Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:3.10 commit in: /
Date: Fri, 27 Jun 2014 15:50:22
Message-Id: 1403883378.e3343d7f6f5479e70490352220546be9aad7f8cd.mpagano@gentoo
1 commit: e3343d7f6f5479e70490352220546be9aad7f8cd
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jun 27 15:36:18 2014 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Jun 27 15:36:18 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=e3343d7f
7
8 Adding linux patches 3.10.44 and 3.10.45
9
10 ---
11 0000_README | 8 +
12 1043_linux-3.10.44.patch | 755 +++++++++++++
13 1044_linux-3.10.45.patch | 2642 ++++++++++++++++++++++++++++++++++++++++++++++
14 3 files changed, 3405 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index d26e954..e9422c2 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -214,6 +214,14 @@ Patch: 1042_linux-3.10.43.patch
21 From: http://www.kernel.org
22 Desc: Linux 3.10.43
23
24 +Patch: 1043_linux-3.10.44.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 3.10.44
27 +
28 +Patch: 1044_linux-3.10.45.patch
29 +From: http://www.kernel.org
30 +Desc: Linux 3.10.45
31 +
32 Patch: 1500_XATTR_USER_PREFIX.patch
33 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
34 Desc: Support for namespace user.pax.* on tmpfs.
35
36 diff --git a/1043_linux-3.10.44.patch b/1043_linux-3.10.44.patch
37 new file mode 100644
38 index 0000000..e5cce8f
39 --- /dev/null
40 +++ b/1043_linux-3.10.44.patch
41 @@ -0,0 +1,755 @@
42 +diff --git a/Makefile b/Makefile
43 +index 9cf513828341..e55476c4aef0 100644
44 +--- a/Makefile
45 ++++ b/Makefile
46 +@@ -1,6 +1,6 @@
47 + VERSION = 3
48 + PATCHLEVEL = 10
49 +-SUBLEVEL = 43
50 ++SUBLEVEL = 44
51 + EXTRAVERSION =
52 + NAME = TOSSUG Baby Fish
53 +
54 +diff --git a/arch/arm/boot/dts/armada-xp-gp.dts b/arch/arm/boot/dts/armada-xp-gp.dts
55 +index 76db557adbe7..f97550420fcc 100644
56 +--- a/arch/arm/boot/dts/armada-xp-gp.dts
57 ++++ b/arch/arm/boot/dts/armada-xp-gp.dts
58 +@@ -124,7 +124,7 @@
59 + /* Device Bus parameters are required */
60 +
61 + /* Read parameters */
62 +- devbus,bus-width = <8>;
63 ++ devbus,bus-width = <16>;
64 + devbus,turn-off-ps = <60000>;
65 + devbus,badr-skew-ps = <0>;
66 + devbus,acc-first-ps = <124000>;
67 +diff --git a/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts b/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
68 +index fdea75c73411..9746d0e7fcb4 100644
69 +--- a/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
70 ++++ b/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
71 +@@ -152,7 +152,7 @@
72 + /* Device Bus parameters are required */
73 +
74 + /* Read parameters */
75 +- devbus,bus-width = <8>;
76 ++ devbus,bus-width = <16>;
77 + devbus,turn-off-ps = <60000>;
78 + devbus,badr-skew-ps = <0>;
79 + devbus,acc-first-ps = <124000>;
80 +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
81 +index 4942058402a4..b0d33d9533aa 100644
82 +--- a/drivers/ata/ahci.c
83 ++++ b/drivers/ata/ahci.c
84 +@@ -444,10 +444,14 @@ static const struct pci_device_id ahci_pci_tbl[] = {
85 + .driver_data = board_ahci_yes_fbs }, /* 88se9172 */
86 + { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x9192),
87 + .driver_data = board_ahci_yes_fbs }, /* 88se9172 on some Gigabyte */
88 ++ { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x91a0),
89 ++ .driver_data = board_ahci_yes_fbs },
90 + { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x91a3),
91 + .driver_data = board_ahci_yes_fbs },
92 + { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x9230),
93 + .driver_data = board_ahci_yes_fbs },
94 ++ { PCI_DEVICE(PCI_VENDOR_ID_TTI, 0x0642),
95 ++ .driver_data = board_ahci_yes_fbs },
96 +
97 + /* Promise */
98 + { PCI_VDEVICE(PROMISE, 0x3f20), board_ahci }, /* PDC42819 */
99 +diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
100 +index bae20f8bb034..144999918022 100644
101 +--- a/drivers/infiniband/ulp/isert/ib_isert.c
102 ++++ b/drivers/infiniband/ulp/isert/ib_isert.c
103 +@@ -382,6 +382,14 @@ isert_connect_request(struct rdma_cm_id *cma_id, struct rdma_cm_event *event)
104 + struct ib_device *ib_dev = cma_id->device;
105 + int ret = 0;
106 +
107 ++ spin_lock_bh(&np->np_thread_lock);
108 ++ if (!np->enabled) {
109 ++ spin_unlock_bh(&np->np_thread_lock);
110 ++ pr_debug("iscsi_np is not enabled, reject connect request\n");
111 ++ return rdma_reject(cma_id, NULL, 0);
112 ++ }
113 ++ spin_unlock_bh(&np->np_thread_lock);
114 ++
115 + pr_debug("Entering isert_connect_request cma_id: %p, context: %p\n",
116 + cma_id, cma_id->context);
117 +
118 +diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c
119 +index 1bf3f8b5ce3a..06311c5ada36 100644
120 +--- a/drivers/misc/mei/hw-me.c
121 ++++ b/drivers/misc/mei/hw-me.c
122 +@@ -183,6 +183,7 @@ static void mei_me_hw_reset(struct mei_device *dev, bool intr_enable)
123 + else
124 + hcsr &= ~H_IE;
125 +
126 ++ dev->recvd_hw_ready = false;
127 + mei_me_reg_write(hw, H_CSR, hcsr);
128 +
129 + if (dev->dev_state == MEI_DEV_POWER_DOWN)
130 +@@ -233,10 +234,7 @@ static bool mei_me_hw_is_ready(struct mei_device *dev)
131 + static int mei_me_hw_ready_wait(struct mei_device *dev)
132 + {
133 + int err;
134 +- if (mei_me_hw_is_ready(dev))
135 +- return 0;
136 +
137 +- dev->recvd_hw_ready = false;
138 + mutex_unlock(&dev->device_lock);
139 + err = wait_event_interruptible_timeout(dev->wait_hw_ready,
140 + dev->recvd_hw_ready,
141 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_cq.c b/drivers/net/ethernet/mellanox/mlx4/en_cq.c
142 +index 1e6c594d6d04..58c18d3a4880 100644
143 +--- a/drivers/net/ethernet/mellanox/mlx4/en_cq.c
144 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_cq.c
145 +@@ -55,7 +55,6 @@ int mlx4_en_create_cq(struct mlx4_en_priv *priv,
146 +
147 + cq->ring = ring;
148 + cq->is_tx = mode;
149 +- spin_lock_init(&cq->lock);
150 +
151 + err = mlx4_alloc_hwq_res(mdev->dev, &cq->wqres,
152 + cq->buf_size, 2 * PAGE_SIZE);
153 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
154 +index 89c47ea84b50..063f3f4d4867 100644
155 +--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
156 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
157 +@@ -1190,15 +1190,11 @@ static void mlx4_en_netpoll(struct net_device *dev)
158 + {
159 + struct mlx4_en_priv *priv = netdev_priv(dev);
160 + struct mlx4_en_cq *cq;
161 +- unsigned long flags;
162 + int i;
163 +
164 + for (i = 0; i < priv->rx_ring_num; i++) {
165 + cq = &priv->rx_cq[i];
166 +- spin_lock_irqsave(&cq->lock, flags);
167 +- napi_synchronize(&cq->napi);
168 +- mlx4_en_process_rx_cq(dev, cq, 0);
169 +- spin_unlock_irqrestore(&cq->lock, flags);
170 ++ napi_schedule(&cq->napi);
171 + }
172 + }
173 + #endif
174 +diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
175 +index b1d7657b2bf5..628e1f9355a8 100644
176 +--- a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
177 ++++ b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
178 +@@ -299,7 +299,6 @@ struct mlx4_en_cq {
179 + struct mlx4_cq mcq;
180 + struct mlx4_hwq_resources wqres;
181 + int ring;
182 +- spinlock_t lock;
183 + struct net_device *dev;
184 + struct napi_struct napi;
185 + int size;
186 +diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
187 +index 684cc343cf09..b52121358385 100644
188 +--- a/drivers/scsi/megaraid/megaraid_sas.h
189 ++++ b/drivers/scsi/megaraid/megaraid_sas.h
190 +@@ -1295,7 +1295,6 @@ struct megasas_instance {
191 + u32 *reply_queue;
192 + dma_addr_t reply_queue_h;
193 +
194 +- unsigned long base_addr;
195 + struct megasas_register_set __iomem *reg_set;
196 +
197 + struct megasas_pd_list pd_list[MEGASAS_MAX_PD];
198 +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
199 +index b3e5c1787876..4956c99ed90e 100644
200 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c
201 ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
202 +@@ -3461,6 +3461,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
203 + u32 max_sectors_1;
204 + u32 max_sectors_2;
205 + u32 tmp_sectors, msix_enable;
206 ++ resource_size_t base_addr;
207 + struct megasas_register_set __iomem *reg_set;
208 + struct megasas_ctrl_info *ctrl_info;
209 + unsigned long bar_list;
210 +@@ -3469,14 +3470,14 @@ static int megasas_init_fw(struct megasas_instance *instance)
211 + /* Find first memory bar */
212 + bar_list = pci_select_bars(instance->pdev, IORESOURCE_MEM);
213 + instance->bar = find_first_bit(&bar_list, sizeof(unsigned long));
214 +- instance->base_addr = pci_resource_start(instance->pdev, instance->bar);
215 + if (pci_request_selected_regions(instance->pdev, instance->bar,
216 + "megasas: LSI")) {
217 + printk(KERN_DEBUG "megasas: IO memory region busy!\n");
218 + return -EBUSY;
219 + }
220 +
221 +- instance->reg_set = ioremap_nocache(instance->base_addr, 8192);
222 ++ base_addr = pci_resource_start(instance->pdev, instance->bar);
223 ++ instance->reg_set = ioremap_nocache(base_addr, 8192);
224 +
225 + if (!instance->reg_set) {
226 + printk(KERN_DEBUG "megasas: Failed to map IO mem\n");
227 +diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
228 +index 58c479d13b57..68dbd88babbd 100644
229 +--- a/drivers/target/iscsi/iscsi_target.c
230 ++++ b/drivers/target/iscsi/iscsi_target.c
231 +@@ -460,6 +460,7 @@ int iscsit_del_np(struct iscsi_np *np)
232 + spin_lock_bh(&np->np_thread_lock);
233 + np->np_exports--;
234 + if (np->np_exports) {
235 ++ np->enabled = true;
236 + spin_unlock_bh(&np->np_thread_lock);
237 + return 0;
238 + }
239 +diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h
240 +index 8907dcdc0db9..e117870eb445 100644
241 +--- a/drivers/target/iscsi/iscsi_target_core.h
242 ++++ b/drivers/target/iscsi/iscsi_target_core.h
243 +@@ -760,6 +760,7 @@ struct iscsi_np {
244 + int np_ip_proto;
245 + int np_sock_type;
246 + enum np_thread_state_table np_thread_state;
247 ++ bool enabled;
248 + enum iscsi_timer_flags_table np_login_timer_flags;
249 + u32 np_exports;
250 + enum np_flags_table np_flags;
251 +diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
252 +index bc788c52b6cc..0d6c3dd25679 100644
253 +--- a/drivers/target/iscsi/iscsi_target_login.c
254 ++++ b/drivers/target/iscsi/iscsi_target_login.c
255 +@@ -250,6 +250,28 @@ static void iscsi_login_set_conn_values(
256 + mutex_unlock(&auth_id_lock);
257 + }
258 +
259 ++static __printf(2, 3) int iscsi_change_param_sprintf(
260 ++ struct iscsi_conn *conn,
261 ++ const char *fmt, ...)
262 ++{
263 ++ va_list args;
264 ++ unsigned char buf[64];
265 ++
266 ++ memset(buf, 0, sizeof buf);
267 ++
268 ++ va_start(args, fmt);
269 ++ vsnprintf(buf, sizeof buf, fmt, args);
270 ++ va_end(args);
271 ++
272 ++ if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
273 ++ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
274 ++ ISCSI_LOGIN_STATUS_NO_RESOURCES);
275 ++ return -1;
276 ++ }
277 ++
278 ++ return 0;
279 ++}
280 ++
281 + /*
282 + * This is the leading connection of a new session,
283 + * or session reinstatement.
284 +@@ -339,7 +361,6 @@ static int iscsi_login_zero_tsih_s2(
285 + {
286 + struct iscsi_node_attrib *na;
287 + struct iscsi_session *sess = conn->sess;
288 +- unsigned char buf[32];
289 + bool iser = false;
290 +
291 + sess->tpg = conn->tpg;
292 +@@ -380,26 +401,16 @@ static int iscsi_login_zero_tsih_s2(
293 + *
294 + * In our case, we have already located the struct iscsi_tiqn at this point.
295 + */
296 +- memset(buf, 0, 32);
297 +- sprintf(buf, "TargetPortalGroupTag=%hu", ISCSI_TPG_S(sess)->tpgt);
298 +- if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
299 +- iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
300 +- ISCSI_LOGIN_STATUS_NO_RESOURCES);
301 ++ if (iscsi_change_param_sprintf(conn, "TargetPortalGroupTag=%hu", sess->tpg->tpgt))
302 + return -1;
303 +- }
304 +
305 + /*
306 + * Workaround for Initiators that have broken connection recovery logic.
307 + *
308 + * "We would really like to get rid of this." Linux-iSCSI.org team
309 + */
310 +- memset(buf, 0, 32);
311 +- sprintf(buf, "ErrorRecoveryLevel=%d", na->default_erl);
312 +- if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
313 +- iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
314 +- ISCSI_LOGIN_STATUS_NO_RESOURCES);
315 ++ if (iscsi_change_param_sprintf(conn, "ErrorRecoveryLevel=%d", na->default_erl))
316 + return -1;
317 +- }
318 +
319 + if (iscsi_login_disable_FIM_keys(conn->param_list, conn) < 0)
320 + return -1;
321 +@@ -411,12 +422,9 @@ static int iscsi_login_zero_tsih_s2(
322 + unsigned long mrdsl, off;
323 + int rc;
324 +
325 +- sprintf(buf, "RDMAExtensions=Yes");
326 +- if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
327 +- iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
328 +- ISCSI_LOGIN_STATUS_NO_RESOURCES);
329 ++ if (iscsi_change_param_sprintf(conn, "RDMAExtensions=Yes"))
330 + return -1;
331 +- }
332 ++
333 + /*
334 + * Make MaxRecvDataSegmentLength PAGE_SIZE aligned for
335 + * Immediate Data + Unsolicitied Data-OUT if necessary..
336 +@@ -446,12 +454,8 @@ static int iscsi_login_zero_tsih_s2(
337 + pr_warn("Aligning ISER MaxRecvDataSegmentLength: %lu down"
338 + " to PAGE_SIZE\n", mrdsl);
339 +
340 +- sprintf(buf, "MaxRecvDataSegmentLength=%lu\n", mrdsl);
341 +- if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
342 +- iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
343 +- ISCSI_LOGIN_STATUS_NO_RESOURCES);
344 ++ if (iscsi_change_param_sprintf(conn, "MaxRecvDataSegmentLength=%lu\n", mrdsl))
345 + return -1;
346 +- }
347 + }
348 +
349 + return 0;
350 +@@ -984,6 +988,7 @@ int iscsi_target_setup_login_socket(
351 + }
352 +
353 + np->np_transport = t;
354 ++ np->enabled = true;
355 + return 0;
356 + }
357 +
358 +diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
359 +index f31b4c5cdf3f..75a4e83842c2 100644
360 +--- a/drivers/target/iscsi/iscsi_target_tpg.c
361 ++++ b/drivers/target/iscsi/iscsi_target_tpg.c
362 +@@ -175,13 +175,16 @@ void iscsit_put_tpg(struct iscsi_portal_group *tpg)
363 +
364 + static void iscsit_clear_tpg_np_login_thread(
365 + struct iscsi_tpg_np *tpg_np,
366 +- struct iscsi_portal_group *tpg)
367 ++ struct iscsi_portal_group *tpg,
368 ++ bool shutdown)
369 + {
370 + if (!tpg_np->tpg_np) {
371 + pr_err("struct iscsi_tpg_np->tpg_np is NULL!\n");
372 + return;
373 + }
374 +
375 ++ if (shutdown)
376 ++ tpg_np->tpg_np->enabled = false;
377 + iscsit_reset_np_thread(tpg_np->tpg_np, tpg_np, tpg);
378 + }
379 +
380 +@@ -197,7 +200,7 @@ void iscsit_clear_tpg_np_login_threads(
381 + continue;
382 + }
383 + spin_unlock(&tpg->tpg_np_lock);
384 +- iscsit_clear_tpg_np_login_thread(tpg_np, tpg);
385 ++ iscsit_clear_tpg_np_login_thread(tpg_np, tpg, false);
386 + spin_lock(&tpg->tpg_np_lock);
387 + }
388 + spin_unlock(&tpg->tpg_np_lock);
389 +@@ -520,7 +523,7 @@ static int iscsit_tpg_release_np(
390 + struct iscsi_portal_group *tpg,
391 + struct iscsi_np *np)
392 + {
393 +- iscsit_clear_tpg_np_login_thread(tpg_np, tpg);
394 ++ iscsit_clear_tpg_np_login_thread(tpg_np, tpg, true);
395 +
396 + pr_debug("CORE[%s] - Removed Network Portal: %s:%hu,%hu on %s\n",
397 + tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
398 +diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c
399 +index f608fbc14a27..df58a67f81e0 100644
400 +--- a/drivers/target/target_core_alua.c
401 ++++ b/drivers/target/target_core_alua.c
402 +@@ -409,7 +409,16 @@ static inline int core_alua_state_standby(
403 + case REPORT_LUNS:
404 + case RECEIVE_DIAGNOSTIC:
405 + case SEND_DIAGNOSTIC:
406 ++ case READ_CAPACITY:
407 + return 0;
408 ++ case SERVICE_ACTION_IN:
409 ++ switch (cdb[1] & 0x1f) {
410 ++ case SAI_READ_CAPACITY_16:
411 ++ return 0;
412 ++ default:
413 ++ *alua_ascq = ASCQ_04H_ALUA_TG_PT_STANDBY;
414 ++ return 1;
415 ++ }
416 + case MAINTENANCE_IN:
417 + switch (cdb[1] & 0x1f) {
418 + case MI_REPORT_TARGET_PGS:
419 +diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
420 +index 4a8bd36d3958..8cda4080b597 100644
421 +--- a/drivers/target/target_core_configfs.c
422 ++++ b/drivers/target/target_core_configfs.c
423 +@@ -2034,6 +2034,11 @@ static ssize_t target_core_alua_tg_pt_gp_store_attr_alua_access_state(
424 + " tg_pt_gp ID: %hu\n", tg_pt_gp->tg_pt_gp_valid_id);
425 + return -EINVAL;
426 + }
427 ++ if (!(dev->dev_flags & DF_CONFIGURED)) {
428 ++ pr_err("Unable to set alua_access_state while device is"
429 ++ " not configured\n");
430 ++ return -ENODEV;
431 ++ }
432 +
433 + ret = strict_strtoul(page, 0, &tmp);
434 + if (ret < 0) {
435 +diff --git a/fs/attr.c b/fs/attr.c
436 +index 8dd5825ec708..66fa6251c398 100644
437 +--- a/fs/attr.c
438 ++++ b/fs/attr.c
439 +@@ -50,14 +50,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
440 + if ((ia_valid & ATTR_UID) &&
441 + (!uid_eq(current_fsuid(), inode->i_uid) ||
442 + !uid_eq(attr->ia_uid, inode->i_uid)) &&
443 +- !inode_capable(inode, CAP_CHOWN))
444 ++ !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
445 + return -EPERM;
446 +
447 + /* Make sure caller can chgrp. */
448 + if ((ia_valid & ATTR_GID) &&
449 + (!uid_eq(current_fsuid(), inode->i_uid) ||
450 + (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
451 +- !inode_capable(inode, CAP_CHOWN))
452 ++ !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
453 + return -EPERM;
454 +
455 + /* Make sure a caller can chmod. */
456 +@@ -67,7 +67,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
457 + /* Also check the setgid bit! */
458 + if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
459 + inode->i_gid) &&
460 +- !inode_capable(inode, CAP_FSETID))
461 ++ !capable_wrt_inode_uidgid(inode, CAP_FSETID))
462 + attr->ia_mode &= ~S_ISGID;
463 + }
464 +
465 +@@ -160,7 +160,7 @@ void setattr_copy(struct inode *inode, const struct iattr *attr)
466 + umode_t mode = attr->ia_mode;
467 +
468 + if (!in_group_p(inode->i_gid) &&
469 +- !inode_capable(inode, CAP_FSETID))
470 ++ !capable_wrt_inode_uidgid(inode, CAP_FSETID))
471 + mode &= ~S_ISGID;
472 + inode->i_mode = mode;
473 + }
474 +diff --git a/fs/inode.c b/fs/inode.c
475 +index 00d5fc3b86e1..1b300a06b8be 100644
476 +--- a/fs/inode.c
477 ++++ b/fs/inode.c
478 +@@ -1837,14 +1837,18 @@ EXPORT_SYMBOL(inode_init_owner);
479 + * inode_owner_or_capable - check current task permissions to inode
480 + * @inode: inode being checked
481 + *
482 +- * Return true if current either has CAP_FOWNER to the inode, or
483 +- * owns the file.
484 ++ * Return true if current either has CAP_FOWNER in a namespace with the
485 ++ * inode owner uid mapped, or owns the file.
486 + */
487 + bool inode_owner_or_capable(const struct inode *inode)
488 + {
489 ++ struct user_namespace *ns;
490 ++
491 + if (uid_eq(current_fsuid(), inode->i_uid))
492 + return true;
493 +- if (inode_capable(inode, CAP_FOWNER))
494 ++
495 ++ ns = current_user_ns();
496 ++ if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid))
497 + return true;
498 + return false;
499 + }
500 +diff --git a/fs/namei.c b/fs/namei.c
501 +index 1211ee5a1cb3..6ac16a37ded2 100644
502 +--- a/fs/namei.c
503 ++++ b/fs/namei.c
504 +@@ -321,10 +321,11 @@ int generic_permission(struct inode *inode, int mask)
505 +
506 + if (S_ISDIR(inode->i_mode)) {
507 + /* DACs are overridable for directories */
508 +- if (inode_capable(inode, CAP_DAC_OVERRIDE))
509 ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
510 + return 0;
511 + if (!(mask & MAY_WRITE))
512 +- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
513 ++ if (capable_wrt_inode_uidgid(inode,
514 ++ CAP_DAC_READ_SEARCH))
515 + return 0;
516 + return -EACCES;
517 + }
518 +@@ -334,7 +335,7 @@ int generic_permission(struct inode *inode, int mask)
519 + * at least one exec bit set.
520 + */
521 + if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
522 +- if (inode_capable(inode, CAP_DAC_OVERRIDE))
523 ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
524 + return 0;
525 +
526 + /*
527 +@@ -342,7 +343,7 @@ int generic_permission(struct inode *inode, int mask)
528 + */
529 + mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
530 + if (mask == MAY_READ)
531 +- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
532 ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
533 + return 0;
534 +
535 + return -EACCES;
536 +@@ -2199,7 +2200,7 @@ static inline int check_sticky(struct inode *dir, struct inode *inode)
537 + return 0;
538 + if (uid_eq(dir->i_uid, fsuid))
539 + return 0;
540 +- return !inode_capable(inode, CAP_FOWNER);
541 ++ return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
542 + }
543 +
544 + /*
545 +diff --git a/include/linux/capability.h b/include/linux/capability.h
546 +index d9a4f7f40f32..15f90929fb51 100644
547 +--- a/include/linux/capability.h
548 ++++ b/include/linux/capability.h
549 +@@ -211,7 +211,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
550 + extern bool capable(int cap);
551 + extern bool ns_capable(struct user_namespace *ns, int cap);
552 + extern bool nsown_capable(int cap);
553 +-extern bool inode_capable(const struct inode *inode, int cap);
554 ++extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
555 + extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
556 +
557 + /* audit system wants to get cap info from files as well */
558 +diff --git a/kernel/auditsc.c b/kernel/auditsc.c
559 +index 9845cb32b60a..03a3af8538bd 100644
560 +--- a/kernel/auditsc.c
561 ++++ b/kernel/auditsc.c
562 +@@ -733,6 +733,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
563 + return AUDIT_BUILD_CONTEXT;
564 + }
565 +
566 ++static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
567 ++{
568 ++ int word, bit;
569 ++
570 ++ if (val > 0xffffffff)
571 ++ return false;
572 ++
573 ++ word = AUDIT_WORD(val);
574 ++ if (word >= AUDIT_BITMASK_SIZE)
575 ++ return false;
576 ++
577 ++ bit = AUDIT_BIT(val);
578 ++
579 ++ return rule->mask[word] & bit;
580 ++}
581 ++
582 + /* At syscall entry and exit time, this filter is called if the
583 + * audit_state is not low enough that auditing cannot take place, but is
584 + * also not high enough that we already know we have to write an audit
585 +@@ -750,11 +766,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
586 +
587 + rcu_read_lock();
588 + if (!list_empty(list)) {
589 +- int word = AUDIT_WORD(ctx->major);
590 +- int bit = AUDIT_BIT(ctx->major);
591 +-
592 + list_for_each_entry_rcu(e, list, list) {
593 +- if ((e->rule.mask[word] & bit) == bit &&
594 ++ if (audit_in_mask(&e->rule, ctx->major) &&
595 + audit_filter_rules(tsk, &e->rule, ctx, NULL,
596 + &state, false)) {
597 + rcu_read_unlock();
598 +@@ -774,20 +787,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
599 + static int audit_filter_inode_name(struct task_struct *tsk,
600 + struct audit_names *n,
601 + struct audit_context *ctx) {
602 +- int word, bit;
603 + int h = audit_hash_ino((u32)n->ino);
604 + struct list_head *list = &audit_inode_hash[h];
605 + struct audit_entry *e;
606 + enum audit_state state;
607 +
608 +- word = AUDIT_WORD(ctx->major);
609 +- bit = AUDIT_BIT(ctx->major);
610 +-
611 + if (list_empty(list))
612 + return 0;
613 +
614 + list_for_each_entry_rcu(e, list, list) {
615 +- if ((e->rule.mask[word] & bit) == bit &&
616 ++ if (audit_in_mask(&e->rule, ctx->major) &&
617 + audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
618 + ctx->current_state = state;
619 + return 1;
620 +diff --git a/kernel/capability.c b/kernel/capability.c
621 +index f6c2ce5701e1..d52eecc0942b 100644
622 +--- a/kernel/capability.c
623 ++++ b/kernel/capability.c
624 +@@ -445,22 +445,18 @@ bool nsown_capable(int cap)
625 + }
626 +
627 + /**
628 +- * inode_capable - Check superior capability over inode
629 ++ * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
630 + * @inode: The inode in question
631 + * @cap: The capability in question
632 + *
633 +- * Return true if the current task has the given superior capability
634 +- * targeted at it's own user namespace and that the given inode is owned
635 +- * by the current user namespace or a child namespace.
636 +- *
637 +- * Currently we check to see if an inode is owned by the current
638 +- * user namespace by seeing if the inode's owner maps into the
639 +- * current user namespace.
640 +- *
641 ++ * Return true if the current task has the given capability targeted at
642 ++ * its own user namespace and that the given inode's uid and gid are
643 ++ * mapped into the current user namespace.
644 + */
645 +-bool inode_capable(const struct inode *inode, int cap)
646 ++bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
647 + {
648 + struct user_namespace *ns = current_user_ns();
649 +
650 +- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
651 ++ return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
652 ++ kgid_has_mapping(ns, inode->i_gid);
653 + }
654 +diff --git a/mm/compaction.c b/mm/compaction.c
655 +index 18a90b4d0bfc..fb797a32362f 100644
656 +--- a/mm/compaction.c
657 ++++ b/mm/compaction.c
658 +@@ -657,17 +657,21 @@ static void isolate_freepages(struct zone *zone,
659 + struct compact_control *cc)
660 + {
661 + struct page *page;
662 +- unsigned long high_pfn, low_pfn, pfn, z_end_pfn, end_pfn;
663 ++ unsigned long high_pfn, low_pfn, pfn, z_end_pfn;
664 + int nr_freepages = cc->nr_freepages;
665 + struct list_head *freelist = &cc->freepages;
666 +
667 + /*
668 + * Initialise the free scanner. The starting point is where we last
669 +- * scanned from (or the end of the zone if starting). The low point
670 +- * is the end of the pageblock the migration scanner is using.
671 ++ * successfully isolated from, zone-cached value, or the end of the
672 ++ * zone when isolating for the first time. We need this aligned to
673 ++ * the pageblock boundary, because we do pfn -= pageblock_nr_pages
674 ++ * in the for loop.
675 ++ * The low boundary is the end of the pageblock the migration scanner
676 ++ * is using.
677 + */
678 +- pfn = cc->free_pfn;
679 +- low_pfn = cc->migrate_pfn + pageblock_nr_pages;
680 ++ pfn = cc->free_pfn & ~(pageblock_nr_pages-1);
681 ++ low_pfn = ALIGN(cc->migrate_pfn + 1, pageblock_nr_pages);
682 +
683 + /*
684 + * Take care that if the migration scanner is at the end of the zone
685 +@@ -683,9 +687,10 @@ static void isolate_freepages(struct zone *zone,
686 + * pages on cc->migratepages. We stop searching if the migrate
687 + * and free page scanners meet or enough free pages are isolated.
688 + */
689 +- for (; pfn > low_pfn && cc->nr_migratepages > nr_freepages;
690 ++ for (; pfn >= low_pfn && cc->nr_migratepages > nr_freepages;
691 + pfn -= pageblock_nr_pages) {
692 + unsigned long isolated;
693 ++ unsigned long end_pfn;
694 +
695 + if (!pfn_valid(pfn))
696 + continue;
697 +@@ -713,13 +718,10 @@ static void isolate_freepages(struct zone *zone,
698 + isolated = 0;
699 +
700 + /*
701 +- * As pfn may not start aligned, pfn+pageblock_nr_page
702 +- * may cross a MAX_ORDER_NR_PAGES boundary and miss
703 +- * a pfn_valid check. Ensure isolate_freepages_block()
704 +- * only scans within a pageblock
705 ++ * Take care when isolating in last pageblock of a zone which
706 ++ * ends in the middle of a pageblock.
707 + */
708 +- end_pfn = ALIGN(pfn + 1, pageblock_nr_pages);
709 +- end_pfn = min(end_pfn, z_end_pfn);
710 ++ end_pfn = min(pfn + pageblock_nr_pages, z_end_pfn);
711 + isolated = isolate_freepages_block(cc, pfn, end_pfn,
712 + freelist, false);
713 + nr_freepages += isolated;
714 +@@ -738,7 +740,14 @@ static void isolate_freepages(struct zone *zone,
715 + /* split_free_page does not map the pages */
716 + map_pages(freelist);
717 +
718 +- cc->free_pfn = high_pfn;
719 ++ /*
720 ++ * If we crossed the migrate scanner, we want to keep it that way
721 ++ * so that compact_finished() may detect this
722 ++ */
723 ++ if (pfn < low_pfn)
724 ++ cc->free_pfn = max(pfn, zone->zone_start_pfn);
725 ++ else
726 ++ cc->free_pfn = high_pfn;
727 + cc->nr_freepages = nr_freepages;
728 + }
729 +
730 +@@ -947,6 +956,14 @@ static int compact_zone(struct zone *zone, struct compact_control *cc)
731 + }
732 +
733 + /*
734 ++ * Clear pageblock skip if there were failures recently and compaction
735 ++ * is about to be retried after being deferred. kswapd does not do
736 ++ * this reset as it'll reset the cached information when going to sleep.
737 ++ */
738 ++ if (compaction_restarting(zone, cc->order) && !current_is_kswapd())
739 ++ __reset_isolation_suitable(zone);
740 ++
741 ++ /*
742 + * Setup to move all movable pages to the end of the zone. Used cached
743 + * information on where the scanners should start but check that it
744 + * is initialised by ensuring the values are within zone boundaries.
745 +@@ -962,14 +979,6 @@ static int compact_zone(struct zone *zone, struct compact_control *cc)
746 + zone->compact_cached_migrate_pfn = cc->migrate_pfn;
747 + }
748 +
749 +- /*
750 +- * Clear pageblock skip if there were failures recently and compaction
751 +- * is about to be retried after being deferred. kswapd does not do
752 +- * this reset as it'll reset the cached information when going to sleep.
753 +- */
754 +- if (compaction_restarting(zone, cc->order) && !current_is_kswapd())
755 +- __reset_isolation_suitable(zone);
756 +-
757 + migrate_prep_local();
758 +
759 + while ((ret = compact_finished(zone, cc)) == COMPACT_CONTINUE) {
760 +@@ -1003,7 +1012,11 @@ static int compact_zone(struct zone *zone, struct compact_control *cc)
761 + if (err) {
762 + putback_movable_pages(&cc->migratepages);
763 + cc->nr_migratepages = 0;
764 +- if (err == -ENOMEM) {
765 ++ /*
766 ++ * migrate_pages() may return -ENOMEM when scanners meet
767 ++ * and we want compact_finished() to detect it
768 ++ */
769 ++ if (err == -ENOMEM && cc->free_pfn > cc->migrate_pfn) {
770 + ret = COMPACT_PARTIAL;
771 + goto out;
772 + }
773 +diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
774 +index 742815518b0f..4cfb3bd1677c 100644
775 +--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
776 ++++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
777 +@@ -22,7 +22,6 @@
778 + #endif
779 + #include <net/netfilter/nf_conntrack_zones.h>
780 +
781 +-/* Returns new sk_buff, or NULL */
782 + static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
783 + {
784 + int err;
785 +@@ -33,8 +32,10 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
786 + err = ip_defrag(skb, user);
787 + local_bh_enable();
788 +
789 +- if (!err)
790 ++ if (!err) {
791 + ip_send_check(ip_hdr(skb));
792 ++ skb->local_df = 1;
793 ++ }
794 +
795 + return err;
796 + }
797
798 diff --git a/1044_linux-3.10.45.patch b/1044_linux-3.10.45.patch
799 new file mode 100644
800 index 0000000..839b58e
801 --- /dev/null
802 +++ b/1044_linux-3.10.45.patch
803 @@ -0,0 +1,2642 @@
804 +diff --git a/Makefile b/Makefile
805 +index e55476c4aef0..8a63ca1db77a 100644
806 +--- a/Makefile
807 ++++ b/Makefile
808 +@@ -1,6 +1,6 @@
809 + VERSION = 3
810 + PATCHLEVEL = 10
811 +-SUBLEVEL = 44
812 ++SUBLEVEL = 45
813 + EXTRAVERSION =
814 + NAME = TOSSUG Baby Fish
815 +
816 +diff --git a/arch/arm/mach-at91/sysirq_mask.c b/arch/arm/mach-at91/sysirq_mask.c
817 +index 2ba694f9626b..f8bc3511a8c8 100644
818 +--- a/arch/arm/mach-at91/sysirq_mask.c
819 ++++ b/arch/arm/mach-at91/sysirq_mask.c
820 +@@ -25,24 +25,28 @@
821 +
822 + #include "generic.h"
823 +
824 +-#define AT91_RTC_IDR 0x24 /* Interrupt Disable Register */
825 +-#define AT91_RTC_IMR 0x28 /* Interrupt Mask Register */
826 ++#define AT91_RTC_IDR 0x24 /* Interrupt Disable Register */
827 ++#define AT91_RTC_IMR 0x28 /* Interrupt Mask Register */
828 ++#define AT91_RTC_IRQ_MASK 0x1f /* Available IRQs mask */
829 +
830 + void __init at91_sysirq_mask_rtc(u32 rtc_base)
831 + {
832 + void __iomem *base;
833 +- u32 mask;
834 +
835 + base = ioremap(rtc_base, 64);
836 + if (!base)
837 + return;
838 +
839 +- mask = readl_relaxed(base + AT91_RTC_IMR);
840 +- if (mask) {
841 +- pr_info("AT91: Disabling rtc irq\n");
842 +- writel_relaxed(mask, base + AT91_RTC_IDR);
843 +- (void)readl_relaxed(base + AT91_RTC_IMR); /* flush */
844 +- }
845 ++ /*
846 ++ * sam9x5 SoCs have the following errata:
847 ++ * "RTC: Interrupt Mask Register cannot be used
848 ++ * Interrupt Mask Register read always returns 0."
849 ++ *
850 ++ * Hence we're not relying on IMR values to disable
851 ++ * interrupts.
852 ++ */
853 ++ writel_relaxed(AT91_RTC_IRQ_MASK, base + AT91_RTC_IDR);
854 ++ (void)readl_relaxed(base + AT91_RTC_IMR); /* flush */
855 +
856 + iounmap(base);
857 + }
858 +diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c
859 +index dd203e59e6fd..426345ac6f6e 100644
860 +--- a/arch/mips/kvm/kvm_mips.c
861 ++++ b/arch/mips/kvm/kvm_mips.c
862 +@@ -299,7 +299,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
863 + if (cpu_has_veic || cpu_has_vint) {
864 + size = 0x200 + VECTORSPACING * 64;
865 + } else {
866 +- size = 0x200;
867 ++ size = 0x4000;
868 + }
869 +
870 + /* Save Linux EBASE */
871 +diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
872 +index fd95862c65aa..224fc0c71b8a 100644
873 +--- a/arch/sparc/net/bpf_jit_comp.c
874 ++++ b/arch/sparc/net/bpf_jit_comp.c
875 +@@ -83,9 +83,9 @@ static void bpf_flush_icache(void *start_, void *end_)
876 + #define BNE (F2(0, 2) | CONDNE)
877 +
878 + #ifdef CONFIG_SPARC64
879 +-#define BNE_PTR (F2(0, 1) | CONDNE | (2 << 20))
880 ++#define BE_PTR (F2(0, 1) | CONDE | (2 << 20))
881 + #else
882 +-#define BNE_PTR BNE
883 ++#define BE_PTR BE
884 + #endif
885 +
886 + #define SETHI(K, REG) \
887 +@@ -600,7 +600,7 @@ void bpf_jit_compile(struct sk_filter *fp)
888 + case BPF_S_ANC_IFINDEX:
889 + emit_skb_loadptr(dev, r_A);
890 + emit_cmpi(r_A, 0);
891 +- emit_branch(BNE_PTR, cleanup_addr + 4);
892 ++ emit_branch(BE_PTR, cleanup_addr + 4);
893 + emit_nop();
894 + emit_load32(r_A, struct net_device, ifindex, r_A);
895 + break;
896 +@@ -613,7 +613,7 @@ void bpf_jit_compile(struct sk_filter *fp)
897 + case BPF_S_ANC_HATYPE:
898 + emit_skb_loadptr(dev, r_A);
899 + emit_cmpi(r_A, 0);
900 +- emit_branch(BNE_PTR, cleanup_addr + 4);
901 ++ emit_branch(BE_PTR, cleanup_addr + 4);
902 + emit_nop();
903 + emit_load16(r_A, struct net_device, type, r_A);
904 + break;
905 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
906 +index 61d9fed5eb31..279d093524b4 100644
907 +--- a/arch/x86/kvm/lapic.c
908 ++++ b/arch/x86/kvm/lapic.c
909 +@@ -370,6 +370,8 @@ static inline void apic_clear_irr(int vec, struct kvm_lapic *apic)
910 +
911 + static inline void apic_set_isr(int vec, struct kvm_lapic *apic)
912 + {
913 ++ /* Note that we never get here with APIC virtualization enabled. */
914 ++
915 + if (!__apic_test_and_set_vector(vec, apic->regs + APIC_ISR))
916 + ++apic->isr_count;
917 + BUG_ON(apic->isr_count > MAX_APIC_VECTOR);
918 +@@ -381,12 +383,48 @@ static inline void apic_set_isr(int vec, struct kvm_lapic *apic)
919 + apic->highest_isr_cache = vec;
920 + }
921 +
922 ++static inline int apic_find_highest_isr(struct kvm_lapic *apic)
923 ++{
924 ++ int result;
925 ++
926 ++ /*
927 ++ * Note that isr_count is always 1, and highest_isr_cache
928 ++ * is always -1, with APIC virtualization enabled.
929 ++ */
930 ++ if (!apic->isr_count)
931 ++ return -1;
932 ++ if (likely(apic->highest_isr_cache != -1))
933 ++ return apic->highest_isr_cache;
934 ++
935 ++ result = find_highest_vector(apic->regs + APIC_ISR);
936 ++ ASSERT(result == -1 || result >= 16);
937 ++
938 ++ return result;
939 ++}
940 ++
941 + static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
942 + {
943 +- if (__apic_test_and_clear_vector(vec, apic->regs + APIC_ISR))
944 ++ struct kvm_vcpu *vcpu;
945 ++ if (!__apic_test_and_clear_vector(vec, apic->regs + APIC_ISR))
946 ++ return;
947 ++
948 ++ vcpu = apic->vcpu;
949 ++
950 ++ /*
951 ++ * We do get here for APIC virtualization enabled if the guest
952 ++ * uses the Hyper-V APIC enlightenment. In this case we may need
953 ++ * to trigger a new interrupt delivery by writing the SVI field;
954 ++ * on the other hand isr_count and highest_isr_cache are unused
955 ++ * and must be left alone.
956 ++ */
957 ++ if (unlikely(kvm_apic_vid_enabled(vcpu->kvm)))
958 ++ kvm_x86_ops->hwapic_isr_update(vcpu->kvm,
959 ++ apic_find_highest_isr(apic));
960 ++ else {
961 + --apic->isr_count;
962 +- BUG_ON(apic->isr_count < 0);
963 +- apic->highest_isr_cache = -1;
964 ++ BUG_ON(apic->isr_count < 0);
965 ++ apic->highest_isr_cache = -1;
966 ++ }
967 + }
968 +
969 + int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
970 +@@ -466,22 +504,6 @@ static void pv_eoi_clr_pending(struct kvm_vcpu *vcpu)
971 + __clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
972 + }
973 +
974 +-static inline int apic_find_highest_isr(struct kvm_lapic *apic)
975 +-{
976 +- int result;
977 +-
978 +- /* Note that isr_count is always 1 with vid enabled */
979 +- if (!apic->isr_count)
980 +- return -1;
981 +- if (likely(apic->highest_isr_cache != -1))
982 +- return apic->highest_isr_cache;
983 +-
984 +- result = find_highest_vector(apic->regs + APIC_ISR);
985 +- ASSERT(result == -1 || result >= 16);
986 +-
987 +- return result;
988 +-}
989 +-
990 + void kvm_apic_update_tmr(struct kvm_vcpu *vcpu, u32 *tmr)
991 + {
992 + struct kvm_lapic *apic = vcpu->arch.apic;
993 +@@ -1619,6 +1641,8 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu)
994 + int vector = kvm_apic_has_interrupt(vcpu);
995 + struct kvm_lapic *apic = vcpu->arch.apic;
996 +
997 ++ /* Note that we never get here with APIC virtualization enabled. */
998 ++
999 + if (vector == -1)
1000 + return -1;
1001 +
1002 +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
1003 +index 1512e41cd93d..43665d0d0905 100644
1004 +--- a/crypto/crypto_user.c
1005 ++++ b/crypto/crypto_user.c
1006 +@@ -466,7 +466,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1007 + type -= CRYPTO_MSG_BASE;
1008 + link = &crypto_dispatch[type];
1009 +
1010 +- if (!capable(CAP_NET_ADMIN))
1011 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
1012 + return -EPERM;
1013 +
1014 + if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
1015 +diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
1016 +index 18c5b9b16645..3165811e2407 100644
1017 +--- a/drivers/connector/cn_proc.c
1018 ++++ b/drivers/connector/cn_proc.c
1019 +@@ -369,7 +369,7 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
1020 + return;
1021 +
1022 + /* Can only change if privileged. */
1023 +- if (!capable(CAP_NET_ADMIN)) {
1024 ++ if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
1025 + err = EPERM;
1026 + goto out;
1027 + }
1028 +diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
1029 +index deb5c25305af..694173f662d1 100644
1030 +--- a/drivers/hv/hv_balloon.c
1031 ++++ b/drivers/hv/hv_balloon.c
1032 +@@ -19,6 +19,7 @@
1033 + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
1034 +
1035 + #include <linux/kernel.h>
1036 ++#include <linux/jiffies.h>
1037 + #include <linux/mman.h>
1038 + #include <linux/delay.h>
1039 + #include <linux/init.h>
1040 +@@ -459,6 +460,11 @@ static bool do_hot_add;
1041 + */
1042 + static uint pressure_report_delay = 45;
1043 +
1044 ++/*
1045 ++ * The last time we posted a pressure report to host.
1046 ++ */
1047 ++static unsigned long last_post_time;
1048 ++
1049 + module_param(hot_add, bool, (S_IRUGO | S_IWUSR));
1050 + MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add");
1051 +
1052 +@@ -542,6 +548,7 @@ struct hv_dynmem_device {
1053 +
1054 + static struct hv_dynmem_device dm_device;
1055 +
1056 ++static void post_status(struct hv_dynmem_device *dm);
1057 + #ifdef CONFIG_MEMORY_HOTPLUG
1058 +
1059 + static void hv_bring_pgs_online(unsigned long start_pfn, unsigned long size)
1060 +@@ -612,7 +619,7 @@ static void hv_mem_hot_add(unsigned long start, unsigned long size,
1061 + * have not been "onlined" within the allowed time.
1062 + */
1063 + wait_for_completion_timeout(&dm_device.ol_waitevent, 5*HZ);
1064 +-
1065 ++ post_status(&dm_device);
1066 + }
1067 +
1068 + return;
1069 +@@ -951,11 +958,17 @@ static void post_status(struct hv_dynmem_device *dm)
1070 + {
1071 + struct dm_status status;
1072 + struct sysinfo val;
1073 ++ unsigned long now = jiffies;
1074 ++ unsigned long last_post = last_post_time;
1075 +
1076 + if (pressure_report_delay > 0) {
1077 + --pressure_report_delay;
1078 + return;
1079 + }
1080 ++
1081 ++ if (!time_after(now, (last_post_time + HZ)))
1082 ++ return;
1083 ++
1084 + si_meminfo(&val);
1085 + memset(&status, 0, sizeof(struct dm_status));
1086 + status.hdr.type = DM_STATUS_REPORT;
1087 +@@ -983,6 +996,14 @@ static void post_status(struct hv_dynmem_device *dm)
1088 + if (status.hdr.trans_id != atomic_read(&trans_id))
1089 + return;
1090 +
1091 ++ /*
1092 ++ * If the last post time that we sampled has changed,
1093 ++ * we have raced, don't post the status.
1094 ++ */
1095 ++ if (last_post != last_post_time)
1096 ++ return;
1097 ++
1098 ++ last_post_time = jiffies;
1099 + vmbus_sendpacket(dm->dev->channel, &status,
1100 + sizeof(struct dm_status),
1101 + (unsigned long)NULL,
1102 +@@ -1117,7 +1138,7 @@ static void balloon_up(struct work_struct *dummy)
1103 +
1104 + if (ret == -EAGAIN)
1105 + msleep(20);
1106 +-
1107 ++ post_status(&dm_device);
1108 + } while (ret == -EAGAIN);
1109 +
1110 + if (ret) {
1111 +@@ -1144,8 +1165,10 @@ static void balloon_down(struct hv_dynmem_device *dm,
1112 + struct dm_unballoon_response resp;
1113 + int i;
1114 +
1115 +- for (i = 0; i < range_count; i++)
1116 ++ for (i = 0; i < range_count; i++) {
1117 + free_balloon_pages(dm, &range_array[i]);
1118 ++ post_status(&dm_device);
1119 ++ }
1120 +
1121 + if (req->more_pages == 1)
1122 + return;
1123 +diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
1124 +index e5b88d5d3b59..14fdaf0f9d23 100644
1125 +--- a/drivers/iio/adc/at91_adc.c
1126 ++++ b/drivers/iio/adc/at91_adc.c
1127 +@@ -161,12 +161,11 @@ static int at91_adc_channel_init(struct iio_dev *idev)
1128 + return idev->num_channels;
1129 + }
1130 +
1131 +-static u8 at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
1132 ++static int at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
1133 + struct at91_adc_trigger *triggers,
1134 + const char *trigger_name)
1135 + {
1136 + struct at91_adc_state *st = iio_priv(idev);
1137 +- u8 value = 0;
1138 + int i;
1139 +
1140 + for (i = 0; i < st->trigger_number; i++) {
1141 +@@ -179,15 +178,16 @@ static u8 at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
1142 + return -ENOMEM;
1143 +
1144 + if (strcmp(trigger_name, name) == 0) {
1145 +- value = triggers[i].value;
1146 + kfree(name);
1147 +- break;
1148 ++ if (triggers[i].value == 0)
1149 ++ return -EINVAL;
1150 ++ return triggers[i].value;
1151 + }
1152 +
1153 + kfree(name);
1154 + }
1155 +
1156 +- return value;
1157 ++ return -EINVAL;
1158 + }
1159 +
1160 + static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state)
1161 +@@ -197,14 +197,14 @@ static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state)
1162 + struct iio_buffer *buffer = idev->buffer;
1163 + struct at91_adc_reg_desc *reg = st->registers;
1164 + u32 status = at91_adc_readl(st, reg->trigger_register);
1165 +- u8 value;
1166 ++ int value;
1167 + u8 bit;
1168 +
1169 + value = at91_adc_get_trigger_value_by_name(idev,
1170 + st->trigger_list,
1171 + idev->trig->name);
1172 +- if (value == 0)
1173 +- return -EINVAL;
1174 ++ if (value < 0)
1175 ++ return value;
1176 +
1177 + if (state) {
1178 + st->buffer = kmalloc(idev->scan_bytes, GFP_KERNEL);
1179 +diff --git a/drivers/iio/adc/max1363.c b/drivers/iio/adc/max1363.c
1180 +index 9e6da72ad823..b2b5dcbf7122 100644
1181 +--- a/drivers/iio/adc/max1363.c
1182 ++++ b/drivers/iio/adc/max1363.c
1183 +@@ -1214,8 +1214,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
1184 + .num_modes = ARRAY_SIZE(max1238_mode_list),
1185 + .default_mode = s0to11,
1186 + .info = &max1238_info,
1187 +- .channels = max1238_channels,
1188 +- .num_channels = ARRAY_SIZE(max1238_channels),
1189 ++ .channels = max1038_channels,
1190 ++ .num_channels = ARRAY_SIZE(max1038_channels),
1191 + },
1192 + [max11605] = {
1193 + .bits = 8,
1194 +@@ -1224,8 +1224,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
1195 + .num_modes = ARRAY_SIZE(max1238_mode_list),
1196 + .default_mode = s0to11,
1197 + .info = &max1238_info,
1198 +- .channels = max1238_channels,
1199 +- .num_channels = ARRAY_SIZE(max1238_channels),
1200 ++ .channels = max1038_channels,
1201 ++ .num_channels = ARRAY_SIZE(max1038_channels),
1202 + },
1203 + [max11606] = {
1204 + .bits = 10,
1205 +@@ -1274,8 +1274,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
1206 + .num_modes = ARRAY_SIZE(max1238_mode_list),
1207 + .default_mode = s0to11,
1208 + .info = &max1238_info,
1209 +- .channels = max1238_channels,
1210 +- .num_channels = ARRAY_SIZE(max1238_channels),
1211 ++ .channels = max1138_channels,
1212 ++ .num_channels = ARRAY_SIZE(max1138_channels),
1213 + },
1214 + [max11611] = {
1215 + .bits = 10,
1216 +@@ -1284,8 +1284,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
1217 + .num_modes = ARRAY_SIZE(max1238_mode_list),
1218 + .default_mode = s0to11,
1219 + .info = &max1238_info,
1220 +- .channels = max1238_channels,
1221 +- .num_channels = ARRAY_SIZE(max1238_channels),
1222 ++ .channels = max1138_channels,
1223 ++ .num_channels = ARRAY_SIZE(max1138_channels),
1224 + },
1225 + [max11612] = {
1226 + .bits = 12,
1227 +diff --git a/drivers/iio/magnetometer/ak8975.c b/drivers/iio/magnetometer/ak8975.c
1228 +index af6c320a534e..53f829004a03 100644
1229 +--- a/drivers/iio/magnetometer/ak8975.c
1230 ++++ b/drivers/iio/magnetometer/ak8975.c
1231 +@@ -276,8 +276,6 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val)
1232 + {
1233 + struct ak8975_data *data = iio_priv(indio_dev);
1234 + struct i2c_client *client = data->client;
1235 +- u16 meas_reg;
1236 +- s16 raw;
1237 + int ret;
1238 +
1239 + mutex_lock(&data->lock);
1240 +@@ -322,16 +320,11 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val)
1241 + dev_err(&client->dev, "Read axis data fails\n");
1242 + goto exit;
1243 + }
1244 +- meas_reg = ret;
1245 +
1246 + mutex_unlock(&data->lock);
1247 +
1248 +- /* Endian conversion of the measured values. */
1249 +- raw = (s16) (le16_to_cpu(meas_reg));
1250 +-
1251 + /* Clamp to valid range. */
1252 +- raw = clamp_t(s16, raw, -4096, 4095);
1253 +- *val = raw;
1254 ++ *val = clamp_t(s16, ret, -4096, 4095);
1255 + return IIO_VAL_INT;
1256 +
1257 + exit:
1258 +diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
1259 +index 1b195fc7f411..3fb2643d05b4 100644
1260 +--- a/drivers/net/ethernet/mellanox/mlx4/main.c
1261 ++++ b/drivers/net/ethernet/mellanox/mlx4/main.c
1262 +@@ -2129,13 +2129,8 @@ static int __mlx4_init_one(struct pci_dev *pdev, int pci_dev_data)
1263 + /* Allow large DMA segments, up to the firmware limit of 1 GB */
1264 + dma_set_max_seg_size(&pdev->dev, 1024 * 1024 * 1024);
1265 +
1266 +- priv = kzalloc(sizeof(*priv), GFP_KERNEL);
1267 +- if (!priv) {
1268 +- err = -ENOMEM;
1269 +- goto err_release_regions;
1270 +- }
1271 +-
1272 +- dev = &priv->dev;
1273 ++ dev = pci_get_drvdata(pdev);
1274 ++ priv = mlx4_priv(dev);
1275 + dev->pdev = pdev;
1276 + INIT_LIST_HEAD(&priv->ctx_list);
1277 + spin_lock_init(&priv->ctx_lock);
1278 +@@ -2300,8 +2295,7 @@ slave_start:
1279 + mlx4_sense_init(dev);
1280 + mlx4_start_sense(dev);
1281 +
1282 +- priv->pci_dev_data = pci_dev_data;
1283 +- pci_set_drvdata(pdev, dev);
1284 ++ priv->removed = 0;
1285 +
1286 + return 0;
1287 +
1288 +@@ -2367,84 +2361,110 @@ err_disable_pdev:
1289 +
1290 + static int mlx4_init_one(struct pci_dev *pdev, const struct pci_device_id *id)
1291 + {
1292 ++ struct mlx4_priv *priv;
1293 ++ struct mlx4_dev *dev;
1294 ++
1295 + printk_once(KERN_INFO "%s", mlx4_version);
1296 +
1297 ++ priv = kzalloc(sizeof(*priv), GFP_KERNEL);
1298 ++ if (!priv)
1299 ++ return -ENOMEM;
1300 ++
1301 ++ dev = &priv->dev;
1302 ++ pci_set_drvdata(pdev, dev);
1303 ++ priv->pci_dev_data = id->driver_data;
1304 ++
1305 + return __mlx4_init_one(pdev, id->driver_data);
1306 + }
1307 +
1308 +-static void mlx4_remove_one(struct pci_dev *pdev)
1309 ++static void __mlx4_remove_one(struct pci_dev *pdev)
1310 + {
1311 + struct mlx4_dev *dev = pci_get_drvdata(pdev);
1312 + struct mlx4_priv *priv = mlx4_priv(dev);
1313 ++ int pci_dev_data;
1314 + int p;
1315 +
1316 +- if (dev) {
1317 +- /* in SRIOV it is not allowed to unload the pf's
1318 +- * driver while there are alive vf's */
1319 +- if (mlx4_is_master(dev)) {
1320 +- if (mlx4_how_many_lives_vf(dev))
1321 +- printk(KERN_ERR "Removing PF when there are assigned VF's !!!\n");
1322 +- }
1323 +- mlx4_stop_sense(dev);
1324 +- mlx4_unregister_device(dev);
1325 ++ if (priv->removed)
1326 ++ return;
1327 +
1328 +- for (p = 1; p <= dev->caps.num_ports; p++) {
1329 +- mlx4_cleanup_port_info(&priv->port[p]);
1330 +- mlx4_CLOSE_PORT(dev, p);
1331 +- }
1332 ++ pci_dev_data = priv->pci_dev_data;
1333 +
1334 +- if (mlx4_is_master(dev))
1335 +- mlx4_free_resource_tracker(dev,
1336 +- RES_TR_FREE_SLAVES_ONLY);
1337 +-
1338 +- mlx4_cleanup_counters_table(dev);
1339 +- mlx4_cleanup_mcg_table(dev);
1340 +- mlx4_cleanup_qp_table(dev);
1341 +- mlx4_cleanup_srq_table(dev);
1342 +- mlx4_cleanup_cq_table(dev);
1343 +- mlx4_cmd_use_polling(dev);
1344 +- mlx4_cleanup_eq_table(dev);
1345 +- mlx4_cleanup_mr_table(dev);
1346 +- mlx4_cleanup_xrcd_table(dev);
1347 +- mlx4_cleanup_pd_table(dev);
1348 ++ /* in SRIOV it is not allowed to unload the pf's
1349 ++ * driver while there are alive vf's */
1350 ++ if (mlx4_is_master(dev)) {
1351 ++ if (mlx4_how_many_lives_vf(dev))
1352 ++ printk(KERN_ERR "Removing PF when there are assigned VF's !!!\n");
1353 ++ }
1354 ++ mlx4_stop_sense(dev);
1355 ++ mlx4_unregister_device(dev);
1356 +
1357 +- if (mlx4_is_master(dev))
1358 +- mlx4_free_resource_tracker(dev,
1359 +- RES_TR_FREE_STRUCTS_ONLY);
1360 +-
1361 +- iounmap(priv->kar);
1362 +- mlx4_uar_free(dev, &priv->driver_uar);
1363 +- mlx4_cleanup_uar_table(dev);
1364 +- if (!mlx4_is_slave(dev))
1365 +- mlx4_clear_steering(dev);
1366 +- mlx4_free_eq_table(dev);
1367 +- if (mlx4_is_master(dev))
1368 +- mlx4_multi_func_cleanup(dev);
1369 +- mlx4_close_hca(dev);
1370 +- if (mlx4_is_slave(dev))
1371 +- mlx4_multi_func_cleanup(dev);
1372 +- mlx4_cmd_cleanup(dev);
1373 +-
1374 +- if (dev->flags & MLX4_FLAG_MSI_X)
1375 +- pci_disable_msix(pdev);
1376 +- if (dev->flags & MLX4_FLAG_SRIOV) {
1377 +- mlx4_warn(dev, "Disabling SR-IOV\n");
1378 +- pci_disable_sriov(pdev);
1379 +- }
1380 ++ for (p = 1; p <= dev->caps.num_ports; p++) {
1381 ++ mlx4_cleanup_port_info(&priv->port[p]);
1382 ++ mlx4_CLOSE_PORT(dev, p);
1383 ++ }
1384 ++
1385 ++ if (mlx4_is_master(dev))
1386 ++ mlx4_free_resource_tracker(dev,
1387 ++ RES_TR_FREE_SLAVES_ONLY);
1388 ++
1389 ++ mlx4_cleanup_counters_table(dev);
1390 ++ mlx4_cleanup_qp_table(dev);
1391 ++ mlx4_cleanup_srq_table(dev);
1392 ++ mlx4_cleanup_cq_table(dev);
1393 ++ mlx4_cmd_use_polling(dev);
1394 ++ mlx4_cleanup_eq_table(dev);
1395 ++ mlx4_cleanup_mcg_table(dev);
1396 ++ mlx4_cleanup_mr_table(dev);
1397 ++ mlx4_cleanup_xrcd_table(dev);
1398 ++ mlx4_cleanup_pd_table(dev);
1399 +
1400 +- if (!mlx4_is_slave(dev))
1401 +- mlx4_free_ownership(dev);
1402 ++ if (mlx4_is_master(dev))
1403 ++ mlx4_free_resource_tracker(dev,
1404 ++ RES_TR_FREE_STRUCTS_ONLY);
1405 +
1406 +- kfree(dev->caps.qp0_tunnel);
1407 +- kfree(dev->caps.qp0_proxy);
1408 +- kfree(dev->caps.qp1_tunnel);
1409 +- kfree(dev->caps.qp1_proxy);
1410 ++ iounmap(priv->kar);
1411 ++ mlx4_uar_free(dev, &priv->driver_uar);
1412 ++ mlx4_cleanup_uar_table(dev);
1413 ++ if (!mlx4_is_slave(dev))
1414 ++ mlx4_clear_steering(dev);
1415 ++ mlx4_free_eq_table(dev);
1416 ++ if (mlx4_is_master(dev))
1417 ++ mlx4_multi_func_cleanup(dev);
1418 ++ mlx4_close_hca(dev);
1419 ++ if (mlx4_is_slave(dev))
1420 ++ mlx4_multi_func_cleanup(dev);
1421 ++ mlx4_cmd_cleanup(dev);
1422 +
1423 +- kfree(priv);
1424 +- pci_release_regions(pdev);
1425 +- pci_disable_device(pdev);
1426 +- pci_set_drvdata(pdev, NULL);
1427 ++ if (dev->flags & MLX4_FLAG_MSI_X)
1428 ++ pci_disable_msix(pdev);
1429 ++ if (dev->flags & MLX4_FLAG_SRIOV) {
1430 ++ mlx4_warn(dev, "Disabling SR-IOV\n");
1431 ++ pci_disable_sriov(pdev);
1432 + }
1433 ++
1434 ++ if (!mlx4_is_slave(dev))
1435 ++ mlx4_free_ownership(dev);
1436 ++
1437 ++ kfree(dev->caps.qp0_tunnel);
1438 ++ kfree(dev->caps.qp0_proxy);
1439 ++ kfree(dev->caps.qp1_tunnel);
1440 ++ kfree(dev->caps.qp1_proxy);
1441 ++
1442 ++ pci_release_regions(pdev);
1443 ++ pci_disable_device(pdev);
1444 ++ memset(priv, 0, sizeof(*priv));
1445 ++ priv->pci_dev_data = pci_dev_data;
1446 ++ priv->removed = 1;
1447 ++}
1448 ++
1449 ++static void mlx4_remove_one(struct pci_dev *pdev)
1450 ++{
1451 ++ struct mlx4_dev *dev = pci_get_drvdata(pdev);
1452 ++ struct mlx4_priv *priv = mlx4_priv(dev);
1453 ++
1454 ++ __mlx4_remove_one(pdev);
1455 ++ kfree(priv);
1456 ++ pci_set_drvdata(pdev, NULL);
1457 + }
1458 +
1459 + int mlx4_restart_one(struct pci_dev *pdev)
1460 +@@ -2454,7 +2474,7 @@ int mlx4_restart_one(struct pci_dev *pdev)
1461 + int pci_dev_data;
1462 +
1463 + pci_dev_data = priv->pci_dev_data;
1464 +- mlx4_remove_one(pdev);
1465 ++ __mlx4_remove_one(pdev);
1466 + return __mlx4_init_one(pdev, pci_dev_data);
1467 + }
1468 +
1469 +@@ -2509,7 +2529,7 @@ MODULE_DEVICE_TABLE(pci, mlx4_pci_table);
1470 + static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
1471 + pci_channel_state_t state)
1472 + {
1473 +- mlx4_remove_one(pdev);
1474 ++ __mlx4_remove_one(pdev);
1475 +
1476 + return state == pci_channel_io_perm_failure ?
1477 + PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_NEED_RESET;
1478 +@@ -2517,7 +2537,11 @@ static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
1479 +
1480 + static pci_ers_result_t mlx4_pci_slot_reset(struct pci_dev *pdev)
1481 + {
1482 +- int ret = __mlx4_init_one(pdev, 0);
1483 ++ struct mlx4_dev *dev = pci_get_drvdata(pdev);
1484 ++ struct mlx4_priv *priv = mlx4_priv(dev);
1485 ++ int ret;
1486 ++
1487 ++ ret = __mlx4_init_one(pdev, priv->pci_dev_data);
1488 +
1489 + return ret ? PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_RECOVERED;
1490 + }
1491 +diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4.h b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
1492 +index df15bb6631cc..da4f0002fd27 100644
1493 +--- a/drivers/net/ethernet/mellanox/mlx4/mlx4.h
1494 ++++ b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
1495 +@@ -743,6 +743,7 @@ struct mlx4_priv {
1496 + spinlock_t ctx_lock;
1497 +
1498 + int pci_dev_data;
1499 ++ int removed;
1500 +
1501 + struct list_head pgdir_list;
1502 + struct mutex pgdir_mutex;
1503 +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
1504 +index c12aeaee22fa..155ef4bbde91 100644
1505 +--- a/drivers/net/macvlan.c
1506 ++++ b/drivers/net/macvlan.c
1507 +@@ -961,7 +961,6 @@ static int macvlan_device_event(struct notifier_block *unused,
1508 + list_for_each_entry_safe(vlan, next, &port->vlans, list)
1509 + vlan->dev->rtnl_link_ops->dellink(vlan->dev, &list_kill);
1510 + unregister_netdevice_many(&list_kill);
1511 +- list_del(&list_kill);
1512 + break;
1513 + case NETDEV_PRE_TYPE_CHANGE:
1514 + /* Forbid underlaying device to change its type. */
1515 +diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
1516 +index fe3fd77821bf..12222290c802 100644
1517 +--- a/drivers/net/team/team.c
1518 ++++ b/drivers/net/team/team.c
1519 +@@ -1542,6 +1542,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
1520 + * to traverse list in reverse under rcu_read_lock
1521 + */
1522 + mutex_lock(&team->lock);
1523 ++ team->port_mtu_change_allowed = true;
1524 + list_for_each_entry(port, &team->port_list, list) {
1525 + err = dev_set_mtu(port->dev, new_mtu);
1526 + if (err) {
1527 +@@ -1550,6 +1551,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
1528 + goto unwind;
1529 + }
1530 + }
1531 ++ team->port_mtu_change_allowed = false;
1532 + mutex_unlock(&team->lock);
1533 +
1534 + dev->mtu = new_mtu;
1535 +@@ -1559,6 +1561,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
1536 + unwind:
1537 + list_for_each_entry_continue_reverse(port, &team->port_list, list)
1538 + dev_set_mtu(port->dev, dev->mtu);
1539 ++ team->port_mtu_change_allowed = false;
1540 + mutex_unlock(&team->lock);
1541 +
1542 + return err;
1543 +@@ -2678,7 +2681,9 @@ static int team_device_event(struct notifier_block *unused,
1544 + break;
1545 + case NETDEV_CHANGEMTU:
1546 + /* Forbid to change mtu of underlaying device */
1547 +- return NOTIFY_BAD;
1548 ++ if (!port->team->port_mtu_change_allowed)
1549 ++ return NOTIFY_BAD;
1550 ++ break;
1551 + case NETDEV_PRE_TYPE_CHANGE:
1552 + /* Forbid to change type of underlaying device */
1553 + return NOTIFY_BAD;
1554 +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
1555 +index 7be4860ccfd7..6fb0082b3308 100644
1556 +--- a/drivers/net/usb/qmi_wwan.c
1557 ++++ b/drivers/net/usb/qmi_wwan.c
1558 +@@ -739,7 +739,12 @@ static const struct usb_device_id products[] = {
1559 + {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
1560 + {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
1561 + {QMI_FIXED_INTF(0x1bc7, 0x1201, 2)}, /* Telit LE920 */
1562 +- {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
1563 ++ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */
1564 ++ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */
1565 ++ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */
1566 ++ {QMI_FIXED_INTF(0x0b3c, 0xc004, 6)}, /* Olivetti Olicard 155 */
1567 ++ {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
1568 ++ {QMI_FIXED_INTF(0x0b3c, 0xc00a, 6)}, /* Olivetti Olicard 160 */
1569 + {QMI_FIXED_INTF(0x0b3c, 0xc00b, 4)}, /* Olivetti Olicard 500 */
1570 + {QMI_FIXED_INTF(0x1e2d, 0x0060, 4)}, /* Cinterion PLxx */
1571 + {QMI_FIXED_INTF(0x1e2d, 0x0053, 4)}, /* Cinterion PHxx,PXxx */
1572 +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
1573 +index 9673edfff451..fcbd4eee52cc 100644
1574 +--- a/drivers/net/vxlan.c
1575 ++++ b/drivers/net/vxlan.c
1576 +@@ -1314,7 +1314,7 @@ static void vxlan_setup(struct net_device *dev)
1577 +
1578 + eth_hw_addr_random(dev);
1579 + ether_setup(dev);
1580 +- dev->hard_header_len = ETH_HLEN + VXLAN_HEADROOM;
1581 ++ dev->needed_headroom = ETH_HLEN + VXLAN_HEADROOM;
1582 +
1583 + dev->netdev_ops = &vxlan_netdev_ops;
1584 + dev->destructor = vxlan_free;
1585 +@@ -1454,7 +1454,7 @@ static int vxlan_newlink(struct net *net, struct net_device *dev,
1586 + dev->mtu = lowerdev->mtu - VXLAN_HEADROOM;
1587 +
1588 + /* update header length based on lower device */
1589 +- dev->hard_header_len = lowerdev->hard_header_len +
1590 ++ dev->needed_headroom = lowerdev->hard_header_len +
1591 + VXLAN_HEADROOM;
1592 + }
1593 +
1594 +diff --git a/drivers/rtc/rtc-at91rm9200.c b/drivers/rtc/rtc-at91rm9200.c
1595 +index 1237c2173c6d..e51cc5fec98a 100644
1596 +--- a/drivers/rtc/rtc-at91rm9200.c
1597 ++++ b/drivers/rtc/rtc-at91rm9200.c
1598 +@@ -49,6 +49,7 @@ struct at91_rtc_config {
1599 +
1600 + static const struct at91_rtc_config *at91_rtc_config;
1601 + static DECLARE_COMPLETION(at91_rtc_updated);
1602 ++static DECLARE_COMPLETION(at91_rtc_upd_rdy);
1603 + static unsigned int at91_alarm_year = AT91_RTC_EPOCH;
1604 + static void __iomem *at91_rtc_regs;
1605 + static int irq;
1606 +@@ -162,6 +163,8 @@ static int at91_rtc_settime(struct device *dev, struct rtc_time *tm)
1607 + 1900 + tm->tm_year, tm->tm_mon, tm->tm_mday,
1608 + tm->tm_hour, tm->tm_min, tm->tm_sec);
1609 +
1610 ++ wait_for_completion(&at91_rtc_upd_rdy);
1611 ++
1612 + /* Stop Time/Calendar from counting */
1613 + cr = at91_rtc_read(AT91_RTC_CR);
1614 + at91_rtc_write(AT91_RTC_CR, cr | AT91_RTC_UPDCAL | AT91_RTC_UPDTIM);
1615 +@@ -184,7 +187,9 @@ static int at91_rtc_settime(struct device *dev, struct rtc_time *tm)
1616 +
1617 + /* Restart Time/Calendar */
1618 + cr = at91_rtc_read(AT91_RTC_CR);
1619 ++ at91_rtc_write(AT91_RTC_SCCR, AT91_RTC_SECEV);
1620 + at91_rtc_write(AT91_RTC_CR, cr & ~(AT91_RTC_UPDCAL | AT91_RTC_UPDTIM));
1621 ++ at91_rtc_write_ier(AT91_RTC_SECEV);
1622 +
1623 + return 0;
1624 + }
1625 +@@ -291,8 +296,10 @@ static irqreturn_t at91_rtc_interrupt(int irq, void *dev_id)
1626 + if (rtsr) { /* this interrupt is shared! Is it ours? */
1627 + if (rtsr & AT91_RTC_ALARM)
1628 + events |= (RTC_AF | RTC_IRQF);
1629 +- if (rtsr & AT91_RTC_SECEV)
1630 +- events |= (RTC_UF | RTC_IRQF);
1631 ++ if (rtsr & AT91_RTC_SECEV) {
1632 ++ complete(&at91_rtc_upd_rdy);
1633 ++ at91_rtc_write_idr(AT91_RTC_SECEV);
1634 ++ }
1635 + if (rtsr & AT91_RTC_ACKUPD)
1636 + complete(&at91_rtc_updated);
1637 +
1638 +@@ -415,6 +422,11 @@ static int __init at91_rtc_probe(struct platform_device *pdev)
1639 + }
1640 + platform_set_drvdata(pdev, rtc);
1641 +
1642 ++ /* enable SECEV interrupt in order to initialize at91_rtc_upd_rdy
1643 ++ * completion.
1644 ++ */
1645 ++ at91_rtc_write_ier(AT91_RTC_SECEV);
1646 ++
1647 + dev_info(&pdev->dev, "AT91 Real Time Clock driver.\n");
1648 + return 0;
1649 +
1650 +diff --git a/drivers/scsi/scsi_netlink.c b/drivers/scsi/scsi_netlink.c
1651 +index fe30ea94ffe6..109802f776ed 100644
1652 +--- a/drivers/scsi/scsi_netlink.c
1653 ++++ b/drivers/scsi/scsi_netlink.c
1654 +@@ -77,7 +77,7 @@ scsi_nl_rcv_msg(struct sk_buff *skb)
1655 + goto next_msg;
1656 + }
1657 +
1658 +- if (!capable(CAP_SYS_ADMIN)) {
1659 ++ if (!netlink_capable(skb, CAP_SYS_ADMIN)) {
1660 + err = -EPERM;
1661 + goto next_msg;
1662 + }
1663 +diff --git a/drivers/staging/iio/light/tsl2x7x_core.c b/drivers/staging/iio/light/tsl2x7x_core.c
1664 +index c99f890cc6c6..64c73adfa3b0 100644
1665 +--- a/drivers/staging/iio/light/tsl2x7x_core.c
1666 ++++ b/drivers/staging/iio/light/tsl2x7x_core.c
1667 +@@ -672,9 +672,13 @@ static int tsl2x7x_chip_on(struct iio_dev *indio_dev)
1668 + chip->tsl2x7x_config[TSL2X7X_PRX_COUNT] =
1669 + chip->tsl2x7x_settings.prox_pulse_count;
1670 + chip->tsl2x7x_config[TSL2X7X_PRX_MINTHRESHLO] =
1671 +- chip->tsl2x7x_settings.prox_thres_low;
1672 ++ (chip->tsl2x7x_settings.prox_thres_low) & 0xFF;
1673 ++ chip->tsl2x7x_config[TSL2X7X_PRX_MINTHRESHHI] =
1674 ++ (chip->tsl2x7x_settings.prox_thres_low >> 8) & 0xFF;
1675 + chip->tsl2x7x_config[TSL2X7X_PRX_MAXTHRESHLO] =
1676 +- chip->tsl2x7x_settings.prox_thres_high;
1677 ++ (chip->tsl2x7x_settings.prox_thres_high) & 0xFF;
1678 ++ chip->tsl2x7x_config[TSL2X7X_PRX_MAXTHRESHHI] =
1679 ++ (chip->tsl2x7x_settings.prox_thres_high >> 8) & 0xFF;
1680 +
1681 + /* and make sure we're not already on */
1682 + if (chip->tsl2x7x_chip_status == TSL2X7X_CHIP_WORKING) {
1683 +diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
1684 +index 130a1e4f96a1..3c9a8dfd1c2e 100644
1685 +--- a/drivers/target/iscsi/iscsi_target_auth.c
1686 ++++ b/drivers/target/iscsi/iscsi_target_auth.c
1687 +@@ -316,6 +316,16 @@ static int chap_server_compute_md5(
1688 + goto out;
1689 + }
1690 + /*
1691 ++ * During mutual authentication, the CHAP_C generated by the
1692 ++ * initiator must not match the original CHAP_C generated by
1693 ++ * the target.
1694 ++ */
1695 ++ if (!memcmp(challenge_binhex, chap->challenge, CHAP_CHALLENGE_LENGTH)) {
1696 ++ pr_err("initiator CHAP_C matches target CHAP_C, failing"
1697 ++ " login attempt\n");
1698 ++ goto out;
1699 ++ }
1700 ++ /*
1701 + * Generate CHAP_N and CHAP_R for mutual authentication.
1702 + */
1703 + tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
1704 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
1705 +index 89cce1a32059..fbf3f11aed2c 100644
1706 +--- a/drivers/usb/class/cdc-acm.c
1707 ++++ b/drivers/usb/class/cdc-acm.c
1708 +@@ -122,13 +122,23 @@ static void acm_release_minor(struct acm *acm)
1709 + static int acm_ctrl_msg(struct acm *acm, int request, int value,
1710 + void *buf, int len)
1711 + {
1712 +- int retval = usb_control_msg(acm->dev, usb_sndctrlpipe(acm->dev, 0),
1713 ++ int retval;
1714 ++
1715 ++ retval = usb_autopm_get_interface(acm->control);
1716 ++ if (retval)
1717 ++ return retval;
1718 ++
1719 ++ retval = usb_control_msg(acm->dev, usb_sndctrlpipe(acm->dev, 0),
1720 + request, USB_RT_ACM, value,
1721 + acm->control->altsetting[0].desc.bInterfaceNumber,
1722 + buf, len, 5000);
1723 ++
1724 + dev_dbg(&acm->control->dev,
1725 + "%s - rq 0x%02x, val %#x, len %#x, result %d\n",
1726 + __func__, request, value, len, retval);
1727 ++
1728 ++ usb_autopm_put_interface(acm->control);
1729 ++
1730 + return retval < 0 ? retval : 0;
1731 + }
1732 +
1733 +@@ -233,12 +243,9 @@ static int acm_write_start(struct acm *acm, int wbn)
1734 + acm->susp_count);
1735 + usb_autopm_get_interface_async(acm->control);
1736 + if (acm->susp_count) {
1737 +- if (!acm->delayed_wb)
1738 +- acm->delayed_wb = wb;
1739 +- else
1740 +- usb_autopm_put_interface_async(acm->control);
1741 ++ usb_anchor_urb(wb->urb, &acm->delayed);
1742 + spin_unlock_irqrestore(&acm->write_lock, flags);
1743 +- return 0; /* A white lie */
1744 ++ return 0;
1745 + }
1746 + usb_mark_last_busy(acm->dev);
1747 +
1748 +@@ -516,6 +523,7 @@ static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)
1749 + {
1750 + struct acm *acm = container_of(port, struct acm, port);
1751 + int retval = -ENODEV;
1752 ++ int i;
1753 +
1754 + dev_dbg(&acm->control->dev, "%s\n", __func__);
1755 +
1756 +@@ -564,6 +572,8 @@ static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)
1757 + return 0;
1758 +
1759 + error_submit_read_urbs:
1760 ++ for (i = 0; i < acm->rx_buflimit; i++)
1761 ++ usb_kill_urb(acm->read_urbs[i]);
1762 + acm->ctrlout = 0;
1763 + acm_set_control(acm, acm->ctrlout);
1764 + error_set_control:
1765 +@@ -591,21 +601,35 @@ static void acm_port_destruct(struct tty_port *port)
1766 + static void acm_port_shutdown(struct tty_port *port)
1767 + {
1768 + struct acm *acm = container_of(port, struct acm, port);
1769 ++ struct urb *urb;
1770 ++ struct acm_wb *wb;
1771 + int i;
1772 ++ int pm_err;
1773 +
1774 + dev_dbg(&acm->control->dev, "%s\n", __func__);
1775 +
1776 + mutex_lock(&acm->mutex);
1777 + if (!acm->disconnected) {
1778 +- usb_autopm_get_interface(acm->control);
1779 ++ pm_err = usb_autopm_get_interface(acm->control);
1780 + acm_set_control(acm, acm->ctrlout = 0);
1781 ++
1782 ++ for (;;) {
1783 ++ urb = usb_get_from_anchor(&acm->delayed);
1784 ++ if (!urb)
1785 ++ break;
1786 ++ wb = urb->context;
1787 ++ wb->use = 0;
1788 ++ usb_autopm_put_interface_async(acm->control);
1789 ++ }
1790 ++
1791 + usb_kill_urb(acm->ctrlurb);
1792 + for (i = 0; i < ACM_NW; i++)
1793 + usb_kill_urb(acm->wb[i].urb);
1794 + for (i = 0; i < acm->rx_buflimit; i++)
1795 + usb_kill_urb(acm->read_urbs[i]);
1796 + acm->control->needs_remote_wakeup = 0;
1797 +- usb_autopm_put_interface(acm->control);
1798 ++ if (!pm_err)
1799 ++ usb_autopm_put_interface(acm->control);
1800 + }
1801 + mutex_unlock(&acm->mutex);
1802 + }
1803 +@@ -1190,6 +1214,7 @@ made_compressed_probe:
1804 + acm->bInterval = epread->bInterval;
1805 + tty_port_init(&acm->port);
1806 + acm->port.ops = &acm_port_ops;
1807 ++ init_usb_anchor(&acm->delayed);
1808 +
1809 + buf = usb_alloc_coherent(usb_dev, ctrlsize, GFP_KERNEL, &acm->ctrl_dma);
1810 + if (!buf) {
1811 +@@ -1434,18 +1459,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
1812 + struct acm *acm = usb_get_intfdata(intf);
1813 + int cnt;
1814 +
1815 ++ spin_lock_irq(&acm->read_lock);
1816 ++ spin_lock(&acm->write_lock);
1817 + if (PMSG_IS_AUTO(message)) {
1818 +- int b;
1819 +-
1820 +- spin_lock_irq(&acm->write_lock);
1821 +- b = acm->transmitting;
1822 +- spin_unlock_irq(&acm->write_lock);
1823 +- if (b)
1824 ++ if (acm->transmitting) {
1825 ++ spin_unlock(&acm->write_lock);
1826 ++ spin_unlock_irq(&acm->read_lock);
1827 + return -EBUSY;
1828 ++ }
1829 + }
1830 +-
1831 +- spin_lock_irq(&acm->read_lock);
1832 +- spin_lock(&acm->write_lock);
1833 + cnt = acm->susp_count++;
1834 + spin_unlock(&acm->write_lock);
1835 + spin_unlock_irq(&acm->read_lock);
1836 +@@ -1453,8 +1475,7 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
1837 + if (cnt)
1838 + return 0;
1839 +
1840 +- if (test_bit(ASYNCB_INITIALIZED, &acm->port.flags))
1841 +- stop_data_traffic(acm);
1842 ++ stop_data_traffic(acm);
1843 +
1844 + return 0;
1845 + }
1846 +@@ -1462,29 +1483,24 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
1847 + static int acm_resume(struct usb_interface *intf)
1848 + {
1849 + struct acm *acm = usb_get_intfdata(intf);
1850 +- struct acm_wb *wb;
1851 ++ struct urb *urb;
1852 + int rv = 0;
1853 +- int cnt;
1854 +
1855 + spin_lock_irq(&acm->read_lock);
1856 +- acm->susp_count -= 1;
1857 +- cnt = acm->susp_count;
1858 +- spin_unlock_irq(&acm->read_lock);
1859 ++ spin_lock(&acm->write_lock);
1860 +
1861 +- if (cnt)
1862 +- return 0;
1863 ++ if (--acm->susp_count)
1864 ++ goto out;
1865 +
1866 + if (test_bit(ASYNCB_INITIALIZED, &acm->port.flags)) {
1867 +- rv = usb_submit_urb(acm->ctrlurb, GFP_NOIO);
1868 +-
1869 +- spin_lock_irq(&acm->write_lock);
1870 +- if (acm->delayed_wb) {
1871 +- wb = acm->delayed_wb;
1872 +- acm->delayed_wb = NULL;
1873 +- spin_unlock_irq(&acm->write_lock);
1874 +- acm_start_wb(acm, wb);
1875 +- } else {
1876 +- spin_unlock_irq(&acm->write_lock);
1877 ++ rv = usb_submit_urb(acm->ctrlurb, GFP_ATOMIC);
1878 ++
1879 ++ for (;;) {
1880 ++ urb = usb_get_from_anchor(&acm->delayed);
1881 ++ if (!urb)
1882 ++ break;
1883 ++
1884 ++ acm_start_wb(acm, urb->context);
1885 + }
1886 +
1887 + /*
1888 +@@ -1492,12 +1508,14 @@ static int acm_resume(struct usb_interface *intf)
1889 + * do the write path at all cost
1890 + */
1891 + if (rv < 0)
1892 +- goto err_out;
1893 ++ goto out;
1894 +
1895 +- rv = acm_submit_read_urbs(acm, GFP_NOIO);
1896 ++ rv = acm_submit_read_urbs(acm, GFP_ATOMIC);
1897 + }
1898 ++out:
1899 ++ spin_unlock(&acm->write_lock);
1900 ++ spin_unlock_irq(&acm->read_lock);
1901 +
1902 +-err_out:
1903 + return rv;
1904 + }
1905 +
1906 +diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
1907 +index 0f76e4af600e..1683ac161cf6 100644
1908 +--- a/drivers/usb/class/cdc-acm.h
1909 ++++ b/drivers/usb/class/cdc-acm.h
1910 +@@ -117,7 +117,7 @@ struct acm {
1911 + unsigned int throttled:1; /* actually throttled */
1912 + unsigned int throttle_req:1; /* throttle requested */
1913 + u8 bInterval;
1914 +- struct acm_wb *delayed_wb; /* write queued for a device about to be woken */
1915 ++ struct usb_anchor delayed; /* writes queued for a device about to be woken */
1916 + };
1917 +
1918 + #define CDC_DATA_INTERFACE_TYPE 0x0a
1919 +diff --git a/include/linux/if_team.h b/include/linux/if_team.h
1920 +index 16fae6436d0e..25b8b15197b0 100644
1921 +--- a/include/linux/if_team.h
1922 ++++ b/include/linux/if_team.h
1923 +@@ -193,6 +193,7 @@ struct team {
1924 + bool user_carrier_enabled;
1925 + bool queue_override_enabled;
1926 + struct list_head *qom_lists; /* array of queue override mapping lists */
1927 ++ bool port_mtu_change_allowed;
1928 + long mode_priv[TEAM_MODE_PRIV_LONGS];
1929 + };
1930 +
1931 +diff --git a/include/linux/netlink.h b/include/linux/netlink.h
1932 +index 6358da5eeee8..9516dad45109 100644
1933 +--- a/include/linux/netlink.h
1934 ++++ b/include/linux/netlink.h
1935 +@@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
1936 + }
1937 +
1938 + enum netlink_skb_flags {
1939 +- NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
1940 +- NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
1941 +- NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
1942 ++ NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
1943 ++ NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
1944 ++ NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
1945 ++ NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */
1946 + };
1947 +
1948 + struct netlink_skb_parms {
1949 +@@ -144,4 +145,11 @@ static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
1950 + return __netlink_dump_start(ssk, skb, nlh, control);
1951 + }
1952 +
1953 ++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
1954 ++ struct user_namespace *ns, int cap);
1955 ++bool netlink_ns_capable(const struct sk_buff *skb,
1956 ++ struct user_namespace *ns, int cap);
1957 ++bool netlink_capable(const struct sk_buff *skb, int cap);
1958 ++bool netlink_net_capable(const struct sk_buff *skb, int cap);
1959 ++
1960 + #endif /* __LINUX_NETLINK_H */
1961 +diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
1962 +index 302ab805b0bb..46cca4c06848 100644
1963 +--- a/include/linux/sock_diag.h
1964 ++++ b/include/linux/sock_diag.h
1965 +@@ -23,7 +23,7 @@ int sock_diag_check_cookie(void *sk, __u32 *cookie);
1966 + void sock_diag_save_cookie(void *sk, __u32 *cookie);
1967 +
1968 + int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr);
1969 +-int sock_diag_put_filterinfo(struct sock *sk,
1970 ++int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
1971 + struct sk_buff *skb, int attrtype);
1972 +
1973 + #endif
1974 +diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
1975 +index 53f464d7cddc..6ca347a0717e 100644
1976 +--- a/include/net/inetpeer.h
1977 ++++ b/include/net/inetpeer.h
1978 +@@ -178,16 +178,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
1979 + /* can be called with or without local BH being disabled */
1980 + static inline int inet_getid(struct inet_peer *p, int more)
1981 + {
1982 +- int old, new;
1983 + more++;
1984 + inet_peer_refcheck(p);
1985 +- do {
1986 +- old = atomic_read(&p->ip_id_count);
1987 +- new = old + more;
1988 +- if (!new)
1989 +- new = 1;
1990 +- } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old);
1991 +- return new;
1992 ++ return atomic_add_return(more, &p->ip_id_count) - more;
1993 + }
1994 +
1995 + #endif /* _NET_INETPEER_H */
1996 +diff --git a/include/net/sock.h b/include/net/sock.h
1997 +index 8f32b779bc83..72f710d2f75a 100644
1998 +--- a/include/net/sock.h
1999 ++++ b/include/net/sock.h
2000 +@@ -2248,6 +2248,11 @@ extern void sock_enable_timestamp(struct sock *sk, int flag);
2001 + extern int sock_get_timestamp(struct sock *, struct timeval __user *);
2002 + extern int sock_get_timestampns(struct sock *, struct timespec __user *);
2003 +
2004 ++bool sk_ns_capable(const struct sock *sk,
2005 ++ struct user_namespace *user_ns, int cap);
2006 ++bool sk_capable(const struct sock *sk, int cap);
2007 ++bool sk_net_capable(const struct sock *sk, int cap);
2008 ++
2009 + /*
2010 + * Enable debug/info messages
2011 + */
2012 +diff --git a/include/sound/core.h b/include/sound/core.h
2013 +index 5bfe5136441c..97cd9c3592f7 100644
2014 +--- a/include/sound/core.h
2015 ++++ b/include/sound/core.h
2016 +@@ -120,6 +120,8 @@ struct snd_card {
2017 + int user_ctl_count; /* count of all user controls */
2018 + struct list_head controls; /* all controls for this card */
2019 + struct list_head ctl_files; /* active control files */
2020 ++ struct mutex user_ctl_lock; /* protects user controls against
2021 ++ concurrent access */
2022 +
2023 + struct snd_info_entry *proc_root; /* root for soundcard specific files */
2024 + struct snd_info_entry *proc_id; /* the card id */
2025 +diff --git a/include/uapi/sound/compress_offload.h b/include/uapi/sound/compress_offload.h
2026 +index 5759810e1c1b..21eed488783f 100644
2027 +--- a/include/uapi/sound/compress_offload.h
2028 ++++ b/include/uapi/sound/compress_offload.h
2029 +@@ -80,7 +80,7 @@ struct snd_compr_tstamp {
2030 + struct snd_compr_avail {
2031 + __u64 avail;
2032 + struct snd_compr_tstamp tstamp;
2033 +-};
2034 ++} __attribute__((packed));
2035 +
2036 + enum snd_compr_direction {
2037 + SND_COMPRESS_PLAYBACK = 0,
2038 +diff --git a/kernel/audit.c b/kernel/audit.c
2039 +index 6def25f1b351..a6c632757e57 100644
2040 +--- a/kernel/audit.c
2041 ++++ b/kernel/audit.c
2042 +@@ -593,13 +593,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
2043 + case AUDIT_TTY_SET:
2044 + case AUDIT_TRIM:
2045 + case AUDIT_MAKE_EQUIV:
2046 +- if (!capable(CAP_AUDIT_CONTROL))
2047 ++ if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
2048 + err = -EPERM;
2049 + break;
2050 + case AUDIT_USER:
2051 + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
2052 + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
2053 +- if (!capable(CAP_AUDIT_WRITE))
2054 ++ if (!netlink_capable(skb, CAP_AUDIT_WRITE))
2055 + err = -EPERM;
2056 + break;
2057 + default: /* bad msg */
2058 +diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
2059 +index 4251374578bc..67f7a2d2efbc 100644
2060 +--- a/kernel/time/tick-sched.c
2061 ++++ b/kernel/time/tick-sched.c
2062 +@@ -720,8 +720,10 @@ static bool can_stop_idle_tick(int cpu, struct tick_sched *ts)
2063 + return false;
2064 + }
2065 +
2066 +- if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE))
2067 ++ if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE)) {
2068 ++ ts->sleep_length = (ktime_t) { .tv64 = NSEC_PER_SEC/HZ };
2069 + return false;
2070 ++ }
2071 +
2072 + if (need_resched())
2073 + return false;
2074 +diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
2075 +index 569985d522d5..8563081e8da3 100644
2076 +--- a/lib/lzo/lzo1x_decompress_safe.c
2077 ++++ b/lib/lzo/lzo1x_decompress_safe.c
2078 +@@ -19,11 +19,31 @@
2079 + #include <linux/lzo.h>
2080 + #include "lzodefs.h"
2081 +
2082 +-#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
2083 +-#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
2084 +-#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
2085 +-#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
2086 +-#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
2087 ++#define HAVE_IP(t, x) \
2088 ++ (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
2089 ++ (((t + x) >= t) && ((t + x) >= x)))
2090 ++
2091 ++#define HAVE_OP(t, x) \
2092 ++ (((size_t)(op_end - op) >= (size_t)(t + x)) && \
2093 ++ (((t + x) >= t) && ((t + x) >= x)))
2094 ++
2095 ++#define NEED_IP(t, x) \
2096 ++ do { \
2097 ++ if (!HAVE_IP(t, x)) \
2098 ++ goto input_overrun; \
2099 ++ } while (0)
2100 ++
2101 ++#define NEED_OP(t, x) \
2102 ++ do { \
2103 ++ if (!HAVE_OP(t, x)) \
2104 ++ goto output_overrun; \
2105 ++ } while (0)
2106 ++
2107 ++#define TEST_LB(m_pos) \
2108 ++ do { \
2109 ++ if ((m_pos) < out) \
2110 ++ goto lookbehind_overrun; \
2111 ++ } while (0)
2112 +
2113 + int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
2114 + unsigned char *out, size_t *out_len)
2115 +@@ -58,14 +78,14 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
2116 + while (unlikely(*ip == 0)) {
2117 + t += 255;
2118 + ip++;
2119 +- NEED_IP(1);
2120 ++ NEED_IP(1, 0);
2121 + }
2122 + t += 15 + *ip++;
2123 + }
2124 + t += 3;
2125 + copy_literal_run:
2126 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
2127 +- if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
2128 ++ if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
2129 + const unsigned char *ie = ip + t;
2130 + unsigned char *oe = op + t;
2131 + do {
2132 +@@ -81,8 +101,8 @@ copy_literal_run:
2133 + } else
2134 + #endif
2135 + {
2136 +- NEED_OP(t);
2137 +- NEED_IP(t + 3);
2138 ++ NEED_OP(t, 0);
2139 ++ NEED_IP(t, 3);
2140 + do {
2141 + *op++ = *ip++;
2142 + } while (--t > 0);
2143 +@@ -95,7 +115,7 @@ copy_literal_run:
2144 + m_pos -= t >> 2;
2145 + m_pos -= *ip++ << 2;
2146 + TEST_LB(m_pos);
2147 +- NEED_OP(2);
2148 ++ NEED_OP(2, 0);
2149 + op[0] = m_pos[0];
2150 + op[1] = m_pos[1];
2151 + op += 2;
2152 +@@ -119,10 +139,10 @@ copy_literal_run:
2153 + while (unlikely(*ip == 0)) {
2154 + t += 255;
2155 + ip++;
2156 +- NEED_IP(1);
2157 ++ NEED_IP(1, 0);
2158 + }
2159 + t += 31 + *ip++;
2160 +- NEED_IP(2);
2161 ++ NEED_IP(2, 0);
2162 + }
2163 + m_pos = op - 1;
2164 + next = get_unaligned_le16(ip);
2165 +@@ -137,10 +157,10 @@ copy_literal_run:
2166 + while (unlikely(*ip == 0)) {
2167 + t += 255;
2168 + ip++;
2169 +- NEED_IP(1);
2170 ++ NEED_IP(1, 0);
2171 + }
2172 + t += 7 + *ip++;
2173 +- NEED_IP(2);
2174 ++ NEED_IP(2, 0);
2175 + }
2176 + next = get_unaligned_le16(ip);
2177 + ip += 2;
2178 +@@ -154,7 +174,7 @@ copy_literal_run:
2179 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
2180 + if (op - m_pos >= 8) {
2181 + unsigned char *oe = op + t;
2182 +- if (likely(HAVE_OP(t + 15))) {
2183 ++ if (likely(HAVE_OP(t, 15))) {
2184 + do {
2185 + COPY8(op, m_pos);
2186 + op += 8;
2187 +@@ -164,7 +184,7 @@ copy_literal_run:
2188 + m_pos += 8;
2189 + } while (op < oe);
2190 + op = oe;
2191 +- if (HAVE_IP(6)) {
2192 ++ if (HAVE_IP(6, 0)) {
2193 + state = next;
2194 + COPY4(op, ip);
2195 + op += next;
2196 +@@ -172,7 +192,7 @@ copy_literal_run:
2197 + continue;
2198 + }
2199 + } else {
2200 +- NEED_OP(t);
2201 ++ NEED_OP(t, 0);
2202 + do {
2203 + *op++ = *m_pos++;
2204 + } while (op < oe);
2205 +@@ -181,7 +201,7 @@ copy_literal_run:
2206 + #endif
2207 + {
2208 + unsigned char *oe = op + t;
2209 +- NEED_OP(t);
2210 ++ NEED_OP(t, 0);
2211 + op[0] = m_pos[0];
2212 + op[1] = m_pos[1];
2213 + op += 2;
2214 +@@ -194,15 +214,15 @@ match_next:
2215 + state = next;
2216 + t = next;
2217 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
2218 +- if (likely(HAVE_IP(6) && HAVE_OP(4))) {
2219 ++ if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
2220 + COPY4(op, ip);
2221 + op += t;
2222 + ip += t;
2223 + } else
2224 + #endif
2225 + {
2226 +- NEED_IP(t + 3);
2227 +- NEED_OP(t);
2228 ++ NEED_IP(t, 3);
2229 ++ NEED_OP(t, 0);
2230 + while (t > 0) {
2231 + *op++ = *ip++;
2232 + t--;
2233 +diff --git a/lib/nlattr.c b/lib/nlattr.c
2234 +index fc6754720ced..10ad042d01be 100644
2235 +--- a/lib/nlattr.c
2236 ++++ b/lib/nlattr.c
2237 +@@ -201,8 +201,8 @@ int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
2238 + }
2239 +
2240 + if (unlikely(rem > 0))
2241 +- printk(KERN_WARNING "netlink: %d bytes leftover after parsing "
2242 +- "attributes.\n", rem);
2243 ++ pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
2244 ++ rem, current->comm);
2245 +
2246 + err = 0;
2247 + errout:
2248 +diff --git a/net/can/gw.c b/net/can/gw.c
2249 +index 3ee690e8c7d3..de25455b4e3e 100644
2250 +--- a/net/can/gw.c
2251 ++++ b/net/can/gw.c
2252 +@@ -784,7 +784,7 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh)
2253 + struct cgw_job *gwj;
2254 + int err = 0;
2255 +
2256 +- if (!capable(CAP_NET_ADMIN))
2257 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2258 + return -EPERM;
2259 +
2260 + if (nlmsg_len(nlh) < sizeof(*r))
2261 +@@ -876,7 +876,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
2262 + struct can_can_gw ccgw;
2263 + int err = 0;
2264 +
2265 +- if (!capable(CAP_NET_ADMIN))
2266 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2267 + return -EPERM;
2268 +
2269 + if (nlmsg_len(nlh) < sizeof(*r))
2270 +diff --git a/net/core/dev.c b/net/core/dev.c
2271 +index 56383a3e5d71..cca7ae0ba915 100644
2272 +--- a/net/core/dev.c
2273 ++++ b/net/core/dev.c
2274 +@@ -5827,6 +5827,9 @@ EXPORT_SYMBOL(unregister_netdevice_queue);
2275 + /**
2276 + * unregister_netdevice_many - unregister many devices
2277 + * @head: list of devices
2278 ++ *
2279 ++ * Note: As most callers use a stack allocated list_head,
2280 ++ * we force a list_del() to make sure stack wont be corrupted later.
2281 + */
2282 + void unregister_netdevice_many(struct list_head *head)
2283 + {
2284 +@@ -5836,6 +5839,7 @@ void unregister_netdevice_many(struct list_head *head)
2285 + rollback_registered_many(head);
2286 + list_for_each_entry(dev, head, unreg_list)
2287 + net_set_todo(dev);
2288 ++ list_del(head);
2289 + }
2290 + }
2291 + EXPORT_SYMBOL(unregister_netdevice_many);
2292 +@@ -6252,7 +6256,6 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
2293 + }
2294 + }
2295 + unregister_netdevice_many(&dev_kill_list);
2296 +- list_del(&dev_kill_list);
2297 + rtnl_unlock();
2298 + }
2299 +
2300 +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
2301 +index 87ec574ffac8..ae43dd807bb2 100644
2302 +--- a/net/core/rtnetlink.c
2303 ++++ b/net/core/rtnetlink.c
2304 +@@ -1044,6 +1044,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
2305 + struct nlattr *tb[IFLA_MAX+1];
2306 + u32 ext_filter_mask = 0;
2307 + int err;
2308 ++ int hdrlen;
2309 +
2310 + s_h = cb->args[0];
2311 + s_idx = cb->args[1];
2312 +@@ -1051,8 +1052,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
2313 + rcu_read_lock();
2314 + cb->seq = net->dev_base_seq;
2315 +
2316 +- if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
2317 +- ifla_policy) >= 0) {
2318 ++ /* A hack to preserve kernel<->userspace interface.
2319 ++ * The correct header is ifinfomsg. It is consistent with rtnl_getlink.
2320 ++ * However, before Linux v3.9 the code here assumed rtgenmsg and that's
2321 ++ * what iproute2 < v3.9.0 used.
2322 ++ * We can detect the old iproute2. Even including the IFLA_EXT_MASK
2323 ++ * attribute, its netlink message is shorter than struct ifinfomsg.
2324 ++ */
2325 ++ hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
2326 ++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
2327 ++
2328 ++ if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
2329 +
2330 + if (tb[IFLA_EXT_MASK])
2331 + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
2332 +@@ -1294,7 +1304,8 @@ static int do_set_master(struct net_device *dev, int ifindex)
2333 + return 0;
2334 + }
2335 +
2336 +-static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
2337 ++static int do_setlink(const struct sk_buff *skb,
2338 ++ struct net_device *dev, struct ifinfomsg *ifm,
2339 + struct nlattr **tb, char *ifname, int modified)
2340 + {
2341 + const struct net_device_ops *ops = dev->netdev_ops;
2342 +@@ -1306,7 +1317,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
2343 + err = PTR_ERR(net);
2344 + goto errout;
2345 + }
2346 +- if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
2347 ++ if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
2348 + err = -EPERM;
2349 + goto errout;
2350 + }
2351 +@@ -1560,7 +1571,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
2352 + if (err < 0)
2353 + goto errout;
2354 +
2355 +- err = do_setlink(dev, ifm, tb, ifname, 0);
2356 ++ err = do_setlink(skb, dev, ifm, tb, ifname, 0);
2357 + errout:
2358 + return err;
2359 + }
2360 +@@ -1600,7 +1611,6 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
2361 +
2362 + ops->dellink(dev, &list_kill);
2363 + unregister_netdevice_many(&list_kill);
2364 +- list_del(&list_kill);
2365 + return 0;
2366 + }
2367 +
2368 +@@ -1678,7 +1688,8 @@ err:
2369 + }
2370 + EXPORT_SYMBOL(rtnl_create_link);
2371 +
2372 +-static int rtnl_group_changelink(struct net *net, int group,
2373 ++static int rtnl_group_changelink(const struct sk_buff *skb,
2374 ++ struct net *net, int group,
2375 + struct ifinfomsg *ifm,
2376 + struct nlattr **tb)
2377 + {
2378 +@@ -1687,7 +1698,7 @@ static int rtnl_group_changelink(struct net *net, int group,
2379 +
2380 + for_each_netdev(net, dev) {
2381 + if (dev->group == group) {
2382 +- err = do_setlink(dev, ifm, tb, NULL, 0);
2383 ++ err = do_setlink(skb, dev, ifm, tb, NULL, 0);
2384 + if (err < 0)
2385 + return err;
2386 + }
2387 +@@ -1789,12 +1800,12 @@ replay:
2388 + modified = 1;
2389 + }
2390 +
2391 +- return do_setlink(dev, ifm, tb, ifname, modified);
2392 ++ return do_setlink(skb, dev, ifm, tb, ifname, modified);
2393 + }
2394 +
2395 + if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
2396 + if (ifm->ifi_index == 0 && tb[IFLA_GROUP])
2397 +- return rtnl_group_changelink(net,
2398 ++ return rtnl_group_changelink(skb, net,
2399 + nla_get_u32(tb[IFLA_GROUP]),
2400 + ifm, tb);
2401 + return -ENODEV;
2402 +@@ -1906,9 +1917,13 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
2403 + struct nlattr *tb[IFLA_MAX+1];
2404 + u32 ext_filter_mask = 0;
2405 + u16 min_ifinfo_dump_size = 0;
2406 ++ int hdrlen;
2407 ++
2408 ++ /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */
2409 ++ hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ?
2410 ++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
2411 +
2412 +- if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
2413 +- ifla_policy) >= 0) {
2414 ++ if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
2415 + if (tb[IFLA_EXT_MASK])
2416 + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
2417 + }
2418 +@@ -2179,7 +2194,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh)
2419 + int err = -EINVAL;
2420 + __u8 *addr;
2421 +
2422 +- if (!capable(CAP_NET_ADMIN))
2423 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2424 + return -EPERM;
2425 +
2426 + err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
2427 +@@ -2635,7 +2650,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2428 + sz_idx = type>>2;
2429 + kind = type&3;
2430 +
2431 +- if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2432 ++ if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN))
2433 + return -EPERM;
2434 +
2435 + if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
2436 +diff --git a/net/core/sock.c b/net/core/sock.c
2437 +index d743099250f4..af65d17517b8 100644
2438 +--- a/net/core/sock.c
2439 ++++ b/net/core/sock.c
2440 +@@ -142,6 +142,55 @@
2441 + static DEFINE_MUTEX(proto_list_mutex);
2442 + static LIST_HEAD(proto_list);
2443 +
2444 ++/**
2445 ++ * sk_ns_capable - General socket capability test
2446 ++ * @sk: Socket to use a capability on or through
2447 ++ * @user_ns: The user namespace of the capability to use
2448 ++ * @cap: The capability to use
2449 ++ *
2450 ++ * Test to see if the opener of the socket had when the socket was
2451 ++ * created and the current process has the capability @cap in the user
2452 ++ * namespace @user_ns.
2453 ++ */
2454 ++bool sk_ns_capable(const struct sock *sk,
2455 ++ struct user_namespace *user_ns, int cap)
2456 ++{
2457 ++ return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
2458 ++ ns_capable(user_ns, cap);
2459 ++}
2460 ++EXPORT_SYMBOL(sk_ns_capable);
2461 ++
2462 ++/**
2463 ++ * sk_capable - Socket global capability test
2464 ++ * @sk: Socket to use a capability on or through
2465 ++ * @cap: The global capbility to use
2466 ++ *
2467 ++ * Test to see if the opener of the socket had when the socket was
2468 ++ * created and the current process has the capability @cap in all user
2469 ++ * namespaces.
2470 ++ */
2471 ++bool sk_capable(const struct sock *sk, int cap)
2472 ++{
2473 ++ return sk_ns_capable(sk, &init_user_ns, cap);
2474 ++}
2475 ++EXPORT_SYMBOL(sk_capable);
2476 ++
2477 ++/**
2478 ++ * sk_net_capable - Network namespace socket capability test
2479 ++ * @sk: Socket to use a capability on or through
2480 ++ * @cap: The capability to use
2481 ++ *
2482 ++ * Test to see if the opener of the socket had when the socke was created
2483 ++ * and the current process has the capability @cap over the network namespace
2484 ++ * the socket is a member of.
2485 ++ */
2486 ++bool sk_net_capable(const struct sock *sk, int cap)
2487 ++{
2488 ++ return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
2489 ++}
2490 ++EXPORT_SYMBOL(sk_net_capable);
2491 ++
2492 ++
2493 + #ifdef CONFIG_MEMCG_KMEM
2494 + int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
2495 + {
2496 +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
2497 +index 6a7fae228634..c38e7a2b5a8e 100644
2498 +--- a/net/core/sock_diag.c
2499 ++++ b/net/core/sock_diag.c
2500 +@@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
2501 + }
2502 + EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);
2503 +
2504 +-int sock_diag_put_filterinfo(struct sock *sk,
2505 ++int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
2506 + struct sk_buff *skb, int attrtype)
2507 + {
2508 + struct nlattr *attr;
2509 +@@ -57,7 +57,7 @@ int sock_diag_put_filterinfo(struct sock *sk,
2510 + unsigned int len;
2511 + int err = 0;
2512 +
2513 +- if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
2514 ++ if (!may_report_filterinfo) {
2515 + nla_reserve(skb, attrtype, 0);
2516 + return 0;
2517 + }
2518 +diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
2519 +index 40d5829ed36a..1074ffb6d533 100644
2520 +--- a/net/dcb/dcbnl.c
2521 ++++ b/net/dcb/dcbnl.c
2522 +@@ -1670,7 +1670,7 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
2523 + struct nlmsghdr *reply_nlh = NULL;
2524 + const struct reply_func *fn;
2525 +
2526 +- if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN))
2527 ++ if ((nlh->nlmsg_type == RTM_SETDCB) && !netlink_capable(skb, CAP_NET_ADMIN))
2528 + return -EPERM;
2529 +
2530 + ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX,
2531 +diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
2532 +index 7d9197063ebb..b5e52100a89a 100644
2533 +--- a/net/decnet/dn_dev.c
2534 ++++ b/net/decnet/dn_dev.c
2535 +@@ -573,7 +573,7 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
2536 + struct dn_ifaddr __rcu **ifap;
2537 + int err = -EINVAL;
2538 +
2539 +- if (!capable(CAP_NET_ADMIN))
2540 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2541 + return -EPERM;
2542 +
2543 + if (!net_eq(net, &init_net))
2544 +@@ -617,7 +617,7 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
2545 + struct dn_ifaddr *ifa;
2546 + int err;
2547 +
2548 +- if (!capable(CAP_NET_ADMIN))
2549 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2550 + return -EPERM;
2551 +
2552 + if (!net_eq(net, &init_net))
2553 +diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
2554 +index 57dc159245ec..d332aefb0846 100644
2555 +--- a/net/decnet/dn_fib.c
2556 ++++ b/net/decnet/dn_fib.c
2557 +@@ -505,7 +505,7 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
2558 + struct nlattr *attrs[RTA_MAX+1];
2559 + int err;
2560 +
2561 +- if (!capable(CAP_NET_ADMIN))
2562 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2563 + return -EPERM;
2564 +
2565 + if (!net_eq(net, &init_net))
2566 +@@ -530,7 +530,7 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
2567 + struct nlattr *attrs[RTA_MAX+1];
2568 + int err;
2569 +
2570 +- if (!capable(CAP_NET_ADMIN))
2571 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2572 + return -EPERM;
2573 +
2574 + if (!net_eq(net, &init_net))
2575 +diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
2576 +index 2a7efe388344..f3dc69a41d63 100644
2577 +--- a/net/decnet/netfilter/dn_rtmsg.c
2578 ++++ b/net/decnet/netfilter/dn_rtmsg.c
2579 +@@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
2580 + if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
2581 + return;
2582 +
2583 +- if (!capable(CAP_NET_ADMIN))
2584 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2585 + RCV_SKB_FAIL(-EPERM);
2586 +
2587 + /* Eventually we might send routing messages too */
2588 +diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
2589 +index 19e36376d2a0..5f3dc1df04bf 100644
2590 +--- a/net/ipv4/datagram.c
2591 ++++ b/net/ipv4/datagram.c
2592 +@@ -86,18 +86,26 @@ out:
2593 + }
2594 + EXPORT_SYMBOL(ip4_datagram_connect);
2595 +
2596 ++/* Because UDP xmit path can manipulate sk_dst_cache without holding
2597 ++ * socket lock, we need to use sk_dst_set() here,
2598 ++ * even if we own the socket lock.
2599 ++ */
2600 + void ip4_datagram_release_cb(struct sock *sk)
2601 + {
2602 + const struct inet_sock *inet = inet_sk(sk);
2603 + const struct ip_options_rcu *inet_opt;
2604 + __be32 daddr = inet->inet_daddr;
2605 ++ struct dst_entry *dst;
2606 + struct flowi4 fl4;
2607 + struct rtable *rt;
2608 +
2609 +- if (! __sk_dst_get(sk) || __sk_dst_check(sk, 0))
2610 +- return;
2611 +-
2612 + rcu_read_lock();
2613 ++
2614 ++ dst = __sk_dst_get(sk);
2615 ++ if (!dst || !dst->obsolete || dst->ops->check(dst, 0)) {
2616 ++ rcu_read_unlock();
2617 ++ return;
2618 ++ }
2619 + inet_opt = rcu_dereference(inet->inet_opt);
2620 + if (inet_opt && inet_opt->opt.srr)
2621 + daddr = inet_opt->opt.faddr;
2622 +@@ -105,8 +113,10 @@ void ip4_datagram_release_cb(struct sock *sk)
2623 + inet->inet_saddr, inet->inet_dport,
2624 + inet->inet_sport, sk->sk_protocol,
2625 + RT_CONN_FLAGS(sk), sk->sk_bound_dev_if);
2626 +- if (!IS_ERR(rt))
2627 +- __sk_dst_set(sk, &rt->dst);
2628 ++
2629 ++ dst = !IS_ERR(rt) ? &rt->dst : NULL;
2630 ++ sk_dst_set(sk, dst);
2631 ++
2632 + rcu_read_unlock();
2633 + }
2634 + EXPORT_SYMBOL_GPL(ip4_datagram_release_cb);
2635 +diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
2636 +index f5cc7b331511..897b784e9c05 100644
2637 +--- a/net/ipv4/ipip.c
2638 ++++ b/net/ipv4/ipip.c
2639 +@@ -149,13 +149,13 @@ static int ipip_err(struct sk_buff *skb, u32 info)
2640 +
2641 + if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
2642 + ipv4_update_pmtu(skb, dev_net(skb->dev), info,
2643 +- t->dev->ifindex, 0, IPPROTO_IPIP, 0);
2644 ++ t->parms.link, 0, IPPROTO_IPIP, 0);
2645 + err = 0;
2646 + goto out;
2647 + }
2648 +
2649 + if (type == ICMP_REDIRECT) {
2650 +- ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
2651 ++ ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
2652 + IPPROTO_IPIP, 0);
2653 + err = 0;
2654 + goto out;
2655 +@@ -483,4 +483,5 @@ static void __exit ipip_fini(void)
2656 + module_init(ipip_init);
2657 + module_exit(ipip_fini);
2658 + MODULE_LICENSE("GPL");
2659 ++MODULE_ALIAS_RTNL_LINK("ipip");
2660 + MODULE_ALIAS_NETDEV("tunl0");
2661 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
2662 +index e15d330919af..ba7d2b7ad9f9 100644
2663 +--- a/net/ipv4/tcp_input.c
2664 ++++ b/net/ipv4/tcp_input.c
2665 +@@ -2720,13 +2720,12 @@ static void tcp_process_loss(struct sock *sk, int flag, bool is_dupack)
2666 + bool recovered = !before(tp->snd_una, tp->high_seq);
2667 +
2668 + if (tp->frto) { /* F-RTO RFC5682 sec 3.1 (sack enhanced version). */
2669 +- if (flag & FLAG_ORIG_SACK_ACKED) {
2670 +- /* Step 3.b. A timeout is spurious if not all data are
2671 +- * lost, i.e., never-retransmitted data are (s)acked.
2672 +- */
2673 +- tcp_try_undo_loss(sk, true);
2674 ++ /* Step 3.b. A timeout is spurious if not all data are
2675 ++ * lost, i.e., never-retransmitted data are (s)acked.
2676 ++ */
2677 ++ if (tcp_try_undo_loss(sk, flag & FLAG_ORIG_SACK_ACKED))
2678 + return;
2679 +- }
2680 ++
2681 + if (after(tp->snd_nxt, tp->high_seq) &&
2682 + (flag & FLAG_DATA_SACKED || is_dupack)) {
2683 + tp->frto = 0; /* Loss was real: 2nd part of step 3.a */
2684 +diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
2685 +index 73d7f68da557..a0ecdf596f2f 100644
2686 +--- a/net/ipv6/ip6_tunnel.c
2687 ++++ b/net/ipv6/ip6_tunnel.c
2688 +@@ -61,6 +61,7 @@
2689 + MODULE_AUTHOR("Ville Nuorvala");
2690 + MODULE_DESCRIPTION("IPv6 tunneling device");
2691 + MODULE_LICENSE("GPL");
2692 ++MODULE_ALIAS_RTNL_LINK("ip6tnl");
2693 + MODULE_ALIAS_NETDEV("ip6tnl0");
2694 +
2695 + #ifdef IP6_TNL_DEBUG
2696 +diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
2697 +index c2e73e647e44..3d2c81a66d6a 100644
2698 +--- a/net/ipv6/output_core.c
2699 ++++ b/net/ipv6/output_core.c
2700 +@@ -9,7 +9,7 @@
2701 + void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
2702 + {
2703 + static atomic_t ipv6_fragmentation_id;
2704 +- int old, new;
2705 ++ int ident;
2706 +
2707 + #if IS_ENABLED(CONFIG_IPV6)
2708 + if (rt && !(rt->dst.flags & DST_NOPEER)) {
2709 +@@ -25,13 +25,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
2710 + }
2711 + }
2712 + #endif
2713 +- do {
2714 +- old = atomic_read(&ipv6_fragmentation_id);
2715 +- new = old + 1;
2716 +- if (!new)
2717 +- new = 1;
2718 +- } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
2719 +- fhdr->identification = htonl(new);
2720 ++ ident = atomic_inc_return(&ipv6_fragmentation_id);
2721 ++ fhdr->identification = htonl(ident);
2722 + }
2723 + EXPORT_SYMBOL(ipv6_select_ident);
2724 +
2725 +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
2726 +index 620d326e8fdd..540d58921007 100644
2727 +--- a/net/ipv6/sit.c
2728 ++++ b/net/ipv6/sit.c
2729 +@@ -530,12 +530,12 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
2730 +
2731 + if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
2732 + ipv4_update_pmtu(skb, dev_net(skb->dev), info,
2733 +- t->dev->ifindex, 0, IPPROTO_IPV6, 0);
2734 ++ t->parms.link, 0, IPPROTO_IPV6, 0);
2735 + err = 0;
2736 + goto out;
2737 + }
2738 + if (type == ICMP_REDIRECT) {
2739 +- ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
2740 ++ ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
2741 + IPPROTO_IPV6, 0);
2742 + err = 0;
2743 + goto out;
2744 +@@ -1654,4 +1654,5 @@ xfrm_tunnel_failed:
2745 + module_init(sit_init);
2746 + module_exit(sit_cleanup);
2747 + MODULE_LICENSE("GPL");
2748 ++MODULE_ALIAS_RTNL_LINK("sit");
2749 + MODULE_ALIAS_NETDEV("sit0");
2750 +diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
2751 +index 514e90f470bf..2c64ab27b515 100644
2752 +--- a/net/mac80211/iface.c
2753 ++++ b/net/mac80211/iface.c
2754 +@@ -1746,7 +1746,6 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
2755 + }
2756 + mutex_unlock(&local->iflist_mtx);
2757 + unregister_netdevice_many(&unreg_list);
2758 +- list_del(&unreg_list);
2759 +
2760 + list_for_each_entry_safe(sdata, tmp, &wdev_list, list) {
2761 + list_del(&sdata->list);
2762 +diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
2763 +index 572d87dc116f..0a03662bfbef 100644
2764 +--- a/net/netfilter/nfnetlink.c
2765 ++++ b/net/netfilter/nfnetlink.c
2766 +@@ -147,7 +147,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2767 + const struct nfnetlink_subsystem *ss;
2768 + int type, err;
2769 +
2770 +- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2771 ++ if (!netlink_net_capable(skb, CAP_NET_ADMIN))
2772 + return -EPERM;
2773 +
2774 + /* All the messages must at least contain nfgenmsg */
2775 +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
2776 +index c9c2a8441d32..be34adde692f 100644
2777 +--- a/net/netlink/af_netlink.c
2778 ++++ b/net/netlink/af_netlink.c
2779 +@@ -1219,7 +1219,74 @@ retry:
2780 + return err;
2781 + }
2782 +
2783 +-static inline int netlink_capable(const struct socket *sock, unsigned int flag)
2784 ++/**
2785 ++ * __netlink_ns_capable - General netlink message capability test
2786 ++ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
2787 ++ * @user_ns: The user namespace of the capability to use
2788 ++ * @cap: The capability to use
2789 ++ *
2790 ++ * Test to see if the opener of the socket we received the message
2791 ++ * from had when the netlink socket was created and the sender of the
2792 ++ * message has has the capability @cap in the user namespace @user_ns.
2793 ++ */
2794 ++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
2795 ++ struct user_namespace *user_ns, int cap)
2796 ++{
2797 ++ return ((nsp->flags & NETLINK_SKB_DST) ||
2798 ++ file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) &&
2799 ++ ns_capable(user_ns, cap);
2800 ++}
2801 ++EXPORT_SYMBOL(__netlink_ns_capable);
2802 ++
2803 ++/**
2804 ++ * netlink_ns_capable - General netlink message capability test
2805 ++ * @skb: socket buffer holding a netlink command from userspace
2806 ++ * @user_ns: The user namespace of the capability to use
2807 ++ * @cap: The capability to use
2808 ++ *
2809 ++ * Test to see if the opener of the socket we received the message
2810 ++ * from had when the netlink socket was created and the sender of the
2811 ++ * message has has the capability @cap in the user namespace @user_ns.
2812 ++ */
2813 ++bool netlink_ns_capable(const struct sk_buff *skb,
2814 ++ struct user_namespace *user_ns, int cap)
2815 ++{
2816 ++ return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
2817 ++}
2818 ++EXPORT_SYMBOL(netlink_ns_capable);
2819 ++
2820 ++/**
2821 ++ * netlink_capable - Netlink global message capability test
2822 ++ * @skb: socket buffer holding a netlink command from userspace
2823 ++ * @cap: The capability to use
2824 ++ *
2825 ++ * Test to see if the opener of the socket we received the message
2826 ++ * from had when the netlink socket was created and the sender of the
2827 ++ * message has has the capability @cap in all user namespaces.
2828 ++ */
2829 ++bool netlink_capable(const struct sk_buff *skb, int cap)
2830 ++{
2831 ++ return netlink_ns_capable(skb, &init_user_ns, cap);
2832 ++}
2833 ++EXPORT_SYMBOL(netlink_capable);
2834 ++
2835 ++/**
2836 ++ * netlink_net_capable - Netlink network namespace message capability test
2837 ++ * @skb: socket buffer holding a netlink command from userspace
2838 ++ * @cap: The capability to use
2839 ++ *
2840 ++ * Test to see if the opener of the socket we received the message
2841 ++ * from had when the netlink socket was created and the sender of the
2842 ++ * message has has the capability @cap over the network namespace of
2843 ++ * the socket we received the message from.
2844 ++ */
2845 ++bool netlink_net_capable(const struct sk_buff *skb, int cap)
2846 ++{
2847 ++ return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
2848 ++}
2849 ++EXPORT_SYMBOL(netlink_net_capable);
2850 ++
2851 ++static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
2852 + {
2853 + return (nl_table[sock->sk->sk_protocol].flags & flag) ||
2854 + ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
2855 +@@ -1287,7 +1354,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
2856 +
2857 + /* Only superuser is allowed to listen multicasts */
2858 + if (nladdr->nl_groups) {
2859 +- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
2860 ++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
2861 + return -EPERM;
2862 + err = netlink_realloc_groups(sk);
2863 + if (err)
2864 +@@ -1349,7 +1416,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
2865 + return -EINVAL;
2866 +
2867 + /* Only superuser is allowed to send multicasts */
2868 +- if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
2869 ++ if (nladdr->nl_groups && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
2870 + return -EPERM;
2871 +
2872 + if (!nlk->portid)
2873 +@@ -1921,7 +1988,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
2874 + break;
2875 + case NETLINK_ADD_MEMBERSHIP:
2876 + case NETLINK_DROP_MEMBERSHIP: {
2877 +- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
2878 ++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
2879 + return -EPERM;
2880 + err = netlink_realloc_groups(sk);
2881 + if (err)
2882 +@@ -2053,6 +2120,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2883 + struct sk_buff *skb;
2884 + int err;
2885 + struct scm_cookie scm;
2886 ++ u32 netlink_skb_flags = 0;
2887 +
2888 + if (msg->msg_flags&MSG_OOB)
2889 + return -EOPNOTSUPP;
2890 +@@ -2072,8 +2140,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2891 + dst_group = ffs(addr->nl_groups);
2892 + err = -EPERM;
2893 + if ((dst_group || dst_portid) &&
2894 +- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
2895 ++ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
2896 + goto out;
2897 ++ netlink_skb_flags |= NETLINK_SKB_DST;
2898 + } else {
2899 + dst_portid = nlk->dst_portid;
2900 + dst_group = nlk->dst_group;
2901 +@@ -2103,6 +2172,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2902 + NETLINK_CB(skb).portid = nlk->portid;
2903 + NETLINK_CB(skb).dst_group = dst_group;
2904 + NETLINK_CB(skb).creds = siocb->scm->creds;
2905 ++ NETLINK_CB(skb).flags = netlink_skb_flags;
2906 +
2907 + err = -EFAULT;
2908 + if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
2909 +diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
2910 +index 393f17eea1a2..ade434b8abd8 100644
2911 +--- a/net/netlink/genetlink.c
2912 ++++ b/net/netlink/genetlink.c
2913 +@@ -592,7 +592,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
2914 + return -EOPNOTSUPP;
2915 +
2916 + if ((ops->flags & GENL_ADMIN_PERM) &&
2917 +- !capable(CAP_NET_ADMIN))
2918 ++ !netlink_capable(skb, CAP_NET_ADMIN))
2919 + return -EPERM;
2920 +
2921 + if (nlh->nlmsg_flags & NLM_F_DUMP) {
2922 +diff --git a/net/packet/diag.c b/net/packet/diag.c
2923 +index ec8b6e8a80b1..674b0a65df6c 100644
2924 +--- a/net/packet/diag.c
2925 ++++ b/net/packet/diag.c
2926 +@@ -127,6 +127,7 @@ static int pdiag_put_fanout(struct packet_sock *po, struct sk_buff *nlskb)
2927 +
2928 + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
2929 + struct packet_diag_req *req,
2930 ++ bool may_report_filterinfo,
2931 + struct user_namespace *user_ns,
2932 + u32 portid, u32 seq, u32 flags, int sk_ino)
2933 + {
2934 +@@ -171,7 +172,8 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
2935 + goto out_nlmsg_trim;
2936 +
2937 + if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
2938 +- sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER))
2939 ++ sock_diag_put_filterinfo(may_report_filterinfo, sk, skb,
2940 ++ PACKET_DIAG_FILTER))
2941 + goto out_nlmsg_trim;
2942 +
2943 + return nlmsg_end(skb, nlh);
2944 +@@ -187,9 +189,11 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
2945 + struct packet_diag_req *req;
2946 + struct net *net;
2947 + struct sock *sk;
2948 ++ bool may_report_filterinfo;
2949 +
2950 + net = sock_net(skb->sk);
2951 + req = nlmsg_data(cb->nlh);
2952 ++ may_report_filterinfo = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
2953 +
2954 + mutex_lock(&net->packet.sklist_lock);
2955 + sk_for_each(sk, &net->packet.sklist) {
2956 +@@ -199,6 +203,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
2957 + goto next;
2958 +
2959 + if (sk_diag_fill(sk, skb, req,
2960 ++ may_report_filterinfo,
2961 + sk_user_ns(NETLINK_CB(cb->skb).sk),
2962 + NETLINK_CB(cb->skb).portid,
2963 + cb->nlh->nlmsg_seq, NLM_F_MULTI,
2964 +diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
2965 +index dc15f4300808..b64151ade6b3 100644
2966 +--- a/net/phonet/pn_netlink.c
2967 ++++ b/net/phonet/pn_netlink.c
2968 +@@ -70,10 +70,10 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
2969 + int err;
2970 + u8 pnaddr;
2971 +
2972 +- if (!capable(CAP_NET_ADMIN))
2973 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2974 + return -EPERM;
2975 +
2976 +- if (!capable(CAP_SYS_ADMIN))
2977 ++ if (!netlink_capable(skb, CAP_SYS_ADMIN))
2978 + return -EPERM;
2979 +
2980 + ASSERT_RTNL();
2981 +@@ -233,10 +233,10 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
2982 + int err;
2983 + u8 dst;
2984 +
2985 +- if (!capable(CAP_NET_ADMIN))
2986 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
2987 + return -EPERM;
2988 +
2989 +- if (!capable(CAP_SYS_ADMIN))
2990 ++ if (!netlink_capable(skb, CAP_SYS_ADMIN))
2991 + return -EPERM;
2992 +
2993 + ASSERT_RTNL();
2994 +diff --git a/net/sched/act_api.c b/net/sched/act_api.c
2995 +index fd7072827a40..15d46b9166de 100644
2996 +--- a/net/sched/act_api.c
2997 ++++ b/net/sched/act_api.c
2998 +@@ -989,7 +989,7 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n)
2999 + u32 portid = skb ? NETLINK_CB(skb).portid : 0;
3000 + int ret = 0, ovr = 0;
3001 +
3002 +- if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN))
3003 ++ if ((n->nlmsg_type != RTM_GETACTION) && !netlink_capable(skb, CAP_NET_ADMIN))
3004 + return -EPERM;
3005 +
3006 + ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
3007 +diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
3008 +index 8e118af90973..2ea40d1877a6 100644
3009 +--- a/net/sched/cls_api.c
3010 ++++ b/net/sched/cls_api.c
3011 +@@ -138,7 +138,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
3012 + int err;
3013 + int tp_created = 0;
3014 +
3015 +- if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN))
3016 ++ if ((n->nlmsg_type != RTM_GETTFILTER) && !netlink_capable(skb, CAP_NET_ADMIN))
3017 + return -EPERM;
3018 +
3019 + replay:
3020 +diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
3021 +index 51b968d3febb..2d2f07945c85 100644
3022 +--- a/net/sched/sch_api.c
3023 ++++ b/net/sched/sch_api.c
3024 +@@ -1024,7 +1024,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
3025 + struct Qdisc *p = NULL;
3026 + int err;
3027 +
3028 +- if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN))
3029 ++ if ((n->nlmsg_type != RTM_GETQDISC) && !netlink_capable(skb, CAP_NET_ADMIN))
3030 + return -EPERM;
3031 +
3032 + err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
3033 +@@ -1091,7 +1091,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
3034 + struct Qdisc *q, *p;
3035 + int err;
3036 +
3037 +- if (!capable(CAP_NET_ADMIN))
3038 ++ if (!netlink_capable(skb, CAP_NET_ADMIN))
3039 + return -EPERM;
3040 +
3041 + replay:
3042 +@@ -1431,7 +1431,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n)
3043 + u32 qid;
3044 + int err;
3045 +
3046 +- if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN))
3047 ++ if ((n->nlmsg_type != RTM_GETTCLASS) && !netlink_capable(skb, CAP_NET_ADMIN))
3048 + return -EPERM;
3049 +
3050 + err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
3051 +diff --git a/net/sctp/associola.c b/net/sctp/associola.c
3052 +index 91cfd8f94a19..229b3c3fb6c9 100644
3053 +--- a/net/sctp/associola.c
3054 ++++ b/net/sctp/associola.c
3055 +@@ -387,7 +387,7 @@ void sctp_association_free(struct sctp_association *asoc)
3056 + /* Only real associations count against the endpoint, so
3057 + * don't bother for if this is a temporary association.
3058 + */
3059 +- if (!asoc->temp) {
3060 ++ if (!list_empty(&asoc->asocs)) {
3061 + list_del(&asoc->asocs);
3062 +
3063 + /* Decrement the backlog value for a TCP-style listening
3064 +diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
3065 +index 8bcd4985d0fb..1e6081fb6078 100644
3066 +--- a/net/tipc/netlink.c
3067 ++++ b/net/tipc/netlink.c
3068 +@@ -47,7 +47,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
3069 + int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN);
3070 + u16 cmd;
3071 +
3072 +- if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN)))
3073 ++ if ((req_userhdr->cmd & 0xC000) && (!netlink_capable(skb, CAP_NET_ADMIN)))
3074 + cmd = TIPC_CMD_NOT_NET_ADMIN;
3075 + else
3076 + cmd = req_userhdr->cmd;
3077 +diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
3078 +index 3f565e495ac6..7a70a5a5671a 100644
3079 +--- a/net/xfrm/xfrm_user.c
3080 ++++ b/net/xfrm/xfrm_user.c
3081 +@@ -2362,7 +2362,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
3082 + link = &xfrm_dispatch[type];
3083 +
3084 + /* All operations require privileges, even GET */
3085 +- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
3086 ++ if (!netlink_net_capable(skb, CAP_NET_ADMIN))
3087 + return -EPERM;
3088 +
3089 + if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
3090 +diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
3091 +index cdbde1762189..b9b2bebeb350 100644
3092 +--- a/security/integrity/evm/evm_main.c
3093 ++++ b/security/integrity/evm/evm_main.c
3094 +@@ -275,12 +275,20 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
3095 + * @xattr_value: pointer to the new extended attribute value
3096 + * @xattr_value_len: pointer to the new extended attribute value length
3097 + *
3098 +- * Updating 'security.evm' requires CAP_SYS_ADMIN privileges and that
3099 +- * the current value is valid.
3100 ++ * Before allowing the 'security.evm' protected xattr to be updated,
3101 ++ * verify the existing value is valid. As only the kernel should have
3102 ++ * access to the EVM encrypted key needed to calculate the HMAC, prevent
3103 ++ * userspace from writing HMAC value. Writing 'security.evm' requires
3104 ++ * requires CAP_SYS_ADMIN privileges.
3105 + */
3106 + int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
3107 + const void *xattr_value, size_t xattr_value_len)
3108 + {
3109 ++ const struct evm_ima_xattr_data *xattr_data = xattr_value;
3110 ++
3111 ++ if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
3112 ++ && (xattr_data->type == EVM_XATTR_HMAC))
3113 ++ return -EPERM;
3114 + return evm_protect_xattr(dentry, xattr_name, xattr_value,
3115 + xattr_value_len);
3116 + }
3117 +diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
3118 +index a02e0791cf15..9da974c0f958 100644
3119 +--- a/security/integrity/ima/ima_crypto.c
3120 ++++ b/security/integrity/ima/ima_crypto.c
3121 +@@ -24,6 +24,36 @@
3122 +
3123 + static struct crypto_shash *ima_shash_tfm;
3124 +
3125 ++/**
3126 ++ * ima_kernel_read - read file content
3127 ++ *
3128 ++ * This is a function for reading file content instead of kernel_read().
3129 ++ * It does not perform locking checks to ensure it cannot be blocked.
3130 ++ * It does not perform security checks because it is irrelevant for IMA.
3131 ++ *
3132 ++ */
3133 ++static int ima_kernel_read(struct file *file, loff_t offset,
3134 ++ char *addr, unsigned long count)
3135 ++{
3136 ++ mm_segment_t old_fs;
3137 ++ char __user *buf = addr;
3138 ++ ssize_t ret;
3139 ++
3140 ++ if (!(file->f_mode & FMODE_READ))
3141 ++ return -EBADF;
3142 ++ if (!file->f_op->read && !file->f_op->aio_read)
3143 ++ return -EINVAL;
3144 ++
3145 ++ old_fs = get_fs();
3146 ++ set_fs(get_ds());
3147 ++ if (file->f_op->read)
3148 ++ ret = file->f_op->read(file, buf, count, &offset);
3149 ++ else
3150 ++ ret = do_sync_read(file, buf, count, &offset);
3151 ++ set_fs(old_fs);
3152 ++ return ret;
3153 ++}
3154 ++
3155 + int ima_init_crypto(void)
3156 + {
3157 + long rc;
3158 +@@ -70,7 +100,7 @@ int ima_calc_file_hash(struct file *file, char *digest)
3159 + while (offset < i_size) {
3160 + int rbuf_len;
3161 +
3162 +- rbuf_len = kernel_read(file, offset, rbuf, PAGE_SIZE);
3163 ++ rbuf_len = ima_kernel_read(file, offset, rbuf, PAGE_SIZE);
3164 + if (rbuf_len < 0) {
3165 + rc = rbuf_len;
3166 + break;
3167 +diff --git a/sound/core/control.c b/sound/core/control.c
3168 +index d8aa206e8bde..98a29b26c5f4 100644
3169 +--- a/sound/core/control.c
3170 ++++ b/sound/core/control.c
3171 +@@ -289,6 +289,10 @@ static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
3172 + {
3173 + struct snd_kcontrol *kctl;
3174 +
3175 ++ /* Make sure that the ids assigned to the control do not wrap around */
3176 ++ if (card->last_numid >= UINT_MAX - count)
3177 ++ card->last_numid = 0;
3178 ++
3179 + list_for_each_entry(kctl, &card->controls, list) {
3180 + if (kctl->id.numid < card->last_numid + 1 + count &&
3181 + kctl->id.numid + kctl->count > card->last_numid + 1) {
3182 +@@ -331,6 +335,7 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
3183 + {
3184 + struct snd_ctl_elem_id id;
3185 + unsigned int idx;
3186 ++ unsigned int count;
3187 + int err = -EINVAL;
3188 +
3189 + if (! kcontrol)
3190 +@@ -338,6 +343,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
3191 + if (snd_BUG_ON(!card || !kcontrol->info))
3192 + goto error;
3193 + id = kcontrol->id;
3194 ++ if (id.index > UINT_MAX - kcontrol->count)
3195 ++ goto error;
3196 ++
3197 + down_write(&card->controls_rwsem);
3198 + if (snd_ctl_find_id(card, &id)) {
3199 + up_write(&card->controls_rwsem);
3200 +@@ -359,8 +367,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
3201 + card->controls_count += kcontrol->count;
3202 + kcontrol->id.numid = card->last_numid + 1;
3203 + card->last_numid += kcontrol->count;
3204 ++ count = kcontrol->count;
3205 + up_write(&card->controls_rwsem);
3206 +- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
3207 ++ for (idx = 0; idx < count; idx++, id.index++, id.numid++)
3208 + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
3209 + return 0;
3210 +
3211 +@@ -389,6 +398,7 @@ int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
3212 + bool add_on_replace)
3213 + {
3214 + struct snd_ctl_elem_id id;
3215 ++ unsigned int count;
3216 + unsigned int idx;
3217 + struct snd_kcontrol *old;
3218 + int ret;
3219 +@@ -424,8 +434,9 @@ add:
3220 + card->controls_count += kcontrol->count;
3221 + kcontrol->id.numid = card->last_numid + 1;
3222 + card->last_numid += kcontrol->count;
3223 ++ count = kcontrol->count;
3224 + up_write(&card->controls_rwsem);
3225 +- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
3226 ++ for (idx = 0; idx < count; idx++, id.index++, id.numid++)
3227 + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
3228 + return 0;
3229 +
3230 +@@ -898,9 +909,9 @@ static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
3231 + result = kctl->put(kctl, control);
3232 + }
3233 + if (result > 0) {
3234 ++ struct snd_ctl_elem_id id = control->id;
3235 + up_read(&card->controls_rwsem);
3236 +- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE,
3237 +- &control->id);
3238 ++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id);
3239 + return 0;
3240 + }
3241 + }
3242 +@@ -992,6 +1003,7 @@ static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
3243 +
3244 + struct user_element {
3245 + struct snd_ctl_elem_info info;
3246 ++ struct snd_card *card;
3247 + void *elem_data; /* element data */
3248 + unsigned long elem_data_size; /* size of element data in bytes */
3249 + void *tlv_data; /* TLV data */
3250 +@@ -1035,7 +1047,9 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
3251 + {
3252 + struct user_element *ue = kcontrol->private_data;
3253 +
3254 ++ mutex_lock(&ue->card->user_ctl_lock);
3255 + memcpy(&ucontrol->value, ue->elem_data, ue->elem_data_size);
3256 ++ mutex_unlock(&ue->card->user_ctl_lock);
3257 + return 0;
3258 + }
3259 +
3260 +@@ -1044,10 +1058,12 @@ static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
3261 + {
3262 + int change;
3263 + struct user_element *ue = kcontrol->private_data;
3264 +-
3265 ++
3266 ++ mutex_lock(&ue->card->user_ctl_lock);
3267 + change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0;
3268 + if (change)
3269 + memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size);
3270 ++ mutex_unlock(&ue->card->user_ctl_lock);
3271 + return change;
3272 + }
3273 +
3274 +@@ -1067,19 +1083,32 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol,
3275 + new_data = memdup_user(tlv, size);
3276 + if (IS_ERR(new_data))
3277 + return PTR_ERR(new_data);
3278 ++ mutex_lock(&ue->card->user_ctl_lock);
3279 + change = ue->tlv_data_size != size;
3280 + if (!change)
3281 + change = memcmp(ue->tlv_data, new_data, size);
3282 + kfree(ue->tlv_data);
3283 + ue->tlv_data = new_data;
3284 + ue->tlv_data_size = size;
3285 ++ mutex_unlock(&ue->card->user_ctl_lock);
3286 + } else {
3287 +- if (! ue->tlv_data_size || ! ue->tlv_data)
3288 +- return -ENXIO;
3289 +- if (size < ue->tlv_data_size)
3290 +- return -ENOSPC;
3291 ++ int ret = 0;
3292 ++
3293 ++ mutex_lock(&ue->card->user_ctl_lock);
3294 ++ if (!ue->tlv_data_size || !ue->tlv_data) {
3295 ++ ret = -ENXIO;
3296 ++ goto err_unlock;
3297 ++ }
3298 ++ if (size < ue->tlv_data_size) {
3299 ++ ret = -ENOSPC;
3300 ++ goto err_unlock;
3301 ++ }
3302 + if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size))
3303 +- return -EFAULT;
3304 ++ ret = -EFAULT;
3305 ++err_unlock:
3306 ++ mutex_unlock(&ue->card->user_ctl_lock);
3307 ++ if (ret)
3308 ++ return ret;
3309 + }
3310 + return change;
3311 + }
3312 +@@ -1137,8 +1166,6 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
3313 + struct user_element *ue;
3314 + int idx, err;
3315 +
3316 +- if (!replace && card->user_ctl_count >= MAX_USER_CONTROLS)
3317 +- return -ENOMEM;
3318 + if (info->count < 1)
3319 + return -EINVAL;
3320 + access = info->access == 0 ? SNDRV_CTL_ELEM_ACCESS_READWRITE :
3321 +@@ -1147,21 +1174,16 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
3322 + SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE));
3323 + info->id.numid = 0;
3324 + memset(&kctl, 0, sizeof(kctl));
3325 +- down_write(&card->controls_rwsem);
3326 +- _kctl = snd_ctl_find_id(card, &info->id);
3327 +- err = 0;
3328 +- if (_kctl) {
3329 +- if (replace)
3330 +- err = snd_ctl_remove(card, _kctl);
3331 +- else
3332 +- err = -EBUSY;
3333 +- } else {
3334 +- if (replace)
3335 +- err = -ENOENT;
3336 ++
3337 ++ if (replace) {
3338 ++ err = snd_ctl_remove_user_ctl(file, &info->id);
3339 ++ if (err)
3340 ++ return err;
3341 + }
3342 +- up_write(&card->controls_rwsem);
3343 +- if (err < 0)
3344 +- return err;
3345 ++
3346 ++ if (card->user_ctl_count >= MAX_USER_CONTROLS)
3347 ++ return -ENOMEM;
3348 ++
3349 + memcpy(&kctl.id, &info->id, sizeof(info->id));
3350 + kctl.count = info->owner ? info->owner : 1;
3351 + access |= SNDRV_CTL_ELEM_ACCESS_USER;
3352 +@@ -1211,6 +1233,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
3353 + ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL);
3354 + if (ue == NULL)
3355 + return -ENOMEM;
3356 ++ ue->card = card;
3357 + ue->info = *info;
3358 + ue->info.access = 0;
3359 + ue->elem_data = (char *)ue + sizeof(*ue);
3360 +@@ -1322,8 +1345,9 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
3361 + }
3362 + err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv);
3363 + if (err > 0) {
3364 ++ struct snd_ctl_elem_id id = kctl->id;
3365 + up_read(&card->controls_rwsem);
3366 +- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id);
3367 ++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &id);
3368 + return 0;
3369 + }
3370 + } else {
3371 +diff --git a/sound/core/init.c b/sound/core/init.c
3372 +index 6ef06400dfc8..27791a58e448 100644
3373 +--- a/sound/core/init.c
3374 ++++ b/sound/core/init.c
3375 +@@ -208,6 +208,7 @@ int snd_card_create(int idx, const char *xid,
3376 + INIT_LIST_HEAD(&card->devices);
3377 + init_rwsem(&card->controls_rwsem);
3378 + rwlock_init(&card->ctl_files_rwlock);
3379 ++ mutex_init(&card->user_ctl_lock);
3380 + INIT_LIST_HEAD(&card->controls);
3381 + INIT_LIST_HEAD(&card->ctl_files);
3382 + spin_lock_init(&card->files_lock);
3383 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
3384 +index 0923f09df503..0b85e857f1c7 100644
3385 +--- a/sound/pci/hda/patch_realtek.c
3386 ++++ b/sound/pci/hda/patch_realtek.c
3387 +@@ -3356,6 +3356,7 @@ enum {
3388 + ALC269_FIXUP_STEREO_DMIC,
3389 + ALC269_FIXUP_QUANTA_MUTE,
3390 + ALC269_FIXUP_LIFEBOOK,
3391 ++ ALC269_FIXUP_LIFEBOOK_EXTMIC,
3392 + ALC269_FIXUP_AMIC,
3393 + ALC269_FIXUP_DMIC,
3394 + ALC269VB_FIXUP_AMIC,
3395 +@@ -3463,6 +3464,13 @@ static const struct hda_fixup alc269_fixups[] = {
3396 + .chained = true,
3397 + .chain_id = ALC269_FIXUP_QUANTA_MUTE
3398 + },
3399 ++ [ALC269_FIXUP_LIFEBOOK_EXTMIC] = {
3400 ++ .type = HDA_FIXUP_PINS,
3401 ++ .v.pins = (const struct hda_pintbl[]) {
3402 ++ { 0x19, 0x01a1903c }, /* headset mic, with jack detect */
3403 ++ { }
3404 ++ },
3405 ++ },
3406 + [ALC269_FIXUP_AMIC] = {
3407 + .type = HDA_FIXUP_PINS,
3408 + .v.pins = (const struct hda_pintbl[]) {
3409 +@@ -3713,6 +3721,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
3410 + SND_PCI_QUIRK(0x1025, 0x0742, "Acer AO756", ALC271_FIXUP_HP_GATE_MIC_JACK),
3411 + SND_PCI_QUIRK_VENDOR(0x1025, "Acer Aspire", ALC271_FIXUP_DMIC),
3412 + SND_PCI_QUIRK(0x10cf, 0x1475, "Lifebook", ALC269_FIXUP_LIFEBOOK),
3413 ++ SND_PCI_QUIRK(0x10cf, 0x1845, "Lifebook U904", ALC269_FIXUP_LIFEBOOK_EXTMIC),
3414 + SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE),
3415 + SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE),
3416 + SND_PCI_QUIRK(0x17aa, 0x21b8, "Thinkpad Edge 14", ALC269_FIXUP_SKU_IGNORE),
3417 +@@ -4664,6 +4673,7 @@ static const struct hda_codec_preset snd_hda_preset_realtek[] = {
3418 + { .id = 0x10ec0670, .name = "ALC670", .patch = patch_alc662 },
3419 + { .id = 0x10ec0671, .name = "ALC671", .patch = patch_alc662 },
3420 + { .id = 0x10ec0680, .name = "ALC680", .patch = patch_alc680 },
3421 ++ { .id = 0x10ec0867, .name = "ALC891", .patch = patch_alc882 },
3422 + { .id = 0x10ec0880, .name = "ALC880", .patch = patch_alc880 },
3423 + { .id = 0x10ec0882, .name = "ALC882", .patch = patch_alc882 },
3424 + { .id = 0x10ec0883, .name = "ALC883", .patch = patch_alc882 },
3425 +diff --git a/sound/soc/codecs/max98090.c b/sound/soc/codecs/max98090.c
3426 +index 4fdcc1cefc25..9b7746c9546f 100644
3427 +--- a/sound/soc/codecs/max98090.c
3428 ++++ b/sound/soc/codecs/max98090.c
3429 +@@ -255,6 +255,7 @@ static struct reg_default max98090_reg[] = {
3430 + static bool max98090_volatile_register(struct device *dev, unsigned int reg)
3431 + {
3432 + switch (reg) {
3433 ++ case M98090_REG_SOFTWARE_RESET:
3434 + case M98090_REG_DEVICE_STATUS:
3435 + case M98090_REG_JACK_STATUS:
3436 + case M98090_REG_REVISION_ID:
3437 +@@ -2343,6 +2344,8 @@ static int max98090_runtime_resume(struct device *dev)
3438 +
3439 + regcache_cache_only(max98090->regmap, false);
3440 +
3441 ++ max98090_reset(max98090);
3442 ++
3443 + regcache_sync(max98090->regmap);
3444 +
3445 + return 0;
Report Message
Find on MARC Find on Google Groups