Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.6/, 4.2.7/
Date: Sat, 12 Dec 2015 08:59:00
Message-Id: 1449911161.55085213bb0871c830884175b80c5e4a12169d97.blueness@gentoo
1 commit: 55085213bb0871c830884175b80c5e4a12169d97
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Dec 12 09:06:01 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Dec 12 09:06:01 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=55085213
7
8 grsecurity-3.1-4.2.7-201512092320
9
10 {4.2.6 => 4.2.7}/0000_README | 6 +-
11 4.2.7/1006_linux-4.2.7.patch | 4131 ++++++++++++++++++++
12 .../4420_grsecurity-3.1-4.2.7-201512092320.patch | 3288 +++++++++++++---
13 {4.2.6 => 4.2.7}/4425_grsec_remove_EI_PAX.patch | 0
14 {4.2.6 => 4.2.7}/4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {4.2.6 => 4.2.7}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 {4.2.6 => 4.2.7}/4470_disable-compat_vdso.patch | 0
21 {4.2.6 => 4.2.7}/4475_emutramp_default_on.patch | 0
22 12 files changed, 6777 insertions(+), 648 deletions(-)
23
24 diff --git a/4.2.6/0000_README b/4.2.7/0000_README
25 similarity index 92%
26 rename from 4.2.6/0000_README
27 rename to 4.2.7/0000_README
28 index ec4db38..8a09897 100644
29 --- a/4.2.6/0000_README
30 +++ b/4.2.7/0000_README
31 @@ -2,7 +2,11 @@ README
32 -----------------------------------------------------------------------------
33 Individual Patch Descriptions:
34 -----------------------------------------------------------------------------
35 -Patch: 4420_grsecurity-3.1-4.2.6-201512051918.patch
36 +Patch: 1006_linux-4.2.7.patch
37 +From: http://www.kernel.org
38 +Desc: Linux 4.2.7
39 +
40 +Patch: 4420_grsecurity-3.1-4.2.7-201512092320.patch
41 From: http://www.grsecurity.net
42 Desc: hardened-sources base patch from upstream grsecurity
43
44
45 diff --git a/4.2.7/1006_linux-4.2.7.patch b/4.2.7/1006_linux-4.2.7.patch
46 new file mode 100644
47 index 0000000..ba25fa7
48 --- /dev/null
49 +++ b/4.2.7/1006_linux-4.2.7.patch
50 @@ -0,0 +1,4131 @@
51 +diff --git a/Documentation/devicetree/bindings/usb/dwc3.txt b/Documentation/devicetree/bindings/usb/dwc3.txt
52 +index 0815eac..e12f344 100644
53 +--- a/Documentation/devicetree/bindings/usb/dwc3.txt
54 ++++ b/Documentation/devicetree/bindings/usb/dwc3.txt
55 +@@ -35,6 +35,8 @@ Optional properties:
56 + LTSSM during USB3 Compliance mode.
57 + - snps,dis_u3_susphy_quirk: when set core will disable USB3 suspend phy.
58 + - snps,dis_u2_susphy_quirk: when set core will disable USB2 suspend phy.
59 ++ - snps,dis_enblslpm_quirk: when set clears the enblslpm in GUSB2PHYCFG,
60 ++ disabling the suspend signal to the PHY.
61 + - snps,is-utmi-l1-suspend: true when DWC3 asserts output signal
62 + utmi_l1_suspend_n, false when asserts utmi_sleep_n
63 + - snps,hird-threshold: HIRD threshold
64 +diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
65 +index 6f7fafd..3e2844e 100644
66 +--- a/Documentation/filesystems/proc.txt
67 ++++ b/Documentation/filesystems/proc.txt
68 +@@ -140,7 +140,8 @@ Table 1-1: Process specific entries in /proc
69 + stat Process status
70 + statm Process memory status information
71 + status Process status in human readable form
72 +- wchan If CONFIG_KALLSYMS is set, a pre-decoded wchan
73 ++ wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function
74 ++ symbol the task is blocked in - or "0" if not blocked.
75 + pagemap Page table
76 + stack Report full stack trace, enable via CONFIG_STACKTRACE
77 + smaps a extension based on maps, showing the memory consumption of
78 +@@ -310,7 +311,7 @@ Table 1-4: Contents of the stat files (as of 2.6.30-rc7)
79 + blocked bitmap of blocked signals
80 + sigign bitmap of ignored signals
81 + sigcatch bitmap of caught signals
82 +- wchan address where process went to sleep
83 ++ 0 (place holder, used to be the wchan address, use /proc/PID/wchan instead)
84 + 0 (place holder)
85 + 0 (place holder)
86 + exit_signal signal to send to parent thread on exit
87 +diff --git a/Makefile b/Makefile
88 +index 9ef3739..f5014ea 100644
89 +--- a/Makefile
90 ++++ b/Makefile
91 +@@ -1,6 +1,6 @@
92 + VERSION = 4
93 + PATCHLEVEL = 2
94 +-SUBLEVEL = 6
95 ++SUBLEVEL = 7
96 + EXTRAVERSION =
97 + NAME = Hurr durr I'ma sheep
98 +
99 +diff --git a/arch/arm/boot/dts/imx27.dtsi b/arch/arm/boot/dts/imx27.dtsi
100 +index b69be5c..8c603fd 100644
101 +--- a/arch/arm/boot/dts/imx27.dtsi
102 ++++ b/arch/arm/boot/dts/imx27.dtsi
103 +@@ -477,7 +477,10 @@
104 + compatible = "fsl,imx27-usb";
105 + reg = <0x10024000 0x200>;
106 + interrupts = <56>;
107 +- clocks = <&clks IMX27_CLK_USB_IPG_GATE>;
108 ++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>,
109 ++ <&clks IMX27_CLK_USB_AHB_GATE>,
110 ++ <&clks IMX27_CLK_USB_DIV>;
111 ++ clock-names = "ipg", "ahb", "per";
112 + fsl,usbmisc = <&usbmisc 0>;
113 + status = "disabled";
114 + };
115 +@@ -486,7 +489,10 @@
116 + compatible = "fsl,imx27-usb";
117 + reg = <0x10024200 0x200>;
118 + interrupts = <54>;
119 +- clocks = <&clks IMX27_CLK_USB_IPG_GATE>;
120 ++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>,
121 ++ <&clks IMX27_CLK_USB_AHB_GATE>,
122 ++ <&clks IMX27_CLK_USB_DIV>;
123 ++ clock-names = "ipg", "ahb", "per";
124 + fsl,usbmisc = <&usbmisc 1>;
125 + dr_mode = "host";
126 + status = "disabled";
127 +@@ -496,7 +502,10 @@
128 + compatible = "fsl,imx27-usb";
129 + reg = <0x10024400 0x200>;
130 + interrupts = <55>;
131 +- clocks = <&clks IMX27_CLK_USB_IPG_GATE>;
132 ++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>,
133 ++ <&clks IMX27_CLK_USB_AHB_GATE>,
134 ++ <&clks IMX27_CLK_USB_DIV>;
135 ++ clock-names = "ipg", "ahb", "per";
136 + fsl,usbmisc = <&usbmisc 2>;
137 + dr_mode = "host";
138 + status = "disabled";
139 +@@ -506,7 +515,6 @@
140 + #index-cells = <1>;
141 + compatible = "fsl,imx27-usbmisc";
142 + reg = <0x10024600 0x200>;
143 +- clocks = <&clks IMX27_CLK_USB_AHB_GATE>;
144 + };
145 +
146 + sahara2: sahara@10025000 {
147 +diff --git a/arch/arm/boot/dts/omap5-uevm.dts b/arch/arm/boot/dts/omap5-uevm.dts
148 +index 5771a14..23d645d 100644
149 +--- a/arch/arm/boot/dts/omap5-uevm.dts
150 ++++ b/arch/arm/boot/dts/omap5-uevm.dts
151 +@@ -31,6 +31,24 @@
152 + regulator-max-microvolt = <3000000>;
153 + };
154 +
155 ++ mmc3_pwrseq: sdhci0_pwrseq {
156 ++ compatible = "mmc-pwrseq-simple";
157 ++ clocks = <&clk32kgaudio>;
158 ++ clock-names = "ext_clock";
159 ++ };
160 ++
161 ++ vmmcsdio_fixed: fixedregulator-mmcsdio {
162 ++ compatible = "regulator-fixed";
163 ++ regulator-name = "vmmcsdio_fixed";
164 ++ regulator-min-microvolt = <1800000>;
165 ++ regulator-max-microvolt = <1800000>;
166 ++ gpio = <&gpio5 12 GPIO_ACTIVE_HIGH>; /* gpio140 WLAN_EN */
167 ++ enable-active-high;
168 ++ startup-delay-us = <70000>;
169 ++ pinctrl-names = "default";
170 ++ pinctrl-0 = <&wlan_pins>;
171 ++ };
172 ++
173 + /* HS USB Host PHY on PORT 2 */
174 + hsusb2_phy: hsusb2_phy {
175 + compatible = "usb-nop-xceiv";
176 +@@ -197,12 +215,20 @@
177 + >;
178 + };
179 +
180 +- mcspi4_pins: pinmux_mcspi4_pins {
181 ++ mmc3_pins: pinmux_mmc3_pins {
182 ++ pinctrl-single,pins = <
183 ++ OMAP5_IOPAD(0x01a4, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_clk */
184 ++ OMAP5_IOPAD(0x01a6, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_cmd */
185 ++ OMAP5_IOPAD(0x01a8, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data0 */
186 ++ OMAP5_IOPAD(0x01aa, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data1 */
187 ++ OMAP5_IOPAD(0x01ac, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data2 */
188 ++ OMAP5_IOPAD(0x01ae, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data3 */
189 ++ >;
190 ++ };
191 ++
192 ++ wlan_pins: pinmux_wlan_pins {
193 + pinctrl-single,pins = <
194 +- 0x164 (PIN_INPUT | MUX_MODE1) /* mcspi4_clk */
195 +- 0x168 (PIN_INPUT | MUX_MODE1) /* mcspi4_simo */
196 +- 0x16a (PIN_INPUT | MUX_MODE1) /* mcspi4_somi */
197 +- 0x16c (PIN_INPUT | MUX_MODE1) /* mcspi4_cs0 */
198 ++ OMAP5_IOPAD(0x1bc, PIN_OUTPUT | MUX_MODE6) /* mcspi1_clk.gpio5_140 */
199 + >;
200 + };
201 +
202 +@@ -276,6 +302,12 @@
203 + 0x1A (PIN_OUTPUT | MUX_MODE0) /* fref_clk1_out, USB hub clk */
204 + >;
205 + };
206 ++
207 ++ wlcore_irq_pin: pinmux_wlcore_irq_pin {
208 ++ pinctrl-single,pins = <
209 ++ OMAP5_IOPAD(0x040, WAKEUP_EN | PIN_INPUT_PULLUP | MUX_MODE6) /* llia_wakereqin.gpio1_wk14 */
210 ++ >;
211 ++ };
212 + };
213 +
214 + &mmc1 {
215 +@@ -290,8 +322,25 @@
216 + };
217 +
218 + &mmc3 {
219 ++ vmmc-supply = <&vmmcsdio_fixed>;
220 ++ mmc-pwrseq = <&mmc3_pwrseq>;
221 + bus-width = <4>;
222 +- ti,non-removable;
223 ++ non-removable;
224 ++ cap-power-off-card;
225 ++ pinctrl-names = "default";
226 ++ pinctrl-0 = <&mmc3_pins &wlcore_irq_pin>;
227 ++ interrupts-extended = <&gic GIC_SPI 94 IRQ_TYPE_LEVEL_HIGH
228 ++ &omap5_pmx_core 0x168>;
229 ++
230 ++ #address-cells = <1>;
231 ++ #size-cells = <0>;
232 ++ wlcore: wlcore@2 {
233 ++ compatible = "ti,wl1271";
234 ++ reg = <2>;
235 ++ interrupt-parent = <&gpio1>;
236 ++ interrupts = <14 IRQ_TYPE_LEVEL_HIGH>; /* gpio 14 */
237 ++ ref-clock-frequency = <26000000>;
238 ++ };
239 + };
240 +
241 + &mmc4 {
242 +@@ -591,11 +640,6 @@
243 + pinctrl-0 = <&mcspi3_pins>;
244 + };
245 +
246 +-&mcspi4 {
247 +- pinctrl-names = "default";
248 +- pinctrl-0 = <&mcspi4_pins>;
249 +-};
250 +-
251 + &uart1 {
252 + pinctrl-names = "default";
253 + pinctrl-0 = <&uart1_pins>;
254 +diff --git a/arch/arm/boot/dts/sama5d4.dtsi b/arch/arm/boot/dts/sama5d4.dtsi
255 +index 3ee22ee..1ba10e4 100644
256 +--- a/arch/arm/boot/dts/sama5d4.dtsi
257 ++++ b/arch/arm/boot/dts/sama5d4.dtsi
258 +@@ -939,11 +939,11 @@
259 + reg = <0xf8018000 0x4000>;
260 + interrupts = <33 IRQ_TYPE_LEVEL_HIGH 6>;
261 + dmas = <&dma1
262 +- (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1))
263 +- AT91_XDMAC_DT_PERID(4)>,
264 ++ (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1)
265 ++ | AT91_XDMAC_DT_PERID(4))>,
266 + <&dma1
267 +- (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1))
268 +- AT91_XDMAC_DT_PERID(5)>;
269 ++ (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1)
270 ++ | AT91_XDMAC_DT_PERID(5))>;
271 + dma-names = "tx", "rx";
272 + pinctrl-names = "default";
273 + pinctrl-0 = <&pinctrl_i2c1>;
274 +diff --git a/arch/arm/boot/dts/sun6i-a31-hummingbird.dts b/arch/arm/boot/dts/sun6i-a31-hummingbird.dts
275 +index d0cfada..18f26ca 100644
276 +--- a/arch/arm/boot/dts/sun6i-a31-hummingbird.dts
277 ++++ b/arch/arm/boot/dts/sun6i-a31-hummingbird.dts
278 +@@ -184,18 +184,18 @@
279 + regulator-name = "vcc-3v0";
280 + };
281 +
282 +- vdd_cpu: dcdc2 {
283 ++ vdd_gpu: dcdc2 {
284 + regulator-always-on;
285 + regulator-min-microvolt = <700000>;
286 + regulator-max-microvolt = <1320000>;
287 +- regulator-name = "vdd-cpu";
288 ++ regulator-name = "vdd-gpu";
289 + };
290 +
291 +- vdd_gpu: dcdc3 {
292 ++ vdd_cpu: dcdc3 {
293 + regulator-always-on;
294 + regulator-min-microvolt = <700000>;
295 + regulator-max-microvolt = <1320000>;
296 +- regulator-name = "vdd-gpu";
297 ++ regulator-name = "vdd-cpu";
298 + };
299 +
300 + vdd_sys_dll: dcdc4 {
301 +diff --git a/arch/arm/common/edma.c b/arch/arm/common/edma.c
302 +index 873dbfc..56fc339 100644
303 +--- a/arch/arm/common/edma.c
304 ++++ b/arch/arm/common/edma.c
305 +@@ -406,7 +406,8 @@ static irqreturn_t dma_irq_handler(int irq, void *data)
306 + BIT(slot));
307 + if (edma_cc[ctlr]->intr_data[channel].callback)
308 + edma_cc[ctlr]->intr_data[channel].callback(
309 +- channel, EDMA_DMA_COMPLETE,
310 ++ EDMA_CTLR_CHAN(ctlr, channel),
311 ++ EDMA_DMA_COMPLETE,
312 + edma_cc[ctlr]->intr_data[channel].data);
313 + }
314 + } while (sh_ipr);
315 +@@ -460,7 +461,8 @@ static irqreturn_t dma_ccerr_handler(int irq, void *data)
316 + if (edma_cc[ctlr]->intr_data[k].
317 + callback) {
318 + edma_cc[ctlr]->intr_data[k].
319 +- callback(k,
320 ++ callback(
321 ++ EDMA_CTLR_CHAN(ctlr, k),
322 + EDMA_DMA_CC_ERROR,
323 + edma_cc[ctlr]->intr_data
324 + [k].data);
325 +diff --git a/arch/arm/include/asm/irq.h b/arch/arm/include/asm/irq.h
326 +index 53c15de..6a9851e 100644
327 +--- a/arch/arm/include/asm/irq.h
328 ++++ b/arch/arm/include/asm/irq.h
329 +@@ -35,6 +35,11 @@ extern void (*handle_arch_irq)(struct pt_regs *);
330 + extern void set_handle_irq(void (*handle_irq)(struct pt_regs *));
331 + #endif
332 +
333 ++static inline int nr_legacy_irqs(void)
334 ++{
335 ++ return NR_IRQS_LEGACY;
336 ++}
337 ++
338 + #endif
339 +
340 + #endif
341 +diff --git a/arch/arm/mach-at91/pm_suspend.S b/arch/arm/mach-at91/pm_suspend.S
342 +index 0d95f48..a25defd 100644
343 +--- a/arch/arm/mach-at91/pm_suspend.S
344 ++++ b/arch/arm/mach-at91/pm_suspend.S
345 +@@ -80,6 +80,8 @@ tmp2 .req r5
346 + * @r2: base address of second SDRAM Controller or 0 if not present
347 + * @r3: pm information
348 + */
349 ++/* at91_pm_suspend_in_sram must be 8-byte aligned per the requirements of fncpy() */
350 ++ .align 3
351 + ENTRY(at91_pm_suspend_in_sram)
352 + /* Save registers on stack */
353 + stmfd sp!, {r4 - r12, lr}
354 +diff --git a/arch/arm/mach-pxa/include/mach/pxa27x.h b/arch/arm/mach-pxa/include/mach/pxa27x.h
355 +index 599b925..1a42919 100644
356 +--- a/arch/arm/mach-pxa/include/mach/pxa27x.h
357 ++++ b/arch/arm/mach-pxa/include/mach/pxa27x.h
358 +@@ -19,7 +19,7 @@
359 + #define ARB_CORE_PARK (1<<24) /* Be parked with core when idle */
360 + #define ARB_LOCK_FLAG (1<<23) /* Only Locking masters gain access to the bus */
361 +
362 +-extern int __init pxa27x_set_pwrmode(unsigned int mode);
363 ++extern int pxa27x_set_pwrmode(unsigned int mode);
364 + extern void pxa27x_cpu_pm_enter(suspend_state_t state);
365 +
366 + #endif /* __MACH_PXA27x_H */
367 +diff --git a/arch/arm/mach-pxa/pxa27x.c b/arch/arm/mach-pxa/pxa27x.c
368 +index b5abdeb..aa97547 100644
369 +--- a/arch/arm/mach-pxa/pxa27x.c
370 ++++ b/arch/arm/mach-pxa/pxa27x.c
371 +@@ -84,7 +84,7 @@ EXPORT_SYMBOL_GPL(pxa27x_configure_ac97reset);
372 + */
373 + static unsigned int pwrmode = PWRMODE_SLEEP;
374 +
375 +-int __init pxa27x_set_pwrmode(unsigned int mode)
376 ++int pxa27x_set_pwrmode(unsigned int mode)
377 + {
378 + switch (mode) {
379 + case PWRMODE_SLEEP:
380 +diff --git a/arch/arm/mach-tegra/board-paz00.c b/arch/arm/mach-tegra/board-paz00.c
381 +index fbe74c6..49d1110 100644
382 +--- a/arch/arm/mach-tegra/board-paz00.c
383 ++++ b/arch/arm/mach-tegra/board-paz00.c
384 +@@ -39,8 +39,8 @@ static struct platform_device wifi_rfkill_device = {
385 + static struct gpiod_lookup_table wifi_gpio_lookup = {
386 + .dev_id = "rfkill_gpio",
387 + .table = {
388 +- GPIO_LOOKUP_IDX("tegra-gpio", 25, NULL, 0, 0),
389 +- GPIO_LOOKUP_IDX("tegra-gpio", 85, NULL, 1, 0),
390 ++ GPIO_LOOKUP("tegra-gpio", 25, "reset", 0),
391 ++ GPIO_LOOKUP("tegra-gpio", 85, "shutdown", 0),
392 + { },
393 + },
394 + };
395 +diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
396 +index cba12f3..25ecc6a 100644
397 +--- a/arch/arm/mm/dma-mapping.c
398 ++++ b/arch/arm/mm/dma-mapping.c
399 +@@ -1413,12 +1413,19 @@ static int arm_iommu_mmap_attrs(struct device *dev, struct vm_area_struct *vma,
400 + unsigned long uaddr = vma->vm_start;
401 + unsigned long usize = vma->vm_end - vma->vm_start;
402 + struct page **pages = __iommu_get_pages(cpu_addr, attrs);
403 ++ unsigned long nr_pages = PAGE_ALIGN(size) >> PAGE_SHIFT;
404 ++ unsigned long off = vma->vm_pgoff;
405 +
406 + vma->vm_page_prot = __get_dma_pgprot(attrs, vma->vm_page_prot);
407 +
408 + if (!pages)
409 + return -ENXIO;
410 +
411 ++ if (off >= nr_pages || (usize >> PAGE_SHIFT) > nr_pages - off)
412 ++ return -ENXIO;
413 ++
414 ++ pages += off;
415 ++
416 + do {
417 + int ret = vm_insert_page(vma, uaddr, *pages++);
418 + if (ret) {
419 +diff --git a/arch/arm64/include/asm/irq.h b/arch/arm64/include/asm/irq.h
420 +index bbb251b..8b9bf54 100644
421 +--- a/arch/arm64/include/asm/irq.h
422 ++++ b/arch/arm64/include/asm/irq.h
423 +@@ -21,4 +21,9 @@ static inline void acpi_irq_init(void)
424 + }
425 + #define acpi_irq_init acpi_irq_init
426 +
427 ++static inline int nr_legacy_irqs(void)
428 ++{
429 ++ return 0;
430 ++}
431 ++
432 + #endif
433 +diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
434 +index d6dd9fd..d4264bb 100644
435 +--- a/arch/arm64/include/asm/ptrace.h
436 ++++ b/arch/arm64/include/asm/ptrace.h
437 +@@ -83,14 +83,14 @@
438 + #define compat_sp regs[13]
439 + #define compat_lr regs[14]
440 + #define compat_sp_hyp regs[15]
441 +-#define compat_sp_irq regs[16]
442 +-#define compat_lr_irq regs[17]
443 +-#define compat_sp_svc regs[18]
444 +-#define compat_lr_svc regs[19]
445 +-#define compat_sp_abt regs[20]
446 +-#define compat_lr_abt regs[21]
447 +-#define compat_sp_und regs[22]
448 +-#define compat_lr_und regs[23]
449 ++#define compat_lr_irq regs[16]
450 ++#define compat_sp_irq regs[17]
451 ++#define compat_lr_svc regs[18]
452 ++#define compat_sp_svc regs[19]
453 ++#define compat_lr_abt regs[20]
454 ++#define compat_sp_abt regs[21]
455 ++#define compat_lr_und regs[22]
456 ++#define compat_sp_und regs[23]
457 + #define compat_r8_fiq regs[24]
458 + #define compat_r9_fiq regs[25]
459 + #define compat_r10_fiq regs[26]
460 +diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
461 +index 9807333..4d77757 100644
462 +--- a/arch/arm64/kernel/vmlinux.lds.S
463 ++++ b/arch/arm64/kernel/vmlinux.lds.S
464 +@@ -60,9 +60,12 @@ PECOFF_FILE_ALIGNMENT = 0x200;
465 + #define PECOFF_EDATA_PADDING
466 + #endif
467 +
468 +-#ifdef CONFIG_DEBUG_ALIGN_RODATA
469 ++#if defined(CONFIG_DEBUG_ALIGN_RODATA)
470 + #define ALIGN_DEBUG_RO . = ALIGN(1<<SECTION_SHIFT);
471 + #define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO
472 ++#elif defined(CONFIG_DEBUG_RODATA)
473 ++#define ALIGN_DEBUG_RO . = ALIGN(1<<PAGE_SHIFT);
474 ++#define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO
475 + #else
476 + #define ALIGN_DEBUG_RO
477 + #define ALIGN_DEBUG_RO_MIN(min) . = ALIGN(min);
478 +diff --git a/arch/mips/ath79/setup.c b/arch/mips/ath79/setup.c
479 +index 1ba2120..9a00137 100644
480 +--- a/arch/mips/ath79/setup.c
481 ++++ b/arch/mips/ath79/setup.c
482 +@@ -216,9 +216,9 @@ void __init plat_mem_setup(void)
483 + AR71XX_RESET_SIZE);
484 + ath79_pll_base = ioremap_nocache(AR71XX_PLL_BASE,
485 + AR71XX_PLL_SIZE);
486 ++ ath79_detect_sys_type();
487 + ath79_ddr_ctrl_init();
488 +
489 +- ath79_detect_sys_type();
490 + if (mips_machtype != ATH79_MACH_GENERIC_OF)
491 + detect_memory_region(0, ATH79_MEM_SIZE_MIN, ATH79_MEM_SIZE_MAX);
492 +
493 +diff --git a/arch/mips/include/asm/cdmm.h b/arch/mips/include/asm/cdmm.h
494 +index 16e22ce..85dc4ce 100644
495 +--- a/arch/mips/include/asm/cdmm.h
496 ++++ b/arch/mips/include/asm/cdmm.h
497 +@@ -84,6 +84,17 @@ void mips_cdmm_driver_unregister(struct mips_cdmm_driver *);
498 + module_driver(__mips_cdmm_driver, mips_cdmm_driver_register, \
499 + mips_cdmm_driver_unregister)
500 +
501 ++/*
502 ++ * builtin_mips_cdmm_driver() - Helper macro for drivers that don't do anything
503 ++ * special in init and have no exit. This eliminates some boilerplate. Each
504 ++ * driver may only use this macro once, and calling it replaces device_initcall
505 ++ * (or in some cases, the legacy __initcall). This is meant to be a direct
506 ++ * parallel of module_mips_cdmm_driver() above but without the __exit stuff that
507 ++ * is not used for builtin cases.
508 ++ */
509 ++#define builtin_mips_cdmm_driver(__mips_cdmm_driver) \
510 ++ builtin_driver(__mips_cdmm_driver, mips_cdmm_driver_register)
511 ++
512 + /* drivers/tty/mips_ejtag_fdc.c */
513 +
514 + #ifdef CONFIG_MIPS_EJTAG_FDC_EARLYCON
515 +diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
516 +index d5fa3ea..41b1b09 100644
517 +--- a/arch/mips/kvm/emulate.c
518 ++++ b/arch/mips/kvm/emulate.c
519 +@@ -1581,7 +1581,7 @@ enum emulation_result kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc,
520 +
521 + base = (inst >> 21) & 0x1f;
522 + op_inst = (inst >> 16) & 0x1f;
523 +- offset = inst & 0xffff;
524 ++ offset = (int16_t)inst;
525 + cache = (inst >> 16) & 0x3;
526 + op = (inst >> 18) & 0x7;
527 +
528 +diff --git a/arch/mips/kvm/locore.S b/arch/mips/kvm/locore.S
529 +index c567240..d1ee95a 100644
530 +--- a/arch/mips/kvm/locore.S
531 ++++ b/arch/mips/kvm/locore.S
532 +@@ -165,9 +165,11 @@ FEXPORT(__kvm_mips_vcpu_run)
533 +
534 + FEXPORT(__kvm_mips_load_asid)
535 + /* Set the ASID for the Guest Kernel */
536 +- INT_SLL t0, t0, 1 /* with kseg0 @ 0x40000000, kernel */
537 +- /* addresses shift to 0x80000000 */
538 +- bltz t0, 1f /* If kernel */
539 ++ PTR_L t0, VCPU_COP0(k1)
540 ++ LONG_L t0, COP0_STATUS(t0)
541 ++ andi t0, KSU_USER | ST0_ERL | ST0_EXL
542 ++ xori t0, KSU_USER
543 ++ bnez t0, 1f /* If kernel */
544 + INT_ADDIU t1, k1, VCPU_GUEST_KERNEL_ASID /* (BD) */
545 + INT_ADDIU t1, k1, VCPU_GUEST_USER_ASID /* else user */
546 + 1:
547 +@@ -482,9 +484,11 @@ __kvm_mips_return_to_guest:
548 + mtc0 t0, CP0_EPC
549 +
550 + /* Set the ASID for the Guest Kernel */
551 +- INT_SLL t0, t0, 1 /* with kseg0 @ 0x40000000, kernel */
552 +- /* addresses shift to 0x80000000 */
553 +- bltz t0, 1f /* If kernel */
554 ++ PTR_L t0, VCPU_COP0(k1)
555 ++ LONG_L t0, COP0_STATUS(t0)
556 ++ andi t0, KSU_USER | ST0_ERL | ST0_EXL
557 ++ xori t0, KSU_USER
558 ++ bnez t0, 1f /* If kernel */
559 + INT_ADDIU t1, k1, VCPU_GUEST_KERNEL_ASID /* (BD) */
560 + INT_ADDIU t1, k1, VCPU_GUEST_USER_ASID /* else user */
561 + 1:
562 +diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
563 +index cd4c129..bafb32b 100644
564 +--- a/arch/mips/kvm/mips.c
565 ++++ b/arch/mips/kvm/mips.c
566 +@@ -278,7 +278,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
567 +
568 + if (!gebase) {
569 + err = -ENOMEM;
570 +- goto out_free_cpu;
571 ++ goto out_uninit_cpu;
572 + }
573 + kvm_debug("Allocated %d bytes for KVM Exception Handlers @ %p\n",
574 + ALIGN(size, PAGE_SIZE), gebase);
575 +@@ -342,6 +342,9 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
576 + out_free_gebase:
577 + kfree(gebase);
578 +
579 ++out_uninit_cpu:
580 ++ kvm_vcpu_uninit(vcpu);
581 ++
582 + out_free_cpu:
583 + kfree(vcpu);
584 +
585 +diff --git a/arch/mips/lantiq/clk.c b/arch/mips/lantiq/clk.c
586 +index 3fc2e6d..a0706fd 100644
587 +--- a/arch/mips/lantiq/clk.c
588 ++++ b/arch/mips/lantiq/clk.c
589 +@@ -99,6 +99,23 @@ int clk_set_rate(struct clk *clk, unsigned long rate)
590 + }
591 + EXPORT_SYMBOL(clk_set_rate);
592 +
593 ++long clk_round_rate(struct clk *clk, unsigned long rate)
594 ++{
595 ++ if (unlikely(!clk_good(clk)))
596 ++ return 0;
597 ++ if (clk->rates && *clk->rates) {
598 ++ unsigned long *r = clk->rates;
599 ++
600 ++ while (*r && (*r != rate))
601 ++ r++;
602 ++ if (!*r) {
603 ++ return clk->rate;
604 ++ }
605 ++ }
606 ++ return rate;
607 ++}
608 ++EXPORT_SYMBOL(clk_round_rate);
609 ++
610 + int clk_enable(struct clk *clk)
611 + {
612 + if (unlikely(!clk_good(clk)))
613 +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
614 +index c98d897..cbee788 100644
615 +--- a/arch/s390/kvm/interrupt.c
616 ++++ b/arch/s390/kvm/interrupt.c
617 +@@ -1051,8 +1051,7 @@ static int __inject_extcall(struct kvm_vcpu *vcpu, struct kvm_s390_irq *irq)
618 + src_id, 0, 2);
619 +
620 + /* sending vcpu invalid */
621 +- if (src_id >= KVM_MAX_VCPUS ||
622 +- kvm_get_vcpu(vcpu->kvm, src_id) == NULL)
623 ++ if (kvm_get_vcpu_by_id(vcpu->kvm, src_id) == NULL)
624 + return -EINVAL;
625 +
626 + if (sclp.has_sigpif)
627 +@@ -1131,6 +1130,10 @@ static int __inject_sigp_emergency(struct kvm_vcpu *vcpu,
628 + trace_kvm_s390_inject_vcpu(vcpu->vcpu_id, KVM_S390_INT_EMERGENCY,
629 + irq->u.emerg.code, 0, 2);
630 +
631 ++ /* sending vcpu invalid */
632 ++ if (kvm_get_vcpu_by_id(vcpu->kvm, irq->u.emerg.code) == NULL)
633 ++ return -EINVAL;
634 ++
635 + set_bit(irq->u.emerg.code, li->sigp_emerg_pending);
636 + set_bit(IRQ_PEND_EXT_EMERGENCY, &li->pending_irqs);
637 + atomic_set_mask(CPUSTAT_EXT_INT, li->cpuflags);
638 +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
639 +index f32f843..4a001c1 100644
640 +--- a/arch/s390/kvm/kvm-s390.c
641 ++++ b/arch/s390/kvm/kvm-s390.c
642 +@@ -289,12 +289,16 @@ static int kvm_vm_ioctl_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap)
643 + r = 0;
644 + break;
645 + case KVM_CAP_S390_VECTOR_REGISTERS:
646 +- if (MACHINE_HAS_VX) {
647 ++ mutex_lock(&kvm->lock);
648 ++ if (atomic_read(&kvm->online_vcpus)) {
649 ++ r = -EBUSY;
650 ++ } else if (MACHINE_HAS_VX) {
651 + set_kvm_facility(kvm->arch.model.fac->mask, 129);
652 + set_kvm_facility(kvm->arch.model.fac->list, 129);
653 + r = 0;
654 + } else
655 + r = -EINVAL;
656 ++ mutex_unlock(&kvm->lock);
657 + break;
658 + case KVM_CAP_S390_USER_STSI:
659 + kvm->arch.user_stsi = 1;
660 +@@ -1037,7 +1041,9 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
661 + if (!kvm->arch.sca)
662 + goto out_err;
663 + spin_lock(&kvm_lock);
664 +- sca_offset = (sca_offset + 16) & 0x7f0;
665 ++ sca_offset += 16;
666 ++ if (sca_offset + sizeof(struct sca_block) > PAGE_SIZE)
667 ++ sca_offset = 0;
668 + kvm->arch.sca = (struct sca_block *) ((char *) kvm->arch.sca + sca_offset);
669 + spin_unlock(&kvm_lock);
670 +
671 +diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
672 +index 72e58bd..7171056 100644
673 +--- a/arch/s390/kvm/sigp.c
674 ++++ b/arch/s390/kvm/sigp.c
675 +@@ -294,12 +294,8 @@ static int handle_sigp_dst(struct kvm_vcpu *vcpu, u8 order_code,
676 + u16 cpu_addr, u32 parameter, u64 *status_reg)
677 + {
678 + int rc;
679 +- struct kvm_vcpu *dst_vcpu;
680 ++ struct kvm_vcpu *dst_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);
681 +
682 +- if (cpu_addr >= KVM_MAX_VCPUS)
683 +- return SIGP_CC_NOT_OPERATIONAL;
684 +-
685 +- dst_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
686 + if (!dst_vcpu)
687 + return SIGP_CC_NOT_OPERATIONAL;
688 +
689 +@@ -481,7 +477,7 @@ int kvm_s390_handle_sigp_pei(struct kvm_vcpu *vcpu)
690 + trace_kvm_s390_handle_sigp_pei(vcpu, order_code, cpu_addr);
691 +
692 + if (order_code == SIGP_EXTERNAL_CALL) {
693 +- dest_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
694 ++ dest_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);
695 + BUG_ON(dest_vcpu == NULL);
696 +
697 + kvm_s390_vcpu_wakeup(dest_vcpu);
698 +diff --git a/arch/tile/kernel/usb.c b/arch/tile/kernel/usb.c
699 +index f0da5a2..9f1e05e 100644
700 +--- a/arch/tile/kernel/usb.c
701 ++++ b/arch/tile/kernel/usb.c
702 +@@ -22,6 +22,7 @@
703 + #include <linux/platform_device.h>
704 + #include <linux/usb/tilegx.h>
705 + #include <linux/init.h>
706 ++#include <linux/module.h>
707 + #include <linux/types.h>
708 +
709 + static u64 ehci_dmamask = DMA_BIT_MASK(32);
710 +diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h
711 +index ccffa53..39bcefc 100644
712 +--- a/arch/x86/include/asm/i8259.h
713 ++++ b/arch/x86/include/asm/i8259.h
714 +@@ -60,6 +60,7 @@ struct legacy_pic {
715 + void (*mask_all)(void);
716 + void (*restore_mask)(void);
717 + void (*init)(int auto_eoi);
718 ++ int (*probe)(void);
719 + int (*irq_pending)(unsigned int irq);
720 + void (*make_irq)(unsigned int irq);
721 + };
722 +diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
723 +index e16466e..e9cd7be 100644
724 +--- a/arch/x86/include/asm/kvm_emulate.h
725 ++++ b/arch/x86/include/asm/kvm_emulate.h
726 +@@ -112,6 +112,16 @@ struct x86_emulate_ops {
727 + struct x86_exception *fault);
728 +
729 + /*
730 ++ * read_phys: Read bytes of standard (non-emulated/special) memory.
731 ++ * Used for descriptor reading.
732 ++ * @addr: [IN ] Physical address from which to read.
733 ++ * @val: [OUT] Value read from memory.
734 ++ * @bytes: [IN ] Number of bytes to read from memory.
735 ++ */
736 ++ int (*read_phys)(struct x86_emulate_ctxt *ctxt, unsigned long addr,
737 ++ void *val, unsigned int bytes);
738 ++
739 ++ /*
740 + * write_std: Write bytes of standard (non-emulated/special) memory.
741 + * Used for descriptor writing.
742 + * @addr: [IN ] Linear address to which to write.
743 +diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
744 +index b5d7640..8a4add8 100644
745 +--- a/arch/x86/include/uapi/asm/svm.h
746 ++++ b/arch/x86/include/uapi/asm/svm.h
747 +@@ -100,6 +100,7 @@
748 + { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
749 + { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
750 + { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
751 ++ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
752 + { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
753 + { SVM_EXIT_INTR, "interrupt" }, \
754 + { SVM_EXIT_NMI, "nmi" }, \
755 +diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
756 +index 2683f36..ea4ba83 100644
757 +--- a/arch/x86/kernel/apic/vector.c
758 ++++ b/arch/x86/kernel/apic/vector.c
759 +@@ -360,7 +360,11 @@ int __init arch_probe_nr_irqs(void)
760 + if (nr < nr_irqs)
761 + nr_irqs = nr;
762 +
763 +- return nr_legacy_irqs();
764 ++ /*
765 ++ * We don't know if PIC is present at this point so we need to do
766 ++ * probe() to get the right number of legacy IRQs.
767 ++ */
768 ++ return legacy_pic->probe();
769 + }
770 +
771 + #ifdef CONFIG_X86_IO_APIC
772 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
773 +index cb9e5df..e4f929d 100644
774 +--- a/arch/x86/kernel/cpu/common.c
775 ++++ b/arch/x86/kernel/cpu/common.c
776 +@@ -272,10 +272,9 @@ __setup("nosmap", setup_disable_smap);
777 +
778 + static __always_inline void setup_smap(struct cpuinfo_x86 *c)
779 + {
780 +- unsigned long eflags;
781 ++ unsigned long eflags = native_save_fl();
782 +
783 + /* This should have been cleared long ago */
784 +- raw_local_save_flags(eflags);
785 + BUG_ON(eflags & X86_EFLAGS_AC);
786 +
787 + if (cpu_has(c, X86_FEATURE_SMAP)) {
788 +diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
789 +index 50ec9af..6545e6d 100644
790 +--- a/arch/x86/kernel/fpu/signal.c
791 ++++ b/arch/x86/kernel/fpu/signal.c
792 +@@ -385,20 +385,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame,
793 + */
794 + void fpu__init_prepare_fx_sw_frame(void)
795 + {
796 +- int fsave_header_size = sizeof(struct fregs_state);
797 + int size = xstate_size + FP_XSTATE_MAGIC2_SIZE;
798 +
799 +- if (config_enabled(CONFIG_X86_32))
800 +- size += fsave_header_size;
801 +-
802 + fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
803 + fx_sw_reserved.extended_size = size;
804 + fx_sw_reserved.xfeatures = xfeatures_mask;
805 + fx_sw_reserved.xstate_size = xstate_size;
806 +
807 +- if (config_enabled(CONFIG_IA32_EMULATION)) {
808 ++ if (config_enabled(CONFIG_IA32_EMULATION) ||
809 ++ config_enabled(CONFIG_X86_32)) {
810 ++ int fsave_header_size = sizeof(struct fregs_state);
811 ++
812 + fx_sw_reserved_ia32 = fx_sw_reserved;
813 +- fx_sw_reserved_ia32.extended_size += fsave_header_size;
814 ++ fx_sw_reserved_ia32.extended_size = size + fsave_header_size;
815 + }
816 + }
817 +
818 +diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
819 +index 62fc001..2c4ac07 100644
820 +--- a/arch/x86/kernel/fpu/xstate.c
821 ++++ b/arch/x86/kernel/fpu/xstate.c
822 +@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature)
823 + if (!boot_cpu_has(X86_FEATURE_XSAVE))
824 + return NULL;
825 +
826 +- xsave = &current->thread.fpu.state.xsave;
827 + /*
828 + * We should not ever be requesting features that we
829 + * have not enabled. Remember that pcntxt_mask is
830 +diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
831 +index 1d40ca8..ffdc0e8 100644
832 +--- a/arch/x86/kernel/head_64.S
833 ++++ b/arch/x86/kernel/head_64.S
834 +@@ -65,6 +65,9 @@ startup_64:
835 + * tables and then reload them.
836 + */
837 +
838 ++ /* Sanitize CPU configuration */
839 ++ call verify_cpu
840 ++
841 + /*
842 + * Compute the delta between the address I am compiled to run at and the
843 + * address I am actually running at.
844 +@@ -174,6 +177,9 @@ ENTRY(secondary_startup_64)
845 + * after the boot processor executes this code.
846 + */
847 +
848 ++ /* Sanitize CPU configuration */
849 ++ call verify_cpu
850 ++
851 + movq $(init_level4_pgt - __START_KERNEL_map), %rax
852 + 1:
853 +
854 +@@ -288,6 +294,8 @@ ENTRY(secondary_startup_64)
855 + pushq %rax # target address in negative space
856 + lretq
857 +
858 ++#include "verify_cpu.S"
859 ++
860 + #ifdef CONFIG_HOTPLUG_CPU
861 + /*
862 + * Boot CPU0 entry point. It's called from play_dead(). Everything has been set
863 +diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
864 +index 16cb827..be22f5a 100644
865 +--- a/arch/x86/kernel/i8259.c
866 ++++ b/arch/x86/kernel/i8259.c
867 +@@ -295,16 +295,11 @@ static void unmask_8259A(void)
868 + raw_spin_unlock_irqrestore(&i8259A_lock, flags);
869 + }
870 +
871 +-static void init_8259A(int auto_eoi)
872 ++static int probe_8259A(void)
873 + {
874 + unsigned long flags;
875 + unsigned char probe_val = ~(1 << PIC_CASCADE_IR);
876 + unsigned char new_val;
877 +-
878 +- i8259A_auto_eoi = auto_eoi;
879 +-
880 +- raw_spin_lock_irqsave(&i8259A_lock, flags);
881 +-
882 + /*
883 + * Check to see if we have a PIC.
884 + * Mask all except the cascade and read
885 +@@ -312,16 +307,28 @@ static void init_8259A(int auto_eoi)
886 + * have a PIC, we will read 0xff as opposed to the
887 + * value we wrote.
888 + */
889 ++ raw_spin_lock_irqsave(&i8259A_lock, flags);
890 ++
891 + outb(0xff, PIC_SLAVE_IMR); /* mask all of 8259A-2 */
892 + outb(probe_val, PIC_MASTER_IMR);
893 + new_val = inb(PIC_MASTER_IMR);
894 + if (new_val != probe_val) {
895 + printk(KERN_INFO "Using NULL legacy PIC\n");
896 + legacy_pic = &null_legacy_pic;
897 +- raw_spin_unlock_irqrestore(&i8259A_lock, flags);
898 +- return;
899 + }
900 +
901 ++ raw_spin_unlock_irqrestore(&i8259A_lock, flags);
902 ++ return nr_legacy_irqs();
903 ++}
904 ++
905 ++static void init_8259A(int auto_eoi)
906 ++{
907 ++ unsigned long flags;
908 ++
909 ++ i8259A_auto_eoi = auto_eoi;
910 ++
911 ++ raw_spin_lock_irqsave(&i8259A_lock, flags);
912 ++
913 + outb(0xff, PIC_MASTER_IMR); /* mask all of 8259A-1 */
914 +
915 + /*
916 +@@ -379,6 +386,10 @@ static int legacy_pic_irq_pending_noop(unsigned int irq)
917 + {
918 + return 0;
919 + }
920 ++static int legacy_pic_probe(void)
921 ++{
922 ++ return 0;
923 ++}
924 +
925 + struct legacy_pic null_legacy_pic = {
926 + .nr_legacy_irqs = 0,
927 +@@ -388,6 +399,7 @@ struct legacy_pic null_legacy_pic = {
928 + .mask_all = legacy_pic_noop,
929 + .restore_mask = legacy_pic_noop,
930 + .init = legacy_pic_int_noop,
931 ++ .probe = legacy_pic_probe,
932 + .irq_pending = legacy_pic_irq_pending_noop,
933 + .make_irq = legacy_pic_uint_noop,
934 + };
935 +@@ -400,6 +412,7 @@ struct legacy_pic default_legacy_pic = {
936 + .mask_all = mask_8259A,
937 + .restore_mask = unmask_8259A,
938 + .init = init_8259A,
939 ++ .probe = probe_8259A,
940 + .irq_pending = i8259A_irq_pending,
941 + .make_irq = make_8259A_irq,
942 + };
943 +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
944 +index 80f874b..1e6f70f 100644
945 +--- a/arch/x86/kernel/setup.c
946 ++++ b/arch/x86/kernel/setup.c
947 +@@ -1198,6 +1198,14 @@ void __init setup_arch(char **cmdline_p)
948 + clone_pgd_range(initial_page_table + KERNEL_PGD_BOUNDARY,
949 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
950 + KERNEL_PGD_PTRS);
951 ++
952 ++ /*
953 ++ * sync back low identity map too. It is used for example
954 ++ * in the 32-bit EFI stub.
955 ++ */
956 ++ clone_pgd_range(initial_page_table,
957 ++ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
958 ++ min(KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
959 + #endif
960 +
961 + tboot_probe();
962 +diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
963 +index b9242ba..4cf401f 100644
964 +--- a/arch/x86/kernel/verify_cpu.S
965 ++++ b/arch/x86/kernel/verify_cpu.S
966 +@@ -34,10 +34,11 @@
967 + #include <asm/msr-index.h>
968 +
969 + verify_cpu:
970 +- pushfl # Save caller passed flags
971 +- pushl $0 # Kill any dangerous flags
972 +- popfl
973 ++ pushf # Save caller passed flags
974 ++ push $0 # Kill any dangerous flags
975 ++ popf
976 +
977 ++#ifndef __x86_64__
978 + pushfl # standard way to check for cpuid
979 + popl %eax
980 + movl %eax,%ebx
981 +@@ -48,6 +49,7 @@ verify_cpu:
982 + popl %eax
983 + cmpl %eax,%ebx
984 + jz verify_cpu_no_longmode # cpu has no cpuid
985 ++#endif
986 +
987 + movl $0x0,%eax # See if cpuid 1 is implemented
988 + cpuid
989 +@@ -130,10 +132,10 @@ verify_cpu_sse_test:
990 + jmp verify_cpu_sse_test # try again
991 +
992 + verify_cpu_no_longmode:
993 +- popfl # Restore caller passed flags
994 ++ popf # Restore caller passed flags
995 + movl $1,%eax
996 + ret
997 + verify_cpu_sse_ok:
998 +- popfl # Restore caller passed flags
999 ++ popf # Restore caller passed flags
1000 + xorl %eax, %eax
1001 + ret
1002 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
1003 +index 2392541a..f17c342 100644
1004 +--- a/arch/x86/kvm/emulate.c
1005 ++++ b/arch/x86/kvm/emulate.c
1006 +@@ -2272,8 +2272,8 @@ static int emulator_has_longmode(struct x86_emulate_ctxt *ctxt)
1007 + #define GET_SMSTATE(type, smbase, offset) \
1008 + ({ \
1009 + type __val; \
1010 +- int r = ctxt->ops->read_std(ctxt, smbase + offset, &__val, \
1011 +- sizeof(__val), NULL); \
1012 ++ int r = ctxt->ops->read_phys(ctxt, smbase + offset, &__val, \
1013 ++ sizeof(__val)); \
1014 + if (r != X86EMUL_CONTINUE) \
1015 + return X86EMUL_UNHANDLEABLE; \
1016 + __val; \
1017 +@@ -2484,17 +2484,36 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt)
1018 +
1019 + /*
1020 + * Get back to real mode, to prepare a safe state in which to load
1021 +- * CR0/CR3/CR4/EFER. Also this will ensure that addresses passed
1022 +- * to read_std/write_std are not virtual.
1023 +- *
1024 +- * CR4.PCIDE must be zero, because it is a 64-bit mode only feature.
1025 ++ * CR0/CR3/CR4/EFER. It's all a bit more complicated if the vCPU
1026 ++ * supports long mode.
1027 + */
1028 ++ cr4 = ctxt->ops->get_cr(ctxt, 4);
1029 ++ if (emulator_has_longmode(ctxt)) {
1030 ++ struct desc_struct cs_desc;
1031 ++
1032 ++ /* Zero CR4.PCIDE before CR0.PG. */
1033 ++ if (cr4 & X86_CR4_PCIDE) {
1034 ++ ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PCIDE);
1035 ++ cr4 &= ~X86_CR4_PCIDE;
1036 ++ }
1037 ++
1038 ++ /* A 32-bit code segment is required to clear EFER.LMA. */
1039 ++ memset(&cs_desc, 0, sizeof(cs_desc));
1040 ++ cs_desc.type = 0xb;
1041 ++ cs_desc.s = cs_desc.g = cs_desc.p = 1;
1042 ++ ctxt->ops->set_segment(ctxt, 0, &cs_desc, 0, VCPU_SREG_CS);
1043 ++ }
1044 ++
1045 ++ /* For the 64-bit case, this will clear EFER.LMA. */
1046 + cr0 = ctxt->ops->get_cr(ctxt, 0);
1047 + if (cr0 & X86_CR0_PE)
1048 + ctxt->ops->set_cr(ctxt, 0, cr0 & ~(X86_CR0_PG | X86_CR0_PE));
1049 +- cr4 = ctxt->ops->get_cr(ctxt, 4);
1050 ++
1051 ++ /* Now clear CR4.PAE (which must be done before clearing EFER.LME). */
1052 + if (cr4 & X86_CR4_PAE)
1053 + ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PAE);
1054 ++
1055 ++ /* And finally go back to 32-bit mode. */
1056 + efer = 0;
1057 + ctxt->ops->set_msr(ctxt, MSR_EFER, efer);
1058 +
1059 +@@ -4455,7 +4474,7 @@ static const struct opcode twobyte_table[256] = {
1060 + F(DstMem | SrcReg | Src2CL | ModRM, em_shld), N, N,
1061 + /* 0xA8 - 0xAF */
1062 + I(Stack | Src2GS, em_push_sreg), I(Stack | Src2GS, em_pop_sreg),
1063 +- II(No64 | EmulateOnUD | ImplicitOps, em_rsm, rsm),
1064 ++ II(EmulateOnUD | ImplicitOps, em_rsm, rsm),
1065 + F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts),
1066 + F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd),
1067 + F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
1068 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
1069 +index 2a5ca97..236e346 100644
1070 +--- a/arch/x86/kvm/lapic.c
1071 ++++ b/arch/x86/kvm/lapic.c
1072 +@@ -348,6 +348,8 @@ void kvm_apic_update_irr(struct kvm_vcpu *vcpu, u32 *pir)
1073 + struct kvm_lapic *apic = vcpu->arch.apic;
1074 +
1075 + __kvm_apic_update_irr(pir, apic->regs);
1076 ++
1077 ++ kvm_make_request(KVM_REQ_EVENT, vcpu);
1078 + }
1079 + EXPORT_SYMBOL_GPL(kvm_apic_update_irr);
1080 +
1081 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
1082 +index 2d32b67..00da6e8 100644
1083 +--- a/arch/x86/kvm/svm.c
1084 ++++ b/arch/x86/kvm/svm.c
1085 +@@ -1085,7 +1085,7 @@ static u64 svm_compute_tsc_offset(struct kvm_vcpu *vcpu, u64 target_tsc)
1086 + return target_tsc - tsc;
1087 + }
1088 +
1089 +-static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1090 ++static void init_vmcb(struct vcpu_svm *svm)
1091 + {
1092 + struct vmcb_control_area *control = &svm->vmcb->control;
1093 + struct vmcb_save_area *save = &svm->vmcb->save;
1094 +@@ -1106,6 +1106,7 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1095 + set_exception_intercept(svm, PF_VECTOR);
1096 + set_exception_intercept(svm, UD_VECTOR);
1097 + set_exception_intercept(svm, MC_VECTOR);
1098 ++ set_exception_intercept(svm, AC_VECTOR);
1099 +
1100 + set_intercept(svm, INTERCEPT_INTR);
1101 + set_intercept(svm, INTERCEPT_NMI);
1102 +@@ -1156,8 +1157,7 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1103 + init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
1104 + init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);
1105 +
1106 +- if (!init_event)
1107 +- svm_set_efer(&svm->vcpu, 0);
1108 ++ svm_set_efer(&svm->vcpu, 0);
1109 + save->dr6 = 0xffff0ff0;
1110 + kvm_set_rflags(&svm->vcpu, 2);
1111 + save->rip = 0x0000fff0;
1112 +@@ -1211,7 +1211,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1113 + if (kvm_vcpu_is_reset_bsp(&svm->vcpu))
1114 + svm->vcpu.arch.apic_base |= MSR_IA32_APICBASE_BSP;
1115 + }
1116 +- init_vmcb(svm, init_event);
1117 ++ init_vmcb(svm);
1118 +
1119 + kvm_cpuid(vcpu, &eax, &dummy, &dummy, &dummy);
1120 + kvm_register_write(vcpu, VCPU_REGS_RDX, eax);
1121 +@@ -1267,7 +1267,7 @@ static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id)
1122 + clear_page(svm->vmcb);
1123 + svm->vmcb_pa = page_to_pfn(page) << PAGE_SHIFT;
1124 + svm->asid_generation = 0;
1125 +- init_vmcb(svm, false);
1126 ++ init_vmcb(svm);
1127 +
1128 + svm_init_osvw(&svm->vcpu);
1129 +
1130 +@@ -1795,6 +1795,12 @@ static int ud_interception(struct vcpu_svm *svm)
1131 + return 1;
1132 + }
1133 +
1134 ++static int ac_interception(struct vcpu_svm *svm)
1135 ++{
1136 ++ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
1137 ++ return 1;
1138 ++}
1139 ++
1140 + static void svm_fpu_activate(struct kvm_vcpu *vcpu)
1141 + {
1142 + struct vcpu_svm *svm = to_svm(vcpu);
1143 +@@ -1889,7 +1895,7 @@ static int shutdown_interception(struct vcpu_svm *svm)
1144 + * so reinitialize it.
1145 + */
1146 + clear_page(svm->vmcb);
1147 +- init_vmcb(svm, false);
1148 ++ init_vmcb(svm);
1149 +
1150 + kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
1151 + return 0;
1152 +@@ -3369,6 +3375,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
1153 + [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
1154 + [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
1155 + [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
1156 ++ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
1157 + [SVM_EXIT_INTR] = intr_interception,
1158 + [SVM_EXIT_NMI] = nmi_interception,
1159 + [SVM_EXIT_SMI] = nop_on_interception,
1160 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
1161 +index aa9e822..e77d75b 100644
1162 +--- a/arch/x86/kvm/vmx.c
1163 ++++ b/arch/x86/kvm/vmx.c
1164 +@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
1165 + u32 eb;
1166 +
1167 + eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
1168 +- (1u << NM_VECTOR) | (1u << DB_VECTOR);
1169 ++ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
1170 + if ((vcpu->guest_debug &
1171 + (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
1172 + (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
1173 +@@ -4780,8 +4780,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1174 + vmx_set_cr0(vcpu, cr0); /* enter rmode */
1175 + vmx->vcpu.arch.cr0 = cr0;
1176 + vmx_set_cr4(vcpu, 0);
1177 +- if (!init_event)
1178 +- vmx_set_efer(vcpu, 0);
1179 ++ vmx_set_efer(vcpu, 0);
1180 + vmx_fpu_activate(vcpu);
1181 + update_exception_bitmap(vcpu);
1182 +
1183 +@@ -5118,6 +5117,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
1184 + return handle_rmode_exception(vcpu, ex_no, error_code);
1185 +
1186 + switch (ex_no) {
1187 ++ case AC_VECTOR:
1188 ++ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
1189 ++ return 1;
1190 + case DB_VECTOR:
1191 + dr6 = vmcs_readl(EXIT_QUALIFICATION);
1192 + if (!(vcpu->guest_debug &
1193 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
1194 +index 373328b..2781e2b 100644
1195 +--- a/arch/x86/kvm/x86.c
1196 ++++ b/arch/x86/kvm/x86.c
1197 +@@ -621,7 +621,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
1198 + if ((cr0 ^ old_cr0) & update_bits)
1199 + kvm_mmu_reset_context(vcpu);
1200 +
1201 +- if ((cr0 ^ old_cr0) & X86_CR0_CD)
1202 ++ if (((cr0 ^ old_cr0) & X86_CR0_CD) &&
1203 ++ kvm_arch_has_noncoherent_dma(vcpu->kvm) &&
1204 ++ !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
1205 + kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL);
1206 +
1207 + return 0;
1208 +@@ -4260,6 +4262,15 @@ static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
1209 + return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, 0, exception);
1210 + }
1211 +
1212 ++static int kvm_read_guest_phys_system(struct x86_emulate_ctxt *ctxt,
1213 ++ unsigned long addr, void *val, unsigned int bytes)
1214 ++{
1215 ++ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
1216 ++ int r = kvm_vcpu_read_guest(vcpu, addr, val, bytes);
1217 ++
1218 ++ return r < 0 ? X86EMUL_IO_NEEDED : X86EMUL_CONTINUE;
1219 ++}
1220 ++
1221 + int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
1222 + gva_t addr, void *val,
1223 + unsigned int bytes,
1224 +@@ -4995,6 +5006,7 @@ static const struct x86_emulate_ops emulate_ops = {
1225 + .write_gpr = emulator_write_gpr,
1226 + .read_std = kvm_read_guest_virt_system,
1227 + .write_std = kvm_write_guest_virt_system,
1228 ++ .read_phys = kvm_read_guest_phys_system,
1229 + .fetch = kvm_fetch_guest_virt,
1230 + .read_emulated = emulator_read_emulated,
1231 + .write_emulated = emulator_write_emulated,
1232 +diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
1233 +index db1b0bc..c28f618 100644
1234 +--- a/arch/x86/mm/mpx.c
1235 ++++ b/arch/x86/mm/mpx.c
1236 +@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm,
1237 + }
1238 +
1239 + /*
1240 ++ * We only want to do a 4-byte get_user() on 32-bit. Otherwise,
1241 ++ * we might run off the end of the bounds table if we are on
1242 ++ * a 64-bit kernel and try to get 8 bytes.
1243 ++ */
1244 ++int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret,
1245 ++ long __user *bd_entry_ptr)
1246 ++{
1247 ++ u32 bd_entry_32;
1248 ++ int ret;
1249 ++
1250 ++ if (is_64bit_mm(mm))
1251 ++ return get_user(*bd_entry_ret, bd_entry_ptr);
1252 ++
1253 ++ /*
1254 ++ * Note that get_user() uses the type of the *pointer* to
1255 ++ * establish the size of the get, not the destination.
1256 ++ */
1257 ++ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr);
1258 ++ *bd_entry_ret = bd_entry_32;
1259 ++ return ret;
1260 ++}
1261 ++
1262 ++/*
1263 + * Get the base of bounds tables pointed by specific bounds
1264 + * directory entry.
1265 + */
1266 +@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm,
1267 + int need_write = 0;
1268 +
1269 + pagefault_disable();
1270 +- ret = get_user(bd_entry, bd_entry_ptr);
1271 ++ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr);
1272 + pagefault_enable();
1273 + if (!ret)
1274 + break;
1275 +@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm,
1276 + */
1277 + static inline unsigned long bd_entry_virt_space(struct mm_struct *mm)
1278 + {
1279 +- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
1280 +- if (is_64bit_mm(mm))
1281 +- return virt_space / MPX_BD_NR_ENTRIES_64;
1282 +- else
1283 +- return virt_space / MPX_BD_NR_ENTRIES_32;
1284 ++ unsigned long long virt_space;
1285 ++ unsigned long long GB = (1ULL << 30);
1286 ++
1287 ++ /*
1288 ++ * This covers 32-bit emulation as well as 32-bit kernels
1289 ++ * running on 64-bit harware.
1290 ++ */
1291 ++ if (!is_64bit_mm(mm))
1292 ++ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32;
1293 ++
1294 ++ /*
1295 ++ * 'x86_virt_bits' returns what the hardware is capable
1296 ++ * of, and returns the full >32-bit adddress space when
1297 ++ * running 32-bit kernels on 64-bit hardware.
1298 ++ */
1299 ++ virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
1300 ++ return virt_space / MPX_BD_NR_ENTRIES_64;
1301 + }
1302 +
1303 + /*
1304 +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
1305 +index e527a3e..fa893c3 100644
1306 +--- a/drivers/bluetooth/ath3k.c
1307 ++++ b/drivers/bluetooth/ath3k.c
1308 +@@ -93,6 +93,7 @@ static const struct usb_device_id ath3k_table[] = {
1309 + { USB_DEVICE(0x04CA, 0x300f) },
1310 + { USB_DEVICE(0x04CA, 0x3010) },
1311 + { USB_DEVICE(0x0930, 0x0219) },
1312 ++ { USB_DEVICE(0x0930, 0x021c) },
1313 + { USB_DEVICE(0x0930, 0x0220) },
1314 + { USB_DEVICE(0x0930, 0x0227) },
1315 + { USB_DEVICE(0x0b05, 0x17d0) },
1316 +@@ -104,6 +105,7 @@ static const struct usb_device_id ath3k_table[] = {
1317 + { USB_DEVICE(0x0CF3, 0x311F) },
1318 + { USB_DEVICE(0x0cf3, 0x3121) },
1319 + { USB_DEVICE(0x0CF3, 0x817a) },
1320 ++ { USB_DEVICE(0x0CF3, 0x817b) },
1321 + { USB_DEVICE(0x0cf3, 0xe003) },
1322 + { USB_DEVICE(0x0CF3, 0xE004) },
1323 + { USB_DEVICE(0x0CF3, 0xE005) },
1324 +@@ -153,6 +155,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
1325 + { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
1326 + { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
1327 + { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
1328 ++ { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
1329 + { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
1330 + { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
1331 + { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
1332 +@@ -164,6 +167,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
1333 + { USB_DEVICE(0x0cf3, 0x311F), .driver_info = BTUSB_ATH3012 },
1334 + { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
1335 + { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 },
1336 ++ { USB_DEVICE(0x0CF3, 0x817b), .driver_info = BTUSB_ATH3012 },
1337 + { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
1338 + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
1339 + { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 },
1340 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
1341 +index b4cf8d9..7d9b09f 100644
1342 +--- a/drivers/bluetooth/btusb.c
1343 ++++ b/drivers/bluetooth/btusb.c
1344 +@@ -192,6 +192,7 @@ static const struct usb_device_id blacklist_table[] = {
1345 + { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 },
1346 + { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 },
1347 + { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
1348 ++ { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 },
1349 + { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 },
1350 + { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
1351 + { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
1352 +@@ -203,6 +204,7 @@ static const struct usb_device_id blacklist_table[] = {
1353 + { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 },
1354 + { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 },
1355 + { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 },
1356 ++ { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 },
1357 + { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 },
1358 + { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
1359 + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 },
1360 +diff --git a/drivers/clk/bcm/clk-iproc-pll.c b/drivers/clk/bcm/clk-iproc-pll.c
1361 +index 2dda4e8..d679ab8 100644
1362 +--- a/drivers/clk/bcm/clk-iproc-pll.c
1363 ++++ b/drivers/clk/bcm/clk-iproc-pll.c
1364 +@@ -345,8 +345,8 @@ static unsigned long iproc_pll_recalc_rate(struct clk_hw *hw,
1365 + struct iproc_pll *pll = clk->pll;
1366 + const struct iproc_pll_ctrl *ctrl = pll->ctrl;
1367 + u32 val;
1368 +- u64 ndiv;
1369 +- unsigned int ndiv_int, ndiv_frac, pdiv;
1370 ++ u64 ndiv, ndiv_int, ndiv_frac;
1371 ++ unsigned int pdiv;
1372 +
1373 + if (parent_rate == 0)
1374 + return 0;
1375 +@@ -366,22 +366,19 @@ static unsigned long iproc_pll_recalc_rate(struct clk_hw *hw,
1376 + val = readl(pll->pll_base + ctrl->ndiv_int.offset);
1377 + ndiv_int = (val >> ctrl->ndiv_int.shift) &
1378 + bit_mask(ctrl->ndiv_int.width);
1379 +- ndiv = (u64)ndiv_int << ctrl->ndiv_int.shift;
1380 ++ ndiv = ndiv_int << 20;
1381 +
1382 + if (ctrl->flags & IPROC_CLK_PLL_HAS_NDIV_FRAC) {
1383 + val = readl(pll->pll_base + ctrl->ndiv_frac.offset);
1384 + ndiv_frac = (val >> ctrl->ndiv_frac.shift) &
1385 + bit_mask(ctrl->ndiv_frac.width);
1386 +-
1387 +- if (ndiv_frac != 0)
1388 +- ndiv = ((u64)ndiv_int << ctrl->ndiv_int.shift) |
1389 +- ndiv_frac;
1390 ++ ndiv += ndiv_frac;
1391 + }
1392 +
1393 + val = readl(pll->pll_base + ctrl->pdiv.offset);
1394 + pdiv = (val >> ctrl->pdiv.shift) & bit_mask(ctrl->pdiv.width);
1395 +
1396 +- clk->rate = (ndiv * parent_rate) >> ctrl->ndiv_int.shift;
1397 ++ clk->rate = (ndiv * parent_rate) >> 20;
1398 +
1399 + if (pdiv == 0)
1400 + clk->rate *= 2;
1401 +diff --git a/drivers/clk/versatile/clk-icst.c b/drivers/clk/versatile/clk-icst.c
1402 +index bc96f10..9064636 100644
1403 +--- a/drivers/clk/versatile/clk-icst.c
1404 ++++ b/drivers/clk/versatile/clk-icst.c
1405 +@@ -156,8 +156,10 @@ struct clk *icst_clk_register(struct device *dev,
1406 + icst->lockreg = base + desc->lock_offset;
1407 +
1408 + clk = clk_register(dev, &icst->hw);
1409 +- if (IS_ERR(clk))
1410 ++ if (IS_ERR(clk)) {
1411 ++ kfree(pclone);
1412 + kfree(icst);
1413 ++ }
1414 +
1415 + return clk;
1416 + }
1417 +diff --git a/drivers/mfd/twl6040.c b/drivers/mfd/twl6040.c
1418 +index c5265c1..6aacd20 100644
1419 +--- a/drivers/mfd/twl6040.c
1420 ++++ b/drivers/mfd/twl6040.c
1421 +@@ -647,6 +647,8 @@ static int twl6040_probe(struct i2c_client *client,
1422 +
1423 + twl6040->clk32k = devm_clk_get(&client->dev, "clk32k");
1424 + if (IS_ERR(twl6040->clk32k)) {
1425 ++ if (PTR_ERR(twl6040->clk32k) == -EPROBE_DEFER)
1426 ++ return -EPROBE_DEFER;
1427 + dev_info(&client->dev, "clk32k is not handled\n");
1428 + twl6040->clk32k = NULL;
1429 + }
1430 +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
1431 +index a98dd4f..cbbb1c9 100644
1432 +--- a/drivers/net/bonding/bond_main.c
1433 ++++ b/drivers/net/bonding/bond_main.c
1434 +@@ -1751,6 +1751,7 @@ err_undo_flags:
1435 + slave_dev->dev_addr))
1436 + eth_hw_addr_random(bond_dev);
1437 + if (bond_dev->type != ARPHRD_ETHER) {
1438 ++ dev_close(bond_dev);
1439 + ether_setup(bond_dev);
1440 + bond_dev->flags |= IFF_MASTER;
1441 + bond_dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1442 +diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
1443 +index aede704..141c2a4 100644
1444 +--- a/drivers/net/can/dev.c
1445 ++++ b/drivers/net/can/dev.c
1446 +@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev)
1447 + nla_put(skb, IFLA_CAN_BITTIMING_CONST,
1448 + sizeof(*priv->bittiming_const), priv->bittiming_const)) ||
1449 +
1450 +- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) ||
1451 ++ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) ||
1452 + nla_put_u32(skb, IFLA_CAN_STATE, state) ||
1453 + nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) ||
1454 + nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) ||
1455 +diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c
1456 +index 7b92e91..f10834b 100644
1457 +--- a/drivers/net/can/sja1000/sja1000.c
1458 ++++ b/drivers/net/can/sja1000/sja1000.c
1459 +@@ -218,6 +218,9 @@ static void sja1000_start(struct net_device *dev)
1460 + priv->write_reg(priv, SJA1000_RXERR, 0x0);
1461 + priv->read_reg(priv, SJA1000_ECC);
1462 +
1463 ++ /* clear interrupt flags */
1464 ++ priv->read_reg(priv, SJA1000_IR);
1465 ++
1466 + /* leave reset mode */
1467 + set_normal_mode(dev);
1468 + }
1469 +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
1470 +index a4473d8..f672dba 100644
1471 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
1472 ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
1473 +@@ -1595,7 +1595,7 @@ static void xgbe_dev_xmit(struct xgbe_channel *channel)
1474 + packet->rdesc_count, 1);
1475 +
1476 + /* Make sure ownership is written to the descriptor */
1477 +- dma_wmb();
1478 ++ smp_wmb();
1479 +
1480 + ring->cur = cur_index + 1;
1481 + if (!packet->skb->xmit_more ||
1482 +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
1483 +index aae9d5e..dde0486 100644
1484 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
1485 ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
1486 +@@ -1807,6 +1807,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel)
1487 + struct netdev_queue *txq;
1488 + int processed = 0;
1489 + unsigned int tx_packets = 0, tx_bytes = 0;
1490 ++ unsigned int cur;
1491 +
1492 + DBGPR("-->xgbe_tx_poll\n");
1493 +
1494 +@@ -1814,10 +1815,15 @@ static int xgbe_tx_poll(struct xgbe_channel *channel)
1495 + if (!ring)
1496 + return 0;
1497 +
1498 ++ cur = ring->cur;
1499 ++
1500 ++ /* Be sure we get ring->cur before accessing descriptor data */
1501 ++ smp_rmb();
1502 ++
1503 + txq = netdev_get_tx_queue(netdev, channel->queue_index);
1504 +
1505 + while ((processed < XGBE_TX_DESC_MAX_PROC) &&
1506 +- (ring->dirty != ring->cur)) {
1507 ++ (ring->dirty != cur)) {
1508 + rdata = XGBE_GET_DESC_DATA(ring, ring->dirty);
1509 + rdesc = rdata->rdesc;
1510 +
1511 +diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
1512 +index de63266d..5d1dde3 100644
1513 +--- a/drivers/net/ethernet/freescale/fec_main.c
1514 ++++ b/drivers/net/ethernet/freescale/fec_main.c
1515 +@@ -1775,7 +1775,7 @@ static int fec_enet_mdio_read(struct mii_bus *bus, int mii_id, int regnum)
1516 + int ret = 0;
1517 +
1518 + ret = pm_runtime_get_sync(dev);
1519 +- if (IS_ERR_VALUE(ret))
1520 ++ if (ret < 0)
1521 + return ret;
1522 +
1523 + fep->mii_timeout = 0;
1524 +@@ -1811,11 +1811,13 @@ static int fec_enet_mdio_write(struct mii_bus *bus, int mii_id, int regnum,
1525 + struct fec_enet_private *fep = bus->priv;
1526 + struct device *dev = &fep->pdev->dev;
1527 + unsigned long time_left;
1528 +- int ret = 0;
1529 ++ int ret;
1530 +
1531 + ret = pm_runtime_get_sync(dev);
1532 +- if (IS_ERR_VALUE(ret))
1533 ++ if (ret < 0)
1534 + return ret;
1535 ++ else
1536 ++ ret = 0;
1537 +
1538 + fep->mii_timeout = 0;
1539 + reinit_completion(&fep->mdio_done);
1540 +@@ -2866,7 +2868,7 @@ fec_enet_open(struct net_device *ndev)
1541 + int ret;
1542 +
1543 + ret = pm_runtime_get_sync(&fep->pdev->dev);
1544 +- if (IS_ERR_VALUE(ret))
1545 ++ if (ret < 0)
1546 + return ret;
1547 +
1548 + pinctrl_pm_select_default_state(&fep->pdev->dev);
1549 +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
1550 +index 09ec32e..7e788073 100644
1551 +--- a/drivers/net/ethernet/marvell/mvneta.c
1552 ++++ b/drivers/net/ethernet/marvell/mvneta.c
1553 +@@ -949,7 +949,7 @@ static void mvneta_defaults_set(struct mvneta_port *pp)
1554 + /* Set CPU queue access map - all CPUs have access to all RX
1555 + * queues and to all TX queues
1556 + */
1557 +- for (cpu = 0; cpu < CONFIG_NR_CPUS; cpu++)
1558 ++ for_each_present_cpu(cpu)
1559 + mvreg_write(pp, MVNETA_CPU_MAP(cpu),
1560 + (MVNETA_CPU_RXQ_ACCESS_ALL_MASK |
1561 + MVNETA_CPU_TXQ_ACCESS_ALL_MASK));
1562 +@@ -1533,12 +1533,16 @@ static int mvneta_rx(struct mvneta_port *pp, int rx_todo,
1563 + }
1564 +
1565 + skb = build_skb(data, pp->frag_size > PAGE_SIZE ? 0 : pp->frag_size);
1566 +- if (!skb)
1567 +- goto err_drop_frame;
1568 +
1569 ++ /* After refill old buffer has to be unmapped regardless
1570 ++ * the skb is successfully built or not.
1571 ++ */
1572 + dma_unmap_single(dev->dev.parent, phys_addr,
1573 + MVNETA_RX_BUF_SIZE(pp->pkt_size), DMA_FROM_DEVICE);
1574 +
1575 ++ if (!skb)
1576 ++ goto err_drop_frame;
1577 ++
1578 + rcvd_pkts++;
1579 + rcvd_bytes += rx_bytes;
1580 +
1581 +diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c
1582 +index 0a32020..2177e56 100644
1583 +--- a/drivers/net/ethernet/mellanox/mlx4/cmd.c
1584 ++++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c
1585 +@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev)
1586 + }
1587 + }
1588 +
1589 +- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size);
1590 ++ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe));
1591 + priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD;
1592 + INIT_WORK(&priv->mfunc.master.comm_work,
1593 + mlx4_master_comm_channel);
1594 +diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c
1595 +index 8e81e53..ad8f95d 100644
1596 +--- a/drivers/net/ethernet/mellanox/mlx4/eq.c
1597 ++++ b/drivers/net/ethernet/mellanox/mlx4/eq.c
1598 +@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe)
1599 + return;
1600 + }
1601 +
1602 +- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1);
1603 ++ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1);
1604 + s_eqe->slave_id = slave;
1605 + /* ensure all information is written before setting the ownersip bit */
1606 + dma_wmb();
1607 +diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
1608 +index b1a4ea2..4dd18f4 100644
1609 +--- a/drivers/net/ethernet/sfc/ef10.c
1610 ++++ b/drivers/net/ethernet/sfc/ef10.c
1611 +@@ -1809,7 +1809,9 @@ static void efx_ef10_tx_write(struct efx_tx_queue *tx_queue)
1612 + unsigned int write_ptr;
1613 + efx_qword_t *txd;
1614 +
1615 +- BUG_ON(tx_queue->write_count == tx_queue->insert_count);
1616 ++ tx_queue->xmit_more_available = false;
1617 ++ if (unlikely(tx_queue->write_count == tx_queue->insert_count))
1618 ++ return;
1619 +
1620 + do {
1621 + write_ptr = tx_queue->write_count & tx_queue->ptr_mask;
1622 +diff --git a/drivers/net/ethernet/sfc/farch.c b/drivers/net/ethernet/sfc/farch.c
1623 +index f08266f..5a1c5a8 100644
1624 +--- a/drivers/net/ethernet/sfc/farch.c
1625 ++++ b/drivers/net/ethernet/sfc/farch.c
1626 +@@ -321,7 +321,9 @@ void efx_farch_tx_write(struct efx_tx_queue *tx_queue)
1627 + unsigned write_ptr;
1628 + unsigned old_write_count = tx_queue->write_count;
1629 +
1630 +- BUG_ON(tx_queue->write_count == tx_queue->insert_count);
1631 ++ tx_queue->xmit_more_available = false;
1632 ++ if (unlikely(tx_queue->write_count == tx_queue->insert_count))
1633 ++ return;
1634 +
1635 + do {
1636 + write_ptr = tx_queue->write_count & tx_queue->ptr_mask;
1637 +diff --git a/drivers/net/ethernet/sfc/net_driver.h b/drivers/net/ethernet/sfc/net_driver.h
1638 +index 47d1e3a..b8e8ce1 100644
1639 +--- a/drivers/net/ethernet/sfc/net_driver.h
1640 ++++ b/drivers/net/ethernet/sfc/net_driver.h
1641 +@@ -219,6 +219,7 @@ struct efx_tx_buffer {
1642 + * @tso_packets: Number of packets via the TSO xmit path
1643 + * @pushes: Number of times the TX push feature has been used
1644 + * @pio_packets: Number of times the TX PIO feature has been used
1645 ++ * @xmit_more_available: Are any packets waiting to be pushed to the NIC
1646 + * @empty_read_count: If the completion path has seen the queue as empty
1647 + * and the transmission path has not yet checked this, the value of
1648 + * @read_count bitwise-added to %EFX_EMPTY_COUNT_VALID; otherwise 0.
1649 +@@ -253,6 +254,7 @@ struct efx_tx_queue {
1650 + unsigned int tso_packets;
1651 + unsigned int pushes;
1652 + unsigned int pio_packets;
1653 ++ bool xmit_more_available;
1654 + /* Statistics to supplement MAC stats */
1655 + unsigned long tx_packets;
1656 +
1657 +diff --git a/drivers/net/ethernet/sfc/tx.c b/drivers/net/ethernet/sfc/tx.c
1658 +index 1833a01..67f6afa 100644
1659 +--- a/drivers/net/ethernet/sfc/tx.c
1660 ++++ b/drivers/net/ethernet/sfc/tx.c
1661 +@@ -431,8 +431,20 @@ finish_packet:
1662 + efx_tx_maybe_stop_queue(tx_queue);
1663 +
1664 + /* Pass off to hardware */
1665 +- if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq))
1666 ++ if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) {
1667 ++ struct efx_tx_queue *txq2 = efx_tx_queue_partner(tx_queue);
1668 ++
1669 ++ /* There could be packets left on the partner queue if those
1670 ++ * SKBs had skb->xmit_more set. If we do not push those they
1671 ++ * could be left for a long time and cause a netdev watchdog.
1672 ++ */
1673 ++ if (txq2->xmit_more_available)
1674 ++ efx_nic_push_buffers(txq2);
1675 ++
1676 + efx_nic_push_buffers(tx_queue);
1677 ++ } else {
1678 ++ tx_queue->xmit_more_available = skb->xmit_more;
1679 ++ }
1680 +
1681 + tx_queue->tx_packets++;
1682 +
1683 +@@ -722,6 +734,7 @@ void efx_init_tx_queue(struct efx_tx_queue *tx_queue)
1684 + tx_queue->read_count = 0;
1685 + tx_queue->old_read_count = 0;
1686 + tx_queue->empty_read_count = 0 | EFX_EMPTY_COUNT_VALID;
1687 ++ tx_queue->xmit_more_available = false;
1688 +
1689 + /* Set up TX descriptor ring */
1690 + efx_nic_init_tx(tx_queue);
1691 +@@ -747,6 +760,7 @@ void efx_fini_tx_queue(struct efx_tx_queue *tx_queue)
1692 +
1693 + ++tx_queue->read_count;
1694 + }
1695 ++ tx_queue->xmit_more_available = false;
1696 + netdev_tx_reset_queue(tx_queue->core_txq);
1697 + }
1698 +
1699 +@@ -1302,8 +1316,20 @@ static int efx_enqueue_skb_tso(struct efx_tx_queue *tx_queue,
1700 + efx_tx_maybe_stop_queue(tx_queue);
1701 +
1702 + /* Pass off to hardware */
1703 +- if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq))
1704 ++ if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) {
1705 ++ struct efx_tx_queue *txq2 = efx_tx_queue_partner(tx_queue);
1706 ++
1707 ++ /* There could be packets left on the partner queue if those
1708 ++ * SKBs had skb->xmit_more set. If we do not push those they
1709 ++ * could be left for a long time and cause a netdev watchdog.
1710 ++ */
1711 ++ if (txq2->xmit_more_available)
1712 ++ efx_nic_push_buffers(txq2);
1713 ++
1714 + efx_nic_push_buffers(tx_queue);
1715 ++ } else {
1716 ++ tx_queue->xmit_more_available = skb->xmit_more;
1717 ++ }
1718 +
1719 + tx_queue->tso_bursts++;
1720 + return NETDEV_TX_OK;
1721 +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
1722 +index 771cda2..2e51b81 100644
1723 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
1724 ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
1725 +@@ -721,10 +721,13 @@ static int stmmac_get_ts_info(struct net_device *dev,
1726 + {
1727 + struct stmmac_priv *priv = netdev_priv(dev);
1728 +
1729 +- if ((priv->hwts_tx_en) && (priv->hwts_rx_en)) {
1730 ++ if ((priv->dma_cap.time_stamp || priv->dma_cap.atime_stamp)) {
1731 +
1732 +- info->so_timestamping = SOF_TIMESTAMPING_TX_HARDWARE |
1733 ++ info->so_timestamping = SOF_TIMESTAMPING_TX_SOFTWARE |
1734 ++ SOF_TIMESTAMPING_TX_HARDWARE |
1735 ++ SOF_TIMESTAMPING_RX_SOFTWARE |
1736 + SOF_TIMESTAMPING_RX_HARDWARE |
1737 ++ SOF_TIMESTAMPING_SOFTWARE |
1738 + SOF_TIMESTAMPING_RAW_HARDWARE;
1739 +
1740 + if (priv->ptp_clock)
1741 +diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
1742 +index 248478c..197c939 100644
1743 +--- a/drivers/net/macvtap.c
1744 ++++ b/drivers/net/macvtap.c
1745 +@@ -137,7 +137,7 @@ static const struct proto_ops macvtap_socket_ops;
1746 + #define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \
1747 + NETIF_F_TSO6 | NETIF_F_UFO)
1748 + #define RX_OFFLOADS (NETIF_F_GRO | NETIF_F_LRO)
1749 +-#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG)
1750 ++#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG | NETIF_F_FRAGLIST)
1751 +
1752 + static struct macvlan_dev *macvtap_get_vlan_rcu(const struct net_device *dev)
1753 + {
1754 +diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c
1755 +index 2ed7506..5e0b432 100644
1756 +--- a/drivers/net/ppp/pppoe.c
1757 ++++ b/drivers/net/ppp/pppoe.c
1758 +@@ -589,7 +589,7 @@ static int pppoe_release(struct socket *sock)
1759 +
1760 + po = pppox_sk(sk);
1761 +
1762 +- if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
1763 ++ if (po->pppoe_dev) {
1764 + dev_put(po->pppoe_dev);
1765 + po->pppoe_dev = NULL;
1766 + }
1767 +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
1768 +index 64a60af..8f1738c 100644
1769 +--- a/drivers/net/usb/qmi_wwan.c
1770 ++++ b/drivers/net/usb/qmi_wwan.c
1771 +@@ -765,6 +765,10 @@ static const struct usb_device_id products[] = {
1772 + {QMI_FIXED_INTF(0x1199, 0x9056, 8)}, /* Sierra Wireless Modem */
1773 + {QMI_FIXED_INTF(0x1199, 0x9057, 8)},
1774 + {QMI_FIXED_INTF(0x1199, 0x9061, 8)}, /* Sierra Wireless Modem */
1775 ++ {QMI_FIXED_INTF(0x1199, 0x9070, 8)}, /* Sierra Wireless MC74xx/EM74xx */
1776 ++ {QMI_FIXED_INTF(0x1199, 0x9070, 10)}, /* Sierra Wireless MC74xx/EM74xx */
1777 ++ {QMI_FIXED_INTF(0x1199, 0x9071, 8)}, /* Sierra Wireless MC74xx/EM74xx */
1778 ++ {QMI_FIXED_INTF(0x1199, 0x9071, 10)}, /* Sierra Wireless MC74xx/EM74xx */
1779 + {QMI_FIXED_INTF(0x1bbb, 0x011e, 4)}, /* Telekom Speedstick LTE II (Alcatel One Touch L100V LTE) */
1780 + {QMI_FIXED_INTF(0x1bbb, 0x0203, 2)}, /* Alcatel L800MA */
1781 + {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */
1782 +diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
1783 +index 0d3c474..a5ea8a9 100644
1784 +--- a/drivers/net/wireless/ath/ath10k/mac.c
1785 ++++ b/drivers/net/wireless/ath/ath10k/mac.c
1786 +@@ -2070,7 +2070,8 @@ static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
1787 + enum ieee80211_band band;
1788 + const u8 *ht_mcs_mask;
1789 + const u16 *vht_mcs_mask;
1790 +- int i, n, max_nss;
1791 ++ int i, n;
1792 ++ u8 max_nss;
1793 + u32 stbc;
1794 +
1795 + lockdep_assert_held(&ar->conf_mutex);
1796 +@@ -2155,7 +2156,7 @@ static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
1797 + arg->peer_ht_rates.rates[i] = i;
1798 + } else {
1799 + arg->peer_ht_rates.num_rates = n;
1800 +- arg->peer_num_spatial_streams = max_nss;
1801 ++ arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
1802 + }
1803 +
1804 + ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
1805 +@@ -4021,7 +4022,7 @@ static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
1806 +
1807 + static u32 get_nss_from_chainmask(u16 chain_mask)
1808 + {
1809 +- if ((chain_mask & 0x15) == 0x15)
1810 ++ if ((chain_mask & 0xf) == 0xf)
1811 + return 4;
1812 + else if ((chain_mask & 0x7) == 0x7)
1813 + return 3;
1814 +diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
1815 +index 865d578d..fd6aef7 100644
1816 +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
1817 ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
1818 +@@ -423,14 +423,21 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
1819 + /* 8000 Series */
1820 + {IWL_PCI_DEVICE(0x24F3, 0x0010, iwl8260_2ac_cfg)},
1821 + {IWL_PCI_DEVICE(0x24F3, 0x1010, iwl8260_2ac_cfg)},
1822 ++ {IWL_PCI_DEVICE(0x24F3, 0x0130, iwl8260_2ac_cfg)},
1823 ++ {IWL_PCI_DEVICE(0x24F3, 0x1130, iwl8260_2ac_cfg)},
1824 ++ {IWL_PCI_DEVICE(0x24F3, 0x0132, iwl8260_2ac_cfg)},
1825 ++ {IWL_PCI_DEVICE(0x24F3, 0x1132, iwl8260_2ac_cfg)},
1826 + {IWL_PCI_DEVICE(0x24F3, 0x0110, iwl8260_2ac_cfg)},
1827 ++ {IWL_PCI_DEVICE(0x24F3, 0x01F0, iwl8260_2ac_cfg)},
1828 ++ {IWL_PCI_DEVICE(0x24F3, 0x0012, iwl8260_2ac_cfg)},
1829 ++ {IWL_PCI_DEVICE(0x24F3, 0x1012, iwl8260_2ac_cfg)},
1830 + {IWL_PCI_DEVICE(0x24F3, 0x1110, iwl8260_2ac_cfg)},
1831 + {IWL_PCI_DEVICE(0x24F3, 0x0050, iwl8260_2ac_cfg)},
1832 + {IWL_PCI_DEVICE(0x24F3, 0x0250, iwl8260_2ac_cfg)},
1833 + {IWL_PCI_DEVICE(0x24F3, 0x1050, iwl8260_2ac_cfg)},
1834 + {IWL_PCI_DEVICE(0x24F3, 0x0150, iwl8260_2ac_cfg)},
1835 ++ {IWL_PCI_DEVICE(0x24F3, 0x1150, iwl8260_2ac_cfg)},
1836 + {IWL_PCI_DEVICE(0x24F4, 0x0030, iwl8260_2ac_cfg)},
1837 +- {IWL_PCI_DEVICE(0x24F4, 0x1130, iwl8260_2ac_cfg)},
1838 + {IWL_PCI_DEVICE(0x24F4, 0x1030, iwl8260_2ac_cfg)},
1839 + {IWL_PCI_DEVICE(0x24F3, 0xC010, iwl8260_2ac_cfg)},
1840 + {IWL_PCI_DEVICE(0x24F3, 0xC110, iwl8260_2ac_cfg)},
1841 +@@ -438,18 +445,28 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
1842 + {IWL_PCI_DEVICE(0x24F3, 0xC050, iwl8260_2ac_cfg)},
1843 + {IWL_PCI_DEVICE(0x24F3, 0xD050, iwl8260_2ac_cfg)},
1844 + {IWL_PCI_DEVICE(0x24F3, 0x8010, iwl8260_2ac_cfg)},
1845 ++ {IWL_PCI_DEVICE(0x24F3, 0x8110, iwl8260_2ac_cfg)},
1846 + {IWL_PCI_DEVICE(0x24F3, 0x9010, iwl8260_2ac_cfg)},
1847 ++ {IWL_PCI_DEVICE(0x24F3, 0x9110, iwl8260_2ac_cfg)},
1848 + {IWL_PCI_DEVICE(0x24F4, 0x8030, iwl8260_2ac_cfg)},
1849 + {IWL_PCI_DEVICE(0x24F4, 0x9030, iwl8260_2ac_cfg)},
1850 ++ {IWL_PCI_DEVICE(0x24F3, 0x8130, iwl8260_2ac_cfg)},
1851 ++ {IWL_PCI_DEVICE(0x24F3, 0x9130, iwl8260_2ac_cfg)},
1852 ++ {IWL_PCI_DEVICE(0x24F3, 0x8132, iwl8260_2ac_cfg)},
1853 ++ {IWL_PCI_DEVICE(0x24F3, 0x9132, iwl8260_2ac_cfg)},
1854 + {IWL_PCI_DEVICE(0x24F3, 0x8050, iwl8260_2ac_cfg)},
1855 ++ {IWL_PCI_DEVICE(0x24F3, 0x8150, iwl8260_2ac_cfg)},
1856 + {IWL_PCI_DEVICE(0x24F3, 0x9050, iwl8260_2ac_cfg)},
1857 ++ {IWL_PCI_DEVICE(0x24F3, 0x9150, iwl8260_2ac_cfg)},
1858 + {IWL_PCI_DEVICE(0x24F3, 0x0004, iwl8260_2n_cfg)},
1859 ++ {IWL_PCI_DEVICE(0x24F3, 0x0044, iwl8260_2n_cfg)},
1860 + {IWL_PCI_DEVICE(0x24F5, 0x0010, iwl4165_2ac_cfg)},
1861 + {IWL_PCI_DEVICE(0x24F6, 0x0030, iwl4165_2ac_cfg)},
1862 + {IWL_PCI_DEVICE(0x24F3, 0x0810, iwl8260_2ac_cfg)},
1863 + {IWL_PCI_DEVICE(0x24F3, 0x0910, iwl8260_2ac_cfg)},
1864 + {IWL_PCI_DEVICE(0x24F3, 0x0850, iwl8260_2ac_cfg)},
1865 + {IWL_PCI_DEVICE(0x24F3, 0x0950, iwl8260_2ac_cfg)},
1866 ++ {IWL_PCI_DEVICE(0x24F3, 0x0930, iwl8260_2ac_cfg)},
1867 + #endif /* CONFIG_IWLMVM */
1868 +
1869 + {0}
1870 +diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
1871 +index 9e144e7..dab9b91 100644
1872 +--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
1873 ++++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
1874 +@@ -592,10 +592,8 @@ static int iwl_pcie_prepare_card_hw(struct iwl_trans *trans)
1875 +
1876 + do {
1877 + ret = iwl_pcie_set_hw_ready(trans);
1878 +- if (ret >= 0) {
1879 +- ret = 0;
1880 +- goto out;
1881 +- }
1882 ++ if (ret >= 0)
1883 ++ return 0;
1884 +
1885 + usleep_range(200, 1000);
1886 + t += 200;
1887 +@@ -605,10 +603,6 @@ static int iwl_pcie_prepare_card_hw(struct iwl_trans *trans)
1888 +
1889 + IWL_ERR(trans, "Couldn't prepare the card\n");
1890 +
1891 +-out:
1892 +- iwl_clear_bit(trans, CSR_DBG_LINK_PWR_MGMT_REG,
1893 +- CSR_RESET_LINK_PWR_MGMT_DISABLED);
1894 +-
1895 + return ret;
1896 + }
1897 +
1898 +diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c
1899 +index 5a0636d4..5583856 100644
1900 +--- a/drivers/net/wireless/mwifiex/debugfs.c
1901 ++++ b/drivers/net/wireless/mwifiex/debugfs.c
1902 +@@ -731,7 +731,7 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf,
1903 + (struct mwifiex_private *) file->private_data;
1904 + unsigned long addr = get_zeroed_page(GFP_KERNEL);
1905 + char *buf = (char *) addr;
1906 +- int pos = 0, ret = 0, i;
1907 ++ int pos, ret, i;
1908 + u8 value[MAX_EEPROM_DATA];
1909 +
1910 + if (!buf)
1911 +@@ -739,7 +739,7 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf,
1912 +
1913 + if (saved_offset == -1) {
1914 + /* No command has been given */
1915 +- pos += snprintf(buf, PAGE_SIZE, "0");
1916 ++ pos = snprintf(buf, PAGE_SIZE, "0");
1917 + goto done;
1918 + }
1919 +
1920 +@@ -748,17 +748,17 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf,
1921 + (u16) saved_bytes, value);
1922 + if (ret) {
1923 + ret = -EINVAL;
1924 +- goto done;
1925 ++ goto out_free;
1926 + }
1927 +
1928 +- pos += snprintf(buf, PAGE_SIZE, "%d %d ", saved_offset, saved_bytes);
1929 ++ pos = snprintf(buf, PAGE_SIZE, "%d %d ", saved_offset, saved_bytes);
1930 +
1931 + for (i = 0; i < saved_bytes; i++)
1932 +- pos += snprintf(buf + strlen(buf), PAGE_SIZE, "%d ", value[i]);
1933 +-
1934 +- ret = simple_read_from_buffer(ubuf, count, ppos, buf, pos);
1935 ++ pos += scnprintf(buf + pos, PAGE_SIZE - pos, "%d ", value[i]);
1936 +
1937 + done:
1938 ++ ret = simple_read_from_buffer(ubuf, count, ppos, buf, pos);
1939 ++out_free:
1940 + free_page(addr);
1941 + return ret;
1942 + }
1943 +diff --git a/drivers/staging/lustre/include/linux/lnet/lib-lnet.h b/drivers/staging/lustre/include/linux/lnet/lib-lnet.h
1944 +index a9c9a07..bc3d907 100644
1945 +--- a/drivers/staging/lustre/include/linux/lnet/lib-lnet.h
1946 ++++ b/drivers/staging/lustre/include/linux/lnet/lib-lnet.h
1947 +@@ -680,7 +680,7 @@ void lnet_debug_peer(lnet_nid_t nid);
1948 + static inline void
1949 + lnet_peer_set_alive(lnet_peer_t *lp)
1950 + {
1951 +- lp->lp_last_alive = lp->lp_last_query = get_seconds();
1952 ++ lp->lp_last_alive = lp->lp_last_query = jiffies;
1953 + if (!lp->lp_alive)
1954 + lnet_notify_locked(lp, 0, 1, lp->lp_last_alive);
1955 + }
1956 +diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c
1957 +index f8b5b33..943a0e2 100644
1958 +--- a/drivers/staging/rtl8712/usb_intf.c
1959 ++++ b/drivers/staging/rtl8712/usb_intf.c
1960 +@@ -144,6 +144,7 @@ static struct usb_device_id rtl871x_usb_id_tbl[] = {
1961 + {USB_DEVICE(0x0DF6, 0x0058)},
1962 + {USB_DEVICE(0x0DF6, 0x0049)},
1963 + {USB_DEVICE(0x0DF6, 0x004C)},
1964 ++ {USB_DEVICE(0x0DF6, 0x006C)},
1965 + {USB_DEVICE(0x0DF6, 0x0064)},
1966 + /* Skyworth */
1967 + {USB_DEVICE(0x14b2, 0x3300)},
1968 +diff --git a/drivers/tty/mips_ejtag_fdc.c b/drivers/tty/mips_ejtag_fdc.c
1969 +index 358323c..43a2ba0 100644
1970 +--- a/drivers/tty/mips_ejtag_fdc.c
1971 ++++ b/drivers/tty/mips_ejtag_fdc.c
1972 +@@ -1045,38 +1045,6 @@ err_destroy_ports:
1973 + return ret;
1974 + }
1975 +
1976 +-static int mips_ejtag_fdc_tty_remove(struct mips_cdmm_device *dev)
1977 +-{
1978 +- struct mips_ejtag_fdc_tty *priv = mips_cdmm_get_drvdata(dev);
1979 +- struct mips_ejtag_fdc_tty_port *dport;
1980 +- int nport;
1981 +- unsigned int cfg;
1982 +-
1983 +- if (priv->irq >= 0) {
1984 +- raw_spin_lock_irq(&priv->lock);
1985 +- cfg = mips_ejtag_fdc_read(priv, REG_FDCFG);
1986 +- /* Disable interrupts */
1987 +- cfg &= ~(REG_FDCFG_TXINTTHRES | REG_FDCFG_RXINTTHRES);
1988 +- cfg |= REG_FDCFG_TXINTTHRES_DISABLED;
1989 +- cfg |= REG_FDCFG_RXINTTHRES_DISABLED;
1990 +- mips_ejtag_fdc_write(priv, REG_FDCFG, cfg);
1991 +- raw_spin_unlock_irq(&priv->lock);
1992 +- } else {
1993 +- priv->removing = true;
1994 +- del_timer_sync(&priv->poll_timer);
1995 +- }
1996 +- kthread_stop(priv->thread);
1997 +- if (dev->cpu == 0)
1998 +- mips_ejtag_fdc_con.tty_drv = NULL;
1999 +- tty_unregister_driver(priv->driver);
2000 +- for (nport = 0; nport < NUM_TTY_CHANNELS; nport++) {
2001 +- dport = &priv->ports[nport];
2002 +- tty_port_destroy(&dport->port);
2003 +- }
2004 +- put_tty_driver(priv->driver);
2005 +- return 0;
2006 +-}
2007 +-
2008 + static int mips_ejtag_fdc_tty_cpu_down(struct mips_cdmm_device *dev)
2009 + {
2010 + struct mips_ejtag_fdc_tty *priv = mips_cdmm_get_drvdata(dev);
2011 +@@ -1149,12 +1117,11 @@ static struct mips_cdmm_driver mips_ejtag_fdc_tty_driver = {
2012 + .name = "mips_ejtag_fdc",
2013 + },
2014 + .probe = mips_ejtag_fdc_tty_probe,
2015 +- .remove = mips_ejtag_fdc_tty_remove,
2016 + .cpu_down = mips_ejtag_fdc_tty_cpu_down,
2017 + .cpu_up = mips_ejtag_fdc_tty_cpu_up,
2018 + .id_table = mips_ejtag_fdc_tty_ids,
2019 + };
2020 +-module_mips_cdmm_driver(mips_ejtag_fdc_tty_driver);
2021 ++builtin_mips_cdmm_driver(mips_ejtag_fdc_tty_driver);
2022 +
2023 + static int __init mips_ejtag_fdc_init_console(void)
2024 + {
2025 +diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
2026 +index afc1879..dedac8a 100644
2027 +--- a/drivers/tty/n_tty.c
2028 ++++ b/drivers/tty/n_tty.c
2029 +@@ -169,7 +169,7 @@ static inline int tty_copy_to_user(struct tty_struct *tty,
2030 + {
2031 + struct n_tty_data *ldata = tty->disc_data;
2032 +
2033 +- tty_audit_add_data(tty, to, n, ldata->icanon);
2034 ++ tty_audit_add_data(tty, from, n, ldata->icanon);
2035 + return copy_to_user(to, from, n);
2036 + }
2037 +
2038 +diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
2039 +index 90ca082..3d245cd 100644
2040 +--- a/drivers/tty/tty_audit.c
2041 ++++ b/drivers/tty/tty_audit.c
2042 +@@ -265,7 +265,7 @@ static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty,
2043 + *
2044 + * Audit @data of @size from @tty, if necessary.
2045 + */
2046 +-void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
2047 ++void tty_audit_add_data(struct tty_struct *tty, const void *data,
2048 + size_t size, unsigned icanon)
2049 + {
2050 + struct tty_audit_buf *buf;
2051 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
2052 +index 774df35..1aa0286 100644
2053 +--- a/drivers/tty/tty_io.c
2054 ++++ b/drivers/tty/tty_io.c
2055 +@@ -1279,18 +1279,22 @@ int tty_send_xchar(struct tty_struct *tty, char ch)
2056 + int was_stopped = tty->stopped;
2057 +
2058 + if (tty->ops->send_xchar) {
2059 ++ down_read(&tty->termios_rwsem);
2060 + tty->ops->send_xchar(tty, ch);
2061 ++ up_read(&tty->termios_rwsem);
2062 + return 0;
2063 + }
2064 +
2065 + if (tty_write_lock(tty, 0) < 0)
2066 + return -ERESTARTSYS;
2067 +
2068 ++ down_read(&tty->termios_rwsem);
2069 + if (was_stopped)
2070 + start_tty(tty);
2071 + tty->ops->write(tty, &ch, 1);
2072 + if (was_stopped)
2073 + stop_tty(tty);
2074 ++ up_read(&tty->termios_rwsem);
2075 + tty_write_unlock(tty);
2076 + return 0;
2077 + }
2078 +diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c
2079 +index 5232fb6..043e332 100644
2080 +--- a/drivers/tty/tty_ioctl.c
2081 ++++ b/drivers/tty/tty_ioctl.c
2082 +@@ -1142,16 +1142,12 @@ int n_tty_ioctl_helper(struct tty_struct *tty, struct file *file,
2083 + spin_unlock_irq(&tty->flow_lock);
2084 + break;
2085 + case TCIOFF:
2086 +- down_read(&tty->termios_rwsem);
2087 + if (STOP_CHAR(tty) != __DISABLED_CHAR)
2088 + retval = tty_send_xchar(tty, STOP_CHAR(tty));
2089 +- up_read(&tty->termios_rwsem);
2090 + break;
2091 + case TCION:
2092 +- down_read(&tty->termios_rwsem);
2093 + if (START_CHAR(tty) != __DISABLED_CHAR)
2094 + retval = tty_send_xchar(tty, START_CHAR(tty));
2095 +- up_read(&tty->termios_rwsem);
2096 + break;
2097 + default:
2098 + return -EINVAL;
2099 +diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
2100 +index fa77432..846ceb9 100644
2101 +--- a/drivers/usb/chipidea/ci_hdrc_imx.c
2102 ++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
2103 +@@ -68,6 +68,12 @@ struct ci_hdrc_imx_data {
2104 + struct imx_usbmisc_data *usbmisc_data;
2105 + bool supports_runtime_pm;
2106 + bool in_lpm;
2107 ++ /* SoC before i.mx6 (except imx23/imx28) needs three clks */
2108 ++ bool need_three_clks;
2109 ++ struct clk *clk_ipg;
2110 ++ struct clk *clk_ahb;
2111 ++ struct clk *clk_per;
2112 ++ /* --------------------------------- */
2113 + };
2114 +
2115 + /* Common functions shared by usbmisc drivers */
2116 +@@ -119,6 +125,102 @@ static struct imx_usbmisc_data *usbmisc_get_init_data(struct device *dev)
2117 + }
2118 +
2119 + /* End of common functions shared by usbmisc drivers*/
2120 ++static int imx_get_clks(struct device *dev)
2121 ++{
2122 ++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev);
2123 ++ int ret = 0;
2124 ++
2125 ++ data->clk_ipg = devm_clk_get(dev, "ipg");
2126 ++ if (IS_ERR(data->clk_ipg)) {
2127 ++ /* If the platform only needs one clocks */
2128 ++ data->clk = devm_clk_get(dev, NULL);
2129 ++ if (IS_ERR(data->clk)) {
2130 ++ ret = PTR_ERR(data->clk);
2131 ++ dev_err(dev,
2132 ++ "Failed to get clks, err=%ld,%ld\n",
2133 ++ PTR_ERR(data->clk), PTR_ERR(data->clk_ipg));
2134 ++ return ret;
2135 ++ }
2136 ++ return ret;
2137 ++ }
2138 ++
2139 ++ data->clk_ahb = devm_clk_get(dev, "ahb");
2140 ++ if (IS_ERR(data->clk_ahb)) {
2141 ++ ret = PTR_ERR(data->clk_ahb);
2142 ++ dev_err(dev,
2143 ++ "Failed to get ahb clock, err=%d\n", ret);
2144 ++ return ret;
2145 ++ }
2146 ++
2147 ++ data->clk_per = devm_clk_get(dev, "per");
2148 ++ if (IS_ERR(data->clk_per)) {
2149 ++ ret = PTR_ERR(data->clk_per);
2150 ++ dev_err(dev,
2151 ++ "Failed to get per clock, err=%d\n", ret);
2152 ++ return ret;
2153 ++ }
2154 ++
2155 ++ data->need_three_clks = true;
2156 ++ return ret;
2157 ++}
2158 ++
2159 ++static int imx_prepare_enable_clks(struct device *dev)
2160 ++{
2161 ++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev);
2162 ++ int ret = 0;
2163 ++
2164 ++ if (data->need_three_clks) {
2165 ++ ret = clk_prepare_enable(data->clk_ipg);
2166 ++ if (ret) {
2167 ++ dev_err(dev,
2168 ++ "Failed to prepare/enable ipg clk, err=%d\n",
2169 ++ ret);
2170 ++ return ret;
2171 ++ }
2172 ++
2173 ++ ret = clk_prepare_enable(data->clk_ahb);
2174 ++ if (ret) {
2175 ++ dev_err(dev,
2176 ++ "Failed to prepare/enable ahb clk, err=%d\n",
2177 ++ ret);
2178 ++ clk_disable_unprepare(data->clk_ipg);
2179 ++ return ret;
2180 ++ }
2181 ++
2182 ++ ret = clk_prepare_enable(data->clk_per);
2183 ++ if (ret) {
2184 ++ dev_err(dev,
2185 ++ "Failed to prepare/enable per clk, err=%d\n",
2186 ++ ret);
2187 ++ clk_disable_unprepare(data->clk_ahb);
2188 ++ clk_disable_unprepare(data->clk_ipg);
2189 ++ return ret;
2190 ++ }
2191 ++ } else {
2192 ++ ret = clk_prepare_enable(data->clk);
2193 ++ if (ret) {
2194 ++ dev_err(dev,
2195 ++ "Failed to prepare/enable clk, err=%d\n",
2196 ++ ret);
2197 ++ return ret;
2198 ++ }
2199 ++ }
2200 ++
2201 ++ return ret;
2202 ++}
2203 ++
2204 ++static void imx_disable_unprepare_clks(struct device *dev)
2205 ++{
2206 ++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev);
2207 ++
2208 ++ if (data->need_three_clks) {
2209 ++ clk_disable_unprepare(data->clk_per);
2210 ++ clk_disable_unprepare(data->clk_ahb);
2211 ++ clk_disable_unprepare(data->clk_ipg);
2212 ++ } else {
2213 ++ clk_disable_unprepare(data->clk);
2214 ++ }
2215 ++}
2216 +
2217 + static int ci_hdrc_imx_probe(struct platform_device *pdev)
2218 + {
2219 +@@ -137,23 +239,18 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
2220 + if (!data)
2221 + return -ENOMEM;
2222 +
2223 ++ platform_set_drvdata(pdev, data);
2224 + data->usbmisc_data = usbmisc_get_init_data(&pdev->dev);
2225 + if (IS_ERR(data->usbmisc_data))
2226 + return PTR_ERR(data->usbmisc_data);
2227 +
2228 +- data->clk = devm_clk_get(&pdev->dev, NULL);
2229 +- if (IS_ERR(data->clk)) {
2230 +- dev_err(&pdev->dev,
2231 +- "Failed to get clock, err=%ld\n", PTR_ERR(data->clk));
2232 +- return PTR_ERR(data->clk);
2233 +- }
2234 ++ ret = imx_get_clks(&pdev->dev);
2235 ++ if (ret)
2236 ++ return ret;
2237 +
2238 +- ret = clk_prepare_enable(data->clk);
2239 +- if (ret) {
2240 +- dev_err(&pdev->dev,
2241 +- "Failed to prepare or enable clock, err=%d\n", ret);
2242 ++ ret = imx_prepare_enable_clks(&pdev->dev);
2243 ++ if (ret)
2244 + return ret;
2245 +- }
2246 +
2247 + data->phy = devm_usb_get_phy_by_phandle(&pdev->dev, "fsl,usbphy", 0);
2248 + if (IS_ERR(data->phy)) {
2249 +@@ -196,8 +293,6 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
2250 + goto disable_device;
2251 + }
2252 +
2253 +- platform_set_drvdata(pdev, data);
2254 +-
2255 + if (data->supports_runtime_pm) {
2256 + pm_runtime_set_active(&pdev->dev);
2257 + pm_runtime_enable(&pdev->dev);
2258 +@@ -210,7 +305,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
2259 + disable_device:
2260 + ci_hdrc_remove_device(data->ci_pdev);
2261 + err_clk:
2262 +- clk_disable_unprepare(data->clk);
2263 ++ imx_disable_unprepare_clks(&pdev->dev);
2264 + return ret;
2265 + }
2266 +
2267 +@@ -224,7 +319,7 @@ static int ci_hdrc_imx_remove(struct platform_device *pdev)
2268 + pm_runtime_put_noidle(&pdev->dev);
2269 + }
2270 + ci_hdrc_remove_device(data->ci_pdev);
2271 +- clk_disable_unprepare(data->clk);
2272 ++ imx_disable_unprepare_clks(&pdev->dev);
2273 +
2274 + return 0;
2275 + }
2276 +@@ -236,7 +331,7 @@ static int imx_controller_suspend(struct device *dev)
2277 +
2278 + dev_dbg(dev, "at %s\n", __func__);
2279 +
2280 +- clk_disable_unprepare(data->clk);
2281 ++ imx_disable_unprepare_clks(dev);
2282 + data->in_lpm = true;
2283 +
2284 + return 0;
2285 +@@ -254,7 +349,7 @@ static int imx_controller_resume(struct device *dev)
2286 + return 0;
2287 + }
2288 +
2289 +- ret = clk_prepare_enable(data->clk);
2290 ++ ret = imx_prepare_enable_clks(dev);
2291 + if (ret)
2292 + return ret;
2293 +
2294 +@@ -269,7 +364,7 @@ static int imx_controller_resume(struct device *dev)
2295 + return 0;
2296 +
2297 + clk_disable:
2298 +- clk_disable_unprepare(data->clk);
2299 ++ imx_disable_unprepare_clks(dev);
2300 + return ret;
2301 + }
2302 +
2303 +diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
2304 +index 6e53c24..92937c1 100644
2305 +--- a/drivers/usb/chipidea/udc.c
2306 ++++ b/drivers/usb/chipidea/udc.c
2307 +@@ -1730,6 +1730,22 @@ static int ci_udc_start(struct usb_gadget *gadget,
2308 + return retval;
2309 + }
2310 +
2311 ++static void ci_udc_stop_for_otg_fsm(struct ci_hdrc *ci)
2312 ++{
2313 ++ if (!ci_otg_is_fsm_mode(ci))
2314 ++ return;
2315 ++
2316 ++ mutex_lock(&ci->fsm.lock);
2317 ++ if (ci->fsm.otg->state == OTG_STATE_A_PERIPHERAL) {
2318 ++ ci->fsm.a_bidl_adis_tmout = 1;
2319 ++ ci_hdrc_otg_fsm_start(ci);
2320 ++ } else if (ci->fsm.otg->state == OTG_STATE_B_PERIPHERAL) {
2321 ++ ci->fsm.protocol = PROTO_UNDEF;
2322 ++ ci->fsm.otg->state = OTG_STATE_UNDEFINED;
2323 ++ }
2324 ++ mutex_unlock(&ci->fsm.lock);
2325 ++}
2326 ++
2327 + /**
2328 + * ci_udc_stop: unregister a gadget driver
2329 + */
2330 +@@ -1754,6 +1770,7 @@ static int ci_udc_stop(struct usb_gadget *gadget)
2331 + ci->driver = NULL;
2332 + spin_unlock_irqrestore(&ci->lock, flags);
2333 +
2334 ++ ci_udc_stop_for_otg_fsm(ci);
2335 + return 0;
2336 + }
2337 +
2338 +diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c
2339 +index f38e875..8218ba7 100644
2340 +--- a/drivers/usb/class/usblp.c
2341 ++++ b/drivers/usb/class/usblp.c
2342 +@@ -873,11 +873,11 @@ static int usblp_wwait(struct usblp *usblp, int nonblock)
2343 +
2344 + add_wait_queue(&usblp->wwait, &waita);
2345 + for (;;) {
2346 +- set_current_state(TASK_INTERRUPTIBLE);
2347 + if (mutex_lock_interruptible(&usblp->mut)) {
2348 + rc = -EINTR;
2349 + break;
2350 + }
2351 ++ set_current_state(TASK_INTERRUPTIBLE);
2352 + rc = usblp_wtest(usblp, nonblock);
2353 + mutex_unlock(&usblp->mut);
2354 + if (rc <= 0)
2355 +diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
2356 +index ff5773c..c0566ec 100644
2357 +--- a/drivers/usb/dwc3/core.c
2358 ++++ b/drivers/usb/dwc3/core.c
2359 +@@ -490,6 +490,9 @@ static int dwc3_phy_setup(struct dwc3 *dwc)
2360 + if (dwc->dis_u2_susphy_quirk)
2361 + reg &= ~DWC3_GUSB2PHYCFG_SUSPHY;
2362 +
2363 ++ if (dwc->dis_enblslpm_quirk)
2364 ++ reg &= ~DWC3_GUSB2PHYCFG_ENBLSLPM;
2365 ++
2366 + dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
2367 +
2368 + return 0;
2369 +@@ -509,12 +512,18 @@ static int dwc3_core_init(struct dwc3 *dwc)
2370 +
2371 + reg = dwc3_readl(dwc->regs, DWC3_GSNPSID);
2372 + /* This should read as U3 followed by revision number */
2373 +- if ((reg & DWC3_GSNPSID_MASK) != 0x55330000) {
2374 ++ if ((reg & DWC3_GSNPSID_MASK) == 0x55330000) {
2375 ++ /* Detected DWC_usb3 IP */
2376 ++ dwc->revision = reg;
2377 ++ } else if ((reg & DWC3_GSNPSID_MASK) == 0x33310000) {
2378 ++ /* Detected DWC_usb31 IP */
2379 ++ dwc->revision = dwc3_readl(dwc->regs, DWC3_VER_NUMBER);
2380 ++ dwc->revision |= DWC3_REVISION_IS_DWC31;
2381 ++ } else {
2382 + dev_err(dwc->dev, "this is not a DesignWare USB3 DRD Core\n");
2383 + ret = -ENODEV;
2384 + goto err0;
2385 + }
2386 +- dwc->revision = reg;
2387 +
2388 + /*
2389 + * Write Linux Version Code to our GUID register so it's easy to figure
2390 +@@ -881,6 +890,8 @@ static int dwc3_probe(struct platform_device *pdev)
2391 + "snps,dis_u3_susphy_quirk");
2392 + dwc->dis_u2_susphy_quirk = of_property_read_bool(node,
2393 + "snps,dis_u2_susphy_quirk");
2394 ++ dwc->dis_enblslpm_quirk = device_property_read_bool(dev,
2395 ++ "snps,dis_enblslpm_quirk");
2396 +
2397 + dwc->tx_de_emphasis_quirk = of_property_read_bool(node,
2398 + "snps,tx_de_emphasis_quirk");
2399 +@@ -911,6 +922,7 @@ static int dwc3_probe(struct platform_device *pdev)
2400 + dwc->rx_detect_poll_quirk = pdata->rx_detect_poll_quirk;
2401 + dwc->dis_u3_susphy_quirk = pdata->dis_u3_susphy_quirk;
2402 + dwc->dis_u2_susphy_quirk = pdata->dis_u2_susphy_quirk;
2403 ++ dwc->dis_enblslpm_quirk = pdata->dis_enblslpm_quirk;
2404 +
2405 + dwc->tx_de_emphasis_quirk = pdata->tx_de_emphasis_quirk;
2406 + if (pdata->tx_de_emphasis)
2407 +diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
2408 +index 0447788..6e53ce9 100644
2409 +--- a/drivers/usb/dwc3/core.h
2410 ++++ b/drivers/usb/dwc3/core.h
2411 +@@ -108,6 +108,9 @@
2412 + #define DWC3_GPRTBIMAP_FS0 0xc188
2413 + #define DWC3_GPRTBIMAP_FS1 0xc18c
2414 +
2415 ++#define DWC3_VER_NUMBER 0xc1a0
2416 ++#define DWC3_VER_TYPE 0xc1a4
2417 ++
2418 + #define DWC3_GUSB2PHYCFG(n) (0xc200 + (n * 0x04))
2419 + #define DWC3_GUSB2I2CCTL(n) (0xc240 + (n * 0x04))
2420 +
2421 +@@ -175,6 +178,7 @@
2422 + #define DWC3_GUSB2PHYCFG_PHYSOFTRST (1 << 31)
2423 + #define DWC3_GUSB2PHYCFG_SUSPHY (1 << 6)
2424 + #define DWC3_GUSB2PHYCFG_ULPI_UTMI (1 << 4)
2425 ++#define DWC3_GUSB2PHYCFG_ENBLSLPM (1 << 8)
2426 +
2427 + /* Global USB2 PHY Vendor Control Register */
2428 + #define DWC3_GUSB2PHYACC_NEWREGREQ (1 << 25)
2429 +@@ -712,6 +716,8 @@ struct dwc3_scratchpad_array {
2430 + * @rx_detect_poll_quirk: set if we enable rx_detect to polling lfps quirk
2431 + * @dis_u3_susphy_quirk: set if we disable usb3 suspend phy
2432 + * @dis_u2_susphy_quirk: set if we disable usb2 suspend phy
2433 ++ * @dis_enblslpm_quirk: set if we clear enblslpm in GUSB2PHYCFG,
2434 ++ * disabling the suspend signal to the PHY.
2435 + * @tx_de_emphasis_quirk: set if we enable Tx de-emphasis quirk
2436 + * @tx_de_emphasis: Tx de-emphasis value
2437 + * 0 - -6dB de-emphasis
2438 +@@ -766,6 +772,14 @@ struct dwc3 {
2439 + u32 num_event_buffers;
2440 + u32 u1u2;
2441 + u32 maximum_speed;
2442 ++
2443 ++ /*
2444 ++ * All 3.1 IP version constants are greater than the 3.0 IP
2445 ++ * version constants. This works for most version checks in
2446 ++ * dwc3. However, in the future, this may not apply as
2447 ++ * features may be developed on newer versions of the 3.0 IP
2448 ++ * that are not in the 3.1 IP.
2449 ++ */
2450 + u32 revision;
2451 +
2452 + #define DWC3_REVISION_173A 0x5533173a
2453 +@@ -788,6 +802,13 @@ struct dwc3 {
2454 + #define DWC3_REVISION_270A 0x5533270a
2455 + #define DWC3_REVISION_280A 0x5533280a
2456 +
2457 ++/*
2458 ++ * NOTICE: we're using bit 31 as a "is usb 3.1" flag. This is really
2459 ++ * just so dwc31 revisions are always larger than dwc3.
2460 ++ */
2461 ++#define DWC3_REVISION_IS_DWC31 0x80000000
2462 ++#define DWC3_USB31_REVISION_110A (0x3131302a | DWC3_REVISION_IS_USB31)
2463 ++
2464 + enum dwc3_ep0_next ep0_next_event;
2465 + enum dwc3_ep0_state ep0state;
2466 + enum dwc3_link_state link_state;
2467 +@@ -841,6 +862,7 @@ struct dwc3 {
2468 + unsigned rx_detect_poll_quirk:1;
2469 + unsigned dis_u3_susphy_quirk:1;
2470 + unsigned dis_u2_susphy_quirk:1;
2471 ++ unsigned dis_enblslpm_quirk:1;
2472 +
2473 + unsigned tx_de_emphasis_quirk:1;
2474 + unsigned tx_de_emphasis:2;
2475 +diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
2476 +index 27e4fc8..04b87eb 100644
2477 +--- a/drivers/usb/dwc3/dwc3-pci.c
2478 ++++ b/drivers/usb/dwc3/dwc3-pci.c
2479 +@@ -27,6 +27,8 @@
2480 + #include "platform_data.h"
2481 +
2482 + #define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd
2483 ++#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI 0xabce
2484 ++#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31 0xabcf
2485 + #define PCI_DEVICE_ID_INTEL_BYT 0x0f37
2486 + #define PCI_DEVICE_ID_INTEL_MRFLD 0x119e
2487 + #define PCI_DEVICE_ID_INTEL_BSW 0x22B7
2488 +@@ -100,6 +102,22 @@ static int dwc3_pci_quirks(struct pci_dev *pdev)
2489 + }
2490 + }
2491 +
2492 ++ if (pdev->vendor == PCI_VENDOR_ID_SYNOPSYS &&
2493 ++ (pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 ||
2494 ++ pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI ||
2495 ++ pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31)) {
2496 ++
2497 ++ struct dwc3_platform_data pdata;
2498 ++
2499 ++ memset(&pdata, 0, sizeof(pdata));
2500 ++ pdata.usb3_lpm_capable = true;
2501 ++ pdata.has_lpm_erratum = true;
2502 ++ pdata.dis_enblslpm_quirk = true;
2503 ++
2504 ++ return platform_device_add_data(pci_get_drvdata(pdev), &pdata,
2505 ++ sizeof(pdata));
2506 ++ }
2507 ++
2508 + return 0;
2509 + }
2510 +
2511 +@@ -172,6 +190,14 @@ static const struct pci_device_id dwc3_pci_id_table[] = {
2512 + PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS,
2513 + PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3),
2514 + },
2515 ++ {
2516 ++ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS,
2517 ++ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI),
2518 ++ },
2519 ++ {
2520 ++ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS,
2521 ++ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31),
2522 ++ },
2523 + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BSW), },
2524 + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BYT), },
2525 + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_MRFLD), },
2526 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
2527 +index 333a7c0..6fbf461 100644
2528 +--- a/drivers/usb/dwc3/gadget.c
2529 ++++ b/drivers/usb/dwc3/gadget.c
2530 +@@ -1859,27 +1859,32 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
2531 + unsigned int i;
2532 + int ret;
2533 +
2534 +- req = next_request(&dep->req_queued);
2535 +- if (!req) {
2536 +- WARN_ON_ONCE(1);
2537 +- return 1;
2538 +- }
2539 +- i = 0;
2540 + do {
2541 +- slot = req->start_slot + i;
2542 +- if ((slot == DWC3_TRB_NUM - 1) &&
2543 ++ req = next_request(&dep->req_queued);
2544 ++ if (!req) {
2545 ++ WARN_ON_ONCE(1);
2546 ++ return 1;
2547 ++ }
2548 ++ i = 0;
2549 ++ do {
2550 ++ slot = req->start_slot + i;
2551 ++ if ((slot == DWC3_TRB_NUM - 1) &&
2552 + usb_endpoint_xfer_isoc(dep->endpoint.desc))
2553 +- slot++;
2554 +- slot %= DWC3_TRB_NUM;
2555 +- trb = &dep->trb_pool[slot];
2556 ++ slot++;
2557 ++ slot %= DWC3_TRB_NUM;
2558 ++ trb = &dep->trb_pool[slot];
2559 ++
2560 ++ ret = __dwc3_cleanup_done_trbs(dwc, dep, req, trb,
2561 ++ event, status);
2562 ++ if (ret)
2563 ++ break;
2564 ++ } while (++i < req->request.num_mapped_sgs);
2565 ++
2566 ++ dwc3_gadget_giveback(dep, req, status);
2567 +
2568 +- ret = __dwc3_cleanup_done_trbs(dwc, dep, req, trb,
2569 +- event, status);
2570 + if (ret)
2571 + break;
2572 +- } while (++i < req->request.num_mapped_sgs);
2573 +-
2574 +- dwc3_gadget_giveback(dep, req, status);
2575 ++ } while (1);
2576 +
2577 + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
2578 + list_empty(&dep->req_queued)) {
2579 +@@ -2709,12 +2714,34 @@ int dwc3_gadget_init(struct dwc3 *dwc)
2580 + }
2581 +
2582 + dwc->gadget.ops = &dwc3_gadget_ops;
2583 +- dwc->gadget.max_speed = USB_SPEED_SUPER;
2584 + dwc->gadget.speed = USB_SPEED_UNKNOWN;
2585 + dwc->gadget.sg_supported = true;
2586 + dwc->gadget.name = "dwc3-gadget";
2587 +
2588 + /*
2589 ++ * FIXME We might be setting max_speed to <SUPER, however versions
2590 ++ * <2.20a of dwc3 have an issue with metastability (documented
2591 ++ * elsewhere in this driver) which tells us we can't set max speed to
2592 ++ * anything lower than SUPER.
2593 ++ *
2594 ++ * Because gadget.max_speed is only used by composite.c and function
2595 ++ * drivers (i.e. it won't go into dwc3's registers) we are allowing this
2596 ++ * to happen so we avoid sending SuperSpeed Capability descriptor
2597 ++ * together with our BOS descriptor as that could confuse host into
2598 ++ * thinking we can handle super speed.
2599 ++ *
2600 ++ * Note that, in fact, we won't even support GetBOS requests when speed
2601 ++ * is less than super speed because we don't have means, yet, to tell
2602 ++ * composite.c that we are USB 2.0 + LPM ECN.
2603 ++ */
2604 ++ if (dwc->revision < DWC3_REVISION_220A)
2605 ++ dwc3_trace(trace_dwc3_gadget,
2606 ++ "Changing max_speed on rev %08x\n",
2607 ++ dwc->revision);
2608 ++
2609 ++ dwc->gadget.max_speed = dwc->maximum_speed;
2610 ++
2611 ++ /*
2612 + * Per databook, DWC3 needs buffer size to be aligned to MaxPacketSize
2613 + * on ep out.
2614 + */
2615 +diff --git a/drivers/usb/dwc3/platform_data.h b/drivers/usb/dwc3/platform_data.h
2616 +index d3614ec..db29380 100644
2617 +--- a/drivers/usb/dwc3/platform_data.h
2618 ++++ b/drivers/usb/dwc3/platform_data.h
2619 +@@ -42,6 +42,7 @@ struct dwc3_platform_data {
2620 + unsigned rx_detect_poll_quirk:1;
2621 + unsigned dis_u3_susphy_quirk:1;
2622 + unsigned dis_u2_susphy_quirk:1;
2623 ++ unsigned dis_enblslpm_quirk:1;
2624 +
2625 + unsigned tx_de_emphasis_quirk:1;
2626 + unsigned tx_de_emphasis:2;
2627 +diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c
2628 +index 4095cce0..35fff45 100644
2629 +--- a/drivers/usb/gadget/udc/atmel_usba_udc.c
2630 ++++ b/drivers/usb/gadget/udc/atmel_usba_udc.c
2631 +@@ -1634,7 +1634,7 @@ static irqreturn_t usba_udc_irq(int irq, void *devid)
2632 + spin_lock(&udc->lock);
2633 +
2634 + int_enb = usba_int_enb_get(udc);
2635 +- status = usba_readl(udc, INT_STA) & int_enb;
2636 ++ status = usba_readl(udc, INT_STA) & (int_enb | USBA_HIGH_SPEED);
2637 + DBG(DBG_INT, "irq, status=%#08x\n", status);
2638 +
2639 + if (status & USBA_DET_SUSPEND) {
2640 +diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c
2641 +index 2bee912..baa0191 100644
2642 +--- a/drivers/usb/gadget/udc/net2280.c
2643 ++++ b/drivers/usb/gadget/udc/net2280.c
2644 +@@ -1846,7 +1846,7 @@ static void defect7374_disable_data_eps(struct net2280 *dev)
2645 +
2646 + for (i = 1; i < 5; i++) {
2647 + ep = &dev->ep[i];
2648 +- writel(0, &ep->cfg->ep_cfg);
2649 ++ writel(i, &ep->cfg->ep_cfg);
2650 + }
2651 +
2652 + /* CSROUT, CSRIN, PCIOUT, PCIIN, STATIN, RCIN */
2653 +diff --git a/drivers/usb/host/ehci-orion.c b/drivers/usb/host/ehci-orion.c
2654 +index bfcbb9a..ee8d5fa 100644
2655 +--- a/drivers/usb/host/ehci-orion.c
2656 ++++ b/drivers/usb/host/ehci-orion.c
2657 +@@ -224,7 +224,8 @@ static int ehci_orion_drv_probe(struct platform_device *pdev)
2658 + priv->phy = devm_phy_optional_get(&pdev->dev, "usb");
2659 + if (IS_ERR(priv->phy)) {
2660 + err = PTR_ERR(priv->phy);
2661 +- goto err_phy_get;
2662 ++ if (err != -ENOSYS)
2663 ++ goto err_phy_get;
2664 + } else {
2665 + err = phy_init(priv->phy);
2666 + if (err)
2667 +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
2668 +index d7b9f484..6062996 100644
2669 +--- a/drivers/usb/host/xhci.c
2670 ++++ b/drivers/usb/host/xhci.c
2671 +@@ -175,6 +175,16 @@ int xhci_reset(struct xhci_hcd *xhci)
2672 + command |= CMD_RESET;
2673 + writel(command, &xhci->op_regs->command);
2674 +
2675 ++ /* Existing Intel xHCI controllers require a delay of 1 mS,
2676 ++ * after setting the CMD_RESET bit, and before accessing any
2677 ++ * HC registers. This allows the HC to complete the
2678 ++ * reset operation and be ready for HC register access.
2679 ++ * Without this delay, the subsequent HC register access,
2680 ++ * may result in a system hang very rarely.
2681 ++ */
2682 ++ if (xhci->quirks & XHCI_INTEL_HOST)
2683 ++ udelay(1000);
2684 ++
2685 + ret = xhci_handshake(&xhci->op_regs->command,
2686 + CMD_RESET, 0, 10 * 1000 * 1000);
2687 + if (ret)
2688 +diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
2689 +index 514a6cd..2fe6d26 100644
2690 +--- a/drivers/usb/musb/musb_core.c
2691 ++++ b/drivers/usb/musb/musb_core.c
2692 +@@ -132,7 +132,7 @@ static inline struct musb *dev_to_musb(struct device *dev)
2693 + /*-------------------------------------------------------------------------*/
2694 +
2695 + #ifndef CONFIG_BLACKFIN
2696 +-static int musb_ulpi_read(struct usb_phy *phy, u32 offset)
2697 ++static int musb_ulpi_read(struct usb_phy *phy, u32 reg)
2698 + {
2699 + void __iomem *addr = phy->io_priv;
2700 + int i = 0;
2701 +@@ -151,7 +151,7 @@ static int musb_ulpi_read(struct usb_phy *phy, u32 offset)
2702 + * ULPICarKitControlDisableUTMI after clearing POWER_SUSPENDM.
2703 + */
2704 +
2705 +- musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)offset);
2706 ++ musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)reg);
2707 + musb_writeb(addr, MUSB_ULPI_REG_CONTROL,
2708 + MUSB_ULPI_REG_REQ | MUSB_ULPI_RDN_WR);
2709 +
2710 +@@ -176,7 +176,7 @@ out:
2711 + return ret;
2712 + }
2713 +
2714 +-static int musb_ulpi_write(struct usb_phy *phy, u32 offset, u32 data)
2715 ++static int musb_ulpi_write(struct usb_phy *phy, u32 val, u32 reg)
2716 + {
2717 + void __iomem *addr = phy->io_priv;
2718 + int i = 0;
2719 +@@ -191,8 +191,8 @@ static int musb_ulpi_write(struct usb_phy *phy, u32 offset, u32 data)
2720 + power &= ~MUSB_POWER_SUSPENDM;
2721 + musb_writeb(addr, MUSB_POWER, power);
2722 +
2723 +- musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)offset);
2724 +- musb_writeb(addr, MUSB_ULPI_REG_DATA, (u8)data);
2725 ++ musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)reg);
2726 ++ musb_writeb(addr, MUSB_ULPI_REG_DATA, (u8)val);
2727 + musb_writeb(addr, MUSB_ULPI_REG_CONTROL, MUSB_ULPI_REG_REQ);
2728 +
2729 + while (!(musb_readb(addr, MUSB_ULPI_REG_CONTROL)
2730 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
2731 +index 7c8eb4c..4021846 100644
2732 +--- a/drivers/usb/serial/option.c
2733 ++++ b/drivers/usb/serial/option.c
2734 +@@ -162,6 +162,7 @@ static void option_instat_callback(struct urb *urb);
2735 + #define NOVATELWIRELESS_PRODUCT_HSPA_EMBEDDED_HIGHSPEED 0x9001
2736 + #define NOVATELWIRELESS_PRODUCT_E362 0x9010
2737 + #define NOVATELWIRELESS_PRODUCT_E371 0x9011
2738 ++#define NOVATELWIRELESS_PRODUCT_U620L 0x9022
2739 + #define NOVATELWIRELESS_PRODUCT_G2 0xA010
2740 + #define NOVATELWIRELESS_PRODUCT_MC551 0xB001
2741 +
2742 +@@ -357,6 +358,7 @@ static void option_instat_callback(struct urb *urb);
2743 + /* This is the 4G XS Stick W14 a.k.a. Mobilcom Debitel Surf-Stick *
2744 + * It seems to contain a Qualcomm QSC6240/6290 chipset */
2745 + #define FOUR_G_SYSTEMS_PRODUCT_W14 0x9603
2746 ++#define FOUR_G_SYSTEMS_PRODUCT_W100 0x9b01
2747 +
2748 + /* iBall 3.5G connect wireless modem */
2749 + #define IBALL_3_5G_CONNECT 0x9605
2750 +@@ -522,6 +524,11 @@ static const struct option_blacklist_info four_g_w14_blacklist = {
2751 + .sendsetup = BIT(0) | BIT(1),
2752 + };
2753 +
2754 ++static const struct option_blacklist_info four_g_w100_blacklist = {
2755 ++ .sendsetup = BIT(1) | BIT(2),
2756 ++ .reserved = BIT(3),
2757 ++};
2758 ++
2759 + static const struct option_blacklist_info alcatel_x200_blacklist = {
2760 + .sendsetup = BIT(0) | BIT(1),
2761 + .reserved = BIT(4),
2762 +@@ -1060,6 +1067,7 @@ static const struct usb_device_id option_ids[] = {
2763 + { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_MC551, 0xff, 0xff, 0xff) },
2764 + { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_E362, 0xff, 0xff, 0xff) },
2765 + { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_E371, 0xff, 0xff, 0xff) },
2766 ++ { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_U620L, 0xff, 0x00, 0x00) },
2767 +
2768 + { USB_DEVICE(AMOI_VENDOR_ID, AMOI_PRODUCT_H01) },
2769 + { USB_DEVICE(AMOI_VENDOR_ID, AMOI_PRODUCT_H01A) },
2770 +@@ -1653,6 +1661,9 @@ static const struct usb_device_id option_ids[] = {
2771 + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W14),
2772 + .driver_info = (kernel_ulong_t)&four_g_w14_blacklist
2773 + },
2774 ++ { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100),
2775 ++ .driver_info = (kernel_ulong_t)&four_g_w100_blacklist
2776 ++ },
2777 + { USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, SPEEDUP_PRODUCT_SU9800, 0xff) },
2778 + { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) },
2779 + { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) },
2780 +diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c
2781 +index f49d262..514fa91 100644
2782 +--- a/drivers/usb/serial/qcserial.c
2783 ++++ b/drivers/usb/serial/qcserial.c
2784 +@@ -22,6 +22,8 @@
2785 + #define DRIVER_AUTHOR "Qualcomm Inc"
2786 + #define DRIVER_DESC "Qualcomm USB Serial driver"
2787 +
2788 ++#define QUECTEL_EC20_PID 0x9215
2789 ++
2790 + /* standard device layouts supported by this driver */
2791 + enum qcserial_layouts {
2792 + QCSERIAL_G2K = 0, /* Gobi 2000 */
2793 +@@ -169,6 +171,38 @@ static const struct usb_device_id id_table[] = {
2794 + };
2795 + MODULE_DEVICE_TABLE(usb, id_table);
2796 +
2797 ++static int handle_quectel_ec20(struct device *dev, int ifnum)
2798 ++{
2799 ++ int altsetting = 0;
2800 ++
2801 ++ /*
2802 ++ * Quectel EC20 Mini PCIe LTE module layout:
2803 ++ * 0: DM/DIAG (use libqcdm from ModemManager for communication)
2804 ++ * 1: NMEA
2805 ++ * 2: AT-capable modem port
2806 ++ * 3: Modem interface
2807 ++ * 4: NDIS
2808 ++ */
2809 ++ switch (ifnum) {
2810 ++ case 0:
2811 ++ dev_dbg(dev, "Quectel EC20 DM/DIAG interface found\n");
2812 ++ break;
2813 ++ case 1:
2814 ++ dev_dbg(dev, "Quectel EC20 NMEA GPS interface found\n");
2815 ++ break;
2816 ++ case 2:
2817 ++ case 3:
2818 ++ dev_dbg(dev, "Quectel EC20 Modem port found\n");
2819 ++ break;
2820 ++ case 4:
2821 ++ /* Don't claim the QMI/net interface */
2822 ++ altsetting = -1;
2823 ++ break;
2824 ++ }
2825 ++
2826 ++ return altsetting;
2827 ++}
2828 ++
2829 + static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
2830 + {
2831 + struct usb_host_interface *intf = serial->interface->cur_altsetting;
2832 +@@ -178,6 +212,10 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
2833 + __u8 ifnum;
2834 + int altsetting = -1;
2835 +
2836 ++ /* we only support vendor specific functions */
2837 ++ if (intf->desc.bInterfaceClass != USB_CLASS_VENDOR_SPEC)
2838 ++ goto done;
2839 ++
2840 + nintf = serial->dev->actconfig->desc.bNumInterfaces;
2841 + dev_dbg(dev, "Num Interfaces = %d\n", nintf);
2842 + ifnum = intf->desc.bInterfaceNumber;
2843 +@@ -237,6 +275,12 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
2844 + altsetting = -1;
2845 + break;
2846 + case QCSERIAL_G2K:
2847 ++ /* handle non-standard layouts */
2848 ++ if (nintf == 5 && id->idProduct == QUECTEL_EC20_PID) {
2849 ++ altsetting = handle_quectel_ec20(dev, ifnum);
2850 ++ goto done;
2851 ++ }
2852 ++
2853 + /*
2854 + * Gobi 2K+ USB layout:
2855 + * 0: QMI/net
2856 +@@ -297,29 +341,39 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
2857 + break;
2858 + case QCSERIAL_HWI:
2859 + /*
2860 +- * Huawei layout:
2861 +- * 0: AT-capable modem port
2862 +- * 1: DM/DIAG
2863 +- * 2: AT-capable modem port
2864 +- * 3: CCID-compatible PCSC interface
2865 +- * 4: QMI/net
2866 +- * 5: NMEA
2867 ++ * Huawei devices map functions by subclass + protocol
2868 ++ * instead of interface numbers. The protocol identify
2869 ++ * a specific function, while the subclass indicate a
2870 ++ * specific firmware source
2871 ++ *
2872 ++ * This is a blacklist of functions known to be
2873 ++ * non-serial. The rest are assumed to be serial and
2874 ++ * will be handled by this driver
2875 + */
2876 +- switch (ifnum) {
2877 +- case 0:
2878 +- case 2:
2879 +- dev_dbg(dev, "Modem port found\n");
2880 +- break;
2881 +- case 1:
2882 +- dev_dbg(dev, "DM/DIAG interface found\n");
2883 +- break;
2884 +- case 5:
2885 +- dev_dbg(dev, "NMEA GPS interface found\n");
2886 +- break;
2887 +- default:
2888 +- /* don't claim any unsupported interface */
2889 ++ switch (intf->desc.bInterfaceProtocol) {
2890 ++ /* QMI combined (qmi_wwan) */
2891 ++ case 0x07:
2892 ++ case 0x37:
2893 ++ case 0x67:
2894 ++ /* QMI data (qmi_wwan) */
2895 ++ case 0x08:
2896 ++ case 0x38:
2897 ++ case 0x68:
2898 ++ /* QMI control (qmi_wwan) */
2899 ++ case 0x09:
2900 ++ case 0x39:
2901 ++ case 0x69:
2902 ++ /* NCM like (huawei_cdc_ncm) */
2903 ++ case 0x16:
2904 ++ case 0x46:
2905 ++ case 0x76:
2906 + altsetting = -1;
2907 + break;
2908 ++ default:
2909 ++ dev_dbg(dev, "Huawei type serial port found (%02x/%02x/%02x)\n",
2910 ++ intf->desc.bInterfaceClass,
2911 ++ intf->desc.bInterfaceSubClass,
2912 ++ intf->desc.bInterfaceProtocol);
2913 + }
2914 + break;
2915 + default:
2916 +diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c
2917 +index e9da41d..2694df2 100644
2918 +--- a/drivers/usb/serial/ti_usb_3410_5052.c
2919 ++++ b/drivers/usb/serial/ti_usb_3410_5052.c
2920 +@@ -159,6 +159,7 @@ static const struct usb_device_id ti_id_table_3410[] = {
2921 + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STEREO_PLUG_ID) },
2922 + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) },
2923 + { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) },
2924 ++ { USB_DEVICE(HONEYWELL_VENDOR_ID, HONEYWELL_HGI80_PRODUCT_ID) },
2925 + { } /* terminator */
2926 + };
2927 +
2928 +@@ -191,6 +192,7 @@ static const struct usb_device_id ti_id_table_combined[] = {
2929 + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) },
2930 + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) },
2931 + { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) },
2932 ++ { USB_DEVICE(HONEYWELL_VENDOR_ID, HONEYWELL_HGI80_PRODUCT_ID) },
2933 + { } /* terminator */
2934 + };
2935 +
2936 +diff --git a/drivers/usb/serial/ti_usb_3410_5052.h b/drivers/usb/serial/ti_usb_3410_5052.h
2937 +index 4a2423e..98f35c6 100644
2938 +--- a/drivers/usb/serial/ti_usb_3410_5052.h
2939 ++++ b/drivers/usb/serial/ti_usb_3410_5052.h
2940 +@@ -56,6 +56,10 @@
2941 + #define ABBOTT_PRODUCT_ID ABBOTT_STEREO_PLUG_ID
2942 + #define ABBOTT_STRIP_PORT_ID 0x3420
2943 +
2944 ++/* Honeywell vendor and product IDs */
2945 ++#define HONEYWELL_VENDOR_ID 0x10ac
2946 ++#define HONEYWELL_HGI80_PRODUCT_ID 0x0102 /* Honeywell HGI80 */
2947 ++
2948 + /* Commands */
2949 + #define TI_GET_VERSION 0x01
2950 + #define TI_GET_PORT_STATUS 0x02
2951 +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
2952 +index 96093ae..cdc3d33 100644
2953 +--- a/drivers/xen/events/events_base.c
2954 ++++ b/drivers/xen/events/events_base.c
2955 +@@ -39,6 +39,7 @@
2956 + #include <asm/irq.h>
2957 + #include <asm/idle.h>
2958 + #include <asm/io_apic.h>
2959 ++#include <asm/i8259.h>
2960 + #include <asm/xen/pci.h>
2961 + #include <xen/page.h>
2962 + #endif
2963 +@@ -420,7 +421,7 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi)
2964 + return xen_allocate_irq_dynamic();
2965 +
2966 + /* Legacy IRQ descriptors are already allocated by the arch. */
2967 +- if (gsi < NR_IRQS_LEGACY)
2968 ++ if (gsi < nr_legacy_irqs())
2969 + irq = gsi;
2970 + else
2971 + irq = irq_alloc_desc_at(gsi, -1);
2972 +@@ -446,7 +447,7 @@ static void xen_free_irq(unsigned irq)
2973 + kfree(info);
2974 +
2975 + /* Legacy IRQ descriptors are managed by the arch. */
2976 +- if (irq < NR_IRQS_LEGACY)
2977 ++ if (irq < nr_legacy_irqs())
2978 + return;
2979 +
2980 + irq_free_desc(irq);
2981 +diff --git a/fs/proc/array.c b/fs/proc/array.c
2982 +index ce065cf..57fde2d 100644
2983 +--- a/fs/proc/array.c
2984 ++++ b/fs/proc/array.c
2985 +@@ -372,7 +372,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
2986 + static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
2987 + struct pid *pid, struct task_struct *task, int whole)
2988 + {
2989 +- unsigned long vsize, eip, esp, wchan = ~0UL;
2990 ++ unsigned long vsize, eip, esp, wchan = 0;
2991 + int priority, nice;
2992 + int tty_pgrp = -1, tty_nr = 0;
2993 + sigset_t sigign, sigcatch;
2994 +@@ -504,7 +504,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
2995 + seq_put_decimal_ull(m, ' ', task->blocked.sig[0] & 0x7fffffffUL);
2996 + seq_put_decimal_ull(m, ' ', sigign.sig[0] & 0x7fffffffUL);
2997 + seq_put_decimal_ull(m, ' ', sigcatch.sig[0] & 0x7fffffffUL);
2998 +- seq_put_decimal_ull(m, ' ', wchan);
2999 ++
3000 ++ /*
3001 ++ * We used to output the absolute kernel address, but that's an
3002 ++ * information leak - so instead we show a 0/1 flag here, to signal
3003 ++ * to user-space whether there's a wchan field in /proc/PID/wchan.
3004 ++ *
3005 ++ * This works with older implementations of procps as well.
3006 ++ */
3007 ++ if (wchan)
3008 ++ seq_puts(m, " 1");
3009 ++ else
3010 ++ seq_puts(m, " 0");
3011 ++
3012 + seq_put_decimal_ull(m, ' ', 0);
3013 + seq_put_decimal_ull(m, ' ', 0);
3014 + seq_put_decimal_ll(m, ' ', task->exit_signal);
3015 +diff --git a/fs/proc/base.c b/fs/proc/base.c
3016 +index aa50d1a..83a43c1 100644
3017 +--- a/fs/proc/base.c
3018 ++++ b/fs/proc/base.c
3019 +@@ -430,13 +430,10 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
3020 +
3021 + wchan = get_wchan(task);
3022 +
3023 +- if (lookup_symbol_name(wchan, symname) < 0) {
3024 +- if (!ptrace_may_access(task, PTRACE_MODE_READ))
3025 +- return 0;
3026 +- seq_printf(m, "%lu", wchan);
3027 +- } else {
3028 ++ if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname))
3029 + seq_printf(m, "%s", symname);
3030 +- }
3031 ++ else
3032 ++ seq_putc(m, '0');
3033 +
3034 + return 0;
3035 + }
3036 +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
3037 +index 05e99b8..053f122 100644
3038 +--- a/include/linux/kvm_host.h
3039 ++++ b/include/linux/kvm_host.h
3040 +@@ -436,6 +436,17 @@ static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i)
3041 + (vcpup = kvm_get_vcpu(kvm, idx)) != NULL; \
3042 + idx++)
3043 +
3044 ++static inline struct kvm_vcpu *kvm_get_vcpu_by_id(struct kvm *kvm, int id)
3045 ++{
3046 ++ struct kvm_vcpu *vcpu;
3047 ++ int i;
3048 ++
3049 ++ kvm_for_each_vcpu(i, vcpu, kvm)
3050 ++ if (vcpu->vcpu_id == id)
3051 ++ return vcpu;
3052 ++ return NULL;
3053 ++}
3054 ++
3055 + #define kvm_for_each_memslot(memslot, slots) \
3056 + for (memslot = &slots->memslots[0]; \
3057 + memslot < slots->memslots + KVM_MEM_SLOTS_NUM && memslot->npages;\
3058 +diff --git a/include/linux/tty.h b/include/linux/tty.h
3059 +index ad6c891..342a760 100644
3060 +--- a/include/linux/tty.h
3061 ++++ b/include/linux/tty.h
3062 +@@ -605,7 +605,7 @@ extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops);
3063 +
3064 + /* tty_audit.c */
3065 + #ifdef CONFIG_AUDIT
3066 +-extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
3067 ++extern void tty_audit_add_data(struct tty_struct *tty, const void *data,
3068 + size_t size, unsigned icanon);
3069 + extern void tty_audit_exit(void);
3070 + extern void tty_audit_fork(struct signal_struct *sig);
3071 +@@ -613,8 +613,8 @@ extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
3072 + extern void tty_audit_push(struct tty_struct *tty);
3073 + extern int tty_audit_push_current(void);
3074 + #else
3075 +-static inline void tty_audit_add_data(struct tty_struct *tty,
3076 +- unsigned char *data, size_t size, unsigned icanon)
3077 ++static inline void tty_audit_add_data(struct tty_struct *tty, const void *data,
3078 ++ size_t size, unsigned icanon)
3079 + {
3080 + }
3081 + static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch)
3082 +diff --git a/include/net/inet_common.h b/include/net/inet_common.h
3083 +index 279f835..109e3ee 100644
3084 +--- a/include/net/inet_common.h
3085 ++++ b/include/net/inet_common.h
3086 +@@ -41,7 +41,8 @@ int inet_recv_error(struct sock *sk, struct msghdr *msg, int len,
3087 +
3088 + static inline void inet_ctl_sock_destroy(struct sock *sk)
3089 + {
3090 +- sock_release(sk->sk_socket);
3091 ++ if (sk)
3092 ++ sock_release(sk->sk_socket);
3093 + }
3094 +
3095 + #endif
3096 +diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
3097 +index 5fa643b..ff6d78f 100644
3098 +--- a/include/net/ip_fib.h
3099 ++++ b/include/net/ip_fib.h
3100 +@@ -306,7 +306,7 @@ void fib_flush_external(struct net *net);
3101 +
3102 + /* Exported by fib_semantics.c */
3103 + int ip_fib_check_default(__be32 gw, struct net_device *dev);
3104 +-int fib_sync_down_dev(struct net_device *dev, unsigned long event);
3105 ++int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force);
3106 + int fib_sync_down_addr(struct net *net, __be32 local);
3107 + int fib_sync_up(struct net_device *dev, unsigned int nh_flags);
3108 + void fib_select_multipath(struct fib_result *res);
3109 +diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
3110 +index f1a117f..0bec458 100644
3111 +--- a/net/bluetooth/hidp/core.c
3112 ++++ b/net/bluetooth/hidp/core.c
3113 +@@ -401,6 +401,20 @@ static void hidp_idle_timeout(unsigned long arg)
3114 + {
3115 + struct hidp_session *session = (struct hidp_session *) arg;
3116 +
3117 ++ /* The HIDP user-space API only contains calls to add and remove
3118 ++ * devices. There is no way to forward events of any kind. Therefore,
3119 ++ * we have to forcefully disconnect a device on idle-timeouts. This is
3120 ++ * unfortunate and weird API design, but it is spec-compliant and
3121 ++ * required for backwards-compatibility. Hence, on idle-timeout, we
3122 ++ * signal driver-detach events, so poll() will be woken up with an
3123 ++ * error-condition on both sockets.
3124 ++ */
3125 ++
3126 ++ session->intr_sock->sk->sk_err = EUNATCH;
3127 ++ session->ctrl_sock->sk->sk_err = EUNATCH;
3128 ++ wake_up_interruptible(sk_sleep(session->intr_sock->sk));
3129 ++ wake_up_interruptible(sk_sleep(session->ctrl_sock->sk));
3130 ++
3131 + hidp_session_terminate(session);
3132 + }
3133 +
3134 +diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
3135 +index 92720f3..e32a9e4 100644
3136 +--- a/net/bluetooth/mgmt.c
3137 ++++ b/net/bluetooth/mgmt.c
3138 +@@ -3090,6 +3090,11 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3139 + } else {
3140 + u8 addr_type;
3141 +
3142 ++ if (cp->addr.type == BDADDR_LE_PUBLIC)
3143 ++ addr_type = ADDR_LE_DEV_PUBLIC;
3144 ++ else
3145 ++ addr_type = ADDR_LE_DEV_RANDOM;
3146 ++
3147 + conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
3148 + &cp->addr.bdaddr);
3149 + if (conn) {
3150 +@@ -3105,13 +3110,10 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3151 + */
3152 + if (!cp->disconnect)
3153 + conn = NULL;
3154 ++ } else {
3155 ++ hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3156 + }
3157 +
3158 +- if (cp->addr.type == BDADDR_LE_PUBLIC)
3159 +- addr_type = ADDR_LE_DEV_PUBLIC;
3160 +- else
3161 +- addr_type = ADDR_LE_DEV_RANDOM;
3162 +-
3163 + hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3164 +
3165 + err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
3166 +diff --git a/net/core/dst.c b/net/core/dst.c
3167 +index 002144be..cc4a086 100644
3168 +--- a/net/core/dst.c
3169 ++++ b/net/core/dst.c
3170 +@@ -287,7 +287,7 @@ void dst_release(struct dst_entry *dst)
3171 + if (unlikely(newrefcnt < 0))
3172 + net_warn_ratelimited("%s: dst:%p refcnt:%d\n",
3173 + __func__, dst, newrefcnt);
3174 +- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt)
3175 ++ if (!newrefcnt && unlikely(dst->flags & DST_NOCACHE))
3176 + call_rcu(&dst->rcu_head, dst_destroy_rcu);
3177 + }
3178 + }
3179 +diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
3180 +index 6bbc549..d7116cf 100644
3181 +--- a/net/ipv4/fib_frontend.c
3182 ++++ b/net/ipv4/fib_frontend.c
3183 +@@ -1063,9 +1063,10 @@ static void nl_fib_lookup_exit(struct net *net)
3184 + net->ipv4.fibnl = NULL;
3185 + }
3186 +
3187 +-static void fib_disable_ip(struct net_device *dev, unsigned long event)
3188 ++static void fib_disable_ip(struct net_device *dev, unsigned long event,
3189 ++ bool force)
3190 + {
3191 +- if (fib_sync_down_dev(dev, event))
3192 ++ if (fib_sync_down_dev(dev, event, force))
3193 + fib_flush(dev_net(dev));
3194 + rt_cache_flush(dev_net(dev));
3195 + arp_ifdown(dev);
3196 +@@ -1093,7 +1094,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
3197 + /* Last address was deleted from this interface.
3198 + * Disable IP.
3199 + */
3200 +- fib_disable_ip(dev, event);
3201 ++ fib_disable_ip(dev, event, true);
3202 + } else {
3203 + rt_cache_flush(dev_net(dev));
3204 + }
3205 +@@ -1110,7 +1111,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
3206 + unsigned int flags;
3207 +
3208 + if (event == NETDEV_UNREGISTER) {
3209 +- fib_disable_ip(dev, event);
3210 ++ fib_disable_ip(dev, event, true);
3211 + rt_flush_dev(dev);
3212 + return NOTIFY_DONE;
3213 + }
3214 +@@ -1131,14 +1132,14 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
3215 + rt_cache_flush(net);
3216 + break;
3217 + case NETDEV_DOWN:
3218 +- fib_disable_ip(dev, event);
3219 ++ fib_disable_ip(dev, event, false);
3220 + break;
3221 + case NETDEV_CHANGE:
3222 + flags = dev_get_flags(dev);
3223 + if (flags & (IFF_RUNNING | IFF_LOWER_UP))
3224 + fib_sync_up(dev, RTNH_F_LINKDOWN);
3225 + else
3226 +- fib_sync_down_dev(dev, event);
3227 ++ fib_sync_down_dev(dev, event, false);
3228 + /* fall through */
3229 + case NETDEV_CHANGEMTU:
3230 + rt_cache_flush(net);
3231 +diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
3232 +index 3a06586..71bad5c 100644
3233 +--- a/net/ipv4/fib_semantics.c
3234 ++++ b/net/ipv4/fib_semantics.c
3235 +@@ -1132,7 +1132,13 @@ int fib_sync_down_addr(struct net *net, __be32 local)
3236 + return ret;
3237 + }
3238 +
3239 +-int fib_sync_down_dev(struct net_device *dev, unsigned long event)
3240 ++/* Event force Flags Description
3241 ++ * NETDEV_CHANGE 0 LINKDOWN Carrier OFF, not for scope host
3242 ++ * NETDEV_DOWN 0 LINKDOWN|DEAD Link down, not for scope host
3243 ++ * NETDEV_DOWN 1 LINKDOWN|DEAD Last address removed
3244 ++ * NETDEV_UNREGISTER 1 LINKDOWN|DEAD Device removed
3245 ++ */
3246 ++int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force)
3247 + {
3248 + int ret = 0;
3249 + int scope = RT_SCOPE_NOWHERE;
3250 +@@ -1141,8 +1147,7 @@ int fib_sync_down_dev(struct net_device *dev, unsigned long event)
3251 + struct hlist_head *head = &fib_info_devhash[hash];
3252 + struct fib_nh *nh;
3253 +
3254 +- if (event == NETDEV_UNREGISTER ||
3255 +- event == NETDEV_DOWN)
3256 ++ if (force)
3257 + scope = -1;
3258 +
3259 + hlist_for_each_entry(nh, head, nh_hash) {
3260 +@@ -1291,6 +1296,13 @@ int fib_sync_up(struct net_device *dev, unsigned int nh_flags)
3261 + if (!(dev->flags & IFF_UP))
3262 + return 0;
3263 +
3264 ++ if (nh_flags & RTNH_F_DEAD) {
3265 ++ unsigned int flags = dev_get_flags(dev);
3266 ++
3267 ++ if (flags & (IFF_RUNNING | IFF_LOWER_UP))
3268 ++ nh_flags |= RTNH_F_LINKDOWN;
3269 ++ }
3270 ++
3271 + prev_fi = NULL;
3272 + hash = fib_devindex_hashfn(dev->ifindex);
3273 + head = &fib_info_devhash[hash];
3274 +diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
3275 +index b0c6258..ea3aedb 100644
3276 +--- a/net/ipv4/fib_trie.c
3277 ++++ b/net/ipv4/fib_trie.c
3278 +@@ -1561,7 +1561,7 @@ static struct key_vector *leaf_walk_rcu(struct key_vector **tn, t_key key)
3279 + do {
3280 + /* record parent and next child index */
3281 + pn = n;
3282 +- cindex = key ? get_index(key, pn) : 0;
3283 ++ cindex = (key > pn->key) ? get_index(key, pn) : 0;
3284 +
3285 + if (cindex >> pn->bits)
3286 + break;
3287 +diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c
3288 +index 5aa46d4..5a8ee32 100644
3289 +--- a/net/ipv4/gre_offload.c
3290 ++++ b/net/ipv4/gre_offload.c
3291 +@@ -36,7 +36,8 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb,
3292 + SKB_GSO_TCP_ECN |
3293 + SKB_GSO_GRE |
3294 + SKB_GSO_GRE_CSUM |
3295 +- SKB_GSO_IPIP)))
3296 ++ SKB_GSO_IPIP |
3297 ++ SKB_GSO_SIT)))
3298 + goto out;
3299 +
3300 + if (!skb->encapsulation)
3301 +diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
3302 +index 3a2c016..df28693 100644
3303 +--- a/net/ipv4/ipmr.c
3304 ++++ b/net/ipv4/ipmr.c
3305 +@@ -1683,8 +1683,8 @@ static inline int ipmr_forward_finish(struct sock *sk, struct sk_buff *skb)
3306 + {
3307 + struct ip_options *opt = &(IPCB(skb)->opt);
3308 +
3309 +- IP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
3310 +- IP_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTOCTETS, skb->len);
3311 ++ IP_INC_STATS(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
3312 ++ IP_ADD_STATS(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTOCTETS, skb->len);
3313 +
3314 + if (unlikely(opt->optlen))
3315 + ip_forward_options(skb);
3316 +@@ -1746,7 +1746,7 @@ static void ipmr_queue_xmit(struct net *net, struct mr_table *mrt,
3317 + * to blackhole.
3318 + */
3319 +
3320 +- IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
3321 ++ IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
3322 + ip_rt_put(rt);
3323 + goto out_free;
3324 + }
3325 +diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
3326 +index 0330ab2..a1442c5 100644
3327 +--- a/net/ipv4/sysctl_net_ipv4.c
3328 ++++ b/net/ipv4/sysctl_net_ipv4.c
3329 +@@ -47,14 +47,14 @@ static void set_local_port_range(struct net *net, int range[2])
3330 + {
3331 + bool same_parity = !((range[0] ^ range[1]) & 1);
3332 +
3333 +- write_seqlock(&net->ipv4.ip_local_ports.lock);
3334 ++ write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
3335 + if (same_parity && !net->ipv4.ip_local_ports.warned) {
3336 + net->ipv4.ip_local_ports.warned = true;
3337 + pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
3338 + }
3339 + net->ipv4.ip_local_ports.range[0] = range[0];
3340 + net->ipv4.ip_local_ports.range[1] = range[1];
3341 +- write_sequnlock(&net->ipv4.ip_local_ports.lock);
3342 ++ write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
3343 + }
3344 +
3345 + /* Validate changes from /proc interface. */
3346 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
3347 +index b7dedd9..747a4c4 100644
3348 +--- a/net/ipv4/tcp_output.c
3349 ++++ b/net/ipv4/tcp_output.c
3350 +@@ -3406,7 +3406,7 @@ static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib)
3351 + */
3352 + tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
3353 + skb_mstamp_get(&skb->skb_mstamp);
3354 +- NET_INC_STATS_BH(sock_net(sk), mib);
3355 ++ NET_INC_STATS(sock_net(sk), mib);
3356 + return tcp_transmit_skb(sk, skb, 0, GFP_ATOMIC);
3357 + }
3358 +
3359 +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
3360 +index 21c2c81..c8c1fea 100644
3361 +--- a/net/ipv6/addrconf.c
3362 ++++ b/net/ipv6/addrconf.c
3363 +@@ -411,6 +411,7 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
3364 + if (err) {
3365 + ipv6_mc_destroy_dev(ndev);
3366 + del_timer(&ndev->regen_timer);
3367 ++ snmp6_unregister_dev(ndev);
3368 + goto err_release;
3369 + }
3370 + /* protected by rtnl_lock */
3371 +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
3372 +index ac35a28..85c4b2f 100644
3373 +--- a/net/ipv6/sit.c
3374 ++++ b/net/ipv6/sit.c
3375 +@@ -1394,34 +1394,20 @@ static int ipip6_tunnel_init(struct net_device *dev)
3376 + return 0;
3377 + }
3378 +
3379 +-static int __net_init ipip6_fb_tunnel_init(struct net_device *dev)
3380 ++static void __net_init ipip6_fb_tunnel_init(struct net_device *dev)
3381 + {
3382 + struct ip_tunnel *tunnel = netdev_priv(dev);
3383 + struct iphdr *iph = &tunnel->parms.iph;
3384 + struct net *net = dev_net(dev);
3385 + struct sit_net *sitn = net_generic(net, sit_net_id);
3386 +
3387 +- tunnel->dev = dev;
3388 +- tunnel->net = dev_net(dev);
3389 +-
3390 + iph->version = 4;
3391 + iph->protocol = IPPROTO_IPV6;
3392 + iph->ihl = 5;
3393 + iph->ttl = 64;
3394 +
3395 +- dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
3396 +- if (!dev->tstats)
3397 +- return -ENOMEM;
3398 +-
3399 +- tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst);
3400 +- if (!tunnel->dst_cache) {
3401 +- free_percpu(dev->tstats);
3402 +- return -ENOMEM;
3403 +- }
3404 +-
3405 + dev_hold(dev);
3406 + rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
3407 +- return 0;
3408 + }
3409 +
3410 + static int ipip6_validate(struct nlattr *tb[], struct nlattr *data[])
3411 +@@ -1831,23 +1817,19 @@ static int __net_init sit_init_net(struct net *net)
3412 + */
3413 + sitn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
3414 +
3415 +- err = ipip6_fb_tunnel_init(sitn->fb_tunnel_dev);
3416 +- if (err)
3417 +- goto err_dev_free;
3418 +-
3419 +- ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn);
3420 + err = register_netdev(sitn->fb_tunnel_dev);
3421 + if (err)
3422 + goto err_reg_dev;
3423 +
3424 ++ ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn);
3425 ++ ipip6_fb_tunnel_init(sitn->fb_tunnel_dev);
3426 ++
3427 + t = netdev_priv(sitn->fb_tunnel_dev);
3428 +
3429 + strcpy(t->parms.name, sitn->fb_tunnel_dev->name);
3430 + return 0;
3431 +
3432 + err_reg_dev:
3433 +- dev_put(sitn->fb_tunnel_dev);
3434 +-err_dev_free:
3435 + ipip6_dev_free(sitn->fb_tunnel_dev);
3436 + err_alloc_dev:
3437 + return err;
3438 +diff --git a/net/irda/irlmp.c b/net/irda/irlmp.c
3439 +index a26c401..4396459 100644
3440 +--- a/net/irda/irlmp.c
3441 ++++ b/net/irda/irlmp.c
3442 +@@ -1839,7 +1839,7 @@ static void *irlmp_seq_hb_idx(struct irlmp_iter_state *iter, loff_t *off)
3443 + for (element = hashbin_get_first(iter->hashbin);
3444 + element != NULL;
3445 + element = hashbin_get_next(iter->hashbin)) {
3446 +- if (!off || *off-- == 0) {
3447 ++ if (!off || (*off)-- == 0) {
3448 + /* NB: hashbin left locked */
3449 + return element;
3450 + }
3451 +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
3452 +index 9b2cc27..33bf779 100644
3453 +--- a/net/mac80211/mlme.c
3454 ++++ b/net/mac80211/mlme.c
3455 +@@ -3378,7 +3378,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3456 +
3457 + if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3458 + ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3459 +- int sig = ifmgd->ave_beacon_signal;
3460 ++ int sig = ifmgd->ave_beacon_signal / 16;
3461 + int last_sig = ifmgd->last_ave_beacon_signal;
3462 + struct ieee80211_event event = {
3463 + .type = RSSI_EVENT,
3464 +@@ -4999,6 +4999,25 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3465 + return 0;
3466 + }
3467 +
3468 ++ if (ifmgd->assoc_data &&
3469 ++ ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
3470 ++ sdata_info(sdata,
3471 ++ "aborting association with %pM by local choice (Reason: %u=%s)\n",
3472 ++ req->bssid, req->reason_code,
3473 ++ ieee80211_get_reason_code_string(req->reason_code));
3474 ++
3475 ++ drv_mgd_prepare_tx(sdata->local, sdata);
3476 ++ ieee80211_send_deauth_disassoc(sdata, req->bssid,
3477 ++ IEEE80211_STYPE_DEAUTH,
3478 ++ req->reason_code, tx,
3479 ++ frame_buf);
3480 ++ ieee80211_destroy_assoc_data(sdata, false);
3481 ++ ieee80211_report_disconnect(sdata, frame_buf,
3482 ++ sizeof(frame_buf), true,
3483 ++ req->reason_code);
3484 ++ return 0;
3485 ++ }
3486 ++
3487 + if (ifmgd->associated &&
3488 + ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
3489 + sdata_info(sdata,
3490 +diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
3491 +index 6f14591..0b13bfa 100644
3492 +--- a/net/mac80211/trace.h
3493 ++++ b/net/mac80211/trace.h
3494 +@@ -33,11 +33,11 @@
3495 + __field(u32, chan_width) \
3496 + __field(u32, center_freq1) \
3497 + __field(u32, center_freq2)
3498 +-#define CHANDEF_ASSIGN(c) \
3499 +- __entry->control_freq = (c)->chan ? (c)->chan->center_freq : 0; \
3500 +- __entry->chan_width = (c)->width; \
3501 +- __entry->center_freq1 = (c)->center_freq1; \
3502 +- __entry->center_freq2 = (c)->center_freq2;
3503 ++#define CHANDEF_ASSIGN(c) \
3504 ++ __entry->control_freq = (c) ? ((c)->chan ? (c)->chan->center_freq : 0) : 0; \
3505 ++ __entry->chan_width = (c) ? (c)->width : 0; \
3506 ++ __entry->center_freq1 = (c) ? (c)->center_freq1 : 0; \
3507 ++ __entry->center_freq2 = (c) ? (c)->center_freq2 : 0;
3508 + #define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz"
3509 + #define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \
3510 + __entry->center_freq1, __entry->center_freq2
3511 +diff --git a/net/mac80211/util.c b/net/mac80211/util.c
3512 +index 43e5aad..f5fa8c0 100644
3513 +--- a/net/mac80211/util.c
3514 ++++ b/net/mac80211/util.c
3515 +@@ -2984,6 +2984,13 @@ ieee80211_extend_noa_desc(struct ieee80211_noa_data *data, u32 tsf, int i)
3516 + if (end > 0)
3517 + return false;
3518 +
3519 ++ /* One shot NOA */
3520 ++ if (data->count[i] == 1)
3521 ++ return false;
3522 ++
3523 ++ if (data->desc[i].interval == 0)
3524 ++ return false;
3525 ++
3526 + /* End time is in the past, check for repetitions */
3527 + skip = DIV_ROUND_UP(-end, data->desc[i].interval);
3528 + if (data->count[i] < 255) {
3529 +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
3530 +index a133d16..8b158f7 100644
3531 +--- a/net/netlink/af_netlink.c
3532 ++++ b/net/netlink/af_netlink.c
3533 +@@ -2346,7 +2346,7 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,
3534 + int pos, idx, shift;
3535 +
3536 + err = 0;
3537 +- netlink_table_grab();
3538 ++ netlink_lock_table();
3539 + for (pos = 0; pos * 8 < nlk->ngroups; pos += sizeof(u32)) {
3540 + if (len - pos < sizeof(u32))
3541 + break;
3542 +@@ -2361,7 +2361,7 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname,
3543 + }
3544 + if (put_user(ALIGN(nlk->ngroups / 8, sizeof(u32)), optlen))
3545 + err = -EFAULT;
3546 +- netlink_table_ungrab();
3547 ++ netlink_unlock_table();
3548 + break;
3549 + }
3550 + default:
3551 +diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c
3552 +index 609f922..30b09f0 100644
3553 +--- a/net/nfc/nci/hci.c
3554 ++++ b/net/nfc/nci/hci.c
3555 +@@ -101,6 +101,20 @@ struct nci_hcp_packet {
3556 + #define NCI_HCP_MSG_GET_CMD(header) (header & 0x3f)
3557 + #define NCI_HCP_MSG_GET_PIPE(header) (header & 0x7f)
3558 +
3559 ++static int nci_hci_result_to_errno(u8 result)
3560 ++{
3561 ++ switch (result) {
3562 ++ case NCI_HCI_ANY_OK:
3563 ++ return 0;
3564 ++ case NCI_HCI_ANY_E_REG_PAR_UNKNOWN:
3565 ++ return -EOPNOTSUPP;
3566 ++ case NCI_HCI_ANY_E_TIMEOUT:
3567 ++ return -ETIME;
3568 ++ default:
3569 ++ return -1;
3570 ++ }
3571 ++}
3572 ++
3573 + /* HCI core */
3574 + static void nci_hci_reset_pipes(struct nci_hci_dev *hdev)
3575 + {
3576 +@@ -146,18 +160,18 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe,
3577 + if (!conn_info)
3578 + return -EPROTO;
3579 +
3580 +- skb = nci_skb_alloc(ndev, 2 + conn_info->max_pkt_payload_len +
3581 ++ i = 0;
3582 ++ skb = nci_skb_alloc(ndev, conn_info->max_pkt_payload_len +
3583 + NCI_DATA_HDR_SIZE, GFP_KERNEL);
3584 + if (!skb)
3585 + return -ENOMEM;
3586 +
3587 +- skb_reserve(skb, 2 + NCI_DATA_HDR_SIZE);
3588 ++ skb_reserve(skb, NCI_DATA_HDR_SIZE + 2);
3589 + *skb_push(skb, 1) = data_type;
3590 +
3591 +- i = 0;
3592 +- len = conn_info->max_pkt_payload_len;
3593 +-
3594 + do {
3595 ++ len = conn_info->max_pkt_payload_len;
3596 ++
3597 + /* If last packet add NCI_HFP_NO_CHAINING */
3598 + if (i + conn_info->max_pkt_payload_len -
3599 + (skb->len + 1) >= data_len) {
3600 +@@ -177,9 +191,15 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe,
3601 + return r;
3602 +
3603 + i += len;
3604 ++
3605 + if (i < data_len) {
3606 +- skb_trim(skb, 0);
3607 +- skb_pull(skb, len);
3608 ++ skb = nci_skb_alloc(ndev,
3609 ++ conn_info->max_pkt_payload_len +
3610 ++ NCI_DATA_HDR_SIZE, GFP_KERNEL);
3611 ++ if (!skb)
3612 ++ return -ENOMEM;
3613 ++
3614 ++ skb_reserve(skb, NCI_DATA_HDR_SIZE + 1);
3615 + }
3616 + } while (i < data_len);
3617 +
3618 +@@ -212,7 +232,8 @@ int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate, u8 cmd,
3619 + const u8 *param, size_t param_len,
3620 + struct sk_buff **skb)
3621 + {
3622 +- struct nci_conn_info *conn_info;
3623 ++ struct nci_hcp_message *message;
3624 ++ struct nci_conn_info *conn_info;
3625 + struct nci_data data;
3626 + int r;
3627 + u8 pipe = ndev->hci_dev->gate2pipe[gate];
3628 +@@ -232,9 +253,15 @@ int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate, u8 cmd,
3629 +
3630 + r = nci_request(ndev, nci_hci_send_data_req, (unsigned long)&data,
3631 + msecs_to_jiffies(NCI_DATA_TIMEOUT));
3632 +-
3633 +- if (r == NCI_STATUS_OK && skb)
3634 +- *skb = conn_info->rx_skb;
3635 ++ if (r == NCI_STATUS_OK) {
3636 ++ message = (struct nci_hcp_message *)conn_info->rx_skb->data;
3637 ++ r = nci_hci_result_to_errno(
3638 ++ NCI_HCP_MSG_GET_CMD(message->header));
3639 ++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN);
3640 ++
3641 ++ if (!r && skb)
3642 ++ *skb = conn_info->rx_skb;
3643 ++ }
3644 +
3645 + return r;
3646 + }
3647 +@@ -328,9 +355,6 @@ static void nci_hci_resp_received(struct nci_dev *ndev, u8 pipe,
3648 + struct nci_conn_info *conn_info;
3649 + u8 status = result;
3650 +
3651 +- if (result != NCI_HCI_ANY_OK)
3652 +- goto exit;
3653 +-
3654 + conn_info = ndev->hci_dev->conn_info;
3655 + if (!conn_info) {
3656 + status = NCI_STATUS_REJECTED;
3657 +@@ -340,7 +364,7 @@ static void nci_hci_resp_received(struct nci_dev *ndev, u8 pipe,
3658 + conn_info->rx_skb = skb;
3659 +
3660 + exit:
3661 +- nci_req_complete(ndev, status);
3662 ++ nci_req_complete(ndev, NCI_STATUS_OK);
3663 + }
3664 +
3665 + /* Receive hcp message for pipe, with type and cmd.
3666 +@@ -378,7 +402,7 @@ static void nci_hci_msg_rx_work(struct work_struct *work)
3667 + u8 pipe, type, instruction;
3668 +
3669 + while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
3670 +- pipe = skb->data[0];
3671 ++ pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]);
3672 + skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN);
3673 + message = (struct nci_hcp_message *)skb->data;
3674 + type = NCI_HCP_MSG_GET_TYPE(message->header);
3675 +@@ -395,7 +419,7 @@ void nci_hci_data_received_cb(void *context,
3676 + {
3677 + struct nci_dev *ndev = (struct nci_dev *)context;
3678 + struct nci_hcp_packet *packet;
3679 +- u8 pipe, type, instruction;
3680 ++ u8 pipe, type;
3681 + struct sk_buff *hcp_skb;
3682 + struct sk_buff *frag_skb;
3683 + int msg_len;
3684 +@@ -415,7 +439,7 @@ void nci_hci_data_received_cb(void *context,
3685 +
3686 + /* it's the last fragment. Does it need re-aggregation? */
3687 + if (skb_queue_len(&ndev->hci_dev->rx_hcp_frags)) {
3688 +- pipe = packet->header & NCI_HCI_FRAGMENT;
3689 ++ pipe = NCI_HCP_MSG_GET_PIPE(packet->header);
3690 + skb_queue_tail(&ndev->hci_dev->rx_hcp_frags, skb);
3691 +
3692 + msg_len = 0;
3693 +@@ -434,7 +458,7 @@ void nci_hci_data_received_cb(void *context,
3694 + *skb_put(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN) = pipe;
3695 +
3696 + skb_queue_walk(&ndev->hci_dev->rx_hcp_frags, frag_skb) {
3697 +- msg_len = frag_skb->len - NCI_HCI_HCP_PACKET_HEADER_LEN;
3698 ++ msg_len = frag_skb->len - NCI_HCI_HCP_PACKET_HEADER_LEN;
3699 + memcpy(skb_put(hcp_skb, msg_len), frag_skb->data +
3700 + NCI_HCI_HCP_PACKET_HEADER_LEN, msg_len);
3701 + }
3702 +@@ -452,11 +476,10 @@ void nci_hci_data_received_cb(void *context,
3703 + packet = (struct nci_hcp_packet *)hcp_skb->data;
3704 + type = NCI_HCP_MSG_GET_TYPE(packet->message.header);
3705 + if (type == NCI_HCI_HCP_RESPONSE) {
3706 +- pipe = packet->header;
3707 +- instruction = NCI_HCP_MSG_GET_CMD(packet->message.header);
3708 +- skb_pull(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN +
3709 +- NCI_HCI_HCP_MESSAGE_HEADER_LEN);
3710 +- nci_hci_hcp_message_rx(ndev, pipe, type, instruction, hcp_skb);
3711 ++ pipe = NCI_HCP_MSG_GET_PIPE(packet->header);
3712 ++ skb_pull(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN);
3713 ++ nci_hci_hcp_message_rx(ndev, pipe, type,
3714 ++ NCI_STATUS_OK, hcp_skb);
3715 + } else {
3716 + skb_queue_tail(&ndev->hci_dev->msg_rx_queue, hcp_skb);
3717 + schedule_work(&ndev->hci_dev->msg_rx_work);
3718 +@@ -488,6 +511,7 @@ EXPORT_SYMBOL(nci_hci_open_pipe);
3719 + int nci_hci_set_param(struct nci_dev *ndev, u8 gate, u8 idx,
3720 + const u8 *param, size_t param_len)
3721 + {
3722 ++ struct nci_hcp_message *message;
3723 + struct nci_conn_info *conn_info;
3724 + struct nci_data data;
3725 + int r;
3726 +@@ -520,6 +544,12 @@ int nci_hci_set_param(struct nci_dev *ndev, u8 gate, u8 idx,
3727 + r = nci_request(ndev, nci_hci_send_data_req,
3728 + (unsigned long)&data,
3729 + msecs_to_jiffies(NCI_DATA_TIMEOUT));
3730 ++ if (r == NCI_STATUS_OK) {
3731 ++ message = (struct nci_hcp_message *)conn_info->rx_skb->data;
3732 ++ r = nci_hci_result_to_errno(
3733 ++ NCI_HCP_MSG_GET_CMD(message->header));
3734 ++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN);
3735 ++ }
3736 +
3737 + kfree(tmp);
3738 + return r;
3739 +@@ -529,6 +559,7 @@ EXPORT_SYMBOL(nci_hci_set_param);
3740 + int nci_hci_get_param(struct nci_dev *ndev, u8 gate, u8 idx,
3741 + struct sk_buff **skb)
3742 + {
3743 ++ struct nci_hcp_message *message;
3744 + struct nci_conn_info *conn_info;
3745 + struct nci_data data;
3746 + int r;
3747 +@@ -553,8 +584,15 @@ int nci_hci_get_param(struct nci_dev *ndev, u8 gate, u8 idx,
3748 + r = nci_request(ndev, nci_hci_send_data_req, (unsigned long)&data,
3749 + msecs_to_jiffies(NCI_DATA_TIMEOUT));
3750 +
3751 +- if (r == NCI_STATUS_OK)
3752 +- *skb = conn_info->rx_skb;
3753 ++ if (r == NCI_STATUS_OK) {
3754 ++ message = (struct nci_hcp_message *)conn_info->rx_skb->data;
3755 ++ r = nci_hci_result_to_errno(
3756 ++ NCI_HCP_MSG_GET_CMD(message->header));
3757 ++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN);
3758 ++
3759 ++ if (!r && skb)
3760 ++ *skb = conn_info->rx_skb;
3761 ++ }
3762 +
3763 + return r;
3764 + }
3765 +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
3766 +index 7851b12..71cb085 100644
3767 +--- a/net/packet/af_packet.c
3768 ++++ b/net/packet/af_packet.c
3769 +@@ -2784,22 +2784,40 @@ static int packet_release(struct socket *sock)
3770 + * Attach a packet hook.
3771 + */
3772 +
3773 +-static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
3774 ++static int packet_do_bind(struct sock *sk, const char *name, int ifindex,
3775 ++ __be16 proto)
3776 + {
3777 + struct packet_sock *po = pkt_sk(sk);
3778 + struct net_device *dev_curr;
3779 + __be16 proto_curr;
3780 + bool need_rehook;
3781 ++ struct net_device *dev = NULL;
3782 ++ int ret = 0;
3783 ++ bool unlisted = false;
3784 +
3785 +- if (po->fanout) {
3786 +- if (dev)
3787 +- dev_put(dev);
3788 +-
3789 ++ if (po->fanout)
3790 + return -EINVAL;
3791 +- }
3792 +
3793 + lock_sock(sk);
3794 + spin_lock(&po->bind_lock);
3795 ++ rcu_read_lock();
3796 ++
3797 ++ if (name) {
3798 ++ dev = dev_get_by_name_rcu(sock_net(sk), name);
3799 ++ if (!dev) {
3800 ++ ret = -ENODEV;
3801 ++ goto out_unlock;
3802 ++ }
3803 ++ } else if (ifindex) {
3804 ++ dev = dev_get_by_index_rcu(sock_net(sk), ifindex);
3805 ++ if (!dev) {
3806 ++ ret = -ENODEV;
3807 ++ goto out_unlock;
3808 ++ }
3809 ++ }
3810 ++
3811 ++ if (dev)
3812 ++ dev_hold(dev);
3813 +
3814 + proto_curr = po->prot_hook.type;
3815 + dev_curr = po->prot_hook.dev;
3816 +@@ -2807,14 +2825,29 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
3817 + need_rehook = proto_curr != proto || dev_curr != dev;
3818 +
3819 + if (need_rehook) {
3820 +- unregister_prot_hook(sk, true);
3821 ++ if (po->running) {
3822 ++ rcu_read_unlock();
3823 ++ __unregister_prot_hook(sk, true);
3824 ++ rcu_read_lock();
3825 ++ dev_curr = po->prot_hook.dev;
3826 ++ if (dev)
3827 ++ unlisted = !dev_get_by_index_rcu(sock_net(sk),
3828 ++ dev->ifindex);
3829 ++ }
3830 +
3831 + po->num = proto;
3832 + po->prot_hook.type = proto;
3833 +- po->prot_hook.dev = dev;
3834 +
3835 +- po->ifindex = dev ? dev->ifindex : 0;
3836 +- packet_cached_dev_assign(po, dev);
3837 ++ if (unlikely(unlisted)) {
3838 ++ dev_put(dev);
3839 ++ po->prot_hook.dev = NULL;
3840 ++ po->ifindex = -1;
3841 ++ packet_cached_dev_reset(po);
3842 ++ } else {
3843 ++ po->prot_hook.dev = dev;
3844 ++ po->ifindex = dev ? dev->ifindex : 0;
3845 ++ packet_cached_dev_assign(po, dev);
3846 ++ }
3847 + }
3848 + if (dev_curr)
3849 + dev_put(dev_curr);
3850 +@@ -2822,7 +2855,7 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
3851 + if (proto == 0 || !need_rehook)
3852 + goto out_unlock;
3853 +
3854 +- if (!dev || (dev->flags & IFF_UP)) {
3855 ++ if (!unlisted && (!dev || (dev->flags & IFF_UP))) {
3856 + register_prot_hook(sk);
3857 + } else {
3858 + sk->sk_err = ENETDOWN;
3859 +@@ -2831,9 +2864,10 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
3860 + }
3861 +
3862 + out_unlock:
3863 ++ rcu_read_unlock();
3864 + spin_unlock(&po->bind_lock);
3865 + release_sock(sk);
3866 +- return 0;
3867 ++ return ret;
3868 + }
3869 +
3870 + /*
3871 +@@ -2845,8 +2879,6 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
3872 + {
3873 + struct sock *sk = sock->sk;
3874 + char name[15];
3875 +- struct net_device *dev;
3876 +- int err = -ENODEV;
3877 +
3878 + /*
3879 + * Check legality
3880 +@@ -2856,19 +2888,13 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
3881 + return -EINVAL;
3882 + strlcpy(name, uaddr->sa_data, sizeof(name));
3883 +
3884 +- dev = dev_get_by_name(sock_net(sk), name);
3885 +- if (dev)
3886 +- err = packet_do_bind(sk, dev, pkt_sk(sk)->num);
3887 +- return err;
3888 ++ return packet_do_bind(sk, name, 0, pkt_sk(sk)->num);
3889 + }
3890 +
3891 + static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
3892 + {
3893 + struct sockaddr_ll *sll = (struct sockaddr_ll *)uaddr;
3894 + struct sock *sk = sock->sk;
3895 +- struct net_device *dev = NULL;
3896 +- int err;
3897 +-
3898 +
3899 + /*
3900 + * Check legality
3901 +@@ -2879,16 +2905,8 @@ static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len
3902 + if (sll->sll_family != AF_PACKET)
3903 + return -EINVAL;
3904 +
3905 +- if (sll->sll_ifindex) {
3906 +- err = -ENODEV;
3907 +- dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex);
3908 +- if (dev == NULL)
3909 +- goto out;
3910 +- }
3911 +- err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num);
3912 +-
3913 +-out:
3914 +- return err;
3915 ++ return packet_do_bind(sk, NULL, sll->sll_ifindex,
3916 ++ sll->sll_protocol ? : pkt_sk(sk)->num);
3917 + }
3918 +
3919 + static struct proto packet_proto = {
3920 +diff --git a/net/rds/connection.c b/net/rds/connection.c
3921 +index da6da57..9d66705 100644
3922 +--- a/net/rds/connection.c
3923 ++++ b/net/rds/connection.c
3924 +@@ -187,6 +187,12 @@ new_conn:
3925 + }
3926 + }
3927 +
3928 ++ if (trans == NULL) {
3929 ++ kmem_cache_free(rds_conn_slab, conn);
3930 ++ conn = ERR_PTR(-ENODEV);
3931 ++ goto out;
3932 ++ }
3933 ++
3934 + conn->c_trans = trans;
3935 +
3936 + ret = trans->conn_alloc(conn, gfp);
3937 +diff --git a/net/rds/tcp_recv.c b/net/rds/tcp_recv.c
3938 +index fbc5ef8..27a9921 100644
3939 +--- a/net/rds/tcp_recv.c
3940 ++++ b/net/rds/tcp_recv.c
3941 +@@ -214,8 +214,15 @@ static int rds_tcp_data_recv(read_descriptor_t *desc, struct sk_buff *skb,
3942 + }
3943 +
3944 + to_copy = min(tc->t_tinc_data_rem, left);
3945 +- pskb_pull(clone, offset);
3946 +- pskb_trim(clone, to_copy);
3947 ++ if (!pskb_pull(clone, offset) ||
3948 ++ pskb_trim(clone, to_copy)) {
3949 ++ pr_warn("rds_tcp_data_recv: pull/trim failed "
3950 ++ "left %zu data_rem %zu skb_len %d\n",
3951 ++ left, tc->t_tinc_data_rem, skb->len);
3952 ++ kfree_skb(clone);
3953 ++ desc->error = -ENOMEM;
3954 ++ goto out;
3955 ++ }
3956 + skb_queue_tail(&tinc->ti_skb_list, clone);
3957 +
3958 + rdsdebug("skb %p data %p len %d off %u to_copy %zu -> "
3959 +diff --git a/net/tipc/msg.c b/net/tipc/msg.c
3960 +index 08b4cc7..b3a3931 100644
3961 +--- a/net/tipc/msg.c
3962 ++++ b/net/tipc/msg.c
3963 +@@ -121,7 +121,7 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
3964 + {
3965 + struct sk_buff *head = *headbuf;
3966 + struct sk_buff *frag = *buf;
3967 +- struct sk_buff *tail;
3968 ++ struct sk_buff *tail = NULL;
3969 + struct tipc_msg *msg;
3970 + u32 fragid;
3971 + int delta;
3972 +@@ -141,9 +141,15 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
3973 + if (unlikely(skb_unclone(frag, GFP_ATOMIC)))
3974 + goto err;
3975 + head = *headbuf = frag;
3976 +- skb_frag_list_init(head);
3977 +- TIPC_SKB_CB(head)->tail = NULL;
3978 + *buf = NULL;
3979 ++ TIPC_SKB_CB(head)->tail = NULL;
3980 ++ if (skb_is_nonlinear(head)) {
3981 ++ skb_walk_frags(head, tail) {
3982 ++ TIPC_SKB_CB(head)->tail = tail;
3983 ++ }
3984 ++ } else {
3985 ++ skb_frag_list_init(head);
3986 ++ }
3987 + return 0;
3988 + }
3989 +
3990 +diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
3991 +index 66deebc..f8dfee5 100644
3992 +--- a/net/tipc/udp_media.c
3993 ++++ b/net/tipc/udp_media.c
3994 +@@ -48,6 +48,7 @@
3995 + #include <linux/tipc_netlink.h>
3996 + #include "core.h"
3997 + #include "bearer.h"
3998 ++#include "msg.h"
3999 +
4000 + /* IANA assigned UDP port */
4001 + #define UDP_PORT_DEFAULT 6118
4002 +@@ -216,6 +217,10 @@ static int tipc_udp_recv(struct sock *sk, struct sk_buff *skb)
4003 + {
4004 + struct udp_bearer *ub;
4005 + struct tipc_bearer *b;
4006 ++ int usr = msg_user(buf_msg(skb));
4007 ++
4008 ++ if ((usr == LINK_PROTOCOL) || (usr == NAME_DISTRIBUTOR))
4009 ++ skb_linearize(skb);
4010 +
4011 + ub = rcu_dereference_sk_user_data(sk);
4012 + if (!ub) {
4013 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
4014 +index 76b4157..d059cf3 100644
4015 +--- a/net/wireless/nl80211.c
4016 ++++ b/net/wireless/nl80211.c
4017 +@@ -3408,12 +3408,6 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4018 + wdev->iftype))
4019 + return -EINVAL;
4020 +
4021 +- if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4022 +- params.acl = parse_acl_data(&rdev->wiphy, info);
4023 +- if (IS_ERR(params.acl))
4024 +- return PTR_ERR(params.acl);
4025 +- }
4026 +-
4027 + if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4028 + params.smps_mode =
4029 + nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4030 +@@ -3437,6 +3431,12 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4031 + params.smps_mode = NL80211_SMPS_OFF;
4032 + }
4033 +
4034 ++ if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4035 ++ params.acl = parse_acl_data(&rdev->wiphy, info);
4036 ++ if (IS_ERR(params.acl))
4037 ++ return PTR_ERR(params.acl);
4038 ++ }
4039 ++
4040 + wdev_lock(wdev);
4041 + err = rdev_start_ap(rdev, dev, &params);
4042 + if (!err) {
4043 +diff --git a/sound/usb/midi.c b/sound/usb/midi.c
4044 +index 417ebb1..bec63e0 100644
4045 +--- a/sound/usb/midi.c
4046 ++++ b/sound/usb/midi.c
4047 +@@ -174,6 +174,8 @@ struct snd_usb_midi_in_endpoint {
4048 + u8 running_status_length;
4049 + } ports[0x10];
4050 + u8 seen_f5;
4051 ++ bool in_sysex;
4052 ++ u8 last_cin;
4053 + u8 error_resubmit;
4054 + int current_port;
4055 + };
4056 +@@ -468,6 +470,39 @@ static void snd_usbmidi_maudio_broken_running_status_input(
4057 + }
4058 +
4059 + /*
4060 ++ * QinHeng CH345 is buggy: every second packet inside a SysEx has not CIN 4
4061 ++ * but the previously seen CIN, but still with three data bytes.
4062 ++ */
4063 ++static void ch345_broken_sysex_input(struct snd_usb_midi_in_endpoint *ep,
4064 ++ uint8_t *buffer, int buffer_length)
4065 ++{
4066 ++ unsigned int i, cin, length;
4067 ++
4068 ++ for (i = 0; i + 3 < buffer_length; i += 4) {
4069 ++ if (buffer[i] == 0 && i > 0)
4070 ++ break;
4071 ++ cin = buffer[i] & 0x0f;
4072 ++ if (ep->in_sysex &&
4073 ++ cin == ep->last_cin &&
4074 ++ (buffer[i + 1 + (cin == 0x6)] & 0x80) == 0)
4075 ++ cin = 0x4;
4076 ++#if 0
4077 ++ if (buffer[i + 1] == 0x90) {
4078 ++ /*
4079 ++ * Either a corrupted running status or a real note-on
4080 ++ * message; impossible to detect reliably.
4081 ++ */
4082 ++ }
4083 ++#endif
4084 ++ length = snd_usbmidi_cin_length[cin];
4085 ++ snd_usbmidi_input_data(ep, 0, &buffer[i + 1], length);
4086 ++ ep->in_sysex = cin == 0x4;
4087 ++ if (!ep->in_sysex)
4088 ++ ep->last_cin = cin;
4089 ++ }
4090 ++}
4091 ++
4092 ++/*
4093 + * CME protocol: like the standard protocol, but SysEx commands are sent as a
4094 + * single USB packet preceded by a 0x0F byte.
4095 + */
4096 +@@ -660,6 +695,12 @@ static struct usb_protocol_ops snd_usbmidi_cme_ops = {
4097 + .output_packet = snd_usbmidi_output_standard_packet,
4098 + };
4099 +
4100 ++static struct usb_protocol_ops snd_usbmidi_ch345_broken_sysex_ops = {
4101 ++ .input = ch345_broken_sysex_input,
4102 ++ .output = snd_usbmidi_standard_output,
4103 ++ .output_packet = snd_usbmidi_output_standard_packet,
4104 ++};
4105 ++
4106 + /*
4107 + * AKAI MPD16 protocol:
4108 + *
4109 +@@ -1341,6 +1382,7 @@ static int snd_usbmidi_out_endpoint_create(struct snd_usb_midi *umidi,
4110 + * Various chips declare a packet size larger than 4 bytes, but
4111 + * do not actually work with larger packets:
4112 + */
4113 ++ case USB_ID(0x0a67, 0x5011): /* Medeli DD305 */
4114 + case USB_ID(0x0a92, 0x1020): /* ESI M4U */
4115 + case USB_ID(0x1430, 0x474b): /* RedOctane GH MIDI INTERFACE */
4116 + case USB_ID(0x15ca, 0x0101): /* Textech USB Midi Cable */
4117 +@@ -2375,6 +2417,10 @@ int snd_usbmidi_create(struct snd_card *card,
4118 +
4119 + err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints);
4120 + break;
4121 ++ case QUIRK_MIDI_CH345:
4122 ++ umidi->usb_protocol_ops = &snd_usbmidi_ch345_broken_sysex_ops;
4123 ++ err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints);
4124 ++ break;
4125 + default:
4126 + dev_err(&umidi->dev->dev, "invalid quirk type %d\n",
4127 + quirk->type);
4128 +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
4129 +index e475665..ecc2a4e 100644
4130 +--- a/sound/usb/quirks-table.h
4131 ++++ b/sound/usb/quirks-table.h
4132 +@@ -2820,6 +2820,17 @@ YAMAHA_DEVICE(0x7010, "UB99"),
4133 + .idProduct = 0x1020,
4134 + },
4135 +
4136 ++/* QinHeng devices */
4137 ++{
4138 ++ USB_DEVICE(0x1a86, 0x752d),
4139 ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
4140 ++ .vendor_name = "QinHeng",
4141 ++ .product_name = "CH345",
4142 ++ .ifnum = 1,
4143 ++ .type = QUIRK_MIDI_CH345
4144 ++ }
4145 ++},
4146 ++
4147 + /* KeithMcMillen Stringport */
4148 + {
4149 + USB_DEVICE(0x1f38, 0x0001),
4150 +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
4151 +index 00ebc0c..eef9b8e 100644
4152 +--- a/sound/usb/quirks.c
4153 ++++ b/sound/usb/quirks.c
4154 +@@ -535,6 +535,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip,
4155 + [QUIRK_MIDI_CME] = create_any_midi_quirk,
4156 + [QUIRK_MIDI_AKAI] = create_any_midi_quirk,
4157 + [QUIRK_MIDI_FTDI] = create_any_midi_quirk,
4158 ++ [QUIRK_MIDI_CH345] = create_any_midi_quirk,
4159 + [QUIRK_AUDIO_STANDARD_INTERFACE] = create_standard_audio_quirk,
4160 + [QUIRK_AUDIO_FIXED_ENDPOINT] = create_fixed_stream_quirk,
4161 + [QUIRK_AUDIO_EDIROL_UAXX] = create_uaxx_quirk,
4162 +@@ -1271,6 +1272,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
4163 + case USB_ID(0x20b1, 0x000a): /* Gustard DAC-X20U */
4164 + case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */
4165 + case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */
4166 ++ case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */
4167 + if (fp->altsetting == 3)
4168 + return SNDRV_PCM_FMTBIT_DSD_U32_BE;
4169 + break;
4170 +diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
4171 +index 91d0380..991aa84 100644
4172 +--- a/sound/usb/usbaudio.h
4173 ++++ b/sound/usb/usbaudio.h
4174 +@@ -94,6 +94,7 @@ enum quirk_type {
4175 + QUIRK_MIDI_AKAI,
4176 + QUIRK_MIDI_US122L,
4177 + QUIRK_MIDI_FTDI,
4178 ++ QUIRK_MIDI_CH345,
4179 + QUIRK_AUDIO_STANDARD_INTERFACE,
4180 + QUIRK_AUDIO_FIXED_ENDPOINT,
4181 + QUIRK_AUDIO_EDIROL_UAXX,
4182
4183 diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch b/4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch
4184 similarity index 98%
4185 rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch
4186 rename to 4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch
4187 index 9b88420..0e128e6 100644
4188 --- a/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch
4189 +++ b/4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch
4190 @@ -406,7 +406,7 @@ index 6fccb69..60c7c7a 100644
4191
4192 A toggle value indicating if modules are allowed to be loaded
4193 diff --git a/Makefile b/Makefile
4194 -index 9ef3739..df5234b 100644
4195 +index f5014ea..5cc28a1 100644
4196 --- a/Makefile
4197 +++ b/Makefile
4198 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
4199 @@ -431,7 +431,7 @@ index 9ef3739..df5234b 100644
4200 $(Q)$(MAKE) $(build)=scripts/basic
4201 $(Q)rm -f .tmp_quiet_recordmcount
4202
4203 -@@ -615,6 +617,79 @@ endif
4204 +@@ -615,6 +617,85 @@ endif
4205 # Tell gcc to never replace conditional load with a non-conditional one
4206 KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
4207
4208 @@ -466,6 +466,12 @@ index 9ef3739..df5234b 100644
4209 +ifdef CONFIG_CHECKER_PLUGIN
4210 +ifeq ($(call cc-ifversion, -ge, 0406, y), y)
4211 +CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
4212 ++ifdef CONFIG_CHECKER_PLUGIN_USER
4213 ++CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-user -DCHECKER_PLUGIN_USER
4214 ++endif
4215 ++ifdef CONFIG_CHECKER_PLUGIN_CONTEXT
4216 ++CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-context -DCHECKER_PLUGIN_CONTEXT
4217 ++endif
4218 +endif
4219 +endif
4220 +COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so
4221 @@ -511,7 +517,7 @@ index 9ef3739..df5234b 100644
4222 ifdef CONFIG_READABLE_ASM
4223 # Disable optimizations that make assembler listings hard to read.
4224 # reorder blocks reorders the control in the function
4225 -@@ -714,7 +789,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
4226 +@@ -714,7 +795,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
4227 else
4228 KBUILD_CFLAGS += -g
4229 endif
4230 @@ -520,7 +526,7 @@ index 9ef3739..df5234b 100644
4231 endif
4232 ifdef CONFIG_DEBUG_INFO_DWARF4
4233 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
4234 -@@ -886,7 +961,7 @@ export mod_sign_cmd
4235 +@@ -886,7 +967,7 @@ export mod_sign_cmd
4236
4237
4238 ifeq ($(KBUILD_EXTMOD),)
4239 @@ -529,7 +535,7 @@ index 9ef3739..df5234b 100644
4240
4241 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
4242 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
4243 -@@ -936,6 +1011,8 @@ endif
4244 +@@ -936,6 +1017,8 @@ endif
4245
4246 # The actual objects are generated when descending,
4247 # make sure no implicit rule kicks in
4248 @@ -538,7 +544,7 @@ index 9ef3739..df5234b 100644
4249 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
4250
4251 # Handle descending into subdirectories listed in $(vmlinux-dirs)
4252 -@@ -945,7 +1022,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
4253 +@@ -945,7 +1028,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
4254 # Error messages still appears in the original language
4255
4256 PHONY += $(vmlinux-dirs)
4257 @@ -547,7 +553,7 @@ index 9ef3739..df5234b 100644
4258 $(Q)$(MAKE) $(build)=$@
4259
4260 define filechk_kernel.release
4261 -@@ -988,10 +1065,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
4262 +@@ -988,10 +1071,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
4263
4264 archprepare: archheaders archscripts prepare1 scripts_basic
4265
4266 @@ -561,7 +567,7 @@ index 9ef3739..df5234b 100644
4267 prepare: prepare0
4268
4269 # Generate some files
4270 -@@ -1099,6 +1179,8 @@ all: modules
4271 +@@ -1099,6 +1185,8 @@ all: modules
4272 # using awk while concatenating to the final file.
4273
4274 PHONY += modules
4275 @@ -570,7 +576,7 @@ index 9ef3739..df5234b 100644
4276 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
4277 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
4278 @$(kecho) ' Building modules, stage 2.';
4279 -@@ -1114,7 +1196,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
4280 +@@ -1114,7 +1202,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
4281
4282 # Target to prepare building external modules
4283 PHONY += modules_prepare
4284 @@ -579,7 +585,7 @@ index 9ef3739..df5234b 100644
4285
4286 # Target to install modules
4287 PHONY += modules_install
4288 -@@ -1180,7 +1262,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \
4289 +@@ -1180,7 +1268,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \
4290 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
4291 signing_key.priv signing_key.x509 x509.genkey \
4292 extra_certificates signing_key.x509.keyid \
4293 @@ -591,7 +597,7 @@ index 9ef3739..df5234b 100644
4294
4295 # clean - Delete most, but leave enough to build external modules
4296 #
4297 -@@ -1219,7 +1304,7 @@ distclean: mrproper
4298 +@@ -1219,7 +1310,7 @@ distclean: mrproper
4299 @find $(srctree) $(RCS_FIND_IGNORE) \
4300 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
4301 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
4302 @@ -600,7 +606,7 @@ index 9ef3739..df5234b 100644
4303 -type f -print | xargs rm -f
4304
4305
4306 -@@ -1385,6 +1470,8 @@ PHONY += $(module-dirs) modules
4307 +@@ -1385,6 +1476,8 @@ PHONY += $(module-dirs) modules
4308 $(module-dirs): crmodverdir $(objtree)/Module.symvers
4309 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
4310
4311 @@ -609,7 +615,7 @@ index 9ef3739..df5234b 100644
4312 modules: $(module-dirs)
4313 @$(kecho) ' Building modules, stage 2.';
4314 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
4315 -@@ -1525,17 +1612,21 @@ else
4316 +@@ -1525,17 +1618,21 @@ else
4317 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
4318 endif
4319
4320 @@ -635,7 +641,7 @@ index 9ef3739..df5234b 100644
4321 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
4322 %.symtypes: %.c prepare scripts FORCE
4323 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
4324 -@@ -1547,11 +1638,15 @@ endif
4325 +@@ -1547,11 +1644,15 @@ endif
4326 $(build)=$(build-dir)
4327 # Make sure the latest headers are built for Documentation
4328 Documentation/: headers_install
4329 @@ -18606,6 +18612,19 @@ index 48f99f1..d78ebf9 100644
4330
4331 #ifdef CONFIG_X86_VSMP
4332 #ifdef CONFIG_SMP
4333 +diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h
4334 +index 9bf3ea1..4693729 100644
4335 +--- a/arch/x86/include/asm/cacheflush.h
4336 ++++ b/arch/x86/include/asm/cacheflush.h
4337 +@@ -133,7 +133,7 @@ static inline void arch_memcpy_to_pmem(void __pmem *dst, const void *src,
4338 + * before the WARN+BUG.
4339 + */
4340 + unwritten = __copy_from_user_inatomic_nocache((void __force *) dst,
4341 +- (void __user *) src, n);
4342 ++ (void __force_user *) src, n);
4343 + if (WARN(unwritten, "%s: fault copying %p <- %p unwritten: %d\n",
4344 + __func__, dst, src, unwritten))
4345 + BUG();
4346 diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
4347 index f50de69..2b0a458 100644
4348 --- a/arch/x86/include/asm/checksum_32.h
4349 @@ -18710,15 +18729,18 @@ index ad19841..0784041 100644
4350 ({ \
4351 __typeof__ (*(ptr)) __ret = (inc); \
4352 diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h
4353 -index acdee09..a553db3 100644
4354 +index acdee09..e5c31cd 100644
4355 --- a/arch/x86/include/asm/compat.h
4356 +++ b/arch/x86/include/asm/compat.h
4357 -@@ -41,7 +41,7 @@ typedef s64 __attribute__((aligned(4))) compat_s64;
4358 +@@ -41,7 +41,11 @@ typedef s64 __attribute__((aligned(4))) compat_s64;
4359 typedef u32 compat_uint_t;
4360 typedef u32 compat_ulong_t;
4361 typedef u64 __attribute__((aligned(4))) compat_u64;
4362 --typedef u32 compat_uptr_t;
4363 ++#ifdef CHECKER_PLUGIN_USER
4364 + typedef u32 compat_uptr_t;
4365 ++#else
4366 +typedef u32 __user compat_uptr_t;
4367 ++#endif
4368
4369 struct compat_timespec {
4370 compat_time_t tv_sec;
4371 @@ -19062,6 +19084,26 @@ index ced283a..ffe04cc 100644
4372 {
4373 union {
4374 u64 v64;
4375 +diff --git a/arch/x86/include/asm/dma.h b/arch/x86/include/asm/dma.h
4376 +index fe884e1..46149ae 100644
4377 +--- a/arch/x86/include/asm/dma.h
4378 ++++ b/arch/x86/include/asm/dma.h
4379 +@@ -149,6 +149,7 @@
4380 + #ifdef CONFIG_ISA_DMA_API
4381 + extern spinlock_t dma_spin_lock;
4382 +
4383 ++static inline unsigned long claim_dma_lock(void) __acquires(&dma_spin_lock);
4384 + static inline unsigned long claim_dma_lock(void)
4385 + {
4386 + unsigned long flags;
4387 +@@ -156,6 +157,7 @@ static inline unsigned long claim_dma_lock(void)
4388 + return flags;
4389 + }
4390 +
4391 ++static inline void release_dma_lock(unsigned long flags) __releases(&dma_spin_lock);
4392 + static inline void release_dma_lock(unsigned long flags)
4393 + {
4394 + spin_unlock_irqrestore(&dma_spin_lock, flags);
4395 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
4396 index f161c18..97d43e8 100644
4397 --- a/arch/x86/include/asm/elf.h
4398 @@ -19508,11 +19550,11 @@ index 6615032..9c233be 100644
4399 extern void elcr_set_level_irq(unsigned int irq);
4400
4401 diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h
4402 -index ccffa53..3c90c87 100644
4403 +index 39bcefc..272d904 100644
4404 --- a/arch/x86/include/asm/i8259.h
4405 +++ b/arch/x86/include/asm/i8259.h
4406 -@@ -62,7 +62,7 @@ struct legacy_pic {
4407 - void (*init)(int auto_eoi);
4408 +@@ -63,7 +63,7 @@ struct legacy_pic {
4409 + int (*probe)(void);
4410 int (*irq_pending)(unsigned int irq);
4411 void (*make_irq)(unsigned int irq);
4412 -};
4413 @@ -22039,7 +22081,7 @@ index cd79194..6a9956f 100644
4414 }
4415
4416 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
4417 -index a8df874..3dcbd7c 100644
4418 +index a8df874..e0aaf5f 100644
4419 --- a/arch/x86/include/asm/uaccess.h
4420 +++ b/arch/x86/include/asm/uaccess.h
4421 @@ -7,6 +7,7 @@
4422 @@ -22168,12 +22210,16 @@ index a8df874..3dcbd7c 100644
4423 "3: " ASM_CLAC "\n" \
4424 _ASM_EXTABLE_EX(1b, 2b) \
4425 _ASM_EXTABLE_EX(2b, 3b) \
4426 -@@ -260,7 +306,8 @@ extern void __put_user_8(void);
4427 - __typeof__(*(ptr)) __pu_val; \
4428 +@@ -257,10 +303,11 @@ extern void __put_user_8(void);
4429 + #define put_user(x, ptr) \
4430 + ({ \
4431 + int __ret_pu; \
4432 +- __typeof__(*(ptr)) __pu_val; \
4433 ++ __inttype(*(ptr)) __pu_val; \
4434 __chk_user_ptr(ptr); \
4435 might_fault(); \
4436 - __pu_val = x; \
4437 -+ __pu_val = (x); \
4438 ++ __pu_val = (__inttype(*(ptr)))(x); \
4439 + pax_open_userland(); \
4440 switch (sizeof(*(ptr))) { \
4441 case 1: \
4442 @@ -22186,7 +22232,20 @@ index a8df874..3dcbd7c 100644
4443 __ret_pu; \
4444 })
4445
4446 -@@ -358,8 +406,10 @@ do { \
4447 +@@ -341,10 +389,10 @@ do { \
4448 + __chk_user_ptr(ptr); \
4449 + switch (size) { \
4450 + case 1: \
4451 +- __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \
4452 ++ __get_user_asm(x, ptr, retval, "zbl", "k", "=r", errret);\
4453 + break; \
4454 + case 2: \
4455 +- __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \
4456 ++ __get_user_asm(x, ptr, retval, "zwl", "k", "=r", errret);\
4457 + break; \
4458 + case 4: \
4459 + __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \
4460 +@@ -358,27 +406,31 @@ do { \
4461 } while (0)
4462
4463 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
4464 @@ -22198,7 +22257,8 @@ index a8df874..3dcbd7c 100644
4465 "2: " ASM_CLAC "\n" \
4466 ".section .fixup,\"ax\"\n" \
4467 "3: mov %3,%0\n" \
4468 -@@ -367,8 +417,10 @@ do { \
4469 +- " xor"itype" %"rtype"1,%"rtype"1\n" \
4470 ++ " xorl %k1,%k1\n" \
4471 " jmp 2b\n" \
4472 ".previous\n" \
4473 _ASM_EXTABLE(1b, 3b) \
4474 @@ -22211,6 +22271,18 @@ index a8df874..3dcbd7c 100644
4475
4476 #define __get_user_size_ex(x, ptr, size) \
4477 do { \
4478 + __chk_user_ptr(ptr); \
4479 + switch (size) { \
4480 + case 1: \
4481 +- __get_user_asm_ex(x, ptr, "b", "b", "=q"); \
4482 ++ __get_user_asm_ex(x, ptr, "zbl", "k", "=r"); \
4483 + break; \
4484 + case 2: \
4485 +- __get_user_asm_ex(x, ptr, "w", "w", "=r"); \
4486 ++ __get_user_asm_ex(x, ptr, "zwl", "k", "=r"); \
4487 + break; \
4488 + case 4: \
4489 + __get_user_asm_ex(x, ptr, "l", "k", "=r"); \
4490 @@ -392,7 +444,7 @@ do { \
4491 } while (0)
4492
4493 @@ -22335,10 +22407,16 @@ index a8df874..3dcbd7c 100644
4494
4495 extern void __cmpxchg_wrong_size(void)
4496 __compiletime_error("Bad argument size for cmpxchg");
4497 -@@ -547,18 +624,19 @@ extern void __cmpxchg_wrong_size(void)
4498 - __typeof__(ptr) __uval = (uval); \
4499 - __typeof__(*(ptr)) __old = (old); \
4500 - __typeof__(*(ptr)) __new = (new); \
4501 +@@ -544,21 +621,22 @@ extern void __cmpxchg_wrong_size(void)
4502 + #define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \
4503 + ({ \
4504 + int __ret = 0; \
4505 +- __typeof__(ptr) __uval = (uval); \
4506 +- __typeof__(*(ptr)) __old = (old); \
4507 +- __typeof__(*(ptr)) __new = (new); \
4508 ++ __typeof__(uval) __uval = (uval); \
4509 ++ __typeof__(*(uval)) __old = (old); \
4510 ++ __typeof__(*(uval)) __new = (new); \
4511 + pax_open_userland(); \
4512 switch (size) { \
4513 case 1: \
4514 @@ -23004,18 +23082,6 @@ index 0f457e6..5970c0a 100644
4515 #define BIOS_END 0x00100000
4516
4517 #define BIOS_ROM_BASE 0xffe00000
4518 -diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
4519 -index b5d7640..8a4add8 100644
4520 ---- a/arch/x86/include/uapi/asm/svm.h
4521 -+++ b/arch/x86/include/uapi/asm/svm.h
4522 -@@ -100,6 +100,7 @@
4523 - { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
4524 - { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
4525 - { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
4526 -+ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
4527 - { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
4528 - { SVM_EXIT_INTR, "interrupt" }, \
4529 - { SVM_EXIT_NMI, "nmi" }, \
4530 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
4531 index 0f15af4..501a76a 100644
4532 --- a/arch/x86/kernel/Makefile
4533 @@ -23494,27 +23560,25 @@ index bda4886..f9c7195 100644
4534 .name = "default",
4535 .probe = probe_default,
4536 diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
4537 -index 2683f36..0bdc74c 100644
4538 +index ea4ba83..13a7b74 100644
4539 --- a/arch/x86/kernel/apic/vector.c
4540 +++ b/arch/x86/kernel/apic/vector.c
4541 -@@ -36,7 +36,7 @@ static struct irq_chip lapic_controller;
4542 +@@ -36,6 +36,7 @@ static struct irq_chip lapic_controller;
4543 static struct apic_chip_data *legacy_irq_data[NR_IRQS_LEGACY];
4544 #endif
4545
4546 --void lock_vector_lock(void)
4547 -+void lock_vector_lock(void) __acquires(vector_lock)
4548 ++void lock_vector_lock(void) __acquires(&vector_lock);
4549 + void lock_vector_lock(void)
4550 {
4551 /* Used to the online set of cpus does not change
4552 - * during assign_irq_vector.
4553 -@@ -44,7 +44,7 @@ void lock_vector_lock(void)
4554 +@@ -44,6 +45,7 @@ void lock_vector_lock(void)
4555 raw_spin_lock(&vector_lock);
4556 }
4557
4558 --void unlock_vector_lock(void)
4559 -+void unlock_vector_lock(void) __releases(vector_lock)
4560 ++void unlock_vector_lock(void) __releases(&vector_lock);
4561 + void unlock_vector_lock(void)
4562 {
4563 raw_spin_unlock(&vector_lock);
4564 - }
4565 diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
4566 index ab3219b..e8033eb 100644
4567 --- a/arch/x86/kernel/apic/x2apic_cluster.c
4568 @@ -23748,7 +23812,7 @@ index 04f0fe5..3c0598c 100644
4569
4570 /*
4571 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
4572 -index cb9e5df..0849dd8 100644
4573 +index e4f929d..0849dd8 100644
4574 --- a/arch/x86/kernel/cpu/common.c
4575 +++ b/arch/x86/kernel/cpu/common.c
4576 @@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = {
4577 @@ -23812,19 +23876,7 @@ index cb9e5df..0849dd8 100644
4578 static int __init x86_mpx_setup(char *s)
4579 {
4580 /* require an exact match without trailing characters */
4581 -@@ -272,10 +218,9 @@ __setup("nosmap", setup_disable_smap);
4582 -
4583 - static __always_inline void setup_smap(struct cpuinfo_x86 *c)
4584 - {
4585 -- unsigned long eflags;
4586 -+ unsigned long eflags = native_save_fl();
4587 -
4588 - /* This should have been cleared long ago */
4589 -- raw_local_save_flags(eflags);
4590 - BUG_ON(eflags & X86_EFLAGS_AC);
4591 -
4592 - if (cpu_has(c, X86_FEATURE_SMAP)) {
4593 -@@ -287,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
4594 +@@ -286,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
4595 }
4596 }
4597
4598 @@ -23934,7 +23986,7 @@ index cb9e5df..0849dd8 100644
4599 /*
4600 * Some CPU features depend on higher CPUID levels, which may not always
4601 * be available due to CPUID level capping or broken virtualization
4602 -@@ -387,7 +435,7 @@ void switch_to_new_gdt(int cpu)
4603 +@@ -386,7 +435,7 @@ void switch_to_new_gdt(int cpu)
4604 {
4605 struct desc_ptr gdt_descr;
4606
4607 @@ -23943,7 +23995,7 @@ index cb9e5df..0849dd8 100644
4608 gdt_descr.size = GDT_SIZE - 1;
4609 load_gdt(&gdt_descr);
4610 /* Reload the per-cpu base */
4611 -@@ -918,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
4612 +@@ -917,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
4613 setup_smep(c);
4614 setup_smap(c);
4615
4616 @@ -23964,7 +24016,7 @@ index cb9e5df..0849dd8 100644
4617 /*
4618 * The vendor-specific functions might have changed features.
4619 * Now we do "generic changes."
4620 -@@ -992,7 +1054,7 @@ void enable_sep_cpu(void)
4621 +@@ -991,7 +1054,7 @@ void enable_sep_cpu(void)
4622 int cpu;
4623
4624 cpu = get_cpu();
4625 @@ -23973,7 +24025,7 @@ index cb9e5df..0849dd8 100644
4626
4627 if (!boot_cpu_has(X86_FEATURE_SEP))
4628 goto out;
4629 -@@ -1138,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg)
4630 +@@ -1137,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg)
4631 }
4632 __setup("clearcpuid=", setup_disablecpuid);
4633
4634 @@ -23989,7 +24041,7 @@ index cb9e5df..0849dd8 100644
4635
4636 DEFINE_PER_CPU_FIRST(union irq_stack_union,
4637 irq_stack_union) __aligned(PAGE_SIZE) __visible;
4638 -@@ -1253,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
4639 +@@ -1252,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
4640 DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
4641 EXPORT_PER_CPU_SYMBOL(__preempt_count);
4642
4643 @@ -24018,7 +24070,7 @@ index cb9e5df..0849dd8 100644
4644 /*
4645 * Clear all 6 debug registers:
4646 */
4647 -@@ -1343,7 +1407,7 @@ void cpu_init(void)
4648 +@@ -1342,7 +1407,7 @@ void cpu_init(void)
4649 */
4650 load_ucode_ap();
4651
4652 @@ -24027,7 +24079,7 @@ index cb9e5df..0849dd8 100644
4653 oist = &per_cpu(orig_ist, cpu);
4654
4655 #ifdef CONFIG_NUMA
4656 -@@ -1375,7 +1439,6 @@ void cpu_init(void)
4657 +@@ -1374,7 +1439,6 @@ void cpu_init(void)
4658 wrmsrl(MSR_KERNEL_GS_BASE, 0);
4659 barrier();
4660
4661 @@ -24035,7 +24087,7 @@ index cb9e5df..0849dd8 100644
4662 x2apic_setup();
4663
4664 /*
4665 -@@ -1427,7 +1490,7 @@ void cpu_init(void)
4666 +@@ -1426,7 +1490,7 @@ void cpu_init(void)
4667 {
4668 int cpu = smp_processor_id();
4669 struct task_struct *curr = current;
4670 @@ -24316,6 +24368,30 @@ index 969dc17..a9c3fdd 100644
4671 }
4672
4673 static void microcode_fini_cpu(int cpu)
4674 +diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
4675 +index 3b533cf..b40d426 100644
4676 +--- a/arch/x86/kernel/cpu/mtrr/generic.c
4677 ++++ b/arch/x86/kernel/cpu/mtrr/generic.c
4678 +@@ -723,7 +723,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
4679 + * The caller must ensure that local interrupts are disabled and
4680 + * are reenabled after post_set() has been called.
4681 + */
4682 +-static void prepare_set(void) __acquires(set_atomicity_lock)
4683 ++static void prepare_set(void) __acquires(&set_atomicity_lock);
4684 ++static void prepare_set(void)
4685 + {
4686 + unsigned long cr0;
4687 +
4688 +@@ -759,7 +760,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
4689 + wbinvd();
4690 + }
4691 +
4692 +-static void post_set(void) __releases(set_atomicity_lock)
4693 ++static void post_set(void) __releases(&set_atomicity_lock);
4694 ++static void post_set(void)
4695 + {
4696 + /* Flush TLBs (no need to flush caches - they are disabled) */
4697 + count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
4698 diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
4699 index e7ed0d8..57a2ab9 100644
4700 --- a/arch/x86/kernel/cpu/mtrr/main.c
4701 @@ -24405,10 +24481,95 @@ index 97242a9..cf9c30e 100644
4702
4703 while (amd_iommu_v2_event_descs[i].attr.attr.name)
4704 diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
4705 -index 1b09c42..521004d 100644
4706 +index 1b09c42..9627a7b 100644
4707 --- a/arch/x86/kernel/cpu/perf_event_intel.c
4708 +++ b/arch/x86/kernel/cpu/perf_event_intel.c
4709 -@@ -3019,10 +3019,10 @@ __init int intel_pmu_init(void)
4710 +@@ -1900,6 +1900,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
4711 + }
4712 +
4713 + static void
4714 ++intel_start_scheduling(struct cpu_hw_events *cpuc) __acquires(&cpuc->excl_cntrs->lock);
4715 ++static void
4716 + intel_start_scheduling(struct cpu_hw_events *cpuc)
4717 + {
4718 + struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
4719 +@@ -1909,14 +1911,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
4720 + /*
4721 + * nothing needed if in group validation mode
4722 + */
4723 +- if (cpuc->is_fake || !is_ht_workaround_enabled())
4724 ++ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
4725 ++ __acquire(&excl_cntrs->lock);
4726 + return;
4727 ++ }
4728 +
4729 + /*
4730 + * no exclusion needed
4731 + */
4732 +- if (WARN_ON_ONCE(!excl_cntrs))
4733 ++ if (WARN_ON_ONCE(!excl_cntrs)) {
4734 ++ __acquire(&excl_cntrs->lock);
4735 + return;
4736 ++ }
4737 +
4738 + xl = &excl_cntrs->states[tid];
4739 +
4740 +@@ -1956,6 +1962,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
4741 + }
4742 +
4743 + static void
4744 ++intel_stop_scheduling(struct cpu_hw_events *cpuc) __releases(&cpuc->excl_cntrs->lock);
4745 ++static void
4746 + intel_stop_scheduling(struct cpu_hw_events *cpuc)
4747 + {
4748 + struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
4749 +@@ -1965,13 +1973,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
4750 + /*
4751 + * nothing needed if in group validation mode
4752 + */
4753 +- if (cpuc->is_fake || !is_ht_workaround_enabled())
4754 ++ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
4755 ++ __release(&excl_cntrs->lock);
4756 + return;
4757 ++ }
4758 ++
4759 + /*
4760 + * no exclusion needed
4761 + */
4762 +- if (WARN_ON_ONCE(!excl_cntrs))
4763 ++ if (WARN_ON_ONCE(!excl_cntrs)) {
4764 ++ __release(&excl_cntrs->lock);
4765 + return;
4766 ++ }
4767 +
4768 + xl = &excl_cntrs->states[tid];
4769 +
4770 +@@ -2154,19 +2167,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
4771 + * unused now.
4772 + */
4773 + if (hwc->idx >= 0) {
4774 ++ bool sched_started;
4775 ++
4776 + xl = &excl_cntrs->states[tid];
4777 ++ sched_started = xl->sched_started;
4778 +
4779 + /*
4780 + * put_constraint may be called from x86_schedule_events()
4781 + * which already has the lock held so here make locking
4782 + * conditional.
4783 + */
4784 +- if (!xl->sched_started)
4785 ++ if (!sched_started)
4786 + raw_spin_lock(&excl_cntrs->lock);
4787 +
4788 + xl->state[hwc->idx] = INTEL_EXCL_UNUSED;
4789 +
4790 +- if (!xl->sched_started)
4791 ++ if (!sched_started)
4792 + raw_spin_unlock(&excl_cntrs->lock);
4793 + }
4794 + }
4795 +@@ -3019,10 +3035,10 @@ __init int intel_pmu_init(void)
4796 x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
4797
4798 if (boot_cpu_has(X86_FEATURE_PDCM)) {
4799 @@ -25376,7 +25537,7 @@ index dc60810..6c8a1fa 100644
4800 }
4801
4802 diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
4803 -index 50ec9af..32d7f10 100644
4804 +index 6545e6d..32d7f10 100644
4805 --- a/arch/x86/kernel/fpu/signal.c
4806 +++ b/arch/x86/kernel/fpu/signal.c
4807 @@ -54,7 +54,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf,
4808 @@ -25465,34 +25626,8 @@ index 50ec9af..32d7f10 100644
4809 err = -1;
4810 } else {
4811 sanitize_restored_xstate(tsk, &env, xfeatures, fx_only);
4812 -@@ -385,20 +387,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame,
4813 - */
4814 - void fpu__init_prepare_fx_sw_frame(void)
4815 - {
4816 -- int fsave_header_size = sizeof(struct fregs_state);
4817 - int size = xstate_size + FP_XSTATE_MAGIC2_SIZE;
4818 -
4819 -- if (config_enabled(CONFIG_X86_32))
4820 -- size += fsave_header_size;
4821 --
4822 - fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
4823 - fx_sw_reserved.extended_size = size;
4824 - fx_sw_reserved.xfeatures = xfeatures_mask;
4825 - fx_sw_reserved.xstate_size = xstate_size;
4826 -
4827 -- if (config_enabled(CONFIG_IA32_EMULATION)) {
4828 -+ if (config_enabled(CONFIG_IA32_EMULATION) ||
4829 -+ config_enabled(CONFIG_X86_32)) {
4830 -+ int fsave_header_size = sizeof(struct fregs_state);
4831 -+
4832 - fx_sw_reserved_ia32 = fx_sw_reserved;
4833 -- fx_sw_reserved_ia32.extended_size += fsave_header_size;
4834 -+ fx_sw_reserved_ia32.extended_size = size + fsave_header_size;
4835 - }
4836 - }
4837 -
4838 diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
4839 -index 62fc001..099cbd7 100644
4840 +index 2c4ac07..099cbd7 100644
4841 --- a/arch/x86/kernel/fpu/xstate.c
4842 +++ b/arch/x86/kernel/fpu/xstate.c
4843 @@ -93,14 +93,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures);
4844 @@ -25512,15 +25647,7 @@ index 62fc001..099cbd7 100644
4845
4846 /*
4847 * None of the feature bits are in init state. So nothing else
4848 -@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature)
4849 - if (!boot_cpu_has(X86_FEATURE_XSAVE))
4850 - return NULL;
4851 -
4852 -- xsave = &current->thread.fpu.state.xsave;
4853 - /*
4854 - * We should not ever be requesting features that we
4855 - * have not enabled. Remember that pcntxt_mask is
4856 -@@ -457,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state)
4857 +@@ -456,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state)
4858 */
4859 fpu__save(fpu);
4860
4861 @@ -26102,7 +26229,7 @@ index 0e2d96f..5889003 100644
4862 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
4863 + .endr
4864 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
4865 -index 1d40ca8..2dbedb3 100644
4866 +index ffdc0e8..2dbedb3 100644
4867 --- a/arch/x86/kernel/head_64.S
4868 +++ b/arch/x86/kernel/head_64.S
4869 @@ -20,6 +20,8 @@
4870 @@ -26127,17 +26254,7 @@ index 1d40ca8..2dbedb3 100644
4871
4872 .text
4873 __HEAD
4874 -@@ -65,6 +73,9 @@ startup_64:
4875 - * tables and then reload them.
4876 - */
4877 -
4878 -+ /* Sanitize CPU configuration */
4879 -+ call verify_cpu
4880 -+
4881 - /*
4882 - * Compute the delta between the address I am compiled to run at and the
4883 - * address I am actually running at.
4884 -@@ -89,11 +100,33 @@ startup_64:
4885 +@@ -92,11 +100,33 @@ startup_64:
4886 * Fixup the physical addresses in the page table
4887 */
4888 addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
4889 @@ -26173,13 +26290,10 @@ index 1d40ca8..2dbedb3 100644
4890
4891 /*
4892 * Set up the identity mapping for the switchover. These
4893 -@@ -174,11 +207,16 @@ ENTRY(secondary_startup_64)
4894 - * after the boot processor executes this code.
4895 - */
4896 +@@ -180,11 +210,13 @@ ENTRY(secondary_startup_64)
4897 + /* Sanitize CPU configuration */
4898 + call verify_cpu
4899
4900 -+ /* Sanitize CPU configuration */
4901 -+ call verify_cpu
4902 -+
4903 + orq $-1, %rbp
4904 +
4905 movq $(init_level4_pgt - __START_KERNEL_map), %rax
4906 @@ -26192,7 +26306,7 @@ index 1d40ca8..2dbedb3 100644
4907 movq %rcx, %cr4
4908
4909 /* Setup early boot stage 4 level pagetables. */
4910 -@@ -199,10 +237,21 @@ ENTRY(secondary_startup_64)
4911 +@@ -205,10 +237,21 @@ ENTRY(secondary_startup_64)
4912 movl $MSR_EFER, %ecx
4913 rdmsr
4914 btsl $_EFER_SCE, %eax /* Enable System Call */
4915 @@ -26215,7 +26329,7 @@ index 1d40ca8..2dbedb3 100644
4916 1: wrmsr /* Make changes effective */
4917
4918 /* Setup cr0 */
4919 -@@ -282,12 +331,15 @@ ENTRY(secondary_startup_64)
4920 +@@ -288,6 +331,7 @@ ENTRY(secondary_startup_64)
4921 * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
4922 * address given in m16:64.
4923 */
4924 @@ -26223,15 +26337,7 @@ index 1d40ca8..2dbedb3 100644
4925 movq initial_code(%rip),%rax
4926 pushq $0 # fake return address to stop unwinder
4927 pushq $__KERNEL_CS # set correct cs
4928 - pushq %rax # target address in negative space
4929 - lretq
4930 -
4931 -+#include "verify_cpu.S"
4932 -+
4933 - #ifdef CONFIG_HOTPLUG_CPU
4934 - /*
4935 - * Boot CPU0 entry point. It's called from play_dead(). Everything has been set
4936 -@@ -313,7 +365,7 @@ ENDPROC(start_cpu0)
4937 +@@ -321,7 +365,7 @@ ENDPROC(start_cpu0)
4938 .quad INIT_PER_CPU_VAR(irq_stack_union)
4939
4940 GLOBAL(stack_start)
4941 @@ -26240,7 +26346,7 @@ index 1d40ca8..2dbedb3 100644
4942 .word 0
4943 __FINITDATA
4944
4945 -@@ -393,7 +445,7 @@ early_idt_handler_common:
4946 +@@ -401,7 +445,7 @@ early_idt_handler_common:
4947 call dump_stack
4948 #ifdef CONFIG_KALLSYMS
4949 leaq early_idt_ripmsg(%rip),%rdi
4950 @@ -26249,7 +26355,7 @@ index 1d40ca8..2dbedb3 100644
4951 call __print_symbol
4952 #endif
4953 #endif /* EARLY_PRINTK */
4954 -@@ -422,6 +474,7 @@ ENDPROC(early_idt_handler_common)
4955 +@@ -430,6 +474,7 @@ ENDPROC(early_idt_handler_common)
4956 early_recursion_flag:
4957 .long 0
4958
4959 @@ -26257,7 +26363,7 @@ index 1d40ca8..2dbedb3 100644
4960 #ifdef CONFIG_EARLY_PRINTK
4961 early_idt_msg:
4962 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
4963 -@@ -444,40 +497,67 @@ GLOBAL(name)
4964 +@@ -452,40 +497,67 @@ GLOBAL(name)
4965 __INITDATA
4966 NEXT_PAGE(early_level4_pgt)
4967 .fill 511,8,0
4968 @@ -26337,7 +26443,7 @@ index 1d40ca8..2dbedb3 100644
4969
4970 NEXT_PAGE(level2_kernel_pgt)
4971 /*
4972 -@@ -494,31 +574,79 @@ NEXT_PAGE(level2_kernel_pgt)
4973 +@@ -502,31 +574,79 @@ NEXT_PAGE(level2_kernel_pgt)
4974 KERNEL_IMAGE_SIZE/PMD_SIZE)
4975
4976 NEXT_PAGE(level2_fixmap_pgt)
4977 @@ -26455,7 +26561,7 @@ index 64341aa..b1e6632 100644
4978 +EXPORT_SYMBOL(cpu_pgd);
4979 +#endif
4980 diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
4981 -index 16cb827..372334f 100644
4982 +index be22f5a..c5d0e1f 100644
4983 --- a/arch/x86/kernel/i8259.c
4984 +++ b/arch/x86/kernel/i8259.c
4985 @@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq)
4986 @@ -26476,7 +26582,7 @@ index 16cb827..372334f 100644
4987 /*
4988 * Theoretically we do not have to handle this IRQ,
4989 * but in Linux this does not cause problems and is
4990 -@@ -349,14 +349,16 @@ static void init_8259A(int auto_eoi)
4991 +@@ -356,14 +356,16 @@ static void init_8259A(int auto_eoi)
4992 /* (slave's support for AEOI in flat mode is to be investigated) */
4993 outb_pic(SLAVE_ICW4_DEFAULT, PIC_SLAVE_IMR);
4994
4995 @@ -28544,7 +28650,7 @@ index 98111b3..73ca125 100644
4996 identity_mapped:
4997 /* set return address to 0 if not preserving context */
4998 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
4999 -index 80f874b..b3eff67 100644
5000 +index 1e6f70f..a6b1c8a 100644
5001 --- a/arch/x86/kernel/setup.c
5002 +++ b/arch/x86/kernel/setup.c
5003 @@ -111,6 +111,7 @@
5004 @@ -29480,7 +29586,7 @@ index 6647624..2056791 100644
5005 force_sig_info(SIGSEGV, SEND_SIG_FORCED, current);
5006 }
5007 diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
5008 -index b9242ba..ae8c9cf 100644
5009 +index 4cf401f..ae8c9cf 100644
5010 --- a/arch/x86/kernel/verify_cpu.S
5011 +++ b/arch/x86/kernel/verify_cpu.S
5012 @@ -20,6 +20,7 @@
5013 @@ -29491,42 +29597,6 @@ index b9242ba..ae8c9cf 100644
5014 *
5015 * verify_cpu, returns the status of longmode and SSE in register %eax.
5016 * 0: Success 1: Failure
5017 -@@ -34,10 +35,11 @@
5018 - #include <asm/msr-index.h>
5019 -
5020 - verify_cpu:
5021 -- pushfl # Save caller passed flags
5022 -- pushl $0 # Kill any dangerous flags
5023 -- popfl
5024 -+ pushf # Save caller passed flags
5025 -+ push $0 # Kill any dangerous flags
5026 -+ popf
5027 -
5028 -+#ifndef __x86_64__
5029 - pushfl # standard way to check for cpuid
5030 - popl %eax
5031 - movl %eax,%ebx
5032 -@@ -48,6 +50,7 @@ verify_cpu:
5033 - popl %eax
5034 - cmpl %eax,%ebx
5035 - jz verify_cpu_no_longmode # cpu has no cpuid
5036 -+#endif
5037 -
5038 - movl $0x0,%eax # See if cpuid 1 is implemented
5039 - cpuid
5040 -@@ -130,10 +133,10 @@ verify_cpu_sse_test:
5041 - jmp verify_cpu_sse_test # try again
5042 -
5043 - verify_cpu_no_longmode:
5044 -- popfl # Restore caller passed flags
5045 -+ popf # Restore caller passed flags
5046 - movl $1,%eax
5047 - ret
5048 - verify_cpu_sse_ok:
5049 -- popfl # Restore caller passed flags
5050 -+ popf # Restore caller passed flags
5051 - xorl %eax, %eax
5052 - ret
5053 diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
5054 index fc9db6e..2c5865d 100644
5055 --- a/arch/x86/kernel/vm86_32.c
5056 @@ -29992,10 +30062,10 @@ index 2fbea25..9e0f8c7 100644
5057
5058 out:
5059 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
5060 -index 2392541a..2aefc2a 100644
5061 +index f17c342..d5d17bc 100644
5062 --- a/arch/x86/kvm/emulate.c
5063 +++ b/arch/x86/kvm/emulate.c
5064 -@@ -3851,7 +3851,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
5065 +@@ -3870,7 +3870,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
5066 int cr = ctxt->modrm_reg;
5067 u64 efer = 0;
5068
5069 @@ -30004,8 +30074,90 @@ index 2392541a..2aefc2a 100644
5070 0xffffffff00000000ULL,
5071 0, 0, 0, /* CR3 checked later */
5072 CR4_RESERVED_BITS,
5073 +diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
5074 +index fef922f..18f48a0 100644
5075 +--- a/arch/x86/kvm/i8259.c
5076 ++++ b/arch/x86/kvm/i8259.c
5077 +@@ -39,14 +39,14 @@
5078 +
5079 + static void pic_irq_request(struct kvm *kvm, int level);
5080 +
5081 ++static void pic_lock(struct kvm_pic *s) __acquires(&s->lock);
5082 + static void pic_lock(struct kvm_pic *s)
5083 +- __acquires(&s->lock)
5084 + {
5085 + spin_lock(&s->lock);
5086 + }
5087 +
5088 ++static void pic_unlock(struct kvm_pic *s) __releases(&s->lock);
5089 + static void pic_unlock(struct kvm_pic *s)
5090 +- __releases(&s->lock)
5091 + {
5092 + bool wakeup = s->wakeup_needed;
5093 + struct kvm_vcpu *vcpu, *found = NULL;
5094 +@@ -72,6 +72,7 @@ static void pic_unlock(struct kvm_pic *s)
5095 + }
5096 + }
5097 +
5098 ++static void pic_clear_isr(struct kvm_kpic_state *s, int irq) __must_hold(s->pics_state);
5099 + static void pic_clear_isr(struct kvm_kpic_state *s, int irq)
5100 + {
5101 + s->isr &= ~(1 << irq);
5102 +@@ -219,6 +220,7 @@ void kvm_pic_clear_all(struct kvm_pic *s, int irq_source_id)
5103 + /*
5104 + * acknowledge interrupt 'irq'
5105 + */
5106 ++static inline void pic_intack(struct kvm_kpic_state *s, int irq) __must_hold(s);
5107 + static inline void pic_intack(struct kvm_kpic_state *s, int irq)
5108 + {
5109 + s->isr |= 1 << irq;
5110 +@@ -273,6 +275,7 @@ int kvm_pic_read_irq(struct kvm *kvm)
5111 + return intno;
5112 + }
5113 +
5114 ++void kvm_pic_reset(struct kvm_kpic_state *s) __must_hold(s);
5115 + void kvm_pic_reset(struct kvm_kpic_state *s)
5116 + {
5117 + int irq, i;
5118 +@@ -307,6 +310,7 @@ void kvm_pic_reset(struct kvm_kpic_state *s)
5119 + pic_clear_isr(s, irq);
5120 + }
5121 +
5122 ++static void pic_ioport_write(void *opaque, u32 addr, u32 val) __must_hold(opaque);
5123 + static void pic_ioport_write(void *opaque, u32 addr, u32 val)
5124 + {
5125 + struct kvm_kpic_state *s = opaque;
5126 +@@ -400,6 +404,7 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
5127 + }
5128 + }
5129 +
5130 ++static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1) __must_hold(s);
5131 + static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1)
5132 + {
5133 + int ret;
5134 +@@ -422,6 +427,7 @@ static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1)
5135 + return ret;
5136 + }
5137 +
5138 ++static u32 pic_ioport_read(void *opaque, u32 addr1) __must_hold(opaque);
5139 + static u32 pic_ioport_read(void *opaque, u32 addr1)
5140 + {
5141 + struct kvm_kpic_state *s = opaque;
5142 +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
5143 +index 856f791..bfc7694 100644
5144 +--- a/arch/x86/kvm/ioapic.c
5145 ++++ b/arch/x86/kvm/ioapic.c
5146 +@@ -422,6 +422,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
5147 + #define IOAPIC_SUCCESSIVE_IRQ_MAX_COUNT 10000
5148 +
5149 + static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
5150 ++ struct kvm_ioapic *ioapic, int vector, int trigger_mode) __must_hold(&ioapic->lock);
5151 ++static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
5152 + struct kvm_ioapic *ioapic, int vector, int trigger_mode)
5153 + {
5154 + int i;
5155 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
5156 -index 2a5ca97..ce8577a 100644
5157 +index 236e346..2b0f2be 100644
5158 --- a/arch/x86/kvm/lapic.c
5159 +++ b/arch/x86/kvm/lapic.c
5160 @@ -56,7 +56,7 @@
5161 @@ -30031,19 +30183,18 @@ index 0f67d7e..4b9fa11 100644
5162 goto error;
5163 walker->ptep_user[walker->level - 1] = ptep_user;
5164 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
5165 -index 2d32b67..976f46e 100644
5166 +index 00da6e8..7901046 100644
5167 --- a/arch/x86/kvm/svm.c
5168 +++ b/arch/x86/kvm/svm.c
5169 -@@ -1106,6 +1106,8 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
5170 - set_exception_intercept(svm, PF_VECTOR);
5171 +@@ -1107,6 +1107,7 @@ static void init_vmcb(struct vcpu_svm *svm)
5172 set_exception_intercept(svm, UD_VECTOR);
5173 set_exception_intercept(svm, MC_VECTOR);
5174 -+ set_exception_intercept(svm, AC_VECTOR);
5175 + set_exception_intercept(svm, AC_VECTOR);
5176 + set_exception_intercept(svm, DB_VECTOR);
5177
5178 set_intercept(svm, INTERCEPT_INTR);
5179 set_intercept(svm, INTERCEPT_NMI);
5180 -@@ -1641,20 +1643,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
5181 +@@ -1641,20 +1642,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
5182 mark_dirty(svm->vmcb, VMCB_SEG);
5183 }
5184
5185 @@ -30065,7 +30216,7 @@ index 2d32b67..976f46e 100644
5186 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
5187 set_exception_intercept(svm, BP_VECTOR);
5188 } else
5189 -@@ -1760,7 +1755,6 @@ static int db_interception(struct vcpu_svm *svm)
5190 +@@ -1760,7 +1754,6 @@ static int db_interception(struct vcpu_svm *svm)
5191 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
5192 svm->vmcb->save.rflags &=
5193 ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
5194 @@ -30073,28 +30224,7 @@ index 2d32b67..976f46e 100644
5195 }
5196
5197 if (svm->vcpu.guest_debug &
5198 -@@ -1795,6 +1789,12 @@ static int ud_interception(struct vcpu_svm *svm)
5199 - return 1;
5200 - }
5201 -
5202 -+static int ac_interception(struct vcpu_svm *svm)
5203 -+{
5204 -+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
5205 -+ return 1;
5206 -+}
5207 -+
5208 - static void svm_fpu_activate(struct kvm_vcpu *vcpu)
5209 - {
5210 - struct vcpu_svm *svm = to_svm(vcpu);
5211 -@@ -3369,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
5212 - [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
5213 - [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
5214 - [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
5215 -+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
5216 - [SVM_EXIT_INTR] = intr_interception,
5217 - [SVM_EXIT_NMI] = nmi_interception,
5218 - [SVM_EXIT_SMI] = nop_on_interception,
5219 -@@ -3586,7 +3587,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
5220 +@@ -3593,7 +3586,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
5221 int cpu = raw_smp_processor_id();
5222
5223 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
5224 @@ -30106,7 +30236,7 @@ index 2d32b67..976f46e 100644
5225 load_TR_desc();
5226 }
5227
5228 -@@ -3752,7 +3757,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
5229 +@@ -3759,7 +3756,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
5230 */
5231 svm->nmi_singlestep = true;
5232 svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
5233 @@ -30114,7 +30244,7 @@ index 2d32b67..976f46e 100644
5234 }
5235
5236 static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
5237 -@@ -3982,6 +3986,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
5238 +@@ -3989,6 +3985,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
5239 #endif
5240 #endif
5241
5242 @@ -30125,7 +30255,7 @@ index 2d32b67..976f46e 100644
5243 reload_tss(vcpu);
5244
5245 local_irq_disable();
5246 -@@ -4355,7 +4363,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
5247 +@@ -4362,7 +4362,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
5248 {
5249 }
5250
5251 @@ -30134,7 +30264,7 @@ index 2d32b67..976f46e 100644
5252 .cpu_has_kvm_support = has_svm,
5253 .disabled_by_bios = is_disabled,
5254 .hardware_setup = svm_hardware_setup,
5255 -@@ -4374,7 +4382,7 @@ static struct kvm_x86_ops svm_x86_ops = {
5256 +@@ -4381,7 +4381,7 @@ static struct kvm_x86_ops svm_x86_ops = {
5257 .vcpu_load = svm_vcpu_load,
5258 .vcpu_put = svm_vcpu_put,
5259
5260 @@ -30144,7 +30274,7 @@ index 2d32b67..976f46e 100644
5261 .set_msr = svm_set_msr,
5262 .get_segment_base = svm_get_segment_base,
5263 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
5264 -index aa9e8229..5f643bf 100644
5265 +index e77d75b..0f056cd 100644
5266 --- a/arch/x86/kvm/vmx.c
5267 +++ b/arch/x86/kvm/vmx.c
5268 @@ -1440,12 +1440,12 @@ static void vmcs_write64(unsigned long field, u64 value)
5269 @@ -30162,15 +30292,6 @@ index aa9e8229..5f643bf 100644
5270 {
5271 vmcs_writel(field, vmcs_readl(field) | mask);
5272 }
5273 -@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
5274 - u32 eb;
5275 -
5276 - eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
5277 -- (1u << NM_VECTOR) | (1u << DB_VECTOR);
5278 -+ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
5279 - if ((vcpu->guest_debug &
5280 - (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
5281 - (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
5282 @@ -1705,7 +1705,11 @@ static void reload_tss(void)
5283 struct desc_struct *descs;
5284
5285 @@ -30223,17 +30344,7 @@ index aa9e8229..5f643bf 100644
5286
5287 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
5288 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
5289 -@@ -5118,6 +5129,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
5290 - return handle_rmode_exception(vcpu, ex_no, error_code);
5291 -
5292 - switch (ex_no) {
5293 -+ case AC_VECTOR:
5294 -+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
5295 -+ return 1;
5296 - case DB_VECTOR:
5297 - dr6 = vmcs_readl(EXIT_QUALIFICATION);
5298 - if (!(vcpu->guest_debug &
5299 -@@ -6097,11 +6111,17 @@ static __init int hardware_setup(void)
5300 +@@ -6099,11 +6110,17 @@ static __init int hardware_setup(void)
5301 * page upon invalidation. No need to do anything if not
5302 * using the APIC_ACCESS_ADDR VMCS field.
5303 */
5304 @@ -30253,7 +30364,7 @@ index aa9e8229..5f643bf 100644
5305
5306 if (enable_ept && !cpu_has_vmx_ept_2m_page())
5307 kvm_disable_largepages();
5308 -@@ -6112,6 +6132,7 @@ static __init int hardware_setup(void)
5309 +@@ -6114,6 +6131,7 @@ static __init int hardware_setup(void)
5310 if (!cpu_has_vmx_apicv())
5311 enable_apicv = 0;
5312
5313 @@ -30261,7 +30372,7 @@ index aa9e8229..5f643bf 100644
5314 if (enable_apicv)
5315 kvm_x86_ops->update_cr8_intercept = NULL;
5316 else {
5317 -@@ -6120,6 +6141,7 @@ static __init int hardware_setup(void)
5318 +@@ -6122,6 +6140,7 @@ static __init int hardware_setup(void)
5319 kvm_x86_ops->deliver_posted_interrupt = NULL;
5320 kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy;
5321 }
5322 @@ -30269,7 +30380,7 @@ index aa9e8229..5f643bf 100644
5323
5324 vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
5325 vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
5326 -@@ -6174,10 +6196,12 @@ static __init int hardware_setup(void)
5327 +@@ -6176,10 +6195,12 @@ static __init int hardware_setup(void)
5328 enable_pml = 0;
5329
5330 if (!enable_pml) {
5331 @@ -30282,7 +30393,7 @@ index aa9e8229..5f643bf 100644
5332 }
5333
5334 return alloc_kvm_area();
5335 -@@ -8380,6 +8404,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5336 +@@ -8382,6 +8403,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5337 "jmp 2f \n\t"
5338 "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
5339 "2: "
5340 @@ -30295,7 +30406,7 @@ index aa9e8229..5f643bf 100644
5341 /* Save guest registers, load host registers, keep flags */
5342 "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
5343 "pop %0 \n\t"
5344 -@@ -8432,6 +8462,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5345 +@@ -8434,6 +8461,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5346 #endif
5347 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
5348 [wordsize]"i"(sizeof(ulong))
5349 @@ -30307,7 +30418,7 @@ index aa9e8229..5f643bf 100644
5350 : "cc", "memory"
5351 #ifdef CONFIG_X86_64
5352 , "rax", "rbx", "rdi", "rsi"
5353 -@@ -8445,7 +8480,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5354 +@@ -8447,7 +8479,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5355 if (debugctlmsr)
5356 update_debugctlmsr(debugctlmsr);
5357
5358 @@ -30316,7 +30427,7 @@ index aa9e8229..5f643bf 100644
5359 /*
5360 * The sysexit path does not restore ds/es, so we must set them to
5361 * a reasonable value ourselves.
5362 -@@ -8454,8 +8489,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5363 +@@ -8456,8 +8488,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
5364 * may be executed in interrupt context, which saves and restore segments
5365 * around it, nullifying its effect.
5366 */
5367 @@ -30337,7 +30448,7 @@ index aa9e8229..5f643bf 100644
5368 #endif
5369
5370 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
5371 -@@ -10309,7 +10354,7 @@ static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm,
5372 +@@ -10311,7 +10353,7 @@ static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm,
5373 kvm_mmu_clear_dirty_pt_masked(kvm, memslot, offset, mask);
5374 }
5375
5376 @@ -30347,10 +30458,10 @@ index aa9e8229..5f643bf 100644
5377 .disabled_by_bios = vmx_disabled_by_bios,
5378 .hardware_setup = hardware_setup,
5379 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
5380 -index 373328b7..310cf2f 100644
5381 +index 2781e2b..b7bff94 100644
5382 --- a/arch/x86/kvm/x86.c
5383 +++ b/arch/x86/kvm/x86.c
5384 -@@ -1842,8 +1842,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
5385 +@@ -1844,8 +1844,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
5386 {
5387 struct kvm *kvm = vcpu->kvm;
5388 int lm = is_long_mode(vcpu);
5389 @@ -30361,7 +30472,7 @@ index 373328b7..310cf2f 100644
5390 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
5391 : kvm->arch.xen_hvm_config.blob_size_32;
5392 u32 page_num = data & ~PAGE_MASK;
5393 -@@ -2733,6 +2733,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
5394 +@@ -2735,6 +2735,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
5395 if (n < msr_list.nmsrs)
5396 goto out;
5397 r = -EFAULT;
5398 @@ -30370,7 +30481,7 @@ index 373328b7..310cf2f 100644
5399 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
5400 num_msrs_to_save * sizeof(u32)))
5401 goto out;
5402 -@@ -3093,7 +3095,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
5403 +@@ -3095,7 +3097,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
5404
5405 static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
5406 {
5407 @@ -30379,7 +30490,7 @@ index 373328b7..310cf2f 100644
5408 u64 xstate_bv = xsave->header.xfeatures;
5409 u64 valid;
5410
5411 -@@ -3129,7 +3131,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
5412 +@@ -3131,7 +3133,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
5413
5414 static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
5415 {
5416 @@ -30388,7 +30499,7 @@ index 373328b7..310cf2f 100644
5417 u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET);
5418 u64 valid;
5419
5420 -@@ -3173,7 +3175,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
5421 +@@ -3175,7 +3177,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
5422 fill_xsave((u8 *) guest_xsave->region, vcpu);
5423 } else {
5424 memcpy(guest_xsave->region,
5425 @@ -30397,7 +30508,7 @@ index 373328b7..310cf2f 100644
5426 sizeof(struct fxregs_state));
5427 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
5428 XSTATE_FPSSE;
5429 -@@ -3198,7 +3200,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
5430 +@@ -3200,7 +3202,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
5431 } else {
5432 if (xstate_bv & ~XSTATE_FPSSE)
5433 return -EINVAL;
5434 @@ -30406,7 +30517,23 @@ index 373328b7..310cf2f 100644
5435 guest_xsave->region, sizeof(struct fxregs_state));
5436 }
5437 return 0;
5438 -@@ -7217,7 +7219,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
5439 +@@ -6473,6 +6475,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
5440 + * exiting to the userspace. Otherwise, the value will be returned to the
5441 + * userspace.
5442 + */
5443 ++static int vcpu_enter_guest(struct kvm_vcpu *vcpu) __must_hold(&vcpu->kvm->srcu);
5444 + static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
5445 + {
5446 + int r;
5447 +@@ -6690,6 +6693,7 @@ out:
5448 + return r;
5449 + }
5450 +
5451 ++static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu) __must_hold(&kvm->srcu);
5452 + static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
5453 + {
5454 + if (!kvm_arch_vcpu_runnable(vcpu)) {
5455 +@@ -7229,7 +7233,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
5456 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5457 {
5458 struct fxregs_state *fxsave =
5459 @@ -30415,7 +30542,7 @@ index 373328b7..310cf2f 100644
5460
5461 memcpy(fpu->fpr, fxsave->st_space, 128);
5462 fpu->fcw = fxsave->cwd;
5463 -@@ -7234,7 +7236,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5464 +@@ -7246,7 +7250,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5465 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5466 {
5467 struct fxregs_state *fxsave =
5468 @@ -30424,7 +30551,7 @@ index 373328b7..310cf2f 100644
5469
5470 memcpy(fxsave->st_space, fpu->fpr, 128);
5471 fxsave->cwd = fpu->fcw;
5472 -@@ -7250,9 +7252,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5473 +@@ -7262,9 +7266,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5474
5475 static void fx_init(struct kvm_vcpu *vcpu)
5476 {
5477 @@ -30436,7 +30563,7 @@ index 373328b7..310cf2f 100644
5478 host_xcr0 | XSTATE_COMPACTION_ENABLED;
5479
5480 /*
5481 -@@ -7276,7 +7278,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
5482 +@@ -7288,7 +7292,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
5483 kvm_put_guest_xcr0(vcpu);
5484 vcpu->guest_fpu_loaded = 1;
5485 __kernel_fpu_begin();
5486 @@ -30445,7 +30572,7 @@ index 373328b7..310cf2f 100644
5487 trace_kvm_fpu(1);
5488 }
5489
5490 -@@ -7554,6 +7556,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
5491 +@@ -7566,6 +7570,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
5492
5493 struct static_key kvm_no_apic_vcpu __read_mostly;
5494
5495 @@ -30454,7 +30581,7 @@ index 373328b7..310cf2f 100644
5496 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
5497 {
5498 struct page *page;
5499 -@@ -7570,11 +7574,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
5500 +@@ -7582,11 +7588,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
5501 else
5502 vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
5503
5504 @@ -30473,7 +30600,7 @@ index 373328b7..310cf2f 100644
5505 vcpu->arch.pio_data = page_address(page);
5506
5507 kvm_set_tsc_khz(vcpu, max_tsc_khz);
5508 -@@ -7628,6 +7635,9 @@ fail_mmu_destroy:
5509 +@@ -7640,6 +7649,9 @@ fail_mmu_destroy:
5510 kvm_mmu_destroy(vcpu);
5511 fail_free_pio_data:
5512 free_page((unsigned long)vcpu->arch.pio_data);
5513 @@ -30483,7 +30610,7 @@ index 373328b7..310cf2f 100644
5514 fail:
5515 return r;
5516 }
5517 -@@ -7645,6 +7655,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
5518 +@@ -7657,6 +7669,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
5519 free_page((unsigned long)vcpu->arch.pio_data);
5520 if (!irqchip_in_kernel(vcpu->kvm))
5521 static_key_slow_dec(&kvm_no_apic_vcpu);
5522 @@ -32971,7 +33098,7 @@ index 91d93b9..4b22130 100644
5523 +EXPORT_SYMBOL(set_fs);
5524 +#endif
5525 diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
5526 -index 0a42327..7a82465 100644
5527 +index 0a42327..45c0063 100644
5528 --- a/arch/x86/lib/usercopy_64.c
5529 +++ b/arch/x86/lib/usercopy_64.c
5530 @@ -18,6 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
5531 @@ -33031,8 +33158,9 @@ index 0a42327..7a82465 100644
5532
5533 /* If the destination is a kernel buffer, we always clear the end */
5534 - if (!__addr_ok(to))
5535 +- memset(to, 0, len);
5536 + if (!__addr_ok(to) && (unsigned long)to >= TASK_SIZE_MAX + pax_user_shadow_base)
5537 - memset(to, 0, len);
5538 ++ memset((void __force_kernel *)to, 0, len);
5539 return len;
5540 }
5541 diff --git a/arch/x86/math-emu/fpu_aux.c b/arch/x86/math-emu/fpu_aux.c
5542 @@ -34908,77 +35036,23 @@ index 0057a7acc..95c7edd 100644
5543 might_sleep();
5544 if (is_enabled()) /* recheck and proper locking in *_core() */
5545 diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
5546 -index db1b0bc..c28f618 100644
5547 +index c28f618..73c7772 100644
5548 --- a/arch/x86/mm/mpx.c
5549 +++ b/arch/x86/mm/mpx.c
5550 -@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm,
5551 - }
5552 -
5553 - /*
5554 -+ * We only want to do a 4-byte get_user() on 32-bit. Otherwise,
5555 -+ * we might run off the end of the bounds table if we are on
5556 -+ * a 64-bit kernel and try to get 8 bytes.
5557 -+ */
5558 -+int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret,
5559 -+ long __user *bd_entry_ptr)
5560 -+{
5561 -+ u32 bd_entry_32;
5562 -+ int ret;
5563 -+
5564 -+ if (is_64bit_mm(mm))
5565 -+ return get_user(*bd_entry_ret, bd_entry_ptr);
5566 -+
5567 -+ /*
5568 -+ * Note that get_user() uses the type of the *pointer* to
5569 -+ * establish the size of the get, not the destination.
5570 -+ */
5571 -+ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr);
5572 -+ *bd_entry_ret = bd_entry_32;
5573 -+ return ret;
5574 -+}
5575 -+
5576 -+/*
5577 - * Get the base of bounds tables pointed by specific bounds
5578 - * directory entry.
5579 - */
5580 -@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm,
5581 - int need_write = 0;
5582 -
5583 - pagefault_disable();
5584 -- ret = get_user(bd_entry, bd_entry_ptr);
5585 -+ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr);
5586 - pagefault_enable();
5587 - if (!ret)
5588 - break;
5589 -@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm,
5590 - */
5591 - static inline unsigned long bd_entry_virt_space(struct mm_struct *mm)
5592 - {
5593 -- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
5594 -- if (is_64bit_mm(mm))
5595 -- return virt_space / MPX_BD_NR_ENTRIES_64;
5596 -- else
5597 -- return virt_space / MPX_BD_NR_ENTRIES_32;
5598 -+ unsigned long long virt_space;
5599 -+ unsigned long long GB = (1ULL << 30);
5600 -+
5601 -+ /*
5602 -+ * This covers 32-bit emulation as well as 32-bit kernels
5603 -+ * running on 64-bit harware.
5604 -+ */
5605 -+ if (!is_64bit_mm(mm))
5606 -+ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32;
5607 -+
5608 -+ /*
5609 -+ * 'x86_virt_bits' returns what the hardware is capable
5610 -+ * of, and returns the full >32-bit adddress space when
5611 -+ * running 32-bit kernels on 64-bit hardware.
5612 -+ */
5613 -+ virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
5614 -+ return virt_space / MPX_BD_NR_ENTRIES_64;
5615 - }
5616 -
5617 - /*
5618 +@@ -329,11 +329,11 @@ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs)
5619 + * We were not able to extract an address from the instruction,
5620 + * probably because there was something invalid in it.
5621 + */
5622 +- if (info->si_addr == (void *)-1) {
5623 ++ if (info->si_addr == (void __user *)-1) {
5624 + err = -EINVAL;
5625 + goto err_out;
5626 + }
5627 +- trace_mpx_bounds_register_exception(info->si_addr, bndreg);
5628 ++ trace_mpx_bounds_register_exception((void __force_kernel *)info->si_addr, bndreg);
5629 + return info;
5630 + err_out:
5631 + /* info might be NULL, but kfree() handles that */
5632 diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
5633 index 4053bb5..b1ad3dc 100644
5634 --- a/arch/x86/mm/numa.c
5635 @@ -34993,7 +35067,7 @@ index 4053bb5..b1ad3dc 100644
5636 unsigned long uninitialized_var(pfn_align);
5637 int i, nid;
5638 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
5639 -index 727158c..54dd3ff 100644
5640 +index 727158c..e278402 100644
5641 --- a/arch/x86/mm/pageattr.c
5642 +++ b/arch/x86/mm/pageattr.c
5643 @@ -260,7 +260,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
5644 @@ -35090,7 +35164,28 @@ index 727158c..54dd3ff 100644
5645
5646 pgprot_val(req_prot) &= ~pgprot_val(cpa->mask_clr);
5647 pgprot_val(req_prot) |= pgprot_val(cpa->mask_set);
5648 -@@ -1176,7 +1200,9 @@ repeat:
5649 +@@ -675,6 +699,10 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
5650 + return 0;
5651 + }
5652 +
5653 ++#if debug_pagealloc == 0
5654 ++static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
5655 ++ unsigned long address) __must_hold(&cpa_lock);
5656 ++#endif
5657 + static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
5658 + unsigned long address)
5659 + {
5660 +@@ -1118,6 +1146,9 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
5661 + }
5662 + }
5663 +
5664 ++#if debug_pagealloc == 0
5665 ++static int __change_page_attr(struct cpa_data *cpa, int primary) __must_hold(&cpa_lock);
5666 ++#endif
5667 + static int __change_page_attr(struct cpa_data *cpa, int primary)
5668 + {
5669 + unsigned long address;
5670 +@@ -1176,7 +1207,9 @@ repeat:
5671 * Do we really change anything ?
5672 */
5673 if (pte_val(old_pte) != pte_val(new_pte)) {
5674 @@ -39200,6 +39295,21 @@ index 5005924..9fc06c4 100644
5675 if (sif->remove_dev) {
5676 subsys_dev_iter_init(&iter, subsys, NULL, NULL);
5677 while ((dev = subsys_dev_iter_next(&iter)))
5678 +diff --git a/drivers/base/devres.c b/drivers/base/devres.c
5679 +index 8754646..6828fbe 100644
5680 +--- a/drivers/base/devres.c
5681 ++++ b/drivers/base/devres.c
5682 +@@ -475,7 +475,9 @@ static int remove_nodes(struct device *dev,
5683 +
5684 + static int release_nodes(struct device *dev, struct list_head *first,
5685 + struct list_head *end, unsigned long flags)
5686 +- __releases(&dev->devres_lock)
5687 ++ __releases(&dev->devres_lock);
5688 ++static int release_nodes(struct device *dev, struct list_head *first,
5689 ++ struct list_head *end, unsigned long flags)
5690 + {
5691 + LIST_HEAD(todo);
5692 + int cnt;
5693 diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
5694 index 68f0314..ca2a609 100644
5695 --- a/drivers/base/devtmpfs.c
5696 @@ -39277,6 +39387,40 @@ index 0ee43c1..369dd62 100644
5697 pm_genpd_poweron(pd);
5698
5699 return 0;
5700 +diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c
5701 +index e1a10a0..a6bc363 100644
5702 +--- a/drivers/base/power/runtime.c
5703 ++++ b/drivers/base/power/runtime.c
5704 +@@ -263,8 +263,8 @@ static int rpm_check_suspend_allowed(struct device *dev)
5705 + * @cb: Runtime PM callback to run.
5706 + * @dev: Device to run the callback for.
5707 + */
5708 ++static int __rpm_callback(int (*cb)(struct device *), struct device *dev) __must_hold(&dev->power.lock);
5709 + static int __rpm_callback(int (*cb)(struct device *), struct device *dev)
5710 +- __releases(&dev->power.lock) __acquires(&dev->power.lock)
5711 + {
5712 + int retval;
5713 +
5714 +@@ -412,8 +412,8 @@ static int rpm_callback(int (*cb)(struct device *), struct device *dev)
5715 + *
5716 + * This function must be called under dev->power.lock with interrupts disabled.
5717 + */
5718 ++static int rpm_suspend(struct device *dev, int rpmflags) __must_hold(&dev->power.lock);
5719 + static int rpm_suspend(struct device *dev, int rpmflags)
5720 +- __releases(&dev->power.lock) __acquires(&dev->power.lock)
5721 + {
5722 + int (*callback)(struct device *);
5723 + struct device *parent = NULL;
5724 +@@ -594,8 +594,8 @@ static int rpm_suspend(struct device *dev, int rpmflags)
5725 + *
5726 + * This function must be called under dev->power.lock with interrupts disabled.
5727 + */
5728 ++static int rpm_resume(struct device *dev, int rpmflags) __must_hold(&dev->power.lock);
5729 + static int rpm_resume(struct device *dev, int rpmflags)
5730 +- __releases(&dev->power.lock) __acquires(&dev->power.lock)
5731 + {
5732 + int (*callback)(struct device *);
5733 + struct device *parent = NULL;
5734 diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
5735 index d2be3f9..0a3167a 100644
5736 --- a/drivers/base/power/sysfs.c
5737 @@ -39370,6 +39514,30 @@ index c8941f3..f7c7a7e 100644
5738 tot_len = reg_len + 10; /* ': R W V P\n' */
5739
5740 for (i = 0; i <= map->max_register; i += map->reg_stride) {
5741 +diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
5742 +index 7111d04..bcda737 100644
5743 +--- a/drivers/base/regmap/regmap.c
5744 ++++ b/drivers/base/regmap/regmap.c
5745 +@@ -340,8 +340,8 @@ static void regmap_unlock_mutex(void *__map)
5746 + mutex_unlock(&map->mutex);
5747 + }
5748 +
5749 ++static void regmap_lock_spinlock(void *__map) __acquires(&map->spinlock);
5750 + static void regmap_lock_spinlock(void *__map)
5751 +-__acquires(&map->spinlock)
5752 + {
5753 + struct regmap *map = __map;
5754 + unsigned long flags;
5755 +@@ -350,8 +350,8 @@ __acquires(&map->spinlock)
5756 + map->spinlock_flags = flags;
5757 + }
5758 +
5759 ++static void regmap_unlock_spinlock(void *__map) __releases(&map->spinlock);
5760 + static void regmap_unlock_spinlock(void *__map)
5761 +-__releases(&map->spinlock)
5762 + {
5763 + struct regmap *map = __map;
5764 + spin_unlock_irqrestore(&map->spinlock, map->spinlock_flags);
5765 diff --git a/drivers/base/syscore.c b/drivers/base/syscore.c
5766 index 8d98a32..61d3165 100644
5767 --- a/drivers/base/syscore.c
5768 @@ -39810,7 +39978,7 @@ index 74df8cf..e41fc24 100644
5769 if (!msg)
5770 goto failed;
5771 diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
5772 -index c097909..13688e1 100644
5773 +index c097909..b0dd588 100644
5774 --- a/drivers/block/drbd/drbd_receiver.c
5775 +++ b/drivers/block/drbd/drbd_receiver.c
5776 @@ -870,7 +870,7 @@ int drbd_connected(struct drbd_peer_device *peer_device)
5777 @@ -39863,7 +40031,18 @@ index c097909..13688e1 100644
5778 list_add(&epoch->list, &connection->current_epoch->list);
5779 connection->current_epoch = epoch;
5780 connection->epochs++;
5781 -@@ -1802,7 +1802,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto
5782 +@@ -1780,7 +1780,9 @@ static int e_end_resync_block(struct drbd_work *w, int unused)
5783 + }
5784 +
5785 + static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector,
5786 +- struct packet_info *pi) __releases(local)
5787 ++ struct packet_info *pi) __releases(local);
5788 ++static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector,
5789 ++ struct packet_info *pi)
5790 + {
5791 + struct drbd_device *device = peer_device->device;
5792 + struct drbd_peer_request *peer_req;
5793 +@@ -1802,7 +1804,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto
5794 list_add_tail(&peer_req->w.list, &device->sync_ee);
5795 spin_unlock_irq(&device->resource->req_lock);
5796
5797 @@ -39872,7 +40051,7 @@ index c097909..13688e1 100644
5798 if (drbd_submit_peer_request(device, peer_req, WRITE, DRBD_FAULT_RS_WR) == 0)
5799 return 0;
5800
5801 -@@ -1900,7 +1900,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet
5802 +@@ -1900,7 +1902,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet
5803 drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size);
5804 }
5805
5806 @@ -39881,7 +40060,7 @@ index c097909..13688e1 100644
5807
5808 return err;
5809 }
5810 -@@ -2290,7 +2290,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
5811 +@@ -2290,7 +2292,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
5812
5813 err = wait_for_and_update_peer_seq(peer_device, peer_seq);
5814 drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size);
5815 @@ -39890,7 +40069,7 @@ index c097909..13688e1 100644
5816 err2 = drbd_drain_block(peer_device, pi->size);
5817 if (!err)
5818 err = err2;
5819 -@@ -2334,7 +2334,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
5820 +@@ -2334,7 +2336,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
5821
5822 spin_lock(&connection->epoch_lock);
5823 peer_req->epoch = connection->current_epoch;
5824 @@ -39899,7 +40078,7 @@ index c097909..13688e1 100644
5825 atomic_inc(&peer_req->epoch->active);
5826 spin_unlock(&connection->epoch_lock);
5827
5828 -@@ -2479,7 +2479,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device)
5829 +@@ -2479,7 +2481,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device)
5830
5831 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
5832 (int)part_stat_read(&disk->part0, sectors[1]) -
5833 @@ -39908,7 +40087,7 @@ index c097909..13688e1 100644
5834
5835 if (atomic_read(&device->ap_actlog_cnt)
5836 || curr_events - device->rs_last_events > 64) {
5837 -@@ -2618,7 +2618,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
5838 +@@ -2618,7 +2620,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
5839 device->use_csums = true;
5840 } else if (pi->cmd == P_OV_REPLY) {
5841 /* track progress, we may need to throttle */
5842 @@ -39917,7 +40096,7 @@ index c097909..13688e1 100644
5843 peer_req->w.cb = w_e_end_ov_reply;
5844 dec_rs_pending(device);
5845 /* drbd_rs_begin_io done when we sent this request,
5846 -@@ -2691,7 +2691,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
5847 +@@ -2691,7 +2693,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
5848 goto out_free_e;
5849
5850 submit_for_resync:
5851 @@ -39926,7 +40105,7 @@ index c097909..13688e1 100644
5852
5853 submit:
5854 update_receiver_timing_details(connection, drbd_submit_peer_request);
5855 -@@ -4564,7 +4564,7 @@ struct data_cmd {
5856 +@@ -4564,7 +4566,7 @@ struct data_cmd {
5857 int expect_payload;
5858 size_t pkt_size;
5859 int (*fn)(struct drbd_connection *, struct packet_info *);
5860 @@ -39935,7 +40114,7 @@ index c097909..13688e1 100644
5861
5862 static struct data_cmd drbd_cmd_handler[] = {
5863 [P_DATA] = { 1, sizeof(struct p_data), receive_Data },
5864 -@@ -4678,7 +4678,7 @@ static void conn_disconnect(struct drbd_connection *connection)
5865 +@@ -4678,7 +4680,7 @@ static void conn_disconnect(struct drbd_connection *connection)
5866 if (!list_empty(&connection->current_epoch->list))
5867 drbd_err(connection, "ASSERTION FAILED: connection->current_epoch->list not empty\n");
5868 /* ok, no more ee's on the fly, it is safe to reset the epoch_size */
5869 @@ -39944,7 +40123,7 @@ index c097909..13688e1 100644
5870 connection->send.seen_any_write_yet = false;
5871
5872 drbd_info(connection, "Connection closed\n");
5873 -@@ -5182,7 +5182,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info *
5874 +@@ -5182,7 +5184,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info *
5875 put_ldev(device);
5876 }
5877 dec_rs_pending(device);
5878 @@ -39953,7 +40132,7 @@ index c097909..13688e1 100644
5879
5880 return 0;
5881 }
5882 -@@ -5470,7 +5470,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection)
5883 +@@ -5470,7 +5472,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection)
5884 struct asender_cmd {
5885 size_t pkt_size;
5886 int (*fn)(struct drbd_connection *connection, struct packet_info *);
5887 @@ -39963,10 +40142,30 @@ index c097909..13688e1 100644
5888 static struct asender_cmd asender_tbl[] = {
5889 [P_PING] = { 0, got_Ping },
5890 diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c
5891 -index d0fae55..4469096 100644
5892 +index d0fae55..e85f28e 100644
5893 --- a/drivers/block/drbd/drbd_worker.c
5894 +++ b/drivers/block/drbd/drbd_worker.c
5895 -@@ -408,7 +408,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector,
5896 +@@ -94,7 +94,8 @@ void drbd_md_endio(struct bio *bio, int error)
5897 + /* reads on behalf of the partner,
5898 + * "submitted" by the receiver
5899 + */
5900 +-static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local)
5901 ++static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local);
5902 ++static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req)
5903 + {
5904 + unsigned long flags = 0;
5905 + struct drbd_peer_device *peer_device = peer_req->peer_device;
5906 +@@ -115,7 +116,8 @@ static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __rele
5907 +
5908 + /* writes on behalf of the partner, or resync writes,
5909 + * "submitted" by the receiver, final stage. */
5910 +-void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local)
5911 ++void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local);
5912 ++void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req)
5913 + {
5914 + unsigned long flags = 0;
5915 + struct drbd_peer_device *peer_device = peer_req->peer_device;
5916 +@@ -408,7 +410,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector,
5917 list_add_tail(&peer_req->w.list, &device->read_ee);
5918 spin_unlock_irq(&device->resource->req_lock);
5919
5920 @@ -39975,7 +40174,7 @@ index d0fae55..4469096 100644
5921 if (drbd_submit_peer_request(device, peer_req, READ, DRBD_FAULT_RS_RD) == 0)
5922 return 0;
5923
5924 -@@ -553,7 +553,7 @@ static int drbd_rs_number_requests(struct drbd_device *device)
5925 +@@ -553,7 +555,7 @@ static int drbd_rs_number_requests(struct drbd_device *device)
5926 unsigned int sect_in; /* Number of sectors that came in since the last turn */
5927 int number, mxb;
5928
5929 @@ -39984,7 +40183,7 @@ index d0fae55..4469096 100644
5930 device->rs_in_flight -= sect_in;
5931
5932 rcu_read_lock();
5933 -@@ -1595,8 +1595,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
5934 +@@ -1595,8 +1597,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
5935 struct gendisk *disk = device->ldev->backing_bdev->bd_contains->bd_disk;
5936 struct fifo_buffer *plan;
5937
5938 @@ -39995,6 +40194,20 @@ index d0fae55..4469096 100644
5939 device->rs_in_flight = 0;
5940 device->rs_last_events =
5941 (int)part_stat_read(&disk->part0, sectors[0]) +
5942 +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
5943 +index 0e385d8..0c63d6a 100644
5944 +--- a/drivers/block/nbd.c
5945 ++++ b/drivers/block/nbd.c
5946 +@@ -538,8 +538,8 @@ static int nbd_thread(void *data)
5947 + * { printk( "Warning: Ignoring result!\n"); nbd_end_request( req ); }
5948 + */
5949 +
5950 ++static void do_nbd_request(struct request_queue *q) __must_hold(q->queue_lock);
5951 + static void do_nbd_request(struct request_queue *q)
5952 +- __releases(q->queue_lock) __acquires(q->queue_lock)
5953 + {
5954 + struct request *req;
5955 +
5956 diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
5957 index 4c20c22..caef1eb 100644
5958 --- a/drivers/block/pktcdvd.c
5959 @@ -40309,7 +40522,7 @@ index bf75f63..359fa10 100644
5960 intf->proc_dir = NULL;
5961
5962 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
5963 -index 8a45e92..e41b1c7 100644
5964 +index 8a45e92..3546003 100644
5965 --- a/drivers/char/ipmi/ipmi_si_intf.c
5966 +++ b/drivers/char/ipmi/ipmi_si_intf.c
5967 @@ -289,7 +289,7 @@ struct smi_info {
5968 @@ -40333,6 +40546,25 @@ index 8a45e92..e41b1c7 100644
5969
5970 #define SI_MAX_PARMS 4
5971
5972 +@@ -1203,14 +1203,14 @@ static int smi_start_processing(void *send_info,
5973 +
5974 + new_smi->intf = intf;
5975 +
5976 +- /* Try to claim any interrupts. */
5977 +- if (new_smi->irq_setup)
5978 +- new_smi->irq_setup(new_smi);
5979 +-
5980 + /* Set up the timer that drives the interface. */
5981 + setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);
5982 + smi_mod_timer(new_smi, jiffies + SI_TIMEOUT_JIFFIES);
5983 +
5984 ++ /* Try to claim any interrupts. */
5985 ++ if (new_smi->irq_setup)
5986 ++ new_smi->irq_setup(new_smi);
5987 ++
5988 + /*
5989 + * Check if the user forcefully enabled the daemon.
5990 + */
5991 @@ -3500,7 +3500,7 @@ static int try_smi_init(struct smi_info *new_smi)
5992 atomic_set(&new_smi->req_events, 0);
5993 new_smi->run_to_completion = false;
5994 @@ -40741,10 +40973,10 @@ index 3a56a13..f8cbd25 100644
5995 return 0;
5996 }
5997 diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
5998 -index d2406fe..243951a 100644
5999 +index d2406fe..473a5c0 100644
6000 --- a/drivers/char/virtio_console.c
6001 +++ b/drivers/char/virtio_console.c
6002 -@@ -685,7 +685,7 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf,
6003 +@@ -685,11 +685,11 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf,
6004 if (to_user) {
6005 ssize_t ret;
6006
6007 @@ -40753,15 +40985,20 @@ index d2406fe..243951a 100644
6008 if (ret)
6009 return -EFAULT;
6010 } else {
6011 -@@ -789,7 +789,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
6012 - if (!port_has_data(port) && !port->host_connected)
6013 - return 0;
6014 +- memcpy((__force char *)out_buf, buf->buf + buf->offset,
6015 ++ memcpy((__force_kernel char *)out_buf, buf->buf + buf->offset,
6016 + out_count);
6017 + }
6018
6019 -- return fill_readbuf(port, ubuf, count, true);
6020 -+ return fill_readbuf(port, (char __force_kernel *)ubuf, count, true);
6021 +@@ -1164,7 +1164,7 @@ static int get_chars(u32 vtermno, char *buf, int count)
6022 + /* If we don't have an input queue yet, we can't get input. */
6023 + BUG_ON(!port->in_vq);
6024 +
6025 +- return fill_readbuf(port, (__force char __user *)buf, count, false);
6026 ++ return fill_readbuf(port, (char __force_user *)buf, count, false);
6027 }
6028
6029 - static int wait_port_writable(struct port *port, bool nonblock)
6030 + static void resize_console(struct port *port)
6031 diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c
6032 index 616f5ae..747bdd0 100644
6033 --- a/drivers/clk/clk-composite.c
6034 @@ -47780,7 +48017,7 @@ index 6ba47cf..a870ba2 100644
6035 pmd->bl_info.value_type.inc = data_block_inc;
6036 pmd->bl_info.value_type.dec = data_block_dec;
6037 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
6038 -index 3e32f4e..01e0a7f 100644
6039 +index 3e32f4e..18528b7 100644
6040 --- a/drivers/md/dm.c
6041 +++ b/drivers/md/dm.c
6042 @@ -194,9 +194,9 @@ struct mapped_device {
6043 @@ -47795,7 +48032,44 @@ index 3e32f4e..01e0a7f 100644
6044 struct list_head uevent_list;
6045 spinlock_t uevent_lock; /* Protect access to uevent_list */
6046
6047 -@@ -2339,8 +2339,8 @@ static struct mapped_device *alloc_dev(int minor)
6048 +@@ -705,14 +705,16 @@ static void queue_io(struct mapped_device *md, struct bio *bio)
6049 + * function to access the md->map field, and make sure they call
6050 + * dm_put_live_table() when finished.
6051 + */
6052 +-struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(md->io_barrier)
6053 ++struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(&md->io_barrier);
6054 ++struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx)
6055 + {
6056 + *srcu_idx = srcu_read_lock(&md->io_barrier);
6057 +
6058 + return srcu_dereference(md->map, &md->io_barrier);
6059 + }
6060 +
6061 +-void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(md->io_barrier)
6062 ++void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(&md->io_barrier);
6063 ++void dm_put_live_table(struct mapped_device *md, int srcu_idx)
6064 + {
6065 + srcu_read_unlock(&md->io_barrier, srcu_idx);
6066 + }
6067 +@@ -727,13 +729,15 @@ void dm_sync_table(struct mapped_device *md)
6068 + * A fast alternative to dm_get_live_table/dm_put_live_table.
6069 + * The caller must not block between these two functions.
6070 + */
6071 +-static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU)
6072 ++static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU);
6073 ++static struct dm_table *dm_get_live_table_fast(struct mapped_device *md)
6074 + {
6075 + rcu_read_lock();
6076 + return rcu_dereference(md->map);
6077 + }
6078 +
6079 +-static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU)
6080 ++static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU);
6081 ++static void dm_put_live_table_fast(struct mapped_device *md)
6082 + {
6083 + rcu_read_unlock();
6084 + }
6085 +@@ -2339,8 +2343,8 @@ static struct mapped_device *alloc_dev(int minor)
6086 spin_lock_init(&md->deferred_lock);
6087 atomic_set(&md->holders, 1);
6088 atomic_set(&md->open_count, 0);
6089 @@ -47806,7 +48080,7 @@ index 3e32f4e..01e0a7f 100644
6090 INIT_LIST_HEAD(&md->uevent_list);
6091 INIT_LIST_HEAD(&md->table_devices);
6092 spin_lock_init(&md->uevent_lock);
6093 -@@ -2481,7 +2481,7 @@ static void event_callback(void *context)
6094 +@@ -2481,7 +2485,7 @@ static void event_callback(void *context)
6095
6096 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
6097
6098 @@ -47815,7 +48089,7 @@ index 3e32f4e..01e0a7f 100644
6099 wake_up(&md->eventq);
6100 }
6101
6102 -@@ -3479,18 +3479,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
6103 +@@ -3479,18 +3483,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
6104
6105 uint32_t dm_next_uevent_seq(struct mapped_device *md)
6106 {
6107 @@ -50347,18 +50621,9 @@ index e8c96b8..516a96c 100644
6108 Say Y here if you want to support for Freescale FlexCAN.
6109
6110 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
6111 -index aede704..ca734ed 100644
6112 +index 141c2a4..ca734ed 100644
6113 --- a/drivers/net/can/dev.c
6114 +++ b/drivers/net/can/dev.c
6115 -@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev)
6116 - nla_put(skb, IFLA_CAN_BITTIMING_CONST,
6117 - sizeof(*priv->bittiming_const), priv->bittiming_const)) ||
6118 -
6119 -- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) ||
6120 -+ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) ||
6121 - nla_put_u32(skb, IFLA_CAN_STATE, state) ||
6122 - nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) ||
6123 - nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) ||
6124 @@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
6125 return -EOPNOTSUPP;
6126 }
6127 @@ -50531,7 +50796,7 @@ index b3bc87f..5bdfdd3 100644
6128 + .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init,
6129 +};
6130 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
6131 -index a4473d8..039a2ab 100644
6132 +index f672dba3..d71818d 100644
6133 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
6134 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
6135 @@ -2776,7 +2776,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata)
6136 @@ -50727,7 +50992,7 @@ index a4473d8..039a2ab 100644
6137 + .set_rss_lookup_table = xgbe_set_rss_lookup_table,
6138 +};
6139 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
6140 -index aae9d5e..29ce58d 100644
6141 +index dde0486..831e127 100644
6142 --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
6143 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
6144 @@ -245,7 +245,7 @@ static int xgbe_maybe_stop_tx_queue(struct xgbe_channel *channel,
6145 @@ -50972,7 +51237,7 @@ index aae9d5e..29ce58d 100644
6146 struct xgbe_ring *ring = channel->tx_ring;
6147 struct xgbe_ring_data *rdata;
6148 struct xgbe_ring_desc *rdesc;
6149 -@@ -1863,7 +1863,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel)
6150 +@@ -1869,7 +1869,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel)
6151 static int xgbe_rx_poll(struct xgbe_channel *channel, int budget)
6152 {
6153 struct xgbe_prv_data *pdata = channel->pdata;
6154 @@ -51436,19 +51701,6 @@ index e5ba040..d47531c 100644
6155 smp_mb();
6156
6157 /* need lock to prevent incorrect read while modifying cyclecounter */
6158 -diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c
6159 -index 0a32020..2177e56 100644
6160 ---- a/drivers/net/ethernet/mellanox/mlx4/cmd.c
6161 -+++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c
6162 -@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev)
6163 - }
6164 - }
6165 -
6166 -- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size);
6167 -+ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe));
6168 - priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD;
6169 - INIT_WORK(&priv->mfunc.master.comm_work,
6170 - mlx4_master_comm_channel);
6171 diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
6172 index c10d98f..72914c6 100644
6173 --- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
6174 @@ -51464,19 +51716,6 @@ index c10d98f..72914c6 100644
6175
6176 netdev_tx_completed_queue(ring->tx_queue, packets, bytes);
6177
6178 -diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c
6179 -index 8e81e53..ad8f95d 100644
6180 ---- a/drivers/net/ethernet/mellanox/mlx4/eq.c
6181 -+++ b/drivers/net/ethernet/mellanox/mlx4/eq.c
6182 -@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe)
6183 - return;
6184 - }
6185 -
6186 -- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1);
6187 -+ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1);
6188 - s_eqe->slave_id = slave;
6189 - /* ensure all information is written before setting the ownersip bit */
6190 - dma_wmb();
6191 diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
6192 index 40206da..9d94643 100644
6193 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
6194 @@ -51517,6 +51756,21 @@ index 6223930..975033d 100644
6195 fifo->mempool =
6196 __vxge_hw_mempool_create(vpath->hldev,
6197 fifo->config->memblock_size,
6198 +diff --git a/drivers/net/ethernet/nvidia/forcedeth.c b/drivers/net/ethernet/nvidia/forcedeth.c
6199 +index a41bb5e..0ed99f9 100644
6200 +--- a/drivers/net/ethernet/nvidia/forcedeth.c
6201 ++++ b/drivers/net/ethernet/nvidia/forcedeth.c
6202 +@@ -357,8 +357,8 @@ struct ring_desc {
6203 + };
6204 +
6205 + struct ring_desc_ex {
6206 +- __le32 bufhigh;
6207 +- __le32 buflow;
6208 ++ __le32 bufhigh __intentional_overflow(0);
6209 ++ __le32 buflow __intentional_overflow(0);
6210 + __le32 txvlan;
6211 + __le32 flaglen;
6212 + };
6213 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
6214 index 753ea8b..674c39a 100644
6215 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
6216 @@ -51765,7 +52019,7 @@ index 9f59f17..52cb38f 100644
6217 };
6218
6219 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
6220 -index 248478c..05e8467 100644
6221 +index 197c939..5f7bee5 100644
6222 --- a/drivers/net/macvtap.c
6223 +++ b/drivers/net/macvtap.c
6224 @@ -485,7 +485,7 @@ static void macvtap_setup(struct net_device *dev)
6225 @@ -51786,6 +52040,17 @@ index 248478c..05e8467 100644
6226 put_user(u, &ifr->ifr_flags))
6227 ret = -EFAULT;
6228 macvtap_put_vlan(vlan);
6229 +@@ -1173,8 +1173,8 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
6230 + }
6231 + ret = 0;
6232 + u = vlan->dev->type;
6233 +- if (copy_to_user(&ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
6234 +- copy_to_user(&ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) ||
6235 ++ if (copy_to_user(ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
6236 ++ copy_to_user(ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) ||
6237 + put_user(u, &ifr->ifr_hwaddr.sa_family))
6238 + ret = -EFAULT;
6239 + macvtap_put_vlan(vlan);
6240 @@ -1308,7 +1308,7 @@ static int macvtap_device_event(struct notifier_block *unused,
6241 return NOTIFY_DONE;
6242 }
6243 @@ -51862,7 +52127,7 @@ index 487be20..f4c87bc 100644
6244 err = 0;
6245 break;
6246 diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c
6247 -index 2ed7506..cf82b13 100644
6248 +index 5e0b432..0a37f84 100644
6249 --- a/drivers/net/ppp/pppoe.c
6250 +++ b/drivers/net/ppp/pppoe.c
6251 @@ -568,6 +568,9 @@ static int pppoe_create(struct net *net, struct socket *sock, int kern)
6252 @@ -52895,10 +53160,10 @@ index 0ffb6ff..c0b7f0e 100644
6253 memset(buf, 0, sizeof(buf));
6254 buf_size = min(count, sizeof(buf) - 1);
6255 diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
6256 -index 9e144e7..2f5511a 100644
6257 +index dab9b91..b169b42 100644
6258 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c
6259 +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
6260 -@@ -1950,7 +1950,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
6261 +@@ -1944,7 +1944,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
6262 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
6263
6264 char buf[8];
6265 @@ -52907,7 +53172,7 @@ index 9e144e7..2f5511a 100644
6266 u32 reset_flag;
6267
6268 memset(buf, 0, sizeof(buf));
6269 -@@ -1971,7 +1971,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
6270 +@@ -1965,7 +1965,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
6271 {
6272 struct iwl_trans *trans = file->private_data;
6273 char buf[8];
6274 @@ -57016,7 +57281,7 @@ index 382d3fc..b16d625 100644
6275
6276 dlci->modem_rx = 0;
6277 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
6278 -index afc1879..b605d4b 100644
6279 +index dedac8a..d085233 100644
6280 --- a/drivers/tty/n_tty.c
6281 +++ b/drivers/tty/n_tty.c
6282 @@ -2574,6 +2574,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
6283 @@ -57781,6 +58046,19 @@ index b5b4278..bb9c7b0 100644
6284 char c;
6285
6286 if (get_user(c, buf))
6287 +diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
6288 +index 3d245cd..51d4d3c 100644
6289 +--- a/drivers/tty/tty_audit.c
6290 ++++ b/drivers/tty/tty_audit.c
6291 +@@ -265,7 +265,7 @@ static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty,
6292 + *
6293 + * Audit @data of @size from @tty, if necessary.
6294 + */
6295 +-void tty_audit_add_data(struct tty_struct *tty, const void *data,
6296 ++void tty_audit_add_data(struct tty_struct *tty, const unsigned char *data,
6297 + size_t size, unsigned icanon)
6298 + {
6299 + struct tty_audit_buf *buf;
6300 diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
6301 index 4cf263d..fd011fa 100644
6302 --- a/drivers/tty/tty_buffer.c
6303 @@ -57859,10 +58137,10 @@ index 4cf263d..fd011fa 100644
6304 if (next == NULL) {
6305 check_other_closed(tty);
6306 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
6307 -index 774df35..62fa290 100644
6308 +index 1aa0286..b99e9a8 100644
6309 --- a/drivers/tty/tty_io.c
6310 +++ b/drivers/tty/tty_io.c
6311 -@@ -3524,7 +3524,7 @@ EXPORT_SYMBOL(tty_devnum);
6312 +@@ -3528,7 +3528,7 @@ EXPORT_SYMBOL(tty_devnum);
6313
6314 void tty_default_fops(struct file_operations *fops)
6315 {
6316 @@ -58712,10 +58990,10 @@ index c47d3e4..35bcc1e 100644
6317 /* Device for a quirk */
6318 #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
6319 diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
6320 -index d7b9f484..8208965 100644
6321 +index 6062996..9b6c196 100644
6322 --- a/drivers/usb/host/xhci.c
6323 +++ b/drivers/usb/host/xhci.c
6324 -@@ -4837,7 +4837,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
6325 +@@ -4847,7 +4847,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
6326 int retval;
6327
6328 /* Accept arbitrarily long scatter-gather lists */
6329 @@ -59137,7 +59415,7 @@ index 3fc63c2..eec5e49 100644
6330 }
6331 EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup);
6332 diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
6333 -index 0705d88..d9429bf 100644
6334 +index 0705d88..0e17c07 100644
6335 --- a/drivers/video/fbdev/core/fbmem.c
6336 +++ b/drivers/video/fbdev/core/fbmem.c
6337 @@ -1301,7 +1301,7 @@ static int do_fscreeninfo_to_user(struct fb_fix_screeninfo *fix,
6338 @@ -59149,6 +59427,30 @@ index 0705d88..d9429bf 100644
6339
6340 data = (__u32) (unsigned long) fix->smem_start;
6341 err |= put_user(data, &fix32->smem_start);
6342 +@@ -1435,10 +1435,7 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
6343 + return vm_iomap_memory(vma, start, len);
6344 + }
6345 +
6346 +-static int
6347 +-fb_open(struct inode *inode, struct file *file)
6348 +-__acquires(&info->lock)
6349 +-__releases(&info->lock)
6350 ++static int fb_open(struct inode *inode, struct file *file)
6351 + {
6352 + int fbidx = iminor(inode);
6353 + struct fb_info *info;
6354 +@@ -1476,10 +1473,7 @@ out:
6355 + return res;
6356 + }
6357 +
6358 +-static int
6359 +-fb_release(struct inode *inode, struct file *file)
6360 +-__acquires(&info->lock)
6361 +-__releases(&info->lock)
6362 ++static int fb_release(struct inode *inode, struct file *file)
6363 + {
6364 + struct fb_info * const info = file->private_data;
6365 +
6366 diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c
6367 index 807ee22..7814cd6 100644
6368 --- a/drivers/video/fbdev/hyperv_fb.c
6369 @@ -62463,10 +62765,10 @@ index 3c14e43..2630570 100644
6370 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
6371 +4 4 4 4 4 4
6372 diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
6373 -index 96093ae..b9eed29 100644
6374 +index cdc3d33..2701a17 100644
6375 --- a/drivers/xen/events/events_base.c
6376 +++ b/drivers/xen/events/events_base.c
6377 -@@ -1568,7 +1568,7 @@ void xen_irq_resume(void)
6378 +@@ -1569,7 +1569,7 @@ void xen_irq_resume(void)
6379 restore_pirqs();
6380 }
6381
6382 @@ -62475,7 +62777,7 @@ index 96093ae..b9eed29 100644
6383 .name = "xen-dyn",
6384
6385 .irq_disable = disable_dynirq,
6386 -@@ -1582,7 +1582,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = {
6387 +@@ -1583,7 +1583,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = {
6388 .irq_retrigger = retrigger_dynirq,
6389 };
6390
6391 @@ -62484,7 +62786,7 @@ index 96093ae..b9eed29 100644
6392 .name = "xen-pirq",
6393
6394 .irq_startup = startup_pirq,
6395 -@@ -1602,7 +1602,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = {
6396 +@@ -1603,7 +1603,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = {
6397 .irq_retrigger = retrigger_dynirq,
6398 };
6399
6400 @@ -74890,6 +75192,22 @@ index 0000000..43d7c4f
6401 +:1095C00080080000800E00008008008080080000F5
6402 +:1095D00080000A8080000A00800009808000090065
6403 +:00000001FF
6404 +diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
6405 +index b1dc518..2f97461 100644
6406 +--- a/fs/9p/vfs_inode.c
6407 ++++ b/fs/9p/vfs_inode.c
6408 +@@ -451,9 +451,9 @@ void v9fs_evict_inode(struct inode *inode)
6409 + {
6410 + struct v9fs_inode *v9inode = V9FS_I(inode);
6411 +
6412 +- truncate_inode_pages_final(inode->i_mapping);
6413 ++ truncate_inode_pages_final(&inode->i_data);
6414 + clear_inode(inode);
6415 +- filemap_fdatawrite(inode->i_mapping);
6416 ++ filemap_fdatawrite(&inode->i_data);
6417 +
6418 + v9fs_cache_inode_put_cookie(inode);
6419 + /* clunk the fid stashed in writeback_fid */
6420 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
6421 index 2d0cbbd..a6d61492 100644
6422 --- a/fs/Kconfig.binfmt
6423 @@ -77152,7 +77470,7 @@ index 5bb630a..043dc70 100644
6424
6425 return hit;
6426 diff --git a/fs/compat.c b/fs/compat.c
6427 -index 6fd272d..dd34ba2 100644
6428 +index 6fd272d..ae85f4f 100644
6429 --- a/fs/compat.c
6430 +++ b/fs/compat.c
6431 @@ -54,7 +54,7 @@
6432 @@ -77255,7 +77573,7 @@ index 6fd272d..dd34ba2 100644
6433 dirent = buf->previous;
6434
6435 if (dirent) {
6436 -@@ -1067,6 +1084,7 @@ COMPAT_SYSCALL_DEFINE3(getdents64, unsigned int, fd,
6437 +@@ -1067,13 +1084,13 @@ COMPAT_SYSCALL_DEFINE3(getdents64, unsigned int, fd,
6438 if (!f.file)
6439 return -EBADF;
6440
6441 @@ -77263,6 +77581,14 @@ index 6fd272d..dd34ba2 100644
6442 error = iterate_dir(f.file, &buf.ctx);
6443 if (error >= 0)
6444 error = buf.error;
6445 + lastdirent = buf.previous;
6446 + if (lastdirent) {
6447 +- typeof(lastdirent->d_off) d_off = buf.ctx.pos;
6448 +- if (__put_user_unaligned(d_off, &lastdirent->d_off))
6449 ++ if (__put_user_unaligned(buf.ctx.pos, &lastdirent->d_off))
6450 + error = -EFAULT;
6451 + else
6452 + error = count - buf.count;
6453 diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c
6454 index 4d24d17..4f8c09e 100644
6455 --- a/fs/compat_binfmt_elf.c
6456 @@ -77354,7 +77680,7 @@ index c81ce7f..f3de5fd 100644
6457 /*
6458 * We'll have a dentry and an inode for
6459 diff --git a/fs/coredump.c b/fs/coredump.c
6460 -index a8f7564..3dde349 100644
6461 +index a8f7564..0329da8 100644
6462 --- a/fs/coredump.c
6463 +++ b/fs/coredump.c
6464 @@ -457,8 +457,8 @@ static void wait_for_dump_helpers(struct file *file)
6465 @@ -77441,6 +77767,15 @@ index a8f7564..3dde349 100644
6466 if (cprm.limit < binfmt->min_coredump)
6467 goto fail_unlock;
6468
6469 +@@ -654,7 +663,7 @@ void do_coredump(const siginfo_t *siginfo)
6470 + * If it doesn't exist, that's fine. If there's some
6471 + * other problem, we'll catch it at the filp_open().
6472 + */
6473 +- (void) sys_unlink((const char __user *)cn.corename);
6474 ++ (void) sys_unlink((const char __force_user *)cn.corename);
6475 + set_fs(old_fs);
6476 + }
6477 +
6478 @@ -718,7 +727,7 @@ close_fail:
6479 filp_close(cprm.file, NULL);
6480 fail_dropcount:
6481 @@ -77460,10 +77795,34 @@ index a8f7564..3dde349 100644
6482 return 0;
6483 while (nr) {
6484 diff --git a/fs/dcache.c b/fs/dcache.c
6485 -index e3b44ca..e0d94f1 100644
6486 +index e3b44ca..97367b7 100644
6487 --- a/fs/dcache.c
6488 +++ b/fs/dcache.c
6489 -@@ -545,7 +545,7 @@ static void __dentry_kill(struct dentry *dentry)
6490 +@@ -341,8 +341,9 @@ static inline void dentry_rcuwalk_invalidate(struct dentry *dentry)
6491 + * and is unhashed.
6492 + */
6493 + static void dentry_iput(struct dentry * dentry)
6494 +- __releases(dentry->d_lock)
6495 +- __releases(dentry->d_inode->i_lock)
6496 ++ __releases(&dentry->d_lock)
6497 ++ __releases(&dentry->d_inode->i_lock);
6498 ++static void dentry_iput(struct dentry * dentry)
6499 + {
6500 + struct inode *inode = dentry->d_inode;
6501 + if (inode) {
6502 +@@ -366,8 +367,9 @@ static void dentry_iput(struct dentry * dentry)
6503 + * d_iput() operation if defined. dentry remains in-use.
6504 + */
6505 + static void dentry_unlink_inode(struct dentry * dentry)
6506 +- __releases(dentry->d_lock)
6507 +- __releases(dentry->d_inode->i_lock)
6508 ++ __releases(&dentry->d_lock)
6509 ++ __releases(&dentry->d_inode->i_lock);
6510 ++static void dentry_unlink_inode(struct dentry * dentry)
6511 + {
6512 + struct inode *inode = dentry->d_inode;
6513 + __d_clear_type_and_inode(dentry);
6514 +@@ -545,7 +547,7 @@ static void __dentry_kill(struct dentry *dentry)
6515 * dentry_iput drops the locks, at which point nobody (except
6516 * transient RCU lookups) can reach this dentry.
6517 */
6518 @@ -77472,7 +77831,17 @@ index e3b44ca..e0d94f1 100644
6519 this_cpu_dec(nr_dentry);
6520 if (dentry->d_op && dentry->d_op->d_release)
6521 dentry->d_op->d_release(dentry);
6522 -@@ -598,7 +598,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry)
6523 +@@ -567,7 +569,8 @@ static void __dentry_kill(struct dentry *dentry)
6524 + * Returns dentry requiring refcount drop, or NULL if we're done.
6525 + */
6526 + static struct dentry *dentry_kill(struct dentry *dentry)
6527 +- __releases(dentry->d_lock)
6528 ++ __releases(&dentry->d_lock);
6529 ++static struct dentry *dentry_kill(struct dentry *dentry)
6530 + {
6531 + struct inode *inode = dentry->d_inode;
6532 + struct dentry *parent = NULL;
6533 +@@ -598,7 +601,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry)
6534 struct dentry *parent = dentry->d_parent;
6535 if (IS_ROOT(dentry))
6536 return NULL;
6537 @@ -77481,7 +77850,7 @@ index e3b44ca..e0d94f1 100644
6538 return NULL;
6539 if (likely(spin_trylock(&parent->d_lock)))
6540 return parent;
6541 -@@ -660,8 +660,8 @@ static inline bool fast_dput(struct dentry *dentry)
6542 +@@ -660,8 +663,8 @@ static inline bool fast_dput(struct dentry *dentry)
6543 */
6544 if (unlikely(ret < 0)) {
6545 spin_lock(&dentry->d_lock);
6546 @@ -77492,7 +77861,7 @@ index e3b44ca..e0d94f1 100644
6547 spin_unlock(&dentry->d_lock);
6548 return 1;
6549 }
6550 -@@ -716,7 +716,7 @@ static inline bool fast_dput(struct dentry *dentry)
6551 +@@ -716,7 +719,7 @@ static inline bool fast_dput(struct dentry *dentry)
6552 * else could have killed it and marked it dead. Either way, we
6553 * don't need to do anything else.
6554 */
6555 @@ -77501,7 +77870,7 @@ index e3b44ca..e0d94f1 100644
6556 spin_unlock(&dentry->d_lock);
6557 return 1;
6558 }
6559 -@@ -726,7 +726,7 @@ static inline bool fast_dput(struct dentry *dentry)
6560 +@@ -726,7 +729,7 @@ static inline bool fast_dput(struct dentry *dentry)
6561 * lock, and we just tested that it was zero, so we can just
6562 * set it to 1.
6563 */
6564 @@ -77510,7 +77879,7 @@ index e3b44ca..e0d94f1 100644
6565 return 0;
6566 }
6567
6568 -@@ -788,7 +788,7 @@ repeat:
6569 +@@ -788,7 +791,7 @@ repeat:
6570 dentry->d_flags |= DCACHE_REFERENCED;
6571 dentry_lru_add(dentry);
6572
6573 @@ -77519,7 +77888,7 @@ index e3b44ca..e0d94f1 100644
6574 spin_unlock(&dentry->d_lock);
6575 return;
6576
6577 -@@ -803,7 +803,7 @@ EXPORT_SYMBOL(dput);
6578 +@@ -803,7 +806,7 @@ EXPORT_SYMBOL(dput);
6579 /* This must be called with d_lock held */
6580 static inline void __dget_dlock(struct dentry *dentry)
6581 {
6582 @@ -77528,7 +77897,7 @@ index e3b44ca..e0d94f1 100644
6583 }
6584
6585 static inline void __dget(struct dentry *dentry)
6586 -@@ -844,8 +844,8 @@ repeat:
6587 +@@ -844,8 +847,8 @@ repeat:
6588 goto repeat;
6589 }
6590 rcu_read_unlock();
6591 @@ -77539,7 +77908,7 @@ index e3b44ca..e0d94f1 100644
6592 spin_unlock(&ret->d_lock);
6593 return ret;
6594 }
6595 -@@ -923,9 +923,9 @@ restart:
6596 +@@ -923,9 +926,9 @@ restart:
6597 spin_lock(&inode->i_lock);
6598 hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
6599 spin_lock(&dentry->d_lock);
6600 @@ -77551,7 +77920,7 @@ index e3b44ca..e0d94f1 100644
6601 __dentry_kill(dentry);
6602 dput(parent);
6603 goto restart;
6604 -@@ -960,7 +960,7 @@ static void shrink_dentry_list(struct list_head *list)
6605 +@@ -960,7 +963,7 @@ static void shrink_dentry_list(struct list_head *list)
6606 * We found an inuse dentry which was not removed from
6607 * the LRU because of laziness during lookup. Do not free it.
6608 */
6609 @@ -77560,7 +77929,7 @@ index e3b44ca..e0d94f1 100644
6610 spin_unlock(&dentry->d_lock);
6611 if (parent)
6612 spin_unlock(&parent->d_lock);
6613 -@@ -998,8 +998,8 @@ static void shrink_dentry_list(struct list_head *list)
6614 +@@ -998,8 +1001,8 @@ static void shrink_dentry_list(struct list_head *list)
6615 dentry = parent;
6616 while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) {
6617 parent = lock_parent(dentry);
6618 @@ -77571,7 +77940,7 @@ index e3b44ca..e0d94f1 100644
6619 spin_unlock(&dentry->d_lock);
6620 if (parent)
6621 spin_unlock(&parent->d_lock);
6622 -@@ -1039,7 +1039,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item,
6623 +@@ -1039,7 +1042,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item,
6624 * counts, just remove them from the LRU. Otherwise give them
6625 * another pass through the LRU.
6626 */
6627 @@ -77580,7 +77949,7 @@ index e3b44ca..e0d94f1 100644
6628 d_lru_isolate(lru, dentry);
6629 spin_unlock(&dentry->d_lock);
6630 return LRU_REMOVED;
6631 -@@ -1373,7 +1373,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
6632 +@@ -1373,7 +1376,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
6633 } else {
6634 if (dentry->d_flags & DCACHE_LRU_LIST)
6635 d_lru_del(dentry);
6636 @@ -77589,7 +77958,7 @@ index e3b44ca..e0d94f1 100644
6637 d_shrink_add(dentry, &data->dispose);
6638 data->found++;
6639 }
6640 -@@ -1421,7 +1421,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
6641 +@@ -1421,7 +1424,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
6642 return D_WALK_CONTINUE;
6643
6644 /* root with refcount 1 is fine */
6645 @@ -77598,7 +77967,7 @@ index e3b44ca..e0d94f1 100644
6646 return D_WALK_CONTINUE;
6647
6648 printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} "
6649 -@@ -1430,7 +1430,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
6650 +@@ -1430,7 +1433,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
6651 dentry->d_inode ?
6652 dentry->d_inode->i_ino : 0UL,
6653 dentry,
6654 @@ -77607,7 +77976,7 @@ index e3b44ca..e0d94f1 100644
6655 dentry->d_sb->s_type->name,
6656 dentry->d_sb->s_id);
6657 WARN_ON(1);
6658 -@@ -1571,7 +1571,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6659 +@@ -1571,7 +1574,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6660 dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
6661 if (name->len > DNAME_INLINE_LEN-1) {
6662 size_t size = offsetof(struct external_name, name[1]);
6663 @@ -77616,7 +77985,7 @@ index e3b44ca..e0d94f1 100644
6664 if (!p) {
6665 kmem_cache_free(dentry_cache, dentry);
6666 return NULL;
6667 -@@ -1594,7 +1594,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6668 +@@ -1594,7 +1597,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6669 smp_wmb();
6670 dentry->d_name.name = dname;
6671
6672 @@ -77625,7 +77994,7 @@ index e3b44ca..e0d94f1 100644
6673 dentry->d_flags = 0;
6674 spin_lock_init(&dentry->d_lock);
6675 seqcount_init(&dentry->d_seq);
6676 -@@ -1603,6 +1603,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6677 +@@ -1603,6 +1606,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
6678 dentry->d_sb = sb;
6679 dentry->d_op = NULL;
6680 dentry->d_fsdata = NULL;
6681 @@ -77635,7 +78004,7 @@ index e3b44ca..e0d94f1 100644
6682 INIT_HLIST_BL_NODE(&dentry->d_hash);
6683 INIT_LIST_HEAD(&dentry->d_lru);
6684 INIT_LIST_HEAD(&dentry->d_subdirs);
6685 -@@ -2327,7 +2330,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
6686 +@@ -2327,7 +2333,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
6687 goto next;
6688 }
6689
6690 @@ -77644,7 +78013,7 @@ index e3b44ca..e0d94f1 100644
6691 found = dentry;
6692 spin_unlock(&dentry->d_lock);
6693 break;
6694 -@@ -2395,7 +2398,7 @@ again:
6695 +@@ -2395,7 +2401,7 @@ again:
6696 spin_lock(&dentry->d_lock);
6697 inode = dentry->d_inode;
6698 isdir = S_ISDIR(inode->i_mode);
6699 @@ -77653,7 +78022,7 @@ index e3b44ca..e0d94f1 100644
6700 if (!spin_trylock(&inode->i_lock)) {
6701 spin_unlock(&dentry->d_lock);
6702 cpu_relax();
6703 -@@ -3344,7 +3347,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
6704 +@@ -3344,7 +3350,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
6705
6706 if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
6707 dentry->d_flags |= DCACHE_GENOCIDE;
6708 @@ -77662,7 +78031,7 @@ index e3b44ca..e0d94f1 100644
6709 }
6710 }
6711 return D_WALK_CONTINUE;
6712 -@@ -3452,7 +3455,8 @@ void __init vfs_caches_init_early(void)
6713 +@@ -3452,7 +3458,8 @@ void __init vfs_caches_init_early(void)
6714 void __init vfs_caches_init(void)
6715 {
6716 names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
6717 @@ -78987,7 +79356,7 @@ index ee85cd4..9dd0d20 100644
6718 }
6719 EXPORT_SYMBOL(__f_setown);
6720 diff --git a/fs/fhandle.c b/fs/fhandle.c
6721 -index d59712d..2281df9 100644
6722 +index d59712d..2c63363 100644
6723 --- a/fs/fhandle.c
6724 +++ b/fs/fhandle.c
6725 @@ -8,6 +8,7 @@
6726 @@ -79017,8 +79386,17 @@ index d59712d..2281df9 100644
6727 retval = -EPERM;
6728 goto out_err;
6729 }
6730 +@@ -197,7 +197,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
6731 + /* copy the full handle */
6732 + *handle = f_handle;
6733 + if (copy_from_user(&handle->f_handle,
6734 +- &ufh->f_handle,
6735 ++ ufh->f_handle,
6736 + f_handle.handle_bytes)) {
6737 + retval = -EFAULT;
6738 + goto out_handle;
6739 diff --git a/fs/file.c b/fs/file.c
6740 -index 6c672ad..bf787b0 100644
6741 +index 6c672ad..3166d8c 100644
6742 --- a/fs/file.c
6743 +++ b/fs/file.c
6744 @@ -16,6 +16,7 @@
6745 @@ -79029,25 +79407,46 @@ index 6c672ad..bf787b0 100644
6746 #include <linux/fdtable.h>
6747 #include <linux/bitops.h>
6748 #include <linux/interrupt.h>
6749 -@@ -139,7 +140,7 @@ out:
6750 +@@ -139,9 +140,10 @@ out:
6751 * Return <0 error code on error; 1 on successful completion.
6752 * The files->file_lock should be held on entry, and will be held on exit.
6753 */
6754 -static int expand_fdtable(struct files_struct *files, int nr)
6755 +- __releases(files->file_lock)
6756 +- __acquires(files->file_lock)
6757 ++static int expand_fdtable(struct files_struct *files, unsigned int nr)
6758 ++ __releases(&files->file_lock)
6759 ++ __acquires(&files->file_lock);
6760 +static int expand_fdtable(struct files_struct *files, unsigned int nr)
6761 - __releases(files->file_lock)
6762 - __acquires(files->file_lock)
6763 {
6764 -@@ -184,7 +185,7 @@ static int expand_fdtable(struct files_struct *files, int nr)
6765 + struct fdtable *new_fdt, *cur_fdt;
6766 +
6767 +@@ -184,9 +186,10 @@ static int expand_fdtable(struct files_struct *files, int nr)
6768 * expanded and execution may have blocked.
6769 * The files->file_lock should be held on entry, and will be held on exit.
6770 */
6771 -static int expand_files(struct files_struct *files, int nr)
6772 +- __releases(files->file_lock)
6773 +- __acquires(files->file_lock)
6774 ++static int expand_files(struct files_struct *files, unsigned int nr)
6775 ++ __releases(&files->file_lock)
6776 ++ __acquires(&files->file_lock);
6777 +static int expand_files(struct files_struct *files, unsigned int nr)
6778 - __releases(files->file_lock)
6779 - __acquires(files->file_lock)
6780 {
6781 -@@ -834,6 +835,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
6782 + struct fdtable *fdt;
6783 + int expanded = 0;
6784 +@@ -784,7 +787,9 @@ bool get_close_on_exec(unsigned int fd)
6785 +
6786 + static int do_dup2(struct files_struct *files,
6787 + struct file *file, unsigned fd, unsigned flags)
6788 +-__releases(&files->file_lock)
6789 ++__releases(&files->file_lock);
6790 ++static int do_dup2(struct files_struct *files,
6791 ++ struct file *file, unsigned fd, unsigned flags)
6792 + {
6793 + struct file *tofree;
6794 + struct fdtable *fdt;
6795 +@@ -834,6 +839,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
6796 if (!file)
6797 return __close_fd(files, fd);
6798
6799 @@ -79055,7 +79454,7 @@ index 6c672ad..bf787b0 100644
6800 if (fd >= rlimit(RLIMIT_NOFILE))
6801 return -EBADF;
6802
6803 -@@ -860,6 +862,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
6804 +@@ -860,6 +866,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
6805 if (unlikely(oldfd == newfd))
6806 return -EINVAL;
6807
6808 @@ -79063,7 +79462,7 @@ index 6c672ad..bf787b0 100644
6809 if (newfd >= rlimit(RLIMIT_NOFILE))
6810 return -EBADF;
6811
6812 -@@ -915,6 +918,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
6813 +@@ -915,6 +922,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
6814 int f_dupfd(unsigned int from, struct file *file, unsigned flags)
6815 {
6816 int err;
6817 @@ -79087,6 +79486,53 @@ index 5797d45..7d7d79a 100644
6818 fs = __get_fs_type(name, len);
6819
6820 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
6821 +diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
6822 +index 5fa588e..21cc57d 100644
6823 +--- a/fs/fs-writeback.c
6824 ++++ b/fs/fs-writeback.c
6825 +@@ -869,9 +869,9 @@ restart:
6826 + #else /* CONFIG_CGROUP_WRITEBACK */
6827 +
6828 + static struct bdi_writeback *
6829 ++locked_inode_to_wb_and_lock_list(struct inode *inode) __releases(&inode->i_lock) __acquires(&wb->list_lock);
6830 ++static struct bdi_writeback *
6831 + locked_inode_to_wb_and_lock_list(struct inode *inode)
6832 +- __releases(&inode->i_lock)
6833 +- __acquires(&wb->list_lock)
6834 + {
6835 + struct bdi_writeback *wb = inode_to_wb(inode);
6836 +
6837 +@@ -880,8 +880,8 @@ locked_inode_to_wb_and_lock_list(struct inode *inode)
6838 + return wb;
6839 + }
6840 +
6841 ++static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode) __acquires(&wb->list_lock);
6842 + static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode)
6843 +- __acquires(&wb->list_lock)
6844 + {
6845 + struct bdi_writeback *wb = inode_to_wb(inode);
6846 +
6847 +@@ -1127,9 +1127,8 @@ static int write_inode(struct inode *inode, struct writeback_control *wbc)
6848 + * Wait for writeback on an inode to complete. Called with i_lock held.
6849 + * Caller must make sure inode cannot go away when we drop i_lock.
6850 + */
6851 ++static void __inode_wait_for_writeback(struct inode *inode) __must_hold(&inode->i_lock);
6852 + static void __inode_wait_for_writeback(struct inode *inode)
6853 +- __releases(inode->i_lock)
6854 +- __acquires(inode->i_lock)
6855 + {
6856 + DEFINE_WAIT_BIT(wq, &inode->i_state, __I_SYNC);
6857 + wait_queue_head_t *wqh;
6858 +@@ -1158,8 +1157,8 @@ void inode_wait_for_writeback(struct inode *inode)
6859 + * held and drops it. It is aimed for callers not holding any inode reference
6860 + * so once i_lock is dropped, inode can go away.
6861 + */
6862 ++static void inode_sleep_on_writeback(struct inode *inode) __releases(&inode->i_lock);
6863 + static void inode_sleep_on_writeback(struct inode *inode)
6864 +- __releases(inode->i_lock)
6865 + {
6866 + DEFINE_WAIT(wait);
6867 + wait_queue_head_t *wqh = bit_waitqueue(&inode->i_state, __I_SYNC);
6868 diff --git a/fs/fs_struct.c b/fs/fs_struct.c
6869 index 7dca743..1ff87ae 100644
6870 --- a/fs/fs_struct.c
6871 @@ -81099,7 +81545,7 @@ index 14db05d..687f6d8 100644
6872 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
6873
6874 diff --git a/fs/namei.c b/fs/namei.c
6875 -index 36df481..c3045fd 100644
6876 +index 36df481..cb04cfe 100644
6877 --- a/fs/namei.c
6878 +++ b/fs/namei.c
6879 @@ -336,17 +336,32 @@ int generic_permission(struct inode *inode, int mask)
6880 @@ -81304,17 +81750,18 @@ index 36df481..c3045fd 100644
6881
6882 hash = a = 0;
6883 len = -sizeof(unsigned long);
6884 -@@ -2000,6 +2089,9 @@ static const char *path_init(struct nameidata *nd, unsigned flags)
6885 +@@ -1999,7 +2088,9 @@ static const char *path_init(struct nameidata *nd, unsigned flags)
6886 + nd->last_type = LAST_ROOT; /* if there are only slashes... */
6887 nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
6888 nd->depth = 0;
6889 - nd->total_link_count = 0;
6890 +- nd->total_link_count = 0;
6891 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
6892 + nd->symlinkown_depth = 0;
6893 +#endif
6894 if (flags & LOOKUP_ROOT) {
6895 struct dentry *root = nd->root.dentry;
6896 struct inode *inode = root->d_inode;
6897 -@@ -2137,6 +2229,11 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
6898 +@@ -2137,6 +2228,11 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
6899 if (!err)
6900 err = complete_walk(nd);
6901
6902 @@ -81326,7 +81773,7 @@ index 36df481..c3045fd 100644
6903 if (!err && nd->flags & LOOKUP_DIRECTORY)
6904 if (!d_can_lookup(nd->path.dentry))
6905 err = -ENOTDIR;
6906 -@@ -2185,6 +2282,10 @@ static int path_parentat(struct nameidata *nd, unsigned flags,
6907 +@@ -2185,6 +2281,10 @@ static int path_parentat(struct nameidata *nd, unsigned flags,
6908 err = link_path_walk(s, nd);
6909 if (!err)
6910 err = complete_walk(nd);
6911 @@ -81337,7 +81784,7 @@ index 36df481..c3045fd 100644
6912 if (!err) {
6913 *parent = nd->path;
6914 nd->path.mnt = NULL;
6915 -@@ -2716,6 +2817,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
6916 +@@ -2716,6 +2816,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
6917 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
6918 return -EPERM;
6919
6920 @@ -81351,7 +81798,7 @@ index 36df481..c3045fd 100644
6921 return 0;
6922 }
6923
6924 -@@ -2982,6 +3090,18 @@ static int lookup_open(struct nameidata *nd, struct path *path,
6925 +@@ -2982,6 +3089,18 @@ static int lookup_open(struct nameidata *nd, struct path *path,
6926 /* Negative dentry, just create the file */
6927 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
6928 umode_t mode = op->mode;
6929 @@ -81370,7 +81817,7 @@ index 36df481..c3045fd 100644
6930 if (!IS_POSIXACL(dir->d_inode))
6931 mode &= ~current_umask();
6932 /*
6933 -@@ -3003,6 +3123,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
6934 +@@ -3003,6 +3122,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
6935 nd->flags & LOOKUP_EXCL);
6936 if (error)
6937 goto out_dput;
6938 @@ -81379,7 +81826,7 @@ index 36df481..c3045fd 100644
6939 }
6940 out_no_open:
6941 path->dentry = dentry;
6942 -@@ -3066,6 +3188,9 @@ static int do_last(struct nameidata *nd,
6943 +@@ -3066,6 +3187,9 @@ static int do_last(struct nameidata *nd,
6944 if (error)
6945 return error;
6946
6947 @@ -81389,7 +81836,7 @@ index 36df481..c3045fd 100644
6948 audit_inode(nd->name, dir, LOOKUP_PARENT);
6949 /* trailing slashes? */
6950 if (unlikely(nd->last.name[nd->last.len]))
6951 -@@ -3108,11 +3233,24 @@ retry_lookup:
6952 +@@ -3108,11 +3232,24 @@ retry_lookup:
6953 goto finish_open_created;
6954 }
6955
6956 @@ -81415,7 +81862,7 @@ index 36df481..c3045fd 100644
6957
6958 /*
6959 * If atomic_open() acquired write access it is dropped now due to
6960 -@@ -3148,6 +3286,11 @@ finish_lookup:
6961 +@@ -3148,6 +3285,11 @@ finish_lookup:
6962 if (unlikely(error))
6963 return error;
6964
6965 @@ -81427,7 +81874,7 @@ index 36df481..c3045fd 100644
6966 if (unlikely(d_is_symlink(path.dentry)) && !(open_flag & O_PATH)) {
6967 path_to_nameidata(&path, nd);
6968 return -ELOOP;
6969 -@@ -3170,6 +3313,12 @@ finish_open:
6970 +@@ -3170,6 +3312,12 @@ finish_open:
6971 path_put(&save_parent);
6972 return error;
6973 }
6974 @@ -81440,7 +81887,7 @@ index 36df481..c3045fd 100644
6975 audit_inode(nd->name, nd->path.dentry, 0);
6976 error = -EISDIR;
6977 if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
6978 -@@ -3436,9 +3585,11 @@ static struct dentry *filename_create(int dfd, struct filename *name,
6979 +@@ -3436,9 +3584,11 @@ static struct dentry *filename_create(int dfd, struct filename *name,
6980 goto unlock;
6981
6982 error = -EEXIST;
6983 @@ -81454,7 +81901,7 @@ index 36df481..c3045fd 100644
6984 /*
6985 * Special case - lookup gave negative, but... we had foo/bar/
6986 * From the vfs_mknod() POV we just have a negative dentry -
6987 -@@ -3492,6 +3643,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname,
6988 +@@ -3492,6 +3642,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname,
6989 }
6990 EXPORT_SYMBOL(user_path_create);
6991
6992 @@ -81475,7 +81922,7 @@ index 36df481..c3045fd 100644
6993 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
6994 {
6995 int error = may_create(dir, dentry);
6996 -@@ -3555,6 +3720,17 @@ retry:
6997 +@@ -3555,6 +3719,17 @@ retry:
6998
6999 if (!IS_POSIXACL(path.dentry->d_inode))
7000 mode &= ~current_umask();
7001 @@ -81493,7 +81940,7 @@ index 36df481..c3045fd 100644
7002 error = security_path_mknod(&path, dentry, mode, dev);
7003 if (error)
7004 goto out;
7005 -@@ -3570,6 +3746,8 @@ retry:
7006 +@@ -3570,6 +3745,8 @@ retry:
7007 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
7008 break;
7009 }
7010 @@ -81502,7 +81949,7 @@ index 36df481..c3045fd 100644
7011 out:
7012 done_path_create(&path, dentry);
7013 if (retry_estale(error, lookup_flags)) {
7014 -@@ -3624,9 +3802,16 @@ retry:
7015 +@@ -3624,9 +3801,16 @@ retry:
7016
7017 if (!IS_POSIXACL(path.dentry->d_inode))
7018 mode &= ~current_umask();
7019 @@ -81519,7 +81966,7 @@ index 36df481..c3045fd 100644
7020 done_path_create(&path, dentry);
7021 if (retry_estale(error, lookup_flags)) {
7022 lookup_flags |= LOOKUP_REVAL;
7023 -@@ -3659,7 +3844,7 @@ void dentry_unhash(struct dentry *dentry)
7024 +@@ -3659,7 +3843,7 @@ void dentry_unhash(struct dentry *dentry)
7025 {
7026 shrink_dcache_parent(dentry);
7027 spin_lock(&dentry->d_lock);
7028 @@ -81528,7 +81975,7 @@ index 36df481..c3045fd 100644
7029 __d_drop(dentry);
7030 spin_unlock(&dentry->d_lock);
7031 }
7032 -@@ -3712,6 +3897,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
7033 +@@ -3712,6 +3896,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
7034 struct path path;
7035 struct qstr last;
7036 int type;
7037 @@ -81537,7 +81984,7 @@ index 36df481..c3045fd 100644
7038 unsigned int lookup_flags = 0;
7039 retry:
7040 name = user_path_parent(dfd, pathname,
7041 -@@ -3744,10 +3931,20 @@ retry:
7042 +@@ -3744,10 +3930,20 @@ retry:
7043 error = -ENOENT;
7044 goto exit3;
7045 }
7046 @@ -81558,7 +82005,7 @@ index 36df481..c3045fd 100644
7047 exit3:
7048 dput(dentry);
7049 exit2:
7050 -@@ -3842,6 +4039,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
7051 +@@ -3842,6 +4038,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
7052 int type;
7053 struct inode *inode = NULL;
7054 struct inode *delegated_inode = NULL;
7055 @@ -81567,7 +82014,7 @@ index 36df481..c3045fd 100644
7056 unsigned int lookup_flags = 0;
7057 retry:
7058 name = user_path_parent(dfd, pathname,
7059 -@@ -3868,10 +4067,21 @@ retry_deleg:
7060 +@@ -3868,10 +4066,21 @@ retry_deleg:
7061 if (d_is_negative(dentry))
7062 goto slashes;
7063 ihold(inode);
7064 @@ -81589,7 +82036,7 @@ index 36df481..c3045fd 100644
7065 exit2:
7066 dput(dentry);
7067 }
7068 -@@ -3960,9 +4170,17 @@ retry:
7069 +@@ -3960,9 +4169,17 @@ retry:
7070 if (IS_ERR(dentry))
7071 goto out_putname;
7072
7073 @@ -81607,7 +82054,7 @@ index 36df481..c3045fd 100644
7074 done_path_create(&path, dentry);
7075 if (retry_estale(error, lookup_flags)) {
7076 lookup_flags |= LOOKUP_REVAL;
7077 -@@ -4066,6 +4284,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
7078 +@@ -4066,6 +4283,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
7079 struct dentry *new_dentry;
7080 struct path old_path, new_path;
7081 struct inode *delegated_inode = NULL;
7082 @@ -81615,7 +82062,7 @@ index 36df481..c3045fd 100644
7083 int how = 0;
7084 int error;
7085
7086 -@@ -4089,7 +4308,7 @@ retry:
7087 +@@ -4089,7 +4307,7 @@ retry:
7088 if (error)
7089 return error;
7090
7091 @@ -81624,7 +82071,7 @@ index 36df481..c3045fd 100644
7092 (how & LOOKUP_REVAL));
7093 error = PTR_ERR(new_dentry);
7094 if (IS_ERR(new_dentry))
7095 -@@ -4101,11 +4320,26 @@ retry:
7096 +@@ -4101,11 +4319,26 @@ retry:
7097 error = may_linkat(&old_path);
7098 if (unlikely(error))
7099 goto out_dput;
7100 @@ -81651,7 +82098,7 @@ index 36df481..c3045fd 100644
7101 done_path_create(&new_path, new_dentry);
7102 if (delegated_inode) {
7103 error = break_deleg_wait(&delegated_inode);
7104 -@@ -4420,6 +4654,20 @@ retry_deleg:
7105 +@@ -4420,6 +4653,20 @@ retry_deleg:
7106 if (new_dentry == trap)
7107 goto exit5;
7108
7109 @@ -81672,7 +82119,7 @@ index 36df481..c3045fd 100644
7110 error = security_path_rename(&old_path, old_dentry,
7111 &new_path, new_dentry, flags);
7112 if (error)
7113 -@@ -4427,6 +4675,9 @@ retry_deleg:
7114 +@@ -4427,6 +4674,9 @@ retry_deleg:
7115 error = vfs_rename(old_path.dentry->d_inode, old_dentry,
7116 new_path.dentry->d_inode, new_dentry,
7117 &delegated_inode, flags);
7118 @@ -81682,7 +82129,7 @@ index 36df481..c3045fd 100644
7119 exit5:
7120 dput(new_dentry);
7121 exit4:
7122 -@@ -4483,14 +4734,24 @@ EXPORT_SYMBOL(vfs_whiteout);
7123 +@@ -4483,14 +4733,24 @@ EXPORT_SYMBOL(vfs_whiteout);
7124
7125 int readlink_copy(char __user *buffer, int buflen, const char *link)
7126 {
7127 @@ -82400,10 +82847,41 @@ index e33dab2..cdbdad9 100644
7128 }
7129 }
7130 putname(tmp);
7131 +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
7132 +index 871fcb6..f038f64 100644
7133 +--- a/fs/overlayfs/copy_up.c
7134 ++++ b/fs/overlayfs/copy_up.c
7135 +@@ -142,7 +142,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
7136 + set_fs(get_ds());
7137 + /* The cast to a user pointer is valid due to the set_fs() */
7138 + res = inode->i_op->readlink(realdentry,
7139 +- (char __user *)buf, PAGE_SIZE - 1);
7140 ++ (char __force_user *)buf, PAGE_SIZE - 1);
7141 + set_fs(old_fs);
7142 + if (res < 0) {
7143 + free_page((unsigned long) buf);
7144 diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
7145 -index ec0c2a0..f9b5b82 100644
7146 +index ec0c2a0..3a64073 100644
7147 --- a/fs/overlayfs/inode.c
7148 +++ b/fs/overlayfs/inode.c
7149 +@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
7150 + if (err)
7151 + goto out;
7152 +
7153 +- upperdentry = ovl_dentry_upper(dentry);
7154 +- if (upperdentry) {
7155 ++ err = ovl_copy_up(dentry);
7156 ++ if (!err) {
7157 ++ upperdentry = ovl_dentry_upper(dentry);
7158 ++
7159 + mutex_lock(&upperdentry->d_inode->i_mutex);
7160 + err = notify_change(upperdentry, attr, NULL);
7161 + mutex_unlock(&upperdentry->d_inode->i_mutex);
7162 +- } else {
7163 +- err = ovl_copy_up_last(dentry, attr, false);
7164 + }
7165 + ovl_drop_write(dentry);
7166 + out:
7167 @@ -346,6 +346,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
7168 if (d_is_dir(dentry))
7169 return d_backing_inode(dentry);
7170 @@ -82803,7 +83281,7 @@ index 1ade120..a86f1a2 100644
7171 help
7172 Various /proc files exist to monitor process memory utilization:
7173 diff --git a/fs/proc/array.c b/fs/proc/array.c
7174 -index ce065cf..8974fed 100644
7175 +index 57fde2d..f6c419f 100644
7176 --- a/fs/proc/array.c
7177 +++ b/fs/proc/array.c
7178 @@ -60,6 +60,7 @@
7179 @@ -82861,7 +83339,7 @@ index ce065cf..8974fed 100644
7180 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7181 struct pid *pid, struct task_struct *task, int whole)
7182 {
7183 -@@ -390,6 +421,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7184 +@@ -390,9 +421,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7185 char tcomm[sizeof(task->comm)];
7186 unsigned long flags;
7187
7188 @@ -82874,7 +83352,11 @@ index ce065cf..8974fed 100644
7189 +
7190 state = *get_task_state(task);
7191 vsize = eip = esp = 0;
7192 - permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
7193 +- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
7194 ++ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
7195 + mm = get_task_mm(task);
7196 + if (mm) {
7197 + vsize = task_vsize(mm);
7198 @@ -460,6 +498,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7199 gtime = task_gtime(task);
7200 }
7201 @@ -82911,7 +83393,7 @@ index ce065cf..8974fed 100644
7202 seq_put_decimal_ull(m, ' ', esp);
7203 seq_put_decimal_ull(m, ' ', eip);
7204 /* The signal information here is obsolete.
7205 -@@ -515,7 +572,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7206 +@@ -527,7 +584,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
7207 seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime));
7208 seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime));
7209
7210 @@ -82924,7 +83406,7 @@ index ce065cf..8974fed 100644
7211 seq_put_decimal_ull(m, ' ', mm->start_data);
7212 seq_put_decimal_ull(m, ' ', mm->end_data);
7213 seq_put_decimal_ull(m, ' ', mm->start_brk);
7214 -@@ -553,8 +614,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
7215 +@@ -565,8 +626,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
7216 struct pid *pid, struct task_struct *task)
7217 {
7218 unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0;
7219 @@ -82941,7 +83423,7 @@ index ce065cf..8974fed 100644
7220 if (mm) {
7221 size = task_statm(mm, &shared, &text, &data, &resident);
7222 mmput(mm);
7223 -@@ -577,6 +645,20 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
7224 +@@ -589,6 +657,20 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
7225 return 0;
7226 }
7227
7228 @@ -82963,7 +83445,7 @@ index ce065cf..8974fed 100644
7229 static struct pid *
7230 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
7231 diff --git a/fs/proc/base.c b/fs/proc/base.c
7232 -index aa50d1a..c202cde 100644
7233 +index 83a43c1..6279ec0 100644
7234 --- a/fs/proc/base.c
7235 +++ b/fs/proc/base.c
7236 @@ -113,6 +113,14 @@ struct pid_entry {
7237 @@ -83006,7 +83488,8 @@ index aa50d1a..c202cde 100644
7238 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
7239 struct pid *pid, struct task_struct *task)
7240 {
7241 - struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ);
7242 +- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ);
7243 ++ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
7244 if (mm && !IS_ERR(mm)) {
7245 unsigned int nwords = 0;
7246 +
7247 @@ -83031,7 +83514,25 @@ index aa50d1a..c202cde 100644
7248 /*
7249 * Provides a wchan file via kallsyms in a proper one-value-per-file format.
7250 * Returns the resolved symbol. If that fails, simply return the address.
7251 -@@ -459,7 +488,7 @@ static void unlock_trace(struct task_struct *task)
7252 +@@ -430,7 +459,7 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
7253 +
7254 + wchan = get_wchan(task);
7255 +
7256 +- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname))
7257 ++ if (wchan && !lookup_symbol_name(wchan, symname) && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
7258 + seq_printf(m, "%s", symname);
7259 + else
7260 + seq_putc(m, '0');
7261 +@@ -444,7 +473,7 @@ static int lock_trace(struct task_struct *task)
7262 + int err = mutex_lock_killable(&task->signal->cred_guard_mutex);
7263 + if (err)
7264 + return err;
7265 +- if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
7266 ++ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) {
7267 + mutex_unlock(&task->signal->cred_guard_mutex);
7268 + return -EPERM;
7269 + }
7270 +@@ -456,7 +485,7 @@ static void unlock_trace(struct task_struct *task)
7271 mutex_unlock(&task->signal->cred_guard_mutex);
7272 }
7273
7274 @@ -83040,7 +83541,7 @@ index aa50d1a..c202cde 100644
7275
7276 #define MAX_STACK_TRACE_DEPTH 64
7277
7278 -@@ -657,7 +686,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
7279 +@@ -654,7 +683,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
7280 return 0;
7281 }
7282
7283 @@ -83049,7 +83550,7 @@ index aa50d1a..c202cde 100644
7284 static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
7285 struct pid *pid, struct task_struct *task)
7286 {
7287 -@@ -690,7 +719,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
7288 +@@ -687,7 +716,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
7289 /************************************************************************/
7290
7291 /* permission checks */
7292 @@ -83058,19 +83559,19 @@ index aa50d1a..c202cde 100644
7293 {
7294 struct task_struct *task;
7295 int allowed = 0;
7296 -@@ -700,7 +729,10 @@ static int proc_fd_access_allowed(struct inode *inode)
7297 +@@ -697,7 +726,10 @@ static int proc_fd_access_allowed(struct inode *inode)
7298 */
7299 task = get_proc_task(inode);
7300 if (task) {
7301 - allowed = ptrace_may_access(task, PTRACE_MODE_READ);
7302 + if (log)
7303 -+ allowed = ptrace_may_access(task, PTRACE_MODE_READ);
7304 ++ allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
7305 + else
7306 -+ allowed = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
7307 ++ allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
7308 put_task_struct(task);
7309 }
7310 return allowed;
7311 -@@ -731,10 +763,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
7312 +@@ -728,11 +760,36 @@ static bool has_pid_permissions(struct pid_namespace *pid,
7313 struct task_struct *task,
7314 int hide_pid_min)
7315 {
7316 @@ -83095,18 +83596,20 @@ index aa50d1a..c202cde 100644
7317 + rcu_read_unlock();
7318 +
7319 + if (!pid->hide_pid)
7320 -+ return ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
7321 ++ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
7322 +#endif
7323 +
7324 if (pid->hide_pid < hide_pid_min)
7325 return true;
7326 if (in_group_p(pid->pid_gid))
7327 return true;
7328 +- return ptrace_may_access(task, PTRACE_MODE_READ);
7329 +
7330 - return ptrace_may_access(task, PTRACE_MODE_READ);
7331 ++ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
7332 }
7333
7334 -@@ -752,7 +809,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
7335 +
7336 +@@ -749,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
7337 put_task_struct(task);
7338
7339 if (!has_perms) {
7340 @@ -83118,10 +83621,12 @@ index aa50d1a..c202cde 100644
7341 /*
7342 * Let's make getdents(), stat(), and open()
7343 * consistent with each other. If a process
7344 -@@ -813,6 +874,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
7345 +@@ -809,7 +870,11 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
7346 + struct mm_struct *mm = ERR_PTR(-ESRCH);
7347
7348 if (task) {
7349 - mm = mm_access(task, mode);
7350 +- mm = mm_access(task, mode);
7351 ++ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
7352 + if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
7353 + mmput(mm);
7354 + mm = ERR_PTR(-EPERM);
7355 @@ -83129,7 +83634,7 @@ index aa50d1a..c202cde 100644
7356 put_task_struct(task);
7357
7358 if (!IS_ERR_OR_NULL(mm)) {
7359 -@@ -834,6 +899,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
7360 +@@ -831,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
7361 return PTR_ERR(mm);
7362
7363 file->private_data = mm;
7364 @@ -83141,7 +83646,7 @@ index aa50d1a..c202cde 100644
7365 return 0;
7366 }
7367
7368 -@@ -855,6 +925,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
7369 +@@ -852,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
7370 ssize_t copied;
7371 char *page;
7372
7373 @@ -83159,7 +83664,7 @@ index aa50d1a..c202cde 100644
7374 if (!mm)
7375 return 0;
7376
7377 -@@ -867,7 +948,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
7378 +@@ -864,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
7379 goto free;
7380
7381 while (count > 0) {
7382 @@ -83168,7 +83673,7 @@ index aa50d1a..c202cde 100644
7383
7384 if (write && copy_from_user(page, buf, this_len)) {
7385 copied = -EFAULT;
7386 -@@ -959,6 +1040,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
7387 +@@ -956,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
7388 if (!mm)
7389 return 0;
7390
7391 @@ -83182,7 +83687,7 @@ index aa50d1a..c202cde 100644
7392 page = (char *)__get_free_page(GFP_TEMPORARY);
7393 if (!page)
7394 return -ENOMEM;
7395 -@@ -968,7 +1056,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
7396 +@@ -965,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
7397 goto free;
7398 while (count > 0) {
7399 size_t this_len, max_len;
7400 @@ -83191,7 +83696,7 @@ index aa50d1a..c202cde 100644
7401
7402 if (src >= (mm->env_end - mm->env_start))
7403 break;
7404 -@@ -1582,7 +1670,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
7405 +@@ -1579,7 +1667,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
7406 int error = -EACCES;
7407
7408 /* Are we allowed to snoop on the tasks file descriptors? */
7409 @@ -83200,7 +83705,7 @@ index aa50d1a..c202cde 100644
7410 goto out;
7411
7412 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
7413 -@@ -1626,8 +1714,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
7414 +@@ -1623,8 +1711,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
7415 struct path path;
7416
7417 /* Are we allowed to snoop on the tasks file descriptors? */
7418 @@ -83221,7 +83726,7 @@ index aa50d1a..c202cde 100644
7419
7420 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
7421 if (error)
7422 -@@ -1677,7 +1775,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
7423 +@@ -1674,7 +1772,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
7424 rcu_read_lock();
7425 cred = __task_cred(task);
7426 inode->i_uid = cred->euid;
7427 @@ -83233,7 +83738,7 @@ index aa50d1a..c202cde 100644
7428 rcu_read_unlock();
7429 }
7430 security_task_to_inode(task, inode);
7431 -@@ -1713,10 +1815,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
7432 +@@ -1710,10 +1812,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
7433 return -ENOENT;
7434 }
7435 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
7436 @@ -83253,7 +83758,7 @@ index aa50d1a..c202cde 100644
7437 }
7438 }
7439 rcu_read_unlock();
7440 -@@ -1754,11 +1865,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
7441 +@@ -1751,11 +1862,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
7442
7443 if (task) {
7444 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
7445 @@ -83274,7 +83779,34 @@ index aa50d1a..c202cde 100644
7446 rcu_read_unlock();
7447 } else {
7448 inode->i_uid = GLOBAL_ROOT_UID;
7449 -@@ -2290,6 +2410,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
7450 +@@ -1871,7 +1991,7 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags)
7451 + if (!task)
7452 + goto out_notask;
7453 +
7454 +- mm = mm_access(task, PTRACE_MODE_READ);
7455 ++ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
7456 + if (IS_ERR_OR_NULL(mm))
7457 + goto out;
7458 +
7459 +@@ -2003,7 +2123,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir,
7460 + goto out;
7461 +
7462 + result = -EACCES;
7463 +- if (!ptrace_may_access(task, PTRACE_MODE_READ))
7464 ++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
7465 + goto out_put_task;
7466 +
7467 + result = -ENOENT;
7468 +@@ -2060,7 +2180,7 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx)
7469 + goto out;
7470 +
7471 + ret = -EACCES;
7472 +- if (!ptrace_may_access(task, PTRACE_MODE_READ))
7473 ++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
7474 + goto out_put_task;
7475 +
7476 + ret = 0;
7477 +@@ -2287,6 +2407,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
7478 if (!task)
7479 goto out_no_task;
7480
7481 @@ -83284,7 +83816,7 @@ index aa50d1a..c202cde 100644
7482 /*
7483 * Yes, it does not scale. And it should not. Don't add
7484 * new entries into /proc/<tgid>/ without very good reasons.
7485 -@@ -2320,6 +2443,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
7486 +@@ -2317,6 +2440,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
7487 if (!task)
7488 return -ENOENT;
7489
7490 @@ -83294,7 +83826,16 @@ index aa50d1a..c202cde 100644
7491 if (!dir_emit_dots(file, ctx))
7492 goto out;
7493
7494 -@@ -2764,7 +2890,7 @@ static const struct pid_entry tgid_base_stuff[] = {
7495 +@@ -2540,7 +2666,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh
7496 + if (result)
7497 + return result;
7498 +
7499 +- if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
7500 ++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
7501 + result = -EACCES;
7502 + goto out_unlock;
7503 + }
7504 +@@ -2761,7 +2887,7 @@ static const struct pid_entry tgid_base_stuff[] = {
7505 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
7506 #endif
7507 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
7508 @@ -83303,7 +83844,7 @@ index aa50d1a..c202cde 100644
7509 ONE("syscall", S_IRUSR, proc_pid_syscall),
7510 #endif
7511 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
7512 -@@ -2789,10 +2915,10 @@ static const struct pid_entry tgid_base_stuff[] = {
7513 +@@ -2786,10 +2912,10 @@ static const struct pid_entry tgid_base_stuff[] = {
7514 #ifdef CONFIG_SECURITY
7515 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
7516 #endif
7517 @@ -83316,7 +83857,7 @@ index aa50d1a..c202cde 100644
7518 ONE("stack", S_IRUSR, proc_pid_stack),
7519 #endif
7520 #ifdef CONFIG_SCHED_INFO
7521 -@@ -2826,6 +2952,9 @@ static const struct pid_entry tgid_base_stuff[] = {
7522 +@@ -2823,6 +2949,9 @@ static const struct pid_entry tgid_base_stuff[] = {
7523 #ifdef CONFIG_HARDWALL
7524 ONE("hardwall", S_IRUGO, proc_pid_hardwall),
7525 #endif
7526 @@ -83326,7 +83867,7 @@ index aa50d1a..c202cde 100644
7527 #ifdef CONFIG_USER_NS
7528 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
7529 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
7530 -@@ -2958,7 +3087,14 @@ static int proc_pid_instantiate(struct inode *dir,
7531 +@@ -2955,7 +3084,14 @@ static int proc_pid_instantiate(struct inode *dir,
7532 if (!inode)
7533 goto out;
7534
7535 @@ -83341,7 +83882,7 @@ index aa50d1a..c202cde 100644
7536 inode->i_op = &proc_tgid_base_inode_operations;
7537 inode->i_fop = &proc_tgid_base_operations;
7538 inode->i_flags|=S_IMMUTABLE;
7539 -@@ -2996,7 +3132,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
7540 +@@ -2993,7 +3129,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
7541 if (!task)
7542 goto out;
7543
7544 @@ -83353,7 +83894,7 @@ index aa50d1a..c202cde 100644
7545 put_task_struct(task);
7546 out:
7547 return ERR_PTR(result);
7548 -@@ -3110,7 +3250,7 @@ static const struct pid_entry tid_base_stuff[] = {
7549 +@@ -3107,7 +3247,7 @@ static const struct pid_entry tid_base_stuff[] = {
7550 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
7551 #endif
7552 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
7553 @@ -83362,7 +83903,7 @@ index aa50d1a..c202cde 100644
7554 ONE("syscall", S_IRUSR, proc_pid_syscall),
7555 #endif
7556 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
7557 -@@ -3137,10 +3277,10 @@ static const struct pid_entry tid_base_stuff[] = {
7558 +@@ -3134,10 +3274,10 @@ static const struct pid_entry tid_base_stuff[] = {
7559 #ifdef CONFIG_SECURITY
7560 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
7561 #endif
7562 @@ -83778,6 +84319,28 @@ index d3ebf2e..abe1823 100644
7563 #endif
7564 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
7565 , K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) *
7566 +diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
7567 +index f6e8354..1b0ea4a 100644
7568 +--- a/fs/proc/namespaces.c
7569 ++++ b/fs/proc/namespaces.c
7570 +@@ -42,7 +42,7 @@ static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie)
7571 + if (!task)
7572 + return error;
7573 +
7574 +- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
7575 ++ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
7576 + error = ns_get_path(&ns_path, task, ns_ops);
7577 + if (!error)
7578 + nd_jump_link(&ns_path);
7579 +@@ -63,7 +63,7 @@ static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int bufl
7580 + if (!task)
7581 + return res;
7582 +
7583 +- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
7584 ++ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
7585 + res = ns_get_name(name, sizeof(name), task, ns_ops);
7586 + if (res >= 0)
7587 + res = readlink_copy(buffer, buflen, name);
7588 diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
7589 index f8595e8..e0d13cbd 100644
7590 --- a/fs/proc/nommu.c
7591 @@ -84213,7 +84776,7 @@ index 510413eb..34d9a8c 100644
7592 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
7593
7594 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
7595 -index ca1e091..12dd9f1 100644
7596 +index ca1e091..41c80d6 100644
7597 --- a/fs/proc/task_mmu.c
7598 +++ b/fs/proc/task_mmu.c
7599 @@ -13,12 +13,19 @@
7600 @@ -84381,6 +84944,15 @@ index ca1e091..12dd9f1 100644
7601 mss.resident >> 10,
7602 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
7603 mss.shared_clean >> 10,
7604 +@@ -1257,7 +1308,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
7605 + if (!pm.buffer)
7606 + goto out_task;
7607 +
7608 +- mm = mm_access(task, PTRACE_MODE_READ);
7609 ++ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
7610 + ret = PTR_ERR(mm);
7611 + if (!mm || IS_ERR(mm))
7612 + goto out_free;
7613 @@ -1491,6 +1542,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
7614 char buffer[64];
7615 int nid;
7616 @@ -84540,7 +85112,7 @@ index 819ef3f..f07222d 100644
7617 count = MAX_RW_COUNT;
7618 ret = __vfs_write(file, p, count, pos);
7619 diff --git a/fs/readdir.c b/fs/readdir.c
7620 -index ced6791..936687b 100644
7621 +index ced6791..e0500c1 100644
7622 --- a/fs/readdir.c
7623 +++ b/fs/readdir.c
7624 @@ -18,6 +18,7 @@
7625 @@ -84624,7 +85196,7 @@ index ced6791..936687b 100644
7626 dirent = buf->previous;
7627 if (dirent) {
7628 if (__put_user(offset, &dirent->d_off))
7629 -@@ -293,6 +311,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd,
7630 +@@ -293,13 +311,13 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd,
7631 if (!f.file)
7632 return -EBADF;
7633
7634 @@ -84632,6 +85204,14 @@ index ced6791..936687b 100644
7635 error = iterate_dir(f.file, &buf.ctx);
7636 if (error >= 0)
7637 error = buf.error;
7638 + lastdirent = buf.previous;
7639 + if (lastdirent) {
7640 +- typeof(lastdirent->d_off) d_off = buf.ctx.pos;
7641 +- if (__put_user(d_off, &lastdirent->d_off))
7642 ++ if (__put_user(buf.ctx.pos, &lastdirent->d_off))
7643 + error = -EFAULT;
7644 + else
7645 + error = count - buf.count;
7646 diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c
7647 index 9c02d96..6562c10 100644
7648 --- a/fs/reiserfs/do_balan.c
7649 @@ -85116,6 +85696,20 @@ index cccc1aa..7fe8951 100644
7650
7651 generic_fillattr(inode, stat);
7652 return 0;
7653 +diff --git a/fs/super.c b/fs/super.c
7654 +index b613723..08704f9 100644
7655 +--- a/fs/super.c
7656 ++++ b/fs/super.c
7657 +@@ -333,7 +333,8 @@ EXPORT_SYMBOL(deactivate_super);
7658 + * called for superblocks not in rundown mode (== ones still on ->fs_supers
7659 + * of their type), so increment of ->s_count is OK here.
7660 + */
7661 +-static int grab_super(struct super_block *s) __releases(sb_lock)
7662 ++static int grab_super(struct super_block *s) __releases(&sb_lock);
7663 ++static int grab_super(struct super_block *s)
7664 + {
7665 + s->s_count++;
7666 + spin_unlock(&sb_lock);
7667 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
7668 index 94374e4..b5da3a1 100644
7669 --- a/fs/sysfs/dir.c
7670 @@ -97754,7 +98348,7 @@ index ea17cca..dd56e56 100644
7671 if (small_const_nbits(nbits))
7672 return hweight_long(*src & BITMAP_LAST_WORD_MASK(nbits));
7673 diff --git a/include/linux/bitops.h b/include/linux/bitops.h
7674 -index 297f5bd..5892caa 100644
7675 +index 297f5bd..7812342 100644
7676 --- a/include/linux/bitops.h
7677 +++ b/include/linux/bitops.h
7678 @@ -75,7 +75,7 @@ static __inline__ int get_count_order(unsigned int count)
7679 @@ -97766,15 +98360,18 @@ index 297f5bd..5892caa 100644
7680 {
7681 return sizeof(w) == 4 ? hweight32(w) : hweight64(w);
7682 }
7683 -@@ -105,7 +105,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
7684 +@@ -105,9 +105,9 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
7685 * @word: value to rotate
7686 * @shift: bits to roll
7687 */
7688 -static inline __u32 rol32(__u32 word, unsigned int shift)
7689 +static inline __u32 __intentional_overflow(-1) rol32(__u32 word, unsigned int shift)
7690 {
7691 - return (word << shift) | (word >> (32 - shift));
7692 +- return (word << shift) | (word >> (32 - shift));
7693 ++ return (word << shift) | (word >> ((-shift) & 31));
7694 }
7695 +
7696 + /**
7697 @@ -115,7 +115,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift)
7698 * @word: value to rotate
7699 * @shift: bits to roll
7700 @@ -97994,7 +98591,7 @@ index dfaa7b3..58cebfb 100644
7701 * Mark a position in code as unreachable. This can be used to
7702 * suppress control flow warnings after asm blocks that transfer
7703 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
7704 -index e08a6ae..8d965c5 100644
7705 +index e08a6ae..42d2098 100644
7706 --- a/include/linux/compiler.h
7707 +++ b/include/linux/compiler.h
7708 @@ -5,11 +5,14 @@
7709 @@ -98012,7 +98609,7 @@ index e08a6ae..8d965c5 100644
7710 # define __must_hold(x) __attribute__((context(x,1,1)))
7711 # define __acquires(x) __attribute__((context(x,0,1)))
7712 # define __releases(x) __attribute__((context(x,1,0)))
7713 -@@ -17,21 +20,39 @@
7714 +@@ -17,33 +20,78 @@
7715 # define __release(x) __context__(x,-1)
7716 # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
7717 # define __percpu __attribute__((noderef, address_space(3)))
7718 @@ -98032,10 +98629,34 @@ index e08a6ae..8d965c5 100644
7719 -# define __user
7720 -# define __kernel
7721 +# ifdef CHECKER_PLUGIN
7722 ++# ifdef CHECKER_PLUGIN_USER
7723 +//# define __user
7724 +//# define __force_user
7725 +//# define __kernel
7726 +//# define __force_kernel
7727 ++# else
7728 ++# define __user
7729 ++# define __force_user
7730 ++# define __kernel
7731 ++# define __force_kernel
7732 ++# endif
7733 ++# ifdef CHECKER_PLUGIN_CONTEXT
7734 ++# define __must_hold(x) __attribute__((context(#x,1,1)))
7735 ++# define __acquires(x) __attribute__((context(#x,0,1)))
7736 ++# define __releases(x) __attribute__((context(#x,1,0)))
7737 ++# define __acquire(x) __context__(#x,1)
7738 ++# define __release(x) __context__(#x,-1)
7739 ++# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
7740 ++# define __cond_unlock(x,c) ((c) ? ({ __release(x); 1; }) : 0)
7741 ++# else
7742 ++# define __must_hold(x)
7743 ++# define __acquires(x)
7744 ++# define __releases(x)
7745 ++# define __acquire(x) (void)0
7746 ++# define __release(x) (void)0
7747 ++# define __cond_lock(x,c) (c)
7748 ++# define __cond_unlock(x,c) (c)
7749 ++# endif
7750 +# else
7751 +# ifdef STRUCTLEAK_PLUGIN
7752 +# define __user __attribute__((user))
7753 @@ -98045,6 +98666,12 @@ index e08a6ae..8d965c5 100644
7754 +# define __force_user
7755 +# define __kernel
7756 +# define __force_kernel
7757 ++# define __must_hold(x)
7758 ++# define __acquires(x)
7759 ++# define __releases(x)
7760 ++# define __acquire(x) (void)0
7761 ++# define __release(x) (void)0
7762 ++# define __cond_lock(x,c) (c)
7763 +# endif
7764 # define __safe
7765 # define __force
7766 @@ -98054,9 +98681,12 @@ index e08a6ae..8d965c5 100644
7767 # define __chk_user_ptr(x) (void)0
7768 # define __chk_io_ptr(x) (void)0
7769 # define __builtin_warning(x, y...) (1)
7770 -@@ -42,8 +63,11 @@ extern void __chk_io_ptr(const volatile void __iomem *);
7771 - # define __release(x) (void)0
7772 - # define __cond_lock(x,c) (c)
7773 +-# define __must_hold(x)
7774 +-# define __acquires(x)
7775 +-# define __releases(x)
7776 +-# define __acquire(x) (void)0
7777 +-# define __release(x) (void)0
7778 +-# define __cond_lock(x,c) (c)
7779 # define __percpu
7780 +# define __force_percpu
7781 # define __rcu
7782 @@ -98066,7 +98696,7 @@ index e08a6ae..8d965c5 100644
7783 #endif
7784
7785 /* Indirect macros required for expanded argument pasting, eg. __LINE__. */
7786 -@@ -198,34 +222,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
7787 +@@ -198,34 +246,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
7788
7789 #include <uapi/linux/types.h>
7790
7791 @@ -98101,7 +98731,7 @@ index e08a6ae..8d965c5 100644
7792 /*
7793 * Prevent the compiler from merging or refetching reads or writes. The
7794 * compiler is also forbidden from reordering successive instances of
7795 -@@ -248,11 +244,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7796 +@@ -248,11 +268,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7797 * required ordering.
7798 */
7799
7800 @@ -98122,7 +98752,7 @@ index e08a6ae..8d965c5 100644
7801
7802 /**
7803 * READ_ONCE_CTRL - Read a value heading a control dependency
7804 -@@ -370,6 +371,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7805 +@@ -370,6 +395,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7806 # define __attribute_const__ /* unimplemented */
7807 #endif
7808
7809 @@ -98161,7 +98791,7 @@ index e08a6ae..8d965c5 100644
7810 /*
7811 * Tell gcc if a function is cold. The compiler will assume any path
7812 * directly leading to the call is unlikely.
7813 -@@ -379,6 +412,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7814 +@@ -379,6 +436,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7815 #define __cold
7816 #endif
7817
7818 @@ -98184,7 +98814,7 @@ index e08a6ae..8d965c5 100644
7819 /* Simple shorthand for a section definition */
7820 #ifndef __section
7821 # define __section(S) __attribute__ ((__section__(#S)))
7822 -@@ -393,6 +442,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7823 +@@ -393,6 +466,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7824 # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
7825 #endif
7826
7827 @@ -98193,7 +98823,7 @@ index e08a6ae..8d965c5 100644
7828 /* Is this type a native word size -- useful for atomic operations */
7829 #ifndef __native_word
7830 # define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
7831 -@@ -472,8 +523,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7832 +@@ -472,8 +547,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
7833 */
7834 #define __ACCESS_ONCE(x) ({ \
7835 __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
7836 @@ -102074,6 +102704,41 @@ index 42dfc61..8113a99 100644
7837
7838 extern const struct proc_ns_operations netns_operations;
7839 extern const struct proc_ns_operations utsns_operations;
7840 +diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
7841 +index 987a73a..998c098 100644
7842 +--- a/include/linux/ptrace.h
7843 ++++ b/include/linux/ptrace.h
7844 +@@ -56,7 +56,29 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead);
7845 + #define PTRACE_MODE_READ 0x01
7846 + #define PTRACE_MODE_ATTACH 0x02
7847 + #define PTRACE_MODE_NOAUDIT 0x04
7848 +-/* Returns true on success, false on denial. */
7849 ++#define PTRACE_MODE_FSCREDS 0x08
7850 ++#define PTRACE_MODE_REALCREDS 0x10
7851 ++
7852 ++/* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */
7853 ++#define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS)
7854 ++#define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS)
7855 ++#define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS)
7856 ++#define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS)
7857 ++
7858 ++/**
7859 ++ * ptrace_may_access - check whether the caller is permitted to access
7860 ++ * a target task.
7861 ++ * @task: target task
7862 ++ * @mode: selects type of access and caller credentials
7863 ++ *
7864 ++ * Returns true on success, false on denial.
7865 ++ *
7866 ++ * One of the flags PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS must
7867 ++ * be set in @mode to specify whether the access was requested through
7868 ++ * a filesystem syscall (should use effective capabilities and fsuid
7869 ++ * of the caller) or through an explicit syscall such as
7870 ++ * process_vm_writev or ptrace (and should use the real credentials).
7871 ++ */
7872 + extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
7873 +
7874 + static inline int ptrace_reparented(struct task_struct *child)
7875 diff --git a/include/linux/quota.h b/include/linux/quota.h
7876 index b2505ac..5f7ab55 100644
7877 --- a/include/linux/quota.h
7878 @@ -102197,6 +102862,74 @@ index 17c6b1f..a65e3f8 100644
7879 /**
7880 * hlist_del_init_rcu - deletes entry from hash list with re-initialization
7881 * @n: the element to delete from the hash list.
7882 +diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
7883 +index 4cf5f51..87c7c91 100644
7884 +--- a/include/linux/rcupdate.h
7885 ++++ b/include/linux/rcupdate.h
7886 +@@ -840,6 +840,7 @@ static inline void rcu_preempt_sleep_check(void)
7887 + * read-side critical sections may be preempted and they may also block, but
7888 + * only when acquiring spinlocks that are subject to priority inheritance.
7889 + */
7890 ++static inline void rcu_read_lock(void) __acquires(RCU);
7891 + static inline void rcu_read_lock(void)
7892 + {
7893 + __rcu_read_lock();
7894 +@@ -894,6 +895,7 @@ static inline void rcu_read_lock(void)
7895 + *
7896 + * See rcu_read_lock() for more information.
7897 + */
7898 ++static inline void rcu_read_unlock(void) __releases(RCU);
7899 + static inline void rcu_read_unlock(void)
7900 + {
7901 + rcu_lockdep_assert(rcu_is_watching(),
7902 +@@ -920,6 +922,7 @@ static inline void rcu_read_unlock(void)
7903 + * rcu_read_unlock_bh() from one task if the matching rcu_read_lock_bh()
7904 + * was invoked from some other task.
7905 + */
7906 ++static inline void rcu_read_lock_bh(void) __acquires(RCU_BH);
7907 + static inline void rcu_read_lock_bh(void)
7908 + {
7909 + local_bh_disable();
7910 +@@ -934,6 +937,7 @@ static inline void rcu_read_lock_bh(void)
7911 + *
7912 + * See rcu_read_lock_bh() for more information.
7913 + */
7914 ++static inline void rcu_read_unlock_bh(void) __releases(RCU_BH);
7915 + static inline void rcu_read_unlock_bh(void)
7916 + {
7917 + rcu_lockdep_assert(rcu_is_watching(),
7918 +@@ -956,6 +960,7 @@ static inline void rcu_read_unlock_bh(void)
7919 + * rcu_read_unlock_sched() from process context if the matching
7920 + * rcu_read_lock_sched() was invoked from an NMI handler.
7921 + */
7922 ++static inline void rcu_read_lock_sched(void) __acquires(RCU_SCHED);
7923 + static inline void rcu_read_lock_sched(void)
7924 + {
7925 + preempt_disable();
7926 +@@ -966,6 +971,7 @@ static inline void rcu_read_lock_sched(void)
7927 + }
7928 +
7929 + /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */
7930 ++static inline notrace void rcu_read_lock_sched_notrace(void) __acquires(RCU_SCHED);
7931 + static inline notrace void rcu_read_lock_sched_notrace(void)
7932 + {
7933 + preempt_disable_notrace();
7934 +@@ -977,6 +983,7 @@ static inline notrace void rcu_read_lock_sched_notrace(void)
7935 + *
7936 + * See rcu_read_lock_sched for more information.
7937 + */
7938 ++static inline void rcu_read_unlock_sched(void) __releases(RCU_SCHED);
7939 + static inline void rcu_read_unlock_sched(void)
7940 + {
7941 + rcu_lockdep_assert(rcu_is_watching(),
7942 +@@ -987,6 +994,7 @@ static inline void rcu_read_unlock_sched(void)
7943 + }
7944 +
7945 + /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */
7946 ++static inline notrace void rcu_read_unlock_sched_notrace(void) __releases(RCU_SCHED);
7947 + static inline notrace void rcu_read_unlock_sched_notrace(void)
7948 + {
7949 + __release(RCU_SCHED);
7950 diff --git a/include/linux/reboot.h b/include/linux/reboot.h
7951 index a7ff409..03e2fa8 100644
7952 --- a/include/linux/reboot.h
7953 @@ -102324,7 +103057,7 @@ index 9b1ef0c..9fa3feb 100644
7954
7955 /*
7956 diff --git a/include/linux/sched.h b/include/linux/sched.h
7957 -index bfca8aa..ac50d1b 100644
7958 +index bfca8aa..d0aedec 100644
7959 --- a/include/linux/sched.h
7960 +++ b/include/linux/sched.h
7961 @@ -7,7 +7,7 @@
7962 @@ -102641,6 +103374,15 @@ index bfca8aa..ac50d1b 100644
7963 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
7964 struct pid_namespace *ns);
7965
7966 +@@ -2445,7 +2575,7 @@ extern void proc_caches_init(void);
7967 + extern void flush_signals(struct task_struct *);
7968 + extern void ignore_signals(struct task_struct *);
7969 + extern void flush_signal_handlers(struct task_struct *, int force_default);
7970 +-extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info);
7971 ++extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock);
7972 +
7973 + static inline int dequeue_signal_lock(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
7974 + {
7975 @@ -2591,7 +2721,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
7976 extern void exit_itimers(struct signal_struct *);
7977 extern void flush_itimer_signals(void);
7978 @@ -102650,7 +103392,21 @@ index bfca8aa..ac50d1b 100644
7979
7980 extern int do_execve(struct filename *,
7981 const char __user * const __user *,
7982 -@@ -2796,9 +2926,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
7983 +@@ -2706,11 +2836,13 @@ static inline int thread_group_empty(struct task_struct *p)
7984 + * It must not be nested with write_lock_irq(&tasklist_lock),
7985 + * neither inside nor outside.
7986 + */
7987 ++static inline void task_lock(struct task_struct *p) __acquires(&p->alloc_lock);
7988 + static inline void task_lock(struct task_struct *p)
7989 + {
7990 + spin_lock(&p->alloc_lock);
7991 + }
7992 +
7993 ++static inline void task_unlock(struct task_struct *p) __releases(&p->alloc_lock);
7994 + static inline void task_unlock(struct task_struct *p)
7995 + {
7996 + spin_unlock(&p->alloc_lock);
7997 +@@ -2796,9 +2928,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
7998 #define task_stack_end_corrupted(task) \
7999 (*(end_of_stack(task)) != STACK_END_MAGIC)
8000
8001 @@ -102750,6 +103506,82 @@ index d4c7271..abf5706 100644
8002 int single_open_size(struct file *, int (*)(struct seq_file *, void *), void *, size_t);
8003 int single_release(struct inode *, struct file *);
8004 void *__seq_open_private(struct file *, const struct seq_operations *, int);
8005 +diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h
8006 +index e058210..386666a 100644
8007 +--- a/include/linux/seqlock.h
8008 ++++ b/include/linux/seqlock.h
8009 +@@ -440,42 +440,49 @@ static inline unsigned read_seqretry(const seqlock_t *sl, unsigned start)
8010 + * Acts like a normal spin_lock/unlock.
8011 + * Don't need preempt_disable() because that is in the spin_lock already.
8012 + */
8013 ++static inline void write_seqlock(seqlock_t *sl) __acquires(sl);
8014 + static inline void write_seqlock(seqlock_t *sl)
8015 + {
8016 + spin_lock(&sl->lock);
8017 + write_seqcount_begin(&sl->seqcount);
8018 + }
8019 +
8020 ++static inline void write_sequnlock(seqlock_t *sl) __releases(sl);
8021 + static inline void write_sequnlock(seqlock_t *sl)
8022 + {
8023 + write_seqcount_end(&sl->seqcount);
8024 + spin_unlock(&sl->lock);
8025 + }
8026 +
8027 ++static inline void write_seqlock_bh(seqlock_t *sl) __acquires(sl);
8028 + static inline void write_seqlock_bh(seqlock_t *sl)
8029 + {
8030 + spin_lock_bh(&sl->lock);
8031 + write_seqcount_begin(&sl->seqcount);
8032 + }
8033 +
8034 ++static inline void write_sequnlock_bh(seqlock_t *sl) __releases(sl);
8035 + static inline void write_sequnlock_bh(seqlock_t *sl)
8036 + {
8037 + write_seqcount_end(&sl->seqcount);
8038 + spin_unlock_bh(&sl->lock);
8039 + }
8040 +
8041 ++static inline void write_seqlock_irq(seqlock_t *sl) __acquires(sl);
8042 + static inline void write_seqlock_irq(seqlock_t *sl)
8043 + {
8044 + spin_lock_irq(&sl->lock);
8045 + write_seqcount_begin(&sl->seqcount);
8046 + }
8047 +
8048 ++static inline void write_sequnlock_irq(seqlock_t *sl) __releases(sl);
8049 + static inline void write_sequnlock_irq(seqlock_t *sl)
8050 + {
8051 + write_seqcount_end(&sl->seqcount);
8052 + spin_unlock_irq(&sl->lock);
8053 + }
8054 +
8055 ++static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl) __acquires(sl);
8056 + static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl)
8057 + {
8058 + unsigned long flags;
8059 +@@ -488,6 +495,7 @@ static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl)
8060 + #define write_seqlock_irqsave(lock, flags) \
8061 + do { flags = __write_seqlock_irqsave(lock); } while (0)
8062 +
8063 ++static inline void write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags) __releases(sl);
8064 + static inline void
8065 + write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags)
8066 + {
8067 +@@ -500,11 +508,13 @@ write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags)
8068 + * but doesn't update the sequence number. Acts like a normal spin_lock/unlock.
8069 + * Don't need preempt_disable() because that is in the spin_lock already.
8070 + */
8071 ++static inline void read_seqlock_excl(seqlock_t *sl) __acquires(sl);
8072 + static inline void read_seqlock_excl(seqlock_t *sl)
8073 + {
8074 + spin_lock(&sl->lock);
8075 + }
8076 +
8077 ++static inline void read_sequnlock_excl(seqlock_t *sl) __releases(sl);
8078 + static inline void read_sequnlock_excl(seqlock_t *sl)
8079 + {
8080 + spin_unlock(&sl->lock);
8081 diff --git a/include/linux/shm.h b/include/linux/shm.h
8082 index 6fb8016..2cf60e7 100644
8083 --- a/include/linux/shm.h
8084 @@ -103026,6 +103858,112 @@ index 680f9a3..f13aeb0 100644
8085 __SONET_ITEMS
8086 #undef __HANDLE_ITEM
8087 };
8088 +diff --git a/include/linux/spinlock.h b/include/linux/spinlock.h
8089 +index 0063b24..b2f35f7 100644
8090 +--- a/include/linux/spinlock.h
8091 ++++ b/include/linux/spinlock.h
8092 +@@ -152,14 +152,17 @@ do { \
8093 + extern int do_raw_spin_trylock(raw_spinlock_t *lock);
8094 + extern void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock);
8095 + #else
8096 +-static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock)
8097 ++static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock);
8098 ++static inline void do_raw_spin_lock(raw_spinlock_t *lock)
8099 + {
8100 + __acquire(lock);
8101 + arch_spin_lock(&lock->raw_lock);
8102 + }
8103 +
8104 + static inline void
8105 +-do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock)
8106 ++do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock);
8107 ++static inline void
8108 ++do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags)
8109 + {
8110 + __acquire(lock);
8111 + arch_spin_lock_flags(&lock->raw_lock, *flags);
8112 +@@ -170,7 +173,8 @@ static inline int do_raw_spin_trylock(raw_spinlock_t *lock)
8113 + return arch_spin_trylock(&(lock)->raw_lock);
8114 + }
8115 +
8116 +-static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock)
8117 ++static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock);
8118 ++static inline void do_raw_spin_unlock(raw_spinlock_t *lock)
8119 + {
8120 + arch_spin_unlock(&lock->raw_lock);
8121 + __release(lock);
8122 +@@ -307,11 +311,13 @@ do { \
8123 + raw_spin_lock_init(&(_lock)->rlock); \
8124 + } while (0)
8125 +
8126 ++static inline void spin_lock(spinlock_t *lock) __acquires(lock);
8127 + static inline void spin_lock(spinlock_t *lock)
8128 + {
8129 + raw_spin_lock(&lock->rlock);
8130 + }
8131 +
8132 ++static inline void spin_lock_bh(spinlock_t *lock) __acquires(lock);
8133 + static inline void spin_lock_bh(spinlock_t *lock)
8134 + {
8135 + raw_spin_lock_bh(&lock->rlock);
8136 +@@ -337,6 +343,7 @@ do { \
8137 + raw_spin_lock_nest_lock(spinlock_check(lock), nest_lock); \
8138 + } while (0)
8139 +
8140 ++static inline void spin_lock_irq(spinlock_t *lock) __acquires(lock);
8141 + static inline void spin_lock_irq(spinlock_t *lock)
8142 + {
8143 + raw_spin_lock_irq(&lock->rlock);
8144 +@@ -352,21 +359,25 @@ do { \
8145 + raw_spin_lock_irqsave_nested(spinlock_check(lock), flags, subclass); \
8146 + } while (0)
8147 +
8148 ++static inline void spin_unlock(spinlock_t *lock) __releases(lock);
8149 + static inline void spin_unlock(spinlock_t *lock)
8150 + {
8151 + raw_spin_unlock(&lock->rlock);
8152 + }
8153 +
8154 ++static inline void spin_unlock_bh(spinlock_t *lock) __releases(lock);
8155 + static inline void spin_unlock_bh(spinlock_t *lock)
8156 + {
8157 + raw_spin_unlock_bh(&lock->rlock);
8158 + }
8159 +
8160 ++static inline void spin_unlock_irq(spinlock_t *lock) __releases(lock);
8161 + static inline void spin_unlock_irq(spinlock_t *lock)
8162 + {
8163 + raw_spin_unlock_irq(&lock->rlock);
8164 + }
8165 +
8166 ++static inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) __releases(lock);
8167 + static inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags)
8168 + {
8169 + raw_spin_unlock_irqrestore(&lock->rlock, flags);
8170 +diff --git a/include/linux/srcu.h b/include/linux/srcu.h
8171 +index bdeb456..6412bb0 100644
8172 +--- a/include/linux/srcu.h
8173 ++++ b/include/linux/srcu.h
8174 +@@ -213,7 +213,8 @@ static inline int srcu_read_lock_held(struct srcu_struct *sp)
8175 + * srcu_read_unlock() in an irq handler if the matching srcu_read_lock()
8176 + * was invoked in process context.
8177 + */
8178 +-static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp)
8179 ++static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp);
8180 ++static inline int srcu_read_lock(struct srcu_struct *sp)
8181 + {
8182 + int retval = __srcu_read_lock(sp);
8183 +
8184 +@@ -228,8 +229,8 @@ static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp)
8185 + *
8186 + * Exit an SRCU read-side critical section.
8187 + */
8188 ++static inline void srcu_read_unlock(struct srcu_struct *sp, int idx) __releases(sp);
8189 + static inline void srcu_read_unlock(struct srcu_struct *sp, int idx)
8190 +- __releases(sp)
8191 + {
8192 + rcu_lock_release(&(sp)->dep_map);
8193 + __srcu_read_unlock(sp, idx);
8194 diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
8195 index 07d8e53..dc934c9 100644
8196 --- a/include/linux/sunrpc/addr.h
8197 @@ -103143,7 +104081,7 @@ index e7a018e..49f8b17 100644
8198 extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page,
8199 unsigned long offset, size_t size,
8200 diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
8201 -index b45c45b..a6ae64c 100644
8202 +index b45c45b..2a4f077 100644
8203 --- a/include/linux/syscalls.h
8204 +++ b/include/linux/syscalls.h
8205 @@ -102,7 +102,12 @@ union bpf_attr;
8206 @@ -103198,6 +104136,15 @@ index b45c45b..a6ae64c 100644
8207 const struct timespec __user *timeout);
8208 asmlinkage long sys_shmat(int shmid, char __user *shmaddr, int shmflg);
8209 asmlinkage long sys_shmget(key_t key, size_t size, int flag);
8210 +@@ -878,7 +883,7 @@ asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
8211 + const char __user *uargs);
8212 + asmlinkage long sys_getrandom(char __user *buf, size_t count,
8213 + unsigned int flags);
8214 +-asmlinkage long sys_bpf(int cmd, union bpf_attr *attr, unsigned int size);
8215 ++asmlinkage long sys_bpf(int cmd, union bpf_attr __user *attr, unsigned int size);
8216 +
8217 + asmlinkage long sys_execveat(int dfd, const char __user *filename,
8218 + const char __user *const __user *argv,
8219 diff --git a/include/linux/syscore_ops.h b/include/linux/syscore_ops.h
8220 index 27b3b0b..e093dd9 100644
8221 --- a/include/linux/syscore_ops.h
8222 @@ -103365,7 +104312,7 @@ index ff307b5..f1a4468 100644
8223
8224 #endif /* _LINUX_THREAD_INFO_H */
8225 diff --git a/include/linux/tty.h b/include/linux/tty.h
8226 -index ad6c891..93a8f45 100644
8227 +index 342a760..24296fa 100644
8228 --- a/include/linux/tty.h
8229 +++ b/include/linux/tty.h
8230 @@ -225,7 +225,7 @@ struct tty_port {
8231 @@ -103395,6 +104342,26 @@ index ad6c891..93a8f45 100644
8232 }
8233
8234 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc);
8235 +@@ -605,7 +605,7 @@ extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops);
8236 +
8237 + /* tty_audit.c */
8238 + #ifdef CONFIG_AUDIT
8239 +-extern void tty_audit_add_data(struct tty_struct *tty, const void *data,
8240 ++extern void tty_audit_add_data(struct tty_struct *tty, const unsigned char *data,
8241 + size_t size, unsigned icanon);
8242 + extern void tty_audit_exit(void);
8243 + extern void tty_audit_fork(struct signal_struct *sig);
8244 +@@ -613,8 +613,8 @@ extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
8245 + extern void tty_audit_push(struct tty_struct *tty);
8246 + extern int tty_audit_push_current(void);
8247 + #else
8248 +-static inline void tty_audit_add_data(struct tty_struct *tty, const void *data,
8249 +- size_t size, unsigned icanon)
8250 ++static inline void tty_audit_add_data(struct tty_struct *tty,
8251 ++ const unsigned char *data, size_t size, unsigned icanon)
8252 + {
8253 + }
8254 + static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch)
8255 diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
8256 index 92e337c..f46757b 100644
8257 --- a/include/linux/tty_driver.h
8258 @@ -103861,6 +104828,21 @@ index 82e7db7..f8ce3d0 100644
8259 }
8260
8261 static inline void __inc_zone_page_state(struct page *page,
8262 +diff --git a/include/linux/writeback.h b/include/linux/writeback.h
8263 +index b333c94..6b59f39 100644
8264 +--- a/include/linux/writeback.h
8265 ++++ b/include/linux/writeback.h
8266 +@@ -277,8 +277,9 @@ static inline void inode_detach_wb(struct inode *inode)
8267 + }
8268 +
8269 + static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc,
8270 ++ struct inode *inode) __releases(&inode->i_lock);
8271 ++static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc,
8272 + struct inode *inode)
8273 +- __releases(&inode->i_lock)
8274 + {
8275 + spin_unlock(&inode->i_lock);
8276 + }
8277 diff --git a/include/linux/xattr.h b/include/linux/xattr.h
8278 index 91b0a68..0e9adf6 100644
8279 --- a/include/linux/xattr.h
8280 @@ -104124,7 +105106,7 @@ index b8529aa..b0f7445 100644
8281 stats->tx_errors++;
8282 stats->tx_aborted_errors++;
8283 diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
8284 -index 5fa643b..d871e20 100644
8285 +index ff6d78f..7b5933f 100644
8286 --- a/include/net/ip_fib.h
8287 +++ b/include/net/ip_fib.h
8288 @@ -170,7 +170,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh);
8289 @@ -105221,7 +106203,7 @@ index 7530e74..e714828 100644
8290
8291 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
8292 diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
8293 -index 0e011eb..82681b1 100644
8294 +index 0e011eb..0020b3c 100644
8295 --- a/include/uapi/linux/swab.h
8296 +++ b/include/uapi/linux/swab.h
8297 @@ -43,7 +43,7 @@
8298 @@ -105229,7 +106211,7 @@ index 0e011eb..82681b1 100644
8299 */
8300
8301 -static inline __attribute_const__ __u16 __fswab16(__u16 val)
8302 -+static inline __intentional_overflow(-1) __attribute_const__ __u16 __fswab16(__u16 val)
8303 ++static inline __intentional_overflow(0) __attribute_const__ __u16 __fswab16(__u16 val)
8304 {
8305 #ifdef __HAVE_BUILTIN_BSWAP16__
8306 return __builtin_bswap16(val);
8307 @@ -105238,7 +106220,7 @@ index 0e011eb..82681b1 100644
8308 }
8309
8310 -static inline __attribute_const__ __u32 __fswab32(__u32 val)
8311 -+static inline __intentional_overflow(-1) __attribute_const__ __u32 __fswab32(__u32 val)
8312 ++static inline __intentional_overflow(0) __attribute_const__ __u32 __fswab32(__u32 val)
8313 {
8314 #ifdef __HAVE_BUILTIN_BSWAP32__
8315 return __builtin_bswap32(val);
8316 @@ -105247,7 +106229,7 @@ index 0e011eb..82681b1 100644
8317 }
8318
8319 -static inline __attribute_const__ __u64 __fswab64(__u64 val)
8320 -+static inline __intentional_overflow(-1) __attribute_const__ __u64 __fswab64(__u64 val)
8321 ++static inline __intentional_overflow(0) __attribute_const__ __u64 __fswab64(__u64 val)
8322 {
8323 #ifdef __HAVE_BUILTIN_BSWAP64__
8324 return __builtin_bswap64(val);
8325 @@ -105846,7 +106828,7 @@ index 9b3c85f..5266b0f 100644
8326 {
8327 struct timespec __user *ts64;
8328 diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
8329 -index 8ad93c2..efd80f8 100644
8330 +index 8ad93c2..54036e1 100644
8331 --- a/ipc/ipc_sysctl.c
8332 +++ b/ipc/ipc_sysctl.c
8333 @@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table)
8334 @@ -105885,6 +106867,33 @@ index 8ad93c2..efd80f8 100644
8335 int dummy = 0;
8336
8337 memcpy(&ipc_table, table, sizeof(ipc_table));
8338 +@@ -99,6 +99,8 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
8339 + static int zero;
8340 + static int one = 1;
8341 + static int int_max = INT_MAX;
8342 ++static unsigned long long_zero = 0;
8343 ++static unsigned long long_max = LONG_MAX;
8344 +
8345 + static struct ctl_table ipc_kern_table[] = {
8346 + {
8347 +@@ -107,6 +109,8 @@ static struct ctl_table ipc_kern_table[] = {
8348 + .maxlen = sizeof(init_ipc_ns.shm_ctlmax),
8349 + .mode = 0644,
8350 + .proc_handler = proc_ipc_doulongvec_minmax,
8351 ++ .extra1 = &long_zero,
8352 ++ .extra2 = &long_max,
8353 + },
8354 + {
8355 + .procname = "shmall",
8356 +@@ -114,6 +118,8 @@ static struct ctl_table ipc_kern_table[] = {
8357 + .maxlen = sizeof(init_ipc_ns.shm_ctlall),
8358 + .mode = 0644,
8359 + .proc_handler = proc_ipc_doulongvec_minmax,
8360 ++ .extra1 = &long_zero,
8361 ++ .extra2 = &long_max,
8362 + },
8363 + {
8364 + .procname = "shmmni",
8365 diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
8366 index 68d4e95..1477ded 100644
8367 --- a/ipc/mq_sysctl.c
8368 @@ -106723,7 +107732,7 @@ index 41213454..861e178 100644
8369 #ifdef CONFIG_MODULE_UNLOAD
8370 {
8371 diff --git a/kernel/events/core.c b/kernel/events/core.c
8372 -index e6feb51..470c853 100644
8373 +index e6feb51..ce984cb 100644
8374 --- a/kernel/events/core.c
8375 +++ b/kernel/events/core.c
8376 @@ -174,8 +174,15 @@ static struct srcu_struct pmus_srcu;
8377 @@ -106761,6 +107770,15 @@ index e6feb51..470c853 100644
8378
8379 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
8380 enum event_type_t event_type);
8381 +@@ -3296,7 +3303,7 @@ find_lively_task_by_vpid(pid_t vpid)
8382 +
8383 + /* Reuse ptrace permission checks for now. */
8384 + err = -EACCES;
8385 +- if (!ptrace_may_access(task, PTRACE_MODE_READ))
8386 ++ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
8387 + goto errout;
8388 +
8389 + return task;
8390 @@ -3753,9 +3760,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
8391 mutex_lock(&event->child_mutex);
8392 total += perf_event_read(event);
8393 @@ -106902,7 +107920,7 @@ index cb346f2..e4dc317 100644
8394 pagefault_disable();
8395 result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr,
8396 diff --git a/kernel/exit.c b/kernel/exit.c
8397 -index 031325e..c6342c4 100644
8398 +index 031325e..7ac751f 100644
8399 --- a/kernel/exit.c
8400 +++ b/kernel/exit.c
8401 @@ -171,6 +171,10 @@ void release_task(struct task_struct *p)
8402 @@ -106916,7 +107934,27 @@ index 031325e..c6342c4 100644
8403 /* don't need to get the RCU readlock here - the process is dead and
8404 * can't be modifying its own credentials. But shut RCU-lockdep up */
8405 rcu_read_lock();
8406 -@@ -656,6 +660,8 @@ void do_exit(long code)
8407 +@@ -450,9 +454,8 @@ static struct task_struct *find_alive_thread(struct task_struct *p)
8408 + return NULL;
8409 + }
8410 +
8411 ++static struct task_struct *find_child_reaper(struct task_struct *father) __must_hold(&tasklist_lock);
8412 + static struct task_struct *find_child_reaper(struct task_struct *father)
8413 +- __releases(&tasklist_lock)
8414 +- __acquires(&tasklist_lock)
8415 + {
8416 + struct pid_namespace *pid_ns = task_active_pid_ns(father);
8417 + struct task_struct *reaper = pid_ns->child_reaper;
8418 +@@ -549,6 +552,8 @@ static void reparent_leader(struct task_struct *father, struct task_struct *p,
8419 + * jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
8420 + */
8421 + static void forget_original_parent(struct task_struct *father,
8422 ++ struct list_head *dead) __must_hold(&tasklist_lock);
8423 ++static void forget_original_parent(struct task_struct *father,
8424 + struct list_head *dead)
8425 + {
8426 + struct task_struct *p, *t, *reaper;
8427 +@@ -656,6 +661,8 @@ void do_exit(long code)
8428 int group_dead;
8429 TASKS_RCU(int tasks_rcu_i);
8430
8431 @@ -106925,7 +107963,7 @@ index 031325e..c6342c4 100644
8432 profile_task_exit(tsk);
8433
8434 WARN_ON(blk_needs_flush_plug(tsk));
8435 -@@ -672,7 +678,6 @@ void do_exit(long code)
8436 +@@ -672,7 +679,6 @@ void do_exit(long code)
8437 * mm_release()->clear_child_tid() from writing to a user-controlled
8438 * kernel address.
8439 */
8440 @@ -106933,7 +107971,7 @@ index 031325e..c6342c4 100644
8441
8442 ptrace_event(PTRACE_EVENT_EXIT, code);
8443
8444 -@@ -730,6 +735,9 @@ void do_exit(long code)
8445 +@@ -730,6 +736,9 @@ void do_exit(long code)
8446 tsk->exit_code = code;
8447 taskstats_exit(tsk, group_dead);
8448
8449 @@ -106943,7 +107981,7 @@ index 031325e..c6342c4 100644
8450 exit_mm(tsk);
8451
8452 if (group_dead)
8453 -@@ -847,7 +855,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
8454 +@@ -847,7 +856,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
8455 * Take down every thread in the group. This is called by fatal signals
8456 * as well as by sys_exit_group (below).
8457 */
8458 @@ -106952,8 +107990,109 @@ index 031325e..c6342c4 100644
8459 do_group_exit(int exit_code)
8460 {
8461 struct signal_struct *sig = current->signal;
8462 +@@ -964,6 +973,7 @@ static int wait_noreap_copyout(struct wait_opts *wo, struct task_struct *p,
8463 + * the lock and this task is uninteresting. If we return nonzero, we have
8464 + * released the lock and the system call should return.
8465 + */
8466 ++static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock);
8467 + static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
8468 + {
8469 + int state, retval, status;
8470 +@@ -980,6 +990,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
8471 +
8472 + get_task_struct(p);
8473 + read_unlock(&tasklist_lock);
8474 ++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release
8475 + sched_annotate_sleep();
8476 +
8477 + if ((exit_code & 0x7f) == 0) {
8478 +@@ -1002,6 +1013,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
8479 + * We own this thread, nobody else can reap it.
8480 + */
8481 + read_unlock(&tasklist_lock);
8482 ++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release
8483 + sched_annotate_sleep();
8484 +
8485 + /*
8486 +@@ -1145,6 +1157,8 @@ static int *task_stopped_code(struct task_struct *p, bool ptrace)
8487 + * search should terminate.
8488 + */
8489 + static int wait_task_stopped(struct wait_opts *wo,
8490 ++ int ptrace, struct task_struct *p) __must_hold(&tasklist_lock);
8491 ++static int wait_task_stopped(struct wait_opts *wo,
8492 + int ptrace, struct task_struct *p)
8493 + {
8494 + struct siginfo __user *infop;
8495 +@@ -1192,6 +1206,7 @@ unlock_sig:
8496 + pid = task_pid_vnr(p);
8497 + why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
8498 + read_unlock(&tasklist_lock);
8499 ++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release
8500 + sched_annotate_sleep();
8501 +
8502 + if (unlikely(wo->wo_flags & WNOWAIT))
8503 +@@ -1229,6 +1244,7 @@ unlock_sig:
8504 + * the lock and this task is uninteresting. If we return nonzero, we have
8505 + * released the lock and the system call should return.
8506 + */
8507 ++static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock);
8508 + static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
8509 + {
8510 + int retval;
8511 +@@ -1255,6 +1271,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
8512 + pid = task_pid_vnr(p);
8513 + get_task_struct(p);
8514 + read_unlock(&tasklist_lock);
8515 ++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release
8516 + sched_annotate_sleep();
8517 +
8518 + if (!wo->wo_info) {
8519 +@@ -1284,6 +1301,8 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
8520 + * or another error from security_task_wait(), or still -ECHILD.
8521 + */
8522 + static int wait_consider_task(struct wait_opts *wo, int ptrace,
8523 ++ struct task_struct *p) __must_hold(&tasklist_lock);
8524 ++static int wait_consider_task(struct wait_opts *wo, int ptrace,
8525 + struct task_struct *p)
8526 + {
8527 + /*
8528 +@@ -1409,6 +1428,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
8529 + * ->notask_error is 0 if there were any eligible children,
8530 + * or another error from security_task_wait(), or still -ECHILD.
8531 + */
8532 ++static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock);
8533 + static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
8534 + {
8535 + struct task_struct *p;
8536 +@@ -1423,6 +1443,7 @@ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
8537 + return 0;
8538 + }
8539 +
8540 ++static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock);
8541 + static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
8542 + {
8543 + struct task_struct *p;
8544 +@@ -1486,12 +1507,16 @@ repeat:
8545 + tsk = current;
8546 + do {
8547 + retval = do_wait_thread(wo, tsk);
8548 +- if (retval)
8549 ++ if (retval) {
8550 ++ __release(&tasklist_lock); // XXX sparse can't model conditional release
8551 + goto end;
8552 ++ }
8553 +
8554 + retval = ptrace_do_wait(wo, tsk);
8555 +- if (retval)
8556 ++ if (retval) {
8557 ++ __release(&tasklist_lock); // XXX sparse can't model conditional release
8558 + goto end;
8559 ++ }
8560 +
8561 + if (wo->wo_flags & __WNOTHREAD)
8562 + break;
8563 diff --git a/kernel/fork.c b/kernel/fork.c
8564 -index e769c8c..9fa1de5 100644
8565 +index e769c8c..882ebbb 100644
8566 --- a/kernel/fork.c
8567 +++ b/kernel/fork.c
8568 @@ -188,12 +188,54 @@ static void free_thread_info(struct thread_info *ti)
8569 @@ -107287,7 +108426,7 @@ index e769c8c..9fa1de5 100644
8570 - if (mm && mm != current->mm &&
8571 - !ptrace_may_access(task, mode)) {
8572 + if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) ||
8573 -+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
8574 ++ ((mode & PTRACE_MODE_ATTACH) && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
8575 mmput(mm);
8576 mm = ERR_PTR(-EACCES);
8577 }
8578 @@ -107408,7 +108547,7 @@ index e769c8c..9fa1de5 100644
8579 int threads = max_threads;
8580 int min = MIN_THREADS;
8581 diff --git a/kernel/futex.c b/kernel/futex.c
8582 -index c4a182f..e789324 100644
8583 +index c4a182f..32e2eac 100644
8584 --- a/kernel/futex.c
8585 +++ b/kernel/futex.c
8586 @@ -201,7 +201,7 @@ struct futex_pi_state {
8587 @@ -107450,6 +108589,15 @@ index c4a182f..e789324 100644
8588
8589 pagefault_disable();
8590 ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
8591 +@@ -2782,7 +2787,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
8592 + }
8593 +
8594 + ret = -EPERM;
8595 +- if (!ptrace_may_access(p, PTRACE_MODE_READ))
8596 ++ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
8597 + goto err_unlock;
8598 +
8599 + head = p->robust_list;
8600 @@ -3030,6 +3035,7 @@ static void __init futex_detect_cmpxchg(void)
8601 {
8602 #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
8603 @@ -107471,7 +108619,7 @@ index c4a182f..e789324 100644
8604 }
8605
8606 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
8607 -index 55c8c93..9ba7ad6 100644
8608 +index 55c8c93..5adee02 100644
8609 --- a/kernel/futex_compat.c
8610 +++ b/kernel/futex_compat.c
8611 @@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
8612 @@ -107483,6 +108631,15 @@ index 55c8c93..9ba7ad6 100644
8613 compat_long_t futex_offset)
8614 {
8615 compat_uptr_t base = ptr_to_compat(entry);
8616 +@@ -155,7 +155,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
8617 + }
8618 +
8619 + ret = -EPERM;
8620 +- if (!ptrace_may_access(p, PTRACE_MODE_READ))
8621 ++ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
8622 + goto err_unlock;
8623 +
8624 + head = p->compat_robust_list;
8625 diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
8626 index 7080ae1..c9b3761 100644
8627 --- a/kernel/gcov/base.c
8628 @@ -107721,7 +108878,7 @@ index 5c5987f..bc502b0 100644
8629 type, iter->name, iter->module_name);
8630 } else
8631 diff --git a/kernel/kcmp.c b/kernel/kcmp.c
8632 -index 0aa69ea..a7fcafb 100644
8633 +index 0aa69ea..bcb17e3 100644
8634 --- a/kernel/kcmp.c
8635 +++ b/kernel/kcmp.c
8636 @@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
8637 @@ -107735,6 +108892,17 @@ index 0aa69ea..a7fcafb 100644
8638 rcu_read_lock();
8639
8640 /*
8641 +@@ -122,8 +126,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
8642 + &task2->signal->cred_guard_mutex);
8643 + if (ret)
8644 + goto err;
8645 +- if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
8646 +- !ptrace_may_access(task2, PTRACE_MODE_READ)) {
8647 ++ if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) ||
8648 ++ !ptrace_may_access(task2, PTRACE_MODE_READ_REALCREDS)) {
8649 + ret = -EPERM;
8650 + goto err_unlock;
8651 + }
8652 diff --git a/kernel/kexec.c b/kernel/kexec.c
8653 index a785c10..6dbb06f 100644
8654 --- a/kernel/kexec.c
8655 @@ -109675,10 +110843,74 @@ index a7bcd28..5b368fa 100644
8656 }
8657
8658 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
8659 -index c8e0e05..2be5614 100644
8660 +index c8e0e05..0a6d59d 100644
8661 --- a/kernel/ptrace.c
8662 +++ b/kernel/ptrace.c
8663 -@@ -321,7 +321,7 @@ static int ptrace_attach(struct task_struct *task, long request,
8664 +@@ -219,6 +219,14 @@ static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
8665 + static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
8666 + {
8667 + const struct cred *cred = current_cred(), *tcred;
8668 ++ int dumpable = 0;
8669 ++ kuid_t caller_uid;
8670 ++ kgid_t caller_gid;
8671 ++
8672 ++ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
8673 ++ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
8674 ++ return -EPERM;
8675 ++ }
8676 +
8677 + /* May we inspect the given task?
8678 + * This check is used both for attaching with ptrace
8679 +@@ -228,18 +236,32 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
8680 + * because setting up the necessary parent/child relationship
8681 + * or halting the specified task is impossible.
8682 + */
8683 +- int dumpable = 0;
8684 + /* Don't let security modules deny introspection */
8685 + if (same_thread_group(task, current))
8686 + return 0;
8687 + rcu_read_lock();
8688 ++ if (mode & PTRACE_MODE_FSCREDS) {
8689 ++ caller_uid = cred->fsuid;
8690 ++ caller_gid = cred->fsgid;
8691 ++ } else {
8692 ++ /*
8693 ++ * Using the euid would make more sense here, but something
8694 ++ * in userland might rely on the old behavior, and this
8695 ++ * shouldn't be a security problem since
8696 ++ * PTRACE_MODE_REALCREDS implies that the caller explicitly
8697 ++ * used a syscall that requests access to another process
8698 ++ * (and not a filesystem syscall to procfs).
8699 ++ */
8700 ++ caller_uid = cred->uid;
8701 ++ caller_gid = cred->gid;
8702 ++ }
8703 + tcred = __task_cred(task);
8704 +- if (uid_eq(cred->uid, tcred->euid) &&
8705 +- uid_eq(cred->uid, tcred->suid) &&
8706 +- uid_eq(cred->uid, tcred->uid) &&
8707 +- gid_eq(cred->gid, tcred->egid) &&
8708 +- gid_eq(cred->gid, tcred->sgid) &&
8709 +- gid_eq(cred->gid, tcred->gid))
8710 ++ if (uid_eq(caller_uid, tcred->euid) &&
8711 ++ uid_eq(caller_uid, tcred->suid) &&
8712 ++ uid_eq(caller_uid, tcred->uid) &&
8713 ++ gid_eq(caller_gid, tcred->egid) &&
8714 ++ gid_eq(caller_gid, tcred->sgid) &&
8715 ++ gid_eq(caller_gid, tcred->gid))
8716 + goto ok;
8717 + if (ptrace_has_cap(tcred->user_ns, mode))
8718 + goto ok;
8719 +@@ -306,7 +328,7 @@ static int ptrace_attach(struct task_struct *task, long request,
8720 + goto out;
8721 +
8722 + task_lock(task);
8723 +- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
8724 ++ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
8725 + task_unlock(task);
8726 + if (retval)
8727 + goto unlock_creds;
8728 +@@ -321,7 +343,7 @@ static int ptrace_attach(struct task_struct *task, long request,
8729 if (seize)
8730 flags |= PT_SEIZED;
8731 rcu_read_lock();
8732 @@ -109687,7 +110919,7 @@ index c8e0e05..2be5614 100644
8733 flags |= PT_PTRACE_CAP;
8734 rcu_read_unlock();
8735 task->ptrace = flags;
8736 -@@ -514,7 +514,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
8737 +@@ -514,7 +536,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
8738 break;
8739 return -EIO;
8740 }
8741 @@ -109696,7 +110928,7 @@ index c8e0e05..2be5614 100644
8742 return -EFAULT;
8743 copied += retval;
8744 src += retval;
8745 -@@ -802,7 +802,7 @@ int ptrace_request(struct task_struct *child, long request,
8746 +@@ -802,7 +824,7 @@ int ptrace_request(struct task_struct *child, long request,
8747 bool seized = child->ptrace & PT_SEIZED;
8748 int ret = -EIO;
8749 siginfo_t siginfo, *si;
8750 @@ -109705,7 +110937,7 @@ index c8e0e05..2be5614 100644
8751 unsigned long __user *datalp = datavp;
8752 unsigned long flags;
8753
8754 -@@ -1048,14 +1048,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
8755 +@@ -1048,14 +1070,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
8756 goto out;
8757 }
8758
8759 @@ -109728,7 +110960,7 @@ index c8e0e05..2be5614 100644
8760 goto out_put_task_struct;
8761 }
8762
8763 -@@ -1083,7 +1090,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
8764 +@@ -1083,7 +1112,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
8765 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
8766 if (copied != sizeof(tmp))
8767 return -EIO;
8768 @@ -109737,7 +110969,7 @@ index c8e0e05..2be5614 100644
8769 }
8770
8771 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
8772 -@@ -1176,7 +1183,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
8773 +@@ -1176,7 +1205,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
8774 }
8775
8776 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
8777 @@ -109746,7 +110978,7 @@ index c8e0e05..2be5614 100644
8778 {
8779 struct task_struct *child;
8780 long ret;
8781 -@@ -1192,14 +1199,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
8782 +@@ -1192,14 +1221,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
8783 goto out;
8784 }
8785
8786 @@ -110359,9 +111591,29 @@ index 3ea7ffc..cb06f2d 100644
8787 }
8788
8789 diff --git a/kernel/resource.c b/kernel/resource.c
8790 -index fed052a..ad13346 100644
8791 +index fed052a..14936eb 100644
8792 --- a/kernel/resource.c
8793 +++ b/kernel/resource.c
8794 +@@ -84,8 +84,8 @@ static void *r_next(struct seq_file *m, void *v, loff_t *pos)
8795 +
8796 + enum { MAX_IORES_LEVEL = 5 };
8797 +
8798 ++static void *r_start(struct seq_file *m, loff_t *pos) __acquires(&resource_lock);
8799 + static void *r_start(struct seq_file *m, loff_t *pos)
8800 +- __acquires(resource_lock)
8801 + {
8802 + struct resource *p = m->private;
8803 + loff_t l = 0;
8804 +@@ -95,8 +95,8 @@ static void *r_start(struct seq_file *m, loff_t *pos)
8805 + return p;
8806 + }
8807 +
8808 ++static void r_stop(struct seq_file *m, void *v) __releases(&resource_lock);
8809 + static void r_stop(struct seq_file *m, void *v)
8810 +- __releases(resource_lock)
8811 + {
8812 + read_unlock(&resource_lock);
8813 + }
8814 @@ -162,8 +162,18 @@ static const struct file_operations proc_iomem_operations = {
8815
8816 static int __init ioresources_init(void)
8817 @@ -110604,7 +111856,7 @@ index 08ab96b..82ab34c 100644
8818 static inline void put_prev_task(struct rq *rq, struct task_struct *prev)
8819 {
8820 diff --git a/kernel/signal.c b/kernel/signal.c
8821 -index 0f6bbbe..d77d2c3 100644
8822 +index 0f6bbbe..4791c7d 100644
8823 --- a/kernel/signal.c
8824 +++ b/kernel/signal.c
8825 @@ -53,12 +53,12 @@ static struct kmem_cache *sigqueue_cachep;
8826 @@ -110650,7 +111902,15 @@ index 0f6bbbe..d77d2c3 100644
8827 if (is_global_init(tsk))
8828 return 1;
8829 if (handler != SIG_IGN && handler != SIG_DFL)
8830 -@@ -788,6 +791,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
8831 +@@ -602,6 +605,7 @@ static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
8832 + *
8833 + * All callers have to hold the siglock.
8834 + */
8835 ++int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock);
8836 + int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
8837 + {
8838 + int signr;
8839 +@@ -788,6 +792,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
8840 }
8841 }
8842
8843 @@ -110664,7 +111924,7 @@ index 0f6bbbe..d77d2c3 100644
8844 return security_task_kill(t, info, sig, 0);
8845 }
8846
8847 -@@ -1171,7 +1181,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
8848 +@@ -1171,7 +1182,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
8849 return send_signal(sig, info, p, 1);
8850 }
8851
8852 @@ -110673,7 +111933,7 @@ index 0f6bbbe..d77d2c3 100644
8853 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
8854 {
8855 return send_signal(sig, info, t, 0);
8856 -@@ -1208,6 +1218,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
8857 +@@ -1208,6 +1219,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
8858 unsigned long int flags;
8859 int ret, blocked, ignored;
8860 struct k_sigaction *action;
8861 @@ -110681,7 +111941,7 @@ index 0f6bbbe..d77d2c3 100644
8862
8863 spin_lock_irqsave(&t->sighand->siglock, flags);
8864 action = &t->sighand->action[sig-1];
8865 -@@ -1222,9 +1233,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
8866 +@@ -1222,9 +1234,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
8867 }
8868 if (action->sa.sa_handler == SIG_DFL)
8869 t->signal->flags &= ~SIGNAL_UNKILLABLE;
8870 @@ -110700,7 +111960,7 @@ index 0f6bbbe..d77d2c3 100644
8871 return ret;
8872 }
8873
8874 -@@ -1305,8 +1325,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
8875 +@@ -1305,8 +1326,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
8876 ret = check_kill_permission(sig, info, p);
8877 rcu_read_unlock();
8878
8879 @@ -110713,7 +111973,56 @@ index 0f6bbbe..d77d2c3 100644
8880
8881 return ret;
8882 }
8883 -@@ -2913,7 +2936,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
8884 +@@ -1820,9 +1844,8 @@ static int sigkill_pending(struct task_struct *tsk)
8885 + * If we actually decide not to stop at all because the tracer
8886 + * is gone, we keep current->exit_code unless clear_code.
8887 + */
8888 ++static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) __must_hold(&current->sighand->siglock);
8889 + static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info)
8890 +- __releases(&current->sighand->siglock)
8891 +- __acquires(&current->sighand->siglock)
8892 + {
8893 + bool gstop_done = false;
8894 +
8895 +@@ -1942,6 +1965,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info)
8896 + recalc_sigpending_tsk(current);
8897 + }
8898 +
8899 ++static void ptrace_do_notify(int signr, int exit_code, int why) __must_hold(&current->sighand->siglock);
8900 + static void ptrace_do_notify(int signr, int exit_code, int why)
8901 + {
8902 + siginfo_t info;
8903 +@@ -1989,8 +2013,8 @@ void ptrace_notify(int exit_code)
8904 + * %false if group stop is already cancelled or ptrace trap is scheduled.
8905 + * %true if participated in group stop.
8906 + */
8907 ++static bool do_signal_stop(int signr) __releases(&current->sighand->siglock);
8908 + static bool do_signal_stop(int signr)
8909 +- __releases(&current->sighand->siglock)
8910 + {
8911 + struct signal_struct *sig = current->signal;
8912 +
8913 +@@ -2002,8 +2026,10 @@ static bool do_signal_stop(int signr)
8914 + WARN_ON_ONCE(signr & ~JOBCTL_STOP_SIGMASK);
8915 +
8916 + if (!likely(current->jobctl & JOBCTL_STOP_DEQUEUED) ||
8917 +- unlikely(signal_group_exit(sig)))
8918 ++ unlikely(signal_group_exit(sig))) {
8919 ++ __release(&current->sighand->siglock); // XXX sparse can't model conditional release
8920 + return false;
8921 ++ }
8922 + /*
8923 + * There is no group stop already in progress. We must
8924 + * initiate one now.
8925 +@@ -2087,6 +2113,7 @@ static bool do_signal_stop(int signr)
8926 + * Schedule it and let the caller deal with it.
8927 + */
8928 + task_set_jobctl_pending(current, JOBCTL_TRAP_STOP);
8929 ++ __release(&current->sighand->siglock); // XXX sparse can't model conditional release
8930 + return false;
8931 + }
8932 + }
8933 +@@ -2913,7 +2940,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
8934 int error = -ESRCH;
8935
8936 rcu_read_lock();
8937 @@ -110730,7 +112039,7 @@ index 0f6bbbe..d77d2c3 100644
8938 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
8939 error = check_kill_permission(sig, info, p);
8940 /*
8941 -@@ -3242,8 +3273,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
8942 +@@ -3242,8 +3277,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
8943 }
8944 seg = get_fs();
8945 set_fs(KERNEL_DS);
8946 @@ -112435,6 +113744,20 @@ index 7d567a4..407a28d 100644
8947
8948 mutex_lock(&syscall_trace_lock);
8949 sys_perf_refcount_exit--;
8950 +diff --git a/kernel/user.c b/kernel/user.c
8951 +index b069ccb..c59fe26 100644
8952 +--- a/kernel/user.c
8953 ++++ b/kernel/user.c
8954 +@@ -127,8 +127,8 @@ static struct user_struct *uid_hash_find(kuid_t uid, struct hlist_head *hashent)
8955 + * IRQ state (as stored in flags) is restored and uidhash_lock released
8956 + * upon function exit.
8957 + */
8958 ++static void free_user(struct user_struct *up, unsigned long flags) __releases(&uidhash_lock);
8959 + static void free_user(struct user_struct *up, unsigned long flags)
8960 +- __releases(&uidhash_lock)
8961 + {
8962 + uid_hash_remove(up);
8963 + spin_unlock_irqrestore(&uidhash_lock, flags);
8964 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
8965 index 4109f83..fe1f830 100644
8966 --- a/kernel/user_namespace.c
8967 @@ -112497,10 +113820,32 @@ index a6ffa43..e48103b 100644
8968 .thread_should_run = watchdog_should_run,
8969 .thread_fn = watchdog,
8970 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
8971 -index 1de0f5fab..dbf1ec6 100644
8972 +index 1de0f5fab..74907c6 100644
8973 --- a/kernel/workqueue.c
8974 +++ b/kernel/workqueue.c
8975 -@@ -4452,7 +4452,7 @@ static void rebind_workers(struct worker_pool *pool)
8976 +@@ -1858,9 +1858,8 @@ static void pool_mayday_timeout(unsigned long __pool)
8977 + * multiple times. Does GFP_KERNEL allocations. Called only from
8978 + * manager.
8979 + */
8980 ++static void maybe_create_worker(struct worker_pool *pool) __must_hold(&pool->lock);
8981 + static void maybe_create_worker(struct worker_pool *pool)
8982 +-__releases(&pool->lock)
8983 +-__acquires(&pool->lock)
8984 + {
8985 + restart:
8986 + spin_unlock_irq(&pool->lock);
8987 +@@ -1950,9 +1949,8 @@ static bool manage_workers(struct worker *worker)
8988 + * CONTEXT:
8989 + * spin_lock_irq(pool->lock) which is released and regrabbed.
8990 + */
8991 ++static void process_one_work(struct worker *worker, struct work_struct *work) __must_hold(&pool->lock);
8992 + static void process_one_work(struct worker *worker, struct work_struct *work)
8993 +-__releases(&pool->lock)
8994 +-__acquires(&pool->lock)
8995 + {
8996 + struct pool_workqueue *pwq = get_work_pwq(work);
8997 + struct worker_pool *pool = worker->pool;
8998 +@@ -4452,7 +4450,7 @@ static void rebind_workers(struct worker_pool *pool)
8999 WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
9000 worker_flags |= WORKER_REBOUND;
9001 worker_flags &= ~WORKER_UNBOUND;
9002 @@ -113280,6 +114625,30 @@ index 1356454..70ce6c6 100644
9003 };
9004
9005 void rb_insert_color(struct rb_node *node, struct rb_root *root)
9006 +diff --git a/lib/rhashtable.c b/lib/rhashtable.c
9007 +index cc0c697..935eddb 100644
9008 +--- a/lib/rhashtable.c
9009 ++++ b/lib/rhashtable.c
9010 +@@ -545,8 +545,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_exit);
9011 + * will rewind back to the beginning and you may use it immediately
9012 + * by calling rhashtable_walk_next.
9013 + */
9014 ++int rhashtable_walk_start(struct rhashtable_iter *iter) __acquires(RCU);
9015 + int rhashtable_walk_start(struct rhashtable_iter *iter)
9016 +- __acquires(RCU)
9017 + {
9018 + struct rhashtable *ht = iter->ht;
9019 +
9020 +@@ -632,8 +632,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_next);
9021 + *
9022 + * Finish a hash table walk.
9023 + */
9024 ++void rhashtable_walk_stop(struct rhashtable_iter *iter) __releases(RCU);
9025 + void rhashtable_walk_stop(struct rhashtable_iter *iter)
9026 +- __releases(RCU)
9027 + {
9028 + struct rhashtable *ht;
9029 + struct bucket_table *tbl = iter->walker->tbl;
9030 diff --git a/lib/show_mem.c b/lib/show_mem.c
9031 index adc98e18..0ce83c2 100644
9032 --- a/lib/show_mem.c
9033 @@ -116786,7 +118155,7 @@ index 2dd7448..9bb6305 100644
9034
9035 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
9036 diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
9037 -index e88d071..d80e01a 100644
9038 +index e88d071..4043093 100644
9039 --- a/mm/process_vm_access.c
9040 +++ b/mm/process_vm_access.c
9041 @@ -13,6 +13,7 @@
9042 @@ -116824,18 +118193,20 @@ index e88d071..d80e01a 100644
9043 }
9044
9045 if (nr_pages == 0)
9046 -@@ -194,6 +195,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
9047 +@@ -194,7 +195,12 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
9048 goto free_proc_pages;
9049 }
9050
9051 +- mm = mm_access(task, PTRACE_MODE_ATTACH);
9052 + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
9053 + rc = -EPERM;
9054 + goto put_task_struct;
9055 + }
9056 +
9057 - mm = mm_access(task, PTRACE_MODE_ATTACH);
9058 ++ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
9059 if (!mm || IS_ERR(mm)) {
9060 rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
9061 + /*
9062 diff --git a/mm/rmap.c b/mm/rmap.c
9063 index 171b687..1a4b7e8 100644
9064 --- a/mm/rmap.c
9065 @@ -119556,9 +120927,18 @@ index e3be1d2..254c555 100644
9066
9067 switch (ss->ss_family) {
9068 diff --git a/net/compat.c b/net/compat.c
9069 -index 5cfd26a..7e43828 100644
9070 +index 5cfd26a..3c50cb0 100644
9071 --- a/net/compat.c
9072 +++ b/net/compat.c
9073 +@@ -58,7 +58,7 @@ int get_compat_msghdr(struct msghdr *kmsg,
9074 +
9075 + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
9076 + kmsg->msg_namelen = sizeof(struct sockaddr_storage);
9077 +- kmsg->msg_control = compat_ptr(tmp3);
9078 ++ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
9079 +
9080 + if (save_addr)
9081 + *save_addr = compat_ptr(uaddr);
9082 @@ -98,20 +98,20 @@ int get_compat_msghdr(struct msghdr *kmsg,
9083
9084 #define CMSG_COMPAT_FIRSTHDR(msg) \
9085 @@ -120637,10 +122017,10 @@ index 2d9cb17..20ae904 100644
9086 #endif
9087 if (dflt != &ipv4_devconf_dflt)
9088 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
9089 -index 6bbc549..28d74951 100644
9090 +index d7116cf..a561739 100644
9091 --- a/net/ipv4/fib_frontend.c
9092 +++ b/net/ipv4/fib_frontend.c
9093 -@@ -1083,12 +1083,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
9094 +@@ -1084,12 +1084,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
9095 #ifdef CONFIG_IP_ROUTE_MULTIPATH
9096 fib_sync_up(dev, RTNH_F_DEAD);
9097 #endif
9098 @@ -120655,7 +122035,7 @@ index 6bbc549..28d74951 100644
9099 if (!ifa->ifa_dev->ifa_list) {
9100 /* Last address was deleted from this interface.
9101 * Disable IP.
9102 -@@ -1127,7 +1127,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
9103 +@@ -1128,7 +1128,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
9104 #ifdef CONFIG_IP_ROUTE_MULTIPATH
9105 fib_sync_up(dev, RTNH_F_DEAD);
9106 #endif
9107 @@ -120665,7 +122045,7 @@ index 6bbc549..28d74951 100644
9108 break;
9109 case NETDEV_DOWN:
9110 diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
9111 -index 3a06586..1020c5b 100644
9112 +index 71bad5c..114aaa3 100644
9113 --- a/net/ipv4/fib_semantics.c
9114 +++ b/net/ipv4/fib_semantics.c
9115 @@ -755,7 +755,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
9116 @@ -121320,7 +122700,7 @@ index e681b85..8a43a65 100644
9117 ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
9118 if (!ip_tstamps)
9119 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
9120 -index 0330ab2..4745d2c 100644
9121 +index a1442c5..73a63cd 100644
9122 --- a/net/ipv4/sysctl_net_ipv4.c
9123 +++ b/net/ipv4/sysctl_net_ipv4.c
9124 @@ -66,7 +66,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
9125 @@ -121715,6 +123095,19 @@ index 1b8c5ba..e1f0542 100644
9126 }
9127
9128 int udp4_seq_show(struct seq_file *seq, void *v)
9129 +diff --git a/net/ipv4/xfrm4_mode_transport.c b/net/ipv4/xfrm4_mode_transport.c
9130 +index fd840c7..b517627 100644
9131 +--- a/net/ipv4/xfrm4_mode_transport.c
9132 ++++ b/net/ipv4/xfrm4_mode_transport.c
9133 +@@ -18,7 +18,7 @@
9134 + * The IP header will be moved forward to make space for the encapsulation
9135 + * header.
9136 + */
9137 +-static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
9138 ++static int __intentional_overflow(0) xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
9139 + {
9140 + struct iphdr *iph = ip_hdr(skb);
9141 + int ihl = iph->ihl * 4;
9142 diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
9143 index bff6974..c63736c 100644
9144 --- a/net/ipv4/xfrm4_policy.c
9145 @@ -121769,7 +123162,7 @@ index bff6974..c63736c 100644
9146 return -ENOMEM;
9147 }
9148 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
9149 -index 21c2c81..373c1ba 100644
9150 +index c8c1fea..233a855 100644
9151 --- a/net/ipv6/addrconf.c
9152 +++ b/net/ipv6/addrconf.c
9153 @@ -178,7 +178,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
9154 @@ -121790,7 +123183,7 @@ index 21c2c81..373c1ba 100644
9155 .autoconf = 1,
9156 .force_mld_version = 0,
9157 .mldv1_unsolicited_report_interval = 10 * HZ,
9158 -@@ -620,7 +620,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
9159 +@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
9160 idx = 0;
9161 head = &net->dev_index_head[h];
9162 rcu_read_lock();
9163 @@ -121799,7 +123192,7 @@ index 21c2c81..373c1ba 100644
9164 net->dev_base_seq;
9165 hlist_for_each_entry_rcu(dev, head, index_hlist) {
9166 if (idx < s_idx)
9167 -@@ -2508,7 +2508,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
9168 +@@ -2509,7 +2509,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
9169 p.iph.ihl = 5;
9170 p.iph.protocol = IPPROTO_IPV6;
9171 p.iph.ttl = 64;
9172 @@ -121808,7 +123201,7 @@ index 21c2c81..373c1ba 100644
9173
9174 if (ops->ndo_do_ioctl) {
9175 mm_segment_t oldfs = get_fs();
9176 -@@ -3774,16 +3774,23 @@ static const struct file_operations if6_fops = {
9177 +@@ -3775,16 +3775,23 @@ static const struct file_operations if6_fops = {
9178 .release = seq_release_net,
9179 };
9180
9181 @@ -121833,7 +123226,7 @@ index 21c2c81..373c1ba 100644
9182 }
9183
9184 static struct pernet_operations if6_proc_net_ops = {
9185 -@@ -4402,7 +4409,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
9186 +@@ -4403,7 +4410,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
9187 s_ip_idx = ip_idx = cb->args[2];
9188
9189 rcu_read_lock();
9190 @@ -121842,7 +123235,7 @@ index 21c2c81..373c1ba 100644
9191 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
9192 idx = 0;
9193 head = &net->dev_index_head[h];
9194 -@@ -5059,7 +5066,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
9195 +@@ -5060,7 +5067,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
9196 rt_genid_bump_ipv6(net);
9197 break;
9198 }
9199 @@ -121851,7 +123244,7 @@ index 21c2c81..373c1ba 100644
9200 }
9201
9202 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
9203 -@@ -5079,7 +5086,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
9204 +@@ -5080,7 +5087,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
9205 int *valp = ctl->data;
9206 int val = *valp;
9207 loff_t pos = *ppos;
9208 @@ -121860,7 +123253,7 @@ index 21c2c81..373c1ba 100644
9209 int ret;
9210
9211 /*
9212 -@@ -5104,7 +5111,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
9213 +@@ -5105,7 +5112,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
9214 {
9215 struct inet6_dev *idev = ctl->extra1;
9216 int min_mtu = IPV6_MIN_MTU;
9217 @@ -121869,7 +123262,7 @@ index 21c2c81..373c1ba 100644
9218
9219 lctl = *ctl;
9220 lctl.extra1 = &min_mtu;
9221 -@@ -5179,7 +5186,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
9222 +@@ -5180,7 +5187,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
9223 int *valp = ctl->data;
9224 int val = *valp;
9225 loff_t pos = *ppos;
9226 @@ -121878,7 +123271,7 @@ index 21c2c81..373c1ba 100644
9227 int ret;
9228
9229 /*
9230 -@@ -5244,7 +5251,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
9231 +@@ -5245,7 +5252,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
9232 int err;
9233 struct in6_addr addr;
9234 char str[IPV6_MAX_STRLEN];
9235 @@ -122347,7 +123740,7 @@ index dd6ebba..69d56e8 100644
9236 table = kmemdup(ipv6_route_table_template,
9237 sizeof(ipv6_route_table_template),
9238 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
9239 -index ac35a28..070cc8c 100644
9240 +index 85c4b2f..4e2062f 100644
9241 --- a/net/ipv6/sit.c
9242 +++ b/net/ipv6/sit.c
9243 @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
9244 @@ -122359,7 +123752,7 @@ index ac35a28..070cc8c 100644
9245
9246 static int sit_net_id __read_mostly;
9247 struct sit_net {
9248 -@@ -1749,7 +1749,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
9249 +@@ -1735,7 +1735,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
9250 unregister_netdevice_queue(dev, head);
9251 }
9252
9253 @@ -122652,19 +124045,6 @@ index 683346d..cb0e12d 100644
9254 seq_printf(m, "Max data size: %d\n", self->max_data_size);
9255 seq_printf(m, "Max header size: %d\n", self->max_header_size);
9256
9257 -diff --git a/net/irda/irlmp.c b/net/irda/irlmp.c
9258 -index a26c401..4396459 100644
9259 ---- a/net/irda/irlmp.c
9260 -+++ b/net/irda/irlmp.c
9261 -@@ -1839,7 +1839,7 @@ static void *irlmp_seq_hb_idx(struct irlmp_iter_state *iter, loff_t *off)
9262 - for (element = hashbin_get_first(iter->hashbin);
9263 - element != NULL;
9264 - element = hashbin_get_next(iter->hashbin)) {
9265 -- if (!off || *off-- == 0) {
9266 -+ if (!off || (*off)-- == 0) {
9267 - /* NB: hashbin left locked */
9268 - return element;
9269 - }
9270 diff --git a/net/irda/irproc.c b/net/irda/irproc.c
9271 index b9ac598..f88cc56 100644
9272 --- a/net/irda/irproc.c
9273 @@ -123043,7 +124423,7 @@ index 666ddac..0cad93b 100644
9274 goto free;
9275
9276 diff --git a/net/mac80211/util.c b/net/mac80211/util.c
9277 -index 43e5aad..d117c3a 100644
9278 +index f5fa8c0..c24eae8 100644
9279 --- a/net/mac80211/util.c
9280 +++ b/net/mac80211/util.c
9281 @@ -1761,7 +1761,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
9282 @@ -123682,7 +125062,7 @@ index 11de55e..f25e448 100644
9283 return 0;
9284 }
9285 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
9286 -index a133d16..fafee70 100644
9287 +index 8b158f7..c43cfdb 100644
9288 --- a/net/netlink/af_netlink.c
9289 +++ b/net/netlink/af_netlink.c
9290 @@ -286,7 +286,7 @@ static void netlink_overrun(struct sock *sk)
9291 @@ -123779,7 +125159,7 @@ index bc85331..0d3dce0 100644
9292 /**
9293 * struct vport_portids - array of netlink portids of a vport.
9294 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
9295 -index 7851b12..b665c0c 100644
9296 +index 71cb085..89e2202 100644
9297 --- a/net/packet/af_packet.c
9298 +++ b/net/packet/af_packet.c
9299 @@ -277,7 +277,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
9300 @@ -123800,7 +125180,7 @@ index 7851b12..b665c0c 100644
9301 spin_unlock(&sk->sk_receive_queue.lock);
9302
9303 drop_n_restore:
9304 -@@ -3616,7 +3616,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
9305 +@@ -3634,7 +3634,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
9306 case PACKET_HDRLEN:
9307 if (len > sizeof(int))
9308 len = sizeof(int);
9309 @@ -123809,7 +125189,7 @@ index 7851b12..b665c0c 100644
9310 return -EFAULT;
9311 switch (val) {
9312 case TPACKET_V1:
9313 -@@ -3671,7 +3671,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
9314 +@@ -3689,7 +3689,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
9315 len = lv;
9316 if (put_user(len, optlen))
9317 return -EFAULT;
9318 @@ -128067,10 +129447,29 @@ index dec607c..2f291ad9 100644
9319 d_backing_inode(old_dentry)->i_mode
9320 };
9321 diff --git a/security/commoncap.c b/security/commoncap.c
9322 -index d103f5a4..3f7369a 100644
9323 +index d103f5a4..cedcad8 100644
9324 --- a/security/commoncap.c
9325 +++ b/security/commoncap.c
9326 -@@ -422,6 +422,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
9327 +@@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
9328 + {
9329 + int ret = 0;
9330 + const struct cred *cred, *child_cred;
9331 ++ const kernel_cap_t *caller_caps;
9332 +
9333 + rcu_read_lock();
9334 + cred = current_cred();
9335 + child_cred = __task_cred(child);
9336 ++ if (mode & PTRACE_MODE_FSCREDS)
9337 ++ caller_caps = &cred->cap_effective;
9338 ++ else
9339 ++ caller_caps = &cred->cap_permitted;
9340 + if (cred->user_ns == child_cred->user_ns &&
9341 +- cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
9342 ++ cap_issubset(child_cred->cap_permitted, *caller_caps))
9343 + goto out;
9344 + if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
9345 + goto out;
9346 +@@ -422,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
9347 return 0;
9348 }
9349
9350 @@ -128103,7 +129502,7 @@ index d103f5a4..3f7369a 100644
9351 /*
9352 * Attempt to get the on-exec apply capability sets for an executable file from
9353 * its xattrs and, if present, apply them to the proposed credentials being
9354 -@@ -586,6 +612,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
9355 +@@ -586,6 +617,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
9356 const struct cred *cred = current_cred();
9357 kuid_t root_uid = make_kuid(cred->user_ns, 0);
9358
9359 @@ -128173,6 +129572,29 @@ index 552705d..9920f4fb 100644
9360 key = ima_hash_key(entry->digest);
9361 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
9362 return 0;
9363 +diff --git a/security/keys/internal.h b/security/keys/internal.h
9364 +index 5105c2c..fd59e52 100644
9365 +--- a/security/keys/internal.h
9366 ++++ b/security/keys/internal.h
9367 +@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype);
9368 +
9369 + extern int __key_link_begin(struct key *keyring,
9370 + const struct keyring_index_key *index_key,
9371 +- struct assoc_array_edit **_edit);
9372 ++ struct assoc_array_edit **_edit)
9373 ++ __acquires(&keyring->sem)
9374 ++ __acquires(&keyring_serialise_link_sem);
9375 + extern int __key_link_check_live_key(struct key *keyring, struct key *key);
9376 + extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
9377 + extern void __key_link_end(struct key *keyring,
9378 + const struct keyring_index_key *index_key,
9379 +- struct assoc_array_edit *edit);
9380 ++ struct assoc_array_edit *edit)
9381 ++ __releases(&keyring->sem)
9382 ++ __releases(&keyring_serialise_link_sem);
9383 +
9384 + extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
9385 + const struct keyring_index_key *index_key);
9386 diff --git a/security/keys/key.c b/security/keys/key.c
9387 index aee2ec5..c276071 100644
9388 --- a/security/keys/key.c
9389 @@ -128230,6 +129652,28 @@ index aee2ec5..c276071 100644
9390
9391 /* record the root user tracking */
9392 rb_link_node(&root_key_user.node,
9393 +diff --git a/security/keys/keyring.c b/security/keys/keyring.c
9394 +index d334370..b03e5a8 100644
9395 +--- a/security/keys/keyring.c
9396 ++++ b/security/keys/keyring.c
9397 +@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
9398 + int __key_link_begin(struct key *keyring,
9399 + const struct keyring_index_key *index_key,
9400 + struct assoc_array_edit **_edit)
9401 +- __acquires(&keyring->sem)
9402 +- __acquires(&keyring_serialise_link_sem)
9403 + {
9404 + struct assoc_array_edit *edit;
9405 + int ret;
9406 +@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit)
9407 + void __key_link_end(struct key *keyring,
9408 + const struct keyring_index_key *index_key,
9409 + struct assoc_array_edit *edit)
9410 +- __releases(&keyring->sem)
9411 +- __releases(&keyring_serialise_link_sem)
9412 + {
9413 + BUG_ON(index_key->type == NULL);
9414 + kenter("%d,%s,", keyring->serial, index_key->type->name);
9415 diff --git a/security/keys/request_key.c b/security/keys/request_key.c
9416 index 486ef6f..0d62531 100644
9417 --- a/security/keys/request_key.c
9418 @@ -128308,6 +129752,26 @@ index 1450f85..a91e0bc 100644
9419 rt_genid_bump_all(net);
9420 }
9421 rtnl_unlock();
9422 +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
9423 +index a143328..0c29901 100644
9424 +--- a/security/smack/smack_lsm.c
9425 ++++ b/security/smack/smack_lsm.c
9426 +@@ -358,12 +358,10 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
9427 + */
9428 + static inline unsigned int smk_ptrace_mode(unsigned int mode)
9429 + {
9430 +- switch (mode) {
9431 +- case PTRACE_MODE_READ:
9432 +- return MAY_READ;
9433 +- case PTRACE_MODE_ATTACH:
9434 ++ if (mode & PTRACE_MODE_ATTACH)
9435 + return MAY_READWRITE;
9436 +- }
9437 ++ if (mode & PTRACE_MODE_READ)
9438 ++ return MAY_READ;
9439 +
9440 + return 0;
9441 + }
9442 diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
9443 index 2367b10..a0c3c51 100644
9444 --- a/security/tomoyo/file.c
9445 @@ -128467,9 +129931,27 @@ index 3123e1d..951f48d 100644
9446 help
9447 This selects Yama, which extends DAC support with additional
9448 diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
9449 -index 5ebb896..68147a2 100644
9450 +index 5ebb896..6da9ba8 100644
9451 --- a/security/yama/yama_lsm.c
9452 +++ b/security/yama/yama_lsm.c
9453 +@@ -281,7 +281,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
9454 + int rc = 0;
9455 +
9456 + /* require ptrace target be a child of ptracer on attach */
9457 +- if (mode == PTRACE_MODE_ATTACH) {
9458 ++ if (mode & PTRACE_MODE_ATTACH) {
9459 + switch (ptrace_scope) {
9460 + case YAMA_SCOPE_DISABLED:
9461 + /* No additional restrictions. */
9462 +@@ -307,7 +307,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
9463 + }
9464 + }
9465 +
9466 +- if (rc) {
9467 ++ if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) {
9468 + printk_ratelimited(KERN_NOTICE
9469 + "ptrace of pid %d was attempted by: %s (pid %d)\n",
9470 + child->pid, current->comm, current->pid);
9471 @@ -362,7 +362,7 @@ void __init yama_add_hooks(void)
9472 static int yama_dointvec_minmax(struct ctl_table *table, int write,
9473 void __user *buffer, size_t *lenp, loff_t *ppos)
9474 @@ -128629,6 +130111,88 @@ index 75888dd..c940854 100644
9475 break;
9476 default:
9477 result = -EINVAL;
9478 +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
9479 +index b64f20d..aff6c32 100644
9480 +--- a/sound/core/seq/seq_clientmgr.c
9481 ++++ b/sound/core/seq/seq_clientmgr.c
9482 +@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count,
9483 + count -= sizeof(struct snd_seq_event);
9484 + buf += sizeof(struct snd_seq_event);
9485 + err = snd_seq_expand_var_event(&cell->event, count,
9486 +- (char __force *)buf, 0,
9487 ++ (char __force_kernel *)buf, 0,
9488 + sizeof(struct snd_seq_event));
9489 + if (err < 0)
9490 + break;
9491 +@@ -1059,13 +1059,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
9492 + }
9493 + /* set user space pointer */
9494 + event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR;
9495 +- event.data.ext.ptr = (char __force *)buf
9496 ++ event.data.ext.ptr = (char __force_kernel *)buf
9497 + + sizeof(struct snd_seq_event);
9498 + len += extlen; /* increment data length */
9499 + } else {
9500 + #ifdef CONFIG_COMPAT
9501 + if (client->convert32 && snd_seq_ev_is_varusr(&event)) {
9502 +- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]);
9503 ++ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]);
9504 + event.data.ext.ptr = ptr;
9505 + }
9506 + #endif
9507 +@@ -2420,7 +2420,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg)
9508 + if (client == NULL)
9509 + return -ENXIO;
9510 + fs = snd_enter_user();
9511 +- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg);
9512 ++ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg);
9513 + snd_leave_user(fs);
9514 + return result;
9515 + }
9516 +diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c
9517 +index 81f7c10..296bd6fd 100644
9518 +--- a/sound/core/seq/seq_compat.c
9519 ++++ b/sound/core/seq/seq_compat.c
9520 +@@ -59,7 +59,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned
9521 + data->kernel = NULL;
9522 +
9523 + fs = snd_enter_user();
9524 +- err = snd_seq_do_ioctl(client, cmd, data);
9525 ++ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data);
9526 + snd_leave_user(fs);
9527 + if (err < 0)
9528 + goto error;
9529 +diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
9530 +index 8010766..4bd361f 100644
9531 +--- a/sound/core/seq/seq_memory.c
9532 ++++ b/sound/core/seq/seq_memory.c
9533 +@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event,
9534 +
9535 + if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
9536 + char buf[32];
9537 +- char __user *curptr = (char __force __user *)event->data.ext.ptr;
9538 ++ char __user *curptr = (char __force_user *)event->data.ext.ptr;
9539 + while (len > 0) {
9540 + int size = sizeof(buf);
9541 + if (len < size)
9542 +@@ -158,7 +158,7 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char
9543 + if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
9544 + if (! in_kernel)
9545 + return -EINVAL;
9546 +- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len))
9547 ++ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len))
9548 + return -EFAULT;
9549 + return newlen;
9550 + }
9551 +@@ -344,7 +344,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event,
9552 + tmp->event = src->event;
9553 + src = src->next;
9554 + } else if (is_usrptr) {
9555 +- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) {
9556 ++ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) {
9557 + err = -EFAULT;
9558 + goto __error;
9559 + }
9560 diff --git a/sound/core/sound.c b/sound/core/sound.c
9561 index 175f9e4..3518d31 100644
9562 --- a/sound/core/sound.c
9563 @@ -129251,12 +130815,12 @@ index 0000000..4945d82
9564 +targets += randomize_layout_seed.h randomize_layout_hash.h
9565 diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
9566 new file mode 100644
9567 -index 0000000..5452feea
9568 +index 0000000..1264799f
9569 --- /dev/null
9570 +++ b/tools/gcc/checker_plugin.c
9571 -@@ -0,0 +1,150 @@
9572 +@@ -0,0 +1,549 @@
9573 +/*
9574 -+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu>
9575 ++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu>
9576 + * Licensed under the GPL v2
9577 + *
9578 + * Note: the choice of the license means that the compilation process is
9579 @@ -129285,8 +130849,9 @@ index 0000000..5452feea
9580 +int plugin_is_GPL_compatible;
9581 +
9582 +static struct plugin_info checker_plugin_info = {
9583 -+ .version = "201304082245",
9584 -+ .help = NULL,
9585 ++ .version = "201512100145",
9586 ++ .help = "user\tturn on user/kernel address space checking\n"
9587 ++ "context\tturn on locking context checking\n"
9588 +};
9589 +
9590 +#define ADDR_SPACE_KERNEL 0
9591 @@ -129381,12 +130946,395 @@ index 0000000..5452feea
9592 + targetm.addr_space.convert = checker_addr_space_convert;
9593 +}
9594 +
9595 ++static bool split_context_attribute(tree args, tree *lock, tree *in, tree *out)
9596 ++{
9597 ++ *in = TREE_VALUE(args);
9598 ++
9599 ++ if (TREE_CODE(*in) != INTEGER_CST) {
9600 ++ *lock = *in;
9601 ++ args = TREE_CHAIN(args);
9602 ++ *in = TREE_VALUE(args);
9603 ++ } else
9604 ++ *lock = NULL_TREE;
9605 ++
9606 ++ args = TREE_CHAIN(args);
9607 ++ if (*lock && !args)
9608 ++ return false;
9609 ++
9610 ++ *out = TREE_VALUE(args);
9611 ++ return true;
9612 ++}
9613 ++
9614 ++static tree handle_context_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
9615 ++{
9616 ++ *no_add_attrs = true;
9617 ++ tree lock, in, out;
9618 ++
9619 ++ if (TREE_CODE(*node) != FUNCTION_DECL) {
9620 ++ error("%qE attribute applies to functions only (%qD)", name, *node);
9621 ++ return NULL_TREE;
9622 ++ }
9623 ++
9624 ++ if (!split_context_attribute(args, &lock, &in, &out)) {
9625 ++ error("%qE attribute needs two integers after the lock expression", name);
9626 ++ return NULL_TREE;
9627 ++ }
9628 ++
9629 ++ if (TREE_CODE(in) != INTEGER_CST) {
9630 ++ error("the 'in' argument of the %qE attribute must be an integer (%qE)", name, in);
9631 ++ return NULL_TREE;
9632 ++ }
9633 ++
9634 ++ if (TREE_CODE(out) != INTEGER_CST) {
9635 ++ error("the 'out' argument of the %qE attribute must be an integer (%qE)", name, out);
9636 ++ return NULL_TREE;
9637 ++ }
9638 ++
9639 ++ *no_add_attrs = false;
9640 ++ return NULL_TREE;
9641 ++}
9642 ++
9643 ++static struct attribute_spec context_attr = {
9644 ++ .name = "context",
9645 ++ .min_length = 2,
9646 ++ .max_length = 3,
9647 ++ .decl_required = true,
9648 ++ .type_required = false,
9649 ++ .function_type_required = false,
9650 ++ .handler = handle_context_attribute,
9651 ++#if BUILDING_GCC_VERSION >= 4007
9652 ++ .affects_type_identity = true
9653 ++#endif
9654 ++};
9655 ++
9656 ++static void register_attributes(void *event_data, void *data)
9657 ++{
9658 ++ register_attribute(&context_attr);
9659 ++}
9660 ++
9661 ++static const char context_function[] = "__context__";
9662 ++static GTY(()) tree context_function_decl;
9663 ++
9664 ++static const char context_error[] = "__context_error__";
9665 ++static GTY(()) tree context_error_decl;
9666 ++
9667 ++static void context_start_unit(void __unused *gcc_data, void __unused *user_data)
9668 ++{
9669 ++ tree fntype, attr;
9670 ++
9671 ++ // void __context__(void *, int);
9672 ++ fntype = build_function_type_list(void_type_node, ptr_type_node, integer_type_node, NULL_TREE);
9673 ++ context_function_decl = build_fn_decl(context_function, fntype);
9674 ++
9675 ++ TREE_PUBLIC(context_function_decl) = 1;
9676 ++ TREE_USED(context_function_decl) = 1;
9677 ++ DECL_EXTERNAL(context_function_decl) = 1;
9678 ++ DECL_ARTIFICIAL(context_function_decl) = 1;
9679 ++ DECL_PRESERVE_P(context_function_decl) = 1;
9680 ++// TREE_NOTHROW(context_function_decl) = 1;
9681 ++// DECL_UNINLINABLE(context_function_decl) = 1;
9682 ++ DECL_ASSEMBLER_NAME(context_function_decl); // for LTO
9683 ++ lang_hooks.decls.pushdecl(context_function_decl);
9684 ++
9685 ++ // void __context_error__(const void *, int) __attribute__((error("context error")));
9686 ++ fntype = build_function_type_list(void_type_node, const_ptr_type_node, integer_type_node, NULL_TREE);
9687 ++ context_error_decl = build_fn_decl(context_error, fntype);
9688 ++
9689 ++ TREE_PUBLIC(context_error_decl) = 1;
9690 ++ TREE_USED(context_error_decl) = 1;
9691 ++ DECL_EXTERNAL(context_error_decl) = 1;
9692 ++ DECL_ARTIFICIAL(context_error_decl) = 1;
9693 ++ DECL_PRESERVE_P(context_error_decl) = 1;
9694 ++// TREE_NOTHROW(context_error_decl) = 1;
9695 ++// DECL_UNINLINABLE(context_error_decl) = 1;
9696 ++ TREE_THIS_VOLATILE(context_error_decl) = 1;
9697 ++ DECL_ASSEMBLER_NAME(context_error_decl);
9698 ++
9699 ++ attr = tree_cons(NULL, build_string(14, "context error"), NULL);
9700 ++ attr = tree_cons(get_identifier("error"), attr, NULL);
9701 ++ decl_attributes(&context_error_decl, attr, 0);
9702 ++}
9703 ++
9704 ++static bool gate_context(void)
9705 ++{
9706 ++ tree context_attr;
9707 ++
9708 ++return true;
9709 ++
9710 ++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(current_function_decl));
9711 ++ return context_attr != NULL_TREE;
9712 ++}
9713 ++
9714 ++static basic_block verify_context_before(gimple_stmt_iterator *gsi, tree context, tree inout, tree error)
9715 ++{
9716 ++ gimple stmt;
9717 ++ basic_block cond_bb, join_bb, true_bb;
9718 ++ edge e;
9719 ++ location_t loc;
9720 ++ const char *file;
9721 ++ int line;
9722 ++ size_t len;
9723 ++ tree filename;
9724 ++
9725 ++ stmt = gsi_stmt(*gsi);
9726 ++ if (gimple_has_location(stmt)) {
9727 ++ loc = gimple_location(stmt);
9728 ++ file = gimple_filename(stmt);
9729 ++ line = gimple_lineno(stmt);
9730 ++ } else {
9731 ++ loc = DECL_SOURCE_LOCATION(current_function_decl);
9732 ++ file = DECL_SOURCE_FILE(current_function_decl);
9733 ++ line = DECL_SOURCE_LINE(current_function_decl);
9734 ++ }
9735 ++ gcc_assert(file);
9736 ++
9737 ++ // if (context != count) __context_error__(__FILE__, __LINE__);
9738 ++ stmt = gimple_build_cond(NE_EXPR, context, inout, NULL_TREE, NULL_TREE);
9739 ++ gimple_set_location(stmt, loc);
9740 ++ gsi_insert_before(gsi, stmt, GSI_NEW_STMT);
9741 ++
9742 ++ cond_bb = gsi_bb(*gsi);
9743 ++ gcc_assert(!gsi_end_p(*gsi));
9744 ++ gcc_assert(stmt == gsi_stmt(*gsi));
9745 ++
9746 ++ e = split_block(cond_bb, gsi_stmt(*gsi));
9747 ++ cond_bb = e->src;
9748 ++ join_bb = e->dest;
9749 ++ e->flags = EDGE_FALSE_VALUE;
9750 ++ e->probability = REG_BR_PROB_BASE;
9751 ++
9752 ++ true_bb = create_empty_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb);
9753 ++ make_edge(cond_bb, true_bb, EDGE_TRUE_VALUE);
9754 ++ make_edge(true_bb, join_bb, EDGE_FALLTHRU);
9755 ++
9756 ++ set_immediate_dominator(CDI_DOMINATORS, true_bb, cond_bb);
9757 ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
9758 ++
9759 ++ gcc_assert(cond_bb->loop_father == join_bb->loop_father);
9760 ++ add_bb_to_loop(true_bb, cond_bb->loop_father);
9761 ++
9762 ++ // insert call to builtin_trap or __context_error__
9763 ++ *gsi = gsi_start_bb(true_bb);
9764 ++
9765 ++// stmt = gimple_build_call(builtin_decl_implicit(BUILT_IN_TRAP), 0);
9766 ++ len = strlen(file) + 1;
9767 ++ filename = build_string(len, file);
9768 ++ TREE_TYPE(filename) = build_array_type(unsigned_char_type_node, build_index_type(size_int(len)));
9769 ++ filename = build1(ADDR_EXPR, const_ptr_type_node, filename);
9770 ++ stmt = gimple_build_call(error, 2, filename, build_int_cst(NULL_TREE, line));
9771 ++ gimple_set_location(stmt, loc);
9772 ++ gsi_insert_after(gsi, stmt, GSI_CONTINUE_LINKING);
9773 ++
9774 ++ *gsi = gsi_start_nondebug_bb(join_bb);
9775 ++ return join_bb;
9776 ++}
9777 ++
9778 ++static void update_context(gimple_stmt_iterator *gsi, tree context, int diff)
9779 ++{
9780 ++ gimple assign;
9781 ++ tree op;
9782 ++
9783 ++ op = fold_build2_loc(UNKNOWN_LOCATION, PLUS_EXPR, integer_type_node, context, build_int_cst(integer_type_node, diff));
9784 ++ assign = gimple_build_assign(context, op);
9785 ++ gsi_insert_after(gsi, assign, GSI_NEW_STMT);
9786 ++ update_stmt(assign);
9787 ++}
9788 ++
9789 ++static basic_block track_context(basic_block bb, tree context)
9790 ++{
9791 ++ gimple_stmt_iterator gsi;
9792 ++ gimple assign;
9793 ++
9794 ++ // adjust context according to the context information on any call stmt
9795 ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
9796 ++ gimple stmt = gsi_stmt(gsi);
9797 ++ tree fndecl, context_attr;
9798 ++ tree lock, in, out;
9799 ++ int incount, outcount;
9800 ++
9801 ++ if (!is_gimple_call(stmt))
9802 ++ continue;
9803 ++
9804 ++ fndecl = gimple_call_fndecl(stmt);
9805 ++ if (!fndecl)
9806 ++ continue;
9807 ++
9808 ++ if (fndecl == context_function_decl) {
9809 ++ unsigned int num_ops = gimple_num_ops(stmt);
9810 ++ int diff = tree_to_shwi(gimple_op(stmt, num_ops - 1));
9811 ++
9812 ++ gcc_assert(diff);
9813 ++ update_context(&gsi, context, diff);
9814 ++ continue;
9815 ++ }
9816 ++
9817 ++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(fndecl));
9818 ++ if (!context_attr)
9819 ++ continue;
9820 ++
9821 ++ gcc_assert(split_context_attribute(TREE_VALUE(context_attr), &lock, &in, &out));
9822 ++ incount = tree_to_shwi(in);
9823 ++ outcount = tree_to_shwi(out);
9824 ++ bb = verify_context_before(&gsi, context, in, context_error_decl);
9825 ++ update_context(&gsi, context, outcount - incount);
9826 ++ }
9827 ++
9828 ++ return bb;
9829 ++}
9830 ++
9831 ++static bool bb_any_loop(basic_block bb)
9832 ++{
9833 ++ return bb_loop_depth(bb) || (bb->flags & BB_IRREDUCIBLE_LOOP);
9834 ++}
9835 ++
9836 ++static unsigned int execute_context(void)
9837 ++{
9838 ++ basic_block bb;
9839 ++ gimple assign;
9840 ++ gimple_stmt_iterator gsi;
9841 ++ tree context_attr, context;
9842 ++ tree lock, in, out;
9843 ++
9844 ++ loop_optimizer_init(LOOPS_NORMAL | LOOPS_HAVE_RECORDED_EXITS);
9845 ++ gcc_assert(current_loops);
9846 ++
9847 ++ calculate_dominance_info(CDI_DOMINATORS);
9848 ++ calculate_dominance_info(CDI_POST_DOMINATORS);
9849 ++
9850 ++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(current_function_decl));
9851 ++ if (context_attr) {
9852 ++ gcc_assert(split_context_attribute(TREE_VALUE(context_attr), &lock, &in, &out));
9853 ++ } else {
9854 ++ in = out = integer_zero_node;
9855 ++ }
9856 ++
9857 ++ // 1. create local context variable
9858 ++ context = create_tmp_var(integer_type_node, "context");
9859 ++ add_referenced_var(context);
9860 ++ mark_sym_for_renaming(context);
9861 ++
9862 ++ // 2. initialize local context variable
9863 ++ gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
9864 ++ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
9865 ++ if (!single_pred_p(bb)) {
9866 ++ gcc_assert(bb_any_loop(bb));
9867 ++ split_edge(single_succ_edge(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
9868 ++ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
9869 ++ }
9870 ++ gsi = gsi_start_bb(bb);
9871 ++ assign = gimple_build_assign(context, in);
9872 ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
9873 ++ update_stmt(assign);
9874 ++
9875 ++ // 3. instrument each BB to track the local context variable
9876 ++ FOR_EACH_BB_FN(bb, cfun) {
9877 ++ bb = track_context(bb, context);
9878 ++ }
9879 ++
9880 ++ // 4. verify the local context variable against the expected state
9881 ++ if (EDGE_COUNT(EXIT_BLOCK_PTR_FOR_FN(cfun)->preds)) {
9882 ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
9883 ++ gsi = gsi_last_nondebug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
9884 ++ verify_context_before(&gsi, context, out, context_error_decl);
9885 ++ }
9886 ++
9887 ++ free_dominance_info(CDI_DOMINATORS);
9888 ++ free_dominance_info(CDI_POST_DOMINATORS);
9889 ++ loop_optimizer_finalize();
9890 ++ return 0;
9891 ++}
9892 ++
9893 ++#if BUILDING_GCC_VERSION >= 4009
9894 ++namespace {
9895 ++static const struct pass_data context_pass_data = {
9896 ++#else
9897 ++static struct gimple_opt_pass context_pass = {
9898 ++ .pass = {
9899 ++#endif
9900 ++ .type = GIMPLE_PASS,
9901 ++ .name = "context",
9902 ++#if BUILDING_GCC_VERSION >= 4008
9903 ++ .optinfo_flags = OPTGROUP_NONE,
9904 ++#endif
9905 ++#if BUILDING_GCC_VERSION >= 5000
9906 ++#elif BUILDING_GCC_VERSION == 4009
9907 ++ .has_gate = true,
9908 ++ .has_execute = true,
9909 ++#else
9910 ++ .gate = gate_context,
9911 ++ .execute = execute_context,
9912 ++ .sub = NULL,
9913 ++ .next = NULL,
9914 ++ .static_pass_number = 0,
9915 ++#endif
9916 ++ .tv_id = TV_NONE,
9917 ++ .properties_required = PROP_gimple_leh | PROP_cfg,
9918 ++ .properties_provided = 0,
9919 ++ .properties_destroyed = 0,
9920 ++ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
9921 ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_verify_flow | TODO_update_ssa
9922 ++#if BUILDING_GCC_VERSION < 4009
9923 ++ }
9924 ++#endif
9925 ++};
9926 ++
9927 ++#if BUILDING_GCC_VERSION >= 4009
9928 ++class context_pass : public gimple_opt_pass {
9929 ++public:
9930 ++ context_pass() : gimple_opt_pass(context_pass_data, g) {}
9931 ++#if BUILDING_GCC_VERSION >= 5000
9932 ++ virtual bool gate(function *) { return gate_context(); }
9933 ++ virtual unsigned int execute(function *) { return execute_context(); }
9934 ++#else
9935 ++ bool gate() { return gate_context(); }
9936 ++ unsigned int execute() { return execute_context(); }
9937 ++#endif
9938 ++};
9939 ++}
9940 ++
9941 ++static opt_pass *make_context_pass(void)
9942 ++{
9943 ++ return new context_pass();
9944 ++}
9945 ++#else
9946 ++static struct opt_pass *make_context_pass(void)
9947 ++{
9948 ++ return &context_pass.pass;
9949 ++}
9950 ++#endif
9951 ++
9952 +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
9953 +{
9954 + const char * const plugin_name = plugin_info->base_name;
9955 + const int argc = plugin_info->argc;
9956 + const struct plugin_argument * const argv = plugin_info->argv;
9957 + int i;
9958 ++ bool enable_user, enable_context;
9959 ++ struct register_pass_info context_pass_info;
9960 ++
9961 ++ static const struct ggc_root_tab gt_ggc_r_gt_checker[] = {
9962 ++ {
9963 ++ .base = &context_function_decl,
9964 ++ .nelt = 1,
9965 ++ .stride = sizeof(context_function_decl),
9966 ++ .cb = &gt_ggc_mx_tree_node,
9967 ++ .pchw = &gt_pch_nx_tree_node
9968 ++ },
9969 ++ {
9970 ++ .base = &context_error_decl,
9971 ++ .nelt = 1,
9972 ++ .stride = sizeof(context_error_decl),
9973 ++ .cb = &gt_ggc_mx_tree_node,
9974 ++ .pchw = &gt_pch_nx_tree_node
9975 ++ },
9976 ++ LAST_GGC_ROOT_TAB
9977 ++ };
9978 ++
9979 ++ context_pass_info.pass = make_context_pass();
9980 ++// context_pass_info.reference_pass_name = "ssa";
9981 ++ context_pass_info.reference_pass_name = "phiprop";
9982 ++ context_pass_info.ref_pass_instance_number = 1;
9983 ++ context_pass_info.pos_op = PASS_POS_INSERT_AFTER;
9984 +
9985 + if (!plugin_default_version_check(version, &gcc_version)) {
9986 + error(G_("incompatible gcc/plugin versions"));
9987 @@ -129395,13 +131343,28 @@ index 0000000..5452feea
9988 +
9989 + register_callback(plugin_name, PLUGIN_INFO, NULL, &checker_plugin_info);
9990 +
9991 -+ for (i = 0; i < argc; ++i)
9992 ++ enable_user = false;
9993 ++ enable_context = false;
9994 ++ for (i = 0; i < argc; ++i) {
9995 ++ if (!strcmp(argv[i].key, "user")) {
9996 ++ enable_user = true;
9997 ++ continue;
9998 ++ }
9999 ++ if (!strcmp(argv[i].key, "context")) {
10000 ++ enable_context = true;
10001 ++ continue;
10002 ++ }
10003 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
10004 ++ }
10005 +
10006 -+ if (TARGET_64BIT == 0)
10007 -+ return 0;
10008 -+
10009 -+ register_callback(plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL);
10010 ++ if (enable_user)
10011 ++ register_callback(plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL);
10012 ++ if (enable_context) {
10013 ++ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
10014 ++ register_callback(plugin_name, PLUGIN_START_UNIT, context_start_unit, NULL);
10015 ++ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)&gt_ggc_r_gt_checker);
10016 ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &context_pass_info);
10017 ++ }
10018 +
10019 + return 0;
10020 +}
10021 @@ -130205,10 +132168,10 @@ index 0000000..0b98f34
10022 +}
10023 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
10024 new file mode 100644
10025 -index 0000000..2ec0551
10026 +index 0000000..9d33451
10027 --- /dev/null
10028 +++ b/tools/gcc/gcc-common.h
10029 -@@ -0,0 +1,812 @@
10030 +@@ -0,0 +1,813 @@
10031 +#ifndef GCC_COMMON_H_INCLUDED
10032 +#define GCC_COMMON_H_INCLUDED
10033 +
10034 @@ -130308,6 +132271,7 @@ index 0000000..2ec0551
10035 +#include "ipa-utils.h"
10036 +
10037 +#if BUILDING_GCC_VERSION >= 4009
10038 ++#include "attribs.h"
10039 +#include "varasm.h"
10040 +#include "stor-layout.h"
10041 +#include "internal-fn.h"
10042 @@ -131037,10 +133001,10 @@ index 0000000..7514850
10043 +fi
10044 diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c
10045 new file mode 100644
10046 -index 0000000..39c0731
10047 +index 0000000..a9d491f
10048 --- /dev/null
10049 +++ b/tools/gcc/initify_plugin.c
10050 -@@ -0,0 +1,552 @@
10051 +@@ -0,0 +1,581 @@
10052 +/*
10053 + * Copyright 2011-2015 by Emese Revfy <re.emese@×××××.com>
10054 + * Licensed under the GPL v2, or (at your option) v3
10055 @@ -131061,7 +133025,7 @@ index 0000000..39c0731
10056 +int plugin_is_GPL_compatible;
10057 +
10058 +static struct plugin_info initify_plugin_info = {
10059 -+ .version = "20151128",
10060 ++ .version = "20151209",
10061 + .help = "initify_plugin\n",
10062 +};
10063 +
10064 @@ -131250,7 +133214,7 @@ index 0000000..39c0731
10065 + tree decl, offset;
10066 + HOST_WIDE_INT bitsize, bitpos;
10067 + enum machine_mode mode;
10068 -+ int unsignedp, reversep, volatilep;
10069 ++ int unsignedp, reversep __unused, volatilep;
10070 + enum tree_code code = TREE_CODE(op);
10071 +
10072 + if (TREE_CODE_CLASS(code) == tcc_exceptional && code != SSA_NAME)
10073 @@ -131343,10 +133307,39 @@ index 0000000..39c0731
10074 + return false;
10075 +}
10076 +
10077 ++static bool is_in_capture_init(const_tree vardecl)
10078 ++{
10079 ++ unsigned int i;
10080 ++ tree var;
10081 ++
10082 ++ FOR_EACH_LOCAL_DECL(cfun, i, var) {
10083 ++ unsigned HOST_WIDE_INT cnt;
10084 ++ tree index __unused, value;
10085 ++ const_tree initial = DECL_INITIAL(var);
10086 ++
10087 ++ if (initial == NULL_TREE)
10088 ++ continue;
10089 ++ if (TREE_CODE(initial) != CONSTRUCTOR)
10090 ++ continue;
10091 ++
10092 ++ FOR_EACH_CONSTRUCTOR_ELT(CONSTRUCTOR_ELTS(initial), cnt, index, value) {
10093 ++ if (TREE_CODE(value) != ADDR_EXPR)
10094 ++ continue;
10095 ++ if (TREE_OPERAND(value, 0) == vardecl)
10096 ++ return true;
10097 ++ }
10098 ++ }
10099 ++
10100 ++ return false;
10101 ++}
10102 ++
10103 +static bool has_capture_use_local_var(const_tree vardecl)
10104 +{
10105 + basic_block bb;
10106 +
10107 ++ if (is_in_capture_init(vardecl))
10108 ++ return true;
10109 ++
10110 + FOR_EACH_BB_FN(bb, cfun) {
10111 + gimple_stmt_iterator gsi;
10112 +
10113 @@ -133799,10 +135792,10 @@ index 0000000..f74d85a
10114 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
10115 diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
10116 new file mode 100644
10117 -index 0000000..07f2628
10118 +index 0000000..8b72888
10119 --- /dev/null
10120 +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
10121 -@@ -0,0 +1,12424 @@
10122 +@@ -0,0 +1,12425 @@
10123 +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
10124 +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
10125 +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
10126 @@ -146227,6 +148220,7 @@ index 0000000..07f2628
10127 +enable_so_i_size_high_ext4_inode_18545 i_size_high ext4_inode 0 18545 NULL
10128 +enable_so_nr_kvm_queued_interrupt_34927 nr kvm_queued_interrupt 0 34927 NULL
10129 +enable_so_last_used_idx_vhost_virtqueue_40059 last_used_idx vhost_virtqueue 0 40059 NULL
10130 ++enable_so___load_segment_descriptor_fndecl_30833 __load_segment_descriptor fndecl 2-4 30833 NULL
10131 diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
10132 new file mode 100644
10133 index 0000000..be9724d
10134 @@ -148470,7 +150464,7 @@ index 0000000..fc58e16
10135 +}
10136 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
10137 new file mode 100644
10138 -index 0000000..a907202
10139 +index 0000000..509d3f8
10140 --- /dev/null
10141 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
10142 @@ -0,0 +1,20733 @@
10143 @@ -149604,7 +151598,8 @@ index 0000000..a907202
10144 +enable_so_bytes_btrfs_dio_private_3624 bytes btrfs_dio_private 0 3624 &enable_so_ns_blocksize_the_nilfs_3624 nohasharray
10145 +enable_so_do_msg_fill_fndecl_3624 do_msg_fill fndecl 3 3624 &enable_so_bytes_btrfs_dio_private_3624
10146 +enable_so_offline_pages_fndecl_3625 offline_pages fndecl 1-2 3625 NULL
10147 -+enable_so_tail_timestamp_event_queue_3626 tail timestamp_event_queue 0 3626 NULL
10148 ++enable_so_tail_timestamp_event_queue_3626 tail timestamp_event_queue 0 3626 NULL nohasharray
10149 ++enable_so_length_pseudo_hdr_3626 length pseudo_hdr 0 3626 &enable_so_tail_timestamp_event_queue_3626
10150 +enable_so_add_res_range_fndecl_3629 add_res_range fndecl 4 3629 NULL
10151 +enable_so_cbuf_eat_fndecl_3631 cbuf_eat fndecl 2 3631 NULL
10152 +enable_so_vmci_transport_queue_pair_alloc_fndecl_3639 vmci_transport_queue_pair_alloc fndecl 4-3 3639 NULL nohasharray
10153 @@ -158206,7 +160201,6 @@ index 0000000..a907202
10154 +enable_so_shmem_write_begin_fndecl_30822 shmem_write_begin fndecl 3 30822 NULL
10155 +enable_so_report_count_hid_field_30826 report_count hid_field 0 30826 NULL
10156 +enable_so_s_root_blkno_ocfs2_super_block_30828 s_root_blkno ocfs2_super_block 0 30828 NULL
10157 -+enable_so___load_segment_descriptor_fndecl_30833 __load_segment_descriptor fndecl 2-4 30833 NULL
10158 +enable_so_add_memory_fndecl_30836 add_memory fndecl 3-2 30836 NULL
10159 +enable_so_f2fs_read_data_pages_fndecl_30837 f2fs_read_data_pages fndecl 4 30837 NULL
10160 +enable_so_shadow_root_level_kvm_mmu_30842 shadow_root_level kvm_mmu 0 30842 NULL
10161
10162 diff --git a/4.2.6/4425_grsec_remove_EI_PAX.patch b/4.2.7/4425_grsec_remove_EI_PAX.patch
10163 similarity index 100%
10164 rename from 4.2.6/4425_grsec_remove_EI_PAX.patch
10165 rename to 4.2.7/4425_grsec_remove_EI_PAX.patch
10166
10167 diff --git a/4.2.6/4427_force_XATTR_PAX_tmpfs.patch b/4.2.7/4427_force_XATTR_PAX_tmpfs.patch
10168 similarity index 100%
10169 rename from 4.2.6/4427_force_XATTR_PAX_tmpfs.patch
10170 rename to 4.2.7/4427_force_XATTR_PAX_tmpfs.patch
10171
10172 diff --git a/4.2.6/4430_grsec-remove-localversion-grsec.patch b/4.2.7/4430_grsec-remove-localversion-grsec.patch
10173 similarity index 100%
10174 rename from 4.2.6/4430_grsec-remove-localversion-grsec.patch
10175 rename to 4.2.7/4430_grsec-remove-localversion-grsec.patch
10176
10177 diff --git a/4.2.6/4435_grsec-mute-warnings.patch b/4.2.7/4435_grsec-mute-warnings.patch
10178 similarity index 100%
10179 rename from 4.2.6/4435_grsec-mute-warnings.patch
10180 rename to 4.2.7/4435_grsec-mute-warnings.patch
10181
10182 diff --git a/4.2.6/4440_grsec-remove-protected-paths.patch b/4.2.7/4440_grsec-remove-protected-paths.patch
10183 similarity index 100%
10184 rename from 4.2.6/4440_grsec-remove-protected-paths.patch
10185 rename to 4.2.7/4440_grsec-remove-protected-paths.patch
10186
10187 diff --git a/4.2.6/4450_grsec-kconfig-default-gids.patch b/4.2.7/4450_grsec-kconfig-default-gids.patch
10188 similarity index 100%
10189 rename from 4.2.6/4450_grsec-kconfig-default-gids.patch
10190 rename to 4.2.7/4450_grsec-kconfig-default-gids.patch
10191
10192 diff --git a/4.2.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.2.7/4465_selinux-avc_audit-log-curr_ip.patch
10193 similarity index 100%
10194 rename from 4.2.6/4465_selinux-avc_audit-log-curr_ip.patch
10195 rename to 4.2.7/4465_selinux-avc_audit-log-curr_ip.patch
10196
10197 diff --git a/4.2.6/4470_disable-compat_vdso.patch b/4.2.7/4470_disable-compat_vdso.patch
10198 similarity index 100%
10199 rename from 4.2.6/4470_disable-compat_vdso.patch
10200 rename to 4.2.7/4470_disable-compat_vdso.patch
10201
10202 diff --git a/4.2.6/4475_emutramp_default_on.patch b/4.2.7/4475_emutramp_default_on.patch
10203 similarity index 100%
10204 rename from 4.2.6/4475_emutramp_default_on.patch
10205 rename to 4.2.7/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups