summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--4.4.2/1001_linux-4.4.2.patch5320
-rw-r--r--4.4.3/0000_README (renamed from 4.4.2/0000_README)6
-rw-r--r--4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch (renamed from 4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch)1770
-rw-r--r--4.4.3/4425_grsec_remove_EI_PAX.patch (renamed from 4.4.2/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.4.3/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.4.2/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--4.4.3/4430_grsec-remove-localversion-grsec.patch (renamed from 4.4.2/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.4.3/4435_grsec-mute-warnings.patch (renamed from 4.4.2/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.4.3/4440_grsec-remove-protected-paths.patch (renamed from 4.4.2/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.4.3/4450_grsec-kconfig-default-gids.patch (renamed from 4.4.2/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--4.4.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.4.2/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.4.3/4470_disable-compat_vdso.patch (renamed from 4.4.2/4470_disable-compat_vdso.patch)0
-rw-r--r--4.4.3/4475_emutramp_default_on.patch (renamed from 4.4.2/4475_emutramp_default_on.patch)0
12 files changed, 920 insertions, 6176 deletions
diff --git a/4.4.2/1001_linux-4.4.2.patch b/4.4.2/1001_linux-4.4.2.patch
deleted file mode 100644
index d190146..0000000
--- a/4.4.2/1001_linux-4.4.2.patch
+++ /dev/null
@@ -1,5320 +0,0 @@
-diff --git a/Makefile b/Makefile
-index c6a265b..e7a2958 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 4
- PATCHLEVEL = 4
--SUBLEVEL = 1
-+SUBLEVEL = 2
- EXTRAVERSION =
- NAME = Blurry Fish Butt
-
-diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h
-index 7d56a9c..a65d888 100644
---- a/arch/parisc/include/asm/hugetlb.h
-+++ b/arch/parisc/include/asm/hugetlb.h
-@@ -54,24 +54,12 @@ static inline pte_t huge_pte_wrprotect(pte_t pte)
- return pte_wrprotect(pte);
- }
-
--static inline void huge_ptep_set_wrprotect(struct mm_struct *mm,
-- unsigned long addr, pte_t *ptep)
--{
-- pte_t old_pte = *ptep;
-- set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte));
--}
-+void huge_ptep_set_wrprotect(struct mm_struct *mm,
-+ unsigned long addr, pte_t *ptep);
-
--static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
-+int huge_ptep_set_access_flags(struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep,
-- pte_t pte, int dirty)
--{
-- int changed = !pte_same(*ptep, pte);
-- if (changed) {
-- set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
-- flush_tlb_page(vma, addr);
-- }
-- return changed;
--}
-+ pte_t pte, int dirty);
-
- static inline pte_t huge_ptep_get(pte_t *ptep)
- {
-diff --git a/arch/parisc/include/uapi/asm/siginfo.h b/arch/parisc/include/uapi/asm/siginfo.h
-index d703472..1c75565 100644
---- a/arch/parisc/include/uapi/asm/siginfo.h
-+++ b/arch/parisc/include/uapi/asm/siginfo.h
-@@ -1,6 +1,10 @@
- #ifndef _PARISC_SIGINFO_H
- #define _PARISC_SIGINFO_H
-
-+#if defined(__LP64__)
-+#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int))
-+#endif
-+
- #include <asm-generic/siginfo.h>
-
- #undef NSIGTRAP
-diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c
-index f6fdc77..54ba392 100644
---- a/arch/parisc/mm/hugetlbpage.c
-+++ b/arch/parisc/mm/hugetlbpage.c
-@@ -105,15 +105,13 @@ static inline void purge_tlb_entries_huge(struct mm_struct *mm, unsigned long ad
- addr |= _HUGE_PAGE_SIZE_ENCODING_DEFAULT;
-
- for (i = 0; i < (1 << (HPAGE_SHIFT-REAL_HPAGE_SHIFT)); i++) {
-- mtsp(mm->context, 1);
-- pdtlb(addr);
-- if (unlikely(split_tlb))
-- pitlb(addr);
-+ purge_tlb_entries(mm, addr);
- addr += (1UL << REAL_HPAGE_SHIFT);
- }
- }
-
--void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
-+/* __set_huge_pte_at() must be called holding the pa_tlb_lock. */
-+static void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep, pte_t entry)
- {
- unsigned long addr_start;
-@@ -123,14 +121,9 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
- addr_start = addr;
-
- for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
-- /* Directly write pte entry. We could call set_pte_at(mm, addr, ptep, entry)
-- * instead, but then we get double locking on pa_tlb_lock. */
-- *ptep = entry;
-+ set_pte(ptep, entry);
- ptep++;
-
-- /* Drop the PAGE_SIZE/non-huge tlb entry */
-- purge_tlb_entries(mm, addr);
--
- addr += PAGE_SIZE;
- pte_val(entry) += PAGE_SIZE;
- }
-@@ -138,18 +131,61 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
- purge_tlb_entries_huge(mm, addr_start);
- }
-
-+void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
-+ pte_t *ptep, pte_t entry)
-+{
-+ unsigned long flags;
-+
-+ purge_tlb_start(flags);
-+ __set_huge_pte_at(mm, addr, ptep, entry);
-+ purge_tlb_end(flags);
-+}
-+
-
- pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
- pte_t *ptep)
- {
-+ unsigned long flags;
- pte_t entry;
-
-+ purge_tlb_start(flags);
- entry = *ptep;
-- set_huge_pte_at(mm, addr, ptep, __pte(0));
-+ __set_huge_pte_at(mm, addr, ptep, __pte(0));
-+ purge_tlb_end(flags);
-
- return entry;
- }
-
-+
-+void huge_ptep_set_wrprotect(struct mm_struct *mm,
-+ unsigned long addr, pte_t *ptep)
-+{
-+ unsigned long flags;
-+ pte_t old_pte;
-+
-+ purge_tlb_start(flags);
-+ old_pte = *ptep;
-+ __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte));
-+ purge_tlb_end(flags);
-+}
-+
-+int huge_ptep_set_access_flags(struct vm_area_struct *vma,
-+ unsigned long addr, pte_t *ptep,
-+ pte_t pte, int dirty)
-+{
-+ unsigned long flags;
-+ int changed;
-+
-+ purge_tlb_start(flags);
-+ changed = !pte_same(*ptep, pte);
-+ if (changed) {
-+ __set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
-+ }
-+ purge_tlb_end(flags);
-+ return changed;
-+}
-+
-+
- int pmd_huge(pmd_t pmd)
- {
- return 0;
-diff --git a/arch/x86/crypto/chacha20-ssse3-x86_64.S b/arch/x86/crypto/chacha20-ssse3-x86_64.S
-index 712b130..3a33124 100644
---- a/arch/x86/crypto/chacha20-ssse3-x86_64.S
-+++ b/arch/x86/crypto/chacha20-ssse3-x86_64.S
-@@ -157,7 +157,9 @@ ENTRY(chacha20_4block_xor_ssse3)
- # done with the slightly better performing SSSE3 byte shuffling,
- # 7/12-bit word rotation uses traditional shift+OR.
-
-- sub $0x40,%rsp
-+ mov %rsp,%r11
-+ sub $0x80,%rsp
-+ and $~63,%rsp
-
- # x0..15[0-3] = s0..3[0..3]
- movq 0x00(%rdi),%xmm1
-@@ -620,6 +622,6 @@ ENTRY(chacha20_4block_xor_ssse3)
- pxor %xmm1,%xmm15
- movdqu %xmm15,0xf0(%rsi)
-
-- add $0x40,%rsp
-+ mov %r11,%rsp
- ret
- ENDPROC(chacha20_4block_xor_ssse3)
-diff --git a/block/blk-merge.c b/block/blk-merge.c
-index e01405a..b966db8 100644
---- a/block/blk-merge.c
-+++ b/block/blk-merge.c
-@@ -68,6 +68,18 @@ static struct bio *blk_bio_write_same_split(struct request_queue *q,
- return bio_split(bio, q->limits.max_write_same_sectors, GFP_NOIO, bs);
- }
-
-+static inline unsigned get_max_io_size(struct request_queue *q,
-+ struct bio *bio)
-+{
-+ unsigned sectors = blk_max_size_offset(q, bio->bi_iter.bi_sector);
-+ unsigned mask = queue_logical_block_size(q) - 1;
-+
-+ /* aligned to logical block size */
-+ sectors &= ~(mask >> 9);
-+
-+ return sectors;
-+}
-+
- static struct bio *blk_bio_segment_split(struct request_queue *q,
- struct bio *bio,
- struct bio_set *bs,
-@@ -79,11 +91,9 @@ static struct bio *blk_bio_segment_split(struct request_queue *q,
- unsigned front_seg_size = bio->bi_seg_front_size;
- bool do_split = true;
- struct bio *new = NULL;
-+ const unsigned max_sectors = get_max_io_size(q, bio);
-
- bio_for_each_segment(bv, bio, iter) {
-- if (sectors + (bv.bv_len >> 9) > queue_max_sectors(q))
-- goto split;
--
- /*
- * If the queue doesn't support SG gaps and adding this
- * offset would create a gap, disallow it.
-@@ -91,6 +101,21 @@ static struct bio *blk_bio_segment_split(struct request_queue *q,
- if (bvprvp && bvec_gap_to_prev(q, bvprvp, bv.bv_offset))
- goto split;
-
-+ if (sectors + (bv.bv_len >> 9) > max_sectors) {
-+ /*
-+ * Consider this a new segment if we're splitting in
-+ * the middle of this vector.
-+ */
-+ if (nsegs < queue_max_segments(q) &&
-+ sectors < max_sectors) {
-+ nsegs++;
-+ sectors = max_sectors;
-+ }
-+ if (sectors)
-+ goto split;
-+ /* Make this single bvec as the 1st segment */
-+ }
-+
- if (bvprvp && blk_queue_cluster(q)) {
- if (seg_size + bv.bv_len > queue_max_segment_size(q))
- goto new_segment;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index a8e7aa3..f5e18c2 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
- goto unlock;
-
- type->ops->owner = THIS_MODULE;
-+ if (type->ops_nokey)
-+ type->ops_nokey->owner = THIS_MODULE;
- node->type = type;
- list_add(&node->list, &alg_types);
- err = 0;
-@@ -125,6 +127,26 @@ int af_alg_release(struct socket *sock)
- }
- EXPORT_SYMBOL_GPL(af_alg_release);
-
-+void af_alg_release_parent(struct sock *sk)
-+{
-+ struct alg_sock *ask = alg_sk(sk);
-+ unsigned int nokey = ask->nokey_refcnt;
-+ bool last = nokey && !ask->refcnt;
-+
-+ sk = ask->parent;
-+ ask = alg_sk(sk);
-+
-+ lock_sock(sk);
-+ ask->nokey_refcnt -= nokey;
-+ if (!last)
-+ last = !--ask->refcnt;
-+ release_sock(sk);
-+
-+ if (last)
-+ sock_put(sk);
-+}
-+EXPORT_SYMBOL_GPL(af_alg_release_parent);
-+
- static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
- {
- const u32 forbidden = CRYPTO_ALG_INTERNAL;
-@@ -133,6 +155,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
- struct sockaddr_alg *sa = (void *)uaddr;
- const struct af_alg_type *type;
- void *private;
-+ int err;
-
- if (sock->state == SS_CONNECTED)
- return -EINVAL;
-@@ -160,16 +183,22 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
- return PTR_ERR(private);
- }
-
-+ err = -EBUSY;
- lock_sock(sk);
-+ if (ask->refcnt | ask->nokey_refcnt)
-+ goto unlock;
-
- swap(ask->type, type);
- swap(ask->private, private);
-
-+ err = 0;
-+
-+unlock:
- release_sock(sk);
-
- alg_do_release(type, private);
-
-- return 0;
-+ return err;
- }
-
- static int alg_setkey(struct sock *sk, char __user *ukey,
-@@ -202,11 +231,15 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
- struct sock *sk = sock->sk;
- struct alg_sock *ask = alg_sk(sk);
- const struct af_alg_type *type;
-- int err = -ENOPROTOOPT;
-+ int err = -EBUSY;
-
- lock_sock(sk);
-+ if (ask->refcnt)
-+ goto unlock;
-+
- type = ask->type;
-
-+ err = -ENOPROTOOPT;
- if (level != SOL_ALG || !type)
- goto unlock;
-
-@@ -238,6 +271,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
- struct alg_sock *ask = alg_sk(sk);
- const struct af_alg_type *type;
- struct sock *sk2;
-+ unsigned int nokey;
- int err;
-
- lock_sock(sk);
-@@ -257,20 +291,29 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
- security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
-- if (err) {
-- sk_free(sk2);
-+
-+ nokey = err == -ENOKEY;
-+ if (nokey && type->accept_nokey)
-+ err = type->accept_nokey(ask->private, sk2);
-+
-+ if (err)
- goto unlock;
-- }
-
- sk2->sk_family = PF_ALG;
-
-- sock_hold(sk);
-+ if (nokey || !ask->refcnt++)
-+ sock_hold(sk);
-+ ask->nokey_refcnt += nokey;
- alg_sk(sk2)->parent = sk;
- alg_sk(sk2)->type = type;
-+ alg_sk(sk2)->nokey_refcnt = nokey;
-
- newsock->ops = type->ops;
- newsock->state = SS_CONNECTED;
-
-+ if (nokey)
-+ newsock->ops = type->ops_nokey;
-+
- err = 0;
-
- unlock:
-diff --git a/crypto/ahash.c b/crypto/ahash.c
-index 9c1dc8d..d19b523 100644
---- a/crypto/ahash.c
-+++ b/crypto/ahash.c
-@@ -451,6 +451,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
- struct ahash_alg *alg = crypto_ahash_alg(hash);
-
- hash->setkey = ahash_nosetkey;
-+ hash->has_setkey = false;
- hash->export = ahash_no_export;
- hash->import = ahash_no_import;
-
-@@ -463,8 +464,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
- hash->finup = alg->finup ?: ahash_def_finup;
- hash->digest = alg->digest;
-
-- if (alg->setkey)
-+ if (alg->setkey) {
- hash->setkey = alg->setkey;
-+ hash->has_setkey = true;
-+ }
- if (alg->export)
- hash->export = alg->export;
- if (alg->import)
-diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
-index b4c24fe..68a5cea 100644
---- a/crypto/algif_hash.c
-+++ b/crypto/algif_hash.c
-@@ -34,6 +34,11 @@ struct hash_ctx {
- struct ahash_request req;
- };
-
-+struct algif_hash_tfm {
-+ struct crypto_ahash *hash;
-+ bool has_key;
-+};
-+
- static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
- size_t ignored)
- {
-@@ -49,7 +54,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
-
- lock_sock(sk);
- if (!ctx->more) {
-- err = crypto_ahash_init(&ctx->req);
-+ err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req),
-+ &ctx->completion);
- if (err)
- goto unlock;
- }
-@@ -120,6 +126,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct page *page,
- } else {
- if (!ctx->more) {
- err = crypto_ahash_init(&ctx->req);
-+ err = af_alg_wait_for_completion(err, &ctx->completion);
- if (err)
- goto unlock;
- }
-@@ -235,19 +242,151 @@ static struct proto_ops algif_hash_ops = {
- .accept = hash_accept,
- };
-
-+static int hash_check_key(struct socket *sock)
-+{
-+ int err = 0;
-+ struct sock *psk;
-+ struct alg_sock *pask;
-+ struct algif_hash_tfm *tfm;
-+ struct sock *sk = sock->sk;
-+ struct alg_sock *ask = alg_sk(sk);
-+
-+ lock_sock(sk);
-+ if (ask->refcnt)
-+ goto unlock_child;
-+
-+ psk = ask->parent;
-+ pask = alg_sk(ask->parent);
-+ tfm = pask->private;
-+
-+ err = -ENOKEY;
-+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
-+ if (!tfm->has_key)
-+ goto unlock;
-+
-+ if (!pask->refcnt++)
-+ sock_hold(psk);
-+
-+ ask->refcnt = 1;
-+ sock_put(psk);
-+
-+ err = 0;
-+
-+unlock:
-+ release_sock(psk);
-+unlock_child:
-+ release_sock(sk);
-+
-+ return err;
-+}
-+
-+static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
-+ size_t size)
-+{
-+ int err;
-+
-+ err = hash_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return hash_sendmsg(sock, msg, size);
-+}
-+
-+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
-+ int offset, size_t size, int flags)
-+{
-+ int err;
-+
-+ err = hash_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return hash_sendpage(sock, page, offset, size, flags);
-+}
-+
-+static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
-+ size_t ignored, int flags)
-+{
-+ int err;
-+
-+ err = hash_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return hash_recvmsg(sock, msg, ignored, flags);
-+}
-+
-+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
-+ int flags)
-+{
-+ int err;
-+
-+ err = hash_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return hash_accept(sock, newsock, flags);
-+}
-+
-+static struct proto_ops algif_hash_ops_nokey = {
-+ .family = PF_ALG,
-+
-+ .connect = sock_no_connect,
-+ .socketpair = sock_no_socketpair,
-+ .getname = sock_no_getname,
-+ .ioctl = sock_no_ioctl,
-+ .listen = sock_no_listen,
-+ .shutdown = sock_no_shutdown,
-+ .getsockopt = sock_no_getsockopt,
-+ .mmap = sock_no_mmap,
-+ .bind = sock_no_bind,
-+ .setsockopt = sock_no_setsockopt,
-+ .poll = sock_no_poll,
-+
-+ .release = af_alg_release,
-+ .sendmsg = hash_sendmsg_nokey,
-+ .sendpage = hash_sendpage_nokey,
-+ .recvmsg = hash_recvmsg_nokey,
-+ .accept = hash_accept_nokey,
-+};
-+
- static void *hash_bind(const char *name, u32 type, u32 mask)
- {
-- return crypto_alloc_ahash(name, type, mask);
-+ struct algif_hash_tfm *tfm;
-+ struct crypto_ahash *hash;
-+
-+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
-+ if (!tfm)
-+ return ERR_PTR(-ENOMEM);
-+
-+ hash = crypto_alloc_ahash(name, type, mask);
-+ if (IS_ERR(hash)) {
-+ kfree(tfm);
-+ return ERR_CAST(hash);
-+ }
-+
-+ tfm->hash = hash;
-+
-+ return tfm;
- }
-
- static void hash_release(void *private)
- {
-- crypto_free_ahash(private);
-+ struct algif_hash_tfm *tfm = private;
-+
-+ crypto_free_ahash(tfm->hash);
-+ kfree(tfm);
- }
-
- static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
- {
-- return crypto_ahash_setkey(private, key, keylen);
-+ struct algif_hash_tfm *tfm = private;
-+ int err;
-+
-+ err = crypto_ahash_setkey(tfm->hash, key, keylen);
-+ tfm->has_key = !err;
-+
-+ return err;
- }
-
- static void hash_sock_destruct(struct sock *sk)
-@@ -261,12 +400,14 @@ static void hash_sock_destruct(struct sock *sk)
- af_alg_release_parent(sk);
- }
-
--static int hash_accept_parent(void *private, struct sock *sk)
-+static int hash_accept_parent_nokey(void *private, struct sock *sk)
- {
- struct hash_ctx *ctx;
- struct alg_sock *ask = alg_sk(sk);
-- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(private);
-- unsigned ds = crypto_ahash_digestsize(private);
-+ struct algif_hash_tfm *tfm = private;
-+ struct crypto_ahash *hash = tfm->hash;
-+ unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash);
-+ unsigned ds = crypto_ahash_digestsize(hash);
-
- ctx = sock_kmalloc(sk, len, GFP_KERNEL);
- if (!ctx)
-@@ -286,7 +427,7 @@ static int hash_accept_parent(void *private, struct sock *sk)
-
- ask->private = ctx;
-
-- ahash_request_set_tfm(&ctx->req, private);
-+ ahash_request_set_tfm(&ctx->req, hash);
- ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- af_alg_complete, &ctx->completion);
-
-@@ -295,12 +436,24 @@ static int hash_accept_parent(void *private, struct sock *sk)
- return 0;
- }
-
-+static int hash_accept_parent(void *private, struct sock *sk)
-+{
-+ struct algif_hash_tfm *tfm = private;
-+
-+ if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
-+ return -ENOKEY;
-+
-+ return hash_accept_parent_nokey(private, sk);
-+}
-+
- static const struct af_alg_type algif_type_hash = {
- .bind = hash_bind,
- .release = hash_release,
- .setkey = hash_setkey,
- .accept = hash_accept_parent,
-+ .accept_nokey = hash_accept_parent_nokey,
- .ops = &algif_hash_ops,
-+ .ops_nokey = &algif_hash_ops_nokey,
- .name = "hash",
- .owner = THIS_MODULE
- };
-diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
-index 634b4d1..f5e9f93 100644
---- a/crypto/algif_skcipher.c
-+++ b/crypto/algif_skcipher.c
-@@ -31,6 +31,11 @@ struct skcipher_sg_list {
- struct scatterlist sg[0];
- };
-
-+struct skcipher_tfm {
-+ struct crypto_skcipher *skcipher;
-+ bool has_key;
-+};
-+
- struct skcipher_ctx {
- struct list_head tsgl;
- struct af_alg_sgl rsgl;
-@@ -60,18 +65,10 @@ struct skcipher_async_req {
- struct skcipher_async_rsgl first_sgl;
- struct list_head list;
- struct scatterlist *tsg;
-- char iv[];
-+ atomic_t *inflight;
-+ struct skcipher_request req;
- };
-
--#define GET_SREQ(areq, ctx) (struct skcipher_async_req *)((char *)areq + \
-- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req)))
--
--#define GET_REQ_SIZE(ctx) \
-- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req))
--
--#define GET_IV_SIZE(ctx) \
-- crypto_skcipher_ivsize(crypto_skcipher_reqtfm(&ctx->req))
--
- #define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
- sizeof(struct scatterlist) - 1)
-
-@@ -97,15 +94,12 @@ static void skcipher_free_async_sgls(struct skcipher_async_req *sreq)
-
- static void skcipher_async_cb(struct crypto_async_request *req, int err)
- {
-- struct sock *sk = req->data;
-- struct alg_sock *ask = alg_sk(sk);
-- struct skcipher_ctx *ctx = ask->private;
-- struct skcipher_async_req *sreq = GET_SREQ(req, ctx);
-+ struct skcipher_async_req *sreq = req->data;
- struct kiocb *iocb = sreq->iocb;
-
-- atomic_dec(&ctx->inflight);
-+ atomic_dec(sreq->inflight);
- skcipher_free_async_sgls(sreq);
-- kfree(req);
-+ kzfree(sreq);
- iocb->ki_complete(iocb, err, err);
- }
-
-@@ -301,8 +295,11 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
- {
- struct sock *sk = sock->sk;
- struct alg_sock *ask = alg_sk(sk);
-+ struct sock *psk = ask->parent;
-+ struct alg_sock *pask = alg_sk(psk);
- struct skcipher_ctx *ctx = ask->private;
-- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
-+ struct skcipher_tfm *skc = pask->private;
-+ struct crypto_skcipher *tfm = skc->skcipher;
- unsigned ivsize = crypto_skcipher_ivsize(tfm);
- struct skcipher_sg_list *sgl;
- struct af_alg_control con = {};
-@@ -387,7 +384,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
-
- sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
- sg = sgl->sg;
-- sg_unmark_end(sg + sgl->cur);
-+ if (sgl->cur)
-+ sg_unmark_end(sg + sgl->cur - 1);
- do {
- i = sgl->cur;
- plen = min_t(int, len, PAGE_SIZE);
-@@ -503,37 +501,43 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
- {
- struct sock *sk = sock->sk;
- struct alg_sock *ask = alg_sk(sk);
-+ struct sock *psk = ask->parent;
-+ struct alg_sock *pask = alg_sk(psk);
- struct skcipher_ctx *ctx = ask->private;
-+ struct skcipher_tfm *skc = pask->private;
-+ struct crypto_skcipher *tfm = skc->skcipher;
- struct skcipher_sg_list *sgl;
- struct scatterlist *sg;
- struct skcipher_async_req *sreq;
- struct skcipher_request *req;
- struct skcipher_async_rsgl *last_rsgl = NULL;
-- unsigned int txbufs = 0, len = 0, tx_nents = skcipher_all_sg_nents(ctx);
-- unsigned int reqlen = sizeof(struct skcipher_async_req) +
-- GET_REQ_SIZE(ctx) + GET_IV_SIZE(ctx);
-+ unsigned int txbufs = 0, len = 0, tx_nents;
-+ unsigned int reqsize = crypto_skcipher_reqsize(tfm);
-+ unsigned int ivsize = crypto_skcipher_ivsize(tfm);
- int err = -ENOMEM;
- bool mark = false;
-+ char *iv;
-
-- lock_sock(sk);
-- req = kmalloc(reqlen, GFP_KERNEL);
-- if (unlikely(!req))
-- goto unlock;
-+ sreq = kzalloc(sizeof(*sreq) + reqsize + ivsize, GFP_KERNEL);
-+ if (unlikely(!sreq))
-+ goto out;
-
-- sreq = GET_SREQ(req, ctx);
-+ req = &sreq->req;
-+ iv = (char *)(req + 1) + reqsize;
- sreq->iocb = msg->msg_iocb;
-- memset(&sreq->first_sgl, '\0', sizeof(struct skcipher_async_rsgl));
- INIT_LIST_HEAD(&sreq->list);
-+ sreq->inflight = &ctx->inflight;
-+
-+ lock_sock(sk);
-+ tx_nents = skcipher_all_sg_nents(ctx);
- sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
-- if (unlikely(!sreq->tsg)) {
-- kfree(req);
-+ if (unlikely(!sreq->tsg))
- goto unlock;
-- }
- sg_init_table(sreq->tsg, tx_nents);
-- memcpy(sreq->iv, ctx->iv, GET_IV_SIZE(ctx));
-- skcipher_request_set_tfm(req, crypto_skcipher_reqtfm(&ctx->req));
-- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-- skcipher_async_cb, sk);
-+ memcpy(iv, ctx->iv, ivsize);
-+ skcipher_request_set_tfm(req, tfm);
-+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
-+ skcipher_async_cb, sreq);
-
- while (iov_iter_count(&msg->msg_iter)) {
- struct skcipher_async_rsgl *rsgl;
-@@ -609,20 +613,22 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
- sg_mark_end(sreq->tsg + txbufs - 1);
-
- skcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg,
-- len, sreq->iv);
-+ len, iv);
- err = ctx->enc ? crypto_skcipher_encrypt(req) :
- crypto_skcipher_decrypt(req);
- if (err == -EINPROGRESS) {
- atomic_inc(&ctx->inflight);
- err = -EIOCBQUEUED;
-+ sreq = NULL;
- goto unlock;
- }
- free:
- skcipher_free_async_sgls(sreq);
-- kfree(req);
- unlock:
- skcipher_wmem_wakeup(sk);
- release_sock(sk);
-+ kzfree(sreq);
-+out:
- return err;
- }
-
-@@ -631,9 +637,12 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
- {
- struct sock *sk = sock->sk;
- struct alg_sock *ask = alg_sk(sk);
-+ struct sock *psk = ask->parent;
-+ struct alg_sock *pask = alg_sk(psk);
- struct skcipher_ctx *ctx = ask->private;
-- unsigned bs = crypto_skcipher_blocksize(crypto_skcipher_reqtfm(
-- &ctx->req));
-+ struct skcipher_tfm *skc = pask->private;
-+ struct crypto_skcipher *tfm = skc->skcipher;
-+ unsigned bs = crypto_skcipher_blocksize(tfm);
- struct skcipher_sg_list *sgl;
- struct scatterlist *sg;
- int err = -EAGAIN;
-@@ -642,13 +651,6 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
-
- lock_sock(sk);
- while (msg_data_left(msg)) {
-- sgl = list_first_entry(&ctx->tsgl,
-- struct skcipher_sg_list, list);
-- sg = sgl->sg;
--
-- while (!sg->length)
-- sg++;
--
- if (!ctx->used) {
- err = skcipher_wait_for_data(sk, flags);
- if (err)
-@@ -669,6 +671,13 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
- if (!used)
- goto free;
-
-+ sgl = list_first_entry(&ctx->tsgl,
-+ struct skcipher_sg_list, list);
-+ sg = sgl->sg;
-+
-+ while (!sg->length)
-+ sg++;
-+
- skcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used,
- ctx->iv);
-
-@@ -748,19 +757,139 @@ static struct proto_ops algif_skcipher_ops = {
- .poll = skcipher_poll,
- };
-
-+static int skcipher_check_key(struct socket *sock)
-+{
-+ int err = 0;
-+ struct sock *psk;
-+ struct alg_sock *pask;
-+ struct skcipher_tfm *tfm;
-+ struct sock *sk = sock->sk;
-+ struct alg_sock *ask = alg_sk(sk);
-+
-+ lock_sock(sk);
-+ if (ask->refcnt)
-+ goto unlock_child;
-+
-+ psk = ask->parent;
-+ pask = alg_sk(ask->parent);
-+ tfm = pask->private;
-+
-+ err = -ENOKEY;
-+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
-+ if (!tfm->has_key)
-+ goto unlock;
-+
-+ if (!pask->refcnt++)
-+ sock_hold(psk);
-+
-+ ask->refcnt = 1;
-+ sock_put(psk);
-+
-+ err = 0;
-+
-+unlock:
-+ release_sock(psk);
-+unlock_child:
-+ release_sock(sk);
-+
-+ return err;
-+}
-+
-+static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
-+ size_t size)
-+{
-+ int err;
-+
-+ err = skcipher_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return skcipher_sendmsg(sock, msg, size);
-+}
-+
-+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
-+ int offset, size_t size, int flags)
-+{
-+ int err;
-+
-+ err = skcipher_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return skcipher_sendpage(sock, page, offset, size, flags);
-+}
-+
-+static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
-+ size_t ignored, int flags)
-+{
-+ int err;
-+
-+ err = skcipher_check_key(sock);
-+ if (err)
-+ return err;
-+
-+ return skcipher_recvmsg(sock, msg, ignored, flags);
-+}
-+
-+static struct proto_ops algif_skcipher_ops_nokey = {
-+ .family = PF_ALG,
-+
-+ .connect = sock_no_connect,
-+ .socketpair = sock_no_socketpair,
-+ .getname = sock_no_getname,
-+ .ioctl = sock_no_ioctl,
-+ .listen = sock_no_listen,
-+ .shutdown = sock_no_shutdown,
-+ .getsockopt = sock_no_getsockopt,
-+ .mmap = sock_no_mmap,
-+ .bind = sock_no_bind,
-+ .accept = sock_no_accept,
-+ .setsockopt = sock_no_setsockopt,
-+
-+ .release = af_alg_release,
-+ .sendmsg = skcipher_sendmsg_nokey,
-+ .sendpage = skcipher_sendpage_nokey,
-+ .recvmsg = skcipher_recvmsg_nokey,
-+ .poll = skcipher_poll,
-+};
-+
- static void *skcipher_bind(const char *name, u32 type, u32 mask)
- {
-- return crypto_alloc_skcipher(name, type, mask);
-+ struct skcipher_tfm *tfm;
-+ struct crypto_skcipher *skcipher;
-+
-+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
-+ if (!tfm)
-+ return ERR_PTR(-ENOMEM);
-+
-+ skcipher = crypto_alloc_skcipher(name, type, mask);
-+ if (IS_ERR(skcipher)) {
-+ kfree(tfm);
-+ return ERR_CAST(skcipher);
-+ }
-+
-+ tfm->skcipher = skcipher;
-+
-+ return tfm;
- }
-
- static void skcipher_release(void *private)
- {
-- crypto_free_skcipher(private);
-+ struct skcipher_tfm *tfm = private;
-+
-+ crypto_free_skcipher(tfm->skcipher);
-+ kfree(tfm);
- }
-
- static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
- {
-- return crypto_skcipher_setkey(private, key, keylen);
-+ struct skcipher_tfm *tfm = private;
-+ int err;
-+
-+ err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
-+ tfm->has_key = !err;
-+
-+ return err;
- }
-
- static void skcipher_wait(struct sock *sk)
-@@ -788,24 +917,26 @@ static void skcipher_sock_destruct(struct sock *sk)
- af_alg_release_parent(sk);
- }
-
--static int skcipher_accept_parent(void *private, struct sock *sk)
-+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
- {
- struct skcipher_ctx *ctx;
- struct alg_sock *ask = alg_sk(sk);
-- unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(private);
-+ struct skcipher_tfm *tfm = private;
-+ struct crypto_skcipher *skcipher = tfm->skcipher;
-+ unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher);
-
- ctx = sock_kmalloc(sk, len, GFP_KERNEL);
- if (!ctx)
- return -ENOMEM;
-
-- ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(private),
-+ ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher),
- GFP_KERNEL);
- if (!ctx->iv) {
- sock_kfree_s(sk, ctx, len);
- return -ENOMEM;
- }
-
-- memset(ctx->iv, 0, crypto_skcipher_ivsize(private));
-+ memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher));
-
- INIT_LIST_HEAD(&ctx->tsgl);
- ctx->len = len;
-@@ -818,8 +949,9 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
-
- ask->private = ctx;
-
-- skcipher_request_set_tfm(&ctx->req, private);
-- skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-+ skcipher_request_set_tfm(&ctx->req, skcipher);
-+ skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_SLEEP |
-+ CRYPTO_TFM_REQ_MAY_BACKLOG,
- af_alg_complete, &ctx->completion);
-
- sk->sk_destruct = skcipher_sock_destruct;
-@@ -827,12 +959,24 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
- return 0;
- }
-
-+static int skcipher_accept_parent(void *private, struct sock *sk)
-+{
-+ struct skcipher_tfm *tfm = private;
-+
-+ if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher))
-+ return -ENOKEY;
-+
-+ return skcipher_accept_parent_nokey(private, sk);
-+}
-+
- static const struct af_alg_type algif_type_skcipher = {
- .bind = skcipher_bind,
- .release = skcipher_release,
- .setkey = skcipher_setkey,
- .accept = skcipher_accept_parent,
-+ .accept_nokey = skcipher_accept_parent_nokey,
- .ops = &algif_skcipher_ops,
-+ .ops_nokey = &algif_skcipher_ops_nokey,
- .name = "skcipher",
- .owner = THIS_MODULE
- };
-diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c
-index 06f1b60..4c0a0e2 100644
---- a/crypto/crc32c_generic.c
-+++ b/crypto/crc32c_generic.c
-@@ -172,4 +172,3 @@ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
- MODULE_LICENSE("GPL");
- MODULE_ALIAS_CRYPTO("crc32c");
- MODULE_ALIAS_CRYPTO("crc32c-generic");
--MODULE_SOFTDEP("pre: crc32c");
-diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
-index 237f379..43fe85f 100644
---- a/crypto/crypto_user.c
-+++ b/crypto/crypto_user.c
-@@ -499,6 +499,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- if (link->dump == NULL)
- return -EINVAL;
-
-+ down_read(&crypto_alg_sem);
- list_for_each_entry(alg, &crypto_alg_list, cra_list)
- dump_alloc += CRYPTO_REPORT_MAXSIZE;
-
-@@ -508,8 +509,11 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- .done = link->done,
- .min_dump_alloc = dump_alloc,
- };
-- return netlink_dump_start(crypto_nlsk, skb, nlh, &c);
-+ err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
- }
-+ up_read(&crypto_alg_sem);
-+
-+ return err;
- }
-
- err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX,
-diff --git a/crypto/shash.c b/crypto/shash.c
-index ecb1e3d..3597545 100644
---- a/crypto/shash.c
-+++ b/crypto/shash.c
-@@ -354,9 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
- crt->final = shash_async_final;
- crt->finup = shash_async_finup;
- crt->digest = shash_async_digest;
-+ crt->setkey = shash_async_setkey;
-+
-+ crt->has_setkey = alg->setkey != shash_no_setkey;
-
-- if (alg->setkey)
-- crt->setkey = shash_async_setkey;
- if (alg->export)
- crt->export = shash_async_export;
- if (alg->import)
-diff --git a/crypto/skcipher.c b/crypto/skcipher.c
-index 7591928..d199c0b 100644
---- a/crypto/skcipher.c
-+++ b/crypto/skcipher.c
-@@ -118,6 +118,7 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm)
- skcipher->decrypt = skcipher_decrypt_blkcipher;
-
- skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher);
-+ skcipher->has_setkey = calg->cra_blkcipher.max_keysize;
-
- return 0;
- }
-@@ -210,6 +211,7 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
- skcipher->ivsize = crypto_ablkcipher_ivsize(ablkcipher);
- skcipher->reqsize = crypto_ablkcipher_reqsize(ablkcipher) +
- sizeof(struct ablkcipher_request);
-+ skcipher->has_setkey = calg->cra_ablkcipher.max_keysize;
-
- return 0;
- }
-diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
-index cdfbcc5..99921aa 100644
---- a/drivers/ata/ahci.c
-+++ b/drivers/ata/ahci.c
-@@ -264,6 +264,26 @@ static const struct pci_device_id ahci_pci_tbl[] = {
- { PCI_VDEVICE(INTEL, 0x3b2b), board_ahci }, /* PCH RAID */
- { PCI_VDEVICE(INTEL, 0x3b2c), board_ahci }, /* PCH RAID */
- { PCI_VDEVICE(INTEL, 0x3b2f), board_ahci }, /* PCH AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b0), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b1), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b2), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b3), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b4), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b5), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b6), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19b7), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19bE), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19bF), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c0), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c1), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c2), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c3), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c4), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c5), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c6), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19c7), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19cE), board_ahci }, /* DNV AHCI */
-+ { PCI_VDEVICE(INTEL, 0x19cF), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x1c02), board_ahci }, /* CPT AHCI */
- { PCI_VDEVICE(INTEL, 0x1c03), board_ahci }, /* CPT AHCI */
- { PCI_VDEVICE(INTEL, 0x1c04), board_ahci }, /* CPT RAID */
-diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index 4665512..1f225cc 100644
---- a/drivers/ata/libahci.c
-+++ b/drivers/ata/libahci.c
-@@ -495,8 +495,8 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)
- }
- }
-
-- /* fabricate port_map from cap.nr_ports */
-- if (!port_map) {
-+ /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */
-+ if (!port_map && vers < 0x10300) {
- port_map = (1 << ahci_nr_ports(cap)) - 1;
- dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map);
-
-diff --git a/drivers/base/platform.c b/drivers/base/platform.c
-index 1dd6d3b..176b59f 100644
---- a/drivers/base/platform.c
-+++ b/drivers/base/platform.c
-@@ -513,10 +513,15 @@ static int platform_drv_probe(struct device *_dev)
- return ret;
-
- ret = dev_pm_domain_attach(_dev, true);
-- if (ret != -EPROBE_DEFER && drv->probe) {
-- ret = drv->probe(dev);
-- if (ret)
-- dev_pm_domain_detach(_dev, true);
-+ if (ret != -EPROBE_DEFER) {
-+ if (drv->probe) {
-+ ret = drv->probe(dev);
-+ if (ret)
-+ dev_pm_domain_detach(_dev, true);
-+ } else {
-+ /* don't fail if just dev_pm_domain_attach failed */
-+ ret = 0;
-+ }
- }
-
- if (drv->prevent_deferred_probe && ret == -EPROBE_DEFER) {
-diff --git a/drivers/block/zram/zcomp.c b/drivers/block/zram/zcomp.c
-index 5cb13ca..c536177 100644
---- a/drivers/block/zram/zcomp.c
-+++ b/drivers/block/zram/zcomp.c
-@@ -76,7 +76,7 @@ static void zcomp_strm_free(struct zcomp *comp, struct zcomp_strm *zstrm)
- */
- static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
- {
-- struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_KERNEL);
-+ struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_NOIO);
- if (!zstrm)
- return NULL;
-
-@@ -85,7 +85,7 @@ static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
- * allocate 2 pages. 1 for compressed data, plus 1 extra for the
- * case when compressed size is larger than the original one
- */
-- zstrm->buffer = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 1);
-+ zstrm->buffer = (void *)__get_free_pages(GFP_NOIO | __GFP_ZERO, 1);
- if (!zstrm->private || !zstrm->buffer) {
- zcomp_strm_free(comp, zstrm);
- zstrm = NULL;
-diff --git a/drivers/block/zram/zcomp_lz4.c b/drivers/block/zram/zcomp_lz4.c
-index f2afb7e..dd60831 100644
---- a/drivers/block/zram/zcomp_lz4.c
-+++ b/drivers/block/zram/zcomp_lz4.c
-@@ -10,17 +10,36 @@
- #include <linux/kernel.h>
- #include <linux/slab.h>
- #include <linux/lz4.h>
-+#include <linux/vmalloc.h>
-+#include <linux/mm.h>
-
- #include "zcomp_lz4.h"
-
- static void *zcomp_lz4_create(void)
- {
-- return kzalloc(LZ4_MEM_COMPRESS, GFP_KERNEL);
-+ void *ret;
-+
-+ /*
-+ * This function can be called in swapout/fs write path
-+ * so we can't use GFP_FS|IO. And it assumes we already
-+ * have at least one stream in zram initialization so we
-+ * don't do best effort to allocate more stream in here.
-+ * A default stream will work well without further multiple
-+ * streams. That's why we use NORETRY | NOWARN.
-+ */
-+ ret = kzalloc(LZ4_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
-+ __GFP_NOWARN);
-+ if (!ret)
-+ ret = __vmalloc(LZ4_MEM_COMPRESS,
-+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
-+ __GFP_ZERO | __GFP_HIGHMEM,
-+ PAGE_KERNEL);
-+ return ret;
- }
-
- static void zcomp_lz4_destroy(void *private)
- {
-- kfree(private);
-+ kvfree(private);
- }
-
- static int zcomp_lz4_compress(const unsigned char *src, unsigned char *dst,
-diff --git a/drivers/block/zram/zcomp_lzo.c b/drivers/block/zram/zcomp_lzo.c
-index da1bc47..edc5499 100644
---- a/drivers/block/zram/zcomp_lzo.c
-+++ b/drivers/block/zram/zcomp_lzo.c
-@@ -10,17 +10,36 @@
- #include <linux/kernel.h>
- #include <linux/slab.h>
- #include <linux/lzo.h>
-+#include <linux/vmalloc.h>
-+#include <linux/mm.h>
-
- #include "zcomp_lzo.h"
-
- static void *lzo_create(void)
- {
-- return kzalloc(LZO1X_MEM_COMPRESS, GFP_KERNEL);
-+ void *ret;
-+
-+ /*
-+ * This function can be called in swapout/fs write path
-+ * so we can't use GFP_FS|IO. And it assumes we already
-+ * have at least one stream in zram initialization so we
-+ * don't do best effort to allocate more stream in here.
-+ * A default stream will work well without further multiple
-+ * streams. That's why we use NORETRY | NOWARN.
-+ */
-+ ret = kzalloc(LZO1X_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
-+ __GFP_NOWARN);
-+ if (!ret)
-+ ret = __vmalloc(LZO1X_MEM_COMPRESS,
-+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
-+ __GFP_ZERO | __GFP_HIGHMEM,
-+ PAGE_KERNEL);
-+ return ret;
- }
-
- static void lzo_destroy(void *private)
- {
-- kfree(private);
-+ kvfree(private);
- }
-
- static int lzo_compress(const unsigned char *src, unsigned char *dst,
-diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
-index 47915d7..370c2f7 100644
---- a/drivers/block/zram/zram_drv.c
-+++ b/drivers/block/zram/zram_drv.c
-@@ -1325,7 +1325,6 @@ static int zram_remove(struct zram *zram)
-
- pr_info("Removed device: %s\n", zram->disk->disk_name);
-
-- idr_remove(&zram_index_idr, zram->disk->first_minor);
- blk_cleanup_queue(zram->disk->queue);
- del_gendisk(zram->disk);
- put_disk(zram->disk);
-@@ -1367,10 +1366,12 @@ static ssize_t hot_remove_store(struct class *class,
- mutex_lock(&zram_index_mutex);
-
- zram = idr_find(&zram_index_idr, dev_id);
-- if (zram)
-+ if (zram) {
- ret = zram_remove(zram);
-- else
-+ idr_remove(&zram_index_idr, dev_id);
-+ } else {
- ret = -ENODEV;
-+ }
-
- mutex_unlock(&zram_index_mutex);
- return ret ? ret : count;
-diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c
-index 660d8c0..3178f84 100644
---- a/drivers/crypto/atmel-sha.c
-+++ b/drivers/crypto/atmel-sha.c
-@@ -783,7 +783,7 @@ static void atmel_sha_finish_req(struct ahash_request *req, int err)
- dd->flags &= ~(SHA_FLAGS_BUSY | SHA_FLAGS_FINAL | SHA_FLAGS_CPU |
- SHA_FLAGS_DMA_READY | SHA_FLAGS_OUTPUT_READY);
-
-- clk_disable_unprepare(dd->iclk);
-+ clk_disable(dd->iclk);
-
- if (req->base.complete)
- req->base.complete(&req->base, err);
-@@ -796,7 +796,7 @@ static int atmel_sha_hw_init(struct atmel_sha_dev *dd)
- {
- int err;
-
-- err = clk_prepare_enable(dd->iclk);
-+ err = clk_enable(dd->iclk);
- if (err)
- return err;
-
-@@ -823,7 +823,7 @@ static void atmel_sha_hw_version_init(struct atmel_sha_dev *dd)
- dev_info(dd->dev,
- "version: 0x%x\n", dd->hw_version);
-
-- clk_disable_unprepare(dd->iclk);
-+ clk_disable(dd->iclk);
- }
-
- static int atmel_sha_handle_queue(struct atmel_sha_dev *dd,
-@@ -1411,6 +1411,10 @@ static int atmel_sha_probe(struct platform_device *pdev)
- goto res_err;
- }
-
-+ err = clk_prepare(sha_dd->iclk);
-+ if (err)
-+ goto res_err;
-+
- atmel_sha_hw_version_init(sha_dd);
-
- atmel_sha_get_cap(sha_dd);
-@@ -1422,12 +1426,12 @@ static int atmel_sha_probe(struct platform_device *pdev)
- if (IS_ERR(pdata)) {
- dev_err(&pdev->dev, "platform data not available\n");
- err = PTR_ERR(pdata);
-- goto res_err;
-+ goto iclk_unprepare;
- }
- }
- if (!pdata->dma_slave) {
- err = -ENXIO;
-- goto res_err;
-+ goto iclk_unprepare;
- }
- err = atmel_sha_dma_init(sha_dd, pdata);
- if (err)
-@@ -1458,6 +1462,8 @@ err_algs:
- if (sha_dd->caps.has_dma)
- atmel_sha_dma_cleanup(sha_dd);
- err_sha_dma:
-+iclk_unprepare:
-+ clk_unprepare(sha_dd->iclk);
- res_err:
- tasklet_kill(&sha_dd->done_task);
- sha_dd_err:
-@@ -1484,12 +1490,7 @@ static int atmel_sha_remove(struct platform_device *pdev)
- if (sha_dd->caps.has_dma)
- atmel_sha_dma_cleanup(sha_dd);
-
-- iounmap(sha_dd->io_base);
--
-- clk_put(sha_dd->iclk);
--
-- if (sha_dd->irq >= 0)
-- free_irq(sha_dd->irq, sha_dd);
-+ clk_unprepare(sha_dd->iclk);
-
- return 0;
- }
-diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
-index 8abb4bc..69d4a13 100644
---- a/drivers/crypto/caam/ctrl.c
-+++ b/drivers/crypto/caam/ctrl.c
-@@ -534,8 +534,8 @@ static int caam_probe(struct platform_device *pdev)
- * long pointers in master configuration register
- */
- clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK, MCFGR_AWCACHE_CACH |
-- MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ?
-- MCFGR_LONG_PTR : 0));
-+ MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE |
-+ (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0));
-
- /*
- * Read the Compile Time paramters and SCFGR to determine
-diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c
-index 0643e33..c0656e7 100644
---- a/drivers/crypto/marvell/cesa.c
-+++ b/drivers/crypto/marvell/cesa.c
-@@ -306,7 +306,7 @@ static int mv_cesa_dev_dma_init(struct mv_cesa_dev *cesa)
- return -ENOMEM;
-
- dma->padding_pool = dmam_pool_create("cesa_padding", dev, 72, 1, 0);
-- if (!dma->cache_pool)
-+ if (!dma->padding_pool)
- return -ENOMEM;
-
- cesa->dma = dma;
-diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
-index eab6fe2..107cd2a 100644
---- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c
-+++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
-@@ -39,6 +39,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
- .import = sun4i_hash_import_md5,
- .halg = {
- .digestsize = MD5_DIGEST_SIZE,
-+ .statesize = sizeof(struct md5_state),
- .base = {
- .cra_name = "md5",
- .cra_driver_name = "md5-sun4i-ss",
-@@ -66,6 +67,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
- .import = sun4i_hash_import_sha1,
- .halg = {
- .digestsize = SHA1_DIGEST_SIZE,
-+ .statesize = sizeof(struct sha1_state),
- .base = {
- .cra_name = "sha1",
- .cra_driver_name = "sha1-sun4i-ss",
-diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
-index 3d664d0..2b8ff18 100644
---- a/drivers/hid/hid-multitouch.c
-+++ b/drivers/hid/hid-multitouch.c
-@@ -357,8 +357,19 @@ static void mt_feature_mapping(struct hid_device *hdev,
- break;
- }
-
-- td->inputmode = field->report->id;
-- td->inputmode_index = usage->usage_index;
-+ if (td->inputmode < 0) {
-+ td->inputmode = field->report->id;
-+ td->inputmode_index = usage->usage_index;
-+ } else {
-+ /*
-+ * Some elan panels wrongly declare 2 input mode
-+ * features, and silently ignore when we set the
-+ * value in the second field. Skip the second feature
-+ * and hope for the best.
-+ */
-+ dev_info(&hdev->dev,
-+ "Ignoring the extra HID_DG_INPUTMODE\n");
-+ }
-
- break;
- case HID_DG_CONTACTMAX:
-diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
-index 36712e9..5dd426f 100644
---- a/drivers/hid/usbhid/hid-core.c
-+++ b/drivers/hid/usbhid/hid-core.c
-@@ -477,8 +477,6 @@ static void hid_ctrl(struct urb *urb)
- struct usbhid_device *usbhid = hid->driver_data;
- int unplug = 0, status = urb->status;
-
-- spin_lock(&usbhid->lock);
--
- switch (status) {
- case 0: /* success */
- if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
-@@ -498,6 +496,8 @@ static void hid_ctrl(struct urb *urb)
- hid_warn(urb->dev, "ctrl urb status %d received\n", status);
- }
-
-+ spin_lock(&usbhid->lock);
-+
- if (unplug) {
- usbhid->ctrltail = usbhid->ctrlhead;
- } else {
-diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
-index 7df9777..dad768c 100644
---- a/drivers/iommu/io-pgtable-arm.c
-+++ b/drivers/iommu/io-pgtable-arm.c
-@@ -405,17 +405,18 @@ static void __arm_lpae_free_pgtable(struct arm_lpae_io_pgtable *data, int lvl,
- arm_lpae_iopte *start, *end;
- unsigned long table_size;
-
-- /* Only leaf entries at the last level */
-- if (lvl == ARM_LPAE_MAX_LEVELS - 1)
-- return;
--
- if (lvl == ARM_LPAE_START_LVL(data))
- table_size = data->pgd_size;
- else
- table_size = 1UL << data->pg_shift;
-
- start = ptep;
-- end = (void *)ptep + table_size;
-+
-+ /* Only leaf entries at the last level */
-+ if (lvl == ARM_LPAE_MAX_LEVELS - 1)
-+ end = ptep;
-+ else
-+ end = (void *)ptep + table_size;
-
- while (ptep != end) {
- arm_lpae_iopte pte = *ptep++;
-diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 61aacab..b1e1f6b 100644
---- a/drivers/md/md.c
-+++ b/drivers/md/md.c
-@@ -2017,28 +2017,32 @@ int md_integrity_register(struct mddev *mddev)
- }
- EXPORT_SYMBOL(md_integrity_register);
-
--/* Disable data integrity if non-capable/non-matching disk is being added */
--void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev)
-+/*
-+ * Attempt to add an rdev, but only if it is consistent with the current
-+ * integrity profile
-+ */
-+int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev)
- {
- struct blk_integrity *bi_rdev;
- struct blk_integrity *bi_mddev;
-+ char name[BDEVNAME_SIZE];
-
- if (!mddev->gendisk)
-- return;
-+ return 0;
-
- bi_rdev = bdev_get_integrity(rdev->bdev);
- bi_mddev = blk_get_integrity(mddev->gendisk);
-
- if (!bi_mddev) /* nothing to do */
-- return;
-- if (rdev->raid_disk < 0) /* skip spares */
-- return;
-- if (bi_rdev && blk_integrity_compare(mddev->gendisk,
-- rdev->bdev->bd_disk) >= 0)
-- return;
-- WARN_ON_ONCE(!mddev->suspended);
-- printk(KERN_NOTICE "disabling data integrity on %s\n", mdname(mddev));
-- blk_integrity_unregister(mddev->gendisk);
-+ return 0;
-+
-+ if (blk_integrity_compare(mddev->gendisk, rdev->bdev->bd_disk) != 0) {
-+ printk(KERN_NOTICE "%s: incompatible integrity profile for %s\n",
-+ mdname(mddev), bdevname(rdev->bdev, name));
-+ return -ENXIO;
-+ }
-+
-+ return 0;
- }
- EXPORT_SYMBOL(md_integrity_add_rdev);
-
-diff --git a/drivers/md/md.h b/drivers/md/md.h
-index ca0b643..dfa57b4 100644
---- a/drivers/md/md.h
-+++ b/drivers/md/md.h
-@@ -657,7 +657,7 @@ extern void md_wait_for_blocked_rdev(struct md_rdev *rdev, struct mddev *mddev);
- extern void md_set_array_sectors(struct mddev *mddev, sector_t array_sectors);
- extern int md_check_no_bitmap(struct mddev *mddev);
- extern int md_integrity_register(struct mddev *mddev);
--extern void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev);
-+extern int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev);
- extern int strict_strtoul_scaled(const char *cp, unsigned long *res, int scale);
-
- extern void mddev_init(struct mddev *mddev);
-diff --git a/drivers/md/multipath.c b/drivers/md/multipath.c
-index 7331a80..0a72ab6 100644
---- a/drivers/md/multipath.c
-+++ b/drivers/md/multipath.c
-@@ -257,6 +257,9 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- disk_stack_limits(mddev->gendisk, rdev->bdev,
- rdev->data_offset << 9);
-
-+ err = md_integrity_add_rdev(rdev, mddev);
-+ if (err)
-+ break;
- spin_lock_irq(&conf->device_lock);
- mddev->degraded--;
- rdev->raid_disk = path;
-@@ -264,9 +267,6 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- spin_unlock_irq(&conf->device_lock);
- rcu_assign_pointer(p->rdev, rdev);
- err = 0;
-- mddev_suspend(mddev);
-- md_integrity_add_rdev(rdev, mddev);
-- mddev_resume(mddev);
- break;
- }
-
-diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index e2169ff..c4b9134 100644
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -1589,6 +1589,9 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- if (mddev->recovery_disabled == conf->recovery_disabled)
- return -EBUSY;
-
-+ if (md_integrity_add_rdev(rdev, mddev))
-+ return -ENXIO;
-+
- if (rdev->raid_disk >= 0)
- first = last = rdev->raid_disk;
-
-@@ -1632,9 +1635,6 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- break;
- }
- }
-- mddev_suspend(mddev);
-- md_integrity_add_rdev(rdev, mddev);
-- mddev_resume(mddev);
- if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev)))
- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
- print_conf(conf);
-diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 84e597e..ce959b4 100644
---- a/drivers/md/raid10.c
-+++ b/drivers/md/raid10.c
-@@ -1698,6 +1698,9 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- if (rdev->saved_raid_disk < 0 && !_enough(conf, 1, -1))
- return -EINVAL;
-
-+ if (md_integrity_add_rdev(rdev, mddev))
-+ return -ENXIO;
-+
- if (rdev->raid_disk >= 0)
- first = last = rdev->raid_disk;
-
-@@ -1739,9 +1742,6 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev)
- rcu_assign_pointer(p->rdev, rdev);
- break;
- }
-- mddev_suspend(mddev);
-- md_integrity_add_rdev(rdev, mddev);
-- mddev_resume(mddev);
- if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev)))
- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
-
-diff --git a/drivers/media/i2c/ir-kbd-i2c.c b/drivers/media/i2c/ir-kbd-i2c.c
-index 728d2cc..175a761 100644
---- a/drivers/media/i2c/ir-kbd-i2c.c
-+++ b/drivers/media/i2c/ir-kbd-i2c.c
-@@ -478,7 +478,6 @@ static const struct i2c_device_id ir_kbd_id[] = {
- { "ir_rx_z8f0811_hdpvr", 0 },
- { }
- };
--MODULE_DEVICE_TABLE(i2c, ir_kbd_id);
-
- static struct i2c_driver ir_kbd_driver = {
- .driver = {
-diff --git a/drivers/media/pci/saa7134/saa7134-alsa.c b/drivers/media/pci/saa7134/saa7134-alsa.c
-index 1d2c310..94f8162 100644
---- a/drivers/media/pci/saa7134/saa7134-alsa.c
-+++ b/drivers/media/pci/saa7134/saa7134-alsa.c
-@@ -1211,6 +1211,8 @@ static int alsa_device_init(struct saa7134_dev *dev)
-
- static int alsa_device_exit(struct saa7134_dev *dev)
- {
-+ if (!snd_saa7134_cards[dev->nr])
-+ return 1;
-
- snd_card_free(snd_saa7134_cards[dev->nr]);
- snd_saa7134_cards[dev->nr] = NULL;
-@@ -1260,7 +1262,8 @@ static void saa7134_alsa_exit(void)
- int idx;
-
- for (idx = 0; idx < SNDRV_CARDS; idx++) {
-- snd_card_free(snd_saa7134_cards[idx]);
-+ if (snd_saa7134_cards[idx])
-+ snd_card_free(snd_saa7134_cards[idx]);
- }
-
- saa7134_dmasound_init = NULL;
-diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
-index ece544e..3ff583f 100644
---- a/drivers/mtd/nand/nand_base.c
-+++ b/drivers/mtd/nand/nand_base.c
-@@ -3995,6 +3995,9 @@ int nand_scan_ident(struct mtd_info *mtd, int maxchips,
- return ret;
- }
-
-+ if (!mtd->name && mtd->dev.parent)
-+ mtd->name = dev_name(mtd->dev.parent);
-+
- /* Set the default functions */
- nand_set_defaults(chip, chip->options & NAND_BUSWIDTH_16);
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/regd.c b/drivers/net/wireless/realtek/rtlwifi/regd.c
-index a62bf0a..5be3411 100644
---- a/drivers/net/wireless/realtek/rtlwifi/regd.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/regd.c
-@@ -351,7 +351,6 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select(
- case COUNTRY_CODE_SPAIN:
- case COUNTRY_CODE_FRANCE:
- case COUNTRY_CODE_ISRAEL:
-- case COUNTRY_CODE_WORLD_WIDE_13:
- return &rtl_regdom_12_13;
- case COUNTRY_CODE_MKK:
- case COUNTRY_CODE_MKK1:
-@@ -360,6 +359,7 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select(
- return &rtl_regdom_14_60_64;
- case COUNTRY_CODE_GLOBAL_DOMAIN:
- return &rtl_regdom_14;
-+ case COUNTRY_CODE_WORLD_WIDE_13:
- case COUNTRY_CODE_WORLD_WIDE_13_5G_ALL:
- return &rtl_regdom_12_13_5g_all;
- default:
-diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
-index 142bdff..4159f9b 100644
---- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
-@@ -95,8 +95,6 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw)
- struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
-
- rtl8821ae_bt_reg_init(hw);
-- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
-- rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear;
- rtlpriv->btcoexist.btc_ops = rtl_btc_get_ops_pointer();
-
- rtlpriv->dm.dm_initialgain_enable = 1;
-@@ -168,12 +166,15 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw)
- rtlpriv->psc.swctrl_lps = rtlpriv->cfg->mod_params->swctrl_lps;
- rtlpriv->psc.fwctrl_lps = rtlpriv->cfg->mod_params->fwctrl_lps;
- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
-- rtlpci->msi_support = rtlpriv->cfg->mod_params->int_clear;
-+ rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear;
-+ rtlpriv->cfg->mod_params->sw_crypto =
-+ rtlpriv->cfg->mod_params->sw_crypto;
-+ rtlpriv->cfg->mod_params->disable_watchdog =
-+ rtlpriv->cfg->mod_params->disable_watchdog;
- if (rtlpriv->cfg->mod_params->disable_watchdog)
- pr_info("watchdog disabled\n");
- rtlpriv->psc.reg_fwctrl_lps = 3;
- rtlpriv->psc.reg_max_lps_awakeintvl = 5;
-- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
-
- /* for ASPM, you can close aspm through
- * set const_support_pciaspm = 0
-diff --git a/drivers/net/wireless/ti/wlcore/io.h b/drivers/net/wireless/ti/wlcore/io.h
-index 0305729..10cf374 100644
---- a/drivers/net/wireless/ti/wlcore/io.h
-+++ b/drivers/net/wireless/ti/wlcore/io.h
-@@ -207,19 +207,23 @@ static inline int __must_check wlcore_write_reg(struct wl1271 *wl, int reg,
-
- static inline void wl1271_power_off(struct wl1271 *wl)
- {
-- int ret;
-+ int ret = 0;
-
- if (!test_bit(WL1271_FLAG_GPIO_POWER, &wl->flags))
- return;
-
-- ret = wl->if_ops->power(wl->dev, false);
-+ if (wl->if_ops->power)
-+ ret = wl->if_ops->power(wl->dev, false);
- if (!ret)
- clear_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
- }
-
- static inline int wl1271_power_on(struct wl1271 *wl)
- {
-- int ret = wl->if_ops->power(wl->dev, true);
-+ int ret = 0;
-+
-+ if (wl->if_ops->power)
-+ ret = wl->if_ops->power(wl->dev, true);
- if (ret == 0)
- set_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
-
-diff --git a/drivers/net/wireless/ti/wlcore/spi.c b/drivers/net/wireless/ti/wlcore/spi.c
-index 236b410..44f059f7 100644
---- a/drivers/net/wireless/ti/wlcore/spi.c
-+++ b/drivers/net/wireless/ti/wlcore/spi.c
-@@ -73,7 +73,10 @@
- */
- #define SPI_AGGR_BUFFER_SIZE (4 * PAGE_SIZE)
-
--#define WSPI_MAX_NUM_OF_CHUNKS (SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE)
-+/* Maximum number of SPI write chunks */
-+#define WSPI_MAX_NUM_OF_CHUNKS \
-+ ((SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE) + 1)
-+
-
- struct wl12xx_spi_glue {
- struct device *dev;
-@@ -268,9 +271,10 @@ static int __must_check wl12xx_spi_raw_write(struct device *child, int addr,
- void *buf, size_t len, bool fixed)
- {
- struct wl12xx_spi_glue *glue = dev_get_drvdata(child->parent);
-- struct spi_transfer t[2 * (WSPI_MAX_NUM_OF_CHUNKS + 1)];
-+ /* SPI write buffers - 2 for each chunk */
-+ struct spi_transfer t[2 * WSPI_MAX_NUM_OF_CHUNKS];
- struct spi_message m;
-- u32 commands[WSPI_MAX_NUM_OF_CHUNKS];
-+ u32 commands[WSPI_MAX_NUM_OF_CHUNKS]; /* 1 command per chunk */
- u32 *cmd;
- u32 chunk_len;
- int i;
-diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c
-index d3346d2..89b3bef 100644
---- a/drivers/pci/bus.c
-+++ b/drivers/pci/bus.c
-@@ -140,6 +140,8 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
- type_mask |= IORESOURCE_TYPE_BITS;
-
- pci_bus_for_each_resource(bus, r, i) {
-+ resource_size_t min_used = min;
-+
- if (!r)
- continue;
-
-@@ -163,12 +165,12 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
- * overrides "min".
- */
- if (avail.start)
-- min = avail.start;
-+ min_used = avail.start;
-
- max = avail.end;
-
- /* Ok, try it out.. */
-- ret = allocate_resource(r, res, size, min, max,
-+ ret = allocate_resource(r, res, size, min_used, max,
- align, alignf, alignf_data);
- if (ret == 0)
- return 0;
-diff --git a/drivers/pci/host/pci-dra7xx.c b/drivers/pci/host/pci-dra7xx.c
-index 8c36880..923607b 100644
---- a/drivers/pci/host/pci-dra7xx.c
-+++ b/drivers/pci/host/pci-dra7xx.c
-@@ -302,7 +302,8 @@ static int __init dra7xx_add_pcie_port(struct dra7xx_pcie *dra7xx,
- }
-
- ret = devm_request_irq(&pdev->dev, pp->irq,
-- dra7xx_pcie_msi_irq_handler, IRQF_SHARED,
-+ dra7xx_pcie_msi_irq_handler,
-+ IRQF_SHARED | IRQF_NO_THREAD,
- "dra7-pcie-msi", pp);
- if (ret) {
- dev_err(&pdev->dev, "failed to request irq\n");
-diff --git a/drivers/pci/host/pci-exynos.c b/drivers/pci/host/pci-exynos.c
-index 01095e1..d997d22 100644
---- a/drivers/pci/host/pci-exynos.c
-+++ b/drivers/pci/host/pci-exynos.c
-@@ -522,7 +522,8 @@ static int __init exynos_add_pcie_port(struct pcie_port *pp,
-
- ret = devm_request_irq(&pdev->dev, pp->msi_irq,
- exynos_pcie_msi_irq_handler,
-- IRQF_SHARED, "exynos-pcie", pp);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ "exynos-pcie", pp);
- if (ret) {
- dev_err(&pdev->dev, "failed to request msi irq\n");
- return ret;
-diff --git a/drivers/pci/host/pci-imx6.c b/drivers/pci/host/pci-imx6.c
-index 22e8224..9ce7cd1 100644
---- a/drivers/pci/host/pci-imx6.c
-+++ b/drivers/pci/host/pci-imx6.c
-@@ -537,7 +537,8 @@ static int __init imx6_add_pcie_port(struct pcie_port *pp,
-
- ret = devm_request_irq(&pdev->dev, pp->msi_irq,
- imx6_pcie_msi_handler,
-- IRQF_SHARED, "mx6-pcie-msi", pp);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ "mx6-pcie-msi", pp);
- if (ret) {
- dev_err(&pdev->dev, "failed to request MSI irq\n");
- return ret;
-diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c
-index 3018ae5..3032311 100644
---- a/drivers/pci/host/pci-tegra.c
-+++ b/drivers/pci/host/pci-tegra.c
-@@ -1288,7 +1288,7 @@ static int tegra_pcie_enable_msi(struct tegra_pcie *pcie)
-
- msi->irq = err;
-
-- err = request_irq(msi->irq, tegra_pcie_msi_irq, 0,
-+ err = request_irq(msi->irq, tegra_pcie_msi_irq, IRQF_NO_THREAD,
- tegra_msi_irq_chip.name, pcie);
- if (err < 0) {
- dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
-diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c
-index f4fa6c5..414c336 100644
---- a/drivers/pci/host/pcie-rcar.c
-+++ b/drivers/pci/host/pcie-rcar.c
-@@ -720,14 +720,16 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
-
- /* Two irqs are for MSI, but they are also used for non-MSI irqs */
- err = devm_request_irq(&pdev->dev, msi->irq1, rcar_pcie_msi_irq,
-- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ rcar_msi_irq_chip.name, pcie);
- if (err < 0) {
- dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
- goto err;
- }
-
- err = devm_request_irq(&pdev->dev, msi->irq2, rcar_pcie_msi_irq,
-- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ rcar_msi_irq_chip.name, pcie);
- if (err < 0) {
- dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
- goto err;
-diff --git a/drivers/pci/host/pcie-spear13xx.c b/drivers/pci/host/pcie-spear13xx.c
-index b95b756..a6cd823 100644
---- a/drivers/pci/host/pcie-spear13xx.c
-+++ b/drivers/pci/host/pcie-spear13xx.c
-@@ -279,7 +279,8 @@ static int spear13xx_add_pcie_port(struct pcie_port *pp,
- return -ENODEV;
- }
- ret = devm_request_irq(dev, pp->irq, spear13xx_pcie_irq_handler,
-- IRQF_SHARED, "spear1340-pcie", pp);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ "spear1340-pcie", pp);
- if (ret) {
- dev_err(dev, "failed to request irq %d\n", pp->irq);
- return ret;
-diff --git a/drivers/pci/host/pcie-xilinx.c b/drivers/pci/host/pcie-xilinx.c
-index 3c7a0d5..4cfa463 100644
---- a/drivers/pci/host/pcie-xilinx.c
-+++ b/drivers/pci/host/pcie-xilinx.c
-@@ -781,7 +781,8 @@ static int xilinx_pcie_parse_dt(struct xilinx_pcie_port *port)
-
- port->irq = irq_of_parse_and_map(node, 0);
- err = devm_request_irq(dev, port->irq, xilinx_pcie_intr_handler,
-- IRQF_SHARED, "xilinx-pcie", port);
-+ IRQF_SHARED | IRQF_NO_THREAD,
-+ "xilinx-pcie", port);
- if (err) {
- dev_err(dev, "unable to request irq %d\n", port->irq);
- return err;
-diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index e49c2bce..cf000b3 100644
---- a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct tty_struct *tty)
-
- static void n_tty_check_unthrottle(struct tty_struct *tty)
- {
-- if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
-- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) {
-+ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
- if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
- return;
- if (!tty->count)
- return;
- n_tty_kick_worker(tty);
-- n_tty_write_wakeup(tty->link);
-- if (waitqueue_active(&tty->link->write_wait))
-- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT);
-+ tty_wakeup(tty->link);
- return;
- }
-
-diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index bcc8e1e..7cef543 100644
---- a/drivers/tty/tty_io.c
-+++ b/drivers/tty/tty_io.c
-@@ -1462,13 +1462,13 @@ static int tty_reopen(struct tty_struct *tty)
- {
- struct tty_driver *driver = tty->driver;
-
-- if (!tty->count)
-- return -EIO;
--
- if (driver->type == TTY_DRIVER_TYPE_PTY &&
- driver->subtype == PTY_TYPE_MASTER)
- return -EIO;
-
-+ if (!tty->count)
-+ return -EAGAIN;
-+
- if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
- return -EBUSY;
-
-@@ -2069,7 +2069,12 @@ retry_open:
-
- if (tty) {
- mutex_unlock(&tty_mutex);
-- tty_lock(tty);
-+ retval = tty_lock_interruptible(tty);
-+ if (retval) {
-+ if (retval == -EINTR)
-+ retval = -ERESTARTSYS;
-+ goto err_unref;
-+ }
- /* safe to drop the kref from tty_driver_lookup_tty() */
- tty_kref_put(tty);
- retval = tty_reopen(tty);
-@@ -2087,7 +2092,11 @@ retry_open:
-
- if (IS_ERR(tty)) {
- retval = PTR_ERR(tty);
-- goto err_file;
-+ if (retval != -EAGAIN || signal_pending(current))
-+ goto err_file;
-+ tty_free_file(filp);
-+ schedule();
-+ goto retry_open;
- }
-
- tty_add_file(tty, filp);
-@@ -2156,6 +2165,7 @@ retry_open:
- return 0;
- err_unlock:
- mutex_unlock(&tty_mutex);
-+err_unref:
- /* after locks to avoid deadlock */
- if (!IS_ERR_OR_NULL(driver))
- tty_driver_kref_put(driver);
-@@ -2653,6 +2663,28 @@ static int tiocsetd(struct tty_struct *tty, int __user *p)
- }
-
- /**
-+ * tiocgetd - get line discipline
-+ * @tty: tty device
-+ * @p: pointer to user data
-+ *
-+ * Retrieves the line discipline id directly from the ldisc.
-+ *
-+ * Locking: waits for ldisc reference (in case the line discipline
-+ * is changing or the tty is being hungup)
-+ */
-+
-+static int tiocgetd(struct tty_struct *tty, int __user *p)
-+{
-+ struct tty_ldisc *ld;
-+ int ret;
-+
-+ ld = tty_ldisc_ref_wait(tty);
-+ ret = put_user(ld->ops->num, p);
-+ tty_ldisc_deref(ld);
-+ return ret;
-+}
-+
-+/**
- * send_break - performed time break
- * @tty: device to break on
- * @duration: timeout in mS
-@@ -2878,7 +2910,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
- case TIOCGSID:
- return tiocgsid(tty, real_tty, p);
- case TIOCGETD:
-- return put_user(tty->ldisc->ops->num, (int __user *)p);
-+ return tiocgetd(tty, p);
- case TIOCSETD:
- return tiocsetd(tty, p);
- case TIOCVHANGUP:
-diff --git a/drivers/tty/tty_mutex.c b/drivers/tty/tty_mutex.c
-index 0efcf71..d09293b 100644
---- a/drivers/tty/tty_mutex.c
-+++ b/drivers/tty/tty_mutex.c
-@@ -22,6 +22,14 @@ void __lockfunc tty_lock(struct tty_struct *tty)
- }
- EXPORT_SYMBOL(tty_lock);
-
-+int tty_lock_interruptible(struct tty_struct *tty)
-+{
-+ if (WARN(tty->magic != TTY_MAGIC, "L Bad %p\n", tty))
-+ return -EIO;
-+ tty_kref_get(tty);
-+ return mutex_lock_interruptible(&tty->legacy_mutex);
-+}
-+
- void __lockfunc tty_unlock(struct tty_struct *tty)
- {
- if (tty->magic != TTY_MAGIC) {
-diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
-index 26ca4f9..e4c70dc 100644
---- a/drivers/usb/class/cdc-acm.c
-+++ b/drivers/usb/class/cdc-acm.c
-@@ -428,7 +428,8 @@ static void acm_read_bulk_callback(struct urb *urb)
- set_bit(rb->index, &acm->read_urbs_free);
- dev_dbg(&acm->data->dev, "%s - non-zero urb status: %d\n",
- __func__, status);
-- return;
-+ if ((status != -ENOENT) || (urb->actual_length == 0))
-+ return;
- }
-
- usb_mark_last_busy(acm->dev);
-@@ -1404,6 +1405,8 @@ made_compressed_probe:
- usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress),
- NULL, acm->writesize, acm_write_bulk, snd);
- snd->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
-+ if (quirks & SEND_ZERO_PACKET)
-+ snd->urb->transfer_flags |= URB_ZERO_PACKET;
- snd->instance = acm;
- }
-
-@@ -1861,6 +1864,10 @@ static const struct usb_device_id acm_ids[] = {
- { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
- USB_CDC_ACM_PROTO_AT_CDMA) },
-
-+ { USB_DEVICE(0x1519, 0x0452), /* Intel 7260 modem */
-+ .driver_info = SEND_ZERO_PACKET,
-+ },
-+
- { }
- };
-
-diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
-index dd9af38..ccfaba9 100644
---- a/drivers/usb/class/cdc-acm.h
-+++ b/drivers/usb/class/cdc-acm.h
-@@ -134,3 +134,4 @@ struct acm {
- #define IGNORE_DEVICE BIT(5)
- #define QUIRK_CONTROL_LINE_STATE BIT(6)
- #define CLEAR_HALT_CONDITIONS BIT(7)
-+#define SEND_ZERO_PACKET BIT(8)
-diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 8683436..1560f3f 100644
---- a/drivers/usb/core/hub.c
-+++ b/drivers/usb/core/hub.c
-@@ -5386,7 +5386,6 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
- }
-
- bos = udev->bos;
-- udev->bos = NULL;
-
- for (i = 0; i < SET_CONFIG_TRIES; ++i) {
-
-@@ -5479,8 +5478,11 @@ done:
- usb_set_usb2_hardware_lpm(udev, 1);
- usb_unlocked_enable_lpm(udev);
- usb_enable_ltm(udev);
-- usb_release_bos_descriptor(udev);
-- udev->bos = bos;
-+ /* release the new BOS descriptor allocated by hub_port_init() */
-+ if (udev->bos != bos) {
-+ usb_release_bos_descriptor(udev);
-+ udev->bos = bos;
-+ }
- return 0;
-
- re_enumerate:
-diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
-index c621090..c2d6520 100644
---- a/drivers/usb/host/xhci-pci.c
-+++ b/drivers/usb/host/xhci-pci.c
-@@ -28,7 +28,9 @@
- #include "xhci.h"
- #include "xhci-trace.h"
-
--#define PORT2_SSIC_CONFIG_REG2 0x883c
-+#define SSIC_PORT_NUM 2
-+#define SSIC_PORT_CFG2 0x880c
-+#define SSIC_PORT_CFG2_OFFSET 0x30
- #define PROG_DONE (1 << 30)
- #define SSIC_PORT_UNUSED (1 << 31)
-
-@@ -45,6 +47,7 @@
- #define PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI 0x22b5
- #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI 0xa12f
- #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI 0x9d2f
-+#define PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI 0x0aa8
-
- static const char hcd_name[] = "xhci_hcd";
-
-@@ -152,7 +155,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
- if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
- (pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI ||
- pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI ||
-- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI)) {
-+ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI ||
-+ pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI)) {
- xhci->quirks |= XHCI_PME_STUCK_QUIRK;
- }
- if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
-@@ -322,28 +326,36 @@ static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
- struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
- u32 val;
- void __iomem *reg;
-+ int i;
-
- if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
-
-- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
--
-- /* Notify SSIC that SSIC profile programming is not done */
-- val = readl(reg) & ~PROG_DONE;
-- writel(val, reg);
--
-- /* Mark SSIC port as unused(suspend) or used(resume) */
-- val = readl(reg);
-- if (suspend)
-- val |= SSIC_PORT_UNUSED;
-- else
-- val &= ~SSIC_PORT_UNUSED;
-- writel(val, reg);
--
-- /* Notify SSIC that SSIC profile programming is done */
-- val = readl(reg) | PROG_DONE;
-- writel(val, reg);
-- readl(reg);
-+ for (i = 0; i < SSIC_PORT_NUM; i++) {
-+ reg = (void __iomem *) xhci->cap_regs +
-+ SSIC_PORT_CFG2 +
-+ i * SSIC_PORT_CFG2_OFFSET;
-+
-+ /*
-+ * Notify SSIC that SSIC profile programming
-+ * is not done.
-+ */
-+ val = readl(reg) & ~PROG_DONE;
-+ writel(val, reg);
-+
-+ /* Mark SSIC port as unused(suspend) or used(resume) */
-+ val = readl(reg);
-+ if (suspend)
-+ val |= SSIC_PORT_UNUSED;
-+ else
-+ val &= ~SSIC_PORT_UNUSED;
-+ writel(val, reg);
-+
-+ /* Notify SSIC that SSIC profile programming is done */
-+ val = readl(reg) | PROG_DONE;
-+ writel(val, reg);
-+ readl(reg);
-+ }
- }
-
- reg = (void __iomem *) xhci->cap_regs + 0x80a4;
-diff --git a/drivers/usb/phy/phy-msm-usb.c b/drivers/usb/phy/phy-msm-usb.c
-index 0d19a6d..970a30e 100644
---- a/drivers/usb/phy/phy-msm-usb.c
-+++ b/drivers/usb/phy/phy-msm-usb.c
-@@ -1599,6 +1599,8 @@ static int msm_otg_read_dt(struct platform_device *pdev, struct msm_otg *motg)
- &motg->id.nb);
- if (ret < 0) {
- dev_err(&pdev->dev, "register ID notifier failed\n");
-+ extcon_unregister_notifier(motg->vbus.extcon,
-+ EXTCON_USB, &motg->vbus.nb);
- return ret;
- }
-
-@@ -1660,15 +1662,6 @@ static int msm_otg_probe(struct platform_device *pdev)
- if (!motg)
- return -ENOMEM;
-
-- pdata = dev_get_platdata(&pdev->dev);
-- if (!pdata) {
-- if (!np)
-- return -ENXIO;
-- ret = msm_otg_read_dt(pdev, motg);
-- if (ret)
-- return ret;
-- }
--
- motg->phy.otg = devm_kzalloc(&pdev->dev, sizeof(struct usb_otg),
- GFP_KERNEL);
- if (!motg->phy.otg)
-@@ -1710,6 +1703,15 @@ static int msm_otg_probe(struct platform_device *pdev)
- if (!motg->regs)
- return -ENOMEM;
-
-+ pdata = dev_get_platdata(&pdev->dev);
-+ if (!pdata) {
-+ if (!np)
-+ return -ENXIO;
-+ ret = msm_otg_read_dt(pdev, motg);
-+ if (ret)
-+ return ret;
-+ }
-+
- /*
- * NOTE: The PHYs can be multiplexed between the chipidea controller
- * and the dwc3 controller, using a single bit. It is important that
-@@ -1717,8 +1719,10 @@ static int msm_otg_probe(struct platform_device *pdev)
- */
- if (motg->phy_number) {
- phy_select = devm_ioremap_nocache(&pdev->dev, USB2_PHY_SEL, 4);
-- if (!phy_select)
-- return -ENOMEM;
-+ if (!phy_select) {
-+ ret = -ENOMEM;
-+ goto unregister_extcon;
-+ }
- /* Enable second PHY with the OTG port */
- writel(0x1, phy_select);
- }
-@@ -1728,7 +1732,8 @@ static int msm_otg_probe(struct platform_device *pdev)
- motg->irq = platform_get_irq(pdev, 0);
- if (motg->irq < 0) {
- dev_err(&pdev->dev, "platform_get_irq failed\n");
-- return motg->irq;
-+ ret = motg->irq;
-+ goto unregister_extcon;
- }
-
- regs[0].supply = "vddcx";
-@@ -1737,7 +1742,7 @@ static int msm_otg_probe(struct platform_device *pdev)
-
- ret = devm_regulator_bulk_get(motg->phy.dev, ARRAY_SIZE(regs), regs);
- if (ret)
-- return ret;
-+ goto unregister_extcon;
-
- motg->vddcx = regs[0].consumer;
- motg->v3p3 = regs[1].consumer;
-@@ -1834,6 +1839,12 @@ disable_clks:
- clk_disable_unprepare(motg->clk);
- if (!IS_ERR(motg->core_clk))
- clk_disable_unprepare(motg->core_clk);
-+unregister_extcon:
-+ extcon_unregister_notifier(motg->id.extcon,
-+ EXTCON_USB_HOST, &motg->id.nb);
-+ extcon_unregister_notifier(motg->vbus.extcon,
-+ EXTCON_USB, &motg->vbus.nb);
-+
- return ret;
- }
-
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index 59b2126..1dd9919 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -98,6 +98,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */
- { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */
- { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */
-+ { USB_DEVICE(0x10C4, 0x81D7) }, /* IAI Corp. RCB-CV-USB USB to RS485 Adaptor */
- { USB_DEVICE(0x10C4, 0x81E2) }, /* Lipowsky Industrie Elektronik GmbH, Baby-LIN */
- { USB_DEVICE(0x10C4, 0x81E7) }, /* Aerocomm Radio */
- { USB_DEVICE(0x10C4, 0x81E8) }, /* Zephyr Bioharness */
-diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
-index a5a0376..8c660ae 100644
---- a/drivers/usb/serial/ftdi_sio.c
-+++ b/drivers/usb/serial/ftdi_sio.c
-@@ -824,6 +824,7 @@ static const struct usb_device_id id_table_combined[] = {
- { USB_DEVICE(FTDI_VID, FTDI_TURTELIZER_PID),
- .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
- { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) },
-+ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) },
- { USB_DEVICE(FTDI_VID, FTDI_REU_TINY_PID) },
-
- /* Papouch devices based on FTDI chip */
-diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
-index 67c6d44..a84df25 100644
---- a/drivers/usb/serial/ftdi_sio_ids.h
-+++ b/drivers/usb/serial/ftdi_sio_ids.h
-@@ -615,6 +615,7 @@
- */
- #define RATOC_VENDOR_ID 0x0584
- #define RATOC_PRODUCT_ID_USB60F 0xb020
-+#define RATOC_PRODUCT_ID_SCU18 0xb03a
-
- /*
- * Infineon Technologies
-diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
-index f228060..db86e51 100644
---- a/drivers/usb/serial/option.c
-+++ b/drivers/usb/serial/option.c
-@@ -268,6 +268,8 @@ static void option_instat_callback(struct urb *urb);
- #define TELIT_PRODUCT_CC864_SINGLE 0x1006
- #define TELIT_PRODUCT_DE910_DUAL 0x1010
- #define TELIT_PRODUCT_UE910_V2 0x1012
-+#define TELIT_PRODUCT_LE922_USBCFG0 0x1042
-+#define TELIT_PRODUCT_LE922_USBCFG3 0x1043
- #define TELIT_PRODUCT_LE920 0x1200
- #define TELIT_PRODUCT_LE910 0x1201
-
-@@ -615,6 +617,16 @@ static const struct option_blacklist_info telit_le920_blacklist = {
- .reserved = BIT(1) | BIT(5),
- };
-
-+static const struct option_blacklist_info telit_le922_blacklist_usbcfg0 = {
-+ .sendsetup = BIT(2),
-+ .reserved = BIT(0) | BIT(1) | BIT(3),
-+};
-+
-+static const struct option_blacklist_info telit_le922_blacklist_usbcfg3 = {
-+ .sendsetup = BIT(0),
-+ .reserved = BIT(1) | BIT(2) | BIT(3),
-+};
-+
- static const struct usb_device_id option_ids[] = {
- { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) },
- { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) },
-@@ -1160,6 +1172,10 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) },
-+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0),
-+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
-+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3),
-+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
- .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
-@@ -1679,7 +1695,7 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_EU3_P) },
- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PH8),
- .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
-- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX) },
-+ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX, 0xff) },
- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PLXX),
- .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) },
-diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c
-index 60afb39..337a0be 100644
---- a/drivers/usb/serial/visor.c
-+++ b/drivers/usb/serial/visor.c
-@@ -544,6 +544,11 @@ static int treo_attach(struct usb_serial *serial)
- (serial->num_interrupt_in == 0))
- return 0;
-
-+ if (serial->num_bulk_in < 2 || serial->num_interrupt_in < 2) {
-+ dev_err(&serial->interface->dev, "missing endpoints\n");
-+ return -ENODEV;
-+ }
-+
- /*
- * It appears that Treos and Kyoceras want to use the
- * 1st bulk in endpoint to communicate with the 2nd bulk out endpoint,
-@@ -597,8 +602,10 @@ static int clie_5_attach(struct usb_serial *serial)
- */
-
- /* some sanity check */
-- if (serial->num_ports < 2)
-- return -1;
-+ if (serial->num_bulk_out < 2) {
-+ dev_err(&serial->interface->dev, "missing bulk out endpoints\n");
-+ return -ENODEV;
-+ }
-
- /* port 0 now uses the modified endpoint Address */
- port = serial->port[0];
-diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
-index c5882b3..9a16d1e 100644
---- a/fs/ext4/crypto_key.c
-+++ b/fs/ext4/crypto_key.c
-@@ -213,9 +213,11 @@ retry:
- res = -ENOKEY;
- goto out;
- }
-+ down_read(&keyring_key->sem);
- ukp = user_key_payload(keyring_key);
- if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
- res = -EINVAL;
-+ up_read(&keyring_key->sem);
- goto out;
- }
- master_key = (struct ext4_encryption_key *)ukp->data;
-@@ -226,10 +228,12 @@ retry:
- "ext4: key size incorrect: %d\n",
- master_key->size);
- res = -ENOKEY;
-+ up_read(&keyring_key->sem);
- goto out;
- }
- res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
- raw_key);
-+ up_read(&keyring_key->sem);
- if (res)
- goto out;
- got_key:
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index 8981803..343b0f1 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -8054,7 +8054,6 @@ static void nfs4_layoutreturn_release(void *calldata)
- pnfs_set_layout_stateid(lo, &lrp->res.stateid, true);
- pnfs_mark_matching_lsegs_invalid(lo, &freeme, &lrp->args.range);
- pnfs_clear_layoutreturn_waitbit(lo);
-- lo->plh_block_lgets--;
- spin_unlock(&lo->plh_inode->i_lock);
- pnfs_free_lseg_list(&freeme);
- pnfs_put_layout_hdr(lrp->args.layout);
-diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
-index 84f2f80..4e2162b 100644
---- a/fs/ocfs2/dlm/dlmmaster.c
-+++ b/fs/ocfs2/dlm/dlmmaster.c
-@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm,
- spin_lock(&dlm->master_lock);
- ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name,
- namelen, target, dlm->node_num);
-+ /* get an extra reference on the mle.
-+ * otherwise the assert_master from the new
-+ * master will destroy this.
-+ */
-+ dlm_get_mle_inuse(mle);
- spin_unlock(&dlm->master_lock);
- spin_unlock(&dlm->spinlock);
-
-@@ -2554,6 +2559,7 @@ fail:
- if (mle_added) {
- dlm_mle_detach_hb_events(dlm, mle);
- dlm_put_mle(mle);
-+ dlm_put_mle_inuse(mle);
- } else if (mle) {
- kmem_cache_free(dlm_mle_cache, mle);
- mle = NULL;
-@@ -2571,17 +2577,6 @@ fail:
- * ensure that all assert_master work is flushed. */
- flush_workqueue(dlm->dlm_worker);
-
-- /* get an extra reference on the mle.
-- * otherwise the assert_master from the new
-- * master will destroy this.
-- * also, make sure that all callers of dlm_get_mle
-- * take both dlm->spinlock and dlm->master_lock */
-- spin_lock(&dlm->spinlock);
-- spin_lock(&dlm->master_lock);
-- dlm_get_mle_inuse(mle);
-- spin_unlock(&dlm->master_lock);
-- spin_unlock(&dlm->spinlock);
--
- /* notify new node and send all lock state */
- /* call send_one_lockres with migration flag.
- * this serves as notice to the target node that a
-@@ -3312,6 +3307,15 @@ top:
- mle->new_master != dead_node)
- continue;
-
-+ if (mle->new_master == dead_node && mle->inuse) {
-+ mlog(ML_NOTICE, "%s: target %u died during "
-+ "migration from %u, the MLE is "
-+ "still keep used, ignore it!\n",
-+ dlm->name, dead_node,
-+ mle->master);
-+ continue;
-+ }
-+
- /* If we have reached this point, this mle needs to be
- * removed from the list and freed. */
- dlm_clean_migration_mle(dlm, mle);
-diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
-index 9e4f862..42f0cae 100644
---- a/fs/ocfs2/dlm/dlmrecovery.c
-+++ b/fs/ocfs2/dlm/dlmrecovery.c
-@@ -2360,6 +2360,8 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node)
- break;
- }
- }
-+ dlm_lockres_clear_refmap_bit(dlm, res,
-+ dead_node);
- spin_unlock(&res->spinlock);
- continue;
- }
-diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
-index 20276e3..b002acf 100644
---- a/fs/ocfs2/dlmglue.c
-+++ b/fs/ocfs2/dlmglue.c
-@@ -1390,6 +1390,7 @@ static int __ocfs2_cluster_lock(struct ocfs2_super *osb,
- unsigned int gen;
- int noqueue_attempted = 0;
- int dlm_locked = 0;
-+ int kick_dc = 0;
-
- if (!(lockres->l_flags & OCFS2_LOCK_INITIALIZED)) {
- mlog_errno(-EINVAL);
-@@ -1524,7 +1525,12 @@ update_holders:
- unlock:
- lockres_clear_flags(lockres, OCFS2_LOCK_UPCONVERT_FINISHING);
-
-+ /* ocfs2_unblock_lock reques on seeing OCFS2_LOCK_UPCONVERT_FINISHING */
-+ kick_dc = (lockres->l_flags & OCFS2_LOCK_BLOCKED);
-+
- spin_unlock_irqrestore(&lockres->l_lock, flags);
-+ if (kick_dc)
-+ ocfs2_wake_downconvert_thread(osb);
- out:
- /*
- * This is helping work around a lock inversion between the page lock
-diff --git a/include/crypto/hash.h b/include/crypto/hash.h
-index 3d69c93..6361892 100644
---- a/include/crypto/hash.h
-+++ b/include/crypto/hash.h
-@@ -204,6 +204,7 @@ struct crypto_ahash {
- unsigned int keylen);
-
- unsigned int reqsize;
-+ bool has_setkey;
- struct crypto_tfm base;
- };
-
-@@ -375,6 +376,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
- int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
- unsigned int keylen);
-
-+static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
-+{
-+ return tfm->has_setkey;
-+}
-+
- /**
- * crypto_ahash_finup() - update and finalize message digest
- * @req: reference to the ahash_request handle that holds all information
-diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
-index 018afb2..a2bfd78 100644
---- a/include/crypto/if_alg.h
-+++ b/include/crypto/if_alg.h
-@@ -30,6 +30,9 @@ struct alg_sock {
-
- struct sock *parent;
-
-+ unsigned int refcnt;
-+ unsigned int nokey_refcnt;
-+
- const struct af_alg_type *type;
- void *private;
- };
-@@ -50,9 +53,11 @@ struct af_alg_type {
- void (*release)(void *private);
- int (*setkey)(void *private, const u8 *key, unsigned int keylen);
- int (*accept)(void *private, struct sock *sk);
-+ int (*accept_nokey)(void *private, struct sock *sk);
- int (*setauthsize)(void *private, unsigned int authsize);
-
- struct proto_ops *ops;
-+ struct proto_ops *ops_nokey;
- struct module *owner;
- char name[14];
- };
-@@ -67,6 +72,7 @@ int af_alg_register_type(const struct af_alg_type *type);
- int af_alg_unregister_type(const struct af_alg_type *type);
-
- int af_alg_release(struct socket *sock);
-+void af_alg_release_parent(struct sock *sk);
- int af_alg_accept(struct sock *sk, struct socket *newsock);
-
- int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len);
-@@ -83,11 +89,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
- return (struct alg_sock *)sk;
- }
-
--static inline void af_alg_release_parent(struct sock *sk)
--{
-- sock_put(alg_sk(sk)->parent);
--}
--
- static inline void af_alg_init_completion(struct af_alg_completion *completion)
- {
- init_completion(&completion->completion);
-diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
-index d8dd41f..fd8742a 100644
---- a/include/crypto/skcipher.h
-+++ b/include/crypto/skcipher.h
-@@ -61,6 +61,8 @@ struct crypto_skcipher {
- unsigned int ivsize;
- unsigned int reqsize;
-
-+ bool has_setkey;
-+
- struct crypto_tfm base;
- };
-
-@@ -305,6 +307,11 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
- return tfm->setkey(tfm, key, keylen);
- }
-
-+static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm)
-+{
-+ return tfm->has_setkey;
-+}
-+
- /**
- * crypto_skcipher_reqtfm() - obtain cipher handle from request
- * @req: skcipher_request out of which the cipher handle is to be obtained
-diff --git a/include/linux/console.h b/include/linux/console.h
-index bd19434..ea731af 100644
---- a/include/linux/console.h
-+++ b/include/linux/console.h
-@@ -150,6 +150,7 @@ extern int console_trylock(void);
- extern void console_unlock(void);
- extern void console_conditional_schedule(void);
- extern void console_unblank(void);
-+extern void console_flush_on_panic(void);
- extern struct tty_driver *console_device(int *);
- extern void console_stop(struct console *);
- extern void console_start(struct console *);
-diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
-index 76dd4f0..2ead22d 100644
---- a/include/linux/hrtimer.h
-+++ b/include/linux/hrtimer.h
-@@ -87,7 +87,8 @@ enum hrtimer_restart {
- * @function: timer expiry callback function
- * @base: pointer to the timer base (per cpu and per clock)
- * @state: state information (See bit values above)
-- * @start_pid: timer statistics field to store the pid of the task which
-+ * @is_rel: Set if the timer was armed relative
-+ * @start_pid: timer statistics field to store the pid of the task which
- * started the timer
- * @start_site: timer statistics field to store the site where the timer
- * was started
-@@ -101,7 +102,8 @@ struct hrtimer {
- ktime_t _softexpires;
- enum hrtimer_restart (*function)(struct hrtimer *);
- struct hrtimer_clock_base *base;
-- unsigned long state;
-+ u8 state;
-+ u8 is_rel;
- #ifdef CONFIG_TIMER_STATS
- int start_pid;
- void *start_site;
-@@ -321,6 +323,27 @@ static inline void clock_was_set_delayed(void) { }
-
- #endif
-
-+static inline ktime_t
-+__hrtimer_expires_remaining_adjusted(const struct hrtimer *timer, ktime_t now)
-+{
-+ ktime_t rem = ktime_sub(timer->node.expires, now);
-+
-+ /*
-+ * Adjust relative timers for the extra we added in
-+ * hrtimer_start_range_ns() to prevent short timeouts.
-+ */
-+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && timer->is_rel)
-+ rem.tv64 -= hrtimer_resolution;
-+ return rem;
-+}
-+
-+static inline ktime_t
-+hrtimer_expires_remaining_adjusted(const struct hrtimer *timer)
-+{
-+ return __hrtimer_expires_remaining_adjusted(timer,
-+ timer->base->get_time());
-+}
-+
- extern void clock_was_set(void);
- #ifdef CONFIG_TIMERFD
- extern void timerfd_clock_was_set(void);
-@@ -390,7 +413,12 @@ static inline void hrtimer_restart(struct hrtimer *timer)
- }
-
- /* Query timers: */
--extern ktime_t hrtimer_get_remaining(const struct hrtimer *timer);
-+extern ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust);
-+
-+static inline ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
-+{
-+ return __hrtimer_get_remaining(timer, false);
-+}
-
- extern u64 hrtimer_get_next_event(void);
-
-diff --git a/include/linux/tty.h b/include/linux/tty.h
-index 5e31f1b..6b6e811 100644
---- a/include/linux/tty.h
-+++ b/include/linux/tty.h
-@@ -654,6 +654,7 @@ extern long vt_compat_ioctl(struct tty_struct *tty,
- /* tty_mutex.c */
- /* functions for preparation of BKL removal */
- extern void __lockfunc tty_lock(struct tty_struct *tty);
-+extern int tty_lock_interruptible(struct tty_struct *tty);
- extern void __lockfunc tty_unlock(struct tty_struct *tty);
- extern void __lockfunc tty_lock_slave(struct tty_struct *tty);
- extern void __lockfunc tty_unlock_slave(struct tty_struct *tty);
-diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h
-index f6cbef7..3b91ad5 100644
---- a/include/sound/rawmidi.h
-+++ b/include/sound/rawmidi.h
-@@ -167,6 +167,10 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
- int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count);
- int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
- unsigned char *buffer, int count);
-+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
-+ unsigned char *buffer, int count);
-+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream,
-+ int count);
-
- /* main midi functions */
-
-diff --git a/kernel/panic.c b/kernel/panic.c
-index 4b150bc..41e2b54 100644
---- a/kernel/panic.c
-+++ b/kernel/panic.c
-@@ -157,8 +157,7 @@ void panic(const char *fmt, ...)
- * panic() is not being callled from OOPS.
- */
- debug_locks_off();
-- console_trylock();
-- console_unlock();
-+ console_flush_on_panic();
-
- if (!panic_blink)
- panic_blink = no_blink;
-diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 2ce8826..c048e34 100644
---- a/kernel/printk/printk.c
-+++ b/kernel/printk/printk.c
-@@ -2233,13 +2233,24 @@ void console_unlock(void)
- static u64 seen_seq;
- unsigned long flags;
- bool wake_klogd = false;
-- bool retry;
-+ bool do_cond_resched, retry;
-
- if (console_suspended) {
- up_console_sem();
- return;
- }
-
-+ /*
-+ * Console drivers are called under logbuf_lock, so
-+ * @console_may_schedule should be cleared before; however, we may
-+ * end up dumping a lot of lines, for example, if called from
-+ * console registration path, and should invoke cond_resched()
-+ * between lines if allowable. Not doing so can cause a very long
-+ * scheduling stall on a slow console leading to RCU stall and
-+ * softlockup warnings which exacerbate the issue with more
-+ * messages practically incapacitating the system.
-+ */
-+ do_cond_resched = console_may_schedule;
- console_may_schedule = 0;
-
- /* flush buffered message fragment immediately to console */
-@@ -2311,6 +2322,9 @@ skip:
- call_console_drivers(level, ext_text, ext_len, text, len);
- start_critical_timings();
- local_irq_restore(flags);
-+
-+ if (do_cond_resched)
-+ cond_resched();
- }
- console_locked = 0;
-
-@@ -2378,6 +2392,25 @@ void console_unblank(void)
- console_unlock();
- }
-
-+/**
-+ * console_flush_on_panic - flush console content on panic
-+ *
-+ * Immediately output all pending messages no matter what.
-+ */
-+void console_flush_on_panic(void)
-+{
-+ /*
-+ * If someone else is holding the console lock, trylock will fail
-+ * and may_schedule may be set. Ignore and proceed to unlock so
-+ * that messages are flushed out. As this can be called from any
-+ * context and we don't want to get preempted while flushing,
-+ * ensure may_schedule is cleared.
-+ */
-+ console_trylock();
-+ console_may_schedule = 0;
-+ console_unlock();
-+}
-+
- /*
- * Return the console tty driver structure and its associated index
- */
-diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 732e993..eb70592 100644
---- a/kernel/sched/core.c
-+++ b/kernel/sched/core.c
-@@ -6738,7 +6738,7 @@ static void sched_init_numa(void)
-
- sched_domains_numa_masks[i][j] = mask;
-
-- for (k = 0; k < nr_node_ids; k++) {
-+ for_each_node(k) {
- if (node_distance(j, k) > sched_domains_numa_distance[i])
- continue;
-
-diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
-index 435b885..fa909f9 100644
---- a/kernel/time/hrtimer.c
-+++ b/kernel/time/hrtimer.c
-@@ -897,10 +897,10 @@ static int enqueue_hrtimer(struct hrtimer *timer,
- */
- static void __remove_hrtimer(struct hrtimer *timer,
- struct hrtimer_clock_base *base,
-- unsigned long newstate, int reprogram)
-+ u8 newstate, int reprogram)
- {
- struct hrtimer_cpu_base *cpu_base = base->cpu_base;
-- unsigned int state = timer->state;
-+ u8 state = timer->state;
-
- timer->state = newstate;
- if (!(state & HRTIMER_STATE_ENQUEUED))
-@@ -930,7 +930,7 @@ static inline int
- remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart)
- {
- if (hrtimer_is_queued(timer)) {
-- unsigned long state = timer->state;
-+ u8 state = timer->state;
- int reprogram;
-
- /*
-@@ -954,6 +954,22 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool rest
- return 0;
- }
-
-+static inline ktime_t hrtimer_update_lowres(struct hrtimer *timer, ktime_t tim,
-+ const enum hrtimer_mode mode)
-+{
-+#ifdef CONFIG_TIME_LOW_RES
-+ /*
-+ * CONFIG_TIME_LOW_RES indicates that the system has no way to return
-+ * granular time values. For relative timers we add hrtimer_resolution
-+ * (i.e. one jiffie) to prevent short timeouts.
-+ */
-+ timer->is_rel = mode & HRTIMER_MODE_REL;
-+ if (timer->is_rel)
-+ tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
-+#endif
-+ return tim;
-+}
-+
- /**
- * hrtimer_start_range_ns - (re)start an hrtimer on the current CPU
- * @timer: the timer to be added
-@@ -974,19 +990,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim,
- /* Remove an active timer from the queue: */
- remove_hrtimer(timer, base, true);
-
-- if (mode & HRTIMER_MODE_REL) {
-+ if (mode & HRTIMER_MODE_REL)
- tim = ktime_add_safe(tim, base->get_time());
-- /*
-- * CONFIG_TIME_LOW_RES is a temporary way for architectures
-- * to signal that they simply return xtime in
-- * do_gettimeoffset(). In this case we want to round up by
-- * resolution when starting a relative timer, to avoid short
-- * timeouts. This will go away with the GTOD framework.
-- */
--#ifdef CONFIG_TIME_LOW_RES
-- tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
--#endif
-- }
-+
-+ tim = hrtimer_update_lowres(timer, tim, mode);
-
- hrtimer_set_expires_range_ns(timer, tim, delta_ns);
-
-@@ -1074,19 +1081,23 @@ EXPORT_SYMBOL_GPL(hrtimer_cancel);
- /**
- * hrtimer_get_remaining - get remaining time for the timer
- * @timer: the timer to read
-+ * @adjust: adjust relative timers when CONFIG_TIME_LOW_RES=y
- */
--ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
-+ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust)
- {
- unsigned long flags;
- ktime_t rem;
-
- lock_hrtimer_base(timer, &flags);
-- rem = hrtimer_expires_remaining(timer);
-+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && adjust)
-+ rem = hrtimer_expires_remaining_adjusted(timer);
-+ else
-+ rem = hrtimer_expires_remaining(timer);
- unlock_hrtimer_base(timer, &flags);
-
- return rem;
- }
--EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
-+EXPORT_SYMBOL_GPL(__hrtimer_get_remaining);
-
- #ifdef CONFIG_NO_HZ_COMMON
- /**
-@@ -1220,6 +1231,14 @@ static void __run_hrtimer(struct hrtimer_cpu_base *cpu_base,
- fn = timer->function;
-
- /*
-+ * Clear the 'is relative' flag for the TIME_LOW_RES case. If the
-+ * timer is restarted with a period then it becomes an absolute
-+ * timer. If its not restarted it does not matter.
-+ */
-+ if (IS_ENABLED(CONFIG_TIME_LOW_RES))
-+ timer->is_rel = false;
-+
-+ /*
- * Because we run timers from hardirq context, there is no chance
- * they get migrated to another cpu, therefore its safe to unlock
- * the timer base.
-diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
-index f75e35b..ba7d8b2 100644
---- a/kernel/time/timer_list.c
-+++ b/kernel/time/timer_list.c
-@@ -69,7 +69,7 @@ print_timer(struct seq_file *m, struct hrtimer *taddr, struct hrtimer *timer,
- print_name_offset(m, taddr);
- SEQ_printf(m, ", ");
- print_name_offset(m, timer->function);
-- SEQ_printf(m, ", S:%02lx", timer->state);
-+ SEQ_printf(m, ", S:%02x", timer->state);
- #ifdef CONFIG_TIMER_STATS
- SEQ_printf(m, ", ");
- print_name_offset(m, timer->start_site);
-diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 87fb980..d929340 100644
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -1751,7 +1751,7 @@ void trace_buffer_unlock_commit_regs(struct trace_array *tr,
- {
- __buffer_unlock_commit(buffer, event);
-
-- ftrace_trace_stack(tr, buffer, flags, 6, pc, regs);
-+ ftrace_trace_stack(tr, buffer, flags, 0, pc, regs);
- ftrace_trace_userstack(buffer, flags, pc);
- }
- EXPORT_SYMBOL_GPL(trace_buffer_unlock_commit_regs);
-diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index dda9e67..202df6c 100644
---- a/kernel/trace/trace_stack.c
-+++ b/kernel/trace/trace_stack.c
-@@ -126,6 +126,13 @@ check_stack(unsigned long ip, unsigned long *stack)
- }
-
- /*
-+ * Some archs may not have the passed in ip in the dump.
-+ * If that happens, we need to show everything.
-+ */
-+ if (i == stack_trace_max.nr_entries)
-+ i = 0;
-+
-+ /*
- * Now find where in the stack these are.
- */
- x = 0;
-diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
-index 6a08ce7..acf9da4 100644
---- a/lib/libcrc32c.c
-+++ b/lib/libcrc32c.c
-@@ -74,3 +74,4 @@ module_exit(libcrc32c_mod_fini);
- MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
- MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
- MODULE_LICENSE("GPL");
-+MODULE_SOFTDEP("pre: crc32c");
-diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 7340353..cbe6f0b 100644
---- a/mm/backing-dev.c
-+++ b/mm/backing-dev.c
-@@ -989,7 +989,7 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout)
- * here rather than calling cond_resched().
- */
- if (current->flags & PF_WQ_WORKER)
-- schedule_timeout(1);
-+ schedule_timeout_uninterruptible(1);
- else
- cond_resched();
-
-diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
-index 9f15bdd..fc08399 100644
---- a/mm/zsmalloc.c
-+++ b/mm/zsmalloc.c
-@@ -309,7 +309,12 @@ static void free_handle(struct zs_pool *pool, unsigned long handle)
-
- static void record_obj(unsigned long handle, unsigned long obj)
- {
-- *(unsigned long *)handle = obj;
-+ /*
-+ * lsb of @obj represents handle lock while other bits
-+ * represent object value the handle is pointing so
-+ * updating shouldn't do store tearing.
-+ */
-+ WRITE_ONCE(*(unsigned long *)handle, obj);
- }
-
- /* zpool driver */
-@@ -1635,6 +1640,13 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class,
- free_obj = obj_malloc(d_page, class, handle);
- zs_object_copy(free_obj, used_obj, class);
- index++;
-+ /*
-+ * record_obj updates handle's value to free_obj and it will
-+ * invalidate lock bit(ie, HANDLE_PIN_BIT) of handle, which
-+ * breaks synchronization using pin_tag(e,g, zs_free) so
-+ * let's keep the lock bit.
-+ */
-+ free_obj |= BIT(HANDLE_PIN_BIT);
- record_obj(handle, free_obj);
- unpin_tag(handle);
- obj_free(pool, class, used_obj);
-diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
-index 1334e02..3d145a3 100644
---- a/security/integrity/evm/evm_main.c
-+++ b/security/integrity/evm/evm_main.c
-@@ -23,6 +23,7 @@
- #include <linux/integrity.h>
- #include <linux/evm.h>
- #include <crypto/hash.h>
-+#include <crypto/algapi.h>
- #include "evm.h"
-
- int evm_initialized;
-@@ -148,7 +149,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
- xattr_value_len, calc.digest);
- if (rc)
- break;
-- rc = memcmp(xattr_data->digest, calc.digest,
-+ rc = crypto_memneq(xattr_data->digest, calc.digest,
- sizeof(calc.digest));
- if (rc)
- rc = -EINVAL;
-diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
-index b123c42..b554d7f 100644
---- a/sound/core/compress_offload.c
-+++ b/sound/core/compress_offload.c
-@@ -44,6 +44,13 @@
- #include <sound/compress_offload.h>
- #include <sound/compress_driver.h>
-
-+/* struct snd_compr_codec_caps overflows the ioctl bit size for some
-+ * architectures, so we need to disable the relevant ioctls.
-+ */
-+#if _IOC_SIZEBITS < 14
-+#define COMPR_CODEC_CAPS_OVERFLOW
-+#endif
-+
- /* TODO:
- * - add substream support for multiple devices in case of
- * SND_DYNAMIC_MINORS is not used
-@@ -438,6 +445,7 @@ out:
- return retval;
- }
-
-+#ifndef COMPR_CODEC_CAPS_OVERFLOW
- static int
- snd_compr_get_codec_caps(struct snd_compr_stream *stream, unsigned long arg)
- {
-@@ -461,6 +469,7 @@ out:
- kfree(caps);
- return retval;
- }
-+#endif /* !COMPR_CODEC_CAPS_OVERFLOW */
-
- /* revisit this with snd_pcm_preallocate_xxx */
- static int snd_compr_allocate_buffer(struct snd_compr_stream *stream,
-@@ -799,9 +808,11 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
- case _IOC_NR(SNDRV_COMPRESS_GET_CAPS):
- retval = snd_compr_get_caps(stream, arg);
- break;
-+#ifndef COMPR_CODEC_CAPS_OVERFLOW
- case _IOC_NR(SNDRV_COMPRESS_GET_CODEC_CAPS):
- retval = snd_compr_get_codec_caps(stream, arg);
- break;
-+#endif
- case _IOC_NR(SNDRV_COMPRESS_SET_PARAMS):
- retval = snd_compr_set_params(stream, arg);
- break;
-diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
-index 58550cc..33e72c8 100644
---- a/sound/core/oss/pcm_oss.c
-+++ b/sound/core/oss/pcm_oss.c
-@@ -834,7 +834,8 @@ static int choose_rate(struct snd_pcm_substream *substream,
- return snd_pcm_hw_param_near(substream, params, SNDRV_PCM_HW_PARAM_RATE, best_rate, NULL);
- }
-
--static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
-+static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream,
-+ bool trylock)
- {
- struct snd_pcm_runtime *runtime = substream->runtime;
- struct snd_pcm_hw_params *params, *sparams;
-@@ -848,7 +849,10 @@ static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
- struct snd_mask sformat_mask;
- struct snd_mask mask;
-
-- if (mutex_lock_interruptible(&runtime->oss.params_lock))
-+ if (trylock) {
-+ if (!(mutex_trylock(&runtime->oss.params_lock)))
-+ return -EAGAIN;
-+ } else if (mutex_lock_interruptible(&runtime->oss.params_lock))
- return -EINTR;
- sw_params = kmalloc(sizeof(*sw_params), GFP_KERNEL);
- params = kmalloc(sizeof(*params), GFP_KERNEL);
-@@ -1092,7 +1096,7 @@ static int snd_pcm_oss_get_active_substream(struct snd_pcm_oss_file *pcm_oss_fil
- if (asubstream == NULL)
- asubstream = substream;
- if (substream->runtime->oss.params) {
-- err = snd_pcm_oss_change_params(substream);
-+ err = snd_pcm_oss_change_params(substream, false);
- if (err < 0)
- return err;
- }
-@@ -1132,7 +1136,7 @@ static int snd_pcm_oss_make_ready(struct snd_pcm_substream *substream)
- return 0;
- runtime = substream->runtime;
- if (runtime->oss.params) {
-- err = snd_pcm_oss_change_params(substream);
-+ err = snd_pcm_oss_change_params(substream, false);
- if (err < 0)
- return err;
- }
-@@ -2163,7 +2167,7 @@ static int snd_pcm_oss_get_space(struct snd_pcm_oss_file *pcm_oss_file, int stre
- runtime = substream->runtime;
-
- if (runtime->oss.params &&
-- (err = snd_pcm_oss_change_params(substream)) < 0)
-+ (err = snd_pcm_oss_change_params(substream, false)) < 0)
- return err;
-
- info.fragsize = runtime->oss.period_bytes;
-@@ -2800,7 +2804,12 @@ static int snd_pcm_oss_mmap(struct file *file, struct vm_area_struct *area)
- return -EIO;
-
- if (runtime->oss.params) {
-- if ((err = snd_pcm_oss_change_params(substream)) < 0)
-+ /* use mutex_trylock() for params_lock for avoiding a deadlock
-+ * between mmap_sem and params_lock taken by
-+ * copy_from/to_user() in snd_pcm_oss_write/read()
-+ */
-+ err = snd_pcm_oss_change_params(substream, true);
-+ if (err < 0)
- return err;
- }
- #ifdef CONFIG_SND_PCM_OSS_PLUGINS
-diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
-index a775984..795437b 100644
---- a/sound/core/rawmidi.c
-+++ b/sound/core/rawmidi.c
-@@ -942,31 +942,36 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream,
- unsigned long flags;
- long result = 0, count1;
- struct snd_rawmidi_runtime *runtime = substream->runtime;
-+ unsigned long appl_ptr;
-
-+ spin_lock_irqsave(&runtime->lock, flags);
- while (count > 0 && runtime->avail) {
- count1 = runtime->buffer_size - runtime->appl_ptr;
- if (count1 > count)
- count1 = count;
-- spin_lock_irqsave(&runtime->lock, flags);
- if (count1 > (int)runtime->avail)
- count1 = runtime->avail;
-+
-+ /* update runtime->appl_ptr before unlocking for userbuf */
-+ appl_ptr = runtime->appl_ptr;
-+ runtime->appl_ptr += count1;
-+ runtime->appl_ptr %= runtime->buffer_size;
-+ runtime->avail -= count1;
-+
- if (kernelbuf)
-- memcpy(kernelbuf + result, runtime->buffer + runtime->appl_ptr, count1);
-+ memcpy(kernelbuf + result, runtime->buffer + appl_ptr, count1);
- if (userbuf) {
- spin_unlock_irqrestore(&runtime->lock, flags);
- if (copy_to_user(userbuf + result,
-- runtime->buffer + runtime->appl_ptr, count1)) {
-+ runtime->buffer + appl_ptr, count1)) {
- return result > 0 ? result : -EFAULT;
- }
- spin_lock_irqsave(&runtime->lock, flags);
- }
-- runtime->appl_ptr += count1;
-- runtime->appl_ptr %= runtime->buffer_size;
-- runtime->avail -= count1;
-- spin_unlock_irqrestore(&runtime->lock, flags);
- result += count1;
- count -= count1;
- }
-+ spin_unlock_irqrestore(&runtime->lock, flags);
- return result;
- }
-
-@@ -1055,23 +1060,16 @@ int snd_rawmidi_transmit_empty(struct snd_rawmidi_substream *substream)
- EXPORT_SYMBOL(snd_rawmidi_transmit_empty);
-
- /**
-- * snd_rawmidi_transmit_peek - copy data from the internal buffer
-+ * __snd_rawmidi_transmit_peek - copy data from the internal buffer
- * @substream: the rawmidi substream
- * @buffer: the buffer pointer
- * @count: data size to transfer
- *
-- * Copies data from the internal output buffer to the given buffer.
-- *
-- * Call this in the interrupt handler when the midi output is ready,
-- * and call snd_rawmidi_transmit_ack() after the transmission is
-- * finished.
-- *
-- * Return: The size of copied data, or a negative error code on failure.
-+ * This is a variant of snd_rawmidi_transmit_peek() without spinlock.
- */
--int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
-+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
- unsigned char *buffer, int count)
- {
-- unsigned long flags;
- int result, count1;
- struct snd_rawmidi_runtime *runtime = substream->runtime;
-
-@@ -1081,7 +1079,6 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
- return -EINVAL;
- }
- result = 0;
-- spin_lock_irqsave(&runtime->lock, flags);
- if (runtime->avail >= runtime->buffer_size) {
- /* warning: lowlevel layer MUST trigger down the hardware */
- goto __skip;
-@@ -1106,25 +1103,47 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
- }
- }
- __skip:
-+ return result;
-+}
-+EXPORT_SYMBOL(__snd_rawmidi_transmit_peek);
-+
-+/**
-+ * snd_rawmidi_transmit_peek - copy data from the internal buffer
-+ * @substream: the rawmidi substream
-+ * @buffer: the buffer pointer
-+ * @count: data size to transfer
-+ *
-+ * Copies data from the internal output buffer to the given buffer.
-+ *
-+ * Call this in the interrupt handler when the midi output is ready,
-+ * and call snd_rawmidi_transmit_ack() after the transmission is
-+ * finished.
-+ *
-+ * Return: The size of copied data, or a negative error code on failure.
-+ */
-+int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
-+ unsigned char *buffer, int count)
-+{
-+ struct snd_rawmidi_runtime *runtime = substream->runtime;
-+ int result;
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&runtime->lock, flags);
-+ result = __snd_rawmidi_transmit_peek(substream, buffer, count);
- spin_unlock_irqrestore(&runtime->lock, flags);
- return result;
- }
- EXPORT_SYMBOL(snd_rawmidi_transmit_peek);
-
- /**
-- * snd_rawmidi_transmit_ack - acknowledge the transmission
-+ * __snd_rawmidi_transmit_ack - acknowledge the transmission
- * @substream: the rawmidi substream
- * @count: the transferred count
- *
-- * Advances the hardware pointer for the internal output buffer with
-- * the given size and updates the condition.
-- * Call after the transmission is finished.
-- *
-- * Return: The advanced size if successful, or a negative error code on failure.
-+ * This is a variant of __snd_rawmidi_transmit_ack() without spinlock.
- */
--int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
-+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
- {
-- unsigned long flags;
- struct snd_rawmidi_runtime *runtime = substream->runtime;
-
- if (runtime->buffer == NULL) {
-@@ -1132,7 +1151,6 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
- "snd_rawmidi_transmit_ack: output is not active!!!\n");
- return -EINVAL;
- }
-- spin_lock_irqsave(&runtime->lock, flags);
- snd_BUG_ON(runtime->avail + count > runtime->buffer_size);
- runtime->hw_ptr += count;
- runtime->hw_ptr %= runtime->buffer_size;
-@@ -1142,9 +1160,32 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
- if (runtime->drain || snd_rawmidi_ready(substream))
- wake_up(&runtime->sleep);
- }
-- spin_unlock_irqrestore(&runtime->lock, flags);
- return count;
- }
-+EXPORT_SYMBOL(__snd_rawmidi_transmit_ack);
-+
-+/**
-+ * snd_rawmidi_transmit_ack - acknowledge the transmission
-+ * @substream: the rawmidi substream
-+ * @count: the transferred count
-+ *
-+ * Advances the hardware pointer for the internal output buffer with
-+ * the given size and updates the condition.
-+ * Call after the transmission is finished.
-+ *
-+ * Return: The advanced size if successful, or a negative error code on failure.
-+ */
-+int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
-+{
-+ struct snd_rawmidi_runtime *runtime = substream->runtime;
-+ int result;
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&runtime->lock, flags);
-+ result = __snd_rawmidi_transmit_ack(substream, count);
-+ spin_unlock_irqrestore(&runtime->lock, flags);
-+ return result;
-+}
- EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
-
- /**
-@@ -1160,12 +1201,22 @@ EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
- int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
- unsigned char *buffer, int count)
- {
-+ struct snd_rawmidi_runtime *runtime = substream->runtime;
-+ int result;
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&runtime->lock, flags);
- if (!substream->opened)
-- return -EBADFD;
-- count = snd_rawmidi_transmit_peek(substream, buffer, count);
-- if (count < 0)
-- return count;
-- return snd_rawmidi_transmit_ack(substream, count);
-+ result = -EBADFD;
-+ else {
-+ count = __snd_rawmidi_transmit_peek(substream, buffer, count);
-+ if (count <= 0)
-+ result = count;
-+ else
-+ result = __snd_rawmidi_transmit_ack(substream, count);
-+ }
-+ spin_unlock_irqrestore(&runtime->lock, flags);
-+ return result;
- }
- EXPORT_SYMBOL(snd_rawmidi_transmit);
-
-@@ -1177,8 +1228,9 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
- unsigned long flags;
- long count1, result;
- struct snd_rawmidi_runtime *runtime = substream->runtime;
-+ unsigned long appl_ptr;
-
-- if (snd_BUG_ON(!kernelbuf && !userbuf))
-+ if (!kernelbuf && !userbuf)
- return -EINVAL;
- if (snd_BUG_ON(!runtime->buffer))
- return -EINVAL;
-@@ -1197,12 +1249,19 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
- count1 = count;
- if (count1 > (long)runtime->avail)
- count1 = runtime->avail;
-+
-+ /* update runtime->appl_ptr before unlocking for userbuf */
-+ appl_ptr = runtime->appl_ptr;
-+ runtime->appl_ptr += count1;
-+ runtime->appl_ptr %= runtime->buffer_size;
-+ runtime->avail -= count1;
-+
- if (kernelbuf)
-- memcpy(runtime->buffer + runtime->appl_ptr,
-+ memcpy(runtime->buffer + appl_ptr,
- kernelbuf + result, count1);
- else if (userbuf) {
- spin_unlock_irqrestore(&runtime->lock, flags);
-- if (copy_from_user(runtime->buffer + runtime->appl_ptr,
-+ if (copy_from_user(runtime->buffer + appl_ptr,
- userbuf + result, count1)) {
- spin_lock_irqsave(&runtime->lock, flags);
- result = result > 0 ? result : -EFAULT;
-@@ -1210,9 +1269,6 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
- }
- spin_lock_irqsave(&runtime->lock, flags);
- }
-- runtime->appl_ptr += count1;
-- runtime->appl_ptr %= runtime->buffer_size;
-- runtime->avail -= count1;
- result += count1;
- count -= count1;
- }
-diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c
-index b1221b2..6779e82b 100644
---- a/sound/core/seq/oss/seq_oss_init.c
-+++ b/sound/core/seq/oss/seq_oss_init.c
-@@ -202,7 +202,7 @@ snd_seq_oss_open(struct file *file, int level)
-
- dp->index = i;
- if (i >= SNDRV_SEQ_OSS_MAX_CLIENTS) {
-- pr_err("ALSA: seq_oss: too many applications\n");
-+ pr_debug("ALSA: seq_oss: too many applications\n");
- rc = -ENOMEM;
- goto _error;
- }
-diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
-index 0f3b381..b16dbef 100644
---- a/sound/core/seq/oss/seq_oss_synth.c
-+++ b/sound/core/seq/oss/seq_oss_synth.c
-@@ -308,7 +308,7 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp)
- struct seq_oss_synth *rec;
- struct seq_oss_synthinfo *info;
-
-- if (snd_BUG_ON(dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
-+ if (snd_BUG_ON(dp->max_synthdev > SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
- return;
- for (i = 0; i < dp->max_synthdev; i++) {
- info = &dp->synths[i];
-diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
-index 13cfa81..58e79e0 100644
---- a/sound/core/seq/seq_clientmgr.c
-+++ b/sound/core/seq/seq_clientmgr.c
-@@ -678,6 +678,9 @@ static int deliver_to_subscribers(struct snd_seq_client *client,
- else
- down_read(&grp->list_mutex);
- list_for_each_entry(subs, &grp->list_head, src_list) {
-+ /* both ports ready? */
-+ if (atomic_read(&subs->ref_count) != 2)
-+ continue;
- event->dest = subs->info.dest;
- if (subs->info.flags & SNDRV_SEQ_PORT_SUBS_TIMESTAMP)
- /* convert time according to flag with subscription */
-diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c
-index 55170a2..921fb2b 100644
---- a/sound/core/seq/seq_ports.c
-+++ b/sound/core/seq/seq_ports.c
-@@ -173,10 +173,6 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client,
- }
-
- /* */
--enum group_type {
-- SRC_LIST, DEST_LIST
--};
--
- static int subscribe_port(struct snd_seq_client *client,
- struct snd_seq_client_port *port,
- struct snd_seq_port_subs_info *grp,
-@@ -203,6 +199,20 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
- return NULL;
- }
-
-+static void delete_and_unsubscribe_port(struct snd_seq_client *client,
-+ struct snd_seq_client_port *port,
-+ struct snd_seq_subscribers *subs,
-+ bool is_src, bool ack);
-+
-+static inline struct snd_seq_subscribers *
-+get_subscriber(struct list_head *p, bool is_src)
-+{
-+ if (is_src)
-+ return list_entry(p, struct snd_seq_subscribers, src_list);
-+ else
-+ return list_entry(p, struct snd_seq_subscribers, dest_list);
-+}
-+
- /*
- * remove all subscribers on the list
- * this is called from port_delete, for each src and dest list.
-@@ -210,7 +220,7 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
- static void clear_subscriber_list(struct snd_seq_client *client,
- struct snd_seq_client_port *port,
- struct snd_seq_port_subs_info *grp,
-- int grptype)
-+ int is_src)
- {
- struct list_head *p, *n;
-
-@@ -219,15 +229,13 @@ static void clear_subscriber_list(struct snd_seq_client *client,
- struct snd_seq_client *c;
- struct snd_seq_client_port *aport;
-
-- if (grptype == SRC_LIST) {
-- subs = list_entry(p, struct snd_seq_subscribers, src_list);
-+ subs = get_subscriber(p, is_src);
-+ if (is_src)
- aport = get_client_port(&subs->info.dest, &c);
-- } else {
-- subs = list_entry(p, struct snd_seq_subscribers, dest_list);
-+ else
- aport = get_client_port(&subs->info.sender, &c);
-- }
-- list_del(p);
-- unsubscribe_port(client, port, grp, &subs->info, 0);
-+ delete_and_unsubscribe_port(client, port, subs, is_src, false);
-+
- if (!aport) {
- /* looks like the connected port is being deleted.
- * we decrease the counter, and when both ports are deleted
-@@ -235,21 +243,14 @@ static void clear_subscriber_list(struct snd_seq_client *client,
- */
- if (atomic_dec_and_test(&subs->ref_count))
- kfree(subs);
-- } else {
-- /* ok we got the connected port */
-- struct snd_seq_port_subs_info *agrp;
-- agrp = (grptype == SRC_LIST) ? &aport->c_dest : &aport->c_src;
-- down_write(&agrp->list_mutex);
-- if (grptype == SRC_LIST)
-- list_del(&subs->dest_list);
-- else
-- list_del(&subs->src_list);
-- up_write(&agrp->list_mutex);
-- unsubscribe_port(c, aport, agrp, &subs->info, 1);
-- kfree(subs);
-- snd_seq_port_unlock(aport);
-- snd_seq_client_unlock(c);
-+ continue;
- }
-+
-+ /* ok we got the connected port */
-+ delete_and_unsubscribe_port(c, aport, subs, !is_src, true);
-+ kfree(subs);
-+ snd_seq_port_unlock(aport);
-+ snd_seq_client_unlock(c);
- }
- }
-
-@@ -262,8 +263,8 @@ static int port_delete(struct snd_seq_client *client,
- snd_use_lock_sync(&port->use_lock);
-
- /* clear subscribers info */
-- clear_subscriber_list(client, port, &port->c_src, SRC_LIST);
-- clear_subscriber_list(client, port, &port->c_dest, DEST_LIST);
-+ clear_subscriber_list(client, port, &port->c_src, true);
-+ clear_subscriber_list(client, port, &port->c_dest, false);
-
- if (port->private_free)
- port->private_free(port->private_data);
-@@ -479,85 +480,120 @@ static int match_subs_info(struct snd_seq_port_subscribe *r,
- return 0;
- }
-
--
--/* connect two ports */
--int snd_seq_port_connect(struct snd_seq_client *connector,
-- struct snd_seq_client *src_client,
-- struct snd_seq_client_port *src_port,
-- struct snd_seq_client *dest_client,
-- struct snd_seq_client_port *dest_port,
-- struct snd_seq_port_subscribe *info)
-+static int check_and_subscribe_port(struct snd_seq_client *client,
-+ struct snd_seq_client_port *port,
-+ struct snd_seq_subscribers *subs,
-+ bool is_src, bool exclusive, bool ack)
- {
-- struct snd_seq_port_subs_info *src = &src_port->c_src;
-- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
-- struct snd_seq_subscribers *subs, *s;
-- int err, src_called = 0;
-- unsigned long flags;
-- int exclusive;
-+ struct snd_seq_port_subs_info *grp;
-+ struct list_head *p;
-+ struct snd_seq_subscribers *s;
-+ int err;
-
-- subs = kzalloc(sizeof(*subs), GFP_KERNEL);
-- if (! subs)
-- return -ENOMEM;
--
-- subs->info = *info;
-- atomic_set(&subs->ref_count, 2);
--
-- down_write(&src->list_mutex);
-- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
--
-- exclusive = info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE ? 1 : 0;
-+ grp = is_src ? &port->c_src : &port->c_dest;
- err = -EBUSY;
-+ down_write(&grp->list_mutex);
- if (exclusive) {
-- if (! list_empty(&src->list_head) || ! list_empty(&dest->list_head))
-+ if (!list_empty(&grp->list_head))
- goto __error;
- } else {
-- if (src->exclusive || dest->exclusive)
-+ if (grp->exclusive)
- goto __error;
- /* check whether already exists */
-- list_for_each_entry(s, &src->list_head, src_list) {
-- if (match_subs_info(info, &s->info))
-- goto __error;
-- }
-- list_for_each_entry(s, &dest->list_head, dest_list) {
-- if (match_subs_info(info, &s->info))
-+ list_for_each(p, &grp->list_head) {
-+ s = get_subscriber(p, is_src);
-+ if (match_subs_info(&subs->info, &s->info))
- goto __error;
- }
- }
-
-- if ((err = subscribe_port(src_client, src_port, src, info,
-- connector->number != src_client->number)) < 0)
-- goto __error;
-- src_called = 1;
--
-- if ((err = subscribe_port(dest_client, dest_port, dest, info,
-- connector->number != dest_client->number)) < 0)
-+ err = subscribe_port(client, port, grp, &subs->info, ack);
-+ if (err < 0) {
-+ grp->exclusive = 0;
- goto __error;
-+ }
-
- /* add to list */
-- write_lock_irqsave(&src->list_lock, flags);
-- // write_lock(&dest->list_lock); // no other lock yet
-- list_add_tail(&subs->src_list, &src->list_head);
-- list_add_tail(&subs->dest_list, &dest->list_head);
-- // write_unlock(&dest->list_lock); // no other lock yet
-- write_unlock_irqrestore(&src->list_lock, flags);
-+ write_lock_irq(&grp->list_lock);
-+ if (is_src)
-+ list_add_tail(&subs->src_list, &grp->list_head);
-+ else
-+ list_add_tail(&subs->dest_list, &grp->list_head);
-+ grp->exclusive = exclusive;
-+ atomic_inc(&subs->ref_count);
-+ write_unlock_irq(&grp->list_lock);
-+ err = 0;
-+
-+ __error:
-+ up_write(&grp->list_mutex);
-+ return err;
-+}
-
-- src->exclusive = dest->exclusive = exclusive;
-+static void delete_and_unsubscribe_port(struct snd_seq_client *client,
-+ struct snd_seq_client_port *port,
-+ struct snd_seq_subscribers *subs,
-+ bool is_src, bool ack)
-+{
-+ struct snd_seq_port_subs_info *grp;
-+
-+ grp = is_src ? &port->c_src : &port->c_dest;
-+ down_write(&grp->list_mutex);
-+ write_lock_irq(&grp->list_lock);
-+ if (is_src)
-+ list_del(&subs->src_list);
-+ else
-+ list_del(&subs->dest_list);
-+ grp->exclusive = 0;
-+ write_unlock_irq(&grp->list_lock);
-+ up_write(&grp->list_mutex);
-+
-+ unsubscribe_port(client, port, grp, &subs->info, ack);
-+}
-+
-+/* connect two ports */
-+int snd_seq_port_connect(struct snd_seq_client *connector,
-+ struct snd_seq_client *src_client,
-+ struct snd_seq_client_port *src_port,
-+ struct snd_seq_client *dest_client,
-+ struct snd_seq_client_port *dest_port,
-+ struct snd_seq_port_subscribe *info)
-+{
-+ struct snd_seq_subscribers *subs;
-+ bool exclusive;
-+ int err;
-+
-+ subs = kzalloc(sizeof(*subs), GFP_KERNEL);
-+ if (!subs)
-+ return -ENOMEM;
-+
-+ subs->info = *info;
-+ atomic_set(&subs->ref_count, 0);
-+ INIT_LIST_HEAD(&subs->src_list);
-+ INIT_LIST_HEAD(&subs->dest_list);
-+
-+ exclusive = !!(info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE);
-+
-+ err = check_and_subscribe_port(src_client, src_port, subs, true,
-+ exclusive,
-+ connector->number != src_client->number);
-+ if (err < 0)
-+ goto error;
-+ err = check_and_subscribe_port(dest_client, dest_port, subs, false,
-+ exclusive,
-+ connector->number != dest_client->number);
-+ if (err < 0)
-+ goto error_dest;
-
-- up_write(&dest->list_mutex);
-- up_write(&src->list_mutex);
- return 0;
-
-- __error:
-- if (src_called)
-- unsubscribe_port(src_client, src_port, src, info,
-- connector->number != src_client->number);
-+ error_dest:
-+ delete_and_unsubscribe_port(src_client, src_port, subs, true,
-+ connector->number != src_client->number);
-+ error:
- kfree(subs);
-- up_write(&dest->list_mutex);
-- up_write(&src->list_mutex);
- return err;
- }
-
--
- /* remove the connection */
- int snd_seq_port_disconnect(struct snd_seq_client *connector,
- struct snd_seq_client *src_client,
-@@ -567,37 +603,28 @@ int snd_seq_port_disconnect(struct snd_seq_client *connector,
- struct snd_seq_port_subscribe *info)
- {
- struct snd_seq_port_subs_info *src = &src_port->c_src;
-- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
- struct snd_seq_subscribers *subs;
- int err = -ENOENT;
-- unsigned long flags;
-
- down_write(&src->list_mutex);
-- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
--
- /* look for the connection */
- list_for_each_entry(subs, &src->list_head, src_list) {
- if (match_subs_info(info, &subs->info)) {
-- write_lock_irqsave(&src->list_lock, flags);
-- // write_lock(&dest->list_lock); // no lock yet
-- list_del(&subs->src_list);
-- list_del(&subs->dest_list);
-- // write_unlock(&dest->list_lock);
-- write_unlock_irqrestore(&src->list_lock, flags);
-- src->exclusive = dest->exclusive = 0;
-- unsubscribe_port(src_client, src_port, src, info,
-- connector->number != src_client->number);
-- unsubscribe_port(dest_client, dest_port, dest, info,
-- connector->number != dest_client->number);
-- kfree(subs);
-+ atomic_dec(&subs->ref_count); /* mark as not ready */
- err = 0;
- break;
- }
- }
--
-- up_write(&dest->list_mutex);
- up_write(&src->list_mutex);
-- return err;
-+ if (err < 0)
-+ return err;
-+
-+ delete_and_unsubscribe_port(src_client, src_port, subs, true,
-+ connector->number != src_client->number);
-+ delete_and_unsubscribe_port(dest_client, dest_port, subs, false,
-+ connector->number != dest_client->number);
-+ kfree(subs);
-+ return 0;
- }
-
-
-diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c
-index 82b220c..2931049 100644
---- a/sound/core/seq/seq_timer.c
-+++ b/sound/core/seq/seq_timer.c
-@@ -90,6 +90,9 @@ void snd_seq_timer_delete(struct snd_seq_timer **tmr)
-
- void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
- {
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&tmr->lock, flags);
- /* setup defaults */
- tmr->ppq = 96; /* 96 PPQ */
- tmr->tempo = 500000; /* 120 BPM */
-@@ -105,21 +108,25 @@ void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
- tmr->preferred_resolution = seq_default_timer_resolution;
-
- tmr->skew = tmr->skew_base = SKEW_BASE;
-+ spin_unlock_irqrestore(&tmr->lock, flags);
- }
-
--void snd_seq_timer_reset(struct snd_seq_timer * tmr)
-+static void seq_timer_reset(struct snd_seq_timer *tmr)
- {
-- unsigned long flags;
--
-- spin_lock_irqsave(&tmr->lock, flags);
--
- /* reset time & songposition */
- tmr->cur_time.tv_sec = 0;
- tmr->cur_time.tv_nsec = 0;
-
- tmr->tick.cur_tick = 0;
- tmr->tick.fraction = 0;
-+}
-+
-+void snd_seq_timer_reset(struct snd_seq_timer *tmr)
-+{
-+ unsigned long flags;
-
-+ spin_lock_irqsave(&tmr->lock, flags);
-+ seq_timer_reset(tmr);
- spin_unlock_irqrestore(&tmr->lock, flags);
- }
-
-@@ -138,8 +145,11 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
- tmr = q->timer;
- if (tmr == NULL)
- return;
-- if (!tmr->running)
-+ spin_lock_irqsave(&tmr->lock, flags);
-+ if (!tmr->running) {
-+ spin_unlock_irqrestore(&tmr->lock, flags);
- return;
-+ }
-
- resolution *= ticks;
- if (tmr->skew != tmr->skew_base) {
-@@ -148,8 +158,6 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
- (((resolution & 0xffff) * tmr->skew) >> 16);
- }
-
-- spin_lock_irqsave(&tmr->lock, flags);
--
- /* update timer */
- snd_seq_inc_time_nsec(&tmr->cur_time, resolution);
-
-@@ -296,26 +304,30 @@ int snd_seq_timer_open(struct snd_seq_queue *q)
- t->callback = snd_seq_timer_interrupt;
- t->callback_data = q;
- t->flags |= SNDRV_TIMER_IFLG_AUTO;
-+ spin_lock_irq(&tmr->lock);
- tmr->timeri = t;
-+ spin_unlock_irq(&tmr->lock);
- return 0;
- }
-
- int snd_seq_timer_close(struct snd_seq_queue *q)
- {
- struct snd_seq_timer *tmr;
-+ struct snd_timer_instance *t;
-
- tmr = q->timer;
- if (snd_BUG_ON(!tmr))
- return -EINVAL;
-- if (tmr->timeri) {
-- snd_timer_stop(tmr->timeri);
-- snd_timer_close(tmr->timeri);
-- tmr->timeri = NULL;
-- }
-+ spin_lock_irq(&tmr->lock);
-+ t = tmr->timeri;
-+ tmr->timeri = NULL;
-+ spin_unlock_irq(&tmr->lock);
-+ if (t)
-+ snd_timer_close(t);
- return 0;
- }
-
--int snd_seq_timer_stop(struct snd_seq_timer * tmr)
-+static int seq_timer_stop(struct snd_seq_timer *tmr)
- {
- if (! tmr->timeri)
- return -EINVAL;
-@@ -326,6 +338,17 @@ int snd_seq_timer_stop(struct snd_seq_timer * tmr)
- return 0;
- }
-
-+int snd_seq_timer_stop(struct snd_seq_timer *tmr)
-+{
-+ unsigned long flags;
-+ int err;
-+
-+ spin_lock_irqsave(&tmr->lock, flags);
-+ err = seq_timer_stop(tmr);
-+ spin_unlock_irqrestore(&tmr->lock, flags);
-+ return err;
-+}
-+
- static int initialize_timer(struct snd_seq_timer *tmr)
- {
- struct snd_timer *t;
-@@ -358,13 +381,13 @@ static int initialize_timer(struct snd_seq_timer *tmr)
- return 0;
- }
-
--int snd_seq_timer_start(struct snd_seq_timer * tmr)
-+static int seq_timer_start(struct snd_seq_timer *tmr)
- {
- if (! tmr->timeri)
- return -EINVAL;
- if (tmr->running)
-- snd_seq_timer_stop(tmr);
-- snd_seq_timer_reset(tmr);
-+ seq_timer_stop(tmr);
-+ seq_timer_reset(tmr);
- if (initialize_timer(tmr) < 0)
- return -EINVAL;
- snd_timer_start(tmr->timeri, tmr->ticks);
-@@ -373,14 +396,25 @@ int snd_seq_timer_start(struct snd_seq_timer * tmr)
- return 0;
- }
-
--int snd_seq_timer_continue(struct snd_seq_timer * tmr)
-+int snd_seq_timer_start(struct snd_seq_timer *tmr)
-+{
-+ unsigned long flags;
-+ int err;
-+
-+ spin_lock_irqsave(&tmr->lock, flags);
-+ err = seq_timer_start(tmr);
-+ spin_unlock_irqrestore(&tmr->lock, flags);
-+ return err;
-+}
-+
-+static int seq_timer_continue(struct snd_seq_timer *tmr)
- {
- if (! tmr->timeri)
- return -EINVAL;
- if (tmr->running)
- return -EBUSY;
- if (! tmr->initialized) {
-- snd_seq_timer_reset(tmr);
-+ seq_timer_reset(tmr);
- if (initialize_timer(tmr) < 0)
- return -EINVAL;
- }
-@@ -390,11 +424,24 @@ int snd_seq_timer_continue(struct snd_seq_timer * tmr)
- return 0;
- }
-
-+int snd_seq_timer_continue(struct snd_seq_timer *tmr)
-+{
-+ unsigned long flags;
-+ int err;
-+
-+ spin_lock_irqsave(&tmr->lock, flags);
-+ err = seq_timer_continue(tmr);
-+ spin_unlock_irqrestore(&tmr->lock, flags);
-+ return err;
-+}
-+
- /* return current 'real' time. use timeofday() to get better granularity. */
- snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
- {
- snd_seq_real_time_t cur_time;
-+ unsigned long flags;
-
-+ spin_lock_irqsave(&tmr->lock, flags);
- cur_time = tmr->cur_time;
- if (tmr->running) {
- struct timeval tm;
-@@ -410,7 +457,7 @@ snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
- }
- snd_seq_sanity_real_time(&cur_time);
- }
--
-+ spin_unlock_irqrestore(&tmr->lock, flags);
- return cur_time;
- }
-
-diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c
-index 56e0f4cd..81134e0 100644
---- a/sound/core/seq/seq_virmidi.c
-+++ b/sound/core/seq/seq_virmidi.c
-@@ -155,21 +155,26 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
- struct snd_virmidi *vmidi = substream->runtime->private_data;
- int count, res;
- unsigned char buf[32], *pbuf;
-+ unsigned long flags;
-
- if (up) {
- vmidi->trigger = 1;
- if (vmidi->seq_mode == SNDRV_VIRMIDI_SEQ_DISPATCH &&
- !(vmidi->rdev->flags & SNDRV_VIRMIDI_SUBSCRIBE)) {
-- snd_rawmidi_transmit_ack(substream, substream->runtime->buffer_size - substream->runtime->avail);
-- return; /* ignored */
-+ while (snd_rawmidi_transmit(substream, buf,
-+ sizeof(buf)) > 0) {
-+ /* ignored */
-+ }
-+ return;
- }
- if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
- if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
- return;
- vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
- }
-+ spin_lock_irqsave(&substream->runtime->lock, flags);
- while (1) {
-- count = snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
-+ count = __snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
- if (count <= 0)
- break;
- pbuf = buf;
-@@ -179,16 +184,18 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
- snd_midi_event_reset_encode(vmidi->parser);
- continue;
- }
-- snd_rawmidi_transmit_ack(substream, res);
-+ __snd_rawmidi_transmit_ack(substream, res);
- pbuf += res;
- count -= res;
- if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
- if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
-- return;
-+ goto out;
- vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
- }
- }
- }
-+ out:
-+ spin_unlock_irqrestore(&substream->runtime->lock, flags);
- } else {
- vmidi->trigger = 0;
- }
-@@ -254,9 +261,13 @@ static int snd_virmidi_output_open(struct snd_rawmidi_substream *substream)
- */
- static int snd_virmidi_input_close(struct snd_rawmidi_substream *substream)
- {
-+ struct snd_virmidi_dev *rdev = substream->rmidi->private_data;
- struct snd_virmidi *vmidi = substream->runtime->private_data;
-- snd_midi_event_free(vmidi->parser);
-+
-+ write_lock_irq(&rdev->filelist_lock);
- list_del(&vmidi->list);
-+ write_unlock_irq(&rdev->filelist_lock);
-+ snd_midi_event_free(vmidi->parser);
- substream->runtime->private_data = NULL;
- kfree(vmidi);
- return 0;
-diff --git a/sound/core/timer.c b/sound/core/timer.c
-index 0a049c4..f24c9fc 100644
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -305,8 +305,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
- return 0;
- }
-
--static int _snd_timer_stop(struct snd_timer_instance *timeri,
-- int keep_flag, int event);
-+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event);
-
- /*
- * close a timer instance
-@@ -348,7 +347,7 @@ int snd_timer_close(struct snd_timer_instance *timeri)
- spin_unlock_irq(&timer->lock);
- mutex_lock(&register_mutex);
- list_del(&timeri->open_list);
-- if (timer && list_empty(&timer->open_list_head) &&
-+ if (list_empty(&timer->open_list_head) &&
- timer->hw.close)
- timer->hw.close(timer);
- /* remove slave links */
-@@ -423,7 +422,7 @@ static void snd_timer_notify1(struct snd_timer_instance *ti, int event)
- spin_lock_irqsave(&timer->lock, flags);
- list_for_each_entry(ts, &ti->slave_active_head, active_list)
- if (ts->ccallback)
-- ts->ccallback(ti, event + 100, &tstamp, resolution);
-+ ts->ccallback(ts, event + 100, &tstamp, resolution);
- spin_unlock_irqrestore(&timer->lock, flags);
- }
-
-@@ -452,6 +451,10 @@ static int snd_timer_start_slave(struct snd_timer_instance *timeri)
- unsigned long flags;
-
- spin_lock_irqsave(&slave_active_lock, flags);
-+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
-+ spin_unlock_irqrestore(&slave_active_lock, flags);
-+ return -EBUSY;
-+ }
- timeri->flags |= SNDRV_TIMER_IFLG_RUNNING;
- if (timeri->master && timeri->timer) {
- spin_lock(&timeri->timer->lock);
-@@ -476,7 +479,8 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
- return -EINVAL;
- if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
- result = snd_timer_start_slave(timeri);
-- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
-+ if (result >= 0)
-+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
- return result;
- }
- timer = timeri->timer;
-@@ -485,16 +489,22 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
- if (timer->card && timer->card->shutdown)
- return -ENODEV;
- spin_lock_irqsave(&timer->lock, flags);
-+ if (timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
-+ SNDRV_TIMER_IFLG_START)) {
-+ result = -EBUSY;
-+ goto unlock;
-+ }
- timeri->ticks = timeri->cticks = ticks;
- timeri->pticks = 0;
- result = snd_timer_start1(timer, timeri, ticks);
-+ unlock:
- spin_unlock_irqrestore(&timer->lock, flags);
-- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
-+ if (result >= 0)
-+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
- return result;
- }
-
--static int _snd_timer_stop(struct snd_timer_instance * timeri,
-- int keep_flag, int event)
-+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event)
- {
- struct snd_timer *timer;
- unsigned long flags;
-@@ -503,19 +513,30 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
- return -ENXIO;
-
- if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
-- if (!keep_flag) {
-- spin_lock_irqsave(&slave_active_lock, flags);
-- timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
-- list_del_init(&timeri->ack_list);
-- list_del_init(&timeri->active_list);
-+ spin_lock_irqsave(&slave_active_lock, flags);
-+ if (!(timeri->flags & SNDRV_TIMER_IFLG_RUNNING)) {
- spin_unlock_irqrestore(&slave_active_lock, flags);
-+ return -EBUSY;
- }
-+ if (timeri->timer)
-+ spin_lock(&timeri->timer->lock);
-+ timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
-+ list_del_init(&timeri->ack_list);
-+ list_del_init(&timeri->active_list);
-+ if (timeri->timer)
-+ spin_unlock(&timeri->timer->lock);
-+ spin_unlock_irqrestore(&slave_active_lock, flags);
- goto __end;
- }
- timer = timeri->timer;
- if (!timer)
- return -EINVAL;
- spin_lock_irqsave(&timer->lock, flags);
-+ if (!(timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
-+ SNDRV_TIMER_IFLG_START))) {
-+ spin_unlock_irqrestore(&timer->lock, flags);
-+ return -EBUSY;
-+ }
- list_del_init(&timeri->ack_list);
- list_del_init(&timeri->active_list);
- if (timer->card && timer->card->shutdown) {
-@@ -534,9 +555,7 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
- }
- }
- }
-- if (!keep_flag)
-- timeri->flags &=
-- ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
-+ timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
- spin_unlock_irqrestore(&timer->lock, flags);
- __end:
- if (event != SNDRV_TIMER_EVENT_RESOLUTION)
-@@ -555,7 +574,7 @@ int snd_timer_stop(struct snd_timer_instance *timeri)
- unsigned long flags;
- int err;
-
-- err = _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_STOP);
-+ err = _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_STOP);
- if (err < 0)
- return err;
- timer = timeri->timer;
-@@ -587,10 +606,15 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
- if (timer->card && timer->card->shutdown)
- return -ENODEV;
- spin_lock_irqsave(&timer->lock, flags);
-+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
-+ result = -EBUSY;
-+ goto unlock;
-+ }
- if (!timeri->cticks)
- timeri->cticks = 1;
- timeri->pticks = 0;
- result = snd_timer_start1(timer, timeri, timer->sticks);
-+ unlock:
- spin_unlock_irqrestore(&timer->lock, flags);
- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_CONTINUE);
- return result;
-@@ -601,7 +625,7 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
- */
- int snd_timer_pause(struct snd_timer_instance * timeri)
- {
-- return _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_PAUSE);
-+ return _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_PAUSE);
- }
-
- /*
-@@ -724,8 +748,8 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left)
- ti->cticks = ti->ticks;
- } else {
- ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
-- if (--timer->running)
-- list_del_init(&ti->active_list);
-+ --timer->running;
-+ list_del_init(&ti->active_list);
- }
- if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) ||
- (ti->flags & SNDRV_TIMER_IFLG_FAST))
-@@ -1900,6 +1924,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
- {
- struct snd_timer_user *tu;
- long result = 0, unit;
-+ int qhead;
- int err = 0;
-
- tu = file->private_data;
-@@ -1911,7 +1936,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
-
- if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
- err = -EAGAIN;
-- break;
-+ goto _error;
- }
-
- set_current_state(TASK_INTERRUPTIBLE);
-@@ -1926,42 +1951,37 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
-
- if (tu->disconnected) {
- err = -ENODEV;
-- break;
-+ goto _error;
- }
- if (signal_pending(current)) {
- err = -ERESTARTSYS;
-- break;
-+ goto _error;
- }
- }
-
-+ qhead = tu->qhead++;
-+ tu->qhead %= tu->queue_size;
- spin_unlock_irq(&tu->qlock);
-- if (err < 0)
-- goto _error;
-
- if (tu->tread) {
-- if (copy_to_user(buffer, &tu->tqueue[tu->qhead++],
-- sizeof(struct snd_timer_tread))) {
-+ if (copy_to_user(buffer, &tu->tqueue[qhead],
-+ sizeof(struct snd_timer_tread)))
- err = -EFAULT;
-- goto _error;
-- }
- } else {
-- if (copy_to_user(buffer, &tu->queue[tu->qhead++],
-- sizeof(struct snd_timer_read))) {
-+ if (copy_to_user(buffer, &tu->queue[qhead],
-+ sizeof(struct snd_timer_read)))
- err = -EFAULT;
-- goto _error;
-- }
- }
-
-- tu->qhead %= tu->queue_size;
--
-- result += unit;
-- buffer += unit;
--
- spin_lock_irq(&tu->qlock);
- tu->qused--;
-+ if (err < 0)
-+ goto _error;
-+ result += unit;
-+ buffer += unit;
- }
-- spin_unlock_irq(&tu->qlock);
- _error:
-+ spin_unlock_irq(&tu->qlock);
- return result > 0 ? result : err;
- }
-
-diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
-index 016e451..a9f7a75 100644
---- a/sound/drivers/dummy.c
-+++ b/sound/drivers/dummy.c
-@@ -109,6 +109,9 @@ struct dummy_timer_ops {
- snd_pcm_uframes_t (*pointer)(struct snd_pcm_substream *);
- };
-
-+#define get_dummy_ops(substream) \
-+ (*(const struct dummy_timer_ops **)(substream)->runtime->private_data)
-+
- struct dummy_model {
- const char *name;
- int (*playback_constraints)(struct snd_pcm_runtime *runtime);
-@@ -137,7 +140,6 @@ struct snd_dummy {
- int iobox;
- struct snd_kcontrol *cd_volume_ctl;
- struct snd_kcontrol *cd_switch_ctl;
-- const struct dummy_timer_ops *timer_ops;
- };
-
- /*
-@@ -231,6 +233,8 @@ static struct dummy_model *dummy_models[] = {
- */
-
- struct dummy_systimer_pcm {
-+ /* ops must be the first item */
-+ const struct dummy_timer_ops *timer_ops;
- spinlock_t lock;
- struct timer_list timer;
- unsigned long base_time;
-@@ -366,6 +370,8 @@ static struct dummy_timer_ops dummy_systimer_ops = {
- */
-
- struct dummy_hrtimer_pcm {
-+ /* ops must be the first item */
-+ const struct dummy_timer_ops *timer_ops;
- ktime_t base_time;
- ktime_t period_time;
- atomic_t running;
-@@ -492,31 +498,25 @@ static struct dummy_timer_ops dummy_hrtimer_ops = {
-
- static int dummy_pcm_trigger(struct snd_pcm_substream *substream, int cmd)
- {
-- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
--
- switch (cmd) {
- case SNDRV_PCM_TRIGGER_START:
- case SNDRV_PCM_TRIGGER_RESUME:
-- return dummy->timer_ops->start(substream);
-+ return get_dummy_ops(substream)->start(substream);
- case SNDRV_PCM_TRIGGER_STOP:
- case SNDRV_PCM_TRIGGER_SUSPEND:
-- return dummy->timer_ops->stop(substream);
-+ return get_dummy_ops(substream)->stop(substream);
- }
- return -EINVAL;
- }
-
- static int dummy_pcm_prepare(struct snd_pcm_substream *substream)
- {
-- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
--
-- return dummy->timer_ops->prepare(substream);
-+ return get_dummy_ops(substream)->prepare(substream);
- }
-
- static snd_pcm_uframes_t dummy_pcm_pointer(struct snd_pcm_substream *substream)
- {
-- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
--
-- return dummy->timer_ops->pointer(substream);
-+ return get_dummy_ops(substream)->pointer(substream);
- }
-
- static struct snd_pcm_hardware dummy_pcm_hardware = {
-@@ -562,17 +562,19 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
- struct dummy_model *model = dummy->model;
- struct snd_pcm_runtime *runtime = substream->runtime;
-+ const struct dummy_timer_ops *ops;
- int err;
-
-- dummy->timer_ops = &dummy_systimer_ops;
-+ ops = &dummy_systimer_ops;
- #ifdef CONFIG_HIGH_RES_TIMERS
- if (hrtimer)
-- dummy->timer_ops = &dummy_hrtimer_ops;
-+ ops = &dummy_hrtimer_ops;
- #endif
-
-- err = dummy->timer_ops->create(substream);
-+ err = ops->create(substream);
- if (err < 0)
- return err;
-+ get_dummy_ops(substream) = ops;
-
- runtime->hw = dummy->pcm_hw;
- if (substream->pcm->device & 1) {
-@@ -594,7 +596,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
- err = model->capture_constraints(substream->runtime);
- }
- if (err < 0) {
-- dummy->timer_ops->free(substream);
-+ get_dummy_ops(substream)->free(substream);
- return err;
- }
- return 0;
-@@ -602,8 +604,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
-
- static int dummy_pcm_close(struct snd_pcm_substream *substream)
- {
-- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
-- dummy->timer_ops->free(substream);
-+ get_dummy_ops(substream)->free(substream);
- return 0;
- }
-
-diff --git a/sound/firewire/bebob/bebob_stream.c b/sound/firewire/bebob/bebob_stream.c
-index 926e5dc..5022c9b 100644
---- a/sound/firewire/bebob/bebob_stream.c
-+++ b/sound/firewire/bebob/bebob_stream.c
-@@ -47,14 +47,16 @@ static const unsigned int bridgeco_freq_table[] = {
- [6] = 0x07,
- };
-
--static unsigned int
--get_formation_index(unsigned int rate)
-+static int
-+get_formation_index(unsigned int rate, unsigned int *index)
- {
- unsigned int i;
-
- for (i = 0; i < ARRAY_SIZE(snd_bebob_rate_table); i++) {
-- if (snd_bebob_rate_table[i] == rate)
-- return i;
-+ if (snd_bebob_rate_table[i] == rate) {
-+ *index = i;
-+ return 0;
-+ }
- }
- return -EINVAL;
- }
-@@ -425,7 +427,9 @@ make_both_connections(struct snd_bebob *bebob, unsigned int rate)
- goto end;
-
- /* confirm params for both streams */
-- index = get_formation_index(rate);
-+ err = get_formation_index(rate, &index);
-+ if (err < 0)
-+ goto end;
- pcm_channels = bebob->tx_stream_formations[index].pcm;
- midi_channels = bebob->tx_stream_formations[index].midi;
- err = amdtp_am824_set_parameters(&bebob->tx_stream, rate,
-diff --git a/sound/isa/Kconfig b/sound/isa/Kconfig
-index 0216475..37adcc6 100644
---- a/sound/isa/Kconfig
-+++ b/sound/isa/Kconfig
-@@ -3,6 +3,7 @@
- config SND_WSS_LIB
- tristate
- select SND_PCM
-+ select SND_TIMER
-
- config SND_SB_COMMON
- tristate
-@@ -42,6 +43,7 @@ config SND_AD1816A
- select SND_OPL3_LIB
- select SND_MPU401_UART
- select SND_PCM
-+ select SND_TIMER
- help
- Say Y here to include support for Analog Devices SoundPort
- AD1816A or compatible sound chips.
-@@ -209,6 +211,7 @@ config SND_GUSCLASSIC
- tristate "Gravis UltraSound Classic"
- select SND_RAWMIDI
- select SND_PCM
-+ select SND_TIMER
- help
- Say Y here to include support for Gravis UltraSound Classic
- soundcards.
-@@ -221,6 +224,7 @@ config SND_GUSEXTREME
- select SND_OPL3_LIB
- select SND_MPU401_UART
- select SND_PCM
-+ select SND_TIMER
- help
- Say Y here to include support for Gravis UltraSound Extreme
- soundcards.
-diff --git a/sound/pci/Kconfig b/sound/pci/Kconfig
-index 656ce39..8f6594a 100644
---- a/sound/pci/Kconfig
-+++ b/sound/pci/Kconfig
-@@ -155,6 +155,7 @@ config SND_AZT3328
- select SND_PCM
- select SND_RAWMIDI
- select SND_AC97_CODEC
-+ select SND_TIMER
- depends on ZONE_DMA
- help
- Say Y here to include support for Aztech AZF3328 (PCI168)
-@@ -463,6 +464,7 @@ config SND_EMU10K1
- select SND_HWDEP
- select SND_RAWMIDI
- select SND_AC97_CODEC
-+ select SND_TIMER
- depends on ZONE_DMA
- help
- Say Y to include support for Sound Blaster PCI 512, Live!,
-@@ -889,6 +891,7 @@ config SND_YMFPCI
- select SND_OPL3_LIB
- select SND_MPU401_UART
- select SND_AC97_CODEC
-+ select SND_TIMER
- help
- Say Y here to include support for Yamaha PCI audio chips -
- YMF724, YMF724F, YMF740, YMF740C, YMF744, YMF754.
-diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
-index c6e8a65..5c4fa8e 100644
---- a/sound/pci/hda/hda_generic.c
-+++ b/sound/pci/hda/hda_generic.c
-@@ -771,9 +771,6 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
- unsigned int caps;
- unsigned int mask, val;
-
-- if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
-- return;
--
- caps = query_amp_caps(codec, nid, dir);
- val = get_amp_val_to_activate(codec, nid, dir, caps, enable);
- mask = get_amp_mask_to_modify(codec, nid, dir, idx_to_check, caps);
-@@ -784,12 +781,22 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
- update_amp(codec, nid, dir, idx, mask, val);
- }
-
-+static void check_and_activate_amp(struct hda_codec *codec, hda_nid_t nid,
-+ int dir, int idx, int idx_to_check,
-+ bool enable)
-+{
-+ /* check whether the given amp is still used by others */
-+ if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
-+ return;
-+ activate_amp(codec, nid, dir, idx, idx_to_check, enable);
-+}
-+
- static void activate_amp_out(struct hda_codec *codec, struct nid_path *path,
- int i, bool enable)
- {
- hda_nid_t nid = path->path[i];
- init_amp(codec, nid, HDA_OUTPUT, 0);
-- activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
-+ check_and_activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
- }
-
- static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
-@@ -817,9 +824,16 @@ static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
- * when aa-mixer is available, we need to enable the path as well
- */
- for (n = 0; n < nums; n++) {
-- if (n != idx && (!add_aamix || conn[n] != spec->mixer_merge_nid))
-- continue;
-- activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
-+ if (n != idx) {
-+ if (conn[n] != spec->mixer_merge_nid)
-+ continue;
-+ /* when aamix is disabled, force to off */
-+ if (!add_aamix) {
-+ activate_amp(codec, nid, HDA_INPUT, n, n, false);
-+ continue;
-+ }
-+ }
-+ check_and_activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
- }
- }
-
-@@ -1580,6 +1594,12 @@ static bool map_singles(struct hda_codec *codec, int outs,
- return found;
- }
-
-+static inline bool has_aamix_out_paths(struct hda_gen_spec *spec)
-+{
-+ return spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
-+ spec->aamix_out_paths[2];
-+}
-+
- /* create a new path including aamix if available, and return its index */
- static int check_aamix_out_path(struct hda_codec *codec, int path_idx)
- {
-@@ -2422,25 +2442,51 @@ static void update_aamix_paths(struct hda_codec *codec, bool do_mix,
- }
- }
-
-+/* re-initialize the output paths; only called from loopback_mixing_put() */
-+static void update_output_paths(struct hda_codec *codec, int num_outs,
-+ const int *paths)
-+{
-+ struct hda_gen_spec *spec = codec->spec;
-+ struct nid_path *path;
-+ int i;
-+
-+ for (i = 0; i < num_outs; i++) {
-+ path = snd_hda_get_path_from_idx(codec, paths[i]);
-+ if (path)
-+ snd_hda_activate_path(codec, path, path->active,
-+ spec->aamix_mode);
-+ }
-+}
-+
- static int loopback_mixing_put(struct snd_kcontrol *kcontrol,
- struct snd_ctl_elem_value *ucontrol)
- {
- struct hda_codec *codec = snd_kcontrol_chip(kcontrol);
- struct hda_gen_spec *spec = codec->spec;
-+ const struct auto_pin_cfg *cfg = &spec->autocfg;
- unsigned int val = ucontrol->value.enumerated.item[0];
-
- if (val == spec->aamix_mode)
- return 0;
- spec->aamix_mode = val;
-- update_aamix_paths(codec, val, spec->out_paths[0],
-- spec->aamix_out_paths[0],
-- spec->autocfg.line_out_type);
-- update_aamix_paths(codec, val, spec->hp_paths[0],
-- spec->aamix_out_paths[1],
-- AUTO_PIN_HP_OUT);
-- update_aamix_paths(codec, val, spec->speaker_paths[0],
-- spec->aamix_out_paths[2],
-- AUTO_PIN_SPEAKER_OUT);
-+ if (has_aamix_out_paths(spec)) {
-+ update_aamix_paths(codec, val, spec->out_paths[0],
-+ spec->aamix_out_paths[0],
-+ cfg->line_out_type);
-+ update_aamix_paths(codec, val, spec->hp_paths[0],
-+ spec->aamix_out_paths[1],
-+ AUTO_PIN_HP_OUT);
-+ update_aamix_paths(codec, val, spec->speaker_paths[0],
-+ spec->aamix_out_paths[2],
-+ AUTO_PIN_SPEAKER_OUT);
-+ } else {
-+ update_output_paths(codec, cfg->line_outs, spec->out_paths);
-+ if (cfg->line_out_type != AUTO_PIN_HP_OUT)
-+ update_output_paths(codec, cfg->hp_outs, spec->hp_paths);
-+ if (cfg->line_out_type != AUTO_PIN_SPEAKER_OUT)
-+ update_output_paths(codec, cfg->speaker_outs,
-+ spec->speaker_paths);
-+ }
- return 1;
- }
-
-@@ -2458,12 +2504,13 @@ static int create_loopback_mixing_ctl(struct hda_codec *codec)
-
- if (!spec->mixer_nid)
- return 0;
-- if (!(spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
-- spec->aamix_out_paths[2]))
-- return 0;
- if (!snd_hda_gen_add_kctl(spec, NULL, &loopback_mixing_enum))
- return -ENOMEM;
- spec->have_aamix_ctl = 1;
-+ /* if no explicit aamix path is present (e.g. for Realtek codecs),
-+ * enable aamix as default -- just for compatibility
-+ */
-+ spec->aamix_mode = !has_aamix_out_paths(spec);
- return 0;
- }
-
-@@ -3998,9 +4045,9 @@ static void pin_power_callback(struct hda_codec *codec,
- struct hda_jack_callback *jack,
- bool on)
- {
-- if (jack && jack->tbl->nid)
-+ if (jack && jack->nid)
- sync_power_state_change(codec,
-- set_pin_power_jack(codec, jack->tbl->nid, on));
-+ set_pin_power_jack(codec, jack->nid, on));
- }
-
- /* callback only doing power up -- called at first */
-@@ -5664,6 +5711,8 @@ static void init_aamix_paths(struct hda_codec *codec)
-
- if (!spec->have_aamix_ctl)
- return;
-+ if (!has_aamix_out_paths(spec))
-+ return;
- update_aamix_paths(codec, spec->aamix_mode, spec->out_paths[0],
- spec->aamix_out_paths[0],
- spec->autocfg.line_out_type);
-diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
-index 614baff..02a86ba 100644
---- a/sound/pci/hda/hda_intel.c
-+++ b/sound/pci/hda/hda_intel.c
-@@ -90,6 +90,8 @@ enum {
- #define NVIDIA_HDA_ENABLE_COHBIT 0x01
-
- /* Defines for Intel SCH HDA snoop control */
-+#define INTEL_HDA_CGCTL 0x48
-+#define INTEL_HDA_CGCTL_MISCBDCGE (0x1 << 6)
- #define INTEL_SCH_HDA_DEVC 0x78
- #define INTEL_SCH_HDA_DEVC_NOSNOOP (0x1<<11)
-
-@@ -528,10 +530,21 @@ static void hda_intel_init_chip(struct azx *chip, bool full_reset)
- {
- struct hdac_bus *bus = azx_bus(chip);
- struct pci_dev *pci = chip->pci;
-+ u32 val;
-
- if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL)
- snd_hdac_set_codec_wakeup(bus, true);
-+ if (IS_BROXTON(pci)) {
-+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
-+ val = val & ~INTEL_HDA_CGCTL_MISCBDCGE;
-+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
-+ }
- azx_init_chip(chip, full_reset);
-+ if (IS_BROXTON(pci)) {
-+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
-+ val = val | INTEL_HDA_CGCTL_MISCBDCGE;
-+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
-+ }
- if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL)
- snd_hdac_set_codec_wakeup(bus, false);
-
-diff --git a/sound/pci/hda/hda_jack.c b/sound/pci/hda/hda_jack.c
-index c945e25..a33234e 100644
---- a/sound/pci/hda/hda_jack.c
-+++ b/sound/pci/hda/hda_jack.c
-@@ -259,7 +259,7 @@ snd_hda_jack_detect_enable_callback(struct hda_codec *codec, hda_nid_t nid,
- if (!callback)
- return ERR_PTR(-ENOMEM);
- callback->func = func;
-- callback->tbl = jack;
-+ callback->nid = jack->nid;
- callback->next = jack->callback;
- jack->callback = callback;
- }
-diff --git a/sound/pci/hda/hda_jack.h b/sound/pci/hda/hda_jack.h
-index 858708a..e9814c0 100644
---- a/sound/pci/hda/hda_jack.h
-+++ b/sound/pci/hda/hda_jack.h
-@@ -21,7 +21,7 @@ struct hda_jack_callback;
- typedef void (*hda_jack_callback_fn) (struct hda_codec *, struct hda_jack_callback *);
-
- struct hda_jack_callback {
-- struct hda_jack_tbl *tbl;
-+ hda_nid_t nid;
- hda_jack_callback_fn func;
- unsigned int private_data; /* arbitrary data */
- struct hda_jack_callback *next;
-diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
-index 4ef2259..9ceb2bc 100644
---- a/sound/pci/hda/patch_ca0132.c
-+++ b/sound/pci/hda/patch_ca0132.c
-@@ -4427,13 +4427,16 @@ static void ca0132_process_dsp_response(struct hda_codec *codec,
- static void hp_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
- {
- struct ca0132_spec *spec = codec->spec;
-+ struct hda_jack_tbl *tbl;
-
- /* Delay enabling the HP amp, to let the mic-detection
- * state machine run.
- */
- cancel_delayed_work_sync(&spec->unsol_hp_work);
- schedule_delayed_work(&spec->unsol_hp_work, msecs_to_jiffies(500));
-- cb->tbl->block_report = 1;
-+ tbl = snd_hda_jack_tbl_get(codec, cb->nid);
-+ if (tbl)
-+ tbl->block_report = 1;
- }
-
- static void amic_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
-diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
-index a12ae8a..c1c855a 100644
---- a/sound/pci/hda/patch_cirrus.c
-+++ b/sound/pci/hda/patch_cirrus.c
-@@ -614,6 +614,7 @@ enum {
- CS4208_MAC_AUTO,
- CS4208_MBA6,
- CS4208_MBP11,
-+ CS4208_MACMINI,
- CS4208_GPIO0,
- };
-
-@@ -621,6 +622,7 @@ static const struct hda_model_fixup cs4208_models[] = {
- { .id = CS4208_GPIO0, .name = "gpio0" },
- { .id = CS4208_MBA6, .name = "mba6" },
- { .id = CS4208_MBP11, .name = "mbp11" },
-+ { .id = CS4208_MACMINI, .name = "macmini" },
- {}
- };
-
-@@ -632,6 +634,7 @@ static const struct snd_pci_quirk cs4208_fixup_tbl[] = {
- /* codec SSID matching */
- static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
- SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
-+ SND_PCI_QUIRK(0x106b, 0x6c00, "MacMini 7,1", CS4208_MACMINI),
- SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
- SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
- SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
-@@ -666,6 +669,24 @@ static void cs4208_fixup_mac(struct hda_codec *codec,
- snd_hda_apply_fixup(codec, action);
- }
-
-+/* MacMini 7,1 has the inverted jack detection */
-+static void cs4208_fixup_macmini(struct hda_codec *codec,
-+ const struct hda_fixup *fix, int action)
-+{
-+ static const struct hda_pintbl pincfgs[] = {
-+ { 0x18, 0x00ab9150 }, /* mic (audio-in) jack: disable detect */
-+ { 0x21, 0x004be140 }, /* SPDIF: disable detect */
-+ { }
-+ };
-+
-+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
-+ /* HP pin (0x10) has an inverted detection */
-+ codec->inv_jack_detect = 1;
-+ /* disable the bogus Mic and SPDIF jack detections */
-+ snd_hda_apply_pincfgs(codec, pincfgs);
-+ }
-+}
-+
- static int cs4208_spdif_sw_put(struct snd_kcontrol *kcontrol,
- struct snd_ctl_elem_value *ucontrol)
- {
-@@ -709,6 +730,12 @@ static const struct hda_fixup cs4208_fixups[] = {
- .chained = true,
- .chain_id = CS4208_GPIO0,
- },
-+ [CS4208_MACMINI] = {
-+ .type = HDA_FIXUP_FUNC,
-+ .v.func = cs4208_fixup_macmini,
-+ .chained = true,
-+ .chain_id = CS4208_GPIO0,
-+ },
- [CS4208_GPIO0] = {
- .type = HDA_FIXUP_FUNC,
- .v.func = cs4208_fixup_gpio0,
-diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
-index 4b6fb66..70c9456 100644
---- a/sound/pci/hda/patch_hdmi.c
-+++ b/sound/pci/hda/patch_hdmi.c
-@@ -438,7 +438,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol,
- eld = &per_pin->sink_eld;
-
- mutex_lock(&per_pin->lock);
-- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) {
-+ if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) ||
-+ eld->eld_size > ELD_MAX_SIZE) {
- mutex_unlock(&per_pin->lock);
- snd_BUG();
- return -EINVAL;
-@@ -1183,7 +1184,7 @@ static void check_presence_and_report(struct hda_codec *codec, hda_nid_t nid)
- static void jack_callback(struct hda_codec *codec,
- struct hda_jack_callback *jack)
- {
-- check_presence_and_report(codec, jack->tbl->nid);
-+ check_presence_and_report(codec, jack->nid);
- }
-
- static void hdmi_intrinsic_event(struct hda_codec *codec, unsigned int res)
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index 3375324..efd4980 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -282,7 +282,7 @@ static void alc_update_knob_master(struct hda_codec *codec,
- uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
- if (!uctl)
- return;
-- val = snd_hda_codec_read(codec, jack->tbl->nid, 0,
-+ val = snd_hda_codec_read(codec, jack->nid, 0,
- AC_VERB_GET_VOLUME_KNOB_CONTROL, 0);
- val &= HDA_AMP_VOLMASK;
- uctl->value.integer.value[0] = val;
-@@ -327,6 +327,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
- case 0x10ec0292:
- alc_update_coef_idx(codec, 0x4, 1<<15, 0);
- break;
-+ case 0x10ec0225:
- case 0x10ec0233:
- case 0x10ec0255:
- case 0x10ec0256:
-@@ -900,6 +901,7 @@ static struct alc_codec_rename_pci_table rename_pci_tbl[] = {
- { 0x10ec0899, 0x1028, 0, "ALC3861" },
- { 0x10ec0298, 0x1028, 0, "ALC3266" },
- { 0x10ec0256, 0x1028, 0, "ALC3246" },
-+ { 0x10ec0225, 0x1028, 0, "ALC3253" },
- { 0x10ec0670, 0x1025, 0, "ALC669X" },
- { 0x10ec0676, 0x1025, 0, "ALC679X" },
- { 0x10ec0282, 0x1043, 0, "ALC3229" },
-@@ -1785,7 +1787,6 @@ enum {
- ALC882_FIXUP_NO_PRIMARY_HP,
- ALC887_FIXUP_ASUS_BASS,
- ALC887_FIXUP_BASS_CHMAP,
-- ALC882_FIXUP_DISABLE_AAMIX,
- };
-
- static void alc889_fixup_coef(struct hda_codec *codec,
-@@ -1947,8 +1948,6 @@ static void alc882_fixup_no_primary_hp(struct hda_codec *codec,
-
- static void alc_fixup_bass_chmap(struct hda_codec *codec,
- const struct hda_fixup *fix, int action);
--static void alc_fixup_disable_aamix(struct hda_codec *codec,
-- const struct hda_fixup *fix, int action);
-
- static const struct hda_fixup alc882_fixups[] = {
- [ALC882_FIXUP_ABIT_AW9D_MAX] = {
-@@ -2186,10 +2185,6 @@ static const struct hda_fixup alc882_fixups[] = {
- .type = HDA_FIXUP_FUNC,
- .v.func = alc_fixup_bass_chmap,
- },
-- [ALC882_FIXUP_DISABLE_AAMIX] = {
-- .type = HDA_FIXUP_FUNC,
-- .v.func = alc_fixup_disable_aamix,
-- },
- };
-
- static const struct snd_pci_quirk alc882_fixup_tbl[] = {
-@@ -2228,6 +2223,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
- SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
- SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP),
- SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
-+ SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
-
- /* All Apple entries are in codec SSIDs */
- SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF),
-@@ -2257,7 +2253,6 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
- SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
- SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
- SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
-- SND_PCI_QUIRK(0x1458, 0xa182, "Gigabyte Z170X-UD3", ALC882_FIXUP_DISABLE_AAMIX),
- SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX),
- SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
- SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
-@@ -2651,6 +2646,7 @@ enum {
- ALC269_TYPE_ALC298,
- ALC269_TYPE_ALC255,
- ALC269_TYPE_ALC256,
-+ ALC269_TYPE_ALC225,
- };
-
- /*
-@@ -2680,6 +2676,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
- case ALC269_TYPE_ALC298:
- case ALC269_TYPE_ALC255:
- case ALC269_TYPE_ALC256:
-+ case ALC269_TYPE_ALC225:
- ssids = alc269_ssids;
- break;
- default:
-@@ -3658,6 +3655,16 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
- WRITE_COEF(0xb7, 0x802b),
- {}
- };
-+ static struct coef_fw coef0225[] = {
-+ UPDATE_COEF(0x4a, 1<<8, 0),
-+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 0),
-+ UPDATE_COEF(0x63, 3<<14, 3<<14),
-+ UPDATE_COEF(0x4a, 3<<4, 2<<4),
-+ UPDATE_COEF(0x4a, 3<<10, 3<<10),
-+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10),
-+ UPDATE_COEF(0x4a, 3<<10, 0),
-+ {}
-+ };
-
- switch (codec->core.vendor_id) {
- case 0x10ec0255:
-@@ -3682,6 +3689,9 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
- case 0x10ec0668:
- alc_process_coef_fw(codec, coef0668);
- break;
-+ case 0x10ec0225:
-+ alc_process_coef_fw(codec, coef0225);
-+ break;
- }
- codec_dbg(codec, "Headset jack set to unplugged mode.\n");
- }
-@@ -3727,6 +3737,13 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
- UPDATE_COEF(0xc3, 0, 1<<12),
- {}
- };
-+ static struct coef_fw coef0225[] = {
-+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 1<<14),
-+ UPDATE_COEF(0x4a, 3<<4, 2<<4),
-+ UPDATE_COEF(0x63, 3<<14, 0),
-+ {}
-+ };
-+
-
- switch (codec->core.vendor_id) {
- case 0x10ec0255:
-@@ -3772,6 +3789,12 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
- alc_process_coef_fw(codec, coef0688);
- snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50);
- break;
-+ case 0x10ec0225:
-+ alc_update_coef_idx(codec, 0x45, 0x3f<<10, 0x31<<10);
-+ snd_hda_set_pin_ctl_cache(codec, hp_pin, 0);
-+ alc_process_coef_fw(codec, coef0225);
-+ snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50);
-+ break;
- }
- codec_dbg(codec, "Headset jack set to mic-in mode.\n");
- }
-@@ -3884,6 +3907,13 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
- WRITE_COEF(0xc3, 0x0000),
- {}
- };
-+ static struct coef_fw coef0225[] = {
-+ UPDATE_COEF(0x45, 0x3f<<10, 0x35<<10),
-+ UPDATE_COEF(0x49, 1<<8, 1<<8),
-+ UPDATE_COEF(0x4a, 7<<6, 7<<6),
-+ UPDATE_COEF(0x4a, 3<<4, 3<<4),
-+ {}
-+ };
-
- switch (codec->core.vendor_id) {
- case 0x10ec0255:
-@@ -3912,6 +3942,9 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
- case 0x10ec0668:
- alc_process_coef_fw(codec, coef0688);
- break;
-+ case 0x10ec0225:
-+ alc_process_coef_fw(codec, coef0225);
-+ break;
- }
- codec_dbg(codec, "Headset jack set to iPhone-style headset mode.\n");
- }
-@@ -3955,6 +3988,13 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
- WRITE_COEF(0xc3, 0x0000),
- {}
- };
-+ static struct coef_fw coef0225[] = {
-+ UPDATE_COEF(0x45, 0x3f<<10, 0x39<<10),
-+ UPDATE_COEF(0x49, 1<<8, 1<<8),
-+ UPDATE_COEF(0x4a, 7<<6, 7<<6),
-+ UPDATE_COEF(0x4a, 3<<4, 3<<4),
-+ {}
-+ };
-
- switch (codec->core.vendor_id) {
- case 0x10ec0255:
-@@ -3983,6 +4023,9 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
- case 0x10ec0668:
- alc_process_coef_fw(codec, coef0688);
- break;
-+ case 0x10ec0225:
-+ alc_process_coef_fw(codec, coef0225);
-+ break;
- }
- codec_dbg(codec, "Headset jack set to Nokia-style headset mode.\n");
- }
-@@ -4014,6 +4057,11 @@ static void alc_determine_headset_type(struct hda_codec *codec)
- WRITE_COEF(0xc3, 0x0c00),
- {}
- };
-+ static struct coef_fw coef0225[] = {
-+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10),
-+ UPDATE_COEF(0x49, 1<<8, 1<<8),
-+ {}
-+ };
-
- switch (codec->core.vendor_id) {
- case 0x10ec0255:
-@@ -4058,6 +4106,12 @@ static void alc_determine_headset_type(struct hda_codec *codec)
- val = alc_read_coef_idx(codec, 0xbe);
- is_ctia = (val & 0x1c02) == 0x1c02;
- break;
-+ case 0x10ec0225:
-+ alc_process_coef_fw(codec, coef0225);
-+ msleep(800);
-+ val = alc_read_coef_idx(codec, 0x46);
-+ is_ctia = (val & 0x00f0) == 0x00f0;
-+ break;
- }
-
- codec_dbg(codec, "Headset jack detected iPhone-style headset: %s\n",
-@@ -5560,6 +5614,9 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
- {.id = ALC292_FIXUP_TPT440, .name = "tpt440"},
- {}
- };
-+#define ALC225_STANDARD_PINS \
-+ {0x12, 0xb7a60130}, \
-+ {0x21, 0x04211020}
-
- #define ALC256_STANDARD_PINS \
- {0x12, 0x90a60140}, \
-@@ -5581,6 +5638,12 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
- {0x21, 0x03211020}
-
- static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
-+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC225_STANDARD_PINS,
-+ {0x14, 0x901701a0}),
-+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
-+ ALC225_STANDARD_PINS,
-+ {0x14, 0x901701b0}),
- SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL2_MIC_NO_PRESENCE,
- {0x14, 0x90170110},
- {0x21, 0x02211020}),
-@@ -5906,6 +5969,9 @@ static int patch_alc269(struct hda_codec *codec)
- spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */
- alc_update_coef_idx(codec, 0x36, 1 << 13, 1 << 5); /* Switch pcbeep path to Line in path*/
- break;
-+ case 0x10ec0225:
-+ spec->codec_variant = ALC269_TYPE_ALC225;
-+ break;
- }
-
- if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) {
-@@ -6796,6 +6862,7 @@ static int patch_alc680(struct hda_codec *codec)
- */
- static const struct hda_device_id snd_hda_id_realtek[] = {
- HDA_CODEC_ENTRY(0x10ec0221, "ALC221", patch_alc269),
-+ HDA_CODEC_ENTRY(0x10ec0225, "ALC225", patch_alc269),
- HDA_CODEC_ENTRY(0x10ec0231, "ALC231", patch_alc269),
- HDA_CODEC_ENTRY(0x10ec0233, "ALC233", patch_alc269),
- HDA_CODEC_ENTRY(0x10ec0235, "ALC233", patch_alc269),
-diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
-index 2c7c5eb..37b70f8 100644
---- a/sound/pci/hda/patch_sigmatel.c
-+++ b/sound/pci/hda/patch_sigmatel.c
-@@ -493,9 +493,9 @@ static void jack_update_power(struct hda_codec *codec,
- if (!spec->num_pwrs)
- return;
-
-- if (jack && jack->tbl->nid) {
-- stac_toggle_power_map(codec, jack->tbl->nid,
-- snd_hda_jack_detect(codec, jack->tbl->nid),
-+ if (jack && jack->nid) {
-+ stac_toggle_power_map(codec, jack->nid,
-+ snd_hda_jack_detect(codec, jack->nid),
- true);
- return;
- }
-diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
-index 3e3c7f6..b74840b 100644
---- a/sound/soc/codecs/rt5645.c
-+++ b/sound/soc/codecs/rt5645.c
-@@ -621,7 +621,7 @@ static const struct snd_kcontrol_new rt5645_snd_controls[] = {
-
- /* IN1/IN2 Control */
- SOC_SINGLE_TLV("IN1 Boost", RT5645_IN1_CTRL1,
-- RT5645_BST_SFT1, 8, 0, bst_tlv),
-+ RT5645_BST_SFT1, 12, 0, bst_tlv),
- SOC_SINGLE_TLV("IN2 Boost", RT5645_IN2_CTRL,
- RT5645_BST_SFT2, 8, 0, bst_tlv),
-
-diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
-index c86dc96..65b936e 100644
---- a/sound/soc/soc-pcm.c
-+++ b/sound/soc/soc-pcm.c
-@@ -1743,7 +1743,8 @@ int dpcm_be_dai_hw_free(struct snd_soc_pcm_runtime *fe, int stream)
- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PREPARE) &&
- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_HW_FREE) &&
- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PAUSED) &&
-- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP))
-+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP) &&
-+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_SUSPEND))
- continue;
-
- dev_dbg(be->dev, "ASoC: hw_free BE %s\n",
-diff --git a/sound/sparc/Kconfig b/sound/sparc/Kconfig
-index d75deba..dfcd386 100644
---- a/sound/sparc/Kconfig
-+++ b/sound/sparc/Kconfig
-@@ -22,6 +22,7 @@ config SND_SUN_AMD7930
- config SND_SUN_CS4231
- tristate "Sun CS4231"
- select SND_PCM
-+ select SND_TIMER
- help
- Say Y here to include support for CS4231 sound device on Sun.
-
-diff --git a/sound/usb/midi.c b/sound/usb/midi.c
-index 5b4c58c..b21b766 100644
---- a/sound/usb/midi.c
-+++ b/sound/usb/midi.c
-@@ -2454,7 +2454,6 @@ int snd_usbmidi_create(struct snd_card *card,
- else
- err = snd_usbmidi_create_endpoints(umidi, endpoints);
- if (err < 0) {
-- snd_usbmidi_free(umidi);
- return err;
- }
-
-diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
-index 23ea6d8..4f6ce1c 100644
---- a/sound/usb/quirks.c
-+++ b/sound/usb/quirks.c
-@@ -1121,6 +1121,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
- switch (chip->usb_id) {
- case USB_ID(0x045E, 0x075D): /* MS Lifecam Cinema */
- case USB_ID(0x045E, 0x076D): /* MS Lifecam HD-5000 */
-+ case USB_ID(0x045E, 0x076F): /* MS Lifecam HD-6000 */
- case USB_ID(0x045E, 0x0772): /* MS Lifecam Studio */
- case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */
- case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
-@@ -1205,8 +1206,12 @@ void snd_usb_set_interface_quirk(struct usb_device *dev)
- * "Playback Design" products need a 50ms delay after setting the
- * USB interface.
- */
-- if (le16_to_cpu(dev->descriptor.idVendor) == 0x23ba)
-+ switch (le16_to_cpu(dev->descriptor.idVendor)) {
-+ case 0x23ba: /* Playback Design */
-+ case 0x0644: /* TEAC Corp. */
- mdelay(50);
-+ break;
-+ }
- }
-
- void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
-@@ -1221,6 +1226,14 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
- (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
- mdelay(20);
-
-+ /*
-+ * "TEAC Corp." products need a 20ms delay after each
-+ * class compliant request
-+ */
-+ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x0644) &&
-+ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
-+ mdelay(20);
-+
- /* Marantz/Denon devices with USB DAC functionality need a delay
- * after each class compliant request
- */
-@@ -1269,7 +1282,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
- case USB_ID(0x20b1, 0x3008): /* iFi Audio micro/nano iDSD */
- case USB_ID(0x20b1, 0x2008): /* Matrix Audio X-Sabre */
- case USB_ID(0x20b1, 0x300a): /* Matrix Audio Mini-i Pro */
-- case USB_ID(0x22d8, 0x0416): /* OPPO HA-1*/
-+ case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */
- if (fp->altsetting == 2)
- return SNDRV_PCM_FMTBIT_DSD_U32_BE;
- break;
-@@ -1278,6 +1291,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
- case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */
- case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */
- case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */
-+ case USB_ID(0x2616, 0x0106): /* PS Audio NuWave DAC */
- if (fp->altsetting == 3)
- return SNDRV_PCM_FMTBIT_DSD_U32_BE;
- break;
diff --git a/4.4.2/0000_README b/4.4.3/0000_README
index 780df77..25f9ab4 100644
--- a/4.4.2/0000_README
+++ b/4.4.3/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1001_linux-4.4.2.patch
-From: http://www.kernel.org
-Desc: Linux 4.4.2
-
-Patch: 4420_grsecurity-3.1-4.4.2-201602182048.patch
+Patch: 4420_grsecurity-3.1-4.4.3-201602282149.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch
index 0157b77..fcd8074 100644
--- a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch
+++ b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch
@@ -449,7 +449,7 @@ index af70d15..ccd3786 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index e7a2958..730b429 100644
+index 802be10..383fd5d 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -4748,7 +4748,7 @@ index b2ede967..865eed5 100644
#define user_addr_max get_fs
diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
-index 7963aa4..15dd03d 100644
+index 354144e..f8c556b 100644
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -132,7 +132,7 @@ static void __dma_free_coherent(struct device *dev, size_t size,
@@ -20263,7 +20263,7 @@ index e6844df..432b56e 100644
#endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
-index a471cad..d1e3128 100644
+index 79c9185..d1e3128 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -85,8 +85,10 @@
@@ -20342,30 +20342,7 @@ index a471cad..d1e3128 100644
static inline pmdval_t native_pmd_val(pmd_t pmd)
{
return native_pgd_val(pmd.pud.pgd);
-@@ -363,20 +374,18 @@ static inline enum page_cache_mode pgprot2cachemode(pgprot_t pgprot)
- }
- static inline pgprot_t pgprot_4k_2_large(pgprot_t pgprot)
- {
-+ pgprotval_t val = pgprot_val(pgprot);
- pgprot_t new;
-- unsigned long val;
-
-- val = pgprot_val(pgprot);
- pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) |
- ((val & _PAGE_PAT) << (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT));
- return new;
- }
- static inline pgprot_t pgprot_large_2_4k(pgprot_t pgprot)
- {
-+ pgprotval_t val = pgprot_val(pgprot);
- pgprot_t new;
-- unsigned long val;
-
-- val = pgprot_val(pgprot);
- pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) |
- ((val & _PAGE_PAT_LARGE) >>
- (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT));
-@@ -388,7 +397,6 @@ typedef struct page *pgtable_t;
+@@ -386,7 +397,6 @@ typedef struct page *pgtable_t;
extern pteval_t __supported_pte_mask;
extern void set_nx(void);
@@ -30797,7 +30774,7 @@ index 009f982..9b3db5e 100644
ret
ENDPROC(copy_page_regs)
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
-index 982ce34..8e14731 100644
+index 27f89c7..7ae1e8e 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
@@ -14,50 +14,7 @@
@@ -30902,8 +30879,8 @@ index 982ce34..8e14731 100644
ret
.section .fixup,"ax"
-@@ -235,6 +201,16 @@ ENDPROC(copy_user_enhanced_fast_string)
- * This will force destination/source out of cache for more performance.
+@@ -240,6 +206,16 @@ ENDPROC(copy_user_enhanced_fast_string)
+ * - Require 4-byte alignment when size is 4 bytes.
*/
ENTRY(__copy_user_nocache)
+
@@ -30917,11 +30894,11 @@ index 982ce34..8e14731 100644
+
+ ASM_PAX_OPEN_USERLAND
ASM_STAC
- cmpl $8,%edx
- jb 20f /* less then 8 bytes, go to byte copy loop */
-@@ -284,7 +260,9 @@ ENTRY(__copy_user_nocache)
- jnz 21b
- 23: xorl %eax,%eax
+
+ /* If size is less than 8 bytes, go to 4-byte copy */
+@@ -335,7 +311,9 @@ ENTRY(__copy_user_nocache)
+ .L_finish_copy:
+ xorl %eax,%eax
ASM_CLAC
+ ASM_PAX_CLOSE_USERLAND
sfence
@@ -32615,7 +32592,7 @@ index 903ec1e..41b4708 100644
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index eef44d9..79b0e58 100644
+index e830c71..96cfc3d 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,6 +14,8 @@
@@ -32755,7 +32732,7 @@ index eef44d9..79b0e58 100644
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
if (!pmd_k)
return -1;
-@@ -381,11 +451,25 @@ static noinline int vmalloc_fault(unsigned long address)
+@@ -382,11 +452,25 @@ static noinline int vmalloc_fault(unsigned long address)
* happen within a race in page table update. In the later
* case just flush:
*/
@@ -32782,7 +32759,7 @@ index eef44d9..79b0e58 100644
if (pgd_none(*pgd)) {
set_pgd(pgd, *pgd_ref);
arch_flush_lazy_mmu_mode();
-@@ -552,7 +636,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
+@@ -559,7 +643,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -32791,7 +32768,7 @@ index eef44d9..79b0e58 100644
return 1;
#endif
return 0;
-@@ -579,9 +663,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
+@@ -586,9 +670,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
}
static const char nx_warning[] = KERN_CRIT
@@ -32803,7 +32780,7 @@ index eef44d9..79b0e58 100644
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -590,7 +674,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
+@@ -597,7 +681,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
if (!oops_may_print())
return;
@@ -32812,7 +32789,7 @@ index eef44d9..79b0e58 100644
unsigned int level;
pgd_t *pgd;
pte_t *pte;
-@@ -601,13 +685,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
+@@ -608,13 +692,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
pte = lookup_address_in_pgd(pgd, address, &level);
if (pte && pte_present(*pte) && !pte_exec(*pte))
@@ -32840,7 +32817,7 @@ index eef44d9..79b0e58 100644
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -786,6 +882,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -793,6 +889,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
return;
}
#endif
@@ -32863,7 +32840,7 @@ index eef44d9..79b0e58 100644
/* Kernel addresses are always protection faults: */
if (address >= TASK_SIZE)
error_code |= PF_PROT;
-@@ -868,7 +980,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -875,7 +987,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -32872,7 +32849,7 @@ index eef44d9..79b0e58 100644
code = BUS_MCEERR_AR;
}
#endif
-@@ -920,6 +1032,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -927,6 +1039,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
@@ -32980,7 +32957,7 @@ index eef44d9..79b0e58 100644
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -1005,6 +1218,9 @@ int show_unhandled_signals = 1;
+@@ -1012,6 +1225,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
@@ -32990,7 +32967,7 @@ index eef44d9..79b0e58 100644
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1067,6 +1283,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1074,6 +1290,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
tsk = current;
mm = tsk->mm;
@@ -33013,7 +32990,7 @@ index eef44d9..79b0e58 100644
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1191,6 +1423,11 @@ retry:
+@@ -1198,6 +1430,11 @@ retry:
might_sleep();
}
@@ -33025,7 +33002,7 @@ index eef44d9..79b0e58 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1202,18 +1439,24 @@ retry:
+@@ -1209,18 +1446,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -33061,7 +33038,7 @@ index eef44d9..79b0e58 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1333,3 +1576,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1340,3 +1583,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
}
NOKPROBE_SYMBOL(trace_do_page_fault);
#endif /* CONFIG_TRACING */
@@ -34418,18 +34395,9 @@ index c3b3f65..5bfe5dc 100644
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index a3137a4..a2bb098 100644
+index db20ee9..a2bb098 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
-@@ -33,7 +33,7 @@ struct cpa_data {
- pgd_t *pgd;
- pgprot_t mask_set;
- pgprot_t mask_clr;
-- int numpages;
-+ unsigned long numpages;
- int flags;
- unsigned long pfn;
- unsigned force_split : 1;
@@ -259,7 +259,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
*/
#ifdef CONFIG_PCI_BIOS
@@ -34545,15 +34513,6 @@ index a3137a4..a2bb098 100644
cpa->flags |= CPA_FLUSHTLB;
}
cpa->numpages = 1;
-@@ -1345,7 +1377,7 @@ static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
- * CPA operation. Either a large page has been
- * preserved or a single page update happened.
- */
-- BUG_ON(cpa->numpages > numpages);
-+ BUG_ON(cpa->numpages > numpages || !cpa->numpages);
- numpages -= cpa->numpages;
- if (cpa->flags & (CPA_PAGES_ARRAY | CPA_ARRAY))
- cpa->curpage++;
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 188e3e0..5c75446 100644
--- a/arch/x86/mm/pat.c
@@ -46454,7 +46413,7 @@ index b9094e9..a4885c6 100644
This option enables code in the AMD IOMMU driver to collect various
statistics about whats happening in the driver and exports that
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
-index 8b2be1e..907a80f 100644
+index fc836f5..9802f00 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -695,11 +695,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu,
@@ -49160,7 +49119,7 @@ index 42cd270..b8ebb97 100644
const struct mxr_format **fmt_array;
/** size of format array */
diff --git a/drivers/media/platform/s5p-tv/mixer_grp_layer.c b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
-index db3163b..d7a6b4d 100644
+index db3163b2..d7a6b4d 100644
--- a/drivers/media/platform/s5p-tv/mixer_grp_layer.c
+++ b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
@@ -235,7 +235,7 @@ struct mxr_layer *mxr_graph_layer_create(struct mxr_device *mdev, int idx)
@@ -56751,7 +56710,7 @@ index dd8ad2a..5c5a30c 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
-index 21930c9..51a9e18 100644
+index c8115b4..c31cd19 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -813,7 +813,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
@@ -56866,7 +56825,7 @@ index e3cd3ec..00560ec 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 4e08d1cd..bd76e1b 100644
+index 84fa4c4..8333258 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -112,7 +112,7 @@ static int sd_resume(struct device *);
@@ -56897,7 +56856,7 @@ index 4e08d1cd..bd76e1b 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 503ab8b..fee54a1 100644
+index 5e82067..8f7c2cc 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1089,7 +1089,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -56910,7 +56869,7 @@ index 503ab8b..fee54a1 100644
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
-index 8bd54a6..58fa0d6 100644
+index 64c8674..0c13069 100644
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex);
@@ -56922,7 +56881,7 @@ index 8bd54a6..58fa0d6 100644
static int sr_runtime_suspend(struct device *dev);
static struct dev_pm_ops sr_pm_ops = {
-@@ -312,13 +312,13 @@ do_tur:
+@@ -315,13 +315,13 @@ do_tur:
* It will be notified on the end of a SCSI read / write, and will take one
* of several actions based on success or failure.
*/
@@ -56941,7 +56900,7 @@ index 8bd54a6..58fa0d6 100644
struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
#ifdef DEBUG
-@@ -351,9 +351,12 @@ static int sr_done(struct scsi_cmnd *SCpnt)
+@@ -354,9 +354,12 @@ static int sr_done(struct scsi_cmnd *SCpnt)
if (cd->device->sector_size == 2048)
error_sector <<= 2;
error_sector &= ~(block_sectors - 1);
@@ -58262,10 +58221,10 @@ index cf000b3..63baffa 100644
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index a45660f..8aca6ee 100644
+index 78e9836..021d40e 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -860,8 +860,10 @@ static void __init unix98_pty_init(void)
+@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void)
panic("Couldn't register Unix98 pts driver");
/* Now create the /dev/ptmx special device */
@@ -59873,10 +59832,10 @@ index c2d6520..04853a9 100644
/* Device for a quirk */
#define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
-index dca0a46..f07e636 100644
+index 776d59c..ae87b88 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
-@@ -4851,7 +4851,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
+@@ -4853,7 +4853,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
int retval;
/* Accept arbitrarily long scatter-gather lists */
@@ -60217,7 +60176,7 @@ index c42ce2f..4c8bc59 100644
"PCI",
"PRO AGP",
diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c
-index f34ed47..026367f 100644
+index f34ed47f..026367f 100644
--- a/drivers/video/fbdev/aty/atyfb_base.c
+++ b/drivers/video/fbdev/aty/atyfb_base.c
@@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info)
@@ -77285,7 +77244,7 @@ index 35489e7..fac96ff 100644
/* No matter the commit succeeds or not*/
int log_transid_committed;
diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
-index e0941fb..a8126a4 100644
+index 02b934d..a8126a4 100644
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node,
@@ -77315,25 +77274,8 @@ index e0941fb..a8126a4 100644
ret = btrfs_wq_run_delayed_node(delayed_root, fs_info, 0);
if (ret)
-@@ -1694,7 +1694,7 @@ int btrfs_should_delete_dir_index(struct list_head *del_list,
- *
- */
- int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
-- struct list_head *ins_list)
-+ struct list_head *ins_list, bool *emitted)
- {
- struct btrfs_dir_item *di;
- struct btrfs_delayed_item *curr, *next;
-@@ -1738,6 +1738,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
-
- if (over)
- return 1;
-+ *emitted = true;
- }
- return 0;
- }
diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h
-index f70119f..b7d2bb4 100644
+index 0167853c..b7d2bb4 100644
--- a/fs/btrfs/delayed-inode.h
+++ b/fs/btrfs/delayed-inode.h
@@ -43,7 +43,7 @@ struct btrfs_delayed_root {
@@ -77354,15 +77296,6 @@ index f70119f..b7d2bb4 100644
delayed_root->nodes = 0;
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
-@@ -144,7 +144,7 @@ void btrfs_put_delayed_items(struct list_head *ins_list,
- int btrfs_should_delete_dir_index(struct list_head *del_list,
- u64 index);
- int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
-- struct list_head *ins_list);
-+ struct list_head *ins_list, bool *emitted);
-
- /* for init */
- int __init btrfs_delayed_inode_init(void);
diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c
index e06dd75a..22221aa 100644
--- a/fs/btrfs/delayed-ref.c
@@ -77386,7 +77319,7 @@ index e06dd75a..22221aa 100644
/* first set the basic ref node struct up */
atomic_set(&ref->refs, 1);
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
-index 974be09..87ba00a 100644
+index 0ddca67..ddd9880 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1263,7 +1263,7 @@ static void __setup_root(u32 nodesize, u32 sectorsize, u32 stripesize,
@@ -77398,7 +77331,7 @@ index 974be09..87ba00a 100644
atomic_set(&root->orphan_inodes, 0);
atomic_set(&root->refs, 1);
atomic_set(&root->will_be_snapshoted, 0);
-@@ -2565,7 +2565,7 @@ int open_ctree(struct super_block *sb,
+@@ -2564,7 +2564,7 @@ int open_ctree(struct super_block *sb,
atomic_set(&fs_info->nr_async_bios, 0);
atomic_set(&fs_info->defrag_running, 0);
atomic_set(&fs_info->qgroup_op_seq, 0);
@@ -77455,56 +77388,6 @@ index 0f09526..000f57d 100644
/*
* If the last transaction that changed this file was before the current
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index a70c579..e31fac2 100644
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -5741,6 +5741,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
- char *name_ptr;
- int name_len;
- int is_curr = 0; /* ctx->pos points to the current index? */
-+ bool emitted;
-
- /* FIXME, use a real flag for deciding about the key type */
- if (root->fs_info->tree_root == root)
-@@ -5769,6 +5770,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
- if (ret < 0)
- goto err;
-
-+ emitted = false;
- while (1) {
- leaf = path->nodes[0];
- slot = path->slots[0];
-@@ -5848,6 +5850,7 @@ skip:
-
- if (over)
- goto nopos;
-+ emitted = true;
- di_len = btrfs_dir_name_len(leaf, di) +
- btrfs_dir_data_len(leaf, di) + sizeof(*di);
- di_cur += di_len;
-@@ -5860,11 +5863,20 @@ next:
- if (key_type == BTRFS_DIR_INDEX_KEY) {
- if (is_curr)
- ctx->pos++;
-- ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list);
-+ ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list, &emitted);
- if (ret)
- goto nopos;
- }
-
-+ /*
-+ * If we haven't emitted any dir entry, we must not touch ctx->pos as
-+ * it was was set to the termination value in previous call. We assume
-+ * that "." and ".." were emitted if we reach this point and set the
-+ * termination value as well for an empty directory.
-+ */
-+ if (ctx->pos > 2 && !emitted)
-+ goto nopos;
-+
- /* Reached end of directory/root. Bump pos past the last item. */
- ctx->pos++;
-
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index 1a33d3e..4830234 100644
--- a/fs/btrfs/raid56.c
@@ -77781,7 +77664,7 @@ index 6916a78..4598936 100644
static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
-index a23399e..bfac130 100644
+index 9e08447..e21fee0 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -231,7 +231,7 @@ static struct btrfs_device *__alloc_device(void)
@@ -77829,7 +77712,7 @@ index a23399e..bfac130 100644
if (atomic_dec_and_test(&bbio->stripes_pending)) {
/* Shoud be the original bio. */
WARN_ON(bio != bbio->orig_bio);
-@@ -6768,10 +6768,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
+@@ -6776,10 +6776,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device))
continue;
@@ -78125,7 +78008,7 @@ index f446afa..0ad3b8e 100644
sb->s_bdi = &fsc->backing_dev_info;
return err;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index 7febcf2..62a5721 100644
+index 50b2684..aa33a91 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -269,8 +269,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
@@ -79771,7 +79654,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index b06623a..784136d 100644
+index b06623a..d1a8125 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -80062,7 +79945,27 @@ index b06623a..784136d 100644
if (ret)
ret = -EFAULT;
-@@ -790,8 +866,10 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
+@@ -761,6 +837,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
+ {
+ struct file *file;
+ int err;
++ int unsafe_flags = 0;
+ struct open_flags open_exec_flags = {
+ .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,
+ .acc_mode = MAY_EXEC | MAY_OPEN,
+@@ -786,12 +863,22 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
+ if (path_noexec(&file->f_path))
+ goto exit;
+
++ if (current->ptrace && !(current->ptrace & PT_PTRACE_CAP))
++ unsafe_flags = LSM_UNSAFE_PTRACE;
++
++ if (gr_ptrace_readexec(file, unsafe_flags)) {
++ err = -EPERM;
++ goto exit;
++ }
++
+ err = deny_write_access(file);
if (err)
goto exit;
@@ -80074,7 +79977,7 @@ index b06623a..784136d 100644
out:
return file;
-@@ -821,10 +899,13 @@ int kernel_read(struct file *file, loff_t offset,
+@@ -821,10 +908,13 @@ int kernel_read(struct file *file, loff_t offset,
loff_t pos = offset;
int result;
@@ -80089,7 +79992,7 @@ index b06623a..784136d 100644
set_fs(old_fs);
return result;
}
-@@ -869,6 +950,7 @@ static int exec_mmap(struct mm_struct *mm)
+@@ -869,6 +959,7 @@ static int exec_mmap(struct mm_struct *mm)
tsk->mm = mm;
tsk->active_mm = mm;
activate_mm(active_mm, mm);
@@ -80097,7 +80000,7 @@ index b06623a..784136d 100644
tsk->mm->vmacache_seqnum = 0;
vmacache_flush(tsk);
task_unlock(tsk);
-@@ -1277,7 +1359,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1277,7 +1368,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -80106,7 +80009,7 @@ index b06623a..784136d 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
p->fs->in_exec = 1;
-@@ -1478,6 +1560,31 @@ static int exec_binprm(struct linux_binprm *bprm)
+@@ -1478,6 +1569,31 @@ static int exec_binprm(struct linux_binprm *bprm)
return ret;
}
@@ -80138,7 +80041,7 @@ index b06623a..784136d 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1486,6 +1593,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1486,6 +1602,11 @@ static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr envp,
int flags)
{
@@ -80150,7 +80053,7 @@ index b06623a..784136d 100644
char *pathbuf = NULL;
struct linux_binprm *bprm;
struct file *file;
-@@ -1495,6 +1607,8 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1495,6 +1616,8 @@ static int do_execveat_common(int fd, struct filename *filename,
if (IS_ERR(filename))
return PTR_ERR(filename);
@@ -80159,19 +80062,7 @@ index b06623a..784136d 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1532,6 +1646,11 @@ static int do_execveat_common(int fd, struct filename *filename,
- if (IS_ERR(file))
- goto out_unmark;
-
-+ if (gr_ptrace_readexec(file, bprm->unsafe)) {
-+ retval = -EPERM;
-+ goto out_unmark;
-+ }
-+
- sched_exec();
-
- bprm->file = file;
-@@ -1558,6 +1677,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1558,6 +1681,11 @@ static int do_execveat_common(int fd, struct filename *filename,
}
bprm->interp = bprm->filename;
@@ -80183,7 +80074,7 @@ index b06623a..784136d 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_unmark;
-@@ -1574,24 +1698,70 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1574,24 +1702,70 @@ static int do_execveat_common(int fd, struct filename *filename,
if (retval < 0)
goto out;
@@ -80258,7 +80149,7 @@ index b06623a..784136d 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1603,6 +1773,14 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1603,6 +1777,14 @@ static int do_execveat_common(int fd, struct filename *filename,
put_files_struct(displaced);
return retval;
@@ -80273,7 +80164,7 @@ index b06623a..784136d 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1749,3 +1927,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1931,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -80663,10 +80554,10 @@ index fa70848..57b36d2 100644
cleanup:
brelse(bh);
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index ec0668a..34bccf7 100644
+index fe1f50f..3f4c870 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -562,8 +562,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -563,8 +563,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (uid_eq(sbi->s_resuid, current_fsuid()) ||
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
@@ -80842,7 +80733,7 @@ index 61eaf74..01a829b 100644
return 0;
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index ad62d7a..b829af6 100644
+index 34038e3..322fe62 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -413,7 +413,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
@@ -82854,7 +82745,7 @@ index 3a31226..2fffbe9 100644
spin_unlock(&qd->qd_lockref.lock);
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index de4bdfa..1264061 100644
+index 595ebdb..1264061 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -174,6 +174,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
@@ -82894,41 +82785,7 @@ index de4bdfa..1264061 100644
info.high_limit = TASK_SIZE;
info.align_mask = PAGE_MASK & ~huge_page_mask(h);
info.align_offset = 0;
-@@ -463,6 +473,7 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end)
- */
- vma_interval_tree_foreach(vma, root, start, end ? end : ULONG_MAX) {
- unsigned long v_offset;
-+ unsigned long v_end;
-
- /*
- * Can the expression below overflow on 32-bit arches?
-@@ -475,15 +486,17 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end)
- else
- v_offset = 0;
-
-- if (end) {
-- end = ((end - start) << PAGE_SHIFT) +
-- vma->vm_start + v_offset;
-- if (end > vma->vm_end)
-- end = vma->vm_end;
-- } else
-- end = vma->vm_end;
-+ if (!end)
-+ v_end = vma->vm_end;
-+ else {
-+ v_end = ((end - vma->vm_pgoff) << PAGE_SHIFT)
-+ + vma->vm_start;
-+ if (v_end > vma->vm_end)
-+ v_end = vma->vm_end;
-+ }
-
-- unmap_hugepage_range(vma, vma->vm_start + v_offset, end, NULL);
-+ unmap_hugepage_range(vma, vma->vm_start + v_offset, v_end,
-+ NULL);
- }
- }
-
-@@ -1203,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = {
+@@ -1206,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = {
};
MODULE_ALIAS_FS("hugetlbfs");
@@ -84000,7 +83857,7 @@ index 646cdac..cdfa595 100644
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index c7e8b87..67b19ae 100644
+index 3e2071a..c09f4b6 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1284,16 +1284,16 @@ static int nfs_check_inode_attributes(struct inode *inode, struct nfs_fattr *fat
@@ -84645,10 +84502,10 @@ index b6f1e96..3108eed 100644
}
putname(tmp);
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
-index 0a89834..f2690df 100644
+index eff6319..d8a12987 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
-@@ -142,7 +142,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
+@@ -153,7 +153,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
res = inode->i_op->readlink(realdentry,
@@ -84658,10 +84515,10 @@ index 0a89834..f2690df 100644
if (res < 0) {
free_page((unsigned long) buf);
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
-index 4060ffd..2d8b5e8 100644
+index b29036a..dcce79c 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
-@@ -343,6 +343,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
+@@ -356,6 +356,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
if (d_is_dir(dentry))
return d_backing_inode(dentry);
@@ -84672,10 +84529,10 @@ index 4060ffd..2d8b5e8 100644
if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
err = ovl_want_write(dentry);
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
-index e38ee0f..6fc10e4 100644
+index f42c940..e5ae48a 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
-@@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
+@@ -173,7 +173,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
{
struct ovl_entry *oe = dentry->d_fsdata;
@@ -84684,7 +84541,7 @@ index e38ee0f..6fc10e4 100644
}
int ovl_want_write(struct dentry *dentry)
-@@ -880,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
+@@ -881,8 +881,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
static int ovl_fill_super(struct super_block *sb, void *data, int silent)
{
@@ -85145,7 +85002,7 @@ index 1ade120..a86f1a2 100644
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index d73291f..ab37ad1 100644
+index b6c00ce..ab37ad1 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
@@ -85203,7 +85060,7 @@ index d73291f..ab37ad1 100644
static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task, int whole)
{
-@@ -393,9 +424,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+@@ -393,6 +424,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
char tcomm[sizeof(task->comm)];
unsigned long flags;
@@ -85216,11 +85073,7 @@ index d73291f..ab37ad1 100644
+
state = *get_task_state(task);
vsize = eip = esp = 0;
-- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
-+ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
- mm = get_task_mm(task);
- if (mm) {
- vsize = task_vsize(mm);
+ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
@@ -463,6 +501,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
gtime = task_gtime(task);
}
@@ -85310,7 +85163,7 @@ index d73291f..ab37ad1 100644
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 4bd5d31..3f4c151 100644
+index b7de324..417bafe 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -113,6 +113,14 @@ struct pid_entry {
@@ -85353,8 +85206,7 @@ index 4bd5d31..3f4c151 100644
static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
-- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ);
-+ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
+ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
if (mm && !IS_ERR(mm)) {
unsigned int nwords = 0;
+
@@ -85379,25 +85231,18 @@ index 4bd5d31..3f4c151 100644
/*
* Provides a wchan file via kallsyms in a proper one-value-per-file format.
* Returns the resolved symbol. If that fails, simply return the address.
-@@ -430,7 +459,7 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
+@@ -430,8 +459,8 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
wchan = get_wchan(task);
-- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname))
-+ if (wchan && !lookup_symbol_name(wchan, symname) && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
+- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)
+- && !lookup_symbol_name(wchan, symname))
++ if (wchan && !lookup_symbol_name(wchan, symname)
++ && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
seq_printf(m, "%s", symname);
else
seq_putc(m, '0');
-@@ -444,7 +473,7 @@ static int lock_trace(struct task_struct *task)
- int err = mutex_lock_killable(&task->signal->cred_guard_mutex);
- if (err)
- return err;
-- if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
-+ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) {
- mutex_unlock(&task->signal->cred_guard_mutex);
- return -EPERM;
- }
-@@ -456,7 +485,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -457,7 +486,7 @@ static void unlock_trace(struct task_struct *task)
mutex_unlock(&task->signal->cred_guard_mutex);
}
@@ -85406,7 +85251,7 @@ index 4bd5d31..3f4c151 100644
#define MAX_STACK_TRACE_DEPTH 64
-@@ -654,7 +683,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
+@@ -655,7 +684,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
@@ -85415,7 +85260,7 @@ index 4bd5d31..3f4c151 100644
static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
-@@ -687,7 +716,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
+@@ -688,7 +717,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
/************************************************************************/
/* permission checks */
@@ -85424,11 +85269,11 @@ index 4bd5d31..3f4c151 100644
{
struct task_struct *task;
int allowed = 0;
-@@ -697,7 +726,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -698,7 +727,10 @@ static int proc_fd_access_allowed(struct inode *inode)
*/
task = get_proc_task(inode);
if (task) {
-- allowed = ptrace_may_access(task, PTRACE_MODE_READ);
+- allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
+ if (log)
+ allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
+ else
@@ -85436,7 +85281,7 @@ index 4bd5d31..3f4c151 100644
put_task_struct(task);
}
return allowed;
-@@ -728,11 +760,36 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+@@ -729,6 +761,30 @@ static bool has_pid_permissions(struct pid_namespace *pid,
struct task_struct *task,
int hide_pid_min)
{
@@ -85467,14 +85312,7 @@ index 4bd5d31..3f4c151 100644
if (pid->hide_pid < hide_pid_min)
return true;
if (in_group_p(pid->pid_gid))
- return true;
-- return ptrace_may_access(task, PTRACE_MODE_READ);
-+
-+ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
- }
-
-
-@@ -749,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+@@ -750,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
put_task_struct(task);
if (!has_perms) {
@@ -85486,12 +85324,10 @@ index 4bd5d31..3f4c151 100644
/*
* Let's make getdents(), stat(), and open()
* consistent with each other. If a process
-@@ -809,7 +870,11 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
- struct mm_struct *mm = ERR_PTR(-ESRCH);
+@@ -811,6 +871,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
if (task) {
-- mm = mm_access(task, mode);
-+ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
+ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
+ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
+ mmput(mm);
+ mm = ERR_PTR(-EPERM);
@@ -85499,7 +85335,7 @@ index 4bd5d31..3f4c151 100644
put_task_struct(task);
if (!IS_ERR_OR_NULL(mm)) {
-@@ -831,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -832,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
return PTR_ERR(mm);
file->private_data = mm;
@@ -85511,7 +85347,7 @@ index 4bd5d31..3f4c151 100644
return 0;
}
-@@ -852,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -853,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
@@ -85529,7 +85365,7 @@ index 4bd5d31..3f4c151 100644
if (!mm)
return 0;
-@@ -864,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -865,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
goto free;
while (count > 0) {
@@ -85538,7 +85374,7 @@ index 4bd5d31..3f4c151 100644
if (write && copy_from_user(page, buf, this_len)) {
copied = -EFAULT;
-@@ -956,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!mm)
return 0;
@@ -85552,7 +85388,7 @@ index 4bd5d31..3f4c151 100644
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
return -ENOMEM;
-@@ -965,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -966,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
goto free;
while (count > 0) {
size_t this_len, max_len;
@@ -85561,7 +85397,7 @@ index 4bd5d31..3f4c151 100644
if (src >= (mm->env_end - mm->env_start))
break;
-@@ -1571,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
+@@ -1572,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
int error = -EACCES;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -85570,7 +85406,7 @@ index 4bd5d31..3f4c151 100644
goto out;
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1615,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1616,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -85591,7 +85427,7 @@ index 4bd5d31..3f4c151 100644
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1666,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1667,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -85603,7 +85439,7 @@ index 4bd5d31..3f4c151 100644
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1702,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1703,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
return -ENOENT;
}
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -85623,7 +85459,7 @@ index 4bd5d31..3f4c151 100644
}
}
rcu_read_unlock();
-@@ -1743,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1744,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -85644,34 +85480,7 @@ index 4bd5d31..3f4c151 100644
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -1856,7 +1976,7 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags)
- if (!task)
- goto out_notask;
-
-- mm = mm_access(task, PTRACE_MODE_READ);
-+ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
- if (IS_ERR_OR_NULL(mm))
- goto out;
-
-@@ -2007,7 +2127,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir,
- goto out;
-
- result = -EACCES;
-- if (!ptrace_may_access(task, PTRACE_MODE_READ))
-+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
- goto out_put_task;
-
- result = -ENOENT;
-@@ -2060,7 +2180,7 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx)
- goto out;
-
- ret = -EACCES;
-- if (!ptrace_may_access(task, PTRACE_MODE_READ))
-+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
- goto out_put_task;
-
- ret = 0;
-@@ -2286,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2287,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -85681,7 +85490,7 @@ index 4bd5d31..3f4c151 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2316,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
+@@ -2317,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
if (!task)
return -ENOENT;
@@ -85691,16 +85500,17 @@ index 4bd5d31..3f4c151 100644
if (!dir_emit_dots(file, ctx))
goto out;
-@@ -2530,7 +2656,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh
- if (result)
- return result;
-
-- if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
-+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
- result = -EACCES;
- goto out_unlock;
- }
-@@ -2749,7 +2875,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2732,7 +2857,9 @@ static const struct inode_operations proc_task_inode_operations;
+ static const struct pid_entry tgid_base_stuff[] = {
+ DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
+ DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
++#ifndef CONFIG_GRKERNSEC
+ DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations),
++#endif
+ DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
+ DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
+ #ifdef CONFIG_NET
+@@ -2750,7 +2877,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -85709,7 +85519,7 @@ index 4bd5d31..3f4c151 100644
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
-@@ -2774,10 +2900,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2775,10 +2902,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -85722,7 +85532,7 @@ index 4bd5d31..3f4c151 100644
ONE("stack", S_IRUSR, proc_pid_stack),
#endif
#ifdef CONFIG_SCHED_INFO
-@@ -2811,6 +2937,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2812,6 +2939,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
ONE("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -85732,7 +85542,7 @@ index 4bd5d31..3f4c151 100644
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2943,7 +3072,14 @@ static int proc_pid_instantiate(struct inode *dir,
+@@ -2944,7 +3074,14 @@ static int proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -85747,7 +85557,7 @@ index 4bd5d31..3f4c151 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2981,7 +3117,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2982,7 +3119,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
@@ -85759,7 +85569,7 @@ index 4bd5d31..3f4c151 100644
put_task_struct(task);
out:
return ERR_PTR(result);
-@@ -3095,7 +3235,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3096,7 +3237,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -85768,7 +85578,7 @@ index 4bd5d31..3f4c151 100644
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
-@@ -3122,10 +3262,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3123,10 +3264,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -86166,28 +85976,6 @@ index 9155a5a..abe1823 100644
#endif
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
, K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) *
-diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
-index f6e8354..1b0ea4a 100644
---- a/fs/proc/namespaces.c
-+++ b/fs/proc/namespaces.c
-@@ -42,7 +42,7 @@ static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie)
- if (!task)
- return error;
-
-- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
-+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
- error = ns_get_path(&ns_path, task, ns_ops);
- if (!error)
- nd_jump_link(&ns_path);
-@@ -63,7 +63,7 @@ static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int bufl
- if (!task)
- return res;
-
-- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
-+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
- res = ns_get_name(name, sizeof(name), task, ns_ops);
- if (res >= 0)
- res = readlink_copy(buffer, buflen, name);
diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
index f8595e8..e0d13cbd 100644
--- a/fs/proc/nommu.c
@@ -86623,7 +86411,7 @@ index 510413eb..34d9a8c 100644
seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 187b3b5..709bb98 100644
+index 09cd3ed..862cbb3 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -14,12 +14,19 @@
@@ -86791,7 +86579,7 @@ index 187b3b5..709bb98 100644
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1517,6 +1568,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1518,6 +1569,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
char buffer[64];
int nid;
@@ -86805,7 +86593,7 @@ index 187b3b5..709bb98 100644
if (!mm)
return 0;
-@@ -1531,11 +1589,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1532,11 +1590,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
}
@@ -95397,10 +95185,10 @@ index 0000000..39645c9
+}
diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
new file mode 100644
-index 0000000..21646aa
+index 0000000..9c6684d
--- /dev/null
+++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,304 @@
+@@ -0,0 +1,291 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <asm/uaccess.h>
@@ -95567,19 +95355,6 @@ index 0000000..21646aa
+ return ret;
+}
+
-+static int
-+proc_is_setxid(const struct cred *cred)
-+{
-+ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) ||
-+ !uid_eq(cred->uid, cred->fsuid))
-+ return 1;
-+ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) ||
-+ !gid_eq(cred->gid, cred->fsgid))
-+ return 1;
-+
-+ return 0;
-+}
-+
+extern int gr_fake_force_sig(int sig, struct task_struct *t);
+
+void
@@ -95615,7 +95390,7 @@ index 0000000..21646aa
+ time_after(curr->expires, get_seconds())) {
+ rcu_read_lock();
+ cred = __task_cred(task);
-+ if (gr_is_global_nonroot(cred->uid) && proc_is_setxid(cred)) {
++ if (gr_is_global_nonroot(cred->uid) && is_privileged_binary(task->mm->exe_file->f_path.dentry)) {
+ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
+ spin_lock(&gr_uid_lock);
+ gr_insert_uid(cred->uid, curr->expires);
@@ -97969,7 +97744,7 @@ index 0000000..304c518
+}
diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
new file mode 100644
-index 0000000..f50742d
+index 0000000..a2b8b8f
--- /dev/null
+++ b/grsecurity/grsec_sig.c
@@ -0,0 +1,245 @@
@@ -98066,7 +97841,8 @@ index 0000000..f50742d
+ rcu_read_lock();
+ read_lock(&tasklist_lock);
+ read_lock(&grsec_exec_file_lock);
-+ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) {
++ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file) &&
++ !is_privileged_binary(p->mm->exe_file->f_path.dentry)) {
+ p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME;
+ p->real_parent->brute = 1;
+ daemon = 1;
@@ -98211,8 +97987,7 @@ index 0000000..f50742d
+ if (sugid_ban_expired(user))
+ return 0;
+ /* disallow execution of suid/sgid binaries only */
-+ else if (!uid_eq(bprm->cred->euid, current->cred->uid) ||
-+ !gid_eq(bprm->cred->egid, current->cred->gid))
++ else if (is_privileged_binary(bprm->file->f_path.dentry))
+ return -EPERM;
+ }
+#endif
@@ -100375,6 +100150,19 @@ index 8609d57..86e4d79 100644
/* handle uniform packets for scsi type devices (scsi,atapi) */
int (*generic_packet) (struct cdrom_device_info *,
struct packet_command *);
+diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
+index 06b77f9d..d08b456 100644
+--- a/include/linux/cgroup-defs.h
++++ b/include/linux/cgroup-defs.h
+@@ -407,7 +407,7 @@ struct cftype {
+ #ifdef CONFIG_DEBUG_LOCK_ALLOC
+ struct lock_class_key lockdep_key;
+ #endif
+-};
++} __do_const;
+
+ /*
+ * Control Group subsystem type.
diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h
index bda5ec0b4..51d8ea1 100644
--- a/include/linux/cleancache.h
@@ -100486,7 +100274,7 @@ index 22ab246..bfa81b0 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 4dac103..0e2c40f 100644
+index 6fc9a6d..8ad4c2b 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,11 +5,14 @@
@@ -102809,6 +102597,48 @@ index bb3f329..9daed55 100644
static inline void zero_user_segments(struct page *page,
unsigned start1, unsigned end1,
unsigned start2, unsigned end2)
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
+index 685c262..5d42d36 100644
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -317,7 +317,7 @@ struct hstate {
+ unsigned int surplus_huge_pages_node[MAX_NUMNODES];
+ #ifdef CONFIG_CGROUP_HUGETLB
+ /* cgroup control files */
+- struct cftype cgroup_files[5];
++ struct cftype (*cgroup_files)[5];
+ #endif
+ char name[HSTATE_NAME_LEN];
+ };
+diff --git a/include/linux/hugetlb_cgroup.h b/include/linux/hugetlb_cgroup.h
+index 24154c2..43ac947 100644
+--- a/include/linux/hugetlb_cgroup.h
++++ b/include/linux/hugetlb_cgroup.h
+@@ -26,6 +26,13 @@ struct hugetlb_cgroup;
+
+ #ifdef CONFIG_CGROUP_HUGETLB
+
++enum {
++ RES_USAGE,
++ RES_LIMIT,
++ RES_MAX_USAGE,
++ RES_FAILCNT,
++};
++
+ static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
+ {
+ VM_BUG_ON_PAGE(!PageHuge(page), page);
+@@ -64,6 +71,10 @@ extern void hugetlb_cgroup_file_init(void) __init;
+ extern void hugetlb_cgroup_migrate(struct page *oldhpage,
+ struct page *newhpage);
+
++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, struct cftype *cft);
++
+ #else
+ static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
+ {
diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h
index 1c7b89a..7dda400 100644
--- a/include/linux/hwmon-sysfs.h
@@ -104789,41 +104619,6 @@ index 12c4865..2cd7c41 100644
extern struct psci_operations psci_ops;
-diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 061265f..504c98a 100644
---- a/include/linux/ptrace.h
-+++ b/include/linux/ptrace.h
-@@ -57,7 +57,29 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead);
- #define PTRACE_MODE_READ 0x01
- #define PTRACE_MODE_ATTACH 0x02
- #define PTRACE_MODE_NOAUDIT 0x04
--/* Returns true on success, false on denial. */
-+#define PTRACE_MODE_FSCREDS 0x08
-+#define PTRACE_MODE_REALCREDS 0x10
-+
-+/* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */
-+#define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS)
-+#define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS)
-+#define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS)
-+#define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS)
-+
-+/**
-+ * ptrace_may_access - check whether the caller is permitted to access
-+ * a target task.
-+ * @task: target task
-+ * @mode: selects type of access and caller credentials
-+ *
-+ * Returns true on success, false on denial.
-+ *
-+ * One of the flags PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS must
-+ * be set in @mode to specify whether the access was requested through
-+ * a filesystem syscall (should use effective capabilities and fsuid
-+ * of the caller) or through an explicit syscall such as
-+ * process_vm_writev or ptrace (and should use the real credentials).
-+ */
- extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
-
- static inline int ptrace_reparented(struct task_struct *child)
diff --git a/include/linux/quota.h b/include/linux/quota.h
index b2505ac..5f7ab55 100644
--- a/include/linux/quota.h
@@ -104837,52 +104632,6 @@ index b2505ac..5f7ab55 100644
extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid);
extern bool qid_valid(struct kqid qid);
-diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h
-index 33170db..5d5174b 100644
---- a/include/linux/radix-tree.h
-+++ b/include/linux/radix-tree.h
-@@ -370,12 +370,28 @@ void **radix_tree_next_chunk(struct radix_tree_root *root,
- struct radix_tree_iter *iter, unsigned flags);
-
- /**
-+ * radix_tree_iter_retry - retry this chunk of the iteration
-+ * @iter: iterator state
-+ *
-+ * If we iterate over a tree protected only by the RCU lock, a race
-+ * against deletion or creation may result in seeing a slot for which
-+ * radix_tree_deref_retry() returns true. If so, call this function
-+ * and continue the iteration.
-+ */
-+static inline __must_check
-+void **radix_tree_iter_retry(struct radix_tree_iter *iter)
-+{
-+ iter->next_index = iter->index;
-+ return NULL;
-+}
-+
-+/**
- * radix_tree_chunk_size - get current chunk size
- *
- * @iter: pointer to radix tree iterator
- * Returns: current chunk size
- */
--static __always_inline unsigned
-+static __always_inline long
- radix_tree_chunk_size(struct radix_tree_iter *iter)
- {
- return iter->next_index - iter->index;
-@@ -409,9 +425,9 @@ radix_tree_next_slot(void **slot, struct radix_tree_iter *iter, unsigned flags)
- return slot + offset + 1;
- }
- } else {
-- unsigned size = radix_tree_chunk_size(iter) - 1;
-+ long size = radix_tree_chunk_size(iter);
-
-- while (size--) {
-+ while (--size > 0) {
- slot++;
- iter->index++;
- if (likely(*slot))
diff --git a/include/linux/random.h b/include/linux/random.h
index a75840c..e7c4305 100644
--- a/include/linux/random.h
@@ -105141,10 +104890,10 @@ index cde976e..ebd6033 100644
#define RIO_RESOURCE_MEM 0x00000100
#define RIO_RESOURCE_DOORBELL 0x00000200
diff --git a/include/linux/rmap.h b/include/linux/rmap.h
-index 29446ae..2a70d02 100644
+index ddda2ac..4c6b6e1 100644
--- a/include/linux/rmap.h
+++ b/include/linux/rmap.h
-@@ -149,8 +149,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
+@@ -135,8 +135,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
void anon_vma_init(void); /* create anon_vma_cachep */
int anon_vma_prepare(struct vm_area_struct *);
void unlink_anon_vmas(struct vm_area_struct *);
@@ -107917,7 +107666,7 @@ index f80e74c..1e64f3c 100644
struct inet_skb_parm h4;
#if IS_ENABLED(CONFIG_IPV6)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index d6f6e50..a173aa7 100644
+index d6f6e50..6fea29e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -284,7 +284,6 @@ struct xfrm_dst;
@@ -107964,6 +107713,15 @@ index d6f6e50..a173aa7 100644
u32 priority;
u32 index;
struct xfrm_mark mark;
+@@ -603,7 +602,7 @@ struct xfrm_mgr {
+ int num_bundles,
+ const struct xfrm_kmaddress *k);
+ bool (*is_alive)(const struct km_event *c);
+-};
++} __do_const;
+
+ int xfrm_register_km(struct xfrm_mgr *km);
+ int xfrm_unregister_km(struct xfrm_mgr *km);
@@ -1172,6 +1171,7 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
}
@@ -109206,7 +108964,7 @@ index b471e5a..cb0c603 100644
/*
diff --git a/ipc/shm.c b/ipc/shm.c
-index 4178727..b22c4d0 100644
+index 3174634..215d679 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -72,9 +72,17 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -109228,7 +108986,7 @@ index 4178727..b22c4d0 100644
ns->shm_ctlall = SHMALL;
ns->shm_ctlmni = SHMMNI;
ns->shm_rmid_forced = 0;
-@@ -555,6 +563,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -588,6 +596,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
@@ -109238,7 +108996,7 @@ index 4178727..b22c4d0 100644
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -1098,6 +1109,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1131,6 +1142,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
f_mode = FMODE_READ | FMODE_WRITE;
}
if (shmflg & SHM_EXEC) {
@@ -109251,7 +109009,7 @@ index 4178727..b22c4d0 100644
prot |= PROT_EXEC;
acc_mode |= S_IXUGO;
}
-@@ -1122,6 +1139,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1155,6 +1172,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
if (err)
goto out_unlock;
@@ -109267,7 +109025,7 @@ index 4178727..b22c4d0 100644
ipc_lock_object(&shp->shm_perm);
/* check if shm_destroy() is tearing down shp */
-@@ -1134,6 +1160,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1167,6 +1193,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
path = shp->shm_file->f_path;
path_get(&path);
shp->shm_nattch++;
@@ -109277,7 +109035,7 @@ index 4178727..b22c4d0 100644
size = i_size_read(d_inode(path.dentry));
ipc_unlock_object(&shp->shm_perm);
rcu_read_unlock();
-@@ -1332,7 +1361,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
+@@ -1365,7 +1394,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
{
struct user_namespace *user_ns = seq_user_ns(s);
@@ -109548,10 +109306,92 @@ index 45432b5..988f1e4 100644
+}
+EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 470f653..1aa51fc 100644
+index 470f653..5ea1e67 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5725,6 +5725,9 @@ static void cgroup_release_agent(struct work_struct *work)
+@@ -3345,7 +3345,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
+ key = &cft->lockdep_key;
+ #endif
+ kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
+- cgroup_file_mode(cft), 0, cft->kf_ops, cft,
++ cgroup_file_mode(cft), 0, cft->kf_ops, (void *)cft,
+ NULL, key);
+ if (IS_ERR(kn))
+ return PTR_ERR(kn);
+@@ -3449,11 +3449,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts)
+ /* free copy for custom atomic_write_len, see init_cftypes() */
+ if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
+ kfree(cft->kf_ops);
+- cft->kf_ops = NULL;
+- cft->ss = NULL;
++
++ pax_open_kernel();
++ *(void **)&cft->kf_ops = NULL;
++ *(void **)&cft->ss = NULL;
+
+ /* revert flags set by cgroup core while adding @cfts */
+- cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
++ *(unsigned int *)&cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
++ pax_close_kernel();
+ }
+ }
+
+@@ -3484,8 +3487,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
+ kf_ops->atomic_write_len = cft->max_write_len;
+ }
+
+- cft->kf_ops = kf_ops;
+- cft->ss = ss;
++ pax_open_kernel();
++ *(void **)&cft->kf_ops = kf_ops;
++ *(void **)&cft->ss = ss;
++ pax_close_kernel();
+ }
+
+ return 0;
+@@ -3498,7 +3503,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts)
+ if (!cfts || !cfts[0].ss)
+ return -ENOENT;
+
+- list_del(&cfts->node);
++ pax_list_del((struct list_head *)&cfts->node);
+ cgroup_apply_cftypes(cfts, false);
+ cgroup_exit_cftypes(cfts);
+ return 0;
+@@ -3555,7 +3560,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
+
+ mutex_lock(&cgroup_mutex);
+
+- list_add_tail(&cfts->node, &ss->cfts);
++ pax_list_add_tail((struct list_head *)&cfts->node, &ss->cfts);
+ ret = cgroup_apply_cftypes(cfts, true);
+ if (ret)
+ cgroup_rm_cftypes_locked(cfts);
+@@ -3576,8 +3581,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
+ {
+ struct cftype *cft;
+
++ pax_open_kernel();
+ for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
+- cft->flags |= __CFTYPE_ONLY_ON_DFL;
++ *(unsigned int *)&cft->flags |= __CFTYPE_ONLY_ON_DFL;
++ pax_close_kernel();
+ return cgroup_add_cftypes(ss, cfts);
+ }
+
+@@ -3593,8 +3600,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
+ {
+ struct cftype *cft;
+
++ pax_open_kernel();
+ for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
+- cft->flags |= __CFTYPE_NOT_ON_DFL;
++ *(unsigned int *)&cft->flags |= __CFTYPE_NOT_ON_DFL;
++ pax_close_kernel();
+ return cgroup_add_cftypes(ss, cfts);
+ }
+
+@@ -5725,6 +5734,9 @@ static void cgroup_release_agent(struct work_struct *work)
if (!pathbuf || !agentbuf)
goto out;
@@ -109561,7 +109401,7 @@ index 470f653..1aa51fc 100644
path = cgroup_path(cgrp, pathbuf, PATH_MAX);
if (!path)
goto out;
-@@ -5900,7 +5903,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
+@@ -5900,7 +5912,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
struct task_struct *task;
int count = 0;
@@ -109980,7 +109820,7 @@ index 41213454..861e178 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index cfc227c..d0f51f0 100644
+index 1087bbe..d0f51f0 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -175,8 +175,15 @@ static struct srcu_struct pmus_srcu;
@@ -110018,15 +109858,6 @@ index cfc227c..d0f51f0 100644
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -3434,7 +3441,7 @@ find_lively_task_by_vpid(pid_t vpid)
-
- /* Reuse ptrace permission checks for now. */
- err = -EACCES;
-- if (!ptrace_may_access(task, PTRACE_MODE_READ))
-+ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
- goto errout;
-
- return task;
@@ -3898,9 +3905,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
total += perf_event_count(event);
@@ -110820,7 +110651,7 @@ index 1155eac..0c9bd1f 100644
int threads = max_threads;
int min = MIN_THREADS;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 684d754..ef2bb0f 100644
+index 461c72b..b4f4bd8 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -202,7 +202,7 @@ struct futex_pi_state {
@@ -110862,16 +110693,7 @@ index 684d754..ef2bb0f 100644
pagefault_disable();
ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
-@@ -2881,7 +2886,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
- }
-
- ret = -EPERM;
-- if (!ptrace_may_access(p, PTRACE_MODE_READ))
-+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
- goto err_unlock;
-
- head = p->robust_list;
-@@ -3131,6 +3136,7 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3136,6 +3141,7 @@ static void __init futex_detect_cmpxchg(void)
{
#ifndef CONFIG_HAVE_FUTEX_CMPXCHG
u32 curval;
@@ -110879,7 +110701,7 @@ index 684d754..ef2bb0f 100644
/*
* This will fail and we want it. Some arch implementations do
-@@ -3142,8 +3148,11 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3147,8 +3153,11 @@ static void __init futex_detect_cmpxchg(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -110892,7 +110714,7 @@ index 684d754..ef2bb0f 100644
}
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
-index 55c8c93..5adee02 100644
+index 4ae3232..5adee02 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
@@ -110904,15 +110726,6 @@ index 55c8c93..5adee02 100644
compat_long_t futex_offset)
{
compat_uptr_t base = ptr_to_compat(entry);
-@@ -155,7 +155,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
- }
-
- ret = -EPERM;
-- if (!ptrace_may_access(p, PTRACE_MODE_READ))
-+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
- goto err_unlock;
-
- head = p->compat_robust_list;
diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
index 7080ae1..c9b3761 100644
--- a/kernel/gcov/base.c
@@ -111147,7 +110960,7 @@ index 5c5987f..bc502b0 100644
type, iter->name, iter->module_name);
} else
diff --git a/kernel/kcmp.c b/kernel/kcmp.c
-index 0aa69ea..bcb17e3 100644
+index 3a47fa9..bcb17e3 100644
--- a/kernel/kcmp.c
+++ b/kernel/kcmp.c
@@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
@@ -111161,17 +110974,6 @@ index 0aa69ea..bcb17e3 100644
rcu_read_lock();
/*
-@@ -122,8 +126,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
- &task2->signal->cred_guard_mutex);
- if (ret)
- goto err;
-- if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
-- !ptrace_may_access(task2, PTRACE_MODE_READ)) {
-+ if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) ||
-+ !ptrace_may_access(task2, PTRACE_MODE_READ_REALCREDS)) {
- ret = -EPERM;
- goto err_unlock;
- }
diff --git a/kernel/kexec.c b/kernel/kexec.c
index d873b64..61f7c59 100644
--- a/kernel/kexec.c
@@ -111637,7 +111439,7 @@ index 0551c21..f753f95 100644
debug_mutex_free_waiter(&waiter);
mutex_release(&lock->dep_map, 1, ip);
diff --git a/kernel/module.c b/kernel/module.c
-index 38c7bd5..e1be102 100644
+index 14833e6..659a51a 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -59,6 +59,7 @@
@@ -112567,7 +112369,7 @@ index 38c7bd5..e1be102 100644
module_deallocate(mod, info);
free_copy:
-@@ -3655,10 +3841,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3660,10 +3846,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -112587,7 +112389,7 @@ index 38c7bd5..e1be102 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3905,7 +4097,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3909,7 +4101,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
@@ -112596,7 +112398,7 @@ index 38c7bd5..e1be102 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3914,7 +4106,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3918,7 +4110,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading" :
"Live");
/* Used by oprofile and other similar tools. */
@@ -112605,7 +112407,7 @@ index 38c7bd5..e1be102 100644
/* Taints info */
if (mod->taints)
-@@ -3950,7 +4142,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3954,7 +4146,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -112623,7 +112425,7 @@ index 38c7bd5..e1be102 100644
return 0;
}
module_init(proc_modules_init);
-@@ -4011,7 +4213,8 @@ struct module *__module_address(unsigned long addr)
+@@ -4015,7 +4217,8 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -112633,7 +112435,7 @@ index 38c7bd5..e1be102 100644
return NULL;
module_assert_mutex_or_preempt();
-@@ -4054,11 +4257,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -4058,11 +4261,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -112977,10 +112779,10 @@ index 99513e1..0caa643 100644
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index b760bae..fe8f48d 100644
+index 3189e51..fcc8509 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -207,18 +207,46 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
+@@ -207,12 +207,32 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
return ret;
}
@@ -113016,65 +112818,16 @@ index b760bae..fe8f48d 100644
}
/* Returns 0 on success, -errno on denial. */
- static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- {
- const struct cred *cred = current_cred(), *tcred;
-+ kuid_t caller_uid;
-+ kgid_t caller_gid;
-+ int dumpable = 0;
-+
-+ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
-+ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
-+ return -EPERM;
-+ }
-
- /* May we inspect the given task?
- * This check is used both for attaching with ptrace
-@@ -228,20 +256,35 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- * because setting up the necessary parent/child relationship
- * or halting the specified task is impossible.
- */
-- int dumpable = 0;
-+
- /* Don't let security modules deny introspection */
- if (same_thread_group(task, current))
- return 0;
- rcu_read_lock();
-+ if (mode & PTRACE_MODE_FSCREDS) {
-+ caller_uid = cred->fsuid;
-+ caller_gid = cred->fsgid;
-+ } else {
-+ /*
-+ * Using the euid would make more sense here, but something
-+ * in userland might rely on the old behavior, and this
-+ * shouldn't be a security problem since
-+ * PTRACE_MODE_REALCREDS implies that the caller explicitly
-+ * used a syscall that requests access to another process
-+ * (and not a filesystem syscall to procfs).
-+ */
-+ caller_uid = cred->uid;
-+ caller_gid = cred->gid;
-+ }
- tcred = __task_cred(task);
-- if (uid_eq(cred->uid, tcred->euid) &&
-- uid_eq(cred->uid, tcred->suid) &&
-- uid_eq(cred->uid, tcred->uid) &&
-- gid_eq(cred->gid, tcred->egid) &&
-- gid_eq(cred->gid, tcred->sgid) &&
-- gid_eq(cred->gid, tcred->gid))
-+ if (uid_eq(caller_uid, tcred->euid) &&
-+ uid_eq(caller_uid, tcred->suid) &&
-+ uid_eq(caller_uid, tcred->uid) &&
-+ gid_eq(caller_gid, tcred->egid) &&
-+ gid_eq(caller_gid, tcred->sgid) &&
-+ gid_eq(caller_gid, tcred->gid))
+@@ -264,7 +284,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
+ gid_eq(caller_gid, tcred->sgid) &&
+ gid_eq(caller_gid, tcred->gid))
goto ok;
- if (ptrace_has_cap(tcred->user_ns, mode))
+ if (ptrace_has_cap(tcred, mode))
goto ok;
rcu_read_unlock();
return -EPERM;
-@@ -252,7 +295,7 @@ ok:
+@@ -275,7 +295,7 @@ ok:
dumpable = get_dumpable(task->mm);
rcu_read_lock();
if (dumpable != SUID_DUMP_USER &&
@@ -113083,16 +112836,7 @@ index b760bae..fe8f48d 100644
rcu_read_unlock();
return -EPERM;
}
-@@ -306,7 +349,7 @@ static int ptrace_attach(struct task_struct *task, long request,
- goto out;
-
- task_lock(task);
-- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
-+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
- task_unlock(task);
- if (retval)
- goto unlock_creds;
-@@ -321,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request,
+@@ -344,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request,
if (seize)
flags |= PT_SEIZED;
rcu_read_lock();
@@ -113101,7 +112845,7 @@ index b760bae..fe8f48d 100644
flags |= PT_PTRACE_CAP;
rcu_read_unlock();
task->ptrace = flags;
-@@ -514,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -537,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
@@ -113110,7 +112854,7 @@ index b760bae..fe8f48d 100644
return -EFAULT;
copied += retval;
src += retval;
-@@ -815,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -838,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
@@ -113119,7 +112863,7 @@ index b760bae..fe8f48d 100644
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -1066,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -1089,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
@@ -113142,7 +112886,7 @@ index b760bae..fe8f48d 100644
goto out_put_task_struct;
}
-@@ -1101,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -1124,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
@@ -113151,7 +112895,7 @@ index b760bae..fe8f48d 100644
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1194,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
+@@ -1217,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
}
COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
@@ -113160,7 +112904,7 @@ index b760bae..fe8f48d 100644
{
struct task_struct *child;
long ret;
-@@ -1210,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
+@@ -1233,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
goto out;
}
@@ -114261,7 +114005,7 @@ index 479e443..66d845e1 100644
.thread_should_run = ksoftirqd_should_run,
.thread_fn = run_ksoftirqd,
diff --git a/kernel/sys.c b/kernel/sys.c
-index 6af9212..e1f1adf 100644
+index 78947de..cb182d1 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -160,6 +160,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -114915,7 +114659,7 @@ index f5e86d2..33a4099 100644
.clock_get = thread_cpu_clock_get,
.timer_create = thread_cpu_timer_create,
diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
-index 31d11ac..5a3bb13 100644
+index f2826c3..c8d9d80 100644
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -43,6 +43,7 @@
@@ -116229,7 +115973,7 @@ index 62a698a..32327d08 100644
u32 high = divisor >> 32;
u64 quot;
diff --git a/lib/dma-debug.c b/lib/dma-debug.c
-index d34bd24..77b953c 100644
+index 4a1515f4..baea985 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -982,7 +982,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
@@ -116695,7 +116439,7 @@ index 6111bcb..02e816b 100644
static DECLARE_WAIT_QUEUE_HEAD(percpu_ref_switch_waitq);
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
-index fcf5d98..4811f49 100644
+index 6b79e90..4811f49 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -68,7 +68,7 @@ struct radix_tree_preload {
@@ -116707,36 +116451,6 @@ index fcf5d98..4811f49 100644
static inline void *ptr_to_indirect(void *ptr)
{
-@@ -1019,9 +1019,13 @@ radix_tree_gang_lookup(struct radix_tree_root *root, void **results,
- return 0;
-
- radix_tree_for_each_slot(slot, root, &iter, first_index) {
-- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot));
-+ results[ret] = rcu_dereference_raw(*slot);
- if (!results[ret])
- continue;
-+ if (radix_tree_is_indirect_ptr(results[ret])) {
-+ slot = radix_tree_iter_retry(&iter);
-+ continue;
-+ }
- if (++ret == max_items)
- break;
- }
-@@ -1098,9 +1102,13 @@ radix_tree_gang_lookup_tag(struct radix_tree_root *root, void **results,
- return 0;
-
- radix_tree_for_each_tagged(slot, root, &iter, first_index, tag) {
-- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot));
-+ results[ret] = rcu_dereference_raw(*slot);
- if (!results[ret])
- continue;
-+ if (radix_tree_is_indirect_ptr(results[ret])) {
-+ slot = radix_tree_iter_retry(&iter);
-+ continue;
-+ }
- if (++ret == max_items)
- break;
- }
diff --git a/lib/random32.c b/lib/random32.c
index 1211191..63e8a83 100644
--- a/lib/random32.c
@@ -117188,10 +116902,72 @@ index 123bcd3..c2c85db 100644
pkmap_count[last_pkmap_nr] = 1;
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index ef6963b..753a1e6 100644
+index ef6963b..09c45dc 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2780,6 +2780,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+@@ -39,7 +39,60 @@ int hugepages_treat_as_movable;
+
+ int hugetlb_max_hstate __read_mostly;
+ unsigned int default_hstate_idx;
+-struct hstate hstates[HUGE_MAX_HSTATE];
++
++#ifdef CONFIG_CGROUP_HUGETLB
++static struct cftype hugetlb_files[HUGE_MAX_HSTATE][5] = {
++# define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
++# define CFTYPE_INIT(idx) \
++ { /* Add the limit file */ \
++ [0] = { .private = MEMFILE_PRIVATE(idx, RES_LIMIT), \
++ .read_u64 = hugetlb_cgroup_read_u64, \
++ .write = hugetlb_cgroup_write, }, \
++ /* Add the usage file */ \
++ [1] = { .private = MEMFILE_PRIVATE(idx, RES_USAGE), \
++ .read_u64 = hugetlb_cgroup_read_u64, }, \
++ /* Add the MAX usage file */ \
++ [2] = { .private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE), \
++ .write = hugetlb_cgroup_reset, \
++ .read_u64 = hugetlb_cgroup_read_u64, }, \
++ /* Add the failcntfile */ \
++ [3] = { .private = MEMFILE_PRIVATE(idx, RES_FAILCNT), \
++ .write = hugetlb_cgroup_reset, \
++ .read_u64 = hugetlb_cgroup_read_u64, }, \
++ [4] = { /* NULL terminator */ }, \
++ }
++
++# if HUGE_MAX_HSTATE > 0
++ [0] = CFTYPE_INIT(0),
++# endif
++# if HUGE_MAX_HSTATE > 1
++ [1] = CFTYPE_INIT(1),
++# endif
++# if HUGE_MAX_HSTATE > 2
++# error PaX: add more initializers...
++# endif
++
++# undef CFTYPE_INIT
++};
++#endif
++
++struct hstate hstates[HUGE_MAX_HSTATE] = {
++#ifdef CONFIG_CGROUP_HUGETLB
++# define HSTATE_INIT(idx) [idx] = { .cgroup_files = &hugetlb_files[idx] }
++
++# if HUGE_MAX_HSTATE > 0
++ HSTATE_INIT(0),
++# endif
++# if HUGE_MAX_HSTATE > 1
++ HSTATE_INIT(1),
++# endif
++# if HUGE_MAX_HSTATE > 2
++# error PaX: add more initializers...
++# endif
++
++# undef HSTATE_INIT
++#endif
++};
+ /*
+ * Minimum page order among possible hugepage sizes, set to a proper value
+ * at boot time.
+@@ -2780,6 +2833,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
struct ctl_table *table, int write,
void __user *buffer, size_t *length, loff_t *ppos)
{
@@ -117199,7 +116975,7 @@ index ef6963b..753a1e6 100644
struct hstate *h = &default_hstate;
unsigned long tmp = h->max_huge_pages;
int ret;
-@@ -2787,9 +2788,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+@@ -2787,9 +2841,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
if (!hugepages_supported())
return -ENOTSUPP;
@@ -117213,7 +116989,7 @@ index ef6963b..753a1e6 100644
if (ret)
goto out;
-@@ -2824,6 +2826,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+@@ -2824,6 +2879,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
struct hstate *h = &default_hstate;
unsigned long tmp;
int ret;
@@ -117221,7 +116997,7 @@ index ef6963b..753a1e6 100644
if (!hugepages_supported())
return -ENOTSUPP;
-@@ -2833,9 +2836,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+@@ -2833,9 +2889,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
if (write && hstate_is_gigantic(h))
return -EINVAL;
@@ -117235,7 +117011,7 @@ index ef6963b..753a1e6 100644
if (ret)
goto out;
-@@ -3341,6 +3345,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3341,6 +3398,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
i_mmap_unlock_write(mapping);
}
@@ -117263,7 +117039,7 @@ index ef6963b..753a1e6 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -3454,6 +3479,11 @@ retry_avoidcopy:
+@@ -3454,6 +3532,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -117275,7 +117051,7 @@ index ef6963b..753a1e6 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -3627,6 +3657,10 @@ retry:
+@@ -3627,6 +3710,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -117286,7 +117062,7 @@ index ef6963b..753a1e6 100644
hugetlb_count_add(pages_per_huge_page(h), mm);
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
-@@ -3695,6 +3729,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3695,6 +3782,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
struct address_space *mapping;
int need_wait_lock = 0;
@@ -117297,7 +117073,7 @@ index ef6963b..753a1e6 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -3712,6 +3750,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3712,6 +3803,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return VM_FAULT_OOM;
}
@@ -117324,6 +117100,112 @@ index ef6963b..753a1e6 100644
mapping = vma->vm_file->f_mapping;
idx = vma_hugecache_offset(h, vma, address);
+diff --git a/mm/hugetlb_cgroup.c b/mm/hugetlb_cgroup.c
+index d8fb10d..8606223 100644
+--- a/mm/hugetlb_cgroup.c
++++ b/mm/hugetlb_cgroup.c
+@@ -27,7 +27,6 @@ struct hugetlb_cgroup {
+ struct page_counter hugepage[HUGE_MAX_HSTATE];
+ };
+
+-#define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
+ #define MEMFILE_IDX(val) (((val) >> 16) & 0xffff)
+ #define MEMFILE_ATTR(val) ((val) & 0xffff)
+
+@@ -238,14 +237,7 @@ void hugetlb_cgroup_uncharge_cgroup(int idx, unsigned long nr_pages,
+ return;
+ }
+
+-enum {
+- RES_USAGE,
+- RES_LIMIT,
+- RES_MAX_USAGE,
+- RES_FAILCNT,
+-};
+-
+-static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
+ struct cftype *cft)
+ {
+ struct page_counter *counter;
+@@ -269,7 +261,7 @@ static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
+
+ static DEFINE_MUTEX(hugetlb_limit_mutex);
+
+-static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
+ char *buf, size_t nbytes, loff_t off)
+ {
+ int ret, idx;
+@@ -299,7 +291,7 @@ static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
+ return ret ?: nbytes;
+ }
+
+-static ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
+ char *buf, size_t nbytes, loff_t off)
+ {
+ int ret = 0;
+@@ -335,46 +327,26 @@ static char *mem_fmt(char *buf, int size, unsigned long hsize)
+
+ static void __init __hugetlb_cgroup_file_init(int idx)
+ {
++ char names[4][MAX_CFTYPE_NAME];
+ char buf[32];
+- struct cftype *cft;
+ struct hstate *h = &hstates[idx];
+
+ /* format the size */
+ mem_fmt(buf, 32, huge_page_size(h));
+-
+- /* Add the limit file */
+- cft = &h->cgroup_files[0];
+- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
+- cft->private = MEMFILE_PRIVATE(idx, RES_LIMIT);
+- cft->read_u64 = hugetlb_cgroup_read_u64;
+- cft->write = hugetlb_cgroup_write;
+-
+- /* Add the usage file */
+- cft = &h->cgroup_files[1];
+- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
+- cft->private = MEMFILE_PRIVATE(idx, RES_USAGE);
+- cft->read_u64 = hugetlb_cgroup_read_u64;
+-
+- /* Add the MAX usage file */
+- cft = &h->cgroup_files[2];
+- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
+- cft->private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE);
+- cft->write = hugetlb_cgroup_reset;
+- cft->read_u64 = hugetlb_cgroup_read_u64;
+-
+- /* Add the failcntfile */
+- cft = &h->cgroup_files[3];
+- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.failcnt", buf);
+- cft->private = MEMFILE_PRIVATE(idx, RES_FAILCNT);
+- cft->write = hugetlb_cgroup_reset;
+- cft->read_u64 = hugetlb_cgroup_read_u64;
+-
+- /* NULL terminate the last cft */
+- cft = &h->cgroup_files[4];
+- memset(cft, 0, sizeof(*cft));
++ snprintf(names[0], MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
++ snprintf(names[1], MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
++ snprintf(names[2], MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
++ snprintf(names[3], MAX_CFTYPE_NAME, "%s.failcnt", buf);
++
++ pax_open_kernel();
++ strncpy((void *)h->cgroup_files[0]->name, names[0], MAX_CFTYPE_NAME);
++ strncpy((void *)h->cgroup_files[1]->name, names[1], MAX_CFTYPE_NAME);
++ strncpy((void *)h->cgroup_files[2]->name, names[2], MAX_CFTYPE_NAME);
++ strncpy((void *)h->cgroup_files[3]->name, names[3], MAX_CFTYPE_NAME);
++ pax_close_kernel();
+
+ WARN_ON(cgroup_add_legacy_cftypes(&hugetlb_cgrp_subsys,
+- h->cgroup_files));
++ *h->cgroup_files));
+ }
+
+ void __init hugetlb_cgroup_file_init(void)
diff --git a/mm/internal.h b/mm/internal.h
index 38e24b8..73ff43d 100644
--- a/mm/internal.h
@@ -117468,7 +117350,7 @@ index c889fcb..f181221 100644
if (end == start)
return error;
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index fc10620..cfa8635 100644
+index ee6acd2..e83259e 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -809,7 +809,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
@@ -117499,7 +117381,7 @@ index fc10620..cfa8635 100644
}
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 8424b64..4bc9d7d 100644
+index 750b789..b1b1b59 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -64,7 +64,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -118293,7 +118175,7 @@ index 7890d0b..00200c6 100644
err = -EPERM;
goto out;
diff --git a/mm/mlock.c b/mm/mlock.c
-index 339d9e0..03bc5fa 100644
+index d6006b1..a72cbda 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -14,6 +14,7 @@
@@ -118390,7 +118272,7 @@ index fdadf91..5f527d1 100644
.priority = IPC_CALLBACK_PRI, /* use lowest priority */
};
diff --git a/mm/mmap.c b/mm/mmap.c
-index 2ce04a6..c085c24 100644
+index 455772a..5ce0964 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -42,6 +42,7 @@
@@ -118486,7 +118368,7 @@ index 2ce04a6..c085c24 100644
mm->end_data, mm->start_data))
goto out;
-@@ -973,6 +1002,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
+@@ -977,6 +1006,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
pgoff_t vm_pgoff,
struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
{
@@ -118499,7 +118381,7 @@ index 2ce04a6..c085c24 100644
if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
if (vma->vm_pgoff == vm_pgoff)
-@@ -994,6 +1029,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
+@@ -998,6 +1033,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
pgoff_t vm_pgoff,
struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
{
@@ -118512,7 +118394,7 @@ index 2ce04a6..c085c24 100644
if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
pgoff_t vm_pglen;
-@@ -1044,6 +1085,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1048,6 +1089,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *area, *next;
int err;
@@ -118526,7 +118408,7 @@ index 2ce04a6..c085c24 100644
/*
* We later require that vma->vm_flags == vm_flags,
* so this tests vma->vm_flags & VM_SPECIAL, too.
-@@ -1059,6 +1107,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1063,6 +1111,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
if (next && next->vm_end == end) /* cases 6, 7, 8 */
next = next->vm_next;
@@ -118542,7 +118424,7 @@ index 2ce04a6..c085c24 100644
/*
* Can it merge with the predecessor?
*/
-@@ -1081,9 +1138,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1085,9 +1142,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
/* cases 1, 6 */
err = vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL);
@@ -118568,7 +118450,7 @@ index 2ce04a6..c085c24 100644
if (err)
return NULL;
khugepaged_enter_vma_merge(prev, vm_flags);
-@@ -1098,12 +1170,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1102,12 +1174,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
can_vma_merge_before(next, vm_flags,
anon_vma, file, pgoff+pglen,
vm_userfaultfd_ctx)) {
@@ -118598,7 +118480,7 @@ index 2ce04a6..c085c24 100644
if (err)
return NULL;
khugepaged_enter_vma_merge(area, vm_flags);
-@@ -1212,8 +1299,10 @@ none:
+@@ -1216,8 +1303,10 @@ none:
void vm_stat_account(struct mm_struct *mm, unsigned long flags,
struct file *file, long pages)
{
@@ -118611,7 +118493,7 @@ index 2ce04a6..c085c24 100644
mm->total_vm += pages;
-@@ -1221,7 +1310,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
+@@ -1225,7 +1314,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
mm->shared_vm += pages;
if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
mm->exec_vm += pages;
@@ -118620,7 +118502,7 @@ index 2ce04a6..c085c24 100644
mm->stack_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -1251,6 +1340,10 @@ static inline int mlock_future_check(struct mm_struct *mm,
+@@ -1255,6 +1344,10 @@ static inline int mlock_future_check(struct mm_struct *mm,
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
@@ -118631,7 +118513,7 @@ index 2ce04a6..c085c24 100644
if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}
-@@ -1278,7 +1371,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
+@@ -1282,7 +1375,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
@@ -118640,7 +118522,7 @@ index 2ce04a6..c085c24 100644
if (!(file && path_noexec(&file->f_path)))
prot |= PROT_EXEC;
-@@ -1301,7 +1394,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
+@@ -1305,7 +1398,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
@@ -118649,7 +118531,7 @@ index 2ce04a6..c085c24 100644
if (offset_in_page(addr))
return addr;
-@@ -1312,6 +1405,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
+@@ -1316,6 +1409,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
vm_flags |= calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
@@ -118693,7 +118575,7 @@ index 2ce04a6..c085c24 100644
if (flags & MAP_LOCKED)
if (!can_do_mlock())
return -EPERM;
-@@ -1399,6 +1529,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
+@@ -1403,6 +1533,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
vm_flags |= VM_NORESERVE;
}
@@ -118703,7 +118585,7 @@ index 2ce04a6..c085c24 100644
addr = mmap_region(file, addr, len, vm_flags, pgoff);
if (!IS_ERR_VALUE(addr) &&
((vm_flags & VM_LOCKED) ||
-@@ -1492,7 +1625,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
+@@ -1496,7 +1629,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
const struct vm_operations_struct *vm_ops = vma->vm_ops;
/* If it was private or non-writable, the write bit is already clear */
@@ -118712,7 +118594,7 @@ index 2ce04a6..c085c24 100644
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1543,7 +1676,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1547,7 +1680,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
struct rb_node **rb_link, *rb_parent;
unsigned long charged = 0;
@@ -118735,7 +118617,7 @@ index 2ce04a6..c085c24 100644
if (!may_expand_vm(mm, len >> PAGE_SHIFT)) {
unsigned long nr_pages;
-@@ -1565,6 +1713,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1569,6 +1717,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
&rb_parent)) {
if (do_munmap(mm, addr, len))
return -ENOMEM;
@@ -118743,7 +118625,7 @@ index 2ce04a6..c085c24 100644
}
/*
-@@ -1596,6 +1745,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1600,6 +1749,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
goto unacct_error;
}
@@ -118760,7 +118642,7 @@ index 2ce04a6..c085c24 100644
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1626,6 +1785,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1630,6 +1789,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
if (error)
goto unmap_and_free_vma;
@@ -118774,7 +118656,7 @@ index 2ce04a6..c085c24 100644
/* Can addr have changed??
*
* Answer: Yes, several device drivers can do it in their
-@@ -1644,6 +1810,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1648,6 +1814,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
}
vma_link(mm, vma, prev, rb_link, rb_parent);
@@ -118787,7 +118669,7 @@ index 2ce04a6..c085c24 100644
/* Once vma denies write, undo our temporary denial count */
if (file) {
if (vm_flags & VM_SHARED)
-@@ -1656,6 +1828,7 @@ out:
+@@ -1660,6 +1832,7 @@ out:
perf_event_mmap(vma);
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -118795,7 +118677,7 @@ index 2ce04a6..c085c24 100644
if (vm_flags & VM_LOCKED) {
if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
vma == get_gate_vma(current->mm)))
-@@ -1693,6 +1866,12 @@ allow_write_and_free_vma:
+@@ -1697,6 +1870,12 @@ allow_write_and_free_vma:
if (vm_flags & VM_DENYWRITE)
allow_write_access(file);
free_vma:
@@ -118808,7 +118690,7 @@ index 2ce04a6..c085c24 100644
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1700,7 +1879,63 @@ unacct_error:
+@@ -1704,7 +1883,63 @@ unacct_error:
return error;
}
@@ -118873,7 +118755,7 @@ index 2ce04a6..c085c24 100644
{
/*
* We implement the search by looking for an rbtree node that
-@@ -1748,11 +1983,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
+@@ -1752,11 +1987,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
}
}
@@ -118904,7 +118786,7 @@ index 2ce04a6..c085c24 100644
if (gap_end >= low_limit && gap_end - gap_start >= length)
goto found;
-@@ -1802,7 +2055,7 @@ found:
+@@ -1806,7 +2059,7 @@ found:
return gap_start;
}
@@ -118913,7 +118795,7 @@ index 2ce04a6..c085c24 100644
{
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
-@@ -1856,6 +2109,24 @@ check_current:
+@@ -1860,6 +2113,24 @@ check_current:
gap_end = vma->vm_start;
if (gap_end < low_limit)
return -ENOMEM;
@@ -118938,7 +118820,7 @@ index 2ce04a6..c085c24 100644
if (gap_start <= high_limit && gap_end - gap_start >= length)
goto found;
-@@ -1919,6 +2190,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1923,6 +2194,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
struct vm_unmapped_area_info info;
@@ -118946,7 +118828,7 @@ index 2ce04a6..c085c24 100644
if (len > TASK_SIZE - mmap_min_addr)
return -ENOMEM;
-@@ -1926,11 +2198,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1930,11 +2202,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
@@ -118963,7 +118845,7 @@ index 2ce04a6..c085c24 100644
return addr;
}
-@@ -1939,6 +2215,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1943,6 +2219,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
info.low_limit = mm->mmap_base;
info.high_limit = TASK_SIZE;
info.align_mask = 0;
@@ -118971,7 +118853,7 @@ index 2ce04a6..c085c24 100644
return vm_unmapped_area(&info);
}
#endif
-@@ -1957,6 +2234,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1961,6 +2238,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
struct mm_struct *mm = current->mm;
unsigned long addr = addr0;
struct vm_unmapped_area_info info;
@@ -118979,7 +118861,7 @@ index 2ce04a6..c085c24 100644
/* requested length too big for entire address space */
if (len > TASK_SIZE - mmap_min_addr)
-@@ -1965,12 +2243,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1969,12 +2247,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
@@ -118997,7 +118879,7 @@ index 2ce04a6..c085c24 100644
return addr;
}
-@@ -1979,6 +2261,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1983,6 +2265,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
info.low_limit = max(PAGE_SIZE, mmap_min_addr);
info.high_limit = mm->mmap_base;
info.align_mask = 0;
@@ -119005,7 +118887,7 @@ index 2ce04a6..c085c24 100644
addr = vm_unmapped_area(&info);
/*
-@@ -1991,6 +2274,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1995,6 +2278,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -119018,7 +118900,7 @@ index 2ce04a6..c085c24 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
-@@ -2090,6 +2379,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+@@ -2094,6 +2383,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
return vma;
}
@@ -119047,7 +118929,7 @@ index 2ce04a6..c085c24 100644
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -2107,8 +2418,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2111,8 +2422,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
/* Stack limit test */
actual_size = size;
@@ -119057,7 +118939,7 @@ index 2ce04a6..c085c24 100644
if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -2119,6 +2429,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2123,6 +2433,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = READ_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -119068,7 +118950,7 @@ index 2ce04a6..c085c24 100644
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -2144,38 +2458,49 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2148,17 +2462,21 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -119078,46 +118960,38 @@ index 2ce04a6..c085c24 100644
int expand_upwards(struct vm_area_struct *vma, unsigned long address)
{
struct mm_struct *mm = vma->vm_mm;
- int error;
+ int error = 0;
+ bool locknext;
if (!(vma->vm_flags & VM_GROWSUP))
return -EFAULT;
-+ /* Also guard against wrapping around to address 0. */
+ /* Guard against wrapping around to address 0. */
+- if (address < PAGE_ALIGN(address+4))
+- address = PAGE_ALIGN(address+4);
+ if (address < PAGE_ALIGN(address+1))
+ address = PAGE_ALIGN(address+1);
-+ else
-+ return -ENOMEM;
-+
- /*
- * We must make sure the anon_vma is allocated
- * so that the anon_vma locking is not a noop.
- */
+ else
+ return -ENOMEM;
+
+@@ -2166,15 +2484,24 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
if (unlikely(anon_vma_prepare(vma)))
return -ENOMEM;
+
+ locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
+ if (locknext && anon_vma_prepare(vma->vm_next))
+ return -ENOMEM;
- vma_lock_anon_vma(vma);
-+ if (locknext)
-+ vma_lock_anon_vma(vma->vm_next);
-
++
/*
* vma->vm_start/vm_end cannot change under us because the caller
* is required to hold the mmap_sem in read mode. We need the
- * anon_vma lock to serialize against concurrent expand_stacks.
-- * Also guard against wrapping around to address 0.
+ * anon_vma locks to serialize against concurrent expand_stacks
+ * and expand_upwards.
*/
-- if (address < PAGE_ALIGN(address+4))
-- address = PAGE_ALIGN(address+4);
-- else {
-- vma_unlock_anon_vma(vma);
-- return -ENOMEM;
-- }
- error = 0;
+ anon_vma_lock_write(vma->anon_vma);
++ if (locknext)
++ anon_vma_lock_write(vma->vma_next->anon_vma);
/* Somebody else might have raced and expanded it already */
- if (address > vma->vm_end) {
@@ -119127,27 +119001,27 @@ index 2ce04a6..c085c24 100644
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -2214,6 +2539,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2213,6 +2540,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
+ if (locknext)
-+ vma_unlock_anon_vma(vma->vm_next);
- vma_unlock_anon_vma(vma);
++ anon_vma_unlock_write(vma->vm_next->anon_vma);
+ anon_vma_unlock_write(vma->anon_vma);
khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(mm);
-@@ -2229,6 +2556,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2228,6 +2557,8 @@ int expand_downwards(struct vm_area_struct *vma,
{
struct mm_struct *mm = vma->vm_mm;
int error;
+ bool lockprev = false;
+ struct vm_area_struct *prev;
- /*
- * We must make sure the anon_vma is allocated
-@@ -2242,6 +2571,15 @@ int expand_downwards(struct vm_area_struct *vma,
- if (error)
- return error;
+ address &= PAGE_MASK;
+ error = security_mmap_addr(address);
+@@ -2238,6 +2569,15 @@ int expand_downwards(struct vm_area_struct *vma,
+ if (unlikely(anon_vma_prepare(vma)))
+ return -ENOMEM;
+ prev = vma->vm_prev;
+#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
@@ -119156,13 +119030,13 @@ index 2ce04a6..c085c24 100644
+ if (lockprev && anon_vma_prepare(prev))
+ return -ENOMEM;
+ if (lockprev)
-+ vma_lock_anon_vma(prev);
++ anon_vma_lock_write(prev->anon_vma);
+
- vma_lock_anon_vma(vma);
-
/*
-@@ -2251,9 +2589,17 @@ int expand_downwards(struct vm_area_struct *vma,
- */
+ * vma->vm_start/vm_end cannot change under us because the caller
+ * is required to hold the mmap_sem in read mode. We need the
+@@ -2246,9 +2586,17 @@ int expand_downwards(struct vm_area_struct *vma,
+ anon_vma_lock_write(vma->anon_vma);
/* Somebody else might have raced and expanded it already */
- if (address < vma->vm_start) {
@@ -119180,7 +119054,7 @@ index 2ce04a6..c085c24 100644
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -2282,13 +2628,27 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2277,13 +2625,27 @@ int expand_downwards(struct vm_area_struct *vma,
vma->vm_pgoff -= grow;
anon_vma_interval_tree_post_update_vma(vma);
vma_gap_update(vma);
@@ -119202,13 +119076,13 @@ index 2ce04a6..c085c24 100644
}
}
}
- vma_unlock_anon_vma(vma);
+ anon_vma_unlock_write(vma->anon_vma);
+ if (lockprev)
-+ vma_unlock_anon_vma(prev);
++ anon_vma_unlock_write(prev->anon_vma);
khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(mm);
return error;
-@@ -2388,6 +2748,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2383,6 +2745,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
@@ -119222,7 +119096,7 @@ index 2ce04a6..c085c24 100644
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2432,6 +2799,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2427,6 +2796,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
@@ -119239,7 +119113,7 @@ index 2ce04a6..c085c24 100644
vma_rb_erase(vma, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -2459,14 +2836,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2454,14 +2833,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
struct vm_area_struct *new;
int err;
@@ -119273,7 +119147,7 @@ index 2ce04a6..c085c24 100644
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -2479,6 +2875,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2474,6 +2872,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
@@ -119296,7 +119170,7 @@ index 2ce04a6..c085c24 100644
err = vma_dup_policy(vma, new);
if (err)
goto out_free_vma;
-@@ -2499,6 +2911,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2494,6 +2908,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
@@ -119335,7 +119209,7 @@ index 2ce04a6..c085c24 100644
/* Success. */
if (!err)
return 0;
-@@ -2508,10 +2952,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2503,10 +2949,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
new->vm_ops->close(new);
if (new->vm_file)
fput(new->vm_file);
@@ -119355,7 +119229,7 @@ index 2ce04a6..c085c24 100644
kmem_cache_free(vm_area_cachep, new);
return err;
}
-@@ -2523,6 +2975,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2518,6 +2972,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
@@ -119371,7 +119245,7 @@ index 2ce04a6..c085c24 100644
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2534,11 +2995,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2529,11 +2992,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
@@ -119402,7 +119276,7 @@ index 2ce04a6..c085c24 100644
if ((offset_in_page(start)) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2616,6 +3096,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2611,6 +3093,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
@@ -119411,7 +119285,7 @@ index 2ce04a6..c085c24 100644
return 0;
}
-@@ -2624,6 +3106,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2619,6 +3103,13 @@ int vm_munmap(unsigned long start, size_t len)
int ret;
struct mm_struct *mm = current->mm;
@@ -119425,7 +119299,7 @@ index 2ce04a6..c085c24 100644
down_write(&mm->mmap_sem);
ret = do_munmap(mm, start, len);
up_write(&mm->mmap_sem);
-@@ -2670,6 +3159,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2665,6 +3156,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
down_write(&mm->mmap_sem);
vma = find_vma(mm, start);
@@ -119437,7 +119311,7 @@ index 2ce04a6..c085c24 100644
if (!vma || !(vma->vm_flags & VM_SHARED))
goto out;
-@@ -2706,16 +3200,6 @@ out:
+@@ -2725,16 +3221,6 @@ out:
return ret;
}
@@ -119454,7 +119328,7 @@ index 2ce04a6..c085c24 100644
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2729,6 +3213,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2748,6 +3234,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node **rb_link, *rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
@@ -119462,7 +119336,7 @@ index 2ce04a6..c085c24 100644
len = PAGE_ALIGN(len);
if (!len)
-@@ -2736,10 +3221,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2755,10 +3242,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
@@ -119487,7 +119361,7 @@ index 2ce04a6..c085c24 100644
error = mlock_future_check(mm, mm->def_flags, len);
if (error)
return error;
-@@ -2757,16 +3256,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2776,16 +3277,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
&rb_parent)) {
if (do_munmap(mm, addr, len))
return -ENOMEM;
@@ -119507,7 +119381,7 @@ index 2ce04a6..c085c24 100644
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2780,7 +3280,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2799,7 +3301,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
@@ -119516,7 +119390,7 @@ index 2ce04a6..c085c24 100644
return -ENOMEM;
}
-@@ -2794,10 +3294,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2813,10 +3315,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
@@ -119530,7 +119404,7 @@ index 2ce04a6..c085c24 100644
return addr;
}
-@@ -2859,6 +3360,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2878,6 +3381,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += vma_pages(vma);
@@ -119538,7 +119412,7 @@ index 2ce04a6..c085c24 100644
vma = remove_vma(vma);
}
vm_unacct_memory(nr_accounted);
-@@ -2873,6 +3375,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2892,6 +3396,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
struct vm_area_struct *prev;
struct rb_node **rb_link, *rb_parent;
@@ -119549,7 +119423,7 @@ index 2ce04a6..c085c24 100644
if (find_vma_links(mm, vma->vm_start, vma->vm_end,
&prev, &rb_link, &rb_parent))
return -ENOMEM;
-@@ -2880,6 +3386,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2899,6 +3407,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
@@ -119559,7 +119433,7 @@ index 2ce04a6..c085c24 100644
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2897,7 +3406,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2916,7 +3427,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
vma->vm_pgoff = vma->vm_start >> PAGE_SHIFT;
}
@@ -119581,7 +119455,7 @@ index 2ce04a6..c085c24 100644
return 0;
}
-@@ -2916,6 +3439,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2935,6 +3460,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct rb_node **rb_link, *rb_parent;
bool faulted_in_anon_vma = true;
@@ -119590,7 +119464,7 @@ index 2ce04a6..c085c24 100644
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2982,6 +3507,39 @@ out:
+@@ -3001,6 +3528,39 @@ out:
return NULL;
}
@@ -119630,7 +119504,7 @@ index 2ce04a6..c085c24 100644
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2993,6 +3551,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -3012,6 +3572,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
@@ -119642,7 +119516,7 @@ index 2ce04a6..c085c24 100644
if (cur + npages > lim)
return 0;
return 1;
-@@ -3067,6 +3630,22 @@ static struct vm_area_struct *__install_special_mapping(
+@@ -3086,6 +3651,22 @@ static struct vm_area_struct *__install_special_mapping(
vma->vm_start = addr;
vma->vm_end = addr + len;
@@ -120250,7 +120124,7 @@ index 8a943b9..29d8b8d 100644
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index e88d071..4043093 100644
+index 5d453e5..4043093 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -13,6 +13,7 @@
@@ -120288,20 +120162,18 @@ index e88d071..4043093 100644
}
if (nr_pages == 0)
-@@ -194,7 +195,12 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
+@@ -194,6 +195,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
goto free_proc_pages;
}
-- mm = mm_access(task, PTRACE_MODE_ATTACH);
+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
+ rc = -EPERM;
+ goto put_task_struct;
+ }
+
-+ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
+ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
- /*
diff --git a/mm/rmap.c b/mm/rmap.c
index b577fbb..ccd4d4e 100644
--- a/mm/rmap.c
@@ -130218,7 +130090,7 @@ index b5e665b..3030b1d 100644
}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
-index 9895a8c..e1f3bfb 100644
+index 9895a8c..705c302 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -166,12 +166,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
@@ -130325,6 +130197,24 @@ index 9895a8c..e1f3bfb 100644
} while (!res);
return res;
+@@ -1883,7 +1890,7 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
+ int xfrm_register_km(struct xfrm_mgr *km)
+ {
+ spin_lock_bh(&xfrm_km_lock);
+- list_add_tail_rcu(&km->list, &xfrm_km_list);
++ pax_list_add_tail_rcu((struct list_head *)&km->list, &xfrm_km_list);
+ spin_unlock_bh(&xfrm_km_lock);
+ return 0;
+ }
+@@ -1892,7 +1899,7 @@ EXPORT_SYMBOL(xfrm_register_km);
+ int xfrm_unregister_km(struct xfrm_mgr *km)
+ {
+ spin_lock_bh(&xfrm_km_lock);
+- list_del_rcu(&km->list);
++ pax_list_del_rcu((struct list_head *)&km->list);
+ spin_unlock_bh(&xfrm_km_lock);
+ synchronize_rcu();
+ return 0;
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
index 05a6e3d..6716ec9 100644
--- a/net/xfrm/xfrm_sysctl.c
@@ -132425,29 +132315,10 @@ index 705c287..81257f1 100644
/* freed below */
name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
diff --git a/security/commoncap.c b/security/commoncap.c
-index 1832cf7..b805e0f 100644
+index 48071ed..b805e0f 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
- {
- int ret = 0;
- const struct cred *cred, *child_cred;
-+ const kernel_cap_t *caller_caps;
-
- rcu_read_lock();
- cred = current_cred();
- child_cred = __task_cred(child);
-+ if (mode & PTRACE_MODE_FSCREDS)
-+ caller_caps = &cred->cap_effective;
-+ else
-+ caller_caps = &cred->cap_permitted;
- if (cred->user_ns == child_cred->user_ns &&
-- cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
-+ cap_issubset(child_cred->cap_permitted, *caller_caps))
- goto out;
- if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
- goto out;
-@@ -433,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
+@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
return 0;
}
@@ -132480,7 +132351,7 @@ index 1832cf7..b805e0f 100644
/*
* Attempt to get the on-exec apply capability sets for an executable file from
* its xattrs and, if present, apply them to the proposed credentials being
-@@ -623,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
const struct cred *cred = current_cred();
kuid_t root_uid = make_kuid(cred->user_ns, 0);
@@ -133067,10 +132938,10 @@ index 9630e9f..2071ac2 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index a8b27cd..e3c4bb3 100644
+index 4ba64fd..49be507 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -3002,11 +3002,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
@@ -133189,7 +133060,7 @@ index 062c446..a4b6f4c 100644
};
diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
-index 8010766..4bd361f 100644
+index c850345..71c5fd4 100644
--- a/sound/core/seq/seq_memory.c
+++ b/sound/core/seq/seq_memory.c
@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event,
@@ -134571,10 +134442,10 @@ index 0000000..eec3fd1
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..e5f1fb0
+index 0000000..b52a700
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,518 @@
+@@ -0,0 +1,521 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu>
@@ -134784,7 +134655,10 @@ index 0000000..e5f1fb0
+ if (TYPE_P(*node)) {
+ type = *node;
+ } else {
-+ gcc_assert(TREE_CODE(*node) == TYPE_DECL);
++ if (TREE_CODE(*node) != TYPE_DECL) {
++ error("%qE attribute does not apply to %qD (%qT)", name, *node, TREE_TYPE(*node));
++ return NULL_TREE;
++ }
+ type = TREE_TYPE(*node);
+ }
+
@@ -135095,10 +134969,10 @@ index 0000000..e5f1fb0
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..28c3242
+index 0000000..a910e1c
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,819 @@
+@@ -0,0 +1,831 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -135239,10 +135113,10 @@ index 0000000..28c3242
+#include "builtins.h"
+#endif
+
-+//#include "expr.h" where are you...
++/* #include "expr.h" where are you... */
+extern rtx emit_move_insn(rtx x, rtx y);
+
-+// missing from basic_block.h...
++/* missing from basic_block.h... */
+extern void debug_dominance_info(enum cdi_direction dir);
+extern void debug_dominance_tree(enum cdi_direction dir, basic_block root);
+
@@ -135277,13 +135151,17 @@ index 0000000..28c3242
+#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node))
+#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node))
+
-+// should come from c-tree.h if only it were installed for gcc 4.5...
++/* should come from c-tree.h if only it were installed for gcc 4.5... */
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
+
+#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) \
++ for (tree vars = (FUN)->local_decls, (I) = 0; \
++ vars && ((D) = TREE_VALUE(vars)); \
++ vars = TREE_CHAIN(vars), (I)++)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
-+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
++#define FOR_EACH_VEC_ELT(T, V, I, P) \
++ for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
+#define TODO_rebuild_cgraph_edges 0
+#define SCOPE_FILE_SCOPE_P(EXP) (!(EXP))
+
@@ -135357,7 +135235,8 @@ index 0000000..28c3242
+ sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \
+ seed * seed; })
+
-+#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0)
++#define int_const_binop(code, arg1, arg2) \
++ int_const_binop((code), (arg1), (arg2), 0)
+
+static inline bool gimple_clobber_p(gimple s __unused)
+{
@@ -135370,6 +135249,7 @@ index 0000000..28c3242
+
+ for (i = 0; i < gimple_asm_nclobbers(stmt); i++) {
+ tree op = gimple_asm_clobber_op(stmt, i);
++
+ if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory"))
+ return true;
+ }
@@ -135428,8 +135308,10 @@ index 0000000..28c3242
+#endif
+
+#if BUILDING_GCC_VERSION <= 4007
-+#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next)
-+#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next)
++#define FOR_EACH_FUNCTION(node) \
++ for (node = cgraph_nodes; node; node = node->next)
++#define FOR_EACH_VARIABLE(node) \
++ for (node = varpool_nodes; node; node = node->next)
+#define PROP_loops 0
+#define NODE_SYMBOL(node) (node)
+#define NODE_DECL(node) (node)->decl
@@ -135443,6 +135325,7 @@ index 0000000..28c3242
+static inline bool gimple_store_p(gimple gs)
+{
+ tree lhs = gimple_get_lhs(gs);
++
+ return lhs && !is_gimple_reg(lhs);
+}
+#endif
@@ -135713,7 +135596,7 @@ index 0000000..28c3242
+#endif
+
+#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000
-+// gimple related
++/* gimple related */
+template <>
+template <>
+inline bool is_a_helper<const gassign *>::test(const_gimple gs)
@@ -135732,7 +135615,7 @@ index 0000000..28c3242
+
+#define INSN_DELETED_P(insn) (insn)->deleted()
+
-+// symtab/cgraph related
++/* symtab/cgraph related */
+#define debug_cgraph_node(node) (node)->debug()
+#define cgraph_get_node(decl) cgraph_node::get(decl)
+#define cgraph_get_create_node(decl) cgraph_node::get_create(decl)
@@ -135830,7 +135713,7 @@ index 0000000..28c3242
+#define gimple gimple_ptr
+#endif
+
-+// gimple related
++/* gimple related */
+static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL)
+{
+ return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT);
@@ -135893,9 +135776,11 @@ index 0000000..28c3242
+ return as_a<const greturn *>(stmt);
+}
+
-+// IPA/LTO related
-+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P))
-+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P))
++/* IPA/LTO related */
++#define ipa_ref_list_referring_iterate(L, I, P) \
++ (L)->referring.iterate((I), &(P))
++#define ipa_ref_list_reference_iterate(L, I, P) \
++ (L)->reference.iterate((I), &(P))
+
+static inline cgraph_node_ptr ipa_ref_referring_node(struct ipa_ref *ref)
+{
@@ -135909,7 +135794,8 @@ index 0000000..28c3242
+#endif
+
+#if BUILDING_GCC_VERSION < 6000
-+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \
++ get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
+#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1))
+#endif
+
@@ -135920,10 +135806,10 @@ index 0000000..28c3242
+#endif
diff --git a/tools/gcc/gcc-generate-gimple-pass.h b/tools/gcc/gcc-generate-gimple-pass.h
new file mode 100644
-index 0000000..1abbd0f
+index 0000000..0ba6a0d
--- /dev/null
+++ b/tools/gcc/gcc-generate-gimple-pass.h
-@@ -0,0 +1,172 @@
+@@ -0,0 +1,173 @@
+/*
+ * Generator for GIMPLE pass related boilerplate code/data
+ *
@@ -135935,7 +135821,8 @@ index 0000000..1abbd0f
+ * 2. before inclusion define NO_* for unimplemented callbacks
+ * NO_GATE
+ * NO_EXECUTE
-+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values
++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
++ * the default 0 values
+ * 4. for convenience, all the above will be undefined after inclusion!
+ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
+ */
@@ -135945,25 +135832,25 @@ index 0000000..1abbd0f
+#else
+#define __GCC_PLUGIN_STRINGIFY(n) #n
+#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
-+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
-+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
+
-+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
+#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
+
-+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
+#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
+
+#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
+
-+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
+#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
+
+#ifdef NO_GATE
+#define _GATE NULL
+#define _HAS_GATE false
+#else
-+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
+#define _GATE __GATE(PASS_NAME)
+#define _HAS_GATE true
+#endif
@@ -135972,7 +135859,7 @@ index 0000000..1abbd0f
+#define _EXECUTE NULL
+#define _HAS_EXECUTE false
+#else
-+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
+#define _EXECUTE __EXECUTE(PASS_NAME)
+#define _HAS_EXECUTE true
+#endif
@@ -136040,7 +135927,7 @@ index 0000000..1abbd0f
+#if BUILDING_GCC_VERSION >= 5000
+ virtual bool gate(function *) { return _GATE(); }
+#else
-+ bool gate() { return _GATE(); }
++ bool gate(void) { return _GATE(); }
+#endif
+#endif
+
@@ -136048,7 +135935,7 @@ index 0000000..1abbd0f
+#if BUILDING_GCC_VERSION >= 5000
+ virtual unsigned int execute(function *) { return _EXECUTE(); }
+#else
-+ unsigned int execute() { return _EXECUTE(); }
++ unsigned int execute(void) { return _EXECUTE(); }
+#endif
+#endif
+};
@@ -136065,7 +135952,7 @@ index 0000000..1abbd0f
+}
+#endif
+
-+// clean up user provided defines
++/* clean up user provided defines */
+#undef PASS_NAME
+#undef NO_GATE
+#undef NO_EXECUTE
@@ -136076,7 +135963,7 @@ index 0000000..1abbd0f
+#undef TODO_FLAGS_FINISH
+#undef TODO_FLAGS_START
+
-+// clean up generated defines
++/* clean up generated defines */
+#undef _EXECUTE
+#undef __EXECUTE
+#undef _GATE
@@ -136095,13 +135982,13 @@ index 0000000..1abbd0f
+#undef _PASS_NAME_PASS_DATA
+#undef __PASS_NAME_PASS_DATA
+
-+#endif // PASS_NAME
++#endif /* PASS_NAME */
diff --git a/tools/gcc/gcc-generate-ipa-pass.h b/tools/gcc/gcc-generate-ipa-pass.h
new file mode 100644
-index 0000000..5eba6a0
+index 0000000..283c2e1
--- /dev/null
+++ b/tools/gcc/gcc-generate-ipa-pass.h
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,287 @@
+/*
+ * Generator for IPA pass related boilerplate code/data
+ *
@@ -136121,7 +136008,8 @@ index 0000000..5eba6a0
+ * NO_VARIABLE_TRANSFORM
+ * NO_GATE
+ * NO_EXECUTE
-+ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override the default 0 values
++ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override
++ * the default 0 values
+ * 4. for convenience, all the above will be undefined after inclusion!
+ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
+ */
@@ -136131,73 +136019,73 @@ index 0000000..5eba6a0
+#else
+#define __GCC_PLUGIN_STRINGIFY(n) #n
+#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
-+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
-+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
+
-+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
+#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
+
-+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
+#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
+
+#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
+
-+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
+#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
+
+#ifdef NO_GENERATE_SUMMARY
+#define _GENERATE_SUMMARY NULL
+#else
-+#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_generate_summary)
++#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _generate_summary)
+#define _GENERATE_SUMMARY __GENERATE_SUMMARY(PASS_NAME)
+#endif
+
+#ifdef NO_READ_SUMMARY
+#define _READ_SUMMARY NULL
+#else
-+#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_summary)
++#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_summary)
+#define _READ_SUMMARY __READ_SUMMARY(PASS_NAME)
+#endif
+
+#ifdef NO_WRITE_SUMMARY
+#define _WRITE_SUMMARY NULL
+#else
-+#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_summary)
++#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_summary)
+#define _WRITE_SUMMARY __WRITE_SUMMARY(PASS_NAME)
+#endif
+
+#ifdef NO_READ_OPTIMIZATION_SUMMARY
+#define _READ_OPTIMIZATION_SUMMARY NULL
+#else
-+#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_optimization_summary)
++#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_optimization_summary)
+#define _READ_OPTIMIZATION_SUMMARY __READ_OPTIMIZATION_SUMMARY(PASS_NAME)
+#endif
+
+#ifdef NO_WRITE_OPTIMIZATION_SUMMARY
+#define _WRITE_OPTIMIZATION_SUMMARY NULL
+#else
-+#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_optimization_summary)
++#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_optimization_summary)
+#define _WRITE_OPTIMIZATION_SUMMARY __WRITE_OPTIMIZATION_SUMMARY(PASS_NAME)
+#endif
+
+#ifdef NO_STMT_FIXUP
+#define _STMT_FIXUP NULL
+#else
-+#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n,_stmt_fixup)
++#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n, _stmt_fixup)
+#define _STMT_FIXUP __STMT_FIXUP(PASS_NAME)
+#endif
+
+#ifdef NO_FUNCTION_TRANSFORM
+#define _FUNCTION_TRANSFORM NULL
+#else
-+#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_function_transform)
++#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _function_transform)
+#define _FUNCTION_TRANSFORM __FUNCTION_TRANSFORM(PASS_NAME)
+#endif
+
+#ifdef NO_VARIABLE_TRANSFORM
+#define _VARIABLE_TRANSFORM NULL
+#else
-+#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_variable_transform)
++#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _variable_transform)
+#define _VARIABLE_TRANSFORM __VARIABLE_TRANSFORM(PASS_NAME)
+#endif
+
@@ -136205,7 +136093,7 @@ index 0000000..5eba6a0
+#define _GATE NULL
+#define _HAS_GATE false
+#else
-+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
+#define _GATE __GATE(PASS_NAME)
+#define _HAS_GATE true
+#endif
@@ -136214,7 +136102,7 @@ index 0000000..5eba6a0
+#define _EXECUTE NULL
+#define _HAS_EXECUTE false
+#else
-+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
+#define _EXECUTE __EXECUTE(PASS_NAME)
+#define _HAS_EXECUTE true
+#endif
@@ -136307,7 +136195,7 @@ index 0000000..5eba6a0
+#if BUILDING_GCC_VERSION >= 5000
+ virtual bool gate(function *) { return _GATE(); }
+#else
-+ bool gate() { return _GATE(); }
++ bool gate(void) { return _GATE(); }
+#endif
+#endif
+
@@ -136315,7 +136203,7 @@ index 0000000..5eba6a0
+#if BUILDING_GCC_VERSION >= 5000
+ virtual unsigned int execute(function *) { return _EXECUTE(); }
+#else
-+ unsigned int execute() { return _EXECUTE(); }
++ unsigned int execute(void) { return _EXECUTE(); }
+#endif
+#endif
+};
@@ -136332,7 +136220,7 @@ index 0000000..5eba6a0
+}
+#endif
+
-+// clean up user provided defines
++/* clean up user provided defines */
+#undef PASS_NAME
+#undef NO_GENERATE_SUMMARY
+#undef NO_WRITE_SUMMARY
@@ -136352,7 +136240,7 @@ index 0000000..5eba6a0
+#undef TODO_FLAGS_FINISH
+#undef TODO_FLAGS_START
+
-+// clean up generated defines
++/* clean up generated defines */
+#undef _EXECUTE
+#undef __EXECUTE
+#undef _FUNCTION_TRANSFORM
@@ -136387,13 +136275,13 @@ index 0000000..5eba6a0
+#undef _WRITE_SUMMARY
+#undef __WRITE_SUMMARY
+
-+#endif // PASS_NAME
++#endif /* PASS_NAME */
diff --git a/tools/gcc/gcc-generate-rtl-pass.h b/tools/gcc/gcc-generate-rtl-pass.h
new file mode 100644
-index 0000000..c5cc187
+index 0000000..f4cc205
--- /dev/null
+++ b/tools/gcc/gcc-generate-rtl-pass.h
-@@ -0,0 +1,172 @@
+@@ -0,0 +1,173 @@
+/*
+ * Generator for RTL pass related boilerplate code/data
+ *
@@ -136405,7 +136293,8 @@ index 0000000..c5cc187
+ * 2. before inclusion define NO_* for unimplemented callbacks
+ * NO_GATE
+ * NO_EXECUTE
-+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values
++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
++ * the default 0 values
+ * 4. for convenience, all the above will be undefined after inclusion!
+ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
+ */
@@ -136415,25 +136304,25 @@ index 0000000..c5cc187
+#else
+#define __GCC_PLUGIN_STRINGIFY(n) #n
+#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
-+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
-+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
+
-+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
+#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
+
-+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
+#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
+
+#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
+
-+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
+#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
+
+#ifdef NO_GATE
+#define _GATE NULL
+#define _HAS_GATE false
+#else
-+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
+#define _GATE __GATE(PASS_NAME)
+#define _HAS_GATE true
+#endif
@@ -136442,7 +136331,7 @@ index 0000000..c5cc187
+#define _EXECUTE NULL
+#define _HAS_EXECUTE false
+#else
-+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
+#define _EXECUTE __EXECUTE(PASS_NAME)
+#define _HAS_EXECUTE true
+#endif
@@ -136510,7 +136399,7 @@ index 0000000..c5cc187
+#if BUILDING_GCC_VERSION >= 5000
+ virtual bool gate(function *) { return _GATE(); }
+#else
-+ bool gate() { return _GATE(); }
++ bool gate(void) { return _GATE(); }
+#endif
+#endif
+
@@ -136518,7 +136407,7 @@ index 0000000..c5cc187
+#if BUILDING_GCC_VERSION >= 5000
+ virtual unsigned int execute(function *) { return _EXECUTE(); }
+#else
-+ unsigned int execute() { return _EXECUTE(); }
++ unsigned int execute(void) { return _EXECUTE(); }
+#endif
+#endif
+};
@@ -136535,7 +136424,7 @@ index 0000000..c5cc187
+}
+#endif
+
-+// clean up user provided defines
++/* clean up user provided defines */
+#undef PASS_NAME
+#undef NO_GATE
+#undef NO_EXECUTE
@@ -136546,7 +136435,7 @@ index 0000000..c5cc187
+#undef TODO_FLAGS_FINISH
+#undef TODO_FLAGS_START
+
-+// clean up generated defines
++/* clean up generated defines */
+#undef _EXECUTE
+#undef __EXECUTE
+#undef _GATE
@@ -136565,7 +136454,186 @@ index 0000000..c5cc187
+#undef _PASS_NAME_PASS_DATA
+#undef __PASS_NAME_PASS_DATA
+
-+#endif // PASS_NAME
++#endif /* PASS_NAME */
+diff --git a/tools/gcc/gcc-generate-simple_ipa-pass.h b/tools/gcc/gcc-generate-simple_ipa-pass.h
+new file mode 100644
+index 0000000..159d5ae
+--- /dev/null
++++ b/tools/gcc/gcc-generate-simple_ipa-pass.h
+@@ -0,0 +1,173 @@
++/*
++ * Generator for SIMPLE_IPA pass related boilerplate code/data
++ *
++ * Supports gcc 4.5-6
++ *
++ * Usage:
++ *
++ * 1. before inclusion define PASS_NAME
++ * 2. before inclusion define NO_* for unimplemented callbacks
++ * NO_GATE
++ * NO_EXECUTE
++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
++ * the default 0 values
++ * 4. for convenience, all the above will be undefined after inclusion!
++ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
++ */
++
++#ifndef PASS_NAME
++#error at least PASS_NAME must be defined
++#else
++#define __GCC_PLUGIN_STRINGIFY(n) #n
++#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
++
++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
++#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
++
++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
++#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
++
++#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
++
++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
++#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
++
++#ifdef NO_GATE
++#define _GATE NULL
++#define _HAS_GATE false
++#else
++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
++#define _GATE __GATE(PASS_NAME)
++#define _HAS_GATE true
++#endif
++
++#ifdef NO_EXECUTE
++#define _EXECUTE NULL
++#define _HAS_EXECUTE false
++#else
++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
++#define _EXECUTE __EXECUTE(PASS_NAME)
++#define _HAS_EXECUTE true
++#endif
++
++#ifndef PROPERTIES_REQUIRED
++#define PROPERTIES_REQUIRED 0
++#endif
++
++#ifndef PROPERTIES_PROVIDED
++#define PROPERTIES_PROVIDED 0
++#endif
++
++#ifndef PROPERTIES_DESTROYED
++#define PROPERTIES_DESTROYED 0
++#endif
++
++#ifndef TODO_FLAGS_START
++#define TODO_FLAGS_START 0
++#endif
++
++#ifndef TODO_FLAGS_FINISH
++#define TODO_FLAGS_FINISH 0
++#endif
++
++#if BUILDING_GCC_VERSION >= 4009
++namespace {
++static const pass_data _PASS_NAME_PASS_DATA = {
++#else
++static struct simple_ipa_opt_pass _PASS_NAME_PASS = {
++ .pass = {
++#endif
++ .type = SIMPLE_IPA_PASS,
++ .name = _PASS_NAME_NAME,
++#if BUILDING_GCC_VERSION >= 4008
++ .optinfo_flags = OPTGROUP_NONE,
++#endif
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION == 4009
++ .has_gate = _HAS_GATE,
++ .has_execute = _HAS_EXECUTE,
++#else
++ .gate = _GATE,
++ .execute = _EXECUTE,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++#endif
++ .tv_id = TV_NONE,
++ .properties_required = PROPERTIES_REQUIRED,
++ .properties_provided = PROPERTIES_PROVIDED,
++ .properties_destroyed = PROPERTIES_DESTROYED,
++ .todo_flags_start = TODO_FLAGS_START,
++ .todo_flags_finish = TODO_FLAGS_FINISH,
++#if BUILDING_GCC_VERSION < 4009
++ }
++#endif
++};
++
++#if BUILDING_GCC_VERSION >= 4009
++class _PASS_NAME_PASS : public simple_ipa_opt_pass {
++public:
++ _PASS_NAME_PASS() : simple_ipa_opt_pass(_PASS_NAME_PASS_DATA, g) {}
++
++#ifndef NO_GATE
++#if BUILDING_GCC_VERSION >= 5000
++ virtual bool gate(function *) { return _GATE(); }
++#else
++ bool gate(void) { return _GATE(); }
++#endif
++#endif
++
++#ifndef NO_EXECUTE
++#if BUILDING_GCC_VERSION >= 5000
++ virtual unsigned int execute(function *) { return _EXECUTE(); }
++#else
++ unsigned int execute(void) { return _EXECUTE(); }
++#endif
++#endif
++};
++}
++
++opt_pass *_MAKE_PASS_NAME_PASS(void)
++{
++ return new _PASS_NAME_PASS();
++}
++#else
++struct opt_pass *_MAKE_PASS_NAME_PASS(void)
++{
++ return &_PASS_NAME_PASS.pass;
++}
++#endif
++
++/* clean up user provided defines */
++#undef PASS_NAME
++#undef NO_GATE
++#undef NO_EXECUTE
++
++#undef PROPERTIES_DESTROYED
++#undef PROPERTIES_PROVIDED
++#undef PROPERTIES_REQUIRED
++#undef TODO_FLAGS_FINISH
++#undef TODO_FLAGS_START
++
++/* clean up generated defines */
++#undef _EXECUTE
++#undef __EXECUTE
++#undef _GATE
++#undef __GATE
++#undef _GCC_PLUGIN_CONCAT2
++#undef _GCC_PLUGIN_CONCAT3
++#undef _GCC_PLUGIN_STRINGIFY
++#undef __GCC_PLUGIN_STRINGIFY
++#undef _HAS_EXECUTE
++#undef _HAS_GATE
++#undef _MAKE_PASS_NAME_PASS
++#undef __MAKE_PASS_NAME_PASS
++#undef _PASS_NAME_NAME
++#undef _PASS_NAME_PASS
++#undef __PASS_NAME_PASS
++#undef _PASS_NAME_PASS_DATA
++#undef __PASS_NAME_PASS_DATA
++
++#endif /* PASS_NAME */
diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh
new file mode 100644
index 0000000..7514850
@@ -139038,10 +139106,10 @@ index 0000000..f74d85a
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
-index 0000000..e141179
+index 0000000..f4a8606
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12434 @@
+@@ -0,0 +1,12437 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -142510,7 +142578,8 @@ index 0000000..e141179
+disable_so_rs5c372_get_datetime_fndecl_18451 rs5c372_get_datetime fndecl 0 18451 NULL
+disable_so_diolan_set_clock_synch_fndecl_18461 diolan_set_clock_synch fndecl 0 18461 NULL nohasharray
+disable_so_tcp_timeout_ip_vs_timeout_user_18461 tcp_timeout ip_vs_timeout_user 0 18461 &disable_so_diolan_set_clock_synch_fndecl_18461
-+disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL
++disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL nohasharray
++enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 &disable_so_mac_addr_low_nes_adapter_18465
+disable_so_sci_interrupt_acpi_table_fadt_18467 sci_interrupt acpi_table_fadt 0 18467 NULL
+disable_so_mii_bmsr_bnx2_18468 mii_bmsr bnx2 0 18468 NULL
+disable_so_qla4xxx_fw_timestamp_show_fndecl_18474 qla4xxx_fw_timestamp_show fndecl 0 18474 NULL
@@ -149744,7 +149813,8 @@ index 0000000..e141179
+disable_so_get_cpufreq_driver_56334 get cpufreq_driver 0-1 56334 NULL
+disable_so_cg_spll_spread_spectrum_2_rv770_clock_registers_56343 cg_spll_spread_spectrum_2 rv770_clock_registers 0 56343 NULL
+disable_so_dsa_slave_set_mac_address_fndecl_56363 dsa_slave_set_mac_address fndecl 0 56363 NULL nohasharray
-+disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363
++disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363 nohasharray
++enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 &disable_so_log2secsize_adfs_discrecord_56363
+disable_so_offset_bit_entry_56370 offset bit_entry 0 56370 NULL
+disable_so_serio_interrupt_fndecl_56371 serio_interrupt fndecl 2 56371 NULL
+disable_so_nla_put_s8_fndecl_56378 nla_put_s8 fndecl 0 56378 NULL
@@ -151476,6 +151546,7 @@ index 0000000..e141179
+enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL
+enable_so_dsack_tcp_options_received_27706 dsack tcp_options_received 0 27706 NULL
+enable_so_inbufBits_bunzip_data_13788 inbufBits bunzip_data 0 13788 NULL
++enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..be9724d
@@ -153764,10 +153835,10 @@ index 0000000..fc58e16
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..35efc61
+index 0000000..acc340b
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21513 @@
+@@ -0,0 +1,21510 @@
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
+enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
@@ -156489,7 +156560,6 @@ index 0000000..35efc61
+enable_so_wNdpOutPayloadRemainder_usb_cdc_ncm_ntb_parameters_8415 wNdpOutPayloadRemainder usb_cdc_ncm_ntb_parameters 0 8415 NULL
+enable_so_ring_blocks_vxge_hw_ring_config_8417 ring_blocks vxge_hw_ring_config 0 8417 NULL nohasharray
+enable_so_lbs_lowrssi_read_fndecl_8417 lbs_lowrssi_read fndecl 3 8417 &enable_so_ring_blocks_vxge_hw_ring_config_8417
-+enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
+enable_so_rtsx_pci_dma_transfer_fndecl_8439 rtsx_pci_dma_transfer fndecl 0 8439 NULL
+enable_so_block_dm_buffer_8440 block dm_buffer 0 8440 NULL
+enable_so_offset_l2tp_session_8443 offset l2tp_session 0 8443 NULL
@@ -159812,7 +159882,6 @@ index 0000000..35efc61
+enable_so_mp_tx_agg_buf_size_sdio_mmc_card_18449 mp_tx_agg_buf_size sdio_mmc_card 0 18449 &enable_so_data_len_hfa384x_tx_frame_18449
+enable_so_copy_range_nfulnl_instance_18460 copy_range nfulnl_instance 0 18460 NULL nohasharray
+enable_so_error_bar_retry_read_fndecl_18460 error_bar_retry_read fndecl 3 18460 &enable_so_copy_range_nfulnl_instance_18460
-+enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 NULL
+enable_so_bsize_jfs_sb_info_18477 bsize jfs_sb_info 0 18477 NULL
+enable_so_xfs_free_extent_fndecl_18480 xfs_free_extent fndecl 2-3 18480 NULL
+enable_so_exynos4_jpeg_get_stream_size_fndecl_18485 exynos4_jpeg_get_stream_size fndecl 0 18485 NULL nohasharray
@@ -172297,7 +172366,6 @@ index 0000000..35efc61
+enable_so_mapping_level_fndecl_56350 mapping_level fndecl 0-2 56350 NULL
+enable_so_dccp_ackvec_add_new_fndecl_56359 dccp_ackvec_add_new fndecl 2-3 56359 NULL
+enable_so_acl_permission_check_fndecl_56360 acl_permission_check fndecl 0 56360 NULL
-+enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 NULL
+enable_so_interrupt_out_endpointAddress_usb_serial_port_56364 interrupt_out_endpointAddress usb_serial_port 0 56364 NULL
+enable_so_ide_set_pio_mode_fndecl_56371 ide_set_pio_mode fndecl 2 56371 NULL
+enable_so_len_asd_ha_addrspace_56381 len asd_ha_addrspace 0 56381 NULL
diff --git a/4.4.2/4425_grsec_remove_EI_PAX.patch b/4.4.3/4425_grsec_remove_EI_PAX.patch
index 2a1aa6c..2a1aa6c 100644
--- a/4.4.2/4425_grsec_remove_EI_PAX.patch
+++ b/4.4.3/4425_grsec_remove_EI_PAX.patch
diff --git a/4.4.2/4427_force_XATTR_PAX_tmpfs.patch b/4.4.3/4427_force_XATTR_PAX_tmpfs.patch
index f6aea64..f6aea64 100644
--- a/4.4.2/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.4.3/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.4.2/4430_grsec-remove-localversion-grsec.patch b/4.4.3/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.4.2/4430_grsec-remove-localversion-grsec.patch
+++ b/4.4.3/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.4.2/4435_grsec-mute-warnings.patch b/4.4.3/4435_grsec-mute-warnings.patch
index b7564e4..b7564e4 100644
--- a/4.4.2/4435_grsec-mute-warnings.patch
+++ b/4.4.3/4435_grsec-mute-warnings.patch
diff --git a/4.4.2/4440_grsec-remove-protected-paths.patch b/4.4.3/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.4.2/4440_grsec-remove-protected-paths.patch
+++ b/4.4.3/4440_grsec-remove-protected-paths.patch
diff --git a/4.4.2/4450_grsec-kconfig-default-gids.patch b/4.4.3/4450_grsec-kconfig-default-gids.patch
index 77f9706..77f9706 100644
--- a/4.4.2/4450_grsec-kconfig-default-gids.patch
+++ b/4.4.3/4450_grsec-kconfig-default-gids.patch
diff --git a/4.4.2/4465_selinux-avc_audit-log-curr_ip.patch b/4.4.3/4465_selinux-avc_audit-log-curr_ip.patch
index f1c4923..f1c4923 100644
--- a/4.4.2/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.4.3/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.4.2/4470_disable-compat_vdso.patch b/4.4.3/4470_disable-compat_vdso.patch
index 281aad9..281aad9 100644
--- a/4.4.2/4470_disable-compat_vdso.patch
+++ b/4.4.3/4470_disable-compat_vdso.patch
diff --git a/4.4.2/4475_emutramp_default_on.patch b/4.4.3/4475_emutramp_default_on.patch
index afd6019..afd6019 100644
--- a/4.4.2/4475_emutramp_default_on.patch
+++ b/4.4.3/4475_emutramp_default_on.patch