Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.7.6/, 4.7.5/
Date: Sat, 01 Oct 2016 13:54:01
Message-Id: 1475329997.b36146336c331dd08f2ca1c2599f3afd32c10a8c.blueness@gentoo
1 commit: b36146336c331dd08f2ca1c2599f3afd32c10a8c
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Oct 1 13:53:17 2016 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Oct 1 13:53:17 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=b3614633
7
8 grsecurity-3.1-4.7.6-201609301918
9
10 {4.7.5 => 4.7.6}/0000_README | 6 +-
11 4.7.6/1005_linux-4.7.6.patch | 2572 ++++++++++++++++++++
12 .../4420_grsecurity-3.1-4.7.6-201609301918.patch | 144 +-
13 {4.7.5 => 4.7.6}/4425_grsec_remove_EI_PAX.patch | 0
14 {4.7.5 => 4.7.6}/4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {4.7.5 => 4.7.6}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 {4.7.5 => 4.7.6}/4470_disable-compat_vdso.patch | 0
21 {4.7.5 => 4.7.6}/4475_emutramp_default_on.patch | 0
22 12 files changed, 2619 insertions(+), 103 deletions(-)
23
24 diff --git a/4.7.5/0000_README b/4.7.6/0000_README
25 similarity index 92%
26 rename from 4.7.5/0000_README
27 rename to 4.7.6/0000_README
28 index 9104194..65ecad7 100644
29 --- a/4.7.5/0000_README
30 +++ b/4.7.6/0000_README
31 @@ -2,7 +2,11 @@ README
32 -----------------------------------------------------------------------------
33 Individual Patch Descriptions:
34 -----------------------------------------------------------------------------
35 -Patch: 4420_grsecurity-3.1-4.7.5-201609261522.patch
36 +Patch: 1005_linux-4.7.6.patch
37 +From: http://www.kernel.org
38 +Desc: Linux 4.7.6
39 +
40 +Patch: 4420_grsecurity-3.1-4.7.6-201609301918.patch
41 From: http://www.grsecurity.net
42 Desc: hardened-sources base patch from upstream grsecurity
43
44
45 diff --git a/4.7.6/1005_linux-4.7.6.patch b/4.7.6/1005_linux-4.7.6.patch
46 new file mode 100644
47 index 0000000..5699974
48 --- /dev/null
49 +++ b/4.7.6/1005_linux-4.7.6.patch
50 @@ -0,0 +1,2572 @@
51 +diff --git a/Makefile b/Makefile
52 +index dd755d1..48b0120 100644
53 +--- a/Makefile
54 ++++ b/Makefile
55 +@@ -1,6 +1,6 @@
56 + VERSION = 4
57 + PATCHLEVEL = 7
58 +-SUBLEVEL = 5
59 ++SUBLEVEL = 6
60 + EXTRAVERSION =
61 + NAME = Psychotic Stoned Sheep
62 +
63 +@@ -370,7 +370,7 @@ LDFLAGS_MODULE =
64 + CFLAGS_KERNEL =
65 + AFLAGS_KERNEL =
66 + LDFLAGS_vmlinux =
67 +-CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
68 ++CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im
69 + CFLAGS_KCOV = -fsanitize-coverage=trace-pc
70 +
71 +
72 +@@ -619,12 +619,13 @@ ARCH_CFLAGS :=
73 + include arch/$(SRCARCH)/Makefile
74 +
75 + KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
76 ++KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
77 +
78 + ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
79 +-KBUILD_CFLAGS += -Os $(call cc-disable-warning,maybe-uninitialized,)
80 ++KBUILD_CFLAGS += -Os
81 + else
82 + ifdef CONFIG_PROFILE_ALL_BRANCHES
83 +-KBUILD_CFLAGS += -O2 $(call cc-disable-warning,maybe-uninitialized,)
84 ++KBUILD_CFLAGS += -O2
85 + else
86 + KBUILD_CFLAGS += -O2
87 + endif
88 +diff --git a/arch/arc/Makefile b/arch/arc/Makefile
89 +index 85814e7..601ed17 100644
90 +--- a/arch/arc/Makefile
91 ++++ b/arch/arc/Makefile
92 +@@ -74,9 +74,7 @@ endif
93 + ifndef CONFIG_CC_OPTIMIZE_FOR_SIZE
94 + # Generic build system uses -O2, we want -O3
95 + # Note: No need to add to cflags-y as that happens anyways
96 +-#
97 +-# Disable the false maybe-uninitialized warings gcc spits out at -O3
98 +-ARCH_CFLAGS += -O3 $(call cc-disable-warning,maybe-uninitialized,)
99 ++ARCH_CFLAGS += -O3
100 + endif
101 +
102 + # small data is default for elf32 tool-chain. If not usable, disable it
103 +diff --git a/arch/arm/crypto/aes-ce-glue.c b/arch/arm/crypto/aes-ce-glue.c
104 +index da3c042..aef022a 100644
105 +--- a/arch/arm/crypto/aes-ce-glue.c
106 ++++ b/arch/arm/crypto/aes-ce-glue.c
107 +@@ -284,7 +284,7 @@ static int ctr_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
108 + err = blkcipher_walk_done(desc, &walk,
109 + walk.nbytes % AES_BLOCK_SIZE);
110 + }
111 +- if (nbytes) {
112 ++ if (walk.nbytes % AES_BLOCK_SIZE) {
113 + u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
114 + u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
115 + u8 __aligned(8) tail[AES_BLOCK_SIZE];
116 +diff --git a/arch/arm64/crypto/aes-glue.c b/arch/arm64/crypto/aes-glue.c
117 +index 5c88804..6b2aa0f 100644
118 +--- a/arch/arm64/crypto/aes-glue.c
119 ++++ b/arch/arm64/crypto/aes-glue.c
120 +@@ -216,7 +216,7 @@ static int ctr_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
121 + err = blkcipher_walk_done(desc, &walk,
122 + walk.nbytes % AES_BLOCK_SIZE);
123 + }
124 +- if (nbytes) {
125 ++ if (walk.nbytes % AES_BLOCK_SIZE) {
126 + u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
127 + u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
128 + u8 __aligned(8) tail[AES_BLOCK_SIZE];
129 +diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
130 +index 490db85..95e32d9 100644
131 +--- a/arch/arm64/kernel/smp.c
132 ++++ b/arch/arm64/kernel/smp.c
133 +@@ -201,12 +201,6 @@ int __cpu_up(unsigned int cpu, struct task_struct *idle)
134 + return ret;
135 + }
136 +
137 +-static void smp_store_cpu_info(unsigned int cpuid)
138 +-{
139 +- store_cpu_topology(cpuid);
140 +- numa_store_cpu_info(cpuid);
141 +-}
142 +-
143 + /*
144 + * This is the secondary CPU boot entry. We're using this CPUs
145 + * idle thread stack, but a set of temporary page tables.
146 +@@ -254,7 +248,7 @@ asmlinkage void secondary_start_kernel(void)
147 + */
148 + notify_cpu_starting(cpu);
149 +
150 +- smp_store_cpu_info(cpu);
151 ++ store_cpu_topology(cpu);
152 +
153 + /*
154 + * OK, now it's safe to let the boot CPU continue. Wait for
155 +@@ -687,10 +681,13 @@ void __init smp_prepare_cpus(unsigned int max_cpus)
156 + {
157 + int err;
158 + unsigned int cpu;
159 ++ unsigned int this_cpu;
160 +
161 + init_cpu_topology();
162 +
163 +- smp_store_cpu_info(smp_processor_id());
164 ++ this_cpu = smp_processor_id();
165 ++ store_cpu_topology(this_cpu);
166 ++ numa_store_cpu_info(this_cpu);
167 +
168 + /*
169 + * If UP is mandated by "nosmp" (which implies "maxcpus=0"), don't set
170 +@@ -717,6 +714,7 @@ void __init smp_prepare_cpus(unsigned int max_cpus)
171 + continue;
172 +
173 + set_cpu_present(cpu, true);
174 ++ numa_store_cpu_info(cpu);
175 + }
176 + }
177 +
178 +diff --git a/arch/mips/Kconfig.debug b/arch/mips/Kconfig.debug
179 +index f0e314c..7f975b2 100644
180 +--- a/arch/mips/Kconfig.debug
181 ++++ b/arch/mips/Kconfig.debug
182 +@@ -113,42 +113,6 @@ config SPINLOCK_TEST
183 + help
184 + Add several files to the debugfs to test spinlock speed.
185 +
186 +-if CPU_MIPSR6
187 +-
188 +-choice
189 +- prompt "Compact branch policy"
190 +- default MIPS_COMPACT_BRANCHES_OPTIMAL
191 +-
192 +-config MIPS_COMPACT_BRANCHES_NEVER
193 +- bool "Never (force delay slot branches)"
194 +- help
195 +- Pass the -mcompact-branches=never flag to the compiler in order to
196 +- force it to always emit branches with delay slots, and make no use
197 +- of the compact branch instructions introduced by MIPSr6. This is
198 +- useful if you suspect there may be an issue with compact branches in
199 +- either the compiler or the CPU.
200 +-
201 +-config MIPS_COMPACT_BRANCHES_OPTIMAL
202 +- bool "Optimal (use where beneficial)"
203 +- help
204 +- Pass the -mcompact-branches=optimal flag to the compiler in order for
205 +- it to make use of compact branch instructions where it deems them
206 +- beneficial, and use branches with delay slots elsewhere. This is the
207 +- default compiler behaviour, and should be used unless you have a
208 +- reason to choose otherwise.
209 +-
210 +-config MIPS_COMPACT_BRANCHES_ALWAYS
211 +- bool "Always (force compact branches)"
212 +- help
213 +- Pass the -mcompact-branches=always flag to the compiler in order to
214 +- force it to always emit compact branches, making no use of branch
215 +- instructions with delay slots. This can result in more compact code
216 +- which may be beneficial in some scenarios.
217 +-
218 +-endchoice
219 +-
220 +-endif # CPU_MIPSR6
221 +-
222 + config SCACHE_DEBUGFS
223 + bool "L2 cache debugfs entries"
224 + depends on DEBUG_FS
225 +diff --git a/arch/mips/Makefile b/arch/mips/Makefile
226 +index efd7a9d..598ab29 100644
227 +--- a/arch/mips/Makefile
228 ++++ b/arch/mips/Makefile
229 +@@ -203,10 +203,6 @@ endif
230 + toolchain-virt := $(call cc-option-yn,$(mips-cflags) -mvirt)
231 + cflags-$(toolchain-virt) += -DTOOLCHAIN_SUPPORTS_VIRT
232 +
233 +-cflags-$(CONFIG_MIPS_COMPACT_BRANCHES_NEVER) += -mcompact-branches=never
234 +-cflags-$(CONFIG_MIPS_COMPACT_BRANCHES_OPTIMAL) += -mcompact-branches=optimal
235 +-cflags-$(CONFIG_MIPS_COMPACT_BRANCHES_ALWAYS) += -mcompact-branches=always
236 +-
237 + #
238 + # Firmware support
239 + #
240 +diff --git a/arch/mips/include/asm/asmmacro.h b/arch/mips/include/asm/asmmacro.h
241 +index 56584a6..83054f7 100644
242 +--- a/arch/mips/include/asm/asmmacro.h
243 ++++ b/arch/mips/include/asm/asmmacro.h
244 +@@ -157,6 +157,7 @@
245 + ldc1 $f28, THREAD_FPR28(\thread)
246 + ldc1 $f30, THREAD_FPR30(\thread)
247 + ctc1 \tmp, fcr31
248 ++ .set pop
249 + .endm
250 +
251 + .macro fpu_restore_16odd thread
252 +diff --git a/arch/mips/include/asm/mach-paravirt/kernel-entry-init.h b/arch/mips/include/asm/mach-paravirt/kernel-entry-init.h
253 +index 2f82bfa..c9f5769 100644
254 +--- a/arch/mips/include/asm/mach-paravirt/kernel-entry-init.h
255 ++++ b/arch/mips/include/asm/mach-paravirt/kernel-entry-init.h
256 +@@ -11,11 +11,13 @@
257 + #define CP0_EBASE $15, 1
258 +
259 + .macro kernel_entry_setup
260 ++#ifdef CONFIG_SMP
261 + mfc0 t0, CP0_EBASE
262 + andi t0, t0, 0x3ff # CPUNum
263 + beqz t0, 1f
264 + # CPUs other than zero goto smp_bootstrap
265 + j smp_bootstrap
266 ++#endif /* CONFIG_SMP */
267 +
268 + 1:
269 + .endm
270 +diff --git a/arch/mips/kernel/mips-r2-to-r6-emul.c b/arch/mips/kernel/mips-r2-to-r6-emul.c
271 +index 7ff2a55..ae77575 100644
272 +--- a/arch/mips/kernel/mips-r2-to-r6-emul.c
273 ++++ b/arch/mips/kernel/mips-r2-to-r6-emul.c
274 +@@ -1164,7 +1164,9 @@ fpu_emul:
275 + regs->regs[31] = r31;
276 + regs->cp0_epc = epc;
277 + if (!used_math()) { /* First time FPU user. */
278 ++ preempt_disable();
279 + err = init_fpu();
280 ++ preempt_enable();
281 + set_used_math();
282 + }
283 + lose_fpu(1); /* Save FPU state for the emulator. */
284 +diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
285 +index 813ed78..45cff9f 100644
286 +--- a/arch/mips/kernel/process.c
287 ++++ b/arch/mips/kernel/process.c
288 +@@ -591,14 +591,14 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value)
289 + return -EOPNOTSUPP;
290 +
291 + /* Avoid inadvertently triggering emulation */
292 +- if ((value & PR_FP_MODE_FR) && cpu_has_fpu &&
293 +- !(current_cpu_data.fpu_id & MIPS_FPIR_F64))
294 ++ if ((value & PR_FP_MODE_FR) && raw_cpu_has_fpu &&
295 ++ !(raw_current_cpu_data.fpu_id & MIPS_FPIR_F64))
296 + return -EOPNOTSUPP;
297 +- if ((value & PR_FP_MODE_FRE) && cpu_has_fpu && !cpu_has_fre)
298 ++ if ((value & PR_FP_MODE_FRE) && raw_cpu_has_fpu && !cpu_has_fre)
299 + return -EOPNOTSUPP;
300 +
301 + /* FR = 0 not supported in MIPS R6 */
302 +- if (!(value & PR_FP_MODE_FR) && cpu_has_fpu && cpu_has_mips_r6)
303 ++ if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6)
304 + return -EOPNOTSUPP;
305 +
306 + /* Proceed with the mode switch */
307 +diff --git a/arch/mips/kernel/smp.c b/arch/mips/kernel/smp.c
308 +index f9d01e9..dcf4a23 100644
309 +--- a/arch/mips/kernel/smp.c
310 ++++ b/arch/mips/kernel/smp.c
311 +@@ -320,6 +320,9 @@ asmlinkage void start_secondary(void)
312 + cpumask_set_cpu(cpu, &cpu_coherent_mask);
313 + notify_cpu_starting(cpu);
314 +
315 ++ cpumask_set_cpu(cpu, &cpu_callin_map);
316 ++ synchronise_count_slave(cpu);
317 ++
318 + set_cpu_online(cpu, true);
319 +
320 + set_cpu_sibling_map(cpu);
321 +@@ -327,10 +330,6 @@ asmlinkage void start_secondary(void)
322 +
323 + calculate_cpu_foreign_map();
324 +
325 +- cpumask_set_cpu(cpu, &cpu_callin_map);
326 +-
327 +- synchronise_count_slave(cpu);
328 +-
329 + /*
330 + * irq will be enabled in ->smp_finish(), enabling it too early
331 + * is dangerous.
332 +diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c
333 +index 54e1663..0b30c02 100644
334 +--- a/arch/mips/kernel/vdso.c
335 ++++ b/arch/mips/kernel/vdso.c
336 +@@ -39,16 +39,16 @@ static struct vm_special_mapping vdso_vvar_mapping = {
337 + static void __init init_vdso_image(struct mips_vdso_image *image)
338 + {
339 + unsigned long num_pages, i;
340 ++ unsigned long data_pfn;
341 +
342 + BUG_ON(!PAGE_ALIGNED(image->data));
343 + BUG_ON(!PAGE_ALIGNED(image->size));
344 +
345 + num_pages = image->size / PAGE_SIZE;
346 +
347 +- for (i = 0; i < num_pages; i++) {
348 +- image->mapping.pages[i] =
349 +- virt_to_page(image->data + (i * PAGE_SIZE));
350 +- }
351 ++ data_pfn = __phys_to_pfn(__pa_symbol(image->data));
352 ++ for (i = 0; i < num_pages; i++)
353 ++ image->mapping.pages[i] = pfn_to_page(data_pfn + i);
354 + }
355 +
356 + static int __init init_vdso(void)
357 +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
358 +index 7a1f7bb..b2659b9 100644
359 +--- a/arch/x86/mm/pageattr.c
360 ++++ b/arch/x86/mm/pageattr.c
361 +@@ -932,11 +932,11 @@ static void populate_pte(struct cpa_data *cpa,
362 + }
363 + }
364 +
365 +-static int populate_pmd(struct cpa_data *cpa,
366 +- unsigned long start, unsigned long end,
367 +- unsigned num_pages, pud_t *pud, pgprot_t pgprot)
368 ++static long populate_pmd(struct cpa_data *cpa,
369 ++ unsigned long start, unsigned long end,
370 ++ unsigned num_pages, pud_t *pud, pgprot_t pgprot)
371 + {
372 +- unsigned int cur_pages = 0;
373 ++ long cur_pages = 0;
374 + pmd_t *pmd;
375 + pgprot_t pmd_pgprot;
376 +
377 +@@ -1006,12 +1006,12 @@ static int populate_pmd(struct cpa_data *cpa,
378 + return num_pages;
379 + }
380 +
381 +-static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
382 +- pgprot_t pgprot)
383 ++static long populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
384 ++ pgprot_t pgprot)
385 + {
386 + pud_t *pud;
387 + unsigned long end;
388 +- int cur_pages = 0;
389 ++ long cur_pages = 0;
390 + pgprot_t pud_pgprot;
391 +
392 + end = start + (cpa->numpages << PAGE_SHIFT);
393 +@@ -1067,7 +1067,7 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
394 +
395 + /* Map trailing leftover */
396 + if (start < end) {
397 +- int tmp;
398 ++ long tmp;
399 +
400 + pud = pud_offset(pgd, start);
401 + if (pud_none(*pud))
402 +@@ -1093,7 +1093,7 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr)
403 + pgprot_t pgprot = __pgprot(_KERNPG_TABLE);
404 + pud_t *pud = NULL; /* shut up gcc */
405 + pgd_t *pgd_entry;
406 +- int ret;
407 ++ long ret;
408 +
409 + pgd_entry = cpa->pgd + pgd_index(addr);
410 +
411 +@@ -1336,7 +1336,8 @@ static int cpa_process_alias(struct cpa_data *cpa)
412 +
413 + static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
414 + {
415 +- int ret, numpages = cpa->numpages;
416 ++ unsigned long numpages = cpa->numpages;
417 ++ int ret;
418 +
419 + while (numpages) {
420 + /*
421 +diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
422 +index b226b3f..964c702 100644
423 +--- a/arch/x86/platform/efi/efi_64.c
424 ++++ b/arch/x86/platform/efi/efi_64.c
425 +@@ -244,7 +244,7 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
426 + * text and allocate a new stack because we can't rely on the
427 + * stack pointer being < 4GB.
428 + */
429 +- if (!IS_ENABLED(CONFIG_EFI_MIXED))
430 ++ if (!IS_ENABLED(CONFIG_EFI_MIXED) || efi_is_native())
431 + return 0;
432 +
433 + /*
434 +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
435 +index 8cc1622..dca7bc8 100644
436 +--- a/crypto/blkcipher.c
437 ++++ b/crypto/blkcipher.c
438 +@@ -234,6 +234,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
439 + return blkcipher_walk_done(desc, walk, -EINVAL);
440 + }
441 +
442 ++ bsize = min(walk->walk_blocksize, n);
443 ++
444 + walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
445 + BLKCIPHER_WALK_DIFF);
446 + if (!scatterwalk_aligned(&walk->in, walk->alignmask) ||
447 +@@ -246,7 +248,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
448 + }
449 + }
450 +
451 +- bsize = min(walk->walk_blocksize, n);
452 + n = scatterwalk_clamp(&walk->in, n);
453 + n = scatterwalk_clamp(&walk->out, n);
454 +
455 +diff --git a/crypto/echainiv.c b/crypto/echainiv.c
456 +index b96a8456..343a74e 100644
457 +--- a/crypto/echainiv.c
458 ++++ b/crypto/echainiv.c
459 +@@ -1,8 +1,8 @@
460 + /*
461 + * echainiv: Encrypted Chain IV Generator
462 + *
463 +- * This generator generates an IV based on a sequence number by xoring it
464 +- * with a salt and then encrypting it with the same key as used to encrypt
465 ++ * This generator generates an IV based on a sequence number by multiplying
466 ++ * it with a salt and then encrypting it with the same key as used to encrypt
467 + * the plain text. This algorithm requires that the block size be equal
468 + * to the IV size. It is mainly useful for CBC.
469 + *
470 +@@ -23,81 +23,17 @@
471 + #include <linux/err.h>
472 + #include <linux/init.h>
473 + #include <linux/kernel.h>
474 +-#include <linux/mm.h>
475 + #include <linux/module.h>
476 +-#include <linux/percpu.h>
477 +-#include <linux/spinlock.h>
478 ++#include <linux/slab.h>
479 + #include <linux/string.h>
480 +
481 +-#define MAX_IV_SIZE 16
482 +-
483 +-static DEFINE_PER_CPU(u32 [MAX_IV_SIZE / sizeof(u32)], echainiv_iv);
484 +-
485 +-/* We don't care if we get preempted and read/write IVs from the next CPU. */
486 +-static void echainiv_read_iv(u8 *dst, unsigned size)
487 +-{
488 +- u32 *a = (u32 *)dst;
489 +- u32 __percpu *b = echainiv_iv;
490 +-
491 +- for (; size >= 4; size -= 4) {
492 +- *a++ = this_cpu_read(*b);
493 +- b++;
494 +- }
495 +-}
496 +-
497 +-static void echainiv_write_iv(const u8 *src, unsigned size)
498 +-{
499 +- const u32 *a = (const u32 *)src;
500 +- u32 __percpu *b = echainiv_iv;
501 +-
502 +- for (; size >= 4; size -= 4) {
503 +- this_cpu_write(*b, *a);
504 +- a++;
505 +- b++;
506 +- }
507 +-}
508 +-
509 +-static void echainiv_encrypt_complete2(struct aead_request *req, int err)
510 +-{
511 +- struct aead_request *subreq = aead_request_ctx(req);
512 +- struct crypto_aead *geniv;
513 +- unsigned int ivsize;
514 +-
515 +- if (err == -EINPROGRESS)
516 +- return;
517 +-
518 +- if (err)
519 +- goto out;
520 +-
521 +- geniv = crypto_aead_reqtfm(req);
522 +- ivsize = crypto_aead_ivsize(geniv);
523 +-
524 +- echainiv_write_iv(subreq->iv, ivsize);
525 +-
526 +- if (req->iv != subreq->iv)
527 +- memcpy(req->iv, subreq->iv, ivsize);
528 +-
529 +-out:
530 +- if (req->iv != subreq->iv)
531 +- kzfree(subreq->iv);
532 +-}
533 +-
534 +-static void echainiv_encrypt_complete(struct crypto_async_request *base,
535 +- int err)
536 +-{
537 +- struct aead_request *req = base->data;
538 +-
539 +- echainiv_encrypt_complete2(req, err);
540 +- aead_request_complete(req, err);
541 +-}
542 +-
543 + static int echainiv_encrypt(struct aead_request *req)
544 + {
545 + struct crypto_aead *geniv = crypto_aead_reqtfm(req);
546 + struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
547 + struct aead_request *subreq = aead_request_ctx(req);
548 +- crypto_completion_t compl;
549 +- void *data;
550 ++ __be64 nseqno;
551 ++ u64 seqno;
552 + u8 *info;
553 + unsigned int ivsize = crypto_aead_ivsize(geniv);
554 + int err;
555 +@@ -107,8 +43,6 @@ static int echainiv_encrypt(struct aead_request *req)
556 +
557 + aead_request_set_tfm(subreq, ctx->child);
558 +
559 +- compl = echainiv_encrypt_complete;
560 +- data = req;
561 + info = req->iv;
562 +
563 + if (req->src != req->dst) {
564 +@@ -123,29 +57,30 @@ static int echainiv_encrypt(struct aead_request *req)
565 + return err;
566 + }
567 +
568 +- if (unlikely(!IS_ALIGNED((unsigned long)info,
569 +- crypto_aead_alignmask(geniv) + 1))) {
570 +- info = kmalloc(ivsize, req->base.flags &
571 +- CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
572 +- GFP_ATOMIC);
573 +- if (!info)
574 +- return -ENOMEM;
575 +-
576 +- memcpy(info, req->iv, ivsize);
577 +- }
578 +-
579 +- aead_request_set_callback(subreq, req->base.flags, compl, data);
580 ++ aead_request_set_callback(subreq, req->base.flags,
581 ++ req->base.complete, req->base.data);
582 + aead_request_set_crypt(subreq, req->dst, req->dst,
583 + req->cryptlen, info);
584 + aead_request_set_ad(subreq, req->assoclen);
585 +
586 +- crypto_xor(info, ctx->salt, ivsize);
587 ++ memcpy(&nseqno, info + ivsize - 8, 8);
588 ++ seqno = be64_to_cpu(nseqno);
589 ++ memset(info, 0, ivsize);
590 ++
591 + scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
592 +- echainiv_read_iv(info, ivsize);
593 +
594 +- err = crypto_aead_encrypt(subreq);
595 +- echainiv_encrypt_complete2(req, err);
596 +- return err;
597 ++ do {
598 ++ u64 a;
599 ++
600 ++ memcpy(&a, ctx->salt + ivsize - 8, 8);
601 ++
602 ++ a |= 1;
603 ++ a *= seqno;
604 ++
605 ++ memcpy(info + ivsize - 8, &a, 8);
606 ++ } while ((ivsize -= 8));
607 ++
608 ++ return crypto_aead_encrypt(subreq);
609 + }
610 +
611 + static int echainiv_decrypt(struct aead_request *req)
612 +@@ -192,8 +127,7 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
613 + alg = crypto_spawn_aead_alg(spawn);
614 +
615 + err = -EINVAL;
616 +- if (inst->alg.ivsize & (sizeof(u32) - 1) ||
617 +- inst->alg.ivsize > MAX_IV_SIZE)
618 ++ if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize)
619 + goto free_inst;
620 +
621 + inst->alg.encrypt = echainiv_encrypt;
622 +@@ -202,7 +136,6 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
623 + inst->alg.init = aead_init_geniv;
624 + inst->alg.exit = aead_exit_geniv;
625 +
626 +- inst->alg.base.cra_alignmask |= __alignof__(u32) - 1;
627 + inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
628 + inst->alg.base.cra_ctxsize += inst->alg.ivsize;
629 +
630 +diff --git a/drivers/gpu/drm/qxl/qxl_draw.c b/drivers/gpu/drm/qxl/qxl_draw.c
631 +index 56e1d63..6e6c760 100644
632 +--- a/drivers/gpu/drm/qxl/qxl_draw.c
633 ++++ b/drivers/gpu/drm/qxl/qxl_draw.c
634 +@@ -136,6 +136,8 @@ static int qxl_palette_create_1bit(struct qxl_bo *palette_bo,
635 + * correctly globaly, since that would require
636 + * tracking all of our palettes. */
637 + ret = qxl_bo_kmap(palette_bo, (void **)&pal);
638 ++ if (ret)
639 ++ return ret;
640 + pal->num_ents = 2;
641 + pal->unique = unique++;
642 + if (visual == FB_VISUAL_TRUECOLOR || visual == FB_VISUAL_DIRECTCOLOR) {
643 +diff --git a/drivers/i2c/busses/i2c-eg20t.c b/drivers/i2c/busses/i2c-eg20t.c
644 +index 137125b..5ce71ce 100644
645 +--- a/drivers/i2c/busses/i2c-eg20t.c
646 ++++ b/drivers/i2c/busses/i2c-eg20t.c
647 +@@ -773,13 +773,6 @@ static int pch_i2c_probe(struct pci_dev *pdev,
648 + /* Set the number of I2C channel instance */
649 + adap_info->ch_num = id->driver_data;
650 +
651 +- ret = request_irq(pdev->irq, pch_i2c_handler, IRQF_SHARED,
652 +- KBUILD_MODNAME, adap_info);
653 +- if (ret) {
654 +- pch_pci_err(pdev, "request_irq FAILED\n");
655 +- goto err_request_irq;
656 +- }
657 +-
658 + for (i = 0; i < adap_info->ch_num; i++) {
659 + pch_adap = &adap_info->pch_data[i].pch_adapter;
660 + adap_info->pch_i2c_suspended = false;
661 +@@ -797,6 +790,17 @@ static int pch_i2c_probe(struct pci_dev *pdev,
662 +
663 + pch_adap->dev.of_node = pdev->dev.of_node;
664 + pch_adap->dev.parent = &pdev->dev;
665 ++ }
666 ++
667 ++ ret = request_irq(pdev->irq, pch_i2c_handler, IRQF_SHARED,
668 ++ KBUILD_MODNAME, adap_info);
669 ++ if (ret) {
670 ++ pch_pci_err(pdev, "request_irq FAILED\n");
671 ++ goto err_request_irq;
672 ++ }
673 ++
674 ++ for (i = 0; i < adap_info->ch_num; i++) {
675 ++ pch_adap = &adap_info->pch_data[i].pch_adapter;
676 +
677 + pch_i2c_init(&adap_info->pch_data[i]);
678 +
679 +diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c
680 +index 041050e..57256bb 100644
681 +--- a/drivers/i2c/busses/i2c-qup.c
682 ++++ b/drivers/i2c/busses/i2c-qup.c
683 +@@ -1610,7 +1610,8 @@ static int qup_i2c_pm_resume_runtime(struct device *device)
684 + #ifdef CONFIG_PM_SLEEP
685 + static int qup_i2c_suspend(struct device *device)
686 + {
687 +- qup_i2c_pm_suspend_runtime(device);
688 ++ if (!pm_runtime_suspended(device))
689 ++ return qup_i2c_pm_suspend_runtime(device);
690 + return 0;
691 + }
692 +
693 +diff --git a/drivers/i2c/muxes/i2c-mux-pca954x.c b/drivers/i2c/muxes/i2c-mux-pca954x.c
694 +index 528e755..3278ebf 100644
695 +--- a/drivers/i2c/muxes/i2c-mux-pca954x.c
696 ++++ b/drivers/i2c/muxes/i2c-mux-pca954x.c
697 +@@ -164,7 +164,7 @@ static int pca954x_select_chan(struct i2c_mux_core *muxc, u32 chan)
698 + /* Only select the channel if its different from the last channel */
699 + if (data->last_chan != regval) {
700 + ret = pca954x_reg_write(muxc->parent, client, regval);
701 +- data->last_chan = regval;
702 ++ data->last_chan = ret ? 0 : regval;
703 + }
704 +
705 + return ret;
706 +diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
707 +index a3a6721..be00c4b 100644
708 +--- a/drivers/infiniband/hw/cxgb4/cm.c
709 ++++ b/drivers/infiniband/hw/cxgb4/cm.c
710 +@@ -3011,9 +3011,9 @@ static int fw4_ack(struct c4iw_dev *dev, struct sk_buff *skb)
711 + PDBG("%s last streaming msg ack ep %p tid %u state %u "
712 + "initiator %u freeing skb\n", __func__, ep, ep->hwtid,
713 + state_read(&ep->com), ep->mpa_attr.initiator ? 1 : 0);
714 ++ mutex_lock(&ep->com.mutex);
715 + kfree_skb(ep->mpa_skb);
716 + ep->mpa_skb = NULL;
717 +- mutex_lock(&ep->com.mutex);
718 + if (test_bit(STOP_MPA_TIMER, &ep->com.flags))
719 + stop_ep_timer(ep);
720 + mutex_unlock(&ep->com.mutex);
721 +@@ -3582,6 +3582,16 @@ int c4iw_ep_disconnect(struct c4iw_ep *ep, int abrupt, gfp_t gfp)
722 + ep->com.state = ABORTING;
723 + else {
724 + ep->com.state = CLOSING;
725 ++
726 ++ /*
727 ++ * if we close before we see the fw4_ack() then we fix
728 ++ * up the timer state since we're reusing it.
729 ++ */
730 ++ if (ep->mpa_skb &&
731 ++ test_bit(STOP_MPA_TIMER, &ep->com.flags)) {
732 ++ clear_bit(STOP_MPA_TIMER, &ep->com.flags);
733 ++ stop_ep_timer(ep);
734 ++ }
735 + start_ep_timer(ep);
736 + }
737 + set_bit(CLOSE_SENT, &ep->com.flags);
738 +diff --git a/drivers/irqchip/irq-mips-gic.c b/drivers/irqchip/irq-mips-gic.c
739 +index d3ef0fc..6acf69e 100644
740 +--- a/drivers/irqchip/irq-mips-gic.c
741 ++++ b/drivers/irqchip/irq-mips-gic.c
742 +@@ -638,27 +638,6 @@ static int gic_local_irq_domain_map(struct irq_domain *d, unsigned int virq,
743 + if (!gic_local_irq_is_routable(intr))
744 + return -EPERM;
745 +
746 +- /*
747 +- * HACK: These are all really percpu interrupts, but the rest
748 +- * of the MIPS kernel code does not use the percpu IRQ API for
749 +- * the CP0 timer and performance counter interrupts.
750 +- */
751 +- switch (intr) {
752 +- case GIC_LOCAL_INT_TIMER:
753 +- case GIC_LOCAL_INT_PERFCTR:
754 +- case GIC_LOCAL_INT_FDC:
755 +- irq_set_chip_and_handler(virq,
756 +- &gic_all_vpes_local_irq_controller,
757 +- handle_percpu_irq);
758 +- break;
759 +- default:
760 +- irq_set_chip_and_handler(virq,
761 +- &gic_local_irq_controller,
762 +- handle_percpu_devid_irq);
763 +- irq_set_percpu_devid(virq);
764 +- break;
765 +- }
766 +-
767 + spin_lock_irqsave(&gic_lock, flags);
768 + for (i = 0; i < gic_vpes; i++) {
769 + u32 val = GIC_MAP_TO_PIN_MSK | gic_cpu_pin;
770 +@@ -724,16 +703,42 @@ static int gic_shared_irq_domain_map(struct irq_domain *d, unsigned int virq,
771 + return 0;
772 + }
773 +
774 +-static int gic_irq_domain_map(struct irq_domain *d, unsigned int virq,
775 +- irq_hw_number_t hw)
776 ++static int gic_setup_dev_chip(struct irq_domain *d, unsigned int virq,
777 ++ unsigned int hwirq)
778 + {
779 +- if (GIC_HWIRQ_TO_LOCAL(hw) < GIC_NUM_LOCAL_INTRS)
780 +- return gic_local_irq_domain_map(d, virq, hw);
781 ++ struct irq_chip *chip;
782 ++ int err;
783 ++
784 ++ if (hwirq >= GIC_SHARED_HWIRQ_BASE) {
785 ++ err = irq_domain_set_hwirq_and_chip(d, virq, hwirq,
786 ++ &gic_level_irq_controller,
787 ++ NULL);
788 ++ } else {
789 ++ switch (GIC_HWIRQ_TO_LOCAL(hwirq)) {
790 ++ case GIC_LOCAL_INT_TIMER:
791 ++ case GIC_LOCAL_INT_PERFCTR:
792 ++ case GIC_LOCAL_INT_FDC:
793 ++ /*
794 ++ * HACK: These are all really percpu interrupts, but
795 ++ * the rest of the MIPS kernel code does not use the
796 ++ * percpu IRQ API for them.
797 ++ */
798 ++ chip = &gic_all_vpes_local_irq_controller;
799 ++ irq_set_handler(virq, handle_percpu_irq);
800 ++ break;
801 ++
802 ++ default:
803 ++ chip = &gic_local_irq_controller;
804 ++ irq_set_handler(virq, handle_percpu_devid_irq);
805 ++ irq_set_percpu_devid(virq);
806 ++ break;
807 ++ }
808 +
809 +- irq_set_chip_and_handler(virq, &gic_level_irq_controller,
810 +- handle_level_irq);
811 ++ err = irq_domain_set_hwirq_and_chip(d, virq, hwirq,
812 ++ chip, NULL);
813 ++ }
814 +
815 +- return gic_shared_irq_domain_map(d, virq, hw, 0);
816 ++ return err;
817 + }
818 +
819 + static int gic_irq_domain_alloc(struct irq_domain *d, unsigned int virq,
820 +@@ -744,15 +749,12 @@ static int gic_irq_domain_alloc(struct irq_domain *d, unsigned int virq,
821 + int cpu, ret, i;
822 +
823 + if (spec->type == GIC_DEVICE) {
824 +- /* verify that it doesn't conflict with an IPI irq */
825 +- if (test_bit(spec->hwirq, ipi_resrv))
826 ++ /* verify that shared irqs don't conflict with an IPI irq */
827 ++ if ((spec->hwirq >= GIC_SHARED_HWIRQ_BASE) &&
828 ++ test_bit(GIC_HWIRQ_TO_SHARED(spec->hwirq), ipi_resrv))
829 + return -EBUSY;
830 +
831 +- hwirq = GIC_SHARED_TO_HWIRQ(spec->hwirq);
832 +-
833 +- return irq_domain_set_hwirq_and_chip(d, virq, hwirq,
834 +- &gic_level_irq_controller,
835 +- NULL);
836 ++ return gic_setup_dev_chip(d, virq, spec->hwirq);
837 + } else {
838 + base_hwirq = find_first_bit(ipi_resrv, gic_shared_intrs);
839 + if (base_hwirq == gic_shared_intrs) {
840 +@@ -821,7 +823,6 @@ int gic_irq_domain_match(struct irq_domain *d, struct device_node *node,
841 + }
842 +
843 + static const struct irq_domain_ops gic_irq_domain_ops = {
844 +- .map = gic_irq_domain_map,
845 + .alloc = gic_irq_domain_alloc,
846 + .free = gic_irq_domain_free,
847 + .match = gic_irq_domain_match,
848 +@@ -852,29 +853,20 @@ static int gic_dev_domain_alloc(struct irq_domain *d, unsigned int virq,
849 + struct irq_fwspec *fwspec = arg;
850 + struct gic_irq_spec spec = {
851 + .type = GIC_DEVICE,
852 +- .hwirq = fwspec->param[1],
853 + };
854 + int i, ret;
855 +- bool is_shared = fwspec->param[0] == GIC_SHARED;
856 +
857 +- if (is_shared) {
858 +- ret = irq_domain_alloc_irqs_parent(d, virq, nr_irqs, &spec);
859 +- if (ret)
860 +- return ret;
861 +- }
862 +-
863 +- for (i = 0; i < nr_irqs; i++) {
864 +- irq_hw_number_t hwirq;
865 ++ if (fwspec->param[0] == GIC_SHARED)
866 ++ spec.hwirq = GIC_SHARED_TO_HWIRQ(fwspec->param[1]);
867 ++ else
868 ++ spec.hwirq = GIC_LOCAL_TO_HWIRQ(fwspec->param[1]);
869 +
870 +- if (is_shared)
871 +- hwirq = GIC_SHARED_TO_HWIRQ(spec.hwirq + i);
872 +- else
873 +- hwirq = GIC_LOCAL_TO_HWIRQ(spec.hwirq + i);
874 ++ ret = irq_domain_alloc_irqs_parent(d, virq, nr_irqs, &spec);
875 ++ if (ret)
876 ++ return ret;
877 +
878 +- ret = irq_domain_set_hwirq_and_chip(d, virq + i,
879 +- hwirq,
880 +- &gic_level_irq_controller,
881 +- NULL);
882 ++ for (i = 0; i < nr_irqs; i++) {
883 ++ ret = gic_setup_dev_chip(d, virq + i, spec.hwirq + i);
884 + if (ret)
885 + goto error;
886 + }
887 +@@ -896,7 +888,10 @@ void gic_dev_domain_free(struct irq_domain *d, unsigned int virq,
888 + static void gic_dev_domain_activate(struct irq_domain *domain,
889 + struct irq_data *d)
890 + {
891 +- gic_shared_irq_domain_map(domain, d->irq, d->hwirq, 0);
892 ++ if (GIC_HWIRQ_TO_LOCAL(d->hwirq) < GIC_NUM_LOCAL_INTRS)
893 ++ gic_local_irq_domain_map(domain, d->irq, d->hwirq);
894 ++ else
895 ++ gic_shared_irq_domain_map(domain, d->irq, d->hwirq, 0);
896 + }
897 +
898 + static struct irq_domain_ops gic_dev_domain_ops = {
899 +diff --git a/drivers/mtd/maps/pmcmsp-flash.c b/drivers/mtd/maps/pmcmsp-flash.c
900 +index 744ca5c..f9fa3fa 100644
901 +--- a/drivers/mtd/maps/pmcmsp-flash.c
902 ++++ b/drivers/mtd/maps/pmcmsp-flash.c
903 +@@ -75,15 +75,15 @@ static int __init init_msp_flash(void)
904 +
905 + printk(KERN_NOTICE "Found %d PMC flash devices\n", fcnt);
906 +
907 +- msp_flash = kmalloc(fcnt * sizeof(struct map_info *), GFP_KERNEL);
908 ++ msp_flash = kcalloc(fcnt, sizeof(*msp_flash), GFP_KERNEL);
909 + if (!msp_flash)
910 + return -ENOMEM;
911 +
912 +- msp_parts = kmalloc(fcnt * sizeof(struct mtd_partition *), GFP_KERNEL);
913 ++ msp_parts = kcalloc(fcnt, sizeof(*msp_parts), GFP_KERNEL);
914 + if (!msp_parts)
915 + goto free_msp_flash;
916 +
917 +- msp_maps = kcalloc(fcnt, sizeof(struct mtd_info), GFP_KERNEL);
918 ++ msp_maps = kcalloc(fcnt, sizeof(*msp_maps), GFP_KERNEL);
919 + if (!msp_maps)
920 + goto free_msp_parts;
921 +
922 +diff --git a/drivers/mtd/maps/sa1100-flash.c b/drivers/mtd/maps/sa1100-flash.c
923 +index 142fc3d..784c6e1 100644
924 +--- a/drivers/mtd/maps/sa1100-flash.c
925 ++++ b/drivers/mtd/maps/sa1100-flash.c
926 +@@ -230,8 +230,10 @@ static struct sa_info *sa1100_setup_mtd(struct platform_device *pdev,
927 +
928 + info->mtd = mtd_concat_create(cdev, info->num_subdev,
929 + plat->name);
930 +- if (info->mtd == NULL)
931 ++ if (info->mtd == NULL) {
932 + ret = -ENXIO;
933 ++ goto err;
934 ++ }
935 + }
936 + info->mtd->dev.parent = &pdev->dev;
937 +
938 +diff --git a/drivers/mtd/nand/mxc_nand.c b/drivers/mtd/nand/mxc_nand.c
939 +index 5173fad..57cbe2b 100644
940 +--- a/drivers/mtd/nand/mxc_nand.c
941 ++++ b/drivers/mtd/nand/mxc_nand.c
942 +@@ -943,7 +943,7 @@ static int mxc_v2_ooblayout_free(struct mtd_info *mtd, int section,
943 + struct nand_chip *nand_chip = mtd_to_nand(mtd);
944 + int stepsize = nand_chip->ecc.bytes == 9 ? 16 : 26;
945 +
946 +- if (section > nand_chip->ecc.steps)
947 ++ if (section >= nand_chip->ecc.steps)
948 + return -ERANGE;
949 +
950 + if (!section) {
951 +diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
952 +index c52e455..a6adb27 100644
953 +--- a/drivers/mtd/spi-nor/spi-nor.c
954 ++++ b/drivers/mtd/spi-nor/spi-nor.c
955 +@@ -661,7 +661,7 @@ static int stm_unlock(struct spi_nor *nor, loff_t ofs, uint64_t len)
956 + status_new = (status_old & ~mask & ~SR_TB) | val;
957 +
958 + /* Don't protect status register if we're fully unlocked */
959 +- if (lock_len == mtd->size)
960 ++ if (lock_len == 0)
961 + status_new &= ~SR_SRWD;
962 +
963 + if (!use_top)
964 +diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c
965 +index 41c0fc9..16f7cad 100644
966 +--- a/drivers/net/can/flexcan.c
967 ++++ b/drivers/net/can/flexcan.c
968 +@@ -1268,11 +1268,10 @@ static int __maybe_unused flexcan_suspend(struct device *device)
969 + struct flexcan_priv *priv = netdev_priv(dev);
970 + int err;
971 +
972 +- err = flexcan_chip_disable(priv);
973 +- if (err)
974 +- return err;
975 +-
976 + if (netif_running(dev)) {
977 ++ err = flexcan_chip_disable(priv);
978 ++ if (err)
979 ++ return err;
980 + netif_stop_queue(dev);
981 + netif_device_detach(dev);
982 + }
983 +@@ -1285,13 +1284,17 @@ static int __maybe_unused flexcan_resume(struct device *device)
984 + {
985 + struct net_device *dev = dev_get_drvdata(device);
986 + struct flexcan_priv *priv = netdev_priv(dev);
987 ++ int err;
988 +
989 + priv->can.state = CAN_STATE_ERROR_ACTIVE;
990 + if (netif_running(dev)) {
991 + netif_device_attach(dev);
992 + netif_start_queue(dev);
993 ++ err = flexcan_chip_enable(priv);
994 ++ if (err)
995 ++ return err;
996 + }
997 +- return flexcan_chip_enable(priv);
998 ++ return 0;
999 + }
1000 +
1001 + static SIMPLE_DEV_PM_OPS(flexcan_pm_ops, flexcan_suspend, flexcan_resume);
1002 +diff --git a/drivers/net/can/ifi_canfd/ifi_canfd.c b/drivers/net/can/ifi_canfd/ifi_canfd.c
1003 +index 2d1d22e..368bb07 100644
1004 +--- a/drivers/net/can/ifi_canfd/ifi_canfd.c
1005 ++++ b/drivers/net/can/ifi_canfd/ifi_canfd.c
1006 +@@ -81,6 +81,10 @@
1007 + #define IFI_CANFD_TIME_SET_TIMEA_4_12_6_6 BIT(15)
1008 +
1009 + #define IFI_CANFD_TDELAY 0x1c
1010 ++#define IFI_CANFD_TDELAY_DEFAULT 0xb
1011 ++#define IFI_CANFD_TDELAY_MASK 0x3fff
1012 ++#define IFI_CANFD_TDELAY_ABS BIT(14)
1013 ++#define IFI_CANFD_TDELAY_EN BIT(15)
1014 +
1015 + #define IFI_CANFD_ERROR 0x20
1016 + #define IFI_CANFD_ERROR_TX_OFFSET 0
1017 +@@ -641,7 +645,7 @@ static void ifi_canfd_set_bittiming(struct net_device *ndev)
1018 + struct ifi_canfd_priv *priv = netdev_priv(ndev);
1019 + const struct can_bittiming *bt = &priv->can.bittiming;
1020 + const struct can_bittiming *dbt = &priv->can.data_bittiming;
1021 +- u16 brp, sjw, tseg1, tseg2;
1022 ++ u16 brp, sjw, tseg1, tseg2, tdc;
1023 +
1024 + /* Configure bit timing */
1025 + brp = bt->brp - 2;
1026 +@@ -664,6 +668,11 @@ static void ifi_canfd_set_bittiming(struct net_device *ndev)
1027 + (brp << IFI_CANFD_TIME_PRESCALE_OFF) |
1028 + (sjw << IFI_CANFD_TIME_SJW_OFF_7_9_8_8),
1029 + priv->base + IFI_CANFD_FTIME);
1030 ++
1031 ++ /* Configure transmitter delay */
1032 ++ tdc = (dbt->brp * (dbt->phase_seg1 + 1)) & IFI_CANFD_TDELAY_MASK;
1033 ++ writel(IFI_CANFD_TDELAY_EN | IFI_CANFD_TDELAY_ABS | tdc,
1034 ++ priv->base + IFI_CANFD_TDELAY);
1035 + }
1036 +
1037 + static void ifi_canfd_set_filter(struct net_device *ndev, const u32 id,
1038 +diff --git a/drivers/net/ethernet/intel/igb/igb_ptp.c b/drivers/net/ethernet/intel/igb/igb_ptp.c
1039 +index f097c5a..3c7bcdf 100644
1040 +--- a/drivers/net/ethernet/intel/igb/igb_ptp.c
1041 ++++ b/drivers/net/ethernet/intel/igb/igb_ptp.c
1042 +@@ -743,7 +743,8 @@ static void igb_ptp_tx_hwtstamp(struct igb_adapter *adapter)
1043 + }
1044 + }
1045 +
1046 +- shhwtstamps.hwtstamp = ktime_sub_ns(shhwtstamps.hwtstamp, adjust);
1047 ++ shhwtstamps.hwtstamp =
1048 ++ ktime_add_ns(shhwtstamps.hwtstamp, adjust);
1049 +
1050 + skb_tstamp_tx(adapter->ptp_tx_skb, &shhwtstamps);
1051 + dev_kfree_skb_any(adapter->ptp_tx_skb);
1052 +@@ -766,13 +767,32 @@ void igb_ptp_rx_pktstamp(struct igb_q_vector *q_vector,
1053 + struct sk_buff *skb)
1054 + {
1055 + __le64 *regval = (__le64 *)va;
1056 ++ struct igb_adapter *adapter = q_vector->adapter;
1057 ++ int adjust = 0;
1058 +
1059 + /* The timestamp is recorded in little endian format.
1060 + * DWORD: 0 1 2 3
1061 + * Field: Reserved Reserved SYSTIML SYSTIMH
1062 + */
1063 +- igb_ptp_systim_to_hwtstamp(q_vector->adapter, skb_hwtstamps(skb),
1064 ++ igb_ptp_systim_to_hwtstamp(adapter, skb_hwtstamps(skb),
1065 + le64_to_cpu(regval[1]));
1066 ++
1067 ++ /* adjust timestamp for the RX latency based on link speed */
1068 ++ if (adapter->hw.mac.type == e1000_i210) {
1069 ++ switch (adapter->link_speed) {
1070 ++ case SPEED_10:
1071 ++ adjust = IGB_I210_RX_LATENCY_10;
1072 ++ break;
1073 ++ case SPEED_100:
1074 ++ adjust = IGB_I210_RX_LATENCY_100;
1075 ++ break;
1076 ++ case SPEED_1000:
1077 ++ adjust = IGB_I210_RX_LATENCY_1000;
1078 ++ break;
1079 ++ }
1080 ++ }
1081 ++ skb_hwtstamps(skb)->hwtstamp =
1082 ++ ktime_sub_ns(skb_hwtstamps(skb)->hwtstamp, adjust);
1083 + }
1084 +
1085 + /**
1086 +@@ -824,7 +844,7 @@ void igb_ptp_rx_rgtstamp(struct igb_q_vector *q_vector,
1087 + }
1088 + }
1089 + skb_hwtstamps(skb)->hwtstamp =
1090 +- ktime_add_ns(skb_hwtstamps(skb)->hwtstamp, adjust);
1091 ++ ktime_sub_ns(skb_hwtstamps(skb)->hwtstamp, adjust);
1092 +
1093 + /* Update the last_rx_timestamp timer in order to enable watchdog check
1094 + * for error case of latched timestamp on a dropped packet.
1095 +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
1096 +index 8bebd86..58153e8 100644
1097 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
1098 ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
1099 +@@ -4100,6 +4100,8 @@ static void ixgbe_vlan_promisc_enable(struct ixgbe_adapter *adapter)
1100 + struct ixgbe_hw *hw = &adapter->hw;
1101 + u32 vlnctrl, i;
1102 +
1103 ++ vlnctrl = IXGBE_READ_REG(hw, IXGBE_VLNCTRL);
1104 ++
1105 + switch (hw->mac.type) {
1106 + case ixgbe_mac_82599EB:
1107 + case ixgbe_mac_X540:
1108 +@@ -4112,8 +4114,7 @@ static void ixgbe_vlan_promisc_enable(struct ixgbe_adapter *adapter)
1109 + /* fall through */
1110 + case ixgbe_mac_82598EB:
1111 + /* legacy case, we can just disable VLAN filtering */
1112 +- vlnctrl = IXGBE_READ_REG(hw, IXGBE_VLNCTRL);
1113 +- vlnctrl &= ~(IXGBE_VLNCTRL_VFE | IXGBE_VLNCTRL_CFIEN);
1114 ++ vlnctrl &= ~IXGBE_VLNCTRL_VFE;
1115 + IXGBE_WRITE_REG(hw, IXGBE_VLNCTRL, vlnctrl);
1116 + return;
1117 + }
1118 +@@ -4125,6 +4126,10 @@ static void ixgbe_vlan_promisc_enable(struct ixgbe_adapter *adapter)
1119 + /* Set flag so we don't redo unnecessary work */
1120 + adapter->flags2 |= IXGBE_FLAG2_VLAN_PROMISC;
1121 +
1122 ++ /* For VMDq and SR-IOV we must leave VLAN filtering enabled */
1123 ++ vlnctrl |= IXGBE_VLNCTRL_VFE;
1124 ++ IXGBE_WRITE_REG(hw, IXGBE_VLNCTRL, vlnctrl);
1125 ++
1126 + /* Add PF to all active pools */
1127 + for (i = IXGBE_VLVF_ENTRIES; --i;) {
1128 + u32 reg_offset = IXGBE_VLVFB(i * 2 + VMDQ_P(0) / 32);
1129 +@@ -4191,6 +4196,11 @@ static void ixgbe_vlan_promisc_disable(struct ixgbe_adapter *adapter)
1130 + struct ixgbe_hw *hw = &adapter->hw;
1131 + u32 vlnctrl, i;
1132 +
1133 ++ /* Set VLAN filtering to enabled */
1134 ++ vlnctrl = IXGBE_READ_REG(hw, IXGBE_VLNCTRL);
1135 ++ vlnctrl |= IXGBE_VLNCTRL_VFE;
1136 ++ IXGBE_WRITE_REG(hw, IXGBE_VLNCTRL, vlnctrl);
1137 ++
1138 + switch (hw->mac.type) {
1139 + case ixgbe_mac_82599EB:
1140 + case ixgbe_mac_X540:
1141 +@@ -4202,10 +4212,6 @@ static void ixgbe_vlan_promisc_disable(struct ixgbe_adapter *adapter)
1142 + break;
1143 + /* fall through */
1144 + case ixgbe_mac_82598EB:
1145 +- vlnctrl = IXGBE_READ_REG(hw, IXGBE_VLNCTRL);
1146 +- vlnctrl &= ~IXGBE_VLNCTRL_CFIEN;
1147 +- vlnctrl |= IXGBE_VLNCTRL_VFE;
1148 +- IXGBE_WRITE_REG(hw, IXGBE_VLNCTRL, vlnctrl);
1149 + return;
1150 + }
1151 +
1152 +@@ -9496,6 +9502,7 @@ skip_sriov:
1153 +
1154 + /* copy netdev features into list of user selectable features */
1155 + netdev->hw_features |= netdev->features |
1156 ++ NETIF_F_HW_VLAN_CTAG_FILTER |
1157 + NETIF_F_HW_VLAN_CTAG_RX |
1158 + NETIF_F_HW_VLAN_CTAG_TX |
1159 + NETIF_F_RXALL |
1160 +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
1161 +index 779bafc..b92b75f 100644
1162 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
1163 ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
1164 +@@ -501,6 +501,15 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
1165 + int hdrlen = ieee80211_hdrlen(hdr->frame_control);
1166 + int queue;
1167 +
1168 ++ /* IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets that can be used
1169 ++ * in 2 different types of vifs, P2P & STATION. P2P uses the offchannel
1170 ++ * queue. STATION (HS2.0) uses the auxiliary context of the FW,
1171 ++ * and hence needs to be sent on the aux queue
1172 ++ */
1173 ++ if (IEEE80211_SKB_CB(skb)->hw_queue == IWL_MVM_OFFCHANNEL_QUEUE &&
1174 ++ skb_info->control.vif->type == NL80211_IFTYPE_STATION)
1175 ++ IEEE80211_SKB_CB(skb)->hw_queue = mvm->aux_queue;
1176 ++
1177 + memcpy(&info, skb->cb, sizeof(info));
1178 +
1179 + if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU))
1180 +@@ -514,16 +523,6 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
1181 + /* This holds the amsdu headers length */
1182 + skb_info->driver_data[0] = (void *)(uintptr_t)0;
1183 +
1184 +- /*
1185 +- * IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets that can be used
1186 +- * in 2 different types of vifs, P2P & STATION. P2P uses the offchannel
1187 +- * queue. STATION (HS2.0) uses the auxiliary context of the FW,
1188 +- * and hence needs to be sent on the aux queue
1189 +- */
1190 +- if (IEEE80211_SKB_CB(skb)->hw_queue == IWL_MVM_OFFCHANNEL_QUEUE &&
1191 +- info.control.vif->type == NL80211_IFTYPE_STATION)
1192 +- IEEE80211_SKB_CB(skb)->hw_queue = mvm->aux_queue;
1193 +-
1194 + queue = info.hw_queue;
1195 +
1196 + /*
1197 +diff --git a/drivers/power/max17042_battery.c b/drivers/power/max17042_battery.c
1198 +index 9c65f13..da7a75f 100644
1199 +--- a/drivers/power/max17042_battery.c
1200 ++++ b/drivers/power/max17042_battery.c
1201 +@@ -457,13 +457,16 @@ static inline void max17042_write_model_data(struct max17042_chip *chip,
1202 + }
1203 +
1204 + static inline void max17042_read_model_data(struct max17042_chip *chip,
1205 +- u8 addr, u32 *data, int size)
1206 ++ u8 addr, u16 *data, int size)
1207 + {
1208 + struct regmap *map = chip->regmap;
1209 + int i;
1210 ++ u32 tmp;
1211 +
1212 +- for (i = 0; i < size; i++)
1213 +- regmap_read(map, addr + i, &data[i]);
1214 ++ for (i = 0; i < size; i++) {
1215 ++ regmap_read(map, addr + i, &tmp);
1216 ++ data[i] = (u16)tmp;
1217 ++ }
1218 + }
1219 +
1220 + static inline int max17042_model_data_compare(struct max17042_chip *chip,
1221 +@@ -486,7 +489,7 @@ static int max17042_init_model(struct max17042_chip *chip)
1222 + {
1223 + int ret;
1224 + int table_size = ARRAY_SIZE(chip->pdata->config_data->cell_char_tbl);
1225 +- u32 *temp_data;
1226 ++ u16 *temp_data;
1227 +
1228 + temp_data = kcalloc(table_size, sizeof(*temp_data), GFP_KERNEL);
1229 + if (!temp_data)
1230 +@@ -501,7 +504,7 @@ static int max17042_init_model(struct max17042_chip *chip)
1231 + ret = max17042_model_data_compare(
1232 + chip,
1233 + chip->pdata->config_data->cell_char_tbl,
1234 +- (u16 *)temp_data,
1235 ++ temp_data,
1236 + table_size);
1237 +
1238 + max10742_lock_model(chip);
1239 +@@ -514,7 +517,7 @@ static int max17042_verify_model_lock(struct max17042_chip *chip)
1240 + {
1241 + int i;
1242 + int table_size = ARRAY_SIZE(chip->pdata->config_data->cell_char_tbl);
1243 +- u32 *temp_data;
1244 ++ u16 *temp_data;
1245 + int ret = 0;
1246 +
1247 + temp_data = kcalloc(table_size, sizeof(*temp_data), GFP_KERNEL);
1248 +diff --git a/drivers/power/reset/hisi-reboot.c b/drivers/power/reset/hisi-reboot.c
1249 +index 9ab7f56..f69387e 100644
1250 +--- a/drivers/power/reset/hisi-reboot.c
1251 ++++ b/drivers/power/reset/hisi-reboot.c
1252 +@@ -53,13 +53,16 @@ static int hisi_reboot_probe(struct platform_device *pdev)
1253 +
1254 + if (of_property_read_u32(np, "reboot-offset", &reboot_offset) < 0) {
1255 + pr_err("failed to find reboot-offset property\n");
1256 ++ iounmap(base);
1257 + return -EINVAL;
1258 + }
1259 +
1260 + err = register_restart_handler(&hisi_restart_nb);
1261 +- if (err)
1262 ++ if (err) {
1263 + dev_err(&pdev->dev, "cannot register restart handler (err=%d)\n",
1264 + err);
1265 ++ iounmap(base);
1266 ++ }
1267 +
1268 + return err;
1269 + }
1270 +diff --git a/drivers/power/tps65217_charger.c b/drivers/power/tps65217_charger.c
1271 +index 73dfae4..4c56e54 100644
1272 +--- a/drivers/power/tps65217_charger.c
1273 ++++ b/drivers/power/tps65217_charger.c
1274 +@@ -206,6 +206,7 @@ static int tps65217_charger_probe(struct platform_device *pdev)
1275 + if (!charger)
1276 + return -ENOMEM;
1277 +
1278 ++ platform_set_drvdata(pdev, charger);
1279 + charger->tps = tps;
1280 + charger->dev = &pdev->dev;
1281 +
1282 +diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
1283 +index 821d9c0..f25f7dc 100644
1284 +--- a/drivers/rtc/rtc-ds1307.c
1285 ++++ b/drivers/rtc/rtc-ds1307.c
1286 +@@ -602,6 +602,8 @@ static const struct rtc_class_ops ds13xx_rtc_ops = {
1287 + * Alarm support for mcp794xx devices.
1288 + */
1289 +
1290 ++#define MCP794XX_REG_WEEKDAY 0x3
1291 ++#define MCP794XX_REG_WEEKDAY_WDAY_MASK 0x7
1292 + #define MCP794XX_REG_CONTROL 0x07
1293 + # define MCP794XX_BIT_ALM0_EN 0x10
1294 + # define MCP794XX_BIT_ALM1_EN 0x20
1295 +@@ -1231,13 +1233,16 @@ static int ds1307_probe(struct i2c_client *client,
1296 + {
1297 + struct ds1307 *ds1307;
1298 + int err = -ENODEV;
1299 +- int tmp;
1300 ++ int tmp, wday;
1301 + struct chip_desc *chip = &chips[id->driver_data];
1302 + struct i2c_adapter *adapter = to_i2c_adapter(client->dev.parent);
1303 + bool want_irq = false;
1304 + bool ds1307_can_wakeup_device = false;
1305 + unsigned char *buf;
1306 + struct ds1307_platform_data *pdata = dev_get_platdata(&client->dev);
1307 ++ struct rtc_time tm;
1308 ++ unsigned long timestamp;
1309 ++
1310 + irq_handler_t irq_handler = ds1307_irq;
1311 +
1312 + static const int bbsqi_bitpos[] = {
1313 +@@ -1526,6 +1531,27 @@ read_rtc:
1314 + bin2bcd(tmp));
1315 + }
1316 +
1317 ++ /*
1318 ++ * Some IPs have weekday reset value = 0x1 which might not correct
1319 ++ * hence compute the wday using the current date/month/year values
1320 ++ */
1321 ++ ds1307_get_time(&client->dev, &tm);
1322 ++ wday = tm.tm_wday;
1323 ++ timestamp = rtc_tm_to_time64(&tm);
1324 ++ rtc_time64_to_tm(timestamp, &tm);
1325 ++
1326 ++ /*
1327 ++ * Check if reset wday is different from the computed wday
1328 ++ * If different then set the wday which we computed using
1329 ++ * timestamp
1330 ++ */
1331 ++ if (wday != tm.tm_wday) {
1332 ++ wday = i2c_smbus_read_byte_data(client, MCP794XX_REG_WEEKDAY);
1333 ++ wday = wday & ~MCP794XX_REG_WEEKDAY_WDAY_MASK;
1334 ++ wday = wday | (tm.tm_wday + 1);
1335 ++ i2c_smbus_write_byte_data(client, MCP794XX_REG_WEEKDAY, wday);
1336 ++ }
1337 ++
1338 + if (want_irq) {
1339 + device_set_wakeup_capable(&client->dev, true);
1340 + set_bit(HAS_ALARM, &ds1307->flags);
1341 +diff --git a/drivers/soc/tegra/pmc.c b/drivers/soc/tegra/pmc.c
1342 +index bb17345..5031c89 100644
1343 +--- a/drivers/soc/tegra/pmc.c
1344 ++++ b/drivers/soc/tegra/pmc.c
1345 +@@ -1205,6 +1205,14 @@ static int tegra_pmc_probe(struct platform_device *pdev)
1346 + struct resource *res;
1347 + int err;
1348 +
1349 ++ /*
1350 ++ * Early initialisation should have configured an initial
1351 ++ * register mapping and setup the soc data pointer. If these
1352 ++ * are not valid then something went badly wrong!
1353 ++ */
1354 ++ if (WARN_ON(!pmc->base || !pmc->soc))
1355 ++ return -ENODEV;
1356 ++
1357 + err = tegra_pmc_parse_dt(pmc, pdev->dev.of_node);
1358 + if (err < 0)
1359 + return err;
1360 +diff --git a/fs/autofs4/expire.c b/fs/autofs4/expire.c
1361 +index b493909..d8e6d42 100644
1362 +--- a/fs/autofs4/expire.c
1363 ++++ b/fs/autofs4/expire.c
1364 +@@ -417,6 +417,7 @@ static struct dentry *should_expire(struct dentry *dentry,
1365 + }
1366 + return NULL;
1367 + }
1368 ++
1369 + /*
1370 + * Find an eligible tree to time-out
1371 + * A tree is eligible if :-
1372 +@@ -432,6 +433,7 @@ struct dentry *autofs4_expire_indirect(struct super_block *sb,
1373 + struct dentry *root = sb->s_root;
1374 + struct dentry *dentry;
1375 + struct dentry *expired;
1376 ++ struct dentry *found;
1377 + struct autofs_info *ino;
1378 +
1379 + if (!root)
1380 +@@ -442,31 +444,46 @@ struct dentry *autofs4_expire_indirect(struct super_block *sb,
1381 +
1382 + dentry = NULL;
1383 + while ((dentry = get_next_positive_subdir(dentry, root))) {
1384 ++ int flags = how;
1385 ++
1386 + spin_lock(&sbi->fs_lock);
1387 + ino = autofs4_dentry_ino(dentry);
1388 +- if (ino->flags & AUTOFS_INF_WANT_EXPIRE)
1389 +- expired = NULL;
1390 +- else
1391 +- expired = should_expire(dentry, mnt, timeout, how);
1392 +- if (!expired) {
1393 ++ if (ino->flags & AUTOFS_INF_WANT_EXPIRE) {
1394 + spin_unlock(&sbi->fs_lock);
1395 + continue;
1396 + }
1397 ++ spin_unlock(&sbi->fs_lock);
1398 ++
1399 ++ expired = should_expire(dentry, mnt, timeout, flags);
1400 ++ if (!expired)
1401 ++ continue;
1402 ++
1403 ++ spin_lock(&sbi->fs_lock);
1404 + ino = autofs4_dentry_ino(expired);
1405 + ino->flags |= AUTOFS_INF_WANT_EXPIRE;
1406 + spin_unlock(&sbi->fs_lock);
1407 + synchronize_rcu();
1408 +- spin_lock(&sbi->fs_lock);
1409 +- if (should_expire(expired, mnt, timeout, how)) {
1410 +- if (expired != dentry)
1411 +- dput(dentry);
1412 +- goto found;
1413 +- }
1414 +
1415 ++ /* Make sure a reference is not taken on found if
1416 ++ * things have changed.
1417 ++ */
1418 ++ flags &= ~AUTOFS_EXP_LEAVES;
1419 ++ found = should_expire(expired, mnt, timeout, how);
1420 ++ if (!found || found != expired)
1421 ++ /* Something has changed, continue */
1422 ++ goto next;
1423 ++
1424 ++ if (expired != dentry)
1425 ++ dput(dentry);
1426 ++
1427 ++ spin_lock(&sbi->fs_lock);
1428 ++ goto found;
1429 ++next:
1430 ++ spin_lock(&sbi->fs_lock);
1431 + ino->flags &= ~AUTOFS_INF_WANT_EXPIRE;
1432 ++ spin_unlock(&sbi->fs_lock);
1433 + if (expired != dentry)
1434 + dput(expired);
1435 +- spin_unlock(&sbi->fs_lock);
1436 + }
1437 + return NULL;
1438 +
1439 +@@ -483,6 +500,7 @@ int autofs4_expire_wait(struct dentry *dentry, int rcu_walk)
1440 + struct autofs_sb_info *sbi = autofs4_sbi(dentry->d_sb);
1441 + struct autofs_info *ino = autofs4_dentry_ino(dentry);
1442 + int status;
1443 ++ int state;
1444 +
1445 + /* Block on any pending expire */
1446 + if (!(ino->flags & AUTOFS_INF_WANT_EXPIRE))
1447 +@@ -490,8 +508,19 @@ int autofs4_expire_wait(struct dentry *dentry, int rcu_walk)
1448 + if (rcu_walk)
1449 + return -ECHILD;
1450 +
1451 ++retry:
1452 + spin_lock(&sbi->fs_lock);
1453 +- if (ino->flags & AUTOFS_INF_EXPIRING) {
1454 ++ state = ino->flags & (AUTOFS_INF_WANT_EXPIRE | AUTOFS_INF_EXPIRING);
1455 ++ if (state == AUTOFS_INF_WANT_EXPIRE) {
1456 ++ spin_unlock(&sbi->fs_lock);
1457 ++ /*
1458 ++ * Possibly being selected for expire, wait until
1459 ++ * it's selected or not.
1460 ++ */
1461 ++ schedule_timeout_uninterruptible(HZ/10);
1462 ++ goto retry;
1463 ++ }
1464 ++ if (state & AUTOFS_INF_EXPIRING) {
1465 + spin_unlock(&sbi->fs_lock);
1466 +
1467 + pr_debug("waiting for expire %p name=%pd\n", dentry, dentry);
1468 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
1469 +index 3722a1f..4ffcf0c 100644
1470 +--- a/fs/btrfs/ioctl.c
1471 ++++ b/fs/btrfs/ioctl.c
1472 +@@ -1634,6 +1634,9 @@ static noinline int btrfs_ioctl_snap_create_transid(struct file *file,
1473 + int namelen;
1474 + int ret = 0;
1475 +
1476 ++ if (!S_ISDIR(file_inode(file)->i_mode))
1477 ++ return -ENOTDIR;
1478 ++
1479 + ret = mnt_want_write_file(file);
1480 + if (ret)
1481 + goto out;
1482 +@@ -1691,6 +1694,9 @@ static noinline int btrfs_ioctl_snap_create(struct file *file,
1483 + struct btrfs_ioctl_vol_args *vol_args;
1484 + int ret;
1485 +
1486 ++ if (!S_ISDIR(file_inode(file)->i_mode))
1487 ++ return -ENOTDIR;
1488 ++
1489 + vol_args = memdup_user(arg, sizeof(*vol_args));
1490 + if (IS_ERR(vol_args))
1491 + return PTR_ERR(vol_args);
1492 +@@ -1714,6 +1720,9 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file,
1493 + bool readonly = false;
1494 + struct btrfs_qgroup_inherit *inherit = NULL;
1495 +
1496 ++ if (!S_ISDIR(file_inode(file)->i_mode))
1497 ++ return -ENOTDIR;
1498 ++
1499 + vol_args = memdup_user(arg, sizeof(*vol_args));
1500 + if (IS_ERR(vol_args))
1501 + return PTR_ERR(vol_args);
1502 +@@ -2358,6 +2367,9 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file,
1503 + int ret;
1504 + int err = 0;
1505 +
1506 ++ if (!S_ISDIR(dir->i_mode))
1507 ++ return -ENOTDIR;
1508 ++
1509 + vol_args = memdup_user(arg, sizeof(*vol_args));
1510 + if (IS_ERR(vol_args))
1511 + return PTR_ERR(vol_args);
1512 +diff --git a/fs/ceph/file.c b/fs/ceph/file.c
1513 +index 0daaf7c..b1b9b48 100644
1514 +--- a/fs/ceph/file.c
1515 ++++ b/fs/ceph/file.c
1516 +@@ -1448,16 +1448,14 @@ static loff_t ceph_llseek(struct file *file, loff_t offset, int whence)
1517 + {
1518 + struct inode *inode = file->f_mapping->host;
1519 + loff_t i_size;
1520 +- int ret;
1521 ++ loff_t ret;
1522 +
1523 + inode_lock(inode);
1524 +
1525 + if (whence == SEEK_END || whence == SEEK_DATA || whence == SEEK_HOLE) {
1526 + ret = ceph_do_getattr(inode, CEPH_STAT_CAP_SIZE, false);
1527 +- if (ret < 0) {
1528 +- offset = ret;
1529 ++ if (ret < 0)
1530 + goto out;
1531 +- }
1532 + }
1533 +
1534 + i_size = i_size_read(inode);
1535 +@@ -1473,7 +1471,7 @@ static loff_t ceph_llseek(struct file *file, loff_t offset, int whence)
1536 + * write() or lseek() might have altered it
1537 + */
1538 + if (offset == 0) {
1539 +- offset = file->f_pos;
1540 ++ ret = file->f_pos;
1541 + goto out;
1542 + }
1543 + offset += file->f_pos;
1544 +@@ -1493,11 +1491,11 @@ static loff_t ceph_llseek(struct file *file, loff_t offset, int whence)
1545 + break;
1546 + }
1547 +
1548 +- offset = vfs_setpos(file, offset, inode->i_sb->s_maxbytes);
1549 ++ ret = vfs_setpos(file, offset, inode->i_sb->s_maxbytes);
1550 +
1551 + out:
1552 + inode_unlock(inode);
1553 +- return offset;
1554 ++ return ret;
1555 + }
1556 +
1557 + static inline void ceph_zero_partial_page(
1558 +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
1559 +index be6b165..0946f2d 100644
1560 +--- a/fs/ceph/ioctl.c
1561 ++++ b/fs/ceph/ioctl.c
1562 +@@ -183,7 +183,7 @@ static long ceph_ioctl_get_dataloc(struct file *file, void __user *arg)
1563 + struct ceph_osd_client *osdc =
1564 + &ceph_sb_to_client(inode->i_sb)->client->osdc;
1565 + struct ceph_object_locator oloc;
1566 +- struct ceph_object_id oid;
1567 ++ CEPH_DEFINE_OID_ONSTACK(oid);
1568 + u64 len = 1, olen;
1569 + u64 tmp;
1570 + struct ceph_pg pgid;
1571 +diff --git a/fs/configfs/file.c b/fs/configfs/file.c
1572 +index bbc1252..2ddfa05 100644
1573 +--- a/fs/configfs/file.c
1574 ++++ b/fs/configfs/file.c
1575 +@@ -333,6 +333,7 @@ configfs_write_bin_file(struct file *file, const char __user *buf,
1576 + if (bin_attr->cb_max_size &&
1577 + *ppos + count > bin_attr->cb_max_size) {
1578 + len = -EFBIG;
1579 ++ goto out;
1580 + }
1581 +
1582 + tbuf = vmalloc(*ppos + count);
1583 +diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
1584 +index 5c57654..90e46cd 100644
1585 +--- a/fs/hostfs/hostfs_kern.c
1586 ++++ b/fs/hostfs/hostfs_kern.c
1587 +@@ -959,10 +959,11 @@ static int hostfs_fill_sb_common(struct super_block *sb, void *d, int silent)
1588 +
1589 + if (S_ISLNK(root_inode->i_mode)) {
1590 + char *name = follow_link(host_root_path);
1591 +- if (IS_ERR(name))
1592 ++ if (IS_ERR(name)) {
1593 + err = PTR_ERR(name);
1594 +- else
1595 +- err = read_name(root_inode, name);
1596 ++ goto out_put;
1597 ++ }
1598 ++ err = read_name(root_inode, name);
1599 + kfree(name);
1600 + if (err)
1601 + goto out_put;
1602 +diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
1603 +index d2f97ec..e0e5f7c 100644
1604 +--- a/fs/notify/fanotify/fanotify.c
1605 ++++ b/fs/notify/fanotify/fanotify.c
1606 +@@ -67,18 +67,7 @@ static int fanotify_get_response(struct fsnotify_group *group,
1607 +
1608 + pr_debug("%s: group=%p event=%p\n", __func__, group, event);
1609 +
1610 +- wait_event(group->fanotify_data.access_waitq, event->response ||
1611 +- atomic_read(&group->fanotify_data.bypass_perm));
1612 +-
1613 +- if (!event->response) { /* bypass_perm set */
1614 +- /*
1615 +- * Event was canceled because group is being destroyed. Remove
1616 +- * it from group's event list because we are responsible for
1617 +- * freeing the permission event.
1618 +- */
1619 +- fsnotify_remove_event(group, &event->fae.fse);
1620 +- return 0;
1621 +- }
1622 ++ wait_event(group->fanotify_data.access_waitq, event->response);
1623 +
1624 + /* userspace responded, convert to something usable */
1625 + switch (event->response) {
1626 +diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
1627 +index 8e8e6bc..a643138 100644
1628 +--- a/fs/notify/fanotify/fanotify_user.c
1629 ++++ b/fs/notify/fanotify/fanotify_user.c
1630 +@@ -358,16 +358,20 @@ static int fanotify_release(struct inode *ignored, struct file *file)
1631 +
1632 + #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
1633 + struct fanotify_perm_event_info *event, *next;
1634 ++ struct fsnotify_event *fsn_event;
1635 +
1636 + /*
1637 +- * There may be still new events arriving in the notification queue
1638 +- * but since userspace cannot use fanotify fd anymore, no event can
1639 +- * enter or leave access_list by now.
1640 ++ * Stop new events from arriving in the notification queue. since
1641 ++ * userspace cannot use fanotify fd anymore, no event can enter or
1642 ++ * leave access_list by now either.
1643 + */
1644 +- spin_lock(&group->fanotify_data.access_lock);
1645 +-
1646 +- atomic_inc(&group->fanotify_data.bypass_perm);
1647 ++ fsnotify_group_stop_queueing(group);
1648 +
1649 ++ /*
1650 ++ * Process all permission events on access_list and notification queue
1651 ++ * and simulate reply from userspace.
1652 ++ */
1653 ++ spin_lock(&group->fanotify_data.access_lock);
1654 + list_for_each_entry_safe(event, next, &group->fanotify_data.access_list,
1655 + fae.fse.list) {
1656 + pr_debug("%s: found group=%p event=%p\n", __func__, group,
1657 +@@ -379,12 +383,21 @@ static int fanotify_release(struct inode *ignored, struct file *file)
1658 + spin_unlock(&group->fanotify_data.access_lock);
1659 +
1660 + /*
1661 +- * Since bypass_perm is set, newly queued events will not wait for
1662 +- * access response. Wake up the already sleeping ones now.
1663 +- * synchronize_srcu() in fsnotify_destroy_group() will wait for all
1664 +- * processes sleeping in fanotify_handle_event() waiting for access
1665 +- * response and thus also for all permission events to be freed.
1666 ++ * Destroy all non-permission events. For permission events just
1667 ++ * dequeue them and set the response. They will be freed once the
1668 ++ * response is consumed and fanotify_get_response() returns.
1669 + */
1670 ++ mutex_lock(&group->notification_mutex);
1671 ++ while (!fsnotify_notify_queue_is_empty(group)) {
1672 ++ fsn_event = fsnotify_remove_first_event(group);
1673 ++ if (!(fsn_event->mask & FAN_ALL_PERM_EVENTS))
1674 ++ fsnotify_destroy_event(group, fsn_event);
1675 ++ else
1676 ++ FANOTIFY_PE(fsn_event)->response = FAN_ALLOW;
1677 ++ }
1678 ++ mutex_unlock(&group->notification_mutex);
1679 ++
1680 ++ /* Response for all permission events it set, wakeup waiters */
1681 + wake_up(&group->fanotify_data.access_waitq);
1682 + #endif
1683 +
1684 +@@ -755,7 +768,6 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
1685 + spin_lock_init(&group->fanotify_data.access_lock);
1686 + init_waitqueue_head(&group->fanotify_data.access_waitq);
1687 + INIT_LIST_HEAD(&group->fanotify_data.access_list);
1688 +- atomic_set(&group->fanotify_data.bypass_perm, 0);
1689 + #endif
1690 + switch (flags & FAN_ALL_CLASS_BITS) {
1691 + case FAN_CLASS_NOTIF:
1692 +diff --git a/fs/notify/group.c b/fs/notify/group.c
1693 +index 3e2dd85..b47f7cf 100644
1694 +--- a/fs/notify/group.c
1695 ++++ b/fs/notify/group.c
1696 +@@ -40,6 +40,17 @@ static void fsnotify_final_destroy_group(struct fsnotify_group *group)
1697 + }
1698 +
1699 + /*
1700 ++ * Stop queueing new events for this group. Once this function returns
1701 ++ * fsnotify_add_event() will not add any new events to the group's queue.
1702 ++ */
1703 ++void fsnotify_group_stop_queueing(struct fsnotify_group *group)
1704 ++{
1705 ++ mutex_lock(&group->notification_mutex);
1706 ++ group->shutdown = true;
1707 ++ mutex_unlock(&group->notification_mutex);
1708 ++}
1709 ++
1710 ++/*
1711 + * Trying to get rid of a group. Remove all marks, flush all events and release
1712 + * the group reference.
1713 + * Note that another thread calling fsnotify_clear_marks_by_group() may still
1714 +@@ -47,6 +58,14 @@ static void fsnotify_final_destroy_group(struct fsnotify_group *group)
1715 + */
1716 + void fsnotify_destroy_group(struct fsnotify_group *group)
1717 + {
1718 ++ /*
1719 ++ * Stop queueing new events. The code below is careful enough to not
1720 ++ * require this but fanotify needs to stop queuing events even before
1721 ++ * fsnotify_destroy_group() is called and this makes the other callers
1722 ++ * of fsnotify_destroy_group() to see the same behavior.
1723 ++ */
1724 ++ fsnotify_group_stop_queueing(group);
1725 ++
1726 + /* clear all inode marks for this group, attach them to destroy_list */
1727 + fsnotify_detach_group_marks(group);
1728 +
1729 +diff --git a/fs/notify/notification.c b/fs/notify/notification.c
1730 +index a95d8e0..e455e83 100644
1731 +--- a/fs/notify/notification.c
1732 ++++ b/fs/notify/notification.c
1733 +@@ -82,7 +82,8 @@ void fsnotify_destroy_event(struct fsnotify_group *group,
1734 + * Add an event to the group notification queue. The group can later pull this
1735 + * event off the queue to deal with. The function returns 0 if the event was
1736 + * added to the queue, 1 if the event was merged with some other queued event,
1737 +- * 2 if the queue of events has overflown.
1738 ++ * 2 if the event was not queued - either the queue of events has overflown
1739 ++ * or the group is shutting down.
1740 + */
1741 + int fsnotify_add_event(struct fsnotify_group *group,
1742 + struct fsnotify_event *event,
1743 +@@ -96,6 +97,11 @@ int fsnotify_add_event(struct fsnotify_group *group,
1744 +
1745 + mutex_lock(&group->notification_mutex);
1746 +
1747 ++ if (group->shutdown) {
1748 ++ mutex_unlock(&group->notification_mutex);
1749 ++ return 2;
1750 ++ }
1751 ++
1752 + if (group->q_len >= group->max_events) {
1753 + ret = 2;
1754 + /* Queue overflow event only if it isn't already queued */
1755 +@@ -126,21 +132,6 @@ queue:
1756 + }
1757 +
1758 + /*
1759 +- * Remove @event from group's notification queue. It is the responsibility of
1760 +- * the caller to destroy the event.
1761 +- */
1762 +-void fsnotify_remove_event(struct fsnotify_group *group,
1763 +- struct fsnotify_event *event)
1764 +-{
1765 +- mutex_lock(&group->notification_mutex);
1766 +- if (!list_empty(&event->list)) {
1767 +- list_del_init(&event->list);
1768 +- group->q_len--;
1769 +- }
1770 +- mutex_unlock(&group->notification_mutex);
1771 +-}
1772 +-
1773 +-/*
1774 + * Remove and return the first event from the notification list. It is the
1775 + * responsibility of the caller to destroy the obtained event
1776 + */
1777 +diff --git a/fs/ocfs2/cluster/tcp_internal.h b/fs/ocfs2/cluster/tcp_internal.h
1778 +index 94b1836..b95e7df 100644
1779 +--- a/fs/ocfs2/cluster/tcp_internal.h
1780 ++++ b/fs/ocfs2/cluster/tcp_internal.h
1781 +@@ -44,9 +44,6 @@
1782 + * version here in tcp_internal.h should not need to be bumped for
1783 + * filesystem locking changes.
1784 + *
1785 +- * New in version 12
1786 +- * - Negotiate hb timeout when storage is down.
1787 +- *
1788 + * New in version 11
1789 + * - Negotiation of filesystem locking in the dlm join.
1790 + *
1791 +@@ -78,7 +75,7 @@
1792 + * - full 64 bit i_size in the metadata lock lvbs
1793 + * - introduction of "rw" lock and pushing meta/data locking down
1794 + */
1795 +-#define O2NET_PROTOCOL_VERSION 12ULL
1796 ++#define O2NET_PROTOCOL_VERSION 11ULL
1797 + struct o2net_handshake {
1798 + __be64 protocol_version;
1799 + __be64 connector_id;
1800 +diff --git a/fs/ocfs2/dlm/dlmconvert.c b/fs/ocfs2/dlm/dlmconvert.c
1801 +index cdeafb4..0bb1286 100644
1802 +--- a/fs/ocfs2/dlm/dlmconvert.c
1803 ++++ b/fs/ocfs2/dlm/dlmconvert.c
1804 +@@ -268,7 +268,6 @@ enum dlm_status dlmconvert_remote(struct dlm_ctxt *dlm,
1805 + struct dlm_lock *lock, int flags, int type)
1806 + {
1807 + enum dlm_status status;
1808 +- u8 old_owner = res->owner;
1809 +
1810 + mlog(0, "type=%d, convert_type=%d, busy=%d\n", lock->ml.type,
1811 + lock->ml.convert_type, res->state & DLM_LOCK_RES_IN_PROGRESS);
1812 +@@ -335,7 +334,6 @@ enum dlm_status dlmconvert_remote(struct dlm_ctxt *dlm,
1813 +
1814 + spin_lock(&res->spinlock);
1815 + res->state &= ~DLM_LOCK_RES_IN_PROGRESS;
1816 +- lock->convert_pending = 0;
1817 + /* if it failed, move it back to granted queue.
1818 + * if master returns DLM_NORMAL and then down before sending ast,
1819 + * it may have already been moved to granted queue, reset to
1820 +@@ -344,12 +342,14 @@ enum dlm_status dlmconvert_remote(struct dlm_ctxt *dlm,
1821 + if (status != DLM_NOTQUEUED)
1822 + dlm_error(status);
1823 + dlm_revert_pending_convert(res, lock);
1824 +- } else if ((res->state & DLM_LOCK_RES_RECOVERING) ||
1825 +- (old_owner != res->owner)) {
1826 +- mlog(0, "res %.*s is in recovering or has been recovered.\n",
1827 +- res->lockname.len, res->lockname.name);
1828 ++ } else if (!lock->convert_pending) {
1829 ++ mlog(0, "%s: res %.*s, owner died and lock has been moved back "
1830 ++ "to granted list, retry convert.\n",
1831 ++ dlm->name, res->lockname.len, res->lockname.name);
1832 + status = DLM_RECOVERING;
1833 + }
1834 ++
1835 ++ lock->convert_pending = 0;
1836 + bail:
1837 + spin_unlock(&res->spinlock);
1838 +
1839 +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
1840 +index 4e7b0dc..0b055bf 100644
1841 +--- a/fs/ocfs2/file.c
1842 ++++ b/fs/ocfs2/file.c
1843 +@@ -1506,7 +1506,8 @@ static int ocfs2_zero_partial_clusters(struct inode *inode,
1844 + u64 start, u64 len)
1845 + {
1846 + int ret = 0;
1847 +- u64 tmpend, end = start + len;
1848 ++ u64 tmpend = 0;
1849 ++ u64 end = start + len;
1850 + struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
1851 + unsigned int csize = osb->s_clustersize;
1852 + handle_t *handle;
1853 +@@ -1538,18 +1539,31 @@ static int ocfs2_zero_partial_clusters(struct inode *inode,
1854 + }
1855 +
1856 + /*
1857 +- * We want to get the byte offset of the end of the 1st cluster.
1858 ++ * If start is on a cluster boundary and end is somewhere in another
1859 ++ * cluster, we have not COWed the cluster starting at start, unless
1860 ++ * end is also within the same cluster. So, in this case, we skip this
1861 ++ * first call to ocfs2_zero_range_for_truncate() truncate and move on
1862 ++ * to the next one.
1863 + */
1864 +- tmpend = (u64)osb->s_clustersize + (start & ~(osb->s_clustersize - 1));
1865 +- if (tmpend > end)
1866 +- tmpend = end;
1867 ++ if ((start & (csize - 1)) != 0) {
1868 ++ /*
1869 ++ * We want to get the byte offset of the end of the 1st
1870 ++ * cluster.
1871 ++ */
1872 ++ tmpend = (u64)osb->s_clustersize +
1873 ++ (start & ~(osb->s_clustersize - 1));
1874 ++ if (tmpend > end)
1875 ++ tmpend = end;
1876 +
1877 +- trace_ocfs2_zero_partial_clusters_range1((unsigned long long)start,
1878 +- (unsigned long long)tmpend);
1879 ++ trace_ocfs2_zero_partial_clusters_range1(
1880 ++ (unsigned long long)start,
1881 ++ (unsigned long long)tmpend);
1882 +
1883 +- ret = ocfs2_zero_range_for_truncate(inode, handle, start, tmpend);
1884 +- if (ret)
1885 +- mlog_errno(ret);
1886 ++ ret = ocfs2_zero_range_for_truncate(inode, handle, start,
1887 ++ tmpend);
1888 ++ if (ret)
1889 ++ mlog_errno(ret);
1890 ++ }
1891 +
1892 + if (tmpend < end) {
1893 + /*
1894 +diff --git a/fs/reiserfs/ibalance.c b/fs/reiserfs/ibalance.c
1895 +index b751eea..5db6f45 100644
1896 +--- a/fs/reiserfs/ibalance.c
1897 ++++ b/fs/reiserfs/ibalance.c
1898 +@@ -1153,8 +1153,9 @@ int balance_internal(struct tree_balance *tb,
1899 + insert_ptr);
1900 + }
1901 +
1902 +- memcpy(new_insert_key_addr, &new_insert_key, KEY_SIZE);
1903 + insert_ptr[0] = new_insert_ptr;
1904 ++ if (new_insert_ptr)
1905 ++ memcpy(new_insert_key_addr, &new_insert_key, KEY_SIZE);
1906 +
1907 + return order;
1908 + }
1909 +diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
1910 +index e71cfbd..41c20b6 100644
1911 +--- a/fs/xfs/xfs_buf.c
1912 ++++ b/fs/xfs/xfs_buf.c
1913 +@@ -1531,7 +1531,7 @@ xfs_wait_buftarg(
1914 + * ensure here that all reference counts have been dropped before we
1915 + * start walking the LRU list.
1916 + */
1917 +- drain_workqueue(btp->bt_mount->m_buf_workqueue);
1918 ++ flush_workqueue(btp->bt_mount->m_buf_workqueue);
1919 +
1920 + /* loop until there is nothing left on the lru list. */
1921 + while (list_lru_count(&btp->bt_lru)) {
1922 +diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h
1923 +index 690985d..6b79a6b 100644
1924 +--- a/include/linux/ceph/libceph.h
1925 ++++ b/include/linux/ceph/libceph.h
1926 +@@ -214,8 +214,9 @@ static void erase_##name(struct rb_root *root, type *t) \
1927 + }
1928 +
1929 + #define DEFINE_RB_LOOKUP_FUNC(name, type, keyfld, nodefld) \
1930 ++extern type __lookup_##name##_key; \
1931 + static type *lookup_##name(struct rb_root *root, \
1932 +- typeof(((type *)0)->keyfld) key) \
1933 ++ typeof(__lookup_##name##_key.keyfld) key) \
1934 + { \
1935 + struct rb_node *n = root->rb_node; \
1936 + \
1937 +diff --git a/include/linux/ceph/osdmap.h b/include/linux/ceph/osdmap.h
1938 +index 9ccf4db..21d7f04 100644
1939 +--- a/include/linux/ceph/osdmap.h
1940 ++++ b/include/linux/ceph/osdmap.h
1941 +@@ -115,6 +115,11 @@ static inline void ceph_oid_init(struct ceph_object_id *oid)
1942 + oid->name_len = 0;
1943 + }
1944 +
1945 ++#define CEPH_OID_INIT_ONSTACK(oid) \
1946 ++ ({ ceph_oid_init(&oid); oid; })
1947 ++#define CEPH_DEFINE_OID_ONSTACK(oid) \
1948 ++ struct ceph_object_id oid = CEPH_OID_INIT_ONSTACK(oid)
1949 ++
1950 + static inline bool ceph_oid_empty(const struct ceph_object_id *oid)
1951 + {
1952 + return oid->name == oid->inline_name && !oid->name_len;
1953 +diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
1954 +index 29f9175..16af670 100644
1955 +--- a/include/linux/fsnotify_backend.h
1956 ++++ b/include/linux/fsnotify_backend.h
1957 +@@ -148,6 +148,7 @@ struct fsnotify_group {
1958 + #define FS_PRIO_1 1 /* fanotify content based access control */
1959 + #define FS_PRIO_2 2 /* fanotify pre-content access */
1960 + unsigned int priority;
1961 ++ bool shutdown; /* group is being shut down, don't queue more events */
1962 +
1963 + /* stores all fastpath marks assoc with this group so they can be cleaned on unregister */
1964 + struct mutex mark_mutex; /* protect marks_list */
1965 +@@ -179,7 +180,6 @@ struct fsnotify_group {
1966 + spinlock_t access_lock;
1967 + struct list_head access_list;
1968 + wait_queue_head_t access_waitq;
1969 +- atomic_t bypass_perm;
1970 + #endif /* CONFIG_FANOTIFY_ACCESS_PERMISSIONS */
1971 + int f_flags;
1972 + unsigned int max_marks;
1973 +@@ -303,6 +303,8 @@ extern struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *op
1974 + extern void fsnotify_get_group(struct fsnotify_group *group);
1975 + /* drop reference on a group from fsnotify_alloc_group */
1976 + extern void fsnotify_put_group(struct fsnotify_group *group);
1977 ++/* group destruction begins, stop queuing new events */
1978 ++extern void fsnotify_group_stop_queueing(struct fsnotify_group *group);
1979 + /* destroy group */
1980 + extern void fsnotify_destroy_group(struct fsnotify_group *group);
1981 + /* fasync handler function */
1982 +@@ -315,8 +317,6 @@ extern int fsnotify_add_event(struct fsnotify_group *group,
1983 + struct fsnotify_event *event,
1984 + int (*merge)(struct list_head *,
1985 + struct fsnotify_event *));
1986 +-/* Remove passed event from groups notification queue */
1987 +-extern void fsnotify_remove_event(struct fsnotify_group *group, struct fsnotify_event *event);
1988 + /* true if the group notification queue is empty */
1989 + extern bool fsnotify_notify_queue_is_empty(struct fsnotify_group *group);
1990 + /* return, but do not dequeue the first event on the notification queue */
1991 +diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
1992 +index 9735410..1f94053 100644
1993 +--- a/include/linux/pagemap.h
1994 ++++ b/include/linux/pagemap.h
1995 +@@ -571,56 +571,56 @@ static inline int fault_in_pages_readable(const char __user *uaddr, int size)
1996 + */
1997 + static inline int fault_in_multipages_writeable(char __user *uaddr, int size)
1998 + {
1999 +- int ret = 0;
2000 + char __user *end = uaddr + size - 1;
2001 +
2002 + if (unlikely(size == 0))
2003 +- return ret;
2004 ++ return 0;
2005 +
2006 ++ if (unlikely(uaddr > end))
2007 ++ return -EFAULT;
2008 + /*
2009 + * Writing zeroes into userspace here is OK, because we know that if
2010 + * the zero gets there, we'll be overwriting it.
2011 + */
2012 +- while (uaddr <= end) {
2013 +- ret = __put_user(0, uaddr);
2014 +- if (ret != 0)
2015 +- return ret;
2016 ++ do {
2017 ++ if (unlikely(__put_user(0, uaddr) != 0))
2018 ++ return -EFAULT;
2019 + uaddr += PAGE_SIZE;
2020 +- }
2021 ++ } while (uaddr <= end);
2022 +
2023 + /* Check whether the range spilled into the next page. */
2024 + if (((unsigned long)uaddr & PAGE_MASK) ==
2025 + ((unsigned long)end & PAGE_MASK))
2026 +- ret = __put_user(0, end);
2027 ++ return __put_user(0, end);
2028 +
2029 +- return ret;
2030 ++ return 0;
2031 + }
2032 +
2033 + static inline int fault_in_multipages_readable(const char __user *uaddr,
2034 + int size)
2035 + {
2036 + volatile char c;
2037 +- int ret = 0;
2038 + const char __user *end = uaddr + size - 1;
2039 +
2040 + if (unlikely(size == 0))
2041 +- return ret;
2042 ++ return 0;
2043 +
2044 +- while (uaddr <= end) {
2045 +- ret = __get_user(c, uaddr);
2046 +- if (ret != 0)
2047 +- return ret;
2048 ++ if (unlikely(uaddr > end))
2049 ++ return -EFAULT;
2050 ++
2051 ++ do {
2052 ++ if (unlikely(__get_user(c, uaddr) != 0))
2053 ++ return -EFAULT;
2054 + uaddr += PAGE_SIZE;
2055 +- }
2056 ++ } while (uaddr <= end);
2057 +
2058 + /* Check whether the range spilled into the next page. */
2059 + if (((unsigned long)uaddr & PAGE_MASK) ==
2060 + ((unsigned long)end & PAGE_MASK)) {
2061 +- ret = __get_user(c, end);
2062 +- (void)c;
2063 ++ return __get_user(c, end);
2064 + }
2065 +
2066 +- return ret;
2067 ++ return 0;
2068 + }
2069 +
2070 + int add_to_page_cache_locked(struct page *page, struct address_space *mapping,
2071 +diff --git a/include/linux/reset.h b/include/linux/reset.h
2072 +index 45a4abe..5daff15 100644
2073 +--- a/include/linux/reset.h
2074 ++++ b/include/linux/reset.h
2075 +@@ -71,14 +71,14 @@ static inline struct reset_control *__of_reset_control_get(
2076 + struct device_node *node,
2077 + const char *id, int index, int shared)
2078 + {
2079 +- return ERR_PTR(-EINVAL);
2080 ++ return ERR_PTR(-ENOTSUPP);
2081 + }
2082 +
2083 + static inline struct reset_control *__devm_reset_control_get(
2084 + struct device *dev,
2085 + const char *id, int index, int shared)
2086 + {
2087 +- return ERR_PTR(-EINVAL);
2088 ++ return ERR_PTR(-ENOTSUPP);
2089 + }
2090 +
2091 + #endif /* CONFIG_RESET_CONTROLLER */
2092 +diff --git a/kernel/cgroup.c b/kernel/cgroup.c
2093 +index e0be49f..129a7ca 100644
2094 +--- a/kernel/cgroup.c
2095 ++++ b/kernel/cgroup.c
2096 +@@ -6240,6 +6240,12 @@ void cgroup_sk_alloc(struct sock_cgroup_data *skcd)
2097 + if (cgroup_sk_alloc_disabled)
2098 + return;
2099 +
2100 ++ /* Socket clone path */
2101 ++ if (skcd->val) {
2102 ++ cgroup_get(sock_cgroup_ptr(skcd));
2103 ++ return;
2104 ++ }
2105 ++
2106 + rcu_read_lock();
2107 +
2108 + while (true) {
2109 +diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
2110 +index fca9254..2fc1177 100644
2111 +--- a/kernel/power/hibernate.c
2112 ++++ b/kernel/power/hibernate.c
2113 +@@ -299,12 +299,12 @@ static int create_image(int platform_mode)
2114 + save_processor_state();
2115 + trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, true);
2116 + error = swsusp_arch_suspend();
2117 ++ /* Restore control flow magically appears here */
2118 ++ restore_processor_state();
2119 + trace_suspend_resume(TPS("machine_suspend"), PM_EVENT_HIBERNATE, false);
2120 + if (error)
2121 + printk(KERN_ERR "PM: Error %d creating hibernation image\n",
2122 + error);
2123 +- /* Restore control flow magically appears here */
2124 +- restore_processor_state();
2125 + if (!in_suspend)
2126 + events_check_enabled = false;
2127 +
2128 +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
2129 +index 3a97060..f155c62 100644
2130 +--- a/kernel/power/snapshot.c
2131 ++++ b/kernel/power/snapshot.c
2132 +@@ -765,9 +765,9 @@ static bool memory_bm_pfn_present(struct memory_bitmap *bm, unsigned long pfn)
2133 + */
2134 + static bool rtree_next_node(struct memory_bitmap *bm)
2135 + {
2136 +- bm->cur.node = list_entry(bm->cur.node->list.next,
2137 +- struct rtree_node, list);
2138 +- if (&bm->cur.node->list != &bm->cur.zone->leaves) {
2139 ++ if (!list_is_last(&bm->cur.node->list, &bm->cur.zone->leaves)) {
2140 ++ bm->cur.node = list_entry(bm->cur.node->list.next,
2141 ++ struct rtree_node, list);
2142 + bm->cur.node_pfn += BM_BITS_PER_BLOCK;
2143 + bm->cur.node_bit = 0;
2144 + touch_softlockup_watchdog();
2145 +@@ -775,9 +775,9 @@ static bool rtree_next_node(struct memory_bitmap *bm)
2146 + }
2147 +
2148 + /* No more nodes, goto next zone */
2149 +- bm->cur.zone = list_entry(bm->cur.zone->list.next,
2150 ++ if (!list_is_last(&bm->cur.zone->list, &bm->zones)) {
2151 ++ bm->cur.zone = list_entry(bm->cur.zone->list.next,
2152 + struct mem_zone_bm_rtree, list);
2153 +- if (&bm->cur.zone->list != &bm->zones) {
2154 + bm->cur.node = list_entry(bm->cur.zone->leaves.next,
2155 + struct rtree_node, list);
2156 + bm->cur.node_pfn = 0;
2157 +diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile
2158 +index 979e7bf..d0a1617 100644
2159 +--- a/kernel/trace/Makefile
2160 ++++ b/kernel/trace/Makefile
2161 +@@ -1,4 +1,8 @@
2162 +
2163 ++# We are fully aware of the dangers of __builtin_return_address()
2164 ++FRAME_CFLAGS := $(call cc-disable-warning,frame-address)
2165 ++KBUILD_CFLAGS += $(FRAME_CFLAGS)
2166 ++
2167 + # Do not instrument the tracer itself:
2168 +
2169 + ifdef CONFIG_FUNCTION_TRACER
2170 +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2171 +index 8a4bd6b..77eeab2 100644
2172 +--- a/kernel/trace/trace.c
2173 ++++ b/kernel/trace/trace.c
2174 +@@ -4890,19 +4890,20 @@ tracing_read_pipe(struct file *filp, char __user *ubuf,
2175 + struct trace_iterator *iter = filp->private_data;
2176 + ssize_t sret;
2177 +
2178 +- /* return any leftover data */
2179 +- sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
2180 +- if (sret != -EBUSY)
2181 +- return sret;
2182 +-
2183 +- trace_seq_init(&iter->seq);
2184 +-
2185 + /*
2186 + * Avoid more than one consumer on a single file descriptor
2187 + * This is just a matter of traces coherency, the ring buffer itself
2188 + * is protected.
2189 + */
2190 + mutex_lock(&iter->mutex);
2191 ++
2192 ++ /* return any leftover data */
2193 ++ sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
2194 ++ if (sret != -EBUSY)
2195 ++ goto out;
2196 ++
2197 ++ trace_seq_init(&iter->seq);
2198 ++
2199 + if (iter->trace->read) {
2200 + sret = iter->trace->read(iter, filp, ubuf, cnt, ppos);
2201 + if (sret)
2202 +@@ -5929,9 +5930,6 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
2203 + return -EBUSY;
2204 + #endif
2205 +
2206 +- if (splice_grow_spd(pipe, &spd))
2207 +- return -ENOMEM;
2208 +-
2209 + if (*ppos & (PAGE_SIZE - 1))
2210 + return -EINVAL;
2211 +
2212 +@@ -5941,6 +5939,9 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
2213 + len &= PAGE_MASK;
2214 + }
2215 +
2216 ++ if (splice_grow_spd(pipe, &spd))
2217 ++ return -ENOMEM;
2218 ++
2219 + again:
2220 + trace_access_lock(iter->cpu_file);
2221 + entries = ring_buffer_entries_cpu(iter->trace_buffer->buffer, iter->cpu_file);
2222 +@@ -5998,19 +5999,21 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
2223 + /* did we read anything? */
2224 + if (!spd.nr_pages) {
2225 + if (ret)
2226 +- return ret;
2227 ++ goto out;
2228 +
2229 ++ ret = -EAGAIN;
2230 + if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK))
2231 +- return -EAGAIN;
2232 ++ goto out;
2233 +
2234 + ret = wait_on_pipe(iter, true);
2235 + if (ret)
2236 +- return ret;
2237 ++ goto out;
2238 +
2239 + goto again;
2240 + }
2241 +
2242 + ret = splice_to_pipe(pipe, &spd);
2243 ++out:
2244 + splice_shrink_spd(&spd);
2245 +
2246 + return ret;
2247 +diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
2248 +index 6845f92..50e92c5 100644
2249 +--- a/mm/kasan/kasan.c
2250 ++++ b/mm/kasan/kasan.c
2251 +@@ -562,7 +562,7 @@ void kasan_kmalloc(struct kmem_cache *cache, const void *object, size_t size,
2252 + unsigned long redzone_start;
2253 + unsigned long redzone_end;
2254 +
2255 +- if (flags & __GFP_RECLAIM)
2256 ++ if (gfpflags_allow_blocking(flags))
2257 + quarantine_reduce();
2258 +
2259 + if (unlikely(object == NULL))
2260 +@@ -595,7 +595,7 @@ void kasan_kmalloc_large(const void *ptr, size_t size, gfp_t flags)
2261 + unsigned long redzone_start;
2262 + unsigned long redzone_end;
2263 +
2264 +- if (flags & __GFP_RECLAIM)
2265 ++ if (gfpflags_allow_blocking(flags))
2266 + quarantine_reduce();
2267 +
2268 + if (unlikely(ptr == NULL))
2269 +diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
2270 +index 65793f1..a04887c 100644
2271 +--- a/mm/kasan/quarantine.c
2272 ++++ b/mm/kasan/quarantine.c
2273 +@@ -196,7 +196,7 @@ void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache)
2274 +
2275 + void quarantine_reduce(void)
2276 + {
2277 +- size_t new_quarantine_size;
2278 ++ size_t new_quarantine_size, percpu_quarantines;
2279 + unsigned long flags;
2280 + struct qlist_head to_free = QLIST_INIT;
2281 + size_t size_to_free = 0;
2282 +@@ -214,7 +214,12 @@ void quarantine_reduce(void)
2283 + */
2284 + new_quarantine_size = (READ_ONCE(totalram_pages) << PAGE_SHIFT) /
2285 + QUARANTINE_FRACTION;
2286 +- new_quarantine_size -= QUARANTINE_PERCPU_SIZE * num_online_cpus();
2287 ++ percpu_quarantines = QUARANTINE_PERCPU_SIZE * num_online_cpus();
2288 ++ if (WARN_ONCE(new_quarantine_size < percpu_quarantines,
2289 ++ "Too little memory, disabling global KASAN quarantine.\n"))
2290 ++ new_quarantine_size = 0;
2291 ++ else
2292 ++ new_quarantine_size -= percpu_quarantines;
2293 + WRITE_ONCE(quarantine_size, new_quarantine_size);
2294 +
2295 + last = global_quarantine.head;
2296 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
2297 +index ca847d9..fcb5b8c 100644
2298 +--- a/mm/memcontrol.c
2299 ++++ b/mm/memcontrol.c
2300 +@@ -1797,17 +1797,22 @@ static DEFINE_MUTEX(percpu_charge_mutex);
2301 + static bool consume_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
2302 + {
2303 + struct memcg_stock_pcp *stock;
2304 ++ unsigned long flags;
2305 + bool ret = false;
2306 +
2307 + if (nr_pages > CHARGE_BATCH)
2308 + return ret;
2309 +
2310 +- stock = &get_cpu_var(memcg_stock);
2311 ++ local_irq_save(flags);
2312 ++
2313 ++ stock = this_cpu_ptr(&memcg_stock);
2314 + if (memcg == stock->cached && stock->nr_pages >= nr_pages) {
2315 + stock->nr_pages -= nr_pages;
2316 + ret = true;
2317 + }
2318 +- put_cpu_var(memcg_stock);
2319 ++
2320 ++ local_irq_restore(flags);
2321 ++
2322 + return ret;
2323 + }
2324 +
2325 +@@ -1828,15 +1833,18 @@ static void drain_stock(struct memcg_stock_pcp *stock)
2326 + stock->cached = NULL;
2327 + }
2328 +
2329 +-/*
2330 +- * This must be called under preempt disabled or must be called by
2331 +- * a thread which is pinned to local cpu.
2332 +- */
2333 + static void drain_local_stock(struct work_struct *dummy)
2334 + {
2335 +- struct memcg_stock_pcp *stock = this_cpu_ptr(&memcg_stock);
2336 ++ struct memcg_stock_pcp *stock;
2337 ++ unsigned long flags;
2338 ++
2339 ++ local_irq_save(flags);
2340 ++
2341 ++ stock = this_cpu_ptr(&memcg_stock);
2342 + drain_stock(stock);
2343 + clear_bit(FLUSHING_CACHED_CHARGE, &stock->flags);
2344 ++
2345 ++ local_irq_restore(flags);
2346 + }
2347 +
2348 + /*
2349 +@@ -1845,14 +1853,19 @@ static void drain_local_stock(struct work_struct *dummy)
2350 + */
2351 + static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
2352 + {
2353 +- struct memcg_stock_pcp *stock = &get_cpu_var(memcg_stock);
2354 ++ struct memcg_stock_pcp *stock;
2355 ++ unsigned long flags;
2356 ++
2357 ++ local_irq_save(flags);
2358 +
2359 ++ stock = this_cpu_ptr(&memcg_stock);
2360 + if (stock->cached != memcg) { /* reset if necessary */
2361 + drain_stock(stock);
2362 + stock->cached = memcg;
2363 + }
2364 + stock->nr_pages += nr_pages;
2365 +- put_cpu_var(memcg_stock);
2366 ++
2367 ++ local_irq_restore(flags);
2368 + }
2369 +
2370 + /*
2371 +diff --git a/mm/page_io.c b/mm/page_io.c
2372 +index 242dba0..dc1af1e 100644
2373 +--- a/mm/page_io.c
2374 ++++ b/mm/page_io.c
2375 +@@ -262,6 +262,7 @@ int __swap_writepage(struct page *page, struct writeback_control *wbc,
2376 + int ret, rw = WRITE;
2377 + struct swap_info_struct *sis = page_swap_info(page);
2378 +
2379 ++ BUG_ON(!PageSwapCache(page));
2380 + if (sis->flags & SWP_FILE) {
2381 + struct kiocb kiocb;
2382 + struct file *swap_file = sis->swap_file;
2383 +@@ -333,6 +334,7 @@ int swap_readpage(struct page *page)
2384 + int ret = 0;
2385 + struct swap_info_struct *sis = page_swap_info(page);
2386 +
2387 ++ BUG_ON(!PageSwapCache(page));
2388 + VM_BUG_ON_PAGE(!PageLocked(page), page);
2389 + VM_BUG_ON_PAGE(PageUptodate(page), page);
2390 + if (frontswap_load(page) == 0) {
2391 +@@ -381,6 +383,7 @@ int swap_set_page_dirty(struct page *page)
2392 +
2393 + if (sis->flags & SWP_FILE) {
2394 + struct address_space *mapping = sis->swap_file->f_mapping;
2395 ++ BUG_ON(!PageSwapCache(page));
2396 + return mapping->a_ops->set_page_dirty(page);
2397 + } else {
2398 + return __set_page_dirty_no_writeback(page);
2399 +diff --git a/mm/swapfile.c b/mm/swapfile.c
2400 +index 031713ab..46502f5 100644
2401 +--- a/mm/swapfile.c
2402 ++++ b/mm/swapfile.c
2403 +@@ -2724,7 +2724,6 @@ int swapcache_prepare(swp_entry_t entry)
2404 + struct swap_info_struct *page_swap_info(struct page *page)
2405 + {
2406 + swp_entry_t swap = { .val = page_private(page) };
2407 +- BUG_ON(!PageSwapCache(page));
2408 + return swap_info[swp_type(swap)];
2409 + }
2410 +
2411 +diff --git a/mm/vmscan.c b/mm/vmscan.c
2412 +index c4a2f45..38a2691 100644
2413 +--- a/mm/vmscan.c
2414 ++++ b/mm/vmscan.c
2415 +@@ -2150,23 +2150,6 @@ out:
2416 + }
2417 + }
2418 +
2419 +-#ifdef CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
2420 +-static void init_tlb_ubc(void)
2421 +-{
2422 +- /*
2423 +- * This deliberately does not clear the cpumask as it's expensive
2424 +- * and unnecessary. If there happens to be data in there then the
2425 +- * first SWAP_CLUSTER_MAX pages will send an unnecessary IPI and
2426 +- * then will be cleared.
2427 +- */
2428 +- current->tlb_ubc.flush_required = false;
2429 +-}
2430 +-#else
2431 +-static inline void init_tlb_ubc(void)
2432 +-{
2433 +-}
2434 +-#endif /* CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH */
2435 +-
2436 + /*
2437 + * This is a basic per-zone page freer. Used by both kswapd and direct reclaim.
2438 + */
2439 +@@ -2202,8 +2185,6 @@ static void shrink_zone_memcg(struct zone *zone, struct mem_cgroup *memcg,
2440 + scan_adjusted = (global_reclaim(sc) && !current_is_kswapd() &&
2441 + sc->priority == DEF_PRIORITY);
2442 +
2443 +- init_tlb_ubc();
2444 +-
2445 + blk_start_plug(&plug);
2446 + while (nr[LRU_INACTIVE_ANON] || nr[LRU_ACTIVE_FILE] ||
2447 + nr[LRU_INACTIVE_FILE]) {
2448 +diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
2449 +index 8946959..aee117f 100644
2450 +--- a/net/ceph/osd_client.c
2451 ++++ b/net/ceph/osd_client.c
2452 +@@ -4187,7 +4187,7 @@ static struct ceph_msg *alloc_msg_with_page_vector(struct ceph_msg_header *hdr)
2453 +
2454 + pages = ceph_alloc_page_vector(calc_pages_for(0, data_len),
2455 + GFP_NOIO);
2456 +- if (!pages) {
2457 ++ if (IS_ERR(pages)) {
2458 + ceph_msg_put(m);
2459 + return NULL;
2460 + }
2461 +diff --git a/net/core/sock.c b/net/core/sock.c
2462 +index 25dab8b..fd7b41e 100644
2463 +--- a/net/core/sock.c
2464 ++++ b/net/core/sock.c
2465 +@@ -1362,7 +1362,6 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
2466 + if (!try_module_get(prot->owner))
2467 + goto out_free_sec;
2468 + sk_tx_queue_clear(sk);
2469 +- cgroup_sk_alloc(&sk->sk_cgrp_data);
2470 + }
2471 +
2472 + return sk;
2473 +@@ -1422,6 +1421,7 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
2474 + sock_net_set(sk, net);
2475 + atomic_set(&sk->sk_wmem_alloc, 1);
2476 +
2477 ++ cgroup_sk_alloc(&sk->sk_cgrp_data);
2478 + sock_update_classid(&sk->sk_cgrp_data);
2479 + sock_update_netprioidx(&sk->sk_cgrp_data);
2480 + }
2481 +@@ -1566,6 +1566,9 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
2482 + newsk->sk_priority = 0;
2483 + newsk->sk_incoming_cpu = raw_smp_processor_id();
2484 + atomic64_set(&newsk->sk_cookie, 0);
2485 ++
2486 ++ cgroup_sk_alloc(&newsk->sk_cgrp_data);
2487 ++
2488 + /*
2489 + * Before updating sk_refcnt, we must commit prior changes to memory
2490 + * (Documentation/RCU/rculist_nulls.txt for details)
2491 +diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
2492 +index 3a8f881..0a7305a 100644
2493 +--- a/net/mac80211/agg-rx.c
2494 ++++ b/net/mac80211/agg-rx.c
2495 +@@ -261,10 +261,16 @@ void __ieee80211_start_rx_ba_session(struct sta_info *sta,
2496 + .timeout = timeout,
2497 + .ssn = start_seq_num,
2498 + };
2499 +-
2500 + int i, ret = -EOPNOTSUPP;
2501 + u16 status = WLAN_STATUS_REQUEST_DECLINED;
2502 +
2503 ++ if (tid >= IEEE80211_FIRST_TSPEC_TSID) {
2504 ++ ht_dbg(sta->sdata,
2505 ++ "STA %pM requests BA session on unsupported tid %d\n",
2506 ++ sta->sta.addr, tid);
2507 ++ goto end_no_lock;
2508 ++ }
2509 ++
2510 + if (!sta->sta.ht_cap.ht_supported) {
2511 + ht_dbg(sta->sdata,
2512 + "STA %pM erroneously requests BA session on tid %d w/o QoS\n",
2513 +diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
2514 +index 42fa810..744ad1c 100644
2515 +--- a/net/mac80211/agg-tx.c
2516 ++++ b/net/mac80211/agg-tx.c
2517 +@@ -580,6 +580,9 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
2518 + ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW))
2519 + return -EINVAL;
2520 +
2521 ++ if (WARN_ON(tid >= IEEE80211_FIRST_TSPEC_TSID))
2522 ++ return -EINVAL;
2523 ++
2524 + ht_dbg(sdata, "Open BA session requested for %pM tid %u\n",
2525 + pubsta->addr, tid);
2526 +
2527 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
2528 +index 7d72283..7d38dd6 100644
2529 +--- a/net/wireless/nl80211.c
2530 ++++ b/net/wireless/nl80211.c
2531 +@@ -6811,7 +6811,7 @@ static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
2532 +
2533 + params.n_counter_offsets_presp = len / sizeof(u16);
2534 + if (rdev->wiphy.max_num_csa_counters &&
2535 +- (params.n_counter_offsets_beacon >
2536 ++ (params.n_counter_offsets_presp >
2537 + rdev->wiphy.max_num_csa_counters))
2538 + return -EINVAL;
2539 +
2540 +diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
2541 +index 77ce538..8ab6867 100644
2542 +--- a/scripts/Makefile.ubsan
2543 ++++ b/scripts/Makefile.ubsan
2544 +@@ -14,8 +14,4 @@ ifdef CONFIG_UBSAN
2545 + ifdef CONFIG_UBSAN_ALIGNMENT
2546 + CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
2547 + endif
2548 +-
2549 +- # -fsanitize=* options makes GCC less smart than usual and
2550 +- # increase number of 'maybe-uninitialized false-positives
2551 +- CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)
2552 + endif
2553 +diff --git a/scripts/package/builddeb b/scripts/package/builddeb
2554 +index 86e56fe..202d6e7 100755
2555 +--- a/scripts/package/builddeb
2556 ++++ b/scripts/package/builddeb
2557 +@@ -322,12 +322,12 @@ fi
2558 +
2559 + # Build kernel header package
2560 + (cd $srctree; find . -name Makefile\* -o -name Kconfig\* -o -name \*.pl) > "$objtree/debian/hdrsrcfiles"
2561 +-if grep -q '^CONFIG_STACK_VALIDATION=y' $KCONFIG_CONFIG ; then
2562 +- (cd $srctree; find tools/objtool -type f -executable) >> "$objtree/debian/hdrsrcfiles"
2563 +-fi
2564 + (cd $srctree; find arch/*/include include scripts -type f) >> "$objtree/debian/hdrsrcfiles"
2565 + (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
2566 + (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
2567 ++if grep -q '^CONFIG_STACK_VALIDATION=y' $KCONFIG_CONFIG ; then
2568 ++ (cd $objtree; find tools/objtool -type f -executable) >> "$objtree/debian/hdrobjfiles"
2569 ++fi
2570 + (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
2571 + destdir=$kernel_headers_dir/usr/src/linux-headers-$version
2572 + mkdir -p "$destdir"
2573 +diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
2574 +index 5adbfc3..17a0610 100644
2575 +--- a/security/keys/encrypted-keys/encrypted.c
2576 ++++ b/security/keys/encrypted-keys/encrypted.c
2577 +@@ -29,6 +29,7 @@
2578 + #include <linux/rcupdate.h>
2579 + #include <linux/scatterlist.h>
2580 + #include <linux/ctype.h>
2581 ++#include <crypto/aes.h>
2582 + #include <crypto/hash.h>
2583 + #include <crypto/sha.h>
2584 + #include <crypto/skcipher.h>
2585 +@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
2586 + struct crypto_skcipher *tfm;
2587 + struct skcipher_request *req;
2588 + unsigned int encrypted_datalen;
2589 ++ u8 iv[AES_BLOCK_SIZE];
2590 + unsigned int padlen;
2591 + char pad[16];
2592 + int ret;
2593 +@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
2594 + sg_init_table(sg_out, 1);
2595 + sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
2596 +
2597 +- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
2598 +- epayload->iv);
2599 ++ memcpy(iv, epayload->iv, sizeof(iv));
2600 ++ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
2601 + ret = crypto_skcipher_encrypt(req);
2602 + tfm = crypto_skcipher_reqtfm(req);
2603 + skcipher_request_free(req);
2604 +@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
2605 + struct crypto_skcipher *tfm;
2606 + struct skcipher_request *req;
2607 + unsigned int encrypted_datalen;
2608 ++ u8 iv[AES_BLOCK_SIZE];
2609 + char pad[16];
2610 + int ret;
2611 +
2612 +@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
2613 + epayload->decrypted_datalen);
2614 + sg_set_buf(&sg_out[1], pad, sizeof pad);
2615 +
2616 +- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
2617 +- epayload->iv);
2618 ++ memcpy(iv, epayload->iv, sizeof(iv));
2619 ++ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
2620 + ret = crypto_skcipher_decrypt(req);
2621 + tfm = crypto_skcipher_reqtfm(req);
2622 + skcipher_request_free(req);
2623
2624 diff --git a/4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch b/4.7.6/4420_grsecurity-3.1-4.7.6-201609301918.patch
2625 similarity index 99%
2626 rename from 4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch
2627 rename to 4.7.6/4420_grsecurity-3.1-4.7.6-201609301918.patch
2628 index 9169f89..c2732fa 100644
2629 --- a/4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch
2630 +++ b/4.7.6/4420_grsecurity-3.1-4.7.6-201609301918.patch
2631 @@ -420,7 +420,7 @@ index a3683ce..5ec8bf4 100644
2632
2633 A toggle value indicating if modules are allowed to be loaded
2634 diff --git a/Makefile b/Makefile
2635 -index dd755d19..b480d63 100644
2636 +index 48b0120..b7cbcd2 100644
2637 --- a/Makefile
2638 +++ b/Makefile
2639 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
2640 @@ -443,7 +443,7 @@ index dd755d19..b480d63 100644
2641 $(Q)$(MAKE) $(build)=$(@)
2642
2643 # Objects we will link into vmlinux / subdirs we need to visit
2644 -@@ -633,6 +635,8 @@ endif
2645 +@@ -634,6 +636,8 @@ endif
2646 # Tell gcc to never replace conditional load with a non-conditional one
2647 KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
2648
2649 @@ -452,7 +452,7 @@ index dd755d19..b480d63 100644
2650 ifdef CONFIG_READABLE_ASM
2651 # Disable optimizations that make assembler listings hard to read.
2652 # reorder blocks reorders the control in the function
2653 -@@ -734,7 +738,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
2654 +@@ -735,7 +739,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
2655 else
2656 KBUILD_CFLAGS += -g
2657 endif
2658 @@ -461,7 +461,7 @@ index dd755d19..b480d63 100644
2659 endif
2660 ifdef CONFIG_DEBUG_INFO_DWARF4
2661 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
2662 -@@ -909,7 +913,7 @@ export mod_sign_cmd
2663 +@@ -910,7 +914,7 @@ export mod_sign_cmd
2664
2665
2666 ifeq ($(KBUILD_EXTMOD),)
2667 @@ -470,7 +470,7 @@ index dd755d19..b480d63 100644
2668
2669 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
2670 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
2671 -@@ -1028,7 +1032,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
2672 +@@ -1029,7 +1033,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
2673
2674 archprepare: archheaders archscripts prepare1 scripts_basic
2675
2676 @@ -479,7 +479,7 @@ index dd755d19..b480d63 100644
2677 $(Q)$(MAKE) $(build)=.
2678
2679 # All the preparing..
2680 -@@ -1247,7 +1251,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
2681 +@@ -1248,7 +1252,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
2682 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
2683 signing_key.pem signing_key.priv signing_key.x509 \
2684 x509.genkey extra_certificates signing_key.x509.keyid \
2685 @@ -492,7 +492,7 @@ index dd755d19..b480d63 100644
2686
2687 # clean - Delete most, but leave enough to build external modules
2688 #
2689 -@@ -1286,7 +1294,7 @@ distclean: mrproper
2690 +@@ -1287,7 +1295,7 @@ distclean: mrproper
2691 @find $(srctree) $(RCS_FIND_IGNORE) \
2692 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
2693 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
2694 @@ -501,7 +501,7 @@ index dd755d19..b480d63 100644
2695 -type f -print | xargs rm -f
2696
2697
2698 -@@ -1509,6 +1517,7 @@ clean: $(clean-dirs)
2699 +@@ -1510,6 +1518,7 @@ clean: $(clean-dirs)
2700 -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
2701 -o -name '*.symtypes' -o -name 'modules.order' \
2702 -o -name modules.builtin -o -name '.tmp_*.o.*' \
2703 @@ -1532,7 +1532,7 @@ index 75fe66b..2255c86 100644
2704 /*
2705 * Memory returned by kmalloc() may be used for DMA, so we must make
2706 diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
2707 -index 9156fc3..9791d17 100644
2708 +index 9156fc3..0521e3e 100644
2709 --- a/arch/arm/include/asm/cacheflush.h
2710 +++ b/arch/arm/include/asm/cacheflush.h
2711 @@ -116,7 +116,7 @@ struct cpu_cache_fns {
2712 @@ -1540,7 +1540,7 @@ index 9156fc3..9791d17 100644
2713
2714 void (*dma_flush_range)(const void *, const void *);
2715 -};
2716 -+} __no_const;
2717 ++} __no_const __no_randomize_layout;
2718
2719 /*
2720 * Select the calling method
2721 @@ -6839,7 +6839,7 @@ index adda3ff..ac067e2 100644
2722
2723 /* Run the generated entry code */
2724 diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
2725 -index 813ed78..0acf903 100644
2726 +index 45cff9f..f3eae55 100644
2727 --- a/arch/mips/kernel/process.c
2728 +++ b/arch/mips/kernel/process.c
2729 @@ -531,18 +531,6 @@ out:
2730 @@ -37343,7 +37343,7 @@ index 9c086c5..421e25b 100644
2731 unsigned long uninitialized_var(pfn_align);
2732 int i, nid;
2733 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
2734 -index 7a1f7bb..5b4b5cc 100644
2735 +index b2659b9..5715042 100644
2736 --- a/arch/x86/mm/pageattr.c
2737 +++ b/arch/x86/mm/pageattr.c
2738 @@ -258,7 +258,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
2739 @@ -37454,16 +37454,6 @@ index 7a1f7bb..5b4b5cc 100644
2740 cpa->flags |= CPA_FLUSHTLB;
2741 }
2742 cpa->numpages = 1;
2743 -@@ -1336,7 +1362,8 @@ static int cpa_process_alias(struct cpa_data *cpa)
2744 -
2745 - static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
2746 - {
2747 -- int ret, numpages = cpa->numpages;
2748 -+ int ret;
2749 -+ unsigned long numpages = cpa->numpages;
2750 -
2751 - while (numpages) {
2752 - /*
2753 diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
2754 index 5431a32..137f092 100644
2755 --- a/arch/x86/mm/pat.c
2756 @@ -38826,7 +38816,7 @@ index 338402b9..29ea50ab 100644
2757 gdt_descr.size = GDT_SIZE - 1;
2758 load_gdt(&gdt_descr);
2759 diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
2760 -index b226b3f..c9a3540 100644
2761 +index 964c702..142ffdb 100644
2762 --- a/arch/x86/platform/efi/efi_64.c
2763 +++ b/arch/x86/platform/efi/efi_64.c
2764 @@ -91,6 +91,11 @@ pgd_t * __init efi_call_phys_prolog(void)
2765 @@ -60062,7 +60052,7 @@ index ad535a8..b7e3ad7 100644
2766 .maxtype = IFLA_CAN_MAX,
2767 .policy = can_policy,
2768 diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c
2769 -index 41c0fc9..517f7e3 100644
2770 +index 16f7cad..e643cf4 100644
2771 --- a/drivers/net/can/flexcan.c
2772 +++ b/drivers/net/can/flexcan.c
2773 @@ -465,7 +465,7 @@ static int flexcan_get_berr_counter(const struct net_device *dev,
2774 @@ -62922,10 +62912,10 @@ index b0778ba..ed4357a 100644
2775 struct net_device *netdev = pci_get_drvdata(pdev);
2776 struct igbvf_adapter *adapter = netdev_priv(netdev);
2777 diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
2778 -index 8bebd86..61406f4 100644
2779 +index 58153e8..a159edd 100644
2780 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
2781 +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
2782 -@@ -9818,7 +9818,7 @@ static void ixgbe_remove(struct pci_dev *pdev)
2783 +@@ -9825,7 +9825,7 @@ static void ixgbe_remove(struct pci_dev *pdev)
2784 * this device has been detected.
2785 */
2786 static pci_ers_result_t ixgbe_io_error_detected(struct pci_dev *pdev,
2787 @@ -66671,7 +66661,7 @@ index 4fdc3da..4f63dd9 100644
2788 ((u64)seq.tkip.iv32 << 16));
2789 break;
2790 diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
2791 -index 779bafc..6ec6ea1 100644
2792 +index b92b75f..04a4e09 100644
2793 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
2794 +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
2795 @@ -405,7 +405,7 @@ static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
2796 @@ -70872,7 +70862,7 @@ index a6d9434..dc26b71 100644
2797
2798 case RTC_PIE_ON:
2799 diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
2800 -index 821d9c0..d71c3b5 100644
2801 +index f25f7dc..e89a400 100644
2802 --- a/drivers/rtc/rtc-ds1307.c
2803 +++ b/drivers/rtc/rtc-ds1307.c
2804 @@ -111,7 +111,7 @@ struct ds1307 {
2805 @@ -113224,7 +113214,7 @@ index a80a741..f28c9c9 100644
2806 }
2807
2808 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
2809 -index 8e8e6bc..211eeca 100644
2810 +index a643138..4b88993 100644
2811 --- a/fs/notify/fanotify/fanotify_user.c
2812 +++ b/fs/notify/fanotify/fanotify_user.c
2813 @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
2814 @@ -113239,7 +113229,7 @@ index 8e8e6bc..211eeca 100644
2815
2816 #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
2817 diff --git a/fs/notify/notification.c b/fs/notify/notification.c
2818 -index a95d8e0..a91a5fd 100644
2819 +index e455e83..6e2b732 100644
2820 --- a/fs/notify/notification.c
2821 +++ b/fs/notify/notification.c
2822 @@ -48,7 +48,7 @@
2823 @@ -134397,7 +134387,7 @@ index 113ee62..70198a7 100644
2824 spinlock_t lock ____cacheline_aligned;
2825 unsigned int processed;
2826 diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
2827 -index 9735410..701e42e 100644
2828 +index 1f94053..b668cf9 100644
2829 --- a/include/linux/pagemap.h
2830 +++ b/include/linux/pagemap.h
2831 @@ -215,7 +215,7 @@ static inline struct page *page_cache_alloc_readahead(struct address_space *x)
2832 @@ -140039,7 +140029,7 @@ index 00411c8..aaad585 100644
2833 +}
2834 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
2835 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
2836 -index e0be49f..d599a0e 100644
2837 +index 129a7ca..4fa9405 100644
2838 --- a/kernel/cgroup.c
2839 +++ b/kernel/cgroup.c
2840 @@ -3632,7 +3632,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
2841 @@ -140134,7 +140124,7 @@ index e0be49f..d599a0e 100644
2842 spin_lock_irq(&css_set_lock);
2843 path = cgroup_path_ns_locked(cgrp, pathbuf, PATH_MAX, &init_cgroup_ns);
2844 spin_unlock_irq(&css_set_lock);
2845 -@@ -6465,7 +6477,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
2846 +@@ -6471,7 +6483,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
2847 struct task_struct *task;
2848 int count = 0;
2849
2850 @@ -143386,13 +143376,13 @@ index 68d3ebc..554935d 100644
2851 select LZO_COMPRESS
2852 select LZO_DECOMPRESS
2853 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
2854 -index fca9254..a40591f 100644
2855 +index 2fc1177..6abfde0a 100644
2856 --- a/kernel/power/hibernate.c
2857 +++ b/kernel/power/hibernate.c
2858 @@ -305,8 +305,10 @@ static int create_image(int platform_mode)
2859 + if (error)
2860 + printk(KERN_ERR "PM: Error %d creating hibernation image\n",
2861 error);
2862 - /* Restore control flow magically appears here */
2863 - restore_processor_state();
2864 - if (!in_suspend)
2865 + if (!in_suspend) {
2866 events_check_enabled = false;
2867 @@ -143458,7 +143448,7 @@ index 0c2ee97..63229a6 100644
2868
2869 if (pm_wakeup_pending()) {
2870 diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
2871 -index 3a97060..12c1d4e 100644
2872 +index f155c62..facb59e 100644
2873 --- a/kernel/power/snapshot.c
2874 +++ b/kernel/power/snapshot.c
2875 @@ -1032,6 +1032,26 @@ void free_basic_memory_bitmaps(void)
2876 @@ -146500,7 +146490,7 @@ index 9c14373..5ddd763 100644
2877 *data_page = bpage;
2878
2879 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2880 -index 8a4bd6b..3b741d7 100644
2881 +index 77eeab2..f8ac159 100644
2882 --- a/kernel/trace/trace.c
2883 +++ b/kernel/trace/trace.c
2884 @@ -3649,7 +3649,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
2885 @@ -148749,7 +148739,7 @@ index 93fb63e..0aa6448 100644
2886 if (end == start)
2887 return error;
2888 diff --git a/mm/memcontrol.c b/mm/memcontrol.c
2889 -index ca847d9..3582387 100644
2890 +index fcb5b8c..5551323 100644
2891 --- a/mm/memcontrol.c
2892 +++ b/mm/memcontrol.c
2893 @@ -723,7 +723,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
2894 @@ -153133,7 +153123,7 @@ index 90530ff..9735082 100644
2895 }
2896
2897 diff --git a/mm/swapfile.c b/mm/swapfile.c
2898 -index 031713ab..f2c0e55 100644
2899 +index 46502f5..59af784 100644
2900 --- a/mm/swapfile.c
2901 +++ b/mm/swapfile.c
2902 @@ -90,7 +90,7 @@ static DEFINE_MUTEX(swapon_mutex);
2903 @@ -155512,7 +155502,7 @@ index eb12d21..3551c47 100644
2904 }
2905
2906 diff --git a/net/core/sock.c b/net/core/sock.c
2907 -index 25dab8b..51aa624 100644
2908 +index fd7b41e..71dae11 100644
2909 --- a/net/core/sock.c
2910 +++ b/net/core/sock.c
2911 @@ -411,13 +411,13 @@ int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
2912 @@ -155653,10 +155643,10 @@ index 25dab8b..51aa624 100644
2913 newsk->sk_incoming_cpu = raw_smp_processor_id();
2914 - atomic64_set(&newsk->sk_cookie, 0);
2915 + atomic64_set_unchecked(&newsk->sk_cookie, 0);
2916 - /*
2917 - * Before updating sk_refcnt, we must commit prior changes to memory
2918 - * (Documentation/RCU/rculist_nulls.txt for details)
2919 -@@ -2494,7 +2497,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
2920 +
2921 + cgroup_sk_alloc(&newsk->sk_cgrp_data);
2922 +
2923 +@@ -2497,7 +2500,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
2924 */
2925 smp_wmb();
2926 atomic_set(&sk->sk_refcnt, 1);
2927 @@ -155665,7 +155655,7 @@ index 25dab8b..51aa624 100644
2928 }
2929 EXPORT_SYMBOL(sock_init_data);
2930
2931 -@@ -2618,6 +2621,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
2932 +@@ -2621,6 +2624,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
2933 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
2934 int level, int type)
2935 {
2936 @@ -155673,7 +155663,7 @@ index 25dab8b..51aa624 100644
2937 struct sock_exterr_skb *serr;
2938 struct sk_buff *skb;
2939 int copied, err;
2940 -@@ -2639,7 +2643,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
2941 +@@ -2642,7 +2646,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
2942 sock_recv_timestamp(msg, sk, skb);
2943
2944 serr = SKB_EXT_ERR(skb);
2945 @@ -155683,7 +155673,7 @@ index 25dab8b..51aa624 100644
2946
2947 msg->msg_flags |= MSG_ERRQUEUE;
2948 err = copied;
2949 -@@ -3091,7 +3096,7 @@ static __net_exit void proto_exit_net(struct net *net)
2950 +@@ -3094,7 +3099,7 @@ static __net_exit void proto_exit_net(struct net *net)
2951 }
2952
2953
2954 @@ -213489,12 +213479,12 @@ index 71b4a8a..dcb89c5 100644
2955 rm -f $(2) $(objtree)/.scmversion
2956
2957 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
2958 -index 86e56fe..4d4418a 100755
2959 +index 202d6e7..4184398 100755
2960 --- a/scripts/package/builddeb
2961 +++ b/scripts/package/builddeb
2962 -@@ -329,6 +329,7 @@ fi
2963 - (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
2964 - (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
2965 +@@ -329,6 +329,7 @@ if grep -q '^CONFIG_STACK_VALIDATION=y' $KCONFIG_CONFIG ; then
2966 + (cd $objtree; find tools/objtool -type f -executable) >> "$objtree/debian/hdrobjfiles"
2967 + fi
2968 (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
2969 +(cd $objtree; find scripts/gcc-plugins -name \*.so -o -name gcc-common.h) >> "$objtree/debian/hdrobjfiles"
2970 destdir=$kernel_headers_dir/usr/src/linux-headers-$version
2971 @@ -214904,56 +214894,6 @@ index 552705d..9920f4fb 100644
2972 key = ima_hash_key(entry->digest);
2973 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
2974 return 0;
2975 -diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
2976 -index 5adbfc3..17a0610 100644
2977 ---- a/security/keys/encrypted-keys/encrypted.c
2978 -+++ b/security/keys/encrypted-keys/encrypted.c
2979 -@@ -29,6 +29,7 @@
2980 - #include <linux/rcupdate.h>
2981 - #include <linux/scatterlist.h>
2982 - #include <linux/ctype.h>
2983 -+#include <crypto/aes.h>
2984 - #include <crypto/hash.h>
2985 - #include <crypto/sha.h>
2986 - #include <crypto/skcipher.h>
2987 -@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
2988 - struct crypto_skcipher *tfm;
2989 - struct skcipher_request *req;
2990 - unsigned int encrypted_datalen;
2991 -+ u8 iv[AES_BLOCK_SIZE];
2992 - unsigned int padlen;
2993 - char pad[16];
2994 - int ret;
2995 -@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
2996 - sg_init_table(sg_out, 1);
2997 - sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
2998 -
2999 -- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
3000 -- epayload->iv);
3001 -+ memcpy(iv, epayload->iv, sizeof(iv));
3002 -+ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
3003 - ret = crypto_skcipher_encrypt(req);
3004 - tfm = crypto_skcipher_reqtfm(req);
3005 - skcipher_request_free(req);
3006 -@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
3007 - struct crypto_skcipher *tfm;
3008 - struct skcipher_request *req;
3009 - unsigned int encrypted_datalen;
3010 -+ u8 iv[AES_BLOCK_SIZE];
3011 - char pad[16];
3012 - int ret;
3013 -
3014 -@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
3015 - epayload->decrypted_datalen);
3016 - sg_set_buf(&sg_out[1], pad, sizeof pad);
3017 -
3018 -- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
3019 -- epayload->iv);
3020 -+ memcpy(iv, epayload->iv, sizeof(iv));
3021 -+ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
3022 - ret = crypto_skcipher_decrypt(req);
3023 - tfm = crypto_skcipher_reqtfm(req);
3024 - skcipher_request_free(req);
3025 diff --git a/security/keys/internal.h b/security/keys/internal.h
3026 index a705a7d..898c675 100644
3027 --- a/security/keys/internal.h
3028
3029 diff --git a/4.7.5/4425_grsec_remove_EI_PAX.patch b/4.7.6/4425_grsec_remove_EI_PAX.patch
3030 similarity index 100%
3031 rename from 4.7.5/4425_grsec_remove_EI_PAX.patch
3032 rename to 4.7.6/4425_grsec_remove_EI_PAX.patch
3033
3034 diff --git a/4.7.5/4427_force_XATTR_PAX_tmpfs.patch b/4.7.6/4427_force_XATTR_PAX_tmpfs.patch
3035 similarity index 100%
3036 rename from 4.7.5/4427_force_XATTR_PAX_tmpfs.patch
3037 rename to 4.7.6/4427_force_XATTR_PAX_tmpfs.patch
3038
3039 diff --git a/4.7.5/4430_grsec-remove-localversion-grsec.patch b/4.7.6/4430_grsec-remove-localversion-grsec.patch
3040 similarity index 100%
3041 rename from 4.7.5/4430_grsec-remove-localversion-grsec.patch
3042 rename to 4.7.6/4430_grsec-remove-localversion-grsec.patch
3043
3044 diff --git a/4.7.5/4435_grsec-mute-warnings.patch b/4.7.6/4435_grsec-mute-warnings.patch
3045 similarity index 100%
3046 rename from 4.7.5/4435_grsec-mute-warnings.patch
3047 rename to 4.7.6/4435_grsec-mute-warnings.patch
3048
3049 diff --git a/4.7.5/4440_grsec-remove-protected-paths.patch b/4.7.6/4440_grsec-remove-protected-paths.patch
3050 similarity index 100%
3051 rename from 4.7.5/4440_grsec-remove-protected-paths.patch
3052 rename to 4.7.6/4440_grsec-remove-protected-paths.patch
3053
3054 diff --git a/4.7.5/4450_grsec-kconfig-default-gids.patch b/4.7.6/4450_grsec-kconfig-default-gids.patch
3055 similarity index 100%
3056 rename from 4.7.5/4450_grsec-kconfig-default-gids.patch
3057 rename to 4.7.6/4450_grsec-kconfig-default-gids.patch
3058
3059 diff --git a/4.7.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.7.6/4465_selinux-avc_audit-log-curr_ip.patch
3060 similarity index 100%
3061 rename from 4.7.5/4465_selinux-avc_audit-log-curr_ip.patch
3062 rename to 4.7.6/4465_selinux-avc_audit-log-curr_ip.patch
3063
3064 diff --git a/4.7.5/4470_disable-compat_vdso.patch b/4.7.6/4470_disable-compat_vdso.patch
3065 similarity index 100%
3066 rename from 4.7.5/4470_disable-compat_vdso.patch
3067 rename to 4.7.6/4470_disable-compat_vdso.patch
3068
3069 diff --git a/4.7.5/4475_emutramp_default_on.patch b/4.7.6/4475_emutramp_default_on.patch
3070 similarity index 100%
3071 rename from 4.7.5/4475_emutramp_default_on.patch
3072 rename to 4.7.6/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups