Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.4.2/, 4.4.3/
Date: Mon, 29 Feb 2016 08:13:00
Message-Id: 1456734119.475e64940396ac502ed92e463b128f96047001be.blueness@gentoo
1 commit: 475e64940396ac502ed92e463b128f96047001be
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Feb 29 08:21:59 2016 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Feb 29 08:21:59 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=475e6494
7
8 grsecurity-3.1-4.4.3-201602282149
9
10 4.4.2/1001_linux-4.4.2.patch | 5320 --------------------
11 {4.4.2 => 4.4.3}/0000_README | 6 +-
12 .../4420_grsecurity-3.1-4.4.3-201602282149.patch | 1770 +++----
13 {4.4.2 => 4.4.3}/4425_grsec_remove_EI_PAX.patch | 0
14 {4.4.2 => 4.4.3}/4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {4.4.2 => 4.4.3}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 {4.4.2 => 4.4.3}/4470_disable-compat_vdso.patch | 0
21 {4.4.2 => 4.4.3}/4475_emutramp_default_on.patch | 0
22 12 files changed, 920 insertions(+), 6176 deletions(-)
23
24 diff --git a/4.4.2/1001_linux-4.4.2.patch b/4.4.2/1001_linux-4.4.2.patch
25 deleted file mode 100644
26 index d190146..0000000
27 --- a/4.4.2/1001_linux-4.4.2.patch
28 +++ /dev/null
29 @@ -1,5320 +0,0 @@
30 -diff --git a/Makefile b/Makefile
31 -index c6a265b..e7a2958 100644
32 ---- a/Makefile
33 -+++ b/Makefile
34 -@@ -1,6 +1,6 @@
35 - VERSION = 4
36 - PATCHLEVEL = 4
37 --SUBLEVEL = 1
38 -+SUBLEVEL = 2
39 - EXTRAVERSION =
40 - NAME = Blurry Fish Butt
41 -
42 -diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h
43 -index 7d56a9c..a65d888 100644
44 ---- a/arch/parisc/include/asm/hugetlb.h
45 -+++ b/arch/parisc/include/asm/hugetlb.h
46 -@@ -54,24 +54,12 @@ static inline pte_t huge_pte_wrprotect(pte_t pte)
47 - return pte_wrprotect(pte);
48 - }
49 -
50 --static inline void huge_ptep_set_wrprotect(struct mm_struct *mm,
51 -- unsigned long addr, pte_t *ptep)
52 --{
53 -- pte_t old_pte = *ptep;
54 -- set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte));
55 --}
56 -+void huge_ptep_set_wrprotect(struct mm_struct *mm,
57 -+ unsigned long addr, pte_t *ptep);
58 -
59 --static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma,
60 -+int huge_ptep_set_access_flags(struct vm_area_struct *vma,
61 - unsigned long addr, pte_t *ptep,
62 -- pte_t pte, int dirty)
63 --{
64 -- int changed = !pte_same(*ptep, pte);
65 -- if (changed) {
66 -- set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
67 -- flush_tlb_page(vma, addr);
68 -- }
69 -- return changed;
70 --}
71 -+ pte_t pte, int dirty);
72 -
73 - static inline pte_t huge_ptep_get(pte_t *ptep)
74 - {
75 -diff --git a/arch/parisc/include/uapi/asm/siginfo.h b/arch/parisc/include/uapi/asm/siginfo.h
76 -index d703472..1c75565 100644
77 ---- a/arch/parisc/include/uapi/asm/siginfo.h
78 -+++ b/arch/parisc/include/uapi/asm/siginfo.h
79 -@@ -1,6 +1,10 @@
80 - #ifndef _PARISC_SIGINFO_H
81 - #define _PARISC_SIGINFO_H
82 -
83 -+#if defined(__LP64__)
84 -+#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int))
85 -+#endif
86 -+
87 - #include <asm-generic/siginfo.h>
88 -
89 - #undef NSIGTRAP
90 -diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c
91 -index f6fdc77..54ba392 100644
92 ---- a/arch/parisc/mm/hugetlbpage.c
93 -+++ b/arch/parisc/mm/hugetlbpage.c
94 -@@ -105,15 +105,13 @@ static inline void purge_tlb_entries_huge(struct mm_struct *mm, unsigned long ad
95 - addr |= _HUGE_PAGE_SIZE_ENCODING_DEFAULT;
96 -
97 - for (i = 0; i < (1 << (HPAGE_SHIFT-REAL_HPAGE_SHIFT)); i++) {
98 -- mtsp(mm->context, 1);
99 -- pdtlb(addr);
100 -- if (unlikely(split_tlb))
101 -- pitlb(addr);
102 -+ purge_tlb_entries(mm, addr);
103 - addr += (1UL << REAL_HPAGE_SHIFT);
104 - }
105 - }
106 -
107 --void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
108 -+/* __set_huge_pte_at() must be called holding the pa_tlb_lock. */
109 -+static void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
110 - pte_t *ptep, pte_t entry)
111 - {
112 - unsigned long addr_start;
113 -@@ -123,14 +121,9 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
114 - addr_start = addr;
115 -
116 - for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
117 -- /* Directly write pte entry. We could call set_pte_at(mm, addr, ptep, entry)
118 -- * instead, but then we get double locking on pa_tlb_lock. */
119 -- *ptep = entry;
120 -+ set_pte(ptep, entry);
121 - ptep++;
122 -
123 -- /* Drop the PAGE_SIZE/non-huge tlb entry */
124 -- purge_tlb_entries(mm, addr);
125 --
126 - addr += PAGE_SIZE;
127 - pte_val(entry) += PAGE_SIZE;
128 - }
129 -@@ -138,18 +131,61 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
130 - purge_tlb_entries_huge(mm, addr_start);
131 - }
132 -
133 -+void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
134 -+ pte_t *ptep, pte_t entry)
135 -+{
136 -+ unsigned long flags;
137 -+
138 -+ purge_tlb_start(flags);
139 -+ __set_huge_pte_at(mm, addr, ptep, entry);
140 -+ purge_tlb_end(flags);
141 -+}
142 -+
143 -
144 - pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
145 - pte_t *ptep)
146 - {
147 -+ unsigned long flags;
148 - pte_t entry;
149 -
150 -+ purge_tlb_start(flags);
151 - entry = *ptep;
152 -- set_huge_pte_at(mm, addr, ptep, __pte(0));
153 -+ __set_huge_pte_at(mm, addr, ptep, __pte(0));
154 -+ purge_tlb_end(flags);
155 -
156 - return entry;
157 - }
158 -
159 -+
160 -+void huge_ptep_set_wrprotect(struct mm_struct *mm,
161 -+ unsigned long addr, pte_t *ptep)
162 -+{
163 -+ unsigned long flags;
164 -+ pte_t old_pte;
165 -+
166 -+ purge_tlb_start(flags);
167 -+ old_pte = *ptep;
168 -+ __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte));
169 -+ purge_tlb_end(flags);
170 -+}
171 -+
172 -+int huge_ptep_set_access_flags(struct vm_area_struct *vma,
173 -+ unsigned long addr, pte_t *ptep,
174 -+ pte_t pte, int dirty)
175 -+{
176 -+ unsigned long flags;
177 -+ int changed;
178 -+
179 -+ purge_tlb_start(flags);
180 -+ changed = !pte_same(*ptep, pte);
181 -+ if (changed) {
182 -+ __set_huge_pte_at(vma->vm_mm, addr, ptep, pte);
183 -+ }
184 -+ purge_tlb_end(flags);
185 -+ return changed;
186 -+}
187 -+
188 -+
189 - int pmd_huge(pmd_t pmd)
190 - {
191 - return 0;
192 -diff --git a/arch/x86/crypto/chacha20-ssse3-x86_64.S b/arch/x86/crypto/chacha20-ssse3-x86_64.S
193 -index 712b130..3a33124 100644
194 ---- a/arch/x86/crypto/chacha20-ssse3-x86_64.S
195 -+++ b/arch/x86/crypto/chacha20-ssse3-x86_64.S
196 -@@ -157,7 +157,9 @@ ENTRY(chacha20_4block_xor_ssse3)
197 - # done with the slightly better performing SSSE3 byte shuffling,
198 - # 7/12-bit word rotation uses traditional shift+OR.
199 -
200 -- sub $0x40,%rsp
201 -+ mov %rsp,%r11
202 -+ sub $0x80,%rsp
203 -+ and $~63,%rsp
204 -
205 - # x0..15[0-3] = s0..3[0..3]
206 - movq 0x00(%rdi),%xmm1
207 -@@ -620,6 +622,6 @@ ENTRY(chacha20_4block_xor_ssse3)
208 - pxor %xmm1,%xmm15
209 - movdqu %xmm15,0xf0(%rsi)
210 -
211 -- add $0x40,%rsp
212 -+ mov %r11,%rsp
213 - ret
214 - ENDPROC(chacha20_4block_xor_ssse3)
215 -diff --git a/block/blk-merge.c b/block/blk-merge.c
216 -index e01405a..b966db8 100644
217 ---- a/block/blk-merge.c
218 -+++ b/block/blk-merge.c
219 -@@ -68,6 +68,18 @@ static struct bio *blk_bio_write_same_split(struct request_queue *q,
220 - return bio_split(bio, q->limits.max_write_same_sectors, GFP_NOIO, bs);
221 - }
222 -
223 -+static inline unsigned get_max_io_size(struct request_queue *q,
224 -+ struct bio *bio)
225 -+{
226 -+ unsigned sectors = blk_max_size_offset(q, bio->bi_iter.bi_sector);
227 -+ unsigned mask = queue_logical_block_size(q) - 1;
228 -+
229 -+ /* aligned to logical block size */
230 -+ sectors &= ~(mask >> 9);
231 -+
232 -+ return sectors;
233 -+}
234 -+
235 - static struct bio *blk_bio_segment_split(struct request_queue *q,
236 - struct bio *bio,
237 - struct bio_set *bs,
238 -@@ -79,11 +91,9 @@ static struct bio *blk_bio_segment_split(struct request_queue *q,
239 - unsigned front_seg_size = bio->bi_seg_front_size;
240 - bool do_split = true;
241 - struct bio *new = NULL;
242 -+ const unsigned max_sectors = get_max_io_size(q, bio);
243 -
244 - bio_for_each_segment(bv, bio, iter) {
245 -- if (sectors + (bv.bv_len >> 9) > queue_max_sectors(q))
246 -- goto split;
247 --
248 - /*
249 - * If the queue doesn't support SG gaps and adding this
250 - * offset would create a gap, disallow it.
251 -@@ -91,6 +101,21 @@ static struct bio *blk_bio_segment_split(struct request_queue *q,
252 - if (bvprvp && bvec_gap_to_prev(q, bvprvp, bv.bv_offset))
253 - goto split;
254 -
255 -+ if (sectors + (bv.bv_len >> 9) > max_sectors) {
256 -+ /*
257 -+ * Consider this a new segment if we're splitting in
258 -+ * the middle of this vector.
259 -+ */
260 -+ if (nsegs < queue_max_segments(q) &&
261 -+ sectors < max_sectors) {
262 -+ nsegs++;
263 -+ sectors = max_sectors;
264 -+ }
265 -+ if (sectors)
266 -+ goto split;
267 -+ /* Make this single bvec as the 1st segment */
268 -+ }
269 -+
270 - if (bvprvp && blk_queue_cluster(q)) {
271 - if (seg_size + bv.bv_len > queue_max_segment_size(q))
272 - goto new_segment;
273 -diff --git a/crypto/af_alg.c b/crypto/af_alg.c
274 -index a8e7aa3..f5e18c2 100644
275 ---- a/crypto/af_alg.c
276 -+++ b/crypto/af_alg.c
277 -@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
278 - goto unlock;
279 -
280 - type->ops->owner = THIS_MODULE;
281 -+ if (type->ops_nokey)
282 -+ type->ops_nokey->owner = THIS_MODULE;
283 - node->type = type;
284 - list_add(&node->list, &alg_types);
285 - err = 0;
286 -@@ -125,6 +127,26 @@ int af_alg_release(struct socket *sock)
287 - }
288 - EXPORT_SYMBOL_GPL(af_alg_release);
289 -
290 -+void af_alg_release_parent(struct sock *sk)
291 -+{
292 -+ struct alg_sock *ask = alg_sk(sk);
293 -+ unsigned int nokey = ask->nokey_refcnt;
294 -+ bool last = nokey && !ask->refcnt;
295 -+
296 -+ sk = ask->parent;
297 -+ ask = alg_sk(sk);
298 -+
299 -+ lock_sock(sk);
300 -+ ask->nokey_refcnt -= nokey;
301 -+ if (!last)
302 -+ last = !--ask->refcnt;
303 -+ release_sock(sk);
304 -+
305 -+ if (last)
306 -+ sock_put(sk);
307 -+}
308 -+EXPORT_SYMBOL_GPL(af_alg_release_parent);
309 -+
310 - static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
311 - {
312 - const u32 forbidden = CRYPTO_ALG_INTERNAL;
313 -@@ -133,6 +155,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
314 - struct sockaddr_alg *sa = (void *)uaddr;
315 - const struct af_alg_type *type;
316 - void *private;
317 -+ int err;
318 -
319 - if (sock->state == SS_CONNECTED)
320 - return -EINVAL;
321 -@@ -160,16 +183,22 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
322 - return PTR_ERR(private);
323 - }
324 -
325 -+ err = -EBUSY;
326 - lock_sock(sk);
327 -+ if (ask->refcnt | ask->nokey_refcnt)
328 -+ goto unlock;
329 -
330 - swap(ask->type, type);
331 - swap(ask->private, private);
332 -
333 -+ err = 0;
334 -+
335 -+unlock:
336 - release_sock(sk);
337 -
338 - alg_do_release(type, private);
339 -
340 -- return 0;
341 -+ return err;
342 - }
343 -
344 - static int alg_setkey(struct sock *sk, char __user *ukey,
345 -@@ -202,11 +231,15 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
346 - struct sock *sk = sock->sk;
347 - struct alg_sock *ask = alg_sk(sk);
348 - const struct af_alg_type *type;
349 -- int err = -ENOPROTOOPT;
350 -+ int err = -EBUSY;
351 -
352 - lock_sock(sk);
353 -+ if (ask->refcnt)
354 -+ goto unlock;
355 -+
356 - type = ask->type;
357 -
358 -+ err = -ENOPROTOOPT;
359 - if (level != SOL_ALG || !type)
360 - goto unlock;
361 -
362 -@@ -238,6 +271,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
363 - struct alg_sock *ask = alg_sk(sk);
364 - const struct af_alg_type *type;
365 - struct sock *sk2;
366 -+ unsigned int nokey;
367 - int err;
368 -
369 - lock_sock(sk);
370 -@@ -257,20 +291,29 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
371 - security_sk_clone(sk, sk2);
372 -
373 - err = type->accept(ask->private, sk2);
374 -- if (err) {
375 -- sk_free(sk2);
376 -+
377 -+ nokey = err == -ENOKEY;
378 -+ if (nokey && type->accept_nokey)
379 -+ err = type->accept_nokey(ask->private, sk2);
380 -+
381 -+ if (err)
382 - goto unlock;
383 -- }
384 -
385 - sk2->sk_family = PF_ALG;
386 -
387 -- sock_hold(sk);
388 -+ if (nokey || !ask->refcnt++)
389 -+ sock_hold(sk);
390 -+ ask->nokey_refcnt += nokey;
391 - alg_sk(sk2)->parent = sk;
392 - alg_sk(sk2)->type = type;
393 -+ alg_sk(sk2)->nokey_refcnt = nokey;
394 -
395 - newsock->ops = type->ops;
396 - newsock->state = SS_CONNECTED;
397 -
398 -+ if (nokey)
399 -+ newsock->ops = type->ops_nokey;
400 -+
401 - err = 0;
402 -
403 - unlock:
404 -diff --git a/crypto/ahash.c b/crypto/ahash.c
405 -index 9c1dc8d..d19b523 100644
406 ---- a/crypto/ahash.c
407 -+++ b/crypto/ahash.c
408 -@@ -451,6 +451,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
409 - struct ahash_alg *alg = crypto_ahash_alg(hash);
410 -
411 - hash->setkey = ahash_nosetkey;
412 -+ hash->has_setkey = false;
413 - hash->export = ahash_no_export;
414 - hash->import = ahash_no_import;
415 -
416 -@@ -463,8 +464,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
417 - hash->finup = alg->finup ?: ahash_def_finup;
418 - hash->digest = alg->digest;
419 -
420 -- if (alg->setkey)
421 -+ if (alg->setkey) {
422 - hash->setkey = alg->setkey;
423 -+ hash->has_setkey = true;
424 -+ }
425 - if (alg->export)
426 - hash->export = alg->export;
427 - if (alg->import)
428 -diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
429 -index b4c24fe..68a5cea 100644
430 ---- a/crypto/algif_hash.c
431 -+++ b/crypto/algif_hash.c
432 -@@ -34,6 +34,11 @@ struct hash_ctx {
433 - struct ahash_request req;
434 - };
435 -
436 -+struct algif_hash_tfm {
437 -+ struct crypto_ahash *hash;
438 -+ bool has_key;
439 -+};
440 -+
441 - static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
442 - size_t ignored)
443 - {
444 -@@ -49,7 +54,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
445 -
446 - lock_sock(sk);
447 - if (!ctx->more) {
448 -- err = crypto_ahash_init(&ctx->req);
449 -+ err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req),
450 -+ &ctx->completion);
451 - if (err)
452 - goto unlock;
453 - }
454 -@@ -120,6 +126,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct page *page,
455 - } else {
456 - if (!ctx->more) {
457 - err = crypto_ahash_init(&ctx->req);
458 -+ err = af_alg_wait_for_completion(err, &ctx->completion);
459 - if (err)
460 - goto unlock;
461 - }
462 -@@ -235,19 +242,151 @@ static struct proto_ops algif_hash_ops = {
463 - .accept = hash_accept,
464 - };
465 -
466 -+static int hash_check_key(struct socket *sock)
467 -+{
468 -+ int err = 0;
469 -+ struct sock *psk;
470 -+ struct alg_sock *pask;
471 -+ struct algif_hash_tfm *tfm;
472 -+ struct sock *sk = sock->sk;
473 -+ struct alg_sock *ask = alg_sk(sk);
474 -+
475 -+ lock_sock(sk);
476 -+ if (ask->refcnt)
477 -+ goto unlock_child;
478 -+
479 -+ psk = ask->parent;
480 -+ pask = alg_sk(ask->parent);
481 -+ tfm = pask->private;
482 -+
483 -+ err = -ENOKEY;
484 -+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
485 -+ if (!tfm->has_key)
486 -+ goto unlock;
487 -+
488 -+ if (!pask->refcnt++)
489 -+ sock_hold(psk);
490 -+
491 -+ ask->refcnt = 1;
492 -+ sock_put(psk);
493 -+
494 -+ err = 0;
495 -+
496 -+unlock:
497 -+ release_sock(psk);
498 -+unlock_child:
499 -+ release_sock(sk);
500 -+
501 -+ return err;
502 -+}
503 -+
504 -+static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
505 -+ size_t size)
506 -+{
507 -+ int err;
508 -+
509 -+ err = hash_check_key(sock);
510 -+ if (err)
511 -+ return err;
512 -+
513 -+ return hash_sendmsg(sock, msg, size);
514 -+}
515 -+
516 -+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
517 -+ int offset, size_t size, int flags)
518 -+{
519 -+ int err;
520 -+
521 -+ err = hash_check_key(sock);
522 -+ if (err)
523 -+ return err;
524 -+
525 -+ return hash_sendpage(sock, page, offset, size, flags);
526 -+}
527 -+
528 -+static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
529 -+ size_t ignored, int flags)
530 -+{
531 -+ int err;
532 -+
533 -+ err = hash_check_key(sock);
534 -+ if (err)
535 -+ return err;
536 -+
537 -+ return hash_recvmsg(sock, msg, ignored, flags);
538 -+}
539 -+
540 -+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
541 -+ int flags)
542 -+{
543 -+ int err;
544 -+
545 -+ err = hash_check_key(sock);
546 -+ if (err)
547 -+ return err;
548 -+
549 -+ return hash_accept(sock, newsock, flags);
550 -+}
551 -+
552 -+static struct proto_ops algif_hash_ops_nokey = {
553 -+ .family = PF_ALG,
554 -+
555 -+ .connect = sock_no_connect,
556 -+ .socketpair = sock_no_socketpair,
557 -+ .getname = sock_no_getname,
558 -+ .ioctl = sock_no_ioctl,
559 -+ .listen = sock_no_listen,
560 -+ .shutdown = sock_no_shutdown,
561 -+ .getsockopt = sock_no_getsockopt,
562 -+ .mmap = sock_no_mmap,
563 -+ .bind = sock_no_bind,
564 -+ .setsockopt = sock_no_setsockopt,
565 -+ .poll = sock_no_poll,
566 -+
567 -+ .release = af_alg_release,
568 -+ .sendmsg = hash_sendmsg_nokey,
569 -+ .sendpage = hash_sendpage_nokey,
570 -+ .recvmsg = hash_recvmsg_nokey,
571 -+ .accept = hash_accept_nokey,
572 -+};
573 -+
574 - static void *hash_bind(const char *name, u32 type, u32 mask)
575 - {
576 -- return crypto_alloc_ahash(name, type, mask);
577 -+ struct algif_hash_tfm *tfm;
578 -+ struct crypto_ahash *hash;
579 -+
580 -+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
581 -+ if (!tfm)
582 -+ return ERR_PTR(-ENOMEM);
583 -+
584 -+ hash = crypto_alloc_ahash(name, type, mask);
585 -+ if (IS_ERR(hash)) {
586 -+ kfree(tfm);
587 -+ return ERR_CAST(hash);
588 -+ }
589 -+
590 -+ tfm->hash = hash;
591 -+
592 -+ return tfm;
593 - }
594 -
595 - static void hash_release(void *private)
596 - {
597 -- crypto_free_ahash(private);
598 -+ struct algif_hash_tfm *tfm = private;
599 -+
600 -+ crypto_free_ahash(tfm->hash);
601 -+ kfree(tfm);
602 - }
603 -
604 - static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
605 - {
606 -- return crypto_ahash_setkey(private, key, keylen);
607 -+ struct algif_hash_tfm *tfm = private;
608 -+ int err;
609 -+
610 -+ err = crypto_ahash_setkey(tfm->hash, key, keylen);
611 -+ tfm->has_key = !err;
612 -+
613 -+ return err;
614 - }
615 -
616 - static void hash_sock_destruct(struct sock *sk)
617 -@@ -261,12 +400,14 @@ static void hash_sock_destruct(struct sock *sk)
618 - af_alg_release_parent(sk);
619 - }
620 -
621 --static int hash_accept_parent(void *private, struct sock *sk)
622 -+static int hash_accept_parent_nokey(void *private, struct sock *sk)
623 - {
624 - struct hash_ctx *ctx;
625 - struct alg_sock *ask = alg_sk(sk);
626 -- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(private);
627 -- unsigned ds = crypto_ahash_digestsize(private);
628 -+ struct algif_hash_tfm *tfm = private;
629 -+ struct crypto_ahash *hash = tfm->hash;
630 -+ unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash);
631 -+ unsigned ds = crypto_ahash_digestsize(hash);
632 -
633 - ctx = sock_kmalloc(sk, len, GFP_KERNEL);
634 - if (!ctx)
635 -@@ -286,7 +427,7 @@ static int hash_accept_parent(void *private, struct sock *sk)
636 -
637 - ask->private = ctx;
638 -
639 -- ahash_request_set_tfm(&ctx->req, private);
640 -+ ahash_request_set_tfm(&ctx->req, hash);
641 - ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
642 - af_alg_complete, &ctx->completion);
643 -
644 -@@ -295,12 +436,24 @@ static int hash_accept_parent(void *private, struct sock *sk)
645 - return 0;
646 - }
647 -
648 -+static int hash_accept_parent(void *private, struct sock *sk)
649 -+{
650 -+ struct algif_hash_tfm *tfm = private;
651 -+
652 -+ if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
653 -+ return -ENOKEY;
654 -+
655 -+ return hash_accept_parent_nokey(private, sk);
656 -+}
657 -+
658 - static const struct af_alg_type algif_type_hash = {
659 - .bind = hash_bind,
660 - .release = hash_release,
661 - .setkey = hash_setkey,
662 - .accept = hash_accept_parent,
663 -+ .accept_nokey = hash_accept_parent_nokey,
664 - .ops = &algif_hash_ops,
665 -+ .ops_nokey = &algif_hash_ops_nokey,
666 - .name = "hash",
667 - .owner = THIS_MODULE
668 - };
669 -diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
670 -index 634b4d1..f5e9f93 100644
671 ---- a/crypto/algif_skcipher.c
672 -+++ b/crypto/algif_skcipher.c
673 -@@ -31,6 +31,11 @@ struct skcipher_sg_list {
674 - struct scatterlist sg[0];
675 - };
676 -
677 -+struct skcipher_tfm {
678 -+ struct crypto_skcipher *skcipher;
679 -+ bool has_key;
680 -+};
681 -+
682 - struct skcipher_ctx {
683 - struct list_head tsgl;
684 - struct af_alg_sgl rsgl;
685 -@@ -60,18 +65,10 @@ struct skcipher_async_req {
686 - struct skcipher_async_rsgl first_sgl;
687 - struct list_head list;
688 - struct scatterlist *tsg;
689 -- char iv[];
690 -+ atomic_t *inflight;
691 -+ struct skcipher_request req;
692 - };
693 -
694 --#define GET_SREQ(areq, ctx) (struct skcipher_async_req *)((char *)areq + \
695 -- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req)))
696 --
697 --#define GET_REQ_SIZE(ctx) \
698 -- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req))
699 --
700 --#define GET_IV_SIZE(ctx) \
701 -- crypto_skcipher_ivsize(crypto_skcipher_reqtfm(&ctx->req))
702 --
703 - #define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
704 - sizeof(struct scatterlist) - 1)
705 -
706 -@@ -97,15 +94,12 @@ static void skcipher_free_async_sgls(struct skcipher_async_req *sreq)
707 -
708 - static void skcipher_async_cb(struct crypto_async_request *req, int err)
709 - {
710 -- struct sock *sk = req->data;
711 -- struct alg_sock *ask = alg_sk(sk);
712 -- struct skcipher_ctx *ctx = ask->private;
713 -- struct skcipher_async_req *sreq = GET_SREQ(req, ctx);
714 -+ struct skcipher_async_req *sreq = req->data;
715 - struct kiocb *iocb = sreq->iocb;
716 -
717 -- atomic_dec(&ctx->inflight);
718 -+ atomic_dec(sreq->inflight);
719 - skcipher_free_async_sgls(sreq);
720 -- kfree(req);
721 -+ kzfree(sreq);
722 - iocb->ki_complete(iocb, err, err);
723 - }
724 -
725 -@@ -301,8 +295,11 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
726 - {
727 - struct sock *sk = sock->sk;
728 - struct alg_sock *ask = alg_sk(sk);
729 -+ struct sock *psk = ask->parent;
730 -+ struct alg_sock *pask = alg_sk(psk);
731 - struct skcipher_ctx *ctx = ask->private;
732 -- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
733 -+ struct skcipher_tfm *skc = pask->private;
734 -+ struct crypto_skcipher *tfm = skc->skcipher;
735 - unsigned ivsize = crypto_skcipher_ivsize(tfm);
736 - struct skcipher_sg_list *sgl;
737 - struct af_alg_control con = {};
738 -@@ -387,7 +384,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
739 -
740 - sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
741 - sg = sgl->sg;
742 -- sg_unmark_end(sg + sgl->cur);
743 -+ if (sgl->cur)
744 -+ sg_unmark_end(sg + sgl->cur - 1);
745 - do {
746 - i = sgl->cur;
747 - plen = min_t(int, len, PAGE_SIZE);
748 -@@ -503,37 +501,43 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
749 - {
750 - struct sock *sk = sock->sk;
751 - struct alg_sock *ask = alg_sk(sk);
752 -+ struct sock *psk = ask->parent;
753 -+ struct alg_sock *pask = alg_sk(psk);
754 - struct skcipher_ctx *ctx = ask->private;
755 -+ struct skcipher_tfm *skc = pask->private;
756 -+ struct crypto_skcipher *tfm = skc->skcipher;
757 - struct skcipher_sg_list *sgl;
758 - struct scatterlist *sg;
759 - struct skcipher_async_req *sreq;
760 - struct skcipher_request *req;
761 - struct skcipher_async_rsgl *last_rsgl = NULL;
762 -- unsigned int txbufs = 0, len = 0, tx_nents = skcipher_all_sg_nents(ctx);
763 -- unsigned int reqlen = sizeof(struct skcipher_async_req) +
764 -- GET_REQ_SIZE(ctx) + GET_IV_SIZE(ctx);
765 -+ unsigned int txbufs = 0, len = 0, tx_nents;
766 -+ unsigned int reqsize = crypto_skcipher_reqsize(tfm);
767 -+ unsigned int ivsize = crypto_skcipher_ivsize(tfm);
768 - int err = -ENOMEM;
769 - bool mark = false;
770 -+ char *iv;
771 -
772 -- lock_sock(sk);
773 -- req = kmalloc(reqlen, GFP_KERNEL);
774 -- if (unlikely(!req))
775 -- goto unlock;
776 -+ sreq = kzalloc(sizeof(*sreq) + reqsize + ivsize, GFP_KERNEL);
777 -+ if (unlikely(!sreq))
778 -+ goto out;
779 -
780 -- sreq = GET_SREQ(req, ctx);
781 -+ req = &sreq->req;
782 -+ iv = (char *)(req + 1) + reqsize;
783 - sreq->iocb = msg->msg_iocb;
784 -- memset(&sreq->first_sgl, '\0', sizeof(struct skcipher_async_rsgl));
785 - INIT_LIST_HEAD(&sreq->list);
786 -+ sreq->inflight = &ctx->inflight;
787 -+
788 -+ lock_sock(sk);
789 -+ tx_nents = skcipher_all_sg_nents(ctx);
790 - sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
791 -- if (unlikely(!sreq->tsg)) {
792 -- kfree(req);
793 -+ if (unlikely(!sreq->tsg))
794 - goto unlock;
795 -- }
796 - sg_init_table(sreq->tsg, tx_nents);
797 -- memcpy(sreq->iv, ctx->iv, GET_IV_SIZE(ctx));
798 -- skcipher_request_set_tfm(req, crypto_skcipher_reqtfm(&ctx->req));
799 -- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
800 -- skcipher_async_cb, sk);
801 -+ memcpy(iv, ctx->iv, ivsize);
802 -+ skcipher_request_set_tfm(req, tfm);
803 -+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
804 -+ skcipher_async_cb, sreq);
805 -
806 - while (iov_iter_count(&msg->msg_iter)) {
807 - struct skcipher_async_rsgl *rsgl;
808 -@@ -609,20 +613,22 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
809 - sg_mark_end(sreq->tsg + txbufs - 1);
810 -
811 - skcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg,
812 -- len, sreq->iv);
813 -+ len, iv);
814 - err = ctx->enc ? crypto_skcipher_encrypt(req) :
815 - crypto_skcipher_decrypt(req);
816 - if (err == -EINPROGRESS) {
817 - atomic_inc(&ctx->inflight);
818 - err = -EIOCBQUEUED;
819 -+ sreq = NULL;
820 - goto unlock;
821 - }
822 - free:
823 - skcipher_free_async_sgls(sreq);
824 -- kfree(req);
825 - unlock:
826 - skcipher_wmem_wakeup(sk);
827 - release_sock(sk);
828 -+ kzfree(sreq);
829 -+out:
830 - return err;
831 - }
832 -
833 -@@ -631,9 +637,12 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
834 - {
835 - struct sock *sk = sock->sk;
836 - struct alg_sock *ask = alg_sk(sk);
837 -+ struct sock *psk = ask->parent;
838 -+ struct alg_sock *pask = alg_sk(psk);
839 - struct skcipher_ctx *ctx = ask->private;
840 -- unsigned bs = crypto_skcipher_blocksize(crypto_skcipher_reqtfm(
841 -- &ctx->req));
842 -+ struct skcipher_tfm *skc = pask->private;
843 -+ struct crypto_skcipher *tfm = skc->skcipher;
844 -+ unsigned bs = crypto_skcipher_blocksize(tfm);
845 - struct skcipher_sg_list *sgl;
846 - struct scatterlist *sg;
847 - int err = -EAGAIN;
848 -@@ -642,13 +651,6 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
849 -
850 - lock_sock(sk);
851 - while (msg_data_left(msg)) {
852 -- sgl = list_first_entry(&ctx->tsgl,
853 -- struct skcipher_sg_list, list);
854 -- sg = sgl->sg;
855 --
856 -- while (!sg->length)
857 -- sg++;
858 --
859 - if (!ctx->used) {
860 - err = skcipher_wait_for_data(sk, flags);
861 - if (err)
862 -@@ -669,6 +671,13 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
863 - if (!used)
864 - goto free;
865 -
866 -+ sgl = list_first_entry(&ctx->tsgl,
867 -+ struct skcipher_sg_list, list);
868 -+ sg = sgl->sg;
869 -+
870 -+ while (!sg->length)
871 -+ sg++;
872 -+
873 - skcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used,
874 - ctx->iv);
875 -
876 -@@ -748,19 +757,139 @@ static struct proto_ops algif_skcipher_ops = {
877 - .poll = skcipher_poll,
878 - };
879 -
880 -+static int skcipher_check_key(struct socket *sock)
881 -+{
882 -+ int err = 0;
883 -+ struct sock *psk;
884 -+ struct alg_sock *pask;
885 -+ struct skcipher_tfm *tfm;
886 -+ struct sock *sk = sock->sk;
887 -+ struct alg_sock *ask = alg_sk(sk);
888 -+
889 -+ lock_sock(sk);
890 -+ if (ask->refcnt)
891 -+ goto unlock_child;
892 -+
893 -+ psk = ask->parent;
894 -+ pask = alg_sk(ask->parent);
895 -+ tfm = pask->private;
896 -+
897 -+ err = -ENOKEY;
898 -+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
899 -+ if (!tfm->has_key)
900 -+ goto unlock;
901 -+
902 -+ if (!pask->refcnt++)
903 -+ sock_hold(psk);
904 -+
905 -+ ask->refcnt = 1;
906 -+ sock_put(psk);
907 -+
908 -+ err = 0;
909 -+
910 -+unlock:
911 -+ release_sock(psk);
912 -+unlock_child:
913 -+ release_sock(sk);
914 -+
915 -+ return err;
916 -+}
917 -+
918 -+static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
919 -+ size_t size)
920 -+{
921 -+ int err;
922 -+
923 -+ err = skcipher_check_key(sock);
924 -+ if (err)
925 -+ return err;
926 -+
927 -+ return skcipher_sendmsg(sock, msg, size);
928 -+}
929 -+
930 -+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
931 -+ int offset, size_t size, int flags)
932 -+{
933 -+ int err;
934 -+
935 -+ err = skcipher_check_key(sock);
936 -+ if (err)
937 -+ return err;
938 -+
939 -+ return skcipher_sendpage(sock, page, offset, size, flags);
940 -+}
941 -+
942 -+static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
943 -+ size_t ignored, int flags)
944 -+{
945 -+ int err;
946 -+
947 -+ err = skcipher_check_key(sock);
948 -+ if (err)
949 -+ return err;
950 -+
951 -+ return skcipher_recvmsg(sock, msg, ignored, flags);
952 -+}
953 -+
954 -+static struct proto_ops algif_skcipher_ops_nokey = {
955 -+ .family = PF_ALG,
956 -+
957 -+ .connect = sock_no_connect,
958 -+ .socketpair = sock_no_socketpair,
959 -+ .getname = sock_no_getname,
960 -+ .ioctl = sock_no_ioctl,
961 -+ .listen = sock_no_listen,
962 -+ .shutdown = sock_no_shutdown,
963 -+ .getsockopt = sock_no_getsockopt,
964 -+ .mmap = sock_no_mmap,
965 -+ .bind = sock_no_bind,
966 -+ .accept = sock_no_accept,
967 -+ .setsockopt = sock_no_setsockopt,
968 -+
969 -+ .release = af_alg_release,
970 -+ .sendmsg = skcipher_sendmsg_nokey,
971 -+ .sendpage = skcipher_sendpage_nokey,
972 -+ .recvmsg = skcipher_recvmsg_nokey,
973 -+ .poll = skcipher_poll,
974 -+};
975 -+
976 - static void *skcipher_bind(const char *name, u32 type, u32 mask)
977 - {
978 -- return crypto_alloc_skcipher(name, type, mask);
979 -+ struct skcipher_tfm *tfm;
980 -+ struct crypto_skcipher *skcipher;
981 -+
982 -+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
983 -+ if (!tfm)
984 -+ return ERR_PTR(-ENOMEM);
985 -+
986 -+ skcipher = crypto_alloc_skcipher(name, type, mask);
987 -+ if (IS_ERR(skcipher)) {
988 -+ kfree(tfm);
989 -+ return ERR_CAST(skcipher);
990 -+ }
991 -+
992 -+ tfm->skcipher = skcipher;
993 -+
994 -+ return tfm;
995 - }
996 -
997 - static void skcipher_release(void *private)
998 - {
999 -- crypto_free_skcipher(private);
1000 -+ struct skcipher_tfm *tfm = private;
1001 -+
1002 -+ crypto_free_skcipher(tfm->skcipher);
1003 -+ kfree(tfm);
1004 - }
1005 -
1006 - static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
1007 - {
1008 -- return crypto_skcipher_setkey(private, key, keylen);
1009 -+ struct skcipher_tfm *tfm = private;
1010 -+ int err;
1011 -+
1012 -+ err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
1013 -+ tfm->has_key = !err;
1014 -+
1015 -+ return err;
1016 - }
1017 -
1018 - static void skcipher_wait(struct sock *sk)
1019 -@@ -788,24 +917,26 @@ static void skcipher_sock_destruct(struct sock *sk)
1020 - af_alg_release_parent(sk);
1021 - }
1022 -
1023 --static int skcipher_accept_parent(void *private, struct sock *sk)
1024 -+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
1025 - {
1026 - struct skcipher_ctx *ctx;
1027 - struct alg_sock *ask = alg_sk(sk);
1028 -- unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(private);
1029 -+ struct skcipher_tfm *tfm = private;
1030 -+ struct crypto_skcipher *skcipher = tfm->skcipher;
1031 -+ unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher);
1032 -
1033 - ctx = sock_kmalloc(sk, len, GFP_KERNEL);
1034 - if (!ctx)
1035 - return -ENOMEM;
1036 -
1037 -- ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(private),
1038 -+ ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher),
1039 - GFP_KERNEL);
1040 - if (!ctx->iv) {
1041 - sock_kfree_s(sk, ctx, len);
1042 - return -ENOMEM;
1043 - }
1044 -
1045 -- memset(ctx->iv, 0, crypto_skcipher_ivsize(private));
1046 -+ memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher));
1047 -
1048 - INIT_LIST_HEAD(&ctx->tsgl);
1049 - ctx->len = len;
1050 -@@ -818,8 +949,9 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
1051 -
1052 - ask->private = ctx;
1053 -
1054 -- skcipher_request_set_tfm(&ctx->req, private);
1055 -- skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1056 -+ skcipher_request_set_tfm(&ctx->req, skcipher);
1057 -+ skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_SLEEP |
1058 -+ CRYPTO_TFM_REQ_MAY_BACKLOG,
1059 - af_alg_complete, &ctx->completion);
1060 -
1061 - sk->sk_destruct = skcipher_sock_destruct;
1062 -@@ -827,12 +959,24 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
1063 - return 0;
1064 - }
1065 -
1066 -+static int skcipher_accept_parent(void *private, struct sock *sk)
1067 -+{
1068 -+ struct skcipher_tfm *tfm = private;
1069 -+
1070 -+ if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher))
1071 -+ return -ENOKEY;
1072 -+
1073 -+ return skcipher_accept_parent_nokey(private, sk);
1074 -+}
1075 -+
1076 - static const struct af_alg_type algif_type_skcipher = {
1077 - .bind = skcipher_bind,
1078 - .release = skcipher_release,
1079 - .setkey = skcipher_setkey,
1080 - .accept = skcipher_accept_parent,
1081 -+ .accept_nokey = skcipher_accept_parent_nokey,
1082 - .ops = &algif_skcipher_ops,
1083 -+ .ops_nokey = &algif_skcipher_ops_nokey,
1084 - .name = "skcipher",
1085 - .owner = THIS_MODULE
1086 - };
1087 -diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c
1088 -index 06f1b60..4c0a0e2 100644
1089 ---- a/crypto/crc32c_generic.c
1090 -+++ b/crypto/crc32c_generic.c
1091 -@@ -172,4 +172,3 @@ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
1092 - MODULE_LICENSE("GPL");
1093 - MODULE_ALIAS_CRYPTO("crc32c");
1094 - MODULE_ALIAS_CRYPTO("crc32c-generic");
1095 --MODULE_SOFTDEP("pre: crc32c");
1096 -diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
1097 -index 237f379..43fe85f 100644
1098 ---- a/crypto/crypto_user.c
1099 -+++ b/crypto/crypto_user.c
1100 -@@ -499,6 +499,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1101 - if (link->dump == NULL)
1102 - return -EINVAL;
1103 -
1104 -+ down_read(&crypto_alg_sem);
1105 - list_for_each_entry(alg, &crypto_alg_list, cra_list)
1106 - dump_alloc += CRYPTO_REPORT_MAXSIZE;
1107 -
1108 -@@ -508,8 +509,11 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1109 - .done = link->done,
1110 - .min_dump_alloc = dump_alloc,
1111 - };
1112 -- return netlink_dump_start(crypto_nlsk, skb, nlh, &c);
1113 -+ err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
1114 - }
1115 -+ up_read(&crypto_alg_sem);
1116 -+
1117 -+ return err;
1118 - }
1119 -
1120 - err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX,
1121 -diff --git a/crypto/shash.c b/crypto/shash.c
1122 -index ecb1e3d..3597545 100644
1123 ---- a/crypto/shash.c
1124 -+++ b/crypto/shash.c
1125 -@@ -354,9 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
1126 - crt->final = shash_async_final;
1127 - crt->finup = shash_async_finup;
1128 - crt->digest = shash_async_digest;
1129 -+ crt->setkey = shash_async_setkey;
1130 -+
1131 -+ crt->has_setkey = alg->setkey != shash_no_setkey;
1132 -
1133 -- if (alg->setkey)
1134 -- crt->setkey = shash_async_setkey;
1135 - if (alg->export)
1136 - crt->export = shash_async_export;
1137 - if (alg->import)
1138 -diff --git a/crypto/skcipher.c b/crypto/skcipher.c
1139 -index 7591928..d199c0b 100644
1140 ---- a/crypto/skcipher.c
1141 -+++ b/crypto/skcipher.c
1142 -@@ -118,6 +118,7 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm)
1143 - skcipher->decrypt = skcipher_decrypt_blkcipher;
1144 -
1145 - skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher);
1146 -+ skcipher->has_setkey = calg->cra_blkcipher.max_keysize;
1147 -
1148 - return 0;
1149 - }
1150 -@@ -210,6 +211,7 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
1151 - skcipher->ivsize = crypto_ablkcipher_ivsize(ablkcipher);
1152 - skcipher->reqsize = crypto_ablkcipher_reqsize(ablkcipher) +
1153 - sizeof(struct ablkcipher_request);
1154 -+ skcipher->has_setkey = calg->cra_ablkcipher.max_keysize;
1155 -
1156 - return 0;
1157 - }
1158 -diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
1159 -index cdfbcc5..99921aa 100644
1160 ---- a/drivers/ata/ahci.c
1161 -+++ b/drivers/ata/ahci.c
1162 -@@ -264,6 +264,26 @@ static const struct pci_device_id ahci_pci_tbl[] = {
1163 - { PCI_VDEVICE(INTEL, 0x3b2b), board_ahci }, /* PCH RAID */
1164 - { PCI_VDEVICE(INTEL, 0x3b2c), board_ahci }, /* PCH RAID */
1165 - { PCI_VDEVICE(INTEL, 0x3b2f), board_ahci }, /* PCH AHCI */
1166 -+ { PCI_VDEVICE(INTEL, 0x19b0), board_ahci }, /* DNV AHCI */
1167 -+ { PCI_VDEVICE(INTEL, 0x19b1), board_ahci }, /* DNV AHCI */
1168 -+ { PCI_VDEVICE(INTEL, 0x19b2), board_ahci }, /* DNV AHCI */
1169 -+ { PCI_VDEVICE(INTEL, 0x19b3), board_ahci }, /* DNV AHCI */
1170 -+ { PCI_VDEVICE(INTEL, 0x19b4), board_ahci }, /* DNV AHCI */
1171 -+ { PCI_VDEVICE(INTEL, 0x19b5), board_ahci }, /* DNV AHCI */
1172 -+ { PCI_VDEVICE(INTEL, 0x19b6), board_ahci }, /* DNV AHCI */
1173 -+ { PCI_VDEVICE(INTEL, 0x19b7), board_ahci }, /* DNV AHCI */
1174 -+ { PCI_VDEVICE(INTEL, 0x19bE), board_ahci }, /* DNV AHCI */
1175 -+ { PCI_VDEVICE(INTEL, 0x19bF), board_ahci }, /* DNV AHCI */
1176 -+ { PCI_VDEVICE(INTEL, 0x19c0), board_ahci }, /* DNV AHCI */
1177 -+ { PCI_VDEVICE(INTEL, 0x19c1), board_ahci }, /* DNV AHCI */
1178 -+ { PCI_VDEVICE(INTEL, 0x19c2), board_ahci }, /* DNV AHCI */
1179 -+ { PCI_VDEVICE(INTEL, 0x19c3), board_ahci }, /* DNV AHCI */
1180 -+ { PCI_VDEVICE(INTEL, 0x19c4), board_ahci }, /* DNV AHCI */
1181 -+ { PCI_VDEVICE(INTEL, 0x19c5), board_ahci }, /* DNV AHCI */
1182 -+ { PCI_VDEVICE(INTEL, 0x19c6), board_ahci }, /* DNV AHCI */
1183 -+ { PCI_VDEVICE(INTEL, 0x19c7), board_ahci }, /* DNV AHCI */
1184 -+ { PCI_VDEVICE(INTEL, 0x19cE), board_ahci }, /* DNV AHCI */
1185 -+ { PCI_VDEVICE(INTEL, 0x19cF), board_ahci }, /* DNV AHCI */
1186 - { PCI_VDEVICE(INTEL, 0x1c02), board_ahci }, /* CPT AHCI */
1187 - { PCI_VDEVICE(INTEL, 0x1c03), board_ahci }, /* CPT AHCI */
1188 - { PCI_VDEVICE(INTEL, 0x1c04), board_ahci }, /* CPT RAID */
1189 -diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
1190 -index 4665512..1f225cc 100644
1191 ---- a/drivers/ata/libahci.c
1192 -+++ b/drivers/ata/libahci.c
1193 -@@ -495,8 +495,8 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)
1194 - }
1195 - }
1196 -
1197 -- /* fabricate port_map from cap.nr_ports */
1198 -- if (!port_map) {
1199 -+ /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */
1200 -+ if (!port_map && vers < 0x10300) {
1201 - port_map = (1 << ahci_nr_ports(cap)) - 1;
1202 - dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map);
1203 -
1204 -diff --git a/drivers/base/platform.c b/drivers/base/platform.c
1205 -index 1dd6d3b..176b59f 100644
1206 ---- a/drivers/base/platform.c
1207 -+++ b/drivers/base/platform.c
1208 -@@ -513,10 +513,15 @@ static int platform_drv_probe(struct device *_dev)
1209 - return ret;
1210 -
1211 - ret = dev_pm_domain_attach(_dev, true);
1212 -- if (ret != -EPROBE_DEFER && drv->probe) {
1213 -- ret = drv->probe(dev);
1214 -- if (ret)
1215 -- dev_pm_domain_detach(_dev, true);
1216 -+ if (ret != -EPROBE_DEFER) {
1217 -+ if (drv->probe) {
1218 -+ ret = drv->probe(dev);
1219 -+ if (ret)
1220 -+ dev_pm_domain_detach(_dev, true);
1221 -+ } else {
1222 -+ /* don't fail if just dev_pm_domain_attach failed */
1223 -+ ret = 0;
1224 -+ }
1225 - }
1226 -
1227 - if (drv->prevent_deferred_probe && ret == -EPROBE_DEFER) {
1228 -diff --git a/drivers/block/zram/zcomp.c b/drivers/block/zram/zcomp.c
1229 -index 5cb13ca..c536177 100644
1230 ---- a/drivers/block/zram/zcomp.c
1231 -+++ b/drivers/block/zram/zcomp.c
1232 -@@ -76,7 +76,7 @@ static void zcomp_strm_free(struct zcomp *comp, struct zcomp_strm *zstrm)
1233 - */
1234 - static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
1235 - {
1236 -- struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_KERNEL);
1237 -+ struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_NOIO);
1238 - if (!zstrm)
1239 - return NULL;
1240 -
1241 -@@ -85,7 +85,7 @@ static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
1242 - * allocate 2 pages. 1 for compressed data, plus 1 extra for the
1243 - * case when compressed size is larger than the original one
1244 - */
1245 -- zstrm->buffer = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 1);
1246 -+ zstrm->buffer = (void *)__get_free_pages(GFP_NOIO | __GFP_ZERO, 1);
1247 - if (!zstrm->private || !zstrm->buffer) {
1248 - zcomp_strm_free(comp, zstrm);
1249 - zstrm = NULL;
1250 -diff --git a/drivers/block/zram/zcomp_lz4.c b/drivers/block/zram/zcomp_lz4.c
1251 -index f2afb7e..dd60831 100644
1252 ---- a/drivers/block/zram/zcomp_lz4.c
1253 -+++ b/drivers/block/zram/zcomp_lz4.c
1254 -@@ -10,17 +10,36 @@
1255 - #include <linux/kernel.h>
1256 - #include <linux/slab.h>
1257 - #include <linux/lz4.h>
1258 -+#include <linux/vmalloc.h>
1259 -+#include <linux/mm.h>
1260 -
1261 - #include "zcomp_lz4.h"
1262 -
1263 - static void *zcomp_lz4_create(void)
1264 - {
1265 -- return kzalloc(LZ4_MEM_COMPRESS, GFP_KERNEL);
1266 -+ void *ret;
1267 -+
1268 -+ /*
1269 -+ * This function can be called in swapout/fs write path
1270 -+ * so we can't use GFP_FS|IO. And it assumes we already
1271 -+ * have at least one stream in zram initialization so we
1272 -+ * don't do best effort to allocate more stream in here.
1273 -+ * A default stream will work well without further multiple
1274 -+ * streams. That's why we use NORETRY | NOWARN.
1275 -+ */
1276 -+ ret = kzalloc(LZ4_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
1277 -+ __GFP_NOWARN);
1278 -+ if (!ret)
1279 -+ ret = __vmalloc(LZ4_MEM_COMPRESS,
1280 -+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
1281 -+ __GFP_ZERO | __GFP_HIGHMEM,
1282 -+ PAGE_KERNEL);
1283 -+ return ret;
1284 - }
1285 -
1286 - static void zcomp_lz4_destroy(void *private)
1287 - {
1288 -- kfree(private);
1289 -+ kvfree(private);
1290 - }
1291 -
1292 - static int zcomp_lz4_compress(const unsigned char *src, unsigned char *dst,
1293 -diff --git a/drivers/block/zram/zcomp_lzo.c b/drivers/block/zram/zcomp_lzo.c
1294 -index da1bc47..edc5499 100644
1295 ---- a/drivers/block/zram/zcomp_lzo.c
1296 -+++ b/drivers/block/zram/zcomp_lzo.c
1297 -@@ -10,17 +10,36 @@
1298 - #include <linux/kernel.h>
1299 - #include <linux/slab.h>
1300 - #include <linux/lzo.h>
1301 -+#include <linux/vmalloc.h>
1302 -+#include <linux/mm.h>
1303 -
1304 - #include "zcomp_lzo.h"
1305 -
1306 - static void *lzo_create(void)
1307 - {
1308 -- return kzalloc(LZO1X_MEM_COMPRESS, GFP_KERNEL);
1309 -+ void *ret;
1310 -+
1311 -+ /*
1312 -+ * This function can be called in swapout/fs write path
1313 -+ * so we can't use GFP_FS|IO. And it assumes we already
1314 -+ * have at least one stream in zram initialization so we
1315 -+ * don't do best effort to allocate more stream in here.
1316 -+ * A default stream will work well without further multiple
1317 -+ * streams. That's why we use NORETRY | NOWARN.
1318 -+ */
1319 -+ ret = kzalloc(LZO1X_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
1320 -+ __GFP_NOWARN);
1321 -+ if (!ret)
1322 -+ ret = __vmalloc(LZO1X_MEM_COMPRESS,
1323 -+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
1324 -+ __GFP_ZERO | __GFP_HIGHMEM,
1325 -+ PAGE_KERNEL);
1326 -+ return ret;
1327 - }
1328 -
1329 - static void lzo_destroy(void *private)
1330 - {
1331 -- kfree(private);
1332 -+ kvfree(private);
1333 - }
1334 -
1335 - static int lzo_compress(const unsigned char *src, unsigned char *dst,
1336 -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
1337 -index 47915d7..370c2f7 100644
1338 ---- a/drivers/block/zram/zram_drv.c
1339 -+++ b/drivers/block/zram/zram_drv.c
1340 -@@ -1325,7 +1325,6 @@ static int zram_remove(struct zram *zram)
1341 -
1342 - pr_info("Removed device: %s\n", zram->disk->disk_name);
1343 -
1344 -- idr_remove(&zram_index_idr, zram->disk->first_minor);
1345 - blk_cleanup_queue(zram->disk->queue);
1346 - del_gendisk(zram->disk);
1347 - put_disk(zram->disk);
1348 -@@ -1367,10 +1366,12 @@ static ssize_t hot_remove_store(struct class *class,
1349 - mutex_lock(&zram_index_mutex);
1350 -
1351 - zram = idr_find(&zram_index_idr, dev_id);
1352 -- if (zram)
1353 -+ if (zram) {
1354 - ret = zram_remove(zram);
1355 -- else
1356 -+ idr_remove(&zram_index_idr, dev_id);
1357 -+ } else {
1358 - ret = -ENODEV;
1359 -+ }
1360 -
1361 - mutex_unlock(&zram_index_mutex);
1362 - return ret ? ret : count;
1363 -diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c
1364 -index 660d8c0..3178f84 100644
1365 ---- a/drivers/crypto/atmel-sha.c
1366 -+++ b/drivers/crypto/atmel-sha.c
1367 -@@ -783,7 +783,7 @@ static void atmel_sha_finish_req(struct ahash_request *req, int err)
1368 - dd->flags &= ~(SHA_FLAGS_BUSY | SHA_FLAGS_FINAL | SHA_FLAGS_CPU |
1369 - SHA_FLAGS_DMA_READY | SHA_FLAGS_OUTPUT_READY);
1370 -
1371 -- clk_disable_unprepare(dd->iclk);
1372 -+ clk_disable(dd->iclk);
1373 -
1374 - if (req->base.complete)
1375 - req->base.complete(&req->base, err);
1376 -@@ -796,7 +796,7 @@ static int atmel_sha_hw_init(struct atmel_sha_dev *dd)
1377 - {
1378 - int err;
1379 -
1380 -- err = clk_prepare_enable(dd->iclk);
1381 -+ err = clk_enable(dd->iclk);
1382 - if (err)
1383 - return err;
1384 -
1385 -@@ -823,7 +823,7 @@ static void atmel_sha_hw_version_init(struct atmel_sha_dev *dd)
1386 - dev_info(dd->dev,
1387 - "version: 0x%x\n", dd->hw_version);
1388 -
1389 -- clk_disable_unprepare(dd->iclk);
1390 -+ clk_disable(dd->iclk);
1391 - }
1392 -
1393 - static int atmel_sha_handle_queue(struct atmel_sha_dev *dd,
1394 -@@ -1411,6 +1411,10 @@ static int atmel_sha_probe(struct platform_device *pdev)
1395 - goto res_err;
1396 - }
1397 -
1398 -+ err = clk_prepare(sha_dd->iclk);
1399 -+ if (err)
1400 -+ goto res_err;
1401 -+
1402 - atmel_sha_hw_version_init(sha_dd);
1403 -
1404 - atmel_sha_get_cap(sha_dd);
1405 -@@ -1422,12 +1426,12 @@ static int atmel_sha_probe(struct platform_device *pdev)
1406 - if (IS_ERR(pdata)) {
1407 - dev_err(&pdev->dev, "platform data not available\n");
1408 - err = PTR_ERR(pdata);
1409 -- goto res_err;
1410 -+ goto iclk_unprepare;
1411 - }
1412 - }
1413 - if (!pdata->dma_slave) {
1414 - err = -ENXIO;
1415 -- goto res_err;
1416 -+ goto iclk_unprepare;
1417 - }
1418 - err = atmel_sha_dma_init(sha_dd, pdata);
1419 - if (err)
1420 -@@ -1458,6 +1462,8 @@ err_algs:
1421 - if (sha_dd->caps.has_dma)
1422 - atmel_sha_dma_cleanup(sha_dd);
1423 - err_sha_dma:
1424 -+iclk_unprepare:
1425 -+ clk_unprepare(sha_dd->iclk);
1426 - res_err:
1427 - tasklet_kill(&sha_dd->done_task);
1428 - sha_dd_err:
1429 -@@ -1484,12 +1490,7 @@ static int atmel_sha_remove(struct platform_device *pdev)
1430 - if (sha_dd->caps.has_dma)
1431 - atmel_sha_dma_cleanup(sha_dd);
1432 -
1433 -- iounmap(sha_dd->io_base);
1434 --
1435 -- clk_put(sha_dd->iclk);
1436 --
1437 -- if (sha_dd->irq >= 0)
1438 -- free_irq(sha_dd->irq, sha_dd);
1439 -+ clk_unprepare(sha_dd->iclk);
1440 -
1441 - return 0;
1442 - }
1443 -diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
1444 -index 8abb4bc..69d4a13 100644
1445 ---- a/drivers/crypto/caam/ctrl.c
1446 -+++ b/drivers/crypto/caam/ctrl.c
1447 -@@ -534,8 +534,8 @@ static int caam_probe(struct platform_device *pdev)
1448 - * long pointers in master configuration register
1449 - */
1450 - clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK, MCFGR_AWCACHE_CACH |
1451 -- MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ?
1452 -- MCFGR_LONG_PTR : 0));
1453 -+ MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE |
1454 -+ (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0));
1455 -
1456 - /*
1457 - * Read the Compile Time paramters and SCFGR to determine
1458 -diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c
1459 -index 0643e33..c0656e7 100644
1460 ---- a/drivers/crypto/marvell/cesa.c
1461 -+++ b/drivers/crypto/marvell/cesa.c
1462 -@@ -306,7 +306,7 @@ static int mv_cesa_dev_dma_init(struct mv_cesa_dev *cesa)
1463 - return -ENOMEM;
1464 -
1465 - dma->padding_pool = dmam_pool_create("cesa_padding", dev, 72, 1, 0);
1466 -- if (!dma->cache_pool)
1467 -+ if (!dma->padding_pool)
1468 - return -ENOMEM;
1469 -
1470 - cesa->dma = dma;
1471 -diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
1472 -index eab6fe2..107cd2a 100644
1473 ---- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c
1474 -+++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
1475 -@@ -39,6 +39,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
1476 - .import = sun4i_hash_import_md5,
1477 - .halg = {
1478 - .digestsize = MD5_DIGEST_SIZE,
1479 -+ .statesize = sizeof(struct md5_state),
1480 - .base = {
1481 - .cra_name = "md5",
1482 - .cra_driver_name = "md5-sun4i-ss",
1483 -@@ -66,6 +67,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
1484 - .import = sun4i_hash_import_sha1,
1485 - .halg = {
1486 - .digestsize = SHA1_DIGEST_SIZE,
1487 -+ .statesize = sizeof(struct sha1_state),
1488 - .base = {
1489 - .cra_name = "sha1",
1490 - .cra_driver_name = "sha1-sun4i-ss",
1491 -diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
1492 -index 3d664d0..2b8ff18 100644
1493 ---- a/drivers/hid/hid-multitouch.c
1494 -+++ b/drivers/hid/hid-multitouch.c
1495 -@@ -357,8 +357,19 @@ static void mt_feature_mapping(struct hid_device *hdev,
1496 - break;
1497 - }
1498 -
1499 -- td->inputmode = field->report->id;
1500 -- td->inputmode_index = usage->usage_index;
1501 -+ if (td->inputmode < 0) {
1502 -+ td->inputmode = field->report->id;
1503 -+ td->inputmode_index = usage->usage_index;
1504 -+ } else {
1505 -+ /*
1506 -+ * Some elan panels wrongly declare 2 input mode
1507 -+ * features, and silently ignore when we set the
1508 -+ * value in the second field. Skip the second feature
1509 -+ * and hope for the best.
1510 -+ */
1511 -+ dev_info(&hdev->dev,
1512 -+ "Ignoring the extra HID_DG_INPUTMODE\n");
1513 -+ }
1514 -
1515 - break;
1516 - case HID_DG_CONTACTMAX:
1517 -diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
1518 -index 36712e9..5dd426f 100644
1519 ---- a/drivers/hid/usbhid/hid-core.c
1520 -+++ b/drivers/hid/usbhid/hid-core.c
1521 -@@ -477,8 +477,6 @@ static void hid_ctrl(struct urb *urb)
1522 - struct usbhid_device *usbhid = hid->driver_data;
1523 - int unplug = 0, status = urb->status;
1524 -
1525 -- spin_lock(&usbhid->lock);
1526 --
1527 - switch (status) {
1528 - case 0: /* success */
1529 - if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
1530 -@@ -498,6 +496,8 @@ static void hid_ctrl(struct urb *urb)
1531 - hid_warn(urb->dev, "ctrl urb status %d received\n", status);
1532 - }
1533 -
1534 -+ spin_lock(&usbhid->lock);
1535 -+
1536 - if (unplug) {
1537 - usbhid->ctrltail = usbhid->ctrlhead;
1538 - } else {
1539 -diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
1540 -index 7df9777..dad768c 100644
1541 ---- a/drivers/iommu/io-pgtable-arm.c
1542 -+++ b/drivers/iommu/io-pgtable-arm.c
1543 -@@ -405,17 +405,18 @@ static void __arm_lpae_free_pgtable(struct arm_lpae_io_pgtable *data, int lvl,
1544 - arm_lpae_iopte *start, *end;
1545 - unsigned long table_size;
1546 -
1547 -- /* Only leaf entries at the last level */
1548 -- if (lvl == ARM_LPAE_MAX_LEVELS - 1)
1549 -- return;
1550 --
1551 - if (lvl == ARM_LPAE_START_LVL(data))
1552 - table_size = data->pgd_size;
1553 - else
1554 - table_size = 1UL << data->pg_shift;
1555 -
1556 - start = ptep;
1557 -- end = (void *)ptep + table_size;
1558 -+
1559 -+ /* Only leaf entries at the last level */
1560 -+ if (lvl == ARM_LPAE_MAX_LEVELS - 1)
1561 -+ end = ptep;
1562 -+ else
1563 -+ end = (void *)ptep + table_size;
1564 -
1565 - while (ptep != end) {
1566 - arm_lpae_iopte pte = *ptep++;
1567 -diff --git a/drivers/md/md.c b/drivers/md/md.c
1568 -index 61aacab..b1e1f6b 100644
1569 ---- a/drivers/md/md.c
1570 -+++ b/drivers/md/md.c
1571 -@@ -2017,28 +2017,32 @@ int md_integrity_register(struct mddev *mddev)
1572 - }
1573 - EXPORT_SYMBOL(md_integrity_register);
1574 -
1575 --/* Disable data integrity if non-capable/non-matching disk is being added */
1576 --void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev)
1577 -+/*
1578 -+ * Attempt to add an rdev, but only if it is consistent with the current
1579 -+ * integrity profile
1580 -+ */
1581 -+int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev)
1582 - {
1583 - struct blk_integrity *bi_rdev;
1584 - struct blk_integrity *bi_mddev;
1585 -+ char name[BDEVNAME_SIZE];
1586 -
1587 - if (!mddev->gendisk)
1588 -- return;
1589 -+ return 0;
1590 -
1591 - bi_rdev = bdev_get_integrity(rdev->bdev);
1592 - bi_mddev = blk_get_integrity(mddev->gendisk);
1593 -
1594 - if (!bi_mddev) /* nothing to do */
1595 -- return;
1596 -- if (rdev->raid_disk < 0) /* skip spares */
1597 -- return;
1598 -- if (bi_rdev && blk_integrity_compare(mddev->gendisk,
1599 -- rdev->bdev->bd_disk) >= 0)
1600 -- return;
1601 -- WARN_ON_ONCE(!mddev->suspended);
1602 -- printk(KERN_NOTICE "disabling data integrity on %s\n", mdname(mddev));
1603 -- blk_integrity_unregister(mddev->gendisk);
1604 -+ return 0;
1605 -+
1606 -+ if (blk_integrity_compare(mddev->gendisk, rdev->bdev->bd_disk) != 0) {
1607 -+ printk(KERN_NOTICE "%s: incompatible integrity profile for %s\n",
1608 -+ mdname(mddev), bdevname(rdev->bdev, name));
1609 -+ return -ENXIO;
1610 -+ }
1611 -+
1612 -+ return 0;
1613 - }
1614 - EXPORT_SYMBOL(md_integrity_add_rdev);
1615 -
1616 -diff --git a/drivers/md/md.h b/drivers/md/md.h
1617 -index ca0b643..dfa57b4 100644
1618 ---- a/drivers/md/md.h
1619 -+++ b/drivers/md/md.h
1620 -@@ -657,7 +657,7 @@ extern void md_wait_for_blocked_rdev(struct md_rdev *rdev, struct mddev *mddev);
1621 - extern void md_set_array_sectors(struct mddev *mddev, sector_t array_sectors);
1622 - extern int md_check_no_bitmap(struct mddev *mddev);
1623 - extern int md_integrity_register(struct mddev *mddev);
1624 --extern void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev);
1625 -+extern int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev);
1626 - extern int strict_strtoul_scaled(const char *cp, unsigned long *res, int scale);
1627 -
1628 - extern void mddev_init(struct mddev *mddev);
1629 -diff --git a/drivers/md/multipath.c b/drivers/md/multipath.c
1630 -index 7331a80..0a72ab6 100644
1631 ---- a/drivers/md/multipath.c
1632 -+++ b/drivers/md/multipath.c
1633 -@@ -257,6 +257,9 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1634 - disk_stack_limits(mddev->gendisk, rdev->bdev,
1635 - rdev->data_offset << 9);
1636 -
1637 -+ err = md_integrity_add_rdev(rdev, mddev);
1638 -+ if (err)
1639 -+ break;
1640 - spin_lock_irq(&conf->device_lock);
1641 - mddev->degraded--;
1642 - rdev->raid_disk = path;
1643 -@@ -264,9 +267,6 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1644 - spin_unlock_irq(&conf->device_lock);
1645 - rcu_assign_pointer(p->rdev, rdev);
1646 - err = 0;
1647 -- mddev_suspend(mddev);
1648 -- md_integrity_add_rdev(rdev, mddev);
1649 -- mddev_resume(mddev);
1650 - break;
1651 - }
1652 -
1653 -diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
1654 -index e2169ff..c4b9134 100644
1655 ---- a/drivers/md/raid1.c
1656 -+++ b/drivers/md/raid1.c
1657 -@@ -1589,6 +1589,9 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1658 - if (mddev->recovery_disabled == conf->recovery_disabled)
1659 - return -EBUSY;
1660 -
1661 -+ if (md_integrity_add_rdev(rdev, mddev))
1662 -+ return -ENXIO;
1663 -+
1664 - if (rdev->raid_disk >= 0)
1665 - first = last = rdev->raid_disk;
1666 -
1667 -@@ -1632,9 +1635,6 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1668 - break;
1669 - }
1670 - }
1671 -- mddev_suspend(mddev);
1672 -- md_integrity_add_rdev(rdev, mddev);
1673 -- mddev_resume(mddev);
1674 - if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev)))
1675 - queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
1676 - print_conf(conf);
1677 -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
1678 -index 84e597e..ce959b4 100644
1679 ---- a/drivers/md/raid10.c
1680 -+++ b/drivers/md/raid10.c
1681 -@@ -1698,6 +1698,9 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1682 - if (rdev->saved_raid_disk < 0 && !_enough(conf, 1, -1))
1683 - return -EINVAL;
1684 -
1685 -+ if (md_integrity_add_rdev(rdev, mddev))
1686 -+ return -ENXIO;
1687 -+
1688 - if (rdev->raid_disk >= 0)
1689 - first = last = rdev->raid_disk;
1690 -
1691 -@@ -1739,9 +1742,6 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev)
1692 - rcu_assign_pointer(p->rdev, rdev);
1693 - break;
1694 - }
1695 -- mddev_suspend(mddev);
1696 -- md_integrity_add_rdev(rdev, mddev);
1697 -- mddev_resume(mddev);
1698 - if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev)))
1699 - queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
1700 -
1701 -diff --git a/drivers/media/i2c/ir-kbd-i2c.c b/drivers/media/i2c/ir-kbd-i2c.c
1702 -index 728d2cc..175a761 100644
1703 ---- a/drivers/media/i2c/ir-kbd-i2c.c
1704 -+++ b/drivers/media/i2c/ir-kbd-i2c.c
1705 -@@ -478,7 +478,6 @@ static const struct i2c_device_id ir_kbd_id[] = {
1706 - { "ir_rx_z8f0811_hdpvr", 0 },
1707 - { }
1708 - };
1709 --MODULE_DEVICE_TABLE(i2c, ir_kbd_id);
1710 -
1711 - static struct i2c_driver ir_kbd_driver = {
1712 - .driver = {
1713 -diff --git a/drivers/media/pci/saa7134/saa7134-alsa.c b/drivers/media/pci/saa7134/saa7134-alsa.c
1714 -index 1d2c310..94f8162 100644
1715 ---- a/drivers/media/pci/saa7134/saa7134-alsa.c
1716 -+++ b/drivers/media/pci/saa7134/saa7134-alsa.c
1717 -@@ -1211,6 +1211,8 @@ static int alsa_device_init(struct saa7134_dev *dev)
1718 -
1719 - static int alsa_device_exit(struct saa7134_dev *dev)
1720 - {
1721 -+ if (!snd_saa7134_cards[dev->nr])
1722 -+ return 1;
1723 -
1724 - snd_card_free(snd_saa7134_cards[dev->nr]);
1725 - snd_saa7134_cards[dev->nr] = NULL;
1726 -@@ -1260,7 +1262,8 @@ static void saa7134_alsa_exit(void)
1727 - int idx;
1728 -
1729 - for (idx = 0; idx < SNDRV_CARDS; idx++) {
1730 -- snd_card_free(snd_saa7134_cards[idx]);
1731 -+ if (snd_saa7134_cards[idx])
1732 -+ snd_card_free(snd_saa7134_cards[idx]);
1733 - }
1734 -
1735 - saa7134_dmasound_init = NULL;
1736 -diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
1737 -index ece544e..3ff583f 100644
1738 ---- a/drivers/mtd/nand/nand_base.c
1739 -+++ b/drivers/mtd/nand/nand_base.c
1740 -@@ -3995,6 +3995,9 @@ int nand_scan_ident(struct mtd_info *mtd, int maxchips,
1741 - return ret;
1742 - }
1743 -
1744 -+ if (!mtd->name && mtd->dev.parent)
1745 -+ mtd->name = dev_name(mtd->dev.parent);
1746 -+
1747 - /* Set the default functions */
1748 - nand_set_defaults(chip, chip->options & NAND_BUSWIDTH_16);
1749 -
1750 -diff --git a/drivers/net/wireless/realtek/rtlwifi/regd.c b/drivers/net/wireless/realtek/rtlwifi/regd.c
1751 -index a62bf0a..5be3411 100644
1752 ---- a/drivers/net/wireless/realtek/rtlwifi/regd.c
1753 -+++ b/drivers/net/wireless/realtek/rtlwifi/regd.c
1754 -@@ -351,7 +351,6 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select(
1755 - case COUNTRY_CODE_SPAIN:
1756 - case COUNTRY_CODE_FRANCE:
1757 - case COUNTRY_CODE_ISRAEL:
1758 -- case COUNTRY_CODE_WORLD_WIDE_13:
1759 - return &rtl_regdom_12_13;
1760 - case COUNTRY_CODE_MKK:
1761 - case COUNTRY_CODE_MKK1:
1762 -@@ -360,6 +359,7 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select(
1763 - return &rtl_regdom_14_60_64;
1764 - case COUNTRY_CODE_GLOBAL_DOMAIN:
1765 - return &rtl_regdom_14;
1766 -+ case COUNTRY_CODE_WORLD_WIDE_13:
1767 - case COUNTRY_CODE_WORLD_WIDE_13_5G_ALL:
1768 - return &rtl_regdom_12_13_5g_all;
1769 - default:
1770 -diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
1771 -index 142bdff..4159f9b 100644
1772 ---- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
1773 -+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
1774 -@@ -95,8 +95,6 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw)
1775 - struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
1776 -
1777 - rtl8821ae_bt_reg_init(hw);
1778 -- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
1779 -- rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear;
1780 - rtlpriv->btcoexist.btc_ops = rtl_btc_get_ops_pointer();
1781 -
1782 - rtlpriv->dm.dm_initialgain_enable = 1;
1783 -@@ -168,12 +166,15 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw)
1784 - rtlpriv->psc.swctrl_lps = rtlpriv->cfg->mod_params->swctrl_lps;
1785 - rtlpriv->psc.fwctrl_lps = rtlpriv->cfg->mod_params->fwctrl_lps;
1786 - rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
1787 -- rtlpci->msi_support = rtlpriv->cfg->mod_params->int_clear;
1788 -+ rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear;
1789 -+ rtlpriv->cfg->mod_params->sw_crypto =
1790 -+ rtlpriv->cfg->mod_params->sw_crypto;
1791 -+ rtlpriv->cfg->mod_params->disable_watchdog =
1792 -+ rtlpriv->cfg->mod_params->disable_watchdog;
1793 - if (rtlpriv->cfg->mod_params->disable_watchdog)
1794 - pr_info("watchdog disabled\n");
1795 - rtlpriv->psc.reg_fwctrl_lps = 3;
1796 - rtlpriv->psc.reg_max_lps_awakeintvl = 5;
1797 -- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support;
1798 -
1799 - /* for ASPM, you can close aspm through
1800 - * set const_support_pciaspm = 0
1801 -diff --git a/drivers/net/wireless/ti/wlcore/io.h b/drivers/net/wireless/ti/wlcore/io.h
1802 -index 0305729..10cf374 100644
1803 ---- a/drivers/net/wireless/ti/wlcore/io.h
1804 -+++ b/drivers/net/wireless/ti/wlcore/io.h
1805 -@@ -207,19 +207,23 @@ static inline int __must_check wlcore_write_reg(struct wl1271 *wl, int reg,
1806 -
1807 - static inline void wl1271_power_off(struct wl1271 *wl)
1808 - {
1809 -- int ret;
1810 -+ int ret = 0;
1811 -
1812 - if (!test_bit(WL1271_FLAG_GPIO_POWER, &wl->flags))
1813 - return;
1814 -
1815 -- ret = wl->if_ops->power(wl->dev, false);
1816 -+ if (wl->if_ops->power)
1817 -+ ret = wl->if_ops->power(wl->dev, false);
1818 - if (!ret)
1819 - clear_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
1820 - }
1821 -
1822 - static inline int wl1271_power_on(struct wl1271 *wl)
1823 - {
1824 -- int ret = wl->if_ops->power(wl->dev, true);
1825 -+ int ret = 0;
1826 -+
1827 -+ if (wl->if_ops->power)
1828 -+ ret = wl->if_ops->power(wl->dev, true);
1829 - if (ret == 0)
1830 - set_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
1831 -
1832 -diff --git a/drivers/net/wireless/ti/wlcore/spi.c b/drivers/net/wireless/ti/wlcore/spi.c
1833 -index 236b410..44f059f7 100644
1834 ---- a/drivers/net/wireless/ti/wlcore/spi.c
1835 -+++ b/drivers/net/wireless/ti/wlcore/spi.c
1836 -@@ -73,7 +73,10 @@
1837 - */
1838 - #define SPI_AGGR_BUFFER_SIZE (4 * PAGE_SIZE)
1839 -
1840 --#define WSPI_MAX_NUM_OF_CHUNKS (SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE)
1841 -+/* Maximum number of SPI write chunks */
1842 -+#define WSPI_MAX_NUM_OF_CHUNKS \
1843 -+ ((SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE) + 1)
1844 -+
1845 -
1846 - struct wl12xx_spi_glue {
1847 - struct device *dev;
1848 -@@ -268,9 +271,10 @@ static int __must_check wl12xx_spi_raw_write(struct device *child, int addr,
1849 - void *buf, size_t len, bool fixed)
1850 - {
1851 - struct wl12xx_spi_glue *glue = dev_get_drvdata(child->parent);
1852 -- struct spi_transfer t[2 * (WSPI_MAX_NUM_OF_CHUNKS + 1)];
1853 -+ /* SPI write buffers - 2 for each chunk */
1854 -+ struct spi_transfer t[2 * WSPI_MAX_NUM_OF_CHUNKS];
1855 - struct spi_message m;
1856 -- u32 commands[WSPI_MAX_NUM_OF_CHUNKS];
1857 -+ u32 commands[WSPI_MAX_NUM_OF_CHUNKS]; /* 1 command per chunk */
1858 - u32 *cmd;
1859 - u32 chunk_len;
1860 - int i;
1861 -diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c
1862 -index d3346d2..89b3bef 100644
1863 ---- a/drivers/pci/bus.c
1864 -+++ b/drivers/pci/bus.c
1865 -@@ -140,6 +140,8 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
1866 - type_mask |= IORESOURCE_TYPE_BITS;
1867 -
1868 - pci_bus_for_each_resource(bus, r, i) {
1869 -+ resource_size_t min_used = min;
1870 -+
1871 - if (!r)
1872 - continue;
1873 -
1874 -@@ -163,12 +165,12 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
1875 - * overrides "min".
1876 - */
1877 - if (avail.start)
1878 -- min = avail.start;
1879 -+ min_used = avail.start;
1880 -
1881 - max = avail.end;
1882 -
1883 - /* Ok, try it out.. */
1884 -- ret = allocate_resource(r, res, size, min, max,
1885 -+ ret = allocate_resource(r, res, size, min_used, max,
1886 - align, alignf, alignf_data);
1887 - if (ret == 0)
1888 - return 0;
1889 -diff --git a/drivers/pci/host/pci-dra7xx.c b/drivers/pci/host/pci-dra7xx.c
1890 -index 8c36880..923607b 100644
1891 ---- a/drivers/pci/host/pci-dra7xx.c
1892 -+++ b/drivers/pci/host/pci-dra7xx.c
1893 -@@ -302,7 +302,8 @@ static int __init dra7xx_add_pcie_port(struct dra7xx_pcie *dra7xx,
1894 - }
1895 -
1896 - ret = devm_request_irq(&pdev->dev, pp->irq,
1897 -- dra7xx_pcie_msi_irq_handler, IRQF_SHARED,
1898 -+ dra7xx_pcie_msi_irq_handler,
1899 -+ IRQF_SHARED | IRQF_NO_THREAD,
1900 - "dra7-pcie-msi", pp);
1901 - if (ret) {
1902 - dev_err(&pdev->dev, "failed to request irq\n");
1903 -diff --git a/drivers/pci/host/pci-exynos.c b/drivers/pci/host/pci-exynos.c
1904 -index 01095e1..d997d22 100644
1905 ---- a/drivers/pci/host/pci-exynos.c
1906 -+++ b/drivers/pci/host/pci-exynos.c
1907 -@@ -522,7 +522,8 @@ static int __init exynos_add_pcie_port(struct pcie_port *pp,
1908 -
1909 - ret = devm_request_irq(&pdev->dev, pp->msi_irq,
1910 - exynos_pcie_msi_irq_handler,
1911 -- IRQF_SHARED, "exynos-pcie", pp);
1912 -+ IRQF_SHARED | IRQF_NO_THREAD,
1913 -+ "exynos-pcie", pp);
1914 - if (ret) {
1915 - dev_err(&pdev->dev, "failed to request msi irq\n");
1916 - return ret;
1917 -diff --git a/drivers/pci/host/pci-imx6.c b/drivers/pci/host/pci-imx6.c
1918 -index 22e8224..9ce7cd1 100644
1919 ---- a/drivers/pci/host/pci-imx6.c
1920 -+++ b/drivers/pci/host/pci-imx6.c
1921 -@@ -537,7 +537,8 @@ static int __init imx6_add_pcie_port(struct pcie_port *pp,
1922 -
1923 - ret = devm_request_irq(&pdev->dev, pp->msi_irq,
1924 - imx6_pcie_msi_handler,
1925 -- IRQF_SHARED, "mx6-pcie-msi", pp);
1926 -+ IRQF_SHARED | IRQF_NO_THREAD,
1927 -+ "mx6-pcie-msi", pp);
1928 - if (ret) {
1929 - dev_err(&pdev->dev, "failed to request MSI irq\n");
1930 - return ret;
1931 -diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c
1932 -index 3018ae5..3032311 100644
1933 ---- a/drivers/pci/host/pci-tegra.c
1934 -+++ b/drivers/pci/host/pci-tegra.c
1935 -@@ -1288,7 +1288,7 @@ static int tegra_pcie_enable_msi(struct tegra_pcie *pcie)
1936 -
1937 - msi->irq = err;
1938 -
1939 -- err = request_irq(msi->irq, tegra_pcie_msi_irq, 0,
1940 -+ err = request_irq(msi->irq, tegra_pcie_msi_irq, IRQF_NO_THREAD,
1941 - tegra_msi_irq_chip.name, pcie);
1942 - if (err < 0) {
1943 - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
1944 -diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c
1945 -index f4fa6c5..414c336 100644
1946 ---- a/drivers/pci/host/pcie-rcar.c
1947 -+++ b/drivers/pci/host/pcie-rcar.c
1948 -@@ -720,14 +720,16 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
1949 -
1950 - /* Two irqs are for MSI, but they are also used for non-MSI irqs */
1951 - err = devm_request_irq(&pdev->dev, msi->irq1, rcar_pcie_msi_irq,
1952 -- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
1953 -+ IRQF_SHARED | IRQF_NO_THREAD,
1954 -+ rcar_msi_irq_chip.name, pcie);
1955 - if (err < 0) {
1956 - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
1957 - goto err;
1958 - }
1959 -
1960 - err = devm_request_irq(&pdev->dev, msi->irq2, rcar_pcie_msi_irq,
1961 -- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
1962 -+ IRQF_SHARED | IRQF_NO_THREAD,
1963 -+ rcar_msi_irq_chip.name, pcie);
1964 - if (err < 0) {
1965 - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
1966 - goto err;
1967 -diff --git a/drivers/pci/host/pcie-spear13xx.c b/drivers/pci/host/pcie-spear13xx.c
1968 -index b95b756..a6cd823 100644
1969 ---- a/drivers/pci/host/pcie-spear13xx.c
1970 -+++ b/drivers/pci/host/pcie-spear13xx.c
1971 -@@ -279,7 +279,8 @@ static int spear13xx_add_pcie_port(struct pcie_port *pp,
1972 - return -ENODEV;
1973 - }
1974 - ret = devm_request_irq(dev, pp->irq, spear13xx_pcie_irq_handler,
1975 -- IRQF_SHARED, "spear1340-pcie", pp);
1976 -+ IRQF_SHARED | IRQF_NO_THREAD,
1977 -+ "spear1340-pcie", pp);
1978 - if (ret) {
1979 - dev_err(dev, "failed to request irq %d\n", pp->irq);
1980 - return ret;
1981 -diff --git a/drivers/pci/host/pcie-xilinx.c b/drivers/pci/host/pcie-xilinx.c
1982 -index 3c7a0d5..4cfa463 100644
1983 ---- a/drivers/pci/host/pcie-xilinx.c
1984 -+++ b/drivers/pci/host/pcie-xilinx.c
1985 -@@ -781,7 +781,8 @@ static int xilinx_pcie_parse_dt(struct xilinx_pcie_port *port)
1986 -
1987 - port->irq = irq_of_parse_and_map(node, 0);
1988 - err = devm_request_irq(dev, port->irq, xilinx_pcie_intr_handler,
1989 -- IRQF_SHARED, "xilinx-pcie", port);
1990 -+ IRQF_SHARED | IRQF_NO_THREAD,
1991 -+ "xilinx-pcie", port);
1992 - if (err) {
1993 - dev_err(dev, "unable to request irq %d\n", port->irq);
1994 - return err;
1995 -diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
1996 -index e49c2bce..cf000b3 100644
1997 ---- a/drivers/tty/n_tty.c
1998 -+++ b/drivers/tty/n_tty.c
1999 -@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct tty_struct *tty)
2000 -
2001 - static void n_tty_check_unthrottle(struct tty_struct *tty)
2002 - {
2003 -- if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2004 -- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) {
2005 -+ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
2006 - if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
2007 - return;
2008 - if (!tty->count)
2009 - return;
2010 - n_tty_kick_worker(tty);
2011 -- n_tty_write_wakeup(tty->link);
2012 -- if (waitqueue_active(&tty->link->write_wait))
2013 -- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT);
2014 -+ tty_wakeup(tty->link);
2015 - return;
2016 - }
2017 -
2018 -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
2019 -index bcc8e1e..7cef543 100644
2020 ---- a/drivers/tty/tty_io.c
2021 -+++ b/drivers/tty/tty_io.c
2022 -@@ -1462,13 +1462,13 @@ static int tty_reopen(struct tty_struct *tty)
2023 - {
2024 - struct tty_driver *driver = tty->driver;
2025 -
2026 -- if (!tty->count)
2027 -- return -EIO;
2028 --
2029 - if (driver->type == TTY_DRIVER_TYPE_PTY &&
2030 - driver->subtype == PTY_TYPE_MASTER)
2031 - return -EIO;
2032 -
2033 -+ if (!tty->count)
2034 -+ return -EAGAIN;
2035 -+
2036 - if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2037 - return -EBUSY;
2038 -
2039 -@@ -2069,7 +2069,12 @@ retry_open:
2040 -
2041 - if (tty) {
2042 - mutex_unlock(&tty_mutex);
2043 -- tty_lock(tty);
2044 -+ retval = tty_lock_interruptible(tty);
2045 -+ if (retval) {
2046 -+ if (retval == -EINTR)
2047 -+ retval = -ERESTARTSYS;
2048 -+ goto err_unref;
2049 -+ }
2050 - /* safe to drop the kref from tty_driver_lookup_tty() */
2051 - tty_kref_put(tty);
2052 - retval = tty_reopen(tty);
2053 -@@ -2087,7 +2092,11 @@ retry_open:
2054 -
2055 - if (IS_ERR(tty)) {
2056 - retval = PTR_ERR(tty);
2057 -- goto err_file;
2058 -+ if (retval != -EAGAIN || signal_pending(current))
2059 -+ goto err_file;
2060 -+ tty_free_file(filp);
2061 -+ schedule();
2062 -+ goto retry_open;
2063 - }
2064 -
2065 - tty_add_file(tty, filp);
2066 -@@ -2156,6 +2165,7 @@ retry_open:
2067 - return 0;
2068 - err_unlock:
2069 - mutex_unlock(&tty_mutex);
2070 -+err_unref:
2071 - /* after locks to avoid deadlock */
2072 - if (!IS_ERR_OR_NULL(driver))
2073 - tty_driver_kref_put(driver);
2074 -@@ -2653,6 +2663,28 @@ static int tiocsetd(struct tty_struct *tty, int __user *p)
2075 - }
2076 -
2077 - /**
2078 -+ * tiocgetd - get line discipline
2079 -+ * @tty: tty device
2080 -+ * @p: pointer to user data
2081 -+ *
2082 -+ * Retrieves the line discipline id directly from the ldisc.
2083 -+ *
2084 -+ * Locking: waits for ldisc reference (in case the line discipline
2085 -+ * is changing or the tty is being hungup)
2086 -+ */
2087 -+
2088 -+static int tiocgetd(struct tty_struct *tty, int __user *p)
2089 -+{
2090 -+ struct tty_ldisc *ld;
2091 -+ int ret;
2092 -+
2093 -+ ld = tty_ldisc_ref_wait(tty);
2094 -+ ret = put_user(ld->ops->num, p);
2095 -+ tty_ldisc_deref(ld);
2096 -+ return ret;
2097 -+}
2098 -+
2099 -+/**
2100 - * send_break - performed time break
2101 - * @tty: device to break on
2102 - * @duration: timeout in mS
2103 -@@ -2878,7 +2910,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2104 - case TIOCGSID:
2105 - return tiocgsid(tty, real_tty, p);
2106 - case TIOCGETD:
2107 -- return put_user(tty->ldisc->ops->num, (int __user *)p);
2108 -+ return tiocgetd(tty, p);
2109 - case TIOCSETD:
2110 - return tiocsetd(tty, p);
2111 - case TIOCVHANGUP:
2112 -diff --git a/drivers/tty/tty_mutex.c b/drivers/tty/tty_mutex.c
2113 -index 0efcf71..d09293b 100644
2114 ---- a/drivers/tty/tty_mutex.c
2115 -+++ b/drivers/tty/tty_mutex.c
2116 -@@ -22,6 +22,14 @@ void __lockfunc tty_lock(struct tty_struct *tty)
2117 - }
2118 - EXPORT_SYMBOL(tty_lock);
2119 -
2120 -+int tty_lock_interruptible(struct tty_struct *tty)
2121 -+{
2122 -+ if (WARN(tty->magic != TTY_MAGIC, "L Bad %p\n", tty))
2123 -+ return -EIO;
2124 -+ tty_kref_get(tty);
2125 -+ return mutex_lock_interruptible(&tty->legacy_mutex);
2126 -+}
2127 -+
2128 - void __lockfunc tty_unlock(struct tty_struct *tty)
2129 - {
2130 - if (tty->magic != TTY_MAGIC) {
2131 -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2132 -index 26ca4f9..e4c70dc 100644
2133 ---- a/drivers/usb/class/cdc-acm.c
2134 -+++ b/drivers/usb/class/cdc-acm.c
2135 -@@ -428,7 +428,8 @@ static void acm_read_bulk_callback(struct urb *urb)
2136 - set_bit(rb->index, &acm->read_urbs_free);
2137 - dev_dbg(&acm->data->dev, "%s - non-zero urb status: %d\n",
2138 - __func__, status);
2139 -- return;
2140 -+ if ((status != -ENOENT) || (urb->actual_length == 0))
2141 -+ return;
2142 - }
2143 -
2144 - usb_mark_last_busy(acm->dev);
2145 -@@ -1404,6 +1405,8 @@ made_compressed_probe:
2146 - usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress),
2147 - NULL, acm->writesize, acm_write_bulk, snd);
2148 - snd->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
2149 -+ if (quirks & SEND_ZERO_PACKET)
2150 -+ snd->urb->transfer_flags |= URB_ZERO_PACKET;
2151 - snd->instance = acm;
2152 - }
2153 -
2154 -@@ -1861,6 +1864,10 @@ static const struct usb_device_id acm_ids[] = {
2155 - { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
2156 - USB_CDC_ACM_PROTO_AT_CDMA) },
2157 -
2158 -+ { USB_DEVICE(0x1519, 0x0452), /* Intel 7260 modem */
2159 -+ .driver_info = SEND_ZERO_PACKET,
2160 -+ },
2161 -+
2162 - { }
2163 - };
2164 -
2165 -diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
2166 -index dd9af38..ccfaba9 100644
2167 ---- a/drivers/usb/class/cdc-acm.h
2168 -+++ b/drivers/usb/class/cdc-acm.h
2169 -@@ -134,3 +134,4 @@ struct acm {
2170 - #define IGNORE_DEVICE BIT(5)
2171 - #define QUIRK_CONTROL_LINE_STATE BIT(6)
2172 - #define CLEAR_HALT_CONDITIONS BIT(7)
2173 -+#define SEND_ZERO_PACKET BIT(8)
2174 -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
2175 -index 8683436..1560f3f 100644
2176 ---- a/drivers/usb/core/hub.c
2177 -+++ b/drivers/usb/core/hub.c
2178 -@@ -5386,7 +5386,6 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
2179 - }
2180 -
2181 - bos = udev->bos;
2182 -- udev->bos = NULL;
2183 -
2184 - for (i = 0; i < SET_CONFIG_TRIES; ++i) {
2185 -
2186 -@@ -5479,8 +5478,11 @@ done:
2187 - usb_set_usb2_hardware_lpm(udev, 1);
2188 - usb_unlocked_enable_lpm(udev);
2189 - usb_enable_ltm(udev);
2190 -- usb_release_bos_descriptor(udev);
2191 -- udev->bos = bos;
2192 -+ /* release the new BOS descriptor allocated by hub_port_init() */
2193 -+ if (udev->bos != bos) {
2194 -+ usb_release_bos_descriptor(udev);
2195 -+ udev->bos = bos;
2196 -+ }
2197 - return 0;
2198 -
2199 - re_enumerate:
2200 -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
2201 -index c621090..c2d6520 100644
2202 ---- a/drivers/usb/host/xhci-pci.c
2203 -+++ b/drivers/usb/host/xhci-pci.c
2204 -@@ -28,7 +28,9 @@
2205 - #include "xhci.h"
2206 - #include "xhci-trace.h"
2207 -
2208 --#define PORT2_SSIC_CONFIG_REG2 0x883c
2209 -+#define SSIC_PORT_NUM 2
2210 -+#define SSIC_PORT_CFG2 0x880c
2211 -+#define SSIC_PORT_CFG2_OFFSET 0x30
2212 - #define PROG_DONE (1 << 30)
2213 - #define SSIC_PORT_UNUSED (1 << 31)
2214 -
2215 -@@ -45,6 +47,7 @@
2216 - #define PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI 0x22b5
2217 - #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI 0xa12f
2218 - #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI 0x9d2f
2219 -+#define PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI 0x0aa8
2220 -
2221 - static const char hcd_name[] = "xhci_hcd";
2222 -
2223 -@@ -152,7 +155,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
2224 - if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
2225 - (pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI ||
2226 - pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI ||
2227 -- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI)) {
2228 -+ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI ||
2229 -+ pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI)) {
2230 - xhci->quirks |= XHCI_PME_STUCK_QUIRK;
2231 - }
2232 - if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
2233 -@@ -322,28 +326,36 @@ static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
2234 - struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
2235 - u32 val;
2236 - void __iomem *reg;
2237 -+ int i;
2238 -
2239 - if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
2240 - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
2241 -
2242 -- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
2243 --
2244 -- /* Notify SSIC that SSIC profile programming is not done */
2245 -- val = readl(reg) & ~PROG_DONE;
2246 -- writel(val, reg);
2247 --
2248 -- /* Mark SSIC port as unused(suspend) or used(resume) */
2249 -- val = readl(reg);
2250 -- if (suspend)
2251 -- val |= SSIC_PORT_UNUSED;
2252 -- else
2253 -- val &= ~SSIC_PORT_UNUSED;
2254 -- writel(val, reg);
2255 --
2256 -- /* Notify SSIC that SSIC profile programming is done */
2257 -- val = readl(reg) | PROG_DONE;
2258 -- writel(val, reg);
2259 -- readl(reg);
2260 -+ for (i = 0; i < SSIC_PORT_NUM; i++) {
2261 -+ reg = (void __iomem *) xhci->cap_regs +
2262 -+ SSIC_PORT_CFG2 +
2263 -+ i * SSIC_PORT_CFG2_OFFSET;
2264 -+
2265 -+ /*
2266 -+ * Notify SSIC that SSIC profile programming
2267 -+ * is not done.
2268 -+ */
2269 -+ val = readl(reg) & ~PROG_DONE;
2270 -+ writel(val, reg);
2271 -+
2272 -+ /* Mark SSIC port as unused(suspend) or used(resume) */
2273 -+ val = readl(reg);
2274 -+ if (suspend)
2275 -+ val |= SSIC_PORT_UNUSED;
2276 -+ else
2277 -+ val &= ~SSIC_PORT_UNUSED;
2278 -+ writel(val, reg);
2279 -+
2280 -+ /* Notify SSIC that SSIC profile programming is done */
2281 -+ val = readl(reg) | PROG_DONE;
2282 -+ writel(val, reg);
2283 -+ readl(reg);
2284 -+ }
2285 - }
2286 -
2287 - reg = (void __iomem *) xhci->cap_regs + 0x80a4;
2288 -diff --git a/drivers/usb/phy/phy-msm-usb.c b/drivers/usb/phy/phy-msm-usb.c
2289 -index 0d19a6d..970a30e 100644
2290 ---- a/drivers/usb/phy/phy-msm-usb.c
2291 -+++ b/drivers/usb/phy/phy-msm-usb.c
2292 -@@ -1599,6 +1599,8 @@ static int msm_otg_read_dt(struct platform_device *pdev, struct msm_otg *motg)
2293 - &motg->id.nb);
2294 - if (ret < 0) {
2295 - dev_err(&pdev->dev, "register ID notifier failed\n");
2296 -+ extcon_unregister_notifier(motg->vbus.extcon,
2297 -+ EXTCON_USB, &motg->vbus.nb);
2298 - return ret;
2299 - }
2300 -
2301 -@@ -1660,15 +1662,6 @@ static int msm_otg_probe(struct platform_device *pdev)
2302 - if (!motg)
2303 - return -ENOMEM;
2304 -
2305 -- pdata = dev_get_platdata(&pdev->dev);
2306 -- if (!pdata) {
2307 -- if (!np)
2308 -- return -ENXIO;
2309 -- ret = msm_otg_read_dt(pdev, motg);
2310 -- if (ret)
2311 -- return ret;
2312 -- }
2313 --
2314 - motg->phy.otg = devm_kzalloc(&pdev->dev, sizeof(struct usb_otg),
2315 - GFP_KERNEL);
2316 - if (!motg->phy.otg)
2317 -@@ -1710,6 +1703,15 @@ static int msm_otg_probe(struct platform_device *pdev)
2318 - if (!motg->regs)
2319 - return -ENOMEM;
2320 -
2321 -+ pdata = dev_get_platdata(&pdev->dev);
2322 -+ if (!pdata) {
2323 -+ if (!np)
2324 -+ return -ENXIO;
2325 -+ ret = msm_otg_read_dt(pdev, motg);
2326 -+ if (ret)
2327 -+ return ret;
2328 -+ }
2329 -+
2330 - /*
2331 - * NOTE: The PHYs can be multiplexed between the chipidea controller
2332 - * and the dwc3 controller, using a single bit. It is important that
2333 -@@ -1717,8 +1719,10 @@ static int msm_otg_probe(struct platform_device *pdev)
2334 - */
2335 - if (motg->phy_number) {
2336 - phy_select = devm_ioremap_nocache(&pdev->dev, USB2_PHY_SEL, 4);
2337 -- if (!phy_select)
2338 -- return -ENOMEM;
2339 -+ if (!phy_select) {
2340 -+ ret = -ENOMEM;
2341 -+ goto unregister_extcon;
2342 -+ }
2343 - /* Enable second PHY with the OTG port */
2344 - writel(0x1, phy_select);
2345 - }
2346 -@@ -1728,7 +1732,8 @@ static int msm_otg_probe(struct platform_device *pdev)
2347 - motg->irq = platform_get_irq(pdev, 0);
2348 - if (motg->irq < 0) {
2349 - dev_err(&pdev->dev, "platform_get_irq failed\n");
2350 -- return motg->irq;
2351 -+ ret = motg->irq;
2352 -+ goto unregister_extcon;
2353 - }
2354 -
2355 - regs[0].supply = "vddcx";
2356 -@@ -1737,7 +1742,7 @@ static int msm_otg_probe(struct platform_device *pdev)
2357 -
2358 - ret = devm_regulator_bulk_get(motg->phy.dev, ARRAY_SIZE(regs), regs);
2359 - if (ret)
2360 -- return ret;
2361 -+ goto unregister_extcon;
2362 -
2363 - motg->vddcx = regs[0].consumer;
2364 - motg->v3p3 = regs[1].consumer;
2365 -@@ -1834,6 +1839,12 @@ disable_clks:
2366 - clk_disable_unprepare(motg->clk);
2367 - if (!IS_ERR(motg->core_clk))
2368 - clk_disable_unprepare(motg->core_clk);
2369 -+unregister_extcon:
2370 -+ extcon_unregister_notifier(motg->id.extcon,
2371 -+ EXTCON_USB_HOST, &motg->id.nb);
2372 -+ extcon_unregister_notifier(motg->vbus.extcon,
2373 -+ EXTCON_USB, &motg->vbus.nb);
2374 -+
2375 - return ret;
2376 - }
2377 -
2378 -diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
2379 -index 59b2126..1dd9919 100644
2380 ---- a/drivers/usb/serial/cp210x.c
2381 -+++ b/drivers/usb/serial/cp210x.c
2382 -@@ -98,6 +98,7 @@ static const struct usb_device_id id_table[] = {
2383 - { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */
2384 - { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */
2385 - { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */
2386 -+ { USB_DEVICE(0x10C4, 0x81D7) }, /* IAI Corp. RCB-CV-USB USB to RS485 Adaptor */
2387 - { USB_DEVICE(0x10C4, 0x81E2) }, /* Lipowsky Industrie Elektronik GmbH, Baby-LIN */
2388 - { USB_DEVICE(0x10C4, 0x81E7) }, /* Aerocomm Radio */
2389 - { USB_DEVICE(0x10C4, 0x81E8) }, /* Zephyr Bioharness */
2390 -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
2391 -index a5a0376..8c660ae 100644
2392 ---- a/drivers/usb/serial/ftdi_sio.c
2393 -+++ b/drivers/usb/serial/ftdi_sio.c
2394 -@@ -824,6 +824,7 @@ static const struct usb_device_id id_table_combined[] = {
2395 - { USB_DEVICE(FTDI_VID, FTDI_TURTELIZER_PID),
2396 - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
2397 - { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) },
2398 -+ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) },
2399 - { USB_DEVICE(FTDI_VID, FTDI_REU_TINY_PID) },
2400 -
2401 - /* Papouch devices based on FTDI chip */
2402 -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
2403 -index 67c6d44..a84df25 100644
2404 ---- a/drivers/usb/serial/ftdi_sio_ids.h
2405 -+++ b/drivers/usb/serial/ftdi_sio_ids.h
2406 -@@ -615,6 +615,7 @@
2407 - */
2408 - #define RATOC_VENDOR_ID 0x0584
2409 - #define RATOC_PRODUCT_ID_USB60F 0xb020
2410 -+#define RATOC_PRODUCT_ID_SCU18 0xb03a
2411 -
2412 - /*
2413 - * Infineon Technologies
2414 -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
2415 -index f228060..db86e51 100644
2416 ---- a/drivers/usb/serial/option.c
2417 -+++ b/drivers/usb/serial/option.c
2418 -@@ -268,6 +268,8 @@ static void option_instat_callback(struct urb *urb);
2419 - #define TELIT_PRODUCT_CC864_SINGLE 0x1006
2420 - #define TELIT_PRODUCT_DE910_DUAL 0x1010
2421 - #define TELIT_PRODUCT_UE910_V2 0x1012
2422 -+#define TELIT_PRODUCT_LE922_USBCFG0 0x1042
2423 -+#define TELIT_PRODUCT_LE922_USBCFG3 0x1043
2424 - #define TELIT_PRODUCT_LE920 0x1200
2425 - #define TELIT_PRODUCT_LE910 0x1201
2426 -
2427 -@@ -615,6 +617,16 @@ static const struct option_blacklist_info telit_le920_blacklist = {
2428 - .reserved = BIT(1) | BIT(5),
2429 - };
2430 -
2431 -+static const struct option_blacklist_info telit_le922_blacklist_usbcfg0 = {
2432 -+ .sendsetup = BIT(2),
2433 -+ .reserved = BIT(0) | BIT(1) | BIT(3),
2434 -+};
2435 -+
2436 -+static const struct option_blacklist_info telit_le922_blacklist_usbcfg3 = {
2437 -+ .sendsetup = BIT(0),
2438 -+ .reserved = BIT(1) | BIT(2) | BIT(3),
2439 -+};
2440 -+
2441 - static const struct usb_device_id option_ids[] = {
2442 - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) },
2443 - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) },
2444 -@@ -1160,6 +1172,10 @@ static const struct usb_device_id option_ids[] = {
2445 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) },
2446 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) },
2447 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) },
2448 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0),
2449 -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
2450 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3),
2451 -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
2452 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
2453 - .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
2454 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
2455 -@@ -1679,7 +1695,7 @@ static const struct usb_device_id option_ids[] = {
2456 - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_EU3_P) },
2457 - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PH8),
2458 - .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
2459 -- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX) },
2460 -+ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX, 0xff) },
2461 - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PLXX),
2462 - .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
2463 - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) },
2464 -diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c
2465 -index 60afb39..337a0be 100644
2466 ---- a/drivers/usb/serial/visor.c
2467 -+++ b/drivers/usb/serial/visor.c
2468 -@@ -544,6 +544,11 @@ static int treo_attach(struct usb_serial *serial)
2469 - (serial->num_interrupt_in == 0))
2470 - return 0;
2471 -
2472 -+ if (serial->num_bulk_in < 2 || serial->num_interrupt_in < 2) {
2473 -+ dev_err(&serial->interface->dev, "missing endpoints\n");
2474 -+ return -ENODEV;
2475 -+ }
2476 -+
2477 - /*
2478 - * It appears that Treos and Kyoceras want to use the
2479 - * 1st bulk in endpoint to communicate with the 2nd bulk out endpoint,
2480 -@@ -597,8 +602,10 @@ static int clie_5_attach(struct usb_serial *serial)
2481 - */
2482 -
2483 - /* some sanity check */
2484 -- if (serial->num_ports < 2)
2485 -- return -1;
2486 -+ if (serial->num_bulk_out < 2) {
2487 -+ dev_err(&serial->interface->dev, "missing bulk out endpoints\n");
2488 -+ return -ENODEV;
2489 -+ }
2490 -
2491 - /* port 0 now uses the modified endpoint Address */
2492 - port = serial->port[0];
2493 -diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
2494 -index c5882b3..9a16d1e 100644
2495 ---- a/fs/ext4/crypto_key.c
2496 -+++ b/fs/ext4/crypto_key.c
2497 -@@ -213,9 +213,11 @@ retry:
2498 - res = -ENOKEY;
2499 - goto out;
2500 - }
2501 -+ down_read(&keyring_key->sem);
2502 - ukp = user_key_payload(keyring_key);
2503 - if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
2504 - res = -EINVAL;
2505 -+ up_read(&keyring_key->sem);
2506 - goto out;
2507 - }
2508 - master_key = (struct ext4_encryption_key *)ukp->data;
2509 -@@ -226,10 +228,12 @@ retry:
2510 - "ext4: key size incorrect: %d\n",
2511 - master_key->size);
2512 - res = -ENOKEY;
2513 -+ up_read(&keyring_key->sem);
2514 - goto out;
2515 - }
2516 - res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
2517 - raw_key);
2518 -+ up_read(&keyring_key->sem);
2519 - if (res)
2520 - goto out;
2521 - got_key:
2522 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
2523 -index 8981803..343b0f1 100644
2524 ---- a/fs/nfs/nfs4proc.c
2525 -+++ b/fs/nfs/nfs4proc.c
2526 -@@ -8054,7 +8054,6 @@ static void nfs4_layoutreturn_release(void *calldata)
2527 - pnfs_set_layout_stateid(lo, &lrp->res.stateid, true);
2528 - pnfs_mark_matching_lsegs_invalid(lo, &freeme, &lrp->args.range);
2529 - pnfs_clear_layoutreturn_waitbit(lo);
2530 -- lo->plh_block_lgets--;
2531 - spin_unlock(&lo->plh_inode->i_lock);
2532 - pnfs_free_lseg_list(&freeme);
2533 - pnfs_put_layout_hdr(lrp->args.layout);
2534 -diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
2535 -index 84f2f80..4e2162b 100644
2536 ---- a/fs/ocfs2/dlm/dlmmaster.c
2537 -+++ b/fs/ocfs2/dlm/dlmmaster.c
2538 -@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm,
2539 - spin_lock(&dlm->master_lock);
2540 - ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name,
2541 - namelen, target, dlm->node_num);
2542 -+ /* get an extra reference on the mle.
2543 -+ * otherwise the assert_master from the new
2544 -+ * master will destroy this.
2545 -+ */
2546 -+ dlm_get_mle_inuse(mle);
2547 - spin_unlock(&dlm->master_lock);
2548 - spin_unlock(&dlm->spinlock);
2549 -
2550 -@@ -2554,6 +2559,7 @@ fail:
2551 - if (mle_added) {
2552 - dlm_mle_detach_hb_events(dlm, mle);
2553 - dlm_put_mle(mle);
2554 -+ dlm_put_mle_inuse(mle);
2555 - } else if (mle) {
2556 - kmem_cache_free(dlm_mle_cache, mle);
2557 - mle = NULL;
2558 -@@ -2571,17 +2577,6 @@ fail:
2559 - * ensure that all assert_master work is flushed. */
2560 - flush_workqueue(dlm->dlm_worker);
2561 -
2562 -- /* get an extra reference on the mle.
2563 -- * otherwise the assert_master from the new
2564 -- * master will destroy this.
2565 -- * also, make sure that all callers of dlm_get_mle
2566 -- * take both dlm->spinlock and dlm->master_lock */
2567 -- spin_lock(&dlm->spinlock);
2568 -- spin_lock(&dlm->master_lock);
2569 -- dlm_get_mle_inuse(mle);
2570 -- spin_unlock(&dlm->master_lock);
2571 -- spin_unlock(&dlm->spinlock);
2572 --
2573 - /* notify new node and send all lock state */
2574 - /* call send_one_lockres with migration flag.
2575 - * this serves as notice to the target node that a
2576 -@@ -3312,6 +3307,15 @@ top:
2577 - mle->new_master != dead_node)
2578 - continue;
2579 -
2580 -+ if (mle->new_master == dead_node && mle->inuse) {
2581 -+ mlog(ML_NOTICE, "%s: target %u died during "
2582 -+ "migration from %u, the MLE is "
2583 -+ "still keep used, ignore it!\n",
2584 -+ dlm->name, dead_node,
2585 -+ mle->master);
2586 -+ continue;
2587 -+ }
2588 -+
2589 - /* If we have reached this point, this mle needs to be
2590 - * removed from the list and freed. */
2591 - dlm_clean_migration_mle(dlm, mle);
2592 -diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
2593 -index 9e4f862..42f0cae 100644
2594 ---- a/fs/ocfs2/dlm/dlmrecovery.c
2595 -+++ b/fs/ocfs2/dlm/dlmrecovery.c
2596 -@@ -2360,6 +2360,8 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node)
2597 - break;
2598 - }
2599 - }
2600 -+ dlm_lockres_clear_refmap_bit(dlm, res,
2601 -+ dead_node);
2602 - spin_unlock(&res->spinlock);
2603 - continue;
2604 - }
2605 -diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
2606 -index 20276e3..b002acf 100644
2607 ---- a/fs/ocfs2/dlmglue.c
2608 -+++ b/fs/ocfs2/dlmglue.c
2609 -@@ -1390,6 +1390,7 @@ static int __ocfs2_cluster_lock(struct ocfs2_super *osb,
2610 - unsigned int gen;
2611 - int noqueue_attempted = 0;
2612 - int dlm_locked = 0;
2613 -+ int kick_dc = 0;
2614 -
2615 - if (!(lockres->l_flags & OCFS2_LOCK_INITIALIZED)) {
2616 - mlog_errno(-EINVAL);
2617 -@@ -1524,7 +1525,12 @@ update_holders:
2618 - unlock:
2619 - lockres_clear_flags(lockres, OCFS2_LOCK_UPCONVERT_FINISHING);
2620 -
2621 -+ /* ocfs2_unblock_lock reques on seeing OCFS2_LOCK_UPCONVERT_FINISHING */
2622 -+ kick_dc = (lockres->l_flags & OCFS2_LOCK_BLOCKED);
2623 -+
2624 - spin_unlock_irqrestore(&lockres->l_lock, flags);
2625 -+ if (kick_dc)
2626 -+ ocfs2_wake_downconvert_thread(osb);
2627 - out:
2628 - /*
2629 - * This is helping work around a lock inversion between the page lock
2630 -diff --git a/include/crypto/hash.h b/include/crypto/hash.h
2631 -index 3d69c93..6361892 100644
2632 ---- a/include/crypto/hash.h
2633 -+++ b/include/crypto/hash.h
2634 -@@ -204,6 +204,7 @@ struct crypto_ahash {
2635 - unsigned int keylen);
2636 -
2637 - unsigned int reqsize;
2638 -+ bool has_setkey;
2639 - struct crypto_tfm base;
2640 - };
2641 -
2642 -@@ -375,6 +376,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
2643 - int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
2644 - unsigned int keylen);
2645 -
2646 -+static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
2647 -+{
2648 -+ return tfm->has_setkey;
2649 -+}
2650 -+
2651 - /**
2652 - * crypto_ahash_finup() - update and finalize message digest
2653 - * @req: reference to the ahash_request handle that holds all information
2654 -diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
2655 -index 018afb2..a2bfd78 100644
2656 ---- a/include/crypto/if_alg.h
2657 -+++ b/include/crypto/if_alg.h
2658 -@@ -30,6 +30,9 @@ struct alg_sock {
2659 -
2660 - struct sock *parent;
2661 -
2662 -+ unsigned int refcnt;
2663 -+ unsigned int nokey_refcnt;
2664 -+
2665 - const struct af_alg_type *type;
2666 - void *private;
2667 - };
2668 -@@ -50,9 +53,11 @@ struct af_alg_type {
2669 - void (*release)(void *private);
2670 - int (*setkey)(void *private, const u8 *key, unsigned int keylen);
2671 - int (*accept)(void *private, struct sock *sk);
2672 -+ int (*accept_nokey)(void *private, struct sock *sk);
2673 - int (*setauthsize)(void *private, unsigned int authsize);
2674 -
2675 - struct proto_ops *ops;
2676 -+ struct proto_ops *ops_nokey;
2677 - struct module *owner;
2678 - char name[14];
2679 - };
2680 -@@ -67,6 +72,7 @@ int af_alg_register_type(const struct af_alg_type *type);
2681 - int af_alg_unregister_type(const struct af_alg_type *type);
2682 -
2683 - int af_alg_release(struct socket *sock);
2684 -+void af_alg_release_parent(struct sock *sk);
2685 - int af_alg_accept(struct sock *sk, struct socket *newsock);
2686 -
2687 - int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len);
2688 -@@ -83,11 +89,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
2689 - return (struct alg_sock *)sk;
2690 - }
2691 -
2692 --static inline void af_alg_release_parent(struct sock *sk)
2693 --{
2694 -- sock_put(alg_sk(sk)->parent);
2695 --}
2696 --
2697 - static inline void af_alg_init_completion(struct af_alg_completion *completion)
2698 - {
2699 - init_completion(&completion->completion);
2700 -diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
2701 -index d8dd41f..fd8742a 100644
2702 ---- a/include/crypto/skcipher.h
2703 -+++ b/include/crypto/skcipher.h
2704 -@@ -61,6 +61,8 @@ struct crypto_skcipher {
2705 - unsigned int ivsize;
2706 - unsigned int reqsize;
2707 -
2708 -+ bool has_setkey;
2709 -+
2710 - struct crypto_tfm base;
2711 - };
2712 -
2713 -@@ -305,6 +307,11 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
2714 - return tfm->setkey(tfm, key, keylen);
2715 - }
2716 -
2717 -+static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm)
2718 -+{
2719 -+ return tfm->has_setkey;
2720 -+}
2721 -+
2722 - /**
2723 - * crypto_skcipher_reqtfm() - obtain cipher handle from request
2724 - * @req: skcipher_request out of which the cipher handle is to be obtained
2725 -diff --git a/include/linux/console.h b/include/linux/console.h
2726 -index bd19434..ea731af 100644
2727 ---- a/include/linux/console.h
2728 -+++ b/include/linux/console.h
2729 -@@ -150,6 +150,7 @@ extern int console_trylock(void);
2730 - extern void console_unlock(void);
2731 - extern void console_conditional_schedule(void);
2732 - extern void console_unblank(void);
2733 -+extern void console_flush_on_panic(void);
2734 - extern struct tty_driver *console_device(int *);
2735 - extern void console_stop(struct console *);
2736 - extern void console_start(struct console *);
2737 -diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
2738 -index 76dd4f0..2ead22d 100644
2739 ---- a/include/linux/hrtimer.h
2740 -+++ b/include/linux/hrtimer.h
2741 -@@ -87,7 +87,8 @@ enum hrtimer_restart {
2742 - * @function: timer expiry callback function
2743 - * @base: pointer to the timer base (per cpu and per clock)
2744 - * @state: state information (See bit values above)
2745 -- * @start_pid: timer statistics field to store the pid of the task which
2746 -+ * @is_rel: Set if the timer was armed relative
2747 -+ * @start_pid: timer statistics field to store the pid of the task which
2748 - * started the timer
2749 - * @start_site: timer statistics field to store the site where the timer
2750 - * was started
2751 -@@ -101,7 +102,8 @@ struct hrtimer {
2752 - ktime_t _softexpires;
2753 - enum hrtimer_restart (*function)(struct hrtimer *);
2754 - struct hrtimer_clock_base *base;
2755 -- unsigned long state;
2756 -+ u8 state;
2757 -+ u8 is_rel;
2758 - #ifdef CONFIG_TIMER_STATS
2759 - int start_pid;
2760 - void *start_site;
2761 -@@ -321,6 +323,27 @@ static inline void clock_was_set_delayed(void) { }
2762 -
2763 - #endif
2764 -
2765 -+static inline ktime_t
2766 -+__hrtimer_expires_remaining_adjusted(const struct hrtimer *timer, ktime_t now)
2767 -+{
2768 -+ ktime_t rem = ktime_sub(timer->node.expires, now);
2769 -+
2770 -+ /*
2771 -+ * Adjust relative timers for the extra we added in
2772 -+ * hrtimer_start_range_ns() to prevent short timeouts.
2773 -+ */
2774 -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && timer->is_rel)
2775 -+ rem.tv64 -= hrtimer_resolution;
2776 -+ return rem;
2777 -+}
2778 -+
2779 -+static inline ktime_t
2780 -+hrtimer_expires_remaining_adjusted(const struct hrtimer *timer)
2781 -+{
2782 -+ return __hrtimer_expires_remaining_adjusted(timer,
2783 -+ timer->base->get_time());
2784 -+}
2785 -+
2786 - extern void clock_was_set(void);
2787 - #ifdef CONFIG_TIMERFD
2788 - extern void timerfd_clock_was_set(void);
2789 -@@ -390,7 +413,12 @@ static inline void hrtimer_restart(struct hrtimer *timer)
2790 - }
2791 -
2792 - /* Query timers: */
2793 --extern ktime_t hrtimer_get_remaining(const struct hrtimer *timer);
2794 -+extern ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust);
2795 -+
2796 -+static inline ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
2797 -+{
2798 -+ return __hrtimer_get_remaining(timer, false);
2799 -+}
2800 -
2801 - extern u64 hrtimer_get_next_event(void);
2802 -
2803 -diff --git a/include/linux/tty.h b/include/linux/tty.h
2804 -index 5e31f1b..6b6e811 100644
2805 ---- a/include/linux/tty.h
2806 -+++ b/include/linux/tty.h
2807 -@@ -654,6 +654,7 @@ extern long vt_compat_ioctl(struct tty_struct *tty,
2808 - /* tty_mutex.c */
2809 - /* functions for preparation of BKL removal */
2810 - extern void __lockfunc tty_lock(struct tty_struct *tty);
2811 -+extern int tty_lock_interruptible(struct tty_struct *tty);
2812 - extern void __lockfunc tty_unlock(struct tty_struct *tty);
2813 - extern void __lockfunc tty_lock_slave(struct tty_struct *tty);
2814 - extern void __lockfunc tty_unlock_slave(struct tty_struct *tty);
2815 -diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h
2816 -index f6cbef7..3b91ad5 100644
2817 ---- a/include/sound/rawmidi.h
2818 -+++ b/include/sound/rawmidi.h
2819 -@@ -167,6 +167,10 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
2820 - int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count);
2821 - int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
2822 - unsigned char *buffer, int count);
2823 -+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
2824 -+ unsigned char *buffer, int count);
2825 -+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream,
2826 -+ int count);
2827 -
2828 - /* main midi functions */
2829 -
2830 -diff --git a/kernel/panic.c b/kernel/panic.c
2831 -index 4b150bc..41e2b54 100644
2832 ---- a/kernel/panic.c
2833 -+++ b/kernel/panic.c
2834 -@@ -157,8 +157,7 @@ void panic(const char *fmt, ...)
2835 - * panic() is not being callled from OOPS.
2836 - */
2837 - debug_locks_off();
2838 -- console_trylock();
2839 -- console_unlock();
2840 -+ console_flush_on_panic();
2841 -
2842 - if (!panic_blink)
2843 - panic_blink = no_blink;
2844 -diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
2845 -index 2ce8826..c048e34 100644
2846 ---- a/kernel/printk/printk.c
2847 -+++ b/kernel/printk/printk.c
2848 -@@ -2233,13 +2233,24 @@ void console_unlock(void)
2849 - static u64 seen_seq;
2850 - unsigned long flags;
2851 - bool wake_klogd = false;
2852 -- bool retry;
2853 -+ bool do_cond_resched, retry;
2854 -
2855 - if (console_suspended) {
2856 - up_console_sem();
2857 - return;
2858 - }
2859 -
2860 -+ /*
2861 -+ * Console drivers are called under logbuf_lock, so
2862 -+ * @console_may_schedule should be cleared before; however, we may
2863 -+ * end up dumping a lot of lines, for example, if called from
2864 -+ * console registration path, and should invoke cond_resched()
2865 -+ * between lines if allowable. Not doing so can cause a very long
2866 -+ * scheduling stall on a slow console leading to RCU stall and
2867 -+ * softlockup warnings which exacerbate the issue with more
2868 -+ * messages practically incapacitating the system.
2869 -+ */
2870 -+ do_cond_resched = console_may_schedule;
2871 - console_may_schedule = 0;
2872 -
2873 - /* flush buffered message fragment immediately to console */
2874 -@@ -2311,6 +2322,9 @@ skip:
2875 - call_console_drivers(level, ext_text, ext_len, text, len);
2876 - start_critical_timings();
2877 - local_irq_restore(flags);
2878 -+
2879 -+ if (do_cond_resched)
2880 -+ cond_resched();
2881 - }
2882 - console_locked = 0;
2883 -
2884 -@@ -2378,6 +2392,25 @@ void console_unblank(void)
2885 - console_unlock();
2886 - }
2887 -
2888 -+/**
2889 -+ * console_flush_on_panic - flush console content on panic
2890 -+ *
2891 -+ * Immediately output all pending messages no matter what.
2892 -+ */
2893 -+void console_flush_on_panic(void)
2894 -+{
2895 -+ /*
2896 -+ * If someone else is holding the console lock, trylock will fail
2897 -+ * and may_schedule may be set. Ignore and proceed to unlock so
2898 -+ * that messages are flushed out. As this can be called from any
2899 -+ * context and we don't want to get preempted while flushing,
2900 -+ * ensure may_schedule is cleared.
2901 -+ */
2902 -+ console_trylock();
2903 -+ console_may_schedule = 0;
2904 -+ console_unlock();
2905 -+}
2906 -+
2907 - /*
2908 - * Return the console tty driver structure and its associated index
2909 - */
2910 -diff --git a/kernel/sched/core.c b/kernel/sched/core.c
2911 -index 732e993..eb70592 100644
2912 ---- a/kernel/sched/core.c
2913 -+++ b/kernel/sched/core.c
2914 -@@ -6738,7 +6738,7 @@ static void sched_init_numa(void)
2915 -
2916 - sched_domains_numa_masks[i][j] = mask;
2917 -
2918 -- for (k = 0; k < nr_node_ids; k++) {
2919 -+ for_each_node(k) {
2920 - if (node_distance(j, k) > sched_domains_numa_distance[i])
2921 - continue;
2922 -
2923 -diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
2924 -index 435b885..fa909f9 100644
2925 ---- a/kernel/time/hrtimer.c
2926 -+++ b/kernel/time/hrtimer.c
2927 -@@ -897,10 +897,10 @@ static int enqueue_hrtimer(struct hrtimer *timer,
2928 - */
2929 - static void __remove_hrtimer(struct hrtimer *timer,
2930 - struct hrtimer_clock_base *base,
2931 -- unsigned long newstate, int reprogram)
2932 -+ u8 newstate, int reprogram)
2933 - {
2934 - struct hrtimer_cpu_base *cpu_base = base->cpu_base;
2935 -- unsigned int state = timer->state;
2936 -+ u8 state = timer->state;
2937 -
2938 - timer->state = newstate;
2939 - if (!(state & HRTIMER_STATE_ENQUEUED))
2940 -@@ -930,7 +930,7 @@ static inline int
2941 - remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart)
2942 - {
2943 - if (hrtimer_is_queued(timer)) {
2944 -- unsigned long state = timer->state;
2945 -+ u8 state = timer->state;
2946 - int reprogram;
2947 -
2948 - /*
2949 -@@ -954,6 +954,22 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool rest
2950 - return 0;
2951 - }
2952 -
2953 -+static inline ktime_t hrtimer_update_lowres(struct hrtimer *timer, ktime_t tim,
2954 -+ const enum hrtimer_mode mode)
2955 -+{
2956 -+#ifdef CONFIG_TIME_LOW_RES
2957 -+ /*
2958 -+ * CONFIG_TIME_LOW_RES indicates that the system has no way to return
2959 -+ * granular time values. For relative timers we add hrtimer_resolution
2960 -+ * (i.e. one jiffie) to prevent short timeouts.
2961 -+ */
2962 -+ timer->is_rel = mode & HRTIMER_MODE_REL;
2963 -+ if (timer->is_rel)
2964 -+ tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
2965 -+#endif
2966 -+ return tim;
2967 -+}
2968 -+
2969 - /**
2970 - * hrtimer_start_range_ns - (re)start an hrtimer on the current CPU
2971 - * @timer: the timer to be added
2972 -@@ -974,19 +990,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim,
2973 - /* Remove an active timer from the queue: */
2974 - remove_hrtimer(timer, base, true);
2975 -
2976 -- if (mode & HRTIMER_MODE_REL) {
2977 -+ if (mode & HRTIMER_MODE_REL)
2978 - tim = ktime_add_safe(tim, base->get_time());
2979 -- /*
2980 -- * CONFIG_TIME_LOW_RES is a temporary way for architectures
2981 -- * to signal that they simply return xtime in
2982 -- * do_gettimeoffset(). In this case we want to round up by
2983 -- * resolution when starting a relative timer, to avoid short
2984 -- * timeouts. This will go away with the GTOD framework.
2985 -- */
2986 --#ifdef CONFIG_TIME_LOW_RES
2987 -- tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
2988 --#endif
2989 -- }
2990 -+
2991 -+ tim = hrtimer_update_lowres(timer, tim, mode);
2992 -
2993 - hrtimer_set_expires_range_ns(timer, tim, delta_ns);
2994 -
2995 -@@ -1074,19 +1081,23 @@ EXPORT_SYMBOL_GPL(hrtimer_cancel);
2996 - /**
2997 - * hrtimer_get_remaining - get remaining time for the timer
2998 - * @timer: the timer to read
2999 -+ * @adjust: adjust relative timers when CONFIG_TIME_LOW_RES=y
3000 - */
3001 --ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
3002 -+ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust)
3003 - {
3004 - unsigned long flags;
3005 - ktime_t rem;
3006 -
3007 - lock_hrtimer_base(timer, &flags);
3008 -- rem = hrtimer_expires_remaining(timer);
3009 -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && adjust)
3010 -+ rem = hrtimer_expires_remaining_adjusted(timer);
3011 -+ else
3012 -+ rem = hrtimer_expires_remaining(timer);
3013 - unlock_hrtimer_base(timer, &flags);
3014 -
3015 - return rem;
3016 - }
3017 --EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
3018 -+EXPORT_SYMBOL_GPL(__hrtimer_get_remaining);
3019 -
3020 - #ifdef CONFIG_NO_HZ_COMMON
3021 - /**
3022 -@@ -1220,6 +1231,14 @@ static void __run_hrtimer(struct hrtimer_cpu_base *cpu_base,
3023 - fn = timer->function;
3024 -
3025 - /*
3026 -+ * Clear the 'is relative' flag for the TIME_LOW_RES case. If the
3027 -+ * timer is restarted with a period then it becomes an absolute
3028 -+ * timer. If its not restarted it does not matter.
3029 -+ */
3030 -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES))
3031 -+ timer->is_rel = false;
3032 -+
3033 -+ /*
3034 - * Because we run timers from hardirq context, there is no chance
3035 - * they get migrated to another cpu, therefore its safe to unlock
3036 - * the timer base.
3037 -diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
3038 -index f75e35b..ba7d8b2 100644
3039 ---- a/kernel/time/timer_list.c
3040 -+++ b/kernel/time/timer_list.c
3041 -@@ -69,7 +69,7 @@ print_timer(struct seq_file *m, struct hrtimer *taddr, struct hrtimer *timer,
3042 - print_name_offset(m, taddr);
3043 - SEQ_printf(m, ", ");
3044 - print_name_offset(m, timer->function);
3045 -- SEQ_printf(m, ", S:%02lx", timer->state);
3046 -+ SEQ_printf(m, ", S:%02x", timer->state);
3047 - #ifdef CONFIG_TIMER_STATS
3048 - SEQ_printf(m, ", ");
3049 - print_name_offset(m, timer->start_site);
3050 -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
3051 -index 87fb980..d929340 100644
3052 ---- a/kernel/trace/trace.c
3053 -+++ b/kernel/trace/trace.c
3054 -@@ -1751,7 +1751,7 @@ void trace_buffer_unlock_commit_regs(struct trace_array *tr,
3055 - {
3056 - __buffer_unlock_commit(buffer, event);
3057 -
3058 -- ftrace_trace_stack(tr, buffer, flags, 6, pc, regs);
3059 -+ ftrace_trace_stack(tr, buffer, flags, 0, pc, regs);
3060 - ftrace_trace_userstack(buffer, flags, pc);
3061 - }
3062 - EXPORT_SYMBOL_GPL(trace_buffer_unlock_commit_regs);
3063 -diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
3064 -index dda9e67..202df6c 100644
3065 ---- a/kernel/trace/trace_stack.c
3066 -+++ b/kernel/trace/trace_stack.c
3067 -@@ -126,6 +126,13 @@ check_stack(unsigned long ip, unsigned long *stack)
3068 - }
3069 -
3070 - /*
3071 -+ * Some archs may not have the passed in ip in the dump.
3072 -+ * If that happens, we need to show everything.
3073 -+ */
3074 -+ if (i == stack_trace_max.nr_entries)
3075 -+ i = 0;
3076 -+
3077 -+ /*
3078 - * Now find where in the stack these are.
3079 - */
3080 - x = 0;
3081 -diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
3082 -index 6a08ce7..acf9da4 100644
3083 ---- a/lib/libcrc32c.c
3084 -+++ b/lib/libcrc32c.c
3085 -@@ -74,3 +74,4 @@ module_exit(libcrc32c_mod_fini);
3086 - MODULE_AUTHOR("Clay Haapala <chaapala@×××××.com>");
3087 - MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
3088 - MODULE_LICENSE("GPL");
3089 -+MODULE_SOFTDEP("pre: crc32c");
3090 -diff --git a/mm/backing-dev.c b/mm/backing-dev.c
3091 -index 7340353..cbe6f0b 100644
3092 ---- a/mm/backing-dev.c
3093 -+++ b/mm/backing-dev.c
3094 -@@ -989,7 +989,7 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout)
3095 - * here rather than calling cond_resched().
3096 - */
3097 - if (current->flags & PF_WQ_WORKER)
3098 -- schedule_timeout(1);
3099 -+ schedule_timeout_uninterruptible(1);
3100 - else
3101 - cond_resched();
3102 -
3103 -diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
3104 -index 9f15bdd..fc08399 100644
3105 ---- a/mm/zsmalloc.c
3106 -+++ b/mm/zsmalloc.c
3107 -@@ -309,7 +309,12 @@ static void free_handle(struct zs_pool *pool, unsigned long handle)
3108 -
3109 - static void record_obj(unsigned long handle, unsigned long obj)
3110 - {
3111 -- *(unsigned long *)handle = obj;
3112 -+ /*
3113 -+ * lsb of @obj represents handle lock while other bits
3114 -+ * represent object value the handle is pointing so
3115 -+ * updating shouldn't do store tearing.
3116 -+ */
3117 -+ WRITE_ONCE(*(unsigned long *)handle, obj);
3118 - }
3119 -
3120 - /* zpool driver */
3121 -@@ -1635,6 +1640,13 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class,
3122 - free_obj = obj_malloc(d_page, class, handle);
3123 - zs_object_copy(free_obj, used_obj, class);
3124 - index++;
3125 -+ /*
3126 -+ * record_obj updates handle's value to free_obj and it will
3127 -+ * invalidate lock bit(ie, HANDLE_PIN_BIT) of handle, which
3128 -+ * breaks synchronization using pin_tag(e,g, zs_free) so
3129 -+ * let's keep the lock bit.
3130 -+ */
3131 -+ free_obj |= BIT(HANDLE_PIN_BIT);
3132 - record_obj(handle, free_obj);
3133 - unpin_tag(handle);
3134 - obj_free(pool, class, used_obj);
3135 -diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
3136 -index 1334e02..3d145a3 100644
3137 ---- a/security/integrity/evm/evm_main.c
3138 -+++ b/security/integrity/evm/evm_main.c
3139 -@@ -23,6 +23,7 @@
3140 - #include <linux/integrity.h>
3141 - #include <linux/evm.h>
3142 - #include <crypto/hash.h>
3143 -+#include <crypto/algapi.h>
3144 - #include "evm.h"
3145 -
3146 - int evm_initialized;
3147 -@@ -148,7 +149,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
3148 - xattr_value_len, calc.digest);
3149 - if (rc)
3150 - break;
3151 -- rc = memcmp(xattr_data->digest, calc.digest,
3152 -+ rc = crypto_memneq(xattr_data->digest, calc.digest,
3153 - sizeof(calc.digest));
3154 - if (rc)
3155 - rc = -EINVAL;
3156 -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
3157 -index b123c42..b554d7f 100644
3158 ---- a/sound/core/compress_offload.c
3159 -+++ b/sound/core/compress_offload.c
3160 -@@ -44,6 +44,13 @@
3161 - #include <sound/compress_offload.h>
3162 - #include <sound/compress_driver.h>
3163 -
3164 -+/* struct snd_compr_codec_caps overflows the ioctl bit size for some
3165 -+ * architectures, so we need to disable the relevant ioctls.
3166 -+ */
3167 -+#if _IOC_SIZEBITS < 14
3168 -+#define COMPR_CODEC_CAPS_OVERFLOW
3169 -+#endif
3170 -+
3171 - /* TODO:
3172 - * - add substream support for multiple devices in case of
3173 - * SND_DYNAMIC_MINORS is not used
3174 -@@ -438,6 +445,7 @@ out:
3175 - return retval;
3176 - }
3177 -
3178 -+#ifndef COMPR_CODEC_CAPS_OVERFLOW
3179 - static int
3180 - snd_compr_get_codec_caps(struct snd_compr_stream *stream, unsigned long arg)
3181 - {
3182 -@@ -461,6 +469,7 @@ out:
3183 - kfree(caps);
3184 - return retval;
3185 - }
3186 -+#endif /* !COMPR_CODEC_CAPS_OVERFLOW */
3187 -
3188 - /* revisit this with snd_pcm_preallocate_xxx */
3189 - static int snd_compr_allocate_buffer(struct snd_compr_stream *stream,
3190 -@@ -799,9 +808,11 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3191 - case _IOC_NR(SNDRV_COMPRESS_GET_CAPS):
3192 - retval = snd_compr_get_caps(stream, arg);
3193 - break;
3194 -+#ifndef COMPR_CODEC_CAPS_OVERFLOW
3195 - case _IOC_NR(SNDRV_COMPRESS_GET_CODEC_CAPS):
3196 - retval = snd_compr_get_codec_caps(stream, arg);
3197 - break;
3198 -+#endif
3199 - case _IOC_NR(SNDRV_COMPRESS_SET_PARAMS):
3200 - retval = snd_compr_set_params(stream, arg);
3201 - break;
3202 -diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
3203 -index 58550cc..33e72c8 100644
3204 ---- a/sound/core/oss/pcm_oss.c
3205 -+++ b/sound/core/oss/pcm_oss.c
3206 -@@ -834,7 +834,8 @@ static int choose_rate(struct snd_pcm_substream *substream,
3207 - return snd_pcm_hw_param_near(substream, params, SNDRV_PCM_HW_PARAM_RATE, best_rate, NULL);
3208 - }
3209 -
3210 --static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
3211 -+static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream,
3212 -+ bool trylock)
3213 - {
3214 - struct snd_pcm_runtime *runtime = substream->runtime;
3215 - struct snd_pcm_hw_params *params, *sparams;
3216 -@@ -848,7 +849,10 @@ static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
3217 - struct snd_mask sformat_mask;
3218 - struct snd_mask mask;
3219 -
3220 -- if (mutex_lock_interruptible(&runtime->oss.params_lock))
3221 -+ if (trylock) {
3222 -+ if (!(mutex_trylock(&runtime->oss.params_lock)))
3223 -+ return -EAGAIN;
3224 -+ } else if (mutex_lock_interruptible(&runtime->oss.params_lock))
3225 - return -EINTR;
3226 - sw_params = kmalloc(sizeof(*sw_params), GFP_KERNEL);
3227 - params = kmalloc(sizeof(*params), GFP_KERNEL);
3228 -@@ -1092,7 +1096,7 @@ static int snd_pcm_oss_get_active_substream(struct snd_pcm_oss_file *pcm_oss_fil
3229 - if (asubstream == NULL)
3230 - asubstream = substream;
3231 - if (substream->runtime->oss.params) {
3232 -- err = snd_pcm_oss_change_params(substream);
3233 -+ err = snd_pcm_oss_change_params(substream, false);
3234 - if (err < 0)
3235 - return err;
3236 - }
3237 -@@ -1132,7 +1136,7 @@ static int snd_pcm_oss_make_ready(struct snd_pcm_substream *substream)
3238 - return 0;
3239 - runtime = substream->runtime;
3240 - if (runtime->oss.params) {
3241 -- err = snd_pcm_oss_change_params(substream);
3242 -+ err = snd_pcm_oss_change_params(substream, false);
3243 - if (err < 0)
3244 - return err;
3245 - }
3246 -@@ -2163,7 +2167,7 @@ static int snd_pcm_oss_get_space(struct snd_pcm_oss_file *pcm_oss_file, int stre
3247 - runtime = substream->runtime;
3248 -
3249 - if (runtime->oss.params &&
3250 -- (err = snd_pcm_oss_change_params(substream)) < 0)
3251 -+ (err = snd_pcm_oss_change_params(substream, false)) < 0)
3252 - return err;
3253 -
3254 - info.fragsize = runtime->oss.period_bytes;
3255 -@@ -2800,7 +2804,12 @@ static int snd_pcm_oss_mmap(struct file *file, struct vm_area_struct *area)
3256 - return -EIO;
3257 -
3258 - if (runtime->oss.params) {
3259 -- if ((err = snd_pcm_oss_change_params(substream)) < 0)
3260 -+ /* use mutex_trylock() for params_lock for avoiding a deadlock
3261 -+ * between mmap_sem and params_lock taken by
3262 -+ * copy_from/to_user() in snd_pcm_oss_write/read()
3263 -+ */
3264 -+ err = snd_pcm_oss_change_params(substream, true);
3265 -+ if (err < 0)
3266 - return err;
3267 - }
3268 - #ifdef CONFIG_SND_PCM_OSS_PLUGINS
3269 -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
3270 -index a775984..795437b 100644
3271 ---- a/sound/core/rawmidi.c
3272 -+++ b/sound/core/rawmidi.c
3273 -@@ -942,31 +942,36 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream,
3274 - unsigned long flags;
3275 - long result = 0, count1;
3276 - struct snd_rawmidi_runtime *runtime = substream->runtime;
3277 -+ unsigned long appl_ptr;
3278 -
3279 -+ spin_lock_irqsave(&runtime->lock, flags);
3280 - while (count > 0 && runtime->avail) {
3281 - count1 = runtime->buffer_size - runtime->appl_ptr;
3282 - if (count1 > count)
3283 - count1 = count;
3284 -- spin_lock_irqsave(&runtime->lock, flags);
3285 - if (count1 > (int)runtime->avail)
3286 - count1 = runtime->avail;
3287 -+
3288 -+ /* update runtime->appl_ptr before unlocking for userbuf */
3289 -+ appl_ptr = runtime->appl_ptr;
3290 -+ runtime->appl_ptr += count1;
3291 -+ runtime->appl_ptr %= runtime->buffer_size;
3292 -+ runtime->avail -= count1;
3293 -+
3294 - if (kernelbuf)
3295 -- memcpy(kernelbuf + result, runtime->buffer + runtime->appl_ptr, count1);
3296 -+ memcpy(kernelbuf + result, runtime->buffer + appl_ptr, count1);
3297 - if (userbuf) {
3298 - spin_unlock_irqrestore(&runtime->lock, flags);
3299 - if (copy_to_user(userbuf + result,
3300 -- runtime->buffer + runtime->appl_ptr, count1)) {
3301 -+ runtime->buffer + appl_ptr, count1)) {
3302 - return result > 0 ? result : -EFAULT;
3303 - }
3304 - spin_lock_irqsave(&runtime->lock, flags);
3305 - }
3306 -- runtime->appl_ptr += count1;
3307 -- runtime->appl_ptr %= runtime->buffer_size;
3308 -- runtime->avail -= count1;
3309 -- spin_unlock_irqrestore(&runtime->lock, flags);
3310 - result += count1;
3311 - count -= count1;
3312 - }
3313 -+ spin_unlock_irqrestore(&runtime->lock, flags);
3314 - return result;
3315 - }
3316 -
3317 -@@ -1055,23 +1060,16 @@ int snd_rawmidi_transmit_empty(struct snd_rawmidi_substream *substream)
3318 - EXPORT_SYMBOL(snd_rawmidi_transmit_empty);
3319 -
3320 - /**
3321 -- * snd_rawmidi_transmit_peek - copy data from the internal buffer
3322 -+ * __snd_rawmidi_transmit_peek - copy data from the internal buffer
3323 - * @substream: the rawmidi substream
3324 - * @buffer: the buffer pointer
3325 - * @count: data size to transfer
3326 - *
3327 -- * Copies data from the internal output buffer to the given buffer.
3328 -- *
3329 -- * Call this in the interrupt handler when the midi output is ready,
3330 -- * and call snd_rawmidi_transmit_ack() after the transmission is
3331 -- * finished.
3332 -- *
3333 -- * Return: The size of copied data, or a negative error code on failure.
3334 -+ * This is a variant of snd_rawmidi_transmit_peek() without spinlock.
3335 - */
3336 --int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
3337 -+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
3338 - unsigned char *buffer, int count)
3339 - {
3340 -- unsigned long flags;
3341 - int result, count1;
3342 - struct snd_rawmidi_runtime *runtime = substream->runtime;
3343 -
3344 -@@ -1081,7 +1079,6 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
3345 - return -EINVAL;
3346 - }
3347 - result = 0;
3348 -- spin_lock_irqsave(&runtime->lock, flags);
3349 - if (runtime->avail >= runtime->buffer_size) {
3350 - /* warning: lowlevel layer MUST trigger down the hardware */
3351 - goto __skip;
3352 -@@ -1106,25 +1103,47 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
3353 - }
3354 - }
3355 - __skip:
3356 -+ return result;
3357 -+}
3358 -+EXPORT_SYMBOL(__snd_rawmidi_transmit_peek);
3359 -+
3360 -+/**
3361 -+ * snd_rawmidi_transmit_peek - copy data from the internal buffer
3362 -+ * @substream: the rawmidi substream
3363 -+ * @buffer: the buffer pointer
3364 -+ * @count: data size to transfer
3365 -+ *
3366 -+ * Copies data from the internal output buffer to the given buffer.
3367 -+ *
3368 -+ * Call this in the interrupt handler when the midi output is ready,
3369 -+ * and call snd_rawmidi_transmit_ack() after the transmission is
3370 -+ * finished.
3371 -+ *
3372 -+ * Return: The size of copied data, or a negative error code on failure.
3373 -+ */
3374 -+int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
3375 -+ unsigned char *buffer, int count)
3376 -+{
3377 -+ struct snd_rawmidi_runtime *runtime = substream->runtime;
3378 -+ int result;
3379 -+ unsigned long flags;
3380 -+
3381 -+ spin_lock_irqsave(&runtime->lock, flags);
3382 -+ result = __snd_rawmidi_transmit_peek(substream, buffer, count);
3383 - spin_unlock_irqrestore(&runtime->lock, flags);
3384 - return result;
3385 - }
3386 - EXPORT_SYMBOL(snd_rawmidi_transmit_peek);
3387 -
3388 - /**
3389 -- * snd_rawmidi_transmit_ack - acknowledge the transmission
3390 -+ * __snd_rawmidi_transmit_ack - acknowledge the transmission
3391 - * @substream: the rawmidi substream
3392 - * @count: the transferred count
3393 - *
3394 -- * Advances the hardware pointer for the internal output buffer with
3395 -- * the given size and updates the condition.
3396 -- * Call after the transmission is finished.
3397 -- *
3398 -- * Return: The advanced size if successful, or a negative error code on failure.
3399 -+ * This is a variant of __snd_rawmidi_transmit_ack() without spinlock.
3400 - */
3401 --int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
3402 -+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
3403 - {
3404 -- unsigned long flags;
3405 - struct snd_rawmidi_runtime *runtime = substream->runtime;
3406 -
3407 - if (runtime->buffer == NULL) {
3408 -@@ -1132,7 +1151,6 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
3409 - "snd_rawmidi_transmit_ack: output is not active!!!\n");
3410 - return -EINVAL;
3411 - }
3412 -- spin_lock_irqsave(&runtime->lock, flags);
3413 - snd_BUG_ON(runtime->avail + count > runtime->buffer_size);
3414 - runtime->hw_ptr += count;
3415 - runtime->hw_ptr %= runtime->buffer_size;
3416 -@@ -1142,9 +1160,32 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
3417 - if (runtime->drain || snd_rawmidi_ready(substream))
3418 - wake_up(&runtime->sleep);
3419 - }
3420 -- spin_unlock_irqrestore(&runtime->lock, flags);
3421 - return count;
3422 - }
3423 -+EXPORT_SYMBOL(__snd_rawmidi_transmit_ack);
3424 -+
3425 -+/**
3426 -+ * snd_rawmidi_transmit_ack - acknowledge the transmission
3427 -+ * @substream: the rawmidi substream
3428 -+ * @count: the transferred count
3429 -+ *
3430 -+ * Advances the hardware pointer for the internal output buffer with
3431 -+ * the given size and updates the condition.
3432 -+ * Call after the transmission is finished.
3433 -+ *
3434 -+ * Return: The advanced size if successful, or a negative error code on failure.
3435 -+ */
3436 -+int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
3437 -+{
3438 -+ struct snd_rawmidi_runtime *runtime = substream->runtime;
3439 -+ int result;
3440 -+ unsigned long flags;
3441 -+
3442 -+ spin_lock_irqsave(&runtime->lock, flags);
3443 -+ result = __snd_rawmidi_transmit_ack(substream, count);
3444 -+ spin_unlock_irqrestore(&runtime->lock, flags);
3445 -+ return result;
3446 -+}
3447 - EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
3448 -
3449 - /**
3450 -@@ -1160,12 +1201,22 @@ EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
3451 - int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
3452 - unsigned char *buffer, int count)
3453 - {
3454 -+ struct snd_rawmidi_runtime *runtime = substream->runtime;
3455 -+ int result;
3456 -+ unsigned long flags;
3457 -+
3458 -+ spin_lock_irqsave(&runtime->lock, flags);
3459 - if (!substream->opened)
3460 -- return -EBADFD;
3461 -- count = snd_rawmidi_transmit_peek(substream, buffer, count);
3462 -- if (count < 0)
3463 -- return count;
3464 -- return snd_rawmidi_transmit_ack(substream, count);
3465 -+ result = -EBADFD;
3466 -+ else {
3467 -+ count = __snd_rawmidi_transmit_peek(substream, buffer, count);
3468 -+ if (count <= 0)
3469 -+ result = count;
3470 -+ else
3471 -+ result = __snd_rawmidi_transmit_ack(substream, count);
3472 -+ }
3473 -+ spin_unlock_irqrestore(&runtime->lock, flags);
3474 -+ return result;
3475 - }
3476 - EXPORT_SYMBOL(snd_rawmidi_transmit);
3477 -
3478 -@@ -1177,8 +1228,9 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
3479 - unsigned long flags;
3480 - long count1, result;
3481 - struct snd_rawmidi_runtime *runtime = substream->runtime;
3482 -+ unsigned long appl_ptr;
3483 -
3484 -- if (snd_BUG_ON(!kernelbuf && !userbuf))
3485 -+ if (!kernelbuf && !userbuf)
3486 - return -EINVAL;
3487 - if (snd_BUG_ON(!runtime->buffer))
3488 - return -EINVAL;
3489 -@@ -1197,12 +1249,19 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
3490 - count1 = count;
3491 - if (count1 > (long)runtime->avail)
3492 - count1 = runtime->avail;
3493 -+
3494 -+ /* update runtime->appl_ptr before unlocking for userbuf */
3495 -+ appl_ptr = runtime->appl_ptr;
3496 -+ runtime->appl_ptr += count1;
3497 -+ runtime->appl_ptr %= runtime->buffer_size;
3498 -+ runtime->avail -= count1;
3499 -+
3500 - if (kernelbuf)
3501 -- memcpy(runtime->buffer + runtime->appl_ptr,
3502 -+ memcpy(runtime->buffer + appl_ptr,
3503 - kernelbuf + result, count1);
3504 - else if (userbuf) {
3505 - spin_unlock_irqrestore(&runtime->lock, flags);
3506 -- if (copy_from_user(runtime->buffer + runtime->appl_ptr,
3507 -+ if (copy_from_user(runtime->buffer + appl_ptr,
3508 - userbuf + result, count1)) {
3509 - spin_lock_irqsave(&runtime->lock, flags);
3510 - result = result > 0 ? result : -EFAULT;
3511 -@@ -1210,9 +1269,6 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
3512 - }
3513 - spin_lock_irqsave(&runtime->lock, flags);
3514 - }
3515 -- runtime->appl_ptr += count1;
3516 -- runtime->appl_ptr %= runtime->buffer_size;
3517 -- runtime->avail -= count1;
3518 - result += count1;
3519 - count -= count1;
3520 - }
3521 -diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c
3522 -index b1221b2..6779e82b 100644
3523 ---- a/sound/core/seq/oss/seq_oss_init.c
3524 -+++ b/sound/core/seq/oss/seq_oss_init.c
3525 -@@ -202,7 +202,7 @@ snd_seq_oss_open(struct file *file, int level)
3526 -
3527 - dp->index = i;
3528 - if (i >= SNDRV_SEQ_OSS_MAX_CLIENTS) {
3529 -- pr_err("ALSA: seq_oss: too many applications\n");
3530 -+ pr_debug("ALSA: seq_oss: too many applications\n");
3531 - rc = -ENOMEM;
3532 - goto _error;
3533 - }
3534 -diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
3535 -index 0f3b381..b16dbef 100644
3536 ---- a/sound/core/seq/oss/seq_oss_synth.c
3537 -+++ b/sound/core/seq/oss/seq_oss_synth.c
3538 -@@ -308,7 +308,7 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp)
3539 - struct seq_oss_synth *rec;
3540 - struct seq_oss_synthinfo *info;
3541 -
3542 -- if (snd_BUG_ON(dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
3543 -+ if (snd_BUG_ON(dp->max_synthdev > SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
3544 - return;
3545 - for (i = 0; i < dp->max_synthdev; i++) {
3546 - info = &dp->synths[i];
3547 -diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
3548 -index 13cfa81..58e79e0 100644
3549 ---- a/sound/core/seq/seq_clientmgr.c
3550 -+++ b/sound/core/seq/seq_clientmgr.c
3551 -@@ -678,6 +678,9 @@ static int deliver_to_subscribers(struct snd_seq_client *client,
3552 - else
3553 - down_read(&grp->list_mutex);
3554 - list_for_each_entry(subs, &grp->list_head, src_list) {
3555 -+ /* both ports ready? */
3556 -+ if (atomic_read(&subs->ref_count) != 2)
3557 -+ continue;
3558 - event->dest = subs->info.dest;
3559 - if (subs->info.flags & SNDRV_SEQ_PORT_SUBS_TIMESTAMP)
3560 - /* convert time according to flag with subscription */
3561 -diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c
3562 -index 55170a2..921fb2b 100644
3563 ---- a/sound/core/seq/seq_ports.c
3564 -+++ b/sound/core/seq/seq_ports.c
3565 -@@ -173,10 +173,6 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client,
3566 - }
3567 -
3568 - /* */
3569 --enum group_type {
3570 -- SRC_LIST, DEST_LIST
3571 --};
3572 --
3573 - static int subscribe_port(struct snd_seq_client *client,
3574 - struct snd_seq_client_port *port,
3575 - struct snd_seq_port_subs_info *grp,
3576 -@@ -203,6 +199,20 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
3577 - return NULL;
3578 - }
3579 -
3580 -+static void delete_and_unsubscribe_port(struct snd_seq_client *client,
3581 -+ struct snd_seq_client_port *port,
3582 -+ struct snd_seq_subscribers *subs,
3583 -+ bool is_src, bool ack);
3584 -+
3585 -+static inline struct snd_seq_subscribers *
3586 -+get_subscriber(struct list_head *p, bool is_src)
3587 -+{
3588 -+ if (is_src)
3589 -+ return list_entry(p, struct snd_seq_subscribers, src_list);
3590 -+ else
3591 -+ return list_entry(p, struct snd_seq_subscribers, dest_list);
3592 -+}
3593 -+
3594 - /*
3595 - * remove all subscribers on the list
3596 - * this is called from port_delete, for each src and dest list.
3597 -@@ -210,7 +220,7 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
3598 - static void clear_subscriber_list(struct snd_seq_client *client,
3599 - struct snd_seq_client_port *port,
3600 - struct snd_seq_port_subs_info *grp,
3601 -- int grptype)
3602 -+ int is_src)
3603 - {
3604 - struct list_head *p, *n;
3605 -
3606 -@@ -219,15 +229,13 @@ static void clear_subscriber_list(struct snd_seq_client *client,
3607 - struct snd_seq_client *c;
3608 - struct snd_seq_client_port *aport;
3609 -
3610 -- if (grptype == SRC_LIST) {
3611 -- subs = list_entry(p, struct snd_seq_subscribers, src_list);
3612 -+ subs = get_subscriber(p, is_src);
3613 -+ if (is_src)
3614 - aport = get_client_port(&subs->info.dest, &c);
3615 -- } else {
3616 -- subs = list_entry(p, struct snd_seq_subscribers, dest_list);
3617 -+ else
3618 - aport = get_client_port(&subs->info.sender, &c);
3619 -- }
3620 -- list_del(p);
3621 -- unsubscribe_port(client, port, grp, &subs->info, 0);
3622 -+ delete_and_unsubscribe_port(client, port, subs, is_src, false);
3623 -+
3624 - if (!aport) {
3625 - /* looks like the connected port is being deleted.
3626 - * we decrease the counter, and when both ports are deleted
3627 -@@ -235,21 +243,14 @@ static void clear_subscriber_list(struct snd_seq_client *client,
3628 - */
3629 - if (atomic_dec_and_test(&subs->ref_count))
3630 - kfree(subs);
3631 -- } else {
3632 -- /* ok we got the connected port */
3633 -- struct snd_seq_port_subs_info *agrp;
3634 -- agrp = (grptype == SRC_LIST) ? &aport->c_dest : &aport->c_src;
3635 -- down_write(&agrp->list_mutex);
3636 -- if (grptype == SRC_LIST)
3637 -- list_del(&subs->dest_list);
3638 -- else
3639 -- list_del(&subs->src_list);
3640 -- up_write(&agrp->list_mutex);
3641 -- unsubscribe_port(c, aport, agrp, &subs->info, 1);
3642 -- kfree(subs);
3643 -- snd_seq_port_unlock(aport);
3644 -- snd_seq_client_unlock(c);
3645 -+ continue;
3646 - }
3647 -+
3648 -+ /* ok we got the connected port */
3649 -+ delete_and_unsubscribe_port(c, aport, subs, !is_src, true);
3650 -+ kfree(subs);
3651 -+ snd_seq_port_unlock(aport);
3652 -+ snd_seq_client_unlock(c);
3653 - }
3654 - }
3655 -
3656 -@@ -262,8 +263,8 @@ static int port_delete(struct snd_seq_client *client,
3657 - snd_use_lock_sync(&port->use_lock);
3658 -
3659 - /* clear subscribers info */
3660 -- clear_subscriber_list(client, port, &port->c_src, SRC_LIST);
3661 -- clear_subscriber_list(client, port, &port->c_dest, DEST_LIST);
3662 -+ clear_subscriber_list(client, port, &port->c_src, true);
3663 -+ clear_subscriber_list(client, port, &port->c_dest, false);
3664 -
3665 - if (port->private_free)
3666 - port->private_free(port->private_data);
3667 -@@ -479,85 +480,120 @@ static int match_subs_info(struct snd_seq_port_subscribe *r,
3668 - return 0;
3669 - }
3670 -
3671 --
3672 --/* connect two ports */
3673 --int snd_seq_port_connect(struct snd_seq_client *connector,
3674 -- struct snd_seq_client *src_client,
3675 -- struct snd_seq_client_port *src_port,
3676 -- struct snd_seq_client *dest_client,
3677 -- struct snd_seq_client_port *dest_port,
3678 -- struct snd_seq_port_subscribe *info)
3679 -+static int check_and_subscribe_port(struct snd_seq_client *client,
3680 -+ struct snd_seq_client_port *port,
3681 -+ struct snd_seq_subscribers *subs,
3682 -+ bool is_src, bool exclusive, bool ack)
3683 - {
3684 -- struct snd_seq_port_subs_info *src = &src_port->c_src;
3685 -- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
3686 -- struct snd_seq_subscribers *subs, *s;
3687 -- int err, src_called = 0;
3688 -- unsigned long flags;
3689 -- int exclusive;
3690 -+ struct snd_seq_port_subs_info *grp;
3691 -+ struct list_head *p;
3692 -+ struct snd_seq_subscribers *s;
3693 -+ int err;
3694 -
3695 -- subs = kzalloc(sizeof(*subs), GFP_KERNEL);
3696 -- if (! subs)
3697 -- return -ENOMEM;
3698 --
3699 -- subs->info = *info;
3700 -- atomic_set(&subs->ref_count, 2);
3701 --
3702 -- down_write(&src->list_mutex);
3703 -- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
3704 --
3705 -- exclusive = info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE ? 1 : 0;
3706 -+ grp = is_src ? &port->c_src : &port->c_dest;
3707 - err = -EBUSY;
3708 -+ down_write(&grp->list_mutex);
3709 - if (exclusive) {
3710 -- if (! list_empty(&src->list_head) || ! list_empty(&dest->list_head))
3711 -+ if (!list_empty(&grp->list_head))
3712 - goto __error;
3713 - } else {
3714 -- if (src->exclusive || dest->exclusive)
3715 -+ if (grp->exclusive)
3716 - goto __error;
3717 - /* check whether already exists */
3718 -- list_for_each_entry(s, &src->list_head, src_list) {
3719 -- if (match_subs_info(info, &s->info))
3720 -- goto __error;
3721 -- }
3722 -- list_for_each_entry(s, &dest->list_head, dest_list) {
3723 -- if (match_subs_info(info, &s->info))
3724 -+ list_for_each(p, &grp->list_head) {
3725 -+ s = get_subscriber(p, is_src);
3726 -+ if (match_subs_info(&subs->info, &s->info))
3727 - goto __error;
3728 - }
3729 - }
3730 -
3731 -- if ((err = subscribe_port(src_client, src_port, src, info,
3732 -- connector->number != src_client->number)) < 0)
3733 -- goto __error;
3734 -- src_called = 1;
3735 --
3736 -- if ((err = subscribe_port(dest_client, dest_port, dest, info,
3737 -- connector->number != dest_client->number)) < 0)
3738 -+ err = subscribe_port(client, port, grp, &subs->info, ack);
3739 -+ if (err < 0) {
3740 -+ grp->exclusive = 0;
3741 - goto __error;
3742 -+ }
3743 -
3744 - /* add to list */
3745 -- write_lock_irqsave(&src->list_lock, flags);
3746 -- // write_lock(&dest->list_lock); // no other lock yet
3747 -- list_add_tail(&subs->src_list, &src->list_head);
3748 -- list_add_tail(&subs->dest_list, &dest->list_head);
3749 -- // write_unlock(&dest->list_lock); // no other lock yet
3750 -- write_unlock_irqrestore(&src->list_lock, flags);
3751 -+ write_lock_irq(&grp->list_lock);
3752 -+ if (is_src)
3753 -+ list_add_tail(&subs->src_list, &grp->list_head);
3754 -+ else
3755 -+ list_add_tail(&subs->dest_list, &grp->list_head);
3756 -+ grp->exclusive = exclusive;
3757 -+ atomic_inc(&subs->ref_count);
3758 -+ write_unlock_irq(&grp->list_lock);
3759 -+ err = 0;
3760 -+
3761 -+ __error:
3762 -+ up_write(&grp->list_mutex);
3763 -+ return err;
3764 -+}
3765 -
3766 -- src->exclusive = dest->exclusive = exclusive;
3767 -+static void delete_and_unsubscribe_port(struct snd_seq_client *client,
3768 -+ struct snd_seq_client_port *port,
3769 -+ struct snd_seq_subscribers *subs,
3770 -+ bool is_src, bool ack)
3771 -+{
3772 -+ struct snd_seq_port_subs_info *grp;
3773 -+
3774 -+ grp = is_src ? &port->c_src : &port->c_dest;
3775 -+ down_write(&grp->list_mutex);
3776 -+ write_lock_irq(&grp->list_lock);
3777 -+ if (is_src)
3778 -+ list_del(&subs->src_list);
3779 -+ else
3780 -+ list_del(&subs->dest_list);
3781 -+ grp->exclusive = 0;
3782 -+ write_unlock_irq(&grp->list_lock);
3783 -+ up_write(&grp->list_mutex);
3784 -+
3785 -+ unsubscribe_port(client, port, grp, &subs->info, ack);
3786 -+}
3787 -+
3788 -+/* connect two ports */
3789 -+int snd_seq_port_connect(struct snd_seq_client *connector,
3790 -+ struct snd_seq_client *src_client,
3791 -+ struct snd_seq_client_port *src_port,
3792 -+ struct snd_seq_client *dest_client,
3793 -+ struct snd_seq_client_port *dest_port,
3794 -+ struct snd_seq_port_subscribe *info)
3795 -+{
3796 -+ struct snd_seq_subscribers *subs;
3797 -+ bool exclusive;
3798 -+ int err;
3799 -+
3800 -+ subs = kzalloc(sizeof(*subs), GFP_KERNEL);
3801 -+ if (!subs)
3802 -+ return -ENOMEM;
3803 -+
3804 -+ subs->info = *info;
3805 -+ atomic_set(&subs->ref_count, 0);
3806 -+ INIT_LIST_HEAD(&subs->src_list);
3807 -+ INIT_LIST_HEAD(&subs->dest_list);
3808 -+
3809 -+ exclusive = !!(info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE);
3810 -+
3811 -+ err = check_and_subscribe_port(src_client, src_port, subs, true,
3812 -+ exclusive,
3813 -+ connector->number != src_client->number);
3814 -+ if (err < 0)
3815 -+ goto error;
3816 -+ err = check_and_subscribe_port(dest_client, dest_port, subs, false,
3817 -+ exclusive,
3818 -+ connector->number != dest_client->number);
3819 -+ if (err < 0)
3820 -+ goto error_dest;
3821 -
3822 -- up_write(&dest->list_mutex);
3823 -- up_write(&src->list_mutex);
3824 - return 0;
3825 -
3826 -- __error:
3827 -- if (src_called)
3828 -- unsubscribe_port(src_client, src_port, src, info,
3829 -- connector->number != src_client->number);
3830 -+ error_dest:
3831 -+ delete_and_unsubscribe_port(src_client, src_port, subs, true,
3832 -+ connector->number != src_client->number);
3833 -+ error:
3834 - kfree(subs);
3835 -- up_write(&dest->list_mutex);
3836 -- up_write(&src->list_mutex);
3837 - return err;
3838 - }
3839 -
3840 --
3841 - /* remove the connection */
3842 - int snd_seq_port_disconnect(struct snd_seq_client *connector,
3843 - struct snd_seq_client *src_client,
3844 -@@ -567,37 +603,28 @@ int snd_seq_port_disconnect(struct snd_seq_client *connector,
3845 - struct snd_seq_port_subscribe *info)
3846 - {
3847 - struct snd_seq_port_subs_info *src = &src_port->c_src;
3848 -- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
3849 - struct snd_seq_subscribers *subs;
3850 - int err = -ENOENT;
3851 -- unsigned long flags;
3852 -
3853 - down_write(&src->list_mutex);
3854 -- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
3855 --
3856 - /* look for the connection */
3857 - list_for_each_entry(subs, &src->list_head, src_list) {
3858 - if (match_subs_info(info, &subs->info)) {
3859 -- write_lock_irqsave(&src->list_lock, flags);
3860 -- // write_lock(&dest->list_lock); // no lock yet
3861 -- list_del(&subs->src_list);
3862 -- list_del(&subs->dest_list);
3863 -- // write_unlock(&dest->list_lock);
3864 -- write_unlock_irqrestore(&src->list_lock, flags);
3865 -- src->exclusive = dest->exclusive = 0;
3866 -- unsubscribe_port(src_client, src_port, src, info,
3867 -- connector->number != src_client->number);
3868 -- unsubscribe_port(dest_client, dest_port, dest, info,
3869 -- connector->number != dest_client->number);
3870 -- kfree(subs);
3871 -+ atomic_dec(&subs->ref_count); /* mark as not ready */
3872 - err = 0;
3873 - break;
3874 - }
3875 - }
3876 --
3877 -- up_write(&dest->list_mutex);
3878 - up_write(&src->list_mutex);
3879 -- return err;
3880 -+ if (err < 0)
3881 -+ return err;
3882 -+
3883 -+ delete_and_unsubscribe_port(src_client, src_port, subs, true,
3884 -+ connector->number != src_client->number);
3885 -+ delete_and_unsubscribe_port(dest_client, dest_port, subs, false,
3886 -+ connector->number != dest_client->number);
3887 -+ kfree(subs);
3888 -+ return 0;
3889 - }
3890 -
3891 -
3892 -diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c
3893 -index 82b220c..2931049 100644
3894 ---- a/sound/core/seq/seq_timer.c
3895 -+++ b/sound/core/seq/seq_timer.c
3896 -@@ -90,6 +90,9 @@ void snd_seq_timer_delete(struct snd_seq_timer **tmr)
3897 -
3898 - void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
3899 - {
3900 -+ unsigned long flags;
3901 -+
3902 -+ spin_lock_irqsave(&tmr->lock, flags);
3903 - /* setup defaults */
3904 - tmr->ppq = 96; /* 96 PPQ */
3905 - tmr->tempo = 500000; /* 120 BPM */
3906 -@@ -105,21 +108,25 @@ void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
3907 - tmr->preferred_resolution = seq_default_timer_resolution;
3908 -
3909 - tmr->skew = tmr->skew_base = SKEW_BASE;
3910 -+ spin_unlock_irqrestore(&tmr->lock, flags);
3911 - }
3912 -
3913 --void snd_seq_timer_reset(struct snd_seq_timer * tmr)
3914 -+static void seq_timer_reset(struct snd_seq_timer *tmr)
3915 - {
3916 -- unsigned long flags;
3917 --
3918 -- spin_lock_irqsave(&tmr->lock, flags);
3919 --
3920 - /* reset time & songposition */
3921 - tmr->cur_time.tv_sec = 0;
3922 - tmr->cur_time.tv_nsec = 0;
3923 -
3924 - tmr->tick.cur_tick = 0;
3925 - tmr->tick.fraction = 0;
3926 -+}
3927 -+
3928 -+void snd_seq_timer_reset(struct snd_seq_timer *tmr)
3929 -+{
3930 -+ unsigned long flags;
3931 -
3932 -+ spin_lock_irqsave(&tmr->lock, flags);
3933 -+ seq_timer_reset(tmr);
3934 - spin_unlock_irqrestore(&tmr->lock, flags);
3935 - }
3936 -
3937 -@@ -138,8 +145,11 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
3938 - tmr = q->timer;
3939 - if (tmr == NULL)
3940 - return;
3941 -- if (!tmr->running)
3942 -+ spin_lock_irqsave(&tmr->lock, flags);
3943 -+ if (!tmr->running) {
3944 -+ spin_unlock_irqrestore(&tmr->lock, flags);
3945 - return;
3946 -+ }
3947 -
3948 - resolution *= ticks;
3949 - if (tmr->skew != tmr->skew_base) {
3950 -@@ -148,8 +158,6 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
3951 - (((resolution & 0xffff) * tmr->skew) >> 16);
3952 - }
3953 -
3954 -- spin_lock_irqsave(&tmr->lock, flags);
3955 --
3956 - /* update timer */
3957 - snd_seq_inc_time_nsec(&tmr->cur_time, resolution);
3958 -
3959 -@@ -296,26 +304,30 @@ int snd_seq_timer_open(struct snd_seq_queue *q)
3960 - t->callback = snd_seq_timer_interrupt;
3961 - t->callback_data = q;
3962 - t->flags |= SNDRV_TIMER_IFLG_AUTO;
3963 -+ spin_lock_irq(&tmr->lock);
3964 - tmr->timeri = t;
3965 -+ spin_unlock_irq(&tmr->lock);
3966 - return 0;
3967 - }
3968 -
3969 - int snd_seq_timer_close(struct snd_seq_queue *q)
3970 - {
3971 - struct snd_seq_timer *tmr;
3972 -+ struct snd_timer_instance *t;
3973 -
3974 - tmr = q->timer;
3975 - if (snd_BUG_ON(!tmr))
3976 - return -EINVAL;
3977 -- if (tmr->timeri) {
3978 -- snd_timer_stop(tmr->timeri);
3979 -- snd_timer_close(tmr->timeri);
3980 -- tmr->timeri = NULL;
3981 -- }
3982 -+ spin_lock_irq(&tmr->lock);
3983 -+ t = tmr->timeri;
3984 -+ tmr->timeri = NULL;
3985 -+ spin_unlock_irq(&tmr->lock);
3986 -+ if (t)
3987 -+ snd_timer_close(t);
3988 - return 0;
3989 - }
3990 -
3991 --int snd_seq_timer_stop(struct snd_seq_timer * tmr)
3992 -+static int seq_timer_stop(struct snd_seq_timer *tmr)
3993 - {
3994 - if (! tmr->timeri)
3995 - return -EINVAL;
3996 -@@ -326,6 +338,17 @@ int snd_seq_timer_stop(struct snd_seq_timer * tmr)
3997 - return 0;
3998 - }
3999 -
4000 -+int snd_seq_timer_stop(struct snd_seq_timer *tmr)
4001 -+{
4002 -+ unsigned long flags;
4003 -+ int err;
4004 -+
4005 -+ spin_lock_irqsave(&tmr->lock, flags);
4006 -+ err = seq_timer_stop(tmr);
4007 -+ spin_unlock_irqrestore(&tmr->lock, flags);
4008 -+ return err;
4009 -+}
4010 -+
4011 - static int initialize_timer(struct snd_seq_timer *tmr)
4012 - {
4013 - struct snd_timer *t;
4014 -@@ -358,13 +381,13 @@ static int initialize_timer(struct snd_seq_timer *tmr)
4015 - return 0;
4016 - }
4017 -
4018 --int snd_seq_timer_start(struct snd_seq_timer * tmr)
4019 -+static int seq_timer_start(struct snd_seq_timer *tmr)
4020 - {
4021 - if (! tmr->timeri)
4022 - return -EINVAL;
4023 - if (tmr->running)
4024 -- snd_seq_timer_stop(tmr);
4025 -- snd_seq_timer_reset(tmr);
4026 -+ seq_timer_stop(tmr);
4027 -+ seq_timer_reset(tmr);
4028 - if (initialize_timer(tmr) < 0)
4029 - return -EINVAL;
4030 - snd_timer_start(tmr->timeri, tmr->ticks);
4031 -@@ -373,14 +396,25 @@ int snd_seq_timer_start(struct snd_seq_timer * tmr)
4032 - return 0;
4033 - }
4034 -
4035 --int snd_seq_timer_continue(struct snd_seq_timer * tmr)
4036 -+int snd_seq_timer_start(struct snd_seq_timer *tmr)
4037 -+{
4038 -+ unsigned long flags;
4039 -+ int err;
4040 -+
4041 -+ spin_lock_irqsave(&tmr->lock, flags);
4042 -+ err = seq_timer_start(tmr);
4043 -+ spin_unlock_irqrestore(&tmr->lock, flags);
4044 -+ return err;
4045 -+}
4046 -+
4047 -+static int seq_timer_continue(struct snd_seq_timer *tmr)
4048 - {
4049 - if (! tmr->timeri)
4050 - return -EINVAL;
4051 - if (tmr->running)
4052 - return -EBUSY;
4053 - if (! tmr->initialized) {
4054 -- snd_seq_timer_reset(tmr);
4055 -+ seq_timer_reset(tmr);
4056 - if (initialize_timer(tmr) < 0)
4057 - return -EINVAL;
4058 - }
4059 -@@ -390,11 +424,24 @@ int snd_seq_timer_continue(struct snd_seq_timer * tmr)
4060 - return 0;
4061 - }
4062 -
4063 -+int snd_seq_timer_continue(struct snd_seq_timer *tmr)
4064 -+{
4065 -+ unsigned long flags;
4066 -+ int err;
4067 -+
4068 -+ spin_lock_irqsave(&tmr->lock, flags);
4069 -+ err = seq_timer_continue(tmr);
4070 -+ spin_unlock_irqrestore(&tmr->lock, flags);
4071 -+ return err;
4072 -+}
4073 -+
4074 - /* return current 'real' time. use timeofday() to get better granularity. */
4075 - snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
4076 - {
4077 - snd_seq_real_time_t cur_time;
4078 -+ unsigned long flags;
4079 -
4080 -+ spin_lock_irqsave(&tmr->lock, flags);
4081 - cur_time = tmr->cur_time;
4082 - if (tmr->running) {
4083 - struct timeval tm;
4084 -@@ -410,7 +457,7 @@ snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
4085 - }
4086 - snd_seq_sanity_real_time(&cur_time);
4087 - }
4088 --
4089 -+ spin_unlock_irqrestore(&tmr->lock, flags);
4090 - return cur_time;
4091 - }
4092 -
4093 -diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c
4094 -index 56e0f4cd..81134e0 100644
4095 ---- a/sound/core/seq/seq_virmidi.c
4096 -+++ b/sound/core/seq/seq_virmidi.c
4097 -@@ -155,21 +155,26 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
4098 - struct snd_virmidi *vmidi = substream->runtime->private_data;
4099 - int count, res;
4100 - unsigned char buf[32], *pbuf;
4101 -+ unsigned long flags;
4102 -
4103 - if (up) {
4104 - vmidi->trigger = 1;
4105 - if (vmidi->seq_mode == SNDRV_VIRMIDI_SEQ_DISPATCH &&
4106 - !(vmidi->rdev->flags & SNDRV_VIRMIDI_SUBSCRIBE)) {
4107 -- snd_rawmidi_transmit_ack(substream, substream->runtime->buffer_size - substream->runtime->avail);
4108 -- return; /* ignored */
4109 -+ while (snd_rawmidi_transmit(substream, buf,
4110 -+ sizeof(buf)) > 0) {
4111 -+ /* ignored */
4112 -+ }
4113 -+ return;
4114 - }
4115 - if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
4116 - if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
4117 - return;
4118 - vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
4119 - }
4120 -+ spin_lock_irqsave(&substream->runtime->lock, flags);
4121 - while (1) {
4122 -- count = snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
4123 -+ count = __snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
4124 - if (count <= 0)
4125 - break;
4126 - pbuf = buf;
4127 -@@ -179,16 +184,18 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
4128 - snd_midi_event_reset_encode(vmidi->parser);
4129 - continue;
4130 - }
4131 -- snd_rawmidi_transmit_ack(substream, res);
4132 -+ __snd_rawmidi_transmit_ack(substream, res);
4133 - pbuf += res;
4134 - count -= res;
4135 - if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
4136 - if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
4137 -- return;
4138 -+ goto out;
4139 - vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
4140 - }
4141 - }
4142 - }
4143 -+ out:
4144 -+ spin_unlock_irqrestore(&substream->runtime->lock, flags);
4145 - } else {
4146 - vmidi->trigger = 0;
4147 - }
4148 -@@ -254,9 +261,13 @@ static int snd_virmidi_output_open(struct snd_rawmidi_substream *substream)
4149 - */
4150 - static int snd_virmidi_input_close(struct snd_rawmidi_substream *substream)
4151 - {
4152 -+ struct snd_virmidi_dev *rdev = substream->rmidi->private_data;
4153 - struct snd_virmidi *vmidi = substream->runtime->private_data;
4154 -- snd_midi_event_free(vmidi->parser);
4155 -+
4156 -+ write_lock_irq(&rdev->filelist_lock);
4157 - list_del(&vmidi->list);
4158 -+ write_unlock_irq(&rdev->filelist_lock);
4159 -+ snd_midi_event_free(vmidi->parser);
4160 - substream->runtime->private_data = NULL;
4161 - kfree(vmidi);
4162 - return 0;
4163 -diff --git a/sound/core/timer.c b/sound/core/timer.c
4164 -index 0a049c4..f24c9fc 100644
4165 ---- a/sound/core/timer.c
4166 -+++ b/sound/core/timer.c
4167 -@@ -305,8 +305,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
4168 - return 0;
4169 - }
4170 -
4171 --static int _snd_timer_stop(struct snd_timer_instance *timeri,
4172 -- int keep_flag, int event);
4173 -+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event);
4174 -
4175 - /*
4176 - * close a timer instance
4177 -@@ -348,7 +347,7 @@ int snd_timer_close(struct snd_timer_instance *timeri)
4178 - spin_unlock_irq(&timer->lock);
4179 - mutex_lock(&register_mutex);
4180 - list_del(&timeri->open_list);
4181 -- if (timer && list_empty(&timer->open_list_head) &&
4182 -+ if (list_empty(&timer->open_list_head) &&
4183 - timer->hw.close)
4184 - timer->hw.close(timer);
4185 - /* remove slave links */
4186 -@@ -423,7 +422,7 @@ static void snd_timer_notify1(struct snd_timer_instance *ti, int event)
4187 - spin_lock_irqsave(&timer->lock, flags);
4188 - list_for_each_entry(ts, &ti->slave_active_head, active_list)
4189 - if (ts->ccallback)
4190 -- ts->ccallback(ti, event + 100, &tstamp, resolution);
4191 -+ ts->ccallback(ts, event + 100, &tstamp, resolution);
4192 - spin_unlock_irqrestore(&timer->lock, flags);
4193 - }
4194 -
4195 -@@ -452,6 +451,10 @@ static int snd_timer_start_slave(struct snd_timer_instance *timeri)
4196 - unsigned long flags;
4197 -
4198 - spin_lock_irqsave(&slave_active_lock, flags);
4199 -+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
4200 -+ spin_unlock_irqrestore(&slave_active_lock, flags);
4201 -+ return -EBUSY;
4202 -+ }
4203 - timeri->flags |= SNDRV_TIMER_IFLG_RUNNING;
4204 - if (timeri->master && timeri->timer) {
4205 - spin_lock(&timeri->timer->lock);
4206 -@@ -476,7 +479,8 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
4207 - return -EINVAL;
4208 - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
4209 - result = snd_timer_start_slave(timeri);
4210 -- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
4211 -+ if (result >= 0)
4212 -+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
4213 - return result;
4214 - }
4215 - timer = timeri->timer;
4216 -@@ -485,16 +489,22 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
4217 - if (timer->card && timer->card->shutdown)
4218 - return -ENODEV;
4219 - spin_lock_irqsave(&timer->lock, flags);
4220 -+ if (timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
4221 -+ SNDRV_TIMER_IFLG_START)) {
4222 -+ result = -EBUSY;
4223 -+ goto unlock;
4224 -+ }
4225 - timeri->ticks = timeri->cticks = ticks;
4226 - timeri->pticks = 0;
4227 - result = snd_timer_start1(timer, timeri, ticks);
4228 -+ unlock:
4229 - spin_unlock_irqrestore(&timer->lock, flags);
4230 -- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
4231 -+ if (result >= 0)
4232 -+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
4233 - return result;
4234 - }
4235 -
4236 --static int _snd_timer_stop(struct snd_timer_instance * timeri,
4237 -- int keep_flag, int event)
4238 -+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event)
4239 - {
4240 - struct snd_timer *timer;
4241 - unsigned long flags;
4242 -@@ -503,19 +513,30 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
4243 - return -ENXIO;
4244 -
4245 - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
4246 -- if (!keep_flag) {
4247 -- spin_lock_irqsave(&slave_active_lock, flags);
4248 -- timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
4249 -- list_del_init(&timeri->ack_list);
4250 -- list_del_init(&timeri->active_list);
4251 -+ spin_lock_irqsave(&slave_active_lock, flags);
4252 -+ if (!(timeri->flags & SNDRV_TIMER_IFLG_RUNNING)) {
4253 - spin_unlock_irqrestore(&slave_active_lock, flags);
4254 -+ return -EBUSY;
4255 - }
4256 -+ if (timeri->timer)
4257 -+ spin_lock(&timeri->timer->lock);
4258 -+ timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
4259 -+ list_del_init(&timeri->ack_list);
4260 -+ list_del_init(&timeri->active_list);
4261 -+ if (timeri->timer)
4262 -+ spin_unlock(&timeri->timer->lock);
4263 -+ spin_unlock_irqrestore(&slave_active_lock, flags);
4264 - goto __end;
4265 - }
4266 - timer = timeri->timer;
4267 - if (!timer)
4268 - return -EINVAL;
4269 - spin_lock_irqsave(&timer->lock, flags);
4270 -+ if (!(timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
4271 -+ SNDRV_TIMER_IFLG_START))) {
4272 -+ spin_unlock_irqrestore(&timer->lock, flags);
4273 -+ return -EBUSY;
4274 -+ }
4275 - list_del_init(&timeri->ack_list);
4276 - list_del_init(&timeri->active_list);
4277 - if (timer->card && timer->card->shutdown) {
4278 -@@ -534,9 +555,7 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
4279 - }
4280 - }
4281 - }
4282 -- if (!keep_flag)
4283 -- timeri->flags &=
4284 -- ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
4285 -+ timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
4286 - spin_unlock_irqrestore(&timer->lock, flags);
4287 - __end:
4288 - if (event != SNDRV_TIMER_EVENT_RESOLUTION)
4289 -@@ -555,7 +574,7 @@ int snd_timer_stop(struct snd_timer_instance *timeri)
4290 - unsigned long flags;
4291 - int err;
4292 -
4293 -- err = _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_STOP);
4294 -+ err = _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_STOP);
4295 - if (err < 0)
4296 - return err;
4297 - timer = timeri->timer;
4298 -@@ -587,10 +606,15 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
4299 - if (timer->card && timer->card->shutdown)
4300 - return -ENODEV;
4301 - spin_lock_irqsave(&timer->lock, flags);
4302 -+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
4303 -+ result = -EBUSY;
4304 -+ goto unlock;
4305 -+ }
4306 - if (!timeri->cticks)
4307 - timeri->cticks = 1;
4308 - timeri->pticks = 0;
4309 - result = snd_timer_start1(timer, timeri, timer->sticks);
4310 -+ unlock:
4311 - spin_unlock_irqrestore(&timer->lock, flags);
4312 - snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_CONTINUE);
4313 - return result;
4314 -@@ -601,7 +625,7 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
4315 - */
4316 - int snd_timer_pause(struct snd_timer_instance * timeri)
4317 - {
4318 -- return _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_PAUSE);
4319 -+ return _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_PAUSE);
4320 - }
4321 -
4322 - /*
4323 -@@ -724,8 +748,8 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left)
4324 - ti->cticks = ti->ticks;
4325 - } else {
4326 - ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
4327 -- if (--timer->running)
4328 -- list_del_init(&ti->active_list);
4329 -+ --timer->running;
4330 -+ list_del_init(&ti->active_list);
4331 - }
4332 - if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) ||
4333 - (ti->flags & SNDRV_TIMER_IFLG_FAST))
4334 -@@ -1900,6 +1924,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
4335 - {
4336 - struct snd_timer_user *tu;
4337 - long result = 0, unit;
4338 -+ int qhead;
4339 - int err = 0;
4340 -
4341 - tu = file->private_data;
4342 -@@ -1911,7 +1936,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
4343 -
4344 - if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
4345 - err = -EAGAIN;
4346 -- break;
4347 -+ goto _error;
4348 - }
4349 -
4350 - set_current_state(TASK_INTERRUPTIBLE);
4351 -@@ -1926,42 +1951,37 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
4352 -
4353 - if (tu->disconnected) {
4354 - err = -ENODEV;
4355 -- break;
4356 -+ goto _error;
4357 - }
4358 - if (signal_pending(current)) {
4359 - err = -ERESTARTSYS;
4360 -- break;
4361 -+ goto _error;
4362 - }
4363 - }
4364 -
4365 -+ qhead = tu->qhead++;
4366 -+ tu->qhead %= tu->queue_size;
4367 - spin_unlock_irq(&tu->qlock);
4368 -- if (err < 0)
4369 -- goto _error;
4370 -
4371 - if (tu->tread) {
4372 -- if (copy_to_user(buffer, &tu->tqueue[tu->qhead++],
4373 -- sizeof(struct snd_timer_tread))) {
4374 -+ if (copy_to_user(buffer, &tu->tqueue[qhead],
4375 -+ sizeof(struct snd_timer_tread)))
4376 - err = -EFAULT;
4377 -- goto _error;
4378 -- }
4379 - } else {
4380 -- if (copy_to_user(buffer, &tu->queue[tu->qhead++],
4381 -- sizeof(struct snd_timer_read))) {
4382 -+ if (copy_to_user(buffer, &tu->queue[qhead],
4383 -+ sizeof(struct snd_timer_read)))
4384 - err = -EFAULT;
4385 -- goto _error;
4386 -- }
4387 - }
4388 -
4389 -- tu->qhead %= tu->queue_size;
4390 --
4391 -- result += unit;
4392 -- buffer += unit;
4393 --
4394 - spin_lock_irq(&tu->qlock);
4395 - tu->qused--;
4396 -+ if (err < 0)
4397 -+ goto _error;
4398 -+ result += unit;
4399 -+ buffer += unit;
4400 - }
4401 -- spin_unlock_irq(&tu->qlock);
4402 - _error:
4403 -+ spin_unlock_irq(&tu->qlock);
4404 - return result > 0 ? result : err;
4405 - }
4406 -
4407 -diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
4408 -index 016e451..a9f7a75 100644
4409 ---- a/sound/drivers/dummy.c
4410 -+++ b/sound/drivers/dummy.c
4411 -@@ -109,6 +109,9 @@ struct dummy_timer_ops {
4412 - snd_pcm_uframes_t (*pointer)(struct snd_pcm_substream *);
4413 - };
4414 -
4415 -+#define get_dummy_ops(substream) \
4416 -+ (*(const struct dummy_timer_ops **)(substream)->runtime->private_data)
4417 -+
4418 - struct dummy_model {
4419 - const char *name;
4420 - int (*playback_constraints)(struct snd_pcm_runtime *runtime);
4421 -@@ -137,7 +140,6 @@ struct snd_dummy {
4422 - int iobox;
4423 - struct snd_kcontrol *cd_volume_ctl;
4424 - struct snd_kcontrol *cd_switch_ctl;
4425 -- const struct dummy_timer_ops *timer_ops;
4426 - };
4427 -
4428 - /*
4429 -@@ -231,6 +233,8 @@ static struct dummy_model *dummy_models[] = {
4430 - */
4431 -
4432 - struct dummy_systimer_pcm {
4433 -+ /* ops must be the first item */
4434 -+ const struct dummy_timer_ops *timer_ops;
4435 - spinlock_t lock;
4436 - struct timer_list timer;
4437 - unsigned long base_time;
4438 -@@ -366,6 +370,8 @@ static struct dummy_timer_ops dummy_systimer_ops = {
4439 - */
4440 -
4441 - struct dummy_hrtimer_pcm {
4442 -+ /* ops must be the first item */
4443 -+ const struct dummy_timer_ops *timer_ops;
4444 - ktime_t base_time;
4445 - ktime_t period_time;
4446 - atomic_t running;
4447 -@@ -492,31 +498,25 @@ static struct dummy_timer_ops dummy_hrtimer_ops = {
4448 -
4449 - static int dummy_pcm_trigger(struct snd_pcm_substream *substream, int cmd)
4450 - {
4451 -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
4452 --
4453 - switch (cmd) {
4454 - case SNDRV_PCM_TRIGGER_START:
4455 - case SNDRV_PCM_TRIGGER_RESUME:
4456 -- return dummy->timer_ops->start(substream);
4457 -+ return get_dummy_ops(substream)->start(substream);
4458 - case SNDRV_PCM_TRIGGER_STOP:
4459 - case SNDRV_PCM_TRIGGER_SUSPEND:
4460 -- return dummy->timer_ops->stop(substream);
4461 -+ return get_dummy_ops(substream)->stop(substream);
4462 - }
4463 - return -EINVAL;
4464 - }
4465 -
4466 - static int dummy_pcm_prepare(struct snd_pcm_substream *substream)
4467 - {
4468 -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
4469 --
4470 -- return dummy->timer_ops->prepare(substream);
4471 -+ return get_dummy_ops(substream)->prepare(substream);
4472 - }
4473 -
4474 - static snd_pcm_uframes_t dummy_pcm_pointer(struct snd_pcm_substream *substream)
4475 - {
4476 -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
4477 --
4478 -- return dummy->timer_ops->pointer(substream);
4479 -+ return get_dummy_ops(substream)->pointer(substream);
4480 - }
4481 -
4482 - static struct snd_pcm_hardware dummy_pcm_hardware = {
4483 -@@ -562,17 +562,19 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
4484 - struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
4485 - struct dummy_model *model = dummy->model;
4486 - struct snd_pcm_runtime *runtime = substream->runtime;
4487 -+ const struct dummy_timer_ops *ops;
4488 - int err;
4489 -
4490 -- dummy->timer_ops = &dummy_systimer_ops;
4491 -+ ops = &dummy_systimer_ops;
4492 - #ifdef CONFIG_HIGH_RES_TIMERS
4493 - if (hrtimer)
4494 -- dummy->timer_ops = &dummy_hrtimer_ops;
4495 -+ ops = &dummy_hrtimer_ops;
4496 - #endif
4497 -
4498 -- err = dummy->timer_ops->create(substream);
4499 -+ err = ops->create(substream);
4500 - if (err < 0)
4501 - return err;
4502 -+ get_dummy_ops(substream) = ops;
4503 -
4504 - runtime->hw = dummy->pcm_hw;
4505 - if (substream->pcm->device & 1) {
4506 -@@ -594,7 +596,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
4507 - err = model->capture_constraints(substream->runtime);
4508 - }
4509 - if (err < 0) {
4510 -- dummy->timer_ops->free(substream);
4511 -+ get_dummy_ops(substream)->free(substream);
4512 - return err;
4513 - }
4514 - return 0;
4515 -@@ -602,8 +604,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
4516 -
4517 - static int dummy_pcm_close(struct snd_pcm_substream *substream)
4518 - {
4519 -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
4520 -- dummy->timer_ops->free(substream);
4521 -+ get_dummy_ops(substream)->free(substream);
4522 - return 0;
4523 - }
4524 -
4525 -diff --git a/sound/firewire/bebob/bebob_stream.c b/sound/firewire/bebob/bebob_stream.c
4526 -index 926e5dc..5022c9b 100644
4527 ---- a/sound/firewire/bebob/bebob_stream.c
4528 -+++ b/sound/firewire/bebob/bebob_stream.c
4529 -@@ -47,14 +47,16 @@ static const unsigned int bridgeco_freq_table[] = {
4530 - [6] = 0x07,
4531 - };
4532 -
4533 --static unsigned int
4534 --get_formation_index(unsigned int rate)
4535 -+static int
4536 -+get_formation_index(unsigned int rate, unsigned int *index)
4537 - {
4538 - unsigned int i;
4539 -
4540 - for (i = 0; i < ARRAY_SIZE(snd_bebob_rate_table); i++) {
4541 -- if (snd_bebob_rate_table[i] == rate)
4542 -- return i;
4543 -+ if (snd_bebob_rate_table[i] == rate) {
4544 -+ *index = i;
4545 -+ return 0;
4546 -+ }
4547 - }
4548 - return -EINVAL;
4549 - }
4550 -@@ -425,7 +427,9 @@ make_both_connections(struct snd_bebob *bebob, unsigned int rate)
4551 - goto end;
4552 -
4553 - /* confirm params for both streams */
4554 -- index = get_formation_index(rate);
4555 -+ err = get_formation_index(rate, &index);
4556 -+ if (err < 0)
4557 -+ goto end;
4558 - pcm_channels = bebob->tx_stream_formations[index].pcm;
4559 - midi_channels = bebob->tx_stream_formations[index].midi;
4560 - err = amdtp_am824_set_parameters(&bebob->tx_stream, rate,
4561 -diff --git a/sound/isa/Kconfig b/sound/isa/Kconfig
4562 -index 0216475..37adcc6 100644
4563 ---- a/sound/isa/Kconfig
4564 -+++ b/sound/isa/Kconfig
4565 -@@ -3,6 +3,7 @@
4566 - config SND_WSS_LIB
4567 - tristate
4568 - select SND_PCM
4569 -+ select SND_TIMER
4570 -
4571 - config SND_SB_COMMON
4572 - tristate
4573 -@@ -42,6 +43,7 @@ config SND_AD1816A
4574 - select SND_OPL3_LIB
4575 - select SND_MPU401_UART
4576 - select SND_PCM
4577 -+ select SND_TIMER
4578 - help
4579 - Say Y here to include support for Analog Devices SoundPort
4580 - AD1816A or compatible sound chips.
4581 -@@ -209,6 +211,7 @@ config SND_GUSCLASSIC
4582 - tristate "Gravis UltraSound Classic"
4583 - select SND_RAWMIDI
4584 - select SND_PCM
4585 -+ select SND_TIMER
4586 - help
4587 - Say Y here to include support for Gravis UltraSound Classic
4588 - soundcards.
4589 -@@ -221,6 +224,7 @@ config SND_GUSEXTREME
4590 - select SND_OPL3_LIB
4591 - select SND_MPU401_UART
4592 - select SND_PCM
4593 -+ select SND_TIMER
4594 - help
4595 - Say Y here to include support for Gravis UltraSound Extreme
4596 - soundcards.
4597 -diff --git a/sound/pci/Kconfig b/sound/pci/Kconfig
4598 -index 656ce39..8f6594a 100644
4599 ---- a/sound/pci/Kconfig
4600 -+++ b/sound/pci/Kconfig
4601 -@@ -155,6 +155,7 @@ config SND_AZT3328
4602 - select SND_PCM
4603 - select SND_RAWMIDI
4604 - select SND_AC97_CODEC
4605 -+ select SND_TIMER
4606 - depends on ZONE_DMA
4607 - help
4608 - Say Y here to include support for Aztech AZF3328 (PCI168)
4609 -@@ -463,6 +464,7 @@ config SND_EMU10K1
4610 - select SND_HWDEP
4611 - select SND_RAWMIDI
4612 - select SND_AC97_CODEC
4613 -+ select SND_TIMER
4614 - depends on ZONE_DMA
4615 - help
4616 - Say Y to include support for Sound Blaster PCI 512, Live!,
4617 -@@ -889,6 +891,7 @@ config SND_YMFPCI
4618 - select SND_OPL3_LIB
4619 - select SND_MPU401_UART
4620 - select SND_AC97_CODEC
4621 -+ select SND_TIMER
4622 - help
4623 - Say Y here to include support for Yamaha PCI audio chips -
4624 - YMF724, YMF724F, YMF740, YMF740C, YMF744, YMF754.
4625 -diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
4626 -index c6e8a65..5c4fa8e 100644
4627 ---- a/sound/pci/hda/hda_generic.c
4628 -+++ b/sound/pci/hda/hda_generic.c
4629 -@@ -771,9 +771,6 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
4630 - unsigned int caps;
4631 - unsigned int mask, val;
4632 -
4633 -- if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
4634 -- return;
4635 --
4636 - caps = query_amp_caps(codec, nid, dir);
4637 - val = get_amp_val_to_activate(codec, nid, dir, caps, enable);
4638 - mask = get_amp_mask_to_modify(codec, nid, dir, idx_to_check, caps);
4639 -@@ -784,12 +781,22 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
4640 - update_amp(codec, nid, dir, idx, mask, val);
4641 - }
4642 -
4643 -+static void check_and_activate_amp(struct hda_codec *codec, hda_nid_t nid,
4644 -+ int dir, int idx, int idx_to_check,
4645 -+ bool enable)
4646 -+{
4647 -+ /* check whether the given amp is still used by others */
4648 -+ if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
4649 -+ return;
4650 -+ activate_amp(codec, nid, dir, idx, idx_to_check, enable);
4651 -+}
4652 -+
4653 - static void activate_amp_out(struct hda_codec *codec, struct nid_path *path,
4654 - int i, bool enable)
4655 - {
4656 - hda_nid_t nid = path->path[i];
4657 - init_amp(codec, nid, HDA_OUTPUT, 0);
4658 -- activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
4659 -+ check_and_activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
4660 - }
4661 -
4662 - static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
4663 -@@ -817,9 +824,16 @@ static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
4664 - * when aa-mixer is available, we need to enable the path as well
4665 - */
4666 - for (n = 0; n < nums; n++) {
4667 -- if (n != idx && (!add_aamix || conn[n] != spec->mixer_merge_nid))
4668 -- continue;
4669 -- activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
4670 -+ if (n != idx) {
4671 -+ if (conn[n] != spec->mixer_merge_nid)
4672 -+ continue;
4673 -+ /* when aamix is disabled, force to off */
4674 -+ if (!add_aamix) {
4675 -+ activate_amp(codec, nid, HDA_INPUT, n, n, false);
4676 -+ continue;
4677 -+ }
4678 -+ }
4679 -+ check_and_activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
4680 - }
4681 - }
4682 -
4683 -@@ -1580,6 +1594,12 @@ static bool map_singles(struct hda_codec *codec, int outs,
4684 - return found;
4685 - }
4686 -
4687 -+static inline bool has_aamix_out_paths(struct hda_gen_spec *spec)
4688 -+{
4689 -+ return spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
4690 -+ spec->aamix_out_paths[2];
4691 -+}
4692 -+
4693 - /* create a new path including aamix if available, and return its index */
4694 - static int check_aamix_out_path(struct hda_codec *codec, int path_idx)
4695 - {
4696 -@@ -2422,25 +2442,51 @@ static void update_aamix_paths(struct hda_codec *codec, bool do_mix,
4697 - }
4698 - }
4699 -
4700 -+/* re-initialize the output paths; only called from loopback_mixing_put() */
4701 -+static void update_output_paths(struct hda_codec *codec, int num_outs,
4702 -+ const int *paths)
4703 -+{
4704 -+ struct hda_gen_spec *spec = codec->spec;
4705 -+ struct nid_path *path;
4706 -+ int i;
4707 -+
4708 -+ for (i = 0; i < num_outs; i++) {
4709 -+ path = snd_hda_get_path_from_idx(codec, paths[i]);
4710 -+ if (path)
4711 -+ snd_hda_activate_path(codec, path, path->active,
4712 -+ spec->aamix_mode);
4713 -+ }
4714 -+}
4715 -+
4716 - static int loopback_mixing_put(struct snd_kcontrol *kcontrol,
4717 - struct snd_ctl_elem_value *ucontrol)
4718 - {
4719 - struct hda_codec *codec = snd_kcontrol_chip(kcontrol);
4720 - struct hda_gen_spec *spec = codec->spec;
4721 -+ const struct auto_pin_cfg *cfg = &spec->autocfg;
4722 - unsigned int val = ucontrol->value.enumerated.item[0];
4723 -
4724 - if (val == spec->aamix_mode)
4725 - return 0;
4726 - spec->aamix_mode = val;
4727 -- update_aamix_paths(codec, val, spec->out_paths[0],
4728 -- spec->aamix_out_paths[0],
4729 -- spec->autocfg.line_out_type);
4730 -- update_aamix_paths(codec, val, spec->hp_paths[0],
4731 -- spec->aamix_out_paths[1],
4732 -- AUTO_PIN_HP_OUT);
4733 -- update_aamix_paths(codec, val, spec->speaker_paths[0],
4734 -- spec->aamix_out_paths[2],
4735 -- AUTO_PIN_SPEAKER_OUT);
4736 -+ if (has_aamix_out_paths(spec)) {
4737 -+ update_aamix_paths(codec, val, spec->out_paths[0],
4738 -+ spec->aamix_out_paths[0],
4739 -+ cfg->line_out_type);
4740 -+ update_aamix_paths(codec, val, spec->hp_paths[0],
4741 -+ spec->aamix_out_paths[1],
4742 -+ AUTO_PIN_HP_OUT);
4743 -+ update_aamix_paths(codec, val, spec->speaker_paths[0],
4744 -+ spec->aamix_out_paths[2],
4745 -+ AUTO_PIN_SPEAKER_OUT);
4746 -+ } else {
4747 -+ update_output_paths(codec, cfg->line_outs, spec->out_paths);
4748 -+ if (cfg->line_out_type != AUTO_PIN_HP_OUT)
4749 -+ update_output_paths(codec, cfg->hp_outs, spec->hp_paths);
4750 -+ if (cfg->line_out_type != AUTO_PIN_SPEAKER_OUT)
4751 -+ update_output_paths(codec, cfg->speaker_outs,
4752 -+ spec->speaker_paths);
4753 -+ }
4754 - return 1;
4755 - }
4756 -
4757 -@@ -2458,12 +2504,13 @@ static int create_loopback_mixing_ctl(struct hda_codec *codec)
4758 -
4759 - if (!spec->mixer_nid)
4760 - return 0;
4761 -- if (!(spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
4762 -- spec->aamix_out_paths[2]))
4763 -- return 0;
4764 - if (!snd_hda_gen_add_kctl(spec, NULL, &loopback_mixing_enum))
4765 - return -ENOMEM;
4766 - spec->have_aamix_ctl = 1;
4767 -+ /* if no explicit aamix path is present (e.g. for Realtek codecs),
4768 -+ * enable aamix as default -- just for compatibility
4769 -+ */
4770 -+ spec->aamix_mode = !has_aamix_out_paths(spec);
4771 - return 0;
4772 - }
4773 -
4774 -@@ -3998,9 +4045,9 @@ static void pin_power_callback(struct hda_codec *codec,
4775 - struct hda_jack_callback *jack,
4776 - bool on)
4777 - {
4778 -- if (jack && jack->tbl->nid)
4779 -+ if (jack && jack->nid)
4780 - sync_power_state_change(codec,
4781 -- set_pin_power_jack(codec, jack->tbl->nid, on));
4782 -+ set_pin_power_jack(codec, jack->nid, on));
4783 - }
4784 -
4785 - /* callback only doing power up -- called at first */
4786 -@@ -5664,6 +5711,8 @@ static void init_aamix_paths(struct hda_codec *codec)
4787 -
4788 - if (!spec->have_aamix_ctl)
4789 - return;
4790 -+ if (!has_aamix_out_paths(spec))
4791 -+ return;
4792 - update_aamix_paths(codec, spec->aamix_mode, spec->out_paths[0],
4793 - spec->aamix_out_paths[0],
4794 - spec->autocfg.line_out_type);
4795 -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
4796 -index 614baff..02a86ba 100644
4797 ---- a/sound/pci/hda/hda_intel.c
4798 -+++ b/sound/pci/hda/hda_intel.c
4799 -@@ -90,6 +90,8 @@ enum {
4800 - #define NVIDIA_HDA_ENABLE_COHBIT 0x01
4801 -
4802 - /* Defines for Intel SCH HDA snoop control */
4803 -+#define INTEL_HDA_CGCTL 0x48
4804 -+#define INTEL_HDA_CGCTL_MISCBDCGE (0x1 << 6)
4805 - #define INTEL_SCH_HDA_DEVC 0x78
4806 - #define INTEL_SCH_HDA_DEVC_NOSNOOP (0x1<<11)
4807 -
4808 -@@ -528,10 +530,21 @@ static void hda_intel_init_chip(struct azx *chip, bool full_reset)
4809 - {
4810 - struct hdac_bus *bus = azx_bus(chip);
4811 - struct pci_dev *pci = chip->pci;
4812 -+ u32 val;
4813 -
4814 - if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL)
4815 - snd_hdac_set_codec_wakeup(bus, true);
4816 -+ if (IS_BROXTON(pci)) {
4817 -+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
4818 -+ val = val & ~INTEL_HDA_CGCTL_MISCBDCGE;
4819 -+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
4820 -+ }
4821 - azx_init_chip(chip, full_reset);
4822 -+ if (IS_BROXTON(pci)) {
4823 -+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
4824 -+ val = val | INTEL_HDA_CGCTL_MISCBDCGE;
4825 -+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
4826 -+ }
4827 - if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL)
4828 - snd_hdac_set_codec_wakeup(bus, false);
4829 -
4830 -diff --git a/sound/pci/hda/hda_jack.c b/sound/pci/hda/hda_jack.c
4831 -index c945e25..a33234e 100644
4832 ---- a/sound/pci/hda/hda_jack.c
4833 -+++ b/sound/pci/hda/hda_jack.c
4834 -@@ -259,7 +259,7 @@ snd_hda_jack_detect_enable_callback(struct hda_codec *codec, hda_nid_t nid,
4835 - if (!callback)
4836 - return ERR_PTR(-ENOMEM);
4837 - callback->func = func;
4838 -- callback->tbl = jack;
4839 -+ callback->nid = jack->nid;
4840 - callback->next = jack->callback;
4841 - jack->callback = callback;
4842 - }
4843 -diff --git a/sound/pci/hda/hda_jack.h b/sound/pci/hda/hda_jack.h
4844 -index 858708a..e9814c0 100644
4845 ---- a/sound/pci/hda/hda_jack.h
4846 -+++ b/sound/pci/hda/hda_jack.h
4847 -@@ -21,7 +21,7 @@ struct hda_jack_callback;
4848 - typedef void (*hda_jack_callback_fn) (struct hda_codec *, struct hda_jack_callback *);
4849 -
4850 - struct hda_jack_callback {
4851 -- struct hda_jack_tbl *tbl;
4852 -+ hda_nid_t nid;
4853 - hda_jack_callback_fn func;
4854 - unsigned int private_data; /* arbitrary data */
4855 - struct hda_jack_callback *next;
4856 -diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
4857 -index 4ef2259..9ceb2bc 100644
4858 ---- a/sound/pci/hda/patch_ca0132.c
4859 -+++ b/sound/pci/hda/patch_ca0132.c
4860 -@@ -4427,13 +4427,16 @@ static void ca0132_process_dsp_response(struct hda_codec *codec,
4861 - static void hp_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
4862 - {
4863 - struct ca0132_spec *spec = codec->spec;
4864 -+ struct hda_jack_tbl *tbl;
4865 -
4866 - /* Delay enabling the HP amp, to let the mic-detection
4867 - * state machine run.
4868 - */
4869 - cancel_delayed_work_sync(&spec->unsol_hp_work);
4870 - schedule_delayed_work(&spec->unsol_hp_work, msecs_to_jiffies(500));
4871 -- cb->tbl->block_report = 1;
4872 -+ tbl = snd_hda_jack_tbl_get(codec, cb->nid);
4873 -+ if (tbl)
4874 -+ tbl->block_report = 1;
4875 - }
4876 -
4877 - static void amic_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
4878 -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
4879 -index a12ae8a..c1c855a 100644
4880 ---- a/sound/pci/hda/patch_cirrus.c
4881 -+++ b/sound/pci/hda/patch_cirrus.c
4882 -@@ -614,6 +614,7 @@ enum {
4883 - CS4208_MAC_AUTO,
4884 - CS4208_MBA6,
4885 - CS4208_MBP11,
4886 -+ CS4208_MACMINI,
4887 - CS4208_GPIO0,
4888 - };
4889 -
4890 -@@ -621,6 +622,7 @@ static const struct hda_model_fixup cs4208_models[] = {
4891 - { .id = CS4208_GPIO0, .name = "gpio0" },
4892 - { .id = CS4208_MBA6, .name = "mba6" },
4893 - { .id = CS4208_MBP11, .name = "mbp11" },
4894 -+ { .id = CS4208_MACMINI, .name = "macmini" },
4895 - {}
4896 - };
4897 -
4898 -@@ -632,6 +634,7 @@ static const struct snd_pci_quirk cs4208_fixup_tbl[] = {
4899 - /* codec SSID matching */
4900 - static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
4901 - SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
4902 -+ SND_PCI_QUIRK(0x106b, 0x6c00, "MacMini 7,1", CS4208_MACMINI),
4903 - SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
4904 - SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
4905 - SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
4906 -@@ -666,6 +669,24 @@ static void cs4208_fixup_mac(struct hda_codec *codec,
4907 - snd_hda_apply_fixup(codec, action);
4908 - }
4909 -
4910 -+/* MacMini 7,1 has the inverted jack detection */
4911 -+static void cs4208_fixup_macmini(struct hda_codec *codec,
4912 -+ const struct hda_fixup *fix, int action)
4913 -+{
4914 -+ static const struct hda_pintbl pincfgs[] = {
4915 -+ { 0x18, 0x00ab9150 }, /* mic (audio-in) jack: disable detect */
4916 -+ { 0x21, 0x004be140 }, /* SPDIF: disable detect */
4917 -+ { }
4918 -+ };
4919 -+
4920 -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
4921 -+ /* HP pin (0x10) has an inverted detection */
4922 -+ codec->inv_jack_detect = 1;
4923 -+ /* disable the bogus Mic and SPDIF jack detections */
4924 -+ snd_hda_apply_pincfgs(codec, pincfgs);
4925 -+ }
4926 -+}
4927 -+
4928 - static int cs4208_spdif_sw_put(struct snd_kcontrol *kcontrol,
4929 - struct snd_ctl_elem_value *ucontrol)
4930 - {
4931 -@@ -709,6 +730,12 @@ static const struct hda_fixup cs4208_fixups[] = {
4932 - .chained = true,
4933 - .chain_id = CS4208_GPIO0,
4934 - },
4935 -+ [CS4208_MACMINI] = {
4936 -+ .type = HDA_FIXUP_FUNC,
4937 -+ .v.func = cs4208_fixup_macmini,
4938 -+ .chained = true,
4939 -+ .chain_id = CS4208_GPIO0,
4940 -+ },
4941 - [CS4208_GPIO0] = {
4942 - .type = HDA_FIXUP_FUNC,
4943 - .v.func = cs4208_fixup_gpio0,
4944 -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
4945 -index 4b6fb66..70c9456 100644
4946 ---- a/sound/pci/hda/patch_hdmi.c
4947 -+++ b/sound/pci/hda/patch_hdmi.c
4948 -@@ -438,7 +438,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol,
4949 - eld = &per_pin->sink_eld;
4950 -
4951 - mutex_lock(&per_pin->lock);
4952 -- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) {
4953 -+ if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) ||
4954 -+ eld->eld_size > ELD_MAX_SIZE) {
4955 - mutex_unlock(&per_pin->lock);
4956 - snd_BUG();
4957 - return -EINVAL;
4958 -@@ -1183,7 +1184,7 @@ static void check_presence_and_report(struct hda_codec *codec, hda_nid_t nid)
4959 - static void jack_callback(struct hda_codec *codec,
4960 - struct hda_jack_callback *jack)
4961 - {
4962 -- check_presence_and_report(codec, jack->tbl->nid);
4963 -+ check_presence_and_report(codec, jack->nid);
4964 - }
4965 -
4966 - static void hdmi_intrinsic_event(struct hda_codec *codec, unsigned int res)
4967 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
4968 -index 3375324..efd4980 100644
4969 ---- a/sound/pci/hda/patch_realtek.c
4970 -+++ b/sound/pci/hda/patch_realtek.c
4971 -@@ -282,7 +282,7 @@ static void alc_update_knob_master(struct hda_codec *codec,
4972 - uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
4973 - if (!uctl)
4974 - return;
4975 -- val = snd_hda_codec_read(codec, jack->tbl->nid, 0,
4976 -+ val = snd_hda_codec_read(codec, jack->nid, 0,
4977 - AC_VERB_GET_VOLUME_KNOB_CONTROL, 0);
4978 - val &= HDA_AMP_VOLMASK;
4979 - uctl->value.integer.value[0] = val;
4980 -@@ -327,6 +327,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
4981 - case 0x10ec0292:
4982 - alc_update_coef_idx(codec, 0x4, 1<<15, 0);
4983 - break;
4984 -+ case 0x10ec0225:
4985 - case 0x10ec0233:
4986 - case 0x10ec0255:
4987 - case 0x10ec0256:
4988 -@@ -900,6 +901,7 @@ static struct alc_codec_rename_pci_table rename_pci_tbl[] = {
4989 - { 0x10ec0899, 0x1028, 0, "ALC3861" },
4990 - { 0x10ec0298, 0x1028, 0, "ALC3266" },
4991 - { 0x10ec0256, 0x1028, 0, "ALC3246" },
4992 -+ { 0x10ec0225, 0x1028, 0, "ALC3253" },
4993 - { 0x10ec0670, 0x1025, 0, "ALC669X" },
4994 - { 0x10ec0676, 0x1025, 0, "ALC679X" },
4995 - { 0x10ec0282, 0x1043, 0, "ALC3229" },
4996 -@@ -1785,7 +1787,6 @@ enum {
4997 - ALC882_FIXUP_NO_PRIMARY_HP,
4998 - ALC887_FIXUP_ASUS_BASS,
4999 - ALC887_FIXUP_BASS_CHMAP,
5000 -- ALC882_FIXUP_DISABLE_AAMIX,
5001 - };
5002 -
5003 - static void alc889_fixup_coef(struct hda_codec *codec,
5004 -@@ -1947,8 +1948,6 @@ static void alc882_fixup_no_primary_hp(struct hda_codec *codec,
5005 -
5006 - static void alc_fixup_bass_chmap(struct hda_codec *codec,
5007 - const struct hda_fixup *fix, int action);
5008 --static void alc_fixup_disable_aamix(struct hda_codec *codec,
5009 -- const struct hda_fixup *fix, int action);
5010 -
5011 - static const struct hda_fixup alc882_fixups[] = {
5012 - [ALC882_FIXUP_ABIT_AW9D_MAX] = {
5013 -@@ -2186,10 +2185,6 @@ static const struct hda_fixup alc882_fixups[] = {
5014 - .type = HDA_FIXUP_FUNC,
5015 - .v.func = alc_fixup_bass_chmap,
5016 - },
5017 -- [ALC882_FIXUP_DISABLE_AAMIX] = {
5018 -- .type = HDA_FIXUP_FUNC,
5019 -- .v.func = alc_fixup_disable_aamix,
5020 -- },
5021 - };
5022 -
5023 - static const struct snd_pci_quirk alc882_fixup_tbl[] = {
5024 -@@ -2228,6 +2223,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
5025 - SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
5026 - SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP),
5027 - SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
5028 -+ SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
5029 -
5030 - /* All Apple entries are in codec SSIDs */
5031 - SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF),
5032 -@@ -2257,7 +2253,6 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
5033 - SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
5034 - SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
5035 - SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
5036 -- SND_PCI_QUIRK(0x1458, 0xa182, "Gigabyte Z170X-UD3", ALC882_FIXUP_DISABLE_AAMIX),
5037 - SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX),
5038 - SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
5039 - SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
5040 -@@ -2651,6 +2646,7 @@ enum {
5041 - ALC269_TYPE_ALC298,
5042 - ALC269_TYPE_ALC255,
5043 - ALC269_TYPE_ALC256,
5044 -+ ALC269_TYPE_ALC225,
5045 - };
5046 -
5047 - /*
5048 -@@ -2680,6 +2676,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
5049 - case ALC269_TYPE_ALC298:
5050 - case ALC269_TYPE_ALC255:
5051 - case ALC269_TYPE_ALC256:
5052 -+ case ALC269_TYPE_ALC225:
5053 - ssids = alc269_ssids;
5054 - break;
5055 - default:
5056 -@@ -3658,6 +3655,16 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
5057 - WRITE_COEF(0xb7, 0x802b),
5058 - {}
5059 - };
5060 -+ static struct coef_fw coef0225[] = {
5061 -+ UPDATE_COEF(0x4a, 1<<8, 0),
5062 -+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 0),
5063 -+ UPDATE_COEF(0x63, 3<<14, 3<<14),
5064 -+ UPDATE_COEF(0x4a, 3<<4, 2<<4),
5065 -+ UPDATE_COEF(0x4a, 3<<10, 3<<10),
5066 -+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10),
5067 -+ UPDATE_COEF(0x4a, 3<<10, 0),
5068 -+ {}
5069 -+ };
5070 -
5071 - switch (codec->core.vendor_id) {
5072 - case 0x10ec0255:
5073 -@@ -3682,6 +3689,9 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
5074 - case 0x10ec0668:
5075 - alc_process_coef_fw(codec, coef0668);
5076 - break;
5077 -+ case 0x10ec0225:
5078 -+ alc_process_coef_fw(codec, coef0225);
5079 -+ break;
5080 - }
5081 - codec_dbg(codec, "Headset jack set to unplugged mode.\n");
5082 - }
5083 -@@ -3727,6 +3737,13 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
5084 - UPDATE_COEF(0xc3, 0, 1<<12),
5085 - {}
5086 - };
5087 -+ static struct coef_fw coef0225[] = {
5088 -+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 1<<14),
5089 -+ UPDATE_COEF(0x4a, 3<<4, 2<<4),
5090 -+ UPDATE_COEF(0x63, 3<<14, 0),
5091 -+ {}
5092 -+ };
5093 -+
5094 -
5095 - switch (codec->core.vendor_id) {
5096 - case 0x10ec0255:
5097 -@@ -3772,6 +3789,12 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin,
5098 - alc_process_coef_fw(codec, coef0688);
5099 - snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50);
5100 - break;
5101 -+ case 0x10ec0225:
5102 -+ alc_update_coef_idx(codec, 0x45, 0x3f<<10, 0x31<<10);
5103 -+ snd_hda_set_pin_ctl_cache(codec, hp_pin, 0);
5104 -+ alc_process_coef_fw(codec, coef0225);
5105 -+ snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50);
5106 -+ break;
5107 - }
5108 - codec_dbg(codec, "Headset jack set to mic-in mode.\n");
5109 - }
5110 -@@ -3884,6 +3907,13 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
5111 - WRITE_COEF(0xc3, 0x0000),
5112 - {}
5113 - };
5114 -+ static struct coef_fw coef0225[] = {
5115 -+ UPDATE_COEF(0x45, 0x3f<<10, 0x35<<10),
5116 -+ UPDATE_COEF(0x49, 1<<8, 1<<8),
5117 -+ UPDATE_COEF(0x4a, 7<<6, 7<<6),
5118 -+ UPDATE_COEF(0x4a, 3<<4, 3<<4),
5119 -+ {}
5120 -+ };
5121 -
5122 - switch (codec->core.vendor_id) {
5123 - case 0x10ec0255:
5124 -@@ -3912,6 +3942,9 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
5125 - case 0x10ec0668:
5126 - alc_process_coef_fw(codec, coef0688);
5127 - break;
5128 -+ case 0x10ec0225:
5129 -+ alc_process_coef_fw(codec, coef0225);
5130 -+ break;
5131 - }
5132 - codec_dbg(codec, "Headset jack set to iPhone-style headset mode.\n");
5133 - }
5134 -@@ -3955,6 +3988,13 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
5135 - WRITE_COEF(0xc3, 0x0000),
5136 - {}
5137 - };
5138 -+ static struct coef_fw coef0225[] = {
5139 -+ UPDATE_COEF(0x45, 0x3f<<10, 0x39<<10),
5140 -+ UPDATE_COEF(0x49, 1<<8, 1<<8),
5141 -+ UPDATE_COEF(0x4a, 7<<6, 7<<6),
5142 -+ UPDATE_COEF(0x4a, 3<<4, 3<<4),
5143 -+ {}
5144 -+ };
5145 -
5146 - switch (codec->core.vendor_id) {
5147 - case 0x10ec0255:
5148 -@@ -3983,6 +4023,9 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
5149 - case 0x10ec0668:
5150 - alc_process_coef_fw(codec, coef0688);
5151 - break;
5152 -+ case 0x10ec0225:
5153 -+ alc_process_coef_fw(codec, coef0225);
5154 -+ break;
5155 - }
5156 - codec_dbg(codec, "Headset jack set to Nokia-style headset mode.\n");
5157 - }
5158 -@@ -4014,6 +4057,11 @@ static void alc_determine_headset_type(struct hda_codec *codec)
5159 - WRITE_COEF(0xc3, 0x0c00),
5160 - {}
5161 - };
5162 -+ static struct coef_fw coef0225[] = {
5163 -+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10),
5164 -+ UPDATE_COEF(0x49, 1<<8, 1<<8),
5165 -+ {}
5166 -+ };
5167 -
5168 - switch (codec->core.vendor_id) {
5169 - case 0x10ec0255:
5170 -@@ -4058,6 +4106,12 @@ static void alc_determine_headset_type(struct hda_codec *codec)
5171 - val = alc_read_coef_idx(codec, 0xbe);
5172 - is_ctia = (val & 0x1c02) == 0x1c02;
5173 - break;
5174 -+ case 0x10ec0225:
5175 -+ alc_process_coef_fw(codec, coef0225);
5176 -+ msleep(800);
5177 -+ val = alc_read_coef_idx(codec, 0x46);
5178 -+ is_ctia = (val & 0x00f0) == 0x00f0;
5179 -+ break;
5180 - }
5181 -
5182 - codec_dbg(codec, "Headset jack detected iPhone-style headset: %s\n",
5183 -@@ -5560,6 +5614,9 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
5184 - {.id = ALC292_FIXUP_TPT440, .name = "tpt440"},
5185 - {}
5186 - };
5187 -+#define ALC225_STANDARD_PINS \
5188 -+ {0x12, 0xb7a60130}, \
5189 -+ {0x21, 0x04211020}
5190 -
5191 - #define ALC256_STANDARD_PINS \
5192 - {0x12, 0x90a60140}, \
5193 -@@ -5581,6 +5638,12 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
5194 - {0x21, 0x03211020}
5195 -
5196 - static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
5197 -+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
5198 -+ ALC225_STANDARD_PINS,
5199 -+ {0x14, 0x901701a0}),
5200 -+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
5201 -+ ALC225_STANDARD_PINS,
5202 -+ {0x14, 0x901701b0}),
5203 - SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL2_MIC_NO_PRESENCE,
5204 - {0x14, 0x90170110},
5205 - {0x21, 0x02211020}),
5206 -@@ -5906,6 +5969,9 @@ static int patch_alc269(struct hda_codec *codec)
5207 - spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */
5208 - alc_update_coef_idx(codec, 0x36, 1 << 13, 1 << 5); /* Switch pcbeep path to Line in path*/
5209 - break;
5210 -+ case 0x10ec0225:
5211 -+ spec->codec_variant = ALC269_TYPE_ALC225;
5212 -+ break;
5213 - }
5214 -
5215 - if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) {
5216 -@@ -6796,6 +6862,7 @@ static int patch_alc680(struct hda_codec *codec)
5217 - */
5218 - static const struct hda_device_id snd_hda_id_realtek[] = {
5219 - HDA_CODEC_ENTRY(0x10ec0221, "ALC221", patch_alc269),
5220 -+ HDA_CODEC_ENTRY(0x10ec0225, "ALC225", patch_alc269),
5221 - HDA_CODEC_ENTRY(0x10ec0231, "ALC231", patch_alc269),
5222 - HDA_CODEC_ENTRY(0x10ec0233, "ALC233", patch_alc269),
5223 - HDA_CODEC_ENTRY(0x10ec0235, "ALC233", patch_alc269),
5224 -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
5225 -index 2c7c5eb..37b70f8 100644
5226 ---- a/sound/pci/hda/patch_sigmatel.c
5227 -+++ b/sound/pci/hda/patch_sigmatel.c
5228 -@@ -493,9 +493,9 @@ static void jack_update_power(struct hda_codec *codec,
5229 - if (!spec->num_pwrs)
5230 - return;
5231 -
5232 -- if (jack && jack->tbl->nid) {
5233 -- stac_toggle_power_map(codec, jack->tbl->nid,
5234 -- snd_hda_jack_detect(codec, jack->tbl->nid),
5235 -+ if (jack && jack->nid) {
5236 -+ stac_toggle_power_map(codec, jack->nid,
5237 -+ snd_hda_jack_detect(codec, jack->nid),
5238 - true);
5239 - return;
5240 - }
5241 -diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
5242 -index 3e3c7f6..b74840b 100644
5243 ---- a/sound/soc/codecs/rt5645.c
5244 -+++ b/sound/soc/codecs/rt5645.c
5245 -@@ -621,7 +621,7 @@ static const struct snd_kcontrol_new rt5645_snd_controls[] = {
5246 -
5247 - /* IN1/IN2 Control */
5248 - SOC_SINGLE_TLV("IN1 Boost", RT5645_IN1_CTRL1,
5249 -- RT5645_BST_SFT1, 8, 0, bst_tlv),
5250 -+ RT5645_BST_SFT1, 12, 0, bst_tlv),
5251 - SOC_SINGLE_TLV("IN2 Boost", RT5645_IN2_CTRL,
5252 - RT5645_BST_SFT2, 8, 0, bst_tlv),
5253 -
5254 -diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
5255 -index c86dc96..65b936e 100644
5256 ---- a/sound/soc/soc-pcm.c
5257 -+++ b/sound/soc/soc-pcm.c
5258 -@@ -1743,7 +1743,8 @@ int dpcm_be_dai_hw_free(struct snd_soc_pcm_runtime *fe, int stream)
5259 - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PREPARE) &&
5260 - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_HW_FREE) &&
5261 - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PAUSED) &&
5262 -- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP))
5263 -+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP) &&
5264 -+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_SUSPEND))
5265 - continue;
5266 -
5267 - dev_dbg(be->dev, "ASoC: hw_free BE %s\n",
5268 -diff --git a/sound/sparc/Kconfig b/sound/sparc/Kconfig
5269 -index d75deba..dfcd386 100644
5270 ---- a/sound/sparc/Kconfig
5271 -+++ b/sound/sparc/Kconfig
5272 -@@ -22,6 +22,7 @@ config SND_SUN_AMD7930
5273 - config SND_SUN_CS4231
5274 - tristate "Sun CS4231"
5275 - select SND_PCM
5276 -+ select SND_TIMER
5277 - help
5278 - Say Y here to include support for CS4231 sound device on Sun.
5279 -
5280 -diff --git a/sound/usb/midi.c b/sound/usb/midi.c
5281 -index 5b4c58c..b21b766 100644
5282 ---- a/sound/usb/midi.c
5283 -+++ b/sound/usb/midi.c
5284 -@@ -2454,7 +2454,6 @@ int snd_usbmidi_create(struct snd_card *card,
5285 - else
5286 - err = snd_usbmidi_create_endpoints(umidi, endpoints);
5287 - if (err < 0) {
5288 -- snd_usbmidi_free(umidi);
5289 - return err;
5290 - }
5291 -
5292 -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
5293 -index 23ea6d8..4f6ce1c 100644
5294 ---- a/sound/usb/quirks.c
5295 -+++ b/sound/usb/quirks.c
5296 -@@ -1121,6 +1121,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
5297 - switch (chip->usb_id) {
5298 - case USB_ID(0x045E, 0x075D): /* MS Lifecam Cinema */
5299 - case USB_ID(0x045E, 0x076D): /* MS Lifecam HD-5000 */
5300 -+ case USB_ID(0x045E, 0x076F): /* MS Lifecam HD-6000 */
5301 - case USB_ID(0x045E, 0x0772): /* MS Lifecam Studio */
5302 - case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */
5303 - case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
5304 -@@ -1205,8 +1206,12 @@ void snd_usb_set_interface_quirk(struct usb_device *dev)
5305 - * "Playback Design" products need a 50ms delay after setting the
5306 - * USB interface.
5307 - */
5308 -- if (le16_to_cpu(dev->descriptor.idVendor) == 0x23ba)
5309 -+ switch (le16_to_cpu(dev->descriptor.idVendor)) {
5310 -+ case 0x23ba: /* Playback Design */
5311 -+ case 0x0644: /* TEAC Corp. */
5312 - mdelay(50);
5313 -+ break;
5314 -+ }
5315 - }
5316 -
5317 - void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
5318 -@@ -1221,6 +1226,14 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
5319 - (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
5320 - mdelay(20);
5321 -
5322 -+ /*
5323 -+ * "TEAC Corp." products need a 20ms delay after each
5324 -+ * class compliant request
5325 -+ */
5326 -+ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x0644) &&
5327 -+ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
5328 -+ mdelay(20);
5329 -+
5330 - /* Marantz/Denon devices with USB DAC functionality need a delay
5331 - * after each class compliant request
5332 - */
5333 -@@ -1269,7 +1282,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
5334 - case USB_ID(0x20b1, 0x3008): /* iFi Audio micro/nano iDSD */
5335 - case USB_ID(0x20b1, 0x2008): /* Matrix Audio X-Sabre */
5336 - case USB_ID(0x20b1, 0x300a): /* Matrix Audio Mini-i Pro */
5337 -- case USB_ID(0x22d8, 0x0416): /* OPPO HA-1*/
5338 -+ case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */
5339 - if (fp->altsetting == 2)
5340 - return SNDRV_PCM_FMTBIT_DSD_U32_BE;
5341 - break;
5342 -@@ -1278,6 +1291,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
5343 - case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */
5344 - case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */
5345 - case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */
5346 -+ case USB_ID(0x2616, 0x0106): /* PS Audio NuWave DAC */
5347 - if (fp->altsetting == 3)
5348 - return SNDRV_PCM_FMTBIT_DSD_U32_BE;
5349 - break;
5350
5351 diff --git a/4.4.2/0000_README b/4.4.3/0000_README
5352 similarity index 92%
5353 rename from 4.4.2/0000_README
5354 rename to 4.4.3/0000_README
5355 index 780df77..25f9ab4 100644
5356 --- a/4.4.2/0000_README
5357 +++ b/4.4.3/0000_README
5358 @@ -2,11 +2,7 @@ README
5359 -----------------------------------------------------------------------------
5360 Individual Patch Descriptions:
5361 -----------------------------------------------------------------------------
5362 -Patch: 1001_linux-4.4.2.patch
5363 -From: http://www.kernel.org
5364 -Desc: Linux 4.4.2
5365 -
5366 -Patch: 4420_grsecurity-3.1-4.4.2-201602182048.patch
5367 +Patch: 4420_grsecurity-3.1-4.4.3-201602282149.patch
5368 From: http://www.grsecurity.net
5369 Desc: hardened-sources base patch from upstream grsecurity
5370
5371
5372 diff --git a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch
5373 similarity index 99%
5374 rename from 4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch
5375 rename to 4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch
5376 index 0157b77..fcd8074 100644
5377 --- a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch
5378 +++ b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch
5379 @@ -449,7 +449,7 @@ index af70d15..ccd3786 100644
5380
5381 A toggle value indicating if modules are allowed to be loaded
5382 diff --git a/Makefile b/Makefile
5383 -index e7a2958..730b429 100644
5384 +index 802be10..383fd5d 100644
5385 --- a/Makefile
5386 +++ b/Makefile
5387 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
5388 @@ -4748,7 +4748,7 @@ index b2ede967..865eed5 100644
5389 #define user_addr_max get_fs
5390
5391 diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
5392 -index 7963aa4..15dd03d 100644
5393 +index 354144e..f8c556b 100644
5394 --- a/arch/arm64/mm/dma-mapping.c
5395 +++ b/arch/arm64/mm/dma-mapping.c
5396 @@ -132,7 +132,7 @@ static void __dma_free_coherent(struct device *dev, size_t size,
5397 @@ -20263,7 +20263,7 @@ index e6844df..432b56e 100644
5398
5399 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
5400 diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
5401 -index a471cad..d1e3128 100644
5402 +index 79c9185..d1e3128 100644
5403 --- a/arch/x86/include/asm/pgtable_types.h
5404 +++ b/arch/x86/include/asm/pgtable_types.h
5405 @@ -85,8 +85,10 @@
5406 @@ -20342,30 +20342,7 @@ index a471cad..d1e3128 100644
5407 static inline pmdval_t native_pmd_val(pmd_t pmd)
5408 {
5409 return native_pgd_val(pmd.pud.pgd);
5410 -@@ -363,20 +374,18 @@ static inline enum page_cache_mode pgprot2cachemode(pgprot_t pgprot)
5411 - }
5412 - static inline pgprot_t pgprot_4k_2_large(pgprot_t pgprot)
5413 - {
5414 -+ pgprotval_t val = pgprot_val(pgprot);
5415 - pgprot_t new;
5416 -- unsigned long val;
5417 -
5418 -- val = pgprot_val(pgprot);
5419 - pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) |
5420 - ((val & _PAGE_PAT) << (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT));
5421 - return new;
5422 - }
5423 - static inline pgprot_t pgprot_large_2_4k(pgprot_t pgprot)
5424 - {
5425 -+ pgprotval_t val = pgprot_val(pgprot);
5426 - pgprot_t new;
5427 -- unsigned long val;
5428 -
5429 -- val = pgprot_val(pgprot);
5430 - pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) |
5431 - ((val & _PAGE_PAT_LARGE) >>
5432 - (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT));
5433 -@@ -388,7 +397,6 @@ typedef struct page *pgtable_t;
5434 +@@ -386,7 +397,6 @@ typedef struct page *pgtable_t;
5435
5436 extern pteval_t __supported_pte_mask;
5437 extern void set_nx(void);
5438 @@ -30797,7 +30774,7 @@ index 009f982..9b3db5e 100644
5439 ret
5440 ENDPROC(copy_page_regs)
5441 diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
5442 -index 982ce34..8e14731 100644
5443 +index 27f89c7..7ae1e8e 100644
5444 --- a/arch/x86/lib/copy_user_64.S
5445 +++ b/arch/x86/lib/copy_user_64.S
5446 @@ -14,50 +14,7 @@
5447 @@ -30902,8 +30879,8 @@ index 982ce34..8e14731 100644
5448 ret
5449
5450 .section .fixup,"ax"
5451 -@@ -235,6 +201,16 @@ ENDPROC(copy_user_enhanced_fast_string)
5452 - * This will force destination/source out of cache for more performance.
5453 +@@ -240,6 +206,16 @@ ENDPROC(copy_user_enhanced_fast_string)
5454 + * - Require 4-byte alignment when size is 4 bytes.
5455 */
5456 ENTRY(__copy_user_nocache)
5457 +
5458 @@ -30917,11 +30894,11 @@ index 982ce34..8e14731 100644
5459 +
5460 + ASM_PAX_OPEN_USERLAND
5461 ASM_STAC
5462 - cmpl $8,%edx
5463 - jb 20f /* less then 8 bytes, go to byte copy loop */
5464 -@@ -284,7 +260,9 @@ ENTRY(__copy_user_nocache)
5465 - jnz 21b
5466 - 23: xorl %eax,%eax
5467 +
5468 + /* If size is less than 8 bytes, go to 4-byte copy */
5469 +@@ -335,7 +311,9 @@ ENTRY(__copy_user_nocache)
5470 + .L_finish_copy:
5471 + xorl %eax,%eax
5472 ASM_CLAC
5473 + ASM_PAX_CLOSE_USERLAND
5474 sfence
5475 @@ -32615,7 +32592,7 @@ index 903ec1e..41b4708 100644
5476 }
5477
5478 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
5479 -index eef44d9..79b0e58 100644
5480 +index e830c71..96cfc3d 100644
5481 --- a/arch/x86/mm/fault.c
5482 +++ b/arch/x86/mm/fault.c
5483 @@ -14,6 +14,8 @@
5484 @@ -32755,7 +32732,7 @@ index eef44d9..79b0e58 100644
5485 pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
5486 if (!pmd_k)
5487 return -1;
5488 -@@ -381,11 +451,25 @@ static noinline int vmalloc_fault(unsigned long address)
5489 +@@ -382,11 +452,25 @@ static noinline int vmalloc_fault(unsigned long address)
5490 * happen within a race in page table update. In the later
5491 * case just flush:
5492 */
5493 @@ -32782,7 +32759,7 @@ index eef44d9..79b0e58 100644
5494 if (pgd_none(*pgd)) {
5495 set_pgd(pgd, *pgd_ref);
5496 arch_flush_lazy_mmu_mode();
5497 -@@ -552,7 +636,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
5498 +@@ -559,7 +643,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
5499 static int is_errata100(struct pt_regs *regs, unsigned long address)
5500 {
5501 #ifdef CONFIG_X86_64
5502 @@ -32791,7 +32768,7 @@ index eef44d9..79b0e58 100644
5503 return 1;
5504 #endif
5505 return 0;
5506 -@@ -579,9 +663,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
5507 +@@ -586,9 +670,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
5508 }
5509
5510 static const char nx_warning[] = KERN_CRIT
5511 @@ -32803,7 +32780,7 @@ index eef44d9..79b0e58 100644
5512
5513 static void
5514 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
5515 -@@ -590,7 +674,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
5516 +@@ -597,7 +681,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
5517 if (!oops_may_print())
5518 return;
5519
5520 @@ -32812,7 +32789,7 @@ index eef44d9..79b0e58 100644
5521 unsigned int level;
5522 pgd_t *pgd;
5523 pte_t *pte;
5524 -@@ -601,13 +685,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
5525 +@@ -608,13 +692,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
5526 pte = lookup_address_in_pgd(pgd, address, &level);
5527
5528 if (pte && pte_present(*pte) && !pte_exec(*pte))
5529 @@ -32840,7 +32817,7 @@ index eef44d9..79b0e58 100644
5530 printk(KERN_ALERT "BUG: unable to handle kernel ");
5531 if (address < PAGE_SIZE)
5532 printk(KERN_CONT "NULL pointer dereference");
5533 -@@ -786,6 +882,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
5534 +@@ -793,6 +889,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
5535 return;
5536 }
5537 #endif
5538 @@ -32863,7 +32840,7 @@ index eef44d9..79b0e58 100644
5539 /* Kernel addresses are always protection faults: */
5540 if (address >= TASK_SIZE)
5541 error_code |= PF_PROT;
5542 -@@ -868,7 +980,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
5543 +@@ -875,7 +987,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
5544 if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
5545 printk(KERN_ERR
5546 "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
5547 @@ -32872,7 +32849,7 @@ index eef44d9..79b0e58 100644
5548 code = BUS_MCEERR_AR;
5549 }
5550 #endif
5551 -@@ -920,6 +1032,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
5552 +@@ -927,6 +1039,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
5553 return 1;
5554 }
5555
5556 @@ -32980,7 +32957,7 @@ index eef44d9..79b0e58 100644
5557 /*
5558 * Handle a spurious fault caused by a stale TLB entry.
5559 *
5560 -@@ -1005,6 +1218,9 @@ int show_unhandled_signals = 1;
5561 +@@ -1012,6 +1225,9 @@ int show_unhandled_signals = 1;
5562 static inline int
5563 access_error(unsigned long error_code, struct vm_area_struct *vma)
5564 {
5565 @@ -32990,7 +32967,7 @@ index eef44d9..79b0e58 100644
5566 if (error_code & PF_WRITE) {
5567 /* write, present and write, not present: */
5568 if (unlikely(!(vma->vm_flags & VM_WRITE)))
5569 -@@ -1067,6 +1283,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
5570 +@@ -1074,6 +1290,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
5571 tsk = current;
5572 mm = tsk->mm;
5573
5574 @@ -33013,7 +32990,7 @@ index eef44d9..79b0e58 100644
5575 /*
5576 * Detect and handle instructions that would cause a page fault for
5577 * both a tracked kernel page and a userspace page.
5578 -@@ -1191,6 +1423,11 @@ retry:
5579 +@@ -1198,6 +1430,11 @@ retry:
5580 might_sleep();
5581 }
5582
5583 @@ -33025,7 +33002,7 @@ index eef44d9..79b0e58 100644
5584 vma = find_vma(mm, address);
5585 if (unlikely(!vma)) {
5586 bad_area(regs, error_code, address);
5587 -@@ -1202,18 +1439,24 @@ retry:
5588 +@@ -1209,18 +1446,24 @@ retry:
5589 bad_area(regs, error_code, address);
5590 return;
5591 }
5592 @@ -33061,7 +33038,7 @@ index eef44d9..79b0e58 100644
5593 if (unlikely(expand_stack(vma, address))) {
5594 bad_area(regs, error_code, address);
5595 return;
5596 -@@ -1333,3 +1576,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
5597 +@@ -1340,3 +1583,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
5598 }
5599 NOKPROBE_SYMBOL(trace_do_page_fault);
5600 #endif /* CONFIG_TRACING */
5601 @@ -34418,18 +34395,9 @@ index c3b3f65..5bfe5dc 100644
5602 unsigned long uninitialized_var(pfn_align);
5603 int i, nid;
5604 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
5605 -index a3137a4..a2bb098 100644
5606 +index db20ee9..a2bb098 100644
5607 --- a/arch/x86/mm/pageattr.c
5608 +++ b/arch/x86/mm/pageattr.c
5609 -@@ -33,7 +33,7 @@ struct cpa_data {
5610 - pgd_t *pgd;
5611 - pgprot_t mask_set;
5612 - pgprot_t mask_clr;
5613 -- int numpages;
5614 -+ unsigned long numpages;
5615 - int flags;
5616 - unsigned long pfn;
5617 - unsigned force_split : 1;
5618 @@ -259,7 +259,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
5619 */
5620 #ifdef CONFIG_PCI_BIOS
5621 @@ -34545,15 +34513,6 @@ index a3137a4..a2bb098 100644
5622 cpa->flags |= CPA_FLUSHTLB;
5623 }
5624 cpa->numpages = 1;
5625 -@@ -1345,7 +1377,7 @@ static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
5626 - * CPA operation. Either a large page has been
5627 - * preserved or a single page update happened.
5628 - */
5629 -- BUG_ON(cpa->numpages > numpages);
5630 -+ BUG_ON(cpa->numpages > numpages || !cpa->numpages);
5631 - numpages -= cpa->numpages;
5632 - if (cpa->flags & (CPA_PAGES_ARRAY | CPA_ARRAY))
5633 - cpa->curpage++;
5634 diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
5635 index 188e3e0..5c75446 100644
5636 --- a/arch/x86/mm/pat.c
5637 @@ -46454,7 +46413,7 @@ index b9094e9..a4885c6 100644
5638 This option enables code in the AMD IOMMU driver to collect various
5639 statistics about whats happening in the driver and exports that
5640 diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
5641 -index 8b2be1e..907a80f 100644
5642 +index fc836f5..9802f00 100644
5643 --- a/drivers/iommu/amd_iommu.c
5644 +++ b/drivers/iommu/amd_iommu.c
5645 @@ -695,11 +695,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu,
5646 @@ -49160,7 +49119,7 @@ index 42cd270..b8ebb97 100644
5647 const struct mxr_format **fmt_array;
5648 /** size of format array */
5649 diff --git a/drivers/media/platform/s5p-tv/mixer_grp_layer.c b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
5650 -index db3163b..d7a6b4d 100644
5651 +index db3163b2..d7a6b4d 100644
5652 --- a/drivers/media/platform/s5p-tv/mixer_grp_layer.c
5653 +++ b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
5654 @@ -235,7 +235,7 @@ struct mxr_layer *mxr_graph_layer_create(struct mxr_device *mdev, int idx)
5655 @@ -56751,7 +56710,7 @@ index dd8ad2a..5c5a30c 100644
5656 /* check if the device is still usable */
5657 if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
5658 diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
5659 -index 21930c9..51a9e18 100644
5660 +index c8115b4..c31cd19 100644
5661 --- a/drivers/scsi/scsi_sysfs.c
5662 +++ b/drivers/scsi/scsi_sysfs.c
5663 @@ -813,7 +813,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
5664 @@ -56866,7 +56825,7 @@ index e3cd3ec..00560ec 100644
5665
5666 transport_setup_device(&rport->dev);
5667 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
5668 -index 4e08d1cd..bd76e1b 100644
5669 +index 84fa4c4..8333258 100644
5670 --- a/drivers/scsi/sd.c
5671 +++ b/drivers/scsi/sd.c
5672 @@ -112,7 +112,7 @@ static int sd_resume(struct device *);
5673 @@ -56897,7 +56856,7 @@ index 4e08d1cd..bd76e1b 100644
5674 if (!sdp->request_queue->rq_timeout) {
5675 if (sdp->type != TYPE_MOD)
5676 diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
5677 -index 503ab8b..fee54a1 100644
5678 +index 5e82067..8f7c2cc 100644
5679 --- a/drivers/scsi/sg.c
5680 +++ b/drivers/scsi/sg.c
5681 @@ -1089,7 +1089,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
5682 @@ -56910,7 +56869,7 @@ index 503ab8b..fee54a1 100644
5683 return blk_trace_startstop(sdp->device->request_queue, 1);
5684 case BLKTRACESTOP:
5685 diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
5686 -index 8bd54a6..58fa0d6 100644
5687 +index 64c8674..0c13069 100644
5688 --- a/drivers/scsi/sr.c
5689 +++ b/drivers/scsi/sr.c
5690 @@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex);
5691 @@ -56922,7 +56881,7 @@ index 8bd54a6..58fa0d6 100644
5692 static int sr_runtime_suspend(struct device *dev);
5693
5694 static struct dev_pm_ops sr_pm_ops = {
5695 -@@ -312,13 +312,13 @@ do_tur:
5696 +@@ -315,13 +315,13 @@ do_tur:
5697 * It will be notified on the end of a SCSI read / write, and will take one
5698 * of several actions based on success or failure.
5699 */
5700 @@ -56941,7 +56900,7 @@ index 8bd54a6..58fa0d6 100644
5701 struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
5702
5703 #ifdef DEBUG
5704 -@@ -351,9 +351,12 @@ static int sr_done(struct scsi_cmnd *SCpnt)
5705 +@@ -354,9 +354,12 @@ static int sr_done(struct scsi_cmnd *SCpnt)
5706 if (cd->device->sector_size == 2048)
5707 error_sector <<= 2;
5708 error_sector &= ~(block_sectors - 1);
5709 @@ -58262,10 +58221,10 @@ index cf000b3..63baffa 100644
5710 }
5711 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
5712 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
5713 -index a45660f..8aca6ee 100644
5714 +index 78e9836..021d40e 100644
5715 --- a/drivers/tty/pty.c
5716 +++ b/drivers/tty/pty.c
5717 -@@ -860,8 +860,10 @@ static void __init unix98_pty_init(void)
5718 +@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void)
5719 panic("Couldn't register Unix98 pts driver");
5720
5721 /* Now create the /dev/ptmx special device */
5722 @@ -59873,10 +59832,10 @@ index c2d6520..04853a9 100644
5723 /* Device for a quirk */
5724 #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
5725 diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
5726 -index dca0a46..f07e636 100644
5727 +index 776d59c..ae87b88 100644
5728 --- a/drivers/usb/host/xhci.c
5729 +++ b/drivers/usb/host/xhci.c
5730 -@@ -4851,7 +4851,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
5731 +@@ -4853,7 +4853,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
5732 int retval;
5733
5734 /* Accept arbitrarily long scatter-gather lists */
5735 @@ -60217,7 +60176,7 @@ index c42ce2f..4c8bc59 100644
5736 "PCI",
5737 "PRO AGP",
5738 diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c
5739 -index f34ed47..026367f 100644
5740 +index f34ed47f..026367f 100644
5741 --- a/drivers/video/fbdev/aty/atyfb_base.c
5742 +++ b/drivers/video/fbdev/aty/atyfb_base.c
5743 @@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info)
5744 @@ -77285,7 +77244,7 @@ index 35489e7..fac96ff 100644
5745 /* No matter the commit succeeds or not*/
5746 int log_transid_committed;
5747 diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
5748 -index e0941fb..a8126a4 100644
5749 +index 02b934d..a8126a4 100644
5750 --- a/fs/btrfs/delayed-inode.c
5751 +++ b/fs/btrfs/delayed-inode.c
5752 @@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node,
5753 @@ -77315,25 +77274,8 @@ index e0941fb..a8126a4 100644
5754
5755 ret = btrfs_wq_run_delayed_node(delayed_root, fs_info, 0);
5756 if (ret)
5757 -@@ -1694,7 +1694,7 @@ int btrfs_should_delete_dir_index(struct list_head *del_list,
5758 - *
5759 - */
5760 - int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
5761 -- struct list_head *ins_list)
5762 -+ struct list_head *ins_list, bool *emitted)
5763 - {
5764 - struct btrfs_dir_item *di;
5765 - struct btrfs_delayed_item *curr, *next;
5766 -@@ -1738,6 +1738,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
5767 -
5768 - if (over)
5769 - return 1;
5770 -+ *emitted = true;
5771 - }
5772 - return 0;
5773 - }
5774 diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h
5775 -index f70119f..b7d2bb4 100644
5776 +index 0167853c..b7d2bb4 100644
5777 --- a/fs/btrfs/delayed-inode.h
5778 +++ b/fs/btrfs/delayed-inode.h
5779 @@ -43,7 +43,7 @@ struct btrfs_delayed_root {
5780 @@ -77354,15 +77296,6 @@ index f70119f..b7d2bb4 100644
5781 delayed_root->nodes = 0;
5782 spin_lock_init(&delayed_root->lock);
5783 init_waitqueue_head(&delayed_root->wait);
5784 -@@ -144,7 +144,7 @@ void btrfs_put_delayed_items(struct list_head *ins_list,
5785 - int btrfs_should_delete_dir_index(struct list_head *del_list,
5786 - u64 index);
5787 - int btrfs_readdir_delayed_dir_index(struct dir_context *ctx,
5788 -- struct list_head *ins_list);
5789 -+ struct list_head *ins_list, bool *emitted);
5790 -
5791 - /* for init */
5792 - int __init btrfs_delayed_inode_init(void);
5793 diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c
5794 index e06dd75a..22221aa 100644
5795 --- a/fs/btrfs/delayed-ref.c
5796 @@ -77386,7 +77319,7 @@ index e06dd75a..22221aa 100644
5797 /* first set the basic ref node struct up */
5798 atomic_set(&ref->refs, 1);
5799 diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
5800 -index 974be09..87ba00a 100644
5801 +index 0ddca67..ddd9880 100644
5802 --- a/fs/btrfs/disk-io.c
5803 +++ b/fs/btrfs/disk-io.c
5804 @@ -1263,7 +1263,7 @@ static void __setup_root(u32 nodesize, u32 sectorsize, u32 stripesize,
5805 @@ -77398,7 +77331,7 @@ index 974be09..87ba00a 100644
5806 atomic_set(&root->orphan_inodes, 0);
5807 atomic_set(&root->refs, 1);
5808 atomic_set(&root->will_be_snapshoted, 0);
5809 -@@ -2565,7 +2565,7 @@ int open_ctree(struct super_block *sb,
5810 +@@ -2564,7 +2564,7 @@ int open_ctree(struct super_block *sb,
5811 atomic_set(&fs_info->nr_async_bios, 0);
5812 atomic_set(&fs_info->defrag_running, 0);
5813 atomic_set(&fs_info->qgroup_op_seq, 0);
5814 @@ -77455,56 +77388,6 @@ index 0f09526..000f57d 100644
5815
5816 /*
5817 * If the last transaction that changed this file was before the current
5818 -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
5819 -index a70c579..e31fac2 100644
5820 ---- a/fs/btrfs/inode.c
5821 -+++ b/fs/btrfs/inode.c
5822 -@@ -5741,6 +5741,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
5823 - char *name_ptr;
5824 - int name_len;
5825 - int is_curr = 0; /* ctx->pos points to the current index? */
5826 -+ bool emitted;
5827 -
5828 - /* FIXME, use a real flag for deciding about the key type */
5829 - if (root->fs_info->tree_root == root)
5830 -@@ -5769,6 +5770,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
5831 - if (ret < 0)
5832 - goto err;
5833 -
5834 -+ emitted = false;
5835 - while (1) {
5836 - leaf = path->nodes[0];
5837 - slot = path->slots[0];
5838 -@@ -5848,6 +5850,7 @@ skip:
5839 -
5840 - if (over)
5841 - goto nopos;
5842 -+ emitted = true;
5843 - di_len = btrfs_dir_name_len(leaf, di) +
5844 - btrfs_dir_data_len(leaf, di) + sizeof(*di);
5845 - di_cur += di_len;
5846 -@@ -5860,11 +5863,20 @@ next:
5847 - if (key_type == BTRFS_DIR_INDEX_KEY) {
5848 - if (is_curr)
5849 - ctx->pos++;
5850 -- ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list);
5851 -+ ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list, &emitted);
5852 - if (ret)
5853 - goto nopos;
5854 - }
5855 -
5856 -+ /*
5857 -+ * If we haven't emitted any dir entry, we must not touch ctx->pos as
5858 -+ * it was was set to the termination value in previous call. We assume
5859 -+ * that "." and ".." were emitted if we reach this point and set the
5860 -+ * termination value as well for an empty directory.
5861 -+ */
5862 -+ if (ctx->pos > 2 && !emitted)
5863 -+ goto nopos;
5864 -+
5865 - /* Reached end of directory/root. Bump pos past the last item. */
5866 - ctx->pos++;
5867 -
5868 diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
5869 index 1a33d3e..4830234 100644
5870 --- a/fs/btrfs/raid56.c
5871 @@ -77781,7 +77664,7 @@ index 6916a78..4598936 100644
5872
5873 static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
5874 diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
5875 -index a23399e..bfac130 100644
5876 +index 9e08447..e21fee0 100644
5877 --- a/fs/btrfs/volumes.c
5878 +++ b/fs/btrfs/volumes.c
5879 @@ -231,7 +231,7 @@ static struct btrfs_device *__alloc_device(void)
5880 @@ -77829,7 +77712,7 @@ index a23399e..bfac130 100644
5881 if (atomic_dec_and_test(&bbio->stripes_pending)) {
5882 /* Shoud be the original bio. */
5883 WARN_ON(bio != bbio->orig_bio);
5884 -@@ -6768,10 +6768,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
5885 +@@ -6776,10 +6776,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
5886 if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device))
5887 continue;
5888
5889 @@ -78125,7 +78008,7 @@ index f446afa..0ad3b8e 100644
5890 sb->s_bdi = &fsc->backing_dev_info;
5891 return err;
5892 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
5893 -index 7febcf2..62a5721 100644
5894 +index 50b2684..aa33a91 100644
5895 --- a/fs/cifs/cifs_debug.c
5896 +++ b/fs/cifs/cifs_debug.c
5897 @@ -269,8 +269,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
5898 @@ -79771,7 +79654,7 @@ index e4141f2..d8263e8 100644
5899 i += packet_length_size;
5900 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
5901 diff --git a/fs/exec.c b/fs/exec.c
5902 -index b06623a..784136d 100644
5903 +index b06623a..d1a8125 100644
5904 --- a/fs/exec.c
5905 +++ b/fs/exec.c
5906 @@ -56,8 +56,20 @@
5907 @@ -80062,7 +79945,27 @@ index b06623a..784136d 100644
5908 if (ret)
5909 ret = -EFAULT;
5910
5911 -@@ -790,8 +866,10 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
5912 +@@ -761,6 +837,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
5913 + {
5914 + struct file *file;
5915 + int err;
5916 ++ int unsafe_flags = 0;
5917 + struct open_flags open_exec_flags = {
5918 + .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,
5919 + .acc_mode = MAY_EXEC | MAY_OPEN,
5920 +@@ -786,12 +863,22 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
5921 + if (path_noexec(&file->f_path))
5922 + goto exit;
5923 +
5924 ++ if (current->ptrace && !(current->ptrace & PT_PTRACE_CAP))
5925 ++ unsafe_flags = LSM_UNSAFE_PTRACE;
5926 ++
5927 ++ if (gr_ptrace_readexec(file, unsafe_flags)) {
5928 ++ err = -EPERM;
5929 ++ goto exit;
5930 ++ }
5931 ++
5932 + err = deny_write_access(file);
5933 if (err)
5934 goto exit;
5935
5936 @@ -80074,7 +79977,7 @@ index b06623a..784136d 100644
5937
5938 out:
5939 return file;
5940 -@@ -821,10 +899,13 @@ int kernel_read(struct file *file, loff_t offset,
5941 +@@ -821,10 +908,13 @@ int kernel_read(struct file *file, loff_t offset,
5942 loff_t pos = offset;
5943 int result;
5944
5945 @@ -80089,7 +79992,7 @@ index b06623a..784136d 100644
5946 set_fs(old_fs);
5947 return result;
5948 }
5949 -@@ -869,6 +950,7 @@ static int exec_mmap(struct mm_struct *mm)
5950 +@@ -869,6 +959,7 @@ static int exec_mmap(struct mm_struct *mm)
5951 tsk->mm = mm;
5952 tsk->active_mm = mm;
5953 activate_mm(active_mm, mm);
5954 @@ -80097,7 +80000,7 @@ index b06623a..784136d 100644
5955 tsk->mm->vmacache_seqnum = 0;
5956 vmacache_flush(tsk);
5957 task_unlock(tsk);
5958 -@@ -1277,7 +1359,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
5959 +@@ -1277,7 +1368,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
5960 }
5961 rcu_read_unlock();
5962
5963 @@ -80106,7 +80009,7 @@ index b06623a..784136d 100644
5964 bprm->unsafe |= LSM_UNSAFE_SHARE;
5965 else
5966 p->fs->in_exec = 1;
5967 -@@ -1478,6 +1560,31 @@ static int exec_binprm(struct linux_binprm *bprm)
5968 +@@ -1478,6 +1569,31 @@ static int exec_binprm(struct linux_binprm *bprm)
5969 return ret;
5970 }
5971
5972 @@ -80138,7 +80041,7 @@ index b06623a..784136d 100644
5973 /*
5974 * sys_execve() executes a new program.
5975 */
5976 -@@ -1486,6 +1593,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5977 +@@ -1486,6 +1602,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5978 struct user_arg_ptr envp,
5979 int flags)
5980 {
5981 @@ -80150,7 +80053,7 @@ index b06623a..784136d 100644
5982 char *pathbuf = NULL;
5983 struct linux_binprm *bprm;
5984 struct file *file;
5985 -@@ -1495,6 +1607,8 @@ static int do_execveat_common(int fd, struct filename *filename,
5986 +@@ -1495,6 +1616,8 @@ static int do_execveat_common(int fd, struct filename *filename,
5987 if (IS_ERR(filename))
5988 return PTR_ERR(filename);
5989
5990 @@ -80159,19 +80062,7 @@ index b06623a..784136d 100644
5991 /*
5992 * We move the actual failure in case of RLIMIT_NPROC excess from
5993 * set*uid() to execve() because too many poorly written programs
5994 -@@ -1532,6 +1646,11 @@ static int do_execveat_common(int fd, struct filename *filename,
5995 - if (IS_ERR(file))
5996 - goto out_unmark;
5997 -
5998 -+ if (gr_ptrace_readexec(file, bprm->unsafe)) {
5999 -+ retval = -EPERM;
6000 -+ goto out_unmark;
6001 -+ }
6002 -+
6003 - sched_exec();
6004 -
6005 - bprm->file = file;
6006 -@@ -1558,6 +1677,11 @@ static int do_execveat_common(int fd, struct filename *filename,
6007 +@@ -1558,6 +1681,11 @@ static int do_execveat_common(int fd, struct filename *filename,
6008 }
6009 bprm->interp = bprm->filename;
6010
6011 @@ -80183,7 +80074,7 @@ index b06623a..784136d 100644
6012 retval = bprm_mm_init(bprm);
6013 if (retval)
6014 goto out_unmark;
6015 -@@ -1574,24 +1698,70 @@ static int do_execveat_common(int fd, struct filename *filename,
6016 +@@ -1574,24 +1702,70 @@ static int do_execveat_common(int fd, struct filename *filename,
6017 if (retval < 0)
6018 goto out;
6019
6020 @@ -80258,7 +80149,7 @@ index b06623a..784136d 100644
6021 current->fs->in_exec = 0;
6022 current->in_execve = 0;
6023 acct_update_integrals(current);
6024 -@@ -1603,6 +1773,14 @@ static int do_execveat_common(int fd, struct filename *filename,
6025 +@@ -1603,6 +1777,14 @@ static int do_execveat_common(int fd, struct filename *filename,
6026 put_files_struct(displaced);
6027 return retval;
6028
6029 @@ -80273,7 +80164,7 @@ index b06623a..784136d 100644
6030 out:
6031 if (bprm->mm) {
6032 acct_arg_size(bprm, 0);
6033 -@@ -1749,3 +1927,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
6034 +@@ -1749,3 +1931,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
6035 argv, envp, flags);
6036 }
6037 #endif
6038 @@ -80663,10 +80554,10 @@ index fa70848..57b36d2 100644
6039 cleanup:
6040 brelse(bh);
6041 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
6042 -index ec0668a..34bccf7 100644
6043 +index fe1f50f..3f4c870 100644
6044 --- a/fs/ext4/balloc.c
6045 +++ b/fs/ext4/balloc.c
6046 -@@ -562,8 +562,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
6047 +@@ -563,8 +563,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
6048 /* Hm, nope. Are (enough) root reserved clusters available? */
6049 if (uid_eq(sbi->s_resuid, current_fsuid()) ||
6050 (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
6051 @@ -80842,7 +80733,7 @@ index 61eaf74..01a829b 100644
6052
6053 return 0;
6054 diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
6055 -index ad62d7a..b829af6 100644
6056 +index 34038e3..322fe62 100644
6057 --- a/fs/ext4/resize.c
6058 +++ b/fs/ext4/resize.c
6059 @@ -413,7 +413,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
6060 @@ -82854,7 +82745,7 @@ index 3a31226..2fffbe9 100644
6061 spin_unlock(&qd->qd_lockref.lock);
6062
6063 diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
6064 -index de4bdfa..1264061 100644
6065 +index 595ebdb..1264061 100644
6066 --- a/fs/hugetlbfs/inode.c
6067 +++ b/fs/hugetlbfs/inode.c
6068 @@ -174,6 +174,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
6069 @@ -82894,41 +82785,7 @@ index de4bdfa..1264061 100644
6070 info.high_limit = TASK_SIZE;
6071 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
6072 info.align_offset = 0;
6073 -@@ -463,6 +473,7 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end)
6074 - */
6075 - vma_interval_tree_foreach(vma, root, start, end ? end : ULONG_MAX) {
6076 - unsigned long v_offset;
6077 -+ unsigned long v_end;
6078 -
6079 - /*
6080 - * Can the expression below overflow on 32-bit arches?
6081 -@@ -475,15 +486,17 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end)
6082 - else
6083 - v_offset = 0;
6084 -
6085 -- if (end) {
6086 -- end = ((end - start) << PAGE_SHIFT) +
6087 -- vma->vm_start + v_offset;
6088 -- if (end > vma->vm_end)
6089 -- end = vma->vm_end;
6090 -- } else
6091 -- end = vma->vm_end;
6092 -+ if (!end)
6093 -+ v_end = vma->vm_end;
6094 -+ else {
6095 -+ v_end = ((end - vma->vm_pgoff) << PAGE_SHIFT)
6096 -+ + vma->vm_start;
6097 -+ if (v_end > vma->vm_end)
6098 -+ v_end = vma->vm_end;
6099 -+ }
6100 -
6101 -- unmap_hugepage_range(vma, vma->vm_start + v_offset, end, NULL);
6102 -+ unmap_hugepage_range(vma, vma->vm_start + v_offset, v_end,
6103 -+ NULL);
6104 - }
6105 - }
6106 -
6107 -@@ -1203,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = {
6108 +@@ -1206,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = {
6109 };
6110 MODULE_ALIAS_FS("hugetlbfs");
6111
6112 @@ -84000,7 +83857,7 @@ index 646cdac..cdfa595 100644
6113 static struct callback_op callback_ops[];
6114
6115 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
6116 -index c7e8b87..67b19ae 100644
6117 +index 3e2071a..c09f4b6 100644
6118 --- a/fs/nfs/inode.c
6119 +++ b/fs/nfs/inode.c
6120 @@ -1284,16 +1284,16 @@ static int nfs_check_inode_attributes(struct inode *inode, struct nfs_fattr *fat
6121 @@ -84645,10 +84502,10 @@ index b6f1e96..3108eed 100644
6122 }
6123 putname(tmp);
6124 diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
6125 -index 0a89834..f2690df 100644
6126 +index eff6319..d8a12987 100644
6127 --- a/fs/overlayfs/copy_up.c
6128 +++ b/fs/overlayfs/copy_up.c
6129 -@@ -142,7 +142,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
6130 +@@ -153,7 +153,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
6131 set_fs(get_ds());
6132 /* The cast to a user pointer is valid due to the set_fs() */
6133 res = inode->i_op->readlink(realdentry,
6134 @@ -84658,10 +84515,10 @@ index 0a89834..f2690df 100644
6135 if (res < 0) {
6136 free_page((unsigned long) buf);
6137 diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
6138 -index 4060ffd..2d8b5e8 100644
6139 +index b29036a..dcce79c 100644
6140 --- a/fs/overlayfs/inode.c
6141 +++ b/fs/overlayfs/inode.c
6142 -@@ -343,6 +343,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
6143 +@@ -356,6 +356,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
6144 if (d_is_dir(dentry))
6145 return d_backing_inode(dentry);
6146
6147 @@ -84672,10 +84529,10 @@ index 4060ffd..2d8b5e8 100644
6148 if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
6149 err = ovl_want_write(dentry);
6150 diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
6151 -index e38ee0f..6fc10e4 100644
6152 +index f42c940..e5ae48a 100644
6153 --- a/fs/overlayfs/super.c
6154 +++ b/fs/overlayfs/super.c
6155 -@@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
6156 +@@ -173,7 +173,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
6157 {
6158 struct ovl_entry *oe = dentry->d_fsdata;
6159
6160 @@ -84684,7 +84541,7 @@ index e38ee0f..6fc10e4 100644
6161 }
6162
6163 int ovl_want_write(struct dentry *dentry)
6164 -@@ -880,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
6165 +@@ -881,8 +881,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
6166
6167 static int ovl_fill_super(struct super_block *sb, void *data, int silent)
6168 {
6169 @@ -85145,7 +85002,7 @@ index 1ade120..a86f1a2 100644
6170 help
6171 Various /proc files exist to monitor process memory utilization:
6172 diff --git a/fs/proc/array.c b/fs/proc/array.c
6173 -index d73291f..ab37ad1 100644
6174 +index b6c00ce..ab37ad1 100644
6175 --- a/fs/proc/array.c
6176 +++ b/fs/proc/array.c
6177 @@ -60,6 +60,7 @@
6178 @@ -85203,7 +85060,7 @@ index d73291f..ab37ad1 100644
6179 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
6180 struct pid *pid, struct task_struct *task, int whole)
6181 {
6182 -@@ -393,9 +424,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
6183 +@@ -393,6 +424,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
6184 char tcomm[sizeof(task->comm)];
6185 unsigned long flags;
6186
6187 @@ -85216,11 +85073,7 @@ index d73291f..ab37ad1 100644
6188 +
6189 state = *get_task_state(task);
6190 vsize = eip = esp = 0;
6191 -- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
6192 -+ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
6193 - mm = get_task_mm(task);
6194 - if (mm) {
6195 - vsize = task_vsize(mm);
6196 + permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
6197 @@ -463,6 +501,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
6198 gtime = task_gtime(task);
6199 }
6200 @@ -85310,7 +85163,7 @@ index d73291f..ab37ad1 100644
6201 static struct pid *
6202 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
6203 diff --git a/fs/proc/base.c b/fs/proc/base.c
6204 -index 4bd5d31..3f4c151 100644
6205 +index b7de324..417bafe 100644
6206 --- a/fs/proc/base.c
6207 +++ b/fs/proc/base.c
6208 @@ -113,6 +113,14 @@ struct pid_entry {
6209 @@ -85353,8 +85206,7 @@ index 4bd5d31..3f4c151 100644
6210 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
6211 struct pid *pid, struct task_struct *task)
6212 {
6213 -- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ);
6214 -+ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
6215 + struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
6216 if (mm && !IS_ERR(mm)) {
6217 unsigned int nwords = 0;
6218 +
6219 @@ -85379,25 +85231,18 @@ index 4bd5d31..3f4c151 100644
6220 /*
6221 * Provides a wchan file via kallsyms in a proper one-value-per-file format.
6222 * Returns the resolved symbol. If that fails, simply return the address.
6223 -@@ -430,7 +459,7 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
6224 +@@ -430,8 +459,8 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
6225
6226 wchan = get_wchan(task);
6227
6228 -- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname))
6229 -+ if (wchan && !lookup_symbol_name(wchan, symname) && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
6230 +- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)
6231 +- && !lookup_symbol_name(wchan, symname))
6232 ++ if (wchan && !lookup_symbol_name(wchan, symname)
6233 ++ && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
6234 seq_printf(m, "%s", symname);
6235 else
6236 seq_putc(m, '0');
6237 -@@ -444,7 +473,7 @@ static int lock_trace(struct task_struct *task)
6238 - int err = mutex_lock_killable(&task->signal->cred_guard_mutex);
6239 - if (err)
6240 - return err;
6241 -- if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
6242 -+ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) {
6243 - mutex_unlock(&task->signal->cred_guard_mutex);
6244 - return -EPERM;
6245 - }
6246 -@@ -456,7 +485,7 @@ static void unlock_trace(struct task_struct *task)
6247 +@@ -457,7 +486,7 @@ static void unlock_trace(struct task_struct *task)
6248 mutex_unlock(&task->signal->cred_guard_mutex);
6249 }
6250
6251 @@ -85406,7 +85251,7 @@ index 4bd5d31..3f4c151 100644
6252
6253 #define MAX_STACK_TRACE_DEPTH 64
6254
6255 -@@ -654,7 +683,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
6256 +@@ -655,7 +684,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
6257 return 0;
6258 }
6259
6260 @@ -85415,7 +85260,7 @@ index 4bd5d31..3f4c151 100644
6261 static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
6262 struct pid *pid, struct task_struct *task)
6263 {
6264 -@@ -687,7 +716,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
6265 +@@ -688,7 +717,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
6266 /************************************************************************/
6267
6268 /* permission checks */
6269 @@ -85424,11 +85269,11 @@ index 4bd5d31..3f4c151 100644
6270 {
6271 struct task_struct *task;
6272 int allowed = 0;
6273 -@@ -697,7 +726,10 @@ static int proc_fd_access_allowed(struct inode *inode)
6274 +@@ -698,7 +727,10 @@ static int proc_fd_access_allowed(struct inode *inode)
6275 */
6276 task = get_proc_task(inode);
6277 if (task) {
6278 -- allowed = ptrace_may_access(task, PTRACE_MODE_READ);
6279 +- allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
6280 + if (log)
6281 + allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
6282 + else
6283 @@ -85436,7 +85281,7 @@ index 4bd5d31..3f4c151 100644
6284 put_task_struct(task);
6285 }
6286 return allowed;
6287 -@@ -728,11 +760,36 @@ static bool has_pid_permissions(struct pid_namespace *pid,
6288 +@@ -729,6 +761,30 @@ static bool has_pid_permissions(struct pid_namespace *pid,
6289 struct task_struct *task,
6290 int hide_pid_min)
6291 {
6292 @@ -85467,14 +85312,7 @@ index 4bd5d31..3f4c151 100644
6293 if (pid->hide_pid < hide_pid_min)
6294 return true;
6295 if (in_group_p(pid->pid_gid))
6296 - return true;
6297 -- return ptrace_may_access(task, PTRACE_MODE_READ);
6298 -+
6299 -+ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
6300 - }
6301 -
6302 -
6303 -@@ -749,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
6304 +@@ -750,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
6305 put_task_struct(task);
6306
6307 if (!has_perms) {
6308 @@ -85486,12 +85324,10 @@ index 4bd5d31..3f4c151 100644
6309 /*
6310 * Let's make getdents(), stat(), and open()
6311 * consistent with each other. If a process
6312 -@@ -809,7 +870,11 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
6313 - struct mm_struct *mm = ERR_PTR(-ESRCH);
6314 +@@ -811,6 +871,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
6315
6316 if (task) {
6317 -- mm = mm_access(task, mode);
6318 -+ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
6319 + mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
6320 + if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
6321 + mmput(mm);
6322 + mm = ERR_PTR(-EPERM);
6323 @@ -85499,7 +85335,7 @@ index 4bd5d31..3f4c151 100644
6324 put_task_struct(task);
6325
6326 if (!IS_ERR_OR_NULL(mm)) {
6327 -@@ -831,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
6328 +@@ -832,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
6329 return PTR_ERR(mm);
6330
6331 file->private_data = mm;
6332 @@ -85511,7 +85347,7 @@ index 4bd5d31..3f4c151 100644
6333 return 0;
6334 }
6335
6336 -@@ -852,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
6337 +@@ -853,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
6338 ssize_t copied;
6339 char *page;
6340
6341 @@ -85529,7 +85365,7 @@ index 4bd5d31..3f4c151 100644
6342 if (!mm)
6343 return 0;
6344
6345 -@@ -864,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
6346 +@@ -865,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
6347 goto free;
6348
6349 while (count > 0) {
6350 @@ -85538,7 +85374,7 @@ index 4bd5d31..3f4c151 100644
6351
6352 if (write && copy_from_user(page, buf, this_len)) {
6353 copied = -EFAULT;
6354 -@@ -956,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
6355 +@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
6356 if (!mm)
6357 return 0;
6358
6359 @@ -85552,7 +85388,7 @@ index 4bd5d31..3f4c151 100644
6360 page = (char *)__get_free_page(GFP_TEMPORARY);
6361 if (!page)
6362 return -ENOMEM;
6363 -@@ -965,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
6364 +@@ -966,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
6365 goto free;
6366 while (count > 0) {
6367 size_t this_len, max_len;
6368 @@ -85561,7 +85397,7 @@ index 4bd5d31..3f4c151 100644
6369
6370 if (src >= (mm->env_end - mm->env_start))
6371 break;
6372 -@@ -1571,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
6373 +@@ -1572,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie)
6374 int error = -EACCES;
6375
6376 /* Are we allowed to snoop on the tasks file descriptors? */
6377 @@ -85570,7 +85406,7 @@ index 4bd5d31..3f4c151 100644
6378 goto out;
6379
6380 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
6381 -@@ -1615,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
6382 +@@ -1616,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
6383 struct path path;
6384
6385 /* Are we allowed to snoop on the tasks file descriptors? */
6386 @@ -85591,7 +85427,7 @@ index 4bd5d31..3f4c151 100644
6387
6388 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
6389 if (error)
6390 -@@ -1666,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
6391 +@@ -1667,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
6392 rcu_read_lock();
6393 cred = __task_cred(task);
6394 inode->i_uid = cred->euid;
6395 @@ -85603,7 +85439,7 @@ index 4bd5d31..3f4c151 100644
6396 rcu_read_unlock();
6397 }
6398 security_task_to_inode(task, inode);
6399 -@@ -1702,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
6400 +@@ -1703,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
6401 return -ENOENT;
6402 }
6403 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
6404 @@ -85623,7 +85459,7 @@ index 4bd5d31..3f4c151 100644
6405 }
6406 }
6407 rcu_read_unlock();
6408 -@@ -1743,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
6409 +@@ -1744,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
6410
6411 if (task) {
6412 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
6413 @@ -85644,34 +85480,7 @@ index 4bd5d31..3f4c151 100644
6414 rcu_read_unlock();
6415 } else {
6416 inode->i_uid = GLOBAL_ROOT_UID;
6417 -@@ -1856,7 +1976,7 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags)
6418 - if (!task)
6419 - goto out_notask;
6420 -
6421 -- mm = mm_access(task, PTRACE_MODE_READ);
6422 -+ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
6423 - if (IS_ERR_OR_NULL(mm))
6424 - goto out;
6425 -
6426 -@@ -2007,7 +2127,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir,
6427 - goto out;
6428 -
6429 - result = -EACCES;
6430 -- if (!ptrace_may_access(task, PTRACE_MODE_READ))
6431 -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
6432 - goto out_put_task;
6433 -
6434 - result = -ENOENT;
6435 -@@ -2060,7 +2180,7 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx)
6436 - goto out;
6437 -
6438 - ret = -EACCES;
6439 -- if (!ptrace_may_access(task, PTRACE_MODE_READ))
6440 -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
6441 - goto out_put_task;
6442 -
6443 - ret = 0;
6444 -@@ -2286,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
6445 +@@ -2287,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
6446 if (!task)
6447 goto out_no_task;
6448
6449 @@ -85681,7 +85490,7 @@ index 4bd5d31..3f4c151 100644
6450 /*
6451 * Yes, it does not scale. And it should not. Don't add
6452 * new entries into /proc/<tgid>/ without very good reasons.
6453 -@@ -2316,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
6454 +@@ -2317,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
6455 if (!task)
6456 return -ENOENT;
6457
6458 @@ -85691,16 +85500,17 @@ index 4bd5d31..3f4c151 100644
6459 if (!dir_emit_dots(file, ctx))
6460 goto out;
6461
6462 -@@ -2530,7 +2656,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh
6463 - if (result)
6464 - return result;
6465 -
6466 -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
6467 -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
6468 - result = -EACCES;
6469 - goto out_unlock;
6470 - }
6471 -@@ -2749,7 +2875,7 @@ static const struct pid_entry tgid_base_stuff[] = {
6472 +@@ -2732,7 +2857,9 @@ static const struct inode_operations proc_task_inode_operations;
6473 + static const struct pid_entry tgid_base_stuff[] = {
6474 + DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
6475 + DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
6476 ++#ifndef CONFIG_GRKERNSEC
6477 + DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations),
6478 ++#endif
6479 + DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
6480 + DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
6481 + #ifdef CONFIG_NET
6482 +@@ -2750,7 +2877,7 @@ static const struct pid_entry tgid_base_stuff[] = {
6483 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
6484 #endif
6485 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
6486 @@ -85709,7 +85519,7 @@ index 4bd5d31..3f4c151 100644
6487 ONE("syscall", S_IRUSR, proc_pid_syscall),
6488 #endif
6489 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
6490 -@@ -2774,10 +2900,10 @@ static const struct pid_entry tgid_base_stuff[] = {
6491 +@@ -2775,10 +2902,10 @@ static const struct pid_entry tgid_base_stuff[] = {
6492 #ifdef CONFIG_SECURITY
6493 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
6494 #endif
6495 @@ -85722,7 +85532,7 @@ index 4bd5d31..3f4c151 100644
6496 ONE("stack", S_IRUSR, proc_pid_stack),
6497 #endif
6498 #ifdef CONFIG_SCHED_INFO
6499 -@@ -2811,6 +2937,9 @@ static const struct pid_entry tgid_base_stuff[] = {
6500 +@@ -2812,6 +2939,9 @@ static const struct pid_entry tgid_base_stuff[] = {
6501 #ifdef CONFIG_HARDWALL
6502 ONE("hardwall", S_IRUGO, proc_pid_hardwall),
6503 #endif
6504 @@ -85732,7 +85542,7 @@ index 4bd5d31..3f4c151 100644
6505 #ifdef CONFIG_USER_NS
6506 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
6507 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
6508 -@@ -2943,7 +3072,14 @@ static int proc_pid_instantiate(struct inode *dir,
6509 +@@ -2944,7 +3074,14 @@ static int proc_pid_instantiate(struct inode *dir,
6510 if (!inode)
6511 goto out;
6512
6513 @@ -85747,7 +85557,7 @@ index 4bd5d31..3f4c151 100644
6514 inode->i_op = &proc_tgid_base_inode_operations;
6515 inode->i_fop = &proc_tgid_base_operations;
6516 inode->i_flags|=S_IMMUTABLE;
6517 -@@ -2981,7 +3117,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
6518 +@@ -2982,7 +3119,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
6519 if (!task)
6520 goto out;
6521
6522 @@ -85759,7 +85569,7 @@ index 4bd5d31..3f4c151 100644
6523 put_task_struct(task);
6524 out:
6525 return ERR_PTR(result);
6526 -@@ -3095,7 +3235,7 @@ static const struct pid_entry tid_base_stuff[] = {
6527 +@@ -3096,7 +3237,7 @@ static const struct pid_entry tid_base_stuff[] = {
6528 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
6529 #endif
6530 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
6531 @@ -85768,7 +85578,7 @@ index 4bd5d31..3f4c151 100644
6532 ONE("syscall", S_IRUSR, proc_pid_syscall),
6533 #endif
6534 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
6535 -@@ -3122,10 +3262,10 @@ static const struct pid_entry tid_base_stuff[] = {
6536 +@@ -3123,10 +3264,10 @@ static const struct pid_entry tid_base_stuff[] = {
6537 #ifdef CONFIG_SECURITY
6538 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
6539 #endif
6540 @@ -86166,28 +85976,6 @@ index 9155a5a..abe1823 100644
6541 #endif
6542 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
6543 , K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) *
6544 -diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
6545 -index f6e8354..1b0ea4a 100644
6546 ---- a/fs/proc/namespaces.c
6547 -+++ b/fs/proc/namespaces.c
6548 -@@ -42,7 +42,7 @@ static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie)
6549 - if (!task)
6550 - return error;
6551 -
6552 -- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
6553 -+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
6554 - error = ns_get_path(&ns_path, task, ns_ops);
6555 - if (!error)
6556 - nd_jump_link(&ns_path);
6557 -@@ -63,7 +63,7 @@ static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int bufl
6558 - if (!task)
6559 - return res;
6560 -
6561 -- if (ptrace_may_access(task, PTRACE_MODE_READ)) {
6562 -+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) {
6563 - res = ns_get_name(name, sizeof(name), task, ns_ops);
6564 - if (res >= 0)
6565 - res = readlink_copy(buffer, buflen, name);
6566 diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
6567 index f8595e8..e0d13cbd 100644
6568 --- a/fs/proc/nommu.c
6569 @@ -86623,7 +86411,7 @@ index 510413eb..34d9a8c 100644
6570 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
6571
6572 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
6573 -index 187b3b5..709bb98 100644
6574 +index 09cd3ed..862cbb3 100644
6575 --- a/fs/proc/task_mmu.c
6576 +++ b/fs/proc/task_mmu.c
6577 @@ -14,12 +14,19 @@
6578 @@ -86791,7 +86579,7 @@ index 187b3b5..709bb98 100644
6579 mss.resident >> 10,
6580 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
6581 mss.shared_clean >> 10,
6582 -@@ -1517,6 +1568,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
6583 +@@ -1518,6 +1569,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
6584 char buffer[64];
6585 int nid;
6586
6587 @@ -86805,7 +86593,7 @@ index 187b3b5..709bb98 100644
6588 if (!mm)
6589 return 0;
6590
6591 -@@ -1531,11 +1589,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
6592 +@@ -1532,11 +1590,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
6593 mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
6594 }
6595
6596 @@ -95397,10 +95185,10 @@ index 0000000..39645c9
6597 +}
6598 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
6599 new file mode 100644
6600 -index 0000000..21646aa
6601 +index 0000000..9c6684d
6602 --- /dev/null
6603 +++ b/grsecurity/gracl_segv.c
6604 -@@ -0,0 +1,304 @@
6605 +@@ -0,0 +1,291 @@
6606 +#include <linux/kernel.h>
6607 +#include <linux/mm.h>
6608 +#include <asm/uaccess.h>
6609 @@ -95567,19 +95355,6 @@ index 0000000..21646aa
6610 + return ret;
6611 +}
6612 +
6613 -+static int
6614 -+proc_is_setxid(const struct cred *cred)
6615 -+{
6616 -+ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) ||
6617 -+ !uid_eq(cred->uid, cred->fsuid))
6618 -+ return 1;
6619 -+ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) ||
6620 -+ !gid_eq(cred->gid, cred->fsgid))
6621 -+ return 1;
6622 -+
6623 -+ return 0;
6624 -+}
6625 -+
6626 +extern int gr_fake_force_sig(int sig, struct task_struct *t);
6627 +
6628 +void
6629 @@ -95615,7 +95390,7 @@ index 0000000..21646aa
6630 + time_after(curr->expires, get_seconds())) {
6631 + rcu_read_lock();
6632 + cred = __task_cred(task);
6633 -+ if (gr_is_global_nonroot(cred->uid) && proc_is_setxid(cred)) {
6634 ++ if (gr_is_global_nonroot(cred->uid) && is_privileged_binary(task->mm->exe_file->f_path.dentry)) {
6635 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
6636 + spin_lock(&gr_uid_lock);
6637 + gr_insert_uid(cred->uid, curr->expires);
6638 @@ -97969,7 +97744,7 @@ index 0000000..304c518
6639 +}
6640 diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
6641 new file mode 100644
6642 -index 0000000..f50742d
6643 +index 0000000..a2b8b8f
6644 --- /dev/null
6645 +++ b/grsecurity/grsec_sig.c
6646 @@ -0,0 +1,245 @@
6647 @@ -98066,7 +97841,8 @@ index 0000000..f50742d
6648 + rcu_read_lock();
6649 + read_lock(&tasklist_lock);
6650 + read_lock(&grsec_exec_file_lock);
6651 -+ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) {
6652 ++ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file) &&
6653 ++ !is_privileged_binary(p->mm->exe_file->f_path.dentry)) {
6654 + p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME;
6655 + p->real_parent->brute = 1;
6656 + daemon = 1;
6657 @@ -98211,8 +97987,7 @@ index 0000000..f50742d
6658 + if (sugid_ban_expired(user))
6659 + return 0;
6660 + /* disallow execution of suid/sgid binaries only */
6661 -+ else if (!uid_eq(bprm->cred->euid, current->cred->uid) ||
6662 -+ !gid_eq(bprm->cred->egid, current->cred->gid))
6663 ++ else if (is_privileged_binary(bprm->file->f_path.dentry))
6664 + return -EPERM;
6665 + }
6666 +#endif
6667 @@ -100375,6 +100150,19 @@ index 8609d57..86e4d79 100644
6668 /* handle uniform packets for scsi type devices (scsi,atapi) */
6669 int (*generic_packet) (struct cdrom_device_info *,
6670 struct packet_command *);
6671 +diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
6672 +index 06b77f9d..d08b456 100644
6673 +--- a/include/linux/cgroup-defs.h
6674 ++++ b/include/linux/cgroup-defs.h
6675 +@@ -407,7 +407,7 @@ struct cftype {
6676 + #ifdef CONFIG_DEBUG_LOCK_ALLOC
6677 + struct lock_class_key lockdep_key;
6678 + #endif
6679 +-};
6680 ++} __do_const;
6681 +
6682 + /*
6683 + * Control Group subsystem type.
6684 diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h
6685 index bda5ec0b4..51d8ea1 100644
6686 --- a/include/linux/cleancache.h
6687 @@ -100486,7 +100274,7 @@ index 22ab246..bfa81b0 100644
6688 * Mark a position in code as unreachable. This can be used to
6689 * suppress control flow warnings after asm blocks that transfer
6690 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
6691 -index 4dac103..0e2c40f 100644
6692 +index 6fc9a6d..8ad4c2b 100644
6693 --- a/include/linux/compiler.h
6694 +++ b/include/linux/compiler.h
6695 @@ -5,11 +5,14 @@
6696 @@ -102809,6 +102597,48 @@ index bb3f329..9daed55 100644
6697 static inline void zero_user_segments(struct page *page,
6698 unsigned start1, unsigned end1,
6699 unsigned start2, unsigned end2)
6700 +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
6701 +index 685c262..5d42d36 100644
6702 +--- a/include/linux/hugetlb.h
6703 ++++ b/include/linux/hugetlb.h
6704 +@@ -317,7 +317,7 @@ struct hstate {
6705 + unsigned int surplus_huge_pages_node[MAX_NUMNODES];
6706 + #ifdef CONFIG_CGROUP_HUGETLB
6707 + /* cgroup control files */
6708 +- struct cftype cgroup_files[5];
6709 ++ struct cftype (*cgroup_files)[5];
6710 + #endif
6711 + char name[HSTATE_NAME_LEN];
6712 + };
6713 +diff --git a/include/linux/hugetlb_cgroup.h b/include/linux/hugetlb_cgroup.h
6714 +index 24154c2..43ac947 100644
6715 +--- a/include/linux/hugetlb_cgroup.h
6716 ++++ b/include/linux/hugetlb_cgroup.h
6717 +@@ -26,6 +26,13 @@ struct hugetlb_cgroup;
6718 +
6719 + #ifdef CONFIG_CGROUP_HUGETLB
6720 +
6721 ++enum {
6722 ++ RES_USAGE,
6723 ++ RES_LIMIT,
6724 ++ RES_MAX_USAGE,
6725 ++ RES_FAILCNT,
6726 ++};
6727 ++
6728 + static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
6729 + {
6730 + VM_BUG_ON_PAGE(!PageHuge(page), page);
6731 +@@ -64,6 +71,10 @@ extern void hugetlb_cgroup_file_init(void) __init;
6732 + extern void hugetlb_cgroup_migrate(struct page *oldhpage,
6733 + struct page *newhpage);
6734 +
6735 ++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
6736 ++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
6737 ++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, struct cftype *cft);
6738 ++
6739 + #else
6740 + static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
6741 + {
6742 diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h
6743 index 1c7b89a..7dda400 100644
6744 --- a/include/linux/hwmon-sysfs.h
6745 @@ -104789,41 +104619,6 @@ index 12c4865..2cd7c41 100644
6746
6747 extern struct psci_operations psci_ops;
6748
6749 -diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
6750 -index 061265f..504c98a 100644
6751 ---- a/include/linux/ptrace.h
6752 -+++ b/include/linux/ptrace.h
6753 -@@ -57,7 +57,29 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead);
6754 - #define PTRACE_MODE_READ 0x01
6755 - #define PTRACE_MODE_ATTACH 0x02
6756 - #define PTRACE_MODE_NOAUDIT 0x04
6757 --/* Returns true on success, false on denial. */
6758 -+#define PTRACE_MODE_FSCREDS 0x08
6759 -+#define PTRACE_MODE_REALCREDS 0x10
6760 -+
6761 -+/* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */
6762 -+#define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS)
6763 -+#define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS)
6764 -+#define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS)
6765 -+#define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS)
6766 -+
6767 -+/**
6768 -+ * ptrace_may_access - check whether the caller is permitted to access
6769 -+ * a target task.
6770 -+ * @task: target task
6771 -+ * @mode: selects type of access and caller credentials
6772 -+ *
6773 -+ * Returns true on success, false on denial.
6774 -+ *
6775 -+ * One of the flags PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS must
6776 -+ * be set in @mode to specify whether the access was requested through
6777 -+ * a filesystem syscall (should use effective capabilities and fsuid
6778 -+ * of the caller) or through an explicit syscall such as
6779 -+ * process_vm_writev or ptrace (and should use the real credentials).
6780 -+ */
6781 - extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
6782 -
6783 - static inline int ptrace_reparented(struct task_struct *child)
6784 diff --git a/include/linux/quota.h b/include/linux/quota.h
6785 index b2505ac..5f7ab55 100644
6786 --- a/include/linux/quota.h
6787 @@ -104837,52 +104632,6 @@ index b2505ac..5f7ab55 100644
6788 extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid);
6789 extern bool qid_valid(struct kqid qid);
6790
6791 -diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h
6792 -index 33170db..5d5174b 100644
6793 ---- a/include/linux/radix-tree.h
6794 -+++ b/include/linux/radix-tree.h
6795 -@@ -370,12 +370,28 @@ void **radix_tree_next_chunk(struct radix_tree_root *root,
6796 - struct radix_tree_iter *iter, unsigned flags);
6797 -
6798 - /**
6799 -+ * radix_tree_iter_retry - retry this chunk of the iteration
6800 -+ * @iter: iterator state
6801 -+ *
6802 -+ * If we iterate over a tree protected only by the RCU lock, a race
6803 -+ * against deletion or creation may result in seeing a slot for which
6804 -+ * radix_tree_deref_retry() returns true. If so, call this function
6805 -+ * and continue the iteration.
6806 -+ */
6807 -+static inline __must_check
6808 -+void **radix_tree_iter_retry(struct radix_tree_iter *iter)
6809 -+{
6810 -+ iter->next_index = iter->index;
6811 -+ return NULL;
6812 -+}
6813 -+
6814 -+/**
6815 - * radix_tree_chunk_size - get current chunk size
6816 - *
6817 - * @iter: pointer to radix tree iterator
6818 - * Returns: current chunk size
6819 - */
6820 --static __always_inline unsigned
6821 -+static __always_inline long
6822 - radix_tree_chunk_size(struct radix_tree_iter *iter)
6823 - {
6824 - return iter->next_index - iter->index;
6825 -@@ -409,9 +425,9 @@ radix_tree_next_slot(void **slot, struct radix_tree_iter *iter, unsigned flags)
6826 - return slot + offset + 1;
6827 - }
6828 - } else {
6829 -- unsigned size = radix_tree_chunk_size(iter) - 1;
6830 -+ long size = radix_tree_chunk_size(iter);
6831 -
6832 -- while (size--) {
6833 -+ while (--size > 0) {
6834 - slot++;
6835 - iter->index++;
6836 - if (likely(*slot))
6837 diff --git a/include/linux/random.h b/include/linux/random.h
6838 index a75840c..e7c4305 100644
6839 --- a/include/linux/random.h
6840 @@ -105141,10 +104890,10 @@ index cde976e..ebd6033 100644
6841 #define RIO_RESOURCE_MEM 0x00000100
6842 #define RIO_RESOURCE_DOORBELL 0x00000200
6843 diff --git a/include/linux/rmap.h b/include/linux/rmap.h
6844 -index 29446ae..2a70d02 100644
6845 +index ddda2ac..4c6b6e1 100644
6846 --- a/include/linux/rmap.h
6847 +++ b/include/linux/rmap.h
6848 -@@ -149,8 +149,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
6849 +@@ -135,8 +135,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
6850 void anon_vma_init(void); /* create anon_vma_cachep */
6851 int anon_vma_prepare(struct vm_area_struct *);
6852 void unlink_anon_vmas(struct vm_area_struct *);
6853 @@ -107917,7 +107666,7 @@ index f80e74c..1e64f3c 100644
6854 struct inet_skb_parm h4;
6855 #if IS_ENABLED(CONFIG_IPV6)
6856 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
6857 -index d6f6e50..a173aa7 100644
6858 +index d6f6e50..6fea29e 100644
6859 --- a/include/net/xfrm.h
6860 +++ b/include/net/xfrm.h
6861 @@ -284,7 +284,6 @@ struct xfrm_dst;
6862 @@ -107964,6 +107713,15 @@ index d6f6e50..a173aa7 100644
6863 u32 priority;
6864 u32 index;
6865 struct xfrm_mark mark;
6866 +@@ -603,7 +602,7 @@ struct xfrm_mgr {
6867 + int num_bundles,
6868 + const struct xfrm_kmaddress *k);
6869 + bool (*is_alive)(const struct km_event *c);
6870 +-};
6871 ++} __do_const;
6872 +
6873 + int xfrm_register_km(struct xfrm_mgr *km);
6874 + int xfrm_unregister_km(struct xfrm_mgr *km);
6875 @@ -1172,6 +1171,7 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
6876 }
6877
6878 @@ -109206,7 +108964,7 @@ index b471e5a..cb0c603 100644
6879
6880 /*
6881 diff --git a/ipc/shm.c b/ipc/shm.c
6882 -index 4178727..b22c4d0 100644
6883 +index 3174634..215d679 100644
6884 --- a/ipc/shm.c
6885 +++ b/ipc/shm.c
6886 @@ -72,9 +72,17 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
6887 @@ -109228,7 +108986,7 @@ index 4178727..b22c4d0 100644
6888 ns->shm_ctlall = SHMALL;
6889 ns->shm_ctlmni = SHMMNI;
6890 ns->shm_rmid_forced = 0;
6891 -@@ -555,6 +563,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
6892 +@@ -588,6 +596,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
6893 shp->shm_lprid = 0;
6894 shp->shm_atim = shp->shm_dtim = 0;
6895 shp->shm_ctim = get_seconds();
6896 @@ -109238,7 +108996,7 @@ index 4178727..b22c4d0 100644
6897 shp->shm_segsz = size;
6898 shp->shm_nattch = 0;
6899 shp->shm_file = file;
6900 -@@ -1098,6 +1109,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6901 +@@ -1131,6 +1142,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6902 f_mode = FMODE_READ | FMODE_WRITE;
6903 }
6904 if (shmflg & SHM_EXEC) {
6905 @@ -109251,7 +109009,7 @@ index 4178727..b22c4d0 100644
6906 prot |= PROT_EXEC;
6907 acc_mode |= S_IXUGO;
6908 }
6909 -@@ -1122,6 +1139,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6910 +@@ -1155,6 +1172,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6911 if (err)
6912 goto out_unlock;
6913
6914 @@ -109267,7 +109025,7 @@ index 4178727..b22c4d0 100644
6915 ipc_lock_object(&shp->shm_perm);
6916
6917 /* check if shm_destroy() is tearing down shp */
6918 -@@ -1134,6 +1160,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6919 +@@ -1167,6 +1193,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
6920 path = shp->shm_file->f_path;
6921 path_get(&path);
6922 shp->shm_nattch++;
6923 @@ -109277,7 +109035,7 @@ index 4178727..b22c4d0 100644
6924 size = i_size_read(d_inode(path.dentry));
6925 ipc_unlock_object(&shp->shm_perm);
6926 rcu_read_unlock();
6927 -@@ -1332,7 +1361,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
6928 +@@ -1365,7 +1394,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
6929 static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
6930 {
6931 struct user_namespace *user_ns = seq_user_ns(s);
6932 @@ -109548,10 +109306,92 @@ index 45432b5..988f1e4 100644
6933 +}
6934 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
6935 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
6936 -index 470f653..1aa51fc 100644
6937 +index 470f653..5ea1e67 100644
6938 --- a/kernel/cgroup.c
6939 +++ b/kernel/cgroup.c
6940 -@@ -5725,6 +5725,9 @@ static void cgroup_release_agent(struct work_struct *work)
6941 +@@ -3345,7 +3345,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
6942 + key = &cft->lockdep_key;
6943 + #endif
6944 + kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
6945 +- cgroup_file_mode(cft), 0, cft->kf_ops, cft,
6946 ++ cgroup_file_mode(cft), 0, cft->kf_ops, (void *)cft,
6947 + NULL, key);
6948 + if (IS_ERR(kn))
6949 + return PTR_ERR(kn);
6950 +@@ -3449,11 +3449,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts)
6951 + /* free copy for custom atomic_write_len, see init_cftypes() */
6952 + if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
6953 + kfree(cft->kf_ops);
6954 +- cft->kf_ops = NULL;
6955 +- cft->ss = NULL;
6956 ++
6957 ++ pax_open_kernel();
6958 ++ *(void **)&cft->kf_ops = NULL;
6959 ++ *(void **)&cft->ss = NULL;
6960 +
6961 + /* revert flags set by cgroup core while adding @cfts */
6962 +- cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
6963 ++ *(unsigned int *)&cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
6964 ++ pax_close_kernel();
6965 + }
6966 + }
6967 +
6968 +@@ -3484,8 +3487,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
6969 + kf_ops->atomic_write_len = cft->max_write_len;
6970 + }
6971 +
6972 +- cft->kf_ops = kf_ops;
6973 +- cft->ss = ss;
6974 ++ pax_open_kernel();
6975 ++ *(void **)&cft->kf_ops = kf_ops;
6976 ++ *(void **)&cft->ss = ss;
6977 ++ pax_close_kernel();
6978 + }
6979 +
6980 + return 0;
6981 +@@ -3498,7 +3503,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts)
6982 + if (!cfts || !cfts[0].ss)
6983 + return -ENOENT;
6984 +
6985 +- list_del(&cfts->node);
6986 ++ pax_list_del((struct list_head *)&cfts->node);
6987 + cgroup_apply_cftypes(cfts, false);
6988 + cgroup_exit_cftypes(cfts);
6989 + return 0;
6990 +@@ -3555,7 +3560,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
6991 +
6992 + mutex_lock(&cgroup_mutex);
6993 +
6994 +- list_add_tail(&cfts->node, &ss->cfts);
6995 ++ pax_list_add_tail((struct list_head *)&cfts->node, &ss->cfts);
6996 + ret = cgroup_apply_cftypes(cfts, true);
6997 + if (ret)
6998 + cgroup_rm_cftypes_locked(cfts);
6999 +@@ -3576,8 +3581,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
7000 + {
7001 + struct cftype *cft;
7002 +
7003 ++ pax_open_kernel();
7004 + for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
7005 +- cft->flags |= __CFTYPE_ONLY_ON_DFL;
7006 ++ *(unsigned int *)&cft->flags |= __CFTYPE_ONLY_ON_DFL;
7007 ++ pax_close_kernel();
7008 + return cgroup_add_cftypes(ss, cfts);
7009 + }
7010 +
7011 +@@ -3593,8 +3600,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
7012 + {
7013 + struct cftype *cft;
7014 +
7015 ++ pax_open_kernel();
7016 + for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
7017 +- cft->flags |= __CFTYPE_NOT_ON_DFL;
7018 ++ *(unsigned int *)&cft->flags |= __CFTYPE_NOT_ON_DFL;
7019 ++ pax_close_kernel();
7020 + return cgroup_add_cftypes(ss, cfts);
7021 + }
7022 +
7023 +@@ -5725,6 +5734,9 @@ static void cgroup_release_agent(struct work_struct *work)
7024 if (!pathbuf || !agentbuf)
7025 goto out;
7026
7027 @@ -109561,7 +109401,7 @@ index 470f653..1aa51fc 100644
7028 path = cgroup_path(cgrp, pathbuf, PATH_MAX);
7029 if (!path)
7030 goto out;
7031 -@@ -5900,7 +5903,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
7032 +@@ -5900,7 +5912,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
7033 struct task_struct *task;
7034 int count = 0;
7035
7036 @@ -109980,7 +109820,7 @@ index 41213454..861e178 100644
7037 #ifdef CONFIG_MODULE_UNLOAD
7038 {
7039 diff --git a/kernel/events/core.c b/kernel/events/core.c
7040 -index cfc227c..d0f51f0 100644
7041 +index 1087bbe..d0f51f0 100644
7042 --- a/kernel/events/core.c
7043 +++ b/kernel/events/core.c
7044 @@ -175,8 +175,15 @@ static struct srcu_struct pmus_srcu;
7045 @@ -110018,15 +109858,6 @@ index cfc227c..d0f51f0 100644
7046
7047 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
7048 enum event_type_t event_type);
7049 -@@ -3434,7 +3441,7 @@ find_lively_task_by_vpid(pid_t vpid)
7050 -
7051 - /* Reuse ptrace permission checks for now. */
7052 - err = -EACCES;
7053 -- if (!ptrace_may_access(task, PTRACE_MODE_READ))
7054 -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
7055 - goto errout;
7056 -
7057 - return task;
7058 @@ -3898,9 +3905,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
7059 total += perf_event_count(event);
7060
7061 @@ -110820,7 +110651,7 @@ index 1155eac..0c9bd1f 100644
7062 int threads = max_threads;
7063 int min = MIN_THREADS;
7064 diff --git a/kernel/futex.c b/kernel/futex.c
7065 -index 684d754..ef2bb0f 100644
7066 +index 461c72b..b4f4bd8 100644
7067 --- a/kernel/futex.c
7068 +++ b/kernel/futex.c
7069 @@ -202,7 +202,7 @@ struct futex_pi_state {
7070 @@ -110862,16 +110693,7 @@ index 684d754..ef2bb0f 100644
7071
7072 pagefault_disable();
7073 ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
7074 -@@ -2881,7 +2886,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
7075 - }
7076 -
7077 - ret = -EPERM;
7078 -- if (!ptrace_may_access(p, PTRACE_MODE_READ))
7079 -+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
7080 - goto err_unlock;
7081 -
7082 - head = p->robust_list;
7083 -@@ -3131,6 +3136,7 @@ static void __init futex_detect_cmpxchg(void)
7084 +@@ -3136,6 +3141,7 @@ static void __init futex_detect_cmpxchg(void)
7085 {
7086 #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
7087 u32 curval;
7088 @@ -110879,7 +110701,7 @@ index 684d754..ef2bb0f 100644
7089
7090 /*
7091 * This will fail and we want it. Some arch implementations do
7092 -@@ -3142,8 +3148,11 @@ static void __init futex_detect_cmpxchg(void)
7093 +@@ -3147,8 +3153,11 @@ static void __init futex_detect_cmpxchg(void)
7094 * implementation, the non-functional ones will return
7095 * -ENOSYS.
7096 */
7097 @@ -110892,7 +110714,7 @@ index 684d754..ef2bb0f 100644
7098 }
7099
7100 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
7101 -index 55c8c93..5adee02 100644
7102 +index 4ae3232..5adee02 100644
7103 --- a/kernel/futex_compat.c
7104 +++ b/kernel/futex_compat.c
7105 @@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
7106 @@ -110904,15 +110726,6 @@ index 55c8c93..5adee02 100644
7107 compat_long_t futex_offset)
7108 {
7109 compat_uptr_t base = ptr_to_compat(entry);
7110 -@@ -155,7 +155,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
7111 - }
7112 -
7113 - ret = -EPERM;
7114 -- if (!ptrace_may_access(p, PTRACE_MODE_READ))
7115 -+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
7116 - goto err_unlock;
7117 -
7118 - head = p->compat_robust_list;
7119 diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
7120 index 7080ae1..c9b3761 100644
7121 --- a/kernel/gcov/base.c
7122 @@ -111147,7 +110960,7 @@ index 5c5987f..bc502b0 100644
7123 type, iter->name, iter->module_name);
7124 } else
7125 diff --git a/kernel/kcmp.c b/kernel/kcmp.c
7126 -index 0aa69ea..bcb17e3 100644
7127 +index 3a47fa9..bcb17e3 100644
7128 --- a/kernel/kcmp.c
7129 +++ b/kernel/kcmp.c
7130 @@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
7131 @@ -111161,17 +110974,6 @@ index 0aa69ea..bcb17e3 100644
7132 rcu_read_lock();
7133
7134 /*
7135 -@@ -122,8 +126,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
7136 - &task2->signal->cred_guard_mutex);
7137 - if (ret)
7138 - goto err;
7139 -- if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
7140 -- !ptrace_may_access(task2, PTRACE_MODE_READ)) {
7141 -+ if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) ||
7142 -+ !ptrace_may_access(task2, PTRACE_MODE_READ_REALCREDS)) {
7143 - ret = -EPERM;
7144 - goto err_unlock;
7145 - }
7146 diff --git a/kernel/kexec.c b/kernel/kexec.c
7147 index d873b64..61f7c59 100644
7148 --- a/kernel/kexec.c
7149 @@ -111637,7 +111439,7 @@ index 0551c21..f753f95 100644
7150 debug_mutex_free_waiter(&waiter);
7151 mutex_release(&lock->dep_map, 1, ip);
7152 diff --git a/kernel/module.c b/kernel/module.c
7153 -index 38c7bd5..e1be102 100644
7154 +index 14833e6..659a51a 100644
7155 --- a/kernel/module.c
7156 +++ b/kernel/module.c
7157 @@ -59,6 +59,7 @@
7158 @@ -112567,7 +112369,7 @@ index 38c7bd5..e1be102 100644
7159
7160 module_deallocate(mod, info);
7161 free_copy:
7162 -@@ -3655,10 +3841,16 @@ static const char *get_ksymbol(struct module *mod,
7163 +@@ -3660,10 +3846,16 @@ static const char *get_ksymbol(struct module *mod,
7164 unsigned long nextval;
7165
7166 /* At worse, next value is at end of module */
7167 @@ -112587,7 +112389,7 @@ index 38c7bd5..e1be102 100644
7168
7169 /* Scan for closest preceding symbol, and next symbol. (ELF
7170 starts real symbols at 1). */
7171 -@@ -3905,7 +4097,7 @@ static int m_show(struct seq_file *m, void *p)
7172 +@@ -3909,7 +4101,7 @@ static int m_show(struct seq_file *m, void *p)
7173 return 0;
7174
7175 seq_printf(m, "%s %u",
7176 @@ -112596,7 +112398,7 @@ index 38c7bd5..e1be102 100644
7177 print_unload_info(m, mod);
7178
7179 /* Informative for users. */
7180 -@@ -3914,7 +4106,7 @@ static int m_show(struct seq_file *m, void *p)
7181 +@@ -3918,7 +4110,7 @@ static int m_show(struct seq_file *m, void *p)
7182 mod->state == MODULE_STATE_COMING ? "Loading" :
7183 "Live");
7184 /* Used by oprofile and other similar tools. */
7185 @@ -112605,7 +112407,7 @@ index 38c7bd5..e1be102 100644
7186
7187 /* Taints info */
7188 if (mod->taints)
7189 -@@ -3950,7 +4142,17 @@ static const struct file_operations proc_modules_operations = {
7190 +@@ -3954,7 +4146,17 @@ static const struct file_operations proc_modules_operations = {
7191
7192 static int __init proc_modules_init(void)
7193 {
7194 @@ -112623,7 +112425,7 @@ index 38c7bd5..e1be102 100644
7195 return 0;
7196 }
7197 module_init(proc_modules_init);
7198 -@@ -4011,7 +4213,8 @@ struct module *__module_address(unsigned long addr)
7199 +@@ -4015,7 +4217,8 @@ struct module *__module_address(unsigned long addr)
7200 {
7201 struct module *mod;
7202
7203 @@ -112633,7 +112435,7 @@ index 38c7bd5..e1be102 100644
7204 return NULL;
7205
7206 module_assert_mutex_or_preempt();
7207 -@@ -4054,11 +4257,20 @@ bool is_module_text_address(unsigned long addr)
7208 +@@ -4058,11 +4261,20 @@ bool is_module_text_address(unsigned long addr)
7209 */
7210 struct module *__module_text_address(unsigned long addr)
7211 {
7212 @@ -112977,10 +112779,10 @@ index 99513e1..0caa643 100644
7213 }
7214
7215 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
7216 -index b760bae..fe8f48d 100644
7217 +index 3189e51..fcc8509 100644
7218 --- a/kernel/ptrace.c
7219 +++ b/kernel/ptrace.c
7220 -@@ -207,18 +207,46 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
7221 +@@ -207,12 +207,32 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
7222 return ret;
7223 }
7224
7225 @@ -113016,65 +112818,16 @@ index b760bae..fe8f48d 100644
7226 }
7227
7228 /* Returns 0 on success, -errno on denial. */
7229 - static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
7230 - {
7231 - const struct cred *cred = current_cred(), *tcred;
7232 -+ kuid_t caller_uid;
7233 -+ kgid_t caller_gid;
7234 -+ int dumpable = 0;
7235 -+
7236 -+ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
7237 -+ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
7238 -+ return -EPERM;
7239 -+ }
7240 -
7241 - /* May we inspect the given task?
7242 - * This check is used both for attaching with ptrace
7243 -@@ -228,20 +256,35 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
7244 - * because setting up the necessary parent/child relationship
7245 - * or halting the specified task is impossible.
7246 - */
7247 -- int dumpable = 0;
7248 -+
7249 - /* Don't let security modules deny introspection */
7250 - if (same_thread_group(task, current))
7251 - return 0;
7252 - rcu_read_lock();
7253 -+ if (mode & PTRACE_MODE_FSCREDS) {
7254 -+ caller_uid = cred->fsuid;
7255 -+ caller_gid = cred->fsgid;
7256 -+ } else {
7257 -+ /*
7258 -+ * Using the euid would make more sense here, but something
7259 -+ * in userland might rely on the old behavior, and this
7260 -+ * shouldn't be a security problem since
7261 -+ * PTRACE_MODE_REALCREDS implies that the caller explicitly
7262 -+ * used a syscall that requests access to another process
7263 -+ * (and not a filesystem syscall to procfs).
7264 -+ */
7265 -+ caller_uid = cred->uid;
7266 -+ caller_gid = cred->gid;
7267 -+ }
7268 - tcred = __task_cred(task);
7269 -- if (uid_eq(cred->uid, tcred->euid) &&
7270 -- uid_eq(cred->uid, tcred->suid) &&
7271 -- uid_eq(cred->uid, tcred->uid) &&
7272 -- gid_eq(cred->gid, tcred->egid) &&
7273 -- gid_eq(cred->gid, tcred->sgid) &&
7274 -- gid_eq(cred->gid, tcred->gid))
7275 -+ if (uid_eq(caller_uid, tcred->euid) &&
7276 -+ uid_eq(caller_uid, tcred->suid) &&
7277 -+ uid_eq(caller_uid, tcred->uid) &&
7278 -+ gid_eq(caller_gid, tcred->egid) &&
7279 -+ gid_eq(caller_gid, tcred->sgid) &&
7280 -+ gid_eq(caller_gid, tcred->gid))
7281 +@@ -264,7 +284,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
7282 + gid_eq(caller_gid, tcred->sgid) &&
7283 + gid_eq(caller_gid, tcred->gid))
7284 goto ok;
7285 - if (ptrace_has_cap(tcred->user_ns, mode))
7286 + if (ptrace_has_cap(tcred, mode))
7287 goto ok;
7288 rcu_read_unlock();
7289 return -EPERM;
7290 -@@ -252,7 +295,7 @@ ok:
7291 +@@ -275,7 +295,7 @@ ok:
7292 dumpable = get_dumpable(task->mm);
7293 rcu_read_lock();
7294 if (dumpable != SUID_DUMP_USER &&
7295 @@ -113083,16 +112836,7 @@ index b760bae..fe8f48d 100644
7296 rcu_read_unlock();
7297 return -EPERM;
7298 }
7299 -@@ -306,7 +349,7 @@ static int ptrace_attach(struct task_struct *task, long request,
7300 - goto out;
7301 -
7302 - task_lock(task);
7303 -- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
7304 -+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
7305 - task_unlock(task);
7306 - if (retval)
7307 - goto unlock_creds;
7308 -@@ -321,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request,
7309 +@@ -344,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request,
7310 if (seize)
7311 flags |= PT_SEIZED;
7312 rcu_read_lock();
7313 @@ -113101,7 +112845,7 @@ index b760bae..fe8f48d 100644
7314 flags |= PT_PTRACE_CAP;
7315 rcu_read_unlock();
7316 task->ptrace = flags;
7317 -@@ -514,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
7318 +@@ -537,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
7319 break;
7320 return -EIO;
7321 }
7322 @@ -113110,7 +112854,7 @@ index b760bae..fe8f48d 100644
7323 return -EFAULT;
7324 copied += retval;
7325 src += retval;
7326 -@@ -815,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request,
7327 +@@ -838,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request,
7328 bool seized = child->ptrace & PT_SEIZED;
7329 int ret = -EIO;
7330 siginfo_t siginfo, *si;
7331 @@ -113119,7 +112863,7 @@ index b760bae..fe8f48d 100644
7332 unsigned long __user *datalp = datavp;
7333 unsigned long flags;
7334
7335 -@@ -1066,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
7336 +@@ -1089,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
7337 goto out;
7338 }
7339
7340 @@ -113142,7 +112886,7 @@ index b760bae..fe8f48d 100644
7341 goto out_put_task_struct;
7342 }
7343
7344 -@@ -1101,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
7345 +@@ -1124,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
7346 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
7347 if (copied != sizeof(tmp))
7348 return -EIO;
7349 @@ -113151,7 +112895,7 @@ index b760bae..fe8f48d 100644
7350 }
7351
7352 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
7353 -@@ -1194,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
7354 +@@ -1217,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
7355 }
7356
7357 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
7358 @@ -113160,7 +112904,7 @@ index b760bae..fe8f48d 100644
7359 {
7360 struct task_struct *child;
7361 long ret;
7362 -@@ -1210,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
7363 +@@ -1233,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
7364 goto out;
7365 }
7366
7367 @@ -114261,7 +114005,7 @@ index 479e443..66d845e1 100644
7368 .thread_should_run = ksoftirqd_should_run,
7369 .thread_fn = run_ksoftirqd,
7370 diff --git a/kernel/sys.c b/kernel/sys.c
7371 -index 6af9212..e1f1adf 100644
7372 +index 78947de..cb182d1 100644
7373 --- a/kernel/sys.c
7374 +++ b/kernel/sys.c
7375 @@ -160,6 +160,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
7376 @@ -114915,7 +114659,7 @@ index f5e86d2..33a4099 100644
7377 .clock_get = thread_cpu_clock_get,
7378 .timer_create = thread_cpu_timer_create,
7379 diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
7380 -index 31d11ac..5a3bb13 100644
7381 +index f2826c3..c8d9d80 100644
7382 --- a/kernel/time/posix-timers.c
7383 +++ b/kernel/time/posix-timers.c
7384 @@ -43,6 +43,7 @@
7385 @@ -116229,7 +115973,7 @@ index 62a698a..32327d08 100644
7386 u32 high = divisor >> 32;
7387 u64 quot;
7388 diff --git a/lib/dma-debug.c b/lib/dma-debug.c
7389 -index d34bd24..77b953c 100644
7390 +index 4a1515f4..baea985 100644
7391 --- a/lib/dma-debug.c
7392 +++ b/lib/dma-debug.c
7393 @@ -982,7 +982,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
7394 @@ -116695,7 +116439,7 @@ index 6111bcb..02e816b 100644
7395 static DECLARE_WAIT_QUEUE_HEAD(percpu_ref_switch_waitq);
7396
7397 diff --git a/lib/radix-tree.c b/lib/radix-tree.c
7398 -index fcf5d98..4811f49 100644
7399 +index 6b79e90..4811f49 100644
7400 --- a/lib/radix-tree.c
7401 +++ b/lib/radix-tree.c
7402 @@ -68,7 +68,7 @@ struct radix_tree_preload {
7403 @@ -116707,36 +116451,6 @@ index fcf5d98..4811f49 100644
7404
7405 static inline void *ptr_to_indirect(void *ptr)
7406 {
7407 -@@ -1019,9 +1019,13 @@ radix_tree_gang_lookup(struct radix_tree_root *root, void **results,
7408 - return 0;
7409 -
7410 - radix_tree_for_each_slot(slot, root, &iter, first_index) {
7411 -- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot));
7412 -+ results[ret] = rcu_dereference_raw(*slot);
7413 - if (!results[ret])
7414 - continue;
7415 -+ if (radix_tree_is_indirect_ptr(results[ret])) {
7416 -+ slot = radix_tree_iter_retry(&iter);
7417 -+ continue;
7418 -+ }
7419 - if (++ret == max_items)
7420 - break;
7421 - }
7422 -@@ -1098,9 +1102,13 @@ radix_tree_gang_lookup_tag(struct radix_tree_root *root, void **results,
7423 - return 0;
7424 -
7425 - radix_tree_for_each_tagged(slot, root, &iter, first_index, tag) {
7426 -- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot));
7427 -+ results[ret] = rcu_dereference_raw(*slot);
7428 - if (!results[ret])
7429 - continue;
7430 -+ if (radix_tree_is_indirect_ptr(results[ret])) {
7431 -+ slot = radix_tree_iter_retry(&iter);
7432 -+ continue;
7433 -+ }
7434 - if (++ret == max_items)
7435 - break;
7436 - }
7437 diff --git a/lib/random32.c b/lib/random32.c
7438 index 1211191..63e8a83 100644
7439 --- a/lib/random32.c
7440 @@ -117188,10 +116902,72 @@ index 123bcd3..c2c85db 100644
7441 pkmap_count[last_pkmap_nr] = 1;
7442 set_page_address(page, (void *)vaddr);
7443 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
7444 -index ef6963b..753a1e6 100644
7445 +index ef6963b..09c45dc 100644
7446 --- a/mm/hugetlb.c
7447 +++ b/mm/hugetlb.c
7448 -@@ -2780,6 +2780,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
7449 +@@ -39,7 +39,60 @@ int hugepages_treat_as_movable;
7450 +
7451 + int hugetlb_max_hstate __read_mostly;
7452 + unsigned int default_hstate_idx;
7453 +-struct hstate hstates[HUGE_MAX_HSTATE];
7454 ++
7455 ++#ifdef CONFIG_CGROUP_HUGETLB
7456 ++static struct cftype hugetlb_files[HUGE_MAX_HSTATE][5] = {
7457 ++# define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
7458 ++# define CFTYPE_INIT(idx) \
7459 ++ { /* Add the limit file */ \
7460 ++ [0] = { .private = MEMFILE_PRIVATE(idx, RES_LIMIT), \
7461 ++ .read_u64 = hugetlb_cgroup_read_u64, \
7462 ++ .write = hugetlb_cgroup_write, }, \
7463 ++ /* Add the usage file */ \
7464 ++ [1] = { .private = MEMFILE_PRIVATE(idx, RES_USAGE), \
7465 ++ .read_u64 = hugetlb_cgroup_read_u64, }, \
7466 ++ /* Add the MAX usage file */ \
7467 ++ [2] = { .private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE), \
7468 ++ .write = hugetlb_cgroup_reset, \
7469 ++ .read_u64 = hugetlb_cgroup_read_u64, }, \
7470 ++ /* Add the failcntfile */ \
7471 ++ [3] = { .private = MEMFILE_PRIVATE(idx, RES_FAILCNT), \
7472 ++ .write = hugetlb_cgroup_reset, \
7473 ++ .read_u64 = hugetlb_cgroup_read_u64, }, \
7474 ++ [4] = { /* NULL terminator */ }, \
7475 ++ }
7476 ++
7477 ++# if HUGE_MAX_HSTATE > 0
7478 ++ [0] = CFTYPE_INIT(0),
7479 ++# endif
7480 ++# if HUGE_MAX_HSTATE > 1
7481 ++ [1] = CFTYPE_INIT(1),
7482 ++# endif
7483 ++# if HUGE_MAX_HSTATE > 2
7484 ++# error PaX: add more initializers...
7485 ++# endif
7486 ++
7487 ++# undef CFTYPE_INIT
7488 ++};
7489 ++#endif
7490 ++
7491 ++struct hstate hstates[HUGE_MAX_HSTATE] = {
7492 ++#ifdef CONFIG_CGROUP_HUGETLB
7493 ++# define HSTATE_INIT(idx) [idx] = { .cgroup_files = &hugetlb_files[idx] }
7494 ++
7495 ++# if HUGE_MAX_HSTATE > 0
7496 ++ HSTATE_INIT(0),
7497 ++# endif
7498 ++# if HUGE_MAX_HSTATE > 1
7499 ++ HSTATE_INIT(1),
7500 ++# endif
7501 ++# if HUGE_MAX_HSTATE > 2
7502 ++# error PaX: add more initializers...
7503 ++# endif
7504 ++
7505 ++# undef HSTATE_INIT
7506 ++#endif
7507 ++};
7508 + /*
7509 + * Minimum page order among possible hugepage sizes, set to a proper value
7510 + * at boot time.
7511 +@@ -2780,6 +2833,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
7512 struct ctl_table *table, int write,
7513 void __user *buffer, size_t *length, loff_t *ppos)
7514 {
7515 @@ -117199,7 +116975,7 @@ index ef6963b..753a1e6 100644
7516 struct hstate *h = &default_hstate;
7517 unsigned long tmp = h->max_huge_pages;
7518 int ret;
7519 -@@ -2787,9 +2788,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
7520 +@@ -2787,9 +2841,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
7521 if (!hugepages_supported())
7522 return -ENOTSUPP;
7523
7524 @@ -117213,7 +116989,7 @@ index ef6963b..753a1e6 100644
7525 if (ret)
7526 goto out;
7527
7528 -@@ -2824,6 +2826,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
7529 +@@ -2824,6 +2879,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
7530 struct hstate *h = &default_hstate;
7531 unsigned long tmp;
7532 int ret;
7533 @@ -117221,7 +116997,7 @@ index ef6963b..753a1e6 100644
7534
7535 if (!hugepages_supported())
7536 return -ENOTSUPP;
7537 -@@ -2833,9 +2836,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
7538 +@@ -2833,9 +2889,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
7539 if (write && hstate_is_gigantic(h))
7540 return -EINVAL;
7541
7542 @@ -117235,7 +117011,7 @@ index ef6963b..753a1e6 100644
7543 if (ret)
7544 goto out;
7545
7546 -@@ -3341,6 +3345,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
7547 +@@ -3341,6 +3398,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
7548 i_mmap_unlock_write(mapping);
7549 }
7550
7551 @@ -117263,7 +117039,7 @@ index ef6963b..753a1e6 100644
7552 /*
7553 * Hugetlb_cow() should be called with page lock of the original hugepage held.
7554 * Called with hugetlb_instantiation_mutex held and pte_page locked so we
7555 -@@ -3454,6 +3479,11 @@ retry_avoidcopy:
7556 +@@ -3454,6 +3532,11 @@ retry_avoidcopy:
7557 make_huge_pte(vma, new_page, 1));
7558 page_remove_rmap(old_page);
7559 hugepage_add_new_anon_rmap(new_page, vma, address);
7560 @@ -117275,7 +117051,7 @@ index ef6963b..753a1e6 100644
7561 /* Make the old page be freed below */
7562 new_page = old_page;
7563 }
7564 -@@ -3627,6 +3657,10 @@ retry:
7565 +@@ -3627,6 +3710,10 @@ retry:
7566 && (vma->vm_flags & VM_SHARED)));
7567 set_huge_pte_at(mm, address, ptep, new_pte);
7568
7569 @@ -117286,7 +117062,7 @@ index ef6963b..753a1e6 100644
7570 hugetlb_count_add(pages_per_huge_page(h), mm);
7571 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
7572 /* Optimization, do the COW without a second fault */
7573 -@@ -3695,6 +3729,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
7574 +@@ -3695,6 +3782,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
7575 struct address_space *mapping;
7576 int need_wait_lock = 0;
7577
7578 @@ -117297,7 +117073,7 @@ index ef6963b..753a1e6 100644
7579 address &= huge_page_mask(h);
7580
7581 ptep = huge_pte_offset(mm, address);
7582 -@@ -3712,6 +3750,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
7583 +@@ -3712,6 +3803,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
7584 return VM_FAULT_OOM;
7585 }
7586
7587 @@ -117324,6 +117100,112 @@ index ef6963b..753a1e6 100644
7588 mapping = vma->vm_file->f_mapping;
7589 idx = vma_hugecache_offset(h, vma, address);
7590
7591 +diff --git a/mm/hugetlb_cgroup.c b/mm/hugetlb_cgroup.c
7592 +index d8fb10d..8606223 100644
7593 +--- a/mm/hugetlb_cgroup.c
7594 ++++ b/mm/hugetlb_cgroup.c
7595 +@@ -27,7 +27,6 @@ struct hugetlb_cgroup {
7596 + struct page_counter hugepage[HUGE_MAX_HSTATE];
7597 + };
7598 +
7599 +-#define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
7600 + #define MEMFILE_IDX(val) (((val) >> 16) & 0xffff)
7601 + #define MEMFILE_ATTR(val) ((val) & 0xffff)
7602 +
7603 +@@ -238,14 +237,7 @@ void hugetlb_cgroup_uncharge_cgroup(int idx, unsigned long nr_pages,
7604 + return;
7605 + }
7606 +
7607 +-enum {
7608 +- RES_USAGE,
7609 +- RES_LIMIT,
7610 +- RES_MAX_USAGE,
7611 +- RES_FAILCNT,
7612 +-};
7613 +-
7614 +-static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
7615 ++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
7616 + struct cftype *cft)
7617 + {
7618 + struct page_counter *counter;
7619 +@@ -269,7 +261,7 @@ static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
7620 +
7621 + static DEFINE_MUTEX(hugetlb_limit_mutex);
7622 +
7623 +-static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
7624 ++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
7625 + char *buf, size_t nbytes, loff_t off)
7626 + {
7627 + int ret, idx;
7628 +@@ -299,7 +291,7 @@ static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
7629 + return ret ?: nbytes;
7630 + }
7631 +
7632 +-static ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
7633 ++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
7634 + char *buf, size_t nbytes, loff_t off)
7635 + {
7636 + int ret = 0;
7637 +@@ -335,46 +327,26 @@ static char *mem_fmt(char *buf, int size, unsigned long hsize)
7638 +
7639 + static void __init __hugetlb_cgroup_file_init(int idx)
7640 + {
7641 ++ char names[4][MAX_CFTYPE_NAME];
7642 + char buf[32];
7643 +- struct cftype *cft;
7644 + struct hstate *h = &hstates[idx];
7645 +
7646 + /* format the size */
7647 + mem_fmt(buf, 32, huge_page_size(h));
7648 +-
7649 +- /* Add the limit file */
7650 +- cft = &h->cgroup_files[0];
7651 +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
7652 +- cft->private = MEMFILE_PRIVATE(idx, RES_LIMIT);
7653 +- cft->read_u64 = hugetlb_cgroup_read_u64;
7654 +- cft->write = hugetlb_cgroup_write;
7655 +-
7656 +- /* Add the usage file */
7657 +- cft = &h->cgroup_files[1];
7658 +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
7659 +- cft->private = MEMFILE_PRIVATE(idx, RES_USAGE);
7660 +- cft->read_u64 = hugetlb_cgroup_read_u64;
7661 +-
7662 +- /* Add the MAX usage file */
7663 +- cft = &h->cgroup_files[2];
7664 +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
7665 +- cft->private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE);
7666 +- cft->write = hugetlb_cgroup_reset;
7667 +- cft->read_u64 = hugetlb_cgroup_read_u64;
7668 +-
7669 +- /* Add the failcntfile */
7670 +- cft = &h->cgroup_files[3];
7671 +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.failcnt", buf);
7672 +- cft->private = MEMFILE_PRIVATE(idx, RES_FAILCNT);
7673 +- cft->write = hugetlb_cgroup_reset;
7674 +- cft->read_u64 = hugetlb_cgroup_read_u64;
7675 +-
7676 +- /* NULL terminate the last cft */
7677 +- cft = &h->cgroup_files[4];
7678 +- memset(cft, 0, sizeof(*cft));
7679 ++ snprintf(names[0], MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
7680 ++ snprintf(names[1], MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
7681 ++ snprintf(names[2], MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
7682 ++ snprintf(names[3], MAX_CFTYPE_NAME, "%s.failcnt", buf);
7683 ++
7684 ++ pax_open_kernel();
7685 ++ strncpy((void *)h->cgroup_files[0]->name, names[0], MAX_CFTYPE_NAME);
7686 ++ strncpy((void *)h->cgroup_files[1]->name, names[1], MAX_CFTYPE_NAME);
7687 ++ strncpy((void *)h->cgroup_files[2]->name, names[2], MAX_CFTYPE_NAME);
7688 ++ strncpy((void *)h->cgroup_files[3]->name, names[3], MAX_CFTYPE_NAME);
7689 ++ pax_close_kernel();
7690 +
7691 + WARN_ON(cgroup_add_legacy_cftypes(&hugetlb_cgrp_subsys,
7692 +- h->cgroup_files));
7693 ++ *h->cgroup_files));
7694 + }
7695 +
7696 + void __init hugetlb_cgroup_file_init(void)
7697 diff --git a/mm/internal.h b/mm/internal.h
7698 index 38e24b8..73ff43d 100644
7699 --- a/mm/internal.h
7700 @@ -117468,7 +117350,7 @@ index c889fcb..f181221 100644
7701 if (end == start)
7702 return error;
7703 diff --git a/mm/memcontrol.c b/mm/memcontrol.c
7704 -index fc10620..cfa8635 100644
7705 +index ee6acd2..e83259e 100644
7706 --- a/mm/memcontrol.c
7707 +++ b/mm/memcontrol.c
7708 @@ -809,7 +809,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
7709 @@ -117499,7 +117381,7 @@ index fc10620..cfa8635 100644
7710 }
7711
7712 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
7713 -index 8424b64..4bc9d7d 100644
7714 +index 750b789..b1b1b59 100644
7715 --- a/mm/memory-failure.c
7716 +++ b/mm/memory-failure.c
7717 @@ -64,7 +64,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
7718 @@ -118293,7 +118175,7 @@ index 7890d0b..00200c6 100644
7719 err = -EPERM;
7720 goto out;
7721 diff --git a/mm/mlock.c b/mm/mlock.c
7722 -index 339d9e0..03bc5fa 100644
7723 +index d6006b1..a72cbda 100644
7724 --- a/mm/mlock.c
7725 +++ b/mm/mlock.c
7726 @@ -14,6 +14,7 @@
7727 @@ -118390,7 +118272,7 @@ index fdadf91..5f527d1 100644
7728 .priority = IPC_CALLBACK_PRI, /* use lowest priority */
7729 };
7730 diff --git a/mm/mmap.c b/mm/mmap.c
7731 -index 2ce04a6..c085c24 100644
7732 +index 455772a..5ce0964 100644
7733 --- a/mm/mmap.c
7734 +++ b/mm/mmap.c
7735 @@ -42,6 +42,7 @@
7736 @@ -118486,7 +118368,7 @@ index 2ce04a6..c085c24 100644
7737 mm->end_data, mm->start_data))
7738 goto out;
7739
7740 -@@ -973,6 +1002,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
7741 +@@ -977,6 +1006,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
7742 pgoff_t vm_pgoff,
7743 struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
7744 {
7745 @@ -118499,7 +118381,7 @@ index 2ce04a6..c085c24 100644
7746 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
7747 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
7748 if (vma->vm_pgoff == vm_pgoff)
7749 -@@ -994,6 +1029,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
7750 +@@ -998,6 +1033,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
7751 pgoff_t vm_pgoff,
7752 struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
7753 {
7754 @@ -118512,7 +118394,7 @@ index 2ce04a6..c085c24 100644
7755 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
7756 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
7757 pgoff_t vm_pglen;
7758 -@@ -1044,6 +1085,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7759 +@@ -1048,6 +1089,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7760 struct vm_area_struct *area, *next;
7761 int err;
7762
7763 @@ -118526,7 +118408,7 @@ index 2ce04a6..c085c24 100644
7764 /*
7765 * We later require that vma->vm_flags == vm_flags,
7766 * so this tests vma->vm_flags & VM_SPECIAL, too.
7767 -@@ -1059,6 +1107,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7768 +@@ -1063,6 +1111,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7769 if (next && next->vm_end == end) /* cases 6, 7, 8 */
7770 next = next->vm_next;
7771
7772 @@ -118542,7 +118424,7 @@ index 2ce04a6..c085c24 100644
7773 /*
7774 * Can it merge with the predecessor?
7775 */
7776 -@@ -1081,9 +1138,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7777 +@@ -1085,9 +1142,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7778 /* cases 1, 6 */
7779 err = vma_adjust(prev, prev->vm_start,
7780 next->vm_end, prev->vm_pgoff, NULL);
7781 @@ -118568,7 +118450,7 @@ index 2ce04a6..c085c24 100644
7782 if (err)
7783 return NULL;
7784 khugepaged_enter_vma_merge(prev, vm_flags);
7785 -@@ -1098,12 +1170,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7786 +@@ -1102,12 +1174,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
7787 can_vma_merge_before(next, vm_flags,
7788 anon_vma, file, pgoff+pglen,
7789 vm_userfaultfd_ctx)) {
7790 @@ -118598,7 +118480,7 @@ index 2ce04a6..c085c24 100644
7791 if (err)
7792 return NULL;
7793 khugepaged_enter_vma_merge(area, vm_flags);
7794 -@@ -1212,8 +1299,10 @@ none:
7795 +@@ -1216,8 +1303,10 @@ none:
7796 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
7797 struct file *file, long pages)
7798 {
7799 @@ -118611,7 +118493,7 @@ index 2ce04a6..c085c24 100644
7800
7801 mm->total_vm += pages;
7802
7803 -@@ -1221,7 +1310,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
7804 +@@ -1225,7 +1314,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
7805 mm->shared_vm += pages;
7806 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
7807 mm->exec_vm += pages;
7808 @@ -118620,7 +118502,7 @@ index 2ce04a6..c085c24 100644
7809 mm->stack_vm += pages;
7810 }
7811 #endif /* CONFIG_PROC_FS */
7812 -@@ -1251,6 +1340,10 @@ static inline int mlock_future_check(struct mm_struct *mm,
7813 +@@ -1255,6 +1344,10 @@ static inline int mlock_future_check(struct mm_struct *mm,
7814 locked += mm->locked_vm;
7815 lock_limit = rlimit(RLIMIT_MEMLOCK);
7816 lock_limit >>= PAGE_SHIFT;
7817 @@ -118631,7 +118513,7 @@ index 2ce04a6..c085c24 100644
7818 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
7819 return -EAGAIN;
7820 }
7821 -@@ -1278,7 +1371,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7822 +@@ -1282,7 +1375,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7823 * (the exception is when the underlying filesystem is noexec
7824 * mounted, in which case we dont add PROT_EXEC.)
7825 */
7826 @@ -118640,7 +118522,7 @@ index 2ce04a6..c085c24 100644
7827 if (!(file && path_noexec(&file->f_path)))
7828 prot |= PROT_EXEC;
7829
7830 -@@ -1301,7 +1394,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7831 +@@ -1305,7 +1398,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7832 /* Obtain the address to map to. we verify (or select) it and ensure
7833 * that it represents a valid section of the address space.
7834 */
7835 @@ -118649,7 +118531,7 @@ index 2ce04a6..c085c24 100644
7836 if (offset_in_page(addr))
7837 return addr;
7838
7839 -@@ -1312,6 +1405,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7840 +@@ -1316,6 +1409,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7841 vm_flags |= calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
7842 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
7843
7844 @@ -118693,7 +118575,7 @@ index 2ce04a6..c085c24 100644
7845 if (flags & MAP_LOCKED)
7846 if (!can_do_mlock())
7847 return -EPERM;
7848 -@@ -1399,6 +1529,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7849 +@@ -1403,6 +1533,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
7850 vm_flags |= VM_NORESERVE;
7851 }
7852
7853 @@ -118703,7 +118585,7 @@ index 2ce04a6..c085c24 100644
7854 addr = mmap_region(file, addr, len, vm_flags, pgoff);
7855 if (!IS_ERR_VALUE(addr) &&
7856 ((vm_flags & VM_LOCKED) ||
7857 -@@ -1492,7 +1625,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
7858 +@@ -1496,7 +1629,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
7859 const struct vm_operations_struct *vm_ops = vma->vm_ops;
7860
7861 /* If it was private or non-writable, the write bit is already clear */
7862 @@ -118712,7 +118594,7 @@ index 2ce04a6..c085c24 100644
7863 return 0;
7864
7865 /* The backer wishes to know when pages are first written to? */
7866 -@@ -1543,7 +1676,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7867 +@@ -1547,7 +1680,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7868 struct rb_node **rb_link, *rb_parent;
7869 unsigned long charged = 0;
7870
7871 @@ -118735,7 +118617,7 @@ index 2ce04a6..c085c24 100644
7872 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) {
7873 unsigned long nr_pages;
7874
7875 -@@ -1565,6 +1713,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7876 +@@ -1569,6 +1717,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7877 &rb_parent)) {
7878 if (do_munmap(mm, addr, len))
7879 return -ENOMEM;
7880 @@ -118743,7 +118625,7 @@ index 2ce04a6..c085c24 100644
7881 }
7882
7883 /*
7884 -@@ -1596,6 +1745,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7885 +@@ -1600,6 +1749,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7886 goto unacct_error;
7887 }
7888
7889 @@ -118760,7 +118642,7 @@ index 2ce04a6..c085c24 100644
7890 vma->vm_mm = mm;
7891 vma->vm_start = addr;
7892 vma->vm_end = addr + len;
7893 -@@ -1626,6 +1785,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7894 +@@ -1630,6 +1789,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7895 if (error)
7896 goto unmap_and_free_vma;
7897
7898 @@ -118774,7 +118656,7 @@ index 2ce04a6..c085c24 100644
7899 /* Can addr have changed??
7900 *
7901 * Answer: Yes, several device drivers can do it in their
7902 -@@ -1644,6 +1810,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7903 +@@ -1648,6 +1814,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
7904 }
7905
7906 vma_link(mm, vma, prev, rb_link, rb_parent);
7907 @@ -118787,7 +118669,7 @@ index 2ce04a6..c085c24 100644
7908 /* Once vma denies write, undo our temporary denial count */
7909 if (file) {
7910 if (vm_flags & VM_SHARED)
7911 -@@ -1656,6 +1828,7 @@ out:
7912 +@@ -1660,6 +1832,7 @@ out:
7913 perf_event_mmap(vma);
7914
7915 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
7916 @@ -118795,7 +118677,7 @@ index 2ce04a6..c085c24 100644
7917 if (vm_flags & VM_LOCKED) {
7918 if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
7919 vma == get_gate_vma(current->mm)))
7920 -@@ -1693,6 +1866,12 @@ allow_write_and_free_vma:
7921 +@@ -1697,6 +1870,12 @@ allow_write_and_free_vma:
7922 if (vm_flags & VM_DENYWRITE)
7923 allow_write_access(file);
7924 free_vma:
7925 @@ -118808,7 +118690,7 @@ index 2ce04a6..c085c24 100644
7926 kmem_cache_free(vm_area_cachep, vma);
7927 unacct_error:
7928 if (charged)
7929 -@@ -1700,7 +1879,63 @@ unacct_error:
7930 +@@ -1704,7 +1883,63 @@ unacct_error:
7931 return error;
7932 }
7933
7934 @@ -118873,7 +118755,7 @@ index 2ce04a6..c085c24 100644
7935 {
7936 /*
7937 * We implement the search by looking for an rbtree node that
7938 -@@ -1748,11 +1983,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
7939 +@@ -1752,11 +1987,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
7940 }
7941 }
7942
7943 @@ -118904,7 +118786,7 @@ index 2ce04a6..c085c24 100644
7944 if (gap_end >= low_limit && gap_end - gap_start >= length)
7945 goto found;
7946
7947 -@@ -1802,7 +2055,7 @@ found:
7948 +@@ -1806,7 +2059,7 @@ found:
7949 return gap_start;
7950 }
7951
7952 @@ -118913,7 +118795,7 @@ index 2ce04a6..c085c24 100644
7953 {
7954 struct mm_struct *mm = current->mm;
7955 struct vm_area_struct *vma;
7956 -@@ -1856,6 +2109,24 @@ check_current:
7957 +@@ -1860,6 +2113,24 @@ check_current:
7958 gap_end = vma->vm_start;
7959 if (gap_end < low_limit)
7960 return -ENOMEM;
7961 @@ -118938,7 +118820,7 @@ index 2ce04a6..c085c24 100644
7962 if (gap_start <= high_limit && gap_end - gap_start >= length)
7963 goto found;
7964
7965 -@@ -1919,6 +2190,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7966 +@@ -1923,6 +2194,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7967 struct mm_struct *mm = current->mm;
7968 struct vm_area_struct *vma;
7969 struct vm_unmapped_area_info info;
7970 @@ -118946,7 +118828,7 @@ index 2ce04a6..c085c24 100644
7971
7972 if (len > TASK_SIZE - mmap_min_addr)
7973 return -ENOMEM;
7974 -@@ -1926,11 +2198,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7975 +@@ -1930,11 +2202,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7976 if (flags & MAP_FIXED)
7977 return addr;
7978
7979 @@ -118963,7 +118845,7 @@ index 2ce04a6..c085c24 100644
7980 return addr;
7981 }
7982
7983 -@@ -1939,6 +2215,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7984 +@@ -1943,6 +2219,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
7985 info.low_limit = mm->mmap_base;
7986 info.high_limit = TASK_SIZE;
7987 info.align_mask = 0;
7988 @@ -118971,7 +118853,7 @@ index 2ce04a6..c085c24 100644
7989 return vm_unmapped_area(&info);
7990 }
7991 #endif
7992 -@@ -1957,6 +2234,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
7993 +@@ -1961,6 +2238,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
7994 struct mm_struct *mm = current->mm;
7995 unsigned long addr = addr0;
7996 struct vm_unmapped_area_info info;
7997 @@ -118979,7 +118861,7 @@ index 2ce04a6..c085c24 100644
7998
7999 /* requested length too big for entire address space */
8000 if (len > TASK_SIZE - mmap_min_addr)
8001 -@@ -1965,12 +2243,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8002 +@@ -1969,12 +2247,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8003 if (flags & MAP_FIXED)
8004 return addr;
8005
8006 @@ -118997,7 +118879,7 @@ index 2ce04a6..c085c24 100644
8007 return addr;
8008 }
8009
8010 -@@ -1979,6 +2261,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8011 +@@ -1983,6 +2265,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8012 info.low_limit = max(PAGE_SIZE, mmap_min_addr);
8013 info.high_limit = mm->mmap_base;
8014 info.align_mask = 0;
8015 @@ -119005,7 +118887,7 @@ index 2ce04a6..c085c24 100644
8016 addr = vm_unmapped_area(&info);
8017
8018 /*
8019 -@@ -1991,6 +2274,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8020 +@@ -1995,6 +2278,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8021 VM_BUG_ON(addr != -ENOMEM);
8022 info.flags = 0;
8023 info.low_limit = TASK_UNMAPPED_BASE;
8024 @@ -119018,7 +118900,7 @@ index 2ce04a6..c085c24 100644
8025 info.high_limit = TASK_SIZE;
8026 addr = vm_unmapped_area(&info);
8027 }
8028 -@@ -2090,6 +2379,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
8029 +@@ -2094,6 +2383,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
8030 return vma;
8031 }
8032
8033 @@ -119047,7 +118929,7 @@ index 2ce04a6..c085c24 100644
8034 /*
8035 * Verify that the stack growth is acceptable and
8036 * update accounting. This is shared with both the
8037 -@@ -2107,8 +2418,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8038 +@@ -2111,8 +2422,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8039
8040 /* Stack limit test */
8041 actual_size = size;
8042 @@ -119057,7 +118939,7 @@ index 2ce04a6..c085c24 100644
8043 if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur))
8044 return -ENOMEM;
8045
8046 -@@ -2119,6 +2429,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8047 +@@ -2123,6 +2433,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8048 locked = mm->locked_vm + grow;
8049 limit = READ_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
8050 limit >>= PAGE_SHIFT;
8051 @@ -119068,7 +118950,7 @@ index 2ce04a6..c085c24 100644
8052 if (locked > limit && !capable(CAP_IPC_LOCK))
8053 return -ENOMEM;
8054 }
8055 -@@ -2144,38 +2458,49 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8056 +@@ -2148,17 +2462,21 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
8057 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
8058 * vma is the last one with address > vma->vm_end. Have to extend vma.
8059 */
8060 @@ -119078,46 +118960,38 @@ index 2ce04a6..c085c24 100644
8061 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
8062 {
8063 struct mm_struct *mm = vma->vm_mm;
8064 - int error;
8065 + int error = 0;
8066 + bool locknext;
8067
8068 if (!(vma->vm_flags & VM_GROWSUP))
8069 return -EFAULT;
8070
8071 -+ /* Also guard against wrapping around to address 0. */
8072 + /* Guard against wrapping around to address 0. */
8073 +- if (address < PAGE_ALIGN(address+4))
8074 +- address = PAGE_ALIGN(address+4);
8075 + if (address < PAGE_ALIGN(address+1))
8076 + address = PAGE_ALIGN(address+1);
8077 -+ else
8078 -+ return -ENOMEM;
8079 -+
8080 - /*
8081 - * We must make sure the anon_vma is allocated
8082 - * so that the anon_vma locking is not a noop.
8083 - */
8084 + else
8085 + return -ENOMEM;
8086 +
8087 +@@ -2166,15 +2484,24 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
8088 if (unlikely(anon_vma_prepare(vma)))
8089 return -ENOMEM;
8090 +
8091 + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
8092 + if (locknext && anon_vma_prepare(vma->vm_next))
8093 + return -ENOMEM;
8094 - vma_lock_anon_vma(vma);
8095 -+ if (locknext)
8096 -+ vma_lock_anon_vma(vma->vm_next);
8097 -
8098 ++
8099 /*
8100 * vma->vm_start/vm_end cannot change under us because the caller
8101 * is required to hold the mmap_sem in read mode. We need the
8102 - * anon_vma lock to serialize against concurrent expand_stacks.
8103 -- * Also guard against wrapping around to address 0.
8104 + * anon_vma locks to serialize against concurrent expand_stacks
8105 + * and expand_upwards.
8106 */
8107 -- if (address < PAGE_ALIGN(address+4))
8108 -- address = PAGE_ALIGN(address+4);
8109 -- else {
8110 -- vma_unlock_anon_vma(vma);
8111 -- return -ENOMEM;
8112 -- }
8113 - error = 0;
8114 + anon_vma_lock_write(vma->anon_vma);
8115 ++ if (locknext)
8116 ++ anon_vma_lock_write(vma->vma_next->anon_vma);
8117
8118 /* Somebody else might have raced and expanded it already */
8119 - if (address > vma->vm_end) {
8120 @@ -119127,27 +119001,27 @@ index 2ce04a6..c085c24 100644
8121 unsigned long size, grow;
8122
8123 size = address - vma->vm_start;
8124 -@@ -2214,6 +2539,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
8125 +@@ -2213,6 +2540,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
8126 }
8127 }
8128 }
8129 + if (locknext)
8130 -+ vma_unlock_anon_vma(vma->vm_next);
8131 - vma_unlock_anon_vma(vma);
8132 ++ anon_vma_unlock_write(vma->vm_next->anon_vma);
8133 + anon_vma_unlock_write(vma->anon_vma);
8134 khugepaged_enter_vma_merge(vma, vma->vm_flags);
8135 validate_mm(mm);
8136 -@@ -2229,6 +2556,8 @@ int expand_downwards(struct vm_area_struct *vma,
8137 +@@ -2228,6 +2557,8 @@ int expand_downwards(struct vm_area_struct *vma,
8138 {
8139 struct mm_struct *mm = vma->vm_mm;
8140 int error;
8141 + bool lockprev = false;
8142 + struct vm_area_struct *prev;
8143
8144 - /*
8145 - * We must make sure the anon_vma is allocated
8146 -@@ -2242,6 +2571,15 @@ int expand_downwards(struct vm_area_struct *vma,
8147 - if (error)
8148 - return error;
8149 + address &= PAGE_MASK;
8150 + error = security_mmap_addr(address);
8151 +@@ -2238,6 +2569,15 @@ int expand_downwards(struct vm_area_struct *vma,
8152 + if (unlikely(anon_vma_prepare(vma)))
8153 + return -ENOMEM;
8154
8155 + prev = vma->vm_prev;
8156 +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
8157 @@ -119156,13 +119030,13 @@ index 2ce04a6..c085c24 100644
8158 + if (lockprev && anon_vma_prepare(prev))
8159 + return -ENOMEM;
8160 + if (lockprev)
8161 -+ vma_lock_anon_vma(prev);
8162 ++ anon_vma_lock_write(prev->anon_vma);
8163 +
8164 - vma_lock_anon_vma(vma);
8165 -
8166 /*
8167 -@@ -2251,9 +2589,17 @@ int expand_downwards(struct vm_area_struct *vma,
8168 - */
8169 + * vma->vm_start/vm_end cannot change under us because the caller
8170 + * is required to hold the mmap_sem in read mode. We need the
8171 +@@ -2246,9 +2586,17 @@ int expand_downwards(struct vm_area_struct *vma,
8172 + anon_vma_lock_write(vma->anon_vma);
8173
8174 /* Somebody else might have raced and expanded it already */
8175 - if (address < vma->vm_start) {
8176 @@ -119180,7 +119054,7 @@ index 2ce04a6..c085c24 100644
8177 size = vma->vm_end - address;
8178 grow = (vma->vm_start - address) >> PAGE_SHIFT;
8179
8180 -@@ -2282,13 +2628,27 @@ int expand_downwards(struct vm_area_struct *vma,
8181 +@@ -2277,13 +2625,27 @@ int expand_downwards(struct vm_area_struct *vma,
8182 vma->vm_pgoff -= grow;
8183 anon_vma_interval_tree_post_update_vma(vma);
8184 vma_gap_update(vma);
8185 @@ -119202,13 +119076,13 @@ index 2ce04a6..c085c24 100644
8186 }
8187 }
8188 }
8189 - vma_unlock_anon_vma(vma);
8190 + anon_vma_unlock_write(vma->anon_vma);
8191 + if (lockprev)
8192 -+ vma_unlock_anon_vma(prev);
8193 ++ anon_vma_unlock_write(prev->anon_vma);
8194 khugepaged_enter_vma_merge(vma, vma->vm_flags);
8195 validate_mm(mm);
8196 return error;
8197 -@@ -2388,6 +2748,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
8198 +@@ -2383,6 +2745,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
8199 do {
8200 long nrpages = vma_pages(vma);
8201
8202 @@ -119222,7 +119096,7 @@ index 2ce04a6..c085c24 100644
8203 if (vma->vm_flags & VM_ACCOUNT)
8204 nr_accounted += nrpages;
8205 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
8206 -@@ -2432,6 +2799,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
8207 +@@ -2427,6 +2796,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
8208 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
8209 vma->vm_prev = NULL;
8210 do {
8211 @@ -119239,7 +119113,7 @@ index 2ce04a6..c085c24 100644
8212 vma_rb_erase(vma, &mm->mm_rb);
8213 mm->map_count--;
8214 tail_vma = vma;
8215 -@@ -2459,14 +2836,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8216 +@@ -2454,14 +2833,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8217 struct vm_area_struct *new;
8218 int err;
8219
8220 @@ -119273,7 +119147,7 @@ index 2ce04a6..c085c24 100644
8221 /* most fields are the same, copy all, and then fixup */
8222 *new = *vma;
8223
8224 -@@ -2479,6 +2875,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8225 +@@ -2474,6 +2872,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8226 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
8227 }
8228
8229 @@ -119296,7 +119170,7 @@ index 2ce04a6..c085c24 100644
8230 err = vma_dup_policy(vma, new);
8231 if (err)
8232 goto out_free_vma;
8233 -@@ -2499,6 +2911,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8234 +@@ -2494,6 +2908,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8235 else
8236 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
8237
8238 @@ -119335,7 +119209,7 @@ index 2ce04a6..c085c24 100644
8239 /* Success. */
8240 if (!err)
8241 return 0;
8242 -@@ -2508,10 +2952,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8243 +@@ -2503,10 +2949,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8244 new->vm_ops->close(new);
8245 if (new->vm_file)
8246 fput(new->vm_file);
8247 @@ -119355,7 +119229,7 @@ index 2ce04a6..c085c24 100644
8248 kmem_cache_free(vm_area_cachep, new);
8249 return err;
8250 }
8251 -@@ -2523,6 +2975,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8252 +@@ -2518,6 +2972,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8253 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8254 unsigned long addr, int new_below)
8255 {
8256 @@ -119371,7 +119245,7 @@ index 2ce04a6..c085c24 100644
8257 if (mm->map_count >= sysctl_max_map_count)
8258 return -ENOMEM;
8259
8260 -@@ -2534,11 +2995,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8261 +@@ -2529,11 +2992,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
8262 * work. This now handles partial unmappings.
8263 * Jeremy Fitzhardinge <jeremy@××××.org>
8264 */
8265 @@ -119402,7 +119276,7 @@ index 2ce04a6..c085c24 100644
8266 if ((offset_in_page(start)) || start > TASK_SIZE || len > TASK_SIZE-start)
8267 return -EINVAL;
8268
8269 -@@ -2616,6 +3096,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
8270 +@@ -2611,6 +3093,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
8271 /* Fix up all other VM information */
8272 remove_vma_list(mm, vma);
8273
8274 @@ -119411,7 +119285,7 @@ index 2ce04a6..c085c24 100644
8275 return 0;
8276 }
8277
8278 -@@ -2624,6 +3106,13 @@ int vm_munmap(unsigned long start, size_t len)
8279 +@@ -2619,6 +3103,13 @@ int vm_munmap(unsigned long start, size_t len)
8280 int ret;
8281 struct mm_struct *mm = current->mm;
8282
8283 @@ -119425,7 +119299,7 @@ index 2ce04a6..c085c24 100644
8284 down_write(&mm->mmap_sem);
8285 ret = do_munmap(mm, start, len);
8286 up_write(&mm->mmap_sem);
8287 -@@ -2670,6 +3159,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
8288 +@@ -2665,6 +3156,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
8289 down_write(&mm->mmap_sem);
8290 vma = find_vma(mm, start);
8291
8292 @@ -119437,7 +119311,7 @@ index 2ce04a6..c085c24 100644
8293 if (!vma || !(vma->vm_flags & VM_SHARED))
8294 goto out;
8295
8296 -@@ -2706,16 +3200,6 @@ out:
8297 +@@ -2725,16 +3221,6 @@ out:
8298 return ret;
8299 }
8300
8301 @@ -119454,7 +119328,7 @@ index 2ce04a6..c085c24 100644
8302 /*
8303 * this is really a simplified "do_mmap". it only handles
8304 * anonymous maps. eventually we may be able to do some
8305 -@@ -2729,6 +3213,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8306 +@@ -2748,6 +3234,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8307 struct rb_node **rb_link, *rb_parent;
8308 pgoff_t pgoff = addr >> PAGE_SHIFT;
8309 int error;
8310 @@ -119462,7 +119336,7 @@ index 2ce04a6..c085c24 100644
8311
8312 len = PAGE_ALIGN(len);
8313 if (!len)
8314 -@@ -2736,10 +3221,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8315 +@@ -2755,10 +3242,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8316
8317 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
8318
8319 @@ -119487,7 +119361,7 @@ index 2ce04a6..c085c24 100644
8320 error = mlock_future_check(mm, mm->def_flags, len);
8321 if (error)
8322 return error;
8323 -@@ -2757,16 +3256,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8324 +@@ -2776,16 +3277,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8325 &rb_parent)) {
8326 if (do_munmap(mm, addr, len))
8327 return -ENOMEM;
8328 @@ -119507,7 +119381,7 @@ index 2ce04a6..c085c24 100644
8329 return -ENOMEM;
8330
8331 /* Can we just expand an old private anonymous mapping? */
8332 -@@ -2780,7 +3280,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8333 +@@ -2799,7 +3301,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8334 */
8335 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
8336 if (!vma) {
8337 @@ -119516,7 +119390,7 @@ index 2ce04a6..c085c24 100644
8338 return -ENOMEM;
8339 }
8340
8341 -@@ -2794,10 +3294,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8342 +@@ -2813,10 +3315,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
8343 vma_link(mm, vma, prev, rb_link, rb_parent);
8344 out:
8345 perf_event_mmap(vma);
8346 @@ -119530,7 +119404,7 @@ index 2ce04a6..c085c24 100644
8347 return addr;
8348 }
8349
8350 -@@ -2859,6 +3360,7 @@ void exit_mmap(struct mm_struct *mm)
8351 +@@ -2878,6 +3381,7 @@ void exit_mmap(struct mm_struct *mm)
8352 while (vma) {
8353 if (vma->vm_flags & VM_ACCOUNT)
8354 nr_accounted += vma_pages(vma);
8355 @@ -119538,7 +119412,7 @@ index 2ce04a6..c085c24 100644
8356 vma = remove_vma(vma);
8357 }
8358 vm_unacct_memory(nr_accounted);
8359 -@@ -2873,6 +3375,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8360 +@@ -2892,6 +3396,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8361 struct vm_area_struct *prev;
8362 struct rb_node **rb_link, *rb_parent;
8363
8364 @@ -119549,7 +119423,7 @@ index 2ce04a6..c085c24 100644
8365 if (find_vma_links(mm, vma->vm_start, vma->vm_end,
8366 &prev, &rb_link, &rb_parent))
8367 return -ENOMEM;
8368 -@@ -2880,6 +3386,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8369 +@@ -2899,6 +3407,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8370 security_vm_enough_memory_mm(mm, vma_pages(vma)))
8371 return -ENOMEM;
8372
8373 @@ -119559,7 +119433,7 @@ index 2ce04a6..c085c24 100644
8374 /*
8375 * The vm_pgoff of a purely anonymous vma should be irrelevant
8376 * until its first write fault, when page's anon_vma and index
8377 -@@ -2897,7 +3406,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8378 +@@ -2916,7 +3427,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
8379 vma->vm_pgoff = vma->vm_start >> PAGE_SHIFT;
8380 }
8381
8382 @@ -119581,7 +119455,7 @@ index 2ce04a6..c085c24 100644
8383 return 0;
8384 }
8385
8386 -@@ -2916,6 +3439,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
8387 +@@ -2935,6 +3460,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
8388 struct rb_node **rb_link, *rb_parent;
8389 bool faulted_in_anon_vma = true;
8390
8391 @@ -119590,7 +119464,7 @@ index 2ce04a6..c085c24 100644
8392 /*
8393 * If anonymous vma has not yet been faulted, update new pgoff
8394 * to match new location, to increase its chance of merging.
8395 -@@ -2982,6 +3507,39 @@ out:
8396 +@@ -3001,6 +3528,39 @@ out:
8397 return NULL;
8398 }
8399
8400 @@ -119630,7 +119504,7 @@ index 2ce04a6..c085c24 100644
8401 /*
8402 * Return true if the calling process may expand its vm space by the passed
8403 * number of pages
8404 -@@ -2993,6 +3551,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
8405 +@@ -3012,6 +3572,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
8406
8407 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
8408
8409 @@ -119642,7 +119516,7 @@ index 2ce04a6..c085c24 100644
8410 if (cur + npages > lim)
8411 return 0;
8412 return 1;
8413 -@@ -3067,6 +3630,22 @@ static struct vm_area_struct *__install_special_mapping(
8414 +@@ -3086,6 +3651,22 @@ static struct vm_area_struct *__install_special_mapping(
8415 vma->vm_start = addr;
8416 vma->vm_end = addr + len;
8417
8418 @@ -120250,7 +120124,7 @@ index 8a943b9..29d8b8d 100644
8419
8420 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
8421 diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
8422 -index e88d071..4043093 100644
8423 +index 5d453e5..4043093 100644
8424 --- a/mm/process_vm_access.c
8425 +++ b/mm/process_vm_access.c
8426 @@ -13,6 +13,7 @@
8427 @@ -120288,20 +120162,18 @@ index e88d071..4043093 100644
8428 }
8429
8430 if (nr_pages == 0)
8431 -@@ -194,7 +195,12 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
8432 +@@ -194,6 +195,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
8433 goto free_proc_pages;
8434 }
8435
8436 -- mm = mm_access(task, PTRACE_MODE_ATTACH);
8437 + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
8438 + rc = -EPERM;
8439 + goto put_task_struct;
8440 + }
8441 +
8442 -+ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
8443 + mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
8444 if (!mm || IS_ERR(mm)) {
8445 rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
8446 - /*
8447 diff --git a/mm/rmap.c b/mm/rmap.c
8448 index b577fbb..ccd4d4e 100644
8449 --- a/mm/rmap.c
8450 @@ -130218,7 +130090,7 @@ index b5e665b..3030b1d 100644
8451 }
8452
8453 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
8454 -index 9895a8c..e1f3bfb 100644
8455 +index 9895a8c..705c302 100644
8456 --- a/net/xfrm/xfrm_state.c
8457 +++ b/net/xfrm/xfrm_state.c
8458 @@ -166,12 +166,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
8459 @@ -130325,6 +130197,24 @@ index 9895a8c..e1f3bfb 100644
8460 } while (!res);
8461
8462 return res;
8463 +@@ -1883,7 +1890,7 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
8464 + int xfrm_register_km(struct xfrm_mgr *km)
8465 + {
8466 + spin_lock_bh(&xfrm_km_lock);
8467 +- list_add_tail_rcu(&km->list, &xfrm_km_list);
8468 ++ pax_list_add_tail_rcu((struct list_head *)&km->list, &xfrm_km_list);
8469 + spin_unlock_bh(&xfrm_km_lock);
8470 + return 0;
8471 + }
8472 +@@ -1892,7 +1899,7 @@ EXPORT_SYMBOL(xfrm_register_km);
8473 + int xfrm_unregister_km(struct xfrm_mgr *km)
8474 + {
8475 + spin_lock_bh(&xfrm_km_lock);
8476 +- list_del_rcu(&km->list);
8477 ++ pax_list_del_rcu((struct list_head *)&km->list);
8478 + spin_unlock_bh(&xfrm_km_lock);
8479 + synchronize_rcu();
8480 + return 0;
8481 diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
8482 index 05a6e3d..6716ec9 100644
8483 --- a/net/xfrm/xfrm_sysctl.c
8484 @@ -132425,29 +132315,10 @@ index 705c287..81257f1 100644
8485 /* freed below */
8486 name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
8487 diff --git a/security/commoncap.c b/security/commoncap.c
8488 -index 1832cf7..b805e0f 100644
8489 +index 48071ed..b805e0f 100644
8490 --- a/security/commoncap.c
8491 +++ b/security/commoncap.c
8492 -@@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
8493 - {
8494 - int ret = 0;
8495 - const struct cred *cred, *child_cred;
8496 -+ const kernel_cap_t *caller_caps;
8497 -
8498 - rcu_read_lock();
8499 - cred = current_cred();
8500 - child_cred = __task_cred(child);
8501 -+ if (mode & PTRACE_MODE_FSCREDS)
8502 -+ caller_caps = &cred->cap_effective;
8503 -+ else
8504 -+ caller_caps = &cred->cap_permitted;
8505 - if (cred->user_ns == child_cred->user_ns &&
8506 -- cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
8507 -+ cap_issubset(child_cred->cap_permitted, *caller_caps))
8508 - goto out;
8509 - if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
8510 - goto out;
8511 -@@ -433,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
8512 +@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
8513 return 0;
8514 }
8515
8516 @@ -132480,7 +132351,7 @@ index 1832cf7..b805e0f 100644
8517 /*
8518 * Attempt to get the on-exec apply capability sets for an executable file from
8519 * its xattrs and, if present, apply them to the proposed credentials being
8520 -@@ -623,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
8521 +@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
8522 const struct cred *cred = current_cred();
8523 kuid_t root_uid = make_kuid(cred->user_ns, 0);
8524
8525 @@ -133067,10 +132938,10 @@ index 9630e9f..2071ac2 100644
8526 if (err < 0)
8527 return err;
8528 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
8529 -index a8b27cd..e3c4bb3 100644
8530 +index 4ba64fd..49be507 100644
8531 --- a/sound/core/pcm_native.c
8532 +++ b/sound/core/pcm_native.c
8533 -@@ -3002,11 +3002,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
8534 +@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
8535 switch (substream->stream) {
8536 case SNDRV_PCM_STREAM_PLAYBACK:
8537 result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
8538 @@ -133189,7 +133060,7 @@ index 062c446..a4b6f4c 100644
8539 };
8540
8541 diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
8542 -index 8010766..4bd361f 100644
8543 +index c850345..71c5fd4 100644
8544 --- a/sound/core/seq/seq_memory.c
8545 +++ b/sound/core/seq/seq_memory.c
8546 @@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event,
8547 @@ -134571,10 +134442,10 @@ index 0000000..eec3fd1
8548 +}
8549 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
8550 new file mode 100644
8551 -index 0000000..e5f1fb0
8552 +index 0000000..b52a700
8553 --- /dev/null
8554 +++ b/tools/gcc/constify_plugin.c
8555 -@@ -0,0 +1,518 @@
8556 +@@ -0,0 +1,521 @@
8557 +/*
8558 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
8559 + * Copyright 2011-2016 by PaX Team <pageexec@××××××××.hu>
8560 @@ -134784,7 +134655,10 @@ index 0000000..e5f1fb0
8561 + if (TYPE_P(*node)) {
8562 + type = *node;
8563 + } else {
8564 -+ gcc_assert(TREE_CODE(*node) == TYPE_DECL);
8565 ++ if (TREE_CODE(*node) != TYPE_DECL) {
8566 ++ error("%qE attribute does not apply to %qD (%qT)", name, *node, TREE_TYPE(*node));
8567 ++ return NULL_TREE;
8568 ++ }
8569 + type = TREE_TYPE(*node);
8570 + }
8571 +
8572 @@ -135095,10 +134969,10 @@ index 0000000..e5f1fb0
8573 +}
8574 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
8575 new file mode 100644
8576 -index 0000000..28c3242
8577 +index 0000000..a910e1c
8578 --- /dev/null
8579 +++ b/tools/gcc/gcc-common.h
8580 -@@ -0,0 +1,819 @@
8581 +@@ -0,0 +1,831 @@
8582 +#ifndef GCC_COMMON_H_INCLUDED
8583 +#define GCC_COMMON_H_INCLUDED
8584 +
8585 @@ -135239,10 +135113,10 @@ index 0000000..28c3242
8586 +#include "builtins.h"
8587 +#endif
8588 +
8589 -+//#include "expr.h" where are you...
8590 ++/* #include "expr.h" where are you... */
8591 +extern rtx emit_move_insn(rtx x, rtx y);
8592 +
8593 -+// missing from basic_block.h...
8594 ++/* missing from basic_block.h... */
8595 +extern void debug_dominance_info(enum cdi_direction dir);
8596 +extern void debug_dominance_tree(enum cdi_direction dir, basic_block root);
8597 +
8598 @@ -135277,13 +135151,17 @@ index 0000000..28c3242
8599 +#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node))
8600 +#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node))
8601 +
8602 -+// should come from c-tree.h if only it were installed for gcc 4.5...
8603 ++/* should come from c-tree.h if only it were installed for gcc 4.5... */
8604 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
8605 +
8606 +#if BUILDING_GCC_VERSION == 4005
8607 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
8608 ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) \
8609 ++ for (tree vars = (FUN)->local_decls, (I) = 0; \
8610 ++ vars && ((D) = TREE_VALUE(vars)); \
8611 ++ vars = TREE_CHAIN(vars), (I)++)
8612 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
8613 -+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
8614 ++#define FOR_EACH_VEC_ELT(T, V, I, P) \
8615 ++ for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
8616 +#define TODO_rebuild_cgraph_edges 0
8617 +#define SCOPE_FILE_SCOPE_P(EXP) (!(EXP))
8618 +
8619 @@ -135357,7 +135235,8 @@ index 0000000..28c3242
8620 + sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \
8621 + seed * seed; })
8622 +
8623 -+#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0)
8624 ++#define int_const_binop(code, arg1, arg2) \
8625 ++ int_const_binop((code), (arg1), (arg2), 0)
8626 +
8627 +static inline bool gimple_clobber_p(gimple s __unused)
8628 +{
8629 @@ -135370,6 +135249,7 @@ index 0000000..28c3242
8630 +
8631 + for (i = 0; i < gimple_asm_nclobbers(stmt); i++) {
8632 + tree op = gimple_asm_clobber_op(stmt, i);
8633 ++
8634 + if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory"))
8635 + return true;
8636 + }
8637 @@ -135428,8 +135308,10 @@ index 0000000..28c3242
8638 +#endif
8639 +
8640 +#if BUILDING_GCC_VERSION <= 4007
8641 -+#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next)
8642 -+#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next)
8643 ++#define FOR_EACH_FUNCTION(node) \
8644 ++ for (node = cgraph_nodes; node; node = node->next)
8645 ++#define FOR_EACH_VARIABLE(node) \
8646 ++ for (node = varpool_nodes; node; node = node->next)
8647 +#define PROP_loops 0
8648 +#define NODE_SYMBOL(node) (node)
8649 +#define NODE_DECL(node) (node)->decl
8650 @@ -135443,6 +135325,7 @@ index 0000000..28c3242
8651 +static inline bool gimple_store_p(gimple gs)
8652 +{
8653 + tree lhs = gimple_get_lhs(gs);
8654 ++
8655 + return lhs && !is_gimple_reg(lhs);
8656 +}
8657 +#endif
8658 @@ -135713,7 +135596,7 @@ index 0000000..28c3242
8659 +#endif
8660 +
8661 +#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000
8662 -+// gimple related
8663 ++/* gimple related */
8664 +template <>
8665 +template <>
8666 +inline bool is_a_helper<const gassign *>::test(const_gimple gs)
8667 @@ -135732,7 +135615,7 @@ index 0000000..28c3242
8668 +
8669 +#define INSN_DELETED_P(insn) (insn)->deleted()
8670 +
8671 -+// symtab/cgraph related
8672 ++/* symtab/cgraph related */
8673 +#define debug_cgraph_node(node) (node)->debug()
8674 +#define cgraph_get_node(decl) cgraph_node::get(decl)
8675 +#define cgraph_get_create_node(decl) cgraph_node::get_create(decl)
8676 @@ -135830,7 +135713,7 @@ index 0000000..28c3242
8677 +#define gimple gimple_ptr
8678 +#endif
8679 +
8680 -+// gimple related
8681 ++/* gimple related */
8682 +static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL)
8683 +{
8684 + return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT);
8685 @@ -135893,9 +135776,11 @@ index 0000000..28c3242
8686 + return as_a<const greturn *>(stmt);
8687 +}
8688 +
8689 -+// IPA/LTO related
8690 -+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P))
8691 -+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P))
8692 ++/* IPA/LTO related */
8693 ++#define ipa_ref_list_referring_iterate(L, I, P) \
8694 ++ (L)->referring.iterate((I), &(P))
8695 ++#define ipa_ref_list_reference_iterate(L, I, P) \
8696 ++ (L)->reference.iterate((I), &(P))
8697 +
8698 +static inline cgraph_node_ptr ipa_ref_referring_node(struct ipa_ref *ref)
8699 +{
8700 @@ -135909,7 +135794,8 @@ index 0000000..28c3242
8701 +#endif
8702 +
8703 +#if BUILDING_GCC_VERSION < 6000
8704 -+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
8705 ++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \
8706 ++ get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
8707 +#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1))
8708 +#endif
8709 +
8710 @@ -135920,10 +135806,10 @@ index 0000000..28c3242
8711 +#endif
8712 diff --git a/tools/gcc/gcc-generate-gimple-pass.h b/tools/gcc/gcc-generate-gimple-pass.h
8713 new file mode 100644
8714 -index 0000000..1abbd0f
8715 +index 0000000..0ba6a0d
8716 --- /dev/null
8717 +++ b/tools/gcc/gcc-generate-gimple-pass.h
8718 -@@ -0,0 +1,172 @@
8719 +@@ -0,0 +1,173 @@
8720 +/*
8721 + * Generator for GIMPLE pass related boilerplate code/data
8722 + *
8723 @@ -135935,7 +135821,8 @@ index 0000000..1abbd0f
8724 + * 2. before inclusion define NO_* for unimplemented callbacks
8725 + * NO_GATE
8726 + * NO_EXECUTE
8727 -+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values
8728 ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
8729 ++ * the default 0 values
8730 + * 4. for convenience, all the above will be undefined after inclusion!
8731 + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
8732 + */
8733 @@ -135945,25 +135832,25 @@ index 0000000..1abbd0f
8734 +#else
8735 +#define __GCC_PLUGIN_STRINGIFY(n) #n
8736 +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
8737 -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
8738 -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
8739 ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
8740 ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
8741 +
8742 -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
8743 ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
8744 +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
8745 +
8746 -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
8747 ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
8748 +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
8749 +
8750 +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
8751 +
8752 -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
8753 ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
8754 +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
8755 +
8756 +#ifdef NO_GATE
8757 +#define _GATE NULL
8758 +#define _HAS_GATE false
8759 +#else
8760 -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
8761 ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
8762 +#define _GATE __GATE(PASS_NAME)
8763 +#define _HAS_GATE true
8764 +#endif
8765 @@ -135972,7 +135859,7 @@ index 0000000..1abbd0f
8766 +#define _EXECUTE NULL
8767 +#define _HAS_EXECUTE false
8768 +#else
8769 -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
8770 ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
8771 +#define _EXECUTE __EXECUTE(PASS_NAME)
8772 +#define _HAS_EXECUTE true
8773 +#endif
8774 @@ -136040,7 +135927,7 @@ index 0000000..1abbd0f
8775 +#if BUILDING_GCC_VERSION >= 5000
8776 + virtual bool gate(function *) { return _GATE(); }
8777 +#else
8778 -+ bool gate() { return _GATE(); }
8779 ++ bool gate(void) { return _GATE(); }
8780 +#endif
8781 +#endif
8782 +
8783 @@ -136048,7 +135935,7 @@ index 0000000..1abbd0f
8784 +#if BUILDING_GCC_VERSION >= 5000
8785 + virtual unsigned int execute(function *) { return _EXECUTE(); }
8786 +#else
8787 -+ unsigned int execute() { return _EXECUTE(); }
8788 ++ unsigned int execute(void) { return _EXECUTE(); }
8789 +#endif
8790 +#endif
8791 +};
8792 @@ -136065,7 +135952,7 @@ index 0000000..1abbd0f
8793 +}
8794 +#endif
8795 +
8796 -+// clean up user provided defines
8797 ++/* clean up user provided defines */
8798 +#undef PASS_NAME
8799 +#undef NO_GATE
8800 +#undef NO_EXECUTE
8801 @@ -136076,7 +135963,7 @@ index 0000000..1abbd0f
8802 +#undef TODO_FLAGS_FINISH
8803 +#undef TODO_FLAGS_START
8804 +
8805 -+// clean up generated defines
8806 ++/* clean up generated defines */
8807 +#undef _EXECUTE
8808 +#undef __EXECUTE
8809 +#undef _GATE
8810 @@ -136095,13 +135982,13 @@ index 0000000..1abbd0f
8811 +#undef _PASS_NAME_PASS_DATA
8812 +#undef __PASS_NAME_PASS_DATA
8813 +
8814 -+#endif // PASS_NAME
8815 ++#endif /* PASS_NAME */
8816 diff --git a/tools/gcc/gcc-generate-ipa-pass.h b/tools/gcc/gcc-generate-ipa-pass.h
8817 new file mode 100644
8818 -index 0000000..5eba6a0
8819 +index 0000000..283c2e1
8820 --- /dev/null
8821 +++ b/tools/gcc/gcc-generate-ipa-pass.h
8822 -@@ -0,0 +1,286 @@
8823 +@@ -0,0 +1,287 @@
8824 +/*
8825 + * Generator for IPA pass related boilerplate code/data
8826 + *
8827 @@ -136121,7 +136008,8 @@ index 0000000..5eba6a0
8828 + * NO_VARIABLE_TRANSFORM
8829 + * NO_GATE
8830 + * NO_EXECUTE
8831 -+ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override the default 0 values
8832 ++ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override
8833 ++ * the default 0 values
8834 + * 4. for convenience, all the above will be undefined after inclusion!
8835 + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
8836 + */
8837 @@ -136131,73 +136019,73 @@ index 0000000..5eba6a0
8838 +#else
8839 +#define __GCC_PLUGIN_STRINGIFY(n) #n
8840 +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
8841 -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
8842 -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
8843 ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
8844 ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
8845 +
8846 -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
8847 ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
8848 +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
8849 +
8850 -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
8851 ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
8852 +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
8853 +
8854 +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
8855 +
8856 -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
8857 ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
8858 +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
8859 +
8860 +#ifdef NO_GENERATE_SUMMARY
8861 +#define _GENERATE_SUMMARY NULL
8862 +#else
8863 -+#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_generate_summary)
8864 ++#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _generate_summary)
8865 +#define _GENERATE_SUMMARY __GENERATE_SUMMARY(PASS_NAME)
8866 +#endif
8867 +
8868 +#ifdef NO_READ_SUMMARY
8869 +#define _READ_SUMMARY NULL
8870 +#else
8871 -+#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_summary)
8872 ++#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_summary)
8873 +#define _READ_SUMMARY __READ_SUMMARY(PASS_NAME)
8874 +#endif
8875 +
8876 +#ifdef NO_WRITE_SUMMARY
8877 +#define _WRITE_SUMMARY NULL
8878 +#else
8879 -+#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_summary)
8880 ++#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_summary)
8881 +#define _WRITE_SUMMARY __WRITE_SUMMARY(PASS_NAME)
8882 +#endif
8883 +
8884 +#ifdef NO_READ_OPTIMIZATION_SUMMARY
8885 +#define _READ_OPTIMIZATION_SUMMARY NULL
8886 +#else
8887 -+#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_optimization_summary)
8888 ++#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_optimization_summary)
8889 +#define _READ_OPTIMIZATION_SUMMARY __READ_OPTIMIZATION_SUMMARY(PASS_NAME)
8890 +#endif
8891 +
8892 +#ifdef NO_WRITE_OPTIMIZATION_SUMMARY
8893 +#define _WRITE_OPTIMIZATION_SUMMARY NULL
8894 +#else
8895 -+#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_optimization_summary)
8896 ++#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_optimization_summary)
8897 +#define _WRITE_OPTIMIZATION_SUMMARY __WRITE_OPTIMIZATION_SUMMARY(PASS_NAME)
8898 +#endif
8899 +
8900 +#ifdef NO_STMT_FIXUP
8901 +#define _STMT_FIXUP NULL
8902 +#else
8903 -+#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n,_stmt_fixup)
8904 ++#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n, _stmt_fixup)
8905 +#define _STMT_FIXUP __STMT_FIXUP(PASS_NAME)
8906 +#endif
8907 +
8908 +#ifdef NO_FUNCTION_TRANSFORM
8909 +#define _FUNCTION_TRANSFORM NULL
8910 +#else
8911 -+#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_function_transform)
8912 ++#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _function_transform)
8913 +#define _FUNCTION_TRANSFORM __FUNCTION_TRANSFORM(PASS_NAME)
8914 +#endif
8915 +
8916 +#ifdef NO_VARIABLE_TRANSFORM
8917 +#define _VARIABLE_TRANSFORM NULL
8918 +#else
8919 -+#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_variable_transform)
8920 ++#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _variable_transform)
8921 +#define _VARIABLE_TRANSFORM __VARIABLE_TRANSFORM(PASS_NAME)
8922 +#endif
8923 +
8924 @@ -136205,7 +136093,7 @@ index 0000000..5eba6a0
8925 +#define _GATE NULL
8926 +#define _HAS_GATE false
8927 +#else
8928 -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
8929 ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
8930 +#define _GATE __GATE(PASS_NAME)
8931 +#define _HAS_GATE true
8932 +#endif
8933 @@ -136214,7 +136102,7 @@ index 0000000..5eba6a0
8934 +#define _EXECUTE NULL
8935 +#define _HAS_EXECUTE false
8936 +#else
8937 -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
8938 ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
8939 +#define _EXECUTE __EXECUTE(PASS_NAME)
8940 +#define _HAS_EXECUTE true
8941 +#endif
8942 @@ -136307,7 +136195,7 @@ index 0000000..5eba6a0
8943 +#if BUILDING_GCC_VERSION >= 5000
8944 + virtual bool gate(function *) { return _GATE(); }
8945 +#else
8946 -+ bool gate() { return _GATE(); }
8947 ++ bool gate(void) { return _GATE(); }
8948 +#endif
8949 +#endif
8950 +
8951 @@ -136315,7 +136203,7 @@ index 0000000..5eba6a0
8952 +#if BUILDING_GCC_VERSION >= 5000
8953 + virtual unsigned int execute(function *) { return _EXECUTE(); }
8954 +#else
8955 -+ unsigned int execute() { return _EXECUTE(); }
8956 ++ unsigned int execute(void) { return _EXECUTE(); }
8957 +#endif
8958 +#endif
8959 +};
8960 @@ -136332,7 +136220,7 @@ index 0000000..5eba6a0
8961 +}
8962 +#endif
8963 +
8964 -+// clean up user provided defines
8965 ++/* clean up user provided defines */
8966 +#undef PASS_NAME
8967 +#undef NO_GENERATE_SUMMARY
8968 +#undef NO_WRITE_SUMMARY
8969 @@ -136352,7 +136240,7 @@ index 0000000..5eba6a0
8970 +#undef TODO_FLAGS_FINISH
8971 +#undef TODO_FLAGS_START
8972 +
8973 -+// clean up generated defines
8974 ++/* clean up generated defines */
8975 +#undef _EXECUTE
8976 +#undef __EXECUTE
8977 +#undef _FUNCTION_TRANSFORM
8978 @@ -136387,13 +136275,13 @@ index 0000000..5eba6a0
8979 +#undef _WRITE_SUMMARY
8980 +#undef __WRITE_SUMMARY
8981 +
8982 -+#endif // PASS_NAME
8983 ++#endif /* PASS_NAME */
8984 diff --git a/tools/gcc/gcc-generate-rtl-pass.h b/tools/gcc/gcc-generate-rtl-pass.h
8985 new file mode 100644
8986 -index 0000000..c5cc187
8987 +index 0000000..f4cc205
8988 --- /dev/null
8989 +++ b/tools/gcc/gcc-generate-rtl-pass.h
8990 -@@ -0,0 +1,172 @@
8991 +@@ -0,0 +1,173 @@
8992 +/*
8993 + * Generator for RTL pass related boilerplate code/data
8994 + *
8995 @@ -136405,7 +136293,8 @@ index 0000000..c5cc187
8996 + * 2. before inclusion define NO_* for unimplemented callbacks
8997 + * NO_GATE
8998 + * NO_EXECUTE
8999 -+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values
9000 ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
9001 ++ * the default 0 values
9002 + * 4. for convenience, all the above will be undefined after inclusion!
9003 + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
9004 + */
9005 @@ -136415,25 +136304,25 @@ index 0000000..c5cc187
9006 +#else
9007 +#define __GCC_PLUGIN_STRINGIFY(n) #n
9008 +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
9009 -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y
9010 -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z
9011 ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
9012 ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
9013 +
9014 -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data)
9015 ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
9016 +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
9017 +
9018 -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass)
9019 ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
9020 +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
9021 +
9022 +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
9023 +
9024 -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass)
9025 ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
9026 +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
9027 +
9028 +#ifdef NO_GATE
9029 +#define _GATE NULL
9030 +#define _HAS_GATE false
9031 +#else
9032 -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate)
9033 ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
9034 +#define _GATE __GATE(PASS_NAME)
9035 +#define _HAS_GATE true
9036 +#endif
9037 @@ -136442,7 +136331,7 @@ index 0000000..c5cc187
9038 +#define _EXECUTE NULL
9039 +#define _HAS_EXECUTE false
9040 +#else
9041 -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute)
9042 ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
9043 +#define _EXECUTE __EXECUTE(PASS_NAME)
9044 +#define _HAS_EXECUTE true
9045 +#endif
9046 @@ -136510,7 +136399,7 @@ index 0000000..c5cc187
9047 +#if BUILDING_GCC_VERSION >= 5000
9048 + virtual bool gate(function *) { return _GATE(); }
9049 +#else
9050 -+ bool gate() { return _GATE(); }
9051 ++ bool gate(void) { return _GATE(); }
9052 +#endif
9053 +#endif
9054 +
9055 @@ -136518,7 +136407,7 @@ index 0000000..c5cc187
9056 +#if BUILDING_GCC_VERSION >= 5000
9057 + virtual unsigned int execute(function *) { return _EXECUTE(); }
9058 +#else
9059 -+ unsigned int execute() { return _EXECUTE(); }
9060 ++ unsigned int execute(void) { return _EXECUTE(); }
9061 +#endif
9062 +#endif
9063 +};
9064 @@ -136535,7 +136424,7 @@ index 0000000..c5cc187
9065 +}
9066 +#endif
9067 +
9068 -+// clean up user provided defines
9069 ++/* clean up user provided defines */
9070 +#undef PASS_NAME
9071 +#undef NO_GATE
9072 +#undef NO_EXECUTE
9073 @@ -136546,7 +136435,7 @@ index 0000000..c5cc187
9074 +#undef TODO_FLAGS_FINISH
9075 +#undef TODO_FLAGS_START
9076 +
9077 -+// clean up generated defines
9078 ++/* clean up generated defines */
9079 +#undef _EXECUTE
9080 +#undef __EXECUTE
9081 +#undef _GATE
9082 @@ -136565,7 +136454,186 @@ index 0000000..c5cc187
9083 +#undef _PASS_NAME_PASS_DATA
9084 +#undef __PASS_NAME_PASS_DATA
9085 +
9086 -+#endif // PASS_NAME
9087 ++#endif /* PASS_NAME */
9088 +diff --git a/tools/gcc/gcc-generate-simple_ipa-pass.h b/tools/gcc/gcc-generate-simple_ipa-pass.h
9089 +new file mode 100644
9090 +index 0000000..159d5ae
9091 +--- /dev/null
9092 ++++ b/tools/gcc/gcc-generate-simple_ipa-pass.h
9093 +@@ -0,0 +1,173 @@
9094 ++/*
9095 ++ * Generator for SIMPLE_IPA pass related boilerplate code/data
9096 ++ *
9097 ++ * Supports gcc 4.5-6
9098 ++ *
9099 ++ * Usage:
9100 ++ *
9101 ++ * 1. before inclusion define PASS_NAME
9102 ++ * 2. before inclusion define NO_* for unimplemented callbacks
9103 ++ * NO_GATE
9104 ++ * NO_EXECUTE
9105 ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
9106 ++ * the default 0 values
9107 ++ * 4. for convenience, all the above will be undefined after inclusion!
9108 ++ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
9109 ++ */
9110 ++
9111 ++#ifndef PASS_NAME
9112 ++#error at least PASS_NAME must be defined
9113 ++#else
9114 ++#define __GCC_PLUGIN_STRINGIFY(n) #n
9115 ++#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n)
9116 ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y
9117 ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z
9118 ++
9119 ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data)
9120 ++#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME)
9121 ++
9122 ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass)
9123 ++#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME)
9124 ++
9125 ++#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME)
9126 ++
9127 ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass)
9128 ++#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME)
9129 ++
9130 ++#ifdef NO_GATE
9131 ++#define _GATE NULL
9132 ++#define _HAS_GATE false
9133 ++#else
9134 ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate)
9135 ++#define _GATE __GATE(PASS_NAME)
9136 ++#define _HAS_GATE true
9137 ++#endif
9138 ++
9139 ++#ifdef NO_EXECUTE
9140 ++#define _EXECUTE NULL
9141 ++#define _HAS_EXECUTE false
9142 ++#else
9143 ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute)
9144 ++#define _EXECUTE __EXECUTE(PASS_NAME)
9145 ++#define _HAS_EXECUTE true
9146 ++#endif
9147 ++
9148 ++#ifndef PROPERTIES_REQUIRED
9149 ++#define PROPERTIES_REQUIRED 0
9150 ++#endif
9151 ++
9152 ++#ifndef PROPERTIES_PROVIDED
9153 ++#define PROPERTIES_PROVIDED 0
9154 ++#endif
9155 ++
9156 ++#ifndef PROPERTIES_DESTROYED
9157 ++#define PROPERTIES_DESTROYED 0
9158 ++#endif
9159 ++
9160 ++#ifndef TODO_FLAGS_START
9161 ++#define TODO_FLAGS_START 0
9162 ++#endif
9163 ++
9164 ++#ifndef TODO_FLAGS_FINISH
9165 ++#define TODO_FLAGS_FINISH 0
9166 ++#endif
9167 ++
9168 ++#if BUILDING_GCC_VERSION >= 4009
9169 ++namespace {
9170 ++static const pass_data _PASS_NAME_PASS_DATA = {
9171 ++#else
9172 ++static struct simple_ipa_opt_pass _PASS_NAME_PASS = {
9173 ++ .pass = {
9174 ++#endif
9175 ++ .type = SIMPLE_IPA_PASS,
9176 ++ .name = _PASS_NAME_NAME,
9177 ++#if BUILDING_GCC_VERSION >= 4008
9178 ++ .optinfo_flags = OPTGROUP_NONE,
9179 ++#endif
9180 ++#if BUILDING_GCC_VERSION >= 5000
9181 ++#elif BUILDING_GCC_VERSION == 4009
9182 ++ .has_gate = _HAS_GATE,
9183 ++ .has_execute = _HAS_EXECUTE,
9184 ++#else
9185 ++ .gate = _GATE,
9186 ++ .execute = _EXECUTE,
9187 ++ .sub = NULL,
9188 ++ .next = NULL,
9189 ++ .static_pass_number = 0,
9190 ++#endif
9191 ++ .tv_id = TV_NONE,
9192 ++ .properties_required = PROPERTIES_REQUIRED,
9193 ++ .properties_provided = PROPERTIES_PROVIDED,
9194 ++ .properties_destroyed = PROPERTIES_DESTROYED,
9195 ++ .todo_flags_start = TODO_FLAGS_START,
9196 ++ .todo_flags_finish = TODO_FLAGS_FINISH,
9197 ++#if BUILDING_GCC_VERSION < 4009
9198 ++ }
9199 ++#endif
9200 ++};
9201 ++
9202 ++#if BUILDING_GCC_VERSION >= 4009
9203 ++class _PASS_NAME_PASS : public simple_ipa_opt_pass {
9204 ++public:
9205 ++ _PASS_NAME_PASS() : simple_ipa_opt_pass(_PASS_NAME_PASS_DATA, g) {}
9206 ++
9207 ++#ifndef NO_GATE
9208 ++#if BUILDING_GCC_VERSION >= 5000
9209 ++ virtual bool gate(function *) { return _GATE(); }
9210 ++#else
9211 ++ bool gate(void) { return _GATE(); }
9212 ++#endif
9213 ++#endif
9214 ++
9215 ++#ifndef NO_EXECUTE
9216 ++#if BUILDING_GCC_VERSION >= 5000
9217 ++ virtual unsigned int execute(function *) { return _EXECUTE(); }
9218 ++#else
9219 ++ unsigned int execute(void) { return _EXECUTE(); }
9220 ++#endif
9221 ++#endif
9222 ++};
9223 ++}
9224 ++
9225 ++opt_pass *_MAKE_PASS_NAME_PASS(void)
9226 ++{
9227 ++ return new _PASS_NAME_PASS();
9228 ++}
9229 ++#else
9230 ++struct opt_pass *_MAKE_PASS_NAME_PASS(void)
9231 ++{
9232 ++ return &_PASS_NAME_PASS.pass;
9233 ++}
9234 ++#endif
9235 ++
9236 ++/* clean up user provided defines */
9237 ++#undef PASS_NAME
9238 ++#undef NO_GATE
9239 ++#undef NO_EXECUTE
9240 ++
9241 ++#undef PROPERTIES_DESTROYED
9242 ++#undef PROPERTIES_PROVIDED
9243 ++#undef PROPERTIES_REQUIRED
9244 ++#undef TODO_FLAGS_FINISH
9245 ++#undef TODO_FLAGS_START
9246 ++
9247 ++/* clean up generated defines */
9248 ++#undef _EXECUTE
9249 ++#undef __EXECUTE
9250 ++#undef _GATE
9251 ++#undef __GATE
9252 ++#undef _GCC_PLUGIN_CONCAT2
9253 ++#undef _GCC_PLUGIN_CONCAT3
9254 ++#undef _GCC_PLUGIN_STRINGIFY
9255 ++#undef __GCC_PLUGIN_STRINGIFY
9256 ++#undef _HAS_EXECUTE
9257 ++#undef _HAS_GATE
9258 ++#undef _MAKE_PASS_NAME_PASS
9259 ++#undef __MAKE_PASS_NAME_PASS
9260 ++#undef _PASS_NAME_NAME
9261 ++#undef _PASS_NAME_PASS
9262 ++#undef __PASS_NAME_PASS
9263 ++#undef _PASS_NAME_PASS_DATA
9264 ++#undef __PASS_NAME_PASS_DATA
9265 ++
9266 ++#endif /* PASS_NAME */
9267 diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh
9268 new file mode 100644
9269 index 0000000..7514850
9270 @@ -139038,10 +139106,10 @@ index 0000000..f74d85a
9271 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
9272 diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
9273 new file mode 100644
9274 -index 0000000..e141179
9275 +index 0000000..f4a8606
9276 --- /dev/null
9277 +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
9278 -@@ -0,0 +1,12434 @@
9279 +@@ -0,0 +1,12437 @@
9280 +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
9281 +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
9282 +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
9283 @@ -142510,7 +142578,8 @@ index 0000000..e141179
9284 +disable_so_rs5c372_get_datetime_fndecl_18451 rs5c372_get_datetime fndecl 0 18451 NULL
9285 +disable_so_diolan_set_clock_synch_fndecl_18461 diolan_set_clock_synch fndecl 0 18461 NULL nohasharray
9286 +disable_so_tcp_timeout_ip_vs_timeout_user_18461 tcp_timeout ip_vs_timeout_user 0 18461 &disable_so_diolan_set_clock_synch_fndecl_18461
9287 -+disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL
9288 ++disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL nohasharray
9289 ++enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 &disable_so_mac_addr_low_nes_adapter_18465
9290 +disable_so_sci_interrupt_acpi_table_fadt_18467 sci_interrupt acpi_table_fadt 0 18467 NULL
9291 +disable_so_mii_bmsr_bnx2_18468 mii_bmsr bnx2 0 18468 NULL
9292 +disable_so_qla4xxx_fw_timestamp_show_fndecl_18474 qla4xxx_fw_timestamp_show fndecl 0 18474 NULL
9293 @@ -149744,7 +149813,8 @@ index 0000000..e141179
9294 +disable_so_get_cpufreq_driver_56334 get cpufreq_driver 0-1 56334 NULL
9295 +disable_so_cg_spll_spread_spectrum_2_rv770_clock_registers_56343 cg_spll_spread_spectrum_2 rv770_clock_registers 0 56343 NULL
9296 +disable_so_dsa_slave_set_mac_address_fndecl_56363 dsa_slave_set_mac_address fndecl 0 56363 NULL nohasharray
9297 -+disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363
9298 ++disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363 nohasharray
9299 ++enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 &disable_so_log2secsize_adfs_discrecord_56363
9300 +disable_so_offset_bit_entry_56370 offset bit_entry 0 56370 NULL
9301 +disable_so_serio_interrupt_fndecl_56371 serio_interrupt fndecl 2 56371 NULL
9302 +disable_so_nla_put_s8_fndecl_56378 nla_put_s8 fndecl 0 56378 NULL
9303 @@ -151476,6 +151546,7 @@ index 0000000..e141179
9304 +enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL
9305 +enable_so_dsack_tcp_options_received_27706 dsack tcp_options_received 0 27706 NULL
9306 +enable_so_inbufBits_bunzip_data_13788 inbufBits bunzip_data 0 13788 NULL
9307 ++enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
9308 diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
9309 new file mode 100644
9310 index 0000000..be9724d
9311 @@ -153764,10 +153835,10 @@ index 0000000..fc58e16
9312 +}
9313 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
9314 new file mode 100644
9315 -index 0000000..35efc61
9316 +index 0000000..acc340b
9317 --- /dev/null
9318 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
9319 -@@ -0,0 +1,21513 @@
9320 +@@ -0,0 +1,21510 @@
9321 +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
9322 +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
9323 +enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
9324 @@ -156489,7 +156560,6 @@ index 0000000..35efc61
9325 +enable_so_wNdpOutPayloadRemainder_usb_cdc_ncm_ntb_parameters_8415 wNdpOutPayloadRemainder usb_cdc_ncm_ntb_parameters 0 8415 NULL
9326 +enable_so_ring_blocks_vxge_hw_ring_config_8417 ring_blocks vxge_hw_ring_config 0 8417 NULL nohasharray
9327 +enable_so_lbs_lowrssi_read_fndecl_8417 lbs_lowrssi_read fndecl 3 8417 &enable_so_ring_blocks_vxge_hw_ring_config_8417
9328 -+enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
9329 +enable_so_rtsx_pci_dma_transfer_fndecl_8439 rtsx_pci_dma_transfer fndecl 0 8439 NULL
9330 +enable_so_block_dm_buffer_8440 block dm_buffer 0 8440 NULL
9331 +enable_so_offset_l2tp_session_8443 offset l2tp_session 0 8443 NULL
9332 @@ -159812,7 +159882,6 @@ index 0000000..35efc61
9333 +enable_so_mp_tx_agg_buf_size_sdio_mmc_card_18449 mp_tx_agg_buf_size sdio_mmc_card 0 18449 &enable_so_data_len_hfa384x_tx_frame_18449
9334 +enable_so_copy_range_nfulnl_instance_18460 copy_range nfulnl_instance 0 18460 NULL nohasharray
9335 +enable_so_error_bar_retry_read_fndecl_18460 error_bar_retry_read fndecl 3 18460 &enable_so_copy_range_nfulnl_instance_18460
9336 -+enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 NULL
9337 +enable_so_bsize_jfs_sb_info_18477 bsize jfs_sb_info 0 18477 NULL
9338 +enable_so_xfs_free_extent_fndecl_18480 xfs_free_extent fndecl 2-3 18480 NULL
9339 +enable_so_exynos4_jpeg_get_stream_size_fndecl_18485 exynos4_jpeg_get_stream_size fndecl 0 18485 NULL nohasharray
9340 @@ -172297,7 +172366,6 @@ index 0000000..35efc61
9341 +enable_so_mapping_level_fndecl_56350 mapping_level fndecl 0-2 56350 NULL
9342 +enable_so_dccp_ackvec_add_new_fndecl_56359 dccp_ackvec_add_new fndecl 2-3 56359 NULL
9343 +enable_so_acl_permission_check_fndecl_56360 acl_permission_check fndecl 0 56360 NULL
9344 -+enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 NULL
9345 +enable_so_interrupt_out_endpointAddress_usb_serial_port_56364 interrupt_out_endpointAddress usb_serial_port 0 56364 NULL
9346 +enable_so_ide_set_pio_mode_fndecl_56371 ide_set_pio_mode fndecl 2 56371 NULL
9347 +enable_so_len_asd_ha_addrspace_56381 len asd_ha_addrspace 0 56381 NULL
9348
9349 diff --git a/4.4.2/4425_grsec_remove_EI_PAX.patch b/4.4.3/4425_grsec_remove_EI_PAX.patch
9350 similarity index 100%
9351 rename from 4.4.2/4425_grsec_remove_EI_PAX.patch
9352 rename to 4.4.3/4425_grsec_remove_EI_PAX.patch
9353
9354 diff --git a/4.4.2/4427_force_XATTR_PAX_tmpfs.patch b/4.4.3/4427_force_XATTR_PAX_tmpfs.patch
9355 similarity index 100%
9356 rename from 4.4.2/4427_force_XATTR_PAX_tmpfs.patch
9357 rename to 4.4.3/4427_force_XATTR_PAX_tmpfs.patch
9358
9359 diff --git a/4.4.2/4430_grsec-remove-localversion-grsec.patch b/4.4.3/4430_grsec-remove-localversion-grsec.patch
9360 similarity index 100%
9361 rename from 4.4.2/4430_grsec-remove-localversion-grsec.patch
9362 rename to 4.4.3/4430_grsec-remove-localversion-grsec.patch
9363
9364 diff --git a/4.4.2/4435_grsec-mute-warnings.patch b/4.4.3/4435_grsec-mute-warnings.patch
9365 similarity index 100%
9366 rename from 4.4.2/4435_grsec-mute-warnings.patch
9367 rename to 4.4.3/4435_grsec-mute-warnings.patch
9368
9369 diff --git a/4.4.2/4440_grsec-remove-protected-paths.patch b/4.4.3/4440_grsec-remove-protected-paths.patch
9370 similarity index 100%
9371 rename from 4.4.2/4440_grsec-remove-protected-paths.patch
9372 rename to 4.4.3/4440_grsec-remove-protected-paths.patch
9373
9374 diff --git a/4.4.2/4450_grsec-kconfig-default-gids.patch b/4.4.3/4450_grsec-kconfig-default-gids.patch
9375 similarity index 100%
9376 rename from 4.4.2/4450_grsec-kconfig-default-gids.patch
9377 rename to 4.4.3/4450_grsec-kconfig-default-gids.patch
9378
9379 diff --git a/4.4.2/4465_selinux-avc_audit-log-curr_ip.patch b/4.4.3/4465_selinux-avc_audit-log-curr_ip.patch
9380 similarity index 100%
9381 rename from 4.4.2/4465_selinux-avc_audit-log-curr_ip.patch
9382 rename to 4.4.3/4465_selinux-avc_audit-log-curr_ip.patch
9383
9384 diff --git a/4.4.2/4470_disable-compat_vdso.patch b/4.4.3/4470_disable-compat_vdso.patch
9385 similarity index 100%
9386 rename from 4.4.2/4470_disable-compat_vdso.patch
9387 rename to 4.4.3/4470_disable-compat_vdso.patch
9388
9389 diff --git a/4.4.2/4475_emutramp_default_on.patch b/4.4.3/4475_emutramp_default_on.patch
9390 similarity index 100%
9391 rename from 4.4.2/4475_emutramp_default_on.patch
9392 rename to 4.4.3/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups