_ipv6only = 1; ++ + inet_get_ping_group_range_net(net, &low, &high); + if (gid_lte(low, group) && gid_lte(group, high)) + return 0; +@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + if (addr_len < sizeof(*addr)) + return -EINVAL; + ++ if (addr->sin_family != AF_INET && ++ !(addr->sin_family == AF_UNSPEC && ++ addr->sin_addr.s_addr == htonl(INADDR_ANY))) ++ return -EAFNOSUPPORT; ++ + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n", + sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port)); + +@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + return -EINVAL; + + if (addr->sin6_family != AF_INET6) +- return -EINVAL; ++ return -EAFNOSUPPORT; + + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n", + sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port)); +@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -103072,7 +103162,7 @@ index 5638b17..22c8e65 100644 scoped); rcu_read_unlock(); -@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -103081,7 +103171,7 @@ index 5638b17..22c8e65 100644 #endif } -@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -103090,7 +103180,16 @@ index 5638b17..22c8e65 100644 info, (u8 *)icmph); #endif } -@@ -910,10 +910,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m + if (msg->msg_namelen < sizeof(*usin)) + return -EINVAL; + if (usin->sin_family != AF_INET) +- return -EINVAL; ++ return -EAFNOSUPPORT; + daddr = usin->sin_addr.s_addr; + /* no remote port */ + } else { +@@ -910,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -103103,7 +103202,7 @@ index 5638b17..22c8e65 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1108,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1108,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -104114,10 +104213,23 @@ index 6f187c8..34b367f 100644 return -ENOMEM; } diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c -index 5b7a1ed..d9da205 100644 +index 5b7a1ed..83e96de 100644 --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c -@@ -240,6 +240,24 @@ static struct pernet_operations ping_v6_net_ops = { +@@ -102,9 +102,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + + if (msg->msg_name) { + DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name); +- if (msg->msg_namelen < sizeof(struct sockaddr_in6) || +- u->sin6_family != AF_INET6) { ++ if (msg->msg_namelen < sizeof(*u)) + return -EINVAL; ++ if (u->sin6_family != AF_INET6) { ++ return -EAFNOSUPPORT; + } + if (sk->sk_bound_dev_if && + sk->sk_bound_dev_if != u->sin6_scope_id) { +@@ -240,6 +241,24 @@ static struct pernet_operations ping_v6_net_ops = { }; #endif @@ -104142,7 +104254,7 @@ index 5b7a1ed..d9da205 100644 int __init pingv6_init(void) { #ifdef CONFIG_PROC_FS -@@ -247,13 +265,7 @@ int __init pingv6_init(void) +@@ -247,13 +266,7 @@ int __init pingv6_init(void) if (ret) return ret; #endif @@ -104157,7 +104269,7 @@ index 5b7a1ed..d9da205 100644 return inet6_register_protosw(&pingv6_protosw); } -@@ -262,14 +274,9 @@ int __init pingv6_init(void) +@@ -262,14 +275,9 @@ int __init pingv6_init(void) */ void pingv6_exit(void) { @@ -105023,6 +105135,18 @@ index 6081329..ab23834 100644 return -EBUSY; if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) { +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index 900632a2..80ce44f 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -563,6 +563,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx) + if (tx->sdata->control_port_no_encrypt) + info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; + info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; ++ info->flags |= IEEE80211_TX_CTL_USE_MINRATE; + } + + return TX_CONTINUE; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 3c61060..7bed2e3 100644 --- a/net/mac80211/util.c @@ -106903,10 +107027,10 @@ index 0663621..c4928d4 100644 goto out_nomem; cd->u.procfs.channel_ent = NULL; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 9acd6ce..4353a72 100644 +index ae46f01..d337da8 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task) +@@ -1430,7 +1430,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -109689,10 +109813,10 @@ index 1450f85..a91e0bc 100644 } rtnl_unlock(); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index d515ec2..8a4ca71 100644 +index 9d3c64a..76e336e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -4079,7 +4079,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -4081,7 +4081,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -118386,10 +118510,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..f2bd55d +index 0000000..1f45ba9 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6031 @@ +@@ -0,0 +1,6032 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -119009,6 +119133,7 @@ index 0000000..f2bd55d +tpl_write_6998 tpl_write 3 6998 NULL +cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL +tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL ++copy_items_7012 copy_items 7 7012 NULL +ld_usb_write_7022 ld_usb_write 3 7022 NULL +wimax_msg_7030 wimax_msg 4 7030 NULL +ceph_kvmalloc_7033 ceph_kvmalloc 1 7033 NULL diff --git a/3.18.8/4425_grsec_remove_EI_PAX.patch b/3.18.9/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.18.8/4425_grsec_remove_EI_PAX.patch +++ b/3.18.9/4425_grsec_remove_EI_PAX.patch diff --git a/3.18.8/4427_force_XATTR_PAX_tmpfs.patch b/3.18.9/4427_force_XATTR_PAX_tmpfs.patch index 22c9273..22c9273 100644 --- a/3.18.8/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.18.9/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.18.8/4430_grsec-remove-localversion-grsec.patch b/3.18.9/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.18.8/4430_grsec-remove-localversion-grsec.patch +++ b/3.18.9/4430_grsec-remove-localversion-grsec.patch diff --git a/3.18.8/4435_grsec-mute-warnings.patch b/3.18.9/4435_grsec-mute-warnings.patch index 0585e08..0585e08 100644 --- a/3.18.8/4435_grsec-mute-warnings.patch +++ b/3.18.9/4435_grsec-mute-warnings.patch diff --git a/3.18.8/4440_grsec-remove-protected-paths.patch b/3.18.9/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.18.8/4440_grsec-remove-protected-paths.patch +++ b/3.18.9/4440_grsec-remove-protected-paths.patch diff --git a/3.18.8/4450_grsec-kconfig-default-gids.patch b/3.18.9/4450_grsec-kconfig-default-gids.patch index 5c025da..5c025da 100644 --- a/3.18.8/4450_grsec-kconfig-default-gids.patch +++ b/3.18.9/4450_grsec-kconfig-default-gids.patch diff --git a/3.18.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.18.9/4465_selinux-avc_audit-log-curr_ip.patch index ba89596..ba89596 100644 --- a/3.18.8/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.18.9/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.18.8/4470_disable-compat_vdso.patch b/3.18.9/4470_disable-compat_vdso.patch index 0a0c524..0a0c524 100644 --- a/3.18.8/4470_disable-compat_vdso.patch +++ b/3.18.9/4470_disable-compat_vdso.patch diff --git a/3.18.8/4475_emutramp_default_on.patch b/3.18.9/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.18.8/4475_emutramp_default_on.patch +++ b/3.18.9/4475_emutramp_default_on.patch diff --git a/3.2.67/0000_README b/3.2.68/0000_README index 54feb50..57cb977 100644 --- a/3.2.67/0000_README +++ b/3.2.68/0000_README @@ -186,7 +186,11 @@ Patch: 1066_linux-3.2.67.patch From: http://www.kernel.org Desc: Linux 3.2.67 -Patch: 4420_grsecurity-3.1-3.2.67-201502271837.patch +Patch: 1067_linux-3.2.68.patch +From: http://www.kernel.org +Desc: Linux 3.2.68 + +Patch: 4420_grsecurity-3.1-3.2.68-201503071137.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.67/1021_linux-3.2.22.patch b/3.2.68/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.67/1021_linux-3.2.22.patch +++ b/3.2.68/1021_linux-3.2.22.patch diff --git a/3.2.67/1022_linux-3.2.23.patch b/3.2.68/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.67/1022_linux-3.2.23.patch +++ b/3.2.68/1022_linux-3.2.23.patch diff --git a/3.2.67/1023_linux-3.2.24.patch b/3.2.68/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.67/1023_linux-3.2.24.patch +++ b/3.2.68/1023_linux-3.2.24.patch diff --git a/3.2.67/1024_linux-3.2.25.patch b/3.2.68/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.67/1024_linux-3.2.25.patch +++ b/3.2.68/1024_linux-3.2.25.patch diff --git a/3.2.67/1025_linux-3.2.26.patch b/3.2.68/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.67/1025_linux-3.2.26.patch +++ b/3.2.68/1025_linux-3.2.26.patch diff --git a/3.2.67/1026_linux-3.2.27.patch b/3.2.68/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.67/1026_linux-3.2.27.patch +++ b/3.2.68/1026_linux-3.2.27.patch diff --git a/3.2.67/1027_linux-3.2.28.patch b/3.2.68/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.67/1027_linux-3.2.28.patch +++ b/3.2.68/1027_linux-3.2.28.patch diff --git a/3.2.67/1028_linux-3.2.29.patch b/3.2.68/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.67/1028_linux-3.2.29.patch +++ b/3.2.68/1028_linux-3.2.29.patch diff --git a/3.2.67/1029_linux-3.2.30.patch b/3.2.68/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.67/1029_linux-3.2.30.patch +++ b/3.2.68/1029_linux-3.2.30.patch diff --git a/3.2.67/1030_linux-3.2.31.patch b/3.2.68/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.67/1030_linux-3.2.31.patch +++ b/3.2.68/1030_linux-3.2.31.patch diff --git a/3.2.67/1031_linux-3.2.32.patch b/3.2.68/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.67/1031_linux-3.2.32.patch +++ b/3.2.68/1031_linux-3.2.32.patch diff --git a/3.2.67/1032_linux-3.2.33.patch b/3.2.68/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.67/1032_linux-3.2.33.patch +++ b/3.2.68/1032_linux-3.2.33.patch diff --git a/3.2.67/1033_linux-3.2.34.patch b/3.2.68/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.67/1033_linux-3.2.34.patch +++ b/3.2.68/1033_linux-3.2.34.patch diff --git a/3.2.67/1034_linux-3.2.35.patch b/3.2.68/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.67/1034_linux-3.2.35.patch +++ b/3.2.68/1034_linux-3.2.35.patch diff --git a/3.2.67/1035_linux-3.2.36.patch b/3.2.68/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.67/1035_linux-3.2.36.patch +++ b/3.2.68/1035_linux-3.2.36.patch diff --git a/3.2.67/1036_linux-3.2.37.patch b/3.2.68/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.67/1036_linux-3.2.37.patch +++ b/3.2.68/1036_linux-3.2.37.patch diff --git a/3.2.67/1037_linux-3.2.38.patch b/3.2.68/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.67/1037_linux-3.2.38.patch +++ b/3.2.68/1037_linux-3.2.38.patch diff --git a/3.2.67/1038_linux-3.2.39.patch b/3.2.68/1038_linux-3.2.39.patch index 5639e92..5639e92 100644 --- a/3.2.67/1038_linux-3.2.39.patch +++ b/3.2.68/1038_linux-3.2.39.patch diff --git a/3.2.67/1039_linux-3.2.40.patch b/3.2.68/1039_linux-3.2.40.patch index f26b39c..f26b39c 100644 --- a/3.2.67/1039_linux-3.2.40.patch +++ b/3.2.68/1039_linux-3.2.40.patch diff --git a/3.2.67/1040_linux-3.2.41.patch b/3.2.68/1040_linux-3.2.41.patch index 0d27fcb..0d27fcb 100644 --- a/3.2.67/1040_linux-3.2.41.patch +++ b/3.2.68/1040_linux-3.2.41.patch diff --git a/3.2.67/1041_linux-3.2.42.patch b/3.2.68/1041_linux-3.2.42.patch index 77a08ed..77a08ed 100644 --- a/3.2.67/1041_linux-3.2.42.patch +++ b/3.2.68/1041_linux-3.2.42.patch diff --git a/3.2.67/1042_linux-3.2.43.patch b/3.2.68/1042_linux-3.2.43.patch index a3f878b..a3f878b 100644 --- a/3.2.67/1042_linux-3.2.43.patch +++ b/3.2.68/1042_linux-3.2.43.patch diff --git a/3.2.67/1043_linux-3.2.44.patch b/3.2.68/1043_linux-3.2.44.patch index 3d5e6ff..3d5e6ff 100644 --- a/3.2.67/1043_linux-3.2.44.patch +++ b/3.2.68/1043_linux-3.2.44.patch diff --git a/3.2.67/1044_linux-3.2.45.patch b/3.2.68/1044_linux-3.2.45.patch index 44e1767..44e1767 100644 --- a/3.2.67/1044_linux-3.2.45.patch +++ b/3.2.68/1044_linux-3.2.45.patch diff --git a/3.2.67/1045_linux-3.2.46.patch b/3.2.68/1045_linux-3.2.46.patch index bc10efd..bc10efd 100644 --- a/3.2.67/1045_linux-3.2.46.patch +++ b/3.2.68/1045_linux-3.2.46.patch diff --git a/3.2.67/1046_linux-3.2.47.patch b/3.2.68/1046_linux-3.2.47.patch index b74563c..b74563c 100644 --- a/3.2.67/1046_linux-3.2.47.patch +++ b/3.2.68/1046_linux-3.2.47.patch diff --git a/3.2.67/1047_linux-3.2.48.patch b/3.2.68/1047_linux-3.2.48.patch index 6d55b1f..6d55b1f 100644 --- a/3.2.67/1047_linux-3.2.48.patch +++ b/3.2.68/1047_linux-3.2.48.patch diff --git a/3.2.67/1048_linux-3.2.49.patch b/3.2.68/1048_linux-3.2.49.patch index 2dab0cf..2dab0cf 100644 --- a/3.2.67/1048_linux-3.2.49.patch +++ b/3.2.68/1048_linux-3.2.49.patch diff --git a/3.2.67/1049_linux-3.2.50.patch b/3.2.68/1049_linux-3.2.50.patch index 20b3015..20b3015 100644 --- a/3.2.67/1049_linux-3.2.50.patch +++ b/3.2.68/1049_linux-3.2.50.patch diff --git a/3.2.67/1050_linux-3.2.51.patch b/3.2.68/1050_linux-3.2.51.patch index 5d5832b..5d5832b 100644 --- a/3.2.67/1050_linux-3.2.51.patch +++ b/3.2.68/1050_linux-3.2.51.patch diff --git a/3.2.67/1051_linux-3.2.52.patch b/3.2.68/1051_linux-3.2.52.patch index 94b9359..94b9359 100644 --- a/3.2.67/1051_linux-3.2.52.patch +++ b/3.2.68/1051_linux-3.2.52.patch diff --git a/3.2.67/1052_linux-3.2.53.patch b/3.2.68/1052_linux-3.2.53.patch index 986d714..986d714 100644 --- a/3.2.67/1052_linux-3.2.53.patch +++ b/3.2.68/1052_linux-3.2.53.patch diff --git a/3.2.67/1053_linux-3.2.54.patch b/3.2.68/1053_linux-3.2.54.patch index a907496..a907496 100644 --- a/3.2.67/1053_linux-3.2.54.patch +++ b/3.2.68/1053_linux-3.2.54.patch diff --git a/3.2.67/1054_linux-3.2.55.patch b/3.2.68/1054_linux-3.2.55.patch index 6071ff5..6071ff5 100644 --- a/3.2.67/1054_linux-3.2.55.patch +++ b/3.2.68/1054_linux-3.2.55.patch diff --git a/3.2.67/1055_linux-3.2.56.patch b/3.2.68/1055_linux-3.2.56.patch index 2e8239c..2e8239c 100644 --- a/3.2.67/1055_linux-3.2.56.patch +++ b/3.2.68/1055_linux-3.2.56.patch diff --git a/3.2.67/1056_linux-3.2.57.patch b/3.2.68/1056_linux-3.2.57.patch index 7b8f174..7b8f174 100644 --- a/3.2.67/1056_linux-3.2.57.patch +++ b/3.2.68/1056_linux-3.2.57.patch diff --git a/3.2.67/1057_linux-3.2.58.patch b/3.2.68/1057_linux-3.2.58.patch index db5723a..db5723a 100644 --- a/3.2.67/1057_linux-3.2.58.patch +++ b/3.2.68/1057_linux-3.2.58.patch diff --git a/3.2.67/1058_linux-3.2.59.patch b/3.2.68/1058_linux-3.2.59.patch index cd59fe9..cd59fe9 100644 --- a/3.2.67/1058_linux-3.2.59.patch +++ b/3.2.68/1058_linux-3.2.59.patch diff --git a/3.2.67/1059_linux-3.2.60.patch b/3.2.68/1059_linux-3.2.60.patch index c5a9389..c5a9389 100644 --- a/3.2.67/1059_linux-3.2.60.patch +++ b/3.2.68/1059_linux-3.2.60.patch diff --git a/3.2.67/1060_linux-3.2.61.patch b/3.2.68/1060_linux-3.2.61.patch index a1bf580..a1bf580 100644 --- a/3.2.67/1060_linux-3.2.61.patch +++ b/3.2.68/1060_linux-3.2.61.patch diff --git a/3.2.67/1061_linux-3.2.62.patch b/3.2.68/1061_linux-3.2.62.patch index 34217f0..34217f0 100644 --- a/3.2.67/1061_linux-3.2.62.patch +++ b/3.2.68/1061_linux-3.2.62.patch diff --git a/3.2.67/1062_linux-3.2.63.patch b/3.2.68/1062_linux-3.2.63.patch index f7c7415..f7c7415 100644 --- a/3.2.67/1062_linux-3.2.63.patch +++ b/3.2.68/1062_linux-3.2.63.patch diff --git a/3.2.67/1063_linux-3.2.64.patch b/3.2.68/1063_linux-3.2.64.patch index 862b4f0..862b4f0 100644 --- a/3.2.67/1063_linux-3.2.64.patch +++ b/3.2.68/1063_linux-3.2.64.patch diff --git a/3.2.67/1064_linux-3.2.65.patch b/3.2.68/1064_linux-3.2.65.patch index c3ae4fa..c3ae4fa 100644 --- a/3.2.67/1064_linux-3.2.65.patch +++ b/3.2.68/1064_linux-3.2.65.patch diff --git a/3.2.67/1065_linux-3.2.66.patch b/3.2.68/1065_linux-3.2.66.patch index 73fa646..73fa646 100644 --- a/3.2.67/1065_linux-3.2.66.patch +++ b/3.2.68/1065_linux-3.2.66.patch diff --git a/3.2.67/1066_linux-3.2.67.patch b/3.2.68/1066_linux-3.2.67.patch index c0a9278..c0a9278 100644 --- a/3.2.67/1066_linux-3.2.67.patch +++ b/3.2.68/1066_linux-3.2.67.patch diff --git a/3.2.68/1067_linux-3.2.68.patch b/3.2.68/1067_linux-3.2.68.patch new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/3.2.68/1067_linux-3.2.68.patch diff --git a/3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201503071137.patch index 51ee248..202a229 100644 --- a/3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch +++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201503071137.patch @@ -278,7 +278,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index 70769fb..720ab16 100644 +index 2e7cbda..ed00cfe 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3155,6 +3155,19 @@ index 0f01de2..d37d309 100644 #define __cacheline_aligned __aligned(L1_CACHE_BYTES) #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) +diff --git a/arch/hexagon/kernel/process.c b/arch/hexagon/kernel/process.c +index 18c4f0b..2c2d8624 100644 +--- a/arch/hexagon/kernel/process.c ++++ b/arch/hexagon/kernel/process.c +@@ -264,7 +264,7 @@ void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, 0, NULL); ++ THREAD_SIZE, SLAB_USERCOPY, NULL); + BUG_ON(thread_info_cache == NULL); + } + diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig index 27489b6..45ab736 100644 --- a/arch/ia64/Kconfig @@ -3749,7 +3762,7 @@ index 00cb0e2..2ad8024 100644 down_write(¤t->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h -index 40b3ee9..8c2c112 100644 +index 40b3ee98..8c2c112 100644 --- a/arch/m32r/include/asm/cache.h +++ b/arch/m32r/include/asm/cache.h @@ -1,8 +1,10 @@ @@ -5729,10 +5742,22 @@ index bd0fb84..a40ed3a 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile -index ce4f7f1..ee682a0 100644 +index ce4f7f1..fed0f27 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile -@@ -26,6 +26,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog +@@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC + CFLAGS_btext.o += -fPIC + endif + ++CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++ + ifdef CONFIG_FUNCTION_TRACER + # Do not trace early boot code + CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog +@@ -26,6 +31,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog endif @@ -5867,7 +5892,7 @@ index 2e3200c..7118986 100644 sechdrs, module); #endif diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index d687e3f..074a8cd 100644 +index d687e3f..d2a6750 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs) @@ -5903,7 +5928,13 @@ index d687e3f..074a8cd 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1255,58 +1255,3 @@ void thread_info_cache_init(void) +@@ -1250,63 +1250,8 @@ void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, 0, NULL); ++ THREAD_SIZE, SLAB_USERCOPY, NULL); + BUG_ON(thread_info_cache == NULL); } #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -6921,6 +6952,19 @@ index 03f2b55..b0270327 100644 .notifier_call = shx3_cpu_callback, }; +diff --git a/arch/sh/kernel/process.c b/arch/sh/kernel/process.c +index 325f98b..6fdc4f7 100644 +--- a/arch/sh/kernel/process.c ++++ b/arch/sh/kernel/process.c +@@ -54,7 +54,7 @@ void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, SLAB_PANIC, NULL); ++ THREAD_SIZE, SLAB_PANIC | SLAB_USERCOPY, NULL); + } + #else + struct thread_info *alloc_thread_info_node(struct task_struct *tsk, int node) diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c index afeb710..8da5c79 100644 --- a/arch/sh/mm/mmap.c @@ -19678,7 +19722,7 @@ index 0fa4f89..dbbfa58 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 9d28dbac..d5f7d1d 100644 +index 9d28dbac..30e8c80 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -56,6 +56,8 @@ @@ -20161,7 +20205,7 @@ index 9d28dbac..d5f7d1d 100644 /* * A newly forked process directly context switches into this address. -@@ -411,7 +726,7 @@ ENTRY(ret_from_fork) +@@ -411,17 +726,20 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -20169,9 +20213,19 @@ index 9d28dbac..d5f7d1d 100644 + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? je int_ret_from_sys_call - testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -421,7 +736,7 @@ ENTRY(ret_from_fork) - jmp ret_from_sys_call # go to the SYSRET fastpath +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call CFI_ENDPROC -END(ret_from_fork) @@ -20179,7 +20233,7 @@ index 9d28dbac..d5f7d1d 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -457,7 +772,7 @@ END(ret_from_fork) +@@ -457,7 +775,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -20188,7 +20242,7 @@ index 9d28dbac..d5f7d1d 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -470,12 +785,18 @@ ENTRY(system_call_after_swapgs) +@@ -470,12 +788,18 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -20208,7 +20262,7 @@ index 9d28dbac..d5f7d1d 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -504,6 +825,8 @@ sysret_check: +@@ -504,6 +828,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -20217,7 +20271,7 @@ index 9d28dbac..d5f7d1d 100644 /* * sysretq will re-enable interrupts: */ -@@ -562,6 +885,9 @@ auditsys: +@@ -562,6 +888,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call audit_syscall_entry @@ -20227,7 +20281,7 @@ index 9d28dbac..d5f7d1d 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -592,12 +918,15 @@ tracesys: +@@ -592,12 +921,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -20244,7 +20298,7 @@ index 9d28dbac..d5f7d1d 100644 RESTORE_REST cmpq $__NR_syscall_max,%rax ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ -@@ -613,7 +942,7 @@ tracesys: +@@ -613,7 +945,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -20253,7 +20307,7 @@ index 9d28dbac..d5f7d1d 100644 je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -624,7 +953,9 @@ GLOBAL(int_with_check) +@@ -624,7 +956,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -20264,7 +20318,7 @@ index 9d28dbac..d5f7d1d 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -670,7 +1001,7 @@ int_restore_rest: +@@ -670,7 +1004,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -20273,7 +20327,7 @@ index 9d28dbac..d5f7d1d 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -678,15 +1009,13 @@ END(system_call) +@@ -678,15 +1012,13 @@ END(system_call) .macro PTREGSCALL label,func,arg ENTRY(\label) PARTIAL_FRAME 1 8 /* offset 8: return address */ @@ -20290,7 +20344,7 @@ index 9d28dbac..d5f7d1d 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -701,12 +1030,17 @@ ENTRY(ptregscall_common) +@@ -701,12 +1033,17 @@ ENTRY(ptregscall_common) movq_cfi_restore R15+8, r15 movq_cfi_restore R14+8, r14 movq_cfi_restore R13+8, r13 @@ -20310,7 +20364,7 @@ index 9d28dbac..d5f7d1d 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -721,7 +1055,7 @@ ENTRY(stub_execve) +@@ -721,7 +1058,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -20319,7 +20373,7 @@ index 9d28dbac..d5f7d1d 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -739,7 +1073,7 @@ ENTRY(stub_rt_sigreturn) +@@ -739,7 +1076,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -20328,7 +20382,7 @@ index 9d28dbac..d5f7d1d 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -774,7 +1108,7 @@ vector=vector+1 +@@ -774,7 +1111,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -20337,7 +20391,7 @@ index 9d28dbac..d5f7d1d 100644 .previous END(interrupt) -@@ -791,8 +1125,8 @@ END(interrupt) +@@ -791,8 +1128,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -20348,7 +20402,7 @@ index 9d28dbac..d5f7d1d 100644 SAVE_ARGS_IRQ call \func .endm -@@ -819,13 +1153,13 @@ ret_from_intr: +@@ -819,13 +1156,13 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi CFI_DEF_CFA_REGISTER rsi @@ -20365,7 +20419,7 @@ index 9d28dbac..d5f7d1d 100644 je retint_kernel /* Interrupt came from user space */ -@@ -847,12 +1181,16 @@ retint_swapgs: /* return to user-space */ +@@ -847,12 +1184,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -20382,7 +20436,7 @@ index 9d28dbac..d5f7d1d 100644 /* * The iretq could re-enable interrupts: */ -@@ -890,15 +1228,15 @@ native_irq_return_ldt: +@@ -890,15 +1231,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -20403,7 +20457,7 @@ index 9d28dbac..d5f7d1d 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -954,7 +1292,7 @@ ENTRY(retint_kernel) +@@ -954,7 +1295,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -20412,7 +20466,7 @@ index 9d28dbac..d5f7d1d 100644 /* * End of kprobes section -@@ -971,7 +1309,7 @@ ENTRY(\sym) +@@ -971,7 +1312,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -20421,7 +20475,7 @@ index 9d28dbac..d5f7d1d 100644 .endm #ifdef CONFIG_SMP -@@ -1041,7 +1379,7 @@ ENTRY(\sym) +@@ -1041,7 +1382,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -20430,7 +20484,7 @@ index 9d28dbac..d5f7d1d 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1058,10 +1396,10 @@ ENTRY(\sym) +@@ -1058,10 +1399,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -20443,7 +20497,7 @@ index 9d28dbac..d5f7d1d 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1073,12 +1411,18 @@ ENTRY(\sym) +@@ -1073,12 +1414,18 @@ ENTRY(\sym) TRACE_IRQS_OFF movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -20463,7 +20517,7 @@ index 9d28dbac..d5f7d1d 100644 .endm .macro errorentry sym do_sym -@@ -1095,7 +1439,7 @@ ENTRY(\sym) +@@ -1095,7 +1442,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -20472,7 +20526,7 @@ index 9d28dbac..d5f7d1d 100644 .endm /* error code is on the stack already */ -@@ -1114,7 +1458,7 @@ ENTRY(\sym) +@@ -1114,7 +1461,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -20481,7 +20535,7 @@ index 9d28dbac..d5f7d1d 100644 .endm zeroentry divide_error do_divide_error -@@ -1144,9 +1488,10 @@ gs_change: +@@ -1144,9 +1491,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -20493,7 +20547,7 @@ index 9d28dbac..d5f7d1d 100644 .section __ex_table,"a" .align 8 -@@ -1168,13 +1513,14 @@ ENTRY(kernel_thread_helper) +@@ -1168,13 +1516,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -20509,7 +20563,7 @@ index 9d28dbac..d5f7d1d 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1201,11 +1547,11 @@ ENTRY(kernel_execve) +@@ -1201,11 +1550,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -20523,7 +20577,7 @@ index 9d28dbac..d5f7d1d 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1223,9 +1569,10 @@ ENTRY(call_softirq) +@@ -1223,9 +1572,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -20535,7 +20589,7 @@ index 9d28dbac..d5f7d1d 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1263,7 +1610,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1263,7 +1613,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -20544,7 +20598,7 @@ index 9d28dbac..d5f7d1d 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1322,7 +1669,7 @@ ENTRY(xen_failsafe_callback) +@@ -1322,7 +1672,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -20553,7 +20607,7 @@ index 9d28dbac..d5f7d1d 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1371,16 +1718,31 @@ ENTRY(paranoid_exit) +@@ -1371,16 +1721,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -20586,7 +20640,7 @@ index 9d28dbac..d5f7d1d 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1409,7 +1771,7 @@ paranoid_schedule: +@@ -1409,7 +1774,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -20595,7 +20649,7 @@ index 9d28dbac..d5f7d1d 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1436,12 +1798,23 @@ ENTRY(error_entry) +@@ -1436,12 +1801,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -20620,7 +20674,7 @@ index 9d28dbac..d5f7d1d 100644 ret /* -@@ -1475,7 +1848,7 @@ error_bad_iret: +@@ -1475,7 +1851,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -20629,7 +20683,7 @@ index 9d28dbac..d5f7d1d 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1495,7 +1868,7 @@ ENTRY(error_exit) +@@ -1495,7 +1871,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -20638,7 +20692,7 @@ index 9d28dbac..d5f7d1d 100644 /* runs on exception stack */ -@@ -1507,6 +1880,7 @@ ENTRY(nmi) +@@ -1507,6 +1883,7 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -20646,7 +20700,7 @@ index 9d28dbac..d5f7d1d 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1517,12 +1891,28 @@ ENTRY(nmi) +@@ -1517,12 +1894,28 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -20676,7 +20730,7 @@ index 9d28dbac..d5f7d1d 100644 jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1551,14 +1941,14 @@ nmi_schedule: +@@ -1551,14 +1944,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -28253,7 +28307,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 8cac088..527a9c0 100644 +index 351590e..a1132fb 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -40108,7 +40162,7 @@ index be2f3af..9911b09 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index 44442d5..9f4b007 100644 +index f58067f..ed59814 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -102608,6 +102662,19 @@ index 93a8241..b9ef30c 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; +diff --git a/net/bridge/br.c b/net/bridge/br.c +index f20c4fd..73aee41 100644 +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -34,6 +34,8 @@ static int __init br_init(void) + { + int err; + ++ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb)); ++ + err = stp_proto_register(&br_stp_proto); + if (err < 0) { + pr_err("bridge: can't register sap for STP\n"); diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 398a297..83fc29c 100644 --- a/net/bridge/br_multicast.c @@ -102882,7 +102949,7 @@ index 84efbe4..51d47bc 100644 list_del(&p->list); goto out; diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c -index 8656909..a448555 100644 +index b525aec..9659b25 100644 --- a/net/caif/chnl_net.c +++ b/net/caif/chnl_net.c @@ -74,7 +74,6 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) @@ -102955,7 +103022,7 @@ index 8656909..a448555 100644 } /* Update statistics. */ -@@ -508,7 +515,7 @@ static const struct nla_policy ipcaif_policy[IFLA_CAIF_MAX + 1] = { +@@ -507,7 +514,7 @@ static const struct nla_policy ipcaif_policy[IFLA_CAIF_MAX + 1] = { }; @@ -104759,10 +104826,31 @@ index a639967..8f44480 100644 pr_err("Unable to proc dir entry\n"); ret = -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index d495d4b..db46e69 100644 +index d495d4b..b601824 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -716,8 +716,11 @@ void ping_rcv(struct sk_buff *skb) +@@ -257,6 +257,11 @@ static int ping_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) + if (addr_len < sizeof(struct sockaddr_in)) + return -EINVAL; + ++ if (addr->sin_family != AF_INET && ++ !(addr->sin_family == AF_UNSPEC && ++ addr->sin_addr.s_addr == htonl(INADDR_ANY))) ++ return -EAFNOSUPPORT; ++ + pr_debug("ping_v4_bind(sk=%p,sa_addr=%08x,sa_port=%d)\n", + sk, addr->sin_addr.s_addr, ntohs(addr->sin_port)); + +@@ -504,7 +509,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + if (msg->msg_namelen < sizeof(*usin)) + return -EINVAL; + if (usin->sin_family != AF_INET) +- return -EINVAL; ++ return -EAFNOSUPPORT; + daddr = usin->sin_addr.s_addr; + /* no remote port */ + } else { +@@ -716,8 +721,11 @@ void ping_rcv(struct sk_buff *skb) sk = ping_v4_lookup(net, saddr, daddr, ntohs(icmph->un.echo.id), skb->dev->ifindex); if (sk != NULL) { @@ -104775,7 +104863,7 @@ index d495d4b..db46e69 100644 sock_put(sk); return; } -@@ -842,7 +845,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -842,7 +850,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -107464,7 +107552,7 @@ index a80b0cb..f7e08e7 100644 phw.hw_addrlen = htons(len); NLA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c -index 9e63b43..a61bc90 100644 +index 9e63b43f..a61bc90 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -50,7 +50,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, diff --git a/3.2.67/4425_grsec_remove_EI_PAX.patch b/3.2.68/4425_grsec_remove_EI_PAX.patch index 366baa8..366baa8 100644 --- a/3.2.67/4425_grsec_remove_EI_PAX.patch +++ b/3.2.68/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.67/4427_force_XATTR_PAX_tmpfs.patch b/3.2.68/4427_force_XATTR_PAX_tmpfs.patch index caaeed1..caaeed1 100644 --- a/3.2.67/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.2.68/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.2.67/4430_grsec-remove-localversion-grsec.patch b/3.2.68/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.67/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.68/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.67/4435_grsec-mute-warnings.patch b/3.2.68/4435_grsec-mute-warnings.patch index da01ac7..da01ac7 100644 --- a/3.2.67/4435_grsec-mute-warnings.patch +++ b/3.2.68/4435_grsec-mute-warnings.patch diff --git a/3.2.67/4440_grsec-remove-protected-paths.patch b/3.2.68/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.2.67/4440_grsec-remove-protected-paths.patch +++ b/3.2.68/4440_grsec-remove-protected-paths.patch diff --git a/3.2.67/4450_grsec-kconfig-default-gids.patch b/3.2.68/4450_grsec-kconfig-default-gids.patch index 26dedae..26dedae 100644 --- a/3.2.67/4450_grsec-kconfig-default-gids.patch +++ b/3.2.68/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.67/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.68/4465_selinux-avc_audit-log-curr_ip.patch index f73d198..f73d198 100644 --- a/3.2.67/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.68/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.67/4470_disable-compat_vdso.patch b/3.2.68/4470_disable-compat_vdso.patch index 34d46de..34d46de 100644 --- a/3.2.67/4470_disable-compat_vdso.patch +++ b/3.2.68/4470_disable-compat_vdso.patch diff --git a/3.2.67/4475_emutramp_default_on.patch b/3.2.68/4475_emutramp_default_on.patch index 1f3d51a..1f3d51a 100644 --- a/3.2.67/4475_emutramp_default_on.patch +++ b/3.2.68/4475_emutramp_default_on.patch |