Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.39/, 3.19.6/, 3.19.5/, 3.14.40/
Date: Thu, 30 Apr 2015 18:00:15
Message-Id: 1430416849.dedbb02500624b2c5ddd456afd9fd9b6441a10eb.blueness@gentoo
1 commit: dedbb02500624b2c5ddd456afd9fd9b6441a10eb
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Apr 30 18:00:49 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Thu Apr 30 18:00:49 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=dedbb025
7
8 Grsec/PaX: 3.1-{3.14.40,3.19.6}-201504290821
9
10 {3.14.39 => 3.14.40}/0000_README | 6 +-
11 3.14.40/1039_linux-3.14.40.patch | 2462 ++++++++++++++++++++
12 .../4420_grsecurity-3.1-3.14.40-201504290821.patch | 336 ++-
13 {3.19.5 => 3.14.40}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 .../4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 .../4470_disable-compat_vdso.patch | 0
21 {3.19.5 => 3.14.40}/4475_emutramp_default_on.patch | 0
22 {3.19.5 => 3.19.6}/0000_README | 6 +-
23 3.19.6/1005_linux-3.19.6.patch | 1674 +++++++++++++
24 .../4420_grsecurity-3.1-3.19.6-201504290821.patch | 303 +--
25 {3.14.39 => 3.19.6}/4425_grsec_remove_EI_PAX.patch | 0
26 .../4427_force_XATTR_PAX_tmpfs.patch | 0
27 .../4430_grsec-remove-localversion-grsec.patch | 0
28 {3.19.5 => 3.19.6}/4435_grsec-mute-warnings.patch | 0
29 .../4440_grsec-remove-protected-paths.patch | 0
30 .../4450_grsec-kconfig-default-gids.patch | 0
31 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
32 {3.19.5 => 3.19.6}/4470_disable-compat_vdso.patch | 0
33 {3.14.39 => 3.19.6}/4475_emutramp_default_on.patch | 0
34 24 files changed, 4363 insertions(+), 424 deletions(-)
35
36 diff --git a/3.14.39/0000_README b/3.14.40/0000_README
37 similarity index 92%
38 rename from 3.14.39/0000_README
39 rename to 3.14.40/0000_README
40 index 7ed8450..79dc6c4 100644
41 --- a/3.14.39/0000_README
42 +++ b/3.14.40/0000_README
43 @@ -2,7 +2,11 @@ README
44 -----------------------------------------------------------------------------
45 Individual Patch Descriptions:
46 -----------------------------------------------------------------------------
47 -Patch: 4420_grsecurity-3.1-3.14.39-201504270826.patch
48 +Patch: 1039_linux-3.14.40.patch
49 +From: http://www.kernel.org
50 +Desc: Linux 3.14.40
51 +
52 +Patch: 4420_grsecurity-3.1-3.14.40-201504290821.patch
53 From: http://www.grsecurity.net
54 Desc: hardened-sources base patch from upstream grsecurity
55
56
57 diff --git a/3.14.40/1039_linux-3.14.40.patch b/3.14.40/1039_linux-3.14.40.patch
58 new file mode 100644
59 index 0000000..6afa4bd
60 --- /dev/null
61 +++ b/3.14.40/1039_linux-3.14.40.patch
62 @@ -0,0 +1,2462 @@
63 +diff --git a/Makefile b/Makefile
64 +index b40845e..070e0eb 100644
65 +--- a/Makefile
66 ++++ b/Makefile
67 +@@ -1,6 +1,6 @@
68 + VERSION = 3
69 + PATCHLEVEL = 14
70 +-SUBLEVEL = 39
71 ++SUBLEVEL = 40
72 + EXTRAVERSION =
73 + NAME = Remembering Coco
74 +
75 +diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
76 +index 98838a0..9d0ac09 100644
77 +--- a/arch/alpha/mm/fault.c
78 ++++ b/arch/alpha/mm/fault.c
79 +@@ -156,6 +156,8 @@ retry:
80 + if (unlikely(fault & VM_FAULT_ERROR)) {
81 + if (fault & VM_FAULT_OOM)
82 + goto out_of_memory;
83 ++ else if (fault & VM_FAULT_SIGSEGV)
84 ++ goto bad_area;
85 + else if (fault & VM_FAULT_SIGBUS)
86 + goto do_sigbus;
87 + BUG();
88 +diff --git a/arch/arc/mm/fault.c b/arch/arc/mm/fault.c
89 +index 9c69552..01e18b5 100644
90 +--- a/arch/arc/mm/fault.c
91 ++++ b/arch/arc/mm/fault.c
92 +@@ -162,6 +162,8 @@ good_area:
93 + /* TBD: switch to pagefault_out_of_memory() */
94 + if (fault & VM_FAULT_OOM)
95 + goto out_of_memory;
96 ++ else if (fault & VM_FAULT_SIGSEGV)
97 ++ goto bad_area;
98 + else if (fault & VM_FAULT_SIGBUS)
99 + goto do_sigbus;
100 +
101 +diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h
102 +index 626989f..9fd61c7 100644
103 +--- a/arch/arm/include/asm/pgtable-3level-hwdef.h
104 ++++ b/arch/arm/include/asm/pgtable-3level-hwdef.h
105 +@@ -43,7 +43,7 @@
106 + #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2)
107 + #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3)
108 + #define PMD_SECT_USER (_AT(pmdval_t, 1) << 6) /* AP[1] */
109 +-#define PMD_SECT_RDONLY (_AT(pmdval_t, 1) << 7) /* AP[2] */
110 ++#define PMD_SECT_AP2 (_AT(pmdval_t, 1) << 7) /* read only */
111 + #define PMD_SECT_S (_AT(pmdval_t, 3) << 8)
112 + #define PMD_SECT_AF (_AT(pmdval_t, 1) << 10)
113 + #define PMD_SECT_nG (_AT(pmdval_t, 1) << 11)
114 +@@ -72,6 +72,7 @@
115 + #define PTE_TABLE_BIT (_AT(pteval_t, 1) << 1)
116 + #define PTE_BUFFERABLE (_AT(pteval_t, 1) << 2) /* AttrIndx[0] */
117 + #define PTE_CACHEABLE (_AT(pteval_t, 1) << 3) /* AttrIndx[1] */
118 ++#define PTE_AP2 (_AT(pteval_t, 1) << 7) /* AP[2] */
119 + #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
120 + #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */
121 + #define PTE_EXT_NG (_AT(pteval_t, 1) << 11) /* nG */
122 +diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
123 +index 85c60ad..06e0bc0 100644
124 +--- a/arch/arm/include/asm/pgtable-3level.h
125 ++++ b/arch/arm/include/asm/pgtable-3level.h
126 +@@ -79,18 +79,19 @@
127 + #define L_PTE_PRESENT (_AT(pteval_t, 3) << 0) /* Present */
128 + #define L_PTE_FILE (_AT(pteval_t, 1) << 2) /* only when !PRESENT */
129 + #define L_PTE_USER (_AT(pteval_t, 1) << 6) /* AP[1] */
130 +-#define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */
131 + #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
132 + #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */
133 + #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */
134 +-#define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */
135 +-#define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */
136 ++#define L_PTE_DIRTY (_AT(pteval_t, 1) << 55)
137 ++#define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56)
138 + #define L_PTE_NONE (_AT(pteval_t, 1) << 57) /* PROT_NONE */
139 ++#define L_PTE_RDONLY (_AT(pteval_t, 1) << 58) /* READ ONLY */
140 +
141 +-#define PMD_SECT_VALID (_AT(pmdval_t, 1) << 0)
142 +-#define PMD_SECT_DIRTY (_AT(pmdval_t, 1) << 55)
143 +-#define PMD_SECT_SPLITTING (_AT(pmdval_t, 1) << 56)
144 +-#define PMD_SECT_NONE (_AT(pmdval_t, 1) << 57)
145 ++#define L_PMD_SECT_VALID (_AT(pmdval_t, 1) << 0)
146 ++#define L_PMD_SECT_DIRTY (_AT(pmdval_t, 1) << 55)
147 ++#define L_PMD_SECT_SPLITTING (_AT(pmdval_t, 1) << 56)
148 ++#define L_PMD_SECT_NONE (_AT(pmdval_t, 1) << 57)
149 ++#define L_PMD_SECT_RDONLY (_AT(pteval_t, 1) << 58)
150 +
151 + /*
152 + * To be used in assembly code with the upper page attributes.
153 +@@ -207,27 +208,32 @@ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long addr)
154 + #define pte_huge(pte) (pte_val(pte) && !(pte_val(pte) & PTE_TABLE_BIT))
155 + #define pte_mkhuge(pte) (__pte(pte_val(pte) & ~PTE_TABLE_BIT))
156 +
157 +-#define pmd_young(pmd) (pmd_val(pmd) & PMD_SECT_AF)
158 ++#define pmd_isset(pmd, val) ((u32)(val) == (val) ? pmd_val(pmd) & (val) \
159 ++ : !!(pmd_val(pmd) & (val)))
160 ++#define pmd_isclear(pmd, val) (!(pmd_val(pmd) & (val)))
161 ++
162 ++#define pmd_young(pmd) (pmd_isset((pmd), PMD_SECT_AF))
163 +
164 + #define __HAVE_ARCH_PMD_WRITE
165 +-#define pmd_write(pmd) (!(pmd_val(pmd) & PMD_SECT_RDONLY))
166 ++#define pmd_write(pmd) (pmd_isclear((pmd), L_PMD_SECT_RDONLY))
167 ++#define pmd_dirty(pmd) (pmd_isset((pmd), L_PMD_SECT_DIRTY))
168 +
169 + #define pmd_hugewillfault(pmd) (!pmd_young(pmd) || !pmd_write(pmd))
170 + #define pmd_thp_or_huge(pmd) (pmd_huge(pmd) || pmd_trans_huge(pmd))
171 +
172 + #ifdef CONFIG_TRANSPARENT_HUGEPAGE
173 +-#define pmd_trans_huge(pmd) (pmd_val(pmd) && !(pmd_val(pmd) & PMD_TABLE_BIT))
174 +-#define pmd_trans_splitting(pmd) (pmd_val(pmd) & PMD_SECT_SPLITTING)
175 ++#define pmd_trans_huge(pmd) (pmd_val(pmd) && !pmd_table(pmd))
176 ++#define pmd_trans_splitting(pmd) (pmd_isset((pmd), L_PMD_SECT_SPLITTING))
177 + #endif
178 +
179 + #define PMD_BIT_FUNC(fn,op) \
180 + static inline pmd_t pmd_##fn(pmd_t pmd) { pmd_val(pmd) op; return pmd; }
181 +
182 +-PMD_BIT_FUNC(wrprotect, |= PMD_SECT_RDONLY);
183 ++PMD_BIT_FUNC(wrprotect, |= L_PMD_SECT_RDONLY);
184 + PMD_BIT_FUNC(mkold, &= ~PMD_SECT_AF);
185 +-PMD_BIT_FUNC(mksplitting, |= PMD_SECT_SPLITTING);
186 +-PMD_BIT_FUNC(mkwrite, &= ~PMD_SECT_RDONLY);
187 +-PMD_BIT_FUNC(mkdirty, |= PMD_SECT_DIRTY);
188 ++PMD_BIT_FUNC(mksplitting, |= L_PMD_SECT_SPLITTING);
189 ++PMD_BIT_FUNC(mkwrite, &= ~L_PMD_SECT_RDONLY);
190 ++PMD_BIT_FUNC(mkdirty, |= L_PMD_SECT_DIRTY);
191 + PMD_BIT_FUNC(mkyoung, |= PMD_SECT_AF);
192 +
193 + #define pmd_mkhuge(pmd) (__pmd(pmd_val(pmd) & ~PMD_TABLE_BIT))
194 +@@ -241,8 +247,8 @@ PMD_BIT_FUNC(mkyoung, |= PMD_SECT_AF);
195 +
196 + static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
197 + {
198 +- const pmdval_t mask = PMD_SECT_USER | PMD_SECT_XN | PMD_SECT_RDONLY |
199 +- PMD_SECT_VALID | PMD_SECT_NONE;
200 ++ const pmdval_t mask = PMD_SECT_USER | PMD_SECT_XN | L_PMD_SECT_RDONLY |
201 ++ L_PMD_SECT_VALID | L_PMD_SECT_NONE;
202 + pmd_val(pmd) = (pmd_val(pmd) & ~mask) | (pgprot_val(newprot) & mask);
203 + return pmd;
204 + }
205 +@@ -253,8 +259,13 @@ static inline void set_pmd_at(struct mm_struct *mm, unsigned long addr,
206 + BUG_ON(addr >= TASK_SIZE);
207 +
208 + /* create a faulting entry if PROT_NONE protected */
209 +- if (pmd_val(pmd) & PMD_SECT_NONE)
210 +- pmd_val(pmd) &= ~PMD_SECT_VALID;
211 ++ if (pmd_val(pmd) & L_PMD_SECT_NONE)
212 ++ pmd_val(pmd) &= ~L_PMD_SECT_VALID;
213 ++
214 ++ if (pmd_write(pmd) && pmd_dirty(pmd))
215 ++ pmd_val(pmd) &= ~PMD_SECT_AP2;
216 ++ else
217 ++ pmd_val(pmd) |= PMD_SECT_AP2;
218 +
219 + *pmdp = __pmd(pmd_val(pmd) | PMD_SECT_nG);
220 + flush_pmd_entry(pmdp);
221 +diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
222 +index 7d59b52..89dba13 100644
223 +--- a/arch/arm/include/asm/pgtable.h
224 ++++ b/arch/arm/include/asm/pgtable.h
225 +@@ -214,12 +214,16 @@ static inline pte_t *pmd_page_vaddr(pmd_t pmd)
226 +
227 + #define pte_clear(mm,addr,ptep) set_pte_ext(ptep, __pte(0), 0)
228 +
229 ++#define pte_isset(pte, val) ((u32)(val) == (val) ? pte_val(pte) & (val) \
230 ++ : !!(pte_val(pte) & (val)))
231 ++#define pte_isclear(pte, val) (!(pte_val(pte) & (val)))
232 ++
233 + #define pte_none(pte) (!pte_val(pte))
234 +-#define pte_present(pte) (pte_val(pte) & L_PTE_PRESENT)
235 +-#define pte_write(pte) (!(pte_val(pte) & L_PTE_RDONLY))
236 +-#define pte_dirty(pte) (pte_val(pte) & L_PTE_DIRTY)
237 +-#define pte_young(pte) (pte_val(pte) & L_PTE_YOUNG)
238 +-#define pte_exec(pte) (!(pte_val(pte) & L_PTE_XN))
239 ++#define pte_present(pte) (pte_isset((pte), L_PTE_PRESENT))
240 ++#define pte_write(pte) (pte_isclear((pte), L_PTE_RDONLY))
241 ++#define pte_dirty(pte) (pte_isset((pte), L_PTE_DIRTY))
242 ++#define pte_young(pte) (pte_isset((pte), L_PTE_YOUNG))
243 ++#define pte_exec(pte) (pte_isclear((pte), L_PTE_XN))
244 + #define pte_special(pte) (0)
245 +
246 + #define pte_present_user(pte) (pte_present(pte) && (pte_val(pte) & L_PTE_USER))
247 +diff --git a/arch/arm/mm/proc-v7-3level.S b/arch/arm/mm/proc-v7-3level.S
248 +index 22e3ad6..eb81123 100644
249 +--- a/arch/arm/mm/proc-v7-3level.S
250 ++++ b/arch/arm/mm/proc-v7-3level.S
251 +@@ -86,8 +86,13 @@ ENTRY(cpu_v7_set_pte_ext)
252 + tst rh, #1 << (57 - 32) @ L_PTE_NONE
253 + bicne rl, #L_PTE_VALID
254 + bne 1f
255 +- tst rh, #1 << (55 - 32) @ L_PTE_DIRTY
256 +- orreq rl, #L_PTE_RDONLY
257 ++
258 ++ eor ip, rh, #1 << (55 - 32) @ toggle L_PTE_DIRTY in temp reg to
259 ++ @ test for !L_PTE_DIRTY || L_PTE_RDONLY
260 ++ tst ip, #1 << (55 - 32) | 1 << (58 - 32)
261 ++ orrne rl, #PTE_AP2
262 ++ biceq rl, #PTE_AP2
263 ++
264 + 1: strd r2, r3, [r0]
265 + ALT_SMP(W(nop))
266 + ALT_UP (mcr p15, 0, r0, c7, c10, 1) @ flush_pte
267 +diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c
268 +index 0eca933..d223a8b 100644
269 +--- a/arch/avr32/mm/fault.c
270 ++++ b/arch/avr32/mm/fault.c
271 +@@ -142,6 +142,8 @@ good_area:
272 + if (unlikely(fault & VM_FAULT_ERROR)) {
273 + if (fault & VM_FAULT_OOM)
274 + goto out_of_memory;
275 ++ else if (fault & VM_FAULT_SIGSEGV)
276 ++ goto bad_area;
277 + else if (fault & VM_FAULT_SIGBUS)
278 + goto do_sigbus;
279 + BUG();
280 +diff --git a/arch/cris/mm/fault.c b/arch/cris/mm/fault.c
281 +index 1790f22..2686a7a 100644
282 +--- a/arch/cris/mm/fault.c
283 ++++ b/arch/cris/mm/fault.c
284 +@@ -176,6 +176,8 @@ retry:
285 + if (unlikely(fault & VM_FAULT_ERROR)) {
286 + if (fault & VM_FAULT_OOM)
287 + goto out_of_memory;
288 ++ else if (fault & VM_FAULT_SIGSEGV)
289 ++ goto bad_area;
290 + else if (fault & VM_FAULT_SIGBUS)
291 + goto do_sigbus;
292 + BUG();
293 +diff --git a/arch/frv/mm/fault.c b/arch/frv/mm/fault.c
294 +index 9a66372..ec4917d 100644
295 +--- a/arch/frv/mm/fault.c
296 ++++ b/arch/frv/mm/fault.c
297 +@@ -168,6 +168,8 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear
298 + if (unlikely(fault & VM_FAULT_ERROR)) {
299 + if (fault & VM_FAULT_OOM)
300 + goto out_of_memory;
301 ++ else if (fault & VM_FAULT_SIGSEGV)
302 ++ goto bad_area;
303 + else if (fault & VM_FAULT_SIGBUS)
304 + goto do_sigbus;
305 + BUG();
306 +diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c
307 +index 7225dad..ba5ba7a 100644
308 +--- a/arch/ia64/mm/fault.c
309 ++++ b/arch/ia64/mm/fault.c
310 +@@ -172,6 +172,8 @@ retry:
311 + */
312 + if (fault & VM_FAULT_OOM) {
313 + goto out_of_memory;
314 ++ } else if (fault & VM_FAULT_SIGSEGV) {
315 ++ goto bad_area;
316 + } else if (fault & VM_FAULT_SIGBUS) {
317 + signal = SIGBUS;
318 + goto bad_area;
319 +diff --git a/arch/m32r/mm/fault.c b/arch/m32r/mm/fault.c
320 +index e9c6a80..e3d4d48901 100644
321 +--- a/arch/m32r/mm/fault.c
322 ++++ b/arch/m32r/mm/fault.c
323 +@@ -200,6 +200,8 @@ good_area:
324 + if (unlikely(fault & VM_FAULT_ERROR)) {
325 + if (fault & VM_FAULT_OOM)
326 + goto out_of_memory;
327 ++ else if (fault & VM_FAULT_SIGSEGV)
328 ++ goto bad_area;
329 + else if (fault & VM_FAULT_SIGBUS)
330 + goto do_sigbus;
331 + BUG();
332 +diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c
333 +index 2bd7487..b2f04ae 100644
334 +--- a/arch/m68k/mm/fault.c
335 ++++ b/arch/m68k/mm/fault.c
336 +@@ -145,6 +145,8 @@ good_area:
337 + if (unlikely(fault & VM_FAULT_ERROR)) {
338 + if (fault & VM_FAULT_OOM)
339 + goto out_of_memory;
340 ++ else if (fault & VM_FAULT_SIGSEGV)
341 ++ goto map_err;
342 + else if (fault & VM_FAULT_SIGBUS)
343 + goto bus_err;
344 + BUG();
345 +diff --git a/arch/metag/mm/fault.c b/arch/metag/mm/fault.c
346 +index 332680e..2de5dc6 100644
347 +--- a/arch/metag/mm/fault.c
348 ++++ b/arch/metag/mm/fault.c
349 +@@ -141,6 +141,8 @@ good_area:
350 + if (unlikely(fault & VM_FAULT_ERROR)) {
351 + if (fault & VM_FAULT_OOM)
352 + goto out_of_memory;
353 ++ else if (fault & VM_FAULT_SIGSEGV)
354 ++ goto bad_area;
355 + else if (fault & VM_FAULT_SIGBUS)
356 + goto do_sigbus;
357 + BUG();
358 +diff --git a/arch/microblaze/mm/fault.c b/arch/microblaze/mm/fault.c
359 +index fa4cf52..d46a5eb 100644
360 +--- a/arch/microblaze/mm/fault.c
361 ++++ b/arch/microblaze/mm/fault.c
362 +@@ -224,6 +224,8 @@ good_area:
363 + if (unlikely(fault & VM_FAULT_ERROR)) {
364 + if (fault & VM_FAULT_OOM)
365 + goto out_of_memory;
366 ++ else if (fault & VM_FAULT_SIGSEGV)
367 ++ goto bad_area;
368 + else if (fault & VM_FAULT_SIGBUS)
369 + goto do_sigbus;
370 + BUG();
371 +diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
372 +index becc42b..70ab5d6 100644
373 +--- a/arch/mips/mm/fault.c
374 ++++ b/arch/mips/mm/fault.c
375 +@@ -158,6 +158,8 @@ good_area:
376 + if (unlikely(fault & VM_FAULT_ERROR)) {
377 + if (fault & VM_FAULT_OOM)
378 + goto out_of_memory;
379 ++ else if (fault & VM_FAULT_SIGSEGV)
380 ++ goto bad_area;
381 + else if (fault & VM_FAULT_SIGBUS)
382 + goto do_sigbus;
383 + BUG();
384 +diff --git a/arch/mn10300/mm/fault.c b/arch/mn10300/mm/fault.c
385 +index 3516cbd..0c2cc5d 100644
386 +--- a/arch/mn10300/mm/fault.c
387 ++++ b/arch/mn10300/mm/fault.c
388 +@@ -262,6 +262,8 @@ good_area:
389 + if (unlikely(fault & VM_FAULT_ERROR)) {
390 + if (fault & VM_FAULT_OOM)
391 + goto out_of_memory;
392 ++ else if (fault & VM_FAULT_SIGSEGV)
393 ++ goto bad_area;
394 + else if (fault & VM_FAULT_SIGBUS)
395 + goto do_sigbus;
396 + BUG();
397 +diff --git a/arch/openrisc/mm/fault.c b/arch/openrisc/mm/fault.c
398 +index 0703acf..230ac20 100644
399 +--- a/arch/openrisc/mm/fault.c
400 ++++ b/arch/openrisc/mm/fault.c
401 +@@ -171,6 +171,8 @@ good_area:
402 + if (unlikely(fault & VM_FAULT_ERROR)) {
403 + if (fault & VM_FAULT_OOM)
404 + goto out_of_memory;
405 ++ else if (fault & VM_FAULT_SIGSEGV)
406 ++ goto bad_area;
407 + else if (fault & VM_FAULT_SIGBUS)
408 + goto do_sigbus;
409 + BUG();
410 +diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
411 +index d72197f..d27e388 100644
412 +--- a/arch/parisc/mm/fault.c
413 ++++ b/arch/parisc/mm/fault.c
414 +@@ -256,6 +256,8 @@ good_area:
415 + */
416 + if (fault & VM_FAULT_OOM)
417 + goto out_of_memory;
418 ++ else if (fault & VM_FAULT_SIGSEGV)
419 ++ goto bad_area;
420 + else if (fault & VM_FAULT_SIGBUS)
421 + goto bad_area;
422 + BUG();
423 +diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
424 +index 51ab9e7..010fabf 100644
425 +--- a/arch/powerpc/mm/fault.c
426 ++++ b/arch/powerpc/mm/fault.c
427 +@@ -432,6 +432,8 @@ good_area:
428 + */
429 + fault = handle_mm_fault(mm, vma, address, flags);
430 + if (unlikely(fault & (VM_FAULT_RETRY|VM_FAULT_ERROR))) {
431 ++ if (fault & VM_FAULT_SIGSEGV)
432 ++ goto bad_area;
433 + rc = mm_fault_error(regs, address, fault);
434 + if (rc >= MM_FAULT_RETURN)
435 + goto bail;
436 +diff --git a/arch/powerpc/platforms/cell/spu_fault.c b/arch/powerpc/platforms/cell/spu_fault.c
437 +index 641e727..62f3e4e 100644
438 +--- a/arch/powerpc/platforms/cell/spu_fault.c
439 ++++ b/arch/powerpc/platforms/cell/spu_fault.c
440 +@@ -75,7 +75,7 @@ int spu_handle_mm_fault(struct mm_struct *mm, unsigned long ea,
441 + if (*flt & VM_FAULT_OOM) {
442 + ret = -ENOMEM;
443 + goto out_unlock;
444 +- } else if (*flt & VM_FAULT_SIGBUS) {
445 ++ } else if (*flt & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) {
446 + ret = -EFAULT;
447 + goto out_unlock;
448 + }
449 +diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
450 +index 87ba7cf..65d633f 100644
451 +--- a/arch/powerpc/platforms/cell/spufs/inode.c
452 ++++ b/arch/powerpc/platforms/cell/spufs/inode.c
453 +@@ -164,7 +164,7 @@ static void spufs_prune_dir(struct dentry *dir)
454 + struct dentry *dentry, *tmp;
455 +
456 + mutex_lock(&dir->d_inode->i_mutex);
457 +- list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_u.d_child) {
458 ++ list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_child) {
459 + spin_lock(&dentry->d_lock);
460 + if (!(d_unhashed(dentry)) && dentry->d_inode) {
461 + dget_dlock(dentry);
462 +diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
463 +index d95265b2..8e95432 100644
464 +--- a/arch/s390/mm/fault.c
465 ++++ b/arch/s390/mm/fault.c
466 +@@ -239,6 +239,12 @@ static noinline void do_fault_error(struct pt_regs *regs, int fault)
467 + do_no_context(regs);
468 + else
469 + pagefault_out_of_memory();
470 ++ } else if (fault & VM_FAULT_SIGSEGV) {
471 ++ /* Kernel mode? Handle exceptions or die */
472 ++ if (!user_mode(regs))
473 ++ do_no_context(regs);
474 ++ else
475 ++ do_sigsegv(regs, SEGV_MAPERR);
476 + } else if (fault & VM_FAULT_SIGBUS) {
477 + /* Kernel mode? Handle exceptions or die */
478 + if (!user_mode(regs))
479 +diff --git a/arch/score/mm/fault.c b/arch/score/mm/fault.c
480 +index 52238983..6860beb 100644
481 +--- a/arch/score/mm/fault.c
482 ++++ b/arch/score/mm/fault.c
483 +@@ -114,6 +114,8 @@ good_area:
484 + if (unlikely(fault & VM_FAULT_ERROR)) {
485 + if (fault & VM_FAULT_OOM)
486 + goto out_of_memory;
487 ++ else if (fault & VM_FAULT_SIGSEGV)
488 ++ goto bad_area;
489 + else if (fault & VM_FAULT_SIGBUS)
490 + goto do_sigbus;
491 + BUG();
492 +diff --git a/arch/sh/mm/fault.c b/arch/sh/mm/fault.c
493 +index 541dc61..a58fec9 100644
494 +--- a/arch/sh/mm/fault.c
495 ++++ b/arch/sh/mm/fault.c
496 +@@ -353,6 +353,8 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code,
497 + } else {
498 + if (fault & VM_FAULT_SIGBUS)
499 + do_sigbus(regs, error_code, address);
500 ++ else if (fault & VM_FAULT_SIGSEGV)
501 ++ bad_area(regs, error_code, address);
502 + else
503 + BUG();
504 + }
505 +diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c
506 +index 59dbd46..163c787 100644
507 +--- a/arch/sparc/mm/fault_32.c
508 ++++ b/arch/sparc/mm/fault_32.c
509 +@@ -252,6 +252,8 @@ good_area:
510 + if (unlikely(fault & VM_FAULT_ERROR)) {
511 + if (fault & VM_FAULT_OOM)
512 + goto out_of_memory;
513 ++ else if (fault & VM_FAULT_SIGSEGV)
514 ++ goto bad_area;
515 + else if (fault & VM_FAULT_SIGBUS)
516 + goto do_sigbus;
517 + BUG();
518 +diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
519 +index 45a413e..0d6de79 100644
520 +--- a/arch/sparc/mm/fault_64.c
521 ++++ b/arch/sparc/mm/fault_64.c
522 +@@ -448,6 +448,8 @@ good_area:
523 + if (unlikely(fault & VM_FAULT_ERROR)) {
524 + if (fault & VM_FAULT_OOM)
525 + goto out_of_memory;
526 ++ else if (fault & VM_FAULT_SIGSEGV)
527 ++ goto bad_area;
528 + else if (fault & VM_FAULT_SIGBUS)
529 + goto do_sigbus;
530 + BUG();
531 +diff --git a/arch/tile/mm/fault.c b/arch/tile/mm/fault.c
532 +index 6c05712..c6d2a76 100644
533 +--- a/arch/tile/mm/fault.c
534 ++++ b/arch/tile/mm/fault.c
535 +@@ -444,6 +444,8 @@ good_area:
536 + if (unlikely(fault & VM_FAULT_ERROR)) {
537 + if (fault & VM_FAULT_OOM)
538 + goto out_of_memory;
539 ++ else if (fault & VM_FAULT_SIGSEGV)
540 ++ goto bad_area;
541 + else if (fault & VM_FAULT_SIGBUS)
542 + goto do_sigbus;
543 + BUG();
544 +diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
545 +index 974b874..53b8320 100644
546 +--- a/arch/um/kernel/trap.c
547 ++++ b/arch/um/kernel/trap.c
548 +@@ -80,6 +80,8 @@ good_area:
549 + if (unlikely(fault & VM_FAULT_ERROR)) {
550 + if (fault & VM_FAULT_OOM) {
551 + goto out_of_memory;
552 ++ } else if (fault & VM_FAULT_SIGSEGV) {
553 ++ goto out;
554 + } else if (fault & VM_FAULT_SIGBUS) {
555 + err = -EACCES;
556 + goto out;
557 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
558 +index 09651d4..cf1eeea 100644
559 +--- a/arch/x86/kvm/emulate.c
560 ++++ b/arch/x86/kvm/emulate.c
561 +@@ -2258,7 +2258,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
562 + * Not recognized on AMD in compat mode (but is recognized in legacy
563 + * mode).
564 + */
565 +- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA)
566 ++ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA)
567 + && !vendor_intel(ctxt))
568 + return emulate_ud(ctxt);
569 +
570 +@@ -2271,25 +2271,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
571 + setup_syscalls_segments(ctxt, &cs, &ss);
572 +
573 + ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
574 +- switch (ctxt->mode) {
575 +- case X86EMUL_MODE_PROT32:
576 +- if ((msr_data & 0xfffc) == 0x0)
577 +- return emulate_gp(ctxt, 0);
578 +- break;
579 +- case X86EMUL_MODE_PROT64:
580 +- if (msr_data == 0x0)
581 +- return emulate_gp(ctxt, 0);
582 +- break;
583 +- default:
584 +- break;
585 +- }
586 ++ if ((msr_data & 0xfffc) == 0x0)
587 ++ return emulate_gp(ctxt, 0);
588 +
589 + ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
590 +- cs_sel = (u16)msr_data;
591 +- cs_sel &= ~SELECTOR_RPL_MASK;
592 ++ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK;
593 + ss_sel = cs_sel + 8;
594 +- ss_sel &= ~SELECTOR_RPL_MASK;
595 +- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) {
596 ++ if (efer & EFER_LMA) {
597 + cs.d = 0;
598 + cs.l = 1;
599 + }
600 +@@ -2298,10 +2286,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
601 + ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
602 +
603 + ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data);
604 +- ctxt->_eip = msr_data;
605 ++ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data;
606 +
607 + ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data);
608 +- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data;
609 ++ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data :
610 ++ (u32)msr_data;
611 +
612 + return X86EMUL_CONTINUE;
613 + }
614 +diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
615 +index a10c8c7..ebc551c 100644
616 +--- a/arch/x86/mm/fault.c
617 ++++ b/arch/x86/mm/fault.c
618 +@@ -833,11 +833,8 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
619 + unsigned int fault)
620 + {
621 + struct task_struct *tsk = current;
622 +- struct mm_struct *mm = tsk->mm;
623 + int code = BUS_ADRERR;
624 +
625 +- up_read(&mm->mmap_sem);
626 +-
627 + /* Kernel mode? Handle exceptions or die: */
628 + if (!(error_code & PF_USER)) {
629 + no_context(regs, error_code, address, SIGBUS, BUS_ADRERR);
630 +@@ -868,7 +865,6 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code,
631 + unsigned long address, unsigned int fault)
632 + {
633 + if (fatal_signal_pending(current) && !(error_code & PF_USER)) {
634 +- up_read(&current->mm->mmap_sem);
635 + no_context(regs, error_code, address, 0, 0);
636 + return;
637 + }
638 +@@ -876,14 +872,11 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code,
639 + if (fault & VM_FAULT_OOM) {
640 + /* Kernel mode? Handle exceptions or die: */
641 + if (!(error_code & PF_USER)) {
642 +- up_read(&current->mm->mmap_sem);
643 + no_context(regs, error_code, address,
644 + SIGSEGV, SEGV_MAPERR);
645 + return;
646 + }
647 +
648 +- up_read(&current->mm->mmap_sem);
649 +-
650 + /*
651 + * We ran out of memory, call the OOM killer, and return the
652 + * userspace (which will retry the fault, or kill us if we got
653 +@@ -894,6 +887,8 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code,
654 + if (fault & (VM_FAULT_SIGBUS|VM_FAULT_HWPOISON|
655 + VM_FAULT_HWPOISON_LARGE))
656 + do_sigbus(regs, error_code, address, fault);
657 ++ else if (fault & VM_FAULT_SIGSEGV)
658 ++ bad_area_nosemaphore(regs, error_code, address);
659 + else
660 + BUG();
661 + }
662 +@@ -1216,6 +1211,7 @@ good_area:
663 + return;
664 +
665 + if (unlikely(fault & VM_FAULT_ERROR)) {
666 ++ up_read(&mm->mmap_sem);
667 + mm_fault_error(regs, error_code, address, fault);
668 + return;
669 + }
670 +diff --git a/arch/xtensa/mm/fault.c b/arch/xtensa/mm/fault.c
671 +index b57c4f9..9e3571a 100644
672 +--- a/arch/xtensa/mm/fault.c
673 ++++ b/arch/xtensa/mm/fault.c
674 +@@ -117,6 +117,8 @@ good_area:
675 + if (unlikely(fault & VM_FAULT_ERROR)) {
676 + if (fault & VM_FAULT_OOM)
677 + goto out_of_memory;
678 ++ else if (fault & VM_FAULT_SIGSEGV)
679 ++ goto bad_area;
680 + else if (fault & VM_FAULT_SIGBUS)
681 + goto do_sigbus;
682 + BUG();
683 +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
684 +index f667e37..5afe556 100644
685 +--- a/drivers/bluetooth/ath3k.c
686 ++++ b/drivers/bluetooth/ath3k.c
687 +@@ -62,51 +62,59 @@ static const struct usb_device_id ath3k_table[] = {
688 + { USB_DEVICE(0x0CF3, 0x3000) },
689 +
690 + /* Atheros AR3011 with sflash firmware*/
691 ++ { USB_DEVICE(0x0489, 0xE027) },
692 ++ { USB_DEVICE(0x0489, 0xE03D) },
693 ++ { USB_DEVICE(0x0930, 0x0215) },
694 + { USB_DEVICE(0x0CF3, 0x3002) },
695 + { USB_DEVICE(0x0CF3, 0xE019) },
696 + { USB_DEVICE(0x13d3, 0x3304) },
697 +- { USB_DEVICE(0x0930, 0x0215) },
698 +- { USB_DEVICE(0x0489, 0xE03D) },
699 +- { USB_DEVICE(0x0489, 0xE027) },
700 +
701 + /* Atheros AR9285 Malbec with sflash firmware */
702 + { USB_DEVICE(0x03F0, 0x311D) },
703 +
704 + /* Atheros AR3012 with sflash firmware*/
705 +- { USB_DEVICE(0x0CF3, 0x0036) },
706 +- { USB_DEVICE(0x0CF3, 0x3004) },
707 +- { USB_DEVICE(0x0CF3, 0x3008) },
708 +- { USB_DEVICE(0x0CF3, 0x311D) },
709 +- { USB_DEVICE(0x0CF3, 0x817a) },
710 +- { USB_DEVICE(0x13d3, 0x3375) },
711 ++ { USB_DEVICE(0x0489, 0xe04d) },
712 ++ { USB_DEVICE(0x0489, 0xe04e) },
713 ++ { USB_DEVICE(0x0489, 0xe057) },
714 ++ { USB_DEVICE(0x0489, 0xe056) },
715 ++ { USB_DEVICE(0x0489, 0xe05f) },
716 ++ { USB_DEVICE(0x0489, 0xe078) },
717 ++ { USB_DEVICE(0x04c5, 0x1330) },
718 + { USB_DEVICE(0x04CA, 0x3004) },
719 + { USB_DEVICE(0x04CA, 0x3005) },
720 + { USB_DEVICE(0x04CA, 0x3006) },
721 + { USB_DEVICE(0x04CA, 0x3007) },
722 + { USB_DEVICE(0x04CA, 0x3008) },
723 + { USB_DEVICE(0x04CA, 0x300b) },
724 +- { USB_DEVICE(0x13d3, 0x3362) },
725 +- { USB_DEVICE(0x0CF3, 0xE004) },
726 +- { USB_DEVICE(0x0CF3, 0xE005) },
727 ++ { USB_DEVICE(0x04CA, 0x3010) },
728 + { USB_DEVICE(0x0930, 0x0219) },
729 + { USB_DEVICE(0x0930, 0x0220) },
730 +- { USB_DEVICE(0x0489, 0xe057) },
731 +- { USB_DEVICE(0x13d3, 0x3393) },
732 +- { USB_DEVICE(0x0489, 0xe04e) },
733 +- { USB_DEVICE(0x0489, 0xe056) },
734 +- { USB_DEVICE(0x0489, 0xe04d) },
735 +- { USB_DEVICE(0x04c5, 0x1330) },
736 +- { USB_DEVICE(0x13d3, 0x3402) },
737 ++ { USB_DEVICE(0x0930, 0x0227) },
738 ++ { USB_DEVICE(0x0b05, 0x17d0) },
739 ++ { USB_DEVICE(0x0CF3, 0x0036) },
740 ++ { USB_DEVICE(0x0CF3, 0x3004) },
741 ++ { USB_DEVICE(0x0CF3, 0x3008) },
742 ++ { USB_DEVICE(0x0CF3, 0x311D) },
743 ++ { USB_DEVICE(0x0CF3, 0x311E) },
744 ++ { USB_DEVICE(0x0CF3, 0x311F) },
745 + { USB_DEVICE(0x0cf3, 0x3121) },
746 ++ { USB_DEVICE(0x0CF3, 0x817a) },
747 + { USB_DEVICE(0x0cf3, 0xe003) },
748 +- { USB_DEVICE(0x0489, 0xe05f) },
749 ++ { USB_DEVICE(0x0CF3, 0xE004) },
750 ++ { USB_DEVICE(0x0CF3, 0xE005) },
751 ++ { USB_DEVICE(0x13d3, 0x3362) },
752 ++ { USB_DEVICE(0x13d3, 0x3375) },
753 ++ { USB_DEVICE(0x13d3, 0x3393) },
754 ++ { USB_DEVICE(0x13d3, 0x3402) },
755 ++ { USB_DEVICE(0x13d3, 0x3408) },
756 ++ { USB_DEVICE(0x13d3, 0x3432) },
757 +
758 + /* Atheros AR5BBU12 with sflash firmware */
759 + { USB_DEVICE(0x0489, 0xE02C) },
760 +
761 + /* Atheros AR5BBU22 with sflash firmware */
762 +- { USB_DEVICE(0x0489, 0xE03C) },
763 + { USB_DEVICE(0x0489, 0xE036) },
764 ++ { USB_DEVICE(0x0489, 0xE03C) },
765 +
766 + { } /* Terminating entry */
767 + };
768 +@@ -119,37 +127,45 @@ MODULE_DEVICE_TABLE(usb, ath3k_table);
769 + static const struct usb_device_id ath3k_blist_tbl[] = {
770 +
771 + /* Atheros AR3012 with sflash firmware*/
772 +- { USB_DEVICE(0x0CF3, 0x0036), .driver_info = BTUSB_ATH3012 },
773 +- { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
774 +- { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
775 +- { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 },
776 +- { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 },
777 +- { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
778 ++ { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
779 ++ { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
780 ++ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
781 ++ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
782 ++ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
783 ++ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
784 ++ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
785 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
786 + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
787 + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
788 + { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
789 + { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
790 + { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
791 +- { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
792 +- { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
793 +- { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
794 ++ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
795 + { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
796 + { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
797 +- { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
798 +- { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
799 +- { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
800 +- { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
801 +- { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
802 +- { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
803 +- { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
804 ++ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
805 ++ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
806 ++ { USB_DEVICE(0x0CF3, 0x0036), .driver_info = BTUSB_ATH3012 },
807 ++ { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
808 ++ { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
809 ++ { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 },
810 ++ { USB_DEVICE(0x0cf3, 0x311E), .driver_info = BTUSB_ATH3012 },
811 ++ { USB_DEVICE(0x0cf3, 0x311F), .driver_info = BTUSB_ATH3012 },
812 + { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
813 ++ { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 },
814 ++ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
815 ++ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
816 + { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
817 +- { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
818 ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
819 ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
820 ++ { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
821 ++ { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
822 ++ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
823 ++ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
824 +
825 + /* Atheros AR5BBU22 with sflash firmware */
826 +- { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },
827 + { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
828 ++ { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },
829 +
830 + { } /* Terminating entry */
831 + };
832 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
833 +index e00c3f8..03b3317 100644
834 +--- a/drivers/bluetooth/btusb.c
835 ++++ b/drivers/bluetooth/btusb.c
836 +@@ -49,6 +49,7 @@ static struct usb_driver btusb_driver;
837 + #define BTUSB_WRONG_SCO_MTU 0x40
838 + #define BTUSB_ATH3012 0x80
839 + #define BTUSB_INTEL 0x100
840 ++#define BTUSB_INTEL_BOOT 0x200
841 +
842 + static const struct usb_device_id btusb_table[] = {
843 + /* Generic Bluetooth USB device */
844 +@@ -101,21 +102,31 @@ static const struct usb_device_id btusb_table[] = {
845 + { USB_DEVICE(0x0c10, 0x0000) },
846 +
847 + /* Broadcom BCM20702A0 */
848 ++ { USB_DEVICE(0x0489, 0xe042) },
849 ++ { USB_DEVICE(0x04ca, 0x2003) },
850 + { USB_DEVICE(0x0b05, 0x17b5) },
851 + { USB_DEVICE(0x0b05, 0x17cb) },
852 +- { USB_DEVICE(0x04ca, 0x2003) },
853 +- { USB_DEVICE(0x0489, 0xe042) },
854 + { USB_DEVICE(0x413c, 0x8197) },
855 +
856 + /* Foxconn - Hon Hai */
857 + { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
858 +
859 +- /*Broadcom devices with vendor specific id */
860 ++ /* Broadcom devices with vendor specific id */
861 + { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
862 +
863 ++ /* ASUSTek Computer - Broadcom based */
864 ++ { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) },
865 ++
866 + /* Belkin F8065bf - Broadcom based */
867 + { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
868 +
869 ++ /* IMC Networks - Broadcom based */
870 ++ { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
871 ++
872 ++ /* Intel Bluetooth USB Bootloader (RAM module) */
873 ++ { USB_DEVICE(0x8087, 0x0a5a),
874 ++ .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC },
875 ++
876 + { } /* Terminating entry */
877 + };
878 +
879 +@@ -129,56 +140,64 @@ static const struct usb_device_id blacklist_table[] = {
880 + { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE },
881 +
882 + /* Atheros 3011 with sflash firmware */
883 ++ { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
884 ++ { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
885 ++ { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
886 + { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
887 + { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
888 + { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
889 +- { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
890 +- { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
891 +- { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
892 +
893 + /* Atheros AR9285 Malbec with sflash firmware */
894 + { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
895 +
896 + /* Atheros 3012 with sflash firmware */
897 +- { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
898 +- { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
899 +- { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
900 +- { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
901 +- { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
902 +- { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
903 ++ { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
904 ++ { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
905 ++ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
906 ++ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
907 ++ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
908 ++ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
909 ++ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
910 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
911 + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
912 + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
913 + { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
914 + { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
915 + { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 },
916 +- { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
917 +- { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
918 +- { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
919 ++ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
920 + { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
921 + { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
922 +- { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
923 +- { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
924 +- { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 },
925 +- { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
926 +- { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 },
927 +- { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
928 +- { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
929 ++ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
930 ++ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
931 ++ { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
932 ++ { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
933 ++ { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
934 ++ { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
935 ++ { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
936 ++ { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
937 + { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
938 ++ { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
939 + { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
940 +- { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
941 ++ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
942 ++ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
943 ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
944 ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
945 ++ { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },
946 ++ { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
947 ++ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
948 ++ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
949 +
950 + /* Atheros AR5BBU12 with sflash firmware */
951 + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
952 +
953 + /* Atheros AR5BBU12 with sflash firmware */
954 +- { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
955 + { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 },
956 ++ { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
957 +
958 + /* Broadcom BCM2035 */
959 +- { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
960 +- { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
961 + { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
962 ++ { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU },
963 ++ { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU },
964 +
965 + /* Broadcom BCM2045 */
966 + { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU },
967 +@@ -1491,6 +1510,9 @@ static int btusb_probe(struct usb_interface *intf,
968 + if (id->driver_info & BTUSB_INTEL)
969 + hdev->setup = btusb_setup_intel;
970 +
971 ++ if (id->driver_info & BTUSB_INTEL_BOOT)
972 ++ set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
973 ++
974 + /* Interface numbers are hardcoded in the specification */
975 + data->isoc = usb_ifnum_to_if(data->udev, 1);
976 +
977 +diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
978 +index 54e2abe..c611bcc 100644
979 +--- a/drivers/edac/sb_edac.c
980 ++++ b/drivers/edac/sb_edac.c
981 +@@ -285,8 +285,9 @@ static const u32 correrrthrsld[] = {
982 + * sbridge structs
983 + */
984 +
985 +-#define NUM_CHANNELS 4
986 +-#define MAX_DIMMS 3 /* Max DIMMS per channel */
987 ++#define NUM_CHANNELS 4
988 ++#define MAX_DIMMS 3 /* Max DIMMS per channel */
989 ++#define CHANNEL_UNSPECIFIED 0xf /* Intel IA32 SDM 15-14 */
990 +
991 + enum type {
992 + SANDY_BRIDGE,
993 +@@ -1750,6 +1751,9 @@ static void sbridge_mce_output_error(struct mem_ctl_info *mci,
994 +
995 + /* FIXME: need support for channel mask */
996 +
997 ++ if (channel == CHANNEL_UNSPECIFIED)
998 ++ channel = -1;
999 ++
1000 + /* Call the helper to output message */
1001 + edac_mc_handle_error(tp_event, mci, core_err_cnt,
1002 + m->addr >> PAGE_SHIFT, m->addr & ~PAGE_MASK, 0,
1003 +diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c
1004 +index dcde5605..3177498 100644
1005 +--- a/drivers/net/bonding/bond_3ad.c
1006 ++++ b/drivers/net/bonding/bond_3ad.c
1007 +@@ -2479,7 +2479,7 @@ out:
1008 + return NETDEV_TX_OK;
1009 + err_free:
1010 + /* no suitable interface, frame not sent */
1011 +- kfree_skb(skb);
1012 ++ dev_kfree_skb_any(skb);
1013 + goto out;
1014 + }
1015 +
1016 +diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
1017 +index e8f133e..c67bbc9 100644
1018 +--- a/drivers/net/bonding/bond_alb.c
1019 ++++ b/drivers/net/bonding/bond_alb.c
1020 +@@ -1479,7 +1479,7 @@ int bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
1021 + }
1022 +
1023 + /* no suitable interface, frame not sent */
1024 +- kfree_skb(skb);
1025 ++ dev_kfree_skb_any(skb);
1026 + out:
1027 + return NETDEV_TX_OK;
1028 + }
1029 +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
1030 +index 1537982..32b0e705 100644
1031 +--- a/drivers/net/bonding/bond_main.c
1032 ++++ b/drivers/net/bonding/bond_main.c
1033 +@@ -3568,7 +3568,7 @@ static void bond_xmit_slave_id(struct bonding *bond, struct sk_buff *skb, int sl
1034 + }
1035 + }
1036 + /* no slave that can tx has been found */
1037 +- kfree_skb(skb);
1038 ++ dev_kfree_skb_any(skb);
1039 + }
1040 +
1041 + /**
1042 +@@ -3650,7 +3650,7 @@ static int bond_xmit_activebackup(struct sk_buff *skb, struct net_device *bond_d
1043 + if (slave)
1044 + bond_dev_queue_xmit(bond, skb, slave->dev);
1045 + else
1046 +- kfree_skb(skb);
1047 ++ dev_kfree_skb_any(skb);
1048 +
1049 + return NETDEV_TX_OK;
1050 + }
1051 +@@ -3698,7 +3698,7 @@ static int bond_xmit_broadcast(struct sk_buff *skb, struct net_device *bond_dev)
1052 + if (slave && IS_UP(slave->dev) && slave->link == BOND_LINK_UP)
1053 + bond_dev_queue_xmit(bond, skb, slave->dev);
1054 + else
1055 +- kfree_skb(skb);
1056 ++ dev_kfree_skb_any(skb);
1057 +
1058 + return NETDEV_TX_OK;
1059 + }
1060 +@@ -3785,7 +3785,7 @@ static netdev_tx_t __bond_start_xmit(struct sk_buff *skb, struct net_device *dev
1061 + pr_err("%s: Error: Unknown bonding mode %d\n",
1062 + dev->name, bond->params.mode);
1063 + WARN_ON_ONCE(1);
1064 +- kfree_skb(skb);
1065 ++ dev_kfree_skb_any(skb);
1066 + return NETDEV_TX_OK;
1067 + }
1068 + }
1069 +@@ -3806,7 +3806,7 @@ static netdev_tx_t bond_start_xmit(struct sk_buff *skb, struct net_device *dev)
1070 + if (bond_has_slaves(bond))
1071 + ret = __bond_start_xmit(skb, dev);
1072 + else
1073 +- kfree_skb(skb);
1074 ++ dev_kfree_skb_any(skb);
1075 + rcu_read_unlock();
1076 +
1077 + return ret;
1078 +diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c
1079 +index 6c9e1c9..0c8a168 100644
1080 +--- a/drivers/net/ethernet/broadcom/bnx2.c
1081 ++++ b/drivers/net/ethernet/broadcom/bnx2.c
1082 +@@ -2886,7 +2886,7 @@ bnx2_tx_int(struct bnx2 *bp, struct bnx2_napi *bnapi, int budget)
1083 + sw_cons = BNX2_NEXT_TX_BD(sw_cons);
1084 +
1085 + tx_bytes += skb->len;
1086 +- dev_kfree_skb(skb);
1087 ++ dev_kfree_skb_any(skb);
1088 + tx_pkt++;
1089 + if (tx_pkt == budget)
1090 + break;
1091 +@@ -6640,7 +6640,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev)
1092 +
1093 + mapping = dma_map_single(&bp->pdev->dev, skb->data, len, PCI_DMA_TODEVICE);
1094 + if (dma_mapping_error(&bp->pdev->dev, mapping)) {
1095 +- dev_kfree_skb(skb);
1096 ++ dev_kfree_skb_any(skb);
1097 + return NETDEV_TX_OK;
1098 + }
1099 +
1100 +@@ -6733,7 +6733,7 @@ dma_error:
1101 + PCI_DMA_TODEVICE);
1102 + }
1103 +
1104 +- dev_kfree_skb(skb);
1105 ++ dev_kfree_skb_any(skb);
1106 + return NETDEV_TX_OK;
1107 + }
1108 +
1109 +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
1110 +index 8206113..bc65dc8 100644
1111 +--- a/drivers/net/ethernet/broadcom/tg3.c
1112 ++++ b/drivers/net/ethernet/broadcom/tg3.c
1113 +@@ -6593,7 +6593,7 @@ static void tg3_tx(struct tg3_napi *tnapi)
1114 + pkts_compl++;
1115 + bytes_compl += skb->len;
1116 +
1117 +- dev_kfree_skb(skb);
1118 ++ dev_kfree_skb_any(skb);
1119 +
1120 + if (unlikely(tx_bug)) {
1121 + tg3_tx_recover(tp);
1122 +@@ -6925,7 +6925,7 @@ static int tg3_rx(struct tg3_napi *tnapi, int budget)
1123 + if (len > (tp->dev->mtu + ETH_HLEN) &&
1124 + skb->protocol != htons(ETH_P_8021Q) &&
1125 + skb->protocol != htons(ETH_P_8021AD)) {
1126 +- dev_kfree_skb(skb);
1127 ++ dev_kfree_skb_any(skb);
1128 + goto drop_it_no_recycle;
1129 + }
1130 +
1131 +@@ -7808,7 +7808,7 @@ static int tigon3_dma_hwbug_workaround(struct tg3_napi *tnapi,
1132 + PCI_DMA_TODEVICE);
1133 + /* Make sure the mapping succeeded */
1134 + if (pci_dma_mapping_error(tp->pdev, new_addr)) {
1135 +- dev_kfree_skb(new_skb);
1136 ++ dev_kfree_skb_any(new_skb);
1137 + ret = -1;
1138 + } else {
1139 + u32 save_entry = *entry;
1140 +@@ -7823,13 +7823,13 @@ static int tigon3_dma_hwbug_workaround(struct tg3_napi *tnapi,
1141 + new_skb->len, base_flags,
1142 + mss, vlan)) {
1143 + tg3_tx_skb_unmap(tnapi, save_entry, -1);
1144 +- dev_kfree_skb(new_skb);
1145 ++ dev_kfree_skb_any(new_skb);
1146 + ret = -1;
1147 + }
1148 + }
1149 + }
1150 +
1151 +- dev_kfree_skb(skb);
1152 ++ dev_kfree_skb_any(skb);
1153 + *pskb = new_skb;
1154 + return ret;
1155 + }
1156 +@@ -7872,7 +7872,7 @@ static int tg3_tso_bug(struct tg3 *tp, struct sk_buff *skb)
1157 + } while (segs);
1158 +
1159 + tg3_tso_bug_end:
1160 +- dev_kfree_skb(skb);
1161 ++ dev_kfree_skb_any(skb);
1162 +
1163 + return NETDEV_TX_OK;
1164 + }
1165 +@@ -8110,7 +8110,7 @@ dma_error:
1166 + tg3_tx_skb_unmap(tnapi, tnapi->tx_prod, --i);
1167 + tnapi->tx_buffers[tnapi->tx_prod].skb = NULL;
1168 + drop:
1169 +- dev_kfree_skb(skb);
1170 ++ dev_kfree_skb_any(skb);
1171 + drop_nofree:
1172 + tp->tx_dropped++;
1173 + return NETDEV_TX_OK;
1174 +diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
1175 +index 80bfa03..075e7e7 100644
1176 +--- a/drivers/net/ethernet/emulex/benet/be_main.c
1177 ++++ b/drivers/net/ethernet/emulex/benet/be_main.c
1178 +@@ -1883,7 +1883,7 @@ static u16 be_tx_compl_process(struct be_adapter *adapter,
1179 + queue_tail_inc(txq);
1180 + } while (cur_index != last_index);
1181 +
1182 +- kfree_skb(sent_skb);
1183 ++ dev_kfree_skb_any(sent_skb);
1184 + return num_wrbs;
1185 + }
1186 +
1187 +diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
1188 +index ad5a5aa..70eb4d2 100644
1189 +--- a/drivers/net/ethernet/freescale/gianfar.c
1190 ++++ b/drivers/net/ethernet/freescale/gianfar.c
1191 +@@ -2152,13 +2152,13 @@ static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
1192 + skb_new = skb_realloc_headroom(skb, fcb_len);
1193 + if (!skb_new) {
1194 + dev->stats.tx_errors++;
1195 +- kfree_skb(skb);
1196 ++ dev_kfree_skb_any(skb);
1197 + return NETDEV_TX_OK;
1198 + }
1199 +
1200 + if (skb->sk)
1201 + skb_set_owner_w(skb_new, skb->sk);
1202 +- consume_skb(skb);
1203 ++ dev_consume_skb_any(skb);
1204 + skb = skb_new;
1205 + }
1206 +
1207 +diff --git a/drivers/net/ethernet/intel/ixgb/ixgb_main.c b/drivers/net/ethernet/intel/ixgb/ixgb_main.c
1208 +index 57e390c..f42c201 100644
1209 +--- a/drivers/net/ethernet/intel/ixgb/ixgb_main.c
1210 ++++ b/drivers/net/ethernet/intel/ixgb/ixgb_main.c
1211 +@@ -1521,12 +1521,12 @@ ixgb_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
1212 + int tso;
1213 +
1214 + if (test_bit(__IXGB_DOWN, &adapter->flags)) {
1215 +- dev_kfree_skb(skb);
1216 ++ dev_kfree_skb_any(skb);
1217 + return NETDEV_TX_OK;
1218 + }
1219 +
1220 + if (skb->len <= 0) {
1221 +- dev_kfree_skb(skb);
1222 ++ dev_kfree_skb_any(skb);
1223 + return NETDEV_TX_OK;
1224 + }
1225 +
1226 +@@ -1543,7 +1543,7 @@ ixgb_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
1227 +
1228 + tso = ixgb_tso(adapter, skb);
1229 + if (tso < 0) {
1230 +- dev_kfree_skb(skb);
1231 ++ dev_kfree_skb_any(skb);
1232 + return NETDEV_TX_OK;
1233 + }
1234 +
1235 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
1236 +index 2f83f34..8be0f3e 100644
1237 +--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
1238 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
1239 +@@ -2497,13 +2497,6 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
1240 + netif_carrier_off(dev);
1241 + mlx4_en_set_default_moderation(priv);
1242 +
1243 +- err = register_netdev(dev);
1244 +- if (err) {
1245 +- en_err(priv, "Netdev registration failed for port %d\n", port);
1246 +- goto out;
1247 +- }
1248 +- priv->registered = 1;
1249 +-
1250 + en_warn(priv, "Using %d TX rings\n", prof->tx_ring_num);
1251 + en_warn(priv, "Using %d RX rings\n", prof->rx_ring_num);
1252 +
1253 +@@ -2543,6 +2536,14 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
1254 + queue_delayed_work(mdev->workqueue, &priv->service_task,
1255 + SERVICE_TASK_DELAY);
1256 +
1257 ++ err = register_netdev(dev);
1258 ++ if (err) {
1259 ++ en_err(priv, "Netdev registration failed for port %d\n", port);
1260 ++ goto out;
1261 ++ }
1262 ++
1263 ++ priv->registered = 1;
1264 ++
1265 + return 0;
1266 +
1267 + out:
1268 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1269 +index 1345703..019a04a 100644
1270 +--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1271 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1272 +@@ -325,7 +325,7 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv,
1273 + }
1274 + }
1275 + }
1276 +- dev_kfree_skb(skb);
1277 ++ dev_kfree_skb_any(skb);
1278 + return tx_info->nr_txbb;
1279 + }
1280 +
1281 +diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c
1282 +index 737c1a8..a3c1daa 100644
1283 +--- a/drivers/net/ethernet/realtek/8139cp.c
1284 ++++ b/drivers/net/ethernet/realtek/8139cp.c
1285 +@@ -899,7 +899,7 @@ out_unlock:
1286 +
1287 + return NETDEV_TX_OK;
1288 + out_dma_error:
1289 +- kfree_skb(skb);
1290 ++ dev_kfree_skb_any(skb);
1291 + cp->dev->stats.tx_dropped++;
1292 + goto out_unlock;
1293 + }
1294 +diff --git a/drivers/net/ethernet/realtek/8139too.c b/drivers/net/ethernet/realtek/8139too.c
1295 +index da5972e..8cb2f35 100644
1296 +--- a/drivers/net/ethernet/realtek/8139too.c
1297 ++++ b/drivers/net/ethernet/realtek/8139too.c
1298 +@@ -1717,9 +1717,9 @@ static netdev_tx_t rtl8139_start_xmit (struct sk_buff *skb,
1299 + if (len < ETH_ZLEN)
1300 + memset(tp->tx_buf[entry], 0, ETH_ZLEN);
1301 + skb_copy_and_csum_dev(skb, tp->tx_buf[entry]);
1302 +- dev_kfree_skb(skb);
1303 ++ dev_kfree_skb_any(skb);
1304 + } else {
1305 +- dev_kfree_skb(skb);
1306 ++ dev_kfree_skb_any(skb);
1307 + dev->stats.tx_dropped++;
1308 + return NETDEV_TX_OK;
1309 + }
1310 +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
1311 +index 3ff7bc3..90c14d1 100644
1312 +--- a/drivers/net/ethernet/realtek/r8169.c
1313 ++++ b/drivers/net/ethernet/realtek/r8169.c
1314 +@@ -5834,7 +5834,7 @@ static void rtl8169_tx_clear_range(struct rtl8169_private *tp, u32 start,
1315 + tp->TxDescArray + entry);
1316 + if (skb) {
1317 + tp->dev->stats.tx_dropped++;
1318 +- dev_kfree_skb(skb);
1319 ++ dev_kfree_skb_any(skb);
1320 + tx_skb->skb = NULL;
1321 + }
1322 + }
1323 +@@ -6059,7 +6059,7 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb,
1324 + err_dma_1:
1325 + rtl8169_unmap_tx_skb(d, tp->tx_skb + entry, txd);
1326 + err_dma_0:
1327 +- dev_kfree_skb(skb);
1328 ++ dev_kfree_skb_any(skb);
1329 + err_update_stats:
1330 + dev->stats.tx_dropped++;
1331 + return NETDEV_TX_OK;
1332 +@@ -6142,7 +6142,7 @@ static void rtl_tx(struct net_device *dev, struct rtl8169_private *tp)
1333 + tp->tx_stats.packets++;
1334 + tp->tx_stats.bytes += tx_skb->skb->len;
1335 + u64_stats_update_end(&tp->tx_stats.syncp);
1336 +- dev_kfree_skb(tx_skb->skb);
1337 ++ dev_kfree_skb_any(tx_skb->skb);
1338 + tx_skb->skb = NULL;
1339 + }
1340 + dirty_tx++;
1341 +diff --git a/drivers/staging/lustre/lustre/llite/dcache.c b/drivers/staging/lustre/lustre/llite/dcache.c
1342 +index cbd663e..19405ed 100644
1343 +--- a/drivers/staging/lustre/lustre/llite/dcache.c
1344 ++++ b/drivers/staging/lustre/lustre/llite/dcache.c
1345 +@@ -278,7 +278,7 @@ void ll_invalidate_aliases(struct inode *inode)
1346 + inode->i_ino, inode->i_generation, inode);
1347 +
1348 + ll_lock_dcache(inode);
1349 +- ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_alias) {
1350 ++ ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_u.d_alias) {
1351 + CDEBUG(D_DENTRY, "dentry in drop %.*s (%p) parent %p "
1352 + "inode %p flags %d\n", dentry->d_name.len,
1353 + dentry->d_name.name, dentry, dentry->d_parent,
1354 +diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c
1355 +index 6cfdb9e..5ae562e 100644
1356 +--- a/drivers/staging/lustre/lustre/llite/llite_lib.c
1357 ++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
1358 +@@ -678,7 +678,7 @@ void lustre_dump_dentry(struct dentry *dentry, int recur)
1359 + return;
1360 +
1361 + list_for_each(tmp, &dentry->d_subdirs) {
1362 +- struct dentry *d = list_entry(tmp, struct dentry, d_u.d_child);
1363 ++ struct dentry *d = list_entry(tmp, struct dentry, d_child);
1364 + lustre_dump_dentry(d, recur - 1);
1365 + }
1366 + }
1367 +diff --git a/drivers/staging/lustre/lustre/llite/namei.c b/drivers/staging/lustre/lustre/llite/namei.c
1368 +index fc8d264..8e9a9e9 100644
1369 +--- a/drivers/staging/lustre/lustre/llite/namei.c
1370 ++++ b/drivers/staging/lustre/lustre/llite/namei.c
1371 +@@ -175,14 +175,14 @@ static void ll_invalidate_negative_children(struct inode *dir)
1372 + struct ll_d_hlist_node *p;
1373 +
1374 + ll_lock_dcache(dir);
1375 +- ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_alias) {
1376 ++ ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_u.d_alias) {
1377 + spin_lock(&dentry->d_lock);
1378 + if (!list_empty(&dentry->d_subdirs)) {
1379 + struct dentry *child;
1380 +
1381 + list_for_each_entry_safe(child, tmp_subdir,
1382 + &dentry->d_subdirs,
1383 +- d_u.d_child) {
1384 ++ d_child) {
1385 + if (child->d_inode == NULL)
1386 + d_lustre_invalidate(child, 1);
1387 + }
1388 +@@ -364,7 +364,7 @@ static struct dentry *ll_find_alias(struct inode *inode, struct dentry *dentry)
1389 + discon_alias = invalid_alias = NULL;
1390 +
1391 + ll_lock_dcache(inode);
1392 +- ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_alias) {
1393 ++ ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_u.d_alias) {
1394 + LASSERT(alias != dentry);
1395 +
1396 + spin_lock(&alias->d_lock);
1397 +@@ -953,7 +953,7 @@ static void ll_get_child_fid(struct inode * dir, struct qstr *name,
1398 + {
1399 + struct dentry *parent, *child;
1400 +
1401 +- parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_alias);
1402 ++ parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_u.d_alias);
1403 + child = d_lookup(parent, name);
1404 + if (child) {
1405 + if (child->d_inode)
1406 +diff --git a/drivers/staging/lustre/lustre/llite/vvp_io.c b/drivers/staging/lustre/lustre/llite/vvp_io.c
1407 +index 93cbfbb..6096771 100644
1408 +--- a/drivers/staging/lustre/lustre/llite/vvp_io.c
1409 ++++ b/drivers/staging/lustre/lustre/llite/vvp_io.c
1410 +@@ -642,7 +642,7 @@ static int vvp_io_kernel_fault(struct vvp_fault_io *cfio)
1411 + return 0;
1412 + }
1413 +
1414 +- if (cfio->fault.ft_flags & VM_FAULT_SIGBUS) {
1415 ++ if (cfio->fault.ft_flags & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) {
1416 + CDEBUG(D_PAGE, "got addr %p - SIGBUS\n", vmf->virtual_address);
1417 + return -EFAULT;
1418 + }
1419 +diff --git a/fs/affs/amigaffs.c b/fs/affs/amigaffs.c
1420 +index d9a4367..9cca0ea 100644
1421 +--- a/fs/affs/amigaffs.c
1422 ++++ b/fs/affs/amigaffs.c
1423 +@@ -126,7 +126,7 @@ affs_fix_dcache(struct inode *inode, u32 entry_ino)
1424 + {
1425 + struct dentry *dentry;
1426 + spin_lock(&inode->i_lock);
1427 +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
1428 ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
1429 + if (entry_ino == (u32)(long)dentry->d_fsdata) {
1430 + dentry->d_fsdata = (void *)inode->i_ino;
1431 + break;
1432 +diff --git a/fs/autofs4/expire.c b/fs/autofs4/expire.c
1433 +index 394e90b..edb46e6 100644
1434 +--- a/fs/autofs4/expire.c
1435 ++++ b/fs/autofs4/expire.c
1436 +@@ -91,7 +91,7 @@ static struct dentry *get_next_positive_subdir(struct dentry *prev,
1437 + spin_lock(&root->d_lock);
1438 +
1439 + if (prev)
1440 +- next = prev->d_u.d_child.next;
1441 ++ next = prev->d_child.next;
1442 + else {
1443 + prev = dget_dlock(root);
1444 + next = prev->d_subdirs.next;
1445 +@@ -105,13 +105,13 @@ cont:
1446 + return NULL;
1447 + }
1448 +
1449 +- q = list_entry(next, struct dentry, d_u.d_child);
1450 ++ q = list_entry(next, struct dentry, d_child);
1451 +
1452 + spin_lock_nested(&q->d_lock, DENTRY_D_LOCK_NESTED);
1453 + /* Already gone or negative dentry (under construction) - try next */
1454 + if (!d_count(q) || !simple_positive(q)) {
1455 + spin_unlock(&q->d_lock);
1456 +- next = q->d_u.d_child.next;
1457 ++ next = q->d_child.next;
1458 + goto cont;
1459 + }
1460 + dget_dlock(q);
1461 +@@ -161,13 +161,13 @@ again:
1462 + goto relock;
1463 + }
1464 + spin_unlock(&p->d_lock);
1465 +- next = p->d_u.d_child.next;
1466 ++ next = p->d_child.next;
1467 + p = parent;
1468 + if (next != &parent->d_subdirs)
1469 + break;
1470 + }
1471 + }
1472 +- ret = list_entry(next, struct dentry, d_u.d_child);
1473 ++ ret = list_entry(next, struct dentry, d_child);
1474 +
1475 + spin_lock_nested(&ret->d_lock, DENTRY_D_LOCK_NESTED);
1476 + /* Negative dentry - try next */
1477 +@@ -461,7 +461,7 @@ found:
1478 + spin_lock(&sbi->lookup_lock);
1479 + spin_lock(&expired->d_parent->d_lock);
1480 + spin_lock_nested(&expired->d_lock, DENTRY_D_LOCK_NESTED);
1481 +- list_move(&expired->d_parent->d_subdirs, &expired->d_u.d_child);
1482 ++ list_move(&expired->d_parent->d_subdirs, &expired->d_child);
1483 + spin_unlock(&expired->d_lock);
1484 + spin_unlock(&expired->d_parent->d_lock);
1485 + spin_unlock(&sbi->lookup_lock);
1486 +diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
1487 +index cc87c1a..9e016e6 100644
1488 +--- a/fs/autofs4/root.c
1489 ++++ b/fs/autofs4/root.c
1490 +@@ -655,7 +655,7 @@ static void autofs_clear_leaf_automount_flags(struct dentry *dentry)
1491 + /* only consider parents below dentrys in the root */
1492 + if (IS_ROOT(parent->d_parent))
1493 + return;
1494 +- d_child = &dentry->d_u.d_child;
1495 ++ d_child = &dentry->d_child;
1496 + /* Set parent managed if it's becoming empty */
1497 + if (d_child->next == &parent->d_subdirs &&
1498 + d_child->prev == &parent->d_subdirs)
1499 +diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
1500 +index 5e0982a..18e14cf 100644
1501 +--- a/fs/ceph/dir.c
1502 ++++ b/fs/ceph/dir.c
1503 +@@ -111,7 +111,7 @@ static int fpos_cmp(loff_t l, loff_t r)
1504 + /*
1505 + * When possible, we try to satisfy a readdir by peeking at the
1506 + * dcache. We make this work by carefully ordering dentries on
1507 +- * d_u.d_child when we initially get results back from the MDS, and
1508 ++ * d_child when we initially get results back from the MDS, and
1509 + * falling back to a "normal" sync readdir if any dentries in the dir
1510 + * are dropped.
1511 + *
1512 +@@ -146,11 +146,11 @@ static int __dcache_readdir(struct file *file, struct dir_context *ctx)
1513 + p = parent->d_subdirs.prev;
1514 + dout(" initial p %p/%p\n", p->prev, p->next);
1515 + } else {
1516 +- p = last->d_u.d_child.prev;
1517 ++ p = last->d_child.prev;
1518 + }
1519 +
1520 + more:
1521 +- dentry = list_entry(p, struct dentry, d_u.d_child);
1522 ++ dentry = list_entry(p, struct dentry, d_child);
1523 + di = ceph_dentry(dentry);
1524 + while (1) {
1525 + dout(" p %p/%p %s d_subdirs %p/%p\n", p->prev, p->next,
1526 +@@ -172,7 +172,7 @@ more:
1527 + !dentry->d_inode ? " null" : "");
1528 + spin_unlock(&dentry->d_lock);
1529 + p = p->prev;
1530 +- dentry = list_entry(p, struct dentry, d_u.d_child);
1531 ++ dentry = list_entry(p, struct dentry, d_child);
1532 + di = ceph_dentry(dentry);
1533 + }
1534 +
1535 +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
1536 +index 6471f9c..ee24490 100644
1537 +--- a/fs/ceph/inode.c
1538 ++++ b/fs/ceph/inode.c
1539 +@@ -1289,7 +1289,7 @@ retry_lookup:
1540 + /* reorder parent's d_subdirs */
1541 + spin_lock(&parent->d_lock);
1542 + spin_lock_nested(&dn->d_lock, DENTRY_D_LOCK_NESTED);
1543 +- list_move(&dn->d_u.d_child, &parent->d_subdirs);
1544 ++ list_move(&dn->d_child, &parent->d_subdirs);
1545 + spin_unlock(&dn->d_lock);
1546 + spin_unlock(&parent->d_lock);
1547 + }
1548 +diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
1549 +index f2ddcf7..7ee427e 100644
1550 +--- a/fs/cifs/inode.c
1551 ++++ b/fs/cifs/inode.c
1552 +@@ -883,7 +883,7 @@ inode_has_hashed_dentries(struct inode *inode)
1553 + struct dentry *dentry;
1554 +
1555 + spin_lock(&inode->i_lock);
1556 +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
1557 ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
1558 + if (!d_unhashed(dentry) || IS_ROOT(dentry)) {
1559 + spin_unlock(&inode->i_lock);
1560 + return true;
1561 +diff --git a/fs/coda/cache.c b/fs/coda/cache.c
1562 +index 1da168c..9bc1147 100644
1563 +--- a/fs/coda/cache.c
1564 ++++ b/fs/coda/cache.c
1565 +@@ -92,7 +92,7 @@ static void coda_flag_children(struct dentry *parent, int flag)
1566 + struct dentry *de;
1567 +
1568 + spin_lock(&parent->d_lock);
1569 +- list_for_each_entry(de, &parent->d_subdirs, d_u.d_child) {
1570 ++ list_for_each_entry(de, &parent->d_subdirs, d_child) {
1571 + /* don't know what to do with negative dentries */
1572 + if (de->d_inode )
1573 + coda_flag_inode(de->d_inode, flag);
1574 +diff --git a/fs/dcache.c b/fs/dcache.c
1575 +index 4366127..c345f5f 100644
1576 +--- a/fs/dcache.c
1577 ++++ b/fs/dcache.c
1578 +@@ -44,7 +44,7 @@
1579 + /*
1580 + * Usage:
1581 + * dcache->d_inode->i_lock protects:
1582 +- * - i_dentry, d_alias, d_inode of aliases
1583 ++ * - i_dentry, d_u.d_alias, d_inode of aliases
1584 + * dcache_hash_bucket lock protects:
1585 + * - the dcache hash table
1586 + * s_anon bl list spinlock protects:
1587 +@@ -59,7 +59,7 @@
1588 + * - d_unhashed()
1589 + * - d_parent and d_subdirs
1590 + * - childrens' d_child and d_parent
1591 +- * - d_alias, d_inode
1592 ++ * - d_u.d_alias, d_inode
1593 + *
1594 + * Ordering:
1595 + * dentry->d_inode->i_lock
1596 +@@ -239,7 +239,6 @@ static void __d_free(struct rcu_head *head)
1597 + {
1598 + struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu);
1599 +
1600 +- WARN_ON(!hlist_unhashed(&dentry->d_alias));
1601 + if (dname_external(dentry))
1602 + kfree(dentry->d_name.name);
1603 + kmem_cache_free(dentry_cache, dentry);
1604 +@@ -250,6 +249,7 @@ static void __d_free(struct rcu_head *head)
1605 + */
1606 + static void d_free(struct dentry *dentry)
1607 + {
1608 ++ WARN_ON(!hlist_unhashed(&dentry->d_u.d_alias));
1609 + BUG_ON((int)dentry->d_lockref.count > 0);
1610 + this_cpu_dec(nr_dentry);
1611 + if (dentry->d_op && dentry->d_op->d_release)
1612 +@@ -288,7 +288,7 @@ static void dentry_iput(struct dentry * dentry)
1613 + struct inode *inode = dentry->d_inode;
1614 + if (inode) {
1615 + dentry->d_inode = NULL;
1616 +- hlist_del_init(&dentry->d_alias);
1617 ++ hlist_del_init(&dentry->d_u.d_alias);
1618 + spin_unlock(&dentry->d_lock);
1619 + spin_unlock(&inode->i_lock);
1620 + if (!inode->i_nlink)
1621 +@@ -313,7 +313,7 @@ static void dentry_unlink_inode(struct dentry * dentry)
1622 + struct inode *inode = dentry->d_inode;
1623 + __d_clear_type(dentry);
1624 + dentry->d_inode = NULL;
1625 +- hlist_del_init(&dentry->d_alias);
1626 ++ hlist_del_init(&dentry->d_u.d_alias);
1627 + dentry_rcuwalk_barrier(dentry);
1628 + spin_unlock(&dentry->d_lock);
1629 + spin_unlock(&inode->i_lock);
1630 +@@ -435,7 +435,7 @@ static struct dentry *d_kill(struct dentry *dentry, struct dentry *parent)
1631 + __releases(parent->d_lock)
1632 + __releases(dentry->d_inode->i_lock)
1633 + {
1634 +- list_del(&dentry->d_u.d_child);
1635 ++ list_del(&dentry->d_child);
1636 + /*
1637 + * Inform d_walk() that we are no longer attached to the
1638 + * dentry tree
1639 +@@ -737,7 +737,7 @@ static struct dentry *__d_find_alias(struct inode *inode, int want_discon)
1640 +
1641 + again:
1642 + discon_alias = NULL;
1643 +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) {
1644 ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) {
1645 + spin_lock(&alias->d_lock);
1646 + if (S_ISDIR(inode->i_mode) || !d_unhashed(alias)) {
1647 + if (IS_ROOT(alias) &&
1648 +@@ -790,7 +790,7 @@ void d_prune_aliases(struct inode *inode)
1649 + struct dentry *dentry;
1650 + restart:
1651 + spin_lock(&inode->i_lock);
1652 +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
1653 ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
1654 + spin_lock(&dentry->d_lock);
1655 + if (!dentry->d_lockref.count) {
1656 + /*
1657 +@@ -1091,7 +1091,7 @@ repeat:
1658 + resume:
1659 + while (next != &this_parent->d_subdirs) {
1660 + struct list_head *tmp = next;
1661 +- struct dentry *dentry = list_entry(tmp, struct dentry, d_u.d_child);
1662 ++ struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
1663 + next = tmp->next;
1664 +
1665 + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
1666 +@@ -1143,7 +1143,7 @@ resume:
1667 + goto rename_retry;
1668 + }
1669 + rcu_read_unlock();
1670 +- next = child->d_u.d_child.next;
1671 ++ next = child->d_child.next;
1672 + goto resume;
1673 + }
1674 + if (need_seqretry(&rename_lock, seq)) {
1675 +@@ -1524,8 +1524,8 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
1676 + INIT_HLIST_BL_NODE(&dentry->d_hash);
1677 + INIT_LIST_HEAD(&dentry->d_lru);
1678 + INIT_LIST_HEAD(&dentry->d_subdirs);
1679 +- INIT_HLIST_NODE(&dentry->d_alias);
1680 +- INIT_LIST_HEAD(&dentry->d_u.d_child);
1681 ++ INIT_HLIST_NODE(&dentry->d_u.d_alias);
1682 ++ INIT_LIST_HEAD(&dentry->d_child);
1683 + d_set_d_op(dentry, dentry->d_sb->s_d_op);
1684 +
1685 + this_cpu_inc(nr_dentry);
1686 +@@ -1555,7 +1555,7 @@ struct dentry *d_alloc(struct dentry * parent, const struct qstr *name)
1687 + */
1688 + __dget_dlock(parent);
1689 + dentry->d_parent = parent;
1690 +- list_add(&dentry->d_u.d_child, &parent->d_subdirs);
1691 ++ list_add(&dentry->d_child, &parent->d_subdirs);
1692 + spin_unlock(&parent->d_lock);
1693 +
1694 + return dentry;
1695 +@@ -1648,7 +1648,7 @@ static void __d_instantiate(struct dentry *dentry, struct inode *inode)
1696 + spin_lock(&dentry->d_lock);
1697 + __d_set_type(dentry, add_flags);
1698 + if (inode)
1699 +- hlist_add_head(&dentry->d_alias, &inode->i_dentry);
1700 ++ hlist_add_head(&dentry->d_u.d_alias, &inode->i_dentry);
1701 + dentry->d_inode = inode;
1702 + dentry_rcuwalk_barrier(dentry);
1703 + spin_unlock(&dentry->d_lock);
1704 +@@ -1672,7 +1672,7 @@ static void __d_instantiate(struct dentry *dentry, struct inode *inode)
1705 +
1706 + void d_instantiate(struct dentry *entry, struct inode * inode)
1707 + {
1708 +- BUG_ON(!hlist_unhashed(&entry->d_alias));
1709 ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
1710 + if (inode)
1711 + spin_lock(&inode->i_lock);
1712 + __d_instantiate(entry, inode);
1713 +@@ -1711,7 +1711,7 @@ static struct dentry *__d_instantiate_unique(struct dentry *entry,
1714 + return NULL;
1715 + }
1716 +
1717 +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) {
1718 ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) {
1719 + /*
1720 + * Don't need alias->d_lock here, because aliases with
1721 + * d_parent == entry->d_parent are not subject to name or
1722 +@@ -1737,7 +1737,7 @@ struct dentry *d_instantiate_unique(struct dentry *entry, struct inode *inode)
1723 + {
1724 + struct dentry *result;
1725 +
1726 +- BUG_ON(!hlist_unhashed(&entry->d_alias));
1727 ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
1728 +
1729 + if (inode)
1730 + spin_lock(&inode->i_lock);
1731 +@@ -1768,7 +1768,7 @@ EXPORT_SYMBOL(d_instantiate_unique);
1732 + */
1733 + int d_instantiate_no_diralias(struct dentry *entry, struct inode *inode)
1734 + {
1735 +- BUG_ON(!hlist_unhashed(&entry->d_alias));
1736 ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
1737 +
1738 + spin_lock(&inode->i_lock);
1739 + if (S_ISDIR(inode->i_mode) && !hlist_empty(&inode->i_dentry)) {
1740 +@@ -1807,7 +1807,7 @@ static struct dentry * __d_find_any_alias(struct inode *inode)
1741 +
1742 + if (hlist_empty(&inode->i_dentry))
1743 + return NULL;
1744 +- alias = hlist_entry(inode->i_dentry.first, struct dentry, d_alias);
1745 ++ alias = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias);
1746 + __dget(alias);
1747 + return alias;
1748 + }
1749 +@@ -1884,7 +1884,7 @@ struct dentry *d_obtain_alias(struct inode *inode)
1750 + spin_lock(&tmp->d_lock);
1751 + tmp->d_inode = inode;
1752 + tmp->d_flags |= add_flags;
1753 +- hlist_add_head(&tmp->d_alias, &inode->i_dentry);
1754 ++ hlist_add_head(&tmp->d_u.d_alias, &inode->i_dentry);
1755 + hlist_bl_lock(&tmp->d_sb->s_anon);
1756 + hlist_bl_add_head(&tmp->d_hash, &tmp->d_sb->s_anon);
1757 + hlist_bl_unlock(&tmp->d_sb->s_anon);
1758 +@@ -2327,7 +2327,7 @@ int d_validate(struct dentry *dentry, struct dentry *dparent)
1759 + struct dentry *child;
1760 +
1761 + spin_lock(&dparent->d_lock);
1762 +- list_for_each_entry(child, &dparent->d_subdirs, d_u.d_child) {
1763 ++ list_for_each_entry(child, &dparent->d_subdirs, d_child) {
1764 + if (dentry == child) {
1765 + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
1766 + __dget_dlock(dentry);
1767 +@@ -2574,8 +2574,8 @@ static void __d_move(struct dentry * dentry, struct dentry * target)
1768 + /* Unhash the target: dput() will then get rid of it */
1769 + __d_drop(target);
1770 +
1771 +- list_del(&dentry->d_u.d_child);
1772 +- list_del(&target->d_u.d_child);
1773 ++ list_del(&dentry->d_child);
1774 ++ list_del(&target->d_child);
1775 +
1776 + /* Switch the names.. */
1777 + switch_names(dentry, target);
1778 +@@ -2585,15 +2585,15 @@ static void __d_move(struct dentry * dentry, struct dentry * target)
1779 + if (IS_ROOT(dentry)) {
1780 + dentry->d_parent = target->d_parent;
1781 + target->d_parent = target;
1782 +- INIT_LIST_HEAD(&target->d_u.d_child);
1783 ++ INIT_LIST_HEAD(&target->d_child);
1784 + } else {
1785 + swap(dentry->d_parent, target->d_parent);
1786 +
1787 + /* And add them back to the (new) parent lists */
1788 +- list_add(&target->d_u.d_child, &target->d_parent->d_subdirs);
1789 ++ list_add(&target->d_child, &target->d_parent->d_subdirs);
1790 + }
1791 +
1792 +- list_add(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs);
1793 ++ list_add(&dentry->d_child, &dentry->d_parent->d_subdirs);
1794 +
1795 + write_seqcount_end(&target->d_seq);
1796 + write_seqcount_end(&dentry->d_seq);
1797 +@@ -2700,9 +2700,9 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon)
1798 + swap(dentry->d_name.hash, anon->d_name.hash);
1799 +
1800 + dentry->d_parent = dentry;
1801 +- list_del_init(&dentry->d_u.d_child);
1802 ++ list_del_init(&dentry->d_child);
1803 + anon->d_parent = dparent;
1804 +- list_move(&anon->d_u.d_child, &dparent->d_subdirs);
1805 ++ list_move(&anon->d_child, &dparent->d_subdirs);
1806 +
1807 + write_seqcount_end(&dentry->d_seq);
1808 + write_seqcount_end(&anon->d_seq);
1809 +@@ -3333,7 +3333,7 @@ void d_tmpfile(struct dentry *dentry, struct inode *inode)
1810 + {
1811 + inode_dec_link_count(inode);
1812 + BUG_ON(dentry->d_name.name != dentry->d_iname ||
1813 +- !hlist_unhashed(&dentry->d_alias) ||
1814 ++ !hlist_unhashed(&dentry->d_u.d_alias) ||
1815 + !d_unlinked(dentry));
1816 + spin_lock(&dentry->d_parent->d_lock);
1817 + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
1818 +diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
1819 +index 1ff8fe5..4a9f0e0 100644
1820 +--- a/fs/debugfs/inode.c
1821 ++++ b/fs/debugfs/inode.c
1822 +@@ -552,7 +552,7 @@ void debugfs_remove_recursive(struct dentry *dentry)
1823 + * use the d_u.d_child as the rcu head and corrupt this list.
1824 + */
1825 + spin_lock(&parent->d_lock);
1826 +- list_for_each_entry(child, &parent->d_subdirs, d_u.d_child) {
1827 ++ list_for_each_entry(child, &parent->d_subdirs, d_child) {
1828 + if (!debugfs_positive(child))
1829 + continue;
1830 +
1831 +diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c
1832 +index 48a359d..831d4f0 100644
1833 +--- a/fs/exportfs/expfs.c
1834 ++++ b/fs/exportfs/expfs.c
1835 +@@ -50,7 +50,7 @@ find_acceptable_alias(struct dentry *result,
1836 +
1837 + inode = result->d_inode;
1838 + spin_lock(&inode->i_lock);
1839 +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
1840 ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
1841 + dget(dentry);
1842 + spin_unlock(&inode->i_lock);
1843 + if (toput)
1844 +diff --git a/fs/libfs.c b/fs/libfs.c
1845 +index a184424..868c0b7 100644
1846 +--- a/fs/libfs.c
1847 ++++ b/fs/libfs.c
1848 +@@ -113,18 +113,18 @@ loff_t dcache_dir_lseek(struct file *file, loff_t offset, int whence)
1849 +
1850 + spin_lock(&dentry->d_lock);
1851 + /* d_lock not required for cursor */
1852 +- list_del(&cursor->d_u.d_child);
1853 ++ list_del(&cursor->d_child);
1854 + p = dentry->d_subdirs.next;
1855 + while (n && p != &dentry->d_subdirs) {
1856 + struct dentry *next;
1857 +- next = list_entry(p, struct dentry, d_u.d_child);
1858 ++ next = list_entry(p, struct dentry, d_child);
1859 + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED);
1860 + if (simple_positive(next))
1861 + n--;
1862 + spin_unlock(&next->d_lock);
1863 + p = p->next;
1864 + }
1865 +- list_add_tail(&cursor->d_u.d_child, p);
1866 ++ list_add_tail(&cursor->d_child, p);
1867 + spin_unlock(&dentry->d_lock);
1868 + }
1869 + }
1870 +@@ -149,7 +149,7 @@ int dcache_readdir(struct file *file, struct dir_context *ctx)
1871 + {
1872 + struct dentry *dentry = file->f_path.dentry;
1873 + struct dentry *cursor = file->private_data;
1874 +- struct list_head *p, *q = &cursor->d_u.d_child;
1875 ++ struct list_head *p, *q = &cursor->d_child;
1876 +
1877 + if (!dir_emit_dots(file, ctx))
1878 + return 0;
1879 +@@ -158,7 +158,7 @@ int dcache_readdir(struct file *file, struct dir_context *ctx)
1880 + list_move(q, &dentry->d_subdirs);
1881 +
1882 + for (p = q->next; p != &dentry->d_subdirs; p = p->next) {
1883 +- struct dentry *next = list_entry(p, struct dentry, d_u.d_child);
1884 ++ struct dentry *next = list_entry(p, struct dentry, d_child);
1885 + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED);
1886 + if (!simple_positive(next)) {
1887 + spin_unlock(&next->d_lock);
1888 +@@ -286,7 +286,7 @@ int simple_empty(struct dentry *dentry)
1889 + int ret = 0;
1890 +
1891 + spin_lock(&dentry->d_lock);
1892 +- list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child) {
1893 ++ list_for_each_entry(child, &dentry->d_subdirs, d_child) {
1894 + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED);
1895 + if (simple_positive(child)) {
1896 + spin_unlock(&child->d_lock);
1897 +diff --git a/fs/ncpfs/dir.c b/fs/ncpfs/dir.c
1898 +index c320ac5..dc9747d 100644
1899 +--- a/fs/ncpfs/dir.c
1900 ++++ b/fs/ncpfs/dir.c
1901 +@@ -406,7 +406,7 @@ ncp_dget_fpos(struct dentry *dentry, struct dentry *parent, unsigned long fpos)
1902 + spin_lock(&parent->d_lock);
1903 + next = parent->d_subdirs.next;
1904 + while (next != &parent->d_subdirs) {
1905 +- dent = list_entry(next, struct dentry, d_u.d_child);
1906 ++ dent = list_entry(next, struct dentry, d_child);
1907 + if ((unsigned long)dent->d_fsdata == fpos) {
1908 + if (dent->d_inode)
1909 + dget(dent);
1910 +diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h
1911 +index 32c0658..6d5e7c5 100644
1912 +--- a/fs/ncpfs/ncplib_kernel.h
1913 ++++ b/fs/ncpfs/ncplib_kernel.h
1914 +@@ -194,7 +194,7 @@ ncp_renew_dentries(struct dentry *parent)
1915 + spin_lock(&parent->d_lock);
1916 + next = parent->d_subdirs.next;
1917 + while (next != &parent->d_subdirs) {
1918 +- dentry = list_entry(next, struct dentry, d_u.d_child);
1919 ++ dentry = list_entry(next, struct dentry, d_child);
1920 +
1921 + if (dentry->d_fsdata == NULL)
1922 + ncp_age_dentry(server, dentry);
1923 +@@ -216,7 +216,7 @@ ncp_invalidate_dircache_entries(struct dentry *parent)
1924 + spin_lock(&parent->d_lock);
1925 + next = parent->d_subdirs.next;
1926 + while (next != &parent->d_subdirs) {
1927 +- dentry = list_entry(next, struct dentry, d_u.d_child);
1928 ++ dentry = list_entry(next, struct dentry, d_child);
1929 + dentry->d_fsdata = NULL;
1930 + ncp_age_dentry(server, dentry);
1931 + next = next->next;
1932 +diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
1933 +index 66984a9..5b8ab0e 100644
1934 +--- a/fs/nfs/getroot.c
1935 ++++ b/fs/nfs/getroot.c
1936 +@@ -58,7 +58,7 @@ static int nfs_superblock_set_dummy_root(struct super_block *sb, struct inode *i
1937 + */
1938 + spin_lock(&sb->s_root->d_inode->i_lock);
1939 + spin_lock(&sb->s_root->d_lock);
1940 +- hlist_del_init(&sb->s_root->d_alias);
1941 ++ hlist_del_init(&sb->s_root->d_u.d_alias);
1942 + spin_unlock(&sb->s_root->d_lock);
1943 + spin_unlock(&sb->s_root->d_inode->i_lock);
1944 + }
1945 +diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c
1946 +index 9d3e9c5..7001299 100644
1947 +--- a/fs/notify/fsnotify.c
1948 ++++ b/fs/notify/fsnotify.c
1949 +@@ -63,14 +63,14 @@ void __fsnotify_update_child_dentry_flags(struct inode *inode)
1950 + spin_lock(&inode->i_lock);
1951 + /* run all of the dentries associated with this inode. Since this is a
1952 + * directory, there damn well better only be one item on this list */
1953 +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) {
1954 ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) {
1955 + struct dentry *child;
1956 +
1957 + /* run all of the children of the original inode and fix their
1958 + * d_flags to indicate parental interest (their parent is the
1959 + * original inode) */
1960 + spin_lock(&alias->d_lock);
1961 +- list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) {
1962 ++ list_for_each_entry(child, &alias->d_subdirs, d_child) {
1963 + if (!child->d_inode)
1964 + continue;
1965 +
1966 +diff --git a/fs/ocfs2/dcache.c b/fs/ocfs2/dcache.c
1967 +index 0d3a97d..1167485 100644
1968 +--- a/fs/ocfs2/dcache.c
1969 ++++ b/fs/ocfs2/dcache.c
1970 +@@ -173,7 +173,7 @@ struct dentry *ocfs2_find_local_alias(struct inode *inode,
1971 + struct dentry *dentry;
1972 +
1973 + spin_lock(&inode->i_lock);
1974 +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
1975 ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
1976 + spin_lock(&dentry->d_lock);
1977 + if (ocfs2_match_dentry(dentry, parent_blkno, skip_unhashed)) {
1978 + trace_ocfs2_find_local_alias(dentry->d_name.len,
1979 +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
1980 +index c254671..eaa7374 100644
1981 +--- a/fs/proc/task_mmu.c
1982 ++++ b/fs/proc/task_mmu.c
1983 +@@ -993,9 +993,8 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
1984 + struct vm_area_struct *vma;
1985 + struct pagemapread *pm = walk->private;
1986 + spinlock_t *ptl;
1987 +- pte_t *pte;
1988 ++ pte_t *pte, *orig_pte;
1989 + int err = 0;
1990 +- pagemap_entry_t pme = make_pme(PM_NOT_PRESENT(pm->v2));
1991 +
1992 + /* find the first VMA at or above 'addr' */
1993 + vma = find_vma(walk->mm, addr);
1994 +@@ -1009,6 +1008,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
1995 +
1996 + for (; addr != end; addr += PAGE_SIZE) {
1997 + unsigned long offset;
1998 ++ pagemap_entry_t pme;
1999 +
2000 + offset = (addr & ~PAGEMAP_WALK_MASK) >>
2001 + PAGE_SHIFT;
2002 +@@ -1023,32 +1023,55 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
2003 +
2004 + if (pmd_trans_unstable(pmd))
2005 + return 0;
2006 +- for (; addr != end; addr += PAGE_SIZE) {
2007 +- int flags2;
2008 +-
2009 +- /* check to see if we've left 'vma' behind
2010 +- * and need a new, higher one */
2011 +- if (vma && (addr >= vma->vm_end)) {
2012 +- vma = find_vma(walk->mm, addr);
2013 +- if (vma && (vma->vm_flags & VM_SOFTDIRTY))
2014 +- flags2 = __PM_SOFT_DIRTY;
2015 +- else
2016 +- flags2 = 0;
2017 +- pme = make_pme(PM_NOT_PRESENT(pm->v2) | PM_STATUS2(pm->v2, flags2));
2018 ++
2019 ++ while (1) {
2020 ++ /* End of address space hole, which we mark as non-present. */
2021 ++ unsigned long hole_end;
2022 ++
2023 ++ if (vma)
2024 ++ hole_end = min(end, vma->vm_start);
2025 ++ else
2026 ++ hole_end = end;
2027 ++
2028 ++ for (; addr < hole_end; addr += PAGE_SIZE) {
2029 ++ pagemap_entry_t pme = make_pme(PM_NOT_PRESENT(pm->v2));
2030 ++
2031 ++ err = add_to_pagemap(addr, &pme, pm);
2032 ++ if (err)
2033 ++ return err;
2034 + }
2035 +
2036 +- /* check that 'vma' actually covers this address,
2037 +- * and that it isn't a huge page vma */
2038 +- if (vma && (vma->vm_start <= addr) &&
2039 +- !is_vm_hugetlb_page(vma)) {
2040 +- pte = pte_offset_map(pmd, addr);
2041 ++ if (!vma || vma->vm_start >= end)
2042 ++ break;
2043 ++ /*
2044 ++ * We can't possibly be in a hugetlb VMA. In general,
2045 ++ * for a mm_walk with a pmd_entry and a hugetlb_entry,
2046 ++ * the pmd_entry can only be called on addresses in a
2047 ++ * hugetlb if the walk starts in a non-hugetlb VMA and
2048 ++ * spans a hugepage VMA. Since pagemap_read walks are
2049 ++ * PMD-sized and PMD-aligned, this will never be true.
2050 ++ */
2051 ++ BUG_ON(is_vm_hugetlb_page(vma));
2052 ++
2053 ++ /* Addresses in the VMA. */
2054 ++ orig_pte = pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
2055 ++ for (; addr < min(end, vma->vm_end); pte++, addr += PAGE_SIZE) {
2056 ++ pagemap_entry_t pme;
2057 ++
2058 + pte_to_pagemap_entry(&pme, pm, vma, addr, *pte);
2059 +- /* unmap before userspace copy */
2060 +- pte_unmap(pte);
2061 ++ err = add_to_pagemap(addr, &pme, pm);
2062 ++ if (err)
2063 ++ break;
2064 + }
2065 +- err = add_to_pagemap(addr, &pme, pm);
2066 ++ pte_unmap_unlock(orig_pte, ptl);
2067 ++
2068 + if (err)
2069 + return err;
2070 ++
2071 ++ if (addr == end)
2072 ++ break;
2073 ++
2074 ++ vma = find_vma(walk->mm, addr);
2075 + }
2076 +
2077 + cond_resched();
2078 +diff --git a/include/linux/dcache.h b/include/linux/dcache.h
2079 +index 3b50cac..0f0eb1c 100644
2080 +--- a/include/linux/dcache.h
2081 ++++ b/include/linux/dcache.h
2082 +@@ -124,15 +124,15 @@ struct dentry {
2083 + void *d_fsdata; /* fs-specific data */
2084 +
2085 + struct list_head d_lru; /* LRU list */
2086 ++ struct list_head d_child; /* child of parent list */
2087 ++ struct list_head d_subdirs; /* our children */
2088 + /*
2089 +- * d_child and d_rcu can share memory
2090 ++ * d_alias and d_rcu can share memory
2091 + */
2092 + union {
2093 +- struct list_head d_child; /* child of parent list */
2094 ++ struct hlist_node d_alias; /* inode alias list */
2095 + struct rcu_head d_rcu;
2096 + } d_u;
2097 +- struct list_head d_subdirs; /* our children */
2098 +- struct hlist_node d_alias; /* inode alias list */
2099 + };
2100 +
2101 + /*
2102 +diff --git a/include/linux/mm.h b/include/linux/mm.h
2103 +index 46b8ab5..a7b311d 100644
2104 +--- a/include/linux/mm.h
2105 ++++ b/include/linux/mm.h
2106 +@@ -1009,6 +1009,7 @@ static inline int page_mapped(struct page *page)
2107 + #define VM_FAULT_WRITE 0x0008 /* Special case for get_user_pages */
2108 + #define VM_FAULT_HWPOISON 0x0010 /* Hit poisoned small page */
2109 + #define VM_FAULT_HWPOISON_LARGE 0x0020 /* Hit poisoned large page. Index encoded in upper bits */
2110 ++#define VM_FAULT_SIGSEGV 0x0040
2111 +
2112 + #define VM_FAULT_NOPAGE 0x0100 /* ->fault installed the pte, not return page */
2113 + #define VM_FAULT_LOCKED 0x0200 /* ->fault locked the returned page */
2114 +@@ -1017,8 +1018,9 @@ static inline int page_mapped(struct page *page)
2115 +
2116 + #define VM_FAULT_HWPOISON_LARGE_MASK 0xf000 /* encodes hpage index for large hwpoison */
2117 +
2118 +-#define VM_FAULT_ERROR (VM_FAULT_OOM | VM_FAULT_SIGBUS | VM_FAULT_HWPOISON | \
2119 +- VM_FAULT_FALLBACK | VM_FAULT_HWPOISON_LARGE)
2120 ++#define VM_FAULT_ERROR (VM_FAULT_OOM | VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV | \
2121 ++ VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE | \
2122 ++ VM_FAULT_FALLBACK)
2123 +
2124 + /* Encode hstate index for a hwpoisoned large page */
2125 + #define VM_FAULT_SET_HINDEX(x) ((x) << 12)
2126 +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
2127 +index 911718f..bf46cc8 100644
2128 +--- a/include/linux/netdevice.h
2129 ++++ b/include/linux/netdevice.h
2130 +@@ -1880,6 +1880,12 @@ void netdev_freemem(struct net_device *dev);
2131 + void synchronize_net(void);
2132 + int init_dummy_netdev(struct net_device *dev);
2133 +
2134 ++DECLARE_PER_CPU(int, xmit_recursion);
2135 ++static inline int dev_recursion_level(void)
2136 ++{
2137 ++ return this_cpu_read(xmit_recursion);
2138 ++}
2139 ++
2140 + struct net_device *dev_get_by_index(struct net *net, int ifindex);
2141 + struct net_device *__dev_get_by_index(struct net *net, int ifindex);
2142 + struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex);
2143 +diff --git a/include/linux/sched.h b/include/linux/sched.h
2144 +index 218b058..91fe6a3 100644
2145 +--- a/include/linux/sched.h
2146 ++++ b/include/linux/sched.h
2147 +@@ -1695,7 +1695,7 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
2148 + }
2149 +
2150 +
2151 +-static int pid_alive(const struct task_struct *p);
2152 ++static inline int pid_alive(const struct task_struct *p);
2153 + static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
2154 + {
2155 + pid_t pid = 0;
2156 +diff --git a/include/net/ip.h b/include/net/ip.h
2157 +index 3446cdd..5128fa7 100644
2158 +--- a/include/net/ip.h
2159 ++++ b/include/net/ip.h
2160 +@@ -407,22 +407,6 @@ static __inline__ void inet_reset_saddr(struct sock *sk)
2161 +
2162 + #endif
2163 +
2164 +-static inline int sk_mc_loop(struct sock *sk)
2165 +-{
2166 +- if (!sk)
2167 +- return 1;
2168 +- switch (sk->sk_family) {
2169 +- case AF_INET:
2170 +- return inet_sk(sk)->mc_loop;
2171 +-#if IS_ENABLED(CONFIG_IPV6)
2172 +- case AF_INET6:
2173 +- return inet6_sk(sk)->mc_loop;
2174 +-#endif
2175 +- }
2176 +- WARN_ON(1);
2177 +- return 1;
2178 +-}
2179 +-
2180 + bool ip_call_ra_chain(struct sk_buff *skb);
2181 +
2182 + /*
2183 +diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
2184 +index 2e74c6c..ee2d53a 100644
2185 +--- a/include/net/ip6_route.h
2186 ++++ b/include/net/ip6_route.h
2187 +@@ -168,7 +168,8 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
2188 +
2189 + static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
2190 + {
2191 +- struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
2192 ++ struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
2193 ++ inet6_sk(skb->sk) : NULL;
2194 +
2195 + return (np && np->pmtudisc >= IPV6_PMTUDISC_PROBE) ?
2196 + skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb));
2197 +diff --git a/include/net/sock.h b/include/net/sock.h
2198 +index f66b2b1..0c79a74 100644
2199 +--- a/include/net/sock.h
2200 ++++ b/include/net/sock.h
2201 +@@ -1815,6 +1815,8 @@ struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie);
2202 +
2203 + struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie);
2204 +
2205 ++bool sk_mc_loop(struct sock *sk);
2206 ++
2207 + static inline bool sk_can_gso(const struct sock *sk)
2208 + {
2209 + return net_gso_ok(sk->sk_route_caps, sk->sk_gso_type);
2210 +diff --git a/kernel/cgroup.c b/kernel/cgroup.c
2211 +index 550e205..18711f3 100644
2212 +--- a/kernel/cgroup.c
2213 ++++ b/kernel/cgroup.c
2214 +@@ -971,7 +971,7 @@ static void cgroup_d_remove_dir(struct dentry *dentry)
2215 + parent = dentry->d_parent;
2216 + spin_lock(&parent->d_lock);
2217 + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
2218 +- list_del_init(&dentry->d_u.d_child);
2219 ++ list_del_init(&dentry->d_child);
2220 + spin_unlock(&dentry->d_lock);
2221 + spin_unlock(&parent->d_lock);
2222 + remove_dir(dentry);
2223 +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2224 +index 813b021..a2d62b3 100644
2225 +--- a/kernel/trace/trace.c
2226 ++++ b/kernel/trace/trace.c
2227 +@@ -6158,7 +6158,7 @@ static int instance_mkdir (struct inode *inode, struct dentry *dentry, umode_t m
2228 + int ret;
2229 +
2230 + /* Paranoid: Make sure the parent is the "instances" directory */
2231 +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias);
2232 ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias);
2233 + if (WARN_ON_ONCE(parent != trace_instance_dir))
2234 + return -ENOENT;
2235 +
2236 +@@ -6185,7 +6185,7 @@ static int instance_rmdir(struct inode *inode, struct dentry *dentry)
2237 + int ret;
2238 +
2239 + /* Paranoid: Make sure the parent is the "instances" directory */
2240 +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias);
2241 ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias);
2242 + if (WARN_ON_ONCE(parent != trace_instance_dir))
2243 + return -ENOENT;
2244 +
2245 +diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
2246 +index e4c4efc..c6646a5 100644
2247 +--- a/kernel/trace/trace_events.c
2248 ++++ b/kernel/trace/trace_events.c
2249 +@@ -428,7 +428,7 @@ static void remove_event_file_dir(struct ftrace_event_file *file)
2250 +
2251 + if (dir) {
2252 + spin_lock(&dir->d_lock); /* probably unneeded */
2253 +- list_for_each_entry(child, &dir->d_subdirs, d_u.d_child) {
2254 ++ list_for_each_entry(child, &dir->d_subdirs, d_child) {
2255 + if (child->d_inode) /* probably unneeded */
2256 + child->d_inode->i_private = NULL;
2257 + }
2258 +diff --git a/mm/ksm.c b/mm/ksm.c
2259 +index 68710e8..5e706e3 100644
2260 +--- a/mm/ksm.c
2261 ++++ b/mm/ksm.c
2262 +@@ -376,7 +376,7 @@ static int break_ksm(struct vm_area_struct *vma, unsigned long addr)
2263 + else
2264 + ret = VM_FAULT_WRITE;
2265 + put_page(page);
2266 +- } while (!(ret & (VM_FAULT_WRITE | VM_FAULT_SIGBUS | VM_FAULT_OOM)));
2267 ++ } while (!(ret & (VM_FAULT_WRITE | VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV | VM_FAULT_OOM)));
2268 + /*
2269 + * We must loop because handle_mm_fault() may back out if there's
2270 + * any difficulty e.g. if pte accessed bit gets updated concurrently.
2271 +diff --git a/mm/memory-failure.c b/mm/memory-failure.c
2272 +index a98c7fc..ffc7bf0 100644
2273 +--- a/mm/memory-failure.c
2274 ++++ b/mm/memory-failure.c
2275 +@@ -1645,8 +1645,6 @@ static int __soft_offline_page(struct page *page, int flags)
2276 + * setting PG_hwpoison.
2277 + */
2278 + if (!is_free_buddy_page(page))
2279 +- lru_add_drain_all();
2280 +- if (!is_free_buddy_page(page))
2281 + drain_all_pages();
2282 + SetPageHWPoison(page);
2283 + if (!is_free_buddy_page(page))
2284 +diff --git a/mm/memory.c b/mm/memory.c
2285 +index 102af09..749e1c6 100644
2286 +--- a/mm/memory.c
2287 ++++ b/mm/memory.c
2288 +@@ -1836,7 +1836,8 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
2289 + else
2290 + return -EFAULT;
2291 + }
2292 +- if (ret & VM_FAULT_SIGBUS)
2293 ++ if (ret & (VM_FAULT_SIGBUS |
2294 ++ VM_FAULT_SIGSEGV))
2295 + return i ? i : -EFAULT;
2296 + BUG();
2297 + }
2298 +@@ -1946,7 +1947,7 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
2299 + return -ENOMEM;
2300 + if (ret & (VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE))
2301 + return -EHWPOISON;
2302 +- if (ret & VM_FAULT_SIGBUS)
2303 ++ if (ret & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV))
2304 + return -EFAULT;
2305 + BUG();
2306 + }
2307 +@@ -3235,7 +3236,7 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
2308 +
2309 + /* Check if we need to add a guard page to the stack */
2310 + if (check_stack_guard_page(vma, address) < 0)
2311 +- return VM_FAULT_SIGBUS;
2312 ++ return VM_FAULT_SIGSEGV;
2313 +
2314 + /* Use the zero-page for reads */
2315 + if (!(flags & FAULT_FLAG_WRITE)) {
2316 +diff --git a/net/core/dev.c b/net/core/dev.c
2317 +index f6d8d7f..73abbd7 100644
2318 +--- a/net/core/dev.c
2319 ++++ b/net/core/dev.c
2320 +@@ -2775,7 +2775,9 @@ static void skb_update_prio(struct sk_buff *skb)
2321 + #define skb_update_prio(skb)
2322 + #endif
2323 +
2324 +-static DEFINE_PER_CPU(int, xmit_recursion);
2325 ++DEFINE_PER_CPU(int, xmit_recursion);
2326 ++EXPORT_SYMBOL(xmit_recursion);
2327 ++
2328 + #define RECURSION_LIMIT 10
2329 +
2330 + /**
2331 +diff --git a/net/core/sock.c b/net/core/sock.c
2332 +index c806956..650dd58 100644
2333 +--- a/net/core/sock.c
2334 ++++ b/net/core/sock.c
2335 +@@ -659,6 +659,25 @@ static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
2336 + sock_reset_flag(sk, bit);
2337 + }
2338 +
2339 ++bool sk_mc_loop(struct sock *sk)
2340 ++{
2341 ++ if (dev_recursion_level())
2342 ++ return false;
2343 ++ if (!sk)
2344 ++ return true;
2345 ++ switch (sk->sk_family) {
2346 ++ case AF_INET:
2347 ++ return inet_sk(sk)->mc_loop;
2348 ++#if IS_ENABLED(CONFIG_IPV6)
2349 ++ case AF_INET6:
2350 ++ return inet6_sk(sk)->mc_loop;
2351 ++#endif
2352 ++ }
2353 ++ WARN_ON(1);
2354 ++ return true;
2355 ++}
2356 ++EXPORT_SYMBOL(sk_mc_loop);
2357 ++
2358 + /*
2359 + * This is meant for all protocols to use and covers goings on
2360 + * at the socket level. Everything here is generic.
2361 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
2362 +index 2291791..9fbd69e 100644
2363 +--- a/net/ipv4/tcp_input.c
2364 ++++ b/net/ipv4/tcp_input.c
2365 +@@ -3064,10 +3064,11 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
2366 + if (seq_rtt < 0) {
2367 + seq_rtt = ca_seq_rtt;
2368 + }
2369 +- if (!(sacked & TCPCB_SACKED_ACKED))
2370 ++ if (!(sacked & TCPCB_SACKED_ACKED)) {
2371 + reord = min(pkts_acked, reord);
2372 +- if (!after(scb->end_seq, tp->high_seq))
2373 +- flag |= FLAG_ORIG_SACK_ACKED;
2374 ++ if (!after(scb->end_seq, tp->high_seq))
2375 ++ flag |= FLAG_ORIG_SACK_ACKED;
2376 ++ }
2377 + }
2378 +
2379 + if (sacked & TCPCB_SACKED_ACKED)
2380 +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
2381 +index b7effad..e2f8bd0 100644
2382 +--- a/net/ipv4/tcp_ipv4.c
2383 ++++ b/net/ipv4/tcp_ipv4.c
2384 +@@ -1875,7 +1875,7 @@ void tcp_v4_early_demux(struct sk_buff *skb)
2385 + skb->sk = sk;
2386 + skb->destructor = sock_edemux;
2387 + if (sk->sk_state != TCP_TIME_WAIT) {
2388 +- struct dst_entry *dst = sk->sk_rx_dst;
2389 ++ struct dst_entry *dst = ACCESS_ONCE(sk->sk_rx_dst);
2390 +
2391 + if (dst)
2392 + dst = dst_check(dst, 0);
2393 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
2394 +index 96f64e5..8c70c73 100644
2395 +--- a/net/ipv4/tcp_output.c
2396 ++++ b/net/ipv4/tcp_output.c
2397 +@@ -2796,6 +2796,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2398 + }
2399 + #endif
2400 +
2401 ++ /* Do not fool tcpdump (if any), clean our debris */
2402 ++ skb->tstamp.tv64 = 0;
2403 + return skb;
2404 + }
2405 + EXPORT_SYMBOL(tcp_make_synack);
2406 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
2407 +index d7907ec..066d0b0 100644
2408 +--- a/net/ipv6/ip6_output.c
2409 ++++ b/net/ipv6/ip6_output.c
2410 +@@ -555,7 +555,8 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
2411 + {
2412 + struct sk_buff *frag;
2413 + struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
2414 +- struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
2415 ++ struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
2416 ++ inet6_sk(skb->sk) : NULL;
2417 + struct ipv6hdr *tmp_hdr;
2418 + struct frag_hdr *fh;
2419 + unsigned int mtu, hlen, left, len;
2420 +diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
2421 +index 09a22f4..bcd6518 100644
2422 +--- a/net/ipv6/ndisc.c
2423 ++++ b/net/ipv6/ndisc.c
2424 +@@ -1193,7 +1193,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
2425 + if (rt)
2426 + rt6_set_expires(rt, jiffies + (HZ * lifetime));
2427 + if (ra_msg->icmph.icmp6_hop_limit) {
2428 +- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
2429 ++ /* Only set hop_limit on the interface if it is higher than
2430 ++ * the current hop_limit.
2431 ++ */
2432 ++ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
2433 ++ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
2434 ++ } else {
2435 ++ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
2436 ++ }
2437 + if (rt)
2438 + dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
2439 + ra_msg->icmph.icmp6_hop_limit);
2440 +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
2441 +index a4f890d..9d4332d 100644
2442 +--- a/net/ipv6/tcp_ipv6.c
2443 ++++ b/net/ipv6/tcp_ipv6.c
2444 +@@ -1633,7 +1633,7 @@ static void tcp_v6_early_demux(struct sk_buff *skb)
2445 + skb->sk = sk;
2446 + skb->destructor = sock_edemux;
2447 + if (sk->sk_state != TCP_TIME_WAIT) {
2448 +- struct dst_entry *dst = sk->sk_rx_dst;
2449 ++ struct dst_entry *dst = ACCESS_ONCE(sk->sk_rx_dst);
2450 +
2451 + if (dst)
2452 + dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
2453 +diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
2454 +index d25f293..957c1db 100644
2455 +--- a/net/netfilter/nf_conntrack_proto_generic.c
2456 ++++ b/net/netfilter/nf_conntrack_proto_generic.c
2457 +@@ -14,6 +14,30 @@
2458 +
2459 + static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
2460 +
2461 ++static bool nf_generic_should_process(u8 proto)
2462 ++{
2463 ++ switch (proto) {
2464 ++#ifdef CONFIG_NF_CT_PROTO_SCTP_MODULE
2465 ++ case IPPROTO_SCTP:
2466 ++ return false;
2467 ++#endif
2468 ++#ifdef CONFIG_NF_CT_PROTO_DCCP_MODULE
2469 ++ case IPPROTO_DCCP:
2470 ++ return false;
2471 ++#endif
2472 ++#ifdef CONFIG_NF_CT_PROTO_GRE_MODULE
2473 ++ case IPPROTO_GRE:
2474 ++ return false;
2475 ++#endif
2476 ++#ifdef CONFIG_NF_CT_PROTO_UDPLITE_MODULE
2477 ++ case IPPROTO_UDPLITE:
2478 ++ return false;
2479 ++#endif
2480 ++ default:
2481 ++ return true;
2482 ++ }
2483 ++}
2484 ++
2485 + static inline struct nf_generic_net *generic_pernet(struct net *net)
2486 + {
2487 + return &net->ct.nf_ct_proto.generic;
2488 +@@ -67,7 +91,7 @@ static int generic_packet(struct nf_conn *ct,
2489 + static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb,
2490 + unsigned int dataoff, unsigned int *timeouts)
2491 + {
2492 +- return true;
2493 ++ return nf_generic_should_process(nf_ct_protonum(ct));
2494 + }
2495 +
2496 + #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
2497 +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
2498 +index 6c4cbd9..fc68bf6 100644
2499 +--- a/security/selinux/selinuxfs.c
2500 ++++ b/security/selinux/selinuxfs.c
2501 +@@ -1200,7 +1200,7 @@ static void sel_remove_entries(struct dentry *de)
2502 + spin_lock(&de->d_lock);
2503 + node = de->d_subdirs.next;
2504 + while (node != &de->d_subdirs) {
2505 +- struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
2506 ++ struct dentry *d = list_entry(node, struct dentry, d_child);
2507 +
2508 + spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
2509 + list_del_init(node);
2510 +@@ -1674,12 +1674,12 @@ static void sel_remove_classes(void)
2511 +
2512 + list_for_each(class_node, &class_dir->d_subdirs) {
2513 + struct dentry *class_subdir = list_entry(class_node,
2514 +- struct dentry, d_u.d_child);
2515 ++ struct dentry, d_child);
2516 + struct list_head *class_subdir_node;
2517 +
2518 + list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
2519 + struct dentry *d = list_entry(class_subdir_node,
2520 +- struct dentry, d_u.d_child);
2521 ++ struct dentry, d_child);
2522 +
2523 + if (d->d_inode)
2524 + if (d->d_inode->i_mode & S_IFDIR)
2525
2526 diff --git a/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch b/3.14.40/4420_grsecurity-3.1-3.14.40-201504290821.patch
2527 similarity index 99%
2528 rename from 3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch
2529 rename to 3.14.40/4420_grsecurity-3.1-3.14.40-201504290821.patch
2530 index 3fbeaa8..47246da 100644
2531 --- a/3.14.39/4420_grsecurity-3.1-3.14.39-201504270826.patch
2532 +++ b/3.14.40/4420_grsecurity-3.1-3.14.40-201504290821.patch
2533 @@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
2534
2535 pcd. [PARIDE]
2536 diff --git a/Makefile b/Makefile
2537 -index b40845e..c9b79e2 100644
2538 +index 070e0eb..e3359b0 100644
2539 --- a/Makefile
2540 +++ b/Makefile
2541 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
2542 @@ -703,7 +703,7 @@ index 1402fcc..0b1abd2 100644
2543 return addr;
2544 }
2545 diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
2546 -index 98838a0..b304fb4 100644
2547 +index 9d0ac09..479a962 100644
2548 --- a/arch/alpha/mm/fault.c
2549 +++ b/arch/alpha/mm/fault.c
2550 @@ -53,6 +53,124 @@ __load_new_mm_context(struct mm_struct *next_mm)
2551 @@ -2003,10 +2003,10 @@ index 219ac88..73ec32a 100644
2552 * These are the memory types, defined to be compatible with
2553 * pre-ARMv6 CPUs cacheable and bufferable bits: XXCB
2554 diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h
2555 -index 626989f..9d67a33 100644
2556 +index 9fd61c7..f8f1cff 100644
2557 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h
2558 +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h
2559 -@@ -75,6 +75,7 @@
2560 +@@ -76,6 +76,7 @@
2561 #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
2562 #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */
2563 #define PTE_EXT_NG (_AT(pteval_t, 1) << 11) /* nG */
2564 @@ -2015,18 +2015,18 @@ index 626989f..9d67a33 100644
2565
2566 /*
2567 diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
2568 -index 85c60ad..b0bbd7e 100644
2569 +index 06e0bc0..e60c2d3 100644
2570 --- a/arch/arm/include/asm/pgtable-3level.h
2571 +++ b/arch/arm/include/asm/pgtable-3level.h
2572 -@@ -82,6 +82,7 @@
2573 - #define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */
2574 +@@ -81,6 +81,7 @@
2575 + #define L_PTE_USER (_AT(pteval_t, 1) << 6) /* AP[1] */
2576 #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
2577 #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */
2578 +#define L_PTE_PXN (_AT(pteval_t, 1) << 53) /* PXN */
2579 #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */
2580 - #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */
2581 - #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */
2582 -@@ -95,6 +96,7 @@
2583 + #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55)
2584 + #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56)
2585 +@@ -96,6 +97,7 @@
2586 /*
2587 * To be used in assembly code with the upper page attributes.
2588 */
2589 @@ -2035,7 +2035,7 @@ index 85c60ad..b0bbd7e 100644
2590 #define L_PTE_DIRTY_HIGH (1 << (55 - 32))
2591
2592 diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
2593 -index 7d59b52..27a12f8 100644
2594 +index 89dba13..ca1cf20 100644
2595 --- a/arch/arm/include/asm/pgtable.h
2596 +++ b/arch/arm/include/asm/pgtable.h
2597 @@ -33,6 +33,9 @@
2598 @@ -2118,7 +2118,7 @@ index 7d59b52..27a12f8 100644
2599 */
2600 #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG
2601
2602 -@@ -262,7 +310,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
2603 +@@ -266,7 +314,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
2604 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
2605 {
2606 const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER |
2607 @@ -4884,7 +4884,7 @@ index 479330b..53717a8 100644
2608
2609 #endif /* __ASM_AVR32_KMAP_TYPES_H */
2610 diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c
2611 -index 0eca933..eb78c7b 100644
2612 +index d223a8b..69c5210 100644
2613 --- a/arch/avr32/mm/fault.c
2614 +++ b/arch/avr32/mm/fault.c
2615 @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap)
2616 @@ -4911,7 +4911,7 @@ index 0eca933..eb78c7b 100644
2617 /*
2618 * This routine handles page faults. It determines the address and the
2619 * problem, and then passes it off to one of the appropriate routines.
2620 -@@ -176,6 +193,16 @@ bad_area:
2621 +@@ -178,6 +195,16 @@ bad_area:
2622 up_read(&mm->mmap_sem);
2623
2624 if (user_mode(regs)) {
2625 @@ -5473,7 +5473,7 @@ index 84f8a52..7c76178 100644
2626 * ensure percpu data fits
2627 * into percpu page size
2628 diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c
2629 -index 7225dad..2a7c8256 100644
2630 +index ba5ba7a..36e9d3a 100644
2631 --- a/arch/ia64/mm/fault.c
2632 +++ b/arch/ia64/mm/fault.c
2633 @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address)
2634 @@ -7213,7 +7213,7 @@ index 897c605..c421760 100644
2635 int ret;
2636
2637 diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
2638 -index becc42b..9e43d4b 100644
2639 +index 70ab5d6..62940fe 100644
2640 --- a/arch/mips/mm/fault.c
2641 +++ b/arch/mips/mm/fault.c
2642 @@ -28,6 +28,23 @@
2643 @@ -7240,7 +7240,7 @@ index becc42b..9e43d4b 100644
2644 /*
2645 * This routine handles page faults. It determines the address,
2646 * and the problem, and then passes it off to one of the appropriate
2647 -@@ -199,6 +216,14 @@ bad_area:
2648 +@@ -201,6 +218,14 @@ bad_area:
2649 bad_area_nosemaphore:
2650 /* User mode accesses just cause a SIGSEGV */
2651 if (user_mode(regs)) {
2652 @@ -7866,7 +7866,7 @@ index 47ee620..1107387 100644
2653 fault_space = regs->iasq[0];
2654
2655 diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
2656 -index d72197f..c017c84 100644
2657 +index d27e388..addd2dc 100644
2658 --- a/arch/parisc/mm/fault.c
2659 +++ b/arch/parisc/mm/fault.c
2660 @@ -15,6 +15,7 @@
2661 @@ -8962,7 +8962,7 @@ index 5eea6f3..5d10396 100644
2662 EXPORT_SYMBOL(copy_in_user);
2663
2664 diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
2665 -index 51ab9e7..7d3c78b 100644
2666 +index 010fabf..e5c18a4 100644
2667 --- a/arch/powerpc/mm/fault.c
2668 +++ b/arch/powerpc/mm/fault.c
2669 @@ -33,6 +33,10 @@
2670 @@ -9037,7 +9037,7 @@ index 51ab9e7..7d3c78b 100644
2671 goto bad_area;
2672 #endif /* CONFIG_PPC_STD_MMU */
2673
2674 -@@ -483,6 +514,23 @@ bad_area:
2675 +@@ -485,6 +516,23 @@ bad_area:
2676 bad_area_nosemaphore:
2677 /* User mode accesses cause a SIGSEGV */
2678 if (user_mode(regs)) {
2679 @@ -11200,7 +11200,7 @@ index 30c3ecc..736f015 100644
2680 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o
2681 obj-y += fault_$(BITS).o
2682 diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c
2683 -index 59dbd46..1dd7f5e 100644
2684 +index 163c787..6f9ee6c 100644
2685 --- a/arch/sparc/mm/fault_32.c
2686 +++ b/arch/sparc/mm/fault_32.c
2687 @@ -21,6 +21,9 @@
2688 @@ -11517,7 +11517,7 @@ index 59dbd46..1dd7f5e 100644
2689 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
2690 goto bad_area;
2691 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
2692 -index 45a413e..fff0231 100644
2693 +index 0d6de79..32851cb 100644
2694 --- a/arch/sparc/mm/fault_64.c
2695 +++ b/arch/sparc/mm/fault_64.c
2696 @@ -22,6 +22,9 @@
2697 @@ -28725,63 +28725,10 @@ index c697625..a032162 100644
2698
2699 out:
2700 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
2701 -index 09651d4..cdb8f22 100644
2702 +index cf1eeea..cdb8f22 100644
2703 --- a/arch/x86/kvm/emulate.c
2704 +++ b/arch/x86/kvm/emulate.c
2705 -@@ -2258,7 +2258,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
2706 - * Not recognized on AMD in compat mode (but is recognized in legacy
2707 - * mode).
2708 - */
2709 -- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA)
2710 -+ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA)
2711 - && !vendor_intel(ctxt))
2712 - return emulate_ud(ctxt);
2713 -
2714 -@@ -2271,25 +2271,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
2715 - setup_syscalls_segments(ctxt, &cs, &ss);
2716 -
2717 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
2718 -- switch (ctxt->mode) {
2719 -- case X86EMUL_MODE_PROT32:
2720 -- if ((msr_data & 0xfffc) == 0x0)
2721 -- return emulate_gp(ctxt, 0);
2722 -- break;
2723 -- case X86EMUL_MODE_PROT64:
2724 -- if (msr_data == 0x0)
2725 -- return emulate_gp(ctxt, 0);
2726 -- break;
2727 -- default:
2728 -- break;
2729 -- }
2730 -+ if ((msr_data & 0xfffc) == 0x0)
2731 -+ return emulate_gp(ctxt, 0);
2732 -
2733 - ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
2734 -- cs_sel = (u16)msr_data;
2735 -- cs_sel &= ~SELECTOR_RPL_MASK;
2736 -+ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK;
2737 - ss_sel = cs_sel + 8;
2738 -- ss_sel &= ~SELECTOR_RPL_MASK;
2739 -- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) {
2740 -+ if (efer & EFER_LMA) {
2741 - cs.d = 0;
2742 - cs.l = 1;
2743 - }
2744 -@@ -2298,10 +2286,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
2745 - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
2746 -
2747 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data);
2748 -- ctxt->_eip = msr_data;
2749 -+ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data;
2750 -
2751 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data);
2752 -- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data;
2753 -+ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data :
2754 -+ (u32)msr_data;
2755 -
2756 - return X86EMUL_CONTINUE;
2757 - }
2758 -@@ -3401,7 +3390,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
2759 +@@ -3390,7 +3390,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
2760 int cr = ctxt->modrm_reg;
2761 u64 efer = 0;
2762
2763 @@ -28790,7 +28737,7 @@ index 09651d4..cdb8f22 100644
2764 0xffffffff00000000ULL,
2765 0, 0, 0, /* CR3 checked later */
2766 CR4_RESERVED_BITS,
2767 -@@ -3436,7 +3425,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
2768 +@@ -3425,7 +3425,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
2769
2770 ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
2771 if (efer & EFER_LMA)
2772 @@ -28799,7 +28746,7 @@ index 09651d4..cdb8f22 100644
2773 else if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PAE)
2774 rsvd = CR3_PAE_RESERVED_BITS;
2775 else if (ctxt->ops->get_cr(ctxt, 0) & X86_CR0_PG)
2776 -@@ -3668,8 +3657,8 @@ static const struct opcode group5[] = {
2777 +@@ -3657,8 +3657,8 @@ static const struct opcode group5[] = {
2778 };
2779
2780 static const struct opcode group6[] = {
2781 @@ -31927,7 +31874,7 @@ index 903ec1e..c4166b2 100644
2782 }
2783
2784 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
2785 -index a10c8c7..35a5abb 100644
2786 +index ebc551c..b8ee77e 100644
2787 --- a/arch/x86/mm/fault.c
2788 +++ b/arch/x86/mm/fault.c
2789 @@ -14,11 +14,18 @@
2790 @@ -32172,7 +32119,7 @@ index a10c8c7..35a5abb 100644
2791 /* Kernel addresses are always protection faults: */
2792 if (address >= TASK_SIZE)
2793 error_code |= PF_PROT;
2794 -@@ -856,7 +968,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
2795 +@@ -853,7 +965,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
2796 if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
2797 printk(KERN_ERR
2798 "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
2799 @@ -32181,7 +32128,7 @@ index a10c8c7..35a5abb 100644
2800 code = BUS_MCEERR_AR;
2801 }
2802 #endif
2803 -@@ -910,6 +1022,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
2804 +@@ -905,6 +1017,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
2805 return 1;
2806 }
2807
2808 @@ -32281,7 +32228,7 @@ index a10c8c7..35a5abb 100644
2809 /*
2810 * Handle a spurious fault caused by a stale TLB entry.
2811 *
2812 -@@ -976,6 +1181,9 @@ int show_unhandled_signals = 1;
2813 +@@ -971,6 +1176,9 @@ int show_unhandled_signals = 1;
2814 static inline int
2815 access_error(unsigned long error_code, struct vm_area_struct *vma)
2816 {
2817 @@ -32291,7 +32238,7 @@ index a10c8c7..35a5abb 100644
2818 if (error_code & PF_WRITE) {
2819 /* write, present and write, not present: */
2820 if (unlikely(!(vma->vm_flags & VM_WRITE)))
2821 -@@ -1010,7 +1218,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
2822 +@@ -1005,7 +1213,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
2823 if (error_code & PF_USER)
2824 return false;
2825
2826 @@ -32300,7 +32247,7 @@ index a10c8c7..35a5abb 100644
2827 return false;
2828
2829 return true;
2830 -@@ -1038,6 +1246,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
2831 +@@ -1033,6 +1241,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
2832 tsk = current;
2833 mm = tsk->mm;
2834
2835 @@ -32323,7 +32270,7 @@ index a10c8c7..35a5abb 100644
2836 /*
2837 * Detect and handle instructions that would cause a page fault for
2838 * both a tracked kernel page and a userspace page.
2839 -@@ -1115,7 +1339,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
2840 +@@ -1110,7 +1334,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
2841 * User-mode registers count as a user access even for any
2842 * potential system fault or CPU buglet:
2843 */
2844 @@ -32332,7 +32279,7 @@ index a10c8c7..35a5abb 100644
2845 local_irq_enable();
2846 error_code |= PF_USER;
2847 flags |= FAULT_FLAG_USER;
2848 -@@ -1162,6 +1386,11 @@ retry:
2849 +@@ -1157,6 +1381,11 @@ retry:
2850 might_sleep();
2851 }
2852
2853 @@ -32344,7 +32291,7 @@ index a10c8c7..35a5abb 100644
2854 vma = find_vma(mm, address);
2855 if (unlikely(!vma)) {
2856 bad_area(regs, error_code, address);
2857 -@@ -1173,18 +1402,24 @@ retry:
2858 +@@ -1168,18 +1397,24 @@ retry:
2859 bad_area(regs, error_code, address);
2860 return;
2861 }
2862 @@ -32380,7 +32327,7 @@ index a10c8c7..35a5abb 100644
2863 if (unlikely(expand_stack(vma, address))) {
2864 bad_area(regs, error_code, address);
2865 return;
2866 -@@ -1296,3 +1531,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
2867 +@@ -1292,3 +1527,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
2868 exception_exit(prev_state);
2869 }
2870 #endif /* CONFIG_TRACING */
2871 @@ -48025,7 +47972,7 @@ index c05b66d..ed69872 100644
2872 break;
2873 }
2874 diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
2875 -index 80bfa03..1114364 100644
2876 +index 075e7e7..1dbbe03 100644
2877 --- a/drivers/net/ethernet/emulex/benet/be_main.c
2878 +++ b/drivers/net/ethernet/emulex/benet/be_main.c
2879 @@ -534,7 +534,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
2880 @@ -48261,7 +48208,7 @@ index 7763962..c3499a7 100644
2881 struct qlcnic_hardware_context *ahw;
2882 void *temp_buffer;
2883 diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
2884 -index 3ff7bc3..366091b 100644
2885 +index 90c14d1..3bd4467 100644
2886 --- a/drivers/net/ethernet/realtek/r8169.c
2887 +++ b/drivers/net/ethernet/realtek/r8169.c
2888 @@ -758,22 +758,22 @@ struct rtl8169_private {
2889 @@ -52400,7 +52347,7 @@ index 52b7731..d604da0 100644
2890 strlen(filename), mode, LUSTRE_OPC_MKDIR,
2891 lump);
2892 diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c
2893 -index 6cfdb9e..1ddab59 100644
2894 +index 5ae562e..6b661ff 100644
2895 --- a/drivers/staging/lustre/lustre/llite/llite_lib.c
2896 +++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
2897 @@ -576,7 +576,7 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt,
2898 @@ -59982,7 +59929,7 @@ index ebaff36..7e3ea26 100644
2899 kunmap(page);
2900 file_end_write(file);
2901 diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
2902 -index 5e0982a..ca18377 100644
2903 +index 18e14cf..9ca3e26 100644
2904 --- a/fs/ceph/dir.c
2905 +++ b/fs/ceph/dir.c
2906 @@ -128,6 +128,8 @@ static int __dcache_readdir(struct file *file, struct dir_context *ctx)
2907 @@ -60529,7 +60476,7 @@ index 43eb136..f17e718 100644
2908 return rc;
2909 }
2910 diff --git a/fs/coda/cache.c b/fs/coda/cache.c
2911 -index 1da168c..8bc7ff6 100644
2912 +index 9bc1147..fd15753 100644
2913 --- a/fs/coda/cache.c
2914 +++ b/fs/coda/cache.c
2915 @@ -24,7 +24,7 @@
2916 @@ -60885,13 +60832,13 @@ index a93f7e6..d58bcbe 100644
2917 return 0;
2918 while (nr) {
2919 diff --git a/fs/dcache.c b/fs/dcache.c
2920 -index 4366127..b8c2cf9 100644
2921 +index c345f5f..abbda68 100644
2922 --- a/fs/dcache.c
2923 +++ b/fs/dcache.c
2924 @@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head)
2925 - */
2926 static void d_free(struct dentry *dentry)
2927 {
2928 + WARN_ON(!hlist_unhashed(&dentry->d_u.d_alias));
2929 - BUG_ON((int)dentry->d_lockref.count > 0);
2930 + BUG_ON((int)__lockref_read(&dentry->d_lockref) > 0);
2931 this_cpu_dec(nr_dentry);
2932 @@ -60937,7 +60884,7 @@ index 4366127..b8c2cf9 100644
2933 }
2934 @@ -792,7 +792,7 @@ restart:
2935 spin_lock(&inode->i_lock);
2936 - hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
2937 + hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
2938 spin_lock(&dentry->d_lock);
2939 - if (!dentry->d_lockref.count) {
2940 + if (!__lockref_read(&dentry->d_lockref)) {
2941 @@ -61068,7 +61015,7 @@ index 4366127..b8c2cf9 100644
2942 dcache_init();
2943 inode_init();
2944 diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
2945 -index 1ff8fe5..31407fe 100644
2946 +index 4a9f0e0..54ea0cc 100644
2947 --- a/fs/debugfs/inode.c
2948 +++ b/fs/debugfs/inode.c
2949 @@ -422,10 +422,20 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
2950 @@ -64443,13 +64390,13 @@ index 4d45705..b35e0bd 100644
2951 free_page((unsigned long)page);
2952 }
2953 diff --git a/fs/libfs.c b/fs/libfs.c
2954 -index a184424..944ddce 100644
2955 +index 868c0b7..1831f93 100644
2956 --- a/fs/libfs.c
2957 +++ b/fs/libfs.c
2958 @@ -159,6 +159,9 @@ int dcache_readdir(struct file *file, struct dir_context *ctx)
2959
2960 for (p = q->next; p != &dentry->d_subdirs; p = p->next) {
2961 - struct dentry *next = list_entry(p, struct dentry, d_u.d_child);
2962 + struct dentry *next = list_entry(p, struct dentry, d_child);
2963 + char d_name[sizeof(next->d_iname)];
2964 + const unsigned char *name;
2965 +
2966 @@ -67616,7 +67563,7 @@ index dbd0272..3cd5915 100644
2967 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
2968
2969 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
2970 -index c254671..c09368e 100644
2971 +index eaa7374..c531bc5 100644
2972 --- a/fs/proc/task_mmu.c
2973 +++ b/fs/proc/task_mmu.c
2974 @@ -13,12 +13,19 @@
2975 @@ -67783,7 +67730,7 @@ index c254671..c09368e 100644
2976 mss.resident >> 10,
2977 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
2978 mss.shared_clean >> 10,
2979 -@@ -1391,6 +1442,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
2980 +@@ -1414,6 +1465,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
2981 char buffer[64];
2982 int nid;
2983
2984 @@ -67797,7 +67744,7 @@ index c254671..c09368e 100644
2985 if (!mm)
2986 return 0;
2987
2988 -@@ -1408,11 +1466,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
2989 +@@ -1431,11 +1489,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
2990 mpol_to_str(buffer, sizeof(buffer), pol);
2991 mpol_cond_put(pol);
2992
2993 @@ -82261,7 +82208,7 @@ index 653589e..4ef254a 100644
2994 return c | 0x20;
2995 }
2996 diff --git a/include/linux/dcache.h b/include/linux/dcache.h
2997 -index 3b50cac..a3b0c8a 100644
2998 +index 0f0eb1c..776283e 100644
2999 --- a/include/linux/dcache.h
3000 +++ b/include/linux/dcache.h
3001 @@ -123,6 +123,9 @@ struct dentry {
3002 @@ -82272,12 +82219,12 @@ index 3b50cac..a3b0c8a 100644
3003 + atomic_t chroot_refcnt; /* tracks use of directory in chroot */
3004 +#endif
3005 struct list_head d_lru; /* LRU list */
3006 - /*
3007 - * d_child and d_rcu can share memory
3008 + struct list_head d_child; /* child of parent list */
3009 + struct list_head d_subdirs; /* our children */
3010 @@ -133,7 +136,7 @@ struct dentry {
3011 + struct hlist_node d_alias; /* inode alias list */
3012 + struct rcu_head d_rcu;
3013 } d_u;
3014 - struct list_head d_subdirs; /* our children */
3015 - struct hlist_node d_alias; /* inode alias list */
3016 -};
3017 +} __randomize_layout;
3018
3019 @@ -84751,7 +84698,7 @@ index 5bba088..7ad4ae7 100644
3020 static inline int
3021 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
3022 diff --git a/include/linux/mm.h b/include/linux/mm.h
3023 -index 46b8ab5..6823be2 100644
3024 +index a7b311d..5aef73c 100644
3025 --- a/include/linux/mm.h
3026 +++ b/include/linux/mm.h
3027 @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp);
3028 @@ -84794,7 +84741,7 @@ index 46b8ab5..6823be2 100644
3029 static inline void compound_lock(struct page *page)
3030 {
3031 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
3032 -@@ -1120,8 +1128,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
3033 +@@ -1122,8 +1130,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
3034 unsigned long *pfn);
3035 int follow_phys(struct vm_area_struct *vma, unsigned long address,
3036 unsigned int flags, unsigned long *prot, resource_size_t *phys);
3037 @@ -84805,7 +84752,7 @@ index 46b8ab5..6823be2 100644
3038
3039 static inline void unmap_shared_mapping_range(struct address_space *mapping,
3040 loff_t const holebegin, loff_t const holelen)
3041 -@@ -1161,9 +1169,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
3042 +@@ -1163,9 +1171,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
3043 }
3044 #endif
3045
3046 @@ -84818,7 +84765,7 @@ index 46b8ab5..6823be2 100644
3047
3048 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
3049 unsigned long start, unsigned long nr_pages,
3050 -@@ -1195,34 +1203,6 @@ int set_page_dirty(struct page *page);
3051 +@@ -1197,34 +1205,6 @@ int set_page_dirty(struct page *page);
3052 int set_page_dirty_lock(struct page *page);
3053 int clear_page_dirty_for_io(struct page *page);
3054
3055 @@ -84853,7 +84800,7 @@ index 46b8ab5..6823be2 100644
3056 extern pid_t
3057 vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
3058
3059 -@@ -1322,6 +1302,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
3060 +@@ -1324,6 +1304,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
3061 }
3062 #endif
3063
3064 @@ -84869,7 +84816,7 @@ index 46b8ab5..6823be2 100644
3065 int vma_wants_writenotify(struct vm_area_struct *vma);
3066
3067 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
3068 -@@ -1340,8 +1329,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
3069 +@@ -1342,8 +1331,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
3070 {
3071 return 0;
3072 }
3073 @@ -84885,7 +84832,7 @@ index 46b8ab5..6823be2 100644
3074 #endif
3075
3076 #ifdef __PAGETABLE_PMD_FOLDED
3077 -@@ -1350,8 +1346,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
3078 +@@ -1352,8 +1348,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
3079 {
3080 return 0;
3081 }
3082 @@ -84901,7 +84848,7 @@ index 46b8ab5..6823be2 100644
3083 #endif
3084
3085 int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
3086 -@@ -1369,11 +1372,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
3087 +@@ -1371,11 +1374,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
3088 NULL: pud_offset(pgd, address);
3089 }
3090
3091 @@ -84925,7 +84872,7 @@ index 46b8ab5..6823be2 100644
3092 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
3093
3094 #if USE_SPLIT_PTE_PTLOCKS
3095 -@@ -1763,7 +1778,7 @@ extern int install_special_mapping(struct mm_struct *mm,
3096 +@@ -1765,7 +1780,7 @@ extern int install_special_mapping(struct mm_struct *mm,
3097 unsigned long addr, unsigned long len,
3098 unsigned long flags, struct page **pages);
3099
3100 @@ -84934,7 +84881,7 @@ index 46b8ab5..6823be2 100644
3101
3102 extern unsigned long mmap_region(struct file *file, unsigned long addr,
3103 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
3104 -@@ -1771,6 +1786,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
3105 +@@ -1773,6 +1788,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
3106 unsigned long len, unsigned long prot, unsigned long flags,
3107 unsigned long pgoff, unsigned long *populate);
3108 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
3109 @@ -84942,7 +84889,7 @@ index 46b8ab5..6823be2 100644
3110
3111 #ifdef CONFIG_MMU
3112 extern int __mm_populate(unsigned long addr, unsigned long len,
3113 -@@ -1799,10 +1815,11 @@ struct vm_unmapped_area_info {
3114 +@@ -1801,10 +1817,11 @@ struct vm_unmapped_area_info {
3115 unsigned long high_limit;
3116 unsigned long align_mask;
3117 unsigned long align_offset;
3118 @@ -84956,7 +84903,7 @@ index 46b8ab5..6823be2 100644
3119
3120 /*
3121 * Search for an unmapped address range.
3122 -@@ -1814,7 +1831,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
3123 +@@ -1816,7 +1833,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
3124 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
3125 */
3126 static inline unsigned long
3127 @@ -84965,7 +84912,7 @@ index 46b8ab5..6823be2 100644
3128 {
3129 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
3130 return unmapped_area(info);
3131 -@@ -1874,6 +1891,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
3132 +@@ -1876,6 +1893,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
3133 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
3134 struct vm_area_struct **pprev);
3135
3136 @@ -84976,7 +84923,7 @@ index 46b8ab5..6823be2 100644
3137 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
3138 NULL if none. Assume start_addr < end_addr. */
3139 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
3140 -@@ -1902,15 +1923,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
3141 +@@ -1904,15 +1925,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
3142 return vma;
3143 }
3144
3145 @@ -84992,7 +84939,7 @@ index 46b8ab5..6823be2 100644
3146 #ifdef CONFIG_NUMA_BALANCING
3147 unsigned long change_prot_numa(struct vm_area_struct *vma,
3148 unsigned long start, unsigned long end);
3149 -@@ -1962,6 +1974,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
3150 +@@ -1964,6 +1976,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
3151 static inline void vm_stat_account(struct mm_struct *mm,
3152 unsigned long flags, struct file *file, long pages)
3153 {
3154 @@ -85004,7 +84951,7 @@ index 46b8ab5..6823be2 100644
3155 mm->total_vm += pages;
3156 }
3157 #endif /* CONFIG_PROC_FS */
3158 -@@ -2043,7 +2060,7 @@ extern int unpoison_memory(unsigned long pfn);
3159 +@@ -2045,7 +2062,7 @@ extern int unpoison_memory(unsigned long pfn);
3160 extern int sysctl_memory_failure_early_kill;
3161 extern int sysctl_memory_failure_recovery;
3162 extern void shake_page(struct page *p, int access);
3163 @@ -85013,7 +84960,7 @@ index 46b8ab5..6823be2 100644
3164 extern int soft_offline_page(struct page *page, int flags);
3165
3166 #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)
3167 -@@ -2078,5 +2095,11 @@ void __init setup_nr_node_ids(void);
3168 +@@ -2080,5 +2097,11 @@ void __init setup_nr_node_ids(void);
3169 static inline void setup_nr_node_ids(void) {}
3170 #endif
3171
3172 @@ -85391,7 +85338,7 @@ index 17d8339..81656c0 100644
3173 struct iovec;
3174 struct kvec;
3175 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
3176 -index 911718f..f673407 100644
3177 +index bf46cc8..2af7ba8 100644
3178 --- a/include/linux/netdevice.h
3179 +++ b/include/linux/netdevice.h
3180 @@ -1147,6 +1147,7 @@ struct net_device_ops {
3181 @@ -86197,7 +86144,7 @@ index a964f72..b475afb 100644
3182 }
3183
3184 diff --git a/include/linux/sched.h b/include/linux/sched.h
3185 -index 218b058..30088db 100644
3186 +index 91fe6a3..30088db 100644
3187 --- a/include/linux/sched.h
3188 +++ b/include/linux/sched.h
3189 @@ -133,6 +133,7 @@ struct fs_struct;
3190 @@ -86452,15 +86399,6 @@ index 218b058..30088db 100644
3191 {
3192 return tsk->pid;
3193 }
3194 -@@ -1695,7 +1809,7 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
3195 - }
3196 -
3197 -
3198 --static int pid_alive(const struct task_struct *p);
3199 -+static inline int pid_alive(const struct task_struct *p);
3200 - static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
3201 - {
3202 - pid_t pid = 0;
3203 @@ -2015,6 +2129,25 @@ extern u64 sched_clock_cpu(int cpu);
3204
3205 extern void sched_clock_init(void);
3206 @@ -87796,7 +87734,7 @@ index 823ec7b..44c938c 100644
3207 struct rcu_head rcu;
3208 struct inet_peer *gc_next;
3209 diff --git a/include/net/ip.h b/include/net/ip.h
3210 -index 3446cdd..e3d86f4 100644
3211 +index 5128fa7..8814c81 100644
3212 --- a/include/net/ip.h
3213 +++ b/include/net/ip.h
3214 @@ -215,7 +215,7 @@ static inline void snmp_mib_free(void __percpu *ptr[SNMP_ARRAY_SZ])
3215 @@ -88267,7 +88205,7 @@ index 0dfcc92..7967849 100644
3216
3217 /* Structure to track chunk fragments that have been acked, but peer
3218 diff --git a/include/net/sock.h b/include/net/sock.h
3219 -index f66b2b1..b05a13e 100644
3220 +index 0c79a74..862699f 100644
3221 --- a/include/net/sock.h
3222 +++ b/include/net/sock.h
3223 @@ -181,7 +181,8 @@ struct sock_common {
3224 @@ -88324,7 +88262,7 @@ index f66b2b1..b05a13e 100644
3225
3226 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
3227 {
3228 -@@ -1829,7 +1831,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
3229 +@@ -1831,7 +1833,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
3230 }
3231
3232 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
3233 @@ -88333,7 +88271,7 @@ index f66b2b1..b05a13e 100644
3234 int copy, int offset)
3235 {
3236 if (skb->ip_summed == CHECKSUM_NONE) {
3237 -@@ -2091,7 +2093,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
3238 +@@ -2093,7 +2095,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
3239 }
3240 }
3241
3242 @@ -89966,7 +89904,7 @@ index 00adb21..d5954a8 100644
3243 +}
3244 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
3245 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
3246 -index 550e205..b0a7f7d 100644
3247 +index 18711f3..a8e4c7b 100644
3248 --- a/kernel/cgroup.c
3249 +++ b/kernel/cgroup.c
3250 @@ -5189,6 +5189,14 @@ static void cgroup_release_agent(struct work_struct *work)
3251 @@ -95763,7 +95701,7 @@ index 774a080..d09b170 100644
3252 *data_page = bpage;
3253
3254 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
3255 -index 813b021..cdd1400 100644
3256 +index a2d62b3..1997260 100644
3257 --- a/kernel/trace/trace.c
3258 +++ b/kernel/trace/trace.c
3259 @@ -3412,7 +3412,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
3260 @@ -95809,7 +95747,7 @@ index 57b67b1..66082a9 100644
3261 + return atomic64_inc_return_unchecked(&trace_counter);
3262 }
3263 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
3264 -index e4c4efc..ef4e975 100644
3265 +index c6646a5..574b47c 100644
3266 --- a/kernel/trace/trace_events.c
3267 +++ b/kernel/trace/trace_events.c
3268 @@ -1682,7 +1682,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
3269 @@ -97415,7 +97353,7 @@ index a402f8f..f5e5daa 100644
3270 if (end == start)
3271 return error;
3272 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
3273 -index a98c7fc..393f8f1 100644
3274 +index ffc7bf0..b9105bd 100644
3275 --- a/mm/memory-failure.c
3276 +++ b/mm/memory-failure.c
3277 @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
3278 @@ -97521,7 +97459,7 @@ index a98c7fc..393f8f1 100644
3279 return 0;
3280 }
3281
3282 -@@ -1652,7 +1652,7 @@ static int __soft_offline_page(struct page *page, int flags)
3283 +@@ -1650,7 +1650,7 @@ static int __soft_offline_page(struct page *page, int flags)
3284 if (!is_free_buddy_page(page))
3285 pr_info("soft offline: %#lx: page leaked\n",
3286 pfn);
3287 @@ -97530,7 +97468,7 @@ index a98c7fc..393f8f1 100644
3288 }
3289 } else {
3290 pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
3291 -@@ -1726,11 +1726,11 @@ int soft_offline_page(struct page *page, int flags)
3292 +@@ -1724,11 +1724,11 @@ int soft_offline_page(struct page *page, int flags)
3293 if (PageHuge(page)) {
3294 set_page_hwpoison_huge_page(hpage);
3295 dequeue_hwpoisoned_huge_page(hpage);
3296 @@ -97545,7 +97483,7 @@ index a98c7fc..393f8f1 100644
3297 }
3298 unset_migratetype_isolate(page, MIGRATE_MOVABLE);
3299 diff --git a/mm/memory.c b/mm/memory.c
3300 -index 102af09..4118c57 100644
3301 +index 749e1c6..f7fbc29 100644
3302 --- a/mm/memory.c
3303 +++ b/mm/memory.c
3304 @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
3305 @@ -97654,7 +97592,7 @@ index 102af09..4118c57 100644
3306 if (foll_flags & FOLL_WRITE)
3307 fault_flags |= FAULT_FLAG_WRITE;
3308 if (nonblocking)
3309 -@@ -1893,7 +1890,7 @@ next_page:
3310 +@@ -1894,7 +1891,7 @@ next_page:
3311 start += page_increm * PAGE_SIZE;
3312 nr_pages -= page_increm;
3313 } while (nr_pages && start < vma->vm_end);
3314 @@ -97663,7 +97601,7 @@ index 102af09..4118c57 100644
3315 return i;
3316 }
3317 EXPORT_SYMBOL(__get_user_pages);
3318 -@@ -2105,6 +2102,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
3319 +@@ -2106,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
3320 page_add_file_rmap(page);
3321 set_pte_at(mm, addr, pte, mk_pte(page, prot));
3322
3323 @@ -97674,7 +97612,7 @@ index 102af09..4118c57 100644
3324 retval = 0;
3325 pte_unmap_unlock(pte, ptl);
3326 return retval;
3327 -@@ -2149,9 +2150,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
3328 +@@ -2150,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
3329 if (!page_count(page))
3330 return -EINVAL;
3331 if (!(vma->vm_flags & VM_MIXEDMAP)) {
3332 @@ -97696,7 +97634,7 @@ index 102af09..4118c57 100644
3333 }
3334 return insert_page(vma, addr, page, vma->vm_page_prot);
3335 }
3336 -@@ -2234,6 +2247,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
3337 +@@ -2235,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
3338 unsigned long pfn)
3339 {
3340 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
3341 @@ -97704,7 +97642,7 @@ index 102af09..4118c57 100644
3342
3343 if (addr < vma->vm_start || addr >= vma->vm_end)
3344 return -EFAULT;
3345 -@@ -2481,7 +2495,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
3346 +@@ -2482,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
3347
3348 BUG_ON(pud_huge(*pud));
3349
3350 @@ -97715,7 +97653,7 @@ index 102af09..4118c57 100644
3351 if (!pmd)
3352 return -ENOMEM;
3353 do {
3354 -@@ -2501,7 +2517,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
3355 +@@ -2502,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
3356 unsigned long next;
3357 int err;
3358
3359 @@ -97726,7 +97664,7 @@ index 102af09..4118c57 100644
3360 if (!pud)
3361 return -ENOMEM;
3362 do {
3363 -@@ -2591,6 +2609,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
3364 +@@ -2592,6 +2610,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
3365 copy_user_highpage(dst, src, va, vma);
3366 }
3367
3368 @@ -97913,7 +97851,7 @@ index 102af09..4118c57 100644
3369 /*
3370 * This routine handles present pages, when users try to write
3371 * to a shared page. It is done by copying the page to a new address
3372 -@@ -2815,6 +3013,12 @@ gotten:
3373 +@@ -2816,6 +3014,12 @@ gotten:
3374 */
3375 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
3376 if (likely(pte_same(*page_table, orig_pte))) {
3377 @@ -97926,7 +97864,7 @@ index 102af09..4118c57 100644
3378 if (old_page) {
3379 if (!PageAnon(old_page)) {
3380 dec_mm_counter_fast(mm, MM_FILEPAGES);
3381 -@@ -2866,6 +3070,10 @@ gotten:
3382 +@@ -2867,6 +3071,10 @@ gotten:
3383 page_remove_rmap(old_page);
3384 }
3385
3386 @@ -97937,7 +97875,7 @@ index 102af09..4118c57 100644
3387 /* Free the old page.. */
3388 new_page = old_page;
3389 ret |= VM_FAULT_WRITE;
3390 -@@ -3143,6 +3351,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3391 +@@ -3144,6 +3352,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3392 swap_free(entry);
3393 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
3394 try_to_free_swap(page);
3395 @@ -97949,7 +97887,7 @@ index 102af09..4118c57 100644
3396 unlock_page(page);
3397 if (page != swapcache) {
3398 /*
3399 -@@ -3166,6 +3379,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3400 +@@ -3167,6 +3380,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3401
3402 /* No need to invalidate - it was non-present before */
3403 update_mmu_cache(vma, address, page_table);
3404 @@ -97961,7 +97899,7 @@ index 102af09..4118c57 100644
3405 unlock:
3406 pte_unmap_unlock(page_table, ptl);
3407 out:
3408 -@@ -3185,40 +3403,6 @@ out_release:
3409 +@@ -3186,40 +3404,6 @@ out_release:
3410 }
3411
3412 /*
3413 @@ -98002,7 +97940,7 @@ index 102af09..4118c57 100644
3414 * We enter with non-exclusive mmap_sem (to exclude vma changes,
3415 * but allow concurrent faults), and pte mapped but not yet locked.
3416 * We return with mmap_sem still held, but pte unmapped and unlocked.
3417 -@@ -3227,27 +3411,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
3418 +@@ -3228,27 +3412,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
3419 unsigned long address, pte_t *page_table, pmd_t *pmd,
3420 unsigned int flags)
3421 {
3422 @@ -98015,7 +97953,7 @@ index 102af09..4118c57 100644
3423 -
3424 - /* Check if we need to add a guard page to the stack */
3425 - if (check_stack_guard_page(vma, address) < 0)
3426 -- return VM_FAULT_SIGBUS;
3427 +- return VM_FAULT_SIGSEGV;
3428 -
3429 - /* Use the zero-page for reads */
3430 if (!(flags & FAULT_FLAG_WRITE)) {
3431 @@ -98035,7 +97973,7 @@ index 102af09..4118c57 100644
3432 if (unlikely(anon_vma_prepare(vma)))
3433 goto oom;
3434 page = alloc_zeroed_user_highpage_movable(vma, address);
3435 -@@ -3271,6 +3451,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
3436 +@@ -3272,6 +3452,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
3437 if (!pte_none(*page_table))
3438 goto release;
3439
3440 @@ -98047,7 +97985,7 @@ index 102af09..4118c57 100644
3441 inc_mm_counter_fast(mm, MM_ANONPAGES);
3442 page_add_new_anon_rmap(page, vma, address);
3443 setpte:
3444 -@@ -3278,6 +3463,12 @@ setpte:
3445 +@@ -3279,6 +3464,12 @@ setpte:
3446
3447 /* No need to invalidate - it was non-present before */
3448 update_mmu_cache(vma, address, page_table);
3449 @@ -98060,7 +97998,7 @@ index 102af09..4118c57 100644
3450 unlock:
3451 pte_unmap_unlock(page_table, ptl);
3452 return 0;
3453 -@@ -3422,6 +3613,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3454 +@@ -3423,6 +3614,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3455 */
3456 /* Only go through if we didn't race with anybody else... */
3457 if (likely(pte_same(*page_table, orig_pte))) {
3458 @@ -98073,7 +98011,7 @@ index 102af09..4118c57 100644
3459 flush_icache_page(vma, page);
3460 entry = mk_pte(page, vma->vm_page_prot);
3461 if (flags & FAULT_FLAG_WRITE)
3462 -@@ -3443,6 +3640,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3463 +@@ -3444,6 +3641,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3464
3465 /* no need to invalidate: a not-present page won't be cached */
3466 update_mmu_cache(vma, address, page_table);
3467 @@ -98088,7 +98026,7 @@ index 102af09..4118c57 100644
3468 } else {
3469 if (cow_page)
3470 mem_cgroup_uncharge_page(cow_page);
3471 -@@ -3690,6 +3895,12 @@ static int handle_pte_fault(struct mm_struct *mm,
3472 +@@ -3691,6 +3896,12 @@ static int handle_pte_fault(struct mm_struct *mm,
3473 if (flags & FAULT_FLAG_WRITE)
3474 flush_tlb_fix_spurious_fault(vma, address);
3475 }
3476 @@ -98101,7 +98039,7 @@ index 102af09..4118c57 100644
3477 unlock:
3478 pte_unmap_unlock(pte, ptl);
3479 return 0;
3480 -@@ -3706,9 +3917,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3481 +@@ -3707,9 +3918,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
3482 pmd_t *pmd;
3483 pte_t *pte;
3484
3485 @@ -98143,7 +98081,7 @@ index 102af09..4118c57 100644
3486 pgd = pgd_offset(mm, address);
3487 pud = pud_alloc(mm, pgd, address);
3488 if (!pud)
3489 -@@ -3836,6 +4079,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
3490 +@@ -3837,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
3491 spin_unlock(&mm->page_table_lock);
3492 return 0;
3493 }
3494 @@ -98167,7 +98105,7 @@ index 102af09..4118c57 100644
3495 #endif /* __PAGETABLE_PUD_FOLDED */
3496
3497 #ifndef __PAGETABLE_PMD_FOLDED
3498 -@@ -3866,6 +4126,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
3499 +@@ -3867,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
3500 spin_unlock(&mm->page_table_lock);
3501 return 0;
3502 }
3503 @@ -98198,7 +98136,7 @@ index 102af09..4118c57 100644
3504 #endif /* __PAGETABLE_PMD_FOLDED */
3505
3506 #if !defined(__HAVE_ARCH_GATE_AREA)
3507 -@@ -3879,7 +4163,7 @@ static int __init gate_vma_init(void)
3508 +@@ -3880,7 +4164,7 @@ static int __init gate_vma_init(void)
3509 gate_vma.vm_start = FIXADDR_USER_START;
3510 gate_vma.vm_end = FIXADDR_USER_END;
3511 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
3512 @@ -98207,7 +98145,7 @@ index 102af09..4118c57 100644
3513
3514 return 0;
3515 }
3516 -@@ -4013,8 +4297,8 @@ out:
3517 +@@ -4014,8 +4298,8 @@ out:
3518 return ret;
3519 }
3520
3521 @@ -98218,7 +98156,7 @@ index 102af09..4118c57 100644
3522 {
3523 resource_size_t phys_addr;
3524 unsigned long prot = 0;
3525 -@@ -4040,8 +4324,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
3526 +@@ -4041,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
3527 * Access another process' address space as given in mm. If non-NULL, use the
3528 * given task for page fault accounting.
3529 */
3530 @@ -98229,7 +98167,7 @@ index 102af09..4118c57 100644
3531 {
3532 struct vm_area_struct *vma;
3533 void *old_buf = buf;
3534 -@@ -4049,7 +4333,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
3535 +@@ -4050,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
3536 down_read(&mm->mmap_sem);
3537 /* ignore errors, just check how much was successfully transferred */
3538 while (len) {
3539 @@ -98238,7 +98176,7 @@ index 102af09..4118c57 100644
3540 void *maddr;
3541 struct page *page = NULL;
3542
3543 -@@ -4108,8 +4392,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
3544 +@@ -4109,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
3545 *
3546 * The caller must hold a reference on @mm.
3547 */
3548 @@ -98249,7 +98187,7 @@ index 102af09..4118c57 100644
3549 {
3550 return __access_remote_vm(NULL, mm, addr, buf, len, write);
3551 }
3552 -@@ -4119,11 +4403,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
3553 +@@ -4120,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
3554 * Source/target buffer must be kernel space,
3555 * Do not walk the page table directly, use get_user_pages
3556 */
3557 @@ -103018,7 +102956,7 @@ index a16ed7b..eb44d17 100644
3558
3559 return err;
3560 diff --git a/net/core/dev.c b/net/core/dev.c
3561 -index f6d8d7f..846845c 100644
3562 +index 73abbd7..1bae4ad 100644
3563 --- a/net/core/dev.c
3564 +++ b/net/core/dev.c
3565 @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
3566 @@ -103047,7 +102985,7 @@ index f6d8d7f..846845c 100644
3567
3568 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
3569
3570 -@@ -3238,7 +3238,7 @@ enqueue:
3571 +@@ -3240,7 +3240,7 @@ enqueue:
3572
3573 local_irq_restore(flags);
3574
3575 @@ -103056,7 +102994,7 @@ index f6d8d7f..846845c 100644
3576 kfree_skb(skb);
3577 return NET_RX_DROP;
3578 }
3579 -@@ -3319,7 +3319,7 @@ int netif_rx_ni(struct sk_buff *skb)
3580 +@@ -3321,7 +3321,7 @@ int netif_rx_ni(struct sk_buff *skb)
3581 }
3582 EXPORT_SYMBOL(netif_rx_ni);
3583
3584 @@ -103065,7 +103003,7 @@ index f6d8d7f..846845c 100644
3585 {
3586 struct softnet_data *sd = &__get_cpu_var(softnet_data);
3587
3588 -@@ -3656,7 +3656,7 @@ ncls:
3589 +@@ -3658,7 +3658,7 @@ ncls:
3590 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
3591 } else {
3592 drop:
3593 @@ -103074,7 +103012,7 @@ index f6d8d7f..846845c 100644
3594 kfree_skb(skb);
3595 /* Jamal, now you will not able to escape explaining
3596 * me how you were going to use this. :-)
3597 -@@ -4346,7 +4346,7 @@ void netif_napi_del(struct napi_struct *napi)
3598 +@@ -4348,7 +4348,7 @@ void netif_napi_del(struct napi_struct *napi)
3599 }
3600 EXPORT_SYMBOL(netif_napi_del);
3601
3602 @@ -103083,7 +103021,7 @@ index f6d8d7f..846845c 100644
3603 {
3604 struct softnet_data *sd = &__get_cpu_var(softnet_data);
3605 unsigned long time_limit = jiffies + 2;
3606 -@@ -5066,7 +5066,7 @@ void netdev_upper_dev_unlink(struct net_device *dev,
3607 +@@ -5068,7 +5068,7 @@ void netdev_upper_dev_unlink(struct net_device *dev,
3608 }
3609 EXPORT_SYMBOL(netdev_upper_dev_unlink);
3610
3611 @@ -103092,7 +103030,7 @@ index f6d8d7f..846845c 100644
3612 {
3613 struct netdev_adjacent *iter;
3614
3615 -@@ -5091,7 +5091,7 @@ void netdev_adjacent_add_links(struct net_device *dev)
3616 +@@ -5093,7 +5093,7 @@ void netdev_adjacent_add_links(struct net_device *dev)
3617 }
3618 }
3619
3620 @@ -103101,7 +103039,7 @@ index f6d8d7f..846845c 100644
3621 {
3622 struct netdev_adjacent *iter;
3623
3624 -@@ -6376,7 +6376,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
3625 +@@ -6378,7 +6378,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
3626 } else {
3627 netdev_stats_to_stats64(storage, &dev->stats);
3628 }
3629 @@ -103110,7 +103048,7 @@ index f6d8d7f..846845c 100644
3630 return storage;
3631 }
3632 EXPORT_SYMBOL(dev_get_stats);
3633 -@@ -6392,7 +6392,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
3634 +@@ -6394,7 +6394,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
3635 if (!queue)
3636 return NULL;
3637 netdev_init_one_queue(dev, queue, NULL);
3638 @@ -103612,7 +103550,7 @@ index e2b1bba..71bd8fe 100644
3639 }
3640
3641 diff --git a/net/core/sock.c b/net/core/sock.c
3642 -index c806956..b63d825 100644
3643 +index 650dd58..25162a5 100644
3644 --- a/net/core/sock.c
3645 +++ b/net/core/sock.c
3646 @@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
3647 @@ -103660,7 +103598,7 @@ index c806956..b63d825 100644
3648 goto discard_and_relse;
3649 }
3650
3651 -@@ -998,12 +998,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3652 +@@ -1017,12 +1017,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3653 struct timeval tm;
3654 } v;
3655
3656 @@ -103676,7 +103614,7 @@ index c806956..b63d825 100644
3657 return -EINVAL;
3658
3659 memset(&v, 0, sizeof(v));
3660 -@@ -1155,11 +1155,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3661 +@@ -1174,11 +1174,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3662
3663 case SO_PEERNAME:
3664 {
3665 @@ -103690,7 +103628,7 @@ index c806956..b63d825 100644
3666 return -EINVAL;
3667 if (copy_to_user(optval, address, len))
3668 return -EFAULT;
3669 -@@ -1240,7 +1240,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3670 +@@ -1259,7 +1259,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
3671
3672 if (len > lv)
3673 len = lv;
3674 @@ -103699,7 +103637,7 @@ index c806956..b63d825 100644
3675 return -EFAULT;
3676 lenout:
3677 if (put_user(len, optlen))
3678 -@@ -1731,6 +1731,8 @@ EXPORT_SYMBOL(sock_kmalloc);
3679 +@@ -1750,6 +1750,8 @@ EXPORT_SYMBOL(sock_kmalloc);
3680 */
3681 void sock_kfree_s(struct sock *sk, void *mem, int size)
3682 {
3683 @@ -103708,7 +103646,7 @@ index c806956..b63d825 100644
3684 kfree(mem);
3685 atomic_sub(size, &sk->sk_omem_alloc);
3686 }
3687 -@@ -2375,7 +2377,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
3688 +@@ -2394,7 +2396,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
3689 */
3690 smp_wmb();
3691 atomic_set(&sk->sk_refcnt, 1);
3692 @@ -103717,7 +103655,7 @@ index c806956..b63d825 100644
3693 }
3694 EXPORT_SYMBOL(sock_init_data);
3695
3696 -@@ -2503,6 +2505,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
3697 +@@ -2522,6 +2524,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
3698 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3699 int level, int type)
3700 {
3701 @@ -103725,7 +103663,7 @@ index c806956..b63d825 100644
3702 struct sock_exterr_skb *serr;
3703 struct sk_buff *skb, *skb2;
3704 int copied, err;
3705 -@@ -2524,7 +2527,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3706 +@@ -2543,7 +2546,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3707 sock_recv_timestamp(msg, sk, skb);
3708
3709 serr = SKB_EXT_ERR(skb);
3710 @@ -104904,7 +104842,7 @@ index 44eba05..b36864b 100644
3711 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
3712 if (hdr == NULL)
3713 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
3714 -index 2291791..7b62d2b 100644
3715 +index 9fbd69e..285e21e 100644
3716 --- a/net/ipv4/tcp_input.c
3717 +++ b/net/ipv4/tcp_input.c
3718 @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
3719 @@ -104916,7 +104854,7 @@ index 2291791..7b62d2b 100644
3720 sk->sk_max_pacing_rate);
3721 }
3722
3723 -@@ -4482,7 +4482,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
3724 +@@ -4483,7 +4483,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
3725 * simplifies code)
3726 */
3727 static void
3728 @@ -104925,7 +104863,7 @@ index 2291791..7b62d2b 100644
3729 struct sk_buff *head, struct sk_buff *tail,
3730 u32 start, u32 end)
3731 {
3732 -@@ -5559,6 +5559,7 @@ discard:
3733 +@@ -5560,6 +5560,7 @@ discard:
3734 tcp_paws_reject(&tp->rx_opt, 0))
3735 goto discard_and_undo;
3736
3737 @@ -104933,7 +104871,7 @@ index 2291791..7b62d2b 100644
3738 if (th->syn) {
3739 /* We see SYN without ACK. It is attempt of
3740 * simultaneous connect with crossed SYNs.
3741 -@@ -5609,6 +5610,7 @@ discard:
3742 +@@ -5610,6 +5611,7 @@ discard:
3743 goto discard;
3744 #endif
3745 }
3746 @@ -104941,7 +104879,7 @@ index 2291791..7b62d2b 100644
3747 /* "fifth, if neither of the SYN or RST bits is set then
3748 * drop the segment and return."
3749 */
3750 -@@ -5655,7 +5657,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
3751 +@@ -5656,7 +5658,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
3752 goto discard;
3753
3754 if (th->syn) {
3755 @@ -104951,7 +104889,7 @@ index 2291791..7b62d2b 100644
3756 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
3757 return 1;
3758 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
3759 -index b7effad..70ddfe0 100644
3760 +index e2f8bd0..6c664ad 100644
3761 --- a/net/ipv4/tcp_ipv4.c
3762 +++ b/net/ipv4/tcp_ipv4.c
3763 @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;
3764 @@ -105965,7 +105903,7 @@ index 7f405a1..eabef92 100644
3765 struct ctl_table *ipv6_icmp_table;
3766 int err;
3767 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
3768 -index a4f890d..5db3708 100644
3769 +index 9d4332d..4292595 100644
3770 --- a/net/ipv6/tcp_ipv6.c
3771 +++ b/net/ipv6/tcp_ipv6.c
3772 @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
3773
3774 diff --git a/3.19.5/4425_grsec_remove_EI_PAX.patch b/3.14.40/4425_grsec_remove_EI_PAX.patch
3775 similarity index 100%
3776 rename from 3.19.5/4425_grsec_remove_EI_PAX.patch
3777 rename to 3.14.40/4425_grsec_remove_EI_PAX.patch
3778
3779 diff --git a/3.14.39/4427_force_XATTR_PAX_tmpfs.patch b/3.14.40/4427_force_XATTR_PAX_tmpfs.patch
3780 similarity index 100%
3781 rename from 3.14.39/4427_force_XATTR_PAX_tmpfs.patch
3782 rename to 3.14.40/4427_force_XATTR_PAX_tmpfs.patch
3783
3784 diff --git a/3.19.5/4430_grsec-remove-localversion-grsec.patch b/3.14.40/4430_grsec-remove-localversion-grsec.patch
3785 similarity index 100%
3786 rename from 3.19.5/4430_grsec-remove-localversion-grsec.patch
3787 rename to 3.14.40/4430_grsec-remove-localversion-grsec.patch
3788
3789 diff --git a/3.14.39/4435_grsec-mute-warnings.patch b/3.14.40/4435_grsec-mute-warnings.patch
3790 similarity index 100%
3791 rename from 3.14.39/4435_grsec-mute-warnings.patch
3792 rename to 3.14.40/4435_grsec-mute-warnings.patch
3793
3794 diff --git a/3.19.5/4440_grsec-remove-protected-paths.patch b/3.14.40/4440_grsec-remove-protected-paths.patch
3795 similarity index 100%
3796 rename from 3.19.5/4440_grsec-remove-protected-paths.patch
3797 rename to 3.14.40/4440_grsec-remove-protected-paths.patch
3798
3799 diff --git a/3.14.39/4450_grsec-kconfig-default-gids.patch b/3.14.40/4450_grsec-kconfig-default-gids.patch
3800 similarity index 100%
3801 rename from 3.14.39/4450_grsec-kconfig-default-gids.patch
3802 rename to 3.14.40/4450_grsec-kconfig-default-gids.patch
3803
3804 diff --git a/3.14.39/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.40/4465_selinux-avc_audit-log-curr_ip.patch
3805 similarity index 100%
3806 rename from 3.14.39/4465_selinux-avc_audit-log-curr_ip.patch
3807 rename to 3.14.40/4465_selinux-avc_audit-log-curr_ip.patch
3808
3809 diff --git a/3.14.39/4470_disable-compat_vdso.patch b/3.14.40/4470_disable-compat_vdso.patch
3810 similarity index 100%
3811 rename from 3.14.39/4470_disable-compat_vdso.patch
3812 rename to 3.14.40/4470_disable-compat_vdso.patch
3813
3814 diff --git a/3.19.5/4475_emutramp_default_on.patch b/3.14.40/4475_emutramp_default_on.patch
3815 similarity index 100%
3816 rename from 3.19.5/4475_emutramp_default_on.patch
3817 rename to 3.14.40/4475_emutramp_default_on.patch
3818
3819 diff --git a/3.19.5/0000_README b/3.19.6/0000_README
3820 similarity index 92%
3821 rename from 3.19.5/0000_README
3822 rename to 3.19.6/0000_README
3823 index 4fd49ef..725e5d4 100644
3824 --- a/3.19.5/0000_README
3825 +++ b/3.19.6/0000_README
3826 @@ -2,7 +2,11 @@ README
3827 -----------------------------------------------------------------------------
3828 Individual Patch Descriptions:
3829 -----------------------------------------------------------------------------
3830 -Patch: 4420_grsecurity-3.1-3.19.5-201504270827.patch
3831 +Patch: 1005_linux-3.19.6.patch
3832 +From: http://www.kernel.org
3833 +Desc: Linux 3.19.6
3834 +
3835 +Patch: 4420_grsecurity-3.1-3.19.6-201504290821.patch
3836 From: http://www.grsecurity.net
3837 Desc: hardened-sources base patch from upstream grsecurity
3838
3839
3840 diff --git a/3.19.6/1005_linux-3.19.6.patch b/3.19.6/1005_linux-3.19.6.patch
3841 new file mode 100644
3842 index 0000000..f55bc7e
3843 --- /dev/null
3844 +++ b/3.19.6/1005_linux-3.19.6.patch
3845 @@ -0,0 +1,1674 @@
3846 +diff --git a/Makefile b/Makefile
3847 +index 633b5f0..65c7c87 100644
3848 +--- a/Makefile
3849 ++++ b/Makefile
3850 +@@ -1,6 +1,6 @@
3851 + VERSION = 3
3852 + PATCHLEVEL = 19
3853 +-SUBLEVEL = 5
3854 ++SUBLEVEL = 6
3855 + EXTRAVERSION =
3856 + NAME = Diseased Newt
3857 +
3858 +diff --git a/arch/arm/mm/hugetlbpage.c b/arch/arm/mm/hugetlbpage.c
3859 +index 66781bf..c724124 100644
3860 +--- a/arch/arm/mm/hugetlbpage.c
3861 ++++ b/arch/arm/mm/hugetlbpage.c
3862 +@@ -36,12 +36,6 @@
3863 + * of type casting from pmd_t * to pte_t *.
3864 + */
3865 +
3866 +-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
3867 +- int write)
3868 +-{
3869 +- return ERR_PTR(-EINVAL);
3870 +-}
3871 +-
3872 + int pud_huge(pud_t pud)
3873 + {
3874 + return 0;
3875 +diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
3876 +index 023747b..2de9d2e 100644
3877 +--- a/arch/arm64/mm/hugetlbpage.c
3878 ++++ b/arch/arm64/mm/hugetlbpage.c
3879 +@@ -38,12 +38,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
3880 + }
3881 + #endif
3882 +
3883 +-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
3884 +- int write)
3885 +-{
3886 +- return ERR_PTR(-EINVAL);
3887 +-}
3888 +-
3889 + int pmd_huge(pmd_t pmd)
3890 + {
3891 + return !(pmd_val(pmd) & PMD_TABLE_BIT);
3892 +diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
3893 +index 76069c1..52b7604 100644
3894 +--- a/arch/ia64/mm/hugetlbpage.c
3895 ++++ b/arch/ia64/mm/hugetlbpage.c
3896 +@@ -114,12 +114,6 @@ int pud_huge(pud_t pud)
3897 + return 0;
3898 + }
3899 +
3900 +-struct page *
3901 +-follow_huge_pmd(struct mm_struct *mm, unsigned long address, pmd_t *pmd, int write)
3902 +-{
3903 +- return NULL;
3904 +-}
3905 +-
3906 + void hugetlb_free_pgd_range(struct mmu_gather *tlb,
3907 + unsigned long addr, unsigned long end,
3908 + unsigned long floor, unsigned long ceiling)
3909 +diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
3910 +index 3c32075..7ca80ac 100644
3911 +--- a/arch/metag/mm/hugetlbpage.c
3912 ++++ b/arch/metag/mm/hugetlbpage.c
3913 +@@ -94,12 +94,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
3914 + return 0;
3915 + }
3916 +
3917 +-struct page *follow_huge_addr(struct mm_struct *mm,
3918 +- unsigned long address, int write)
3919 +-{
3920 +- return ERR_PTR(-EINVAL);
3921 +-}
3922 +-
3923 + int pmd_huge(pmd_t pmd)
3924 + {
3925 + return pmd_page_shift(pmd) > PAGE_SHIFT;
3926 +diff --git a/arch/mips/mm/hugetlbpage.c b/arch/mips/mm/hugetlbpage.c
3927 +index 4ec8ee1..06e0f42 100644
3928 +--- a/arch/mips/mm/hugetlbpage.c
3929 ++++ b/arch/mips/mm/hugetlbpage.c
3930 +@@ -68,12 +68,6 @@ int is_aligned_hugepage_range(unsigned long addr, unsigned long len)
3931 + return 0;
3932 + }
3933 +
3934 +-struct page *
3935 +-follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
3936 +-{
3937 +- return ERR_PTR(-EINVAL);
3938 +-}
3939 +-
3940 + int pmd_huge(pmd_t pmd)
3941 + {
3942 + return (pmd_val(pmd) & _PAGE_HUGE) != 0;
3943 +@@ -83,15 +77,3 @@ int pud_huge(pud_t pud)
3944 + {
3945 + return (pud_val(pud) & _PAGE_HUGE) != 0;
3946 + }
3947 +-
3948 +-struct page *
3949 +-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
3950 +- pmd_t *pmd, int write)
3951 +-{
3952 +- struct page *page;
3953 +-
3954 +- page = pte_page(*(pte_t *)pmd);
3955 +- if (page)
3956 +- page += ((address & ~HPAGE_MASK) >> PAGE_SHIFT);
3957 +- return page;
3958 +-}
3959 +diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c
3960 +index 620d0ec..7e408bf 100644
3961 +--- a/arch/powerpc/mm/hugetlbpage.c
3962 ++++ b/arch/powerpc/mm/hugetlbpage.c
3963 +@@ -714,6 +714,14 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
3964 + return NULL;
3965 + }
3966 +
3967 ++struct page *
3968 ++follow_huge_pud(struct mm_struct *mm, unsigned long address,
3969 ++ pud_t *pud, int write)
3970 ++{
3971 ++ BUG();
3972 ++ return NULL;
3973 ++}
3974 ++
3975 + static unsigned long hugepte_addr_end(unsigned long addr, unsigned long end,
3976 + unsigned long sz)
3977 + {
3978 +diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
3979 +index 3c80d2e..210ffed 100644
3980 +--- a/arch/s390/mm/hugetlbpage.c
3981 ++++ b/arch/s390/mm/hugetlbpage.c
3982 +@@ -192,12 +192,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
3983 + return 0;
3984 + }
3985 +
3986 +-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
3987 +- int write)
3988 +-{
3989 +- return ERR_PTR(-EINVAL);
3990 +-}
3991 +-
3992 + int pmd_huge(pmd_t pmd)
3993 + {
3994 + if (!MACHINE_HAS_HPAGE)
3995 +@@ -210,17 +204,3 @@ int pud_huge(pud_t pud)
3996 + {
3997 + return 0;
3998 + }
3999 +-
4000 +-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4001 +- pmd_t *pmdp, int write)
4002 +-{
4003 +- struct page *page;
4004 +-
4005 +- if (!MACHINE_HAS_HPAGE)
4006 +- return NULL;
4007 +-
4008 +- page = pmd_page(*pmdp);
4009 +- if (page)
4010 +- page += ((address & ~HPAGE_MASK) >> PAGE_SHIFT);
4011 +- return page;
4012 +-}
4013 +diff --git a/arch/sh/mm/hugetlbpage.c b/arch/sh/mm/hugetlbpage.c
4014 +index d776234..534bc97 100644
4015 +--- a/arch/sh/mm/hugetlbpage.c
4016 ++++ b/arch/sh/mm/hugetlbpage.c
4017 +@@ -67,12 +67,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
4018 + return 0;
4019 + }
4020 +
4021 +-struct page *follow_huge_addr(struct mm_struct *mm,
4022 +- unsigned long address, int write)
4023 +-{
4024 +- return ERR_PTR(-EINVAL);
4025 +-}
4026 +-
4027 + int pmd_huge(pmd_t pmd)
4028 + {
4029 + return 0;
4030 +@@ -82,9 +76,3 @@ int pud_huge(pud_t pud)
4031 + {
4032 + return 0;
4033 + }
4034 +-
4035 +-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4036 +- pmd_t *pmd, int write)
4037 +-{
4038 +- return NULL;
4039 +-}
4040 +diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
4041 +index d329537..4242eab 100644
4042 +--- a/arch/sparc/mm/hugetlbpage.c
4043 ++++ b/arch/sparc/mm/hugetlbpage.c
4044 +@@ -215,12 +215,6 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
4045 + return entry;
4046 + }
4047 +
4048 +-struct page *follow_huge_addr(struct mm_struct *mm,
4049 +- unsigned long address, int write)
4050 +-{
4051 +- return ERR_PTR(-EINVAL);
4052 +-}
4053 +-
4054 + int pmd_huge(pmd_t pmd)
4055 + {
4056 + return 0;
4057 +@@ -230,9 +224,3 @@ int pud_huge(pud_t pud)
4058 + {
4059 + return 0;
4060 + }
4061 +-
4062 +-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4063 +- pmd_t *pmd, int write)
4064 +-{
4065 +- return NULL;
4066 +-}
4067 +diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
4068 +index 3270e00..8416240 100644
4069 +--- a/arch/tile/mm/hugetlbpage.c
4070 ++++ b/arch/tile/mm/hugetlbpage.c
4071 +@@ -150,12 +150,6 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
4072 + return NULL;
4073 + }
4074 +
4075 +-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
4076 +- int write)
4077 +-{
4078 +- return ERR_PTR(-EINVAL);
4079 +-}
4080 +-
4081 + int pmd_huge(pmd_t pmd)
4082 + {
4083 + return !!(pmd_val(pmd) & _PAGE_HUGE_PAGE);
4084 +@@ -166,28 +160,6 @@ int pud_huge(pud_t pud)
4085 + return !!(pud_val(pud) & _PAGE_HUGE_PAGE);
4086 + }
4087 +
4088 +-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4089 +- pmd_t *pmd, int write)
4090 +-{
4091 +- struct page *page;
4092 +-
4093 +- page = pte_page(*(pte_t *)pmd);
4094 +- if (page)
4095 +- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
4096 +- return page;
4097 +-}
4098 +-
4099 +-struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,
4100 +- pud_t *pud, int write)
4101 +-{
4102 +- struct page *page;
4103 +-
4104 +- page = pte_page(*(pte_t *)pud);
4105 +- if (page)
4106 +- page += ((address & ~PUD_MASK) >> PAGE_SHIFT);
4107 +- return page;
4108 +-}
4109 +-
4110 + int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
4111 + {
4112 + return 0;
4113 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
4114 +index d4c58d8..3124464 100644
4115 +--- a/arch/x86/kvm/vmx.c
4116 ++++ b/arch/x86/kvm/vmx.c
4117 +@@ -2404,8 +2404,7 @@ static __init void nested_vmx_setup_ctls_msrs(void)
4118 +
4119 + if (enable_ept) {
4120 + /* nested EPT: emulate EPT also to L1 */
4121 +- nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT |
4122 +- SECONDARY_EXEC_UNRESTRICTED_GUEST;
4123 ++ nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT;
4124 + nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT |
4125 + VMX_EPTP_WB_BIT | VMX_EPT_2MB_PAGE_BIT |
4126 + VMX_EPT_INVEPT_BIT;
4127 +@@ -2419,6 +2418,10 @@ static __init void nested_vmx_setup_ctls_msrs(void)
4128 + } else
4129 + nested_vmx_ept_caps = 0;
4130 +
4131 ++ if (enable_unrestricted_guest)
4132 ++ nested_vmx_secondary_ctls_high |=
4133 ++ SECONDARY_EXEC_UNRESTRICTED_GUEST;
4134 ++
4135 + /* miscellaneous data */
4136 + rdmsr(MSR_IA32_VMX_MISC, nested_vmx_misc_low, nested_vmx_misc_high);
4137 + nested_vmx_misc_low &= VMX_MISC_SAVE_EFER_LMA;
4138 +diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
4139 +index 006cc91..9161f76 100644
4140 +--- a/arch/x86/mm/hugetlbpage.c
4141 ++++ b/arch/x86/mm/hugetlbpage.c
4142 +@@ -52,20 +52,8 @@ int pud_huge(pud_t pud)
4143 + return 0;
4144 + }
4145 +
4146 +-struct page *
4147 +-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4148 +- pmd_t *pmd, int write)
4149 +-{
4150 +- return NULL;
4151 +-}
4152 + #else
4153 +
4154 +-struct page *
4155 +-follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
4156 +-{
4157 +- return ERR_PTR(-EINVAL);
4158 +-}
4159 +-
4160 + /*
4161 + * pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal
4162 + * hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry.
4163 +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
4164 +index 0dceba1..68ad39a 100644
4165 +--- a/drivers/net/bonding/bond_main.c
4166 ++++ b/drivers/net/bonding/bond_main.c
4167 +@@ -3797,7 +3797,8 @@ static inline int bond_slave_override(struct bonding *bond,
4168 + /* Find out if any slaves have the same mapping as this skb. */
4169 + bond_for_each_slave_rcu(bond, slave, iter) {
4170 + if (slave->queue_id == skb->queue_mapping) {
4171 +- if (bond_slave_can_tx(slave)) {
4172 ++ if (bond_slave_is_up(slave) &&
4173 ++ slave->link == BOND_LINK_UP) {
4174 + bond_dev_queue_xmit(bond, skb, slave->dev);
4175 + return 0;
4176 + }
4177 +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
4178 +index c3a6072..2559206 100644
4179 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
4180 ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
4181 +@@ -531,20 +531,8 @@ struct bnx2x_fastpath {
4182 + struct napi_struct napi;
4183 +
4184 + #ifdef CONFIG_NET_RX_BUSY_POLL
4185 +- unsigned int state;
4186 +-#define BNX2X_FP_STATE_IDLE 0
4187 +-#define BNX2X_FP_STATE_NAPI (1 << 0) /* NAPI owns this FP */
4188 +-#define BNX2X_FP_STATE_POLL (1 << 1) /* poll owns this FP */
4189 +-#define BNX2X_FP_STATE_DISABLED (1 << 2)
4190 +-#define BNX2X_FP_STATE_NAPI_YIELD (1 << 3) /* NAPI yielded this FP */
4191 +-#define BNX2X_FP_STATE_POLL_YIELD (1 << 4) /* poll yielded this FP */
4192 +-#define BNX2X_FP_OWNED (BNX2X_FP_STATE_NAPI | BNX2X_FP_STATE_POLL)
4193 +-#define BNX2X_FP_YIELD (BNX2X_FP_STATE_NAPI_YIELD | BNX2X_FP_STATE_POLL_YIELD)
4194 +-#define BNX2X_FP_LOCKED (BNX2X_FP_OWNED | BNX2X_FP_STATE_DISABLED)
4195 +-#define BNX2X_FP_USER_PEND (BNX2X_FP_STATE_POLL | BNX2X_FP_STATE_POLL_YIELD)
4196 +- /* protect state */
4197 +- spinlock_t lock;
4198 +-#endif /* CONFIG_NET_RX_BUSY_POLL */
4199 ++ unsigned long busy_poll_state;
4200 ++#endif
4201 +
4202 + union host_hc_status_block status_blk;
4203 + /* chip independent shortcuts into sb structure */
4204 +@@ -619,104 +607,83 @@ struct bnx2x_fastpath {
4205 + #define bnx2x_fp_qstats(bp, fp) (&((bp)->fp_stats[(fp)->index].eth_q_stats))
4206 +
4207 + #ifdef CONFIG_NET_RX_BUSY_POLL
4208 +-static inline void bnx2x_fp_init_lock(struct bnx2x_fastpath *fp)
4209 ++
4210 ++enum bnx2x_fp_state {
4211 ++ BNX2X_STATE_FP_NAPI = BIT(0), /* NAPI handler owns the queue */
4212 ++
4213 ++ BNX2X_STATE_FP_NAPI_REQ_BIT = 1, /* NAPI would like to own the queue */
4214 ++ BNX2X_STATE_FP_NAPI_REQ = BIT(1),
4215 ++
4216 ++ BNX2X_STATE_FP_POLL_BIT = 2,
4217 ++ BNX2X_STATE_FP_POLL = BIT(2), /* busy_poll owns the queue */
4218 ++
4219 ++ BNX2X_STATE_FP_DISABLE_BIT = 3, /* queue is dismantled */
4220 ++};
4221 ++
4222 ++static inline void bnx2x_fp_busy_poll_init(struct bnx2x_fastpath *fp)
4223 + {
4224 +- spin_lock_init(&fp->lock);
4225 +- fp->state = BNX2X_FP_STATE_IDLE;
4226 ++ WRITE_ONCE(fp->busy_poll_state, 0);
4227 + }
4228 +
4229 + /* called from the device poll routine to get ownership of a FP */
4230 + static inline bool bnx2x_fp_lock_napi(struct bnx2x_fastpath *fp)
4231 + {
4232 +- bool rc = true;
4233 +-
4234 +- spin_lock_bh(&fp->lock);
4235 +- if (fp->state & BNX2X_FP_LOCKED) {
4236 +- WARN_ON(fp->state & BNX2X_FP_STATE_NAPI);
4237 +- fp->state |= BNX2X_FP_STATE_NAPI_YIELD;
4238 +- rc = false;
4239 +- } else {
4240 +- /* we don't care if someone yielded */
4241 +- fp->state = BNX2X_FP_STATE_NAPI;
4242 ++ unsigned long prev, old = READ_ONCE(fp->busy_poll_state);
4243 ++
4244 ++ while (1) {
4245 ++ switch (old) {
4246 ++ case BNX2X_STATE_FP_POLL:
4247 ++ /* make sure bnx2x_fp_lock_poll() wont starve us */
4248 ++ set_bit(BNX2X_STATE_FP_NAPI_REQ_BIT,
4249 ++ &fp->busy_poll_state);
4250 ++ /* fallthrough */
4251 ++ case BNX2X_STATE_FP_POLL | BNX2X_STATE_FP_NAPI_REQ:
4252 ++ return false;
4253 ++ default:
4254 ++ break;
4255 ++ }
4256 ++ prev = cmpxchg(&fp->busy_poll_state, old, BNX2X_STATE_FP_NAPI);
4257 ++ if (unlikely(prev != old)) {
4258 ++ old = prev;
4259 ++ continue;
4260 ++ }
4261 ++ return true;
4262 + }
4263 +- spin_unlock_bh(&fp->lock);
4264 +- return rc;
4265 + }
4266 +
4267 +-/* returns true is someone tried to get the FP while napi had it */
4268 +-static inline bool bnx2x_fp_unlock_napi(struct bnx2x_fastpath *fp)
4269 ++static inline void bnx2x_fp_unlock_napi(struct bnx2x_fastpath *fp)
4270 + {
4271 +- bool rc = false;
4272 +-
4273 +- spin_lock_bh(&fp->lock);
4274 +- WARN_ON(fp->state &
4275 +- (BNX2X_FP_STATE_POLL | BNX2X_FP_STATE_NAPI_YIELD));
4276 +-
4277 +- if (fp->state & BNX2X_FP_STATE_POLL_YIELD)
4278 +- rc = true;
4279 +-
4280 +- /* state ==> idle, unless currently disabled */
4281 +- fp->state &= BNX2X_FP_STATE_DISABLED;
4282 +- spin_unlock_bh(&fp->lock);
4283 +- return rc;
4284 ++ smp_wmb();
4285 ++ fp->busy_poll_state = 0;
4286 + }
4287 +
4288 + /* called from bnx2x_low_latency_poll() */
4289 + static inline bool bnx2x_fp_lock_poll(struct bnx2x_fastpath *fp)
4290 + {
4291 +- bool rc = true;
4292 +-
4293 +- spin_lock_bh(&fp->lock);
4294 +- if ((fp->state & BNX2X_FP_LOCKED)) {
4295 +- fp->state |= BNX2X_FP_STATE_POLL_YIELD;
4296 +- rc = false;
4297 +- } else {
4298 +- /* preserve yield marks */
4299 +- fp->state |= BNX2X_FP_STATE_POLL;
4300 +- }
4301 +- spin_unlock_bh(&fp->lock);
4302 +- return rc;
4303 ++ return cmpxchg(&fp->busy_poll_state, 0, BNX2X_STATE_FP_POLL) == 0;
4304 + }
4305 +
4306 +-/* returns true if someone tried to get the FP while it was locked */
4307 +-static inline bool bnx2x_fp_unlock_poll(struct bnx2x_fastpath *fp)
4308 ++static inline void bnx2x_fp_unlock_poll(struct bnx2x_fastpath *fp)
4309 + {
4310 +- bool rc = false;
4311 +-
4312 +- spin_lock_bh(&fp->lock);
4313 +- WARN_ON(fp->state & BNX2X_FP_STATE_NAPI);
4314 +-
4315 +- if (fp->state & BNX2X_FP_STATE_POLL_YIELD)
4316 +- rc = true;
4317 +-
4318 +- /* state ==> idle, unless currently disabled */
4319 +- fp->state &= BNX2X_FP_STATE_DISABLED;
4320 +- spin_unlock_bh(&fp->lock);
4321 +- return rc;
4322 ++ smp_mb__before_atomic();
4323 ++ clear_bit(BNX2X_STATE_FP_POLL_BIT, &fp->busy_poll_state);
4324 + }
4325 +
4326 +-/* true if a socket is polling, even if it did not get the lock */
4327 ++/* true if a socket is polling */
4328 + static inline bool bnx2x_fp_ll_polling(struct bnx2x_fastpath *fp)
4329 + {
4330 +- WARN_ON(!(fp->state & BNX2X_FP_OWNED));
4331 +- return fp->state & BNX2X_FP_USER_PEND;
4332 ++ return READ_ONCE(fp->busy_poll_state) & BNX2X_STATE_FP_POLL;
4333 + }
4334 +
4335 + /* false if fp is currently owned */
4336 + static inline bool bnx2x_fp_ll_disable(struct bnx2x_fastpath *fp)
4337 + {
4338 +- int rc = true;
4339 +-
4340 +- spin_lock_bh(&fp->lock);
4341 +- if (fp->state & BNX2X_FP_OWNED)
4342 +- rc = false;
4343 +- fp->state |= BNX2X_FP_STATE_DISABLED;
4344 +- spin_unlock_bh(&fp->lock);
4345 ++ set_bit(BNX2X_STATE_FP_DISABLE_BIT, &fp->busy_poll_state);
4346 ++ return !bnx2x_fp_ll_polling(fp);
4347 +
4348 +- return rc;
4349 + }
4350 + #else
4351 +-static inline void bnx2x_fp_init_lock(struct bnx2x_fastpath *fp)
4352 ++static inline void bnx2x_fp_busy_poll_init(struct bnx2x_fastpath *fp)
4353 + {
4354 + }
4355 +
4356 +@@ -725,9 +692,8 @@ static inline bool bnx2x_fp_lock_napi(struct bnx2x_fastpath *fp)
4357 + return true;
4358 + }
4359 +
4360 +-static inline bool bnx2x_fp_unlock_napi(struct bnx2x_fastpath *fp)
4361 ++static inline void bnx2x_fp_unlock_napi(struct bnx2x_fastpath *fp)
4362 + {
4363 +- return false;
4364 + }
4365 +
4366 + static inline bool bnx2x_fp_lock_poll(struct bnx2x_fastpath *fp)
4367 +@@ -735,9 +701,8 @@ static inline bool bnx2x_fp_lock_poll(struct bnx2x_fastpath *fp)
4368 + return false;
4369 + }
4370 +
4371 +-static inline bool bnx2x_fp_unlock_poll(struct bnx2x_fastpath *fp)
4372 ++static inline void bnx2x_fp_unlock_poll(struct bnx2x_fastpath *fp)
4373 + {
4374 +- return false;
4375 + }
4376 +
4377 + static inline bool bnx2x_fp_ll_polling(struct bnx2x_fastpath *fp)
4378 +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
4379 +index e468ed3..2b8e8b2 100644
4380 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
4381 ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
4382 +@@ -1849,7 +1849,7 @@ static void bnx2x_napi_enable_cnic(struct bnx2x *bp)
4383 + int i;
4384 +
4385 + for_each_rx_queue_cnic(bp, i) {
4386 +- bnx2x_fp_init_lock(&bp->fp[i]);
4387 ++ bnx2x_fp_busy_poll_init(&bp->fp[i]);
4388 + napi_enable(&bnx2x_fp(bp, i, napi));
4389 + }
4390 + }
4391 +@@ -1859,7 +1859,7 @@ static void bnx2x_napi_enable(struct bnx2x *bp)
4392 + int i;
4393 +
4394 + for_each_eth_queue(bp, i) {
4395 +- bnx2x_fp_init_lock(&bp->fp[i]);
4396 ++ bnx2x_fp_busy_poll_init(&bp->fp[i]);
4397 + napi_enable(&bnx2x_fp(bp, i, napi));
4398 + }
4399 + }
4400 +@@ -3191,9 +3191,10 @@ static int bnx2x_poll(struct napi_struct *napi, int budget)
4401 + }
4402 + }
4403 +
4404 ++ bnx2x_fp_unlock_napi(fp);
4405 ++
4406 + /* Fall out from the NAPI loop if needed */
4407 +- if (!bnx2x_fp_unlock_napi(fp) &&
4408 +- !(bnx2x_has_rx_work(fp) || bnx2x_has_tx_work(fp))) {
4409 ++ if (!(bnx2x_has_rx_work(fp) || bnx2x_has_tx_work(fp))) {
4410 +
4411 + /* No need to update SB for FCoE L2 ring as long as
4412 + * it's connected to the default SB and the SB
4413 +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
4414 +index 96bf01b..05ae126 100644
4415 +--- a/drivers/net/ethernet/broadcom/tg3.c
4416 ++++ b/drivers/net/ethernet/broadcom/tg3.c
4417 +@@ -17868,8 +17868,10 @@ static int tg3_init_one(struct pci_dev *pdev,
4418 + */
4419 + if ((tr32(HOSTCC_MODE) & HOSTCC_MODE_ENABLE) ||
4420 + (tr32(WDMAC_MODE) & WDMAC_MODE_ENABLE)) {
4421 ++ tg3_full_lock(tp, 0);
4422 + tw32(MEMARB_MODE, MEMARB_MODE_ENABLE);
4423 + tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
4424 ++ tg3_full_unlock(tp);
4425 + }
4426 +
4427 + err = tg3_test_dma(tp);
4428 +diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c
4429 +index 5c93d14..9842bf9 100644
4430 +--- a/drivers/net/ethernet/mellanox/mlx4/cmd.c
4431 ++++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c
4432 +@@ -585,7 +585,8 @@ static int mlx4_cmd_wait(struct mlx4_dev *dev, u64 in_param, u64 *out_param,
4433 + * on the host, we deprecate the error message for this
4434 + * specific command/input_mod/opcode_mod/fw-status to be debug.
4435 + */
4436 +- if (op == MLX4_CMD_SET_PORT && in_modifier == 1 &&
4437 ++ if (op == MLX4_CMD_SET_PORT &&
4438 ++ (in_modifier == 1 || in_modifier == 2) &&
4439 + op_modifier == 0 && context->fw_status == CMD_STAT_BAD_SIZE)
4440 + mlx4_dbg(dev, "command 0x%x failed: fw status = 0x%x\n",
4441 + op, context->fw_status);
4442 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
4443 +index ac6a8f1..2617c9d 100644
4444 +--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
4445 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
4446 +@@ -2627,13 +2627,6 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
4447 + netif_carrier_off(dev);
4448 + mlx4_en_set_default_moderation(priv);
4449 +
4450 +- err = register_netdev(dev);
4451 +- if (err) {
4452 +- en_err(priv, "Netdev registration failed for port %d\n", port);
4453 +- goto out;
4454 +- }
4455 +- priv->registered = 1;
4456 +-
4457 + en_warn(priv, "Using %d TX rings\n", prof->tx_ring_num);
4458 + en_warn(priv, "Using %d RX rings\n", prof->rx_ring_num);
4459 +
4460 +@@ -2673,6 +2666,14 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
4461 + queue_delayed_work(mdev->workqueue, &priv->service_task,
4462 + SERVICE_TASK_DELAY);
4463 +
4464 ++ err = register_netdev(dev);
4465 ++ if (err) {
4466 ++ en_err(priv, "Netdev registration failed for port %d\n", port);
4467 ++ goto out;
4468 ++ }
4469 ++
4470 ++ priv->registered = 1;
4471 ++
4472 + return 0;
4473 +
4474 + out:
4475 +diff --git a/drivers/net/ethernet/rocker/rocker.c b/drivers/net/ethernet/rocker/rocker.c
4476 +index 2f398fa..24c0284 100644
4477 +--- a/drivers/net/ethernet/rocker/rocker.c
4478 ++++ b/drivers/net/ethernet/rocker/rocker.c
4479 +@@ -4305,10 +4305,16 @@ static int rocker_port_master_changed(struct net_device *dev)
4480 + struct net_device *master = netdev_master_upper_dev_get(dev);
4481 + int err = 0;
4482 +
4483 ++ /* There are currently three cases handled here:
4484 ++ * 1. Joining a bridge
4485 ++ * 2. Leaving a previously joined bridge
4486 ++ * 3. Other, e.g. being added to or removed from a bond or openvswitch,
4487 ++ * in which case nothing is done
4488 ++ */
4489 + if (master && master->rtnl_link_ops &&
4490 + !strcmp(master->rtnl_link_ops->kind, "bridge"))
4491 + err = rocker_port_bridge_join(rocker_port, master);
4492 +- else
4493 ++ else if (rocker_port_is_bridged(rocker_port))
4494 + err = rocker_port_bridge_leave(rocker_port);
4495 +
4496 + return err;
4497 +diff --git a/drivers/net/tun.c b/drivers/net/tun.c
4498 +index 10f9e40..9a409a8 100644
4499 +--- a/drivers/net/tun.c
4500 ++++ b/drivers/net/tun.c
4501 +@@ -1368,7 +1368,7 @@ static ssize_t tun_do_read(struct tun_struct *tun, struct tun_file *tfile,
4502 + skb = __skb_recv_datagram(tfile->socket.sk, noblock ? MSG_DONTWAIT : 0,
4503 + &peeked, &off, &err);
4504 + if (!skb)
4505 +- return 0;
4506 ++ return err;
4507 +
4508 + ret = tun_put_user(tun, tfile, skb, to);
4509 + if (unlikely(ret < 0))
4510 +diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c
4511 +index 5c55f11..75d6f26 100644
4512 +--- a/drivers/net/usb/asix_common.c
4513 ++++ b/drivers/net/usb/asix_common.c
4514 +@@ -188,6 +188,8 @@ struct sk_buff *asix_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
4515 + memcpy(skb_tail_pointer(skb), &padbytes, sizeof(padbytes));
4516 + skb_put(skb, sizeof(padbytes));
4517 + }
4518 ++
4519 ++ usbnet_set_skb_tx_stats(skb, 1, 0);
4520 + return skb;
4521 + }
4522 +
4523 +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
4524 +index 80a844e..c3e4da9 100644
4525 +--- a/drivers/net/usb/cdc_ncm.c
4526 ++++ b/drivers/net/usb/cdc_ncm.c
4527 +@@ -1172,17 +1172,17 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign)
4528 +
4529 + /* return skb */
4530 + ctx->tx_curr_skb = NULL;
4531 +- dev->net->stats.tx_packets += ctx->tx_curr_frame_num;
4532 +
4533 + /* keep private stats: framing overhead and number of NTBs */
4534 + ctx->tx_overhead += skb_out->len - ctx->tx_curr_frame_payload;
4535 + ctx->tx_ntbs++;
4536 +
4537 +- /* usbnet has already counted all the framing overhead.
4538 ++ /* usbnet will count all the framing overhead by default.
4539 + * Adjust the stats so that the tx_bytes counter show real
4540 + * payload data instead.
4541 + */
4542 +- dev->net->stats.tx_bytes -= skb_out->len - ctx->tx_curr_frame_payload;
4543 ++ usbnet_set_skb_tx_stats(skb_out, n,
4544 ++ ctx->tx_curr_frame_payload - skb_out->len);
4545 +
4546 + return skb_out;
4547 +
4548 +diff --git a/drivers/net/usb/sr9800.c b/drivers/net/usb/sr9800.c
4549 +index b94a0fb..953de13 100644
4550 +--- a/drivers/net/usb/sr9800.c
4551 ++++ b/drivers/net/usb/sr9800.c
4552 +@@ -144,6 +144,7 @@ static struct sk_buff *sr_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
4553 + skb_put(skb, sizeof(padbytes));
4554 + }
4555 +
4556 ++ usbnet_set_skb_tx_stats(skb, 1, 0);
4557 + return skb;
4558 + }
4559 +
4560 +diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
4561 +index 3a6770a..e7ed251 100644
4562 +--- a/drivers/net/usb/usbnet.c
4563 ++++ b/drivers/net/usb/usbnet.c
4564 +@@ -1189,8 +1189,7 @@ static void tx_complete (struct urb *urb)
4565 + struct usbnet *dev = entry->dev;
4566 +
4567 + if (urb->status == 0) {
4568 +- if (!(dev->driver_info->flags & FLAG_MULTI_PACKET))
4569 +- dev->net->stats.tx_packets++;
4570 ++ dev->net->stats.tx_packets += entry->packets;
4571 + dev->net->stats.tx_bytes += entry->length;
4572 + } else {
4573 + dev->net->stats.tx_errors++;
4574 +@@ -1348,7 +1347,19 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
4575 + } else
4576 + urb->transfer_flags |= URB_ZERO_PACKET;
4577 + }
4578 +- entry->length = urb->transfer_buffer_length = length;
4579 ++ urb->transfer_buffer_length = length;
4580 ++
4581 ++ if (info->flags & FLAG_MULTI_PACKET) {
4582 ++ /* Driver has set number of packets and a length delta.
4583 ++ * Calculate the complete length and ensure that it's
4584 ++ * positive.
4585 ++ */
4586 ++ entry->length += length;
4587 ++ if (WARN_ON_ONCE(entry->length <= 0))
4588 ++ entry->length = length;
4589 ++ } else {
4590 ++ usbnet_set_skb_tx_stats(skb, 1, length);
4591 ++ }
4592 +
4593 + spin_lock_irqsave(&dev->txq.lock, flags);
4594 + retval = usb_autopm_get_interface_async(dev->intf);
4595 +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
4596 +index a8c755d..6c83846 100644
4597 +--- a/drivers/net/vxlan.c
4598 ++++ b/drivers/net/vxlan.c
4599 +@@ -1578,12 +1578,6 @@ static int vxlan6_xmit_skb(struct vxlan_sock *vs,
4600 + int err;
4601 + bool udp_sum = !udp_get_no_check6_tx(vs->sock->sk);
4602 +
4603 +- skb = udp_tunnel_handle_offloads(skb, udp_sum);
4604 +- if (IS_ERR(skb)) {
4605 +- err = -EINVAL;
4606 +- goto err;
4607 +- }
4608 +-
4609 + skb_scrub_packet(skb, xnet);
4610 +
4611 + min_headroom = LL_RESERVED_SPACE(dst->dev) + dst->header_len
4612 +@@ -1603,6 +1597,12 @@ static int vxlan6_xmit_skb(struct vxlan_sock *vs,
4613 + goto err;
4614 + }
4615 +
4616 ++ skb = udp_tunnel_handle_offloads(skb, udp_sum);
4617 ++ if (IS_ERR(skb)) {
4618 ++ err = -EINVAL;
4619 ++ goto err;
4620 ++ }
4621 ++
4622 + vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
4623 + vxh->vx_flags = htonl(VXLAN_FLAGS);
4624 + vxh->vx_vni = vni;
4625 +@@ -1628,10 +1628,6 @@ int vxlan_xmit_skb(struct vxlan_sock *vs,
4626 + int err;
4627 + bool udp_sum = !vs->sock->sk->sk_no_check_tx;
4628 +
4629 +- skb = udp_tunnel_handle_offloads(skb, udp_sum);
4630 +- if (IS_ERR(skb))
4631 +- return PTR_ERR(skb);
4632 +-
4633 + min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
4634 + + VXLAN_HLEN + sizeof(struct iphdr)
4635 + + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
4636 +@@ -1647,6 +1643,10 @@ int vxlan_xmit_skb(struct vxlan_sock *vs,
4637 + if (WARN_ON(!skb))
4638 + return -ENOMEM;
4639 +
4640 ++ skb = udp_tunnel_handle_offloads(skb, udp_sum);
4641 ++ if (IS_ERR(skb))
4642 ++ return PTR_ERR(skb);
4643 ++
4644 + vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
4645 + vxh->vx_flags = htonl(VXLAN_FLAGS);
4646 + vxh->vx_vni = vni;
4647 +diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c
4648 +index a5186bb..8c45cf4 100644
4649 +--- a/drivers/net/wireless/rtlwifi/pci.c
4650 ++++ b/drivers/net/wireless/rtlwifi/pci.c
4651 +@@ -578,6 +578,13 @@ static void _rtl_pci_tx_isr(struct ieee80211_hw *hw, int prio)
4652 + else
4653 + entry = (u8 *)(&ring->desc[ring->idx]);
4654 +
4655 ++ if (rtlpriv->cfg->ops->get_available_desc &&
4656 ++ rtlpriv->cfg->ops->get_available_desc(hw, prio) <= 1) {
4657 ++ RT_TRACE(rtlpriv, (COMP_INTR | COMP_SEND), DBG_DMESG,
4658 ++ "no available desc!\n");
4659 ++ return;
4660 ++ }
4661 ++
4662 + if (!rtlpriv->cfg->ops->is_tx_desc_closed(hw, prio, ring->idx))
4663 + return;
4664 + ring->idx = (ring->idx + 1) % ring->entries;
4665 +@@ -641,10 +648,9 @@ static void _rtl_pci_tx_isr(struct ieee80211_hw *hw, int prio)
4666 +
4667 + ieee80211_tx_status_irqsafe(hw, skb);
4668 +
4669 +- if ((ring->entries - skb_queue_len(&ring->queue))
4670 +- == 2) {
4671 ++ if ((ring->entries - skb_queue_len(&ring->queue)) <= 4) {
4672 +
4673 +- RT_TRACE(rtlpriv, COMP_ERR, DBG_LOUD,
4674 ++ RT_TRACE(rtlpriv, COMP_ERR, DBG_DMESG,
4675 + "more desc left, wake skb_queue@%d, ring->idx = %d, skb_queue_len = 0x%x\n",
4676 + prio, ring->idx,
4677 + skb_queue_len(&ring->queue));
4678 +@@ -793,7 +799,7 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
4679 + rx_remained_cnt =
4680 + rtlpriv->cfg->ops->rx_desc_buff_remained_cnt(hw,
4681 + hw_queue);
4682 +- if (rx_remained_cnt < 1)
4683 ++ if (rx_remained_cnt == 0)
4684 + return;
4685 +
4686 + } else { /* rx descriptor */
4687 +@@ -845,18 +851,18 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
4688 + else
4689 + skb_reserve(skb, stats.rx_drvinfo_size +
4690 + stats.rx_bufshift);
4691 +-
4692 + } else {
4693 + RT_TRACE(rtlpriv, COMP_ERR, DBG_WARNING,
4694 + "skb->end - skb->tail = %d, len is %d\n",
4695 + skb->end - skb->tail, len);
4696 +- break;
4697 ++ dev_kfree_skb_any(skb);
4698 ++ goto new_trx_end;
4699 + }
4700 + /* handle command packet here */
4701 + if (rtlpriv->cfg->ops->rx_command_packet &&
4702 + rtlpriv->cfg->ops->rx_command_packet(hw, stats, skb)) {
4703 + dev_kfree_skb_any(skb);
4704 +- goto end;
4705 ++ goto new_trx_end;
4706 + }
4707 +
4708 + /*
4709 +@@ -906,6 +912,7 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
4710 + } else {
4711 + dev_kfree_skb_any(skb);
4712 + }
4713 ++new_trx_end:
4714 + if (rtlpriv->use_new_trx_flow) {
4715 + rtlpci->rx_ring[hw_queue].next_rx_rp += 1;
4716 + rtlpci->rx_ring[hw_queue].next_rx_rp %=
4717 +@@ -921,7 +928,6 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
4718 + rtlpriv->enter_ps = false;
4719 + schedule_work(&rtlpriv->works.lps_change_work);
4720 + }
4721 +-end:
4722 + skb = new_skb;
4723 + no_new:
4724 + if (rtlpriv->use_new_trx_flow) {
4725 +@@ -1695,6 +1701,15 @@ static int rtl_pci_tx(struct ieee80211_hw *hw,
4726 + }
4727 + }
4728 +
4729 ++ if (rtlpriv->cfg->ops->get_available_desc &&
4730 ++ rtlpriv->cfg->ops->get_available_desc(hw, hw_queue) == 0) {
4731 ++ RT_TRACE(rtlpriv, COMP_ERR, DBG_WARNING,
4732 ++ "get_available_desc fail\n");
4733 ++ spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock,
4734 ++ flags);
4735 ++ return skb->len;
4736 ++ }
4737 ++
4738 + if (ieee80211_is_data_qos(fc)) {
4739 + tid = rtl_get_tid(skb);
4740 + if (sta) {
4741 +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
4742 +index 9b5a7d5..c31c6bf 100644
4743 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
4744 ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
4745 +@@ -113,8 +113,6 @@ int rtl92ee_init_sw_vars(struct ieee80211_hw *hw)
4746 + RCR_HTC_LOC_CTRL |
4747 + RCR_AMF |
4748 + RCR_ACF |
4749 +- RCR_ADF |
4750 +- RCR_AICV |
4751 + RCR_ACRC32 |
4752 + RCR_AB |
4753 + RCR_AM |
4754 +@@ -241,6 +239,7 @@ static struct rtl_hal_ops rtl8192ee_hal_ops = {
4755 + .set_desc = rtl92ee_set_desc,
4756 + .get_desc = rtl92ee_get_desc,
4757 + .is_tx_desc_closed = rtl92ee_is_tx_desc_closed,
4758 ++ .get_available_desc = rtl92ee_get_available_desc,
4759 + .tx_polling = rtl92ee_tx_polling,
4760 + .enable_hw_sec = rtl92ee_enable_hw_security_config,
4761 + .set_key = rtl92ee_set_key,
4762 +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
4763 +index 0069004..1f6d160 100644
4764 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
4765 ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
4766 +@@ -707,7 +707,7 @@ static u16 get_desc_addr_fr_q_idx(u16 queue_index)
4767 + return desc_address;
4768 + }
4769 +
4770 +-void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
4771 ++u16 rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
4772 + {
4773 + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
4774 + struct rtl_priv *rtlpriv = rtl_priv(hw);
4775 +@@ -721,11 +721,12 @@ void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
4776 + current_tx_write_point = (u16)((tmp_4byte) & 0x0fff);
4777 +
4778 + point_diff = ((current_tx_read_point > current_tx_write_point) ?
4779 +- (current_tx_read_point - current_tx_write_point) :
4780 +- (TX_DESC_NUM_92E - current_tx_write_point +
4781 ++ (current_tx_read_point - current_tx_write_point - 1) :
4782 ++ (TX_DESC_NUM_92E - 1 - current_tx_write_point +
4783 + current_tx_read_point));
4784 +
4785 + rtlpci->tx_ring[q_idx].avl_desc = point_diff;
4786 ++ return point_diff;
4787 + }
4788 +
4789 + void rtl92ee_pre_fill_tx_bd_desc(struct ieee80211_hw *hw,
4790 +diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
4791 +index 8effef9..b489dd9 100644
4792 +--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
4793 ++++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
4794 +@@ -831,7 +831,7 @@ void rtl92ee_rx_check_dma_ok(struct ieee80211_hw *hw, u8 *header_desc,
4795 + u8 queue_index);
4796 + u16 rtl92ee_rx_desc_buff_remained_cnt(struct ieee80211_hw *hw,
4797 + u8 queue_index);
4798 +-void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 queue_index);
4799 ++u16 rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 queue_index);
4800 + void rtl92ee_pre_fill_tx_bd_desc(struct ieee80211_hw *hw,
4801 + u8 *tx_bd_desc, u8 *desc, u8 queue_index,
4802 + struct sk_buff *skb, dma_addr_t addr);
4803 +diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h
4804 +index 6866dcf..27822fe 100644
4805 +--- a/drivers/net/wireless/rtlwifi/wifi.h
4806 ++++ b/drivers/net/wireless/rtlwifi/wifi.h
4807 +@@ -2161,6 +2161,7 @@ struct rtl_hal_ops {
4808 + void (*add_wowlan_pattern)(struct ieee80211_hw *hw,
4809 + struct rtl_wow_pattern *rtl_pattern,
4810 + u8 index);
4811 ++ u16 (*get_available_desc)(struct ieee80211_hw *hw, u8 q_idx);
4812 + };
4813 +
4814 + struct rtl_intf_ops {
4815 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
4816 +index d8c1076..76ce69c 100644
4817 +--- a/drivers/net/xen-netfront.c
4818 ++++ b/drivers/net/xen-netfront.c
4819 +@@ -1062,8 +1062,7 @@ err:
4820 +
4821 + static int xennet_change_mtu(struct net_device *dev, int mtu)
4822 + {
4823 +- int max = xennet_can_sg(dev) ?
4824 +- XEN_NETIF_MAX_TX_SIZE - MAX_TCP_HEADER : ETH_DATA_LEN;
4825 ++ int max = xennet_can_sg(dev) ? XEN_NETIF_MAX_TX_SIZE : ETH_DATA_LEN;
4826 +
4827 + if (mtu > max)
4828 + return -EINVAL;
4829 +@@ -1333,8 +1332,6 @@ static struct net_device *xennet_create_dev(struct xenbus_device *dev)
4830 + netdev->ethtool_ops = &xennet_ethtool_ops;
4831 + SET_NETDEV_DEV(netdev, &dev->dev);
4832 +
4833 +- netif_set_gso_max_size(netdev, XEN_NETIF_MAX_TX_SIZE - MAX_TCP_HEADER);
4834 +-
4835 + np->netdev = netdev;
4836 +
4837 + netif_carrier_off(netdev);
4838 +diff --git a/drivers/staging/comedi/drivers/adv_pci1710.c b/drivers/staging/comedi/drivers/adv_pci1710.c
4839 +index d02df7d..57b7bc2 100644
4840 +--- a/drivers/staging/comedi/drivers/adv_pci1710.c
4841 ++++ b/drivers/staging/comedi/drivers/adv_pci1710.c
4842 +@@ -455,7 +455,6 @@ static int pci171x_insn_read_ai(struct comedi_device *dev,
4843 + struct comedi_insn *insn, unsigned int *data)
4844 + {
4845 + struct pci1710_private *devpriv = dev->private;
4846 +- unsigned int chan = CR_CHAN(insn->chanspec);
4847 + int ret = 0;
4848 + int i;
4849 +
4850 +@@ -477,7 +476,7 @@ static int pci171x_insn_read_ai(struct comedi_device *dev,
4851 + break;
4852 +
4853 + val = inw(dev->iobase + PCI171x_AD_DATA);
4854 +- ret = pci171x_ai_dropout(dev, s, chan, val);
4855 ++ ret = pci171x_ai_dropout(dev, s, 0, val);
4856 + if (ret)
4857 + break;
4858 +
4859 +diff --git a/fs/exec.c b/fs/exec.c
4860 +index ad8798e..4617a4e 100644
4861 +--- a/fs/exec.c
4862 ++++ b/fs/exec.c
4863 +@@ -1259,6 +1259,53 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
4864 + spin_unlock(&p->fs->lock);
4865 + }
4866 +
4867 ++static void bprm_fill_uid(struct linux_binprm *bprm)
4868 ++{
4869 ++ struct inode *inode;
4870 ++ unsigned int mode;
4871 ++ kuid_t uid;
4872 ++ kgid_t gid;
4873 ++
4874 ++ /* clear any previous set[ug]id data from a previous binary */
4875 ++ bprm->cred->euid = current_euid();
4876 ++ bprm->cred->egid = current_egid();
4877 ++
4878 ++ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
4879 ++ return;
4880 ++
4881 ++ if (task_no_new_privs(current))
4882 ++ return;
4883 ++
4884 ++ inode = file_inode(bprm->file);
4885 ++ mode = READ_ONCE(inode->i_mode);
4886 ++ if (!(mode & (S_ISUID|S_ISGID)))
4887 ++ return;
4888 ++
4889 ++ /* Be careful if suid/sgid is set */
4890 ++ mutex_lock(&inode->i_mutex);
4891 ++
4892 ++ /* reload atomically mode/uid/gid now that lock held */
4893 ++ mode = inode->i_mode;
4894 ++ uid = inode->i_uid;
4895 ++ gid = inode->i_gid;
4896 ++ mutex_unlock(&inode->i_mutex);
4897 ++
4898 ++ /* We ignore suid/sgid if there are no mappings for them in the ns */
4899 ++ if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
4900 ++ !kgid_has_mapping(bprm->cred->user_ns, gid))
4901 ++ return;
4902 ++
4903 ++ if (mode & S_ISUID) {
4904 ++ bprm->per_clear |= PER_CLEAR_ON_SETID;
4905 ++ bprm->cred->euid = uid;
4906 ++ }
4907 ++
4908 ++ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
4909 ++ bprm->per_clear |= PER_CLEAR_ON_SETID;
4910 ++ bprm->cred->egid = gid;
4911 ++ }
4912 ++}
4913 ++
4914 + /*
4915 + * Fill the binprm structure from the inode.
4916 + * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
4917 +@@ -1267,36 +1314,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
4918 + */
4919 + int prepare_binprm(struct linux_binprm *bprm)
4920 + {
4921 +- struct inode *inode = file_inode(bprm->file);
4922 +- umode_t mode = inode->i_mode;
4923 + int retval;
4924 +
4925 +-
4926 +- /* clear any previous set[ug]id data from a previous binary */
4927 +- bprm->cred->euid = current_euid();
4928 +- bprm->cred->egid = current_egid();
4929 +-
4930 +- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
4931 +- !task_no_new_privs(current) &&
4932 +- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
4933 +- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
4934 +- /* Set-uid? */
4935 +- if (mode & S_ISUID) {
4936 +- bprm->per_clear |= PER_CLEAR_ON_SETID;
4937 +- bprm->cred->euid = inode->i_uid;
4938 +- }
4939 +-
4940 +- /* Set-gid? */
4941 +- /*
4942 +- * If setgid is set but no group execute bit then this
4943 +- * is a candidate for mandatory locking, not a setgid
4944 +- * executable.
4945 +- */
4946 +- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
4947 +- bprm->per_clear |= PER_CLEAR_ON_SETID;
4948 +- bprm->cred->egid = inode->i_gid;
4949 +- }
4950 +- }
4951 ++ bprm_fill_uid(bprm);
4952 +
4953 + /* fill in binprm security blob */
4954 + retval = security_bprm_set_creds(bprm);
4955 +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
4956 +index 431b7fc..e235ec5 100644
4957 +--- a/include/linux/hugetlb.h
4958 ++++ b/include/linux/hugetlb.h
4959 +@@ -99,9 +99,9 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep);
4960 + struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
4961 + int write);
4962 + struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4963 +- pmd_t *pmd, int write);
4964 ++ pmd_t *pmd, int flags);
4965 + struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,
4966 +- pud_t *pud, int write);
4967 ++ pud_t *pud, int flags);
4968 + int pmd_huge(pmd_t pmd);
4969 + int pud_huge(pud_t pmd);
4970 + unsigned long hugetlb_change_protection(struct vm_area_struct *vma,
4971 +@@ -133,8 +133,8 @@ static inline void hugetlb_report_meminfo(struct seq_file *m)
4972 + static inline void hugetlb_show_meminfo(void)
4973 + {
4974 + }
4975 +-#define follow_huge_pmd(mm, addr, pmd, write) NULL
4976 +-#define follow_huge_pud(mm, addr, pud, write) NULL
4977 ++#define follow_huge_pmd(mm, addr, pmd, flags) NULL
4978 ++#define follow_huge_pud(mm, addr, pud, flags) NULL
4979 + #define prepare_hugepage_range(file, addr, len) (-EINVAL)
4980 + #define pmd_huge(x) 0
4981 + #define pud_huge(x) 0
4982 +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
4983 +index 52fd8e8..840fb7f 100644
4984 +--- a/include/linux/netdevice.h
4985 ++++ b/include/linux/netdevice.h
4986 +@@ -2159,6 +2159,12 @@ void netdev_freemem(struct net_device *dev);
4987 + void synchronize_net(void);
4988 + int init_dummy_netdev(struct net_device *dev);
4989 +
4990 ++DECLARE_PER_CPU(int, xmit_recursion);
4991 ++static inline int dev_recursion_level(void)
4992 ++{
4993 ++ return this_cpu_read(xmit_recursion);
4994 ++}
4995 ++
4996 + struct net_device *dev_get_by_index(struct net *net, int ifindex);
4997 + struct net_device *__dev_get_by_index(struct net *net, int ifindex);
4998 + struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex);
4999 +diff --git a/include/linux/swapops.h b/include/linux/swapops.h
5000 +index 6adfb7b..e288d5c 100644
5001 +--- a/include/linux/swapops.h
5002 ++++ b/include/linux/swapops.h
5003 +@@ -137,6 +137,8 @@ static inline void make_migration_entry_read(swp_entry_t *entry)
5004 + *entry = swp_entry(SWP_MIGRATION_READ, swp_offset(*entry));
5005 + }
5006 +
5007 ++extern void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
5008 ++ spinlock_t *ptl);
5009 + extern void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd,
5010 + unsigned long address);
5011 + extern void migration_entry_wait_huge(struct vm_area_struct *vma,
5012 +@@ -150,6 +152,8 @@ static inline int is_migration_entry(swp_entry_t swp)
5013 + }
5014 + #define migration_entry_to_page(swp) NULL
5015 + static inline void make_migration_entry_read(swp_entry_t *entryp) { }
5016 ++static inline void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
5017 ++ spinlock_t *ptl) { }
5018 + static inline void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd,
5019 + unsigned long address) { }
5020 + static inline void migration_entry_wait_huge(struct vm_area_struct *vma,
5021 +diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h
5022 +index d9a4905..6e0ce8c 100644
5023 +--- a/include/linux/usb/usbnet.h
5024 ++++ b/include/linux/usb/usbnet.h
5025 +@@ -227,9 +227,23 @@ struct skb_data { /* skb->cb is one of these */
5026 + struct urb *urb;
5027 + struct usbnet *dev;
5028 + enum skb_state state;
5029 +- size_t length;
5030 ++ long length;
5031 ++ unsigned long packets;
5032 + };
5033 +
5034 ++/* Drivers that set FLAG_MULTI_PACKET must call this in their
5035 ++ * tx_fixup method before returning an skb.
5036 ++ */
5037 ++static inline void
5038 ++usbnet_set_skb_tx_stats(struct sk_buff *skb,
5039 ++ unsigned long packets, long bytes_delta)
5040 ++{
5041 ++ struct skb_data *entry = (struct skb_data *) skb->cb;
5042 ++
5043 ++ entry->packets = packets;
5044 ++ entry->length = bytes_delta;
5045 ++}
5046 ++
5047 + extern int usbnet_open(struct net_device *net);
5048 + extern int usbnet_stop(struct net_device *net);
5049 + extern netdev_tx_t usbnet_start_xmit(struct sk_buff *skb,
5050 +diff --git a/include/net/ip.h b/include/net/ip.h
5051 +index 09cf5ae..c0c26c3 100644
5052 +--- a/include/net/ip.h
5053 ++++ b/include/net/ip.h
5054 +@@ -453,22 +453,6 @@ static __inline__ void inet_reset_saddr(struct sock *sk)
5055 +
5056 + #endif
5057 +
5058 +-static inline int sk_mc_loop(struct sock *sk)
5059 +-{
5060 +- if (!sk)
5061 +- return 1;
5062 +- switch (sk->sk_family) {
5063 +- case AF_INET:
5064 +- return inet_sk(sk)->mc_loop;
5065 +-#if IS_ENABLED(CONFIG_IPV6)
5066 +- case AF_INET6:
5067 +- return inet6_sk(sk)->mc_loop;
5068 +-#endif
5069 +- }
5070 +- WARN_ON(1);
5071 +- return 1;
5072 +-}
5073 +-
5074 + bool ip_call_ra_chain(struct sk_buff *skb);
5075 +
5076 + /*
5077 +diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
5078 +index 1d09b46..eda131d 100644
5079 +--- a/include/net/ip6_route.h
5080 ++++ b/include/net/ip6_route.h
5081 +@@ -174,7 +174,8 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
5082 +
5083 + static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
5084 + {
5085 +- struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
5086 ++ struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
5087 ++ inet6_sk(skb->sk) : NULL;
5088 +
5089 + return (np && np->pmtudisc >= IPV6_PMTUDISC_PROBE) ?
5090 + skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb));
5091 +diff --git a/include/net/sock.h b/include/net/sock.h
5092 +index 2210fec..45b54d3 100644
5093 +--- a/include/net/sock.h
5094 ++++ b/include/net/sock.h
5095 +@@ -1812,6 +1812,8 @@ struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie);
5096 +
5097 + struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie);
5098 +
5099 ++bool sk_mc_loop(struct sock *sk);
5100 ++
5101 + static inline bool sk_can_gso(const struct sock *sk)
5102 + {
5103 + return net_gso_ok(sk->sk_route_caps, sk->sk_gso_type);
5104 +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
5105 +index a28e09c..36508e6 100644
5106 +--- a/kernel/bpf/verifier.c
5107 ++++ b/kernel/bpf/verifier.c
5108 +@@ -1380,7 +1380,8 @@ peek_stack:
5109 + /* tell verifier to check for equivalent states
5110 + * after every call and jump
5111 + */
5112 +- env->explored_states[t + 1] = STATE_LIST_MARK;
5113 ++ if (t + 1 < insn_cnt)
5114 ++ env->explored_states[t + 1] = STATE_LIST_MARK;
5115 + } else {
5116 + /* conditional jump with two edges */
5117 + ret = push_insn(t, t + 1, FALLTHROUGH, env);
5118 +diff --git a/mm/gup.c b/mm/gup.c
5119 +index 9b2afbf..e29c374 100644
5120 +--- a/mm/gup.c
5121 ++++ b/mm/gup.c
5122 +@@ -167,10 +167,10 @@ struct page *follow_page_mask(struct vm_area_struct *vma,
5123 + if (pud_none(*pud))
5124 + return no_page_table(vma, flags);
5125 + if (pud_huge(*pud) && vma->vm_flags & VM_HUGETLB) {
5126 +- if (flags & FOLL_GET)
5127 +- return NULL;
5128 +- page = follow_huge_pud(mm, address, pud, flags & FOLL_WRITE);
5129 +- return page;
5130 ++ page = follow_huge_pud(mm, address, pud, flags);
5131 ++ if (page)
5132 ++ return page;
5133 ++ return no_page_table(vma, flags);
5134 + }
5135 + if (unlikely(pud_bad(*pud)))
5136 + return no_page_table(vma, flags);
5137 +@@ -179,19 +179,10 @@ struct page *follow_page_mask(struct vm_area_struct *vma,
5138 + if (pmd_none(*pmd))
5139 + return no_page_table(vma, flags);
5140 + if (pmd_huge(*pmd) && vma->vm_flags & VM_HUGETLB) {
5141 +- page = follow_huge_pmd(mm, address, pmd, flags & FOLL_WRITE);
5142 +- if (flags & FOLL_GET) {
5143 +- /*
5144 +- * Refcount on tail pages are not well-defined and
5145 +- * shouldn't be taken. The caller should handle a NULL
5146 +- * return when trying to follow tail pages.
5147 +- */
5148 +- if (PageHead(page))
5149 +- get_page(page);
5150 +- else
5151 +- page = NULL;
5152 +- }
5153 +- return page;
5154 ++ page = follow_huge_pmd(mm, address, pmd, flags);
5155 ++ if (page)
5156 ++ return page;
5157 ++ return no_page_table(vma, flags);
5158 + }
5159 + if ((flags & FOLL_NUMA) && pmd_numa(*pmd))
5160 + return no_page_table(vma, flags);
5161 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
5162 +index 267e419..a2bfd02 100644
5163 +--- a/mm/hugetlb.c
5164 ++++ b/mm/hugetlb.c
5165 +@@ -3700,44 +3700,64 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
5166 + return (pte_t *) pmd;
5167 + }
5168 +
5169 +-struct page *
5170 +-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
5171 +- pmd_t *pmd, int write)
5172 +-{
5173 +- struct page *page;
5174 ++#endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */
5175 +
5176 +- if (!pmd_present(*pmd))
5177 +- return NULL;
5178 +- page = pte_page(*(pte_t *)pmd);
5179 +- if (page)
5180 +- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
5181 +- return page;
5182 ++/*
5183 ++ * These functions are overwritable if your architecture needs its own
5184 ++ * behavior.
5185 ++ */
5186 ++struct page * __weak
5187 ++follow_huge_addr(struct mm_struct *mm, unsigned long address,
5188 ++ int write)
5189 ++{
5190 ++ return ERR_PTR(-EINVAL);
5191 + }
5192 +
5193 +-struct page *
5194 +-follow_huge_pud(struct mm_struct *mm, unsigned long address,
5195 +- pud_t *pud, int write)
5196 ++struct page * __weak
5197 ++follow_huge_pmd(struct mm_struct *mm, unsigned long address,
5198 ++ pmd_t *pmd, int flags)
5199 + {
5200 +- struct page *page;
5201 +-
5202 +- page = pte_page(*(pte_t *)pud);
5203 +- if (page)
5204 +- page += ((address & ~PUD_MASK) >> PAGE_SHIFT);
5205 ++ struct page *page = NULL;
5206 ++ spinlock_t *ptl;
5207 ++retry:
5208 ++ ptl = pmd_lockptr(mm, pmd);
5209 ++ spin_lock(ptl);
5210 ++ /*
5211 ++ * make sure that the address range covered by this pmd is not
5212 ++ * unmapped from other threads.
5213 ++ */
5214 ++ if (!pmd_huge(*pmd))
5215 ++ goto out;
5216 ++ if (pmd_present(*pmd)) {
5217 ++ page = pte_page(*(pte_t *)pmd) +
5218 ++ ((address & ~PMD_MASK) >> PAGE_SHIFT);
5219 ++ if (flags & FOLL_GET)
5220 ++ get_page(page);
5221 ++ } else {
5222 ++ if (is_hugetlb_entry_migration(huge_ptep_get((pte_t *)pmd))) {
5223 ++ spin_unlock(ptl);
5224 ++ __migration_entry_wait(mm, (pte_t *)pmd, ptl);
5225 ++ goto retry;
5226 ++ }
5227 ++ /*
5228 ++ * hwpoisoned entry is treated as no_page_table in
5229 ++ * follow_page_mask().
5230 ++ */
5231 ++ }
5232 ++out:
5233 ++ spin_unlock(ptl);
5234 + return page;
5235 + }
5236 +
5237 +-#else /* !CONFIG_ARCH_WANT_GENERAL_HUGETLB */
5238 +-
5239 +-/* Can be overriden by architectures */
5240 + struct page * __weak
5241 + follow_huge_pud(struct mm_struct *mm, unsigned long address,
5242 +- pud_t *pud, int write)
5243 ++ pud_t *pud, int flags)
5244 + {
5245 +- BUG();
5246 +- return NULL;
5247 +-}
5248 ++ if (flags & FOLL_GET)
5249 ++ return NULL;
5250 +
5251 +-#endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */
5252 ++ return pte_page(*(pte_t *)pud) + ((address & ~PUD_MASK) >> PAGE_SHIFT);
5253 ++}
5254 +
5255 + #ifdef CONFIG_MEMORY_FAILURE
5256 +
5257 +diff --git a/mm/migrate.c b/mm/migrate.c
5258 +index 344cdf6..be6d1ed 100644
5259 +--- a/mm/migrate.c
5260 ++++ b/mm/migrate.c
5261 +@@ -229,7 +229,7 @@ static void remove_migration_ptes(struct page *old, struct page *new)
5262 + * get to the page and wait until migration is finished.
5263 + * When we return from this function the fault will be retried.
5264 + */
5265 +-static void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
5266 ++void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
5267 + spinlock_t *ptl)
5268 + {
5269 + pte_t pte;
5270 +@@ -1268,7 +1268,8 @@ static int do_move_page_to_node_array(struct mm_struct *mm,
5271 + goto put_and_set;
5272 +
5273 + if (PageHuge(page)) {
5274 +- isolate_huge_page(page, &pagelist);
5275 ++ if (PageHead(page))
5276 ++ isolate_huge_page(page, &pagelist);
5277 + goto put_and_set;
5278 + }
5279 +
5280 +diff --git a/net/core/dev.c b/net/core/dev.c
5281 +index 4ff46f8..5dd905c 100644
5282 +--- a/net/core/dev.c
5283 ++++ b/net/core/dev.c
5284 +@@ -2821,7 +2821,9 @@ static void skb_update_prio(struct sk_buff *skb)
5285 + #define skb_update_prio(skb)
5286 + #endif
5287 +
5288 +-static DEFINE_PER_CPU(int, xmit_recursion);
5289 ++DEFINE_PER_CPU(int, xmit_recursion);
5290 ++EXPORT_SYMBOL(xmit_recursion);
5291 ++
5292 + #define RECURSION_LIMIT 10
5293 +
5294 + /**
5295 +diff --git a/net/core/skbuff.c b/net/core/skbuff.c
5296 +index 62c67be..39c444c 100644
5297 +--- a/net/core/skbuff.c
5298 ++++ b/net/core/skbuff.c
5299 +@@ -4141,18 +4141,20 @@ EXPORT_SYMBOL(skb_try_coalesce);
5300 + */
5301 + void skb_scrub_packet(struct sk_buff *skb, bool xnet)
5302 + {
5303 +- if (xnet)
5304 +- skb_orphan(skb);
5305 + skb->tstamp.tv64 = 0;
5306 + skb->pkt_type = PACKET_HOST;
5307 + skb->skb_iif = 0;
5308 + skb->ignore_df = 0;
5309 + skb_dst_drop(skb);
5310 +- skb->mark = 0;
5311 +- skb_init_secmark(skb);
5312 + secpath_reset(skb);
5313 + nf_reset(skb);
5314 + nf_reset_trace(skb);
5315 ++
5316 ++ if (!xnet)
5317 ++ return;
5318 ++
5319 ++ skb_orphan(skb);
5320 ++ skb->mark = 0;
5321 + }
5322 + EXPORT_SYMBOL_GPL(skb_scrub_packet);
5323 +
5324 +diff --git a/net/core/sock.c b/net/core/sock.c
5325 +index 1c7a33d..a91f99f 100644
5326 +--- a/net/core/sock.c
5327 ++++ b/net/core/sock.c
5328 +@@ -651,6 +651,25 @@ static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
5329 + sock_reset_flag(sk, bit);
5330 + }
5331 +
5332 ++bool sk_mc_loop(struct sock *sk)
5333 ++{
5334 ++ if (dev_recursion_level())
5335 ++ return false;
5336 ++ if (!sk)
5337 ++ return true;
5338 ++ switch (sk->sk_family) {
5339 ++ case AF_INET:
5340 ++ return inet_sk(sk)->mc_loop;
5341 ++#if IS_ENABLED(CONFIG_IPV6)
5342 ++ case AF_INET6:
5343 ++ return inet6_sk(sk)->mc_loop;
5344 ++#endif
5345 ++ }
5346 ++ WARN_ON(1);
5347 ++ return true;
5348 ++}
5349 ++EXPORT_SYMBOL(sk_mc_loop);
5350 ++
5351 + /*
5352 + * This is meant for all protocols to use and covers goings on
5353 + * at the socket level. Everything here is generic.
5354 +diff --git a/net/ipv4/geneve.c b/net/ipv4/geneve.c
5355 +index 394a200..69711d8 100644
5356 +--- a/net/ipv4/geneve.c
5357 ++++ b/net/ipv4/geneve.c
5358 +@@ -121,10 +121,6 @@ int geneve_xmit_skb(struct geneve_sock *gs, struct rtable *rt,
5359 + int min_headroom;
5360 + int err;
5361 +
5362 +- skb = udp_tunnel_handle_offloads(skb, !gs->sock->sk->sk_no_check_tx);
5363 +- if (IS_ERR(skb))
5364 +- return PTR_ERR(skb);
5365 +-
5366 + min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
5367 + + GENEVE_BASE_HLEN + opt_len + sizeof(struct iphdr)
5368 + + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
5369 +@@ -139,6 +135,10 @@ int geneve_xmit_skb(struct geneve_sock *gs, struct rtable *rt,
5370 + if (unlikely(!skb))
5371 + return -ENOMEM;
5372 +
5373 ++ skb = udp_tunnel_handle_offloads(skb, !gs->sock->sk->sk_no_check_tx);
5374 ++ if (IS_ERR(skb))
5375 ++ return PTR_ERR(skb);
5376 ++
5377 + gnvh = (struct genevehdr *)__skb_push(skb, sizeof(*gnvh) + opt_len);
5378 + geneve_build_header(gnvh, tun_flags, vni, opt_len, opt);
5379 +
5380 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
5381 +index 075ab4d..08ccca6 100644
5382 +--- a/net/ipv4/tcp_input.c
5383 ++++ b/net/ipv4/tcp_input.c
5384 +@@ -3104,10 +3104,11 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
5385 + if (!first_ackt.v64)
5386 + first_ackt = last_ackt;
5387 +
5388 +- if (!(sacked & TCPCB_SACKED_ACKED))
5389 ++ if (!(sacked & TCPCB_SACKED_ACKED)) {
5390 + reord = min(pkts_acked, reord);
5391 +- if (!after(scb->end_seq, tp->high_seq))
5392 +- flag |= FLAG_ORIG_SACK_ACKED;
5393 ++ if (!after(scb->end_seq, tp->high_seq))
5394 ++ flag |= FLAG_ORIG_SACK_ACKED;
5395 ++ }
5396 + }
5397 +
5398 + if (sacked & TCPCB_SACKED_ACKED)
5399 +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
5400 +index d22f544..982347e 100644
5401 +--- a/net/ipv4/tcp_ipv4.c
5402 ++++ b/net/ipv4/tcp_ipv4.c
5403 +@@ -1516,7 +1516,7 @@ void tcp_v4_early_demux(struct sk_buff *skb)
5404 + skb->sk = sk;
5405 + skb->destructor = sock_edemux;
5406 + if (sk->sk_state != TCP_TIME_WAIT) {
5407 +- struct dst_entry *dst = sk->sk_rx_dst;
5408 ++ struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
5409 +
5410 + if (dst)
5411 + dst = dst_check(dst, 0);
5412 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
5413 +index 9790f39..9f29453 100644
5414 +--- a/net/ipv4/tcp_output.c
5415 ++++ b/net/ipv4/tcp_output.c
5416 +@@ -2931,6 +2931,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
5417 + }
5418 + #endif
5419 +
5420 ++ /* Do not fool tcpdump (if any), clean our debris */
5421 ++ skb->tstamp.tv64 = 0;
5422 + return skb;
5423 + }
5424 + EXPORT_SYMBOL(tcp_make_synack);
5425 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
5426 +index 3f5aa99..0bf56e5 100644
5427 +--- a/net/ipv6/ip6_output.c
5428 ++++ b/net/ipv6/ip6_output.c
5429 +@@ -541,7 +541,8 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
5430 + {
5431 + struct sk_buff *frag;
5432 + struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
5433 +- struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
5434 ++ struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
5435 ++ inet6_sk(skb->sk) : NULL;
5436 + struct ipv6hdr *tmp_hdr;
5437 + struct frag_hdr *fh;
5438 + unsigned int mtu, hlen, left, len;
5439 +diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
5440 +index 6828667..d375ce6 100644
5441 +--- a/net/ipv6/ndisc.c
5442 ++++ b/net/ipv6/ndisc.c
5443 +@@ -1216,7 +1216,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
5444 + if (rt)
5445 + rt6_set_expires(rt, jiffies + (HZ * lifetime));
5446 + if (ra_msg->icmph.icmp6_hop_limit) {
5447 +- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
5448 ++ /* Only set hop_limit on the interface if it is higher than
5449 ++ * the current hop_limit.
5450 ++ */
5451 ++ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
5452 ++ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
5453 ++ } else {
5454 ++ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
5455 ++ }
5456 + if (rt)
5457 + dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
5458 + ra_msg->icmph.icmp6_hop_limit);
5459 +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
5460 +index 9c0b54e..b899793 100644
5461 +--- a/net/ipv6/tcp_ipv6.c
5462 ++++ b/net/ipv6/tcp_ipv6.c
5463 +@@ -1409,6 +1409,15 @@ static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
5464 + TCP_SKB_CB(skb)->sacked = 0;
5465 + }
5466 +
5467 ++static void tcp_v6_restore_cb(struct sk_buff *skb)
5468 ++{
5469 ++ /* We need to move header back to the beginning if xfrm6_policy_check()
5470 ++ * and tcp_v6_fill_cb() are going to be called again.
5471 ++ */
5472 ++ memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
5473 ++ sizeof(struct inet6_skb_parm));
5474 ++}
5475 ++
5476 + static int tcp_v6_rcv(struct sk_buff *skb)
5477 + {
5478 + const struct tcphdr *th;
5479 +@@ -1541,6 +1550,7 @@ do_time_wait:
5480 + inet_twsk_deschedule(tw, &tcp_death_row);
5481 + inet_twsk_put(tw);
5482 + sk = sk2;
5483 ++ tcp_v6_restore_cb(skb);
5484 + goto process;
5485 + }
5486 + /* Fall through to ACK */
5487 +@@ -1549,6 +1559,7 @@ do_time_wait:
5488 + tcp_v6_timewait_ack(sk, skb);
5489 + break;
5490 + case TCP_TW_RST:
5491 ++ tcp_v6_restore_cb(skb);
5492 + goto no_tcp_socket;
5493 + case TCP_TW_SUCCESS:
5494 + ;
5495 +@@ -1583,7 +1594,7 @@ static void tcp_v6_early_demux(struct sk_buff *skb)
5496 + skb->sk = sk;
5497 + skb->destructor = sock_edemux;
5498 + if (sk->sk_state != TCP_TIME_WAIT) {
5499 +- struct dst_entry *dst = sk->sk_rx_dst;
5500 ++ struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
5501 +
5502 + if (dst)
5503 + dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
5504 +diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
5505 +index 2034c6d..296cc24 100644
5506 +--- a/net/openvswitch/vport.c
5507 ++++ b/net/openvswitch/vport.c
5508 +@@ -274,10 +274,8 @@ void ovs_vport_del(struct vport *vport)
5509 + ASSERT_OVSL();
5510 +
5511 + hlist_del_rcu(&vport->hash_node);
5512 +-
5513 +- vport->ops->destroy(vport);
5514 +-
5515 + module_put(vport->ops->owner);
5516 ++ vport->ops->destroy(vport);
5517 + }
5518 +
5519 + /**
5520
5521 diff --git a/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch b/3.19.6/4420_grsecurity-3.1-3.19.6-201504290821.patch
5522 similarity index 99%
5523 rename from 3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch
5524 rename to 3.19.6/4420_grsecurity-3.1-3.19.6-201504290821.patch
5525 index 2036ebb..68f5d26 100644
5526 --- a/3.19.5/4420_grsecurity-3.1-3.19.5-201504270827.patch
5527 +++ b/3.19.6/4420_grsecurity-3.1-3.19.6-201504290821.patch
5528 @@ -373,7 +373,7 @@ index 176d4fe..6eabd3c 100644
5529
5530 pcd. [PARIDE]
5531 diff --git a/Makefile b/Makefile
5532 -index 633b5f0..10aa54f 100644
5533 +index 65c7c87..abe7f93 100644
5534 --- a/Makefile
5535 +++ b/Makefile
5536 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
5537 @@ -5569,10 +5569,10 @@ index ba5ba7a..36e9d3a 100644
5538 /*
5539 * If for any reason at all we couldn't handle the fault, make
5540 diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
5541 -index 76069c1..c2aa816 100644
5542 +index 52b7604b..455cb85 100644
5543 --- a/arch/ia64/mm/hugetlbpage.c
5544 +++ b/arch/ia64/mm/hugetlbpage.c
5545 -@@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
5546 +@@ -143,6 +143,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
5547 unsigned long pgoff, unsigned long flags)
5548 {
5549 struct vm_unmapped_area_info info;
5550 @@ -5580,7 +5580,7 @@ index 76069c1..c2aa816 100644
5551
5552 if (len > RGN_MAP_LIMIT)
5553 return -ENOMEM;
5554 -@@ -172,6 +173,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
5555 +@@ -166,6 +167,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
5556 info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT;
5557 info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1);
5558 info.align_offset = 0;
5559 @@ -5692,10 +5692,10 @@ index d703d8e..a8e2d70 100644
5560
5561 #define smp_load_acquire(p) \
5562 diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
5563 -index 3c32075..ae0ae75 100644
5564 +index 7ca80ac..794ba72 100644
5565 --- a/arch/metag/mm/hugetlbpage.c
5566 +++ b/arch/metag/mm/hugetlbpage.c
5567 -@@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
5568 +@@ -194,6 +194,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
5569 info.high_limit = TASK_SIZE;
5570 info.align_mask = PAGE_MASK & HUGEPT_MASK;
5571 info.align_offset = 0;
5572 @@ -12237,7 +12237,7 @@ index 4798232..f76e3aa 100644
5573 * load/store/atomic was a write or not, it only says that there
5574 * was no match. So in such a case we (carefully) read the
5575 diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
5576 -index d329537..2c3746a 100644
5577 +index 4242eab..9ae6360 100644
5578 --- a/arch/sparc/mm/hugetlbpage.c
5579 +++ b/arch/sparc/mm/hugetlbpage.c
5580 @@ -25,8 +25,10 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
5581 @@ -12448,10 +12448,10 @@ index b6cde32..c0cb736 100644
5582 else
5583 copy_from_user_overflow();
5584 diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
5585 -index 3270e00..a77236e 100644
5586 +index 8416240..a012fb7 100644
5587 --- a/arch/tile/mm/hugetlbpage.c
5588 +++ b/arch/tile/mm/hugetlbpage.c
5589 -@@ -207,6 +207,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
5590 +@@ -179,6 +179,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
5591 info.high_limit = TASK_SIZE;
5592 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
5593 info.align_offset = 0;
5594 @@ -12459,7 +12459,7 @@ index 3270e00..a77236e 100644
5595 return vm_unmapped_area(&info);
5596 }
5597
5598 -@@ -224,6 +225,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5599 +@@ -196,6 +197,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5600 info.high_limit = current->mm->mmap_base;
5601 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
5602 info.align_offset = 0;
5603 @@ -28842,7 +28842,7 @@ index 41dd038..de331cf 100644
5604
5605 local_irq_disable();
5606 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
5607 -index d4c58d8..eaf2568 100644
5608 +index 3124464..2e42ec3 100644
5609 --- a/arch/x86/kvm/vmx.c
5610 +++ b/arch/x86/kvm/vmx.c
5611 @@ -1380,12 +1380,12 @@ static void vmcs_write64(unsigned long field, u64 value)
5612 @@ -28892,7 +28892,7 @@ index d4c58d8..eaf2568 100644
5613 {
5614 u64 host_tsc, tsc_offset;
5615
5616 -@@ -4252,7 +4260,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
5617 +@@ -4255,7 +4263,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
5618 unsigned long cr4;
5619
5620 vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
5621 @@ -28903,7 +28903,7 @@ index d4c58d8..eaf2568 100644
5622
5623 /* Save the most likely value for this task's CR4 in the VMCS. */
5624 cr4 = read_cr4();
5625 -@@ -4279,7 +4290,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
5626 +@@ -4282,7 +4293,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
5627 vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
5628 vmx->host_idt_base = dt.address;
5629
5630 @@ -28912,7 +28912,7 @@ index d4c58d8..eaf2568 100644
5631
5632 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
5633 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
5634 -@@ -5876,11 +5887,16 @@ static __init int hardware_setup(void)
5635 +@@ -5879,11 +5890,16 @@ static __init int hardware_setup(void)
5636 * page upon invalidation. No need to do anything if the
5637 * processor does not have the APIC_ACCESS_ADDR VMCS field.
5638 */
5639 @@ -28932,7 +28932,7 @@ index d4c58d8..eaf2568 100644
5640
5641 if (enable_ept && !cpu_has_vmx_ept_2m_page())
5642 kvm_disable_largepages();
5643 -@@ -5891,13 +5907,15 @@ static __init int hardware_setup(void)
5644 +@@ -5894,13 +5910,15 @@ static __init int hardware_setup(void)
5645 if (!cpu_has_vmx_apicv())
5646 enable_apicv = 0;
5647
5648 @@ -28952,7 +28952,7 @@ index d4c58d8..eaf2568 100644
5649
5650 if (nested)
5651 nested_vmx_setup_ctls_msrs();
5652 -@@ -7846,6 +7864,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5653 +@@ -7849,6 +7867,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5654 "jmp 2f \n\t"
5655 "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
5656 "2: "
5657 @@ -28965,7 +28965,7 @@ index d4c58d8..eaf2568 100644
5658 /* Save guest registers, load host registers, keep flags */
5659 "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
5660 "pop %0 \n\t"
5661 -@@ -7898,6 +7922,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5662 +@@ -7901,6 +7925,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5663 #endif
5664 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
5665 [wordsize]"i"(sizeof(ulong))
5666 @@ -28977,7 +28977,7 @@ index d4c58d8..eaf2568 100644
5667 : "cc", "memory"
5668 #ifdef CONFIG_X86_64
5669 , "rax", "rbx", "rdi", "rsi"
5670 -@@ -7911,7 +7940,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5671 +@@ -7914,7 +7943,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5672 if (debugctlmsr)
5673 update_debugctlmsr(debugctlmsr);
5674
5675 @@ -28986,7 +28986,7 @@ index d4c58d8..eaf2568 100644
5676 /*
5677 * The sysexit path does not restore ds/es, so we must set them to
5678 * a reasonable value ourselves.
5679 -@@ -7920,8 +7949,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5680 +@@ -7923,8 +7952,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5681 * may be executed in interrupt context, which saves and restore segments
5682 * around it, nullifying its effect.
5683 */
5684 @@ -32638,10 +32638,10 @@ index 4500142..53a363c 100644
5685
5686 return (void *)vaddr;
5687 diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
5688 -index 006cc91..bf05a83 100644
5689 +index 9161f76..cbc5124 100644
5690 --- a/arch/x86/mm/hugetlbpage.c
5691 +++ b/arch/x86/mm/hugetlbpage.c
5692 -@@ -86,23 +86,24 @@ int pud_huge(pud_t pud)
5693 +@@ -74,23 +74,24 @@ int pud_huge(pud_t pud)
5694 #ifdef CONFIG_HUGETLB_PAGE
5695 static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
5696 unsigned long addr, unsigned long len,
5697 @@ -32669,7 +32669,7 @@ index 006cc91..bf05a83 100644
5698 {
5699 struct hstate *h = hstate_file(file);
5700 struct vm_unmapped_area_info info;
5701 -@@ -114,6 +115,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5702 +@@ -102,6 +103,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5703 info.high_limit = current->mm->mmap_base;
5704 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
5705 info.align_offset = 0;
5706 @@ -32677,7 +32677,7 @@ index 006cc91..bf05a83 100644
5707 addr = vm_unmapped_area(&info);
5708
5709 /*
5710 -@@ -126,6 +128,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5711 +@@ -114,6 +116,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
5712 VM_BUG_ON(addr != -ENOMEM);
5713 info.flags = 0;
5714 info.low_limit = TASK_UNMAPPED_BASE;
5715 @@ -32690,7 +32690,7 @@ index 006cc91..bf05a83 100644
5716 info.high_limit = TASK_SIZE;
5717 addr = vm_unmapped_area(&info);
5718 }
5719 -@@ -140,10 +148,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
5720 +@@ -128,10 +136,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
5721 struct hstate *h = hstate_file(file);
5722 struct mm_struct *mm = current->mm;
5723 struct vm_area_struct *vma;
5724 @@ -32712,7 +32712,7 @@ index 006cc91..bf05a83 100644
5725 return -ENOMEM;
5726
5727 if (flags & MAP_FIXED) {
5728 -@@ -152,19 +170,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
5729 +@@ -140,19 +158,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
5730 return addr;
5731 }
5732
5733 @@ -48486,7 +48486,7 @@ index 2c087ef..4859007 100644
5734 };
5735
5736 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
5737 -index 10f9e40..3515e7e 100644
5738 +index 9a409a8..3d44477 100644
5739 --- a/drivers/net/tun.c
5740 +++ b/drivers/net/tun.c
5741 @@ -1425,7 +1425,7 @@ static int tun_validate(struct nlattr *tb[], struct nlattr *data[])
5742 @@ -48657,7 +48657,7 @@ index 0ad6c0c..4013638 100644
5743 #define VIRTNET_DRIVER_VERSION "1.0.0"
5744
5745 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
5746 -index a8c755d..a988b71 100644
5747 +index 6c83846..215144b 100644
5748 --- a/drivers/net/vxlan.c
5749 +++ b/drivers/net/vxlan.c
5750 @@ -2702,7 +2702,7 @@ nla_put_failure:
5751 @@ -60692,7 +60692,7 @@ index e4141f2..d8263e8 100644
5752 i += packet_length_size;
5753 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
5754 diff --git a/fs/exec.c b/fs/exec.c
5755 -index ad8798e..e3f50ec 100644
5756 +index 4617a4e..e3f50ec 100644
5757 --- a/fs/exec.c
5758 +++ b/fs/exec.c
5759 @@ -56,8 +56,20 @@
5760 @@ -61028,7 +61028,7 @@ index ad8798e..e3f50ec 100644
5761 if (likely(leader->exit_state))
5762 break;
5763 __set_current_state(TASK_KILLABLE);
5764 -@@ -1252,13 +1335,60 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
5765 +@@ -1252,7 +1335,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
5766 }
5767 rcu_read_unlock();
5768
5769 @@ -61037,98 +61037,7 @@ index ad8798e..e3f50ec 100644
5770 bprm->unsafe |= LSM_UNSAFE_SHARE;
5771 else
5772 p->fs->in_exec = 1;
5773 - spin_unlock(&p->fs->lock);
5774 - }
5775 -
5776 -+static void bprm_fill_uid(struct linux_binprm *bprm)
5777 -+{
5778 -+ struct inode *inode;
5779 -+ unsigned int mode;
5780 -+ kuid_t uid;
5781 -+ kgid_t gid;
5782 -+
5783 -+ /* clear any previous set[ug]id data from a previous binary */
5784 -+ bprm->cred->euid = current_euid();
5785 -+ bprm->cred->egid = current_egid();
5786 -+
5787 -+ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
5788 -+ return;
5789 -+
5790 -+ if (task_no_new_privs(current))
5791 -+ return;
5792 -+
5793 -+ inode = file_inode(bprm->file);
5794 -+ mode = READ_ONCE(inode->i_mode);
5795 -+ if (!(mode & (S_ISUID|S_ISGID)))
5796 -+ return;
5797 -+
5798 -+ /* Be careful if suid/sgid is set */
5799 -+ mutex_lock(&inode->i_mutex);
5800 -+
5801 -+ /* reload atomically mode/uid/gid now that lock held */
5802 -+ mode = inode->i_mode;
5803 -+ uid = inode->i_uid;
5804 -+ gid = inode->i_gid;
5805 -+ mutex_unlock(&inode->i_mutex);
5806 -+
5807 -+ /* We ignore suid/sgid if there are no mappings for them in the ns */
5808 -+ if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
5809 -+ !kgid_has_mapping(bprm->cred->user_ns, gid))
5810 -+ return;
5811 -+
5812 -+ if (mode & S_ISUID) {
5813 -+ bprm->per_clear |= PER_CLEAR_ON_SETID;
5814 -+ bprm->cred->euid = uid;
5815 -+ }
5816 -+
5817 -+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
5818 -+ bprm->per_clear |= PER_CLEAR_ON_SETID;
5819 -+ bprm->cred->egid = gid;
5820 -+ }
5821 -+}
5822 -+
5823 - /*
5824 - * Fill the binprm structure from the inode.
5825 - * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
5826 -@@ -1267,36 +1397,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
5827 - */
5828 - int prepare_binprm(struct linux_binprm *bprm)
5829 - {
5830 -- struct inode *inode = file_inode(bprm->file);
5831 -- umode_t mode = inode->i_mode;
5832 - int retval;
5833 -
5834 --
5835 -- /* clear any previous set[ug]id data from a previous binary */
5836 -- bprm->cred->euid = current_euid();
5837 -- bprm->cred->egid = current_egid();
5838 --
5839 -- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
5840 -- !task_no_new_privs(current) &&
5841 -- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
5842 -- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
5843 -- /* Set-uid? */
5844 -- if (mode & S_ISUID) {
5845 -- bprm->per_clear |= PER_CLEAR_ON_SETID;
5846 -- bprm->cred->euid = inode->i_uid;
5847 -- }
5848 --
5849 -- /* Set-gid? */
5850 -- /*
5851 -- * If setgid is set but no group execute bit then this
5852 -- * is a candidate for mandatory locking, not a setgid
5853 -- * executable.
5854 -- */
5855 -- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
5856 -- bprm->per_clear |= PER_CLEAR_ON_SETID;
5857 -- bprm->cred->egid = inode->i_gid;
5858 -- }
5859 -- }
5860 -+ bprm_fill_uid(bprm);
5861 -
5862 - /* fill in binprm security blob */
5863 - retval = security_bprm_set_creds(bprm);
5864 -@@ -1433,6 +1536,31 @@ static int exec_binprm(struct linux_binprm *bprm)
5865 +@@ -1453,6 +1536,31 @@ static int exec_binprm(struct linux_binprm *bprm)
5866 return ret;
5867 }
5868
5869 @@ -61160,7 +61069,7 @@ index ad8798e..e3f50ec 100644
5870 /*
5871 * sys_execve() executes a new program.
5872 */
5873 -@@ -1441,6 +1569,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5874 +@@ -1461,6 +1569,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5875 struct user_arg_ptr envp,
5876 int flags)
5877 {
5878 @@ -61172,7 +61081,7 @@ index ad8798e..e3f50ec 100644
5879 char *pathbuf = NULL;
5880 struct linux_binprm *bprm;
5881 struct file *file;
5882 -@@ -1450,6 +1583,8 @@ static int do_execveat_common(int fd, struct filename *filename,
5883 +@@ -1470,6 +1583,8 @@ static int do_execveat_common(int fd, struct filename *filename,
5884 if (IS_ERR(filename))
5885 return PTR_ERR(filename);
5886
5887 @@ -61181,7 +61090,7 @@ index ad8798e..e3f50ec 100644
5888 /*
5889 * We move the actual failure in case of RLIMIT_NPROC excess from
5890 * set*uid() to execve() because too many poorly written programs
5891 -@@ -1487,6 +1622,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5892 +@@ -1507,6 +1622,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5893 if (IS_ERR(file))
5894 goto out_unmark;
5895
5896 @@ -61193,7 +61102,7 @@ index ad8798e..e3f50ec 100644
5897 sched_exec();
5898
5899 bprm->file = file;
5900 -@@ -1513,6 +1653,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5901 +@@ -1533,6 +1653,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5902 }
5903 bprm->interp = bprm->filename;
5904
5905 @@ -61205,7 +61114,7 @@ index ad8798e..e3f50ec 100644
5906 retval = bprm_mm_init(bprm);
5907 if (retval)
5908 goto out_unmark;
5909 -@@ -1529,24 +1674,70 @@ static int do_execveat_common(int fd, struct filename *filename,
5910 +@@ -1549,24 +1674,70 @@ static int do_execveat_common(int fd, struct filename *filename,
5911 if (retval < 0)
5912 goto out;
5913
5914 @@ -61280,7 +61189,7 @@ index ad8798e..e3f50ec 100644
5915 current->fs->in_exec = 0;
5916 current->in_execve = 0;
5917 acct_update_integrals(current);
5918 -@@ -1558,6 +1749,14 @@ static int do_execveat_common(int fd, struct filename *filename,
5919 +@@ -1578,6 +1749,14 @@ static int do_execveat_common(int fd, struct filename *filename,
5920 put_files_struct(displaced);
5921 return retval;
5922
5923 @@ -61295,7 +61204,7 @@ index ad8798e..e3f50ec 100644
5924 out:
5925 if (bprm->mm) {
5926 acct_arg_size(bprm, 0);
5927 -@@ -1704,3 +1903,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
5928 +@@ -1724,3 +1903,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
5929 argv, envp, flags);
5930 }
5931 #endif
5932 @@ -84080,7 +83989,7 @@ index 17d8339..81656c0 100644
5933 struct iovec;
5934 struct kvec;
5935 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
5936 -index 52fd8e8..19430a1 100644
5937 +index 840fb7f..547ad02 100644
5938 --- a/include/linux/netdevice.h
5939 +++ b/include/linux/netdevice.h
5940 @@ -1191,6 +1191,7 @@ struct net_device_ops {
5941 @@ -86496,7 +86405,7 @@ index 80479ab..0c3f647 100644
5942 struct rcu_head rcu;
5943 struct inet_peer *gc_next;
5944 diff --git a/include/net/ip.h b/include/net/ip.h
5945 -index 09cf5ae..ab62fcf 100644
5946 +index c0c26c3..29f0420 100644
5947 --- a/include/net/ip.h
5948 +++ b/include/net/ip.h
5949 @@ -317,7 +317,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb)
5950 @@ -86937,7 +86846,7 @@ index 2bb2fcf..d17c291 100644
5951
5952 /* Structure to track chunk fragments that have been acked, but peer
5953 diff --git a/include/net/sock.h b/include/net/sock.h
5954 -index 2210fec..2249ad0 100644
5955 +index 45b54d3..10efeac 100644
5956 --- a/include/net/sock.h
5957 +++ b/include/net/sock.h
5958 @@ -362,7 +362,7 @@ struct sock {
5959 @@ -86976,7 +86885,7 @@ index 2210fec..2249ad0 100644
5960
5961 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
5962 {
5963 -@@ -1826,7 +1826,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
5964 +@@ -1828,7 +1828,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
5965 }
5966
5967 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
5968 @@ -86985,7 +86894,7 @@ index 2210fec..2249ad0 100644
5969 int copy, int offset)
5970 {
5971 if (skb->ip_summed == CHECKSUM_NONE) {
5972 -@@ -2075,7 +2075,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
5973 +@@ -2077,7 +2077,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
5974 }
5975 }
5976
5977 @@ -88423,20 +88332,6 @@ index 536edc2..d28c85d 100644
5978
5979 if (!access_ok(VERIFY_READ, uattr, 1))
5980 return -EFAULT;
5981 -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
5982 -index a28e09c..36508e6 100644
5983 ---- a/kernel/bpf/verifier.c
5984 -+++ b/kernel/bpf/verifier.c
5985 -@@ -1380,7 +1380,8 @@ peek_stack:
5986 - /* tell verifier to check for equivalent states
5987 - * after every call and jump
5988 - */
5989 -- env->explored_states[t + 1] = STATE_LIST_MARK;
5990 -+ if (t + 1 < insn_cnt)
5991 -+ env->explored_states[t + 1] = STATE_LIST_MARK;
5992 - } else {
5993 - /* conditional jump with two edges */
5994 - ret = push_insn(t, t + 1, FALLTHROUGH, env);
5995 diff --git a/kernel/capability.c b/kernel/capability.c
5996 index 989f5bf..d317ca0 100644
5997 --- a/kernel/capability.c
5998 @@ -95794,10 +95689,10 @@ index 2805d71..8b56e7d 100644
5999 * Make sure the vma is shared, that it supports prefaulting,
6000 * and that the remapped range is valid and fully within
6001 diff --git a/mm/gup.c b/mm/gup.c
6002 -index 9b2afbf..647297c 100644
6003 +index e29c374..66e998f 100644
6004 --- a/mm/gup.c
6005 +++ b/mm/gup.c
6006 -@@ -274,11 +274,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
6007 +@@ -265,11 +265,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
6008 unsigned int fault_flags = 0;
6009 int ret;
6010
6011 @@ -95809,7 +95704,7 @@ index 9b2afbf..647297c 100644
6012 if (*flags & FOLL_WRITE)
6013 fault_flags |= FAULT_FLAG_WRITE;
6014 if (nonblocking)
6015 -@@ -444,14 +439,14 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
6016 +@@ -435,14 +430,14 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
6017 if (!(gup_flags & FOLL_FORCE))
6018 gup_flags |= FOLL_NUMA;
6019
6020 @@ -95826,7 +95721,7 @@ index 9b2afbf..647297c 100644
6021 if (!vma && in_gate_area(mm, start)) {
6022 int ret;
6023 ret = get_gate_page(mm, start & PAGE_MASK,
6024 -@@ -463,7 +458,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
6025 +@@ -454,7 +449,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
6026 goto next_page;
6027 }
6028
6029 @@ -95835,7 +95730,7 @@ index 9b2afbf..647297c 100644
6030 return i ? : -EFAULT;
6031 if (is_vm_hugetlb_page(vma)) {
6032 i = follow_hugetlb_page(mm, vma, pages, vmas,
6033 -@@ -518,7 +513,7 @@ next_page:
6034 +@@ -509,7 +504,7 @@ next_page:
6035 i += page_increm;
6036 start += page_increm * PAGE_SIZE;
6037 nr_pages -= page_increm;
6038 @@ -95873,7 +95768,7 @@ index 123bcd3..0de52ba 100644
6039 set_page_address(page, (void *)vaddr);
6040
6041 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
6042 -index 267e419..394bed9 100644
6043 +index a2bfd02..2126298 100644
6044 --- a/mm/hugetlb.c
6045 +++ b/mm/hugetlb.c
6046 @@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
6047 @@ -97019,10 +96914,10 @@ index 0e0961b..c9143b9 100644
6048 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
6049
6050 diff --git a/mm/migrate.c b/mm/migrate.c
6051 -index 344cdf6..07399500 100644
6052 +index be6d1ed..d778cc1 100644
6053 --- a/mm/migrate.c
6054 +++ b/mm/migrate.c
6055 -@@ -1503,8 +1503,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
6056 +@@ -1504,8 +1504,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
6057 */
6058 tcred = __task_cred(task);
6059 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
6060 @@ -101731,7 +101626,7 @@ index df493d6..1145766 100644
6061
6062 return err;
6063 diff --git a/net/core/dev.c b/net/core/dev.c
6064 -index 4ff46f8..e877e78 100644
6065 +index 5dd905c..a95d262 100644
6066 --- a/net/core/dev.c
6067 +++ b/net/core/dev.c
6068 @@ -1680,14 +1680,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
6069 @@ -101751,7 +101646,7 @@ index 4ff46f8..e877e78 100644
6070 kfree_skb(skb);
6071 return NET_RX_DROP;
6072 }
6073 -@@ -2958,7 +2958,7 @@ recursion_alert:
6074 +@@ -2960,7 +2960,7 @@ recursion_alert:
6075 drop:
6076 rcu_read_unlock_bh();
6077
6078 @@ -101760,7 +101655,7 @@ index 4ff46f8..e877e78 100644
6079 kfree_skb_list(skb);
6080 return rc;
6081 out:
6082 -@@ -3301,7 +3301,7 @@ enqueue:
6083 +@@ -3303,7 +3303,7 @@ enqueue:
6084
6085 local_irq_restore(flags);
6086
6087 @@ -101769,7 +101664,7 @@ index 4ff46f8..e877e78 100644
6088 kfree_skb(skb);
6089 return NET_RX_DROP;
6090 }
6091 -@@ -3378,7 +3378,7 @@ int netif_rx_ni(struct sk_buff *skb)
6092 +@@ -3380,7 +3380,7 @@ int netif_rx_ni(struct sk_buff *skb)
6093 }
6094 EXPORT_SYMBOL(netif_rx_ni);
6095
6096 @@ -101778,7 +101673,7 @@ index 4ff46f8..e877e78 100644
6097 {
6098 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
6099
6100 -@@ -3711,7 +3711,7 @@ ncls:
6101 +@@ -3713,7 +3713,7 @@ ncls:
6102 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
6103 } else {
6104 drop:
6105 @@ -101787,7 +101682,7 @@ index 4ff46f8..e877e78 100644
6106 kfree_skb(skb);
6107 /* Jamal, now you will not able to escape explaining
6108 * me how you were going to use this. :-)
6109 -@@ -4599,7 +4599,7 @@ out_unlock:
6110 +@@ -4601,7 +4601,7 @@ out_unlock:
6111 return work;
6112 }
6113
6114 @@ -101796,7 +101691,7 @@ index 4ff46f8..e877e78 100644
6115 {
6116 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
6117 unsigned long time_limit = jiffies + 2;
6118 -@@ -6610,8 +6610,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
6119 +@@ -6612,8 +6612,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
6120 } else {
6121 netdev_stats_to_stats64(storage, &dev->stats);
6122 }
6123 @@ -102153,7 +102048,7 @@ index 3b6899b..cf36238 100644
6124 {
6125 struct socket *sock;
6126 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
6127 -index 62c67be..361c354 100644
6128 +index 39c444c..361c354 100644
6129 --- a/net/core/skbuff.c
6130 +++ b/net/core/skbuff.c
6131 @@ -2123,7 +2123,7 @@ EXPORT_SYMBOL(__skb_checksum);
6132 @@ -102182,33 +102077,8 @@ index 62c67be..361c354 100644
6133 NULL);
6134 }
6135
6136 -@@ -4141,18 +4143,20 @@ EXPORT_SYMBOL(skb_try_coalesce);
6137 - */
6138 - void skb_scrub_packet(struct sk_buff *skb, bool xnet)
6139 - {
6140 -- if (xnet)
6141 -- skb_orphan(skb);
6142 - skb->tstamp.tv64 = 0;
6143 - skb->pkt_type = PACKET_HOST;
6144 - skb->skb_iif = 0;
6145 - skb->ignore_df = 0;
6146 - skb_dst_drop(skb);
6147 -- skb->mark = 0;
6148 -- skb_init_secmark(skb);
6149 - secpath_reset(skb);
6150 - nf_reset(skb);
6151 - nf_reset_trace(skb);
6152 -+
6153 -+ if (!xnet)
6154 -+ return;
6155 -+
6156 -+ skb_orphan(skb);
6157 -+ skb->mark = 0;
6158 - }
6159 - EXPORT_SYMBOL_GPL(skb_scrub_packet);
6160 -
6161 diff --git a/net/core/sock.c b/net/core/sock.c
6162 -index 1c7a33d..a3817e2 100644
6163 +index a91f99f..603a20c 100644
6164 --- a/net/core/sock.c
6165 +++ b/net/core/sock.c
6166 @@ -441,7 +441,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
6167 @@ -102256,7 +102126,7 @@ index 1c7a33d..a3817e2 100644
6168 goto discard_and_relse;
6169 }
6170
6171 -@@ -888,6 +888,7 @@ set_rcvbuf:
6172 +@@ -907,6 +907,7 @@ set_rcvbuf:
6173 }
6174 break;
6175
6176 @@ -102264,7 +102134,7 @@ index 1c7a33d..a3817e2 100644
6177 case SO_ATTACH_BPF:
6178 ret = -EINVAL;
6179 if (optlen == sizeof(u32)) {
6180 -@@ -900,7 +901,7 @@ set_rcvbuf:
6181 +@@ -919,7 +920,7 @@ set_rcvbuf:
6182 ret = sk_attach_bpf(ufd, sk);
6183 }
6184 break;
6185 @@ -102273,7 +102143,7 @@ index 1c7a33d..a3817e2 100644
6186 case SO_DETACH_FILTER:
6187 ret = sk_detach_filter(sk);
6188 break;
6189 -@@ -1004,12 +1005,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6190 +@@ -1023,12 +1024,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6191 struct timeval tm;
6192 } v;
6193
6194 @@ -102289,7 +102159,7 @@ index 1c7a33d..a3817e2 100644
6195 return -EINVAL;
6196
6197 memset(&v, 0, sizeof(v));
6198 -@@ -1147,11 +1148,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6199 +@@ -1166,11 +1167,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6200
6201 case SO_PEERNAME:
6202 {
6203 @@ -102303,7 +102173,7 @@ index 1c7a33d..a3817e2 100644
6204 return -EINVAL;
6205 if (copy_to_user(optval, address, len))
6206 return -EFAULT;
6207 -@@ -1236,7 +1237,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6208 +@@ -1255,7 +1256,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
6209
6210 if (len > lv)
6211 len = lv;
6212 @@ -102312,7 +102182,7 @@ index 1c7a33d..a3817e2 100644
6213 return -EFAULT;
6214 lenout:
6215 if (put_user(len, optlen))
6216 -@@ -2349,7 +2350,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
6217 +@@ -2368,7 +2369,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
6218 */
6219 smp_wmb();
6220 atomic_set(&sk->sk_refcnt, 1);
6221 @@ -102321,7 +102191,7 @@ index 1c7a33d..a3817e2 100644
6222 }
6223 EXPORT_SYMBOL(sock_init_data);
6224
6225 -@@ -2477,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
6226 +@@ -2496,6 +2497,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
6227 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
6228 int level, int type)
6229 {
6230 @@ -102329,7 +102199,7 @@ index 1c7a33d..a3817e2 100644
6231 struct sock_exterr_skb *serr;
6232 struct sk_buff *skb;
6233 int copied, err;
6234 -@@ -2498,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
6235 +@@ -2517,7 +2519,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
6236 sock_recv_timestamp(msg, sk, skb);
6237
6238 serr = SKB_EXT_ERR(skb);
6239 @@ -103469,7 +103339,7 @@ index 3075723..aa6f6e5 100644
6240 mask |= POLLOUT | POLLWRNORM;
6241 }
6242 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
6243 -index 075ab4d..8d0580a 100644
6244 +index 08ccca6..28e7ce6 100644
6245 --- a/net/ipv4/tcp_input.c
6246 +++ b/net/ipv4/tcp_input.c
6247 @@ -766,7 +766,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
6248 @@ -103481,7 +103351,7 @@ index 075ab4d..8d0580a 100644
6249 sk->sk_max_pacing_rate);
6250 }
6251
6252 -@@ -4528,7 +4528,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
6253 +@@ -4529,7 +4529,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
6254 * simplifies code)
6255 */
6256 static void
6257 @@ -103490,7 +103360,7 @@ index 075ab4d..8d0580a 100644
6258 struct sk_buff *head, struct sk_buff *tail,
6259 u32 start, u32 end)
6260 {
6261 -@@ -4786,6 +4786,8 @@ static void tcp_check_space(struct sock *sk)
6262 +@@ -4787,6 +4787,8 @@ static void tcp_check_space(struct sock *sk)
6263 {
6264 if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) {
6265 sock_reset_flag(sk, SOCK_QUEUE_SHRUNK);
6266 @@ -103499,7 +103369,7 @@ index 075ab4d..8d0580a 100644
6267 if (sk->sk_socket &&
6268 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags))
6269 tcp_new_space(sk);
6270 -@@ -5506,6 +5508,7 @@ discard:
6271 +@@ -5507,6 +5509,7 @@ discard:
6272 tcp_paws_reject(&tp->rx_opt, 0))
6273 goto discard_and_undo;
6274
6275 @@ -103507,7 +103377,7 @@ index 075ab4d..8d0580a 100644
6276 if (th->syn) {
6277 /* We see SYN without ACK. It is attempt of
6278 * simultaneous connect with crossed SYNs.
6279 -@@ -5556,6 +5559,7 @@ discard:
6280 +@@ -5557,6 +5560,7 @@ discard:
6281 goto discard;
6282 #endif
6283 }
6284 @@ -103515,7 +103385,7 @@ index 075ab4d..8d0580a 100644
6285 /* "fifth, if neither of the SYN or RST bits is set then
6286 * drop the segment and return."
6287 */
6288 -@@ -5602,7 +5606,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6289 +@@ -5603,7 +5607,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6290 goto discard;
6291
6292 if (th->syn) {
6293 @@ -103525,7 +103395,7 @@ index 075ab4d..8d0580a 100644
6294 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
6295 return 1;
6296 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
6297 -index d22f544..62f6787 100644
6298 +index 982347e..aba8ca8 100644
6299 --- a/net/ipv4/tcp_ipv4.c
6300 +++ b/net/ipv4/tcp_ipv4.c
6301 @@ -89,6 +89,10 @@ int sysctl_tcp_tw_reuse __read_mostly;
6302 @@ -103610,19 +103480,6 @@ index 63d2680..2db9d6b 100644
6303 } else if (fastopen) { /* received a valid RST pkt */
6304 reqsk_fastopen_remove(sk, req, true);
6305 tcp_reset(sk);
6306 -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
6307 -index 9790f39..9f29453 100644
6308 ---- a/net/ipv4/tcp_output.c
6309 -+++ b/net/ipv4/tcp_output.c
6310 -@@ -2931,6 +2931,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
6311 - }
6312 - #endif
6313 -
6314 -+ /* Do not fool tcpdump (if any), clean our debris */
6315 -+ skb->tstamp.tv64 = 0;
6316 - return skb;
6317 - }
6318 - EXPORT_SYMBOL(tcp_make_synack);
6319 diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
6320 index ebf5ff5..4d1ff32 100644
6321 --- a/net/ipv4/tcp_probe.c
6322 @@ -104419,7 +104276,7 @@ index c5c10fa..2577d51 100644
6323 struct ctl_table *ipv6_icmp_table;
6324 int err;
6325 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
6326 -index 9c0b54e..5e7bd8f 100644
6327 +index b899793..b783604 100644
6328 --- a/net/ipv6/tcp_ipv6.c
6329 +++ b/net/ipv6/tcp_ipv6.c
6330 @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
6331 @@ -104443,7 +104300,7 @@ index 9c0b54e..5e7bd8f 100644
6332 tcp_v6_send_reset(sk, skb);
6333 discard:
6334 if (opt_skb)
6335 -@@ -1443,12 +1450,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
6336 +@@ -1452,12 +1459,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
6337
6338 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
6339 inet6_iif(skb));
6340 @@ -104466,7 +104323,7 @@ index 9c0b54e..5e7bd8f 100644
6341
6342 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
6343 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
6344 -@@ -1499,6 +1514,10 @@ csum_error:
6345 +@@ -1508,6 +1523,10 @@ csum_error:
6346 bad_packet:
6347 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
6348 } else {
6349 @@ -105631,10 +105488,10 @@ index 6a55f71..e88c937 100644
6350 };
6351
6352 diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
6353 -index 2034c6d..1a24f03 100644
6354 +index 296cc24..0f4115d 100644
6355 --- a/net/openvswitch/vport.c
6356 +++ b/net/openvswitch/vport.c
6357 -@@ -305,10 +305,10 @@ void ovs_vport_get_stats(struct vport *vport, struct ovs_vport_stats *stats)
6358 +@@ -303,10 +303,10 @@ void ovs_vport_get_stats(struct vport *vport, struct ovs_vport_stats *stats)
6359 * netdev-stats can be directly read over netlink-ioctl.
6360 */
6361
6362 @@ -105649,7 +105506,7 @@ index 2034c6d..1a24f03 100644
6363
6364 for_each_possible_cpu(i) {
6365 const struct pcpu_sw_netstats *percpu_stats;
6366 -@@ -539,19 +539,19 @@ static void ovs_vport_record_error(struct vport *vport,
6367 +@@ -537,19 +537,19 @@ static void ovs_vport_record_error(struct vport *vport,
6368 {
6369 switch (err_type) {
6370 case VPORT_E_RX_DROPPED:
6371
6372 diff --git a/3.14.39/4425_grsec_remove_EI_PAX.patch b/3.19.6/4425_grsec_remove_EI_PAX.patch
6373 similarity index 100%
6374 rename from 3.14.39/4425_grsec_remove_EI_PAX.patch
6375 rename to 3.19.6/4425_grsec_remove_EI_PAX.patch
6376
6377 diff --git a/3.19.5/4427_force_XATTR_PAX_tmpfs.patch b/3.19.6/4427_force_XATTR_PAX_tmpfs.patch
6378 similarity index 100%
6379 rename from 3.19.5/4427_force_XATTR_PAX_tmpfs.patch
6380 rename to 3.19.6/4427_force_XATTR_PAX_tmpfs.patch
6381
6382 diff --git a/3.14.39/4430_grsec-remove-localversion-grsec.patch b/3.19.6/4430_grsec-remove-localversion-grsec.patch
6383 similarity index 100%
6384 rename from 3.14.39/4430_grsec-remove-localversion-grsec.patch
6385 rename to 3.19.6/4430_grsec-remove-localversion-grsec.patch
6386
6387 diff --git a/3.19.5/4435_grsec-mute-warnings.patch b/3.19.6/4435_grsec-mute-warnings.patch
6388 similarity index 100%
6389 rename from 3.19.5/4435_grsec-mute-warnings.patch
6390 rename to 3.19.6/4435_grsec-mute-warnings.patch
6391
6392 diff --git a/3.14.39/4440_grsec-remove-protected-paths.patch b/3.19.6/4440_grsec-remove-protected-paths.patch
6393 similarity index 100%
6394 rename from 3.14.39/4440_grsec-remove-protected-paths.patch
6395 rename to 3.19.6/4440_grsec-remove-protected-paths.patch
6396
6397 diff --git a/3.19.5/4450_grsec-kconfig-default-gids.patch b/3.19.6/4450_grsec-kconfig-default-gids.patch
6398 similarity index 100%
6399 rename from 3.19.5/4450_grsec-kconfig-default-gids.patch
6400 rename to 3.19.6/4450_grsec-kconfig-default-gids.patch
6401
6402 diff --git a/3.19.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.19.6/4465_selinux-avc_audit-log-curr_ip.patch
6403 similarity index 100%
6404 rename from 3.19.5/4465_selinux-avc_audit-log-curr_ip.patch
6405 rename to 3.19.6/4465_selinux-avc_audit-log-curr_ip.patch
6406
6407 diff --git a/3.19.5/4470_disable-compat_vdso.patch b/3.19.6/4470_disable-compat_vdso.patch
6408 similarity index 100%
6409 rename from 3.19.5/4470_disable-compat_vdso.patch
6410 rename to 3.19.6/4470_disable-compat_vdso.patch
6411
6412 diff --git a/3.14.39/4475_emutramp_default_on.patch b/3.19.6/4475_emutramp_default_on.patch
6413 similarity index 100%
6414 rename from 3.14.39/4475_emutramp_default_on.patch
6415 rename to 3.19.6/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups